Skip to content

Commit

Permalink
feat(schemas): add new tenant role collaborator and deprecate member …
Browse files Browse the repository at this point in the history
…role
  • Loading branch information
charIeszhao committed Apr 2, 2024
1 parent 866c58e commit d912429
Show file tree
Hide file tree
Showing 2 changed files with 42 additions and 5 deletions.
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
import { sql } from '@silverhand/slonik';

import type { AlterationScript } from '../lib/types/alteration.js';

const alteration: AlterationScript = {
up: async (pool) => {
await pool.query(sql`
insert into organization_roles (tenant_id, id, name, description)
values ('admin', 'collaborator', 'collaborator', 'Collaborator of the tenant, who has permissions to operate the tenant data, but not the tenant settings.');
insert into organization_role_scope_relations (tenant_id, organization_role_id, organization_scope_id)
values ('admin', 'collaborator', 'read-data'),
('admin', 'collaborator', 'write-data'),
('admin', 'collaborator', 'delete-data'),
('admin', 'collaborator', 'read-member');
`);
},
down: async (pool) => {
await pool.query(sql`
delete from organization_roles
where tenant_id = 'admin' and id = 'collaborator';
delete from organization_role_scope_relations
where tenant_id = 'admin' and organization_role_id = 'collaborator';
`);
},
};

export default alteration;
20 changes: 15 additions & 5 deletions packages/schemas/src/types/tenant-organization.ts
Original file line number Diff line number Diff line change
Expand Up @@ -124,29 +124,33 @@ const tenantScopeDescriptions: Readonly<Record<TenantScope, string>> = Object.fr
export enum TenantRole {
/** Admin of the tenant, who has all permissions. */
Admin = 'admin',
/** Member of the tenant, who has permissions to operate the tenant data, but not the tenant settings. */
/** @deprecated Member of the tenant, who has permissions to operate the tenant data, but not the tenant settings. */
Member = 'member',
/** Collaborator of the tenant, who has permissions to operate the tenant data, but not the tenant settings. */
Collaborator = 'collaborator',
}

const tenantRoleDescriptions: Readonly<Record<TenantRole, string>> = Object.freeze({
[TenantRole.Admin]: 'Admin of the tenant, who has all permissions.',
[TenantRole.Member]:
'Member of the tenant, who has permissions to operate the tenant data, but not the tenant settings.',
[TenantRole.Collaborator]:
'Collaborator of the tenant, who has permissions to operate the tenant data, but not the tenant settings.',
});

/**
* Given a tenant role, return the corresponding organization role data in the admin tenant.
*
* @example
* ```ts
* const role = TenantRole.Member; // 'member'
* const role = TenantRole.Collaborator; // 'collaborator'
* const roleData = getTenantRole(role);
*
* expect(roleData).toEqual({
* tenantId: 'admin',
* id: 'member',
* name: 'member',
* description: 'Member of the tenant, who has permissions to operate the tenant data, but not the tenant settings.',
* id: 'collaborator',
* name: 'collaborator',
* description: 'Collaborator of the tenant, who has permissions to operate the tenant data, but not the tenant settings.',
* });
* ```
*
Expand All @@ -173,4 +177,10 @@ export const tenantRoleScopes: Readonly<Record<TenantRole, Readonly<TenantScope[
TenantScope.DeleteData,
TenantScope.ReadMember,
],
[TenantRole.Collaborator]: [
TenantScope.ReadData,
TenantScope.WriteData,
TenantScope.DeleteData,
TenantScope.ReadMember,
],
});

0 comments on commit d912429

Please sign in to comment.