erp_tech_svcs 3.0.11 → 3.0.12

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (25) hide show
  1. data/app/models/group.rb +23 -1
  2. data/app/models/user.rb +39 -9
  3. data/lib/erp_tech_svcs/extensions/active_record/has_capability_accessors.rb +10 -4
  4. data/lib/erp_tech_svcs/extensions/active_record/protected_with_capabilities.rb +53 -28
  5. data/lib/erp_tech_svcs/utils/compass_access_negotiator.rb +5 -3
  6. data/lib/erp_tech_svcs/version.rb +1 -1
  7. data/spec/dummy/db/data_migrations/20110109173616_create_capability_scope_types.erp_tech_svcs.rb +15 -0
  8. data/spec/dummy/db/data_migrations/20110525001935_add_usd_currency.erp_base_erp_svcs.rb +12 -0
  9. data/spec/dummy/db/data_migrations/20110609150135_add_iso_codes.erp_base_erp_svcs.rb +19 -0
  10. data/spec/dummy/db/data_migrations/20110802200222_schedule_delete_expired_sessions_job.erp_tech_svcs.rb +16 -0
  11. data/spec/dummy/db/data_migrations/20110913145838_setup_compass_ae_instance.erp_base_erp_svcs.rb +12 -0
  12. data/spec/dummy/db/data_migrations/20111111144706_setup_audit_log_types.erp_tech_svcs.rb +22 -0
  13. data/spec/dummy/db/data_migrations/20121116155018_create_group_relationship_and_role_types.erp_tech_svcs.rb +20 -0
  14. data/spec/dummy/db/data_migrations/20121130212146_note_capabilities.erp_tech_svcs.rb +24 -0
  15. data/spec/dummy/db/migrate/20130105133955_base_erp_services.erp_base_erp_svcs.rb +461 -0
  16. data/spec/dummy/db/migrate/20130105133956_base_tech_services.erp_tech_svcs.rb +271 -0
  17. data/spec/dummy/db/migrate/20130105133957_create_has_attribute_tables.erp_tech_svcs.rb +39 -0
  18. data/spec/dummy/db/migrate/20130105133958_create_groups.erp_tech_svcs.rb +19 -0
  19. data/spec/dummy/db/migrate/20130105133959_upgrade_security.erp_tech_svcs.rb +54 -0
  20. data/spec/dummy/db/migrate/20130105133960_upgrade_security2.erp_tech_svcs.rb +270 -0
  21. data/spec/dummy/db/schema.rb +613 -0
  22. data/spec/dummy/db/spec.sqlite3 +0 -0
  23. data/spec/dummy/log/adam.log +1 -0
  24. data/spec/dummy/log/spec.log +128273 -0
  25. metadata +93 -22
data/app/models/group.rb CHANGED
@@ -138,8 +138,30 @@ class Group < ActiveRecord::Base
138
138
  end
139
139
  end
140
140
 
141
+ def role_class_capabilities
142
+ scope_type = ScopeType.find_by_internal_identifier('class')
143
+ Capability.joins(:capability_type).joins(:capability_accessors).
144
+ where(:capability_accessors => { :capability_accessor_record_type => "SecurityRole" }).
145
+ where("capability_accessor_record_id IN (#{roles.select('security_roles.id').to_sql})").
146
+ where(:scope_type_id => scope_type.id)
147
+ end
148
+
149
+ def all_class_capabilities
150
+ scope_type = ScopeType.find_by_internal_identifier('class')
151
+ Capability.joins(:capability_type).joins(:capability_accessors).
152
+ where("(capability_accessors.capability_accessor_record_type = 'Group' AND
153
+ capability_accessor_record_id = (#{self.id})) OR
154
+ (capability_accessors.capability_accessor_record_type = 'SecurityRole' AND
155
+ capability_accessor_record_id IN (#{roles.select('security_roles.id').to_sql}))").
156
+ where(:scope_type_id => scope_type.id)
157
+ end
158
+
159
+ def all_uniq_class_capabilities
160
+ all_class_capabilities.all.uniq
161
+ end
162
+
141
163
  def class_capabilities_to_hash
142
- class_capabilities.map {|capability|
164
+ all_uniq_class_capabilities.map {|capability|
143
165
  { :capability_type_iid => capability.capability_type.internal_identifier,
144
166
  :capability_resource_type => capability.capability_resource_type
145
167
  }
data/app/models/user.rb CHANGED
@@ -86,40 +86,70 @@ class User < ActiveRecord::Base
86
86
 
87
87
  # roles assigned to the groups this user belongs to
88
88
  def group_roles
89
- groups.collect{|g| g.roles }.flatten.uniq
89
+ SecurityRole.joins(:parties).
90
+ where(:parties => {:business_party_type => 'Group'}).
91
+ where("parties.business_party_id IN (#{groups.select('groups.id').to_sql})")
90
92
  end
91
93
 
92
94
  # composite roles for this user
93
95
  def all_roles
94
- (group_roles + roles).uniq
96
+ SecurityRole.joins(:parties).joins("LEFT JOIN users ON parties.id=users.party_id").
97
+ where("(parties.business_party_type='Group' AND
98
+ parties.business_party_id IN (#{groups.select('groups.id').to_sql})) OR
99
+ (users.id=#{self.id})")
100
+ end
101
+
102
+ def all_uniq_roles
103
+ all_roles.all.uniq
95
104
  end
96
105
 
97
106
  def group_capabilities
98
- groups.collect{|r| r.capabilities }.flatten.uniq.compact
107
+ Capability.joins(:capability_type).joins(:capability_accessors).
108
+ where(:capability_accessors => { :capability_accessor_record_type => "Group" }).
109
+ where("capability_accessor_record_id IN (#{groups.select('groups.id').to_sql})")
99
110
  end
100
111
 
101
112
  def role_capabilities
102
- all_roles.collect{|r| r.capabilities }.flatten.compact
113
+ Capability.joins(:capability_type).joins(:capability_accessors).
114
+ where(:capability_accessors => { :capability_accessor_record_type => "SecurityRole" }).
115
+ where("capability_accessor_record_id IN (#{all_roles.select('security_roles.id').to_sql})")
103
116
  end
104
117
 
105
118
  def all_capabilities
106
- (role_capabilities + group_capabilities + capabilities).uniq
119
+ Capability.joins(:capability_type).joins(:capability_accessors).
120
+ where("(capability_accessors.capability_accessor_record_type = 'Group' AND
121
+ capability_accessor_record_id IN (#{groups.select('groups.id').to_sql})) OR
122
+ (capability_accessors.capability_accessor_record_type = 'SecurityRole' AND
123
+ capability_accessor_record_id IN (#{all_roles.select('security_roles.id').to_sql})) OR
124
+ (capability_accessors.capability_accessor_record_type = 'User' AND
125
+ capability_accessor_record_id = #{self.id})")
126
+ end
127
+
128
+ def all_uniq_capabilities
129
+ all_capabilities.all.uniq
107
130
  end
108
131
 
109
132
  def group_class_capabilities
110
- groups.collect{|g| g.class_capabilities }.flatten.uniq.compact
133
+ scope_type = ScopeType.find_by_internal_identifier('class')
134
+ group_capabilities.where(:scope_type_id => scope_type.id)
111
135
  end
112
136
 
113
137
  def role_class_capabilities
114
- all_roles.collect{|r| r.class_capabilities }.flatten.uniq.compact
138
+ scope_type = ScopeType.find_by_internal_identifier('class')
139
+ role_capabilities.where(:scope_type_id => scope_type.id)
115
140
  end
116
141
 
117
142
  def all_class_capabilities
118
- (role_class_capabilities + group_class_capabilities + class_capabilities).uniq
143
+ scope_type = ScopeType.find_by_internal_identifier('class')
144
+ all_capabilities.where(:scope_type_id => scope_type.id)
145
+ end
146
+
147
+ def all_uniq_class_capabilities
148
+ all_class_capabilities.all.uniq
119
149
  end
120
150
 
121
151
  def class_capabilities_to_hash
122
- all_class_capabilities.map {|capability|
152
+ all_uniq_class_capabilities.map {|capability|
123
153
  { :capability_type_iid => capability.capability_type.internal_identifier,
124
154
  :capability_resource_type => capability.capability_resource_type
125
155
  }
@@ -77,7 +77,8 @@ module ErpTechSvcs
77
77
 
78
78
  # pass in (capability_type_iid, klass) or (capability) object
79
79
  def add_capability(*capability)
80
- capability = capability.first.is_a?(String) ? get_or_create_capability(capability.first, capability.second) : capability.first
80
+ capability_type_iid = capability.first.is_a?(Symbol) ? capability.first.to_s : capability.first
81
+ capability = capability_type_iid.is_a?(String) ? get_or_create_capability(capability_type_iid, capability.second) : capability.first
81
82
  ca = CapabilityAccessor.find_or_create_by_capability_accessor_record_type_and_capability_accessor_record_id_and_capability_id(get_superclass, self.id, capability.id)
82
83
  self.reload
83
84
  ca
@@ -89,8 +90,12 @@ module ErpTechSvcs
89
90
 
90
91
  def get_or_create_capability(capability_type_iid, klass)
91
92
  capability_type = convert_capability_type(capability_type_iid)
92
- scope_type = ScopeType.find_by_internal_identifier('class')
93
- Capability.find_or_create_by_capability_resource_type_and_capability_type_id_and_scope_type_id(klass, capability_type.id, scope_type.id)
93
+ if klass.is_a?(String)
94
+ scope_type = ScopeType.find_by_internal_identifier('class')
95
+ Capability.find_or_create_by_capability_resource_type_and_capability_type_id_and_scope_type_id(klass, capability_type.id, scope_type.id)
96
+ else
97
+ klass.add_capability(capability_type_iid) # create instance capability
98
+ end
94
99
  end
95
100
 
96
101
  def get_capability(capability_type_iid, klass)
@@ -101,7 +106,8 @@ module ErpTechSvcs
101
106
 
102
107
  # pass in (capability_type_iid, klass) or (capability) object
103
108
  def remove_capability(*capability)
104
- capability = capability.first.is_a?(String) ? get_or_create_capability(capability.first, capability.second) : capability.first
109
+ capability_type_iid = capability.first.is_a?(Symbol) ? capability.first.to_s : capability.first
110
+ capability = capability_type_iid.is_a?(String) ? get_or_create_capability(capability_type_iid, capability.second) : capability.first
105
111
  ca = capability_accessors.where(:capability_accessor_record_type => get_superclass, :capability_accessor_record_id => self.id, :capability_id => capability.id).first
106
112
  ca.destroy unless ca.nil?
107
113
  self.reload
@@ -9,15 +9,24 @@ module ErpTechSvcs
9
9
 
10
10
  module ClassMethods
11
11
 
12
- def protected_with_capabilities
12
+ def protected_with_capabilities(options = {})
13
13
  extend ProtectedByCapabilities::SingletonMethods
14
14
  include ProtectedByCapabilities::InstanceMethods
15
-
16
- has_many :capabilities, :as => :capability_resource
17
15
 
18
- # get records filtered via query scope capabilities
19
- # by default Compass AE treats query scopes as restrictions
20
- # a user will see all records unless the user has a capability accessor with a query scope
16
+ has_many :capabilities, :as => :capability_resource
17
+
18
+ # protect all instance of this class by default
19
+ class_attribute :protect_all_instances
20
+ self.protect_all_instances = (options[:protect_all_instances].nil? ? false : options[:protect_all_instances])
21
+
22
+ # Get records filtered via query scope capabilities
23
+ # By default Compass AE treats query scopes as restrictions
24
+ # A user will see all records unless the user has a capability accessor with a query scope
25
+ # If you set :protect_all_instances => true it is honored via with_user_security & with_instance_security but NOT with_query_security
26
+ # arguments: user, capability_type_iids
27
+ # capability_type_iids is optional and can be a single string or an array of strings
28
+ # Example: which files can this user download? FileAsset.with_query_security(user, 'download').all
29
+ # Example: which website sections can this user either view or edit? WebsiteSection.with_query_security(user, ['view','edit']).all
21
30
  scope :with_query_security, lambda{|*args|
22
31
  raise ArgumentError if args.empty? || args.size > 2
23
32
  user = args.first
@@ -25,11 +34,11 @@ module ErpTechSvcs
25
34
  capability_type_iids = [capability_type_iids] if capability_type_iids.is_a?(String)
26
35
 
27
36
  scope_type = ScopeType.find_by_internal_identifier('query')
28
- granted_capabilities = user.all_capabilities.collect{|c| c if c.scope_type_id == scope_type.id and c.capability_resource_type == self.name }.compact
37
+ granted_capabilities = user.all_capabilities.where(:scope_type_id => scope_type.id).where(:capability_resource_type => self.name)
29
38
 
30
39
  unless capability_type_iids.empty?
31
40
  capability_type_ids = capability_type_iids.collect{|type| convert_capability_type(type).id }
32
- granted_capabilities = granted_capabilities.collect{|c| c if capability_type_ids.include?(c.capability_type_id)}.compact
41
+ granted_capabilities = granted_capabilities.where("capability_type_id IN (?)", capability_type_ids.join(','))
33
42
  end
34
43
 
35
44
  query = nil
@@ -39,34 +48,45 @@ module ErpTechSvcs
39
48
  query
40
49
  }
41
50
 
42
- # get records for this model without capabilities or that are not in a list of denied capabilities
43
- scope :with_instance_security, lambda{|denied_capabilities|
44
- query = joins("LEFT JOIN capabilities AS c ON c.capability_resource_id = #{self.table_name}.id AND c.capability_resource_type = '#{self.name}'").
45
- group(columns.collect{|c| "#{self.table_name}.#{c.name}" })
46
- query = (denied_capabilities.empty? ? query.where("c.id IS NULL OR c.id = c.id") : query.where("c.id IS NULL OR c.id NOT IN (?)", denied_capabilities.collect{|c| c.id }))
47
- query
48
- }
49
-
50
- # get records for this model that the given user has access to
51
+ # Get records for this model permitted via instance capabilities
52
+ # If :protect_all_instances => true return only instances user has explicitly been granted access to
53
+ # If :protect_all_instances => false return instances without capabilities or that user is granted access to (default)
51
54
  # arguments: user, capability_type_iids
52
55
  # capability_type_iids is optional and can be a single string or an array of strings
53
- # Example: which files can this user download? FileAsset.with_user_security(user, 'download').all
54
- # Example: which website sections can this user either view or edit? WebsiteSection.with_user_security(user, ['view','edit']).all
55
- scope :with_user_security, lambda{|*args|
56
+ # Example: which files can this user download? FileAsset.with_instance_security(user, 'download').all
57
+ # Example: which website sections can this user either view or edit? WebsiteSection.with_instance_security(user, ['view','edit']).all
58
+ scope :with_instance_security, lambda{|*args|
56
59
  raise ArgumentError if args.empty? || args.size > 2
57
60
  user = args.first
58
61
  capability_type_iids = args.second || []
59
62
  capability_type_iids = [capability_type_iids] if capability_type_iids.is_a?(String)
60
63
 
61
64
  scope_type = ScopeType.find_by_internal_identifier('instance')
62
- granted_capabilities = user.all_capabilities.collect{|c| c if c.scope_type_id == scope_type.id and c.capability_resource_type == self.name }.compact
65
+ granted_capabilities = user.all_capabilities.where(:scope_type_id => scope_type.id).where(:capability_resource_type => self.name)
63
66
 
64
67
  unless capability_type_iids.empty?
65
68
  capability_type_ids = capability_type_iids.collect{|type| convert_capability_type(type).id }
66
- granted_capabilities = granted_capabilities.collect{|c| c if capability_type_ids.include?(c.capability_type_id)}.compact
69
+ granted_capabilities = granted_capabilities.where("capability_type_id IN (#{capability_type_ids.join(',')})")
67
70
  end
68
-
69
- with_query_security(*args).with_instance_security(instance_capabilities - granted_capabilities)
71
+
72
+ denied_capabilities = instance_capabilities.select('capabilities.id').where("capabilities.id NOT IN (#{granted_capabilities.select('capabilities.id').to_sql})")
73
+ deny_count = denied_capabilities.count
74
+
75
+ join_type = (self.protect_all_instances ? 'JOIN' : 'LEFT JOIN')
76
+ query = joins("#{join_type} capabilities AS c ON c.capability_resource_id = #{self.table_name}.id AND c.capability_resource_type = '#{self.name}'").
77
+ group(columns.collect{|c| "#{self.table_name}.#{c.name}" })
78
+ query = (deny_count == 0 ? query.where("c.id IS NULL OR c.id = c.id") : query.where("c.id IS NULL OR c.id NOT IN (#{denied_capabilities.to_sql})"))
79
+ query
80
+ }
81
+
82
+ # Get records for this model that the given user has access to
83
+ # arguments: user, capability_type_iids
84
+ # capability_type_iids is optional and can be a single string or an array of strings
85
+ # Example: which files can this user download? FileAsset.with_user_security(user, 'download').all
86
+ # Example: which website sections can this user either view or edit? WebsiteSection.with_user_security(user, ['view','edit']).all
87
+ scope :with_user_security, lambda{|*args|
88
+ raise ArgumentError if args.empty? || args.size > 2
89
+ with_instance_security(*args).with_query_security(*args)
70
90
  }
71
91
  end
72
92
  end
@@ -102,9 +122,9 @@ module ErpTechSvcs
102
122
  capabilities.where(:scope_type_id => scope_type.id)
103
123
  end
104
124
 
105
- # collect unique roles on capabilities
125
+ # return unique roles on capabilities for this model
106
126
  def capability_roles
107
- capabilities.collect{|c| c.roles }.flatten.uniq
127
+ SecurityRole.joins(:capability_accessors => :capability).where(:capability_accessors => {:capabilities => {:capability_resource_type => get_superclass(self.name) }}).all.uniq
108
128
  end
109
129
 
110
130
  # add a class level capability (capability_resource_id will be NULL)
@@ -147,6 +167,11 @@ module ErpTechSvcs
147
167
 
148
168
  module InstanceMethods
149
169
 
170
+ # convenience method to access class method
171
+ def protect_all_instances
172
+ self.class.protect_all_instances
173
+ end
174
+
150
175
  def add_capability(capability_type_iid)
151
176
  capability_type = convert_capability_type(capability_type_iid)
152
177
  scope_type = ScopeType.find_by_internal_identifier('instance')
@@ -165,11 +190,11 @@ module ErpTechSvcs
165
190
  end
166
191
 
167
192
  def protected_with_capability?(capability_type_iid)
168
- !get_capability(capability_type_iid).nil?
193
+ !get_capability(capability_type_iid).nil? or protect_all_instances
169
194
  end
170
195
 
171
196
  def allow_access?(user, capability_type_iid)
172
- if !self.protected_with_capability?(capability_type_iid.to_s) or (user and user.has_capability?(capability_type_iid.to_s, self))
197
+ if (!self.protect_all_instances and !self.protected_with_capability?(capability_type_iid.to_s)) or (user and user.has_capability?(capability_type_iid.to_s, self))
173
198
  return true
174
199
  else
175
200
  return false
@@ -13,15 +13,17 @@ module ErpTechSvcs
13
13
  where(:capability_resource_type => klass).
14
14
  where(:scope_type_id => scope_type.id).
15
15
  where(:capability_types => {:internal_identifier => capability_type_iid}).first
16
+ return nil if capability.nil? # capability not found so return nil
16
17
  else
17
18
  scope_type = ScopeType.find_by_internal_identifier('instance')
18
19
  capability = klass.capabilities.joins(:capability_type).
19
20
  where(:scope_type_id => scope_type.id).
20
21
  where(:capability_types => {:internal_identifier => capability_type_iid}).first
21
- return true if capability.nil? # object is not secured, so return true
22
+ # if capability not found, we see if all instances are protected
23
+ # if all instance are protected, return false, otherwise true
24
+ return !klass.protect_all_instances if capability.nil?
22
25
  end
23
- result = all_capabilities.find{|c| c == capability }
24
- result.nil? ? false : true
26
+ all_capabilities.include?(capability)
25
27
  end
26
28
 
27
29
  # pass in (capability_type_iid, class name or any class instance, a block of code)
@@ -2,7 +2,7 @@ module ErpTechSvcs
2
2
  module VERSION #:nodoc:
3
3
  MAJOR = 3
4
4
  MINOR = 0
5
- TINY = 11
5
+ TINY = 12
6
6
 
7
7
  STRING = [MAJOR, MINOR, TINY].compact.join('.')
8
8
  end
@@ -0,0 +1,15 @@
1
+ # This migration comes from erp_tech_svcs (originally 20110109173616)
2
+ class CreateCapabilityScopeTypes
3
+
4
+ def self.up
5
+ CapabilityType.create(:internal_identifier => 'download', :description => 'Download') if CapabilityType.where("internal_identifier = 'download'").first.nil?
6
+
7
+ ScopeType.create(:description => 'Instance', :internal_identifier => 'instance') if ScopeType.where("internal_identifier = 'instance'").first.nil?
8
+ ScopeType.create(:description => 'Class', :internal_identifier => 'class') if ScopeType.where("internal_identifier = 'class'").first.nil?
9
+ ScopeType.create(:description => 'Query', :internal_identifier => 'query') if ScopeType.where("internal_identifier = 'query'").first.nil?
10
+ end
11
+
12
+ def self.down
13
+ end
14
+
15
+ end
@@ -0,0 +1,12 @@
1
+ # This migration comes from erp_base_erp_svcs (originally 20110525001935)
2
+ class AddUsdCurrency
3
+
4
+ def self.up
5
+ Currency.create(:name => 'US Dollar', :internal_identifier => 'USD', :major_unit_symbol => "$")
6
+ end
7
+
8
+ def self.down
9
+ Currency.usd.destroy
10
+ end
11
+
12
+ end
@@ -0,0 +1,19 @@
1
+ # This migration comes from erp_base_erp_svcs (originally 20110609150135)
2
+ require 'yaml'
3
+
4
+ class AddIsoCodes
5
+
6
+ def self.up
7
+ #find the erp_base_erp_svcs engine
8
+ engine_path = Rails::Application::Railties.engines.find{|item| item.engine_name == 'erp_base_erp_svcs'}.config.root.to_s
9
+
10
+ GeoCountry.load_from_file(File.join(engine_path,'db/data_sets/geo_countries.yml'))
11
+ GeoZone.load_from_file(File.join(engine_path,'db/data_sets/geo_zones.yml'))
12
+ end
13
+
14
+ def self.down
15
+ GeoCountry.delete_all
16
+ GeoZone.delete_all
17
+ end
18
+
19
+ end
@@ -0,0 +1,16 @@
1
+ # This migration comes from erp_tech_svcs (originally 20110802200222)
2
+ class ScheduleDeleteExpiredSessionsJob
3
+
4
+ def self.up
5
+ #insert data here
6
+ date = Date.tomorrow
7
+ start_time = DateTime.civil(date.year, date.month, date.day, 2, 0, 1, -(5.0/24.0))
8
+
9
+ ErpTechSvcs::Sessions::DeleteExpiredSessionsJob.schedule_job(start_time)
10
+ end
11
+
12
+ def self.down
13
+ #remove data here
14
+ end
15
+
16
+ end
@@ -0,0 +1,12 @@
1
+ # This migration comes from erp_base_erp_svcs (originally 20110913145838)
2
+ class SetupCompassAeInstance
3
+
4
+ def self.up
5
+ CompassAeInstance.create(version: 3.1)
6
+ end
7
+
8
+ def self.down
9
+ #remove data here
10
+ end
11
+
12
+ end
@@ -0,0 +1,22 @@
1
+ # This migration comes from erp_tech_svcs (originally 20111111144706)
2
+ class SetupAuditLogTypes
3
+
4
+ def self.up
5
+ application_alt = AuditLogType.create(:description => 'Application', :internal_identifier => 'application')
6
+
7
+ [
8
+ {:description => 'Custom Message', :internal_identifier => 'custom_message'},
9
+ {:description => 'Successful Logout', :internal_identifier => 'successful_logout'},
10
+ {:description => 'Successful Login', :internal_identifier => 'successful_login'},
11
+ {:description => 'Accessed Area', :internal_identifier => 'accessed_area'},
12
+ {:description => 'Session Timeout', :internal_identifier => 'session_timeout'}
13
+ ].each do |alt_hash|
14
+ AuditLogType.create(alt_hash).move_to_child_of(application_alt)
15
+ end
16
+ end
17
+
18
+ def self.down
19
+ AuditLogType.destroy_all
20
+ end
21
+
22
+ end
@@ -0,0 +1,20 @@
1
+ # This migration comes from erp_tech_svcs (originally 20121116155018)
2
+ class CreateGroupRelationshipAndRoleTypes
3
+
4
+ def self.up
5
+ #insert data here
6
+ to_role = RoleType.create(:description => 'Security Group', :internal_identifier => 'group')
7
+ from_role = RoleType.create(:description => 'Security Group Member', :internal_identifier => 'group_member')
8
+ RelationshipType.create(:description => 'Security Group Membership',
9
+ :name => 'Group Membership',
10
+ :internal_identifier => 'group_membership',
11
+ :valid_from_role => from_role,
12
+ :valid_to_role => to_role
13
+ )
14
+ end
15
+
16
+ def self.down
17
+ #remove data here
18
+ end
19
+
20
+ end
@@ -0,0 +1,24 @@
1
+ # This migration comes from erp_tech_svcs (originally 20121130212146)
2
+ class NoteCapabilities
3
+
4
+ def self.up
5
+ #insert data here
6
+ admin = SecurityRole.find_or_create_by_description_and_internal_identifier(:description => 'Admin', :internal_identifier => 'admin')
7
+ employee = SecurityRole.find_or_create_by_description_and_internal_identifier(:description => 'Employee', :internal_identifier => 'employee')
8
+
9
+ admin.add_capability('create', 'Note')
10
+ admin.add_capability('delete', 'Note')
11
+ admin.add_capability('edit', 'Note')
12
+ admin.add_capability('view', 'Note')
13
+
14
+ employee.add_capability('create', 'Note')
15
+ employee.add_capability('delete', 'Note')
16
+ employee.add_capability('edit', 'Note')
17
+ employee.add_capability('view', 'Note')
18
+ end
19
+
20
+ def self.down
21
+ #remove data here
22
+ end
23
+
24
+ end