From b0bb2a23dbbafa7d5002ab6be8e755989ed1079a Mon Sep 17 00:00:00 2001 From: mike12345567 Date: Mon, 14 Jun 2021 15:23:24 +0100 Subject: [PATCH] Fix for #1710 - don't allow setting setting info from within apps and making the user portal a bit more clear about builders being global admins. --- .../DataTable/modals/CreateEditUser.svelte | 1 + .../builder/portal/manage/users/[userId].svelte | 15 ++++++++++----- packages/server/src/utilities/global.js | 14 +++++++------- 3 files changed, 18 insertions(+), 12 deletions(-) diff --git a/packages/builder/src/components/backend/DataTable/modals/CreateEditUser.svelte b/packages/builder/src/components/backend/DataTable/modals/CreateEditUser.svelte index 62985d4285..32f369ce3d 100644 --- a/packages/builder/src/components/backend/DataTable/modals/CreateEditUser.svelte +++ b/packages/builder/src/components/backend/DataTable/modals/CreateEditUser.svelte @@ -104,6 +104,7 @@ options={$roles} getOptionLabel={role => role.name} getOptionValue={role => role._id} + disabled={!creating} /> {#each customSchemaKeys as [key, meta]} {#if !meta.autocolumn} diff --git a/packages/builder/src/pages/builder/portal/manage/users/[userId].svelte b/packages/builder/src/pages/builder/portal/manage/users/[userId].svelte index 983b31168c..8c5ffeb79f 100644 --- a/packages/builder/src/pages/builder/portal/manage/users/[userId].svelte +++ b/packages/builder/src/pages/builder/portal/manage/users/[userId].svelte @@ -33,12 +33,17 @@ role: {}, } + $: defaultRoleId = $userFetch?.data?.builder?.global ? "ADMIN" : "" + $: console.log(defaultRoleId) // Merge the Apps list and the roles response to get something that makes sense for the table - $: appList = Object.keys($apps?.data).map(id => ({ - ...$apps?.data?.[id], - _id: id, - role: [$userFetch?.data?.roles?.[id]], - })) + $: appList = Object.keys($apps?.data).map(id => { + const role = $userFetch?.data?.roles?.[id] || defaultRoleId + return { + ...$apps?.data?.[id], + _id: id, + role: [role], + } + }) let selectedApp const userFetch = fetchData(`/api/admin/users/${userId}`) diff --git a/packages/server/src/utilities/global.js b/packages/server/src/utilities/global.js index eda0e61cff..17ce066551 100644 --- a/packages/server/src/utilities/global.js +++ b/packages/server/src/utilities/global.js @@ -12,14 +12,14 @@ exports.updateAppRole = (appId, user) => { if (!user.roles) { return user } - if (user.builder && user.builder.global) { + + // always use the deployed app + user.roleId = user.roles[getDeployedAppID(appId)] + // if a role wasn't found then either set as admin (builder) or public (everyone else) + if (!user.roleId && user.builder && user.builder.global) { user.roleId = BUILTIN_ROLE_IDS.ADMIN - } else { - // always use the deployed app - user.roleId = user.roles[getDeployedAppID(appId)] - if (!user.roleId) { - user.roleId = BUILTIN_ROLE_IDS.PUBLIC - } + } else if (!user.roleId) { + user.roleId = BUILTIN_ROLE_IDS.PUBLIC } delete user.roles return user