Ala Hino has uploaded a new change for review. Change subject: database: Define user roles to import/export domains ......................................................................
database: Define user roles to import/export domains Created two new roles: VmImporterExporter and TemplateImporterExporter and assigned ActionGroup.IMPORT_EXPORT_VM to these roles. This change is required in order to enable users, using users portal, to import/export VMs or Templates. In addition, assigned ActionGroup.IMPORT_EXPORT_VM to UserVmManager, PowerUserRole and TemplateOwner roles. Change-Id: I61837fdc2fe2eae50b486dad5fbfeeac42c472f0 Signed-off-by: Ala Hino <ah...@redhat.com> --- A packaging/dbscripts/upgrade/03_06_1400_add_domain_import_export_permissions_for_users.sql 1 file changed, 88 insertions(+), 0 deletions(-) git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/55/41055/1 diff --git a/packaging/dbscripts/upgrade/03_06_1400_add_domain_import_export_permissions_for_users.sql b/packaging/dbscripts/upgrade/03_06_1400_add_domain_import_export_permissions_for_users.sql new file mode 100644 index 0000000..7ba6d5e --- /dev/null +++ b/packaging/dbscripts/upgrade/03_06_1400_add_domain_import_export_permissions_for_users.sql @@ -0,0 +1,88 @@ +Create or replace FUNCTION __temp_insert_add_domain_import_export_permissions_for_users() +RETURNS VOID + AS $procedure$ + DECLARE + v_USER_VM_MANAGER_ID UUID; + v_POWER_USER_ROLE_ID UUID; + v_TEMPLATE_OWNER_ID UUID; + v_VM_IMPORTER_EXPORTER_ID UUID; + v_TEMPLATE_IMPORTER_EXPORTER_ID UUID; + +BEGIN + v_USER_VM_MANAGER_ID := 'def00006-0000-0000-0000-def000000006'; + v_POWER_USER_ROLE_ID := '00000000-0000-0000-0001-000000000002'; + v_TEMPLATE_OWNER_ID := 'def0000a-0000-0000-0000-def00000000f'; + v_VM_IMPORTER_EXPORTER_ID := 'def00030-0000-0000-0000-def000000011'; + v_TEMPLATE_IMPORTER_EXPORTER_ID := 'def00030-0000-0000-0000-def000000012'; + +DELETE FROM roles_groups WHERE role_id = v_USER_VM_MANAGER_ID; +INSERT INTO roles(id,name,description,is_readonly,role_type,allows_viewing_children,app_mode) select v_USER_VM_MANAGER_ID, 'UserVmManager', 'User Role, with permission for any operation on Vms', true, 2, false, 1 +WHERE NOT EXISTS (SELECT id + FROM roles + WHERE id = v_USER_VM_MANAGER_ID); + +PERFORM fn_db_add_action_group_to_role(v_USER_VM_MANAGER_ID,1); +PERFORM fn_db_add_action_group_to_role(v_USER_VM_MANAGER_ID,2); +PERFORM fn_db_add_action_group_to_role(v_USER_VM_MANAGER_ID,3); +PERFORM fn_db_add_action_group_to_role(v_USER_VM_MANAGER_ID,5); +PERFORM fn_db_add_action_group_to_role(v_USER_VM_MANAGER_ID,7); +PERFORM fn_db_add_action_group_to_role(v_USER_VM_MANAGER_ID,8); +PERFORM fn_db_add_action_group_to_role(v_USER_VM_MANAGER_ID,9); +PERFORM fn_db_add_action_group_to_role(v_USER_VM_MANAGER_ID,10); +PERFORM fn_db_add_action_group_to_role(v_USER_VM_MANAGER_ID,12); +PERFORM fn_db_add_action_group_to_role(v_USER_VM_MANAGER_ID,17); +PERFORM fn_db_add_action_group_to_role(v_USER_VM_MANAGER_ID,18); +PERFORM fn_db_add_action_group_to_role(v_USER_VM_MANAGER_ID,19); +PERFORM fn_db_add_action_group_to_role(v_USER_VM_MANAGER_ID,21); +PERFORM fn_db_add_action_group_to_role(v_USER_VM_MANAGER_ID,22); +PERFORM fn_db_add_action_group_to_role(v_USER_VM_MANAGER_ID,502); +PERFORM fn_db_add_action_group_to_role(v_USER_VM_MANAGER_ID,503); +PERFORM fn_db_add_action_group_to_role(v_USER_VM_MANAGER_ID,1100); +PERFORM fn_db_add_action_group_to_role(v_USER_VM_MANAGER_ID,1101); +PERFORM fn_db_add_action_group_to_role(v_USER_VM_MANAGER_ID,1102); +PERFORM fn_db_add_action_group_to_role(v_USER_VM_MANAGER_ID,1104); +PERFORM fn_db_add_action_group_to_role(v_USER_VM_MANAGER_ID,1300); + +DELETE FROM roles_groups WHERE role_id = v_POWER_USER_ROLE_ID; +INSERT INTO roles(id,name,description,is_readonly,role_type,allows_viewing_children,app_mode) select v_POWER_USER_ROLE_ID, 'PowerUserRole', 'User Role, allowed to create VMs, Templates and Disks', true, 2, false, 1 +WHERE NOT EXISTS (SELECT id + FROM roles + WHERE id = v_POWER_USER_ROLE_ID); + +PERFORM fn_db_add_action_group_to_role(v_POWER_USER_ROLE_ID,1); +PERFORM fn_db_add_action_group_to_role(v_POWER_USER_ROLE_ID,8); +PERFORM fn_db_add_action_group_to_role(v_POWER_USER_ROLE_ID,200); +PERFORM fn_db_add_action_group_to_role(v_POWER_USER_ROLE_ID,1100); +PERFORM fn_db_add_action_group_to_role(v_POWER_USER_ROLE_ID,1106); +PERFORM fn_db_add_action_group_to_role(v_POWER_USER_ROLE_ID,1300); + +DELETE FROM roles_groups WHERE role_id = v_TEMPLATE_OWNER_ID; +INSERT INTO roles(id,name,description,is_readonly,role_type,allows_viewing_children,app_mode) select v_TEMPLATE_OWNER_ID, 'TemplateOwner', 'User Role, permissions for all operations on Templates', true, 2, false, 1 +WHERE NOT EXISTS (SELECT id + FROM roles + WHERE id = v_TEMPLATE_OWNER_ID); + +PERFORM fn_db_add_action_group_to_role(v_TEMPLATE_OWNER_ID,8); +PERFORM fn_db_add_action_group_to_role(v_TEMPLATE_OWNER_ID,201); +PERFORM fn_db_add_action_group_to_role(v_TEMPLATE_OWNER_ID,202); +PERFORM fn_db_add_action_group_to_role(v_TEMPLATE_OWNER_ID,203); +PERFORM fn_db_add_action_group_to_role(v_TEMPLATE_OWNER_ID,204); +PERFORM fn_db_add_action_group_to_role(v_TEMPLATE_OWNER_ID,502); +PERFORM fn_db_add_action_group_to_role(v_TEMPLATE_OWNER_ID,503); +PERFORM fn_db_add_action_group_to_role(v_TEMPLATE_OWNER_ID,1300); + +INSERT INTO roles (id, name, description, is_readonly, role_type, allows_viewing_children, app_mode) VALUES (v_VM_IMPORTER_EXPORTER_ID, 'VmImporterExporter', 'User Role, with permission to import or export Vms', true, 2, true, 1); + +PERFORM fn_db_add_action_group_to_role(v_VM_IMPORTER_EXPORTER_ID,8); + +INSERT INTO roles (id, name, description, is_readonly, role_type, allows_viewing_children, app_mode) VALUES (v_TEMPLATE_IMPORTER_EXPORTER_ID, 'TemplateImporterExporter', 'User Role, with permission to import or export Templates', true, 2, true, 1); + +PERFORM fn_db_add_action_group_to_role(v_TEMPLATE_IMPORTER_EXPORTER_ID,8); + + RETURN; +END; $procedure$ +LANGUAGE plpgsql; + +SELECT __temp_insert_add_domain_import_export_permissions_for_users(); +DROP function __temp_insert_add_domain_import_export_permissions_for_users(); + -- To view, visit https://gerrit.ovirt.org/41055 To unsubscribe, visit https://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I61837fdc2fe2eae50b486dad5fbfeeac42c472f0 Gerrit-PatchSet: 1 Gerrit-Project: ovirt-engine Gerrit-Branch: master Gerrit-Owner: Ala Hino <ah...@redhat.com> _______________________________________________ Engine-patches mailing list Engine-patches@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-patches
