O3-3002: Queue Module - REST endpoints can be accessed without authentication. #73
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
IamMujuziMoses
force-pushed
the
O3-3002-III
branch
2 times, most recently
from
818cdb7
to
26cd748
Compare
IamMujuziMoses
force-pushed
the
O3-3002-III
branch
from
26cd748
to
48ff6f2
Compare
mseaton
requested changes
May 14, 2024
api/src/main/resources/liquibase.xml
Outdated
| <preConditions onFail="MARK_RAN"> | ||
| <not> | ||
| <sqlCheck expectedResult="0"> | ||
| SELECT count(*) FROM role_privilege WHERE privilege='Get Visits'; |
There was a problem hiding this comment.
I would think the more appropriate check here, would be to execute this only if no one already has the "Get Queue Entries" privilege (which would imply it has already previously been assigned as desired). Then, this also allows you to get rid of the "AND NOT EXISTS..." clause from your insert statement below, right?
The same sort of logic would be applied to all of the changesets below. So:
- If any role already has privilege A, then mark as RAN
- Otherwise, assign privilege A to any role that already has privilege B.
mseaton
requested changes
May 17, 2024
api/src/main/resources/liquibase.xml
Outdated
| </not> | ||
| </preConditions> | ||
| <comment>Add "Manage Queue Entries" privilege to the roles having "Edit Visits"</comment> | ||
| <sql> | ||
| INSERT INTO role_privilege (role, privilege) | ||
| SELECT role, 'Manage Queue Entries' from role_privilege rp | ||
| WHERE rp.privilege = 'Edit Visits' |
There was a problem hiding this comment.
If you are going to do this, I think you need to ensure you only insert the distict roles from both, so a single sql statement, something like:
INSERT INTO role_privilege (role, privilege)
SELECT distinct role, 'Manage Queue Entries' from role_privilege rp
WHERE rp.privilege in ('Add Visits', 'Edit Visits');
api/src/main/resources/liquibase.xml
Outdated
| </not> | ||
| </preConditions> | ||
| <comment>Add "Manage Queue Rooms" privilege to the roles having "Edit Visits"</comment> | ||
| <sql> |
There was a problem hiding this comment.
Same comment as above, you need to use something like:
INSERT INTO role_privilege (role, privilege)
SELECT distinct role, 'Manage Queue Rooms' from role_privilege rp
WHERE rp.privilege in ('Add Visits', 'Edit Visits');
d653c6c
to
746d920
Compare
mseaton
approved these changes
May 17, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Issue I worked on
see https://issues.openmrs.org/browse/O3-3002
Checklist: I completed these to help reviewers :)
QueueService,QueueEntryService,QueueRoomServiceandRoomProviderMapService.PrivilegeConstantsclass to contain all privilege names and their descriptions.