feat(api): changed roles permissions

2021-12-03 17:44:56 +01:00 · 2021-12-03 17:44:56 +01:00 · db4b2c5a62
commit db4b2c5a62
parent 84de52a178
3 changed files with 8 additions and 17 deletions
--- a/ee/api/chalicelib/core/signup.py
+++ b/ee/api/chalicelib/core/signup.py
@ -70,9 +70,8 @@ def create_step1(data):
            ),
                 r AS (
                     INSERT INTO public.roles(tenant_id, name, description, permissions, protected)
-                        VALUES ((SELECT tenant_id FROM t), 'Owner', 'The company''s owner', '{}'::text[], TRUE),
-                               ((SELECT tenant_id FROM t), 'Admin', 'Admin member', '{}'::text[], TRUE),
-                               ((SELECT tenant_id FROM t), 'Member', 'A member', '{}'::text[], TRUE)
+                        VALUES ((SELECT tenant_id FROM t), 'Owner', 'Owner', '{"SESSION_REPLAY", "DEV_TOOLS", "ERRORS", "METRICS", "ASSIST_LIVE", "ASSIST_CALL"}'::text[], TRUE),
+                               ((SELECT tenant_id FROM t), 'Member', 'Member', '{"SESSION_REPLAY", "DEV_TOOLS", "ERRORS", "METRICS", "ASSIST_LIVE", "ASSIST_CALL"}'::text[], FALSE)
                        RETURNING *
                 ),
                 u AS (
--- a/ee/api/chalicelib/core/users.py
+++ b/ee/api/chalicelib/core/users.py
@ -448,7 +448,7 @@ def change_password(tenant_id, user_id, email, old_password, new_password):
    if item is None:
        return {"errors": ["access denied"]}
    if item["origin"] is not None and item["hasPassword"] is False:
-        return {"errors": ["cannot change your password because you are logged-in form an SSO service"]}
+        return {"errors": ["cannot change your password because you are logged-in from an SSO service"]}
    if old_password == new_password:
        return {"errors": ["old and new password are the same"]}
    auth = authenticate(email, old_password, for_change_password=True)
--- a/ee/scripts/helm/db/init_dbs/postgresql/1.3.6/1.3.6.sql
+++ b/ee/scripts/helm/db/init_dbs/postgresql/1.3.6/1.3.6.sql
@ -24,9 +24,10 @@ CREATE TABLE roles
 INSERT INTO roles(tenant_id, name, description, permissions, protected)
 SELECT *
 FROM (SELECT tenant_id FROM tenants) AS tenants,
-     (VALUES ('Owner', 'The company''s owner', '{}'::text[], TRUE),
-             ('Admin', 'Admin member', '{}'::text[], TRUE),
-             ('Member', 'A member', '{}'::text[], TRUE)
+     (VALUES ('Owner', 'Owner',
+              '{"SESSION_REPLAY", "DEV_TOOLS", "ERRORS", "METRICS", "ASSIST_LIVE", "ASSIST_CALL"}'::text[], TRUE),
+             ('Member', 'Member',
+              '{"SESSION_REPLAY", "DEV_TOOLS", "ERRORS", "METRICS", "ASSIST_LIVE", "ASSIST_CALL"}'::text[], FALSE)
     ) AS default_roles(name, description, permissions, protected);


@ -42,15 +43,6 @@ FROM (SELECT tenant_id, role_id
 WHERE users.tenant_id = r.tenant_id
  AND users.role = 'owner';

-UPDATE users
-SET role_id = r.role_id
-FROM (SELECT tenant_id, role_id
-      FROM tenants
-               INNER JOIN roles USING (tenant_id)
-      WHERE roles.name = 'Admin') AS r(tenant_id, role_id)
-WHERE users.tenant_id = r.tenant_id
-  AND users.role = 'admin';
-
 UPDATE users
 SET role_id = r.role_id
 FROM (SELECT tenant_id, role_id
@ -58,7 +50,7 @@ FROM (SELECT tenant_id, role_id
               INNER JOIN roles USING (tenant_id)
      WHERE roles.name = 'Member') AS r(tenant_id, role_id)
 WHERE users.tenant_id = r.tenant_id
-  AND users.role = 'member';
+  AND users.role != 'owner';

 DO
 $$