From 2ff0d164fbe303c446c6d8c7edc1aa8c49df29ff Mon Sep 17 00:00:00 2001
From: Taha Yassine Kraiem <tahayk2@gmail.com>
Date: Thu, 4 Jul 2024 14:25:52 +0200
Subject: [PATCH] fix(chalice): changed s-permissions fix(DB): changed
 s-permissions

(cherry picked from commit 389ec4a8fcb9933492286da4d71dc5d49972f676)
---
 ee/api/auth/auth_jwt.py                                    | 2 --
 ee/api/chalicelib/core/roles.py                            | 1 +
 ee/scripts/schema/db/init_dbs/postgresql/1.18.0/1.18.0.sql | 4 ++++
 3 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/ee/api/auth/auth_jwt.py b/ee/api/auth/auth_jwt.py
index 581a54a92..89d5a80e7 100644
--- a/ee/api/auth/auth_jwt.py
+++ b/ee/api/auth/auth_jwt.py
@@ -20,8 +20,6 @@ def _get_current_auth_context(request: Request, jwt_payload: dict) -> schemas.Cu
         logger.warning("User not found.")
         raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="User not found.")
     request.state.authorizer_identity = "jwt"
-    if user["serviceAccount"]:
-        user["permissions"] = [p.value for p in schemas.ServicePermissions]
     request.state.currentContext = schemas.CurrentContext(tenantId=jwt_payload.get("tenantId", -1),
                                                           userId=jwt_payload.get("userId", -1),
                                                           email=user["email"],
diff --git a/ee/api/chalicelib/core/roles.py b/ee/api/chalicelib/core/roles.py
index 90035ebe8..f22262cd5 100644
--- a/ee/api/chalicelib/core/roles.py
+++ b/ee/api/chalicelib/core/roles.py
@@ -121,6 +121,7 @@ def get_roles(tenant_id):
                                                           AND projects.deleted_at ISNULL ) AS role_projects ON (TRUE)
                                WHERE tenant_id =%(tenant_id)s
                                     AND deleted_at IS NULL
+                                    AND not service_role
                                ORDER BY role_id;""",
                             {"tenant_id": tenant_id})
         cur.execute(query=query)
diff --git a/ee/scripts/schema/db/init_dbs/postgresql/1.18.0/1.18.0.sql b/ee/scripts/schema/db/init_dbs/postgresql/1.18.0/1.18.0.sql
index b92757bcd..bc9baeff1 100644
--- a/ee/scripts/schema/db/init_dbs/postgresql/1.18.0/1.18.0.sql
+++ b/ee/scripts/schema/db/init_dbs/postgresql/1.18.0/1.18.0.sql
@@ -29,6 +29,10 @@ ALTER TABLE IF EXISTS public.sessions
 CREATE INDEX IF NOT EXISTS graphql_session_id_idx ON events.graphql (session_id);
 CREATE INDEX IF NOT EXISTS crashes_session_id_idx ON events_common.crashes (session_id);
 
+UPDATE public.roles
+SET permissions='{SERVICE_SESSION_REPLAY,SERVICE_DEV_TOOLS,SERVICE_ASSIST_LIVE,SERVICE_ASSIST_CALL}'
+WHERE service_role;
+
 COMMIT;
 
 \elif :is_next