From c1e62089b69dbfd23d300a022847ab8b3d49a094 Mon Sep 17 00:00:00 2001
From: Davor <davor.ivankovic2@gmail.com>
Date: Fri, 10 Jun 2022 16:43:10 +0200
Subject: [PATCH] added migration script for users to add 'No access' roles in
 app_roles

---
 areas/apps/apps_service.py                    | 12 +++++++++
 .../versions/b514cca2d47b_add_user_role.py    | 25 +++++++++++++++++++
 2 files changed, 37 insertions(+)
 create mode 100644 areas/apps/apps_service.py

diff --git a/areas/apps/apps_service.py b/areas/apps/apps_service.py
new file mode 100644
index 00000000..e48d588b
--- /dev/null
+++ b/areas/apps/apps_service.py
@@ -0,0 +1,12 @@
+from .models import App, AppRole
+
+class AppsService:
+    @staticmethod
+    def get_apps():
+        apps = App.query.all()
+        return [{"id": app.id, "name": app.name, "slug": app.slug} for app in apps]
+
+    @staticmethod
+    def get_app_roles():
+        app_roles = AppRole.query.all()
+        return [{"user_id": app_role.user_id, "app_id": app_role.app_id, "role_id": app_role.role_id} for app_role in app_roles]
\ No newline at end of file
diff --git a/migrations/versions/b514cca2d47b_add_user_role.py b/migrations/versions/b514cca2d47b_add_user_role.py
index fc18087f..69caedbb 100644
--- a/migrations/versions/b514cca2d47b_add_user_role.py
+++ b/migrations/versions/b514cca2d47b_add_user_role.py
@@ -8,6 +8,7 @@ Create Date: 2022-06-08 17:24:51.305129
 from alembic import op
 import sqlalchemy as sa
 
+from areas.apps.apps_service import AppsService
 
 # revision identifiers, used by Alembic.
 revision = 'b514cca2d47b'
@@ -21,10 +22,34 @@ def upgrade():
 
     # Insert role "user" as ID 2
     op.execute("INSERT INTO `role` (id, `name`) VALUES (2, 'user')")
+    # Insert role "no access" as ID 3
+    op.execute("INSERT INTO `role` (id, `name`) VALUES (3, 'no access')")
     # Set role_id 2 to all current "user" users which by have NULL role ID
     op.execute("UPDATE app_role SET role_id = 2 WHERE role_id IS NULL")
 
+    # Add 'no access' role for all users that don't have any roles for specific apps 
+    app_ids = [app['id'] for app in AppsService.get_apps()]
+    app_roles = AppsService.get_app_roles()
+    user_ids = [app_role['user_id'] for app_role in app_roles]
+
+    for user_id in user_ids:
+        existing_app_ids = [x['app_id'] for x in list(filter(lambda role: role['user_id'] == user_id, app_roles))]
+        missing_app_ids = [x for x in app_ids if x not in existing_app_ids]
+        
+        if len(missing_app_ids) > 0:
+            insert_statement = "INSERT INTO app_role (user_id, app_id, role_id) VALUES"
+            for app_id in missing_app_ids:
+                insert_statement += " ('"+ user_id +"'," + str(app_id) +",3),"
+            op.execute(insert_statement[:-1])
+
 
 def downgrade():
+    # Revert all users role_id to NULL where role is 'user'
     op.execute("UPDATE app_role SET role_id = NULL WHERE role_id = 2")
+    # Delete role 'user' from roles
     op.execute("DELETE FROM `role` WHERE id = 2")
+
+    # Delete all user app roles where role is 'no access' with role_id 3
+    op.execute("DELETE FROM app_role WHERE role_id = 3")
+    # Delete role 'no access' from roles
+    op.execute("DELETE FROM `role` WHERE id = 3")
-- 
GitLab