Last active
March 17, 2022 15:39
-
-
Save juice49/46795d7d5c3073e1b16ae8aa0989a66e to your computer and use it in GitHub Desktop.
Sanity Update-Only Role Creation Scripts
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import getIt from 'get-it' | |
| import base from 'get-it/lib/middleware/base' | |
| import jsonRequest from 'get-it/lib/middleware/jsonRequest' | |
| import jsonResponse from 'get-it/lib/middleware/jsonResponse' | |
| import promise from 'get-it/lib/middleware/promise' | |
| import headers from 'get-it/lib/middleware/headers' | |
| import httpErrors from 'get-it/lib/middleware/httpErrors' | |
| const API_VERSION = 'v2021-10-04' | |
| const PROJECT_ID = 'xxxxxxxx' | |
| const AUTH_TOKEN = | |
| 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' | |
| const DOCUMENT_TYPE = 'animal' | |
| const request = getIt([ | |
| base(`https://api.sanity.io/${API_VERSION}/projects/${PROJECT_ID}`), | |
| headers({ | |
| Authorization: `Bearer ${AUTH_TOKEN}`, | |
| }), | |
| jsonRequest(), | |
| jsonResponse(), | |
| httpErrors(), | |
| promise(), | |
| ]) | |
| interface PermissionResource { | |
| permissionResourceType: string | |
| title: string | |
| description?: string | |
| config?: { | |
| filter?: string | |
| } | |
| } | |
| ;(async () => { | |
| // 1. Create a permission resource to represent documents. | |
| const documentsResource: PermissionResource = { | |
| permissionResourceType: 'sanity.document.filter', | |
| title: 'Animal documents', | |
| config: { | |
| filter: `_type == "${DOCUMENT_TYPE}"`, | |
| }, | |
| } | |
| const documentsResourceRequest = request({ | |
| url: '/permissionResources', | |
| method: 'POST', | |
| body: documentsResource, | |
| }) | |
| // 2. Create a permission resource to represent drafts of published documents. | |
| const draftsResource: PermissionResource = { | |
| permissionResourceType: 'sanity.document.filter', | |
| title: 'Drafts of published animal documents', | |
| config: { | |
| filter: `_type == "${DOCUMENT_TYPE}" && _id in path("drafts.**") && defined(publishedAt)`, | |
| }, | |
| } | |
| const draftsResourceRequest = request({ | |
| url: '/permissionResources', | |
| method: 'POST', | |
| body: draftsResource, | |
| }) | |
| try { | |
| const [documentsResourceResponse, draftsResourceResponse] = | |
| await Promise.all([documentsResourceRequest, draftsResourceRequest]) | |
| console.log(`✅ Created permission resource: ${documentsResource.title}.`) | |
| console.log(`✅ Created permission resource: ${draftsResource.title}.`) | |
| console.log(`const DOCUMENT_FILTER_RESOURCE_ID = '${documentsResourceResponse.body.id}' | |
| const DRAFT_FILTER_RESOURCE_ID = '${draftsResourceResponse.body.id}'`) | |
| } catch (error) { | |
| if (error.name === 'HttpError') { | |
| console.log( | |
| `❌ ${ | |
| error.response?.body?.message ?? | |
| `${error.response.statusCode} - ${error.response.statusMessage}` | |
| }`, | |
| ) | |
| return | |
| } | |
| throw error | |
| } | |
| })() |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import getIt from 'get-it' | |
| import base from 'get-it/lib/middleware/base' | |
| import jsonRequest from 'get-it/lib/middleware/jsonRequest' | |
| import jsonResponse from 'get-it/lib/middleware/jsonResponse' | |
| import promise from 'get-it/lib/middleware/promise' | |
| import headers from 'get-it/lib/middleware/headers' | |
| import httpErrors from 'get-it/lib/middleware/httpErrors' | |
| const API_VERSION = 'v2021-10-04' | |
| const PROJECT_ID = 'xxxxxxxx' | |
| const AUTH_TOKEN = | |
| 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' | |
| const DOCUMENT_FILTER_RESOURCE_ID = 'res-xxxxxxxx' | |
| const DRAFT_FILTER_RESOURCE_ID = 'res-xxxxxxxx' | |
| const PROJECT_MEMBERS_RESOURCE_ID = 'res-xxxxxxxx' | |
| const request = getIt([ | |
| base(`https://api.sanity.io/${API_VERSION}/projects/${PROJECT_ID}`), | |
| headers({ | |
| Authorization: `Bearer ${AUTH_TOKEN}`, | |
| }), | |
| jsonRequest(), | |
| jsonResponse(), | |
| httpErrors(), | |
| promise(), | |
| ]) | |
| interface Role { | |
| title: string | |
| name: string | |
| description: string | |
| } | |
| interface Grant { | |
| roleName: string | |
| permissionName: string | |
| permissionResourceId: string | |
| } | |
| const role: Role = { | |
| title: 'Update Only Animals', | |
| name: 'update-only-animals', | |
| description: 'Permission to update animals (but not publish or create them).', | |
| } | |
| const documentGrantPermissionNames: string[] = ['read', 'update'] | |
| const documentDraftGrantPermissionNames: string[] = ['create', 'read', 'update'] | |
| ;(async () => { | |
| try { | |
| // 1. Create role. | |
| await request({ | |
| url: '/roles', | |
| method: 'POST', | |
| body: role, | |
| }) | |
| console.log(`✅ Created role: ${role.name}.`) | |
| // 2. Assign document grants to role. | |
| const documentGrantRequests = documentGrantPermissionNames.map( | |
| permissionName => { | |
| const body: Grant = { | |
| roleName: role.name, | |
| permissionResourceId: DOCUMENT_FILTER_RESOURCE_ID, | |
| permissionName, | |
| } | |
| return request({ | |
| url: '/grants', | |
| method: 'POST', | |
| body, | |
| }) | |
| }, | |
| ) | |
| // 3. Assign document draft grants to role. | |
| const documentDraftGrantRequests = documentDraftGrantPermissionNames.map( | |
| permissionName => { | |
| const body: Grant = { | |
| roleName: role.name, | |
| permissionResourceId: DRAFT_FILTER_RESOURCE_ID, | |
| permissionName, | |
| } | |
| return request({ | |
| url: '/grants', | |
| method: 'POST', | |
| body, | |
| }) | |
| }, | |
| ) | |
| // 4. Assign project member grants to role (required to enable Studio presence feature). | |
| const projectMembersGrant: Grant = { | |
| roleName: role.name, | |
| permissionResourceId: PROJECT_MEMBERS_RESOURCE_ID, | |
| permissionName: 'read', | |
| } | |
| const projectMembersRequest = request({ | |
| url: '/grants', | |
| method: 'POST', | |
| body: projectMembersGrant, | |
| }) | |
| await Promise.all([ | |
| ...documentGrantRequests, | |
| ...documentDraftGrantRequests, | |
| projectMembersRequest, | |
| ]) | |
| console.log( | |
| `✅ Assigned grants for documents resource (${DOCUMENT_FILTER_RESOURCE_ID}): ${documentGrantPermissionNames.join( | |
| ', ', | |
| )}.`, | |
| ) | |
| console.log( | |
| `✅ Assigned grants for document drafts resource (${DRAFT_FILTER_RESOURCE_ID}): ${documentDraftGrantPermissionNames.join( | |
| ', ', | |
| )}.`, | |
| ) | |
| console.log( | |
| `✅ Assigned grants for project members resouce (${PROJECT_MEMBERS_RESOURCE_ID}): read.`, | |
| ) | |
| } catch (error) { | |
| if (error.name === 'HttpError') { | |
| console.log( | |
| `❌ ${ | |
| error.response?.body?.message ?? | |
| `${error.response.statusCode} - ${error.response.statusMessage}` | |
| }`, | |
| ) | |
| return | |
| } | |
| throw error | |
| } | |
| })() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment