Refactor the upgrade function to use the permission properties in channels and roles defined in channels?

drizzentic · drizzentic · commit 1c6a39dbb3d9 · 2024-10-17T09:00:50.000+03:00
diff --git a/src/upgradeDB.js b/src/upgradeDB.js
@@ -10,6 +10,7 @@ import {UserModel} from './model/users'
 import {VisualizerModel} from './model/visualizer'
 import {PassportModel} from './model/passport'
 import {RoleModel, roles} from './model/role'
+import {ChannelModel} from './model/channels'
 
 function dedupName(name, names, num) {
   let newName
@@ -301,40 +302,82 @@ upgradeFuncs.push({
   func() {
     return new Promise(async (resolve, reject) => {
       try {
-        // Create default roles with permissions
-        for (const [roleName, roleData] of Object.entries(roles)) {
+        // Fetch channels and get the role names with their associated channels
+        const channels = await ChannelModel.find()
+        const existingRoles = JSON.parse(JSON.stringify(roles)) // Deep clone the roles object
+
+        channels.forEach(channel => {
+          if (Array.isArray(channel.allow)) {
+            if (channel.txViewAcl && channel.txViewAcl.length > 0) {
+              channel.txViewAcl.forEach(role => {
+                if (!existingRoles[role]) {
+                  existingRoles[role] = { permissions: {} }
+                }
+                if (!existingRoles[role].permissions['transaction-view-specified']) {
+                  existingRoles[role].permissions['transaction-view-specified'] = []
+                }
+                existingRoles[role].permissions['transaction-view-specified'].push(channel.name)
+                if (!existingRoles[role].permissions['channel-view-specified']) {
+                  existingRoles[role].permissions['channel-view-specified'] = []
+                }
+                existingRoles[role].permissions['channel-view-specified'].push(channel.name)
+                existingRoles[role].permissions['client-view-all'] = true
+              })
+            }
+            if (channel.txRerunAcl && channel.txRerunAcl.length > 0) {
+              channel.txRerunAcl.forEach(role => {
+                if (!existingRoles[role]) {
+                  existingRoles[role] = { permissions: {} }
+                }
+                if (!existingRoles[role].permissions['transaction-rerun-specified']) {
+                  existingRoles[role].permissions['transaction-rerun-specified'] = []
+                }
+                existingRoles[role].permissions['transaction-rerun-specified'].push(channel.name)
+                if (!existingRoles[role].permissions['channel-view-specified']) {
+                  existingRoles[role].permissions['channel-view-specified'] = []
+                }
+                existingRoles[role].permissions['channel-view-specified'].push(channel.name)
+                existingRoles[role].permissions['client-view-all'] = true
+              })
+            }
+            if (channel.txViewFullAcl && channel.txViewFullAcl.length > 0) {
+              channel.txViewFullAcl.forEach(role => {
+                if (!existingRoles[role]) {
+                  existingRoles[role] = { permissions: {} }
+                }
+                if (!existingRoles[role].permissions['transaction-view-body-specified']) {
+                  existingRoles[role].permissions['transaction-view-body-specified'] = []
+                }
+                existingRoles[role].permissions['transaction-view-body-specified'].push(channel.name)
+                if (!existingRoles[role].permissions['channel-view-specified']) {
+                  existingRoles[role].permissions['channel-view-specified'] = []
+                }
+                existingRoles[role].permissions['channel-view-specified'].push(channel.name)
+                existingRoles[role].permissions['client-view-all'] = true
+              })
+            }
+          }
+        })
+
+        // Create or update roles
+        for (const [roleName, roleData] of Object.entries(existingRoles)) {
           await RoleModel.findOneAndUpdate(
             { name: roleName },
-            roleData,
+            { name: roleName, permissions: roleData.permissions },
             { upsert: true, new: true }
-          );
-          logger.info(`Role ${roleName} created or updated`);
+          )
+          logger.info(`Role ${roleName} created or updated with permissions`)
         }
 
-        const users = await UserModel.find();
-
-        const userPromises = users.map(async (user) => {
-          let newGroup = 'manager';
-          if ((user.groups && user.groups.includes('admin')) || user.superUser) {
-            newGroup = 'admin';
-          }
-          // Update user's groups
-          user.groups = [newGroup];
-
-          return user.save();
-        });
-
-        await Promise.all(userPromises);
-
-        logger.info('Successfully updated user groups based on new role model');
-        resolve();
+        logger.info('Successfully updated roles')
+        resolve()
       } catch (err) {
-        logger.error(`Error updating user groups: ${err}`);
-        reject(err);
+        logger.error(`Error updating roles: ${err}`)
+        reject(err)
       }
-    });
+    })
   }
-});
+})
 
 if (process.env.NODE_ENV === 'test') {
   exports.upgradeFuncs = upgradeFuncs
@@ -346,8 +389,7 @@ async function upgradeDbInternal() {
     const dbVer =
       (await DbVersionModel.findOne()) ||
       new DbVersionModel({version: 0, lastUpdated: new Date()})
-    const upgradeFuncsToRun = upgradeFuncs.slice(dbVer.version)
-
+      const upgradeFuncsToRun = upgradeFuncs.slice(dbVer.version)
     for (const upgradeFunc of upgradeFuncsToRun) {
       await upgradeFunc.func()
       dbVer.version++
diff --git a/test/unit/upgradeDBTest.js b/test/unit/upgradeDBTest.js
@@ -14,9 +14,10 @@ import {
   PassportModel,
   UserModel,
   VisualizerModel,
-  RoleModel
+  RoleModel,
+  ChannelModel,
+  roles
 } from '../../src/model'
-
 describe('Upgrade DB Tests', () => {
   const originalUpgradeFuncs = [...upgradeDB.upgradeFuncs]
   upgradeDB.upgradeFuncs.length = 0
@@ -548,29 +549,29 @@ describe('Upgrade DB Tests', () => {
     })
   })
 
-  describe(`updateFunction4 - Create default roles with permissions and update user groups`, () => {
+  describe(`updateFunction4 - Create default roles with permissions`, () => {
     const upgradeFunc = originalUpgradeFuncs[4].func
 
     beforeEach(async () => {
       await RoleModel.deleteMany({})
-      await UserModel.deleteMany({})
+      await ChannelModel.deleteMany({})
     })
 
     afterEach(async () => {
       await RoleModel.deleteMany({})
-      await UserModel.deleteMany({})
+      await ChannelModel.deleteMany({})
     })
 
     it('should create default roles if they do not exist', async () => {
       await upgradeFunc()
 
-      const roles = await RoleModel.find()
-      roles.length.should.be.exactly(3)
+      const existingRoles = await RoleModel.find()
+      existingRoles.length.should.be.exactly(Object.keys(roles).length)
 
-      const roleNames = roles.map(r => r.name)
-      roleNames.should.containEql('manager')
-      roleNames.should.containEql('admin')
-      roleNames.should.containEql('operator')
+      const roleNames = existingRoles.map(r => r.name)
+      Object.keys(roles).forEach(roleName => {
+        roleNames.should.containEql(roleName)
+      })
     })
 
     it('should not create duplicate roles if they already exist', async () => {
@@ -579,123 +580,62 @@ describe('Upgrade DB Tests', () => {
       await upgradeFunc()
 
       const roles = await RoleModel.find()
-      roles.length.should.be.exactly(3)
+      roles.length.should.be.exactly(Object.keys(roles).length)
 
       const adminRoles = roles.filter(r => r.name === 'admin')
       adminRoles.length.should.be.exactly(1)
     })
 
     it('should set correct permissions for each role', async () => {
-      await upgradeFunc()
-
-      const managerRole = await RoleModel.findOne({name: 'manager'})
-      const adminRole = await RoleModel.findOne({name: 'admin'})
-      const operatorRole = await RoleModel.findOne({name: 'operator'})
-
-      // Helper function to check permissions
-      const checkPermissions = (role, expectedPermissions) => {
-        console.log(`Checking permissions for role: ${role.name}`)
-        Object.entries(expectedPermissions).forEach(([key, value]) => {
-          should(role.permissions[key]).equal(value)
-        })
-      }
-
-      // Admin role permissions
-      checkPermissions(adminRole, {
-        'channel-view-all': true,
-        'channel-manage-all': true,
-        'client-view-all': true,
-        'client-manage-all': true,
-        'transaction-view-all': true,
-        'transaction-view-body-all': true,
-        'transaction-rerun-all': true,
-        'user-view': true,
-        'user-manage': true,
-        'visualizer-manage': true,
-        'visualizer-view': true
-        // Add other admin permissions as needed
-      })
-
-      // Manager role permissions
-      checkPermissions(managerRole, {
-        'channel-view-all': true,
-        'channel-manage-all': true,
-        'client-view-all': true,
-        'client-manage-all': true,
-        'transaction-view-all': true,
-        'transaction-view-body-all': true,
-        'transaction-rerun-all': true,
-        'user-view': true,
-        'visualizer-manage': true,
-        'visualizer-view': true
-        // Add other manager permissions as needed
-      })
-
-      // Operator role permissions
-      checkPermissions(operatorRole, {
-        'channel-view-all': true,
-        'transaction-view-all': true,
-        'transaction-view-body-all': true,
-        'transaction-rerun-all': true
-        // Add other operator permissions as needed
-      })
-
-      // Check that operator doesn't have certain permissions
-      should(operatorRole.permissions['user-manage']).be.false()
-      should(operatorRole.permissions['client-manage-all']).be.false()
-    })
-
-    it('should update user groups to admin for superUsers', async () => {
-      const superUser = new UserModel({
-        email: 'super@test.org',
-        groups: ['admin'],
-        firstname: 'Super',
-        surname: 'User'
-      })
-      await superUser.save()
+      // Create test channels
+      const channel1 = await new ChannelModel({
+        name: 'Channel 1',
+        urlPattern: '/channel1',
+        allow: ['admin', 'manager'],
+        txViewAcl: ['admin'],
+        txRerunAcl: ['admin'],
+        txViewFullAcl: ['admin']
+      }).save()
+
+      const channel2 = await new ChannelModel({
+        name: 'Channel 2',
+        urlPattern: '/channel2',
+        allow: ['admin', 'manager', 'operator'],
+        txViewAcl: ['admin', 'manager', 'operator'],
+        txRerunAcl: ['admin'],
+        txViewFullAcl: ['admin']
+      }).save()
 
       await upgradeFunc()
 
-      const updatedUser = await UserModel.findOne({email: 'super@test.org'})
-      updatedUser.groups.should.eql(['admin'])
-    })
+      const createdRoles = await RoleModel.find()
+      
+      for (const role of createdRoles) {
+        should.exist(role)
 
-    it('should handle mixed user types correctly', async () => {
-      const users = [
-        new UserModel({
-          email: 'regular@test.org',
-          groups: ['user'],
-          firstname: 'Regular',
-          surname: 'User'
-        }),
-        new UserModel({
-          email: 'admin@test.org',
-          groups: ['user', 'admin'],
-          firstname: 'Admin',
-          surname: 'User'
-        }),
-        new UserModel({
-          email: 'super@test.org',
-          groups: ['admin'],
-          firstname: 'Super',
-          surname: 'User'
-        }),
-        new UserModel({
-          email: 'another@test.org',
-          groups: ['operator'],
-          firstname: 'Another',
-          surname: 'User'
-        })
-      ]
-      await Promise.all(users.map(user => user.save()))
-
-      await upgradeFunc()
+        // Check default permissions
+        if (roles[role.name]) {
+          Object.entries(roles[role.name].permissions).forEach(([key, value]) => {
+            should(role.permissions[key]).eql(value)
+          })
+        }
 
-      const updatedUsers = await UserModel.find().sort('email')
-      updatedUsers[0].groups.should.eql(['admin']) // admin@test.org
-      updatedUsers[1].groups.should.eql(['manager']) // another@test.org
-      updatedUsers[2].groups.should.eql(['manager']) // regular@test.org
-      updatedUsers[3].groups.should.eql(['admin']) // super@test.org
+        // Check channel-specific permissions
+        if (role.name === 'admin') {
+          role.permissions['transaction-view-specified'].should.containEql('Channel 1')
+          role.permissions['transaction-view-specified'].should.containEql('Channel 2')
+          role.permissions['transaction-rerun-specified'].should.containEql('Channel 1')
+          role.permissions['transaction-rerun-specified'].should.containEql('Channel 2')
+          role.permissions['transaction-view-body-specified'].should.containEql('Channel 1')
+          role.permissions['transaction-view-body-specified'].should.containEql('Channel 2')
+        } else if (role.name === 'manager') {
+          role.permissions['transaction-view-specified'].should.not.containEql('Channel 1')
+          role.permissions['transaction-view-specified'].should.containEql('Channel 2')
+        } else if (role.name === 'operator') {
+          role.permissions['transaction-view-specified'].should.not.containEql('Channel 1')
+          role.permissions['transaction-view-specified'].should.containEql('Channel 2')
+        }
+      }
     })
   })
 })
