From 630fa2a468e75f5dbdca67a709ba6843fd8d530f Mon Sep 17 00:00:00 2001
From: cedricbriandgithub <cedric.briand@eptb-vilaine.fr>
Date: Tue, 18 Oct 2022 15:43:38 +0200
Subject: [PATCH] dev : added role group references #22

---
 sql/version0.6/issue22.sql      | 73 ++++++++++++++++++++++++++++++++
 sql/version0.6/test_logrami.sql | 75 +++++++++++++++++++++++++++++++++
 2 files changed, 148 insertions(+)
 create mode 100644 sql/version0.6/issue22.sql
 create mode 100644 sql/version0.6/test_logrami.sql

diff --git a/sql/version0.6/issue22.sql b/sql/version0.6/issue22.sql
new file mode 100644
index 0000000..e46e3c9
--- /dev/null
+++ b/sql/version0.6/issue22.sql
@@ -0,0 +1,73 @@
+-- see https://forgemia.inra.fr/stacomi/stacomi_db/-/issues/22
+
+
+ALTER ROLE iav WITH NOSUPERUSER INHERIT NOCREATEROLE NOCREATEDB LOGIN NOREPLICATION NOBYPASSRLS ;
+
+
+create role group_stacomi_sequence NOINHERIT NOLOGIN; -- no inherit ensures that the privileges cannot be passed to another group role created later
+create role group_stacomi INHERIT NOLOGIN; -- group_stacomi will be able to inherit from privileges set in  group_stacomi_sequence
+GRANT group_stacomi_sequence TO group_stacomi;
+GRANT group_stacomi TO iav;
+GRANT ALL ON SCHEMA iav TO group_stacomi;
+ALTER TABLE iav.t_operation_ope OWNER TO iav;
+ALTER TABLE iav.t_lot_lot OWNER TO iav;
+ALTER TABLE iav.t_bilanmigrationjournalier_bjo OWNER TO iav;
+ALTER TABLE iav.t_bilanmigrationmensuel_bme OWNER TO iav;
+ALTER TABLE iav.t_ouvrage_ouv OWNER TO iav;
+ALTER TABLE iav.tg_dispositif_dis OWNER TO iav;
+ALTER TABLE iav.tj_stationmesure_stm OWNER TO iav;
+ALTER TABLE iav.t_dispositifcomptage_dic OWNER TO iav;
+ALTER TABLE iav.t_dispositiffranchissement_dif OWNER TO iav;
+ALTER TABLE iav.t_marque_mqe OWNER TO iav;
+ALTER TABLE iav.t_operationmarquage_omq OWNER TO iav;
+ALTER TABLE iav.t_station_sta OWNER TO iav;
+ALTER TABLE iav.tj_actionmarquage_act OWNER TO iav;
+ALTER TABLE iav.tj_caracteristiquelot_car OWNER TO iav;
+ALTER TABLE iav.tj_coefficientconversion_coe OWNER TO iav;
+ALTER TABLE iav.tj_conditionenvironnementale_env OWNER TO iav;
+ALTER TABLE iav.tj_dfestdestinea_dtx OWNER TO iav;
+ALTER TABLE iav.tj_dfesttype_dft OWNER TO iav;
+ALTER TABLE iav.tj_pathologieconstatee_pco OWNER TO iav;
+ALTER TABLE iav.tj_prelevementlot_prl OWNER TO iav;
+ALTER TABLE iav.tj_tauxechappement_txe OWNER TO iav;
+ALTER TABLE iav.ts_maintenance_main OWNER TO iav;
+ALTER TABLE iav.ts_masque_mas OWNER TO iav;
+ALTER TABLE iav.ts_masquecaracteristiquelot_mac OWNER TO iav;
+ALTER TABLE iav.ts_masqueconditionsenvironnementales_mae OWNER TO iav;
+ALTER TABLE iav.ts_masquelot_mal OWNER TO iav;
+ALTER TABLE iav.ts_masqueope_mao OWNER TO iav;
+ALTER TABLE iav.ts_masqueordreaffichage_maa OWNER TO iav;
+ALTER TABLE iav.ts_taillevideo_tav OWNER TO iav;
+ALTER TABLE iav.ts_taxonvideo_txv OWNER TO iav;
+REASSIGN OWNED BY iav TO group_stacomi;
+
+
+-- below owned by just ensures that the sequence is dropped if the column is dropped also.
+-- also use ref.updatesql to apply changes to a schema.
+select ref.updatesql('{"iav"}',
+'
+ALTER SEQUENCE t_bilanmigrationjournalier_bjo_bjo_identifiant_seq OWNED BY t_bilanmigrationjournalier_bjo.bjo_identifiant_seq OWNER TO group_stacomi_sequence;
+ALTER SEQUENCE t_bilanmigrationmensuel_bme_bme_identifiant_seq OWNED BY t_bilanmigrationmensuel_bme.bme_identifiant_seq OWNER TO group_stacomi_sequence;
+ALTER SEQUENCE t_lot_lot_lot_identifiant_seq OWNED BY t_lot_lot.lot_identifiant_seq OWNER TO group_stacomi_sequence;
+ALTER SEQUENCE t_operation_ope_ope_identifiant_seq OWNED BY t_operation_ope.ope_identifiant_seq OWNER TO group_stacomi_sequence;
+ALTER SEQUENCE t_ouvrage_ouv_ouv_identifiant_seq OWNED BY t_ouvrage_ouv.ope_identifiant_seq OWNER TO group_stacomi_sequence;
+ALTER SEQUENCE tg_dispositif_dis_dis_identifiant_seq OWNED BY tg_dispositif_dis.dis_identifiant_seq OWNER TO group_stacomi_sequence;
+ALTER SEQUENCE tj_stationmesure_stm_stm_identifiant_seq OWNED BY tj_stationmesure_stm.stm_identifiant_seq OWNER TO group_stacomi_sequence;
+ALTER SEQUENCE ts_maintenance_main_main_identifiant_seq  OWNED BY ts_maintenance_main.main_identifiant_seq OWNER TO group_stacomi_sequence;
+ALTER SEQUENCE ts_masque_mas_mas_id_seq  OWNED BY ts_masque_mas.mas_id_seq OWNER TO group_stacomi_sequence;
+ALTER SEQUENCE ts_masquecaracteristiquelot_mac_mac_id_seq  OWNED BY ts_masquecaracteristiquelot_mac.mac_mac_id OWNER TO group_stacomi_sequence;
+ALTER SEQUENCE ts_masqueordreaffichage_maa_maa_id_seq  OWNED BY ts_masqueordreaffichage_maa.maa_id_seq OWNER TO group_stacomi_sequence;
+')
+
+
+select ref.updatesql('{"iav"}',
+'
+
+insert into ts_maintenance_main
+(
+  main_ticket,
+  main_description
+  ) values
+  (22,''Mise à jour des droits avec un utilisateur de groupe'');
+
+');
diff --git a/sql/version0.6/test_logrami.sql b/sql/version0.6/test_logrami.sql
new file mode 100644
index 0000000..627c550
--- /dev/null
+++ b/sql/version0.6/test_logrami.sql
@@ -0,0 +1,75 @@
+-- see https://forgemia.inra.fr/stacomi/stacomi_db/-/issues/22
+
+
+ALTER ROLE logrami WITH NOSUPERUSER INHERIT NOCREATEROLE NOCREATEDB LOGIN NOREPLICATION NOBYPASSRLS ;
+
+/*
+create role group_stacomi_sequence NOINHERIT NOLOGIN; -- no inherit ensures that the privileges cannot be passed to another group role created later
+create role group_stacomi INHERIT NOLOGIN; -- group_stacomi will be able to inherit from privileges set in  group_stacomi_sequence
+GRANT group_stacomi_sequence TO group_stacomi;
+*/
+GRANT group_stacomi TO logrami;
+GRANT ALL ON SCHEMA logrami TO group_stacomi;
+
+ALTER TABLE logrami.t_operation_ope OWNER TO logrami;
+ALTER TABLE logrami.t_lot_lot OWNER TO logrami;
+ALTER TABLE logrami.t_bilanmigrationjournalier_bjo OWNER TO logrami;
+ALTER TABLE logrami.t_bilanmigrationmensuel_bme OWNER TO logrami;
+ALTER TABLE logrami.t_ouvrage_ouv OWNER TO logrami;
+ALTER TABLE logrami.tg_dispositif_dis OWNER TO logrami;
+ALTER TABLE logrami.tj_stationmesure_stm OWNER TO logrami;
+ALTER TABLE logrami.t_dispositifcomptage_dic OWNER TO logrami;
+ALTER TABLE logrami.t_dispositiffranchissement_dif OWNER TO logrami;
+ALTER TABLE logrami.t_marque_mqe OWNER TO logrami;
+ALTER TABLE logrami.t_operationmarquage_omq OWNER TO logrami;
+ALTER TABLE logrami.t_station_sta OWNER TO logrami;
+ALTER TABLE logrami.tj_actionmarquage_act OWNER TO logrami;
+ALTER TABLE logrami.tj_caracteristiquelot_car OWNER TO logrami;
+ALTER TABLE logrami.tj_coefficientconversion_coe OWNER TO logrami;
+ALTER TABLE logrami.tj_conditionenvironnementale_env OWNER TO logrami;
+ALTER TABLE logrami.tj_dfestdestinea_dtx OWNER TO logrami;
+ALTER TABLE logrami.tj_dfesttype_dft OWNER TO logrami;
+ALTER TABLE logrami.tj_pathologieconstatee_pco OWNER TO logrami;
+ALTER TABLE logrami.tj_prelevementlot_prl OWNER TO logrami;
+ALTER TABLE logrami.tj_tauxechappement_txe OWNER TO logrami;
+ALTER TABLE logrami.ts_maintenance_main OWNER TO logrami;
+ALTER TABLE logrami.ts_masque_mas OWNER TO logrami;
+ALTER TABLE logrami.ts_masquecaracteristiquelot_mac OWNER TO logrami;
+ALTER TABLE logrami.ts_masqueconditionsenvironnementales_mae OWNER TO logrami;
+ALTER TABLE logrami.ts_masquelot_mal OWNER TO logrami;
+ALTER TABLE logrami.ts_masqueope_mao OWNER TO logrami;
+ALTER TABLE logrami.ts_masqueordreaffichage_maa OWNER TO logrami;
+ALTER TABLE logrami.ts_taillevideo_tav OWNER TO logrami;
+ALTER TABLE logrami.ts_taxonvideo_txv OWNER TO logrami;
+REASSIGN OWNED BY logrami TO group_stacomi;
+
+
+-- below owned by just ensures that the sequence is dropped if the column is dropped also.
+-- also use ref.updatesql to apply changes to a schema.
+select ref.updatesql('{"logrami"}',
+'
+ALTER SEQUENCE t_bilanmigrationjournalier_bjo_bjo_identifiant_seq OWNED BY t_bilanmigrationjournalier_bjo.bjo_identifiant_seq OWNER TO group_stacomi_sequence;
+ALTER SEQUENCE t_bilanmigrationmensuel_bme_bme_identifiant_seq OWNED BY t_bilanmigrationmensuel_bme.bme_identifiant_seq OWNER TO group_stacomi_sequence;
+ALTER SEQUENCE t_lot_lot_lot_identifiant_seq OWNED BY t_lot_lot.lot_identifiant_seq OWNER TO group_stacomi_sequence;
+ALTER SEQUENCE t_operation_ope_ope_identifiant_seq OWNED BY t_operation_ope.ope_identifiant_seq OWNER TO group_stacomi_sequence;
+ALTER SEQUENCE t_ouvrage_ouv_ouv_identifiant_seq OWNED BY t_ouvrage_ouv.ope_identifiant_seq OWNER TO group_stacomi_sequence;
+ALTER SEQUENCE tg_dispositif_dis_dis_identifiant_seq OWNED BY tg_dispositif_dis.dis_identifiant_seq OWNER TO group_stacomi_sequence;
+ALTER SEQUENCE tj_stationmesure_stm_stm_identifiant_seq OWNED BY tj_stationmesure_stm.stm_identifiant_seq OWNER TO group_stacomi_sequence;
+ALTER SEQUENCE ts_maintenance_main_main_identifiant_seq  OWNED BY ts_maintenance_main.main_identifiant_seq OWNER TO group_stacomi_sequence;
+ALTER SEQUENCE ts_masque_mas_mas_id_seq  OWNED BY ts_masque_mas.mas_id_seq OWNER TO group_stacomi_sequence;
+ALTER SEQUENCE ts_masquecaracteristiquelot_mac_mac_id_seq  OWNED BY ts_masquecaracteristiquelot_mac.mac_mac_id OWNER TO group_stacomi_sequence;
+ALTER SEQUENCE ts_masqueordreaffichage_maa_maa_id_seq  OWNED BY ts_masqueordreaffichage_maa.maa_id_seq OWNER TO group_stacomi_sequence;
+')
+
+
+select ref.updatesql('{"logrami"}',
+'
+
+insert into ts_maintenance_main
+(
+  main_ticket,
+  main_description
+  ) values
+  (22,''Mise à jour des droits avec un utilisateur de groupe'');
+
+');
-- 
GitLab