feat: namespace access management #4576
Conversation
🎉 Snyk checks have passed. No issues have been found so far.✅ security/snyk check is complete. No issues have been found. (View Details) |
| await knex.schema.createTable(TableName.NamespaceRole, (t) => { | ||
| t.uuid("id").primary().defaultTo(knex.fn.uuid()); | ||
| t.string("name").notNullable(); | ||
| t.string("description"); | ||
| t.string("slug").notNullable(); | ||
| t.jsonb("permissions").notNullable(); | ||
| t.uuid("namespaceId").notNullable(); | ||
| t.foreign("namespaceId").references("id").inTable(TableName.Namespace).onDelete("CASCADE"); | ||
| t.timestamps(true, true, true); | ||
| t.unique(["name", "namespaceId"]); | ||
| }); |
There was a problem hiding this comment.
I thought we were moving away from slugs? or is this to keep consistency with org/project roles?
If so, shouldn't the unique be on slug and not name?
There was a problem hiding this comment.
FIxed and yes it's for keeping it similiar in all sides
| name: "", | ||
| slug: "", | ||
| description: "", | ||
| permissions: {} |
There was a problem hiding this comment.
issue with creating namespace role being blocked by permission validation error:
CleanShot.2025-09-23.at.14.00.11.mp4
| formName: "role" | ||
| }, | ||
| { | ||
| title: "Namespace Profile", |
There was a problem hiding this comment.
feel like this should probably be Namespace Settings? Profile confused me
There was a problem hiding this comment.
Hmm! May be let's discuss this - project permission follows the same convention
| }); | ||
| ForbiddenError.from(namespacePermission).throwUnlessCan( | ||
| NamespacePermissionIdentityActions.Edit, | ||
| subject(NamespacePermissionSubjects.Identity, { identityId }) |
There was a problem hiding this comment.
not related to this line in particular but just pointing out that the UI for namespace permissions doesn't support conditions like projects
|
|
||
| if (identityOrgMembership.identity.namespace) | ||
| throw new BadRequestError({ | ||
| message: `Namespace identity with id ${identityId} membership cannot be deleted` |
There was a problem hiding this comment.
nit: extra space in error message
|
|
||
| const totalCount = await namespaceIdentityMembershipDAL.getCountByNamespaceId(namespace.id, { search }); | ||
|
|
||
| return { identityMemberships, totalCount }; |
There was a problem hiding this comment.
shouldn't we filter the memberships based off condition permission?
There was a problem hiding this comment.
Conditions are just not pushed yet. Will hold it as separate part.
| namespaceId: namespace.id | ||
| }); | ||
|
|
||
| return { identityMemberships: docs, totalCount }; |
There was a problem hiding this comment.
same thing; shouldn't we filter results based off conditional read with id?
Description 📣
Completed namespace first part of phase 1 which is the access management
Type ✨
Tests 🛠️
# Here's some code block to paste some code snippets