diff --git a/src/main/resources/db/migration/V20260310_050__populate_test_roles_from_user_entitlements.sql b/src/main/resources/db/migration/V20260310_050__populate_test_roles_from_user_entitlements.sql new file mode 100644 index 00000000..6ce6ee7e --- /dev/null +++ b/src/main/resources/db/migration/V20260310_050__populate_test_roles_from_user_entitlements.sql @@ -0,0 +1,57 @@ +/** +* CGI OPAL Program +* +* MODULE : populate_test_roles_from_user_entitlements.sql +* +* DESCRIPTION : Populates ROLES records for test-only user permissions per Opal domain. +* +* VERSION HISTORY: +* +* Date Author Version Nature of Change +* ---------- ------- -------- ---------------------------------------------------------------------------- +* 10/03/2026 C Cho 1.0 PO-2827 Populate test-only roles from obsoleted USER_ENTITLEMENTS/APPLICATION_FUNCTIONS data. +* +**/ + +WITH test_permissions_by_domain AS ( + SELECT DISTINCT bu.opal_domain_id, + af.function_name + FROM users u + JOIN business_unit_users buu + ON buu.user_id = u.user_id + JOIN business_units bu + ON bu.business_unit_id = buu.business_unit_id + JOIN user_entitlements ue + ON ue.business_unit_user_id = buu.business_unit_user_id + JOIN application_functions af + ON af.application_function_id = ue.application_function_id + WHERE bu.opal_domain_id IS NOT NULL + AND ( + UPPER(u.token_preferred_username) LIKE 'OPAL-TEST%@DEV.PLATFORM.HMCTS.NET' + OR UPPER(u.token_preferred_username) LIKE 'OPAL-DEMO-%@DEV.PLATFORM.HMCTS.NET' + ) +) +INSERT INTO roles +( + role_id +,version_number +,opal_domain_id +,role_name +,is_active +,application_function_list +) +SELECT nextval('role_id_seq') + , 1 AS version_number + , t.opal_domain_id + , LEFT('TEST ONLY - ' || t.function_name, 100) AS role_name + , true AS is_active + , ARRAY[t.function_name]::varchar(200)[] AS application_function_list + FROM test_permissions_by_domain t + WHERE NOT EXISTS + ( + SELECT 1 + FROM roles r + WHERE r.opal_domain_id = t.opal_domain_id + AND r.version_number = 1 + AND r.role_name = LEFT('TEST ONLY - ' || t.function_name, 100) + ); diff --git a/src/main/resources/db/migration/V20260310_051__populate_test_business_unit_user_roles.sql b/src/main/resources/db/migration/V20260310_051__populate_test_business_unit_user_roles.sql new file mode 100644 index 00000000..a816da4b --- /dev/null +++ b/src/main/resources/db/migration/V20260310_051__populate_test_business_unit_user_roles.sql @@ -0,0 +1,55 @@ +/** +* CGI OPAL Program +* +* MODULE : populate_test_business_unit_user_roles.sql +* +* DESCRIPTION : Populates BUSINESS_UNIT_USER_ROLES records for test-only user role assignments. +* +* VERSION HISTORY: +* +* Date Author Version Nature of Change +* ---------- ------- -------- ---------------------------------------------------------------------------- +* 10/03/2026 C Cho 1.0 PO-2827 Assign test-only BU users to domain-consistent roles based on obsoleted USER_ENTITLEMENTS data. +* +**/ + +WITH test_user_role_pairs AS ( + SELECT DISTINCT buu.business_unit_user_id, + r.role_id + FROM users u + JOIN business_unit_users buu + ON buu.user_id = u.user_id + JOIN business_units bu + ON bu.business_unit_id = buu.business_unit_id + JOIN user_entitlements ue + ON ue.business_unit_user_id = buu.business_unit_user_id + JOIN application_functions af + ON af.application_function_id = ue.application_function_id + JOIN roles r + ON r.opal_domain_id = bu.opal_domain_id + AND r.version_number = 1 + AND r.is_active = true + AND r.role_name = LEFT('TEST ONLY - ' || af.function_name, 100) + WHERE bu.opal_domain_id IS NOT NULL + AND ( + UPPER(u.token_preferred_username) LIKE 'OPAL-TEST%@DEV.PLATFORM.HMCTS.NET' + OR UPPER(u.token_preferred_username) LIKE 'OPAL-DEMO-%@DEV.PLATFORM.HMCTS.NET' + ) +) +INSERT INTO business_unit_user_roles +( + business_unit_user_role_id +,business_unit_user_id +,role_id +) +SELECT nextval('business_unit_user_role_id_seq') + , t.business_unit_user_id + , t.role_id + FROM test_user_role_pairs t + WHERE NOT EXISTS + ( + SELECT 1 + FROM business_unit_user_roles bur + WHERE bur.business_unit_user_id = t.business_unit_user_id + AND bur.role_id = t.role_id + );