From b9b5146299f1e5055e16a410a273b39b9c2b55ff Mon Sep 17 00:00:00 2001 From: dal Date: Mon, 20 Jan 2025 15:24:34 -0700 Subject: [PATCH] feat: Add DatasetGroupPermission model and schema - Introduced a new `DatasetGroupPermission` struct in `models.rs` to represent permissions associated with dataset groups. - Updated the database schema in `schema.rs` to include the `dataset_groups_permissions` table, defining its structure and relationships. - Modified the `is_user_workspace_admin_or_data_admin` function in `checks.rs` to correctly reference the user's organization role, enhancing role validation logic. --- .../down.sql | 6 ++++++ .../up.sql | 15 +++++++++++++++ api/src/database/models.rs | 12 ++++++++++++ api/src/database/schema.rs | 16 ++++++++++++++++ api/src/utils/security/checks.rs | 2 +- 5 files changed, 50 insertions(+), 1 deletion(-) create mode 100644 api/migrations/2025-01-20-221752_add_dataset_gropus_to_permission_groups_and_users/down.sql create mode 100644 api/migrations/2025-01-20-221752_add_dataset_gropus_to_permission_groups_and_users/up.sql diff --git a/api/migrations/2025-01-20-221752_add_dataset_gropus_to_permission_groups_and_users/down.sql b/api/migrations/2025-01-20-221752_add_dataset_gropus_to_permission_groups_and_users/down.sql new file mode 100644 index 000000000..b21bff40b --- /dev/null +++ b/api/migrations/2025-01-20-221752_add_dataset_gropus_to_permission_groups_and_users/down.sql @@ -0,0 +1,6 @@ +-- This file should undo anything in `up.sql` +DROP TRIGGER IF EXISTS update_dataset_groups_permissions_updated_at ON dataset_groups_permissions; +DROP INDEX IF EXISTS dataset_groups_permissions_organization_id_idx; +DROP INDEX IF EXISTS dataset_groups_permissions_permission_id_idx; +DROP INDEX IF EXISTS dataset_groups_permissions_dataset_group_id_idx; +DROP TABLE IF EXISTS dataset_groups_permissions; diff --git a/api/migrations/2025-01-20-221752_add_dataset_gropus_to_permission_groups_and_users/up.sql b/api/migrations/2025-01-20-221752_add_dataset_gropus_to_permission_groups_and_users/up.sql new file mode 100644 index 000000000..d2d538ea8 --- /dev/null +++ b/api/migrations/2025-01-20-221752_add_dataset_gropus_to_permission_groups_and_users/up.sql @@ -0,0 +1,15 @@ +-- Your SQL goes here +CREATE TABLE dataset_groups_permissions ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + dataset_group_id UUID NOT NULL REFERENCES dataset_groups(id), + permission_id UUID NOT NULL, + permission_type VARCHAR NOT NULL, + organization_id UUID NOT NULL REFERENCES organizations(id), + created_at TIMESTAMP WITH TIME ZONE NOT NULL DEFAULT NOW(), + updated_at TIMESTAMP WITH TIME ZONE NOT NULL DEFAULT NOW(), + deleted_at TIMESTAMP WITH TIME ZONE +); + +CREATE INDEX dataset_groups_permissions_dataset_group_id_idx ON dataset_groups_permissions(dataset_group_id); +CREATE INDEX dataset_groups_permissions_permission_id_idx ON dataset_groups_permissions(permission_id); +CREATE INDEX dataset_groups_permissions_organization_id_idx ON dataset_groups_permissions(organization_id); \ No newline at end of file diff --git a/api/src/database/models.rs b/api/src/database/models.rs index d51b7a373..fc0b54d55 100644 --- a/api/src/database/models.rs +++ b/api/src/database/models.rs @@ -523,3 +523,15 @@ pub struct DatasetPermission { pub updated_at: DateTime, pub deleted_at: Option>, } + +#[derive(Queryable, Insertable, Debug)] +#[diesel(table_name = dataset_groups_permissions)] +pub struct DatasetGroupPermission { + pub id: Uuid, + pub dataset_group_id: Uuid, + pub permission_id: Uuid, + pub permission_type: String, + pub created_at: DateTime, + pub updated_at: DateTime, + pub deleted_at: Option>, +} diff --git a/api/src/database/schema.rs b/api/src/database/schema.rs index 1f9314a15..8dac857e8 100644 --- a/api/src/database/schema.rs +++ b/api/src/database/schema.rs @@ -201,6 +201,19 @@ diesel::table! { } } +diesel::table! { + dataset_groups_permissions (id) { + id -> Uuid, + dataset_group_id -> Uuid, + permission_id -> Uuid, + permission_type -> Varchar, + organization_id -> Uuid, + created_at -> Timestamptz, + updated_at -> Timestamptz, + deleted_at -> Nullable, + } +} + diesel::table! { dataset_permissions (id) { id -> Uuid, @@ -506,6 +519,8 @@ diesel::joinable!(dashboard_versions -> dashboards (dashboard_id)); diesel::joinable!(dashboards -> organizations (organization_id)); diesel::joinable!(data_sources -> organizations (organization_id)); diesel::joinable!(dataset_groups -> organizations (organization_id)); +diesel::joinable!(dataset_groups_permissions -> dataset_groups (dataset_group_id)); +diesel::joinable!(dataset_groups_permissions -> organizations (organization_id)); diesel::joinable!(dataset_permissions -> datasets (dataset_id)); diesel::joinable!(dataset_permissions -> organizations (organization_id)); diesel::joinable!(datasets -> data_sources (data_source_id)); @@ -544,6 +559,7 @@ diesel::allow_tables_to_appear_in_same_query!( data_sources, dataset_columns, dataset_groups, + dataset_groups_permissions, dataset_permissions, datasets, datasets_to_dataset_groups, diff --git a/api/src/utils/security/checks.rs b/api/src/utils/security/checks.rs index ea17ddea3..9fe639de0 100644 --- a/api/src/utils/security/checks.rs +++ b/api/src/utils/security/checks.rs @@ -25,7 +25,7 @@ pub async fn is_user_workspace_admin_or_data_admin( None => return Err(anyhow::anyhow!("User organization id not found")), }; - let user_role = match user.attributes.get("role") { + let user_role = match user.attributes.get("organization_role") { Some(Value::String(role)) => role, Some(_) => return Err(anyhow::anyhow!("User role not found")), None => return Err(anyhow::anyhow!("User role not found")),