blob: 3caad5519c7896d2de95526bf4cdace67c9a2747 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
|
"""
Add system:user:list privilege to system-administrator and group-leader roles.
"""
import uuid
import contextlib
from yoyo import step
__depends__ = {'20230306_01_pRfxl-add-system-user-list-privilege'}
def role_ids(cursor):
"""Get role ids from names"""
cursor.execute(
"SELECT * FROM roles WHERE role_name IN "
"('system-administrator', 'group-leader')")
return (uuid.UUID(row[0]) for row in cursor.fetchall())
def add_privilege_to_roles(conn):
"""
Add 'system:user:list' privilege to 'system-administrator' and
'group-leader' roles."""
with contextlib.closing(conn.cursor()) as cursor:
cursor.executemany(
"INSERT INTO role_privileges(role_id,privilege_id) "
"VALUES(?, ?)",
tuple((str(role_id), "system:user:list")
for role_id in role_ids(cursor)))
def del_privilege_from_roles(conn):
"""
Delete 'system:user:list' privilege to 'system-administrator' and
'group-leader' roles.
"""
with contextlib.closing(conn.cursor()) as cursor:
cursor.execute(
"DELETE FROM role_privileges WHERE "
"role_id IN (?, ?) AND privilege_id='system:user:list'",
tuple(str(role_id) for role_id in role_ids(cursor)))
steps = [
step(add_privilege_to_roles, del_privilege_from_roles)
]
|
