CodeMirror/budibase
1
0
Fork 0
mirror of synced 2024-07-03 21:40:55 +12:00
Code Issues Projects Releases Wiki Activity

Merge branch 'develop' into account-portal-auth-api-testing-2

Browse source
This commit is contained in:
jvcalderon 2023-08-02 17:44:01 +02:00
parent 0380068473 ffb22f9f93
commit 989bfe76fb
145 changed files with 1958 additions and 1337 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.github/workflows/budibase_ci.yml vendored
View file

@ -154,7 +154,7 @@ jobs:
node-version: 14.x
cache: "yarn"
- run: yarn
- run: yarn build
- run: yarn build --projects=@budibase/server,@budibase/worker,@budibase/client
- name: Run tests
run: |
cd qa-core

2
.gitignore vendored
View file

@ -101,8 +101,6 @@ packages/builder/cypress.env.json
packages/builder/cypress/reports
stats.html
# TypeScript cache
*.tsbuildinfo
# plugins
budibase-component

2
lerna.json
View file

@ -1,5 +1,5 @@
{
"version": "2.8.29-alpha.9",
"version": "2.8.29-alpha.15",
"npmClient": "yarn",
"packages": [
"packages/*"

13
nx.json
View file

@ -3,19 +3,10 @@
"default": {
"runner": "nx-cloud",
"options": {
"cacheableOperations": ["build", "test"],
"cacheableOperations": ["build", "test", "check:types"],
"accessToken": "MmM4OGYxNzItMDBlYy00ZmE3LTk4MTYtNmJhYWMyZjBjZTUyfHJlYWQ="
}
}
},
"targetDefaults": {
"dev:builder": {
"dependsOn": [
{
"projects": ["@budibase/string-templates"],
"target": "build"
}
]
}
}
"targetDefaults": {}
}

8
package.json
View file

@ -36,7 +36,7 @@
"bootstrap": "./scripts/link-dependencies.sh && echo '***BOOTSTRAP ONLY REQUIRED FOR USE WITH ACCOUNT PORTAL***'",
"build": "yarn nx run-many -t=build",
"build:dev": "lerna run --stream prebuild && yarn nx run-many --target=build --output-style=dynamic --watch --preserveWatchOutput",
"check:types": "lerna run check:types --skip-nx-cache",
"check:types": "lerna run check:types",
"backend:bootstrap": "./scripts/scopeBackend.sh && yarn run bootstrap",
"backend:build": "./scripts/scopeBackend.sh 'lerna run --stream build'",
"build:sdk": "lerna run --stream build:sdk",
@ -51,9 +51,9 @@
"kill-builder": "kill-port 3000",
"kill-server": "kill-port 4001 4002",
"kill-all": "yarn run kill-builder && yarn run kill-server",
"dev": "yarn run kill-all && lerna run --stream --parallel dev:builder",
"dev:noserver": "yarn run kill-builder && lerna run --stream dev:stack:up && lerna run --stream --parallel dev:builder --ignore @budibase/backend-core --ignore @budibase/server --ignore @budibase/worker",
"dev:server": "yarn run kill-server && lerna run --stream --parallel dev:builder --scope @budibase/worker --scope @budibase/server",
"dev": "yarn run kill-all && lerna run --stream dev:builder",
"dev:noserver": "yarn run kill-builder && lerna run --stream dev:stack:up && lerna run --stream dev:builder --ignore @budibase/backend-core --ignore @budibase/server --ignore @budibase/worker",
"dev:server": "yarn run kill-server && lerna run --stream dev:builder --scope @budibase/worker --scope @budibase/server",
"dev:built": "yarn run kill-all && cd packages/server && yarn dev:stack:up && cd ../../ && lerna run --stream dev:built",
"dev:docker": "yarn build:docker:pre && docker-compose -f hosting/docker-compose.build.yaml -f hosting/docker-compose.dev.yaml --env-file hosting/.env up --build --scale proxy-service=0",
"test": "lerna run --stream test --stream",

1
packages/backend-core/jest.config.ts
View file

@ -9,6 +9,7 @@ const baseConfig: Config.InitialProjectOptions = {
},
moduleNameMapper: {
"@budibase/types": "<rootDir>/../types/src",
"@budibase/shared-core": ["<rootDir>/../shared-core/src"],
},
}

19
packages/backend-core/package.json
View file

@ -16,12 +16,14 @@
"prepack": "cp package.json dist",
"build": "tsc -p tsconfig.build.json",
"build:dev": "yarn prebuild && tsc --build --watch --preserveWatchOutput",
"check:types": "tsc -p tsconfig.json --noEmit --paths null",
"test": "bash scripts/test.sh",
"test:watch": "jest --watchAll"
},
"dependencies": {
"@budibase/nano": "10.1.2",
"@budibase/pouchdb-replication-stream": "1.2.10",
"@budibase/shared-core": "0.0.0",
"@budibase/types": "0.0.0",
"@techpass/passport-openidconnect": "0.3.2",
"aws-cloudfront-sign": "2.2.0",
@ -86,20 +88,5 @@
"ts-node": "10.8.1",
"tsconfig-paths": "4.0.0",
"typescript": "4.7.3"
},
"nx": {
"targets": {
"build": {
"dependsOn": [
{
"projects": [
"@budibase/types"
],
"target": "build"
}
]
}
}
},
"gitHead": "d1836a898cab3f8ab80ee6d8f42be1a9eed7dcdc"
}
}

14
packages/backend-core/src/cache/tests/writethrough.spec.ts vendored
View file

@ -36,7 +36,7 @@ describe("writethrough", () => {
_id: docId,
value: 1,
})
const output = await db.get(response.id)
const output = await db.get<any>(response.id)
current = output
expect(output.value).toBe(1)
})
@ -45,7 +45,7 @@ describe("writethrough", () => {
it("second put shouldn't update DB", async () => {
await config.doInTenant(async () => {
const response = await writethrough.put({ ...current, value: 2 })
const output = await db.get(response.id)
const output = await db.get<any>(response.id)
expect(current._rev).toBe(output._rev)
expect(output.value).toBe(1)
})
@ -55,7 +55,7 @@ describe("writethrough", () => {
await config.doInTenant(async () => {
tk.freeze(Date.now() + DELAY + 1)
const response = await writethrough.put({ ...current, value: 3 })
const output = await db.get(response.id)
const output = await db.get<any>(response.id)
expect(response.rev).not.toBe(current._rev)
expect(output.value).toBe(3)
@ -79,7 +79,7 @@ describe("writethrough", () => {
expect.arrayContaining([current._rev, current._rev, newRev])
)
const output = await db.get(current._id)
const output = await db.get<any>(current._id)
expect(output.value).toBe(4)
expect(output._rev).toBe(newRev)
@ -107,7 +107,7 @@ describe("writethrough", () => {
})
expect(res.ok).toBe(true)
const output = await db.get(id)
const output = await db.get<any>(id)
expect(output.value).toBe(3)
expect(output._rev).toBe(res.rev)
})
@ -130,8 +130,8 @@ describe("writethrough", () => {
const resp2 = await writethrough2.put({ _id: "db1", value: "second" })
expect(resp1.rev).toBeDefined()
expect(resp2.rev).toBeDefined()
expect((await db.get("db1")).value).toBe("first")
expect((await db2.get("db1")).value).toBe("second")
expect((await db.get<any>("db1")).value).toBe("first")
expect((await db2.get<any>("db1")).value).toBe("second")
})
})
})

46
packages/backend-core/src/constants/db.ts
View file

@ -1,5 +1,5 @@
export const SEPARATOR = "_"
export const UNICODE_MAX = "\ufff0"
import { prefixed, DocumentType } from "@budibase/types"
export { SEPARATOR, UNICODE_MAX, DocumentType } from "@budibase/types"
/**
* Can be used to create a few different forms of querying a view.
@ -14,8 +14,6 @@ export enum ViewName {
USER_BY_APP = "by_app",
USER_BY_EMAIL = "by_email2",
BY_API_KEY = "by_api_key",
/** @deprecated - could be deleted */
USER_BY_BUILDERS = "by_builders",
LINK = "by_link",
ROUTING = "screen_routes",
AUTOMATION_LOGS = "automation_logs",
@ -36,42 +34,6 @@ export enum InternalTable {
USER_METADATA = "ta_users",
}
export enum DocumentType {
USER = "us",
GROUP = "gr",
WORKSPACE = "workspace",
CONFIG = "config",
TEMPLATE = "template",
APP = "app",
DEV = "dev",
APP_DEV = "app_dev",
APP_METADATA = "app_metadata",
ROLE = "role",
MIGRATIONS = "migrations",
DEV_INFO = "devinfo",
AUTOMATION_LOG = "log_au",
ACCOUNT_METADATA = "acc_metadata",
PLUGIN = "plg",
DATASOURCE = "datasource",
DATASOURCE_PLUS = "datasource_plus",
APP_BACKUP = "backup",
TABLE = "ta",
ROW = "ro",
AUTOMATION = "au",
LINK = "li",
WEBHOOK = "wh",
INSTANCE = "inst",
LAYOUT = "layout",
SCREEN = "screen",
QUERY = "query",
DEPLOYMENTS = "deployments",
METADATA = "metadata",
MEM_VIEW = "view",
USER_FLAG = "flag",
AUTOMATION_METADATA = "meta_au",
AUDIT_LOG = "al",
}
export const StaticDatabases = {
GLOBAL: {
name: "global-db",
@ -95,7 +57,7 @@ export const StaticDatabases = {
},
}
export const APP_PREFIX = DocumentType.APP + SEPARATOR
export const APP_DEV = DocumentType.APP_DEV + SEPARATOR
export const APP_PREFIX = prefixed(DocumentType.APP)
export const APP_DEV = prefixed(DocumentType.APP_DEV)
export const APP_DEV_PREFIX = APP_DEV
export const BUDIBASE_DATASOURCE_TYPE = "budibase"

11
packages/backend-core/src/db/views.ts
View file

@ -105,16 +105,6 @@ export const createApiKeyView = async () => {
await createView(db, viewJs, ViewName.BY_API_KEY)
}
export const createUserBuildersView = async () => {
const db = getGlobalDB()
const viewJs = `function(doc) {
if (doc.builder && doc.builder.global === true) {
emit(doc._id, doc._id)
}
}`
await createView(db, viewJs, ViewName.USER_BY_BUILDERS)
}
export interface QueryViewOptions {
arrayResponse?: boolean
}
@ -223,7 +213,6 @@ export const queryPlatformView = async <T>(
const CreateFuncByName: any = {
[ViewName.USER_BY_EMAIL]: createNewUserEmailView,
[ViewName.BY_API_KEY]: createApiKeyView,
[ViewName.USER_BY_BUILDERS]: createUserBuildersView,
[ViewName.USER_BY_APP]: createUserAppView,
}

12
packages/backend-core/src/environment.ts
View file

@ -1,4 +1,5 @@
import { existsSync, readFileSync } from "fs"
import { ServiceType } from "@budibase/types"
function isTest() {
return isCypress() || isJest()
@ -83,10 +84,20 @@ function getPackageJsonFields(): {
}
}
function isWorker() {
return environment.SERVICE_TYPE === ServiceType.WORKER
}
function isApps() {
return environment.SERVICE_TYPE === ServiceType.APPS
}
const environment = {
isTest,
isJest,
isDev,
isWorker,
isApps,
isProd: () => {
return !isDev()
},
@ -153,6 +164,7 @@ const environment = {
SMTP_FROM_ADDRESS: process.env.SMTP_FROM_ADDRESS,
DISABLE_JWT_WARNING: process.env.DISABLE_JWT_WARNING,
BLACKLIST_IPS: process.env.BLACKLIST_IPS,
SERVICE_TYPE: "unknown",
/**
* Enable to allow an admin user to login using a password.
* This can be useful to prevent lockout when configuring SSO.

5
packages/backend-core/src/events/identification.ts
View file

@ -21,6 +21,7 @@ import { processors } from "./processors"
import { newid } from "../utils"
import * as installation from "../installation"
import * as configs from "../configs"
import * as users from "../users"
import { withCache, TTL, CacheKey } from "../cache/generic"
/**
@ -164,8 +165,8 @@ const identifyUser = async (
const id = user._id as string
const tenantId = await getEventTenantId(user.tenantId)
const type = IdentityType.USER
let builder = user.builder?.global || false
let admin = user.admin?.global || false
let builder = users.hasBuilderPermissions(user)
let admin = users.hasAdminPermissions(user)
let providerType
if (isSSOUser(user)) {
providerType = user.providerType

10
packages/backend-core/src/middleware/adminOnly.ts
View file

@ -1,10 +1,8 @@
import { BBContext } from "@budibase/types"
import { UserCtx } from "@budibase/types"
import { isAdmin } from "../users"
export default async (ctx: BBContext, next: any) => {
if (
!ctx.internal &&
(!ctx.user || !ctx.user.admin || !ctx.user.admin.global)
) {
export default async (ctx: UserCtx, next: any) => {
if (!ctx.internal && !isAdmin(ctx.user)) {
ctx.throw(403, "Admin user only endpoint.")
}
return next()

21
packages/backend-core/src/middleware/builderOnly.ts
View file

@ -1,10 +1,19 @@
import { BBContext } from "@budibase/types"
import { UserCtx } from "@budibase/types"
import { isBuilder, hasBuilderPermissions } from "../users"
import { getAppId } from "../context"
import env from "../environment"
export default async (ctx: BBContext, next: any) => {
if (
!ctx.internal &&
(!ctx.user || !ctx.user.builder || !ctx.user.builder.global)
) {
export default async (ctx: UserCtx, next: any) => {
const appId = getAppId()
const builderFn = env.isWorker()
? hasBuilderPermissions
: env.isApps()
? isBuilder
: undefined
if (!builderFn) {
throw new Error("Service name unknown - middleware inactive.")
}
if (!ctx.internal && !builderFn(ctx.user, appId)) {
ctx.throw(403, "Builder user only endpoint.")
}
return next()

24
packages/backend-core/src/middleware/builderOrAdmin.ts
View file

@ -1,12 +1,20 @@
import { BBContext } from "@budibase/types"
import { UserCtx } from "@budibase/types"
import { isBuilder, isAdmin, hasBuilderPermissions } from "../users"
import { getAppId } from "../context"
import env from "../environment"
export default async (ctx: BBContext, next: any) => {
if (
!ctx.internal &&
(!ctx.user || !ctx.user.builder || !ctx.user.builder.global) &&
(!ctx.user || !ctx.user.admin || !ctx.user.admin.global)
) {
ctx.throw(403, "Builder user only endpoint.")
export default async (ctx: UserCtx, next: any) => {
const appId = getAppId()
const builderFn = env.isWorker()
? hasBuilderPermissions
: env.isApps()
? isBuilder
: undefined
if (!builderFn) {
throw new Error("Service name unknown - middleware inactive.")
}
if (!ctx.internal && !builderFn(ctx.user, appId) && !isAdmin(ctx.user)) {
ctx.throw(403, "Admin/Builder user only endpoint.")
}
return next()
}

180
packages/backend-core/src/middleware/tests/builder.spec.ts Normal file
View file

@ -0,0 +1,180 @@
import adminOnly from "../adminOnly"
import builderOnly from "../builderOnly"
import builderOrAdmin from "../builderOrAdmin"
import { structures } from "../../../tests"
import { ContextUser, ServiceType } from "@budibase/types"
import { doInAppContext } from "../../context"
import env from "../../environment"
env._set("SERVICE_TYPE", ServiceType.APPS)
const appId = "app_aaa"
const basicUser = structures.users.user()
const adminUser = structures.users.adminUser()
const adminOnlyUser = structures.users.adminOnlyUser()
const builderUser = structures.users.builderUser()
const appBuilderUser = structures.users.appBuilderUser(appId)
function buildUserCtx(user: ContextUser) {
return {
internal: false,
user,
throw: jest.fn(),
} as any
}
function passed(throwFn: jest.Func, nextFn: jest.Func) {
expect(throwFn).not.toBeCalled()
expect(nextFn).toBeCalled()
}
function threw(throwFn: jest.Func) {
// cant check next, the throw function doesn't actually throw - so it still continues
expect(throwFn).toBeCalled()
}
describe("adminOnly middleware", () => {
it("should allow admin user", () => {
const ctx = buildUserCtx(adminUser),
next = jest.fn()
adminOnly(ctx, next)
passed(ctx.throw, next)
})
it("should not allow basic user", () => {
const ctx = buildUserCtx(basicUser),
next = jest.fn()
adminOnly(ctx, next)
threw(ctx.throw)
})
it("should not allow builder user", () => {
const ctx = buildUserCtx(builderUser),
next = jest.fn()
adminOnly(ctx, next)
threw(ctx.throw)
})
})
describe("builderOnly middleware", () => {
it("should allow builder user", () => {
const ctx = buildUserCtx(builderUser),
next = jest.fn()
builderOnly(ctx, next)
passed(ctx.throw, next)
})
it("should allow app builder user", () => {
const ctx = buildUserCtx(appBuilderUser),
next = jest.fn()
doInAppContext(appId, () => {
builderOnly(ctx, next)
})
passed(ctx.throw, next)
})
it("should allow admin and builder user", () => {
const ctx = buildUserCtx(adminUser),
next = jest.fn()
builderOnly(ctx, next)
passed(ctx.throw, next)
})
it("should not allow admin user", () => {
const ctx = buildUserCtx(adminOnlyUser),
next = jest.fn()
builderOnly(ctx, next)
threw(ctx.throw)
})
it("should not allow app builder user to different app", () => {
const ctx = buildUserCtx(appBuilderUser),
next = jest.fn()
doInAppContext("app_bbb", () => {
builderOnly(ctx, next)
})
threw(ctx.throw)
})
it("should not allow basic user", () => {
const ctx = buildUserCtx(basicUser),
next = jest.fn()
builderOnly(ctx, next)
threw(ctx.throw)
})
})
describe("builderOrAdmin middleware", () => {
it("should allow builder user", () => {
const ctx = buildUserCtx(builderUser),
next = jest.fn()
builderOrAdmin(ctx, next)
passed(ctx.throw, next)
})
it("should allow builder and admin user", () => {
const ctx = buildUserCtx(adminUser),
next = jest.fn()
builderOrAdmin(ctx, next)
passed(ctx.throw, next)
})
it("should allow admin user", () => {
const ctx = buildUserCtx(adminOnlyUser),
next = jest.fn()
builderOrAdmin(ctx, next)
passed(ctx.throw, next)
})
it("should allow app builder user", () => {
const ctx = buildUserCtx(appBuilderUser),
next = jest.fn()
doInAppContext(appId, () => {
builderOrAdmin(ctx, next)
})
passed(ctx.throw, next)
})
it("should not allow basic user", () => {
const ctx = buildUserCtx(basicUser),
next = jest.fn()
builderOrAdmin(ctx, next)
threw(ctx.throw)
})
})
describe("check service difference", () => {
it("should not allow without app ID in apps", () => {
env._set("SERVICE_TYPE", ServiceType.APPS)
const appId = "app_a"
const ctx = buildUserCtx({
...basicUser,
builder: {
apps: [appId],
},
})
const next = jest.fn()
doInAppContext(appId, () => {
builderOnly(ctx, next)
})
passed(ctx.throw, next)
doInAppContext("app_b", () => {
builderOnly(ctx, next)
})
threw(ctx.throw)
})
it("should allow without app ID in worker", () => {
env._set("SERVICE_TYPE", ServiceType.WORKER)
const ctx = buildUserCtx({
...basicUser,
builder: {
apps: ["app_a"],
},
})
const next = jest.fn()
doInAppContext("app_b", () => {
builderOnly(ctx, next)
})
passed(ctx.throw, next)
})
})

22
packages/backend-core/src/security/permissions.ts
View file

@ -1,3 +1,5 @@
import { PermissionType, PermissionLevel } from "@budibase/types"
export { PermissionType, PermissionLevel } from "@budibase/types"
import flatten from "lodash/flatten"
import cloneDeep from "lodash/fp/cloneDeep"
@ -5,25 +7,6 @@ export type RoleHierarchy = {
permissionId: string
}[]
export enum PermissionLevel {
READ = "read",
WRITE = "write",
EXECUTE = "execute",
ADMIN = "admin",
}
// these are the global types, that govern the underlying default behaviour
export enum PermissionType {
APP = "app",
TABLE = "table",
USER = "user",
AUTOMATION = "automation",
WEBHOOK = "webhook",
BUILDER = "builder",
VIEW = "view",
QUERY = "query",
}
export class Permission {
type: PermissionType
level: PermissionLevel
@ -173,3 +156,4 @@ export function isPermissionLevelHigherThanRead(level: PermissionLevel) {
// utility as a lot of things need simply the builder permission
export const BUILDER = PermissionType.BUILDER
export const GLOBAL_BUILDER = PermissionType.GLOBAL_BUILDER

460
packages/backend-core/src/users/db.ts Normal file
View file

@ -0,0 +1,460 @@
import env from "../environment"
import * as eventHelpers from "./events"
import * as accounts from "../accounts"
import * as cache from "../cache"
import { getIdentity, getTenantId, getGlobalDB } from "../context"
import * as dbUtils from "../db"
import { EmailUnavailableError, HTTPError } from "../errors"
import * as platform from "../platform"
import * as sessions from "../security/sessions"
import * as usersCore from "./users"
import {
AllDocsResponse,
BulkUserCreated,
BulkUserDeleted,
RowResponse,
SaveUserOpts,
User,
Account,
isSSOUser,
isSSOAccount,
UserStatus,
} from "@budibase/types"
import * as accountSdk from "../accounts"
import {
validateUniqueUser,
getAccountHolderFromUserIds,
isAdmin,
} from "./utils"
import { searchExistingEmails } from "./lookup"
import { hash } from "../utils"
type QuotaUpdateFn = (change: number, cb?: () => Promise<any>) => Promise<any>
type GroupUpdateFn = (groupId: string, userIds: string[]) => Promise<any>
type FeatureFn = () => Promise<Boolean>
type QuotaFns = { addUsers: QuotaUpdateFn; removeUsers: QuotaUpdateFn }
type GroupFns = { addUsers: GroupUpdateFn }
type FeatureFns = { isSSOEnforced: FeatureFn; isAppBuildersEnabled: FeatureFn }
const bulkDeleteProcessing = async (dbUser: User) => {
const userId = dbUser._id as string
await platform.users.removeUser(dbUser)
await eventHelpers.handleDeleteEvents(dbUser)
await cache.user.invalidateUser(userId)
await sessions.invalidateSessions(userId, { reason: "bulk-deletion" })
}
export class UserDB {
static quotas: QuotaFns
static groups: GroupFns
static features: FeatureFns
static init(quotaFns: QuotaFns, groupFns: GroupFns, featureFns: FeatureFns) {
UserDB.quotas = quotaFns
UserDB.groups = groupFns
UserDB.features = featureFns
}
static async isPreventPasswordActions(user: User, account?: Account) {
// when in maintenance mode we allow sso users with the admin role
// to perform any password action - this prevents lockout
if (env.ENABLE_SSO_MAINTENANCE_MODE && isAdmin(user)) {
return false
}
// SSO is enforced for all users
if (await UserDB.features.isSSOEnforced()) {
return true
}
// Check local sso
if (isSSOUser(user)) {
return true
}
// Check account sso
if (!account) {
account = await accountSdk.getAccountByTenantId(getTenantId())
}
return !!(account && account.email === user.email && isSSOAccount(account))
}
static async buildUser(
user: User,
opts: SaveUserOpts = {
hashPassword: true,
requirePassword: true,
},
tenantId: string,
dbUser?: any,
account?: Account
): Promise<User> {
let { password, _id } = user
// don't require a password if the db user doesn't already have one
if (dbUser && !dbUser.password) {
opts.requirePassword = false
}
let hashedPassword
if (password) {
if (await UserDB.isPreventPasswordActions(user, account)) {
throw new HTTPError("Password change is disabled for this user", 400)
}
hashedPassword = opts.hashPassword ? await hash(password) : password
} else if (dbUser) {
hashedPassword = dbUser.password
}
// passwords are never required if sso is enforced
const requirePasswords =
opts.requirePassword && !(await UserDB.features.isSSOEnforced())
if (!hashedPassword && requirePasswords) {
throw "Password must be specified."
}
_id = _id || dbUtils.generateGlobalUserID()
const fullUser = {
createdAt: Date.now(),
...dbUser,
...user,
_id,
password: hashedPassword,
tenantId,
}
// make sure the roles object is always present
if (!fullUser.roles) {
fullUser.roles = {}
}
// add the active status to a user if its not provided
if (fullUser.status == null) {
fullUser.status = UserStatus.ACTIVE
}
return fullUser
}
static async allUsers() {
const db = getGlobalDB()
const response = await db.allDocs(
dbUtils.getGlobalUserParams(null, {
include_docs: true,
})
)
return response.rows.map((row: any) => row.doc)
}
static async countUsersByApp(appId: string) {
let response: any = await usersCore.searchGlobalUsersByApp(appId, {})
return {
userCount: response.length,
}
}
static async getUsersByAppAccess(appId?: string) {
const opts: any = {
include_docs: true,
limit: 50,
}
let response: User[] = await usersCore.searchGlobalUsersByAppAccess(
appId,
opts
)
return response
}
static async getUserByEmail(email: string) {
return usersCore.getGlobalUserByEmail(email)
}
/**
* Gets a user by ID from the global database, based on the current tenancy.
*/
static async getUser(userId: string) {
const user = await usersCore.getById(userId)
if (user) {
delete user.password
}
return user
}
static async save(user: User, opts: SaveUserOpts = {}): Promise<User> {
// default booleans to true
if (opts.hashPassword == null) {
opts.hashPassword = true
}
if (opts.requirePassword == null) {
opts.requirePassword = true
}
const tenantId = getTenantId()
const db = getGlobalDB()
let { email, _id, userGroups = [], roles } = user
if (!email && !_id) {
throw new Error("_id or email is required")
}
if (
user.builder?.apps?.length &&
!(await UserDB.features.isAppBuildersEnabled())
) {
throw new Error("Unable to update app builders, please check license")
}
let dbUser: User | undefined
if (_id) {
// try to get existing user from db
try {
dbUser = (await db.get(_id)) as User
if (email && dbUser.email !== email) {
throw "Email address cannot be changed"
}
email = dbUser.email
} catch (e: any) {
if (e.status === 404) {
// do nothing, save this new user with the id specified - required for SSO auth
} else {
throw e
}
}
}
if (!dbUser && email) {
// no id was specified - load from email instead
dbUser = await usersCore.getGlobalUserByEmail(email)
if (dbUser && dbUser._id !== _id) {
throw new EmailUnavailableError(email)
}
}
const change = dbUser ? 0 : 1 // no change if there is existing user
return UserDB.quotas.addUsers(change, async () => {
await validateUniqueUser(email, tenantId)
let builtUser = await UserDB.buildUser(user, opts, tenantId, dbUser)
// don't allow a user to update its own roles/perms
if (opts.currentUserId && opts.currentUserId === dbUser?._id) {
builtUser = usersCore.cleanseUserObject(builtUser, dbUser) as User
}
if (!dbUser && roles?.length) {
builtUser.roles = { ...roles }
}
// make sure we set the _id field for a new user
// Also if this is a new user, associate groups with them
let groupPromises = []
if (!_id) {
_id = builtUser._id!
if (userGroups.length > 0) {
for (let groupId of userGroups) {
groupPromises.push(UserDB.groups.addUsers(groupId, [_id!]))
}
}
}
try {
// save the user to db
let response = await db.put(builtUser)
builtUser._rev = response.rev
await eventHelpers.handleSaveEvents(builtUser, dbUser)
await platform.users.addUser(tenantId, builtUser._id!, builtUser.email)
await cache.user.invalidateUser(response.id)
await Promise.all(groupPromises)
// finally returned the saved user from the db
return db.get(builtUser._id!)
} catch (err: any) {
if (err.status === 409) {
throw "User exists already"
} else {
throw err
}
}
})
}
static async bulkCreate(
newUsersRequested: User[],
groups: string[]
): Promise<BulkUserCreated> {
const tenantId = getTenantId()
let usersToSave: any[] = []
let newUsers: any[] = []
const emails = newUsersRequested.map((user: User) => user.email)
const existingEmails = await searchExistingEmails(emails)
const unsuccessful: { email: string; reason: string }[] = []
for (const newUser of newUsersRequested) {
if (
newUsers.find(
(x: User) => x.email.toLowerCase() === newUser.email.toLowerCase()
) ||
existingEmails.includes(newUser.email.toLowerCase())
) {
unsuccessful.push({
email: newUser.email,
reason: `Unavailable`,
})
continue
}
newUser.userGroups = groups
newUsers.push(newUser)
}
const account = await accountSdk.getAccountByTenantId(tenantId)
return UserDB.quotas.addUsers(newUsers.length, async () => {
// create the promises array that will be called by bulkDocs
newUsers.forEach((user: any) => {
usersToSave.push(
UserDB.buildUser(
user,
{
hashPassword: true,
requirePassword: user.requirePassword,
},
tenantId,
undefined, // no dbUser
account
)
)
})
const usersToBulkSave = await Promise.all(usersToSave)
await usersCore.bulkUpdateGlobalUsers(usersToBulkSave)
// Post-processing of bulk added users, e.g. events and cache operations
for (const user of usersToBulkSave) {
// TODO: Refactor to bulk insert users into the info db
// instead of relying on looping tenant creation
await platform.users.addUser(tenantId, user._id, user.email)
await eventHelpers.handleSaveEvents(user, undefined)
}
const saved = usersToBulkSave.map(user => {
return {
_id: user._id,
email: user.email,
}
})
// now update the groups
if (Array.isArray(saved) && groups) {
const groupPromises = []
const createdUserIds = saved.map(user => user._id)
for (let groupId of groups) {
groupPromises.push(UserDB.groups.addUsers(groupId, createdUserIds))
}
await Promise.all(groupPromises)
}
return {
successful: saved,
unsuccessful,
}
})
}
static async bulkDelete(userIds: string[]): Promise<BulkUserDeleted> {
const db = getGlobalDB()
const response: BulkUserDeleted = {
successful: [],
unsuccessful: [],
}
// remove the account holder from the delete request if present
const account = await getAccountHolderFromUserIds(userIds)
if (account) {
userIds = userIds.filter(u => u !== account.budibaseUserId)
// mark user as unsuccessful
response.unsuccessful.push({
_id: account.budibaseUserId,
email: account.email,
reason: "Account holder cannot be deleted",
})
}
// Get users and delete
const allDocsResponse: AllDocsResponse<User> = await db.allDocs({
include_docs: true,
keys: userIds,
})
const usersToDelete: User[] = allDocsResponse.rows.map(
(user: RowResponse<User>) => {
return user.doc
}
)
// Delete from DB
const toDelete = usersToDelete.map(user => ({
...user,
_deleted: true,
}))
const dbResponse = await usersCore.bulkUpdateGlobalUsers(toDelete)
await UserDB.quotas.removeUsers(toDelete.length)
for (let user of usersToDelete) {
await bulkDeleteProcessing(user)
}
// Build Response
// index users by id
const userIndex: { [key: string]: User } = {}
usersToDelete.reduce((prev, current) => {
prev[current._id!] = current
return prev
}, userIndex)
// add the successful and unsuccessful users to response
dbResponse.forEach(item => {
const email = userIndex[item.id].email
if (item.ok) {
response.successful.push({ _id: item.id, email })
} else {
response.unsuccessful.push({
_id: item.id,
email,
reason: "Database error",
})
}
})
return response
}
static async destroy(id: string) {
const db = getGlobalDB()
const dbUser = (await db.get(id)) as User
const userId = dbUser._id as string
if (!env.SELF_HOSTED && !env.DISABLE_ACCOUNT_PORTAL) {
// root account holder can't be deleted from inside budibase
const email = dbUser.email
const account = await accounts.getAccount(email)
if (account) {
if (dbUser.userId === getIdentity()!._id) {
throw new HTTPError('Please visit "Account" to delete this user', 400)
} else {
throw new HTTPError("Account holder cannot be deleted", 400)
}
}
}
await platform.users.removeUser(dbUser)
await db.remove(userId, dbUser._rev)
await UserDB.quotas.removeUsers(1)
await eventHelpers.handleDeleteEvents(dbUser)
await cache.user.invalidateUser(userId)
await sessions.invalidateSessions(userId, { reason: "deletion" })
}
}

24
packages/worker/src/sdk/users/events.ts → packages/backend-core/src/users/events.ts
View file

@ -1,15 +1,18 @@
import env from "../../environment"
import { events, accounts, tenancy } from "@budibase/backend-core"
import env from "../environment"
import * as events from "../events"
import * as accounts from "../accounts"
import { getTenantId } from "../context"
import { User, UserRoles, CloudAccount } from "@budibase/types"
import { hasBuilderPermissions, hasAdminPermissions } from "./utils"
export const handleDeleteEvents = async (user: any) => {
await events.user.deleted(user)
if (isBuilder(user)) {
if (hasBuilderPermissions(user)) {
await events.user.permissionBuilderRemoved(user)
}
if (isAdmin(user)) {
if (hasAdminPermissions(user)) {
await events.user.permissionAdminRemoved(user)
}
}
@ -55,7 +58,7 @@ export const handleSaveEvents = async (
user: User,
existingUser: User | undefined
) => {
const tenantId = tenancy.getTenantId()
const tenantId = getTenantId()
let tenantAccount: CloudAccount | undefined
if (!env.SELF_HOSTED && !env.DISABLE_ACCOUNT_PORTAL) {
tenantAccount = await accounts.getAccountByTenantId(tenantId)
@ -103,23 +106,20 @@ export const handleSaveEvents = async (
await handleAppRoleEvents(user, existingUser)
}
const isBuilder = (user: any) => user.builder && user.builder.global
const isAdmin = (user: any) => user.admin && user.admin.global
export const isAddingBuilder = (user: any, existingUser: any) => {
return isAddingPermission(user, existingUser, isBuilder)
return isAddingPermission(user, existingUser, hasBuilderPermissions)
}
export const isRemovingBuilder = (user: any, existingUser: any) => {
return isRemovingPermission(user, existingUser, isBuilder)
return isRemovingPermission(user, existingUser, hasBuilderPermissions)
}
const isAddingAdmin = (user: any, existingUser: any) => {
return isAddingPermission(user, existingUser, isAdmin)
return isAddingPermission(user, existingUser, hasAdminPermissions)
}
const isRemovingAdmin = (user: any, existingUser: any) => {
return isRemovingPermission(user, existingUser, isAdmin)
return isRemovingPermission(user, existingUser, hasAdminPermissions)
}
const isOnboardingComplete = (user: any, existingUser: any) => {

4
packages/backend-core/src/users/index.ts Normal file
View file

@ -0,0 +1,4 @@
export * from "./users"
export * from "./utils"
export * from "./lookup"
export { UserDB } from "./db"

102
packages/backend-core/src/users/lookup.ts Normal file
View file

@ -0,0 +1,102 @@
import {
AccountMetadata,
PlatformUser,
PlatformUserByEmail,
User,
} from "@budibase/types"
import * as dbUtils from "../db"
import { ViewName } from "../constants"
/**
* Apply a system-wide search on emails:
* - in tenant
* - cross tenant
* - accounts
* return an array of emails that match the supplied emails.
*/
export async function searchExistingEmails(emails: string[]) {
let matchedEmails: string[] = []
const existingTenantUsers = await getExistingTenantUsers(emails)
matchedEmails.push(...existingTenantUsers.map(user => user.email))
const existingPlatformUsers = await getExistingPlatformUsers(emails)
matchedEmails.push(...existingPlatformUsers.map(user => user._id!))
const existingAccounts = await getExistingAccounts(emails)
matchedEmails.push(...existingAccounts.map(account => account.email))
return [...new Set(matchedEmails.map(email => email.toLowerCase()))]
}
// lookup, could be email or userId, either will return a doc
export async function getPlatformUser(
identifier: string
): Promise<PlatformUser | null> {
// use the view here and allow to find anyone regardless of casing
// Use lowercase to ensure email login is case insensitive
return (await dbUtils.queryPlatformView(ViewName.PLATFORM_USERS_LOWERCASE, {
keys: [identifier.toLowerCase()],
include_docs: true,
})) as PlatformUser
}
export async function getExistingTenantUsers(
emails: string[]
): Promise<User[]> {
const lcEmails = emails.map(email => email.toLowerCase())
const params = {
keys: lcEmails,
include_docs: true,
}
const opts = {
arrayResponse: true,
}
return (await dbUtils.queryGlobalView(
ViewName.USER_BY_EMAIL,
params,
undefined,
opts
)) as User[]
}
export async function getExistingPlatformUsers(
emails: string[]
): Promise<PlatformUserByEmail[]> {
const lcEmails = emails.map(email => email.toLowerCase())
const params = {
keys: lcEmails,
include_docs: true,
}
const opts = {
arrayResponse: true,
}
return (await dbUtils.queryPlatformView(
ViewName.PLATFORM_USERS_LOWERCASE,
params,
opts
)) as PlatformUserByEmail[]
}
export async function getExistingAccounts(
emails: string[]
): Promise<AccountMetadata[]> {
const lcEmails = emails.map(email => email.toLowerCase())
const params = {
keys: lcEmails,
include_docs: true,
}
const opts = {
arrayResponse: true,
}
return (await dbUtils.queryPlatformView(
ViewName.ACCOUNT_BY_EMAIL,
params,
opts
)) as AccountMetadata[]
}

36
packages/backend-core/src/users.ts → packages/backend-core/src/users/users.ts
View file

@ -11,10 +11,16 @@ import {
SEPARATOR,
UNICODE_MAX,
ViewName,
} from "./db"
import { BulkDocsResponse, SearchUsersRequest, User } from "@budibase/types"
import { getGlobalDB } from "./context"
import * as context from "./context"
} from "../db"
import {
BulkDocsResponse,
SearchUsersRequest,
User,
ContextUser,
} from "@budibase/types"
import { getGlobalDB } from "../context"
import * as context from "../context"
import { user as userCache } from "../cache"
type GetOpts = { cleanup?: boolean }
@ -178,7 +184,7 @@ export const getGlobalUserByAppPage = (appId: string, user: User) => {
* Performs a starts with search on the global email view.
*/
export const searchGlobalUsersByEmail = async (
email: string,
email: string | unknown,
opts: any,
getOpts?: GetOpts
) => {
@ -248,3 +254,23 @@ export async function getUserCount() {
})
return response.total_rows
}
// used to remove the builder/admin permissions, for processing the
// user as an app user (they may have some specific role/group
export function removePortalUserPermissions(user: User | ContextUser) {
delete user.admin
delete user.builder
return user
}
export function cleanseUserObject(user: User | ContextUser, base?: User) {
delete user.admin
delete user.builder
delete user.roles
if (base) {
user.admin = base.admin
user.builder = base.builder
user.roles = base.roles
}
return user
}

55
packages/backend-core/src/users/utils.ts Normal file
View file

@ -0,0 +1,55 @@
import { CloudAccount } from "@budibase/types"
import * as accountSdk from "../accounts"
import env from "../environment"
import { getPlatformUser } from "./lookup"
import { EmailUnavailableError } from "../errors"
import { getTenantId } from "../context"
import { sdk } from "@budibase/shared-core"
import { getAccountByTenantId } from "../accounts"
// extract from shared-core to make easily accessible from backend-core
export const isBuilder = sdk.users.isBuilder
export const isAdmin = sdk.users.isAdmin
export const isGlobalBuilder = sdk.users.isGlobalBuilder
export const isAdminOrBuilder = sdk.users.isAdminOrBuilder
export const hasAdminPermissions = sdk.users.hasAdminPermissions
export const hasBuilderPermissions = sdk.users.hasBuilderPermissions
export const hasAppBuilderPermissions = sdk.users.hasAppBuilderPermissions
export async function validateUniqueUser(email: string, tenantId: string) {
// check budibase users in other tenants
if (env.MULTI_TENANCY) {
const tenantUser = await getPlatformUser(email)
if (tenantUser != null && tenantUser.tenantId !== tenantId) {
throw new EmailUnavailableError(email)
}
}
// check root account users in account portal
if (!env.SELF_HOSTED && !env.DISABLE_ACCOUNT_PORTAL) {
const account = await accountSdk.getAccount(email)
if (account && account.verified && account.tenantId !== tenantId) {
throw new EmailUnavailableError(email)
}
}
}
/**
* For the given user id's, return the account holder if it is in the ids.
*/
export async function getAccountHolderFromUserIds(
userIds: string[]
): Promise<CloudAccount | undefined> {
if (!env.SELF_HOSTED && !env.DISABLE_ACCOUNT_PORTAL) {
const tenantId = getTenantId()
const account = await getAccountByTenantId(tenantId)
if (!account) {
throw new Error(`Account not found for tenantId=${tenantId}`)
}
const budibaseUserId = account.budibaseUserId
if (userIds.includes(budibaseUserId)) {
return account
}
}
}

2
packages/backend-core/tests/core/utilities/mocks/events.ts
View file

@ -1,5 +1,3 @@
import * as events from "../../../../src/events"
beforeAll(async () => {
const processors = await import("../../../../src/events/processors")
const events = await import("../../../../src/events")

4
packages/backend-core/tests/core/utilities/mocks/licenses.ts
View file

@ -94,6 +94,10 @@ export const useSyncAutomations = () => {
return useFeature(Feature.SYNC_AUTOMATIONS)
}
export const useAppBuilders = () => {
return useFeature(Feature.APP_BUILDERS)
}
// QUOTAS
export const setAutomationLogsQuota = (value: number) => {

19
packages/backend-core/tests/core/utilities/structures/users.ts
View file

@ -1,5 +1,6 @@
import {
AdminUser,
AdminOnlyUser,
BuilderUser,
SSOAuthDetails,
SSOUser,
@ -21,6 +22,15 @@ export const adminUser = (userProps?: any): AdminUser => {
}
}
export const adminOnlyUser = (userProps?: any): AdminOnlyUser => {
return {
...user(userProps),
admin: {
global: true,
},
}
}
export const builderUser = (userProps?: any): BuilderUser => {
return {
...user(userProps),
@ -30,6 +40,15 @@ export const builderUser = (userProps?: any): BuilderUser => {
}
}
export const appBuilderUser = (appId: string, userProps?: any): BuilderUser => {
return {
...user(userProps),
builder: {
apps: [appId],
},
}
}
export function ssoUser(
opts: { user?: any; details?: SSOAuthDetails } = {}
): SSOUser {

4
packages/backend-core/tsconfig.json
View file

@ -4,9 +4,9 @@
"composite": true,
"baseUrl": ".",
"paths": {
"@budibase/types": ["../types/src"]
"@budibase/types": ["../types/src"],
"@budibase/shared-core": ["../shared-core/src"]
}
},
"exclude": ["node_modules", "dist"]
}

6
packages/bbui/package.json
View file

@ -98,13 +98,13 @@
{
"projects": [
"@budibase/string-templates",
"@budibase/shared-core"
"@budibase/shared-core",
"@budibase/types"
],
"target": "build"
}
]
}
}
},
"gitHead": "d1836a898cab3f8ab80ee6d8f42be1a9eed7dcdc"
}
}

21
packages/builder/package.json
View file

@ -133,8 +133,21 @@
"dependsOn": [
{
"projects": [
"@budibase/shared-core",
"@budibase/string-templates",
"@budibase/shared-core"
"@budibase/types"
],
"target": "build"
}
]
},
"dev:builder": {
"dependsOn": [
{
"projects": [
"@budibase/shared-core",
"@budibase/string-templates",
"@budibase/types"
],
"target": "build"
}
@ -145,13 +158,13 @@
{
"projects": [
"@budibase/shared-core",
"@budibase/string-templates"
"@budibase/string-templates",
"@budibase/types"
],
"target": "build"
}
]
}
}
},
"gitHead": "115189f72a850bfb52b65ec61d932531bf327072"
}
}

36
packages/builder/src/components/start/AppRow.svelte
View file

@ -1,16 +1,21 @@
<script>
import { Heading, Body, Button, Icon } from "@budibase/bbui"
import { processStringSync } from "@budibase/string-templates"
import { auth } from "stores/portal"
import { goto } from "@roxi/routify"
import { UserAvatars } from "@budibase/frontend-core"
import { sdk } from "@budibase/shared-core"
export let app
export let lockedAction
$: editing = app.sessions?.length
$: isBuilder = sdk.users.isBuilder($auth.user, app?.devId)
const handleDefaultClick = () => {
if (window.innerWidth < 640) {
if (!isBuilder) {
goToApp()
} else if (window.innerWidth < 640) {
goToOverview()
} else {
goToBuilder()
@ -24,6 +29,10 @@
const goToOverview = () => {
$goto(`../../app/${app.devId}/settings`)
}
const goToApp = () => {
window.open(`/app/${app.name}`, "_blank")
}
</script>
<div class="app-row" on:click={lockedAction || handleDefaultClick}>
@ -39,7 +48,7 @@
</div>
<div class="updated">
{#if editing}
{#if editing && isBuilder}
Currently editing
<UserAvatars users={app.sessions} />
{:else if app.updatedAt}
@ -56,14 +65,21 @@
<Body size="S">{app.deployed ? "Published" : "Unpublished"}</Body>
</div>
<div class="app-row-actions">
<Button size="S" secondary on:click={lockedAction || goToOverview}>
Manage
</Button>
<Button size="S" primary on:click={lockedAction || goToBuilder}>
Edit
</Button>
</div>
{#if isBuilder}
<div class="app-row-actions">
<Button size="S" secondary on:click={lockedAction || goToOverview}>
Manage
</Button>
<Button size="S" primary on:click={lockedAction || goToBuilder}>
Edit
</Button>
</div>
{:else}
<!-- this can happen if an app builder has app user access to an app -->
<div class="app-row-actions">
<Button size="S" secondary>View</Button>
</div>
{/if}
</div>
<style>

20
packages/builder/src/pages/builder/app/[application]/_components/BuilderSidePanel.svelte
View file

@ -12,12 +12,12 @@
} from "@budibase/bbui"
import { store } from "builderStore"
import { groups, licensing, apps, users, auth, admin } from "stores/portal"
import { fetchData } from "@budibase/frontend-core"
import { fetchData, Constants, Utils } from "@budibase/frontend-core"
import { sdk } from "@budibase/shared-core"
import { API } from "api"
import GroupIcon from "../../../portal/users/groups/_components/GroupIcon.svelte"
import RoleSelect from "components/common/RoleSelect.svelte"
import UpgradeModal from "components/common/users/UpgradeModal.svelte"
import { Constants, Utils } from "@budibase/frontend-core"
import { emailValidator } from "helpers/validation"
import { roles } from "stores/backend"
import { fly } from "svelte/transition"
@ -108,9 +108,9 @@
await usersFetch.refresh()
filteredUsers = $usersFetch.rows.map(user => {
const isBuilderOrAdmin = user.admin?.global || user.builder?.global
const isAdminOrBuilder = sdk.users.isAdminOrBuilder(user, prodAppId)
let role = undefined
if (isBuilderOrAdmin) {
if (isAdminOrBuilder) {
role = Constants.Roles.ADMIN
} else {
const appRole = Object.keys(user.roles).find(x => x === prodAppId)
@ -122,7 +122,7 @@
return {
...user,
role,
isBuilderOrAdmin,
isAdminOrBuilder,
}
})
}
@ -258,7 +258,7 @@
}
// Must exclude users who have explicit privileges
const userByEmail = filteredUsers.reduce((acc, user) => {
if (user.role || user.admin?.global || user.builder?.global) {
if (user.role || sdk.users.isAdminOrBuilder(user, prodAppId)) {
acc.push(user.email)
}
return acc
@ -389,9 +389,9 @@
}
const userTitle = user => {
if (user.admin?.global) {
if (sdk.users.isAdmin(user)) {
return "Admin"
} else if (user.builder?.global) {
} else if (sdk.users.isBuilder(user, prodAppId)) {
return "Developer"
} else {
return "App user"
@ -403,7 +403,7 @@
const role = $roles.find(role => role._id === user.role)
return `This user has been given ${role?.name} access from the ${user.group} group`
}
if (user.isBuilderOrAdmin) {
if (user.isAdminOrBuilder) {
return "This user's role grants admin access to all apps"
}
return null
@ -614,7 +614,7 @@
}}
autoWidth
align="right"
allowedRoles={user.isBuilderOrAdmin
allowedRoles={user.isAdminOrBuilder
? [Constants.Roles.ADMIN]
: null}
/>

36
packages/builder/src/pages/builder/app/[application]/settings/_layout.svelte
View file

@ -4,6 +4,8 @@
import { url, isActive } from "@roxi/routify"
import DeleteModal from "components/deploy/DeleteModal.svelte"
import { isOnlyUser } from "builderStore"
import { auth } from "stores/portal"
import { sdk } from "@budibase/shared-core"
let deleteModal
</script>
@ -44,22 +46,24 @@
url={$url("./version")}
active={$isActive("./version")}
/>
<div class="delete-action">
<AbsTooltip
position={TooltipPosition.Bottom}
text={$isOnlyUser
? null
: "Unavailable - another user is editing this app"}
>
<SideNavItem
text="Delete app"
disabled={!$isOnlyUser}
on:click={() => {
deleteModal.show()
}}
/>
</AbsTooltip>
</div>
{#if sdk.users.isGlobalBuilder($auth.user)}
<div class="delete-action">
<AbsTooltip
position={TooltipPosition.Bottom}
text={$isOnlyUser
? null
: "Unavailable - another user is editing this app"}
>
<SideNavItem
text="Delete app"
disabled={!$isOnlyUser}
on:click={() => {
deleteModal.show()
}}
/>
</AbsTooltip>
</div>
{/if}
</SideNav>
<slot />
</Content>

48
packages/builder/src/pages/builder/apps/index.svelte
View file

@ -22,7 +22,7 @@
import Spaceman from "assets/bb-space-man.svg"
import Logo from "assets/bb-emblem.svg"
import { UserAvatar } from "@budibase/frontend-core"
import { helpers } from "@budibase/shared-core"
import { helpers, sdk } from "@budibase/shared-core"
let loaded = false
let userInfoModal
@ -43,32 +43,30 @@
$: userGroups = $groups.filter(group =>
group.users.find(user => user._id === $auth.user?._id)
)
let userApps = []
$: publishedApps = $apps.filter(publishedAppsOnly)
$: userApps = getUserApps($auth.user)
$: {
if (!Object.keys($auth.user?.roles).length && $auth.user?.userGroups) {
userApps =
$auth.user?.builder?.global || $auth.user?.admin?.global
? publishedApps
: publishedApps.filter(app => {
return userGroups.find(group => {
return groups.actions
.getGroupAppIds(group)
.map(role => apps.extractAppId(role))
.includes(app.appId)
})
})
} else {
userApps =
$auth.user?.builder?.global || $auth.user?.admin?.global
? publishedApps
: publishedApps.filter(app =>
Object.keys($auth.user?.roles)
.map(x => apps.extractAppId(x))
.includes(app.appId)
)
function getUserApps(user) {
if (sdk.users.isAdmin(user)) {
return publishedApps
}
return publishedApps.filter(app => {
if (sdk.users.isBuilder(user, app.appId)) {
return true
}
if (!Object.keys(user?.roles).length && user?.userGroups) {
return userGroups.find(group => {
return groups.actions
.getGroupAppIds(group)
.map(role => apps.extractAppId(role))
.includes(app.appId)
})
} else {
return Object.keys($auth.user?.roles)
.map(x => apps.extractAppId(x))
.includes(app.appId)
}
})
}
function getUrl(app) {
@ -109,7 +107,7 @@
>
Update password
</MenuItem>
{#if $auth.isBuilder}
{#if sdk.users.hasBuilderPermissions($auth.user)}
<MenuItem
icon="UserDeveloper"
on:click={() => $goto("../portal")}

3
packages/builder/src/pages/builder/index.svelte
View file

@ -1,11 +1,12 @@
<script>
import { redirect } from "@roxi/routify"
import { auth } from "stores/portal"
import { sdk } from "@budibase/shared-core"
auth.checkQueryString()
$: {
if ($auth.user?.builder?.global) {
if (sdk.users.hasBuilderPermissions($auth.user)) {
$redirect(`./portal`)
} else if ($auth.user) {
$redirect(`./apps`)

3
packages/builder/src/pages/builder/portal/_components/UpgradeButton.svelte
View file

@ -3,6 +3,7 @@
import { goto } from "@roxi/routify"
import { auth, admin, licensing } from "stores/portal"
import { isEnabled, TENANT_FEATURE_FLAGS } from "helpers/featureFlags"
import { sdk } from "@budibase/shared-core"
</script>
{#if isEnabled(TENANT_FEATURE_FLAGS.LICENSING) && !$licensing.isEnterprisePlan}
@ -17,7 +18,7 @@
>
Upgrade
</Button>
{:else if !$admin.cloud && $auth.isAdmin}
{:else if !$admin.cloud && sdk.users.isAdmin($auth.user)}
<Button
cta
size="S"

7
packages/builder/src/pages/builder/portal/_layout.svelte
View file

@ -8,13 +8,14 @@
import Logo from "./_components/Logo.svelte"
import UserDropdown from "./_components/UserDropdown.svelte"
import HelpMenu from "components/common/HelpMenu.svelte"
import { sdk } from "@budibase/shared-core"
let loaded = false
let mobileMenuVisible = false
let activeTab = "Apps"
$: $url(), updateActiveTab($menu)
$: fullscreen = !$apps.length
$: isOnboarding = !$apps.length && sdk.users.isGlobalBuilder($auth.user)
const updateActiveTab = menu => {
for (let entry of menu) {
@ -33,7 +34,7 @@
onMount(async () => {
// Prevent non-builders from accessing the portal
if ($auth.user) {
if (!$auth.user?.builder?.global) {
if (!sdk.users.hasBuilderPermissions($auth.user)) {
$redirect("../")
} else {
try {
@ -49,7 +50,7 @@
</script>
{#if $auth.user && loaded}
{#if fullscreen}
{#if isOnboarding}
<slot />
{:else}
<HelpMenu />

3
packages/builder/src/pages/builder/portal/account/upgrade.svelte
View file

@ -19,6 +19,7 @@
import DeleteLicenseKeyModal from "../../../../components/portal/licensing/DeleteLicenseKeyModal.svelte"
import { API } from "api"
import { onMount } from "svelte"
import { sdk } from "@budibase/shared-core"
$: license = $auth.user.license
$: upgradeUrl = `${$admin.accountPortalUrl}/portal/upgrade`
@ -176,7 +177,7 @@
})
</script>
{#if $auth.isAdmin}
{#if sdk.users.isAdmin($auth.user)}
<DeleteLicenseKeyModal
bind:this={deleteLicenseKeyModal}
onConfirm={deleteLicenseKey}

4
packages/builder/src/pages/builder/portal/account/usage.svelte
View file

@ -14,6 +14,7 @@
import { Constants } from "@budibase/frontend-core"
import { DashCard, Usage } from "components/usage"
import { PlanModel } from "constants"
import { sdk } from "@budibase/shared-core"
let staticUsage = []
let monthlyUsage = []
@ -51,7 +52,8 @@
$: accountPortalAccess = $auth?.user?.accountPortalAccess
$: quotaReset = quotaUsage?.quotaReset
$: canManagePlan =
($admin.cloud && accountPortalAccess) || (!$admin.cloud && $auth.isAdmin)
($admin.cloud && accountPortalAccess) ||
(!$admin.cloud && sdk.users.isAdmin($auth.user))
$: showButton = !usesInvoicing && accountPortalAccess

14
packages/builder/src/pages/builder/portal/apps/_layout.svelte
View file

@ -1,11 +1,19 @@
<script>
import { notifications } from "@budibase/bbui"
import { admin, apps, templates, licensing, groups } from "stores/portal"
import {
admin,
apps,
templates,
licensing,
groups,
auth,
} from "stores/portal"
import { onMount } from "svelte"
import { redirect } from "@roxi/routify"
import { sdk } from "@budibase/shared-core"
// Don't block loading if we've already hydrated state
let loaded = $apps.length > 0
let loaded = $apps.length != null
onMount(async () => {
try {
@ -25,7 +33,7 @@
}
// Go to new app page if no apps exists
if (!$apps.length) {
if (!$apps.length && sdk.users.isGlobalBuilder($auth.user)) {
$redirect("./onboarding")
}
} catch (error) {

148
packages/builder/src/pages/builder/portal/apps/index.svelte
View file

@ -15,6 +15,7 @@
import CreateAppModal from "components/start/CreateAppModal.svelte"
import AppLimitModal from "components/portal/licensing/AppLimitModal.svelte"
import AccountLockedModal from "components/portal/licensing/AccountLockedModal.svelte"
import { sdk } from "@budibase/shared-core"
import { store, automationStore } from "builderStore"
import { API } from "api"
@ -203,40 +204,40 @@
})
</script>
{#if $apps.length}
<Page>
<Layout noPadding gap="L">
{#each Object.keys(automationErrors || {}) as appId}
<Notification
wide
dismissable
action={() => goToAutomationError(appId)}
type="error"
icon="Alert"
actionMessage={errorCount(automationErrors[appId]) > 1
? "View errors"
: "View error"}
on:dismiss={async () => {
await automationStore.actions.clearLogErrors({ appId })
await apps.load()
}}
message={automationErrorMessage(appId)}
/>
{/each}
<div class="title">
<div class="welcome">
<Layout noPadding gap="XS">
<Heading size="L">{welcomeHeader}</Heading>
<Body size="M">
Manage your apps and get a head start with templates
</Body>
</Layout>
</div>
<Page>
<Layout noPadding gap="L">
{#each Object.keys(automationErrors || {}) as appId}
<Notification
wide
dismissable
action={() => goToAutomationError(appId)}
type="error"
icon="Alert"
actionMessage={errorCount(automationErrors[appId]) > 1
? "View errors"
: "View error"}
on:dismiss={async () => {
await automationStore.actions.clearLogErrors({ appId })
await apps.load()
}}
message={automationErrorMessage(appId)}
/>
{/each}
<div class="title">
<div class="welcome">
<Layout noPadding gap="XS">
<Heading size="L">{welcomeHeader}</Heading>
<Body size="M">
Below you'll find the list of apps that you have access to
</Body>
</Layout>
</div>
</div>
{#if enrichedApps.length}
<Layout noPadding gap="L">
<div class="title">
{#if enrichedApps.length}
<Layout noPadding gap="L">
<div class="title">
{#if $auth.user && sdk.users.isGlobalBuilder($auth.user)}
<div class="buttons">
<Button
size="M"
@ -266,41 +267,46 @@
</Button>
{/if}
</div>
{#if enrichedApps.length > 1}
<div class="app-actions">
<Select
autoWidth
bind:value={sortBy}
placeholder={null}
options={[
{ label: "Sort by name", value: "name" },
{ label: "Sort by recently updated", value: "updated" },
{ label: "Sort by status", value: "status" },
]}
/>
<Search placeholder="Search" bind:value={searchTerm} />
</div>
{/if}
</div>
<div class="app-table">
{#each filteredApps as app (app.appId)}
<AppRow {app} lockedAction={usersLimitLockAction} />
{/each}
</div>
</Layout>
{/if}
{#if creatingFromTemplate}
<div class="empty-wrapper">
<img class="img-logo img-size" alt="logo" src={Logo} />
<p>Creating your Budibase app from your selected template...</p>
<Spinner size="10" />
{/if}
{#if enrichedApps.length > 1}
<div class="app-actions">
<Select
autoWidth
bind:value={sortBy}
placeholder={null}
options={[
{ label: "Sort by name", value: "name" },
{ label: "Sort by recently updated", value: "updated" },
{ label: "Sort by status", value: "status" },
]}
/>
<Search placeholder="Search" bind:value={searchTerm} />
</div>
{/if}
</div>
{/if}
</Layout>
</Page>
{/if}
<div class="app-table">
{#each filteredApps as app (app.appId)}
<AppRow {app} lockedAction={usersLimitLockAction} />
{/each}
</div>
</Layout>
{:else}
<div class="no-apps">
<img class="spaceman" alt="spaceman" src={Logo} width="100px" />
<Body weight="700">You haven't been given access to any apps yet</Body>
</div>
{/if}
{#if creatingFromTemplate}
<div class="empty-wrapper">
<img class="img-logo img-size" alt="logo" src={Logo} />
<p>Creating your Budibase app from your selected template...</p>
<Spinner size="10" />
</div>
{/if}
</Layout>
</Page>
<Modal
bind:this={creationModal}
@ -368,6 +374,16 @@
height: 160px;
}
.no-apps {
background-color: var(--spectrum-global-color-gray-100);
padding: calc(var(--spacing-xl) * 2);
display: flex;
justify-content: center;
align-items: center;
flex-direction: column;
gap: var(--spacing-xl);
}
@media (max-width: 1000px) {
.img-logo {
display: none;

5
packages/builder/src/pages/builder/portal/settings/branding.svelte
View file

@ -18,6 +18,7 @@
import { API } from "api"
import { onMount } from "svelte"
import { goto } from "@roxi/routify"
import { sdk } from "@budibase/shared-core"
const imageExtensions = [
".png",
@ -206,7 +207,7 @@
})
</script>
{#if $auth.isAdmin && mounted}
{#if sdk.users.isAdmin($auth.user) && mounted}
<Layout noPadding>
<Layout gap="XS" noPadding>
<div class="title">
@ -400,7 +401,7 @@
on:click={() => {
if (isCloud && $auth?.user?.accountPortalAccess) {
window.open($admin.accountPortalUrl + "/portal/upgrade", "_blank")
} else if ($auth.isAdmin) {
} else if (sdk.users.isAdmin($auth.user)) {
$goto("/builder/portal/account/upgrade")
}
}}

3
packages/builder/src/pages/builder/portal/settings/diagnostics.svelte
View file

@ -13,6 +13,7 @@
import { redirect } from "@roxi/routify"
import { API } from "api"
import { onMount } from "svelte"
import { sdk } from "@budibase/shared-core"
let diagnosticInfo = ""
@ -46,7 +47,7 @@
})
</script>
{#if $auth.isAdmin && diagnosticInfo}
{#if sdk.users.isAdmin($auth.user) && diagnosticInfo}
<Layout noPadding>
<Layout gap="XS">
<Heading size="M">Diagnostics</Heading>

5
packages/builder/src/pages/builder/portal/settings/organisation.svelte
View file

@ -13,10 +13,11 @@
import { auth, organisation, admin } from "stores/portal"
import { writable } from "svelte/store"
import { redirect } from "@roxi/routify"
import { sdk } from "@budibase/shared-core"
// Only admins allowed here
$: {
if (!$auth.isAdmin) {
if (!sdk.users.isAdmin($auth.user)) {
$redirect("../../portal")
}
}
@ -50,7 +51,7 @@
}
</script>
{#if $auth.isAdmin}
{#if sdk.users.isAdmin($auth.user)}
<Layout noPadding>
<Layout gap="XS" noPadding>
<Heading size="M">Organisation</Heading>

5
packages/builder/src/pages/builder/portal/settings/version.svelte
View file

@ -14,6 +14,7 @@
import { API } from "api"
import { auth, admin } from "stores/portal"
import { redirect } from "@roxi/routify"
import { sdk } from "@budibase/shared-core"
let version
let loaded = false
@ -25,7 +26,7 @@
// Only admins allowed here
$: {
if (!$auth.isAdmin || $admin.cloud) {
if (!sdk.users.isAdmin($auth.user) || $admin.cloud) {
$redirect("../../portal")
}
}
@ -89,7 +90,7 @@
})
</script>
{#if $auth.isAdmin}
{#if sdk.users.isAdmin($auth.user)}
<Layout noPadding>
<Layout gap="XS" noPadding>
<Heading size="M">Version</Heading>

3
packages/builder/src/pages/builder/portal/users/groups/[groupId].svelte
View file

@ -20,6 +20,7 @@
import CreateEditGroupModal from "./_components/CreateEditGroupModal.svelte"
import GroupIcon from "./_components/GroupIcon.svelte"
import GroupUsers from "./_components/GroupUsers.svelte"
import { sdk } from "@budibase/shared-core"
export let groupId
@ -46,7 +47,7 @@
let editModal, deleteModal
$: scimEnabled = $features.isScimEnabled
$: readonly = !$auth.isAdmin || scimEnabled
$: readonly = !sdk.users.isAdmin($auth.user) || scimEnabled
$: group = $groups.find(x => x._id === groupId)
$: groupApps = $apps
.filter(app =>

3
packages/builder/src/pages/builder/portal/users/groups/_components/EditUserPicker.svelte
View file

@ -3,6 +3,7 @@
import UserGroupPicker from "components/settings/UserGroupPicker.svelte"
import { createPaginationStore } from "helpers/pagination"
import { auth, groups, users } from "stores/portal"
import { sdk } from "@budibase/shared-core"
export let groupId
export let onUsersUpdated
@ -13,7 +14,7 @@
let prevSearch = undefined
let pageInfo = createPaginationStore()
$: readonly = !$auth.isAdmin
$: readonly = !sdk.users.isAdmin($auth.user)
$: page = $pageInfo.page
$: searchUsers(page, searchTerm)
$: group = $groups.find(x => x._id === groupId)

3
packages/builder/src/pages/builder/portal/users/groups/_components/GroupUsers.svelte
View file

@ -9,6 +9,7 @@
import { setContext } from "svelte"
import ScimBanner from "../../_components/SCIMBanner.svelte"
import RemoveUserTableRenderer from "../_components/RemoveUserTableRenderer.svelte"
import { sdk } from "@budibase/shared-core"
export let groupId
@ -49,7 +50,7 @@
]
$: scimEnabled = $features.isScimEnabled
$: readonly = !$auth.isAdmin || scimEnabled
$: readonly = !sdk.users.isAdmin($auth.user) || scimEnabled
const removeUser = async id => {
await groups.actions.removeUser(groupId, id)

7
packages/builder/src/pages/builder/portal/users/groups/_components/RemoveUserTableRenderer.svelte
View file

@ -2,6 +2,7 @@
import { ActionButton } from "@budibase/bbui"
import { getContext } from "svelte"
import { auth } from "stores/portal"
import { sdk } from "@budibase/shared-core"
export let value
@ -13,6 +14,10 @@
}
</script>
<ActionButton disabled={!$auth.isAdmin} size="S" on:click={onClick}>
<ActionButton
disabled={!sdk.users.isAdmin($auth.user)}
size="S"
on:click={onClick}
>
Remove
</ActionButton>

3
packages/builder/src/pages/builder/portal/users/groups/index.svelte
View file

@ -22,6 +22,7 @@
import GroupNameTableRenderer from "./_components/GroupNameTableRenderer.svelte"
import { goto } from "@roxi/routify"
import ScimBanner from "../_components/SCIMBanner.svelte"
import { sdk } from "@budibase/shared-core"
const DefaultGroup = {
name: "",
@ -40,7 +41,7 @@
{ column: "roles", component: GroupAppsTableRenderer },
]
$: readonly = !$auth.isAdmin
$: readonly = !sdk.users.isAdmin($auth.user)
$: schema = {
name: { displayName: "Group", width: "2fr", minWidth: "200px" },
users: { sortable: false, width: "1fr" },

11
packages/builder/src/pages/builder/portal/users/users/[userId].svelte
View file

@ -31,6 +31,7 @@
import AppNameTableRenderer from "./_components/AppNameTableRenderer.svelte"
import AppRoleTableRenderer from "./_components/AppRoleTableRenderer.svelte"
import ScimBanner from "../_components/SCIMBanner.svelte"
import { sdk } from "@budibase/shared-core"
export let userId
@ -87,8 +88,8 @@
$: scimEnabled = $features.isScimEnabled
$: isSSO = !!user?.provider
$: readonly = !$auth.isAdmin || scimEnabled
$: privileged = user?.admin?.global || user?.builder?.global
$: readonly = !sdk.users.isAdmin($auth.user) || scimEnabled
$: privileged = sdk.users.isAdminOrBuilder(user)
$: nameLabel = getNameLabel(user)
$: filteredGroups = getFilteredGroups($groups, searchTerm)
$: availableApps = getAvailableApps($apps, privileged, user?.roles)
@ -97,9 +98,9 @@
return y._id === userId
})
})
$: globalRole = user?.admin?.global
$: globalRole = sdk.users.isAdmin(user)
? "admin"
: user?.builder?.global
: sdk.users.isBuilder(user)
? "developer"
: "appUser"
@ -285,7 +286,7 @@
<div class="field">
<Label size="L">Role</Label>
<Select
disabled={!$auth.isAdmin}
disabled={!sdk.users.isAdmin($auth.user)}
value={globalRole}
options={Constants.BudibaseRoleOptions}
on:change={updateUserRole}

3
packages/builder/src/pages/builder/portal/users/users/_components/AppsTableRenderer.svelte
View file

@ -1,11 +1,12 @@
<script>
import { Icon } from "@budibase/bbui"
import { apps } from "stores/portal"
import { sdk } from "@budibase/shared-core"
export let value
export let row
$: priviliged = row?.admin?.global || row?.builder?.global
$: priviliged = sdk.users.isAdminOrBuilder(row)
$: count = priviliged ? $apps.length : value?.length || 0
</script>

7
packages/builder/src/pages/builder/portal/users/users/_components/RemoveGroupTableRenderer.svelte
View file

@ -2,6 +2,7 @@
import { ActionButton } from "@budibase/bbui"
import { getContext } from "svelte"
import { auth } from "stores/portal"
import { sdk } from "@budibase/shared-core"
export let value
@ -13,6 +14,10 @@
}
</script>
<ActionButton disabled={!$auth.isAdmin} size="S" on:click={onClick}>
<ActionButton
disabled={!sdk.users.isAdmin($auth.user)}
size="S"
on:click={onClick}
>
Remove
</ActionButton>

3
packages/builder/src/pages/builder/portal/users/users/_components/UpdateRolesModal.svelte
View file

@ -2,6 +2,7 @@
import { createEventDispatcher } from "svelte"
import { Body, Select, ModalContent, notifications } from "@budibase/bbui"
import { users } from "stores/portal"
import { sdk } from "@budibase/shared-core"
export let app
export let user
@ -15,7 +16,7 @@
.filter(role => role._id !== "PUBLIC")
.map(role => ({ value: role._id, label: role.name }))
if (!user?.builder?.global) {
if (!sdk.users.isBuilder(user, app?.appId)) {
options.push({ value: NO_ACCESS, label: "No Access" })
}
let selectedRole = user?.roles?.[app?._id]

3
packages/builder/src/pages/builder/portal/users/users/index.svelte
View file

@ -39,6 +39,7 @@
import { API } from "api"
import { OnboardingType } from "../../../../../constants"
import ScimBanner from "../_components/SCIMBanner.svelte"
import { sdk } from "@budibase/shared-core"
const fetch = fetchData({
API,
@ -66,7 +67,7 @@
let userData = []
$: isOwner = $auth.accountPortalAccess && $admin.cloud
$: readonly = !$auth.isAdmin || $features.isScimEnabled
$: readonly = !sdk.users.isAdmin($auth.user) || $features.isScimEnabled
$: debouncedUpdateFetch(searchEmail)
$: schema = {

14
packages/builder/src/stores/portal/auth.js
View file

@ -2,6 +2,7 @@ import { derived, writable, get } from "svelte/store"
import { API } from "api"
import { admin } from "stores/portal"
import analytics from "analytics"
import { sdk } from "@budibase/shared-core"
export function createAuthStore() {
const auth = writable({
@ -13,13 +14,6 @@ export function createAuthStore() {
postLogout: false,
})
const store = derived(auth, $store => {
let isAdmin = false
let isBuilder = false
if ($store.user) {
const user = $store.user
isAdmin = !!user.admin?.global
isBuilder = !!user.builder?.global
}
return {
user: $store.user,
accountPortalAccess: $store.accountPortalAccess,
@ -27,8 +21,6 @@ export function createAuthStore() {
tenantSet: $store.tenantSet,
loaded: $store.loaded,
postLogout: $store.postLogout,
isAdmin,
isBuilder,
isSSO: !!$store.user?.provider,
}
})
@ -57,8 +49,8 @@ export function createAuthStore() {
name: user.account?.name,
user_id: user._id,
tenant: user.tenantId,
admin: user?.admin?.global,
builder: user?.builder?.global,
admin: sdk.users.isAdmin(user),
builder: sdk.users.isBuilder(user),
"Company size": user.account?.size,
"Job role": user.account?.profession,
},

37
packages/builder/src/stores/portal/menu.js
View file

@ -2,8 +2,12 @@ import { derived } from "svelte/store"
import { isEnabled, TENANT_FEATURE_FLAGS } from "helpers/featureFlags"
import { admin } from "./admin"
import { auth } from "./auth"
import { sdk } from "@budibase/shared-core"
export const menu = derived([admin, auth], ([$admin, $auth]) => {
const user = $auth?.user
const isAdmin = sdk.users.isAdmin(user)
const cloud = $admin?.cloud
// Determine user sub pages
let userSubPages = [
{
@ -24,19 +28,21 @@ export const menu = derived([admin, auth], ([$admin, $auth]) => {
title: "Apps",
href: "/builder/portal/apps",
},
{
]
if (sdk.users.isGlobalBuilder(user)) {
menu.push({
title: "Users",
href: "/builder/portal/users",
subPages: userSubPages,
},
{
})
menu.push({
title: "Plugins",
href: "/builder/portal/plugins",
},
]
})
}
// Add settings page for admins
if ($auth.isAdmin) {
if (isAdmin) {
let settingsSubPages = [
{
title: "Auth",
@ -59,7 +65,7 @@ export const menu = derived([admin, auth], ([$admin, $auth]) => {
href: "/builder/portal/settings/environment",
},
]
if (!$admin.cloud) {
if (!cloud) {
settingsSubPages.push({
title: "Version",
href: "/builder/portal/settings/version",
@ -84,38 +90,35 @@ export const menu = derived([admin, auth], ([$admin, $auth]) => {
href: "/builder/portal/account/usage",
},
]
if ($auth.isAdmin) {
if (isAdmin) {
accountSubPages.push({
title: "Audit Logs",
href: "/builder/portal/account/auditLogs",
})
if (!$admin.cloud) {
if (!cloud) {
accountSubPages.push({
title: "System Logs",
href: "/builder/portal/account/systemLogs",
})
}
}
if ($admin.cloud && $auth?.user?.accountPortalAccess) {
if (cloud && user?.accountPortalAccess) {
accountSubPages.push({
title: "Upgrade",
href: $admin.accountPortalUrl + "/portal/upgrade",
href: $admin?.accountPortalUrl + "/portal/upgrade",
})
} else if (!$admin.cloud && $auth.isAdmin) {
} else if (!cloud && isAdmin) {
accountSubPages.push({
title: "Upgrade",
href: "/builder/portal/account/upgrade",
})
}
// add license check here
if (
$auth?.user?.accountPortalAccess &&
$auth.user.account.stripeCustomerId
) {
if (user?.accountPortalAccess && user.account.stripeCustomerId) {
accountSubPages.push({
title: "Billing",
href: $admin.accountPortalUrl + "/portal/billing",
href: $admin?.accountPortalUrl + "/portal/billing",
})
}
menu.push({

9
packages/builder/src/stores/portal/users.js
View file

@ -2,6 +2,7 @@ import { writable } from "svelte/store"
import { API } from "api"
import { update } from "lodash"
import { licensing } from "."
import { sdk } from "@budibase/shared-core"
export function createUsersStore() {
const { subscribe, set } = writable({})
@ -111,8 +112,12 @@ export function createUsersStore() {
return await API.saveUser(user)
}
const getUserRole = ({ admin, builder }) =>
admin?.global ? "admin" : builder?.global ? "developer" : "appUser"
const getUserRole = user =>
sdk.users.isAdmin(user)
? "admin"
: sdk.users.isBuilder(user)
? "developer"
: "appUser"
const refreshUsage =
fn =>

6
packages/cli/package.json
View file

@ -14,6 +14,7 @@
"tsc": "tsc -p tsconfig.build.json",
"pkg": "pkg . --out-path build --no-bytecode --public --public-packages \"*\" -C GZip",
"build": "yarn prebuild && yarn rename && yarn tsc && yarn pkg && yarn postbuild",
"check:types": "tsc -p tsconfig.json --noEmit --paths null",
"postbuild": "rm -rf prebuilds 2> /dev/null"
},
"pkg": {
@ -45,7 +46,7 @@
"lookpath": "1.1.0",
"node-fetch": "2.6.7",
"pkg": "5.8.0",
"posthog-node": "1.0.7",
"posthog-node": "1.3.0",
"pouchdb": "7.3.0",
"pouchdb-replication-stream": "1.2.9",
"randomstring": "1.1.5",
@ -70,7 +71,8 @@
"dependsOn": [
{
"projects": [
"@budibase/backend-core"
"@budibase/backend-core",
"@budibase/string-templates"
],
"target": "build"
}

1
packages/cli/tsconfig.json
View file

@ -16,7 +16,6 @@
"require": ["tsconfig-paths/register"],
"swc": true
},
"references": [{ "path": "../types" }, { "path": "../backend-core" }],
"include": ["src/**/*", "package.json"],
"exclude": ["node_modules", "dist"]
}

18
packages/client/package.json
View file

@ -70,14 +70,26 @@
"dependsOn": [
{
"projects": [
"@budibase/shared-core",
"@budibase/string-templates",
"@budibase/shared-core"
"@budibase/types"
],
"target": "build"
}
]
},
"dev:builder": {
"dependsOn": [
{
"projects": [
"@budibase/shared-core",
"@budibase/string-templates",
"@budibase/types"
],
"target": "build"
}
]
}
}
},
"gitHead": "d1836a898cab3f8ab80ee6d8f42be1a9eed7dcdc"
}
}

4
packages/client/rollup.config.js
View file

@ -25,11 +25,11 @@ const devPaths = production
: [
{
find: "@budibase/shared-core",
replacement: path.resolve("../shared-core/dist/mjs/src/index"),
replacement: path.resolve("../shared-core/dist/index"),
},
{
find: "@budibase/types",
replacement: path.resolve("../types/dist/mjs/index"),
replacement: path.resolve("../types/dist/index"),
},
]

28
packages/client/src/components/BlockComponent.svelte
View file

@ -26,9 +26,9 @@
$: parentId = $component?.id
$: inBuilder = $builderStore.inBuilder
$: instance = {
_component: `@budibase/standard-components/${type}`,
_component: getComponent(type),
_id: id,
_instanceName: name || type[0].toUpperCase() + type.slice(1),
_instanceName: getInstanceName(name, type),
_styles: {
...styles,
normal: styles?.normal || {},
@ -45,6 +45,30 @@
}
}
const getComponent = type => {
if (!type) {
return null
}
if (type.startsWith("plugin/")) {
return type
} else {
return `@budibase/standard-components/${type}`
}
}
const getInstanceName = (name, type) => {
if (name) {
return name
}
if (!type) {
return "New component"
}
if (type.startsWith("plugin/")) {
type = type.split("plugin/")[1]
}
return type[0].toUpperCase() + type.slice(1)
}
onDestroy(() => {
if (inBuilder) {
block.unregisterComponent(id, parentId)

4
packages/client/src/sdk.js
View file

@ -18,6 +18,8 @@ import { styleable } from "utils/styleable"
import { linkable } from "utils/linkable"
import { getAction } from "utils/getAction"
import Provider from "components/context/Provider.svelte"
import Block from "components/Block.svelte"
import BlockComponent from "components/BlockComponent.svelte"
import { ActionTypes } from "./constants"
import { fetchDatasourceSchema } from "./utils/schema.js"
import { getAPIKey } from "./utils/api.js"
@ -44,4 +46,6 @@ export default {
Provider,
ActionTypes,
getAPIKey,
Block,
BlockComponent,
}

2
packages/pro

@ -1 +1 @@
Subproject commit 63fa1b15f6e2afa8a264d597157fd798c9ce031c
Subproject commit cf3bef2aad9c739111b306fd0712397adc363f81

15
packages/server/nodemon.json
View file

@ -1,10 +1,13 @@
{
"watch": ["src", "../backend-core", "../pro"],
"ext": "js,ts,json",
"ignore": [
"src/**/*.spec.ts",
"src/**/*.spec.js",
"../backend-core/dist/**/*"
"watch": [
"src",
"../backend-core",
"../pro",
"../types",
"../shared-core",
"../string-templates"
],
"ext": "js,ts,json",
"ignore": ["src/**/*.spec.ts", "src/**/*.spec.js", "../*/dist/**/*"],
"exec": "yarn build && node ./dist/index.js"
}

30
packages/server/package.json
View file

@ -11,7 +11,7 @@
"scripts": {
"prebuild": "rimraf dist/",
"build": "node ./scripts/build.js",
"check:types": "tsc -p tsconfig.build.json --noEmit",
"check:types": "tsc -p tsconfig.json --noEmit --paths null",
"postbuild": "copyfiles -f ../client/dist/budibase-client.js ../client/manifest.json client",
"build:dev": "yarn prebuild && tsc --build --watch --preserveWatchOutput",
"debug": "yarn build && node --expose-gc --inspect=9222 dist/index.js",
@ -179,31 +179,5 @@
},
"optionalDependencies": {
"oracledb": "5.3.0"
},
"nx": {
"targets": {
"dev:builder": {
"dependsOn": [
{
"projects": [
"@budibase/backend-core"
],
"target": "build"
}
]
},
"test": {
"dependsOn": [
{
"projects": [
"@budibase/string-templates",
"@budibase/shared-core"
],
"target": "build"
}
]
}
}
},
"gitHead": "d1836a898cab3f8ab80ee6d8f42be1a9eed7dcdc"
}
}

6
packages/server/scripts/integrations/postgres/init.sql
View file

@ -1,6 +1,6 @@
SELECT 'CREATE DATABASE main'
WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = 'main')\gexec
CREATE SCHEMA test;
CREATE SCHEMA "test-1";
CREATE TYPE person_job AS ENUM ('qa', 'programmer', 'designer');
CREATE TABLE Persons (
PersonID SERIAL PRIMARY KEY,
@ -39,7 +39,7 @@ CREATE TABLE Products_Tasks (
REFERENCES Tasks(TaskID),
PRIMARY KEY (ProductID, TaskID)
);
CREATE TABLE test.table1 (
CREATE TABLE "test-1".table1 (
id SERIAL PRIMARY KEY,
Name varchar(255)
);
@ -60,7 +60,7 @@ INSERT INTO Products_Tasks (ProductID, TaskID) VALUES (1, 1);
INSERT INTO Products_Tasks (ProductID, TaskID) VALUES (2, 1);
INSERT INTO Products_Tasks (ProductID, TaskID) VALUES (3, 1);
INSERT INTO Products_Tasks (ProductID, TaskID) VALUES (1, 2);
INSERT INTO test.table1 (Name) VALUES ('Test');
INSERT INTO "test-1".table1 (Name) VALUES ('Test');
INSERT INTO CompositeTable (KeyPartOne, KeyPartTwo, Name) VALUES ('aaa', 'bbb', 'Michael');
INSERT INTO CompositeTable (KeyPartOne, KeyPartTwo, Name) VALUES ('bbb', 'ccc', 'Andrew');
INSERT INTO CompositeTable (KeyPartOne, KeyPartTwo, Name) VALUES ('ddd', '', 'OneKey');

4
packages/server/scripts/test.sh
View file

@ -5,8 +5,8 @@ if [[ -n $CI ]]
then
# --runInBand performs better in ci where resources are limited
export NODE_OPTIONS="--max-old-space-size=4096"
echo "jest --coverage --runInBand --forceExit"
jest --coverage --runInBand --forceExit
echo "jest --coverage --runInBand --forceExit --bail"
jest --coverage --runInBand --forceExit --bail
else
# --maxWorkers performs better in development
echo "jest --coverage --maxWorkers=2 --forceExit"

36
packages/server/src/api/controllers/application.ts
View file

@ -30,6 +30,7 @@ import {
objectStore,
roles,
tenancy,
users,
} from "@budibase/backend-core"
import { USERS_TABLE_SCHEMA } from "../../constants"
import {
@ -49,8 +50,8 @@ import {
MigrationType,
PlanType,
Screen,
SocketSession,
UserCtx,
ContextUser,
} from "@budibase/types"
import { BASE_LAYOUT_PROP_IDS } from "../../constants/layouts"
import sdk from "../../sdk"
@ -177,32 +178,10 @@ export const addSampleData = async (ctx: UserCtx) => {
}
export async function fetch(ctx: UserCtx) {
const dev = ctx.query && ctx.query.status === AppStatus.DEV
const all = ctx.query && ctx.query.status === AppStatus.ALL
const apps = (await dbCore.getAllApps({ dev, all })) as App[]
const appIds = apps
.filter((app: any) => app.status === "development")
.map((app: any) => app.appId)
// get the locks for all the dev apps
if (dev || all) {
const locks = await getLocksById(appIds)
for (let app of apps) {
const lock = locks[app.appId]
if (lock) {
app.lockedBy = lock
} else {
// make sure its definitely not present
delete app.lockedBy
}
}
}
// Enrich apps with all builder user sessions
const enrichedApps = await sdk.users.sessions.enrichApps(apps)
ctx.body = await checkAppMetadata(enrichedApps)
ctx.body = await sdk.applications.fetch(
ctx.query.status as AppStatus,
ctx.user
)
}
export async function fetchAppDefinition(ctx: UserCtx) {
@ -222,6 +201,7 @@ export async function fetchAppDefinition(ctx: UserCtx) {
export async function fetchAppPackage(ctx: UserCtx) {
const db = context.getAppDB()
const appId = context.getAppId()
let application = await db.get<any>(DocumentType.APP_METADATA)
const layouts = await getLayouts()
let screens = await getScreens()
@ -233,7 +213,7 @@ export async function fetchAppPackage(ctx: UserCtx) {
)
// Only filter screens if the user is not a builder
if (!(ctx.user.builder && ctx.user.builder.global)) {
if (!users.isBuilder(ctx.user, appId)) {
const userRoleId = getUserRoleId(ctx)
const accessController = new roles.AccessController()
screens = await accessController.checkScreensAccess(screens, userRoleId)

14
packages/server/src/api/controllers/view/viewsV2.ts
View file

@ -49,12 +49,18 @@ async function parseSchemaUI(ctx: Ctx, view: CreateViewRequest) {
const schemaUI =
view.schema &&
Object.entries(view.schema).reduce((p, [fieldName, schemaValue]) => {
p[fieldName] = {
const fieldSchema: RequiredKeys<UIFieldMetadata> = {
order: schemaValue.order,
width: schemaValue.width,
visible: schemaValue.visible,
icon: schemaValue.icon,
}
Object.entries(fieldSchema)
.filter(([_, val]) => val === undefined)
.forEach(([key]) => {
delete fieldSchema[key as keyof UIFieldMetadata]
})
p[fieldName] = fieldSchema
return p
}, {} as Record<string, RequiredKeys<UIFieldMetadata>>)
return schemaUI
@ -66,13 +72,14 @@ export async function create(ctx: Ctx<CreateViewRequest, ViewResponse>) {
const schemaUI = await parseSchemaUI(ctx, view)
const parsedView: Omit<ViewV2, "id" | "version"> = {
const parsedView: Omit<RequiredKeys<ViewV2>, "id" | "version"> = {
name: view.name,
tableId: view.tableId,
query: view.query,
sort: view.sort,
columns: view.schema && Object.keys(view.schema),
schemaUI,
primaryDisplay: view.primaryDisplay,
}
const result = await sdk.views.create(tableId, parsedView)
ctx.status = 201
@ -95,7 +102,7 @@ export async function update(ctx: Ctx<UpdateViewRequest, ViewResponse>) {
const { tableId } = view
const schemaUI = await parseSchemaUI(ctx, view)
const parsedView: ViewV2 = {
const parsedView: RequiredKeys<ViewV2> = {
id: view.id,
name: view.name,
version: view.version,
@ -104,6 +111,7 @@ export async function update(ctx: Ctx<UpdateViewRequest, ViewResponse>) {
sort: view.sort,
columns: view.schema && Object.keys(view.schema),
schemaUI,
primaryDisplay: view.primaryDisplay,
}
const result = await sdk.views.update(tableId, parsedView)

4
packages/server/src/api/routes/application.ts
View file

@ -15,7 +15,7 @@ router
)
.post(
"/api/applications",
authorized(permissions.BUILDER),
authorized(permissions.GLOBAL_BUILDER),
applicationValidator(),
controller.create
)
@ -55,7 +55,7 @@ router
)
.delete(
"/api/applications/:appId",
authorized(permissions.BUILDER),
authorized(permissions.GLOBAL_BUILDER),
controller.destroy
)

12
packages/server/src/api/routes/plugin.ts
View file

@ -8,14 +8,18 @@ const router: Router = new Router()
router
.post(
"/api/plugin/upload",
authorized(permissions.BUILDER),
authorized(permissions.GLOBAL_BUILDER),
controller.upload
)
.post("/api/plugin", authorized(permissions.BUILDER), controller.create)
.get("/api/plugin", authorized(permissions.BUILDER), controller.fetch)
.post(
"/api/plugin",
authorized(permissions.GLOBAL_BUILDER),
controller.create
)
.get("/api/plugin", authorized(permissions.GLOBAL_BUILDER), controller.fetch)
.delete(
"/api/plugin/:pluginId",
authorized(permissions.BUILDER),
authorized(permissions.GLOBAL_BUILDER),
controller.destroy
)

6
packages/server/src/api/routes/public/index.ts
View file

@ -7,14 +7,14 @@ import userEndpoints from "./users"
import authorized from "../../../middleware/authorized"
import publicApi from "../../../middleware/publicApi"
import { paramResource, paramSubResource } from "../../../middleware/resourceId"
import { PermissionType, PermissionLevel } from "@budibase/types"
import { CtxFn } from "./utils/Endpoint"
import mapperMiddleware from "./middleware/mapper"
import env from "../../../environment"
// below imports don't have declaration files
const Router = require("@koa/router")
const { RateLimit, Stores } = require("koa2-ratelimit")
import { middleware, redis, permissions } from "@budibase/backend-core"
const { PermissionType, PermissionLevel } = permissions
import { middleware, redis } from "@budibase/backend-core"
const PREFIX = "/api/public/v1"
// allow a lot more requests when in test
@ -111,7 +111,7 @@ function applyAdminRoutes(endpoints: any) {
function applyRoutes(
endpoints: any,
permType: string,
permType: PermissionType,
resource: string,
subResource?: string
) {

5
packages/server/src/api/routes/tests/utilities/TestFunctions.ts
View file

@ -36,7 +36,10 @@ export const clearAllApps = async (
exceptions: Array<string> = []
) => {
await tenancy.doInTenant(tenantId, async () => {
const req: any = { query: { status: AppStatus.DEV }, user: { tenantId } }
const req: any = {
query: { status: AppStatus.DEV },
user: { tenantId, builder: { global: true } },
}
await appController.fetch(req)
const apps = req.body
if (!apps || apps.length <= 0) {

79
packages/server/src/api/routes/tests/viewV2.spec.ts
View file

@ -6,6 +6,7 @@ import {
SortOrder,
SortType,
Table,
UpdateViewRequest,
ViewV2,
} from "@budibase/types"
import { generator } from "@budibase/backend-core/tests"
@ -34,20 +35,6 @@ function priceTable(): Table {
describe("/v2/views", () => {
const config = setup.getConfig()
const viewFilters: Omit<CreateViewRequest, "name" | "tableId"> = {
query: { allOr: false, equal: { field: "value" } },
sort: {
field: "fieldToSort",
order: SortOrder.DESCENDING,
type: SortType.STRING,
},
schema: {
name: {
visible: true,
},
},
}
afterAll(setup.afterAll)
beforeAll(async () => {
@ -70,20 +57,30 @@ describe("/v2/views", () => {
})
})
it("can persist views with queries", async () => {
const newView: CreateViewRequest = {
it("can persist views with all fields", async () => {
const newView: Required<CreateViewRequest> = {
name: generator.name(),
tableId: config.table!._id!,
query: viewFilters.query,
sort: viewFilters.sort,
primaryDisplay: generator.word(),
query: { allOr: false, equal: { field: "value" } },
sort: {
field: "fieldToSort",
order: SortOrder.DESCENDING,
type: SortType.STRING,
},
schema: {
name: {
visible: true,
},
},
}
delete newView.schema
const res = await config.api.viewV2.create(newView)
expect(res).toEqual({
...newView,
query: viewFilters.query,
sort: viewFilters.sort,
schema: undefined,
columns: ["name"],
schemaUI: newView.schema,
id: expect.any(String),
version: 2,
})
@ -210,6 +207,46 @@ describe("/v2/views", () => {
})
})
it("can update all fields", async () => {
const tableId = config.table!._id!
const updatedData: Required<UpdateViewRequest> = {
version: view.version,
id: view.id,
tableId,
name: view.name,
primaryDisplay: generator.word(),
query: { equal: { [generator.word()]: generator.word() } },
sort: {
field: generator.word(),
order: SortOrder.DESCENDING,
type: SortType.STRING,
},
schema: {
Category: {
visible: false,
},
},
}
await config.api.viewV2.update(updatedData)
expect(await config.api.table.get(tableId)).toEqual({
...config.table,
views: {
[view.name]: {
...updatedData,
schema: {
Category: expect.objectContaining({
visible: false,
}),
},
},
},
_rev: expect.any(String),
updatedAt: expect.any(String),
})
})
it("can update an existing view name", async () => {
const tableId = config.table!._id!
await config.api.viewV2.update({ ...view, name: "View B" })

10
packages/server/src/app.ts
View file

@ -15,7 +15,15 @@ import * as api from "./api"
import * as automations from "./automations"
import { Thread } from "./threads"
import * as redis from "./utilities/redis"
import { events, logging, middleware, timers } from "@budibase/backend-core"
import { ServiceType } from "@budibase/types"
import {
events,
logging,
middleware,
timers,
env as coreEnv,
} from "@budibase/backend-core"
coreEnv._set("SERVICE_TYPE", ServiceType.APPS)
import { startup } from "./startup"
const Sentry = require("@sentry/node")
const destroyable = require("server-destroy")

19
packages/server/src/automations/tests/openai.spec.ts
View file

@ -22,6 +22,10 @@ jest.mock(
}))
)
const mockedOpenAIApi = openai.OpenAIApi as jest.MockedClass<
typeof openai.OpenAIApi
>
const OPENAI_PROMPT = "What is the meaning of life?"
describe("test the openai action", () => {
@ -68,11 +72,16 @@ describe("test the openai action", () => {
})
it("should present the correct error message when an error is thrown from the createChatCompletion call", async () => {
openai.OpenAIApi.mockImplementation(() => ({
createChatCompletion: jest.fn(() => {
throw new Error("An error occurred while calling createChatCompletion")
}),
}))
mockedOpenAIApi.mockImplementation(
() =>
({
createChatCompletion: jest.fn(() => {
throw new Error(
"An error occurred while calling createChatCompletion"
)
}),
} as any)
)
const res = await setup.runStep("OPENAI", {
prompt: OPENAI_PROMPT,

8
packages/server/src/db/utils.ts
View file

@ -3,10 +3,10 @@ import { db as dbCore } from "@budibase/backend-core"
type Optional = string | null
export const AppStatus = {
DEV: "development",
ALL: "all",
DEPLOYED: "published",
export const enum AppStatus {
DEV = "development",
ALL = "all",
DEPLOYED = "published",
}
export const BudibaseInternalDB = {

3
packages/server/src/environment.ts
View file

@ -1,3 +1,6 @@
import { env as coreEnv } from "@budibase/backend-core"
import { ServiceType } from "@budibase/types"
coreEnv._set("SERVICE_TYPE", ServiceType.APPS)
import { join } from "path"
function isTest() {

2
packages/server/src/integrations/postgres.ts
View file

@ -210,7 +210,7 @@ class PostgresIntegration extends Sql implements DatasourcePlus {
if (!this.config.schema) {
this.config.schema = "public"
}
await this.client.query(`SET search_path TO ${this.config.schema}`)
await this.client.query(`SET search_path TO "${this.config.schema}"`)
this.COLUMNS_SQL = `select * from information_schema.columns where table_schema = '${this.config.schema}'`
this.open = true
}

2
packages/server/src/integrations/tests/googlesheets.spec.ts
View file

@ -30,7 +30,7 @@ GoogleSpreadsheet.mockImplementation(() => mockGoogleIntegration)
import { structures } from "@budibase/backend-core/tests"
import TestConfiguration from "../../tests/utilities/TestConfiguration"
import GoogleSheetsIntegration from "../googlesheets"
import { FieldType, Table, TableSchema } from "../../../../types/src/documents"
import { FieldType, Table, TableSchema } from "@budibase/types"
describe("Google Sheets Integration", () => {
let integration: any,

52
packages/server/src/middleware/authorized.ts
View file

@ -1,5 +1,11 @@
import { roles, permissions, auth, context } from "@budibase/backend-core"
import { Role } from "@budibase/types"
import {
auth,
context,
permissions,
roles,
users,
} from "@budibase/backend-core"
import { PermissionLevel, PermissionType, Role, UserCtx } from "@budibase/types"
import builderMiddleware from "./builder"
import { isWebhookEndpoint } from "./utils"
@ -16,15 +22,20 @@ const csrf = auth.buildCsrfMiddleware()
* - Otherwise the user must have the required role.
*/
const checkAuthorized = async (
ctx: any,
ctx: UserCtx,
resourceRoles: any,
permType: any,
permLevel: any
permType: PermissionType,
permLevel: PermissionLevel
) => {
const appId = context.getAppId()
const isGlobalBuilderApi = permType === PermissionType.GLOBAL_BUILDER
const isBuilderApi = permType === PermissionType.BUILDER
const globalBuilder = users.isGlobalBuilder(ctx.user)
let isBuilder = appId
? users.isBuilder(ctx.user, appId)
: users.hasBuilderPermissions(ctx.user)
// check if this is a builder api and the user is not a builder
const isBuilder = ctx.user && ctx.user.builder && ctx.user.builder.global
const isBuilderApi = permType === permissions.PermissionType.BUILDER
if (isBuilderApi && !isBuilder) {
if ((isGlobalBuilderApi && !globalBuilder) || (isBuilderApi && !isBuilder)) {
return ctx.throw(403, "Not Authorized")
}
@ -35,10 +46,10 @@ const checkAuthorized = async (
}
const checkAuthorizedResource = async (
ctx: any,
ctx: UserCtx,
resourceRoles: any,
permType: any,
permLevel: any
permType: PermissionType,
permLevel: PermissionLevel
) => {
// get the user's roles
const roleId = ctx.roleId || roles.BUILTIN_ROLE_IDS.PUBLIC
@ -64,8 +75,8 @@ const checkAuthorizedResource = async (
}
export default (
permType: any,
permLevel: any = null,
permType: PermissionType,
permLevel?: PermissionLevel,
opts = { schema: false }
) =>
async (ctx: any, next: any) => {
@ -83,12 +94,12 @@ export default (
let resourceRoles: any = []
let otherLevelRoles: any = []
const otherLevel =
permLevel === permissions.PermissionLevel.READ
? permissions.PermissionLevel.WRITE
: permissions.PermissionLevel.READ
permLevel === PermissionLevel.READ
? PermissionLevel.WRITE
: PermissionLevel.READ
const appId = context.getAppId()
if (appId && hasResource(ctx)) {
resourceRoles = await roles.getRequiredResourceRole(permLevel, ctx)
resourceRoles = await roles.getRequiredResourceRole(permLevel!, ctx)
if (opts && opts.schema) {
otherLevelRoles = await roles.getRequiredResourceRole(otherLevel, ctx)
}
@ -110,13 +121,16 @@ export default (
// check general builder stuff, this middleware is a good way
// to find API endpoints which are builder focused
if (permType === permissions.PermissionType.BUILDER) {
if (
permType === PermissionType.BUILDER ||
permType === PermissionType.GLOBAL_BUILDER
) {
await builderMiddleware(ctx)
}
try {
// check authorized
await checkAuthorized(ctx, resourceRoles, permType, permLevel)
await checkAuthorized(ctx, resourceRoles, permType, permLevel!)
} catch (err) {
// this is a schema, check if
if (opts && opts.schema && permLevel) {

2
packages/server/src/middleware/builder.ts
View file

@ -10,7 +10,7 @@ import {
setDebounce,
} from "../utilities/redis"
import { db as dbCore, cache } from "@budibase/backend-core"
import { UserCtx, Database, App } from "@budibase/types"
import { UserCtx, Database } from "@budibase/types"
const DEBOUNCE_TIME_SEC = 30

17
packages/server/src/middleware/currentapp.ts
View file

@ -4,12 +4,13 @@ import {
roles,
tenancy,
context,
users,
} from "@budibase/backend-core"
import { generateUserMetadataID, isDevAppID } from "../db/utils"
import { getCachedSelf } from "../utilities/global"
import env from "../environment"
import { isWebhookEndpoint } from "./utils"
import { UserCtx } from "@budibase/types"
import { UserCtx, ContextUser } from "@budibase/types"
export default async (ctx: UserCtx, next: any) => {
// try to get the appID from the request
@ -23,7 +24,7 @@ export default async (ctx: UserCtx, next: any) => {
if (
isDevAppID(requestAppId) &&
!isWebhookEndpoint(ctx) &&
(!ctx.user || !ctx.user.builder || !ctx.user.builder.global)
!users.isBuilder(ctx.user, requestAppId)
) {
return ctx.redirect("/")
}
@ -42,8 +43,7 @@ export default async (ctx: UserCtx, next: any) => {
roleId = globalUser.roleId || roleId
// Allow builders to specify their role via a header
const isBuilder =
globalUser && globalUser.builder && globalUser.builder.global
const isBuilder = users.isBuilder(globalUser, appId)
const isDevApp = appId && isDevAppID(appId)
const roleHeader =
ctx.request &&
@ -56,8 +56,7 @@ export default async (ctx: UserCtx, next: any) => {
roleId = roleHeader
// Delete admin and builder flags so that the specified role is honoured
delete ctx.user.builder
delete ctx.user.admin
ctx.user = users.removePortalUserPermissions(ctx.user) as ContextUser
}
} catch (error) {
// Swallow error and do nothing
@ -71,7 +70,6 @@ export default async (ctx: UserCtx, next: any) => {
}
return context.doInAppContext(appId, async () => {
let skipCookie = false
// if the user not in the right tenant then make sure they have no permissions
// need to judge this only based on the request app ID,
if (
@ -81,12 +79,9 @@ export default async (ctx: UserCtx, next: any) => {
!tenancy.isUserInAppTenant(requestAppId, ctx.user)
) {
// don't error, simply remove the users rights (they are a public user)
delete ctx.user.builder
delete ctx.user.admin
delete ctx.user.roles
ctx.user = users.cleanseUserObject(ctx.user) as ContextUser
ctx.isAuthenticated = false
roleId = roles.BUILTIN_ROLE_IDS.PUBLIC
skipCookie = true
}
ctx.appId = appId

10
packages/server/src/middleware/tests/authorized.spec.js
View file

@ -9,7 +9,7 @@ jest.mock("../../environment", () => ({
)
const authorizedMiddleware = require("../authorized").default
const env = require("../../environment")
const { permissions } = require("@budibase/backend-core")
const { PermissionType, PermissionLevel } = require("@budibase/types")
const APP_ID = ""
@ -112,7 +112,7 @@ describe("Authorization middleware", () => {
it("throws if the user does not have builder permissions", async () => {
config.setEnvironment(false)
config.setMiddlewareRequiredPermission(permissions.PermissionType.BUILDER)
config.setMiddlewareRequiredPermission(PermissionType.BUILDER)
config.setUser({
role: {
_id: ""
@ -124,13 +124,13 @@ describe("Authorization middleware", () => {
})
it("passes on to next() middleware if the user has resource permission", async () => {
config.setResourceId(permissions.PermissionType.QUERY)
config.setResourceId(PermissionType.QUERY)
config.setUser({
role: {
_id: ""
}
})
config.setMiddlewareRequiredPermission(permissions.PermissionType.QUERY)
config.setMiddlewareRequiredPermission(PermissionType.QUERY)
await config.executeMiddleware()
expect(config.next).toHaveBeenCalled()
@ -154,7 +154,7 @@ describe("Authorization middleware", () => {
_id: ""
},
})
config.setMiddlewareRequiredPermission(permissions.PermissionType.ADMIN, permissions.PermissionLevel.BASIC)
config.setMiddlewareRequiredPermission(PermissionType.ADMIN, PermissionLevel.BASIC)
await config.executeMiddleware()
expect(config.throw).toHaveBeenCalledWith(403, "User does not have permission")

10
packages/server/src/migrations/functions/backfill/global/users.ts
View file

@ -1,4 +1,8 @@
import { events, db as dbUtils } from "@budibase/backend-core"
import {
events,
db as dbUtils,
users as usersCore,
} from "@budibase/backend-core"
import { User, CloudAccount } from "@budibase/types"
import { DEFAULT_TIMESTAMP } from ".."
@ -30,11 +34,11 @@ export const backfill = async (
await events.identification.identifyUser(user, account, timestamp)
await events.user.created(user, timestamp)
if (user.admin?.global) {
if (usersCore.hasAdminPermissions(user)) {
await events.user.permissionAdminAssigned(user, timestamp)
}
if (user.builder?.global) {
if (usersCore.hasBuilderPermissions(user)) {
await events.user.permissionBuilderAssigned(user, timestamp)
}

4
packages/server/src/migrations/tests/index.spec.ts
View file

@ -17,7 +17,7 @@ tk.freeze(timestamp)
const clearMigrations = async () => {
const dbs = [context.getDevAppDB(), context.getProdAppDB()]
for (const db of dbs) {
const doc = await db.get(DocumentType.MIGRATIONS)
const doc = await db.get<any>(DocumentType.MIGRATIONS)
const newDoc = { _id: doc._id, _rev: doc._rev }
await db.put(newDoc)
}
@ -52,7 +52,7 @@ describe("migrations", () => {
await config.createTable()
await config.createView()
await config.createTable()
await config.createView(structures.view(config.table._id))
await config.createView(structures.view(config.table!._id!))
await config.createScreen()
await config.createScreen()

50
packages/server/src/sdk/app/applications/applications.ts Normal file
View file

@ -0,0 +1,50 @@
import { AppStatus } from "../../../db/utils"
import { App, ContextUser } from "@budibase/types"
import { getLocksById } from "../../../utilities/redis"
import { enrichApps } from "../../users/sessions"
import { checkAppMetadata } from "../../../automations/logging"
import { db as dbCore, users } from "@budibase/backend-core"
export function filterAppList(user: ContextUser, apps: App[]) {
let appList: string[] = []
const roleApps = Object.keys(user.roles || {})
if (users.hasAppBuilderPermissions(user)) {
appList = user.builder?.apps || []
appList = appList.concat(roleApps)
} else if (!users.isAdminOrBuilder(user)) {
appList = roleApps
} else {
return apps
}
return apps.filter(app => appList.includes(dbCore.getProdAppID(app.appId)))
}
export async function fetch(status: AppStatus, user: ContextUser) {
const dev = status === AppStatus.DEV
const all = status === AppStatus.ALL
let apps = (await dbCore.getAllApps({ dev, all })) as App[]
apps = filterAppList(user, apps)
const appIds = apps
.filter((app: any) => app.status === "development")
.map((app: any) => app.appId)
// get the locks for all the dev apps
if (dev || all) {
const locks = await getLocksById(appIds)
for (let app of apps) {
const lock = locks[app.appId]
if (lock) {
app.lockedBy = lock
} else {
// make sure its definitely not present
delete app.lockedBy
}
}
}
// Enrich apps with all builder user sessions
const enrichedApps = await enrichApps(apps)
return await checkAppMetadata(enrichedApps)
}

2
packages/server/src/sdk/app/applications/index.ts
View file

@ -1,7 +1,9 @@
import * as sync from "./sync"
import * as utils from "./utils"
import * as applications from "./applications"
export default {
...sync,
...utils,
...applications,
}

2
packages/server/src/sdk/app/views/index.ts
View file

@ -86,6 +86,7 @@ export function enrichSchema(view: View | ViewV2, tableSchema: TableSchema) {
: schema[fieldName].order,
}
}
delete view.schemaUI
}
if (view?.columns?.length) {
@ -97,6 +98,7 @@ export function enrichSchema(view: View | ViewV2, tableSchema: TableSchema) {
pickedSchema[fieldName] = { ...schema[fieldName] }
}
schema = pickedSchema
delete view.columns
}
return {

6
packages/server/src/utilities/global.ts
View file

@ -5,6 +5,7 @@ import {
cache,
tenancy,
context,
users,
} from "@budibase/backend-core"
import env from "../environment"
import { groups } from "@budibase/pro"
@ -22,8 +23,7 @@ export function updateAppRole(
}
// if in an multi-tenancy environment make sure roles are never updated
if (env.MULTI_TENANCY && appId && !tenancy.isUserInAppTenant(appId, user)) {
delete user.builder
delete user.admin
user = users.removePortalUserPermissions(user)
user.roleId = roles.BUILTIN_ROLE_IDS.PUBLIC
return user
}
@ -32,7 +32,7 @@ export function updateAppRole(
user.roleId = user.roles[dbCore.getProdAppID(appId)]
}
// if a role wasn't found then either set as admin (builder) or public (everyone else)
if (!user.roleId && user.builder && user.builder.global) {
if (!user.roleId && users.isBuilder(user, appId)) {
user.roleId = roles.BUILTIN_ROLE_IDS.ADMIN
} else if (!user.roleId && !user?.userGroups?.length) {
user.roleId = roles.BUILTIN_ROLE_IDS.PUBLIC

7
packages/server/src/utilities/rowProcessor/tests/utils.spec.ts
View file

@ -1,18 +1,19 @@
import { fixAutoColumnSubType } from "../utils"
import { AutoFieldDefaultNames, AutoFieldSubTypes } from "../../../constants"
import { FieldSchema, FieldType, RelationshipType } from "@budibase/types"
describe("rowProcessor utility", () => {
describe("fixAutoColumnSubType", () => {
let schema = {
let schema: FieldSchema = {
name: "",
type: "link",
type: FieldType.LINK,
subtype: "", // missing subtype
icon: "ri-magic-line",
autocolumn: true,
constraints: { type: "array", presence: false },
tableId: "ta_users",
fieldName: "test-Updated By",
relationshipType: "many-to-many",
relationshipType: RelationshipType.MANY_TO_MANY,
sortable: false,
}

2
packages/server/src/utilities/rowProcessor/utils.ts
View file

@ -5,7 +5,7 @@ import {
FormulaTypes,
} from "../../constants"
import { processStringSync } from "@budibase/string-templates"
import { FieldSchema, FieldType, Row, Table } from "@budibase/types"
import { FieldSchema, Row, Table } from "@budibase/types"
/**
* If the subtype has been lost for any reason this works out what

7
packages/server/tsconfig.json
View file

@ -2,15 +2,12 @@
"extends": "./tsconfig.build.json",
"compilerOptions": {
"composite": true,
"declaration": true,
"sourceMap": true,
"baseUrl": ".",
"outDir": "dist"
"baseUrl": "."
},
"ts-node": {
"require": ["tsconfig-paths/register"],
"swc": true
},
"include": ["src/**/*", "specs"],
"include": ["src/**/*", "specs", "__mocks__"],
"exclude": ["node_modules", "dist"]
}

30
packages/shared-core/package.json
View file

@ -2,22 +2,22 @@
"name": "@budibase/shared-core",
"version": "0.0.0",
"description": "Shared data utils",
"main": "dist/cjs/src/index.js",
"types": "dist/mjs/src/index.d.ts",
"main": "src/index.ts",
"types": "src/index.ts",
"exports": {
".": {
"import": "./dist/mjs/src/index.js",
"require": "./dist/cjs/src/index.js"
},
"./package.json": "./dist/mjs/package.json"
"import": "./dist/index.js",
"require": "./src/index.ts"
}
},
"author": "Budibase",
"license": "GPL-3.0",
"scripts": {
"prebuild": "rimraf dist/",
"build": "tsc -p tsconfig.build.json && tsc -p tsconfig-cjs.build.json",
"build": "tsc -p tsconfig.build.json",
"build:dev": "yarn prebuild && tsc --build --watch --preserveWatchOutput",
"dev:builder": "yarn prebuild && concurrently \"tsc -p tsconfig.build.json --watch\" \"tsc -p tsconfig-cjs.build.json --watch\""
"dev:builder": "yarn prebuild && tsc -p tsconfig.json --watch --preserveWatchOutput",
"check:types": "tsc -p tsconfig.json --noEmit --paths null"
},
"dependencies": {
"@budibase/types": "0.0.0"
@ -26,19 +26,5 @@
"concurrently": "^7.6.0",
"rimraf": "3.0.2",
"typescript": "4.7.3"
},
"nx": {
"targets": {
"build": {
"dependsOn": [
{
"projects": [
"@budibase/types"
],
"target": "build"
}
]
}
}
}
}

1
packages/shared-core/src/index.ts
View file

@ -2,3 +2,4 @@ export * from "./constants"
export * as dataFilters from "./filters"
export * as helpers from "./helpers"
export * as utils from "./utils"
export * as sdk from "./sdk"

35
packages/shared-core/src/sdk/documents/applications.ts Normal file
View file

@ -0,0 +1,35 @@
import { DocumentType, prefixed } from "@budibase/types"
const APP_PREFIX = prefixed(DocumentType.APP)
const APP_DEV_PREFIX = prefixed(DocumentType.APP_DEV)
export function getDevAppID(appId: string) {
if (!appId) {
throw new Error("No app ID provided")
}
if (appId.startsWith(APP_DEV_PREFIX)) {
return appId
}
// split to take off the app_ element, then join it together incase any other app_ exist
const split = appId.split(APP_PREFIX)
split.shift()
const rest = split.join(APP_PREFIX)
return `${APP_DEV_PREFIX}${rest}`
}
/**
* Convert a development app ID to a deployed app ID.
*/
export function getProdAppID(appId: string) {
if (!appId) {
throw new Error("No app ID provided")
}
if (!appId.startsWith(APP_DEV_PREFIX)) {
return appId
}
// split to take off the app_dev element, then join it together incase any other app_ exist
const split = appId.split(APP_DEV_PREFIX)
split.shift()
const rest = split.join(APP_DEV_PREFIX)
return `${APP_PREFIX}${rest}`
}

2
packages/shared-core/src/sdk/documents/index.ts Normal file
View file

@ -0,0 +1,2 @@
export * as applications from "./applications"
export * as users from "./users"

62
packages/shared-core/src/sdk/documents/users.ts Normal file
View file

@ -0,0 +1,62 @@
import { ContextUser, User } from "@budibase/types"
import { getProdAppID } from "./applications"
// checks if a user is specifically a builder, given an app ID
export function isBuilder(user: User | ContextUser, appId?: string): boolean {
if (!user) {
return false
}
if (user.builder?.global) {
return true
} else if (appId && user.builder?.apps?.includes(getProdAppID(appId))) {
return true
}
return false
}
export function isGlobalBuilder(user: User | ContextUser): boolean {
return (isBuilder(user) && !hasAppBuilderPermissions(user)) || isAdmin(user)
}
// alias for hasAdminPermission, currently do the same thing
// in future whether someone has admin permissions and whether they are
// an admin for a specific resource could be separated
export function isAdmin(user: User | ContextUser): boolean {
if (!user) {
return false
}
return hasAdminPermissions(user)
}
export function isAdminOrBuilder(
user: User | ContextUser,
appId?: string
): boolean {
return isBuilder(user, appId) || isAdmin(user)
}
// check if they are a builder within an app (not necessarily a global builder)
export function hasAppBuilderPermissions(user?: User | ContextUser): boolean {
if (!user) {
return false
}
const appLength = user.builder?.apps?.length
const isGlobalBuilder = !!user.builder?.global
return !isGlobalBuilder && appLength != null && appLength > 0
}
// checks if a user is capable of building any app
export function hasBuilderPermissions(user?: User | ContextUser): boolean {
if (!user) {
return false
}
return user.builder?.global || hasAppBuilderPermissions(user)
}
// checks if a user is capable of being an admin
export function hasAdminPermissions(user?: User | ContextUser): boolean {
if (!user) {
return false
}
return !!user.admin?.global
}

1
packages/shared-core/src/sdk/index.ts Normal file
View file

@ -0,0 +1 @@
export * from "./documents"

Some files were not shown because too many files have changed in this diff Show more