From 06e1f296ce67f7112cf5ec2aae028608648bbb3c Mon Sep 17 00:00:00 2001
From: Jason Boyer <jboyer@library.in.gov>
Date: Fri, 3 Feb 2017 16:10:23 -0500
Subject: [PATCH 1/1] LP1517137: Add Permissions Missing From Stock Data

Add many perissions that are either checked in code
or specified in fm_IDL.xml that are missing in the
stock data. Permissions added manually are adjusted
and those already in the expected locations are
left alone.

Signed-off-by: Jason Boyer <jboyer@library.in.gov>
Signed-off-by: Kathy Lussier <klussier@masslnc.org>
---
 Open-ILS/examples/fm_IDL.xml                  |  6 +-
 Open-ILS/src/sql/Pg/950.data.seed-values.sql  | 90 +++++++++++++++++--
 .../XXXX.data.overlooked_permissions.sql      | 66 ++++++++++++++
 3 files changed, 152 insertions(+), 10 deletions(-)
 create mode 100644 Open-ILS/src/sql/Pg/upgrade/XXXX.data.overlooked_permissions.sql

diff --git a/Open-ILS/examples/fm_IDL.xml b/Open-ILS/examples/fm_IDL.xml
index 7126f16779..367b5b3c52 100644
--- a/Open-ILS/examples/fm_IDL.xml
+++ b/Open-ILS/examples/fm_IDL.xml
@@ -2623,10 +2623,10 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA
 		</links>
 		<permacrud xmlns="http://open-ils.org/spec/opensrf/IDL/permacrud/v1">
 			<actions>
-				<create permission="CREATE_MARC IMPORT_MARC" global_required="true"/>
+				<create permission="CREATE_AUTHORITY_RECORD IMPORT_MARC" global_required="true"/>
 				<retrieve/>
-				<update permission="UPDATE_MARC" global_required="true"/>
-				<delete permission="UPDATE_MARC" global_required="true"/>
+				<update permission="UPDATE_AUTHORITY_RECORD" global_required="true"/>
+				<delete permission="DELETE_AUTHORITY_RECORD" global_required="true"/>
 			</actions>
 		</permacrud>
 	</class>
diff --git a/Open-ILS/src/sql/Pg/950.data.seed-values.sql b/Open-ILS/src/sql/Pg/950.data.seed-values.sql
index 0440c6e040..d6bb2eff34 100644
--- a/Open-ILS/src/sql/Pg/950.data.seed-values.sql
+++ b/Open-ILS/src/sql/Pg/950.data.seed-values.sql
@@ -1601,7 +1601,57 @@ INSERT INTO permission.perm_list ( id, code, description ) VALUES
  ( 562, 'ADMIN_TAG_TABLE', oils_i18n_gettext( 562, 
     'Allow administration of MARC tag tables', 'ppl', 'description' )),
  ( 563, 'ADJUST_BILLS', oils_i18n_gettext( 563,
-    'Allow a user to adjust a bill (generally to zero)', 'ppl', 'description' ))
+    'Allow a user to adjust a bill (generally to zero)', 'ppl', 'description' )),
+ ( 564, 'MARK_ITEM_CATALOGING', oils_i18n_gettext( 564,
+    'Allow a user to mark an item status as ''cataloging''', 'ppl', 'description' )),
+ ( 565, 'MARK_ITEM_DAMAGED', oils_i18n_gettext( 565,
+    'Allow a user to mark an item status as ''damaged''', 'ppl', 'description' )),
+ ( 566, 'MARK_ITEM_DISCARD', oils_i18n_gettext( 566,
+    'Allow a user to mark an item status as ''discard''', 'ppl', 'description' )),
+ ( 567, 'MARK_ITEM_RESERVES', oils_i18n_gettext( 567,
+    'Allow a user to mark an item status as ''reserves''', 'ppl', 'description' )),
+ ( 568, 'ADMIN_ORG_UNIT_SETTING_TYPE_LOG', oils_i18n_gettext( 568,
+    'Allow a user to modify the org unit settings log', 'ppl', 'description' )),
+ ( 570, 'CREATE_POP_BADGE', oils_i18n_gettext( 570,
+    'Allow a user to create a new popularity badge', 'ppl', 'description' )),
+ ( 571, 'DELETE_POP_BADGE', oils_i18n_gettext( 571,
+    'Allow a user to delete a popularity badge', 'ppl', 'description' )),
+ ( 572, 'UPDATE_POP_BADGE', oils_i18n_gettext( 572,
+    'Allow a user to modify a popularity badge', 'ppl', 'description' )),
+ ( 573, 'CREATE_POP_PARAMETER', oils_i18n_gettext( 573,
+    'Allow a user to create a popularity badge parameter', 'ppl', 'description' )),
+ ( 574, 'DELETE_POP_PARAMETER', oils_i18n_gettext( 574,
+    'Allow a user to delete a popularity badge parameter', 'ppl', 'description' )),
+ ( 575, 'UPDATE_POP_PARAMETER', oils_i18n_gettext( 575,
+    'Allow a user to modify a popularity badge parameter', 'ppl', 'description' )),
+ ( 576, 'CREATE_AUTHORITY_RECORD', oils_i18n_gettext( 576,
+    'Allow a user to create an authority record', 'ppl', 'description' )),
+ ( 577, 'DELETE_AUTHORITY_RECORD', oils_i18n_gettext( 577,
+    'Allow a user to delete an authority record', 'ppl', 'description' )),
+ ( 578, 'UPDATE_AUTHORITY_RECORD', oils_i18n_gettext( 578,
+    'Allow a user to modify an authority record', 'ppl', 'description' )),
+ ( 579, 'CREATE_AUTHORITY_CONTROL_SET', oils_i18n_gettext( 579,
+    'Allow a user to create an authority control set', 'ppl', 'description' )),
+ ( 580, 'DELETE_AUTHORITY_CONTROL_SET', oils_i18n_gettext( 580,
+    'Allow a user to delete an authority control set', 'ppl', 'description' )),
+ ( 581, 'UPDATE_AUTHORITY_CONTROL_SET', oils_i18n_gettext( 581,
+    'Allow a user to modify an authority control set', 'ppl', 'description' )),
+ ( 582, 'ACTOR_USER_DELETE_OPEN_XACTS.override', oils_i18n_gettext( 582,
+    'Override the ACTOR_USER_DELETE_OPEN_XACTS event', 'ppl', 'description' )),
+ ( 583, 'PATRON_EXCEEDS_LOST_COUNT.override', oils_i18n_gettext( 583,
+    'Override the PATRON_EXCEEDS_LOST_COUNT event', 'ppl', 'description' )),
+ ( 584, 'MAX_HOLDS.override', oils_i18n_gettext( 584,
+    'Override the MAX_HOLDS event', 'ppl', 'description' )),
+ ( 585, 'ITEM_DEPOSIT_REQUIRED.override', oils_i18n_gettext( 585,
+    'Override the ITEM_DEPOSIT_REQUIRED event', 'ppl', 'description' )),
+ ( 586, 'ITEM_DEPOSIT_PAID.override', oils_i18n_gettext( 586,
+    'Override the ITEM_DEPOSIT_PAID event', 'ppl', 'description' )),
+ ( 587, 'COPY_STATUS_LOST_AND_PAID.override', oils_i18n_gettext( 587,
+    'Override the COPY_STATUS_LOST_AND_PAID event', 'ppl', 'description' )),
+ ( 588, 'ITEM_NOT_HOLDABLE.override', oils_i18n_gettext( 588,
+    'Override the ITEM_NOT_HOLDABLE event', 'ppl', 'description' )),
+ ( 589, 'ITEM_RENTAL_FEE_REQUIRED.override', oils_i18n_gettext( 589,
+    'Override the ITEM_RENTAL_FEE_REQUIRED event', 'ppl', 'description' ))
 ;
 
 SELECT SETVAL('permission.perm_list_id_seq'::TEXT, 1000);
@@ -1850,7 +1900,10 @@ INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable)
 			'UPDATE_MARC',
 			'UPDATE_RECORD',
 			'user_request.view',
-			'VIEW_AUTHORITY_RECORD_NOTES');
+			'VIEW_AUTHORITY_RECORD_NOTES',
+			'CREATE_AUTHORITY_RECORD',
+			'DELETE_AUTHORITY_RECORD',
+			'UPDATE_AUTHORITY_RECORD');
 
 INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable)
 	SELECT
@@ -1891,7 +1944,14 @@ INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable)
 			'UPDATE_MFHD_RECORD',
 			'UPDATE_VOLUME',
 			'UPDATE_VOLUME_NOTE',
-			'VIEW_SERIAL_SUBSCRIPTION');
+			'VIEW_SERIAL_SUBSCRIPTION',
+			'MARK_ITEM_CATALOGING',
+			'MARK_ITEM_DAMAGED',
+			'MARK_ITEM_DISCARD',
+			'MARK_ITEM_RESERVES',
+			'',
+			'',
+			'');
 
 
 -- Add advanced cataloguing permissions to the Cataloging Admin group
@@ -1937,8 +1997,10 @@ INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable)
 			'UPDATE_MERGE_PROFILE',
 			'UPDATE_MONOGRAPH_PART',
 			'UPDATE_VOLUME_PREFIX',
-			'UPDATE_VOLUME_SUFFIX'
-		);
+			'UPDATE_VOLUME_SUFFIX',
+			'CREATE_AUTHORITY_CONTROL_SET',
+			'DELETE_AUTHORITY_CONTROL_SET',
+			'UPDATE_AUTHORITY_CONTROL_SET');
 
 INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable)
 	SELECT
@@ -1960,7 +2022,13 @@ INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable)
 			'UPDATE_COPY_LOCATION',
 			'UPDATE_COPY_STAT_CAT',
 			'UPDATE_COPY_STAT_CAT_ENTRY',
-			'VIEW_REPORT_OUTPUT');
+			'VIEW_REPORT_OUTPUT'
+			'CREATE_POP_BADGE',
+			'DELETE_POP_BADGE',
+			'UPDATE_POP_BADGE',
+			'CREATE_POP_PARAMETER',
+			'DELETE_POP_PARAMETER',
+			'UPDATE_POP_PARAMETER');
 
 
 -- Add basic circulation permissions to the Circulators group
@@ -2173,7 +2241,15 @@ INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable)
 			'VIEW_STANDING_PENALTY',
 			'VOID_BILLING',
             'TRANSIT_CHECKIN_INTERVAL_BLOCK.override',
-			'VOLUME_HOLDS');
+			'VOLUME_HOLDS',
+			'ACTOR_USER_DELETE_OPEN_XACTS.override',
+			'PATRON_EXCEEDS_LOST_COUNT.override',
+			'MAX_HOLDS.override',
+			'ITEM_DEPOSIT_REQUIRED.override',
+			'ITEM_RENTAL_FEE_REQUIRED.override',
+			'ITEM_DEPOSIT_PAID.override',
+			'COPY_STATUS_LOST_AND_PAID.override',
+			'ITEM_NOT_HOLDABLE.override');
 
 
 -- Add basic sys admin permissions to the Local Administrator group
diff --git a/Open-ILS/src/sql/Pg/upgrade/XXXX.data.overlooked_permissions.sql b/Open-ILS/src/sql/Pg/upgrade/XXXX.data.overlooked_permissions.sql
new file mode 100644
index 0000000000..b0c68ad21d
--- /dev/null
+++ b/Open-ILS/src/sql/Pg/upgrade/XXXX.data.overlooked_permissions.sql
@@ -0,0 +1,66 @@
+BEGIN;
+
+SELECT evergreen.upgrade_deps_block_check('XXXX', :eg_version);
+
+-- Add missing permissions noted in LP 1517137 adjusting those added manually and ignoring those already in place.
+
+DO $$
+DECLARE fixperm TEXT[3];
+DECLARE modify BOOLEAN;
+DECLARE permid BIGINT;
+DECLARE oldid BIGINT;
+BEGIN
+
+FOREACH fixperm SLICE 1 IN ARRAY ARRAY[
+  ['564', 'MARK_ITEM_CATALOGING', 'Allow a user to mark an item status as ''cataloging'''],
+  ['565', 'MARK_ITEM_DAMAGED', 'Allow a user to mark an item status as ''damaged'''],
+  ['566', 'MARK_ITEM_DISCARD', 'Allow a user to mark an item status as ''discard'''],
+  ['567', 'MARK_ITEM_RESERVES', 'Allow a user to mark an item status as ''reserves'''],
+  ['568', 'ADMIN_ORG_UNIT_SETTING_TYPE_LOG', 'Allow a user to modify the org unit settings log'],
+  ['570', 'CREATE_POP_BADGE', 'Allow a user to create a new popularity badge'],
+  ['571', 'DELETE_POP_BADGE', 'Allow a user to delete a popularity badge'],
+  ['572', 'UPDATE_POP_BADGE', 'Allow a user to modify a popularity badge'],
+  ['573', 'CREATE_POP_PARAMETER', 'Allow a user to create a popularity badge parameter'],
+  ['574', 'DELETE_POP_PARAMETER', 'Allow a user to delete a popularity badge parameter'],
+  ['575', 'UPDATE_POP_PARAMETER', 'Allow a user to modify a popularity badge parameter'],
+  ['576', 'CREATE_AUTHORITY_RECORD', 'Allow a user to create an authority record'],
+  ['577', 'DELETE_AUTHORITY_RECORD', 'Allow a user to delete an authority record'],
+  ['578', 'UPDATE_AUTHORITY_RECORD', 'Allow a user to modify an authority record'],
+  ['579', 'CREATE_AUTHORITY_CONTROL_SET', 'Allow a user to create an authority control set'],
+  ['580', 'DELETE_AUTHORITY_CONTROL_SET', 'Allow a user to delete an authority control set'],
+  ['581', 'UPDATE_AUTHORITY_CONTROL_SET', 'Allow a user to modify an authority control set'],
+  ['582', 'ACTOR_USER_DELETE_OPEN_XACTS.override', 'Override the ACTOR_USER_DELETE_OPEN_XACTS event'],
+  ['583', 'PATRON_EXCEEDS_LOST_COUNT.override', 'Override the PATRON_EXCEEDS_LOST_COUNT event'],
+  ['584', 'MAX_HOLDS.override', 'Override the MAX_HOLDS event'],
+  ['585', 'ITEM_DEPOSIT_REQUIRED.override', 'Override the ITEM_DEPOSIT_REQUIRED event'],
+  ['586', 'ITEM_DEPOSIT_PAID.override', 'Override the ITEM_DEPOSIT_PAID event'],
+  ['587', 'COPY_STATUS_LOST_AND_PAID.override', 'Override the COPY_STATUS_LOST_AND_PAID event'],
+  ['588', 'ITEM_NOT_HOLDABLE.override', 'Override the ITEM_NOT_HOLDABLE event'],
+  ['589', 'ITEM_RENTAL_FEE_REQUIRED.override', 'Override the ITEM_RENTAL_FEE_REQUIRED event']
+]
+LOOP
+  permid := CAST (fixperm[1] AS BIGINT);
+  -- Has this permission already been manually applied at the expected id?
+  PERFORM * FROM permission.perm_list WHERE id = permid;
+  IF NOT FOUND THEN
+    UPDATE permission.perm_list SET code = code || '_local' WHERE code = fixperm[2] AND id > 1000 RETURNING id INTO oldid;
+    modify := FOUND;
+
+    INSERT INTO permission.perm_list (id, code, description) VALUES (permid, fixperm[2], fixperm[3]);
+
+    -- Several of these are rather unlikely for these particular permissions but safer > sorry.
+    IF modify THEN
+      UPDATE permission.grp_perm_map SET perm = permid WHERE perm = oldid;
+      UPDATE config.org_unit_setting_type SET update_perm = permid WHERE update_perm = oldid;
+      UPDATE permission.usr_object_perm_map SET perm = permid WHERE perm = oldid;
+      UPDATE permission.usr_perm_map SET perm = permid WHERE perm = oldid;
+      UPDATE config.org_unit_setting_type SET view_perm = permid WHERE view_perm = oldid;
+      UPDATE config.z3950_source SET use_perm = permid WHERE use_perm = oldid;
+      DELETE FROM permission.perm_list WHERE id = oldid;
+    END IF;
+  END IF;
+END LOOP;
+
+END$$;
+
+COMMIT;
-- 
2.43.2