SqlServer split manage collection permission (#1594)

* SqlServer split manage collection permission * Clarify names * Test claims generation * Test permission serialization * Simplify claims building * Use new collections permissions * Throw on use of deprecated permissions * Lower case all claims * Remove todos * Clean nonexistent project from test solution * JsonIgnore for both system and newtonsoft json * Make migrations more robust to multiple runs * remove duplicate usings * Remove obsolete permissions * Test solutions separately to detect failures * Handle dos line endings * Fix collections create/update permissions * Change restore cipher to edit permissions * Improve formatting * Simplify map * Refactor test
2025-06-30 15:42:48 -05:00 · 2021-10-05 11:12:05 -05:00
parent 55fa4a5f63
commit bd297fb7a2
25 changed files with 3639 additions and 129 deletions
--- a/util/PostgresMigrations/Scripts/2021-09-21_00_SplitManageCollectionsPermission.psql
+++ b/util/PostgresMigrations/Scripts/2021-09-21_00_SplitManageCollectionsPermission.psql
@ -0,0 +1,42 @@
+CREATE OR REPLACE FUNCTION updatePermissionsJson(permissions jsonb) returns jsonb LANGUAGE plpgsql AS $$
+	DECLARE manageAllCollections jsonb := COALESCE(jsonb_extract_path(permissions, 'manageAllCollections'), 'false');
+	DECLARE manageAssignedCollections jsonb := COALESCE(jsonb_extract_path(permissions, 'manageAssignedCollections'), 'false');
+
+	DECLARE createNewCollections jsonb := COALESCE(jsonb_extract_path(permissions, 'createNewCollections'), manageAllCollections);
+	DECLARE editAnyCollection jsonb := COALESCE(jsonb_extract_path(permissions, 'editAnyCollection'), manageAllCollections);
+	DECLARE deleteAnyCollection jsonb := COALESCE(jsonb_extract_path(permissions, 'deleteAnyCollection'), manageAllCollections);
+
+	DECLARE editAssignedCollections jsonb := COALESCE(jsonb_extract_path(permissions, 'editAssignedCollections'), manageAssignedCollections);
+	DECLARE deleteAssignedCollections jsonb := COALESCE(jsonb_extract_path(permissions, 'deleteAssignedCollections'), manageAssignedCollections);
+
+	BEGIN
+		RETURN
+			jsonb_set(
+				jsonb_set(
+					jsonb_set(
+						jsonb_set(
+							jsonb_set(
+								permissions,
+								'{createNewCollections}',
+								createNewCollections
+							),
+							'{editAnyCollection}',
+							editAnyCollection
+						),
+						'{deleteAnyCollection}',
+						deleteAnyCollection
+					),
+					'{editAssignedCollections}',
+					editAssignedCollections
+				),
+				'{deleteAssignedCollections}',
+				deleteAssignedCollections
+			);
+	END
+$$;
+
+UPDATE public."OrganizationUser"
+SET "Permissions" = updatePermissionsJson("Permissions"::jsonb)::text
+WHERE "Permissions" IS NOT NULL;
+	
+DROP FUNCTION updatePermissionsJson(jsonb);