From 4842507ff363dd219b4108526154280fcb894782 Mon Sep 17 00:00:00 2001 From: hsiegeln <37154749+hsiegeln@users.noreply.github.com> Date: Tue, 17 Mar 2026 18:30:16 +0100 Subject: [PATCH] feat: seed built-in Admins group and assign admin users on login - Add V2 Flyway migration to create built-in Admins group (id: ...0010) with ADMIN role - Add ADMINS_GROUP_ID constant to SystemRole - Add user to Admins group on successful local login alongside role assignment --- .../cameleer3/server/app/security/UiAuthController.java | 1 + .../main/resources/db/migration/V2__admin_group_seed.sql | 7 +++++++ .../java/com/cameleer3/server/core/rbac/SystemRole.java | 2 ++ 3 files changed, 10 insertions(+) create mode 100644 cameleer3-server-app/src/main/resources/db/migration/V2__admin_group_seed.sql diff --git a/cameleer3-server-app/src/main/java/com/cameleer3/server/app/security/UiAuthController.java b/cameleer3-server-app/src/main/java/com/cameleer3/server/app/security/UiAuthController.java index 1ffcfa6d..6002ae47 100644 --- a/cameleer3-server-app/src/main/java/com/cameleer3/server/app/security/UiAuthController.java +++ b/cameleer3-server-app/src/main/java/com/cameleer3/server/app/security/UiAuthController.java @@ -94,6 +94,7 @@ public class UiAuthController { userRepository.upsert(new UserInfo( subject, "local", "", request.username(), Instant.now())); rbacService.assignRoleToUser(subject, SystemRole.ADMIN_ID); + rbacService.addUserToGroup(subject, SystemRole.ADMINS_GROUP_ID); } catch (Exception e) { log.warn("Failed to upsert local user to store (login continues): {}", e.getMessage()); } diff --git a/cameleer3-server-app/src/main/resources/db/migration/V2__admin_group_seed.sql b/cameleer3-server-app/src/main/resources/db/migration/V2__admin_group_seed.sql new file mode 100644 index 00000000..6d683dd3 --- /dev/null +++ b/cameleer3-server-app/src/main/resources/db/migration/V2__admin_group_seed.sql @@ -0,0 +1,7 @@ +-- Built-in Admins group +INSERT INTO groups (id, name) VALUES + ('00000000-0000-0000-0000-000000000010', 'Admins'); + +-- Assign ADMIN role to Admins group +INSERT INTO group_roles (group_id, role_id) VALUES + ('00000000-0000-0000-0000-000000000010', '00000000-0000-0000-0000-000000000004'); diff --git a/cameleer3-server-core/src/main/java/com/cameleer3/server/core/rbac/SystemRole.java b/cameleer3-server-core/src/main/java/com/cameleer3/server/core/rbac/SystemRole.java index ac439424..1c176dca 100644 --- a/cameleer3-server-core/src/main/java/com/cameleer3/server/core/rbac/SystemRole.java +++ b/cameleer3-server-core/src/main/java/com/cameleer3/server/core/rbac/SystemRole.java @@ -12,6 +12,8 @@ public final class SystemRole { public static final UUID OPERATOR_ID = UUID.fromString("00000000-0000-0000-0000-000000000003"); public static final UUID ADMIN_ID = UUID.fromString("00000000-0000-0000-0000-000000000004"); + public static final UUID ADMINS_GROUP_ID = UUID.fromString("00000000-0000-0000-0000-000000000010"); + public static final Set IDS = Set.of(AGENT_ID, VIEWER_ID, OPERATOR_ID, ADMIN_ID); public static final Map BY_NAME = Map.of(