npm - @budibase/worker - Versions diffs - 3.20.0 → 3.20.2 - Mend

@budibase/worker 3.20.0 → 3.20.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/package.json +2 -2
package/src/api/routes/endpointGroups/standard.ts +4 -2
package/src/api/routes/global/roles.ts +2 -3
package/src/api/routes/global/tests/roles.spec.ts +21 -7
package/src/api/routes/global/tests/users.spec.ts +3 -4

package/package.json CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "name": "@budibase/worker",
   "email": "hi@budibase.com",
-  "version": "3.20.0",
+  "version": "3.20.2",
   "description": "Budibase background service",
   "main": "src/index.ts",
   "repository": {
@@ -109,5 +109,5 @@
       }
     }
   },
-  "gitHead": "d4026ebc5f979585dd3f6cdc6558a7dfb3329be4"
+  "gitHead": "3582592cff6b755c0e6f5cf7d04f32be18d7a9a8"
 }

package/src/api/routes/endpointGroups/standard.ts CHANGED Viewed

@@ -1,9 +1,11 @@
-import cloudRestricted from "../../../middleware/cloudRestricted"
 import { auth, EndpointGroupList, middleware } from "@budibase/backend-core"
+import cloudRestricted from "../../../middleware/cloudRestricted"
 export const endpointGroupList = new EndpointGroupList()
-export const builderOrAdminRoutes = endpointGroupList.group(auth.builderOrAdmin)
+export const builderOrAdminRoutes = endpointGroupList.group(
+  auth.workspaceBuilderOrAdmin
+)
 builderOrAdminRoutes.lockMiddleware()
 export const builderRoutes = endpointGroupList.group(auth.builderOnly)

package/src/api/routes/global/roles.ts CHANGED Viewed

@@ -1,8 +1,7 @@
 import * as controller from "../../controllers/global/roles"
-import { adminRoutes, builderOrAdminRoutes } from "../endpointGroups"
+import { builderOrAdminRoutes } from "../endpointGroups"
 builderOrAdminRoutes
   .get("/api/global/roles", controller.fetch)
   .get("/api/global/roles/:appId", controller.find)
-adminRoutes.delete("/api/global/roles/:appId", controller.removeAppRole)
+  .delete("/api/global/roles/:appId", controller.removeAppRole)

package/src/api/routes/global/tests/roles.spec.ts CHANGED Viewed

@@ -144,11 +144,14 @@ describe("/api/global/roles", () => {
   })
   describe("DELETE /api/global/roles/:appId", () => {
-    async function createBuilderUser() {
-      const saveResponse = await config.api.users.saveUser(
-        structures.users.builderUser(),
-        200
-      )
+    async function createBuilderUser(forWorkspaces: string[] = []) {
+      const builderUser = structures.users.builderUser()
+      builderUser.builder.apps = [
+        ...(builderUser.builder.apps || []),
+        ...forWorkspaces,
+      ]
+      const saveResponse = await config.api.users.saveUser(builderUser, 200)
       const { body: user } = await config.api.users.getUser(
         saveResponse.body._id
       )
@@ -168,13 +171,24 @@ describe("/api/global/roles", () => {
       expect(res.body.message).toEqual("App role removed from all users")
     })
-    it("should not allow creator users to remove app roles", async () => {
+    it("should allow creator users to remove app roles for workspaces they owe", async () => {
+      const builderUser = await createBuilderUser([workspaceId])
+      const res = await config.withUser(builderUser, () =>
+        config.api.roles.remove(workspaceId, { status: 200 })
+      )
+      expect(res.body).toEqual({ message: "App role removed from all users" })
+    })
+    it("should not allow creator users to remove app roles for workspaces they don't owe", async () => {
       const builderUser = await createBuilderUser()
       const res = await config.withUser(builderUser, () =>
         config.api.roles.remove(workspaceId, { status: 403 })
       )
-      expect(res.body.message).toBe("Admin user only endpoint.")
+      expect(res.body.message).toBe(
+        "Workspace Admin/Builder user only endpoint."
+      )
     })
   })
 })

package/src/api/routes/global/tests/users.spec.ts CHANGED Viewed

@@ -195,7 +195,7 @@ describe("/api/global/users", () => {
       expect(res.body.info.apps[appId]).toBe(role)
     })
-    it("should allow global builders to edit invites for any app", async () => {
+    it("should not allow builders to edit invites for any app", async () => {
       const { code } = await config.api.users.sendUserInvite(
         sendMailMock,
         structures.users.newEmail()
@@ -213,12 +213,11 @@ describe("/api/global/users", () => {
       })
       await config.login(builderUser)
-      const res = await config.withUser(builderUser, async () =>
+      await config.withUser(builderUser, async () =>
         config.withApp(appId, () =>
-          config.api.users.addWorkspaceIdToInvite(code, role, 200)
+          config.api.users.addWorkspaceIdToInvite(code, role, 403)
         )
       )
-      expect(res.body.info.apps[appId]).toBe(role)
     })
   })