fix: add missing roles within organisation management

fixes: gravitee-io/issues#6648
gravitee-io · Nov 29, 2021 · 21b73ae · 21b73ae
1 parent c644d48
commit 21b73ae
Show file tree

Hide file tree

Showing 6 changed files with 93 additions and 1 deletion.
diff --git a/docs/upgrades/3.x/3.6.0/mongodb/2-add-application-flow-permissions.js b/docs/upgrades/3.x/3.6.0/mongodb/2-add-application-flow-permissions.js
@@ -0,0 +1,25 @@
+/*
+ * Copyright (C) 2015 The Gravitee team (http://gravitee.io)
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+db.getCollection("roles").updateMany(
+    {
+        name: {$in: ["ORGANIZATION_PRIMARY_ONWER", "ORGANIZATION_OWNER", "ENVIRONMENT_PRIMARY_OWNER", "ENVIRONMENT_OWNER", "DOMAIN_PRIMARY_OWNER", "DOMAIN_OWNER"]},
+        "permissionAcls.APPLICATION_FLOW": {$exists: false},
+    },
+    {
+        $set: {"permissionAcls.APPLICATION_FLOW": ["CREATE", "READ", "UPDATE", "DELETE", "LIST"]},
+    }
+);
diff --git a/docs/upgrades/3.x/3.6.0/mongodb/3-add-application-analytics-permissions.js b/docs/upgrades/3.x/3.6.0/mongodb/3-add-application-analytics-permissions.js
@@ -0,0 +1,25 @@
+/*
+ * Copyright (C) 2015 The Gravitee team (http://gravitee.io)
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+db.getCollection("roles").updateMany(
+    {
+        name: {$in: ["ORGANIZATION_PRIMARY_ONWER", "ORGANIZATION_OWNER", "ENVIRONMENT_PRIMARY_OWNER", "ENVIRONMENT_OWNER", "DOMAIN_PRIMARY_OWNER", "DOMAIN_OWNER"]},
+        "permissionAcls.APPLICATION_ANALYTICS": {$exists: false},
+    },
+    {
+        $set: {"permissionAcls.APPLICATION_ANALYTICS": ["CREATE", "READ", "UPDATE", "DELETE", "LIST"]},
+    }
+);
diff --git a/docs/upgrades/3.x/3.7.0/mongodb/1-add-alert-permissions.js b/docs/upgrades/3.x/3.7.0/mongodb/1-add-alert-permissions.js
@@ -29,6 +29,6 @@ db.getCollection("roles").updateMany(
         "permissionAcls.DOMAIN_ALERT_NOTIFIER": {$exists: false},
     },
     {
-        $set: {"permissionAcls.DOMAIN_ALERT": ["CREATE", "READ", "UPDATE", "DELETE", "LIST"]},
+        $set: {"permissionAcls.DOMAIN_ALERT_NOTIFIER": ["CREATE", "READ", "UPDATE", "DELETE", "LIST"]},
     }
 );
diff --git a/...tory-jdbc/src/main/resources/liquibase/changelogs/v3_6_0/application-flow-permissions.yml b/...tory-jdbc/src/main/resources/liquibase/changelogs/v3_6_0/application-flow-permissions.yml
@@ -0,0 +1,20 @@
+databaseChangeLog:
+  - changeSet:
+      id: 3.6-application-flow-permissions
+      author: GraviteeSource Team
+      changes:
+        # flow permissions
+        ########################
+        - sql:
+            dbms: postgresql
+            sql: "UPDATE roles SET permission_acls = jsonb_set(cast(permission_acls as jsonb), '{APPLICATION_FLOW}', '[\"CREATE\",\"READ\", \"UPDATE\", \"DELETE\", \"LIST\"]', true)  WHERE name in ('ORGANIZATION_PRIMARY_OWNER', 'ORGANIZATION_OWNER', 'ENVIRONMENT_PRIMARY_OWNER', 'ENVIRONMENT_OWNER', 'DOMAIN_PRIMARY_OWNER', 'DOMAIN_OWNER');"
+
+        - sql:
+            dbms: mysql, mariadb
+            sql: "UPDATE roles SET permission_acls = JSON_SET(permission_acls, '$.APPLICATION_FLOW', JSON_ARRAY('CREATE', 'READ', 'UPDATE', 'DELETE', 'LIST')) WHERE name in ('ORGANIZATION_PRIMARY_OWNER', 'ORGANIZATION_OWNER', 'ENVIRONMENT_PRIMARY_OWNER', 'ENVIRONMENT_OWNER', 'DOMAIN_PRIMARY_OWNER', 'DOMAIN_OWNER');"
+
+        - sql:
+            dbms: mssql
+            sql: "UPDATE roles SET permission_acls = JSON_MODIFY(permission_acls, '$.APPLICATION_FLOW', JSON_QUERY('[\"CREATE\", \"READ\", \"UPDATE\", \"DELETE\", \"LIST\"]', '$')) WHERE name in ('ORGANIZATION_PRIMARY_OWNER', 'ORGANIZATION_OWNER', 'ENVIRONMENT_PRIMARY_OWNER', 'ENVIRONMENT_OWNER', 'DOMAIN_PRIMARY_OWNER', 'DOMAIN_OWNER');"
+
+
diff --git a/...itory-jdbc/src/main/resources/liquibase/changelogs/v3_7_0/alert-notifiers-permissions.yml b/...itory-jdbc/src/main/resources/liquibase/changelogs/v3_7_0/alert-notifiers-permissions.yml
@@ -0,0 +1,18 @@
+databaseChangeLog:
+  - changeSet:
+      id: 3.7-alert-notifier-permissions
+      author: GraviteeSource Team
+      changes:
+        # alert_triggers_alert_notifiers
+        ########################
+        - sql:
+            dbms: postgresql
+            sql: "UPDATE roles SET permission_acls = jsonb_set(cast(permission_acls as jsonb), '{DOMAIN_ALERT_NOTIFIER}', '[\"CREATE\",\"READ\", \"UPDATE\", \"DELETE\", \"LIST\"]', true)  WHERE name in ('ORGANIZATION_PRIMARY_OWNER', 'ORGANIZATION_OWNER', 'ENVIRONMENT_PRIMARY_OWNER', 'ENVIRONMENT_OWNER', 'DOMAIN_PRIMARY_OWNER', 'DOMAIN_OWNER');"
+
+        - sql:
+            dbms: mysql, mariadb
+            sql: "UPDATE roles SET permission_acls = JSON_SET(permission_acls, '$.DOMAIN_ALERT_NOTIFIER', JSON_ARRAY('CREATE', 'READ', 'UPDATE', 'DELETE', 'LIST')) WHERE name in ('ORGANIZATION_PRIMARY_OWNER', 'ORGANIZATION_OWNER', 'ENVIRONMENT_PRIMARY_OWNER', 'ENVIRONMENT_OWNER', 'DOMAIN_PRIMARY_OWNER', 'DOMAIN_OWNER');"
+
+        - sql:
+            dbms: mssql
+            sql: "UPDATE roles SET permission_acls = JSON_MODIFY(permission_acls, '$.DOMAIN_ALERT_NOTIFIER', JSON_QUERY('[\"CREATE\", \"READ\", \"UPDATE\", \"DELETE\", \"LIST\"]', '$')) WHERE name in ('ORGANIZATION_PRIMARY_OWNER', 'ORGANIZATION_OWNER', 'ENVIRONMENT_PRIMARY_OWNER', 'ENVIRONMENT_OWNER', 'DOMAIN_PRIMARY_OWNER', 'DOMAIN_OWNER');"
diff --git a/gravitee-am-repository/gravitee-am-repository-jdbc/src/main/resources/liquibase/master.yml b/gravitee-am-repository/gravitee-am-repository-jdbc/src/main/resources/liquibase/master.yml
@@ -11,8 +11,12 @@ databaseChangeLog:
       - file: liquibase/changelogs/cockpit/schema-hrids.yml
   - include:
       - file: liquibase/changelogs/v3_6_0/schema.yml
+  - include:
+      - file: liquibase/changelogs/v3_6_0/application-flow-permissions.yml
   - include:
       - file: liquibase/changelogs/v3_7_0/schema.yml
+  - include:
+      - file: liquibase/changelogs/v3_7_0/alert-notifiers-permissions.yml
   - include:
       - file: liquibase/changelogs/v3_8_0/schema.yml
   - include: