Menu
▾
▴
[Hyperic-hq-discuss] hq r14445 - in trunk: installer/data web/WEB-INF/classes
|
From: <dcr...@hy...> - 2010-03-30 23:34:07
|
Author: dcrutchf Date: 2010-03-30 16:33:59 -0700 (Tue, 30 Mar 2010) New Revision: 14445 URL: http://svn.hyperic.org/?view=rev&root=Hyperic+HQ&revision=14445 Modified: trunk/installer/data/db-upgrade.xml trunk/web/WEB-INF/classes/ApplicationResources.properties Log: [HQ-2079] - User with full server permission cannot delete server Added more upgrade logic to match the rules added to role permissions Modified: trunk/installer/data/db-upgrade.xml =================================================================== --- trunk/installer/data/db-upgrade.xml 2010-03-30 23:29:13 UTC (rev 14444) +++ trunk/installer/data/db-upgrade.xml 2010-03-30 23:33:59 UTC (rev 14445) @@ -10911,12 +10911,24 @@ <schemaSpec version="3.195"> <schema-directSQL> - <statement desc="Adding create group permission..."> - INSERT INTO EAM_OPERATION(ID,VERSION_COL,NAME,RESOURCE_TYPE_ID) VALUES (29,0,'createResourceGroup',3) - </statement> - <statement desc="Adding view escalation permission..."> - INSERT INTO EAM_OPERATION(ID,VERSION_COL,NAME,RESOURCE_TYPE_ID) VALUES (415,0,'viewEscalation',0) - </statement> + <statement desc="Removing manage application alert permission..."> + DELETE FROM EAM_ROLE_OPERATION_MAP WHERE OPERATION_ID=403 + </statement> + <statement desc="Removing control application permission..."> + DELETE FROM EAM_ROLE_OPERATION_MAP WHERE OPERATION_ID=328 + </statement> + <statement desc="Adding create group permission..."> + INSERT INTO EAM_OPERATION(ID,VERSION_COL,NAME,RESOURCE_TYPE_ID) + SELECT 29,0,'createResourceGroup',3 FROM EAM_OPERATION + WHERE ID=29 + HAVING COUNT(*) = 0 + </statement> + <statement desc="Adding view escalation permission..."> + INSERT INTO EAM_OPERATION(ID,VERSION_COL,NAME,RESOURCE_TYPE_ID) + SELECT 415,0,'viewEscalation',0 FROM EAM_OPERATION + WHERE ID=415 + HAVING COUNT(*) = 0 + </statement> <statement desc="Adding create group permission to any role that has delete group permission..."> INSERT INTO EAM_ROLE_OPERATION_MAP(ROLE_ID, OPERATION_ID) SELECT m.role_id, 29 FROM EAM_ROLE r @@ -10949,6 +10961,14 @@ AND (SELECT count(*) FROM EAM_ROLE_OPERATION_MAP rm WHERE rm.role_id = r.id AND rm.operation_id = 28) = 0 </statement> + <statement desc="Adding alert group permission to any role that has create, update or delete group permission..."> + INSERT INTO EAM_ROLE_OPERATION_MAP(ROLE_ID, OPERATION_ID) + SELECT distinct m.role_id, 404 FROM EAM_ROLE r + INNER JOIN EAM_ROLE_OPERATION_MAP m on r.id = m.role_id + WHERE (m.operation_id = 29 or m.operation_id = 31 or m.operation_id = 24) + AND (SELECT count(*) FROM EAM_ROLE_OPERATION_MAP rm + WHERE rm.role_id = r.id AND rm.operation_id = 404) = 0 + </statement> <statement desc="Adding create platform permission to any role that has delete platform permission..."> INSERT INTO EAM_ROLE_OPERATION_MAP(ROLE_ID, OPERATION_ID) SELECT m.role_id, 320 FROM EAM_ROLE r @@ -10981,6 +11001,22 @@ AND (SELECT count(*) FROM EAM_ROLE_OPERATION_MAP rm WHERE rm.role_id = r.id AND rm.operation_id = 305) = 0 </statement> + <statement desc="Adding alert platform permission to any role that has create, update or delete platform permission..."> + INSERT INTO EAM_ROLE_OPERATION_MAP(ROLE_ID, OPERATION_ID) + SELECT distinct m.role_id, 400 FROM EAM_ROLE r + INNER JOIN EAM_ROLE_OPERATION_MAP m on r.id = m.role_id + WHERE (m.operation_id = 320 or m.operation_id = 302 or m.operation_id = 301) + AND (SELECT count(*) FROM EAM_ROLE_OPERATION_MAP rm + WHERE rm.role_id = r.id AND rm.operation_id = 400) = 0 + </statement> + <statement desc="Adding control platform permission to any role that has create, update or delete platform permission..."> + INSERT INTO EAM_ROLE_OPERATION_MAP(ROLE_ID, OPERATION_ID) + SELECT distinct m.role_id, 325 FROM EAM_ROLE r + INNER JOIN EAM_ROLE_OPERATION_MAP m on r.id = m.role_id + WHERE (m.operation_id = 320 or m.operation_id = 302 or m.operation_id = 301) + AND (SELECT count(*) FROM EAM_ROLE_OPERATION_MAP rm + WHERE rm.role_id = r.id AND rm.operation_id = 325) = 0 + </statement> <statement desc="Adding create server permission to any role that has delete server permission..."> INSERT INTO EAM_ROLE_OPERATION_MAP(ROLE_ID, OPERATION_ID) SELECT m.role_id, 303 FROM EAM_ROLE r @@ -11013,6 +11049,22 @@ AND (SELECT count(*) FROM EAM_ROLE_OPERATION_MAP rm WHERE rm.role_id = r.id AND rm.operation_id = 311) = 0 </statement> + <statement desc="Adding alert server permission to any role that has create, update or delete server permission..."> + INSERT INTO EAM_ROLE_OPERATION_MAP(ROLE_ID, OPERATION_ID) + SELECT distinct m.role_id, 401 FROM EAM_ROLE r + INNER JOIN EAM_ROLE_OPERATION_MAP m on r.id = m.role_id + WHERE (m.operation_id = 308 or m.operation_id = 303 or m.operation_id = 307) + AND (SELECT count(*) FROM EAM_ROLE_OPERATION_MAP rm + WHERE rm.role_id = r.id AND rm.operation_id = 401) = 0 + </statement> + <statement desc="Adding control server permission to any role that has create, update or delete server permission..."> + INSERT INTO EAM_ROLE_OPERATION_MAP(ROLE_ID, OPERATION_ID) + SELECT distinct m.role_id, 326 FROM EAM_ROLE r + INNER JOIN EAM_ROLE_OPERATION_MAP m on r.id = m.role_id + WHERE (m.operation_id = 308 or m.operation_id = 303 or m.operation_id = 307) + AND (SELECT count(*) FROM EAM_ROLE_OPERATION_MAP rm + WHERE rm.role_id = r.id AND rm.operation_id = 326) = 0 + </statement> <statement desc="Adding create service permission to any role that has delete service permission..."> INSERT INTO EAM_ROLE_OPERATION_MAP(ROLE_ID, OPERATION_ID) SELECT m.role_id, 309 FROM EAM_ROLE r @@ -11045,6 +11097,22 @@ AND (SELECT count(*) FROM EAM_ROLE_OPERATION_MAP rm WHERE rm.role_id = r.id AND rm.operation_id = 315) = 0 </statement> + <statement desc="Adding alert service permission to any role that has create, update or delete service permission..."> + INSERT INTO EAM_ROLE_OPERATION_MAP(ROLE_ID, OPERATION_ID) + SELECT distinct m.role_id, 402 FROM EAM_ROLE r + INNER JOIN EAM_ROLE_OPERATION_MAP m on r.id = m.role_id + WHERE (m.operation_id = 309 or m.operation_id = 314 or m.operation_id = 313) + AND (SELECT count(*) FROM EAM_ROLE_OPERATION_MAP rm + WHERE rm.role_id = r.id AND rm.operation_id = 402) = 0 + </statement> + <statement desc="Adding control service permission to any role that has create, update or delete service permission..."> + INSERT INTO EAM_ROLE_OPERATION_MAP(ROLE_ID, OPERATION_ID) + SELECT distinct m.role_id, 327 FROM EAM_ROLE r + INNER JOIN EAM_ROLE_OPERATION_MAP m on r.id = m.role_id + WHERE (m.operation_id = 309 or m.operation_id = 314 or m.operation_id = 313) + AND (SELECT count(*) FROM EAM_ROLE_OPERATION_MAP rm + WHERE rm.role_id = r.id AND rm.operation_id = 327) = 0 + </statement> <statement desc="Adding create application permission to any role that has delete application permission..."> INSERT INTO EAM_ROLE_OPERATION_MAP(ROLE_ID, OPERATION_ID) SELECT m.role_id, 316 FROM EAM_ROLE r @@ -11173,8 +11241,232 @@ AND (SELECT count(*) FROM EAM_ROLE_OPERATION_MAP rm WHERE rm.role_id = r.id AND rm.operation_id = 415) = 0 </statement> - </schema-directSQL> - </schemaSpec> + <statement desc="Adding create server permission, if platform permissions have create or delete (i.e. full permission) and create server permission does not exist..."> + INSERT INTO EAM_ROLE_OPERATION_MAP(ROLE_ID, OPERATION_ID) + SELECT distinct m.role_id, 303 FROM EAM_ROLE r + INNER JOIN EAM_ROLE_OPERATION_MAP m on r.id = m.role_id + WHERE (SELECT count(*) FROM EAM_ROLE_OPERATION_MAP rm + WHERE rm.role_id = r.id AND (rm.operation_id = 320 or rm.operation_id = 302)) = 2 and + (SELECT count(*) FROM EAM_ROLE_OPERATION_MAP rm + WHERE rm.role_id = r.id AND rm.operation_id = 303) = 0 + </statement> + <statement desc="Adding delete server permission, if platform permissions have create or delete (i.e. full permission) and delete server permission does not exist..."> + INSERT INTO EAM_ROLE_OPERATION_MAP(ROLE_ID, OPERATION_ID) + SELECT distinct m.role_id, 308 FROM EAM_ROLE r + INNER JOIN EAM_ROLE_OPERATION_MAP m on r.id = m.role_id + WHERE (SELECT count(*) FROM EAM_ROLE_OPERATION_MAP rm + WHERE rm.role_id = r.id AND (rm.operation_id = 320 or rm.operation_id = 302)) = 2 and + (SELECT count(*) FROM EAM_ROLE_OPERATION_MAP rm + WHERE rm.role_id = r.id AND rm.operation_id = 308) = 0 + </statement> + <statement desc="Adding modify server permission, if platform permissions have create or delete (i.e. full permission) and modify server permission does not exist..."> + INSERT INTO EAM_ROLE_OPERATION_MAP(ROLE_ID, OPERATION_ID) + SELECT distinct m.role_id, 307 FROM EAM_ROLE r + INNER JOIN EAM_ROLE_OPERATION_MAP m on r.id = m.role_id + WHERE (SELECT count(*) FROM EAM_ROLE_OPERATION_MAP rm + WHERE rm.role_id = r.id AND (rm.operation_id = 320 or rm.operation_id = 302)) = 2 and + (SELECT count(*) FROM EAM_ROLE_OPERATION_MAP rm + WHERE rm.role_id = r.id AND rm.operation_id = 307) = 0 + </statement> + <statement desc="Adding view server permission, if platform permissions have create or delete (i.e. full permission) and view server permission does not exist..."> + INSERT INTO EAM_ROLE_OPERATION_MAP(ROLE_ID, OPERATION_ID) + SELECT distinct m.role_id, 311 FROM EAM_ROLE r + INNER JOIN EAM_ROLE_OPERATION_MAP m on r.id = m.role_id + WHERE (SELECT count(*) FROM EAM_ROLE_OPERATION_MAP rm + WHERE rm.role_id = r.id AND (rm.operation_id = 320 or rm.operation_id = 302)) = 2 and + (SELECT count(*) FROM EAM_ROLE_OPERATION_MAP rm + WHERE rm.role_id = r.id AND rm.operation_id = 311) = 0 + </statement> + <statement desc="Adding view server permission, if platform permissions have create or delete (i.e. full permission) and manage alert server permission does not exist..."> + INSERT INTO EAM_ROLE_OPERATION_MAP(ROLE_ID, OPERATION_ID) + SELECT distinct m.role_id, 401 FROM EAM_ROLE r + INNER JOIN EAM_ROLE_OPERATION_MAP m on r.id = m.role_id + WHERE (SELECT count(*) FROM EAM_ROLE_OPERATION_MAP rm + WHERE rm.role_id = r.id AND (rm.operation_id = 320 or rm.operation_id = 302)) = 2 and + (SELECT count(*) FROM EAM_ROLE_OPERATION_MAP rm + WHERE rm.role_id = r.id AND rm.operation_id = 401) = 0 + </statement> + <statement desc="Adding view server permission, if platform permissions have create or delete (i.e. full permission) and control server permission does not exist..."> + INSERT INTO EAM_ROLE_OPERATION_MAP(ROLE_ID, OPERATION_ID) + SELECT distinct m.role_id, 326 FROM EAM_ROLE r + INNER JOIN EAM_ROLE_OPERATION_MAP m on r.id = m.role_id + WHERE (SELECT count(*) FROM EAM_ROLE_OPERATION_MAP rm + WHERE rm.role_id = r.id AND (rm.operation_id = 320 or rm.operation_id = 302)) = 2 and + (SELECT count(*) FROM EAM_ROLE_OPERATION_MAP rm + WHERE rm.role_id = r.id AND rm.operation_id = 326) = 0 + </statement> + <statement desc="Adding create service permission, if server permissions have create or delete (i.e. full permission) and create service permission does not exist..."> + INSERT INTO EAM_ROLE_OPERATION_MAP(ROLE_ID, OPERATION_ID) + SELECT distinct m.role_id, 309 FROM EAM_ROLE r + INNER JOIN EAM_ROLE_OPERATION_MAP m on r.id = m.role_id + WHERE (SELECT count(*) FROM EAM_ROLE_OPERATION_MAP rm + WHERE rm.role_id = r.id AND (rm.operation_id = 303 or rm.operation_id = 308)) = 2 and + (SELECT count(*) FROM EAM_ROLE_OPERATION_MAP rm + WHERE rm.role_id = r.id AND rm.operation_id = 309) = 0 + </statement> + <statement desc="Adding delete service permission, if server permissions have create or delete (i.e. full permission) and delete service permission does not exist..."> + INSERT INTO EAM_ROLE_OPERATION_MAP(ROLE_ID, OPERATION_ID) + SELECT distinct m.role_id, 314 FROM EAM_ROLE r + INNER JOIN EAM_ROLE_OPERATION_MAP m on r.id = m.role_id + WHERE (SELECT count(*) FROM EAM_ROLE_OPERATION_MAP rm + WHERE rm.role_id = r.id AND (rm.operation_id = 303 or rm.operation_id = 308)) = 2 and + (SELECT count(*) FROM EAM_ROLE_OPERATION_MAP rm + WHERE rm.role_id = r.id AND rm.operation_id = 314) = 0 + </statement> + <statement desc="Adding modify service permission, if server permissions have create or delete (i.e. full permission) and modify service permission does not exist..."> + INSERT INTO EAM_ROLE_OPERATION_MAP(ROLE_ID, OPERATION_ID) + SELECT distinct m.role_id, 313 FROM EAM_ROLE r + INNER JOIN EAM_ROLE_OPERATION_MAP m on r.id = m.role_id + WHERE (SELECT count(*) FROM EAM_ROLE_OPERATION_MAP rm + WHERE rm.role_id = r.id AND (rm.operation_id = 303 or rm.operation_id = 308)) = 2 and + (SELECT count(*) FROM EAM_ROLE_OPERATION_MAP rm + WHERE rm.role_id = r.id AND rm.operation_id = 313) = 0 + </statement> + <statement desc="Adding view service permission, if server permissions have create or delete (i.e. full permission) and view service permission does not exist..."> + INSERT INTO EAM_ROLE_OPERATION_MAP(ROLE_ID, OPERATION_ID) + SELECT distinct m.role_id, 315 FROM EAM_ROLE r + INNER JOIN EAM_ROLE_OPERATION_MAP m on r.id = m.role_id + WHERE (SELECT count(*) FROM EAM_ROLE_OPERATION_MAP rm + WHERE rm.role_id = r.id AND (rm.operation_id = 303 or rm.operation_id = 308)) = 2 and + (SELECT count(*) FROM EAM_ROLE_OPERATION_MAP rm + WHERE rm.role_id = r.id AND rm.operation_id = 315) = 0 + </statement> + <statement desc="Adding view service permission, if server permissions have create or delete (i.e. full permission) and manage alerts service permission does not exist..."> + INSERT INTO EAM_ROLE_OPERATION_MAP(ROLE_ID, OPERATION_ID) + SELECT distinct m.role_id, 402 FROM EAM_ROLE r + INNER JOIN EAM_ROLE_OPERATION_MAP m on r.id = m.role_id + WHERE (SELECT count(*) FROM EAM_ROLE_OPERATION_MAP rm + WHERE rm.role_id = r.id AND (rm.operation_id = 303 or rm.operation_id = 308)) = 2 and + (SELECT count(*) FROM EAM_ROLE_OPERATION_MAP rm + WHERE rm.role_id = r.id AND rm.operation_id = 402) = 0 + </statement> + <statement desc="Adding view service permission, if server permissions have create or delete (i.e. full permission) and control service permission does not exist..."> + INSERT INTO EAM_ROLE_OPERATION_MAP(ROLE_ID, OPERATION_ID) + SELECT distinct m.role_id, 327 FROM EAM_ROLE r + INNER JOIN EAM_ROLE_OPERATION_MAP m on r.id = m.role_id + WHERE (SELECT count(*) FROM EAM_ROLE_OPERATION_MAP rm + WHERE rm.role_id = r.id AND (rm.operation_id = 303 or rm.operation_id = 308)) = 2 and + (SELECT count(*) FROM EAM_ROLE_OPERATION_MAP rm + WHERE rm.role_id = r.id AND rm.operation_id = 327) = 0 + </statement> + </schema-directSQL> + <groovy> + <![CDATA[ + println("Removing alert and control mappings where the group, platform, server and service doesnt have any permissions") + def stmt = """SELECT distinct role_id FROM EAM_ROLE_OPERATION_MAP m + WHERE (SELECT count(*) FROM EAM_ROLE_OPERATION_MAP rm + WHERE rm.role_id = m.role_id + AND (rm.operation_id = 320 or rm.operation_id = 302 or rm.operation_id = 301 or rm.operation_id = 305)) = 0 + AND (SELECT count(*) FROM EAM_ROLE_OPERATION_MAP rm + WHERE rm.role_id = m.role_id + AND (rm.operation_id = 400 or rm.operation_id = 325)) > 0""" + def sql = [] + SQL.eachRow(stmt, { + sql << "DELETE FROM EAM_ROLE_OPERATION_MAP WHERE role_id = ${it.role_id} and (operation_id = 400 or operation_id = 325)" + } ) + stmt = """SELECT distinct role_id FROM EAM_ROLE_OPERATION_MAP m + WHERE (SELECT count(*) FROM EAM_ROLE_OPERATION_MAP rm + WHERE rm.role_id = m.role_id + AND (rm.operation_id = 308 or rm.operation_id = 303 or rm.operation_id = 307 or rm.operation_id = 311)) = 0 + AND (SELECT count(*) FROM EAM_ROLE_OPERATION_MAP rm + WHERE rm.role_id = m.role_id + AND (rm.operation_id = 401 or rm.operation_id = 326)) > 0""" + SQL.eachRow(stmt, { + sql << "DELETE FROM EAM_ROLE_OPERATION_MAP WHERE role_id = ${it.role_id} and (operation_id = 401 or operation_id = 326)" + } ) + stmt = """SELECT distinct role_id FROM EAM_ROLE_OPERATION_MAP m + WHERE (SELECT count(*) FROM EAM_ROLE_OPERATION_MAP rm + WHERE rm.role_id = m.role_id + AND (rm.operation_id = 309 or rm.operation_id = 314 or rm.operation_id = 313 or rm.operation_id = 315)) = 0 + AND (SELECT count(*) FROM EAM_ROLE_OPERATION_MAP rm + WHERE rm.role_id = m.role_id + AND (rm.operation_id = 402 or rm.operation_id = 327)) > 0""" + SQL.eachRow(stmt, { + sql << "DELETE FROM EAM_ROLE_OPERATION_MAP WHERE role_id = ${it.role_id} and (operation_id = 402 or operation_id = 327)" + } ) + stmt = """SELECT distinct role_id FROM EAM_ROLE_OPERATION_MAP m + WHERE (SELECT count(*) FROM EAM_ROLE_OPERATION_MAP rm + WHERE rm.role_id = m.role_id + AND (m.operation_id = 29 or m.operation_id = 31 or m.operation_id = 24 or rm.operation_id = 28)) = 0 + AND (SELECT count(*) FROM EAM_ROLE_OPERATION_MAP rm + WHERE rm.role_id = m.role_id + AND rm.operation_id = 404) > 0""" + SQL.eachRow(stmt, { + sql << "DELETE FROM EAM_ROLE_OPERATION_MAP WHERE role_id = ${it.role_id} and operation_id = 404" + } ) + try { + stmt = CONN.createStatement() + for (s in sql) { + println(s) + stmt.execute(s) + } + } finally { + stmt.close() + } + ]]> + </groovy> + <groovy> + <![CDATA[ + println("Searching for mappings where the child has full permissions, but the parent has none. If found, we correct it by removing full permissions from child") + def stmt = """SELECT distinct role_id FROM EAM_ROLE_OPERATION_MAP m + WHERE (SELECT count(*) FROM EAM_ROLE_OPERATION_MAP rm + WHERE rm.role_id = m.role_id + AND (rm.operation_id = 320 or rm.operation_id = 302 or rm.operation_id = 305 or rm.operation_id = 301)) = 0 + AND (SELECT count(*) FROM EAM_ROLE_OPERATION_MAP rm + WHERE rm.role_id = m.role_id + AND (rm.operation_id = 303 or rm.operation_id = 308)) > 0""" + def sql = [] + SQL.eachRow(stmt, { + sql << "DELETE FROM EAM_ROLE_OPERATION_MAP WHERE role_id = ${it.role_id} and (operation_id = 303 or operation_id = 308)" + } ) + stmt = """SELECT distinct role_id FROM EAM_ROLE_OPERATION_MAP m + WHERE (SELECT count(*) FROM EAM_ROLE_OPERATION_MAP rm + WHERE rm.role_id = m.role_id + AND (rm.operation_id = 303 or rm.operation_id = 308 or rm.operation_id = 307 or rm.operation_id = 311)) = 0 + AND (SELECT count(*) FROM EAM_ROLE_OPERATION_MAP rm + WHERE rm.role_id = m.role_id + AND (rm.operation_id = 309 or rm.operation_id = 314)) > 0""" + SQL.eachRow(stmt, { + sql << "DELETE FROM EAM_ROLE_OPERATION_MAP WHERE role_id = ${it.role_id} and (operation_id = 309 or operation_id = 314)" + } ) + stmt = """SELECT distinct role_id FROM EAM_ROLE_OPERATION_MAP m + WHERE (((SELECT count(*) FROM EAM_ROLE_OPERATION_MAP rm + WHERE rm.role_id = m.role_id + AND (rm.operation_id = 6 or rm.operation_id = 7 or rm.operation_id = 8 or rm.operation_id = 10)) = 0 AND + (SELECT count(*) FROM EAM_ROLE_OPERATION_MAP rm + WHERE rm.role_id = m.role_id + AND (rm.operation_id = 12 or rm.operation_id = 30)) > 0) OR + ((SELECT count(*) FROM EAM_ROLE_OPERATION_MAP rm + WHERE rm.role_id = m.role_id + AND (rm.operation_id = 24 or rm.operation_id = 28 or rm.operation_id = 29 or rm.operation_id = 31)) = 0 AND + (SELECT count(*) FROM EAM_ROLE_OPERATION_MAP rm + WHERE rm.role_id = m.role_id + AND (rm.operation_id = 12 or rm.operation_id = 30)) > 0))""" + SQL.eachRow(stmt, { + sql << "DELETE FROM EAM_ROLE_OPERATION_MAP WHERE role_id = ${it.role_id} and (operation_id = 12 or operation_id = 30)" + } ) + stmt = """SELECT distinct role_id FROM EAM_ROLE_OPERATION_MAP m + WHERE (SELECT count(*) FROM EAM_ROLE_OPERATION_MAP rm + WHERE rm.role_id = m.role_id + AND (rm.operation_id = 11 or rm.operation_id = 12 or rm.operation_id = 16 or rm.operation_id = 30)) = 0 + AND (SELECT count(*) FROM EAM_ROLE_OPERATION_MAP rm + WHERE rm.role_id = m.role_id + AND (rm.operation_id = 7 or rm.operation_id = 10)) > 0""" + SQL.eachRow(stmt, { + sql << "DELETE FROM EAM_ROLE_OPERATION_MAP WHERE role_id = ${it.role_id} and (operation_id = 7 or operation_id = 10)" + } ) + try { + stmt = CONN.createStatement() + for (s in sql) { + println(s) + stmt.execute(s) + } + } finally { + stmt.close() + } + ]]> + </groovy> + </schemaSpec> </dbupgrade> </target> </project> Modified: trunk/web/WEB-INF/classes/ApplicationResources.properties =================================================================== --- trunk/web/WEB-INF/classes/ApplicationResources.properties 2010-03-30 23:29:13 UTC (rev 14444) +++ trunk/web/WEB-INF/classes/ApplicationResources.properties 2010-03-30 23:33:59 UTC (rev 14445) @@ -329,7 +329,8 @@ admin.role.perms.ResourceTypeTH=Resource Type admin.role.perms.type.users=Users admin.role.perms.type.roles=Roles -admin.role.perms.type.groups=Groups +admin.role.perms.type.groups=Groups * +admin.role.perms.type.groups.note=* Regardless of permissions selected, all users have the ability to create groups in the system. admin.role.perms.type.platforms=Platforms admin.role.perms.type.servers=Servers admin.role.perms.type.services=Services |
