migrate permissions and admin flag to user.role

src/userdb.js

@@ -6,10 +6,9 @@ exports = module.exports = {
     getByEmail: getByEmail,
     getByAccessToken: getByAccessToken,
     getByResetToken: getByResetToken,
-    getOwner: getOwner,
     getAllWithGroupIds: getAllWithGroupIds,
     getAllWithGroupIdsPaged: getAllWithGroupIdsPaged,
-    getAllAdmins: getAllAdmins,
+    getByRole: getByRole,
     add: add,
     del: del,
     update: update,
@@ -27,11 +26,10 @@ var assert = require('assert'),
     BoxError = require('./boxerror.js'),
     database = require('./database.js'),
     debug = require('debug')('box:userdb'),
-    mysql = require('mysql'),
-    safe = require('safetydance');
+    mysql = require('mysql');
 
 var USERS_FIELDS = [ 'id', 'username', 'email', 'fallbackEmail', 'password', 'salt', 'createdAt', 'modifiedAt', 'resetToken', 'displayName',
-    'twoFactorAuthenticationEnabled', 'twoFactorAuthenticationSecret', 'admin', 'active', 'source', 'permissionsJson' ].join(',');
+    'twoFactorAuthenticationEnabled', 'twoFactorAuthenticationSecret', 'active', 'source', 'role' ].join(',');
 
 var APP_PASSWORD_FIELDS = [ 'id', 'name', 'userId', 'identifier', 'hashedPassword', 'creationTime' ].join(',');
 
@@ -39,10 +37,7 @@ function postProcess(result) {
     assert.strictEqual(typeof result, 'object');
 
     result.twoFactorAuthenticationEnabled = !!result.twoFactorAuthenticationEnabled;
-    result.admin = !!result.admin;
     result.active = !!result.active;
-    result.permissions = safe.JSON.parse(result.permissionsJson);
-    delete result.permissionsJson;
 
     return result;
 }
@@ -83,18 +78,6 @@ function getByEmail(email, callback) {
     });
 }
 
-function getOwner(callback) {
-    assert.strictEqual(typeof callback, 'function');
-
-    // the first created user it the 'owner'
-    database.query('SELECT ' + USERS_FIELDS + ' FROM users WHERE admin=1 ORDER BY createdAt LIMIT 1', function (error, result) {
-        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
-        if (result.length === 0) return callback(new BoxError(BoxError.NOT_FOUND, 'User not found'));
-
-        callback(null, postProcess(result[0]));
-    });
-}
-
 function getByResetToken(resetToken, callback) {
     assert.strictEqual(typeof resetToken, 'string');
     assert.strictEqual(typeof callback, 'function');
@@ -160,12 +143,14 @@ function getAllWithGroupIdsPaged(search, page, perPage, callback) {
     });
 }
 
-function getAllAdmins(callback) {
+function getByRole(role, callback) {
+    assert.strictEqual(typeof role, 'string');
     assert.strictEqual(typeof callback, 'function');
 
     // the mailer code relies on the first object being the 'owner' (thus the ORDER)
-    database.query('SELECT ' + USERS_FIELDS + ' FROM users WHERE admin=1 ORDER BY createdAt', function (error, results) {
+    database.query('SELECT ' + USERS_FIELDS + ' FROM users WHERE role=? ORDER BY createdAt', [ role ], function (error, results) {
         if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (results.length === 0) return callback(new BoxError(BoxError.NOT_FOUND, 'User not found'));
 
         results.forEach(postProcess);
 
@@ -184,15 +169,12 @@ function add(userId, user, callback) {
     assert.strictEqual(typeof user.modifiedAt, 'string');
     assert.strictEqual(typeof user.resetToken, 'string');
     assert.strictEqual(typeof user.displayName, 'string');
-    assert.strictEqual(typeof user.admin, 'boolean');
     assert.strictEqual(typeof user.source, 'string');
-    assert.strictEqual(typeof user.permissions, 'object');
+    assert.strictEqual(typeof user.role, 'string');
     assert.strictEqual(typeof callback, 'function');
 
-    const permissionsJson = user.permissions ? JSON.stringify(user.permissions) : null;
-
-    const query = 'INSERT INTO users (id, username, password, email, fallbackEmail, salt, createdAt, modifiedAt, resetToken, displayName, admin, source, permissionsJson) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)';
-    const args = [ userId, user.username, user.password, user.email, user.fallbackEmail, user.salt, user.createdAt, user.modifiedAt, user.resetToken, user.displayName, user.admin, user.source, permissionsJson ];
+    const query = 'INSERT INTO users (id, username, password, email, fallbackEmail, salt, createdAt, modifiedAt, resetToken, displayName, source, role) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)';
+    const args = [ userId, user.username, user.password, user.email, user.fallbackEmail, user.salt, user.createdAt, user.modifiedAt, user.resetToken, user.displayName, user.source, user.role ];
 
     database.query(query, args, function (error) {
         if (error && error.code === 'ER_DUP_ENTRY' && error.sqlMessage.indexOf('users_email') !== -1) return callback(new BoxError(BoxError.ALREADY_EXISTS, 'email already exists'));
@@ -255,18 +237,15 @@ function update(userId, user, callback) {
     assert(!('email' in user) || (typeof user.email === 'string'));
     assert(!('fallbackEmail' in user) || (typeof user.fallbackEmail === 'string'));
     assert(!('twoFactorAuthenticationEnabled' in user) || (typeof user.twoFactorAuthenticationEnabled === 'boolean'));
-    assert(!('admin' in user) || (typeof user.admin === 'boolean'));
+    assert(!('role' in user) || (typeof user.role === 'string'));
     assert(!('active' in user) || (typeof user.active === 'boolean'));
 
     var args = [ ];
     var fields = [ ];
     for (var k in user) {
-        if (k === 'twoFactorAuthenticationEnabled' || k === 'admin' || k === 'active') {
+        if (k === 'twoFactorAuthenticationEnabled' || k === 'active') {
             fields.push(k + ' = ?');
             args.push(user[k] ? 1 : 0);
-        } else if (k === 'permissions') {
-            fields.push(`${k}Json = ?`);
-            args.push(JSON.stringify(user[k]));
         } else {
             fields.push(k + ' = ?');
             args.push(user[k]);