feat: added more granular project permissions (#5932)

### What Adds Read and Write permissions for project administration settings (user access, change request settings, default strategy, other). ### Why On request from two large customers that wanted our RBAC controls to be more granulated to easier be able to limit the access they granted their users.
2024-12-22 19:07:54 +01:00 · 2024-01-18 09:57:44 +01:00 · 2024-01-18 09:57:44 +01:00 · fa72ced1e5
commit fa72ced1e5
parent 77985ec0f3
2 changed files with 34 additions and 0 deletions
--- a/src/lib/types/permissions.ts
+++ b/src/lib/types/permissions.ts
@ -65,6 +65,14 @@ export const APPROVE_CHANGE_REQUEST = 'APPROVE_CHANGE_REQUEST';
 export const APPLY_CHANGE_REQUEST = 'APPLY_CHANGE_REQUEST';
 export const SKIP_CHANGE_REQUEST = 'SKIP_CHANGE_REQUEST';
 export const PROJECT_USER_ACCESS_READ = 'PROJECT_USER_ACCESS_READ';
 export const PROJECT_DEFAULT_STRATEGY_READ = 'PROJECT_DEFAULT_STRATEGY_READ';
 export const PROJECT_CHANGE_REQUEST_READ = 'PROJECT_CHANGE_REQUEST_READ';
 export const PROJECT_SETTINGS_READ = 'PROJECT_SETTINGS_READ';
 export const PROJECT_USER_ACCESS_WRITE = 'PROJECT_USER_ACCESS_WRITE';
 export const PROJECT_DEFAULT_STRATEGY_WRITE = 'PROJECT_DEFAULT_STRATEGY_WRITE';
 export const PROJECT_CHANGE_REQUEST_WRITE = 'PROJECT_CHANGE_REQUEST_WRITE';
 export const PROJECT_SETTINGS_WRITE = 'PROJECT_SETTINGS_WRITE';
 export const ROOT_PERMISSION_CATEGORIES = [
    {
        label: 'Addon',
--- a/src/migrations/20240117093601-add-more-granular-project-permissions.js
+++ b/src/migrations/20240117093601-add-more-granular-project-permissions.js
@ -0,0 +1,26 @@
 exports.up = function(db, cb) {
  db.runSql(`
    INSERT INTO permissions(permission, display_name, type) VALUES
        ('PROJECT_USER_ACCESS_READ', 'View only access to Project User Access', 'project'),
        ('PROJECT_DEFAULT_STRATEGY_READ', 'View only access to default strategy configuration for project', 'project'),
        ('PROJECT_CHANGE_REQUEST_READ', 'View only access to change request configuration for project', 'project'),
        ('PROJECT_SETTINGS_READ', 'View only access to project settings', 'project'),
        ('PROJECT_USER_ACCESS_WRITE', 'Write access to Project User Access', 'project'),
        ('PROJECT_DEFAULT_STRATEGY_WRITE', 'Write access to default strategy configuration for project', 'project'),
        ('PROJECT_CHANGE_REQUEST_WRITE', 'Write access to change request configuration for project', 'project'),
        ('PROJECT_SETTINGS_WRITE', 'Write access to project settings', 'project');
  `, cb);
 };
 exports.down = function(db, cb) {
    db.runSql(`
        DELETE FROM permissions WHERE permission IN ('PROJECT_USER_ACCESS_READ',
                                                     'PROJECT_DEFAULT_STRATEGY_READ',
                                                     'PROJECT_CHANGE_REQUEST_READ',
                                                     'PROJECT_SETTINGS_READ',
                                                     'PROJECT_USER_ACCESS_WRITE',
                                                     'PROJECT_DEFAULT_STRATEGY_WRITE',
                                                     'PROJECT_CHANGE_REQUEST_WRITE',
                                                     'PROJECT_SETTINGS_WRITE');
    `, cb);
 };