migration 030-add-read-system-info-permissions

ngageoint · Sep 1, 2023 · ae3d0c9 · ae3d0c9
1 parent aa6a4c2
commit ae3d0c9
Show file tree

Hide file tree

Showing 3 changed files with 44 additions and 20 deletions.
diff --git a/service/src/entities/authorization/entities.permissions.ts b/service/src/entities/authorization/entities.permissions.ts
@@ -95,19 +95,19 @@ export enum StaticIconPermission {
 }
 
 export const allPermissions = Object.freeze({
-         ...DevicePermission,
-         ...UsersPermission,
-         ...RolePermission,
-         ...MageEventPermission,
-         ...LayerPermission,
-         ...ObservationPermission,
-         ...LocationPermission,
-         ...TeamPermission,
-         ...SettingPermission,
-         ...FeedsPermission,
-         ...StaticIconPermission,
-         ...SystemInfoPermission
-       });
+  ...DevicePermission,
+  ...UsersPermission,
+  ...RolePermission,
+  ...MageEventPermission,
+  ...LayerPermission,
+  ...ObservationPermission,
+  ...LocationPermission,
+  ...TeamPermission,
+  ...SettingPermission,
+  ...FeedsPermission,
+  ...StaticIconPermission,
+  ...SystemInfoPermission
+});
 
 export type AnyPermission =
   | DevicePermission

diff --git a/service/src/migrations/030-add-read-system-info-permissions.js b/service/src/migrations/030-add-read-system-info-permissions.js
@@ -0,0 +1,29 @@
+const mongoose = require('mongoose');
+const RoleModel = mongoose.model('Role');
+
+exports.id = 'add-read-system-info-permission';
+
+exports.up = function(done) {
+  this.log('adding READ_SYSTEM_INFO permission to ADMIN_ROLE ...');
+
+  // Use $addToSet to ensure the permission is only added if it doesn't exist
+  RoleModel.updateOne(
+    { name: 'ADMIN_ROLE' },
+    { $addToSet: { permissions: 'READ_SYSTEM_INFO' } },
+    function(err) {
+      done(err);
+    }
+  );
+};
+
+exports.down = function(done) {
+  this.log('removing READ_SYSTEM_INFO permission from ADMIN_ROLE ...');
+
+  RoleModel.updateOne(
+    { name: 'ADMIN_ROLE' },
+    { $pull: { permissions: 'READ_SYSTEM_INFO' } },
+    function(err) {
+      done(err);
+    }
+  );
+};
diff --git a/service/test/permissions/permissions.systemInfo.test.ts b/service/test/permissions/permissions.systemInfo.test.ts
@@ -35,9 +35,7 @@ describe('system info role-based permission service', function() {
 
     expect(denied?.code).to.equal(ErrPermissionDenied);
     expect(denied?.data.subject).to.equal('neverever');
-    expect(denied?.data.permission).to.equal(
-      SystemInfoPermission.READ_SYSTEM_INFO
-    );
+    expect(denied?.data.permission).to.equal(SystemInfoPermission.READ_SYSTEM_INFO);
     expect(denied?.data.object).to.equal('SystemInfo');
   });
 
@@ -48,10 +46,7 @@ describe('system info role-based permission service', function() {
         return ({
           username: 'haspermission',
           roleId: {
-            permissions: [
-              allPermissions.READ_SYSTEM_INFO,
-              SystemInfoPermission.READ_SYSTEM_INFO
-            ]
+            permissions: [ SystemInfoPermission.READ_SYSTEM_INFO ]
           }
         } as unknown) as UserWithRole;
       },