From af859cd5151c20709fc678c4cbed0f6f2e87fdd5 Mon Sep 17 00:00:00 2001
From: Aditya Thebe <contact@adityathebe.com>
Date: Tue, 29 Oct 2024 16:37:10 +0545
Subject: [PATCH] feat: add tags & agents to permissions table

[skip ci]
---
 models/permission.go   | 10 ++++++++++
 schema/permissions.hcl | 12 ++++++++++++
 2 files changed, 22 insertions(+)

diff --git a/models/permission.go b/models/permission.go
index 0bc4ffa9..8cfad08f 100644
--- a/models/permission.go
+++ b/models/permission.go
@@ -5,12 +5,15 @@ import (
 	"strings"
 	"time"
 
+	"github.com/flanksource/duty/types"
 	"github.com/google/uuid"
+	"github.com/lib/pq"
 )
 
 type Permission struct {
 	ID           uuid.UUID  `json:"id" gorm:"default:generate_ulid()"`
 	Action       string     `json:"action"`
+	Object       string     `json:"object"`
 	ConnectionID *uuid.UUID `json:"connection_id,omitempty"`
 	CanaryID     *uuid.UUID `json:"canary_id,omitempty"`
 	ComponentID  *uuid.UUID `json:"component_id,omitempty"`
@@ -22,9 +25,16 @@ type Permission struct {
 	PersonID     *uuid.UUID `json:"person_id,omitempty"`
 	PlaybookID   *uuid.UUID `json:"playbook_id,omitempty"`
 	TeamID       *uuid.UUID `json:"team_id,omitempty"`
+	Source       string     `json:"source"`
 	Until        *time.Time `json:"until"`
 	UpdatedAt    *time.Time `json:"updated_at"`
 	UpdatedBy    *uuid.UUID `json:"updated_by"`
+
+	// List of agent ids whose configs/components are accessible to a person when RLS is enabled
+	Agents pq.StringArray `json:"agents,omitempty"`
+
+	// List of config/component tags a person is allowed access to when RLS is enabled
+	Tags types.JSONStringMap `json:"tags,omitempty"`
 }
 
 func (t *Permission) Principal() string {
diff --git a/schema/permissions.hcl b/schema/permissions.hcl
index 2e92f88d..cb479937 100644
--- a/schema/permissions.hcl
+++ b/schema/permissions.hcl
@@ -90,6 +90,18 @@ table "permissions" {
     type = timestamptz
   }
 
+  column "agents" {
+    null = true
+    type = jsonb
+    comment = "a list of agent ids a user is allowed to access when row-level security is enabled"
+  }
+
+  column "tags" {
+    null = true
+    type = jsonb
+    comment = "a list of tags a user is allowed to access when row-level security is enabled"
+  }
+
   primary_key {
     columns = [column.id]
   }