fix(chalice): changed s-permissions

fix(DB): changed s-permissions
2024-07-04 14:25:52 +02:00 · 2024-07-04 14:25:52 +02:00 · 389ec4a8fc
commit 389ec4a8fc
parent 54332f3d48
3 changed files with 5 additions and 2 deletions
--- a/ee/api/auth/auth_jwt.py
+++ b/ee/api/auth/auth_jwt.py
@ -20,8 +20,6 @@ def _get_current_auth_context(request: Request, jwt_payload: dict) -> schemas.Cu
        logger.warning("User not found.")
        raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="User not found.")
    request.state.authorizer_identity = "jwt"
-    if user["serviceAccount"]:
-        user["permissions"] = [p.value for p in schemas.ServicePermissions]
    request.state.currentContext = schemas.CurrentContext(tenantId=jwt_payload.get("tenantId", -1),
                                                          userId=jwt_payload.get("userId", -1),
                                                          email=user["email"],
--- a/ee/api/chalicelib/core/roles.py
+++ b/ee/api/chalicelib/core/roles.py
@ -121,6 +121,7 @@ def get_roles(tenant_id):
                                                          AND projects.deleted_at ISNULL ) AS role_projects ON (TRUE)
                               WHERE tenant_id =%(tenant_id)s
                                    AND deleted_at IS NULL
+                                    AND not service_role
                               ORDER BY role_id;""",
                            {"tenant_id": tenant_id})
        cur.execute(query=query)
--- a/ee/scripts/schema/db/init_dbs/postgresql/1.18.0/1.18.0.sql
+++ b/ee/scripts/schema/db/init_dbs/postgresql/1.18.0/1.18.0.sql
@ -29,6 +29,10 @@ ALTER TABLE IF EXISTS public.sessions
 CREATE INDEX IF NOT EXISTS graphql_session_id_idx ON events.graphql (session_id);
 CREATE INDEX IF NOT EXISTS crashes_session_id_idx ON events_common.crashes (session_id);

+UPDATE public.roles
+SET permissions='{SERVICE_SESSION_REPLAY,SERVICE_DEV_TOOLS,SERVICE_ASSIST_LIVE,SERVICE_ASSIST_CALL}'
+WHERE service_role;
+
 COMMIT;

 \elif :is_next