salix/db/changes/232401/00-useSpecificsAcls.sql

INSERT INTO `salix`.`ACL` (`model`, `property`, `accessType`, `permission`, `principalType`, `principalId`)
    VALUES
        ('Ticket', 'editDiscount', 'WRITE', 'ALLOW', 'ROLE', 'claimManager'),
        ('Ticket', 'editDiscount', 'WRITE', 'ALLOW', 'ROLE', 'salesPerson'),
        ('Ticket', 'isRoleAdvanced', '*', 'ALLOW', 'ROLE', 'salesAssistant'),
        ('Ticket', 'isRoleAdvanced', '*', 'ALLOW', 'ROLE', 'deliveryBoss'),
        ('Ticket', 'isRoleAdvanced', '*', 'ALLOW', 'ROLE', 'buyer'),
        ('Ticket', 'isRoleAdvanced', '*', 'ALLOW', 'ROLE', 'claimManager'),
        ('Ticket', 'deleteTicketWithPartPrepared', 'WRITE', 'ALLOW', 'ROLE', 'salesAssistant'),
        ('Ticket', 'editZone', 'WRITE', 'ALLOW', 'ROLE', 'deliveryBoss'),
        ('State', 'editableStates', 'READ', 'ALLOW', 'ROLE', 'employee'),
        ('State', 'seeEditableStates', 'READ', 'ALLOW', 'ROLE', 'administrative'),
        ('State', 'seeEditableStates', 'READ', 'ALLOW', 'ROLE', 'production'),
        ('State', 'isSomeEditable', 'READ', 'ALLOW', 'ROLE', 'salesPerson'),
        ('State', 'isAllEditable', 'READ', 'ALLOW', 'ROLE', 'production'),
        ('State', 'isAllEditable', 'READ', 'ALLOW', 'ROLE', 'administrative'),
        ('Agency', 'seeExpired', 'READ', 'ALLOW', 'ROLE', 'administrative'),
        ('Agency', 'seeExpired', 'READ', 'ALLOW', 'ROLE', 'productionBoss'),
        ('Claim', 'createAfterDeadline', 'WRITE', 'ALLOW', 'ROLE', 'claimManager'),
        ('Client', 'editAddressLogifloraAllowed', 'WRITE', 'ALLOW', 'ROLE', 'salesAssistant'),
        ('Client', 'editFiscalDataWithoutTaxDataCheck', 'WRITE', 'ALLOW', 'ROLE', 'salesAssistant'),
        ('Client', 'editVerifiedDataWithoutTaxDataCheck', 'WRITE', 'ALLOW', 'ROLE', 'salesAssistant'),
        ('Client', 'editCredit', 'WRITE', 'ALLOW', 'ROLE', 'financialBoss'),
        ('Client', 'isNotEditableCredit', 'WRITE', 'ALLOW', 'ROLE', 'financialBoss'),
        ('InvoiceOut', 'canCreatePdf', 'WRITE', 'ALLOW', 'ROLE', 'invoicing'),
        ('Supplier', 'editPayMethodCheck', 'WRITE', 'ALLOW', 'ROLE', 'financial'),
        ('Worker', 'isTeamBoss', 'WRITE', 'ALLOW', 'ROLE', 'teamBoss'),
        ('Worker', 'forceIsSubordinate', 'READ', 'ALLOW', 'ROLE', 'hr'),
        ('Claim', 'editState', 'WRITE', 'ALLOW', 'ROLE', 'claimManager');

DELETE FROM `salix`.`ACL`
    WHERE
        model = 'Claim'
        AND property = '*'
        AND accessType = '*';

INSERT INTO `salix`.`ACL` (`model`, `property`, `accessType`, `permission`, `principalType`, `principalId`)
    VALUES
        ('Claim', 'find', 'READ', 'ALLOW', 'ROLE', 'salesPerson'),
        ('Claim', 'findById', 'READ', 'ALLOW', 'ROLE', 'salesPerson'),
        ('Claim', 'findOne', 'READ', 'ALLOW', 'ROLE', 'salesPerson'),
        ('Claim', 'getSummary', 'READ', 'ALLOW', 'ROLE', 'salesPerson'),
        ('Claim', 'updateClaim', 'WRITE', 'ALLOW', 'ROLE', 'salesPerson'),
        ('Claim', 'regularizeClaim', 'WRITE', 'ALLOW', 'ROLE', 'claimManager'),
        ('Claim', 'updateClaimDestination', 'WRITE', 'ALLOW', 'ROLE', 'claimManager'),
        ('Claim', 'downloadFile', 'READ', 'ALLOW', 'ROLE', 'claimManager'),
        ('Claim', 'deleteById', 'WRITE', 'ALLOW', 'ROLE', 'claimManager'),
        ('Claim', 'filter', 'READ', 'ALLOW', 'ROLE', 'salesPerson'),
        ('Claim', 'logs', 'READ', 'ALLOW', 'ROLE', 'claimManager');

DELETE FROM `salix`.`ACL`
    WHERE
        model = 'Ticket'
        AND property = '*'
        AND accessType = '*';

INSERT INTO `salix`.`ACL` (`model`, `property`, `accessType`, `permission`, `principalType`, `principalId`)
    VALUES
        ('Ticket', 'find', 'READ', 'ALLOW', 'ROLE', 'employee'),
        ('Ticket', 'findById', 'READ', 'ALLOW', 'ROLE', 'employee'),
        ('Ticket', 'findOne', 'READ', 'ALLOW', 'ROLE', 'employee'),
        ('Ticket', 'getVolume', 'READ', 'ALLOW', 'ROLE', 'employee'),
        ('Ticket', 'getTotalVolume', 'READ', 'ALLOW', 'ROLE', 'employee'),
        ('Ticket', 'summary', 'READ', 'ALLOW', 'ROLE', 'employee'),
        ('Ticket', 'priceDifference', 'READ', 'ALLOW', 'ROLE', 'employee'),
        ('Ticket', 'componentUpdate', 'WRITE', 'ALLOW', 'ROLE', 'employee'),
        ('Ticket', 'new', 'WRITE', 'ALLOW', 'ROLE', 'employee'),
        ('Ticket', 'isEditable', 'READ', 'ALLOW', 'ROLE', 'employee'),
        ('Ticket', 'setDeleted', 'WRITE', 'ALLOW', 'ROLE', 'employee'),
        ('Ticket', 'restore', 'WRITE', 'ALLOW', 'ROLE', 'employee'),
        ('Ticket', 'getSales', 'READ', 'ALLOW', 'ROLE', 'employee'),
        ('Ticket', 'getSalesPersonMana', 'READ', 'ALLOW', 'ROLE', 'employee'),
        ('Ticket', 'filter', 'READ', 'ALLOW', 'ROLE', 'employee'),
        ('Ticket', 'makeInvoice', 'WRITE', 'ALLOW', 'ROLE', 'employee'),
        ('Ticket', 'updateEditableTicket', 'WRITE', 'ALLOW', 'ROLE', 'employee'),
        ('Ticket', 'updateDiscount', 'WRITE', 'ALLOW', 'ROLE', 'employee'),
        ('Ticket', 'transferSales', 'WRITE', 'ALLOW', 'ROLE', 'employee'),
        ('Ticket', 'sendSms', 'WRITE', 'ALLOW', 'ROLE', 'employee'),
        ('Ticket', 'isLocked', 'READ', 'ALLOW', 'ROLE', 'employee'),
        ('Ticket', 'freightCost', 'READ', 'ALLOW', 'ROLE', 'employee'),
        ('Ticket', 'getComponentsSum', 'READ', 'ALLOW', 'ROLE', 'employee'),
        ('Ticket', 'updateAttributes', 'WRITE', 'ALLOW', 'ROLE', 'delivery'), -- Change Priority in Route tickets
        ('Ticket', 'deliveryNoteCsv', 'READ', 'ALLOW', 'ROLE', 'employee');

DELETE FROM `salix`.`ACL`
    WHERE
        model = 'State'
        AND property = '*'
        AND accessType = 'READ';

INSERT INTO `salix`.`ACL` (`model`, `property`, `accessType`, `permission`, `principalType`, `principalId`)
    VALUES
        ('State', 'find', 'READ', 'ALLOW', 'ROLE', 'employee'),
        ('State', 'findById', 'READ', 'ALLOW', 'ROLE', 'employee'),
        ('State', 'findOne', 'READ', 'ALLOW', 'ROLE', 'employee');

DELETE FROM `salix`.`ACL`
    WHERE
        model = 'Worker'
        AND property = '*'
        AND accessType = 'READ';

INSERT INTO `salix`.`ACL` (`model`, `property`, `accessType`, `permission`, `principalType`, `principalId`)
    VALUES
        ('Worker', 'find', 'READ', 'ALLOW', 'ROLE', 'employee'),
        ('Worker', 'findById', 'READ', 'ALLOW', 'ROLE', 'employee'),
        ('Worker', 'findOne', 'READ', 'ALLOW', 'ROLE', 'employee'),
        ('Worker', 'filter', 'READ', 'ALLOW', 'ROLE', 'employee'),
        ('Worker', 'getWorkedHours', 'READ', 'ALLOW', 'ROLE', 'employee'),
        ('Worker', 'active', 'READ', 'ALLOW', 'ROLE', 'employee'),
        ('Worker', 'activeWithRole', 'READ', 'ALLOW', 'ROLE', 'employee'),
        ('Worker', 'uploadFile', 'WRITE', 'ALLOW', 'ROLE', 'hr'),
        ('Worker', 'contracts', 'READ', 'ALLOW', 'ROLE', 'employee'),
        ('Worker', 'holidays', 'READ', 'ALLOW', 'ROLE', 'employee'),
        ('Worker', 'activeContract', 'READ', 'ALLOW', 'ROLE', 'employee'),
        ('Worker', 'activeWithInheritedRole', 'READ', 'ALLOW', 'ROLE', 'employee');

DELETE FROM `salix`.`ACL`
    WHERE model = 'Client'
        AND property = 'updateUser'
        AND accessType = '*';