fix: root roles should be connected to the default project

2025-10-27 11:02:16 +01:00 · 2022-01-11 13:33:04 +01:00 · 2022-01-11 13:33:04 +01:00 · c9481eb09a
commit c9481eb09a
parent 7a71f01e83
3 changed files with 24 additions and 12 deletions
--- a/src/lib/db/access-store.ts
+++ b/src/lib/db/access-store.ts
@ -14,7 +14,6 @@ import {
    ENVIRONMENT_PERMISSION_TYPE,
    ROOT_PERMISSION_TYPE,
 } from '../util/constants';
-import { DEFAULT_PROJECT } from '../types/project';

 const T = {
    ROLE_USER: 'role_user',
@ -34,8 +33,6 @@ interface IPermissionRow {
    role_id: number;
 }

-const EDITOR_ROLE_ID = 2;
-
 export class AccessStore implements IAccessStore {
    private logger: Logger;

@ -127,17 +124,12 @@ export class AccessStore implements IAccessStore {
    }

    mapUserPermission(row: IPermissionRow): IUserPermission {
-        let project: string;
+        let project: string = undefined;
        // Since the editor should have access to the default project,
        // we map the project to the project and environment specific
        // permissions that are connected to the editor role.
-        if (
-            row.role_id === EDITOR_ROLE_ID &&
-            row.type !== ROOT_PERMISSION_TYPE
-        ) {
-            project = DEFAULT_PROJECT;
-        } else if (row.type !== ROOT_PERMISSION_TYPE) {
-            project = row.project ? row.project : undefined;
+        if (row.type !== ROOT_PERMISSION_TYPE) {
+            project = row.project;
        }

        const environment =
--- a/src/lib/services/access-service.ts
+++ b/src/lib/services/access-service.ts
@ -25,6 +25,7 @@ import { IEnvironmentStore } from 'lib/types/stores/environment-store';
 import RoleInUseError from '../error/role-in-use-error';
 import { roleSchema } from '../schema/role-schema';
 import { CUSTOM_ROLE_TYPE } from '../util/constants';
+import { DEFAULT_PROJECT } from '../types/project';

 export const ALL_PROJECTS = '*';
 export const ALL_ENVS = '*';
@ -193,7 +194,7 @@ export class AccessService {
                await this.store.addUserToRole(
                    userId,
                    newRootRole.id,
-                    ALL_PROJECTS,
+                    DEFAULT_PROJECT,
                );
            } catch (error) {
                throw new Error(
--- a/src/migrations/20220111121010-update-project-for-editor-role.js
+++ b/src/migrations/20220111121010-update-project-for-editor-role.js
@ -0,0 +1,19 @@
+exports.up = function (db, cb) {
+    db.runSql(
+        `
+    UPDATE role_user set project = 'default' where role_id 
+    IN (SELECT id as role_id from roles WHERE name in ('Admin', 'Editor', 'Viewer') LIMIT 3)
+  `,
+        cb,
+    );
+};
+
+exports.down = function (db, cb) {
+    db.runSql(
+        `
+      UPDATE role_user set project = '*' where role_id 
+      IN (SELECT id as role_id from roles WHERE name in ('Admin', 'Editor', 'Viewer') LIMIT 3)
+`,
+        cb,
+    );
+};