mirror of
https://github.com/logto-io/logto.git
synced 2024-12-16 20:26:19 -05:00
refactor(schemas): fix alteration script
This commit is contained in:
parent
cbc5dc5792
commit
665454bacb
1 changed files with 6 additions and 28 deletions
|
@ -5,15 +5,6 @@ import type { AlterationScript } from '../lib/types/alteration.js';
|
||||||
|
|
||||||
const alteration: AlterationScript = {
|
const alteration: AlterationScript = {
|
||||||
up: async (pool) => {
|
up: async (pool) => {
|
||||||
// Unassign cloud scopes accidentally assigned to the admin Management API proxy
|
|
||||||
await pool.query(sql`
|
|
||||||
delete from roles_scopes
|
|
||||||
using scopes
|
|
||||||
where roles_scopes.tenant_id = 'admin'
|
|
||||||
and roles_scopes.role_id = 'm-admin'
|
|
||||||
and roles_scopes.scope_id = scopes.id
|
|
||||||
and scopes.name in ('send:sms', 'send:email', 'create:affiliate', 'manage:affiliate');
|
|
||||||
`);
|
|
||||||
// Delete all legacy roles in the admin tenant
|
// Delete all legacy roles in the admin tenant
|
||||||
await pool.query(sql`
|
await pool.query(sql`
|
||||||
delete from roles
|
delete from roles
|
||||||
|
@ -41,23 +32,22 @@ const alteration: AlterationScript = {
|
||||||
},
|
},
|
||||||
down: async (pool) => {
|
down: async (pool) => {
|
||||||
console.log('Add `manage:tenant` scope to the Cloud API resource');
|
console.log('Add `manage:tenant` scope to the Cloud API resource');
|
||||||
// Add `manage:tenant` scope to the Cloud API resource
|
|
||||||
await pool.query(sql`
|
await pool.query(sql`
|
||||||
insert into scopes (tenant_id, id, name, description, resource_id)
|
insert into scopes (tenant_id, id, name, description, resource_id)
|
||||||
values ('admin', 'manage:tenant', 'manage:tenant', 'Allow managing existing tenants, including create without limitation, update, and delete.', (
|
values ('admin', 'manage:tenant', 'manage:tenant', 'Allow managing existing tenants, including create without limitation, update, and delete.', (
|
||||||
select id from resources where tenant_id = 'admin' and indicator = 'https://cloud.logto.io/api'
|
select id from resources where tenant_id = 'admin' and indicator = 'https://cloud.logto.io/api'
|
||||||
));
|
));
|
||||||
`);
|
`);
|
||||||
|
|
||||||
console.log('Update default role description');
|
console.log('Update default role description');
|
||||||
// Update default role description
|
|
||||||
await pool.query(sql`
|
await pool.query(sql`
|
||||||
update roles
|
update roles
|
||||||
set description = 'Admin tenant admin role for Logto tenant default.'
|
set description = 'Admin tenant admin role for Logto tenant default.'
|
||||||
where tenant_id = 'admin'
|
where tenant_id = 'admin'
|
||||||
and name = 'default:admin';
|
and name = 'default:admin';
|
||||||
`);
|
`);
|
||||||
|
|
||||||
console.log('Add legacy roles in the admin tenant');
|
console.log('Add legacy roles in the admin tenant');
|
||||||
// Add legacy roles in the admin tenant
|
|
||||||
const existingTenantIds = await pool.any<{ id: string }>(sql`
|
const existingTenantIds = await pool.any<{ id: string }>(sql`
|
||||||
select id from tenants where id != 'default';
|
select id from tenants where id != 'default';
|
||||||
`);
|
`);
|
||||||
|
@ -77,8 +67,8 @@ const alteration: AlterationScript = {
|
||||||
sql`, `
|
sql`, `
|
||||||
)};
|
)};
|
||||||
`);
|
`);
|
||||||
|
|
||||||
console.log('Restore assigned Management API scopes to the legacy roles');
|
console.log('Restore assigned Management API scopes to the legacy roles');
|
||||||
// Restore assigned Management API scopes to the legacy roles
|
|
||||||
await pool.query(sql`
|
await pool.query(sql`
|
||||||
insert into roles_scopes (tenant_id, id, role_id, scope_id)
|
insert into roles_scopes (tenant_id, id, role_id, scope_id)
|
||||||
values ${sql.join(
|
values ${sql.join(
|
||||||
|
@ -101,8 +91,8 @@ const alteration: AlterationScript = {
|
||||||
sql`, `
|
sql`, `
|
||||||
)};
|
)};
|
||||||
`);
|
`);
|
||||||
|
|
||||||
console.log('Assign to legacy roles to users according to the tenant organization roles');
|
console.log('Assign to legacy roles to users according to the tenant organization roles');
|
||||||
// Assign to legacy roles to users according to the tenant organization roles
|
|
||||||
const adminUsersOrganizations = await pool.any<{ userId: string; organizationId: string }>(sql`
|
const adminUsersOrganizations = await pool.any<{ userId: string; organizationId: string }>(sql`
|
||||||
select user_id as "userId", organization_id as "organizationId"
|
select user_id as "userId", organization_id as "organizationId"
|
||||||
from organization_role_user_relations
|
from organization_role_user_relations
|
||||||
|
@ -127,26 +117,14 @@ const alteration: AlterationScript = {
|
||||||
sql`, `
|
sql`, `
|
||||||
)};
|
)};
|
||||||
`);
|
`);
|
||||||
console.log(
|
|
||||||
'Assign back cloud scopes to the admin Management API proxy and the legacy admin user'
|
console.log('Assign back cloud scopes to the legacy admin user');
|
||||||
);
|
|
||||||
// Assign back cloud scopes to the admin Management API proxy and the legacy admin user
|
|
||||||
await pool.query(sql`
|
await pool.query(sql`
|
||||||
insert into roles_scopes (tenant_id, id, role_id, scope_id)
|
insert into roles_scopes (tenant_id, id, role_id, scope_id)
|
||||||
values ${sql.join(
|
values ${sql.join(
|
||||||
['send:sms', 'send:email', 'create:affiliate', 'manage:affiliate', 'manage:tenant'].map(
|
['send:sms', 'send:email', 'create:affiliate', 'manage:affiliate', 'manage:tenant'].map(
|
||||||
(scope) => {
|
(scope) => {
|
||||||
return sql`
|
return sql`
|
||||||
(
|
|
||||||
'admin',
|
|
||||||
${generateStandardId()},
|
|
||||||
'm-admin',
|
|
||||||
(
|
|
||||||
select id from scopes
|
|
||||||
where tenant_id = 'admin'
|
|
||||||
and name = ${scope}
|
|
||||||
)
|
|
||||||
),
|
|
||||||
(
|
(
|
||||||
'admin',
|
'admin',
|
||||||
${generateStandardId()},
|
${generateStandardId()},
|
||||||
|
|
Loading…
Reference in a new issue