unleash.unleash/src/migrations/20220111115613-move-feature-toggle-permission.js

exports.up = function (db, cb) {
    db.runSql(
        `
        INSERT INTO permissions (permission, display_name, type) VALUES ('MOVE_FEATURE_TOGGLE', 'Change feature toggle project', 'project');
        INSERT INTO role_permission (role_id, permission_id, environment)
        SELECT
            (SELECT id as role_id from roles WHERE name = 'Editor' LIMIT 1),
            p.id as permission_id,
            '*' as environment
        FROM permissions p
        WHERE p.permission IN
            ('MOVE_FEATURE_TOGGLE');


        INSERT INTO role_permission (role_id, permission_id, environment)
        SELECT
            (SELECT id as role_id from roles WHERE name = 'Owner' LIMIT 1),
            p.id as permission_id,
            '*' as environment
        FROM permissions p
        WHERE p.permission IN
            ('MOVE_FEATURE_TOGGLE');
        `,
        cb,
    );
};

exports.down = function (db, cb) {
    db.runSql(
        `
        DELETE FROM permissions WHERE permission = 'MOVE_FEATURE_TOGGLE';
  `,
        cb,
    );
};
feat: custom project roles (#1220) * wip: environment for permissions * fix: add migration for roles * fix: connect environment with access service * feat: add tests * chore: Implement scaffolding for new rbac * fix: add fake store * feat: Add api endpoints for roles and permissions list * feat: Add ability to provide permissions when creating a role and rename environmentName to name in the list permissions datastructure * fix: Make project roles resolve correctly against new environments permissions structure * fix: Patch migration to also populate permission names * fix: Make permissions actually work with new environments * fix: Add back to get permissions working for editor role * fix: Removed ability to set role type through api during creation - it's now always custom * feat: Return permissions on get role endpoint * feat: Add in support for updating roles * fix: Get a bunch of tests working and delete a few that make no sense anymore * chore: A few small cleanups - remove logging and restore default on dev server config * chore: Refactor role/access stores into more logical domains * feat: Add in validation for roles * feat: Patch db migration to handle old stucture * fix: migration for project roles * fix: patch a few broken tests * fix: add permissions to editor * fix: update test name * fix: update user permission mapping * fix: create new user * fix: update root role test * fix: update tests * feat: Validation now works when updating a role * fix: Add in very barebones down migration for rbac so that tests work * fix: Improve responses from role resolution - getting a non existant role will throw a NotFound error * fix: remove unused permissions * fix: add test for connecting roles and deleting project * fix: add test for adding a project member with a custom role * fix: add test for changing user role * fix: add guard for deleting role if the role is in use * fix: alter migration * chore: Minor code cleanups * chore: Small code cleanups * chore: More minor cleanups of code * chore: Trim some dead code to make the linter happy * feat: Schema validation for roles * fix: setup permission for variant * fix: remove unused import * feat: Add cascading delete for role_permissions when deleting a role * feat: add configuration option for disabling legacy api * chore: update frontend to beta version * 4.6.0-beta.0 * fix: export default project constant * fix: update snapshot * fix: module pattern ../../lib * fix: move DEFAULT_PROJECT to types * fix: remove debug logging * fix: remove debug log state * fix: Change permission descriptions * fix: roles should have unique name * fix: root roles should be connected to the default project * fix: typo in role-schema.ts * fix: Role permission empty string for non environment type * feat: new permission for moving project * fix: add event for changeProject * fix: Removing a user from a project will now check to see if that project has an owner, rather than checking if any project has an owner * fix: add tests for move project * fix: Add in missing create/delete tag permissions * fix: Removed duplicate impl caused by multiple good samaritans putting it back in! * fix: Trim out add tag permissions, for now at least * chore: Trim out new add and delete tag permissions - we're going with update feature instead * chore: update frontend * 4.6.0-beta.1 * feat: Prevent editing of built in roles * fix: Patch an issue where permissions for variants/environments didn't match the front end * fix: lint Co-authored-by: Ivar Conradi Østhus <ivarconr@gmail.com> Co-authored-by: Fredrik Oseberg <fredrik.no@gmail.com> 2022-01-13 11:14:17 +01:00			`exports.up = function (db, cb) {`
			`db.runSql(`
			`
			`INSERT INTO permissions (permission, display_name, type) VALUES ('MOVE_FEATURE_TOGGLE', 'Change feature toggle project', 'project');`
			`INSERT INTO role_permission (role_id, permission_id, environment)`
			`SELECT`
			`(SELECT id as role_id from roles WHERE name = 'Editor' LIMIT 1),`
			`p.id as permission_id,`
			`'*' as environment`
			`FROM permissions p`
			`WHERE p.permission IN`
			`('MOVE_FEATURE_TOGGLE');`


			`INSERT INTO role_permission (role_id, permission_id, environment)`
			`SELECT`
			`(SELECT id as role_id from roles WHERE name = 'Owner' LIMIT 1),`
			`p.id as permission_id,`
			`'*' as environment`
			`FROM permissions p`
			`WHERE p.permission IN`
			`('MOVE_FEATURE_TOGGLE');`
			`,
			`cb,`
			`);`
			`};`

			`exports.down = function (db, cb) {`
			`db.runSql(`
			`
			`DELETE FROM permissions WHERE permission = 'MOVE_FEATURE_TOGGLE';`
			`,
			`cb,`
			`);`
			`};`