mitchell852 commented on a change in pull request #2704: TO DB - Mapping roles to capabilities for read-only, operations, portal, federations, steering URL: https://github.com/apache/trafficcontrol/pull/2704#discussion_r212024441
########## File path: traffic_ops/app/db/migrations/20180816000626_roles_caps.sql ########## @@ -0,0 +1,124 @@ +/* + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +-- +goose Up +-- SQL in section 'Up' is executed when this migration is applied + +-- Using role 'read-only' + +INSERT INTO role_capability (role_id, cap_name) SELECT (SELECT id FROM role WHERE name = 'read-only'), 'auth' WHERE EXISTS (SELECT id FROM role WHERE name = 'read-only') ON CONFLICT DO NOTHING; Review comment: the more i think about this, the more i think we should move the read-only role to the seeds file and all the capabilities associated with it. so the seeds.sql file provides you with: admin role - all caps operations role - operations stuff <-- this one bothers me tbh but not sure of a better solution for now read-only role - all read caps disallowed role - no caps ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services
