Revert "schema changes after ap inject"

This reverts commit 788f863.

Author: Andre Turner

dbschema/budget.esdl

@@ -7,23 +7,6 @@ module default {
     universalTemplate: File;
 
     records := .<budget[is Budget::Record];
-
-    access policy CanSelectUpdateReadGeneratedFromAppPoliciesForBudget
-    allow select, update read using (
-      (
-        exists (<Role>{'Administrator', 'FieldOperationsDirector', 'LeadFinancialAnalyst', 'Controller', 'FinancialAnalyst', 'Marketing', 'Fundraising', 'ExperienceOperations', 'Leadership', 'ProjectManager', 'RegionalDirector'} intersect global currentRoles)
-        or (
-          Role.ConsultantManager in global currentRoles
-          and (
-            .isMember
-            or .sensitivity <= Sensitivity.Medium
-          )
-        )
-      )
-    );
-
-    access policy CanUpdateWriteInsertDeleteGeneratedFromAppPoliciesForBudget
-    allow update write, insert, delete;
   }
 }
 
@@ -46,23 +29,6 @@ module Budget {
       readonly := true;
       on target delete delete source;
     };
-
-    access policy CanSelectUpdateReadGeneratedFromAppPoliciesForBudgetRecord
-    allow select, update read using (
-      (
-        exists (<default::Role>{'Administrator', 'FieldOperationsDirector', 'LeadFinancialAnalyst', 'Controller', 'FinancialAnalyst', 'Marketing', 'Fundraising', 'ExperienceOperations', 'Leadership', 'ProjectManager', 'RegionalDirector'} intersect global default::currentRoles)
-        or (
-          default::Role.ConsultantManager in global default::currentRoles
-          and (
-            .isMember
-            or .sensitivity <= default::Sensitivity.Medium
-          )
-        )
-      )
-    );
-
-    access policy CanUpdateWriteInsertDeleteGeneratedFromAppPoliciesForBudgetRecord
-    allow update write, insert, delete;
   }
 
   scalar type Status extending enum<

dbschema/ceremony.esdl

@@ -7,20 +7,6 @@ module Engagement {
     actualDate: cal::local_date;
 
     constraint exclusive on (.engagement);
-
-    access policy CanSelectUpdateReadGeneratedFromAppPoliciesForCeremony
-    allow select, update read using (
-      (
-        exists (<default::Role>{'Administrator', 'FieldOperationsDirector', 'FieldPartner', 'FinancialAnalyst', 'LeadFinancialAnalyst', 'Controller', 'Marketing', 'Fundraising', 'ExperienceOperations', 'Leadership', 'ProjectManager', 'RegionalDirector', 'StaffMember'} intersect global default::currentRoles)
-        or (
-          exists (<default::Role>{'Consultant', 'ConsultantManager', 'Intern', 'Mentor', 'Translator'} intersect global default::currentRoles)
-          and .isMember
-        )
-      )
-    );
-
-    access policy CanUpdateWriteInsertDeleteGeneratedFromAppPoliciesForCeremony
-    allow update write, insert, delete;
   }
   type DedicationCeremony extending Ceremony {}
   type CertificationCeremony extending Ceremony {}

dbschema/comments.esdl

@@ -1,19 +1,6 @@
 module Comments {
   abstract type Aware extending default::Resource {
     commentThreads := .<container[is Thread];
-
-    access policy CanSelectUpdateReadGeneratedFromAppPoliciesForCommentable
-    allow select, update read using (
-      exists (<default::Role>{'Administrator', 'Leadership'} intersect global default::currentRoles)
-    );
-
-    access policy CanUpdateWriteGeneratedFromAppPoliciesForCommentable
-    allow update write;
-
-    access policy CanInsertDeleteGeneratedFromAppPoliciesForCommentable
-    allow insert, delete using (
-      default::Role.Administrator in global default::currentRoles
-    );
   }
 
   type Thread extending default::Resource, Mixin::Embedded {
@@ -23,60 +10,12 @@ module Comments {
     comments := .<thread[is Comment];
     firstComment := (select .comments order by .createdAt asc limit 1);
     latestComment := (select .comments order by .createdAt desc limit 1);
-
-    access policy CanSelectUpdateReadGeneratedFromAppPoliciesForCommentThread
-    allow select, update read using (
-      (
-        exists (<default::Role>{'Administrator', 'Leadership'} intersect global default::currentRoles)
-        or .isCreator
-      )
-    );
-
-    access policy CanUpdateWriteGeneratedFromAppPoliciesForCommentThread
-    allow update write;
-
-    access policy CanInsertGeneratedFromAppPoliciesForCommentThread
-    allow insert using (
-      default::Role.Administrator in global default::currentRoles
-    );
-
-    access policy CanDeleteGeneratedFromAppPoliciesForCommentThread
-    allow delete using (
-      (
-        default::Role.Administrator in global default::currentRoles
-        or .isCreator
-      )
-    );
   }
 
   type Comment extending default::Resource {
     required thread: Thread {
       on target delete delete source;
     };
     required body: default::RichText;
-
-    access policy CanSelectUpdateReadGeneratedFromAppPoliciesForComment
-    allow select, update read using (
-      (
-        exists (<default::Role>{'Administrator', 'Leadership'} intersect global default::currentRoles)
-        or .isCreator
-      )
-    );
-
-    access policy CanUpdateWriteGeneratedFromAppPoliciesForComment
-    allow update write;
-
-    access policy CanInsertGeneratedFromAppPoliciesForComment
-    allow insert using (
-      default::Role.Administrator in global default::currentRoles
-    );
-
-    access policy CanDeleteGeneratedFromAppPoliciesForComment
-    allow delete using (
-      (
-        default::Role.Administrator in global default::currentRoles
-        or .isCreator
-      )
-    );
   }
 }

dbschema/engagement.esdl

@@ -47,44 +47,6 @@ module default {
     };
 
     description: RichText;
-
-    access policy CanSelectUpdateReadGeneratedFromAppPoliciesForEngagement
-    allow select, update read using (
-      (
-        exists (<Role>{'Administrator', 'ProjectManager', 'RegionalDirector', 'FieldOperationsDirector', 'FinancialAnalyst', 'LeadFinancialAnalyst', 'Controller', 'Marketing', 'Fundraising', 'ExperienceOperations', 'Leadership', 'StaffMember'} intersect global currentRoles)
-        or (
-          exists (<Role>{'Consultant', 'ConsultantManager', 'FieldPartner', 'Intern', 'Mentor', 'ProjectManager', 'RegionalDirector', 'FieldOperationsDirector', 'Translator'} intersect global currentRoles)
-          and .isMember
-        )
-      )
-    );
-
-    access policy CanUpdateWriteGeneratedFromAppPoliciesForEngagement
-    allow update write;
-
-    access policy CanInsertGeneratedFromAppPoliciesForEngagement
-    allow insert using (
-      (
-        Role.Administrator in global currentRoles
-        or (
-          exists (<Role>{'ProjectManager', 'RegionalDirector', 'FieldOperationsDirector', 'FinancialAnalyst', 'LeadFinancialAnalyst', 'Controller'} intersect global currentRoles)
-          and .isMember
-          and <str>.project.status = 'InDevelopment'
-        )
-      )
-    );
-
-    access policy CanDeleteGeneratedFromAppPoliciesForEngagement
-    allow delete using (
-      (
-        Role.Administrator in global currentRoles
-        or (
-          exists (<Role>{'ProjectManager', 'RegionalDirector', 'FieldOperationsDirector', 'FinancialAnalyst', 'LeadFinancialAnalyst', 'Controller'} intersect global currentRoles)
-          and .isMember
-          and <str>.status = 'InDevelopment'
-        )
-      )
-    );
   }
 
   type LanguageEngagement extending Engagement {
@@ -157,11 +119,6 @@ module default {
       update __old__.language.projectContext
       set { projects -= __old__.project }
     );
-
-    access policy CanSelectUpdateReadGeneratedFromAppPoliciesForLanguageEngagement
-    allow select, update read using (
-      Role.ConsultantManager in global currentRoles
-    );
   }
 
   type InternshipEngagement extending Engagement {

dbschema/field-region.esdl

@@ -6,18 +6,5 @@ module default {
 
     required fieldZone: FieldZone;
     required director: User;
-
-    access policy CanSelectUpdateReadGeneratedFromAppPoliciesForFieldRegion
-    allow select, update read using (
-      exists (<Role>{'Administrator', 'Consultant', 'ConsultantManager', 'FieldPartner', 'FinancialAnalyst', 'LeadFinancialAnalyst', 'Controller', 'Marketing', 'Fundraising', 'ExperienceOperations', 'Leadership', 'ProjectManager', 'RegionalDirector', 'FieldOperationsDirector', 'StaffMember'} intersect global currentRoles)
-    );
-
-    access policy CanUpdateWriteGeneratedFromAppPoliciesForFieldRegion
-    allow update write;
-
-    access policy CanInsertDeleteGeneratedFromAppPoliciesForFieldRegion
-    allow insert, delete using (
-      Role.Administrator in global currentRoles
-    );
   }
 }

dbschema/field-zone.esdl

@@ -7,18 +7,5 @@ module default {
     required director: User;
 
     fieldRegions := .<fieldZone[is FieldRegion];
-
-    access policy CanSelectUpdateReadGeneratedFromAppPoliciesForFieldZone
-    allow select, update read using (
-      exists (<Role>{'Administrator', 'Consultant', 'ConsultantManager', 'FieldPartner', 'FinancialAnalyst', 'LeadFinancialAnalyst', 'Controller', 'Marketing', 'Fundraising', 'ExperienceOperations', 'Leadership', 'ProjectManager', 'RegionalDirector', 'FieldOperationsDirector', 'StaffMember'} intersect global currentRoles)
-    );
-
-    access policy CanUpdateWriteGeneratedFromAppPoliciesForFieldZone
-    allow update write;
-
-    access policy CanInsertDeleteGeneratedFromAppPoliciesForFieldZone
-    allow insert, delete using (
-      Role.Administrator in global currentRoles
-    );
   }
 }

dbschema/file.esdl

@@ -4,11 +4,6 @@ module default {
     required totalFiles: int32 {
       default := 0;
     };
-
-    access policy CanSelectUpdateReadGeneratedFromAppPoliciesForDirectory
-    allow select, update read using (
-      exists (<Role>{'FinancialAnalyst', 'LeadFinancialAnalyst', 'Controller'} intersect global currentRoles)
-    );
   }
 
   # TODO how to front latest version info?
@@ -43,18 +38,5 @@ module File {
       depth: int16; # todo enforce
     }
 #     multi link children: Node;
-
-    access policy CanSelectUpdateReadGeneratedFromAppPoliciesForFileNode
-    allow select, update read using (
-      exists (<default::Role>{'Administrator', 'Leadership'} intersect global default::currentRoles)
-    );
-
-    access policy CanUpdateWriteGeneratedFromAppPoliciesForFileNode
-    allow update write;
-
-    access policy CanInsertDeleteGeneratedFromAppPoliciesForFileNode
-    allow insert, delete using (
-      default::Role.Administrator in global default::currentRoles
-    );
   }
 }

dbschema/funding-account.esdl

@@ -7,18 +7,5 @@ module default {
     required accountNumber: int16 {
       constraint expression on (__subject__ >= 0 and __subject__ <= 9);
     }
-
-    access policy CanSelectUpdateReadGeneratedFromAppPoliciesForFundingAccount
-    allow select, update read using (
-      exists (<Role>{'Administrator', 'ConsultantManager', 'FinancialAnalyst', 'LeadFinancialAnalyst', 'Controller', 'Leadership', 'ProjectManager', 'RegionalDirector', 'FieldOperationsDirector', 'StaffMember'} intersect global currentRoles)
-    );
-
-    access policy CanUpdateWriteGeneratedFromAppPoliciesForFundingAccount
-    allow update write;
-
-    access policy CanInsertDeleteGeneratedFromAppPoliciesForFundingAccount
-    allow insert, delete using (
-      Role.Administrator in global currentRoles
-    );
   }
 }

dbschema/language.esdl

@@ -87,25 +87,6 @@ module default {
     }
 
     index on ((.name, .ownSensitivity, .leastOfThese, .isSignLanguage, .isDialect));
-
-    access policy CanSelectUpdateReadGeneratedFromAppPoliciesForLanguage
-    allow select, update read using (
-      (
-        exists (<Role>{'Administrator', 'ConsultantManager', 'ExperienceOperations', 'LeadFinancialAnalyst', 'Controller', 'FinancialAnalyst', 'Fundraising', 'Marketing', 'Leadership', 'ProjectManager', 'RegionalDirector', 'FieldOperationsDirector', 'StaffMember'} intersect global currentRoles)
-        or (
-          exists (<Role>{'Consultant', 'ConsultantManager', 'FieldPartner', 'Intern', 'Mentor', 'Translator'} intersect global currentRoles)
-          and .isMember
-        )
-      )
-    );
-
-    access policy CanUpdateWriteGeneratedFromAppPoliciesForLanguage
-    allow update write;
-
-    access policy CanInsertDeleteGeneratedFromAppPoliciesForLanguage
-    allow insert, delete using (
-      Role.Administrator in global currentRoles
-    );
   }
 
   scalar type population extending int32 {
@@ -128,40 +109,6 @@ module Ethnologue {
     };
     name: str;
     population: default::population;
-
-    access policy CanSelectUpdateReadGeneratedFromAppPoliciesForEthnologueLanguage
-    allow select, update read using (
-      (
-        exists (<default::Role>{'Administrator', 'ExperienceOperations', 'Leadership', 'ProjectManager', 'RegionalDirector', 'FieldOperationsDirector'} intersect global default::currentRoles)
-        or (
-          default::Role.ConsultantManager in global default::currentRoles
-          and .sensitivity <= default::Sensitivity.Medium
-        )
-        or (
-          exists (<default::Role>{'Consultant', 'ConsultantManager', 'FieldPartner', 'Translator'} intersect global default::currentRoles)
-          and .isMember
-        )
-        or (
-          default::Role.Fundraising in global default::currentRoles
-          and (
-            .isMember
-            or .sensitivity <= default::Sensitivity.Medium
-          )
-        )
-        or (
-          exists (<default::Role>{'Marketing', 'Fundraising', 'ExperienceOperations'} intersect global default::currentRoles)
-          and .sensitivity <= default::Sensitivity.Low
-        )
-      )
-    );
-
-    access policy CanUpdateWriteGeneratedFromAppPoliciesForEthnologueLanguage
-    allow update write;
-
-    access policy CanInsertDeleteGeneratedFromAppPoliciesForEthnologueLanguage
-    allow insert, delete using (
-      default::Role.Administrator in global default::currentRoles
-    );
   }
 
   scalar type code extending str {

dbschema/location.esdl

@@ -13,14 +13,6 @@ module default {
     defaultFieldRegion: FieldRegion;
     defaultMarketingRegion: Location;
     mapImage: File;
-
-    access policy CanSelectUpdateReadUpdateWriteGeneratedFromAppPoliciesForLocation
-    allow select, update read, update write;
-
-    access policy CanInsertDeleteGeneratedFromAppPoliciesForLocation
-    allow insert, delete using (
-      Role.Administrator in global currentRoles
-    );
   }
 }