@budibase/server 1.4.8-alpha.6 → 1.4.8-alpha.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (220) hide show
  1. package/builder/assets/{index.d2b2d372.js → index.f3982453.js} +313 -309
  2. package/builder/assets/index.fd3654ad.css +6 -0
  3. package/builder/index.html +2 -2
  4. package/coverage/clover.xml +97 -135
  5. package/coverage/coverage-final.json +30 -32
  6. package/coverage/lcov-report/api/controllers/apikeys.js.html +1 -1
  7. package/coverage/lcov-report/api/controllers/automation.js.html +1 -1
  8. package/coverage/lcov-report/api/controllers/backup.js.html +1 -1
  9. package/coverage/lcov-report/api/controllers/cloud.js.html +1 -1
  10. package/coverage/lcov-report/api/controllers/datasource.js.html +1 -1
  11. package/coverage/lcov-report/api/controllers/dev.js.html +1 -1
  12. package/coverage/lcov-report/api/controllers/index.html +9 -24
  13. package/coverage/lcov-report/api/controllers/integration.js.html +2 -2
  14. package/coverage/lcov-report/api/controllers/layout.js.html +1 -1
  15. package/coverage/lcov-report/api/controllers/metadata.js.html +1 -1
  16. package/coverage/lcov-report/api/controllers/migrations.js.html +1 -1
  17. package/coverage/lcov-report/api/controllers/permission.js.html +1 -1
  18. package/coverage/lcov-report/api/controllers/query/index.html +1 -1
  19. package/coverage/lcov-report/api/controllers/query/validation.js.html +1 -1
  20. package/coverage/lcov-report/api/controllers/role.js.html +1 -1
  21. package/coverage/lcov-report/api/controllers/routing.js.html +1 -1
  22. package/coverage/lcov-report/api/controllers/row/external.js.html +1 -1
  23. package/coverage/lcov-report/api/controllers/row/index.html +1 -1
  24. package/coverage/lcov-report/api/controllers/row/internal.js.html +1 -1
  25. package/coverage/lcov-report/api/controllers/row/internalSearch.js.html +1 -1
  26. package/coverage/lcov-report/api/controllers/row/staticFormula.js.html +1 -1
  27. package/coverage/lcov-report/api/controllers/row/utils.js.html +1 -1
  28. package/coverage/lcov-report/api/controllers/script.js.html +1 -1
  29. package/coverage/lcov-report/api/controllers/table/bulkFormula.js.html +1 -1
  30. package/coverage/lcov-report/api/controllers/table/external.js.html +1 -1
  31. package/coverage/lcov-report/api/controllers/table/index.html +1 -1
  32. package/coverage/lcov-report/api/controllers/table/index.js.html +1 -1
  33. package/coverage/lcov-report/api/controllers/templates.js.html +1 -1
  34. package/coverage/lcov-report/api/controllers/user.js.html +1 -1
  35. package/coverage/lcov-report/api/controllers/view/exporters.js.html +1 -1
  36. package/coverage/lcov-report/api/controllers/view/index.html +1 -1
  37. package/coverage/lcov-report/api/controllers/view/index.js.html +1 -1
  38. package/coverage/lcov-report/api/controllers/view/utils.js.html +1 -1
  39. package/coverage/lcov-report/api/controllers/view/viewBuilder.js.html +1 -1
  40. package/coverage/lcov-report/api/controllers/webhook.js.html +1 -1
  41. package/coverage/lcov-report/api/index.html +1 -1
  42. package/coverage/lcov-report/api/index.js.html +1 -1
  43. package/coverage/lcov-report/api/routes/analytics.js.html +2 -2
  44. package/coverage/lcov-report/api/routes/apikeys.js.html +2 -2
  45. package/coverage/lcov-report/api/routes/automation.js.html +2 -2
  46. package/coverage/lcov-report/api/routes/backup.js.html +2 -2
  47. package/coverage/lcov-report/api/routes/cloud.js.html +2 -2
  48. package/coverage/lcov-report/api/routes/component.js.html +2 -2
  49. package/coverage/lcov-report/api/routes/datasource.js.html +2 -2
  50. package/coverage/lcov-report/api/routes/deploy.js.html +2 -2
  51. package/coverage/lcov-report/api/routes/dev.js.html +2 -2
  52. package/coverage/lcov-report/api/routes/index.html +5 -20
  53. package/coverage/lcov-report/api/routes/integration.js.html +2 -2
  54. package/coverage/lcov-report/api/routes/layout.js.html +2 -2
  55. package/coverage/lcov-report/api/routes/metadata.js.html +2 -2
  56. package/coverage/lcov-report/api/routes/migrations.js.html +2 -2
  57. package/coverage/lcov-report/api/routes/permission.js.html +2 -2
  58. package/coverage/lcov-report/api/routes/query.js.html +2 -2
  59. package/coverage/lcov-report/api/routes/role.js.html +2 -2
  60. package/coverage/lcov-report/api/routes/routing.js.html +2 -2
  61. package/coverage/lcov-report/api/routes/screen.js.html +2 -2
  62. package/coverage/lcov-report/api/routes/script.js.html +2 -2
  63. package/coverage/lcov-report/api/routes/table.js.html +2 -2
  64. package/coverage/lcov-report/api/routes/templates.js.html +2 -2
  65. package/coverage/lcov-report/api/routes/user.js.html +2 -2
  66. package/coverage/lcov-report/api/routes/utils/index.html +1 -1
  67. package/coverage/lcov-report/api/routes/utils/validators.js.html +1 -1
  68. package/coverage/lcov-report/api/routes/view.js.html +2 -2
  69. package/coverage/lcov-report/api/routes/webhook.js.html +2 -2
  70. package/coverage/lcov-report/automations/actions.js.html +1 -1
  71. package/coverage/lcov-report/automations/automationUtils.js.html +1 -1
  72. package/coverage/lcov-report/automations/bullboard.js.html +1 -1
  73. package/coverage/lcov-report/automations/index.html +1 -1
  74. package/coverage/lcov-report/automations/index.js.html +1 -1
  75. package/coverage/lcov-report/automations/steps/bash.js.html +1 -1
  76. package/coverage/lcov-report/automations/steps/delay.js.html +1 -1
  77. package/coverage/lcov-report/automations/steps/discord.js.html +1 -1
  78. package/coverage/lcov-report/automations/steps/executeQuery.js.html +1 -1
  79. package/coverage/lcov-report/automations/steps/executeScript.js.html +1 -1
  80. package/coverage/lcov-report/automations/steps/filter.js.html +1 -1
  81. package/coverage/lcov-report/automations/steps/index.html +1 -1
  82. package/coverage/lcov-report/automations/steps/integromat.js.html +1 -1
  83. package/coverage/lcov-report/automations/steps/loop.js.html +1 -1
  84. package/coverage/lcov-report/automations/steps/outgoingWebhook.js.html +1 -1
  85. package/coverage/lcov-report/automations/steps/queryRows.js.html +1 -1
  86. package/coverage/lcov-report/automations/steps/sendSmtpEmail.js.html +1 -1
  87. package/coverage/lcov-report/automations/steps/serverLog.js.html +1 -1
  88. package/coverage/lcov-report/automations/steps/slack.js.html +1 -1
  89. package/coverage/lcov-report/automations/steps/updateRow.js.html +1 -1
  90. package/coverage/lcov-report/automations/steps/utils.js.html +1 -1
  91. package/coverage/lcov-report/automations/steps/zapier.js.html +1 -1
  92. package/coverage/lcov-report/automations/triggerInfo/app.js.html +1 -1
  93. package/coverage/lcov-report/automations/triggerInfo/cron.js.html +1 -1
  94. package/coverage/lcov-report/automations/triggerInfo/index.html +1 -1
  95. package/coverage/lcov-report/automations/triggerInfo/index.js.html +1 -1
  96. package/coverage/lcov-report/automations/triggerInfo/rowDeleted.js.html +1 -1
  97. package/coverage/lcov-report/automations/triggerInfo/rowSaved.js.html +1 -1
  98. package/coverage/lcov-report/automations/triggerInfo/rowUpdated.js.html +1 -1
  99. package/coverage/lcov-report/automations/triggerInfo/webhook.js.html +1 -1
  100. package/coverage/lcov-report/automations/triggers.js.html +1 -1
  101. package/coverage/lcov-report/constants/index.html +1 -1
  102. package/coverage/lcov-report/constants/index.js.html +1 -1
  103. package/coverage/lcov-report/constants/layouts.js.html +1 -1
  104. package/coverage/lcov-report/constants/screens.js.html +1 -1
  105. package/coverage/lcov-report/db/inMemoryView.js.html +1 -1
  106. package/coverage/lcov-report/db/index.html +1 -1
  107. package/coverage/lcov-report/db/index.js.html +1 -1
  108. package/coverage/lcov-report/db/linkedRows/LinkController.js.html +1 -1
  109. package/coverage/lcov-report/db/linkedRows/index.html +1 -1
  110. package/coverage/lcov-report/db/linkedRows/index.js.html +11 -11
  111. package/coverage/lcov-report/db/linkedRows/linkUtils.js.html +7 -7
  112. package/coverage/lcov-report/db/newid.js.html +1 -1
  113. package/coverage/lcov-report/db/utils.js.html +1 -1
  114. package/coverage/lcov-report/events/AutomationEmitter.js.html +1 -1
  115. package/coverage/lcov-report/events/index.html +1 -1
  116. package/coverage/lcov-report/events/index.js.html +1 -1
  117. package/coverage/lcov-report/events/utils.js.html +1 -1
  118. package/coverage/lcov-report/index.html +30 -30
  119. package/coverage/lcov-report/integrations/tests/TestConfiguration.js.html +1 -1
  120. package/coverage/lcov-report/integrations/tests/index.html +1 -1
  121. package/coverage/lcov-report/middleware/appInfo.js.html +1 -1
  122. package/coverage/lcov-report/middleware/builder.js.html +1 -1
  123. package/coverage/lcov-report/middleware/currentapp.js.html +1 -1
  124. package/coverage/lcov-report/middleware/index.html +1 -1
  125. package/coverage/lcov-report/middleware/joi-validator.js.html +1 -1
  126. package/coverage/lcov-report/middleware/publicApi.js.html +1 -1
  127. package/coverage/lcov-report/middleware/resourceId.js.html +1 -1
  128. package/coverage/lcov-report/middleware/selfhost.js.html +1 -1
  129. package/coverage/lcov-report/middleware/utils.js.html +1 -1
  130. package/coverage/lcov-report/utilities/budibaseDir.js.html +1 -1
  131. package/coverage/lcov-report/utilities/centralPath.js.html +1 -1
  132. package/coverage/lcov-report/utilities/csvParser.js.html +1 -1
  133. package/coverage/lcov-report/utilities/global.js.html +19 -13
  134. package/coverage/lcov-report/utilities/index.html +24 -24
  135. package/coverage/lcov-report/utilities/index.js.html +1 -1
  136. package/coverage/lcov-report/utilities/queue/inMemoryQueue.js.html +1 -1
  137. package/coverage/lcov-report/utilities/queue/index.html +1 -1
  138. package/coverage/lcov-report/utilities/routing/index.html +1 -1
  139. package/coverage/lcov-report/utilities/routing/index.js.html +1 -1
  140. package/coverage/lcov-report/utilities/rowProcessor/index.html +1 -1
  141. package/coverage/lcov-report/utilities/rowProcessor/index.js.html +12 -12
  142. package/coverage/lcov-report/utilities/rowProcessor/utils.js.html +8 -8
  143. package/coverage/lcov-report/utilities/scriptRunner.js.html +1 -1
  144. package/coverage/lcov-report/utilities/security.js.html +1 -1
  145. package/coverage/lcov-report/utilities/statusCodes.js.html +1 -1
  146. package/coverage/lcov-report/utilities/usageQuota/index.html +1 -1
  147. package/coverage/lcov-report/utilities/usageQuota/rows.js.html +1 -1
  148. package/coverage/lcov-report/utilities/usageQuota/usageQuoteReset.js.html +1 -1
  149. package/coverage/lcov-report/utilities/users.js.html +21 -12
  150. package/coverage/lcov-report/utilities/workerRequests.js.html +1 -1
  151. package/coverage/lcov.info +155 -213
  152. package/dist/api/controllers/application.js +2 -0
  153. package/dist/api/controllers/auth.js +58 -49
  154. package/dist/api/controllers/integration.js +1 -1
  155. package/dist/api/routes/analytics.js +1 -1
  156. package/dist/api/routes/apikeys.js +1 -1
  157. package/dist/api/routes/auth.js +31 -4
  158. package/dist/api/routes/automation.js +1 -1
  159. package/dist/api/routes/backup.js +1 -1
  160. package/dist/api/routes/cloud.js +1 -1
  161. package/dist/api/routes/component.js +1 -1
  162. package/dist/api/routes/datasource.js +1 -1
  163. package/dist/api/routes/deploy.js +1 -1
  164. package/dist/api/routes/dev.js +1 -1
  165. package/dist/api/routes/integration.js +1 -1
  166. package/dist/api/routes/layout.js +1 -1
  167. package/dist/api/routes/metadata.js +1 -1
  168. package/dist/api/routes/migrations.js +1 -1
  169. package/dist/api/routes/permission.js +1 -1
  170. package/dist/api/routes/query.js +1 -1
  171. package/dist/api/routes/role.js +1 -1
  172. package/dist/api/routes/routing.js +1 -1
  173. package/dist/api/routes/screen.js +1 -1
  174. package/dist/api/routes/script.js +1 -1
  175. package/dist/api/routes/table.js +1 -1
  176. package/dist/api/routes/templates.js +1 -1
  177. package/dist/api/routes/user.js +1 -1
  178. package/dist/api/routes/view.js +1 -1
  179. package/dist/api/routes/webhook.js +1 -1
  180. package/dist/middleware/authorized.js +2 -2
  181. package/dist/package.json +6 -6
  182. package/dist/tsconfig.build.tsbuildinfo +1 -1
  183. package/dist/utilities/global.js +6 -3
  184. package/dist/utilities/users.js +4 -2
  185. package/package.json +7 -7
  186. package/src/api/controllers/application.ts +3 -7
  187. package/src/api/controllers/{auth.js → auth.ts} +20 -18
  188. package/src/api/controllers/integration.js +1 -1
  189. package/src/api/routes/analytics.js +1 -1
  190. package/src/api/routes/apikeys.js +1 -1
  191. package/src/api/routes/auth.ts +8 -0
  192. package/src/api/routes/automation.js +1 -1
  193. package/src/api/routes/backup.js +1 -1
  194. package/src/api/routes/cloud.js +1 -1
  195. package/src/api/routes/component.js +1 -1
  196. package/src/api/routes/datasource.js +1 -1
  197. package/src/api/routes/deploy.js +1 -1
  198. package/src/api/routes/dev.js +1 -1
  199. package/src/api/routes/integration.js +1 -1
  200. package/src/api/routes/layout.js +1 -1
  201. package/src/api/routes/metadata.js +1 -1
  202. package/src/api/routes/migrations.js +1 -1
  203. package/src/api/routes/permission.js +1 -1
  204. package/src/api/routes/query.js +1 -1
  205. package/src/api/routes/role.js +1 -1
  206. package/src/api/routes/routing.js +1 -1
  207. package/src/api/routes/screen.js +1 -1
  208. package/src/api/routes/script.js +1 -1
  209. package/src/api/routes/table.js +1 -1
  210. package/src/api/routes/templates.js +1 -1
  211. package/src/api/routes/user.js +1 -1
  212. package/src/api/routes/view.js +1 -1
  213. package/src/api/routes/webhook.js +1 -1
  214. package/src/middleware/authorized.ts +2 -2
  215. package/src/utilities/global.js +6 -4
  216. package/src/utilities/users.js +5 -2
  217. package/builder/assets/index.10b8a572.css +0 -6
  218. package/coverage/lcov-report/api/controllers/auth.js.html +0 -292
  219. package/coverage/lcov-report/api/routes/auth.js.html +0 -109
  220. package/src/api/routes/auth.js +0 -8
@@ -47,8 +47,10 @@ exports.updateAppRole = (user, { appId } = {}) => {
47
47
  };
48
48
  function checkGroupRoles(user, { appId } = {}) {
49
49
  return __awaiter(this, void 0, void 0, function* () {
50
- let roleId = yield groups.getGroupRoleId(user, appId);
51
- user.roleId = roleId;
50
+ if (user.roleId && user.roleId !== BUILTIN_ROLE_IDS.PUBLIC) {
51
+ return user;
52
+ }
53
+ user.roleId = yield groups.getGroupRoleId(user, appId);
52
54
  return user;
53
55
  });
54
56
  }
@@ -76,8 +78,9 @@ exports.getRawGlobalUser = (userId) => __awaiter(void 0, void 0, void 0, functio
76
78
  return db.get(getGlobalIDFromUserMetadataID(userId));
77
79
  });
78
80
  exports.getGlobalUser = (userId) => __awaiter(void 0, void 0, void 0, function* () {
81
+ const appId = getAppId();
79
82
  let user = yield exports.getRawGlobalUser(userId);
80
- return processUser(user);
83
+ return processUser(user, { appId });
81
84
  });
82
85
  exports.getGlobalUsers = (users = null) => __awaiter(void 0, void 0, void 0, function* () {
83
86
  const appId = getAppId();
@@ -12,9 +12,10 @@ const { InternalTables } = require("../db/utils");
12
12
  const { getGlobalUser } = require("../utilities/global");
13
13
  const { getAppDB } = require("@budibase/backend-core/context");
14
14
  const { getProdAppID } = require("@budibase/backend-core/db");
15
+ const { BUILTIN_ROLE_IDS } = require("@budibase/backend-core/roles");
15
16
  exports.getFullUser = (ctx, userId) => __awaiter(void 0, void 0, void 0, function* () {
16
17
  const global = yield getGlobalUser(userId);
17
- let metadata;
18
+ let metadata = {};
18
19
  try {
19
20
  // this will throw an error if the db doesn't exist, or there is no appId
20
21
  const db = getAppDB();
@@ -25,7 +26,8 @@ exports.getFullUser = (ctx, userId) => __awaiter(void 0, void 0, void 0, functio
25
26
  delete global._id;
26
27
  delete global._rev;
27
28
  }
28
- return Object.assign(Object.assign(Object.assign({}, global), metadata), { tableId: InternalTables.USER_METADATA,
29
+ delete metadata.csrfToken;
30
+ return Object.assign(Object.assign(Object.assign({}, metadata), global), { roleId: global.roleId || BUILTIN_ROLE_IDS.PUBLIC, tableId: InternalTables.USER_METADATA,
29
31
  // make sure the ID is always a local ID, not a global one
30
32
  _id: userId });
31
33
  });
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "@budibase/server",
3
3
  "email": "hi@budibase.com",
4
- "version": "1.4.8-alpha.6",
4
+ "version": "1.4.8-alpha.8",
5
5
  "description": "Budibase Web Server",
6
6
  "main": "src/index.ts",
7
7
  "repository": {
@@ -77,11 +77,11 @@
77
77
  "license": "GPL-3.0",
78
78
  "dependencies": {
79
79
  "@apidevtools/swagger-parser": "10.0.3",
80
- "@budibase/backend-core": "1.4.8-alpha.6",
81
- "@budibase/client": "1.4.8-alpha.6",
82
- "@budibase/pro": "1.4.8-alpha.5",
83
- "@budibase/string-templates": "1.4.8-alpha.6",
84
- "@budibase/types": "1.4.8-alpha.6",
80
+ "@budibase/backend-core": "1.4.8-alpha.8",
81
+ "@budibase/client": "1.4.8-alpha.8",
82
+ "@budibase/pro": "1.4.8-alpha.7",
83
+ "@budibase/string-templates": "1.4.8-alpha.8",
84
+ "@budibase/types": "1.4.8-alpha.8",
85
85
  "@bull-board/api": "3.7.0",
86
86
  "@bull-board/koa": "3.9.4",
87
87
  "@elastic/elasticsearch": "7.10.0",
@@ -199,5 +199,5 @@
199
199
  "optionalDependencies": {
200
200
  "oracledb": "5.3.0"
201
201
  },
202
- "gitHead": "ccfbf5835af8e1a39614ddedaadf55a012312945"
202
+ "gitHead": "e4a7cf7d33c1c16e6854583b4df2a863cd17b73e"
203
203
  }
@@ -47,14 +47,9 @@ import { checkAppMetadata } from "../../automations/logging"
47
47
  import { getUniqueRows } from "../../utilities/usageQuota/rows"
48
48
  import { quotas } from "@budibase/pro"
49
49
  import { errors, events, migrations } from "@budibase/backend-core"
50
- import {
51
- App,
52
- Layout,
53
- Screen,
54
- MigrationType,
55
- AppNavigation,
56
- } from "@budibase/types"
50
+ import { App, Layout, Screen, MigrationType } from "@budibase/types"
57
51
  import { BASE_LAYOUT_PROP_IDS } from "../../constants/layouts"
52
+ import { groups } from "@budibase/pro"
58
53
 
59
54
  const URL_REGEX_SLASH = /\/|\\/g
60
55
 
@@ -501,6 +496,7 @@ const preDestroyApp = async (ctx: any) => {
501
496
 
502
497
  const postDestroyApp = async (ctx: any) => {
503
498
  const rowCount = ctx.rowCount
499
+ await groups.cleanupApp(ctx.params.appId)
504
500
  if (rowCount) {
505
501
  await quotas.removeRows(rowCount)
506
502
  }
@@ -1,19 +1,21 @@
1
- const { outputProcessing } = require("../../utilities/rowProcessor")
2
- const { InternalTables } = require("../../db/utils")
3
- const { getFullUser } = require("../../utilities/users")
4
- const { BUILTIN_ROLE_IDS } = require("@budibase/backend-core/roles")
5
- const { getAppDB, getAppId } = require("@budibase/backend-core/context")
1
+ import { outputProcessing } from "../../utilities/rowProcessor"
2
+ import { InternalTables } from "../../db/utils"
3
+ import { getFullUser } from "../../utilities/users"
4
+ import { roles, context } from "@budibase/backend-core"
5
+ import { groups } from "@budibase/pro"
6
+
7
+ const PUBLIC_ROLE = roles.BUILTIN_ROLE_IDS.PUBLIC
6
8
 
7
9
  /**
8
10
  * Add the attributes that are session based to the current user.
9
11
  */
10
- const addSessionAttributesToUser = ctx => {
12
+ const addSessionAttributesToUser = (ctx: any) => {
11
13
  if (ctx.user) {
12
14
  ctx.body.license = ctx.user.license
13
15
  }
14
16
  }
15
17
 
16
- exports.fetchSelf = async ctx => {
18
+ export async function fetchSelf(ctx: any) {
17
19
  let userId = ctx.user.userId || ctx.user._id
18
20
  /* istanbul ignore next */
19
21
  if (!userId || !ctx.isAuthenticated) {
@@ -21,30 +23,30 @@ exports.fetchSelf = async ctx => {
21
23
  return
22
24
  }
23
25
 
26
+ const appId = context.getAppId()
24
27
  const user = await getFullUser(ctx, userId)
25
28
  // this shouldn't be returned by the app self
26
29
  delete user.roles
27
30
  // forward the csrf token from the session
28
31
  user.csrfToken = ctx.user.csrfToken
29
32
 
30
- if (getAppId()) {
31
- const db = getAppDB()
33
+ if (appId) {
34
+ const db = context.getAppDB()
35
+ // check for group permissions
36
+ if (!user.roleId || user.roleId === PUBLIC_ROLE) {
37
+ const groupRoleId = await groups.getGroupRoleId(user, appId)
38
+ user.roleId = groupRoleId || user.roleId
39
+ }
32
40
  // remove the full roles structure
33
41
  delete user.roles
34
42
  try {
35
43
  const userTable = await db.get(InternalTables.USER_METADATA)
36
- const metadata = await db.get(userId)
37
- // make sure there is never a stale csrf token
38
- delete metadata.csrfToken
39
44
  // specifically needs to make sure is enriched
40
- ctx.body = await outputProcessing(userTable, {
41
- ...user,
42
- ...metadata,
43
- })
44
- } catch (err) {
45
+ ctx.body = await outputProcessing(userTable, user)
46
+ } catch (err: any) {
45
47
  let response
46
48
  // user didn't exist in app, don't pretend they do
47
- if (user.roleId === BUILTIN_ROLE_IDS.PUBLIC) {
49
+ if (user.roleId === PUBLIC_ROLE) {
48
50
  response = {}
49
51
  }
50
52
  // user has a role of some sort, return them
@@ -8,7 +8,7 @@ exports.fetch = async function (ctx) {
8
8
  const defs = await getDefinitions()
9
9
 
10
10
  // for google sheets integration google verification
11
- if (featureFlags.isEnabled(featureFlags.FeatureFlag.GOOGLE_SHEETS)) {
11
+ if (featureFlags.isEnabled(featureFlags.TenantFeatureFlag.GOOGLE_SHEETS)) {
12
12
  defs[SourceName.GOOGLE_SHEETS] = googlesheets.schema
13
13
  }
14
14
 
@@ -1,7 +1,7 @@
1
1
  const Router = require("@koa/router")
2
2
  const controller = require("../controllers/analytics")
3
3
 
4
- const router = Router()
4
+ const router = new Router()
5
5
 
6
6
  router.get("/api/bbtel", controller.isEnabled)
7
7
  router.post("/api/bbtel/ping", controller.ping)
@@ -3,7 +3,7 @@ const controller = require("../controllers/apikeys")
3
3
  const authorized = require("../../middleware/authorized")
4
4
  const { BUILDER } = require("@budibase/backend-core/permissions")
5
5
 
6
- const router = Router()
6
+ const router = new Router()
7
7
 
8
8
  router
9
9
  .get("/api/keys", authorized(BUILDER), controller.fetch)
@@ -0,0 +1,8 @@
1
+ import Router from "@koa/router"
2
+ import * as controller from "../controllers/auth"
3
+
4
+ const router = new Router()
5
+
6
+ router.get("/api/self", controller.fetchSelf)
7
+
8
+ export default router
@@ -13,7 +13,7 @@ const {
13
13
  } = require("../../middleware/appInfo")
14
14
  const { automationValidator } = require("./utils/validators")
15
15
 
16
- const router = Router()
16
+ const router = new Router()
17
17
 
18
18
  router
19
19
  .get(
@@ -3,7 +3,7 @@ const controller = require("../controllers/backup")
3
3
  const authorized = require("../../middleware/authorized")
4
4
  const { BUILDER } = require("@budibase/backend-core/permissions")
5
5
 
6
- const router = Router()
6
+ const router = new Router()
7
7
 
8
8
  router.get("/api/backups/export", authorized(BUILDER), controller.exportAppDump)
9
9
 
@@ -3,7 +3,7 @@ const controller = require("../controllers/cloud")
3
3
  const authorized = require("../../middleware/authorized")
4
4
  const { BUILDER } = require("@budibase/backend-core/permissions")
5
5
 
6
- const router = Router()
6
+ const router = new Router()
7
7
 
8
8
  router
9
9
  .get("/api/cloud/export", authorized(BUILDER), controller.exportApps)
@@ -3,7 +3,7 @@ const controller = require("../controllers/component")
3
3
  const authorized = require("../../middleware/authorized")
4
4
  const { BUILDER } = require("@budibase/backend-core/permissions")
5
5
 
6
- const router = Router()
6
+ const router = new Router()
7
7
 
8
8
  router.get(
9
9
  "/api/:appId/components/definitions",
@@ -11,7 +11,7 @@ const {
11
11
  datasourceQueryValidator,
12
12
  } = require("./utils/validators")
13
13
 
14
- const router = Router()
14
+ const router = new Router()
15
15
 
16
16
  router
17
17
  .get("/api/datasources", authorized(BUILDER), datasourceController.fetch)
@@ -3,7 +3,7 @@ const controller = require("../controllers/deploy")
3
3
  const authorized = require("../../middleware/authorized")
4
4
  const { BUILDER } = require("@budibase/backend-core/permissions")
5
5
 
6
- const router = Router()
6
+ const router = new Router()
7
7
 
8
8
  router
9
9
  .get("/api/deployments", authorized(BUILDER), controller.fetchDeployments)
@@ -4,7 +4,7 @@ const env = require("../../environment")
4
4
  const authorized = require("../../middleware/authorized")
5
5
  const { BUILDER } = require("@budibase/backend-core/permissions")
6
6
 
7
- const router = Router()
7
+ const router = new Router()
8
8
 
9
9
  function redirectPath(path) {
10
10
  router
@@ -3,7 +3,7 @@ const controller = require("../controllers/integration")
3
3
  const authorized = require("../../middleware/authorized")
4
4
  const { BUILDER } = require("@budibase/backend-core/permissions")
5
5
 
6
- const router = Router()
6
+ const router = new Router()
7
7
 
8
8
  router
9
9
  .get("/api/integrations", authorized(BUILDER), controller.fetch)
@@ -3,7 +3,7 @@ const authorized = require("../../middleware/authorized")
3
3
  const { BUILDER } = require("@budibase/backend-core/permissions")
4
4
  const controller = require("../controllers/layout")
5
5
 
6
- const router = Router()
6
+ const router = new Router()
7
7
 
8
8
  router
9
9
  .post("/api/layouts", authorized(BUILDER), controller.save)
@@ -7,7 +7,7 @@ const {
7
7
  const authorized = require("../../middleware/authorized")
8
8
  const { BUILDER } = require("@budibase/backend-core/permissions")
9
9
 
10
- const router = Router()
10
+ const router = new Router()
11
11
 
12
12
  router
13
13
  .post(
@@ -1,6 +1,6 @@
1
1
  const Router = require("@koa/router")
2
2
  const migrationsController = require("../controllers/migrations")
3
- const router = Router()
3
+ const router = new Router()
4
4
  const { internalApi } = require("@budibase/backend-core/auth")
5
5
 
6
6
  router
@@ -4,7 +4,7 @@ const authorized = require("../../middleware/authorized")
4
4
  const { BUILDER } = require("@budibase/backend-core/permissions")
5
5
  const { permissionValidator } = require("./utils/validators")
6
6
 
7
- const router = Router()
7
+ const router = new Router()
8
8
 
9
9
  router
10
10
  .get("/api/permission/builtin", authorized(BUILDER), controller.fetchBuiltin)
@@ -16,7 +16,7 @@ const {
16
16
  generateQueryValidation,
17
17
  } = require("../controllers/query/validation")
18
18
 
19
- const router = Router()
19
+ const router = new Router()
20
20
 
21
21
  router
22
22
  .get("/api/queries", authorized(BUILDER), queryController.fetch)
@@ -4,7 +4,7 @@ const authorized = require("../../middleware/authorized")
4
4
  const { BUILDER } = require("@budibase/backend-core/permissions")
5
5
  const { roleValidator } = require("./utils/validators")
6
6
 
7
- const router = Router()
7
+ const router = new Router()
8
8
 
9
9
  router
10
10
  .post("/api/roles", authorized(BUILDER), roleValidator(), controller.save)
@@ -3,7 +3,7 @@ const authorized = require("../../middleware/authorized")
3
3
  const { BUILDER } = require("@budibase/backend-core/permissions")
4
4
  const controller = require("../controllers/routing")
5
5
 
6
- const router = Router()
6
+ const router = new Router()
7
7
 
8
8
  router
9
9
  // gets correct structure for user role
@@ -4,7 +4,7 @@ const authorized = require("../../middleware/authorized")
4
4
  const { BUILDER } = require("@budibase/backend-core/permissions")
5
5
  const { screenValidator } = require("./utils/validators")
6
6
 
7
- const router = Router()
7
+ const router = new Router()
8
8
 
9
9
  router
10
10
  .get("/api/screens", authorized(BUILDER), controller.fetch)
@@ -3,7 +3,7 @@ const controller = require("../controllers/script")
3
3
  const authorized = require("../../middleware/authorized")
4
4
  const { BUILDER } = require("@budibase/backend-core/permissions")
5
5
 
6
- const router = Router()
6
+ const router = new Router()
7
7
 
8
8
  router.post("/api/script", authorized(BUILDER), controller.save)
9
9
 
@@ -9,7 +9,7 @@ const {
9
9
  } = require("@budibase/backend-core/permissions")
10
10
  const { tableValidator } = require("./utils/validators")
11
11
 
12
- const router = Router()
12
+ const router = new Router()
13
13
 
14
14
  router
15
15
  /**
@@ -3,7 +3,7 @@ const controller = require("../controllers/templates")
3
3
  const authorized = require("../../middleware/authorized")
4
4
  const { BUILDER } = require("@budibase/backend-core/permissions")
5
5
 
6
- const router = Router()
6
+ const router = new Router()
7
7
 
8
8
  router
9
9
  .get("/api/templates", authorized(BUILDER), controller.fetch)
@@ -6,7 +6,7 @@ const {
6
6
  PermissionTypes,
7
7
  } = require("@budibase/backend-core/permissions")
8
8
 
9
- const router = Router()
9
+ const router = new Router()
10
10
 
11
11
  router
12
12
  .get(
@@ -9,7 +9,7 @@ const {
9
9
  PermissionLevels,
10
10
  } = require("@budibase/backend-core/permissions")
11
11
 
12
- const router = Router()
12
+ const router = new Router()
13
13
 
14
14
  router
15
15
  .get("/api/views/export", authorized(BUILDER), viewController.exportView)
@@ -4,7 +4,7 @@ const authorized = require("../../middleware/authorized")
4
4
  const { BUILDER } = require("@budibase/backend-core/permissions")
5
5
  const { webhookValidator } = require("./utils/validators")
6
6
 
7
- const router = Router()
7
+ const router = new Router()
8
8
 
9
9
  router
10
10
  .get("/api/webhooks", authorized(BUILDER), controller.fetch)
@@ -52,9 +52,9 @@ const checkAuthorizedResource = async (
52
52
  ) => {
53
53
  // get the user's roles
54
54
  const roleId = ctx.roleId || BUILTIN_ROLE_IDS.PUBLIC
55
- const userRoles = await getUserRoleHierarchy(roleId, {
55
+ const userRoles = (await getUserRoleHierarchy(roleId, {
56
56
  idOnly: false,
57
- })
57
+ })) as { _id: string }[]
58
58
  const permError = "User does not have permission"
59
59
  // check if the user has the required role
60
60
  if (resourceRoles.length > 0) {
@@ -43,9 +43,10 @@ exports.updateAppRole = (user, { appId } = {}) => {
43
43
  }
44
44
 
45
45
  async function checkGroupRoles(user, { appId } = {}) {
46
- let roleId = await groups.getGroupRoleId(user, appId)
47
- user.roleId = roleId
48
-
46
+ if (user.roleId && user.roleId !== BUILTIN_ROLE_IDS.PUBLIC) {
47
+ return user
48
+ }
49
+ user.roleId = await groups.getGroupRoleId(user, appId)
49
50
  return user
50
51
  }
51
52
 
@@ -74,8 +75,9 @@ exports.getRawGlobalUser = async userId => {
74
75
  }
75
76
 
76
77
  exports.getGlobalUser = async userId => {
78
+ const appId = getAppId()
77
79
  let user = await exports.getRawGlobalUser(userId)
78
- return processUser(user)
80
+ return processUser(user, { appId })
79
81
  }
80
82
 
81
83
  exports.getGlobalUsers = async (users = null) => {
@@ -2,10 +2,11 @@ const { InternalTables } = require("../db/utils")
2
2
  const { getGlobalUser } = require("../utilities/global")
3
3
  const { getAppDB } = require("@budibase/backend-core/context")
4
4
  const { getProdAppID } = require("@budibase/backend-core/db")
5
+ const { BUILTIN_ROLE_IDS } = require("@budibase/backend-core/roles")
5
6
 
6
7
  exports.getFullUser = async (ctx, userId) => {
7
8
  const global = await getGlobalUser(userId)
8
- let metadata
9
+ let metadata = {}
9
10
  try {
10
11
  // this will throw an error if the db doesn't exist, or there is no appId
11
12
  const db = getAppDB()
@@ -15,9 +16,11 @@ exports.getFullUser = async (ctx, userId) => {
15
16
  delete global._id
16
17
  delete global._rev
17
18
  }
19
+ delete metadata.csrfToken
18
20
  return {
19
- ...global,
20
21
  ...metadata,
22
+ ...global,
23
+ roleId: global.roleId || BUILTIN_ROLE_IDS.PUBLIC,
21
24
  tableId: InternalTables.USER_METADATA,
22
25
  // make sure the ID is always a local ID, not a global one
23
26
  _id: userId,