@budibase/server 2.5.6-alpha.1 → 2.5.6-alpha.2

package/dist/utilities/global.js

@@ -12,7 +12,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.getGlobalUsersFromMetadata = exports.getGlobalUsers = exports.getGlobalUser = exports.getRawGlobalUser = exports.getCachedSelf = exports.updateAppRole = void 0;
+exports.getGlobalUsersFromMetadata = exports.getGlobalUsers = exports.getGlobalUser = exports.getRawGlobalUser = exports.getCachedSelf = exports.processUser = exports.updateAppRole = void 0;
 const utils_1 = require("../db/utils");
 const backend_core_1 = require("@budibase/backend-core");
 const environment_1 = __importDefault(require("../environment"));
@@ -20,7 +20,7 @@ const pro_1 = require("@budibase/pro");
 function updateAppRole(user, { appId } = {}) {
     var _a;
     appId = appId || backend_core_1.context.getAppId();
-    if (!user || !user.roles) {
+    if (!user || (!user.roles && !user.userGroups)) {
         return user;
     }
     // if in an multi-tenancy environment make sure roles are never updated
@@ -31,7 +31,7 @@ function updateAppRole(user, { appId } = {}) {
         return user;
     }
     // always use the deployed app
-    if (appId) {
+    if (appId && user.roles) {
         user.roleId = user.roles[backend_core_1.db.getProdAppID(appId)];
     }
     // if a role wasn't found then either set as admin (builder) or public (everyone else)
@@ -76,6 +76,7 @@ function processUser(user, opts = {}) {
         return user;
     });
 }
+exports.processUser = processUser;
 function getCachedSelf(ctx, appId) {
     var _a;
     return __awaiter(this, void 0, void 0, function* () {
@@ -101,15 +102,13 @@ function getGlobalUser(userId) {
     });
 }
 exports.getGlobalUser = getGlobalUser;
-function getGlobalUsers(users) {
+function getGlobalUsers(userIds, opts) {
     return __awaiter(this, void 0, void 0, function* () {
         const appId = backend_core_1.context.getAppId();
         const db = backend_core_1.tenancy.getGlobalDB();
-        const allGroups = yield pro_1.groups.fetch();
         let globalUsers;
-        if (users) {
-            const globalIds = users.map(user => (0, utils_1.getGlobalIDFromUserMetadataID)(user._id));
-            globalUsers = (yield db.allDocs((0, utils_1.getMultiIDParams)(globalIds))).rows.map(row => row.doc);
+        if (userIds) {
+            globalUsers = (yield db.allDocs((0, utils_1.getMultiIDParams)(userIds))).rows.map(row => row.doc);
         }
         else {
             globalUsers = (yield db.allDocs(backend_core_1.db.getGlobalUserParams(null, {
@@ -126,15 +125,21 @@ function getGlobalUsers(users) {
         if (!appId) {
             return globalUsers;
         }
-        // pass in the groups, meaning we don't actually need to retrieve them for
-        // each user individually
-        return Promise.all(globalUsers.map(user => processUser(user, { groups: allGroups })));
+        if (opts === null || opts === void 0 ? void 0 : opts.noProcessing) {
+            return globalUsers;
+        }
+        else {
+            // pass in the groups, meaning we don't actually need to retrieve them for
+            // each user individually
+            const allGroups = yield pro_1.groups.fetch();
+            return Promise.all(globalUsers.map(user => processUser(user, { groups: allGroups })));
+        }
     });
 }
 exports.getGlobalUsers = getGlobalUsers;
 function getGlobalUsersFromMetadata(users) {
     return __awaiter(this, void 0, void 0, function* () {
-        const globalUsers = yield getGlobalUsers(users);
+        const globalUsers = yield getGlobalUsers(users.map(user => user._id));
         return users.map(user => {
             const globalUser = globalUsers.find(globalUser => { var _a; return globalUser && ((_a = user._id) === null || _a === void 0 ? void 0 : _a.includes(globalUser._id)); });
             return Object.assign(Object.assign({}, globalUser), user);

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@budibase/server",
   "email": "hi@budibase.com",
-  "version": "2.5.6-alpha.1",
+  "version": "2.5.6-alpha.2",
   "description": "Budibase Web Server",
   "main": "src/index.ts",
   "repository": {
@@ -45,12 +45,12 @@
   "license": "GPL-3.0",
   "dependencies": {
     "@apidevtools/swagger-parser": "10.0.3",
-    "@budibase/backend-core": "2.5.6-alpha.1",
-    "@budibase/client": "2.5.6-alpha.1",
-    "@budibase/pro": "2.5.5-alpha.4",
-    "@budibase/shared-core": "2.5.6-alpha.1",
-    "@budibase/string-templates": "2.5.6-alpha.1",
-    "@budibase/types": "2.5.6-alpha.1",
+    "@budibase/backend-core": "2.5.6-alpha.2",
+    "@budibase/client": "2.5.6-alpha.2",
+    "@budibase/pro": "2.5.6-alpha.1",
+    "@budibase/shared-core": "2.5.6-alpha.2",
+    "@budibase/string-templates": "2.5.6-alpha.2",
+    "@budibase/types": "2.5.6-alpha.2",
     "@bull-board/api": "3.7.0",
     "@bull-board/koa": "3.9.4",
     "@elastic/elasticsearch": "7.10.0",
@@ -175,5 +175,5 @@
   "optionalDependencies": {
     "oracledb": "5.3.0"
   },
-  "gitHead": "fdc38d656252b7b81508245e20ca65ef2739a363"
+  "gitHead": "af0bc0890fbe45ca786366c72a754c2202277a54"
 }

package/src/api/controllers/row/internal.ts

@@ -30,7 +30,6 @@ import { finaliseRow, updateRelatedFormula } from "./staticFormula"
 import { csv, json, jsonWithSchema, Format } from "../view/exporters"
 import { apiFileReturn } from "../../../utilities/fileSystem"
 import {
-  Ctx,
   UserCtx,
   Database,
   LinkDocumentValue,
@@ -72,7 +71,7 @@ async function getView(db: Database, viewName: string) {
   return viewInfo
 }
 
-async function getRawTableData(ctx: Ctx, db: Database, tableId: string) {
+async function getRawTableData(ctx: UserCtx, db: Database, tableId: string) {
   let rows
   if (tableId === InternalTables.USER_METADATA) {
     await userController.fetchMetadata(ctx)
@@ -188,7 +187,7 @@ export async function save(ctx: UserCtx) {
   })
 }
 
-export async function fetchView(ctx: Ctx) {
+export async function fetchView(ctx: UserCtx) {
   const viewName = decodeURIComponent(ctx.params.viewName)
 
   // if this is a table view being looked for just transfer to that
@@ -255,7 +254,7 @@ export async function fetchView(ctx: Ctx) {
   return rows
 }
 
-export async function fetch(ctx: Ctx) {
+export async function fetch(ctx: UserCtx) {
   const db = context.getAppDB()
 
   const tableId = ctx.params.tableId
@@ -264,7 +263,7 @@ export async function fetch(ctx: Ctx) {
   return outputProcessing(table, rows)
 }
 
-export async function find(ctx: Ctx) {
+export async function find(ctx: UserCtx) {
   const db = dbCore.getDB(ctx.appId)
   const table = await db.get(ctx.params.tableId)
   let row = await utils.findRow(ctx, ctx.params.tableId, ctx.params.rowId)
@@ -272,7 +271,7 @@ export async function find(ctx: Ctx) {
   return row
 }
 
-export async function destroy(ctx: Ctx) {
+export async function destroy(ctx: UserCtx) {
   const db = context.getAppDB()
   const { _id } = ctx.request.body
   let row = await db.get(_id)
@@ -308,7 +307,7 @@ export async function destroy(ctx: Ctx) {
   return { response, row }
 }
 
-export async function bulkDestroy(ctx: Ctx) {
+export async function bulkDestroy(ctx: UserCtx) {
   const db = context.getAppDB()
   const tableId = ctx.params.tableId
   const table = await db.get(tableId)
@@ -347,7 +346,7 @@ export async function bulkDestroy(ctx: Ctx) {
   return { response: { ok: true }, rows: processedRows }
 }
 
-export async function search(ctx: Ctx) {
+export async function search(ctx: UserCtx) {
   // Fetch the whole table when running in cypress, as search doesn't work
   if (!env.COUCH_DB_URL && env.isCypress()) {
     return { rows: await fetch(ctx) }
@@ -387,7 +386,7 @@ export async function search(ctx: Ctx) {
   return response
 }
 
-export async function exportRows(ctx: Ctx) {
+export async function exportRows(ctx: UserCtx) {
   const db = context.getAppDB()
   const table = await db.get(ctx.params.tableId)
   const rowIds = ctx.request.body.rows
@@ -439,7 +438,7 @@ export async function exportRows(ctx: Ctx) {
   }
 }
 
-export async function fetchEnrichedRow(ctx: Ctx) {
+export async function fetchEnrichedRow(ctx: UserCtx) {
   const db = context.getAppDB()
   const tableId = ctx.params.tableId
   const rowId = ctx.params.rowId

package/src/api/controllers/row/utils.ts

@@ -5,7 +5,7 @@ import { context } from "@budibase/backend-core"
 import { makeExternalQuery } from "../../../integrations/base/query"
 import { Row, Table } from "@budibase/types"
 import { Format } from "../view/exporters"
-import { Ctx } from "@budibase/types"
+import { UserCtx } from "@budibase/types"
 import sdk from "../../../sdk"
 const validateJs = require("validate.js")
 const { cloneDeep } = require("lodash/fp")
@@ -26,7 +26,7 @@ export async function getDatasourceAndQuery(json: any) {
   return makeExternalQuery(datasource, json)
 }
 
-export async function findRow(ctx: Ctx, tableId: string, rowId: string) {
+export async function findRow(ctx: UserCtx, tableId: string, rowId: string) {
   const db = context.getAppDB()
   let row
   // TODO remove special user case in future

package/src/api/controllers/user.ts

@@ -1,98 +1,12 @@
 import { generateUserMetadataID, generateUserFlagID } from "../../db/utils"
 import { InternalTables } from "../../db/utils"
-import { getGlobalUsers, getRawGlobalUser } from "../../utilities/global"
+import { getGlobalUsers } from "../../utilities/global"
 import { getFullUser } from "../../utilities/users"
-import {
-  context,
-  roles as rolesCore,
-  db as dbCore,
-} from "@budibase/backend-core"
-import { BBContext, Ctx, SyncUserRequest, User } from "@budibase/types"
+import { context } from "@budibase/backend-core"
+import { UserCtx } from "@budibase/types"
 import sdk from "../../sdk"
 
-export async function syncUser(ctx: Ctx<SyncUserRequest>) {
-  let deleting = false,
-    user: User | any
-  const userId = ctx.params.id
-
-  const previousUser = ctx.request.body?.previousUser
-
-  try {
-    user = (await getRawGlobalUser(userId)) as User
-  } catch (err: any) {
-    if (err && err.status === 404) {
-      user = {}
-      deleting = true
-    } else {
-      throw err
-    }
-  }
-
-  let previousApps = previousUser
-    ? Object.keys(previousUser.roles).map(appId => appId)
-    : []
-
-  const roles = deleting ? {} : user.roles
-  // remove props which aren't useful to metadata
-  delete user.password
-  delete user.forceResetPassword
-  delete user.roles
-  // run through all production appIDs in the users roles
-  let prodAppIds
-  // if they are a builder then get all production app IDs
-  if ((user.builder && user.builder.global) || deleting) {
-    prodAppIds = await dbCore.getProdAppIDs()
-  } else {
-    prodAppIds = Object.entries(roles)
-      .filter(entry => entry[1] !== rolesCore.BUILTIN_ROLE_IDS.PUBLIC)
-      .map(([appId]) => appId)
-  }
-  for (let prodAppId of new Set([...prodAppIds, ...previousApps])) {
-    const roleId = roles[prodAppId]
-    const deleteFromApp = !roleId
-    const devAppId = dbCore.getDevelopmentAppID(prodAppId)
-    for (let appId of [prodAppId, devAppId]) {
-      if (!(await dbCore.dbExists(appId))) {
-        continue
-      }
-      await context.doInAppContext(appId, async () => {
-        const db = context.getAppDB()
-        const metadataId = generateUserMetadataID(userId)
-        let metadata
-        try {
-          metadata = await db.get(metadataId)
-        } catch (err) {
-          if (deleteFromApp) {
-            return
-          }
-          metadata = {
-            tableId: InternalTables.USER_METADATA,
-          }
-        }
-
-        if (deleteFromApp) {
-          await db.remove(metadata)
-          return
-        }
-
-        // assign the roleId for the metadata doc
-        if (roleId) {
-          metadata.roleId = roleId
-        }
-        let combined = sdk.users.combineMetadataAndUser(user, metadata)
-        // if its null then there was no updates required
-        if (combined) {
-          await db.put(combined)
-        }
-      })
-    }
-  }
-  ctx.body = {
-    message: "User synced.",
-  }
-}
-
-export async function fetchMetadata(ctx: BBContext) {
+export async function fetchMetadata(ctx: UserCtx) {
   const global = await getGlobalUsers()
   const metadata = await sdk.users.rawUserMetadata()
   const users = []
@@ -111,7 +25,7 @@ export async function fetchMetadata(ctx: BBContext) {
   ctx.body = users
 }
 
-export async function updateSelfMetadata(ctx: BBContext) {
+export async function updateSelfMetadata(ctx: UserCtx) {
   // overwrite the ID with current users
   ctx.request.body._id = ctx.user?._id
   // make sure no stale rev
@@ -121,7 +35,7 @@ export async function updateSelfMetadata(ctx: BBContext) {
   await updateMetadata(ctx)
 }
 
-export async function updateMetadata(ctx: BBContext) {
+export async function updateMetadata(ctx: UserCtx) {
   const db = context.getAppDB()
   const user = ctx.request.body
   // this isn't applicable to the user
@@ -133,7 +47,7 @@ export async function updateMetadata(ctx: BBContext) {
   ctx.body = await db.put(metadata)
 }
 
-export async function destroyMetadata(ctx: BBContext) {
+export async function destroyMetadata(ctx: UserCtx) {
   const db = context.getAppDB()
   try {
     const dbUser = await db.get(ctx.params.id)
@@ -146,11 +60,11 @@ export async function destroyMetadata(ctx: BBContext) {
   }
 }
 
-export async function findMetadata(ctx: BBContext) {
+export async function findMetadata(ctx: UserCtx) {
   ctx.body = await getFullUser(ctx, ctx.params.id)
 }
 
-export async function setFlag(ctx: BBContext) {
+export async function setFlag(ctx: UserCtx) {
   const userId = ctx.user?._id
   const { flag, value } = ctx.request.body
   if (!flag) {
@@ -169,7 +83,7 @@ export async function setFlag(ctx: BBContext) {
   ctx.body = { message: "Flag set successfully" }
 }
 
-export async function getFlags(ctx: BBContext) {
+export async function getFlags(ctx: UserCtx) {
   const userId = ctx.user?._id
   const docId = generateUserFlagID(userId!)
   const db = context.getAppDB()

package/src/api/routes/tests/user.spec.js

@@ -205,41 +205,4 @@ describe("/users", () => {
       expect(res.body.message).toEqual("Flag set successfully")
     })
   })
-
-  describe("syncUser", () => {
-    it("should sync the user", async () => {
-      let user = await config.createUser()
-      await config.createApp("New App")
-      let res = await request
-        .post(`/api/users/metadata/sync/${user._id}`)
-        .set(config.defaultHeaders())
-        .expect(200)
-        .expect("Content-Type", /json/)
-      expect(res.body.message).toEqual("User synced.")
-    })
-
-    it("should sync the user when a previous user is specified", async () => {
-      const app1 = await config.createApp("App 1")
-      const app2 = await config.createApp("App 2")
-
-      let user = await config.createUser({
-        builder: false,
-        admin: true,
-        roles: { [app1.appId]: "ADMIN" },
-      })
-      let res = await request
-        .post(`/api/users/metadata/sync/${user._id}`)
-        .set(config.defaultHeaders())
-        .send({
-          previousUser: {
-            ...user,
-            roles: { ...user.roles, [app2.appId]: "BASIC" },
-          },
-        })
-        .expect(200)
-        .expect("Content-Type", /json/)
-
-      expect(res.body.message).toEqual("User synced.")
-    })
-  })
 })

package/src/api/routes/user.ts

@@ -32,11 +32,6 @@ router
     authorized(PermissionType.USER, PermissionLevel.WRITE),
     controller.destroyMetadata
   )
-  .post(
-    "/api/users/metadata/sync/:id",
-    authorized(PermissionType.USER, PermissionLevel.WRITE),
-    controller.syncUser
-  )
   .post(
     "/api/users/flags",
     authorized(PermissionType.USER, PermissionLevel.WRITE),

package/src/events/docUpdates/index.ts

@@ -0,0 +1 @@
+export * from "./processors"

package/src/events/docUpdates/processors.ts

@@ -0,0 +1,14 @@
+import userGroupProcessor from "./syncUsers"
+import { docUpdates } from "@budibase/backend-core"
+
+export type UpdateCallback = (docId: string) => void
+let started = false
+
+export function init(updateCb?: UpdateCallback) {
+  if (started) {
+    return
+  }
+  const processors = [userGroupProcessor(updateCb)]
+  docUpdates.init(processors)
+  started = true
+}

package/src/events/docUpdates/syncUsers.ts

@@ -0,0 +1,35 @@
+import { constants, logging } from "@budibase/backend-core"
+import { sdk as proSdk } from "@budibase/pro"
+import { DocUpdateEvent, UserGroupSyncEvents } from "@budibase/types"
+import { syncUsersToAllApps } from "../../sdk/app/applications/sync"
+import { UpdateCallback } from "./processors"
+
+export default function process(updateCb?: UpdateCallback) {
+  const processor = async (update: DocUpdateEvent) => {
+    try {
+      const docId = update.id
+      const isGroup = docId.startsWith(constants.DocumentType.GROUP)
+      let userIds: string[]
+      if (isGroup) {
+        const group = await proSdk.groups.get(docId)
+        userIds = group.users?.map(user => user._id) || []
+      } else {
+        userIds = [docId]
+      }
+      if (userIds.length > 0) {
+        await syncUsersToAllApps(userIds)
+      }
+      if (updateCb) {
+        updateCb(docId)
+      }
+    } catch (err: any) {
+      // if something not found - no changes to perform
+      if (err?.status === 404) {
+        return
+      } else {
+        logging.logAlert("Failed to perform user/group app sync", err)
+      }
+    }
+  }
+  return { events: UserGroupSyncEvents, processor }
+}

package/src/events/index.ts

@@ -2,4 +2,5 @@ import BudibaseEmitter from "./BudibaseEmitter"
 
 const emitter = new BudibaseEmitter()
 
+export { init } from "./docUpdates"
 export default emitter

package/src/sdk/app/applications/sync.ts

@@ -1,6 +1,117 @@
 import env from "../../../environment"
-import { db as dbCore, context } from "@budibase/backend-core"
+import {
+  db as dbCore,
+  context,
+  docUpdates,
+  constants,
+  logging,
+  roles,
+} from "@budibase/backend-core"
+import { User, ContextUser, UserGroup } from "@budibase/types"
+import { sdk as proSdk } from "@budibase/pro"
 import sdk from "../../"
+import { getGlobalUsers, processUser } from "../../../utilities/global"
+import { generateUserMetadataID, InternalTables } from "../../../db/utils"
+
+type DeletedUser = { _id: string; deleted: boolean }
+
+async function syncUsersToApp(
+  appId: string,
+  users: (User | DeletedUser)[],
+  groups: UserGroup[]
+) {
+  if (!(await dbCore.dbExists(appId))) {
+    return
+  }
+  await context.doInAppContext(appId, async () => {
+    const db = context.getAppDB()
+    for (let user of users) {
+      let ctxUser = user as ContextUser
+      let deletedUser = false
+      const metadataId = generateUserMetadataID(user._id!)
+      if ((user as DeletedUser).deleted) {
+        deletedUser = true
+      }
+
+      // make sure role is correct
+      if (!deletedUser) {
+        ctxUser = await processUser(ctxUser, { appId, groups })
+      }
+      let roleId = ctxUser.roleId
+      if (roleId === roles.BUILTIN_ROLE_IDS.PUBLIC) {
+        roleId = undefined
+      }
+
+      let metadata
+      try {
+        metadata = await db.get(metadataId)
+      } catch (err: any) {
+        if (err.status !== 404) {
+          throw err
+        }
+        // no metadata and user is to be deleted, can skip
+        // no role - user isn't in app anyway
+        if (!roleId) {
+          continue
+        } else if (!deletedUser) {
+          // doesn't exist yet, creating it
+          metadata = {
+            tableId: InternalTables.USER_METADATA,
+          }
+        }
+      }
+
+      // the user doesn't exist, or doesn't have a role anymore
+      // get rid of their metadata
+      if (deletedUser || !roleId) {
+        await db.remove(metadata)
+        continue
+      }
+
+      // assign the roleId for the metadata doc
+      if (roleId) {
+        metadata.roleId = roleId
+      }
+
+      let combined = sdk.users.combineMetadataAndUser(ctxUser, metadata)
+      // if no combined returned, there are no updates to make
+      if (combined) {
+        await db.put(combined)
+      }
+    }
+  })
+}
+
+export async function syncUsersToAllApps(userIds: string[]) {
+  // list of users, if one has been deleted it will be undefined in array
+  const users = (await getGlobalUsers(userIds, {
+    noProcessing: true,
+  })) as User[]
+  const groups = await proSdk.groups.fetch()
+  const finalUsers: (User | DeletedUser)[] = []
+  for (let userId of userIds) {
+    const user = users.find(user => user._id === userId)
+    if (!user) {
+      finalUsers.push({ _id: userId, deleted: true })
+    } else {
+      finalUsers.push(user)
+    }
+  }
+  const devAppIds = await dbCore.getDevAppIDs()
+  let promises = []
+  for (let devAppId of devAppIds) {
+    const prodAppId = dbCore.getProdAppID(devAppId)
+    for (let appId of [prodAppId, devAppId]) {
+      promises.push(syncUsersToApp(appId, finalUsers, groups))
+    }
+  }
+  const resp = await Promise.allSettled(promises)
+  const failed = resp.filter(promise => promise.status === "rejected")
+  if (failed.length > 0) {
+    const reasons = failed.map(fail => (fail as PromiseRejectedResult).reason)
+    logging.logAlert("Failed to sync users to apps", reasons)
+  }
+}
 
 export async function syncApp(
   appId: string,
@@ -23,32 +134,28 @@ export async function syncApp(
   // specific case, want to make sure setup is skipped
   const prodDb = context.getProdAppDB({ skip_setup: true })
   const exists = await prodDb.exists()
-  if (!exists) {
-    // the database doesn't exist. Don't replicate
-    return {
-      message: "App sync not required, app not deployed.",
-    }
-  }
 
-  const replication = new dbCore.Replication({
-    source: prodAppId,
-    target: appId,
-  })
   let error
-  try {
-    const replOpts = replication.appReplicateOpts()
-    if (opts?.automationOnly) {
-      replOpts.filter = (doc: any) =>
-        doc._id.startsWith(dbCore.DocumentType.AUTOMATION)
+  if (exists) {
+    const replication = new dbCore.Replication({
+      source: prodAppId,
+      target: appId,
+    })
+    try {
+      const replOpts = replication.appReplicateOpts()
+      if (opts?.automationOnly) {
+        replOpts.filter = (doc: any) =>
+          doc._id.startsWith(dbCore.DocumentType.AUTOMATION)
+      }
+      await replication.replicate(replOpts)
+    } catch (err) {
+      error = err
+    } finally {
+      await replication.close()
     }
-    await replication.replicate(replOpts)
-  } catch (err) {
-    error = err
-  } finally {
-    await replication.close()
   }
 
-  // sync the users
+  // sync the users - kept for safe keeping
   await sdk.users.syncGlobalUsers()
 
   if (error) {