OHDSI · rkboyce · Feb 2, 2024 · Feb 2, 2024 · Aug 23, 2024 · Aug 23, 2024
diff --git a/...ion/postgresql/V2.14.1.20240130082100__fix_atlas_read_restricted_role_and_permissions.sql b/...ion/postgresql/V2.14.1.20240130082100__fix_atlas_read_restricted_role_and_permissions.sql
@@ -0,0 +1,226 @@
+delete from ${ohdsiSchema}.sec_role_permission where role_id = 15;
+
+INSERT INTO ${ohdsiSchema}.sec_role_permission (role_id, permission_id)
+with vocab_source as (
+ select source_key
+ from ${ohdsiSchema}.source s
+   inner join ${ohdsiSchema}.source_daimon sd on s.source_id = sd.source_id 
+ where sd.daimon_type = 1
+), vocab_perms as (
+ select distinct concat(l,m,r) perm
+ from (
+ select *
+ from (values 
+		('vocabulary:')
+	) t1 (l)
+ cross join 
+	( select source_key 
+	  from vocab_source
+	) t2 (m)
+ cross join 
- from (values 
-		('vocabulary:')
-	) t1 (l)
- cross join 
-	( select source_key 
-	  from vocab_source
-	) t2 (m)
- cross join 
+ from (values 
+		('vocabulary:*')
+	) t1 (l)
+ cross join 
- from (values 
-		('vocabulary:')
-	) t1 (l)
- cross join 
-	( select source_key 
-	  from vocab_source
-	) t2 (m)
- cross join 
+ from (values 
+		('vocabulary:*')
+	) t1 (l)
+ cross join 
+	(values
+		(':*:get'),
+		(':compare:post'),
+		(':concept:*:ancestorAndDescendant:get'),
+		(':concept:*:get'),
+		(':concept:*:related:get'),
+		(':included-concepts:count:post'),
+		(':lookup:identifiers:ancestors:post'),
+		(':lookup:identifiers:post'),
+		(':lookup:mapped:post'),
+		(':lookup:recommended:post'),
+		(':lookup:sourcecodes:post'),
+		(':optimize:post'),
+		(':resolveConceptSetExpression:post'),
+		(':search:*:get'),
+		(':search:post')
+	) t3 (r)
+ ) combined
+)
+SELECT DISTINCT 15 role_id, permission_id
+    FROM ${ohdsiSchema}.sec_role_permission srp  
+       INNER JOIN ${ohdsiSchema}.sec_permission sp ON srp.permission_id = sp.id      
+    WHERE 
+       sp.value IN (select perm from vocab_perms) 
+       or
+       sp.value IN 
+          (
+		'*:cohortresults:*:breakdown:get',
+		'*:person:*:get:dates',
+		'*:vocabulary:lookup:identifiers:post',
+		'cdmresults:*:get',
+		'cohort-characterization:*:download:get',
+		'cohort-characterization:*:exists:get',
+		'cohort-characterization:*:export:conceptset:get',
+		'cohort-characterization:*:export:get',
+		'cohort-characterization:*:post',
+		'cohort-characterization:*:tag:*:delete',
+		'cohort-characterization:*:tag:post',
+		'cohort-characterization:*:version:*:createAsset:put',
+		'cohort-characterization:*:version:*:delete',
+		'cohort-characterization:*:version:*:put',
+		'cohort-characterization:byTags:post',
+		'cohort-characterization:check:post',
+		'cohort-characterization:generation:*:delete',
+		'cohort-characterization:generation:*:design:get',
+		'cohort-characterization:generation:*:explore:prevalence:*:*:*:get',
+		'cohort-characterization:generation:*:result:count:get',
+		'cohort-characterization:generation:*:result:export:post',
+		'cohort-characterization:generation:*:result:get',
+		'cohort-characterization:generation:*:result:post',
+		'cohort-characterization:get',
+		'cohort-characterization:import:post',
+		'cohort-characterization:post',
+		'cohortanalysis:*:get',
+		'cohortanalysis:get',
+		'cohortanalysis:post',
+		'cohortdefinition:*:check:get',
+		'cohortdefinition:*:check:post',
+		'cohortdefinition:*:copy:get',
+		'cohortdefinition:*:exists:get',
+		'cohortdefinition:*:export:conceptset:get',
+		'cohortdefinition:*:tag:*:delete',
+		'cohortdefinition:*:tag:post',
+		'cohortdefinition:*:version:*:createAsset:put',
+		'cohortdefinition:*:version:*:delete',
+		'cohortdefinition:*:version:*:put',
+		'cohortdefinition:byTags:post',
+		'cohortdefinition:check:post',
+		'cohortdefinition:checkv2:post',
+		'cohortdefinition:get',
+		'cohortdefinition:post',
+		'cohortdefinition:printfriendly:cohort:post',
+		'cohortdefinition:printfriendly:conceptsets:post',
+		'cohortdefinition:sql:post',
+		'cohortresults:*:get',
+		'cohortsample:*:*:*:delete',
+		'cohortsample:*:*:*:get',
+		'cohortsample:*:*:*:refresh:post',
+		'cohortsample:*:*:delete',
+		'cohortsample:*:*:get',
+		'cohortsample:*:*:post',
+		'comparativecohortanalysis:*:copy:get',
+		'comparativecohortanalysis:*:delete',
+		'comparativecohortanalysis:*:put',
+		'comparativecohortanalysis:get',
+		'comparativecohortanalysis:post',
+		'conceptset:*:copy-name:get',
+		'conceptset:*:exists:get',
+		'conceptset:*:export:get',
+		'conceptset:*:expression:*:get',
+		'conceptset:*:generationinfo:get',
+		'conceptset:*:tag:*:delete',
+		'conceptset:*:tag:post',
+		'conceptset:*:version:*:createAsset:put',
+		'conceptset:*:version:*:delete',
+		'conceptset:*:version:*:expression:*:get',
+		'conceptset:*:version:*:get',
+		'conceptset:*:version:*:put',
+		'conceptset:*:version:get',
+		'conceptset:byTags:post',
+		'conceptset:check:post',
+		'conceptset:get',
+		'conceptset:post',
+		'configuration:edit:ui',
+		'estimation:*:exists:get',
+		'estimation:*:generation:*:post',
+		'estimation:check:post',
+		'estimation:generation:*:result:get',
+		'estimation:get',
+		'estimation:import:post',
+		'estimation:post',
+		'evidence:*:drugconditionpairs:post',
+		'evidence:*:druglabel:post',
+		'evidence:*:get',
+		'evidence:*:negativecontrols:*:get',
+		'evidence:*:negativecontrols:post',
+		'executionservice:*:get',
+		'executionservice:execution:run:post',
+		'feasibility:*:delete',
+		'feasibility:*:get',
+		'feasibility:*:put',
+		'feasibility:get',
+		'feature-analysis:*:copy:get',
+		'feature-analysis:*:exists:get',
+		'feature-analysis:*:export:conceptset:get',
+		'feature-analysis:*:get',
+		'feature-analysis:aggregates:get',
+		'feature-analysis:get',
+		'feature-analysis:post',
+		'featureextraction:*:get',
+		'gis:cohort:*:bounds:*:get',
+		'gis:cohort:*:clusters:*:get',
+		'gis:cohort:*:density:*:get',
+		'gis:person:*:bounds:*:get',
+		'gis:source:check:*:get',
+		'ir:*:exists:get',
+		'ir:*:tag:*:delete',
+		'ir:*:tag:post',
+		'ir:*:version:*:createAsset:put',
+		'ir:*:version:*:delete',
+		'ir:*:version:*:put',
+		'ir:byTags:post',
+		'ir:check:post',
+		'ir:design:post',
+		'ir:get',
+		'ir:post',
+		'ir:sql:post',
+		'job:execution:get',
+		'job:get',
+		'job:type:*:name:*:get',
+		'notifications:get',
+		'notifications:viewed:get',
+		'notifications:viewed:post',
+		'pathway-analysis:*:exists:get',
+		'pathway-analysis:*:export:get',
+		'pathway-analysis:*:post',
+		'pathway-analysis:*:tag:*:delete',
+		'pathway-analysis:*:tag:post',
+		'pathway-analysis:*:version:*:createAsset:put',
+		'pathway-analysis:*:version:*:delete',
+		'pathway-analysis:*:version:*:put',
+		'pathway-analysis:byTags:post',
+		'pathway-analysis:check:post',
+		'pathway-analysis:get',
+		'pathway-analysis:import:post',
+		'pathway-analysis:post',
+		'plp:*:copy:get',
+		'plp:*:delete',
+		'plp:*:put',
+		'plp:get',
+		'plp:post',
+		'prediction:*:generation:*:post',
+		'prediction:check:post',
+		'prediction:generation:*:result:get',
+		'prediction:get',
+		'prediction:import:post',
+		'prediction:post',
+		'reusable:*:exists:get',
+		'reusable:*:get',
+		'reusable:*:post',
+		'reusable:*:tag:*:delete',
+		'reusable:*:tag:post',
+		'reusable:*:version:*:createAsset:put',
+		'reusable:*:version:*:delete',
+		'reusable:*:version:*:get',
+		'reusable:*:version:*:put',
+		'reusable:*:version:get',
+		'reusable:byTags:post',
+		'reusable:get',
+		'reusable:post',
+		'source:*:get',
+		'source:daimon:priority:get',
+		'source:priorityVocabulary:get',
+		'sqlrender:translate:post',
+		'tag:*:delete',
+		'tag:*:get',
+		'tag:*:put',
+		'tag:get',
+		'tag:multiAssign:post',
+		'tag:multiUnassign:post',
+		'tag:post',
+		'tag:search:get',
+		'vocabulary:*:compare-arbitrary',
+		'vocabulary:*:post'
+       )
+;