FOUR-21130: The users needs to have per default the permissions "View My Request"

database/seeders/PermissionSeeder.php

@@ -3,9 +3,7 @@
 namespace Database\Seeders;
 
 use Illuminate\Database\Seeder;
-use ProcessMaker\Models\Group;
 use ProcessMaker\Models\Permission;
-use ProcessMaker\Models\User;
 
 class PermissionSeeder extends Seeder
 {
@@ -118,24 +116,16 @@ class PermissionSeeder extends Seeder
         ],
     ];
 
-    private $defaultPermissions = [
-        'view-my_requests',
-    ];
-
     public function run($seedUser = null)
     {
         foreach ($this->permissionGroups as $groupName => $permissions) {
             foreach ($permissions as $permissionString) {
-                $permission = Permission::updateOrCreate([
+                Permission::updateOrCreate([
                     'name' => $permissionString,
                 ], [
                     'title' => ucwords(preg_replace('/(\-|_)/', ' ', $permissionString)),
                     'group' => $groupName,
                 ]);
-
-                if (in_array($permissionString, $this->defaultPermissions)) {
-                    $this->assignDefaultPermission($permission);
-                }
             }
         }
 
@@ -146,26 +136,4 @@ public function run($seedUser = null)
             $seedUser->save();
         }
     }
-
-    /**
-     * Assign default permission to users and groups.
-     */
-    private function assignDefaultPermission(Permission $permission): void
-    {
-        $userIds = User::nonSystem()->pluck('id');
-        $groupIds = Group::pluck('id');
-
-        // Define the chunk size for the permission assignment
-        $chunkSize = 500;
-
-        // Attach user IDs in chunks
-        $userIds->chunk($chunkSize)->each(function ($chunk) use ($permission) {
-            $permission->users()->attach($chunk);
-        });
-
-        // Attach group IDs in chunks
-        $groupIds->chunk($chunkSize)->each(function ($chunk) use ($permission) {
-            $permission->groups()->attach($chunk);
-        });
-    }
 }

tests/Feature/Api/PermissionsTest.php

@@ -234,32 +234,20 @@ public function testSetPermissionsViewMyRequestForUser()
      */
     public function testSetPermissionsViewMyRequestForUsersAndGroupCreated()
     {
-        //Set up the users and groups
+        // Set up the users and groups
         $users = User::factory()->count(5)->create();
         $groups = Group::factory()->count(3)->create();
 
-        //Run the seeder
+        // Run the seeder
         $this->seed(PermissionSeeder::class);
         $permissionName = 'view-my_requests';
         $permissionTitle = 'View My Requests';
 
-        //Verify that the permission exists
+        // Verify that the permission exists
         $this->assertDatabaseHas('permissions', [
             'name' => $permissionName,
             'group' => 'Cases and Requests',
             'title' => $permissionTitle,
         ]);
-
-        //Verify that the permission is assigned to users
-        $permission = Permission::where('name', $permissionName)->first();
-        $this->assertNotNull($permission);
-        foreach ($users as $user) {
-            $this->assertTrue($user->hasPermission($permissionName));
-        }
-
-        //Verify that the permission is assigned to groups
-        foreach ($groups as $group) {
-            $this->assertTrue($permission->groups->contains($group));
-        }
     }
 }

upgrades/2024_11_28_154502_assign_user_permission_view_my_request.php

@@ -0,0 +1,72 @@
+<?php
+
+use Illuminate\Support\Facades\DB;
+use ProcessMaker\Upgrades\UpgradeMigration as Upgrade;
+
+class AssignUserPermissionViewMyRequest extends Upgrade
+{
+    /**
+     * Run the migrations.
+     */
+    public function up(): void
+    {
+        // Get the permission ID
+        $permissionId = DB::table('permissions')
+            ->where('name', 'view-my_requests')
+            ->value('id');
+
+        if ($permissionId) {
+            $this->assignDefaultPermission($permissionId);
+        }
+    }
+
+    /**
+     * Assign view-my_requests permission to active users
+     *
+     * @param int $permissionId The ID of the permission
+     * @return void
+     */
+    private function assignDefaultPermission(int $permissionId): void
+    {
+        $chunkSize = 500;
+        DB::table('users AS u')
+            // Check if the user has the permission
+            ->leftJoin('assignables AS a', function ($join) use ($permissionId) {
+                $join->on('u.id', '=', 'a.assignable_id')
+                ->where('a.assignable_type', 'ProcessMaker\Models\User')
+                ->where('a.permission_id', $permissionId);
+            })
+            // Filters
+            ->whereNull('a.permission_id')
+            ->where('u.is_system', false)
+            ->where('u.status', 'ACTIVE')
+            ->select('u.id')
+            ->orderBy('u.id')
+            ->chunk($chunkSize, function ($users) use ($permissionId) {
+                $records = array_map(function ($user) use ($permissionId) {
+                    return [
+                        'permission_id' => $permissionId,
+                        'assignable_id' => $user->id,
+                        'assignable_type' => 'ProcessMaker\Models\User',
+                    ];
+                }, $users->toArray());
+
+                // Insert rows
+                DB::table('assignables')->insert($records);
+            }, 'u.id');
+    }
+
+    /**
+     * Reverse the migrations.
+     */
+    public function down(): void
+    {
+        $permissionId = DB::table('permissions')
+            ->where('name', 'view-my_requests')
+            ->value('id');
+        DB::table('assignables')
+            ->where('permission_id', $permissionId)
+            ->where('assignable_type', 'ProcessMaker\Models\User')
+            ->delete();
+    }
+}