RubyGems - erp_tech_svcs - Versions diffs - 3.0.10 → 3.0.11 - Mend

erp_tech_svcs 3.0.10 → 3.0.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (38) hide show

data/app/models/attribute_type.rb +1 -1
data/app/models/capability.rb +54 -2
data/app/models/capability_accessor.rb +4 -0
data/app/models/extensions/party.rb +1 -0
data/app/models/file_asset.rb +15 -5
data/app/models/group.rb +149 -0
data/app/models/scope_type.rb +5 -0
data/app/models/security_role.rb +46 -0
data/app/models/user.rb +99 -5
data/db/data_migrations/20110109173616_create_capability_scope_types.rb +14 -0
data/db/data_migrations/20121116155018_create_group_relationship_and_role_types.rb +19 -0
data/db/data_migrations/20121130212146_note_capabilities.rb +23 -0
data/db/migrate/20080805000010_base_tech_services.rb +44 -31
data/db/migrate/20121116151510_create_groups.rb +18 -0
data/db/migrate/20121126171612_upgrade_security.rb +53 -0
data/db/migrate/20121126173506_upgrade_security2.rb +274 -0
data/lib/erp_tech_svcs/engine.rb +7 -7
data/lib/erp_tech_svcs/extensions/active_record/base.rb +17 -0
data/lib/erp_tech_svcs/extensions/active_record/has_capability_accessors.rb +131 -0
data/lib/erp_tech_svcs/extensions/active_record/has_file_assets.rb +9 -1
data/lib/erp_tech_svcs/extensions/active_record/has_security_roles.rb +89 -0
data/lib/erp_tech_svcs/extensions/active_record/protected_with_capabilities.rb +203 -0
data/lib/erp_tech_svcs/extensions.rb +4 -2
data/lib/erp_tech_svcs/file_support/manager.rb +1 -1
data/lib/erp_tech_svcs/file_support/s3_manager.rb +3 -3
data/lib/erp_tech_svcs/utils/compass_access_negotiator.rb +29 -24
data/lib/erp_tech_svcs/version.rb +1 -1
data/spec/lib/erp_tech_svcs/extensions/active_record/has_roles_spec.rb +4 -5
data/spec/models/role_spec.rb +2 -2
data/spec/models/secured_model_spec.rb +1 -1
data/spec/models/user_spec.rb +2 -2
metadata +137 -129
data/app/models/capable_model.rb +0 -4
data/app/models/role.rb +0 -17
data/app/models/secured_model.rb +0 -15
data/db/data_migrations/20120109173616_create_download_capability_type.rb +0 -13
data/lib/erp_tech_svcs/extensions/active_record/has_capabilities.rb +0 -152
data/lib/erp_tech_svcs/extensions/active_record/has_roles.rb +0 -130

data/db/migrate/20121126171612_upgrade_security.rb ADDED Viewed

@@ -0,0 +1,53 @@
+class UpgradeSecurity < ActiveRecord::Migration
+  def self.up
+    unless table_exists?(:capability_accessors)
+      create_table :capability_accessors do |t|
+        t.string :capability_accessor_record_type
+        t.integer :capability_accessor_record_id
+        t.integer :capability_id
+        t.timestamps
+      end
+      add_index :capability_accessors, :capability_id
+      add_index :capability_accessors, [:capability_accessor_record_id, :capability_accessor_record_type], :name => 'capability_accessor_record_index'
+    end
+    unless columns(:capabilities).collect {|c| c.name}.include?('scope_query')
+      add_column :capabilities, :description, :string
+      add_column :capabilities, :capability_resource_type, :string
+      add_column :capabilities, :capability_resource_id, :integer
+      add_column :capabilities, :scope_type_id, :integer
+      add_column :capabilities, :scope_query, :text
+      add_index :capabilities, :scope_type_id
+      add_index :capabilities, [:capability_resource_id, :capability_resource_type], :name => 'capability_resource_index'
+    end
+    unless table_exists?(:scope_types)
+      create_table :scope_types do |t|
+        t.string :description
+        t.string :internal_identifier
+        t.timestamps
+      end
+      add_index :scope_types, :internal_identifier
+    end
+    unless table_exists?(:parties_security_roles)
+      create_table :parties_security_roles, :id => false do |t|
+        t.integer :party_id
+        t.integer :security_role_id
+      end
+      add_index :parties_security_roles, :party_id
+      add_index :parties_security_roles, :security_role_id
+    end
+    rename_table :roles, :security_roles unless table_exists?(:security_roles)
+  end
+  def self.down
+  end
+end

data/db/migrate/20121126173506_upgrade_security2.rb ADDED Viewed

@@ -0,0 +1,274 @@
+class UpgradeSecurity2 < ActiveRecord::Migration
+  def self.up
+    if table_exists?(:secured_models)
+      Website.all.each do |w|
+        old_role_iid = "website_#{w.name.underscore.gsub("'","").gsub(",","")}_access"
+        r = SecurityRole.find_by_internal_identifier(old_role_iid)
+        unless r.nil?
+          r.internal_identifier = w.website_role_iid
+          r.save
+        end
+      end
+      instance = ScopeType.create(:description => 'Instance', :internal_identifier => 'instance')
+      class_scope_type = ScopeType.create(:description => 'Class', :internal_identifier => 'class')
+      ScopeType.create(:description => 'Query', :internal_identifier => 'query')
+      execute('BEGIN TRANSACTION')
+      puts "populating parties_security_roles"
+      sql =
+        "INSERT INTO parties_security_roles (
+          party_id,
+          security_role_id
+        )
+        SELECT
+          u.party_id AS party_id,
+          rsm.role_id AS security_role_id
+        FROM secured_models sm
+        JOIN roles_secured_models rsm ON sm.id=rsm.secured_model_id
+        JOIN users u ON sm.secured_record_id=u.id
+        WHERE sm.secured_record_type='User'"
+      execute(sql)
+      execute('COMMIT')
+      execute('BEGIN TRANSACTION')
+      puts "populating capabilities with secure File Assets"
+      sql =
+        "INSERT INTO capabilities (
+          capability_type_id,
+          capability_resource_type,
+          capability_resource_id,
+          scope_type_id
+        )
+        SELECT
+          c.capability_type_id AS capability_type_id,
+          'FileAsset' AS capability_resource_type,
+          cm.capable_model_record_id AS capability_resource_id,
+          #{instance.id} AS scope_type_id
+        FROM capable_models AS cm
+        JOIN capabilities_capable_models AS ccm ON ccm.capable_model_id = cm.id
+        JOIN capabilities AS c ON ccm.capability_id = c.id
+        JOIN secured_models AS sm ON sm.secured_record_id = c.id AND sm.secured_record_type = 'Capability'
+        JOIN roles_secured_models AS rsm ON rsm.secured_model_id = sm.id
+        JOIN security_roles AS r ON r.id = rsm.role_id
+        WHERE cm.capable_model_record_type = 'FileAsset'"
+      execute(sql)
+      execute('COMMIT')
+      view = CapabilityType.find_by_internal_identifier('view')
+      execute('BEGIN TRANSACTION')
+      puts "populating capabilities with secure Website Sections"
+      sql =
+        "INSERT INTO capabilities (
+          capability_type_id,
+          capability_resource_type,
+          capability_resource_id,
+          scope_type_id
+        )
+        SELECT
+          #{view.id} AS capability_type_id,
+          'WebsiteSection' AS capability_resource_type,
+          ws.id AS capability_resource_id,
+          #{instance.id} AS scope_type_id
+        FROM secured_models sm
+        JOIN roles_secured_models rsm ON sm.id=rsm.secured_model_id
+        JOIN website_sections ws ON sm.secured_record_id=ws.id
+        WHERE sm.secured_record_type='WebsiteSection'"
+      execute(sql)
+      execute('COMMIT')
+      execute('BEGIN TRANSACTION')
+      puts "populating capabilities with secure Website Nav Items"
+      sql =
+        "INSERT INTO capabilities (
+          capability_type_id,
+          capability_resource_type,
+          capability_resource_id,
+          scope_type_id
+        )
+        SELECT
+          #{view.id} AS capability_type_id,
+          'WebsiteNavItem' AS capability_resource_type,
+          ws.id AS capability_resource_id,
+          #{instance.id} AS scope_type_id
+        FROM secured_models sm
+        JOIN roles_secured_models rsm ON sm.id=rsm.secured_model_id
+        JOIN website_sections ws ON sm.secured_record_id=ws.id
+        WHERE sm.secured_record_type='WebsiteNavItem'"
+      execute(sql)
+      execute('COMMIT')
+      # delete obsolete records: Application, Widget, dupes?
+      Capability.where("capability_resource_type IS NULL").delete_all
+      admin = SecurityRole.find_by_internal_identifier('admin')
+      website_author = SecurityRole.find_by_internal_identifier('website_author')
+      layout_author = SecurityRole.find_by_internal_identifier('layout_author')
+      content_author = SecurityRole.find_by_internal_identifier('content_author')
+      designer = SecurityRole.find_by_internal_identifier('designer')
+      publisher = SecurityRole.find_by_internal_identifier('publisher')
+      # add instance capabilities to roles
+      instance_capabilities = Capability.where(:scope_type_id => instance.id).all
+      instance_capabilities.each do |c|
+        case c.capability_resource_type
+        when 'FileAsset'
+          admin.add_capability(c)
+          website_author.add_capability(c)
+          content_author.add_capability(c)
+          if c.capability_resource.file_asset_holder_type == 'Website'
+            website_role = c.capability_resource.file_asset_holder.role
+            website_role.add_capability(c)
+          end
+        when 'WebsiteSection'
+          admin.add_capability(c)
+          website_author.add_capability(c)
+          website_role = c.capability_resource.website.role
+          website_role.add_capability(c)
+        when 'WebsiteNavItem'
+          admin.add_capability(c)
+          website_author.add_capability(c)
+          website_role = c.capability_resource.website_nav.website.role
+          website_role.add_capability(c)
+        end
+      end
+      # adding user mgmt capabilities to admin role
+      admin.add_capability('create', 'User')
+      admin.add_capability('delete', 'User')
+      admin.add_capability('edit', 'User')
+      # add knitkit class capabilities to roles
+      admin.add_capability('create', 'WebsiteNav')
+      admin.add_capability('delete', 'WebsiteNav')
+      admin.add_capability('edit', 'WebsiteNav')
+      website_author.add_capability('create', 'WebsiteNav')
+      website_author.add_capability('delete', 'WebsiteNav')
+      website_author.add_capability('edit', 'WebsiteNav')
+      admin.add_capability('create', 'Website')
+      admin.add_capability('delete', 'Website')
+      admin.add_capability('edit', 'Website')
+      admin.add_capability('import', 'Website')
+      admin.add_capability('publish', 'Website')
+      admin.add_capability('activate', 'Website')
+      website_author.add_capability('create', 'Website')
+      website_author.add_capability('delete', 'Website')
+      website_author.add_capability('edit', 'Website')
+      website_author.add_capability('import', 'Website')
+      publisher.add_capability('publish', 'Website')
+      publisher.add_capability('activate', 'Website')
+      admin.add_capability('create', 'WebsiteHost')
+      admin.add_capability('delete', 'WebsiteHost')
+      admin.add_capability('edit', 'WebsiteHost')
+      website_author.add_capability('create', 'WebsiteHost')
+      website_author.add_capability('delete', 'WebsiteHost')
+      website_author.add_capability('edit', 'WebsiteHost')
+      admin.add_capability('create', 'WebsiteSection')
+      admin.add_capability('delete', 'WebsiteSection')
+      admin.add_capability('edit', 'WebsiteSection')
+      admin.add_capability('secure', 'WebsiteSection')
+      admin.add_capability('unsecure', 'WebsiteSection')
+      website_author.add_capability('create', 'WebsiteSection')
+      website_author.add_capability('delete', 'WebsiteSection')
+      website_author.add_capability('edit', 'WebsiteSection')
+      website_author.add_capability('secure', 'WebsiteSection')
+      website_author.add_capability('unsecure', 'WebsiteSection')
+      admin.add_capability('create', 'WebsiteSectionLayout')
+      admin.add_capability('edit', 'WebsiteSectionLayout')
+      layout_author.add_capability('create', 'WebsiteSectionLayout')
+      layout_author.add_capability('edit', 'WebsiteSectionLayout')
+      admin.add_capability('create', 'Content')
+      admin.add_capability('delete', 'Content')
+      admin.add_capability('edit', 'Content')
+      admin.add_capability('publish', 'Content')
+      admin.add_capability('revert_version', 'Content')
+      admin.add_capability('add_existing', 'Content')
+      admin.add_capability('edit_html', 'Content')
+      admin.add_capability('edit_excerpt', 'Content')
+      content_author.add_capability('create', 'Content')
+      content_author.add_capability('delete', 'Content')
+      content_author.add_capability('edit', 'Content')
+      content_author.add_capability('publish', 'Content')
+      content_author.add_capability('revert_version', 'Content')
+      content_author.add_capability('add_existing', 'Content')
+      content_author.add_capability('edit_html', 'Content')
+      content_author.add_capability('edit_excerpt', 'Content')
+      admin.add_capability('create', 'WebsiteNavItem')
+      admin.add_capability('delete', 'WebsiteNavItem')
+      admin.add_capability('edit', 'WebsiteNavItem')
+      admin.add_capability('secure', 'WebsiteNavItem')
+      admin.add_capability('unsecure', 'WebsiteNavItem')
+      website_author.add_capability('create', 'WebsiteNavItem')
+      website_author.add_capability('delete', 'WebsiteNavItem')
+      website_author.add_capability('edit', 'WebsiteNavItem')
+      website_author.add_capability('secure', 'WebsiteNavItem')
+      website_author.add_capability('unsecure', 'WebsiteNavItem')
+      admin.add_capability('view', 'Theme')
+      designer.add_capability('view', 'Theme')
+      admin.add_capability('view', 'SiteImageAsset')
+      website_author.add_capability('view', 'SiteImageAsset')
+      content_author.add_capability('view', 'SiteImageAsset')
+      content_author.add_capability('view', 'GlobalImageAsset')
+      admin.add_capability('view', 'GlobalImageAsset')
+      admin.add_capability('upload', 'GlobalImageAsset')
+      admin.add_capability('delete', 'GlobalImageAsset')
+      website_author.add_capability('view', 'GlobalImageAsset')
+      website_author.add_capability('upload', 'GlobalImageAsset')
+      website_author.add_capability('delete', 'GlobalImageAsset')
+      admin.add_capability('view', 'SiteFileAsset')
+      website_author.add_capability('view', 'SiteFileAsset')
+      content_author.add_capability('view', 'SiteFileAsset')
+      content_author.add_capability('view', 'GlobalFileAsset')
+      admin.add_capability('view', 'GlobalFileAsset')
+      admin.add_capability('upload', 'GlobalFileAsset')
+      admin.add_capability('delete', 'GlobalFileAsset')
+      website_author.add_capability('view', 'GlobalFileAsset')
+      website_author.add_capability('upload', 'GlobalFileAsset')
+      website_author.add_capability('delete', 'GlobalFileAsset')
+      admin.add_capability('drag_item', 'WebsiteTree')
+      website_author.add_capability('drag_item', 'WebsiteTree')
+      # update capability descriptions
+      Capability.all.each do |c|
+        c.update_description
+      end
+      drop_table :capable_models
+      drop_table :capabilities_capable_models
+      drop_table :secured_models
+      drop_table :roles_secured_models
+      remove_column :capabilities, :resource
+    end
+  end
+  def self.down
+  end
+end

data/lib/erp_tech_svcs/engine.rb CHANGED Viewed

@@ -3,18 +3,18 @@ module ErpTechSvcs
     config.erp_tech_svcs = ErpTechSvcs::Config
     isolate_namespace ErpTechSvcs
+    Mime::Type.register "application/pdf", :pdf
 	  ActiveSupport.on_load(:active_record) do
-      include ErpTechSvcs::Extensions::ActiveRecord::HasRoles
+      include ErpTechSvcs::Extensions::ActiveRecord::HasSecurityRoles
       include ErpTechSvcs::Extensions::ActiveRecord::HasFileAssets
-      include ErpTechSvcs::Extensions::ActiveRecord::HasCapabilities
+      include ErpTechSvcs::Extensions::ActiveRecord::ProtectedByCapabilities
+      include ErpTechSvcs::Extensions::ActiveRecord::HasCapabilityAccessors
       include ErpTechSvcs::Extensions::ActiveRecord::HasRelationalDynamicAttributes
     end
-    engine = self
-    config.to_prepare do
-      ErpBaseErpSvcs.register_compass_ae_engine(engine)
-    end
+    ErpBaseErpSvcs.register_as_compass_ae_engine(config, self)
   end
 end

data/lib/erp_tech_svcs/extensions/active_record/base.rb ADDED Viewed

@@ -0,0 +1,17 @@
+::ActiveRecord::Base.class_eval do
+  # class method to get superclass of ActiveRecord model
+  def self.get_superclass(class_name)
+    klass = Module.const_get(class_name)
+    while klass.superclass != ::ActiveRecord::Base do
+      klass = klass.superclass
+    end
+    return klass.name
+  end
+  # instance method to get superclass of ActiveRecord model
+  def get_superclass
+    self.class.get_superclass(self.class.name)
+  end
+end

data/lib/erp_tech_svcs/extensions/active_record/has_capability_accessors.rb ADDED Viewed

@@ -0,0 +1,131 @@
+module ErpTechSvcs
+  module Extensions
+    module ActiveRecord
+      module HasCapabilityAccessors
+        def self.included(base)
+          base.extend(ClassMethods)
+        end
+        module ClassMethods
+          def has_capability_accessors
+            extend HasCapabilityAccessors::SingletonMethods
+            include HasCapabilityAccessors::InstanceMethods
+            has_many :capability_accessors, :as => :capability_accessor_record
+          end
+        end
+        module SingletonMethods
+        end
+        module InstanceMethods
+          # method to get capabilities this instance does NOT have
+          def capabilities_not
+            Capability.joins(:capability_type).
+                      joins("LEFT JOIN capability_accessors ON capability_accessors.capability_id = capabilities.id AND capability_accessors.capability_accessor_record_type = '#{self.class.name}' AND capability_accessors.capability_accessor_record_id = #{self.id}").
+                      where("capability_accessors.id IS NULL")
+          end
+          def scope_capabilities_not(scope_type_iid)
+            scope_type = ScopeType.find_by_internal_identifier(scope_type_iid)
+            capabilities_not.where(:scope_type_id => scope_type.id)
+          end
+          # method to get only class capabilities this instance does NOT have
+          def class_capabilities_not
+            scope_capabilities_not('class')
+          end
+          def query_capabilities_not
+            scope_capabilities_not('query')
+          end
+          def capabilities
+            Capability.joins(:capability_type).joins(:capability_accessors).
+                      where(:capability_accessors => { :capability_accessor_record_type => self.class.name, :capability_accessor_record_id => self.id })
+          end
+          def scope_capabilities(scope_type_iid)
+            scope_type = ScopeType.find_by_internal_identifier(scope_type_iid)
+            capabilities.where(:scope_type_id => scope_type.id)
+          end
+          # method to get all capabilities for this model
+          def all_capabilities
+            capabilities
+          end
+          # method to get only class capabilities for this model
+          def class_capabilities
+            scope_capabilities('class')
+          end
+          # method to get only query capabilities for this model
+          def query_capabilities
+            scope_capabilities('query')
+          end
+          # method to get only instance capabilities for this model
+          def instance_capabilities
+            scope_capabilities('instance')
+          end
+          # pass in (capability_type_iid, klass) or (capability) object
+          def add_capability(*capability)
+            capability = capability.first.is_a?(String) ? get_or_create_capability(capability.first, capability.second) : capability.first
+            ca = CapabilityAccessor.find_or_create_by_capability_accessor_record_type_and_capability_accessor_record_id_and_capability_id(get_superclass, self.id, capability.id)
+            self.reload
+            ca
+          end
+          def grant_capability(*capability)
+            add_capability(*capability)
+          end
+          def get_or_create_capability(capability_type_iid, klass)
+            capability_type = convert_capability_type(capability_type_iid)
+            scope_type = ScopeType.find_by_internal_identifier('class')
+            Capability.find_or_create_by_capability_resource_type_and_capability_type_id_and_scope_type_id(klass, capability_type.id, scope_type.id)
+          end
+          def get_capability(capability_type_iid, klass)
+            capability_type = convert_capability_type(capability_type_iid)
+            scope_type = ScopeType.find_by_internal_identifier('class')
+            Capability.find_by_capability_resource_type_and_capability_type_id_and_scope_type_id(klass, capability_type.id, scope_type.id)
+          end
+          # pass in (capability_type_iid, klass) or (capability) object
+          def remove_capability(*capability)
+            capability = capability.first.is_a?(String) ? get_or_create_capability(capability.first, capability.second) : capability.first
+            ca = capability_accessors.where(:capability_accessor_record_type => get_superclass, :capability_accessor_record_id => self.id, :capability_id => capability.id).first
+            ca.destroy unless ca.nil?
+            self.reload
+            ca
+          end
+          def revoke_capability(*capability)
+            remove_capability(*capability)
+          end
+          def has_capabilities?
+            !capability_accessors.empty?
+          end
+          private
+          def convert_capability_type(type)
+            return type if type.is_a?(CapabilityType)
+            return nil unless (type.is_a?(String) || type.is_a?(Symbol))
+            ct = CapabilityType.find_by_internal_identifier(type.to_s)
+            return ct unless ct.nil?
+            CapabilityType.create(:internal_identifier => type.to_s, :description => type.to_s.titleize)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/erp_tech_svcs/extensions/active_record/has_file_assets.rb CHANGED Viewed

@@ -12,7 +12,7 @@ module ErpTechSvcs
 						extend HasFileAssets::SingletonMethods
 						include HasFileAssets::InstanceMethods
-						has_many :files, :as => :file_asset_holder, :class_name => 'FileAsset', :dependent => :delete_all, :include => :capabilities
+						has_many :files, :as => :file_asset_holder, :class_name => 'FileAsset', :dependent => :destroy, :include => :capabilities
 					end
 				end
@@ -45,6 +45,14 @@ module ErpTechSvcs
           def templates
 						self.files.where('type = ?', 'Template')
           end
+          def pdfs
+            self.files.where('type = ?', 'Pdf')
+          end
+          def xmls
+            self.files.where('type = ?', 'XmlFile')
+          end
 				end
 			end

data/lib/erp_tech_svcs/extensions/active_record/has_security_roles.rb ADDED Viewed

@@ -0,0 +1,89 @@
+module ErpTechSvcs
+	module Extensions
+		module ActiveRecord
+			module HasSecurityRoles
+        module Errors
+          exceptions = %w[UserDoesNotHaveAccess]
+          exceptions.each { |e| const_set(e, Class.new(StandardError)) }
+        end
+				def self.included(base)
+					base.extend(ClassMethods)
+				end
+				module ClassMethods
+				  def has_security_roles
+				    extend HasSecurityRoles::SingletonMethods
+    				include HasSecurityRoles::InstanceMethods
+				  end
+				end
+				module SingletonMethods
+				end
+				module InstanceMethods
+          def join_parties_security_roles
+            "parties_security_roles ON parties_security_roles.security_role_id=security_roles.id"
+          end
+          def roles_not
+            SecurityRole.joins("LEFT JOIN #{join_parties_security_roles}").where("parties_security_roles.party_id IS NULL")
+          end
+				  def roles
+					  self.security_roles
+				  end
+				  def add_role(role)
+					  role = role.is_a?(SecurityRole) ? role : SecurityRole.find_by_internal_identifier(role.to_s)
+            unless self.has_role?(role)
+  					  self.security_roles << role
+  					  self.save
+  					end
+				  end
+          def add_roles(*passed_roles)
+            passed_roles.flatten!
+            passed_roles = passed_roles.first if passed_roles.first.is_a? Array
+            passed_roles.each do |role|
+              self.add_role(role)
+            end
+          end
+          def remove_role(role)
+            role = role.is_a?(SecurityRole) ? role : SecurityRole.find_by_internal_identifier(role.to_s)
+            self.security_roles.delete(role) if has_role?(role)
+				  end
+          def remove_roles(*passed_roles)
+            passed_roles.flatten!
+            passed_roles.each do |role|
+              self.remove_role(role)
+            end
+				  end
+          def remove_all_roles
+            self.security_roles = []
+            self.save
+          end
+          def has_role?(*passed_roles)
+            result = false
+            passed_roles.flatten!
+            passed_roles.each do |role|
+              role_iid = role.is_a?(SecurityRole) ?  role.internal_identifier : role.to_s
+              self.security_roles.each do |this_role|
+                result = true if (this_role.internal_identifier == role_iid)
+                break if result
+              end
+              break if result
+            end
+            result
+          end
+				end
+      end #HasSecurityRoles
+    end #ActiveRecord
+  end #Extensions
+end #ErpTechSvcs