From 673d68366008c582a74820ae66ade57998148cfb Mon Sep 17 00:00:00 2001
From: Frederick Muriuki Muriithi
Date: Mon, 14 Nov 2022 13:50:00 +0300
Subject: Migrations: Add `user_editable` field to roles table

Some roles will not be user editable to prevent inconsistencies, and possible
privilege escalation.

* migrations/auth/20221110_05_BaNtL-create-roles-table.py: Add `user_editable`
  column to table
* migrations/auth/20221114_04_tLUzB-initialise-basic-roles.py: Set
  `group-leader` role as not user editable
---
 migrations/auth/20221110_05_BaNtL-create-roles-table.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'migrations/auth/20221110_05_BaNtL-create-roles-table.py')

diff --git a/migrations/auth/20221110_05_BaNtL-create-roles-table.py b/migrations/auth/20221110_05_BaNtL-create-roles-table.py
index edf3ea4..18499a6 100644
--- a/migrations/auth/20221110_05_BaNtL-create-roles-table.py
+++ b/migrations/auth/20221110_05_BaNtL-create-roles-table.py
@@ -11,7 +11,8 @@ steps = [
         """
         CREATE TABLE IF NOT EXISTS roles(
             role_id TEXT NOT NULL PRIMARY KEY,
-            role_name TEXT NOT NULL
+            role_name TEXT NOT NULL,
+            user_editable INTEGER NOT NULL DEFAULT 1 CHECK (user_editable=0 or user_editable=1)
         ) WITHOUT ROWID
         """,
         "DROP TABLE IF EXISTS roles")
-- 
cgit v1.2.3