fix(chalice): fixed permissions for EE SA

2024-10-25 16:25:45 +02:00 · 2024-10-25 16:25:45 +02:00 · b77e048711
commit b77e048711
parent 439e3fd204
3 changed files with 7 additions and 4 deletions
--- a/ee/api/routers/core_dynamic.py
+++ b/ee/api/routers/core_dynamic.py
@ -337,7 +337,8 @@ def get_error_trace(projectId: int, sessionId: int, errorId: str,
    }


-@app.get('/{projectId}/errors/{errorId}', tags=['errors'], dependencies=[OR_scope(Permissions.dev_tools)])
+@app.get('/{projectId}/errors/{errorId}', tags=['errors'],
+         dependencies=[OR_scope(Permissions.dev_tools, ServicePermissions.dev_tools)])
 def errors_get_details(projectId: int, errorId: str, background_tasks: BackgroundTasks, density24: int = 24,
                       density30: int = 30, context: schemas.CurrentContext = Depends(OR_context)):
    data = errors.get_details(project_id=projectId, user_id=context.user_id, error_id=errorId,
@ -348,7 +349,8 @@ def errors_get_details(projectId: int, errorId: str, background_tasks: Backgroun
    return data


-@app.get('/{projectId}/errors/{errorId}/sourcemaps', tags=['errors'], dependencies=[OR_scope(Permissions.dev_tools)])
+@app.get('/{projectId}/errors/{errorId}/sourcemaps', tags=['errors'],
+         dependencies=[OR_scope(Permissions.dev_tools, ServicePermissions.dev_tools)])
 def errors_get_details_sourcemaps(projectId: int, errorId: str,
                                  context: schemas.CurrentContext = Depends(OR_context)):
    data = errors.get_trace(project_id=projectId, error_id=errorId)
@ -526,7 +528,7 @@ def create_note(projectId: int, sessionId: int, data: schemas.SessionNoteSchema


@app.get('/{projectId}/sessions/{sessionId}/notes', tags=["sessions", "notes"],
-         dependencies=[OR_scope(Permissions.session_replay)])
+         dependencies=[OR_scope(Permissions.session_replay, ServicePermissions.read_notes)])
 def get_session_notes(projectId: int, sessionId: int, context: schemas.CurrentContext = Depends(OR_context)):
    data = sessions_notes.get_session_notes(tenant_id=context.tenant_id, project_id=projectId,
                                            session_id=sessionId, user_id=context.user_id)
--- a/ee/api/schemas/schemas_ee.py
+++ b/ee/api/schemas/schemas_ee.py
@ -23,6 +23,7 @@ class ServicePermissions(str, Enum):
    dev_tools = "SERVICE_DEV_TOOLS"
    assist_live = "SERVICE_ASSIST_LIVE"
    assist_call = "SERVICE_ASSIST_CALL"
+    read_notes = "SERVICE_READ_NOTES"


 class CurrentContext(schemas.CurrentContext):
--- a/ee/scripts/schema/db/init_dbs/postgresql/1.19.0/1.19.0.sql
+++ b/ee/scripts/schema/db/init_dbs/postgresql/1.19.0/1.19.0.sql
@ -50,7 +50,7 @@ SET metric_type='heatMap',
 WHERE metric_type = 'clickMap';

 UPDATE public.roles
-SET permissions='{SERVICE_SESSION_REPLAY,SERVICE_DEV_TOOLS,SERVICE_ASSIST_LIVE,SERVICE_ASSIST_CALL}'
+SET permissions='{SERVICE_SESSION_REPLAY,SERVICE_DEV_TOOLS,SERVICE_ASSIST_LIVE,SERVICE_ASSIST_CALL,SERVICE_READ_NOTES}'
 WHERE service_role;

 UPDATE public.users