From ab866c1cfd9a58b63e2b72e197109029521b82c4 Mon Sep 17 00:00:00 2001 From: Michael Bromley Date: Wed, 25 Sep 2019 16:24:42 +0200 Subject: [PATCH] feat(core): Ensure SuperAdmin role has all permissions --- .../core/src/service/services/role.service.ts | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/packages/core/src/service/services/role.service.ts b/packages/core/src/service/services/role.service.ts index 283ec5fd4a..4eea366ce2 100644 --- a/packages/core/src/service/services/role.service.ts +++ b/packages/core/src/service/services/role.service.ts @@ -121,14 +121,25 @@ export class RoleService { }); } + /** + * Ensure that the SuperAdmin role exists and that it has all possible Permissions. + */ private async ensureSuperAdminRoleExists() { + const allPermissions = Object.values(Permission).filter(p => p !== Permission.Owner); try { - await this.getSuperAdminRole(); + const superAdminRole = await this.getSuperAdminRole(); + const hasAllPermissions = allPermissions.every(permission => + superAdminRole.permissions.includes(permission), + ); + if (!hasAllPermissions) { + superAdminRole.permissions = allPermissions; + await this.connection.getRepository(Role).save(superAdminRole); + } } catch (err) { await this.create({ code: SUPER_ADMIN_ROLE_CODE, description: SUPER_ADMIN_ROLE_DESCRIPTION, - permissions: Object.values(Permission).filter(p => p !== Permission.Owner), + permissions: allPermissions, }); } }