diff --git a/SQL/0000-00-02-Permission.sql b/SQL/0000-00-02-Permission.sql index c5bd8671a91..84213fed7d9 100644 --- a/SQL/0000-00-02-Permission.sql +++ b/SQL/0000-00-02-Permission.sql @@ -98,7 +98,7 @@ INSERT INTO `permissions` VALUES (26,'document_repository_view','Documents',(SELECT ID FROM modules WHERE Name='document_repository'),'View','2'), (27,'document_repository_delete','Documents',(SELECT ID FROM modules WHERE Name='document_repository'),'Delete','2'), (28,'server_processes_manager','Processes',(SELECT ID FROM modules WHERE Name='server_processes_manager'),'View','2'), - (29,'imaging_uploader','Imaging Scans',(SELECT ID FROM modules WHERE Name='imaging_uploader'),'View/Upload','2'), + (29,'imaging_uploader_allsites','Imaging Scans - All Sites',(SELECT ID FROM modules WHERE Name='imaging_uploader'),'View/Upload','2'), (30,'acknowledgements_view','Acknowledgee List',(SELECT ID FROM modules WHERE Name='acknowledgements'),'View','2'), (31,'acknowledgements_edit','Acknowledgee List',(SELECT ID FROM modules WHERE Name='acknowledgements'),'Edit','2'), (32,'dataquery_view','Cross-Modality Data',(SELECT ID FROM modules WHERE Name='dataquery'),'View/Download','2'), @@ -137,7 +137,8 @@ INSERT INTO `permissions` VALUES (65,'schedule_module','Schedule Module - edit and delete the appointment',(SELECT ID FROM modules WHERE Name='schedule_module'),'View/Create/Edit','2'), (66,'document_repository_categories','Categories',(SELECT ID FROM modules WHERE Name='document_repository'), 'Edit/Upload/Delete', '2'), (67,'document_repository_hidden','Restricted files',(SELECT ID FROM modules WHERE Name='document_repository'), 'View', '2'), - (68,'imaging_uploader_nosessionid', 'uploads with no session ID', (SELECT ID FROM modules WHERE Name='imaging_uploader'), 'View', 2); + (68,'imaging_uploader_ownsites', 'Imaging Scans - Own Sites', (SELECT ID FROM modules WHERE Name='imaging_uploader'), 'View', '2'), + (68,'imaging_uploader_nosessionid', 'Imaging Scans with no session ID', (SELECT ID FROM modules WHERE Name='imaging_uploader'), 'View', '2'); INSERT INTO `user_perm_rel` (userID, permID) SELECT u.ID, p.permID diff --git a/SQL/0000-00-03-ConfigTables.sql b/SQL/0000-00-03-ConfigTables.sql index 591e323e60e..d9a9366cf7e 100644 --- a/SQL/0000-00-03-ConfigTables.sql +++ b/SQL/0000-00-03-ConfigTables.sql @@ -97,7 +97,7 @@ INSERT INTO ConfigSettings (Name, Description, Visible, AllowMultiple, DataType, INSERT INTO ConfigSettings (Name, Description, Visible, AllowMultiple, DataType, Parent, Label, OrderNumber) SELECT 'LegoPhantomRegex', 'Regex for identifying a Lego Phantom scan header', 1, 0, 'text', ID, 'Lego phantom regex', 3 FROM ConfigSettings WHERE Name="imaging_modules"; INSERT INTO ConfigSettings (Name, Description, Visible, AllowMultiple, DataType, Parent, Label, OrderNumber) SELECT 'LivingPhantomRegex', 'Regex to be used on Living Phantom scan header', 1, 0, 'text', ID, 'Living phantom regex', 4 FROM ConfigSettings WHERE Name="imaging_modules"; INSERT INTO ConfigSettings (Name, Description, Visible, AllowMultiple, DataType, Parent, Label, OrderNumber) SELECT 'showTransferStatus', 'Show transfer status in the DICOM Archive table', 1, 0, 'boolean', ID, 'Show transfer status', 5 FROM ConfigSettings WHERE Name="imaging_modules"; -INSERT INTO ConfigSettings (Name, Description, Visible, AllowMultiple, DataType, Parent, Label, OrderNumber) SELECT 'useSiteProjectPermissions', 'Only allow users access to data with a sessionID (for site and project access restrictions). Bypassed by each module `nosessionid` permission for admins', 1, 0, 'boolean', ID, 'Use Site Project Permissions', 6 FROM ConfigSettings WHERE Name='imaging_modules'; +INSERT INTO ConfigSettings (Name, Description, Visible, AllowMultiple, DataType, Parent, Label, OrderNumber) SELECT 'useImagingSiteProjectPermissions', 'Restricts access to data based on both sites and project. Allows access to data with no session affiliated using a special permission only', 1, 0, 'boolean', ID, 'Use Advanced Site Project Permissions', 6 FROM ConfigSettings WHERE Name="imaging_modules"; INSERT INTO ConfigSettings (Name, Description, Visible, AllowMultiple, DataType, Parent, Label, OrderNumber) SELECT 'tblScanTypes', 'Scan types from the mri_scan_type table that the project wants to see displayed in Imaging Browser table', 1, 1, 'scan_type', ID, 'Imaging Browser Tabulated Scan Types', 7 FROM ConfigSettings WHERE Name="imaging_modules"; INSERT INTO ConfigSettings (Name, Description, Visible, AllowMultiple, DataType, Parent, Label, OrderNumber) SELECT 'ImagingBrowserLinkedInstruments', 'Instruments that the users want to see linked from Imaging Browser', 1, 1, 'instrument', ID, 'Imaging Browser Links to Instruments', 8 FROM ConfigSettings WHERE Name="imaging_modules"; @@ -233,7 +233,7 @@ INSERT INTO Config (ConfigID, Value) SELECT ID, "." FROM ConfigSettings WHERE Na INSERT INTO Config (ConfigID, Value) SELECT ID, "(?i)phantom" FROM ConfigSettings WHERE Name="LegoPhantomRegex"; INSERT INTO Config (ConfigID, Value) SELECT ID, "(?i)phantom" FROM ConfigSettings WHERE Name="LivingPhantomRegex"; INSERT INTO Config (ConfigID, Value) SELECT ID, "false" FROM ConfigSettings WHERE Name="showTransferStatus"; -INSERT INTO Config (ConfigID, Value) SELECT ID, "false" FROM ConfigSettings WHERE Name="useSiteProjectPermissions"; +INSERT INTO Config (ConfigID, Value) SELECT ID, "false" FROM ConfigSettings WHERE Name="useImagingSiteProjectPermissions"; INSERT INTO Config (ConfigID, Value) SELECT cs.ID, GROUP_CONCAT(mst.MriScanTypeName) FROM ConfigSettings cs JOIN mri_scan_type mst WHERE cs.Name="tblScanTypes" AND mst.MriScanTypeID=44; INSERT INTO Config (ConfigID, Value) SELECT cs.ID, GROUP_CONCAT(mst.MriScanTypeName) FROM ConfigSettings cs JOIN mri_scan_type mst WHERE cs.Name="tblScanTypes" AND mst.MriScanTypeID=45; INSERT INTO Config (ConfigID, Value) SELECT cs.ID, "mri_parameter_form" FROM ConfigSettings cs WHERE cs.Name="ImagingBrowserLinkedInstruments"; diff --git a/SQL/New_patches/2025-01-15-Imaging_modules_site_project_permissions.sql b/SQL/New_patches/2025-01-15-Imaging_modules_site_project_permissions.sql deleted file mode 100644 index 57ff7bf6a19..00000000000 --- a/SQL/New_patches/2025-01-15-Imaging_modules_site_project_permissions.sql +++ /dev/null @@ -1,5 +0,0 @@ -INSERT INTO permissions (code, description, moduleID, `action`, categoryID) -SELECT 'imaging_uploader_nosessionid', 'uploads with no session ID', ID, 'View', 2 FROM modules WHERE Name='imaging_uploader'; - -INSERT INTO ConfigSettings (Name, Description, Visible, AllowMultiple, DataType, Parent, Label, OrderNumber) -SELECT 'useSiteProjectPermissions', 'Only allow users access to data with a sessionID (for site and project access restrictions). Bypassed by module `nosessionid` permissions for admins', 1, 0, 'boolean', ID, 'Use Site Project Permissions', 6 FROM ConfigSettings WHERE Name='imaging_modules'; diff --git a/SQL/New_patches/2025-01-15-Imaging_uploader_site_project_permissions.sql b/SQL/New_patches/2025-01-15-Imaging_uploader_site_project_permissions.sql new file mode 100644 index 00000000000..cedd3725c2e --- /dev/null +++ b/SQL/New_patches/2025-01-15-Imaging_uploader_site_project_permissions.sql @@ -0,0 +1,8 @@ +UPDATE permissions SET code = 'imaging_uploader_allsites', description='Imaging Scans - All Sites' WHERE code='imaging_uploader'; +INSERT INTO permissions (code, description, moduleID, `action`, categoryID) +SELECT 'imaging_uploader_ownsites', 'Imaging Scans - Own Sites', ID, 'View/Upload', 2 FROM modules WHERE Name='imaging_uploader'; +INSERT INTO permissions (code, description, moduleID, `action`, categoryID) +SELECT 'imaging_uploader_nosessionid', 'Uploads with No Session Information', ID, 'View', 2 FROM modules WHERE Name='imaging_uploader'; + +INSERT IGNORE INTO ConfigSettings (Name, Description, Visible, AllowMultiple, DataType, Parent, Label, OrderNumber) +SELECT 'useImagingSiteProjectPermissions', 'Restricts access to data based on both sites and project. Allows access to data with no session affiliated using a special permission only', 1, 0, 'boolean', ID, 'Use Advanced Site Project Permissions', 6 FROM ConfigSettings WHERE Name='imaging_modules'; \ No newline at end of file diff --git a/modules/imaging_uploader/README.md b/modules/imaging_uploader/README.md index bccf4784e40..82d9fe4a74a 100644 --- a/modules/imaging_uploader/README.md +++ b/modules/imaging_uploader/README.md @@ -53,15 +53,26 @@ For a successful upload: #### Module Permission -The imaging uploader module uses the permission called `imaging_uploader` that -is necessary to have access to the module and gives the user the ability to -upload and browse all scans uploaded to the database. - -The `imaging_uploader_nosessionid` (Imaging Uploader: View uploads with no session ID) -allows to partially bypass the `useSiteProjectPermissions` configuration (see Configurations -section below) to see all uploads not associated to a site or project (no session -ID found on upload) - +*In the interest of backwards compatibility, permission behaviour varies slightly +based on the `useImagingSiteProjectPermissions` configuration* + +Any of the following permissions grants access to the module. + +`imaging_uploader_allsites`: + - If `useImagingSiteProjectPermissions` is disabled, this permission gives access + to all Uploads in the database (backwards compatible with projects not requiring a + session ID to be defined). + - If `useImagingSiteProjectPermissions` is enabled, this permission gives access to + all Uploads as long as they are associated to a session and the session is affiliated + to a project that the user is affiliated with. When combined with `imaging_uploader_nosessionid`, user gets access to their projects' data as well as Uploads with no session ID associated. + +`imaging_uploader_ownsites`: + - If `useImagingSiteProjectPermissions` is disabled, this permission gives access + to all Uploads as long as they are associated to a session and the session is affiliated + to a site that the user is affiliated with. When combined with `imaging_uploader_nosessionid`, user gets access to their sites' data as well as Uploads with no session ID associated. + - If `useImagingSiteProjectPermissions` is enabled, this permission gives access to + all Uploads as long as they are associated to a session and the session is affiliated + to both a site and a project that the user is affiliated with. When combined with `imaging_uploader_nosessionid`, user gets access to their projects' and sites' data as well as Uploads with no session ID associated. #### Filesystem Permission @@ -99,14 +110,13 @@ MRIUploadIncomingPath - This setting determines where on the filesystem the `MRIUploadIncomingPath`following a successful archival and insertion through the LORIS-MRI pipeline. -useSiteProjectPermissions - This setting enables Site and Project access restrictions - for users. If enabled, users accessing the module can only see uploads where a - session ID has been found and are thus linked to the site and project of the - session AND the site and project match the user's. Users can also see any file - they have uploaded themselves regardless of if a sesssion ID has been found. - This setting can be PARTIALLY bypassed by the `imaging_uploader_nosessionid` - permission (partially only because the permission will also append any upload - with no site or project) +The `useImagingSiteProjectPermissions` configuration enables more advanced Site and +Project access control (Although Site permissions are enabled without this +configuration, "all sites" gives access to data with no Session ID if this +configuration is turned off). If enabled, users accessing the module can only see +data where a session ID has been found and are thus linked to the site and project +of the session AND the site and project match the user's. Access to data with no +session is granted by the `imaging_uploader_nosessionid` permission (see permissions section) ## Interactions with LORIS diff --git a/modules/imaging_uploader/php/imaging_uploader.class.inc b/modules/imaging_uploader/php/imaging_uploader.class.inc index 88b5b76a0e2..922c59bd117 100644 --- a/modules/imaging_uploader/php/imaging_uploader.class.inc +++ b/modules/imaging_uploader/php/imaging_uploader.class.inc @@ -49,7 +49,12 @@ class Imaging_Uploader extends \NDB_Menu_Filter_Form */ function _hasAccess(\User $user) : bool { - return $user->hasPermission('imaging_uploader'); + return $user->hasAnyPermission( + [ + 'imaging_uploader_allsites', + 'imaging_uploader_ownsites', + ] + ); } /** * Sets up the Filter Variables @@ -60,37 +65,44 @@ class Imaging_Uploader extends \NDB_Menu_Filter_Form { $config = \NDB_Factory::singleton()->config(); $siteprojectperms = $config->getSetting( - 'useSiteProjectPermissions' + 'useImagingSiteProjectPermissions' ); + $user = \NDB_Factory::singleton()->user(); + $centerString = implode("','", $user->getCenterIDs()); + $projectString = implode("','", $user->getProjectIDs()); + $username = $user->getUsername(); + + // MySQL order of operations dictates that ANDs get computed before ORs which + // means this where clause can take the follwoing forms + // 1. WHERE mu.UploadedBy='$username' OR 1=1 + // -> returns all records + // 2. WHERE mu.UploadedBy='$username' OR (1=1 AND s.CenterID IN ...) + // -> returns records for user's sites + // 3. WHERE mu.UploadedBy='$username' OR (1=1 AND s.ProjectID IN ...) + // -> returns records for user's projects + // 4. WHERE mu.UploadedBy='$username' + // OR (1=1 AND s.CenterID IN ... AND s.ProjectID IN ...) + // -> returns records for user's sites and projects + // 5. WHERE mu.UploadedBy='$username' + // OR (1=1 AND s.CenterID IN ... AND s.ProjectID IN ...) + // OR mu.SessionID IS NULL + // -> returns records for user's sites and projects and null session data + // Other combinations are possible but order of operations still applies + $where = "WHERE mu.UploadedBy='$username' OR 1=1 "; + if (!$user->hasPermission('imaging_uploader_allsites')) { + // Create where clause for sites + $where = $where . " AND s.CenterID IN ('$centerString') "; + } - $where = ''; if ($siteprojectperms === 'true') { // If config setting is enabled, check the user's sites and projects - // and add the WHERE clause to exclude any records that the user does - // not have access to. UNLESS user has 'imaging_uploader_nosessionid' - $user = \NDB_Factory::singleton()->user(); - $centerString = implode("','", $user->getCenterIDs()); - $projectString = implode("','", $user->getProjectIDs()); - $username = $user->getUsername(); - - if ($user->hasPermission('imaging_uploader_nosessionid')) { - // site/project match + null sites and projects + user's own uploads - $where = " WHERE - (s.CenterID IN ('$centerString') - AND - s.ProjectID IN ('$projectString') - ) OR mu.UploadedBy='$username' - OR s.CenterID IS NULL - OR s.ProjectID IS NULL"; + // site/project match + user's own uploads + $where = $where . " AND s.ProjectID IN ('$projectString')"; + } - } else { - // site/project match + user's own uploads - $where = " WHERE - (s.CenterID IN ('$centerString') - AND - s.ProjectID IN ('$projectString') - ) OR mu.UploadedBy='$username'"; - } + if ($user->hasPermission('imaging_uploader_nosessionid')) { + // clause for accessing null session data + $where = $where . " OR mu.SessionID IS NULL "; } $this->_resetFilters(); @@ -124,9 +136,7 @@ class Imaging_Uploader extends \NDB_Menu_Filter_Form " LEFT JOIN candidate c ON (c.CandID = s.CandID)". " LEFT JOIN tarchive ta ON". " (mu.TarchiveID = ta.TarchiveID)"; - if ($siteprojectperms === 'true') { - $this->query .= $where; - } + $this->query .= $where; $this->formToFilter = [ 'CandID' => 's.CandID', 'PSCID' => 'c.PSCID', @@ -134,11 +144,12 @@ class Imaging_Uploader extends \NDB_Menu_Filter_Form 'IsPhantom' => 'mu.IsPhantom', ]; } - /** - * Sets up the menu filter items for the imaging uploader - * - * @return void - */ + + /** + * Sets up the menu filter items for the imaging uploader + * + * @return void + */ function setup() { parent::setup(); diff --git a/modules/imaging_uploader/php/module.class.inc b/modules/imaging_uploader/php/module.class.inc index 922c518006d..6451fd19ee0 100644 --- a/modules/imaging_uploader/php/module.class.inc +++ b/modules/imaging_uploader/php/module.class.inc @@ -36,7 +36,12 @@ class Module extends \Module */ public function hasAccess(\User $user) : bool { - return parent::hasAccess($user) && $user->hasPermission('imaging_uploader'); + return parent::hasAccess($user) && $user->hasAnyPermission( + [ + 'imaging_uploader_allsites', + 'imaging_uploader_ownsites', + ] + ); } /** diff --git a/modules/imaging_uploader/test/TestPlan.md b/modules/imaging_uploader/test/TestPlan.md index 107cb039ca7..05c337ce387 100644 --- a/modules/imaging_uploader/test/TestPlan.md +++ b/modules/imaging_uploader/test/TestPlan.md @@ -4,12 +4,12 @@ [Automation Testing] 2. Ensure that upon loading, the Imaging Uploader page has the 'Browse' and 'Upload' tabs. [Manual Testing] -3. Set the `useSiteProjectPermissions` (Use Site Project Permissions) Configuration to NO and make sure your +3. Set the `useImagingSiteProjectPermissions` (Use Site Project Permissions) Configuration to NO and make sure your user does NOT have the `imaging_uploader_nosessionid` permission (do not use superuser) [Manual Testing] 4. Check that when accessing the Imaging Uploader page, the 'Browse' tab displays all the uploads done for all users. [Automation Testing] -5. Change the `useSiteProjectPermissions` (Use Site Project Permissions) Configuration to YES and make sure your +5. Change the `useImagingSiteProjectPermissions` (Use Site Project Permissions) Configuration to YES and make sure your user does NOT have the `imaging_uploader_nosessionid` permission (do not use superuser) [Manual Testing] 6. Check that when accessing the Imaging Uploader page, the 'Browse' tab displays all the uploads done where @@ -17,7 +17,7 @@ [Manual Testing] 7. Check that when accessing the Imaging Uploader page, the 'Browse' tab displays all the uploads done by the logged in user. [Manual Testing] -8. keep the `useSiteProjectPermissions` (Use Site Project Permissions) Configuration to YES and make sure your +8. keep the `useImagingSiteProjectPermissions` (Use Site Project Permissions) Configuration to YES and make sure your user HAS the `imaging_uploader_nosessionid` permission (do not use superuser) [Manual Testing] 9. Check that the user still has access to uploads decribed in #6 and #7 diff --git a/modules/imaging_uploader/test/imaging_uploaderTest.php b/modules/imaging_uploader/test/imaging_uploaderTest.php index 9984e83c0a3..578c69794c5 100644 --- a/modules/imaging_uploader/test/imaging_uploaderTest.php +++ b/modules/imaging_uploader/test/imaging_uploaderTest.php @@ -174,7 +174,7 @@ function testImagingUploaderLoadWithoutPermission() */ function testImagingUploaderLoadWithPermission() { - $this->setupPermissions(["imaging_uploader"]); + $this->setupPermissions(["imaging_uploader_allsites"]); $this->safeGet($this->url . '/imaging_uploader/'); $bodyText = $this->safeFindElement( WebDriverBy::cssSelector("body") diff --git a/raisinbread/RB_files/RB_Config.sql b/raisinbread/RB_files/RB_Config.sql index 7a91dd3186f..07aa408d968 100644 --- a/raisinbread/RB_files/RB_Config.sql +++ b/raisinbread/RB_files/RB_Config.sql @@ -107,6 +107,6 @@ INSERT INTO `Config` (`ID`, `ConfigID`, `Value`) VALUES (126,129,'365'); INSERT INTO `Config` (`ID`, `ConfigID`, `Value`) VALUES (127,130,'/var/www/loris/'); INSERT INTO `Config` (`ID`, `ConfigID`, `Value`) VALUES (128,131,'/data/EEGUploadIncomingPath/'); INSERT INTO `Config` (`ID`, `ConfigID`, `Value`) VALUES (129,132,'false'); - +INSERT INTO `Config` (`ID`, `ConfigID`, `Value`) VALUES (130,133,'false'); UNLOCK TABLES; SET FOREIGN_KEY_CHECKS=1; diff --git a/raisinbread/RB_files/RB_ConfigSettings.sql b/raisinbread/RB_files/RB_ConfigSettings.sql index 10d6632bac1..3f16ec7e329 100644 --- a/raisinbread/RB_files/RB_ConfigSettings.sql +++ b/raisinbread/RB_files/RB_ConfigSettings.sql @@ -120,8 +120,7 @@ INSERT INTO `ConfigSettings` (`ID`, `Name`, `Description`, `Visible`, `AllowMult INSERT INTO `ConfigSettings` (`ID`, `Name`, `Description`, `Visible`, `AllowMultiple`, `DataType`, `Parent`, `Label`, `OrderNumber`) VALUES (130,'DownloadPath','Where files are downloaded',1,0,'text',26,'Downloads',4); INSERT INTO `ConfigSettings` (`ID`, `Name`, `Description`, `Visible`, `AllowMultiple`, `DataType`, `Parent`, `Label`, `OrderNumber`) VALUES (131,'EEGUploadIncomingPath', 'Path to the upload directory for incoming EEG studies', 1, 0, 'text', 26, 'EEG Incoming Directory', 15); INSERT INTO `ConfigSettings` (`ID`, `Name`, `Description`, `Visible`, `AllowMultiple`, `DataType`, `Parent`, `Label`, `OrderNumber`) VALUES (132,'useDoB','Use DoB (Date of Birth)',1,0,'boolean',1,'Use DoB',12); -INSERT INTO `ConfigSettings` (`ID`, `Name`, `Description`, `Visible`, `AllowMultiple`, `DataType`, `Parent`, `Label`, `OrderNumber`) VALUES (133,INSERT INTO ConfigSettings (Name, Description, Visible, AllowMultiple, DataType, Parent, Label, OrderNumber) SELECT 'useSiteProjectPermissions', 'Only allow users access to data with a sessionID (for site and project access restrictions). Bypassed by each module `nosessionid` permission for admins', 1, 0, 'boolean', 50, 'Use Site Project Permissions', 6); - +INSERT INTO `ConfigSettings` (`ID`, `Name`, `Description`, `Visible`, `AllowMultiple`, `DataType`, `Parent`, `Label`, `OrderNumber`) VALUES (133,'useImagingSiteProjectPermissions','Restricts access to dat based on both sites and project. Allows access to data with no session affiliated using a special permission only',1,0,'boolean',50,'Use Advanced Site Project Permissions',5); UNLOCK TABLES; SET FOREIGN_KEY_CHECKS=1; diff --git a/raisinbread/RB_files/RB_permissions.sql b/raisinbread/RB_files/RB_permissions.sql index 3f4f8b34cc4..da5b80b1239 100644 --- a/raisinbread/RB_files/RB_permissions.sql +++ b/raisinbread/RB_files/RB_permissions.sql @@ -29,7 +29,7 @@ INSERT INTO `permissions` (`permID`, `code`, `description`, `moduleID`, `action` INSERT INTO `permissions` (`permID`, `code`, `description`, `moduleID`, `action`, `categoryID`) VALUES (35,'document_repository_view','Documents',16,'View',2); INSERT INTO `permissions` (`permID`, `code`, `description`, `moduleID`, `action`, `categoryID`) VALUES (36,'document_repository_delete','Documents',16,'Delete',2); INSERT INTO `permissions` (`permID`, `code`, `description`, `moduleID`, `action`, `categoryID`) VALUES (37,'server_processes_manager','Processes',34,'View',2); -INSERT INTO `permissions` (`permID`, `code`, `description`, `moduleID`, `action`, `categoryID`) VALUES (38,'imaging_uploader','Imaging Scans',22,'View/Upload',2); +INSERT INTO `permissions` (`permID`, `code`, `description`, `moduleID`, `action`, `categoryID`) VALUES (38,'imaging_uploader_allsites','Imaging Scans - All Sites',22,'View/Upload',2); INSERT INTO `permissions` (`permID`, `code`, `description`, `moduleID`, `action`, `categoryID`) VALUES (39,'acknowledgements_view','Acknowledgee List',1,'View',2); INSERT INTO `permissions` (`permID`, `code`, `description`, `moduleID`, `action`, `categoryID`) VALUES (40,'acknowledgements_edit','Acknowledgee List',1,'Edit',2); INSERT INTO `permissions` (`permID`, `code`, `description`, `moduleID`, `action`, `categoryID`) VALUES (41,'dataquery_view','Cross-Modality Data',44,'View/Download',2); @@ -68,7 +68,8 @@ INSERT INTO `permissions` (`permID`, `code`, `description`, `moduleID`, `action` INSERT INTO `permissions` (`permID`, `code`, `description`, `moduleID`, `action`, `categoryID`) VALUES (74,'document_repository_categories','Categories',16,'Edit/Upload/Delete',2); INSERT INTO `permissions` (`permID`, `code`, `description`, `moduleID`, `action`, `categoryID`) VALUES (75,'document_repository_hidden','Restricted files',16,'View',2); INSERT INTO `permissions` (`permID`, `code`, `description`, `moduleID`, `action`, `categoryID`) VALUES (76,'media_upload_digest','Media files: Access to recently uploaded media notifications digest.',29,'Edit',2); -INSERT INTO `permissions` (`permID`, `code`, `description`, `moduleID`, `action`, `categoryID`) VALUES (77,'imaging_uploader_nosessionid', 'uploads with no session ID',22,'View',2); +INSERT INTO `permissions` (`permID`, `code`, `description`, `moduleID`, `action`, `categoryID`) VALUES (77,'imaging_uploader_ownsites','Imaging Scans - Own Sites',22,'View/Upload',2); +INSERT INTO `permissions` (`permID`, `code`, `description`, `moduleID`, `action`, `categoryID`) VALUES (78,'imaging_uploader_nosessionid', 'Imaging Scans with no session ID',22,'View',2); UNLOCK TABLES; SET FOREIGN_KEY_CHECKS=1; diff --git a/raisinbread/RB_files/RB_user_perm_rel.sql b/raisinbread/RB_files/RB_user_perm_rel.sql index d2c49026294..2141c466121 100644 --- a/raisinbread/RB_files/RB_user_perm_rel.sql +++ b/raisinbread/RB_files/RB_user_perm_rel.sql @@ -70,6 +70,8 @@ INSERT INTO `user_perm_rel` (`userID`, `permID`) VALUES (1,73); INSERT INTO `user_perm_rel` (`userID`, `permID`) VALUES (1,74); INSERT INTO `user_perm_rel` (`userID`, `permID`) VALUES (1,75); INSERT INTO `user_perm_rel` (`userID`, `permID`) VALUES (1,76); +INSERT INTO `user_perm_rel` (`userID`, `permID`) VALUES (1,77); +INSERT INTO `user_perm_rel` (`userID`, `permID`) VALUES (1,78); UNLOCK TABLES; SET FOREIGN_KEY_CHECKS=1;