Github user mitchell852 commented on a diff in the pull request:
https://github.com/apache/incubator-trafficcontrol/pull/435#discussion_r113050424
--- Diff: traffic_ops/app/db/seeds.sql ---
@@ -22,6 +22,257 @@ insert into role (id, name, description, priv_level)
values (5, 'portal', 'Porta
insert into role (id, name, description, priv_level) values (6,
'migrations', 'database migrations user - DO NOT REMOVE', 20) ON CONFLICT DO
NOTHING;
insert into role (id, name, description, priv_level) values (7,
'federation', 'Role for Secondary CZF', 15) ON CONFLICT DO NOTHING;
insert into role (id, name, description, priv_level) values (8,
'steering', 'Role for Steering Delivery Services', 15) ON CONFLICT DO NOTHING;
+insert into role (id, name, description, priv_level) values (9, 'root',
'Role for full capabilities - super-user ', 30) ON CONFLICT DO NOTHING;
+
+-- capabilities
+insert into capability (name, description) values ('all-read', 'Full read
access') ON CONFLICT DO NOTHING;
+insert into capability (name, description) values ('all-write', 'Full
write access') ON CONFLICT DO NOTHING;
+insert into capability (name, description) values ('asn-read', 'View ASN
configuration') ON CONFLICT DO NOTHING;
+insert into capability (name, description) values ('asn-write', 'Create,
edit or delete ASN configuration') ON CONFLICT DO NOTHING;
+insert into capability (name, description) values ('basic-read', 'Basic
read operations. Every user should have this capability') ON CONFLICT DO
NOTHING;
+insert into capability (name, description) values ('basic-write', 'Basic
write operations. Every user should have this capability') ON CONFLICT DO
NOTHING;
+insert into capability (name, description) values
('cache-config-files-read', 'View the generated cache configuration files') ON
CONFLICT DO NOTHING;
+insert into capability (name, description) values ('cache-group-read',
'View cache-group configuration') ON CONFLICT DO NOTHING;
+insert into capability (name, description) values ('cache-group-write',
'Create, edit or delete cache-group configuration') ON CONFLICT DO NOTHING;
+insert into capability (name, description) values ('cache-stats-read',
'View Cache statistics read access') ON CONFLICT DO NOTHING;
+insert into capability (name, description) values
('cdn-config-snapshot-read', 'View config snapshot at CDN level') ON CONFLICT
DO NOTHING;
+insert into capability (name, description) values
('cdn-config-snapshot-write', 'Config snapshot write access at CDN level') ON
CONFLICT DO NOTHING;
+insert into capability (name, description) values ('cdn-health-read',
'View CDN health') ON CONFLICT DO NOTHING;
+insert into capability (name, description) values ('cdn-read', 'View CDN
configuration') ON CONFLICT DO NOTHING;
+insert into capability (name, description) values ('cdn-write', 'Create,
edit or delete CDN configuration') ON CONFLICT DO NOTHING;
+insert into capability (name, description) values
('cdn-security-keys-read', 'View CDN DNSSEC keys') ON CONFLICT DO NOTHING;
+insert into capability (name, description) values
('cdn-security-keys-write', 'Create, edit or delete CDN DNSSEC keys') ON
CONFLICT DO NOTHING;
+insert into capability (name, description) values ('cdn-stats-read', 'View
CDN statistics') ON CONFLICT DO NOTHING;
+insert into capability (name, description) values ('cdn-stats-write',
'Create, edit or delete CDN statistics') ON CONFLICT DO NOTHING;
+insert into capability (name, description) values ('change-log-read',
'View change-log') ON CONFLICT DO NOTHING;
+insert into capability (name, description) values ('change-log-write',
'Create change-log entries') ON CONFLICT DO NOTHING;
+insert into capability (name, description) values ('division-read', 'View
division configuration') ON CONFLICT DO NOTHING;
+insert into capability (name, description) values ('division-write',
'Create, edit or delete division configuration') ON CONFLICT DO NOTHING;
+insert into capability (name, description) values ('ds-cache-read', 'View
delivery-service cache assignment') ON CONFLICT DO NOTHING;
+insert into capability (name, description) values ('ds-cache-read',
'Create, edit or delete delivery-service cache assignment') ON CONFLICT DO
NOTHING;
+insert into capability (name, description) values ('ds-health-read', 'View
delivery-service health') ON CONFLICT DO NOTHING;
+insert into capability (name, description) values ('ds-read', 'View
delivery-service configuration') ON CONFLICT DO NOTHING;
+insert into capability (name, description) values ('ds-write', 'Create,
edit or delete delivery-service configuration') ON CONFLICT DO NOTHING;
+insert into capability (name, description) values
('ds-security-keys-read', 'View delivery-service security keys') ON CONFLICT DO
NOTHING;
+insert into capability (name, description) values
('ds-security-keys-write', 'Create, edit or delete delivery-service security
keys') ON CONFLICT DO NOTHING;
+insert into capability (name, description) values ('ds-stats-read', 'View
delivery-service statistics') ON CONFLICT DO NOTHING;
+insert into capability (name, description) values ('ds-steering-read',
'View delivery-service steering configuration') ON CONFLICT DO NOTHING;
+insert into capability (name, description) values ('ds-steering-write',
'Create, edit or delete delivery-service steering configuration') ON CONFLICT
DO NOTHING;
+insert into capability (name, description) values
('federation-routing-read', 'View federation routing') ON CONFLICT DO NOTHING;
+insert into capability (name, description) values
('federation-routing-write', 'Create, edit or delete federation routing') ON
CONFLICT DO NOTHING;
+insert into capability (name, description) values ('job-read', 'View
jobs') ON CONFLICT DO NOTHING;
+insert into capability (name, description) values ('job-write', 'Create,
edit or delete jobs') ON CONFLICT DO NOTHING;
+insert into capability (name, description) values ('params-read', 'View
parameters') ON CONFLICT DO NOTHING;
+insert into capability (name, description) values ('params-write',
'Create, edit or delete parameters') ON CONFLICT DO NOTHING;
+insert into capability (name, description) values ('phys-location-read',
'View physical location configuration') ON CONFLICT DO NOTHING;
+insert into capability (name, description) values ('phys-location-write',
'Create, edit or delete physical location configuration') ON CONFLICT DO
NOTHING;
+insert into capability (name, description) values ('profile-read', 'View
profiles') ON CONFLICT DO NOTHING;
+insert into capability (name, description) values ('profile-write',
'Create, edit or delete profiles') ON CONFLICT DO NOTHING;
+insert into capability (name, description) values ('queue-updates-write',
'Queue updates to caches') ON CONFLICT DO NOTHING;
+insert into capability (name, description) values ('region-read', 'View
region configuration') ON CONFLICT DO NOTHING;
+insert into capability (name, description) values ('region-write',
'Create, edit or delete region configuration') ON CONFLICT DO NOTHING;
+insert into capability (name, description) values ('role-read', 'View role
configuration') ON CONFLICT DO NOTHING;
+insert into capability (name, description) values ('role-write', 'Create,
edit or delete role configuration') ON CONFLICT DO NOTHING;
+insert into capability (name, description) values ('security-keys-read',
'View security keys') ON CONFLICT DO NOTHING;
+insert into capability (name, description) values ('security-keys-write',
'Create, edit or delete security keys') ON CONFLICT DO NOTHING;
+insert into capability (name, description) values
('server-pull-updates-read', 'Read server update indication') ON CONFLICT DO
NOTHING;
+insert into capability (name, description) values
('server-pull-updates-write', 'Write server update indication') ON CONFLICT DO
NOTHING;
+insert into capability (name, description) values ('server-read', 'View
server configuration') ON CONFLICT DO NOTHING;
+insert into capability (name, description) values ('server-write',
'Create, edit or delete server configuration') ON CONFLICT DO NOTHING;
+insert into capability (name, description) values ('static-dns-read',
'View static DNS configuration') ON CONFLICT DO NOTHING;
+insert into capability (name, description) values ('static-dns-write',
'Create, edit or delete static DNS configuration') ON CONFLICT DO NOTHING;
+insert into capability (name, description) values ('status-read', 'View
the list of defined statuses') ON CONFLICT DO NOTHING;
+insert into capability (name, description) values ('to-extension-read',
'View Traffic Ops extensions') ON CONFLICT DO NOTHING;
+insert into capability (name, description) values ('to-extension-write',
'Create, edit or delete Traffic Ops extensions') ON CONFLICT DO NOTHING;
+insert into capability (name, description) values ('type-read', 'View
types configuration') ON CONFLICT DO NOTHING;
+insert into capability (name, description) values ('type-write', 'Create,
edit or delete type configuration') ON CONFLICT DO NOTHING;
+insert into capability (name, description) values ('user-read', 'View user
configuration') ON CONFLICT DO NOTHING;
+insert into capability (name, description) values ('user-write', 'Create,
edit or delete user configuration') ON CONFLICT DO NOTHING;
+
+-- roles_capabilities
+insert into role_capability (role_id, cap_name) values (9, 'all-read') ON
CONFLICT DO NOTHING;
--- End diff --
if we use the existing "admin" role this could be changed to:
insert into role_capability (role_id, cap_name) values ((select id from
role where name = 'admin', 'all-read') ON CONFLICT DO NOTHING;
insert into role_capability (role_id, cap_name) values ((select id from
role where name = 'admin', 'all-write') ON CONFLICT DO NOTHING;
once you sync up with the new seeds.sql you'll also see that we are trying
to get away from hardcoding id's into the insert statements.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
