migrate permissions to Cedar during application bootstrap

backend/src/entities/cedar-authorization/scripts/migrate-permissions-to-cedar.ts

@@ -20,6 +20,7 @@ export async function migratePermissionsToCedar(dataSource: DataSource): Promise
 			.leftJoinAndSelect('group.connection', 'connection')
 			.leftJoinAndSelect('group.permissions', 'permission')
 			.where('connection.id = :connectionId', { connectionId: connection.id })
+			.andWhere('(group.cedarPolicy IS NULL OR group.cedarPolicy = :empty)', { empty: '' })
 			.getMany();
 
 		for (const group of groups) {
@@ -61,5 +62,5 @@ export async function migratePermissionsToCedar(dataSource: DataSource): Promise
 		}
 	}
 
-	console.log(`Migrated Cedar policies for ${migratedCount} groups`);
+	console.log(`Migrated Cedar policies for ${migratedCount} groups (skipped groups with existing policies)`);
 }

backend/src/main.ts

@@ -7,7 +7,9 @@ import bodyParser from 'body-parser';
 import { ValidationError } from 'class-validator';
 import cookieParser from 'cookie-parser';
 import helmet from 'helmet';
+import { DataSource } from 'typeorm';
 import { ApplicationModule } from './app.module.js';
+import { migratePermissionsToCedar } from './entities/cedar-authorization/scripts/migrate-permissions-to-cedar.js';
 import { WinstonLogger } from './entities/logging/winston-logger.js';
 import { AllExceptionsFilter } from './exceptions/all-exceptions.filter.js';
 import { ValidationException } from './exceptions/custom-exceptions/validation-exception.js';
@@ -82,6 +84,9 @@ async function bootstrap() {
 			}),
 		);
 
+		const dataSource = app.get(DataSource);
+		await migratePermissionsToCedar(dataSource);
+
 		await app.listen(3000);
 	} catch (e) {
 		console.error(`Failed to initialize, due to ${e}`);