Skip to content

Commit

Permalink
[ODS-6502] Update security metadata for StudentContactAssociation (#1157
Browse files Browse the repository at this point in the history 
)
  • Loading branch information
@semalaiappan
semalaiappan authored Oct 16, 2024
1 parent dd998d2 commit 8bc4237
Show file tree
Hide file tree
Showing 12 changed files with 210 additions and 778 deletions.
50 changes: 50 additions & 0 deletions ...rd/4.0.0/Artifacts/MsSql/Data/Security/2190-StudentParentAssociation-ClaimName-Update.sql
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@

-- SPDX-License-Identifier: Apache-2.0
-- Licensed to the Ed-Fi Alliance under one or more agreements.
-- The Ed-Fi Alliance licenses this file to you under the Apache License, Version 2.0.
-- See the LICENSE and NOTICES files in the project root for more information.

BEGIN
DECLARE
@claimId AS INT,
@claimName AS nvarchar(max),
@parentResourceClaimId AS INT,
@existingParentResourceClaimId AS INT

BEGIN TRANSACTION


----------------------------------------------------------------------------------------------------------------------------
-- Resource Claim: 'http://ed-fi.org/ods/identity/claims/domains/primaryRelationships'
----------------------------------------------------------------------------------------------------------------------------
SET @claimName = 'http://ed-fi.org/ods/identity/claims/domains/primaryRelationships'

SELECT @parentResourceClaimId = ResourceClaimId
FROM dbo.ResourceClaims
WHERE ClaimName = @claimName

-- Processing children of http://ed-fi.org/ods/identity/claims/domains/primaryRelationships
----------------------------------------------------------------------------------------------------------------------------
-- Resource Claim: 'http://ed-fi.org/ods/identity/claims/studentParentAssociation'
----------------------------------------------------------------------------------------------------------------------------
SET @claimName = 'http://ed-fi.org/ods/identity/claims/studentParentAssociation'
SET @claimId = NULL

SELECT @claimId = ResourceClaimId, @existingParentResourceClaimId = ParentResourceClaimId
FROM dbo.ResourceClaims
WHERE ClaimName = @claimName

IF @parentResourceClaimId IS NOT NULL
BEGIN
IF @parentResourceClaimId != @existingParentResourceClaimId
BEGIN
PRINT 'Repointing claim ''' + @claimName + ''' (ResourceClaimId=' + CONVERT(nvarchar, @claimId) + ') to new parent (ResourceClaimId=' + CONVERT(nvarchar, @parentResourceClaimId) + ')'
PRINT 'Updating parent resource claim to primaryRelationships'
UPDATE dbo.ResourceClaims
SET ParentResourceClaimId = @parentResourceClaimId
WHERE ResourceClaimId = @claimId
END
END

COMMIT TRANSACTION
END
174 changes: 0 additions & 174 deletions ...4.0.0/Artifacts/MsSql/Data/Security/Changes/0040-Add-ReadChanges-to-Sandbox-Claim-Set.sql
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1652,180 +1652,6 @@ BEGIN
INSERT INTO dbo.ResourceClaimActionAuthorizationStrategies(ResourceClaimActionId, AuthorizationStrategyId)
VALUES (@resourceClaimActionId, @authorizationStrategyId)


----------------------------------------------------------------------------------------------------------------------------
-- Resource Claim: 'http://ed-fi.org/ods/identity/claims/studentParentAssociation'
----------------------------------------------------------------------------------------------------------------------------
SET @claimName = 'http://ed-fi.org/ods/identity/claims/studentParentAssociation'
SET @claimId = NULL

SELECT @claimId = ResourceClaimId, @existingParentResourceClaimId = ParentResourceClaimId
FROM dbo.ResourceClaims
WHERE ClaimName = @claimName

SELECT @parentResourceClaimId = ResourceClaimId
FROM @claimIdStack
WHERE Id = (SELECT Max(Id) FROM @claimIdStack)

IF @claimId IS NULL
BEGIN
PRINT 'Creating new claim: ' + @claimName

INSERT INTO dbo.ResourceClaims(ResourceName, ClaimName, ParentResourceClaimId)
VALUES ('studentParentAssociation', 'http://ed-fi.org/ods/identity/claims/studentParentAssociation', @parentResourceClaimId)

SET @claimId = SCOPE_IDENTITY()
END
ELSE
BEGIN
IF @parentResourceClaimId != @existingParentResourceClaimId OR (@parentResourceClaimId IS NULL AND @existingParentResourceClaimId IS NOT NULL) OR (@parentResourceClaimId IS NOT NULL AND @existingParentResourceClaimId IS NULL)
BEGIN
PRINT 'Repointing claim ''' + @claimName + ''' (ResourceClaimId=' + CONVERT(nvarchar, @claimId) + ') to new parent (ResourceClaimId=' + CONVERT(nvarchar, @parentResourceClaimId) + ')'

UPDATE dbo.ResourceClaims
SET ParentResourceClaimId = @parentResourceClaimId
WHERE ResourceClaimId = @claimId
END
END

-- Setting default authorization metadata
PRINT 'Deleting default action authorizations for resource claim ''' + @claimName + ''' (claimId=' + CONVERT(nvarchar, @claimId) + ').'

DELETE FROM dbo.ResourceClaimActionAuthorizationStrategies
WHERE ResourceClaimActionId IN (SELECT ResourceClaimActionId FROM dbo.ResourceClaimActions WHERE ResourceClaimId = @claimId);

DELETE FROM dbo.ResourceClaimActions
WHERE ResourceClaimId = @claimId

-- Default Create authorization
PRINT 'Creating action ''Create'' for resource claim ''' + @claimName + ''' (claimId=' + CONVERT(nvarchar, @claimId) + ').'
INSERT INTO dbo.ResourceClaimActions(ResourceClaimId, ActionId)
VALUES (@claimId, @CreateActionId)

SET @resourceClaimActionId = SCOPE_IDENTITY()


SET @authorizationStrategyId = NULL

SELECT @authorizationStrategyId = a.AuthorizationStrategyId
FROM dbo.AuthorizationStrategies a
WHERE a.AuthorizationStrategyName = 'RelationshipsWithStudentsOnly'

IF @authorizationStrategyId IS NULL
BEGIN
SET @msg = 'AuthorizationStrategy does not exist: ''RelationshipsWithStudentsOnly''';
THROW 50000, @msg, 1
END

PRINT 'Adding authorization strategy ''RelationshipsWithStudentsOnly'' for resource claim ''' + @claimName + ''' (claimId=' + CONVERT(nvarchar, @claimId) + ').'
INSERT INTO dbo.ResourceClaimActionAuthorizationStrategies(ResourceClaimActionId, AuthorizationStrategyId)
VALUES (@resourceClaimActionId, @authorizationStrategyId)


-- Default Read authorization
PRINT 'Creating action ''Read'' for resource claim ''' + @claimName + ''' (claimId=' + CONVERT(nvarchar, @claimId) + ').'
INSERT INTO dbo.ResourceClaimActions(ResourceClaimId, ActionId)
VALUES (@claimId, @ReadActionId)

SET @resourceClaimActionId = SCOPE_IDENTITY()


SET @authorizationStrategyId = NULL

SELECT @authorizationStrategyId = a.AuthorizationStrategyId
FROM dbo.AuthorizationStrategies a
WHERE a.AuthorizationStrategyName = 'RelationshipsWithEdOrgsAndPeople'

IF @authorizationStrategyId IS NULL
BEGIN
SET @msg = 'AuthorizationStrategy does not exist: ''RelationshipsWithEdOrgsAndPeople''';
THROW 50000, @msg, 1
END

PRINT 'Adding authorization strategy ''RelationshipsWithEdOrgsAndPeople'' for resource claim ''' + @claimName + ''' (claimId=' + CONVERT(nvarchar, @claimId) + ').'
INSERT INTO dbo.ResourceClaimActionAuthorizationStrategies(ResourceClaimActionId, AuthorizationStrategyId)
VALUES (@resourceClaimActionId, @authorizationStrategyId)


-- Default Update authorization
PRINT 'Creating action ''Update'' for resource claim ''' + @claimName + ''' (claimId=' + CONVERT(nvarchar, @claimId) + ').'
INSERT INTO dbo.ResourceClaimActions(ResourceClaimId, ActionId)
VALUES (@claimId, @UpdateActionId)

SET @resourceClaimActionId = SCOPE_IDENTITY()


SET @authorizationStrategyId = NULL

SELECT @authorizationStrategyId = a.AuthorizationStrategyId
FROM dbo.AuthorizationStrategies a
WHERE a.AuthorizationStrategyName = 'RelationshipsWithEdOrgsAndPeople'

IF @authorizationStrategyId IS NULL
BEGIN
SET @msg = 'AuthorizationStrategy does not exist: ''RelationshipsWithEdOrgsAndPeople''';
THROW 50000, @msg, 1
END

PRINT 'Adding authorization strategy ''RelationshipsWithEdOrgsAndPeople'' for resource claim ''' + @claimName + ''' (claimId=' + CONVERT(nvarchar, @claimId) + ').'
INSERT INTO dbo.ResourceClaimActionAuthorizationStrategies(ResourceClaimActionId, AuthorizationStrategyId)
VALUES (@resourceClaimActionId, @authorizationStrategyId)


-- Default Delete authorization
PRINT 'Creating action ''Delete'' for resource claim ''' + @claimName + ''' (claimId=' + CONVERT(nvarchar, @claimId) + ').'
INSERT INTO dbo.ResourceClaimActions(ResourceClaimId, ActionId)
VALUES (@claimId, @DeleteActionId)

SET @resourceClaimActionId = SCOPE_IDENTITY()


SET @authorizationStrategyId = NULL

SELECT @authorizationStrategyId = a.AuthorizationStrategyId
FROM dbo.AuthorizationStrategies a
WHERE a.AuthorizationStrategyName = 'RelationshipsWithEdOrgsAndPeople'

IF @authorizationStrategyId IS NULL
BEGIN
SET @msg = 'AuthorizationStrategy does not exist: ''RelationshipsWithEdOrgsAndPeople''';
THROW 50000, @msg, 1
END

PRINT 'Adding authorization strategy ''RelationshipsWithEdOrgsAndPeople'' for resource claim ''' + @claimName + ''' (claimId=' + CONVERT(nvarchar, @claimId) + ').'
INSERT INTO dbo.ResourceClaimActionAuthorizationStrategies(ResourceClaimActionId, AuthorizationStrategyId)
VALUES (@resourceClaimActionId, @authorizationStrategyId)


-- Default ReadChanges authorization
PRINT 'Creating action ''ReadChanges'' for resource claim ''' + @claimName + ''' (claimId=' + CONVERT(nvarchar, @claimId) + ').'
INSERT INTO dbo.ResourceClaimActions(ResourceClaimId, ActionId)
VALUES (@claimId, @ReadChangesActionId)

SET @resourceClaimActionId = SCOPE_IDENTITY()


SET @authorizationStrategyId = NULL

SELECT @authorizationStrategyId = a.AuthorizationStrategyId
FROM dbo.AuthorizationStrategies a
WHERE a.AuthorizationStrategyName = 'RelationshipsWithEdOrgsAndPeopleIncludingDeletes'

IF @authorizationStrategyId IS NULL
BEGIN
SET @msg = 'AuthorizationStrategy does not exist: ''RelationshipsWithEdOrgsAndPeopleIncludingDeletes''';
THROW 50000, @msg, 1
END

PRINT 'Adding authorization strategy ''RelationshipsWithEdOrgsAndPeopleIncludingDeletes'' for resource claim ''' + @claimName + ''' (claimId=' + CONVERT(nvarchar, @claimId) + ').'
INSERT INTO dbo.ResourceClaimActionAuthorizationStrategies(ResourceClaimActionId, AuthorizationStrategyId)
VALUES (@resourceClaimActionId, @authorizationStrategyId)



-- Pop the stack
DELETE FROM @claimIdStack WHERE Id = (SELECT Max(Id) FROM @claimIdStack)

----------------------------------------------------------------------------------------------------------------------------
-- Resource Claim: 'http://ed-fi.org/ods/identity/claims/domains/assessmentMetadata'
----------------------------------------------------------------------------------------------------------------------------
Expand Down
29 changes: 0 additions & 29 deletions ...4.0.0/Artifacts/MsSql/Data/Security/Changes/0040-Add-ReadChanges-to-Sandbox-Claim-Set.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -257,35 +257,6 @@
</Action>
</DefaultAuthorization>
</Claim>
<Claim claimId="272" name="http://ed-fi.org/ods/identity/claims/studentParentAssociation">
<DefaultAuthorization>
<Action name="Create">
<AuthorizationStrategies>
<AuthorizationStrategy name="RelationshipsWithStudentsOnly" />
</AuthorizationStrategies>
</Action>
<Action name="Read">
<AuthorizationStrategies>
<AuthorizationStrategy name="RelationshipsWithEdOrgsAndPeople" />
</AuthorizationStrategies>
</Action>
<Action name="Update">
<AuthorizationStrategies>
<AuthorizationStrategy name="RelationshipsWithEdOrgsAndPeople" />
</AuthorizationStrategies>
</Action>
<Action name="Delete">
<AuthorizationStrategies>
<AuthorizationStrategy name="RelationshipsWithEdOrgsAndPeople" />
</AuthorizationStrategies>
</Action>
<Action name="ReadChanges">
<AuthorizationStrategies>
<AuthorizationStrategy name="RelationshipsWithEdOrgsAndPeopleIncludingDeletes" />
</AuthorizationStrategies>
</Action>
</DefaultAuthorization>
</Claim>
</Claims>
</Claim>
<Claim name="http://ed-fi.org/ods/identity/claims/domains/assessmentMetadata">
Expand Down
55 changes: 55 additions & 0 deletions ...rd/4.0.0/Artifacts/PgSql/Data/Security/2190-StudentParentAssociation-ClaimName-Update.sql
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,55 @@
-- SPDX-License-Identifier: Apache-2.0
-- Licensed to the Ed-Fi Alliance under one or more agreements.
-- The Ed-Fi Alliance licenses this file to you under the Apache License, Version 2.0.
-- See the LICENSE and NOTICES files in the project root for more information.

DO
$$
DECLARE
claim_id INT;
claim_name VARCHAR(2048);
parent_resource_claim_id INT;
existing_parent_resource_claim_id INT;
BEGIN
-- Begin transaction
BEGIN

----------------------------------------------------------------------------------------------------------------------------
-- Resource Claim: 'http://ed-fi.org/ods/identity/claims/domains/primaryRelationships'
----------------------------------------------------------------------------------------------------------------------------
claim_name := 'http://ed-fi.org/ods/identity/claims/domains/primaryRelationships';

SELECT resourceclaimid INTO parent_resource_claim_id
FROM dbo.resourceclaims
WHERE claimname = claim_name;

-- Processing children of 'http://ed-fi.org/ods/identity/claims/domains/primaryRelationships'
----------------------------------------------------------------------------------------------------------------------------
-- Resource Claim: 'http://ed-fi.org/ods/identity/claims/studentParentAssociation'
----------------------------------------------------------------------------------------------------------------------------
claim_name := 'http://ed-fi.org/ods/identity/claims/studentParentAssociation';
claim_id := NULL;

SELECT resourceclaimid, parentresourceclaimid INTO claim_id, existing_parent_resource_claim_id
FROM dbo.resourceclaims
WHERE claimname = claim_name;

IF parent_resource_claim_id IS NOT NULL THEN
IF parent_resource_claim_id != existing_parent_resource_claim_id THEN
RAISE NOTICE 'Repointing claim % (ResourceClaimId=%) to new parent (ResourceClaimId=%)',
claim_name, claim_id, parent_resource_claim_id;

RAISE NOTICE 'Updating parent resource claim to primaryRelationships';

UPDATE dbo.resourceclaims
SET parentresourceclaimid = parent_resource_claim_id
WHERE resourceclaimid = claim_id;
END IF;
END IF;

-- Commit transaction
COMMIT;

END;
END
$$;
Loading

0 comments on commit 8bc4237

Please sign in to comment.