#!/bin/bash # Enhanced Directus Permissions Setup Script # This script grants permissions and verifies they work correctly DIRECTUS_URL="http://localhost:8055" ADMIN_EMAIL="admin@assetmanagement.com" ADMIN_PASSWORD="AssetAdmin2024!" echo "๐Ÿ” Enhanced Directus Permissions Setup..." echo # Function to wait for Directus to be ready wait_for_directus() { echo "โณ Waiting for Directus to be ready..." while ! curl -s "$DIRECTUS_URL/server/health" > /dev/null; do echo " Waiting for Directus..." sleep 2 done echo "โœ… Directus is ready" } # Function to authenticate and get token authenticate() { echo "๐Ÿ”‘ Authenticating with Directus..." local max_attempts=3 local attempt=1 while [ $attempt -le $max_attempts ]; do AUTH_RESPONSE=$(curl -s -X POST "$DIRECTUS_URL/auth/login" \ -H "Content-Type: application/json" \ -d "{\"email\":\"$ADMIN_EMAIL\",\"password\":\"$ADMIN_PASSWORD\"}") ACCESS_TOKEN=$(echo $AUTH_RESPONSE | grep -o '"access_token":"[^"]*"' | cut -d'"' -f4) if [ -n "$ACCESS_TOKEN" ]; then echo "โœ… Authentication successful (attempt $attempt)" return 0 else echo "โŒ Authentication failed (attempt $attempt/$max_attempts)" echo "Response: $AUTH_RESPONSE" attempt=$((attempt + 1)) sleep 2 fi done echo "โŒ Authentication failed after $max_attempts attempts" exit 1 } # Function to get admin role ID get_admin_role() { echo "๐Ÿ‘ค Getting admin role ID..." ROLES_RESPONSE=$(curl -s -H "Authorization: Bearer $ACCESS_TOKEN" \ "$DIRECTUS_URL/roles") ADMIN_ROLE_ID=$(echo $ROLES_RESPONSE | grep -o '"id":"[^"]*","name":"Administrator"' | cut -d'"' -f4) if [ -z "$ADMIN_ROLE_ID" ]; then echo "โŒ Could not find Administrator role" echo "Available roles:" echo $ROLES_RESPONSE | grep -o '"name":"[^"]*"' | cut -d'"' -f4 exit 1 fi echo "โœ… Found admin role: $ADMIN_ROLE_ID" } # Function to check if collection exists collection_exists() { local collection=$1 COLLECTION_CHECK=$(curl -s -H "Authorization: Bearer $ACCESS_TOKEN" \ "$DIRECTUS_URL/collections/$collection") if echo "$COLLECTION_CHECK" | grep -q '"collection"'; then return 0 else return 1 fi } # Function to create permission with validation create_permission() { local collection=$1 local action=$2 # Check if collection exists first if ! collection_exists "$collection"; then echo " โš ๏ธ Collection '$collection' does not exist, skipping..." return 1 fi echo " ๐Ÿ“‹ Granting $action permission for $collection..." # Check if permission already exists EXISTING_PERMISSION=$(curl -s -H "Authorization: Bearer $ACCESS_TOKEN" \ "$DIRECTUS_URL/permissions?filter[role][_eq]=$ADMIN_ROLE_ID&filter[collection][_eq]=$collection&filter[action][_eq]=$action") if echo "$EXISTING_PERMISSION" | grep -q '"id"'; then echo " โ„น๏ธ Permission already exists" return 0 fi PERMISSION_DATA="{ \"role\": \"$ADMIN_ROLE_ID\", \"collection\": \"$collection\", \"action\": \"$action\", \"permissions\": {}, \"validation\": {}, \"presets\": null, \"fields\": [\"*\"] }" RESPONSE=$(curl -s -X POST "$DIRECTUS_URL/permissions" \ -H "Authorization: Bearer $ACCESS_TOKEN" \ -H "Content-Type: application/json" \ -d "$PERMISSION_DATA") if echo "$RESPONSE" | grep -q '"id"'; then echo " โœ… Permission created successfully" return 0 else echo " โŒ Failed to create permission: $(echo $RESPONSE | grep -o '"message":"[^"]*"' | cut -d'"' -f4)" return 1 fi } # Function to verify permissions work verify_permissions() { local collection=$1 echo " ๐Ÿ” Verifying $collection permissions..." # Test read permission READ_TEST=$(curl -s -H "Authorization: Bearer $ACCESS_TOKEN" \ "$DIRECTUS_URL/items/$collection?limit=1") if echo "$READ_TEST" | grep -q '"data"'; then echo " โœ… Read permission verified" else echo " โŒ Read permission failed: $(echo $READ_TEST | grep -o '"message":"[^"]*"' | cut -d'"' -f4)" return 1 fi return 0 } # Function to invalidate cache invalidate_cache() { echo "๐Ÿ—‘๏ธ Invalidating Directus cache..." CACHE_RESPONSE=$(curl -s -X POST "$DIRECTUS_URL/utils/cache/clear" \ -H "Authorization: Bearer $ACCESS_TOKEN") if echo "$CACHE_RESPONSE" | grep -q -v "error"; then echo "โœ… Cache cleared successfully" else echo "โš ๏ธ Cache clear may have failed, but continuing..." fi } # Main execution wait_for_directus authenticate get_admin_role # Collections that need permissions COLLECTIONS=( "organizations" "subscription_plans" "asset_categories" "locations" "vendors" "assets" "asset_components" "asset_qr_codes" "work_order_types" "work_orders" "asset_reminders" ) echo echo "๐Ÿ”“ Creating and verifying permissions for all collections..." SUCCESS_COUNT=0 TOTAL_COUNT=0 for collection in "${COLLECTIONS[@]}"; do echo "๐Ÿ“ Processing collection: $collection" COLLECTION_SUCCESS=0 for action in "create" "read" "update" "delete"; do if create_permission "$collection" "$action"; then COLLECTION_SUCCESS=$((COLLECTION_SUCCESS + 1)) fi TOTAL_COUNT=$((TOTAL_COUNT + 1)) done # Verify permissions for this collection if [ $COLLECTION_SUCCESS -gt 0 ]; then if verify_permissions "$collection"; then SUCCESS_COUNT=$((SUCCESS_COUNT + COLLECTION_SUCCESS)) fi fi echo done # Clear cache after permission changes invalidate_cache echo "๐Ÿ“Š Permission Setup Summary:" echo " โœ… Successful: $SUCCESS_COUNT/$TOTAL_COUNT permissions" echo " ๐Ÿ“ Collections processed: ${#COLLECTIONS[@]}" if [ $SUCCESS_COUNT -gt 0 ]; then echo echo "๐Ÿงช Running comprehensive test..." # Test asset creation echo "๐Ÿ“‹ Testing asset creation..." # Get required IDs ORG_ID=$(curl -s -H "Authorization: Bearer $ACCESS_TOKEN" "$DIRECTUS_URL/items/organizations?limit=1" | grep -o '"id":"[^"]*"' | head -1 | cut -d'"' -f4) CAT_ID=$(curl -s -H "Authorization: Bearer $ACCESS_TOKEN" "$DIRECTUS_URL/items/asset_categories?limit=1" | grep -o '"id":"[^"]*"' | head -1 | cut -d'"' -f4) LOC_ID=$(curl -s -H "Authorization: Bearer $ACCESS_TOKEN" "$DIRECTUS_URL/items/locations?limit=1" | grep -o '"id":"[^"]*"' | head -1 | cut -d'"' -f4) if [ -n "$ORG_ID" ] && [ -n "$CAT_ID" ] && [ -n "$LOC_ID" ]; then TEST_ASSET_DATA="{ \"organization_id\": \"$ORG_ID\", \"name\": \"Permission Test Asset\", \"asset_identifier\": \"PERM-TEST-$(date +%s)\", \"category_id\": \"$CAT_ID\", \"location_id\": \"$LOC_ID\", \"acquisition_cost\": 999.99 }" CREATE_RESPONSE=$(curl -s -X POST "$DIRECTUS_URL/items/assets" \ -H "Authorization: Bearer $ACCESS_TOKEN" \ -H "Content-Type: application/json" \ -d "$TEST_ASSET_DATA") if echo "$CREATE_RESPONSE" | grep -q '"id"'; then echo "โœ… Asset creation test successful" echo "๐ŸŽฏ Frontend should work correctly now" else echo "โŒ Asset creation test failed:" echo "$CREATE_RESPONSE" | head -c 200 fi else echo "โš ๏ธ Missing required data for asset test (org: $ORG_ID, cat: $CAT_ID, loc: $LOC_ID)" fi echo echo "๐ŸŽ‰ Enhanced permission setup completed!" echo echo "๐Ÿ“‹ Next steps:" echo "1. Try your frontend application" echo "2. Check Directus admin: http://localhost:8055/admin" echo "3. Monitor console logs for any permission issues" echo "4. Run ./scripts/verify-permissions.sh anytime to check status" else echo "โŒ Permission setup failed. Check Directus logs and configuration." exit 1 fi