Mirrors/unleash.unleash
1
0
Fork 0
mirror of https://github.com/Unleash/unleash.git synced 2025-02-19 00:15:43 +01:00
Code Issues Projects Releases Wiki Activity

fix: root roles should be connected to the default project

Browse Source
This commit is contained in:
Ivar Conradi Østhus 2022-01-11 13:33:04 +01:00
parent 7a71f01e83
commit c9481eb09a
No known key found for this signature in database
GPG Key ID: 31AC596886B0BD09
3 changed files with 24 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
src/lib/db/access-store.ts
View File

@ -14,7 +14,6 @@ import {
ENVIRONMENT_PERMISSION_TYPE, ENVIRONMENT_PERMISSION_TYPE,
ROOT_PERMISSION_TYPE, ROOT_PERMISSION_TYPE,
} from '../util/constants'; } from '../util/constants';
import { DEFAULT_PROJECT } from '../types/project';
const T = { const T = {
ROLE_USER: 'role_user', ROLE_USER: 'role_user',
@ -34,8 +33,6 @@ interface IPermissionRow {
role_id: number; role_id: number;
} }
const EDITOR_ROLE_ID = 2;
export class AccessStore implements IAccessStore { export class AccessStore implements IAccessStore {
private logger: Logger; private logger: Logger;
@ -127,17 +124,12 @@ export class AccessStore implements IAccessStore {
} }
mapUserPermission(row: IPermissionRow): IUserPermission { mapUserPermission(row: IPermissionRow): IUserPermission {
let project: string; let project: string = undefined;
// Since the editor should have access to the default project, // Since the editor should have access to the default project,
// we map the project to the project and environment specific // we map the project to the project and environment specific
// permissions that are connected to the editor role. // permissions that are connected to the editor role.
if ( if (row.type !== ROOT_PERMISSION_TYPE) {
row.role_id === EDITOR_ROLE_ID && project = row.project;
row.type !== ROOT_PERMISSION_TYPE
) {
project = DEFAULT_PROJECT;
} else if (row.type !== ROOT_PERMISSION_TYPE) {
project = row.project ? row.project : undefined;
} }
const environment = const environment =

3
src/lib/services/access-service.ts
View File

@ -25,6 +25,7 @@ import { IEnvironmentStore } from 'lib/types/stores/environment-store';
import RoleInUseError from '../error/role-in-use-error'; import RoleInUseError from '../error/role-in-use-error';
import { roleSchema } from '../schema/role-schema'; import { roleSchema } from '../schema/role-schema';
import { CUSTOM_ROLE_TYPE } from '../util/constants'; import { CUSTOM_ROLE_TYPE } from '../util/constants';
import { DEFAULT_PROJECT } from '../types/project';
export const ALL_PROJECTS = '*'; export const ALL_PROJECTS = '*';
export const ALL_ENVS = '*'; export const ALL_ENVS = '*';
@ -193,7 +194,7 @@ export class AccessService {
await this.store.addUserToRole( await this.store.addUserToRole(
userId, userId,
newRootRole.id, newRootRole.id,
ALL_PROJECTS, DEFAULT_PROJECT,
); );
} catch (error) { } catch (error) {
throw new Error( throw new Error(

19
src/migrations/20220111121010-update-project-for-editor-role.js Normal file
View File

@ -0,0 +1,19 @@
exports.up = function (db, cb) {
db.runSql(
`
UPDATE role_user set project = 'default' where role_id
IN (SELECT id as role_id from roles WHERE name in ('Admin', 'Editor', 'Viewer') LIMIT 3)
`,
cb,
);
};
exports.down = function (db, cb) {
db.runSql(
`
UPDATE role_user set project = '*' where role_id
IN (SELECT id as role_id from roles WHERE name in ('Admin', 'Editor', 'Viewer') LIMIT 3)
`,
cb,
);
};