From 7e33eae6d9765a259e1964dedc423cdba7c4912e Mon Sep 17 00:00:00 2001 From: Charles Zhao Date: Thu, 28 Mar 2024 23:48:11 +0800 Subject: [PATCH] feat(schemas): add new scope read:member to both tenant admin and member roles (#5582) --- ...4-add-read-member-scope-to-tenant-roles.ts | 25 +++++++++++++++++++ .../schemas/src/types/tenant-organization.ts | 10 +++++++- 2 files changed, 34 insertions(+), 1 deletion(-) create mode 100644 packages/schemas/alterations/next-1711624564-add-read-member-scope-to-tenant-roles.ts diff --git a/packages/schemas/alterations/next-1711624564-add-read-member-scope-to-tenant-roles.ts b/packages/schemas/alterations/next-1711624564-add-read-member-scope-to-tenant-roles.ts new file mode 100644 index 00000000000..bd1c8f2f8ff --- /dev/null +++ b/packages/schemas/alterations/next-1711624564-add-read-member-scope-to-tenant-roles.ts @@ -0,0 +1,25 @@ +import { sql } from '@silverhand/slonik'; + +import type { AlterationScript } from '../lib/types/alteration.js'; + +const alteration: AlterationScript = { + up: async (pool) => { + await pool.query(sql` + insert into organization_scopes (tenant_id, id, name, description) + values ('admin', 'read-member', 'read:member', 'Read members of the tenant.'); + insert into organization_role_scope_relations (tenant_id, organization_role_id, organization_scope_id) + values ('admin', 'admin', 'read-member'), + ('admin', 'member', 'read-member'); + `); + }, + down: async (pool) => { + await pool.query(sql` + delete from organization_role_scope_relations + where tenant_id = 'admin' and organization_scope_id = 'read-member'; + delete from organization_scopes + where tenant_id = 'admin' and id = 'read-member'; + `); + }, +}; + +export default alteration; diff --git a/packages/schemas/src/types/tenant-organization.ts b/packages/schemas/src/types/tenant-organization.ts index 0bf98ce7bb6..9d108182e17 100644 --- a/packages/schemas/src/types/tenant-organization.ts +++ b/packages/schemas/src/types/tenant-organization.ts @@ -55,6 +55,8 @@ export enum TenantScope { WriteData = 'write:data', /** Delete data of the tenant. */ DeleteData = 'delete:data', + /** Read members of the tenant. */ + ReadMember = 'read:member', /** Invite members to the tenant. */ InviteMember = 'invite:member', /** Remove members from the tenant. */ @@ -97,6 +99,7 @@ const tenantScopeDescriptions: Readonly> = Object.fr [TenantScope.ReadData]: 'Read the tenant data.', [TenantScope.WriteData]: 'Write the tenant data, including creating and updating the tenant.', [TenantScope.DeleteData]: 'Delete data of the tenant.', + [TenantScope.ReadMember]: 'Read members of the tenant.', [TenantScope.InviteMember]: 'Invite members to the tenant.', [TenantScope.RemoveMember]: 'Remove members from the tenant.', [TenantScope.UpdateMemberRole]: 'Update the role of a member in the tenant.', @@ -155,5 +158,10 @@ export const getTenantRole = (role: TenantRole): Readonly => export const tenantRoleScopes: Readonly>> = Object.freeze({ [TenantRole.Admin]: allTenantScopes, - [TenantRole.Member]: [TenantScope.ReadData, TenantScope.WriteData, TenantScope.DeleteData], + [TenantRole.Member]: [ + TenantScope.ReadData, + TenantScope.WriteData, + TenantScope.DeleteData, + TenantScope.ReadMember, + ], });