Fixing a few issues with roles being correctly reverted.
This commit is contained in:
mike12345567
parent
6bef55843a
commit
e0b6ef66ac
3 changed files with 8 additions and 10 deletions
|
|
@ -23,13 +23,13 @@ export async function fetchSelf(ctx: any) {
|
|||
return
|
||||
}
|
||||
|
||||
const appId = context.getAppId()
|
||||
const user = await getFullUser(ctx, userId)
|
||||
// this shouldn't be returned by the app self
|
||||
delete user.roles
|
||||
// forward the csrf token from the session
|
||||
user.csrfToken = ctx.user.csrfToken
|
||||
|
||||
const appId = context.getAppId()
|
||||
if (appId) {
|
||||
const db = context.getAppDB()
|
||||
// check for group permissions
|
||||
|
|
@ -41,14 +41,8 @@ export async function fetchSelf(ctx: any) {
|
|||
delete user.roles
|
||||
try {
|
||||
const userTable = await db.get(InternalTables.USER_METADATA)
|
||||
const metadata = await db.get(userId)
|
||||
// make sure there is never a stale csrf token
|
||||
delete metadata.csrfToken
|
||||
// specifically needs to make sure is enriched
|
||||
ctx.body = await outputProcessing(userTable, {
|
||||
...user,
|
||||
...metadata,
|
||||
})
|
||||
ctx.body = await outputProcessing(userTable, user)
|
||||
} catch (err: any) {
|
||||
let response
|
||||
// user didn't exist in app, don't pretend they do
|
||||
|
|
|
|||
|
|
@ -75,8 +75,9 @@ exports.getRawGlobalUser = async userId => {
|
|||
}
|
||||
|
||||
exports.getGlobalUser = async userId => {
|
||||
const appId = getAppId()
|
||||
let user = await exports.getRawGlobalUser(userId)
|
||||
return processUser(user)
|
||||
return processUser(user, { appId })
|
||||
}
|
||||
|
||||
exports.getGlobalUsers = async (users = null) => {
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@ const { InternalTables } = require("../db/utils")
|
|||
const { getGlobalUser } = require("../utilities/global")
|
||||
const { getAppDB } = require("@budibase/backend-core/context")
|
||||
const { getProdAppID } = require("@budibase/backend-core/db")
|
||||
const { BUILTIN_ROLE_IDS } = require("@budibase/backend-core/roles")
|
||||
|
||||
exports.getFullUser = async (ctx, userId) => {
|
||||
const global = await getGlobalUser(userId)
|
||||
|
|
@ -15,9 +16,11 @@ exports.getFullUser = async (ctx, userId) => {
|
|||
delete global._id
|
||||
delete global._rev
|
||||
}
|
||||
delete metadata.csrfToken
|
||||
return {
|
||||
...global,
|
||||
...metadata,
|
||||
...global,
|
||||
roleId: global.roleId || BUILTIN_ROLE_IDS.PUBLIC,
|
||||
tableId: InternalTables.USER_METADATA,
|
||||
// make sure the ID is always a local ID, not a global one
|
||||
_id: userId,
|
||||
|
|
|
|||
Loading…
Reference in a new issue