From a3dda662ae955f1dcd8bcda8dc35baa17a28a254 Mon Sep 17 00:00:00 2001 From: Dani Herrero Date: Thu, 1 Jun 2017 09:31:57 +0200 Subject: [PATCH] ACLs, json configuracion y script SQL --- client/client/src/basic-data/basic-data.html | 2 +- services/client/common/models/ACL_script.sql | 15 +++++++++++++++ services/client/common/models/Account.json | 8 ++++---- services/client/common/models/AgencyService.json | 6 ++++++ services/client/common/models/ContactChannel.json | 6 ++++++ 5 files changed, 32 insertions(+), 5 deletions(-) create mode 100644 services/client/common/models/ACL_script.sql diff --git a/client/client/src/basic-data/basic-data.html b/client/client/src/basic-data/basic-data.html index 4a4e7c391..0283320b3 100644 --- a/client/client/src/basic-data/basic-data.html +++ b/client/client/src/basic-data/basic-data.html @@ -36,7 +36,7 @@ diff --git a/services/client/common/models/ACL_script.sql b/services/client/common/models/ACL_script.sql new file mode 100644 index 000000000..46cde8eab --- /dev/null +++ b/services/client/common/models/ACL_script.sql @@ -0,0 +1,15 @@ +insert into `ACL`(`id`,`model`,`property`,`accessType`,`permission`,`principalType`,`principalId`) values (1,'Account','*','READ','ALLOW','ROLE','employee'); +insert into `ACL`(`id`,`model`,`property`,`accessType`,`permission`,`principalType`,`principalId`) values (2,'Account','*','WRITE','ALLOW','ROLE','employee'); +insert into `ACL`(`id`,`model`,`property`,`accessType`,`permission`,`principalType`,`principalId`) values (3,'Address','*','READ','ALLOW','ROLE','employee'); +insert into `ACL`(`id`,`model`,`property`,`accessType`,`permission`,`principalType`,`principalId`) values (4,'Address','*','WRITE','ALLOW','ROLE','employee'); +insert into `ACL`(`id`,`model`,`property`,`accessType`,`permission`,`principalType`,`principalId`) values (5,'AgencyService','*','READ','ALLOW','ROLE','employee'); +insert into `ACL`(`id`,`model`,`property`,`accessType`,`permission`,`principalType`,`principalId`) values (6,'AgencyService','*','WRITE','ALLOW','ROLE','employee'); +insert into `ACL`(`id`,`model`,`property`,`accessType`,`permission`,`principalType`,`principalId`) values (7,'Client','*','READ','ALLOW','ROLE','employee'); +insert into `ACL`(`id`,`model`,`property`,`accessType`,`permission`,`principalType`,`principalId`) values (8,'Client','*','WRITE','ALLOW','ROLE','employee'); +insert into `ACL`(`id`,`model`,`property`,`accessType`,`permission`,`principalType`,`principalId`) values (9,'ClientObservation','*','READ','ALLOW','ROLE','employee'); +insert into `ACL`(`id`,`model`,`property`,`accessType`,`permission`,`principalType`,`principalId`) values (10,'ClientObservation','*','WRITE','ALLOW','ROLE','employee'); +insert into `ACL`(`id`,`model`,`property`,`accessType`,`permission`,`principalType`,`principalId`) values (11,'ContactChannel','*','READ','ALLOW','ROLE','employee'); +insert into `ACL`(`id`,`model`,`property`,`accessType`,`permission`,`principalType`,`principalId`) values (12,'ContactChannel','*','WRITE','ALLOW','ROLE','employee'); +insert into `ACL`(`id`,`model`,`property`,`accessType`,`permission`,`principalType`,`principalId`) values (13,'Employee','*','READ','ALLOW','ROLE','employee'); +insert into `ACL`(`id`,`model`,`property`,`accessType`,`permission`,`principalType`,`principalId`) values (14,'PayMethod','*','READ','ALLOW','ROLE','employee'); +insert into `ACL`(`id`,`model`,`property`,`accessType`,`permission`,`principalType`,`principalId`) values (15,'PayMethod','*','WRITE','ALLOW','ROLE','employee'); diff --git a/services/client/common/models/Account.json b/services/client/common/models/Account.json index 4b2bbf0dc..7b3fd0739 100644 --- a/services/client/common/models/Account.json +++ b/services/client/common/models/Account.json @@ -33,14 +33,14 @@ { "accessType": "*", "principalType": "ROLE", - "principalId": "$authenticated", - "permission": "ALLOW" + "principalId": "$everyone", + "permission": "DENY" }, { "accessType": "*", "principalType": "ROLE", - "principalId": "$everyone", - "permission": "DENY" + "principalId": "root", + "permission": "ALLOW" } ] } diff --git a/services/client/common/models/AgencyService.json b/services/client/common/models/AgencyService.json index 98f742f64..4dc63171b 100644 --- a/services/client/common/models/AgencyService.json +++ b/services/client/common/models/AgencyService.json @@ -42,6 +42,12 @@ "accessType": "*", "principalType": "ROLE", "principalId": "$everyone", + "permission": "DENY" + }, + { + "accessType": "*", + "principalType": "ROLE", + "principalId": "root", "permission": "ALLOW" } ] diff --git a/services/client/common/models/ContactChannel.json b/services/client/common/models/ContactChannel.json index b91d7ee02..8b0469634 100644 --- a/services/client/common/models/ContactChannel.json +++ b/services/client/common/models/ContactChannel.json @@ -19,6 +19,12 @@ "principalType": "ROLE", "principalId": "$everyone", "permission": "DENY" + }, + { + "accessType": "*", + "principalType": "ROLE", + "principalId": "root", + "permission": "ALLOW" } ] } \ No newline at end of file