forked from fa/breadcrumb-the-shire
weitere updates für instanzierbarkeit und sauberes testing
This commit is contained in:
@@ -724,6 +724,7 @@ VALUES
|
||||
('permissions.delete', 'Can delete permissions', 1, 1),
|
||||
('settings.view', 'Can view settings', 1, 1),
|
||||
('settings.update', 'Can update settings', 1, 1),
|
||||
('tenant.scope.global', 'Can bypass tenant scope globally', 1, 1),
|
||||
('imports.view', 'Can view imports', 1, 1),
|
||||
('imports.audit.view', 'Can view import audit logs', 1, 1),
|
||||
('jobs.view', 'Can view scheduled jobs', 1, 1),
|
||||
@@ -801,7 +802,7 @@ JOIN permissions p ON p.`key` IN (
|
||||
'departments.view', 'departments.create', 'departments.update', 'departments.delete', 'departments.import',
|
||||
'roles.view', 'roles.create', 'roles.update', 'roles.delete',
|
||||
'permissions.view', 'permissions.create', 'permissions.update', 'permissions.delete',
|
||||
'settings.view', 'settings.update',
|
||||
'settings.view', 'settings.update', 'tenant.scope.global',
|
||||
'imports.view', 'imports.audit.view', 'jobs.view', 'jobs.manage', 'jobs.run_now',
|
||||
'user_lifecycle_audit.view', 'users.import', 'users.import_assignments',
|
||||
'users.lifecycle_restore',
|
||||
|
||||
15
db/updates/2026-02-23-tenant-scope-global.sql
Normal file
15
db/updates/2026-02-23-tenant-scope-global.sql
Normal file
@@ -0,0 +1,15 @@
|
||||
-- Idempotent update: introduce explicit global tenant-scope bypass permission.
|
||||
|
||||
INSERT INTO `permissions` (`key`, `description`, `active`, `is_system`)
|
||||
VALUES ('tenant.scope.global', 'Can bypass tenant scope globally', 1, 1)
|
||||
ON DUPLICATE KEY UPDATE
|
||||
`description` = VALUES(`description`),
|
||||
`active` = VALUES(`active`),
|
||||
`is_system` = VALUES(`is_system`);
|
||||
|
||||
INSERT INTO `role_permissions` (`role_id`, `permission_id`, `created`)
|
||||
SELECT r.id, p.id, NOW()
|
||||
FROM roles r
|
||||
JOIN permissions p ON p.`key` = 'tenant.scope.global'
|
||||
WHERE r.description IN ('Admin', 'Administrator') OR r.id = 1
|
||||
ON DUPLICATE KEY UPDATE role_id = role_id;
|
||||
Reference in New Issue
Block a user