mirror of
https://github.com/Unleash/unleash.git
synced 2024-12-22 19:07:54 +01:00
feat: automatically add all existing users as owners to all existing … (#818)
* feat: automatically add all existing users as owners to all existing projects
This commit is contained in:
parent
4c3a77bc31
commit
dd8e9207ad
@ -13,4 +13,4 @@
|
||||
}
|
||||
],
|
||||
"settings": {}
|
||||
}
|
||||
}
|
||||
|
@ -22,7 +22,7 @@ exports.up = function(db, cb) {
|
||||
const roleName = resolveRoleName(u.permissions);
|
||||
return db.runSql.bind(
|
||||
db,
|
||||
`INSERT INTO role_user (role_id, user_id)
|
||||
`INSERT INTO role_user (role_id, user_id)
|
||||
SELECT id, '${u.id}'
|
||||
FROM roles
|
||||
WHERE name = '${roleName}' AND type = 'root';`,
|
||||
|
60
src/migrations/20210428103923-onboard-projects-to-rbac.js
Normal file
60
src/migrations/20210428103923-onboard-projects-to-rbac.js
Normal file
@ -0,0 +1,60 @@
|
||||
const async = require('async');
|
||||
|
||||
const DESCRIPTION = {
|
||||
OWNER:
|
||||
'Users with this role have full control over the project, and can add and manage other users within the project context, manage feature toggles within the project, and control advanced project features like archiving and deleting the project.',
|
||||
MEMBER:
|
||||
'Users with this role within a project are allowed to view, create and update feature toggles, but have limited permissions in regards to managing the projects user access and can not archive or delete the project.',
|
||||
};
|
||||
exports.up = function(db, cb) {
|
||||
db.runSql(
|
||||
`SELECT id AS name from projects WHERE id NOT IN (SELECT DISTINCT project FROM roles WHERE project IS NOT null)`,
|
||||
(err, results) => {
|
||||
if (results && results.rowCount > 0) {
|
||||
const projects = results.rows;
|
||||
const createProjectRoles = projects.map(p =>
|
||||
db.runSql.bind(
|
||||
db,
|
||||
`
|
||||
WITH project_owner AS (
|
||||
INSERT into roles (name, description, type, project)
|
||||
VALUES ('Owner', '${DESCRIPTION.OWNER}', 'project', '${p.name}')
|
||||
RETURNING id role_id
|
||||
)
|
||||
INSERT INTO role_permission(role_id, project, permission) VALUES
|
||||
((SELECT role_id FROM project_owner), '${p.name}', 'UPDATE_PROJECT'),
|
||||
((SELECT role_id FROM project_owner), '${p.name}', 'DELETE_PROJECT'),
|
||||
((SELECT role_id FROM project_owner), '${p.name}', 'CREATE_FEATURE'),
|
||||
((SELECT role_id FROM project_owner), '${p.name}', 'UPDATE_FEATURE'),
|
||||
((SELECT role_id FROM project_owner), '${p.name}', 'DELETE_FEATURE');
|
||||
|
||||
WITH project_member AS (
|
||||
INSERT into roles (name, description, type, project)
|
||||
VALUES ('Member', '${DESCRIPTION.MEMBER}', 'project', '${p.name}')
|
||||
RETURNING id role_id
|
||||
)
|
||||
INSERT INTO role_permission(role_id, project, permission) VALUES
|
||||
((SELECT role_id from project_member), '${p.name}', 'CREATE_FEATURE'),
|
||||
((SELECT role_id from project_member), '${p.name}', 'UPDATE_FEATURE'),
|
||||
((SELECT role_id from project_member), '${p.name}', 'DELETE_FEATURE');
|
||||
|
||||
WITH owner_id AS (
|
||||
SELECT id FROM roles WHERE type='project' AND project='${p.name}' AND name = 'Owner'
|
||||
)
|
||||
INSERT INTO role_user(role_id, user_id) SELECT o.id, u.id FROM owner_id o, users u ON CONFLICT DO NOTHING;
|
||||
|
||||
`,
|
||||
),
|
||||
);
|
||||
|
||||
async.series(createProjectRoles, cb);
|
||||
} else {
|
||||
cb();
|
||||
}
|
||||
},
|
||||
);
|
||||
};
|
||||
|
||||
exports.down = function(db, cb) {
|
||||
cb(); // Can't really roll this back since more roles could have been added afterwards
|
||||
};
|
Loading…
Reference in New Issue
Block a user