Mirrors/unleash.unleash
1
0
Fork 0
mirror of https://github.com/Unleash/unleash.git synced 2024-10-18 20:09:08 +02:00
Code Issues Projects Releases Wiki Activity
7843c2bbc8
unleash.unleash/src/migrations/20211202120808-add-custom-roles.js

206 lines
8.8 KiB
JavaScript
Raw Normal View History

feat: custom project roles (#1220) * wip: environment for permissions * fix: add migration for roles * fix: connect environment with access service * feat: add tests * chore: Implement scaffolding for new rbac * fix: add fake store * feat: Add api endpoints for roles and permissions list * feat: Add ability to provide permissions when creating a role and rename environmentName to name in the list permissions datastructure * fix: Make project roles resolve correctly against new environments permissions structure * fix: Patch migration to also populate permission names * fix: Make permissions actually work with new environments * fix: Add back to get permissions working for editor role * fix: Removed ability to set role type through api during creation - it's now always custom * feat: Return permissions on get role endpoint * feat: Add in support for updating roles * fix: Get a bunch of tests working and delete a few that make no sense anymore * chore: A few small cleanups - remove logging and restore default on dev server config * chore: Refactor role/access stores into more logical domains * feat: Add in validation for roles * feat: Patch db migration to handle old stucture * fix: migration for project roles * fix: patch a few broken tests * fix: add permissions to editor * fix: update test name * fix: update user permission mapping * fix: create new user * fix: update root role test * fix: update tests * feat: Validation now works when updating a role * fix: Add in very barebones down migration for rbac so that tests work * fix: Improve responses from role resolution - getting a non existant role will throw a NotFound error * fix: remove unused permissions * fix: add test for connecting roles and deleting project * fix: add test for adding a project member with a custom role * fix: add test for changing user role * fix: add guard for deleting role if the role is in use * fix: alter migration * chore: Minor code cleanups * chore: Small code cleanups * chore: More minor cleanups of code * chore: Trim some dead code to make the linter happy * feat: Schema validation for roles * fix: setup permission for variant * fix: remove unused import * feat: Add cascading delete for role_permissions when deleting a role * feat: add configuration option for disabling legacy api * chore: update frontend to beta version * 4.6.0-beta.0 * fix: export default project constant * fix: update snapshot * fix: module pattern ../../lib * fix: move DEFAULT_PROJECT to types * fix: remove debug logging * fix: remove debug log state * fix: Change permission descriptions * fix: roles should have unique name * fix: root roles should be connected to the default project * fix: typo in role-schema.ts * fix: Role permission empty string for non environment type * feat: new permission for moving project * fix: add event for changeProject * fix: Removing a user from a project will now check to see if that project has an owner, rather than checking if any project has an owner * fix: add tests for move project * fix: Add in missing create/delete tag permissions * fix: Removed duplicate impl caused by multiple good samaritans putting it back in! * fix: Trim out add tag permissions, for now at least * chore: Trim out new add and delete tag permissions - we're going with update feature instead * chore: update frontend * 4.6.0-beta.1 * feat: Prevent editing of built in roles * fix: Patch an issue where permissions for variants/environments didn't match the front end * fix: lint Co-authored-by: Ivar Conradi Østhus <ivarconr@gmail.com> Co-authored-by: Fredrik Oseberg <fredrik.no@gmail.com>
2022-01-13 11:14:17 +01:00
exports.up = function (db, cb) {
db.runSql(
`
CREATE TABLE IF NOT EXISTS permissions
(
id SERIAL PRIMARY KEY,
permission VARCHAR(255) NOT NULL,
display_name TEXT,
type VARCHAR(255),
created_at TIMESTAMP WITH TIME ZONE DEFAULT now()
);
INSERT INTO permissions (permission, display_name, type) VALUES ('ADMIN', 'Admin', 'root');
INSERT INTO permissions (permission, display_name, type) VALUES ('CREATE_FEATURE', 'Create Feature Toggles', 'project');
INSERT INTO permissions (permission, display_name, type) VALUES ('CREATE_STRATEGY','Create Strategies', 'root');
INSERT INTO permissions (permission, display_name, type) VALUES ('CREATE_ADDON', 'Create Addons', 'root');
INSERT INTO permissions (permission, display_name, type) VALUES ('DELETE_ADDON', 'Delete Addons', 'root');
INSERT INTO permissions (permission, display_name, type) VALUES ('UPDATE_ADDON', 'Update Addons', 'root');
INSERT INTO permissions (permission, display_name, type) VALUES ('UPDATE_FEATURE', 'Update Feature Toggles', 'project');
INSERT INTO permissions (permission, display_name, type) VALUES ('DELETE_FEATURE', 'Delete Feature Toggles', 'project');
INSERT INTO permissions (permission, display_name, type) VALUES ('UPDATE_APPLICATION', 'Update Applications', 'root');
INSERT INTO permissions (permission, display_name, type) VALUES ('UPDATE_TAG_TYPE', 'Update Tag Types', 'root');
INSERT INTO permissions (permission, display_name, type) VALUES ('DELETE_TAG_TYPE', 'Delete Tag Types', 'root');
INSERT INTO permissions (permission, display_name, type) VALUES ('CREATE_PROJECT', 'Create Projects', 'root');
INSERT INTO permissions (permission, display_name, type) VALUES ('UPDATE_PROJECT', 'Update Projects', 'project');
INSERT INTO permissions (permission, display_name, type) VALUES ('DELETE_PROJECT', 'Delete Projects', 'project');
INSERT INTO permissions (permission, display_name, type) VALUES ('UPDATE_STRATEGY', 'Update Strategies', 'root');
INSERT INTO permissions (permission, display_name, type) VALUES ('DELETE_STRATEGY', 'Delete Strategies', 'root');
INSERT INTO permissions (permission, display_name, type) VALUES ('UPDATE_CONTEXT_FIELD', 'Update Context Fields', 'root');
INSERT INTO permissions (permission, display_name, type) VALUES ('CREATE_CONTEXT_FIELD', 'Create Context Fields', 'root');
INSERT INTO permissions (permission, display_name, type) VALUES ('DELETE_CONTEXT_FIELD', 'Delete Context Fields', 'root');
INSERT INTO permissions (permission, display_name, type) VALUES ('READ_ROLE', 'Read Roles', 'root');
INSERT INTO permissions (permission, display_name, type) VALUES ('UPDATE_ROLE', 'Update Roles', 'root');
INSERT INTO permissions (permission, display_name, type) VALUES ('UPDATE_API_TOKEN', 'Update API Tokens', 'root');
INSERT INTO permissions (permission, display_name, type) VALUES ('CREATE_API_TOKEN', 'Create API Tokens', 'root');
INSERT INTO permissions (permission, display_name, type) VALUES ('DELETE_API_TOKEN', 'Delete API Tokens', 'root');
INSERT INTO permissions (permission, display_name, type) VALUES ('CREATE_FEATURE_STRATEGY', 'Create Feature Strategies', 'environment');
INSERT INTO permissions (permission, display_name, type) VALUES ('UPDATE_FEATURE_STRATEGY', 'Update Feature Strategies', 'environment');
INSERT INTO permissions (permission, display_name, type) VALUES ('DELETE_FEATURE_STRATEGY', 'Delete Feature Strategies', 'environment');
INSERT INTO permissions (permission, display_name, type) VALUES ('UPDATE_FEATURE_ENVIRONMENT', 'Enable/disable Toggles in Environment', 'environment');
INSERT INTO permissions (permission, display_name, type) VALUES ('UPDATE_FEATURE_VARIANTS', 'Create/Edit variants', 'project');
ALTER TABLE role_user ADD COLUMN
project VARCHAR(255);
ALTER TABLE roles
ADD COLUMN
updated_at TIMESTAMP WITH TIME ZONE;
ALTER TABLE role_permission
ADD COLUMN
permission_id INTEGER,
ADD COLUMN
environment VARCHAR (100);
CREATE TEMPORARY TABLE temp_primary_roles
(
id INTEGER,
name TEXT,
description TEXT,
type TEXT,
project TEXT,
created_at DATE
)
ON COMMIT DROP;
CREATE TEMPORARY TABLE temp_discard_roles
(
id INTEGER,
name TEXT,
description TEXT,
type TEXT,
project TEXT,
created_at DATE
)
ON COMMIT DROP;
INSERT INTO temp_primary_roles select distinct on (name) id, name ,description, type, project, created_at from roles order by name, id;
INSERT INTO temp_discard_roles SELECT r.id, r.name, r.description, r.type, r.project, r.created_at FROM roles r
LEFT JOIN temp_primary_roles tpr ON r.id = tpr.id
WHERE tpr.id IS NULL;
UPDATE role_user
SET project = tpr.project
FROM temp_primary_roles tpr
WHERE tpr.id = role_user.role_id;
ALTER TABLE role_user DROP CONSTRAINT role_user_pkey;
WITH rtu as (
SELECT tdr.id as old_role_id, tpr.id as new_role_id, tdr.project as project FROM temp_discard_roles tdr
JOIN temp_primary_roles tpr ON tdr.name = tpr.name
)
UPDATE role_user
SET project = rtu.project, role_id = rtu.new_role_id
FROM rtu
WHERE rtu.old_role_id = role_user.role_id;
UPDATE role_user SET project = '*' WHERE project IS NULL;
ALTER TABLE role_user ADD PRIMARY KEY (role_id, user_id, project);
DELETE FROM roles WHERE EXISTS
(
SELECT 1 FROM temp_discard_roles tdr WHERE tdr.id = roles.id
);
DELETE FROM role_permission;
ALTER TABLE roles DROP COLUMN project;
ALTER TABLE role_permission
DROP COLUMN project,
DROP COLUMN permission;
INSERT INTO role_permission (role_id, permission_id, environment)
SELECT
(SELECT id as role_id from roles WHERE name = 'Editor' LIMIT 1),
p.id as permission_id,
'*' as environment
FROM permissions p
WHERE p.permission IN
('CREATE_STRATEGY',
'UPDATE_STRATEGY',
'DELETE_STRATEGY',
'UPDATE_APPLICATION',
'CREATE_CONTEXT_FIELD',
'UPDATE_CONTEXT_FIELD',
'DELETE_CONTEXT_FIELD',
'CREATE_PROJECT',
'CREATE_ADDON',
'UPDATE_ADDON',
'DELETE_ADDON',
'UPDATE_PROJECT',
'DELETE_PROJECT',
'CREATE_FEATURE',
'UPDATE_FEATURE',
'DELETE_FEATURE',
'UPDATE_TAG_TYPE',
'DELETE_TAG_TYPE',
'UPDATE_FEATURE_VARIANTS');
INSERT INTO role_permission (role_id, permission_id, environment)
SELECT
(SELECT id as role_id from roles WHERE name = 'Owner' LIMIT 1),
p.id as permission_id,
null as environment
FROM permissions p
WHERE p.permission IN
('UPDATE_PROJECT',
'DELETE_PROJECT',
'CREATE_FEATURE',
'UPDATE_FEATURE',
'DELETE_FEATURE',
'UPDATE_FEATURE_VARIANTS');
INSERT INTO role_permission (role_id, permission_id, environment)
SELECT
(SELECT id as role_id from roles WHERE name = 'Member' LIMIT 1),
p.id as permission_id,
null as environment
FROM permissions p
WHERE p.permission IN
('CREATE_FEATURE',
'UPDATE_FEATURE',
'DELETE_FEATURE',
'UPDATE_FEATURE_VARIANTS');
INSERT INTO role_permission (role_id, permission_id, environment)
SELECT
(SELECT id as role_id from roles WHERE name = 'Admin' LIMIT 1),
p.id as permission_id,
'*' environment
FROM permissions p
WHERE p.permission = 'ADMIN';
ALTER TABLE role_permission
ADD CONSTRAINT fk_role_permission
FOREIGN KEY(role_id)
REFERENCES roles(id) ON DELETE CASCADE;
`,
cb,
);
};
exports.down = function (db, cb) {
db.runSql(
`
ALTER TABLE role_user DROP COLUMN project;
ALTER TABLE roles DROP COLUMN updated_at;
ALTER TABLE role_permission
DROP COLUMN
permission_id,
DROP COLUMN
environment;
ALTER TABLE role_permission
ADD COLUMN project TEXT,
ADD COLUMN permission TEXT;
`,
cb,
);
};
Reference in New Issue Copy Permalink