diff --git a/apps/webservice/src/app/api/v1/releases/[releaseId]/route.ts b/apps/webservice/src/app/api/v1/releases/[releaseId]/route.ts index 394228252..11731c1ab 100644 --- a/apps/webservice/src/app/api/v1/releases/[releaseId]/route.ts +++ b/apps/webservice/src/app/api/v1/releases/[releaseId]/route.ts @@ -29,8 +29,8 @@ export const PATCH = request() .use( authz(({ can, extra: { params } }) => can - .perform(Permission.ReleaseUpdate) - .on({ type: "release", id: params.releaseId }), + .perform(Permission.DeploymentVersionUpdate) + .on({ type: "deploymentVersion", id: params.releaseId }), ), ) .handle< diff --git a/apps/webservice/src/app/api/v1/releases/route.ts b/apps/webservice/src/app/api/v1/releases/route.ts index 80137fb7d..ee1dfab9a 100644 --- a/apps/webservice/src/app/api/v1/releases/route.ts +++ b/apps/webservice/src/app/api/v1/releases/route.ts @@ -40,7 +40,7 @@ export const POST = request() .use( authz(({ ctx, can }) => can - .perform(Permission.ReleaseCreate) + .perform(Permission.DeploymentVersionCreate) .on({ type: "deployment", id: ctx.body.deploymentId }), ), ) diff --git a/packages/api/src/router/deployment-version.ts b/packages/api/src/router/deployment-version.ts index 18fb12c09..4baba4e63 100644 --- a/packages/api/src/router/deployment-version.ts +++ b/packages/api/src/router/deployment-version.ts @@ -51,7 +51,7 @@ export const versionRouter = createTRPCRouter({ .meta({ authorizationCheck: ({ canUser, input }) => canUser - .perform(Permission.ReleaseList) + .perform(Permission.DeploymentVersionList) .on({ type: "deployment", id: input.deploymentId }), }) .input( @@ -122,8 +122,8 @@ export const versionRouter = createTRPCRouter({ .meta({ authorizationCheck: ({ canUser, input }) => canUser - .perform(Permission.ReleaseGet) - .on({ type: "release", id: input }), + .perform(Permission.DeploymentVersionGet) + .on({ type: "deploymentVersion", id: input }), }) .input(z.string().uuid()) .query(({ ctx, input }) => @@ -172,7 +172,7 @@ export const versionRouter = createTRPCRouter({ .meta({ authorizationCheck: ({ canUser, input }) => canUser - .perform(Permission.ReleaseCreate) + .perform(Permission.DeploymentVersionCreate) .on({ type: "deployment", id: input.deploymentId }), }) .input(SCHEMA.createRelease) @@ -241,9 +241,9 @@ export const versionRouter = createTRPCRouter({ blocked: protectedProcedure .meta({ authorizationCheck: ({ canUser, input }) => - canUser.perform(Permission.ReleaseGet).on( + canUser.perform(Permission.DeploymentVersionGet).on( ...(input as string[]).map((t) => ({ - type: "release" as const, + type: "deploymentVersion" as const, id: t, })), ), @@ -353,8 +353,8 @@ export const versionRouter = createTRPCRouter({ ) .meta({ authorizationCheck: ({ canUser, input }) => - canUser.perform(Permission.ReleaseGet).on({ - type: "release", + canUser.perform(Permission.DeploymentVersionGet).on({ + type: "deploymentVersion", id: input.releaseId, }), }) @@ -400,8 +400,8 @@ export const versionRouter = createTRPCRouter({ .meta({ authorizationCheck: ({ canUser, input }) => "releaseId" in input - ? canUser.perform(Permission.ReleaseGet).on({ - type: "release", + ? canUser.perform(Permission.DeploymentVersionGet).on({ + type: "deploymentVersion", id: input.releaseId, }) : canUser.perform(Permission.DeploymentGet).on({ @@ -460,7 +460,7 @@ export const versionRouter = createTRPCRouter({ ) .meta({ authorizationCheck: ({ canUser, input }) => - canUser.perform(Permission.ReleaseGet).on({ + canUser.perform(Permission.DeploymentVersionGet).on({ type: "deployment", id: input.deploymentId, }), diff --git a/packages/api/src/router/environment-approval.ts b/packages/api/src/router/environment-approval.ts index 8beed307a..7f73bb33c 100644 --- a/packages/api/src/router/environment-approval.ts +++ b/packages/api/src/router/environment-approval.ts @@ -19,7 +19,7 @@ export const approvalRouter = createTRPCRouter({ authorizationCheck: ({ canUser, input }) => canUser .perform(Permission.DeploymentGet) - .on({ type: "release", id: input.releaseId }), + .on({ type: "deploymentVersion", id: input.releaseId }), }) .input( z.object({ @@ -65,7 +65,7 @@ export const approvalRouter = createTRPCRouter({ authorizationCheck: ({ canUser, input }) => canUser .perform(Permission.DeploymentUpdate) - .on({ type: "release", id: input.releaseId }), + .on({ type: "deploymentVersion", id: input.releaseId }), }) .input( z.object({ policyId: z.string().uuid(), releaseId: z.string().uuid() }), @@ -127,7 +127,7 @@ export const approvalRouter = createTRPCRouter({ authorizationCheck: ({ canUser, input }) => canUser .perform(Permission.DeploymentUpdate) - .on({ type: "release", id: input.releaseId }), + .on({ type: "deploymentVersion", id: input.releaseId }), }) .input( z.object({ releaseId: z.string().uuid(), policyId: z.string().uuid() }), @@ -161,7 +161,7 @@ export const approvalRouter = createTRPCRouter({ authorizationCheck: ({ canUser, input }) => canUser .perform(Permission.DeploymentGet) - .on({ type: "release", id: input.releaseId }), + .on({ type: "deploymentVersion", id: input.releaseId }), }) .input( z.object({ releaseId: z.string().uuid(), policyId: z.string().uuid() }), diff --git a/packages/api/src/router/job.ts b/packages/api/src/router/job.ts index e702a18b1..7e84f7b5d 100644 --- a/packages/api/src/router/job.ts +++ b/packages/api/src/router/job.ts @@ -385,8 +385,8 @@ const releaseJobTriggerRouter = createTRPCRouter({ .meta({ authorizationCheck: ({ canUser, input }) => canUser - .perform(Permission.DeploymentGet) - .on({ type: "release", id: input.releaseId }), + .perform(Permission.DeploymentVersionGet) + .on({ type: "deploymentVersion", id: input.releaseId }), }) .input( z.object({ @@ -772,8 +772,8 @@ const metadataKeysRouter = createTRPCRouter({ .meta({ authorizationCheck: ({ canUser, input }) => canUser - .perform(Permission.ReleaseGet) - .on({ type: "release", id: input }), + .perform(Permission.DeploymentVersionGet) + .on({ type: "deploymentVersion", id: input }), }) .input(z.string().uuid()) .query(({ ctx, input }) => diff --git a/packages/api/src/router/release-deploy.ts b/packages/api/src/router/release-deploy.ts index 0992f05a6..5f8f38649 100644 --- a/packages/api/src/router/release-deploy.ts +++ b/packages/api/src/router/release-deploy.ts @@ -21,9 +21,9 @@ export const releaseDeployRouter = createTRPCRouter({ .meta({ authorizationCheck: ({ canUser, input }) => canUser - .perform(Permission.DeploymentGet, Permission.ReleaseGet) + .perform(Permission.DeploymentGet, Permission.DeploymentVersionGet) .on( - { type: "release", id: input.releaseId }, + { type: "deploymentVersion", id: input.releaseId }, { type: "environment", id: input.environmentId }, ), }) @@ -68,9 +68,9 @@ export const releaseDeployRouter = createTRPCRouter({ .meta({ authorizationCheck: ({ canUser, input }) => canUser - .perform(Permission.ReleaseGet, Permission.ResourceUpdate) + .perform(Permission.DeploymentVersionGet, Permission.ResourceUpdate) .on( - { type: "release", id: input.releaseId }, + { type: "deploymentVersion", id: input.releaseId }, { type: "resource", id: input.resourceId }, ), }) diff --git a/packages/api/src/router/release-metadata-keys.ts b/packages/api/src/router/release-metadata-keys.ts index 29b72d351..f586855d6 100644 --- a/packages/api/src/router/release-metadata-keys.ts +++ b/packages/api/src/router/release-metadata-keys.ts @@ -11,7 +11,7 @@ export const releaseMetadataKeysRouter = createTRPCRouter({ bySystem: protectedProcedure .meta({ authorizationCheck: ({ canUser, input }) => - canUser.perform(Permission.ReleaseGet).on({ + canUser.perform(Permission.DeploymentVersionGet).on({ type: "system", id: input, }), @@ -36,7 +36,7 @@ export const releaseMetadataKeysRouter = createTRPCRouter({ byWorkspace: protectedProcedure .meta({ authorizationCheck: ({ canUser, input }) => - canUser.perform(Permission.ReleaseGet).on({ + canUser.perform(Permission.DeploymentVersionGet).on({ type: "workspace", id: input, }), diff --git a/packages/auth/src/utils/rbac.ts b/packages/auth/src/utils/rbac.ts index 43c3ef0d5..e4fbb1604 100644 --- a/packages/auth/src/utils/rbac.ts +++ b/packages/auth/src/utils/rbac.ts @@ -88,7 +88,7 @@ export const checkEntityPermissionForResource = async ( return role != null; }; -const getReleaseScopes = async (id: string) => { +const getDeploymentVersionScopes = async (id: string) => { const result = await db .select() .from(workspace) @@ -102,8 +102,8 @@ const getReleaseScopes = async (id: string) => { .then(takeFirst); return [ - { type: "release" as const, id: result.deployment_version.id }, - { type: "deployment" as const, id: result.deployment_version.id }, + { type: "deploymentVersion" as const, id: result.deployment_version.id }, + { type: "deployment" as const, id: result.deployment.id }, { type: "system" as const, id: result.system.id }, { type: "workspace" as const, id: result.workspace.id }, ]; @@ -372,7 +372,7 @@ const getJobScopes = async (id: string) => { { type: "job" as const, id: result.job.id }, { type: "resource" as const, id: result.resource.id }, { type: "environment" as const, id: result.environment.id }, - { type: "release" as const, id: result.deployment_version.id }, + { type: "deploymentVersion" as const, id: result.deployment_version.id }, { type: "deployment" as const, id: result.deployment.id }, { type: "system" as const, id: result.system.id }, { type: "workspace" as const, id: result.workspace.id }, @@ -395,7 +395,7 @@ export const scopeHandlers: Record< workspace: getWorkspaceScopes, environment: getEnvironmentScopes, environmentPolicy: getEnvironmentPolicyScopes, - release: getReleaseScopes, + deploymentVersion: getDeploymentVersionScopes, releaseChannel: getReleaseChannelScopes, resourceMetadataGroup: getResourceMetadataGroupScopes, variableSet: getVariableSetScopes, diff --git a/packages/db/src/schema/rbac.ts b/packages/db/src/schema/rbac.ts index 411231253..cd0464878 100644 --- a/packages/db/src/schema/rbac.ts +++ b/packages/db/src/schema/rbac.ts @@ -33,7 +33,7 @@ export const entityTypeSchema = z.enum(entityType.enumValues); export type EntityType = z.infer; export const scopeType = pgEnum("scope_type", [ - "release", + "deploymentVersion", "releaseChannel", "resource", "resourceProvider", diff --git a/packages/job-dispatch/src/policies/release-sequencing.ts b/packages/job-dispatch/src/policies/release-sequencing.ts index 9ab2dbac6..d9fed8be4 100644 --- a/packages/job-dispatch/src/policies/release-sequencing.ts +++ b/packages/job-dispatch/src/policies/release-sequencing.ts @@ -51,7 +51,7 @@ export const isPassingNoActiveJobsPolicy: ReleaseIdPolicyChecker = async ( db.execute(sql` select 1 from ${schema.job} inner join ${schema.releaseJobTrigger} as rjt2 on ${schema.job.id} = rjt2.job_id - inner join ${schema.deploymentVersion} as release2 on rjt2.version_id = release2.id + inner join ${schema.deploymentVersion} as release2 on rjt2.deployment_version_id = release2.id inner join ${schema.resource} on rjt2.resource_id = ${schema.resource.id} where rjt2.environment_id = ${schema.releaseJobTrigger.environmentId} and release2.deployment_id = ${schema.deployment.id} diff --git a/packages/validators/src/auth/index.ts b/packages/validators/src/auth/index.ts index 56181bcaa..b9649f0a3 100644 --- a/packages/validators/src/auth/index.ts +++ b/packages/validators/src/auth/index.ts @@ -82,10 +82,10 @@ export enum Permission { EnvironmentUpdate = "environment.update", EnvironmentList = "environment.list", - ReleaseCreate = "release.create", - ReleaseGet = "release.get", - ReleaseUpdate = "release.update", - ReleaseList = "release.list", + DeploymentVersionCreate = "deploymentVersion.create", + DeploymentVersionGet = "deploymentVersion.get", + DeploymentVersionUpdate = "deploymentVersion.update", + DeploymentVersionList = "deploymentVersion.list", ReleaseChannelGet = "releaseChannel.get", ReleaseChannelList = "releaseChannel.list",