tsai
/
budibase
mirror of https://github.com/Budibase/budibase.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Merge branch 'feature/backend-routing' of github.com:Budibase/budibase into component-sdk

pull/4023/head
Andrew Kingston 6 years ago
parent
c2d09ea7ab 790d5718af
commit
aaa6aa4c72
64 changed files with 1292 additions and 1299 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 3
      packages/builder/package.json
  2. 1
      packages/builder/src/builderStore/store/frontend.js
  3. 25
      packages/builder/src/builderStore/store/screenTemplates/createFromScratchScreen.js
  4. 25
      packages/builder/src/builderStore/store/screenTemplates/emptyNewRowScreen.js
  5. 25
      packages/builder/src/builderStore/store/screenTemplates/emptyRowDetailScreen.js
  6. 2
      packages/builder/src/builderStore/store/screenTemplates/index.js
  7. 273
      packages/builder/src/builderStore/store/screenTemplates/newRowScreen.js
  8. 364
      packages/builder/src/builderStore/store/screenTemplates/rowDetailScreen.js
  9. 254
      packages/builder/src/builderStore/store/screenTemplates/rowListScreen.js
  10. 35
      packages/builder/src/builderStore/store/screenTemplates/utils/BaseStructure.js
  11. 52
      packages/builder/src/builderStore/store/screenTemplates/utils/Component.js
  12. 56
      packages/builder/src/builderStore/store/screenTemplates/utils/Screen.js
  13. 145
      packages/builder/src/builderStore/store/screenTemplates/utils/commonComponents.js
  14. 0
      packages/builder/src/builderStore/store/screenTemplates/utils/sanitizeUrl.js
  15. 7
      packages/builder/src/components/backend/TableNavigator/modals/CreateTableModal.svelte
  16. 4
      packages/builder/src/components/userInterface/DetailScreenSelect.svelte
  17. 4
      packages/builder/src/components/userInterface/EventsEditor/StateBindingCascader.svelte
  18. 2
      packages/builder/src/components/userInterface/EventsEditor/actions/NavigateTo.svelte
  19. 9
      packages/builder/src/components/userInterface/NewScreenModal.svelte
  20. 4
      packages/builder/src/components/userInterface/ScreenSelect.svelte
  21. 44
      packages/builder/yarn.lock
  22. 2
      packages/client/src/old/render/screenRouter.js
  23. 90
      packages/server/src/api/controllers/accesslevel.js
  24. 53
      packages/server/src/api/controllers/application.js
  25. 1
      packages/server/src/api/controllers/auth.js
  26. 101
      packages/server/src/api/controllers/routing.js
  27. 29
      packages/server/src/api/controllers/screen.js
  28. 22
      packages/server/src/api/controllers/user.js
  29. 5
      packages/server/src/api/controllers/view/index.js
  30. 70
      packages/server/src/api/index.js
  31. 16
      packages/server/src/api/routes/accesslevel.js
  32. 2
      packages/server/src/api/routes/analytics.js
  33. 2
      packages/server/src/api/routes/apikeys.js
  34. 3
      packages/server/src/api/routes/application.js
  35. 8
      packages/server/src/api/routes/automation.js
  36. 2
      packages/server/src/api/routes/component.js
  37. 2
      packages/server/src/api/routes/deploy.js
  38. 11
      packages/server/src/api/routes/index.js
  39. 2
      packages/server/src/api/routes/pages.js
  40. 13
      packages/server/src/api/routes/routing.js
  41. 19
      packages/server/src/api/routes/row.js
  42. 25
      packages/server/src/api/routes/screen.js
  43. 2
      packages/server/src/api/routes/static.js
  44. 8
      packages/server/src/api/routes/table.js
  45. 2
      packages/server/src/api/routes/templates.js
  46. 96
      packages/server/src/api/routes/tests/accesslevel.spec.js
  47. 60
      packages/server/src/api/routes/tests/couchTestUtils.js
  48. 21
      packages/server/src/api/routes/tests/user.spec.js
  49. 32
      packages/server/src/api/routes/user.js
  50. 8
      packages/server/src/api/routes/view.js
  51. 8
      packages/server/src/api/routes/webhook.js
  52. 8
      packages/server/src/automations/steps/createUser.js
  53. 7
      packages/server/src/constants/screens.js
  54. 5
      packages/server/src/db/linkedRows/linkUtils.js
  55. 10
      packages/server/src/db/utils.js
  56. 41
      packages/server/src/middleware/authenticated.js
  57. 52
      packages/server/src/middleware/authorized.js
  58. 36
      packages/server/src/utilities/accessLevels.js
  59. 6
      packages/server/src/utilities/builder/setBuilderToken.js
  60. 66
      packages/server/src/utilities/permissions.js
  61. 24
      packages/server/src/utilities/routing/index.js
  62. 24
      packages/server/src/utilities/routing/routingUtils.js
  63. 150
      packages/server/src/utilities/security/accessLevels.js
  64. 113
      packages/server/src/utilities/security/permissions.js

3
packages/builder/package.json
View File

@ -81,7 +81,8 @@
"shortid": "^2.2.15",
"svelte-loading-spinners": "^0.1.1",
"svelte-portal": "^0.1.0",
"yup": "^0.29.2"
"yup": "^0.29.2",
"uuid": "^8.3.1"
},
"devDependencies": {
"@babel/core": "^7.5.5",

1
packages/builder/src/builderStore/store/frontend.js
View File

@ -50,6 +50,7 @@ export const getFrontendStore = () => {
return state
})
const screens = await api.get("/api/screens").then(r => r.json())
const routing = await api.get("/api/routing").then(r => r.json())
const mainScreens = screens.filter(screen =>
screen._id.includes(pkg.pages.main._id)

25
packages/builder/src/builderStore/store/screenTemplates/createFromScratchScreen.js
View File

@ -1,22 +1,13 @@
import { Screen } from "./utils/Screen"
export default {
name: `Create from scratch`,
create: () => createScreen(),
}
const createScreen = () => ({
props: {
_id: "",
_component: "@budibase/standard-components/container",
_styles: {
normal: {},
hover: {},
active: {},
selected: {},
},
type: "div",
_children: [],
_instanceName: "",
},
route: "",
name: "screen-id",
})
const createScreen = () => {
return new Screen()
.mainType("div")
.component("@budibase/standard-components/container")
.json()
}

25
packages/builder/src/builderStore/store/screenTemplates/emptyNewRowScreen.js
View File

@ -1,22 +1,13 @@
import { Screen } from "./utils/Screen"
export default {
name: `New Row (Empty)`,
create: () => createScreen(),
}
const createScreen = () => ({
props: {
_id: "",
_component: "@budibase/standard-components/newrow",
_styles: {
normal: {},
hover: {},
active: {},
selected: {},
},
_children: [],
_instanceName: "",
table: "",
},
route: "",
name: "screen-id",
})
const createScreen = () => {
return new Screen()
.component("@budibase/standard-components/newrow")
.table("")
.json()
}

25
packages/builder/src/builderStore/store/screenTemplates/emptyRowDetailScreen.js
View File

@ -1,22 +1,13 @@
import { Screen } from "./utils/Screen"
export default {
name: `Row Detail (Empty)`,
create: () => createScreen(),
}
const createScreen = () => ({
props: {
_id: "",
_component: "@budibase/standard-components/rowdetail",
_styles: {
normal: {},
hover: {},
active: {},
selected: {},
},
_children: [],
_instanceName: "",
table: "",
},
route: "",
name: "screen-id",
})
const createScreen = () => {
return new Screen()
.component("@budibase/standard-components/rowdetail")
.table("")
.json()
}

2
packages/builder/src/builderStore/store/screenTemplates/index.js
View File

@ -24,7 +24,7 @@ const createTemplateOverride = (frontendState, create) => () => {
}
screen.props._id = uuid()
screen.name = screen.props._id
screen.route = screen.route.toLowerCase()
screen.routing.route = screen.routing.route.toLowerCase()
return screen
}

273
packages/builder/src/builderStore/store/screenTemplates/newRowScreen.js
View File

@ -1,5 +1,12 @@
import sanitizeUrl from "./sanitizeUrl"
import { rowListUrl } from "./rowListScreen"
import sanitizeUrl from "./utils/sanitizeUrl"
import { Component } from "./utils/Component"
import { Screen } from "./utils/Screen"
import {
makeBreadcrumbContainer,
makeMainContainer,
makeTitleContainer,
makeSaveButton,
} from "./utils/commonComponents"
export default function(tables) {
return tables.map(table => {
@ -14,242 +21,26 @@ export default function(tables) {
export const newRowUrl = table => sanitizeUrl(`/${table.name}/new`)
export const NEW_ROW_TEMPLATE = "NEW_ROW_TEMPLATE"
const createScreen = table => ({
props: {
_id: "c683c4ca8ffc849c6bdd3b7d637fbbf3c",
_component: "@budibase/standard-components/newrow",
_styles: {
normal: {},
hover: {},
active: {},
selected: {},
},
table: table._id,
_children: [
{
_id: "ccad6cc135c7947a7ba9c631f655d6e0f",
_component: "@budibase/standard-components/container",
_styles: {
normal: {
width: "700px",
padding: "0px",
background: "white",
"border-radius": "0.5rem",
"box-shadow": "0 1px 2px 0 rgba(0, 0, 0, 0.05)",
margin: "auto",
"margin-top": "20px",
"padding-top": "48px",
"padding-bottom": "48px",
"padding-right": "48px",
"padding-left": "48px",
"margin-bottom": "20px",
},
hover: {},
active: {},
selected: {},
},
_code: "",
className: "",
onLoad: [],
type: "div",
_instanceId: "inst_app_8fb_631af42f9dc94da2b5c48dc6c5124610",
_instanceName: "Container",
_children: [
{
_id: "c6e91622ba7984f468f70bf4bf5120246",
_component: "@budibase/standard-components/container",
_styles: {
normal: {
"font-size": "14px",
color: "#757575",
},
hover: {},
active: {},
selected: {},
},
_code: "",
className: "",
onLoad: [],
type: "div",
_instanceId: "inst_app_8fb_631af42f9dc94da2b5c48dc6c5124610",
_instanceName: "Breadcrumbs",
_children: [
{
_id: "caa33353c252c4931b2a51b48a559a7fc",
_component: "@budibase/standard-components/link",
_styles: {
normal: {
color: "#757575",
"text-transform": "capitalize",
},
hover: {
color: "#4285f4",
},
active: {},
selected: {},
},
_code: "",
url: `/${table.name.toLowerCase()}`,
openInNewTab: false,
text: table.name,
color: "",
hoverColor: "",
underline: false,
fontSize: "",
fontFamily: "initial",
_instanceId: "inst_app_8fb_631af42f9dc94da2b5c48dc6c5124610",
_instanceName: "Back Link",
_children: [],
},
{
_id: "c6e218170201040e7a74e2c8304fe1860",
_component: "@budibase/standard-components/text",
_styles: {
normal: {
"margin-right": "4px",
"margin-left": "4px",
},
hover: {},
active: {},
selected: {},
},
_code: "",
text: ">",
type: "none",
_instanceId: "inst_app_8fb_631af42f9dc94da2b5c48dc6c5124610",
_instanceName: "Arrow",
_children: [],
},
{
_id: "c799da1fa3a84442e947cc9199518f64c",
_component: "@budibase/standard-components/text",
_styles: {
normal: {
color: "#000000",
},
hover: {},
active: {},
selected: {},
},
_code: "",
text: "New",
type: "none",
_instanceId: "inst_app_8fb_631af42f9dc94da2b5c48dc6c5124610",
_instanceName: "Identifier",
_children: [],
},
],
},
{
_id: "cbd1637cd1e274287a3c28ef0bf235d08",
_component: "@budibase/standard-components/container",
_styles: {
normal: {
display: "flex",
"flex-direction": "row",
"justify-content": "space-between",
"align-items": "center",
"margin-top": "32px",
"margin-bottom": "32px",
},
hover: {},
active: {},
selected: {},
},
_code: "",
className: "",
onLoad: [],
type: "div",
_instanceId: "inst_app_8fb_631af42f9dc94da2b5c48dc6c5124610",
_instanceName: "Title Container",
_children: [
{
_id: "c98d3675d04114558bbf28661c5ccfb8e",
_component: "@budibase/standard-components/heading",
_styles: {
normal: {
margin: "0px",
"margin-bottom": "0px",
"margin-right": "0px",
"margin-top": "0px",
"margin-left": "0px",
flex: "1 1 auto",
},
hover: {},
active: {},
selected: {},
},
_code: "",
className: "",
text: "New Row",
type: "h3",
_instanceName: "Title",
_children: [],
},
{
_id: "cae402bd3c6a44618a8341bf7ab9ab086",
_component: "@budibase/standard-components/button",
_styles: {
normal: {
background: "#000000",
"border-width": "0",
"border-style": "None",
color: "#fff",
"font-family": "Inter",
"font-weight": "500",
"font-size": "14px",
"margin-left": "16px",
},
hover: {
background: "#4285f4",
},
active: {},
selected: {},
},
_code: "",
text: "Save",
className: "",
disabled: false,
onClick: [
{
parameters: {
contextPath: "data",
tableId: table._id,
},
"##eventHandlerType": "Save Row",
},
{
parameters: {
url: rowListUrl(table),
},
"##eventHandlerType": "Navigate To",
},
],
_instanceName: "Save Button",
_children: [],
},
],
},
{
_id: "c5e6c98d7363640f9ad3a7d19c8c10f67",
_component: "@budibase/standard-components/dataformwide",
_styles: {
normal: {},
hover: {},
active: {},
selected: {},
},
_code: "",
_instanceId: "inst_app_8fb_631af42f9dc94da2b5c48dc6c5124610",
_instanceName: "Form",
_children: [],
},
],
},
],
_instanceName: `${table.name} - New`,
_code: "",
},
route: newRowUrl(table),
name: "",
})
function generateTitleContainer(table) {
return makeTitleContainer("New Row").addChild(makeSaveButton(table))
}
const createScreen = table => {
const dataform = new Component(
"@budibase/standard-components/dataformwide"
).instanceName("Form")
const container = makeMainContainer()
.addChild(makeBreadcrumbContainer(table.name, "New"))
.addChild(generateTitleContainer(table))
.addChild(dataform)
return new Screen()
.component("@budibase/standard-components/newrow")
.table(table._id)
.route(newRowUrl(table))
.instanceName(`${table.name} - New`)
.name("")
.addChild(container)
.json()
}

364
packages/builder/src/builderStore/store/screenTemplates/rowDetailScreen.js
View File

@ -1,5 +1,13 @@
import sanitizeUrl from "./sanitizeUrl"
import sanitizeUrl from "./utils/sanitizeUrl"
import { rowListUrl } from "./rowListScreen"
import { Screen } from "./utils/Screen"
import { Component } from "./utils/Component"
import {
makeMainContainer,
makeBreadcrumbContainer,
makeTitleContainer,
makeSaveButton,
} from "./utils/commonComponents"
export default function(tables) {
return tables.map(table => {
@ -17,288 +25,78 @@ export default function(tables) {
export const ROW_DETAIL_TEMPLATE = "ROW_DETAIL_TEMPLATE"
export const rowDetailUrl = table => sanitizeUrl(`/${table.name}/:id`)
const createScreen = (table, heading) => ({
props: {
_id: "c683c4ca8ffc849c6bdd3b7d637fbbf3c",
_component: "@budibase/standard-components/rowdetail",
_styles: {
normal: {},
hover: {},
active: {},
selected: {},
},
table: table._id,
_children: [
{
_id: "ccad6cc135c7947a7ba9c631f655d6e0f",
_component: "@budibase/standard-components/container",
_styles: {
normal: {
width: "700px",
padding: "0px",
background: "white",
"border-radius": "0.5rem",
"box-shadow": "0 1px 2px 0 rgba(0, 0, 0, 0.05)",
margin: "auto",
"margin-top": "20px",
"padding-top": "48px",
"padding-bottom": "48px",
"padding-right": "48px",
"padding-left": "48px",
"margin-bottom": "20px",
function generateTitleContainer(table, title) {
// have to override style for this, its missing margin
const saveButton = makeSaveButton(table).normalStyle({
background: "#000000",
"border-width": "0",
"border-style": "None",
color: "#fff",
"font-family": "Inter",
"font-weight": "500",
"font-size": "14px",
})
const deleteButton = new Component("@budibase/standard-components/button")
.normalStyle({
background: "transparent",
"border-width": "0",
"border-style": "None",
color: "#9e9e9e",
"font-family": "Inter",
"font-weight": "500",
"font-size": "14px",
"margin-right": "8px",
"margin-left": "16px",
})
.hoverStyle({
background: "transparent",
color: "#4285f4",
})
.text("Delete")
.customProps({
className: "",
disabled: false,
onClick: [
{
parameters: {
rowId: "{{ data._id }}",
revId: "{{ data._rev }}",
tableId: table._id,
},
hover: {},
active: {},
selected: {},
"##eventHandlerType": "Delete Row",
},
_code: "",
className: "",
onLoad: [],
type: "div",
_instanceId: "inst_app_8fb_631af42f9dc94da2b5c48dc6c5124610",
_instanceName: "Container",
_children: [
{
_id: "c6e91622ba7984f468f70bf4bf5120246",
_component: "@budibase/standard-components/container",
_styles: {
normal: {
"font-size": "14px",
color: "#757575",
},
hover: {},
active: {},
selected: {},
},
_code: "",
className: "",
onLoad: [],
type: "div",
_instanceId: "inst_app_8fb_631af42f9dc94da2b5c48dc6c5124610",
_instanceName: "Breadcrumbs",
_children: [
{
_id: "caa33353c252c4931b2a51b48a559a7fc",
_component: "@budibase/standard-components/link",
_styles: {
normal: {
color: "#757575",
"text-transform": "capitalize",
},
hover: {
color: "#4285f4",
},
active: {},
selected: {},
},
_code: "",
url: `/${table.name.toLowerCase()}`,
openInNewTab: false,
text: table.name,
color: "",
hoverColor: "",
underline: false,
fontSize: "",
fontFamily: "initial",
_instanceId: "inst_app_8fb_631af42f9dc94da2b5c48dc6c5124610",
_instanceName: "Back Link",
_children: [],
},
{
_id: "c6e218170201040e7a74e2c8304fe1860",
_component: "@budibase/standard-components/text",
_styles: {
normal: {
"margin-right": "4px",
"margin-left": "4px",
},
hover: {},
active: {},
selected: {},
},
_code: "",
text: ">",
type: "none",
_instanceId: "inst_app_8fb_631af42f9dc94da2b5c48dc6c5124610",
_instanceName: "Arrow",
_children: [],
},
{
_id: "c799da1fa3a84442e947cc9199518f64c",
_component: "@budibase/standard-components/text",
_styles: {
normal: {
color: "#000000",
"text-transform": "capitalize",
},
hover: {},
active: {},
selected: {},
},
_code: "",
text: heading || "Edit",
type: "none",
_instanceId: "inst_app_8fb_631af42f9dc94da2b5c48dc6c5124610",
_instanceName: "Identifier",
_children: [],
},
],
},
{
_id: "cbd1637cd1e274287a3c28ef0bf235d08",
_component: "@budibase/standard-components/container",
_styles: {
normal: {
display: "flex",
"flex-direction": "row",
"justify-content": "space-between",
"align-items": "center",
"margin-top": "32px",
"margin-bottom": "32px",
},
hover: {},
active: {},
selected: {},
},
_code: "",
className: "",
onLoad: [],
type: "div",
_instanceId: "inst_app_8fb_631af42f9dc94da2b5c48dc6c5124610",
_instanceName: "Title Container",
_children: [
{
_id: "c98d3675d04114558bbf28661c5ccfb8e",
_component: "@budibase/standard-components/heading",
_styles: {
normal: {
margin: "0px",
"margin-bottom": "0px",
"margin-right": "0px",
"margin-top": "0px",
"margin-left": "0px",
flex: "1 1 auto",
"text-transform": "capitalize",
},
hover: {},
active: {},
selected: {},
},
_code: "",
className: "",
text: heading || "Edit Row",
type: "h3",
_instanceName: "Title",
_children: [],
},
{
_id: "c0a162cfb7d1c4bcfa8d24c290ccd1fd6",
_component: "@budibase/standard-components/button",
_styles: {
normal: {
background: "transparent",
"border-width": "0",
"border-style": "None",
color: "#9e9e9e",
"font-family": "Inter",
"font-weight": "500",
"font-size": "14px",
"margin-right": "8px",
"margin-left": "16px",
},
hover: {
background: "transparent",
color: "#4285f4",
},
active: {},
selected: {},
},
_code: "",
text: "Delete",
className: "",
disabled: false,
onClick: [
{
parameters: {
rowId: "{{ data._id }}",
revId: "{{ data._rev }}",
tableId: table._id,
},
"##eventHandlerType": "Delete Row",
},
{
parameters: {
url: rowListUrl(table),
},
"##eventHandlerType": "Navigate To",
},
],
_instanceName: "Delete Button",
_children: [],
},
{
_id: "cae402bd3c6a44618a8341bf7ab9ab086",
_component: "@budibase/standard-components/button",
_styles: {
normal: {
background: "#000000",
"border-width": "0",
"border-style": "None",
color: "#fff",
"font-family": "Inter",
"font-weight": "500",
"font-size": "14px",
},
hover: {
background: "#4285f4",
},
active: {},
selected: {},
},
_code: "",
text: "Save",
className: "",
disabled: false,
onClick: [
{
parameters: {
contextPath: "data",
tableId: table._id,
},
"##eventHandlerType": "Save Row",
},
{
parameters: {
url: rowListUrl(table),
},
"##eventHandlerType": "Navigate To",
},
],
_instanceName: "Save Button",
_children: [],
},
],
{
parameters: {
url: rowListUrl(table),
},
{
_id: "c5e6c98d7363640f9ad3a7d19c8c10f67",
_component: "@budibase/standard-components/dataformwide",
_styles: {
normal: {},
hover: {},
active: {},
selected: {},
},
_code: "",
_instanceId: "inst_app_8fb_631af42f9dc94da2b5c48dc6c5124610",
_instanceName: "Form",
_children: [],
},
],
},
],
_instanceName: `${table.name} - Detail`,
_code: "",
},
route: rowDetailUrl(table),
name: "",
})
"##eventHandlerType": "Navigate To",
},
],
})
.instanceName("Delete Button")
return makeTitleContainer(title)
.addChild(deleteButton)
.addChild(saveButton)
}
const createScreen = (table, heading) => {
const dataform = new Component(
"@budibase/standard-components/dataformwide"
).instanceName("Form")
const container = makeMainContainer()
.addChild(makeBreadcrumbContainer(table.name, heading || "Edit"))
.addChild(generateTitleContainer(table, heading || "Edit Row"))
.addChild(dataform)
return new Screen()
.component("@budibase/standard-components/rowdetail")
.table(table._id)
.instanceName(`${table.name} - Detail`)
.route(rowDetailUrl(table))
.name("")
.addChild(container)
.json()
}

254
packages/builder/src/builderStore/store/screenTemplates/rowListScreen.js
View File

@ -1,5 +1,7 @@
import sanitizeUrl from "./sanitizeUrl"
import sanitizeUrl from "./utils/sanitizeUrl"
import { newRowUrl } from "./newRowScreen"
import { Screen } from "./utils/Screen"
import { Component } from "./utils/Component"
export default function(tables) {
return tables.map(table => {
@ -14,159 +16,103 @@ export default function(tables) {
export const ROW_LIST_TEMPLATE = "ROW_LIST_TEMPLATE"
export const rowListUrl = table => sanitizeUrl(`/${table.name}`)
const createScreen = table => ({
props: {
_id: "c7365379815e4457dbe703a886c2da43b",
_component: "@budibase/standard-components/container",
_styles: {
normal: {},
hover: {},
active: {},
selected: {},
},
type: "div",
_children: [
{
_id: "cf51241fc063d4d87be032dd509fe0244",
_component: "@budibase/standard-components/container",
_styles: {
normal: {
background: "white",
"border-radius": "0.5rem",
"box-shadow": "0 1px 2px 0 rgba(0, 0, 0, 0.05)",
margin: "auto",
"margin-top": "20px",
"border-width": "2px",
"border-color": "rgba(0, 0, 0, 0.1)",
"border-style": "None",
"padding-top": "48px",
"padding-bottom": "48px",
"padding-right": "48px",
"padding-left": "48px",
"margin-bottom": "20px",
function generateTitleContainer(table) {
const newButton = new Component("@budibase/standard-components/button")
.normalStyle({
background: "#000000",
"border-width": "0",
"border-style": "None",
color: "#fff",
"font-family": "Inter",
"font-weight": "500",
"font-size": "14px",
})
.hoverStyle({
background: "#4285f4",
})
.text("Create New")
.customProps({
className: "",
disabled: false,
onClick: [
{
parameters: {
url: newRowUrl(table),
},
hover: {},
active: {},
selected: {},
"##eventHandlerType": "Navigate To",
},
_code: "",
className: "",
onLoad: [],
type: "div",
_instanceId: "inst_app_8fb_631af42f9dc94da2b5c48dc6c5124610",
_instanceName: "Container",
_children: [
{
_id: "c73294c301fd145aabe9bbbbd96a150ac",
_component: "@budibase/standard-components/container",
_styles: {
normal: {
display: "flex",
"flex-direction": "row",
"justify-content": "space-between",
"align-items": "center",
"margin-bottom": "32px",
},
hover: {},
active: {},
selected: {},
},
_code: "",
className: "",
onLoad: [],
type: "div",
_instanceId: "inst_app_8fb_631af42f9dc94da2b5c48dc6c5124610",
_instanceName: "Title Container",
_children: [
{
_id: "c2b77901df95a4d1ca7204c58300bc94b",
_component: "@budibase/standard-components/heading",
_styles: {
normal: {
margin: "0px",
flex: "1 1 auto",
"text-transform": "capitalize",
},
hover: {},
active: {},
selected: {},
},
_code: "",
className: "",
text: table.name,
type: "h3",
_instanceName: "Title",
_children: [],
},
{
_id: "c12a82d77baf24ca9922ea0af7cd4f723",
_component: "@budibase/standard-components/button",
_styles: {
normal: {
background: "#000000",
"border-width": "0",
"border-style": "None",
color: "#fff",
"font-family": "Inter",
"font-weight": "500",
"font-size": "14px",
},
hover: {
background: "#4285f4",
},
active: {},
selected: {},
},
_code: "",
text: "Create New",
className: "",
disabled: false,
onClick: [
{
parameters: {
url: newRowUrl(table),
},
"##eventHandlerType": "Navigate To",
},
],
_instanceName: "New Button",
_children: [],
},
],
},
{
_id: "ca686a2ed89c943e6bafb63fa66a3ead3",
_component: "@budibase/standard-components/datagrid",
_styles: {
normal: {},
hover: {},
active: {},
selected: {},
},
_code: "",
datasource: {
label: table.name,
name: `all_${table._id}`,
tableId: table._id,
type: "table",
},
editable: false,
theme: "alpine",
height: "540",
pagination: true,
_instanceId: "inst_app_8fb_631af42f9dc94da2b5c48dc6c5124610",
_instanceName: "Grid",
_children: [],
detailUrl: `${table.name.toLowerCase()}/:id`,
},
],
],
})
.instanceName("New Button")
const heading = new Component("@budibase/standard-components/heading")
.normalStyle({
margin: "0px",
flex: "1 1 auto",
"text-transform": "capitalize",
})
.type("h3")
.instanceName("Title")
.text(table.name)
return new Component("@budibase/standard-components/container")
.type("div")
.normalStyle({
display: "flex",
"flex-direction": "row",
"justify-content": "space-between",
"align-items": "center",
"margin-bottom": "32px",
})
.instanceName("Title Container")
.addChild(heading)
.addChild(newButton)
}
const createScreen = table => {
const datagrid = new Component("@budibase/standard-components/datagrid")
.customProps({
datasource: {
label: table.name,
name: `all_${table._id}`,
tableId: table._id,
type: "table",
},
],
_instanceName: `${table.name} - List`,
_code: "",
className: "",
onLoad: [],
},
route: rowListUrl(table),
name: "",
})
editable: false,
theme: "alpine",
height: "540",
pagination: true,
detailUrl: `${table.name.toLowerCase()}/:id`,
})
.instanceName("Grid")
const mainContainer = new Component("@budibase/standard-components/container")
.normalStyle({
background: "white",
"border-radius": "0.5rem",
"box-shadow": "0 1px 2px 0 rgba(0, 0, 0, 0.05)",
margin: "auto",
"margin-top": "20px",
"border-width": "2px",
"border-color": "rgba(0, 0, 0, 0.1)",
"border-style": "None",
"padding-top": "48px",
"padding-bottom": "48px",
"padding-right": "48px",
"padding-left": "48px",
"margin-bottom": "20px",
})
.type("div")
.instanceName("Container")
.addChild(generateTitleContainer(table))
.addChild(datagrid)
return new Screen()
.component("@budibase/standard-components/container")
.mainType("div")
.route(rowListUrl(table))
.instanceName(`${table.name} - List`)
.name("")
.addChild(mainContainer)
.json()
}

35
packages/builder/src/builderStore/store/screenTemplates/utils/BaseStructure.js
View File

@ -0,0 +1,35 @@
import { cloneDeep } from "lodash/fp"
export class BaseStructure {
constructor(isScreen) {
this._isScreen = isScreen
this._children = []
this._json = {}
}
addChild(child) {
this._children.push(child)
return this
}
customProps(props) {
for (let key of Object.keys(props)) {
this._json[key] = props[key]
}
return this
}
json() {
const structure = cloneDeep(this._json)
if (this._children.length !== 0) {
for (let child of this._children) {
if (this._isScreen) {
structure.props._children.push(child.json())
} else {
structure._children.push(child.json())
}
}
}
return structure
}
}

52
packages/builder/src/builderStore/store/screenTemplates/utils/Component.js
View File

@ -0,0 +1,52 @@
import { cloneDeep } from "lodash/fp"
import { v4 } from "uuid"
import { BaseStructure } from "./BaseStructure"
export class Component extends BaseStructure {
constructor(name) {
super(false)
this._children = []
this._json = {
_id: v4(),
_component: name,
_styles: {
normal: {},
hover: {},
active: {},
selected: {},
},
_code: "",
className: "",
onLoad: [],
type: "",
_instanceName: "",
_children: [],
}
}
type(type) {
this._json.type = type
return this
}
normalStyle(styling) {
this._json._styles.normal = styling
return this
}
hoverStyle(styling) {
this._json._styles.hover = styling
return this
}
text(text) {
this._json.text = text
return this
}
// TODO: do we need this
instanceName(name) {
this._json._instanceName = name
return this
}
}

56
packages/builder/src/builderStore/store/screenTemplates/utils/Screen.js
View File

@ -0,0 +1,56 @@
import { BaseStructure } from "./BaseStructure"
export class Screen extends BaseStructure {
constructor() {
super(true)
this._json = {
props: {
_id: "",
_component: "",
_styles: {
normal: {},
hover: {},
active: {},
selected: {},
},
_children: [],
_instanceName: "",
},
routing: {
route: "",
accessLevelId: "",
},
name: "screen-id",
}
}
component(name) {
this._json.props._component = name
return this
}
table(tableName) {
this._json.props.table = tableName
return this
}
mainType(type) {
this._json.type = type
return this
}
route(route) {
this._json.routing.route = route
return this
}
name(name) {
this._json.name = name
return this
}
instanceName(name) {
this._json.props._instanceName = name
return this
}
}

145
packages/builder/src/builderStore/store/screenTemplates/utils/commonComponents.js
View File

@ -0,0 +1,145 @@
import { Component } from "./Component"
import { rowListUrl } from "../rowListScreen"
export function makeLinkComponent(tableName) {
return new Component("@budibase/standard-components/link")
.normalStyle({
color: "#757575",
"text-transform": "capitalize",
})
.hoverStyle({
color: "#4285f4",
})
.text(tableName)
.customProps({
url: `/${tableName.toLowerCase()}`,
openInNewTab: false,
color: "",
hoverColor: "",
underline: false,
fontSize: "",
fontFamily: "initial",
})
}
export function makeMainContainer() {
return new Component("@budibase/standard-components/container")
.type("div")
.normalStyle({
width: "700px",
padding: "0px",
background: "white",
"border-radius": "0.5rem",
"box-shadow": "0 1px 2px 0 rgba(0, 0, 0, 0.05)",
margin: "auto",
"margin-top": "20px",
"padding-top": "48px",
"padding-bottom": "48px",
"padding-right": "48px",
"padding-left": "48px",
"margin-bottom": "20px",
})
.instanceName("Container")
}
export function makeBreadcrumbContainer(tableName, text, capitalise = false) {
const link = makeLinkComponent(tableName).instanceName("Back Link")
const arrowText = new Component("@budibase/standard-components/text")
.type("none")
.normalStyle({
"margin-right": "4px",
"margin-left": "4px",
})
.text(">")
.instanceName("Arrow")
const textStyling = {
color: "#000000",
}
if (capitalise) {
textStyling["text-transform"] = "capitalize"
}
const identifierText = new Component("@budibase/standard-components/text")
.type("none")
.normalStyle(textStyling)
.text(text)
.instanceName("Identifier")
return new Component("@budibase/standard-components/container")
.type("div")
.normalStyle({
"font-size": "14px",
color: "#757575",
})
.instanceName("Breadcrumbs")
.addChild(link)
.addChild(arrowText)
.addChild(identifierText)
}
export function makeSaveButton(table) {
return new Component("@budibase/standard-components/button")
.normalStyle({
background: "#000000",
"border-width": "0",
"border-style": "None",
color: "#fff",
"font-family": "Inter",
"font-weight": "500",
"font-size": "14px",
"margin-left": "16px",
})
.hoverStyle({
background: "#4285f4",
})
.text("Save")
.customProps({
className: "",
disabled: false,
onClick: [
{
parameters: {
contextPath: "data",
tableId: table._id,
},
"##eventHandlerType": "Save Row",
},
{
parameters: {
url: rowListUrl(table),
},
"##eventHandlerType": "Navigate To",
},
],
})
.instanceName("Save Button")
}
export function makeTitleContainer(title) {
const heading = new Component("@budibase/standard-components/heading")
.normalStyle({
margin: "0px",
"margin-bottom": "0px",
"margin-right": "0px",
"margin-top": "0px",
"margin-left": "0px",
flex: "1 1 auto",
})
.type("h3")
.instanceName("Title")
.text(title)
return new Component("@budibase/standard-components/container")
.type("div")
.normalStyle({
display: "flex",
"flex-direction": "row",
"justify-content": "space-between",
"align-items": "center",
"margin-top": "32px",
"margin-bottom": "32px",
})
.instanceName("Title Container")
.addChild(heading)
}

0
packages/builder/src/builderStore/store/screenTemplates/sanitizeUrl.js → packages/builder/src/builderStore/store/screenTemplates/utils/sanitizeUrl.js
View File

7
packages/builder/src/components/backend/TableNavigator/modals/CreateTableModal.svelte
View File

@ -59,10 +59,13 @@
}
// Create autolink to newly created list page
const listPage = screens.find(screen =>
const listScreen = screens.find(screen =>
screen.props._instanceName.endsWith("List")
)
await store.actions.components.links.save(listPage.route, table.name)
await store.actions.components.links.save(
listScreen.routing.route,
table.name
)
// Navigate to new table
$goto(`./table/${table._id}`)

4
packages/builder/src/components/userInterface/DetailScreenSelect.svelte
View File

@ -17,11 +17,11 @@
.filter(
screen =>
screen.props._component.endsWith("/rowdetail") ||
screen.route.endsWith(":id")
screen.routing.route.endsWith(":id")
)
.map(screen => ({
name: screen.props._instanceName,
url: screen.route,
url: screen.routing.route,
sort: screen.props._component,
})),
]

4
packages/builder/src/components/userInterface/EventsEditor/StateBindingCascader.svelte
View File

@ -25,7 +25,9 @@
<DataList on:change bind:value={parameter.value}>
<option value="" />
{#each $allScreens as screen}
<option value={screen.route}>{screen.props._instanceName}</option>
<option value={screen.routing.route}>
{screen.props._instanceName}
</option>
{/each}
</DataList>
{:else}

2
packages/builder/src/components/userInterface/EventsEditor/actions/NavigateTo.svelte
View File

@ -10,7 +10,7 @@
<DataList secondary bind:value={parameters.url}>
<option value="" />
{#each $allScreens as screen}
<option value={screen.route}>{screen.props._instanceName}</option>
<option value={screen.routing.route}>{screen.props._instanceName}</option>
{/each}
</DataList>
</div>

9
packages/builder/src/components/userInterface/NewScreenModal.svelte
View File

@ -49,8 +49,8 @@
baseComponent = draftScreen.props._component
}
if (draftScreen.route) {
route = draftScreen.route
if (draftScreen.routing) {
route = draftScreen.routing.route
}
}
@ -69,7 +69,8 @@
draftScreen.props._instanceName = name
draftScreen.props._component = baseComponent
draftScreen.route = route
// TODO: need to fix this up correctly
draftScreen.routing = { route, accessLevelId: "ADMIN" }
await store.actions.screens.create(draftScreen)
if (createLink) {
@ -88,7 +89,7 @@
const routeNameExists = route => {
return $allScreens.some(
screen => screen.route.toLowerCase() === route.toLowerCase()
screen => screen.routing.route.toLowerCase() === route.toLowerCase()
)
}

4
packages/builder/src/components/userInterface/ScreenSelect.svelte
View File

@ -21,7 +21,7 @@
.filter(screen => !screen.props._component.endsWith("/rowdetail"))
.map(screen => ({
name: screen.props._instanceName,
url: screen.route,
url: screen.routing.route,
sort: screen.props._component,
})),
]
@ -54,7 +54,7 @@
if (idBinding) {
urls.push({
name: detailScreen.props._instanceName,
url: detailScreen.route.replace(
url: detailScreen.routing.route.replace(
":id",
`{{ ${idBinding.runtimeBinding} }}`
),

44
packages/builder/yarn.lock
View File

@ -1266,9 +1266,9 @@
integrity sha512-TSt8ROqK6wq+Hav7EhZL1I0GtsZhg28aJuuDSviBzG/NG9pC0eprf8roWjl59DKHOVWIUTPTeY+T+lipb9gf8w==
"@testing-library/dom@^7.0.3":
version "7.27.0"
resolved "https://registry.yarnpkg.com/@testing-library/dom/-/dom-7.27.0.tgz#b4c7393f488db6de18c6cfa619390e7d6da57a3b"
integrity sha512-OH4lK9R0DdKdePG76cKQXORMpXLahqRLmyIau084TdN2sM1sfjxnGEiiTbJe/PDiam7sMOuf9uBXsTByH3pPhQ==
version "7.27.1"
resolved "https://registry.yarnpkg.com/@testing-library/dom/-/dom-7.27.1.tgz#b760182513357e4448a8461f9565d733a88d71d0"
integrity sha512-AF56RoeUU8bO4DOvLyMI44H3O1LVKZQi2D/m5fNDr+iR4drfOFikTr26hT6IY7YG+l8g69FXsHERa+uThaYYQg==
dependencies:
"@babel/code-frame" "^7.10.4"
"@babel/runtime" "^7.12.5"
@ -2103,9 +2103,9 @@ chalk@^4.0.0, chalk@^4.1.0:
supports-color "^7.1.0"
cheap-watch@^1.0.2:
version "1.0.2"
resolved "https://registry.yarnpkg.com/cheap-watch/-/cheap-watch-1.0.2.tgz#bfa648aea6bcd15e9fe4dce4ac760ab81cd0133c"
integrity sha512-jp82t+kZAW+ZVnuYuHZEGZqDaUg28uAyOhC915BcKBSYL55fpTyuJ56cYYXZG0JkCPQT80MjRD6q2KqebaPwCw==
version "1.0.3"
resolved "https://registry.yarnpkg.com/cheap-watch/-/cheap-watch-1.0.3.tgz#3c4265718bcf8f1ae08f5e450f9f4693432e028e"
integrity sha512-xC5CruMhLzjPwJ5ecUxGu1uGmwJQykUhqd2QrCrYbwvsFYdRyviu6jG9+pccwDXJR/OpmOTOJ9yLFunVgQu9wg==
check-more-types@2.24.0, check-more-types@^2.24.0:
version "2.24.0"
@ -2782,7 +2782,7 @@ date-fns@^1.27.2:
resolved "https://registry.yarnpkg.com/date-fns/-/date-fns-1.30.1.tgz#2e71bf0b119153dbb4cc4e88d9ea5acfb50dc05c"
integrity sha512-hBSVCvSmWC+QypYObzwGOd9wqdDpOt+0wl0KbU+R+uuZBS1jN8VsD1ss3irQDknRj5NvxiTF6oj/nDRnN/UQNw==
debug@4.2.0, debug@^4.1.0, debug@^4.1.1:
debug@4.2.0:
version "4.2.0"
resolved "https://registry.yarnpkg.com/debug/-/debug-4.2.0.tgz#7f150f93920e94c58f5574c2fd01a3110effe7f1"
integrity sha512-IX2ncY78vDTjZMFUdmsvIRFY2Cf4FnD0wRs+nQwJU8Lu99/tPFdb0VybiiMTPe3I6rQmwsqQqRBvxU+bZ/I8sg==
@ -2804,12 +2804,19 @@ debug@^2.2.0, debug@^2.3.3, debug@^2.6.9:
ms "2.0.0"
debug@^3.1.0:
version "3.2.6"
resolved "https://registry.yarnpkg.com/debug/-/debug-3.2.6.tgz#e83d17de16d8a7efb7717edbe5fb10135eee629b"
integrity sha512-mel+jf7nrtEl5Pn1Qx46zARXKDpBbvzezse7p7LqINmdoIk8PYP5SySaxEmYv6TZ0JyEKA1hsCId6DIhgITtWQ==
version "3.2.7"
resolved "https://registry.yarnpkg.com/debug/-/debug-3.2.7.tgz#72580b7e9145fb39b6676f9c5e5fb100b934179a"
integrity sha512-CFjzYYAi4ThfiQvizrFQevTTXHtnCqWfe7x1AhgEscTz6ZbLbfoLRLPugTQyBth6f8ZERVUSyWHFD/7Wu4t1XQ==
dependencies:
ms "^2.1.1"
debug@^4.1.0, debug@^4.1.1:
version "4.3.1"
resolved "https://registry.yarnpkg.com/debug/-/debug-4.3.1.tgz#f0d229c505e0c6d8c49ac553d1b13dc183f6b2ee"
integrity sha512-doEwdvm4PCeK4K3RQN2ZC2BYUBaxwLARCqZmMjtF8a51J2Rb0xpVloFRnCODwqjpwnAoao4pelN8l3RJdv3gRQ==
dependencies:
ms "2.1.2"
decamelize@^1.2.0:
version "1.2.0"
resolved "https://registry.yarnpkg.com/decamelize/-/decamelize-1.2.0.tgz#f6534d15148269b20352e7bee26f501f9a191290"
@ -2965,9 +2972,9 @@ ecc-jsbn@~0.1.1:
safer-buffer "^2.1.0"
electron-to-chromium@^1.3.591:
version "1.3.598"
resolved "https://registry.yarnpkg.com/electron-to-chromium/-/electron-to-chromium-1.3.598.tgz#8f757018902ab6190323a8c5f6124d854893a35b"
integrity sha512-G5Ztk23/ubLYVPxPXnB1uu105uzIPd4xB/D8ld8x1GaSC9+vU9NZL16nYZya8H77/7CCKKN7dArzJL3pBs8N7A==
version "1.3.601"
resolved "https://registry.yarnpkg.com/electron-to-chromium/-/electron-to-chromium-1.3.601.tgz#881824eaef0b2f97c89e1abb5835fdd224997d34"
integrity sha512-ctRyXD9y0mZu8pgeNwBUhLP3Guyr5YuqkfLKYmpTwYx7o9JtCEJme9JVX4xBXPr5ZNvr/iBXUvHLFEVJQThATg==
elegant-spinner@^1.0.1:
version "1.0.1"
@ -6892,9 +6899,9 @@ synchronous-promise@^2.0.13:
integrity sha512-k8uzYIkIVwmT+TcglpdN50pS2y1BDcUnBPK9iJeGu0Pl1lOI8pD6wtzgw91Pjpe+RxtTncw32tLxs/R0yNL2Mg==
terser@^5.0.0:
version "5.4.0"
resolved "https://registry.yarnpkg.com/terser/-/terser-5.4.0.tgz#9815c0839072d5c894e22c6fc508fbe9f5e7d7e8"
integrity sha512-3dZunFLbCJis9TAF2VnX+VrQLctRUmt1p3W2kCsJuZE4ZgWqh//+1MZ62EanewrqKoUf4zIaDGZAvml4UDc0OQ==
version "5.5.0"
resolved "https://registry.yarnpkg.com/terser/-/terser-5.5.0.tgz#1406fcb4d4bc517add3b22a9694284c040e33448"
integrity sha512-eopt1Gf7/AQyPhpygdKePTzaet31TvQxXvrf7xYUvD/d8qkCJm4SKPDzu+GHK5ZaYTn8rvttfqaZc3swK21e5g==
dependencies:
commander "^2.20.0"
source-map "~0.7.2"
@ -7162,6 +7169,11 @@ uuid@^3.3.2:
resolved "https://registry.yarnpkg.com/uuid/-/uuid-3.4.0.tgz#b23e4358afa8a202fe7a100af1f5f883f02007ee"
integrity sha512-HjSDRw6gZE5JMggctHBcjVak08+KEVhSIiDzFnT9S9aegmp85S/bReBVTb4QTFaRNptJ9kuYaNhnbNEOkbKb/A==
uuid@^8.3.1:
version "8.3.1"
resolved "https://registry.yarnpkg.com/uuid/-/uuid-8.3.1.tgz#2ba2e6ca000da60fce5a196954ab241131e05a31"
integrity sha512-FOmRr+FmWEIG8uhZv6C2bTgEVXsHk08kE7mPlrBbEe+c3r9pjceVPgupIfNIhc4yx55H69OXANrUaSuu9eInKg==
validate-npm-package-license@^3.0.1:
version "3.0.4"
resolved "https://registry.yarnpkg.com/validate-npm-package-license/-/validate-npm-package-license-3.0.4.tgz#fc91f6b9c7ba15c857f4cb2c5defeec39d4f410a"

2
packages/client/src/old/render/screenRouter.js
View File

@ -43,7 +43,7 @@ export const screenRouter = ({ screens, onScreenSelected, window }) => {
return sanitize(url)
}
const routes = screens.map(s => makeRootedPath(s.route))
const routes = screens.map(s => makeRootedPath(s.routing?.route))
let fallback = routes.findIndex(([p]) => p === makeRootedPath("*"))
if (fallback < 0) fallback = 0

90
packages/server/src/api/controllers/accesslevel.js
View File

@ -1,10 +1,9 @@
const CouchDB = require("../../db")
const {
generateAdminPermissions,
generatePowerUserPermissions,
POWERUSER_LEVEL_ID,
ADMIN_LEVEL_ID,
} = require("../../utilities/accessLevels")
BUILTIN_LEVELS,
AccessLevel,
getAccessLevel,
} = require("../../utilities/security/accessLevels")
const {
generateAccessLevelID,
getAccessLevelParams,
@ -19,85 +18,26 @@ exports.fetch = async function(ctx) {
)
const customAccessLevels = body.rows.map(row => row.doc)
const staticAccessLevels = [
{
_id: ADMIN_LEVEL_ID,
name: "Admin",
permissions: await generateAdminPermissions(ctx.user.appId),
},
{
_id: POWERUSER_LEVEL_ID,
name: "Power User",
permissions: await generatePowerUserPermissions(ctx.user.appId),
},
]
const staticAccessLevels = [BUILTIN_LEVELS.ADMIN, BUILTIN_LEVELS.POWER]
ctx.body = [...staticAccessLevels, ...customAccessLevels]
}
exports.find = async function(ctx) {
const db = new CouchDB(ctx.user.appId)
ctx.body = await db.get(ctx.params.levelId)
}
exports.update = async function(ctx) {
const db = new CouchDB(ctx.user.appId)
const level = await db.get(ctx.params.levelId)
level.name = ctx.body.name
level.permissions = ctx.request.body.permissions
const result = await db.put(level)
level._rev = result.rev
ctx.body = level
ctx.message = `Level ${level.name} updated successfully.`
ctx.body = await getAccessLevel(ctx.user.appId, ctx.params.levelId)
}
exports.patch = async function(ctx) {
exports.save = async function(ctx) {
const db = new CouchDB(ctx.user.appId)
const level = await db.get(ctx.params.levelId)
const { removedPermissions, addedPermissions, _rev } = ctx.request.body
if (!_rev) throw new Error("Must supply a _rev to update an access level")
level._rev = _rev
if (removedPermissions) {
level.permissions = level.permissions.filter(
p =>
!removedPermissions.some(
rem => rem.name === p.name && rem.itemId === p.itemId
)
)
}
if (addedPermissions) {
level.permissions = [
...level.permissions.filter(
p =>
!addedPermissions.some(
add => add.name === p.name && add.itemId === p.itemId
)
),
...addedPermissions,
]
}
const result = await db.put(level)
level._rev = result.rev
ctx.body = level
ctx.message = `Access Level ${level.name} updated successfully.`
}
exports.create = async function(ctx) {
const db = new CouchDB(ctx.user.appId)
const level = {
name: ctx.request.body.name,
_rev: ctx.request.body._rev,
permissions: ctx.request.body.permissions || [],
_id: generateAccessLevelID(),
type: "accesslevel",
let id = ctx.request.body._id || generateAccessLevelID()
const level = new AccessLevel(
id,
ctx.request.body.name,
ctx.request.body.inherits
)
if (ctx.request.body._rev) {
level._rev = ctx.request.body._rev
}
const result = await db.put(level)
level._rev = result.rev
ctx.body = level

53
packages/server/src/api/controllers/application.js
View File

@ -8,15 +8,18 @@ const fs = require("fs-extra")
const { join, resolve } = require("../../utilities/centralPath")
const packageJson = require("../../../package.json")
const { createLinkView } = require("../../db/linkedRows")
const { createRoutingView } = require("../../utilities/routing")
const { downloadTemplate } = require("../../utilities/templates")
const {
generateAppID,
DocumentTypes,
SEPARATOR,
getPageParams,
getScreenParams,
generatePageID,
generateScreenID,
} = require("../../db/utils")
const { BUILTIN_LEVEL_IDS } = require("../../utilities/security/accessLevels")
const {
downloadExtractComponentLibraries,
} = require("../../utilities/createAppPackage")
@ -26,6 +29,20 @@ const { cloneDeep } = require("lodash/fp")
const APP_PREFIX = DocumentTypes.APP + SEPARATOR
// utility function, need to do away with this
async function getMainAndUnauthPage(db) {
let pages = await db.allDocs(
getPageParams(null, {
include_docs: true,
})
)
pages = pages.rows.map(row => row.doc)
const mainPage = pages.find(page => page.name === PageTypes.MAIN)
const unauthPage = pages.find(page => page.name === PageTypes.UNAUTHENTICATED)
return { mainPage, unauthPage }
}
async function createInstance(template) {
const appId = generateAppID()
@ -38,6 +55,7 @@ async function createInstance(template) {
})
// add view for linked rows
await createLinkView(appId)
await createRoutingView(appId)
// replicate the template data to the instance DB
if (template) {
@ -65,19 +83,36 @@ exports.fetch = async function(ctx) {
}
}
exports.fetchAppDefinition = async function(ctx) {
const db = new CouchDB(ctx.params.appId)
// TODO: need to get rid of pages here, they shouldn't be needed anymore
const { mainPage, unauthPage } = await getMainAndUnauthPage(db)
const userAccessLevelId =
!ctx.user.accessLevel || !ctx.user.accessLevel._id
? BUILTIN_LEVEL_IDS.PUBLIC
: ctx.user.accessLevel._id
const correctPage =
userAccessLevelId === BUILTIN_LEVEL_IDS.PUBLIC ? unauthPage : mainPage
const screens = (
await db.allDocs(
getScreenParams(correctPage._id, {
include_docs: true,
})
)
).rows.map(row => row.doc)
// TODO: need to handle access control here, limit screens to user access level
ctx.body = {
page: correctPage,
screens: screens,
libraries: ["@budibase/standard-components"],
}
}
exports.fetchAppPackage = async function(ctx) {
const db = new CouchDB(ctx.params.appId)
const application = await db.get(ctx.params.appId)
let pages = await db.allDocs(
getPageParams(null, {
include_docs: true,
})
)
pages = pages.rows.map(row => row.doc)
const mainPage = pages.find(page => page.name === PageTypes.MAIN)
const unauthPage = pages.find(page => page.name === PageTypes.UNAUTHENTICATED)
const { mainPage, unauthPage } = await getMainAndUnauthPage(db)
ctx.body = {
application,
pages: {

1
packages/server/src/api/controllers/auth.js
View File

@ -34,6 +34,7 @@ exports.authenticate = async ctx => {
userId: dbUser._id,
accessLevelId: dbUser.accessLevelId,
version: app.version,
permissions: dbUser.permissions || [],
}
// if in cloud add the user api key
if (env.CLOUD) {

101
packages/server/src/api/controllers/routing.js
View File

@ -0,0 +1,101 @@
const { getRoutingInfo } = require("../../utilities/routing")
const {
getUserAccessLevelHierarchy,
BUILTIN_LEVEL_IDS,
} = require("../../utilities/security/accessLevels")
const URL_SEPARATOR = "/"
function Routing() {
this.json = {}
}
Routing.prototype.getTopLevel = function(fullpath) {
if (fullpath.charAt(0) !== URL_SEPARATOR) {
fullpath = URL_SEPARATOR + fullpath
}
// replace the first value with the home route
return URL_SEPARATOR + fullpath.split(URL_SEPARATOR)[1]
}
Routing.prototype.getScreensProp = function(fullpath) {
const topLevel = this.getTopLevel(fullpath)
if (!this.json[topLevel]) {
this.json[topLevel] = {
subpaths: {},
}
}
if (!this.json[topLevel].subpaths[fullpath]) {
this.json[topLevel].subpaths[fullpath] = {
screens: {},
}
}
return this.json[topLevel].subpaths[fullpath].screens
}
Routing.prototype.addScreenId = function(fullpath, accessLevel, screenId) {
this.getScreensProp(fullpath)[accessLevel] = screenId
}
/**
* Gets the full routing structure by querying the routing view and processing the result into the tree.
* @param {string} appId The application to produce the routing structure for.
* @returns {Promise<object>} The routing structure, this is the full structure designed for use in the builder,
* if the client routing is required then the updateRoutingStructureForUserLevel should be used.
*/
async function getRoutingStructure(appId) {
const screenRoutes = await getRoutingInfo(appId)
const routing = new Routing()
for (let screenRoute of screenRoutes) {
let fullpath = screenRoute.routing.route
const accessLevel = screenRoute.routing.accessLevelId
routing.addScreenId(fullpath, accessLevel, screenRoute.id)
}
return { routes: routing.json }
}
exports.fetch = async ctx => {
ctx.body = await getRoutingStructure(ctx.appId)
}
exports.clientFetch = async ctx => {
const routing = await getRoutingStructure(ctx.appId)
const accessLevelId = ctx.user.accessLevel._id
// builder is a special case, always return the full routing structure
if (accessLevelId === BUILTIN_LEVEL_IDS.BUILDER) {
ctx.body = routing
return
}
const accessLevelIds = await getUserAccessLevelHierarchy(
ctx.appId,
accessLevelId
)
for (let topLevel of Object.values(routing.routes)) {
for (let subpathKey of Object.keys(topLevel.subpaths)) {
let found = false
const subpath = topLevel.subpaths[subpathKey]
const accessLevelOptions = Object.keys(subpath.screens)
if (accessLevelOptions.length === 1 && !accessLevelOptions[0]) {
subpath.screenId = subpath.screens[accessLevelOptions[0]]
subpath.accessLevelId = BUILTIN_LEVEL_IDS.BASIC
found = true
} else {
for (let levelId of accessLevelIds) {
if (accessLevelOptions.indexOf(levelId) !== -1) {
subpath.screenId = subpath.screens[levelId]
subpath.accessLevelId = levelId
found = true
break
}
}
}
delete subpath.screens
if (!found) {
delete topLevel.subpaths[subpathKey]
}
}
}
ctx.body = routing
}

29
packages/server/src/api/controllers/screen.js
View File

@ -1,20 +1,28 @@
const CouchDB = require("../../db")
const { getScreenParams, generateScreenID } = require("../../db/utils")
const { AccessController } = require("../../utilities/security/accessLevels")
exports.fetch = async ctx => {
const db = new CouchDB(ctx.user.appId)
const appId = ctx.user.appId
const db = new CouchDB(appId)
const screens = await db.allDocs(
getScreenParams(null, {
include_docs: true,
})
const screens = (
await db.allDocs(
getScreenParams(null, {
include_docs: true,
})
)
).rows.map(element => element.doc)
ctx.body = await new AccessController(appId).checkScreensAccess(
screens,
ctx.user.accessLevel._id
)
ctx.body = screens.rows.map(element => element.doc)
}
exports.find = async ctx => {
const db = new CouchDB(ctx.user.appId)
const appId = ctx.user.appId
const db = new CouchDB(appId)
const screens = await db.allDocs(
getScreenParams(ctx.params.pageId, {
@ -22,7 +30,10 @@ exports.find = async ctx => {
})
)
ctx.body = screens.response.rows
ctx.body = await new AccessController(appId).checkScreensAccess(
screens,
ctx.user.accessLevel._id
)
}
exports.save = async ctx => {

22
packages/server/src/api/controllers/user.js
View File

@ -2,9 +2,11 @@ const CouchDB = require("../../db")
const bcrypt = require("../../utilities/bcrypt")
const { generateUserID, getUserParams } = require("../../db/utils")
const {
POWERUSER_LEVEL_ID,
ADMIN_LEVEL_ID,
} = require("../../utilities/accessLevels")
BUILTIN_LEVEL_ID_ARRAY,
} = require("../../utilities/security/accessLevels")
const {
BUILTIN_PERMISSION_NAMES,
} = require("../../utilities/security/permissions")
exports.fetch = async function(ctx) {
const database = new CouchDB(ctx.user.appId)
@ -18,7 +20,13 @@ exports.fetch = async function(ctx) {
exports.create = async function(ctx) {
const db = new CouchDB(ctx.user.appId)
const { username, password, name, accessLevelId } = ctx.request.body
const {
username,
password,
name,
accessLevelId,
permissions,
} = ctx.request.body
if (!username || !password) {
ctx.throw(400, "Username and Password Required.")
@ -35,6 +43,7 @@ exports.create = async function(ctx) {
name: name || username,
type: "user",
accessLevelId,
permissions: permissions || [BUILTIN_PERMISSION_NAMES.POWER],
}
try {
@ -89,10 +98,7 @@ exports.find = async function(ctx) {
const checkAccessLevel = async (db, accessLevelId) => {
if (!accessLevelId) return
if (
accessLevelId === POWERUSER_LEVEL_ID ||
accessLevelId === ADMIN_LEVEL_ID
) {
if (BUILTIN_LEVEL_ID_ARRAY.indexOf(accessLevelId) !== -1) {
return {
_id: accessLevelId,
name: accessLevelId,

5
packages/server/src/api/controllers/view/index.js
View File

@ -5,6 +5,7 @@ const { join } = require("../../../utilities/centralPath")
const os = require("os")
const exporters = require("./exporters")
const { fetchView } = require("../row")
const { ViewNames } = require("../../../db/utils")
const controller = {
fetch: async ctx => {
@ -13,8 +14,8 @@ const controller = {
const response = []
for (let name of Object.keys(designDoc.views)) {
// Only return custom views
if (name === "by_link") {
// Only return custom views, not built ins
if (Object.values(ViewNames).indexOf(name) !== -1) {
continue
}
response.push({

70
packages/server/src/api/index.js
View File

@ -4,25 +4,7 @@ const compress = require("koa-compress")
const zlib = require("zlib")
const { budibaseAppsDir } = require("../utilities/budibaseDir")
const { isDev } = require("../utilities")
const {
authRoutes,
pageRoutes,
screenRoutes,
userRoutes,
deployRoutes,
applicationRoutes,
rowRoutes,
tableRoutes,
viewRoutes,
staticRoutes,
componentRoutes,
automationRoutes,
accesslevelRoutes,
apiKeysRoutes,
templatesRoutes,
analyticsRoutes,
webhookRoutes,
} = require("./routes")
const { mainRoutes, authRoutes, staticRoutes } = require("./routes")
const router = new Router()
const env = require("../environment")
@ -72,52 +54,12 @@ router.use(authRoutes.routes())
router.use(authRoutes.allowedMethods())
// authenticated routes
router.use(viewRoutes.routes())
router.use(viewRoutes.allowedMethods())
router.use(tableRoutes.routes())
router.use(tableRoutes.allowedMethods())
router.use(rowRoutes.routes())
router.use(rowRoutes.allowedMethods())
router.use(userRoutes.routes())
router.use(userRoutes.allowedMethods())
router.use(automationRoutes.routes())
router.use(automationRoutes.allowedMethods())
router.use(webhookRoutes.routes())
router.use(webhookRoutes.allowedMethods())
router.use(deployRoutes.routes())
router.use(deployRoutes.allowedMethods())
router.use(templatesRoutes.routes())
router.use(templatesRoutes.allowedMethods())
// end auth routes
router.use(pageRoutes.routes())
router.use(pageRoutes.allowedMethods())
router.use(screenRoutes.routes())
router.use(screenRoutes.allowedMethods())
router.use(applicationRoutes.routes())
router.use(applicationRoutes.allowedMethods())
router.use(componentRoutes.routes())
router.use(componentRoutes.allowedMethods())
router.use(accesslevelRoutes.routes())
router.use(accesslevelRoutes.allowedMethods())
router.use(apiKeysRoutes.routes())
router.use(apiKeysRoutes.allowedMethods())
router.use(analyticsRoutes.routes())
router.use(analyticsRoutes.allowedMethods())
for (let route of mainRoutes) {
router.use(route.routes())
router.use(route.allowedMethods())
}
// WARNING - static routes will catch everything else after them this must be last
router.use(staticRoutes.routes())
router.use(staticRoutes.allowedMethods())

16
packages/server/src/api/routes/accesslevel.js
View File

@ -1,14 +1,18 @@
const Router = require("@koa/router")
const controller = require("../controllers/accesslevel")
const authorized = require("../../middleware/authorized")
const { BUILDER } = require("../../utilities/security/permissions")
const router = Router()
router
.post("/api/accesslevels", controller.create)
.put("/api/accesslevels", controller.update)
.get("/api/accesslevels", controller.fetch)
.get("/api/accesslevels/:levelId", controller.find)
.delete("/api/accesslevels/:levelId/:rev", controller.destroy)
.patch("/api/accesslevels/:levelId", controller.patch)
.post("/api/accesslevels", authorized(BUILDER), controller.save)
.get("/api/accesslevels", authorized(BUILDER), controller.fetch)
.get("/api/accesslevels/:levelId", authorized(BUILDER), controller.find)
.delete(
"/api/accesslevels/:levelId/:rev",
authorized(BUILDER),
controller.destroy
)
module.exports = router

2
packages/server/src/api/routes/analytics.js
View File

@ -1,7 +1,7 @@
const Router = require("@koa/router")
const authorized = require("../../middleware/authorized")
const { BUILDER } = require("../../utilities/accessLevels")
const controller = require("../controllers/analytics")
const { BUILDER } = require("../../utilities/security/permissions")
const router = Router()

2
packages/server/src/api/routes/apikeys.js
View File

@ -1,7 +1,7 @@
const Router = require("@koa/router")
const controller = require("../controllers/apikeys")
const authorized = require("../../middleware/authorized")
const { BUILDER } = require("../../utilities/accessLevels")
const { BUILDER } = require("../../utilities/security/permissions")
const router = Router()

3
packages/server/src/api/routes/application.js
View File

@ -1,11 +1,12 @@
const Router = require("@koa/router")
const controller = require("../controllers/application")
const authorized = require("../../middleware/authorized")
const { BUILDER } = require("../../utilities/accessLevels")
const { BUILDER } = require("../../utilities/security/permissions")
const router = Router()
router
.get("/api/:appId/definition", controller.fetchAppDefinition)
.get("/api/applications", authorized(BUILDER), controller.fetch)
.get(
"/api/:appId/appPackage",

8
packages/server/src/api/routes/automation.js
View File

@ -2,7 +2,11 @@ const Router = require("@koa/router")
const controller = require("../controllers/automation")
const authorized = require("../../middleware/authorized")
const joiValidator = require("../../middleware/joi-validator")
const { BUILDER, EXECUTE_AUTOMATION } = require("../../utilities/accessLevels")
const {
BUILDER,
PermissionLevels,
PermissionTypes,
} = require("../../utilities/security/permissions")
const Joi = require("joi")
const router = Router()
@ -75,7 +79,7 @@ router
)
.post(
"/api/automations/:id/trigger",
authorized(EXECUTE_AUTOMATION),
authorized(PermissionTypes.AUTOMATION, PermissionLevels.EXECUTE),
controller.trigger
)
.delete("/api/automations/:id/:rev", authorized(BUILDER), controller.destroy)

2
packages/server/src/api/routes/component.js
View File

@ -1,7 +1,7 @@
const Router = require("@koa/router")
const controller = require("../controllers/component")
const authorized = require("../../middleware/authorized")
const { BUILDER } = require("../../utilities/accessLevels")
const { BUILDER } = require("../../utilities/security/permissions")
const router = Router()

2
packages/server/src/api/routes/deploy.js
View File

@ -1,7 +1,7 @@
const Router = require("@koa/router")
const controller = require("../controllers/deploy")
const authorized = require("../../middleware/authorized")
const { BUILDER } = require("../../utilities/accessLevels")
const { BUILDER } = require("../../utilities/security/permissions")
const router = Router()

11
packages/server/src/api/routes/index.js
View File

@ -15,10 +15,10 @@ const deployRoutes = require("./deploy")
const apiKeysRoutes = require("./apikeys")
const templatesRoutes = require("./templates")
const analyticsRoutes = require("./analytics")
const routingRoutes = require("./routing")
module.exports = {
exports.mainRoutes = [
deployRoutes,
authRoutes,
pageRoutes,
screenRoutes,
userRoutes,
@ -26,7 +26,6 @@ module.exports = {
rowRoutes,
tableRoutes,
viewRoutes,
staticRoutes,
componentRoutes,
automationRoutes,
accesslevelRoutes,
@ -34,4 +33,8 @@ module.exports = {
templatesRoutes,
analyticsRoutes,
webhookRoutes,
}
routingRoutes,
]
exports.authRoutes = authRoutes
exports.staticRoutes = staticRoutes

2
packages/server/src/api/routes/pages.js
View File

@ -1,6 +1,6 @@
const Router = require("@koa/router")
const authorized = require("../../middleware/authorized")
const { BUILDER } = require("../../utilities/accessLevels")
const { BUILDER } = require("../../utilities/security/permissions")
const controller = require("../controllers/page")
const router = Router()

13
packages/server/src/api/routes/routing.js
View File

@ -0,0 +1,13 @@
const Router = require("@koa/router")
const authorized = require("../../middleware/authorized")
const { BUILDER } = require("../../utilities/security/permissions")
const controller = require("../controllers/routing")
const router = Router()
// gets the full structure, not just the correct screen ID for your access level
router
.get("/api/routing/client", controller.clientFetch)
.get("/api/routing", authorized(BUILDER), controller.fetch)
module.exports = router

19
packages/server/src/api/routes/row.js
View File

@ -2,46 +2,49 @@ const Router = require("@koa/router")
const rowController = require("../controllers/row")
const authorized = require("../../middleware/authorized")
const usage = require("../../middleware/usageQuota")
const { READ_TABLE, WRITE_TABLE } = require("../../utilities/accessLevels")
const {
PermissionLevels,
PermissionTypes,
} = require("../../utilities/security/permissions")
const router = Router()
router
.get(
"/api/:tableId/:rowId/enrich",
authorized(READ_TABLE, ctx => ctx.params.tableId),
authorized(PermissionTypes.TABLE, PermissionLevels.READ),
rowController.fetchEnrichedRow
)
.get(
"/api/:tableId/rows",
authorized(READ_TABLE, ctx => ctx.params.tableId),
authorized(PermissionTypes.TABLE, PermissionLevels.READ),
rowController.fetchTableRows
)
.get(
"/api/:tableId/rows/:rowId",
authorized(READ_TABLE, ctx => ctx.params.tableId),
authorized(PermissionTypes.TABLE, PermissionLevels.READ),
rowController.find
)
.post("/api/rows/search", rowController.search)
.post(
"/api/:tableId/rows",
authorized(WRITE_TABLE, ctx => ctx.params.tableId),
authorized(PermissionTypes.TABLE, PermissionLevels.WRITE),
usage,
rowController.save
)
.patch(
"/api/:tableId/rows/:id",
authorized(WRITE_TABLE, ctx => ctx.params.tableId),
authorized(PermissionTypes.TABLE, PermissionLevels.WRITE),
rowController.patch
)
.post(
"/api/:tableId/rows/validate",
authorized(WRITE_TABLE, ctx => ctx.params.tableId),
authorized(PermissionTypes.TABLE, PermissionLevels.WRITE),
rowController.validate
)
.delete(
"/api/:tableId/rows/:rowId/:revId",
authorized(WRITE_TABLE, ctx => ctx.params.tableId),
authorized(PermissionTypes.TABLE, PermissionLevels.WRITE),
usage,
rowController.destroy
)

25
packages/server/src/api/routes/screen.js
View File

@ -1,7 +1,7 @@
const Router = require("@koa/router")
const controller = require("../controllers/screen")
const authorized = require("../../middleware/authorized")
const { BUILDER } = require("../../utilities/accessLevels")
const { BUILDER } = require("../../utilities/security/permissions")
const joiValidator = require("../../middleware/joi-validator")
const Joi = require("joi")
@ -12,17 +12,20 @@ function generateSaveValidation() {
return joiValidator.body(Joi.object({
_css: Joi.string().allow(""),
name: Joi.string().required(),
route: Joi.string().required(),
routing: Joi.object({
route: Joi.string().required(),
accessLevelId: Joi.string().required().allow(""),
}).required().unknown(true),
props: Joi.object({
_id: Joi.string().required(),
_component: Joi.string().required(),
_children: Joi.array().required(),
_instanceName: Joi.string().required(),
_styles: Joi.object().required(),
type: Joi.string().optional(),
table: Joi.string().optional(),
}).required().unknown(true),
}).unknown(true))
_id: Joi.string().required(),
_component: Joi.string().required(),
_children: Joi.array().required(),
_instanceName: Joi.string().required(),
_styles: Joi.object().required(),
type: Joi.string().optional(),
table: Joi.string().optional(),
}).required().unknown(true),
}).unknown(true))
}
router

2
packages/server/src/api/routes/static.js
View File

@ -3,7 +3,7 @@ const controller = require("../controllers/static")
const { budibaseTempDir } = require("../../utilities/budibaseDir")
const env = require("../../environment")
const authorized = require("../../middleware/authorized")
const { BUILDER } = require("../../utilities/accessLevels")
const { BUILDER } = require("../../utilities/security/permissions")
const usage = require("../../middleware/usageQuota")
const router = Router()

8
packages/server/src/api/routes/table.js
View File

@ -1,7 +1,11 @@
const Router = require("@koa/router")
const tableController = require("../controllers/table")
const authorized = require("../../middleware/authorized")
const { BUILDER, READ_TABLE } = require("../../utilities/accessLevels")
const {
BUILDER,
PermissionLevels,
PermissionTypes,
} = require("../../utilities/security/permissions")
const router = Router()
@ -9,7 +13,7 @@ router
.get("/api/tables", authorized(BUILDER), tableController.fetch)
.get(
"/api/tables/:id",
authorized(READ_TABLE, ctx => ctx.params.id),
authorized(PermissionTypes.TABLE, PermissionLevels.READ),
tableController.find
)
.post("/api/tables", authorized(BUILDER), tableController.save)

2
packages/server/src/api/routes/templates.js
View File

@ -1,7 +1,7 @@
const Router = require("@koa/router")
const controller = require("../controllers/templates")
const authorized = require("../../middleware/authorized")
const { BUILDER } = require("../../utilities/accessLevels")
const { BUILDER } = require("../../utilities/security/permissions")
const router = Router()

96
packages/server/src/api/routes/tests/accesslevel.spec.js
View File

@ -6,13 +6,10 @@ const {
defaultHeaders
} = require("./couchTestUtils")
const {
generateAdminPermissions,
generatePowerUserPermissions,
POWERUSER_LEVEL_ID,
ADMIN_LEVEL_ID,
READ_TABLE,
WRITE_TABLE,
} = require("../../../utilities/accessLevels")
BUILTIN_LEVEL_IDS,
} = require("../../../utilities/security/accessLevels")
const accessLevelBody = { name: "user", inherits: BUILTIN_LEVEL_IDS.BASIC }
describe("/accesslevels", () => {
let server
@ -41,7 +38,7 @@ describe("/accesslevels", () => {
it("returns a success message when level is successfully created", async () => {
const res = await request
.post(`/api/accesslevels`)
.send({ name: "user" })
.send(accessLevelBody)
.set(defaultHeaders(appId))
.expect('Content-Type', /json/)
.expect(200)
@ -49,7 +46,6 @@ describe("/accesslevels", () => {
expect(res.res.statusMessage).toEqual("Access Level 'user' created successfully.")
expect(res.body._id).toBeDefined()
expect(res.body._rev).toBeDefined()
expect(res.body.permissions).toEqual([])
})
});
@ -59,7 +55,7 @@ describe("/accesslevels", () => {
it("should list custom levels, plus 2 default levels", async () => {
const createRes = await request
.post(`/api/accesslevels`)
.send({ name: "user", permissions: [ { itemId: table._id, name: READ_TABLE }] })
.send(accessLevelBody)
.set(defaultHeaders(appId))
.expect('Content-Type', /json/)
.expect(200)
@ -74,16 +70,17 @@ describe("/accesslevels", () => {
expect(res.body.length).toBe(3)
const adminLevel = res.body.find(r => r._id === ADMIN_LEVEL_ID)
const adminLevel = res.body.find(r => r._id === BUILTIN_LEVEL_IDS.ADMIN)
expect(adminLevel.inherits).toEqual(BUILTIN_LEVEL_IDS.POWER)
expect(adminLevel).toBeDefined()
expect(adminLevel.permissions).toEqual(await generateAdminPermissions(appId))
const powerUserLevel = res.body.find(r => r._id === POWERUSER_LEVEL_ID)
const powerUserLevel = res.body.find(r => r._id === BUILTIN_LEVEL_IDS.POWER)
expect(powerUserLevel.inherits).toEqual(BUILTIN_LEVEL_IDS.BASIC)
expect(powerUserLevel).toBeDefined()
expect(powerUserLevel.permissions).toEqual(await generatePowerUserPermissions(appId))
const customLevelFetched = res.body.find(r => r._id === customLevel._id)
expect(customLevelFetched.permissions).toEqual(customLevel.permissions)
expect(customLevelFetched.inherits).toEqual(BUILTIN_LEVEL_IDS.BASIC)
expect(customLevelFetched).toBeDefined()
})
});
@ -92,7 +89,7 @@ describe("/accesslevels", () => {
it("should delete custom access level", async () => {
const createRes = await request
.post(`/api/accesslevels`)
.send({ name: "user", permissions: [ { itemId: table._id, name: READ_TABLE } ] })
.send({ name: "user" })
.set(defaultHeaders(appId))
.expect('Content-Type', /json/)
.expect(200)
@ -110,71 +107,4 @@ describe("/accesslevels", () => {
.expect(404)
})
})
describe("patch", () => {
it("should add given permissions", async () => {
const createRes = await request
.post(`/api/accesslevels`)
.send({ name: "user", permissions: [ { itemId: table._id, name: READ_TABLE }] })
.set(defaultHeaders(appId))
.expect('Content-Type', /json/)
.expect(200)
const customLevel = createRes.body
await request
.patch(`/api/accesslevels/${customLevel._id}`)
.send({
_rev: customLevel._rev,
addedPermissions: [ { itemId: table._id, name: WRITE_TABLE } ]
})
.set(defaultHeaders(appId))
.expect('Content-Type', /json/)
.expect(200)
const finalRes = await request
.get(`/api/accesslevels/${customLevel._id}`)
.set(defaultHeaders(appId))
.expect(200)
expect(finalRes.body.permissions.length).toBe(2)
expect(finalRes.body.permissions.some(p => p.name === WRITE_TABLE)).toBe(true)
expect(finalRes.body.permissions.some(p => p.name === READ_TABLE)).toBe(true)
})
it("should remove given permissions", async () => {
const createRes = await request
.post(`/api/accesslevels`)
.send({
name: "user",
permissions: [
{ itemId: table._id, name: READ_TABLE },
{ itemId: table._id, name: WRITE_TABLE },
]
})
.set(defaultHeaders(appId))
.expect('Content-Type', /json/)
.expect(200)
const customLevel = createRes.body
await request
.patch(`/api/accesslevels/${customLevel._id}`)
.send({
_rev: customLevel._rev,
removedPermissions: [ { itemId: table._id, name: WRITE_TABLE }]
})
.set(defaultHeaders(appId))
.expect('Content-Type', /json/)
.expect(200)
const finalRes = await request
.get(`/api/accesslevels/${customLevel._id}`)
.set(defaultHeaders(appId))
.expect(200)
expect(finalRes.body.permissions.length).toBe(1)
expect(finalRes.body.permissions.some(p => p.name === READ_TABLE)).toBe(true)
})
})
});

60
packages/server/src/api/routes/tests/couchTestUtils.js
View File

@ -1,11 +1,11 @@
const CouchDB = require("../../../db")
const supertest = require("supertest")
const {
POWERUSER_LEVEL_ID,
ANON_LEVEL_ID,
BUILDER_LEVEL_ID,
generateAdminPermissions,
} = require("../../../utilities/accessLevels")
BUILTIN_LEVEL_IDS,
} = require("../../../utilities/security/accessLevels")
const {
BUILTIN_PERMISSION_NAMES,
} = require("../../../utilities/security/permissions")
const packageJson = require("../../../../package")
const jwt = require("jsonwebtoken")
const env = require("../../../environment")
@ -26,7 +26,7 @@ exports.supertest = async () => {
exports.defaultHeaders = appId => {
const builderUser = {
userId: "BUILDER",
accessLevelId: BUILDER_LEVEL_ID,
accessLevelId: BUILTIN_LEVEL_IDS.BUILDER,
}
const builderToken = jwt.sign(builderUser, env.JWT_SECRET)
@ -126,21 +126,13 @@ exports.createUser = async (
name: "Bill",
username,
password,
accessLevelId: POWERUSER_LEVEL_ID,
accessLevelId: BUILTIN_LEVEL_IDS.POWER,
})
return res.body
}
const createUserWithOnePermission = async (
request,
appId,
permName,
itemId
) => {
let permissions = await generateAdminPermissions(appId)
permissions = permissions.filter(
p => p.name === permName && p.itemId === itemId
)
const createUserWithOnePermission = async (request, appId, permName) => {
let permissions = [permName]
return await createUserWithPermissions(
request,
@ -151,7 +143,7 @@ const createUserWithOnePermission = async (
}
const createUserWithAdminPermissions = async (request, appId) => {
let permissions = await generateAdminPermissions(appId)
let permissions = [BUILTIN_PERMISSION_NAMES.ADMIN]
return await createUserWithPermissions(
request,
@ -164,13 +156,9 @@ const createUserWithAdminPermissions = async (request, appId) => {
const createUserWithAllPermissionExceptOne = async (
request,
appId,
permName,
itemId
permName
) => {
let permissions = await generateAdminPermissions(appId)
permissions = permissions.filter(
p => !(p.name === permName && p.itemId === itemId)
)
let permissions = [permName]
return await createUserWithPermissions(
request,
@ -186,11 +174,6 @@ const createUserWithPermissions = async (
permissions,
username
) => {
const accessRes = await request
.post(`/api/accesslevels`)
.send({ name: "TestLevel", permissions })
.set(exports.defaultHeaders(appId))
const password = `password_${username}`
await request
.post(`/api/users`)
@ -199,12 +182,13 @@ const createUserWithPermissions = async (
name: username,
username,
password,
accessLevelId: accessRes.body._id,
accessLevelId: BUILTIN_LEVEL_IDS.POWER,
permissions,
})
const anonUser = {
userId: "ANON",
accessLevelId: ANON_LEVEL_ID,
accessLevelId: BUILTIN_LEVEL_IDS.PUBLIC,
appId: appId,
version: packageJson.version,
}
@ -232,15 +216,10 @@ exports.testPermissionsForEndpoint = async ({
url,
body,
appId,
permissionName,
itemId,
permName1,
permName2,
}) => {
const headers = await createUserWithOnePermission(
request,
appId,
permissionName,
itemId
)
const headers = await createUserWithOnePermission(request, appId, permName1)
await createRequest(request, method, url, body)
.set(headers)
@ -249,8 +228,7 @@ exports.testPermissionsForEndpoint = async ({
const noPermsHeaders = await createUserWithAllPermissionExceptOne(
request,
appId,
permissionName,
itemId
permName2
)
await createRequest(request, method, url, body)

21
packages/server/src/api/routes/tests/user.spec.js
View File

@ -5,11 +5,12 @@ const {
createUser,
testPermissionsForEndpoint,
} = require("./couchTestUtils")
const {
POWERUSER_LEVEL_ID,
LIST_USERS,
USER_MANAGEMENT
} = require("../../../utilities/accessLevels")
const {
BUILTIN_PERMISSION_NAMES,
} = require("../../../utilities/security/permissions")
const {
BUILTIN_LEVEL_IDS,
} = require("../../../utilities/security/accessLevels")
describe("/users", () => {
let request
@ -53,7 +54,8 @@ describe("/users", () => {
method: "GET",
url: `/api/users`,
appId: appId,
permissionName: LIST_USERS,
permName1: BUILTIN_PERMISSION_NAMES.POWER,
permName2: BUILTIN_PERMISSION_NAMES.WRITE,
})
})
@ -65,7 +67,7 @@ describe("/users", () => {
const res = await request
.post(`/api/users`)
.set(defaultHeaders(appId))
.send({ name: "Bill", username: "bill", password: "bills_password", accessLevelId: POWERUSER_LEVEL_ID })
.send({ name: "Bill", username: "bill", password: "bills_password", accessLevelId: BUILTIN_LEVEL_IDS.POWER })
.expect(200)
.expect('Content-Type', /json/)
@ -77,10 +79,11 @@ describe("/users", () => {
await testPermissionsForEndpoint({
request,
method: "POST",
body: { name: "brandNewUser", username: "brandNewUser", password: "yeeooo", accessLevelId: POWERUSER_LEVEL_ID },
body: { name: "brandNewUser", username: "brandNewUser", password: "yeeooo", accessLevelId: BUILTIN_LEVEL_IDS.POWER },
url: `/api/users`,
appId: appId,
permissionName: USER_MANAGEMENT,
permName1: BUILTIN_PERMISSION_NAMES.ADMIN,
permName2: BUILTIN_PERMISSION_NAMES.POWER,
})
})

32
packages/server/src/api/routes/user.js
View File

@ -1,19 +1,39 @@
const Router = require("@koa/router")
const controller = require("../controllers/user")
const authorized = require("../../middleware/authorized")
const { USER_MANAGEMENT, LIST_USERS } = require("../../utilities/accessLevels")
const {
PermissionLevels,
PermissionTypes,
} = require("../../utilities/security/permissions")
const usage = require("../../middleware/usageQuota")
const router = Router()
router
.get("/api/users", authorized(LIST_USERS), controller.fetch)
.get("/api/users/:username", authorized(USER_MANAGEMENT), controller.find)
.put("/api/users/", authorized(USER_MANAGEMENT), controller.update)
.post("/api/users", authorized(USER_MANAGEMENT), usage, controller.create)
.get(
"/api/users",
authorized(PermissionTypes.USER, PermissionLevels.READ),
controller.fetch
)
.get(
"/api/users/:username",
authorized(PermissionTypes.USER, PermissionLevels.READ),
controller.find
)
.put(
"/api/users/",
authorized(PermissionTypes.USER, PermissionLevels.WRITE),
controller.update
)
.post(
"/api/users",
authorized(PermissionTypes.USER, PermissionLevels.WRITE),
usage,
controller.create
)
.delete(
"/api/users/:username",
authorized(USER_MANAGEMENT),
authorized(PermissionTypes.USER, PermissionLevels.WRITE),
usage,
controller.destroy
)

8
packages/server/src/api/routes/view.js
View File

@ -2,7 +2,11 @@ const Router = require("@koa/router")
const viewController = require("../controllers/view")
const rowController = require("../controllers/row")
const authorized = require("../../middleware/authorized")
const { BUILDER, READ_VIEW } = require("../../utilities/accessLevels")
const {
BUILDER,
PermissionTypes,
PermissionLevels,
} = require("../../utilities/security/permissions")
const usage = require("../../middleware/usageQuota")
const router = Router()
@ -10,7 +14,7 @@ const router = Router()
router
.get(
"/api/views/:viewName",
authorized(READ_VIEW, ctx => ctx.params.viewName),
authorized(PermissionTypes.VIEW, PermissionLevels.READ),
rowController.fetchView
)
.get("/api/views", authorized(BUILDER), viewController.fetch)

8
packages/server/src/api/routes/webhook.js
View File

@ -2,7 +2,11 @@ const Router = require("@koa/router")
const controller = require("../controllers/webhook")
const authorized = require("../../middleware/authorized")
const joiValidator = require("../../middleware/joi-validator")
const { BUILDER, EXECUTE_WEBHOOK } = require("../../utilities/accessLevels")
const {
BUILDER,
PermissionTypes,
PermissionLevels,
} = require("../../utilities/security/permissions")
const Joi = require("joi")
const router = Router()
@ -38,7 +42,7 @@ router
)
.post(
"/api/webhooks/trigger/:instance/:id",
authorized(EXECUTE_WEBHOOK),
authorized(PermissionTypes.WEBHOOK, PermissionLevels.EXECUTE),
controller.trigger
)

8
packages/server/src/automations/steps/createUser.js
View File

@ -1,4 +1,4 @@
const accessLevels = require("../../utilities/accessLevels")
const accessLevels = require("../../utilities/security/accessLevels")
const userController = require("../../api/controllers/user")
const env = require("../../environment")
const usage = require("../../utilities/usageQuota")
@ -11,7 +11,7 @@ module.exports.definition = {
type: "ACTION",
stepId: "CREATE_USER",
inputs: {
accessLevelId: accessLevels.POWERUSER_LEVEL_ID,
accessLevelId: accessLevels.BUILTIN_LEVEL_IDS.POWER,
},
schema: {
inputs: {
@ -28,8 +28,8 @@ module.exports.definition = {
accessLevelId: {
type: "string",
title: "Access Level",
enum: accessLevels.ACCESS_LEVELS,
pretty: Object.values(accessLevels.PRETTY_ACCESS_LEVELS),
enum: accessLevels.BUILTIN_LEVEL_IDS,
pretty: accessLevels.BUILTIN_LEVEL_NAME_ARRAY,
},
},
required: ["username", "password", "accessLevelId"],

7
packages/server/src/constants/screens.js
View File

@ -1,3 +1,5 @@
const { BUILTIN_LEVEL_IDS } = require("../utilities/security/accessLevels")
exports.HOME_SCREEN = {
description: "",
url: "",
@ -98,6 +100,9 @@ exports.HOME_SCREEN = {
],
_instanceName: "Home",
},
route: "/",
routing: {
route: "/",
accessLevelId: BUILTIN_LEVEL_IDS.BASIC,
},
name: "d834fea2-1b3e-4320-ab34-f9009f5ecc59",
}

5
packages/server/src/db/linkedRows/linkUtils.js
View File

@ -1,5 +1,6 @@
const CouchDB = require("../index")
const Sentry = require("@sentry/node")
const { ViewNames, getQueryIndex } = require("../utils")
/**
* Only needed so that boolean parameters are being used for includeDocs
@ -40,7 +41,7 @@ exports.createLinkView = async appId => {
}
designDoc.views = {
...designDoc.views,
by_link: view,
[ViewNames.LINK]: view,
}
await db.put(designDoc)
}
@ -76,7 +77,7 @@ exports.getLinkDocuments = async function({
}
params.include_docs = !!includeDocs
try {
const response = await db.query("database/by_link", params)
const response = await db.query(getQueryIndex(ViewNames.LINK), params)
if (includeDocs) {
return response.rows.map(row => row.doc)
} else {

10
packages/server/src/db/utils.js
View File

@ -17,10 +17,20 @@ const DocumentTypes = {
SCREEN: "screen",
}
const ViewNames = {
LINK: "by_link",
ROUTING: "screen_routes",
}
exports.ViewNames = ViewNames
exports.DocumentTypes = DocumentTypes
exports.SEPARATOR = SEPARATOR
exports.UNICODE_MAX = UNICODE_MAX
exports.getQueryIndex = viewName => {
return `database/${viewName}`
}
/**
* If creating DB allDocs/query params with only a single top level ID this can be used, this
* is usually the case as most of our docs are top level e.g. tables, automations, users and so on.

41
packages/server/src/middleware/authenticated.js
View File

@ -1,12 +1,6 @@
const jwt = require("jsonwebtoken")
const STATUS_CODES = require("../utilities/statusCodes")
const accessLevelController = require("../api/controllers/accesslevel")
const {
ADMIN_LEVEL_ID,
POWERUSER_LEVEL_ID,
BUILDER_LEVEL_ID,
ANON_LEVEL_ID,
} = require("../utilities/accessLevels")
const { getAccessLevel } = require("../utilities/security/accessLevels")
const env = require("../environment")
const { AuthTypes } = require("../constants")
const { getAppId, getCookieName, setCookie } = require("../utilities")
@ -65,36 +59,3 @@ module.exports = async (ctx, next) => {
await next()
}
/**
* Return the full access level object either from constants
* or the database based on the access level ID passed.
*
* @param {*} appId - appId of the user
* @param {*} accessLevelId - the id of the users access level
*/
const getAccessLevel = async (appId, accessLevelId) => {
if (
accessLevelId === POWERUSER_LEVEL_ID ||
accessLevelId === ADMIN_LEVEL_ID ||
accessLevelId === BUILDER_LEVEL_ID ||
accessLevelId === ANON_LEVEL_ID
) {
return {
_id: accessLevelId,
name: accessLevelId,
permissions: [],
}
}
const findAccessContext = {
params: {
levelId: accessLevelId,
},
user: {
appId,
},
}
await accessLevelController.find(findAccessContext)
return findAccessContext.body
}

52
packages/server/src/middleware/authorized.js
View File

@ -1,17 +1,17 @@
const { BUILTIN_LEVEL_IDS } = require("../utilities/security/accessLevels")
const {
adminPermissions,
ADMIN_LEVEL_ID,
POWERUSER_LEVEL_ID,
BUILDER_LEVEL_ID,
BUILDER,
} = require("../utilities/accessLevels")
PermissionTypes,
doesHavePermission,
} = require("../utilities/security/permissions")
const env = require("../environment")
const { apiKeyTable } = require("../db/dynamoClient")
const { AuthTypes } = require("../constants")
const ADMIN_ACCESS = [BUILTIN_LEVEL_IDS.ADMIN, BUILTIN_LEVEL_IDS.BUILDER]
const LOCAL_PASS = new RegExp(["webhooks/trigger", "webhooks/schema"].join("|"))
module.exports = (permName, getItemId) => async (ctx, next) => {
module.exports = (permType, permLevel = null) => async (ctx, next) => {
// webhooks can pass locally
if (!env.CLOUD && LOCAL_PASS.test(ctx.request.url)) {
return next()
@ -37,7 +37,7 @@ module.exports = (permName, getItemId) => async (ctx, next) => {
}
// don't expose builder endpoints in the cloud
if (env.CLOUD && permName === BUILDER) return
if (env.CLOUD && permType === PermissionTypes.BUILDER) return
if (!ctx.auth.authenticated) {
ctx.throw(403, "Session not authenticated")
@ -47,41 +47,19 @@ module.exports = (permName, getItemId) => async (ctx, next) => {
ctx.throw(403, "User not found")
}
if (ctx.user.accessLevel._id === ADMIN_LEVEL_ID) {
const accessLevel = ctx.user.accessLevel
const permissions = ctx.user.permissions
if (ADMIN_ACCESS.indexOf(accessLevel._id) !== -1) {
return next()
}
if (ctx.user.accessLevel._id === BUILDER_LEVEL_ID) {
return next()
}
if (permName === BUILDER) {
if (permType === PermissionTypes.BUILDER) {
ctx.throw(403, "Not Authorized")
return
}
const permissionId = ({ name, itemId }) => name + (itemId ? `-${itemId}` : "")
const thisPermissionId = permissionId({
name: permName,
itemId: getItemId && getItemId(ctx),
})
// power user has everything, except the admin specific perms
if (
ctx.user.accessLevel._id === POWERUSER_LEVEL_ID &&
!adminPermissions.map(permissionId).includes(thisPermissionId)
) {
return next()
}
if (
ctx.user.accessLevel.permissions
.map(permissionId)
.includes(thisPermissionId)
) {
return next()
if (!doesHavePermission(permType, permLevel, permissions)) {
ctx.throw(403, "User does not have permission")
}
ctx.throw(403, "Not Authorized")
return next()
}

36
packages/server/src/utilities/accessLevels.js
View File

@ -1,36 +0,0 @@
// Permissions
module.exports.READ_TABLE = "read-table"
module.exports.WRITE_TABLE = "write-table"
module.exports.READ_VIEW = "read-view"
module.exports.EXECUTE_AUTOMATION = "execute-automation"
module.exports.EXECUTE_WEBHOOK = "execute-webhook"
module.exports.USER_MANAGEMENT = "user-management"
module.exports.BUILDER = "builder"
module.exports.LIST_USERS = "list-users"
// Access Level IDs
module.exports.ADMIN_LEVEL_ID = "ADMIN"
module.exports.POWERUSER_LEVEL_ID = "POWER_USER"
module.exports.BUILDER_LEVEL_ID = "BUILDER"
module.exports.ANON_LEVEL_ID = "ANON"
module.exports.ACCESS_LEVELS = [
module.exports.ADMIN_LEVEL_ID,
module.exports.POWERUSER_LEVEL_ID,
module.exports.BUILDER_LEVEL_ID,
module.exports.ANON_LEVEL_ID,
]
module.exports.PRETTY_ACCESS_LEVELS = {
[module.exports.ADMIN_LEVEL_ID]: "Admin",
[module.exports.POWERUSER_LEVEL_ID]: "Power user",
[module.exports.BUILDER_LEVEL_ID]: "Builder",
}
module.exports.adminPermissions = [
{
name: module.exports.USER_MANAGEMENT,
},
]
// to avoid circular dependencies this is included later, after exporting all enums
const permissions = require("./permissions")
module.exports.generateAdminPermissions = permissions.generateAdminPermissions
module.exports.generatePowerUserPermissions =
permissions.generatePowerUserPermissions

6
packages/server/src/utilities/builder/setBuilderToken.js
View File

@ -1,4 +1,5 @@
const { BUILDER_LEVEL_ID } = require("../accessLevels")
const { BUILTIN_LEVEL_IDS } = require("../security/accessLevels")
const { BUILTIN_PERMISSION_NAMES } = require("../security/permissions")
const env = require("../../environment")
const CouchDB = require("../../db")
const jwt = require("jsonwebtoken")
@ -9,7 +10,8 @@ const APP_PREFIX = DocumentTypes.APP + SEPARATOR
module.exports = async (ctx, appId, version) => {
const builderUser = {
userId: "BUILDER",
accessLevelId: BUILDER_LEVEL_ID,
accessLevelId: BUILTIN_LEVEL_IDS.BUILDER,
permissions: [BUILTIN_PERMISSION_NAMES.ADMIN],
version,
}
if (env.BUDIBASE_API_KEY) {

66
packages/server/src/utilities/permissions.js
View File

@ -1,66 +0,0 @@
const viewController = require("../api/controllers/view")
const tableController = require("../api/controllers/table")
const automationController = require("../api/controllers/automation")
const accessLevels = require("./accessLevels")
// this has been broken out to reduce risk of circular dependency from utilities, no enums defined here
const generateAdminPermissions = async appId => [
...accessLevels.adminPermissions,
...(await generatePowerUserPermissions(appId)),
]
const generatePowerUserPermissions = async appId => {
const fetchTablesCtx = {
user: {
appId,
},
}
await tableController.fetch(fetchTablesCtx)
const tables = fetchTablesCtx.body
const fetchViewsCtx = {
user: {
appId,
},
}
await viewController.fetch(fetchViewsCtx)
const views = fetchViewsCtx.body
const fetchAutomationsCtx = {
user: {
appId,
},
}
await automationController.fetch(fetchAutomationsCtx)
const automations = fetchAutomationsCtx.body
const readTablePermissions = tables.map(m => ({
itemId: m._id,
name: accessLevels.READ_TABLE,
}))
const writeTablePermissions = tables.map(m => ({
itemId: m._id,
name: accessLevels.WRITE_TABLE,
}))
const viewPermissions = views.map(v => ({
itemId: v.name,
name: accessLevels.READ_VIEW,
}))
const executeAutomationPermissions = automations.map(w => ({
itemId: w._id,
name: accessLevels.EXECUTE_AUTOMATION,
}))
return [
...readTablePermissions,
...writeTablePermissions,
...viewPermissions,
...executeAutomationPermissions,
{ name: accessLevels.LIST_USERS },
]
}
module.exports.generateAdminPermissions = generateAdminPermissions
module.exports.generatePowerUserPermissions = generatePowerUserPermissions

24
packages/server/src/utilities/routing/index.js
View File

@ -0,0 +1,24 @@
const CouchDB = require("../../db")
const { createRoutingView } = require("./routingUtils")
const { ViewNames, getQueryIndex, UNICODE_MAX } = require("../../db/utils")
exports.getRoutingInfo = async appId => {
const db = new CouchDB(appId)
try {
const allRouting = await db.query(getQueryIndex(ViewNames.ROUTING), {
startKey: "",
endKey: UNICODE_MAX,
})
return allRouting.rows.map(row => row.value)
} catch (err) {
// check if the view doesn't exist, it should for all new instances
if (err != null && err.name === "not_found") {
await createRoutingView(appId)
return exports.getRoutingInfo(appId)
} else {
throw err
}
}
}
exports.createRoutingView = createRoutingView

24
packages/server/src/utilities/routing/routingUtils.js
View File

@ -0,0 +1,24 @@
const CouchDB = require("../../db")
const { DocumentTypes, SEPARATOR, ViewNames } = require("../../db/utils")
const SCREEN_PREFIX = DocumentTypes.SCREEN + SEPARATOR
exports.createRoutingView = async appId => {
const db = new CouchDB(appId)
const designDoc = await db.get("_design/database")
const view = {
// if using variables in a map function need to inject them before use
map: `function(doc) {
if (doc._id.startsWith("${SCREEN_PREFIX}")) {
emit(doc._id, {
id: doc._id,
routing: doc.routing,
})
}
}`,
}
designDoc.views = {
...designDoc.views,
[ViewNames.ROUTING]: view,
}
await db.put(designDoc)
}

150
packages/server/src/utilities/security/accessLevels.js
View File

@ -0,0 +1,150 @@
const CouchDB = require("../../db")
const { cloneDeep } = require("lodash/fp")
const BUILTIN_IDS = {
ADMIN: "ADMIN",
POWER: "POWER_USER",
BASIC: "BASIC",
PUBLIC: "PUBLIC",
BUILDER: "BUILDER",
}
function AccessLevel(id, name, inherits) {
this._id = id
this.name = name
if (inherits) {
this.inherits = inherits
}
}
exports.BUILTIN_LEVELS = {
ADMIN: new AccessLevel(BUILTIN_IDS.ADMIN, "Admin", BUILTIN_IDS.POWER),
POWER: new AccessLevel(BUILTIN_IDS.POWER, "Power", BUILTIN_IDS.BASIC),
BASIC: new AccessLevel(BUILTIN_IDS.BASIC, "Basic", BUILTIN_IDS.PUBLIC),
ANON: new AccessLevel(BUILTIN_IDS.PUBLIC, "Public"),
BUILDER: new AccessLevel(BUILTIN_IDS.BUILDER, "Builder"),
}
exports.BUILTIN_LEVEL_ID_ARRAY = Object.values(exports.BUILTIN_LEVELS).map(
level => level._id
)
exports.BUILTIN_LEVEL_NAME_ARRAY = Object.values(exports.BUILTIN_LEVELS).map(
level => level.name
)
function isBuiltin(accessLevel) {
return exports.BUILTIN_LEVEL_ID_ARRAY.indexOf(accessLevel) !== -1
}
/**
* Gets the access level object, this is mainly useful for two purposes, to check if the level exists and
* to check if the access level inherits any others.
* @param {string} appId The app in which to look for the access level.
* @param {string|null} accessLevelId The level ID to lookup.
* @returns {Promise<AccessLevel|object|null>} The access level object, which may contain an "inherits" property.
*/
exports.getAccessLevel = async (appId, accessLevelId) => {
if (!accessLevelId) {
return null
}
let accessLevel
if (isBuiltin(accessLevelId)) {
accessLevel = cloneDeep(
Object.values(exports.BUILTIN_LEVELS).find(
level => level._id === accessLevelId
)
)
} else {
const db = new CouchDB(appId)
accessLevel = await db.get(accessLevelId)
}
return accessLevel
}
/**
* Returns an ordered array of the user's inherited access level IDs, this can be used
* to determine if a user can access something that requires a specific access level.
* @param {string} appId The ID of the application from which access levels should be obtained.
* @param {string} userAccessLevelId The user's access level, this can be found in their access token.
* @returns {Promise<string[]>} returns an ordered array of the access levels, with the first being their
* highest level of access and the last being the lowest level.
*/
exports.getUserAccessLevelHierarchy = async (appId, userAccessLevelId) => {
// special case, if they don't have a level then they are a public user
if (!userAccessLevelId) {
return [BUILTIN_IDS.PUBLIC]
}
let accessLevelIds = [userAccessLevelId]
let userAccess = await exports.getAccessLevel(appId, userAccessLevelId)
// check if inherited makes it possible
while (
userAccess &&
userAccess.inherits &&
accessLevelIds.indexOf(userAccess.inherits) === -1
) {
accessLevelIds.push(userAccess.inherits)
// go to get the inherited incase it inherits anything
userAccess = await exports.getAccessLevel(appId, userAccess.inherits)
}
// add the user's actual level at the end (not at start as that stops iteration
return accessLevelIds
}
class AccessController {
constructor(appId) {
this.appId = appId
this.userHierarchies = {}
}
async hasAccess(tryingAccessLevelId, userAccessLevelId) {
// special cases, the screen has no access level, the access levels are the same or the user
// is currently in the builder
if (
tryingAccessLevelId == null ||
tryingAccessLevelId === "" ||
tryingAccessLevelId === userAccessLevelId ||
userAccessLevelId === BUILTIN_IDS.BUILDER
) {
return true
}
let accessLevelIds = this.userHierarchies[userAccessLevelId]
if (!accessLevelIds) {
accessLevelIds = await exports.getUserAccessLevelHierarchy(
this.appId,
userAccessLevelId
)
this.userHierarchies[userAccessLevelId] = userAccessLevelId
}
return accessLevelIds.indexOf(tryingAccessLevelId) !== -1
}
async checkScreensAccess(screens, userAccessLevelId) {
let accessibleScreens = []
// don't want to handle this with Promise.all as this would mean all custom access levels would be
// retrieved at same time, it is likely a custom levels will be re-used and therefore want
// to work in sync for performance save
for (let screen of screens) {
const accessible = await this.checkScreenAccess(screen, userAccessLevelId)
if (accessible) {
accessibleScreens.push(accessible)
}
}
return accessibleScreens
}
async checkScreenAccess(screen, userAccessLevelId) {
const accessLevelId =
screen && screen.routing ? screen.routing.accessLevelId : null
if (await this.hasAccess(accessLevelId, userAccessLevelId)) {
return screen
}
return null
}
}
exports.AccessController = AccessController
exports.BUILTIN_LEVEL_IDS = BUILTIN_IDS
exports.isBuiltin = isBuiltin
exports.AccessLevel = AccessLevel

113
packages/server/src/utilities/security/permissions.js
View File

@ -0,0 +1,113 @@
const { flatten } = require("lodash")
const PermissionLevels = {
READ: "read",
WRITE: "write",
EXECUTE: "execute",
ADMIN: "admin",
}
const PermissionTypes = {
TABLE: "table",
USER: "user",
AUTOMATION: "automation",
WEBHOOK: "webhook",
BUILDER: "builder",
VIEW: "view",
}
function Permission(type, level) {
this.level = level
this.type = type
}
/**
* Given the specified permission level for the user return the levels they are allowed to carry out.
* @param {string} userPermLevel The permission level of the user.
* @return {string[]} All the permission levels this user is allowed to carry out.
*/
function getAllowedLevels(userPermLevel) {
switch (userPermLevel) {
case PermissionLevels.READ:
return [PermissionLevels.READ]
case PermissionLevels.WRITE:
return [PermissionLevels.READ, PermissionLevels.WRITE]
case PermissionLevels.EXECUTE:
return [PermissionLevels.EXECUTE]
case PermissionLevels.ADMIN:
return [
PermissionLevels.READ,
PermissionLevels.WRITE,
PermissionLevels.EXECUTE,
]
default:
return []
}
}
exports.BUILTIN_PERMISSION_NAMES = {
READ_ONLY: "read_only",
WRITE: "write",
ADMIN: "admin",
POWER: "power",
}
exports.BUILTIN_PERMISSIONS = {
READ_ONLY: {
name: exports.BUILTIN_PERMISSION_NAMES.READ_ONLY,
permissions: [
new Permission(PermissionTypes.TABLE, PermissionLevels.READ),
new Permission(PermissionTypes.VIEW, PermissionLevels.READ),
],
},
WRITE: {
name: exports.BUILTIN_PERMISSION_NAMES.WRITE,
permissions: [
new Permission(PermissionTypes.TABLE, PermissionLevels.WRITE),
new Permission(PermissionTypes.VIEW, PermissionLevels.READ),
],
},
POWER: {
name: exports.BUILTIN_PERMISSION_NAMES.POWER,
permissions: [
new Permission(PermissionTypes.TABLE, PermissionLevels.WRITE),
new Permission(PermissionTypes.USER, PermissionLevels.READ),
new Permission(PermissionTypes.AUTOMATION, PermissionLevels.EXECUTE),
new Permission(PermissionTypes.VIEW, PermissionLevels.READ),
new Permission(PermissionTypes.WEBHOOK, PermissionLevels.READ),
],
},
ADMIN: {
name: exports.BUILTIN_PERMISSION_NAMES.ADMIN,
permissions: [
new Permission(PermissionTypes.TABLE, PermissionLevels.ADMIN),
new Permission(PermissionTypes.USER, PermissionLevels.ADMIN),
new Permission(PermissionTypes.AUTOMATION, PermissionLevels.ADMIN),
new Permission(PermissionTypes.VIEW, PermissionLevels.ADMIN),
new Permission(PermissionTypes.WEBHOOK, PermissionLevels.READ),
],
},
}
exports.doesHavePermission = (permType, permLevel, userPermissionNames) => {
const builtins = Object.values(exports.BUILTIN_PERMISSIONS)
let permissions = flatten(
builtins
.filter(builtin => userPermissionNames.indexOf(builtin.name) !== -1)
.map(builtin => builtin.permissions)
)
for (let permission of permissions) {
if (
permission.type === permType &&
getAllowedLevels(permission.level).indexOf(permLevel) !== -1
) {
return true
}
}
return false
}
// utility as a lot of things need simply the builder permission
exports.BUILDER = PermissionTypes.BUILDER
exports.PermissionTypes = PermissionTypes
exports.PermissionLevels = PermissionLevels
Write Preview
Loading…
Cancel
Save