feat(schemas): add table for app org resource scope consent (#5803)

feat(schemas): add table application_user_consent_organization_resource_scopes
2025-03-10 22:22:45 -05:00 · 2024-04-29 10:48:02 +08:00 · 2024-04-29 10:48:02 +08:00 · 24acae8709
commit 24acae8709
parent bbd399e157
2 changed files with 50 additions and 0 deletions
--- a/packages/schemas/alterations/next-1714270244-application-org-resource-scope.ts
+++ b/packages/schemas/alterations/next-1714270244-application-org-resource-scope.ts
@ -0,0 +1,32 @@
+import { sql } from '@silverhand/slonik';
+
+import type { AlterationScript } from '../lib/types/alteration.js';
+
+import { applyTableRls, dropTableRls } from './utils/1704934999-tables.js';
+
+const alteration: AlterationScript = {
+  up: async (pool) => {
+    await pool.query(sql`
+      create table application_user_consent_organization_resource_scopes (
+        tenant_id varchar(21) not null
+          references tenants (id) on update cascade on delete cascade,
+        /** The globally unique identifier of the application. */
+        application_id varchar(21) not null
+          references applications (id) on update cascade on delete cascade,
+        /** The globally unique identifier of the resource scope. */
+        scope_id varchar(21) not null
+          references scopes (id) on update cascade on delete cascade,
+        primary key (application_id, scope_id)
+      );
+    `);
+    await applyTableRls(pool, 'application_user_consent_organization_resource_scopes');
+  },
+  down: async (pool) => {
+    await dropTableRls(pool, 'application_user_consent_organization_resource_scopes');
+    await pool.query(sql`
+      drop table application_user_consent_organization_resource_scopes
+    `);
+  },
+};
+
+export default alteration;
--- a/packages/schemas/tables/application_user_consent_organization_resource_scopes.sql
+++ b/packages/schemas/tables/application_user_consent_organization_resource_scopes.sql
@ -0,0 +1,18 @@
+/* init_order = 3 */
+
+/**
+  The organization resource scopes (permissions) assigned to an application's consent request.
+  This is different from the application_user_consent_resource_scopes table, scopes in this table
+  is granted by the organization roles.
+*/
+create table application_user_consent_organization_resource_scopes (
+  tenant_id varchar(21) not null
+    references tenants (id) on update cascade on delete cascade,
+  /** The globally unique identifier of the application. */
+  application_id varchar(21) not null
+    references applications (id) on update cascade on delete cascade,
+  /** The globally unique identifier of the resource scope. */
+  scope_id varchar(21) not null
+    references scopes (id) on update cascade on delete cascade,
+  primary key (application_id, scope_id)
+);