diff options
| author | Eugen Rochko <eugen@zeonfederated.com> | 2022-07-05 02:41:40 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-07-05 02:41:40 +0200 |
| commit | 44b2ee3485ba0845e5910cefcb4b1e2f84f34470 (patch) | |
| tree | cc91189c9b36aaf0a04d339455c6d238992753a9 /db | |
| parent | 1b4054256f9d3302b44f71627a23bb0902578867 (diff) | |
Add customizable user roles (#18641)
* Add customizable user roles * Various fixes and improvements * Add migration for old settings and fix tootctl role management
Diffstat (limited to 'db')
| -rw-r--r-- | db/migrate/20220611210335_create_user_roles.rb | 13 | ||||
| -rw-r--r-- | db/migrate/20220611212541_add_role_id_to_users.rb | 8 | ||||
| -rw-r--r-- | db/post_migrate/20220617202502_migrate_roles.rb | 26 | ||||
| -rw-r--r-- | db/post_migrate/20220704024901_migrate_settings_to_user_roles.rb | 41 | ||||
| -rw-r--r-- | db/schema.rb | 15 | ||||
| -rw-r--r-- | db/seeds.rb | 12 | ||||
| -rw-r--r-- | db/seeds/01_web_app.rb | 1 | ||||
| -rw-r--r-- | db/seeds/02_instance_actor.rb | 1 | ||||
| -rw-r--r-- | db/seeds/03_roles.rb | 9 | ||||
| -rw-r--r-- | db/seeds/04_admin.rb | 8 |
10 files changed, 124 insertions, 10 deletions
diff --git a/db/migrate/20220611210335_create_user_roles.rb b/db/migrate/20220611210335_create_user_roles.rb new file mode 100644 index 000000000..6b7f2b637 --- /dev/null +++ b/db/migrate/20220611210335_create_user_roles.rb @@ -0,0 +1,13 @@ +class CreateUserRoles < ActiveRecord::Migration[6.1] + def change + create_table :user_roles do |t| + t.string :name, null: false, default: '' + t.string :color, null: false, default: '' + t.integer :position, null: false, default: 0 + t.bigint :permissions, null: false, default: 0 + t.boolean :highlighted, null: false, default: false + + t.timestamps + end + end +end diff --git a/db/migrate/20220611212541_add_role_id_to_users.rb b/db/migrate/20220611212541_add_role_id_to_users.rb new file mode 100644 index 000000000..2fda647d4 --- /dev/null +++ b/db/migrate/20220611212541_add_role_id_to_users.rb @@ -0,0 +1,8 @@ +class AddRoleIdToUsers < ActiveRecord::Migration[6.1] + disable_ddl_transaction! + + def change + safety_assured { add_reference :users, :role, foreign_key: { to_table: 'user_roles', on_delete: :nullify }, index: false } + add_index :users, :role_id, algorithm: :concurrently, where: 'role_id IS NOT NULL' + end +end diff --git a/db/post_migrate/20220617202502_migrate_roles.rb b/db/post_migrate/20220617202502_migrate_roles.rb new file mode 100644 index 000000000..b7a7b2201 --- /dev/null +++ b/db/post_migrate/20220617202502_migrate_roles.rb @@ -0,0 +1,26 @@ +# frozen_string_literal: true + +class MigrateRoles < ActiveRecord::Migration[5.2] + disable_ddl_transaction! + + class UserRole < ApplicationRecord; end + class User < ApplicationRecord; end + + def up + load Rails.root.join('db', 'seeds', '03_roles.rb') + + admin_role = UserRole.find_by(name: 'Admin') + moderator_role = UserRole.find_by(name: 'Moderator') + + User.where(admin: true).in_batches.update_all(role_id: admin_role.id) + User.where(moderator: true).in_batches.update_all(role_id: moderator_role.id) + end + + def down + admin_role = UserRole.find_by(name: 'Admin') + moderator_role = UserRole.find_by(name: 'Moderator') + + User.where(role_id: admin_role.id).in_batches.update_all(admin: true) if admin_role + User.where(role_id: moderator_role.id).in_batches.update_all(moderator: true) if moderator_role + end +end diff --git a/db/post_migrate/20220704024901_migrate_settings_to_user_roles.rb b/db/post_migrate/20220704024901_migrate_settings_to_user_roles.rb new file mode 100644 index 000000000..254690cc3 --- /dev/null +++ b/db/post_migrate/20220704024901_migrate_settings_to_user_roles.rb @@ -0,0 +1,41 @@ +# frozen_string_literal: true + +class MigrateSettingsToUserRoles < ActiveRecord::Migration[6.1] + disable_ddl_transaction! + + class UserRole < ApplicationRecord; end + + def up + owner_role = UserRole.find_by(name: 'Owner') + admin_role = UserRole.find_by(name: 'Admin') + moderator_role = UserRole.find_by(name: 'Moderator') + everyone_role = UserRole.find_by(id: -99) + + min_invite_role = Setting.min_invite_role + show_staff_badge = Setting.show_staff_badge + + if everyone_role + everyone_role.permissions &= ~::UserRole::FLAGS[:invite_users] unless min_invite_role == 'user' + everyone_role.save + end + + if owner_role + owner_role.highlighted = show_staff_badge + owner_role.save + end + + if admin_role + admin_role.permissions |= ::UserRole::FLAGS[:invite_users] if %w(admin moderator).include?(min_invite_role) + admin_role.highlighted = show_staff_badge + admin_role.save + end + + if moderator_role + moderator_role.permissions |= ::UserRole::FLAGS[:invite_users] if %w(moderator).include?(min_invite_role) + moderator_role.highlighted = show_staff_badge + moderator_role.save + end + end + + def down; end +end diff --git a/db/schema.rb b/db/schema.rb index 759dc712b..54966ef64 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -10,7 +10,7 @@ # # It's strongly recommended that you check this file into your version control system. -ActiveRecord::Schema.define(version: 2022_06_13_110903) do +ActiveRecord::Schema.define(version: 2022_07_04_024901) do # These are extensions that must be enabled in order to support this database enable_extension "plpgsql" @@ -968,6 +968,16 @@ ActiveRecord::Schema.define(version: 2022_06_13_110903) do t.index ["user_id"], name: "index_user_invite_requests_on_user_id" end + create_table "user_roles", force: :cascade do |t| + t.string "name", default: "", null: false + t.string "color", default: "", null: false + t.integer "position", default: 0, null: false + t.bigint "permissions", default: 0, null: false + t.boolean "highlighted", default: false, null: false + t.datetime "created_at", precision: 6, null: false + t.datetime "updated_at", precision: 6, null: false + end + create_table "users", force: :cascade do |t| t.string "email", default: "", null: false t.datetime "created_at", null: false @@ -1003,11 +1013,13 @@ ActiveRecord::Schema.define(version: 2022_06_13_110903) do t.string "webauthn_id" t.inet "sign_up_ip" t.boolean "skip_sign_in_token" + t.bigint "role_id" t.index ["account_id"], name: "index_users_on_account_id" t.index ["confirmation_token"], name: "index_users_on_confirmation_token", unique: true t.index ["created_by_application_id"], name: "index_users_on_created_by_application_id", where: "(created_by_application_id IS NOT NULL)" t.index ["email"], name: "index_users_on_email", unique: true t.index ["reset_password_token"], name: "index_users_on_reset_password_token", unique: true, opclass: :text_pattern_ops, where: "(reset_password_token IS NOT NULL)" + t.index ["role_id"], name: "index_users_on_role_id", where: "(role_id IS NOT NULL)" end create_table "web_push_subscriptions", force: :cascade do |t| @@ -1159,6 +1171,7 @@ ActiveRecord::Schema.define(version: 2022_06_13_110903) do add_foreign_key "users", "accounts", name: "fk_50500f500d", on_delete: :cascade add_foreign_key "users", "invites", on_delete: :nullify add_foreign_key "users", "oauth_applications", column: "created_by_application_id", on_delete: :nullify + add_foreign_key "users", "user_roles", column: "role_id", on_delete: :nullify add_foreign_key "web_push_subscriptions", "oauth_access_tokens", column: "access_token_id", on_delete: :cascade add_foreign_key "web_push_subscriptions", "users", on_delete: :cascade add_foreign_key "web_settings", "users", name: "fk_11910667b2", on_delete: :cascade diff --git a/db/seeds.rb b/db/seeds.rb index 0bfb5d0db..1ca300de7 100644 --- a/db/seeds.rb +++ b/db/seeds.rb @@ -1,11 +1,5 @@ -Doorkeeper::Application.create!(name: 'Web', superapp: true, redirect_uri: Doorkeeper.configuration.native_redirect_uri, scopes: 'read write follow push') +# frozen_string_literal: true -domain = ENV['LOCAL_DOMAIN'] || Rails.configuration.x.local_domain -account = Account.find_or_initialize_by(id: -99, actor_type: 'Application', locked: true, username: domain) -account.save! - -if Rails.env.development? - admin = Account.where(username: 'admin').first_or_initialize(username: 'admin') - admin.save(validate: false) - User.where(email: "admin@#{domain}").first_or_initialize(email: "admin@#{domain}", password: 'mastodonadmin', password_confirmation: 'mastodonadmin', confirmed_at: Time.now.utc, admin: true, account: admin, agreement: true, approved: true).save! +Dir[Rails.root.join('db', 'seeds', '*.rb')].sort.each do |seed| + load seed end diff --git a/db/seeds/01_web_app.rb b/db/seeds/01_web_app.rb new file mode 100644 index 000000000..a457a883b --- /dev/null +++ b/db/seeds/01_web_app.rb @@ -0,0 +1 @@ +Doorkeeper::Application.create_with(name: 'Web', redirect_uri: Doorkeeper.configuration.native_redirect_uri, scopes: 'read write follow push').find_or_create_by(superapp: true) diff --git a/db/seeds/02_instance_actor.rb b/db/seeds/02_instance_actor.rb new file mode 100644 index 000000000..39186b273 --- /dev/null +++ b/db/seeds/02_instance_actor.rb @@ -0,0 +1 @@ +Account.create_with(actor_type: 'Application', locked: true, username: ENV['LOCAL_DOMAIN'] || Rails.configuration.x.local_domain).find_or_create_by(id: -99) diff --git a/db/seeds/03_roles.rb b/db/seeds/03_roles.rb new file mode 100644 index 000000000..7fedf0f71 --- /dev/null +++ b/db/seeds/03_roles.rb @@ -0,0 +1,9 @@ +# Pre-create base role +UserRole.everyone + +# Create default roles defined in config file +default_roles = YAML.load_file(Rails.root.join('config', 'roles.yml')) + +default_roles.each do |_, config| + UserRole.create_with(position: config['position'], permissions_as_keys: config['permissions'], highlighted: true).find_or_create_by(name: config['name']) +end diff --git a/db/seeds/04_admin.rb b/db/seeds/04_admin.rb new file mode 100644 index 000000000..a67040e4e --- /dev/null +++ b/db/seeds/04_admin.rb @@ -0,0 +1,8 @@ +if Rails.env.development? + domain = ENV['LOCAL_DOMAIN'] || Rails.configuration.x.local_domain + + admin = Account.where(username: 'admin').first_or_initialize(username: 'admin') + admin.save(validate: false) + + User.where(email: "admin@#{domain}").first_or_initialize(email: "admin@#{domain}", password: 'mastodonadmin', password_confirmation: 'mastodonadmin', confirmed_at: Time.now.utc, role: UserRole.find_by(name: 'Owner'), account: admin, agreement: true, approved: true).save! +end |