CodeMirror/budibase
1
0
Fork 0
mirror of synced 2024-10-01 17:47:46 +13:00
Code Issues Projects Releases Wiki Activity

make logged in users basic by default, prevent allowing users to be assigned as default in the UI

Browse source
This commit is contained in:
Martin McKeaveney 2021-07-06 18:43:04 +01:00
parent 197d895174
commit 13517d5298
5 changed files with 7 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
packages/auth/src/security/roles.js
View file

@ -147,7 +147,7 @@ exports.getRole = async (appId, roleId) => {
*/ */
async function getAllUserRoles(appId, userRoleId) { async function getAllUserRoles(appId, userRoleId) {
if (!userRoleId) { if (!userRoleId) {
return [BUILTIN_IDS.PUBLIC] return [BUILTIN_IDS.BASIC]
} }
let currentRole = await exports.getRole(appId, userRoleId) let currentRole = await exports.getRole(appId, userRoleId)
let roles = currentRole ? [currentRole] : [] let roles = currentRole ? [currentRole] : []
@ -226,7 +226,7 @@ exports.getAllRoles = async appId => {
dbRole => exports.getExternalRoleID(dbRole._id) === builtinRoleId dbRole => exports.getExternalRoleID(dbRole._id) === builtinRoleId
)[0] )[0]
if (dbBuiltin == null) { if (dbBuiltin == null) {
roles.push(builtinRole || builtinRoles.PUBLIC) roles.push(builtinRole || builtinRoles.BASIC)
} else { } else {
// remove role and all back after combining with the builtin // remove role and all back after combining with the builtin
roles = roles.filter(role => role._id !== dbBuiltin._id) roles = roles.filter(role => role._id !== dbBuiltin._id)

2
packages/builder/src/pages/builder/portal/manage/users/[userId].svelte
View file

@ -33,7 +33,7 @@
role: {}, role: {},
} }
$: defaultRoleId = $userFetch?.data?.builder?.global ? "ADMIN" : "PUBLIC" $: defaultRoleId = $userFetch?.data?.builder?.global ? "ADMIN" : "BASIC"
// Merge the Apps list and the roles response to get something that makes sense for the table // Merge the Apps list and the roles response to get something that makes sense for the table
$: appList = Object.keys($apps?.data).map(id => { $: appList = Object.keys($apps?.data).map(id => {
const role = $userFetch?.data?.roles?.[id] || defaultRoleId const role = $userFetch?.data?.roles?.[id] || defaultRoleId

2
packages/builder/src/pages/builder/portal/manage/users/_components/UpdateRolesModal.svelte
View file

@ -9,7 +9,7 @@
const dispatch = createEventDispatcher() const dispatch = createEventDispatcher()
const roles = app.roles const roles = app.roles
let options = roles.map(role => role._id) let options = roles.map(role => role._id).filter(id => id !== "PUBLIC")
let selectedRole = user?.roles?.[app?._id] let selectedRole = user?.roles?.[app?._id]
async function updateUserRoles() { async function updateUserRoles() {

4
packages/server/src/middleware/currentapp.js
View file

@ -45,10 +45,10 @@ module.exports = async (ctx, next) => {
updateCookie = true updateCookie = true
appId = requestAppId appId = requestAppId
// retrieving global user gets the right role // retrieving global user gets the right role
roleId = globalUser.roleId || BUILTIN_ROLE_IDS.PUBLIC roleId = globalUser.roleId || BUILTIN_ROLE_IDS.BASIC
} else if (appCookie != null) { } else if (appCookie != null) {
appId = appCookie.appId appId = appCookie.appId
roleId = appCookie.roleId || BUILTIN_ROLE_IDS.PUBLIC roleId = appCookie.roleId || BUILTIN_ROLE_IDS.BASIC
} }
// nothing more to do // nothing more to do
if (!appId) { if (!appId) {

2
packages/server/src/utilities/global.js
View file

@ -19,7 +19,7 @@ exports.updateAppRole = (appId, user) => {
if (!user.roleId && user.builder && user.builder.global) { if (!user.roleId && user.builder && user.builder.global) {
user.roleId = BUILTIN_ROLE_IDS.ADMIN user.roleId = BUILTIN_ROLE_IDS.ADMIN
} else if (!user.roleId) { } else if (!user.roleId) {
user.roleId = BUILTIN_ROLE_IDS.PUBLIC user.roleId = BUILTIN_ROLE_IDS.BASIC
} }
delete user.roles delete user.roles
return user return user