@budibase/server 1.4.8-alpha.7 → 1.4.8-alpha.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/builder/assets/{index.ba07aa78.js → index.28a1c01f.js} +312 -308
- package/builder/assets/index.fd3654ad.css +6 -0
- package/builder/index.html +2 -2
- package/coverage/clover.xml +138 -176
- package/coverage/coverage-final.json +32 -34
- package/coverage/lcov-report/api/controllers/apikeys.js.html +1 -1
- package/coverage/lcov-report/api/controllers/automation.js.html +1 -1
- package/coverage/lcov-report/api/controllers/backup.js.html +1 -1
- package/coverage/lcov-report/api/controllers/cloud.js.html +1 -1
- package/coverage/lcov-report/api/controllers/datasource.js.html +1 -1
- package/coverage/lcov-report/api/controllers/dev.js.html +1 -1
- package/coverage/lcov-report/api/controllers/index.html +9 -24
- package/coverage/lcov-report/api/controllers/integration.js.html +2 -2
- package/coverage/lcov-report/api/controllers/layout.js.html +1 -1
- package/coverage/lcov-report/api/controllers/metadata.js.html +1 -1
- package/coverage/lcov-report/api/controllers/migrations.js.html +1 -1
- package/coverage/lcov-report/api/controllers/permission.js.html +1 -1
- package/coverage/lcov-report/api/controllers/query/index.html +1 -1
- package/coverage/lcov-report/api/controllers/query/validation.js.html +1 -1
- package/coverage/lcov-report/api/controllers/role.js.html +1 -1
- package/coverage/lcov-report/api/controllers/routing.js.html +1 -1
- package/coverage/lcov-report/api/controllers/row/external.js.html +1 -1
- package/coverage/lcov-report/api/controllers/row/index.html +1 -1
- package/coverage/lcov-report/api/controllers/row/internal.js.html +1 -1
- package/coverage/lcov-report/api/controllers/row/internalSearch.js.html +1 -1
- package/coverage/lcov-report/api/controllers/row/staticFormula.js.html +1 -1
- package/coverage/lcov-report/api/controllers/row/utils.js.html +1 -1
- package/coverage/lcov-report/api/controllers/script.js.html +1 -1
- package/coverage/lcov-report/api/controllers/table/bulkFormula.js.html +1 -1
- package/coverage/lcov-report/api/controllers/table/external.js.html +1 -1
- package/coverage/lcov-report/api/controllers/table/index.html +1 -1
- package/coverage/lcov-report/api/controllers/table/index.js.html +1 -1
- package/coverage/lcov-report/api/controllers/templates.js.html +1 -1
- package/coverage/lcov-report/api/controllers/user.js.html +1 -1
- package/coverage/lcov-report/api/controllers/view/exporters.js.html +1 -1
- package/coverage/lcov-report/api/controllers/view/index.html +1 -1
- package/coverage/lcov-report/api/controllers/view/index.js.html +1 -1
- package/coverage/lcov-report/api/controllers/view/utils.js.html +1 -1
- package/coverage/lcov-report/api/controllers/view/viewBuilder.js.html +1 -1
- package/coverage/lcov-report/api/controllers/webhook.js.html +1 -1
- package/coverage/lcov-report/api/index.html +1 -1
- package/coverage/lcov-report/api/index.js.html +1 -1
- package/coverage/lcov-report/api/routes/analytics.js.html +2 -2
- package/coverage/lcov-report/api/routes/apikeys.js.html +2 -2
- package/coverage/lcov-report/api/routes/automation.js.html +2 -2
- package/coverage/lcov-report/api/routes/backup.js.html +2 -2
- package/coverage/lcov-report/api/routes/cloud.js.html +2 -2
- package/coverage/lcov-report/api/routes/component.js.html +2 -2
- package/coverage/lcov-report/api/routes/datasource.js.html +2 -2
- package/coverage/lcov-report/api/routes/deploy.js.html +2 -2
- package/coverage/lcov-report/api/routes/dev.js.html +2 -2
- package/coverage/lcov-report/api/routes/index.html +5 -20
- package/coverage/lcov-report/api/routes/integration.js.html +2 -2
- package/coverage/lcov-report/api/routes/layout.js.html +2 -2
- package/coverage/lcov-report/api/routes/metadata.js.html +2 -2
- package/coverage/lcov-report/api/routes/migrations.js.html +2 -2
- package/coverage/lcov-report/api/routes/permission.js.html +2 -2
- package/coverage/lcov-report/api/routes/query.js.html +2 -2
- package/coverage/lcov-report/api/routes/role.js.html +2 -2
- package/coverage/lcov-report/api/routes/routing.js.html +2 -2
- package/coverage/lcov-report/api/routes/screen.js.html +2 -2
- package/coverage/lcov-report/api/routes/script.js.html +2 -2
- package/coverage/lcov-report/api/routes/table.js.html +2 -2
- package/coverage/lcov-report/api/routes/templates.js.html +2 -2
- package/coverage/lcov-report/api/routes/user.js.html +2 -2
- package/coverage/lcov-report/api/routes/utils/index.html +1 -1
- package/coverage/lcov-report/api/routes/utils/validators.js.html +1 -1
- package/coverage/lcov-report/api/routes/view.js.html +2 -2
- package/coverage/lcov-report/api/routes/webhook.js.html +2 -2
- package/coverage/lcov-report/automations/actions.js.html +1 -1
- package/coverage/lcov-report/automations/automationUtils.js.html +1 -1
- package/coverage/lcov-report/automations/bullboard.js.html +1 -1
- package/coverage/lcov-report/automations/index.html +1 -1
- package/coverage/lcov-report/automations/index.js.html +1 -1
- package/coverage/lcov-report/automations/steps/bash.js.html +1 -1
- package/coverage/lcov-report/automations/steps/delay.js.html +1 -1
- package/coverage/lcov-report/automations/steps/discord.js.html +1 -1
- package/coverage/lcov-report/automations/steps/executeQuery.js.html +1 -1
- package/coverage/lcov-report/automations/steps/executeScript.js.html +1 -1
- package/coverage/lcov-report/automations/steps/filter.js.html +1 -1
- package/coverage/lcov-report/automations/steps/index.html +1 -1
- package/coverage/lcov-report/automations/steps/integromat.js.html +1 -1
- package/coverage/lcov-report/automations/steps/loop.js.html +1 -1
- package/coverage/lcov-report/automations/steps/outgoingWebhook.js.html +1 -1
- package/coverage/lcov-report/automations/steps/queryRows.js.html +1 -1
- package/coverage/lcov-report/automations/steps/sendSmtpEmail.js.html +52 -4
- package/coverage/lcov-report/automations/steps/serverLog.js.html +1 -1
- package/coverage/lcov-report/automations/steps/slack.js.html +1 -1
- package/coverage/lcov-report/automations/steps/updateRow.js.html +1 -1
- package/coverage/lcov-report/automations/steps/utils.js.html +1 -1
- package/coverage/lcov-report/automations/steps/zapier.js.html +1 -1
- package/coverage/lcov-report/automations/triggerInfo/app.js.html +1 -1
- package/coverage/lcov-report/automations/triggerInfo/cron.js.html +1 -1
- package/coverage/lcov-report/automations/triggerInfo/index.html +1 -1
- package/coverage/lcov-report/automations/triggerInfo/index.js.html +1 -1
- package/coverage/lcov-report/automations/triggerInfo/rowDeleted.js.html +1 -1
- package/coverage/lcov-report/automations/triggerInfo/rowSaved.js.html +1 -1
- package/coverage/lcov-report/automations/triggerInfo/rowUpdated.js.html +1 -1
- package/coverage/lcov-report/automations/triggerInfo/webhook.js.html +1 -1
- package/coverage/lcov-report/automations/triggers.js.html +1 -1
- package/coverage/lcov-report/constants/index.html +1 -1
- package/coverage/lcov-report/constants/index.js.html +1 -1
- package/coverage/lcov-report/constants/layouts.js.html +1 -1
- package/coverage/lcov-report/constants/screens.js.html +1 -1
- package/coverage/lcov-report/db/inMemoryView.js.html +1 -1
- package/coverage/lcov-report/db/index.html +1 -1
- package/coverage/lcov-report/db/index.js.html +1 -1
- package/coverage/lcov-report/db/linkedRows/LinkController.js.html +1 -1
- package/coverage/lcov-report/db/linkedRows/index.html +1 -1
- package/coverage/lcov-report/db/linkedRows/index.js.html +11 -11
- package/coverage/lcov-report/db/linkedRows/linkUtils.js.html +7 -7
- package/coverage/lcov-report/db/newid.js.html +1 -1
- package/coverage/lcov-report/db/utils.js.html +1 -1
- package/coverage/lcov-report/events/AutomationEmitter.js.html +1 -1
- package/coverage/lcov-report/events/index.html +1 -1
- package/coverage/lcov-report/events/index.js.html +1 -1
- package/coverage/lcov-report/events/utils.js.html +1 -1
- package/coverage/lcov-report/index.html +30 -30
- package/coverage/lcov-report/integrations/tests/TestConfiguration.js.html +1 -1
- package/coverage/lcov-report/integrations/tests/index.html +1 -1
- package/coverage/lcov-report/middleware/appInfo.js.html +1 -1
- package/coverage/lcov-report/middleware/builder.js.html +1 -1
- package/coverage/lcov-report/middleware/currentapp.js.html +1 -1
- package/coverage/lcov-report/middleware/index.html +1 -1
- package/coverage/lcov-report/middleware/joi-validator.js.html +1 -1
- package/coverage/lcov-report/middleware/publicApi.js.html +1 -1
- package/coverage/lcov-report/middleware/resourceId.js.html +1 -1
- package/coverage/lcov-report/middleware/selfhost.js.html +1 -1
- package/coverage/lcov-report/middleware/utils.js.html +1 -1
- package/coverage/lcov-report/utilities/budibaseDir.js.html +1 -1
- package/coverage/lcov-report/utilities/centralPath.js.html +1 -1
- package/coverage/lcov-report/utilities/csvParser.js.html +1 -1
- package/coverage/lcov-report/utilities/global.js.html +19 -13
- package/coverage/lcov-report/utilities/index.html +24 -24
- package/coverage/lcov-report/utilities/index.js.html +1 -1
- package/coverage/lcov-report/utilities/queue/inMemoryQueue.js.html +1 -1
- package/coverage/lcov-report/utilities/queue/index.html +1 -1
- package/coverage/lcov-report/utilities/routing/index.html +1 -1
- package/coverage/lcov-report/utilities/routing/index.js.html +1 -1
- package/coverage/lcov-report/utilities/rowProcessor/index.html +1 -1
- package/coverage/lcov-report/utilities/rowProcessor/index.js.html +12 -12
- package/coverage/lcov-report/utilities/rowProcessor/utils.js.html +8 -8
- package/coverage/lcov-report/utilities/scriptRunner.js.html +1 -1
- package/coverage/lcov-report/utilities/security.js.html +1 -1
- package/coverage/lcov-report/utilities/statusCodes.js.html +1 -1
- package/coverage/lcov-report/utilities/usageQuota/index.html +1 -1
- package/coverage/lcov-report/utilities/usageQuota/rows.js.html +1 -1
- package/coverage/lcov-report/utilities/usageQuota/usageQuoteReset.js.html +1 -1
- package/coverage/lcov-report/utilities/users.js.html +21 -12
- package/coverage/lcov-report/utilities/workerRequests.js.html +33 -3
- package/coverage/lcov.info +212 -270
- package/dist/api/controllers/application.js +2 -0
- package/dist/api/controllers/auth.js +58 -49
- package/dist/api/controllers/integration.js +1 -1
- package/dist/api/routes/analytics.js +1 -1
- package/dist/api/routes/apikeys.js +1 -1
- package/dist/api/routes/auth.js +31 -4
- package/dist/api/routes/automation.js +1 -1
- package/dist/api/routes/backup.js +1 -1
- package/dist/api/routes/cloud.js +1 -1
- package/dist/api/routes/component.js +1 -1
- package/dist/api/routes/datasource.js +1 -1
- package/dist/api/routes/deploy.js +1 -1
- package/dist/api/routes/dev.js +1 -1
- package/dist/api/routes/integration.js +1 -1
- package/dist/api/routes/layout.js +1 -1
- package/dist/api/routes/metadata.js +1 -1
- package/dist/api/routes/migrations.js +1 -1
- package/dist/api/routes/permission.js +1 -1
- package/dist/api/routes/query.js +1 -1
- package/dist/api/routes/role.js +1 -1
- package/dist/api/routes/routing.js +1 -1
- package/dist/api/routes/screen.js +1 -1
- package/dist/api/routes/script.js +1 -1
- package/dist/api/routes/table.js +1 -1
- package/dist/api/routes/templates.js +1 -1
- package/dist/api/routes/user.js +1 -1
- package/dist/api/routes/view.js +1 -1
- package/dist/api/routes/webhook.js +1 -1
- package/dist/automations/steps/sendSmtpEmail.js +10 -2
- package/dist/middleware/authorized.js +2 -2
- package/dist/package.json +6 -6
- package/dist/tsconfig.build.tsbuildinfo +1 -1
- package/dist/utilities/global.js +6 -3
- package/dist/utilities/users.js +4 -2
- package/dist/utilities/workerRequests.js +3 -1
- package/package.json +7 -7
- package/src/api/controllers/application.ts +3 -7
- package/src/api/controllers/{auth.js → auth.ts} +20 -18
- package/src/api/controllers/integration.js +1 -1
- package/src/api/routes/analytics.js +1 -1
- package/src/api/routes/apikeys.js +1 -1
- package/src/api/routes/auth.ts +8 -0
- package/src/api/routes/automation.js +1 -1
- package/src/api/routes/backup.js +1 -1
- package/src/api/routes/cloud.js +1 -1
- package/src/api/routes/component.js +1 -1
- package/src/api/routes/datasource.js +1 -1
- package/src/api/routes/deploy.js +1 -1
- package/src/api/routes/dev.js +1 -1
- package/src/api/routes/integration.js +1 -1
- package/src/api/routes/layout.js +1 -1
- package/src/api/routes/metadata.js +1 -1
- package/src/api/routes/migrations.js +1 -1
- package/src/api/routes/permission.js +1 -1
- package/src/api/routes/query.js +1 -1
- package/src/api/routes/role.js +1 -1
- package/src/api/routes/routing.js +1 -1
- package/src/api/routes/screen.js +1 -1
- package/src/api/routes/script.js +1 -1
- package/src/api/routes/table.js +1 -1
- package/src/api/routes/templates.js +1 -1
- package/src/api/routes/user.js +1 -1
- package/src/api/routes/view.js +1 -1
- package/src/api/routes/webhook.js +1 -1
- package/src/automations/steps/sendSmtpEmail.js +18 -2
- package/src/middleware/authorized.ts +2 -2
- package/src/utilities/global.js +6 -4
- package/src/utilities/users.js +5 -2
- package/src/utilities/workerRequests.js +11 -1
- package/builder/assets/index.10b8a572.css +0 -6
- package/coverage/lcov-report/api/controllers/auth.js.html +0 -292
- package/coverage/lcov-report/api/routes/auth.js.html +0 -109
- package/src/api/routes/auth.js +0 -8
package/dist/utilities/global.js
CHANGED
|
@@ -47,8 +47,10 @@ exports.updateAppRole = (user, { appId } = {}) => {
|
|
|
47
47
|
};
|
|
48
48
|
function checkGroupRoles(user, { appId } = {}) {
|
|
49
49
|
return __awaiter(this, void 0, void 0, function* () {
|
|
50
|
-
|
|
51
|
-
|
|
50
|
+
if (user.roleId && user.roleId !== BUILTIN_ROLE_IDS.PUBLIC) {
|
|
51
|
+
return user;
|
|
52
|
+
}
|
|
53
|
+
user.roleId = yield groups.getGroupRoleId(user, appId);
|
|
52
54
|
return user;
|
|
53
55
|
});
|
|
54
56
|
}
|
|
@@ -76,8 +78,9 @@ exports.getRawGlobalUser = (userId) => __awaiter(void 0, void 0, void 0, functio
|
|
|
76
78
|
return db.get(getGlobalIDFromUserMetadataID(userId));
|
|
77
79
|
});
|
|
78
80
|
exports.getGlobalUser = (userId) => __awaiter(void 0, void 0, void 0, function* () {
|
|
81
|
+
const appId = getAppId();
|
|
79
82
|
let user = yield exports.getRawGlobalUser(userId);
|
|
80
|
-
return processUser(user);
|
|
83
|
+
return processUser(user, { appId });
|
|
81
84
|
});
|
|
82
85
|
exports.getGlobalUsers = (users = null) => __awaiter(void 0, void 0, void 0, function* () {
|
|
83
86
|
const appId = getAppId();
|
package/dist/utilities/users.js
CHANGED
|
@@ -12,9 +12,10 @@ const { InternalTables } = require("../db/utils");
|
|
|
12
12
|
const { getGlobalUser } = require("../utilities/global");
|
|
13
13
|
const { getAppDB } = require("@budibase/backend-core/context");
|
|
14
14
|
const { getProdAppID } = require("@budibase/backend-core/db");
|
|
15
|
+
const { BUILTIN_ROLE_IDS } = require("@budibase/backend-core/roles");
|
|
15
16
|
exports.getFullUser = (ctx, userId) => __awaiter(void 0, void 0, void 0, function* () {
|
|
16
17
|
const global = yield getGlobalUser(userId);
|
|
17
|
-
let metadata;
|
|
18
|
+
let metadata = {};
|
|
18
19
|
try {
|
|
19
20
|
// this will throw an error if the db doesn't exist, or there is no appId
|
|
20
21
|
const db = getAppDB();
|
|
@@ -25,7 +26,8 @@ exports.getFullUser = (ctx, userId) => __awaiter(void 0, void 0, void 0, functio
|
|
|
25
26
|
delete global._id;
|
|
26
27
|
delete global._rev;
|
|
27
28
|
}
|
|
28
|
-
|
|
29
|
+
delete metadata.csrfToken;
|
|
30
|
+
return Object.assign(Object.assign(Object.assign({}, metadata), global), { roleId: global.roleId || BUILTIN_ROLE_IDS.PUBLIC, tableId: InternalTables.USER_METADATA,
|
|
29
31
|
// make sure the ID is always a local ID, not a global one
|
|
30
32
|
_id: userId });
|
|
31
33
|
});
|
|
@@ -63,7 +63,7 @@ function checkResponse(response, errorMsg, { ctx } = {}) {
|
|
|
63
63
|
}
|
|
64
64
|
exports.request = request;
|
|
65
65
|
// have to pass in the tenant ID as this could be coming from an automation
|
|
66
|
-
exports.sendSmtpEmail = (to, from, subject, contents, automation) => __awaiter(void 0, void 0, void 0, function* () {
|
|
66
|
+
exports.sendSmtpEmail = (to, from, subject, contents, cc, bcc, automation) => __awaiter(void 0, void 0, void 0, function* () {
|
|
67
67
|
// tenant ID will be set in header
|
|
68
68
|
const response = yield fetch(checkSlashesInUrl(env.WORKER_URL + `/api/global/email/send`), request(null, {
|
|
69
69
|
method: "POST",
|
|
@@ -72,6 +72,8 @@ exports.sendSmtpEmail = (to, from, subject, contents, automation) => __awaiter(v
|
|
|
72
72
|
from,
|
|
73
73
|
contents,
|
|
74
74
|
subject,
|
|
75
|
+
cc,
|
|
76
|
+
bcc,
|
|
75
77
|
purpose: "custom",
|
|
76
78
|
automation,
|
|
77
79
|
},
|
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@budibase/server",
|
|
3
3
|
"email": "hi@budibase.com",
|
|
4
|
-
"version": "1.4.8-alpha.
|
|
4
|
+
"version": "1.4.8-alpha.9",
|
|
5
5
|
"description": "Budibase Web Server",
|
|
6
6
|
"main": "src/index.ts",
|
|
7
7
|
"repository": {
|
|
@@ -77,11 +77,11 @@
|
|
|
77
77
|
"license": "GPL-3.0",
|
|
78
78
|
"dependencies": {
|
|
79
79
|
"@apidevtools/swagger-parser": "10.0.3",
|
|
80
|
-
"@budibase/backend-core": "1.4.8-alpha.
|
|
81
|
-
"@budibase/client": "1.4.8-alpha.
|
|
82
|
-
"@budibase/pro": "1.4.8-alpha.
|
|
83
|
-
"@budibase/string-templates": "1.4.8-alpha.
|
|
84
|
-
"@budibase/types": "1.4.8-alpha.
|
|
80
|
+
"@budibase/backend-core": "1.4.8-alpha.9",
|
|
81
|
+
"@budibase/client": "1.4.8-alpha.9",
|
|
82
|
+
"@budibase/pro": "1.4.8-alpha.8",
|
|
83
|
+
"@budibase/string-templates": "1.4.8-alpha.9",
|
|
84
|
+
"@budibase/types": "1.4.8-alpha.9",
|
|
85
85
|
"@bull-board/api": "3.7.0",
|
|
86
86
|
"@bull-board/koa": "3.9.4",
|
|
87
87
|
"@elastic/elasticsearch": "7.10.0",
|
|
@@ -199,5 +199,5 @@
|
|
|
199
199
|
"optionalDependencies": {
|
|
200
200
|
"oracledb": "5.3.0"
|
|
201
201
|
},
|
|
202
|
-
"gitHead": "
|
|
202
|
+
"gitHead": "cef27c68ef3d7606b266629904a1a1b4bf877246"
|
|
203
203
|
}
|
|
@@ -47,14 +47,9 @@ import { checkAppMetadata } from "../../automations/logging"
|
|
|
47
47
|
import { getUniqueRows } from "../../utilities/usageQuota/rows"
|
|
48
48
|
import { quotas } from "@budibase/pro"
|
|
49
49
|
import { errors, events, migrations } from "@budibase/backend-core"
|
|
50
|
-
import {
|
|
51
|
-
App,
|
|
52
|
-
Layout,
|
|
53
|
-
Screen,
|
|
54
|
-
MigrationType,
|
|
55
|
-
AppNavigation,
|
|
56
|
-
} from "@budibase/types"
|
|
50
|
+
import { App, Layout, Screen, MigrationType } from "@budibase/types"
|
|
57
51
|
import { BASE_LAYOUT_PROP_IDS } from "../../constants/layouts"
|
|
52
|
+
import { groups } from "@budibase/pro"
|
|
58
53
|
|
|
59
54
|
const URL_REGEX_SLASH = /\/|\\/g
|
|
60
55
|
|
|
@@ -501,6 +496,7 @@ const preDestroyApp = async (ctx: any) => {
|
|
|
501
496
|
|
|
502
497
|
const postDestroyApp = async (ctx: any) => {
|
|
503
498
|
const rowCount = ctx.rowCount
|
|
499
|
+
await groups.cleanupApp(ctx.params.appId)
|
|
504
500
|
if (rowCount) {
|
|
505
501
|
await quotas.removeRows(rowCount)
|
|
506
502
|
}
|
|
@@ -1,19 +1,21 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
|
|
1
|
+
import { outputProcessing } from "../../utilities/rowProcessor"
|
|
2
|
+
import { InternalTables } from "../../db/utils"
|
|
3
|
+
import { getFullUser } from "../../utilities/users"
|
|
4
|
+
import { roles, context } from "@budibase/backend-core"
|
|
5
|
+
import { groups } from "@budibase/pro"
|
|
6
|
+
|
|
7
|
+
const PUBLIC_ROLE = roles.BUILTIN_ROLE_IDS.PUBLIC
|
|
6
8
|
|
|
7
9
|
/**
|
|
8
10
|
* Add the attributes that are session based to the current user.
|
|
9
11
|
*/
|
|
10
|
-
const addSessionAttributesToUser = ctx => {
|
|
12
|
+
const addSessionAttributesToUser = (ctx: any) => {
|
|
11
13
|
if (ctx.user) {
|
|
12
14
|
ctx.body.license = ctx.user.license
|
|
13
15
|
}
|
|
14
16
|
}
|
|
15
17
|
|
|
16
|
-
|
|
18
|
+
export async function fetchSelf(ctx: any) {
|
|
17
19
|
let userId = ctx.user.userId || ctx.user._id
|
|
18
20
|
/* istanbul ignore next */
|
|
19
21
|
if (!userId || !ctx.isAuthenticated) {
|
|
@@ -21,30 +23,30 @@ exports.fetchSelf = async ctx => {
|
|
|
21
23
|
return
|
|
22
24
|
}
|
|
23
25
|
|
|
26
|
+
const appId = context.getAppId()
|
|
24
27
|
const user = await getFullUser(ctx, userId)
|
|
25
28
|
// this shouldn't be returned by the app self
|
|
26
29
|
delete user.roles
|
|
27
30
|
// forward the csrf token from the session
|
|
28
31
|
user.csrfToken = ctx.user.csrfToken
|
|
29
32
|
|
|
30
|
-
if (
|
|
31
|
-
const db = getAppDB()
|
|
33
|
+
if (appId) {
|
|
34
|
+
const db = context.getAppDB()
|
|
35
|
+
// check for group permissions
|
|
36
|
+
if (!user.roleId || user.roleId === PUBLIC_ROLE) {
|
|
37
|
+
const groupRoleId = await groups.getGroupRoleId(user, appId)
|
|
38
|
+
user.roleId = groupRoleId || user.roleId
|
|
39
|
+
}
|
|
32
40
|
// remove the full roles structure
|
|
33
41
|
delete user.roles
|
|
34
42
|
try {
|
|
35
43
|
const userTable = await db.get(InternalTables.USER_METADATA)
|
|
36
|
-
const metadata = await db.get(userId)
|
|
37
|
-
// make sure there is never a stale csrf token
|
|
38
|
-
delete metadata.csrfToken
|
|
39
44
|
// specifically needs to make sure is enriched
|
|
40
|
-
ctx.body = await outputProcessing(userTable,
|
|
41
|
-
|
|
42
|
-
...metadata,
|
|
43
|
-
})
|
|
44
|
-
} catch (err) {
|
|
45
|
+
ctx.body = await outputProcessing(userTable, user)
|
|
46
|
+
} catch (err: any) {
|
|
45
47
|
let response
|
|
46
48
|
// user didn't exist in app, don't pretend they do
|
|
47
|
-
if (user.roleId ===
|
|
49
|
+
if (user.roleId === PUBLIC_ROLE) {
|
|
48
50
|
response = {}
|
|
49
51
|
}
|
|
50
52
|
// user has a role of some sort, return them
|
|
@@ -8,7 +8,7 @@ exports.fetch = async function (ctx) {
|
|
|
8
8
|
const defs = await getDefinitions()
|
|
9
9
|
|
|
10
10
|
// for google sheets integration google verification
|
|
11
|
-
if (featureFlags.isEnabled(featureFlags.
|
|
11
|
+
if (featureFlags.isEnabled(featureFlags.TenantFeatureFlag.GOOGLE_SHEETS)) {
|
|
12
12
|
defs[SourceName.GOOGLE_SHEETS] = googlesheets.schema
|
|
13
13
|
}
|
|
14
14
|
|
|
@@ -3,7 +3,7 @@ const controller = require("../controllers/apikeys")
|
|
|
3
3
|
const authorized = require("../../middleware/authorized")
|
|
4
4
|
const { BUILDER } = require("@budibase/backend-core/permissions")
|
|
5
5
|
|
|
6
|
-
const router = Router()
|
|
6
|
+
const router = new Router()
|
|
7
7
|
|
|
8
8
|
router
|
|
9
9
|
.get("/api/keys", authorized(BUILDER), controller.fetch)
|
package/src/api/routes/backup.js
CHANGED
|
@@ -3,7 +3,7 @@ const controller = require("../controllers/backup")
|
|
|
3
3
|
const authorized = require("../../middleware/authorized")
|
|
4
4
|
const { BUILDER } = require("@budibase/backend-core/permissions")
|
|
5
5
|
|
|
6
|
-
const router = Router()
|
|
6
|
+
const router = new Router()
|
|
7
7
|
|
|
8
8
|
router.get("/api/backups/export", authorized(BUILDER), controller.exportAppDump)
|
|
9
9
|
|
package/src/api/routes/cloud.js
CHANGED
|
@@ -3,7 +3,7 @@ const controller = require("../controllers/cloud")
|
|
|
3
3
|
const authorized = require("../../middleware/authorized")
|
|
4
4
|
const { BUILDER } = require("@budibase/backend-core/permissions")
|
|
5
5
|
|
|
6
|
-
const router = Router()
|
|
6
|
+
const router = new Router()
|
|
7
7
|
|
|
8
8
|
router
|
|
9
9
|
.get("/api/cloud/export", authorized(BUILDER), controller.exportApps)
|
|
@@ -3,7 +3,7 @@ const controller = require("../controllers/component")
|
|
|
3
3
|
const authorized = require("../../middleware/authorized")
|
|
4
4
|
const { BUILDER } = require("@budibase/backend-core/permissions")
|
|
5
5
|
|
|
6
|
-
const router = Router()
|
|
6
|
+
const router = new Router()
|
|
7
7
|
|
|
8
8
|
router.get(
|
|
9
9
|
"/api/:appId/components/definitions",
|
package/src/api/routes/deploy.js
CHANGED
|
@@ -3,7 +3,7 @@ const controller = require("../controllers/deploy")
|
|
|
3
3
|
const authorized = require("../../middleware/authorized")
|
|
4
4
|
const { BUILDER } = require("@budibase/backend-core/permissions")
|
|
5
5
|
|
|
6
|
-
const router = Router()
|
|
6
|
+
const router = new Router()
|
|
7
7
|
|
|
8
8
|
router
|
|
9
9
|
.get("/api/deployments", authorized(BUILDER), controller.fetchDeployments)
|
package/src/api/routes/dev.js
CHANGED
|
@@ -4,7 +4,7 @@ const env = require("../../environment")
|
|
|
4
4
|
const authorized = require("../../middleware/authorized")
|
|
5
5
|
const { BUILDER } = require("@budibase/backend-core/permissions")
|
|
6
6
|
|
|
7
|
-
const router = Router()
|
|
7
|
+
const router = new Router()
|
|
8
8
|
|
|
9
9
|
function redirectPath(path) {
|
|
10
10
|
router
|
|
@@ -3,7 +3,7 @@ const controller = require("../controllers/integration")
|
|
|
3
3
|
const authorized = require("../../middleware/authorized")
|
|
4
4
|
const { BUILDER } = require("@budibase/backend-core/permissions")
|
|
5
5
|
|
|
6
|
-
const router = Router()
|
|
6
|
+
const router = new Router()
|
|
7
7
|
|
|
8
8
|
router
|
|
9
9
|
.get("/api/integrations", authorized(BUILDER), controller.fetch)
|
package/src/api/routes/layout.js
CHANGED
|
@@ -3,7 +3,7 @@ const authorized = require("../../middleware/authorized")
|
|
|
3
3
|
const { BUILDER } = require("@budibase/backend-core/permissions")
|
|
4
4
|
const controller = require("../controllers/layout")
|
|
5
5
|
|
|
6
|
-
const router = Router()
|
|
6
|
+
const router = new Router()
|
|
7
7
|
|
|
8
8
|
router
|
|
9
9
|
.post("/api/layouts", authorized(BUILDER), controller.save)
|
|
@@ -4,7 +4,7 @@ const authorized = require("../../middleware/authorized")
|
|
|
4
4
|
const { BUILDER } = require("@budibase/backend-core/permissions")
|
|
5
5
|
const { permissionValidator } = require("./utils/validators")
|
|
6
6
|
|
|
7
|
-
const router = Router()
|
|
7
|
+
const router = new Router()
|
|
8
8
|
|
|
9
9
|
router
|
|
10
10
|
.get("/api/permission/builtin", authorized(BUILDER), controller.fetchBuiltin)
|
package/src/api/routes/query.js
CHANGED
package/src/api/routes/role.js
CHANGED
|
@@ -4,7 +4,7 @@ const authorized = require("../../middleware/authorized")
|
|
|
4
4
|
const { BUILDER } = require("@budibase/backend-core/permissions")
|
|
5
5
|
const { roleValidator } = require("./utils/validators")
|
|
6
6
|
|
|
7
|
-
const router = Router()
|
|
7
|
+
const router = new Router()
|
|
8
8
|
|
|
9
9
|
router
|
|
10
10
|
.post("/api/roles", authorized(BUILDER), roleValidator(), controller.save)
|
|
@@ -3,7 +3,7 @@ const authorized = require("../../middleware/authorized")
|
|
|
3
3
|
const { BUILDER } = require("@budibase/backend-core/permissions")
|
|
4
4
|
const controller = require("../controllers/routing")
|
|
5
5
|
|
|
6
|
-
const router = Router()
|
|
6
|
+
const router = new Router()
|
|
7
7
|
|
|
8
8
|
router
|
|
9
9
|
// gets correct structure for user role
|
package/src/api/routes/screen.js
CHANGED
|
@@ -4,7 +4,7 @@ const authorized = require("../../middleware/authorized")
|
|
|
4
4
|
const { BUILDER } = require("@budibase/backend-core/permissions")
|
|
5
5
|
const { screenValidator } = require("./utils/validators")
|
|
6
6
|
|
|
7
|
-
const router = Router()
|
|
7
|
+
const router = new Router()
|
|
8
8
|
|
|
9
9
|
router
|
|
10
10
|
.get("/api/screens", authorized(BUILDER), controller.fetch)
|
package/src/api/routes/script.js
CHANGED
|
@@ -3,7 +3,7 @@ const controller = require("../controllers/script")
|
|
|
3
3
|
const authorized = require("../../middleware/authorized")
|
|
4
4
|
const { BUILDER } = require("@budibase/backend-core/permissions")
|
|
5
5
|
|
|
6
|
-
const router = Router()
|
|
6
|
+
const router = new Router()
|
|
7
7
|
|
|
8
8
|
router.post("/api/script", authorized(BUILDER), controller.save)
|
|
9
9
|
|
package/src/api/routes/table.js
CHANGED
|
@@ -3,7 +3,7 @@ const controller = require("../controllers/templates")
|
|
|
3
3
|
const authorized = require("../../middleware/authorized")
|
|
4
4
|
const { BUILDER } = require("@budibase/backend-core/permissions")
|
|
5
5
|
|
|
6
|
-
const router = Router()
|
|
6
|
+
const router = new Router()
|
|
7
7
|
|
|
8
8
|
router
|
|
9
9
|
.get("/api/templates", authorized(BUILDER), controller.fetch)
|
package/src/api/routes/user.js
CHANGED
package/src/api/routes/view.js
CHANGED
|
@@ -4,7 +4,7 @@ const authorized = require("../../middleware/authorized")
|
|
|
4
4
|
const { BUILDER } = require("@budibase/backend-core/permissions")
|
|
5
5
|
const { webhookValidator } = require("./utils/validators")
|
|
6
6
|
|
|
7
|
-
const router = Router()
|
|
7
|
+
const router = new Router()
|
|
8
8
|
|
|
9
9
|
router
|
|
10
10
|
.get("/api/webhooks", authorized(BUILDER), controller.fetch)
|
|
@@ -21,6 +21,14 @@ exports.definition = {
|
|
|
21
21
|
type: "string",
|
|
22
22
|
title: "Send From",
|
|
23
23
|
},
|
|
24
|
+
cc: {
|
|
25
|
+
type: "string",
|
|
26
|
+
title: "CC",
|
|
27
|
+
},
|
|
28
|
+
bcc: {
|
|
29
|
+
type: "string",
|
|
30
|
+
title: "BCC",
|
|
31
|
+
},
|
|
24
32
|
subject: {
|
|
25
33
|
type: "string",
|
|
26
34
|
title: "Email Subject",
|
|
@@ -49,13 +57,21 @@ exports.definition = {
|
|
|
49
57
|
}
|
|
50
58
|
|
|
51
59
|
exports.run = async function ({ inputs }) {
|
|
52
|
-
let { to, from, subject, contents } = inputs
|
|
60
|
+
let { to, from, subject, contents, cc, bcc } = inputs
|
|
53
61
|
if (!contents) {
|
|
54
62
|
contents = "<h1>No content</h1>"
|
|
55
63
|
}
|
|
56
64
|
to = to || undefined
|
|
57
65
|
try {
|
|
58
|
-
let response = await sendSmtpEmail(
|
|
66
|
+
let response = await sendSmtpEmail(
|
|
67
|
+
to,
|
|
68
|
+
from,
|
|
69
|
+
subject,
|
|
70
|
+
contents,
|
|
71
|
+
cc,
|
|
72
|
+
bcc,
|
|
73
|
+
true
|
|
74
|
+
)
|
|
59
75
|
return {
|
|
60
76
|
success: true,
|
|
61
77
|
response,
|
|
@@ -52,9 +52,9 @@ const checkAuthorizedResource = async (
|
|
|
52
52
|
) => {
|
|
53
53
|
// get the user's roles
|
|
54
54
|
const roleId = ctx.roleId || BUILTIN_ROLE_IDS.PUBLIC
|
|
55
|
-
const userRoles = await getUserRoleHierarchy(roleId, {
|
|
55
|
+
const userRoles = (await getUserRoleHierarchy(roleId, {
|
|
56
56
|
idOnly: false,
|
|
57
|
-
})
|
|
57
|
+
})) as { _id: string }[]
|
|
58
58
|
const permError = "User does not have permission"
|
|
59
59
|
// check if the user has the required role
|
|
60
60
|
if (resourceRoles.length > 0) {
|
package/src/utilities/global.js
CHANGED
|
@@ -43,9 +43,10 @@ exports.updateAppRole = (user, { appId } = {}) => {
|
|
|
43
43
|
}
|
|
44
44
|
|
|
45
45
|
async function checkGroupRoles(user, { appId } = {}) {
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
46
|
+
if (user.roleId && user.roleId !== BUILTIN_ROLE_IDS.PUBLIC) {
|
|
47
|
+
return user
|
|
48
|
+
}
|
|
49
|
+
user.roleId = await groups.getGroupRoleId(user, appId)
|
|
49
50
|
return user
|
|
50
51
|
}
|
|
51
52
|
|
|
@@ -74,8 +75,9 @@ exports.getRawGlobalUser = async userId => {
|
|
|
74
75
|
}
|
|
75
76
|
|
|
76
77
|
exports.getGlobalUser = async userId => {
|
|
78
|
+
const appId = getAppId()
|
|
77
79
|
let user = await exports.getRawGlobalUser(userId)
|
|
78
|
-
return processUser(user)
|
|
80
|
+
return processUser(user, { appId })
|
|
79
81
|
}
|
|
80
82
|
|
|
81
83
|
exports.getGlobalUsers = async (users = null) => {
|
package/src/utilities/users.js
CHANGED
|
@@ -2,10 +2,11 @@ const { InternalTables } = require("../db/utils")
|
|
|
2
2
|
const { getGlobalUser } = require("../utilities/global")
|
|
3
3
|
const { getAppDB } = require("@budibase/backend-core/context")
|
|
4
4
|
const { getProdAppID } = require("@budibase/backend-core/db")
|
|
5
|
+
const { BUILTIN_ROLE_IDS } = require("@budibase/backend-core/roles")
|
|
5
6
|
|
|
6
7
|
exports.getFullUser = async (ctx, userId) => {
|
|
7
8
|
const global = await getGlobalUser(userId)
|
|
8
|
-
let metadata
|
|
9
|
+
let metadata = {}
|
|
9
10
|
try {
|
|
10
11
|
// this will throw an error if the db doesn't exist, or there is no appId
|
|
11
12
|
const db = getAppDB()
|
|
@@ -15,9 +16,11 @@ exports.getFullUser = async (ctx, userId) => {
|
|
|
15
16
|
delete global._id
|
|
16
17
|
delete global._rev
|
|
17
18
|
}
|
|
19
|
+
delete metadata.csrfToken
|
|
18
20
|
return {
|
|
19
|
-
...global,
|
|
20
21
|
...metadata,
|
|
22
|
+
...global,
|
|
23
|
+
roleId: global.roleId || BUILTIN_ROLE_IDS.PUBLIC,
|
|
21
24
|
tableId: InternalTables.USER_METADATA,
|
|
22
25
|
// make sure the ID is always a local ID, not a global one
|
|
23
26
|
_id: userId,
|
|
@@ -54,7 +54,15 @@ async function checkResponse(response, errorMsg, { ctx } = {}) {
|
|
|
54
54
|
exports.request = request
|
|
55
55
|
|
|
56
56
|
// have to pass in the tenant ID as this could be coming from an automation
|
|
57
|
-
exports.sendSmtpEmail = async (
|
|
57
|
+
exports.sendSmtpEmail = async (
|
|
58
|
+
to,
|
|
59
|
+
from,
|
|
60
|
+
subject,
|
|
61
|
+
contents,
|
|
62
|
+
cc,
|
|
63
|
+
bcc,
|
|
64
|
+
automation
|
|
65
|
+
) => {
|
|
58
66
|
// tenant ID will be set in header
|
|
59
67
|
const response = await fetch(
|
|
60
68
|
checkSlashesInUrl(env.WORKER_URL + `/api/global/email/send`),
|
|
@@ -65,6 +73,8 @@ exports.sendSmtpEmail = async (to, from, subject, contents, automation) => {
|
|
|
65
73
|
from,
|
|
66
74
|
contents,
|
|
67
75
|
subject,
|
|
76
|
+
cc,
|
|
77
|
+
bcc,
|
|
68
78
|
purpose: "custom",
|
|
69
79
|
automation,
|
|
70
80
|
},
|