mccraigmccraig · October 26, 2018 09:43
diff --git a/cn_perms.clj b/cn_perms.clj
 {;; this defines hierarchy-type and hierarchy-id attachments of
 ;; heritable-attrs and heritable-perms
 :er-model.importer.import-sources/hierarchy-metadata
 {"group"

  ;; attachments by hierarchy-type id
  {:er-model.importer.import-objects/group-type-id
   {;; hierarchytype 1 - root
    "[[H]]1"
    {:h_attrs
     #{{:key "caffenero/upper-management", :value "true", :h-depth 1
        :h-applies-to :er-model.orgs.entities/OrgUsers}},
     :h_perms
     #{;; users directly in root are head-office users
       {:permit "conversation/address",
        :obj-attr ["caffenero/upper-management" "true"],
        :subj-anc-descs nil,
        :invert? false,
        :h-depth 1,
        :h-applies-to :er-model.orgs.entities/OrgUsers
        :priority 10}}},

    ;; hierarchytype 3 - store
    "[[H]]3"
    {:h_attrs
     #{{:key "caffenero/group-type", :value "store", :h-depth :self
        :h-applies-to :er-model.groups.entities/Groups}},
     :h_perms #{}},

    ;; hierarchytype 39 - region
    "[[H]]39"
    {:h_attrs
     #{{:key "caffenero/group-type", :value "region", :h-depth :self
        :h-applies-to :er-model.groups.entities/Groups}},
     :h_perms #{}},

    ;; hierarchytype 40 - area
    "[[H]]40"
    {:h_attrs
     #{{:key "caffenero/group-type", :value "area", :h-depth :self
        :h-applies-to :er-model.groups.entities/Groups}},
     :h_perms #{}},

    ;; hierarchytype 44 - country
    "[[H]]44"
    {:h_attrs
     #{{:key "caffenero/group-type", :value "country", :h-depth :self
        :h-applies-to :er-model.groups.entities/Groups}},
     :h_perms #{}},

    ;; hierarchytype 45 - division
    "[[H]]45"
    {:h_attrs
     #{{:key "caffenero/group-type", :value "division", :h-depth :self
        :h-applies-to :er-model.groups.entities/Groups}},
     :h_perms #{}}},

   ;; attachments by object external-reference
   :object_external_uid
   {;; role 13 - area manager
    "[[F]]13"
    {:h_attrs
     #{{:key "caffenero/area-manager", :value "true", :h-depth 1
        :h-applies-to :er-model.orgs.entities/OrgUsers}},
     :h_perms #{}},

    ;; role 15 - regional-manager
    "[[F]]15"
    {:h_attrs
     #{{:key "caffenero/regional-manager", :value "true", :h-depth 1
        :h-applies-to :er-model.orgs.entities/OrgUsers}
       {:key "caffenero/upper-management", :value "true", :h-depth 1
        :h-applies-to :er-model.orgs.entities/OrgUsers}},
     :h_perms #{{:permit "conversation/address",
                 :obj-attr ["caffenero/upper-management" "true"],
                 :subj-anc-descs nil,
                 :invert? false,
                 :h-depth 1,
                 :h-applies-to :er-model.orgs.entities/OrgUsers,
                 :priority 10}}},

    ;; role 21 - ops director
    "[[F]]21"
    {:h_attrs
     #{{:key "caffenero/ops-director", :value "true", :h-depth 1
        :h-applies-to :er-model.orgs.entities/OrgUsers}
       {:key "caffenero/upper-management", :value "true", :h-depth 1
        :h-applies-to :er-model.orgs.entities/OrgUsers}},
     :h_perms #{{:permit "conversation/address",
                 :obj-attr ["caffenero/upper-management" "true"],
                 :subj-anc-descs nil,
                 :invert? false,
                 :h-depth 1,
                 :h-applies-to :er-model.orgs.entities/OrgUsers,
                 :priority 10}
                {:permit "conversation/address",
                 :subj-anc-descs ["caffenero/group-type" "division"],
                 :obj-attr nil,
                 :invert? false,
                 :h-depth 1
                 :h-applies-to :er-model.orgs.entities/OrgUsers
                 :priority 10}}},

    ;; role 221 - head office creator
    "[[F]]221"
    {:h_attrs
     #{{:key "caffenero/head-office-creator", :value "true", :h-depth 1
        :h-applies-to :er-model.orgs.entities/OrgUsers}
       {:key "caffenero/upper-management", :value "true", :h-depth 1
        :h-applies-to :er-model.orgs.entities/OrgUsers}},
     :h_perms #{{:permit "conversation/address",
                 :obj-attr ["caffenero/upper-management" "true"],
                 :subj-anc-descs nil,
                 :invert? false,
                 :h-depth 1,
                 :h-applies-to :er-model.orgs.entities/OrgUsers
                 :priority 10}
                {:permit "conversation/address",
                 :subj-anc-descs nil,
                 :obj-attr nil,
                 :invert? false,
                 :h-depth 1
                 :h-applies-to :er-model.orgs.entities/OrgUsers
                 :priority 10}}}

    ;; role 250 - Yapster communicator
    "[[F]]250"
    {:h_attrs
     #{},
     :h_perms #{{:permit "conversation/address",
                 :subj-anc-descs nil,
                 :obj-attr nil,
                 :invert? false,
                 :h-depth 1
                 :h-applies-to :er-model.orgs.entities/OrgUsers
                 :priority 10}}}}}}

 ;; this defines org-wide heritable-permissions
 :er-model.orgs/h-perms
 #{;; deny conversation/address by default
   {:deny "conversation/address",
    :subj-anc-descs nil,
    :obj-attr nil,
    :invert? false,
    :h-depth :all
    :h-applies-to :er-model.orgs.entities/OrgUsers
    :priority 0}

   ;; permit conversation/address within your region
   {:permit "conversation/address",
    :subj-anc-descs ["caffenero/group-type" "region"],
    :obj-attr nil,
    :invert? false,
    :h-depth :all
    :h-applies-to :er-model.orgs.entities/OrgUsers
    :priority 10}

   ;; permit conversation/address to your regional-manager
   {:permit "conversation/address",
    :subj-anc-descs ["caffenero/group-type" "region"],
    :obj-attr ["caffenero/regional-manager" "true"],
    :invert? false,
    :h-depth :all
    :h-applies-to :er-model.orgs.entities/OrgUsers
    :priority 10}

   ;; permit conversation/address to your area-manager
   {:permit "conversation/address",
    :subj-anc-descs ["caffenero/group-type" "area"],
    :obj-attr ["caffenero/area-manager" "true"],
    :invert? false,
    :h-depth :all
    :h-applies-to :er-model.orgs.entities/OrgUsers
    :priority 10}

   ;; permit conversation/address to your divisional director
   {:permit "conversation/address",
    :subj-anc-descs ["caffenero/group-type" "division"],
    :obj-attr ["caffenero/ops-director" "true"],
    :invert? false,
    :h-depth :all
    :h-applies-to :er-model.orgs.entities/OrgUsers
    :priority 10}

   ;; permit conversation/address to any head-office-creator
   {:permit "conversation/address",
    :subj-anc-descs nil,
    :obj-attr ["caffenero/head-office-creator" "true"],
    :invert? false,
    :h-depth :all
    :h-applies-to :er-model.orgs.entities/OrgUsers
    :priority 10}}}
	{;; this defines hierarchy-type and hierarchy-id attachments of
	;; heritable-attrs and heritable-perms
	:er-model.importer.import-sources/hierarchy-metadata
	{"group"

	;; attachments by hierarchy-type id
	{:er-model.importer.import-objects/group-type-id
	{;; hierarchytype 1 - root
	"[[H]]1"
	{:h_attrs
	#{{:key "caffenero/upper-management", :value "true", :h-depth 1
	:h-applies-to :er-model.orgs.entities/OrgUsers}},
	:h_perms
	#{;; users directly in root are head-office users
	{:permit "conversation/address",
	:obj-attr ["caffenero/upper-management" "true"],
	:subj-anc-descs nil,
	:invert? false,
	:h-depth 1,
	:h-applies-to :er-model.orgs.entities/OrgUsers
	:priority 10}}},

	;; hierarchytype 3 - store
	"[[H]]3"
	{:h_attrs
	#{{:key "caffenero/group-type", :value "store", :h-depth :self
	:h-applies-to :er-model.groups.entities/Groups}},
	:h_perms #{}},

	;; hierarchytype 39 - region
	"[[H]]39"
	{:h_attrs
	#{{:key "caffenero/group-type", :value "region", :h-depth :self
	:h-applies-to :er-model.groups.entities/Groups}},
	:h_perms #{}},

	;; hierarchytype 40 - area
	"[[H]]40"
	{:h_attrs
	#{{:key "caffenero/group-type", :value "area", :h-depth :self
	:h-applies-to :er-model.groups.entities/Groups}},
	:h_perms #{}},

	;; hierarchytype 44 - country
	"[[H]]44"
	{:h_attrs
	#{{:key "caffenero/group-type", :value "country", :h-depth :self
	:h-applies-to :er-model.groups.entities/Groups}},
	:h_perms #{}},

	;; hierarchytype 45 - division
	"[[H]]45"
	{:h_attrs
	#{{:key "caffenero/group-type", :value "division", :h-depth :self
	:h-applies-to :er-model.groups.entities/Groups}},
	:h_perms #{}}},

	;; attachments by object external-reference
	:object_external_uid
	{;; role 13 - area manager
	"[[F]]13"
	{:h_attrs
	#{{:key "caffenero/area-manager", :value "true", :h-depth 1
	:h-applies-to :er-model.orgs.entities/OrgUsers}},
	:h_perms #{}},

	;; role 15 - regional-manager
	"[[F]]15"
	{:h_attrs
	#{{:key "caffenero/regional-manager", :value "true", :h-depth 1
	:h-applies-to :er-model.orgs.entities/OrgUsers}
	{:key "caffenero/upper-management", :value "true", :h-depth 1
	:h-applies-to :er-model.orgs.entities/OrgUsers}},
	:h_perms #{{:permit "conversation/address",
	:obj-attr ["caffenero/upper-management" "true"],
	:subj-anc-descs nil,
	:invert? false,
	:h-depth 1,
	:h-applies-to :er-model.orgs.entities/OrgUsers,
	:priority 10}}},

	;; role 21 - ops director
	"[[F]]21"
	{:h_attrs
	#{{:key "caffenero/ops-director", :value "true", :h-depth 1
	:h-applies-to :er-model.orgs.entities/OrgUsers}
	{:key "caffenero/upper-management", :value "true", :h-depth 1
	:h-applies-to :er-model.orgs.entities/OrgUsers}},
	:h_perms #{{:permit "conversation/address",
	:obj-attr ["caffenero/upper-management" "true"],
	:subj-anc-descs nil,
	:invert? false,
	:h-depth 1,
	:h-applies-to :er-model.orgs.entities/OrgUsers,
	:priority 10}
	{:permit "conversation/address",
	:subj-anc-descs ["caffenero/group-type" "division"],
	:obj-attr nil,
	:invert? false,
	:h-depth 1
	:h-applies-to :er-model.orgs.entities/OrgUsers
	:priority 10}}},

	;; role 221 - head office creator
	"[[F]]221"
	{:h_attrs
	#{{:key "caffenero/head-office-creator", :value "true", :h-depth 1
	:h-applies-to :er-model.orgs.entities/OrgUsers}
	{:key "caffenero/upper-management", :value "true", :h-depth 1
	:h-applies-to :er-model.orgs.entities/OrgUsers}},
	:h_perms #{{:permit "conversation/address",
	:obj-attr ["caffenero/upper-management" "true"],
	:subj-anc-descs nil,
	:invert? false,
	:h-depth 1,
	:h-applies-to :er-model.orgs.entities/OrgUsers
	:priority 10}
	{:permit "conversation/address",
	:subj-anc-descs nil,
	:obj-attr nil,
	:invert? false,
	:h-depth 1
	:h-applies-to :er-model.orgs.entities/OrgUsers
	:priority 10}}}

	;; role 250 - Yapster communicator
	"[[F]]250"
	{:h_attrs
	#{},
	:h_perms #{{:permit "conversation/address",
	:subj-anc-descs nil,
	:obj-attr nil,
	:invert? false,
	:h-depth 1
	:h-applies-to :er-model.orgs.entities/OrgUsers
	:priority 10}}}}}}

	;; this defines org-wide heritable-permissions
	:er-model.orgs/h-perms
	#{;; deny conversation/address by default
	{:deny "conversation/address",
	:subj-anc-descs nil,
	:obj-attr nil,
	:invert? false,
	:h-depth :all
	:h-applies-to :er-model.orgs.entities/OrgUsers
	:priority 0}

	;; permit conversation/address within your region
	{:permit "conversation/address",
	:subj-anc-descs ["caffenero/group-type" "region"],
	:obj-attr nil,
	:invert? false,
	:h-depth :all
	:h-applies-to :er-model.orgs.entities/OrgUsers
	:priority 10}

	;; permit conversation/address to your regional-manager
	{:permit "conversation/address",
	:subj-anc-descs ["caffenero/group-type" "region"],
	:obj-attr ["caffenero/regional-manager" "true"],
	:invert? false,
	:h-depth :all
	:h-applies-to :er-model.orgs.entities/OrgUsers
	:priority 10}

	;; permit conversation/address to your area-manager
	{:permit "conversation/address",
	:subj-anc-descs ["caffenero/group-type" "area"],
	:obj-attr ["caffenero/area-manager" "true"],
	:invert? false,
	:h-depth :all
	:h-applies-to :er-model.orgs.entities/OrgUsers
	:priority 10}

	;; permit conversation/address to your divisional director
	{:permit "conversation/address",
	:subj-anc-descs ["caffenero/group-type" "division"],
	:obj-attr ["caffenero/ops-director" "true"],
	:invert? false,
	:h-depth :all
	:h-applies-to :er-model.orgs.entities/OrgUsers
	:priority 10}

	;; permit conversation/address to any head-office-creator
	{:permit "conversation/address",
	:subj-anc-descs nil,
	:obj-attr ["caffenero/head-office-creator" "true"],
	:invert? false,
	:h-depth :all
	:h-applies-to :er-model.orgs.entities/OrgUsers
	:priority 10}}}