Skip to content

feat(rbac): Add database schema for RBAC tables #1983

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
jordan-umusu merged 3 commits into from
Feb 4, 2026
Merged

feat(rbac): Add database schema for RBAC tables #1983

jordan-umusu merged 3 commits into from
Feb 4, 2026
+682 −4

Conversation

@jordan-umusu
Copy link
Collaborator

@jordan-umusu jordan-umusu commented Jan 29, 2026
edited
Loading

Summary by cubic

Introduces the RBAC database schema with scopes, roles, groups, and assignments to support org- and workspace-level permissions. Adds the "viewer" workspace role and aligns backend enums and frontend types.

  • New Features

    • Added RBAC tables: scope, role, role_scope, group, group_member, group_assignment, user_role_assignment.
    • Added ScopeSource enum (system, registry, custom) with a DB enum and indexes.
    • Enforced org-wide vs workspace-specific role assignments via unique constraints and partial indexes.
    • Synced WorkspaceRole to include viewer; updated frontend types/schemas.

  • Migration

    • Run alembic upgrade head.
    • Ensure UI/API paths handle the new "viewer" role.
    • No seed data included; create roles/scopes as needed.

Written for commit 7a37727. Summary will update on new commits.

@jordan-umusu Graphite App
Copy link
Collaborator Author

jordan-umusu commented Jan 29, 2026
edited
Loading

This stack of pull requests is managed by Graphite. Learn more about stacking.

This was referenced Jan 29, 2026
Merged
Open
Open
Open
Draft
@jordan-umusu jordan-umusu changed the title feat(rbac): add database schema for RBAC tables feat(rbac): Add database schema for RBAC tables Jan 29, 2026
@blacksmith-sh

This comment has been minimized.

Sign in to view
@jordan-umusu
Copy link
Collaborator Author

jordan-umusu commented Feb 2, 2026

@cubic review

@cubic-dev-ai
Copy link
Contributor

cubic-dev-ai bot commented Feb 2, 2026

@cubic review

@jordan-umusu I have started the AI code review. It will take a few minutes to complete.

cubic-dev-ai[bot]
cubic-dev-ai bot reviewed Feb 2, 2026
View reviewed changes
Copy link
Contributor

@cubic-dev-ai cubic-dev-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No issues found across 5 files

@jordan-umusu jordan-umusu force-pushed the feat/rbac-schema branch 2 times, most recently from c1e6b3e to 7a37727 Compare February 2, 2026 16:59
@jordan-umusu jordan-umusu marked this pull request as ready for review February 2, 2026 17:10
chatgpt-codex-connector[bot]
chatgpt-codex-connector bot reviewed Feb 2, 2026
View reviewed changes
Copy link

@chatgpt-codex-connector chatgpt-codex-connector bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 7a37727f59

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

cubic-dev-ai[bot]
cubic-dev-ai bot reviewed Feb 2, 2026
View reviewed changes
Copy link
Contributor

@cubic-dev-ai cubic-dev-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

1 issue found across 5 files

Prompt for AI agents (all issues) 

Check if these issues are valid — if so, understand the root cause of each and fix them.


<file name="alembic/versions/8b630b0a094e_add_rbac_tables.py">

<violation number="1" location="alembic/versions/8b630b0a094e_add_rbac_tables.py:285">
P1: Partial unique index is missing `organization_id`, which would prevent users from having org-level role assignments in multiple organizations. The index should be on `["user_id", "organization_id"]` to allow one org-level assignment per user per organization.</violation>
</file>

Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.

@jordan-umusu jordan-umusu added enhancement New feature or request enterprise Enterprise Edition features and functionality migration Database migration and removed enhancement New feature or request labels Feb 2, 2026
daryllimyt
daryllimyt requested changes Feb 3, 2026
View reviewed changes
@blacksmith-sh
Copy link
Contributor

blacksmith-sh bot commented Feb 4, 2026
edited
Loading

Found 1 test failure on Blacksmith runners:

Failure

Test View Logs
TestFailureScenarios/test_execute_raises_when_tarball_missing View Logs

Fix in Cursor

@jordan-umusu jordan-umusu merged commit dd95202 into main Feb 4, 2026
18 of 19 checks passed
@jordan-umusu jordan-umusu deleted the feat/rbac-schema branch February 4, 2026 16:24
@jordan-umusu jordan-umusu mentioned this pull request Feb 9, 2026
Draft
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cubic-dev-ai cubic-dev-ai[bot] cubic-dev-ai[bot] left review comments

@chatgpt-codex-connector chatgpt-codex-connector[bot] chatgpt-codex-connector[bot] left review comments

@daryllimyt daryllimyt daryllimyt approved these changes

Assignees

No one assigned

Labels

enterprise Enterprise Edition features and functionality migration Database migration

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jordan-umusu @daryllimyt