feat: migration to build out roles in db + one rename of auth guard

sfbrigade · Oct 7, 2024 · 473ba16 · 473ba16
1 parent be24b11
commit 473ba16
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 2 deletions.
diff --git a/src/backend/db/migrations/2_rbac_roles.sql b/src/backend/db/migrations/2_rbac_roles.sql
@@ -0,0 +1,14 @@
+-- Step 1: Drop the existing check constraint if it exists
+ALTER TABLE "public"."user" DROP CONSTRAINT IF EXISTS user_role_check;
+
+-- Step 3: Update existing roles
+UPDATE "public"."user" SET role = 'case_manager' WHERE role = 'admin';
+UPDATE "public"."user" SET role = 'para' WHERE role = 'staff';
+
+-- Step 2: Add the new check constraint with the updated roles
+ALTER TABLE "public"."user" ADD CONSTRAINT user_role_check 
+CHECK (role = ANY (ARRAY['user'::text, 'para'::text, 'case_manager'::text, 'admin'::text]));
+
+
+-- Step 4: Add a comment to the table explaining the role values
+COMMENT ON COLUMN "public"."user".role IS 'User role: user, para, case_manager, or admin';
diff --git a/src/backend/routers/student.ts b/src/backend/routers/student.ts
@@ -1,5 +1,5 @@
 import { z } from "zod";
-import { hasAuthenticated, router } from "../trpc";
+import { hasAuthenticated, hasCaseManager, router } from "../trpc";
 
 // TODO: define .output() schemas for all procedures
 export const student = router({
@@ -130,7 +130,7 @@ export const student = router({
    * per the MVP that there will only be one IEP per student,
    * but this should be revisited after the MVP.
    */
-  getActiveStudentIep: hasAuthenticated
+  getActiveStudentIep: hasCaseManager
     .input(
       z.object({
         student_id: z.string().uuid(),