feat: Add DatasetGroupPermission model and schema

- Introduced a new `DatasetGroupPermission` struct in `models.rs` to represent permissions associated with dataset groups. - Updated the database schema in `schema.rs` to include the `dataset_groups_permissions` table, defining its structure and relationships. - Modified the `is_user_workspace_admin_or_data_admin` function in `checks.rs` to correctly reference the user's organization role, enhancing role validation logic.
2025-01-20 15:24:34 -07:00 · 2025-01-20 15:24:34 -07:00 · b9b5146299
parent c4c7b75306
commit b9b5146299
5 changed files with 50 additions and 1 deletions
--- a/api/migrations/2025-01-20-221752_add_dataset_gropus_to_permission_groups_and_users/down.sql
+++ b/api/migrations/2025-01-20-221752_add_dataset_gropus_to_permission_groups_and_users/down.sql
@ -0,0 +1,6 @@
+-- This file should undo anything in `up.sql`
+DROP TRIGGER IF EXISTS update_dataset_groups_permissions_updated_at ON dataset_groups_permissions;
+DROP INDEX IF EXISTS dataset_groups_permissions_organization_id_idx;
+DROP INDEX IF EXISTS dataset_groups_permissions_permission_id_idx;
+DROP INDEX IF EXISTS dataset_groups_permissions_dataset_group_id_idx;
+DROP TABLE IF EXISTS dataset_groups_permissions;
--- a/api/migrations/2025-01-20-221752_add_dataset_gropus_to_permission_groups_and_users/up.sql
+++ b/api/migrations/2025-01-20-221752_add_dataset_gropus_to_permission_groups_and_users/up.sql
@ -0,0 +1,15 @@
+-- Your SQL goes here
+CREATE TABLE dataset_groups_permissions (
+    id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+    dataset_group_id UUID NOT NULL REFERENCES dataset_groups(id),
+    permission_id UUID NOT NULL,
+    permission_type VARCHAR NOT NULL,
+    organization_id UUID NOT NULL REFERENCES organizations(id),
+    created_at TIMESTAMP WITH TIME ZONE NOT NULL DEFAULT NOW(),
+    updated_at TIMESTAMP WITH TIME ZONE NOT NULL DEFAULT NOW(),
+    deleted_at TIMESTAMP WITH TIME ZONE
+);
+
+CREATE INDEX dataset_groups_permissions_dataset_group_id_idx ON dataset_groups_permissions(dataset_group_id);
+CREATE INDEX dataset_groups_permissions_permission_id_idx ON dataset_groups_permissions(permission_id);
+CREATE INDEX dataset_groups_permissions_organization_id_idx ON dataset_groups_permissions(organization_id);
--- a/api/src/database/models.rs
+++ b/api/src/database/models.rs
@ -523,3 +523,15 @@ pub struct DatasetPermission {
    pub updated_at: DateTime<Utc>,
    pub deleted_at: Option<DateTime<Utc>>,
 }
+
+#[derive(Queryable, Insertable, Debug)]
+#[diesel(table_name = dataset_groups_permissions)]
+pub struct DatasetGroupPermission {
+    pub id: Uuid,
+    pub dataset_group_id: Uuid,
+    pub permission_id: Uuid,
+    pub permission_type: String,
+    pub created_at: DateTime<Utc>,
+    pub updated_at: DateTime<Utc>,
+    pub deleted_at: Option<DateTime<Utc>>,
+}
--- a/api/src/database/schema.rs
+++ b/api/src/database/schema.rs
@ -201,6 +201,19 @@ diesel::table! {
    }
 }

+diesel::table! {
+    dataset_groups_permissions (id) {
+        id -> Uuid,
+        dataset_group_id -> Uuid,
+        permission_id -> Uuid,
+        permission_type -> Varchar,
+        organization_id -> Uuid,
+        created_at -> Timestamptz,
+        updated_at -> Timestamptz,
+        deleted_at -> Nullable<Timestamptz>,
+    }
+}
+
 diesel::table! {
    dataset_permissions (id) {
        id -> Uuid,
@ -506,6 +519,8 @@ diesel::joinable!(dashboard_versions -> dashboards (dashboard_id));
 diesel::joinable!(dashboards -> organizations (organization_id));
 diesel::joinable!(data_sources -> organizations (organization_id));
 diesel::joinable!(dataset_groups -> organizations (organization_id));
+diesel::joinable!(dataset_groups_permissions -> dataset_groups (dataset_group_id));
+diesel::joinable!(dataset_groups_permissions -> organizations (organization_id));
 diesel::joinable!(dataset_permissions -> datasets (dataset_id));
 diesel::joinable!(dataset_permissions -> organizations (organization_id));
 diesel::joinable!(datasets -> data_sources (data_source_id));
@ -544,6 +559,7 @@ diesel::allow_tables_to_appear_in_same_query!(
    data_sources,
    dataset_columns,
    dataset_groups,
+    dataset_groups_permissions,
    dataset_permissions,
    datasets,
    datasets_to_dataset_groups,
--- a/api/src/utils/security/checks.rs
+++ b/api/src/utils/security/checks.rs
@ -25,7 +25,7 @@ pub async fn is_user_workspace_admin_or_data_admin(
        None => return Err(anyhow::anyhow!("User organization id not found")),
    };

-    let user_role = match user.attributes.get("role") {
+    let user_role = match user.attributes.get("organization_role") {
        Some(Value::String(role)) => role,
        Some(_) => return Err(anyhow::anyhow!("User role not found")),
        None => return Err(anyhow::anyhow!("User role not found")),