Add migration script to update team member permissions #606

docker-compose.yml

@@ -29,6 +29,8 @@ services:
 
   docker_redis:
     restart: always
+    extra_hosts:
+      - "host.docker.internal:host-gateway"
     image: redis:latest
     ports:
       - "127.0.0.1:6379:6379"
@@ -122,6 +124,8 @@ services:
       - AIRBYTE_RABBITMQ_HOST=${AIRBYTE_RABBITMQ_HOST}
     volumes:
       - datasource_files:/tmp
+    extra_hosts:
+      - "host.docker.internal:host-gateway"
 
   webapp_syncserver:
     restart: always
@@ -230,13 +234,13 @@ services:
 
   qdrant:
     ports:
-      - '127.0.0.1:6333:6333'
-      - '127.0.0.1:6334:6334'
+      - '0.0.0.0:6333:6333'
+      - '0.0.0.0:6334:6334'
     image: qdrant/qdrant
     environment:
       - QDRANT__LOG_LEVEL=DEBUG
     volumes:
-      - qdrant_data:/qdrant_data
+      - qdrant_data:/qdrant_data 
 
   # minio:
   #   image: minio/minio

install.sh

@@ -1,5 +1,8 @@
 #!/usr/bin/env bash
 
+# set -e
+# set -o pipefail
+# trap 'echo "An error occurred during installation. Exiting..."; exit 1; echo "Please forward relevant error logs to the Agentcloud team."' ERR SIGINT
 # set -e
 # set -o pipefail
 # trap 'echo "An error occurred during installation. Exiting..."; exit 1; echo "Please forward relevant error logs to the Agentcloud team."' ERR SIGINT
@@ -94,7 +97,9 @@ GCS_BUCKET_NAME=""
 GCS_BUCKET_LOCATION=""
 STRIPE_PRICING_TABLE_ID=""
 STRIPE_PUBLISHABLE_KEY=""
-export AIRBYTE_RABBITMQ_HOST=$(ifconfig | grep -v 127.0.0.1 | grep -F "inet " | awk '{print $2}' | head -n 1)
+export AIRBYTE_RABBITMQ_HOST=$(ip address | grep -v 127.0.0.1 | grep -F "inet " | awk '{print $2}' | cut -d'/' -f1 | head -n 1)
+
+echo "Airbyte RabbitMQ Host: ${AIRBYTE_RABBITMQ_HOST}"
 
 # Initialize variables to indicate whether to kill specific containers
 KILL_WEBAPP_NEXT=0
@@ -211,7 +216,7 @@ docker tag downloads.unstructured.io/unstructured-io/unstructured-api:latest loc
 if [ "$MINIMAL" -eq 1 ]; then
 	docker compose -f docker-compose.minimal.yml up --build -d
 else
-	docker compose up --build -d
+    docker compose up -d
 fi
 
 # At the end of the script, check the variables and kill containers if requested

webapp/src/lib/permissions/roles.ts

@@ -27,7 +27,7 @@ TEAM_OWNER.setAll(ORG_BITS);
 const TEAM_ADMIN = new Permission();
 TEAM_ADMIN.setAll(TEAM_BITS);
 
-const TEAM_MEMBER = new Permission();
+export const TEAM_MEMBER = new Permission();
 TEAM_MEMBER.setAll([
 	Permissions.CREATE_APP,
 	Permissions.EDIT_APP,

webapp/src/migrations/1.12.0.ts

@@ -1,5 +1,4 @@
 import debug from 'debug';
-import { CollectionName } from 'lib/struct/db';
 import { ObjectId } from 'mongodb';
 import { ToolType } from 'struct/tool';
 const log = debug('webapp:migration:1.12.0');

webapp/src/migrations/1.13.0.ts

@@ -0,0 +1,45 @@
+import Permission from '@permission';
+import debug from 'debug';
+import { Binary } from 'mongodb';
+import { TEAM_MEMBER } from 'permissions/roles';
+
+const log = debug('webapp:migration:1.13.0');
+
+export default async function updateTeamMemberPermissions(db) {
+	log('adding variable permissions to team members');
+
+	const teamMemberPermissions = new Permission();
+	teamMemberPermissions.setAll(TEAM_MEMBER.array);
+
+	// Retrieve only `_id` and `permissions` fields for efficiency
+	const accounts = await db
+		.collection('accounts')
+		.find({}, { projection: { _id: 1, permissions: 1 } })
+		.toArray();
+
+	const teamMembersWithoutPermissionsIdArray = [];
+
+	for (const account of accounts) {
+		const accountPermissions = new Permission(account.permissions.buffer);
+
+		const isTeamMember = TEAM_MEMBER.array.some(bit => accountPermissions.get(bit));
+		if (!isTeamMember) {
+			continue;
+		}
+
+		const hasAllTeamMemberPermissions = TEAM_MEMBER.array.every(bit => accountPermissions.get(bit));
+		if (!hasAllTeamMemberPermissions) {
+			teamMembersWithoutPermissionsIdArray.push(account._id);
+		}
+	}
+
+	// Perform batch update for all team members missing required permissions
+	if (teamMembersWithoutPermissionsIdArray.length > 0) {
+		await db
+			.collection('accounts')
+			.updateMany(
+				{ _id: { $in: teamMembersWithoutPermissionsIdArray } },
+				{ $set: { permissions: new Binary(teamMemberPermissions.array) } }
+			);
+	}
+}