Skip to content

Commit

Permalink
feat: Add user.is_platform_admin and team.role columns (#2167)
Browse files Browse the repository at this point in the history
  • Loading branch information
@DafyddLlyr
DafyddLlyr authored Aug 29, 2023
1 parent b0b0d71 commit 0ffb3d6
Show file tree
Hide file tree
Showing 25 changed files with 541 additions and 24 deletions.
4 changes: 2 additions & 2 deletions api.planx.uk/modules/auth/service.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,8 +19,8 @@ export const buildJWT = async (email: string | undefined) => {
const { id } = users[0];

const hasura = {
"x-hasura-allowed-roles": ["admin"],
"x-hasura-default-role": "admin",
"x-hasura-allowed-roles": ["platformAdmin"],
"x-hasura-default-role": "platformAdmin",
"x-hasura-user-id": id.toString(),
};

Expand Down
169 changes: 161 additions & 8 deletions hasura.planx.uk/metadata/tables.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -177,6 +177,21 @@
name: compile_flow_portals
comment: Flow data with portals merged in
select_permissions:
- role: platformAdmin
permission:
columns:
- created_at
- creator_id
- data
- id
- settings
- slug
- team_id
- updated_at
- version
computed_fields:
- data_merged
filter: {}
- role: public
permission:
columns:
Expand All @@ -192,15 +207,45 @@
computed_fields:
- data_merged
filter: {}
update_permissions:
- role: platformAdmin
permission:
columns:
- data
- settings
- slug
filter: {}
check: null
- table:
schema: public
name: global_settings
insert_permissions:
- role: platformAdmin
permission:
check: {}
columns:
- id
- footer_content
select_permissions:
- role: platformAdmin
permission:
columns:
- footer_content
- id
filter: {}
- role: public
permission:
columns:
- footer_content
filter: {}
update_permissions:
- role: platformAdmin
permission:
columns:
- footer_content
- id
filter: {}
check: {}
- table:
schema: public
name: lowcal_sessions
Expand Down Expand Up @@ -383,6 +428,36 @@
- name: flow
using:
foreign_key_constraint_on: flow_id
insert_permissions:
- role: platformAdmin
permission:
check: {}
columns:
- id
- actor_id
- version
- data
- created_at
- updated_at
- flow_id
select_permissions:
- role: platformAdmin
permission:
columns:
- id
- flow_id
- version
- actor_id
- data
- created_at
- updated_at
filter: {}
update_permissions:
- role: platformAdmin
permission:
columns: []
filter: {}
check: null
- table:
schema: public
name: payment_requests
Expand Down Expand Up @@ -558,7 +633,28 @@
- name: user
using:
foreign_key_constraint_on: publisher_id
insert_permissions:
- role: platformAdmin
permission:
check: {}
columns:
- id
- publisher_id
- summary
- created_at
- flow_id
- data
select_permissions:
- role: platformAdmin
permission:
columns:
- created_at
- data
- flow_id
- id
- publisher_id
- summary
filter: {}
- role: public
permission:
columns:
Expand Down Expand Up @@ -635,6 +731,16 @@
- locked_at:
_is_null: true
check: null
- table:
schema: public
name: team_members
object_relationships:
- name: team
using:
foreign_key_constraint_on: team_id
- name: user
using:
foreign_key_constraint_on: user_id
- table:
schema: public
name: teams
Expand All @@ -660,7 +766,35 @@
schema: public
name: boundary_bbox
comment: Bounding box of the team's full boundary
insert_permissions:
- role: platformAdmin
permission:
check: {}
columns:
- id
- notify_personalisation
- settings
- theme
- domain
- name
- slug
- created_at
- updated_at
- submission_email
select_permissions:
- role: platformAdmin
permission:
columns:
- created_at
- domain
- id
- name
- notify_personalisation
- settings
- slug
- theme
- updated_at
filter: {}
- role: public
permission:
columns:
Expand All @@ -677,6 +811,19 @@
computed_fields:
- boundary_bbox
filter: {}
update_permissions:
- role: platformAdmin
permission:
columns:
- domain
- name
- notify_personalisation
- settings
- slug
- submission_email
- theme
filter: {}
check: null
- table:
schema: public
name: uniform_applications
Expand All @@ -703,14 +850,8 @@
template_engine: Kriti
- table:
schema: public
name: team_members
object_relationships:
- name: team
using:
foreign_key_constraint_on: team_id
- name: user
using:
foreign_key_constraint_on: user_id
name: user_roles
is_enum: true
- table:
schema: public
name: users
Expand All @@ -736,3 +877,15 @@
table:
schema: public
name: team_members
select_permissions:
- role: platformAdmin
permission:
columns:
- id
- first_name
- last_name
- email
- created_at
- updated_at
- is_platform_admin
filter: {}
7 changes: 7 additions & 0 deletions hasura.planx.uk/migrations/1692609979701_create_table_public_user_role_enum/down.sql
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
alter table
"public"."team_members" drop constraint "team_members_role_fkey";

alter table
"public"."team_members" drop column "role";

DROP TABLE "public"."user_roles";
23 changes: 23 additions & 0 deletions hasura.planx.uk/migrations/1692609979701_create_table_public_user_role_enum/up.sql
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
CREATE TABLE "public"."user_roles" (
"value" text NOT NULL,
PRIMARY KEY ("value"),
UNIQUE ("value")
);

COMMENT ON TABLE "public"."user_roles" IS E'Enum of possible user roles in PlanX';

INSERT INTO
"public"."user_roles"("value")
VALUES
(E'teamAdmin'),
(E'teamViewer');

alter table
"public"."team_members"
add
column "role" text not null default 'teamViewer';

alter table
"public"."team_members"
add
constraint "team_members_role_fkey" foreign key ("role") references "public"."user_roles" ("value") on update cascade on delete cascade;
3 changes: 3 additions & 0 deletions ...k/migrations/1692863825415_alter_table_public_users_add_column_isPlatformManager/down.sql
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
comment on column "public"."users"."is_platform_admin" is NULL;

ALTER TABLE "public"."users" DROP COLUMN "is_platform_admin";
4 changes: 4 additions & 0 deletions ....uk/migrations/1692863825415_alter_table_public_users_add_column_isPlatformManager/up.sql
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
alter table "public"."users" add column "is_platform_admin" boolean
not null default 'false';

comment on column "public"."users"."is_platform_admin" is E'A Platform Admin is the highest level of permission in PlanX, and can operate across all teams';
1 change: 1 addition & 0 deletions ...rations/1692911007802_alter_table_public_team_members_add_unique_user_id_team_id/down.sql
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
alter table "public"."team_members" drop constraint "team_members_user_id_team_id_key";
1 change: 1 addition & 0 deletions ...igrations/1692911007802_alter_table_public_team_members_add_unique_user_id_team_id/up.sql
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
alter table "public"."team_members" add constraint "team_members_user_id_team_id_key" unique ("user_id", "team_id");
15 changes: 15 additions & 0 deletions hasura.planx.uk/tests/analytics.test.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,4 +39,19 @@ describe("analytics and analytics_logs", () => {
expect(i.mutations).toContain("delete_analytics_logs");
});
});

describe("platformAdmin", () => {
let i;
beforeAll(async () => {
i = await introspectAs("platformAdmin");
});

test("cannot query analytics_logs", () => {
expect(i.queries).not.toContain("analytics_logs");
});

test("cannot create, update, or delete analytics_logs", () => {
expect(i).toHaveNoMutationsFor("analytics_logs");
});
});
});
15 changes: 15 additions & 0 deletions hasura.planx.uk/tests/blpu_codes.test.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,4 +29,19 @@ describe("blpu_codes", () => {
expect(i.mutations).toContain("delete_blpu_codes");
});
});

describe("platformAdmin", () => {
let i;
beforeAll(async () => {
i = await introspectAs("platformAdmin");
});

test("cannot query blpu_codes", () => {
expect(i.queries).not.toContain("blpu_codes");
});

test("cannot create, update, or delete blpu_codes", () => {
expect(i).toHaveNoMutationsFor("blpu_codes");
});
});
});
15 changes: 15 additions & 0 deletions hasura.planx.uk/tests/bops_applications.test.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,4 +29,19 @@ describe("bops_applications", () => {
expect(i.mutations).toContain("delete_bops_applications");
});
});

describe("platformAdmin", () => {
let i;
beforeAll(async () => {
i = await introspectAs("platformAdmin");
});

test("cannot query bops_appliations", () => {
expect(i.queries).not.toContain("bops_appliations");
});

test("cannot create, update, or delete bops_appliations", () => {
expect(i).toHaveNoMutationsFor("bops_appliations");
});
});
});
17 changes: 16 additions & 1 deletion hasura.planx.uk/tests/email_applications.test.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,12 +22,27 @@ describe("email_applications", () => {
i = await introspectAs("admin");
});

test("has full access to query and mutate email appliations", () => {
test("has full access to query and mutate email applications", () => {
expect(i.queries).toContain("email_applications");
expect(i.mutations).toContain("insert_email_applications");
expect(i.mutations).toContain("insert_email_applications_one");
expect(i.mutations).toContain("update_email_applications_by_pk");
expect(i.mutations).toContain("delete_email_applications");
});
});

describe("platformAdmin", () => {
let i;
beforeAll(async () => {
i = await introspectAs("platformAdmin");
});

test("cannot query email_applications", () => {
expect(i.queries).not.toContain("email_applications");
});

test("cannot create, update, or delete email_applications", () => {
expect(i).toHaveNoMutationsFor("email_applications");
});
});
});
Loading

0 comments on commit 0ffb3d6

Please sign in to comment.