From: <cl...@hy...> - 2007-06-28 00:08:43
|
Author: clee Date: 2007-06-27 17:08:41 -0700 (Wed, 27 Jun 2007) New Revision: 4987 URL: http://svn.hyperic.org/?view=rev&root=Hyperic+HQ&revision=4987 Modified: trunk/installer/data/db-upgrade.xml trunk/sql/authz-data.xml Log: [HHQ-950] Because the alert subsystem now uses it's own resource_id to do the permission checking, the bug was exposing the fact that we have a special super user role that does not have all of the proper groups and operations in the database. So the fix is to add the root group to the super user role, as well as give that role all of the operations. Modified: trunk/installer/data/db-upgrade.xml =================================================================== --- trunk/installer/data/db-upgrade.xml 2007-06-28 00:07:31 UTC (rev 4986) +++ trunk/installer/data/db-upgrade.xml 2007-06-28 00:08:41 UTC (rev 4987) @@ -5797,6 +5797,12 @@ </schema-directSQL> </schemaSpec> + <schemaSpec version="3.30"> + <schema-directSQL> + <statement>insert into eam_role_resource_group_map (role_id, resource_group_id) values (1, 1)</statement> + <statement>insert into eam_role_operation_map (role_id, operation_id) select 1, id from eam_operation where not id = 0</statement> + </schema-directSQL> + </schemaSpec> </dbupgrade> </target> Modified: trunk/sql/authz-data.xml =================================================================== --- trunk/sql/authz-data.xml 2007-06-28 00:07:31 UTC (rev 4986) +++ trunk/sql/authz-data.xml 2007-06-28 00:08:41 UTC (rev 4987) @@ -470,7 +470,8 @@ <!-- add the authz resource group to the role --> <table name="EAM_ROLE_RESOURCE_GROUP_MAP"> - <data CID="2" ROLE_ID="%EAM_ROLE.ID:1" RESOURCE_GROUP_ID="%EAM_RESOURCE_GROUP.ID:0"/> + <data CID="2" ROLE_ID="%EAM_ROLE.ID:0" RESOURCE_GROUP_ID="%EAM_RESOURCE_GROUP.ID:1"/> + <data CID="3" ROLE_ID="%EAM_ROLE.ID:1" RESOURCE_GROUP_ID="%EAM_RESOURCE_GROUP.ID:0"/> </table> <!-- add the root user to the creator role --> @@ -481,6 +482,57 @@ <!-- add the permissions to the creator role --> <table name="EAM_ROLE_OPERATION_MAP"> <data CID="51" OPERATION_ID="%EAM_OPERATION.ID:0" ROLE_ID="%EAM_ROLE.ID:1"/> + <data CID="52" OPERATION_ID="%EAM_OPERATION.ID:1" ROLE_ID="%EAM_ROLE.ID:1"/> + <data CID="53" OPERATION_ID="%EAM_OPERATION.ID:2" ROLE_ID="%EAM_ROLE.ID:1"/> + <data CID="54" OPERATION_ID="%EAM_OPERATION.ID:3" ROLE_ID="%EAM_ROLE.ID:1"/> + <data CID="55" OPERATION_ID="%EAM_OPERATION.ID:6" ROLE_ID="%EAM_ROLE.ID:1"/> + <data CID="56" OPERATION_ID="%EAM_OPERATION.ID:7" ROLE_ID="%EAM_ROLE.ID:1"/> + <data CID="57" OPERATION_ID="%EAM_OPERATION.ID:8" ROLE_ID="%EAM_ROLE.ID:1"/> + <data CID="58" OPERATION_ID="%EAM_OPERATION.ID:10" ROLE_ID="%EAM_ROLE.ID:1"/> + <data CID="59" OPERATION_ID="%EAM_OPERATION.ID:11" ROLE_ID="%EAM_ROLE.ID:1"/> + <data CID="60" OPERATION_ID="%EAM_OPERATION.ID:12" ROLE_ID="%EAM_ROLE.ID:1"/> + <data CID="61" OPERATION_ID="%EAM_OPERATION.ID:13" ROLE_ID="%EAM_ROLE.ID:1"/> + <data CID="62" OPERATION_ID="%EAM_OPERATION.ID:16" ROLE_ID="%EAM_ROLE.ID:1"/> + <data CID="63" OPERATION_ID="%EAM_OPERATION.ID:24" ROLE_ID="%EAM_ROLE.ID:1"/> + <data CID="64" OPERATION_ID="%EAM_OPERATION.ID:25" ROLE_ID="%EAM_ROLE.ID:1"/> + <data CID="65" OPERATION_ID="%EAM_OPERATION.ID:28" ROLE_ID="%EAM_ROLE.ID:1"/> + <data CID="66" OPERATION_ID="%EAM_OPERATION.ID:301" ROLE_ID="%EAM_ROLE.ID:1"/> + <data CID="67" OPERATION_ID="%EAM_OPERATION.ID:302" ROLE_ID="%EAM_ROLE.ID:1"/> + <data CID="68" OPERATION_ID="%EAM_OPERATION.ID:303" ROLE_ID="%EAM_ROLE.ID:1"/> + <data CID="69" OPERATION_ID="%EAM_OPERATION.ID:305" ROLE_ID="%EAM_ROLE.ID:1"/> + <data CID="70" OPERATION_ID="%EAM_OPERATION.ID:306" ROLE_ID="%EAM_ROLE.ID:1"/> + <data CID="71" OPERATION_ID="%EAM_OPERATION.ID:307" ROLE_ID="%EAM_ROLE.ID:1"/> + <data CID="72" OPERATION_ID="%EAM_OPERATION.ID:308" ROLE_ID="%EAM_ROLE.ID:1"/> + <data CID="73" OPERATION_ID="%EAM_OPERATION.ID:309" ROLE_ID="%EAM_ROLE.ID:1"/> + <data CID="74" OPERATION_ID="%EAM_OPERATION.ID:311" ROLE_ID="%EAM_ROLE.ID:1"/> + <data CID="75" OPERATION_ID="%EAM_OPERATION.ID:312" ROLE_ID="%EAM_ROLE.ID:1"/> + <data CID="76" OPERATION_ID="%EAM_OPERATION.ID:313" ROLE_ID="%EAM_ROLE.ID:1"/> + <data CID="77" OPERATION_ID="%EAM_OPERATION.ID:314" ROLE_ID="%EAM_ROLE.ID:1"/> + <data CID="78" OPERATION_ID="%EAM_OPERATION.ID:315" ROLE_ID="%EAM_ROLE.ID:1"/> + <data CID="79" OPERATION_ID="%EAM_OPERATION.ID:316" ROLE_ID="%EAM_ROLE.ID:1"/> + <data CID="80" OPERATION_ID="%EAM_OPERATION.ID:317" ROLE_ID="%EAM_ROLE.ID:1"/> + <data CID="81" OPERATION_ID="%EAM_OPERATION.ID:318" ROLE_ID="%EAM_ROLE.ID:1"/> + <data CID="82" OPERATION_ID="%EAM_OPERATION.ID:319" ROLE_ID="%EAM_ROLE.ID:1"/> + <data CID="83" OPERATION_ID="%EAM_OPERATION.ID:320" ROLE_ID="%EAM_ROLE.ID:1"/> + <data CID="84" OPERATION_ID="%EAM_OPERATION.ID:30" ROLE_ID="%EAM_ROLE.ID:1"/> + <data CID="85" OPERATION_ID="%EAM_OPERATION.ID:31" ROLE_ID="%EAM_ROLE.ID:1"/> + <data CID="86" OPERATION_ID="%EAM_OPERATION.ID:321" ROLE_ID="%EAM_ROLE.ID:1"/> + <data CID="87" OPERATION_ID="%EAM_OPERATION.ID:322" ROLE_ID="%EAM_ROLE.ID:1"/> + <data CID="88" OPERATION_ID="%EAM_OPERATION.ID:323" ROLE_ID="%EAM_ROLE.ID:1"/> + <data CID="89" OPERATION_ID="%EAM_OPERATION.ID:324" ROLE_ID="%EAM_ROLE.ID:1"/> + <data CID="90" OPERATION_ID="%EAM_OPERATION.ID:325" ROLE_ID="%EAM_ROLE.ID:1"/> + <data CID="91" OPERATION_ID="%EAM_OPERATION.ID:326" ROLE_ID="%EAM_ROLE.ID:1"/> + <data CID="92" OPERATION_ID="%EAM_OPERATION.ID:327" ROLE_ID="%EAM_ROLE.ID:1"/> + <data CID="93" OPERATION_ID="%EAM_OPERATION.ID:328" ROLE_ID="%EAM_ROLE.ID:1"/> + <data CID="94" OPERATION_ID="%EAM_OPERATION.ID:32" ROLE_ID="%EAM_ROLE.ID:1"/> + <data CID="95" OPERATION_ID="%EAM_OPERATION.ID:400" ROLE_ID="%EAM_ROLE.ID:1"/> + <data CID="96" OPERATION_ID="%EAM_OPERATION.ID:401" ROLE_ID="%EAM_ROLE.ID:1"/> + <data CID="97" OPERATION_ID="%EAM_OPERATION.ID:402" ROLE_ID="%EAM_ROLE.ID:1"/> + <data CID="98" OPERATION_ID="%EAM_OPERATION.ID:403" ROLE_ID="%EAM_ROLE.ID:1"/> + <data CID="99" OPERATION_ID="%EAM_OPERATION.ID:404" ROLE_ID="%EAM_ROLE.ID:1"/> + <data CID="100" OPERATION_ID="%EAM_OPERATION.ID:412" ROLE_ID="%EAM_ROLE.ID:1"/> + <data CID="101" OPERATION_ID="%EAM_OPERATION.ID:413" ROLE_ID="%EAM_ROLE.ID:1"/> + <data CID="102" OPERATION_ID="%EAM_OPERATION.ID:414" ROLE_ID="%EAM_ROLE.ID:1"/> </table> </Covalent.DBSetup> |