106 lines
2.9 KiB
TypeScript
106 lines
2.9 KiB
TypeScript
import { ActionsEnum } from "@server/auth/actions";
|
|
import { db } from "@server/db";
|
|
import { actions, roles, roleActions } from "../db/schema";
|
|
import { eq, inArray } from "drizzle-orm";
|
|
import logger from "@server/logger";
|
|
|
|
export async function ensureActions() {
|
|
const actionIds = Object.values(ActionsEnum);
|
|
const existingActions = await db.select().from(actions).execute();
|
|
const existingActionIds = existingActions.map((action) => action.actionId);
|
|
|
|
const actionsToAdd = actionIds.filter(
|
|
(id) => !existingActionIds.includes(id)
|
|
);
|
|
const actionsToRemove = existingActionIds.filter(
|
|
(id) => !actionIds.includes(id as ActionsEnum)
|
|
);
|
|
|
|
const defaultRoles = await db
|
|
.select()
|
|
.from(roles)
|
|
.where(eq(roles.isAdmin, true))
|
|
.execute();
|
|
|
|
await db.transaction(async (trx) => {
|
|
|
|
// Add new actions
|
|
for (const actionId of actionsToAdd) {
|
|
logger.debug(`Adding action: ${actionId}`);
|
|
await trx.insert(actions).values({ actionId }).execute();
|
|
// Add new actions to the Default role
|
|
if (defaultRoles.length != 0) {
|
|
await trx
|
|
.insert(roleActions)
|
|
.values(
|
|
defaultRoles.map((role) => ({
|
|
roleId: role.roleId!,
|
|
actionId,
|
|
orgId: role.orgId!
|
|
}))
|
|
)
|
|
.execute();
|
|
}
|
|
}
|
|
|
|
// Remove deprecated actions
|
|
if (actionsToRemove.length > 0) {
|
|
logger.debug(`Removing actions: ${actionsToRemove.join(", ")}`);
|
|
await trx
|
|
.delete(actions)
|
|
.where(inArray(actions.actionId, actionsToRemove))
|
|
.execute();
|
|
await trx
|
|
.delete(roleActions)
|
|
.where(inArray(roleActions.actionId, actionsToRemove))
|
|
.execute();
|
|
}
|
|
});
|
|
}
|
|
|
|
export async function createAdminRole(orgId: string) {
|
|
let roleId: any;
|
|
await db.transaction(async (trx) => {
|
|
|
|
const [insertedRole] = await trx
|
|
.insert(roles)
|
|
.values({
|
|
orgId,
|
|
isAdmin: true,
|
|
name: "Admin",
|
|
description: "Admin role with the most permissions"
|
|
})
|
|
.returning({ roleId: roles.roleId })
|
|
.execute();
|
|
|
|
if (!insertedRole || !insertedRole.roleId) {
|
|
throw new Error("Failed to create Admin role");
|
|
}
|
|
|
|
roleId = insertedRole.roleId;
|
|
|
|
const actionIds = await trx.select().from(actions).execute();
|
|
|
|
if (actionIds.length === 0) {
|
|
logger.info("No actions to assign to the Admin role");
|
|
return;
|
|
}
|
|
|
|
await trx
|
|
.insert(roleActions)
|
|
.values(
|
|
actionIds.map((action) => ({
|
|
roleId,
|
|
actionId: action.actionId,
|
|
orgId
|
|
}))
|
|
)
|
|
.execute();
|
|
});
|
|
|
|
if (!roleId) {
|
|
throw new Error("Failed to create Admin role");
|
|
}
|
|
|
|
return roleId;
|
|
}
|