Updating authorization test case to remove check for builder security and removing builder security while auth is being worked on - added an option to start stack without server so that user can start it in a debug mode if desired.

package.json

@@ -27,6 +27,7 @@
     "clean": "lerna clean",
     "kill-port": "kill-port 4001",
     "dev": "yarn run kill-port && lerna link && lerna run --parallel dev:builder --concurrency 1",
+    "dev:noserver": "lerna link && lerna run --parallel dev:builder --concurrency 1 --ignore @budibase/server", 
     "test": "lerna run test",
     "lint": "eslint packages",
     "lint:fix": "eslint --fix packages",

packages/server/src/middleware/authorized.js

@@ -42,6 +42,11 @@ module.exports = (permType, permLevel = null) => async (ctx, next) => {
   const isAdmin = ADMIN_ROLES.includes(role._id)
   const isAuthed = ctx.auth.authenticated
 
+  // TODO: this was added while we work towards a better auth method
+  if (permType === PermissionTypes.BUILDER) {
+    return next()
+  }
+
   const { basePermissions, permissions } = await getUserPermissions(
     ctx.appId,
     role._id

packages/server/src/middleware/tests/authorized.spec.js

@@ -144,7 +144,8 @@ describe("Authorization middleware", () => {
       expect(config.next).toHaveBeenCalled()
     })
 
-    it("throws if the user has only builder permissions", async () => {
+    // TODO: this has been skipped while auth is still in flux
+    xit("throws if the user has only builder permissions", async () => {
       config.setEnvironment(false)
       config.setMiddlewareRequiredPermission(PermissionTypes.BUILDER)
       config.setUser({