permissions.PermissionModel is a reference table holding the fixed set of permission types. Its rows are seeded by data migrations spread across three apps. Permission assignments are M2M foreign keys to it. This breaks tests, and forces us to maintain unneeded complexity.
Proposal
Model permissions as an enum / constant set in code (key, description, type) and store assignments by key directly (e.g. a choices field on the through tables, or an array of keys), dropping the PermissionModel table. The set is fixed, so it does not belong in a mutable table.
Blast radius
- The shared
permissions M2M base and every model that inherits it (OSS: environments, environments/permissions, organisations/permissions, projects), plus the Role*Permission models in flagsmith-private/rbac.
- A data migration converting existing
permissionmodel_id links across all those through tables to the new representation.
- The permissions API exposes
("key", "description", "supports_tag"), so descriptions and the tag-support flag must keep being served from the enum definition.
Acceptance
PermissionModel removed; permissions represented as an enum/constant set.api/core/db_backends/postgresql/ and the DATABASES["default"]["ENGINE"] override in app/settings/test.py are deleted.
permissions.PermissionModelis a reference table holding the fixed set of permission types. Its rows are seeded by data migrations spread across three apps. Permission assignments are M2M foreign keys to it. This breaks tests, and forces us to maintain unneeded complexity.Proposal
Model permissions as an enum / constant set in code (
key,description,type) and store assignments by key directly (e.g. achoicesfield on the through tables, or an array of keys), dropping thePermissionModeltable. The set is fixed, so it does not belong in a mutable table.Blast radius
permissionsM2M base and every model that inherits it (OSS:environments,environments/permissions,organisations/permissions,projects), plus theRole*Permissionmodels inflagsmith-private/rbac.permissionmodel_idlinks across all those through tables to the new representation.("key", "description", "supports_tag"), so descriptions and the tag-support flag must keep being served from the enum definition.Acceptance
PermissionModelremoved; permissions represented as an enum/constant set.api/core/db_backends/postgresql/and theDATABASES["default"]["ENGINE"]override inapp/settings/test.pyare deleted.