deprecate usage of old user fields

controllers/network_test.go

@@ -26,9 +26,9 @@ func TestMain(m *testing.M) {
 	database.InitializeDatabase()
 	defer database.CloseDB()
 	logic.CreateSuperAdmin(&models.User{
-		UserName: "admin",
-		Password: "password",
-		IsAdmin:  true,
+		UserName:       "admin",
+		Password:       "password",
+		PlatformRoleID: models.SuperAdminRole,
 	})
 	peerUpdate := make(chan *models.Node)
 	go logic.ManageZombies(context.Background(), peerUpdate)

controllers/user.go

@@ -607,7 +607,7 @@ func transferSuperAdmin(w http.ResponseWriter, r *http.Request) {
 	if err != nil {
 		logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))
 	}
-	if !caller.IsSuperAdmin {
+	if caller.PlatformRoleID != models.SuperAdminRole {
 		logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("only superadmin can assign the superadmin role to another user"), "forbidden"))
 		return
 	}
@@ -1125,7 +1125,6 @@ func userInviteSignUp(w http.ResponseWriter, r *http.Request) {
 		user.UserGroups[inviteGroupID] = struct{}{}
 	}
 	user.NetworkRoles = make(map[models.NetworkID]map[models.UserRole]struct{})
-	user.IsSuperAdmin = false
 	err = logic.CreateUser(&user)
 	if err != nil {
 		logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal"))

controllers/user_test.go

@@ -66,7 +66,7 @@ func prepareUserRequest(t *testing.T, userForBody models.User, userNameForParam
 func haveOnlyOneUser(t *testing.T, user models.User) {
 	deleteAllUsers(t)
 	var err error
-	if user.IsSuperAdmin {
+	if user.PlatformRoleID == models.SuperAdminRole {
 		err = logic.CreateSuperAdmin(&user)
 	} else {
 		err = logic.CreateUser(&user)
@@ -104,7 +104,7 @@ func TestHasSuperAdmin(t *testing.T) {
 		assert.False(t, found)
 	})
 	t.Run("superadmin user", func(t *testing.T) {
-		var user = models.User{UserName: "superadmin", Password: "password", IsSuperAdmin: true}
+		var user = models.User{UserName: "superadmin", Password: "password", PlatformRoleID: models.SuperAdminRole}
 		err := logic.CreateUser(&user)
 		assert.Nil(t, err)
 		found, err := logic.HasSuperAdmin()
@@ -112,7 +112,7 @@ func TestHasSuperAdmin(t *testing.T) {
 		assert.True(t, found)
 	})
 	t.Run("multiple superadmins", func(t *testing.T) {
-		var user = models.User{UserName: "superadmin1", Password: "password", IsSuperAdmin: true}
+		var user = models.User{UserName: "superadmin1", Password: "password", PlatformRoleID: models.SuperAdminRole}
 		err := logic.CreateUser(&user)
 		assert.Nil(t, err)
 		found, err := logic.HasSuperAdmin()
@@ -123,7 +123,7 @@ func TestHasSuperAdmin(t *testing.T) {
 
 func TestCreateUser(t *testing.T) {
 	deleteAllUsers(t)
-	user := models.User{UserName: "admin", Password: "password", IsAdmin: true}
+	user := models.User{UserName: "admin", Password: "password", PlatformRoleID: models.AdminRole}
 	t.Run("NoUser", func(t *testing.T) {
 		err := logic.CreateUser(&user)
 		assert.Nil(t, err)
@@ -160,7 +160,7 @@ func TestDeleteUser(t *testing.T) {
 		assert.False(t, deleted)
 	})
 	t.Run("Existing User", func(t *testing.T) {
-		user := models.User{UserName: "admin", Password: "password", IsAdmin: true}
+		user := models.User{UserName: "admin", Password: "password", PlatformRoleID: models.AdminRole}
 		if err := logic.CreateUser(&user); err != nil {
 			t.Fatal(err)
 		}
@@ -220,7 +220,7 @@ func TestValidateUser(t *testing.T) {
 func TestGetUser(t *testing.T) {
 	deleteAllUsers(t)
 
-	user := models.User{UserName: "admin", Password: "password", IsAdmin: true}
+	user := models.User{UserName: "admin", Password: "password", PlatformRoleID: models.AdminRole}
 
 	t.Run("NonExistantUser", func(t *testing.T) {
 		admin, err := logic.GetUser("admin")
@@ -240,8 +240,8 @@ func TestGetUser(t *testing.T) {
 func TestGetUsers(t *testing.T) {
 	deleteAllUsers(t)
 
-	adminUser := models.User{UserName: "admin", Password: "password", IsAdmin: true}
-	user := models.User{UserName: "admin", Password: "password", IsAdmin: false}
+	adminUser := models.User{UserName: "admin", Password: "password", PlatformRoleID: models.AdminRole}
+	user := models.User{UserName: "admin", Password: "password", PlatformRoleID: models.AdminRole}
 
 	t.Run("NonExistantUser", func(t *testing.T) {
 		admin, err := logic.GetUsers()
@@ -268,7 +268,7 @@ func TestGetUsers(t *testing.T) {
 				assert.Equal(t, true, u.IsAdmin)
 			} else {
 				assert.Equal(t, user.UserName, u.UserName)
-				assert.Equal(t, user.IsAdmin, u.IsAdmin)
+				assert.Equal(t, user.PlatformRoleID, u.PlatformRoleID)
 			}
 		}
 	})
@@ -277,8 +277,8 @@ func TestGetUsers(t *testing.T) {
 
 func TestUpdateUser(t *testing.T) {
 	deleteAllUsers(t)
-	user := models.User{UserName: "admin", Password: "password", IsAdmin: true}
-	newuser := models.User{UserName: "hello", Password: "world", IsAdmin: true}
+	user := models.User{UserName: "admin", Password: "password", PlatformRoleID: models.AdminRole}
+	newuser := models.User{UserName: "hello", Password: "world", PlatformRoleID: models.AdminRole}
 	t.Run("NonExistantUser", func(t *testing.T) {
 		admin, err := logic.UpdateUser(&newuser, &user)
 		assert.EqualError(t, err, "could not find any records")
@@ -321,7 +321,7 @@ func TestUpdateUser(t *testing.T) {
 
 func TestVerifyAuthRequest(t *testing.T) {
 	deleteAllUsers(t)
-	user := models.User{UserName: "admin", Password: "password", IsSuperAdmin: false, IsAdmin: true}
+	user := models.User{UserName: "admin", Password: "password", PlatformRoleID: models.AdminRole}
 	var authRequest models.UserAuthParams
 	t.Run("EmptyUserName", func(t *testing.T) {
 		authRequest.UserName = ""
@@ -345,7 +345,7 @@ func TestVerifyAuthRequest(t *testing.T) {
 		assert.EqualError(t, err, "incorrect credentials")
 	})
 	t.Run("Non-Admin", func(t *testing.T) {
-		user.IsAdmin = false
+		user.PlatformRoleID = models.ServiceUser
 		user.Password = "somepass"
 		user.UserName = "nonadmin"
 		if err := logic.CreateUser(&user); err != nil {

functions/helpers_test.go

@@ -26,9 +26,9 @@ func TestMain(m *testing.M) {
 	database.InitializeDatabase()
 	defer database.CloseDB()
 	logic.CreateSuperAdmin(&models.User{
-		UserName:     "superadmin",
-		Password:     "password",
-		IsSuperAdmin: true,
+		UserName:       "superadmin",
+		Password:       "password",
+		PlatformRoleID: models.SuperAdminRole,
 	})
 	peerUpdate := make(chan *models.Node)
 	go logic.ManageZombies(context.Background(), peerUpdate)

logic/auth.go

@@ -37,7 +37,7 @@ func HasSuperAdmin() (bool, error) {
 		if err != nil {
 			continue
 		}
-		if user.IsSuperAdmin {
+		if user.PlatformRoleID == models.SuperAdminRole {
 			return true, nil
 		}
 	}

migrate/migrate.go

@@ -20,11 +20,11 @@ import (
 // Run - runs all migrations
 func Run() {
 	updateEnrollmentKeys()
+	syncUsers()
 	assignSuperAdmin()
 	updateHosts()
 	updateNodes()
 	updateAcls()
-	syncUsers()
 
 }
 
@@ -344,6 +344,9 @@ func syncUsers() {
 	users, err := logic.GetUsersDB()
 	if err == nil {
 		for _, user := range users {
+			if user.PlatformRoleID.String() != "" {
+				continue
+			}
 			if user.IsSuperAdmin {
 				user.PlatformRoleID = models.SuperAdminRole
 				logic.UpsertUser(user)