@budibase/server 2.3.18-alpha.4 → 2.3.18-alpha.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "@budibase/server",
3
3
  "email": "hi@budibase.com",
4
- "version": "2.3.18-alpha.4",
4
+ "version": "2.3.18-alpha.6",
5
5
  "description": "Budibase Web Server",
6
6
  "main": "src/index.ts",
7
7
  "repository": {
@@ -43,11 +43,11 @@
43
43
  "license": "GPL-3.0",
44
44
  "dependencies": {
45
45
  "@apidevtools/swagger-parser": "10.0.3",
46
- "@budibase/backend-core": "2.3.18-alpha.4",
47
- "@budibase/client": "2.3.18-alpha.4",
48
- "@budibase/pro": "2.3.18-alpha.3",
49
- "@budibase/string-templates": "2.3.18-alpha.4",
50
- "@budibase/types": "2.3.18-alpha.4",
46
+ "@budibase/backend-core": "2.3.18-alpha.6",
47
+ "@budibase/client": "2.3.18-alpha.6",
48
+ "@budibase/pro": "2.3.18-alpha.5",
49
+ "@budibase/string-templates": "2.3.18-alpha.6",
50
+ "@budibase/types": "2.3.18-alpha.6",
51
51
  "@bull-board/api": "3.7.0",
52
52
  "@bull-board/koa": "3.9.4",
53
53
  "@elastic/elasticsearch": "7.10.0",
@@ -173,5 +173,5 @@
173
173
  "optionalDependencies": {
174
174
  "oracledb": "5.3.0"
175
175
  },
176
- "gitHead": "60cc87c306dffeb7f4fc5c390a4e26e6017863fd"
176
+ "gitHead": "fd87b260e1b621eb7f6eb4c2b85e919ed50f9963"
177
177
  }
@@ -79,10 +79,6 @@ export default (
79
79
  return ctx.throw(403, "No user info found")
80
80
  }
81
81
 
82
- // check general builder stuff, this middleware is a good way
83
- // to find API endpoints which are builder focused
84
- await builderMiddleware(ctx, permType)
85
-
86
82
  // get the resource roles
87
83
  let resourceRoles: any = []
88
84
  let otherLevelRoles: any = []
@@ -112,6 +108,12 @@ export default (
112
108
  return ctx.throw(403, "Session not authenticated")
113
109
  }
114
110
 
111
+ // check general builder stuff, this middleware is a good way
112
+ // to find API endpoints which are builder focused
113
+ if (permType === permissions.PermissionType.BUILDER) {
114
+ await builderMiddleware(ctx)
115
+ }
116
+
115
117
  try {
116
118
  // check authorized
117
119
  await checkAuthorized(ctx, resourceRoles, permType, permLevel)
@@ -64,13 +64,18 @@ async function updateAppUpdatedAt(ctx: BBContext) {
64
64
  })
65
65
  }
66
66
 
67
- export default async function builder(ctx: BBContext, permType: string) {
67
+ export default async function builder(ctx: BBContext) {
68
68
  const appId = ctx.appId
69
69
  // this only functions within an app context
70
70
  if (!appId) {
71
71
  return
72
72
  }
73
- const isBuilderApi = permType === permissions.PermissionType.BUILDER
73
+
74
+ // check authenticated
75
+ if (!ctx.isAuthenticated) {
76
+ return ctx.throw(403, "Session not authenticated")
77
+ }
78
+
74
79
  const referer = ctx.headers["referer"]
75
80
 
76
81
  const overviewPath = "/builder/portal/overview/"
@@ -82,7 +87,7 @@ export default async function builder(ctx: BBContext, permType: string) {
82
87
  const hasAppId = !referer ? false : referer.includes(appId)
83
88
  const editingApp = referer ? hasAppId : false
84
89
  // check this is a builder call and editing
85
- if (!isBuilderApi || !editingApp) {
90
+ if (!editingApp) {
86
91
  return
87
92
  }
88
93
  // check locks