fix(chalice): fixed permissions for EE SA (#2685)

(cherry picked from commit 6802ddcd93)
2024-10-25 16:35:12 +02:00 · 2024-10-25 16:35:12 +02:00 · 796018eb57
commit 796018eb57
parent c2fc5016e6
4 changed files with 11 additions and 4 deletions
--- a/ee/api/routers/core_dynamic.py
+++ b/ee/api/routers/core_dynamic.py
@ -346,7 +346,8 @@ def get_error_trace(projectId: int, sessionId: int, errorId: str,
    }


-@app.get('/{projectId}/errors/{errorId}', tags=['errors'], dependencies=[OR_scope(Permissions.DEV_TOOLS)])
+@app.get('/{projectId}/errors/{errorId}', tags=['errors'],
+         dependencies=[OR_scope(Permissions.DEV_TOOLS, ServicePermissions.DEV_TOOLS)])
 def errors_get_details(projectId: int, errorId: str, background_tasks: BackgroundTasks, density24: int = 24,
                       density30: int = 30, context: schemas.CurrentContext = Depends(OR_context)):
    data = errors.get_details(project_id=projectId, user_id=context.user_id, error_id=errorId,
@ -357,7 +358,8 @@ def errors_get_details(projectId: int, errorId: str, background_tasks: Backgroun
    return data


-@app.get('/{projectId}/errors/{errorId}/sourcemaps', tags=['errors'], dependencies=[OR_scope(Permissions.DEV_TOOLS)])
+@app.get('/{projectId}/errors/{errorId}/sourcemaps', tags=['errors'],
+         dependencies=[OR_scope(Permissions.DEV_TOOLS, ServicePermissions.DEV_TOOLS)])
 def errors_get_details_sourcemaps(projectId: int, errorId: str,
                                  context: schemas.CurrentContext = Depends(OR_context)):
    data = errors.get_trace(project_id=projectId, error_id=errorId)
@ -523,7 +525,7 @@ def create_note(projectId: int, sessionId: int, data: schemas.SessionNoteSchema


@app.get('/{projectId}/sessions/{sessionId}/notes', tags=["sessions", "notes"],
-         dependencies=[OR_scope(Permissions.SESSION_REPLAY)])
+         dependencies=[OR_scope(Permissions.SESSION_REPLAY, ServicePermissions.READ_NOTES)])
 def get_session_notes(projectId: int, sessionId: int, context: schemas.CurrentContext = Depends(OR_context)):
    data = sessions_notes.get_session_notes(tenant_id=context.tenant_id, project_id=projectId,
                                            session_id=sessionId, user_id=context.user_id)
--- a/ee/api/schemas/schemas_ee.py
+++ b/ee/api/schemas/schemas_ee.py
@ -25,6 +25,7 @@ class ServicePermissions(str, Enum):
    DEV_TOOLS = "SERVICE_DEV_TOOLS"
    ASSIST_LIVE = "SERVICE_ASSIST_LIVE"
    ASSIST_CALL = "SERVICE_ASSIST_CALL"
+    READ_NOTES = "SERVICE_READ_NOTES"


 class CurrentContext(schemas.CurrentContext):
--- a/ee/scripts/schema/db/init_dbs/postgresql/1.19.0/1.19.0.sql
+++ b/ee/scripts/schema/db/init_dbs/postgresql/1.19.0/1.19.0.sql
@ -50,7 +50,7 @@ SET metric_type='heatMap',
 WHERE metric_type = 'clickMap';

 UPDATE public.roles
-SET permissions='{SERVICE_SESSION_REPLAY,SERVICE_DEV_TOOLS,SERVICE_ASSIST_LIVE,SERVICE_ASSIST_CALL}'
+SET permissions='{SERVICE_SESSION_REPLAY,SERVICE_DEV_TOOLS,SERVICE_ASSIST_LIVE,SERVICE_ASSIST_CALL,SERVICE_READ_NOTES}'
 WHERE service_role;

 UPDATE public.users
--- a/ee/scripts/schema/db/init_dbs/postgresql/1.20.0/1.20.0.sql
+++ b/ee/scripts/schema/db/init_dbs/postgresql/1.20.0/1.20.0.sql
@ -33,6 +33,10 @@ WHERE NOT permissions @> '{SPOT_PUBLIC}'
  AND NOT service_role;
 --   AND name ILIKE 'owner';

+UPDATE public.roles
+SET permissions='{SERVICE_SESSION_REPLAY,SERVICE_DEV_TOOLS,SERVICE_ASSIST_LIVE,SERVICE_ASSIST_CALL,SERVICE_READ_NOTES}'
+WHERE service_role;
+
 ALTER TABLE IF EXISTS public.users
    ADD COLUMN IF NOT EXISTS spot_jwt_iat         timestamp without time zone NULL DEFAULT NULL,
    ADD COLUMN IF NOT EXISTS spot_jwt_refresh_jti integer                     NULL DEFAULT NULL,