weitere updates für instanzierbarkeit und sauberes testing

This commit is contained in:
2026-02-24 08:49:40 +01:00
parent 7b53faca37
commit 16759a2732
119 changed files with 6371 additions and 745 deletions

View File

@@ -724,6 +724,7 @@ VALUES
('permissions.delete', 'Can delete permissions', 1, 1),
('settings.view', 'Can view settings', 1, 1),
('settings.update', 'Can update settings', 1, 1),
('tenant.scope.global', 'Can bypass tenant scope globally', 1, 1),
('imports.view', 'Can view imports', 1, 1),
('imports.audit.view', 'Can view import audit logs', 1, 1),
('jobs.view', 'Can view scheduled jobs', 1, 1),
@@ -801,7 +802,7 @@ JOIN permissions p ON p.`key` IN (
'departments.view', 'departments.create', 'departments.update', 'departments.delete', 'departments.import',
'roles.view', 'roles.create', 'roles.update', 'roles.delete',
'permissions.view', 'permissions.create', 'permissions.update', 'permissions.delete',
'settings.view', 'settings.update',
'settings.view', 'settings.update', 'tenant.scope.global',
'imports.view', 'imports.audit.view', 'jobs.view', 'jobs.manage', 'jobs.run_now',
'user_lifecycle_audit.view', 'users.import', 'users.import_assignments',
'users.lifecycle_restore',

View File

@@ -0,0 +1,15 @@
-- Idempotent update: introduce explicit global tenant-scope bypass permission.
INSERT INTO `permissions` (`key`, `description`, `active`, `is_system`)
VALUES ('tenant.scope.global', 'Can bypass tenant scope globally', 1, 1)
ON DUPLICATE KEY UPDATE
`description` = VALUES(`description`),
`active` = VALUES(`active`),
`is_system` = VALUES(`is_system`);
INSERT INTO `role_permissions` (`role_id`, `permission_id`, `created`)
SELECT r.id, p.id, NOW()
FROM roles r
JOIN permissions p ON p.`key` = 'tenant.scope.global'
WHERE r.description IN ('Admin', 'Administrator') OR r.id = 1
ON DUPLICATE KEY UPDATE role_id = role_id;