From 84df716d6e5e2ea8f4824f3c054f0dc8782900ac Mon Sep 17 00:00:00 2001 From: einhverfr Date: Tue, 11 Sep 2007 21:59:33 +0000 Subject: More permissions material added to the Roles git-svn-id: https://ledger-smb.svn.sourceforge.net/svnroot/ledger-smb/trunk@1570 4979c152-3d1c-0410-bac9-87ea11338e46 --- sql/modules/Roles.sql | 149 ++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 144 insertions(+), 5 deletions(-) (limited to 'sql') diff --git a/sql/modules/Roles.sql b/sql/modules/Roles.sql index 894f5a70..c1a8a483 100644 --- a/sql/modules/Roles.sql +++ b/sql/modules/Roles.sql @@ -146,6 +146,8 @@ INSERT INTO menu_acl (node_id, acl_type, role_name) values (1, 'allow', 'lsmb___create_ar_transaction'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (2, 'allow', 'lsmb___create_ar_transaction'); +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (194, 'allow', 'lsmb___create_ar_transaction'); CREATE ROLE lsmb___create_ar_transaction_voucher WITH INHERIT NOLOGIN @@ -167,6 +169,8 @@ GRANT INSERT ON inventory TO lsmb___create_ar_invoice; INSERT INTO menu_acl (node_id, acl_type, role_name) values (3, 'allow', 'lsmb___create_ar_invoice'); +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (195, 'allow', 'lsmb___create_ar_transaction'); CREATE ROLE lsmb___create_ar_invoice_voucher @@ -242,9 +246,9 @@ GRANT INSERT ON oe TO lsmb___create_sales_quotation; GRANT INSERT ON orderitems TO lsmb___create_sales_quotation; INSERT INTO menu_acl (node_id, acl_type, role_name) -values (50, 'allow', 'lsmb___create_sales_quotation'); +values (67, 'allow', 'lsmb___create_sales_quotation'); INSERT INTO menu_acl (node_id, acl_type, role_name) -values (51, 'allow', 'lsmb___create_sales_quotation'); +values (68, 'allow', 'lsmb___create_sales_quotation'); CREATE ROLE lsmb___list_sales_orders @@ -254,6 +258,14 @@ IN ROLE lsmb___read_contact; GRANT SELECT ON oe TO lsmb___list_sales_orders; GRANT SELECT ON orderitems TO lsmb___list_sales_orders; +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (50, 'allow', 'lsmb___list_sales_orders'); +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (53, 'allow', 'lsmb___list_sales_orders'); +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (54, 'allow', 'lsmb___list_sales_orders'); + + CREATE ROLE lsmb___list_sales_quotations WITH INHERIT NOLOGIN IN ROLE lsmb___read_contact; @@ -261,6 +273,14 @@ IN ROLE lsmb___read_contact; GRANT SELECT ON oe TO lsmb___list_sales_quotations; GRANT SELECT ON orderitems TO lsmb___list_sales_quotations; +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (67, 'allow', 'lsmb___list_sales_quotations'); +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (70, 'allow', 'lsmb___list_sales_quotations'); +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (71, 'allow', 'lsmb___list_sales_quotations'); + + CREATE ROLE lsmb___all_ar WITH INHERIT NOLOGIN IN ROLE lsmb___ar_all_vouchers, @@ -275,24 +295,82 @@ CREATE ROLE lsmb___create_ap_transaction WITH INHERIT NOLOGIN IN ROLE lsmb___read_contact; +GRANT INSERT ON ap TO lsmb___create_ap_transaction; +GRANT INSERT ON acc_trans TO lsmb___create_ap_transaction; + +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (21, 'allow', 'lsmb___create_ap_transaction'); +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (22, 'allow', 'lsmb___create_ap_transaction'); +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (196, 'allow', 'lsmb___create_ap_transaction'); + CREATE ROLE lsmb___create_ap_transaction_voucher WITH INHERIT NOLOGIN IN ROLE lsmb___read_contact, lsmb___create_batch; +GRANT INSERT ON ar TO lsmb___create_ap_transaction_voucher; +GRANT INSERT ON acc_trans TO lsmb___create_ap_transaction_voucher; + +-- TODO add Menu ACLs + CREATE ROLE lsmb___create_ap_invoice WITH INHERIT NOLOGIN -IN ROLE lsmb___read_contact; +IN ROLE lsmb___read_contact, +lsmb___create_ap_transaction; + +GRANT INSERT ON invoice TO lsmb___create_ap_invoice; +GRANT INSERT ON inventory TO lsmb___create_ap_invoice; + +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (23, 'allow', 'lsmb___create_ap_invoice'); +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (197, 'allow', 'lsmb___create_ap_transaction'); + CREATE ROLE lsmb___create_ap_invoice_voucher WITH INHERIT NOLOGIN IN ROLE lsmb___read_contact, lsmb___create_batch; +GRANT INSERT ON invoice TO lsmb___create_ap_invoice_voucher; +GRANT INSERT ON inventory TO lsmb___create_ap_invoice_voucher; + +-- TODO add Menu ACLs + + CREATE ROLE lsmb___list_ap_transactions WITH INHERIT NOLOGIN IN ROLE lsmb___read_contact; +GRANT SELECT ON ap TO lsmb___list_ap_transactions; +GRANT SELECT ON acc_trans TO lsmb___list_ap_transactions; +GRANT SELECT ON invoice TO lsmb___list_ap_transactions +GRANT SELECT ON inventory TO lsmb___list_ap_transactions + +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (21, 'allow', 'lsmb___list_ap_transactions'); +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (24, 'allow', 'lsmb___list_ap_transactions'); +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (25, 'allow', 'lsmb___list_ap_transactions'); +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (26, 'allow', 'lsmb___list_ap_transactions'); +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (27, 'allow', 'lsmb___list_ap_transactions'); +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (28, 'allow', 'lsmb___list_ap_transactions'); +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (29, 'allow', 'lsmb___list_ap_transactions'); +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (30, 'allow', 'lsmb___list_ap_transactions'); +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (32, 'allow', 'lsmb___list_ap_transactions'); +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (34, 'allow', 'lsmb___list_ap_transactions'); + + CREATE ROLE lsmb___ap_all_vouchers WITH INHERIT NOLOGIN IN ROLE lsmb___create_ap_transaction_voucher, @@ -309,18 +387,58 @@ WITH INHERIT NOLOGIN IN ROLE lsmb___read_contact; WITH INHERIT NOLOGIN; +GRANT INSERT ON oe TO lsmb___create_purchase_order; +GRANT INSERT ON orderitems TO lsmb___create_purchase_order; + +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (50, 'allow', 'lsmb___create_purchase_order'); +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (52, 'allow', 'lsmb___create_purchase_order'); + + CREATE ROLE lsmb___create_purchase_rfq WITH INHERIT NOLOGIN IN ROLE lsmb___read_contact; +GRANT INSERT ON oe TO lsmb___create_purchase_rfq; +GRANT INSERT ON orderitems TO lsmb___create_purchase_rfq; + +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (67, 'allow', 'lsmb___create_purchase_rfq'); +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (69, 'allow', 'lsmb___create_purchase_rfq'); + + CREATE ROLE lsmb___list_purchase_orders WITH INHERIT NOLOGIN IN ROLE lsmb___read_contact; +GRANT SELECT ON oe TO lsmb___list_purchase_orders; +GRANT SELECT ON orderitems TO lsmb___list_purchase_orders; + +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (50, 'allow', 'lsmb___list_purchase_orders'); +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (53, 'allow', 'lsmb___list_purchase_orders'); +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (55, 'allow', 'lsmb___list_purchase_orders'); + + CREATE ROLE lsmb___list_purchase_rfqs WITH INHERIT NOLOGIN IN ROLE lsmb___read_contact; +GRANT SELECT ON oe TO lsmb___list_purchase_rfqs; +GRANT SELECT ON orderitems TO lsmb___list_purchase_rfqs; + +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (67, 'allow', 'lsmb___list_purchase_rfqs'); +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (70, 'allow', 'lsmb___list_purchase_rfqs'); +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (72, 'allow', 'lsmb___list_purchase_rfqs'); + + CREATE ROLE lsmb___all_ap WITH INHERIT NOLOGIN IN ROLE lsmb___ap_all_vouchers, @@ -333,12 +451,33 @@ lsmb___list_purchase_rfqs; -- POS CREATE ROLE lsmb___create_pos_invoice WITH INHERIT NOLOGIN -IN ROLE lsmb___create_sales_invoice, -lsmb___create_ar_invoice; +IN ROLE lsmb___read_contact; + +GRANT INSERT ON invoice TO lsmb___create_pos_invoice; +GRANT INSERT ON inventory TO lsmb___create_pos_invoice; +GRANT INSERT ON ar TO lsmb___create_pos_invoice; +GRANT INSERT ON acc_trans TO lsmb___create_pos_invoice; + +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (16, 'allow', 'lsmb___create_pos_invoice'); +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (17, 'allow', 'lsmb___create_pos_invoice'); +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (18, 'allow', 'lsmb___create_pos_invoice'); + CREATE ROLE lsmb___close_till WITH INHERIT NOLOGIN; +GRANT INSERT ON gl TO lsmb___close_till; +GRANT INSERT ON acc_trans TO lsmb___close_till; + +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (16, 'allow', 'lsmb___close_till'); +INSERT INTO menu_acl (node_id, acl_type, role_name) +values (19, 'allow', 'lsmb___close_till'); + + CREATE ROLE lsmb___list_all_open WITH INHERIT NOLOGIN; -- cgit v1.2.3