Merge branch 'master' of github.com:Budibase/budibase into feature/sql-query-aliasing

2024-07-08 15:56:23 +12:00 · 2023-11-28 18:15:25 +00:00 · 2023-11-28 18:15:25 +00:00 · 20dae6ed82
parent cb7c1898f2 2669e36984
commit 20dae6ed82
45 changed files with 465 additions and 293 deletions
--- a/hosting/couchdb/Dockerfile
+++ b/hosting/couchdb/Dockerfile
@ -29,7 +29,6 @@ WORKDIR /opt/couchdb
 ADD couch/vm.args couch/local.ini ./etc/
 WORKDIR /
 ADD build-target-paths.sh .
 ADD runner.sh ./bbcouch-runner.sh
-RUN chmod +x ./bbcouch-runner.sh /opt/clouseau/bin/clouseau ./build-target-paths.sh
+RUN chmod +x ./bbcouch-runner.sh /opt/clouseau/bin/clouseau
 CMD ["./bbcouch-runner.sh"]
--- a/hosting/couchdb/build-target-paths.sh
+++ b/hosting/couchdb/build-target-paths.sh
@ -1,24 +0,0 @@
 #!/bin/bash
 echo ${TARGETBUILD} > /buildtarget.txt
 if [[ "${TARGETBUILD}" = "aas" ]]; then
    # Azure AppService uses /home for persistent data & SSH on port 2222
    DATA_DIR="${DATA_DIR:-/home}"
    WEBSITES_ENABLE_APP_SERVICE_STORAGE=true
    mkdir -p $DATA_DIR/{search,minio,couch}
    mkdir -p $DATA_DIR/couch/{dbs,views}
    chown -R couchdb:couchdb $DATA_DIR/couch/
    apt update
    apt-get install -y openssh-server
    echo "root:Docker!" | chpasswd
    mkdir -p /tmp
    chmod +x /tmp/ssh_setup.sh \
        && (sleep 1;/tmp/ssh_setup.sh 2>&1 > /dev/null)
    cp /etc/sshd_config /etc/ssh/sshd_config
    /etc/init.d/ssh restart
    sed -i "s#DATA_DIR#/home#g" /opt/clouseau/clouseau.ini
    sed -i "s#DATA_DIR#/home#g" /opt/couchdb/etc/local.ini
 else
    sed -i "s#DATA_DIR#/data#g" /opt/clouseau/clouseau.ini
    sed -i "s#DATA_DIR#/data#g" /opt/couchdb/etc/local.ini
 fi
--- a/hosting/couchdb/runner.sh
+++ b/hosting/couchdb/runner.sh
@ -1,14 +1,73 @@
 #!/bin/bash
 DATA_DIR=${DATA_DIR:-/data}
 mkdir -p ${DATA_DIR}
 mkdir -p ${DATA_DIR}/couch/{dbs,views}
 mkdir -p ${DATA_DIR}/search
 chown -R couchdb:couchdb ${DATA_DIR}/couch
-/build-target-paths.sh
+
 echo ${TARGETBUILD} > /buildtarget.txt
 if [[ "${TARGETBUILD}" = "aas" ]]; then
    # Azure AppService uses /home for persistent data & SSH on port 2222
    DATA_DIR="${DATA_DIR:-/home}"
    WEBSITES_ENABLE_APP_SERVICE_STORAGE=true
    mkdir -p $DATA_DIR/{search,minio,couch}
    mkdir -p $DATA_DIR/couch/{dbs,views}
    chown -R couchdb:couchdb $DATA_DIR/couch/
    apt update
    apt-get install -y openssh-server
    echo "root:Docker!" | chpasswd
    mkdir -p /tmp
    chmod +x /tmp/ssh_setup.sh \
        && (sleep 1;/tmp/ssh_setup.sh 2>&1 > /dev/null)
    cp /etc/sshd_config /etc/ssh/sshd_config
    /etc/init.d/ssh restart
    sed -i "s#DATA_DIR#/home#g" /opt/clouseau/clouseau.ini
    sed -i "s#DATA_DIR#/home#g" /opt/couchdb/etc/local.ini
 elif [[ "${TARGETBUILD}" = "single" ]]; then
    # In the single image build, the Dockerfile specifies /data as a volume
    # mount, so we use that for all persistent data.
    sed -i "s#DATA_DIR#/data#g" /opt/clouseau/clouseau.ini
    sed -i "s#DATA_DIR#/data#g" /opt/couchdb/etc/local.ini
 elif [[ -n $KUBERNETES_SERVICE_HOST ]]; then
    # In Kubernetes the directory /opt/couchdb/data has a persistent volume
    # mount for storing database data.
    sed -i "s#DATA_DIR#/opt/couchdb/data#g" /opt/clouseau/clouseau.ini
    # We remove the database_dir and view_index_dir settings from the local.ini
    # in Kubernetes because it will default to /opt/couchdb/data which is what
    # our Helm chart was using prior to us switching to using our own CouchDB
    # image.
    sed -i "s#^database_dir.*\$##g" /opt/couchdb/etc/local.ini
    sed -i "s#^view_index_dir.*\$##g" /opt/couchdb/etc/local.ini
    # We remove the -name setting from the vm.args file in Kubernetes because
    # it will default to the pod FQDN, which is what's required for clustering
    # to work.
    sed -i "s/^-name .*$//g" /opt/couchdb/etc/vm.args
 else
    # For all other builds, we use /data for persistent data.
    sed -i "s#DATA_DIR#/data#g" /opt/clouseau/clouseau.ini
    sed -i "s#DATA_DIR#/data#g" /opt/couchdb/etc/local.ini
 fi
 # Start Clouseau. Budibase won't function correctly without Clouseau running, it
 # powers the search API endpoints which are used to do all sorts, including
 # populating app grids.
 /opt/clouseau/bin/clouseau > /dev/stdout 2>&1 &
 # Start CouchDB.
 /docker-entrypoint.sh /opt/couchdb/bin/couchdb &
-sleep 10
+
 # Wati for CouchDB to start up.
 while [[ $(curl -s -w "%{http_code}\n" http://localhost:5984/_up -o /dev/null) -ne 200 ]]; do
    echo 'Waiting for CouchDB to start...';
    sleep 5;
 done
 # CouchDB needs the `_users` and `_replicator` databases to exist before it will
 # function correctly, so we create them here.
 curl -X PUT http://${COUCHDB_USER}:${COUCHDB_PASSWORD}@localhost:5984/_users
 curl -X PUT http://${COUCHDB_USER}:${COUCHDB_PASSWORD}@localhost:5984/_replicator
 sleep infinity
--- a/hosting/single/Dockerfile
+++ b/hosting/single/Dockerfile
@ -94,8 +94,6 @@ RUN chmod +x ./healthcheck.sh
 # For Azure App Service install SSH & point data locations to /home
 COPY hosting/single/ssh/sshd_config /etc/
 COPY hosting/single/ssh/ssh_setup.sh /tmp
 RUN /build-target-paths.sh
 #  setup letsencrypt certificate
 RUN apt-get install -y certbot python3-certbot-nginx
--- a/hosting/single/runner.sh
+++ b/hosting/single/runner.sh
@ -22,11 +22,11 @@ declare -a DOCKER_VARS=("APP_PORT" "APPS_URL" "ARCHITECTURE" "BUDIBASE_ENVIRONME
 # Azure App Service customisations
 if [[ "${TARGETBUILD}" = "aas" ]]; then
-    DATA_DIR="${DATA_DIR:-/home}"
+    export DATA_DIR="${DATA_DIR:-/home}"
    WEBSITES_ENABLE_APP_SERVICE_STORAGE=true
    /etc/init.d/ssh start
 else
-    DATA_DIR=${DATA_DIR:-/data}
+    export DATA_DIR=${DATA_DIR:-/data}
 fi
 mkdir -p ${DATA_DIR}
 # Mount NFS or GCP Filestore if env vars exist for it
--- a/lerna.json
+++ b/lerna.json
@ -1,5 +1,5 @@
 {
-  "version": "2.13.15",
+  "version": "2.13.19",
  "npmClient": "yarn",
  "packages": [
    "packages/*"
--- a/packages/backend-core/src/objectStore/objectStore.ts
+++ b/packages/backend-core/src/objectStore/objectStore.ts
@ -260,12 +260,12 @@ export async function listAllObjects(bucketName: string, path: string) {
 }
 /**
- * Generate a presigned url with a default TTL of 1 hour
+ * Generate a presigned url with a default TTL of 36 hours
 */
 export function getPresignedUrl(
  bucketName: string,
  key: string,
-  durationSeconds: number = 3600
+  durationSeconds: number = 129600
 ) {
  const objectStore = ObjectStore(bucketName, { presigning: true })
  const params = {
--- a/packages/backend-core/src/security/permissions.ts
+++ b/packages/backend-core/src/security/permissions.ts
@ -160,4 +160,5 @@ export function isPermissionLevelHigherThanRead(level: PermissionLevel) {
 // utility as a lot of things need simply the builder permission
 export const BUILDER = PermissionType.BUILDER
 export const CREATOR = PermissionType.CREATOR
 export const GLOBAL_BUILDER = PermissionType.GLOBAL_BUILDER
--- a/packages/backend-core/src/users/db.ts
+++ b/packages/backend-core/src/users/db.ts
@ -146,12 +146,12 @@ export class UserDB {
  static async allUsers() {
    const db = getGlobalDB()
-    const response = await db.allDocs(
+    const response = await db.allDocs<User>(
      dbUtils.getGlobalUserParams(null, {
        include_docs: true,
      })
    )
-    return response.rows.map((row: any) => row.doc)
+    return response.rows.map(row => row.doc!)
  }
  static async countUsersByApp(appId: string) {
@ -209,13 +209,6 @@ export class UserDB {
      throw new Error("_id or email is required")
    }
    if (
      user.builder?.apps?.length &&
      !(await UserDB.features.isAppBuildersEnabled())
    ) {
      throw new Error("Unable to update app builders, please check license")
    }
    let dbUser: User | undefined
    if (_id) {
      // try to get existing user from db
--- a/packages/backend-core/src/users/users.ts
+++ b/packages/backend-core/src/users/users.ts
@ -25,6 +25,7 @@ import {
 import { getGlobalDB } from "../context"
 import * as context from "../context"
 import { isCreator } from "./utils"
 import { UserDB } from "./db"
 type GetOpts = { cleanup?: boolean }
@ -336,3 +337,20 @@ export function cleanseUserObject(user: User | ContextUser, base?: User) {
  }
  return user
 }
 export async function addAppBuilder(user: User, appId: string) {
  const prodAppId = getProdAppID(appId)
  user.builder ??= {}
  user.builder.creator = true
  user.builder.apps ??= []
  user.builder.apps.push(prodAppId)
  await UserDB.save(user, { hashPassword: false })
 }
 export async function removeAppBuilder(user: User, appId: string) {
  const prodAppId = getProdAppID(appId)
  if (user.builder && user.builder.apps?.includes(prodAppId)) {
    user.builder.apps = user.builder.apps.filter(id => id !== prodAppId)
  }
  await UserDB.save(user, { hashPassword: false })
 }
--- a/packages/bbui/src/ButtonGroup/ButtonGroup.svelte
+++ b/packages/bbui/src/ButtonGroup/ButtonGroup.svelte
@ -2,7 +2,7 @@
  import "@spectrum-css/buttongroup/dist/index-vars.css"
  export let vertical = false
-  export let gap = ""
+  export let gap = "M"
  $: gapStyle =
    gap === "L"
--- a/packages/bbui/src/FancyForm/FancySelect.svelte
+++ b/packages/bbui/src/FancyForm/FancySelect.svelte
@ -12,11 +12,13 @@
  export let error = null
  export let validate = null
  export let options = []
  export let footer = null
  export let isOptionEnabled = () => true
  export let getOptionLabel = option => extractProperty(option, "label")
  export let getOptionValue = option => extractProperty(option, "value")
  export let getOptionSubtitle = option => extractProperty(option, "subtitle")
  export let getOptionColour = () => null
  const dispatch = createEventDispatcher()
  let open = false
@ -100,6 +102,7 @@
    {error}
    {disabled}
    {options}
    {footer}
    {getOptionLabel}
    {getOptionValue}
    {getOptionSubtitle}
--- a/packages/bbui/src/Form/Core/InputDropdown.svelte
+++ b/packages/bbui/src/Form/Core/InputDropdown.svelte
@ -17,7 +17,7 @@
  export let options = []
  export let getOptionLabel = option => extractProperty(option, "label")
  export let getOptionValue = option => extractProperty(option, "value")
-
+  export let getOptionSubtitle = option => option?.subtitle
  export let isOptionSelected = () => false
  const dispatch = createEventDispatcher()
@ -135,7 +135,7 @@
      class="spectrum-Textfield-input spectrum-InputGroup-input"
    />
  </div>
-  <div style="width: 30%">
+  <div style="width: 40%">
    <button
      {id}
      class="spectrum-Picker spectrum-Picker--sizeM override-borders"
@ -157,38 +157,43 @@
        <use xlink:href="#spectrum-css-icon-Chevron100" />
      </svg>
    </button>
    {#if open}
      <div
        use:clickOutside={handleOutsideClick}
        transition:fly|local={{ y: -20, duration: 200 }}
        class="spectrum-Popover spectrum-Popover--bottom spectrum-Picker-popover is-open"
      >
        <ul class="spectrum-Menu" role="listbox">
          {#each options as option, idx}
            <li
              class="spectrum-Menu-item"
              class:is-selected={isOptionSelected(getOptionValue(option, idx))}
              role="option"
              aria-selected="true"
              tabindex="0"
              on:click={() => onPick(getOptionValue(option, idx))}
            >
              <span class="spectrum-Menu-itemLabel">
                {getOptionLabel(option, idx)}
              </span>
              <svg
                class="spectrum-Icon spectrum-UIIcon-Checkmark100 spectrum-Menu-checkmark spectrum-Menu-itemIcon"
                focusable="false"
                aria-hidden="true"
              >
                <use xlink:href="#spectrum-css-icon-Checkmark100" />
              </svg>
            </li>
          {/each}
        </ul>
      </div>
    {/if}
  </div>
  {#if open}
    <div
      use:clickOutside={handleOutsideClick}
      transition:fly|local={{ y: -20, duration: 200 }}
      class="spectrum-Popover spectrum-Popover--bottom spectrum-Picker-popover is-open"
    >
      <ul class="spectrum-Menu" role="listbox">
        {#each options as option, idx}
          <li
            class="spectrum-Menu-item"
            class:is-selected={isOptionSelected(getOptionValue(option, idx))}
            role="option"
            aria-selected="true"
            tabindex="0"
            on:click={() => onPick(getOptionValue(option, idx))}
          >
            <span class="spectrum-Menu-itemLabel">
              {getOptionLabel(option, idx)}
              {#if getOptionSubtitle(option, idx)}
                <span class="subtitle-text">
                  {getOptionSubtitle(option, idx)}
                </span>
              {/if}
            </span>
            <svg
              class="spectrum-Icon spectrum-UIIcon-Checkmark100 spectrum-Menu-checkmark spectrum-Menu-itemIcon"
              focusable="false"
              aria-hidden="true"
            >
              <use xlink:href="#spectrum-css-icon-Checkmark100" />
            </svg>
          </li>
        {/each}
      </ul>
    </div>
  {/if}
 </div>
 <style>
@ -196,7 +201,6 @@
    min-width: 0;
    width: 100%;
  }
  .spectrum-InputGroup-input {
    border-right-width: 1px;
  }
@ -206,7 +210,6 @@
  .spectrum-Textfield-input {
    width: 0;
  }
  .override-borders {
    border-top-left-radius: 0px;
    border-bottom-left-radius: 0px;
@ -215,5 +218,18 @@
    max-height: 240px;
    z-index: 999;
    top: 100%;
    width: 100%;
  }
  .subtitle-text {
    font-size: 12px;
    line-height: 15px;
    font-weight: 500;
    color: var(--spectrum-global-color-gray-600);
    display: block;
    margin-top: var(--spacing-s);
  }
  .spectrum-Menu-checkmark {
    align-self: center;
    margin-top: 0;
  }
 </style>
--- a/packages/bbui/src/Form/Core/Picker.svelte
+++ b/packages/bbui/src/Form/Core/Picker.svelte
@ -224,13 +224,12 @@
              </span>
            {/if}
            <span class="spectrum-Menu-itemLabel">
              {#if getOptionSubtitle(option, idx)}
                <span class="subtitle-text"
                  >{getOptionSubtitle(option, idx)}</span
                >
              {/if}
              {getOptionLabel(option, idx)}
              {#if getOptionSubtitle(option, idx)}
                <span class="subtitle-text">
                  {getOptionSubtitle(option, idx)}
                </span>
              {/if}
            </span>
            {#if option.tag}
              <span class="option-tag">
@ -275,10 +274,9 @@
    font-size: 12px;
    line-height: 15px;
    font-weight: 500;
    top: 10px;
    color: var(--spectrum-global-color-gray-600);
    display: block;
-    margin-bottom: var(--spacing-s);
+    margin-top: var(--spacing-s);
  }
  .spectrum-Picker-label.auto-width {
--- a/packages/bbui/src/Form/Core/Select.svelte
+++ b/packages/bbui/src/Form/Core/Select.svelte
@ -10,8 +10,9 @@
  export let getOptionLabel = option => option
  export let getOptionValue = option => option
  export let getOptionIcon = () => null
  export let useOptionIconImage = false
  export let getOptionColour = () => null
  export let getOptionSubtitle = () => null
  export let useOptionIconImage = false
  export let isOptionEnabled
  export let readonly = false
  export let quiet = false
@ -82,8 +83,9 @@
  {getOptionLabel}
  {getOptionValue}
  {getOptionIcon}
  {useOptionIconImage}
  {getOptionColour}
  {getOptionSubtitle}
  {useOptionIconImage}
  {isOptionEnabled}
  {autocomplete}
  {sort}
--- a/packages/bbui/src/Form/InputDropdown.svelte
+++ b/packages/bbui/src/Form/InputDropdown.svelte
@ -43,6 +43,7 @@
    {quiet}
    {autofocus}
    {options}
    isOptionSelected={option => option === dropdownValue}
    on:change={onChange}
    on:pick={onPick}
    on:click
--- a/packages/bbui/src/Form/Select.svelte
+++ b/packages/bbui/src/Form/Select.svelte
@ -13,9 +13,10 @@
  export let options = []
  export let getOptionLabel = option => extractProperty(option, "label")
  export let getOptionValue = option => extractProperty(option, "value")
  export let getOptionSubtitle = option => option?.subtitle
  export let getOptionIcon = option => option?.icon
  export let useOptionIconImage = false
  export let getOptionColour = option => option?.colour
  export let useOptionIconImage = false
  export let isOptionEnabled
  export let quiet = false
  export let autoWidth = false
@ -58,6 +59,7 @@
    {getOptionValue}
    {getOptionIcon}
    {getOptionColour}
    {getOptionSubtitle}
    {useOptionIconImage}
    {isOptionEnabled}
    {autocomplete}
--- a/packages/builder/src/components/automation/SetupPanel/RowSelectorTypes.svelte
+++ b/packages/builder/src/components/automation/SetupPanel/RowSelectorTypes.svelte
@ -64,7 +64,7 @@
  </span>
 {:else if schema.type === "link"}
  <LinkedRowSelector
-    bind:linkedRows={value[field]}
+    linkedRows={value[field]}
    {schema}
    on:change={e => onChange(e, field)}
    useLabel={false}
--- a/packages/builder/src/components/backend/DataTable/RowFieldControl.svelte
+++ b/packages/builder/src/components/backend/DataTable/RowFieldControl.svelte
@ -70,7 +70,12 @@
    options={meta.constraints.inclusion}
  />
 {:else if type === "link"}
-  <LinkedRowSelector {error} bind:linkedRows={value} schema={meta} />
+  <LinkedRowSelector
    {error}
    linkedRows={value}
    schema={meta}
    on:change={e => (value = e.detail)}
  />
 {:else if type === "longform"}
  {#if meta.useRichText}
    <RichTextField {error} {label} height="150px" bind:value />
--- a/packages/builder/src/components/common/LinkedRowSelector.svelte
+++ b/packages/builder/src/components/common/LinkedRowSelector.svelte
@ -56,12 +56,12 @@
  />
 {:else}
  <Multiselect
-    bind:value={linkedIds}
+    value={linkedIds}
    {label}
    options={rows}
    getOptionLabel={getPrettyName}
    getOptionValue={row => row._id}
    sort
-    on:change={() => dispatch("change", linkedIds)}
+    on:change
  />
 {/if}
--- a/packages/builder/src/components/common/RoleSelect.svelte
+++ b/packages/builder/src/components/common/RoleSelect.svelte
@ -20,73 +20,91 @@
  export let allowedRoles = null
  export let allowCreator = false
  export let fancySelect = false
  export let labelPrefix = null
  const dispatch = createEventDispatcher()
  const RemoveID = "remove"
  $: enrichLabel = label => (labelPrefix ? `${labelPrefix} ${label}` : label)
  $: options = getOptions(
    $roles,
    allowPublic,
    allowRemove,
    allowedRoles,
-    allowCreator
+    allowCreator,
    enrichLabel
  )
  const getOptions = (
    roles,
    allowPublic,
    allowRemove,
    allowedRoles,
-    allowCreator
+    allowCreator,
    enrichLabel
  ) => {
    // Use roles whitelist if specified
    if (allowedRoles?.length) {
-      const filteredRoles = roles.filter(role =>
+      let options = roles
-        allowedRoles.includes(role._id)
+        .filter(role => allowedRoles.includes(role._id))
-      )
+        .map(role => ({
-      return [
+          name: enrichLabel(role.name),
-        ...filteredRoles,
+          _id: role._id,
-        ...(allowedRoles.includes(Constants.Roles.CREATOR)
+        }))
-          ? [{ _id: Constants.Roles.CREATOR, name: "Creator", enabled: false }]
+      if (allowedRoles.includes(Constants.Roles.CREATOR)) {
-          : []),
+        options.push({
      ]
    }
    let newRoles = [...roles]
    if (allowCreator) {
      newRoles = [
        {
          _id: Constants.Roles.CREATOR,
-          name: "Creator",
+          name: "Can edit",
-          tag:
+          enabled: false,
-            !$licensing.perAppBuildersEnabled &&
+        })
-            capitalise(Constants.PlanType.BUSINESS),
+      }
-        },
+      return options
        ...newRoles,
      ]
    }
    // Allow all core roles
    let options = roles.map(role => ({
      name: enrichLabel(role.name),
      _id: role._id,
    }))
    // Add creator if required
    if (allowCreator) {
      options.unshift({
        _id: Constants.Roles.CREATOR,
        name: "Can edit",
        tag:
          !$licensing.perAppBuildersEnabled &&
          capitalise(Constants.PlanType.BUSINESS),
      })
    }
    // Add remove option if required
    if (allowRemove) {
-      newRoles = [
+      options.push({
-        ...newRoles,
+        _id: RemoveID,
-        {
+        name: "Remove",
-          _id: RemoveID,
+      })
          name: "Remove",
        },
      ]
    }
-    if (allowPublic) {
+
-      return newRoles
+    // Remove public if not allowed
    if (!allowPublic) {
      options = options.filter(role => role._id !== Constants.Roles.PUBLIC)
    }
-    return newRoles.filter(role => role._id !== Constants.Roles.PUBLIC)
+
    return options
  }
  const getColor = role => {
-    if (allowRemove && role._id === RemoveID) {
+    // Creator and remove options have no colors
    if (role._id === Constants.Roles.CREATOR || role._id === RemoveID) {
      return null
    }
    return RoleUtils.getRoleColour(role._id)
  }
  const getIcon = role => {
-    if (allowRemove && role._id === RemoveID) {
+    // Only remove option has an icon
    if (role._id === RemoveID) {
      return "Close"
    }
    return null
--- a/packages/builder/src/pages/builder/app/[application]/_components/BuilderSidePanel.svelte
+++ b/packages/builder/src/pages/builder/app/[application]/_components/BuilderSidePanel.svelte
@ -364,7 +364,10 @@
    const payload = [
      {
        email: newUserEmail,
-        builder: { global: creationRoleType === Constants.BudibaseRoles.Admin },
+        builder: {
          global: creationRoleType === Constants.BudibaseRoles.Admin,
          creator: creationRoleType === Constants.BudibaseRoles.Creator,
        },
        admin: { global: creationRoleType === Constants.BudibaseRoles.Admin },
      },
    ]
@ -471,10 +474,6 @@
    await users.removeAppBuilder(userId, prodAppId)
  }
  const addGroupAppBuilder = async groupId => {
    await groups.actions.addGroupAppBuilder(groupId, prodAppId)
  }
  const removeGroupAppBuilder = async groupId => {
    await groups.actions.removeGroupAppBuilder(groupId, prodAppId)
  }
@ -495,14 +494,12 @@
  }
  const getInviteRoleValue = invite => {
-    if (invite.info?.admin?.global && invite.info?.builder?.global) {
+    if (
-      return Constants.Roles.ADMIN
+      (invite.info?.admin?.global && invite.info?.builder?.global) ||
-    }
+      invite.info?.builder?.apps?.includes(prodAppId)
-
+    ) {
    if (invite.info?.builder?.apps?.includes(prodAppId)) {
      return Constants.Roles.CREATOR
    }
    return invite.info.apps?.[prodAppId]
  }
@ -512,7 +509,7 @@
      return `This user has been given ${role?.name} access from the ${user.group} group`
    }
    if (user.isAdminOrGlobalBuilder) {
-      return "This user's role grants admin access to all apps"
+      return "Account admins can edit all apps"
    }
    return null
  }
@ -523,6 +520,18 @@
    }
    return user.role
  }
  const checkAppAccess = e => {
    // Ensure we don't get into an invalid combo of tenant role and app access
    if (
      e.detail === Constants.BudibaseRoles.AppUser &&
      creationAccessType === Constants.Roles.CREATOR
    ) {
      creationAccessType = Constants.Roles.BASIC
    } else if (e.detail === Constants.BudibaseRoles.Admin) {
      creationAccessType = Constants.Roles.CREATOR
    }
  }
 </script>
 <svelte:window on:keydown={handleKeyDown} />
@ -650,8 +659,9 @@
                      autoWidth
                      align="right"
                      allowedRoles={user.isAdminOrGlobalBuilder
-                        ? [Constants.Roles.ADMIN]
+                        ? [Constants.Roles.CREATOR]
                        : null}
                      labelPrefix="Can use as"
                    />
                  </div>
                </div>
@ -695,19 +705,16 @@
                      allowRemove={group.role}
                      allowPublic={false}
                      quiet={true}
-                      allowCreator={true}
+                      allowCreator={group.role === Constants.Roles.CREATOR}
                      on:change={e => {
-                        if (e.detail === Constants.Roles.CREATOR) {
+                        onUpdateGroup(group, e.detail)
                          addGroupAppBuilder(group._id)
                        } else {
                          onUpdateGroup(group, e.detail)
                        }
                      }}
                      on:remove={() => {
                        onUpdateGroup(group)
                      }}
                      autoWidth
                      align="right"
                      labelPrefix="Can use as"
                    />
                  </div>
                </div>
@ -753,6 +760,7 @@
                      allowedRoles={user.isAdminOrGlobalBuilder
                        ? [Constants.Roles.CREATOR]
                        : null}
                      labelPrefix="Can use as"
                    />
                  </div>
                </div>
@ -804,33 +812,34 @@
            <FancySelect
              bind:value={creationRoleType}
              options={sdk.users.isAdmin($auth.user)
-                ? Constants.BudibaseRoleOptionsNew
+                ? Constants.BudibaseRoleOptions
-                : Constants.BudibaseRoleOptionsNew.filter(
+                : Constants.BudibaseRoleOptions.filter(
                    option => option.value !== Constants.BudibaseRoles.Admin
                  )}
-              label="Access"
+              label="Role"
              on:change={checkAppAccess}
            />
-            {#if creationRoleType !== Constants.BudibaseRoles.Admin}
+            <span class="role-wrap">
-              <span class="role-wrap">
+              <RoleSelect
-                <RoleSelect
+                placeholder={false}
-                  placeholder={false}
+                bind:value={creationAccessType}
-                  bind:value={creationAccessType}
+                allowPublic={false}
-                  allowPublic={false}
+                allowCreator={creationRoleType !==
-                  allowCreator={true}
+                  Constants.BudibaseRoles.AppUser}
-                  quiet={true}
+                quiet={true}
-                  autoWidth
+                autoWidth
-                  align="right"
+                align="right"
-                  fancySelect
+                fancySelect
-                />
+                allowedRoles={creationRoleType === Constants.BudibaseRoles.Admin
-              </span>
+                  ? [Constants.Roles.CREATOR]
-            {/if}
+                  : null}
                footer={getRoleFooter({
                  isAdminOrGlobalBuilder:
                    creationRoleType === Constants.BudibaseRoles.Admin,
                })}
              />
            </span>
          </FancyForm>
          {#if creationRoleType === Constants.BudibaseRoles.Admin}
            <div class="admin-info">
              <Icon name="Info" />
              Admins will get full access to all apps and settings
            </div>
          {/if}
          <span class="add-user">
            <Button
              newStyles
@ -871,16 +880,6 @@
    display: grid;
  }
  .admin-info {
    margin-top: var(--spacing-xl);
    padding: var(--spacing-l) var(--spacing-l) var(--spacing-l) var(--spacing-l);
    display: flex;
    align-items: center;
    gap: var(--spacing-xl);
    height: 30px;
    background-color: var(--background-alt);
  }
  .underlined {
    text-decoration: underline;
    cursor: pointer;
@ -898,7 +897,6 @@
    display: flex;
    flex-direction: column;
    gap: var(--spacing-s);
    width: 400px;
  }
  .auth-entity-meta {
@ -927,7 +925,7 @@
  .auth-entity,
  .auth-entity-header {
    display: grid;
-    grid-template-columns: 1fr 110px;
+    grid-template-columns: 1fr 180px;
    align-items: center;
    gap: var(--spacing-xl);
  }
@ -958,7 +956,7 @@
    overflow-y: auto;
    overflow-x: hidden;
    position: absolute;
-    width: 400px;
+    width: 440px;
    right: 0;
    height: 100%;
    box-shadow: 0 0 40px 10px rgba(0, 0, 0, 0.1);
--- a/packages/builder/src/pages/builder/app/[application]/settings/_layout.svelte
+++ b/packages/builder/src/pages/builder/app/[application]/settings/_layout.svelte
@ -4,8 +4,6 @@
  import { url, isActive } from "@roxi/routify"
  import DeleteModal from "components/deploy/DeleteModal.svelte"
  import { isOnlyUser } from "builderStore"
  import { auth } from "stores/portal"
  import { sdk } from "@budibase/shared-core"
  let deleteModal
 </script>
@ -46,24 +44,22 @@
            url={$url("./version")}
            active={$isActive("./version")}
          />
-          {#if sdk.users.isGlobalBuilder($auth.user)}
+          <div class="delete-action">
-            <div class="delete-action">
+            <AbsTooltip
-              <AbsTooltip
+              position={TooltipPosition.Bottom}
-                position={TooltipPosition.Bottom}
+              text={$isOnlyUser
-                text={$isOnlyUser
+                ? null
-                  ? null
+                : "Unavailable - another user is editing this app"}
-                  : "Unavailable - another user is editing this app"}
+            >
-              >
+              <SideNavItem
-                <SideNavItem
+                text="Delete app"
-                  text="Delete app"
+                disabled={!$isOnlyUser}
-                  disabled={!$isOnlyUser}
+                on:click={() => {
-                  on:click={() => {
+                  deleteModal.show()
-                    deleteModal.show()
+                }}
-                  }}
+              />
-                />
+            </AbsTooltip>
-              </AbsTooltip>
+          </div>
            </div>
          {/if}
        </SideNav>
        <slot />
      </Content>
--- a/packages/builder/src/pages/builder/portal/_layout.svelte
+++ b/packages/builder/src/pages/builder/portal/_layout.svelte
@ -16,7 +16,7 @@
  let activeTab = "Apps"
  $: $url(), updateActiveTab($menu)
-  $: isOnboarding = !$apps.length && sdk.users.isGlobalBuilder($auth.user)
+  $: isOnboarding = !$apps.length && sdk.users.hasBuilderPermissions($auth.user)
  const updateActiveTab = menu => {
    for (let entry of menu) {
--- a/packages/builder/src/pages/builder/portal/apps/_layout.svelte
+++ b/packages/builder/src/pages/builder/portal/apps/_layout.svelte
@ -14,7 +14,7 @@
  import PortalSideBar from "./_components/PortalSideBar.svelte"
  // Don't block loading if we've already hydrated state
-  let loaded = $apps.length != null
+  let loaded = !!$apps?.length
  onMount(async () => {
    try {
@ -34,7 +34,7 @@
      }
      // Go to new app page if no apps exists
-      if (!$apps.length && sdk.users.isGlobalBuilder($auth.user)) {
+      if (!$apps.length && sdk.users.hasBuilderPermissions($auth.user)) {
        $redirect("./onboarding")
      }
    } catch (error) {
--- a/packages/builder/src/pages/builder/portal/apps/index.svelte
+++ b/packages/builder/src/pages/builder/portal/apps/index.svelte
@ -1,5 +1,6 @@
 <script>
  import {
    banner,
    Heading,
    Layout,
    Button,
@ -10,6 +11,7 @@
    Notification,
    Body,
    Search,
    BANNER_TYPES,
  } from "@budibase/bbui"
  import Spinner from "components/common/Spinner.svelte"
  import CreateAppModal from "components/start/CreateAppModal.svelte"
@ -198,6 +200,20 @@
      if (usersLimitLockAction) {
        usersLimitLockAction()
      }
      if (!$admin.isDev) {
        await banner.show({
          messages: [
            {
              message:
                "We've updated our pricing - see our website to learn more.",
              type: BANNER_TYPES.NEUTRAL,
              extraButtonText: "Learn More",
              extraButtonAction: () =>
                window.open("https://budibase.com/pricing"),
            },
          ],
        })
      }
    } catch (error) {
      notifications.error("Error getting init info")
    }
@ -237,7 +253,7 @@
    {#if enrichedApps.length}
      <Layout noPadding gap="L">
        <div class="title">
-          {#if $auth.user && sdk.users.isGlobalBuilder($auth.user)}
+          {#if $auth.user && sdk.users.canCreateApps($auth.user)}
            <div class="buttons">
              <Button
                size="M"
--- a/packages/builder/src/pages/builder/portal/apps/onboarding/index.svelte
+++ b/packages/builder/src/pages/builder/portal/apps/onboarding/index.svelte
@ -52,7 +52,7 @@
      goToApp()
    } catch (e) {
      loading = false
-      notifications.error("There was a problem creating your app")
+      notifications.error(e.message || "There was a problem creating your app")
    }
  }
 </script>
--- a/packages/builder/src/pages/builder/portal/users/users/[userId].svelte
+++ b/packages/builder/src/pages/builder/portal/users/users/[userId].svelte
@ -55,6 +55,7 @@
    },
    role: {
      width: "1fr",
      displayName: "Access",
    },
  }
  const customGroupTableRenderers = [
@ -98,7 +99,7 @@
      return y._id === userId
    })
  })
-  $: globalRole = sdk.users.isAdmin(user) ? "admin" : "appUser"
+  $: globalRole = users.getUserRole(user)
  const getAvailableApps = (appList, privileged, roles) => {
    let availableApps = appList.slice()
@ -177,12 +178,21 @@
  }
  async function updateUserRole({ detail }) {
-    if (detail === "developer") {
+    if (detail === Constants.BudibaseRoles.Developer) {
      toggleFlags({ admin: { global: false }, builder: { global: true } })
-    } else if (detail === "admin") {
+    } else if (detail === Constants.BudibaseRoles.Admin) {
      toggleFlags({ admin: { global: true }, builder: { global: true } })
-    } else if (detail === "appUser") {
+    } else if (detail === Constants.BudibaseRoles.AppUser) {
      toggleFlags({ admin: { global: false }, builder: { global: false } })
    } else if (detail === Constants.BudibaseRoles.Creator) {
      toggleFlags({
        admin: { global: false },
        builder: {
          global: false,
          creator: true,
          apps: user?.builder?.apps || [],
        },
      })
    }
  }
@ -295,6 +305,7 @@
          <div class="field">
            <Label size="L">Role</Label>
            <Select
              placeholder={null}
              disabled={!sdk.users.isAdmin($auth.user)}
              value={globalRole}
              options={Constants.BudibaseRoleOptions}
--- a/packages/builder/src/pages/builder/portal/users/users/_components/AddUserModal.svelte
+++ b/packages/builder/src/pages/builder/portal/users/users/_components/AddUserModal.svelte
@ -29,7 +29,6 @@
    },
  ]
  $: hasError = userData.find(x => x.error != null)
  $: userCount = $licensing.userCount + userData.length
  $: reached = licensing.usersLimitReached(userCount)
  $: exceeded = licensing.usersLimitExceeded(userCount)
@ -98,7 +97,7 @@
        align-items: center;
        flex-direction: row;"
      >
-        <div style="width: 90%">
+        <div style="flex: 1 1 auto;">
          <InputDropdown
            inputType="email"
            bind:inputValue={input.email}
--- a/packages/builder/src/pages/builder/portal/users/users/_components/AppRoleTableRenderer.svelte
+++ b/packages/builder/src/pages/builder/portal/users/users/_components/AppRoleTableRenderer.svelte
@ -14,6 +14,10 @@
  }
 </script>
-<StatusLight square color={RoleUtils.getRoleColour(value)}>
+{#if value === Constants.Roles.CREATOR}
-  {getRoleLabel(value)}
+  Can edit
-</StatusLight>
+{:else}
  <StatusLight square color={RoleUtils.getRoleColour(value)}>
    Can use as {getRoleLabel(value)}
  </StatusLight>
 {/if}
--- a/packages/builder/src/pages/builder/portal/users/users/_components/ImportUsersModal.svelte
+++ b/packages/builder/src/pages/builder/portal/users/users/_components/ImportUsersModal.svelte
@ -15,6 +15,7 @@
  const BYTES_IN_MB = 1000000
  const FILE_SIZE_LIMIT = BYTES_IN_MB * 5
  const MAX_USERS_UPLOAD_LIMIT = 1000
  export let createUsersFromCsv
  let files = []
@ -22,13 +23,16 @@
  let userEmails = []
  let userGroups = []
  let usersRole = null
  $: invalidEmails = []
  $: invalidEmails = []
  $: userCount = $licensing.userCount + userEmails.length
  $: exceed = licensing.usersLimitExceeded(userCount)
  $: importDisabled =
    !userEmails.length || !validEmails(userEmails) || !usersRole || exceed
  $: roleOptions = Constants.BudibaseRoleOptions.map(option => ({
    ...option,
    label: `${option.label} - ${option.subtitle}`,
  }))
  const validEmails = userEmails => {
    if ($admin.cloud && userEmails.length > MAX_USERS_UPLOAD_LIMIT) {
@ -100,10 +104,7 @@
      users. Upgrade your plan to add more users
    </div>
  {/if}
-  <RadioGroup
+  <RadioGroup bind:value={usersRole} options={roleOptions} />
    bind:value={usersRole}
    options={Constants.BuilderRoleDescriptions}
  />
  {#if $licensing.groupsEnabled}
    <Multiselect
--- a/packages/builder/src/pages/builder/portal/users/users/_components/RoleTableRenderer.svelte
+++ b/packages/builder/src/pages/builder/portal/users/users/_components/RoleTableRenderer.svelte
@ -4,17 +4,11 @@
  export let row
-  const TooltipMap = {
+  $: role = Constants.BudibaseRoleOptions.find(
    appUser: "Only has access to assigned apps",
    developer: "Access to the app builder",
    admin: "Full access",
  }
  $: role = Constants.BudibaseRoleOptionsOld.find(
    x => x.value === users.getUserRole(row)
  )
  $: value = role?.label || "Not available"
-  $: tooltip = TooltipMap[role?.value] || ""
+  $: tooltip = role.subtitle || ""
 </script>
 <div on:click|stopPropagation title={tooltip}>
--- a/packages/builder/src/pages/builder/portal/users/users/index.svelte
+++ b/packages/builder/src/pages/builder/portal/users/users/index.svelte
@ -172,6 +172,7 @@
    const payload = userData?.users?.map(user => ({
      email: user.email,
      builder: user.role === Constants.BudibaseRoles.Developer,
      creator: user.role === Constants.BudibaseRoles.Creator,
      admin: user.role === Constants.BudibaseRoles.Admin,
      groups: userData.groups,
    }))
@ -190,18 +191,18 @@
    for (const user of userData?.users ?? []) {
      const { email } = user
      if (
        newUsers.find(x => x.email === email) ||
        currentUserEmails.includes(email)
-      )
+      ) {
        continue
-
+      }
      newUsers.push(user)
    }
-    if (!newUsers.length)
+    if (!newUsers.length) {
      notifications.info("Duplicated! There is no new users to add.")
    }
    return { ...userData, users: newUsers }
  }
@ -266,7 +267,6 @@
    try {
      await groups.actions.init()
      groupsLoaded = true
      pendingInvites = await users.getInvites()
      invitesLoaded = true
    } catch (error) {
--- a/packages/builder/src/stores/portal/users.js
+++ b/packages/builder/src/stores/portal/users.js
@ -3,6 +3,7 @@ import { API } from "api"
 import { update } from "lodash"
 import { licensing } from "."
 import { sdk } from "@budibase/shared-core"
 import { Constants } from "@budibase/frontend-core"
 export function createUsersStore() {
  const { subscribe, set } = writable({})
@ -77,6 +78,9 @@ export function createUsersStore() {
        case "developer":
          body.builder = { global: true }
          break
        case "creator":
          body.builder = { creator: true, global: false }
          break
        case "admin":
          body.admin = { global: true }
          body.builder = { global: true }
@ -120,12 +124,18 @@ export function createUsersStore() {
    return await API.removeAppBuilder({ userId, appId })
  }
-  const getUserRole = user =>
+  const getUserRole = user => {
-    sdk.users.isAdmin(user)
+    if (sdk.users.isAdmin(user)) {
-      ? "admin"
+      return Constants.BudibaseRoles.Admin
-      : sdk.users.isBuilder(user)
+    } else if (sdk.users.isBuilder(user)) {
-      ? "developer"
+      return Constants.BudibaseRoles.Developer
-      : "appUser"
+    } else if (sdk.users.hasCreatorPermissions(user)) {
      return Constants.BudibaseRoles.Creator
    } else {
      return Constants.BudibaseRoles.AppUser
    }
  }
  const refreshUsage =
    fn =>
    async (...args) => {
--- a/packages/client/src/components/app/forms/RelationshipField.svelte
+++ b/packages/client/src/components/app/forms/RelationshipField.svelte
@ -1,6 +1,6 @@
 <script>
  import { CoreSelect, CoreMultiselect } from "@budibase/bbui"
-  import { fetchData } from "@budibase/frontend-core"
+  import { fetchData, Utils } from "@budibase/frontend-core"
  import { getContext } from "svelte"
  import Field from "./Field.svelte"
  import { FieldTypes } from "../../../constants"
@ -108,7 +108,7 @@
    }
  }
-  $: fetchRows(searchTerm, primaryDisplay, defaultValue)
+  $: debouncedFetchRows(searchTerm, primaryDisplay, defaultValue)
  const fetchRows = async (searchTerm, primaryDisplay, defaultVal) => {
    const allRowsFetched =
@ -124,10 +124,22 @@
        query: { equal: { _id: defaultVal } },
      })
    }
    // Ensure we match all filters, rather than any
    const baseFilter = (filter || []).filter(x => x.operator !== "allOr")
    await fetch.update({
-      query: { string: { [primaryDisplay]: searchTerm } },
+      filter: [
        ...baseFilter,
        {
          // Use a big numeric prefix to avoid clashing with an existing filter
          field: `999:${primaryDisplay}`,
          operator: "string",
          value: searchTerm,
        },
      ],
    })
  }
  const debouncedFetchRows = Utils.debounce(fetchRows, 250)
  const flatten = values => {
    if (!values) {
--- a/packages/frontend-core/src/api/user.js
+++ b/packages/frontend-core/src/api/user.js
@ -214,15 +214,23 @@ export const buildUserEndpoints = API => ({
  inviteUsers: async users => {
    return await API.post({
      url: "/api/global/users/multi/invite",
-      body: users.map(user => ({
+      body: users.map(user => {
-        email: user.email,
+        let builder = undefined
-        userInfo: {
+        if (user.admin || user.builder) {
-          admin: user.admin ? { global: true } : undefined,
+          builder = { global: true }
-          builder: user.admin || user.builder ? { global: true } : undefined,
+        } else if (user.creator) {
-          userGroups: user.groups,
+          builder = { creator: true }
-          roles: user.apps ? user.apps : undefined,
+        }
-        },
+        return {
-      })),
+          email: user.email,
          userInfo: {
            admin: user.admin ? { global: true } : undefined,
            builder,
            userGroups: user.groups,
            roles: user.apps ? user.apps : undefined,
          },
        }
      }),
    })
  },
--- a/packages/frontend-core/src/constants.js
+++ b/packages/frontend-core/src/constants.js
@ -20,42 +20,31 @@ export const TableNames = {
 export const BudibaseRoles = {
  AppUser: "appUser",
  Developer: "developer",
  Creator: "creator",
  Admin: "admin",
 }
 export const BudibaseRoleOptionsOld = [
-  { label: "Developer", value: BudibaseRoles.Developer },
+  {
-  { label: "Member", value: BudibaseRoles.AppUser },
+    label: "Developer",
-  { label: "Admin", value: BudibaseRoles.Admin },
+    value: BudibaseRoles.Developer,
  },
 ]
 export const BudibaseRoleOptions = [
  { label: "Member", value: BudibaseRoles.AppUser },
  { label: "Admin", value: BudibaseRoles.Admin },
 ]
 export const BudibaseRoleOptionsNew = [
  {
-    label: "Admin",
+    label: "Account admin",
-    value: "admin",
+    value: BudibaseRoles.Admin,
    subtitle: "Has full access to all apps and settings in your account",
  },
  {
-    label: "Member",
+    label: "Creator",
-    value: "appUser",
+    value: BudibaseRoles.Creator,
-    subtitle: "Can only view apps they have access to",
+    subtitle: "Can create and edit apps they have access to",
  },
 ]
 export const BuilderRoleDescriptions = [
  {
    label: "App user",
    value: BudibaseRoles.AppUser,
-    icon: "User",
+    subtitle: "Can only use published apps they have access to",
    label: "App user - Only has access to published apps",
  },
  {
    value: BudibaseRoles.Admin,
    icon: "Draw",
    label: "Admin - Full access",
  },
 ]
--- a/packages/pro
+++ b/packages/pro
@ -1 +1 @@
-Subproject commit 5e3d59fc4060fd44b14b2599269c207753d4e5be
+Subproject commit 1037b032d49244678204704d1bca779a29e395eb
--- a/packages/server/src/api/controllers/application.ts
+++ b/packages/server/src/api/controllers/application.ts
@ -51,6 +51,7 @@ import {
 import { BASE_LAYOUT_PROP_IDS } from "../../constants/layouts"
 import sdk from "../../sdk"
 import { builderSocket } from "../../websockets"
 import { sdk as sharedCoreSDK } from "@budibase/shared-core"
 // utility function, need to do away with this
 async function getLayouts() {
@ -394,6 +395,12 @@ async function appPostCreate(ctx: UserCtx, app: App) {
      }
    }
  }
  // If the user is a creator, we need to give them access to the new app
  if (sharedCoreSDK.users.hasCreatorPermissions(ctx.user)) {
    const user = await users.UserDB.getUser(ctx.user._id!)
    await users.addAppBuilder(user, app.appId)
  }
 }
 export async function create(ctx: UserCtx) {
--- a/packages/server/src/api/routes/application.ts
+++ b/packages/server/src/api/routes/application.ts
@ -16,7 +16,7 @@ router
  )
  .post(
    "/api/applications",
-    authorized(permissions.GLOBAL_BUILDER),
+    authorized(permissions.CREATOR),
    applicationValidator(),
    controller.create
  )
--- a/packages/server/src/middleware/authorized.ts
+++ b/packages/server/src/middleware/authorized.ts
@ -5,7 +5,7 @@ import {
  roles,
  users,
 } from "@budibase/backend-core"
-import { PermissionLevel, PermissionType, Role, UserCtx } from "@budibase/types"
+import { PermissionLevel, PermissionType, UserCtx } from "@budibase/types"
 import builderMiddleware from "./builder"
 import { isWebhookEndpoint } from "./utils"
 import { paramResource } from "./resourceId"
@ -31,13 +31,20 @@ const checkAuthorized = async (
 ) => {
  const appId = context.getAppId()
  const isGlobalBuilderApi = permType === PermissionType.GLOBAL_BUILDER
  const isCreatorApi = permType === PermissionType.CREATOR
  const isBuilderApi = permType === PermissionType.BUILDER
-  const globalBuilder = users.isGlobalBuilder(ctx.user)
+  const isGlobalBuilder = users.isGlobalBuilder(ctx.user)
-  let isBuilder = appId
+  const isCreator = users.isCreator(ctx.user)
  const isBuilder = appId
    ? users.isBuilder(ctx.user, appId)
    : users.hasBuilderPermissions(ctx.user)
-  // check if this is a builder api and the user is not a builder
+
-  if ((isGlobalBuilderApi && !globalBuilder) || (isBuilderApi && !isBuilder)) {
+  // check api permission type against user
  if (
    (isGlobalBuilderApi && !isGlobalBuilder) ||
    (isCreatorApi && !isCreator) ||
    (isBuilderApi && !isBuilder)
  ) {
    return ctx.throw(403, "Not Authorized")
  }
@ -148,6 +155,7 @@ const authorized =
    // to find API endpoints which are builder focused
    if (
      permType === PermissionType.BUILDER ||
      permType === PermissionType.CREATOR ||
      permType === PermissionType.GLOBAL_BUILDER
    ) {
      await builderMiddleware(ctx)
--- a/packages/shared-core/src/sdk/documents/users.ts
+++ b/packages/shared-core/src/sdk/documents/users.ts
@ -25,6 +25,10 @@ export function isGlobalBuilder(user: User | ContextUser): boolean {
  return (isBuilder(user) && !hasAppBuilderPermissions(user)) || isAdmin(user)
 }
 export function canCreateApps(user: User | ContextUser): boolean {
  return isGlobalBuilder(user) || hasCreatorPermissions(user)
 }
 // alias for hasAdminPermission, currently do the same thing
 // in future whether someone has admin permissions and whether they are
 // an admin for a specific resource could be separated
@ -66,7 +70,7 @@ export function hasAppCreatorPermissions(user?: User | ContextUser): boolean {
  return _.flow(
    _.get("roles"),
    _.values,
-    _.find(x => ["CREATOR", "ADMIN"].includes(x)),
+    _.find(x => x === "CREATOR"),
    x => !!x
  )(user)
 }
@ -76,7 +80,11 @@ export function hasBuilderPermissions(user?: User | ContextUser): boolean {
  if (!user) {
    return false
  }
-  return user.builder?.global || hasAppBuilderPermissions(user)
+  return (
    user.builder?.global ||
    hasAppBuilderPermissions(user) ||
    hasCreatorPermissions(user)
  )
 }
 // checks if a user is capable of being an admin
@ -87,13 +95,21 @@ export function hasAdminPermissions(user?: User | ContextUser): boolean {
  return !!user.admin?.global
 }
 export function hasCreatorPermissions(user?: User | ContextUser): boolean {
  if (!user) {
    return false
  }
  return !!user.builder?.creator
 }
 export function isCreator(user?: User | ContextUser): boolean {
  if (!user) {
    return false
  }
  return (
-    isGlobalBuilder(user) ||
+    isGlobalBuilder(user!) ||
    hasAdminPermissions(user) ||
    hasCreatorPermissions(user) ||
    hasAppBuilderPermissions(user) ||
    hasAppCreatorPermissions(user)
  )
--- a/packages/types/src/documents/global/user.ts
+++ b/packages/types/src/documents/global/user.ts
@ -44,6 +44,7 @@ export interface User extends Document {
  builder?: {
    global?: boolean
    apps?: string[]
    creator?: boolean
  }
  admin?: {
    global: boolean
--- a/packages/types/src/sdk/permissions.ts
+++ b/packages/types/src/sdk/permissions.ts
@ -13,6 +13,7 @@ export enum PermissionType {
  AUTOMATION = "automation",
  WEBHOOK = "webhook",
  BUILDER = "builder",
  CREATOR = "creator",
  GLOBAL_BUILDER = "globalBuilder",
  QUERY = "query",
  VIEW = "view",
--- a/packages/worker/src/api/controllers/global/roles.ts
+++ b/packages/worker/src/api/controllers/global/roles.ts
@ -51,10 +51,22 @@ export async function removeAppRole(ctx: Ctx) {
  const users = await sdk.users.db.allUsers()
  const bulk = []
  const cacheInvalidations = []
  const prodAppId = dbCore.getProdAppID(appId)
  for (let user of users) {
-    if (user.roles[appId]) {
+    let updated = false
-      cacheInvalidations.push(cache.user.invalidateUser(user._id))
+    if (user.roles[prodAppId]) {
-      delete user.roles[appId]
+      cacheInvalidations.push(cache.user.invalidateUser(user._id!))
      delete user.roles[prodAppId]
      updated = true
    }
    if (user.builder && Array.isArray(user.builder?.apps)) {
      const idx = user.builder.apps.indexOf(prodAppId)
      if (idx !== -1) {
        user.builder.apps.splice(idx, 1)
        updated = true
      }
    }
    if (updated) {
      bulk.push(user)
    }
  }
		`@ -1 +1 @@`
			`Subproject commit 5e3d59fc4060fd44b14b2599269c207753d4e5be`				`Subproject commit 1037b032d49244678204704d1bca779a29e395eb`