nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-07-01 16:12:49 -05:00
Code Activity

[AC-1682] Drop temp tables if they exist when starting the scripts

Browse Source
This commit is contained in:
Rui Tome
2024-03-29 12:00:24 +00:00
parent 26f5bf8afd
commit c20912f95c
3 changed files with 105 additions and 96 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
util/MySqlMigrations/HelperScripts/2024-03-22_00_EnableOrgsCollectionEnhancements.sql
View File

@ -1,6 +1,7 @@
-- Step 1: AccessAll migration for Groups -- Step 1: AccessAll migration for Groups
-- Create a temporary table to store the groups with AccessAll = 1 -- Create a temporary table to store the groups with AccessAll = 1
CREATE TEMPORARY TABLE IF NOT EXISTS `TempGroupsAccessAll` AS DROP TEMPORARY TABLE IF EXISTS `TempGroupsAccessAll`;
CREATE TEMPORARY TABLE `TempGroupsAccessAll` AS
SELECT `G`.`Id` AS `GroupId`, SELECT `G`.`Id` AS `GroupId`,
`G`.`OrganizationId` `G`.`OrganizationId`
FROM `Group` `G` FROM `Group` `G`
@ -9,7 +10,8 @@
-- Step 2: AccessAll migration for OrganizationUsers -- Step 2: AccessAll migration for OrganizationUsers
-- Create a temporary table to store the OrganizationUsers with AccessAll = 1 -- Create a temporary table to store the OrganizationUsers with AccessAll = 1
CREATE TEMPORARY TABLE IF NOT EXISTS `TempUsersAccessAll` AS DROP TEMPORARY TABLE IF EXISTS `TempUsersAccessAll`;
CREATE TEMPORARY TABLE `TempUsersAccessAll` AS
SELECT `OU`.`Id` AS `OrganizationUserId`, SELECT `OU`.`Id` AS `OrganizationUserId`,
`OU`.`OrganizationId` `OU`.`OrganizationId`
FROM `OrganizationUser` `OU` FROM `OrganizationUser` `OU`
@ -19,7 +21,8 @@
-- Step 3: For all OrganizationUsers with Manager role or 'EditAssignedCollections' permission update their existing CollectionUsers rows and insert new rows with [Manage] = 1 -- Step 3: For all OrganizationUsers with Manager role or 'EditAssignedCollections' permission update their existing CollectionUsers rows and insert new rows with [Manage] = 1
-- and finally update all OrganizationUsers with Manager role to User role -- and finally update all OrganizationUsers with Manager role to User role
-- Create a temporary table to store the OrganizationUsers with Manager role or 'EditAssignedCollections' permission -- Create a temporary table to store the OrganizationUsers with Manager role or 'EditAssignedCollections' permission
CREATE TEMPORARY TABLE IF NOT EXISTS `TempUserManagers` AS DROP TEMPORARY TABLE IF EXISTS `TempUserManagers`;
CREATE TEMPORARY TABLE `TempUserManagers` AS
SELECT `OU`.`Id` AS `OrganizationUserId`, SELECT `OU`.`Id` AS `OrganizationUserId`,
CASE WHEN `OU`.`Type` = 3 THEN 1 ELSE 0 END AS `IsManager` CASE WHEN `OU`.`Type` = 3 THEN 1 ELSE 0 END AS `IsManager`
FROM `OrganizationUser` `OU` FROM `OrganizationUser` `OU`
@ -138,7 +141,7 @@ START TRANSACTION;
-- Commit transaction -- Commit transaction
COMMIT; COMMIT;
-- Step 5: Drop the temporary tables -- Step 6: Drop the temporary tables
DROP TEMPORARY TABLE IF EXISTS `TempGroupsAccessAll`; DROP TEMPORARY TABLE IF EXISTS `TempGroupsAccessAll`;
DROP TEMPORARY TABLE IF EXISTS `TempUsersAccessAll`; DROP TEMPORARY TABLE IF EXISTS `TempUsersAccessAll`;
DROP TEMPORARY TABLE IF EXISTS `TempUserManagers`; DROP TEMPORARY TABLE IF EXISTS `TempUserManagers`;

181
util/PostgresMigrations/HelperScripts/2024-03-22_00_EnableOrgsCollectionEnhancements.psql
View File

@ -1,6 +1,7 @@
-- Step 1: AccessAll migration for Groups -- Step 1: AccessAll migration for Groups
-- Create a temporary table to store the groups with AccessAll = true -- Create a temporary table to store the groups with AccessAll = true
CREATE TEMPORARY TABLE IF NOT EXISTS "TempGroupsAccessAll" AS DROP TABLE IF EXISTS "TempGroupsAccessAll";
CREATE TEMPORARY TABLE "TempGroupsAccessAll" AS
SELECT "G"."Id" AS "GroupId", SELECT "G"."Id" AS "GroupId",
"G"."OrganizationId" "G"."OrganizationId"
FROM "Group" "G" FROM "Group" "G"
@ -9,7 +10,8 @@
-- Step 2: AccessAll migration for OrganizationUsers -- Step 2: AccessAll migration for OrganizationUsers
-- Create a temporary table to store the OrganizationUsers with AccessAll = true -- Create a temporary table to store the OrganizationUsers with AccessAll = true
CREATE TEMPORARY TABLE IF NOT EXISTS "TempUsersAccessAll" AS DROP TABLE IF EXISTS "TempUsersAccessAll";
CREATE TEMPORARY TABLE "TempUsersAccessAll" AS
SELECT "OU"."Id" AS "OrganizationUserId", SELECT "OU"."Id" AS "OrganizationUserId",
"OU"."OrganizationId" "OU"."OrganizationId"
FROM "OrganizationUser" "OU" FROM "OrganizationUser" "OU"
@ -19,7 +21,8 @@
-- Step 3: For all OrganizationUsers with Manager role or 'EditAssignedCollections' permission update their existing CollectionUsers rows and insert new rows with Manage = 1 -- Step 3: For all OrganizationUsers with Manager role or 'EditAssignedCollections' permission update their existing CollectionUsers rows and insert new rows with Manage = 1
-- and finally update all OrganizationUsers with Manager role to User role -- and finally update all OrganizationUsers with Manager role to User role
-- Create a temporary table to store the OrganizationUsers with Manager role or 'EditAssignedCollections' permission -- Create a temporary table to store the OrganizationUsers with Manager role or 'EditAssignedCollections' permission
CREATE TEMPORARY TABLE IF NOT EXISTS "TempUserManagers" AS DROP TABLE IF EXISTS "TempUserManagers";
CREATE TEMPORARY TABLE "TempUserManagers" AS
SELECT "OU"."Id" AS "OrganizationUserId", SELECT "OU"."Id" AS "OrganizationUserId",
CASE WHEN "OU"."Type" = 3 THEN true ELSE false END AS "IsManager" CASE WHEN "OU"."Type" = 3 THEN true ELSE false END AS "IsManager"
FROM "OrganizationUser" "OU" FROM "OrganizationUser" "OU"
@ -30,103 +33,103 @@
"OU"."Permissions" IS NOT NULL AND "OU"."Permissions" IS NOT NULL AND
(("OU"."Permissions"::text)::jsonb->>'editAssignedCollections') = 'true')); (("OU"."Permissions"::text)::jsonb->>'editAssignedCollections') = 'true'));
-- Step 1 -- Step 1
-- Update existing rows in CollectionGroups -- Update existing rows in CollectionGroups
UPDATE "CollectionGroups" "CG" UPDATE "CollectionGroups" "CG"
SET "ReadOnly" = false, SET "ReadOnly" = false,
"HidePasswords" = false, "HidePasswords" = false,
"Manage" = false "Manage" = false
FROM "Collection" "C" FROM "Collection" "C"
WHERE "CG"."CollectionId" = "C"."Id" WHERE "CG"."CollectionId" = "C"."Id"
AND "C"."OrganizationId" IN (SELECT "OrganizationId" FROM "TempGroupsAccessAll"); AND "C"."OrganizationId" IN (SELECT "OrganizationId" FROM "TempGroupsAccessAll");
-- Insert new rows into CollectionGroups -- Insert new rows into CollectionGroups
INSERT INTO "CollectionGroups" ("CollectionId", "GroupId", "ReadOnly", "HidePasswords", "Manage") INSERT INTO "CollectionGroups" ("CollectionId", "GroupId", "ReadOnly", "HidePasswords", "Manage")
SELECT "C"."Id", "TG"."GroupId", false, false, false SELECT "C"."Id", "TG"."GroupId", false, false, false
FROM "Collection" "C" FROM "Collection" "C"
INNER JOIN "TempGroupsAccessAll" "TG" ON "C"."OrganizationId" = "TG"."OrganizationId" INNER JOIN "TempGroupsAccessAll" "TG" ON "C"."OrganizationId" = "TG"."OrganizationId"
LEFT JOIN "CollectionGroups" "CG" ON "C"."Id" = "CG"."CollectionId" AND "TG"."GroupId" = "CG"."GroupId" LEFT JOIN "CollectionGroups" "CG" ON "C"."Id" = "CG"."CollectionId" AND "TG"."GroupId" = "CG"."GroupId"
WHERE "CG"."CollectionId" IS NULL; WHERE "CG"."CollectionId" IS NULL;
-- Update "Group" to clear "AccessAll" flag and update "RevisionDate" -- Update "Group" to clear "AccessAll" flag and update "RevisionDate"
UPDATE "Group" "G" UPDATE "Group" "G"
SET "AccessAll" = false, "RevisionDate" = CURRENT_TIMESTAMP SET "AccessAll" = false, "RevisionDate" = CURRENT_TIMESTAMP
WHERE "G"."Id" IN (SELECT "GroupId" FROM "TempGroupsAccessAll"); WHERE "G"."Id" IN (SELECT "GroupId" FROM "TempGroupsAccessAll");
-- Step 2 -- Step 2
-- Update existing rows in CollectionUsers -- Update existing rows in CollectionUsers
UPDATE "CollectionUsers" "target" UPDATE "CollectionUsers" "target"
SET "ReadOnly" = false, SET "ReadOnly" = false,
"HidePasswords" = false, "HidePasswords" = false,
"Manage" = false "Manage" = false
FROM "Collection" "C" FROM "Collection" "C"
WHERE "target"."CollectionId" = "C"."Id" WHERE "target"."CollectionId" = "C"."Id"
AND "C"."OrganizationId" IN (SELECT "OrganizationId" FROM "TempUsersAccessAll") AND "C"."OrganizationId" IN (SELECT "OrganizationId" FROM "TempUsersAccessAll")
AND "target"."OrganizationUserId" IN (SELECT "OrganizationUserId" FROM "TempUsersAccessAll"); AND "target"."OrganizationUserId" IN (SELECT "OrganizationUserId" FROM "TempUsersAccessAll");
-- Insert new rows into CollectionUsers -- Insert new rows into CollectionUsers
INSERT INTO "CollectionUsers" ("CollectionId", "OrganizationUserId", "ReadOnly", "HidePasswords", "Manage") INSERT INTO "CollectionUsers" ("CollectionId", "OrganizationUserId", "ReadOnly", "HidePasswords", "Manage")
SELECT "C"."Id", "TU"."OrganizationUserId", false, false, false SELECT "C"."Id", "TU"."OrganizationUserId", false, false, false
FROM "Collection" "C" FROM "Collection" "C"
INNER JOIN "TempUsersAccessAll" "TU" ON "C"."OrganizationId" = "TU"."OrganizationId" INNER JOIN "TempUsersAccessAll" "TU" ON "C"."OrganizationId" = "TU"."OrganizationId"
LEFT JOIN "CollectionUsers" "target" ON "C"."Id" = "target"."CollectionId" AND "TU"."OrganizationUserId" = "target"."OrganizationUserId" LEFT JOIN "CollectionUsers" "target" ON "C"."Id" = "target"."CollectionId" AND "TU"."OrganizationUserId" = "target"."OrganizationUserId"
WHERE "target"."CollectionId" IS NULL; WHERE "target"."CollectionId" IS NULL;
-- Update "OrganizationUser" to clear "AccessAll" flag -- Update "OrganizationUser" to clear "AccessAll" flag
UPDATE "OrganizationUser" "OU" UPDATE "OrganizationUser" "OU"
SET "AccessAll" = false, "RevisionDate" = CURRENT_TIMESTAMP SET "AccessAll" = false, "RevisionDate" = CURRENT_TIMESTAMP
WHERE "OU"."Id" IN (SELECT "OrganizationUserId" FROM "TempUsersAccessAll"); WHERE "OU"."Id" IN (SELECT "OrganizationUserId" FROM "TempUsersAccessAll");
-- Step 3 -- Step 3
-- Update CollectionUsers with Manage = 1 using the temporary table -- Update CollectionUsers with Manage = 1 using the temporary table
UPDATE "CollectionUsers" "CU" UPDATE "CollectionUsers" "CU"
SET "ReadOnly" = false, SET "ReadOnly" = false,
"HidePasswords" = false, "HidePasswords" = false,
"Manage" = true "Manage" = true
FROM "TempUserManagers" "TUM" FROM "TempUserManagers" "TUM"
WHERE "CU"."OrganizationUserId" = "TUM"."OrganizationUserId"; WHERE "CU"."OrganizationUserId" = "TUM"."OrganizationUserId";
-- Insert rows to CollectionUsers with Manage = true using the temporary table -- Insert rows to CollectionUsers with Manage = true using the temporary table
-- This is for orgUsers who are Managers / EditAssignedCollections but have access via a group -- This is for orgUsers who are Managers / EditAssignedCollections but have access via a group
-- We cannot give the whole group Manage permissions so we have to give them a direct assignment -- We cannot give the whole group Manage permissions so we have to give them a direct assignment
INSERT INTO "CollectionUsers" ("CollectionId", "OrganizationUserId", "ReadOnly", "HidePasswords", "Manage") INSERT INTO "CollectionUsers" ("CollectionId", "OrganizationUserId", "ReadOnly", "HidePasswords", "Manage")
SELECT DISTINCT "CG"."CollectionId", "TUM"."OrganizationUserId", false, false, true SELECT DISTINCT "CG"."CollectionId", "TUM"."OrganizationUserId", false, false, true
FROM "CollectionGroups" "CG" FROM "CollectionGroups" "CG"
INNER JOIN "GroupUser" "GU" ON "CG"."GroupId" = "GU"."GroupId" INNER JOIN "GroupUser" "GU" ON "CG"."GroupId" = "GU"."GroupId"
INNER JOIN "TempUserManagers" "TUM" ON "GU"."OrganizationUserId" = "TUM"."OrganizationUserId" INNER JOIN "TempUserManagers" "TUM" ON "GU"."OrganizationUserId" = "TUM"."OrganizationUserId"
WHERE NOT EXISTS ( WHERE NOT EXISTS (
SELECT 1 FROM "CollectionUsers" "CU" SELECT 1 FROM "CollectionUsers" "CU"
WHERE "CU"."CollectionId" = "CG"."CollectionId" AND "CU"."OrganizationUserId" = "TUM"."OrganizationUserId" WHERE "CU"."CollectionId" = "CG"."CollectionId" AND "CU"."OrganizationUserId" = "TUM"."OrganizationUserId"
); );
-- Update "OrganizationUser" to migrate all OrganizationUsers with Manager role to User role -- Update "OrganizationUser" to migrate all OrganizationUsers with Manager role to User role
UPDATE "OrganizationUser" "OU" UPDATE "OrganizationUser" "OU"
SET "Type" = 2, "RevisionDate" = CURRENT_TIMESTAMP -- User SET "Type" = 2, "RevisionDate" = CURRENT_TIMESTAMP -- User
WHERE "OU"."Id" IN (SELECT "OrganizationUserId" FROM "TempUserManagers" WHERE "IsManager" = true); WHERE "OU"."Id" IN (SELECT "OrganizationUserId" FROM "TempUserManagers" WHERE "IsManager" = true);
-- Step 4 -- Step 4
-- Update "User" "AccountRevisionDate" for each unique "OrganizationUserId" -- Update "User" "AccountRevisionDate" for each unique "OrganizationUserId"
UPDATE "User" "U" UPDATE "User" "U"
SET "AccountRevisionDate" = CURRENT_TIMESTAMP SET "AccountRevisionDate" = CURRENT_TIMESTAMP
FROM "OrganizationUser" "OU" FROM "OrganizationUser" "OU"
WHERE "U"."Id" = "OU"."UserId" WHERE "U"."Id" = "OU"."UserId"
AND "OU"."Id" IN ( AND "OU"."Id" IN (
SELECT "OrganizationUserId" SELECT "OrganizationUserId"
FROM "GroupUser" FROM "GroupUser"
WHERE "GroupId" IN (SELECT "GroupId" FROM "TempGroupsAccessAll") WHERE "GroupId" IN (SELECT "GroupId" FROM "TempGroupsAccessAll")
UNION UNION
SELECT "OrganizationUserId" FROM "TempUsersAccessAll" SELECT "OrganizationUserId" FROM "TempUsersAccessAll"
UNION UNION
SELECT "OrganizationUserId" FROM "TempUserManagers" SELECT "OrganizationUserId" FROM "TempUserManagers"
); );
-- Step 5 -- Step 5
-- Set "FlexibleCollections" = true for all organizations that have not yet been migrated. -- Set "FlexibleCollections" = true for all organizations that have not yet been migrated.
UPDATE "Organization" UPDATE "Organization"
SET "FlexibleCollections" = true SET "FlexibleCollections" = true
WHERE "FlexibleCollections" = false; WHERE "FlexibleCollections" = false;
-- Step 5: Drop the temporary tables -- Step 6: Drop the temporary tables
DROP TABLE IF EXISTS "TempGroupsAccessAll"; DROP TABLE IF EXISTS "TempGroupsAccessAll";
DROP TABLE IF EXISTS "TempUsersAccessAll"; DROP TABLE IF EXISTS "TempUsersAccessAll";
DROP TABLE IF EXISTS "TempUserManagers"; DROP TABLE IF EXISTS "TempUserManagers";

9
util/SqliteMigrations/HelperScripts/2024-03-22_00_EnableOrgsCollectionEnhancements.sql
View File

@ -1,6 +1,7 @@
-- Step 1: AccessAll migration for Groups -- Step 1: AccessAll migration for Groups
-- Create a temporary table to store the groups with AccessAll = 1 -- Create a temporary table to store the groups with AccessAll = 1
CREATE TEMPORARY TABLE IF NOT EXISTS "TempGroupsAccessAll" AS DROP TABLE IF EXISTS "TempGroupsAccessAll";
CREATE TEMPORARY TABLE "TempGroupsAccessAll" AS
SELECT "G"."Id" AS "GroupId", SELECT "G"."Id" AS "GroupId",
"G"."OrganizationId" "G"."OrganizationId"
FROM "Group" "G" FROM "Group" "G"
@ -9,7 +10,8 @@
-- Step 2: AccessAll migration for OrganizationUsers -- Step 2: AccessAll migration for OrganizationUsers
-- Create a temporary table to store the OrganizationUsers with AccessAll = 1 -- Create a temporary table to store the OrganizationUsers with AccessAll = 1
CREATE TEMPORARY TABLE IF NOT EXISTS "TempUsersAccessAll" AS DROP TABLE IF EXISTS "TempUsersAccessAll";
CREATE TEMPORARY TABLE "TempUsersAccessAll" AS
SELECT "OU"."Id" AS "OrganizationUserId", SELECT "OU"."Id" AS "OrganizationUserId",
"OU"."OrganizationId" "OU"."OrganizationId"
FROM "OrganizationUser" "OU" FROM "OrganizationUser" "OU"
@ -19,7 +21,8 @@
-- Step 3: For all OrganizationUsers with Manager role or 'EditAssignedCollections' permission update their existing CollectionUsers rows and insert new rows with [Manage] = 1 -- Step 3: For all OrganizationUsers with Manager role or 'EditAssignedCollections' permission update their existing CollectionUsers rows and insert new rows with [Manage] = 1
-- and finally update all OrganizationUsers with Manager role to User role -- and finally update all OrganizationUsers with Manager role to User role
-- Create a temporary table to store the OrganizationUsers with Manager role or 'EditAssignedCollections' permission -- Create a temporary table to store the OrganizationUsers with Manager role or 'EditAssignedCollections' permission
CREATE TEMPORARY TABLE IF NOT EXISTS "TempUserManagers" AS DROP TABLE IF EXISTS "TempUserManagers";
CREATE TEMPORARY TABLE "TempUserManagers" AS
SELECT "OU"."Id" AS "OrganizationUserId", SELECT "OU"."Id" AS "OrganizationUserId",
CASE WHEN "OU"."Type" = 3 THEN 1 ELSE 0 END AS "IsManager" CASE WHEN "OU"."Type" = 3 THEN 1 ELSE 0 END AS "IsManager"
FROM "OrganizationUser" "OU" FROM "OrganizationUser" "OU"