chore: create Reader project role #11178
Open
+62
−4
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
The latest updates on your projects. Learn more about Vercel for GitHub. 1 Skipped Deployment
|
Contributor
Dependency Review✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.Scanned FilesNone |
Contributor
API Changelog 7.4.0 vs. 7.4.0GET /api/admin/projects/{projectId}/context
POST /api/admin/projects/{projectId}/context
POST /api/admin/projects/{projectId}/context/validate
DELETE /api/admin/projects/{projectId}/context/{contextField}
GET /api/admin/projects/{projectId}/context/{contextField}
PUT /api/admin/projects/{projectId}/context/{contextField}
POST /api/admin/projects/{projectId}/context/{contextField}/legal-values
DELETE /api/admin/projects/{projectId}/context/{contextField}/legal-values/{legalValue}
GET /api/admin/projects/{projectId}/context/{contextField}/strategies
POST /api/admin/user-admin
PUT /api/admin/user-admin/{id}
|
| VIEWER = 'Viewer', | ||
| OWNER = 'Owner', | ||
| MEMBER = 'Member', | ||
| READER = 'Reader', |
Contributor
There was a problem hiding this comment.
If you relaxed the constraint, can't you use "Viewer"? I'm ok with reader as well, just asking
Member
Author
There was a problem hiding this comment.
We can, but it felt like we should use a unique name if possible just to prevent confusion between predefined root and project roles.
| INSERT INTO roles (name, description, type) | ||
| VALUES ('Reader', 'Users with the project reader role have read-only access to the project and cannot make changes.', 'project') | ||
| ON CONFLICT (name, type) DO NOTHING; |
Contributor
There was a problem hiding this comment.
Should the migration fail on conflict? Otherwise, we may end up in an invalid state
Member
Author
There was a problem hiding this comment.
My reasoning is that, if the role is already there, we don't really care and should proceed.
src/migrations/20251218153722-predefined-project-role-reader.js
Outdated
Show resolved
Hide resolved
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
https://linear.app/unleash/issue/2-4100/create-reader-project-role
Adds a new Reader predefined project role.
We will need this to solve the issue where read only users should have explicit read only access to private projects, since in order to have access to private projects, you need a project role. Reader is a role with no permissions, so it still matches our RO business rules and allow you to qualify as a RO user, while allowing you to add that user to private projects.
Since we had a unique constraint on the role name, and it's possible that customer instances have a custom role called "Reader", I dropped that unique constraint and instead added a unique constraint on name + type. That way you only need to have unique names if they have the same type.