1
0
mirror of https://github.com/Unleash/unleash.git synced 2024-12-22 19:07:54 +01:00

feat: added more granular project permissions (#5932)

### What
Adds Read and Write permissions for project administration settings
(user access, change request settings, default strategy, other).

### Why
On request from two large customers that wanted our RBAC controls to be
more granulated to easier be able to limit the access they granted their
users.
This commit is contained in:
Christopher Kolstad 2024-01-18 09:57:44 +01:00 committed by GitHub
parent 77985ec0f3
commit fa72ced1e5
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 34 additions and 0 deletions

View File

@ -65,6 +65,14 @@ export const APPROVE_CHANGE_REQUEST = 'APPROVE_CHANGE_REQUEST';
export const APPLY_CHANGE_REQUEST = 'APPLY_CHANGE_REQUEST';
export const SKIP_CHANGE_REQUEST = 'SKIP_CHANGE_REQUEST';
export const PROJECT_USER_ACCESS_READ = 'PROJECT_USER_ACCESS_READ';
export const PROJECT_DEFAULT_STRATEGY_READ = 'PROJECT_DEFAULT_STRATEGY_READ';
export const PROJECT_CHANGE_REQUEST_READ = 'PROJECT_CHANGE_REQUEST_READ';
export const PROJECT_SETTINGS_READ = 'PROJECT_SETTINGS_READ';
export const PROJECT_USER_ACCESS_WRITE = 'PROJECT_USER_ACCESS_WRITE';
export const PROJECT_DEFAULT_STRATEGY_WRITE = 'PROJECT_DEFAULT_STRATEGY_WRITE';
export const PROJECT_CHANGE_REQUEST_WRITE = 'PROJECT_CHANGE_REQUEST_WRITE';
export const PROJECT_SETTINGS_WRITE = 'PROJECT_SETTINGS_WRITE';
export const ROOT_PERMISSION_CATEGORIES = [
{
label: 'Addon',

View File

@ -0,0 +1,26 @@
exports.up = function(db, cb) {
db.runSql(`
INSERT INTO permissions(permission, display_name, type) VALUES
('PROJECT_USER_ACCESS_READ', 'View only access to Project User Access', 'project'),
('PROJECT_DEFAULT_STRATEGY_READ', 'View only access to default strategy configuration for project', 'project'),
('PROJECT_CHANGE_REQUEST_READ', 'View only access to change request configuration for project', 'project'),
('PROJECT_SETTINGS_READ', 'View only access to project settings', 'project'),
('PROJECT_USER_ACCESS_WRITE', 'Write access to Project User Access', 'project'),
('PROJECT_DEFAULT_STRATEGY_WRITE', 'Write access to default strategy configuration for project', 'project'),
('PROJECT_CHANGE_REQUEST_WRITE', 'Write access to change request configuration for project', 'project'),
('PROJECT_SETTINGS_WRITE', 'Write access to project settings', 'project');
`, cb);
};
exports.down = function(db, cb) {
db.runSql(`
DELETE FROM permissions WHERE permission IN ('PROJECT_USER_ACCESS_READ',
'PROJECT_DEFAULT_STRATEGY_READ',
'PROJECT_CHANGE_REQUEST_READ',
'PROJECT_SETTINGS_READ',
'PROJECT_USER_ACCESS_WRITE',
'PROJECT_DEFAULT_STRATEGY_WRITE',
'PROJECT_CHANGE_REQUEST_WRITE',
'PROJECT_SETTINGS_WRITE');
`, cb);
};