[ODS-6104] Security migration/upgrade not working (#893)

Ed-Fi-Alliance-OSS · Dec 6, 2023 · 61c71d4 · 61c71d4
1 parent 128f07b
commit 61c71d4
Show file tree

Hide file tree

Showing 12 changed files with 613 additions and 75 deletions.
diff --git a/...0.0/Artifacts/MsSql/Data/Security/2030-Clean-up-ReadChanges-from-AB-Connect-Claim-Set.sql b/...0.0/Artifacts/MsSql/Data/Security/2030-Clean-up-ReadChanges-from-AB-Connect-Claim-Set.sql
@@ -3,7 +3,9 @@
 -- Licensed to the Ed-Fi Alliance under one or more agreements.
 -- The Ed-Fi Alliance licenses this file to you under the Apache License, Version 2.0.
 -- See the LICENSE and NOTICES files in the project root for more information.
-
+IF EXISTS (SELECT 1 FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME = 'ClaimSetResourceClaims')
+BEGIN
+
 BEGIN
     DECLARE 
         @claimId AS INT,
@@ -525,3 +527,5 @@ BEGIN
 
     COMMIT TRANSACTION
 END
+
+END
diff --git a/...ndard/4.0.0/Artifacts/MsSql/Data/Security/2070-DataStandard4.0a-ResourceClaimMetadata.sql b/...ndard/4.0.0/Artifacts/MsSql/Data/Security/2070-DataStandard4.0a-ResourceClaimMetadata.sql
@@ -14,6 +14,7 @@ FROM ResourceClaims
 WHERE ClaimName = 'http://ed-fi.org/ods/identity/claims/balanceSheetDimension'
 
 -- Create CRUD action claims for balanceSheetDimension
+
 INSERT INTO dbo.ResourceClaimActions (
      ActionId
     ,ResourceClaimId
@@ -23,19 +24,33 @@ SELECT a.ActionId ,ResourceClaimId ,NULL
 FROM dbo.ResourceClaims RC
 CROSS JOIN dbo.Actions a
 WHERE ResourceClaimId = @resourceClaimId
+AND NOT EXISTS (
+    SELECT 1
+    FROM dbo.ResourceClaimActions RCA
+    WHERE RCA.ResourceClaimId = RC.ResourceClaimId
+    AND RCA.ActionId = a.ActionId
+);
+
 
 INSERT INTO dbo.ResourceClaimActionAuthorizationStrategies(ResourceClaimActionId, AuthorizationStrategyId)
 SELECT RCA.ResourceClaimActionId,@authorizationStrategyId FROM dbo.ResourceClaimActionS RCA 
 INNER JOIN dbo.ResourceClaims RC ON RCA.ResourceClaimId = RC.ResourceClaimId
 INNER JOIN dbo.Actions A ON RCA.ActionId = A.ActionId
 WHERE RCA.ResourceClaimId = @resourceClaimId
+AND NOT EXISTS (
+    SELECT 1
+    FROM dbo.ResourceClaimActionAuthorizationStrategies RCAA
+    WHERE RCAA.ResourceClaimActionId = RCA.ResourceClaimActionId
+    AND RCAA.AuthorizationStrategyId = @authorizationStrategyId
+);
 
 
 SELECT @resourceClaimId = ResourceClaimId
 FROM ResourceClaims
 WHERE ClaimName = 'http://ed-fi.org/ods/identity/claims/functionDimension'
 
 -- Create CRUD action claims for functionDimension
+
 INSERT INTO dbo.ResourceClaimActions (
      ActionId
     ,ResourceClaimId
@@ -45,19 +60,34 @@ SELECT a.ActionId ,ResourceClaimId ,NULL
 FROM dbo.ResourceClaims RC
 CROSS JOIN dbo.Actions a
 WHERE ResourceClaimId = @resourceClaimId
+AND NOT EXISTS (
+    SELECT 1
+    FROM dbo.ResourceClaimActions RCA
+    WHERE RCA.ResourceClaimId = RC.ResourceClaimId
+    AND RCA.ActionId = a.ActionId
+);
+
+
 
 INSERT INTO dbo.ResourceClaimActionAuthorizationStrategies(ResourceClaimActionId, AuthorizationStrategyId)
 SELECT RCA.ResourceClaimActionId,@authorizationStrategyId FROM dbo.ResourceClaimActionS RCA 
 INNER JOIN dbo.ResourceClaims RC ON RCA.ResourceClaimId = RC.ResourceClaimId
 INNER JOIN dbo.Actions A ON RCA.ActionId = A.ActionId
 WHERE RCA.ResourceClaimId = @resourceClaimId
-
+AND NOT EXISTS (
+    SELECT 1
+    FROM dbo.ResourceClaimActionAuthorizationStrategies RCAA
+    WHERE RCAA.ResourceClaimActionId = RCA.ResourceClaimActionId
+    AND RCAA.AuthorizationStrategyId = @authorizationStrategyId
+);
 
 SELECT @resourceClaimId = ResourceClaimId
 FROM ResourceClaims
 WHERE ClaimName = 'http://ed-fi.org/ods/identity/claims/fundDimension'
 
 -- Create CRUD action claims for fundDimension
+
+
 INSERT INTO dbo.ResourceClaimActions (
      ActionId
     ,ResourceClaimId
@@ -67,18 +97,31 @@ SELECT a.ActionId ,ResourceClaimId ,NULL
 FROM dbo.ResourceClaims RC
 CROSS JOIN dbo.Actions a
 WHERE ResourceClaimId = @resourceClaimId
+AND NOT EXISTS (
+    SELECT 1
+    FROM dbo.ResourceClaimActions RCA
+    WHERE RCA.ResourceClaimId = RC.ResourceClaimId
+    AND RCA.ActionId = a.ActionId
+);
 
 INSERT INTO dbo.ResourceClaimActionAuthorizationStrategies(ResourceClaimActionId, AuthorizationStrategyId)
 SELECT RCA.ResourceClaimActionId,@authorizationStrategyId FROM dbo.ResourceClaimActionS RCA 
 INNER JOIN dbo.ResourceClaims RC ON RCA.ResourceClaimId = RC.ResourceClaimId
 INNER JOIN dbo.Actions A ON RCA.ActionId = A.ActionId
 WHERE RCA.ResourceClaimId = @resourceClaimId
+AND NOT EXISTS (
+    SELECT 1
+    FROM dbo.ResourceClaimActionAuthorizationStrategies RCAA
+    WHERE RCAA.ResourceClaimActionId = RCA.ResourceClaimActionId
+    AND RCAA.AuthorizationStrategyId = @authorizationStrategyId
+);
 
 SELECT @resourceClaimId = ResourceClaimId
 FROM ResourceClaims
 WHERE ClaimName = 'http://ed-fi.org/ods/identity/claims/objectDimension'
 
 -- Create CRUD action claims for objectDimension
+
 INSERT INTO dbo.ResourceClaimActions (
      ActionId
     ,ResourceClaimId
@@ -88,19 +131,33 @@ SELECT a.ActionId ,ResourceClaimId ,NULL
 FROM dbo.ResourceClaims RC
 CROSS JOIN dbo.Actions a
 WHERE ResourceClaimId = @resourceClaimId
+AND NOT EXISTS (
+    SELECT 1
+    FROM dbo.ResourceClaimActions RCA
+    WHERE RCA.ResourceClaimId = RC.ResourceClaimId
+    AND RCA.ActionId = a.ActionId
+);
+
 
 INSERT INTO dbo.ResourceClaimActionAuthorizationStrategies(ResourceClaimActionId, AuthorizationStrategyId)
 SELECT RCA.ResourceClaimActionId,@authorizationStrategyId FROM dbo.ResourceClaimActionS RCA 
 INNER JOIN dbo.ResourceClaims RC ON RCA.ResourceClaimId = RC.ResourceClaimId
 INNER JOIN dbo.Actions A ON RCA.ActionId = A.ActionId
 WHERE RCA.ResourceClaimId = @resourceClaimId
+AND NOT EXISTS (
+    SELECT 1
+    FROM dbo.ResourceClaimActionAuthorizationStrategies RCAA
+    WHERE RCAA.ResourceClaimActionId = RCA.ResourceClaimActionId
+    AND RCAA.AuthorizationStrategyId = @authorizationStrategyId
+);
 
 
 SELECT @resourceClaimId = ResourceClaimId
 FROM ResourceClaims
 WHERE ClaimName = 'http://ed-fi.org/ods/identity/claims/operationalUnitDimension'
 
 -- Create CRUD action claims for operationalUnitDimension
+
 INSERT INTO dbo.ResourceClaimActions (
      ActionId
     ,ResourceClaimId
@@ -110,19 +167,31 @@ SELECT a.ActionId ,ResourceClaimId ,NULL
 FROM dbo.ResourceClaims RC
 CROSS JOIN dbo.Actions a
 WHERE ResourceClaimId = @resourceClaimId
+AND NOT EXISTS (
+    SELECT 1
+    FROM dbo.ResourceClaimActions RCA
+    WHERE RCA.ResourceClaimId = RC.ResourceClaimId
+    AND RCA.ActionId = a.ActionId
+);
 
 INSERT INTO dbo.ResourceClaimActionAuthorizationStrategies(ResourceClaimActionId, AuthorizationStrategyId)
 SELECT RCA.ResourceClaimActionId,@authorizationStrategyId FROM dbo.ResourceClaimActionS RCA 
 INNER JOIN dbo.ResourceClaims RC ON RCA.ResourceClaimId = RC.ResourceClaimId
 INNER JOIN dbo.Actions A ON RCA.ActionId = A.ActionId
 WHERE RCA.ResourceClaimId = @resourceClaimId
-
+AND NOT EXISTS (
+    SELECT 1
+    FROM dbo.ResourceClaimActionAuthorizationStrategies RCAA
+    WHERE RCAA.ResourceClaimActionId = RCA.ResourceClaimActionId
+    AND RCAA.AuthorizationStrategyId = @authorizationStrategyId
+);
 
 SELECT @resourceClaimId = ResourceClaimId
 FROM ResourceClaims
 WHERE ClaimName = 'http://ed-fi.org/ods/identity/claims/programDimension'
 
 -- Create CRUD action claims for programDimension
+
 INSERT INTO dbo.ResourceClaimActions (
      ActionId
     ,ResourceClaimId
@@ -132,19 +201,32 @@ SELECT a.ActionId ,ResourceClaimId ,NULL
 FROM dbo.ResourceClaims RC
 CROSS JOIN dbo.Actions a
 WHERE ResourceClaimId = @resourceClaimId
+AND NOT EXISTS (
+    SELECT 1
+    FROM dbo.ResourceClaimActions RCA
+    WHERE RCA.ResourceClaimId = RC.ResourceClaimId
+    AND RCA.ActionId = a.ActionId
+);
+
 
 INSERT INTO dbo.ResourceClaimActionAuthorizationStrategies(ResourceClaimActionId, AuthorizationStrategyId)
 SELECT RCA.ResourceClaimActionId,@authorizationStrategyId FROM dbo.ResourceClaimActionS RCA 
 INNER JOIN dbo.ResourceClaims RC ON RCA.ResourceClaimId = RC.ResourceClaimId
 INNER JOIN dbo.Actions A ON RCA.ActionId = A.ActionId
 WHERE RCA.ResourceClaimId = @resourceClaimId
-
+AND NOT EXISTS (
+    SELECT 1
+    FROM dbo.ResourceClaimActionAuthorizationStrategies RCAA
+    WHERE RCAA.ResourceClaimActionId = RCA.ResourceClaimActionId
+    AND RCAA.AuthorizationStrategyId = @authorizationStrategyId
+);
 
 SELECT @resourceClaimId = ResourceClaimId
 FROM ResourceClaims
 WHERE ClaimName = 'http://ed-fi.org/ods/identity/claims/projectDimension'
 
 -- Create CRUD action claims for projectDimension
+
 INSERT INTO dbo.ResourceClaimActions (
      ActionId
     ,ResourceClaimId
@@ -154,18 +236,32 @@ SELECT a.ActionId ,ResourceClaimId ,NULL
 FROM dbo.ResourceClaims RC
 CROSS JOIN dbo.Actions a
 WHERE ResourceClaimId = @resourceClaimId
+AND NOT EXISTS (
+    SELECT 1
+    FROM dbo.ResourceClaimActions RCA
+    WHERE RCA.ResourceClaimId = RC.ResourceClaimId
+    AND RCA.ActionId = a.ActionId
+);
 
 INSERT INTO dbo.ResourceClaimActionAuthorizationStrategies(ResourceClaimActionId, AuthorizationStrategyId)
 SELECT RCA.ResourceClaimActionId,@authorizationStrategyId FROM dbo.ResourceClaimActionS RCA 
 INNER JOIN dbo.ResourceClaims RC ON RCA.ResourceClaimId = RC.ResourceClaimId
 INNER JOIN dbo.Actions A ON RCA.ActionId = A.ActionId
 WHERE RCA.ResourceClaimId = @resourceClaimId
+AND NOT EXISTS (
+    SELECT 1
+    FROM dbo.ResourceClaimActionAuthorizationStrategies RCAA
+    WHERE RCAA.ResourceClaimActionId = RCA.ResourceClaimActionId
+    AND RCAA.AuthorizationStrategyId = @authorizationStrategyId
+);
+
 
 SELECT @resourceClaimId = ResourceClaimId
 FROM ResourceClaims
 WHERE ClaimName = 'http://ed-fi.org/ods/identity/claims/sourceDimension'
 
 -- Create CRUD action claims for sourceDimension
+
 INSERT INTO dbo.ResourceClaimActions (
      ActionId
     ,ResourceClaimId
@@ -175,13 +271,24 @@ SELECT a.ActionId ,ResourceClaimId ,NULL
 FROM dbo.ResourceClaims RC
 CROSS JOIN dbo.Actions a
 WHERE ResourceClaimId = @resourceClaimId
+AND NOT EXISTS (
+    SELECT 1
+    FROM dbo.ResourceClaimActions RCA
+    WHERE RCA.ResourceClaimId = RC.ResourceClaimId
+    AND RCA.ActionId = a.ActionId
+);
 
 INSERT INTO dbo.ResourceClaimActionAuthorizationStrategies(ResourceClaimActionId, AuthorizationStrategyId)
 SELECT RCA.ResourceClaimActionId,@authorizationStrategyId FROM dbo.ResourceClaimActionS RCA 
 INNER JOIN dbo.ResourceClaims RC ON RCA.ResourceClaimId = RC.ResourceClaimId
 INNER JOIN dbo.Actions A ON RCA.ActionId = A.ActionId
 WHERE RCA.ResourceClaimId = @resourceClaimId
-
+AND NOT EXISTS (
+    SELECT 1
+    FROM dbo.ResourceClaimActionAuthorizationStrategies RCAA
+    WHERE RCAA.ResourceClaimActionId = RCA.ResourceClaimActionId
+    AND RCAA.AuthorizationStrategyId = @authorizationStrategyId
+);
 
 /* NamespaceBased */
 
@@ -192,6 +299,7 @@ FROM ResourceClaims
 WHERE ClaimName = 'http://ed-fi.org/ods/identity/claims/descriptorMapping'
 
 -- Create CRUD action claims for descriptorMapping
+
 INSERT INTO dbo.ResourceClaimActions (
      ActionId
     ,ResourceClaimId
@@ -201,9 +309,22 @@ SELECT a.ActionId ,ResourceClaimId ,NULL
 FROM dbo.ResourceClaims RC
 CROSS JOIN dbo.Actions a
 WHERE ResourceClaimId = @resourceClaimId
+AND NOT EXISTS (
+    SELECT 1
+    FROM dbo.ResourceClaimActions RCA
+    WHERE RCA.ResourceClaimId = RC.ResourceClaimId
+    AND RCA.ActionId = a.ActionId
+);
+
 
 INSERT INTO dbo.ResourceClaimActionAuthorizationStrategies(ResourceClaimActionId, AuthorizationStrategyId)
 SELECT RCA.ResourceClaimActionId,@authorizationStrategyId FROM dbo.ResourceClaimActionS RCA 
 INNER JOIN dbo.ResourceClaims RC ON RCA.ResourceClaimId = RC.ResourceClaimId
 INNER JOIN dbo.Actions A ON RCA.ActionId = A.ActionId
 WHERE RCA.ResourceClaimId = @resourceClaimId
+AND NOT EXISTS (
+    SELECT 1
+    FROM dbo.ResourceClaimActionAuthorizationStrategies RCAA
+    WHERE RCAA.ResourceClaimActionId = RCA.ResourceClaimActionId
+    AND RCAA.AuthorizationStrategyId = @authorizationStrategyId
+);
diff --git a/...andard/Standard/4.0.0/Artifacts/MsSql/Data/Security/2140-Update-identities-claim-name.sql b/...andard/Standard/4.0.0/Artifacts/MsSql/Data/Security/2140-Update-identities-claim-name.sql
@@ -1,4 +1,10 @@
 -- Move identities to a separate "services" segment to delineate from data management resources
+
+IF NOT EXISTS (SELECT 1 FROM dbo.ResourceClaims WHERE  ClaimName = 'http://ed-fi.org/ods/identity/claims/services/identity')
+BEGIN
+
 update dbo.ResourceClaims
 set ClaimName = 'http://ed-fi.org/ods/identity/claims/services/identity'
 where ClaimName = 'http://ed-fi.org/ods/identity/claims/domains/identity'
+
+END
diff --git a/...0.0/Artifacts/PgSql/Data/Security/2030-Clean-up-ReadChanges-from-AB-Connect-Claim-Set.sql b/...0.0/Artifacts/PgSql/Data/Security/2030-Clean-up-ReadChanges-from-AB-Connect-Claim-Set.sql
@@ -22,6 +22,9 @@ DECLARE
     claim_id_stack INTEGER ARRAY;
 BEGIN
 
+IF EXISTS (SELECT 1 FROM INFORMATION_SCHEMA.TABLES WHERE table_name = 'claimsetresourceclaims')
+THEN
+
     SELECT actionid INTO create_action_id
     FROM dbo.actions WHERE ActionName = 'Create';
 
@@ -507,4 +510,6 @@ BEGIN
     claim_id_stack := (select claim_id_stack[1:array_upper(claim_id_stack, 1) - 1]);
 
     COMMIT;
+
+END IF;
 END $$;