import { generateStandardId } from '@logto/core-kit'; import { sql } from 'slonik'; import type { AlterationScript } from '../lib/types/alteration.js'; const adminTenantId = 'admin'; const alteration: AlterationScript = { up: async (pool) => { const scopeId = generateStandardId(); const { id: resourceId } = await pool.one<{ id: string }>(sql` select id from resources where tenant_id = ${adminTenantId} and indicator = 'https://cloud.logto.io/api' `); await pool.query(sql` insert into scopes (tenant_id, id, name, description, resource_id) values ( ${adminTenantId}, ${scopeId}, 'manage:tenant', 'Allow managing existing tenants, including create without limitation, update, and delete.', ${resourceId} ); `); const { id: roleId } = await pool.one<{ id: string }>(sql` select id from roles where tenant_id = ${adminTenantId} and name = 'admin:admin' `); await pool.query(sql` insert into roles_scopes (tenant_id, id, role_id, scope_id) values ( ${adminTenantId}, ${generateStandardId()}, ${roleId}, ${scopeId} ); `); }, down: async (pool) => { await pool.query(sql` delete from scopes using resources where resources.id = scopes.resource_id and scopes.tenant_id = ${adminTenantId} and resources.indicator = 'https://cloud.logto.io/api' and scopes.name='manage:tenant'; `); }, }; export default alteration;