From 6af55895e8ae03c1c05cf7d311654761f0e52426 Mon Sep 17 00:00:00 2001 From: BilalG1 Date: Thu, 13 Nov 2025 14:54:13 -0800 Subject: [PATCH] fix team permissions (#1016) ## Summary by CodeRabbit * **Chores** * Enhanced permission definition management system with improved handling for permission configurations, ensuring better system reliability and consistency. --------- Co-authored-by: ArvindParekh --- apps/backend/prisma/seed.ts | 12 ++++----- apps/backend/src/lib/permissions.tsx | 39 ++++++++++++++++++++++++++++ 2 files changed, 44 insertions(+), 7 deletions(-) diff --git a/apps/backend/prisma/seed.ts b/apps/backend/prisma/seed.ts index b24333a47..cc4c8024f 100644 --- a/apps/backend/prisma/seed.ts +++ b/apps/backend/prisma/seed.ts @@ -1,7 +1,7 @@ /* eslint-disable no-restricted-syntax */ import { usersCrudHandlers } from '@/app/api/latest/users/crud'; import { overrideEnvironmentConfigOverride } from '@/lib/config'; -import { grantTeamPermission, updatePermissionDefinition } from '@/lib/permissions'; +import { ensurePermissionDefinition, grantTeamPermission } from '@/lib/permissions'; import { createOrUpdateProjectWithLegacyConfig, getProject } from '@/lib/projects'; import { DEFAULT_BRANCH_ID, getSoleTenancyFromProjectBranch } from '@/lib/tenancies'; import { getPrismaClientForTenancy, globalPrismaClient } from '@/prisma-client'; @@ -203,30 +203,28 @@ export async function seed() { } }); - await updatePermissionDefinition( + await ensurePermissionDefinition( globalPrismaClient, internalPrisma, { - oldId: "team_member", + id: "team_member", scope: "team", tenancy: internalTenancy, data: { - id: "team_member", description: "1", contained_permission_ids: ["$read_members"], } } ); const updatedInternalTenancy = await getSoleTenancyFromProjectBranch("internal", DEFAULT_BRANCH_ID); - await updatePermissionDefinition( + await ensurePermissionDefinition( globalPrismaClient, internalPrisma, { - oldId: "team_admin", + id: "team_admin", scope: "team", tenancy: updatedInternalTenancy, data: { - id: "team_admin", description: "2", contained_permission_ids: ["$read_members", "$remove_members", "$update_team"], } diff --git a/apps/backend/src/lib/permissions.tsx b/apps/backend/src/lib/permissions.tsx index 785ff71c5..80f55d76a 100644 --- a/apps/backend/src/lib/permissions.tsx +++ b/apps/backend/src/lib/permissions.tsx @@ -334,6 +334,45 @@ export async function updatePermissionDefinition( }; } +export async function ensurePermissionDefinition( + globalTx: PrismaTransaction, + sourceOfTruthTx: PrismaTransaction, + options: { + scope: "team" | "project", + tenancy: Tenancy, + id: string, + data: { + description?: string, + contained_permission_ids?: string[], + }, + } +) { + const existingPermission = getOrUndefined(options.tenancy.config.rbac.permissions, options.id); + + if (existingPermission) { + return await updatePermissionDefinition(globalTx, sourceOfTruthTx, { + scope: options.scope, + tenancy: options.tenancy, + oldId: options.id, + data: { + id: options.id, + description: options.data.description, + contained_permission_ids: options.data.contained_permission_ids, + }, + }); + } else { + return await createPermissionDefinition(globalTx, { + scope: options.scope, + tenancy: options.tenancy, + data: { + id: options.id, + description: options.data.description, + contained_permission_ids: options.data.contained_permission_ids, + }, + }); + } +} + export async function deletePermissionDefinition( globalTx: PrismaTransaction, sourceOfTruthTx: PrismaTransaction,