fix(services): default permissions for providers existing before migration 0020 (#1072)

* Set default permissions for providers existing before migration 0020

* Sqlfluff

* Add default roles to migration test data

* Add all default data to migration0015 snapshot

* Sqlfluff

* Use role IDs from Role struct

* Replace migration 0015 with test-only snapshot creation

* Fix tests

---------

Co-authored-by: Johannes Drönner <[email protected]>

Author: dbrandenstein

services/src/contexts/migrations/current_schema.rs

@@ -2,6 +2,7 @@ use super::{
     all_migrations,
     database_migration::{DatabaseVersion, Migration},
 };
+use crate::permissions::Role;
 use crate::{
     error::Result,
     layers::{
@@ -11,11 +12,6 @@ use crate::{
 use async_trait::async_trait;
 use pwhash::bcrypt;
 use tokio_postgres::Transaction;
-use uuid::Uuid;
-
-const ADMIN_ROLE_ID: Uuid = Uuid::from_u128(0xd532_8854_6190_4af9_ad69_4e74_b096_1ac9);
-const REGISTERED_USER_ROLE_ID: Uuid = Uuid::from_u128(0x4e80_81b6_8aa6_4275_af0c_2fa2_da55_7d28);
-const ANONYMOUS_USER_ROLE_ID: Uuid = Uuid::from_u128(0xfd8e_87bf_515c_4f36_8da6_1a53_702f_f102);
 
 const ADMIN_QUOTA: i64 = 9_223_372_036_854_775_807; // max postgres `bigint` value
 
@@ -131,9 +127,9 @@ impl CurrentSchemaMigration {
                 ;
                 ",
             &[
-                &ADMIN_ROLE_ID,
-                &REGISTERED_USER_ROLE_ID,
-                &ANONYMOUS_USER_ROLE_ID,
+                &Role::admin_role_id().0,
+                &Role::registered_user_role_id().0,
+                &Role::anonymous_role_id().0,
             ],
         )
         .await?;
@@ -157,7 +153,7 @@ impl CurrentSchemaMigration {
                 );
                 ",
             &[
-                &ADMIN_ROLE_ID,
+                &Role::admin_role_id().0,
                 &user_config.admin_email,
                 &bcrypt::hash(user_config.admin_password)
                     .expect("Admin password hash should be valid"),
@@ -176,7 +172,7 @@ impl CurrentSchemaMigration {
                     $1
                 );
                 ",
-            &[&ADMIN_ROLE_ID],
+            &[&Role::admin_role_id().0],
         )
         .await?;
 
@@ -194,9 +190,9 @@ impl CurrentSchemaMigration {
                     ;
                     ",
             &[
-                &ADMIN_ROLE_ID,
-                &REGISTERED_USER_ROLE_ID,
-                &ANONYMOUS_USER_ROLE_ID,
+                &Role::admin_role_id().0,
+                &Role::registered_user_role_id().0,
+                &Role::anonymous_role_id().0,
                 &INTERNAL_LAYER_DB_ROOT_COLLECTION_ID,
                 &UNSORTED_COLLECTION_ID,
             ],

services/src/contexts/migrations/database_migration.rs

@@ -189,14 +189,14 @@ where
 }
 
 #[cfg(test)]
-mod tests {
+pub mod tests {
     use super::*;
     use crate::{
         config::get_config_element,
         contexts::PostgresDb,
         contexts::{
             SessionId,
-            migrations::{CurrentSchemaMigration, Migration0015LogQuota, all_migrations},
+            migrations::{CurrentSchemaMigration, all_migrations},
         },
         permissions::RoleId,
         projects::{ProjectDb, ProjectListOptions},
@@ -208,6 +208,22 @@ mod tests {
     use geoengine_datatypes::{primitives::DateTime, test_data};
     use tokio_postgres::NoTls;
 
+    pub async fn create_migration_0015_snapshot<Tls>(
+        connection: &mut PooledConnection<'_, PostgresConnectionManager<Tls>>,
+    ) -> Result<()>
+    where
+        Tls: MakeTlsConnect<Socket> + Clone + Send + Sync + 'static,
+        <Tls as MakeTlsConnect<Socket>>::Stream: Send + Sync,
+        <Tls as MakeTlsConnect<Socket>>::TlsConnect: Send,
+        <<Tls as MakeTlsConnect<Socket>>::TlsConnect as TlsConnect<Socket>>::Future: Send,
+    {
+        connection
+            .batch_execute(include_str!("migration_0015_snapshot.sql"))
+            .await?;
+
+        Ok(())
+    }
+
     #[tokio::test]
     #[serial_test::parallel]
     async fn it_migrates() -> Result<()> {
@@ -216,7 +232,7 @@ mod tests {
         #[async_trait]
         impl Migration for TestMigration {
             fn prev_version(&self) -> Option<DatabaseVersion> {
-                Some(Migration0015LogQuota.version())
+                Some("0015_log_quota".to_string())
             }
 
             fn version(&self) -> DatabaseVersion {
@@ -256,11 +272,8 @@ mod tests {
             }
         }
 
-        let migrations: Vec<Box<dyn Migration>> = vec![
-            Box::new(Migration0015LogQuota),
-            Box::new(TestMigration),
-            Box::new(FollowUpMigration),
-        ];
+        let migrations: Vec<Box<dyn Migration>> =
+            vec![Box::new(TestMigration), Box::new(FollowUpMigration)];
 
         let postgres_config = get_config_element::<crate::config::Postgres>()?;
         let db_config = DatabaseConnectionConfig::from(postgres_config);
@@ -270,6 +283,8 @@ mod tests {
 
         let mut conn = pool.get().await?;
 
+        create_migration_0015_snapshot(&mut conn).await?;
+
         migrate_database(&mut conn, &migrations).await?;
 
         let stmt = conn.prepare("SELECT * FROM mock;").await?;
@@ -296,6 +311,8 @@ mod tests {
 
         let mut conn = pool.get().await?;
 
+        create_migration_0015_snapshot(&mut conn).await?;
+
         migrate_database(&mut conn, &all_migrations()).await?;
 
         Ok(())
@@ -338,7 +355,7 @@ mod tests {
         let mut conn = pool.get().await?;
 
         // initial schema
-        migrate_database(&mut conn, &all_migrations()[0..1]).await?;
+        create_migration_0015_snapshot(&mut conn).await?;
 
         // insert test data on initial schema
         let test_data_sql = std::fs::read_to_string(test_data!("migrations/test_data.sql"))?;

services/src/contexts/migrations/migration_0015_log_quota.rs

@@ -1180,3 +1180,113 @@ CREATE TABLE quota_log (
 );
 
 CREATE INDEX ON quota_log (user_id, timestamp, computation_id);
+
+
+-- Data
+
+INSERT INTO geoengine (clear_database_on_start, database_version) VALUES (
+    FALSE, '0015_log_quota'
+);
+
+INSERT INTO layer_collections (
+    id,
+    name,
+    description,
+    properties
+)
+VALUES (
+    '05102bb3-a855-4a37-8a8a-30026a91fef1',
+    'Layers',
+    'All available Geo Engine layers',
+    ARRAY[]::"PropertyType" []
+);
+
+INSERT INTO layer_collections (
+    id,
+    name,
+    description,
+    properties
+)
+VALUES (
+    'ffb2dd9e-f5ad-427c-b7f1-c9a0c7a0ae3f',
+    'Unsorted',
+    'Unsorted Layers',
+    ARRAY[]::"PropertyType" []
+);
+
+INSERT INTO collection_children (
+    parent,
+    child
+)
+VALUES (
+    '05102bb3-a855-4a37-8a8a-30026a91fef1',
+    'ffb2dd9e-f5ad-427c-b7f1-c9a0c7a0ae3f'
+);
+
+INSERT INTO roles (id, name)
+VALUES ('d5328854-6190-4af9-ad69-4e74b0961ac9', 'admin'),
+('4e8081b6-8aa6-4275-af0c-2fa2da557d28', 'user'),
+(
+    'fd8e87bf-515c-4f36-8da6-1a53702ff102',
+    'anonymous'
+);
+
+
+INSERT INTO users (
+    id,
+    email,
+    password_hash,
+    real_name,
+    quota_available,
+    active
+)
+VALUES (
+    'd5328854-6190-4af9-ad69-4e74b0961ac9',
+    'admin@localhost',
+    '$2a$12$leX8lZRDZS6JDf/6m.0QU.xBpAglyTZyAzMcgGF5swFd1CBHn1eHC',
+    'admin',
+    9223372036854775807,
+    TRUE
+);
+
+INSERT INTO user_roles (
+    user_id,
+    role_id
+)
+VALUES (
+    'd5328854-6190-4af9-ad69-4e74b0961ac9',
+    'd5328854-6190-4af9-ad69-4e74b0961ac9'
+);
+
+INSERT INTO permissions
+(role_id, layer_collection_id, permission)
+VALUES (
+    'd5328854-6190-4af9-ad69-4e74b0961ac9',
+    '05102bb3-a855-4a37-8a8a-30026a91fef1',
+    'Owner'
+),
+(
+    '4e8081b6-8aa6-4275-af0c-2fa2da557d28',
+    '05102bb3-a855-4a37-8a8a-30026a91fef1',
+    'Read'
+),
+(
+    'fd8e87bf-515c-4f36-8da6-1a53702ff102',
+    '05102bb3-a855-4a37-8a8a-30026a91fef1',
+    'Read'
+),
+(
+    'd5328854-6190-4af9-ad69-4e74b0961ac9',
+    'ffb2dd9e-f5ad-427c-b7f1-c9a0c7a0ae3f',
+    'Owner'
+),
+(
+    '4e8081b6-8aa6-4275-af0c-2fa2da557d28',
+    'ffb2dd9e-f5ad-427c-b7f1-c9a0c7a0ae3f',
+    'Read'
+),
+(
+    'fd8e87bf-515c-4f36-8da6-1a53702ff102',
+    'ffb2dd9e-f5ad-427c-b7f1-c9a0c7a0ae3f',
+    'Read'
+);

services/src/contexts/migrations/migration_0015_snapshot.sql

@@ -1,7 +1,4 @@
-use super::{
-    Migration0015LogQuota,
-    database_migration::{DatabaseVersion, Migration},
-};
+use super::database_migration::{DatabaseVersion, Migration};
 use crate::error::Result;
 use async_trait::async_trait;
 use tokio_postgres::Transaction;
@@ -12,7 +9,7 @@ pub struct Migration0016MergeProviders;
 #[async_trait]
 impl Migration for Migration0016MergeProviders {
     fn prev_version(&self) -> Option<DatabaseVersion> {
-        Some(Migration0015LogQuota.version())
+        Some("0015_log_quota".into())
     }
 
     fn version(&self) -> DatabaseVersion {
@@ -29,6 +26,7 @@ impl Migration for Migration0016MergeProviders {
 #[cfg(test)]
 mod tests {
     use crate::contexts::migrations::all_migrations;
+    use crate::contexts::migrations::database_migration::tests::create_migration_0015_snapshot;
     use crate::util::postgres::DatabaseConnectionConfig;
     use crate::{config::get_config_element, contexts::migrate_database};
     use bb8_postgres::{PostgresConnectionManager, bb8::Pool};
@@ -45,9 +43,7 @@ mod tests {
         let mut conn = pool.get().await.unwrap();
 
         // initial schema
-        migrate_database(&mut conn, &all_migrations()[0..1])
-            .await
-            .unwrap();
+        create_migration_0015_snapshot(&mut conn).await.unwrap();
 
         // insert test data on initial schema
         assert_eq!(
@@ -58,7 +54,7 @@ mod tests {
         );
 
         // perform this migration
-        migrate_database(&mut conn, &all_migrations()[1..=1])
+        migrate_database(&mut conn, &all_migrations()[..=0])
             .await
             .unwrap();
 

services/src/contexts/migrations/migration_0016_merge_providers.rs

@@ -30,9 +30,8 @@ impl Migration for Migration0018WildliveConnector {
 #[cfg(test)]
 mod tests {
     use super::*;
-    use crate::contexts::migrations::{
-        Migration0015LogQuota, Migration0016MergeProviders, migrations_by_range,
-    };
+    use crate::contexts::migrations::database_migration::tests::create_migration_0015_snapshot;
+    use crate::contexts::migrations::{Migration0016MergeProviders, migrations_by_range};
     use crate::util::postgres::DatabaseConnectionConfig;
     use crate::{config::get_config_element, contexts::migrate_database};
     use bb8_postgres::{PostgresConnectionManager, bb8::Pool};
@@ -49,15 +48,7 @@ mod tests {
         let mut conn = pool.get().await.unwrap();
 
         // initial schema
-        migrate_database(
-            &mut conn,
-            &migrations_by_range(
-                &Migration0015LogQuota.version(),
-                &Migration0015LogQuota.version(),
-            ),
-        )
-        .await
-        .unwrap();
+        create_migration_0015_snapshot(&mut conn).await.unwrap();
 
         // insert test data on initial schema
         assert_eq!(