CodeMirror/budibase
1
0
Fork 0
mirror of synced 2024-07-06 15:00:49 +12:00
Code Issues Projects Releases Wiki Activity

Merge branch 'develop' into account-portal-auth-api-testing-2

Browse source
This commit is contained in:
jvcalderon 2023-08-02 17:44:01 +02:00
parent 0380068473 ffb22f9f93
commit 989bfe76fb
145 changed files with 1958 additions and 1337 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.github/workflows/budibase_ci.yml vendored
View file

@ -154,7 +154,7 @@ jobs:
node-version: 14.x node-version: 14.x
cache: "yarn" cache: "yarn"
- run: yarn - run: yarn
- run: yarn build - run: yarn build --projects=@budibase/server,@budibase/worker,@budibase/client
- name: Run tests - name: Run tests
run: | run: |
cd qa-core cd qa-core

2
.gitignore vendored
View file

@ -101,8 +101,6 @@ packages/builder/cypress.env.json
packages/builder/cypress/reports packages/builder/cypress/reports
stats.html stats.html
# TypeScript cache
*.tsbuildinfo
# plugins # plugins
budibase-component budibase-component

2
lerna.json
View file

@ -1,5 +1,5 @@
{ {
"version": "2.8.29-alpha.9", "version": "2.8.29-alpha.15",
"npmClient": "yarn", "npmClient": "yarn",
"packages": [ "packages": [
"packages/*" "packages/*"

13
nx.json
View file

@ -3,19 +3,10 @@
"default": { "default": {
"runner": "nx-cloud", "runner": "nx-cloud",
"options": { "options": {
"cacheableOperations": ["build", "test"], "cacheableOperations": ["build", "test", "check:types"],
"accessToken": "MmM4OGYxNzItMDBlYy00ZmE3LTk4MTYtNmJhYWMyZjBjZTUyfHJlYWQ=" "accessToken": "MmM4OGYxNzItMDBlYy00ZmE3LTk4MTYtNmJhYWMyZjBjZTUyfHJlYWQ="
} }
} }
}, },
"targetDefaults": { "targetDefaults": {}
"dev:builder": {
"dependsOn": [
{
"projects": ["@budibase/string-templates"],
"target": "build"
}
]
}
}
} }

8
package.json
View file

@ -36,7 +36,7 @@
"bootstrap": "./scripts/link-dependencies.sh && echo '***BOOTSTRAP ONLY REQUIRED FOR USE WITH ACCOUNT PORTAL***'", "bootstrap": "./scripts/link-dependencies.sh && echo '***BOOTSTRAP ONLY REQUIRED FOR USE WITH ACCOUNT PORTAL***'",
"build": "yarn nx run-many -t=build", "build": "yarn nx run-many -t=build",
"build:dev": "lerna run --stream prebuild && yarn nx run-many --target=build --output-style=dynamic --watch --preserveWatchOutput", "build:dev": "lerna run --stream prebuild && yarn nx run-many --target=build --output-style=dynamic --watch --preserveWatchOutput",
"check:types": "lerna run check:types --skip-nx-cache", "check:types": "lerna run check:types",
"backend:bootstrap": "./scripts/scopeBackend.sh && yarn run bootstrap", "backend:bootstrap": "./scripts/scopeBackend.sh && yarn run bootstrap",
"backend:build": "./scripts/scopeBackend.sh 'lerna run --stream build'", "backend:build": "./scripts/scopeBackend.sh 'lerna run --stream build'",
"build:sdk": "lerna run --stream build:sdk", "build:sdk": "lerna run --stream build:sdk",
@ -51,9 +51,9 @@
"kill-builder": "kill-port 3000", "kill-builder": "kill-port 3000",
"kill-server": "kill-port 4001 4002", "kill-server": "kill-port 4001 4002",
"kill-all": "yarn run kill-builder && yarn run kill-server", "kill-all": "yarn run kill-builder && yarn run kill-server",
"dev": "yarn run kill-all && lerna run --stream --parallel dev:builder", "dev": "yarn run kill-all && lerna run --stream dev:builder",
"dev:noserver": "yarn run kill-builder && lerna run --stream dev:stack:up && lerna run --stream --parallel dev:builder --ignore @budibase/backend-core --ignore @budibase/server --ignore @budibase/worker", "dev:noserver": "yarn run kill-builder && lerna run --stream dev:stack:up && lerna run --stream dev:builder --ignore @budibase/backend-core --ignore @budibase/server --ignore @budibase/worker",
"dev:server": "yarn run kill-server && lerna run --stream --parallel dev:builder --scope @budibase/worker --scope @budibase/server", "dev:server": "yarn run kill-server && lerna run --stream dev:builder --scope @budibase/worker --scope @budibase/server",
"dev:built": "yarn run kill-all && cd packages/server && yarn dev:stack:up && cd ../../ && lerna run --stream dev:built", "dev:built": "yarn run kill-all && cd packages/server && yarn dev:stack:up && cd ../../ && lerna run --stream dev:built",
"dev:docker": "yarn build:docker:pre && docker-compose -f hosting/docker-compose.build.yaml -f hosting/docker-compose.dev.yaml --env-file hosting/.env up --build --scale proxy-service=0", "dev:docker": "yarn build:docker:pre && docker-compose -f hosting/docker-compose.build.yaml -f hosting/docker-compose.dev.yaml --env-file hosting/.env up --build --scale proxy-service=0",
"test": "lerna run --stream test --stream", "test": "lerna run --stream test --stream",

1
packages/backend-core/jest.config.ts
View file

@ -9,6 +9,7 @@ const baseConfig: Config.InitialProjectOptions = {
}, },
moduleNameMapper: { moduleNameMapper: {
"@budibase/types": "<rootDir>/../types/src", "@budibase/types": "<rootDir>/../types/src",
"@budibase/shared-core": ["<rootDir>/../shared-core/src"],
}, },
} }

19
packages/backend-core/package.json
View file

@ -16,12 +16,14 @@
"prepack": "cp package.json dist", "prepack": "cp package.json dist",
"build": "tsc -p tsconfig.build.json", "build": "tsc -p tsconfig.build.json",
"build:dev": "yarn prebuild && tsc --build --watch --preserveWatchOutput", "build:dev": "yarn prebuild && tsc --build --watch --preserveWatchOutput",
"check:types": "tsc -p tsconfig.json --noEmit --paths null",
"test": "bash scripts/test.sh", "test": "bash scripts/test.sh",
"test:watch": "jest --watchAll" "test:watch": "jest --watchAll"
}, },
"dependencies": { "dependencies": {
"@budibase/nano": "10.1.2", "@budibase/nano": "10.1.2",
"@budibase/pouchdb-replication-stream": "1.2.10", "@budibase/pouchdb-replication-stream": "1.2.10",
"@budibase/shared-core": "0.0.0",
"@budibase/types": "0.0.0", "@budibase/types": "0.0.0",
"@techpass/passport-openidconnect": "0.3.2", "@techpass/passport-openidconnect": "0.3.2",
"aws-cloudfront-sign": "2.2.0", "aws-cloudfront-sign": "2.2.0",
@ -86,20 +88,5 @@
"ts-node": "10.8.1", "ts-node": "10.8.1",
"tsconfig-paths": "4.0.0", "tsconfig-paths": "4.0.0",
"typescript": "4.7.3" "typescript": "4.7.3"
}, }
"nx": {
"targets": {
"build": {
"dependsOn": [
{
"projects": [
"@budibase/types"
],
"target": "build"
}
]
}
}
},
"gitHead": "d1836a898cab3f8ab80ee6d8f42be1a9eed7dcdc"
} }

14
packages/backend-core/src/cache/tests/writethrough.spec.ts vendored
View file

@ -36,7 +36,7 @@ describe("writethrough", () => {
_id: docId, _id: docId,
value: 1, value: 1,
}) })
const output = await db.get(response.id) const output = await db.get<any>(response.id)
current = output current = output
expect(output.value).toBe(1) expect(output.value).toBe(1)
}) })
@ -45,7 +45,7 @@ describe("writethrough", () => {
it("second put shouldn't update DB", async () => { it("second put shouldn't update DB", async () => {
await config.doInTenant(async () => { await config.doInTenant(async () => {
const response = await writethrough.put({ ...current, value: 2 }) const response = await writethrough.put({ ...current, value: 2 })
const output = await db.get(response.id) const output = await db.get<any>(response.id)
expect(current._rev).toBe(output._rev) expect(current._rev).toBe(output._rev)
expect(output.value).toBe(1) expect(output.value).toBe(1)
}) })
@ -55,7 +55,7 @@ describe("writethrough", () => {
await config.doInTenant(async () => { await config.doInTenant(async () => {
tk.freeze(Date.now() + DELAY + 1) tk.freeze(Date.now() + DELAY + 1)
const response = await writethrough.put({ ...current, value: 3 }) const response = await writethrough.put({ ...current, value: 3 })
const output = await db.get(response.id) const output = await db.get<any>(response.id)
expect(response.rev).not.toBe(current._rev) expect(response.rev).not.toBe(current._rev)
expect(output.value).toBe(3) expect(output.value).toBe(3)
@ -79,7 +79,7 @@ describe("writethrough", () => {
expect.arrayContaining([current._rev, current._rev, newRev]) expect.arrayContaining([current._rev, current._rev, newRev])
) )
const output = await db.get(current._id) const output = await db.get<any>(current._id)
expect(output.value).toBe(4) expect(output.value).toBe(4)
expect(output._rev).toBe(newRev) expect(output._rev).toBe(newRev)
@ -107,7 +107,7 @@ describe("writethrough", () => {
}) })
expect(res.ok).toBe(true) expect(res.ok).toBe(true)
const output = await db.get(id) const output = await db.get<any>(id)
expect(output.value).toBe(3) expect(output.value).toBe(3)
expect(output._rev).toBe(res.rev) expect(output._rev).toBe(res.rev)
}) })
@ -130,8 +130,8 @@ describe("writethrough", () => {
const resp2 = await writethrough2.put({ _id: "db1", value: "second" }) const resp2 = await writethrough2.put({ _id: "db1", value: "second" })
expect(resp1.rev).toBeDefined() expect(resp1.rev).toBeDefined()
expect(resp2.rev).toBeDefined() expect(resp2.rev).toBeDefined()
expect((await db.get("db1")).value).toBe("first") expect((await db.get<any>("db1")).value).toBe("first")
expect((await db2.get("db1")).value).toBe("second") expect((await db2.get<any>("db1")).value).toBe("second")
}) })
}) })
}) })

46
packages/backend-core/src/constants/db.ts
View file

@ -1,5 +1,5 @@
export const SEPARATOR = "_" import { prefixed, DocumentType } from "@budibase/types"
export const UNICODE_MAX = "\ufff0" export { SEPARATOR, UNICODE_MAX, DocumentType } from "@budibase/types"
/** /**
* Can be used to create a few different forms of querying a view. * Can be used to create a few different forms of querying a view.
@ -14,8 +14,6 @@ export enum ViewName {
USER_BY_APP = "by_app", USER_BY_APP = "by_app",
USER_BY_EMAIL = "by_email2", USER_BY_EMAIL = "by_email2",
BY_API_KEY = "by_api_key", BY_API_KEY = "by_api_key",
/** @deprecated - could be deleted */
USER_BY_BUILDERS = "by_builders",
LINK = "by_link", LINK = "by_link",
ROUTING = "screen_routes", ROUTING = "screen_routes",
AUTOMATION_LOGS = "automation_logs", AUTOMATION_LOGS = "automation_logs",
@ -36,42 +34,6 @@ export enum InternalTable {
USER_METADATA = "ta_users", USER_METADATA = "ta_users",
} }
export enum DocumentType {
USER = "us",
GROUP = "gr",
WORKSPACE = "workspace",
CONFIG = "config",
TEMPLATE = "template",
APP = "app",
DEV = "dev",
APP_DEV = "app_dev",
APP_METADATA = "app_metadata",
ROLE = "role",
MIGRATIONS = "migrations",
DEV_INFO = "devinfo",
AUTOMATION_LOG = "log_au",
ACCOUNT_METADATA = "acc_metadata",
PLUGIN = "plg",
DATASOURCE = "datasource",
DATASOURCE_PLUS = "datasource_plus",
APP_BACKUP = "backup",
TABLE = "ta",
ROW = "ro",
AUTOMATION = "au",
LINK = "li",
WEBHOOK = "wh",
INSTANCE = "inst",
LAYOUT = "layout",
SCREEN = "screen",
QUERY = "query",
DEPLOYMENTS = "deployments",
METADATA = "metadata",
MEM_VIEW = "view",
USER_FLAG = "flag",
AUTOMATION_METADATA = "meta_au",
AUDIT_LOG = "al",
}
export const StaticDatabases = { export const StaticDatabases = {
GLOBAL: { GLOBAL: {
name: "global-db", name: "global-db",
@ -95,7 +57,7 @@ export const StaticDatabases = {
}, },
} }
export const APP_PREFIX = DocumentType.APP + SEPARATOR export const APP_PREFIX = prefixed(DocumentType.APP)
export const APP_DEV = DocumentType.APP_DEV + SEPARATOR export const APP_DEV = prefixed(DocumentType.APP_DEV)
export const APP_DEV_PREFIX = APP_DEV export const APP_DEV_PREFIX = APP_DEV
export const BUDIBASE_DATASOURCE_TYPE = "budibase" export const BUDIBASE_DATASOURCE_TYPE = "budibase"

11
packages/backend-core/src/db/views.ts
View file

@ -105,16 +105,6 @@ export const createApiKeyView = async () => {
await createView(db, viewJs, ViewName.BY_API_KEY) await createView(db, viewJs, ViewName.BY_API_KEY)
} }
export const createUserBuildersView = async () => {
const db = getGlobalDB()
const viewJs = `function(doc) {
if (doc.builder && doc.builder.global === true) {
emit(doc._id, doc._id)
}
}`
await createView(db, viewJs, ViewName.USER_BY_BUILDERS)
}
export interface QueryViewOptions { export interface QueryViewOptions {
arrayResponse?: boolean arrayResponse?: boolean
} }
@ -223,7 +213,6 @@ export const queryPlatformView = async <T>(
const CreateFuncByName: any = { const CreateFuncByName: any = {
[ViewName.USER_BY_EMAIL]: createNewUserEmailView, [ViewName.USER_BY_EMAIL]: createNewUserEmailView,
[ViewName.BY_API_KEY]: createApiKeyView, [ViewName.BY_API_KEY]: createApiKeyView,
[ViewName.USER_BY_BUILDERS]: createUserBuildersView,
[ViewName.USER_BY_APP]: createUserAppView, [ViewName.USER_BY_APP]: createUserAppView,
} }

12
packages/backend-core/src/environment.ts
View file

@ -1,4 +1,5 @@
import { existsSync, readFileSync } from "fs" import { existsSync, readFileSync } from "fs"
import { ServiceType } from "@budibase/types"
function isTest() { function isTest() {
return isCypress() || isJest() return isCypress() || isJest()
@ -83,10 +84,20 @@ function getPackageJsonFields(): {
} }
} }
function isWorker() {
return environment.SERVICE_TYPE === ServiceType.WORKER
}
function isApps() {
return environment.SERVICE_TYPE === ServiceType.APPS
}
const environment = { const environment = {
isTest, isTest,
isJest, isJest,
isDev, isDev,
isWorker,
isApps,
isProd: () => { isProd: () => {
return !isDev() return !isDev()
}, },
@ -153,6 +164,7 @@ const environment = {
SMTP_FROM_ADDRESS: process.env.SMTP_FROM_ADDRESS, SMTP_FROM_ADDRESS: process.env.SMTP_FROM_ADDRESS,
DISABLE_JWT_WARNING: process.env.DISABLE_JWT_WARNING, DISABLE_JWT_WARNING: process.env.DISABLE_JWT_WARNING,
BLACKLIST_IPS: process.env.BLACKLIST_IPS, BLACKLIST_IPS: process.env.BLACKLIST_IPS,
SERVICE_TYPE: "unknown",
/** /**
* Enable to allow an admin user to login using a password. * Enable to allow an admin user to login using a password.
* This can be useful to prevent lockout when configuring SSO. * This can be useful to prevent lockout when configuring SSO.

5
packages/backend-core/src/events/identification.ts
View file

@ -21,6 +21,7 @@ import { processors } from "./processors"
import { newid } from "../utils" import { newid } from "../utils"
import * as installation from "../installation" import * as installation from "../installation"
import * as configs from "../configs" import * as configs from "../configs"
import * as users from "../users"
import { withCache, TTL, CacheKey } from "../cache/generic" import { withCache, TTL, CacheKey } from "../cache/generic"
/** /**
@ -164,8 +165,8 @@ const identifyUser = async (
const id = user._id as string const id = user._id as string
const tenantId = await getEventTenantId(user.tenantId) const tenantId = await getEventTenantId(user.tenantId)
const type = IdentityType.USER const type = IdentityType.USER
let builder = user.builder?.global || false let builder = users.hasBuilderPermissions(user)
let admin = user.admin?.global || false let admin = users.hasAdminPermissions(user)
let providerType let providerType
if (isSSOUser(user)) { if (isSSOUser(user)) {
providerType = user.providerType providerType = user.providerType

10
packages/backend-core/src/middleware/adminOnly.ts
View file

@ -1,10 +1,8 @@
import { BBContext } from "@budibase/types" import { UserCtx } from "@budibase/types"
import { isAdmin } from "../users"
export default async (ctx: BBContext, next: any) => { export default async (ctx: UserCtx, next: any) => {
if ( if (!ctx.internal && !isAdmin(ctx.user)) {
!ctx.internal &&
(!ctx.user || !ctx.user.admin || !ctx.user.admin.global)
) {
ctx.throw(403, "Admin user only endpoint.") ctx.throw(403, "Admin user only endpoint.")
} }
return next() return next()

21
packages/backend-core/src/middleware/builderOnly.ts
View file

@ -1,10 +1,19 @@
import { BBContext } from "@budibase/types" import { UserCtx } from "@budibase/types"
import { isBuilder, hasBuilderPermissions } from "../users"
import { getAppId } from "../context"
import env from "../environment"
export default async (ctx: BBContext, next: any) => { export default async (ctx: UserCtx, next: any) => {
if ( const appId = getAppId()
!ctx.internal && const builderFn = env.isWorker()
(!ctx.user || !ctx.user.builder || !ctx.user.builder.global) ? hasBuilderPermissions
) { : env.isApps()
? isBuilder
: undefined
if (!builderFn) {
throw new Error("Service name unknown - middleware inactive.")
}
if (!ctx.internal && !builderFn(ctx.user, appId)) {
ctx.throw(403, "Builder user only endpoint.") ctx.throw(403, "Builder user only endpoint.")
} }
return next() return next()

24
packages/backend-core/src/middleware/builderOrAdmin.ts
View file

@ -1,12 +1,20 @@
import { BBContext } from "@budibase/types" import { UserCtx } from "@budibase/types"
import { isBuilder, isAdmin, hasBuilderPermissions } from "../users"
import { getAppId } from "../context"
import env from "../environment"
export default async (ctx: BBContext, next: any) => { export default async (ctx: UserCtx, next: any) => {
if ( const appId = getAppId()
!ctx.internal && const builderFn = env.isWorker()
(!ctx.user || !ctx.user.builder || !ctx.user.builder.global) && ? hasBuilderPermissions
(!ctx.user || !ctx.user.admin || !ctx.user.admin.global) : env.isApps()
) { ? isBuilder
ctx.throw(403, "Builder user only endpoint.") : undefined
if (!builderFn) {
throw new Error("Service name unknown - middleware inactive.")
}
if (!ctx.internal && !builderFn(ctx.user, appId) && !isAdmin(ctx.user)) {
ctx.throw(403, "Admin/Builder user only endpoint.")
} }
return next() return next()
} }

180
packages/backend-core/src/middleware/tests/builder.spec.ts Normal file
View file

@ -0,0 +1,180 @@
import adminOnly from "../adminOnly"
import builderOnly from "../builderOnly"
import builderOrAdmin from "../builderOrAdmin"
import { structures } from "../../../tests"
import { ContextUser, ServiceType } from "@budibase/types"
import { doInAppContext } from "../../context"
import env from "../../environment"
env._set("SERVICE_TYPE", ServiceType.APPS)
const appId = "app_aaa"
const basicUser = structures.users.user()
const adminUser = structures.users.adminUser()
const adminOnlyUser = structures.users.adminOnlyUser()
const builderUser = structures.users.builderUser()
const appBuilderUser = structures.users.appBuilderUser(appId)
function buildUserCtx(user: ContextUser) {
return {
internal: false,
user,
throw: jest.fn(),
} as any
}
function passed(throwFn: jest.Func, nextFn: jest.Func) {
expect(throwFn).not.toBeCalled()
expect(nextFn).toBeCalled()
}
function threw(throwFn: jest.Func) {
// cant check next, the throw function doesn't actually throw - so it still continues
expect(throwFn).toBeCalled()
}
describe("adminOnly middleware", () => {
it("should allow admin user", () => {
const ctx = buildUserCtx(adminUser),
next = jest.fn()
adminOnly(ctx, next)
passed(ctx.throw, next)
})
it("should not allow basic user", () => {
const ctx = buildUserCtx(basicUser),
next = jest.fn()
adminOnly(ctx, next)
threw(ctx.throw)
})
it("should not allow builder user", () => {
const ctx = buildUserCtx(builderUser),
next = jest.fn()
adminOnly(ctx, next)
threw(ctx.throw)
})
})
describe("builderOnly middleware", () => {
it("should allow builder user", () => {
const ctx = buildUserCtx(builderUser),
next = jest.fn()
builderOnly(ctx, next)
passed(ctx.throw, next)
})
it("should allow app builder user", () => {
const ctx = buildUserCtx(appBuilderUser),
next = jest.fn()
doInAppContext(appId, () => {
builderOnly(ctx, next)
})
passed(ctx.throw, next)
})
it("should allow admin and builder user", () => {
const ctx = buildUserCtx(adminUser),
next = jest.fn()
builderOnly(ctx, next)
passed(ctx.throw, next)
})
it("should not allow admin user", () => {
const ctx = buildUserCtx(adminOnlyUser),
next = jest.fn()
builderOnly(ctx, next)
threw(ctx.throw)
})
it("should not allow app builder user to different app", () => {
const ctx = buildUserCtx(appBuilderUser),
next = jest.fn()
doInAppContext("app_bbb", () => {
builderOnly(ctx, next)
})
threw(ctx.throw)
})
it("should not allow basic user", () => {
const ctx = buildUserCtx(basicUser),
next = jest.fn()
builderOnly(ctx, next)
threw(ctx.throw)
})
})
describe("builderOrAdmin middleware", () => {
it("should allow builder user", () => {
const ctx = buildUserCtx(builderUser),
next = jest.fn()
builderOrAdmin(ctx, next)
passed(ctx.throw, next)
})
it("should allow builder and admin user", () => {
const ctx = buildUserCtx(adminUser),
next = jest.fn()
builderOrAdmin(ctx, next)
passed(ctx.throw, next)
})
it("should allow admin user", () => {
const ctx = buildUserCtx(adminOnlyUser),
next = jest.fn()
builderOrAdmin(ctx, next)
passed(ctx.throw, next)
})
it("should allow app builder user", () => {
const ctx = buildUserCtx(appBuilderUser),
next = jest.fn()
doInAppContext(appId, () => {
builderOrAdmin(ctx, next)
})
passed(ctx.throw, next)
})
it("should not allow basic user", () => {
const ctx = buildUserCtx(basicUser),
next = jest.fn()
builderOrAdmin(ctx, next)
threw(ctx.throw)
})
})
describe("check service difference", () => {
it("should not allow without app ID in apps", () => {
env._set("SERVICE_TYPE", ServiceType.APPS)
const appId = "app_a"
const ctx = buildUserCtx({
...basicUser,
builder: {
apps: [appId],
},
})
const next = jest.fn()
doInAppContext(appId, () => {
builderOnly(ctx, next)
})
passed(ctx.throw, next)
doInAppContext("app_b", () => {
builderOnly(ctx, next)
})
threw(ctx.throw)
})
it("should allow without app ID in worker", () => {
env._set("SERVICE_TYPE", ServiceType.WORKER)
const ctx = buildUserCtx({
...basicUser,
builder: {
apps: ["app_a"],
},
})
const next = jest.fn()
doInAppContext("app_b", () => {
builderOnly(ctx, next)
})
passed(ctx.throw, next)
})
})

22
packages/backend-core/src/security/permissions.ts
View file

@ -1,3 +1,5 @@
import { PermissionType, PermissionLevel } from "@budibase/types"
export { PermissionType, PermissionLevel } from "@budibase/types"
import flatten from "lodash/flatten" import flatten from "lodash/flatten"
import cloneDeep from "lodash/fp/cloneDeep" import cloneDeep from "lodash/fp/cloneDeep"
@ -5,25 +7,6 @@ export type RoleHierarchy = {
permissionId: string permissionId: string
}[] }[]
export enum PermissionLevel {
READ = "read",
WRITE = "write",
EXECUTE = "execute",
ADMIN = "admin",
}
// these are the global types, that govern the underlying default behaviour
export enum PermissionType {
APP = "app",
TABLE = "table",
USER = "user",
AUTOMATION = "automation",
WEBHOOK = "webhook",
BUILDER = "builder",
VIEW = "view",
QUERY = "query",
}
export class Permission { export class Permission {
type: PermissionType type: PermissionType
level: PermissionLevel level: PermissionLevel
@ -173,3 +156,4 @@ export function isPermissionLevelHigherThanRead(level: PermissionLevel) {
// utility as a lot of things need simply the builder permission // utility as a lot of things need simply the builder permission
export const BUILDER = PermissionType.BUILDER export const BUILDER = PermissionType.BUILDER
export const GLOBAL_BUILDER = PermissionType.GLOBAL_BUILDER

460
packages/backend-core/src/users/db.ts Normal file
View file

@ -0,0 +1,460 @@
import env from "../environment"
import * as eventHelpers from "./events"
import * as accounts from "../accounts"
import * as cache from "../cache"
import { getIdentity, getTenantId, getGlobalDB } from "../context"
import * as dbUtils from "../db"
import { EmailUnavailableError, HTTPError } from "../errors"
import * as platform from "../platform"
import * as sessions from "../security/sessions"
import * as usersCore from "./users"
import {
AllDocsResponse,
BulkUserCreated,
BulkUserDeleted,
RowResponse,
SaveUserOpts,
User,
Account,
isSSOUser,
isSSOAccount,
UserStatus,
} from "@budibase/types"
import * as accountSdk from "../accounts"
import {
validateUniqueUser,
getAccountHolderFromUserIds,
isAdmin,
} from "./utils"
import { searchExistingEmails } from "./lookup"
import { hash } from "../utils"
type QuotaUpdateFn = (change: number, cb?: () => Promise<any>) => Promise<any>
type GroupUpdateFn = (groupId: string, userIds: string[]) => Promise<any>
type FeatureFn = () => Promise<Boolean>
type QuotaFns = { addUsers: QuotaUpdateFn; removeUsers: QuotaUpdateFn }
type GroupFns = { addUsers: GroupUpdateFn }
type FeatureFns = { isSSOEnforced: FeatureFn; isAppBuildersEnabled: FeatureFn }
const bulkDeleteProcessing = async (dbUser: User) => {
const userId = dbUser._id as string
await platform.users.removeUser(dbUser)
await eventHelpers.handleDeleteEvents(dbUser)
await cache.user.invalidateUser(userId)
await sessions.invalidateSessions(userId, { reason: "bulk-deletion" })
}
export class UserDB {
static quotas: QuotaFns
static groups: GroupFns
static features: FeatureFns
static init(quotaFns: QuotaFns, groupFns: GroupFns, featureFns: FeatureFns) {
UserDB.quotas = quotaFns
UserDB.groups = groupFns
UserDB.features = featureFns
}
static async isPreventPasswordActions(user: User, account?: Account) {
// when in maintenance mode we allow sso users with the admin role
// to perform any password action - this prevents lockout
if (env.ENABLE_SSO_MAINTENANCE_MODE && isAdmin(user)) {
return false
}
// SSO is enforced for all users
if (await UserDB.features.isSSOEnforced()) {
return true
}
// Check local sso
if (isSSOUser(user)) {
return true
}
// Check account sso
if (!account) {
account = await accountSdk.getAccountByTenantId(getTenantId())
}
return !!(account && account.email === user.email && isSSOAccount(account))
}
static async buildUser(
user: User,
opts: SaveUserOpts = {
hashPassword: true,
requirePassword: true,
},
tenantId: string,
dbUser?: any,
account?: Account
): Promise<User> {
let { password, _id } = user
// don't require a password if the db user doesn't already have one
if (dbUser && !dbUser.password) {
opts.requirePassword = false
}
let hashedPassword
if (password) {
if (await UserDB.isPreventPasswordActions(user, account)) {
throw new HTTPError("Password change is disabled for this user", 400)
}
hashedPassword = opts.hashPassword ? await hash(password) : password
} else if (dbUser) {
hashedPassword = dbUser.password
}
// passwords are never required if sso is enforced
const requirePasswords =
opts.requirePassword && !(await UserDB.features.isSSOEnforced())
if (!hashedPassword && requirePasswords) {
throw "Password must be specified."
}
_id = _id || dbUtils.generateGlobalUserID()
const fullUser = {
createdAt: Date.now(),
...dbUser,
...user,
_id,
password: hashedPassword,
tenantId,
}
// make sure the roles object is always present
if (!fullUser.roles) {
fullUser.roles = {}
}
// add the active status to a user if its not provided
if (fullUser.status == null) {
fullUser.status = UserStatus.ACTIVE
}
return fullUser
}
static async allUsers() {
const db = getGlobalDB()
const response = await db.allDocs(
dbUtils.getGlobalUserParams(null, {
include_docs: true,
})
)
return response.rows.map((row: any) => row.doc)
}
static async countUsersByApp(appId: string) {
let response: any = await usersCore.searchGlobalUsersByApp(appId, {})
return {
userCount: response.length,
}
}
static async getUsersByAppAccess(appId?: string) {
const opts: any = {
include_docs: true,
limit: 50,
}
let response: User[] = await usersCore.searchGlobalUsersByAppAccess(
appId,
opts
)
return response
}
static async getUserByEmail(email: string) {
return usersCore.getGlobalUserByEmail(email)
}
/**
* Gets a user by ID from the global database, based on the current tenancy.
*/
static async getUser(userId: string) {
const user = await usersCore.getById(userId)
if (user) {
delete user.password
}
return user
}
static async save(user: User, opts: SaveUserOpts = {}): Promise<User> {
// default booleans to true
if (opts.hashPassword == null) {
opts.hashPassword = true
}
if (opts.requirePassword == null) {
opts.requirePassword = true
}
const tenantId = getTenantId()
const db = getGlobalDB()
let { email, _id, userGroups = [], roles } = user
if (!email && !_id) {
throw new Error("_id or email is required")
}
if (
user.builder?.apps?.length &&
!(await UserDB.features.isAppBuildersEnabled())
) {
throw new Error("Unable to update app builders, please check license")
}
let dbUser: User | undefined
if (_id) {
// try to get existing user from db
try {
dbUser = (await db.get(_id)) as User
if (email && dbUser.email !== email) {
throw "Email address cannot be changed"
}
email = dbUser.email
} catch (e: any) {
if (e.status === 404) {
// do nothing, save this new user with the id specified - required for SSO auth
} else {
throw e
}
}
}
if (!dbUser && email) {
// no id was specified - load from email instead
dbUser = await usersCore.getGlobalUserByEmail(email)
if (dbUser && dbUser._id !== _id) {
throw new EmailUnavailableError(email)
}
}
const change = dbUser ? 0 : 1 // no change if there is existing user
return UserDB.quotas.addUsers(change, async () => {
await validateUniqueUser(email, tenantId)
let builtUser = await UserDB.buildUser(user, opts, tenantId, dbUser)
// don't allow a user to update its own roles/perms
if (opts.currentUserId && opts.currentUserId === dbUser?._id) {
builtUser = usersCore.cleanseUserObject(builtUser, dbUser) as User
}
if (!dbUser && roles?.length) {
builtUser.roles = { ...roles }
}
// make sure we set the _id field for a new user
// Also if this is a new user, associate groups with them
let groupPromises = []
if (!_id) {
_id = builtUser._id!
if (userGroups.length > 0) {
for (let groupId of userGroups) {
groupPromises.push(UserDB.groups.addUsers(groupId, [_id!]))
}
}
}
try {
// save the user to db
let response = await db.put(builtUser)
builtUser._rev = response.rev
await eventHelpers.handleSaveEvents(builtUser, dbUser)
await platform.users.addUser(tenantId, builtUser._id!, builtUser.email)
await cache.user.invalidateUser(response.id)
await Promise.all(groupPromises)
// finally returned the saved user from the db
return db.get(builtUser._id!)
} catch (err: any) {
if (err.status === 409) {
throw "User exists already"
} else {
throw err
}
}
})
}
static async bulkCreate(
newUsersRequested: User[],
groups: string[]
): Promise<BulkUserCreated> {
const tenantId = getTenantId()
let usersToSave: any[] = []
let newUsers: any[] = []
const emails = newUsersRequested.map((user: User) => user.email)
const existingEmails = await searchExistingEmails(emails)
const unsuccessful: { email: string; reason: string }[] = []
for (const newUser of newUsersRequested) {
if (
newUsers.find(
(x: User) => x.email.toLowerCase() === newUser.email.toLowerCase()
) ||
existingEmails.includes(newUser.email.toLowerCase())
) {
unsuccessful.push({
email: newUser.email,
reason: `Unavailable`,
})
continue
}
newUser.userGroups = groups
newUsers.push(newUser)
}
const account = await accountSdk.getAccountByTenantId(tenantId)
return UserDB.quotas.addUsers(newUsers.length, async () => {
// create the promises array that will be called by bulkDocs
newUsers.forEach((user: any) => {
usersToSave.push(
UserDB.buildUser(
user,
{
hashPassword: true,
requirePassword: user.requirePassword,
},
tenantId,
undefined, // no dbUser
account
)
)
})
const usersToBulkSave = await Promise.all(usersToSave)
await usersCore.bulkUpdateGlobalUsers(usersToBulkSave)
// Post-processing of bulk added users, e.g. events and cache operations
for (const user of usersToBulkSave) {
// TODO: Refactor to bulk insert users into the info db
// instead of relying on looping tenant creation
await platform.users.addUser(tenantId, user._id, user.email)
await eventHelpers.handleSaveEvents(user, undefined)
}
const saved = usersToBulkSave.map(user => {
return {
_id: user._id,
email: user.email,
}
})
// now update the groups
if (Array.isArray(saved) && groups) {
const groupPromises = []
const createdUserIds = saved.map(user => user._id)
for (let groupId of groups) {
groupPromises.push(UserDB.groups.addUsers(groupId, createdUserIds))
}
await Promise.all(groupPromises)
}
return {
successful: saved,
unsuccessful,
}
})
}
static async bulkDelete(userIds: string[]): Promise<BulkUserDeleted> {
const db = getGlobalDB()
const response: BulkUserDeleted = {
successful: [],
unsuccessful: [],
}
// remove the account holder from the delete request if present
const account = await getAccountHolderFromUserIds(userIds)
if (account) {
userIds = userIds.filter(u => u !== account.budibaseUserId)
// mark user as unsuccessful
response.unsuccessful.push({
_id: account.budibaseUserId,
email: account.email,
reason: "Account holder cannot be deleted",
})
}
// Get users and delete
const allDocsResponse: AllDocsResponse<User> = await db.allDocs({
include_docs: true,
keys: userIds,
})
const usersToDelete: User[] = allDocsResponse.rows.map(
(user: RowResponse<User>) => {
return user.doc
}
)
// Delete from DB
const toDelete = usersToDelete.map(user => ({
...user,
_deleted: true,
}))
const dbResponse = await usersCore.bulkUpdateGlobalUsers(toDelete)
await UserDB.quotas.removeUsers(toDelete.length)
for (let user of usersToDelete) {
await bulkDeleteProcessing(user)
}
// Build Response
// index users by id
const userIndex: { [key: string]: User } = {}
usersToDelete.reduce((prev, current) => {
prev[current._id!] = current
return prev
}, userIndex)
// add the successful and unsuccessful users to response
dbResponse.forEach(item => {
const email = userIndex[item.id].email
if (item.ok) {
response.successful.push({ _id: item.id, email })
} else {
response.unsuccessful.push({
_id: item.id,
email,
reason: "Database error",
})
}
})
return response
}
static async destroy(id: string) {
const db = getGlobalDB()
const dbUser = (await db.get(id)) as User
const userId = dbUser._id as string
if (!env.SELF_HOSTED && !env.DISABLE_ACCOUNT_PORTAL) {
// root account holder can't be deleted from inside budibase
const email = dbUser.email
const account = await accounts.getAccount(email)
if (account) {
if (dbUser.userId === getIdentity()!._id) {
throw new HTTPError('Please visit "Account" to delete this user', 400)
} else {
throw new HTTPError("Account holder cannot be deleted", 400)
}
}
}
await platform.users.removeUser(dbUser)
await db.remove(userId, dbUser._rev)
await UserDB.quotas.removeUsers(1)
await eventHelpers.handleDeleteEvents(dbUser)
await cache.user.invalidateUser(userId)
await sessions.invalidateSessions(userId, { reason: "deletion" })
}
}

24
packages/worker/src/sdk/users/events.ts → packages/backend-core/src/users/events.ts
View file

@ -1,15 +1,18 @@
import env from "../../environment" import env from "../environment"
import { events, accounts, tenancy } from "@budibase/backend-core" import * as events from "../events"
import * as accounts from "../accounts"
import { getTenantId } from "../context"
import { User, UserRoles, CloudAccount } from "@budibase/types" import { User, UserRoles, CloudAccount } from "@budibase/types"
import { hasBuilderPermissions, hasAdminPermissions } from "./utils"
export const handleDeleteEvents = async (user: any) => { export const handleDeleteEvents = async (user: any) => {
await events.user.deleted(user) await events.user.deleted(user)
if (isBuilder(user)) { if (hasBuilderPermissions(user)) {
await events.user.permissionBuilderRemoved(user) await events.user.permissionBuilderRemoved(user)
} }
if (isAdmin(user)) { if (hasAdminPermissions(user)) {
await events.user.permissionAdminRemoved(user) await events.user.permissionAdminRemoved(user)
} }
} }
@ -55,7 +58,7 @@ export const handleSaveEvents = async (
user: User, user: User,
existingUser: User | undefined existingUser: User | undefined
) => { ) => {
const tenantId = tenancy.getTenantId() const tenantId = getTenantId()
let tenantAccount: CloudAccount | undefined let tenantAccount: CloudAccount | undefined
if (!env.SELF_HOSTED && !env.DISABLE_ACCOUNT_PORTAL) { if (!env.SELF_HOSTED && !env.DISABLE_ACCOUNT_PORTAL) {
tenantAccount = await accounts.getAccountByTenantId(tenantId) tenantAccount = await accounts.getAccountByTenantId(tenantId)
@ -103,23 +106,20 @@ export const handleSaveEvents = async (
await handleAppRoleEvents(user, existingUser) await handleAppRoleEvents(user, existingUser)
} }
const isBuilder = (user: any) => user.builder && user.builder.global
const isAdmin = (user: any) => user.admin && user.admin.global
export const isAddingBuilder = (user: any, existingUser: any) => { export const isAddingBuilder = (user: any, existingUser: any) => {
return isAddingPermission(user, existingUser, isBuilder) return isAddingPermission(user, existingUser, hasBuilderPermissions)
} }
export const isRemovingBuilder = (user: any, existingUser: any) => { export const isRemovingBuilder = (user: any, existingUser: any) => {
return isRemovingPermission(user, existingUser, isBuilder) return isRemovingPermission(user, existingUser, hasBuilderPermissions)
} }
const isAddingAdmin = (user: any, existingUser: any) => { const isAddingAdmin = (user: any, existingUser: any) => {
return isAddingPermission(user, existingUser, isAdmin) return isAddingPermission(user, existingUser, hasAdminPermissions)
} }
const isRemovingAdmin = (user: any, existingUser: any) => { const isRemovingAdmin = (user: any, existingUser: any) => {
return isRemovingPermission(user, existingUser, isAdmin) return isRemovingPermission(user, existingUser, hasAdminPermissions)
} }
const isOnboardingComplete = (user: any, existingUser: any) => { const isOnboardingComplete = (user: any, existingUser: any) => {

4
packages/backend-core/src/users/index.ts Normal file
View file

@ -0,0 +1,4 @@
export * from "./users"
export * from "./utils"
export * from "./lookup"
export { UserDB } from "./db"

102
packages/backend-core/src/users/lookup.ts Normal file
View file

@ -0,0 +1,102 @@
import {
AccountMetadata,
PlatformUser,
PlatformUserByEmail,
User,
} from "@budibase/types"
import * as dbUtils from "../db"
import { ViewName } from "../constants"
/**
* Apply a system-wide search on emails:
* - in tenant
* - cross tenant
* - accounts
* return an array of emails that match the supplied emails.
*/
export async function searchExistingEmails(emails: string[]) {
let matchedEmails: string[] = []
const existingTenantUsers = await getExistingTenantUsers(emails)
matchedEmails.push(...existingTenantUsers.map(user => user.email))
const existingPlatformUsers = await getExistingPlatformUsers(emails)
matchedEmails.push(...existingPlatformUsers.map(user => user._id!))
const existingAccounts = await getExistingAccounts(emails)
matchedEmails.push(...existingAccounts.map(account => account.email))
return [...new Set(matchedEmails.map(email => email.toLowerCase()))]
}
// lookup, could be email or userId, either will return a doc
export async function getPlatformUser(
identifier: string
): Promise<PlatformUser | null> {
// use the view here and allow to find anyone regardless of casing
// Use lowercase to ensure email login is case insensitive
return (await dbUtils.queryPlatformView(ViewName.PLATFORM_USERS_LOWERCASE, {
keys: [identifier.toLowerCase()],
include_docs: true,
})) as PlatformUser
}
export async function getExistingTenantUsers(
emails: string[]
): Promise<User[]> {
const lcEmails = emails.map(email => email.toLowerCase())
const params = {
keys: lcEmails,
include_docs: true,
}
const opts = {
arrayResponse: true,
}
return (await dbUtils.queryGlobalView(
ViewName.USER_BY_EMAIL,
params,
undefined,
opts
)) as User[]
}
export async function getExistingPlatformUsers(
emails: string[]
): Promise<PlatformUserByEmail[]> {
const lcEmails = emails.map(email => email.toLowerCase())
const params = {
keys: lcEmails,
include_docs: true,
}
const opts = {
arrayResponse: true,
}
return (await dbUtils.queryPlatformView(
ViewName.PLATFORM_USERS_LOWERCASE,
params,
opts
)) as PlatformUserByEmail[]
}
export async function getExistingAccounts(
emails: string[]
): Promise<AccountMetadata[]> {
const lcEmails = emails.map(email => email.toLowerCase())
const params = {
keys: lcEmails,
include_docs: true,
}
const opts = {
arrayResponse: true,
}
return (await dbUtils.queryPlatformView(
ViewName.ACCOUNT_BY_EMAIL,
params,
opts
)) as AccountMetadata[]
}

36
packages/backend-core/src/users.ts → packages/backend-core/src/users/users.ts
View file

@ -11,10 +11,16 @@ import {
SEPARATOR, SEPARATOR,
UNICODE_MAX, UNICODE_MAX,
ViewName, ViewName,
} from "./db" } from "../db"
import { BulkDocsResponse, SearchUsersRequest, User } from "@budibase/types" import {
import { getGlobalDB } from "./context" BulkDocsResponse,
import * as context from "./context" SearchUsersRequest,
User,
ContextUser,
} from "@budibase/types"
import { getGlobalDB } from "../context"
import * as context from "../context"
import { user as userCache } from "../cache"
type GetOpts = { cleanup?: boolean } type GetOpts = { cleanup?: boolean }
@ -178,7 +184,7 @@ export const getGlobalUserByAppPage = (appId: string, user: User) => {
* Performs a starts with search on the global email view. * Performs a starts with search on the global email view.
*/ */
export const searchGlobalUsersByEmail = async ( export const searchGlobalUsersByEmail = async (
email: string, email: string | unknown,
opts: any, opts: any,
getOpts?: GetOpts getOpts?: GetOpts
) => { ) => {
@ -248,3 +254,23 @@ export async function getUserCount() {
}) })
return response.total_rows return response.total_rows
} }
// used to remove the builder/admin permissions, for processing the
// user as an app user (they may have some specific role/group
export function removePortalUserPermissions(user: User | ContextUser) {
delete user.admin
delete user.builder
return user
}
export function cleanseUserObject(user: User | ContextUser, base?: User) {
delete user.admin
delete user.builder
delete user.roles
if (base) {
user.admin = base.admin
user.builder = base.builder
user.roles = base.roles
}
return user
}

55
packages/backend-core/src/users/utils.ts Normal file
View file

@ -0,0 +1,55 @@
import { CloudAccount } from "@budibase/types"
import * as accountSdk from "../accounts"
import env from "../environment"
import { getPlatformUser } from "./lookup"
import { EmailUnavailableError } from "../errors"
import { getTenantId } from "../context"
import { sdk } from "@budibase/shared-core"
import { getAccountByTenantId } from "../accounts"
// extract from shared-core to make easily accessible from backend-core
export const isBuilder = sdk.users.isBuilder
export const isAdmin = sdk.users.isAdmin
export const isGlobalBuilder = sdk.users.isGlobalBuilder
export const isAdminOrBuilder = sdk.users.isAdminOrBuilder
export const hasAdminPermissions = sdk.users.hasAdminPermissions
export const hasBuilderPermissions = sdk.users.hasBuilderPermissions
export const hasAppBuilderPermissions = sdk.users.hasAppBuilderPermissions
export async function validateUniqueUser(email: string, tenantId: string) {
// check budibase users in other tenants
if (env.MULTI_TENANCY) {
const tenantUser = await getPlatformUser(email)
if (tenantUser != null && tenantUser.tenantId !== tenantId) {
throw new EmailUnavailableError(email)
}
}
// check root account users in account portal
if (!env.SELF_HOSTED && !env.DISABLE_ACCOUNT_PORTAL) {
const account = await accountSdk.getAccount(email)
if (account && account.verified && account.tenantId !== tenantId) {
throw new EmailUnavailableError(email)
}
}
}
/**
* For the given user id's, return the account holder if it is in the ids.
*/
export async function getAccountHolderFromUserIds(
userIds: string[]
): Promise<CloudAccount | undefined> {
if (!env.SELF_HOSTED && !env.DISABLE_ACCOUNT_PORTAL) {
const tenantId = getTenantId()
const account = await getAccountByTenantId(tenantId)
if (!account) {
throw new Error(`Account not found for tenantId=${tenantId}`)
}
const budibaseUserId = account.budibaseUserId
if (userIds.includes(budibaseUserId)) {
return account
}
}
}

2
packages/backend-core/tests/core/utilities/mocks/events.ts
View file

@ -1,5 +1,3 @@
import * as events from "../../../../src/events"
beforeAll(async () => { beforeAll(async () => {
const processors = await import("../../../../src/events/processors") const processors = await import("../../../../src/events/processors")
const events = await import("../../../../src/events") const events = await import("../../../../src/events")

4
packages/backend-core/tests/core/utilities/mocks/licenses.ts
View file

@ -94,6 +94,10 @@ export const useSyncAutomations = () => {
return useFeature(Feature.SYNC_AUTOMATIONS) return useFeature(Feature.SYNC_AUTOMATIONS)
} }
export const useAppBuilders = () => {
return useFeature(Feature.APP_BUILDERS)
}
// QUOTAS // QUOTAS
export const setAutomationLogsQuota = (value: number) => { export const setAutomationLogsQuota = (value: number) => {

19
packages/backend-core/tests/core/utilities/structures/users.ts
View file

@ -1,5 +1,6 @@
import { import {
AdminUser, AdminUser,
AdminOnlyUser,
BuilderUser, BuilderUser,
SSOAuthDetails, SSOAuthDetails,
SSOUser, SSOUser,
@ -21,6 +22,15 @@ export const adminUser = (userProps?: any): AdminUser => {
} }
} }
export const adminOnlyUser = (userProps?: any): AdminOnlyUser => {
return {
...user(userProps),
admin: {
global: true,
},
}
}
export const builderUser = (userProps?: any): BuilderUser => { export const builderUser = (userProps?: any): BuilderUser => {
return { return {
...user(userProps), ...user(userProps),
@ -30,6 +40,15 @@ export const builderUser = (userProps?: any): BuilderUser => {
} }
} }
export const appBuilderUser = (appId: string, userProps?: any): BuilderUser => {
return {
...user(userProps),
builder: {
apps: [appId],
},
}
}
export function ssoUser( export function ssoUser(
opts: { user?: any; details?: SSOAuthDetails } = {} opts: { user?: any; details?: SSOAuthDetails } = {}
): SSOUser { ): SSOUser {

4
packages/backend-core/tsconfig.json
View file

@ -4,9 +4,9 @@
"composite": true, "composite": true,
"baseUrl": ".", "baseUrl": ".",
"paths": { "paths": {
"@budibase/types": ["../types/src"] "@budibase/types": ["../types/src"],
"@budibase/shared-core": ["../shared-core/src"]
} }
}, },
"exclude": ["node_modules", "dist"] "exclude": ["node_modules", "dist"]
} }

6
packages/bbui/package.json
View file

@ -98,13 +98,13 @@
{ {
"projects": [ "projects": [
"@budibase/string-templates", "@budibase/string-templates",
"@budibase/shared-core" "@budibase/shared-core",
"@budibase/types"
], ],
"target": "build" "target": "build"
} }
] ]
} }
} }
}, }
"gitHead": "d1836a898cab3f8ab80ee6d8f42be1a9eed7dcdc"
} }

21
packages/builder/package.json
View file

@ -133,8 +133,21 @@
"dependsOn": [ "dependsOn": [
{ {
"projects": [ "projects": [
"@budibase/shared-core",
"@budibase/string-templates", "@budibase/string-templates",
"@budibase/shared-core" "@budibase/types"
],
"target": "build"
}
]
},
"dev:builder": {
"dependsOn": [
{
"projects": [
"@budibase/shared-core",
"@budibase/string-templates",
"@budibase/types"
], ],
"target": "build" "target": "build"
} }
@ -145,13 +158,13 @@
{ {
"projects": [ "projects": [
"@budibase/shared-core", "@budibase/shared-core",
"@budibase/string-templates" "@budibase/string-templates",
"@budibase/types"
], ],
"target": "build" "target": "build"
} }
] ]
} }
} }
}, }
"gitHead": "115189f72a850bfb52b65ec61d932531bf327072"
} }

36
packages/builder/src/components/start/AppRow.svelte
View file

@ -1,16 +1,21 @@
<script> <script>
import { Heading, Body, Button, Icon } from "@budibase/bbui" import { Heading, Body, Button, Icon } from "@budibase/bbui"
import { processStringSync } from "@budibase/string-templates" import { processStringSync } from "@budibase/string-templates"
import { auth } from "stores/portal"
import { goto } from "@roxi/routify" import { goto } from "@roxi/routify"
import { UserAvatars } from "@budibase/frontend-core" import { UserAvatars } from "@budibase/frontend-core"
import { sdk } from "@budibase/shared-core"
export let app export let app
export let lockedAction export let lockedAction
$: editing = app.sessions?.length $: editing = app.sessions?.length
$: isBuilder = sdk.users.isBuilder($auth.user, app?.devId)
const handleDefaultClick = () => { const handleDefaultClick = () => {
if (window.innerWidth < 640) { if (!isBuilder) {
goToApp()
} else if (window.innerWidth < 640) {
goToOverview() goToOverview()
} else { } else {
goToBuilder() goToBuilder()
@ -24,6 +29,10 @@
const goToOverview = () => { const goToOverview = () => {
$goto(`../../app/${app.devId}/settings`) $goto(`../../app/${app.devId}/settings`)
} }
const goToApp = () => {
window.open(`/app/${app.name}`, "_blank")
}
</script> </script>
<div class="app-row" on:click={lockedAction || handleDefaultClick}> <div class="app-row" on:click={lockedAction || handleDefaultClick}>
@ -39,7 +48,7 @@
</div> </div>
<div class="updated"> <div class="updated">
{#if editing} {#if editing && isBuilder}
Currently editing Currently editing
<UserAvatars users={app.sessions} /> <UserAvatars users={app.sessions} />
{:else if app.updatedAt} {:else if app.updatedAt}
@ -56,14 +65,21 @@
<Body size="S">{app.deployed ? "Published" : "Unpublished"}</Body> <Body size="S">{app.deployed ? "Published" : "Unpublished"}</Body>
</div> </div>
<div class="app-row-actions"> {#if isBuilder}
<Button size="S" secondary on:click={lockedAction || goToOverview}> <div class="app-row-actions">
Manage <Button size="S" secondary on:click={lockedAction || goToOverview}>
</Button> Manage
<Button size="S" primary on:click={lockedAction || goToBuilder}> </Button>
Edit <Button size="S" primary on:click={lockedAction || goToBuilder}>
</Button> Edit
</div> </Button>
</div>
{:else}
<!-- this can happen if an app builder has app user access to an app -->
<div class="app-row-actions">
<Button size="S" secondary>View</Button>
</div>
{/if}
</div> </div>
<style> <style>

20
packages/builder/src/pages/builder/app/[application]/_components/BuilderSidePanel.svelte
View file

@ -12,12 +12,12 @@
} from "@budibase/bbui" } from "@budibase/bbui"
import { store } from "builderStore" import { store } from "builderStore"
import { groups, licensing, apps, users, auth, admin } from "stores/portal" import { groups, licensing, apps, users, auth, admin } from "stores/portal"
import { fetchData } from "@budibase/frontend-core" import { fetchData, Constants, Utils } from "@budibase/frontend-core"
import { sdk } from "@budibase/shared-core"
import { API } from "api" import { API } from "api"
import GroupIcon from "../../../portal/users/groups/_components/GroupIcon.svelte" import GroupIcon from "../../../portal/users/groups/_components/GroupIcon.svelte"
import RoleSelect from "components/common/RoleSelect.svelte" import RoleSelect from "components/common/RoleSelect.svelte"
import UpgradeModal from "components/common/users/UpgradeModal.svelte" import UpgradeModal from "components/common/users/UpgradeModal.svelte"
import { Constants, Utils } from "@budibase/frontend-core"
import { emailValidator } from "helpers/validation" import { emailValidator } from "helpers/validation"
import { roles } from "stores/backend" import { roles } from "stores/backend"
import { fly } from "svelte/transition" import { fly } from "svelte/transition"
@ -108,9 +108,9 @@
await usersFetch.refresh() await usersFetch.refresh()
filteredUsers = $usersFetch.rows.map(user => { filteredUsers = $usersFetch.rows.map(user => {
const isBuilderOrAdmin = user.admin?.global || user.builder?.global const isAdminOrBuilder = sdk.users.isAdminOrBuilder(user, prodAppId)
let role = undefined let role = undefined
if (isBuilderOrAdmin) { if (isAdminOrBuilder) {
role = Constants.Roles.ADMIN role = Constants.Roles.ADMIN
} else { } else {
const appRole = Object.keys(user.roles).find(x => x === prodAppId) const appRole = Object.keys(user.roles).find(x => x === prodAppId)
@ -122,7 +122,7 @@
return { return {
...user, ...user,
role, role,
isBuilderOrAdmin, isAdminOrBuilder,
} }
}) })
} }
@ -258,7 +258,7 @@
} }
// Must exclude users who have explicit privileges // Must exclude users who have explicit privileges
const userByEmail = filteredUsers.reduce((acc, user) => { const userByEmail = filteredUsers.reduce((acc, user) => {
if (user.role || user.admin?.global || user.builder?.global) { if (user.role || sdk.users.isAdminOrBuilder(user, prodAppId)) {
acc.push(user.email) acc.push(user.email)
} }
return acc return acc
@ -389,9 +389,9 @@
} }
const userTitle = user => { const userTitle = user => {
if (user.admin?.global) { if (sdk.users.isAdmin(user)) {
return "Admin" return "Admin"
} else if (user.builder?.global) { } else if (sdk.users.isBuilder(user, prodAppId)) {
return "Developer" return "Developer"
} else { } else {
return "App user" return "App user"
@ -403,7 +403,7 @@
const role = $roles.find(role => role._id === user.role) const role = $roles.find(role => role._id === user.role)
return `This user has been given ${role?.name} access from the ${user.group} group` return `This user has been given ${role?.name} access from the ${user.group} group`
} }
if (user.isBuilderOrAdmin) { if (user.isAdminOrBuilder) {
return "This user's role grants admin access to all apps" return "This user's role grants admin access to all apps"
} }
return null return null
@ -614,7 +614,7 @@
}} }}
autoWidth autoWidth
align="right" align="right"
allowedRoles={user.isBuilderOrAdmin allowedRoles={user.isAdminOrBuilder
? [Constants.Roles.ADMIN] ? [Constants.Roles.ADMIN]
: null} : null}
/> />

36
packages/builder/src/pages/builder/app/[application]/settings/_layout.svelte
View file

@ -4,6 +4,8 @@
import { url, isActive } from "@roxi/routify" import { url, isActive } from "@roxi/routify"
import DeleteModal from "components/deploy/DeleteModal.svelte" import DeleteModal from "components/deploy/DeleteModal.svelte"
import { isOnlyUser } from "builderStore" import { isOnlyUser } from "builderStore"
import { auth } from "stores/portal"
import { sdk } from "@budibase/shared-core"
let deleteModal let deleteModal
</script> </script>
@ -44,22 +46,24 @@
url={$url("./version")} url={$url("./version")}
active={$isActive("./version")} active={$isActive("./version")}
/> />
<div class="delete-action"> {#if sdk.users.isGlobalBuilder($auth.user)}
<AbsTooltip <div class="delete-action">
position={TooltipPosition.Bottom} <AbsTooltip
text={$isOnlyUser position={TooltipPosition.Bottom}
? null text={$isOnlyUser
: "Unavailable - another user is editing this app"} ? null
> : "Unavailable - another user is editing this app"}
<SideNavItem >
text="Delete app" <SideNavItem
disabled={!$isOnlyUser} text="Delete app"
on:click={() => { disabled={!$isOnlyUser}
deleteModal.show() on:click={() => {
}} deleteModal.show()
/> }}
</AbsTooltip> />
</div> </AbsTooltip>
</div>
{/if}
</SideNav> </SideNav>
<slot /> <slot />
</Content> </Content>

48
packages/builder/src/pages/builder/apps/index.svelte
View file

@ -22,7 +22,7 @@
import Spaceman from "assets/bb-space-man.svg" import Spaceman from "assets/bb-space-man.svg"
import Logo from "assets/bb-emblem.svg" import Logo from "assets/bb-emblem.svg"
import { UserAvatar } from "@budibase/frontend-core" import { UserAvatar } from "@budibase/frontend-core"
import { helpers } from "@budibase/shared-core" import { helpers, sdk } from "@budibase/shared-core"
let loaded = false let loaded = false
let userInfoModal let userInfoModal
@ -43,32 +43,30 @@
$: userGroups = $groups.filter(group => $: userGroups = $groups.filter(group =>
group.users.find(user => user._id === $auth.user?._id) group.users.find(user => user._id === $auth.user?._id)
) )
let userApps = []
$: publishedApps = $apps.filter(publishedAppsOnly) $: publishedApps = $apps.filter(publishedAppsOnly)
$: userApps = getUserApps($auth.user)
$: { function getUserApps(user) {
if (!Object.keys($auth.user?.roles).length && $auth.user?.userGroups) { if (sdk.users.isAdmin(user)) {
userApps = return publishedApps
$auth.user?.builder?.global || $auth.user?.admin?.global
? publishedApps
: publishedApps.filter(app => {
return userGroups.find(group => {
return groups.actions
.getGroupAppIds(group)
.map(role => apps.extractAppId(role))
.includes(app.appId)
})
})
} else {
userApps =
$auth.user?.builder?.global || $auth.user?.admin?.global
? publishedApps
: publishedApps.filter(app =>
Object.keys($auth.user?.roles)
.map(x => apps.extractAppId(x))
.includes(app.appId)
)
} }
return publishedApps.filter(app => {
if (sdk.users.isBuilder(user, app.appId)) {
return true
}
if (!Object.keys(user?.roles).length && user?.userGroups) {
return userGroups.find(group => {
return groups.actions
.getGroupAppIds(group)
.map(role => apps.extractAppId(role))
.includes(app.appId)
})
} else {
return Object.keys($auth.user?.roles)
.map(x => apps.extractAppId(x))
.includes(app.appId)
}
})
} }
function getUrl(app) { function getUrl(app) {
@ -109,7 +107,7 @@
> >
Update password Update password
</MenuItem> </MenuItem>
{#if $auth.isBuilder} {#if sdk.users.hasBuilderPermissions($auth.user)}
<MenuItem <MenuItem
icon="UserDeveloper" icon="UserDeveloper"
on:click={() => $goto("../portal")} on:click={() => $goto("../portal")}

3
packages/builder/src/pages/builder/index.svelte
View file

@ -1,11 +1,12 @@
<script> <script>
import { redirect } from "@roxi/routify" import { redirect } from "@roxi/routify"
import { auth } from "stores/portal" import { auth } from "stores/portal"
import { sdk } from "@budibase/shared-core"
auth.checkQueryString() auth.checkQueryString()
$: { $: {
if ($auth.user?.builder?.global) { if (sdk.users.hasBuilderPermissions($auth.user)) {
$redirect(`./portal`) $redirect(`./portal`)
} else if ($auth.user) { } else if ($auth.user) {
$redirect(`./apps`) $redirect(`./apps`)

3
packages/builder/src/pages/builder/portal/_components/UpgradeButton.svelte
View file

@ -3,6 +3,7 @@
import { goto } from "@roxi/routify" import { goto } from "@roxi/routify"
import { auth, admin, licensing } from "stores/portal" import { auth, admin, licensing } from "stores/portal"
import { isEnabled, TENANT_FEATURE_FLAGS } from "helpers/featureFlags" import { isEnabled, TENANT_FEATURE_FLAGS } from "helpers/featureFlags"
import { sdk } from "@budibase/shared-core"
</script> </script>
{#if isEnabled(TENANT_FEATURE_FLAGS.LICENSING) && !$licensing.isEnterprisePlan} {#if isEnabled(TENANT_FEATURE_FLAGS.LICENSING) && !$licensing.isEnterprisePlan}
@ -17,7 +18,7 @@
> >
Upgrade Upgrade
</Button> </Button>
{:else if !$admin.cloud && $auth.isAdmin} {:else if !$admin.cloud && sdk.users.isAdmin($auth.user)}
<Button <Button
cta cta
size="S" size="S"

7
packages/builder/src/pages/builder/portal/_layout.svelte
View file

@ -8,13 +8,14 @@
import Logo from "./_components/Logo.svelte" import Logo from "./_components/Logo.svelte"
import UserDropdown from "./_components/UserDropdown.svelte" import UserDropdown from "./_components/UserDropdown.svelte"
import HelpMenu from "components/common/HelpMenu.svelte" import HelpMenu from "components/common/HelpMenu.svelte"
import { sdk } from "@budibase/shared-core"
let loaded = false let loaded = false
let mobileMenuVisible = false let mobileMenuVisible = false
let activeTab = "Apps" let activeTab = "Apps"
$: $url(), updateActiveTab($menu) $: $url(), updateActiveTab($menu)
$: fullscreen = !$apps.length $: isOnboarding = !$apps.length && sdk.users.isGlobalBuilder($auth.user)
const updateActiveTab = menu => { const updateActiveTab = menu => {
for (let entry of menu) { for (let entry of menu) {
@ -33,7 +34,7 @@
onMount(async () => { onMount(async () => {
// Prevent non-builders from accessing the portal // Prevent non-builders from accessing the portal
if ($auth.user) { if ($auth.user) {
if (!$auth.user?.builder?.global) { if (!sdk.users.hasBuilderPermissions($auth.user)) {
$redirect("../") $redirect("../")
} else { } else {
try { try {
@ -49,7 +50,7 @@
</script> </script>
{#if $auth.user && loaded} {#if $auth.user && loaded}
{#if fullscreen} {#if isOnboarding}
<slot /> <slot />
{:else} {:else}
<HelpMenu /> <HelpMenu />

3
packages/builder/src/pages/builder/portal/account/upgrade.svelte
View file

@ -19,6 +19,7 @@
import DeleteLicenseKeyModal from "../../../../components/portal/licensing/DeleteLicenseKeyModal.svelte" import DeleteLicenseKeyModal from "../../../../components/portal/licensing/DeleteLicenseKeyModal.svelte"
import { API } from "api" import { API } from "api"
import { onMount } from "svelte" import { onMount } from "svelte"
import { sdk } from "@budibase/shared-core"
$: license = $auth.user.license $: license = $auth.user.license
$: upgradeUrl = `${$admin.accountPortalUrl}/portal/upgrade` $: upgradeUrl = `${$admin.accountPortalUrl}/portal/upgrade`
@ -176,7 +177,7 @@
}) })
</script> </script>
{#if $auth.isAdmin} {#if sdk.users.isAdmin($auth.user)}
<DeleteLicenseKeyModal <DeleteLicenseKeyModal
bind:this={deleteLicenseKeyModal} bind:this={deleteLicenseKeyModal}
onConfirm={deleteLicenseKey} onConfirm={deleteLicenseKey}

4
packages/builder/src/pages/builder/portal/account/usage.svelte
View file

@ -14,6 +14,7 @@
import { Constants } from "@budibase/frontend-core" import { Constants } from "@budibase/frontend-core"
import { DashCard, Usage } from "components/usage" import { DashCard, Usage } from "components/usage"
import { PlanModel } from "constants" import { PlanModel } from "constants"
import { sdk } from "@budibase/shared-core"
let staticUsage = [] let staticUsage = []
let monthlyUsage = [] let monthlyUsage = []
@ -51,7 +52,8 @@
$: accountPortalAccess = $auth?.user?.accountPortalAccess $: accountPortalAccess = $auth?.user?.accountPortalAccess
$: quotaReset = quotaUsage?.quotaReset $: quotaReset = quotaUsage?.quotaReset
$: canManagePlan = $: canManagePlan =
($admin.cloud && accountPortalAccess) || (!$admin.cloud && $auth.isAdmin) ($admin.cloud && accountPortalAccess) ||
(!$admin.cloud && sdk.users.isAdmin($auth.user))
$: showButton = !usesInvoicing && accountPortalAccess $: showButton = !usesInvoicing && accountPortalAccess

14
packages/builder/src/pages/builder/portal/apps/_layout.svelte
View file

@ -1,11 +1,19 @@
<script> <script>
import { notifications } from "@budibase/bbui" import { notifications } from "@budibase/bbui"
import { admin, apps, templates, licensing, groups } from "stores/portal" import {
admin,
apps,
templates,
licensing,
groups,
auth,
} from "stores/portal"
import { onMount } from "svelte" import { onMount } from "svelte"
import { redirect } from "@roxi/routify" import { redirect } from "@roxi/routify"
import { sdk } from "@budibase/shared-core"
// Don't block loading if we've already hydrated state // Don't block loading if we've already hydrated state
let loaded = $apps.length > 0 let loaded = $apps.length != null
onMount(async () => { onMount(async () => {
try { try {
@ -25,7 +33,7 @@
} }
// Go to new app page if no apps exists // Go to new app page if no apps exists
if (!$apps.length) { if (!$apps.length && sdk.users.isGlobalBuilder($auth.user)) {
$redirect("./onboarding") $redirect("./onboarding")
} }
} catch (error) { } catch (error) {

148
packages/builder/src/pages/builder/portal/apps/index.svelte
View file

@ -15,6 +15,7 @@
import CreateAppModal from "components/start/CreateAppModal.svelte" import CreateAppModal from "components/start/CreateAppModal.svelte"
import AppLimitModal from "components/portal/licensing/AppLimitModal.svelte" import AppLimitModal from "components/portal/licensing/AppLimitModal.svelte"
import AccountLockedModal from "components/portal/licensing/AccountLockedModal.svelte" import AccountLockedModal from "components/portal/licensing/AccountLockedModal.svelte"
import { sdk } from "@budibase/shared-core"
import { store, automationStore } from "builderStore" import { store, automationStore } from "builderStore"
import { API } from "api" import { API } from "api"
@ -203,40 +204,40 @@
}) })
</script> </script>
{#if $apps.length} <Page>
<Page> <Layout noPadding gap="L">
<Layout noPadding gap="L"> {#each Object.keys(automationErrors || {}) as appId}
{#each Object.keys(automationErrors || {}) as appId} <Notification
<Notification wide
wide dismissable
dismissable action={() => goToAutomationError(appId)}
action={() => goToAutomationError(appId)} type="error"
type="error" icon="Alert"
icon="Alert" actionMessage={errorCount(automationErrors[appId]) > 1
actionMessage={errorCount(automationErrors[appId]) > 1 ? "View errors"
? "View errors" : "View error"}
: "View error"} on:dismiss={async () => {
on:dismiss={async () => { await automationStore.actions.clearLogErrors({ appId })
await automationStore.actions.clearLogErrors({ appId }) await apps.load()
await apps.load() }}
}} message={automationErrorMessage(appId)}
message={automationErrorMessage(appId)} />
/> {/each}
{/each} <div class="title">
<div class="title"> <div class="welcome">
<div class="welcome"> <Layout noPadding gap="XS">
<Layout noPadding gap="XS"> <Heading size="L">{welcomeHeader}</Heading>
<Heading size="L">{welcomeHeader}</Heading> <Body size="M">
<Body size="M"> Below you'll find the list of apps that you have access to
Manage your apps and get a head start with templates </Body>
</Body> </Layout>
</Layout>
</div>
</div> </div>
</div>
{#if enrichedApps.length} {#if enrichedApps.length}
<Layout noPadding gap="L"> <Layout noPadding gap="L">
<div class="title"> <div class="title">
{#if $auth.user && sdk.users.isGlobalBuilder($auth.user)}
<div class="buttons"> <div class="buttons">
<Button <Button
size="M" size="M"
@ -266,41 +267,46 @@
</Button> </Button>
{/if} {/if}
</div> </div>
{#if enrichedApps.length > 1} {/if}
<div class="app-actions"> {#if enrichedApps.length > 1}
<Select <div class="app-actions">
autoWidth <Select
bind:value={sortBy} autoWidth
placeholder={null} bind:value={sortBy}
options={[ placeholder={null}
{ label: "Sort by name", value: "name" }, options={[
{ label: "Sort by recently updated", value: "updated" }, { label: "Sort by name", value: "name" },
{ label: "Sort by status", value: "status" }, { label: "Sort by recently updated", value: "updated" },
]} { label: "Sort by status", value: "status" },
/> ]}
<Search placeholder="Search" bind:value={searchTerm} /> />
</div> <Search placeholder="Search" bind:value={searchTerm} />
{/if} </div>
</div> {/if}
<div class="app-table">
{#each filteredApps as app (app.appId)}
<AppRow {app} lockedAction={usersLimitLockAction} />
{/each}
</div>
</Layout>
{/if}
{#if creatingFromTemplate}
<div class="empty-wrapper">
<img class="img-logo img-size" alt="logo" src={Logo} />
<p>Creating your Budibase app from your selected template...</p>
<Spinner size="10" />
</div> </div>
{/if}
</Layout> <div class="app-table">
</Page> {#each filteredApps as app (app.appId)}
{/if} <AppRow {app} lockedAction={usersLimitLockAction} />
{/each}
</div>
</Layout>
{:else}
<div class="no-apps">
<img class="spaceman" alt="spaceman" src={Logo} width="100px" />
<Body weight="700">You haven't been given access to any apps yet</Body>
</div>
{/if}
{#if creatingFromTemplate}
<div class="empty-wrapper">
<img class="img-logo img-size" alt="logo" src={Logo} />
<p>Creating your Budibase app from your selected template...</p>
<Spinner size="10" />
</div>
{/if}
</Layout>
</Page>
<Modal <Modal
bind:this={creationModal} bind:this={creationModal}
@ -368,6 +374,16 @@
height: 160px; height: 160px;
} }
.no-apps {
background-color: var(--spectrum-global-color-gray-100);
padding: calc(var(--spacing-xl) * 2);
display: flex;
justify-content: center;
align-items: center;
flex-direction: column;
gap: var(--spacing-xl);
}
@media (max-width: 1000px) { @media (max-width: 1000px) {
.img-logo { .img-logo {
display: none; display: none;

5
packages/builder/src/pages/builder/portal/settings/branding.svelte
View file

@ -18,6 +18,7 @@
import { API } from "api" import { API } from "api"
import { onMount } from "svelte" import { onMount } from "svelte"
import { goto } from "@roxi/routify" import { goto } from "@roxi/routify"
import { sdk } from "@budibase/shared-core"
const imageExtensions = [ const imageExtensions = [
".png", ".png",
@ -206,7 +207,7 @@
}) })
</script> </script>
{#if $auth.isAdmin && mounted} {#if sdk.users.isAdmin($auth.user) && mounted}
<Layout noPadding> <Layout noPadding>
<Layout gap="XS" noPadding> <Layout gap="XS" noPadding>
<div class="title"> <div class="title">
@ -400,7 +401,7 @@
on:click={() => { on:click={() => {
if (isCloud && $auth?.user?.accountPortalAccess) { if (isCloud && $auth?.user?.accountPortalAccess) {
window.open($admin.accountPortalUrl + "/portal/upgrade", "_blank") window.open($admin.accountPortalUrl + "/portal/upgrade", "_blank")
} else if ($auth.isAdmin) { } else if (sdk.users.isAdmin($auth.user)) {
$goto("/builder/portal/account/upgrade") $goto("/builder/portal/account/upgrade")
} }
}} }}

3
packages/builder/src/pages/builder/portal/settings/diagnostics.svelte
View file

@ -13,6 +13,7 @@
import { redirect } from "@roxi/routify" import { redirect } from "@roxi/routify"
import { API } from "api" import { API } from "api"
import { onMount } from "svelte" import { onMount } from "svelte"
import { sdk } from "@budibase/shared-core"
let diagnosticInfo = "" let diagnosticInfo = ""
@ -46,7 +47,7 @@
}) })
</script> </script>
{#if $auth.isAdmin && diagnosticInfo} {#if sdk.users.isAdmin($auth.user) && diagnosticInfo}
<Layout noPadding> <Layout noPadding>
<Layout gap="XS"> <Layout gap="XS">
<Heading size="M">Diagnostics</Heading> <Heading size="M">Diagnostics</Heading>

5
packages/builder/src/pages/builder/portal/settings/organisation.svelte
View file

@ -13,10 +13,11 @@
import { auth, organisation, admin } from "stores/portal" import { auth, organisation, admin } from "stores/portal"
import { writable } from "svelte/store" import { writable } from "svelte/store"
import { redirect } from "@roxi/routify" import { redirect } from "@roxi/routify"
import { sdk } from "@budibase/shared-core"
// Only admins allowed here // Only admins allowed here
$: { $: {
if (!$auth.isAdmin) { if (!sdk.users.isAdmin($auth.user)) {
$redirect("../../portal") $redirect("../../portal")
} }
} }
@ -50,7 +51,7 @@
} }
</script> </script>
{#if $auth.isAdmin} {#if sdk.users.isAdmin($auth.user)}
<Layout noPadding> <Layout noPadding>
<Layout gap="XS" noPadding> <Layout gap="XS" noPadding>
<Heading size="M">Organisation</Heading> <Heading size="M">Organisation</Heading>

5
packages/builder/src/pages/builder/portal/settings/version.svelte
View file

@ -14,6 +14,7 @@
import { API } from "api" import { API } from "api"
import { auth, admin } from "stores/portal" import { auth, admin } from "stores/portal"
import { redirect } from "@roxi/routify" import { redirect } from "@roxi/routify"
import { sdk } from "@budibase/shared-core"
let version let version
let loaded = false let loaded = false
@ -25,7 +26,7 @@
// Only admins allowed here // Only admins allowed here
$: { $: {
if (!$auth.isAdmin || $admin.cloud) { if (!sdk.users.isAdmin($auth.user) || $admin.cloud) {
$redirect("../../portal") $redirect("../../portal")
} }
} }
@ -89,7 +90,7 @@
}) })
</script> </script>
{#if $auth.isAdmin} {#if sdk.users.isAdmin($auth.user)}
<Layout noPadding> <Layout noPadding>
<Layout gap="XS" noPadding> <Layout gap="XS" noPadding>
<Heading size="M">Version</Heading> <Heading size="M">Version</Heading>

3
packages/builder/src/pages/builder/portal/users/groups/[groupId].svelte
View file

@ -20,6 +20,7 @@
import CreateEditGroupModal from "./_components/CreateEditGroupModal.svelte" import CreateEditGroupModal from "./_components/CreateEditGroupModal.svelte"
import GroupIcon from "./_components/GroupIcon.svelte" import GroupIcon from "./_components/GroupIcon.svelte"
import GroupUsers from "./_components/GroupUsers.svelte" import GroupUsers from "./_components/GroupUsers.svelte"
import { sdk } from "@budibase/shared-core"
export let groupId export let groupId
@ -46,7 +47,7 @@
let editModal, deleteModal let editModal, deleteModal
$: scimEnabled = $features.isScimEnabled $: scimEnabled = $features.isScimEnabled
$: readonly = !$auth.isAdmin || scimEnabled $: readonly = !sdk.users.isAdmin($auth.user) || scimEnabled
$: group = $groups.find(x => x._id === groupId) $: group = $groups.find(x => x._id === groupId)
$: groupApps = $apps $: groupApps = $apps
.filter(app => .filter(app =>

3
packages/builder/src/pages/builder/portal/users/groups/_components/EditUserPicker.svelte
View file

@ -3,6 +3,7 @@
import UserGroupPicker from "components/settings/UserGroupPicker.svelte" import UserGroupPicker from "components/settings/UserGroupPicker.svelte"
import { createPaginationStore } from "helpers/pagination" import { createPaginationStore } from "helpers/pagination"
import { auth, groups, users } from "stores/portal" import { auth, groups, users } from "stores/portal"
import { sdk } from "@budibase/shared-core"
export let groupId export let groupId
export let onUsersUpdated export let onUsersUpdated
@ -13,7 +14,7 @@
let prevSearch = undefined let prevSearch = undefined
let pageInfo = createPaginationStore() let pageInfo = createPaginationStore()
$: readonly = !$auth.isAdmin $: readonly = !sdk.users.isAdmin($auth.user)
$: page = $pageInfo.page $: page = $pageInfo.page
$: searchUsers(page, searchTerm) $: searchUsers(page, searchTerm)
$: group = $groups.find(x => x._id === groupId) $: group = $groups.find(x => x._id === groupId)

3
packages/builder/src/pages/builder/portal/users/groups/_components/GroupUsers.svelte
View file

@ -9,6 +9,7 @@
import { setContext } from "svelte" import { setContext } from "svelte"
import ScimBanner from "../../_components/SCIMBanner.svelte" import ScimBanner from "../../_components/SCIMBanner.svelte"
import RemoveUserTableRenderer from "../_components/RemoveUserTableRenderer.svelte" import RemoveUserTableRenderer from "../_components/RemoveUserTableRenderer.svelte"
import { sdk } from "@budibase/shared-core"
export let groupId export let groupId
@ -49,7 +50,7 @@
] ]
$: scimEnabled = $features.isScimEnabled $: scimEnabled = $features.isScimEnabled
$: readonly = !$auth.isAdmin || scimEnabled $: readonly = !sdk.users.isAdmin($auth.user) || scimEnabled
const removeUser = async id => { const removeUser = async id => {
await groups.actions.removeUser(groupId, id) await groups.actions.removeUser(groupId, id)

7
packages/builder/src/pages/builder/portal/users/groups/_components/RemoveUserTableRenderer.svelte
View file

@ -2,6 +2,7 @@
import { ActionButton } from "@budibase/bbui" import { ActionButton } from "@budibase/bbui"
import { getContext } from "svelte" import { getContext } from "svelte"
import { auth } from "stores/portal" import { auth } from "stores/portal"
import { sdk } from "@budibase/shared-core"
export let value export let value
@ -13,6 +14,10 @@
} }
</script> </script>
<ActionButton disabled={!$auth.isAdmin} size="S" on:click={onClick}> <ActionButton
disabled={!sdk.users.isAdmin($auth.user)}
size="S"
on:click={onClick}
>
Remove Remove
</ActionButton> </ActionButton>

3
packages/builder/src/pages/builder/portal/users/groups/index.svelte
View file

@ -22,6 +22,7 @@
import GroupNameTableRenderer from "./_components/GroupNameTableRenderer.svelte" import GroupNameTableRenderer from "./_components/GroupNameTableRenderer.svelte"
import { goto } from "@roxi/routify" import { goto } from "@roxi/routify"
import ScimBanner from "../_components/SCIMBanner.svelte" import ScimBanner from "../_components/SCIMBanner.svelte"
import { sdk } from "@budibase/shared-core"
const DefaultGroup = { const DefaultGroup = {
name: "", name: "",
@ -40,7 +41,7 @@
{ column: "roles", component: GroupAppsTableRenderer }, { column: "roles", component: GroupAppsTableRenderer },
] ]
$: readonly = !$auth.isAdmin $: readonly = !sdk.users.isAdmin($auth.user)
$: schema = { $: schema = {
name: { displayName: "Group", width: "2fr", minWidth: "200px" }, name: { displayName: "Group", width: "2fr", minWidth: "200px" },
users: { sortable: false, width: "1fr" }, users: { sortable: false, width: "1fr" },

11
packages/builder/src/pages/builder/portal/users/users/[userId].svelte
View file

@ -31,6 +31,7 @@
import AppNameTableRenderer from "./_components/AppNameTableRenderer.svelte" import AppNameTableRenderer from "./_components/AppNameTableRenderer.svelte"
import AppRoleTableRenderer from "./_components/AppRoleTableRenderer.svelte" import AppRoleTableRenderer from "./_components/AppRoleTableRenderer.svelte"
import ScimBanner from "../_components/SCIMBanner.svelte" import ScimBanner from "../_components/SCIMBanner.svelte"
import { sdk } from "@budibase/shared-core"
export let userId export let userId
@ -87,8 +88,8 @@
$: scimEnabled = $features.isScimEnabled $: scimEnabled = $features.isScimEnabled
$: isSSO = !!user?.provider $: isSSO = !!user?.provider
$: readonly = !$auth.isAdmin || scimEnabled $: readonly = !sdk.users.isAdmin($auth.user) || scimEnabled
$: privileged = user?.admin?.global || user?.builder?.global $: privileged = sdk.users.isAdminOrBuilder(user)
$: nameLabel = getNameLabel(user) $: nameLabel = getNameLabel(user)
$: filteredGroups = getFilteredGroups($groups, searchTerm) $: filteredGroups = getFilteredGroups($groups, searchTerm)
$: availableApps = getAvailableApps($apps, privileged, user?.roles) $: availableApps = getAvailableApps($apps, privileged, user?.roles)
@ -97,9 +98,9 @@
return y._id === userId return y._id === userId
}) })
}) })
$: globalRole = user?.admin?.global $: globalRole = sdk.users.isAdmin(user)
? "admin" ? "admin"
: user?.builder?.global : sdk.users.isBuilder(user)
? "developer" ? "developer"
: "appUser" : "appUser"
@ -285,7 +286,7 @@
<div class="field"> <div class="field">
<Label size="L">Role</Label> <Label size="L">Role</Label>
<Select <Select
disabled={!$auth.isAdmin} disabled={!sdk.users.isAdmin($auth.user)}
value={globalRole} value={globalRole}
options={Constants.BudibaseRoleOptions} options={Constants.BudibaseRoleOptions}
on:change={updateUserRole} on:change={updateUserRole}

3
packages/builder/src/pages/builder/portal/users/users/_components/AppsTableRenderer.svelte
View file

@ -1,11 +1,12 @@
<script> <script>
import { Icon } from "@budibase/bbui" import { Icon } from "@budibase/bbui"
import { apps } from "stores/portal" import { apps } from "stores/portal"
import { sdk } from "@budibase/shared-core"
export let value export let value
export let row export let row
$: priviliged = row?.admin?.global || row?.builder?.global $: priviliged = sdk.users.isAdminOrBuilder(row)
$: count = priviliged ? $apps.length : value?.length || 0 $: count = priviliged ? $apps.length : value?.length || 0
</script> </script>

7
packages/builder/src/pages/builder/portal/users/users/_components/RemoveGroupTableRenderer.svelte
View file

@ -2,6 +2,7 @@
import { ActionButton } from "@budibase/bbui" import { ActionButton } from "@budibase/bbui"
import { getContext } from "svelte" import { getContext } from "svelte"
import { auth } from "stores/portal" import { auth } from "stores/portal"
import { sdk } from "@budibase/shared-core"
export let value export let value
@ -13,6 +14,10 @@
} }
</script> </script>
<ActionButton disabled={!$auth.isAdmin} size="S" on:click={onClick}> <ActionButton
disabled={!sdk.users.isAdmin($auth.user)}
size="S"
on:click={onClick}
>
Remove Remove
</ActionButton> </ActionButton>

3
packages/builder/src/pages/builder/portal/users/users/_components/UpdateRolesModal.svelte
View file

@ -2,6 +2,7 @@
import { createEventDispatcher } from "svelte" import { createEventDispatcher } from "svelte"
import { Body, Select, ModalContent, notifications } from "@budibase/bbui" import { Body, Select, ModalContent, notifications } from "@budibase/bbui"
import { users } from "stores/portal" import { users } from "stores/portal"
import { sdk } from "@budibase/shared-core"
export let app export let app
export let user export let user
@ -15,7 +16,7 @@
.filter(role => role._id !== "PUBLIC") .filter(role => role._id !== "PUBLIC")
.map(role => ({ value: role._id, label: role.name })) .map(role => ({ value: role._id, label: role.name }))
if (!user?.builder?.global) { if (!sdk.users.isBuilder(user, app?.appId)) {
options.push({ value: NO_ACCESS, label: "No Access" }) options.push({ value: NO_ACCESS, label: "No Access" })
} }
let selectedRole = user?.roles?.[app?._id] let selectedRole = user?.roles?.[app?._id]

3
packages/builder/src/pages/builder/portal/users/users/index.svelte
View file

@ -39,6 +39,7 @@
import { API } from "api" import { API } from "api"
import { OnboardingType } from "../../../../../constants" import { OnboardingType } from "../../../../../constants"
import ScimBanner from "../_components/SCIMBanner.svelte" import ScimBanner from "../_components/SCIMBanner.svelte"
import { sdk } from "@budibase/shared-core"
const fetch = fetchData({ const fetch = fetchData({
API, API,
@ -66,7 +67,7 @@
let userData = [] let userData = []
$: isOwner = $auth.accountPortalAccess && $admin.cloud $: isOwner = $auth.accountPortalAccess && $admin.cloud
$: readonly = !$auth.isAdmin || $features.isScimEnabled $: readonly = !sdk.users.isAdmin($auth.user) || $features.isScimEnabled
$: debouncedUpdateFetch(searchEmail) $: debouncedUpdateFetch(searchEmail)
$: schema = { $: schema = {

14
packages/builder/src/stores/portal/auth.js
View file

@ -2,6 +2,7 @@ import { derived, writable, get } from "svelte/store"
import { API } from "api" import { API } from "api"
import { admin } from "stores/portal" import { admin } from "stores/portal"
import analytics from "analytics" import analytics from "analytics"
import { sdk } from "@budibase/shared-core"
export function createAuthStore() { export function createAuthStore() {
const auth = writable({ const auth = writable({
@ -13,13 +14,6 @@ export function createAuthStore() {
postLogout: false, postLogout: false,
}) })
const store = derived(auth, $store => { const store = derived(auth, $store => {
let isAdmin = false
let isBuilder = false
if ($store.user) {
const user = $store.user
isAdmin = !!user.admin?.global
isBuilder = !!user.builder?.global
}
return { return {
user: $store.user, user: $store.user,
accountPortalAccess: $store.accountPortalAccess, accountPortalAccess: $store.accountPortalAccess,
@ -27,8 +21,6 @@ export function createAuthStore() {
tenantSet: $store.tenantSet, tenantSet: $store.tenantSet,
loaded: $store.loaded, loaded: $store.loaded,
postLogout: $store.postLogout, postLogout: $store.postLogout,
isAdmin,
isBuilder,
isSSO: !!$store.user?.provider, isSSO: !!$store.user?.provider,
} }
}) })
@ -57,8 +49,8 @@ export function createAuthStore() {
name: user.account?.name, name: user.account?.name,
user_id: user._id, user_id: user._id,
tenant: user.tenantId, tenant: user.tenantId,
admin: user?.admin?.global, admin: sdk.users.isAdmin(user),
builder: user?.builder?.global, builder: sdk.users.isBuilder(user),
"Company size": user.account?.size, "Company size": user.account?.size,
"Job role": user.account?.profession, "Job role": user.account?.profession,
}, },

37
packages/builder/src/stores/portal/menu.js
View file

@ -2,8 +2,12 @@ import { derived } from "svelte/store"
import { isEnabled, TENANT_FEATURE_FLAGS } from "helpers/featureFlags" import { isEnabled, TENANT_FEATURE_FLAGS } from "helpers/featureFlags"
import { admin } from "./admin" import { admin } from "./admin"
import { auth } from "./auth" import { auth } from "./auth"
import { sdk } from "@budibase/shared-core"
export const menu = derived([admin, auth], ([$admin, $auth]) => { export const menu = derived([admin, auth], ([$admin, $auth]) => {
const user = $auth?.user
const isAdmin = sdk.users.isAdmin(user)
const cloud = $admin?.cloud
// Determine user sub pages // Determine user sub pages
let userSubPages = [ let userSubPages = [
{ {
@ -24,19 +28,21 @@ export const menu = derived([admin, auth], ([$admin, $auth]) => {
title: "Apps", title: "Apps",
href: "/builder/portal/apps", href: "/builder/portal/apps",
}, },
{ ]
if (sdk.users.isGlobalBuilder(user)) {
menu.push({
title: "Users", title: "Users",
href: "/builder/portal/users", href: "/builder/portal/users",
subPages: userSubPages, subPages: userSubPages,
}, })
{ menu.push({
title: "Plugins", title: "Plugins",
href: "/builder/portal/plugins", href: "/builder/portal/plugins",
}, })
] }
// Add settings page for admins // Add settings page for admins
if ($auth.isAdmin) { if (isAdmin) {
let settingsSubPages = [ let settingsSubPages = [
{ {
title: "Auth", title: "Auth",
@ -59,7 +65,7 @@ export const menu = derived([admin, auth], ([$admin, $auth]) => {
href: "/builder/portal/settings/environment", href: "/builder/portal/settings/environment",
}, },
] ]
if (!$admin.cloud) { if (!cloud) {
settingsSubPages.push({ settingsSubPages.push({
title: "Version", title: "Version",
href: "/builder/portal/settings/version", href: "/builder/portal/settings/version",
@ -84,38 +90,35 @@ export const menu = derived([admin, auth], ([$admin, $auth]) => {
href: "/builder/portal/account/usage", href: "/builder/portal/account/usage",
}, },
] ]
if ($auth.isAdmin) { if (isAdmin) {
accountSubPages.push({ accountSubPages.push({
title: "Audit Logs", title: "Audit Logs",
href: "/builder/portal/account/auditLogs", href: "/builder/portal/account/auditLogs",
}) })
if (!$admin.cloud) { if (!cloud) {
accountSubPages.push({ accountSubPages.push({
title: "System Logs", title: "System Logs",
href: "/builder/portal/account/systemLogs", href: "/builder/portal/account/systemLogs",
}) })
} }
} }
if ($admin.cloud && $auth?.user?.accountPortalAccess) { if (cloud && user?.accountPortalAccess) {
accountSubPages.push({ accountSubPages.push({
title: "Upgrade", title: "Upgrade",
href: $admin.accountPortalUrl + "/portal/upgrade", href: $admin?.accountPortalUrl + "/portal/upgrade",
}) })
} else if (!$admin.cloud && $auth.isAdmin) { } else if (!cloud && isAdmin) {
accountSubPages.push({ accountSubPages.push({
title: "Upgrade", title: "Upgrade",
href: "/builder/portal/account/upgrade", href: "/builder/portal/account/upgrade",
}) })
} }
// add license check here // add license check here
if ( if (user?.accountPortalAccess && user.account.stripeCustomerId) {
$auth?.user?.accountPortalAccess &&
$auth.user.account.stripeCustomerId
) {
accountSubPages.push({ accountSubPages.push({
title: "Billing", title: "Billing",
href: $admin.accountPortalUrl + "/portal/billing", href: $admin?.accountPortalUrl + "/portal/billing",
}) })
} }
menu.push({ menu.push({

9
packages/builder/src/stores/portal/users.js
View file

@ -2,6 +2,7 @@ import { writable } from "svelte/store"
import { API } from "api" import { API } from "api"
import { update } from "lodash" import { update } from "lodash"
import { licensing } from "." import { licensing } from "."
import { sdk } from "@budibase/shared-core"
export function createUsersStore() { export function createUsersStore() {
const { subscribe, set } = writable({}) const { subscribe, set } = writable({})
@ -111,8 +112,12 @@ export function createUsersStore() {
return await API.saveUser(user) return await API.saveUser(user)
} }
const getUserRole = ({ admin, builder }) => const getUserRole = user =>
admin?.global ? "admin" : builder?.global ? "developer" : "appUser" sdk.users.isAdmin(user)
? "admin"
: sdk.users.isBuilder(user)
? "developer"
: "appUser"
const refreshUsage = const refreshUsage =
fn => fn =>

6
packages/cli/package.json
View file

@ -14,6 +14,7 @@
"tsc": "tsc -p tsconfig.build.json", "tsc": "tsc -p tsconfig.build.json",
"pkg": "pkg . --out-path build --no-bytecode --public --public-packages \"*\" -C GZip", "pkg": "pkg . --out-path build --no-bytecode --public --public-packages \"*\" -C GZip",
"build": "yarn prebuild && yarn rename && yarn tsc && yarn pkg && yarn postbuild", "build": "yarn prebuild && yarn rename && yarn tsc && yarn pkg && yarn postbuild",
"check:types": "tsc -p tsconfig.json --noEmit --paths null",
"postbuild": "rm -rf prebuilds 2> /dev/null" "postbuild": "rm -rf prebuilds 2> /dev/null"
}, },
"pkg": { "pkg": {
@ -45,7 +46,7 @@
"lookpath": "1.1.0", "lookpath": "1.1.0",
"node-fetch": "2.6.7", "node-fetch": "2.6.7",
"pkg": "5.8.0", "pkg": "5.8.0",
"posthog-node": "1.0.7", "posthog-node": "1.3.0",
"pouchdb": "7.3.0", "pouchdb": "7.3.0",
"pouchdb-replication-stream": "1.2.9", "pouchdb-replication-stream": "1.2.9",
"randomstring": "1.1.5", "randomstring": "1.1.5",
@ -70,7 +71,8 @@
"dependsOn": [ "dependsOn": [
{ {
"projects": [ "projects": [
"@budibase/backend-core" "@budibase/backend-core",
"@budibase/string-templates"
], ],
"target": "build" "target": "build"
} }

1
packages/cli/tsconfig.json
View file

@ -16,7 +16,6 @@
"require": ["tsconfig-paths/register"], "require": ["tsconfig-paths/register"],
"swc": true "swc": true
}, },
"references": [{ "path": "../types" }, { "path": "../backend-core" }],
"include": ["src/**/*", "package.json"], "include": ["src/**/*", "package.json"],
"exclude": ["node_modules", "dist"] "exclude": ["node_modules", "dist"]
} }

18
packages/client/package.json
View file

@ -70,14 +70,26 @@
"dependsOn": [ "dependsOn": [
{ {
"projects": [ "projects": [
"@budibase/shared-core",
"@budibase/string-templates", "@budibase/string-templates",
"@budibase/shared-core" "@budibase/types"
],
"target": "build"
}
]
},
"dev:builder": {
"dependsOn": [
{
"projects": [
"@budibase/shared-core",
"@budibase/string-templates",
"@budibase/types"
], ],
"target": "build" "target": "build"
} }
] ]
} }
} }
}, }
"gitHead": "d1836a898cab3f8ab80ee6d8f42be1a9eed7dcdc"
} }

4
packages/client/rollup.config.js
View file

@ -25,11 +25,11 @@ const devPaths = production
: [ : [
{ {
find: "@budibase/shared-core", find: "@budibase/shared-core",
replacement: path.resolve("../shared-core/dist/mjs/src/index"), replacement: path.resolve("../shared-core/dist/index"),
}, },
{ {
find: "@budibase/types", find: "@budibase/types",
replacement: path.resolve("../types/dist/mjs/index"), replacement: path.resolve("../types/dist/index"),
}, },
] ]

28
packages/client/src/components/BlockComponent.svelte
View file

@ -26,9 +26,9 @@
$: parentId = $component?.id $: parentId = $component?.id
$: inBuilder = $builderStore.inBuilder $: inBuilder = $builderStore.inBuilder
$: instance = { $: instance = {
_component: `@budibase/standard-components/${type}`, _component: getComponent(type),
_id: id, _id: id,
_instanceName: name || type[0].toUpperCase() + type.slice(1), _instanceName: getInstanceName(name, type),
_styles: { _styles: {
...styles, ...styles,
normal: styles?.normal || {}, normal: styles?.normal || {},
@ -45,6 +45,30 @@
} }
} }
const getComponent = type => {
if (!type) {
return null
}
if (type.startsWith("plugin/")) {
return type
} else {
return `@budibase/standard-components/${type}`
}
}
const getInstanceName = (name, type) => {
if (name) {
return name
}
if (!type) {
return "New component"
}
if (type.startsWith("plugin/")) {
type = type.split("plugin/")[1]
}
return type[0].toUpperCase() + type.slice(1)
}
onDestroy(() => { onDestroy(() => {
if (inBuilder) { if (inBuilder) {
block.unregisterComponent(id, parentId) block.unregisterComponent(id, parentId)

4
packages/client/src/sdk.js
View file

@ -18,6 +18,8 @@ import { styleable } from "utils/styleable"
import { linkable } from "utils/linkable" import { linkable } from "utils/linkable"
import { getAction } from "utils/getAction" import { getAction } from "utils/getAction"
import Provider from "components/context/Provider.svelte" import Provider from "components/context/Provider.svelte"
import Block from "components/Block.svelte"
import BlockComponent from "components/BlockComponent.svelte"
import { ActionTypes } from "./constants" import { ActionTypes } from "./constants"
import { fetchDatasourceSchema } from "./utils/schema.js" import { fetchDatasourceSchema } from "./utils/schema.js"
import { getAPIKey } from "./utils/api.js" import { getAPIKey } from "./utils/api.js"
@ -44,4 +46,6 @@ export default {
Provider, Provider,
ActionTypes, ActionTypes,
getAPIKey, getAPIKey,
Block,
BlockComponent,
} }

2
packages/pro

@ -1 +1 @@
Subproject commit 63fa1b15f6e2afa8a264d597157fd798c9ce031c Subproject commit cf3bef2aad9c739111b306fd0712397adc363f81

15
packages/server/nodemon.json
View file

@ -1,10 +1,13 @@
{ {
"watch": ["src", "../backend-core", "../pro"], "watch": [
"ext": "js,ts,json", "src",
"ignore": [ "../backend-core",
"src/**/*.spec.ts", "../pro",
"src/**/*.spec.js", "../types",
"../backend-core/dist/**/*" "../shared-core",
"../string-templates"
], ],
"ext": "js,ts,json",
"ignore": ["src/**/*.spec.ts", "src/**/*.spec.js", "../*/dist/**/*"],
"exec": "yarn build && node ./dist/index.js" "exec": "yarn build && node ./dist/index.js"
} }

30
packages/server/package.json
View file

@ -11,7 +11,7 @@
"scripts": { "scripts": {
"prebuild": "rimraf dist/", "prebuild": "rimraf dist/",
"build": "node ./scripts/build.js", "build": "node ./scripts/build.js",
"check:types": "tsc -p tsconfig.build.json --noEmit", "check:types": "tsc -p tsconfig.json --noEmit --paths null",
"postbuild": "copyfiles -f ../client/dist/budibase-client.js ../client/manifest.json client", "postbuild": "copyfiles -f ../client/dist/budibase-client.js ../client/manifest.json client",
"build:dev": "yarn prebuild && tsc --build --watch --preserveWatchOutput", "build:dev": "yarn prebuild && tsc --build --watch --preserveWatchOutput",
"debug": "yarn build && node --expose-gc --inspect=9222 dist/index.js", "debug": "yarn build && node --expose-gc --inspect=9222 dist/index.js",
@ -179,31 +179,5 @@
}, },
"optionalDependencies": { "optionalDependencies": {
"oracledb": "5.3.0" "oracledb": "5.3.0"
}, }
"nx": {
"targets": {
"dev:builder": {
"dependsOn": [
{
"projects": [
"@budibase/backend-core"
],
"target": "build"
}
]
},
"test": {
"dependsOn": [
{
"projects": [
"@budibase/string-templates",
"@budibase/shared-core"
],
"target": "build"
}
]
}
}
},
"gitHead": "d1836a898cab3f8ab80ee6d8f42be1a9eed7dcdc"
} }

6
packages/server/scripts/integrations/postgres/init.sql
View file

@ -1,6 +1,6 @@
SELECT 'CREATE DATABASE main' SELECT 'CREATE DATABASE main'
WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = 'main')\gexec WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = 'main')\gexec
CREATE SCHEMA test; CREATE SCHEMA "test-1";
CREATE TYPE person_job AS ENUM ('qa', 'programmer', 'designer'); CREATE TYPE person_job AS ENUM ('qa', 'programmer', 'designer');
CREATE TABLE Persons ( CREATE TABLE Persons (
PersonID SERIAL PRIMARY KEY, PersonID SERIAL PRIMARY KEY,
@ -39,7 +39,7 @@ CREATE TABLE Products_Tasks (
REFERENCES Tasks(TaskID), REFERENCES Tasks(TaskID),
PRIMARY KEY (ProductID, TaskID) PRIMARY KEY (ProductID, TaskID)
); );
CREATE TABLE test.table1 ( CREATE TABLE "test-1".table1 (
id SERIAL PRIMARY KEY, id SERIAL PRIMARY KEY,
Name varchar(255) Name varchar(255)
); );
@ -60,7 +60,7 @@ INSERT INTO Products_Tasks (ProductID, TaskID) VALUES (1, 1);
INSERT INTO Products_Tasks (ProductID, TaskID) VALUES (2, 1); INSERT INTO Products_Tasks (ProductID, TaskID) VALUES (2, 1);
INSERT INTO Products_Tasks (ProductID, TaskID) VALUES (3, 1); INSERT INTO Products_Tasks (ProductID, TaskID) VALUES (3, 1);
INSERT INTO Products_Tasks (ProductID, TaskID) VALUES (1, 2); INSERT INTO Products_Tasks (ProductID, TaskID) VALUES (1, 2);
INSERT INTO test.table1 (Name) VALUES ('Test'); INSERT INTO "test-1".table1 (Name) VALUES ('Test');
INSERT INTO CompositeTable (KeyPartOne, KeyPartTwo, Name) VALUES ('aaa', 'bbb', 'Michael'); INSERT INTO CompositeTable (KeyPartOne, KeyPartTwo, Name) VALUES ('aaa', 'bbb', 'Michael');
INSERT INTO CompositeTable (KeyPartOne, KeyPartTwo, Name) VALUES ('bbb', 'ccc', 'Andrew'); INSERT INTO CompositeTable (KeyPartOne, KeyPartTwo, Name) VALUES ('bbb', 'ccc', 'Andrew');
INSERT INTO CompositeTable (KeyPartOne, KeyPartTwo, Name) VALUES ('ddd', '', 'OneKey'); INSERT INTO CompositeTable (KeyPartOne, KeyPartTwo, Name) VALUES ('ddd', '', 'OneKey');

4
packages/server/scripts/test.sh
View file

@ -5,8 +5,8 @@ if [[ -n $CI ]]
then then
# --runInBand performs better in ci where resources are limited # --runInBand performs better in ci where resources are limited
export NODE_OPTIONS="--max-old-space-size=4096" export NODE_OPTIONS="--max-old-space-size=4096"
echo "jest --coverage --runInBand --forceExit" echo "jest --coverage --runInBand --forceExit --bail"
jest --coverage --runInBand --forceExit jest --coverage --runInBand --forceExit --bail
else else
# --maxWorkers performs better in development # --maxWorkers performs better in development
echo "jest --coverage --maxWorkers=2 --forceExit" echo "jest --coverage --maxWorkers=2 --forceExit"

36
packages/server/src/api/controllers/application.ts
View file

@ -30,6 +30,7 @@ import {
objectStore, objectStore,
roles, roles,
tenancy, tenancy,
users,
} from "@budibase/backend-core" } from "@budibase/backend-core"
import { USERS_TABLE_SCHEMA } from "../../constants" import { USERS_TABLE_SCHEMA } from "../../constants"
import { import {
@ -49,8 +50,8 @@ import {
MigrationType, MigrationType,
PlanType, PlanType,
Screen, Screen,
SocketSession,
UserCtx, UserCtx,
ContextUser,
} from "@budibase/types" } from "@budibase/types"
import { BASE_LAYOUT_PROP_IDS } from "../../constants/layouts" import { BASE_LAYOUT_PROP_IDS } from "../../constants/layouts"
import sdk from "../../sdk" import sdk from "../../sdk"
@ -177,32 +178,10 @@ export const addSampleData = async (ctx: UserCtx) => {
} }
export async function fetch(ctx: UserCtx) { export async function fetch(ctx: UserCtx) {
const dev = ctx.query && ctx.query.status === AppStatus.DEV ctx.body = await sdk.applications.fetch(
const all = ctx.query && ctx.query.status === AppStatus.ALL ctx.query.status as AppStatus,
const apps = (await dbCore.getAllApps({ dev, all })) as App[] ctx.user
)
const appIds = apps
.filter((app: any) => app.status === "development")
.map((app: any) => app.appId)
// get the locks for all the dev apps
if (dev || all) {
const locks = await getLocksById(appIds)
for (let app of apps) {
const lock = locks[app.appId]
if (lock) {
app.lockedBy = lock
} else {
// make sure its definitely not present
delete app.lockedBy
}
}
}
// Enrich apps with all builder user sessions
const enrichedApps = await sdk.users.sessions.enrichApps(apps)
ctx.body = await checkAppMetadata(enrichedApps)
} }
export async function fetchAppDefinition(ctx: UserCtx) { export async function fetchAppDefinition(ctx: UserCtx) {
@ -222,6 +201,7 @@ export async function fetchAppDefinition(ctx: UserCtx) {
export async function fetchAppPackage(ctx: UserCtx) { export async function fetchAppPackage(ctx: UserCtx) {
const db = context.getAppDB() const db = context.getAppDB()
const appId = context.getAppId()
let application = await db.get<any>(DocumentType.APP_METADATA) let application = await db.get<any>(DocumentType.APP_METADATA)
const layouts = await getLayouts() const layouts = await getLayouts()
let screens = await getScreens() let screens = await getScreens()
@ -233,7 +213,7 @@ export async function fetchAppPackage(ctx: UserCtx) {
) )
// Only filter screens if the user is not a builder // Only filter screens if the user is not a builder
if (!(ctx.user.builder && ctx.user.builder.global)) { if (!users.isBuilder(ctx.user, appId)) {
const userRoleId = getUserRoleId(ctx) const userRoleId = getUserRoleId(ctx)
const accessController = new roles.AccessController() const accessController = new roles.AccessController()
screens = await accessController.checkScreensAccess(screens, userRoleId) screens = await accessController.checkScreensAccess(screens, userRoleId)

14
packages/server/src/api/controllers/view/viewsV2.ts
View file

@ -49,12 +49,18 @@ async function parseSchemaUI(ctx: Ctx, view: CreateViewRequest) {
const schemaUI = const schemaUI =
view.schema && view.schema &&
Object.entries(view.schema).reduce((p, [fieldName, schemaValue]) => { Object.entries(view.schema).reduce((p, [fieldName, schemaValue]) => {
p[fieldName] = { const fieldSchema: RequiredKeys<UIFieldMetadata> = {
order: schemaValue.order, order: schemaValue.order,
width: schemaValue.width, width: schemaValue.width,
visible: schemaValue.visible, visible: schemaValue.visible,
icon: schemaValue.icon, icon: schemaValue.icon,
} }
Object.entries(fieldSchema)
.filter(([_, val]) => val === undefined)
.forEach(([key]) => {
delete fieldSchema[key as keyof UIFieldMetadata]
})
p[fieldName] = fieldSchema
return p return p
}, {} as Record<string, RequiredKeys<UIFieldMetadata>>) }, {} as Record<string, RequiredKeys<UIFieldMetadata>>)
return schemaUI return schemaUI
@ -66,13 +72,14 @@ export async function create(ctx: Ctx<CreateViewRequest, ViewResponse>) {
const schemaUI = await parseSchemaUI(ctx, view) const schemaUI = await parseSchemaUI(ctx, view)
const parsedView: Omit<ViewV2, "id" | "version"> = { const parsedView: Omit<RequiredKeys<ViewV2>, "id" | "version"> = {
name: view.name, name: view.name,
tableId: view.tableId, tableId: view.tableId,
query: view.query, query: view.query,
sort: view.sort, sort: view.sort,
columns: view.schema && Object.keys(view.schema), columns: view.schema && Object.keys(view.schema),
schemaUI, schemaUI,
primaryDisplay: view.primaryDisplay,
} }
const result = await sdk.views.create(tableId, parsedView) const result = await sdk.views.create(tableId, parsedView)
ctx.status = 201 ctx.status = 201
@ -95,7 +102,7 @@ export async function update(ctx: Ctx<UpdateViewRequest, ViewResponse>) {
const { tableId } = view const { tableId } = view
const schemaUI = await parseSchemaUI(ctx, view) const schemaUI = await parseSchemaUI(ctx, view)
const parsedView: ViewV2 = { const parsedView: RequiredKeys<ViewV2> = {
id: view.id, id: view.id,
name: view.name, name: view.name,
version: view.version, version: view.version,
@ -104,6 +111,7 @@ export async function update(ctx: Ctx<UpdateViewRequest, ViewResponse>) {
sort: view.sort, sort: view.sort,
columns: view.schema && Object.keys(view.schema), columns: view.schema && Object.keys(view.schema),
schemaUI, schemaUI,
primaryDisplay: view.primaryDisplay,
} }
const result = await sdk.views.update(tableId, parsedView) const result = await sdk.views.update(tableId, parsedView)

4
packages/server/src/api/routes/application.ts
View file

@ -15,7 +15,7 @@ router
) )
.post( .post(
"/api/applications", "/api/applications",
authorized(permissions.BUILDER), authorized(permissions.GLOBAL_BUILDER),
applicationValidator(), applicationValidator(),
controller.create controller.create
) )
@ -55,7 +55,7 @@ router
) )
.delete( .delete(
"/api/applications/:appId", "/api/applications/:appId",
authorized(permissions.BUILDER), authorized(permissions.GLOBAL_BUILDER),
controller.destroy controller.destroy
) )

12
packages/server/src/api/routes/plugin.ts
View file

@ -8,14 +8,18 @@ const router: Router = new Router()
router router
.post( .post(
"/api/plugin/upload", "/api/plugin/upload",
authorized(permissions.BUILDER), authorized(permissions.GLOBAL_BUILDER),
controller.upload controller.upload
) )
.post("/api/plugin", authorized(permissions.BUILDER), controller.create) .post(
.get("/api/plugin", authorized(permissions.BUILDER), controller.fetch) "/api/plugin",
authorized(permissions.GLOBAL_BUILDER),
controller.create
)
.get("/api/plugin", authorized(permissions.GLOBAL_BUILDER), controller.fetch)
.delete( .delete(
"/api/plugin/:pluginId", "/api/plugin/:pluginId",
authorized(permissions.BUILDER), authorized(permissions.GLOBAL_BUILDER),
controller.destroy controller.destroy
) )

6
packages/server/src/api/routes/public/index.ts
View file

@ -7,14 +7,14 @@ import userEndpoints from "./users"
import authorized from "../../../middleware/authorized" import authorized from "../../../middleware/authorized"
import publicApi from "../../../middleware/publicApi" import publicApi from "../../../middleware/publicApi"
import { paramResource, paramSubResource } from "../../../middleware/resourceId" import { paramResource, paramSubResource } from "../../../middleware/resourceId"
import { PermissionType, PermissionLevel } from "@budibase/types"
import { CtxFn } from "./utils/Endpoint" import { CtxFn } from "./utils/Endpoint"
import mapperMiddleware from "./middleware/mapper" import mapperMiddleware from "./middleware/mapper"
import env from "../../../environment" import env from "../../../environment"
// below imports don't have declaration files // below imports don't have declaration files
const Router = require("@koa/router") const Router = require("@koa/router")
const { RateLimit, Stores } = require("koa2-ratelimit") const { RateLimit, Stores } = require("koa2-ratelimit")
import { middleware, redis, permissions } from "@budibase/backend-core" import { middleware, redis } from "@budibase/backend-core"
const { PermissionType, PermissionLevel } = permissions
const PREFIX = "/api/public/v1" const PREFIX = "/api/public/v1"
// allow a lot more requests when in test // allow a lot more requests when in test
@ -111,7 +111,7 @@ function applyAdminRoutes(endpoints: any) {
function applyRoutes( function applyRoutes(
endpoints: any, endpoints: any,
permType: string, permType: PermissionType,
resource: string, resource: string,
subResource?: string subResource?: string
) { ) {

5
packages/server/src/api/routes/tests/utilities/TestFunctions.ts
View file

@ -36,7 +36,10 @@ export const clearAllApps = async (
exceptions: Array<string> = [] exceptions: Array<string> = []
) => { ) => {
await tenancy.doInTenant(tenantId, async () => { await tenancy.doInTenant(tenantId, async () => {
const req: any = { query: { status: AppStatus.DEV }, user: { tenantId } } const req: any = {
query: { status: AppStatus.DEV },
user: { tenantId, builder: { global: true } },
}
await appController.fetch(req) await appController.fetch(req)
const apps = req.body const apps = req.body
if (!apps || apps.length <= 0) { if (!apps || apps.length <= 0) {

79
packages/server/src/api/routes/tests/viewV2.spec.ts
View file

@ -6,6 +6,7 @@ import {
SortOrder, SortOrder,
SortType, SortType,
Table, Table,
UpdateViewRequest,
ViewV2, ViewV2,
} from "@budibase/types" } from "@budibase/types"
import { generator } from "@budibase/backend-core/tests" import { generator } from "@budibase/backend-core/tests"
@ -34,20 +35,6 @@ function priceTable(): Table {
describe("/v2/views", () => { describe("/v2/views", () => {
const config = setup.getConfig() const config = setup.getConfig()
const viewFilters: Omit<CreateViewRequest, "name" | "tableId"> = {
query: { allOr: false, equal: { field: "value" } },
sort: {
field: "fieldToSort",
order: SortOrder.DESCENDING,
type: SortType.STRING,
},
schema: {
name: {
visible: true,
},
},
}
afterAll(setup.afterAll) afterAll(setup.afterAll)
beforeAll(async () => { beforeAll(async () => {
@ -70,20 +57,30 @@ describe("/v2/views", () => {
}) })
}) })
it("can persist views with queries", async () => { it("can persist views with all fields", async () => {
const newView: CreateViewRequest = { const newView: Required<CreateViewRequest> = {
name: generator.name(), name: generator.name(),
tableId: config.table!._id!, tableId: config.table!._id!,
query: viewFilters.query, primaryDisplay: generator.word(),
sort: viewFilters.sort, query: { allOr: false, equal: { field: "value" } },
sort: {
field: "fieldToSort",
order: SortOrder.DESCENDING,
type: SortType.STRING,
},
schema: {
name: {
visible: true,
},
},
} }
delete newView.schema
const res = await config.api.viewV2.create(newView) const res = await config.api.viewV2.create(newView)
expect(res).toEqual({ expect(res).toEqual({
...newView, ...newView,
query: viewFilters.query, schema: undefined,
sort: viewFilters.sort, columns: ["name"],
schemaUI: newView.schema,
id: expect.any(String), id: expect.any(String),
version: 2, version: 2,
}) })
@ -210,6 +207,46 @@ describe("/v2/views", () => {
}) })
}) })
it("can update all fields", async () => {
const tableId = config.table!._id!
const updatedData: Required<UpdateViewRequest> = {
version: view.version,
id: view.id,
tableId,
name: view.name,
primaryDisplay: generator.word(),
query: { equal: { [generator.word()]: generator.word() } },
sort: {
field: generator.word(),
order: SortOrder.DESCENDING,
type: SortType.STRING,
},
schema: {
Category: {
visible: false,
},
},
}
await config.api.viewV2.update(updatedData)
expect(await config.api.table.get(tableId)).toEqual({
...config.table,
views: {
[view.name]: {
...updatedData,
schema: {
Category: expect.objectContaining({
visible: false,
}),
},
},
},
_rev: expect.any(String),
updatedAt: expect.any(String),
})
})
it("can update an existing view name", async () => { it("can update an existing view name", async () => {
const tableId = config.table!._id! const tableId = config.table!._id!
await config.api.viewV2.update({ ...view, name: "View B" }) await config.api.viewV2.update({ ...view, name: "View B" })

10
packages/server/src/app.ts
View file

@ -15,7 +15,15 @@ import * as api from "./api"
import * as automations from "./automations" import * as automations from "./automations"
import { Thread } from "./threads" import { Thread } from "./threads"
import * as redis from "./utilities/redis" import * as redis from "./utilities/redis"
import { events, logging, middleware, timers } from "@budibase/backend-core" import { ServiceType } from "@budibase/types"
import {
events,
logging,
middleware,
timers,
env as coreEnv,
} from "@budibase/backend-core"
coreEnv._set("SERVICE_TYPE", ServiceType.APPS)
import { startup } from "./startup" import { startup } from "./startup"
const Sentry = require("@sentry/node") const Sentry = require("@sentry/node")
const destroyable = require("server-destroy") const destroyable = require("server-destroy")

19
packages/server/src/automations/tests/openai.spec.ts
View file

@ -22,6 +22,10 @@ jest.mock(
})) }))
) )
const mockedOpenAIApi = openai.OpenAIApi as jest.MockedClass<
typeof openai.OpenAIApi
>
const OPENAI_PROMPT = "What is the meaning of life?" const OPENAI_PROMPT = "What is the meaning of life?"
describe("test the openai action", () => { describe("test the openai action", () => {
@ -68,11 +72,16 @@ describe("test the openai action", () => {
}) })
it("should present the correct error message when an error is thrown from the createChatCompletion call", async () => { it("should present the correct error message when an error is thrown from the createChatCompletion call", async () => {
openai.OpenAIApi.mockImplementation(() => ({ mockedOpenAIApi.mockImplementation(
createChatCompletion: jest.fn(() => { () =>
throw new Error("An error occurred while calling createChatCompletion") ({
}), createChatCompletion: jest.fn(() => {
})) throw new Error(
"An error occurred while calling createChatCompletion"
)
}),
} as any)
)
const res = await setup.runStep("OPENAI", { const res = await setup.runStep("OPENAI", {
prompt: OPENAI_PROMPT, prompt: OPENAI_PROMPT,

8
packages/server/src/db/utils.ts
View file

@ -3,10 +3,10 @@ import { db as dbCore } from "@budibase/backend-core"
type Optional = string | null type Optional = string | null
export const AppStatus = { export const enum AppStatus {
DEV: "development", DEV = "development",
ALL: "all", ALL = "all",
DEPLOYED: "published", DEPLOYED = "published",
} }
export const BudibaseInternalDB = { export const BudibaseInternalDB = {

3
packages/server/src/environment.ts
View file

@ -1,3 +1,6 @@
import { env as coreEnv } from "@budibase/backend-core"
import { ServiceType } from "@budibase/types"
coreEnv._set("SERVICE_TYPE", ServiceType.APPS)
import { join } from "path" import { join } from "path"
function isTest() { function isTest() {

2
packages/server/src/integrations/postgres.ts
View file

@ -210,7 +210,7 @@ class PostgresIntegration extends Sql implements DatasourcePlus {
if (!this.config.schema) { if (!this.config.schema) {
this.config.schema = "public" this.config.schema = "public"
} }
await this.client.query(`SET search_path TO ${this.config.schema}`) await this.client.query(`SET search_path TO "${this.config.schema}"`)
this.COLUMNS_SQL = `select * from information_schema.columns where table_schema = '${this.config.schema}'` this.COLUMNS_SQL = `select * from information_schema.columns where table_schema = '${this.config.schema}'`
this.open = true this.open = true
} }

2
packages/server/src/integrations/tests/googlesheets.spec.ts
View file

@ -30,7 +30,7 @@ GoogleSpreadsheet.mockImplementation(() => mockGoogleIntegration)
import { structures } from "@budibase/backend-core/tests" import { structures } from "@budibase/backend-core/tests"
import TestConfiguration from "../../tests/utilities/TestConfiguration" import TestConfiguration from "../../tests/utilities/TestConfiguration"
import GoogleSheetsIntegration from "../googlesheets" import GoogleSheetsIntegration from "../googlesheets"
import { FieldType, Table, TableSchema } from "../../../../types/src/documents" import { FieldType, Table, TableSchema } from "@budibase/types"
describe("Google Sheets Integration", () => { describe("Google Sheets Integration", () => {
let integration: any, let integration: any,

52
packages/server/src/middleware/authorized.ts
View file

@ -1,5 +1,11 @@
import { roles, permissions, auth, context } from "@budibase/backend-core" import {
import { Role } from "@budibase/types" auth,
context,
permissions,
roles,
users,
} from "@budibase/backend-core"
import { PermissionLevel, PermissionType, Role, UserCtx } from "@budibase/types"
import builderMiddleware from "./builder" import builderMiddleware from "./builder"
import { isWebhookEndpoint } from "./utils" import { isWebhookEndpoint } from "./utils"
@ -16,15 +22,20 @@ const csrf = auth.buildCsrfMiddleware()
* - Otherwise the user must have the required role. * - Otherwise the user must have the required role.
*/ */
const checkAuthorized = async ( const checkAuthorized = async (
ctx: any, ctx: UserCtx,
resourceRoles: any, resourceRoles: any,
permType: any, permType: PermissionType,
permLevel: any permLevel: PermissionLevel
) => { ) => {
const appId = context.getAppId()
const isGlobalBuilderApi = permType === PermissionType.GLOBAL_BUILDER
const isBuilderApi = permType === PermissionType.BUILDER
const globalBuilder = users.isGlobalBuilder(ctx.user)
let isBuilder = appId
? users.isBuilder(ctx.user, appId)
: users.hasBuilderPermissions(ctx.user)
// check if this is a builder api and the user is not a builder // check if this is a builder api and the user is not a builder
const isBuilder = ctx.user && ctx.user.builder && ctx.user.builder.global if ((isGlobalBuilderApi && !globalBuilder) || (isBuilderApi && !isBuilder)) {
const isBuilderApi = permType === permissions.PermissionType.BUILDER
if (isBuilderApi && !isBuilder) {
return ctx.throw(403, "Not Authorized") return ctx.throw(403, "Not Authorized")
} }
@ -35,10 +46,10 @@ const checkAuthorized = async (
} }
const checkAuthorizedResource = async ( const checkAuthorizedResource = async (
ctx: any, ctx: UserCtx,
resourceRoles: any, resourceRoles: any,
permType: any, permType: PermissionType,
permLevel: any permLevel: PermissionLevel
) => { ) => {
// get the user's roles // get the user's roles
const roleId = ctx.roleId || roles.BUILTIN_ROLE_IDS.PUBLIC const roleId = ctx.roleId || roles.BUILTIN_ROLE_IDS.PUBLIC
@ -64,8 +75,8 @@ const checkAuthorizedResource = async (
} }
export default ( export default (
permType: any, permType: PermissionType,
permLevel: any = null, permLevel?: PermissionLevel,
opts = { schema: false } opts = { schema: false }
) => ) =>
async (ctx: any, next: any) => { async (ctx: any, next: any) => {
@ -83,12 +94,12 @@ export default (
let resourceRoles: any = [] let resourceRoles: any = []
let otherLevelRoles: any = [] let otherLevelRoles: any = []
const otherLevel = const otherLevel =
permLevel === permissions.PermissionLevel.READ permLevel === PermissionLevel.READ
? permissions.PermissionLevel.WRITE ? PermissionLevel.WRITE
: permissions.PermissionLevel.READ : PermissionLevel.READ
const appId = context.getAppId() const appId = context.getAppId()
if (appId && hasResource(ctx)) { if (appId && hasResource(ctx)) {
resourceRoles = await roles.getRequiredResourceRole(permLevel, ctx) resourceRoles = await roles.getRequiredResourceRole(permLevel!, ctx)
if (opts && opts.schema) { if (opts && opts.schema) {
otherLevelRoles = await roles.getRequiredResourceRole(otherLevel, ctx) otherLevelRoles = await roles.getRequiredResourceRole(otherLevel, ctx)
} }
@ -110,13 +121,16 @@ export default (
// check general builder stuff, this middleware is a good way // check general builder stuff, this middleware is a good way
// to find API endpoints which are builder focused // to find API endpoints which are builder focused
if (permType === permissions.PermissionType.BUILDER) { if (
permType === PermissionType.BUILDER ||
permType === PermissionType.GLOBAL_BUILDER
) {
await builderMiddleware(ctx) await builderMiddleware(ctx)
} }
try { try {
// check authorized // check authorized
await checkAuthorized(ctx, resourceRoles, permType, permLevel) await checkAuthorized(ctx, resourceRoles, permType, permLevel!)
} catch (err) { } catch (err) {
// this is a schema, check if // this is a schema, check if
if (opts && opts.schema && permLevel) { if (opts && opts.schema && permLevel) {

2
packages/server/src/middleware/builder.ts
View file

@ -10,7 +10,7 @@ import {
setDebounce, setDebounce,
} from "../utilities/redis" } from "../utilities/redis"
import { db as dbCore, cache } from "@budibase/backend-core" import { db as dbCore, cache } from "@budibase/backend-core"
import { UserCtx, Database, App } from "@budibase/types" import { UserCtx, Database } from "@budibase/types"
const DEBOUNCE_TIME_SEC = 30 const DEBOUNCE_TIME_SEC = 30

17
packages/server/src/middleware/currentapp.ts
View file

@ -4,12 +4,13 @@ import {
roles, roles,
tenancy, tenancy,
context, context,
users,
} from "@budibase/backend-core" } from "@budibase/backend-core"
import { generateUserMetadataID, isDevAppID } from "../db/utils" import { generateUserMetadataID, isDevAppID } from "../db/utils"
import { getCachedSelf } from "../utilities/global" import { getCachedSelf } from "../utilities/global"
import env from "../environment" import env from "../environment"
import { isWebhookEndpoint } from "./utils" import { isWebhookEndpoint } from "./utils"
import { UserCtx } from "@budibase/types" import { UserCtx, ContextUser } from "@budibase/types"
export default async (ctx: UserCtx, next: any) => { export default async (ctx: UserCtx, next: any) => {
// try to get the appID from the request // try to get the appID from the request
@ -23,7 +24,7 @@ export default async (ctx: UserCtx, next: any) => {
if ( if (
isDevAppID(requestAppId) && isDevAppID(requestAppId) &&
!isWebhookEndpoint(ctx) && !isWebhookEndpoint(ctx) &&
(!ctx.user || !ctx.user.builder || !ctx.user.builder.global) !users.isBuilder(ctx.user, requestAppId)
) { ) {
return ctx.redirect("/") return ctx.redirect("/")
} }
@ -42,8 +43,7 @@ export default async (ctx: UserCtx, next: any) => {
roleId = globalUser.roleId || roleId roleId = globalUser.roleId || roleId
// Allow builders to specify their role via a header // Allow builders to specify their role via a header
const isBuilder = const isBuilder = users.isBuilder(globalUser, appId)
globalUser && globalUser.builder && globalUser.builder.global
const isDevApp = appId && isDevAppID(appId) const isDevApp = appId && isDevAppID(appId)
const roleHeader = const roleHeader =
ctx.request && ctx.request &&
@ -56,8 +56,7 @@ export default async (ctx: UserCtx, next: any) => {
roleId = roleHeader roleId = roleHeader
// Delete admin and builder flags so that the specified role is honoured // Delete admin and builder flags so that the specified role is honoured
delete ctx.user.builder ctx.user = users.removePortalUserPermissions(ctx.user) as ContextUser
delete ctx.user.admin
} }
} catch (error) { } catch (error) {
// Swallow error and do nothing // Swallow error and do nothing
@ -71,7 +70,6 @@ export default async (ctx: UserCtx, next: any) => {
} }
return context.doInAppContext(appId, async () => { return context.doInAppContext(appId, async () => {
let skipCookie = false
// if the user not in the right tenant then make sure they have no permissions // if the user not in the right tenant then make sure they have no permissions
// need to judge this only based on the request app ID, // need to judge this only based on the request app ID,
if ( if (
@ -81,12 +79,9 @@ export default async (ctx: UserCtx, next: any) => {
!tenancy.isUserInAppTenant(requestAppId, ctx.user) !tenancy.isUserInAppTenant(requestAppId, ctx.user)
) { ) {
// don't error, simply remove the users rights (they are a public user) // don't error, simply remove the users rights (they are a public user)
delete ctx.user.builder ctx.user = users.cleanseUserObject(ctx.user) as ContextUser
delete ctx.user.admin
delete ctx.user.roles
ctx.isAuthenticated = false ctx.isAuthenticated = false
roleId = roles.BUILTIN_ROLE_IDS.PUBLIC roleId = roles.BUILTIN_ROLE_IDS.PUBLIC
skipCookie = true
} }
ctx.appId = appId ctx.appId = appId

10
packages/server/src/middleware/tests/authorized.spec.js
View file

@ -9,7 +9,7 @@ jest.mock("../../environment", () => ({
) )
const authorizedMiddleware = require("../authorized").default const authorizedMiddleware = require("../authorized").default
const env = require("../../environment") const env = require("../../environment")
const { permissions } = require("@budibase/backend-core") const { PermissionType, PermissionLevel } = require("@budibase/types")
const APP_ID = "" const APP_ID = ""
@ -112,7 +112,7 @@ describe("Authorization middleware", () => {
it("throws if the user does not have builder permissions", async () => { it("throws if the user does not have builder permissions", async () => {
config.setEnvironment(false) config.setEnvironment(false)
config.setMiddlewareRequiredPermission(permissions.PermissionType.BUILDER) config.setMiddlewareRequiredPermission(PermissionType.BUILDER)
config.setUser({ config.setUser({
role: { role: {
_id: "" _id: ""
@ -124,13 +124,13 @@ describe("Authorization middleware", () => {
}) })
it("passes on to next() middleware if the user has resource permission", async () => { it("passes on to next() middleware if the user has resource permission", async () => {
config.setResourceId(permissions.PermissionType.QUERY) config.setResourceId(PermissionType.QUERY)
config.setUser({ config.setUser({
role: { role: {
_id: "" _id: ""
} }
}) })
config.setMiddlewareRequiredPermission(permissions.PermissionType.QUERY) config.setMiddlewareRequiredPermission(PermissionType.QUERY)
await config.executeMiddleware() await config.executeMiddleware()
expect(config.next).toHaveBeenCalled() expect(config.next).toHaveBeenCalled()
@ -154,7 +154,7 @@ describe("Authorization middleware", () => {
_id: "" _id: ""
}, },
}) })
config.setMiddlewareRequiredPermission(permissions.PermissionType.ADMIN, permissions.PermissionLevel.BASIC) config.setMiddlewareRequiredPermission(PermissionType.ADMIN, PermissionLevel.BASIC)
await config.executeMiddleware() await config.executeMiddleware()
expect(config.throw).toHaveBeenCalledWith(403, "User does not have permission") expect(config.throw).toHaveBeenCalledWith(403, "User does not have permission")

10
packages/server/src/migrations/functions/backfill/global/users.ts
View file

@ -1,4 +1,8 @@
import { events, db as dbUtils } from "@budibase/backend-core" import {
events,
db as dbUtils,
users as usersCore,
} from "@budibase/backend-core"
import { User, CloudAccount } from "@budibase/types" import { User, CloudAccount } from "@budibase/types"
import { DEFAULT_TIMESTAMP } from ".." import { DEFAULT_TIMESTAMP } from ".."
@ -30,11 +34,11 @@ export const backfill = async (
await events.identification.identifyUser(user, account, timestamp) await events.identification.identifyUser(user, account, timestamp)
await events.user.created(user, timestamp) await events.user.created(user, timestamp)
if (user.admin?.global) { if (usersCore.hasAdminPermissions(user)) {
await events.user.permissionAdminAssigned(user, timestamp) await events.user.permissionAdminAssigned(user, timestamp)
} }
if (user.builder?.global) { if (usersCore.hasBuilderPermissions(user)) {
await events.user.permissionBuilderAssigned(user, timestamp) await events.user.permissionBuilderAssigned(user, timestamp)
} }

4
packages/server/src/migrations/tests/index.spec.ts
View file

@ -17,7 +17,7 @@ tk.freeze(timestamp)
const clearMigrations = async () => { const clearMigrations = async () => {
const dbs = [context.getDevAppDB(), context.getProdAppDB()] const dbs = [context.getDevAppDB(), context.getProdAppDB()]
for (const db of dbs) { for (const db of dbs) {
const doc = await db.get(DocumentType.MIGRATIONS) const doc = await db.get<any>(DocumentType.MIGRATIONS)
const newDoc = { _id: doc._id, _rev: doc._rev } const newDoc = { _id: doc._id, _rev: doc._rev }
await db.put(newDoc) await db.put(newDoc)
} }
@ -52,7 +52,7 @@ describe("migrations", () => {
await config.createTable() await config.createTable()
await config.createView() await config.createView()
await config.createTable() await config.createTable()
await config.createView(structures.view(config.table._id)) await config.createView(structures.view(config.table!._id!))
await config.createScreen() await config.createScreen()
await config.createScreen() await config.createScreen()

50
packages/server/src/sdk/app/applications/applications.ts Normal file
View file

@ -0,0 +1,50 @@
import { AppStatus } from "../../../db/utils"
import { App, ContextUser } from "@budibase/types"
import { getLocksById } from "../../../utilities/redis"
import { enrichApps } from "../../users/sessions"
import { checkAppMetadata } from "../../../automations/logging"
import { db as dbCore, users } from "@budibase/backend-core"
export function filterAppList(user: ContextUser, apps: App[]) {
let appList: string[] = []
const roleApps = Object.keys(user.roles || {})
if (users.hasAppBuilderPermissions(user)) {
appList = user.builder?.apps || []
appList = appList.concat(roleApps)
} else if (!users.isAdminOrBuilder(user)) {
appList = roleApps
} else {
return apps
}
return apps.filter(app => appList.includes(dbCore.getProdAppID(app.appId)))
}
export async function fetch(status: AppStatus, user: ContextUser) {
const dev = status === AppStatus.DEV
const all = status === AppStatus.ALL
let apps = (await dbCore.getAllApps({ dev, all })) as App[]
apps = filterAppList(user, apps)
const appIds = apps
.filter((app: any) => app.status === "development")
.map((app: any) => app.appId)
// get the locks for all the dev apps
if (dev || all) {
const locks = await getLocksById(appIds)
for (let app of apps) {
const lock = locks[app.appId]
if (lock) {
app.lockedBy = lock
} else {
// make sure its definitely not present
delete app.lockedBy
}
}
}
// Enrich apps with all builder user sessions
const enrichedApps = await enrichApps(apps)
return await checkAppMetadata(enrichedApps)
}

2
packages/server/src/sdk/app/applications/index.ts
View file

@ -1,7 +1,9 @@
import * as sync from "./sync" import * as sync from "./sync"
import * as utils from "./utils" import * as utils from "./utils"
import * as applications from "./applications"
export default { export default {
...sync, ...sync,
...utils, ...utils,
...applications,
} }

2
packages/server/src/sdk/app/views/index.ts
View file

@ -86,6 +86,7 @@ export function enrichSchema(view: View | ViewV2, tableSchema: TableSchema) {
: schema[fieldName].order, : schema[fieldName].order,
} }
} }
delete view.schemaUI
} }
if (view?.columns?.length) { if (view?.columns?.length) {
@ -97,6 +98,7 @@ export function enrichSchema(view: View | ViewV2, tableSchema: TableSchema) {
pickedSchema[fieldName] = { ...schema[fieldName] } pickedSchema[fieldName] = { ...schema[fieldName] }
} }
schema = pickedSchema schema = pickedSchema
delete view.columns
} }
return { return {

6
packages/server/src/utilities/global.ts
View file

@ -5,6 +5,7 @@ import {
cache, cache,
tenancy, tenancy,
context, context,
users,
} from "@budibase/backend-core" } from "@budibase/backend-core"
import env from "../environment" import env from "../environment"
import { groups } from "@budibase/pro" import { groups } from "@budibase/pro"
@ -22,8 +23,7 @@ export function updateAppRole(
} }
// if in an multi-tenancy environment make sure roles are never updated // if in an multi-tenancy environment make sure roles are never updated
if (env.MULTI_TENANCY && appId && !tenancy.isUserInAppTenant(appId, user)) { if (env.MULTI_TENANCY && appId && !tenancy.isUserInAppTenant(appId, user)) {
delete user.builder user = users.removePortalUserPermissions(user)
delete user.admin
user.roleId = roles.BUILTIN_ROLE_IDS.PUBLIC user.roleId = roles.BUILTIN_ROLE_IDS.PUBLIC
return user return user
} }
@ -32,7 +32,7 @@ export function updateAppRole(
user.roleId = user.roles[dbCore.getProdAppID(appId)] user.roleId = user.roles[dbCore.getProdAppID(appId)]
} }
// if a role wasn't found then either set as admin (builder) or public (everyone else) // if a role wasn't found then either set as admin (builder) or public (everyone else)
if (!user.roleId && user.builder && user.builder.global) { if (!user.roleId && users.isBuilder(user, appId)) {
user.roleId = roles.BUILTIN_ROLE_IDS.ADMIN user.roleId = roles.BUILTIN_ROLE_IDS.ADMIN
} else if (!user.roleId && !user?.userGroups?.length) { } else if (!user.roleId && !user?.userGroups?.length) {
user.roleId = roles.BUILTIN_ROLE_IDS.PUBLIC user.roleId = roles.BUILTIN_ROLE_IDS.PUBLIC

7
packages/server/src/utilities/rowProcessor/tests/utils.spec.ts
View file

@ -1,18 +1,19 @@
import { fixAutoColumnSubType } from "../utils" import { fixAutoColumnSubType } from "../utils"
import { AutoFieldDefaultNames, AutoFieldSubTypes } from "../../../constants" import { AutoFieldDefaultNames, AutoFieldSubTypes } from "../../../constants"
import { FieldSchema, FieldType, RelationshipType } from "@budibase/types"
describe("rowProcessor utility", () => { describe("rowProcessor utility", () => {
describe("fixAutoColumnSubType", () => { describe("fixAutoColumnSubType", () => {
let schema = { let schema: FieldSchema = {
name: "", name: "",
type: "link", type: FieldType.LINK,
subtype: "", // missing subtype subtype: "", // missing subtype
icon: "ri-magic-line", icon: "ri-magic-line",
autocolumn: true, autocolumn: true,
constraints: { type: "array", presence: false }, constraints: { type: "array", presence: false },
tableId: "ta_users", tableId: "ta_users",
fieldName: "test-Updated By", fieldName: "test-Updated By",
relationshipType: "many-to-many", relationshipType: RelationshipType.MANY_TO_MANY,
sortable: false, sortable: false,
} }

2
packages/server/src/utilities/rowProcessor/utils.ts
View file

@ -5,7 +5,7 @@ import {
FormulaTypes, FormulaTypes,
} from "../../constants" } from "../../constants"
import { processStringSync } from "@budibase/string-templates" import { processStringSync } from "@budibase/string-templates"
import { FieldSchema, FieldType, Row, Table } from "@budibase/types" import { FieldSchema, Row, Table } from "@budibase/types"
/** /**
* If the subtype has been lost for any reason this works out what * If the subtype has been lost for any reason this works out what

7
packages/server/tsconfig.json
View file

@ -2,15 +2,12 @@
"extends": "./tsconfig.build.json", "extends": "./tsconfig.build.json",
"compilerOptions": { "compilerOptions": {
"composite": true, "composite": true,
"declaration": true, "baseUrl": "."
"sourceMap": true,
"baseUrl": ".",
"outDir": "dist"
}, },
"ts-node": { "ts-node": {
"require": ["tsconfig-paths/register"], "require": ["tsconfig-paths/register"],
"swc": true "swc": true
}, },
"include": ["src/**/*", "specs"], "include": ["src/**/*", "specs", "__mocks__"],
"exclude": ["node_modules", "dist"] "exclude": ["node_modules", "dist"]
} }

30
packages/shared-core/package.json
View file

@ -2,22 +2,22 @@
"name": "@budibase/shared-core", "name": "@budibase/shared-core",
"version": "0.0.0", "version": "0.0.0",
"description": "Shared data utils", "description": "Shared data utils",
"main": "dist/cjs/src/index.js", "main": "src/index.ts",
"types": "dist/mjs/src/index.d.ts", "types": "src/index.ts",
"exports": { "exports": {
".": { ".": {
"import": "./dist/mjs/src/index.js", "import": "./dist/index.js",
"require": "./dist/cjs/src/index.js" "require": "./src/index.ts"
}, }
"./package.json": "./dist/mjs/package.json"
}, },
"author": "Budibase", "author": "Budibase",
"license": "GPL-3.0", "license": "GPL-3.0",
"scripts": { "scripts": {
"prebuild": "rimraf dist/", "prebuild": "rimraf dist/",
"build": "tsc -p tsconfig.build.json && tsc -p tsconfig-cjs.build.json", "build": "tsc -p tsconfig.build.json",
"build:dev": "yarn prebuild && tsc --build --watch --preserveWatchOutput", "build:dev": "yarn prebuild && tsc --build --watch --preserveWatchOutput",
"dev:builder": "yarn prebuild && concurrently \"tsc -p tsconfig.build.json --watch\" \"tsc -p tsconfig-cjs.build.json --watch\"" "dev:builder": "yarn prebuild && tsc -p tsconfig.json --watch --preserveWatchOutput",
"check:types": "tsc -p tsconfig.json --noEmit --paths null"
}, },
"dependencies": { "dependencies": {
"@budibase/types": "0.0.0" "@budibase/types": "0.0.0"
@ -26,19 +26,5 @@
"concurrently": "^7.6.0", "concurrently": "^7.6.0",
"rimraf": "3.0.2", "rimraf": "3.0.2",
"typescript": "4.7.3" "typescript": "4.7.3"
},
"nx": {
"targets": {
"build": {
"dependsOn": [
{
"projects": [
"@budibase/types"
],
"target": "build"
}
]
}
}
} }
} }

1
packages/shared-core/src/index.ts
View file

@ -2,3 +2,4 @@ export * from "./constants"
export * as dataFilters from "./filters" export * as dataFilters from "./filters"
export * as helpers from "./helpers" export * as helpers from "./helpers"
export * as utils from "./utils" export * as utils from "./utils"
export * as sdk from "./sdk"

35
packages/shared-core/src/sdk/documents/applications.ts Normal file
View file

@ -0,0 +1,35 @@
import { DocumentType, prefixed } from "@budibase/types"
const APP_PREFIX = prefixed(DocumentType.APP)
const APP_DEV_PREFIX = prefixed(DocumentType.APP_DEV)
export function getDevAppID(appId: string) {
if (!appId) {
throw new Error("No app ID provided")
}
if (appId.startsWith(APP_DEV_PREFIX)) {
return appId
}
// split to take off the app_ element, then join it together incase any other app_ exist
const split = appId.split(APP_PREFIX)
split.shift()
const rest = split.join(APP_PREFIX)
return `${APP_DEV_PREFIX}${rest}`
}
/**
* Convert a development app ID to a deployed app ID.
*/
export function getProdAppID(appId: string) {
if (!appId) {
throw new Error("No app ID provided")
}
if (!appId.startsWith(APP_DEV_PREFIX)) {
return appId
}
// split to take off the app_dev element, then join it together incase any other app_ exist
const split = appId.split(APP_DEV_PREFIX)
split.shift()
const rest = split.join(APP_DEV_PREFIX)
return `${APP_PREFIX}${rest}`
}

2
packages/shared-core/src/sdk/documents/index.ts Normal file
View file

@ -0,0 +1,2 @@
export * as applications from "./applications"
export * as users from "./users"

62
packages/shared-core/src/sdk/documents/users.ts Normal file
View file

@ -0,0 +1,62 @@
import { ContextUser, User } from "@budibase/types"
import { getProdAppID } from "./applications"
// checks if a user is specifically a builder, given an app ID
export function isBuilder(user: User | ContextUser, appId?: string): boolean {
if (!user) {
return false
}
if (user.builder?.global) {
return true
} else if (appId && user.builder?.apps?.includes(getProdAppID(appId))) {
return true
}
return false
}
export function isGlobalBuilder(user: User | ContextUser): boolean {
return (isBuilder(user) && !hasAppBuilderPermissions(user)) || isAdmin(user)
}
// alias for hasAdminPermission, currently do the same thing
// in future whether someone has admin permissions and whether they are
// an admin for a specific resource could be separated
export function isAdmin(user: User | ContextUser): boolean {
if (!user) {
return false
}
return hasAdminPermissions(user)
}
export function isAdminOrBuilder(
user: User | ContextUser,
appId?: string
): boolean {
return isBuilder(user, appId) || isAdmin(user)
}
// check if they are a builder within an app (not necessarily a global builder)
export function hasAppBuilderPermissions(user?: User | ContextUser): boolean {
if (!user) {
return false
}
const appLength = user.builder?.apps?.length
const isGlobalBuilder = !!user.builder?.global
return !isGlobalBuilder && appLength != null && appLength > 0
}
// checks if a user is capable of building any app
export function hasBuilderPermissions(user?: User | ContextUser): boolean {
if (!user) {
return false
}
return user.builder?.global || hasAppBuilderPermissions(user)
}
// checks if a user is capable of being an admin
export function hasAdminPermissions(user?: User | ContextUser): boolean {
if (!user) {
return false
}
return !!user.admin?.global
}

1
packages/shared-core/src/sdk/index.ts Normal file
View file

@ -0,0 +1 @@
export * from "./documents"

Some files were not shown because too many files have changed in this diff Show more