08. Role-Based Access/02. Roles Seed (💪 problem)

Roles Seed

Loading "Managing Roles and Permissions"

👨‍💼 Perhaps in the future we'll want pretty fine-grained roles and permissions, but for now we really only have two roles:

admin - which can do anything to everything
user - which can do anything to their own data

We want to apply these roles and permissions to all new users who are created. That means that our database needs to have these values before we can create any users. Our

prisma/seed.ts

is intended to seed the local development database, but we're going to need this seeding in production as well.

So, what we need is to manually update our the migration.sql file we just made for our permissions to create the roles and permissions. That way when we deploy our updates to production, the production database will automatically get these roles and permissions.

The tricky bit is knowing how to write the SQL to create the roles and permissions. If you're a SQL wiz, feel free to write it by hand, but for the rest of us, here's a strategy:

Create a temporary script file that generates a temporary database and seeds it with the data we want:

Feel free to use my script

import { PrismaClient } from '@prisma/client'
import { execaCommand } from 'execa'

const datasourceUrl = 'file:./tmp.ignored.db'
console.time('🗄️ Created database...')
await execaCommand('npx prisma migrate deploy', {
	stdio: 'inherit',
	env: { DATABASE_URL: datasourceUrl },
})
console.timeEnd('🗄️ Created database...')

const prisma = new PrismaClient({ datasourceUrl })

console.time('🔑 Created permissions...')
const entities = ['user', 'note']
const actions = ['create', 'read', 'update', 'delete']
const accesses = ['own', 'any']
for (const entity of entities) {
	for (const action of actions) {
		for (const access of accesses) {
			await prisma.permission.create({ data: { entity, action, access } })
		}
	}
}
console.timeEnd('🔑 Created permissions...')

console.time('👑 Created roles...')
await prisma.role.create({
	data: {
		name: 'admin',
		permissions: {
			connect: await prisma.permission.findMany({
				select: { id: true },
				where: { access: 'any' },
			}),
		},
	},
})
await prisma.role.create({
	data: {
		name: 'user',
		permissions: {
			connect: await prisma.permission.findMany({
				select: { id: true },
				where: { access: 'own' },
			}),
		},
	},
})
console.timeEnd('👑 Created roles...')

console.log('✅ all done')

Run the script with node tmp.ignored.js
Create a "dump" of all the data in the temporary database using sqlite3 (install instructions in exercise 9 of the Data workshop):
```
sqlite3 ./prisma/tmp.ignored.db .dump > tmp.ignored.sql
```
Copy the INSERT statements (only the INSERT statements) from the tmp.ignored.sql file into the permissions migration.sql file in prisma/migrations.

Once you've done that, you can update

prisma/seed.ts

to assign the "user" roles to the generated users and the "admin" and "user" roles to the Kody user.

Once you've finished updating the seed script, you can reset the database and run the seed with:

npx prisma migrate reset --force

But before we wrap this up, you'll want to make sure we create all new users with the user role, otherwise new users won't have the right permissions!

We do that in

app/utils/auth.server.ts

, so get that updated too please.

← Previous Next →

Edit on GitHubEdit this page on GitHub

problem solution diff chat

general
Migration to Vite: Server-only module referenced by client
Fabian 🌌:
Hi, I'm working on migrating to Vite following the remix docs (https://remix.run/docs/en/main/guides...
1 · 20 days ago
general
Remix Vite Plugin
Binalfew 🚀 🌌:
<@105755735731781632> Now that remix officially supports vite (though not stable) what does it mean...
✅1
3 · a year ago
general
Welcome to EpicWeb.dev! Say Hello 👋
Kent C. Dodds ◆ 🚀🏆🌌:
This is the first post of many hopefully!
17
78 · a year ago
general
🔭foundations
Solutions video on localhost:5639 ?
quang 🚀 🌌:
Hi, so I'm having a hard time navigating (hopefully will be better with time) The nav on epicweb.de...
✅1
9 · 10 months ago
🔐auth
Where are we getting target_type from?
Salym 🚀 🏆 🌌:
I don't see target_type in ur verification schema, how are we generating this?
✅1
9 · 2 months ago
🔐auth
Unknown file extension ".png" for ".../user.png"
TraderDave79 🌌:
I'm going through the `web-auth` module and in the "Require Authenticated" exercise, after making th...
✅1
9 · 3 months ago
🔐auth
github.com refuses to connect in workshop app
TraderDave79 🌌:
Web Authentication / OAuth / 02. GitHub Strategy / Problem & Solution apps, when clicking "Login wit...
✅1
3 · 3 months ago
general
Epicshop is now social and mobile friendly!
Kent C. Dodds ◆ 🚀🏆🌌:
I'm excited to announce that now the Epic Web workshops are mobile friendly! https://foundations.ep...
🎉2
0 · 3 months ago
🔐auth
Github token added on refactor of connection model exercise
abraham_aguilera 🌌:
Where does the newly created `GITHUB_TOKEN` come from in the `resolveConnectionData` introduced in t...
2 · 3 months ago
💾data
general
📝forms
🔭foundations
double underscore?
trendaaang 🌌:
What with the `__note-editor.tsx`? I don't see that in the Remix docs and I don't remember Kent talk...
✅1
2 · 4 months ago
🔐auth
RBAC with Entity scoping
abraham_aguilera 🌌:
Hi all! I'm working on implementing access control but I want to be able to scope permissions per en...
✅1
3 · 4 months ago
🔐auth
💾data
08. ROLE-BASED ACCESS / 02. ROLES SEED - migration to local vs production
Fabian 🌌:
So I'm in a bit over my head with this one, in particular with how migration works in a local env vs...
✅1
1 · 4 months ago
🔐auth
Redirect Cookie > 03. Redirect missing ProgressToggle form
Román 🏆 🚀 🌌:
This last exercises of the Auth module isn't showing the ProgressToggle form for some reason. I fork...
✅1
5 · 9 months ago
💾data
🔐auth
Prisma batching in the Require Authorized (07/03/solution)
ajara 🌌 🚀:
When I did the `requireUser` function in `auth.server.ts` I thought about using `requireUserId` func...
✅1
4 · 5 months ago
🔭foundations
💾data
general
📝forms
🔐auth
Native Logging
trendaaang 🌌:
I was thinking that it could be useful to log every CRUD operation to help track down errors. Is tha...
✅1
6 · 5 months ago
general
The video play is pretty laggy currently
QzCurious 🌌:
I thought I should tag you for this <@105755735731781632>. Please take a look if something wrong.
✅2
9 · 6 months ago
general
New Workshop Scheduled
Kent C. Dodds ◆ 🚀🏆🌌:
Hey Epic Web devs! I wanted to let you know before everyone else on here: https://www.epicweb.dev/ev...
2
0 · 6 months ago
general
Deploying an exercise
Khoi 🚀 🌌:
Dear <@105755735731781632> , First of all, I really appreciate your effort in building this EPIC cou...
✅1
1 · 6 months ago
general
"Start App" throws error: Error: Cannot add empty string to PrefixLookupTrie
Martin 🌌:
✗ npm run start > start > kcdshop start [playground:4000] [playground:4000] > dev [playground:4000...
✅1
7 · 10 months ago
general
📝forms
Can't start the playground
trendaaang 🌌:
Been a minute since I last worked on this course. Just tried running the app and was notified that t...
✅1
3 · 7 months ago
general
Question about the Workshop App tabs
sjollivier 🌌:
Just started the course. I might have missed this in the Getting Started video, but how should I be ...
✅1
1 · 7 months ago
🔐auth
Debugging `createCookieSessionStorage`
Khoi 🚀 🌌:
How do I get (`console.log`) **ALL** the currently active sessions ***and their content*** that are ...
✅1
2 · 7 months ago

Create Post