From 4e3659f2dcc94835416effe94df89b35621a7b69 Mon Sep 17 00:00:00 2001 From: Mel O'Hagan Date: Thu, 13 Jun 2024 14:55:58 +0100 Subject: [PATCH 01/10] Move Role constants from frontend core to shared core --- .../backend-core/src/users/test/utils.spec.ts | 7 ++-- .../src/components/common/RoleSelect.svelte | 23 +++++------ .../integration/AccessLevelSelect.svelte | 6 +-- .../_components/BuilderSidePanel.svelte | 38 +++++++++---------- .../Navigation/NavItemConfiguration.svelte | 4 +- .../portal/users/groups/[groupId].svelte | 5 +-- .../portal/users/users/[userId].svelte | 6 +-- .../_components/AppRoleTableRenderer.svelte | 9 +++-- .../src/stores/builder/tests/screens.test.js | 19 ++++------ .../client/src/components/app/Layout.svelte | 4 +- .../client/src/stores/derived/currentRole.js | 4 +- packages/frontend-core/src/constants.js | 10 ----- packages/shared-core/src/constants/index.ts | 10 +++++ .../shared-core/src/sdk/documents/users.ts | 3 +- 14 files changed, 71 insertions(+), 77 deletions(-) diff --git a/packages/backend-core/src/users/test/utils.spec.ts b/packages/backend-core/src/users/test/utils.spec.ts index cb98b8972bb..f60ae1dc954 100644 --- a/packages/backend-core/src/users/test/utils.spec.ts +++ b/packages/backend-core/src/users/test/utils.spec.ts @@ -3,6 +3,7 @@ import { generator, structures } from "../../../tests" import { DBTestConfiguration } from "../../../tests/extra" import { getGlobalDB } from "../../context" import { isCreator } from "../utils" +import { Roles } from "@budibase/shared-core" const config = new DBTestConfiguration() @@ -28,12 +29,12 @@ describe("Users", () => { }) it("User is a creator if it has CREATOR permission in some application", async () => { - const user: User = structures.users.user({ roles: { app1: "CREATOR" } }) + const user: User = structures.users.user({ roles: { app1: Roles.CREATOR } }) expect(await isCreator(user)).toBe(true) }) it("User is a creator if it has ADMIN permission in some application", async () => { - const user: User = structures.users.user({ roles: { app1: "ADMIN" } }) + const user: User = structures.users.user({ roles: { app1: Roles.ADMIN } }) expect(await isCreator(user)).toBe(true) }) @@ -42,7 +43,7 @@ describe("Users", () => { const groupId = "gr_17abffe89e0b40268e755b952f101a59" const group: UserGroup = { ...structures.userGroups.userGroup(), - ...{ _id: groupId, roles: { app1: "ADMIN" } }, + ...{ _id: groupId, roles: { app1: Roles.ADMIN } }, } const users: User[] = [] for (let i = 0; i < usersInGroup; i++) { diff --git a/packages/builder/src/components/common/RoleSelect.svelte b/packages/builder/src/components/common/RoleSelect.svelte index 4605b0c182d..deec69577bf 100644 --- a/packages/builder/src/components/common/RoleSelect.svelte +++ b/packages/builder/src/components/common/RoleSelect.svelte @@ -3,7 +3,8 @@ import { roles } from "stores/builder" import { licensing } from "stores/portal" - import { Constants, RoleUtils } from "@budibase/frontend-core" + import { RoleUtils } from "@budibase/frontend-core" + import { Roles } from "@budibase/shared-core" import { createEventDispatcher } from "svelte" import { capitalise } from "helpers" @@ -51,9 +52,9 @@ name: enrichLabel(role.name), _id: role._id, })) - if (allowedRoles.includes(Constants.Roles.CREATOR)) { + if (allowedRoles.includes(Roles.CREATOR)) { options.push({ - _id: Constants.Roles.CREATOR, + _id: Roles.CREATOR, name: "Can edit", enabled: false, }) @@ -70,11 +71,9 @@ // Add creator if required if (allowCreator) { options.unshift({ - _id: Constants.Roles.CREATOR, + _id: Roles.CREATOR, name: "Can edit", - tag: - !$licensing.perAppBuildersEnabled && - capitalise(Constants.PlanType.BUSINESS), + tag: !$licensing.perAppBuildersEnabled && capitalise(PlanType.BUSINESS), }) } @@ -88,7 +87,7 @@ // Remove public if not allowed if (!allowPublic) { - options = options.filter(role => role._id !== Constants.Roles.PUBLIC) + options = options.filter(role => role._id !== Roles.PUBLIC) } return options @@ -96,7 +95,7 @@ const getColor = role => { // Creator and remove options have no colors - if (role._id === Constants.Roles.CREATOR || role._id === RemoveID) { + if (role._id === Roles.CREATOR || role._id === RemoveID) { return null } return RoleUtils.getRoleColour(role._id) @@ -135,8 +134,7 @@ getOptionColour={getColor} getOptionIcon={getIcon} isOptionEnabled={option => - option._id !== Constants.Roles.CREATOR || - $licensing.perAppBuildersEnabled} + option._id !== Roles.CREATOR || $licensing.perAppBuildersEnabled} {placeholder} {error} /> @@ -155,8 +153,7 @@ getOptionColour={getColor} getOptionIcon={getIcon} isOptionEnabled={option => - (option._id !== Constants.Roles.CREATOR || - $licensing.perAppBuildersEnabled) && + (option._id !== Roles.CREATOR || $licensing.perAppBuildersEnabled) && option.enabled !== false} {placeholder} {error} diff --git a/packages/builder/src/components/integration/AccessLevelSelect.svelte b/packages/builder/src/components/integration/AccessLevelSelect.svelte index 05b336c3b3c..6445fda4049 100644 --- a/packages/builder/src/components/integration/AccessLevelSelect.svelte +++ b/packages/builder/src/components/integration/AccessLevelSelect.svelte @@ -1,7 +1,7 @@ @@ -660,7 +660,7 @@ autoWidth align="right" allowedRoles={user.isAdminOrGlobalBuilder - ? [Constants.Roles.CREATOR] + ? [Roles.CREATOR] : null} labelPrefix="Can use as" /> @@ -706,7 +706,7 @@ allowRemove={group.role} allowPublic={false} quiet={true} - allowCreator={group.role === Constants.Roles.CREATOR} + allowCreator={group.role === Roles.CREATOR} on:change={e => { onUpdateGroup(group, e.detail) }} @@ -747,7 +747,7 @@ quiet={true} on:addcreator={() => {}} on:change={e => { - if (e.detail === Constants.Roles.CREATOR) { + if (e.detail === Roles.CREATOR) { addAppBuilder(user._id) } else { onUpdateUser(user, e.detail) @@ -759,7 +759,7 @@ autoWidth align="right" allowedRoles={user.isAdminOrGlobalBuilder - ? [Constants.Roles.CREATOR] + ? [Roles.CREATOR] : null} labelPrefix="Can use as" /> @@ -832,7 +832,7 @@ align="right" fancySelect allowedRoles={creationRoleType === Constants.BudibaseRoles.Admin - ? [Constants.Roles.CREATOR] + ? [Roles.CREATOR] : null} footer={getRoleFooter({ isAdminOrGlobalBuilder: diff --git a/packages/builder/src/pages/builder/app/[application]/design/[screenId]/[componentId]/_components/Navigation/NavItemConfiguration.svelte b/packages/builder/src/pages/builder/app/[application]/design/[screenId]/[componentId]/_components/Navigation/NavItemConfiguration.svelte index db55f501f0a..505c57b62ec 100644 --- a/packages/builder/src/pages/builder/app/[application]/design/[screenId]/[componentId]/_components/Navigation/NavItemConfiguration.svelte +++ b/packages/builder/src/pages/builder/app/[application]/design/[screenId]/[componentId]/_components/Navigation/NavItemConfiguration.svelte @@ -4,7 +4,7 @@ import NavItem from "./NavItem.svelte" import { generate } from "shortid" import { getSequentialName } from "helpers/duplicate" - import { Constants } from "@budibase/frontend-core" + import { Roles } from "@budibase/shared-core" export let bindings @@ -52,7 +52,7 @@ getName: x => x.text, }), url: "", - roleId: Constants.Roles.BASIC, + roleId: Roles.BASIC, type: "link", }, ]) diff --git a/packages/builder/src/pages/builder/portal/users/groups/[groupId].svelte b/packages/builder/src/pages/builder/portal/users/groups/[groupId].svelte index 36ec43b6b39..36f6697493b 100644 --- a/packages/builder/src/pages/builder/portal/users/groups/[groupId].svelte +++ b/packages/builder/src/pages/builder/portal/users/groups/[groupId].svelte @@ -20,8 +20,7 @@ import CreateEditGroupModal from "./_components/CreateEditGroupModal.svelte" import GroupIcon from "./_components/GroupIcon.svelte" import GroupUsers from "./_components/GroupUsers.svelte" - import { sdk } from "@budibase/shared-core" - import { Constants } from "@budibase/frontend-core" + import { sdk, Roles } from "@budibase/shared-core" export let groupId @@ -60,7 +59,7 @@ .map(app => ({ ...app, role: group?.builder?.apps.includes(appsStore.getProdAppID(app.devId)) - ? Constants.Roles.CREATOR + ? Roles.CREATOR : group?.roles?.[appsStore.getProdAppID(app.devId)], })) diff --git a/packages/builder/src/pages/builder/portal/users/users/[userId].svelte b/packages/builder/src/pages/builder/portal/users/users/[userId].svelte index d4e765a4be3..334f67cfa19 100644 --- a/packages/builder/src/pages/builder/portal/users/users/[userId].svelte +++ b/packages/builder/src/pages/builder/portal/users/users/[userId].svelte @@ -30,7 +30,7 @@ import GroupNameTableRenderer from "../groups/_components/GroupNameTableRenderer.svelte" import AppNameTableRenderer from "./_components/AppNameTableRenderer.svelte" import AppRoleTableRenderer from "./_components/AppRoleTableRenderer.svelte" - import { sdk } from "@budibase/shared-core" + import { sdk, Roles } from "@budibase/shared-core" import ActiveDirectoryInfo from "../_components/ActiveDirectoryInfo.svelte" export let userId @@ -136,11 +136,11 @@ const getRole = (prodAppId, roles) => { if (privileged) { - return Constants.Roles.ADMIN + return Roles.ADMIN } if (user?.builder?.apps?.includes(prodAppId)) { - return Constants.Roles.CREATOR + return Roles.CREATOR } return roles[prodAppId] diff --git a/packages/builder/src/pages/builder/portal/users/users/_components/AppRoleTableRenderer.svelte b/packages/builder/src/pages/builder/portal/users/users/_components/AppRoleTableRenderer.svelte index 0f19bb3e1f9..43d25814b96 100644 --- a/packages/builder/src/pages/builder/portal/users/users/_components/AppRoleTableRenderer.svelte +++ b/packages/builder/src/pages/builder/portal/users/users/_components/AppRoleTableRenderer.svelte @@ -1,20 +1,21 @@ -{#if value === Constants.Roles.CREATOR} +{#if value === Roles.CREATOR} Can edit {:else} diff --git a/packages/builder/src/stores/builder/tests/screens.test.js b/packages/builder/src/stores/builder/tests/screens.test.js index 51e3a8d830c..47e00ed1ae9 100644 --- a/packages/builder/src/stores/builder/tests/screens.test.js +++ b/packages/builder/src/stores/builder/tests/screens.test.js @@ -1,7 +1,7 @@ import { it, expect, describe, beforeEach, vi } from "vitest" import { get, writable } from "svelte/store" import { API } from "api" -import { Constants } from "@budibase/frontend-core" +import { Roles } from "@budibase/shared-core" import { componentStore, appStore } from "stores/builder" import { INITIAL_SCREENS_STATE, ScreenStore } from "stores/builder/screens" import { @@ -603,7 +603,7 @@ describe("Screens store", () => { const storeScreens = existingScreens .map(screen => screen.json()) - .filter(screen => screen.routing.roleId == Constants.Roles.BASIC) + .filter(screen => screen.routing.roleId == Roles.BASIC) // All default screens have the BASIC role expect(storeScreens.length).toBe(3) @@ -644,12 +644,7 @@ describe("Screens store", () => { }) it("Ensure only one homescreen per role when updating screen setting. Multiple screen roles", async ctx => { - const expectedRoles = [ - Constants.Roles.BASIC, - Constants.Roles.POWER, - Constants.Roles.PUBLIC, - Constants.Roles.ADMIN, - ] + const expectedRoles = [Roles.BASIC, Roles.POWER, Roles.PUBLIC, Roles.ADMIN] // Build 12 screens, 3 of each role const existingScreens = Array(12) @@ -708,17 +703,17 @@ describe("Screens store", () => { const screens = ctx.test.store.screens // Should still only be one of each homescreen - expect(results[Constants.Roles.ADMIN].length).toBe(1) + expect(results[Roles.ADMIN].length).toBe(1) expect(screens[2].routing.homeScreen).toBe(true) - expect(results[Constants.Roles.BASIC].length).toBe(1) + expect(results[Roles.BASIC].length).toBe(1) expect(screens[4].routing.homeScreen).toBe(true) - expect(results[Constants.Roles.PUBLIC].length).toBe(1) + expect(results[Roles.PUBLIC].length).toBe(1) expect(screens[9].routing.homeScreen).toBe(true) // Homescreen was never set for POWER - expect(results[Constants.Roles.POWER]).not.toBeDefined() + expect(results[Roles.POWER]).not.toBeDefined() // Once to update the target screen, once to unset the existing homescreen. expect(patchSpy).toBeCalledTimes(2) diff --git a/packages/client/src/components/app/Layout.svelte b/packages/client/src/components/app/Layout.svelte index 72da3e90120..44645018817 100644 --- a/packages/client/src/components/app/Layout.svelte +++ b/packages/client/src/components/app/Layout.svelte @@ -2,7 +2,7 @@ import { getContext, setContext } from "svelte" import { writable } from "svelte/store" import { Heading, Icon, clickOutside } from "@budibase/bbui" - import { Constants } from "@budibase/frontend-core" + import { Roles } from "@budibase/shared-core" import NavItem from "./NavItem.svelte" const sdk = getContext("sdk") @@ -130,7 +130,7 @@ } // Filter to only links allowed by the current role - const role = navItem.roleId || Constants.Roles.BASIC + const role = navItem.roleId || Roles.BASIC return userRoleHierarchy?.find(roleId => roleId === role) }) .map(navItem => { diff --git a/packages/client/src/stores/derived/currentRole.js b/packages/client/src/stores/derived/currentRole.js index 8bb4c5a25d7..d567190f240 100644 --- a/packages/client/src/stores/derived/currentRole.js +++ b/packages/client/src/stores/derived/currentRole.js @@ -1,8 +1,8 @@ import { derived } from "svelte/store" -import { Constants } from "@budibase/frontend-core" import { devToolsStore } from "../devTools.js" import { authStore } from "../auth.js" import { devToolsEnabled } from "./devToolsEnabled.js" +import { Roles } from "@budibase/shared-core" // Derive the current role of the logged-in user export const currentRole = derived( @@ -11,7 +11,7 @@ export const currentRole = derived( return ( ($devToolsEnabled && $devToolsStore.role) || $authStore?.roleId || - Constants.Roles.PUBLIC + Roles.PUBLIC ) } ) diff --git a/packages/frontend-core/src/constants.js b/packages/frontend-core/src/constants.js index 0d6261f5f89..d278ebd2ce7 100644 --- a/packages/frontend-core/src/constants.js +++ b/packages/frontend-core/src/constants.js @@ -77,16 +77,6 @@ export const PlanType = { */ export const ApiVersion = "1" -// Role IDs -export const Roles = { - ADMIN: "ADMIN", - POWER: "POWER", - BASIC: "BASIC", - PUBLIC: "PUBLIC", - BUILDER: "BUILDER", - CREATOR: "CREATOR", -} - export const Themes = [ { class: "lightest", diff --git a/packages/shared-core/src/constants/index.ts b/packages/shared-core/src/constants/index.ts index afb7e659e1b..4c413c7f557 100644 --- a/packages/shared-core/src/constants/index.ts +++ b/packages/shared-core/src/constants/index.ts @@ -179,3 +179,13 @@ export enum BpmStatusValue { VERIFYING_EMAIL = "verifying_email", COMPLETED = "completed", } + +// Role IDs +export enum Roles { + ADMIN = "ADMIN", + POWER = "POWER", + BASIC = "BASIC", + PUBLIC = "PUBLIC", + BUILDER = "BUILDER", + CREATOR = "CREATOR", +} diff --git a/packages/shared-core/src/sdk/documents/users.ts b/packages/shared-core/src/sdk/documents/users.ts index 17aa8a1e587..c4dd56f148e 100644 --- a/packages/shared-core/src/sdk/documents/users.ts +++ b/packages/shared-core/src/sdk/documents/users.ts @@ -7,6 +7,7 @@ import { } from "@budibase/types" import { getProdAppID } from "./applications" import * as _ from "lodash/fp" +import { Roles } from "../../constants/index" // checks if a user is specifically a builder, given an app ID export function isBuilder(user: User | ContextUser, appId?: string): boolean { @@ -67,7 +68,7 @@ export function hasAppCreatorPermissions(user?: User | ContextUser): boolean { return _.flow( _.get("roles"), _.values, - _.find(x => ["CREATOR", "ADMIN"].includes(x)), + _.find(x => [Roles.CREATOR, Roles.ADMIN].includes(x)), x => !!x )(user) } From 4570c5de4fcc086e7a9125c55fee24984e7fbd2e Mon Sep 17 00:00:00 2001 From: Mel O'Hagan Date: Thu, 13 Jun 2024 15:04:34 +0100 Subject: [PATCH 02/10] Re-add Constants --- packages/builder/src/components/common/RoleSelect.svelte | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/packages/builder/src/components/common/RoleSelect.svelte b/packages/builder/src/components/common/RoleSelect.svelte index deec69577bf..ec84de1c909 100644 --- a/packages/builder/src/components/common/RoleSelect.svelte +++ b/packages/builder/src/components/common/RoleSelect.svelte @@ -3,7 +3,7 @@ import { roles } from "stores/builder" import { licensing } from "stores/portal" - import { RoleUtils } from "@budibase/frontend-core" + import { Constants, RoleUtils } from "@budibase/frontend-core" import { Roles } from "@budibase/shared-core" import { createEventDispatcher } from "svelte" import { capitalise } from "helpers" @@ -73,7 +73,9 @@ options.unshift({ _id: Roles.CREATOR, name: "Can edit", - tag: !$licensing.perAppBuildersEnabled && capitalise(PlanType.BUSINESS), + tag: + !$licensing.perAppBuildersEnabled && + capitalise(Constants.PlanType.BUSINESS), }) } From a335ee7704a7f5d2cf703569239a01d510430cb9 Mon Sep 17 00:00:00 2001 From: Mel O'Hagan Date: Thu, 13 Jun 2024 15:23:05 +0100 Subject: [PATCH 03/10] Fix front-end core Roles import --- packages/frontend-core/src/utils/roles.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/frontend-core/src/utils/roles.js b/packages/frontend-core/src/utils/roles.js index 1ae9d3ac142..f614a79bdd7 100644 --- a/packages/frontend-core/src/utils/roles.js +++ b/packages/frontend-core/src/utils/roles.js @@ -1,4 +1,4 @@ -import { Roles } from "../constants" +import { Roles } from "@budibase/shared-core" const RolePriorities = { [Roles.ADMIN]: 5, From 2a237aaa293c033bc7ee65310fa2cad33bbaf9d8 Mon Sep 17 00:00:00 2001 From: Mel O'Hagan Date: Thu, 13 Jun 2024 16:03:05 +0100 Subject: [PATCH 04/10] Move Roles enum to types package --- packages/backend-core/src/security/roles.ts | 11 ++--------- packages/backend-core/src/users/test/utils.spec.ts | 3 +-- packages/backend-core/src/users/utils.ts | 9 +++++++-- .../builder/src/components/common/RoleSelect.svelte | 2 +- .../components/integration/AccessLevelSelect.svelte | 2 +- .../[application]/_components/BuilderSidePanel.svelte | 3 ++- .../Navigation/NavItemConfiguration.svelte | 2 +- .../builder/portal/users/groups/[groupId].svelte | 3 ++- .../pages/builder/portal/users/users/[userId].svelte | 3 ++- .../users/_components/AppRoleTableRenderer.svelte | 2 +- .../builder/src/stores/builder/tests/screens.test.js | 2 +- packages/client/src/components/app/Layout.svelte | 2 +- packages/client/src/stores/derived/currentRole.js | 2 +- packages/frontend-core/src/utils/roles.js | 2 +- packages/shared-core/src/constants/index.ts | 10 ---------- packages/shared-core/src/sdk/documents/users.ts | 2 +- packages/types/src/sdk/index.ts | 1 + packages/types/src/sdk/roles.ts | 9 +++++++++ 18 files changed, 35 insertions(+), 35 deletions(-) create mode 100644 packages/types/src/sdk/roles.ts diff --git a/packages/backend-core/src/security/roles.ts b/packages/backend-core/src/security/roles.ts index a64be6b3197..2518894b86e 100644 --- a/packages/backend-core/src/security/roles.ts +++ b/packages/backend-core/src/security/roles.ts @@ -7,18 +7,11 @@ import { doWithDB, } from "../db" import { getAppDB } from "../context" -import { Screen, Role as RoleDoc } from "@budibase/types" +import { Screen, Role as RoleDoc, Roles } from "@budibase/types" import cloneDeep from "lodash/fp/cloneDeep" -export const BUILTIN_ROLE_IDS = { - ADMIN: "ADMIN", - POWER: "POWER", - BASIC: "BASIC", - PUBLIC: "PUBLIC", -} - const BUILTIN_IDS = { - ...BUILTIN_ROLE_IDS, + ...Roles, BUILDER: "BUILDER", } diff --git a/packages/backend-core/src/users/test/utils.spec.ts b/packages/backend-core/src/users/test/utils.spec.ts index f60ae1dc954..83a25dfe890 100644 --- a/packages/backend-core/src/users/test/utils.spec.ts +++ b/packages/backend-core/src/users/test/utils.spec.ts @@ -1,9 +1,8 @@ -import { User, UserGroup } from "@budibase/types" +import { Roles, User, UserGroup } from "@budibase/types" import { generator, structures } from "../../../tests" import { DBTestConfiguration } from "../../../tests/extra" import { getGlobalDB } from "../../context" import { isCreator } from "../utils" -import { Roles } from "@budibase/shared-core" const config = new DBTestConfiguration() diff --git a/packages/backend-core/src/users/utils.ts b/packages/backend-core/src/users/utils.ts index 348ad1532f6..005ba353ea8 100644 --- a/packages/backend-core/src/users/utils.ts +++ b/packages/backend-core/src/users/utils.ts @@ -1,4 +1,10 @@ -import { CloudAccount, ContextUser, User, UserGroup } from "@budibase/types" +import { + CloudAccount, + ContextUser, + User, + UserGroup, + Roles as BUILTIN_ROLE_IDS, +} from "@budibase/types" import * as accountSdk from "../accounts" import env from "../environment" import { getPlatformUser } from "./lookup" @@ -6,7 +12,6 @@ import { EmailUnavailableError } from "../errors" import { getTenantId } from "../context" import { sdk } from "@budibase/shared-core" import { getAccountByTenantId } from "../accounts" -import { BUILTIN_ROLE_IDS } from "../security/roles" import * as context from "../context" // extract from shared-core to make easily accessible from backend-core diff --git a/packages/builder/src/components/common/RoleSelect.svelte b/packages/builder/src/components/common/RoleSelect.svelte index ec84de1c909..71b79fbe29b 100644 --- a/packages/builder/src/components/common/RoleSelect.svelte +++ b/packages/builder/src/components/common/RoleSelect.svelte @@ -4,7 +4,7 @@ import { licensing } from "stores/portal" import { Constants, RoleUtils } from "@budibase/frontend-core" - import { Roles } from "@budibase/shared-core" + import { Roles } from "@budibase/types" import { createEventDispatcher } from "svelte" import { capitalise } from "helpers" diff --git a/packages/builder/src/components/integration/AccessLevelSelect.svelte b/packages/builder/src/components/integration/AccessLevelSelect.svelte index 6445fda4049..5e821c619b9 100644 --- a/packages/builder/src/components/integration/AccessLevelSelect.svelte +++ b/packages/builder/src/components/integration/AccessLevelSelect.svelte @@ -1,7 +1,7 @@ @@ -661,7 +661,7 @@ autoWidth align="right" allowedRoles={user.isAdminOrGlobalBuilder - ? [Roles.CREATOR] + ? [BuiltInRole.CREATOR] : null} labelPrefix="Can use as" /> @@ -707,7 +707,7 @@ allowRemove={group.role} allowPublic={false} quiet={true} - allowCreator={group.role === Roles.CREATOR} + allowCreator={group.role === BuiltInRole.CREATOR} on:change={e => { onUpdateGroup(group, e.detail) }} @@ -748,7 +748,7 @@ quiet={true} on:addcreator={() => {}} on:change={e => { - if (e.detail === Roles.CREATOR) { + if (e.detail === BuiltInRole.CREATOR) { addAppBuilder(user._id) } else { onUpdateUser(user, e.detail) @@ -760,7 +760,7 @@ autoWidth align="right" allowedRoles={user.isAdminOrGlobalBuilder - ? [Roles.CREATOR] + ? [BuiltInRole.CREATOR] : null} labelPrefix="Can use as" /> @@ -833,7 +833,7 @@ align="right" fancySelect allowedRoles={creationRoleType === Constants.BudibaseRoles.Admin - ? [Roles.CREATOR] + ? [BuiltInRole.CREATOR] : null} footer={getRoleFooter({ isAdminOrGlobalBuilder: diff --git a/packages/builder/src/pages/builder/app/[application]/design/[screenId]/[componentId]/_components/Navigation/NavItemConfiguration.svelte b/packages/builder/src/pages/builder/app/[application]/design/[screenId]/[componentId]/_components/Navigation/NavItemConfiguration.svelte index 42e32a26245..10cf35246d4 100644 --- a/packages/builder/src/pages/builder/app/[application]/design/[screenId]/[componentId]/_components/Navigation/NavItemConfiguration.svelte +++ b/packages/builder/src/pages/builder/app/[application]/design/[screenId]/[componentId]/_components/Navigation/NavItemConfiguration.svelte @@ -4,7 +4,7 @@ import NavItem from "./NavItem.svelte" import { generate } from "shortid" import { getSequentialName } from "helpers/duplicate" - import { Roles } from "@budibase/types" + import { BuiltInRole } from "@budibase/types" export let bindings @@ -52,7 +52,7 @@ getName: x => x.text, }), url: "", - roleId: Roles.BASIC, + roleId: BuiltInRole.BASIC, type: "link", }, ]) diff --git a/packages/builder/src/pages/builder/app/[application]/design/[screenId]/_components/ScreenList/RoleIndicator.svelte b/packages/builder/src/pages/builder/app/[application]/design/[screenId]/_components/ScreenList/RoleIndicator.svelte index 4b7f26709c8..d730549ca59 100644 --- a/packages/builder/src/pages/builder/app/[application]/design/[screenId]/_components/ScreenList/RoleIndicator.svelte +++ b/packages/builder/src/pages/builder/app/[application]/design/[screenId]/_components/ScreenList/RoleIndicator.svelte @@ -2,7 +2,7 @@ import { RoleUtils } from "@budibase/frontend-core" import { Tooltip, StatusLight } from "@budibase/bbui" import { roles } from "stores/builder" - import { Roles } from "constants/backend" + import { BuiltInRole } from "@budibase/types" export let roleId @@ -11,7 +11,7 @@ $: color = RoleUtils.getRoleColour(roleId) $: role = $roles.find(role => role._id === roleId) $: tooltip = - roleId === Roles.PUBLIC + roleId === BuiltInRole.PUBLIC ? "Open to the public" : `Requires ${role?.name} access` diff --git a/packages/builder/src/pages/builder/app/[application]/design/_components/NewScreen/CreateScreenModal.svelte b/packages/builder/src/pages/builder/app/[application]/design/_components/NewScreen/CreateScreenModal.svelte index 68d74218c8d..fc9955b1536 100644 --- a/packages/builder/src/pages/builder/app/[application]/design/_components/NewScreen/CreateScreenModal.svelte +++ b/packages/builder/src/pages/builder/app/[application]/design/_components/NewScreen/CreateScreenModal.svelte @@ -14,7 +14,7 @@ import { auth } from "stores/portal" import { get } from "svelte/store" import getTemplates from "templates" - import { Roles } from "constants/backend" + import { BuiltInRole } from "@budibase/types" import { capitalise } from "helpers" import { goto } from "@roxi/routify" import { TOUR_KEYS } from "components/portal/onboarding/tours.js" @@ -32,7 +32,7 @@ let formTypeModal // Cache variables for workflow - let screenAccessRole = Roles.BASIC + let screenAccessRole = BuiltInRole.BASIC let templates = null let screens = null @@ -126,7 +126,7 @@ blankScreenUrl = null screenMode = mode pendingScreen = null - screenAccessRole = Roles.BASIC + screenAccessRole = BuiltInRole.BASIC formType = null if (mode === "grid" || mode === "gridDetails" || mode === "form") { diff --git a/packages/builder/src/pages/builder/portal/users/groups/[groupId].svelte b/packages/builder/src/pages/builder/portal/users/groups/[groupId].svelte index 82914fb33b6..0700903aa33 100644 --- a/packages/builder/src/pages/builder/portal/users/groups/[groupId].svelte +++ b/packages/builder/src/pages/builder/portal/users/groups/[groupId].svelte @@ -21,7 +21,7 @@ import GroupIcon from "./_components/GroupIcon.svelte" import GroupUsers from "./_components/GroupUsers.svelte" import { sdk } from "@budibase/shared-core" - import { Roles } from "@budibase/types" + import { BuiltInRole } from "@budibase/types" export let groupId @@ -60,7 +60,7 @@ .map(app => ({ ...app, role: group?.builder?.apps.includes(appsStore.getProdAppID(app.devId)) - ? Roles.CREATOR + ? BuiltInRole.CREATOR : group?.roles?.[appsStore.getProdAppID(app.devId)], })) diff --git a/packages/builder/src/pages/builder/portal/users/users/[userId].svelte b/packages/builder/src/pages/builder/portal/users/users/[userId].svelte index 193e0da37f5..9d1e63efb0c 100644 --- a/packages/builder/src/pages/builder/portal/users/users/[userId].svelte +++ b/packages/builder/src/pages/builder/portal/users/users/[userId].svelte @@ -31,7 +31,7 @@ import AppNameTableRenderer from "./_components/AppNameTableRenderer.svelte" import AppRoleTableRenderer from "./_components/AppRoleTableRenderer.svelte" import { sdk } from "@budibase/shared-core" - import { Roles } from "@budibase/types" + import { BuiltInRole } from "@budibase/types" import ActiveDirectoryInfo from "../_components/ActiveDirectoryInfo.svelte" export let userId @@ -137,11 +137,11 @@ const getRole = (prodAppId, roles) => { if (privileged) { - return Roles.ADMIN + return BuiltInRole.ADMIN } if (user?.builder?.apps?.includes(prodAppId)) { - return Roles.CREATOR + return BuiltInRole.CREATOR } return roles[prodAppId] diff --git a/packages/builder/src/pages/builder/portal/users/users/_components/AppRoleTableRenderer.svelte b/packages/builder/src/pages/builder/portal/users/users/_components/AppRoleTableRenderer.svelte index 311062b41d0..878f50b8cd4 100644 --- a/packages/builder/src/pages/builder/portal/users/users/_components/AppRoleTableRenderer.svelte +++ b/packages/builder/src/pages/builder/portal/users/users/_components/AppRoleTableRenderer.svelte @@ -3,19 +3,19 @@ import { RoleUtils } from "@budibase/frontend-core" import { roles } from "stores/builder" import { capitalise } from "helpers" - import { Roles } from "@budibase/types" + import { BuiltInRole } from "@budibase/types" export let value const getRoleLabel = roleId => { const role = $roles.find(x => x._id === roleId) - return roleId === Roles.CREATOR - ? capitalise(Roles.CREATOR.toLowerCase()) + return roleId === BuiltInRole.CREATOR + ? capitalise(BuiltInRole.CREATOR.toLowerCase()) : role?.name || "Custom role" } -{#if value === Roles.CREATOR} +{#if value === BuiltInRole.CREATOR} Can edit {:else} diff --git a/packages/builder/src/stores/builder/tests/screens.test.js b/packages/builder/src/stores/builder/tests/screens.test.js index f0595dabd4f..37149ed302a 100644 --- a/packages/builder/src/stores/builder/tests/screens.test.js +++ b/packages/builder/src/stores/builder/tests/screens.test.js @@ -1,7 +1,7 @@ import { it, expect, describe, beforeEach, vi } from "vitest" import { get, writable } from "svelte/store" import { API } from "api" -import { Roles } from "@budibase/types" +import { BuiltInRole } from "@budibase/types" import { componentStore, appStore } from "stores/builder" import { INITIAL_SCREENS_STATE, ScreenStore } from "stores/builder/screens" import { @@ -603,7 +603,7 @@ describe("Screens store", () => { const storeScreens = existingScreens .map(screen => screen.json()) - .filter(screen => screen.routing.roleId == Roles.BASIC) + .filter(screen => screen.routing.roleId == BuiltInRole.BASIC) // All default screens have the BASIC role expect(storeScreens.length).toBe(3) @@ -644,7 +644,12 @@ describe("Screens store", () => { }) it("Ensure only one homescreen per role when updating screen setting. Multiple screen roles", async ctx => { - const expectedRoles = [Roles.BASIC, Roles.POWER, Roles.PUBLIC, Roles.ADMIN] + const expectedRoles = [ + BuiltInRole.BASIC, + BuiltInRole.POWER, + BuiltInRole.PUBLIC, + BuiltInRole.ADMIN, + ] // Build 12 screens, 3 of each role const existingScreens = Array(12) @@ -703,17 +708,17 @@ describe("Screens store", () => { const screens = ctx.test.store.screens // Should still only be one of each homescreen - expect(results[Roles.ADMIN].length).toBe(1) + expect(results[BuiltInRole.ADMIN].length).toBe(1) expect(screens[2].routing.homeScreen).toBe(true) - expect(results[Roles.BASIC].length).toBe(1) + expect(results[BuiltInRole.BASIC].length).toBe(1) expect(screens[4].routing.homeScreen).toBe(true) - expect(results[Roles.PUBLIC].length).toBe(1) + expect(results[BuiltInRole.PUBLIC].length).toBe(1) expect(screens[9].routing.homeScreen).toBe(true) // Homescreen was never set for POWER - expect(results[Roles.POWER]).not.toBeDefined() + expect(results[BuiltInRole.POWER]).not.toBeDefined() // Once to update the target screen, once to unset the existing homescreen. expect(patchSpy).toBeCalledTimes(2) diff --git a/packages/client/src/components/app/Layout.svelte b/packages/client/src/components/app/Layout.svelte index 9b0c7ec959b..8235cb256f7 100644 --- a/packages/client/src/components/app/Layout.svelte +++ b/packages/client/src/components/app/Layout.svelte @@ -2,7 +2,7 @@ import { getContext, setContext } from "svelte" import { writable } from "svelte/store" import { Heading, Icon, clickOutside } from "@budibase/bbui" - import { Roles } from "@budibase/types" + import { BuiltInRole } from "@budibase/types" import NavItem from "./NavItem.svelte" const sdk = getContext("sdk") @@ -130,7 +130,7 @@ } // Filter to only links allowed by the current role - const role = navItem.roleId || Roles.BASIC + const role = navItem.roleId || BuiltInRole.BASIC return userRoleHierarchy?.find(roleId => roleId === role) }) .map(navItem => { diff --git a/packages/client/src/stores/derived/currentRole.js b/packages/client/src/stores/derived/currentRole.js index a7bcdcb2724..69eb9371a45 100644 --- a/packages/client/src/stores/derived/currentRole.js +++ b/packages/client/src/stores/derived/currentRole.js @@ -2,7 +2,7 @@ import { derived } from "svelte/store" import { devToolsStore } from "../devTools.js" import { authStore } from "../auth.js" import { devToolsEnabled } from "./devToolsEnabled.js" -import { Roles } from "@budibase/types" +import { BuiltInRole } from "@budibase/types" // Derive the current role of the logged-in user export const currentRole = derived( @@ -11,7 +11,7 @@ export const currentRole = derived( return ( ($devToolsEnabled && $devToolsStore.role) || $authStore?.roleId || - Roles.PUBLIC + BuiltInRole.PUBLIC ) } ) diff --git a/packages/frontend-core/src/utils/roles.js b/packages/frontend-core/src/utils/roles.js index e1a63cebc2a..d8fadc2bb9d 100644 --- a/packages/frontend-core/src/utils/roles.js +++ b/packages/frontend-core/src/utils/roles.js @@ -1,18 +1,18 @@ -import { Roles } from "@budibase/types" +import { BuiltInRole } from "@budibase/types" const RolePriorities = { - [Roles.ADMIN]: 5, - [Roles.CREATOR]: 4, - [Roles.POWER]: 3, - [Roles.BASIC]: 2, - [Roles.PUBLIC]: 1, + [BuiltInRole.ADMIN]: 5, + [BuiltInRole.CREATOR]: 4, + [BuiltInRole.POWER]: 3, + [BuiltInRole.BASIC]: 2, + [BuiltInRole.PUBLIC]: 1, } const RoleColours = { - [Roles.ADMIN]: "var(--spectrum-global-color-static-red-400)", - [Roles.CREATOR]: "var(--spectrum-global-color-static-magenta-600)", - [Roles.POWER]: "var(--spectrum-global-color-static-orange-400)", - [Roles.BASIC]: "var(--spectrum-global-color-static-green-400)", - [Roles.PUBLIC]: "var(--spectrum-global-color-static-blue-400)", + [BuiltInRole.ADMIN]: "var(--spectrum-global-color-static-red-400)", + [BuiltInRole.CREATOR]: "var(--spectrum-global-color-static-magenta-600)", + [BuiltInRole.POWER]: "var(--spectrum-global-color-static-orange-400)", + [BuiltInRole.BASIC]: "var(--spectrum-global-color-static-green-400)", + [BuiltInRole.PUBLIC]: "var(--spectrum-global-color-static-blue-400)", } export const getRolePriority = role => { From a226886b29cb7c1b66abce706dd8813ea596035b Mon Sep 17 00:00:00 2001 From: Mel O'Hagan Date: Fri, 14 Jun 2024 08:12:58 +0100 Subject: [PATCH 07/10] update pro package --- packages/pro | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/pro b/packages/pro index 85b4fc9ea01..8eb9ba5e4de 160000 --- a/packages/pro +++ b/packages/pro @@ -1 +1 @@ -Subproject commit 85b4fc9ea01472bf69840d046733ad596ef893e2 +Subproject commit 8eb9ba5e4de92d811d89de8d13b51ebd1d521ff6 From d08b4bd61dab1a0590b7c3231249fd15c9f4fbad Mon Sep 17 00:00:00 2001 From: Mel O'Hagan Date: Fri, 14 Jun 2024 17:12:08 +0100 Subject: [PATCH 08/10] Fix type --- packages/server/src/api/controllers/auth.ts | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/packages/server/src/api/controllers/auth.ts b/packages/server/src/api/controllers/auth.ts index 4ff592534df..2e08cc552b4 100644 --- a/packages/server/src/api/controllers/auth.ts +++ b/packages/server/src/api/controllers/auth.ts @@ -1,13 +1,11 @@ import { outputProcessing } from "../../utilities/rowProcessor" import { InternalTables } from "../../db/utils" import { getFullUser } from "../../utilities/users" -import { roles, context, db as dbCore } from "@budibase/backend-core" -import { ContextUser, Row, UserCtx } from "@budibase/types" +import { context, db as dbCore } from "@budibase/backend-core" +import { BuiltInRole, ContextUser, Row, UserCtx } from "@budibase/types" import sdk from "../../sdk" import { processUser } from "../../utilities/global" -const PUBLIC_ROLE = roles.BUILTIN_ROLE_IDS.PUBLIC - /** * Add the attributes that are session based to the current user. */ @@ -37,7 +35,7 @@ export async function fetchSelf(ctx: UserCtx) { if (appId) { const db = context.getAppDB() // check for group permissions - if (!user.roleId || user.roleId === PUBLIC_ROLE) { + if (!user.roleId || user.roleId === BuiltInRole.PUBLIC) { user = await processUser(user, { appId }) } // remove the full roles structure @@ -49,7 +47,7 @@ export async function fetchSelf(ctx: UserCtx) { } catch (err: any) { let response // user didn't exist in app, don't pretend they do - if (user.roleId === PUBLIC_ROLE) { + if (user.roleId === BuiltInRole.PUBLIC) { response = {} } // user has a role of some sort, return them From 48e541d213ed1e6c0add2d18aec367c6d29ce05c Mon Sep 17 00:00:00 2001 From: Mel O'Hagan Date: Mon, 17 Jun 2024 13:36:44 +0100 Subject: [PATCH 09/10] Fix test --- .../backend-core/src/security/tests/permissions.spec.ts | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/packages/backend-core/src/security/tests/permissions.spec.ts b/packages/backend-core/src/security/tests/permissions.spec.ts index 39348646fb8..154360ce5e2 100644 --- a/packages/backend-core/src/security/tests/permissions.spec.ts +++ b/packages/backend-core/src/security/tests/permissions.spec.ts @@ -1,6 +1,6 @@ import cloneDeep from "lodash/cloneDeep" import * as permissions from "../permissions" -import { BUILTIN_ROLE_IDS } from "../roles" +import { BuiltInRole } from "@budibase/types" describe("levelToNumber", () => { it("should return 0 for EXECUTE", () => { @@ -76,7 +76,7 @@ describe("doesHaveBasePermission", () => { const permLevel = permissions.PermissionLevel.READ const rolesHierarchy = [ { - roleId: BUILTIN_ROLE_IDS.ADMIN, + roleId: BuiltInRole.ADMIN, permissionId: permissions.BuiltinPermissionID.ADMIN, }, ] @@ -90,7 +90,7 @@ describe("doesHaveBasePermission", () => { const permLevel = permissions.PermissionLevel.READ const rolesHierarchy = [ { - roleId: BUILTIN_ROLE_IDS.PUBLIC, + roleId: BuiltInRole.PUBLIC, permissionId: permissions.BuiltinPermissionID.PUBLIC, }, ] From 09323a67e59d0e77936df21cd879402c11ec7247 Mon Sep 17 00:00:00 2001 From: Mel O'Hagan Date: Mon, 17 Jun 2024 14:00:24 +0100 Subject: [PATCH 10/10] Use BuiltInRole type --- packages/backend-core/src/security/roles.ts | 37 ++++++++----------- .../src/api/routes/tests/viewV2.spec.ts | 11 +++--- packages/server/src/constants/index.ts | 5 ++- packages/server/src/middleware/authorized.ts | 14 ++++--- packages/server/src/middleware/currentapp.ts | 10 ++--- packages/server/src/utilities/global.ts | 15 +++++--- 6 files changed, 49 insertions(+), 43 deletions(-) diff --git a/packages/backend-core/src/security/roles.ts b/packages/backend-core/src/security/roles.ts index f01ebe408b2..8cc7422fdb4 100644 --- a/packages/backend-core/src/security/roles.ts +++ b/packages/backend-core/src/security/roles.ts @@ -10,17 +10,12 @@ import { getAppDB } from "../context" import { Screen, Role as RoleDoc, BuiltInRole } from "@budibase/types" import cloneDeep from "lodash/fp/cloneDeep" -const BUILTIN_IDS = { - ...BuiltInRole, - BUILDER: "BUILDER", -} - // exclude internal roles like builder const EXTERNAL_BUILTIN_ROLE_IDS = [ - BUILTIN_IDS.ADMIN, - BUILTIN_IDS.POWER, - BUILTIN_IDS.BASIC, - BUILTIN_IDS.PUBLIC, + BuiltInRole.ADMIN, + BuiltInRole.POWER, + BuiltInRole.BASIC, + BuiltInRole.PUBLIC, ] export const RoleIDVersion = { @@ -55,22 +50,22 @@ export class Role implements RoleDoc { const BUILTIN_ROLES = { ADMIN: new Role( - BUILTIN_IDS.ADMIN, + BuiltInRole.ADMIN, "Admin", BuiltinPermissionID.ADMIN - ).addInheritance(BUILTIN_IDS.POWER), + ).addInheritance(BuiltInRole.POWER), POWER: new Role( - BUILTIN_IDS.POWER, + BuiltInRole.POWER, "Power", BuiltinPermissionID.POWER - ).addInheritance(BUILTIN_IDS.BASIC), + ).addInheritance(BuiltInRole.BASIC), BASIC: new Role( - BUILTIN_IDS.BASIC, + BuiltInRole.BASIC, "Basic", BuiltinPermissionID.WRITE - ).addInheritance(BUILTIN_IDS.PUBLIC), - PUBLIC: new Role(BUILTIN_IDS.PUBLIC, "Public", BuiltinPermissionID.PUBLIC), - BUILDER: new Role(BUILTIN_IDS.BUILDER, "Builder", BuiltinPermissionID.ADMIN), + ).addInheritance(BuiltInRole.PUBLIC), + PUBLIC: new Role(BuiltInRole.PUBLIC, "Public", BuiltinPermissionID.PUBLIC), + BUILDER: new Role(BuiltInRole.BUILDER, "Builder", BuiltinPermissionID.ADMIN), } export function getBuiltinRoles(): { [key: string]: RoleDoc } { @@ -97,7 +92,7 @@ export function getBuiltinRole(roleId: string): Role | undefined { export function builtinRoleToNumber(id: string) { const builtins = getBuiltinRoles() const MAX = Object.values(builtins).length + 1 - if (id === BUILTIN_IDS.ADMIN || id === BUILTIN_IDS.BUILDER) { + if (id === BuiltInRole.ADMIN || id === BuiltInRole.BUILDER) { return MAX } let role = builtins[id], @@ -189,7 +184,7 @@ async function getAllUserRoles( opts?: { defaultPublic?: boolean } ): Promise { // admins have access to all roles - if (userRoleId === BUILTIN_IDS.ADMIN) { + if (userRoleId === BuiltInRole.ADMIN) { return getAllRoles() } let currentRole = await getRole(userRoleId, opts) @@ -331,8 +326,8 @@ export class AccessController { tryingRoleId == null || tryingRoleId === "" || tryingRoleId === userRoleId || - tryingRoleId === BUILTIN_IDS.BUILDER || - userRoleId === BUILTIN_IDS.BUILDER + tryingRoleId === BuiltInRole.BUILDER || + userRoleId === BuiltInRole.BUILDER ) { return true } diff --git a/packages/server/src/api/routes/tests/viewV2.spec.ts b/packages/server/src/api/routes/tests/viewV2.spec.ts index 06921037dda..a85745c9d99 100644 --- a/packages/server/src/api/routes/tests/viewV2.spec.ts +++ b/packages/server/src/api/routes/tests/viewV2.spec.ts @@ -1,5 +1,6 @@ import * as setup from "./utilities" import { + BuiltInRole, CreateViewRequest, Datasource, FieldSchema, @@ -22,7 +23,7 @@ import { generator, mocks } from "@budibase/backend-core/tests" import { DatabaseName, getDatasource } from "../../../integrations/tests/utils" import merge from "lodash/merge" import { quotas } from "@budibase/pro" -import { db, roles } from "@budibase/backend-core" +import { db } from "@budibase/backend-core" describe.each([ ["internal", undefined], @@ -1475,7 +1476,7 @@ describe.each([ it("allow public users to fetch when permissions are explicit", async () => { await config.api.permission.add({ - roleId: roles.BUILTIN_ROLE_IDS.PUBLIC, + roleId: BuiltInRole.PUBLIC, level: PermissionLevel.READ, resourceId: view.id, }) @@ -1488,7 +1489,7 @@ describe.each([ it("allow public users to fetch when permissions are inherited", async () => { await config.api.permission.add({ - roleId: roles.BUILTIN_ROLE_IDS.PUBLIC, + roleId: BuiltInRole.PUBLIC, level: PermissionLevel.READ, resourceId: table._id!, }) @@ -1501,12 +1502,12 @@ describe.each([ it("respects inherited permissions, not allowing not public views from public tables", async () => { await config.api.permission.add({ - roleId: roles.BUILTIN_ROLE_IDS.PUBLIC, + roleId: BuiltInRole.PUBLIC, level: PermissionLevel.READ, resourceId: table._id!, }) await config.api.permission.add({ - roleId: roles.BUILTIN_ROLE_IDS.POWER, + roleId: BuiltInRole.POWER, level: PermissionLevel.READ, resourceId: view.id, }) diff --git a/packages/server/src/constants/index.ts b/packages/server/src/constants/index.ts index 60875b3daab..9352139d9db 100644 --- a/packages/server/src/constants/index.ts +++ b/packages/server/src/constants/index.ts @@ -1,9 +1,10 @@ -import { constants, objectStore, roles } from "@budibase/backend-core" +import { constants, objectStore } from "@budibase/backend-core" import { FieldType, INTERNAL_TABLE_SOURCE_ID, Table, TableSourceType, + BuiltInRole, } from "@budibase/types" import env from "../environment" @@ -113,7 +114,7 @@ export const USERS_TABLE_SCHEMA: Table = { constraints: { type: FieldType.STRING, presence: false, - inclusion: Object.values(roles.BUILTIN_ROLE_IDS), + inclusion: Object.values(BuiltInRole), }, }, status: { diff --git a/packages/server/src/middleware/authorized.ts b/packages/server/src/middleware/authorized.ts index ec8a3711cfa..5a59fb97d29 100644 --- a/packages/server/src/middleware/authorized.ts +++ b/packages/server/src/middleware/authorized.ts @@ -5,7 +5,12 @@ import { roles, users, } from "@budibase/backend-core" -import { PermissionLevel, PermissionType, UserCtx } from "@budibase/types" +import { + BuiltInRole, + PermissionLevel, + PermissionType, + UserCtx, +} from "@budibase/types" import builderMiddleware from "./builder" import { isWebhookEndpoint } from "./utils" import { paramResource } from "./resourceId" @@ -61,7 +66,7 @@ const checkAuthorizedResource = async ( permLevel: PermissionLevel ) => { // get the user's roles - const roleId = ctx.roleId || roles.BUILTIN_ROLE_IDS.PUBLIC + const roleId = ctx.roleId || BuiltInRole.PUBLIC const userRoles = await roles.getUserRoleHierarchy(roleId) const permError = "User does not have permission" // check if the user has the required role @@ -139,9 +144,8 @@ const authorized = // if the resource is public, proceed if ( - resourceRoles.includes(roles.BUILTIN_ROLE_IDS.PUBLIC) || - (otherLevelRoles && - otherLevelRoles.includes(roles.BUILTIN_ROLE_IDS.PUBLIC)) + resourceRoles.includes(BuiltInRole.PUBLIC) || + (otherLevelRoles && otherLevelRoles.includes(BuiltInRole.PUBLIC)) ) { return next() } diff --git a/packages/server/src/middleware/currentapp.ts b/packages/server/src/middleware/currentapp.ts index ad6f2afa181..f1d5b85e61a 100644 --- a/packages/server/src/middleware/currentapp.ts +++ b/packages/server/src/middleware/currentapp.ts @@ -11,7 +11,7 @@ import { generateUserMetadataID, isDevAppID } from "../db/utils" import { getCachedSelf } from "../utilities/global" import env from "../environment" import { isWebhookEndpoint } from "./utils" -import { UserCtx, ContextUser } from "@budibase/types" +import { UserCtx, ContextUser, BuiltInRole } from "@budibase/types" import tracer from "dd-trace" export default async (ctx: UserCtx, next: any) => { @@ -38,7 +38,7 @@ export default async (ctx: UserCtx, next: any) => { } let appId: string | undefined, - roleId = roles.BUILTIN_ROLE_IDS.PUBLIC + roleId = BuiltInRole.PUBLIC if (!ctx.user?._id) { // not logged in, try to set a cookie for public apps appId = requestAppId @@ -47,7 +47,7 @@ export default async (ctx: UserCtx, next: any) => { const globalUser = await getCachedSelf(ctx, requestAppId) appId = requestAppId // retrieving global user gets the right role - roleId = globalUser.roleId || roleId + roleId = (globalUser.roleId as BuiltInRole) || roleId // Allow builders to specify their role via a header const isBuilder = users.isBuilder(globalUser, appId) @@ -60,7 +60,7 @@ export default async (ctx: UserCtx, next: any) => { try { if (roleHeader) { await roles.getRole(roleHeader) - roleId = roleHeader + roleId = roleHeader as BuiltInRole // Delete admin and builder flags so that the specified role is honoured ctx.user = users.removePortalUserPermissions(ctx.user) as ContextUser @@ -99,7 +99,7 @@ export default async (ctx: UserCtx, next: any) => { // clear out the user ctx.user = users.cleanseUserObject(ctx.user) as ContextUser ctx.isAuthenticated = false - roleId = roles.BUILTIN_ROLE_IDS.PUBLIC + roleId = BuiltInRole.PUBLIC // remove the cookie, so future calls are public await auth.platformLogout({ ctx, diff --git a/packages/server/src/utilities/global.ts b/packages/server/src/utilities/global.ts index bbb84c18825..bec7a02a4c8 100644 --- a/packages/server/src/utilities/global.ts +++ b/packages/server/src/utilities/global.ts @@ -1,6 +1,5 @@ import { getGlobalIDFromUserMetadataID } from "../db/utils" import { - roles, db as dbCore, cache, tenancy, @@ -9,7 +8,13 @@ import { } from "@budibase/backend-core" import env from "../environment" import { groups } from "@budibase/pro" -import { UserCtx, ContextUser, User, UserGroup } from "@budibase/types" +import { + UserCtx, + ContextUser, + BuiltInRole, + User, + UserGroup, +} from "@budibase/types" import cloneDeep from "lodash/cloneDeep" export async function processUser( @@ -28,7 +33,7 @@ export async function processUser( // if in a multi-tenancy environment and in wrong tenant make sure roles are never updated if (env.MULTI_TENANCY && appId && !tenancy.isUserInAppTenant(appId, user)) { user = users.removePortalUserPermissions(user) - user.roleId = roles.BUILTIN_ROLE_IDS.PUBLIC + user.roleId = BuiltInRole.PUBLIC return user } let groupList: UserGroup[] = [] @@ -50,7 +55,7 @@ export async function processUser( } // builders are always admins within the app if (users.isBuilder(user, appId)) { - user.roleId = roles.BUILTIN_ROLE_IDS.ADMIN + user.roleId = BuiltInRole.ADMIN } // try to get the role from the user list if (!user.roleId && appId && user.roles) { @@ -64,7 +69,7 @@ export async function processUser( } // final fallback, simply couldn't find a role - user must be public if (!user.roleId) { - user.roleId = roles.BUILTIN_ROLE_IDS.PUBLIC + user.roleId = BuiltInRole.PUBLIC } // remove the roles as it is now set delete user.roles