Skip to content

Commit de2ba90

Browse files
kaposkekaposke
authored
feat: add has_rbac feature flag (#5847)
Migration to add `has_rbac` feature flag to `plans` and backfill values, along with necessary changes to plan definitions so that plan changes apply the correct values. > [!NOTE] > The flag is not used anywhere yet
1 parent 7e8f65c commit de2ba90

File tree

6 files changed

+54
-0
lines changed

6 files changed

+54
-0
lines changed

packages/database/lib/migrations/20260413155700_plans_add_has_rbac.cjs

Lines changed: 25 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,25 @@
1+
exports.config = { transaction: false };
2+
3+
/**
4+
* @param {import('knex').Knex} knex
5+
*/
6+
exports.up = async function (knex) {
7+
await knex.raw(`ALTER TABLE "plans" ADD COLUMN IF NOT EXISTS "has_rbac" bool NOT NULL DEFAULT 'false'`);
8+
// Backfill growth+ plans, while grandfathering accounts that already use RBAC.
9+
await knex.raw(`
10+
UPDATE "plans" AS p
11+
SET "has_rbac" = true
12+
WHERE p."name" IN ('growth', 'growth-v2', 'enterprise')
13+
OR EXISTS (
14+
SELECT 1
15+
FROM "_nango_users" AS u
16+
WHERE u."account_id" = p."account_id"
17+
AND u."role" <> 'administrator'
18+
)
19+
`);
20+
};
21+
22+
/**
23+
* @param {import('knex').Knex} knex
24+
*/
25+
exports.down = async function () {};

packages/shared/lib/seeders/plan.seeder.ts

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -33,6 +33,7 @@ export function getTestPlan(override?: Partial<DBPlan>): DBPlan {
3333
auto_idle: true,
3434
has_webhooks_script: false,
3535
has_webhooks_forward: false,
36+
has_rbac: false,
3637
can_override_docs_connect_url: false,
3738
can_customize_connect_ui_theme: false,
3839
can_disable_connect_ui_watermark: false,

packages/shared/lib/services/plans/definitions.ts

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -25,6 +25,7 @@ export const freePlan: PlanDefinition = {
2525
monthly_active_records_max: 5000,
2626
has_webhooks_script: true,
2727
has_webhooks_forward: true,
28+
has_rbac: false,
2829
can_override_docs_connect_url: false,
2930
can_customize_connect_ui_theme: false,
3031
can_disable_connect_ui_watermark: false,
@@ -67,6 +68,7 @@ export const starterV1Plan: PlanDefinition = {
6768
trial_expired: null,
6869
has_webhooks_script: false,
6970
has_webhooks_forward: false,
71+
has_rbac: false,
7072
can_override_docs_connect_url: false,
7173
can_customize_connect_ui_theme: false,
7274
can_disable_connect_ui_watermark: false
@@ -105,6 +107,7 @@ export const growthV1Plan: PlanDefinition = {
105107
trial_expired: null,
106108
has_webhooks_script: true,
107109
has_webhooks_forward: true,
110+
has_rbac: true,
108111
can_override_docs_connect_url: false,
109112
can_customize_connect_ui_theme: true,
110113
can_disable_connect_ui_watermark: true
@@ -170,6 +173,7 @@ export const enterprisePlan: PlanDefinition = {
170173
trial_expired: null,
171174
has_webhooks_script: true,
172175
has_webhooks_forward: true,
176+
has_rbac: true,
173177
can_override_docs_connect_url: false,
174178
can_customize_connect_ui_theme: true,
175179
can_disable_connect_ui_watermark: true
@@ -208,6 +212,7 @@ export const starterLegacyPlan: PlanDefinition = {
208212
trial_expired: null,
209213
has_webhooks_script: true,
210214
has_webhooks_forward: true,
215+
has_rbac: false,
211216
can_override_docs_connect_url: false,
212217
can_customize_connect_ui_theme: false,
213218
can_disable_connect_ui_watermark: false
@@ -245,6 +250,7 @@ export const scaleLegacyPlan: PlanDefinition = {
245250
trial_expired: null,
246251
has_webhooks_script: true,
247252
has_webhooks_forward: true,
253+
has_rbac: false,
248254
can_override_docs_connect_url: false,
249255
can_customize_connect_ui_theme: false,
250256
can_disable_connect_ui_watermark: false
@@ -282,6 +288,7 @@ export const growthLegacyPlan: PlanDefinition = {
282288
trial_expired: null,
283289
has_webhooks_script: true,
284290
has_webhooks_forward: true,
291+
has_rbac: false,
285292
can_override_docs_connect_url: false,
286293
can_customize_connect_ui_theme: true,
287294
can_disable_connect_ui_watermark: true

packages/shared/lib/services/plans/plans.ts

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -226,6 +226,7 @@ export function mergeFlags({ currentPlan, newPlanDefinition }: { currentPlan: DB
226226
case 'has_otel':
227227
case 'has_webhooks_script':
228228
case 'has_webhooks_forward':
229+
case 'has_rbac':
229230
case 'can_disable_connect_ui_watermark':
230231
case 'can_override_docs_connect_url':
231232
case 'can_customize_connect_ui_theme': {

packages/shared/lib/services/plans/plans.unit.test.ts

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,18 @@ import { mergeFlags } from './plans.js';
66
import type { DBPlan, PlanDefinition } from '@nangohq/types';
77

88
describe('mergeFlags', () => {
9+
it('should only enable RBAC by default on growth, growth-v2, and enterprise', () => {
10+
expect(getPlanDefinition('free')?.flags.has_rbac).toBe(false);
11+
expect(getPlanDefinition('starter')?.flags.has_rbac).toBe(false);
12+
expect(getPlanDefinition('starter-v2')?.flags.has_rbac).toBe(false);
13+
expect(getPlanDefinition('starter-legacy')?.flags.has_rbac).toBe(false);
14+
expect(getPlanDefinition('scale-legacy')?.flags.has_rbac).toBe(false);
15+
expect(getPlanDefinition('growth-legacy')?.flags.has_rbac).toBe(false);
16+
expect(getPlanDefinition('growth')?.flags.has_rbac).toBe(true);
17+
expect(getPlanDefinition('growth-v2')?.flags.has_rbac).toBe(true);
18+
expect(getPlanDefinition('enterprise')?.flags.has_rbac).toBe(true);
19+
});
20+
921
describe('when downgrading', () => {
1022
it('should reset all flags to new plan default values, including overrides', () => {
1123
const currentPlan = makePlan({
@@ -103,6 +115,7 @@ function makePlan({ code, flagOverrides }: { code: DBPlan['name']; flagOverrides
103115
has_otel: false,
104116
has_webhooks_forward: false,
105117
has_webhooks_script: false,
118+
has_rbac: false,
106119
can_customize_connect_ui_theme: false,
107120
can_override_docs_connect_url: false,
108121
can_disable_connect_ui_watermark: false,

packages/types/lib/plans/db.ts

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -126,6 +126,13 @@ export interface DBPlan extends Timestamps {
126126
*/
127127
has_webhooks_forward: boolean;
128128

129+
/**
130+
* Enable role-based access control (non-administrator roles)
131+
* When false, all users/invites must be 'administrator'
132+
* @default false
133+
*/
134+
has_rbac: boolean;
135+
129136
/**
130137
* Enable or disable the ability to override the docs connect url from the connect session
131138
* @default false

0 commit comments

Comments
 (0)