From dd8e9207ad3af46c2184c04bc27a20d0af501eb5 Mon Sep 17 00:00:00 2001
From: Christopher Kolstad <chriswk@getunleash.ai>
Date: Fri, 30 Apr 2021 13:04:25 +0200
Subject: [PATCH] =?UTF-8?q?feat:=20automatically=20add=20all=20existing=20?=
 =?UTF-8?q?users=20as=20owners=20to=20all=20existing=20=E2=80=A6=20(#818)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* feat: automatically add all existing users as owners to all existing projects
---
 src/migrations/.eslintrc                      |  2 +-
 .../20210428062103-user-permission-to-rbac.js |  2 +-
 ...20210428103923-onboard-projects-to-rbac.js | 60 +++++++++++++++++++
 3 files changed, 62 insertions(+), 2 deletions(-)
 create mode 100644 src/migrations/20210428103923-onboard-projects-to-rbac.js

diff --git a/src/migrations/.eslintrc b/src/migrations/.eslintrc
index 9e300b35fc..ad84aa44c3 100644
--- a/src/migrations/.eslintrc
+++ b/src/migrations/.eslintrc
@@ -13,4 +13,4 @@
       }
     ],
     "settings": {}
-}
\ No newline at end of file
+}
diff --git a/src/migrations/20210428062103-user-permission-to-rbac.js b/src/migrations/20210428062103-user-permission-to-rbac.js
index 1500ddd7df..41fd24259d 100644
--- a/src/migrations/20210428062103-user-permission-to-rbac.js
+++ b/src/migrations/20210428062103-user-permission-to-rbac.js
@@ -22,7 +22,7 @@ exports.up = function(db, cb) {
                     const roleName = resolveRoleName(u.permissions);
                     return db.runSql.bind(
                         db,
-                        `INSERT INTO role_user (role_id, user_id) 
+                        `INSERT INTO role_user (role_id, user_id)
                      SELECT id, '${u.id}'
                      FROM roles
                      WHERE name = '${roleName}' AND type = 'root';`,
diff --git a/src/migrations/20210428103923-onboard-projects-to-rbac.js b/src/migrations/20210428103923-onboard-projects-to-rbac.js
new file mode 100644
index 0000000000..1f8d13abf4
--- /dev/null
+++ b/src/migrations/20210428103923-onboard-projects-to-rbac.js
@@ -0,0 +1,60 @@
+const async = require('async');
+
+const DESCRIPTION = {
+    OWNER:
+        'Users with this role have full control over the project, and can add and manage other users within the project context, manage feature toggles within the project, and control advanced project features like archiving and deleting the project.',
+    MEMBER:
+        'Users with this role within a project are allowed to view, create and update feature toggles, but have limited permissions in regards to managing the projects user access and can not archive or delete the project.',
+};
+exports.up = function(db, cb) {
+    db.runSql(
+        `SELECT id AS name from projects WHERE id NOT IN (SELECT DISTINCT project FROM roles WHERE project IS NOT null)`,
+        (err, results) => {
+            if (results && results.rowCount > 0) {
+                const projects = results.rows;
+                const createProjectRoles = projects.map(p =>
+                    db.runSql.bind(
+                        db,
+                        `
+                WITH project_owner AS (
+                    INSERT into roles (name, description, type, project)
+                        VALUES ('Owner', '${DESCRIPTION.OWNER}', 'project', '${p.name}')
+                        RETURNING id role_id
+                )
+                INSERT INTO role_permission(role_id, project, permission) VALUES
+                    ((SELECT role_id FROM project_owner), '${p.name}', 'UPDATE_PROJECT'),
+                    ((SELECT role_id FROM project_owner), '${p.name}', 'DELETE_PROJECT'),
+                    ((SELECT role_id FROM project_owner), '${p.name}', 'CREATE_FEATURE'),
+                    ((SELECT role_id FROM project_owner), '${p.name}', 'UPDATE_FEATURE'),
+                    ((SELECT role_id FROM project_owner), '${p.name}', 'DELETE_FEATURE');
+
+                WITH project_member AS (
+                    INSERT into roles (name, description, type, project)
+                        VALUES ('Member', '${DESCRIPTION.MEMBER}', 'project', '${p.name}')
+                        RETURNING id role_id
+                )
+                INSERT INTO role_permission(role_id, project, permission) VALUES
+                    ((SELECT role_id from project_member), '${p.name}', 'CREATE_FEATURE'),
+                    ((SELECT role_id from project_member), '${p.name}', 'UPDATE_FEATURE'),
+                    ((SELECT role_id from project_member), '${p.name}', 'DELETE_FEATURE');
+
+                WITH owner_id AS (
+                    SELECT id FROM roles WHERE type='project' AND project='${p.name}' AND name = 'Owner'
+                )
+                INSERT INTO role_user(role_id, user_id) SELECT o.id, u.id FROM owner_id o, users u ON CONFLICT DO NOTHING;
+
+              `,
+                    ),
+                );
+
+                async.series(createProjectRoles, cb);
+            } else {
+                cb();
+            }
+        },
+    );
+};
+
+exports.down = function(db, cb) {
+    cb(); // Can't really roll this back since more roles could have been added afterwards
+};