posthog/ee/models/role.py

from django.db import models

from ee.models.organization_resource_access import OrganizationResourceAccess
from posthog.models.utils import UUIDModel


class Role(UUIDModel):
    name: models.CharField = models.CharField(max_length=200)
    organization: models.ForeignKey = models.ForeignKey(
        "posthog.Organization",
        on_delete=models.CASCADE,
        related_name="roles",
        related_query_name="role",
    )
    feature_flags_access_level: models.PositiveSmallIntegerField = models.PositiveSmallIntegerField(
        default=OrganizationResourceAccess.AccessLevel.CAN_ALWAYS_EDIT,
        choices=OrganizationResourceAccess.AccessLevel.choices,
    )
    created_at: models.DateTimeField = models.DateTimeField(auto_now_add=True)
    created_by: models.ForeignKey = models.ForeignKey(
        "posthog.User",
        on_delete=models.SET_NULL,
        related_name="roles",
        related_query_name="role",
        null=True,
    )

    class Meta:
        constraints = [models.UniqueConstraint(fields=["organization", "name"], name="unique_role_name")]


class RoleMembership(UUIDModel):
    role: models.ForeignKey = models.ForeignKey(
        "Role",
        on_delete=models.CASCADE,
        related_name="roles",
        related_query_name="role",
    )
    # TODO: Eventually remove this as we only need the organization membership
    user: models.ForeignKey = models.ForeignKey(
        "posthog.User",
        on_delete=models.CASCADE,
        related_name="role_memberships",
        related_query_name="role_membership",
    )

    organization_member: models.ForeignKey = models.ForeignKey(
        "posthog.OrganizationMembership",
        on_delete=models.CASCADE,
        related_name="role_memberships",
        related_query_name="role_membership",
        null=True,
    )
    joined_at: models.DateTimeField = models.DateTimeField(auto_now_add=True)
    updated_at: models.DateTimeField = models.DateTimeField(auto_now=True)

    class Meta:
        constraints = [models.UniqueConstraint(fields=["role", "user"], name="unique_user_and_role")]
feat: role based permissions (#12657) * initial role and role memberships setup * create role when org is created and role memberships when user joins * wip for merge * fix api tests for role * nest roles under organization route and test fixes * remove pdb set trace * fix types * remove creating default roles and role memberships for orgs and users * add permission levels to orgs and roles * bulk create role memberships * leave role membership as individual api request, handle bulk creation on the frontend instead * feature flag role access wip and migrations * fix flag role access tests * linter * isort * temp type ignore * add access level to plugin tests * test remove test migration safe * test license import error fix * delete old? org license test * nvm we need these tests * type ignore * reset license plans after test * add organization resource access model and remove access level field from regular organizations * feat: permission return on feature flag (#12826) * suggested permission return * change naming * add changes * pass bool * fix plugin tests * organization resource access tests and fixes * update can edit return with new org resource access model from feature flag * fix tests * add permissions to feature flag for editing * more tests * remove unnecessary spacing * fix test * add context for feature flag serializer tests * add back workflow test step * add organization to feature flag role access * fix(spike): why are tests failing (#12858) * was it because invalid id is provided? * allow django to touch the db * a less unexpected way of allowing access to the DB * Revert "add organization to feature flag role access" This reverts commit ef18b0ec8b0bca0dede6a8614eb94f5879f442a7. * address feedback and include organization safety checks in tests * test error fix * test role dupe name per org * remove third access level option * fix migration for it * more tests * fix test * feat: role based permissions UI (#12776) * add api * starter * role and member creation + deletion * working with all deletes * add block * working roles * permissions tab on org settings * org default setting * types * flag role assignment * working per flag permission * working with admin block * types * use restricted area component * wrap flag resource access in different url * restore migrations manifest * update url endpoints * pay gate mini org role settings * remove view and custom edit and remove resource access creation on org creation * add feature flag * address feedback * fix backend tests * remove broken permissions setting on new feature flags * export logic props interface Co-authored-by: Li Yi Yu <li@posthog.com> * type fixes Co-authored-by: Eric Duong <eeoneric@gmail.com> Co-authored-by: Paul D'Ambra <paul@posthog.com> 2022-11-24 02:36:29 +01:00			`from django.db import models`

			`from ee.models.organization_resource_access import OrganizationResourceAccess`
			`from posthog.models.utils import UUIDModel`


			`class Role(UUIDModel):`
			`name: models.CharField = models.CharField(max_length=200)`
			`organization: models.ForeignKey = models.ForeignKey(`
			`"posthog.Organization",`
			`on_delete=models.CASCADE,`
			`related_name="roles",`
			`related_query_name="role",`
			`)`
chore: Use ruff formatter (#18207) * Use ruff formatter Ruff is now also a formatter! And it runs in a fraction of a second across our whole codebase vs "I waited more than 30s and cancelled it because I got bored". * Config and command -> ruff * Run 'ruff format .' * Update query snapshots * Run 'ruff format .' * Fix format after commit hook * Update query snapshots * Fix type error - ignore comment moved * Exclude hogql grammar from formatting and reverted grammar * Run format --------- Co-authored-by: github-actions <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: Tom Owers <tom@paace.co> 2023-10-31 14:41:57 +01:00			`feature_flags_access_level: models.PositiveSmallIntegerField = models.PositiveSmallIntegerField(`
feat: role based permissions (#12657) * initial role and role memberships setup * create role when org is created and role memberships when user joins * wip for merge * fix api tests for role * nest roles under organization route and test fixes * remove pdb set trace * fix types * remove creating default roles and role memberships for orgs and users * add permission levels to orgs and roles * bulk create role memberships * leave role membership as individual api request, handle bulk creation on the frontend instead * feature flag role access wip and migrations * fix flag role access tests * linter * isort * temp type ignore * add access level to plugin tests * test remove test migration safe * test license import error fix * delete old? org license test * nvm we need these tests * type ignore * reset license plans after test * add organization resource access model and remove access level field from regular organizations * feat: permission return on feature flag (#12826) * suggested permission return * change naming * add changes * pass bool * fix plugin tests * organization resource access tests and fixes * update can edit return with new org resource access model from feature flag * fix tests * add permissions to feature flag for editing * more tests * remove unnecessary spacing * fix test * add context for feature flag serializer tests * add back workflow test step * add organization to feature flag role access * fix(spike): why are tests failing (#12858) * was it because invalid id is provided? * allow django to touch the db * a less unexpected way of allowing access to the DB * Revert "add organization to feature flag role access" This reverts commit ef18b0ec8b0bca0dede6a8614eb94f5879f442a7. * address feedback and include organization safety checks in tests * test error fix * test role dupe name per org * remove third access level option * fix migration for it * more tests * fix test * feat: role based permissions UI (#12776) * add api * starter * role and member creation + deletion * working with all deletes * add block * working roles * permissions tab on org settings * org default setting * types * flag role assignment * working per flag permission * working with admin block * types * use restricted area component * wrap flag resource access in different url * restore migrations manifest * update url endpoints * pay gate mini org role settings * remove view and custom edit and remove resource access creation on org creation * add feature flag * address feedback * fix backend tests * remove broken permissions setting on new feature flags * export logic props interface Co-authored-by: Li Yi Yu <li@posthog.com> * type fixes Co-authored-by: Eric Duong <eeoneric@gmail.com> Co-authored-by: Paul D'Ambra <paul@posthog.com> 2022-11-24 02:36:29 +01:00			`default=OrganizationResourceAccess.AccessLevel.CAN_ALWAYS_EDIT,`
			`choices=OrganizationResourceAccess.AccessLevel.choices,`
			`)`
			`created_at: models.DateTimeField = models.DateTimeField(auto_now_add=True)`
			`created_by: models.ForeignKey = models.ForeignKey(`
			`"posthog.User",`
			`on_delete=models.SET_NULL,`
			`related_name="roles",`
			`related_query_name="role",`
			`null=True,`
			`)`

			`class Meta:`
			`constraints = [models.UniqueConstraint(fields=["organization", "name"], name="unique_role_name")]`


			`class RoleMembership(UUIDModel):`
			`role: models.ForeignKey = models.ForeignKey(`
			`"Role",`
			`on_delete=models.CASCADE,`
			`related_name="roles",`
			`related_query_name="role",`
			`)`
fix: Deleting role members (#20928) 2024-03-18 10:09:35 +01:00			`# TODO: Eventually remove this as we only need the organization membership`
feat: role based permissions (#12657) * initial role and role memberships setup * create role when org is created and role memberships when user joins * wip for merge * fix api tests for role * nest roles under organization route and test fixes * remove pdb set trace * fix types * remove creating default roles and role memberships for orgs and users * add permission levels to orgs and roles * bulk create role memberships * leave role membership as individual api request, handle bulk creation on the frontend instead * feature flag role access wip and migrations * fix flag role access tests * linter * isort * temp type ignore * add access level to plugin tests * test remove test migration safe * test license import error fix * delete old? org license test * nvm we need these tests * type ignore * reset license plans after test * add organization resource access model and remove access level field from regular organizations * feat: permission return on feature flag (#12826) * suggested permission return * change naming * add changes * pass bool * fix plugin tests * organization resource access tests and fixes * update can edit return with new org resource access model from feature flag * fix tests * add permissions to feature flag for editing * more tests * remove unnecessary spacing * fix test * add context for feature flag serializer tests * add back workflow test step * add organization to feature flag role access * fix(spike): why are tests failing (#12858) * was it because invalid id is provided? * allow django to touch the db * a less unexpected way of allowing access to the DB * Revert "add organization to feature flag role access" This reverts commit ef18b0ec8b0bca0dede6a8614eb94f5879f442a7. * address feedback and include organization safety checks in tests * test error fix * test role dupe name per org * remove third access level option * fix migration for it * more tests * fix test * feat: role based permissions UI (#12776) * add api * starter * role and member creation + deletion * working with all deletes * add block * working roles * permissions tab on org settings * org default setting * types * flag role assignment * working per flag permission * working with admin block * types * use restricted area component * wrap flag resource access in different url * restore migrations manifest * update url endpoints * pay gate mini org role settings * remove view and custom edit and remove resource access creation on org creation * add feature flag * address feedback * fix backend tests * remove broken permissions setting on new feature flags * export logic props interface Co-authored-by: Li Yi Yu <li@posthog.com> * type fixes Co-authored-by: Eric Duong <eeoneric@gmail.com> Co-authored-by: Paul D'Ambra <paul@posthog.com> 2022-11-24 02:36:29 +01:00			`user: models.ForeignKey = models.ForeignKey(`
			`"posthog.User",`
			`on_delete=models.CASCADE,`
			`related_name="role_memberships",`
			`related_query_name="role_membership",`
			`)`
fix: Deleting role members (#20928) 2024-03-18 10:09:35 +01:00
			`organization_member: models.ForeignKey = models.ForeignKey(`
			`"posthog.OrganizationMembership",`
			`on_delete=models.CASCADE,`
			`related_name="role_memberships",`
			`related_query_name="role_membership",`
			`null=True,`
			`)`
feat: role based permissions (#12657) * initial role and role memberships setup * create role when org is created and role memberships when user joins * wip for merge * fix api tests for role * nest roles under organization route and test fixes * remove pdb set trace * fix types * remove creating default roles and role memberships for orgs and users * add permission levels to orgs and roles * bulk create role memberships * leave role membership as individual api request, handle bulk creation on the frontend instead * feature flag role access wip and migrations * fix flag role access tests * linter * isort * temp type ignore * add access level to plugin tests * test remove test migration safe * test license import error fix * delete old? org license test * nvm we need these tests * type ignore * reset license plans after test * add organization resource access model and remove access level field from regular organizations * feat: permission return on feature flag (#12826) * suggested permission return * change naming * add changes * pass bool * fix plugin tests * organization resource access tests and fixes * update can edit return with new org resource access model from feature flag * fix tests * add permissions to feature flag for editing * more tests * remove unnecessary spacing * fix test * add context for feature flag serializer tests * add back workflow test step * add organization to feature flag role access * fix(spike): why are tests failing (#12858) * was it because invalid id is provided? * allow django to touch the db * a less unexpected way of allowing access to the DB * Revert "add organization to feature flag role access" This reverts commit ef18b0ec8b0bca0dede6a8614eb94f5879f442a7. * address feedback and include organization safety checks in tests * test error fix * test role dupe name per org * remove third access level option * fix migration for it * more tests * fix test * feat: role based permissions UI (#12776) * add api * starter * role and member creation + deletion * working with all deletes * add block * working roles * permissions tab on org settings * org default setting * types * flag role assignment * working per flag permission * working with admin block * types * use restricted area component * wrap flag resource access in different url * restore migrations manifest * update url endpoints * pay gate mini org role settings * remove view and custom edit and remove resource access creation on org creation * add feature flag * address feedback * fix backend tests * remove broken permissions setting on new feature flags * export logic props interface Co-authored-by: Li Yi Yu <li@posthog.com> * type fixes Co-authored-by: Eric Duong <eeoneric@gmail.com> Co-authored-by: Paul D'Ambra <paul@posthog.com> 2022-11-24 02:36:29 +01:00			`joined_at: models.DateTimeField = models.DateTimeField(auto_now_add=True)`
			`updated_at: models.DateTimeField = models.DateTimeField(auto_now=True)`

			`class Meta:`
			`constraints = [models.UniqueConstraint(fields=["role", "user"], name="unique_user_and_role")]`