fix: Allow project roles to be changed when the relevant user has a root role (#1632)

2025-10-27 11:02:16 +01:00 · 2022-05-26 16:20:36 +02:00 · 2022-05-26 16:20:36 +02:00 · 6273d0d924
commit 6273d0d924
parent b3161bc2e8
2 changed files with 35 additions and 0 deletions
--- a/src/lib/db/access-store.ts
+++ b/src/lib/db/access-store.ts
@ -257,6 +257,10 @@ export class AccessStore implements IAccessStore {
                user_id: userId,
                project: projectId,
            })
+            .whereNotIn(
+                'role_id',
+                this.db(T.ROLES).select('id as role_id').where('type', 'root'),
+            )
            .update('role_id', roleId);
    }

--- a/src/test/e2e/services/access-service.e2e.test.ts
+++ b/src/test/e2e/services/access-service.e2e.test.ts
@ -13,6 +13,7 @@ import { IUnleashStores } from '../../../lib/types';
 import FeatureToggleService from '../../../lib/services/feature-toggle-service';
 import ProjectService from '../../../lib/services/project-service';
 import { createTestConfig } from '../../config/test-config';
+import { DEFAULT_PROJECT } from '../../../lib/types/project';

 let db: ITestDb;
 let stores: IUnleashStores;
@ -510,6 +511,36 @@ test('should switch root role for user', async () => {
    expect(roles[0].name).toBe(RoleName.VIEWER);
 });

+test('should switch project roles on when multiple roles are present for same user', async () => {
+    const { userStore, roleStore, accessStore } = stores;
+
+    const userOne = await userStore.insert({
+        name: 'Some User With Expected Roles',
+        email: 'random42Read@getunleash.io',
+    });
+
+    const customRole = await roleStore.create({
+        name: 'Some Arbitrary Role',
+        roleType: 'custom',
+        description: 'This does nothing',
+    });
+
+    const targetRole = await roleStore.create({
+        name: 'Another Arbitrary Role',
+        roleType: 'custom',
+        description: 'This does nothing',
+    });
+
+    await accessService.setUserRootRole(userOne.id, editorRole.id);
+    await accessStore.addUserToRole(userOne.id, customRole.id, DEFAULT_PROJECT);
+
+    await accessService.updateUserProjectRole(
+        userOne.id,
+        targetRole.id,
+        DEFAULT_PROJECT,
+    );
+});
+
 test('should not crash if user does not have permission', async () => {
    const { userStore } = stores;