Merge pull request #5214 from logto-io/gao-fix-alteration-script

refactor(schemas): fix alteration script

Author: gao-sun

packages/schemas/alterations/next-1704692973-remove-legacy-resources.ts

@@ -5,15 +5,6 @@ import type { AlterationScript } from '../lib/types/alteration.js';
 
 const alteration: AlterationScript = {
   up: async (pool) => {
-    // Unassign cloud scopes accidentally assigned to the admin Management API proxy
-    await pool.query(sql`
-      delete from roles_scopes
-      using scopes
-      where roles_scopes.tenant_id = 'admin'
-      and roles_scopes.role_id = 'm-admin'
-      and roles_scopes.scope_id = scopes.id
-      and scopes.name in ('send:sms', 'send:email', 'create:affiliate', 'manage:affiliate');
-    `);
     // Delete all legacy roles in the admin tenant
     await pool.query(sql`
       delete from roles
@@ -41,23 +32,22 @@ const alteration: AlterationScript = {
   },
   down: async (pool) => {
     console.log('Add `manage:tenant` scope to the Cloud API resource');
-    // Add `manage:tenant` scope to the Cloud API resource
     await pool.query(sql`
       insert into scopes (tenant_id, id, name, description, resource_id)
       values ('admin', 'manage:tenant', 'manage:tenant', 'Allow managing existing tenants, including create without limitation, update, and delete.', (
         select id from resources where tenant_id = 'admin' and indicator = 'https://cloud.logto.io/api'
       ));
     `);
+
     console.log('Update default role description');
-    // Update default role description
     await pool.query(sql`
       update roles
       set description = 'Admin tenant admin role for Logto tenant default.'
       where tenant_id = 'admin'
       and name = 'default:admin';
     `);
+
     console.log('Add legacy roles in the admin tenant');
-    // Add legacy roles in the admin tenant
     const existingTenantIds = await pool.any<{ id: string }>(sql`
       select id from tenants where id != 'default';
     `);
@@ -77,8 +67,8 @@ const alteration: AlterationScript = {
         sql`, `
       )};
     `);
+
     console.log('Restore assigned Management API scopes to the legacy roles');
-    // Restore assigned Management API scopes to the legacy roles
     await pool.query(sql`
       insert into roles_scopes (tenant_id, id, role_id, scope_id)
       values ${sql.join(
@@ -101,8 +91,8 @@ const alteration: AlterationScript = {
         sql`, `
       )};
     `);
+
     console.log('Assign to legacy roles to users according to the tenant organization roles');
-    // Assign to legacy roles to users according to the tenant organization roles
     const adminUsersOrganizations = await pool.any<{ userId: string; organizationId: string }>(sql`
       select user_id as "userId", organization_id as "organizationId"
       from organization_role_user_relations
@@ -127,26 +117,14 @@ const alteration: AlterationScript = {
         sql`, `
       )};
     `);
-    console.log(
-      'Assign back cloud scopes to the admin Management API proxy and the legacy admin user'
-    );
-    // Assign back cloud scopes to the admin Management API proxy and the legacy admin user
+
+    console.log('Assign back cloud scopes to the legacy admin user');
     await pool.query(sql`
       insert into roles_scopes (tenant_id, id, role_id, scope_id)
       values ${sql.join(
         ['send:sms', 'send:email', 'create:affiliate', 'manage:affiliate', 'manage:tenant'].map(
           (scope) => {
             return sql`
-              (
-                'admin',
-                ${generateStandardId()},
-                'm-admin',
-                (
-                  select id from scopes
-                  where tenant_id = 'admin'
-                  and name = ${scope}
-                )
-              ),
               (
                 'admin',
                 ${generateStandardId()},