From 3753581a715986a0f31c82eb8d84e34b53fd05bc Mon Sep 17 00:00:00 2001
From: Sascha Herzinger <sascha.herzinger@uni.lu>
Date: Tue, 18 Jun 2019 15:09:32 +0200
Subject: [PATCH] finished migration script for new permissions (untested)

---
 .../model/security/AuthorityDomain.java       |  2 -
 ...V14.0.0.20190613__new_permission_model.sql | 38 -------
 ...V14.0.0.20190618__new_permission_model.sql | 99 +++++++++++++++++++
 3 files changed, 99 insertions(+), 40 deletions(-)
 delete mode 100644 persist/src/main/resources/db/migration/14.0.0~alpha.0/V14.0.0.20190613__new_permission_model.sql
 create mode 100644 persist/src/main/resources/db/migration/14.0.0~alpha.0/V14.0.0.20190618__new_permission_model.sql

diff --git a/model/src/main/java/lcsb/mapviewer/model/security/AuthorityDomain.java b/model/src/main/java/lcsb/mapviewer/model/security/AuthorityDomain.java
index eb0615357d..fecf588448 100644
--- a/model/src/main/java/lcsb/mapviewer/model/security/AuthorityDomain.java
+++ b/model/src/main/java/lcsb/mapviewer/model/security/AuthorityDomain.java
@@ -2,13 +2,11 @@ package lcsb.mapviewer.model.security;
 
 import lcsb.mapviewer.model.Project;
 import lcsb.mapviewer.model.map.layout.Layout;
-import lcsb.mapviewer.model.user.User;
 
 public enum AuthorityDomain {
 
   PROJECT_DOMAIN(ObjectPrivilege.class, Project.class, ""),
   OVERLAY_DOMAIN(ObjectPrivilege.class, Layout.class, ""),
-  USER_DOMAIN(ObjectPrivilege.class, User.class, ""),
   PROJECTS_DOMAIN(Privilege.class, null, ""),
   OVERLAYS_DOMAIN(Privilege.class, null, ""),
   ADMIN_DOMAIN(Privilege.class, null, "");
diff --git a/persist/src/main/resources/db/migration/14.0.0~alpha.0/V14.0.0.20190613__new_permission_model.sql b/persist/src/main/resources/db/migration/14.0.0~alpha.0/V14.0.0.20190613__new_permission_model.sql
deleted file mode 100644
index 3f9704b883..0000000000
--- a/persist/src/main/resources/db/migration/14.0.0~alpha.0/V14.0.0.20190613__new_permission_model.sql
+++ /dev/null
@@ -1,38 +0,0 @@
-delete from privilege_table where user_id = (select distinct id from user_table where login = 'anonymous');
-delete from user_table where login = 'anonymous';
-
-alter table privilege_table rename column type to privilege_type;
-alter table privilege_table rename column id_object to object_id;
-
-alter table user_table add column role varchar not null default 'USER';
-
-update user_table set role = 'ADMIN' where id =
-    (select distinct user_id from privilege_table where privilege_type = 'USER_MANAGEMENT');
-update user_table set role = 'CURATOR' where id =
-    (select distinct user_id from privilege_table where privilege_type = 'ADD_MAP' and not privilege_type = 'USER_MANAGEMENT');
-
-delete from privilege_table where level = 0;
-alter table privilege_table drop column level;
-alter table privilege_table add column access_type varchar not null default 'READ';
-
-update privilege_table set privilege_type = 'PROJECT_DOMAIN_ACCESS' where privilege_type = 'VIEW_PROJECT';
-update privilege_table set privilege_type = 'OVERLAY_DOMAIN_ACCESS' where privilege_type = 'LAYOUT_VIEW';
-update privilege_table set privilege_type = 'OVERLAY_DOMAIN_ACCESS' where privilege_type = 'CUSTOM_LAYOUTS';
-
-delete from privilege_table where privilege_type = 'ADD_MAP'
-                               or privilege_type = 'EDIT_COMMENTS_PROJECT'
-                               or privilege_type = 'PROJECT_MANAGEMENT'
-                               or privilege_type = 'USER_MANAGEMENT'
-                               or privilege_type = 'LAYOUT_VIEW'
-                               or privilege_type = 'CONFIGURATION_MANAGE'
-                               or privilege_type = 'LAYOUT_MANAGEMENT'
-                               or privilege_type = 'MANAGE_GENOMES'
-                               or privilege_type = 'MANAGE_PLUGINS';
-
-create table user_privilege_map_table (
-    user_id integer not null references user_table(id),
-    privilege_id integer not null references privilege_table(id),
-    primary key (user_id, privilege_id)
-);
-
--- TODO: READ != WRITE. Add both if both is required
\ No newline at end of file
diff --git a/persist/src/main/resources/db/migration/14.0.0~alpha.0/V14.0.0.20190618__new_permission_model.sql b/persist/src/main/resources/db/migration/14.0.0~alpha.0/V14.0.0.20190618__new_permission_model.sql
new file mode 100644
index 0000000000..05ebfe03a2
--- /dev/null
+++ b/persist/src/main/resources/db/migration/14.0.0~alpha.0/V14.0.0.20190618__new_permission_model.sql
@@ -0,0 +1,99 @@
+delete from privilege_table where user_id = (select distinct id from user_table where login = 'anonymous');
+delete from user_table where login = 'anonymous';
+
+alter table privilege_table rename column type to authority_domain;
+alter table privilege_table rename column id_object to object_id;
+delete from privilege_table where level = 0;
+alter table privilege_table drop column level;
+alter table privilege_table add column access_type varchar not null default 'TMP'; -- we can use the TMP flag for deletion of all old privileges later
+
+insert into privilege_table (privilege_class_type_db, authority_domain, object_id, access_type)
+values ('BASIC_PRIVILEGE', 'PROJECTS_DOMAIN', null, 'CREATE');
+insert into privilege_table (privilege_class_type_db, authority_domain, object_id, access_type)
+values ('BASIC_PRIVILEGE', 'PROJECTS_DOMAIN', null, 'READ');
+insert into privilege_table (privilege_class_type_db, authority_domain, object_id, access_type)
+values ('BASIC_PRIVILEGE', 'PROJECTS_DOMAIN', null, 'UPDATE');
+insert into privilege_table (privilege_class_type_db, authority_domain, object_id, access_type)
+values ('BASIC_PRIVILEGE', 'PROJECTS_DOMAIN', null, 'DELETE');
+
+insert into privilege_table (privilege_class_type_db, authority_domain, object_id, access_type)
+values ('BASIC_PRIVILEGE', 'OVERLAYS_DOMAIN', null, 'CREATE');
+insert into privilege_table (privilege_class_type_db, authority_domain, object_id, access_type)
+values ('BASIC_PRIVILEGE', 'OVERLAYS_DOMAIN', null, 'READ');
+insert into privilege_table (privilege_class_type_db, authority_domain, object_id, access_type)
+values ('BASIC_PRIVILEGE', 'OVERLAYS_DOMAIN', null, 'UPDATE');
+insert into privilege_table (privilege_class_type_db, authority_domain, object_id, access_type)
+values ('BASIC_PRIVILEGE', 'OVERLAYS_DOMAIN', null, 'DELETE');
+
+insert into privilege_table (privilege_class_type_db, authority_domain, object_id, access_type)
+values ('BASIC_PRIVILEGE', 'ADMIN_DOMAIN', null, 'CREATE');
+insert into privilege_table (privilege_class_type_db, authority_domain, object_id, access_type)
+values ('BASIC_PRIVILEGE', 'ADMIN_DOMAIN', null, 'READ');
+insert into privilege_table (privilege_class_type_db, authority_domain, object_id, access_type)
+values ('BASIC_PRIVILEGE', 'ADMIN_DOMAIN', null, 'UPDATE');
+insert into privilege_table (privilege_class_type_db, authority_domain, object_id, access_type)
+values ('BASIC_PRIVILEGE', 'ADMIN_DOMAIN', null, 'DELETE');
+
+insert into privilege_table (privilege_class_type_db, authority_domain, object_id, access_type)
+select ('OBJECT_PRIVILEGE', 'PROJECT_DOMAIN', object_id, 'READ')
+from privilege_table where authority_domain = 'VIEW_PROJECT';
+
+insert into privilege_table (privilege_class_type_db, authority_domain, object_id, access_type)
+select ('OBJECT_PRIVILEGE', 'OVERLAY_DOMAIN', object_id, 'READ')
+from privilege_table where authority_domain = 'LAYOUT_VIEW';
+
+create table user_privilege_map_table (
+    user_id integer not null references user_table(id),
+    privilege_id integer not null references privilege_table(id),
+    primary key (user_id, privilege_id)
+);
+
+insert into user_privilege_map_table (user_id, privilege_id)
+select s1.user_id, s2.id
+from (select user_id, object_id from privilege_table where authority_domain = 'VIEW_PROJECT') s1
+inner join (select id, object_id from privilege_table where authority_domain = 'PROJECT_DOMAIN' and access_type = 'READ') s2
+on s1.object_id = s2.object_id;
+
+insert into user_privilege_map_table (user_id, privilege_id)
+select s1.user_id, s2.id
+from (select user_id, object_id from privilege_table where authority_domain = 'LAYOUT_VIEW') s1
+inner join (select id, object_id from privilege_table where authority_domain = 'OVERLAY_DOMAIN' and access_type = 'READ') s2
+on s1.object_id = s2.object_id;
+
+insert into user_privilege_map_table (user_id, privilege_id)
+select (select user_id from privilege_table where authority_domain = 'ADD_MAP'),
+       (select id from privilege_table where authority_domain = 'PROJECTS_DOMAIN' and access_type = 'CREATE');
+
+insert into user_privilege_map_table (user_id, privilege_id)
+select (select user_id from privilege_table where authority_domain = 'CUSTOM_LAYOUTS'),
+       (select id from privilege_table where authority_domain = 'OVERLAYS_DOMAIN' and access_type = 'CREATE');
+
+insert into user_privilege_map_table (user_id, privilege_id)
+select (select user_id from privilege_table where authority_domain = 'PROJECT_MANAGEMENT'),
+       (select id from privilege_table where authority_domain = 'PROJECTS_DOMAIN' and access_type = 'CREATE');
+insert into user_privilege_map_table (user_id, privilege_id)
+select (select user_id from privilege_table where authority_domain = 'PROJECT_MANAGEMENT'),
+       (select id from privilege_table where authority_domain = 'PROJECTS_DOMAIN' and access_type = 'READ');
+insert into user_privilege_map_table (user_id, privilege_id)
+select (select user_id from privilege_table where authority_domain = 'PROJECT_MANAGEMENT'),
+       (select id from privilege_table where authority_domain = 'PROJECTS_DOMAIN' and access_type = 'UPDATE');
+insert into user_privilege_map_table (user_id, privilege_id)
+select (select user_id from privilege_table where authority_domain = 'PROJECT_MANAGEMENT'),
+       (select id from privilege_table where authority_domain = 'PROJECTS_DOMAIN' and access_type = 'DELETE');
+
+insert into user_privilege_map_table (user_id, privilege_id)
+select (select user_id from privilege_table where authority_domain = 'USER_MANAGEMENT'),
+       (select id from privilege_table where authority_domain = 'ADMIN_DOMAIN' and access_type = 'CREATE');
+insert into user_privilege_map_table (user_id, privilege_id)
+select (select user_id from privilege_table where authority_domain = 'USER_MANAGEMENT'),
+       (select id from privilege_table where authority_domain = 'ADMIN_DOMAIN' and access_type = 'READ');
+insert into user_privilege_map_table (user_id, privilege_id)
+select (select user_id from privilege_table where authority_domain = 'USER_MANAGEMENT'),
+       (select id from privilege_table where authority_domain = 'ADMIN_DOMAIN' and access_type = 'UPDATE');
+insert into user_privilege_map_table (user_id, privilege_id)
+select (select user_id from privilege_table where authority_domain = 'USER_MANAGEMENT'),
+       (select id from privilege_table where authority_domain = 'ADMIN_DOMAIN' and access_type = 'DELETE');
+
+
+delete from privilege_table where access_type = 'TMP';
+alter table privilege_table drop column user_id;
-- 
GitLab