revert: rbac middleware (#26159) (#26343)

PostHog · Nov 21, 2024 · b49e024 · b49e024
1 parent 708e09a
commit b49e024
Show file tree

Hide file tree

Showing 56 changed files with 5,149 additions and 11,107 deletions.
diff --git a/ee/api/rbac/access_control.py b/ee/api/rbac/access_control.py
diff --git a/ee/api/rbac/role.py b/ee/api/rbac/role.py
@@ -4,12 +4,14 @@
 from rest_framework import mixins, serializers, viewsets
 from rest_framework.permissions import SAFE_METHODS, BasePermission
 
+from ee.models.feature_flag_role_access import FeatureFlagRoleAccess
 from ee.models.rbac.organization_resource_access import OrganizationResourceAccess
 from ee.models.rbac.role import Role, RoleMembership
 from posthog.api.organization_member import OrganizationMemberSerializer
 from posthog.api.routing import TeamAndOrgViewSetMixin
 from posthog.api.shared import UserBasicSerializer
 from posthog.models import OrganizationMembership
+from posthog.models.feature_flag import FeatureFlag
 from posthog.models.user import User
 
 
@@ -36,6 +38,7 @@ def has_permission(self, request, view):
 class RoleSerializer(serializers.ModelSerializer):
     created_by = UserBasicSerializer(read_only=True)
     members = serializers.SerializerMethodField()
+    associated_flags = serializers.SerializerMethodField()
 
     class Meta:
         model = Role
@@ -46,6 +49,7 @@ class Meta:
             "created_at",
             "created_by",
             "members",
+            "associated_flags",
         ]
         read_only_fields = ["id", "created_at", "created_by"]
 
@@ -71,12 +75,29 @@ def get_members(self, role: Role):
         members = RoleMembership.objects.filter(role=role)
         return RoleMembershipSerializer(members, many=True).data
 
+    def get_associated_flags(self, role: Role):
+        associated_flags: list[dict] = []
 
-class RoleViewSet(TeamAndOrgViewSetMixin, viewsets.ModelViewSet):
+        role_access_objects = FeatureFlagRoleAccess.objects.filter(role=role).values_list("feature_flag_id")
+        flags = FeatureFlag.objects.filter(id__in=role_access_objects)
+        for flag in flags:
+            associated_flags.append({"id": flag.id, "key": flag.key})
+        return associated_flags
+
+
+class RoleViewSet(
+    TeamAndOrgViewSetMixin,
+    mixins.ListModelMixin,
+    mixins.CreateModelMixin,
+    mixins.RetrieveModelMixin,
+    mixins.UpdateModelMixin,
+    mixins.DestroyModelMixin,
+    viewsets.GenericViewSet,
+):
     scope_object = "organization"
+    permission_classes = [RolePermissions]
     serializer_class = RoleSerializer
     queryset = Role.objects.all()
-    permission_classes = [RolePermissions]
 
     def safely_get_queryset(self, queryset):
         return queryset.filter(**self.request.GET.dict())