From 42d044cc80daff7c1b9cf2e6ab9c53a59d4f018e Mon Sep 17 00:00:00 2001 From: dbs Date: Mon, 8 Mar 2010 19:25:53 +0000 Subject: [PATCH] Make permissions for administering triggers more usable out of the box: * Add CREATE/DELETE/UPDATE/VIEW variants to the generic ADMIN * Add ADMIN/CREATE/DELETE/UPDATE trigger permissions to Local System Administrator group at System depth * Add VIEW trigger permissions to Local System Administrator at Consortial depth to enable cloning git-svn-id: svn://svn.open-ils.org/ILS/trunk@15735 dcc99617-32d9-48b4-a31d-7c20da2025e4 --- Open-ILS/examples/fm_IDL.xml | 50 +++++++++---------- Open-ILS/src/sql/Pg/002.schema.config.sql | 2 +- Open-ILS/src/sql/Pg/950.data.seed-values.sql | 34 +++++++++++++ .../0182.data.permission.action_trigger.sql | 42 ++++++++++++++++ 4 files changed, 102 insertions(+), 26 deletions(-) create mode 100644 Open-ILS/src/sql/Pg/upgrade/0182.data.permission.action_trigger.sql diff --git a/Open-ILS/examples/fm_IDL.xml b/Open-ILS/examples/fm_IDL.xml index 99d4b2082c..63fdc9a313 100644 --- a/Open-ILS/examples/fm_IDL.xml +++ b/Open-ILS/examples/fm_IDL.xml @@ -610,7 +610,7 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA - + @@ -625,10 +625,10 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA - + - - + + @@ -649,10 +649,10 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA - + - - + + @@ -665,10 +665,10 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA - + - - + + @@ -681,10 +681,10 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA - + - - + + @@ -703,16 +703,16 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA - + - + - + - + @@ -754,10 +754,10 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA - - - - + + + + @@ -799,16 +799,16 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA - + - + - + - + diff --git a/Open-ILS/src/sql/Pg/002.schema.config.sql b/Open-ILS/src/sql/Pg/002.schema.config.sql index 76f60b9e1b..24abc8bbc6 100644 --- a/Open-ILS/src/sql/Pg/002.schema.config.sql +++ b/Open-ILS/src/sql/Pg/002.schema.config.sql @@ -51,7 +51,7 @@ CREATE TABLE config.upgrade_log ( install_date TIMESTAMP WITH TIME ZONE NOT NULL DEFAULT NOW() ); -INSERT INTO config.upgrade_log (version) VALUES ('0181'); -- Scott McKellar +INSERT INTO config.upgrade_log (version) VALUES ('0182'); -- dbs CREATE TABLE config.bib_source ( id SERIAL PRIMARY KEY, diff --git a/Open-ILS/src/sql/Pg/950.data.seed-values.sql b/Open-ILS/src/sql/Pg/950.data.seed-values.sql index a76dc65c72..f76363c354 100644 --- a/Open-ILS/src/sql/Pg/950.data.seed-values.sql +++ b/Open-ILS/src/sql/Pg/950.data.seed-values.sql @@ -1256,6 +1256,28 @@ INSERT INTO permission.perm_list VALUES (363, 'ALLOW_ALT_TCN', oils_i18n_gettext(363, 'Allows staff to import a record using an alternate TCN to avoid conflicts', 'ppl', 'description')), (364, 'ADMIN_TRIGGER_EVENT_DEF', oils_i18n_gettext(364, 'Allow a user to administer trigger event definitions', 'ppl', 'description')), (365, 'ADMIN_ACQ_CANCEL_CAUSE', oils_i18n_gettext(365, 'Allow a user to create/update/delete reasons for order cancellations', 'ppl', 'description') + (366, 'ADMIN_TRIGGER_CLEANUP', oils_i18n_gettext(366, 'Allow a user to create, delete, and update trigger cleanup entries', 'ppl', 'description')), + (367, 'CREATE_TRIGGER_CLEANUP', oils_i18n_gettext(367, 'Allow a user to create trigger cleanup entries', 'ppl', 'description')), + (368, 'DELETE_TRIGGER_CLEANUP', oils_i18n_gettext(368, 'Allow a user to delete trigger cleanup entries', 'ppl', 'description')), + (369, 'UPDATE_TRIGGER_CLEANUP', oils_i18n_gettext(369, 'Allow a user to update trigger cleanup entries', 'ppl', 'description')), + (370, 'CREATE_TRIGGER_EVENT_DEF', oils_i18n_gettext(370, 'Allow a user to create trigger event definitions', 'ppl', 'description')), + (371, 'DELETE_TRIGGER_EVENT_DEF', oils_i18n_gettext(371, 'Allow a user to delete trigger event definitions', 'ppl', 'description')), + (372, 'UPDATE_TRIGGER_EVENT_DEF', oils_i18n_gettext(372, 'Allow a user to update trigger event definitions', 'ppl', 'description')), + (373, 'VIEW_TRIGGER_EVENT_DEF', oils_i18n_gettext(373, 'Allow a user to view trigger event definitions', 'ppl', 'description')), + (374, 'ADMIN_TRIGGER_HOOK', oils_i18n_gettext(374, 'Allow a user to create, update, and delete trigger hooks', 'ppl', 'description')), + (375, 'CREATE_TRIGGER_HOOK', oils_i18n_gettext(375, 'Allow a user to create trigger hooks', 'ppl', 'description')), + (376, 'DELETE_TRIGGER_HOOK', oils_i18n_gettext(376, 'Allow a user to delete trigger hooks', 'ppl', 'description')), + (377, 'UPDATE_TRIGGER_HOOK', oils_i18n_gettext(377, 'Allow a user to update trigger hooks', 'ppl', 'description')), + (378, 'ADMIN_TRIGGER_REACTOR', oils_i18n_gettext(378, 'Allow a user to create, update, and delete trigger reactors', 'ppl', 'description')), + (379, 'CREATE_TRIGGER_REACTOR', oils_i18n_gettext(379, 'Allow a user to create trigger reactors', 'ppl', 'description')), + (380, 'DELETE_TRIGGER_REACTOR', oils_i18n_gettext(380, 'Allow a user to delete trigger reactors', 'ppl', 'description')), + (381, 'UPDATE_TRIGGER_REACTOR', oils_i18n_gettext(381, 'Allow a user to update trigger reactors', 'ppl', 'description')), + (382, 'ADMIN_TRIGGER_TEMPLATE_OUTPUT', oils_i18n_gettext(382, 'Allow a user to delete trigger template output', 'ppl', 'description')), + (383, 'DELETE_TRIGGER_TEMPLATE_OUTPUT', oils_i18n_gettext(383, 'Allow a user to delete trigger template output', 'ppl', 'description')), + (384, 'ADMIN_TRIGGER_VALIDATOR', oils_i18n_gettext(384, 'Allow a user to create, update, and delete trigger validators', 'ppl', 'description')), + (385, 'CREATE_TRIGGER_VALIDATOR', oils_i18n_gettext(385, 'Allow a user to create trigger validators', 'ppl', 'description')), + (386, 'DELETE_TRIGGER_VALIDATOR', oils_i18n_gettext(386, 'Allow a user to delete trigger validators', 'ppl', 'description')), + (387, 'UPDATE_TRIGGER_VALIDATOR', oils_i18n_gettext(387, 'Allow a user to update trigger validators', 'ppl', 'description')) ; SELECT SETVAL('permission.perm_list_id_seq'::TEXT, 1000); @@ -1420,6 +1442,18 @@ INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (10, (S INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (10, (SELECT id FROM permission.perm_list WHERE code = 'SHARE_REPORT_FOLDER'), 1, false); INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (10, (SELECT id FROM permission.perm_list WHERE code = 'VIEW_REPORT_OUTPUT'), 1, false); +-- Add trigger administration permissions to the Local System Administrator group +INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) + SELECT 10, id, 1, false FROM permission.perm_list + WHERE code LIKE 'ADMIN_TRIGGER%' + OR code LIKE 'CREATE_TRIGGER%' + OR code LIKE 'DELETE_TRIGGER%' + OR code LIKE 'UPDATE_TRIGGER%' +; +-- View trigger permissions are required at a consortial level for initial setup +INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) + SELECT 10, id, 0, false FROM permission.perm_list WHERE code LIKE 'VIEW_TRIGGER%'; + -- Add basic acquisitions permissions to the Acquisitions group SELECT SETVAL('permission.grp_perm_map_id_seq'::TEXT, (SELECT MAX(id) FROM permission.grp_perm_map)); INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (6, (SELECT id FROM permission.perm_list WHERE code = 'GENERAL_ACQ'), 1, false); diff --git a/Open-ILS/src/sql/Pg/upgrade/0182.data.permission.action_trigger.sql b/Open-ILS/src/sql/Pg/upgrade/0182.data.permission.action_trigger.sql new file mode 100644 index 0000000000..31170d5954 --- /dev/null +++ b/Open-ILS/src/sql/Pg/upgrade/0182.data.permission.action_trigger.sql @@ -0,0 +1,42 @@ +BEGIN; + +INSERT INTO config.upgrade_log (version) VALUES ('0182'); -- dbs + +INSERT INTO permission.perm_list (code, description) VALUES + ('ADMIN_TRIGGER_CLEANUP', 'Allow a user to create, delete, and update trigger cleanup entries'), + ('CREATE_TRIGGER_CLEANUP', 'Allow a user to create trigger cleanup entries'), + ('DELETE_TRIGGER_CLEANUP', 'Allow a user to delete trigger cleanup entries'), + ('UPDATE_TRIGGER_CLEANUP', 'Allow a user to update trigger cleanup entries'), + ('CREATE_TRIGGER_EVENT_DEF', 'Allow a user to create trigger event definitions'), + ('DELETE_TRIGGER_EVENT_DEF', 'Allow a user to delete trigger event definitions'), + ('UPDATE_TRIGGER_EVENT_DEF', 'Allow a user to update trigger event definitions'), + ('VIEW_TRIGGER_EVENT_DEF', 'Allow a user to view trigger event definitions'), + ('ADMIN_TRIGGER_HOOK', 'Allow a user to create, update, and delete trigger hooks'), + ('CREATE_TRIGGER_HOOK', 'Allow a user to create trigger hooks'), + ('DELETE_TRIGGER_HOOK', 'Allow a user to delete trigger hooks'), + ('UPDATE_TRIGGER_HOOK', 'Allow a user to update trigger hooks'), + ('ADMIN_TRIGGER_REACTOR', 'Allow a user to create, update, and delete trigger reactors'), + ('CREATE_TRIGGER_REACTOR', 'Allow a user to create trigger reactors'), + ('DELETE_TRIGGER_REACTOR', 'Allow a user to delete trigger reactors'), + ('UPDATE_TRIGGER_REACTOR', 'Allow a user to update trigger reactors'), + ('ADMIN_TRIGGER_TEMPLATE_OUTPUT', 'Allow a user to delete trigger template output'), + ('DELETE_TRIGGER_TEMPLATE_OUTPUT', 'Allow a user to delete trigger template output'), + ('ADMIN_TRIGGER_VALIDATOR', 'Allow a user to create, update, and delete trigger validators'), + ('CREATE_TRIGGER_VALIDATOR', 'Allow a user to create trigger validators'), + ('DELETE_TRIGGER_VALIDATOR', 'Allow a user to delete trigger validators'), + ('UPDATE_TRIGGER_VALIDATOR', 'Allow a user to update trigger validators') +; + +-- Add trigger administration permissions to the Local System Administrator group +INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) + SELECT 10, id, 1, false FROM permission.perm_list + WHERE code LIKE 'ADMIN_TRIGGER%' + OR code LIKE 'CREATE_TRIGGER%' + OR code LIKE 'DELETE_TRIGGER%' + OR code LIKE 'UPDATE_TRIGGER%' +; +-- View trigger permissions are required at a consortial level for initial setup +INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) + SELECT 10, id, 0, false FROM permission.perm_list WHERE code LIKE 'VIEW_TRIGGER%'; + +COMMIT; -- 2.43.2