SqlServer split manage collection permission (#1594)

* SqlServer split manage collection permission * Clarify names * Test claims generation * Test permission serialization * Simplify claims building * Use new collections permissions * Throw on use of deprecated permissions * Lower case all claims * Remove todos * Clean nonexistent project from test solution * JsonIgnore for both system and newtonsoft json * Make migrations more robust to multiple runs * remove duplicate usings * Remove obsolete permissions * Test solutions separately to detect failures * Handle dos line endings * Fix collections create/update permissions * Change restore cipher to edit permissions * Improve formatting * Simplify map * Refactor test
2025-06-30 07:36:14 -05:00 · 2021-10-05 11:12:05 -05:00
parent 55fa4a5f63
commit bd297fb7a2
25 changed files with 3639 additions and 129 deletions
--- a/util/Migrator/DbScripts/2021-09-21_00_SplitManageCollectionsJson.sql
+++ b/util/Migrator/DbScripts/2021-09-21_00_SplitManageCollectionsJson.sql
@ -0,0 +1,64 @@
+-- Split Manage Assigned Collections into edit and delete
+UPDATE [vault_dev].[dbo].[OrganizationUser]
+SET [Permissions] = 
+    JSON_MODIFY(
+        JSON_MODIFY(
+            [Permissions],
+            '$.editAssignedCollections',
+            CAST(ISNULL(
+                    ISNULL(
+                        JSON_VALUE([Permissions], '$.editAssignedCollections'),
+                        JSON_VALUE([Permissions], '$.manageAssignedCollections')
+                  ),
+                0) AS BIT)
+        ),
+        '$.deleteAssignedCollections',
+        CAST(ISNULL(
+            ISNULL(
+                JSON_VALUE([Permissions], '$.deleteAssignedCollections'),
+                JSON_VALUE([Permissions], '$.manageAssignedCollections')),
+            0) AS BIT)
+    )
+WHERE [Permissions] IS NOT NULL
+    AND ISJSON([Permissions]) > 0
+    AND (
+        JSON_VALUE([Permissions], '$.editAssignedCollections') IS NULL
+        OR JSON_VALUE([Permissions], '$.deleteAssignedCollections') IS NULL
+    )
+
+-- Split Manage All Collections into create, edit, and delete
+UPDATE [vault_dev].[dbo].[OrganizationUser]
+SET [Permissions] = 
+    JSON_MODIFY(
+        JSON_MODIFY(
+            JSON_MODIFY(
+                [Permissions],
+                '$.createNewCollections',
+                CAST(ISNULL(
+                    ISNULL(
+                        JSON_VALUE([Permissions], '$.createNewCollections'),
+                        JSON_VALUE([Permissions], '$.manageAllCollections')),
+                    0) AS BIT)
+            ),
+            '$.editAnyCollection',
+            CAST(ISNULL(
+                ISNULL(
+                    JSON_VALUE([Permissions], '$.editAnyCollection'),
+                    JSON_VALUE([Permissions], '$.manageAllCollections')),
+                0) AS BIT)
+        ),
+        '$.deleteAnyCollection',
+            CAST(ISNULL(
+                ISNULL(
+                    JSON_VALUE([Permissions], '$.deleteAnyCollection'),
+                    JSON_VALUE([Permissions], '$.manageAllCollections')),
+                0) AS BIT)
+    )
+WHERE [Permissions] IS NOT NULL
+    AND ISJSON([Permissions]) > 0 
+    AND (
+        JSON_VALUE([Permissions], '$.createNewCollections') IS NULL
+        OR JSON_VALUE([Permissions], '$.editAnyCollection') IS NULL
+        OR JSON_VALUE([Permissions], '$.deleteAnyCollection') IS NULL
+    )
+