08. Role-Based Access/02. Roles Seed (💪 problem)

Roles Seed

👨‍💼 Perhaps in the future we'll want pretty fine-grained roles and permissions, but for now we really only have two roles:

admin - which can do anything to everything
user - which can do anything to their own data

We want to apply these roles and permissions to all new users who are created. That means that our database needs to have these values before we can create any users. Our

prisma/seed.ts

is intended to seed the local development database, but we're going to need this seeding in production as well.

So, what we need is to manually update our migration.sql file we just made for our permissions to create the roles and permissions. That way when we deploy our updates to production, the production database will automatically get these roles and permissions.

The tricky bit is knowing how to write the SQL to create the roles and permissions. If you're a SQL wiz, feel free to write it by hand, but for the rest of us, here's a strategy:

Create a temporary script file that generates a temporary database and seeds it with the data we want:

Feel free to use my script

import { PrismaClient } from '@prisma/client'
import { execaCommand } from 'execa'

const datasourceUrl = 'file:./tmp.ignored.db'
console.time('🗄️ Created database...')
await execaCommand('npx prisma migrate deploy', {
	stdio: 'inherit',
	env: { DATABASE_URL: datasourceUrl },
})
console.timeEnd('🗄️ Created database...')

const prisma = new PrismaClient({ datasourceUrl })

console.time('🔑 Created permissions...')
const entities = ['user', 'note']
const actions = ['create', 'read', 'update', 'delete']
const accesses = ['own', 'any']
for (const entity of entities) {
	for (const action of actions) {
		for (const access of accesses) {
			await prisma.permission.create({ data: { entity, action, access } })
		}
	}
}
console.timeEnd('🔑 Created permissions...')

console.time('👑 Created roles...')
await prisma.role.create({
	data: {
		name: 'admin',
		permissions: {
			connect: await prisma.permission.findMany({
				select: { id: true },
				where: { access: 'any' },
			}),
		},
	},
})
await prisma.role.create({
	data: {
		name: 'user',
		permissions: {
			connect: await prisma.permission.findMany({
				select: { id: true },
				where: { access: 'own' },
			}),
		},
	},
})
console.timeEnd('👑 Created roles...')

console.log('✅ all done')

Run the script with node tmp.ignored.js
Create a "dump" of all the data in the temporary database using sqlite3 (install instructions in exercise 9 of the Data workshop):
```
sqlite3 ./prisma/tmp.ignored.db .dump > tmp.ignored.sql
```
Copy the INSERT statements (only the INSERT statements) from the tmp.ignored.sql file into the permissions migration.sql file in prisma/migrations.

Once you've done that, you can update

prisma/seed.ts

to assign the "user" roles to the generated users and the "admin" and "user" roles to the Kody user.

Once you've finished updating the seed script, you can reset the database and run the seed with:

npx prisma migrate reset --force

But before we wrap this up, you'll want to make sure we create all new users with the user role, otherwise new users won't have the right permissions!

We do that in

app/utils/auth.server.ts

, so get that updated too please.

← Previous Next →

Edit on GitHubEdit this page on GitHub

problem solution diff chat

🔐auth
Roles seed
Baghira 🌌:
I haven't understood why we do the manual migration in for patch the permissions and roles into the ...
2 · 2 days ago
general
Mark as complete, resets the first time you click it.
Daniel V.C 🚀 🌌:
Not sure if anyone else has had this issue, as i've not seen anyone else talk about it, but I find ...
8 · 3 days ago
general
Keeping Epic Stack Projects Free on Fly – Any Tips?
wargha 🚀 🌌:
I’ve been experimenting with the Epic Stack and deploying some dummy projects on Fly. I noticed that...
0 · 15 days ago
general
epic stack website initial load at home page is unstyled (sometimes)
osmancakir 🚀 🌌:
Sometimes (especially when it is loaded first time on a new browser etc.) I see this unstyled versio...
10 · 16 hours ago
💾data
general
📝forms
🔭foundations
double underscore?
trendaaang 🌌:
What with the `__note-editor.tsx`? I don't see that in the Remix docs and I don't remember Kent talk...
✅1
2 · a year ago
general
Welcome to EpicWeb.dev! Say Hello 👋
Kent C. Dodds ◆ 🚀🏆🌌:
This is the first post of many hopefully!
18
81 · 2 years ago
💾data
general
📝forms
🔭foundations
Creating Notes
Scott 🌌 🏆:
Does anybody know in what workshop we create notes? I would like to see the routing structure. So fa...
✅1
2 · 3 months ago
🔭foundations
💾data
general
📝forms
🔐auth
Thank you for the inspiration
Binalfew 🚀 🌌:
<@105755735731781632> I wanted to thank you for the incredible knowledge I gained from your Epic Web...
❤️1
1 · 3 months ago
general
npm install everytime I setup a new playground
Duki 🌌:
Is it normal that I have to run `npm install` in my playground directory, everytime I setup the play...
✅1
2 · 5 months ago
🔐auth
The latest web-auth workshop cannot be launch
QzCurious 🌌 🚀:
I've done: 1. Remove web-auth directory 2. Follow https://github.com/epicweb-dev/web-auth?tab=readme...
✅1
7 · 6 months ago
general
Migration to Vite: Server-only module referenced by client
Fabian 🌌:
Hi, I'm working on migrating to Vite following the remix docs (https://remix.run/docs/en/main/guides...
✅1
1 · 7 months ago
🔐auth
Github token added on refactor of connection model exercise
abraham_aguilera 🌌:
Where does the newly created `GITHUB_TOKEN` come from in the `resolveConnectionData` introduced in t...
✅1
2 · 10 months ago
🔐auth
Potential Security Concern with Empty Session Data in createCookieSessionStorage?
QzCurious 🌌 🚀:
Since session data can be an empty object, it seems possible that someone could guess when encrypted...
✅1
6 · 6 months ago
general
Remix Vite Plugin
Binalfew 🚀 🌌:
<@105755735731781632> Now that remix officially supports vite (though not stable) what does it mean...
✅1
3 · a year ago
general
🔭foundations
Solutions video on localhost:5639 ?
quang 🚀 🌌:
Hi, so I'm having a hard time navigating (hopefully will be better with time) The nav on epicweb.de...
✅1
9 · a year ago
🔐auth
Where are we getting target_type from?
Salym 🚀 🏆 🌌:
I don't see target_type in ur verification schema, how are we generating this?
✅1
9 · 9 months ago
🔐auth
Unknown file extension ".png" for ".../user.png"
TraderDave79 🌌:
I'm going through the `web-auth` module and in the "Require Authenticated" exercise, after making th...
✅1
9 · 10 months ago
🔐auth
github.com refuses to connect in workshop app
TraderDave79 🌌:
Web Authentication / OAuth / 02. GitHub Strategy / Problem & Solution apps, when clicking "Login wit...
✅1
3 · 10 months ago
general
Epicshop is now social and mobile friendly!
Kent C. Dodds ◆ 🚀🏆🌌:
I'm excited to announce that now the Epic Web workshops are mobile friendly! https://foundations.ep...
🎉2
0 · 10 months ago
🔐auth
RBAC with Entity scoping
abraham_aguilera 🌌:
Hi all! I'm working on implementing access control but I want to be able to scope permissions per en...
✅1
3 · a year ago
🔐auth
💾data
08. ROLE-BASED ACCESS / 02. ROLES SEED - migration to local vs production
Fabian 🌌:
So I'm in a bit over my head with this one, in particular with how migration works in a local env vs...
✅1
1 · a year ago
🔐auth
Redirect Cookie > 03. Redirect missing ProgressToggle form
Román 🏆 🚀 🌌:
This last exercises of the Auth module isn't showing the ProgressToggle form for some reason. I fork...
✅1
5 · a year ago
💾data
🔐auth
Prisma batching in the Require Authorized (07/03/solution)
ajara 🌌 🚀:
When I did the `requireUser` function in `auth.server.ts` I thought about using `requireUserId` func...
✅1
4 · a year ago

Create Post