From: miker Date: Fri, 13 May 2011 17:30:47 +0000 (+0000) Subject: Patch from Ben Ostrowsky (LP#782268) to simplify seed/example permission setup and... X-Git-Url: https://old-git.evergreen-ils.org/?a=commitdiff_plain;h=75c58c9f948521a8ac78300bf8f45ae16205f74b;p=evergreen%2Fpines.git Patch from Ben Ostrowsky (LP#782268) to simplify seed/example permission setup and move one step towards being able to rid ourselves of permission.perm_list.id git-svn-id: svn://svn.open-ils.org/ILS/trunk@20473 dcc99617-32d9-48b4-a31d-7c20da2025e4 --- diff --git a/Open-ILS/src/sql/Pg/950.data.seed-values.sql b/Open-ILS/src/sql/Pg/950.data.seed-values.sql index 1a2259c505..38b7b71c4f 100644 --- a/Open-ILS/src/sql/Pg/950.data.seed-values.sql +++ b/Open-ILS/src/sql/Pg/950.data.seed-values.sql @@ -1397,8 +1397,25 @@ INSERT INTO permission.grp_tree (id, name, parent, description, perm_interval, u INSERT INTO permission.grp_tree (id, name, parent, description, perm_interval, usergroup, application_perm) VALUES (7, oils_i18n_gettext(7, 'Acquisitions Administrator', 'pgt', 'name'), 3, NULL, '3 years', TRUE, 'group_application.user.staff.acq_admin'); INSERT INTO permission.grp_tree (id, name, parent, description, perm_interval, usergroup, application_perm) VALUES - (10, oils_i18n_gettext(10, 'Local System Administrator', 'pgt', 'name'), 3, - oils_i18n_gettext(10, 'System maintenance, configuration, etc.', 'pgt', 'description'), '3 years', TRUE, 'group_application.user.staff.admin.local_admin'); + (8, oils_i18n_gettext(8, 'Cataloging Administrator', 'pgt', 'name'), 3, NULL, '3 years', TRUE, 'group_application.user.staff.cat_admin'); +INSERT INTO permission.grp_tree (id, name, parent, description, perm_interval, usergroup, application_perm) VALUES + (9, oils_i18n_gettext(9, 'Circulation Administrator', 'pgt', 'name'), 3, NULL, '3 years', TRUE, 'group_application.user.staff.circ_admin'); +INSERT INTO permission.grp_tree (id, name, parent, description, perm_interval, usergroup, application_perm) VALUES + (10, oils_i18n_gettext(10, 'Local Administrator', 'pgt', 'name'), 3, + oils_i18n_gettext(10, 'Can do anything at the Branch level', 'pgt', 'description'), '3 years', TRUE, 'group_application.user.staff.admin.local_admin'); +INSERT INTO permission.grp_tree (id, name, parent, description, perm_interval, usergroup, application_perm) VALUES + (11, oils_i18n_gettext(11, 'Serials', 'pgt', 'name'), 3, + oils_i18n_gettext(11, 'Serials (includes admin features)', 'pgt', 'description'), '3 years', TRUE, 'group_application.user.staff.serials'); +INSERT INTO permission.grp_tree (id, name, parent, description, perm_interval, usergroup, application_perm) VALUES + (12, oils_i18n_gettext(12, 'System Administrator', 'pgt', 'name'), 3, + oils_i18n_gettext(12, 'Can do anything at the System level', 'pgt', 'description'), '3 years', TRUE, 'group_application.user.staff.admin.system_admin'); +INSERT INTO permission.grp_tree (id, name, parent, description, perm_interval, usergroup, application_perm) VALUES + (13, oils_i18n_gettext(13, 'Global Administrator', 'pgt', 'name'), 3, + oils_i18n_gettext(13, 'Can do anything at the Consortium level', 'pgt', 'description'), '3 years', TRUE, 'group_application.user.staff.admin.global_admin'); +INSERT INTO permission.grp_tree (id, name, parent, description, perm_interval, usergroup, application_perm) VALUES + (14, oils_i18n_gettext(14, 'Data Review', 'pgt', 'name'), 3, NULL, '3 years', TRUE, 'group_application.user.staff.data_review'); +INSERT INTO permission.grp_tree (id, name, parent, description, perm_interval, usergroup, application_perm) VALUES + (15, oils_i18n_gettext(15, 'Volunteers', 'pgt', 'name'), 3, NULL, '3 years', TRUE, 'group_application.user.staff.volunteers'); SELECT SETVAL('permission.grp_tree_id_seq'::TEXT, (SELECT MAX(id) FROM permission.grp_tree)); @@ -1411,170 +1428,749 @@ INSERT INTO permission.grp_penalty_threshold (grp,org_unit,penalty,threshold) SELECT SETVAL('permission.grp_penalty_threshold_id_seq'::TEXT, (SELECT MAX(id) FROM permission.grp_penalty_threshold)); --- XXX Incomplete base permission setup. A patch would be appreciated. + -- Add basic user permissions to the Users group -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (1, (SELECT id FROM permission.perm_list WHERE code = 'OPAC_LOGIN'), 0, false); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (1, (SELECT id FROM permission.perm_list WHERE code = 'MR_HOLDS'), 0, false); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (1, (SELECT id FROM permission.perm_list WHERE code = 'TITLE_HOLDS'), 0, false); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (1, (SELECT id FROM permission.perm_list WHERE code = 'COPY_CHECKIN'), 0, false); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (1, (SELECT id FROM permission.perm_list WHERE code = 'CREATE_MY_CONTAINER'), 0, false); --- Add basic patron permissions to the Patrons group -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (2, (SELECT id FROM permission.perm_list WHERE code = 'RENEW_CIRC'), 0, false); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (2, (SELECT id FROM permission.perm_list WHERE code = 'CREATE_MY_CONTAINER'), 0, false); +INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) + SELECT + pgt.id, perm.id, aout.depth, FALSE + FROM + permission.grp_tree pgt, + permission.perm_list perm, + actor.org_unit_type aout + WHERE + pgt.name = 'Users' AND + aout.name = 'Consortium' AND + perm.code IN ( + 'COPY_CHECKIN', + 'CREATE_MY_CONTAINER', + 'MR_HOLDS', + 'OPAC_LOGIN', + 'RENEW_CIRC', + 'TITLE_HOLDS', + 'user_request.create'); + + +-- Add basic user permissions to the Data Review group + +INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) + SELECT + pgt.id, perm.id, aout.depth, FALSE + FROM + permission.grp_tree pgt, + permission.perm_list perm, + actor.org_unit_type aout + WHERE + pgt.name = 'Data Review' AND + aout.name = 'Consortium' AND + perm.code IN ( + 'CREATE_COPY_TRANSIT', + 'VIEW_BILLING_TYPE', + 'VIEW_CIRCULATIONS', + 'VIEW_COPY_NOTES', + 'VIEW_HOLD', + 'VIEW_ORG_SETTINGS', + 'VIEW_TITLE_NOTES', + 'VIEW_TRANSACTION', + 'VIEW_USER', + 'VIEW_USER_FINES_SUMMARY', + 'VIEW_USER_TRANSACTIONS', + 'VIEW_VOLUME_NOTES', + 'VIEW_ZIP_DATA'); + +INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) + SELECT + pgt.id, perm.id, aout.depth, FALSE + FROM + permission.grp_tree pgt, + permission.perm_list perm, + actor.org_unit_type aout + WHERE + pgt.name = 'Data Review' AND + aout.name = 'System' AND + perm.code IN ( + 'COPY_CHECKOUT', + 'COPY_HOLDS', + 'CREATE_IN_HOUSE_USE', + 'CREATE_TRANSACTION', + 'OFFLINE_EXECUTE', + 'OFFLINE_VIEW', + 'STAFF_LOGIN', + 'VOLUME_HOLDS'); + -- Add basic staff permissions to the Staff group -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'STAFF_LOGIN'), 0, false); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'VOLUME_HOLDS'), 2, false); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'COPY_HOLDS'), 2, false); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'REQUEST_HOLDS'), 0, false); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'VIEW_HOLD'), 0, false); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'RENEW_CIRC'), 0, false); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'VIEW_USER_FINES_SUMMARY'), 0, false); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'VIEW_USER_TRANSACTIONS'), 0, false); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'UPDATE_MARC'), 0, false); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'CREATE_MARC'), 0, false); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'IMPORT_MARC'), 0, false); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'CREATE_VOLUME'), 2, false); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'UPDATE_VOLUME'), 2, false); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'DELETE_VOLUME'), 2, false); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'CREATE_COPY'), 2, false); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'UPDATE_COPY'), 2, false); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'RENEW_HOLD_OVERRIDE'), 0, false); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'CREATE_USER'), 0, false); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'UPDATE_USER'), 0, false); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'DELETE_USER'), 0, false); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'VIEW_USER'), 0, false); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'CREATE_TRANSIT'), 0, false); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'VIEW_PERMISSION'), 0, false); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'CHECKIN_BYPASS_HOLD_FULFILL'), 0, false); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'CREATE_PAYMENT'), 0, false); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'SET_CIRC_LOST'), 0, false); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'SET_CIRC_MISSING'), 0, false); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'SET_CIRC_CLAIMS_RETURNED'), 0, false); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'CREATE_TRANSACTION'), 0, false); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'VIEW_TRANSACTION'), 0, false); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'CREATE_BILL'), 0, false); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'VIEW_CONTAINER'), 0, false); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'CREATE_CONTAINER'), 0, false); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'UPDATE_ORG_UNIT'), 2, false); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'VIEW_CIRCULATIONS'), 0, false); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'DELETE_CONTAINER'), 0, false); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'CREATE_CONTAINER_ITEM'), 0, false); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'VIEW_PERM_GROUPS'), 0, false); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'VIEW_PERMIT_CHECKOUT'), 0, false); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'UPDATE_BATCH_COPY'), 2, false); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'CREATE_PATRON_STAT_CAT'), 2, false); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'CREATE_COPY_STAT_CAT'), 2, false); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'CREATE_PATRON_STAT_CAT_ENTRY'), 2, false); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'CREATE_COPY_STAT_CAT_ENTRY'), 2, false); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'UPDATE_PATRON_STAT_CAT'), 2, false); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'UPDATE_COPY_STAT_CAT'), 2, false); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'UPDATE_PATRON_STAT_CAT_ENTRY'), 2, false); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'UPDATE_COPY_STAT_CAT_ENTRY'), 2, false); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'CREATE_NON_CAT_TYPE'), 2, false); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'UPDATE_NON_CAT_TYPE'), 2, false); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'CREATE_IN_HOUSE_USE'), 2, false); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'COPY_CHECKOUT'), 0, false); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'CREATE_COPY_LOCATION'), 2, false); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'UPDATE_COPY_LOCATION'), 2, false); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'CREATE_COPY_TRANSIT'), 0, false); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'COPY_TRANSIT_RECEIVE'), 0, false); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'VIEW_HOLD_PERMIT'), 0, false); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'VIEW_COPY_CHECKOUT_HISTORY'), 0, false); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'REMOTE_Z3950_QUERY'), 0, false); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'REGISTER_WORKSTATION'), 0, false); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'VIEW_COPY_NOTES'), 0, false); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'VIEW_VOLUME_NOTES'), 0, false); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'VIEW_TITLE_NOTES'), 0, false); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'CREATE_COPY_NOTE'), 2, false); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'CREATE_VOLUME_NOTE'), 2, false); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'UPDATE_CONTAINER'), 0, false); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'VIEW_HOLD_NOTIFICATION'), 0, false); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'CREATE_HOLD_NOTIFICATION'), 0, false); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'OFFLINE_UPLOAD'), 1, false); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'OFFLINE_VIEW'), 1, false); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'VIEW_BILLING_TYPE'), 0, false); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'VIEW_ORG_SETTINGS'), 1, false); + +INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) + SELECT + pgt.id, perm.id, aout.depth, FALSE + FROM + permission.grp_tree pgt, + permission.perm_list perm, + actor.org_unit_type aout + WHERE + pgt.name = 'Staff' AND + aout.name = 'Consortium' AND + perm.code IN ( + 'CREATE_CONTAINER', + 'CREATE_CONTAINER_ITEM', + 'CREATE_COPY_TRANSIT', + 'CREATE_HOLD_NOTIFICATION', + 'CREATE_TRANSACTION', + 'CREATE_TRANSIT', + 'DELETE_CONTAINER', + 'DELETE_CONTAINER_ITEM', + 'group_application.user', + 'group_application.user.patron', + 'REGISTER_WORKSTATION', + 'REMOTE_Z3950_QUERY', + 'REQUEST_HOLDS', + 'STAFF_LOGIN', + 'TRANSIT_COPY', + 'UPDATE_CONTAINER', + 'VIEW_CONTAINER', + 'VIEW_COPY_CHECKOUT_HISTORY', + 'VIEW_COPY_NOTES', + 'VIEW_HOLD', + 'VIEW_HOLD_NOTIFICATION', + 'VIEW_HOLD_PERMIT', + 'VIEW_PERM_GROUPS', + 'VIEW_PERMISSION', + 'VIEW_TITLE_NOTES', + 'VIEW_TRANSACTION', + 'VIEW_VOLUME_NOTES'); + +INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) + SELECT + pgt.id, perm.id, aout.depth, FALSE + FROM + permission.grp_tree pgt, + permission.perm_list perm, + actor.org_unit_type aout + WHERE + pgt.name = 'Staff' AND + aout.name = 'System' AND + perm.code IN ( + 'CREATE_USER', + 'UPDATE_USER', + 'VIEW_BILLING_TYPE', + 'VIEW_CIRCULATIONS', + 'VIEW_ORG_SETTINGS', + 'VIEW_PERMIT_CHECKOUT', + 'VIEW_USER', + 'VIEW_USER_FINES_SUMMARY', + 'VIEW_USER_TRANSACTIONS'); + +INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) + SELECT + pgt.id, perm.id, aout.depth, FALSE + FROM + permission.grp_tree pgt, + permission.perm_list perm, + actor.org_unit_type aout + WHERE + pgt.name = 'Staff' AND + aout.name = 'Branch' AND + perm.code IN ( + 'CANCEL_HOLDS', + 'COPY_CHECKOUT', + 'COPY_HOLDS', + 'COPY_TRANSIT_RECEIVE', + 'CREATE_BILL', + 'CREATE_IN_HOUSE_USE', + 'CREATE_PAYMENT', + 'RENEW_HOLD_OVERRIDE', + 'UPDATE_COPY', + 'UPDATE_VOLUME', + 'VOLUME_HOLDS'); + -- Add basic cataloguing permissions to the Catalogers group -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (4, (SELECT id FROM permission.perm_list WHERE code = 'COPY_HOLDS'), 2, false); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (4, (SELECT id FROM permission.perm_list WHERE code = 'UPDATE_MARC'), 0, false); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (4, (SELECT id FROM permission.perm_list WHERE code = 'CREATE_MARC'), 0, false); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (4, (SELECT id FROM permission.perm_list WHERE code = 'IMPORT_MARC'), 0, false); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (4, (SELECT id FROM permission.perm_list WHERE code = 'CREATE_VOLUME'), 2, false); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (4, (SELECT id FROM permission.perm_list WHERE code = 'UPDATE_VOLUME'), 2, false); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (4, (SELECT id FROM permission.perm_list WHERE code = 'DELETE_VOLUME'), 2, false); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (4, (SELECT id FROM permission.perm_list WHERE code = 'CREATE_COPY'), 2, false); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (4, (SELECT id FROM permission.perm_list WHERE code = 'UPDATE_COPY'), 2, false); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (4, (SELECT id FROM permission.perm_list WHERE code = 'DELETE_COPY'), 2, false); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (4, (SELECT id FROM permission.perm_list WHERE code = 'UPDATE_BATCH_COPY'), 2, false); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (4, (SELECT id FROM permission.perm_list WHERE code = 'CREATE_MFHD_RECORD'), 1, false); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (4, (SELECT id FROM permission.perm_list WHERE code = 'UPDATE_MFHD_RECORD'), 1, false); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (4, (SELECT id FROM permission.perm_list WHERE code = 'DELETE_MFHD_RECORD'), 1, false); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (4, (SELECT id FROM permission.perm_list WHERE code = 'UPDATE_RECORD'), 1, false); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (4, (SELECT id FROM permission.perm_list WHERE code = 'MERGE_AUTH_RECORDS'), 1, false); + +INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) + SELECT + pgt.id, perm.id, aout.depth, FALSE + FROM + permission.grp_tree pgt, + permission.perm_list perm, + actor.org_unit_type aout + WHERE + pgt.name = 'Catalogers' AND + aout.name = 'Consortium' AND + perm.code IN ( + 'ALLOW_ALT_TCN', + 'CREATE_BIB_IMPORT_QUEUE', + 'CREATE_IMPORT_ITEM', + 'CREATE_MARC', + 'CREATE_TITLE_NOTE', + 'DELETE_BIB_IMPORT_QUEUE', + 'DELETE_IMPORT_ITEM', + 'DELETE_RECORD', + 'DELETE_TITLE_NOTE', + 'IMPORT_ACQ_LINEITEM_BIB_RECORD', + 'IMPORT_MARC', + 'MERGE_AUTH_RECORDS', + 'MERGE_BIB_RECORDS', + 'UPDATE_AUTHORITY_IMPORT_QUEUE', + 'UPDATE_AUTHORITY_RECORD_NOTE', + 'UPDATE_BIB_IMPORT_QUEUE', + 'UPDATE_MARC', + 'UPDATE_RECORD', + 'user_request.view', + 'VIEW_AUTHORITY_RECORD_NOTES'); + +INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) + SELECT + pgt.id, perm.id, aout.depth, FALSE + FROM + permission.grp_tree pgt, + permission.perm_list perm, + actor.org_unit_type aout + WHERE + pgt.name = 'Catalogers' AND + aout.name = 'System' AND + perm.code IN ( + 'CREATE_COPY', + 'CREATE_COPY_NOTE', + 'CREATE_MFHD_RECORD', + 'CREATE_VOLUME', + 'CREATE_VOLUME_NOTE', + 'DELETE_COPY', + 'DELETE_COPY_NOTE', + 'DELETE_MFHD_RECORD', + 'DELETE_VOLUME', + 'DELETE_VOLUME_NOTE', + 'MARK_ITEM_AVAILABLE', + 'MARK_ITEM_BINDERY', + 'MARK_ITEM_CHECKED_OUT', + 'MARK_ITEM_ILL', + 'MARK_ITEM_IN_PROCESS', + 'MARK_ITEM_IN_TRANSIT', + 'MARK_ITEM_LOST', + 'MARK_ITEM_MISSING', + 'MARK_ITEM_ON_HOLDS_SHELF', + 'MARK_ITEM_ON_ORDER', + 'MARK_ITEM_RESHELVING', + 'UPDATE_COPY', + 'UPDATE_COPY_NOTE', + 'UPDATE_IMPORT_ITEM', + 'UPDATE_MFHD_RECORD', + 'UPDATE_VOLUME', + 'UPDATE_VOLUME_NOTE', + 'VIEW_SERIAL_SUBSCRIPTION'); + + +-- Add advanced cataloguing permissions to the Cataloging Admin group + +INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) + SELECT + pgt.id, perm.id, aout.depth, TRUE + FROM + permission.grp_tree pgt, + permission.perm_list perm, + actor.org_unit_type aout + WHERE + pgt.name = 'Cataloging Admin' AND + aout.name = 'Consortium' AND + perm.code IN ( + 'ADMIN_IMPORT_ITEM_ATTR_DEF', + 'ADMIN_MERGE_PROFILE', + 'CREATE_AUTHORITY_IMPORT_IMPORT_DEF', + 'CREATE_BIB_IMPORT_FIELD_DEF', + 'CREATE_BIB_SOURCE', + 'CREATE_IMPORT_ITEM_ATTR_DEF', + 'CREATE_IMPORT_TRASH_FIELD', + 'CREATE_MERGE_PROFILE', + 'DELETE_AUTHORITY_IMPORT_IMPORT_FIELD_DEF', + 'DELETE_BIB_SOURCE', + 'DELETE_IMPORT_ITEM_ATTR_DEF', + 'DELETE_IMPORT_TRASH_FIELD', + 'DELETE_MERGE_PROFILE', + 'UPDATE_AUTHORITY_IMPORT_IMPORT_FIELD_DEF', + 'UPDATE_BIB_IMPORT_IMPORT_FIELD_DEF', + 'UPDATE_IMPORT_ITEM_ATTR_DEF', + 'UPDATE_IMPORT_TRASH_FIELD', + 'UPDATE_MERGE_PROFILE'); + +INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) + SELECT + pgt.id, perm.id, aout.depth, TRUE + FROM + permission.grp_tree pgt, + permission.perm_list perm, + actor.org_unit_type aout + WHERE + pgt.name = 'Cataloging Admin' AND + aout.name = 'System' AND + perm.code IN ( + 'CREATE_COPY_STAT_CAT', + 'CREATE_COPY_STAT_CAT_ENTRY', + 'CREATE_COPY_STAT_CAT_ENTRY_MAP', + 'RUN_REPORTS', + 'SHARE_REPORT_FOLDER', + 'UPDATE_COPY_LOCATION', + 'UPDATE_COPY_STAT_CAT', + 'UPDATE_COPY_STAT_CAT_ENTRY', + 'VIEW_REPORT_OUTPUT'); + -- Add basic circulation permissions to the Circulators group -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (5, (SELECT id FROM permission.perm_list WHERE code = 'CREATE_TRANSACTION'), 0, false); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (5, (SELECT id FROM permission.perm_list WHERE code = 'CREATE_BILL'), 0, false); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (5, (SELECT id FROM permission.perm_list WHERE code = 'VIEW_CIRCULATIONS'), 0, false); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (5, (SELECT id FROM permission.perm_list WHERE code = 'VIEW_PERM_GROUPS'), 0, false); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (5, (SELECT id FROM permission.perm_list WHERE code = 'CIRC_OVERRIDE_DUE_DATE'), 0, false); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (5, (SELECT id FROM permission.perm_list WHERE code = 'COPY_IS_REFERENCE.override'), 1, false); - --- Add basic sys admin permissions to the Local System Administrator group -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (10, (SELECT id FROM permission.perm_list WHERE code = 'CREATE_USER_GROUP_LINK'), 1, false); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (10, (SELECT id FROM permission.perm_list WHERE code = 'DELETE_PATRON_STAT_CAT'), 2, false); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (10, (SELECT id FROM permission.perm_list WHERE code = 'DELETE_COPY_STAT_CAT'), 2, false); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (10, (SELECT id FROM permission.perm_list WHERE code = 'DELETE_PATRON_STAT_CAT_ENTRY'), 2, false); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (10, (SELECT id FROM permission.perm_list WHERE code = 'DELETE_COPY_STAT_CAT_ENTRY'), 2, false); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (10, (SELECT id FROM permission.perm_list WHERE code = 'DELETE_PATRON_STAT_CAT_ENTRY_MAP'), 2, false); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (10, (SELECT id FROM permission.perm_list WHERE code = 'DELETE_COPY_STAT_CAT_ENTRY_MAP'), 2, false); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (10, (SELECT id FROM permission.perm_list WHERE code = 'DELETE_COPY_LOCATION'), 2, false); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (10, (SELECT id FROM permission.perm_list WHERE code = 'DELETE_COPY_NOTE'), 1, false); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (10, (SELECT id FROM permission.perm_list WHERE code = 'DELETE_VOLUME_NOTE'), 1, false); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (10, (SELECT id FROM permission.perm_list WHERE code = 'DELETE_TITLE_NOTE'), 0, false); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (10, (SELECT id FROM permission.perm_list WHERE code = 'UPDATE_ORG_SETTING'), 1, false); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (10, (SELECT id FROM permission.perm_list WHERE code = 'OFFLINE_EXECUTE'), 1, true); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (10, (SELECT id FROM permission.perm_list WHERE code = 'CIRC_OVERRIDE_DUE_DATE'), 1, false); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (10, (SELECT id FROM permission.perm_list WHERE code = 'CIRC_PERMIT_OVERRIDE'), 1, false); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (10, (SELECT id FROM permission.perm_list WHERE code = 'RUN_REPORTS'), 1, false); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (10, (SELECT id FROM permission.perm_list WHERE code = 'SHARE_REPORT_FOLDER'), 1, false); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (10, (SELECT id FROM permission.perm_list WHERE code = 'VIEW_REPORT_OUTPUT'), 1, false); - --- Add trigger administration permissions to the Local System Administrator group + INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) - SELECT 10, id, 1, false FROM permission.perm_list - WHERE code LIKE 'ADMIN_TRIGGER%' - OR code LIKE 'CREATE_TRIGGER%' - OR code LIKE 'DELETE_TRIGGER%' - OR code LIKE 'UPDATE_TRIGGER%' -; --- View trigger permissions are required at a consortial level for initial setup + SELECT + pgt.id, perm.id, aout.depth, FALSE + FROM + permission.grp_tree pgt, + permission.perm_list perm, + actor.org_unit_type aout + WHERE + pgt.name = 'Circulators' AND + aout.name = 'Branch' AND + perm.code IN ( + 'ADMIN_BOOKING_RESERVATION', + 'ADMIN_BOOKING_RESOURCE', + 'ADMIN_BOOKING_RESOURCE_ATTR', + 'ADMIN_BOOKING_RESOURCE_ATTR_MAP', + 'ADMIN_BOOKING_RESOURCE_ATTR_VALUE', + 'ADMIN_BOOKING_RESOURCE_TYPE', + 'ASSIGN_GROUP_PERM', + 'MARK_ITEM_AVAILABLE', + 'MARK_ITEM_BINDERY', + 'MARK_ITEM_CHECKED_OUT', + 'MARK_ITEM_ILL', + 'MARK_ITEM_IN_PROCESS', + 'MARK_ITEM_IN_TRANSIT', + 'MARK_ITEM_LOST', + 'MARK_ITEM_MISSING', + 'MARK_ITEM_ON_HOLDS_SHELF', + 'MARK_ITEM_ON_ORDER', + 'MARK_ITEM_RESHELVING', + 'OFFLINE_UPLOAD', + 'OFFLINE_VIEW', + 'REMOVE_USER_GROUP_LINK', + 'SET_CIRC_CLAIMS_RETURNED', + 'SET_CIRC_CLAIMS_RETURNED.override', + 'SET_CIRC_LOST', + 'SET_CIRC_MISSING', + 'UPDATE_BILL_NOTE', + 'UPDATE_PATRON_CLAIM_NEVER_CHECKED_OUT_COUNT', + 'UPDATE_PATRON_CLAIM_RETURN_COUNT', + 'UPDATE_PAYMENT_NOTE', + 'UPDATE_PICKUP_LIB FROM_TRANSIT', + 'UPDATE_PICKUP_LIB_FROM_HOLDS_SHELF', + 'VIEW_GROUP_PENALTY_THRESHOLD', + 'VIEW_STANDING_PENALTY', + 'VOID_BILLING', + 'VOLUME_HOLDS'); + +INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) + SELECT + pgt.id, perm.id, aout.depth, FALSE + FROM + permission.grp_tree pgt, + permission.perm_list perm, + actor.org_unit_type aout + WHERE + pgt.name = 'Circulators' AND + aout.name = 'System' AND + perm.code IN ( + 'ABORT_REMOTE_TRANSIT', + 'ABORT_TRANSIT', + 'CAPTURE_RESERVATION', + 'CIRC_CLAIMS_RETURNED.override', + 'CIRC_EXCEEDS_COPY_RANGE.override', + 'CIRC_OVERRIDE_DUE_DATE', + 'CIRC_PERMIT_OVERRIDE', + 'COPY_ALERT_MESSAGE.override', + 'COPY_BAD_STATUS.override', + 'COPY_CIRC_NOT_ALLOWED.override', + 'COPY_IS_REFERENCE.override', + 'COPY_NEEDED_FOR_HOLD.override', + 'COPY_NOT_AVAILABLE.override', + 'COPY_STATUS_LOST.override', + 'COPY_STATUS_MISSING.override', + 'CREATE_DUPLICATE_HOLDS', + 'CREATE_USER_GROUP_LINK', + 'DELETE_TRANSIT', + 'HOLD_EXISTS.override', + 'HOLD_ITEM_CHECKED_OUT.override', + 'ISSUANCE_HOLDS', + 'ITEM_AGE_PROTECTED.override', + 'ITEM_ON_HOLDS_SHELF.override', + 'MAX_RENEWALS_REACHED.override', + 'OVERRIDE_HOLD_HAS_LOCAL_COPY', + 'PATRON_EXCEEDS_CHECKOUT_COUNT.override', + 'PATRON_EXCEEDS_FINES.override', + 'PATRON_EXCEEDS_OVERDUE_COUNT.override', + 'RETRIEVE_RESERVATION_PULL_LIST', + 'UPDATE_HOLD'); + + +-- Add advanced circulation permissions to the Circulation Admin group + +INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) + SELECT + pgt.id, perm.id, aout.depth, TRUE + FROM + permission.grp_tree pgt, + permission.perm_list perm, + actor.org_unit_type aout + WHERE + pgt.name = 'Circulation Admin' AND + aout.name = 'Branch' AND + perm.code IN ( + 'DELETE_USER'); + +INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) + SELECT + pgt.id, perm.id, aout.depth, TRUE + FROM + permission.grp_tree pgt, + permission.perm_list perm, + actor.org_unit_type aout + WHERE + pgt.name = 'Circulation Admin' AND + aout.name = 'Consortium' AND + perm.code IN ( + 'ADMIN_MAX_FINE_RULE', + 'CREATE_CIRC_DURATION', + 'DELETE_CIRC_DURATION', + 'UPDATE_CIRC_DURATION', + 'UPDATE_NET_ACCESS_LEVEL', + 'VIEW_CIRC_MATRIX_MATCHPOINT', + 'VIEW_HOLD_MATRIX_MATCHPOINT'); + +INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) + SELECT + pgt.id, perm.id, aout.depth, TRUE + FROM + permission.grp_tree pgt, + permission.perm_list perm, + actor.org_unit_type aout + WHERE + pgt.name = 'Circulation Admin' AND + aout.name = 'System' AND + perm.code IN ( + 'ADMIN_BOOKING_RESERVATION', + 'ADMIN_BOOKING_RESERVATION_ATTR_MAP', + 'ADMIN_BOOKING_RESERVATION_ATTR_VALUE_MAP', + 'ADMIN_BOOKING_RESOURCE', + 'ADMIN_BOOKING_RESOURCE_ATTR', + 'ADMIN_BOOKING_RESOURCE_ATTR_MAP', + 'ADMIN_BOOKING_RESOURCE_ATTR_VALUE', + 'ADMIN_BOOKING_RESOURCE_TYPE', + 'ADMIN_COPY_LOCATION_ORDER', + 'ADMIN_HOLD_CANCEL_CAUSE', + 'ASSIGN_GROUP_PERM', + 'BAR_PATRON', + 'COPY_HOLDS', + 'COPY_TRANSIT_RECEIVE', + 'CREATE_BILL', + 'CREATE_BILLING_TYPE', + 'CREATE_NON_CAT_TYPE', + 'CREATE_PATRON_STAT_CAT', + 'CREATE_PATRON_STAT_CAT_ENTRY', + 'CREATE_PATRON_STAT_CAT_ENTRY_MAP', + 'CREATE_USER_GROUP_LINK', + 'DELETE_BILLING_TYPE', + 'DELETE_NON_CAT_TYPE', + 'DELETE_PATRON_STAT_CAT', + 'DELETE_PATRON_STAT_CAT_ENTRY', + 'DELETE_PATRON_STAT_CAT_ENTRY_MAP', + 'DELETE_TRANSIT', + 'group_application.user.staff', + 'MANAGE_BAD_DEBT', + 'MARK_ITEM_AVAILABLE', + 'MARK_ITEM_BINDERY', + 'MARK_ITEM_CHECKED_OUT', + 'MARK_ITEM_ILL', + 'MARK_ITEM_IN_PROCESS', + 'MARK_ITEM_IN_TRANSIT', + 'MARK_ITEM_LOST', + 'MARK_ITEM_MISSING', + 'MARK_ITEM_ON_HOLDS_SHELF', + 'MARK_ITEM_ON_ORDER', + 'MARK_ITEM_RESHELVING', + 'MERGE_USERS', + 'money.collections_tracker.create', + 'money.collections_tracker.delete', + 'OFFLINE_EXECUTE', + 'OFFLINE_UPLOAD', + 'OFFLINE_VIEW', + 'REMOVE_USER_GROUP_LINK', + 'SET_CIRC_CLAIMS_RETURNED', + 'SET_CIRC_CLAIMS_RETURNED.override', + 'SET_CIRC_LOST', + 'SET_CIRC_MISSING', + 'UNBAR_PATRON', + 'UPDATE_BILL_NOTE', + 'UPDATE_NON_CAT_TYPE', + 'UPDATE_PATRON_CLAIM_NEVER_CHECKED_OUT_COUNT', + 'UPDATE_PATRON_CLAIM_RETURN_COUNT', + 'UPDATE_PICKUP_LIB_FROM_HOLDS_SHELF', + 'UPDATE_PICKUP_LIB_FROM_TRANSIT', + 'UPDATE_USER', + 'VIEW_REPORT_OUTPUT', + 'VIEW_STANDING_PENALTY', + 'VOID_BILLING', + 'VOLUME_HOLDS'); + + +-- Add basic sys admin permissions to the Local Administrator group + +INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) + SELECT + pgt.id, perm.id, aout.depth, TRUE + FROM + permission.grp_tree pgt, + permission.perm_list perm, + actor.org_unit_type aout + WHERE + pgt.name = 'Local Administrator' AND + aout.name = 'Branch' AND + perm.code IN ( + 'EVERYTHING'); + + +-- Add administration permissions to the System Administrator group + +INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) + SELECT + pgt.id, perm.id, aout.depth, TRUE + FROM + permission.grp_tree pgt, + permission.perm_list perm, + actor.org_unit_type aout + WHERE + pgt.name = 'System Administrator' AND + aout.name = 'System' AND + perm.code IN ( + 'EVERYTHING'); + +INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) + SELECT + pgt.id, perm.id, aout.depth, FALSE + FROM + permission.grp_tree pgt, + permission.perm_list perm, + actor.org_unit_type aout + WHERE + pgt.name = 'System Administrator' AND + aout.name = 'Consortium' AND + perm.code ~ '^VIEW_TRIGGER'; + + +-- Add administration permissions to the Global Administrator group + INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) - SELECT 10, id, 0, false FROM permission.perm_list WHERE code LIKE 'VIEW_TRIGGER%'; + SELECT + pgt.id, perm.id, aout.depth, TRUE + FROM + permission.grp_tree pgt, + permission.perm_list perm, + actor.org_unit_type aout + WHERE + pgt.name = 'Global Administrator' AND + aout.name = 'Consortium' AND + perm.code IN ( + 'EVERYTHING'); + -- Add basic acquisitions permissions to the Acquisitions group + SELECT SETVAL('permission.grp_perm_map_id_seq'::TEXT, (SELECT MAX(id) FROM permission.grp_perm_map)); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (6, (SELECT id FROM permission.perm_list WHERE code = 'GENERAL_ACQ'), 1, false); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (6, (SELECT id FROM permission.perm_list WHERE code = 'VIEW_PICKLIST'), 1, false); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (6, (SELECT id FROM permission.perm_list WHERE code = 'CREATE_PICKLIST'), 1, false); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (6, (SELECT id FROM permission.perm_list WHERE code = 'CREATE_PURCHASE_ORDER'), 1, false); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (6, (SELECT id FROM permission.perm_list WHERE code = 'VIEW_PURCHASE_ORDER'), 1, false); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (6, (SELECT id FROM permission.perm_list WHERE code = 'RECEIVE_PURCHASE_ORDER'), 1, false); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (6, (SELECT id FROM permission.perm_list WHERE code = 'VIEW_PROVIDER'), 1, false); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (6, (SELECT id FROM permission.perm_list WHERE code = 'UPDATE_COPY'), 1, false); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (6, (SELECT id FROM permission.perm_list WHERE code = 'UPDATE_VOLUME'), 1, false); - --- Add acquisitions administration permissions to the Acquisitions group -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (7, (SELECT id FROM permission.perm_list WHERE code = 'ADMIN_PROVIDER'), 1, false); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (7, (SELECT id FROM permission.perm_list WHERE code = 'ADMIN_FUNDING_SOURCE'), 1, false); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (7, (SELECT id FROM permission.perm_list WHERE code = 'ADMIN_ACQ_FUND'), 1, false); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (7, (SELECT id FROM permission.perm_list WHERE code = 'ADMIN_FUND'), 1, false); -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (7, (SELECT id FROM permission.perm_list WHERE code = 'ADMIN_CURRENCY_TYPE'), 1, false); - -INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (1, (SELECT id FROM permission.perm_list WHERE code = 'HOLD_ITEM_CHECKED_OUT.override'), 0, false); + +INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) + SELECT + pgt.id, perm.id, aout.depth, FALSE + FROM + permission.grp_tree pgt, + permission.perm_list perm, + actor.org_unit_type aout + WHERE + pgt.name = 'Acquisitions' AND + aout.name = 'Consortium' AND + perm.code IN ( + 'ALLOW_ALT_TCN', + 'CREATE_BIB_IMPORT_QUEUE', + 'CREATE_IMPORT_ITEM', + 'CREATE_INVOICE', + 'CREATE_MARC', + 'CREATE_PICKLIST', + 'CREATE_PURCHASE_ORDER', + 'DELETE_BIB_IMPORT_QUEUE', + 'DELETE_IMPORT_ITEM', + 'DELETE_RECORD', + 'DELETE_VOLUME', + 'DELETE_VOLUME_NOTE', + 'GENERAL_ACQ', + 'IMPORT_ACQ_LINEITEM_BIB_RECORD', + 'IMPORT_MARC', + 'MANAGE_CLAIM', + 'MANAGE_FUND', + 'MANAGE_FUNDING_SOURCE', + 'MANAGE_PROVIDER', + 'MARK_ITEM_AVAILABLE', + 'MARK_ITEM_BINDERY', + 'MARK_ITEM_CHECKED_OUT', + 'MARK_ITEM_ILL', + 'MARK_ITEM_IN_PROCESS', + 'MARK_ITEM_IN_TRANSIT', + 'MARK_ITEM_LOST', + 'MARK_ITEM_MISSING', + 'MARK_ITEM_ON_HOLDS_SHELF', + 'MARK_ITEM_ON_ORDER', + 'MARK_ITEM_RESHELVING', + 'RECEIVE_PURCHASE_ORDER', + 'UPDATE_BATCH_COPY', + 'UPDATE_BIB_IMPORT_QUEUE', + 'UPDATE_COPY', + 'UPDATE_FUND', + 'UPDATE_FUND_ALLOCATION', + 'UPDATE_FUNDING_SOURCE', + 'UPDATE_IMPORT_ITEM', + 'UPDATE_MARC', + 'UPDATE_RECORD', + 'UPDATE_VOLUME', + 'user_request.delete', + 'user_request.update', + 'user_request.view', + 'VIEW_ACQ_FUND_ALLOCATION_PERCENT', + 'VIEW_ACQ_FUNDING_SOURCE', + 'VIEW_FUND', + 'VIEW_FUND_ALLOCATION', + 'VIEW_FUNDING_SOURCE', + 'VIEW_HOLDS', + 'VIEW_INVOICE', + 'VIEW_ORG_SETTINGS', + 'VIEW_PICKLIST', + 'VIEW_PROVIDER', + 'VIEW_PURCHASE_ORDER', + 'VIEW_REPORT_OUTPUT'); + + +-- Add acquisitions administration permissions to the Acquisitions Admin group + +INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) + SELECT + pgt.id, perm.id, aout.depth, TRUE + FROM + permission.grp_tree pgt, + permission.perm_list perm, + actor.org_unit_type aout + WHERE + pgt.name = 'Acquisitions Administrator' AND + aout.name = 'Consortium' AND + perm.code IN ( + 'ACQ_XFER_MANUAL_DFUND_AMOUNT', + 'ADMIN_ACQ_CANCEL_CAUSE', + 'ADMIN_ACQ_CLAIM', + 'ADMIN_ACQ_CLAIM_EVENT_TYPE', + 'ADMIN_ACQ_CLAIM_TYPE', + 'ADMIN_ACQ_DISTRIB_FORMULA', + 'ADMIN_ACQ_FISCAL_YEAR', + 'ADMIN_ACQ_FUND', + 'ADMIN_ACQ_FUND_ALLOCATION_PERCENT', + 'ADMIN_ACQ_FUND_TAG', + 'ADMIN_ACQ_LINE_ITEM_ALERT_TEXT', + 'ADMIN_CLAIM_POLICY', + 'ADMIN_CURRENCY_TYPE', + 'ADMIN_FUND', + 'ADMIN_FUNDING_SOURCE', + 'ADMIN_INVOICE', + 'ADMIN_INVOICE_METHOD', + 'ADMIN_INVOICE_PAYMENT_METHOD', + 'ADMIN_LINEITEM_MARC_ATTR_DEF', + 'ADMIN_PROVIDER', + 'ADMIN_USER_REQUEST_TYPE', + 'CREATE_ACQ_FUNDING_SOURCE', + 'CREATE_FUND', + 'CREATE_FUND_ALLOCATION', + 'CREATE_FUNDING_SOURCE', + 'CREATE_INVOICE_ITEM_TYPE', + 'CREATE_INVOICE_METHOD', + 'CREATE_PROVIDER', + 'DELETE_ACQ_FUNDING_SOURCE', + 'DELETE_FUND', + 'DELETE_FUND_ALLOCATION', + 'DELETE_FUNDING_SOURCE', + 'DELETE_INVOICE_ITEM_TYPE', + 'DELETE_INVOICE_METHOD', + 'DELETE_PROVIDER', + 'RUN_REPORTS', + 'SHARE_REPORT_FOLDER', + 'UPDATE_ACQ_FUNDING_SOURCE', + 'UPDATE_INVOICE_ITEM_TYPE', + 'UPDATE_INVOICE_METHOD'); + + +-- Add serials permissions to the Serials group + +INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) + SELECT + pgt.id, perm.id, aout.depth, FALSE + FROM + permission.grp_tree pgt, + permission.perm_list perm, + actor.org_unit_type aout + WHERE + pgt.name = 'Serials' AND + aout.name = 'System' AND + perm.code IN ( + 'ADMIN_ASSET_COPY_TEMPLATE', + 'ADMIN_SERIAL_CAPTION_PATTERN', + 'ADMIN_SERIAL_DISTRIBUTION', + 'ADMIN_SERIAL_STREAM', + 'ADMIN_SERIAL_SUBSCRIPTION', + 'ISSUANCE_HOLDS', + 'RECEIVE_SERIAL'); + + +-- Add basic staff permissions to the Volunteers group + +INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) + SELECT + pgt.id, perm.id, aout.depth, FALSE + FROM + permission.grp_tree pgt, + permission.perm_list perm, + actor.org_unit_type aout + WHERE + pgt.name = 'Volunteers' AND + aout.name = 'Branch' AND + perm.code IN ( + 'COPY_CHECKOUT', + 'CREATE_BILL', + 'CREATE_IN_HOUSE_USE', + 'CREATE_PAYMENT', + 'VIEW_BILLING_TYPE', + 'VIEW_CIRCS', + 'VIEW_COPY_CHECKOUT', + 'VIEW_HOLD', + 'VIEW_TITLE_HOLDS', + 'VIEW_TRANSACTION', + 'VIEW_USER', + 'VIEW_USER_FINES_SUMMARY', + 'VIEW_USER_TRANSACTIONS'); + +INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) + SELECT + pgt.id, perm.id, aout.depth, FALSE + FROM + permission.grp_tree pgt, + permission.perm_list perm, + actor.org_unit_type aout + WHERE + pgt.name = 'Volunteers' AND + aout.name = 'Consortium' AND + perm.code IN ( + 'CREATE_COPY_TRANSIT', + 'CREATE_TRANSACTION', + 'CREATE_TRANSIT', + 'STAFF_LOGIN', + 'TRANSIT_COPY', + 'VIEW_ORG_SETTINGS'); + -- Admin user account INSERT INTO actor.usr ( profile, card, usrname, passwd, first_given_name, family_name, dob, master_account, super_user, ident_type, ident_value, home_ou ) VALUES ( 1, 1, md5(random()::text), md5(random()::text), 'Administrator', 'System Account', '1979-01-22', TRUE, TRUE, 1, 'identification', 1 );