add procedures calls

bernardodemarco · bernardodemarco · commit 0467d4bce9ed · 2025-01-28T20:18:36.000-03:00
diff --git a/engine/schema/src/main/resources/META-INF/db/procedures/cloud.idempotent_update_api_permission.sql b/engine/schema/src/main/resources/META-INF/db/procedures/cloud.idempotent_update_api_permission.sql
@@ -47,6 +47,6 @@ BEGIN
 
         INSERT INTO `cloud`.`role_permissions`
             (uuid, role_id, rule, permission, sort_order)
-        VALUES (uuid(), role_id, rule, permission, max_sort_order - 1);
+        VALUES (uuid(), role_id, rule, permission, max_sort_order);
     END IF;
 END;
diff --git a/engine/schema/src/main/resources/META-INF/db/schema-42010to42100.sql b/engine/schema/src/main/resources/META-INF/db/schema-42010to42100.sql
@@ -34,162 +34,22 @@ AND NOT EXISTS(SELECT 1 FROM cloud.role_permissions rp_ WHERE rp.role_id = rp_.r
 
 -- Grant access to 2FA APIs for the "Read-Only User - Default" role
 
-UPDATE `cloud`.`role_permissions` `rp`
-SET `rp`.`sort_order` = `rp`.`sort_order` + 3
-WHERE `rp`.`rule` = '*'
-    AND `rp`.`permission` = 'DENY'
-    AND `rp`.`role_id` IN (
-        SELECT `r`.`id`
-        FROM `cloud`.`roles` `r`
-        WHERE `r`.`name` = 'Read-Only User - Default'
-            AND `r`.`is_default` = 1
-    );
-
-INSERT INTO `cloud`.`role_permissions`
-    (uuid, role_id, rule, permission, sort_order)
-SELECT uuid(), role_id, 'setupUserTwoFactorAuthentication','ALLOW',MAX(sort_order) - 3
-FROM `cloud`.`role_permissions`
-WHERE role_id = (
-    SELECT `r`.`id`
-    FROM `cloud`.`roles` `r`
-    WHERE `r`.`name` = 'Read-Only User - Default'
-    AND `r`.`is_default` = 1
-);
-
-INSERT INTO `cloud`.`role_permissions`
-    (uuid, role_id, rule, permission, sort_order)
-SELECT uuid(), role_id, 'validateUserTwoFactorAuthenticationCode','ALLOW',MAX(sort_order) - 2
-FROM `cloud`.`role_permissions`
-WHERE role_id = (
-    SELECT `r`.`id`
-    FROM `cloud`.`roles` `r`
-    WHERE `r`.`name` = 'Read-Only User - Default'
-      AND `r`.`is_default` = 1
-);
-
-INSERT INTO `cloud`.`role_permissions`
-    (uuid, role_id, rule, permission, sort_order)
-SELECT uuid(), role_id, 'listUserTwoFactorAuthenticatorProviders','ALLOW',MAX(sort_order) - 1
-FROM `cloud`.`role_permissions`
-WHERE role_id = (
-    SELECT `r`.`id`
-    FROM `cloud`.`roles` `r`
-    WHERE `r`.`name` = 'Read-Only User - Default'
-      AND `r`.`is_default` = 1
-);
+CALL `cloud`.`IDEMPOTENT_UPDATE_API_PERMISSION`('Read-Only User - Default', 'setupUserTwoFactorAuthentication', 'ALLOW');
+CALL `cloud`.`IDEMPOTENT_UPDATE_API_PERMISSION`('Read-Only User - Default', 'validateUserTwoFactorAuthenticationCode', 'ALLOW');
+CALL `cloud`.`IDEMPOTENT_UPDATE_API_PERMISSION`('Read-Only User - Default', 'listUserTwoFactorAuthenticatorProviders', 'ALLOW');
 
 -- Grant access to 2FA APIs for the "Support User - Default" role
 
-UPDATE `cloud`.`role_permissions` `rp`
-SET `rp`.`sort_order` = `rp`.`sort_order` + 3
-WHERE `rp`.`rule` = '*'
-    AND `rp`.`permission` = 'DENY'
-    AND `rp`.`role_id` IN (
-        SELECT `r`.`id`
-        FROM `cloud`.`roles` `r`
-        WHERE `r`.`name` = 'Support User - Default'
-            AND `r`.`is_default` = 1
-        );
-
-INSERT INTO `cloud`.`role_permissions`
-    (uuid, role_id, rule, permission, sort_order)
-SELECT uuid(), role_id, 'setupUserTwoFactorAuthentication','ALLOW',MAX(sort_order) - 3
-FROM `cloud`.`role_permissions`
-WHERE role_id = (
-    SELECT `r`.`id`
-    FROM `cloud`.`roles` `r`
-    WHERE `r`.`name` = 'Support User - Default'
-      AND `r`.`is_default` = 1
-);
-
-INSERT INTO `cloud`.`role_permissions`
-    (uuid, role_id, rule, permission, sort_order)
-SELECT uuid(), role_id, 'validateUserTwoFactorAuthenticationCode','ALLOW',MAX(sort_order) - 2
-FROM `cloud`.`role_permissions`
-WHERE role_id = (
-    SELECT `r`.`id`
-    FROM `cloud`.`roles` `r`
-    WHERE `r`.`name` = 'Support User - Default'
-      AND `r`.`is_default` = 1
-);
-
-INSERT INTO `cloud`.`role_permissions`
-    (uuid, role_id, rule, permission, sort_order)
-SELECT uuid(), role_id, 'listUserTwoFactorAuthenticatorProviders','ALLOW',MAX(sort_order) - 1
-FROM `cloud`.`role_permissions`
-WHERE role_id = (
-    SELECT `r`.`id`
-    FROM `cloud`.`roles` `r`
-    WHERE `r`.`name` = 'Support User - Default'
-      AND `r`.`is_default` = 1
-);
+CALL `cloud`.`IDEMPOTENT_UPDATE_API_PERMISSION`('Support User - Default', 'setupUserTwoFactorAuthentication', 'ALLOW');
+CALL `cloud`.`IDEMPOTENT_UPDATE_API_PERMISSION`('Support User - Default', 'validateUserTwoFactorAuthenticationCode', 'ALLOW');
+CALL `cloud`.`IDEMPOTENT_UPDATE_API_PERMISSION`('Support User - Default', 'listUserTwoFactorAuthenticatorProviders', 'ALLOW');
 
 -- Grant access to 2FA APIs for the "Read-Only Admin - Default" role
 
-UPDATE `cloud`.`role_permissions` `rp`
-SET `rp`.`sort_order` = `rp`.`sort_order` + 2
-WHERE `rp`.`rule` = '*'
-  AND `rp`.`permission` = 'DENY'
-  AND `rp`.`role_id` IN (
-    SELECT `r`.`id`
-    FROM `cloud`.`roles` `r`
-    WHERE `r`.`name` = 'Read-Only Admin - Default'
-      AND `r`.`is_default` = 1
-);
-
-INSERT INTO `cloud`.`role_permissions`
-    (uuid, role_id, rule, permission, sort_order)
-SELECT uuid(), role_id, 'setupUserTwoFactorAuthentication','ALLOW',MAX(sort_order) - 2
-FROM `cloud`.`role_permissions`
-WHERE role_id = (
-    SELECT `r`.`id`
-    FROM `cloud`.`roles` `r`
-    WHERE `r`.`name` = 'Read-Only Admin - Default'
-      AND `r`.`is_default` = 1
-);
-
-INSERT INTO `cloud`.`role_permissions`
-    (uuid, role_id, rule, permission, sort_order)
-SELECT uuid(), role_id, 'validateUserTwoFactorAuthenticationCode','ALLOW',MAX(sort_order) - 1
-FROM `cloud`.`role_permissions`
-WHERE role_id = (
-    SELECT `r`.`id`
-    FROM `cloud`.`roles` `r`
-    WHERE `r`.`name` = 'Read-Only Admin - Default'
-      AND `r`.`is_default` = 1
-);
+CALL `cloud`.`IDEMPOTENT_UPDATE_API_PERMISSION`('Read-Only Admin - Default', 'setupUserTwoFactorAuthentication', 'ALLOW');
+CALL `cloud`.`IDEMPOTENT_UPDATE_API_PERMISSION`('Read-Only Admin - Default', 'validateUserTwoFactorAuthenticationCode', 'ALLOW');
 
 -- Grant access to 2FA APIs for the "Support Admin - Default" role
 
-UPDATE `cloud`.`role_permissions` `rp`
-SET `rp`.`sort_order` = `rp`.`sort_order` + 2
-WHERE `rp`.`rule` = '*'
-  AND `rp`.`permission` = 'DENY'
-  AND `rp`.`role_id` IN (
-    SELECT `r`.`id`
-    FROM `cloud`.`roles` `r`
-    WHERE `r`.`name` = 'Support Admin - Default'
-      AND `r`.`is_default` = 1
-);
-
-INSERT INTO `cloud`.`role_permissions`
-    (uuid, role_id, rule, permission, sort_order)
-SELECT uuid(), role_id, 'setupUserTwoFactorAuthentication','ALLOW',MAX(sort_order) - 2
-FROM `cloud`.`role_permissions`
-WHERE role_id = (
-    SELECT `r`.`id`
-    FROM `cloud`.`roles` `r`
-    WHERE `r`.`name` = 'Support Admin - Default'
-      AND `r`.`is_default` = 1
-);
-
-INSERT INTO `cloud`.`role_permissions`
-    (uuid, role_id, rule, permission, sort_order)
-SELECT uuid(), role_id, 'validateUserTwoFactorAuthenticationCode','ALLOW',MAX(sort_order) - 1
-FROM `cloud`.`role_permissions`
-WHERE role_id = (
-    SELECT `r`.`id`
-    FROM `cloud`.`roles` `r`
-    WHERE `r`.`name` = 'Support Admin - Default'
-      AND `r`.`is_default` = 1
-);
+CALL `cloud`.`IDEMPOTENT_UPDATE_API_PERMISSION`('Support Admin - Default', 'setupUserTwoFactorAuthentication', 'ALLOW');
+CALL `cloud`.`IDEMPOTENT_UPDATE_API_PERMISSION`('Support Admin - Default', 'validateUserTwoFactorAuthenticationCode', 'ALLOW');
