2023-05-29 05:20:29 +00:00 · 2023-05-16 14:39:20 +00:00 · 2023-05-17 11:43:22 +00:00 · 2023-05-11 08:12:38 +00:00 · 2023-05-11 08:12:58 +00:00
1 changed files with 57 additions and 3 deletions
--- a/db/changes/232001/00-useSpecificsAcls.sql
+++ b/db/changes/232001/00-useSpecificsAcls.sql
@ -36,18 +36,63 @@ DELETE FROM `salix`.`ACL`
        AND property = '*'
        AND accessType = '*';

+INSERT INTO `salix`.`ACL` (`model`, `property`, `accessType`, `permission`, `principalType`, `principalId`)
+    VALUES
+        ('Claim', 'find', 'READ', 'ALLOW', 'ROLE', 'employee'),
+        ('Claim', 'findById', 'READ', 'ALLOW', 'ROLE', 'employee'),
+        ('Claim', 'findOne', 'READ', 'ALLOW', 'ROLE', 'employee'),
+        ('Claim', 'getSummary', 'READ', 'ALLOW', 'ROLE', 'employee'),
+        ('Claim', 'updateClaim', 'WRITE', 'ALLOW', 'ROLE', 'employee'),
+        ('Claim', 'regularizeClaim', 'WRITE', 'ALLOW', 'ROLE', 'claimManager'),-- ?
+        ('Claim', 'updateClaimDestination', 'WRITE', 'ALLOW', 'ROLE', 'claimManager'),-- ?
+        ('Claim', 'downloadFile', 'READ', 'ALLOW', 'ROLE', 'claimManager'),-- ?
+        ('Claim', 'logs', 'READ', 'ALLOW', 'ROLE', 'claimManager');-- ?
+
 DELETE FROM `salix`.`ACL`
    WHERE
        model = 'Ticket'
        AND property = '*'
        AND accessType = '*';

+INSERT INTO `salix`.`ACL` (`model`, `property`, `accessType`, `permission`, `principalType`, `principalId`)
+    VALUES
+        ('Ticket', 'find', 'READ', 'ALLOW', 'ROLE', 'employee'),
+        ('Ticket', 'findById', 'READ', 'ALLOW', 'ROLE', 'employee'),
+        ('Ticket', 'findOne', 'READ', 'ALLOW', 'ROLE', 'employee'),
+        ('Ticket', 'getVolume', 'READ', 'ALLOW', 'ROLE', 'employee'),
+        ('Ticket', 'getTotalVolume', 'READ', 'ALLOW', 'ROLE', 'employee'),
+        ('Ticket', 'summary', 'READ', 'ALLOW', 'ROLE', 'employee'),
+        ('Ticket', 'priceDifference', 'WRITE', 'ALLOW', 'ROLE', 'employee'),
+        ('Ticket', 'componentUpdate', 'WRITE', 'ALLOW', 'ROLE', 'employee'),
+        ('Ticket', 'new', 'WRITE', 'ALLOW', 'ROLE', 'employee'),
+        ('Ticket', 'isEditable', 'READ', 'ALLOW', 'ROLE', 'employee'),
+        ('Ticket', 'setDeleted', 'WRITE', 'ALLOW', 'ROLE', 'employee'),
+        ('Ticket', 'restore', 'WRITE', 'ALLOW', 'ROLE', 'employee'),
+        ('Ticket', 'getSales', 'READ', 'ALLOW', 'ROLE', 'employee'),
+        ('Ticket', 'getSalesPersonMana', 'READ', 'ALLOW', 'ROLE', 'employee'),
+        ('Ticket', 'filter', 'READ', 'ALLOW', 'ROLE', 'employee'),
+        ('Ticket', 'makeInvoice', 'WRITE', 'ALLOW', 'ROLE', 'employee'),
+        ('Ticket', 'updateEditableTicket', 'WRITE', 'ALLOW', 'ROLE', 'employee'),
+        ('Ticket', 'updateDiscount', 'WRITE', 'ALLOW', 'ROLE', 'employee'),
+        ('Ticket', 'transferSales', 'WRITE', 'ALLOW', 'ROLE', 'employee'),
+        ('Ticket', 'sendSms', 'WRITE', 'ALLOW', 'ROLE', 'employee'),
+        ('Ticket', 'isLocked', 'READ', 'ALLOW', 'ROLE', 'employee'),
+        ('Ticket', 'freightCost', 'READ', 'ALLOW', 'ROLE', 'employee'),
+        ('Ticket', 'getComponentsSum', 'READ', 'ALLOW', 'ROLE', 'employee'),
+        ('Ticket', 'deliveryNoteCsv', 'READ', 'ALLOW', 'ROLE', 'employee');
+
 DELETE FROM `salix`.`ACL`
    WHERE
        model = 'State'
        AND property = '*'
        AND accessType = 'READ';

+INSERT INTO `salix`.`ACL` (`model`, `property`, `accessType`, `permission`, `principalType`, `principalId`)
+    VALUES
+        ('State', 'find', 'READ', 'ALLOW', 'ROLE', 'employee'),
+        ('State', 'findById', 'READ', 'ALLOW', 'ROLE', 'employee'),
+        ('State', 'findOne', 'READ', 'ALLOW', 'ROLE', 'employee');
+
 DELETE FROM `salix`.`ACL`
    WHERE
        model = 'Worker'
@ -56,6 +101,15 @@ DELETE FROM `salix`.`ACL`

 INSERT INTO `salix`.`ACL` (`model`, `property`, `accessType`, `permission`, `principalType`, `principalId`)
    VALUES
-        ('State', 'find', 'READ', 'ALLOW', 'ROLE', 'employee'),
-        ('State', 'findById', 'READ', 'ALLOW', 'ROLE', 'employee'),
-        ('State', 'findOne', 'READ', 'ALLOW', 'ROLE', 'employee');
+        ('Worker', 'find', 'READ', 'ALLOW', 'ROLE', 'employee'),
+        ('Worker', 'findById', 'READ', 'ALLOW', 'ROLE', 'employee'),
+        ('Worker', 'findOne', 'READ', 'ALLOW', 'ROLE', 'employee'),
+        ('Worker', 'filter', 'READ', 'ALLOW', 'ROLE', 'employee'), -- ?
+        ('Worker', 'getWorkedHours', 'READ', 'ALLOW', 'ROLE', 'employee'), -- ?
+        ('Worker', 'active', 'READ', 'ALLOW', 'ROLE', 'employee'), -- ?
+        ('Worker', 'activeWithRole', 'READ', 'ALLOW', 'ROLE', 'employee'), -- ?
+        ('Worker', 'uploadFile', 'WRITE', 'ALLOW', 'ROLE', 'hr'), -- ?
+        ('Worker', 'contracts', 'READ', 'ALLOW', 'ROLE', 'employee'), -- ?
+        ('Worker', 'holidays', 'READ', 'ALLOW', 'ROLE', 'employee'), -- ?
+        ('Worker', 'activeContract', 'READ', 'ALLOW', 'ROLE', 'employee'), -- ?
+        ('Worker', 'activeWithInheritedRole', 'READ', 'ALLOW', 'ROLE', 'employee'); --?