Skip to content

Commit 212d881

Browse files
bernardodemarcobernardodemarco
committed
grant access to the deleteUserKeys APIs to some roles and clean code
1 parent 67c971e commit 212d881

File tree

1 file changed

+13
-6
lines changed

1 file changed

+13
-6
lines changed

engine/schema/src/main/resources/META-INF/db/schema-42210to42300.sql

Lines changed: 13 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -50,7 +50,7 @@ CREATE TABLE IF NOT EXISTS `cloud`.`webhook_filter` (
5050
CONSTRAINT `fk_webhook_filter__webhook_id` FOREIGN KEY(`webhook_id`) REFERENCES `webhook`(`id`) ON DELETE CASCADE
5151
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
5252

53-
-- Create "api_keypair" table for api and secret keys
53+
-- "api_keypair" table for API and secret keys
5454
CREATE TABLE IF NOT EXISTS `cloud`.`api_keypair` (
5555
`id` bigint(20) unsigned NOT NULL auto_increment,
5656
`uuid` varchar(40) UNIQUE NOT NULL,
@@ -71,6 +71,7 @@ CREATE TABLE IF NOT EXISTS `cloud`.`api_keypair` (
7171
CONSTRAINT `fk_api_keypair__domain_id` FOREIGN KEY(`domain_id`) REFERENCES `cloud`.`domain`(`id`)
7272
);
7373

74+
-- "api_keypair_permissions" table for API key pairs permissions
7475
CREATE TABLE IF NOT EXISTS `cloud`.`api_keypair_permissions` (
7576
`id` bigint(20) unsigned NOT NULL auto_increment,
7677
`uuid` varchar(40) UNIQUE,
@@ -83,11 +84,17 @@ CREATE TABLE IF NOT EXISTS `cloud`.`api_keypair_permissions` (
8384
CONSTRAINT `fk_keypair_permissions__api_keypair_id` FOREIGN KEY(`api_keypair_id`) REFERENCES `cloud`.`api_keypair`(`id`)
8485
);
8586

87+
-- Populate "api_keypair" table with existing user API keys
8688
INSERT INTO `cloud`.`api_keypair` (uuid, user_id, domain_id, account_id, api_key, secret_key, created, name)
87-
SELECT uuid(), user.id, account.domain_id, account.id, user.api_key, user.secret_key, now(), 'Active key pair'
88-
FROM `cloud`.`user` AS user
89-
JOIN `cloud`.`account` AS account ON user.account_id = account.id
90-
WHERE user.api_key IS NOT NULL
91-
AND user.secret_key IS NOT NULL;
89+
SELECT UUID(), user.id, account.domain_id, account.id, user.api_key, user.secret_key, NOW(), 'Active key pair'
90+
FROM `cloud`.`user` AS user
91+
JOIN `cloud`.`account` AS account ON user.account_id = account.id
92+
WHERE user.api_key IS NOT NULL AND user.secret_key IS NOT NULL;
9293

94+
-- Drop API keys from user table
9395
ALTER TABLE `cloud`.`user` DROP COLUMN api_key, DROP COLUMN secret_key;
96+
97+
-- Grant access to the "deleteUserKeys" API to the "User", "Domain Admin" and "Resource Admin" roles, similarly to the "registerUserKeys" API.
98+
CALL `cloud`.`IDEMPOTENT_UPDATE_API_PERMISSION`('User', 'deleteUserKeys', 'ALLOW');
99+
CALL `cloud`.`IDEMPOTENT_UPDATE_API_PERMISSION`('Domain Admin', 'deleteUserKeys', 'ALLOW');
100+
CALL `cloud`.`IDEMPOTENT_UPDATE_API_PERMISSION`('Resource Admin', 'deleteUserKeys', 'ALLOW');

0 commit comments

Comments
 (0)