@budibase/server 2.3.18-alpha.5 → 2.3.18-alpha.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -10,7 +10,7 @@
10
10
  href="https://fonts.googleapis.com/css2?family=Source+Sans+Pro:wght@400;600;700&display=swap"
11
11
  rel="stylesheet"
12
12
  />
13
- <script type="module" crossorigin src="/builder/assets/index.d7769c7f.js"></script>
13
+ <script type="module" crossorigin src="/builder/assets/index.a31b0467.js"></script>
14
14
  <link rel="stylesheet" href="/builder/assets/index.7e76c039.css">
15
15
  </head>
16
16
  <body id="app">
@@ -66,9 +66,6 @@ exports.default = (permType, permLevel = null, opts = { schema: false }) => (ctx
66
66
  if (!ctx.user) {
67
67
  return ctx.throw(403, "No user info found");
68
68
  }
69
- // check general builder stuff, this middleware is a good way
70
- // to find API endpoints which are builder focused
71
- yield (0, builder_1.default)(ctx, permType);
72
69
  // get the resource roles
73
70
  let resourceRoles = [];
74
71
  let otherLevelRoles = [];
@@ -92,6 +89,11 @@ exports.default = (permType, permLevel = null, opts = { schema: false }) => (ctx
92
89
  if (!ctx.isAuthenticated) {
93
90
  return ctx.throw(403, "Session not authenticated");
94
91
  }
92
+ // check general builder stuff, this middleware is a good way
93
+ // to find API endpoints which are builder focused
94
+ if (permType === backend_core_1.permissions.PermissionType.BUILDER) {
95
+ yield (0, builder_1.default)(ctx);
96
+ }
95
97
  try {
96
98
  // check authorized
97
99
  yield checkAuthorized(ctx, resourceRoles, permType, permLevel);
@@ -61,14 +61,17 @@ function updateAppUpdatedAt(ctx) {
61
61
  }));
62
62
  });
63
63
  }
64
- function builder(ctx, permType) {
64
+ function builder(ctx) {
65
65
  return __awaiter(this, void 0, void 0, function* () {
66
66
  const appId = ctx.appId;
67
67
  // this only functions within an app context
68
68
  if (!appId) {
69
69
  return;
70
70
  }
71
- const isBuilderApi = permType === backend_core_1.permissions.PermissionType.BUILDER;
71
+ // check authenticated
72
+ if (!ctx.isAuthenticated) {
73
+ return ctx.throw(403, "Session not authenticated");
74
+ }
72
75
  const referer = ctx.headers["referer"];
73
76
  const overviewPath = "/builder/portal/overview/";
74
77
  const overviewContext = !referer ? false : referer.includes(overviewPath);
@@ -78,7 +81,7 @@ function builder(ctx, permType) {
78
81
  const hasAppId = !referer ? false : referer.includes(appId);
79
82
  const editingApp = referer ? hasAppId : false;
80
83
  // check this is a builder call and editing
81
- if (!isBuilderApi || !editingApp) {
84
+ if (!editingApp) {
82
85
  return;
83
86
  }
84
87
  // check locks
package/dist/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "@budibase/server",
3
3
  "email": "hi@budibase.com",
4
- "version": "2.3.18-alpha.4",
4
+ "version": "2.3.18-alpha.5",
5
5
  "description": "Budibase Web Server",
6
6
  "main": "src/index.ts",
7
7
  "repository": {
@@ -43,11 +43,11 @@
43
43
  "license": "GPL-3.0",
44
44
  "dependencies": {
45
45
  "@apidevtools/swagger-parser": "10.0.3",
46
- "@budibase/backend-core": "2.3.18-alpha.4",
47
- "@budibase/client": "2.3.18-alpha.4",
48
- "@budibase/pro": "2.3.18-alpha.4",
49
- "@budibase/string-templates": "2.3.18-alpha.4",
50
- "@budibase/types": "2.3.18-alpha.4",
46
+ "@budibase/backend-core": "2.3.18-alpha.5",
47
+ "@budibase/client": "2.3.18-alpha.5",
48
+ "@budibase/pro": "2.3.18-alpha.5",
49
+ "@budibase/string-templates": "2.3.18-alpha.5",
50
+ "@budibase/types": "2.3.18-alpha.5",
51
51
  "@bull-board/api": "3.7.0",
52
52
  "@bull-board/koa": "3.9.4",
53
53
  "@elastic/elasticsearch": "7.10.0",