feat: automatically add all existing users as owners to all existing … (#818)

* feat: automatically add all existing users as owners to all existing projects
2024-12-22 19:07:54 +01:00 · 2021-04-30 13:04:25 +02:00 · 2021-04-30 13:04:25 +02:00 · dd8e9207ad
commit dd8e9207ad
parent 4c3a77bc31
3 changed files with 62 additions and 2 deletions
--- a/src/migrations/20210428103923-onboard-projects-to-rbac.js
+++ b/src/migrations/20210428103923-onboard-projects-to-rbac.js
@ -0,0 +1,60 @@
+const async = require('async');
+
+const DESCRIPTION = {
+    OWNER:
+        'Users with this role have full control over the project, and can add and manage other users within the project context, manage feature toggles within the project, and control advanced project features like archiving and deleting the project.',
+    MEMBER:
+        'Users with this role within a project are allowed to view, create and update feature toggles, but have limited permissions in regards to managing the projects user access and can not archive or delete the project.',
+};
+exports.up = function(db, cb) {
+    db.runSql(
+        `SELECT id AS name from projects WHERE id NOT IN (SELECT DISTINCT project FROM roles WHERE project IS NOT null)`,
+        (err, results) => {
+            if (results && results.rowCount > 0) {
+                const projects = results.rows;
+                const createProjectRoles = projects.map(p =>
+                    db.runSql.bind(
+                        db,
+                        `
+                WITH project_owner AS (
+                    INSERT into roles (name, description, type, project)
+                        VALUES ('Owner', '${DESCRIPTION.OWNER}', 'project', '${p.name}')
+                        RETURNING id role_id
+                )
+                INSERT INTO role_permission(role_id, project, permission) VALUES
+                    ((SELECT role_id FROM project_owner), '${p.name}', 'UPDATE_PROJECT'),
+                    ((SELECT role_id FROM project_owner), '${p.name}', 'DELETE_PROJECT'),
+                    ((SELECT role_id FROM project_owner), '${p.name}', 'CREATE_FEATURE'),
+                    ((SELECT role_id FROM project_owner), '${p.name}', 'UPDATE_FEATURE'),
+                    ((SELECT role_id FROM project_owner), '${p.name}', 'DELETE_FEATURE');
+
+                WITH project_member AS (
+                    INSERT into roles (name, description, type, project)
+                        VALUES ('Member', '${DESCRIPTION.MEMBER}', 'project', '${p.name}')
+                        RETURNING id role_id
+                )
+                INSERT INTO role_permission(role_id, project, permission) VALUES
+                    ((SELECT role_id from project_member), '${p.name}', 'CREATE_FEATURE'),
+                    ((SELECT role_id from project_member), '${p.name}', 'UPDATE_FEATURE'),
+                    ((SELECT role_id from project_member), '${p.name}', 'DELETE_FEATURE');
+
+                WITH owner_id AS (
+                    SELECT id FROM roles WHERE type='project' AND project='${p.name}' AND name = 'Owner'
+                )
+                INSERT INTO role_user(role_id, user_id) SELECT o.id, u.id FROM owner_id o, users u ON CONFLICT DO NOTHING;
+
+              `,
+                    ),
+                );
+
+                async.series(createProjectRoles, cb);
+            } else {
+                cb();
+            }
+        },
+    );
+};
+
+exports.down = function(db, cb) {
+    cb(); // Can't really roll this back since more roles could have been added afterwards
+};