Add role management privileges to the group-leader role.

1 files changed, 27 insertions, 0 deletions

diff --git a/migrations/auth/20250703_01_aDVwP-add-role-management-privileges-to-group-leader-role.py b/migrations/auth/20250703_01_aDVwP-add-role-management-privileges-to-group-leader-role.py
new file mode 100644
index 0000000..6335152
--- /dev/null
+++ b/migrations/auth/20250703_01_aDVwP-add-role-management-privileges-to-group-leader-role.py
@@ -0,0 +1,27 @@
+"""
+Add role management privileges to group-leader role
+"""
+
+from yoyo import step
+
+__depends__ = {'20250609_01_LB60X-add-batch-edit-privileges', '20250609_02_9UBPl-assign-group-data-link-to-group-privilege-to-group-leader'}
+
+steps = [
+    step(
+        """
+        INSERT INTO role_privileges(role_id, privilege_id)
+        VALUES
+          ('a0e67630-d502-4b9f-b23f-6805d0f30e30', 'resource:role:create-role'),
+          ('a0e67630-d502-4b9f-b23f-6805d0f30e30', 'resource:role:delete-role'),
+          ('a0e67630-d502-4b9f-b23f-6805d0f30e30', 'resource:role:edit-role')
+        """,
+        """
+        DELETE FROM role_privileges
+        WHERE role_id='a0e67630-d502-4b9f-b23f-6805d0f30e30'
+        AND privilege_id IN (
+          'resource:role:create-role',
+          'resource:role:delete-role',
+          'resource:role:edit-role'
+        )
+        """)
+]