Files
breadcrumb-the-shire/db/updates/2026-02-23-tenant-scope-global.sql

16 lines
628 B
SQL

-- Idempotent update: introduce explicit global tenant-scope bypass permission.
INSERT INTO `permissions` (`key`, `description`, `active`, `is_system`)
VALUES ('tenant.scope.global', 'Can bypass tenant scope globally', 1, 1)
ON DUPLICATE KEY UPDATE
`description` = VALUES(`description`),
`active` = VALUES(`active`),
`is_system` = VALUES(`is_system`);
INSERT INTO `role_permissions` (`role_id`, `permission_id`, `created`)
SELECT r.id, p.id, NOW()
FROM roles r
JOIN permissions p ON p.`key` = 'tenant.scope.global'
WHERE r.description IN ('Admin', 'Administrator') OR r.id = 1
ON DUPLICATE KEY UPDATE role_id = role_id;