From 88b31d740671219551f79c1768a4ab0faf221ca8 Mon Sep 17 00:00:00 2001 From: mike12345567 Date: Thu, 27 May 2021 12:05:31 +0100 Subject: [PATCH] Fixing an issue with redirect loop in auth, --- packages/auth/src/security/permissions.js | 3 +++ packages/builder/src/pages/builder/auth/_layout.svelte | 4 ++-- packages/server/src/api/routes/analytics.js | 2 +- packages/server/src/api/routes/application.js | 6 +++--- 4 files changed, 9 insertions(+), 6 deletions(-) diff --git a/packages/auth/src/security/permissions.js b/packages/auth/src/security/permissions.js index 03fa5fa562..3b03ccb8ee 100644 --- a/packages/auth/src/security/permissions.js +++ b/packages/auth/src/security/permissions.js @@ -17,6 +17,7 @@ const PermissionTypes = { BUILDER: "builder", VIEW: "view", QUERY: "query", + APP: "app", } function Permission(type, level) { @@ -86,6 +87,7 @@ const BUILTIN_PERMISSIONS = { new Permission(PermissionTypes.QUERY, PermissionLevels.READ), new Permission(PermissionTypes.TABLE, PermissionLevels.READ), new Permission(PermissionTypes.VIEW, PermissionLevels.READ), + new Permission(PermissionTypes.APP, PermissionLevels.READ), ], }, WRITE: { @@ -118,6 +120,7 @@ const BUILTIN_PERMISSIONS = { new Permission(PermissionTypes.VIEW, PermissionLevels.ADMIN), new Permission(PermissionTypes.WEBHOOK, PermissionLevels.READ), new Permission(PermissionTypes.QUERY, PermissionLevels.ADMIN), + new Permission(PermissionTypes.APP, PermissionLevels.ADMIN), ], }, } diff --git a/packages/builder/src/pages/builder/auth/_layout.svelte b/packages/builder/src/pages/builder/auth/_layout.svelte index ac224a41db..eb9e229a9d 100644 --- a/packages/builder/src/pages/builder/auth/_layout.svelte +++ b/packages/builder/src/pages/builder/auth/_layout.svelte @@ -7,12 +7,12 @@ // Check this onMount rather than a reactive statement to avoid trumping // the login return URL functionality. onMount(() => { - if ($auth.user) { + if ($auth.user && !$auth.user.forceResetPassword) { $redirect("../") } }) -{#if !$auth.user} +{#if !$auth.user || $auth.user.forceResetPassword} {/if} diff --git a/packages/server/src/api/routes/analytics.js b/packages/server/src/api/routes/analytics.js index fc05ecfecd..f8e9c8c8e7 100644 --- a/packages/server/src/api/routes/analytics.js +++ b/packages/server/src/api/routes/analytics.js @@ -5,6 +5,6 @@ const { BUILDER } = require("@budibase/auth/permissions") const router = Router() -router.get("/api/analytics", authorized(BUILDER), controller.isEnabled) +router.get("/api/analytics", controller.isEnabled) module.exports = router diff --git a/packages/server/src/api/routes/application.js b/packages/server/src/api/routes/application.js index edb6957144..51ac4335fd 100644 --- a/packages/server/src/api/routes/application.js +++ b/packages/server/src/api/routes/application.js @@ -1,16 +1,16 @@ const Router = require("@koa/router") const controller = require("../controllers/application") const authorized = require("../../middleware/authorized") -const { BUILDER } = require("@budibase/auth/permissions") +const { BUILDER, PermissionTypes, PermissionLevels } = require("@budibase/auth/permissions") const router = Router() router .get("/api/applications/:appId/definition", controller.fetchAppDefinition) - .get("/api/applications", authorized(BUILDER), controller.fetch) + .get("/api/applications", authorized(PermissionTypes.APP, PermissionLevels.READ), controller.fetch) .get( "/api/applications/:appId/appPackage", - authorized(BUILDER), + authorized(PermissionTypes.APP, PermissionLevels.READ), controller.fetchAppPackage ) .put("/api/applications/:appId", authorized(BUILDER), controller.update)