Merge pull request #1605 from Budibase/fix/roles-issue

Fix white screen issue
5 years ago · 500c943ffa
5 changed files with 60 additions and 17 deletions
--- a/packages/server/src/api/controllers/application.js
+++ b/packages/server/src/api/controllers/application.js
@ -27,7 +27,10 @@ const { cloneDeep } = require("lodash/fp")
 const { processObject } = require("@budibase/string-templates")
 const { getAllApps } = require("../../utilities")
 const { USERS_TABLE_SCHEMA } = require("../../constants")
-const { getDeployedApps } = require("../../utilities/workerRequests")
+const {
+  getDeployedApps,
+  removeAppFromUserRoles,
+} = require("../../utilities/workerRequests")
 const { clientLibraryPath } = require("../../utilities")
 const { getAllLocks } = require("../../utilities/redis")

@ -245,6 +248,8 @@ exports.delete = async function (ctx) {
  if (!env.isTest()) {
    await deleteApp(ctx.params.appId)
  }
+  // make sure the app/role doesn't stick around after the app has been deleted
+  await removeAppFromUserRoles(ctx.params.appId)

  ctx.status = 200
  ctx.body = result
--- a/packages/server/src/api/routes/tests/utilities/index.js
+++ b/packages/server/src/api/routes/tests/utilities/index.js
@ -13,6 +13,7 @@ jest.mock("../../../../utilities/workerRequests", () => ({
      _id: "us_uuid1",
    }
  }),
+  removeAppFromUserRoles: jest.fn(),
 }))

 exports.delay = ms => new Promise(resolve => setTimeout(resolve, ms))
--- a/packages/server/src/utilities/workerRequests.js
+++ b/packages/server/src/utilities/workerRequests.js
@ -57,11 +57,10 @@ exports.sendSmtpEmail = async (to, from, subject, contents) => {
    })
  )

-  const json = await response.json()
-  if (json.status !== 200 && response.status !== 200) {
+  if (response.status !== 200) {
    throw "Unable to send email."
  }
-  return json
+  return response.json()
 }

 exports.getDeployedApps = async ctx => {
@ -124,10 +123,10 @@ exports.getGlobalSelf = async (ctx, appId = null) => {
    checkSlashesInUrl(env.WORKER_URL + endpoint),
    request(ctx, { method: "GET" })
  )
-  let json = await response.json()
-  if (json.status !== 200 && response.status !== 200) {
+  if (response.status !== 200) {
    ctx.throw(400, "Unable to get self globally.")
  }
+  let json = await response.json()
  if (appId) {
    json = getAppRole(appId, json)
  }
@ -151,7 +150,7 @@ exports.addAppRoleToUser = async (ctx, appId, roleId, userId = null) => {
    ...body,
    roles: {
      ...user.roles,
-      [appId]: roleId,
+      [getDeployedAppID(appId)]: roleId,
    },
  }
  const response = await fetch(
@ -161,9 +160,25 @@ exports.addAppRoleToUser = async (ctx, appId, roleId, userId = null) => {
      body,
    })
  )
-  const json = await response.json()
-  if (json.status !== 200 && response.status !== 200) {
+  if (response.status !== 200) {
    ctx.throw(400, "Unable to save self globally.")
  }
-  return json
+  return response.json()
+}
+
+exports.removeAppFromUserRoles = async appId => {
+  const deployedAppId = getDeployedAppID(appId)
+  const response = await fetch(
+    checkSlashesInUrl(env.WORKER_URL + `/api/admin/roles/${deployedAppId}`),
+    request(null, {
+      method: "DELETE",
+      headers: {
+        "x-budibase-api-key": env.INTERNAL_API_KEY,
+      },
+    })
+  )
+  if (response.status !== 200) {
+    throw "Unable to remove app role"
+  }
+  return response.json()
 }
--- a/packages/worker/src/api/controllers/admin/users.js
+++ b/packages/worker/src/api/controllers/admin/users.js
@ -11,6 +11,16 @@ const { sendEmail } = require("../../../utilities/email")

 const GLOBAL_DB = StaticDatabases.GLOBAL.name

+async function allUsers() {
+  const db = new CouchDB(GLOBAL_DB)
+  const response = await db.allDocs(
+    getGlobalUserParams(null, {
+      include_docs: true,
+    })
+  )
+  return response.rows.map(row => row.doc)
+}
+
 exports.save = async ctx => {
  const db = new CouchDB(GLOBAL_DB)
  const { email, password, _id } = ctx.request.body
@ -105,6 +115,23 @@ exports.destroy = async ctx => {
  }
 }

+exports.removeAppRole = async ctx => {
+  const { appId } = ctx.params
+  const db = new CouchDB(GLOBAL_DB)
+  const users = await allUsers()
+  const bulk = []
+  for (let user of users) {
+    if (user.roles[appId]) {
+      delete user.roles[appId]
+      bulk.push(user)
+    }
+  }
+  await db.bulkDocs(bulk)
+  ctx.body = {
+    message: "App role removed from all users",
+  }
+}
+
 exports.getSelf = async ctx => {
  ctx.params = {
    id: ctx.user._id,
@ -134,13 +161,7 @@ exports.updateSelf = async ctx => {

 // called internally by app server user fetch
 exports.fetch = async ctx => {
-  const db = new CouchDB(GLOBAL_DB)
-  const response = await db.allDocs(
-    getGlobalUserParams(null, {
-      include_docs: true,
-    })
-  )
-  const users = response.rows.map(row => row.doc)
+  const users = await allUsers()
  // user hashed password shouldn't ever be returned
  for (let user of users) {
    if (user) {
--- a/packages/worker/src/api/routes/admin/users.js
+++ b/packages/worker/src/api/routes/admin/users.js
@ -67,6 +67,7 @@ router
    controller.save
  )
  .get("/api/admin/users", adminOnly, controller.fetch)
+  .delete("/api/admin/roles/:appId", adminOnly, controller.removeAppRole)
  .delete("/api/admin/users/:id", adminOnly, controller.destroy)
  .get("/api/admin/roles/:appId")
  .post(