Changed the permissions migration SQL to use the standard approach with a temp table

oleg-odysseus · oleg-odysseus · commit b30881428325 · 2025-04-07T17:42:11.000+02:00
diff --git a/src/main/resources/db/migration/postgresql/V2.15.0.20250220000001__webapi_snapshots_schema_init.sql b/src/main/resources/db/migration/postgresql/V2.15.0.20250220000001__webapi_snapshots_schema_init.sql
@@ -86,56 +86,40 @@ CREATE TABLE ${ohdsiSchema}.INCLUDED_SOURCE_CODES_SNAPSHOTS (
 --for each concept set which has a "conceptset:%s:put" permission. This is made to allow making snapshot actions to old concept sets
 --which were created before the snapshot/lock feature was deployed
 
-DO $$
-DECLARE
-    permission RECORD;
-    new_permission_id INTEGER;
-    new_permission_value VARCHAR;
-    new_role_permission_id INTEGER;
-BEGIN
-    FOR permission IN
-        SELECT p.id AS permission_id, p.value AS permission_value, rp.role_id AS role_id
-        FROM ${ohdsiSchema}.sec_permission p
-        INNER JOIN ${ohdsiSchema}.sec_role_permission rp
-            ON p.id = rp.permission_id
-        WHERE p.value ~ '^conceptset:[0-9]+:put$'
-    LOOP
-        new_permission_value := 'conceptset:' || split_part(permission.permission_value, ':', 2) || ':snapshot:post';
+DROP TABLE IF EXISTS temp_migration;
 
-        IF NOT EXISTS (
-            SELECT 1
-            FROM ${ohdsiSchema}.sec_permission
-            WHERE "value" = new_permission_value
-        )
-        THEN
-            new_permission_id := nextval('${ohdsiSchema}.sec_permission_id_seq');
-
-            INSERT INTO ${ohdsiSchema}.sec_permission (id, value, description)
-            VALUES (new_permission_id, new_permission_value, 'Permission to create snapshot for concept set');
-
-            RAISE NOTICE 'Inserted New Permission: % (ID: %)', new_permission_value, new_permission_id;
-        ELSE
-            SELECT id INTO new_permission_id
-            FROM ${ohdsiSchema}.sec_permission
-            WHERE "value" = new_permission_value;
-
-            RAISE NOTICE 'Permission Already Exists: % (ID: %)', new_permission_value, new_permission_id;
-        END IF;
-
-        IF NOT EXISTS (
-            SELECT 1
-            FROM ${ohdsiSchema}.sec_role_permission
-            WHERE role_id = permission.role_id AND permission_id = new_permission_id
-        )
-        THEN
-            new_role_permission_id := nextval('${ohdsiSchema}.sec_role_permission_sequence');
-
-            INSERT INTO ${ohdsiSchema}.sec_role_permission (id, role_id, permission_id)
-            VALUES (new_role_permission_id, permission.role_id, new_permission_id);
+CREATE TEMP TABLE temp_migration (
+    from_perm_id INT,
+    new_value CHARACTER VARYING(255)
+);
 
-            RAISE NOTICE 'Mapped New Permission to Role: % (Role ID: %)', new_permission_value, permission.role_id;
-        ELSE
-            RAISE NOTICE 'Mapping Already Exists: Permission: % - Role ID: %', new_permission_value, permission.role_id;
-        END IF;
-    END LOOP;
-END $$;
+INSERT INTO temp_migration (from_perm_id, new_value)
+SELECT 
+    p.id AS from_perm_id,
+    'conceptset:' || split_part(p.value, ':', 2) || ':snapshot:post' AS new_value
+FROM 
+    ${ohdsiSchema}.sec_permission p
+WHERE 
+    p.value ~ '^conceptset:[0-9]+:put$';
+
+INSERT INTO ${ohdsiSchema}.sec_permission (id, value, description)
+SELECT 
+    nextval('${ohdsiSchema}.sec_permission_id_seq') AS id,
+    new_value AS value,
+    'Permission to create snapshot for concept set'
+FROM 
+    temp_migration;
+
+INSERT INTO ${ohdsiSchema}.sec_role_permission (id, role_id, permission_id)
+SELECT 
+    nextval('${ohdsiSchema}.sec_role_permission_sequence') AS id,
+    srp.role_id AS role_id,
+    sp.id AS permission_id
+FROM 
+    temp_migration AS tm
+JOIN 
+    ${ohdsiSchema}.sec_permission sp ON tm.new_value = sp.value
+JOIN 
+    ${ohdsiSchema}.sec_role_permission srp ON tm.from_perm_id = srp.permission_id;
+
+DROP TABLE temp_migration;
