Merge dev into update-oauth-docs

2026-06-04 21:04:37 +08:00 · 2025-11-14 03:32:13 -08:00 · 2025-11-14 03:32:13 -08:00 · c09974a7fd
commit c09974a7fd
parent 078fbf4b36 6af55895e8
2 changed files with 44 additions and 7 deletions
--- a/apps/backend/prisma/seed.ts
+++ b/apps/backend/prisma/seed.ts
@ -1,7 +1,7 @@
 /* eslint-disable no-restricted-syntax */
 import { usersCrudHandlers } from '@/app/api/latest/users/crud';
 import { overrideEnvironmentConfigOverride } from '@/lib/config';
-import { grantTeamPermission, updatePermissionDefinition } from '@/lib/permissions';
+import { ensurePermissionDefinition, grantTeamPermission } from '@/lib/permissions';
 import { createOrUpdateProjectWithLegacyConfig, getProject } from '@/lib/projects';
 import { DEFAULT_BRANCH_ID, getSoleTenancyFromProjectBranch } from '@/lib/tenancies';
 import { getPrismaClientForTenancy, globalPrismaClient } from '@/prisma-client';
@ -203,30 +203,28 @@ export async function seed() {
    }
  });

-  await updatePermissionDefinition(
+  await ensurePermissionDefinition(
    globalPrismaClient,
    internalPrisma,
    {
-      oldId: "team_member",
+      id: "team_member",
      scope: "team",
      tenancy: internalTenancy,
      data: {
-        id: "team_member",
        description: "1",
        contained_permission_ids: ["$read_members"],
      }
    }
  );
  const updatedInternalTenancy = await getSoleTenancyFromProjectBranch("internal", DEFAULT_BRANCH_ID);
-  await updatePermissionDefinition(
+  await ensurePermissionDefinition(
    globalPrismaClient,
    internalPrisma,
    {
-      oldId: "team_admin",
+      id: "team_admin",
      scope: "team",
      tenancy: updatedInternalTenancy,
      data: {
-        id: "team_admin",
        description: "2",
        contained_permission_ids: ["$read_members", "$remove_members", "$update_team"],
      }
--- a/apps/backend/src/lib/permissions.tsx
+++ b/apps/backend/src/lib/permissions.tsx
@ -334,6 +334,45 @@ export async function updatePermissionDefinition(
  };
 }

+export async function ensurePermissionDefinition(
+  globalTx: PrismaTransaction,
+  sourceOfTruthTx: PrismaTransaction,
+  options: {
+    scope: "team" | "project",
+    tenancy: Tenancy,
+    id: string,
+    data: {
+      description?: string,
+      contained_permission_ids?: string[],
+    },
+  }
+) {
+  const existingPermission = getOrUndefined(options.tenancy.config.rbac.permissions, options.id);
+
+  if (existingPermission) {
+    return await updatePermissionDefinition(globalTx, sourceOfTruthTx, {
+      scope: options.scope,
+      tenancy: options.tenancy,
+      oldId: options.id,
+      data: {
+        id: options.id,
+        description: options.data.description,
+        contained_permission_ids: options.data.contained_permission_ids,
+      },
+    });
+  } else {
+    return await createPermissionDefinition(globalTx, {
+      scope: options.scope,
+      tenancy: options.tenancy,
+      data: {
+        id: options.id,
+        description: options.data.description,
+        contained_permission_ids: options.data.contained_permission_ids,
+      },
+    });
+  }
+}
+
 export async function deletePermissionDefinition(
  globalTx: PrismaTransaction,
  sourceOfTruthTx: PrismaTransaction,