blob: d22ad0196387f90c78a3482c1d9ebec828f91c18 (
about) (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
|
"""
add admin ui privilege to system-administrator role
"""
import contextlib
from yoyo import step
__depends__ = {'20240924_01_thbvh-hooks-for-edu-domains'}
def get_system_admin_id(cursor):
cursor.execute(
"SELECT role_id FROM roles WHERE role_name='system-administrator'")
return cursor.fetchone()[0]
def add_admin_ui_privilege(conn):
with contextlib.closing(conn.cursor()) as cursor:
# Create admin-ui privilege
cursor.execute(
"INSERT INTO privileges (privilege_id, privilege_description) "
"VALUES(?, ?)",
("system:user:admin-ui", "View UI elements that should only be visible to system administrators"))
# Add UI privilege to system-administrator role
cursor.execute(
"INSERT INTO role_privileges (role_id, privilege_id) "
"VALUES(?, ?)",
(get_system_admin_id(cursor), "system:user:admin-ui")
)
def remove_admin_ui_privilege(conn):
with contextlib.closing(conn.cursor()) as cursor:
# Remove UI privilege from system-administrator role
cursor.execute(
"DELETE FROM role_privileges WHERE privilege_id='system:user:admin-ui'")
# Remove UI privilege from privileges table
cursor.execute(
"DELETE FROM privileges WHERE privilege_id='system:user:admin-ui'")
steps = [
step(add_admin_ui_privilege, remove_admin_ui_privilege)
]
|
