Changes to MS SQL transform to support improved group security
This commit is contained in:
sb
parent
b34706e25a
commit
307696a14a
|
|
@ -12,7 +12,7 @@
|
|||
Convert ADL to MS-SQL
|
||||
|
||||
$Author: sb $
|
||||
$Revision: 1.14 $
|
||||
$Revision: 1.15 $
|
||||
-->
|
||||
|
||||
<xsl:output indent="no" encoding="UTF-8" method="text"/>
|
||||
|
|
@ -112,7 +112,7 @@
|
|||
-- <xsl:value-of select="$product-version"/>
|
||||
--
|
||||
-- Database for application <xsl:value-of select="@name"/> version <xsl:value-of select="@version"/>
|
||||
-- Generated for MS-SQL 2000+ using adl2mssql.xslt <xsl:value-of select="substring('$Revision: 1.14 $', 12)"/>
|
||||
-- Generated for MS-SQL 2000+ using adl2mssql.xslt <xsl:value-of select="substring('$Revision: 1.15 $', 12)"/>
|
||||
-- THIS FILE IS AUTOMATICALLY GENERATED: DO NOT EDIT IT.
|
||||
--
|
||||
-- <xsl:value-of select="@revision"/>
|
||||
|
|
@ -150,10 +150,32 @@
|
|||
-------------------------------------------------------------------------------------------------
|
||||
</xsl:template>
|
||||
|
||||
<xsl:template match="adl:group">
|
||||
execute sp_addrole @rolename = '<xsl:value-of select="@name"/>'
|
||||
<xsl:template match="adl:documentation">
|
||||
/* <xsl:apply-templates/> */
|
||||
</xsl:template>
|
||||
|
||||
GO
|
||||
<xsl:template match="adl:group">
|
||||
-------------------------------------------------------------------------------------------------
|
||||
-- security group <xsl:value-of select="@name"/>
|
||||
-------------------------------------------------------------------------------------------------
|
||||
<xsl:apply-templates select="adl:documentation"/>
|
||||
execute sp_addrole @rolename = '<xsl:value-of select="@name"/>'
|
||||
GO
|
||||
|
||||
-------------------------------------------------------------------------------------------------
|
||||
-- dummy table accessible only to members of <xsl:value-of select="@name"/>, to allow
|
||||
-- a hard check on group membership
|
||||
-------------------------------------------------------------------------------------------------
|
||||
CREATE TABLE "<xsl:value-of select="concat( 'AuthCheck', @name)"/>" (
|
||||
"Check" INT NOT NULL,
|
||||
PRIMARY KEY( "Check")
|
||||
)
|
||||
GO
|
||||
|
||||
REVOKE ALL ON "<xsl:value-of select="concat( 'AuthCheck', @name)"/>" FROM public
|
||||
GO
|
||||
GRANT SELECT ON "<xsl:value-of select="concat( 'AuthCheck', @name)"/>" TO "<xsl:value-of select="@name"/>"
|
||||
GO
|
||||
</xsl:template>
|
||||
|
||||
<!-- return the table name for the entity with this entity name -->
|
||||
|
|
@ -277,7 +299,8 @@
|
|||
-------------------------------------------------------------------------------------------------
|
||||
-- primary table <xsl:value-of select="$table"/>
|
||||
-------------------------------------------------------------------------------------------------
|
||||
CREATE TABLE "<xsl:value-of select="$table"/>"
|
||||
<xsl:apply-templates select="adl:documentation"/>
|
||||
CREATE TABLE "<xsl:value-of select="$table"/>"
|
||||
(
|
||||
<xsl:for-each select="descendant::adl:property[not( @type='link' or @type = 'list' or @concrete='false')]">
|
||||
<xsl:apply-templates select="."/>
|
||||
|
|
@ -300,7 +323,6 @@
|
|||
</xsl:for-each>
|
||||
<xsl:apply-templates select="adl:key"/>
|
||||
)
|
||||
|
||||
GO
|
||||
|
||||
---- permissions ------------------------------------------------------------------------------
|
||||
|
|
@ -369,27 +391,27 @@
|
|||
<xsl:choose>
|
||||
<xsl:when test="@permission='read'">
|
||||
GRANT SELECT ON "<xsl:value-of
|
||||
select="$table"/>" TO <xsl:value-of select="@group"/>
|
||||
select="$table"/>" TO "<xsl:value-of select="@group"/>"
|
||||
</xsl:when>
|
||||
<xsl:when test="@permission='insert'">
|
||||
GRANT INSERT ON "<xsl:value-of
|
||||
select="$table"/>" TO <xsl:value-of select="@group"/>
|
||||
select="$table"/>" TO "<xsl:value-of select="@group"/>"
|
||||
</xsl:when>
|
||||
<xsl:when test="@permission='noedit'">
|
||||
GRANT SELECT, INSERT ON "<xsl:value-of
|
||||
select="$table"/>" TO <xsl:value-of select="@group"/>
|
||||
select="$table"/>" TO "<xsl:value-of select="@group"/>"
|
||||
</xsl:when>
|
||||
<xsl:when test="@permission='edit'">
|
||||
GRANT SELECT, INSERT, UPDATE ON "<xsl:value-of
|
||||
select="$table"/>" TO <xsl:value-of select="@group"/>
|
||||
select="$table"/>" TO "<xsl:value-of select="@group"/>"
|
||||
</xsl:when>
|
||||
<xsl:when test="@permission='all'">
|
||||
GRANT SELECT, INSERT, UPDATE, DELETE ON "<xsl:value-of
|
||||
select="$table"/>" TO <xsl:value-of select="@group"/>
|
||||
select="$table"/>" TO "<xsl:value-of select="@group"/>"
|
||||
</xsl:when>
|
||||
<xsl:otherwise>
|
||||
REVOKE ALL ON "<xsl:value-of
|
||||
select="$table"/>" FROM <xsl:value-of select="@group"/>
|
||||
select="$table"/>" FROM "<xsl:value-of select="@group"/>"
|
||||
</xsl:otherwise>
|
||||
</xsl:choose>
|
||||
<xsl:text>
|
||||
|
|
@ -504,28 +526,28 @@
|
|||
---- permissions ------------------------------------------------------------------------------
|
||||
<!-- only two levels of permission really matter for a link table. If you can read both of the
|
||||
parent tables, then you can read the link table. If you can edit either of the parent tables,
|
||||
then you need full CRUD permissions on the link table. -->
|
||||
then you need full CRUD permissions on the link table. Otherwise, you get nothing. -->
|
||||
<xsl:for-each select="//adl:group">
|
||||
<xsl:variable name="groupname" select="@name"/>
|
||||
<xsl:choose>
|
||||
<xsl:when test="//adl:entity[@name=$nearside]/adl:permission[@group=$groupname and @permission='all']">
|
||||
GRANT SELECT,INSERT,UPDATE,DELETE ON <xsl:value-of select="$linktablename"/> TO <xsl:value-of select="$groupname"/>
|
||||
GRANT SELECT,INSERT,UPDATE,DELETE ON "<xsl:value-of select="$linktablename"/>" TO "<xsl:value-of select="$groupname"/>"
|
||||
</xsl:when>
|
||||
<xsl:when test="//adl:entity[@name=$nearside]/adl:permission[@group=$groupname and @permission='edit']">
|
||||
GRANT SELECT,INSERT,UPDATE,DELETE ON <xsl:value-of select="$linktablename"/> TO <xsl:value-of select="$groupname"/>
|
||||
</xsl:when>
|
||||
GRANT SELECT,INSERT,UPDATE,DELETE ON "<xsl:value-of select="$linktablename"/>" TO "<xsl:value-of select="$groupname"/>"
|
||||
</xsl:when>
|
||||
<xsl:when test="//adl:entity[@name=$farside]/adl:permission[@group=$groupname and @permission='all']">
|
||||
GRANT SELECT,INSERT,UPDATE,DELETE ON <xsl:value-of select="$linktablename"/> TO <xsl:value-of select="$groupname"/>
|
||||
</xsl:when>
|
||||
GRANT SELECT,INSERT,UPDATE,DELETE ON "<xsl:value-of select="$linktablename"/>" TO "<xsl:value-of select="$groupname"/>"
|
||||
</xsl:when>
|
||||
<xsl:when test="//adl:entity[@name=$farside]/adl:permission[@group=$groupname and @permission='edit']">
|
||||
GRANT SELECT,INSERT,UPDATE,DELETE ON <xsl:value-of select="$linktablename"/> TO <xsl:value-of select="$groupname"/>
|
||||
</xsl:when>
|
||||
GRANT SELECT,INSERT,UPDATE,DELETE ON "<xsl:value-of select="$linktablename"/>" TO "<xsl:value-of select="$groupname"/>"
|
||||
</xsl:when>
|
||||
<xsl:when test="//adl:entity[@name=$nearside]/adl:permission[@group=$groupname and @permission='none']">
|
||||
REVOKE ALL ON <xsl:value-of select="$linktablename"/> FROM <xsl:value-of select="$groupname"/>
|
||||
</xsl:when>
|
||||
REVOKE ALL ON "<xsl:value-of select="$linktablename"/>" FROM "<xsl:value-of select="$groupname"/>"
|
||||
</xsl:when>
|
||||
<xsl:when test="//adl:entity[@name=$farside]/adl:permission[@group=$groupname and @permission='none']">
|
||||
REVOKE ALL ON <xsl:value-of select="$linktablename"/> FROM <xsl:value-of select="$groupname"/>
|
||||
</xsl:when>
|
||||
REVOKE ALL ON "<xsl:value-of select="$linktablename"/>" FROM "<xsl:value-of select="$groupname"/>"
|
||||
</xsl:when>
|
||||
<xsl:otherwise>
|
||||
GRANT SELECT ON <xsl:value-of select="$linktablename"/> TO <xsl:value-of select="$groupname"/>
|
||||
</xsl:otherwise>
|
||||
|
|
|
|||
Loading…
Reference in a new issue