Merge pull request #1598 from OHDSI/fix-permissions

anton-abushkevich · web-flow · commit 639f53c9ff5c · 2020-08-04T18:50:45.000+03:00
Fix permissions
diff --git a/src/main/resources/db/migration/oracle/V2.7.8.20200728164800__add_conceptset_permission.sql b/src/main/resources/db/migration/oracle/V2.7.8.20200728164800__add_conceptset_permission.sql
@@ -1,22 +1,11 @@
-ALTER TABLE ${ohdsiSchema}.sec_permission
-    ADD for_role_id INT;
-
-INSERT INTO ${ohdsiSchema}.sec_permission (id, value, description, for_role_id)
-SELECT ${ohdsiSchema}.sec_permission_id_seq.nextval,
-       REPLACE(CAST(new_perms.val AS VARCHAR(255)), '%s', REPLACE(REPLACE(value, 'source:', ''), ':access', '')),
-       'Resolve concept set expression with data source',
-       role_id
-FROM ${ohdsiSchema}.sec_permission sp
-         JOIN ${ohdsiSchema}.sec_role_permission srp on sp.id = srp.permission_id
-         CROSS JOIN (
-    SELECT 'conceptset:*:expression:%s:get' val
-    FROM dual) new_perms
-WHERE sp.value LIKE 'source:%:access';
-
-INSERT INTO ${ohdsiSchema}.sec_role_permission (id, role_id, permission_id)
-SELECT ${ohdsiSchema}.sec_role_permission_sequence.nextval, sp.for_role_id, sp.id
-FROM ${ohdsiSchema}.sec_permission sp
-WHERE sp.for_role_id IS NOT NULL;
-
-ALTER TABLE ${ohdsiSchema}.sec_permission
-    DROP COLUMN for_role_id;
+INSERT INTO ${ohdsiSchema}.sec_permission(id, value, description)
+VALUES
+  (${ohdsiSchema}.sec_permission_id_seq.nextval, 'conceptset:*:expression:*:get', 'Resolve concept set expression with data source');
+  
+INSERT INTO ${ohdsiSchema}.sec_role_permission(role_id, permission_id)
+SELECT sr.id, sp.id
+FROM ${ohdsiSchema}.sec_permission SP, ${ohdsiSchema}.sec_role sr
+WHERE sp.value IN (
+  'conceptset:*:expression:*:get'
+)
+AND sr.name IN ('Atlas users'); 
diff --git a/src/main/resources/db/migration/postgresql/V2.7.8.20200728164800__add_conceptset_permission.sql b/src/main/resources/db/migration/postgresql/V2.7.8.20200728164800__add_conceptset_permission.sql
@@ -1,20 +1,11 @@
-ALTER TABLE ${ohdsiSchema}.sec_permission
-    ADD COLUMN for_role_id INTEGER;
+INSERT INTO ${ohdsiSchema}.sec_permission(id, value, description)
+VALUES
+  (nextval('${ohdsiSchema}.sec_permission_id_seq'), 'conceptset:*:expression:*:get', 'Resolve concept set expression with data source');
 
-INSERT INTO ${ohdsiSchema}.sec_permission (id, value, description, for_role_id)
-SELECT nextval('${ohdsiSchema}.sec_permission_id_seq'),
-       REPLACE(CAST(new_perms.val AS VARCHAR), '%s', REPLACE(REPLACE(value, 'source:', ''), ':access', '')),
-       'Resolve concept set expression with data source',
-       role_id
-FROM ${ohdsiSchema}.sec_permission sp
-         JOIN ${ohdsiSchema}.sec_role_permission srp on sp.id = srp.permission_id
-         CROSS JOIN (SELECT 'conceptset:*:expression:%s:get' val) new_perms
-WHERE sp.value LIKE 'source:%:access';
-
-INSERT INTO ${ohdsiSchema}.sec_role_permission (id, role_id, permission_id)
-SELECT nextval('${ohdsiSchema}.sec_role_permission_sequence'), sp.for_role_id, sp.id
-FROM ${ohdsiSchema}.sec_permission sp
-WHERE sp.for_role_id IS NOT NULL;
-
-ALTER TABLE ${ohdsiSchema}.sec_permission
-    DROP COLUMN for_role_id;
+INSERT INTO ${ohdsiSchema}.sec_role_permission(role_id, permission_id)
+SELECT sr.id, sp.id
+FROM ${ohdsiSchema}.sec_permission SP, ${ohdsiSchema}.sec_role sr
+WHERE sp.value IN (
+  'conceptset:*:expression:*:get'
+)
+AND sr.name IN ('Atlas users');
diff --git a/src/main/resources/db/migration/sqlserver/V2.7.8.20200728164800__add_conceptset_permission.sql b/src/main/resources/db/migration/sqlserver/V2.7.8.20200728164800__add_conceptset_permission.sql
@@ -1,23 +1,11 @@
-ALTER TABLE ${ohdsiSchema}.sec_permission
-    ADD for_role_id INT;
-GO
-
-INSERT INTO ${ohdsiSchema}.sec_permission (id, value, description, for_role_id)
-SELECT NEXT VALUE FOR ${ohdsiSchema}.sec_permission_id_seq,
-       REPLACE(CAST(new_perms.val AS VARCHAR(255)), '%s', REPLACE(REPLACE(value, 'source:', ''), ':access', '')),
-       'Resolve concept set expression with data source',
-       role_id
-FROM ${ohdsiSchema}.sec_permission sp
-         JOIN ${ohdsiSchema}.sec_role_permission srp on sp.id = srp.permission_id
-         CROSS JOIN (
-    SELECT 'conceptset:*:expression:%s:get' val
-) new_perms
-WHERE sp.value LIKE 'source:%:access';
-
-INSERT INTO ${ohdsiSchema}.sec_role_permission (id, role_id, permission_id)
-SELECT NEXT VALUE FOR ${ohdsiSchema}.sec_role_permission_sequence, sp.for_role_id, sp.id
-FROM ${ohdsiSchema}.sec_permission sp
-WHERE sp.for_role_id IS NOT NULL;
-
-ALTER TABLE ${ohdsiSchema}.sec_permission
-    DROP COLUMN for_role_id;
+INSERT INTO ${ohdsiSchema}.sec_permission(id, value, description)
+VALUES
+  (NEXT VALUE FOR ${ohdsiSchema}.sec_permission_id_seq, 'conceptset:*:expression:*:get', 'Resolve concept set expression with data source');
+  
+INSERT INTO ${ohdsiSchema}.sec_role_permission(role_id, permission_id)
+SELECT sr.id, sp.id
+FROM ${ohdsiSchema}.sec_permission SP, ${ohdsiSchema}.sec_role sr
+WHERE sp.value IN (
+  'conceptset:*:expression:*:get'
+)
+AND sr.name IN ('Atlas users'); 
