[SQL] Remove permissions for data_release in LorisMenu (#5838)

The permissions removed in this PR are not enforced at the module level, they are solely on the LorisMenu and thus not very secure. Also, they force users to get eith upload permission or edit access permission to just be able to view the module. Users should be able to view the module without any of these permissions.
aces · Dec 17, 2019 · 109a515 · 109a515
1 parent 0b8546d
commit 109a515
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 5 deletions.
diff --git a/SQL/0000-00-02-Menus.sql b/SQL/0000-00-02-Menus.sql
@@ -211,11 +211,6 @@ INSERT INTO LorisMenuPermissions (MenuID, PermID)
 INSERT INTO LorisMenuPermissions (MenuID, PermID)
     SELECT m.ID, p.PermID FROM permissions p CROSS JOIN LorisMenu m WHERE p.code='issue_tracker_developer' AND m.Label='Issue Tracker';
 
-INSERT INTO LorisMenuPermissions (MenuID, PermID)
-    SELECT m.ID, p.PermID FROM permissions p CROSS JOIN LorisMenu m WHERE p.code='data_release_upload' AND m.Label='Data Release';
-INSERT INTO LorisMenuPermissions (MenuID, PermID)
-    SELECT m.ID, p.PermID FROM permissions p CROSS JOIN LorisMenu m WHERE p.code='data_release_edit_file_access' AND m.Label='Data Release';
-
 INSERT INTO LorisMenuPermissions (MenuID, PermID)
     SELECT m.ID, p.PermID FROM permissions p CROSS JOIN LorisMenu m WHERE p.code='data_team_helper' AND m.Label='Quality Control';
 

diff --git a/SQL/Cleanup_patches/2019-12-05-Remove_lorisMenuPermissions_for_data_release.sql b/SQL/Cleanup_patches/2019-12-05-Remove_lorisMenuPermissions_for_data_release.sql
@@ -0,0 +1,3 @@
+DELETE FROM LorisMenuPermissions WHERE PermID=(SELECT PermID FROM permissions WHERE code='data_release_upload');
+DELETE FROM LorisMenuPermissions WHERE PermID=(SELECT PermID FROM permissions WHERE code='data_release_edit_file_access');
+