From 613917e2f7291aab953a75fdbc2d3700e776c91b Mon Sep 17 00:00:00 2001 From: einhverfr Date: Wed, 12 Sep 2007 22:15:26 +0000 Subject: Added sequences, etc. Roles should be functional with these permissions git-svn-id: https://ledger-smb.svn.sourceforge.net/svnroot/ledger-smb/trunk@1580 4979c152-3d1c-0410-bac9-87ea11338e46 --- sql/modules/Roles.sql | 444 ++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 433 insertions(+), 11 deletions(-) (limited to 'sql') diff --git a/sql/modules/Roles.sql b/sql/modules/Roles.sql index 4b803989..fe803841 100644 --- a/sql/modules/Roles.sql +++ b/sql/modules/Roles.sql @@ -46,10 +46,15 @@ WITH INHERIT NOLOGIN IN ROLE lsmb___read_contact; GRANT INSERT ON entity TO lsmb___create_contact; +GRANT ALL ON entity_id_seq TO lsmb___create_contact; GRANT INSERT ON company TO lsmb___create_contact; +GRANT ALL ON company_id_seq TO lsmb___create_contact; GRANT INSERT ON location TO lsmb___create_contact; +GRANT ALL ON location_id_seq TO lsmb___create_contact; GRANT INSERT ON person TO lsmb___create_contact; +GRANT ALL ON person_id_seq TO lsmb___create_contact; GRANT INSERT ON entity_credit_account TO lsmb___create_contact; +GRANT ALL ON entity_credit_account_id_seq TO lsmb___create_contact; GRANT INSERT ON company_to_contact TO lsmb___create_contact; GRANT INSERT ON company_to_entity TO lsmb___create_contact; GRANT INSERT ON company_to_location TO lsmb___create_contact; @@ -57,6 +62,7 @@ GRANT INSERT ON customertax TO lsmb___create_contact; GRANT INSERT ON employee TO lsmb___create_contact; GRANT INSERT ON customer TO lsmb___create_contact; GRANT INSERT ON entity_bank_account TO lsmb___create_contact; +GRANT ALL ON entity_bank_account_id_seq TO lsmb___create_contact; GRANT INSERT ON entity_note TO lsmb___create_contact; GRANT INSERT ON entity_class_to_entity TO lsmb___create_contact; GRANT INSERT ON entity_other_name TO lsmb___create_contact; @@ -118,8 +124,10 @@ CREATE ROLE lsmb___create_batch WITH INHERIT NOLOGIN; GRANT INSERT ON batch TO lsmb___create_batch; +GRANT ALL ON batch_id_seq TO lsmb___create_batch; GRANT SELECT ON batch_class TO lsmb___create_batch; GRANT INSERT ON voucher TO lsmb___create_batch; +GRANT ALL ON voucher_id_seq TO lsmb___create_contact; -- TODO add Menu ACLs @@ -140,7 +148,9 @@ WITH INHERIT NOLOGIN IN ROLE lsmb___read_contact; GRANT INSERT ON ar TO lsmb___create_ar_transaction; +GRANT ALL ON id TO lsmb___create_ar_transaction; GRANT INSERT ON acc_trans TO lsmb___create_ar_transaction; +GRANT ALL ON acc_trans_entry_id_seq TO lsmb___create_ar_transaction; INSERT INTO menu_acl (node_id, acl_type, role_name) values (1, 'allow', 'lsmb___create_ar_transaction'); @@ -155,7 +165,9 @@ IN ROLE lsmb___read_contact, lsmb___create_batch; GRANT INSERT ON ar TO lsmb___create_ar_transaction_voucher; +GRANT ALL ON id TO lsmb___create_ar_transaction_voucher; GRANT INSERT ON acc_trans TO lsmb___create_ar_transaction_voucher; +GRANT ALL ON acc_trans_entry_id_seq TO lsmb___create_ar_transaction_voucher; -- TODO add Menu ACLs @@ -165,7 +177,9 @@ IN ROLE lsmb___read_contact, lsmb___create_ar_transaction; GRANT INSERT ON invoice TO lsmb___create_ar_invoice; +GRANT ALL ON invoice_id_seq TO lsmb___create_ar_invoice; GRANT INSERT ON inventory TO lsmb___create_ar_invoice; +GRANT ALL ON inventory_entry_id_seq TO lsmb___create_ar_invoice; INSERT INTO menu_acl (node_id, acl_type, role_name) values (3, 'allow', 'lsmb___create_ar_invoice'); @@ -180,7 +194,9 @@ lsmb___create_batch, lsmb___create_ar_transaction_voucher; GRANT INSERT ON invoice TO lsmb___create_ar_invoice_voucher; +GRANT ALL ON invoice_id_seq TO lsmb___create_ar_invoice_voucher; GRANT INSERT ON inventory TO lsmb___create_ar_invoice_voucher; +GRANT ALL ON inventory_entry_id_seq TO lsmb___create_ar_invoice_voucher; -- TODO add Menu ACLs @@ -230,7 +246,9 @@ WITH INHERIT NOLOGIN IN ROLE lsmb___read_contact; GRANT INSERT ON oe TO lsmb___create_sales_order; +GRANT ALL ON oe_id_seq TO lsmb___create_sales_order; GRANT INSERT ON orderitems TO lsmb___create_sales_order; +GRANT ALL ON orderitems_id_seq TO lsmb___create_sales_order; INSERT INTO menu_acl (node_id, acl_type, role_name) values (50, 'allow', 'lsmb___create_sales_order'); @@ -243,7 +261,9 @@ WITH INHERIT NOLOGIN IN ROLE lsmb___read_contact; GRANT INSERT ON oe TO lsmb___create_sales_quotation; +GRANT ALL ON oe_id_seq TO lsmb___create_sales_quotation; GRANT INSERT ON orderitems TO lsmb___create_sales_quotation; +GRANT ALL ON orderitems_id_seq TO lsmb___create_sales_quotation; INSERT INTO menu_acl (node_id, acl_type, role_name) values (67, 'allow', 'lsmb___create_sales_quotation'); @@ -296,7 +316,9 @@ WITH INHERIT NOLOGIN IN ROLE lsmb___read_contact; GRANT INSERT ON ap TO lsmb___create_ap_transaction; +GRANT ALL ON id TO lsmb___create_ap_transaction; GRANT INSERT ON acc_trans TO lsmb___create_ap_transaction; +GRANT ALL ON acc_trans_entry_id TO lsmb___create_ap_transaction; INSERT INTO menu_acl (node_id, acl_type, role_name) values (21, 'allow', 'lsmb___create_ap_transaction'); @@ -311,7 +333,9 @@ IN ROLE lsmb___read_contact, lsmb___create_batch; GRANT INSERT ON ar TO lsmb___create_ap_transaction_voucher; +GRANT ALL ON id TO lsmb___create_ap_transaction_voucher; GRANT INSERT ON acc_trans TO lsmb___create_ap_transaction_voucher; +GRANT ALL ON acc_trans_entry_id TO lsmb___create_ap_transaction_voucher; -- TODO add Menu ACLs @@ -322,6 +346,8 @@ lsmb___create_ap_transaction; GRANT INSERT ON invoice TO lsmb___create_ap_invoice; GRANT INSERT ON inventory TO lsmb___create_ap_invoice; +GRANT ALL ON invoice_id_seq TO lsmb___create_ap_invoice; +GRANT ALL ON inventory_entry_id_seq TO lsmb___create_ap_invoice; INSERT INTO menu_acl (node_id, acl_type, role_name) values (23, 'allow', 'lsmb___create_ap_invoice'); @@ -336,6 +362,8 @@ lsmb___create_batch; GRANT INSERT ON invoice TO lsmb___create_ap_invoice_voucher; GRANT INSERT ON inventory TO lsmb___create_ap_invoice_voucher; +GRANT ALL ON invoice_id_seq TO lsmb___create_ap_invoice_voucher; +GRANT ALL ON inventory_entry_id_seq TO lsmb___create_ap_invoice_voucher; -- TODO add Menu ACLs @@ -389,6 +417,8 @@ WITH INHERIT NOLOGIN; GRANT INSERT ON oe TO lsmb___create_purchase_order; GRANT INSERT ON orderitems TO lsmb___create_purchase_order; +GRANT ALL ON oe_id_seq TO lsmb___create_purchase_order; +GRANT ALL ON orderitems_id_seq TO lsmb___create_purchase_order; INSERT INTO menu_acl (node_id, acl_type, role_name) values (50, 'allow', 'lsmb___create_purchase_order'); @@ -402,6 +432,8 @@ IN ROLE lsmb___read_contact; GRANT INSERT ON oe TO lsmb___create_purchase_rfq; GRANT INSERT ON orderitems TO lsmb___create_purchase_rfq; +GRANT ALL ON oe_id_seq TO lsmb___create_purchase_rfq; +GRANT ALL ON orderitems_id_seq TO lsmb___create_purchase_rfq; INSERT INTO menu_acl (node_id, acl_type, role_name) values (67, 'allow', 'lsmb___create_purchase_rfq'); @@ -457,6 +489,10 @@ GRANT INSERT ON invoice TO lsmb___create_pos_invoice; GRANT INSERT ON inventory TO lsmb___create_pos_invoice; GRANT INSERT ON ar TO lsmb___create_pos_invoice; GRANT INSERT ON acc_trans TO lsmb___create_pos_invoice; +GRANT ALL ON id TO lsmb___create_pos_invoice; +GRANT ALL ON acc_trans_entry_id_seq TO lsmb___create_pos_invoice; +GRANT ALL ON invoice_id_seq TO lsmb___create_pos_invoice; +GRANT ALL ON inventory_entry_id_seq TO lsmb___create_pos_invoice; INSERT INTO menu_acl (node_id, acl_type, role_name) values (16, 'allow', 'lsmb___create_pos_invoice'); @@ -471,6 +507,8 @@ WITH INHERIT NOLOGIN; GRANT INSERT ON gl TO lsmb___close_till; GRANT INSERT ON acc_trans TO lsmb___close_till; +GRANT ALL ON id TO lsmb___close_till; +GRANT ALL ON acc_trans_entry_id_seq TO lsmb___close_till; INSERT INTO menu_acl (node_id, acl_type, role_name) values (16, 'allow', 'lsmb___close_till'); @@ -507,6 +545,8 @@ WITH INHERIT NOLOGIN; GRANT INSERT ON pending_reports TO lsmb___reconcile; GRANT INSERT on report_corrections TO lsmb___reconcile; GRANT SELECT ON acc_trans TO lsmb___reconcile; +GRANT ALL ON pending_reports_id_seq TO lsmb___reconcile; +GRANT ALL ON report_corrections_id_seq TO lsmb___reconcile; INSERT INTO menu_acl (node_id, acl_type, role_name) values (35, 'allow', 'lsmb__reconcile'); @@ -538,6 +578,8 @@ WITH INHERIT NOLOGIN IN ROLE ap_list_transactions; GRANT INSERT ON acc_trans TO lsmb___process_payment; +GRANT ALL ON acc_trans_entry_id_seq TO lsmb___process_payment; + INSERT INTO menu_acl (node_id, acl_type, role_name) values (35, 'allow', 'lsmb___process_payment'); @@ -552,6 +594,7 @@ WITH INHERIT NOLOGIN IN ROLE ar_list_transactions; GRANT INSERT ON acc_trans TO lsmb___process_receipt; +GRANT ALL ON acc_trans_entry_id_seq TO lsmb___process_receipt; INSERT INTO menu_acl (node_id, acl_type, role_name) values (35, 'allow', 'lsmb___process_receipt'); @@ -572,6 +615,7 @@ CREATE ROLE lsmb___create_part WITH INHERIT NOLOGIN; GRANT INSERT ON parts TO lsmb___create_part; +GRANT ALL ON parts_id_seq TO lsmb___create_part; INSERT INTO menu_acl (node_id, acl_type, role_name) values (77, 'allow', 'lsmb___create_part'); @@ -636,6 +680,7 @@ WITH INHERIT NOLOGIN IN ROLE lsmb___read_contact; GRANT INSERT ON pricegroup TO lsmb___create_pricegroup; +GRANT ALL ON pricegroup_id_seq TO lsmb___create_pricegroup; GRANT UPDATE ON entity_credit_account TO lsmb___create_pricegroup; INSERT INTO menu_acl (node_id, acl_type, role_name) @@ -674,6 +719,7 @@ WITH INHERIT NOLOGIN IN ROLE lsmb___list_sales_orders; GRANT INSERT ON inventory TO lsmb___ship_inventory; +GRANT ALL ON inventory_entry_id_seq TO lsmb___ship_inventory; INSERT INTO menu_acl (node_id, acl_type, role_name) values (63, 'allow', 'lsmb___ship_inventory'); @@ -686,6 +732,7 @@ WITH INHERIT NOLOGIN IN ROLE lsmb___list_purchase_orders; GRANT INSERT ON inventory TO lsmb___receive_inventory; +GRANT ALL ON inventory_entry_id_seq TO lsmb___receive_inventory; INSERT INTO menu_acl (node_id, acl_type, role_name) values (63, 'allow', 'lsmb___receive_inventory'); @@ -697,6 +744,7 @@ CREATE ROLE lsmb___transfer_inventory WITH INHERIT NOLOGIN; GRANT INSERT ON inventory TO lsmb___transfer_inventory; +GRANT ALL ON inventory_entry_id_seq TO lsmb___transfer_inventory; INSERT INTO menu_acl (node_id, acl_type, role_name) values (63, 'allow', 'lsmb___transfer_inventory'); @@ -707,6 +755,7 @@ CREATE ROLE lsmb___create_warehouse WITH INHERIT NOLOGIN; GRANT INSERT ON warehouse TO lsmb___create_warehouse; +GRANT ALL ON warehouse_id_seq TO lsmb___create_warehouse; INSERT INTO menu_acl (node_id, acl_type, role_name) values (128, 'allow', 'lsmb___create_warehouse'); @@ -746,6 +795,8 @@ WITH INHERIT NOLOGIN; GRANT INSERT ON gl TO lsmb___create_transaction; GRANT INSERT ON acc_trans TO lsmb___create_transaction; +GRANT ALL ON id TO lsmb___create_transaction; +GRANT ALL ON acc_trans_entry_id TO lsmb___create_transaction; INSERT INTO menu_acl (node_id, acl_type, role_name) values (73, 'allow', 'lsmb___create_transaction'); @@ -762,8 +813,10 @@ values (40, 'allow', 'lsmb___create_transaction'); CREATE ROLE lsmb___create_transaction_voucher WITH INHERIT NOLOGIN; -GRANT INSERT ON gl TO lsmb___create_transaction; -GRANT INSERT ON acc_trans TO lsmb___create_transaction; +GRANT INSERT ON gl TO lsmb___create_transaction_voucher; +GRANT INSERT ON acc_trans TO lsmb___create_transaction_voucher; +GRANT ALL ON id TO lsmb___create_transaction_voucher; +GRANT ALL ON acc_trans_entry_id TO lsmb___create_transaction_voucher; -- TODO Add menu permissions @@ -799,6 +852,9 @@ GRANT SELECT ON batch TO lsmb___list_batches; GRANT SELECT ON batch_class TO lsmb___list_batches; GRANT SELECT ON voucher TO lsmb___list_batches; +-- TODO: Add menu items + + CREATE ROLE lsmb___all_gl WITH INHERIT NOLOGIN IN ROLE lsmb___create_transaction, @@ -810,25 +866,118 @@ lsmb___list_transactions; CREATE ROLE lsmb___create_project WITH INHERIT NOLOGIN; +GRANT INSERT ON project TO lsmb___create_project; +GRANT ALL ON project_id_seq TO lsmb___create_project; + +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (98, 'allow', 'lsmb___create_project'); +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (99, 'allow', 'lsmb___create_project'); + + CREATE ROLE lsmb___edit_project WITH INHERIT NOLOGIN; +GRANT UPDATE ON project TO lsmb___edit_project; + +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (98, 'allow', 'lsmb___edit_project'); +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (103, 'allow', 'lsmb___edit_project'); +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (104, 'allow', 'lsmb___edit_project'); + + CREATE ROLE lsmb___add_project_timecard WITH INHERIT NOLOGIN IN ROLE lsmb___read_contact; +GRANT INSERT ON jcitems TO lsmb___add_project_timecard; +GRANT ALL ON jcitems_id_seq TO lsmb___add_project_timecard; + +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (98, 'allow', 'lsmb___add_project_timecard'); +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (100, 'allow', 'lsmb___add_project_timecard'); +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (103, 'allow', 'lsmb___add_project_timecard'); +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (106, 'allow', 'lsmb___add_project_timecard'); + +CREATE ROLE lsmb___list_project_timecards +WITH INHERIT NOLOGIN +IN ROLE lsmb___read_contact; + +GRANT UPDATE ON project TO lsmb___edit_project; + +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (98, 'allow', 'lsmb___edit_project'); +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (103, 'allow', 'lsmb___edit_project'); +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (106, 'allow', 'lsmb___edit_project'); + + + -- ORDER GENERATION +CREATE ROLE lsmb___generate_orders +WITH INHERIT NOLOGIN +IN ROLE lsmb___read_contact; + +GRANT SELECT, INSERT, UPDATE ON oe TO lsmb___generate_orders; +GRANT SELECT, INSERT, UPDATE ON orderitems TO lsmb___generate_orders; +GRANT ALL ON oe_id_seq TO lsmb___generate_orders; +GRANT ALL ON orderitems_id_seq TO lsmb___generate_orders; + CREATE ROLE lsmb___project_generate_orders -WITH INHERIT NOLOGIN; +WITH INHERIT NOLOGIN +IN ROLE lsmb___generate_orders; + +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (98, 'allow', 'lsmb___project_generate_orders'); +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (101, 'allow', 'lsmb___project_generate_orders'); +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (102, 'allow', 'lsmb___project_generate_orders'); + CREATE ROLE lsmb___sales_to_purchase_orders -WITH INHERIT NOLOGIN; +WITH INHERIT NOLOGIN +IN ROLE lsmb___generate_orders; + +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (50, 'allow', 'lsmb___sales_to_purchase_orders'); +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (56, 'allow', 'lsmb___sales_to_purchase_orders'); +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (57, 'allow', 'lsmb___sales_to_purchase_orders'); +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (58, 'allow', 'lsmb___sales_to_purchase_orders'); + CREATE ROLE lsmb___consolidate_purchase_orders -WITH INHERIT NOLOGIN; +WITH INHERIT NOLOGIN +IN ROLE lsmb___generate_orders; + +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (50, 'allow', 'lsmb___consolidate_purchase_orders'); +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (60, 'allow', 'lsmb___consolidate_purchase_orders'); +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (62, 'allow', 'lsmb___consolidate_purchase_orders'); + CREATE ROLE lsmb___consolidate_sales_orders -WITH INHERIT NOLOGIN; +WITH INHERIT NOLOGIN +IN ROLE lsmb___generate_orders; + +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (50, 'allow', 'lsmb___consolidate_sales_orders'); +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (60, 'allow', 'lsmb___consolidate_sales_orders'); +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (61, 'allow', 'lsmb___consolidate_sales_orders'); + CREATE ROLE lsmb___manage_orders WITH INHERIT NOLOGIN @@ -842,6 +991,18 @@ CREATE ROLE lsmb___run_financial_reports WITH INHERIT NOLOGIN IN ROLE lsmb___list_transactions; +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (109, 'allow', 'lsmb___run_financial_reports'); +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (110, 'allow', 'lsmb___run_financial_reports'); +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (111, 'allow', 'lsmb___run_financial_reports'); +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (112, 'allow', 'lsmb___run_financial_reports'); +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (113, 'allow', 'lsmb___run_financial_reports'); + + -- RECURRING TRANSACTIONS -- TO ADD WHEN THIS IS REDESIGNED @@ -849,18 +1010,49 @@ IN ROLE lsmb___list_transactions; CREATE ROLE lsmb___list_print_jobs WITH INHERIT NOLOGIN; -CREATE ROLE lsmb___print_jobs -WITH INHERIT NOLOGIN; +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (116, 'allow', 'lsmb___list_print_jobs'); +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (117, 'allow', 'lsmb___list_print_jobs'); +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (118, 'allow', 'lsmb___list_print_jobs'); +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (119, 'allow', 'lsmb___list_print_jobs'); +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (120, 'allow', 'lsmb___list_print_jobs'); +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (121, 'allow', 'lsmb___list_print_jobs'); +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (122, 'allow', 'lsmb___list_print_jobs'); +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (123, 'allow', 'lsmb___list_print_jobs'); +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (124, 'allow', 'lsmb___list_print_jobs'); +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (125, 'allow', 'lsmb___list_print_jobs'); +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (126, 'allow', 'lsmb___list_print_jobs'); +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (127, 'allow', 'lsmb___list_print_jobs'); -CREATE ROLE lsmb___all_batch_printing + +CREATE ROLE lsmb___print_jobs WITH INHERIT NOLOGIN -IN ROLE lsmb___list_print_jobs, -lsmb___print_jobs; +IN ROLE lsmb___list_print_jobs; + -- SYSTEM SETTINGS CREATE ROLE lsmb___list_system_settings WITH INHERIT NOLOGIN; +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (128, 'allow', 'lsmb___list_system_settings'); +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (129, 'allow', 'lsmb___list_system_settings'); +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (131, 'allow', 'lsmb___list_system_settings'); + + CREATE ROLE lsmb___change_system_settings WITH INHERIT NOLOGIN IN ROLE lsmb___list_system_settings; @@ -868,18 +1060,67 @@ IN ROLE lsmb___list_system_settings; CREATE ROLE lsmb___set_taxes WITH INHERIT NOLOGIN; +GRANT INSERT, UPDATE ON tax TO lsmb___set_taxes; + +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (128, 'allow', 'lsmb___set_taxes'); +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (130, 'allow', 'lsmb___set_taxes'); + + CREATE ROLE lsmb___create_account WITH INHERIT NOLOGIN; +GRANT INSERT ON chart TO lsmb___create_account; +GRANT ALL ON chart_id_seq TO lsmb___create_account; + +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (128, 'allow', 'lsmb___create_account'); +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (136, 'allow', 'lsmb___create_account'); +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (137, 'allow', 'lsmb___create_account'); + + CREATE ROLE lsmb___edit_account WITH INHERIT NOLOGIN; +GRANT UPDATE ON chart TO lsmb___edit_account; + +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (128, 'allow', 'lsmb___edit_account'); +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (136, 'allow', 'lsmb___edit_account'); +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (138, 'allow', 'lsmb___edit_account'); + + CREATE ROLE lsmb___create_gifi WITH INHERIT NOLOGIN; +GRANT INSERT ON gifi TO lsmb___create_gifi; + +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (128, 'allow', 'lsmb___create_gifi'); +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (136, 'allow', 'lsmb___create_gifi'); +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (139, 'allow', 'lsmb___create_gifi'); + + CREATE ROLE lsmb___edit_gifi WITH INHERIT NOLOGIN; +GRANT UPDATE ON gifi TO lsmb___edit_gifi; + +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (128, 'allow', 'lsmb___edit_account'); +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (136, 'allow', 'lsmb___edit_account'); +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (140, 'allow', 'lsmb___edit_account'); + + CREATE ROLE lsmb___all_accounts WITH INHERIT NOLOGIN IN ROLE lsmb___create_account, @@ -891,9 +1132,30 @@ lsmb___edit_gifi; CREATE ROLE lsmb___create_department WITH INHERIT NOLOGIN; +GRANT INSERT ON department TO lsmb___create_department; +GRANT ALL ON department_id_seq TO lsmb___create_department; + +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (128, 'allow', 'lsmb___create_department'); +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (144, 'allow', 'lsmb___create_department'); +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (145, 'allow', 'lsmb___create_department'); + + CREATE ROLE lsmb___edit_department WITH INHERIT NOLOGIN; +GRANT UPDATE ON department TO lsmb___edit_department; + +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (128, 'allow', 'lsmb___edit_department'); +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (144, 'allow', 'lsmb___edit_department'); +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (146, 'allow', 'lsmb___edit_department'); + + CREATE ROLE lsmb___all_department WITH INHERIT NOLOGIN IN ROLE lsmb___create_department, @@ -902,9 +1164,30 @@ lsmb___edit_department; CREATE ROLE lsmb___create_business_type WITH INHERIT NOLOGIN; +GRANT INSERT ON business TO lsmb___create_business_type; +GRANT ALL ON business_id_seq TO lsmb___create_business_type; + +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (128, 'allow', 'lsmb___create_business_type'); +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (147, 'allow', 'lsmb___create_business_type'); +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (148, 'allow', 'lsmb___create_business_type'); + + CREATE ROLE lsmb___edit_business_type WITH INHERIT NOLOGIN; +GRANT UPDATE ON business TO lsmb___edit_business_type; + +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (128, 'allow', 'lsmb___edit_business_type'); +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (147, 'allow', 'lsmb___edit_business_type'); +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (149, 'allow', 'lsmb___edit_business_type'); + + CREATE ROLE lsmb___all_business_type WITH INHERIT NOLOGIN IN ROLE lsmb___create_business_type, @@ -913,9 +1196,29 @@ lsmb___edit_business_type; CREATE ROLE lsmb___create_sic WITH INHERIT NOLOGIN; +GRANT INSERT ON sic TO lsmb___create_sic; + +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (128, 'allow', 'lsmb___create_sic'); +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (153, 'allow', 'lsmb___create_sic'); +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (154, 'allow', 'lsmb___create_sic'); + + CREATE ROLE lsmb___edit_sic WITH INHERIT NOLOGIN; +GRANT UPDATE ON sic TO lsmb___edit_sic; + +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (128, 'allow', 'lsmb___edit_sic'); +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (153, 'allow', 'lsmb___edit_sic'); +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (155, 'allow', 'lsmb___edit_sic'); + + CREATE ROLE lsmb___all_sic WITH INHERIT NOLOGIN IN ROLE lsmb___create_sic, @@ -924,6 +1227,80 @@ lsmb___edit_sic; CREATE ROLE lsmb___edit_template WITH INHERIT NOLOGIN; +-- TODO Add db permissions as templates get moved into db. + +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (128, 'allow', 'lsmb___edit_template'); +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (156, 'allow', 'lsmb___edit_template'); +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (157, 'allow', 'lsmb___edit_template'); +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (158, 'allow', 'lsmb___edit_template'); +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (159, 'allow', 'lsmb___edit_template'); +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (160, 'allow', 'lsmb___edit_template'); +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (161, 'allow', 'lsmb___edit_template'); +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (162, 'allow', 'lsmb___edit_template'); +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (163, 'allow', 'lsmb___edit_template'); +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (164, 'allow', 'lsmb___edit_template'); +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (165, 'allow', 'lsmb___edit_template'); +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (166, 'allow', 'lsmb___edit_template'); +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (167, 'allow', 'lsmb___edit_template'); +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (168, 'allow', 'lsmb___edit_template'); +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (169, 'allow', 'lsmb___edit_template'); +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (170, 'allow', 'lsmb___edit_template'); +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (171, 'allow', 'lsmb___edit_template'); +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (172, 'allow', 'lsmb___edit_template'); +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (173, 'allow', 'lsmb___edit_template'); +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (174, 'allow', 'lsmb___edit_template'); +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (175, 'allow', 'lsmb___edit_template'); +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (176, 'allow', 'lsmb___edit_template'); +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (177, 'allow', 'lsmb___edit_template'); +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (178, 'allow', 'lsmb___edit_template'); +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (179, 'allow', 'lsmb___edit_template'); +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (180, 'allow', 'lsmb___edit_template'); +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (181, 'allow', 'lsmb___edit_template'); +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (182, 'allow', 'lsmb___edit_template'); +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (183, 'allow', 'lsmb___edit_template'); +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (184, 'allow', 'lsmb___edit_template'); +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (185, 'allow', 'lsmb___edit_template'); +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (186, 'allow', 'lsmb___edit_template'); +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (187, 'allow', 'lsmb___edit_template'); +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (188, 'allow', 'lsmb___edit_template'); +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (189, 'allow', 'lsmb___edit_template'); + + CREATE ROLE lsmb___manage_system WITH INHERIT NOLOGIN IN ROLE lsmb___change_system_settings, @@ -937,12 +1314,57 @@ lsmb___edit_template; CREATE ROLE lsmb___create_language WITH INHERIT NOLOGIN; +GRANT INSERT ON language TO lsmb___create_language; + +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (128, 'allow', 'lsmb___create_language'); +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (150, 'allow', 'lsmb___create_language'); +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (151, 'allow', 'lsmb___create_language'); + + +CREATE ROLE lsmb___edit_language +WITH INHERIT NOLOGIN; + +GRANT UPDATE ON language TO lsmb___edit_language; + +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (128, 'allow', 'lsmb___edit_language'); +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (150, 'allow', 'lsmb___edit_language'); +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (152, 'allow', 'lsmb___edit_language'); + + CREATE ROLE lsmb___create_part_translation WITH INHERIT NOLOGIN; +-- TODO add db permissions + +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (77, 'allow', 'lsmb___create_part_translation'); +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (95, 'allow', 'lsmb___create_part_translation'); +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (96, 'allow', 'lsmb___create_part_translation'); +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (97, 'allow', 'lsmb___create_part_translation'); + + CREATE ROLE lsmb___create_project_translation WITH INHERIT NOLOGIN; +-- TODO add db permissions + +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (98, 'allow', 'lsmb___create_project_translation'); +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (107, 'allow', 'lsmb___create_project_translation'); +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (108, 'allow', 'lsmb___create_project_translation'); + + CREATE ROLE lsmb___all_manual_translation WITH INHERIT NOLOGIN IN ROLE lsmb___create_language, -- cgit v1.2.3