System team permissions (#82)

* added default permissions to prisma

* added system team permission

* fixed permission update

* added system permission UI

* fixed permission update

* added create team client

* added client create team

* added client team create endpoint

* fixed user.createTeam, updated demo

* added default permissions for team creators and members

* added createTeamForUser

* added permission id format check

* updated db schema for default permission, added default perms when project is created

* fixed merge errors

apps/backend/prisma/migrations/20240618150845_system_team_permission/migration.sql

@@ -0,0 +1,63 @@
+/*
+  Warnings:
+
+  - The primary key for the `TeamMemberDirectPermission` table will be changed. If it partially fails, the table could be left without primary key constraint.
+  - A unique constraint covering the columns `[projectId,projectUserId,teamId,permissionDbId]` on the table `TeamMemberDirectPermission` will be added. If there are existing duplicate values, this will fail.
+  - A unique constraint covering the columns `[projectId,projectUserId,teamId,systemPermission]` on the table `TeamMemberDirectPermission` will be added. If there are existing duplicate values, this will fail.
+  - The required column `id` was added to the `TeamMemberDirectPermission` table with a prisma-level default value. This is not possible if the table is not empty. Please add this column as optional, then populate it before making it required.
+
+*/
+-- CreateEnum
+CREATE TYPE "TeamSystemPermission" AS ENUM ('UPDATE_TEAM', 'DELETE_TEAM', 'READ_MEMBERS', 'REMOVE_MEMBERS', 'INVITE_MEMBERS');
+
+-- AlterTable
+ALTER TABLE "Permission" ADD COLUMN     "isDefaultTeamCreatorPermission" BOOLEAN NOT NULL DEFAULT false,
+ADD COLUMN     "isDefaultTeamMemberPermission" BOOLEAN NOT NULL DEFAULT false;
+
+-- AlterTable
+ALTER TABLE "PermissionEdge" ADD COLUMN     "parentTeamSystemPermission" "TeamSystemPermission",
+ALTER COLUMN "parentPermissionDbId" DROP NOT NULL;
+
+-- AlterTable
+ALTER TABLE "ProjectConfig" ADD COLUMN     "teamCreateDefaultSystemPermissions" "TeamSystemPermission"[],
+ADD COLUMN     "teamMemberDefaultSystemPermissions" "TeamSystemPermission"[];
+
+
+-- -- AlterTable
+-- ALTER TABLE "TeamMemberDirectPermission" DROP CONSTRAINT "TeamMemberDirectPermission_pkey",
+-- ADD COLUMN     "id" UUID NOT NULL,
+-- ADD COLUMN     "systemPermission" "TeamSystemPermission",
+-- ALTER COLUMN "permissionDbId" DROP NOT NULL,
+-- ADD CONSTRAINT "TeamMemberDirectPermission_pkey" PRIMARY KEY ("id");
+
+-- -- CreateIndex
+-- CREATE UNIQUE INDEX "TeamMemberDirectPermission_projectId_projectUserId_teamId_p_key" ON "TeamMemberDirectPermission"("projectId", "projectUserId", "teamId", "permissionDbId");
+
+-- -- CreateIndex
+-- CREATE UNIQUE INDEX "TeamMemberDirectPermission_projectId_projectUserId_teamId_s_key" ON "TeamMemberDirectPermission"("projectId", "projectUserId", "teamId", "systemPermission");
+
+
+-- Step 1: Add `id` as an optional column
+ALTER TABLE "TeamMemberDirectPermission" 
+ADD COLUMN "id" UUID, 
+ADD COLUMN "systemPermission" "TeamSystemPermission";
+
+-- Step 2: Populate the `id` column with UUID values
+UPDATE "TeamMemberDirectPermission" SET "id" = gen_random_uuid();
+
+-- Step 3: Make the `id` column required
+ALTER TABLE "TeamMemberDirectPermission" ALTER COLUMN "id" SET NOT NULL;
+
+-- Step 4: Ensure there are no duplicate values for the unique constraints
+-- There should be no duplicates for the unique constraints
+
+-- Step 5: Drop the existing primary key constraint
+ALTER TABLE "TeamMemberDirectPermission" DROP CONSTRAINT "TeamMemberDirectPermission_pkey",
+ALTER COLUMN "permissionDbId" DROP NOT NULL;
+
+-- Step 6: Add the unique constraints
+CREATE UNIQUE INDEX "TeamMemberDirectPermission_projectId_projectUserId_teamId_p_key" ON "TeamMemberDirectPermission"("projectId", "projectUserId", "teamId", "permissionDbId");
+CREATE UNIQUE INDEX "TeamMemberDirectPermission_projectId_projectUserId_teamId_s_key" ON "TeamMemberDirectPermission"("projectId", "projectUserId", "teamId", "systemPermission");
+
+-- Step 7: Add the new primary key constraint
+ALTER TABLE "TeamMemberDirectPermission" ADD CONSTRAINT "TeamMemberDirectPermission_pkey" PRIMARY KEY ("id");

apps/backend/prisma/schema.prisma

@@ -39,16 +39,20 @@ model ProjectConfig {
   createdAt DateTime @default(now())
   updatedAt DateTime @updatedAt
 
-  allowLocalhost     Boolean
-  credentialEnabled  Boolean
-  magicLinkEnabled   Boolean
+  allowLocalhost    Boolean
+  credentialEnabled Boolean
+  magicLinkEnabled  Boolean
+
   createTeamOnSignUp Boolean
 
   projects             Project[]
   oauthProviderConfigs OAuthProviderConfig[]
   emailServiceConfig   EmailServiceConfig?
   domains              ProjectDomain[]
   permissions          Permission[]
+
+  teamCreateDefaultSystemPermissions TeamSystemPermission[]
+  teamMemberDefaultSystemPermissions TeamSystemPermission[]
 }
 
 model ProjectDomain {
@@ -115,18 +119,23 @@ model TeamMember {
 }
 
 model TeamMemberDirectPermission {
+  id             String  @id @default(uuid()) @db.Uuid
   projectId      String
-  projectUserId  String @db.Uuid
-  teamId         String @db.Uuid
-  permissionDbId String @db.Uuid
+  projectUserId  String  @db.Uuid
+  teamId         String  @db.Uuid
+  permissionDbId String? @db.Uuid
 
   createdAt DateTime @default(now())
   updatedAt DateTime @updatedAt
 
   teamMember TeamMember @relation(fields: [projectId, projectUserId, teamId], references: [projectId, projectUserId, teamId], onDelete: Cascade)
-  permission Permission @relation(fields: [permissionDbId], references: [dbId], onDelete: Cascade)
 
-  @@id([projectId, projectUserId, teamId, permissionDbId])
+  // exactly one of [permissionId && permission] or [systemPermission] must be set
+  permission       Permission?           @relation(fields: [permissionDbId], references: [dbId], onDelete: Cascade)
+  systemPermission TeamSystemPermission?
+
+  @@unique([projectId, projectUserId, teamId, permissionDbId])
+  @@unique([projectId, projectUserId, teamId, systemPermission])
 }
 
 model Permission {
@@ -153,6 +162,9 @@ model Permission {
   childEdges                 PermissionEdge[]             @relation("ParentPermission")
   teamMemberDirectPermission TeamMemberDirectPermission[]
 
+  isDefaultTeamCreatorPermission Boolean @default(false)
+  isDefaultTeamMemberPermission  Boolean @default(false)
+
   @@unique([projectConfigId, queryableId])
   @@unique([projectId, teamId, queryableId])
 }
@@ -162,16 +174,27 @@ enum PermissionScope {
   TEAM
 }
 
+enum TeamSystemPermission {
+  UPDATE_TEAM
+  DELETE_TEAM
+  READ_MEMBERS
+  REMOVE_MEMBERS
+  INVITE_MEMBERS
+}
+
 model PermissionEdge {
   edgeId String @id @default(uuid()) @db.Uuid
 
   createdAt DateTime @default(now())
   updatedAt DateTime @updatedAt
 
-  parentPermissionDbId String     @db.Uuid
-  parentPermission     Permission @relation("ParentPermission", fields: [parentPermissionDbId], references: [dbId], onDelete: Cascade)
-  childPermissionDbId  String     @db.Uuid
-  childPermission      Permission @relation("ChildPermission", fields: [childPermissionDbId], references: [dbId], onDelete: Cascade)
+  // exactly one of [parentPermissionDbId && parentPermission] or [parentTeamSystemPermission] must be set
+  parentPermissionDbId       String?               @db.Uuid
+  parentPermission           Permission?           @relation("ParentPermission", fields: [parentPermissionDbId], references: [dbId], onDelete: Cascade)
+  parentTeamSystemPermission TeamSystemPermission?
+
+  childPermissionDbId String     @db.Uuid
+  childPermission     Permission @relation("ChildPermission", fields: [childPermissionDbId], references: [dbId], onDelete: Cascade)
 }
 
 model ProjectUser {