fix migration issues

2026-04-06 03:00:16 -04:00 · 2026-02-18 09:30:16 -08:00
parent ed9c35f2ce
commit 9b20e765bb
1 changed files with 95 additions and 88 deletions
--- a/packages/db/migrations/0156_left_sebastian_shaw.sql
+++ b/packages/db/migrations/0156_left_sebastian_shaw.sql
@@ -129,54 +129,60 @@ WITH provider_names(pid, sname) AS (
        ('vertex-ai', 'Vertex AI'),
        ('supabase', 'Supabase')
 ),
-workspace_user_access AS (
-    SELECT DISTINCT w.id AS workspace_id, p.user_id, p.permission_type
+oauth_targets AS (
+    SELECT
+        'cred_' || md5(wua.workspace_id || ':' || a.id) AS cred_id,
+        wua.workspace_id,
+        a.id AS account_id,
+        a.user_id AS account_owner_id,
+        a.provider_id,
+        COALESCE(u.name, 'User') || '''s ' || COALESCE(pn.sname, a.provider_id) AS display_name
+    FROM "account" a
+    INNER JOIN (
+        SELECT DISTINCT w.id AS workspace_id, p.user_id
+        FROM "permissions" p
+        INNER JOIN "workspace" w ON w.id = p.entity_id
+        WHERE p.entity_type = 'workspace'
+        UNION
+        SELECT w.id, w.owner_id FROM "workspace" w
+    ) wua ON wua.user_id = a.user_id
+    INNER JOIN "user" u ON u.id = a.user_id
+    LEFT JOIN provider_names pn ON pn.pid = a.provider_id
+    WHERE a.provider_id NOT IN ('credential', 'github', 'google')
+),
+oauth_workspace_members AS (
+    SELECT DISTINCT w.id AS workspace_id, p.user_id
    FROM "permissions" p
    INNER JOIN "workspace" w ON w.id = p.entity_id
    WHERE p.entity_type = 'workspace'
    UNION
-    SELECT w.id, w.owner_id, 'admin'::"permission_type"
-    FROM "workspace" w
+    SELECT w.id, w.owner_id FROM "workspace" w
 ),
-oauth_creds AS (
+_oauth_insert AS (
    INSERT INTO "credential" (
        "id", "workspace_id", "type", "display_name", "provider_id", "account_id",
        "created_by", "created_at", "updated_at"
    )
-    SELECT
-        'cred_' || md5(wua.workspace_id || ':' || a.id) AS id,
-        wua.workspace_id,
-        'oauth'::"credential_type",
-        COALESCE(u.name, 'User') || '''s ' || COALESCE(pn.sname, a.provider_id),
-        a.provider_id,
-        a.id,
-        a.user_id,
-        now(),
-        now()
-    FROM "account" a
-    INNER JOIN workspace_user_access wua ON wua.user_id = a.user_id
-    INNER JOIN "user" u ON u.id = a.user_id
-    LEFT JOIN provider_names pn ON pn.pid = a.provider_id
-    WHERE a.provider_id NOT IN ('credential', 'github', 'google')
+    SELECT cred_id, workspace_id, 'oauth'::"credential_type", display_name,
+           provider_id, account_id, account_owner_id, now(), now()
+    FROM oauth_targets
    ON CONFLICT DO NOTHING
-    RETURNING id, workspace_id, account_id
 )
 INSERT INTO "credential_member" (
    "id", "credential_id", "user_id", "role", "status", "joined_at", "invited_by", "created_at", "updated_at"
 )
 SELECT
-    'credm_' || md5(oc.id || ':' || wua.user_id),
-    oc.id,
-    wua.user_id,
-    CASE WHEN a.user_id = wua.user_id THEN 'admin'::"credential_member_role" ELSE 'member'::"credential_member_role" END,
+    'credm_' || md5(ot.cred_id || ':' || owm.user_id),
+    ot.cred_id,
+    owm.user_id,
+    CASE WHEN ot.account_owner_id = owm.user_id THEN 'admin'::"credential_member_role" ELSE 'member'::"credential_member_role" END,
    'active'::"credential_member_status",
    now(),
-    a.user_id,
+    ot.account_owner_id,
    now(),
    now()
-FROM oauth_creds oc
-INNER JOIN "account" a ON a.id = oc.account_id
-INNER JOIN workspace_user_access wua ON wua.workspace_id = oc.workspace_id
+FROM oauth_targets ot
+INNER JOIN oauth_workspace_members owm ON owm.workspace_id = ot.workspace_id
 ON CONFLICT DO NOTHING;

 --> statement-breakpoint
@@ -186,16 +192,7 @@ ON CONFLICT DO NOTHING;
 -- For each key in workspace_environment.variables JSON,
 -- create a credential. Workspace admins = admin, others = member.

-WITH workspace_user_access AS (
-    SELECT DISTINCT w.id AS workspace_id, p.user_id, p.permission_type
-    FROM "permissions" p
-    INNER JOIN "workspace" w ON w.id = p.entity_id
-    WHERE p.entity_type = 'workspace'
-    UNION
-    SELECT w.id, w.owner_id, 'admin'::"permission_type"
-    FROM "workspace" w
-),
-ws_env_keys AS (
+WITH ws_env_keys AS (
    SELECT
        we.workspace_id,
        key AS env_key,
@@ -204,39 +201,53 @@ ws_env_keys AS (
    INNER JOIN "workspace" w ON w.id = we.workspace_id
    CROSS JOIN LATERAL json_object_keys(we.variables::json) AS key
 ),
-ws_env_creds AS (
+ws_env_targets AS (
+    SELECT
+        'cred_' || md5(wek.workspace_id || ':env_workspace:' || wek.env_key) AS cred_id,
+        wek.workspace_id,
+        wek.env_key,
+        wek.owner_id
+    FROM ws_env_keys wek
+),
+ws_workspace_members AS (
+    SELECT DISTINCT ON (workspace_id, user_id)
+        workspace_id, user_id, permission_type
+    FROM (
+        SELECT w.id AS workspace_id, p.user_id, p.permission_type
+        FROM "permissions" p
+        INNER JOIN "workspace" w ON w.id = p.entity_id
+        WHERE p.entity_type = 'workspace'
+        UNION ALL
+        SELECT w.id, w.owner_id, 'admin'::"permission_type"
+        FROM "workspace" w
+    ) sub
+    ORDER BY workspace_id, user_id, (permission_type = 'admin') DESC
+),
+_ws_env_insert AS (
    INSERT INTO "credential" (
        "id", "workspace_id", "type", "display_name", "env_key",
        "created_by", "created_at", "updated_at"
    )
-    SELECT
-        'cred_' || md5(wek.workspace_id || ':env_workspace:' || wek.env_key),
-        wek.workspace_id,
-        'env_workspace'::"credential_type",
-        wek.env_key,
-        wek.env_key,
-        wek.owner_id,
-        now(),
-        now()
-    FROM ws_env_keys wek
+    SELECT cred_id, workspace_id, 'env_workspace'::"credential_type",
+           env_key, env_key, owner_id, now(), now()
+    FROM ws_env_targets
    ON CONFLICT DO NOTHING
-    RETURNING id, workspace_id
 )
 INSERT INTO "credential_member" (
    "id", "credential_id", "user_id", "role", "status", "joined_at", "invited_by", "created_at", "updated_at"
 )
 SELECT
-    'credm_' || md5(wec.id || ':' || wua.user_id),
-    wec.id,
-    wua.user_id,
-    CASE WHEN wua.permission_type = 'admin' THEN 'admin'::"credential_member_role" ELSE 'member'::"credential_member_role" END,
+    'credm_' || md5(wet.cred_id || ':' || wm.user_id),
+    wet.cred_id,
+    wm.user_id,
+    CASE WHEN wm.permission_type = 'admin' THEN 'admin'::"credential_member_role" ELSE 'member'::"credential_member_role" END,
    'active'::"credential_member_status",
    now(),
-    (SELECT w.owner_id FROM "workspace" w WHERE w.id = wec.workspace_id LIMIT 1),
+    wet.owner_id,
    now(),
    now()
-FROM ws_env_creds wec
-INNER JOIN workspace_user_access wua ON wua.workspace_id = wec.workspace_id
+FROM ws_env_targets wet
+INNER JOIN ws_workspace_members wm ON wm.workspace_id = wet.workspace_id
 ON CONFLICT DO NOTHING;

 --> statement-breakpoint
@@ -246,55 +257,51 @@ ON CONFLICT DO NOTHING;
 -- For each key in environment.variables JSON, for each workspace
 -- the user belongs to, create a credential with the user as admin.

-WITH workspace_user_access AS (
-    SELECT DISTINCT w.id AS workspace_id, p.user_id
-    FROM "permissions" p
-    INNER JOIN "workspace" w ON w.id = p.entity_id
-    WHERE p.entity_type = 'workspace'
-    UNION
-    SELECT w.id, w.owner_id
-    FROM "workspace" w
-),
-personal_env_keys AS (
+WITH personal_env_keys AS (
    SELECT
        e.user_id,
        key AS env_key
    FROM "environment" e
    CROSS JOIN LATERAL json_object_keys(e.variables::json) AS key
 ),
-personal_env_creds AS (
+personal_env_targets AS (
+    SELECT
+        'cred_' || md5(wua.workspace_id || ':env_personal:' || pek.env_key || ':' || pek.user_id) AS cred_id,
+        wua.workspace_id,
+        pek.env_key,
+        pek.user_id
+    FROM personal_env_keys pek
+    INNER JOIN (
+        SELECT DISTINCT w.id AS workspace_id, p.user_id
+        FROM "permissions" p
+        INNER JOIN "workspace" w ON w.id = p.entity_id
+        WHERE p.entity_type = 'workspace'
+        UNION
+        SELECT w.id, w.owner_id FROM "workspace" w
+    ) wua ON wua.user_id = pek.user_id
+),
+_personal_env_insert AS (
    INSERT INTO "credential" (
        "id", "workspace_id", "type", "display_name", "env_key", "env_owner_user_id",
        "created_by", "created_at", "updated_at"
    )
-    SELECT
-        'cred_' || md5(wua.workspace_id || ':env_personal:' || pek.env_key || ':' || pek.user_id),
-        wua.workspace_id,
-        'env_personal'::"credential_type",
-        pek.env_key,
-        pek.env_key,
-        pek.user_id,
-        pek.user_id,
-        now(),
-        now()
-    FROM personal_env_keys pek
-    INNER JOIN workspace_user_access wua ON wua.user_id = pek.user_id
+    SELECT cred_id, workspace_id, 'env_personal'::"credential_type",
+           env_key, env_key, user_id, user_id, now(), now()
+    FROM personal_env_targets
    ON CONFLICT DO NOTHING
-    RETURNING id, workspace_id
 )
 INSERT INTO "credential_member" (
    "id", "credential_id", "user_id", "role", "status", "joined_at", "invited_by", "created_at", "updated_at"
 )
 SELECT
-    'credm_' || md5(pec.id || ':' || c.env_owner_user_id),
-    pec.id,
-    c.env_owner_user_id,
+    'credm_' || md5(pet.cred_id || ':' || pet.user_id),
+    pet.cred_id,
+    pet.user_id,
    'admin'::"credential_member_role",
    'active'::"credential_member_status",
    now(),
-    c.env_owner_user_id,
+    pet.user_id,
    now(),
    now()
-FROM personal_env_creds pec
-INNER JOIN "credential" c ON c.id = pec.id
+FROM personal_env_targets pet
 ON CONFLICT DO NOTHING;