From: dbs <dbs@dcc99617-32d9-48b4-a31d-7c20da2025e4>
Date: Mon, 8 Mar 2010 19:25:53 +0000 (+0000)
Subject: Make permissions for administering triggers more usable out of the box:
X-Git-Url: https://old-git.evergreen-ils.org/?a=commitdiff_plain;h=42d044cc80daff7c1b9cf2e6ab9c53a59d4f018e;p=evergreen%2Fmasslnc.git
Make permissions for administering triggers more usable out of the box:
* Add CREATE/DELETE/UPDATE/VIEW variants to the generic ADMIN
* Add ADMIN/CREATE/DELETE/UPDATE trigger permissions to Local System Administrator group at System depth
* Add VIEW trigger permissions to Local System Administrator at Consortial depth to enable cloning
git-svn-id: svn://svn.open-ils.org/ILS/trunk@15735 dcc99617-32d9-48b4-a31d-7c20da2025e4
---
diff --git a/Open-ILS/examples/fm_IDL.xml b/Open-ILS/examples/fm_IDL.xml
index 99d4b2082c..63fdc9a313 100644
--- a/Open-ILS/examples/fm_IDL.xml
+++ b/Open-ILS/examples/fm_IDL.xml
@@ -610,7 +610,7 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
<permacrud xmlns="http://open-ils.org/spec/opensrf/IDL/permacrud/v1">
<actions>
<retrieve/>
- <delete permission="ADMIN_TRIGGER_TEMPLATE_OUTPUT" global_required="true"/>
+ <delete permission="ADMIN_TRIGGER_TEMPLATE_OUTPUT DELETE_TRIGGER_TEMPLATE_OUTPUT" global_required="true"/>
</actions>
</permacrud>
</class>
@@ -625,10 +625,10 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
<links/>
<permacrud xmlns="http://open-ils.org/spec/opensrf/IDL/permacrud/v1">
<actions>
- <create permission="ADMIN_TRIGGER_HOOK" global_required="true"/>
+ <create permission="ADMIN_TRIGGER_HOOK CREATE_TRIGGER_HOOK" global_required="true"/>
<retrieve/>
- <update permission="ADMIN_TRIGGER_HOOK" global_required="true"/>
- <delete permission="ADMIN_TRIGGER_HOOK" global_required="true"/>
+ <update permission="ADMIN_TRIGGER_HOOK UPDATE_TRIGGER_HOOK" global_required="true"/>
+ <delete permission="ADMIN_TRIGGER_HOOK DELETE_TRIGGER_HOOK" global_required="true"/>
</actions>
</permacrud>
</class>
@@ -649,10 +649,10 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
<links/>
<permacrud xmlns="http://open-ils.org/spec/opensrf/IDL/permacrud/v1">
<actions>
- <create permission="ADMIN_TRIGGER_VALIDATOR" global_required="true"/>
+ <create permission="ADMIN_TRIGGER_VALIDATOR CREATE_TRIGGER_VALIDATOR" global_required="true"/>
<retrieve/>
- <update permission="ADMIN_TRIGGER_VALIDATOR" global_required="true"/>
- <delete permission="ADMIN_TRIGGER_VALIDATOR" global_required="true"/>
+ <update permission="ADMIN_TRIGGER_VALIDATOR UPDATE_TRIGGER_VALIDATOR" global_required="true"/>
+ <delete permission="ADMIN_TRIGGER_VALIDATOR DELETE_TRIGGER_VALIDATOR" global_required="true"/>
</actions>
</permacrud>
</class>
@@ -665,10 +665,10 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
<links/>
<permacrud xmlns="http://open-ils.org/spec/opensrf/IDL/permacrud/v1">
<actions>
- <create permission="ADMIN_TRIGGER_REACTOR" global_required="true"/>
+ <create permission="ADMIN_TRIGGER_REACTOR CREATE_TRIGGER_REACTOR" global_required="true"/>
<retrieve/>
- <update permission="ADMIN_TRIGGER_REACTOR" global_required="true"/>
- <delete permission="ADMIN_TRIGGER_REACTOR" global_required="true"/>
+ <update permission="ADMIN_TRIGGER_REACTOR UPDATE_TRIGGER_REACTOR" global_required="true"/>
+ <delete permission="ADMIN_TRIGGER_REACTOR DELETE_TRIGGER_REACTOR" global_required="true"/>
</actions>
</permacrud>
</class>
@@ -681,10 +681,10 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
<links/>
<permacrud xmlns="http://open-ils.org/spec/opensrf/IDL/permacrud/v1">
<actions>
- <create permission="ADMIN_TRIGGER_CLEANUP" global_required="true"/>
+ <create permission="ADMIN_TRIGGER_CLEANUP CREATE_TRIGGER_CLEANUP" global_required="true"/>
<retrieve/>
- <update permission="ADMIN_TRIGGER_CLEANUP" global_required="true"/>
- <delete permission="ADMIN_TRIGGER_CLEANUP" global_required="true"/>
+ <update permission="ADMIN_TRIGGER_CLEANUP UPDATE_TRIGGER_CLEANUP" global_required="true"/>
+ <delete permission="ADMIN_TRIGGER_CLEANUP DELETE_TRIGGER_CLEANUP" global_required="true"/>
</actions>
</permacrud>
</class>
@@ -703,16 +703,16 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
</links>
<permacrud xmlns="http://open-ils.org/spec/opensrf/IDL/permacrud/v1">
<actions>
- <create permission="ADMIN_TRIGGER_EVENT_DEF">
+ <create permission="ADMIN_TRIGGER_EVENT_DEF CREATE_TRIGGER_EVENT_DEF">
<context link="event_def" field="owner"/>
</create>
- <retrieve permission="ADMIN_TRIGGER_EVENT_DEF">
+ <retrieve permission="ADMIN_TRIGGER_EVENT_DEF VIEW_TRIGGER_EVENT_DEF">
<context link="event_def" field="owner"/>
</retrieve>
- <update permission="ADMIN_TRIGGER_EVENT_DEF">
+ <update permission="ADMIN_TRIGGER_EVENT_DEF UPDATE_TRIGGER_EVENT_DEF">
<context link="event_def" field="owner"/>
</update>
- <delete permission="ADMIN_TRIGGER_EVENT_DEF">
+ <delete permission="ADMIN_TRIGGER_EVENT_DEF DELETE_TRIGGER_EVENT_DEF">
<context link="event_def" field="owner"/>
</delete>
</actions>
@@ -754,10 +754,10 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
</links>
<permacrud xmlns="http://open-ils.org/spec/opensrf/IDL/permacrud/v1">
<actions>
- <create permission="ADMIN_TRIGGER_EVENT_DEF" context_field="owner"/>
- <retrieve permission="ADMIN_TRIGGER_EVENT_DEF" context_field="owner"/>
- <update permission="ADMIN_TRIGGER_EVENT_DEF" context_field="owner"/>
- <delete permission="ADMIN_TRIGGER_EVENT_DEF" context_field="owner"/>
+ <create permission="ADMIN_TRIGGER_EVENT_DEF CREATE_TRIGGER_EVENT_DEF" context_field="owner"/>
+ <retrieve permission="ADMIN_TRIGGER_EVENT_DEF VIEW_TRIGGER_EVENT_DEF" context_field="owner"/>
+ <update permission="ADMIN_TRIGGER_EVENT_DEF UPDATE_TRIGGER_EVENT_DEF" context_field="owner"/>
+ <delete permission="ADMIN_TRIGGER_EVENT_DEF DELETE_TRIGGER_EVENT_DEF" context_field="owner"/>
</actions>
</permacrud>
</class>
@@ -799,16 +799,16 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
</links>
<permacrud xmlns="http://open-ils.org/spec/opensrf/IDL/permacrud/v1">
<actions>
- <create permission="ADMIN_TRIGGER_EVENT_DEF">
+ <create permission="ADMIN_TRIGGER_EVENT_DEF CREATE_TRIGGER_EVENT_DEF">
<context link="event_def" field="owner"/>
</create>
- <retrieve permission="ADMIN_TRIGGER_EVENT_DEF">
+ <retrieve permission="ADMIN_TRIGGER_EVENT_DEF VIEW_TRIGGER_EVENT_DEF">
<context link="event_def" field="owner"/>
</retrieve>
- <update permission="ADMIN_TRIGGER_EVENT_DEF">
+ <update permission="ADMIN_TRIGGER_EVENT_DEF UPDATE_TRIGGER_EVENT_DEF">
<context link="event_def" field="owner"/>
</update>
- <delete permission="ADMIN_TRIGGER_EVENT_DEF">
+ <delete permission="ADMIN_TRIGGER_EVENT_DEF DELETE_TRIGGER_EVENT_DEF">
<context link="event_def" field="owner"/>
</delete>
</actions>
diff --git a/Open-ILS/src/sql/Pg/002.schema.config.sql b/Open-ILS/src/sql/Pg/002.schema.config.sql
index 76f60b9e1b..24abc8bbc6 100644
--- a/Open-ILS/src/sql/Pg/002.schema.config.sql
+++ b/Open-ILS/src/sql/Pg/002.schema.config.sql
@@ -51,7 +51,7 @@ CREATE TABLE config.upgrade_log (
install_date TIMESTAMP WITH TIME ZONE NOT NULL DEFAULT NOW()
);
-INSERT INTO config.upgrade_log (version) VALUES ('0181'); -- Scott McKellar
+INSERT INTO config.upgrade_log (version) VALUES ('0182'); -- dbs
CREATE TABLE config.bib_source (
id SERIAL PRIMARY KEY,
diff --git a/Open-ILS/src/sql/Pg/950.data.seed-values.sql b/Open-ILS/src/sql/Pg/950.data.seed-values.sql
index a76dc65c72..f76363c354 100644
--- a/Open-ILS/src/sql/Pg/950.data.seed-values.sql
+++ b/Open-ILS/src/sql/Pg/950.data.seed-values.sql
@@ -1256,6 +1256,28 @@ INSERT INTO permission.perm_list VALUES
(363, 'ALLOW_ALT_TCN', oils_i18n_gettext(363, 'Allows staff to import a record using an alternate TCN to avoid conflicts', 'ppl', 'description')),
(364, 'ADMIN_TRIGGER_EVENT_DEF', oils_i18n_gettext(364, 'Allow a user to administer trigger event definitions', 'ppl', 'description')),
(365, 'ADMIN_ACQ_CANCEL_CAUSE', oils_i18n_gettext(365, 'Allow a user to create/update/delete reasons for order cancellations', 'ppl', 'description')
+ (366, 'ADMIN_TRIGGER_CLEANUP', oils_i18n_gettext(366, 'Allow a user to create, delete, and update trigger cleanup entries', 'ppl', 'description')),
+ (367, 'CREATE_TRIGGER_CLEANUP', oils_i18n_gettext(367, 'Allow a user to create trigger cleanup entries', 'ppl', 'description')),
+ (368, 'DELETE_TRIGGER_CLEANUP', oils_i18n_gettext(368, 'Allow a user to delete trigger cleanup entries', 'ppl', 'description')),
+ (369, 'UPDATE_TRIGGER_CLEANUP', oils_i18n_gettext(369, 'Allow a user to update trigger cleanup entries', 'ppl', 'description')),
+ (370, 'CREATE_TRIGGER_EVENT_DEF', oils_i18n_gettext(370, 'Allow a user to create trigger event definitions', 'ppl', 'description')),
+ (371, 'DELETE_TRIGGER_EVENT_DEF', oils_i18n_gettext(371, 'Allow a user to delete trigger event definitions', 'ppl', 'description')),
+ (372, 'UPDATE_TRIGGER_EVENT_DEF', oils_i18n_gettext(372, 'Allow a user to update trigger event definitions', 'ppl', 'description')),
+ (373, 'VIEW_TRIGGER_EVENT_DEF', oils_i18n_gettext(373, 'Allow a user to view trigger event definitions', 'ppl', 'description')),
+ (374, 'ADMIN_TRIGGER_HOOK', oils_i18n_gettext(374, 'Allow a user to create, update, and delete trigger hooks', 'ppl', 'description')),
+ (375, 'CREATE_TRIGGER_HOOK', oils_i18n_gettext(375, 'Allow a user to create trigger hooks', 'ppl', 'description')),
+ (376, 'DELETE_TRIGGER_HOOK', oils_i18n_gettext(376, 'Allow a user to delete trigger hooks', 'ppl', 'description')),
+ (377, 'UPDATE_TRIGGER_HOOK', oils_i18n_gettext(377, 'Allow a user to update trigger hooks', 'ppl', 'description')),
+ (378, 'ADMIN_TRIGGER_REACTOR', oils_i18n_gettext(378, 'Allow a user to create, update, and delete trigger reactors', 'ppl', 'description')),
+ (379, 'CREATE_TRIGGER_REACTOR', oils_i18n_gettext(379, 'Allow a user to create trigger reactors', 'ppl', 'description')),
+ (380, 'DELETE_TRIGGER_REACTOR', oils_i18n_gettext(380, 'Allow a user to delete trigger reactors', 'ppl', 'description')),
+ (381, 'UPDATE_TRIGGER_REACTOR', oils_i18n_gettext(381, 'Allow a user to update trigger reactors', 'ppl', 'description')),
+ (382, 'ADMIN_TRIGGER_TEMPLATE_OUTPUT', oils_i18n_gettext(382, 'Allow a user to delete trigger template output', 'ppl', 'description')),
+ (383, 'DELETE_TRIGGER_TEMPLATE_OUTPUT', oils_i18n_gettext(383, 'Allow a user to delete trigger template output', 'ppl', 'description')),
+ (384, 'ADMIN_TRIGGER_VALIDATOR', oils_i18n_gettext(384, 'Allow a user to create, update, and delete trigger validators', 'ppl', 'description')),
+ (385, 'CREATE_TRIGGER_VALIDATOR', oils_i18n_gettext(385, 'Allow a user to create trigger validators', 'ppl', 'description')),
+ (386, 'DELETE_TRIGGER_VALIDATOR', oils_i18n_gettext(386, 'Allow a user to delete trigger validators', 'ppl', 'description')),
+ (387, 'UPDATE_TRIGGER_VALIDATOR', oils_i18n_gettext(387, 'Allow a user to update trigger validators', 'ppl', 'description'))
;
SELECT SETVAL('permission.perm_list_id_seq'::TEXT, 1000);
@@ -1420,6 +1442,18 @@ INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (10, (S
INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (10, (SELECT id FROM permission.perm_list WHERE code = 'SHARE_REPORT_FOLDER'), 1, false);
INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (10, (SELECT id FROM permission.perm_list WHERE code = 'VIEW_REPORT_OUTPUT'), 1, false);
+-- Add trigger administration permissions to the Local System Administrator group
+INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable)
+ SELECT 10, id, 1, false FROM permission.perm_list
+ WHERE code LIKE 'ADMIN_TRIGGER%'
+ OR code LIKE 'CREATE_TRIGGER%'
+ OR code LIKE 'DELETE_TRIGGER%'
+ OR code LIKE 'UPDATE_TRIGGER%'
+;
+-- View trigger permissions are required at a consortial level for initial setup
+INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable)
+ SELECT 10, id, 0, false FROM permission.perm_list WHERE code LIKE 'VIEW_TRIGGER%';
+
-- Add basic acquisitions permissions to the Acquisitions group
SELECT SETVAL('permission.grp_perm_map_id_seq'::TEXT, (SELECT MAX(id) FROM permission.grp_perm_map));
INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (6, (SELECT id FROM permission.perm_list WHERE code = 'GENERAL_ACQ'), 1, false);
diff --git a/Open-ILS/src/sql/Pg/upgrade/0182.data.permission.action_trigger.sql b/Open-ILS/src/sql/Pg/upgrade/0182.data.permission.action_trigger.sql
new file mode 100644
index 0000000000..31170d5954
--- /dev/null
+++ b/Open-ILS/src/sql/Pg/upgrade/0182.data.permission.action_trigger.sql
@@ -0,0 +1,42 @@
+BEGIN;
+
+INSERT INTO config.upgrade_log (version) VALUES ('0182'); -- dbs
+
+INSERT INTO permission.perm_list (code, description) VALUES
+ ('ADMIN_TRIGGER_CLEANUP', 'Allow a user to create, delete, and update trigger cleanup entries'),
+ ('CREATE_TRIGGER_CLEANUP', 'Allow a user to create trigger cleanup entries'),
+ ('DELETE_TRIGGER_CLEANUP', 'Allow a user to delete trigger cleanup entries'),
+ ('UPDATE_TRIGGER_CLEANUP', 'Allow a user to update trigger cleanup entries'),
+ ('CREATE_TRIGGER_EVENT_DEF', 'Allow a user to create trigger event definitions'),
+ ('DELETE_TRIGGER_EVENT_DEF', 'Allow a user to delete trigger event definitions'),
+ ('UPDATE_TRIGGER_EVENT_DEF', 'Allow a user to update trigger event definitions'),
+ ('VIEW_TRIGGER_EVENT_DEF', 'Allow a user to view trigger event definitions'),
+ ('ADMIN_TRIGGER_HOOK', 'Allow a user to create, update, and delete trigger hooks'),
+ ('CREATE_TRIGGER_HOOK', 'Allow a user to create trigger hooks'),
+ ('DELETE_TRIGGER_HOOK', 'Allow a user to delete trigger hooks'),
+ ('UPDATE_TRIGGER_HOOK', 'Allow a user to update trigger hooks'),
+ ('ADMIN_TRIGGER_REACTOR', 'Allow a user to create, update, and delete trigger reactors'),
+ ('CREATE_TRIGGER_REACTOR', 'Allow a user to create trigger reactors'),
+ ('DELETE_TRIGGER_REACTOR', 'Allow a user to delete trigger reactors'),
+ ('UPDATE_TRIGGER_REACTOR', 'Allow a user to update trigger reactors'),
+ ('ADMIN_TRIGGER_TEMPLATE_OUTPUT', 'Allow a user to delete trigger template output'),
+ ('DELETE_TRIGGER_TEMPLATE_OUTPUT', 'Allow a user to delete trigger template output'),
+ ('ADMIN_TRIGGER_VALIDATOR', 'Allow a user to create, update, and delete trigger validators'),
+ ('CREATE_TRIGGER_VALIDATOR', 'Allow a user to create trigger validators'),
+ ('DELETE_TRIGGER_VALIDATOR', 'Allow a user to delete trigger validators'),
+ ('UPDATE_TRIGGER_VALIDATOR', 'Allow a user to update trigger validators')
+;
+
+-- Add trigger administration permissions to the Local System Administrator group
+INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable)
+ SELECT 10, id, 1, false FROM permission.perm_list
+ WHERE code LIKE 'ADMIN_TRIGGER%'
+ OR code LIKE 'CREATE_TRIGGER%'
+ OR code LIKE 'DELETE_TRIGGER%'
+ OR code LIKE 'UPDATE_TRIGGER%'
+;
+-- View trigger permissions are required at a consortial level for initial setup
+INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable)
+ SELECT 10, id, 0, false FROM permission.perm_list WHERE code LIKE 'VIEW_TRIGGER%';
+
+COMMIT;