[WIP] Upcoming Permission Update

Hello :wave:

As part of the upcoming agent system, the permission system will hit the repo first.
Permissions are role-based, customized down to each permission. These permissions apply to both the UI as well as the API.

Requirements for upgrade

  • Must be at version 1.0.6
  • MongoDB 3.6+

:spiral_notepad: New deployments do not require v1.0.6

What will happen during the upgrade?

Make sure you have a current Trudesk backup. In the event, the update fails you can revert trudesk versions and restore the trudesk backup.

During startup after upgrading, trudesk will scan the database for all users. The following roles will convert to the new role format.
Users to Users
Support to Support
Mods to Support
Admins to Admins (with an agent flag enabled)

Each role has the hierarchy flag enabled by default.

Default Permissions after migration

  • Users
    Tickets: create, view, update
    Comments: create, view, update
  • Support
    Agent Role
    Tickets: all
    Comments: all
    Accounts: create, view, update, import
    Reports: create, view
    Notices: all
  • Admins
    Admin Flag
    All permissions

How do the permissions work?

Users are assigned a role. That role will define what resource the user has access to.
Roles have a hierarchy flag that will enable the role to manage resources defined under it. In the permission editor, the roles are orderable which defines the level of the hierarchy.

In the picture below: Admin role has the hierarchy flag enabled, therefore can manage resources created by both the Support and User roles. If the flag was not enabled, Admins could only manage resources owned by other Admins. Admins override some resources in the hierarchy.

API Permissions

APIv1 now respects all permissions set in the permission editor. If you find that a resource is now inaccessible, please check permissions. If the endpoint is still inaccessible please report it.

Beta Testing

The permission system is currently on the develop branch for testing. Please ensure you have a valid trudesk backup before switching to the develop branch. The permissions system converts all user roles to the new format. This is only reversible through a restore.

:exclamation: Note: Some resource permissions may change before release :exclamation:

:bell: Note: This post is a work in progress and serves as mini documentation for the new permission system.