npm - @logto/schemas - Versions diffs - 1.13.0 → 1.13.1 - Mend

@logto/schemas 1.13.0 → 1.13.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

package/alterations/1.13.1-1707360939-grant-is-suspended-read-permission.ts ADDED Viewed

@@ -0,0 +1,39 @@
+import { type CommonQueryMethods, sql } from 'slonik';
+import type { AlterationScript } from '../lib/types/alteration.js';
+const getDatabaseName = async (pool: CommonQueryMethods) => {
+  const { currentDatabase } = await pool.one<{ currentDatabase: string }>(sql`
+    select current_database();
+  `);
+  return currentDatabase.replaceAll('-', '_');
+};
+/**
+ * Grant read permission to the is_suspended column in the tenants table to the logto_tenant_<databaseName> role.
+ */
+const alteration: AlterationScript = {
+  up: async (pool) => {
+    const databaseName = await getDatabaseName(pool);
+    const baseRoleId = sql.identifier([`logto_tenant_${databaseName}`]);
+    await pool.query(sql`
+      grant select (is_suspended)
+        on table tenants
+        to ${baseRoleId}
+    `);
+  },
+  down: async (pool) => {
+    const databaseName = await getDatabaseName(pool);
+    const baseRoleId = sql.identifier([`logto_tenant_${databaseName}`]);
+    await pool.query(sql`
+      revoke select(is_suspended)
+        on table tenants
+        from ${baseRoleId}
+    `);
+  },
+};
+export default alteration;

package/alterations-js/1.13.1-1707360939-grant-is-suspended-read-permission.d.ts ADDED Viewed

@@ -0,0 +1,6 @@
+import type { AlterationScript } from '../lib/types/alteration.js';
+/**
+ * Grant read permission to the is_suspended column in the tenants table to the logto_tenant_<databaseName> role.
+ */
+declare const alteration: AlterationScript;
+export default alteration;

package/alterations-js/1.13.1-1707360939-grant-is-suspended-read-permission.js ADDED Viewed

@@ -0,0 +1,31 @@
+import { sql } from 'slonik';
+const getDatabaseName = async (pool) => {
+    const { currentDatabase } = await pool.one(sql `
+    select current_database();
+  `);
+    return currentDatabase.replaceAll('-', '_');
+};
+/**
+ * Grant read permission to the is_suspended column in the tenants table to the logto_tenant_<databaseName> role.
+ */
+const alteration = {
+    up: async (pool) => {
+        const databaseName = await getDatabaseName(pool);
+        const baseRoleId = sql.identifier([`logto_tenant_${databaseName}`]);
+        await pool.query(sql `
+      grant select (is_suspended)
+        on table tenants
+        to ${baseRoleId}
+    `);
+    },
+    down: async (pool) => {
+        const databaseName = await getDatabaseName(pool);
+        const baseRoleId = sql.identifier([`logto_tenant_${databaseName}`]);
+        await pool.query(sql `
+      revoke select(is_suspended)
+        on table tenants
+        from ${baseRoleId}
+    `);
+    },
+};
+export default alteration;

package/lib/foundations/jsonb-types/users.d.ts CHANGED Viewed

@@ -1,7 +1,7 @@
 import { z } from 'zod';
 import { MfaFactor } from './sign-in-experience.js';
 export declare const roleNamesGuard: z.ZodArray<z.ZodString, "many">;
-declare const identityGuard: z.ZodObject<{
+export declare const identityGuard: z.ZodObject<{
     userId: z.ZodString;
     details: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
 }, "strip", z.ZodTypeAny, {
@@ -282,4 +282,3 @@ export declare const mfaVerificationsGuard: z.ZodArray<z.ZodDiscriminatedUnion<"
     lastUsedAt?: string | undefined;
 }>]>, "many">;
 export type MfaVerifications = z.infer<typeof mfaVerificationsGuard>;
-export {};

package/lib/foundations/jsonb-types/users.js CHANGED Viewed

@@ -1,7 +1,7 @@
 import { z } from 'zod';
 import { MfaFactor } from './sign-in-experience.js';
 export const roleNamesGuard = z.string().array();
-const identityGuard = z.object({
+export const identityGuard = z.object({
     userId: z.string(),
     details: z.record(z.unknown()).optional(), // Connector's userinfo details, schemaless
 });

package/lib/seeds/cloud-api.d.ts CHANGED Viewed

@@ -12,7 +12,9 @@ export declare enum CloudScope {
     /** The user can see and manage affiliates, including create, update, and delete. */
     ManageAffiliate = "manage:affiliate",
     /** The user can create new affiliates and logs. */
-    CreateAffiliate = "create:affiliate"
+    CreateAffiliate = "create:affiliate",
+    /** The user can cleanup outdated logs. */
+    CleanupOutdatedLogs = "cleanup:outdated-logs"
 }
 export declare const createCloudApi: () => readonly [UpdateAdminData, ...CreateScope[]];
 export declare const createTenantApplicationRole: () => Readonly<Role>;

package/lib/seeds/cloud-api.js CHANGED Viewed

@@ -16,6 +16,8 @@ export var CloudScope;
     CloudScope["ManageAffiliate"] = "manage:affiliate";
     /** The user can create new affiliates and logs. */
     CloudScope["CreateAffiliate"] = "create:affiliate";
+    /** The user can cleanup outdated logs. */
+    CloudScope["CleanupOutdatedLogs"] = "cleanup:outdated-logs";
 })(CloudScope || (CloudScope = {}));
 export const createCloudApi = () => {
     const resourceId = generateStandardId();

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@logto/schemas",
-  "version": "1.13.0",
+  "version": "1.13.1",
   "author": "Silverhand Inc. <contact@silverhand.io>",
   "license": "MPL-2.0",
   "type": "module",

package/tables/_after_all.sql CHANGED Viewed

@@ -13,7 +13,7 @@ revoke all privileges
   from logto_tenant_${database};
 -- Allow limited select to perform the RLS policy query in `after_each` (using select ... from tenants ...)
-grant select (id, db_user)
+grant select (id, db_user, is_suspended)
   on table tenants
   to logto_tenant_${database};