@budibase/backend-core 2.9.39-alpha.8 → 2.9.39

package/dist/src/users/db.js

@@ -1,381 +1,427 @@
 "use strict";
-var __create = Object.create;
-var __defProp = Object.defineProperty;
-var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
-var __getOwnPropNames = Object.getOwnPropertyNames;
-var __getProtoOf = Object.getPrototypeOf;
-var __hasOwnProp = Object.prototype.hasOwnProperty;
-var __export = (target, all) => {
-  for (var name in all)
-    __defProp(target, name, { get: all[name], enumerable: true });
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
 };
-var __copyProps = (to, from, except, desc) => {
-  if (from && typeof from === "object" || typeof from === "function") {
-    for (let key of __getOwnPropNames(from))
-      if (!__hasOwnProp.call(to, key) && key !== except)
-        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
-  }
-  return to;
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
 };
-var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
-  // If the importer is in node compatibility mode or this is not an ESM
-  // file that has been converted to a CommonJS file using a Babel-
-  // compatible transform (i.e. "__esModule" has not been set), then set
-  // "default" to the CommonJS "module.exports" for node compatibility.
-  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
-  mod
-));
-var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
-var db_exports = {};
-__export(db_exports, {
-  UserDB: () => UserDB
-});
-module.exports = __toCommonJS(db_exports);
-var import_environment = __toESM(require("../environment"));
-var eventHelpers = __toESM(require("./events"));
-var accounts = __toESM(require("../accounts"));
-var accountSdk = __toESM(require("../accounts"));
-var cache = __toESM(require("../cache"));
-var import_context = require("../context");
-var dbUtils = __toESM(require("../db"));
-var import_errors = require("../errors");
-var platform = __toESM(require("../platform"));
-var sessions = __toESM(require("../security/sessions"));
-var usersCore = __toESM(require("./users"));
-var import_types = require("@budibase/types");
-var import_utils = require("./utils");
-var import_lookup = require("./lookup");
-var import_utils2 = require("../utils");
-const bulkDeleteProcessing = async (dbUser) => {
-  const userId = dbUser._id;
-  await platform.users.removeUser(dbUser);
-  await eventHelpers.handleDeleteEvents(dbUser);
-  await cache.user.invalidateUser(userId);
-  await sessions.invalidateSessions(userId, { reason: "bulk-deletion" });
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
 };
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.UserDB = void 0;
+const environment_1 = __importDefault(require("../environment"));
+const eventHelpers = __importStar(require("./events"));
+const accounts = __importStar(require("../accounts"));
+const accountSdk = __importStar(require("../accounts"));
+const cache = __importStar(require("../cache"));
+const context_1 = require("../context");
+const dbUtils = __importStar(require("../db"));
+const errors_1 = require("../errors");
+const platform = __importStar(require("../platform"));
+const sessions = __importStar(require("../security/sessions"));
+const usersCore = __importStar(require("./users"));
+const types_1 = require("@budibase/types");
+const utils_1 = require("./utils");
+const lookup_1 = require("./lookup");
+const utils_2 = require("../utils");
+const bulkDeleteProcessing = (dbUser) => __awaiter(void 0, void 0, void 0, function* () {
+    const userId = dbUser._id;
+    yield platform.users.removeUser(dbUser);
+    yield eventHelpers.handleDeleteEvents(dbUser);
+    yield cache.user.invalidateUser(userId);
+    yield sessions.invalidateSessions(userId, { reason: "bulk-deletion" });
+});
 class UserDB {
-  static init(quotaFns, groupFns, featureFns) {
-    UserDB.quotas = quotaFns;
-    UserDB.groups = groupFns;
-    UserDB.features = featureFns;
-  }
-  static async isPreventPasswordActions(user, account) {
-    if (import_environment.default.ENABLE_SSO_MAINTENANCE_MODE && (0, import_utils.isAdmin)(user)) {
-      return false;
-    }
-    if (await UserDB.features.isSSOEnforced()) {
-      return true;
-    }
-    if ((0, import_types.isSSOUser)(user)) {
-      return true;
+    static init(quotaFns, groupFns, featureFns) {
+        UserDB.quotas = quotaFns;
+        UserDB.groups = groupFns;
+        UserDB.features = featureFns;
     }
-    if (!account) {
-      account = await accountSdk.getAccountByTenantId((0, import_context.getTenantId)());
-    }
-    return !!(account && account.email === user.email && (0, import_types.isSSOAccount)(account));
-  }
-  static async buildUser(user, opts = {
-    hashPassword: true,
-    requirePassword: true
-  }, tenantId, dbUser, account) {
-    let { password, _id } = user;
-    if (dbUser && !dbUser.password) {
-      opts.requirePassword = false;
-    }
-    let hashedPassword;
-    if (password) {
-      if (await UserDB.isPreventPasswordActions(user, account)) {
-        throw new import_errors.HTTPError("Password change is disabled for this user", 400);
-      }
-      hashedPassword = opts.hashPassword ? await (0, import_utils2.hash)(password) : password;
-    } else if (dbUser) {
-      hashedPassword = dbUser.password;
+    static isPreventPasswordActions(user, account) {
+        return __awaiter(this, void 0, void 0, function* () {
+            // when in maintenance mode we allow sso users with the admin role
+            // to perform any password action - this prevents lockout
+            if (environment_1.default.ENABLE_SSO_MAINTENANCE_MODE && (0, utils_1.isAdmin)(user)) {
+                return false;
+            }
+            // SSO is enforced for all users
+            if (yield UserDB.features.isSSOEnforced()) {
+                return true;
+            }
+            // Check local sso
+            if ((0, types_1.isSSOUser)(user)) {
+                return true;
+            }
+            // Check account sso
+            if (!account) {
+                account = yield accountSdk.getAccountByTenantId((0, context_1.getTenantId)());
+            }
+            return !!(account && account.email === user.email && (0, types_1.isSSOAccount)(account));
+        });
     }
-    const requirePasswords = opts.requirePassword && !await UserDB.features.isSSOEnforced();
-    if (!hashedPassword && requirePasswords) {
-      throw "Password must be specified.";
+    static buildUser(user, opts = {
+        hashPassword: true,
+        requirePassword: true,
+    }, tenantId, dbUser, account) {
+        return __awaiter(this, void 0, void 0, function* () {
+            let { password, _id } = user;
+            // don't require a password if the db user doesn't already have one
+            if (dbUser && !dbUser.password) {
+                opts.requirePassword = false;
+            }
+            let hashedPassword;
+            if (password) {
+                if (yield UserDB.isPreventPasswordActions(user, account)) {
+                    throw new errors_1.HTTPError("Password change is disabled for this user", 400);
+                }
+                hashedPassword = opts.hashPassword ? yield (0, utils_2.hash)(password) : password;
+            }
+            else if (dbUser) {
+                hashedPassword = dbUser.password;
+            }
+            // passwords are never required if sso is enforced
+            const requirePasswords = opts.requirePassword && !(yield UserDB.features.isSSOEnforced());
+            if (!hashedPassword && requirePasswords) {
+                throw "Password must be specified.";
+            }
+            _id = _id || dbUtils.generateGlobalUserID();
+            const fullUser = Object.assign(Object.assign(Object.assign({ createdAt: Date.now() }, dbUser), user), { _id, password: hashedPassword, tenantId });
+            // make sure the roles object is always present
+            if (!fullUser.roles) {
+                fullUser.roles = {};
+            }
+            // add the active status to a user if its not provided
+            if (fullUser.status == null) {
+                fullUser.status = types_1.UserStatus.ACTIVE;
+            }
+            return fullUser;
+        });
     }
-    _id = _id || dbUtils.generateGlobalUserID();
-    const fullUser = {
-      createdAt: Date.now(),
-      ...dbUser,
-      ...user,
-      _id,
-      password: hashedPassword,
-      tenantId
-    };
-    if (!fullUser.roles) {
-      fullUser.roles = {};
+    static allUsers() {
+        return __awaiter(this, void 0, void 0, function* () {
+            const db = (0, context_1.getGlobalDB)();
+            const response = yield db.allDocs(dbUtils.getGlobalUserParams(null, {
+                include_docs: true,
+            }));
+            return response.rows.map((row) => row.doc);
+        });
     }
-    if (fullUser.status == null) {
-      fullUser.status = import_types.UserStatus.ACTIVE;
+    static countUsersByApp(appId) {
+        return __awaiter(this, void 0, void 0, function* () {
+            let response = yield usersCore.searchGlobalUsersByApp(appId, {});
+            return {
+                userCount: response.length,
+            };
+        });
     }
-    return fullUser;
-  }
-  static async allUsers() {
-    const db = (0, import_context.getGlobalDB)();
-    const response = await db.allDocs(
-      dbUtils.getGlobalUserParams(null, {
-        include_docs: true
-      })
-    );
-    return response.rows.map((row) => row.doc);
-  }
-  static async countUsersByApp(appId) {
-    let response = await usersCore.searchGlobalUsersByApp(appId, {});
-    return {
-      userCount: response.length
-    };
-  }
-  static async getUsersByAppAccess(appId) {
-    const opts = {
-      include_docs: true,
-      limit: 50
-    };
-    let response = await usersCore.searchGlobalUsersByAppAccess(
-      appId,
-      opts
-    );
-    return response;
-  }
-  static async getUserByEmail(email) {
-    return usersCore.getGlobalUserByEmail(email);
-  }
-  /**
-   * Gets a user by ID from the global database, based on the current tenancy.
-   */
-  static async getUser(userId) {
-    const user = await usersCore.getById(userId);
-    if (user) {
-      delete user.password;
+    static getUsersByAppAccess(appId) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const opts = {
+                include_docs: true,
+                limit: 50,
+            };
+            let response = yield usersCore.searchGlobalUsersByAppAccess(appId, opts);
+            return response;
+        });
     }
-    return user;
-  }
-  static async bulkGet(userIds) {
-    return await usersCore.bulkGetGlobalUsersById(userIds);
-  }
-  static async bulkUpdate(users) {
-    return await usersCore.bulkUpdateGlobalUsers(users);
-  }
-  static async save(user, opts = {}) {
-    if (opts.hashPassword == null) {
-      opts.hashPassword = true;
+    static getUserByEmail(email) {
+        return __awaiter(this, void 0, void 0, function* () {
+            return usersCore.getGlobalUserByEmail(email);
+        });
     }
-    if (opts.requirePassword == null) {
-      opts.requirePassword = true;
+    /**
+     * Gets a user by ID from the global database, based on the current tenancy.
+     */
+    static getUser(userId) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const user = yield usersCore.getById(userId);
+            if (user) {
+                delete user.password;
+            }
+            return user;
+        });
     }
-    const tenantId = (0, import_context.getTenantId)();
-    const db = (0, import_context.getGlobalDB)();
-    let { email, _id, userGroups = [], roles } = user;
-    if (!email && !_id) {
-      throw new Error("_id or email is required");
+    static bulkGet(userIds) {
+        return __awaiter(this, void 0, void 0, function* () {
+            return yield usersCore.bulkGetGlobalUsersById(userIds);
+        });
     }
-    if (user.builder?.apps?.length && !await UserDB.features.isAppBuildersEnabled()) {
-      throw new Error("Unable to update app builders, please check license");
+    static bulkUpdate(users) {
+        return __awaiter(this, void 0, void 0, function* () {
+            return yield usersCore.bulkUpdateGlobalUsers(users);
+        });
     }
-    let dbUser;
-    if (_id) {
-      try {
-        dbUser = await db.get(_id);
-        if (email && dbUser.email !== email) {
-          throw "Email address cannot be changed";
-        }
-        email = dbUser.email;
-      } catch (e) {
-        if (e.status === 404) {
-        } else {
-          throw e;
-        }
-      }
+    static save(user, opts = {}) {
+        var _a, _b;
+        return __awaiter(this, void 0, void 0, function* () {
+            // default booleans to true
+            if (opts.hashPassword == null) {
+                opts.hashPassword = true;
+            }
+            if (opts.requirePassword == null) {
+                opts.requirePassword = true;
+            }
+            const tenantId = (0, context_1.getTenantId)();
+            const db = (0, context_1.getGlobalDB)();
+            let { email, _id, userGroups = [], roles } = user;
+            if (!email && !_id) {
+                throw new Error("_id or email is required");
+            }
+            if (((_b = (_a = user.builder) === null || _a === void 0 ? void 0 : _a.apps) === null || _b === void 0 ? void 0 : _b.length) &&
+                !(yield UserDB.features.isAppBuildersEnabled())) {
+                throw new Error("Unable to update app builders, please check license");
+            }
+            let dbUser;
+            if (_id) {
+                // try to get existing user from db
+                try {
+                    dbUser = (yield db.get(_id));
+                    if (email && dbUser.email !== email) {
+                        throw "Email address cannot be changed";
+                    }
+                    email = dbUser.email;
+                }
+                catch (e) {
+                    if (e.status === 404) {
+                        // do nothing, save this new user with the id specified - required for SSO auth
+                    }
+                    else {
+                        throw e;
+                    }
+                }
+            }
+            if (!dbUser && email) {
+                // no id was specified - load from email instead
+                dbUser = yield usersCore.getGlobalUserByEmail(email);
+                if (dbUser && dbUser._id !== _id) {
+                    throw new errors_1.EmailUnavailableError(email);
+                }
+            }
+            const change = dbUser ? 0 : 1; // no change if there is existing user
+            return UserDB.quotas.addUsers(change, () => __awaiter(this, void 0, void 0, function* () {
+                yield (0, utils_1.validateUniqueUser)(email, tenantId);
+                let builtUser = yield UserDB.buildUser(user, opts, tenantId, dbUser);
+                // don't allow a user to update its own roles/perms
+                if (opts.currentUserId && opts.currentUserId === (dbUser === null || dbUser === void 0 ? void 0 : dbUser._id)) {
+                    builtUser = usersCore.cleanseUserObject(builtUser, dbUser);
+                }
+                if (!dbUser && (roles === null || roles === void 0 ? void 0 : roles.length)) {
+                    builtUser.roles = Object.assign({}, roles);
+                }
+                // make sure we set the _id field for a new user
+                // Also if this is a new user, associate groups with them
+                let groupPromises = [];
+                if (!_id) {
+                    _id = builtUser._id;
+                    if (userGroups.length > 0) {
+                        for (let groupId of userGroups) {
+                            groupPromises.push(UserDB.groups.addUsers(groupId, [_id]));
+                        }
+                    }
+                }
+                try {
+                    // save the user to db
+                    let response = yield db.put(builtUser);
+                    builtUser._rev = response.rev;
+                    yield eventHelpers.handleSaveEvents(builtUser, dbUser);
+                    yield platform.users.addUser(tenantId, builtUser._id, builtUser.email);
+                    yield cache.user.invalidateUser(response.id);
+                    yield Promise.all(groupPromises);
+                    // finally returned the saved user from the db
+                    return db.get(builtUser._id);
+                }
+                catch (err) {
+                    if (err.status === 409) {
+                        throw "User exists already";
+                    }
+                    else {
+                        throw err;
+                    }
+                }
+            }));
+        });
     }
-    if (!dbUser && email) {
-      dbUser = await usersCore.getGlobalUserByEmail(email);
-      if (dbUser && dbUser._id !== _id) {
-        throw new import_errors.EmailUnavailableError(email);
-      }
+    static bulkCreate(newUsersRequested, groups) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const tenantId = (0, context_1.getTenantId)();
+            let usersToSave = [];
+            let newUsers = [];
+            const emails = newUsersRequested.map((user) => user.email);
+            const existingEmails = yield (0, lookup_1.searchExistingEmails)(emails);
+            const unsuccessful = [];
+            for (const newUser of newUsersRequested) {
+                if (newUsers.find((x) => x.email.toLowerCase() === newUser.email.toLowerCase()) ||
+                    existingEmails.includes(newUser.email.toLowerCase())) {
+                    unsuccessful.push({
+                        email: newUser.email,
+                        reason: `Unavailable`,
+                    });
+                    continue;
+                }
+                newUser.userGroups = groups;
+                newUsers.push(newUser);
+            }
+            const account = yield accountSdk.getAccountByTenantId(tenantId);
+            return UserDB.quotas.addUsers(newUsers.length, () => __awaiter(this, void 0, void 0, function* () {
+                // create the promises array that will be called by bulkDocs
+                newUsers.forEach((user) => {
+                    usersToSave.push(UserDB.buildUser(user, {
+                        hashPassword: true,
+                        requirePassword: user.requirePassword,
+                    }, tenantId, undefined, // no dbUser
+                    account));
+                });
+                const usersToBulkSave = yield Promise.all(usersToSave);
+                yield usersCore.bulkUpdateGlobalUsers(usersToBulkSave);
+                // Post-processing of bulk added users, e.g. events and cache operations
+                for (const user of usersToBulkSave) {
+                    // TODO: Refactor to bulk insert users into the info db
+                    // instead of relying on looping tenant creation
+                    yield platform.users.addUser(tenantId, user._id, user.email);
+                    yield eventHelpers.handleSaveEvents(user, undefined);
+                }
+                const saved = usersToBulkSave.map(user => {
+                    return {
+                        _id: user._id,
+                        email: user.email,
+                    };
+                });
+                // now update the groups
+                if (Array.isArray(saved) && groups) {
+                    const groupPromises = [];
+                    const createdUserIds = saved.map(user => user._id);
+                    for (let groupId of groups) {
+                        groupPromises.push(UserDB.groups.addUsers(groupId, createdUserIds));
+                    }
+                    yield Promise.all(groupPromises);
+                }
+                return {
+                    successful: saved,
+                    unsuccessful,
+                };
+            }));
+        });
     }
-    const change = dbUser ? 0 : 1;
-    return UserDB.quotas.addUsers(change, async () => {
-      await (0, import_utils.validateUniqueUser)(email, tenantId);
-      let builtUser = await UserDB.buildUser(user, opts, tenantId, dbUser);
-      if (opts.currentUserId && opts.currentUserId === dbUser?._id) {
-        builtUser = usersCore.cleanseUserObject(builtUser, dbUser);
-      }
-      if (!dbUser && roles?.length) {
-        builtUser.roles = { ...roles };
-      }
-      let groupPromises = [];
-      if (!_id) {
-        _id = builtUser._id;
-        if (userGroups.length > 0) {
-          for (let groupId of userGroups) {
-            groupPromises.push(UserDB.groups.addUsers(groupId, [_id]));
-          }
-        }
-      }
-      try {
-        let response = await db.put(builtUser);
-        builtUser._rev = response.rev;
-        await eventHelpers.handleSaveEvents(builtUser, dbUser);
-        await platform.users.addUser(tenantId, builtUser._id, builtUser.email);
-        await cache.user.invalidateUser(response.id);
-        await Promise.all(groupPromises);
-        return db.get(builtUser._id);
-      } catch (err) {
-        if (err.status === 409) {
-          throw "User exists already";
-        } else {
-          throw err;
-        }
-      }
-    });
-  }
-  static async bulkCreate(newUsersRequested, groups) {
-    const tenantId = (0, import_context.getTenantId)();
-    let usersToSave = [];
-    let newUsers = [];
-    const emails = newUsersRequested.map((user) => user.email);
-    const existingEmails = await (0, import_lookup.searchExistingEmails)(emails);
-    const unsuccessful = [];
-    for (const newUser of newUsersRequested) {
-      if (newUsers.find(
-        (x) => x.email.toLowerCase() === newUser.email.toLowerCase()
-      ) || existingEmails.includes(newUser.email.toLowerCase())) {
-        unsuccessful.push({
-          email: newUser.email,
-          reason: `Unavailable`
+    static bulkDelete(userIds) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const db = (0, context_1.getGlobalDB)();
+            const response = {
+                successful: [],
+                unsuccessful: [],
+            };
+            // remove the account holder from the delete request if present
+            const account = yield (0, utils_1.getAccountHolderFromUserIds)(userIds);
+            if (account) {
+                userIds = userIds.filter(u => u !== account.budibaseUserId);
+                // mark user as unsuccessful
+                response.unsuccessful.push({
+                    _id: account.budibaseUserId,
+                    email: account.email,
+                    reason: "Account holder cannot be deleted",
+                });
+            }
+            // Get users and delete
+            const allDocsResponse = yield db.allDocs({
+                include_docs: true,
+                keys: userIds,
+            });
+            const usersToDelete = allDocsResponse.rows.map((user) => {
+                return user.doc;
+            });
+            // Delete from DB
+            const toDelete = usersToDelete.map(user => (Object.assign(Object.assign({}, user), { _deleted: true })));
+            const dbResponse = yield usersCore.bulkUpdateGlobalUsers(toDelete);
+            yield UserDB.quotas.removeUsers(toDelete.length);
+            for (let user of usersToDelete) {
+                yield bulkDeleteProcessing(user);
+            }
+            // Build Response
+            // index users by id
+            const userIndex = {};
+            usersToDelete.reduce((prev, current) => {
+                prev[current._id] = current;
+                return prev;
+            }, userIndex);
+            // add the successful and unsuccessful users to response
+            dbResponse.forEach(item => {
+                const email = userIndex[item.id].email;
+                if (item.ok) {
+                    response.successful.push({ _id: item.id, email });
+                }
+                else {
+                    response.unsuccessful.push({
+                        _id: item.id,
+                        email,
+                        reason: "Database error",
+                    });
+                }
+            });
+            return response;
         });
-        continue;
-      }
-      newUser.userGroups = groups;
-      newUsers.push(newUser);
     }
-    const account = await accountSdk.getAccountByTenantId(tenantId);
-    return UserDB.quotas.addUsers(newUsers.length, async () => {
-      newUsers.forEach((user) => {
-        usersToSave.push(
-          UserDB.buildUser(
-            user,
-            {
-              hashPassword: true,
-              requirePassword: user.requirePassword
-            },
-            tenantId,
-            void 0,
-            // no dbUser
-            account
-          )
-        );
-      });
-      const usersToBulkSave = await Promise.all(usersToSave);
-      await usersCore.bulkUpdateGlobalUsers(usersToBulkSave);
-      for (const user of usersToBulkSave) {
-        await platform.users.addUser(tenantId, user._id, user.email);
-        await eventHelpers.handleSaveEvents(user, void 0);
-      }
-      const saved = usersToBulkSave.map((user) => {
-        return {
-          _id: user._id,
-          email: user.email
-        };
-      });
-      if (Array.isArray(saved) && groups) {
-        const groupPromises = [];
-        const createdUserIds = saved.map((user) => user._id);
-        for (let groupId of groups) {
-          groupPromises.push(UserDB.groups.addUsers(groupId, createdUserIds));
-        }
-        await Promise.all(groupPromises);
-      }
-      return {
-        successful: saved,
-        unsuccessful
-      };
-    });
-  }
-  static async bulkDelete(userIds) {
-    const db = (0, import_context.getGlobalDB)();
-    const response = {
-      successful: [],
-      unsuccessful: []
-    };
-    const account = await (0, import_utils.getAccountHolderFromUserIds)(userIds);
-    if (account) {
-      userIds = userIds.filter((u) => u !== account.budibaseUserId);
-      response.unsuccessful.push({
-        _id: account.budibaseUserId,
-        email: account.email,
-        reason: "Account holder cannot be deleted"
-      });
+    static destroy(id) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const db = (0, context_1.getGlobalDB)();
+            const dbUser = (yield db.get(id));
+            const userId = dbUser._id;
+            if (!environment_1.default.SELF_HOSTED && !environment_1.default.DISABLE_ACCOUNT_PORTAL) {
+                // root account holder can't be deleted from inside budibase
+                const email = dbUser.email;
+                const account = yield accounts.getAccount(email);
+                if (account) {
+                    if (dbUser.userId === (0, context_1.getIdentity)()._id) {
+                        throw new errors_1.HTTPError('Please visit "Account" to delete this user', 400);
+                    }
+                    else {
+                        throw new errors_1.HTTPError("Account holder cannot be deleted", 400);
+                    }
+                }
+            }
+            yield platform.users.removeUser(dbUser);
+            yield db.remove(userId, dbUser._rev);
+            yield UserDB.quotas.removeUsers(1);
+            yield eventHelpers.handleDeleteEvents(dbUser);
+            yield cache.user.invalidateUser(userId);
+            yield sessions.invalidateSessions(userId, { reason: "deletion" });
+        });
     }
-    const allDocsResponse = await db.allDocs({
-      include_docs: true,
-      keys: userIds
-    });
-    const usersToDelete = allDocsResponse.rows.map(
-      (user) => {
-        return user.doc;
-      }
-    );
-    const toDelete = usersToDelete.map((user) => ({
-      ...user,
-      _deleted: true
-    }));
-    const dbResponse = await usersCore.bulkUpdateGlobalUsers(toDelete);
-    await UserDB.quotas.removeUsers(toDelete.length);
-    for (let user of usersToDelete) {
-      await bulkDeleteProcessing(user);
+    static getGroups(groupIds) {
+        return __awaiter(this, void 0, void 0, function* () {
+            return yield this.groups.getBulk(groupIds);
+        });
     }
-    const userIndex = {};
-    usersToDelete.reduce((prev, current) => {
-      prev[current._id] = current;
-      return prev;
-    }, userIndex);
-    dbResponse.forEach((item) => {
-      const email = userIndex[item.id].email;
-      if (item.ok) {
-        response.successful.push({ _id: item.id, email });
-      } else {
-        response.unsuccessful.push({
-          _id: item.id,
-          email,
-          reason: "Database error"
+    static getGroupBuilderAppIds(user) {
+        return __awaiter(this, void 0, void 0, function* () {
+            return yield this.groups.getGroupBuilderAppIds(user);
         });
-      }
-    });
-    return response;
-  }
-  static async destroy(id) {
-    const db = (0, import_context.getGlobalDB)();
-    const dbUser = await db.get(id);
-    const userId = dbUser._id;
-    if (!import_environment.default.SELF_HOSTED && !import_environment.default.DISABLE_ACCOUNT_PORTAL) {
-      const email = dbUser.email;
-      const account = await accounts.getAccount(email);
-      if (account) {
-        if (dbUser.userId === (0, import_context.getIdentity)()._id) {
-          throw new import_errors.HTTPError('Please visit "Account" to delete this user', 400);
-        } else {
-          throw new import_errors.HTTPError("Account holder cannot be deleted", 400);
-        }
-      }
     }
-    await platform.users.removeUser(dbUser);
-    await db.remove(userId, dbUser._rev);
-    await UserDB.quotas.removeUsers(1);
-    await eventHelpers.handleDeleteEvents(dbUser);
-    await cache.user.invalidateUser(userId);
-    await sessions.invalidateSessions(userId, { reason: "deletion" });
-  }
-  static async getGroups(groupIds) {
-    return await this.groups.getBulk(groupIds);
-  }
-  static async getGroupBuilderAppIds(user) {
-    return await this.groups.getGroupBuilderAppIds(user);
-  }
 }
-// Annotate the CommonJS export names for ESM import in node:
-0 && (module.exports = {
-  UserDB
-});
-//# sourceMappingURL=db.js.map
+exports.UserDB = UserDB;
+//# sourceMappingURL=db.js.map