rick/rosterchirp-dev
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

v0.10.5 added some new permission options

Browse Source
This commit is contained in:
Ricky Stretch
2026-03-20 20:27:44 -04:00
parent f49fd5b885
commit 241d913e0f
11 changed files with 374 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
backend/src/models/db.js
View File

@@ -240,6 +240,33 @@ async function seedEventTypes(schema) {
);
}
async function seedUserGroups(schema) {
// Seed three default user groups with their associated DM groups.
// Uses ON CONFLICT DO NOTHING so re-runs on existing installs are safe.
const defaults = ['Coaches', 'Players', 'Parents'];
for (const name of defaults) {
// Skip if a group with this name already exists
const existing = await queryOne(schema,
'SELECT id FROM user_groups WHERE name = $1', [name]
);
if (existing) continue;
// Create the managed DM chat group first
const gr = await queryResult(schema,
"INSERT INTO groups (name, type, is_readonly, is_managed) VALUES ($1, 'private', FALSE, TRUE) RETURNING id",
[name]
);
const dmGroupId = gr.rows[0].id;
// Create the user group linked to the DM group
await exec(schema,
'INSERT INTO user_groups (name, dm_group_id) VALUES ($1, $2) ON CONFLICT (name) DO NOTHING',
[name, dmGroupId]
);
console.log(`[DB:${schema}] Default user group created: ${name}`);
}
}
async function seedAdmin(schema) {
const strip = s => (s || '').replace(/^['"]+|['"]+$/g, '').trim();
const adminEmail = strip(process.env.ADMIN_EMAIL) || 'admin@jama.local';
@@ -317,6 +344,7 @@ async function initDb() {
await seedSettings('public');
await seedEventTypes('public');
await seedAdmin('public');
await seedUserGroups('public');
// Host mode: the public schema is the host's own workspace — always full JAMA-Team plan.
// ON CONFLICT DO UPDATE ensures existing installs get corrected on restart too.
@@ -391,5 +419,5 @@ module.exports = {
tenantMiddleware, resolveSchema, refreshTenantCache,
APP_TYPE, pool,
addUserToPublicGroups, getOrCreateSupportGroup,
seedSettings, seedEventTypes, seedAdmin,
seedSettings, seedEventTypes, seedAdmin, seedUserGroups,
};

30
backend/src/models/migrations/005_u2u_restrictions.sql Normal file
View File

@@ -0,0 +1,30 @@
-- Migration 005: User-to-user DM restrictions
--
-- Stores which user groups are blocked from initiating 1-to-1 DMs with
-- users in another group. This is an allowlist-by-omission model:
-- - No rows for a group = no restrictions (can DM anyone)
-- - A row (A, B) = users in group A cannot INITIATE a DM with users in group B
--
-- Enforcement rules:
-- - Restriction is one-way (A→B does not imply B→A)
-- - Least-restrictive-wins: if the initiating user is in any group that is
-- NOT restricted from the target, the DM is allowed
-- - Own group is always exempt (users can DM members of their own groups)
-- - Admins are always exempt from all restrictions
-- - Existing DMs are preserved when a restriction is added
-- - Only 1-to-1 DMs are affected; group chats (3+ people) are always allowed
CREATE TABLE IF NOT EXISTS user_group_dm_restrictions (
restricting_group_id INTEGER NOT NULL REFERENCES user_groups(id) ON DELETE CASCADE,
blocked_group_id INTEGER NOT NULL REFERENCES user_groups(id) ON DELETE CASCADE,
created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
PRIMARY KEY (restricting_group_id, blocked_group_id),
-- A group cannot restrict itself (own group is always exempt)
CHECK (restricting_group_id != blocked_group_id)
);
CREATE INDEX IF NOT EXISTS idx_dm_restrictions_restricting
ON user_group_dm_restrictions(restricting_group_id);
CREATE INDEX IF NOT EXISTS idx_dm_restrictions_blocked
ON user_group_dm_restrictions(blocked_group_id);