Skip to content

Commit

Permalink
feat(schemas): add new scope read:member to both tenant admin and mem…
Browse files Browse the repository at this point in the history 
…ber roles (#5582)
  • Loading branch information
@charIeszhao
charIeszhao authored Mar 28, 2024
1 parent a279fb4 commit 7e33eae
Show file tree
Hide file tree
Showing 2 changed files with 34 additions and 1 deletion.
25 changes: 25 additions & 0 deletions packages/schemas/alterations/next-1711624564-add-read-member-scope-to-tenant-roles.ts
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
import { sql } from '@silverhand/slonik';

import type { AlterationScript } from '../lib/types/alteration.js';

const alteration: AlterationScript = {
up: async (pool) => {
await pool.query(sql`
insert into organization_scopes (tenant_id, id, name, description)
values ('admin', 'read-member', 'read:member', 'Read members of the tenant.');
insert into organization_role_scope_relations (tenant_id, organization_role_id, organization_scope_id)
values ('admin', 'admin', 'read-member'),
('admin', 'member', 'read-member');
`);
},
down: async (pool) => {
await pool.query(sql`
delete from organization_role_scope_relations
where tenant_id = 'admin' and organization_scope_id = 'read-member';
delete from organization_scopes
where tenant_id = 'admin' and id = 'read-member';
`);
},
};

export default alteration;
10 changes: 9 additions & 1 deletion packages/schemas/src/types/tenant-organization.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,8 @@ export enum TenantScope {
WriteData = 'write:data',
/** Delete data of the tenant. */
DeleteData = 'delete:data',
/** Read members of the tenant. */
ReadMember = 'read:member',
/** Invite members to the tenant. */
InviteMember = 'invite:member',
/** Remove members from the tenant. */
Expand Down Expand Up @@ -97,6 +99,7 @@ const tenantScopeDescriptions: Readonly<Record<TenantScope, string>> = Object.fr
[TenantScope.ReadData]: 'Read the tenant data.',
[TenantScope.WriteData]: 'Write the tenant data, including creating and updating the tenant.',
[TenantScope.DeleteData]: 'Delete data of the tenant.',
[TenantScope.ReadMember]: 'Read members of the tenant.',
[TenantScope.InviteMember]: 'Invite members to the tenant.',
[TenantScope.RemoveMember]: 'Remove members from the tenant.',
[TenantScope.UpdateMemberRole]: 'Update the role of a member in the tenant.',
Expand Down Expand Up @@ -155,5 +158,10 @@ export const getTenantRole = (role: TenantRole): Readonly<OrganizationRole> =>
export const tenantRoleScopes: Readonly<Record<TenantRole, Readonly<TenantScope[]>>> =
Object.freeze({
[TenantRole.Admin]: allTenantScopes,
[TenantRole.Member]: [TenantScope.ReadData, TenantScope.WriteData, TenantScope.DeleteData],
[TenantRole.Member]: [
TenantScope.ReadData,
TenantScope.WriteData,
TenantScope.DeleteData,
TenantScope.ReadMember,
],
});

0 comments on commit 7e33eae

Please sign in to comment.