mercato auth setup
yarn mercato auth setup provisions the initial tenant and organization, seeds user accounts, and configures baseline role ACLs. It is safe to run multiple times; existing entities are reused and updated idempotently.
Usage
yarn mercato auth setup --orgName "<organization>" --email "<superadmin@email>" --password "<password>" [--roles superadmin,admin,employee]
Aliases: --name for --orgName.
Options
| Option | Description | Default |
|---|---|---|
--orgName, --name | Organization display name. A tenant named <orgName> Tenant is created alongside it. | (required) |
--email | Primary superadmin email. If the local part is exactly superadmin, additional admin@… and employee@… users are derived automatically. | (required) |
--password | Password applied to all seeded users. | (required) |
--roles | Comma-separated list of roles to ensure exist before assignment. | superadmin,admin,employee |
Behavior
- Ensures each role in
--rolesexists (creating it if necessary). - Checks for an existing user with the supplied email:
- If found, updates their password, tenant, organization, and role assignments without creating duplicates.
- Logs a warning indicating that the existing account was reused.
- Otherwise creates:
- A tenant named
<orgName> Tenant. - An organization
<orgName>bound to the tenant. - A superadmin user for
--emailplus optionaladmin@…andemployee@…accounts when the email local part issuperadmin.
- A tenant named
- Rebuilds the organization hierarchy for the tenant.
- Seeds default role ACLs:
- Superadmin role marked
isSuperAdminwith wildcard features. - Admin role receives broad feature coverage (
auth.*,entities.*,directory.organizations.*, etc.). - Employee role is granted dashboard and example-module features.
- Superadmin role marked
- Prints the resulting tenant, organization, and user IDs.
Example
yarn mercato auth setup \
--orgName "Acme HQ" \
--email superadmin@acme.dev \
--password ChangeMe123 \
--roles superadmin,admin,employee
Output (abridged):
Created user superadmin@acme.dev password: ChangeMe123
Created user admin@acme.dev password: ChangeMe123
Created user employee@acme.dev password: ChangeMe123
Setup complete: { tenantId: '...', organizationId: '...' }
Troubleshooting
- Missing options – the command prints the usage line and exits if
--orgName,--email, or--passwordare not provided. - Existing data – rerunning the command against an existing tenant will update user passwords and assignments rather than duplicating records.
- Role mismatches – ensure
mercato auth seed-rolesran previously if you override the default role list.