From: ivan Date: Mon, 19 Jun 2006 11:57:39 +0000 (+0000) Subject: ACL bootstrapping/upgrade X-Git-Tag: BEFORE_FINAL_MASONIZE~110 X-Git-Url: http://git.freeside.biz/gitweb/?p=freeside.git;a=commitdiff_plain;h=64a57a198d5046a458ea2bdc1d34fbc4682f3292 ACL bootstrapping/upgrade --- diff --git a/Changes.1.7.0 b/Changes.1.7.0 index 8dcc36e08..d5dcf3da7 100644 --- a/Changes.1.7.0 +++ b/Changes.1.7.0 @@ -9,6 +9,11 @@ - gross sales report/graph broken down by agent and package class - config switch to base tax off shipping address if present (warning: tax reports can take a long time with this switch on) - plesk provisioning +- "inactive" package status +- more options in package report (classes, etc.) +and (now they're finally here)... +- ACLs +- Agent virtualization -------- some of the above, nicely: @@ -33,7 +38,3 @@ - Bookeeping/Collections | Sales report (by agent, package class ... -------- - -and... -- ACLs -- Agent virtualization diff --git a/README.1.7.0 b/README.1.7.0 index a6e18d05d..4ce58cc64 100644 --- a/README.1.7.0 +++ b/README.1.7.0 @@ -18,6 +18,10 @@ run "freeside-upgrade username" to uprade your database schema (if freeside-upgrade hangs, try stopping Apache, all Freeside processes, and anything else connected to your database, especially on older Pg versions) +ACL bootstrapping: + - Run "bin/mapsecrets2access_user username" + - You can then add more restrictive groups and move your users into them + If you have any records in the cust_tax_exempt table, you *MUST* migrate them to the new cust_tax_exempt_pkg table. An example script to get you started is in bin/fs-migrate-cust_tax_exempt - it may need to be customized for your diff --git a/bin/mapsecrets2access_user b/bin/mapsecrets2access_user new file mode 100755 index 000000000..934cd7698 --- /dev/null +++ b/bin/mapsecrets2access_user @@ -0,0 +1,76 @@ +#!/usr/bin/perl -w + +use strict; +use File::Copy "cp"; +use FS::UID qw(adminsuidsetup); +use FS::AccessRight; +use FS::Record qw(qsearchs qsearch); +use FS::access_group; +use FS::access_user; +use FS::access_usergroup; +use FS::access_right; +use FS::access_groupagent; +use FS::agent; + +adminsuidsetup shift; + +my $supergroup = qsearchs('access_group', { 'groupname' => 'Superuser' } ); +unless ( $supergroup ) { + + $supergroup = new FS::access_group { 'groupname' => 'Superuser' }; + my $error = $supergroup->insert; + die $error if $error; + + foreach my $rightname ( FS::AccessRight->rights ) { + my $access_right = new FS::access_right { + 'righttype' => 'FS::access_group', + 'rightobjnum' => $supergroup->groupnum, + 'rightname' => $rightname, + }; + my $ar_error = $access_right->insert; + die $ar_error if $ar_error; + } + + foreach my $agent ( qsearch('agent', {} ) ) { + my $access_groupagent = new FS::access_groupagent { + 'groupnum' => $supergroup->groupnum, + 'agentnum' => $agent->agentnum, + }; + my $aga_error = $access_groupagent->insert; + die $aga_error if $aga_error; + } + +} +my $supergroupnum = $supergroup->groupnum; + +my $mapsecrets = '/usr/local/etc/freeside/mapsecrets'; +open(MAPSECRETS, "<$mapsecrets"); +while () { + /([\w]+)\s+secrets\s*$/ or die "unparsable line in mapsecrets: $_"; + my $username = $1; + + next if qsearchs('access_user', { 'username' => $username } ); + + my $access_user = new FS::access_user { + 'username' => $username, + '_password' => 'notyet', + 'first' => 'Legacy', + 'last' => 'User', + }; + my $au_error = $access_user->insert; + die $au_error if $au_error; + + my $access_usergroup = new FS::access_usergroup { + 'usernum' => $access_user->usernum, + 'groupnum' => $supergroupnum, + }; + my $aug_error = $access_usergroup->insert; + die $aug_error if $aug_error; + +} + +# okay to clobber mapsecrets now i guess +cp $mapsecrets, "$mapsecrets.bak$$"; +open(MAPSECRETS, ">$mapsecrets"); +print MAPSECRETS '* secrets'. "\n"; +close MAPSECRETS;