From f4c7ca3e7f8da1b79d5c46163012196334b96a12 Mon Sep 17 00:00:00 2001 From: Ali BARIN Date: Mon, 31 Mar 2025 15:30:08 +0000 Subject: [PATCH] feat(migrations): introduce manage permissions instead of create, update, delete, publish --- ...0250331115016_simplify_role_permissions.js | 110 ++++++++++++++++++ 1 file changed, 110 insertions(+) create mode 100644 packages/backend/src/db/migrations/20250331115016_simplify_role_permissions.js diff --git a/packages/backend/src/db/migrations/20250331115016_simplify_role_permissions.js b/packages/backend/src/db/migrations/20250331115016_simplify_role_permissions.js new file mode 100644 index 00000000..a14ba052 --- /dev/null +++ b/packages/backend/src/db/migrations/20250331115016_simplify_role_permissions.js @@ -0,0 +1,110 @@ +export async function up(knex) { + const roles = await knex('roles').select('id', 'name'); + + // Define the required actions for each subject + const subjectActionMap = { + Connection: ['create', 'delete', 'update'], + Flow: ['create', 'delete', 'publish', 'update'], + User: ['create', 'delete', 'update'], + Role: ['create', 'delete', 'update'], + SamlAuthProvider: ['create', 'delete', 'update'], + Config: ['update'], + App: ['create', 'delete', 'update'], + }; + + for (const role of roles) { + for (const [subject, actions] of Object.entries(subjectActionMap)) { + const rolePermissions = await knex('permissions') + .where({ role_id: role.id, subject }) + .whereIn('action', actions) + .select('id', 'action', 'conditions'); + + const actionCounts = rolePermissions.reduce((counts, perm) => { + counts[perm.action] = (counts[perm.action] || 0) + 1; + return counts; + }, {}); + + let allActionsExist = true; + for (const action of actions) { + if (actionCounts[action] !== 1) { + allActionsExist = false; + break; + } + } + + // Determine if any of the permissions has the 'isCreator' condition + const hasIsCreatorCondition = rolePermissions.some( + (perm) => perm.conditions && perm.conditions.includes('isCreator') + ); + + // Delete the existing permissions for the required actions + await knex('permissions') + .where({ role_id: role.id, subject }) + .whereIn('action', actions) + .del(); + + // If all required actions exist, insert a new permission with the 'manage' action + if (allActionsExist) { + await knex('permissions').insert({ + role_id: role.id, + subject, + action: 'manage', + conditions: JSON.stringify( + hasIsCreatorCondition ? ['isCreator'] : [] + ), + }); + } + } + } + + return; +} + +export async function down(knex) { + const roles = await knex('roles').select('id', 'name'); + + // Define the required actions for each subject + const subjectActionMap = { + Connection: ['create', 'delete', 'update'], + Flow: ['create', 'delete', 'publish', 'update'], + User: ['create', 'delete', 'update'], + Role: ['create', 'delete', 'update'], + SamlAuthProvider: ['create', 'delete', 'update'], + Config: ['update'], + App: ['create', 'delete', 'update'], + }; + + for (const role of roles) { + for (const [subject, actions] of Object.entries(subjectActionMap)) { + // Find the 'manage' permission for the subject + const managePermission = await knex('permissions') + .where({ role_id: role.id, subject, action: 'manage' }) + .first(); + + if (managePermission) { + // Determine if the 'manage' permission has the 'isCreator' condition + const hasIsCreatorCondition = + managePermission.conditions.includes('isCreator'); + + // Delete the 'manage' permission + await knex('permissions') + .where({ role_id: role.id, subject, action: 'manage' }) + .del(); + + // Restore the original permissions for the subject + const restoredPermissions = actions.map((action) => ({ + role_id: role.id, + subject, + action, + conditions: JSON.stringify( + hasIsCreatorCondition ? ['isCreator'] : [] + ), + })); + + await knex('permissions').insert(restoredPermissions); + } + } + } + + return; +}