More additions to role system

git-svn-id: https://ledger-smb.svn.sourceforge.net/svnroot/ledger-smb/trunk@1574 4979c152-3d1c-0410-bac9-87ea11338e46

1 files changed, 46 insertions, 6 deletions

diff --git a/sql/modules/Roles.sql b/sql/modules/Roles.sql
index cfdd62c2..4b803989 100644
--- a/sql/modules/Roles.sql
+++ b/sql/modules/Roles.sql
@@ -744,24 +744,60 @@ lsmb_<?lsmb dbname ?>__create_warehouse;
 CREATE ROLE lsmb_<?lsmb dbname ?>__create_transaction
 WITH INHERIT NOLOGIN;
 
+GRANT INSERT ON gl TO lsmb_<?lsmb dbname ?>__create_transaction;
+GRANT INSERT ON acc_trans TO lsmb_<?lsmb dbname ?>__create_transaction;
+
+INSERT INTO menu_acl (node_id, acl_type, role_name)
+values (73, 'allow', 'lsmb_<?lsmb dbname ?>__create_transaction');
+INSERT INTO menu_acl (node_id, acl_type, role_name)
+values (74, 'allow', 'lsmb_<?lsmb dbname ?>__create_transaction');
+INSERT INTO menu_acl (node_id, acl_type, role_name)
+values (75, 'allow', 'lsmb_<?lsmb dbname ?>__create_transaction');
+INSERT INTO menu_acl (node_id, acl_type, role_name)
+values (35, 'allow', 'lsmb_<?lsmb dbname ?>__create_transaction');
+INSERT INTO menu_acl (node_id, acl_type, role_name)
+values (40, 'allow', 'lsmb_<?lsmb dbname ?>__create_transaction');
+
+
 CREATE ROLE lsmb_<?lsmb dbname ?>__create_transaction_voucher
 WITH INHERIT NOLOGIN;
 
+GRANT INSERT ON gl TO lsmb_<?lsmb dbname ?>__create_transaction;
+GRANT INSERT ON acc_trans TO lsmb_<?lsmb dbname ?>__create_transaction;
+
+-- TODO Add menu permissions
+
 CREATE ROLE lsmb_<?lsmb dbname ?>__list_transactions
 WITH INHERIT NOLOGIN
 IN ROLE lsmb_<?lsmb dbname ?>__list_ar_transactions,
 lsmb_<?lsmb dbname ?>__list_ap_transactions;
 
+GRANT SELECT ON gl TO lsmb_<?lsmb dbname ?>__list_transactions;
+
+INSERT INTO menu_acl (node_id, acl_type, role_name)
+values (73, 'allow', 'lsmb_<?lsmb dbname ?>__list_transactions');
+INSERT INTO menu_acl (node_id, acl_type, role_name)
+values (76, 'allow', 'lsmb_<?lsmb dbname ?>__list_transactions');
+
+
 CREATE ROLE lsmb_<?lsmb dbname ?>__run_yearend
 WITH INHERIT NOLOGIN;
 
-CREATE ROLE lsmb_<?lsmb dbname ?>__create_list_batches
+GRANT INSERT, SELECT ON acc_trans TO lsmb_<?lsmb dbname ?>__run_yearend;
+
+INSERT INTO menu_acl (node_id, acl_type, role_name)
+values (128, 'allow', 'lsmb_<?lsmb dbname ?>__run_yearend');
+INSERT INTO menu_acl (node_id, acl_type, role_name)
+values (132, 'allow', 'lsmb_<?lsmb dbname ?>__run_yearend');
+
+
+CREATE ROLE lsmb_<?lsmb dbname ?>__list_batches
 WITH INHERIT NOLOGIN
-IN ROLE lsmb_<?lsmb dbname ?>__create_list_transactions;
+IN ROLE lsmb_<?lsmb dbname ?>__list_transactions;
 
-GRANT SELECT ON batch TO lsmb_<?lsmb dbname ?>__create_list_batches;
-GRANT SELECT ON batch_class TO lsmb_<?lsmb dbname ?>__create_list_batches;
-GRANT SELECT ON voucher TO lsmb_<?lsmb dbname ?>__create_list_batches;
+GRANT SELECT ON batch TO lsmb_<?lsmb dbname ?>__list_batches;
+GRANT SELECT ON batch_class TO lsmb_<?lsmb dbname ?>__list_batches;
+GRANT SELECT ON voucher TO lsmb_<?lsmb dbname ?>__list_batches;
 
 CREATE ROLE lsmb_<?lsmb dbname ?>__all_gl
 WITH INHERIT NOLOGIN
@@ -774,9 +810,13 @@ lsmb_<?lsmb dbname ?>__list_transactions;
 CREATE ROLE lsmb_<?lsmb dbname ?>__create_project
 WITH INHERIT NOLOGIN;
 
-CREATE ROLE lsmb_<?lsmb dbname ?>__add_project_timecard
+CREATE ROLE lsmb_<?lsmb dbname ?>__edit_project
 WITH INHERIT NOLOGIN;
 
+CREATE ROLE lsmb_<?lsmb dbname ?>__add_project_timecard
+WITH INHERIT NOLOGIN
+IN ROLE lsmb_<?lsmb dbname ?>__read_contact;
+
 -- ORDER GENERATION
 CREATE ROLE lsmb_<?lsmb dbname ?>__project_generate_orders
 WITH INHERIT NOLOGIN;