From 74e6fdddb0ea84147673ce6c167735fc5f7971bb Mon Sep 17 00:00:00 2001
From: mike12345567 <me@michaeldrury.co.uk>
Date: Thu, 13 May 2021 18:10:09 +0100
Subject: [PATCH] Fixing two issues which were blocking previews, one the user
 was no longer being updated as an admin (when first building/creating an app)
 and two, role was not being carried across from global user properly.

---
 packages/server/src/api/controllers/user.js  | 5 ++++-
 packages/server/src/middleware/currentapp.js | 5 ++---
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/packages/server/src/api/controllers/user.js b/packages/server/src/api/controllers/user.js
index 3b6373146e..ace77a1ea5 100644
--- a/packages/server/src/api/controllers/user.js
+++ b/packages/server/src/api/controllers/user.js
@@ -5,7 +5,7 @@ const {
   getGlobalIDFromUserMetadataID,
 } = require("../../db/utils")
 const { InternalTables } = require("../../db/utils")
-const { getRole } = require("../../utilities/security/roles")
+const { getRole, BUILTIN_ROLE_IDS } = require("../../utilities/security/roles")
 const {
   getGlobalUsers,
   saveGlobalUser,
@@ -73,6 +73,9 @@ exports.createMetadata = async function (ctx) {
 exports.updateSelfMetadata = async function (ctx) {
   // overwrite the ID with current users
   ctx.request.body._id = ctx.user._id
+  if (ctx.user.builder && ctx.user.builder.global) {
+    ctx.request.body.roleId = BUILTIN_ROLE_IDS.ADMIN
+  }
   // make sure no stale rev
   delete ctx.request.body._rev
   await exports.updateMetadata(ctx)
diff --git a/packages/server/src/middleware/currentapp.js b/packages/server/src/middleware/currentapp.js
index 0828c809c7..adf976e611 100644
--- a/packages/server/src/middleware/currentapp.js
+++ b/packages/server/src/middleware/currentapp.js
@@ -31,9 +31,8 @@ module.exports = async (ctx, next) => {
     const globalUser = await getGlobalUsers(ctx, requestAppId, ctx.user._id)
     updateCookie = true
     appId = requestAppId
-    if (globalUser.roles && globalUser.roles[requestAppId]) {
-      roleId = globalUser.roles[requestAppId]
-    }
+    // retrieving global user gets the right role
+    roleId = globalUser.roleId
   } else if (appCookie != null) {
     appId = appCookie.appId
     roleId = appCookie.roleId || BUILTIN_ROLE_IDS.PUBLIC