feat(schemas): add new scope read:member to both tenant admin and member roles (#5582)

2025-03-31 22:51:25 -05:00 · 2024-03-28 23:48:11 +08:00 · 2024-03-28 23:48:11 +08:00 · 7e33eae6d9
commit 7e33eae6d9
parent a279fb4c6c
2 changed files with 34 additions and 1 deletions
--- a/packages/schemas/alterations/next-1711624564-add-read-member-scope-to-tenant-roles.ts
+++ b/packages/schemas/alterations/next-1711624564-add-read-member-scope-to-tenant-roles.ts
@ -0,0 +1,25 @@
+import { sql } from '@silverhand/slonik';
+
+import type { AlterationScript } from '../lib/types/alteration.js';
+
+const alteration: AlterationScript = {
+  up: async (pool) => {
+    await pool.query(sql`
+      insert into organization_scopes (tenant_id, id, name, description)
+        values ('admin', 'read-member', 'read:member', 'Read members of the tenant.');
+      insert into organization_role_scope_relations (tenant_id, organization_role_id, organization_scope_id)
+        values ('admin', 'admin', 'read-member'),
+               ('admin', 'member', 'read-member');
+    `);
+  },
+  down: async (pool) => {
+    await pool.query(sql`
+      delete from organization_role_scope_relations
+        where tenant_id = 'admin' and organization_scope_id = 'read-member';
+      delete from organization_scopes
+        where tenant_id = 'admin' and id = 'read-member';
+    `);
+  },
+};
+
+export default alteration;
--- a/packages/schemas/src/types/tenant-organization.ts
+++ b/packages/schemas/src/types/tenant-organization.ts
@ -55,6 +55,8 @@ export enum TenantScope {
  WriteData = 'write:data',
  /** Delete data of the tenant. */
  DeleteData = 'delete:data',
+  /** Read members of the tenant. */
+  ReadMember = 'read:member',
  /** Invite members to the tenant. */
  InviteMember = 'invite:member',
  /** Remove members from the tenant. */
@ -97,6 +99,7 @@ const tenantScopeDescriptions: Readonly<Record<TenantScope, string>> = Object.fr
  [TenantScope.ReadData]: 'Read the tenant data.',
  [TenantScope.WriteData]: 'Write the tenant data, including creating and updating the tenant.',
  [TenantScope.DeleteData]: 'Delete data of the tenant.',
+  [TenantScope.ReadMember]: 'Read members of the tenant.',
  [TenantScope.InviteMember]: 'Invite members to the tenant.',
  [TenantScope.RemoveMember]: 'Remove members from the tenant.',
  [TenantScope.UpdateMemberRole]: 'Update the role of a member in the tenant.',
@ -155,5 +158,10 @@ export const getTenantRole = (role: TenantRole): Readonly<OrganizationRole> =>
 export const tenantRoleScopes: Readonly<Record<TenantRole, Readonly<TenantScope[]>>> =
  Object.freeze({
    [TenantRole.Admin]: allTenantScopes,
-    [TenantRole.Member]: [TenantScope.ReadData, TenantScope.WriteData, TenantScope.DeleteData],
+    [TenantRole.Member]: [
+      TenantScope.ReadData,
+      TenantScope.WriteData,
+      TenantScope.DeleteData,
+      TenantScope.ReadMember,
+    ],
  });