feat(schemas): add new tenant role collaborator and deprecate member …

…role
logto-io · Apr 2, 2024 · 0c7aa98 · 0c7aa98
1 parent 4f12e52
commit 0c7aa98
Show file tree

Hide file tree

Showing 2 changed files with 42 additions and 5 deletions.
diff --git a/packages/schemas/alterations/next-1712041436-add-new-organization-role-collaborator.ts b/packages/schemas/alterations/next-1712041436-add-new-organization-role-collaborator.ts
@@ -0,0 +1,27 @@
+import { sql } from '@silverhand/slonik';
+
+import type { AlterationScript } from '../lib/types/alteration.js';
+
+const alteration: AlterationScript = {
+  up: async (pool) => {
+    await pool.query(sql`
+      insert into organization_roles (tenant_id, id, name, description)
+        values ('admin', 'collaborator', 'collaborator', 'Collaborator of the tenant, who has permissions to operate the tenant data, but not the tenant settings.');
+      insert into organization_role_scope_relations (tenant_id, organization_role_id, organization_scope_id)
+        values ('admin', 'collaborator', 'read-data'),
+               ('admin', 'collaborator', 'write-data'),
+               ('admin', 'collaborator', 'delete-data'),
+               ('admin', 'collaborator', 'read-member');
+    `);
+  },
+  down: async (pool) => {
+    await pool.query(sql`
+      delete from organization_roles
+        where tenant_id = 'admin' and id = 'collaborator';
+      delete from organization_role_scope_relations
+        where tenant_id = 'admin' and organization_role_id = 'collaborator';
+    `);
+  },
+};
+
+export default alteration;
diff --git a/packages/schemas/src/types/tenant-organization.ts b/packages/schemas/src/types/tenant-organization.ts
@@ -124,29 +124,33 @@ const tenantScopeDescriptions: Readonly<Record<TenantScope, string>> = Object.fr
 export enum TenantRole {
   /** Admin of the tenant, who has all permissions. */
   Admin = 'admin',
-  /** Member of the tenant, who has permissions to operate the tenant data, but not the tenant settings. */
+  /** @deprecated Member of the tenant, who has permissions to operate the tenant data, but not the tenant settings. */
   Member = 'member',
+  /** Collaborator of the tenant, who has permissions to operate the tenant data, but not the tenant settings. */
+  Collaborator = 'collaborator',
 }
 
 const tenantRoleDescriptions: Readonly<Record<TenantRole, string>> = Object.freeze({
   [TenantRole.Admin]: 'Admin of the tenant, who has all permissions.',
   [TenantRole.Member]:
     'Member of the tenant, who has permissions to operate the tenant data, but not the tenant settings.',
+  [TenantRole.Collaborator]:
+    'Collaborator of the tenant, who has permissions to operate the tenant data, but not the tenant settings.',
 });
 
 /**
  * Given a tenant role, return the corresponding organization role data in the admin tenant.
  *
  * @example
  * ```ts
- * const role = TenantRole.Member; // 'member'
+ * const role = TenantRole.Collaborator; // 'collaborator'
  * const roleData = getTenantRole(role);
  *
  * expect(roleData).toEqual({
  *   tenantId: 'admin',
- *   id: 'member',
- *   name: 'member',
- *   description: 'Member of the tenant, who has permissions to operate the tenant data, but not the tenant settings.',
+ *   id: 'collaborator',
+ *   name: 'collaborator',
+ *   description: 'Collaborator of the tenant, who has permissions to operate the tenant data, but not the tenant settings.',
  * });
  * ```
  *
@@ -173,4 +177,10 @@ export const tenantRoleScopes: Readonly<Record<TenantRole, Readonly<TenantScope[
       TenantScope.DeleteData,
       TenantScope.ReadMember,
     ],
+    [TenantRole.Collaborator]: [
+      TenantScope.ReadData,
+      TenantScope.WriteData,
+      TenantScope.DeleteData,
+      TenantScope.ReadMember,
+    ],
   });