From 473ba16ecb75d9998c961027c8b6690056337a5b Mon Sep 17 00:00:00 2001 From: thom Date: Mon, 7 Oct 2024 12:58:17 -0700 Subject: [PATCH] feat: migration to build out roles in db + one rename of auth guard --- src/backend/db/migrations/2_rbac_roles.sql | 14 ++++++++++++++ src/backend/routers/student.ts | 4 ++-- 2 files changed, 16 insertions(+), 2 deletions(-) create mode 100644 src/backend/db/migrations/2_rbac_roles.sql diff --git a/src/backend/db/migrations/2_rbac_roles.sql b/src/backend/db/migrations/2_rbac_roles.sql new file mode 100644 index 00000000..fe03bcba --- /dev/null +++ b/src/backend/db/migrations/2_rbac_roles.sql @@ -0,0 +1,14 @@ +-- Step 1: Drop the existing check constraint if it exists +ALTER TABLE "public"."user" DROP CONSTRAINT IF EXISTS user_role_check; + +-- Step 3: Update existing roles +UPDATE "public"."user" SET role = 'case_manager' WHERE role = 'admin'; +UPDATE "public"."user" SET role = 'para' WHERE role = 'staff'; + +-- Step 2: Add the new check constraint with the updated roles +ALTER TABLE "public"."user" ADD CONSTRAINT user_role_check +CHECK (role = ANY (ARRAY['user'::text, 'para'::text, 'case_manager'::text, 'admin'::text])); + + +-- Step 4: Add a comment to the table explaining the role values +COMMENT ON COLUMN "public"."user".role IS 'User role: user, para, case_manager, or admin'; diff --git a/src/backend/routers/student.ts b/src/backend/routers/student.ts index 9170475d..dc9e6bd4 100644 --- a/src/backend/routers/student.ts +++ b/src/backend/routers/student.ts @@ -1,5 +1,5 @@ import { z } from "zod"; -import { hasAuthenticated, router } from "../trpc"; +import { hasAuthenticated, hasCaseManager, router } from "../trpc"; // TODO: define .output() schemas for all procedures export const student = router({ @@ -130,7 +130,7 @@ export const student = router({ * per the MVP that there will only be one IEP per student, * but this should be revisited after the MVP. */ - getActiveStudentIep: hasAuthenticated + getActiveStudentIep: hasCaseManager .input( z.object({ student_id: z.string().uuid(),