Merge pull request #92 from RafayLabs/issue83_fix

fix for casbin duplicate issue during init and removing all deletes from init
2026-02-14 17:49:51 +00:00 · 2022-04-08 15:15:49 +05:30
parent 401f244219 565b5083fc
commit a0fd76e02e
3 changed files with 14 additions and 21 deletions
--- a/persistence/migrations/admindb/000001_authsrv_partner.up.sql
+++ b/persistence/migrations/admindb/000001_authsrv_partner.up.sql
@@ -1,4 +1,5 @@
 CREATE EXTENSION IF NOT EXISTS "uuid-ossp";
+GRANT EXECUTE ON FUNCTION uuid_generate_v4() TO admindbuser;
 CREATE TABLE IF NOT EXISTS authsrv_partner (
    id uuid NOT NULL default uuid_generate_v4(),
    name character varying(256) NOT NULL,
--- a/pkg/service/user.go
+++ b/pkg/service/user.go
@@ -259,7 +259,7 @@ func (s *userService) createGroupAccountRelations(ctx context.Context, db bun.ID
 			}
 			grpaccs = append(grpaccs, grp)
 			ugs = append(ugs, &authzv1.UserGroup{
-				Grp:  "g:" + grp.Name,
+				Grp:  "g:" + group,
 				User: "u:" + usr.Metadata.Name,
 			})
 		}
--- a/scripts/initialize/main.go
+++ b/scripts/initialize/main.go
@@ -17,7 +17,6 @@ import (
 	"github.com/RafayLabs/rcloud-base/pkg/common"
 	"github.com/RafayLabs/rcloud-base/pkg/enforcer"
 	"github.com/RafayLabs/rcloud-base/pkg/service"
-	authzv1 "github.com/RafayLabs/rcloud-base/proto/types/authz"
 	commonv3 "github.com/RafayLabs/rcloud-base/proto/types/commonpb/v3"
 	rolev3 "github.com/RafayLabs/rcloud-base/proto/types/rolepb/v3"
 	systemv3 "github.com/RafayLabs/rcloud-base/proto/types/systempb/v3"
@@ -166,32 +165,25 @@ func main() {
 	us := service.NewUserService(providers.NewKratosAuthProvider(kc), db, as, nil, common.CliConfigDownloadData{})
 	prs := service.NewProjectService(db, as)

-	//delete all casbin rules
-	as.DeletePolicies(context.Background(), &authzv1.Policy{})
+	//check if there are role permissions already present
+	existingPermissions := &[]models.ResourceRolePermission{}
+	_, err = dao.ListAll(context.Background(), db, existingPermissions)
+	if err != nil {
+		log.Fatal("Error verifying existing role permissions ", err)
+	}
+	if len(*existingPermissions) > 0 {
+		fmt.Println("resource permissions already exists! cannot invoke initialize again")
+		return
+	}

-	//delete all role permissions, roles
-	err = dao.HardDeleteAll(context.Background(), db, &models.ResourceRolePermission{})
-	if err != nil {
-		log.Fatal(err)
-	}
-	err = dao.HardDeleteAll(context.Background(), db, &models.ResourcePermission{})
-	if err != nil {
-		log.Fatal(err)
-	}
-	err = dao.HardDeleteAll(context.Background(), db, &models.Role{})
-	if err != nil {
-		log.Fatal(err)
-	}
 	//add resource permissions
 	err = addResourcePermissions(db, path.Join("scripts", "initialize", "permissions", "base"))
 	if err != nil {
-		fmt.Println("Run from base directory")
-		log.Fatal(err)
+		log.Fatal("Error running from base directory ", err)
 	}
 	err = addResourcePermissions(db, path.Join("scripts", "initialize", "permissions", "ztka"))
 	if err != nil {
-		fmt.Println("Run from ztka directory")
-		log.Fatal(err)
+		log.Fatal("Error running from ztka directory ", err)
 	}

 	// Create partner