alldigital/PSA
2
0
Fork 0
Code Issues Pull Requests Actions 13 Packages Projects Releases Wiki Activity
PSA/server/migrations/20250922113000_backfill_settings_permissions_all_actions.cjs
Hermes 284313f908
Some checks are pending
Bidi Control Character Guard / bidi-control-guard (push) Waiting to run
Details
Circular Dependency Check / Check for new circular dependencies (push) Waiting to run
Details
Citus Migration Smoke / Combined migrations on single-node Citus (push) Waiting to run
Details
E2E Fresh Install Tests / fresh-install-e2e (push) Waiting to run
Details
ext-v2 guardrails / Run ext-v2 guard and ESLint (push) Waiting to run
Details
Integration Tests / Check for relevant changes (push) Waiting to run
Details
Integration Tests / ${{ (github.event_name == 'schedule' || github.event.inputs.suite == 'full') && 'Full integration suite' || 'Tier-1 integration subset' }} (push) Blocked by required conditions
Details
Mobile checks / Mobile lint + typecheck (push) Waiting to run
Details
Mobile checks / Mobile unit tests (push) Waiting to run
Details
Mobile checks / Mobile dependency audit (report) (push) Waiting to run
Details
Mobile checks / Mobile reproducibility checks (push) Waiting to run
Details
Secrets guard (env backups) / Ensure no tracked env backup files (push) Waiting to run
Details
Temporal Readiness / fast-readiness (push) Waiting to run
Details
Temporal Readiness / docker-parity (push) Waiting to run
Details
TypeScript Type Check / Nx affected typecheck (push) Waiting to run
Details
Unit Tests / Skipped-test budget (push) Waiting to run
Details
Unit Tests / Nx affected unit tests (push) Waiting to run
Details
Unit Tests / Server unit coverage (informational) (push) Waiting to run
Details
Validate Tenant Management Schema / Check for relevant changes (push) Waiting to run
Details
Validate Tenant Management Schema / Validate Tenant Management Schema (push) Blocked by required conditions
Details
EE Workflows Build Guard / ee-workflows-build-guard (push) Waiting to run
Details
Initial import of AlgaPSA codebase from PSA server 
Excluded: .git, node_modules, secrets/, compose.env, assemblyscript tgz

Source: /opt/alga-psa on psa.joliet.tech
2026-06-22 16:12:17 -05:00

108 lines
3.1 KiB
JavaScript
Raw Permalink Blame History

/**
* Ensure MSP Admin roles have full access to settings permissions after prior migrations.
*/
exports.up = async function up(knex) {
const tenants = await knex('tenants').pluck('tenant');
const actions = [
{ action: 'read', description: 'View portal settings' },
{ action: 'create', description: 'Create portal settings' },
{ action: 'update', description: 'Manage portal settings' },
{ action: 'delete', description: 'Delete portal settings' },
];
for (const tenant of tenants) {
const adminRole = await knex('roles')
.where({ tenant, role_name: 'Admin', msp: true })
.first('role_id');
for (const { action, description } of actions) {
const permission = await knex('permissions')
.where({ tenant, resource: 'settings', action })
.first();
let permissionId;
if (permission) {
permissionId = permission.permission_id;
if (!permission.msp || !permission.client || (!permission.description && description)) {
await knex('permissions')
.where({ permission_id: permissionId })
.update({
msp: true,
client: true,
description: permission.description || description,
});
}
} else {
const [inserted] = await knex('permissions')
.insert({
permission_id: knex.raw('gen_random_uuid()'),
tenant,
resource: 'settings',
action,
msp: true,
client: true,
description,
created_at: knex.fn.now(),
})
.returning(['permission_id']);
permissionId = inserted.permission_id;
}
if (!permissionId || !adminRole) {
continue;
}
const assignment = await knex('role_permissions')
.where({ tenant, role_id: adminRole.role_id, permission_id: permissionId })
.first();
if (!assignment) {
await knex('role_permissions').insert({
tenant,
role_id: adminRole.role_id,
permission_id: permissionId,
created_at: knex.fn.now(),
});
}
}
}
const dbUserServer = process.env.DB_USER_SERVER || 'app_user';
await knex.schema.raw('GRANT ALL PRIVILEGES ON TABLE portal_domains TO ??', [dbUserServer]);
};
exports.down = async function down(knex) {
const tenants = await knex('tenants').pluck('tenant');
const actions = ['read', 'create', 'update', 'delete'];
for (const tenant of tenants) {
const adminRole = await knex('roles')
.where({ tenant, role_name: 'Admin', msp: true })
.first('role_id');
for (const action of actions) {
const permission = await knex('permissions')
.where({ tenant, resource: 'settings', action })
.first();
if (!permission) {
continue;
}
if (adminRole) {
await knex('role_permissions')
.where({ tenant, role_id: adminRole.role_id, permission_id: permission.permission_id })
.delete();
}
await knex('permissions')
.where({ permission_id: permission.permission_id })
.update({ msp: false, client: true });
}
}
};
Reference in New Issue View Git Blame Copy Permalink