erp_tech_svcs 3.0.11 → 3.0.12
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/app/models/group.rb +23 -1
- data/app/models/user.rb +39 -9
- data/lib/erp_tech_svcs/extensions/active_record/has_capability_accessors.rb +10 -4
- data/lib/erp_tech_svcs/extensions/active_record/protected_with_capabilities.rb +53 -28
- data/lib/erp_tech_svcs/utils/compass_access_negotiator.rb +5 -3
- data/lib/erp_tech_svcs/version.rb +1 -1
- data/spec/dummy/db/data_migrations/20110109173616_create_capability_scope_types.erp_tech_svcs.rb +15 -0
- data/spec/dummy/db/data_migrations/20110525001935_add_usd_currency.erp_base_erp_svcs.rb +12 -0
- data/spec/dummy/db/data_migrations/20110609150135_add_iso_codes.erp_base_erp_svcs.rb +19 -0
- data/spec/dummy/db/data_migrations/20110802200222_schedule_delete_expired_sessions_job.erp_tech_svcs.rb +16 -0
- data/spec/dummy/db/data_migrations/20110913145838_setup_compass_ae_instance.erp_base_erp_svcs.rb +12 -0
- data/spec/dummy/db/data_migrations/20111111144706_setup_audit_log_types.erp_tech_svcs.rb +22 -0
- data/spec/dummy/db/data_migrations/20121116155018_create_group_relationship_and_role_types.erp_tech_svcs.rb +20 -0
- data/spec/dummy/db/data_migrations/20121130212146_note_capabilities.erp_tech_svcs.rb +24 -0
- data/spec/dummy/db/migrate/20130105133955_base_erp_services.erp_base_erp_svcs.rb +461 -0
- data/spec/dummy/db/migrate/20130105133956_base_tech_services.erp_tech_svcs.rb +271 -0
- data/spec/dummy/db/migrate/20130105133957_create_has_attribute_tables.erp_tech_svcs.rb +39 -0
- data/spec/dummy/db/migrate/20130105133958_create_groups.erp_tech_svcs.rb +19 -0
- data/spec/dummy/db/migrate/20130105133959_upgrade_security.erp_tech_svcs.rb +54 -0
- data/spec/dummy/db/migrate/20130105133960_upgrade_security2.erp_tech_svcs.rb +270 -0
- data/spec/dummy/db/schema.rb +613 -0
- data/spec/dummy/db/spec.sqlite3 +0 -0
- data/spec/dummy/log/adam.log +1 -0
- data/spec/dummy/log/spec.log +128273 -0
- metadata +93 -22
data/app/models/group.rb
CHANGED
@@ -138,8 +138,30 @@ class Group < ActiveRecord::Base
|
|
138
138
|
end
|
139
139
|
end
|
140
140
|
|
141
|
+
def role_class_capabilities
|
142
|
+
scope_type = ScopeType.find_by_internal_identifier('class')
|
143
|
+
Capability.joins(:capability_type).joins(:capability_accessors).
|
144
|
+
where(:capability_accessors => { :capability_accessor_record_type => "SecurityRole" }).
|
145
|
+
where("capability_accessor_record_id IN (#{roles.select('security_roles.id').to_sql})").
|
146
|
+
where(:scope_type_id => scope_type.id)
|
147
|
+
end
|
148
|
+
|
149
|
+
def all_class_capabilities
|
150
|
+
scope_type = ScopeType.find_by_internal_identifier('class')
|
151
|
+
Capability.joins(:capability_type).joins(:capability_accessors).
|
152
|
+
where("(capability_accessors.capability_accessor_record_type = 'Group' AND
|
153
|
+
capability_accessor_record_id = (#{self.id})) OR
|
154
|
+
(capability_accessors.capability_accessor_record_type = 'SecurityRole' AND
|
155
|
+
capability_accessor_record_id IN (#{roles.select('security_roles.id').to_sql}))").
|
156
|
+
where(:scope_type_id => scope_type.id)
|
157
|
+
end
|
158
|
+
|
159
|
+
def all_uniq_class_capabilities
|
160
|
+
all_class_capabilities.all.uniq
|
161
|
+
end
|
162
|
+
|
141
163
|
def class_capabilities_to_hash
|
142
|
-
|
164
|
+
all_uniq_class_capabilities.map {|capability|
|
143
165
|
{ :capability_type_iid => capability.capability_type.internal_identifier,
|
144
166
|
:capability_resource_type => capability.capability_resource_type
|
145
167
|
}
|
data/app/models/user.rb
CHANGED
@@ -86,40 +86,70 @@ class User < ActiveRecord::Base
|
|
86
86
|
|
87
87
|
# roles assigned to the groups this user belongs to
|
88
88
|
def group_roles
|
89
|
-
|
89
|
+
SecurityRole.joins(:parties).
|
90
|
+
where(:parties => {:business_party_type => 'Group'}).
|
91
|
+
where("parties.business_party_id IN (#{groups.select('groups.id').to_sql})")
|
90
92
|
end
|
91
93
|
|
92
94
|
# composite roles for this user
|
93
95
|
def all_roles
|
94
|
-
(
|
96
|
+
SecurityRole.joins(:parties).joins("LEFT JOIN users ON parties.id=users.party_id").
|
97
|
+
where("(parties.business_party_type='Group' AND
|
98
|
+
parties.business_party_id IN (#{groups.select('groups.id').to_sql})) OR
|
99
|
+
(users.id=#{self.id})")
|
100
|
+
end
|
101
|
+
|
102
|
+
def all_uniq_roles
|
103
|
+
all_roles.all.uniq
|
95
104
|
end
|
96
105
|
|
97
106
|
def group_capabilities
|
98
|
-
|
107
|
+
Capability.joins(:capability_type).joins(:capability_accessors).
|
108
|
+
where(:capability_accessors => { :capability_accessor_record_type => "Group" }).
|
109
|
+
where("capability_accessor_record_id IN (#{groups.select('groups.id').to_sql})")
|
99
110
|
end
|
100
111
|
|
101
112
|
def role_capabilities
|
102
|
-
|
113
|
+
Capability.joins(:capability_type).joins(:capability_accessors).
|
114
|
+
where(:capability_accessors => { :capability_accessor_record_type => "SecurityRole" }).
|
115
|
+
where("capability_accessor_record_id IN (#{all_roles.select('security_roles.id').to_sql})")
|
103
116
|
end
|
104
117
|
|
105
118
|
def all_capabilities
|
106
|
-
(
|
119
|
+
Capability.joins(:capability_type).joins(:capability_accessors).
|
120
|
+
where("(capability_accessors.capability_accessor_record_type = 'Group' AND
|
121
|
+
capability_accessor_record_id IN (#{groups.select('groups.id').to_sql})) OR
|
122
|
+
(capability_accessors.capability_accessor_record_type = 'SecurityRole' AND
|
123
|
+
capability_accessor_record_id IN (#{all_roles.select('security_roles.id').to_sql})) OR
|
124
|
+
(capability_accessors.capability_accessor_record_type = 'User' AND
|
125
|
+
capability_accessor_record_id = #{self.id})")
|
126
|
+
end
|
127
|
+
|
128
|
+
def all_uniq_capabilities
|
129
|
+
all_capabilities.all.uniq
|
107
130
|
end
|
108
131
|
|
109
132
|
def group_class_capabilities
|
110
|
-
|
133
|
+
scope_type = ScopeType.find_by_internal_identifier('class')
|
134
|
+
group_capabilities.where(:scope_type_id => scope_type.id)
|
111
135
|
end
|
112
136
|
|
113
137
|
def role_class_capabilities
|
114
|
-
|
138
|
+
scope_type = ScopeType.find_by_internal_identifier('class')
|
139
|
+
role_capabilities.where(:scope_type_id => scope_type.id)
|
115
140
|
end
|
116
141
|
|
117
142
|
def all_class_capabilities
|
118
|
-
|
143
|
+
scope_type = ScopeType.find_by_internal_identifier('class')
|
144
|
+
all_capabilities.where(:scope_type_id => scope_type.id)
|
145
|
+
end
|
146
|
+
|
147
|
+
def all_uniq_class_capabilities
|
148
|
+
all_class_capabilities.all.uniq
|
119
149
|
end
|
120
150
|
|
121
151
|
def class_capabilities_to_hash
|
122
|
-
|
152
|
+
all_uniq_class_capabilities.map {|capability|
|
123
153
|
{ :capability_type_iid => capability.capability_type.internal_identifier,
|
124
154
|
:capability_resource_type => capability.capability_resource_type
|
125
155
|
}
|
@@ -77,7 +77,8 @@ module ErpTechSvcs
|
|
77
77
|
|
78
78
|
# pass in (capability_type_iid, klass) or (capability) object
|
79
79
|
def add_capability(*capability)
|
80
|
-
|
80
|
+
capability_type_iid = capability.first.is_a?(Symbol) ? capability.first.to_s : capability.first
|
81
|
+
capability = capability_type_iid.is_a?(String) ? get_or_create_capability(capability_type_iid, capability.second) : capability.first
|
81
82
|
ca = CapabilityAccessor.find_or_create_by_capability_accessor_record_type_and_capability_accessor_record_id_and_capability_id(get_superclass, self.id, capability.id)
|
82
83
|
self.reload
|
83
84
|
ca
|
@@ -89,8 +90,12 @@ module ErpTechSvcs
|
|
89
90
|
|
90
91
|
def get_or_create_capability(capability_type_iid, klass)
|
91
92
|
capability_type = convert_capability_type(capability_type_iid)
|
92
|
-
|
93
|
-
|
93
|
+
if klass.is_a?(String)
|
94
|
+
scope_type = ScopeType.find_by_internal_identifier('class')
|
95
|
+
Capability.find_or_create_by_capability_resource_type_and_capability_type_id_and_scope_type_id(klass, capability_type.id, scope_type.id)
|
96
|
+
else
|
97
|
+
klass.add_capability(capability_type_iid) # create instance capability
|
98
|
+
end
|
94
99
|
end
|
95
100
|
|
96
101
|
def get_capability(capability_type_iid, klass)
|
@@ -101,7 +106,8 @@ module ErpTechSvcs
|
|
101
106
|
|
102
107
|
# pass in (capability_type_iid, klass) or (capability) object
|
103
108
|
def remove_capability(*capability)
|
104
|
-
|
109
|
+
capability_type_iid = capability.first.is_a?(Symbol) ? capability.first.to_s : capability.first
|
110
|
+
capability = capability_type_iid.is_a?(String) ? get_or_create_capability(capability_type_iid, capability.second) : capability.first
|
105
111
|
ca = capability_accessors.where(:capability_accessor_record_type => get_superclass, :capability_accessor_record_id => self.id, :capability_id => capability.id).first
|
106
112
|
ca.destroy unless ca.nil?
|
107
113
|
self.reload
|
@@ -9,15 +9,24 @@ module ErpTechSvcs
|
|
9
9
|
|
10
10
|
module ClassMethods
|
11
11
|
|
12
|
-
def protected_with_capabilities
|
12
|
+
def protected_with_capabilities(options = {})
|
13
13
|
extend ProtectedByCapabilities::SingletonMethods
|
14
14
|
include ProtectedByCapabilities::InstanceMethods
|
15
|
-
|
16
|
-
has_many :capabilities, :as => :capability_resource
|
17
15
|
|
18
|
-
|
19
|
-
|
20
|
-
#
|
16
|
+
has_many :capabilities, :as => :capability_resource
|
17
|
+
|
18
|
+
# protect all instance of this class by default
|
19
|
+
class_attribute :protect_all_instances
|
20
|
+
self.protect_all_instances = (options[:protect_all_instances].nil? ? false : options[:protect_all_instances])
|
21
|
+
|
22
|
+
# Get records filtered via query scope capabilities
|
23
|
+
# By default Compass AE treats query scopes as restrictions
|
24
|
+
# A user will see all records unless the user has a capability accessor with a query scope
|
25
|
+
# If you set :protect_all_instances => true it is honored via with_user_security & with_instance_security but NOT with_query_security
|
26
|
+
# arguments: user, capability_type_iids
|
27
|
+
# capability_type_iids is optional and can be a single string or an array of strings
|
28
|
+
# Example: which files can this user download? FileAsset.with_query_security(user, 'download').all
|
29
|
+
# Example: which website sections can this user either view or edit? WebsiteSection.with_query_security(user, ['view','edit']).all
|
21
30
|
scope :with_query_security, lambda{|*args|
|
22
31
|
raise ArgumentError if args.empty? || args.size > 2
|
23
32
|
user = args.first
|
@@ -25,11 +34,11 @@ module ErpTechSvcs
|
|
25
34
|
capability_type_iids = [capability_type_iids] if capability_type_iids.is_a?(String)
|
26
35
|
|
27
36
|
scope_type = ScopeType.find_by_internal_identifier('query')
|
28
|
-
granted_capabilities = user.all_capabilities.
|
37
|
+
granted_capabilities = user.all_capabilities.where(:scope_type_id => scope_type.id).where(:capability_resource_type => self.name)
|
29
38
|
|
30
39
|
unless capability_type_iids.empty?
|
31
40
|
capability_type_ids = capability_type_iids.collect{|type| convert_capability_type(type).id }
|
32
|
-
granted_capabilities = granted_capabilities.
|
41
|
+
granted_capabilities = granted_capabilities.where("capability_type_id IN (?)", capability_type_ids.join(','))
|
33
42
|
end
|
34
43
|
|
35
44
|
query = nil
|
@@ -39,34 +48,45 @@ module ErpTechSvcs
|
|
39
48
|
query
|
40
49
|
}
|
41
50
|
|
42
|
-
#
|
43
|
-
|
44
|
-
|
45
|
-
group(columns.collect{|c| "#{self.table_name}.#{c.name}" })
|
46
|
-
query = (denied_capabilities.empty? ? query.where("c.id IS NULL OR c.id = c.id") : query.where("c.id IS NULL OR c.id NOT IN (?)", denied_capabilities.collect{|c| c.id }))
|
47
|
-
query
|
48
|
-
}
|
49
|
-
|
50
|
-
# get records for this model that the given user has access to
|
51
|
+
# Get records for this model permitted via instance capabilities
|
52
|
+
# If :protect_all_instances => true return only instances user has explicitly been granted access to
|
53
|
+
# If :protect_all_instances => false return instances without capabilities or that user is granted access to (default)
|
51
54
|
# arguments: user, capability_type_iids
|
52
55
|
# capability_type_iids is optional and can be a single string or an array of strings
|
53
|
-
# Example: which files can this user download? FileAsset.
|
54
|
-
# Example: which website sections can this user either view or edit? WebsiteSection.
|
55
|
-
scope :
|
56
|
+
# Example: which files can this user download? FileAsset.with_instance_security(user, 'download').all
|
57
|
+
# Example: which website sections can this user either view or edit? WebsiteSection.with_instance_security(user, ['view','edit']).all
|
58
|
+
scope :with_instance_security, lambda{|*args|
|
56
59
|
raise ArgumentError if args.empty? || args.size > 2
|
57
60
|
user = args.first
|
58
61
|
capability_type_iids = args.second || []
|
59
62
|
capability_type_iids = [capability_type_iids] if capability_type_iids.is_a?(String)
|
60
63
|
|
61
64
|
scope_type = ScopeType.find_by_internal_identifier('instance')
|
62
|
-
granted_capabilities = user.all_capabilities.
|
65
|
+
granted_capabilities = user.all_capabilities.where(:scope_type_id => scope_type.id).where(:capability_resource_type => self.name)
|
63
66
|
|
64
67
|
unless capability_type_iids.empty?
|
65
68
|
capability_type_ids = capability_type_iids.collect{|type| convert_capability_type(type).id }
|
66
|
-
granted_capabilities = granted_capabilities.
|
69
|
+
granted_capabilities = granted_capabilities.where("capability_type_id IN (#{capability_type_ids.join(',')})")
|
67
70
|
end
|
68
|
-
|
69
|
-
|
71
|
+
|
72
|
+
denied_capabilities = instance_capabilities.select('capabilities.id').where("capabilities.id NOT IN (#{granted_capabilities.select('capabilities.id').to_sql})")
|
73
|
+
deny_count = denied_capabilities.count
|
74
|
+
|
75
|
+
join_type = (self.protect_all_instances ? 'JOIN' : 'LEFT JOIN')
|
76
|
+
query = joins("#{join_type} capabilities AS c ON c.capability_resource_id = #{self.table_name}.id AND c.capability_resource_type = '#{self.name}'").
|
77
|
+
group(columns.collect{|c| "#{self.table_name}.#{c.name}" })
|
78
|
+
query = (deny_count == 0 ? query.where("c.id IS NULL OR c.id = c.id") : query.where("c.id IS NULL OR c.id NOT IN (#{denied_capabilities.to_sql})"))
|
79
|
+
query
|
80
|
+
}
|
81
|
+
|
82
|
+
# Get records for this model that the given user has access to
|
83
|
+
# arguments: user, capability_type_iids
|
84
|
+
# capability_type_iids is optional and can be a single string or an array of strings
|
85
|
+
# Example: which files can this user download? FileAsset.with_user_security(user, 'download').all
|
86
|
+
# Example: which website sections can this user either view or edit? WebsiteSection.with_user_security(user, ['view','edit']).all
|
87
|
+
scope :with_user_security, lambda{|*args|
|
88
|
+
raise ArgumentError if args.empty? || args.size > 2
|
89
|
+
with_instance_security(*args).with_query_security(*args)
|
70
90
|
}
|
71
91
|
end
|
72
92
|
end
|
@@ -102,9 +122,9 @@ module ErpTechSvcs
|
|
102
122
|
capabilities.where(:scope_type_id => scope_type.id)
|
103
123
|
end
|
104
124
|
|
105
|
-
#
|
125
|
+
# return unique roles on capabilities for this model
|
106
126
|
def capability_roles
|
107
|
-
|
127
|
+
SecurityRole.joins(:capability_accessors => :capability).where(:capability_accessors => {:capabilities => {:capability_resource_type => get_superclass(self.name) }}).all.uniq
|
108
128
|
end
|
109
129
|
|
110
130
|
# add a class level capability (capability_resource_id will be NULL)
|
@@ -147,6 +167,11 @@ module ErpTechSvcs
|
|
147
167
|
|
148
168
|
module InstanceMethods
|
149
169
|
|
170
|
+
# convenience method to access class method
|
171
|
+
def protect_all_instances
|
172
|
+
self.class.protect_all_instances
|
173
|
+
end
|
174
|
+
|
150
175
|
def add_capability(capability_type_iid)
|
151
176
|
capability_type = convert_capability_type(capability_type_iid)
|
152
177
|
scope_type = ScopeType.find_by_internal_identifier('instance')
|
@@ -165,11 +190,11 @@ module ErpTechSvcs
|
|
165
190
|
end
|
166
191
|
|
167
192
|
def protected_with_capability?(capability_type_iid)
|
168
|
-
!get_capability(capability_type_iid).nil?
|
193
|
+
!get_capability(capability_type_iid).nil? or protect_all_instances
|
169
194
|
end
|
170
195
|
|
171
196
|
def allow_access?(user, capability_type_iid)
|
172
|
-
if !self.protected_with_capability?(capability_type_iid.to_s) or (user and user.has_capability?(capability_type_iid.to_s, self))
|
197
|
+
if (!self.protect_all_instances and !self.protected_with_capability?(capability_type_iid.to_s)) or (user and user.has_capability?(capability_type_iid.to_s, self))
|
173
198
|
return true
|
174
199
|
else
|
175
200
|
return false
|
@@ -13,15 +13,17 @@ module ErpTechSvcs
|
|
13
13
|
where(:capability_resource_type => klass).
|
14
14
|
where(:scope_type_id => scope_type.id).
|
15
15
|
where(:capability_types => {:internal_identifier => capability_type_iid}).first
|
16
|
+
return nil if capability.nil? # capability not found so return nil
|
16
17
|
else
|
17
18
|
scope_type = ScopeType.find_by_internal_identifier('instance')
|
18
19
|
capability = klass.capabilities.joins(:capability_type).
|
19
20
|
where(:scope_type_id => scope_type.id).
|
20
21
|
where(:capability_types => {:internal_identifier => capability_type_iid}).first
|
21
|
-
|
22
|
+
# if capability not found, we see if all instances are protected
|
23
|
+
# if all instance are protected, return false, otherwise true
|
24
|
+
return !klass.protect_all_instances if capability.nil?
|
22
25
|
end
|
23
|
-
|
24
|
-
result.nil? ? false : true
|
26
|
+
all_capabilities.include?(capability)
|
25
27
|
end
|
26
28
|
|
27
29
|
# pass in (capability_type_iid, class name or any class instance, a block of code)
|
data/spec/dummy/db/data_migrations/20110109173616_create_capability_scope_types.erp_tech_svcs.rb
ADDED
@@ -0,0 +1,15 @@
|
|
1
|
+
# This migration comes from erp_tech_svcs (originally 20110109173616)
|
2
|
+
class CreateCapabilityScopeTypes
|
3
|
+
|
4
|
+
def self.up
|
5
|
+
CapabilityType.create(:internal_identifier => 'download', :description => 'Download') if CapabilityType.where("internal_identifier = 'download'").first.nil?
|
6
|
+
|
7
|
+
ScopeType.create(:description => 'Instance', :internal_identifier => 'instance') if ScopeType.where("internal_identifier = 'instance'").first.nil?
|
8
|
+
ScopeType.create(:description => 'Class', :internal_identifier => 'class') if ScopeType.where("internal_identifier = 'class'").first.nil?
|
9
|
+
ScopeType.create(:description => 'Query', :internal_identifier => 'query') if ScopeType.where("internal_identifier = 'query'").first.nil?
|
10
|
+
end
|
11
|
+
|
12
|
+
def self.down
|
13
|
+
end
|
14
|
+
|
15
|
+
end
|
@@ -0,0 +1,12 @@
|
|
1
|
+
# This migration comes from erp_base_erp_svcs (originally 20110525001935)
|
2
|
+
class AddUsdCurrency
|
3
|
+
|
4
|
+
def self.up
|
5
|
+
Currency.create(:name => 'US Dollar', :internal_identifier => 'USD', :major_unit_symbol => "$")
|
6
|
+
end
|
7
|
+
|
8
|
+
def self.down
|
9
|
+
Currency.usd.destroy
|
10
|
+
end
|
11
|
+
|
12
|
+
end
|
@@ -0,0 +1,19 @@
|
|
1
|
+
# This migration comes from erp_base_erp_svcs (originally 20110609150135)
|
2
|
+
require 'yaml'
|
3
|
+
|
4
|
+
class AddIsoCodes
|
5
|
+
|
6
|
+
def self.up
|
7
|
+
#find the erp_base_erp_svcs engine
|
8
|
+
engine_path = Rails::Application::Railties.engines.find{|item| item.engine_name == 'erp_base_erp_svcs'}.config.root.to_s
|
9
|
+
|
10
|
+
GeoCountry.load_from_file(File.join(engine_path,'db/data_sets/geo_countries.yml'))
|
11
|
+
GeoZone.load_from_file(File.join(engine_path,'db/data_sets/geo_zones.yml'))
|
12
|
+
end
|
13
|
+
|
14
|
+
def self.down
|
15
|
+
GeoCountry.delete_all
|
16
|
+
GeoZone.delete_all
|
17
|
+
end
|
18
|
+
|
19
|
+
end
|
@@ -0,0 +1,16 @@
|
|
1
|
+
# This migration comes from erp_tech_svcs (originally 20110802200222)
|
2
|
+
class ScheduleDeleteExpiredSessionsJob
|
3
|
+
|
4
|
+
def self.up
|
5
|
+
#insert data here
|
6
|
+
date = Date.tomorrow
|
7
|
+
start_time = DateTime.civil(date.year, date.month, date.day, 2, 0, 1, -(5.0/24.0))
|
8
|
+
|
9
|
+
ErpTechSvcs::Sessions::DeleteExpiredSessionsJob.schedule_job(start_time)
|
10
|
+
end
|
11
|
+
|
12
|
+
def self.down
|
13
|
+
#remove data here
|
14
|
+
end
|
15
|
+
|
16
|
+
end
|
@@ -0,0 +1,22 @@
|
|
1
|
+
# This migration comes from erp_tech_svcs (originally 20111111144706)
|
2
|
+
class SetupAuditLogTypes
|
3
|
+
|
4
|
+
def self.up
|
5
|
+
application_alt = AuditLogType.create(:description => 'Application', :internal_identifier => 'application')
|
6
|
+
|
7
|
+
[
|
8
|
+
{:description => 'Custom Message', :internal_identifier => 'custom_message'},
|
9
|
+
{:description => 'Successful Logout', :internal_identifier => 'successful_logout'},
|
10
|
+
{:description => 'Successful Login', :internal_identifier => 'successful_login'},
|
11
|
+
{:description => 'Accessed Area', :internal_identifier => 'accessed_area'},
|
12
|
+
{:description => 'Session Timeout', :internal_identifier => 'session_timeout'}
|
13
|
+
].each do |alt_hash|
|
14
|
+
AuditLogType.create(alt_hash).move_to_child_of(application_alt)
|
15
|
+
end
|
16
|
+
end
|
17
|
+
|
18
|
+
def self.down
|
19
|
+
AuditLogType.destroy_all
|
20
|
+
end
|
21
|
+
|
22
|
+
end
|
@@ -0,0 +1,20 @@
|
|
1
|
+
# This migration comes from erp_tech_svcs (originally 20121116155018)
|
2
|
+
class CreateGroupRelationshipAndRoleTypes
|
3
|
+
|
4
|
+
def self.up
|
5
|
+
#insert data here
|
6
|
+
to_role = RoleType.create(:description => 'Security Group', :internal_identifier => 'group')
|
7
|
+
from_role = RoleType.create(:description => 'Security Group Member', :internal_identifier => 'group_member')
|
8
|
+
RelationshipType.create(:description => 'Security Group Membership',
|
9
|
+
:name => 'Group Membership',
|
10
|
+
:internal_identifier => 'group_membership',
|
11
|
+
:valid_from_role => from_role,
|
12
|
+
:valid_to_role => to_role
|
13
|
+
)
|
14
|
+
end
|
15
|
+
|
16
|
+
def self.down
|
17
|
+
#remove data here
|
18
|
+
end
|
19
|
+
|
20
|
+
end
|
@@ -0,0 +1,24 @@
|
|
1
|
+
# This migration comes from erp_tech_svcs (originally 20121130212146)
|
2
|
+
class NoteCapabilities
|
3
|
+
|
4
|
+
def self.up
|
5
|
+
#insert data here
|
6
|
+
admin = SecurityRole.find_or_create_by_description_and_internal_identifier(:description => 'Admin', :internal_identifier => 'admin')
|
7
|
+
employee = SecurityRole.find_or_create_by_description_and_internal_identifier(:description => 'Employee', :internal_identifier => 'employee')
|
8
|
+
|
9
|
+
admin.add_capability('create', 'Note')
|
10
|
+
admin.add_capability('delete', 'Note')
|
11
|
+
admin.add_capability('edit', 'Note')
|
12
|
+
admin.add_capability('view', 'Note')
|
13
|
+
|
14
|
+
employee.add_capability('create', 'Note')
|
15
|
+
employee.add_capability('delete', 'Note')
|
16
|
+
employee.add_capability('edit', 'Note')
|
17
|
+
employee.add_capability('view', 'Note')
|
18
|
+
end
|
19
|
+
|
20
|
+
def self.down
|
21
|
+
#remove data here
|
22
|
+
end
|
23
|
+
|
24
|
+
end
|