refactor(schemas): fix alteration script

2024-12-16 20:26:19 -05:00 · 2024-01-09 20:20:12 +08:00 · 2024-01-09 20:20:12 +08:00 · 665454bacb
commit 665454bacb
parent cbc5dc5792
1 changed files with 6 additions and 28 deletions
--- a/packages/schemas/alterations/next-1704692973-remove-legacy-resources.ts
+++ b/packages/schemas/alterations/next-1704692973-remove-legacy-resources.ts
@ -5,15 +5,6 @@ import type { AlterationScript } from '../lib/types/alteration.js';

 const alteration: AlterationScript = {
  up: async (pool) => {
-    // Unassign cloud scopes accidentally assigned to the admin Management API proxy
-    await pool.query(sql`
-      delete from roles_scopes
-      using scopes
-      where roles_scopes.tenant_id = 'admin'
-      and roles_scopes.role_id = 'm-admin'
-      and roles_scopes.scope_id = scopes.id
-      and scopes.name in ('send:sms', 'send:email', 'create:affiliate', 'manage:affiliate');
-    `);
    // Delete all legacy roles in the admin tenant
    await pool.query(sql`
      delete from roles
@ -41,23 +32,22 @@ const alteration: AlterationScript = {
  },
  down: async (pool) => {
    console.log('Add `manage:tenant` scope to the Cloud API resource');
-    // Add `manage:tenant` scope to the Cloud API resource
    await pool.query(sql`
      insert into scopes (tenant_id, id, name, description, resource_id)
      values ('admin', 'manage:tenant', 'manage:tenant', 'Allow managing existing tenants, including create without limitation, update, and delete.', (
        select id from resources where tenant_id = 'admin' and indicator = 'https://cloud.logto.io/api'
      ));
    `);
+
    console.log('Update default role description');
-    // Update default role description
    await pool.query(sql`
      update roles
      set description = 'Admin tenant admin role for Logto tenant default.'
      where tenant_id = 'admin'
      and name = 'default:admin';
    `);
+
    console.log('Add legacy roles in the admin tenant');
-    // Add legacy roles in the admin tenant
    const existingTenantIds = await pool.any<{ id: string }>(sql`
      select id from tenants where id != 'default';
    `);
@ -77,8 +67,8 @@ const alteration: AlterationScript = {
        sql`, `
      )};
    `);
+
    console.log('Restore assigned Management API scopes to the legacy roles');
-    // Restore assigned Management API scopes to the legacy roles
    await pool.query(sql`
      insert into roles_scopes (tenant_id, id, role_id, scope_id)
      values ${sql.join(
@ -101,8 +91,8 @@ const alteration: AlterationScript = {
        sql`, `
      )};
    `);
+
    console.log('Assign to legacy roles to users according to the tenant organization roles');
-    // Assign to legacy roles to users according to the tenant organization roles
    const adminUsersOrganizations = await pool.any<{ userId: string; organizationId: string }>(sql`
      select user_id as "userId", organization_id as "organizationId"
      from organization_role_user_relations
@ -127,26 +117,14 @@ const alteration: AlterationScript = {
        sql`, `
      )};
    `);
-    console.log(
-      'Assign back cloud scopes to the admin Management API proxy and the legacy admin user'
-    );
-    // Assign back cloud scopes to the admin Management API proxy and the legacy admin user
+
+    console.log('Assign back cloud scopes to the legacy admin user');
    await pool.query(sql`
      insert into roles_scopes (tenant_id, id, role_id, scope_id)
      values ${sql.join(
        ['send:sms', 'send:email', 'create:affiliate', 'manage:affiliate', 'manage:tenant'].map(
          (scope) => {
            return sql`
-              (
-                'admin',
-                ${generateStandardId()},
-                'm-admin',
-                (
-                  select id from scopes
-                  where tenant_id = 'admin'
-                  and name = ${scope}
-                )
-              ),
              (
                'admin',
                ${generateStandardId()},