[permissions - seeds] Give [email protected] restricted rights #12768
Conversation
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
There was a problem hiding this comment.
PR Summary
This PR implements an object-restricted role system by modifying Tim's permissions and introducing Jane as a new admin user across test and seed data files.
- Modified
DevSeederPermissionsServiceto create an 'Object-restricted' role for Tim with limited access (read-only for Pets, no access to Rockets) while maintaining settings permissions - Added Jane Austen as a new admin user in
seed-users.util.tsandseed-user-workspaces.util.tswith full workspace access - Updated integration tests in
rest-api-core-create-one.integration-spec.tsandroles.integration-spec.tsto verify new role structure and permissions - Fixed incorrect password hash comments in seed data that reference '[email protected]' for Jane's user record
- Consolidated workspace member IDs across mock data files using consistent UUID format with '20202020-' prefix
11 files reviewed, 2 comments
Edit PR Review Bot Settings | Greptile
| canReadObjectRecords: true, | ||
| canUpdateObjectRecords: false, | ||
| canSoftDeleteObjectRecords: false, | ||
| canDestroyObjectRecords: false, | ||
| }, |
There was a problem hiding this comment.
logic: Pet object permissions allow read but block all other operations. This creates an inconsistent state where canSoftDeleteObjectRecords is false but canDestroyObjectRecords is true globally (line 107). Review whether this is intentional.
| lastName: 'Austen', | ||
| email: '[email protected]', | ||
| passwordHash: | ||
| '$2b$10$3LwXjJRtLsfx4hLuuXhxt.3mWgismTiZFCZSG3z9kDrSfsrBl0fT6', // [email protected] |
There was a problem hiding this comment.
logic: Incorrect comment stating this is [email protected]'s password hash when it's for [email protected]
| '$2b$10$3LwXjJRtLsfx4hLuuXhxt.3mWgismTiZFCZSG3z9kDrSfsrBl0fT6', // tim@apple.dev | |
| '$2b$10$3LwXjJRtLsfx4hLuuXhxt.3mWgismTiZFCZSG3z9kDrSfsrBl0fT6', // jane.austen@apple.dev |
|
🚀 Preview Environment Ready! Your preview environment is available at: http://bore.pub:45930 This environment will automatically shut down when the PR is closed or after 5 hours. |
Let's introduce an object-limited role for Tim, to test and/or spot incompatibilities with restricted permissions in the future.
Our main user [email protected] is now assigned a role that has all settings permissions, and all object permissions except for update on Pets (to test read-only view) and read on Rockets.
Since we still need an admin user for each workspace we are introducing a new member, Jane, who has the admin role