@budibase/server 1.4.8-alpha.7 → 1.4.8-alpha.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (224) hide show
  1. package/builder/assets/{index.ba07aa78.js → index.28a1c01f.js} +312 -308
  2. package/builder/assets/index.fd3654ad.css +6 -0
  3. package/builder/index.html +2 -2
  4. package/coverage/clover.xml +138 -176
  5. package/coverage/coverage-final.json +32 -34
  6. package/coverage/lcov-report/api/controllers/apikeys.js.html +1 -1
  7. package/coverage/lcov-report/api/controllers/automation.js.html +1 -1
  8. package/coverage/lcov-report/api/controllers/backup.js.html +1 -1
  9. package/coverage/lcov-report/api/controllers/cloud.js.html +1 -1
  10. package/coverage/lcov-report/api/controllers/datasource.js.html +1 -1
  11. package/coverage/lcov-report/api/controllers/dev.js.html +1 -1
  12. package/coverage/lcov-report/api/controllers/index.html +9 -24
  13. package/coverage/lcov-report/api/controllers/integration.js.html +2 -2
  14. package/coverage/lcov-report/api/controllers/layout.js.html +1 -1
  15. package/coverage/lcov-report/api/controllers/metadata.js.html +1 -1
  16. package/coverage/lcov-report/api/controllers/migrations.js.html +1 -1
  17. package/coverage/lcov-report/api/controllers/permission.js.html +1 -1
  18. package/coverage/lcov-report/api/controllers/query/index.html +1 -1
  19. package/coverage/lcov-report/api/controllers/query/validation.js.html +1 -1
  20. package/coverage/lcov-report/api/controllers/role.js.html +1 -1
  21. package/coverage/lcov-report/api/controllers/routing.js.html +1 -1
  22. package/coverage/lcov-report/api/controllers/row/external.js.html +1 -1
  23. package/coverage/lcov-report/api/controllers/row/index.html +1 -1
  24. package/coverage/lcov-report/api/controllers/row/internal.js.html +1 -1
  25. package/coverage/lcov-report/api/controllers/row/internalSearch.js.html +1 -1
  26. package/coverage/lcov-report/api/controllers/row/staticFormula.js.html +1 -1
  27. package/coverage/lcov-report/api/controllers/row/utils.js.html +1 -1
  28. package/coverage/lcov-report/api/controllers/script.js.html +1 -1
  29. package/coverage/lcov-report/api/controllers/table/bulkFormula.js.html +1 -1
  30. package/coverage/lcov-report/api/controllers/table/external.js.html +1 -1
  31. package/coverage/lcov-report/api/controllers/table/index.html +1 -1
  32. package/coverage/lcov-report/api/controllers/table/index.js.html +1 -1
  33. package/coverage/lcov-report/api/controllers/templates.js.html +1 -1
  34. package/coverage/lcov-report/api/controllers/user.js.html +1 -1
  35. package/coverage/lcov-report/api/controllers/view/exporters.js.html +1 -1
  36. package/coverage/lcov-report/api/controllers/view/index.html +1 -1
  37. package/coverage/lcov-report/api/controllers/view/index.js.html +1 -1
  38. package/coverage/lcov-report/api/controllers/view/utils.js.html +1 -1
  39. package/coverage/lcov-report/api/controllers/view/viewBuilder.js.html +1 -1
  40. package/coverage/lcov-report/api/controllers/webhook.js.html +1 -1
  41. package/coverage/lcov-report/api/index.html +1 -1
  42. package/coverage/lcov-report/api/index.js.html +1 -1
  43. package/coverage/lcov-report/api/routes/analytics.js.html +2 -2
  44. package/coverage/lcov-report/api/routes/apikeys.js.html +2 -2
  45. package/coverage/lcov-report/api/routes/automation.js.html +2 -2
  46. package/coverage/lcov-report/api/routes/backup.js.html +2 -2
  47. package/coverage/lcov-report/api/routes/cloud.js.html +2 -2
  48. package/coverage/lcov-report/api/routes/component.js.html +2 -2
  49. package/coverage/lcov-report/api/routes/datasource.js.html +2 -2
  50. package/coverage/lcov-report/api/routes/deploy.js.html +2 -2
  51. package/coverage/lcov-report/api/routes/dev.js.html +2 -2
  52. package/coverage/lcov-report/api/routes/index.html +5 -20
  53. package/coverage/lcov-report/api/routes/integration.js.html +2 -2
  54. package/coverage/lcov-report/api/routes/layout.js.html +2 -2
  55. package/coverage/lcov-report/api/routes/metadata.js.html +2 -2
  56. package/coverage/lcov-report/api/routes/migrations.js.html +2 -2
  57. package/coverage/lcov-report/api/routes/permission.js.html +2 -2
  58. package/coverage/lcov-report/api/routes/query.js.html +2 -2
  59. package/coverage/lcov-report/api/routes/role.js.html +2 -2
  60. package/coverage/lcov-report/api/routes/routing.js.html +2 -2
  61. package/coverage/lcov-report/api/routes/screen.js.html +2 -2
  62. package/coverage/lcov-report/api/routes/script.js.html +2 -2
  63. package/coverage/lcov-report/api/routes/table.js.html +2 -2
  64. package/coverage/lcov-report/api/routes/templates.js.html +2 -2
  65. package/coverage/lcov-report/api/routes/user.js.html +2 -2
  66. package/coverage/lcov-report/api/routes/utils/index.html +1 -1
  67. package/coverage/lcov-report/api/routes/utils/validators.js.html +1 -1
  68. package/coverage/lcov-report/api/routes/view.js.html +2 -2
  69. package/coverage/lcov-report/api/routes/webhook.js.html +2 -2
  70. package/coverage/lcov-report/automations/actions.js.html +1 -1
  71. package/coverage/lcov-report/automations/automationUtils.js.html +1 -1
  72. package/coverage/lcov-report/automations/bullboard.js.html +1 -1
  73. package/coverage/lcov-report/automations/index.html +1 -1
  74. package/coverage/lcov-report/automations/index.js.html +1 -1
  75. package/coverage/lcov-report/automations/steps/bash.js.html +1 -1
  76. package/coverage/lcov-report/automations/steps/delay.js.html +1 -1
  77. package/coverage/lcov-report/automations/steps/discord.js.html +1 -1
  78. package/coverage/lcov-report/automations/steps/executeQuery.js.html +1 -1
  79. package/coverage/lcov-report/automations/steps/executeScript.js.html +1 -1
  80. package/coverage/lcov-report/automations/steps/filter.js.html +1 -1
  81. package/coverage/lcov-report/automations/steps/index.html +1 -1
  82. package/coverage/lcov-report/automations/steps/integromat.js.html +1 -1
  83. package/coverage/lcov-report/automations/steps/loop.js.html +1 -1
  84. package/coverage/lcov-report/automations/steps/outgoingWebhook.js.html +1 -1
  85. package/coverage/lcov-report/automations/steps/queryRows.js.html +1 -1
  86. package/coverage/lcov-report/automations/steps/sendSmtpEmail.js.html +52 -4
  87. package/coverage/lcov-report/automations/steps/serverLog.js.html +1 -1
  88. package/coverage/lcov-report/automations/steps/slack.js.html +1 -1
  89. package/coverage/lcov-report/automations/steps/updateRow.js.html +1 -1
  90. package/coverage/lcov-report/automations/steps/utils.js.html +1 -1
  91. package/coverage/lcov-report/automations/steps/zapier.js.html +1 -1
  92. package/coverage/lcov-report/automations/triggerInfo/app.js.html +1 -1
  93. package/coverage/lcov-report/automations/triggerInfo/cron.js.html +1 -1
  94. package/coverage/lcov-report/automations/triggerInfo/index.html +1 -1
  95. package/coverage/lcov-report/automations/triggerInfo/index.js.html +1 -1
  96. package/coverage/lcov-report/automations/triggerInfo/rowDeleted.js.html +1 -1
  97. package/coverage/lcov-report/automations/triggerInfo/rowSaved.js.html +1 -1
  98. package/coverage/lcov-report/automations/triggerInfo/rowUpdated.js.html +1 -1
  99. package/coverage/lcov-report/automations/triggerInfo/webhook.js.html +1 -1
  100. package/coverage/lcov-report/automations/triggers.js.html +1 -1
  101. package/coverage/lcov-report/constants/index.html +1 -1
  102. package/coverage/lcov-report/constants/index.js.html +1 -1
  103. package/coverage/lcov-report/constants/layouts.js.html +1 -1
  104. package/coverage/lcov-report/constants/screens.js.html +1 -1
  105. package/coverage/lcov-report/db/inMemoryView.js.html +1 -1
  106. package/coverage/lcov-report/db/index.html +1 -1
  107. package/coverage/lcov-report/db/index.js.html +1 -1
  108. package/coverage/lcov-report/db/linkedRows/LinkController.js.html +1 -1
  109. package/coverage/lcov-report/db/linkedRows/index.html +1 -1
  110. package/coverage/lcov-report/db/linkedRows/index.js.html +11 -11
  111. package/coverage/lcov-report/db/linkedRows/linkUtils.js.html +7 -7
  112. package/coverage/lcov-report/db/newid.js.html +1 -1
  113. package/coverage/lcov-report/db/utils.js.html +1 -1
  114. package/coverage/lcov-report/events/AutomationEmitter.js.html +1 -1
  115. package/coverage/lcov-report/events/index.html +1 -1
  116. package/coverage/lcov-report/events/index.js.html +1 -1
  117. package/coverage/lcov-report/events/utils.js.html +1 -1
  118. package/coverage/lcov-report/index.html +30 -30
  119. package/coverage/lcov-report/integrations/tests/TestConfiguration.js.html +1 -1
  120. package/coverage/lcov-report/integrations/tests/index.html +1 -1
  121. package/coverage/lcov-report/middleware/appInfo.js.html +1 -1
  122. package/coverage/lcov-report/middleware/builder.js.html +1 -1
  123. package/coverage/lcov-report/middleware/currentapp.js.html +1 -1
  124. package/coverage/lcov-report/middleware/index.html +1 -1
  125. package/coverage/lcov-report/middleware/joi-validator.js.html +1 -1
  126. package/coverage/lcov-report/middleware/publicApi.js.html +1 -1
  127. package/coverage/lcov-report/middleware/resourceId.js.html +1 -1
  128. package/coverage/lcov-report/middleware/selfhost.js.html +1 -1
  129. package/coverage/lcov-report/middleware/utils.js.html +1 -1
  130. package/coverage/lcov-report/utilities/budibaseDir.js.html +1 -1
  131. package/coverage/lcov-report/utilities/centralPath.js.html +1 -1
  132. package/coverage/lcov-report/utilities/csvParser.js.html +1 -1
  133. package/coverage/lcov-report/utilities/global.js.html +19 -13
  134. package/coverage/lcov-report/utilities/index.html +24 -24
  135. package/coverage/lcov-report/utilities/index.js.html +1 -1
  136. package/coverage/lcov-report/utilities/queue/inMemoryQueue.js.html +1 -1
  137. package/coverage/lcov-report/utilities/queue/index.html +1 -1
  138. package/coverage/lcov-report/utilities/routing/index.html +1 -1
  139. package/coverage/lcov-report/utilities/routing/index.js.html +1 -1
  140. package/coverage/lcov-report/utilities/rowProcessor/index.html +1 -1
  141. package/coverage/lcov-report/utilities/rowProcessor/index.js.html +12 -12
  142. package/coverage/lcov-report/utilities/rowProcessor/utils.js.html +8 -8
  143. package/coverage/lcov-report/utilities/scriptRunner.js.html +1 -1
  144. package/coverage/lcov-report/utilities/security.js.html +1 -1
  145. package/coverage/lcov-report/utilities/statusCodes.js.html +1 -1
  146. package/coverage/lcov-report/utilities/usageQuota/index.html +1 -1
  147. package/coverage/lcov-report/utilities/usageQuota/rows.js.html +1 -1
  148. package/coverage/lcov-report/utilities/usageQuota/usageQuoteReset.js.html +1 -1
  149. package/coverage/lcov-report/utilities/users.js.html +21 -12
  150. package/coverage/lcov-report/utilities/workerRequests.js.html +33 -3
  151. package/coverage/lcov.info +212 -270
  152. package/dist/api/controllers/application.js +2 -0
  153. package/dist/api/controllers/auth.js +58 -49
  154. package/dist/api/controllers/integration.js +1 -1
  155. package/dist/api/routes/analytics.js +1 -1
  156. package/dist/api/routes/apikeys.js +1 -1
  157. package/dist/api/routes/auth.js +31 -4
  158. package/dist/api/routes/automation.js +1 -1
  159. package/dist/api/routes/backup.js +1 -1
  160. package/dist/api/routes/cloud.js +1 -1
  161. package/dist/api/routes/component.js +1 -1
  162. package/dist/api/routes/datasource.js +1 -1
  163. package/dist/api/routes/deploy.js +1 -1
  164. package/dist/api/routes/dev.js +1 -1
  165. package/dist/api/routes/integration.js +1 -1
  166. package/dist/api/routes/layout.js +1 -1
  167. package/dist/api/routes/metadata.js +1 -1
  168. package/dist/api/routes/migrations.js +1 -1
  169. package/dist/api/routes/permission.js +1 -1
  170. package/dist/api/routes/query.js +1 -1
  171. package/dist/api/routes/role.js +1 -1
  172. package/dist/api/routes/routing.js +1 -1
  173. package/dist/api/routes/screen.js +1 -1
  174. package/dist/api/routes/script.js +1 -1
  175. package/dist/api/routes/table.js +1 -1
  176. package/dist/api/routes/templates.js +1 -1
  177. package/dist/api/routes/user.js +1 -1
  178. package/dist/api/routes/view.js +1 -1
  179. package/dist/api/routes/webhook.js +1 -1
  180. package/dist/automations/steps/sendSmtpEmail.js +10 -2
  181. package/dist/middleware/authorized.js +2 -2
  182. package/dist/package.json +6 -6
  183. package/dist/tsconfig.build.tsbuildinfo +1 -1
  184. package/dist/utilities/global.js +6 -3
  185. package/dist/utilities/users.js +4 -2
  186. package/dist/utilities/workerRequests.js +3 -1
  187. package/package.json +7 -7
  188. package/src/api/controllers/application.ts +3 -7
  189. package/src/api/controllers/{auth.js → auth.ts} +20 -18
  190. package/src/api/controllers/integration.js +1 -1
  191. package/src/api/routes/analytics.js +1 -1
  192. package/src/api/routes/apikeys.js +1 -1
  193. package/src/api/routes/auth.ts +8 -0
  194. package/src/api/routes/automation.js +1 -1
  195. package/src/api/routes/backup.js +1 -1
  196. package/src/api/routes/cloud.js +1 -1
  197. package/src/api/routes/component.js +1 -1
  198. package/src/api/routes/datasource.js +1 -1
  199. package/src/api/routes/deploy.js +1 -1
  200. package/src/api/routes/dev.js +1 -1
  201. package/src/api/routes/integration.js +1 -1
  202. package/src/api/routes/layout.js +1 -1
  203. package/src/api/routes/metadata.js +1 -1
  204. package/src/api/routes/migrations.js +1 -1
  205. package/src/api/routes/permission.js +1 -1
  206. package/src/api/routes/query.js +1 -1
  207. package/src/api/routes/role.js +1 -1
  208. package/src/api/routes/routing.js +1 -1
  209. package/src/api/routes/screen.js +1 -1
  210. package/src/api/routes/script.js +1 -1
  211. package/src/api/routes/table.js +1 -1
  212. package/src/api/routes/templates.js +1 -1
  213. package/src/api/routes/user.js +1 -1
  214. package/src/api/routes/view.js +1 -1
  215. package/src/api/routes/webhook.js +1 -1
  216. package/src/automations/steps/sendSmtpEmail.js +18 -2
  217. package/src/middleware/authorized.ts +2 -2
  218. package/src/utilities/global.js +6 -4
  219. package/src/utilities/users.js +5 -2
  220. package/src/utilities/workerRequests.js +11 -1
  221. package/builder/assets/index.10b8a572.css +0 -6
  222. package/coverage/lcov-report/api/controllers/auth.js.html +0 -292
  223. package/coverage/lcov-report/api/routes/auth.js.html +0 -109
  224. package/src/api/routes/auth.js +0 -8
@@ -47,8 +47,10 @@ exports.updateAppRole = (user, { appId } = {}) => {
47
47
  };
48
48
  function checkGroupRoles(user, { appId } = {}) {
49
49
  return __awaiter(this, void 0, void 0, function* () {
50
- let roleId = yield groups.getGroupRoleId(user, appId);
51
- user.roleId = roleId;
50
+ if (user.roleId && user.roleId !== BUILTIN_ROLE_IDS.PUBLIC) {
51
+ return user;
52
+ }
53
+ user.roleId = yield groups.getGroupRoleId(user, appId);
52
54
  return user;
53
55
  });
54
56
  }
@@ -76,8 +78,9 @@ exports.getRawGlobalUser = (userId) => __awaiter(void 0, void 0, void 0, functio
76
78
  return db.get(getGlobalIDFromUserMetadataID(userId));
77
79
  });
78
80
  exports.getGlobalUser = (userId) => __awaiter(void 0, void 0, void 0, function* () {
81
+ const appId = getAppId();
79
82
  let user = yield exports.getRawGlobalUser(userId);
80
- return processUser(user);
83
+ return processUser(user, { appId });
81
84
  });
82
85
  exports.getGlobalUsers = (users = null) => __awaiter(void 0, void 0, void 0, function* () {
83
86
  const appId = getAppId();
@@ -12,9 +12,10 @@ const { InternalTables } = require("../db/utils");
12
12
  const { getGlobalUser } = require("../utilities/global");
13
13
  const { getAppDB } = require("@budibase/backend-core/context");
14
14
  const { getProdAppID } = require("@budibase/backend-core/db");
15
+ const { BUILTIN_ROLE_IDS } = require("@budibase/backend-core/roles");
15
16
  exports.getFullUser = (ctx, userId) => __awaiter(void 0, void 0, void 0, function* () {
16
17
  const global = yield getGlobalUser(userId);
17
- let metadata;
18
+ let metadata = {};
18
19
  try {
19
20
  // this will throw an error if the db doesn't exist, or there is no appId
20
21
  const db = getAppDB();
@@ -25,7 +26,8 @@ exports.getFullUser = (ctx, userId) => __awaiter(void 0, void 0, void 0, functio
25
26
  delete global._id;
26
27
  delete global._rev;
27
28
  }
28
- return Object.assign(Object.assign(Object.assign({}, global), metadata), { tableId: InternalTables.USER_METADATA,
29
+ delete metadata.csrfToken;
30
+ return Object.assign(Object.assign(Object.assign({}, metadata), global), { roleId: global.roleId || BUILTIN_ROLE_IDS.PUBLIC, tableId: InternalTables.USER_METADATA,
29
31
  // make sure the ID is always a local ID, not a global one
30
32
  _id: userId });
31
33
  });
@@ -63,7 +63,7 @@ function checkResponse(response, errorMsg, { ctx } = {}) {
63
63
  }
64
64
  exports.request = request;
65
65
  // have to pass in the tenant ID as this could be coming from an automation
66
- exports.sendSmtpEmail = (to, from, subject, contents, automation) => __awaiter(void 0, void 0, void 0, function* () {
66
+ exports.sendSmtpEmail = (to, from, subject, contents, cc, bcc, automation) => __awaiter(void 0, void 0, void 0, function* () {
67
67
  // tenant ID will be set in header
68
68
  const response = yield fetch(checkSlashesInUrl(env.WORKER_URL + `/api/global/email/send`), request(null, {
69
69
  method: "POST",
@@ -72,6 +72,8 @@ exports.sendSmtpEmail = (to, from, subject, contents, automation) => __awaiter(v
72
72
  from,
73
73
  contents,
74
74
  subject,
75
+ cc,
76
+ bcc,
75
77
  purpose: "custom",
76
78
  automation,
77
79
  },
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "@budibase/server",
3
3
  "email": "hi@budibase.com",
4
- "version": "1.4.8-alpha.7",
4
+ "version": "1.4.8-alpha.9",
5
5
  "description": "Budibase Web Server",
6
6
  "main": "src/index.ts",
7
7
  "repository": {
@@ -77,11 +77,11 @@
77
77
  "license": "GPL-3.0",
78
78
  "dependencies": {
79
79
  "@apidevtools/swagger-parser": "10.0.3",
80
- "@budibase/backend-core": "1.4.8-alpha.7",
81
- "@budibase/client": "1.4.8-alpha.7",
82
- "@budibase/pro": "1.4.8-alpha.6",
83
- "@budibase/string-templates": "1.4.8-alpha.7",
84
- "@budibase/types": "1.4.8-alpha.7",
80
+ "@budibase/backend-core": "1.4.8-alpha.9",
81
+ "@budibase/client": "1.4.8-alpha.9",
82
+ "@budibase/pro": "1.4.8-alpha.8",
83
+ "@budibase/string-templates": "1.4.8-alpha.9",
84
+ "@budibase/types": "1.4.8-alpha.9",
85
85
  "@bull-board/api": "3.7.0",
86
86
  "@bull-board/koa": "3.9.4",
87
87
  "@elastic/elasticsearch": "7.10.0",
@@ -199,5 +199,5 @@
199
199
  "optionalDependencies": {
200
200
  "oracledb": "5.3.0"
201
201
  },
202
- "gitHead": "c75ff1cd4a6576cdefad15a75588edfc6201ee1b"
202
+ "gitHead": "cef27c68ef3d7606b266629904a1a1b4bf877246"
203
203
  }
@@ -47,14 +47,9 @@ import { checkAppMetadata } from "../../automations/logging"
47
47
  import { getUniqueRows } from "../../utilities/usageQuota/rows"
48
48
  import { quotas } from "@budibase/pro"
49
49
  import { errors, events, migrations } from "@budibase/backend-core"
50
- import {
51
- App,
52
- Layout,
53
- Screen,
54
- MigrationType,
55
- AppNavigation,
56
- } from "@budibase/types"
50
+ import { App, Layout, Screen, MigrationType } from "@budibase/types"
57
51
  import { BASE_LAYOUT_PROP_IDS } from "../../constants/layouts"
52
+ import { groups } from "@budibase/pro"
58
53
 
59
54
  const URL_REGEX_SLASH = /\/|\\/g
60
55
 
@@ -501,6 +496,7 @@ const preDestroyApp = async (ctx: any) => {
501
496
 
502
497
  const postDestroyApp = async (ctx: any) => {
503
498
  const rowCount = ctx.rowCount
499
+ await groups.cleanupApp(ctx.params.appId)
504
500
  if (rowCount) {
505
501
  await quotas.removeRows(rowCount)
506
502
  }
@@ -1,19 +1,21 @@
1
- const { outputProcessing } = require("../../utilities/rowProcessor")
2
- const { InternalTables } = require("../../db/utils")
3
- const { getFullUser } = require("../../utilities/users")
4
- const { BUILTIN_ROLE_IDS } = require("@budibase/backend-core/roles")
5
- const { getAppDB, getAppId } = require("@budibase/backend-core/context")
1
+ import { outputProcessing } from "../../utilities/rowProcessor"
2
+ import { InternalTables } from "../../db/utils"
3
+ import { getFullUser } from "../../utilities/users"
4
+ import { roles, context } from "@budibase/backend-core"
5
+ import { groups } from "@budibase/pro"
6
+
7
+ const PUBLIC_ROLE = roles.BUILTIN_ROLE_IDS.PUBLIC
6
8
 
7
9
  /**
8
10
  * Add the attributes that are session based to the current user.
9
11
  */
10
- const addSessionAttributesToUser = ctx => {
12
+ const addSessionAttributesToUser = (ctx: any) => {
11
13
  if (ctx.user) {
12
14
  ctx.body.license = ctx.user.license
13
15
  }
14
16
  }
15
17
 
16
- exports.fetchSelf = async ctx => {
18
+ export async function fetchSelf(ctx: any) {
17
19
  let userId = ctx.user.userId || ctx.user._id
18
20
  /* istanbul ignore next */
19
21
  if (!userId || !ctx.isAuthenticated) {
@@ -21,30 +23,30 @@ exports.fetchSelf = async ctx => {
21
23
  return
22
24
  }
23
25
 
26
+ const appId = context.getAppId()
24
27
  const user = await getFullUser(ctx, userId)
25
28
  // this shouldn't be returned by the app self
26
29
  delete user.roles
27
30
  // forward the csrf token from the session
28
31
  user.csrfToken = ctx.user.csrfToken
29
32
 
30
- if (getAppId()) {
31
- const db = getAppDB()
33
+ if (appId) {
34
+ const db = context.getAppDB()
35
+ // check for group permissions
36
+ if (!user.roleId || user.roleId === PUBLIC_ROLE) {
37
+ const groupRoleId = await groups.getGroupRoleId(user, appId)
38
+ user.roleId = groupRoleId || user.roleId
39
+ }
32
40
  // remove the full roles structure
33
41
  delete user.roles
34
42
  try {
35
43
  const userTable = await db.get(InternalTables.USER_METADATA)
36
- const metadata = await db.get(userId)
37
- // make sure there is never a stale csrf token
38
- delete metadata.csrfToken
39
44
  // specifically needs to make sure is enriched
40
- ctx.body = await outputProcessing(userTable, {
41
- ...user,
42
- ...metadata,
43
- })
44
- } catch (err) {
45
+ ctx.body = await outputProcessing(userTable, user)
46
+ } catch (err: any) {
45
47
  let response
46
48
  // user didn't exist in app, don't pretend they do
47
- if (user.roleId === BUILTIN_ROLE_IDS.PUBLIC) {
49
+ if (user.roleId === PUBLIC_ROLE) {
48
50
  response = {}
49
51
  }
50
52
  // user has a role of some sort, return them
@@ -8,7 +8,7 @@ exports.fetch = async function (ctx) {
8
8
  const defs = await getDefinitions()
9
9
 
10
10
  // for google sheets integration google verification
11
- if (featureFlags.isEnabled(featureFlags.FeatureFlag.GOOGLE_SHEETS)) {
11
+ if (featureFlags.isEnabled(featureFlags.TenantFeatureFlag.GOOGLE_SHEETS)) {
12
12
  defs[SourceName.GOOGLE_SHEETS] = googlesheets.schema
13
13
  }
14
14
 
@@ -1,7 +1,7 @@
1
1
  const Router = require("@koa/router")
2
2
  const controller = require("../controllers/analytics")
3
3
 
4
- const router = Router()
4
+ const router = new Router()
5
5
 
6
6
  router.get("/api/bbtel", controller.isEnabled)
7
7
  router.post("/api/bbtel/ping", controller.ping)
@@ -3,7 +3,7 @@ const controller = require("../controllers/apikeys")
3
3
  const authorized = require("../../middleware/authorized")
4
4
  const { BUILDER } = require("@budibase/backend-core/permissions")
5
5
 
6
- const router = Router()
6
+ const router = new Router()
7
7
 
8
8
  router
9
9
  .get("/api/keys", authorized(BUILDER), controller.fetch)
@@ -0,0 +1,8 @@
1
+ import Router from "@koa/router"
2
+ import * as controller from "../controllers/auth"
3
+
4
+ const router = new Router()
5
+
6
+ router.get("/api/self", controller.fetchSelf)
7
+
8
+ export default router
@@ -13,7 +13,7 @@ const {
13
13
  } = require("../../middleware/appInfo")
14
14
  const { automationValidator } = require("./utils/validators")
15
15
 
16
- const router = Router()
16
+ const router = new Router()
17
17
 
18
18
  router
19
19
  .get(
@@ -3,7 +3,7 @@ const controller = require("../controllers/backup")
3
3
  const authorized = require("../../middleware/authorized")
4
4
  const { BUILDER } = require("@budibase/backend-core/permissions")
5
5
 
6
- const router = Router()
6
+ const router = new Router()
7
7
 
8
8
  router.get("/api/backups/export", authorized(BUILDER), controller.exportAppDump)
9
9
 
@@ -3,7 +3,7 @@ const controller = require("../controllers/cloud")
3
3
  const authorized = require("../../middleware/authorized")
4
4
  const { BUILDER } = require("@budibase/backend-core/permissions")
5
5
 
6
- const router = Router()
6
+ const router = new Router()
7
7
 
8
8
  router
9
9
  .get("/api/cloud/export", authorized(BUILDER), controller.exportApps)
@@ -3,7 +3,7 @@ const controller = require("../controllers/component")
3
3
  const authorized = require("../../middleware/authorized")
4
4
  const { BUILDER } = require("@budibase/backend-core/permissions")
5
5
 
6
- const router = Router()
6
+ const router = new Router()
7
7
 
8
8
  router.get(
9
9
  "/api/:appId/components/definitions",
@@ -11,7 +11,7 @@ const {
11
11
  datasourceQueryValidator,
12
12
  } = require("./utils/validators")
13
13
 
14
- const router = Router()
14
+ const router = new Router()
15
15
 
16
16
  router
17
17
  .get("/api/datasources", authorized(BUILDER), datasourceController.fetch)
@@ -3,7 +3,7 @@ const controller = require("../controllers/deploy")
3
3
  const authorized = require("../../middleware/authorized")
4
4
  const { BUILDER } = require("@budibase/backend-core/permissions")
5
5
 
6
- const router = Router()
6
+ const router = new Router()
7
7
 
8
8
  router
9
9
  .get("/api/deployments", authorized(BUILDER), controller.fetchDeployments)
@@ -4,7 +4,7 @@ const env = require("../../environment")
4
4
  const authorized = require("../../middleware/authorized")
5
5
  const { BUILDER } = require("@budibase/backend-core/permissions")
6
6
 
7
- const router = Router()
7
+ const router = new Router()
8
8
 
9
9
  function redirectPath(path) {
10
10
  router
@@ -3,7 +3,7 @@ const controller = require("../controllers/integration")
3
3
  const authorized = require("../../middleware/authorized")
4
4
  const { BUILDER } = require("@budibase/backend-core/permissions")
5
5
 
6
- const router = Router()
6
+ const router = new Router()
7
7
 
8
8
  router
9
9
  .get("/api/integrations", authorized(BUILDER), controller.fetch)
@@ -3,7 +3,7 @@ const authorized = require("../../middleware/authorized")
3
3
  const { BUILDER } = require("@budibase/backend-core/permissions")
4
4
  const controller = require("../controllers/layout")
5
5
 
6
- const router = Router()
6
+ const router = new Router()
7
7
 
8
8
  router
9
9
  .post("/api/layouts", authorized(BUILDER), controller.save)
@@ -7,7 +7,7 @@ const {
7
7
  const authorized = require("../../middleware/authorized")
8
8
  const { BUILDER } = require("@budibase/backend-core/permissions")
9
9
 
10
- const router = Router()
10
+ const router = new Router()
11
11
 
12
12
  router
13
13
  .post(
@@ -1,6 +1,6 @@
1
1
  const Router = require("@koa/router")
2
2
  const migrationsController = require("../controllers/migrations")
3
- const router = Router()
3
+ const router = new Router()
4
4
  const { internalApi } = require("@budibase/backend-core/auth")
5
5
 
6
6
  router
@@ -4,7 +4,7 @@ const authorized = require("../../middleware/authorized")
4
4
  const { BUILDER } = require("@budibase/backend-core/permissions")
5
5
  const { permissionValidator } = require("./utils/validators")
6
6
 
7
- const router = Router()
7
+ const router = new Router()
8
8
 
9
9
  router
10
10
  .get("/api/permission/builtin", authorized(BUILDER), controller.fetchBuiltin)
@@ -16,7 +16,7 @@ const {
16
16
  generateQueryValidation,
17
17
  } = require("../controllers/query/validation")
18
18
 
19
- const router = Router()
19
+ const router = new Router()
20
20
 
21
21
  router
22
22
  .get("/api/queries", authorized(BUILDER), queryController.fetch)
@@ -4,7 +4,7 @@ const authorized = require("../../middleware/authorized")
4
4
  const { BUILDER } = require("@budibase/backend-core/permissions")
5
5
  const { roleValidator } = require("./utils/validators")
6
6
 
7
- const router = Router()
7
+ const router = new Router()
8
8
 
9
9
  router
10
10
  .post("/api/roles", authorized(BUILDER), roleValidator(), controller.save)
@@ -3,7 +3,7 @@ const authorized = require("../../middleware/authorized")
3
3
  const { BUILDER } = require("@budibase/backend-core/permissions")
4
4
  const controller = require("../controllers/routing")
5
5
 
6
- const router = Router()
6
+ const router = new Router()
7
7
 
8
8
  router
9
9
  // gets correct structure for user role
@@ -4,7 +4,7 @@ const authorized = require("../../middleware/authorized")
4
4
  const { BUILDER } = require("@budibase/backend-core/permissions")
5
5
  const { screenValidator } = require("./utils/validators")
6
6
 
7
- const router = Router()
7
+ const router = new Router()
8
8
 
9
9
  router
10
10
  .get("/api/screens", authorized(BUILDER), controller.fetch)
@@ -3,7 +3,7 @@ const controller = require("../controllers/script")
3
3
  const authorized = require("../../middleware/authorized")
4
4
  const { BUILDER } = require("@budibase/backend-core/permissions")
5
5
 
6
- const router = Router()
6
+ const router = new Router()
7
7
 
8
8
  router.post("/api/script", authorized(BUILDER), controller.save)
9
9
 
@@ -9,7 +9,7 @@ const {
9
9
  } = require("@budibase/backend-core/permissions")
10
10
  const { tableValidator } = require("./utils/validators")
11
11
 
12
- const router = Router()
12
+ const router = new Router()
13
13
 
14
14
  router
15
15
  /**
@@ -3,7 +3,7 @@ const controller = require("../controllers/templates")
3
3
  const authorized = require("../../middleware/authorized")
4
4
  const { BUILDER } = require("@budibase/backend-core/permissions")
5
5
 
6
- const router = Router()
6
+ const router = new Router()
7
7
 
8
8
  router
9
9
  .get("/api/templates", authorized(BUILDER), controller.fetch)
@@ -6,7 +6,7 @@ const {
6
6
  PermissionTypes,
7
7
  } = require("@budibase/backend-core/permissions")
8
8
 
9
- const router = Router()
9
+ const router = new Router()
10
10
 
11
11
  router
12
12
  .get(
@@ -9,7 +9,7 @@ const {
9
9
  PermissionLevels,
10
10
  } = require("@budibase/backend-core/permissions")
11
11
 
12
- const router = Router()
12
+ const router = new Router()
13
13
 
14
14
  router
15
15
  .get("/api/views/export", authorized(BUILDER), viewController.exportView)
@@ -4,7 +4,7 @@ const authorized = require("../../middleware/authorized")
4
4
  const { BUILDER } = require("@budibase/backend-core/permissions")
5
5
  const { webhookValidator } = require("./utils/validators")
6
6
 
7
- const router = Router()
7
+ const router = new Router()
8
8
 
9
9
  router
10
10
  .get("/api/webhooks", authorized(BUILDER), controller.fetch)
@@ -21,6 +21,14 @@ exports.definition = {
21
21
  type: "string",
22
22
  title: "Send From",
23
23
  },
24
+ cc: {
25
+ type: "string",
26
+ title: "CC",
27
+ },
28
+ bcc: {
29
+ type: "string",
30
+ title: "BCC",
31
+ },
24
32
  subject: {
25
33
  type: "string",
26
34
  title: "Email Subject",
@@ -49,13 +57,21 @@ exports.definition = {
49
57
  }
50
58
 
51
59
  exports.run = async function ({ inputs }) {
52
- let { to, from, subject, contents } = inputs
60
+ let { to, from, subject, contents, cc, bcc } = inputs
53
61
  if (!contents) {
54
62
  contents = "<h1>No content</h1>"
55
63
  }
56
64
  to = to || undefined
57
65
  try {
58
- let response = await sendSmtpEmail(to, from, subject, contents, true)
66
+ let response = await sendSmtpEmail(
67
+ to,
68
+ from,
69
+ subject,
70
+ contents,
71
+ cc,
72
+ bcc,
73
+ true
74
+ )
59
75
  return {
60
76
  success: true,
61
77
  response,
@@ -52,9 +52,9 @@ const checkAuthorizedResource = async (
52
52
  ) => {
53
53
  // get the user's roles
54
54
  const roleId = ctx.roleId || BUILTIN_ROLE_IDS.PUBLIC
55
- const userRoles = await getUserRoleHierarchy(roleId, {
55
+ const userRoles = (await getUserRoleHierarchy(roleId, {
56
56
  idOnly: false,
57
- })
57
+ })) as { _id: string }[]
58
58
  const permError = "User does not have permission"
59
59
  // check if the user has the required role
60
60
  if (resourceRoles.length > 0) {
@@ -43,9 +43,10 @@ exports.updateAppRole = (user, { appId } = {}) => {
43
43
  }
44
44
 
45
45
  async function checkGroupRoles(user, { appId } = {}) {
46
- let roleId = await groups.getGroupRoleId(user, appId)
47
- user.roleId = roleId
48
-
46
+ if (user.roleId && user.roleId !== BUILTIN_ROLE_IDS.PUBLIC) {
47
+ return user
48
+ }
49
+ user.roleId = await groups.getGroupRoleId(user, appId)
49
50
  return user
50
51
  }
51
52
 
@@ -74,8 +75,9 @@ exports.getRawGlobalUser = async userId => {
74
75
  }
75
76
 
76
77
  exports.getGlobalUser = async userId => {
78
+ const appId = getAppId()
77
79
  let user = await exports.getRawGlobalUser(userId)
78
- return processUser(user)
80
+ return processUser(user, { appId })
79
81
  }
80
82
 
81
83
  exports.getGlobalUsers = async (users = null) => {
@@ -2,10 +2,11 @@ const { InternalTables } = require("../db/utils")
2
2
  const { getGlobalUser } = require("../utilities/global")
3
3
  const { getAppDB } = require("@budibase/backend-core/context")
4
4
  const { getProdAppID } = require("@budibase/backend-core/db")
5
+ const { BUILTIN_ROLE_IDS } = require("@budibase/backend-core/roles")
5
6
 
6
7
  exports.getFullUser = async (ctx, userId) => {
7
8
  const global = await getGlobalUser(userId)
8
- let metadata
9
+ let metadata = {}
9
10
  try {
10
11
  // this will throw an error if the db doesn't exist, or there is no appId
11
12
  const db = getAppDB()
@@ -15,9 +16,11 @@ exports.getFullUser = async (ctx, userId) => {
15
16
  delete global._id
16
17
  delete global._rev
17
18
  }
19
+ delete metadata.csrfToken
18
20
  return {
19
- ...global,
20
21
  ...metadata,
22
+ ...global,
23
+ roleId: global.roleId || BUILTIN_ROLE_IDS.PUBLIC,
21
24
  tableId: InternalTables.USER_METADATA,
22
25
  // make sure the ID is always a local ID, not a global one
23
26
  _id: userId,
@@ -54,7 +54,15 @@ async function checkResponse(response, errorMsg, { ctx } = {}) {
54
54
  exports.request = request
55
55
 
56
56
  // have to pass in the tenant ID as this could be coming from an automation
57
- exports.sendSmtpEmail = async (to, from, subject, contents, automation) => {
57
+ exports.sendSmtpEmail = async (
58
+ to,
59
+ from,
60
+ subject,
61
+ contents,
62
+ cc,
63
+ bcc,
64
+ automation
65
+ ) => {
58
66
  // tenant ID will be set in header
59
67
  const response = await fetch(
60
68
  checkSlashesInUrl(env.WORKER_URL + `/api/global/email/send`),
@@ -65,6 +73,8 @@ exports.sendSmtpEmail = async (to, from, subject, contents, automation) => {
65
73
  from,
66
74
  contents,
67
75
  subject,
76
+ cc,
77
+ bcc,
68
78
  purpose: "custom",
69
79
  automation,
70
80
  },