diff --git a/ee/api/auth/auth_jwt.py b/ee/api/auth/auth_jwt.py index 581a54a92..89d5a80e7 100644 --- a/ee/api/auth/auth_jwt.py +++ b/ee/api/auth/auth_jwt.py @@ -20,8 +20,6 @@ def _get_current_auth_context(request: Request, jwt_payload: dict) -> schemas.Cu logger.warning("User not found.") raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="User not found.") request.state.authorizer_identity = "jwt" - if user["serviceAccount"]: - user["permissions"] = [p.value for p in schemas.ServicePermissions] request.state.currentContext = schemas.CurrentContext(tenantId=jwt_payload.get("tenantId", -1), userId=jwt_payload.get("userId", -1), email=user["email"], diff --git a/ee/api/chalicelib/core/roles.py b/ee/api/chalicelib/core/roles.py index 90035ebe8..f22262cd5 100644 --- a/ee/api/chalicelib/core/roles.py +++ b/ee/api/chalicelib/core/roles.py @@ -121,6 +121,7 @@ def get_roles(tenant_id): AND projects.deleted_at ISNULL ) AS role_projects ON (TRUE) WHERE tenant_id =%(tenant_id)s AND deleted_at IS NULL + AND not service_role ORDER BY role_id;""", {"tenant_id": tenant_id}) cur.execute(query=query) diff --git a/ee/scripts/schema/db/init_dbs/postgresql/1.18.0/1.18.0.sql b/ee/scripts/schema/db/init_dbs/postgresql/1.18.0/1.18.0.sql index b92757bcd..bc9baeff1 100644 --- a/ee/scripts/schema/db/init_dbs/postgresql/1.18.0/1.18.0.sql +++ b/ee/scripts/schema/db/init_dbs/postgresql/1.18.0/1.18.0.sql @@ -29,6 +29,10 @@ ALTER TABLE IF EXISTS public.sessions CREATE INDEX IF NOT EXISTS graphql_session_id_idx ON events.graphql (session_id); CREATE INDEX IF NOT EXISTS crashes_session_id_idx ON events_common.crashes (session_id); +UPDATE public.roles +SET permissions='{SERVICE_SESSION_REPLAY,SERVICE_DEV_TOOLS,SERVICE_ASSIST_LIVE,SERVICE_ASSIST_CALL}' +WHERE service_role; + COMMIT; \elif :is_next