Ensure the user's actions

2025-08-04 10:05:53 +02:00 · 2024-10-10 21:59:30 -04:00 · 2024-10-10 21:59:30 -04:00 · 4fc630cf42
commit 4fc630cf42
parent 143a3b756e
9 changed files with 74 additions and 63 deletions
--- a/server/db/ensureActions.ts
+++ b/server/db/ensureActions.ts
@ -1,38 +1,60 @@
 import { ActionsEnum } from "@server/auth/actions";
 import { db } from "@server/db";
-import { actions } from "./schema";
-import { eq } from "drizzle-orm";
+import { actions, roles, roleActions } from "./schema";
+import { eq, and, inArray, notInArray } from "drizzle-orm";

-// Ensure actions are in the database
 export async function ensureActions() {
    const actionIds = Object.values(ActionsEnum);
-    for (const actionId of actionIds) {
-        const existing = await db
-            .select()
-            .from(actions)
-            .where(eq(actions.name, actionId))
+    const existingActions = await db.select().from(actions).execute();
+    const existingActionIds = existingActions.map(action => action.actionId);
+
+    const actionsToAdd = actionIds.filter(id => !existingActionIds.includes(id));
+    const actionsToRemove = existingActionIds.filter(id => !actionIds.includes(id as ActionsEnum));
+
+    const defaultRoles = await db
+        .select()
+        .from(roles)
+        .where(eq(roles.isSuperuserRole, true))
+        .execute();
+
+    // Add new actions
+    for (const actionId of actionsToAdd) {
+    await db.insert(actions).values({ actionId }).execute();
+        // Add new actions to the Default role
+        await db.insert(roleActions)
+            .values(defaultRoles.map(role => ({ roleId: role.roleId!, actionId, orgId: role.orgId! })))
            .execute();
-        if (existing.length === 0) {
-            await db
-                .insert(actions)
-                .values({
-                    actionId
-                })
-                .execute();
-        }
    }

-    // make sure all actions are in the database
-    const existingActions = await db
-        .select()
-        .from(actions)
-        .execute();
-    for (const action of existingActions) {
-        if (!actionIds.includes(action.actionId as ActionsEnum)) {
-            await db
-                .delete(actions)
-                .where(eq(actions.actionId, action.actionId))
-                .execute();
-        }
+    // Remove deprecated actions
+    if (actionsToRemove.length > 0) {
+        await db.delete(actions).where(inArray(actions.actionId, actionsToRemove)).execute();
+        await db.delete(roleActions).where(inArray(roleActions.actionId, actionsToRemove)).execute();
    }
+}
+
+export async function createSuperuserRole(orgId: number) {
+    // Create the Default role if it doesn't exist
+    const [insertedRole] = await db
+        .insert(roles)
+        .values({
+            orgId,
+            isSuperuserRole: true,
+            name: 'Superuser',
+            description: 'Superuser role with all actions'
+        })
+        .returning({ roleId: roles.roleId })
+        .execute();
+
+    const roleId = insertedRole.roleId;
+
+    // Add all current actions to the new Default role
+    const actionIds = Object.values(ActionsEnum);
+    await db.insert(roleActions)
+        .values(actionIds.map(actionId => ({
+            roleId,
+            actionId: actionId,
+            orgId
+        })))
+        .execute();
 }
--- a/server/db/schema.ts
+++ b/server/db/schema.ts
@ -138,6 +138,7 @@ export const actions = sqliteTable("actions", {
 export const roles = sqliteTable("roles", {
    roleId: integer("roleId").primaryKey({ autoIncrement: true }),
    orgId: integer("orgId").references(() => orgs.orgId, { onDelete: "cascade" }),
+    isSuperuserRole: integer("isSuperuserRole", { mode: "boolean" }),
    name: text("name").notNull(),
    description: text("description"),
 });