Introduce an "owner" role, and prevent it from being administered

to prevent the owner from being demoted or kicked out.

ref: https://app.fizzy.do/5986089/cards/3213
This commit is contained in:
Mike Dalessio
2025-11-29 13:17:59 -05:00
parent 156a23f1f5
commit edf6b53469
20 changed files with 166 additions and 36 deletions
@@ -0,0 +1,14 @@
class PromoteFirstAdminToOwner < ActiveRecord::Migration[8.2]
def up
Account.find_each do |account|
next if account.users.exists?(role: :owner)
first_admin = account.users.where(role: :admin).order(:created_at).first
first_admin&.update!(role: :owner)
end
end
def down
User.where(role: :owner).update_all(role: :admin)
end
end
Generated
+1 -1
View File
@@ -10,7 +10,7 @@
#
# It's strongly recommended that you check this file into your version control system.
ActiveRecord::Schema[8.2].define(version: 2025_11_29_110120) do
ActiveRecord::Schema[8.2].define(version: 2025_11_29_175717) do
create_table "accesses", id: :uuid, charset: "utf8mb4", collation: "utf8mb4_0900_ai_ci", force: :cascade do |t|
t.datetime "accessed_at"
t.uuid "account_id", null: false
+1 -1
View File
@@ -10,7 +10,7 @@
#
# It's strongly recommended that you check this file into your version control system.
ActiveRecord::Schema[8.2].define(version: 2025_11_29_110120) do
ActiveRecord::Schema[8.2].define(version: 2025_11_29_175717) do
create_table "accesses", id: :uuid, force: :cascade do |t|
t.datetime "accessed_at"
t.uuid "account_id", null: false
+1 -1
View File
@@ -17,7 +17,7 @@ else
identity = Identity.find_or_create_by!(email_address: email_address)
unless account = Account.find_by(external_account_id: tenant_id)
account = Account.create_with_admin_user(
account = Account.create_with_owner(
account: {
external_account_id: tenant_id,
name: signal_account_name