128 lines
3.8 KiB
TypeScript
128 lines
3.8 KiB
TypeScript
// eslint-disable-next-line @typescript-eslint/ban-ts-comment
|
|
// @ts-nocheck
|
|
import * as dotenv from 'dotenv';
|
|
import * as path from 'path';
|
|
|
|
const nodeEnv = process.env.NODE_ENV || 'development';
|
|
const envFile = `.env.${nodeEnv}`;
|
|
const backendDir = path.resolve(__dirname, '..');
|
|
const envPath = path.resolve(backendDir, envFile);
|
|
|
|
dotenv.config({ path: envPath });
|
|
|
|
if (!process.env.DATABASE_URL) {
|
|
dotenv.config({ path: path.resolve(backendDir, '.env') });
|
|
}
|
|
|
|
if (!process.env.DATABASE_URL) {
|
|
console.error('DATABASE_URL not found');
|
|
process.exit(1);
|
|
}
|
|
|
|
import { PrismaClient } from '@prisma/client';
|
|
|
|
const prisma = new PrismaClient();
|
|
|
|
// 超级管理员专属权限(普通租户不应该有这些权限)
|
|
const superAdminOnlyPermissions = [
|
|
'tenant:create',
|
|
'tenant:update',
|
|
'tenant:delete',
|
|
];
|
|
|
|
async function cleanupTenantPermissions() {
|
|
try {
|
|
console.log('🚀 开始清理普通租户的超级管理员权限...\n');
|
|
|
|
// 1. 获取所有非超级租户
|
|
const normalTenants = await prisma.tenant.findMany({
|
|
where: {
|
|
isSuper: { not: 1 },
|
|
validState: 1,
|
|
},
|
|
});
|
|
|
|
console.log(`找到 ${normalTenants.length} 个普通租户\n`);
|
|
|
|
for (const tenant of normalTenants) {
|
|
console.log(`处理租户: ${tenant.name} (${tenant.code})`);
|
|
|
|
// 2. 找到该租户下的超级管理员专属权限
|
|
const permissionsToRemove = await prisma.permission.findMany({
|
|
where: {
|
|
tenantId: tenant.id,
|
|
code: { in: superAdminOnlyPermissions },
|
|
},
|
|
});
|
|
|
|
if (permissionsToRemove.length === 0) {
|
|
console.log(` ✓ 没有需要清理的权限\n`);
|
|
continue;
|
|
}
|
|
|
|
const permissionIds = permissionsToRemove.map((p) => p.id);
|
|
console.log(` 找到 ${permissionsToRemove.length} 个需要清理的权限: ${permissionsToRemove.map((p) => p.code).join(', ')}`);
|
|
|
|
// 3. 删除角色-权限关联
|
|
const deletedRolePermissions = await prisma.rolePermission.deleteMany({
|
|
where: {
|
|
permissionId: { in: permissionIds },
|
|
},
|
|
});
|
|
console.log(` 删除了 ${deletedRolePermissions.count} 条角色-权限关联`);
|
|
|
|
// 4. 删除权限记录
|
|
const deletedPermissions = await prisma.permission.deleteMany({
|
|
where: {
|
|
id: { in: permissionIds },
|
|
},
|
|
});
|
|
console.log(` 删除了 ${deletedPermissions.count} 条权限记录\n`);
|
|
}
|
|
|
|
// 5. 更新租户管理菜单权限
|
|
console.log('更新租户管理菜单权限...');
|
|
const tenantMenu = await prisma.menu.findFirst({
|
|
where: {
|
|
name: '租户管理',
|
|
path: '/system/tenants',
|
|
},
|
|
});
|
|
|
|
if (tenantMenu) {
|
|
if (tenantMenu.permission !== 'tenant:update') {
|
|
await prisma.menu.update({
|
|
where: { id: tenantMenu.id },
|
|
data: { permission: 'tenant:update' },
|
|
});
|
|
console.log(`✅ 菜单权限已更新为 tenant:update (原: ${tenantMenu.permission})`);
|
|
} else {
|
|
console.log('✅ 菜单权限已经是 tenant:update');
|
|
}
|
|
} else {
|
|
console.log('⚠️ 未找到租户管理菜单');
|
|
}
|
|
|
|
console.log('\n✅ 清理完成!');
|
|
console.log('\n说明:');
|
|
console.log(' - 普通租户现在只有 tenant:read 权限(用于读取租户列表)');
|
|
console.log(' - 租户管理菜单需要 tenant:update 权限才能看到');
|
|
console.log(' - 只有超级租户才有 tenant:create/update/delete 权限');
|
|
} catch (error) {
|
|
console.error('❌ 清理失败:', error);
|
|
throw error;
|
|
} finally {
|
|
await prisma.$disconnect();
|
|
}
|
|
}
|
|
|
|
cleanupTenantPermissions()
|
|
.then(() => {
|
|
console.log('\n🎉 脚本执行完成!');
|
|
process.exit(0);
|
|
})
|
|
.catch((error) => {
|
|
console.error('\n💥 脚本执行失败:', error);
|
|
process.exit(1);
|
|
});
|