Implement rbac permissions for multi tenants - #2663 (!1505) · Merge requests · Minds / Minds Backend

Mark Harding requested to merge feat/rbac-2663 into master Nov 14, 2023

Ticket(s) / Related Merge Requests

Summary of Changes

Implements RBAC for multi tenants to assign roles and permissions

Testing Considerations

Queries:

query {
  allRoles {
    id
    name
    permissions
  }
  allPermissions
  
  assignedRoles {
    id
    name
    permissions
  }
  
  assignedPermissions
}

Response:

{
  "data": {
    "allRoles": [
      {
        "id": 0,
        "name": "OWNER",
        "permissions": [
          "CAN_ASSIGN_PERMISSIONS",
          "CAN_UPLOAD_VIDEO"
        ]
      },
      {
        "id": 1,
        "name": "ADMIN",
        "permissions": [
          "CAN_BOOST"
        ]
      },
      {
        "id": 2,
        "name": "MODERATOR",
        "permissions": [
          "CAN_CREATE_POST",
          "CAN_COMMENT",
          "CAN_CREATE_GROUP",
          "CAN_UPLOAD_VIDEO",
          "CAN_INTERACT",
          "CAN_BOOST"
        ]
      },
      {
        "id": 3,
        "name": "VERIFIED",
        "permissions": [
          "CAN_CREATE_POST",
          "CAN_COMMENT",
          "CAN_CREATE_GROUP",
          "CAN_UPLOAD_VIDEO",
          "CAN_INTERACT",
          "CAN_BOOST"
        ]
      },
      {
        "id": 4,
        "name": "DEFAULT",
        "permissions": [
          "CAN_CREATE_POST"
        ]
      }
    ],
    "allPermissions": [
      "CAN_CREATE_POST",
      "CAN_UPLOAD_VIDEO",
      "CAN_COMMENT",
      "CAN_INTERACT",
      "CAN_CREATE_GROUP",
      "CAN_BOOST",
      "CAN_ASSIGN_PERMISSIONS"
    ],
    "assignedRoles": [
      {
        "id": 0,
        "name": "OWNER",
        "permissions": [
          "CAN_ASSIGN_PERMISSIONS",
          "CAN_UPLOAD_VIDEO"
        ]
      },
      {
        "id": 4,
        "name": "DEFAULT",
        "permissions": [
          "CAN_CREATE_POST"
        ]
      }
    ],
    "assignedPermissions": [
      "CAN_ASSIGN_PERMISSIONS",
      "CAN_UPLOAD_VIDEO",
      "CAN_CREATE_POST"
    ]
  }
}

Mutations:

mutation {
  assignUserToRole(userGuid: "1570837478858821634", roleId:1) {
    id
    name
  	permissions
  }
  unassignUserFromRole(userGuid: "1570837478858821634", roleId:1)
    
  setRolePermission(
    permission: CAN_BOOST,
    roleId: 1,
    enabled: true
  ) {
    permissions
  }
}

Deployment Considerations

CREATE TABLE  IF NOT EXISTS  minds_role_permissions(
    `tenant_id` int,
    `permission_id` varchar(64),
    `role_id` tinyint,
    `created_at` timestamp DEFAULT CURRENT_TIMESTAMP(),
    PRIMARY KEY (`tenant_id`, `permission_id`, `role_id`)
);

CREATE TABLE  IF NOT EXISTS  minds_role_user_assignments(
    `tenant_id` int,
    `role_id` tinyint,
    `user_guid` bigint,
    `created_at` timestamp DEFAULT CURRENT_TIMESTAMP(),
    PRIMARY KEY (`tenant_id`, `role_id`, `user_guid`)
);

Implement rbac permissions for multi tenants - #2663

Ticket(s) / Related Merge Requests

Summary of Changes

Testing Considerations

Deployment Considerations

Regression Scope

Platform Affected (web, mobile, etc)

Developer Testing Completed

Screenshots / Screen Recording

Does this impact

Definition of Done Checklist

Implement rbac permissions for multi tenants - #2663

Ticket(s) / Related Merge Requests

Summary of Changes

Testing Considerations

Deployment Considerations

Regression Scope

Platform Affected (web, mobile, etc)

Developer Testing Completed

Screenshots / Screen Recording

Does this impact

Definition of Done Checklist

Merge request reports