mirror of
https://github.com/bitwarden/server.git
synced 2024-12-05 14:23:30 +01:00
f5caecc6d6
* Add SQL script to migrate custom users with specific permissions to User type Remove 'editAssignedCollections' and 'deleteAssignedCollections' properties from Permissions in OrganizationUser table. Migrate custom users who only have these permissions to the User type. * Add MySQL migration to migrate custom users with specific permissions to User type * Add Postgres migration to migrate custom users with specific permissions to User type * Add Sqlite migration to migrate custom users with specific permissions to User type * Update AutoFixture usage in tests to resolve creating ILogger mock instances * Update EF integration tests database contexts to use each respective Migrations assembly. Configure Sqlite instance * Add RunMigration method to BaseEntityFrameworkRepository * Add FinalFlexibleCollectionsDataMigrationsTests * Improve data migration efficiency by using OPENJSON instead of multiple JSON_EXTRACT * Add batching to the sql data migrations * Update DbMigrator to run a specific script based on its name * Update DatabaseDataAttribute to be able to test a specific migration * Add reference to the migration projects to Infrastructure.IntegrationTest * Add integration test to test the migration FinalFlexibleCollectionsDataMigrations * Remove EFIntegration tests and remove RunMigration method from BaseEntityFrameworkRepository * Add IMigrationTesterService and implementations for SQL and EF migrations * Add FinalFlexibleCollectionsDataMigrationsTests and remove test from OrganizationUserRepositoryTests * Update sql data migration script based on performance feedback * Bump date on EF migration scripts * Add xmldoc comments to IMigrationTesterService and each implementation * Bump up the date on the EF migration scripts * Bump up dates on EF migrations * Added tests to assert no unwanted changes are made to the permissions json. Refactor tests. * Revert changes made to DbMigrator and refactor SqlMigrationTesterService to not use it. * Add method description * Fix test to assert no changes are made to custom user * Remove unnecessary COALESCE and SELECT CASE * Unident lines on SQL script * Update DatabaseDataAttribute MigrationName property to be nullable * Fix null reference checks * Remove unnecessary COALESCE from Postgres script * Bump dates on migration scripts * Bump up dates on EF migrations * Add migration tests for handling null * Add test for non json values * Fix test * Remove migrations * Recreate EF migrations * Update Postgres data migration script to check for valid JSON in Permissions column --------- Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com> Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
119 lines
4.2 KiB
Transact-SQL
119 lines
4.2 KiB
Transact-SQL
DECLARE @BatchSize INT = 2000;
|
|
DECLARE @RowsAffected INT;
|
|
|
|
-- Migrate Custom users who only have 'editAssignedCollections' and/or 'deleteAssignedCollections'
|
|
-- custom permissions to the User type.
|
|
WHILE 1 = 1
|
|
BEGIN
|
|
UPDATE TOP (@BatchSize) [dbo].[OrganizationUser]
|
|
SET
|
|
[Type] = 2,
|
|
[Permissions] = NULL
|
|
WHERE
|
|
[Type] = 4
|
|
AND ISJSON([Permissions]) = 1
|
|
AND EXISTS (
|
|
SELECT 1
|
|
FROM OPENJSON([Permissions])
|
|
WITH (
|
|
editAssignedCollections bit '$.editAssignedCollections',
|
|
deleteAssignedCollections bit '$.deleteAssignedCollections',
|
|
accessEventLogs bit '$.accessEventLogs',
|
|
accessImportExport bit '$.accessImportExport',
|
|
accessReports bit '$.accessReports',
|
|
createNewCollections bit '$.createNewCollections',
|
|
editAnyCollection bit '$.editAnyCollection',
|
|
deleteAnyCollection bit '$.deleteAnyCollection',
|
|
manageGroups bit '$.manageGroups',
|
|
managePolicies bit '$.managePolicies',
|
|
manageSso bit '$.manageSso',
|
|
manageUsers bit '$.manageUsers',
|
|
manageResetPassword bit '$.manageResetPassword',
|
|
manageScim bit '$.manageScim'
|
|
) AS PermissionsJson
|
|
WHERE
|
|
(PermissionsJson.editAssignedCollections = 1 OR PermissionsJson.deleteAssignedCollections = 1)
|
|
AND PermissionsJson.accessEventLogs = 0
|
|
AND PermissionsJson.accessImportExport = 0
|
|
AND PermissionsJson.accessReports = 0
|
|
AND PermissionsJson.createNewCollections = 0
|
|
AND PermissionsJson.editAnyCollection = 0
|
|
AND PermissionsJson.deleteAnyCollection = 0
|
|
AND PermissionsJson.manageGroups = 0
|
|
AND PermissionsJson.managePolicies = 0
|
|
AND PermissionsJson.manageSso = 0
|
|
AND PermissionsJson.manageUsers = 0
|
|
AND PermissionsJson.manageResetPassword = 0
|
|
AND PermissionsJson.manageScim = 0
|
|
);
|
|
|
|
SET @RowsAffected = @@ROWCOUNT;
|
|
|
|
IF @RowsAffected = 0
|
|
BREAK;
|
|
END
|
|
|
|
-- Remove 'editAssignedCollections' and 'deleteAssignedCollections' properties from Permissions
|
|
-- Step 1: Create a temporary table to store the IDs and parsed JSON values
|
|
CREATE TABLE #TempIds (
|
|
TempId INT IDENTITY(1,1) PRIMARY KEY,
|
|
OrganizationUserId UNIQUEIDENTIFIER,
|
|
editAssignedCollections BIT,
|
|
deleteAssignedCollections BIT
|
|
);
|
|
|
|
-- Step 2: Populate the temporary table with the IDs and parsed JSON values
|
|
INSERT INTO #TempIds (OrganizationUserId, editAssignedCollections, deleteAssignedCollections)
|
|
SELECT
|
|
Id,
|
|
CAST(JSON_VALUE([Permissions], '$.editAssignedCollections') AS BIT) AS editAssignedCollections,
|
|
CAST(JSON_VALUE([Permissions], '$.deleteAssignedCollections') AS BIT) AS deleteAssignedCollections
|
|
FROM [dbo].[OrganizationUser]
|
|
WHERE
|
|
ISJSON([Permissions]) = 1
|
|
AND (
|
|
JSON_VALUE([Permissions], '$.editAssignedCollections') IS NOT NULL
|
|
OR JSON_VALUE([Permissions], '$.deleteAssignedCollections') IS NOT NULL
|
|
);
|
|
|
|
DECLARE @MaxTempId INT;
|
|
DECLARE @CurrentBatchStart INT = 1;
|
|
|
|
-- Get the maximum TempId
|
|
SELECT @MaxTempId = MAX(TempId) FROM #TempIds;
|
|
|
|
-- Step 3: Loop through the IDs in batches
|
|
WHILE @CurrentBatchStart <= @MaxTempId
|
|
BEGIN
|
|
UPDATE tu
|
|
SET
|
|
[Permissions] =
|
|
JSON_MODIFY(
|
|
JSON_MODIFY(
|
|
[Permissions],
|
|
'$.editAssignedCollections',
|
|
NULL
|
|
),
|
|
'$.deleteAssignedCollections',
|
|
NULL
|
|
)
|
|
FROM [dbo].[OrganizationUser] tu
|
|
INNER JOIN #TempIds ti ON tu.Id = ti.OrganizationUserId
|
|
WHERE
|
|
ti.TempId BETWEEN @CurrentBatchStart AND @CurrentBatchStart + @BatchSize - 1
|
|
AND (
|
|
ti.editAssignedCollections IS NOT NULL
|
|
OR ti.deleteAssignedCollections IS NOT NULL
|
|
);
|
|
|
|
SET @RowsAffected = @@ROWCOUNT;
|
|
|
|
IF @RowsAffected = 0
|
|
BREAK;
|
|
|
|
SET @CurrentBatchStart = @CurrentBatchStart + @BatchSize;
|
|
END
|
|
|
|
-- Clean up the temporary table
|
|
DROP TABLE #TempIds;
|