You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by GitBox <gi...@apache.org> on 2023/01/12 14:25:59 UTC
[GitHub] [cloudstack] DaanHoogland commented on a diff in pull request #7080: updates roles read-only
DaanHoogland commented on code in PR #7080:
URL: https://github.com/apache/cloudstack/pull/7080#discussion_r1068186871
##########
engine/schema/src/main/resources/META-INF/db/schema-41720to41800.sql:
##########
@@ -998,6 +998,38 @@ BEGIN
CALL `cloud`.`IDEMPOTENT_ADD_KEY`('i_user_ip_address_state','user_ip_address', '(state)');
+UPDATE `cloud`.`role_permissions`
+SET sort_order = sort_order + 2
+WHERE rule = '*'
+AND permission = 'DENY'
+AND role_id in (SELECT id FROM `cloud`.`roles` WHERE name = 'Read-Only Admin - Default');
+
+INSERT INTO `cloud`.`role_permissions` (uuid, role_id, rule, permission, sort_order)
+SELECT UUID(), role_id, 'quotaStatement', 'ALLOW', MAX(sort_order)-1
+FROM `cloud`.`role_permissions` RP
+WHERE role_id = (SELECT id FROM `cloud`.`roles` WHERE name = 'Read-Only Admin - Default');
+
+INSERT INTO `cloud`.`role_permissions` (uuid, role_id, rule, permission, sort_order)
+SELECT UUID(), role_id, 'quotaBalance', 'ALLOW', MAX(sort_order)-2
+FROM `cloud`.`role_permissions` RP
+WHERE role_id = (SELECT id FROM `cloud`.`roles` WHERE name = 'Read-Only Admin - Default');
+
+UPDATE `cloud`.`role_permissions`
+SET sort_order = sort_order + 2
+WHERE rule = '*'
+AND permission = 'DENY'
+AND role_id in (SELECT id FROM `cloud`.`roles` WHERE name = 'Read-Only User - Default');
+
+INSERT INTO `cloud`.`role_permissions` (uuid, role_id, rule, permission, sort_order)
+SELECT UUID(), role_id, 'quotaStatement', 'ALLOW', MAX(sort_order)-1
+FROM `cloud`.`role_permissions` RP
+WHERE role_id = (SELECT id FROM `cloud`.`roles` WHERE name = 'Read-Only User - Default');
+
+INSERT INTO `cloud`.`role_permissions` (uuid, role_id, rule, permission, sort_order)
+SELECT UUID(), role_id, 'quotaBalance', 'ALLOW', MAX(sort_order)-2
+FROM `cloud`.`role_permissions` RP
+WHERE role_id = (SELECT id FROM `cloud`.`roles` WHERE name = 'Read-Only User - Default');
Review Comment:
executing this sec i get:
```
Error occurred during SQL script execution
Reason:
SQL Error [1140] [42000]: (conn=130) In aggregated query without GROUP BY, expression #2 of SELECT list contains nonaggregated column 'cloud.RP.role_id'; this is incompatible with sql_mode=only_full_group_by
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org