From dc52c95787cd00578580d4b496b90c6e60f0227f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nuno=20G=C3=B3is?= <github@nunogois.com>
Date: Fri, 30 Jun 2023 11:15:11 +0100
Subject: [PATCH] refactor: clean up deprecated permissions (#4124)

https://linear.app/unleash/issue/2-1158/add-delete-migration-to-clean-up-no-longer-used-permissions

Cleans up the filter in https://github.com/Unleash/unleash/pull/4083 and
deletes the deprecated permissions from the database.
---
 src/lib/db/access-store.ts                    | 16 +--------------
 ...630080126-delete-deprecated-permissions.js | 20 +++++++++++++++++++
 2 files changed, 21 insertions(+), 15 deletions(-)
 create mode 100644 src/migrations/20230630080126-delete-deprecated-permissions.js

diff --git a/src/lib/db/access-store.ts b/src/lib/db/access-store.ts
index 43f2681927..205f0b8764 100644
--- a/src/lib/db/access-store.ts
+++ b/src/lib/db/access-store.ts
@@ -43,18 +43,6 @@ interface IPermissionRow {
 }
 
 export class AccessStore implements IAccessStore {
-    private readonly DEPRECATED_PERMISSIONS = [
-        'CREATE_API_TOKEN',
-        'UPDATE_API_TOKEN',
-        'DELETE_API_TOKEN',
-        'READ_API_TOKEN',
-        'UPDATE_ROLE',
-        'CREATE_ADMIN_API_TOKEN',
-        'UPDATE_ADMIN_API_TOKEN',
-        'DELETE_ADMIN_API_TOKEN',
-        'READ_ADMIN_API_TOKEN',
-    ];
-
     private logger: Logger;
 
     private timer: Function;
@@ -115,9 +103,7 @@ export class AccessStore implements IAccessStore {
             .orWhere('type', 'environment')
             .orWhere('type', 'root')
             .from(`${T.PERMISSIONS} as p`);
-        return rows
-            .map(this.mapPermission)
-            .filter((p) => !this.DEPRECATED_PERMISSIONS.includes(p.name));
+        return rows.map(this.mapPermission);
     }
 
     mapPermission(permission: IPermissionRow): IPermission {
diff --git a/src/migrations/20230630080126-delete-deprecated-permissions.js b/src/migrations/20230630080126-delete-deprecated-permissions.js
new file mode 100644
index 0000000000..e218c9572e
--- /dev/null
+++ b/src/migrations/20230630080126-delete-deprecated-permissions.js
@@ -0,0 +1,20 @@
+exports.up = function (db, cb) {
+    db.runSql(
+        `
+        DELETE FROM permissions WHERE permission IN ('CREATE_API_TOKEN', 'UPDATE_API_TOKEN', 'DELETE_API_TOKEN', 'READ_API_TOKEN');
+        DELETE FROM permissions WHERE permission = 'UPDATE_ROLE';
+        DELETE FROM permissions WHERE permission IN ('CREATE_ADMIN_API_TOKEN', 'UPDATE_ADMIN_API_TOKEN', 'DELETE_ADMIN_API_TOKEN', 'READ_ADMIN_API_TOKEN');
+
+        DELETE FROM role_permission rp where NOT EXISTS (SELECT * FROM permissions WHERE id = rp.permission_id);
+        `,
+        cb,
+    );
+};
+
+exports.down = function (db, cb) {
+    db.runSql(
+        `
+        `,
+        cb,
+    );
+};