mirror of
https://github.com/logto-io/logto.git
synced 2025-03-31 22:51:25 -05:00
feat(schemas): add new scope read:member to both tenant admin and member roles (#5582)
This commit is contained in:
parent
a279fb4c6c
commit
7e33eae6d9
2 changed files with 34 additions and 1 deletions
packages/schemas
|
@ -0,0 +1,25 @@
|
|||
import { sql } from '@silverhand/slonik';
|
||||
|
||||
import type { AlterationScript } from '../lib/types/alteration.js';
|
||||
|
||||
const alteration: AlterationScript = {
|
||||
up: async (pool) => {
|
||||
await pool.query(sql`
|
||||
insert into organization_scopes (tenant_id, id, name, description)
|
||||
values ('admin', 'read-member', 'read:member', 'Read members of the tenant.');
|
||||
insert into organization_role_scope_relations (tenant_id, organization_role_id, organization_scope_id)
|
||||
values ('admin', 'admin', 'read-member'),
|
||||
('admin', 'member', 'read-member');
|
||||
`);
|
||||
},
|
||||
down: async (pool) => {
|
||||
await pool.query(sql`
|
||||
delete from organization_role_scope_relations
|
||||
where tenant_id = 'admin' and organization_scope_id = 'read-member';
|
||||
delete from organization_scopes
|
||||
where tenant_id = 'admin' and id = 'read-member';
|
||||
`);
|
||||
},
|
||||
};
|
||||
|
||||
export default alteration;
|
|
@ -55,6 +55,8 @@ export enum TenantScope {
|
|||
WriteData = 'write:data',
|
||||
/** Delete data of the tenant. */
|
||||
DeleteData = 'delete:data',
|
||||
/** Read members of the tenant. */
|
||||
ReadMember = 'read:member',
|
||||
/** Invite members to the tenant. */
|
||||
InviteMember = 'invite:member',
|
||||
/** Remove members from the tenant. */
|
||||
|
@ -97,6 +99,7 @@ const tenantScopeDescriptions: Readonly<Record<TenantScope, string>> = Object.fr
|
|||
[TenantScope.ReadData]: 'Read the tenant data.',
|
||||
[TenantScope.WriteData]: 'Write the tenant data, including creating and updating the tenant.',
|
||||
[TenantScope.DeleteData]: 'Delete data of the tenant.',
|
||||
[TenantScope.ReadMember]: 'Read members of the tenant.',
|
||||
[TenantScope.InviteMember]: 'Invite members to the tenant.',
|
||||
[TenantScope.RemoveMember]: 'Remove members from the tenant.',
|
||||
[TenantScope.UpdateMemberRole]: 'Update the role of a member in the tenant.',
|
||||
|
@ -155,5 +158,10 @@ export const getTenantRole = (role: TenantRole): Readonly<OrganizationRole> =>
|
|||
export const tenantRoleScopes: Readonly<Record<TenantRole, Readonly<TenantScope[]>>> =
|
||||
Object.freeze({
|
||||
[TenantRole.Admin]: allTenantScopes,
|
||||
[TenantRole.Member]: [TenantScope.ReadData, TenantScope.WriteData, TenantScope.DeleteData],
|
||||
[TenantRole.Member]: [
|
||||
TenantScope.ReadData,
|
||||
TenantScope.WriteData,
|
||||
TenantScope.DeleteData,
|
||||
TenantScope.ReadMember,
|
||||
],
|
||||
});
|
||||
|
|
Loading…
Add table
Reference in a new issue