erp_tech_svcs 3.0.11 → 3.0.12

Sign up to get free protection for your applications and to get access to all the features.
Files changed (25) hide show
  1. data/app/models/group.rb +23 -1
  2. data/app/models/user.rb +39 -9
  3. data/lib/erp_tech_svcs/extensions/active_record/has_capability_accessors.rb +10 -4
  4. data/lib/erp_tech_svcs/extensions/active_record/protected_with_capabilities.rb +53 -28
  5. data/lib/erp_tech_svcs/utils/compass_access_negotiator.rb +5 -3
  6. data/lib/erp_tech_svcs/version.rb +1 -1
  7. data/spec/dummy/db/data_migrations/20110109173616_create_capability_scope_types.erp_tech_svcs.rb +15 -0
  8. data/spec/dummy/db/data_migrations/20110525001935_add_usd_currency.erp_base_erp_svcs.rb +12 -0
  9. data/spec/dummy/db/data_migrations/20110609150135_add_iso_codes.erp_base_erp_svcs.rb +19 -0
  10. data/spec/dummy/db/data_migrations/20110802200222_schedule_delete_expired_sessions_job.erp_tech_svcs.rb +16 -0
  11. data/spec/dummy/db/data_migrations/20110913145838_setup_compass_ae_instance.erp_base_erp_svcs.rb +12 -0
  12. data/spec/dummy/db/data_migrations/20111111144706_setup_audit_log_types.erp_tech_svcs.rb +22 -0
  13. data/spec/dummy/db/data_migrations/20121116155018_create_group_relationship_and_role_types.erp_tech_svcs.rb +20 -0
  14. data/spec/dummy/db/data_migrations/20121130212146_note_capabilities.erp_tech_svcs.rb +24 -0
  15. data/spec/dummy/db/migrate/20130105133955_base_erp_services.erp_base_erp_svcs.rb +461 -0
  16. data/spec/dummy/db/migrate/20130105133956_base_tech_services.erp_tech_svcs.rb +271 -0
  17. data/spec/dummy/db/migrate/20130105133957_create_has_attribute_tables.erp_tech_svcs.rb +39 -0
  18. data/spec/dummy/db/migrate/20130105133958_create_groups.erp_tech_svcs.rb +19 -0
  19. data/spec/dummy/db/migrate/20130105133959_upgrade_security.erp_tech_svcs.rb +54 -0
  20. data/spec/dummy/db/migrate/20130105133960_upgrade_security2.erp_tech_svcs.rb +270 -0
  21. data/spec/dummy/db/schema.rb +613 -0
  22. data/spec/dummy/db/spec.sqlite3 +0 -0
  23. data/spec/dummy/log/adam.log +1 -0
  24. data/spec/dummy/log/spec.log +128273 -0
  25. metadata +93 -22
data/app/models/group.rb CHANGED
@@ -138,8 +138,30 @@ class Group < ActiveRecord::Base
138
138
  end
139
139
  end
140
140
 
141
+ def role_class_capabilities
142
+ scope_type = ScopeType.find_by_internal_identifier('class')
143
+ Capability.joins(:capability_type).joins(:capability_accessors).
144
+ where(:capability_accessors => { :capability_accessor_record_type => "SecurityRole" }).
145
+ where("capability_accessor_record_id IN (#{roles.select('security_roles.id').to_sql})").
146
+ where(:scope_type_id => scope_type.id)
147
+ end
148
+
149
+ def all_class_capabilities
150
+ scope_type = ScopeType.find_by_internal_identifier('class')
151
+ Capability.joins(:capability_type).joins(:capability_accessors).
152
+ where("(capability_accessors.capability_accessor_record_type = 'Group' AND
153
+ capability_accessor_record_id = (#{self.id})) OR
154
+ (capability_accessors.capability_accessor_record_type = 'SecurityRole' AND
155
+ capability_accessor_record_id IN (#{roles.select('security_roles.id').to_sql}))").
156
+ where(:scope_type_id => scope_type.id)
157
+ end
158
+
159
+ def all_uniq_class_capabilities
160
+ all_class_capabilities.all.uniq
161
+ end
162
+
141
163
  def class_capabilities_to_hash
142
- class_capabilities.map {|capability|
164
+ all_uniq_class_capabilities.map {|capability|
143
165
  { :capability_type_iid => capability.capability_type.internal_identifier,
144
166
  :capability_resource_type => capability.capability_resource_type
145
167
  }
data/app/models/user.rb CHANGED
@@ -86,40 +86,70 @@ class User < ActiveRecord::Base
86
86
 
87
87
  # roles assigned to the groups this user belongs to
88
88
  def group_roles
89
- groups.collect{|g| g.roles }.flatten.uniq
89
+ SecurityRole.joins(:parties).
90
+ where(:parties => {:business_party_type => 'Group'}).
91
+ where("parties.business_party_id IN (#{groups.select('groups.id').to_sql})")
90
92
  end
91
93
 
92
94
  # composite roles for this user
93
95
  def all_roles
94
- (group_roles + roles).uniq
96
+ SecurityRole.joins(:parties).joins("LEFT JOIN users ON parties.id=users.party_id").
97
+ where("(parties.business_party_type='Group' AND
98
+ parties.business_party_id IN (#{groups.select('groups.id').to_sql})) OR
99
+ (users.id=#{self.id})")
100
+ end
101
+
102
+ def all_uniq_roles
103
+ all_roles.all.uniq
95
104
  end
96
105
 
97
106
  def group_capabilities
98
- groups.collect{|r| r.capabilities }.flatten.uniq.compact
107
+ Capability.joins(:capability_type).joins(:capability_accessors).
108
+ where(:capability_accessors => { :capability_accessor_record_type => "Group" }).
109
+ where("capability_accessor_record_id IN (#{groups.select('groups.id').to_sql})")
99
110
  end
100
111
 
101
112
  def role_capabilities
102
- all_roles.collect{|r| r.capabilities }.flatten.compact
113
+ Capability.joins(:capability_type).joins(:capability_accessors).
114
+ where(:capability_accessors => { :capability_accessor_record_type => "SecurityRole" }).
115
+ where("capability_accessor_record_id IN (#{all_roles.select('security_roles.id').to_sql})")
103
116
  end
104
117
 
105
118
  def all_capabilities
106
- (role_capabilities + group_capabilities + capabilities).uniq
119
+ Capability.joins(:capability_type).joins(:capability_accessors).
120
+ where("(capability_accessors.capability_accessor_record_type = 'Group' AND
121
+ capability_accessor_record_id IN (#{groups.select('groups.id').to_sql})) OR
122
+ (capability_accessors.capability_accessor_record_type = 'SecurityRole' AND
123
+ capability_accessor_record_id IN (#{all_roles.select('security_roles.id').to_sql})) OR
124
+ (capability_accessors.capability_accessor_record_type = 'User' AND
125
+ capability_accessor_record_id = #{self.id})")
126
+ end
127
+
128
+ def all_uniq_capabilities
129
+ all_capabilities.all.uniq
107
130
  end
108
131
 
109
132
  def group_class_capabilities
110
- groups.collect{|g| g.class_capabilities }.flatten.uniq.compact
133
+ scope_type = ScopeType.find_by_internal_identifier('class')
134
+ group_capabilities.where(:scope_type_id => scope_type.id)
111
135
  end
112
136
 
113
137
  def role_class_capabilities
114
- all_roles.collect{|r| r.class_capabilities }.flatten.uniq.compact
138
+ scope_type = ScopeType.find_by_internal_identifier('class')
139
+ role_capabilities.where(:scope_type_id => scope_type.id)
115
140
  end
116
141
 
117
142
  def all_class_capabilities
118
- (role_class_capabilities + group_class_capabilities + class_capabilities).uniq
143
+ scope_type = ScopeType.find_by_internal_identifier('class')
144
+ all_capabilities.where(:scope_type_id => scope_type.id)
145
+ end
146
+
147
+ def all_uniq_class_capabilities
148
+ all_class_capabilities.all.uniq
119
149
  end
120
150
 
121
151
  def class_capabilities_to_hash
122
- all_class_capabilities.map {|capability|
152
+ all_uniq_class_capabilities.map {|capability|
123
153
  { :capability_type_iid => capability.capability_type.internal_identifier,
124
154
  :capability_resource_type => capability.capability_resource_type
125
155
  }
@@ -77,7 +77,8 @@ module ErpTechSvcs
77
77
 
78
78
  # pass in (capability_type_iid, klass) or (capability) object
79
79
  def add_capability(*capability)
80
- capability = capability.first.is_a?(String) ? get_or_create_capability(capability.first, capability.second) : capability.first
80
+ capability_type_iid = capability.first.is_a?(Symbol) ? capability.first.to_s : capability.first
81
+ capability = capability_type_iid.is_a?(String) ? get_or_create_capability(capability_type_iid, capability.second) : capability.first
81
82
  ca = CapabilityAccessor.find_or_create_by_capability_accessor_record_type_and_capability_accessor_record_id_and_capability_id(get_superclass, self.id, capability.id)
82
83
  self.reload
83
84
  ca
@@ -89,8 +90,12 @@ module ErpTechSvcs
89
90
 
90
91
  def get_or_create_capability(capability_type_iid, klass)
91
92
  capability_type = convert_capability_type(capability_type_iid)
92
- scope_type = ScopeType.find_by_internal_identifier('class')
93
- Capability.find_or_create_by_capability_resource_type_and_capability_type_id_and_scope_type_id(klass, capability_type.id, scope_type.id)
93
+ if klass.is_a?(String)
94
+ scope_type = ScopeType.find_by_internal_identifier('class')
95
+ Capability.find_or_create_by_capability_resource_type_and_capability_type_id_and_scope_type_id(klass, capability_type.id, scope_type.id)
96
+ else
97
+ klass.add_capability(capability_type_iid) # create instance capability
98
+ end
94
99
  end
95
100
 
96
101
  def get_capability(capability_type_iid, klass)
@@ -101,7 +106,8 @@ module ErpTechSvcs
101
106
 
102
107
  # pass in (capability_type_iid, klass) or (capability) object
103
108
  def remove_capability(*capability)
104
- capability = capability.first.is_a?(String) ? get_or_create_capability(capability.first, capability.second) : capability.first
109
+ capability_type_iid = capability.first.is_a?(Symbol) ? capability.first.to_s : capability.first
110
+ capability = capability_type_iid.is_a?(String) ? get_or_create_capability(capability_type_iid, capability.second) : capability.first
105
111
  ca = capability_accessors.where(:capability_accessor_record_type => get_superclass, :capability_accessor_record_id => self.id, :capability_id => capability.id).first
106
112
  ca.destroy unless ca.nil?
107
113
  self.reload
@@ -9,15 +9,24 @@ module ErpTechSvcs
9
9
 
10
10
  module ClassMethods
11
11
 
12
- def protected_with_capabilities
12
+ def protected_with_capabilities(options = {})
13
13
  extend ProtectedByCapabilities::SingletonMethods
14
14
  include ProtectedByCapabilities::InstanceMethods
15
-
16
- has_many :capabilities, :as => :capability_resource
17
15
 
18
- # get records filtered via query scope capabilities
19
- # by default Compass AE treats query scopes as restrictions
20
- # a user will see all records unless the user has a capability accessor with a query scope
16
+ has_many :capabilities, :as => :capability_resource
17
+
18
+ # protect all instance of this class by default
19
+ class_attribute :protect_all_instances
20
+ self.protect_all_instances = (options[:protect_all_instances].nil? ? false : options[:protect_all_instances])
21
+
22
+ # Get records filtered via query scope capabilities
23
+ # By default Compass AE treats query scopes as restrictions
24
+ # A user will see all records unless the user has a capability accessor with a query scope
25
+ # If you set :protect_all_instances => true it is honored via with_user_security & with_instance_security but NOT with_query_security
26
+ # arguments: user, capability_type_iids
27
+ # capability_type_iids is optional and can be a single string or an array of strings
28
+ # Example: which files can this user download? FileAsset.with_query_security(user, 'download').all
29
+ # Example: which website sections can this user either view or edit? WebsiteSection.with_query_security(user, ['view','edit']).all
21
30
  scope :with_query_security, lambda{|*args|
22
31
  raise ArgumentError if args.empty? || args.size > 2
23
32
  user = args.first
@@ -25,11 +34,11 @@ module ErpTechSvcs
25
34
  capability_type_iids = [capability_type_iids] if capability_type_iids.is_a?(String)
26
35
 
27
36
  scope_type = ScopeType.find_by_internal_identifier('query')
28
- granted_capabilities = user.all_capabilities.collect{|c| c if c.scope_type_id == scope_type.id and c.capability_resource_type == self.name }.compact
37
+ granted_capabilities = user.all_capabilities.where(:scope_type_id => scope_type.id).where(:capability_resource_type => self.name)
29
38
 
30
39
  unless capability_type_iids.empty?
31
40
  capability_type_ids = capability_type_iids.collect{|type| convert_capability_type(type).id }
32
- granted_capabilities = granted_capabilities.collect{|c| c if capability_type_ids.include?(c.capability_type_id)}.compact
41
+ granted_capabilities = granted_capabilities.where("capability_type_id IN (?)", capability_type_ids.join(','))
33
42
  end
34
43
 
35
44
  query = nil
@@ -39,34 +48,45 @@ module ErpTechSvcs
39
48
  query
40
49
  }
41
50
 
42
- # get records for this model without capabilities or that are not in a list of denied capabilities
43
- scope :with_instance_security, lambda{|denied_capabilities|
44
- query = joins("LEFT JOIN capabilities AS c ON c.capability_resource_id = #{self.table_name}.id AND c.capability_resource_type = '#{self.name}'").
45
- group(columns.collect{|c| "#{self.table_name}.#{c.name}" })
46
- query = (denied_capabilities.empty? ? query.where("c.id IS NULL OR c.id = c.id") : query.where("c.id IS NULL OR c.id NOT IN (?)", denied_capabilities.collect{|c| c.id }))
47
- query
48
- }
49
-
50
- # get records for this model that the given user has access to
51
+ # Get records for this model permitted via instance capabilities
52
+ # If :protect_all_instances => true return only instances user has explicitly been granted access to
53
+ # If :protect_all_instances => false return instances without capabilities or that user is granted access to (default)
51
54
  # arguments: user, capability_type_iids
52
55
  # capability_type_iids is optional and can be a single string or an array of strings
53
- # Example: which files can this user download? FileAsset.with_user_security(user, 'download').all
54
- # Example: which website sections can this user either view or edit? WebsiteSection.with_user_security(user, ['view','edit']).all
55
- scope :with_user_security, lambda{|*args|
56
+ # Example: which files can this user download? FileAsset.with_instance_security(user, 'download').all
57
+ # Example: which website sections can this user either view or edit? WebsiteSection.with_instance_security(user, ['view','edit']).all
58
+ scope :with_instance_security, lambda{|*args|
56
59
  raise ArgumentError if args.empty? || args.size > 2
57
60
  user = args.first
58
61
  capability_type_iids = args.second || []
59
62
  capability_type_iids = [capability_type_iids] if capability_type_iids.is_a?(String)
60
63
 
61
64
  scope_type = ScopeType.find_by_internal_identifier('instance')
62
- granted_capabilities = user.all_capabilities.collect{|c| c if c.scope_type_id == scope_type.id and c.capability_resource_type == self.name }.compact
65
+ granted_capabilities = user.all_capabilities.where(:scope_type_id => scope_type.id).where(:capability_resource_type => self.name)
63
66
 
64
67
  unless capability_type_iids.empty?
65
68
  capability_type_ids = capability_type_iids.collect{|type| convert_capability_type(type).id }
66
- granted_capabilities = granted_capabilities.collect{|c| c if capability_type_ids.include?(c.capability_type_id)}.compact
69
+ granted_capabilities = granted_capabilities.where("capability_type_id IN (#{capability_type_ids.join(',')})")
67
70
  end
68
-
69
- with_query_security(*args).with_instance_security(instance_capabilities - granted_capabilities)
71
+
72
+ denied_capabilities = instance_capabilities.select('capabilities.id').where("capabilities.id NOT IN (#{granted_capabilities.select('capabilities.id').to_sql})")
73
+ deny_count = denied_capabilities.count
74
+
75
+ join_type = (self.protect_all_instances ? 'JOIN' : 'LEFT JOIN')
76
+ query = joins("#{join_type} capabilities AS c ON c.capability_resource_id = #{self.table_name}.id AND c.capability_resource_type = '#{self.name}'").
77
+ group(columns.collect{|c| "#{self.table_name}.#{c.name}" })
78
+ query = (deny_count == 0 ? query.where("c.id IS NULL OR c.id = c.id") : query.where("c.id IS NULL OR c.id NOT IN (#{denied_capabilities.to_sql})"))
79
+ query
80
+ }
81
+
82
+ # Get records for this model that the given user has access to
83
+ # arguments: user, capability_type_iids
84
+ # capability_type_iids is optional and can be a single string or an array of strings
85
+ # Example: which files can this user download? FileAsset.with_user_security(user, 'download').all
86
+ # Example: which website sections can this user either view or edit? WebsiteSection.with_user_security(user, ['view','edit']).all
87
+ scope :with_user_security, lambda{|*args|
88
+ raise ArgumentError if args.empty? || args.size > 2
89
+ with_instance_security(*args).with_query_security(*args)
70
90
  }
71
91
  end
72
92
  end
@@ -102,9 +122,9 @@ module ErpTechSvcs
102
122
  capabilities.where(:scope_type_id => scope_type.id)
103
123
  end
104
124
 
105
- # collect unique roles on capabilities
125
+ # return unique roles on capabilities for this model
106
126
  def capability_roles
107
- capabilities.collect{|c| c.roles }.flatten.uniq
127
+ SecurityRole.joins(:capability_accessors => :capability).where(:capability_accessors => {:capabilities => {:capability_resource_type => get_superclass(self.name) }}).all.uniq
108
128
  end
109
129
 
110
130
  # add a class level capability (capability_resource_id will be NULL)
@@ -147,6 +167,11 @@ module ErpTechSvcs
147
167
 
148
168
  module InstanceMethods
149
169
 
170
+ # convenience method to access class method
171
+ def protect_all_instances
172
+ self.class.protect_all_instances
173
+ end
174
+
150
175
  def add_capability(capability_type_iid)
151
176
  capability_type = convert_capability_type(capability_type_iid)
152
177
  scope_type = ScopeType.find_by_internal_identifier('instance')
@@ -165,11 +190,11 @@ module ErpTechSvcs
165
190
  end
166
191
 
167
192
  def protected_with_capability?(capability_type_iid)
168
- !get_capability(capability_type_iid).nil?
193
+ !get_capability(capability_type_iid).nil? or protect_all_instances
169
194
  end
170
195
 
171
196
  def allow_access?(user, capability_type_iid)
172
- if !self.protected_with_capability?(capability_type_iid.to_s) or (user and user.has_capability?(capability_type_iid.to_s, self))
197
+ if (!self.protect_all_instances and !self.protected_with_capability?(capability_type_iid.to_s)) or (user and user.has_capability?(capability_type_iid.to_s, self))
173
198
  return true
174
199
  else
175
200
  return false
@@ -13,15 +13,17 @@ module ErpTechSvcs
13
13
  where(:capability_resource_type => klass).
14
14
  where(:scope_type_id => scope_type.id).
15
15
  where(:capability_types => {:internal_identifier => capability_type_iid}).first
16
+ return nil if capability.nil? # capability not found so return nil
16
17
  else
17
18
  scope_type = ScopeType.find_by_internal_identifier('instance')
18
19
  capability = klass.capabilities.joins(:capability_type).
19
20
  where(:scope_type_id => scope_type.id).
20
21
  where(:capability_types => {:internal_identifier => capability_type_iid}).first
21
- return true if capability.nil? # object is not secured, so return true
22
+ # if capability not found, we see if all instances are protected
23
+ # if all instance are protected, return false, otherwise true
24
+ return !klass.protect_all_instances if capability.nil?
22
25
  end
23
- result = all_capabilities.find{|c| c == capability }
24
- result.nil? ? false : true
26
+ all_capabilities.include?(capability)
25
27
  end
26
28
 
27
29
  # pass in (capability_type_iid, class name or any class instance, a block of code)
@@ -2,7 +2,7 @@ module ErpTechSvcs
2
2
  module VERSION #:nodoc:
3
3
  MAJOR = 3
4
4
  MINOR = 0
5
- TINY = 11
5
+ TINY = 12
6
6
 
7
7
  STRING = [MAJOR, MINOR, TINY].compact.join('.')
8
8
  end
@@ -0,0 +1,15 @@
1
+ # This migration comes from erp_tech_svcs (originally 20110109173616)
2
+ class CreateCapabilityScopeTypes
3
+
4
+ def self.up
5
+ CapabilityType.create(:internal_identifier => 'download', :description => 'Download') if CapabilityType.where("internal_identifier = 'download'").first.nil?
6
+
7
+ ScopeType.create(:description => 'Instance', :internal_identifier => 'instance') if ScopeType.where("internal_identifier = 'instance'").first.nil?
8
+ ScopeType.create(:description => 'Class', :internal_identifier => 'class') if ScopeType.where("internal_identifier = 'class'").first.nil?
9
+ ScopeType.create(:description => 'Query', :internal_identifier => 'query') if ScopeType.where("internal_identifier = 'query'").first.nil?
10
+ end
11
+
12
+ def self.down
13
+ end
14
+
15
+ end
@@ -0,0 +1,12 @@
1
+ # This migration comes from erp_base_erp_svcs (originally 20110525001935)
2
+ class AddUsdCurrency
3
+
4
+ def self.up
5
+ Currency.create(:name => 'US Dollar', :internal_identifier => 'USD', :major_unit_symbol => "$")
6
+ end
7
+
8
+ def self.down
9
+ Currency.usd.destroy
10
+ end
11
+
12
+ end
@@ -0,0 +1,19 @@
1
+ # This migration comes from erp_base_erp_svcs (originally 20110609150135)
2
+ require 'yaml'
3
+
4
+ class AddIsoCodes
5
+
6
+ def self.up
7
+ #find the erp_base_erp_svcs engine
8
+ engine_path = Rails::Application::Railties.engines.find{|item| item.engine_name == 'erp_base_erp_svcs'}.config.root.to_s
9
+
10
+ GeoCountry.load_from_file(File.join(engine_path,'db/data_sets/geo_countries.yml'))
11
+ GeoZone.load_from_file(File.join(engine_path,'db/data_sets/geo_zones.yml'))
12
+ end
13
+
14
+ def self.down
15
+ GeoCountry.delete_all
16
+ GeoZone.delete_all
17
+ end
18
+
19
+ end
@@ -0,0 +1,16 @@
1
+ # This migration comes from erp_tech_svcs (originally 20110802200222)
2
+ class ScheduleDeleteExpiredSessionsJob
3
+
4
+ def self.up
5
+ #insert data here
6
+ date = Date.tomorrow
7
+ start_time = DateTime.civil(date.year, date.month, date.day, 2, 0, 1, -(5.0/24.0))
8
+
9
+ ErpTechSvcs::Sessions::DeleteExpiredSessionsJob.schedule_job(start_time)
10
+ end
11
+
12
+ def self.down
13
+ #remove data here
14
+ end
15
+
16
+ end
@@ -0,0 +1,12 @@
1
+ # This migration comes from erp_base_erp_svcs (originally 20110913145838)
2
+ class SetupCompassAeInstance
3
+
4
+ def self.up
5
+ CompassAeInstance.create(version: 3.1)
6
+ end
7
+
8
+ def self.down
9
+ #remove data here
10
+ end
11
+
12
+ end
@@ -0,0 +1,22 @@
1
+ # This migration comes from erp_tech_svcs (originally 20111111144706)
2
+ class SetupAuditLogTypes
3
+
4
+ def self.up
5
+ application_alt = AuditLogType.create(:description => 'Application', :internal_identifier => 'application')
6
+
7
+ [
8
+ {:description => 'Custom Message', :internal_identifier => 'custom_message'},
9
+ {:description => 'Successful Logout', :internal_identifier => 'successful_logout'},
10
+ {:description => 'Successful Login', :internal_identifier => 'successful_login'},
11
+ {:description => 'Accessed Area', :internal_identifier => 'accessed_area'},
12
+ {:description => 'Session Timeout', :internal_identifier => 'session_timeout'}
13
+ ].each do |alt_hash|
14
+ AuditLogType.create(alt_hash).move_to_child_of(application_alt)
15
+ end
16
+ end
17
+
18
+ def self.down
19
+ AuditLogType.destroy_all
20
+ end
21
+
22
+ end
@@ -0,0 +1,20 @@
1
+ # This migration comes from erp_tech_svcs (originally 20121116155018)
2
+ class CreateGroupRelationshipAndRoleTypes
3
+
4
+ def self.up
5
+ #insert data here
6
+ to_role = RoleType.create(:description => 'Security Group', :internal_identifier => 'group')
7
+ from_role = RoleType.create(:description => 'Security Group Member', :internal_identifier => 'group_member')
8
+ RelationshipType.create(:description => 'Security Group Membership',
9
+ :name => 'Group Membership',
10
+ :internal_identifier => 'group_membership',
11
+ :valid_from_role => from_role,
12
+ :valid_to_role => to_role
13
+ )
14
+ end
15
+
16
+ def self.down
17
+ #remove data here
18
+ end
19
+
20
+ end
@@ -0,0 +1,24 @@
1
+ # This migration comes from erp_tech_svcs (originally 20121130212146)
2
+ class NoteCapabilities
3
+
4
+ def self.up
5
+ #insert data here
6
+ admin = SecurityRole.find_or_create_by_description_and_internal_identifier(:description => 'Admin', :internal_identifier => 'admin')
7
+ employee = SecurityRole.find_or_create_by_description_and_internal_identifier(:description => 'Employee', :internal_identifier => 'employee')
8
+
9
+ admin.add_capability('create', 'Note')
10
+ admin.add_capability('delete', 'Note')
11
+ admin.add_capability('edit', 'Note')
12
+ admin.add_capability('view', 'Note')
13
+
14
+ employee.add_capability('create', 'Note')
15
+ employee.add_capability('delete', 'Note')
16
+ employee.add_capability('edit', 'Note')
17
+ employee.add_capability('view', 'Note')
18
+ end
19
+
20
+ def self.down
21
+ #remove data here
22
+ end
23
+
24
+ end