feat: add tags & agents to permissions table

[skip ci]
flanksource · Nov 8, 2024 · af859cd · af859cd
1 parent a0f50b6
commit af859cd
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 0 deletions.
diff --git a/models/permission.go b/models/permission.go
@@ -5,12 +5,15 @@ import (
 	"strings"
 	"time"
 
+	"github.com/flanksource/duty/types"
 	"github.com/google/uuid"
+	"github.com/lib/pq"
 )
 
 type Permission struct {
 	ID           uuid.UUID  `json:"id" gorm:"default:generate_ulid()"`
 	Action       string     `json:"action"`
+	Object       string     `json:"object"`
 	ConnectionID *uuid.UUID `json:"connection_id,omitempty"`
 	CanaryID     *uuid.UUID `json:"canary_id,omitempty"`
 	ComponentID  *uuid.UUID `json:"component_id,omitempty"`
@@ -22,9 +25,16 @@ type Permission struct {
 	PersonID     *uuid.UUID `json:"person_id,omitempty"`
 	PlaybookID   *uuid.UUID `json:"playbook_id,omitempty"`
 	TeamID       *uuid.UUID `json:"team_id,omitempty"`
+	Source       string     `json:"source"`
 	Until        *time.Time `json:"until"`
 	UpdatedAt    *time.Time `json:"updated_at"`
 	UpdatedBy    *uuid.UUID `json:"updated_by"`
+
+	// List of agent ids whose configs/components are accessible to a person when RLS is enabled
+	Agents pq.StringArray `json:"agents,omitempty"`
+
+	// List of config/component tags a person is allowed access to when RLS is enabled
+	Tags types.JSONStringMap `json:"tags,omitempty"`
 }
 
 func (t *Permission) Principal() string {

diff --git a/schema/permissions.hcl b/schema/permissions.hcl
@@ -90,6 +90,18 @@ table "permissions" {
     type = timestamptz
   }
 
+  column "agents" {
+    null = true
+    type = jsonb
+    comment = "a list of agent ids a user is allowed to access when row-level security is enabled"
+  }
+
+  column "tags" {
+    null = true
+    type = jsonb
+    comment = "a list of tags a user is allowed to access when row-level security is enabled"
+  }
+
   primary_key {
     columns = [column.id]
   }