MCPcopy
hub / github.com/directus/directus / up

Function up

api/src/database/migrations/20240806A-permissions-policies.ts:66–209  ·  view source on GitHub ↗
(knex: Knex)

Source from the content-addressed store, hash-verified

64const PUBLIC_POLICY_ID = 'abf8a154-5b1c-4a46-ac9c-7300570f4f17';
65
66export async function up(knex: Knex) {
67 const logger = useLogger();
68
69 /////////////////////////////////////////////////////////////////////////////////////////////////
70 // If the policies table already exists the migration has already run
71 if (await knex.schema.hasTable('directus_policies')) {
72 return;
73 }
74
75 /////////////////////////////////////////////////////////////////////////////////////////////////
76 // Create new policies table that mirrors previous Roles
77
78 await knex.schema.createTable('directus_policies', (table) => {
79 table.uuid('id').primary();
80 table.string('name', 100).notNullable();
81 table.string('icon', 64).notNullable().defaultTo('badge');
82 table.text('description');
83 table.text('ip_access');
84 table.boolean('enforce_tfa').defaultTo(false).notNullable();
85 table.boolean('admin_access').defaultTo(false).notNullable();
86 table.boolean('app_access').defaultTo(false).notNullable();
87 });
88
89 /////////////////////////////////////////////////////////////////////////////////////////////////
90 // Copy over all existing roles into new policies
91
92 const roles = await knex
93 .select('id', 'name', 'icon', 'description', 'ip_access', 'enforce_tfa', 'admin_access', 'app_access')
94 .from('directus_roles');
95
96 if (roles.length > 0) {
97 await processChunk(roles, 100, async (chunk) => {
98 await knex('directus_policies').insert(chunk);
99 });
100 }
101
102 await knex
103 .insert({
104 id: PUBLIC_POLICY_ID,
105 name: '$t:public_label',
106 icon: 'public',
107 description: '$t:public_description',
108 app_access: false,
109 })
110 .into('directus_policies');
111
112 // Change the admin policy description to $t:admin_policy_description
113 await knex('directus_policies')
114 .update({
115 description: '$t:admin_policy_description',
116 })
117 .where('description', 'LIKE', '$t:admin_description');
118
119 /////////////////////////////////////////////////////////////////////////////////////////////////
120 // Remove access control + add nesting to roles
121
122 await knex.schema.alterTable('directus_roles', (table) => {
123 table.dropColumn('ip_access');

Callers

nothing calls this directly

Calls 13

processChunkFunction · 0.90
useLoggerFunction · 0.85
getSchemaInspectorFunction · 0.85
stringMethod · 0.80
textMethod · 0.80
booleanMethod · 0.80
fromMethod · 0.80
integerMethod · 0.80
hasTableMethod · 0.65
primaryMethod · 0.65
foreignKeysMethod · 0.65
uuidMethod · 0.45

Tested by

no test coverage detected