| 36407 |
amit |
1 |
-- Migration: grant fofo-role access to the partner-margin-by-IMEI lookup endpoint.
|
|
|
2 |
-- The endpoint already exists in code (SchemeController.getImeiNetMarginModal),
|
|
|
3 |
-- but it's missing from the dtr.api / dtr.role_api access tables, so users hit
|
|
|
4 |
-- it through the auth interceptor without permission. This migration registers
|
|
|
5 |
-- the endpoint and copies the same role grants that already exist for '/order'
|
|
|
6 |
-- (the URI that renders the orders page where the View Margin button lives).
|
|
|
7 |
|
|
|
8 |
-- Step 1: register the endpoint in the api table.
|
|
|
9 |
INSERT INTO api (name, uri, method, create_timestamp, update_timestamp)
|
|
|
10 |
SELECT 'getImeiNetMarginModal', '/getImeiNetMarginModal', 'GET', NOW(), NOW()
|
|
|
11 |
WHERE NOT EXISTS (SELECT 1 FROM api WHERE uri = '/getImeiNetMarginModal' AND method = 'GET');
|
|
|
12 |
|
|
|
13 |
-- Step 2: grant role_api to the same roles that currently access '/order'.
|
|
|
14 |
-- The View Margin button is rendered on the orders page; whoever can see that
|
|
|
15 |
-- page should be able to invoke this lookup.
|
|
|
16 |
INSERT INTO role_api (role_id, api_id)
|
|
|
17 |
SELECT ra.role_id, new_api.id
|
|
|
18 |
FROM role_api ra
|
|
|
19 |
JOIN api old_api ON old_api.id = ra.api_id AND old_api.uri = '/order'
|
|
|
20 |
JOIN api new_api ON new_api.uri = '/getImeiNetMarginModal'
|
|
|
21 |
WHERE NOT EXISTS (SELECT 1 FROM role_api ra2
|
|
|
22 |
WHERE ra2.role_id = ra.role_id AND ra2.api_id = new_api.id);
|