diff --git a/provision/system/src/0000_access_control.yaml b/provision/system/src/0000_access_control.yaml index e558ce4e0..25ed583b4 100644 --- a/provision/system/src/0000_access_control.yaml +++ b/provision/system/src/0000_access_control.yaml @@ -1,6 +1,3 @@ -roles: - admins: Administrators - allow: admins: system: diff --git a/provision/system/static.go b/provision/system/static.go index 78a5b1bff..9d9221e1f 100644 --- a/provision/system/static.go +++ b/provision/system/static.go @@ -3,4 +3,4 @@ // Package contains static assets. package system -var Asset = "PK\x03\x04\x14\x00\x08\x00\x00\x00\x00\x00!(\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x18\x00 \x000000_access_control.yamlUT\x05\x00\x01\x80Cm8roles:\n admins: Administrators\n\nallow:\n admins:\n system:\n - access\n - grant\n - settings.read\n - settings.manage\n - organisation.create\n - application.create\n - user.create\n - role.create\n - automation-script.create\n\n system:application:\n - read\n - update\n - delete\n\n system:user:\n - read\n - update\n - suspend\n - unsuspend\n - delete\n\n system:role:\n - read\n - update\n - delete\n - members.manage\n\n system:automation-script:\n - read\n - update\n - delete\nPK\x07\x08\xe5T\x99\x88J\x02\x00\x00J\x02\x00\x00PK\x01\x02\x14\x03\x14\x00\x08\x00\x00\x00\x00\x00!(\xe5T\x99\x88J\x02\x00\x00J\x02\x00\x00\x18\x00 \x00\x00\x00\x00\x00\x00\x00\x00\x00\xa4\x81\x00\x00\x00\x000000_access_control.yamlUT\x05\x00\x01\x80Cm8PK\x05\x06\x00\x00\x00\x00\x01\x00\x01\x00O\x00\x00\x00\x99\x02\x00\x00\x00\x00" +var Asset = "PK\x03\x04\x14\x00\x08\x00\x00\x00\x00\x00!(\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x18\x00 \x000000_access_control.yamlUT\x05\x00\x01\x80Cm8allow:\n admins:\n system:\n - access\n - grant\n - settings.read\n - settings.manage\n - organisation.create\n - application.create\n - user.create\n - role.create\n - automation-script.create\n\n system:application:\n - read\n - update\n - delete\n\n system:user:\n - read\n - update\n - suspend\n - unsuspend\n - delete\n\n system:role:\n - read\n - update\n - delete\n - members.manage\n\n system:automation-script:\n - read\n - update\n - delete\nPK\x07\x08\xd3\xa84K)\x02\x00\x00)\x02\x00\x00PK\x01\x02\x14\x03\x14\x00\x08\x00\x00\x00\x00\x00!(\xd3\xa84K)\x02\x00\x00)\x02\x00\x00\x18\x00 \x00\x00\x00\x00\x00\x00\x00\x00\x00\xa4\x81\x00\x00\x00\x000000_access_control.yamlUT\x05\x00\x01\x80Cm8PK\x05\x06\x00\x00\x00\x00\x01\x00\x01\x00O\x00\x00\x00x\x02\x00\x00\x00\x00" diff --git a/system/provision-config.go b/system/provision-config.go index d78329443..ee5aec3bc 100644 --- a/system/provision-config.go +++ b/system/provision-config.go @@ -9,6 +9,7 @@ import ( "go.uber.org/zap" "github.com/cortezaproject/corteza-server/internal/auth" + "github.com/cortezaproject/corteza-server/internal/permissions" "github.com/cortezaproject/corteza-server/pkg/cli" impAux "github.com/cortezaproject/corteza-server/pkg/importer" provision "github.com/cortezaproject/corteza-server/provision/system" @@ -43,10 +44,10 @@ func provisionConfig(ctx context.Context, cmd *cobra.Command, c *cli.Config) err ) } -// Provision ONLY when there are no roles +// Provision ONLY when there are no rules for role admins / everyone func isProvisioned(ctx context.Context) (bool, error) { - rr, err := service.DefaultRole.With(ctx).Find(&types.RoleFilter{}) - return len(rr) > 0, err + return len(service.DefaultPermissions.FindRulesByRoleID(permissions.EveryoneRoleID)) > 0 && + len(service.DefaultPermissions.FindRulesByRoleID(permissions.AdminRoleID)) > 0, nil } func makeDefaultApplications(ctx context.Context, cmd *cobra.Command, c *cli.Config) error {