From ee8c9a62daabcead7a5af3e2f14380aa2285d337 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gast=C3=B3n=20Fournier?= Date: Fri, 23 Jun 2023 12:26:35 +0200 Subject: [PATCH] chore: filter out deprecated permissions (#4083) ## About the changes This makes these permissions not available for selection. In particular `UPDATE_ROLE`, `CREATE_API_TOKEN`, `UPDATE_API_TOKEN`, `DELETE_API_TOKEN`, `READ_API_TOKEN` are long-lived and should be taken out with special care which is why we have https://linear.app/unleash/issue/2-1158/add-delete-migration-to-clean-up-no-longer-used-permissions ## Discussion points If a role has this permission assigned, it will be displayed but will not be able to remove it. Because the application code does not rely on these permissions, this shouldn't be a problem. Later when we remove them from the DB, the permission will be removed as well from the role by the migration --- src/lib/db/access-store.ts | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/src/lib/db/access-store.ts b/src/lib/db/access-store.ts index 205f0b8764..43f2681927 100644 --- a/src/lib/db/access-store.ts +++ b/src/lib/db/access-store.ts @@ -43,6 +43,18 @@ interface IPermissionRow { } export class AccessStore implements IAccessStore { + private readonly DEPRECATED_PERMISSIONS = [ + 'CREATE_API_TOKEN', + 'UPDATE_API_TOKEN', + 'DELETE_API_TOKEN', + 'READ_API_TOKEN', + 'UPDATE_ROLE', + 'CREATE_ADMIN_API_TOKEN', + 'UPDATE_ADMIN_API_TOKEN', + 'DELETE_ADMIN_API_TOKEN', + 'READ_ADMIN_API_TOKEN', + ]; + private logger: Logger; private timer: Function; @@ -103,7 +115,9 @@ export class AccessStore implements IAccessStore { .orWhere('type', 'environment') .orWhere('type', 'root') .from(`${T.PERMISSIONS} as p`); - return rows.map(this.mapPermission); + return rows + .map(this.mapPermission) + .filter((p) => !this.DEPRECATED_PERMISSIONS.includes(p.name)); } mapPermission(permission: IPermissionRow): IPermission {