From 8bc4237e3b43c89b51cf8073c7cf85057e7d4b2c Mon Sep 17 00:00:00 2001
From: semalaiappan <34613894+semalaiappan@users.noreply.github.com>
Date: Wed, 16 Oct 2024 16:17:50 -0500
Subject: [PATCH] [ODS-6502] Update security metadata for
StudentContactAssociation (#1157)
---
...dentParentAssociation-ClaimName-Update.sql | 50 +++++
...0-Add-ReadChanges-to-Sandbox-Claim-Set.sql | 174 ------------------
...0-Add-ReadChanges-to-Sandbox-Claim-Set.xml | 29 ---
...dentParentAssociation-ClaimName-Update.sql | 55 ++++++
...0-Add-ReadChanges-to-Sandbox-Claim-Set.sql | 158 ----------------
...0-Add-ReadChanges-to-Sandbox-Claim-Set.xml | 29 ---
...entContactAssociation-ClaimName-Update.sql | 50 +++++
...0-Add-ReadChanges-to-Sandbox-Claim-Set.sql | 172 -----------------
...0-Add-ReadChanges-to-Sandbox-Claim-Set.xml | 29 ---
...entContactAssociation-ClaimName-Update.sql | 55 ++++++
...0-Add-ReadChanges-to-Sandbox-Claim-Set.sql | 158 ----------------
...0-Add-ReadChanges-to-Sandbox-Claim-Set.xml | 29 ---
12 files changed, 210 insertions(+), 778 deletions(-)
create mode 100644 Application/EdFi.Ods.Standard/Standard/4.0.0/Artifacts/MsSql/Data/Security/2190-StudentParentAssociation-ClaimName-Update.sql
create mode 100644 Application/EdFi.Ods.Standard/Standard/4.0.0/Artifacts/PgSql/Data/Security/2190-StudentParentAssociation-ClaimName-Update.sql
create mode 100644 Application/EdFi.Ods.Standard/Standard/5.2.0/Artifacts/MsSql/Data/Security/2190-StudentContactAssociation-ClaimName-Update.sql
create mode 100644 Application/EdFi.Ods.Standard/Standard/5.2.0/Artifacts/PgSql/Data/Security/2190-StudentContactAssociation-ClaimName-Update.sql
diff --git a/Application/EdFi.Ods.Standard/Standard/4.0.0/Artifacts/MsSql/Data/Security/2190-StudentParentAssociation-ClaimName-Update.sql b/Application/EdFi.Ods.Standard/Standard/4.0.0/Artifacts/MsSql/Data/Security/2190-StudentParentAssociation-ClaimName-Update.sql
new file mode 100644
index 0000000000..250ac0b037
--- /dev/null
+++ b/Application/EdFi.Ods.Standard/Standard/4.0.0/Artifacts/MsSql/Data/Security/2190-StudentParentAssociation-ClaimName-Update.sql
@@ -0,0 +1,50 @@
+
+-- SPDX-License-Identifier: Apache-2.0
+-- Licensed to the Ed-Fi Alliance under one or more agreements.
+-- The Ed-Fi Alliance licenses this file to you under the Apache License, Version 2.0.
+-- See the LICENSE and NOTICES files in the project root for more information.
+
+BEGIN
+ DECLARE
+ @claimId AS INT,
+ @claimName AS nvarchar(max),
+ @parentResourceClaimId AS INT,
+ @existingParentResourceClaimId AS INT
+
+ BEGIN TRANSACTION
+
+
+ ----------------------------------------------------------------------------------------------------------------------------
+ -- Resource Claim: 'http://ed-fi.org/ods/identity/claims/domains/primaryRelationships'
+ ----------------------------------------------------------------------------------------------------------------------------
+ SET @claimName = 'http://ed-fi.org/ods/identity/claims/domains/primaryRelationships'
+
+ SELECT @parentResourceClaimId = ResourceClaimId
+ FROM dbo.ResourceClaims
+ WHERE ClaimName = @claimName
+
+ -- Processing children of http://ed-fi.org/ods/identity/claims/domains/primaryRelationships
+ ----------------------------------------------------------------------------------------------------------------------------
+ -- Resource Claim: 'http://ed-fi.org/ods/identity/claims/studentParentAssociation'
+ ----------------------------------------------------------------------------------------------------------------------------
+ SET @claimName = 'http://ed-fi.org/ods/identity/claims/studentParentAssociation'
+ SET @claimId = NULL
+
+ SELECT @claimId = ResourceClaimId, @existingParentResourceClaimId = ParentResourceClaimId
+ FROM dbo.ResourceClaims
+ WHERE ClaimName = @claimName
+
+ IF @parentResourceClaimId IS NOT NULL
+ BEGIN
+ IF @parentResourceClaimId != @existingParentResourceClaimId
+ BEGIN
+ PRINT 'Repointing claim ''' + @claimName + ''' (ResourceClaimId=' + CONVERT(nvarchar, @claimId) + ') to new parent (ResourceClaimId=' + CONVERT(nvarchar, @parentResourceClaimId) + ')'
+ PRINT 'Updating parent resource claim to primaryRelationships'
+ UPDATE dbo.ResourceClaims
+ SET ParentResourceClaimId = @parentResourceClaimId
+ WHERE ResourceClaimId = @claimId
+ END
+ END
+
+ COMMIT TRANSACTION
+END
diff --git a/Application/EdFi.Ods.Standard/Standard/4.0.0/Artifacts/MsSql/Data/Security/Changes/0040-Add-ReadChanges-to-Sandbox-Claim-Set.sql b/Application/EdFi.Ods.Standard/Standard/4.0.0/Artifacts/MsSql/Data/Security/Changes/0040-Add-ReadChanges-to-Sandbox-Claim-Set.sql
index 556b39ba2d..98c0a9eb6a 100644
--- a/Application/EdFi.Ods.Standard/Standard/4.0.0/Artifacts/MsSql/Data/Security/Changes/0040-Add-ReadChanges-to-Sandbox-Claim-Set.sql
+++ b/Application/EdFi.Ods.Standard/Standard/4.0.0/Artifacts/MsSql/Data/Security/Changes/0040-Add-ReadChanges-to-Sandbox-Claim-Set.sql
@@ -1652,180 +1652,6 @@ BEGIN
INSERT INTO dbo.ResourceClaimActionAuthorizationStrategies(ResourceClaimActionId, AuthorizationStrategyId)
VALUES (@resourceClaimActionId, @authorizationStrategyId)
-
- ----------------------------------------------------------------------------------------------------------------------------
- -- Resource Claim: 'http://ed-fi.org/ods/identity/claims/studentParentAssociation'
- ----------------------------------------------------------------------------------------------------------------------------
- SET @claimName = 'http://ed-fi.org/ods/identity/claims/studentParentAssociation'
- SET @claimId = NULL
-
- SELECT @claimId = ResourceClaimId, @existingParentResourceClaimId = ParentResourceClaimId
- FROM dbo.ResourceClaims
- WHERE ClaimName = @claimName
-
- SELECT @parentResourceClaimId = ResourceClaimId
- FROM @claimIdStack
- WHERE Id = (SELECT Max(Id) FROM @claimIdStack)
-
- IF @claimId IS NULL
- BEGIN
- PRINT 'Creating new claim: ' + @claimName
-
- INSERT INTO dbo.ResourceClaims(ResourceName, ClaimName, ParentResourceClaimId)
- VALUES ('studentParentAssociation', 'http://ed-fi.org/ods/identity/claims/studentParentAssociation', @parentResourceClaimId)
-
- SET @claimId = SCOPE_IDENTITY()
- END
- ELSE
- BEGIN
- IF @parentResourceClaimId != @existingParentResourceClaimId OR (@parentResourceClaimId IS NULL AND @existingParentResourceClaimId IS NOT NULL) OR (@parentResourceClaimId IS NOT NULL AND @existingParentResourceClaimId IS NULL)
- BEGIN
- PRINT 'Repointing claim ''' + @claimName + ''' (ResourceClaimId=' + CONVERT(nvarchar, @claimId) + ') to new parent (ResourceClaimId=' + CONVERT(nvarchar, @parentResourceClaimId) + ')'
-
- UPDATE dbo.ResourceClaims
- SET ParentResourceClaimId = @parentResourceClaimId
- WHERE ResourceClaimId = @claimId
- END
- END
-
- -- Setting default authorization metadata
- PRINT 'Deleting default action authorizations for resource claim ''' + @claimName + ''' (claimId=' + CONVERT(nvarchar, @claimId) + ').'
-
- DELETE FROM dbo.ResourceClaimActionAuthorizationStrategies
- WHERE ResourceClaimActionId IN (SELECT ResourceClaimActionId FROM dbo.ResourceClaimActions WHERE ResourceClaimId = @claimId);
-
- DELETE FROM dbo.ResourceClaimActions
- WHERE ResourceClaimId = @claimId
-
- -- Default Create authorization
- PRINT 'Creating action ''Create'' for resource claim ''' + @claimName + ''' (claimId=' + CONVERT(nvarchar, @claimId) + ').'
- INSERT INTO dbo.ResourceClaimActions(ResourceClaimId, ActionId)
- VALUES (@claimId, @CreateActionId)
-
- SET @resourceClaimActionId = SCOPE_IDENTITY()
-
-
- SET @authorizationStrategyId = NULL
-
- SELECT @authorizationStrategyId = a.AuthorizationStrategyId
- FROM dbo.AuthorizationStrategies a
- WHERE a.AuthorizationStrategyName = 'RelationshipsWithStudentsOnly'
-
- IF @authorizationStrategyId IS NULL
- BEGIN
- SET @msg = 'AuthorizationStrategy does not exist: ''RelationshipsWithStudentsOnly''';
- THROW 50000, @msg, 1
- END
-
- PRINT 'Adding authorization strategy ''RelationshipsWithStudentsOnly'' for resource claim ''' + @claimName + ''' (claimId=' + CONVERT(nvarchar, @claimId) + ').'
- INSERT INTO dbo.ResourceClaimActionAuthorizationStrategies(ResourceClaimActionId, AuthorizationStrategyId)
- VALUES (@resourceClaimActionId, @authorizationStrategyId)
-
-
- -- Default Read authorization
- PRINT 'Creating action ''Read'' for resource claim ''' + @claimName + ''' (claimId=' + CONVERT(nvarchar, @claimId) + ').'
- INSERT INTO dbo.ResourceClaimActions(ResourceClaimId, ActionId)
- VALUES (@claimId, @ReadActionId)
-
- SET @resourceClaimActionId = SCOPE_IDENTITY()
-
-
- SET @authorizationStrategyId = NULL
-
- SELECT @authorizationStrategyId = a.AuthorizationStrategyId
- FROM dbo.AuthorizationStrategies a
- WHERE a.AuthorizationStrategyName = 'RelationshipsWithEdOrgsAndPeople'
-
- IF @authorizationStrategyId IS NULL
- BEGIN
- SET @msg = 'AuthorizationStrategy does not exist: ''RelationshipsWithEdOrgsAndPeople''';
- THROW 50000, @msg, 1
- END
-
- PRINT 'Adding authorization strategy ''RelationshipsWithEdOrgsAndPeople'' for resource claim ''' + @claimName + ''' (claimId=' + CONVERT(nvarchar, @claimId) + ').'
- INSERT INTO dbo.ResourceClaimActionAuthorizationStrategies(ResourceClaimActionId, AuthorizationStrategyId)
- VALUES (@resourceClaimActionId, @authorizationStrategyId)
-
-
- -- Default Update authorization
- PRINT 'Creating action ''Update'' for resource claim ''' + @claimName + ''' (claimId=' + CONVERT(nvarchar, @claimId) + ').'
- INSERT INTO dbo.ResourceClaimActions(ResourceClaimId, ActionId)
- VALUES (@claimId, @UpdateActionId)
-
- SET @resourceClaimActionId = SCOPE_IDENTITY()
-
-
- SET @authorizationStrategyId = NULL
-
- SELECT @authorizationStrategyId = a.AuthorizationStrategyId
- FROM dbo.AuthorizationStrategies a
- WHERE a.AuthorizationStrategyName = 'RelationshipsWithEdOrgsAndPeople'
-
- IF @authorizationStrategyId IS NULL
- BEGIN
- SET @msg = 'AuthorizationStrategy does not exist: ''RelationshipsWithEdOrgsAndPeople''';
- THROW 50000, @msg, 1
- END
-
- PRINT 'Adding authorization strategy ''RelationshipsWithEdOrgsAndPeople'' for resource claim ''' + @claimName + ''' (claimId=' + CONVERT(nvarchar, @claimId) + ').'
- INSERT INTO dbo.ResourceClaimActionAuthorizationStrategies(ResourceClaimActionId, AuthorizationStrategyId)
- VALUES (@resourceClaimActionId, @authorizationStrategyId)
-
-
- -- Default Delete authorization
- PRINT 'Creating action ''Delete'' for resource claim ''' + @claimName + ''' (claimId=' + CONVERT(nvarchar, @claimId) + ').'
- INSERT INTO dbo.ResourceClaimActions(ResourceClaimId, ActionId)
- VALUES (@claimId, @DeleteActionId)
-
- SET @resourceClaimActionId = SCOPE_IDENTITY()
-
-
- SET @authorizationStrategyId = NULL
-
- SELECT @authorizationStrategyId = a.AuthorizationStrategyId
- FROM dbo.AuthorizationStrategies a
- WHERE a.AuthorizationStrategyName = 'RelationshipsWithEdOrgsAndPeople'
-
- IF @authorizationStrategyId IS NULL
- BEGIN
- SET @msg = 'AuthorizationStrategy does not exist: ''RelationshipsWithEdOrgsAndPeople''';
- THROW 50000, @msg, 1
- END
-
- PRINT 'Adding authorization strategy ''RelationshipsWithEdOrgsAndPeople'' for resource claim ''' + @claimName + ''' (claimId=' + CONVERT(nvarchar, @claimId) + ').'
- INSERT INTO dbo.ResourceClaimActionAuthorizationStrategies(ResourceClaimActionId, AuthorizationStrategyId)
- VALUES (@resourceClaimActionId, @authorizationStrategyId)
-
-
- -- Default ReadChanges authorization
- PRINT 'Creating action ''ReadChanges'' for resource claim ''' + @claimName + ''' (claimId=' + CONVERT(nvarchar, @claimId) + ').'
- INSERT INTO dbo.ResourceClaimActions(ResourceClaimId, ActionId)
- VALUES (@claimId, @ReadChangesActionId)
-
- SET @resourceClaimActionId = SCOPE_IDENTITY()
-
-
- SET @authorizationStrategyId = NULL
-
- SELECT @authorizationStrategyId = a.AuthorizationStrategyId
- FROM dbo.AuthorizationStrategies a
- WHERE a.AuthorizationStrategyName = 'RelationshipsWithEdOrgsAndPeopleIncludingDeletes'
-
- IF @authorizationStrategyId IS NULL
- BEGIN
- SET @msg = 'AuthorizationStrategy does not exist: ''RelationshipsWithEdOrgsAndPeopleIncludingDeletes''';
- THROW 50000, @msg, 1
- END
-
- PRINT 'Adding authorization strategy ''RelationshipsWithEdOrgsAndPeopleIncludingDeletes'' for resource claim ''' + @claimName + ''' (claimId=' + CONVERT(nvarchar, @claimId) + ').'
- INSERT INTO dbo.ResourceClaimActionAuthorizationStrategies(ResourceClaimActionId, AuthorizationStrategyId)
- VALUES (@resourceClaimActionId, @authorizationStrategyId)
-
-
-
- -- Pop the stack
- DELETE FROM @claimIdStack WHERE Id = (SELECT Max(Id) FROM @claimIdStack)
-
----------------------------------------------------------------------------------------------------------------------------
-- Resource Claim: 'http://ed-fi.org/ods/identity/claims/domains/assessmentMetadata'
----------------------------------------------------------------------------------------------------------------------------
diff --git a/Application/EdFi.Ods.Standard/Standard/4.0.0/Artifacts/MsSql/Data/Security/Changes/0040-Add-ReadChanges-to-Sandbox-Claim-Set.xml b/Application/EdFi.Ods.Standard/Standard/4.0.0/Artifacts/MsSql/Data/Security/Changes/0040-Add-ReadChanges-to-Sandbox-Claim-Set.xml
index 225c289598..084cae975b 100644
--- a/Application/EdFi.Ods.Standard/Standard/4.0.0/Artifacts/MsSql/Data/Security/Changes/0040-Add-ReadChanges-to-Sandbox-Claim-Set.xml
+++ b/Application/EdFi.Ods.Standard/Standard/4.0.0/Artifacts/MsSql/Data/Security/Changes/0040-Add-ReadChanges-to-Sandbox-Claim-Set.xml
@@ -257,35 +257,6 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/Application/EdFi.Ods.Standard/Standard/4.0.0/Artifacts/PgSql/Data/Security/2190-StudentParentAssociation-ClaimName-Update.sql b/Application/EdFi.Ods.Standard/Standard/4.0.0/Artifacts/PgSql/Data/Security/2190-StudentParentAssociation-ClaimName-Update.sql
new file mode 100644
index 0000000000..9570caa899
--- /dev/null
+++ b/Application/EdFi.Ods.Standard/Standard/4.0.0/Artifacts/PgSql/Data/Security/2190-StudentParentAssociation-ClaimName-Update.sql
@@ -0,0 +1,55 @@
+-- SPDX-License-Identifier: Apache-2.0
+-- Licensed to the Ed-Fi Alliance under one or more agreements.
+-- The Ed-Fi Alliance licenses this file to you under the Apache License, Version 2.0.
+-- See the LICENSE and NOTICES files in the project root for more information.
+
+DO
+$$
+DECLARE
+ claim_id INT;
+ claim_name VARCHAR(2048);
+ parent_resource_claim_id INT;
+ existing_parent_resource_claim_id INT;
+BEGIN
+ -- Begin transaction
+ BEGIN
+
+ ----------------------------------------------------------------------------------------------------------------------------
+ -- Resource Claim: 'http://ed-fi.org/ods/identity/claims/domains/primaryRelationships'
+ ----------------------------------------------------------------------------------------------------------------------------
+ claim_name := 'http://ed-fi.org/ods/identity/claims/domains/primaryRelationships';
+
+ SELECT resourceclaimid INTO parent_resource_claim_id
+ FROM dbo.resourceclaims
+ WHERE claimname = claim_name;
+
+ -- Processing children of 'http://ed-fi.org/ods/identity/claims/domains/primaryRelationships'
+ ----------------------------------------------------------------------------------------------------------------------------
+ -- Resource Claim: 'http://ed-fi.org/ods/identity/claims/studentParentAssociation'
+ ----------------------------------------------------------------------------------------------------------------------------
+ claim_name := 'http://ed-fi.org/ods/identity/claims/studentParentAssociation';
+ claim_id := NULL;
+
+ SELECT resourceclaimid, parentresourceclaimid INTO claim_id, existing_parent_resource_claim_id
+ FROM dbo.resourceclaims
+ WHERE claimname = claim_name;
+
+ IF parent_resource_claim_id IS NOT NULL THEN
+ IF parent_resource_claim_id != existing_parent_resource_claim_id THEN
+ RAISE NOTICE 'Repointing claim % (ResourceClaimId=%) to new parent (ResourceClaimId=%)',
+ claim_name, claim_id, parent_resource_claim_id;
+
+ RAISE NOTICE 'Updating parent resource claim to primaryRelationships';
+
+ UPDATE dbo.resourceclaims
+ SET parentresourceclaimid = parent_resource_claim_id
+ WHERE resourceclaimid = claim_id;
+ END IF;
+ END IF;
+
+ -- Commit transaction
+ COMMIT;
+
+ END;
+END
+$$;
diff --git a/Application/EdFi.Ods.Standard/Standard/4.0.0/Artifacts/PgSql/Data/Security/Changes/0040-Add-ReadChanges-to-Sandbox-Claim-Set.sql b/Application/EdFi.Ods.Standard/Standard/4.0.0/Artifacts/PgSql/Data/Security/Changes/0040-Add-ReadChanges-to-Sandbox-Claim-Set.sql
index d23135ff2f..d7016387aa 100644
--- a/Application/EdFi.Ods.Standard/Standard/4.0.0/Artifacts/PgSql/Data/Security/Changes/0040-Add-ReadChanges-to-Sandbox-Claim-Set.sql
+++ b/Application/EdFi.Ods.Standard/Standard/4.0.0/Artifacts/PgSql/Data/Security/Changes/0040-Add-ReadChanges-to-Sandbox-Claim-Set.sql
@@ -1568,164 +1568,6 @@ BEGIN
INSERT INTO dbo.ResourceClaimActionAuthorizationStrategies(ResourceClaimActionId, AuthorizationStrategyId)
VALUES (resource_claim_action_id, authorization_strategy_id);
- ----------------------------------------------------------------------------------------------------------------------------
- -- Resource Claim: 'http://ed-fi.org/ods/identity/claims/studentParentAssociation'
- ----------------------------------------------------------------------------------------------------------------------------
- claim_name := 'http://ed-fi.org/ods/identity/claims/studentParentAssociation';
- claim_id := NULL;
-
- SELECT ResourceClaimId, ParentResourceClaimId INTO claim_id, existing_parent_resource_claim_id
- FROM dbo.ResourceClaims
- WHERE ClaimName = claim_name;
-
- parent_resource_claim_id := claim_id_stack[array_upper(claim_id_stack, 1)];
-
- IF claim_id IS NULL THEN
- RAISE NOTICE 'Creating new claim: %', claim_name;
-
- INSERT INTO dbo.ResourceClaims(ResourceName, ClaimName, ParentResourceClaimId)
- VALUES ('studentParentAssociation', 'http://ed-fi.org/ods/identity/claims/studentParentAssociation', parent_resource_claim_id)
- RETURNING ResourceClaimId
- INTO claim_id;
- ELSE
- IF parent_resource_claim_id != existing_parent_resource_claim_id OR (parent_resource_claim_id IS NULL AND existing_parent_resource_claim_id IS NOT NULL) OR (parent_resource_claim_id IS NOT NULL AND existing_parent_resource_claim_id IS NULL) THEN
- RAISE NOTICE USING MESSAGE = 'Repointing claim ''' || claim_name || ''' (ResourceClaimId=' || claim_id || ') to new parent (from ResourceClaimId=' || COALESCE(existing_parent_resource_claim_id, 0) || ' to ResourceClaimId=' || COALESCE(parent_resource_claim_id, 0) || ')';
-
- UPDATE dbo.ResourceClaims
- SET ParentResourceClaimId = parent_resource_claim_id
- WHERE ResourceClaimId = claim_id;
- END IF;
- END IF;
-
- -- Setting default authorization metadata
- RAISE NOTICE USING MESSAGE = 'Deleting default action authorizations for resource claim ''' || claim_name || ''' (claimId=' || claim_id || ').';
-
- DELETE FROM dbo.ResourceClaimActionAuthorizationStrategies
- WHERE ResourceClaimActionId IN (SELECT ResourceClaimActionId FROM dbo.ResourceClaimActions WHERE ResourceClaimId = claim_id);
-
- DELETE FROM dbo.ResourceClaimActions
- WHERE ResourceClaimId = claim_id;
-
-
- -- Default Create authorization
- RAISE NOTICE USING MESSAGE = 'Creating action ''Create'' for resource claim ''' || claim_name || ''' (claimId=' || claim_id || ').';
-
- INSERT INTO dbo.ResourceClaimActions(ResourceClaimId, ActionId)
- VALUES (claim_id, Create_action_id)
- RETURNING ResourceClaimActionId
- INTO resource_claim_action_id;
-
-
- authorization_strategy_id := NULL;
-
- SELECT a.AuthorizationStrategyId INTO authorization_strategy_id
- FROM dbo.AuthorizationStrategies a
- WHERE a.AuthorizationStrategyName = 'RelationshipsWithStudentsOnly';
-
- IF authorization_strategy_id IS NULL THEN
- RAISE EXCEPTION USING MESSAGE = 'AuthorizationStrategy does not exist: ''RelationshipsWithStudentsOnly''';
- END IF;
-
- RAISE NOTICE USING MESSAGE = 'Adding authorization strategy ''RelationshipsWithStudentsOnly'' for resource claim ''' || claim_name || ''' (claimId=' || claim_id || ').';
- INSERT INTO dbo.ResourceClaimActionAuthorizationStrategies(ResourceClaimActionId, AuthorizationStrategyId)
- VALUES (resource_claim_action_id, authorization_strategy_id);
-
- -- Default Read authorization
- RAISE NOTICE USING MESSAGE = 'Creating action ''Read'' for resource claim ''' || claim_name || ''' (claimId=' || claim_id || ').';
-
- INSERT INTO dbo.ResourceClaimActions(ResourceClaimId, ActionId)
- VALUES (claim_id, Read_action_id)
- RETURNING ResourceClaimActionId
- INTO resource_claim_action_id;
-
-
- authorization_strategy_id := NULL;
-
- SELECT a.AuthorizationStrategyId INTO authorization_strategy_id
- FROM dbo.AuthorizationStrategies a
- WHERE a.AuthorizationStrategyName = 'RelationshipsWithEdOrgsAndPeople';
-
- IF authorization_strategy_id IS NULL THEN
- RAISE EXCEPTION USING MESSAGE = 'AuthorizationStrategy does not exist: ''RelationshipsWithEdOrgsAndPeople''';
- END IF;
-
- RAISE NOTICE USING MESSAGE = 'Adding authorization strategy ''RelationshipsWithEdOrgsAndPeople'' for resource claim ''' || claim_name || ''' (claimId=' || claim_id || ').';
- INSERT INTO dbo.ResourceClaimActionAuthorizationStrategies(ResourceClaimActionId, AuthorizationStrategyId)
- VALUES (resource_claim_action_id, authorization_strategy_id);
-
- -- Default Update authorization
- RAISE NOTICE USING MESSAGE = 'Creating action ''Update'' for resource claim ''' || claim_name || ''' (claimId=' || claim_id || ').';
-
- INSERT INTO dbo.ResourceClaimActions(ResourceClaimId, ActionId)
- VALUES (claim_id, Update_action_id)
- RETURNING ResourceClaimActionId
- INTO resource_claim_action_id;
-
-
- authorization_strategy_id := NULL;
-
- SELECT a.AuthorizationStrategyId INTO authorization_strategy_id
- FROM dbo.AuthorizationStrategies a
- WHERE a.AuthorizationStrategyName = 'RelationshipsWithEdOrgsAndPeople';
-
- IF authorization_strategy_id IS NULL THEN
- RAISE EXCEPTION USING MESSAGE = 'AuthorizationStrategy does not exist: ''RelationshipsWithEdOrgsAndPeople''';
- END IF;
-
- RAISE NOTICE USING MESSAGE = 'Adding authorization strategy ''RelationshipsWithEdOrgsAndPeople'' for resource claim ''' || claim_name || ''' (claimId=' || claim_id || ').';
- INSERT INTO dbo.ResourceClaimActionAuthorizationStrategies(ResourceClaimActionId, AuthorizationStrategyId)
- VALUES (resource_claim_action_id, authorization_strategy_id);
-
- -- Default Delete authorization
- RAISE NOTICE USING MESSAGE = 'Creating action ''Delete'' for resource claim ''' || claim_name || ''' (claimId=' || claim_id || ').';
-
- INSERT INTO dbo.ResourceClaimActions(ResourceClaimId, ActionId)
- VALUES (claim_id, Delete_action_id)
- RETURNING ResourceClaimActionId
- INTO resource_claim_action_id;
-
-
- authorization_strategy_id := NULL;
-
- SELECT a.AuthorizationStrategyId INTO authorization_strategy_id
- FROM dbo.AuthorizationStrategies a
- WHERE a.AuthorizationStrategyName = 'RelationshipsWithEdOrgsAndPeople';
-
- IF authorization_strategy_id IS NULL THEN
- RAISE EXCEPTION USING MESSAGE = 'AuthorizationStrategy does not exist: ''RelationshipsWithEdOrgsAndPeople''';
- END IF;
-
- RAISE NOTICE USING MESSAGE = 'Adding authorization strategy ''RelationshipsWithEdOrgsAndPeople'' for resource claim ''' || claim_name || ''' (claimId=' || claim_id || ').';
- INSERT INTO dbo.ResourceClaimActionAuthorizationStrategies(ResourceClaimActionId, AuthorizationStrategyId)
- VALUES (resource_claim_action_id, authorization_strategy_id);
-
- -- Default ReadChanges authorization
- RAISE NOTICE USING MESSAGE = 'Creating action ''ReadChanges'' for resource claim ''' || claim_name || ''' (claimId=' || claim_id || ').';
-
- INSERT INTO dbo.ResourceClaimActions(ResourceClaimId, ActionId)
- VALUES (claim_id, ReadChanges_action_id)
- RETURNING ResourceClaimActionId
- INTO resource_claim_action_id;
-
-
- authorization_strategy_id := NULL;
-
- SELECT a.AuthorizationStrategyId INTO authorization_strategy_id
- FROM dbo.AuthorizationStrategies a
- WHERE a.AuthorizationStrategyName = 'RelationshipsWithEdOrgsAndPeopleIncludingDeletes';
-
- IF authorization_strategy_id IS NULL THEN
- RAISE EXCEPTION USING MESSAGE = 'AuthorizationStrategy does not exist: ''RelationshipsWithEdOrgsAndPeopleIncludingDeletes''';
- END IF;
-
- RAISE NOTICE USING MESSAGE = 'Adding authorization strategy ''RelationshipsWithEdOrgsAndPeopleIncludingDeletes'' for resource claim ''' || claim_name || ''' (claimId=' || claim_id || ').';
- INSERT INTO dbo.ResourceClaimActionAuthorizationStrategies(ResourceClaimActionId, AuthorizationStrategyId)
- VALUES (resource_claim_action_id, authorization_strategy_id);
-
-
- -- Pop the stack
- claim_id_stack := (select claim_id_stack[1:array_upper(claim_id_stack, 1) - 1]);
-
----------------------------------------------------------------------------------------------------------------------------
-- Resource Claim: 'http://ed-fi.org/ods/identity/claims/domains/assessmentMetadata'
----------------------------------------------------------------------------------------------------------------------------
diff --git a/Application/EdFi.Ods.Standard/Standard/4.0.0/Artifacts/PgSql/Data/Security/Changes/0040-Add-ReadChanges-to-Sandbox-Claim-Set.xml b/Application/EdFi.Ods.Standard/Standard/4.0.0/Artifacts/PgSql/Data/Security/Changes/0040-Add-ReadChanges-to-Sandbox-Claim-Set.xml
index 225c289598..084cae975b 100644
--- a/Application/EdFi.Ods.Standard/Standard/4.0.0/Artifacts/PgSql/Data/Security/Changes/0040-Add-ReadChanges-to-Sandbox-Claim-Set.xml
+++ b/Application/EdFi.Ods.Standard/Standard/4.0.0/Artifacts/PgSql/Data/Security/Changes/0040-Add-ReadChanges-to-Sandbox-Claim-Set.xml
@@ -257,35 +257,6 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/Application/EdFi.Ods.Standard/Standard/5.2.0/Artifacts/MsSql/Data/Security/2190-StudentContactAssociation-ClaimName-Update.sql b/Application/EdFi.Ods.Standard/Standard/5.2.0/Artifacts/MsSql/Data/Security/2190-StudentContactAssociation-ClaimName-Update.sql
new file mode 100644
index 0000000000..ce1f095b89
--- /dev/null
+++ b/Application/EdFi.Ods.Standard/Standard/5.2.0/Artifacts/MsSql/Data/Security/2190-StudentContactAssociation-ClaimName-Update.sql
@@ -0,0 +1,50 @@
+
+-- SPDX-License-Identifier: Apache-2.0
+-- Licensed to the Ed-Fi Alliance under one or more agreements.
+-- The Ed-Fi Alliance licenses this file to you under the Apache License, Version 2.0.
+-- See the LICENSE and NOTICES files in the project root for more information.
+
+BEGIN
+ DECLARE
+ @claimId AS INT,
+ @claimName AS nvarchar(max),
+ @parentResourceClaimId AS INT,
+ @existingParentResourceClaimId AS INT
+
+ BEGIN TRANSACTION
+
+
+ ----------------------------------------------------------------------------------------------------------------------------
+ -- Resource Claim: 'http://ed-fi.org/ods/identity/claims/domains/primaryRelationships'
+ ----------------------------------------------------------------------------------------------------------------------------
+ SET @claimName = 'http://ed-fi.org/ods/identity/claims/domains/primaryRelationships'
+
+ SELECT @parentResourceClaimId = ResourceClaimId
+ FROM dbo.ResourceClaims
+ WHERE ClaimName = @claimName
+
+ -- Processing children of http://ed-fi.org/ods/identity/claims/domains/primaryRelationships
+ ----------------------------------------------------------------------------------------------------------------------------
+ -- Resource Claim: 'http://ed-fi.org/ods/identity/claims/studentContactAssociation'
+ ----------------------------------------------------------------------------------------------------------------------------
+ SET @claimName = 'http://ed-fi.org/ods/identity/claims/studentContactAssociation'
+ SET @claimId = NULL
+
+ SELECT @claimId = ResourceClaimId, @existingParentResourceClaimId = ParentResourceClaimId
+ FROM dbo.ResourceClaims
+ WHERE ClaimName = @claimName
+
+ IF @parentResourceClaimId IS NOT NULL
+ BEGIN
+ IF @parentResourceClaimId != @existingParentResourceClaimId
+ BEGIN
+ PRINT 'Repointing claim ''' + @claimName + ''' (ResourceClaimId=' + CONVERT(nvarchar, @claimId) + ') to new parent (ResourceClaimId=' + CONVERT(nvarchar, @parentResourceClaimId) + ')'
+ PRINT 'Updating parent resource claim to primaryRelationships'
+ UPDATE dbo.ResourceClaims
+ SET ParentResourceClaimId = @parentResourceClaimId
+ WHERE ResourceClaimId = @claimId
+ END
+ END
+
+ COMMIT TRANSACTION
+END
diff --git a/Application/EdFi.Ods.Standard/Standard/5.2.0/Artifacts/MsSql/Data/Security/Changes/0040-Add-ReadChanges-to-Sandbox-Claim-Set.sql b/Application/EdFi.Ods.Standard/Standard/5.2.0/Artifacts/MsSql/Data/Security/Changes/0040-Add-ReadChanges-to-Sandbox-Claim-Set.sql
index b9c855fd9a..3381f27707 100644
--- a/Application/EdFi.Ods.Standard/Standard/5.2.0/Artifacts/MsSql/Data/Security/Changes/0040-Add-ReadChanges-to-Sandbox-Claim-Set.sql
+++ b/Application/EdFi.Ods.Standard/Standard/5.2.0/Artifacts/MsSql/Data/Security/Changes/0040-Add-ReadChanges-to-Sandbox-Claim-Set.sql
@@ -1653,178 +1653,6 @@ BEGIN
VALUES (@resourceClaimActionId, @authorizationStrategyId)
- ----------------------------------------------------------------------------------------------------------------------------
- -- Resource Claim: 'http://ed-fi.org/ods/identity/claims/studentContactAssociation'
- ----------------------------------------------------------------------------------------------------------------------------
- SET @claimName = 'http://ed-fi.org/ods/identity/claims/studentContactAssociation'
- SET @claimId = NULL
-
- SELECT @claimId = ResourceClaimId, @existingParentResourceClaimId = ParentResourceClaimId
- FROM dbo.ResourceClaims
- WHERE ClaimName = @claimName
-
- SELECT @parentResourceClaimId = ResourceClaimId
- FROM @claimIdStack
- WHERE Id = (SELECT Max(Id) FROM @claimIdStack)
-
- IF @claimId IS NULL
- BEGIN
- PRINT 'Creating new claim: ' + @claimName
-
- INSERT INTO dbo.ResourceClaims( ResourceName, ClaimName, ParentResourceClaimId)
- VALUES ('studentContactAssociation','http://ed-fi.org/ods/identity/claims/studentContactAssociation', @parentResourceClaimId)
-
- SET @claimId = SCOPE_IDENTITY()
- END
- ELSE
- BEGIN
- IF @parentResourceClaimId != @existingParentResourceClaimId OR (@parentResourceClaimId IS NULL AND @existingParentResourceClaimId IS NOT NULL) OR (@parentResourceClaimId IS NOT NULL AND @existingParentResourceClaimId IS NULL)
- BEGIN
- PRINT 'Repointing claim ''' + @claimName + ''' (ResourceClaimId=' + CONVERT(nvarchar, @claimId) + ') to new parent (ResourceClaimId=' + CONVERT(nvarchar, @parentResourceClaimId) + ')'
-
- UPDATE dbo.ResourceClaims
- SET ParentResourceClaimId = @parentResourceClaimId
- WHERE ResourceClaimId = @claimId
- END
- END
-
- -- Setting default authorization metadata
- PRINT 'Deleting default action authorizations for resource claim ''' + @claimName + ''' (claimId=' + CONVERT(nvarchar, @claimId) + ').'
-
- DELETE FROM dbo.ResourceClaimActionAuthorizationStrategies
- WHERE ResourceClaimActionId IN (SELECT ResourceClaimActionId FROM dbo.ResourceClaimActions WHERE ResourceClaimId = @claimId);
-
- DELETE FROM dbo.ResourceClaimActions
- WHERE ResourceClaimId = @claimId
-
- -- Default Create authorization
- PRINT 'Creating action ''Create'' for resource claim ''' + @claimName + ''' (claimId=' + CONVERT(nvarchar, @claimId) + ').'
- INSERT INTO dbo.ResourceClaimActions(ResourceClaimId, ActionId)
- VALUES (@claimId, @CreateActionId)
-
- SET @resourceClaimActionId = SCOPE_IDENTITY()
-
-
- SET @authorizationStrategyId = NULL
-
- SELECT @authorizationStrategyId = a.AuthorizationStrategyId
- FROM dbo.AuthorizationStrategies a
- WHERE a.AuthorizationStrategyName = 'RelationshipsWithStudentsOnly'
-
- IF @authorizationStrategyId IS NULL
- BEGIN
- SET @msg = 'AuthorizationStrategy does not exist: ''RelationshipsWithStudentsOnly''';
- THROW 50000, @msg, 1
- END
-
- PRINT 'Adding authorization strategy ''RelationshipsWithStudentsOnly'' for resource claim ''' + @claimName + ''' (claimId=' + CONVERT(nvarchar, @claimId) + ').'
- INSERT INTO dbo.ResourceClaimActionAuthorizationStrategies(ResourceClaimActionId, AuthorizationStrategyId)
- VALUES (@resourceClaimActionId, @authorizationStrategyId)
-
-
- -- Default Read authorization
- PRINT 'Creating action ''Read'' for resource claim ''' + @claimName + ''' (claimId=' + CONVERT(nvarchar, @claimId) + ').'
- INSERT INTO dbo.ResourceClaimActions(ResourceClaimId, ActionId)
- VALUES (@claimId, @ReadActionId)
-
- SET @resourceClaimActionId = SCOPE_IDENTITY()
-
-
- SET @authorizationStrategyId = NULL
-
- SELECT @authorizationStrategyId = a.AuthorizationStrategyId
- FROM dbo.AuthorizationStrategies a
- WHERE a.AuthorizationStrategyName = 'RelationshipsWithEdOrgsAndPeople'
-
- IF @authorizationStrategyId IS NULL
- BEGIN
- SET @msg = 'AuthorizationStrategy does not exist: ''RelationshipsWithEdOrgsAndPeople''';
- THROW 50000, @msg, 1
- END
-
- PRINT 'Adding authorization strategy ''RelationshipsWithEdOrgsAndPeople'' for resource claim ''' + @claimName + ''' (claimId=' + CONVERT(nvarchar, @claimId) + ').'
- INSERT INTO dbo.ResourceClaimActionAuthorizationStrategies(ResourceClaimActionId, AuthorizationStrategyId)
- VALUES (@resourceClaimActionId, @authorizationStrategyId)
-
-
- -- Default Update authorization
- PRINT 'Creating action ''Update'' for resource claim ''' + @claimName + ''' (claimId=' + CONVERT(nvarchar, @claimId) + ').'
- INSERT INTO dbo.ResourceClaimActions(ResourceClaimId, ActionId)
- VALUES (@claimId, @UpdateActionId)
-
- SET @resourceClaimActionId = SCOPE_IDENTITY()
-
-
- SET @authorizationStrategyId = NULL
-
- SELECT @authorizationStrategyId = a.AuthorizationStrategyId
- FROM dbo.AuthorizationStrategies a
- WHERE a.AuthorizationStrategyName = 'RelationshipsWithEdOrgsAndPeople'
-
- IF @authorizationStrategyId IS NULL
- BEGIN
- SET @msg = 'AuthorizationStrategy does not exist: ''RelationshipsWithEdOrgsAndPeople''';
- THROW 50000, @msg, 1
- END
-
- PRINT 'Adding authorization strategy ''RelationshipsWithEdOrgsAndPeople'' for resource claim ''' + @claimName + ''' (claimId=' + CONVERT(nvarchar, @claimId) + ').'
- INSERT INTO dbo.ResourceClaimActionAuthorizationStrategies(ResourceClaimActionId, AuthorizationStrategyId)
- VALUES (@resourceClaimActionId, @authorizationStrategyId)
-
-
- -- Default Delete authorization
- PRINT 'Creating action ''Delete'' for resource claim ''' + @claimName + ''' (claimId=' + CONVERT(nvarchar, @claimId) + ').'
- INSERT INTO dbo.ResourceClaimActions(ResourceClaimId, ActionId)
- VALUES (@claimId, @DeleteActionId)
-
- SET @resourceClaimActionId = SCOPE_IDENTITY()
-
-
- SET @authorizationStrategyId = NULL
-
- SELECT @authorizationStrategyId = a.AuthorizationStrategyId
- FROM dbo.AuthorizationStrategies a
- WHERE a.AuthorizationStrategyName = 'RelationshipsWithEdOrgsAndPeople'
-
- IF @authorizationStrategyId IS NULL
- BEGIN
- SET @msg = 'AuthorizationStrategy does not exist: ''RelationshipsWithEdOrgsAndPeople''';
- THROW 50000, @msg, 1
- END
-
- PRINT 'Adding authorization strategy ''RelationshipsWithEdOrgsAndPeople'' for resource claim ''' + @claimName + ''' (claimId=' + CONVERT(nvarchar, @claimId) + ').'
- INSERT INTO dbo.ResourceClaimActionAuthorizationStrategies(ResourceClaimActionId, AuthorizationStrategyId)
- VALUES (@resourceClaimActionId, @authorizationStrategyId)
-
-
- -- Default ReadChanges authorization
- PRINT 'Creating action ''ReadChanges'' for resource claim ''' + @claimName + ''' (claimId=' + CONVERT(nvarchar, @claimId) + ').'
- INSERT INTO dbo.ResourceClaimActions(ResourceClaimId, ActionId)
- VALUES (@claimId, @ReadChangesActionId)
-
- SET @resourceClaimActionId = SCOPE_IDENTITY()
-
-
- SET @authorizationStrategyId = NULL
-
- SELECT @authorizationStrategyId = a.AuthorizationStrategyId
- FROM dbo.AuthorizationStrategies a
- WHERE a.AuthorizationStrategyName = 'RelationshipsWithEdOrgsAndPeopleIncludingDeletes'
-
- IF @authorizationStrategyId IS NULL
- BEGIN
- SET @msg = 'AuthorizationStrategy does not exist: ''RelationshipsWithEdOrgsAndPeopleIncludingDeletes''';
- THROW 50000, @msg, 1
- END
-
- PRINT 'Adding authorization strategy ''RelationshipsWithEdOrgsAndPeopleIncludingDeletes'' for resource claim ''' + @claimName + ''' (claimId=' + CONVERT(nvarchar, @claimId) + ').'
- INSERT INTO dbo.ResourceClaimActionAuthorizationStrategies(ResourceClaimActionId, AuthorizationStrategyId)
- VALUES (@resourceClaimActionId, @authorizationStrategyId)
-
-
-
- -- Pop the stack
- DELETE FROM @claimIdStack WHERE Id = (SELECT Max(Id) FROM @claimIdStack)
----------------------------------------------------------------------------------------------------------------------------
-- Resource Claim: 'http://ed-fi.org/ods/identity/claims/domains/assessmentMetadata'
diff --git a/Application/EdFi.Ods.Standard/Standard/5.2.0/Artifacts/MsSql/Data/Security/Changes/0040-Add-ReadChanges-to-Sandbox-Claim-Set.xml b/Application/EdFi.Ods.Standard/Standard/5.2.0/Artifacts/MsSql/Data/Security/Changes/0040-Add-ReadChanges-to-Sandbox-Claim-Set.xml
index d065d4ba57..084cae975b 100644
--- a/Application/EdFi.Ods.Standard/Standard/5.2.0/Artifacts/MsSql/Data/Security/Changes/0040-Add-ReadChanges-to-Sandbox-Claim-Set.xml
+++ b/Application/EdFi.Ods.Standard/Standard/5.2.0/Artifacts/MsSql/Data/Security/Changes/0040-Add-ReadChanges-to-Sandbox-Claim-Set.xml
@@ -257,35 +257,6 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/Application/EdFi.Ods.Standard/Standard/5.2.0/Artifacts/PgSql/Data/Security/2190-StudentContactAssociation-ClaimName-Update.sql b/Application/EdFi.Ods.Standard/Standard/5.2.0/Artifacts/PgSql/Data/Security/2190-StudentContactAssociation-ClaimName-Update.sql
new file mode 100644
index 0000000000..e49d0819d1
--- /dev/null
+++ b/Application/EdFi.Ods.Standard/Standard/5.2.0/Artifacts/PgSql/Data/Security/2190-StudentContactAssociation-ClaimName-Update.sql
@@ -0,0 +1,55 @@
+-- SPDX-License-Identifier: Apache-2.0
+-- Licensed to the Ed-Fi Alliance under one or more agreements.
+-- The Ed-Fi Alliance licenses this file to you under the Apache License, Version 2.0.
+-- See the LICENSE and NOTICES files in the project root for more information.
+
+DO
+$$
+DECLARE
+ claim_id INT;
+ claim_name VARCHAR(2048);
+ parent_resource_claim_id INT;
+ existing_parent_resource_claim_id INT;
+BEGIN
+ -- Begin transaction
+ BEGIN
+
+ ----------------------------------------------------------------------------------------------------------------------------
+ -- Resource Claim: 'http://ed-fi.org/ods/identity/claims/domains/primaryRelationships'
+ ----------------------------------------------------------------------------------------------------------------------------
+ claim_name := 'http://ed-fi.org/ods/identity/claims/domains/primaryRelationships';
+
+ SELECT resourceclaimid INTO parent_resource_claim_id
+ FROM dbo.resourceclaims
+ WHERE claimname = claim_name;
+
+ -- Processing children of 'http://ed-fi.org/ods/identity/claims/domains/primaryRelationships'
+ ----------------------------------------------------------------------------------------------------------------------------
+ -- Resource Claim: 'http://ed-fi.org/ods/identity/claims/studentContactAssociation'
+ ----------------------------------------------------------------------------------------------------------------------------
+ claim_name := 'http://ed-fi.org/ods/identity/claims/studentContactAssociation';
+ claim_id := NULL;
+
+ SELECT resourceclaimid, parentresourceclaimid INTO claim_id, existing_parent_resource_claim_id
+ FROM dbo.resourceclaims
+ WHERE claimname = claim_name;
+
+ IF parent_resource_claim_id IS NOT NULL THEN
+ IF parent_resource_claim_id != existing_parent_resource_claim_id THEN
+ RAISE NOTICE 'Repointing claim % (ResourceClaimId=%) to new parent (ResourceClaimId=%)',
+ claim_name, claim_id, parent_resource_claim_id;
+
+ RAISE NOTICE 'Updating parent resource claim to primaryRelationships';
+
+ UPDATE dbo.resourceclaims
+ SET parentresourceclaimid = parent_resource_claim_id
+ WHERE resourceclaimid = claim_id;
+ END IF;
+ END IF;
+
+ -- Commit transaction
+ COMMIT;
+
+ END;
+END
+$$;
diff --git a/Application/EdFi.Ods.Standard/Standard/5.2.0/Artifacts/PgSql/Data/Security/Changes/0040-Add-ReadChanges-to-Sandbox-Claim-Set.sql b/Application/EdFi.Ods.Standard/Standard/5.2.0/Artifacts/PgSql/Data/Security/Changes/0040-Add-ReadChanges-to-Sandbox-Claim-Set.sql
index 6b7884db9a..78352353f2 100644
--- a/Application/EdFi.Ods.Standard/Standard/5.2.0/Artifacts/PgSql/Data/Security/Changes/0040-Add-ReadChanges-to-Sandbox-Claim-Set.sql
+++ b/Application/EdFi.Ods.Standard/Standard/5.2.0/Artifacts/PgSql/Data/Security/Changes/0040-Add-ReadChanges-to-Sandbox-Claim-Set.sql
@@ -1565,164 +1565,6 @@ BEGIN
INSERT INTO dbo.ResourceClaimActionAuthorizationStrategies(ResourceClaimActionId, AuthorizationStrategyId)
VALUES (resource_claim_action_id, authorization_strategy_id);
- ----------------------------------------------------------------------------------------------------------------------------
- -- Resource Claim: 'http://ed-fi.org/ods/identity/claims/studentContactAssociation'
- ----------------------------------------------------------------------------------------------------------------------------
- claim_name := 'http://ed-fi.org/ods/identity/claims/studentContactAssociation';
- claim_id := NULL;
-
- SELECT ResourceClaimId, ParentResourceClaimId INTO claim_id, existing_parent_resource_claim_id
- FROM dbo.ResourceClaims
- WHERE ClaimName = claim_name;
-
- parent_resource_claim_id := claim_id_stack[array_upper(claim_id_stack, 1)];
-
- IF claim_id IS NULL THEN
- RAISE NOTICE 'Creating new claim: %', claim_name;
-
- INSERT INTO dbo.ResourceClaims( ResourceName, ClaimName, ParentResourceClaimId)
- VALUES ('studentContactAssociation','http://ed-fi.org/ods/identity/claims/studentContactAssociation', parent_resource_claim_id)
- RETURNING ResourceClaimId
- INTO claim_id;
- ELSE
- IF parent_resource_claim_id != existing_parent_resource_claim_id OR (parent_resource_claim_id IS NULL AND existing_parent_resource_claim_id IS NOT NULL) OR (parent_resource_claim_id IS NOT NULL AND existing_parent_resource_claim_id IS NULL) THEN
- RAISE NOTICE USING MESSAGE = 'Repointing claim ''' || claim_name || ''' (ResourceClaimId=' || claim_id || ') to new parent (from ResourceClaimId=' || COALESCE(existing_parent_resource_claim_id, 0) || ' to ResourceClaimId=' || COALESCE(parent_resource_claim_id, 0) || ')';
-
- UPDATE dbo.ResourceClaims
- SET ParentResourceClaimId = parent_resource_claim_id
- WHERE ResourceClaimId = claim_id;
- END IF;
- END IF;
-
- -- Setting default authorization metadata
- RAISE NOTICE USING MESSAGE = 'Deleting default action authorizations for resource claim ''' || claim_name || ''' (claimId=' || claim_id || ').';
-
- DELETE FROM dbo.ResourceClaimActionAuthorizationStrategies
- WHERE ResourceClaimActionId IN (SELECT ResourceClaimActionId FROM dbo.ResourceClaimActions WHERE ResourceClaimId = claim_id);
-
- DELETE FROM dbo.ResourceClaimActions
- WHERE ResourceClaimId = claim_id;
-
-
- -- Default Create authorization
- RAISE NOTICE USING MESSAGE = 'Creating action ''Create'' for resource claim ''' || claim_name || ''' (claimId=' || claim_id || ').';
-
- INSERT INTO dbo.ResourceClaimActions(ResourceClaimId, ActionId)
- VALUES (claim_id, Create_action_id)
- RETURNING ResourceClaimActionId
- INTO resource_claim_action_id;
-
-
- authorization_strategy_id := NULL;
-
- SELECT a.AuthorizationStrategyId INTO authorization_strategy_id
- FROM dbo.AuthorizationStrategies a
- WHERE a.AuthorizationStrategyName = 'RelationshipsWithStudentsOnly';
-
- IF authorization_strategy_id IS NULL THEN
- RAISE EXCEPTION USING MESSAGE = 'AuthorizationStrategy does not exist: ''RelationshipsWithStudentsOnly''';
- END IF;
-
- RAISE NOTICE USING MESSAGE = 'Adding authorization strategy ''RelationshipsWithStudentsOnly'' for resource claim ''' || claim_name || ''' (claimId=' || claim_id || ').';
- INSERT INTO dbo.ResourceClaimActionAuthorizationStrategies(ResourceClaimActionId, AuthorizationStrategyId)
- VALUES (resource_claim_action_id, authorization_strategy_id);
-
- -- Default Read authorization
- RAISE NOTICE USING MESSAGE = 'Creating action ''Read'' for resource claim ''' || claim_name || ''' (claimId=' || claim_id || ').';
-
- INSERT INTO dbo.ResourceClaimActions(ResourceClaimId, ActionId)
- VALUES (claim_id, Read_action_id)
- RETURNING ResourceClaimActionId
- INTO resource_claim_action_id;
-
-
- authorization_strategy_id := NULL;
-
- SELECT a.AuthorizationStrategyId INTO authorization_strategy_id
- FROM dbo.AuthorizationStrategies a
- WHERE a.AuthorizationStrategyName = 'RelationshipsWithEdOrgsAndPeople';
-
- IF authorization_strategy_id IS NULL THEN
- RAISE EXCEPTION USING MESSAGE = 'AuthorizationStrategy does not exist: ''RelationshipsWithEdOrgsAndPeople''';
- END IF;
-
- RAISE NOTICE USING MESSAGE = 'Adding authorization strategy ''RelationshipsWithEdOrgsAndPeople'' for resource claim ''' || claim_name || ''' (claimId=' || claim_id || ').';
- INSERT INTO dbo.ResourceClaimActionAuthorizationStrategies(ResourceClaimActionId, AuthorizationStrategyId)
- VALUES (resource_claim_action_id, authorization_strategy_id);
-
- -- Default Update authorization
- RAISE NOTICE USING MESSAGE = 'Creating action ''Update'' for resource claim ''' || claim_name || ''' (claimId=' || claim_id || ').';
-
- INSERT INTO dbo.ResourceClaimActions(ResourceClaimId, ActionId)
- VALUES (claim_id, Update_action_id)
- RETURNING ResourceClaimActionId
- INTO resource_claim_action_id;
-
-
- authorization_strategy_id := NULL;
-
- SELECT a.AuthorizationStrategyId INTO authorization_strategy_id
- FROM dbo.AuthorizationStrategies a
- WHERE a.AuthorizationStrategyName = 'RelationshipsWithEdOrgsAndPeople';
-
- IF authorization_strategy_id IS NULL THEN
- RAISE EXCEPTION USING MESSAGE = 'AuthorizationStrategy does not exist: ''RelationshipsWithEdOrgsAndPeople''';
- END IF;
-
- RAISE NOTICE USING MESSAGE = 'Adding authorization strategy ''RelationshipsWithEdOrgsAndPeople'' for resource claim ''' || claim_name || ''' (claimId=' || claim_id || ').';
- INSERT INTO dbo.ResourceClaimActionAuthorizationStrategies(ResourceClaimActionId, AuthorizationStrategyId)
- VALUES (resource_claim_action_id, authorization_strategy_id);
-
- -- Default Delete authorization
- RAISE NOTICE USING MESSAGE = 'Creating action ''Delete'' for resource claim ''' || claim_name || ''' (claimId=' || claim_id || ').';
-
- INSERT INTO dbo.ResourceClaimActions(ResourceClaimId, ActionId)
- VALUES (claim_id, Delete_action_id)
- RETURNING ResourceClaimActionId
- INTO resource_claim_action_id;
-
-
- authorization_strategy_id := NULL;
-
- SELECT a.AuthorizationStrategyId INTO authorization_strategy_id
- FROM dbo.AuthorizationStrategies a
- WHERE a.AuthorizationStrategyName = 'RelationshipsWithEdOrgsAndPeople';
-
- IF authorization_strategy_id IS NULL THEN
- RAISE EXCEPTION USING MESSAGE = 'AuthorizationStrategy does not exist: ''RelationshipsWithEdOrgsAndPeople''';
- END IF;
-
- RAISE NOTICE USING MESSAGE = 'Adding authorization strategy ''RelationshipsWithEdOrgsAndPeople'' for resource claim ''' || claim_name || ''' (claimId=' || claim_id || ').';
- INSERT INTO dbo.ResourceClaimActionAuthorizationStrategies(ResourceClaimActionId, AuthorizationStrategyId)
- VALUES (resource_claim_action_id, authorization_strategy_id);
-
- -- Default ReadChanges authorization
- RAISE NOTICE USING MESSAGE = 'Creating action ''ReadChanges'' for resource claim ''' || claim_name || ''' (claimId=' || claim_id || ').';
-
- INSERT INTO dbo.ResourceClaimActions(ResourceClaimId, ActionId)
- VALUES (claim_id, ReadChanges_action_id)
- RETURNING ResourceClaimActionId
- INTO resource_claim_action_id;
-
-
- authorization_strategy_id := NULL;
-
- SELECT a.AuthorizationStrategyId INTO authorization_strategy_id
- FROM dbo.AuthorizationStrategies a
- WHERE a.AuthorizationStrategyName = 'RelationshipsWithEdOrgsAndPeopleIncludingDeletes';
-
- IF authorization_strategy_id IS NULL THEN
- RAISE EXCEPTION USING MESSAGE = 'AuthorizationStrategy does not exist: ''RelationshipsWithEdOrgsAndPeopleIncludingDeletes''';
- END IF;
-
- RAISE NOTICE USING MESSAGE = 'Adding authorization strategy ''RelationshipsWithEdOrgsAndPeopleIncludingDeletes'' for resource claim ''' || claim_name || ''' (claimId=' || claim_id || ').';
- INSERT INTO dbo.ResourceClaimActionAuthorizationStrategies(ResourceClaimActionId, AuthorizationStrategyId)
- VALUES (resource_claim_action_id, authorization_strategy_id);
-
-
- -- Pop the stack
- claim_id_stack := (select claim_id_stack[1:array_upper(claim_id_stack, 1) - 1]);
-
----------------------------------------------------------------------------------------------------------------------------
-- Resource Claim: 'http://ed-fi.org/ods/identity/claims/domains/assessmentMetadata'
----------------------------------------------------------------------------------------------------------------------------
diff --git a/Application/EdFi.Ods.Standard/Standard/5.2.0/Artifacts/PgSql/Data/Security/Changes/0040-Add-ReadChanges-to-Sandbox-Claim-Set.xml b/Application/EdFi.Ods.Standard/Standard/5.2.0/Artifacts/PgSql/Data/Security/Changes/0040-Add-ReadChanges-to-Sandbox-Claim-Set.xml
index d065d4ba57..084cae975b 100644
--- a/Application/EdFi.Ods.Standard/Standard/5.2.0/Artifacts/PgSql/Data/Security/Changes/0040-Add-ReadChanges-to-Sandbox-Claim-Set.xml
+++ b/Application/EdFi.Ods.Standard/Standard/5.2.0/Artifacts/PgSql/Data/Security/Changes/0040-Add-ReadChanges-to-Sandbox-Claim-Set.xml
@@ -257,35 +257,6 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-