107 lines
3.2 KiB
TypeScript
107 lines
3.2 KiB
TypeScript
import { PrismaClient } from "@prisma/client";
|
|
|
|
export class PermissionSeeder {
|
|
constructor(private prisma: PrismaClient) {}
|
|
|
|
async run(): Promise<void> {
|
|
console.log('Seeding permissions...');
|
|
|
|
// Delete existing permissions to avoid duplicates
|
|
await this.prisma.permissions.deleteMany({});
|
|
|
|
try {
|
|
// Fetch all resources and roles
|
|
const allResources = await this.prisma.resources.findMany();
|
|
const adminRole = await this.prisma.roles.findUnique({
|
|
where: { name: 'admin' },
|
|
});
|
|
const viewerRole = await this.prisma.roles.findUnique({
|
|
where: { name: 'viewer' },
|
|
});
|
|
const staffRole = await this.prisma.roles.findUnique({
|
|
where: { name: 'staff' },
|
|
});
|
|
|
|
if (!adminRole || !viewerRole || !staffRole) {
|
|
console.error('Roles not found. Please seed roles first.');
|
|
return;
|
|
}
|
|
|
|
// Admin permissions - full access to all resources
|
|
for (const resource of allResources) {
|
|
await this.createPermissions(adminRole.id, resource.id, [
|
|
'create',
|
|
'read',
|
|
'update',
|
|
'delete',
|
|
]);
|
|
}
|
|
|
|
// Viewer permissions - read-only access to all resources
|
|
for (const resource of allResources) {
|
|
await this.createPermissions(viewerRole.id, resource.id, ['read']);
|
|
}
|
|
|
|
// Staff permissions - mixed permissions based on resource
|
|
for (const resource of allResources) {
|
|
if (
|
|
['roles', 'permissions', 'resources', 'users'].includes(resource.name)
|
|
) {
|
|
// Staff can only read roles, permissions, resources, and users
|
|
await this.createPermissions(staffRole.id, resource.id, ['read']);
|
|
} else {
|
|
// Staff can create, read, update but not delete other resources
|
|
await this.createPermissions(staffRole.id, resource.id, [
|
|
'create',
|
|
'read',
|
|
'update',
|
|
]);
|
|
}
|
|
}
|
|
|
|
console.log('Permissions seeded successfully!');
|
|
} catch (error) {
|
|
console.error('Error seeding permissions:', error);
|
|
}
|
|
}
|
|
|
|
private async createPermissions(
|
|
roleId: string,
|
|
resourceId: string,
|
|
actions: string[]
|
|
) {
|
|
try {
|
|
// Prepare all permissions at once
|
|
const permissionsData = actions.map((action) => ({
|
|
action: action,
|
|
resource_id: resourceId,
|
|
role_id: roleId,
|
|
}));
|
|
|
|
// Create permissions in smaller batches to avoid potential issues
|
|
const batchSize = 50;
|
|
for (let i = 0; i < permissionsData.length; i += batchSize) {
|
|
const batch = permissionsData.slice(i, i + batchSize);
|
|
|
|
// Create batch of permissions
|
|
const result = await this.prisma.permissions.createMany({
|
|
data: batch,
|
|
skipDuplicates: true, // Skip if the permission already exists
|
|
});
|
|
|
|
console.log(
|
|
`Created ${result.count} permissions for role ${roleId} on resource ${resourceId}`
|
|
);
|
|
}
|
|
|
|
console.log(
|
|
`Completed creating permissions for role ${roleId} on resource ${resourceId}: ${actions.join(', ')}`
|
|
);
|
|
} catch (error) {
|
|
console.error(
|
|
`Error creating permissions for role ${roleId} on resource ${resourceId}:`,
|
|
error
|
|
);
|
|
}
|
|
}
|
|
} |