@budibase/backend-core 2.8.31 → 2.8.32-alpha.0

package/dist/src/users/db.js

@@ -0,0 +1,407 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.UserDB = void 0;
+const environment_1 = __importDefault(require("../environment"));
+const eventHelpers = __importStar(require("./events"));
+const accounts = __importStar(require("../accounts"));
+const cache = __importStar(require("../cache"));
+const context_1 = require("../context");
+const dbUtils = __importStar(require("../db"));
+const errors_1 = require("../errors");
+const platform = __importStar(require("../platform"));
+const sessions = __importStar(require("../security/sessions"));
+const usersCore = __importStar(require("./users"));
+const types_1 = require("@budibase/types");
+const accountSdk = __importStar(require("../accounts"));
+const utils_1 = require("./utils");
+const lookup_1 = require("./lookup");
+const utils_2 = require("../utils");
+const bulkDeleteProcessing = (dbUser) => __awaiter(void 0, void 0, void 0, function* () {
+    const userId = dbUser._id;
+    yield platform.users.removeUser(dbUser);
+    yield eventHelpers.handleDeleteEvents(dbUser);
+    yield cache.user.invalidateUser(userId);
+    yield sessions.invalidateSessions(userId, { reason: "bulk-deletion" });
+});
+class UserDB {
+    static init(quotaFns, groupFns, featureFns) {
+        UserDB.quotas = quotaFns;
+        UserDB.groups = groupFns;
+        UserDB.features = featureFns;
+    }
+    static isPreventPasswordActions(user, account) {
+        return __awaiter(this, void 0, void 0, function* () {
+            // when in maintenance mode we allow sso users with the admin role
+            // to perform any password action - this prevents lockout
+            if (environment_1.default.ENABLE_SSO_MAINTENANCE_MODE && (0, utils_1.isAdmin)(user)) {
+                return false;
+            }
+            // SSO is enforced for all users
+            if (yield UserDB.features.isSSOEnforced()) {
+                return true;
+            }
+            // Check local sso
+            if ((0, types_1.isSSOUser)(user)) {
+                return true;
+            }
+            // Check account sso
+            if (!account) {
+                account = yield accountSdk.getAccountByTenantId((0, context_1.getTenantId)());
+            }
+            return !!(account && account.email === user.email && (0, types_1.isSSOAccount)(account));
+        });
+    }
+    static buildUser(user, opts = {
+        hashPassword: true,
+        requirePassword: true,
+    }, tenantId, dbUser, account) {
+        return __awaiter(this, void 0, void 0, function* () {
+            let { password, _id } = user;
+            // don't require a password if the db user doesn't already have one
+            if (dbUser && !dbUser.password) {
+                opts.requirePassword = false;
+            }
+            let hashedPassword;
+            if (password) {
+                if (yield UserDB.isPreventPasswordActions(user, account)) {
+                    throw new errors_1.HTTPError("Password change is disabled for this user", 400);
+                }
+                hashedPassword = opts.hashPassword ? yield (0, utils_2.hash)(password) : password;
+            }
+            else if (dbUser) {
+                hashedPassword = dbUser.password;
+            }
+            // passwords are never required if sso is enforced
+            const requirePasswords = opts.requirePassword && !(yield UserDB.features.isSSOEnforced());
+            if (!hashedPassword && requirePasswords) {
+                throw "Password must be specified.";
+            }
+            _id = _id || dbUtils.generateGlobalUserID();
+            const fullUser = Object.assign(Object.assign(Object.assign({ createdAt: Date.now() }, dbUser), user), { _id, password: hashedPassword, tenantId });
+            // make sure the roles object is always present
+            if (!fullUser.roles) {
+                fullUser.roles = {};
+            }
+            // add the active status to a user if its not provided
+            if (fullUser.status == null) {
+                fullUser.status = types_1.UserStatus.ACTIVE;
+            }
+            return fullUser;
+        });
+    }
+    static allUsers() {
+        return __awaiter(this, void 0, void 0, function* () {
+            const db = (0, context_1.getGlobalDB)();
+            const response = yield db.allDocs(dbUtils.getGlobalUserParams(null, {
+                include_docs: true,
+            }));
+            return response.rows.map((row) => row.doc);
+        });
+    }
+    static countUsersByApp(appId) {
+        return __awaiter(this, void 0, void 0, function* () {
+            let response = yield usersCore.searchGlobalUsersByApp(appId, {});
+            return {
+                userCount: response.length,
+            };
+        });
+    }
+    static getUsersByAppAccess(appId) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const opts = {
+                include_docs: true,
+                limit: 50,
+            };
+            let response = yield usersCore.searchGlobalUsersByAppAccess(appId, opts);
+            return response;
+        });
+    }
+    static getUserByEmail(email) {
+        return __awaiter(this, void 0, void 0, function* () {
+            return usersCore.getGlobalUserByEmail(email);
+        });
+    }
+    /**
+     * Gets a user by ID from the global database, based on the current tenancy.
+     */
+    static getUser(userId) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const user = yield usersCore.getById(userId);
+            if (user) {
+                delete user.password;
+            }
+            return user;
+        });
+    }
+    static save(user, opts = {}) {
+        var _a, _b;
+        return __awaiter(this, void 0, void 0, function* () {
+            // default booleans to true
+            if (opts.hashPassword == null) {
+                opts.hashPassword = true;
+            }
+            if (opts.requirePassword == null) {
+                opts.requirePassword = true;
+            }
+            const tenantId = (0, context_1.getTenantId)();
+            const db = (0, context_1.getGlobalDB)();
+            let { email, _id, userGroups = [], roles } = user;
+            if (!email && !_id) {
+                throw new Error("_id or email is required");
+            }
+            if (((_b = (_a = user.builder) === null || _a === void 0 ? void 0 : _a.apps) === null || _b === void 0 ? void 0 : _b.length) &&
+                !(yield UserDB.features.isAppBuildersEnabled())) {
+                throw new Error("Unable to update app builders, please check license");
+            }
+            let dbUser;
+            if (_id) {
+                // try to get existing user from db
+                try {
+                    dbUser = (yield db.get(_id));
+                    if (email && dbUser.email !== email) {
+                        throw "Email address cannot be changed";
+                    }
+                    email = dbUser.email;
+                }
+                catch (e) {
+                    if (e.status === 404) {
+                        // do nothing, save this new user with the id specified - required for SSO auth
+                    }
+                    else {
+                        throw e;
+                    }
+                }
+            }
+            if (!dbUser && email) {
+                // no id was specified - load from email instead
+                dbUser = yield usersCore.getGlobalUserByEmail(email);
+                if (dbUser && dbUser._id !== _id) {
+                    throw new errors_1.EmailUnavailableError(email);
+                }
+            }
+            const change = dbUser ? 0 : 1; // no change if there is existing user
+            return UserDB.quotas.addUsers(change, () => __awaiter(this, void 0, void 0, function* () {
+                yield (0, utils_1.validateUniqueUser)(email, tenantId);
+                let builtUser = yield UserDB.buildUser(user, opts, tenantId, dbUser);
+                // don't allow a user to update its own roles/perms
+                if (opts.currentUserId && opts.currentUserId === (dbUser === null || dbUser === void 0 ? void 0 : dbUser._id)) {
+                    builtUser = usersCore.cleanseUserObject(builtUser, dbUser);
+                }
+                if (!dbUser && (roles === null || roles === void 0 ? void 0 : roles.length)) {
+                    builtUser.roles = Object.assign({}, roles);
+                }
+                // make sure we set the _id field for a new user
+                // Also if this is a new user, associate groups with them
+                let groupPromises = [];
+                if (!_id) {
+                    _id = builtUser._id;
+                    if (userGroups.length > 0) {
+                        for (let groupId of userGroups) {
+                            groupPromises.push(UserDB.groups.addUsers(groupId, [_id]));
+                        }
+                    }
+                }
+                try {
+                    // save the user to db
+                    let response = yield db.put(builtUser);
+                    builtUser._rev = response.rev;
+                    yield eventHelpers.handleSaveEvents(builtUser, dbUser);
+                    yield platform.users.addUser(tenantId, builtUser._id, builtUser.email);
+                    yield cache.user.invalidateUser(response.id);
+                    yield Promise.all(groupPromises);
+                    // finally returned the saved user from the db
+                    return db.get(builtUser._id);
+                }
+                catch (err) {
+                    if (err.status === 409) {
+                        throw "User exists already";
+                    }
+                    else {
+                        throw err;
+                    }
+                }
+            }));
+        });
+    }
+    static bulkCreate(newUsersRequested, groups) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const tenantId = (0, context_1.getTenantId)();
+            let usersToSave = [];
+            let newUsers = [];
+            const emails = newUsersRequested.map((user) => user.email);
+            const existingEmails = yield (0, lookup_1.searchExistingEmails)(emails);
+            const unsuccessful = [];
+            for (const newUser of newUsersRequested) {
+                if (newUsers.find((x) => x.email.toLowerCase() === newUser.email.toLowerCase()) ||
+                    existingEmails.includes(newUser.email.toLowerCase())) {
+                    unsuccessful.push({
+                        email: newUser.email,
+                        reason: `Unavailable`,
+                    });
+                    continue;
+                }
+                newUser.userGroups = groups;
+                newUsers.push(newUser);
+            }
+            const account = yield accountSdk.getAccountByTenantId(tenantId);
+            return UserDB.quotas.addUsers(newUsers.length, () => __awaiter(this, void 0, void 0, function* () {
+                // create the promises array that will be called by bulkDocs
+                newUsers.forEach((user) => {
+                    usersToSave.push(UserDB.buildUser(user, {
+                        hashPassword: true,
+                        requirePassword: user.requirePassword,
+                    }, tenantId, undefined, // no dbUser
+                    account));
+                });
+                const usersToBulkSave = yield Promise.all(usersToSave);
+                yield usersCore.bulkUpdateGlobalUsers(usersToBulkSave);
+                // Post-processing of bulk added users, e.g. events and cache operations
+                for (const user of usersToBulkSave) {
+                    // TODO: Refactor to bulk insert users into the info db
+                    // instead of relying on looping tenant creation
+                    yield platform.users.addUser(tenantId, user._id, user.email);
+                    yield eventHelpers.handleSaveEvents(user, undefined);
+                }
+                const saved = usersToBulkSave.map(user => {
+                    return {
+                        _id: user._id,
+                        email: user.email,
+                    };
+                });
+                // now update the groups
+                if (Array.isArray(saved) && groups) {
+                    const groupPromises = [];
+                    const createdUserIds = saved.map(user => user._id);
+                    for (let groupId of groups) {
+                        groupPromises.push(UserDB.groups.addUsers(groupId, createdUserIds));
+                    }
+                    yield Promise.all(groupPromises);
+                }
+                return {
+                    successful: saved,
+                    unsuccessful,
+                };
+            }));
+        });
+    }
+    static bulkDelete(userIds) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const db = (0, context_1.getGlobalDB)();
+            const response = {
+                successful: [],
+                unsuccessful: [],
+            };
+            // remove the account holder from the delete request if present
+            const account = yield (0, utils_1.getAccountHolderFromUserIds)(userIds);
+            if (account) {
+                userIds = userIds.filter(u => u !== account.budibaseUserId);
+                // mark user as unsuccessful
+                response.unsuccessful.push({
+                    _id: account.budibaseUserId,
+                    email: account.email,
+                    reason: "Account holder cannot be deleted",
+                });
+            }
+            // Get users and delete
+            const allDocsResponse = yield db.allDocs({
+                include_docs: true,
+                keys: userIds,
+            });
+            const usersToDelete = allDocsResponse.rows.map((user) => {
+                return user.doc;
+            });
+            // Delete from DB
+            const toDelete = usersToDelete.map(user => (Object.assign(Object.assign({}, user), { _deleted: true })));
+            const dbResponse = yield usersCore.bulkUpdateGlobalUsers(toDelete);
+            yield UserDB.quotas.removeUsers(toDelete.length);
+            for (let user of usersToDelete) {
+                yield bulkDeleteProcessing(user);
+            }
+            // Build Response
+            // index users by id
+            const userIndex = {};
+            usersToDelete.reduce((prev, current) => {
+                prev[current._id] = current;
+                return prev;
+            }, userIndex);
+            // add the successful and unsuccessful users to response
+            dbResponse.forEach(item => {
+                const email = userIndex[item.id].email;
+                if (item.ok) {
+                    response.successful.push({ _id: item.id, email });
+                }
+                else {
+                    response.unsuccessful.push({
+                        _id: item.id,
+                        email,
+                        reason: "Database error",
+                    });
+                }
+            });
+            return response;
+        });
+    }
+    static destroy(id) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const db = (0, context_1.getGlobalDB)();
+            const dbUser = (yield db.get(id));
+            const userId = dbUser._id;
+            if (!environment_1.default.SELF_HOSTED && !environment_1.default.DISABLE_ACCOUNT_PORTAL) {
+                // root account holder can't be deleted from inside budibase
+                const email = dbUser.email;
+                const account = yield accounts.getAccount(email);
+                if (account) {
+                    if (dbUser.userId === (0, context_1.getIdentity)()._id) {
+                        throw new errors_1.HTTPError('Please visit "Account" to delete this user', 400);
+                    }
+                    else {
+                        throw new errors_1.HTTPError("Account holder cannot be deleted", 400);
+                    }
+                }
+            }
+            yield platform.users.removeUser(dbUser);
+            yield db.remove(userId, dbUser._rev);
+            yield UserDB.quotas.removeUsers(1);
+            yield eventHelpers.handleDeleteEvents(dbUser);
+            yield cache.user.invalidateUser(userId);
+            yield sessions.invalidateSessions(userId, { reason: "deletion" });
+        });
+    }
+}
+exports.UserDB = UserDB;
+//# sourceMappingURL=db.js.map

package/dist/src/users/db.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"db.js","sourceRoot":"","sources":["../../../src/users/db.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,iEAAgC;AAChC,uDAAwC;AACxC,sDAAuC;AACvC,gDAAiC;AACjC,wCAAkE;AAClE,+CAAgC;AAChC,sCAA4D;AAC5D,sDAAuC;AACvC,+DAAgD;AAChD,mDAAoC;AACpC,2CAWwB;AACxB,wDAAyC;AACzC,mCAIgB;AAChB,qCAA+C;AAC/C,oCAA+B;AAS/B,MAAM,oBAAoB,GAAG,CAAO,MAAY,EAAE,EAAE;IAClD,MAAM,MAAM,GAAG,MAAM,CAAC,GAAa,CAAA;IACnC,MAAM,QAAQ,CAAC,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC,CAAA;IACvC,MAAM,YAAY,CAAC,kBAAkB,CAAC,MAAM,CAAC,CAAA;IAC7C,MAAM,KAAK,CAAC,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,CAAA;IACvC,MAAM,QAAQ,CAAC,kBAAkB,CAAC,MAAM,EAAE,EAAE,MAAM,EAAE,eAAe,EAAE,CAAC,CAAA;AACxE,CAAC,CAAA,CAAA;AAED,MAAa,MAAM;IAKjB,MAAM,CAAC,IAAI,CAAC,QAAkB,EAAE,QAAkB,EAAE,UAAsB;QACxE,MAAM,CAAC,MAAM,GAAG,QAAQ,CAAA;QACxB,MAAM,CAAC,MAAM,GAAG,QAAQ,CAAA;QACxB,MAAM,CAAC,QAAQ,GAAG,UAAU,CAAA;IAC9B,CAAC;IAED,MAAM,CAAO,wBAAwB,CAAC,IAAU,EAAE,OAAiB;;YACjE,kEAAkE;YAClE,yDAAyD;YACzD,IAAI,qBAAG,CAAC,2BAA2B,IAAI,IAAA,eAAO,EAAC,IAAI,CAAC,EAAE;gBACpD,OAAO,KAAK,CAAA;aACb;YAED,gCAAgC;YAChC,IAAI,MAAM,MAAM,CAAC,QAAQ,CAAC,aAAa,EAAE,EAAE;gBACzC,OAAO,IAAI,CAAA;aACZ;YAED,kBAAkB;YAClB,IAAI,IAAA,iBAAS,EAAC,IAAI,CAAC,EAAE;gBACnB,OAAO,IAAI,CAAA;aACZ;YAED,oBAAoB;YACpB,IAAI,CAAC,OAAO,EAAE;gBACZ,OAAO,GAAG,MAAM,UAAU,CAAC,oBAAoB,CAAC,IAAA,qBAAW,GAAE,CAAC,CAAA;aAC/D;YACD,OAAO,CAAC,CAAC,CAAC,OAAO,IAAI,OAAO,CAAC,KAAK,KAAK,IAAI,CAAC,KAAK,IAAI,IAAA,oBAAY,EAAC,OAAO,CAAC,CAAC,CAAA;QAC7E,CAAC;KAAA;IAED,MAAM,CAAO,SAAS,CACpB,IAAU,EACV,OAAqB;QACnB,YAAY,EAAE,IAAI;QAClB,eAAe,EAAE,IAAI;KACtB,EACD,QAAgB,EAChB,MAAY,EACZ,OAAiB;;YAEjB,IAAI,EAAE,QAAQ,EAAE,GAAG,EAAE,GAAG,IAAI,CAAA;YAE5B,mEAAmE;YACnE,IAAI,MAAM,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE;gBAC9B,IAAI,CAAC,eAAe,GAAG,KAAK,CAAA;aAC7B;YAED,IAAI,cAAc,CAAA;YAClB,IAAI,QAAQ,EAAE;gBACZ,IAAI,MAAM,MAAM,CAAC,wBAAwB,CAAC,IAAI,EAAE,OAAO,CAAC,EAAE;oBACxD,MAAM,IAAI,kBAAS,CAAC,2CAA2C,EAAE,GAAG,CAAC,CAAA;iBACtE;gBACD,cAAc,GAAG,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC,MAAM,IAAA,YAAI,EAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAA;aACrE;iBAAM,IAAI,MAAM,EAAE;gBACjB,cAAc,GAAG,MAAM,CAAC,QAAQ,CAAA;aACjC;YAED,kDAAkD;YAClD,MAAM,gBAAgB,GACpB,IAAI,CAAC,eAAe,IAAI,CAAC,CAAC,MAAM,MAAM,CAAC,QAAQ,CAAC,aAAa,EAAE,CAAC,CAAA;YAClE,IAAI,CAAC,cAAc,IAAI,gBAAgB,EAAE;gBACvC,MAAM,6BAA6B,CAAA;aACpC;YAED,GAAG,GAAG,GAAG,IAAI,OAAO,CAAC,oBAAoB,EAAE,CAAA;YAE3C,MAAM,QAAQ,+CACZ,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,IAClB,MAAM,GACN,IAAI,KACP,GAAG,EACH,QAAQ,EAAE,cAAc,EACxB,QAAQ,GACT,CAAA;YACD,+CAA+C;YAC/C,IAAI,CAAC,QAAQ,CAAC,KAAK,EAAE;gBACnB,QAAQ,CAAC,KAAK,GAAG,EAAE,CAAA;aACpB;YACD,sDAAsD;YACtD,IAAI,QAAQ,CAAC,MAAM,IAAI,IAAI,EAAE;gBAC3B,QAAQ,CAAC,MAAM,GAAG,kBAAU,CAAC,MAAM,CAAA;aACpC;YAED,OAAO,QAAQ,CAAA;QACjB,CAAC;KAAA;IAED,MAAM,CAAO,QAAQ;;YACnB,MAAM,EAAE,GAAG,IAAA,qBAAW,GAAE,CAAA;YACxB,MAAM,QAAQ,GAAG,MAAM,EAAE,CAAC,OAAO,CAC/B,OAAO,CAAC,mBAAmB,CAAC,IAAI,EAAE;gBAChC,YAAY,EAAE,IAAI;aACnB,CAAC,CACH,CAAA;YACD,OAAO,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,GAAQ,EAAE,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,CAAA;QACjD,CAAC;KAAA;IAED,MAAM,CAAO,eAAe,CAAC,KAAa;;YACxC,IAAI,QAAQ,GAAQ,MAAM,SAAS,CAAC,sBAAsB,CAAC,KAAK,EAAE,EAAE,CAAC,CAAA;YACrE,OAAO;gBACL,SAAS,EAAE,QAAQ,CAAC,MAAM;aAC3B,CAAA;QACH,CAAC;KAAA;IAED,MAAM,CAAO,mBAAmB,CAAC,KAAc;;YAC7C,MAAM,IAAI,GAAQ;gBAChB,YAAY,EAAE,IAAI;gBAClB,KAAK,EAAE,EAAE;aACV,CAAA;YACD,IAAI,QAAQ,GAAW,MAAM,SAAS,CAAC,4BAA4B,CACjE,KAAK,EACL,IAAI,CACL,CAAA;YACD,OAAO,QAAQ,CAAA;QACjB,CAAC;KAAA;IAED,MAAM,CAAO,cAAc,CAAC,KAAa;;YACvC,OAAO,SAAS,CAAC,oBAAoB,CAAC,KAAK,CAAC,CAAA;QAC9C,CAAC;KAAA;IAED;;OAEG;IACH,MAAM,CAAO,OAAO,CAAC,MAAc;;YACjC,MAAM,IAAI,GAAG,MAAM,SAAS,CAAC,OAAO,CAAC,MAAM,CAAC,CAAA;YAC5C,IAAI,IAAI,EAAE;gBACR,OAAO,IAAI,CAAC,QAAQ,CAAA;aACrB;YACD,OAAO,IAAI,CAAA;QACb,CAAC;KAAA;IAED,MAAM,CAAO,IAAI,CAAC,IAAU,EAAE,OAAqB,EAAE;;;YACnD,2BAA2B;YAC3B,IAAI,IAAI,CAAC,YAAY,IAAI,IAAI,EAAE;gBAC7B,IAAI,CAAC,YAAY,GAAG,IAAI,CAAA;aACzB;YACD,IAAI,IAAI,CAAC,eAAe,IAAI,IAAI,EAAE;gBAChC,IAAI,CAAC,eAAe,GAAG,IAAI,CAAA;aAC5B;YACD,MAAM,QAAQ,GAAG,IAAA,qBAAW,GAAE,CAAA;YAC9B,MAAM,EAAE,GAAG,IAAA,qBAAW,GAAE,CAAA;YAExB,IAAI,EAAE,KAAK,EAAE,GAAG,EAAE,UAAU,GAAG,EAAE,EAAE,KAAK,EAAE,GAAG,IAAI,CAAA;YAEjD,IAAI,CAAC,KAAK,IAAI,CAAC,GAAG,EAAE;gBAClB,MAAM,IAAI,KAAK,CAAC,0BAA0B,CAAC,CAAA;aAC5C;YAED,IACE,CAAA,MAAA,MAAA,IAAI,CAAC,OAAO,0CAAE,IAAI,0CAAE,MAAM;gBAC1B,CAAC,CAAC,MAAM,MAAM,CAAC,QAAQ,CAAC,oBAAoB,EAAE,CAAC,EAC/C;gBACA,MAAM,IAAI,KAAK,CAAC,qDAAqD,CAAC,CAAA;aACvE;YAED,IAAI,MAAwB,CAAA;YAC5B,IAAI,GAAG,EAAE;gBACP,mCAAmC;gBACnC,IAAI;oBACF,MAAM,GAAG,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,CAAS,CAAA;oBACpC,IAAI,KAAK,IAAI,MAAM,CAAC,KAAK,KAAK,KAAK,EAAE;wBACnC,MAAM,iCAAiC,CAAA;qBACxC;oBACD,KAAK,GAAG,MAAM,CAAC,KAAK,CAAA;iBACrB;gBAAC,OAAO,CAAM,EAAE;oBACf,IAAI,CAAC,CAAC,MAAM,KAAK,GAAG,EAAE;wBACpB,+EAA+E;qBAChF;yBAAM;wBACL,MAAM,CAAC,CAAA;qBACR;iBACF;aACF;YAED,IAAI,CAAC,MAAM,IAAI,KAAK,EAAE;gBACpB,gDAAgD;gBAChD,MAAM,GAAG,MAAM,SAAS,CAAC,oBAAoB,CAAC,KAAK,CAAC,CAAA;gBACpD,IAAI,MAAM,IAAI,MAAM,CAAC,GAAG,KAAK,GAAG,EAAE;oBAChC,MAAM,IAAI,8BAAqB,CAAC,KAAK,CAAC,CAAA;iBACvC;aACF;YAED,MAAM,MAAM,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA,CAAC,sCAAsC;YACpE,OAAO,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,EAAE,GAAS,EAAE;gBAC/C,MAAM,IAAA,0BAAkB,EAAC,KAAK,EAAE,QAAQ,CAAC,CAAA;gBAEzC,IAAI,SAAS,GAAG,MAAM,MAAM,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAA;gBACpE,mDAAmD;gBACnD,IAAI,IAAI,CAAC,aAAa,IAAI,IAAI,CAAC,aAAa,MAAK,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,GAAG,CAAA,EAAE;oBAC5D,SAAS,GAAG,SAAS,CAAC,iBAAiB,CAAC,SAAS,EAAE,MAAM,CAAS,CAAA;iBACnE;gBAED,IAAI,CAAC,MAAM,KAAI,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,MAAM,CAAA,EAAE;oBAC5B,SAAS,CAAC,KAAK,qBAAQ,KAAK,CAAE,CAAA;iBAC/B;gBAED,gDAAgD;gBAChD,yDAAyD;gBACzD,IAAI,aAAa,GAAG,EAAE,CAAA;gBACtB,IAAI,CAAC,GAAG,EAAE;oBACR,GAAG,GAAG,SAAS,CAAC,GAAI,CAAA;oBAEpB,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE;wBACzB,KAAK,IAAI,OAAO,IAAI,UAAU,EAAE;4BAC9B,aAAa,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,OAAO,EAAE,CAAC,GAAI,CAAC,CAAC,CAAC,CAAA;yBAC5D;qBACF;iBACF;gBAED,IAAI;oBACF,sBAAsB;oBACtB,IAAI,QAAQ,GAAG,MAAM,EAAE,CAAC,GAAG,CAAC,SAAS,CAAC,CAAA;oBACtC,SAAS,CAAC,IAAI,GAAG,QAAQ,CAAC,GAAG,CAAA;oBAE7B,MAAM,YAAY,CAAC,gBAAgB,CAAC,SAAS,EAAE,MAAM,CAAC,CAAA;oBACtD,MAAM,QAAQ,CAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,EAAE,SAAS,CAAC,GAAI,EAAE,SAAS,CAAC,KAAK,CAAC,CAAA;oBACvE,MAAM,KAAK,CAAC,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAA;oBAE5C,MAAM,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,CAAA;oBAEhC,8CAA8C;oBAC9C,OAAO,EAAE,CAAC,GAAG,CAAC,SAAS,CAAC,GAAI,CAAC,CAAA;iBAC9B;gBAAC,OAAO,GAAQ,EAAE;oBACjB,IAAI,GAAG,CAAC,MAAM,KAAK,GAAG,EAAE;wBACtB,MAAM,qBAAqB,CAAA;qBAC5B;yBAAM;wBACL,MAAM,GAAG,CAAA;qBACV;iBACF;YACH,CAAC,CAAA,CAAC,CAAA;;KACH;IAED,MAAM,CAAO,UAAU,CACrB,iBAAyB,EACzB,MAAgB;;YAEhB,MAAM,QAAQ,GAAG,IAAA,qBAAW,GAAE,CAAA;YAE9B,IAAI,WAAW,GAAU,EAAE,CAAA;YAC3B,IAAI,QAAQ,GAAU,EAAE,CAAA;YAExB,MAAM,MAAM,GAAG,iBAAiB,CAAC,GAAG,CAAC,CAAC,IAAU,EAAE,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;YAChE,MAAM,cAAc,GAAG,MAAM,IAAA,6BAAoB,EAAC,MAAM,CAAC,CAAA;YACzD,MAAM,YAAY,GAAwC,EAAE,CAAA;YAE5D,KAAK,MAAM,OAAO,IAAI,iBAAiB,EAAE;gBACvC,IACE,QAAQ,CAAC,IAAI,CACX,CAAC,CAAO,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,WAAW,EAAE,KAAK,OAAO,CAAC,KAAK,CAAC,WAAW,EAAE,CACnE;oBACD,cAAc,CAAC,QAAQ,CAAC,OAAO,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC,EACpD;oBACA,YAAY,CAAC,IAAI,CAAC;wBAChB,KAAK,EAAE,OAAO,CAAC,KAAK;wBACpB,MAAM,EAAE,aAAa;qBACtB,CAAC,CAAA;oBACF,SAAQ;iBACT;gBACD,OAAO,CAAC,UAAU,GAAG,MAAM,CAAA;gBAC3B,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;aACvB;YAED,MAAM,OAAO,GAAG,MAAM,UAAU,CAAC,oBAAoB,CAAC,QAAQ,CAAC,CAAA;YAC/D,OAAO,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC,MAAM,EAAE,GAAS,EAAE;gBACxD,4DAA4D;gBAC5D,QAAQ,CAAC,OAAO,CAAC,CAAC,IAAS,EAAE,EAAE;oBAC7B,WAAW,CAAC,IAAI,CACd,MAAM,CAAC,SAAS,CACd,IAAI,EACJ;wBACE,YAAY,EAAE,IAAI;wBAClB,eAAe,EAAE,IAAI,CAAC,eAAe;qBACtC,EACD,QAAQ,EACR,SAAS,EAAE,YAAY;oBACvB,OAAO,CACR,CACF,CAAA;gBACH,CAAC,CAAC,CAAA;gBAEF,MAAM,eAAe,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC,CAAA;gBACtD,MAAM,SAAS,CAAC,qBAAqB,CAAC,eAAe,CAAC,CAAA;gBAEtD,wEAAwE;gBACxE,KAAK,MAAM,IAAI,IAAI,eAAe,EAAE;oBAClC,uDAAuD;oBACvD,gDAAgD;oBAChD,MAAM,QAAQ,CAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,IAAI,CAAC,KAAK,CAAC,CAAA;oBAC5D,MAAM,YAAY,CAAC,gBAAgB,CAAC,IAAI,EAAE,SAAS,CAAC,CAAA;iBACrD;gBAED,MAAM,KAAK,GAAG,eAAe,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE;oBACvC,OAAO;wBACL,GAAG,EAAE,IAAI,CAAC,GAAG;wBACb,KAAK,EAAE,IAAI,CAAC,KAAK;qBAClB,CAAA;gBACH,CAAC,CAAC,CAAA;gBAEF,wBAAwB;gBACxB,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,MAAM,EAAE;oBAClC,MAAM,aAAa,GAAG,EAAE,CAAA;oBACxB,MAAM,cAAc,GAAG,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;oBAClD,KAAK,IAAI,OAAO,IAAI,MAAM,EAAE;wBAC1B,aAAa,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,OAAO,EAAE,cAAc,CAAC,CAAC,CAAA;qBACpE;oBACD,MAAM,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,CAAA;iBACjC;gBAED,OAAO;oBACL,UAAU,EAAE,KAAK;oBACjB,YAAY;iBACb,CAAA;YACH,CAAC,CAAA,CAAC,CAAA;QACJ,CAAC;KAAA;IAED,MAAM,CAAO,UAAU,CAAC,OAAiB;;YACvC,MAAM,EAAE,GAAG,IAAA,qBAAW,GAAE,CAAA;YAExB,MAAM,QAAQ,GAAoB;gBAChC,UAAU,EAAE,EAAE;gBACd,YAAY,EAAE,EAAE;aACjB,CAAA;YAED,+DAA+D;YAC/D,MAAM,OAAO,GAAG,MAAM,IAAA,mCAA2B,EAAC,OAAO,CAAC,CAAA;YAC1D,IAAI,OAAO,EAAE;gBACX,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,KAAK,OAAO,CAAC,cAAc,CAAC,CAAA;gBAC3D,4BAA4B;gBAC5B,QAAQ,CAAC,YAAY,CAAC,IAAI,CAAC;oBACzB,GAAG,EAAE,OAAO,CAAC,cAAc;oBAC3B,KAAK,EAAE,OAAO,CAAC,KAAK;oBACpB,MAAM,EAAE,kCAAkC;iBAC3C,CAAC,CAAA;aACH;YAED,uBAAuB;YACvB,MAAM,eAAe,GAA0B,MAAM,EAAE,CAAC,OAAO,CAAC;gBAC9D,YAAY,EAAE,IAAI;gBAClB,IAAI,EAAE,OAAO;aACd,CAAC,CAAA;YACF,MAAM,aAAa,GAAW,eAAe,CAAC,IAAI,CAAC,GAAG,CACpD,CAAC,IAAuB,EAAE,EAAE;gBAC1B,OAAO,IAAI,CAAC,GAAG,CAAA;YACjB,CAAC,CACF,CAAA;YAED,iBAAiB;YACjB,MAAM,QAAQ,GAAG,aAAa,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,iCACtC,IAAI,KACP,QAAQ,EAAE,IAAI,IACd,CAAC,CAAA;YACH,MAAM,UAAU,GAAG,MAAM,SAAS,CAAC,qBAAqB,CAAC,QAAQ,CAAC,CAAA;YAElE,MAAM,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAA;YAChD,KAAK,IAAI,IAAI,IAAI,aAAa,EAAE;gBAC9B,MAAM,oBAAoB,CAAC,IAAI,CAAC,CAAA;aACjC;YAED,iBAAiB;YACjB,oBAAoB;YACpB,MAAM,SAAS,GAA4B,EAAE,CAAA;YAC7C,aAAa,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,OAAO,EAAE,EAAE;gBACrC,IAAI,CAAC,OAAO,CAAC,GAAI,CAAC,GAAG,OAAO,CAAA;gBAC5B,OAAO,IAAI,CAAA;YACb,CAAC,EAAE,SAAS,CAAC,CAAA;YAEb,wDAAwD;YACxD,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE;gBACxB,MAAM,KAAK,GAAG,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,KAAK,CAAA;gBACtC,IAAI,IAAI,CAAC,EAAE,EAAE;oBACX,QAAQ,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,IAAI,CAAC,EAAE,EAAE,KAAK,EAAE,CAAC,CAAA;iBAClD;qBAAM;oBACL,QAAQ,CAAC,YAAY,CAAC,IAAI,CAAC;wBACzB,GAAG,EAAE,IAAI,CAAC,EAAE;wBACZ,KAAK;wBACL,MAAM,EAAE,gBAAgB;qBACzB,CAAC,CAAA;iBACH;YACH,CAAC,CAAC,CAAA;YAEF,OAAO,QAAQ,CAAA;QACjB,CAAC;KAAA;IAED,MAAM,CAAO,OAAO,CAAC,EAAU;;YAC7B,MAAM,EAAE,GAAG,IAAA,qBAAW,GAAE,CAAA;YACxB,MAAM,MAAM,GAAG,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,CAAS,CAAA;YACzC,MAAM,MAAM,GAAG,MAAM,CAAC,GAAa,CAAA;YAEnC,IAAI,CAAC,qBAAG,CAAC,WAAW,IAAI,CAAC,qBAAG,CAAC,sBAAsB,EAAE;gBACnD,4DAA4D;gBAC5D,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAA;gBAC1B,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,UAAU,CAAC,KAAK,CAAC,CAAA;gBAChD,IAAI,OAAO,EAAE;oBACX,IAAI,MAAM,CAAC,MAAM,KAAK,IAAA,qBAAW,GAAG,CAAC,GAAG,EAAE;wBACxC,MAAM,IAAI,kBAAS,CAAC,4CAA4C,EAAE,GAAG,CAAC,CAAA;qBACvE;yBAAM;wBACL,MAAM,IAAI,kBAAS,CAAC,kCAAkC,EAAE,GAAG,CAAC,CAAA;qBAC7D;iBACF;aACF;YAED,MAAM,QAAQ,CAAC,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC,CAAA;YAEvC,MAAM,EAAE,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,IAAI,CAAC,CAAA;YAEpC,MAAM,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,CAAC,CAAA;YAClC,MAAM,YAAY,CAAC,kBAAkB,CAAC,MAAM,CAAC,CAAA;YAC7C,MAAM,KAAK,CAAC,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,CAAA;YACvC,MAAM,QAAQ,CAAC,kBAAkB,CAAC,MAAM,EAAE,EAAE,MAAM,EAAE,UAAU,EAAE,CAAC,CAAA;QACnE,CAAC;KAAA;CACF;AA7ZD,wBA6ZC"}

package/dist/src/users/events.d.ts

@@ -0,0 +1,5 @@
+import { User } from "@budibase/types";
+export declare const handleDeleteEvents: (user: any) => Promise<void>;
+export declare const handleSaveEvents: (user: User, existingUser: User | undefined) => Promise<void>;
+export declare const isAddingBuilder: (user: any, existingUser: any) => boolean;
+export declare const isRemovingBuilder: (user: any, existingUser: any) => boolean;

package/dist/src/users/events.js

@@ -0,0 +1,169 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.isRemovingBuilder = exports.isAddingBuilder = exports.handleSaveEvents = exports.handleDeleteEvents = void 0;
+const environment_1 = __importDefault(require("../environment"));
+const events = __importStar(require("../events"));
+const accounts = __importStar(require("../accounts"));
+const context_1 = require("../context");
+const utils_1 = require("./utils");
+const handleDeleteEvents = (user) => __awaiter(void 0, void 0, void 0, function* () {
+    yield events.user.deleted(user);
+    if ((0, utils_1.hasBuilderPermissions)(user)) {
+        yield events.user.permissionBuilderRemoved(user);
+    }
+    if ((0, utils_1.hasAdminPermissions)(user)) {
+        yield events.user.permissionAdminRemoved(user);
+    }
+});
+exports.handleDeleteEvents = handleDeleteEvents;
+const assignAppRoleEvents = (user, roles, existingRoles) => __awaiter(void 0, void 0, void 0, function* () {
+    for (const [appId, role] of Object.entries(roles)) {
+        // app role in existing is not same as new
+        if (!existingRoles || existingRoles[appId] !== role) {
+            yield events.role.assigned(user, role);
+        }
+    }
+});
+const unassignAppRoleEvents = (user, roles, existingRoles) => __awaiter(void 0, void 0, void 0, function* () {
+    if (!existingRoles) {
+        return;
+    }
+    for (const [appId, role] of Object.entries(existingRoles)) {
+        // app role in new is not same as existing
+        if (!roles || roles[appId] !== role) {
+            yield events.role.unassigned(user, role);
+        }
+    }
+});
+const handleAppRoleEvents = (user, existingUser) => __awaiter(void 0, void 0, void 0, function* () {
+    const roles = user.roles;
+    const existingRoles = existingUser === null || existingUser === void 0 ? void 0 : existingUser.roles;
+    yield assignAppRoleEvents(user, roles, existingRoles);
+    yield unassignAppRoleEvents(user, roles, existingRoles);
+});
+const handleSaveEvents = (user, existingUser) => __awaiter(void 0, void 0, void 0, function* () {
+    const tenantId = (0, context_1.getTenantId)();
+    let tenantAccount;
+    if (!environment_1.default.SELF_HOSTED && !environment_1.default.DISABLE_ACCOUNT_PORTAL) {
+        tenantAccount = yield accounts.getAccountByTenantId(tenantId);
+    }
+    yield events.identification.identifyUser(user, tenantAccount);
+    if (existingUser) {
+        yield events.user.updated(user);
+        if ((0, exports.isRemovingBuilder)(user, existingUser)) {
+            yield events.user.permissionBuilderRemoved(user);
+        }
+        if (isRemovingAdmin(user, existingUser)) {
+            yield events.user.permissionAdminRemoved(user);
+        }
+        if (isOnboardingComplete(user, existingUser)) {
+            yield events.user.onboardingComplete(user);
+        }
+        if (!existingUser.forceResetPassword &&
+            user.forceResetPassword &&
+            user.password) {
+            yield events.user.passwordForceReset(user);
+        }
+        if (user.password !== existingUser.password) {
+            yield events.user.passwordUpdated(user);
+        }
+    }
+    else {
+        yield events.user.created(user);
+    }
+    if ((0, exports.isAddingBuilder)(user, existingUser)) {
+        yield events.user.permissionBuilderAssigned(user);
+    }
+    if (isAddingAdmin(user, existingUser)) {
+        yield events.user.permissionAdminAssigned(user);
+    }
+    yield handleAppRoleEvents(user, existingUser);
+});
+exports.handleSaveEvents = handleSaveEvents;
+const isAddingBuilder = (user, existingUser) => {
+    return isAddingPermission(user, existingUser, utils_1.hasBuilderPermissions);
+};
+exports.isAddingBuilder = isAddingBuilder;
+const isRemovingBuilder = (user, existingUser) => {
+    return isRemovingPermission(user, existingUser, utils_1.hasBuilderPermissions);
+};
+exports.isRemovingBuilder = isRemovingBuilder;
+const isAddingAdmin = (user, existingUser) => {
+    return isAddingPermission(user, existingUser, utils_1.hasAdminPermissions);
+};
+const isRemovingAdmin = (user, existingUser) => {
+    return isRemovingPermission(user, existingUser, utils_1.hasAdminPermissions);
+};
+const isOnboardingComplete = (user, existingUser) => {
+    return !(existingUser === null || existingUser === void 0 ? void 0 : existingUser.onboardedAt) && typeof user.onboardedAt === "string";
+};
+/**
+ * Check if a permission is being added to a new or existing user.
+ */
+const isAddingPermission = (user, existingUser, hasPermission) => {
+    // new user doesn't have the permission
+    if (!hasPermission(user)) {
+        return false;
+    }
+    // existing user has the permission
+    if (existingUser && hasPermission(existingUser)) {
+        return false;
+    }
+    // permission is being added
+    return true;
+};
+/**
+ * Check if a permission is being removed from an existing user.
+ */
+const isRemovingPermission = (user, existingUser, hasPermission) => {
+    // new user has the permission
+    if (hasPermission(user)) {
+        return false;
+    }
+    // no existing user or existing user doesn't have the permission
+    if (!existingUser) {
+        return false;
+    }
+    // existing user doesn't have the permission
+    if (!hasPermission(existingUser)) {
+        return false;
+    }
+    // permission is being removed
+    return true;
+};
+//# sourceMappingURL=events.js.map

package/dist/src/users/events.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"events.js","sourceRoot":"","sources":["../../../src/users/events.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,iEAAgC;AAChC,kDAAmC;AACnC,sDAAuC;AACvC,wCAAwC;AAExC,mCAAoE;AAE7D,MAAM,kBAAkB,GAAG,CAAO,IAAS,EAAE,EAAE;IACpD,MAAM,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAA;IAE/B,IAAI,IAAA,6BAAqB,EAAC,IAAI,CAAC,EAAE;QAC/B,MAAM,MAAM,CAAC,IAAI,CAAC,wBAAwB,CAAC,IAAI,CAAC,CAAA;KACjD;IAED,IAAI,IAAA,2BAAmB,EAAC,IAAI,CAAC,EAAE;QAC7B,MAAM,MAAM,CAAC,IAAI,CAAC,sBAAsB,CAAC,IAAI,CAAC,CAAA;KAC/C;AACH,CAAC,CAAA,CAAA;AAVY,QAAA,kBAAkB,sBAU9B;AAED,MAAM,mBAAmB,GAAG,CAC1B,IAAU,EACV,KAAgB,EAChB,aAAwB,EACxB,EAAE;IACF,KAAK,MAAM,CAAC,KAAK,EAAE,IAAI,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE;QACjD,0CAA0C;QAC1C,IAAI,CAAC,aAAa,IAAI,aAAa,CAAC,KAAK,CAAC,KAAK,IAAI,EAAE;YACnD,MAAM,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,IAAI,CAAC,CAAA;SACvC;KACF;AACH,CAAC,CAAA,CAAA;AAED,MAAM,qBAAqB,GAAG,CAC5B,IAAU,EACV,KAAgB,EAChB,aAAwB,EACxB,EAAE;IACF,IAAI,CAAC,aAAa,EAAE;QAClB,OAAM;KACP;IACD,KAAK,MAAM,CAAC,KAAK,EAAE,IAAI,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,aAAa,CAAC,EAAE;QACzD,0CAA0C;QAC1C,IAAI,CAAC,KAAK,IAAI,KAAK,CAAC,KAAK,CAAC,KAAK,IAAI,EAAE;YACnC,MAAM,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,EAAE,IAAI,CAAC,CAAA;SACzC;KACF;AACH,CAAC,CAAA,CAAA;AAED,MAAM,mBAAmB,GAAG,CAAO,IAAS,EAAE,YAAiB,EAAE,EAAE;IACjE,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAA;IACxB,MAAM,aAAa,GAAG,YAAY,aAAZ,YAAY,uBAAZ,YAAY,CAAE,KAAK,CAAA;IAEzC,MAAM,mBAAmB,CAAC,IAAI,EAAE,KAAK,EAAE,aAAa,CAAC,CAAA;IACrD,MAAM,qBAAqB,CAAC,IAAI,EAAE,KAAK,EAAE,aAAa,CAAC,CAAA;AACzD,CAAC,CAAA,CAAA;AAEM,MAAM,gBAAgB,GAAG,CAC9B,IAAU,EACV,YAA8B,EAC9B,EAAE;IACF,MAAM,QAAQ,GAAG,IAAA,qBAAW,GAAE,CAAA;IAC9B,IAAI,aAAuC,CAAA;IAC3C,IAAI,CAAC,qBAAG,CAAC,WAAW,IAAI,CAAC,qBAAG,CAAC,sBAAsB,EAAE;QACnD,aAAa,GAAG,MAAM,QAAQ,CAAC,oBAAoB,CAAC,QAAQ,CAAC,CAAA;KAC9D;IACD,MAAM,MAAM,CAAC,cAAc,CAAC,YAAY,CAAC,IAAI,EAAE,aAAa,CAAC,CAAA;IAE7D,IAAI,YAAY,EAAE;QAChB,MAAM,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAA;QAE/B,IAAI,IAAA,yBAAiB,EAAC,IAAI,EAAE,YAAY,CAAC,EAAE;YACzC,MAAM,MAAM,CAAC,IAAI,CAAC,wBAAwB,CAAC,IAAI,CAAC,CAAA;SACjD;QAED,IAAI,eAAe,CAAC,IAAI,EAAE,YAAY,CAAC,EAAE;YACvC,MAAM,MAAM,CAAC,IAAI,CAAC,sBAAsB,CAAC,IAAI,CAAC,CAAA;SAC/C;QAED,IAAI,oBAAoB,CAAC,IAAI,EAAE,YAAY,CAAC,EAAE;YAC5C,MAAM,MAAM,CAAC,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,CAAA;SAC3C;QAED,IACE,CAAC,YAAY,CAAC,kBAAkB;YAChC,IAAI,CAAC,kBAAkB;YACvB,IAAI,CAAC,QAAQ,EACb;YACA,MAAM,MAAM,CAAC,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,CAAA;SAC3C;QAED,IAAI,IAAI,CAAC,QAAQ,KAAK,YAAY,CAAC,QAAQ,EAAE;YAC3C,MAAM,MAAM,CAAC,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,CAAA;SACxC;KACF;SAAM;QACL,MAAM,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAA;KAChC;IAED,IAAI,IAAA,uBAAe,EAAC,IAAI,EAAE,YAAY,CAAC,EAAE;QACvC,MAAM,MAAM,CAAC,IAAI,CAAC,yBAAyB,CAAC,IAAI,CAAC,CAAA;KAClD;IAED,IAAI,aAAa,CAAC,IAAI,EAAE,YAAY,CAAC,EAAE;QACrC,MAAM,MAAM,CAAC,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAAC,CAAA;KAChD;IAED,MAAM,mBAAmB,CAAC,IAAI,EAAE,YAAY,CAAC,CAAA;AAC/C,CAAC,CAAA,CAAA;AAlDY,QAAA,gBAAgB,oBAkD5B;AAEM,MAAM,eAAe,GAAG,CAAC,IAAS,EAAE,YAAiB,EAAE,EAAE;IAC9D,OAAO,kBAAkB,CAAC,IAAI,EAAE,YAAY,EAAE,6BAAqB,CAAC,CAAA;AACtE,CAAC,CAAA;AAFY,QAAA,eAAe,mBAE3B;AAEM,MAAM,iBAAiB,GAAG,CAAC,IAAS,EAAE,YAAiB,EAAE,EAAE;IAChE,OAAO,oBAAoB,CAAC,IAAI,EAAE,YAAY,EAAE,6BAAqB,CAAC,CAAA;AACxE,CAAC,CAAA;AAFY,QAAA,iBAAiB,qBAE7B;AAED,MAAM,aAAa,GAAG,CAAC,IAAS,EAAE,YAAiB,EAAE,EAAE;IACrD,OAAO,kBAAkB,CAAC,IAAI,EAAE,YAAY,EAAE,2BAAmB,CAAC,CAAA;AACpE,CAAC,CAAA;AAED,MAAM,eAAe,GAAG,CAAC,IAAS,EAAE,YAAiB,EAAE,EAAE;IACvD,OAAO,oBAAoB,CAAC,IAAI,EAAE,YAAY,EAAE,2BAAmB,CAAC,CAAA;AACtE,CAAC,CAAA;AAED,MAAM,oBAAoB,GAAG,CAAC,IAAS,EAAE,YAAiB,EAAE,EAAE;IAC5D,OAAO,CAAC,CAAA,YAAY,aAAZ,YAAY,uBAAZ,YAAY,CAAE,WAAW,CAAA,IAAI,OAAO,IAAI,CAAC,WAAW,KAAK,QAAQ,CAAA;AAC3E,CAAC,CAAA;AAED;;GAEG;AACH,MAAM,kBAAkB,GAAG,CACzB,IAAS,EACT,YAAiB,EACjB,aAAkB,EAClB,EAAE;IACF,uCAAuC;IACvC,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,EAAE;QACxB,OAAO,KAAK,CAAA;KACb;IAED,mCAAmC;IACnC,IAAI,YAAY,IAAI,aAAa,CAAC,YAAY,CAAC,EAAE;QAC/C,OAAO,KAAK,CAAA;KACb;IAED,4BAA4B;IAC5B,OAAO,IAAI,CAAA;AACb,CAAC,CAAA;AAED;;GAEG;AACH,MAAM,oBAAoB,GAAG,CAC3B,IAAS,EACT,YAAiB,EACjB,aAAkB,EAClB,EAAE;IACF,8BAA8B;IAC9B,IAAI,aAAa,CAAC,IAAI,CAAC,EAAE;QACvB,OAAO,KAAK,CAAA;KACb;IAED,gEAAgE;IAChE,IAAI,CAAC,YAAY,EAAE;QACjB,OAAO,KAAK,CAAA;KACb;IAED,4CAA4C;IAC5C,IAAI,CAAC,aAAa,CAAC,YAAY,CAAC,EAAE;QAChC,OAAO,KAAK,CAAA;KACb;IAED,8BAA8B;IAC9B,OAAO,IAAI,CAAA;AACb,CAAC,CAAA"}

package/dist/src/users/index.d.ts

@@ -0,0 +1,4 @@
+export * from "./users";
+export * from "./utils";
+export * from "./lookup";
+export { UserDB } from "./db";

package/dist/src/users/index.js

@@ -0,0 +1,23 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.UserDB = void 0;
+__exportStar(require("./users"), exports);
+__exportStar(require("./utils"), exports);
+__exportStar(require("./lookup"), exports);
+var db_1 = require("./db");
+Object.defineProperty(exports, "UserDB", { enumerable: true, get: function () { return db_1.UserDB; } });
+//# sourceMappingURL=index.js.map

package/dist/src/users/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/users/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;AAAA,0CAAuB;AACvB,0CAAuB;AACvB,2CAAwB;AACxB,2BAA6B;AAApB,4FAAA,MAAM,OAAA"}

package/dist/src/users/lookup.d.ts

@@ -0,0 +1,13 @@
+import { AccountMetadata, PlatformUser, PlatformUserByEmail, User } from "@budibase/types";
+/**
+ * Apply a system-wide search on emails:
+ * - in tenant
+ * - cross tenant
+ * - accounts
+ * return an array of emails that match the supplied emails.
+ */
+export declare function searchExistingEmails(emails: string[]): Promise<string[]>;
+export declare function getPlatformUser(identifier: string): Promise<PlatformUser | null>;
+export declare function getExistingTenantUsers(emails: string[]): Promise<User[]>;
+export declare function getExistingPlatformUsers(emails: string[]): Promise<PlatformUserByEmail[]>;
+export declare function getExistingAccounts(emails: string[]): Promise<AccountMetadata[]>;