Merge pull request #191 from refactor-group/185-migrate-users-to-new-roles

Migrate Users to use User Roles

Author: calebbourg

migration/src/base_refactor_platform_rs.sql

@@ -1,6 +1,6 @@
 -- SQL dump generated using DBML (dbml.dbdiagram.io)
 -- Database: PostgreSQL
--- Generated at: 2025-10-10T11:37:44.202Z
+-- Generated at: 2025-10-12T20:02:02.149Z
 
 CREATE TYPE "refactor_platform"."status" AS ENUM (
   'not_started',

migration/src/lib.rs

@@ -9,7 +9,8 @@ mod m20250705_200000_add_timezone_to_users;
 mod m20250730_000000_add_coaching_sessions_sorting_indexes;
 mod m20250801_000000_add_sorting_indexes;
 mod m20251007_093603_add_user_roles_table_and_super_admin;
-
+mod m20251008_000000_migrate_admin_users_to_super_admin_role;
+mod m20251009_000000_migrate_regular_users_to_user_roles;
 pub struct Migrator;
 
 #[async_trait::async_trait]
@@ -25,6 +26,8 @@ impl MigratorTrait for Migrator {
             Box::new(m20250730_000000_add_coaching_sessions_sorting_indexes::Migration),
             Box::new(m20250801_000000_add_sorting_indexes::Migration),
             Box::new(m20251007_093603_add_user_roles_table_and_super_admin::Migration),
+            Box::new(m20251008_000000_migrate_admin_users_to_super_admin_role::Migration),
+            Box::new(m20251009_000000_migrate_regular_users_to_user_roles::Migration),
         ]
     }
 }

migration/src/m20251008_000000_migrate_admin_users_to_super_admin_role.rs

@@ -0,0 +1,57 @@
+use sea_orm_migration::prelude::*;
+
+#[derive(DeriveMigrationName)]
+pub struct Migration;
+
+#[async_trait::async_trait]
+impl MigrationTrait for Migration {
+    async fn up(&self, manager: &SchemaManager) -> Result<(), DbErr> {
+        // For each user with role = 'admin', create a user_roles record with:
+        // - role = 'super_admin'
+        // - organization_id = NULL (global/super admin has no org association)
+        // - user_id = the admin user's id
+        //
+        // We use ON CONFLICT DO NOTHING to handle cases where this migration
+        // might be run multiple times (idempotent operation)
+        //
+        // Note: We explicitly cast 'super_admin' to the enum type to handle
+        // PostgreSQL's transaction safety restrictions when using newly added enum values
+        let insert_super_admin_roles_sql = r#"
+            INSERT INTO refactor_platform.user_roles (user_id, role, organization_id)
+            SELECT id, 'super_admin'::refactor_platform.role, NULL
+            FROM refactor_platform.users
+            WHERE role = 'admin'
+            ON CONFLICT DO NOTHING
+        "#;
+
+        manager
+            .get_connection()
+            .execute_unprepared(insert_super_admin_roles_sql)
+            .await?;
+
+        Ok(())
+    }
+
+    async fn down(&self, manager: &SchemaManager) -> Result<(), DbErr> {
+        // Remove the super_admin user_roles records that were created for admin users
+        // This only removes super_admin roles with NULL organization_id for users
+        // who currently have role = 'admin'
+        let delete_super_admin_roles_sql = r#"
+            DELETE FROM refactor_platform.user_roles
+            WHERE role = 'super_admin'::refactor_platform.role
+              AND organization_id IS NULL
+              AND user_id IN (
+                  SELECT id
+                  FROM refactor_platform.users
+                  WHERE role = 'admin'
+              )
+        "#;
+
+        manager
+            .get_connection()
+            .execute_unprepared(delete_super_admin_roles_sql)
+            .await?;
+
+        Ok(())
+    }
+}

migration/src/m20251009_000000_migrate_regular_users_to_user_roles.rs

@@ -0,0 +1,66 @@
+use sea_orm_migration::prelude::*;
+
+#[derive(DeriveMigrationName)]
+pub struct Migration;
+
+#[async_trait::async_trait]
+impl MigrationTrait for Migration {
+    async fn up(&self, manager: &SchemaManager) -> Result<(), DbErr> {
+        // For each user with role = 'user', find their associated organizations
+        // and create a user_roles record for each organization with:
+        // - role = 'user'
+        // - organization_id = the organization's id from organizations_users
+        // - user_id = the user's id
+        //
+        // We use ON CONFLICT DO NOTHING to handle cases where this migration
+        // might be run multiple times (idempotent operation)
+        //
+        // Note: We explicitly cast 'user' to the enum type to handle
+        // PostgreSQL's transaction safety restrictions when using enum values
+        let insert_user_roles_sql = r#"
+            INSERT INTO refactor_platform.user_roles (user_id, role, organization_id)
+            SELECT
+                u.id,
+                'user'::refactor_platform.role,
+                ou.organization_id
+            FROM refactor_platform.users u
+            INNER JOIN refactor_platform.organizations_users ou ON u.id = ou.user_id
+            WHERE u.role = 'user'
+            ON CONFLICT DO NOTHING
+        "#;
+
+        manager
+            .get_connection()
+            .execute_unprepared(insert_user_roles_sql)
+            .await?;
+
+        Ok(())
+    }
+
+    async fn down(&self, manager: &SchemaManager) -> Result<(), DbErr> {
+        // Remove the user role user_roles records that were created for regular users
+        // This only removes 'user' roles for users who currently have role = 'user'
+        // and only for organizations they're actually associated with
+        let delete_user_roles_sql = r#"
+            DELETE FROM refactor_platform.user_roles
+            WHERE role = 'user'::refactor_platform.role
+              AND user_id IN (
+                  SELECT id
+                  FROM refactor_platform.users
+                  WHERE role = 'user'
+              )
+              AND organization_id IN (
+                  SELECT organization_id
+                  FROM refactor_platform.organizations_users
+                  WHERE user_id = refactor_platform.user_roles.user_id
+              )
+        "#;
+
+        manager
+            .get_connection()
+            .execute_unprepared(delete_user_roles_sql)
+            .await?;
+
+        Ok(())
+    }
+}

scripts/rebuild_db.sh

@@ -70,6 +70,20 @@ echo "Modifying the generated SQL file..."
 sed -i '' '/CREATE SCHEMA/d' migration/src/base_refactor_platform_rs.sql
 
 echo "Running the migrations..."
-DATABASE_URL=postgres://$DB_USER:password@localhost:5432/$DB_NAME sea-orm-cli migrate up -s $SCHEMA_NAME || { echo "Failed to run migrations"; exit 1; }
+# PostgreSQL Enum Transaction Restriction Workaround:
+# When ALTER TYPE ... ADD VALUE adds a new enum value (e.g., 'super_admin'), PostgreSQL
+# requires that value to be committed before it can be used in subsequent operations.
+# Even though SeaORM commits each migration separately, running all migrations in rapid
+# succession on a fresh database can cause "unsafe use of new value" errors.
+# Solution: Split migration execution into two batches to ensure the enum value is fully
+# committed before any migration attempts to use it.
+
+# Step 1: Apply migrations up to and including the user_roles table creation (9 migrations)
+echo "Step 1: Applying migrations up to user_roles table creation..."
+DATABASE_URL=postgres://$DB_USER:password@localhost:5432/$DB_NAME sea-orm-cli migrate up -n 9 -s $SCHEMA_NAME || { echo "Failed to run initial migrations"; exit 1; }
+
+# Step 2: Apply the remaining migration that uses super_admin enum value
+echo "Step 2: Applying remaining migrations that use the super_admin enum..."
+DATABASE_URL=postgres://$DB_USER:password@localhost:5432/$DB_NAME sea-orm-cli migrate up -s $SCHEMA_NAME || { echo "Failed to run remaining migrations"; exit 1; }
 
 echo "Database setup and migrations completed successfully"