ctrlplanedev · adityachoudhari26 · Mar 13, 2025 · Mar 13, 2025 · Mar 13, 2025
diff --git a/apps/webservice/src/app/api/v1/releases/[releaseId]/route.ts b/apps/webservice/src/app/api/v1/releases/[releaseId]/route.ts
@@ -29,8 +29,8 @@ export const PATCH = request()
   .use(
     authz(({ can, extra: { params } }) =>
       can
-        .perform(Permission.ReleaseUpdate)
-        .on({ type: "release", id: params.releaseId }),
+        .perform(Permission.DeploymentVersionUpdate)
+        .on({ type: "deploymentVersion", id: params.releaseId }),
     ),
   )
   .handle<

diff --git a/apps/webservice/src/app/api/v1/releases/route.ts b/apps/webservice/src/app/api/v1/releases/route.ts
@@ -40,7 +40,7 @@ export const POST = request()
   .use(
     authz(({ ctx, can }) =>
       can
-        .perform(Permission.ReleaseCreate)
+        .perform(Permission.DeploymentVersionCreate)
         .on({ type: "deployment", id: ctx.body.deploymentId }),
     ),
   )

diff --git a/packages/api/src/router/deployment-version.ts b/packages/api/src/router/deployment-version.ts
@@ -51,7 +51,7 @@ export const versionRouter = createTRPCRouter({
     .meta({
       authorizationCheck: ({ canUser, input }) =>
         canUser
-          .perform(Permission.ReleaseList)
+          .perform(Permission.DeploymentVersionList)
           .on({ type: "deployment", id: input.deploymentId }),
     })
     .input(
@@ -122,8 +122,8 @@ export const versionRouter = createTRPCRouter({
     .meta({
       authorizationCheck: ({ canUser, input }) =>
         canUser
-          .perform(Permission.ReleaseGet)
-          .on({ type: "release", id: input }),
+          .perform(Permission.DeploymentVersionGet)
+          .on({ type: "deploymentVersion", id: input }),
     })
     .input(z.string().uuid())
     .query(({ ctx, input }) =>
@@ -172,7 +172,7 @@ export const versionRouter = createTRPCRouter({
     .meta({
       authorizationCheck: ({ canUser, input }) =>
         canUser
-          .perform(Permission.ReleaseCreate)
+          .perform(Permission.DeploymentVersionCreate)
           .on({ type: "deployment", id: input.deploymentId }),
     })
     .input(SCHEMA.createRelease)
@@ -241,9 +241,9 @@ export const versionRouter = createTRPCRouter({
   blocked: protectedProcedure
     .meta({
       authorizationCheck: ({ canUser, input }) =>
-        canUser.perform(Permission.ReleaseGet).on(
+        canUser.perform(Permission.DeploymentVersionGet).on(
           ...(input as string[]).map((t) => ({
-            type: "release" as const,
+            type: "deploymentVersion" as const,
             id: t,
           })),
         ),
@@ -353,8 +353,8 @@ export const versionRouter = createTRPCRouter({
       )
       .meta({
         authorizationCheck: ({ canUser, input }) =>
-          canUser.perform(Permission.ReleaseGet).on({
-            type: "release",
+          canUser.perform(Permission.DeploymentVersionGet).on({
+            type: "deploymentVersion",
             id: input.releaseId,
           }),
       })
@@ -400,8 +400,8 @@ export const versionRouter = createTRPCRouter({
       .meta({
         authorizationCheck: ({ canUser, input }) =>
           "releaseId" in input
-            ? canUser.perform(Permission.ReleaseGet).on({
-                type: "release",
+            ? canUser.perform(Permission.DeploymentVersionGet).on({
+                type: "deploymentVersion",
                 id: input.releaseId,
               })
             : canUser.perform(Permission.DeploymentGet).on({
@@ -460,7 +460,7 @@ export const versionRouter = createTRPCRouter({
       )
       .meta({
         authorizationCheck: ({ canUser, input }) =>
-          canUser.perform(Permission.ReleaseGet).on({
+          canUser.perform(Permission.DeploymentVersionGet).on({
             type: "deployment",
             id: input.deploymentId,
           }),

diff --git a/packages/api/src/router/environment-approval.ts b/packages/api/src/router/environment-approval.ts
@@ -19,7 +19,7 @@ export const approvalRouter = createTRPCRouter({
       authorizationCheck: ({ canUser, input }) =>
         canUser
           .perform(Permission.DeploymentGet)
-          .on({ type: "release", id: input.releaseId }),
+          .on({ type: "deploymentVersion", id: input.releaseId }),
     })
     .input(
       z.object({
@@ -65,7 +65,7 @@ export const approvalRouter = createTRPCRouter({
       authorizationCheck: ({ canUser, input }) =>
         canUser
           .perform(Permission.DeploymentUpdate)
-          .on({ type: "release", id: input.releaseId }),
+          .on({ type: "deploymentVersion", id: input.releaseId }),
     })
     .input(
       z.object({ policyId: z.string().uuid(), releaseId: z.string().uuid() }),
@@ -127,7 +127,7 @@ export const approvalRouter = createTRPCRouter({
       authorizationCheck: ({ canUser, input }) =>
         canUser
           .perform(Permission.DeploymentUpdate)
-          .on({ type: "release", id: input.releaseId }),
+          .on({ type: "deploymentVersion", id: input.releaseId }),
     })
     .input(
       z.object({ releaseId: z.string().uuid(), policyId: z.string().uuid() }),
@@ -161,7 +161,7 @@ export const approvalRouter = createTRPCRouter({
       authorizationCheck: ({ canUser, input }) =>
         canUser
           .perform(Permission.DeploymentGet)
-          .on({ type: "release", id: input.releaseId }),
+          .on({ type: "deploymentVersion", id: input.releaseId }),
     })
     .input(
       z.object({ releaseId: z.string().uuid(), policyId: z.string().uuid() }),

diff --git a/packages/api/src/router/job.ts b/packages/api/src/router/job.ts
@@ -385,8 +385,8 @@ const releaseJobTriggerRouter = createTRPCRouter({
     .meta({
       authorizationCheck: ({ canUser, input }) =>
         canUser
-          .perform(Permission.DeploymentGet)
-          .on({ type: "release", id: input.releaseId }),
+          .perform(Permission.DeploymentVersionGet)
+          .on({ type: "deploymentVersion", id: input.releaseId }),
     })
     .input(
       z.object({
@@ -772,8 +772,8 @@ const metadataKeysRouter = createTRPCRouter({
     .meta({
       authorizationCheck: ({ canUser, input }) =>
         canUser
-          .perform(Permission.ReleaseGet)
-          .on({ type: "release", id: input }),
+          .perform(Permission.DeploymentVersionGet)
+          .on({ type: "deploymentVersion", id: input }),
     })
     .input(z.string().uuid())
     .query(({ ctx, input }) =>

diff --git a/packages/api/src/router/release-deploy.ts b/packages/api/src/router/release-deploy.ts
@@ -21,9 +21,9 @@ export const releaseDeployRouter = createTRPCRouter({
     .meta({
       authorizationCheck: ({ canUser, input }) =>
         canUser
-          .perform(Permission.DeploymentGet, Permission.ReleaseGet)
+          .perform(Permission.DeploymentGet, Permission.DeploymentVersionGet)
           .on(
-            { type: "release", id: input.releaseId },
+            { type: "deploymentVersion", id: input.releaseId },
             { type: "environment", id: input.environmentId },
           ),
     })
@@ -68,9 +68,9 @@ export const releaseDeployRouter = createTRPCRouter({
     .meta({
       authorizationCheck: ({ canUser, input }) =>
         canUser
-          .perform(Permission.ReleaseGet, Permission.ResourceUpdate)
+          .perform(Permission.DeploymentVersionGet, Permission.ResourceUpdate)
           .on(
-            { type: "release", id: input.releaseId },
+            { type: "deploymentVersion", id: input.releaseId },
             { type: "resource", id: input.resourceId },
           ),
     })

diff --git a/packages/api/src/router/release-metadata-keys.ts b/packages/api/src/router/release-metadata-keys.ts
@@ -11,7 +11,7 @@ export const releaseMetadataKeysRouter = createTRPCRouter({
   bySystem: protectedProcedure
     .meta({
       authorizationCheck: ({ canUser, input }) =>
-        canUser.perform(Permission.ReleaseGet).on({
+        canUser.perform(Permission.DeploymentVersionGet).on({
           type: "system",
           id: input,
         }),
@@ -36,7 +36,7 @@ export const releaseMetadataKeysRouter = createTRPCRouter({
   byWorkspace: protectedProcedure
     .meta({
       authorizationCheck: ({ canUser, input }) =>
-        canUser.perform(Permission.ReleaseGet).on({
+        canUser.perform(Permission.DeploymentVersionGet).on({
           type: "workspace",
           id: input,
         }),

diff --git a/packages/auth/src/utils/rbac.ts b/packages/auth/src/utils/rbac.ts
@@ -88,7 +88,7 @@ export const checkEntityPermissionForResource = async (
   return role != null;
 };
 
-const getReleaseScopes = async (id: string) => {
+const getDeploymentVersionScopes = async (id: string) => {
   const result = await db
     .select()
     .from(workspace)
@@ -102,8 +102,8 @@ const getReleaseScopes = async (id: string) => {
     .then(takeFirst);
 
   return [
-    { type: "release" as const, id: result.deployment_version.id },
-    { type: "deployment" as const, id: result.deployment_version.id },
+    { type: "deploymentVersion" as const, id: result.deployment_version.id },
+    { type: "deployment" as const, id: result.deployment.id },
     { type: "system" as const, id: result.system.id },
     { type: "workspace" as const, id: result.workspace.id },
   ];
@@ -372,7 +372,7 @@ const getJobScopes = async (id: string) => {
     { type: "job" as const, id: result.job.id },
     { type: "resource" as const, id: result.resource.id },
     { type: "environment" as const, id: result.environment.id },
-    { type: "release" as const, id: result.deployment_version.id },
+    { type: "deploymentVersion" as const, id: result.deployment_version.id },
     { type: "deployment" as const, id: result.deployment.id },
     { type: "system" as const, id: result.system.id },
     { type: "workspace" as const, id: result.workspace.id },
@@ -395,7 +395,7 @@ export const scopeHandlers: Record<
   workspace: getWorkspaceScopes,
   environment: getEnvironmentScopes,
   environmentPolicy: getEnvironmentPolicyScopes,
-  release: getReleaseScopes,
+  deploymentVersion: getDeploymentVersionScopes,
   releaseChannel: getReleaseChannelScopes,
   resourceMetadataGroup: getResourceMetadataGroupScopes,
   variableSet: getVariableSetScopes,

diff --git a/packages/db/src/schema/rbac.ts b/packages/db/src/schema/rbac.ts
@@ -33,7 +33,7 @@ export const entityTypeSchema = z.enum(entityType.enumValues);
 export type EntityType = z.infer<typeof entityTypeSchema>;
 
 export const scopeType = pgEnum("scope_type", [
-  "release",
+  "deploymentVersion",
   "releaseChannel",
   "resource",
   "resourceProvider",

diff --git a/packages/job-dispatch/src/policies/release-sequencing.ts b/packages/job-dispatch/src/policies/release-sequencing.ts
@@ -51,7 +51,7 @@ export const isPassingNoActiveJobsPolicy: ReleaseIdPolicyChecker = async (
           db.execute(sql<schema.Job[]>`
             select 1 from ${schema.job}
             inner join ${schema.releaseJobTrigger} as rjt2 on ${schema.job.id} = rjt2.job_id
-            inner join ${schema.deploymentVersion} as release2 on rjt2.version_id = release2.id
+            inner join ${schema.deploymentVersion} as release2 on rjt2.deployment_version_id = release2.id
             inner join ${schema.resource} on rjt2.resource_id = ${schema.resource.id}
             where rjt2.environment_id = ${schema.releaseJobTrigger.environmentId}
             and release2.deployment_id = ${schema.deployment.id}

diff --git a/packages/validators/src/auth/index.ts b/packages/validators/src/auth/index.ts
@@ -82,10 +82,10 @@ export enum Permission {
   EnvironmentUpdate = "environment.update",
   EnvironmentList = "environment.list",
 
-  ReleaseCreate = "release.create",
-  ReleaseGet = "release.get",
-  ReleaseUpdate = "release.update",
-  ReleaseList = "release.list",
+  DeploymentVersionCreate = "deploymentVersion.create",
+  DeploymentVersionGet = "deploymentVersion.get",
+  DeploymentVersionUpdate = "deploymentVersion.update",
+  DeploymentVersionList = "deploymentVersion.list",
 
   ReleaseChannelGet = "releaseChannel.get",
   ReleaseChannelList = "releaseChannel.list",