mirror of
https://github.com/logto-io/logto.git
synced 2024-12-16 20:26:19 -05:00
Merge pull request #5214 from logto-io/gao-fix-alteration-script
refactor(schemas): fix alteration script
This commit is contained in:
Gao Sun
GitHub
commit
b064fab71c
1 changed files with 6 additions and 28 deletions
|
|
@ -5,15 +5,6 @@ import type { AlterationScript } from '../lib/types/alteration.js';
|
|||
|
||||
const alteration: AlterationScript = {
|
||||
up: async (pool) => {
|
||||
// Unassign cloud scopes accidentally assigned to the admin Management API proxy
|
||||
await pool.query(sql`
|
||||
delete from roles_scopes
|
||||
using scopes
|
||||
where roles_scopes.tenant_id = 'admin'
|
||||
and roles_scopes.role_id = 'm-admin'
|
||||
and roles_scopes.scope_id = scopes.id
|
||||
and scopes.name in ('send:sms', 'send:email', 'create:affiliate', 'manage:affiliate');
|
||||
`);
|
||||
// Delete all legacy roles in the admin tenant
|
||||
await pool.query(sql`
|
||||
delete from roles
|
||||
|
|
@ -41,23 +32,22 @@ const alteration: AlterationScript = {
|
|||
},
|
||||
down: async (pool) => {
|
||||
console.log('Add `manage:tenant` scope to the Cloud API resource');
|
||||
// Add `manage:tenant` scope to the Cloud API resource
|
||||
await pool.query(sql`
|
||||
insert into scopes (tenant_id, id, name, description, resource_id)
|
||||
values ('admin', 'manage:tenant', 'manage:tenant', 'Allow managing existing tenants, including create without limitation, update, and delete.', (
|
||||
select id from resources where tenant_id = 'admin' and indicator = 'https://cloud.logto.io/api'
|
||||
));
|
||||
`);
|
||||
|
||||
console.log('Update default role description');
|
||||
// Update default role description
|
||||
await pool.query(sql`
|
||||
update roles
|
||||
set description = 'Admin tenant admin role for Logto tenant default.'
|
||||
where tenant_id = 'admin'
|
||||
and name = 'default:admin';
|
||||
`);
|
||||
|
||||
console.log('Add legacy roles in the admin tenant');
|
||||
// Add legacy roles in the admin tenant
|
||||
const existingTenantIds = await pool.any<{ id: string }>(sql`
|
||||
select id from tenants where id != 'default';
|
||||
`);
|
||||
|
|
@ -77,8 +67,8 @@ const alteration: AlterationScript = {
|
|||
sql`, `
|
||||
)};
|
||||
`);
|
||||
|
||||
console.log('Restore assigned Management API scopes to the legacy roles');
|
||||
// Restore assigned Management API scopes to the legacy roles
|
||||
await pool.query(sql`
|
||||
insert into roles_scopes (tenant_id, id, role_id, scope_id)
|
||||
values ${sql.join(
|
||||
|
|
@ -101,8 +91,8 @@ const alteration: AlterationScript = {
|
|||
sql`, `
|
||||
)};
|
||||
`);
|
||||
|
||||
console.log('Assign to legacy roles to users according to the tenant organization roles');
|
||||
// Assign to legacy roles to users according to the tenant organization roles
|
||||
const adminUsersOrganizations = await pool.any<{ userId: string; organizationId: string }>(sql`
|
||||
select user_id as "userId", organization_id as "organizationId"
|
||||
from organization_role_user_relations
|
||||
|
|
@ -127,26 +117,14 @@ const alteration: AlterationScript = {
|
|||
sql`, `
|
||||
)};
|
||||
`);
|
||||
console.log(
|
||||
'Assign back cloud scopes to the admin Management API proxy and the legacy admin user'
|
||||
);
|
||||
// Assign back cloud scopes to the admin Management API proxy and the legacy admin user
|
||||
|
||||
console.log('Assign back cloud scopes to the legacy admin user');
|
||||
await pool.query(sql`
|
||||
insert into roles_scopes (tenant_id, id, role_id, scope_id)
|
||||
values ${sql.join(
|
||||
['send:sms', 'send:email', 'create:affiliate', 'manage:affiliate', 'manage:tenant'].map(
|
||||
(scope) => {
|
||||
return sql`
|
||||
(
|
||||
'admin',
|
||||
${generateStandardId()},
|
||||
'm-admin',
|
||||
(
|
||||
select id from scopes
|
||||
where tenant_id = 'admin'
|
||||
and name = ${scope}
|
||||
)
|
||||
),
|
||||
(
|
||||
'admin',
|
||||
${generateStandardId()},
|
||||
|
|
|
|||
Loading…
Reference in a new issue