8.7 KiB
ACC Server Manager - Migration and Role System Enhancement Guide
Overview
This guide documents the comprehensive updates made to the ACC Server Manager, including UUID migrations, enhanced role system, and frontend improvements.
Changes Made
1. Database Migration to UUID Primary Keys
Problem: The original database used integer primary keys which could cause issues with scaling and distributed systems.
Solution: Migrated all primary keys to UUIDs while preserving data integrity and foreign key relationships.
Tables Migrated:
servers- Server configurationsconfigs- Configuration historystate_histories- Server state trackingsteam_credentials- Steam login credentialssystem_configs- System configuration settings
Migration Scripts:
scripts/migrations/002_migrate_servers_to_uuid.sql- SQL migration scriptlocal/migrations/002_migrate_to_uuid.go- Go migration handlerscripts/run_migrations.go- Standalone migration runnerscripts/test_migrations.go- Test suite for migrations
2. Enhanced Role System
Problem: The original system only had "Super Admin" role with limited role management.
Solution: Implemented a comprehensive role system with three predefined roles and permission-based access control.
New Roles:
-
Super Admin
- All permissions
- Cannot be deleted (protected)
- System administrator level access
-
Admin
- All permissions (same as Super Admin)
- Can be deleted
- Regular administrative access
-
Manager
- Limited permissions
- Cannot create/delete: servers, users, roles, memberships
- Can view and manage existing resources
Permission Structure:
Server Permissions:
- server.view, server.create, server.update, server.delete
- server.start, server.stop
Configuration Permissions:
- config.view, config.update
User Management Permissions:
- user.view, user.create, user.update, user.delete
Role Management Permissions:
- role.view, role.create, role.update, role.delete
Membership Permissions:
- membership.view, membership.create, membership.edit
3. Frontend Improvements
Problem: Role assignment used a text input field, making it error-prone and inconsistent.
Solution: Replaced text input with a dropdown populated from the backend API.
Changes:
- Added
/membership/rolesAPI endpoint - Updated membership service to fetch available roles
- Modified create user modal to use dropdown selection
- Improved user experience with consistent role selection
4. Super Admin Protection
Problem: No protection against accidentally deleting the Super Admin user.
Solution: Added validation to prevent deletion of users with "Super Admin" role.
Implementation:
- Service-level validation in
DeleteUsermethod - Returns error: "cannot delete Super Admin user"
- Maintains system integrity by ensuring at least one Super Admin exists
Installation and Usage
Running Migrations
Option 1: Automatic Migration (Recommended)
Migrations run automatically when the application starts:
cd acc-server-manager
go run cmd/api/main.go
Option 2: Manual Migration
Run migrations manually using the migration script:
cd acc-server-manager
go run scripts/run_migrations.go [database_path]
Option 3: Test Migrations
Test the migration process with the test suite:
cd acc-server-manager
go run scripts/test_migrations.go
Backend API Changes
New Endpoints:
-
Get All Roles
GET /membership/roles Authorization: Bearer <token> Required Permission: role.view Response: [ { "id": "uuid", "name": "Super Admin" }, { "id": "uuid", "name": "Admin" }, { "id": "uuid", "name": "Manager" } ] -
Enhanced User Creation
POST /membership Authorization: Bearer <token> Required Permission: membership.create Body: { "username": "string", "password": "string", "role": "Super Admin|Admin|Manager" }
Frontend Changes
Role Selection Dropdown
The user creation form now includes a dropdown for role selection:
<select name="role" required>
<option value="">Select a role...</option>
<option value="Super Admin">Super Admin</option>
<option value="Admin">Admin</option>
<option value="Manager">Manager</option>
</select>
Updated API Service
The membership service includes the new getRoles() method:
async getRoles(event: RequestEvent): Promise<Role[]> {
return await fetchAPIEvent(event, '/membership/roles');
}
Migration Safety
Backup Strategy
- Automatic Backup: The migration script creates temporary backup tables
- Transaction Safety: All migrations run within database transactions
- Rollback Support: Failed migrations are automatically rolled back
Data Integrity
- Foreign key relationships are maintained during migration
- Existing data is preserved with new UUID identifiers
- Lookup tables (tracks, car models, etc.) remain unchanged
Validation
- UUID format validation for all migrated IDs
- Referential integrity checks after migration
- Comprehensive test suite verifies migration success
Troubleshooting
Common Issues
-
Migration Already Applied
- Error: "UUID migration already applied, skipping"
- Solution: This is normal, migrations are idempotent
-
Database Lock Error
- Error: "database is locked"
- Solution: Ensure no other processes are using the database
-
Permission Denied
- Error: "failed to execute UUID migration"
- Solution: Check file permissions and disk space
-
Foreign Key Constraint Error
- Error: "FOREIGN KEY constraint failed"
- Solution: Verify database integrity before running migration
Debugging
Enable debug logging to see detailed migration progress:
# Set environment variable
export DEBUG=true
# Or modify the Go code
logging.Init(true) // Enable debug logging
Recovery
If migration fails:
- Restore from backup: Use the backup files created during migration
- Re-run migration: The migration is idempotent and can be safely re-run
- Manual cleanup: Remove temporary tables and retry
Testing
Automated Tests
Run the comprehensive test suite:
cd acc-server-manager
go run scripts/test_migrations.go
Manual Testing
- Create test users with different roles
- Verify permission restrictions work correctly
- Test Super Admin deletion prevention
- Confirm frontend dropdown functionality
Test Database
The test suite creates a temporary database (test_migrations.db) that is automatically cleaned up after testing.
Performance Considerations
Database Performance
- UUIDs are stored as TEXT in SQLite for compatibility
- Indexes are created on frequently queried UUID columns
- Foreign key constraints ensure referential integrity
Memory Usage
- Migration process uses temporary tables to minimize memory footprint
- Batch processing for large datasets
- Transaction-based approach reduces memory leaks
Security Enhancements
Role-Based Access Control
- Granular permissions for different operations
- Service-level permission validation
- Middleware-based authentication and authorization
Super Admin Protection
- Prevents accidental deletion of critical users
- Maintains system accessibility
- Audit trail for all user management operations
Future Enhancements
Planned Features
- Custom Roles: Allow creation of custom roles with specific permissions
- Role Inheritance: Implement role hierarchy with permission inheritance
- Audit Logging: Track all role and permission changes
- Bulk Operations: Support for bulk user management operations
Migration Extensions
- Data Archival: Migrate old data to archive tables
- Performance Optimization: Add database-specific optimizations
- Incremental Migrations: Support for partial migrations
Support
For issues or questions regarding the migration and role system:
- Check the logs for detailed error messages
- Review this guide for common solutions
- Run the test suite to verify system integrity
- Consult the API documentation for endpoint details
Changelog
Version 2.0.0
- ✅ Migrated all primary keys to UUID
- ✅ Added Super Admin, Admin, and Manager roles
- ✅ Implemented permission-based access control
- ✅ Added Super Admin deletion protection
- ✅ Created role selection dropdown in frontend
- ✅ Added comprehensive test suite
- ✅ Improved database migration system
Version 1.0.0
- Basic user management with Super Admin role
- Integer primary keys
- Text-based role assignment