99 lines
2.8 KiB
Bash
Executable File
99 lines
2.8 KiB
Bash
Executable File
#!/bin/sh
|
|
|
|
k="kubectl --context oceanbox -n prod-atlantis exec prod-atlantis-db-1 -- "
|
|
psql="psql -d app -t -A -F',' -c"
|
|
query="$k $psql"
|
|
|
|
h="user_type,user_id,relation,object_type,object_id,condition_name,condition_context"
|
|
term='{"start_time": "2025-01-01T00:00:00Z", "end_time": "2025-01-01T00:00:00Z"}'
|
|
ticket='{"tasks": [ "*" ], "quota": "-1.0", "start_time": "2025-01-01T00:00:00Z", "end_time": "2025-01-01T00:00:00Z"}'
|
|
|
|
# principal of primary archives
|
|
$query "select a.archive_id from archives as
|
|
a where archive_ref_id is null;" |\
|
|
sed -r "
|
|
s|.*|fga tuple write group:/oceanbox principal archive:&|
|
|
h
|
|
s/write/delete/
|
|
s/--.*//
|
|
p
|
|
g
|
|
" > principal_archives.sh
|
|
|
|
# parent archives
|
|
$query "select a.archive_ref_id, a.archive_id from archives as a
|
|
where archive_ref_id is not null;" |\
|
|
sed -r "
|
|
s/'//g
|
|
s|^([^,]+),([^,]+)|fga tuple write archive:\1 parent archive:\2|
|
|
h
|
|
s/write/delete/
|
|
s/--.*//
|
|
p
|
|
g
|
|
" > parent_archives.sh
|
|
|
|
# archive owners
|
|
$query "select u.name, ax.archive_id from attribs as a
|
|
join archives as ax on a.attribs_id = ax.attribs_id
|
|
join archive_owners as ao on ax.archive_id = ao.archive_id
|
|
join users as u on ao.owner_id = u.user_id;" |\
|
|
sed -r "
|
|
s/'//g
|
|
s|^([^,]+),([^,]+)|fga tuple write user:\1 owner archive:\2|
|
|
h
|
|
s/write/delete/
|
|
s/--.*//
|
|
p
|
|
g
|
|
" > archive_owners.sh
|
|
|
|
# archive group view access
|
|
$query "select g.name, ax.archive_id from attribs as a
|
|
join archives as ax on a.attribs_id = ax.attribs_id
|
|
join archive_groups as ag on ax.archive_id = ag.archive_id
|
|
join groups as g on ag.group_id = g.group_id;" |\
|
|
sed -r "
|
|
s/'//g
|
|
s|^([^,]+),([^,]+)|fga tuple write group:\1#member view archive:\2 --condition-name term --condition-context '$term'|
|
|
h
|
|
s/write/delete/
|
|
s/--.*//
|
|
p
|
|
g
|
|
" > group_view.sh
|
|
|
|
# archive group exec access
|
|
$query "select g.name, ax.archive_id from attribs as a
|
|
join archives as ax on a.attribs_id = ax.attribs_id
|
|
join archive_groups as ag on ax.archive_id = ag.archive_id
|
|
join groups as g on ag.group_id = g.group_id
|
|
where a.type_id = 1;" |\
|
|
sed -r "
|
|
s/'//g
|
|
s|^([^,]+),([^,]+)|fga tuple write group:\1#member exec archive:\2 --condition-name ticket --condition-context '$ticket'|
|
|
h
|
|
s/write/delete/
|
|
s/--.*//
|
|
p
|
|
g
|
|
" > group_exec.sh
|
|
|
|
# associated stats group access
|
|
$query "select g.name, aa.archive_id from archives as a
|
|
join associations as ax on ax.attributes_id = a.attribs_id
|
|
join archives as aa on ax.ref_id = aa.attribs_id
|
|
join attribs as at on aa.attribs_id = at.attribs_id
|
|
join archive_groups as ag on ag.archive_id = a.archive_id
|
|
join groups as g on ag.group_id = g.group_id
|
|
where at.type_id between 85 and 87;" |\
|
|
sed -r "
|
|
s/'//g
|
|
s|^([^,]+),([^,]+)|fga tuple write group:\1#member view archive:\2 --condition-name term --condition-context '$term'|
|
|
h
|
|
s/write/delete/
|
|
s/--.*//
|
|
p
|
|
g
|
|
" > stats.sh
|