🪺 fix: Update Role Handling due to New Schema Shape (#6774)

* 📝 fix: Update translation for shared agent message in English locale

* 🪺 fix: Migrate role schema to new nested structure and update permissions handling where missed

api/models/Role.js

@@ -99,6 +99,25 @@ async function updateAccessPermissions(roleName, permissionsUpdate) {
     const updatedPermissions = { ...currentPermissions };
     let hasChanges = false;
 
+    const unsetFields = {};
+    const permissionTypes = Object.keys(permissionsSchema.shape || {});
+    for (const permType of permissionTypes) {
+      if (role[permType] && typeof role[permType] === 'object') {
+        logger.info(
+          `Migrating '${roleName}' role from old schema: found '${permType}' at top level`,
+        );
+
+        updatedPermissions[permType] = {
+          ...updatedPermissions[permType],
+          ...role[permType],
+        };
+
+        unsetFields[permType] = 1;
+        hasChanges = true;
+      }
+    }
+
+    // Process the current updates
     for (const [permissionType, permissions] of Object.entries(updates)) {
       const currentTypePermissions = currentPermissions[permissionType] || {};
       updatedPermissions[permissionType] = { ...currentTypePermissions };
@@ -115,8 +134,36 @@ async function updateAccessPermissions(roleName, permissionsUpdate) {
     }
 
     if (hasChanges) {
-      // Update only the permissions field.
-      await updateRoleByName(roleName, { permissions: updatedPermissions });
+      const updateObj = { permissions: updatedPermissions };
+
+      if (Object.keys(unsetFields).length > 0) {
+        logger.info(
+          `Unsetting old schema fields for '${roleName}' role: ${Object.keys(unsetFields).join(', ')}`,
+        );
+
+        try {
+          await Role.updateOne(
+            { name: roleName },
+            {
+              $set: updateObj,
+              $unset: unsetFields,
+            },
+          );
+
+          const cache = getLogStores(CacheKeys.ROLES);
+          const updatedRole = await Role.findOne({ name: roleName }).select('-__v').lean().exec();
+          await cache.set(roleName, updatedRole);
+
+          logger.info(`Updated role '${roleName}' and removed old schema fields`);
+        } catch (updateError) {
+          logger.error(`Error during role migration update: ${updateError.message}`);
+          throw updateError;
+        }
+      } else {
+        // Standard update if no migration needed
+        await updateRoleByName(roleName, updateObj);
+      }
+
       logger.info(`Updated '${roleName}' role permissions`);
     } else {
       logger.info(`No changes needed for '${roleName}' role permissions`);
@@ -155,10 +202,90 @@ const initializeRoles = async function () {
   }
 };
 
+/**
+ * Migrates roles from old schema to new schema structure.
+ * This can be called directly to fix existing roles.
+ *
+ * @param {string} [roleName] - Optional specific role to migrate. If not provided, migrates all roles.
+ * @returns {Promise<number>} Number of roles migrated.
+ */
+const migrateRoleSchema = async function (roleName) {
+  try {
+    // Get roles to migrate
+    let roles;
+    if (roleName) {
+      const role = await Role.findOne({ name: roleName });
+      roles = role ? [role] : [];
+    } else {
+      roles = await Role.find({});
+    }
+
+    logger.info(`Migrating ${roles.length} roles to new schema structure`);
+    let migratedCount = 0;
+
+    for (const role of roles) {
+      const permissionTypes = Object.keys(permissionsSchema.shape || {});
+      const unsetFields = {};
+      let hasOldSchema = false;
+
+      // Check for old schema fields
+      for (const permType of permissionTypes) {
+        if (role[permType] && typeof role[permType] === 'object') {
+          hasOldSchema = true;
+
+          // Ensure permissions object exists
+          role.permissions = role.permissions || {};
+
+          // Migrate permissions from old location to new
+          role.permissions[permType] = {
+            ...role.permissions[permType],
+            ...role[permType],
+          };
+
+          // Mark field for removal
+          unsetFields[permType] = 1;
+        }
+      }
+
+      if (hasOldSchema) {
+        try {
+          logger.info(`Migrating role '${role.name}' from old schema structure`);
+
+          // Simple update operation
+          await Role.updateOne(
+            { _id: role._id },
+            {
+              $set: { permissions: role.permissions },
+              $unset: unsetFields,
+            },
+          );
+
+          // Refresh cache
+          const cache = getLogStores(CacheKeys.ROLES);
+          const updatedRole = await Role.findById(role._id).lean().exec();
+          await cache.set(role.name, updatedRole);
+
+          migratedCount++;
+          logger.info(`Migrated role '${role.name}'`);
+        } catch (error) {
+          logger.error(`Failed to migrate role '${role.name}': ${error.message}`);
+        }
+      }
+    }
+
+    logger.info(`Migration complete: ${migratedCount} roles migrated`);
+    return migratedCount;
+  } catch (error) {
+    logger.error(`Role schema migration failed: ${error.message}`);
+    throw error;
+  }
+};
+
 module.exports = {
   Role,
   getRoleByName,
   initializeRoles,
   updateRoleByName,
   updateAccessPermissions,
+  migrateRoleSchema,
 };