1
0
mirror of https://github.com/bitwarden/server.git synced 2025-01-09 19:57:37 +01:00
bitwarden-server/util/MySqlMigrations/HelperScripts/2024-08-26_00_FinalFlexibleCollectionsDataMigrations.sql
Rui Tomé f5caecc6d6
[AC-1722] Deprecate "Edit/Delete Assigned Collections" custom permissions (#4604)
* Add SQL script to migrate custom users with specific permissions to User type

Remove 'editAssignedCollections' and 'deleteAssignedCollections' properties from Permissions in OrganizationUser table. Migrate custom users who only have these permissions to the User type.

* Add MySQL migration to migrate custom users with specific permissions to User type

* Add Postgres migration to migrate custom users with specific permissions to User type

* Add Sqlite migration to migrate custom users with specific permissions to User type

* Update AutoFixture usage in tests to resolve creating ILogger mock instances

* Update EF integration tests database contexts to use each respective Migrations assembly. Configure Sqlite instance

* Add RunMigration method to BaseEntityFrameworkRepository

* Add FinalFlexibleCollectionsDataMigrationsTests

* Improve data migration efficiency by using OPENJSON instead of multiple JSON_EXTRACT

* Add batching to the sql data migrations

* Update DbMigrator to run a specific script based on its name

* Update DatabaseDataAttribute to be able to test a specific migration

* Add reference to the migration projects to Infrastructure.IntegrationTest

* Add integration test to test the migration FinalFlexibleCollectionsDataMigrations

* Remove EFIntegration tests and remove RunMigration method from BaseEntityFrameworkRepository

* Add IMigrationTesterService and implementations for SQL and EF migrations

* Add FinalFlexibleCollectionsDataMigrationsTests and remove test from OrganizationUserRepositoryTests

* Update sql data migration script based on performance feedback

* Bump date on EF migration scripts

* Add xmldoc comments to IMigrationTesterService and each implementation

* Bump up the date on the EF migration scripts

* Bump up dates on EF migrations

* Added tests to assert no unwanted changes are made to the permissions json. Refactor tests.

* Revert changes made to DbMigrator and refactor SqlMigrationTesterService to not use it.

* Add method description

* Fix test to assert no changes are made to custom user

* Remove unnecessary COALESCE and SELECT CASE

* Unident lines on SQL script

* Update DatabaseDataAttribute MigrationName property to be nullable

* Fix null reference checks

* Remove unnecessary COALESCE from Postgres script

* Bump dates on migration scripts

* Bump up dates on EF migrations

* Add migration tests for handling null

* Add test for non json values

* Fix test

* Remove migrations

* Recreate EF migrations

* Update Postgres data migration script to check for valid JSON in Permissions column

---------

Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
2024-09-02 11:04:55 +01:00

42 lines
1.7 KiB
SQL

-- Migrate Custom users who only have 'editAssignedCollections' and/or 'deleteAssignedCollections' custom permissions to the User type.
UPDATE `OrganizationUser`
SET
`Type` = 2,
`Permissions` = NULL
WHERE
`Type` = 4
AND JSON_VALID(`Permissions`) = 1
AND (
JSON_VALUE(`Permissions`, '$.editAssignedCollections') = 'true'
OR JSON_VALUE(`Permissions`, '$.deleteAssignedCollections') = 'true'
)
AND JSON_VALUE(`Permissions`, '$.accessEventLogs') = 'false'
AND JSON_VALUE(`Permissions`, '$.accessImportExport') = 'false'
AND JSON_VALUE(`Permissions`, '$.accessReports') = 'false'
AND JSON_VALUE(`Permissions`, '$.createNewCollections') = 'false'
AND JSON_VALUE(`Permissions`, '$.editAnyCollection') = 'false'
AND JSON_VALUE(`Permissions`, '$.deleteAnyCollection') = 'false'
AND JSON_VALUE(`Permissions`, '$.manageGroups') = 'false'
AND JSON_VALUE(`Permissions`, '$.managePolicies') = 'false'
AND JSON_VALUE(`Permissions`, '$.manageSso') = 'false'
AND JSON_VALUE(`Permissions`, '$.manageUsers') = 'false'
AND JSON_VALUE(`Permissions`, '$.manageResetPassword') = 'false'
AND JSON_VALUE(`Permissions`, '$.manageScim') = 'false';
-- Remove 'editAssignedCollections' and 'deleteAssignedCollections' properties from Permissions
UPDATE `OrganizationUser`
SET
`Permissions` = JSON_REMOVE(
JSON_REMOVE(
`Permissions`,
'$.editAssignedCollections'
),
'$.deleteAssignedCollections'
)
WHERE
JSON_VALID(`Permissions`) = 1
AND (
JSON_VALUE(`Permissions`, '$.editAssignedCollections') IS NOT NULL
OR JSON_VALUE(`Permissions`, '$.deleteAssignedCollections') IS NOT NULL
);