From c46b4cb9a34782ec140f1d8e9cf9e6234dd3b589 Mon Sep 17 00:00:00 2001
From: Markus Thielker <markus@thielker.dev>
Date: Sun, 6 Apr 2025 19:17:01 +0200
Subject: [PATCH] NORY-59: create new script to initialise the admin role

---
 docker/ory-dev/keto-init-admin-role.sh | 47 ++++++++++++++++++++++++++
 1 file changed, 47 insertions(+)
 create mode 100644 docker/ory-dev/keto-init-admin-role.sh

diff --git a/docker/ory-dev/keto-init-admin-role.sh b/docker/ory-dev/keto-init-admin-role.sh
new file mode 100644
index 0000000..171ee20
--- /dev/null
+++ b/docker/ory-dev/keto-init-admin-role.sh
@@ -0,0 +1,47 @@
+# this script adds all permissions required for full control over the dashboard to
+# all everybody, who is a member of the admin role
+
+# Define an array with tuples as strings
+permissions=(
+  "admin.stack.dashboard#access"
+  "admin.stack.status#access"
+  "admin.user#access"
+  "admin.user#create"
+  "admin.user#edit"
+  "admin.user#delete"
+  "admin.user.session#access"
+  "admin.user.session#delete"
+  "admin.user.state#edit"
+  "admin.user.code#create"
+  "admin.user.link#create"
+  "admin.user.trait#access"
+  "admin.user.trait#edit"
+  "admin.user.address#access"
+  "admin.user.credential#access"
+  "admin.user.credential#delete"
+)
+
+# Iterate over the array
+for permission in "${permissions[@]}"; do
+
+    # split strings
+    IFS='#' read -r OBJECT RELATION <<< "$permission"
+
+    # execute curl to Ory Keto write endpoint
+    curl --silent --request PUT \
+      --url http://localhost:4467/admin/relation-tuples \
+      --data '{
+               "namespace": "permissions",
+               "object": "'"$OBJECT"'",
+               "relation": "'"$RELATION"'",
+               "subject_set": {
+                  "namespace": "roles",
+                  "object": "admin",
+                  "relation": "member"
+               }
+             }' > /dev/null
+
+    # write success response to terminal
+    echo "Added relation Permissions:$OBJECT#$RELATION@(Roles:admin#member)"
+
+done