fix: update persistence schema and entry

docker-jans-persistence-loader/Dockerfile

@@ -23,7 +23,7 @@ RUN python3 -m ensurepip \
 # jans-linux-setup sync
 # =====================
 
-ENV JANS_LINUX_SETUP_VERSION=fc9544c861f30eb7370f635b07d9810ae33a7dba
+ENV JANS_LINUX_SETUP_VERSION=eb113d09421b95671fe1ab4eaa5c4bafc2aed6af
 ARG JANS_SETUP_DIR=jans-linux-setup/jans_setup
 
 # note that as we're pulling from a monorepo (with multiple project in it)

docker-jans-persistence-loader/scripts/upgrade.py

@@ -680,13 +680,16 @@ def update_admin_ui_config(self):
                 api_admin_perms = api_role["permissions"]
                 break
 
-        # current permissions
         try:
             current_role_mapping = json.loads(entry.attrs["jansConfDyn"])
         except TypeError:
             current_role_mapping = entry.attrs["jansConfDyn"]
+
         should_update = False
 
+        # check for rolePermissionMapping
+        #
+        # - compare role permissions for api-admin
         for i, api_role in enumerate(current_role_mapping["rolePermissionMapping"]):
             if api_role["role"] == "api-admin":
                 # compare permissions between the ones from persistence (current) and newer permissions
@@ -695,6 +698,30 @@ def update_admin_ui_config(self):
                     should_update = True
                 break
 
+        # check for permissions
+        #
+        # - add new permission if not exist
+        # - add defaultPermissionInToken (if not exist) in each permission
+
+        # determine current permission with index/position
+        current_perms = {
+            permission["permission"]: {"index": i}
+            for i, permission in enumerate(current_role_mapping["permissions"])
+        }
+
+        for perm in role_mapping["permissions"]:
+            if perm["permission"] not in current_perms:
+                # add missing permission
+                current_role_mapping["permissions"].append(perm)
+                should_update = True
+            else:
+                # add missing defaultPermissionInToken
+                index = current_perms[perm["permission"]]["index"]
+                if "defaultPermissionInToken" in current_role_mapping["permissions"][index]:
+                    continue
+                current_role_mapping["permissions"][index]["defaultPermissionInToken"] = perm["defaultPermissionInToken"]
+                should_update = True
+
         if should_update:
             entry.attrs["jansConfDyn"] = json.dumps(current_role_mapping)
             entry.attrs["jansRevision"] += 1