Skip to content

Add models for customizable roles

Imre Farkas requested to merge if-364128-models_for_customizable_roles into master

What does this MR do and why?

Adds new Role model. The goal is to support a more dynamic permission model than our current fixed roles (eg. maintainer, reporter, etc). These roles can be defined at the root group level (hence the attribute namespace_id), and can be used throughout the group hierarchy via our existing Member model. (Because of this Member#source can be different from Role#namespace.)

The model will contain configurable permissions. Each role is based on one of our fixed roles (hence the attribute base_access_level), but certain permissions can be overridden. For now, this MR adds download_code permission.

Related to #364128 (closed).

Screenshots or screen recordings

These are strongly recommended to assist reviewers and reduce the time to merge your change.

Migration output

up

$ rake db:migrate                                                                                                                                                                                               
main: == 20220707181910 CreateRoles: migrating ======================================
main: -- create_table(:roles, {})
main:    -> 0.0071s
main: == 20220707181910 CreateRoles: migrated (0.0076s) =============================

main: == 20220707181920 AddRoleIdToMembers: migrating ===============================
main: -- column_exists?(:members, :role_id)
main:    -> 0.0042s
main: -- add_column(:members, :role_id, :bigint)
main:    -> 0.0006s
main: == 20220707181920 AddRoleIdToMembers: migrated (0.0049s) ======================

main: == 20220707181930 AddRolesRelationToMembers: migrating ========================
main: -- transaction_open?()
main:    -> 0.0000s
main: -- index_exists?(:members, :role_id, {:name=>"index_members_on_role_id", :algorithm=>:concurrently})
main:    -> 0.0092s
main: -- execute("SET statement_timeout TO 0")
main:    -> 0.0003s
main: -- add_index(:members, :role_id, {:name=>"index_members_on_role_id", :algorithm=>:concurrently})
main:    -> 0.0014s
main: -- execute("RESET statement_timeout")
main:    -> 0.0003s
main: -- transaction_open?()
main:    -> 0.0000s
main: -- foreign_keys(:members)
main:    -> 0.0025s
main: -- transaction_open?()
main:    -> 0.0000s
main: -- execute("ALTER TABLE members\nADD CONSTRAINT fk_ba7343b1aa\nFOREIGN KEY (role_id)\nREFERENCES roles (id)\nON DELETE CASCADE\nNOT VALID;\n")
main:    -> 0.0006s
main: -- execute("ALTER TABLE members VALIDATE CONSTRAINT fk_ba7343b1aa;")
main:    -> 0.0009s
main: == 20220707181930 AddRolesRelationToMembers: migrated (0.0227s) ===============

down

$ rake db:migrate:down:main VERSION=20220707181930                                                                                                                                                               
main: == 20220707181930 AddRolesRelationToMembers: reverting ========================
main: -- transaction_open?()
main:    -> 0.0000s
main: -- remove_foreign_key(:members, {:column=>:role_id})
main:    -> 0.0044s
main: -- transaction_open?()
main:    -> 0.0000s
main: -- indexes(:members)
main:    -> 0.0077s
main: -- execute("SET statement_timeout TO 0")
main:    -> 0.0002s
main: -- remove_index(:members, {:algorithm=>:concurrently, :name=>"index_members_on_role_id"})
main:    -> 0.0008s
main: -- execute("RESET statement_timeout")
main:    -> 0.0002s
main: == 20220707181930 AddRolesRelationToMembers: reverted (0.0228s) ===============

$ rake db:migrate:down:main VERSION=20220707181920                                                                                                                                                              
main: == 20220707181920 AddRoleIdToMembers: reverting ===============================
main: -- column_exists?(:members, :role_id)
main:    -> 0.0036s
main: -- remove_column(:members, :role_id)
main:    -> 0.0005s
main: == 20220707181920 AddRoleIdToMembers: reverted (0.0045s) ======================

$  rake db:migrate:down:main VERSION=20220707181910                                                                                                                                                              
main: == 20220707181910 CreateRoles: reverting ======================================
main: -- drop_table(:roles, {})
main:    -> 0.0020s
main: == 20220707181910 CreateRoles: reverted (0.0032s) =============================

How to set up and validate locally

Numbered steps to set up and validate the change are strongly suggested.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Imre Farkas

Merge request reports

Loading