@wirechunk/cli 0.0.1-rc.2 → 0.0.1

package/build/main.js

@@ -3892,7 +3892,7 @@ function customAlphabet(alphabet2, size = 21) {
   return customRandom(alphabet2, size, random);
 }
 const alphabet = "123456789abcdefghijkmnopqrstuvwxyzABCDEFGHJKLMNPQRSTUVWXYZ";
-customAlphabet(alphabet, 22);
+const cleanSmallId = customAlphabet(alphabet, 22);
 const tinyAlphabet = "23456789abcdefghijkmnopqrstuvwxyz";
 const startWithLowercaseLetterPattern = /^[a-z]/;
 const startsWithLowercaseLetter = (s) => startWithLowercaseLetterPattern.test(s);
@@ -57347,9 +57347,6 @@ const detailedUniqueIntegrityConstraintViolationError = (error2) => {
   return message;
 };
 const isDuplicateDatabaseError = (error2) => !!error2 && typeof error2 === "object" && "code" in error2 && error2.code === "42P04";
-const insertOrgResult = z.object({
-  id: z.string()
-});
 const insertUserResult = z.object({
   id: z.string()
 });
@@ -57396,14 +57393,14 @@ const createUser = async (opts, env2) => {
           throw new Error("Either --org-id or --platform-id must be specified");
         }
         platformId = await db2.maybeOneFirst(
-          distExports$1.sql.type(findOrgResult)`select "platformId" from "Organizations" where "id" = ${orgId}`
+          distExports$1.sql.type(findOrgResult)`select "platformId" from "Orgs" where "id" = ${orgId}`
         );
         if (!platformId) {
           throw new Error(`No org found with ID ${orgId}`);
         }
       } else if (orgId) {
         const orgPlatformId = await db2.maybeOneFirst(
-          distExports$1.sql.type(findOrgResult)`select "platformId" from "Organizations" where "id" = ${orgId}`
+          distExports$1.sql.type(findOrgResult)`select "platformId" from "Orgs" where "id" = ${orgId}`
         );
         if (!orgPlatformId) {
           throw new Error(`No org found with ID ${orgId}`);
@@ -57424,10 +57421,11 @@ const createUser = async (opts, env2) => {
         console.log(`Found platform ${platform.name} (ID ${platform.id})`);
       }
       if (!orgId) {
-        orgId = await db2.oneFirst(
+        orgId = cleanSmallId();
+        await db2.maybeOne(
           distExports$1.sql.type(
-            insertOrgResult
-          )`insert into "Organizations" ("platformId") values (${platform.id}) returning "id"`
+            voidSelectSchema
+          )`insert into "Orgs" ("id", "platformId") values (${orgId}, ${platform.id})`
         );
         if (opts.verbose) {
           console.log(`Created org ID ${orgId}`);
@@ -57437,8 +57435,15 @@ const createUser = async (opts, env2) => {
       const user2 = await db2.one(
         distExports$1.sql.type(
           insertUserResult
-        )`insert into "Users" ("platformId", "email", "emailVerified", "password", "passwordStatus", "orgId", "orgPrimary", "role", "status", "firstName", "lastName") values (${platformId}, ${email}, ${opts.emailVerified}, ${password}, 'Ok', ${orgId}, ${orgPrimary}, ${role}, ${status}, ${firstName}, ${lastName}) returning "id"`
+        )`insert into "Users" ("platformId", "email", "emailVerified", "password", "passwordStatus", "orgId", "role", "status", "firstName", "lastName") values (${platformId}, ${email}, ${opts.emailVerified}, ${password}, 'Ok', ${orgId}, ${role}, ${status}, ${firstName}, ${lastName}) returning "id"`
       );
+      if (orgPrimary) {
+        await db2.maybeOne(
+          distExports$1.sql.type(
+            voidSelectSchema
+          )`update "Orgs" set "primaryUserId" = ${user2.id} where "id" = ${orgId}`
+        );
+      }
       return user2;
     });
     console.log(`Created user (ID ${user.id})`);
@@ -57451,13 +57456,107 @@ const createUser = async (opts, env2) => {
     process.exit(1);
   }
 };
-const findUserSchema = z.object({
+const Permission = {
+  /** Create (i.e., add) extensions. */
+  CreateExtension: "CreateExtension",
+  /** Create sites. */
+  CreateSite: "CreateSite",
+  /** Create page and form templates. */
+  CreateTemplate: "CreateTemplate",
+  /** Create a user in any org. */
+  CreateUser: "CreateUser",
+  /** Edit or manage everything else not covered by other permissions. */
+  Edit: "Edit",
+  /** Edit, including creating and deleting, any component. */
+  EditComponent: "EditComponent",
+  /** Edit, including creating and deleting, any course. */
+  EditCourse: "EditCourse",
+  /** Edit, including creating and deleting, any custom component. */
+  EditCustomComponent: "EditCustomComponent",
+  /** Edit, including creating and deleting, any custom field. */
+  EditCustomField: "EditCustomField",
+  /** Edit any customer site, including its pages and forms, but not necessarily domain. */
+  EditCustomerSite: "EditCustomerSite",
+  /** Edit any extension. */
+  EditExtension: "EditExtension",
+  /** Edit any help ticket's status. */
+  EditHelpTicketStatus: "EditHelpTicketStatus",
+  /** Edit any platform site, including its pages and forms, but not necessarily domain. */
+  EditPlatformSite: "EditPlatformSite",
+  /** Edit, including creating and deleting, any sequence. */
+  EditSequence: "EditSequence",
+  /** Edit any user's position in a sequence. */
+  EditSequenceUser: "EditSequenceUser",
+  /** Edit any site's settings, pages, forms, and layouts. */
+  EditSite: "EditSite",
+  /** Edit any site's domain. */
+  EditSiteDomain: "EditSiteDomain",
+  /** Edit any site's TLS certificate, including creating and deleting certificates. Does not including editing TLS certificates. */
+  EditSiteTlsCertificate: "EditSiteTlsCertificate",
+  /** Edit any subscription. */
+  EditSubscription: "EditSubscription",
+  /** Edit any page and form template. */
+  EditTemplate: "EditTemplate",
+  /** Edit any user's email address. */
+  EditUserEmail: "EditUserEmail",
+  /** Edit which org any user is in and whether a user is an org owner. */
+  EditUserOrg: "EditUserOrg",
+  /** Edit any user's first and last name. */
+  EditUserProfile: "EditUserProfile",
+  /** Edit any user's role. */
+  EditUserRole: "EditUserRole",
+  /** Edit any user's status. */
+  EditUserStatus: "EditUserStatus",
+  /** Sync any form template to forms. */
+  SyncFormTemplateToForms: "SyncFormTemplateToForms",
+  /** Sync any page template to pages. */
+  SyncPageTemplateToPages: "SyncPageTemplateToPages",
+  /** View anything except for sites. */
+  View: "View",
+  /** View any course. */
+  ViewCourse: "ViewCourse",
+  /** View any extension. */
+  ViewExtension: "ViewExtension",
+  /** View any site, including pages, forms, and layouts, and components. */
+  ViewSite: "ViewSite",
+  /** View any page or form template. */
+  ViewTemplate: "ViewTemplate"
+};
+const allPermissions = Object.values(Permission);
+const revokeAllUserPlatformPermissions = async ({
+  platformAdminId
+}, db) => {
+  await db.query(
+    distExports$1.sql.type(
+      voidSelectSchema
+    )`delete from "PlatformAdminPermissions" where "id" = ${platformAdminId}`
+  );
+};
+const grantAllUserPlatformPermissions = async ({
+  platformAdminId
+}, db) => {
+  await db.query(
+    distExports$1.sql.type(
+      voidSelectSchema
+    )`insert into "PlatformAdminPermissions" ("id", "platformAdminId", "permission") values ${distExports$1.sql.join(
+      allPermissions.map(
+        (permission) => distExports$1.sql.fragment`(${cleanSmallId()}, ${platformAdminId}, ${permission})`
+      ),
+      distExports$1.sql.fragment`,`
+    )} on conflict ("platformAdminId", "permission") do nothing`
+  );
+};
+const findPlatformAdminSchema = z.object({
   id: z.string(),
-  platformId: z.string()
+  platformId: z.string(),
+  active: z.boolean()
+});
+const findUserSchema = z.object({
+  id: z.string()
 });
 const editAdmin = async (opts, env2) => {
   const db = await distExports$1.createPool(requireCoreDbUrl(env2));
-  const { platformId, userId, owner, revokeAllPermissions } = opts;
+  const { platformId, userId, owner, active, revokeAllPermissions } = opts;
   if (owner && revokeAllPermissions) {
     console.error(
       "Cannot set a user as a platform owner and revoke all permissions at the same time"
@@ -57466,9 +57565,9 @@ const editAdmin = async (opts, env2) => {
   }
   try {
     await db.transaction(async (db2) => {
-      const platformAdmin = await db2.maybeOne(
+      let platformAdmin = await db2.maybeOne(
         distExports$1.sql.type(
-          findUserSchema
+          findPlatformAdminSchema
         )`select "id" from "PlatformAdmins" where "platformId" = ${platformId} and "userId" = ${userId}`
       );
       if (!platformAdmin) {
@@ -57479,6 +57578,66 @@ const editAdmin = async (opts, env2) => {
           throw new Error(`User with ID ${userId} not found`);
         }
       }
+      if (owner) {
+        if (!platformAdmin) {
+          platformAdmin = await db2.one(
+            distExports$1.sql.type(findPlatformAdminSchema)`
+              insert into "PlatformAdmins" ("id", "platformId", "userId", "owner", "active")
+              values (${cleanSmallId()}, ${platformId}, ${userId}, ${active ?? true}, true)
+              returning "id", "platformId", "active"
+            `
+          );
+        }
+        await grantAllUserPlatformPermissions({ platformAdminId: platformAdmin.id }, db2);
+        if (opts.verbose) {
+          console.log("Set the user as an owner on the platform");
+        }
+      } else if (owner === false) {
+        if (platformAdmin) {
+          await db2.query(
+            distExports$1.sql.type(voidSelectSchema)`
+            update "PlatformAdmins"
+            set "owner" = false
+            where "id" = ${platformAdmin.id}
+          `
+          );
+          if (opts.verbose) {
+            console.log("Removed the user’s owner privileges on the platform");
+          }
+        } else {
+          console.log("This user is not an admin on this platform");
+        }
+      }
+      if (typeof active === "boolean") {
+        if (platformAdmin) {
+          await db2.query(
+            distExports$1.sql.type(voidSelectSchema)`
+              update "PlatformAdmins"
+              set "active" = ${active}
+              where "id" = ${platformAdmin.id}
+            `
+          );
+        } else {
+          if (active) {
+            await db2.one(
+              distExports$1.sql.type(voidSelectSchema)`
+                insert into "PlatformAdmins" ("id", "platformId", "userId", "owner", "active")
+                values (${cleanSmallId()}, ${platformId}, ${userId}, false, ${active})
+              `
+            );
+          } else {
+            console.log("This user is not an admin on this platform");
+          }
+        }
+      }
+      if (revokeAllPermissions) {
+        if (platformAdmin) {
+          await revokeAllUserPlatformPermissions({ platformAdminId: platformAdmin.id }, db2);
+          console.log("Revoked all platform permissions of user");
+        } else {
+          console.log("This user is not an admin on this platform");
+        }
+      }
     });
   } catch (e) {
     if (e instanceof distExports$1.UniqueIntegrityConstraintViolationError) {
@@ -57654,6 +57813,9 @@ const initDb = async (opts, env2) => {
       end if;
     end; $$
   `);
+  await db.query(distExports$1.sql.unsafe`
+    grant ${extRoleIdent} to ${distExports$1.sql.identifier([coreDbUrlObject.username])}
+  `);
   await db.query(distExports$1.sql.unsafe`
     grant connect, create, temporary on database ${distExports$1.sql.identifier([extDb.dbName])} to ${extRoleIdent}
   `);
@@ -57730,9 +57892,11 @@ extDev.command("db-connect-info").description(
   "--extension-id <string>",
   "the ID of the extension, can be set with an EXTENSION_ID environment variable instead"
 ).action(withOptionsAndEnv(dbConnectInfo));
-extDev.command("init-db").description("initialize a development database for an extension, useful for testing").option(
+extDev.command("init-db").description(
+  "initialize a development database for an extension, useful for testing, assumes the extension role exists"
+).option(
   "--extension-id <string>",
   "the ID of the extension, can be set with an EXTENSION_ID environment variable instead"
 ).option("--db-name <string>", "a custom name for the database, applicable only for testing").action(withOptionsAndEnv(initDb));
-program.command("edit-admin").description("edit a platform admin user").requiredOption("--platform-id <string>", "the ID of the platform to edit").requiredOption("--user-id <string>", "the ID of the admin user to edit").option("--owner", "grants the user full permission to manage everything on the platform").option("--revoke-all-permissions", "revokes all permission of the user on their platform").action(withOptionsAndEnv(editAdmin));
+program.command("edit-admin").description("edit a platform admin user or make a user a platform admin").requiredOption("--platform-id <string>", "the ID of the platform to edit").requiredOption("--user-id <string>", "the ID of the admin user to edit").option("--owner", "grants the user full permission to manage everything on the platform").option("--no-owner", "removes owner privileges on the platform").option("--active", "activates or deactivates the user’s admin access on the platform").option("--no-active", "deactivates the user’s admin access on the platform").option("--revoke-all-permissions", "revokes all permission of the user on their platform").action(withOptionsAndEnv(editAdmin));
 await program.parseAsync();

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@wirechunk/cli",
-  "version": "0.0.1-rc.2",
+  "version": "0.0.1",
   "private": false,
   "type": "module",
   "scripts": {

package/src/commands/create-user.ts

@@ -1,4 +1,5 @@
 import { hashPassword, validatePasswordComplexity } from '@wirechunk/backend-lib/passwords.ts';
+import { cleanSmallId } from '@wirechunk/lib/clean-small-id.ts';
 import { normalizeEmailAddress } from '@wirechunk/lib/emails.ts';
 import { createPool, sql, UniqueIntegrityConstraintViolationError } from 'slonik';
 import { z } from 'zod';
@@ -6,10 +7,7 @@ import type { Env } from '../env.ts';
 import { requireCoreDbUrl } from '../env.ts';
 import { detailedUniqueIntegrityConstraintViolationError } from '../errors.ts';
 import type { WithGlobalOptions } from '../global-options.ts';
-
-const insertOrgResult = z.object({
-  id: z.string(),
-});
+import { voidSelectSchema } from '../util.ts';
 
 const insertUserResult = z.object({
   id: z.string(),
@@ -78,7 +76,7 @@ export const createUser = async (
           throw new Error('Either --org-id or --platform-id must be specified');
         }
         platformId = await db.maybeOneFirst(
-          sql.type(findOrgResult)`select "platformId" from "Organizations" where "id" = ${orgId}`,
+          sql.type(findOrgResult)`select "platformId" from "Orgs" where "id" = ${orgId}`,
         );
         if (!platformId) {
           throw new Error(`No org found with ID ${orgId}`);
@@ -86,7 +84,7 @@ export const createUser = async (
       } else if (orgId) {
         // Verify that the specified org belongs to the specified platform.
         const orgPlatformId = await db.maybeOneFirst(
-          sql.type(findOrgResult)`select "platformId" from "Organizations" where "id" = ${orgId}`,
+          sql.type(findOrgResult)`select "platformId" from "Orgs" where "id" = ${orgId}`,
         );
         if (!orgPlatformId) {
           throw new Error(`No org found with ID ${orgId}`);
@@ -107,10 +105,11 @@ export const createUser = async (
         console.log(`Found platform ${platform.name} (ID ${platform.id})`);
       }
       if (!orgId) {
-        orgId = await db.oneFirst(
+        orgId = cleanSmallId();
+        await db.maybeOne(
           sql.type(
-            insertOrgResult,
-          )`insert into "Organizations" ("platformId") values (${platform.id}) returning "id"`,
+            voidSelectSchema,
+          )`insert into "Orgs" ("id", "platformId") values (${orgId}, ${platform.id})`,
         );
         if (opts.verbose) {
           console.log(`Created org ID ${orgId}`);
@@ -121,12 +120,16 @@ export const createUser = async (
       const user = await db.one(
         sql.type(
           insertUserResult,
-        )`insert into "Users" ("platformId", "email", "emailVerified", "password", "passwordStatus", "orgId", "orgPrimary", "role", "status", "firstName", "lastName") values (${platformId}, ${email}, ${opts.emailVerified}, ${password}, 'Ok', ${orgId}, ${orgPrimary}, ${role}, ${status}, ${firstName}, ${lastName}) returning "id"`,
+        )`insert into "Users" ("platformId", "email", "emailVerified", "password", "passwordStatus", "orgId", "role", "status", "firstName", "lastName") values (${platformId}, ${email}, ${opts.emailVerified}, ${password}, 'Ok', ${orgId}, ${role}, ${status}, ${firstName}, ${lastName}) returning "id"`,
       );
 
-      // if (opts.admin) {
-      //   await grantAllUserPlatformPermissions({ userId: user.id, platformId }, db);
-      // }
+      if (orgPrimary) {
+        await db.maybeOne(
+          sql.type(
+            voidSelectSchema,
+          )`update "Orgs" set "primaryUserId" = ${user.id} where "id" = ${orgId}`,
+        );
+      }
 
       return user;
     });

package/src/commands/edit-admin.ts

@@ -1,19 +1,31 @@
+import { cleanSmallId } from '@wirechunk/lib/clean-small-id.ts';
 import { createPool, sql, UniqueIntegrityConstraintViolationError } from 'slonik';
 import { z } from 'zod';
 import type { Env } from '../env.ts';
 import { requireCoreDbUrl } from '../env.ts';
 import { detailedUniqueIntegrityConstraintViolationError } from '../errors.ts';
 import type { WithGlobalOptions } from '../global-options.ts';
+import {
+  grantAllUserPlatformPermissions,
+  revokeAllUserPlatformPermissions,
+} from '../users/permissions.ts';
+import { voidSelectSchema } from '../util.ts';
 
-const findUserSchema = z.object({
+const findPlatformAdminSchema = z.object({
   id: z.string(),
   platformId: z.string(),
+  active: z.boolean(),
+});
+
+const findUserSchema = z.object({
+  id: z.string(),
 });
 
 type EditAdminOptions = {
   platformId: string;
   userId: string;
   owner?: boolean;
+  active?: boolean;
   revokeAllPermissions?: boolean;
 };
 
@@ -22,7 +34,7 @@ export const editAdmin = async (
   env: Env,
 ): Promise<void> => {
   const db = await createPool(requireCoreDbUrl(env));
-  const { platformId, userId, owner, revokeAllPermissions } = opts;
+  const { platformId, userId, owner, active, revokeAllPermissions } = opts;
 
   if (owner && revokeAllPermissions) {
     console.error(
@@ -33,9 +45,9 @@ export const editAdmin = async (
 
   try {
     await db.transaction(async (db) => {
-      const platformAdmin = await db.maybeOne(
+      let platformAdmin = await db.maybeOne(
         sql.type(
-          findUserSchema,
+          findPlatformAdminSchema,
         )`select "id" from "PlatformAdmins" where "platformId" = ${platformId} and "userId" = ${userId}`,
       );
       if (!platformAdmin) {
@@ -46,17 +58,67 @@ export const editAdmin = async (
           throw new Error(`User with ID ${userId} not found`);
         }
       }
-
-      // TODO
-
-      // if (owner) {
-      //   await grantAllUserPlatformPermissions({ userId: id, platformId: user.platformId }, db);
-      //   console.log('Set user as a platform admin');
-      // }
-      // if (revokeAllPermissions) {
-      //   await revokeAllUserPlatformPermissions({ userId: id }, db);
-      //   console.log('Revoked all platform permissions of user');
-      // }
+      if (owner) {
+        if (!platformAdmin) {
+          platformAdmin = await db.one(
+            sql.type(findPlatformAdminSchema)`
+              insert into "PlatformAdmins" ("id", "platformId", "userId", "owner", "active")
+              values (${cleanSmallId()}, ${platformId}, ${userId}, ${active ?? true}, true)
+              returning "id", "platformId", "active"
+            `,
+          );
+        }
+        await grantAllUserPlatformPermissions({ platformAdminId: platformAdmin.id }, db);
+        if (opts.verbose) {
+          console.log('Set the user as an owner on the platform');
+        }
+      } else if (owner === false) {
+        if (platformAdmin) {
+          await db.query(
+            sql.type(voidSelectSchema)`
+            update "PlatformAdmins"
+            set "owner" = false
+            where "id" = ${platformAdmin.id}
+          `,
+          );
+          if (opts.verbose) {
+            console.log('Removed the user’s owner privileges on the platform');
+          }
+        } else {
+          console.log('This user is not an admin on this platform');
+        }
+      }
+      if (typeof active === 'boolean') {
+        if (platformAdmin) {
+          await db.query(
+            sql.type(voidSelectSchema)`
+              update "PlatformAdmins"
+              set "active" = ${active}
+              where "id" = ${platformAdmin.id}
+            `,
+          );
+        } else {
+          if (active) {
+            // Automatically create a platform admin.
+            await db.one(
+              sql.type(voidSelectSchema)`
+                insert into "PlatformAdmins" ("id", "platformId", "userId", "owner", "active")
+                values (${cleanSmallId()}, ${platformId}, ${userId}, false, ${active})
+              `,
+            );
+          } else {
+            console.log('This user is not an admin on this platform');
+          }
+        }
+      }
+      if (revokeAllPermissions) {
+        if (platformAdmin) {
+          await revokeAllUserPlatformPermissions({ platformAdminId: platformAdmin.id }, db);
+          console.log('Revoked all platform permissions of user');
+        } else {
+          console.log('This user is not an admin on this platform');
+        }
+      }
     });
   } catch (e) {
     if (e instanceof UniqueIntegrityConstraintViolationError) {

package/src/commands/ext-dev/init-db.ts

@@ -190,6 +190,9 @@ export const initDb = async (
       end if;
     end; $$
   `);
+  await db.query(sql.unsafe`
+    grant ${extRoleIdent} to ${sql.identifier([coreDbUrlObject.username])}
+  `);
 
   await db.query(sql.unsafe`
     grant connect, create, temporary on database ${sql.identifier([extDb.dbName])} to ${extRoleIdent}

package/src/main.ts

@@ -106,7 +106,9 @@ extDev
 
 extDev
   .command('init-db')
-  .description('initialize a development database for an extension, useful for testing')
+  .description(
+    'initialize a development database for an extension, useful for testing, assumes the extension role exists',
+  )
   .option(
     '--extension-id <string>',
     'the ID of the extension, can be set with an EXTENSION_ID environment variable instead',
@@ -116,10 +118,13 @@ extDev
 
 program
   .command('edit-admin')
-  .description('edit a platform admin user')
+  .description('edit a platform admin user or make a user a platform admin')
   .requiredOption('--platform-id <string>', 'the ID of the platform to edit')
   .requiredOption('--user-id <string>', 'the ID of the admin user to edit')
   .option('--owner', 'grants the user full permission to manage everything on the platform')
+  .option('--no-owner', 'removes owner privileges on the platform')
+  .option('--active', 'activates or deactivates the user’s admin access on the platform')
+  .option('--no-active', 'deactivates the user’s admin access on the platform')
   .option('--revoke-all-permissions', 'revokes all permission of the user on their platform')
   .action(withOptionsAndEnv(editAdmin));
 

package/src/users/permissions.ts

@@ -1,3 +1,4 @@
+import { cleanSmallId } from '@wirechunk/lib/clean-small-id.ts';
 import { Permission } from '@wirechunk/lib/graphql-api-enums.ts';
 import type { CommonQueryMethods } from 'slonik';
 import { sql } from 'slonik';
@@ -7,33 +8,35 @@ export const allPermissions = Object.values(Permission);
 
 export const revokeAllUserPlatformPermissions = async (
   {
-    userId,
+    platformAdminId,
   }: {
-    userId: string;
+    platformAdminId: string;
   },
   db: CommonQueryMethods,
 ): Promise<void> => {
   await db.query(
-    sql.type(voidSelectSchema)`delete from "UserPlatformPermissions" where "userId" = ${userId}`,
+    sql.type(
+      voidSelectSchema,
+    )`delete from "PlatformAdminPermissions" where "id" = ${platformAdminId}`,
   );
 };
 
 export const grantAllUserPlatformPermissions = async (
   {
-    userId,
-    platformId,
+    platformAdminId,
   }: {
-    userId: string;
-    platformId: string;
+    platformAdminId: string;
   },
   db: CommonQueryMethods,
 ): Promise<void> => {
   await db.query(
     sql.type(
       voidSelectSchema,
-    )`insert into "UserPlatformPermissions" ("userId", "platformId", "permission") values ${sql.join(
-      allPermissions.map((permission) => sql.fragment`(${userId}, ${platformId}, ${permission})`),
+    )`insert into "PlatformAdminPermissions" ("id", "platformAdminId", "permission") values ${sql.join(
+      allPermissions.map(
+        (permission) => sql.fragment`(${cleanSmallId()}, ${platformAdminId}, ${permission})`,
+      ),
       sql.fragment`,`,
-    )} on conflict on constraint "UserPlatformPermissions_pkey" do nothing`,
+    )} on conflict ("platformAdminId", "permission") do nothing`,
   );
 };