As part of the upcoming agent system, the permission system will hit the repo first.
Permissions are role-based, customized down to each permission. These permissions apply to both the UI as well as the API.
Requirements for upgrade
- Must be at version 1.0.6
- MongoDB 3.6+
New deployments do not require v1.0.6
What will happen during the upgrade?
Make sure you have a current Trudesk backup. In the event, the update fails you can revert trudesk versions and restore the trudesk backup.
During startup after upgrading, trudesk will scan the database for all users. The following roles will convert to the new role format.
Users to Users
Support to Support
Mods to Support
Admins to Admins (with an agent flag enabled)
Each role has the hierarchy flag enabled by default.
Default Permissions after migration
– Tickets: create, view, update
– Comments: create, view, update
– Agent Role
– Tickets: all
– Comments: all
– Accounts: create, view, update, import
– Reports: create, view
– Notices: all
– Admin Flag
– All permissions
How do the permissions work?
Users are assigned a role. That role will define what resource the user has access to.
Roles have a hierarchy flag that will enable the role to manage resources defined under it. In the permission editor, the roles are orderable which defines the level of the hierarchy.
In the picture below: Admin role has the hierarchy flag enabled, therefore can manage resources created by both the Support and User roles.
If the flag was not enabled, Admins could only manage resources owned by other Admins. Admins override some resources in the hierarchy.
APIv1 now respects all permissions set in the permission editor. If you find that a resource is now inaccessible, please check permissions. If the endpoint is still inaccessible please report it.
The permission system is currently on the develop branch for testing. Please ensure you have a valid trudesk backup before switching to the develop branch. The permissions system converts all user roles to the new format. This is only reversible through a restore.
Note: Some resource permissions may change before release
Note: This post is a work in progress and serves as mini documentation for the new permission system.