mirror of
https://github.com/Unleash/unleash.git
synced 2024-12-22 19:07:54 +01:00
feat: added more granular project permissions (#5932)
### What Adds Read and Write permissions for project administration settings (user access, change request settings, default strategy, other). ### Why On request from two large customers that wanted our RBAC controls to be more granulated to easier be able to limit the access they granted their users.
This commit is contained in:
parent
77985ec0f3
commit
fa72ced1e5
@ -65,6 +65,14 @@ export const APPROVE_CHANGE_REQUEST = 'APPROVE_CHANGE_REQUEST';
|
||||
export const APPLY_CHANGE_REQUEST = 'APPLY_CHANGE_REQUEST';
|
||||
export const SKIP_CHANGE_REQUEST = 'SKIP_CHANGE_REQUEST';
|
||||
|
||||
export const PROJECT_USER_ACCESS_READ = 'PROJECT_USER_ACCESS_READ';
|
||||
export const PROJECT_DEFAULT_STRATEGY_READ = 'PROJECT_DEFAULT_STRATEGY_READ';
|
||||
export const PROJECT_CHANGE_REQUEST_READ = 'PROJECT_CHANGE_REQUEST_READ';
|
||||
export const PROJECT_SETTINGS_READ = 'PROJECT_SETTINGS_READ';
|
||||
export const PROJECT_USER_ACCESS_WRITE = 'PROJECT_USER_ACCESS_WRITE';
|
||||
export const PROJECT_DEFAULT_STRATEGY_WRITE = 'PROJECT_DEFAULT_STRATEGY_WRITE';
|
||||
export const PROJECT_CHANGE_REQUEST_WRITE = 'PROJECT_CHANGE_REQUEST_WRITE';
|
||||
export const PROJECT_SETTINGS_WRITE = 'PROJECT_SETTINGS_WRITE';
|
||||
export const ROOT_PERMISSION_CATEGORIES = [
|
||||
{
|
||||
label: 'Addon',
|
||||
|
@ -0,0 +1,26 @@
|
||||
exports.up = function(db, cb) {
|
||||
db.runSql(`
|
||||
INSERT INTO permissions(permission, display_name, type) VALUES
|
||||
('PROJECT_USER_ACCESS_READ', 'View only access to Project User Access', 'project'),
|
||||
('PROJECT_DEFAULT_STRATEGY_READ', 'View only access to default strategy configuration for project', 'project'),
|
||||
('PROJECT_CHANGE_REQUEST_READ', 'View only access to change request configuration for project', 'project'),
|
||||
('PROJECT_SETTINGS_READ', 'View only access to project settings', 'project'),
|
||||
('PROJECT_USER_ACCESS_WRITE', 'Write access to Project User Access', 'project'),
|
||||
('PROJECT_DEFAULT_STRATEGY_WRITE', 'Write access to default strategy configuration for project', 'project'),
|
||||
('PROJECT_CHANGE_REQUEST_WRITE', 'Write access to change request configuration for project', 'project'),
|
||||
('PROJECT_SETTINGS_WRITE', 'Write access to project settings', 'project');
|
||||
`, cb);
|
||||
};
|
||||
|
||||
exports.down = function(db, cb) {
|
||||
db.runSql(`
|
||||
DELETE FROM permissions WHERE permission IN ('PROJECT_USER_ACCESS_READ',
|
||||
'PROJECT_DEFAULT_STRATEGY_READ',
|
||||
'PROJECT_CHANGE_REQUEST_READ',
|
||||
'PROJECT_SETTINGS_READ',
|
||||
'PROJECT_USER_ACCESS_WRITE',
|
||||
'PROJECT_DEFAULT_STRATEGY_WRITE',
|
||||
'PROJECT_CHANGE_REQUEST_WRITE',
|
||||
'PROJECT_SETTINGS_WRITE');
|
||||
`, cb);
|
||||
};
|
Loading…
Reference in New Issue
Block a user