diff --git a/odataorganizer/procedures/CoOrganizerCreate.hdbprocedure b/odataorganizer/procedures/CoOrganizerCreate.hdbprocedure index dd1a02f..c4dcf5c 100644 --- a/odataorganizer/procedures/CoOrganizerCreate.hdbprocedure +++ b/odataorganizer/procedures/CoOrganizerCreate.hdbprocedure @@ -54,9 +54,9 @@ BEGIN AND "History.CreatedBy" = lv_CreatedBy; IF lv_Count = 1 THEN - INSERT INTO "com.sap.sapmentors.sitreg.data::SITreg.CoOrganizer" - VALUES( - lv_EventID + INSERT INTO "com.sap.sapmentors.sitreg.data::SITreg.CoOrganizer" + VALUES( + lv_EventID , UCASE( lv_UserName ) , lv_CreatedBy , CURRENT_TIMESTAMP @@ -64,6 +64,9 @@ BEGIN , CURRENT_TIMESTAMP , lv_Active ); + CALL "SITREG"."com.sap.sapmentors.sitreg.odataorganizer.procedures::GrantOrganizerRoleToUser" ( + USERNAME => UCASE( lv_UserName ) + ); ELSE error = SELECT 400 AS http_status_code, 'Event does not belong to you' AS error_message, diff --git a/odataorganizer/procedures/GrantOrganizerRoleToUser.hdbprocedure b/odataorganizer/procedures/GrantOrganizerRoleToUser.hdbprocedure new file mode 100644 index 0000000..4e79e26 --- /dev/null +++ b/odataorganizer/procedures/GrantOrganizerRoleToUser.hdbprocedure @@ -0,0 +1,26 @@ +-- +-- Copyright 2016 SAP Mentors +-- +-- Licensed under the Apache License, Version 2.0 (the "License"); +-- you may not use this file except in compliance with the License. +-- You may obtain a copy of the License at +-- +-- http://www.apache.org/licenses/LICENSE-2.0 +-- +-- Unless required by applicable law or agreed to in writing, software +-- distributed under the License is distributed on an "AS IS" BASIS, +-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +-- See the License for the specific language governing permissions and +-- limitations under the License. +-- +PROCEDURE "SITREG"."com.sap.sapmentors.sitreg.odataorganizer.procedures::GrantOrganizerRoleToUser" ( + IN USERNAME VARCHAR(256) +) + LANGUAGE SQLSCRIPT + SQL SECURITY DEFINER + DEFAULT SCHEMA SITREG + AS + ROLENAME VARCHAR(256) := 'com.sap.sapmentors.sitreg.roles::organizer'; +BEGIN + CALL "_SYS_REPO"."GRANT_ACTIVATED_ROLE"(ROLENAME => ROLENAME, USERNAME => USERNAME); +END \ No newline at end of file diff --git a/roles/organizer.hdbrole b/roles/organizer.hdbrole index 3425e5a..7dfefc7 100644 --- a/roles/organizer.hdbrole +++ b/roles/organizer.hdbrole @@ -1,6 +1,9 @@ role com.sap.sapmentors.sitreg.roles::organizer { // catalog schema "SITREG": SELECT; + sql object com.sap.sapmentors.sitreg.data::eventId: SELECT; sql object com.sap.sapmentors.sitreg.data::SITreg.Event: SELECT, INSERT, UPDATE; + sql object com.sap.sapmentors.sitreg.odataorganizer.procedures::EventCreate: EXECUTE; + sql object com.sap.sapmentors.sitreg.odataorganizer.procedures::EventUpdate: EXECUTE; sql object com.sap.sapmentors.sitreg.data::SITreg.Device: SELECT, INSERT, UPDATE; sql object com.sap.sapmentors.sitreg.odataorganizer.procedures::DeviceCreate: EXECUTE; sql object com.sap.sapmentors.sitreg.odataorganizer.procedures::DeviceUpdate: EXECUTE; @@ -13,9 +16,8 @@ role com.sap.sapmentors.sitreg.roles::organizer { sql object com.sap.sapmentors.sitreg.data::SITreg.CoOrganizer: SELECT, INSERT, UPDATE; sql object com.sap.sapmentors.sitreg.odataorganizer.procedures::CoOrganizerCreate: EXECUTE; sql object com.sap.sapmentors.sitreg.odataorganizer.procedures::CoOrganizerUpdate: EXECUTE; - sql object com.sap.sapmentors.sitreg.odataorganizer.procedures::EventCreate: EXECUTE; - sql object com.sap.sapmentors.sitreg.data::eventId: SELECT; - sql object com.sap.sapmentors.sitreg.odataorganizer.procedures::EventUpdate: EXECUTE; + sql object com.sap.sapmentors.sitreg.odataorganizer.procedures::CoOrganizerUpdate: EXECUTE; + sql object com.sap.sapmentors.sitreg.odataorganizer.procedures::GrantOrganizerRoleToUser: EXECUTE; sql object com.sap.sapmentors.sitreg.odataorganizer.procedures::UpdateWaitingList: EXECUTE; application privilege: "com.sap.sapmentors.sitreg.odataorganizer::organizer"; diff --git a/test/procedures/setup.hdbprocedure b/test/procedures/setup.hdbprocedure index ead20c8..1648f44 100644 --- a/test/procedures/setup.hdbprocedure +++ b/test/procedures/setup.hdbprocedure @@ -46,10 +46,9 @@ BEGIN DELETE FROM "com.sap.sapmentors.sitreg.data::SITreg.Organizer" WHERE "History.CreatedBy" = 'PARTICIPANT'; - CALL _SYS_REPO.GRANT_ACTIVATED_ROLE ('com.sap.sapmentors.sitreg.roles::organizer','ORGANIZER'); - CALL _SYS_REPO.GRANT_ACTIVATED_ROLE ('com.sap.sapmentors.sitreg.roles::organizer','COORGANIZER'); - CALL _SYS_REPO.GRANT_ACTIVATED_ROLE ('com.sap.sapmentors.sitreg.roles::participant','COORGANIZER'); - CALL _SYS_REPO.GRANT_ACTIVATED_ROLE ('com.sap.sapmentors.sitreg.roles::participant','PARTICIPANT'); + CALL _SYS_REPO.GRANT_ACTIVATED_ROLE ('com.sap.sapmentors.sitreg.roles::organizer', 'ORGANIZER' ); + CALL _SYS_REPO.GRANT_ACTIVATED_ROLE ('com.sap.sapmentors.sitreg.roles::participant', 'COORGANIZER' ); + CALL _SYS_REPO.GRANT_ACTIVATED_ROLE ('com.sap.sapmentors.sitreg.roles::participant', 'PARTICIPANT' ); CALL _SYS_REPO.GRANT_ACTIVATED_ROLE ('com.sap.sapmentors.sitreg.roles::receptionist','RECEPTIONIST'); END \ No newline at end of file diff --git a/test/spec/Organizer.js b/test/spec/Organizer.js index d2930bc..6cea204 100644 --- a/test/spec/Organizer.js +++ b/test/spec/Organizer.js @@ -89,13 +89,12 @@ describe("Add COORGANIZER to event", function() { describe("Add additional co-organizers to event", function() { it("should add additional co-organizers to event", function() { - var xhr = addCoOrganizer(eventID, "XSA_DEV"); + xhr = addCoOrganizer(eventIDsmall, "COORGANIZER"); expect(xhr.status).toBe(201); expect(xhr.statusText).toBe("Created"); xhr = addCoOrganizer(eventID, "GWOLF"); xhr = addCoOrganizer(eventID, "S0001142741"); xhr = addCoOrganizer(eventIDsmall, "S0001142741"); - xhr = addCoOrganizer(eventIDsmall, "COORGANIZER"); }); });