1
0
mirror of https://github.com/Unleash/unleash.git synced 2025-01-11 00:08:30 +01:00

chore: filter out deprecated permissions (#4083)

## About the changes
This makes these permissions not available for selection. In particular
`UPDATE_ROLE`, `CREATE_API_TOKEN`, `UPDATE_API_TOKEN`,
`DELETE_API_TOKEN`, `READ_API_TOKEN` are long-lived and should be taken
out with special care which is why we have
https://linear.app/unleash/issue/2-1158/add-delete-migration-to-clean-up-no-longer-used-permissions

## Discussion points
If a role has this permission assigned, it will be displayed but will
not be able to remove it. Because the application code does not rely on
these permissions, this shouldn't be a problem. Later when we remove
them from the DB, the permission will be removed as well from the role
by the migration
This commit is contained in:
Gastón Fournier 2023-06-23 12:26:35 +02:00 committed by GitHub
parent 97875f3f59
commit ee8c9a62da
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -43,6 +43,18 @@ interface IPermissionRow {
}
export class AccessStore implements IAccessStore {
private readonly DEPRECATED_PERMISSIONS = [
'CREATE_API_TOKEN',
'UPDATE_API_TOKEN',
'DELETE_API_TOKEN',
'READ_API_TOKEN',
'UPDATE_ROLE',
'CREATE_ADMIN_API_TOKEN',
'UPDATE_ADMIN_API_TOKEN',
'DELETE_ADMIN_API_TOKEN',
'READ_ADMIN_API_TOKEN',
];
private logger: Logger;
private timer: Function;
@ -103,7 +115,9 @@ export class AccessStore implements IAccessStore {
.orWhere('type', 'environment')
.orWhere('type', 'root')
.from(`${T.PERMISSIONS} as p`);
return rows.map(this.mapPermission);
return rows
.map(this.mapPermission)
.filter((p) => !this.DEPRECATED_PERMISSIONS.includes(p.name));
}
mapPermission(permission: IPermissionRow): IPermission {