50 lines
1.5 KiB
Markdown
50 lines
1.5 KiB
Markdown
|
# ACL Migration Steps
|
||
|
|
|
||
|
|
1. Create a super user (with email <superuser_acl@appsmith.com>), using the sign-up API.
|
||
|
|
|
||
|
|
2. Add `manage` and `read` permissions for `organizations`, `applications`, `pages` and `actions` for this super user,
|
||
|
|
on ALL existing documents (in corresponding collections). Once this is done, the policies field of organizations,
|
||
|
|
for example, should look something like:
|
||
|
|
|
||
|
|
```json
|
||
|
|
{
|
||
|
|
"policies": [
|
||
|
|
{
|
||
|
|
"permission" : "manage:organizations",
|
||
|
|
"users" : [
|
||
|
|
"superuser_acl@appsmith.com"
|
||
|
|
],
|
||
|
|
"groups" : []
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"permission" : "read:organizations",
|
||
|
|
"users" : [
|
||
|
|
"superuser_acl@appsmith.com"
|
||
|
|
],
|
||
|
|
"groups" : []
|
||
|
|
}
|
||
|
|
]
|
||
|
|
}
|
||
|
|
```
|
||
|
|
|
||
|
|
3. Disable emails for invite API actions.
|
||
|
|
|
||
|
|
4. For each user, for each organization in the user's `organizationIds` list, hit the invite user API for that
|
||
|
|
organization, using session of the super user.
|
||
|
|
|
||
|
|
5. Remove super user from the organization policies, without disturbing other permission values.
|
||
|
|
|
||
|
|
6. Remove super user from users collection.
|
||
|
|
|
||
|
|
# Running
|
||
|
|
|
||
|
|
Assuming you have node (>=v12), use the following command to run the migration:
|
||
|
|
|
||
|
|
```sh
|
||
|
|
npm install
|
||
|
|
node main.js 'https://localhost/api/v1/' 'mongodb://localhost:27017/mobtools'
|
||
|
|
```
|
||
|
|
|
||
|
|
The first argument should be a running API endpoint, and the second argument should be a URI to the database that this
|
||
|
|
API endpoint is running on.
|