fix(rbac): fix membership constraint (#2291)

Signed-off-by: Jose I. Paris <[email protected]>

Author: jiparis

app/controlplane/pkg/data/ent/migrate/migrations/20250728123421.sql

@@ -0,0 +1,8 @@
+-- Drop index "membership_membership_type_mem_33e9cb590a3adfa25d916afabf657740" from table: "memberships"
+DROP INDEX "membership_membership_type_mem_33e9cb590a3adfa25d916afabf657740";
+-- Drop index "membership_membership_type_mem_8014883ac7acffee8425ce171cf6f4cf" from table: "memberships"
+DROP INDEX "membership_membership_type_mem_8014883ac7acffee8425ce171cf6f4cf";
+-- Create index "membership_membership_type_mem_69a8fe555e26fd9532f5e3fe38ba2651" to table: "memberships"
+CREATE UNIQUE INDEX "membership_membership_type_mem_69a8fe555e26fd9532f5e3fe38ba2651" ON "memberships" ("membership_type", "member_id", "resource_type", "resource_id", "parent_id") WHERE (parent_id IS NOT NULL);
+-- Create index "membership_membership_type_member_id_resource_type_resource_id" to table: "memberships"
+CREATE UNIQUE INDEX "membership_membership_type_member_id_resource_type_resource_id" ON "memberships" ("membership_type", "member_id", "resource_type", "resource_id") WHERE (parent_id IS NULL);

app/controlplane/pkg/data/ent/migrate/migrations/atlas.sum

@@ -1,4 +1,4 @@
-h1:QHFhnD3Le8WU03zeKuQWvjRaaMKX2ONDFb64ty4phZo=
+h1:W2BrLHso2p2/duPEctqndT0qwM/1/93RkVMgtBvVqBM=
 20230706165452_init-schema.sql h1:VvqbNFEQnCvUVyj2iDYVQQxDM0+sSXqocpt/5H64k8M=
 20230710111950-cas-backend.sql h1:A8iBuSzZIEbdsv9ipBtscZQuaBp3V5/VMw7eZH6GX+g=
 20230712094107-cas-backends-workflow-runs.sql h1:a5rzxpVGyd56nLRSsKrmCFc9sebg65RWzLghKHh5xvI=
@@ -100,3 +100,4 @@ h1:QHFhnD3Le8WU03zeKuQWvjRaaMKX2ONDFb64ty4phZo=
 20250715100956.sql h1:y9eOaPMpQTlcJppjaGzeuHBTNDwe6sGbxSVU8e7LL1o=
 20250723114128.sql h1:OZDXg9CdImiwPsi7X9TJoZ4uPnSa17oY/9HjsxG7WNk=
 20250723171233.sql h1:Aq4IUr4ForrwmK9jMPPtwl4V8e2plYff/IcSgIc0XFo=
+20250728123421.sql h1:VaxxLhVF2PXQ6Vjv4nSWHQjHLM8O9anMxgDMnCkL21I=

app/controlplane/pkg/data/ent/migrate/schema.go

@@ -361,17 +361,17 @@ var (
 				Columns: []*schema.Column{MembershipsColumns[10], MembershipsColumns[11]},
 			},
 			{
-				Name:    "membership_membership_type_member_id_resource_type_resource_id_role_parent_id",
+				Name:    "membership_membership_type_member_id_resource_type_resource_id_parent_id",
 				Unique:  true,
-				Columns: []*schema.Column{MembershipsColumns[5], MembershipsColumns[6], MembershipsColumns[7], MembershipsColumns[8], MembershipsColumns[4], MembershipsColumns[9]},
+				Columns: []*schema.Column{MembershipsColumns[5], MembershipsColumns[6], MembershipsColumns[7], MembershipsColumns[8], MembershipsColumns[9]},
 				Annotation: &entsql.IndexAnnotation{
 					Where: "parent_id IS NOT NULL",
 				},
 			},
 			{
-				Name:    "membership_membership_type_member_id_resource_type_resource_id_role",
+				Name:    "membership_membership_type_member_id_resource_type_resource_id",
 				Unique:  true,
-				Columns: []*schema.Column{MembershipsColumns[5], MembershipsColumns[6], MembershipsColumns[7], MembershipsColumns[8], MembershipsColumns[4]},
+				Columns: []*schema.Column{MembershipsColumns[5], MembershipsColumns[6], MembershipsColumns[7], MembershipsColumns[8]},
 				Annotation: &entsql.IndexAnnotation{
 					Where: "parent_id IS NULL",
 				},

app/controlplane/pkg/data/ent/schema/membership.go

@@ -77,11 +77,11 @@ func (Membership) Indexes() []ent.Index {
 	return []ent.Index{
 		index.Edges("organization", "user"),
 		// only one inherited role
-		index.Fields("membership_type", "member_id", "resource_type", "resource_id", "role", "parent_id").Unique().Annotations(
+		index.Fields("membership_type", "member_id", "resource_type", "resource_id", "parent_id").Unique().Annotations(
 			entsql.IndexWhere("parent_id IS NOT NULL"),
 		),
 		// only one explicit role
-		index.Fields("membership_type", "member_id", "resource_type", "resource_id", "role").Unique().Annotations(
+		index.Fields("membership_type", "member_id", "resource_type", "resource_id").Unique().Annotations(
 			entsql.IndexWhere("parent_id IS NULL"),
 		),
 	}