08. Role-Based Access/02. Roles Seed (πŸ’ͺ problem)

Roles Seed

πŸ‘¨β€πŸ’Ό Perhaps in the future we'll want pretty fine-grained roles and permissions, but for now we really only have two roles:
  1. admin - which can do anything to everything
  2. user - which can do anything to their own data
We want to apply these roles and permissions to all new users who are created. That means that our database needs to have these values before we can create any users. Our
prisma/seed.ts
is intended to seed the local development database, but we're going to need this seeding in production as well.
So, what we need is to manually update our the migration.sql file we just made for our permissions to create the roles and permissions. That way when we deploy our updates to production, the production database will automatically get these roles and permissions.
The tricky bit is knowing how to write the SQL to create the roles and permissions. If you're a SQL wiz, feel free to write it by hand, but for the rest of us, here's a strategy:
  1. Create a temporary script file that generates a temporary database and seeds it with the data we want:
Feel free to use my script
import { PrismaClient } from '@prisma/client'
import { execaCommand } from 'execa'

const datasourceUrl = 'file:./tmp.ignored.db'
console.time('πŸ—„οΈ Created database...')
await execaCommand('npx prisma migrate deploy', {
	stdio: 'inherit',
	env: { DATABASE_URL: datasourceUrl },
})
console.timeEnd('πŸ—„οΈ Created database...')

const prisma = new PrismaClient({ datasourceUrl })

console.time('πŸ”‘ Created permissions...')
const entities = ['user', 'note']
const actions = ['create', 'read', 'update', 'delete']
const accesses = ['own', 'any']
for (const entity of entities) {
	for (const action of actions) {
		for (const access of accesses) {
			await prisma.permission.create({ data: { entity, action, access } })
		}
	}
}
console.timeEnd('πŸ”‘ Created permissions...')

console.time('πŸ‘‘ Created roles...')
await prisma.role.create({
	data: {
		name: 'admin',
		permissions: {
			connect: await prisma.permission.findMany({
				select: { id: true },
				where: { access: 'any' },
			}),
		},
	},
})
await prisma.role.create({
	data: {
		name: 'user',
		permissions: {
			connect: await prisma.permission.findMany({
				select: { id: true },
				where: { access: 'own' },
			}),
		},
	},
})
console.timeEnd('πŸ‘‘ Created roles...')

console.log('βœ… all done')
  1. Run the script with node tmp.ignored.js
  2. Create a "dump" of all the data in the temporary database using sqlite3 (install instructions in exercise 9 of the Data workshop):
    sqlite3 ./prisma/tmp.ignored.db .dump > tmp.ignored.sql
  3. Copy the INSERT statements (only the INSERT statements) from the tmp.ignored.sql file into the permissions migration.sql file in prisma/migrations.
Once you've done that, you can update
prisma/seed.ts
to assign the "user" roles to the generated users and the "admin" and "user" roles to the Kody user.
Once you've finished updating the seed script, you can reset the database and run the seed with:
npx prisma migrate reset --force
But before we wrap this up, you'll want to make sure we create all new users with the user role, otherwise new users won't have the right permissions!
We do that in
app/utils/auth.server.ts
, so get that updated too please.
← PreviousNext β†’
Edit on GitHub
problemsolutiondiffchat
Login to get access to the exclusive discord channel.
  • general
    npm install everytime I setup a new playground
    Duki 🌌:
    Is it normal that I have to run `npm install` in my playground directory, everytime I setup the play...
    • βœ…1
     2 Β· 15 days ago
  • general
    Welcome to EpicWeb.dev! Say Hello πŸ‘‹
    Kent C. Dodds β—† πŸš€πŸ†πŸŒŒ:
    This is the first post of many hopefully!
    • 18
     80 Β· 7 days ago
  • πŸ”auth
    The latest web-auth workshop cannot be launch
    QzCurious 🌌:
    I've done: 1. Remove web-auth directory 2. Follow https://github.com/epicweb-dev/web-auth?tab=readme...
    • βœ…1
     7 Β· 2 months ago
  • general
    Migration to Vite: Server-only module referenced by client
    Fabian 🌌:
    Hi, I'm working on migrating to Vite following the remix docs (https://remix.run/docs/en/main/guides...
    • βœ…1
     1 Β· 3 months ago
  • πŸ”auth
    Github token added on refactor of connection model exercise
    abraham_aguilera 🌌:
    Where does the newly created `GITHUB_TOKEN` come from in the `resolveConnectionData` introduced in t...
    • βœ…1
     2 Β· 5 months ago
  • πŸ”auth
    Potential Security Concern with Empty Session Data in createCookieSessionStorage?
    QzCurious 🌌:
    Since session data can be an empty object, it seems possible that someone could guess when encrypted...
    • βœ…1
     6 Β· 2 months ago
  • general
    Remix Vite Plugin
    Binalfew πŸš€ 🌌:
    <@105755735731781632> Now that remix officially supports vite (though not stable) what does it mean...
    • βœ…1
     3 Β· a year ago
  • general
    πŸ”­foundations
    Solutions video on localhost:5639 ?
    quang πŸš€ 🌌:
    Hi, so I'm having a hard time navigating (hopefully will be better with time) The nav on epicweb.de...
    • βœ…1
     9 Β· a year ago
  • πŸ”auth
    Where are we getting target_type from?
    Salym πŸš€ πŸ† 🌌:
    I don't see target_type in ur verification schema, how are we generating this?
    • βœ…1
     9 Β· 4 months ago
  • πŸ”auth
    Unknown file extension ".png" for ".../user.png"
    TraderDave79 🌌:
    I'm going through the `web-auth` module and in the "Require Authenticated" exercise, after making th...
    • βœ…1
     9 Β· 5 months ago
  • πŸ”auth
    github.com refuses to connect in workshop app
    TraderDave79 🌌:
    Web Authentication / OAuth / 02. GitHub Strategy / Problem & Solution apps, when clicking "Login wit...
    • βœ…1
     3 Β· 5 months ago
  • general
    Epicshop is now social and mobile friendly!
    Kent C. Dodds β—† πŸš€πŸ†πŸŒŒ:
    I'm excited to announce that now the Epic Web workshops are mobile friendly! https://foundations.ep...
    • πŸŽ‰2
     0 Β· 5 months ago
  • πŸ’Ύdata
    general
    πŸ“forms
    πŸ”­foundations
    double underscore?
    trendaaang 🌌:
    What with the `__note-editor.tsx`? I don't see that in the Remix docs and I don't remember Kent talk...
    • βœ…1
     2 Β· 6 months ago
  • πŸ”auth
    RBAC with Entity scoping
    abraham_aguilera 🌌:
    Hi all! I'm working on implementing access control but I want to be able to scope permissions per en...
    • βœ…1
     3 Β· 6 months ago
  • πŸ”auth
    πŸ’Ύdata
    08. ROLE-BASED ACCESS / 02. ROLES SEED - migration to local vs production
    Fabian 🌌:
    So I'm in a bit over my head with this one, in particular with how migration works in a local env vs...
    • βœ…1
     1 Β· 6 months ago
  • πŸ”auth
    Redirect Cookie > 03. Redirect missing ProgressToggle form
    RomΓ‘n πŸ† πŸš€ 🌌:
    This last exercises of the Auth module isn't showing the ProgressToggle form for some reason. I fork...
    • βœ…1
     5 Β· a year ago
  • πŸ’Ύdata
    πŸ”auth
    Prisma batching in the Require Authorized (07/03/solution)
    ajara 🌌 πŸš€:
    When I did the `requireUser` function in `auth.server.ts` I thought about using `requireUserId` func...
    • βœ…1
     4 Β· 7 months ago
  • πŸ”­foundations
    πŸ’Ύdata
    general
    πŸ“forms
    πŸ”auth
    Native Logging
    trendaaang 🌌:
    I was thinking that it could be useful to log every CRUD operation to help track down errors. Is tha...
    • βœ…1
     6 Β· 7 months ago
  • general
    The video play is pretty laggy currently
    QzCurious 🌌:
    I thought I should tag you for this <@105755735731781632>. Please take a look if something wrong.
    • βœ…2
     9 Β· 8 months ago
  • general
    New Workshop Scheduled
    Kent C. Dodds β—† πŸš€πŸ†πŸŒŒ:
    Hey Epic Web devs! I wanted to let you know before everyone else on here: https://www.epicweb.dev/ev...
    • 2
     0 Β· 8 months ago