diff options
author | Frederick Muriuki Muriithi | 2022-11-14 13:50:00 +0300 |
---|---|---|
committer | Frederick Muriuki Muriithi | 2022-11-14 13:50:00 +0300 |
commit | 673d68366008c582a74820ae66ade57998148cfb (patch) | |
tree | 300fd3c3fd78f2dd55022b92e58c4b547e470af3 /migrations/auth | |
parent | f3295a7d6df0a64c3949fa2e940918cea94f99a1 (diff) | |
download | genenetwork3-673d68366008c582a74820ae66ade57998148cfb.tar.gz |
Migrations: Add `user_editable` field to roles table
Some roles will not be user editable to prevent inconsistencies, and possible
privilege escalation.
* migrations/auth/20221110_05_BaNtL-create-roles-table.py: Add `user_editable`
column to table
* migrations/auth/20221114_04_tLUzB-initialise-basic-roles.py: Set
`group-leader` role as not user editable
Diffstat (limited to 'migrations/auth')
-rw-r--r-- | migrations/auth/20221110_05_BaNtL-create-roles-table.py | 3 | ||||
-rw-r--r-- | migrations/auth/20221114_04_tLUzB-initialise-basic-roles.py | 4 |
2 files changed, 4 insertions, 3 deletions
diff --git a/migrations/auth/20221110_05_BaNtL-create-roles-table.py b/migrations/auth/20221110_05_BaNtL-create-roles-table.py index edf3ea4..18499a6 100644 --- a/migrations/auth/20221110_05_BaNtL-create-roles-table.py +++ b/migrations/auth/20221110_05_BaNtL-create-roles-table.py @@ -11,7 +11,8 @@ steps = [ """ CREATE TABLE IF NOT EXISTS roles( role_id TEXT NOT NULL PRIMARY KEY, - role_name TEXT NOT NULL + role_name TEXT NOT NULL, + user_editable INTEGER NOT NULL DEFAULT 1 CHECK (user_editable=0 or user_editable=1) ) WITHOUT ROWID """, "DROP TABLE IF EXISTS roles") diff --git a/migrations/auth/20221114_04_tLUzB-initialise-basic-roles.py b/migrations/auth/20221114_04_tLUzB-initialise-basic-roles.py index 08d0202..c4887cd 100644 --- a/migrations/auth/20221114_04_tLUzB-initialise-basic-roles.py +++ b/migrations/auth/20221114_04_tLUzB-initialise-basic-roles.py @@ -9,8 +9,8 @@ __depends__ = {'20221114_03_PtWjc-create-group-roles-table'} steps = [ step( """ - INSERT INTO roles(role_id, role_name) VALUES - ('a0e67630-d502-4b9f-b23f-6805d0f30e30', 'group-leader') + INSERT INTO roles(role_id, role_name, user_editable) VALUES + ('a0e67630-d502-4b9f-b23f-6805d0f30e30', 'group-leader', '0') """, "DELETE FROM roles"), step( |