[LMS-1066] authorization groups db (2)

SVN: 11910

[LMS-1066] authorization groups db (2)
d754032e · izabel · b37ff882 · d754032e · d754032e · d754032e
Commit d754032e authored 15 years ago by izabel
--- a/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/dataaccess/IAuthorizationGroupDAO.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/dataaccess/IAuthorizationGroupDAO.java
+/*
+ * Copyright 2008 ETH Zuerich, CISD
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package ch.systemsx.cisd.openbis.generic.server.dataaccess;
+import java.util.List;
+import ch.systemsx.cisd.openbis.generic.shared.dto.AuthorizationGroupPE;
+/**
+ * <i>Data Access Object</i> for {@link AuthorizationGroupPE}.
+ * 
+ * @author Izabela Adamczyk
+ */
+public interface IAuthorizationGroupDAO extends IGenericDAO<AuthorizationGroupPE>
+{
+    /**
+     * Lists all authorization groups.
+     */
+    public List<AuthorizationGroupPE> list();
+    /**
+     * Creates a new authorization group.
+     */
+    public void create(AuthorizationGroupPE authorizationGroup);
+}
--- a/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/dataaccess/db/AuthorizationGroupDAO.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/dataaccess/db/AuthorizationGroupDAO.java
+/*
+ * Copyright 2008 ETH Zuerich, CISD
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package ch.systemsx.cisd.openbis.generic.server.dataaccess.db;
+import java.util.List;
+import org.apache.log4j.Logger;
+import org.hibernate.SessionFactory;
+import org.springframework.orm.hibernate3.HibernateTemplate;
+import ch.systemsx.cisd.common.logging.LogCategory;
+import ch.systemsx.cisd.common.logging.LogFactory;
+import ch.systemsx.cisd.common.utilities.MethodUtils;
+import ch.systemsx.cisd.openbis.generic.server.dataaccess.IAuthorizationGroupDAO;
+import ch.systemsx.cisd.openbis.generic.shared.dto.AuthorizationGroupPE;
+import ch.systemsx.cisd.openbis.generic.shared.dto.CodeConverter;
+import ch.systemsx.cisd.openbis.generic.shared.dto.DatabaseInstancePE;
+/**
+ * Implementation of {@link IAuthorizationGroupDAO}.
+ * 
+ * @author Izabela Adamczyk
+ */
+public class AuthorizationGroupDAO extends AbstractGenericEntityDAO<AuthorizationGroupPE> implements
+        IAuthorizationGroupDAO
+{
+    private static final Logger operationLog =
+            LogFactory.getLogger(LogCategory.OPERATION, AuthorizationGroupDAO.class);
+    protected AuthorizationGroupDAO(final SessionFactory sessionFactory,
+            final DatabaseInstancePE databaseInstance)
+    {
+        super(sessionFactory, databaseInstance, AuthorizationGroupPE.class);
+    }
+    public List<AuthorizationGroupPE> list()
+    {
+        final List<AuthorizationGroupPE> list =
+                cast(getHibernateTemplate().loadAll(AuthorizationGroupPE.class));
+        if (operationLog.isDebugEnabled())
+        {
+            operationLog.debug(String.format("%s(): %d authorization group(s) have been found.",
+                    MethodUtils.getCurrentMethod().getName(), list.size()));
+        }
+        return list;
+    }
+    public void create(AuthorizationGroupPE authorizationGroup)
+    {
+        assert authorizationGroup != null : "Missing authorization group.";
+        validatePE(authorizationGroup);
+        authorizationGroup.setCode(CodeConverter.tryToDatabase(authorizationGroup.getCode()));
+        final HibernateTemplate template = getHibernateTemplate();
+        template.saveOrUpdate(authorizationGroup);
+        template.flush();
+        if (operationLog.isInfoEnabled())
+        {
+            operationLog.info(String.format("SAVE: authorization group '%s'.", authorizationGroup));
+        }
+    }
+}
--- a/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/dataaccess/db/DatabaseVersionHolder.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/dataaccess/db/DatabaseVersionHolder.java
@@ -24,7 +24,7 @@ package ch.systemsx.cisd.openbis.generic.server.dataaccess.db;
 public final class DatabaseVersionHolder
 {
    /** Current version of the database. */
-    private static final String DATABASE_VERSION = "038";
+    private static final String DATABASE_VERSION = "039";
    private DatabaseVersionHolder()
    {

--- a/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/dto/AuthorizationGroupPE.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/dto/AuthorizationGroupPE.java
+/*
+ * Copyright 2009 ETH Zuerich, CISD
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package ch.systemsx.cisd.openbis.generic.shared.dto;
+import java.io.Serializable;
+import java.util.Date;
+import javax.persistence.Column;
+import javax.persistence.Entity;
+import javax.persistence.FetchType;
+import javax.persistence.GeneratedValue;
+import javax.persistence.GenerationType;
+import javax.persistence.Id;
+import javax.persistence.JoinColumn;
+import javax.persistence.ManyToOne;
+import javax.persistence.SequenceGenerator;
+import javax.persistence.Table;
+import javax.persistence.Version;
+import org.apache.commons.lang.builder.EqualsBuilder;
+import org.apache.commons.lang.builder.HashCodeBuilder;
+import org.apache.commons.lang.builder.ToStringBuilder;
+import org.hibernate.search.annotations.Field;
+import org.hibernate.search.annotations.Index;
+import org.hibernate.search.annotations.Store;
+import org.hibernate.validator.Length;
+import org.hibernate.validator.NotNull;
+import org.hibernate.validator.Pattern;
+import ch.systemsx.cisd.common.utilities.ModifiedShortPrefixToStringStyle;
+import ch.systemsx.cisd.openbis.generic.client.web.client.application.GenericConstants;
+import ch.systemsx.cisd.openbis.generic.shared.IServer;
+import ch.systemsx.cisd.openbis.generic.shared.dto.hibernate.SearchFieldConstants;
+/**
+ * Persistent Entity containing informations about authorization group.
+ * 
+ * @author Izabela Adamczyk
+ */
+@Entity
+@Table(name = TableNames.AUTHORIZATION_GROUPS_TABLE)
+public class AuthorizationGroupPE extends HibernateAbstractRegistrationHolder implements
+        Comparable<AuthorizationGroupPE>, IIdAndCodeHolder, Serializable
+{
+    private static final long serialVersionUID = IServer.VERSION;
+    private transient Long id;
+    private DatabaseInstancePE databaseInstance;
+    private String code;
+    private String description;
+    private Date modificationDate;
+    public AuthorizationGroupPE()
+    {
+    }
+    @SequenceGenerator(name = SequenceNames.AUTHORIZATION_GROUP_ID_SEQUENCE, sequenceName = SequenceNames.AUTHORIZATION_GROUP_ID_SEQUENCE, allocationSize = 1)
+    @Id
+    @GeneratedValue(strategy = GenerationType.SEQUENCE, generator = SequenceNames.AUTHORIZATION_GROUP_ID_SEQUENCE)
+    public final Long getId()
+    {
+        return id;
+    }
+    public final void setId(final Long id)
+    {
+        this.id = id;
+    }
+    @ManyToOne(fetch = FetchType.EAGER)
+    @NotNull(message = ValidationMessages.DATABASE_INSTANCE_NOT_NULL_MESSAGE)
+    @JoinColumn(name = ColumnNames.DATABASE_INSTANCE_COLUMN, updatable = false)
+    public final DatabaseInstancePE getDatabaseInstance()
+    {
+        return databaseInstance;
+    }
+    public final void setDatabaseInstance(final DatabaseInstancePE databaseInstance)
+    {
+        this.databaseInstance = databaseInstance;
+    }
+    @NotNull(message = ValidationMessages.CODE_NOT_NULL_MESSAGE)
+    @Length(min = 1, max = 40, message = ValidationMessages.CODE_LENGTH_MESSAGE)
+    @Pattern(regex = AbstractIdAndCodeHolder.CODE_PATTERN, flags = java.util.regex.Pattern.CASE_INSENSITIVE, message = ValidationMessages.CODE_PATTERN_MESSAGE)
+    @Field(index = Index.TOKENIZED, store = Store.YES, name = SearchFieldConstants.CODE)
+    public final String getCode()
+    {
+        return code;
+    }
+    public final void setCode(final String code)
+    {
+        this.code = code;
+    }
+    @Column(name = ColumnNames.DESCRIPTION_COLUMN)
+    @Length(max = GenericConstants.DESCRIPTION_1000, message = ValidationMessages.DESCRIPTION_LENGTH_MESSAGE)
+    public final String getDescription()
+    {
+        return description;
+    }
+    public final void setDescription(final String description)
+    {
+        this.description = description;
+    }
+    @Version
+    @Column(name = ColumnNames.MODIFICATION_TIMESTAMP_COLUMN, nullable = false)
+    public Date getModificationDate()
+    {
+        return modificationDate;
+    }
+    public void setModificationDate(Date versionDate)
+    {
+        this.modificationDate = versionDate;
+    }
+    @Override
+    public final boolean equals(final Object obj)
+    {
+        if (obj == this)
+        {
+            return true;
+        }
+        if (obj instanceof AuthorizationGroupPE == false)
+        {
+            return false;
+        }
+        final AuthorizationGroupPE that = (AuthorizationGroupPE) obj;
+        final EqualsBuilder builder = new EqualsBuilder();
+        builder.append(getCode(), that.getCode());
+        builder.append(getDatabaseInstance(), that.getDatabaseInstance());
+        return builder.isEquals();
+    }
+    @Override
+    public final int hashCode()
+    {
+        final HashCodeBuilder builder = new HashCodeBuilder();
+        builder.append(getCode());
+        builder.append(getDatabaseInstance());
+        return builder.toHashCode();
+    }
+    @Override
+    public final String toString()
+    {
+        final ToStringBuilder builder =
+                new ToStringBuilder(this,
+                        ModifiedShortPrefixToStringStyle.MODIFIED_SHORT_PREFIX_STYLE);
+        builder.append("code", getCode());
+        builder.append("dbInstance", getDatabaseInstance());
+        return builder.toString();
+    }
+    public int compareTo(AuthorizationGroupPE o)
+    {
+        return AbstractIdAndCodeHolder.compare(this, o);
+    }
+}
--- a/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/dto/ColumnNames.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/dto/ColumnNames.java
@@ -204,6 +204,12 @@ public final class ColumnNames
    public static final String IS_CHOSEN_FROM_LIST = "is_chosen_from_list";
+    public static final String AUTHORIZATION_GROUP_ID_COLUMN = "ag_id";
+    public static final String PERSON_ID_COLUMN = "pers_id";
+    public static final String AUTHORIZATION_GROUP_ID_GRANTEE_COLUMN = "ag_id_grantee";
    private ColumnNames()
    {
        // Can not be instantiated.

--- a/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/dto/RoleAssignmentPE.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/dto/RoleAssignmentPE.java
@@ -31,7 +31,6 @@ import javax.persistence.ManyToOne;
 import javax.persistence.SequenceGenerator;
 import javax.persistence.Table;
 import javax.persistence.Transient;
-import javax.persistence.UniqueConstraint;
 import org.apache.commons.lang.builder.EqualsBuilder;
 import org.apache.commons.lang.builder.HashCodeBuilder;
@@ -46,21 +45,20 @@ import ch.systemsx.cisd.openbis.generic.shared.basic.IIdHolder;
 import ch.systemsx.cisd.openbis.generic.shared.util.EqualsHashUtils;
 /**
- * Persistent Entity corresponding containing informations about role assignment.
+ * Persistent Entity containing informations about role assignment.
 * 
 * @author Izabela Adamczyk
 */
 @Entity
-@Check(constraints = ColumnNames.DATABASE_INSTANCE_COLUMN + " IS NOT NULL AND "
+@Check(constraints = "((DBIN_ID IS NOT NULL AND GROU_ID IS NULL) OR (DBIN_ID IS NULL AND GROU_ID IS NOT NULL))"
-        + ColumnNames.GROUP_COLUMN + " IS NULL OR " + ColumnNames.DATABASE_INSTANCE_COLUMN
+        + " AND "
-        + " IS NULL AND " + ColumnNames.GROUP_COLUMN + " IS NOT NULL")
+        + "((AG_ID_GRANTEE IS NOT NULL AND PERS_ID_GRANTEE IS NULL) OR (AG_ID_GRANTEE IS NULL AND PERS_ID_GRANTEE IS NOT NULL))")
-@Table(name = TableNames.ROLE_ASSIGNMENTS_TABLE, uniqueConstraints =
+@Table(name = TableNames.ROLE_ASSIGNMENTS_TABLE)
-    { @UniqueConstraint(columnNames =
-        { ColumnNames.PERSON_GRANTEE_COLUMN, ColumnNames.ROLE_COLUMN, ColumnNames.GROUP_COLUMN,
-                ColumnNames.DATABASE_INSTANCE_COLUMN }) })
 public final class RoleAssignmentPE extends HibernateAbstractRegistrationHolder implements
        IIdHolder, Serializable
 {
    private static final long serialVersionUID = IServer.VERSION;
    public static final RoleAssignmentPE[] EMPTY_ARRAY = new RoleAssignmentPE[0];
@@ -73,6 +71,8 @@ public final class RoleAssignmentPE extends HibernateAbstractRegistrationHolder
    private PersonPE person;
+    private AuthorizationGroupPE authorizationGroup;
    private RoleCode role;
    @NotNull(message = ValidationMessages.ROLE_NOT_NULL_MESSAGE)
@@ -88,7 +88,6 @@ public final class RoleAssignmentPE extends HibernateAbstractRegistrationHolder
        this.role = role;
    }
-    @NotNull(message = ValidationMessages.PERSON_NOT_NULL_MESSAGE)
    @ManyToOne(fetch = FetchType.EAGER)
    @JoinColumn(name = ColumnNames.PERSON_GRANTEE_COLUMN, updatable = false)
    @Private
@@ -103,12 +102,32 @@ public final class RoleAssignmentPE extends HibernateAbstractRegistrationHolder
        this.person = person;
    }
+    @ManyToOne(fetch = FetchType.EAGER)
+    @JoinColumn(name = ColumnNames.AUTHORIZATION_GROUP_ID_GRANTEE_COLUMN, updatable = false)
+    @Private
+    public final AuthorizationGroupPE getAuthorizationGroupInternal()
+    {
+        return authorizationGroup;
+    }
+    @Private
+    public final void setAuthorizationGroupInternal(final AuthorizationGroupPE authorizationGroup)
+    {
+        this.authorizationGroup = authorizationGroup;
+    }
    @Transient
    public final PersonPE getPerson()
    {
        return getPersonInternal();
    }
+    @Transient
+    public final AuthorizationGroupPE getAuthorizationGroup()
+    {
+        return getAuthorizationGroupInternal();
+    }
    public final void setId(final Long id)
    {
        this.id = id;
@@ -158,7 +177,10 @@ public final class RoleAssignmentPE extends HibernateAbstractRegistrationHolder
    public final boolean equals(final Object obj)
    {
        EqualsHashUtils.assertDefined(getRole(), "role");
-        EqualsHashUtils.assertDefined(getPerson(), "person");
+        if (getPerson() == null)
+        {
+            EqualsHashUtils.assertDefined(getAuthorizationGroupInternal(), "authorization group");
+        }
        if (getGroup() == null)
        {
            EqualsHashUtils.assertDefined(getDatabaseInstance(), "db");
@@ -175,6 +197,7 @@ public final class RoleAssignmentPE extends HibernateAbstractRegistrationHolder
        final EqualsBuilder builder = new EqualsBuilder();
        builder.append(getRole(), that.getRole());
        builder.append(getPerson(), that.getPerson());
+        builder.append(getAuthorizationGroup(), that.getAuthorizationGroup());
        builder.append(getDatabaseInstance(), that.getDatabaseInstance());
        builder.append(getGroup(), that.getGroup());
        return builder.isEquals();

--- a/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/dto/SequenceNames.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/dto/SequenceNames.java
@@ -39,7 +39,7 @@ public final class SequenceNames
    public static final String DATA_STORE_SEQUENCE = "DATA_STORE_ID_SEQ";
    public static final String DATA_STORE_SERVICE_SEQUENCE = "DATA_STORE_SERVICES_ID_SEQ";
    public static final String DATA_TYPE_SEQUENCE = "DATA_TYPE_ID_SEQ";
    public static final String DATABASE_INSTANCE_SEQUENCE = "DATABASE_INSTANCE_ID_SEQ";
@@ -102,6 +102,11 @@ public final class SequenceNames
    public static final String CODE_SEQUENCE = "CODE_SEQ";
+    public static final String AUTHORIZATION_GROUP_ID_SEQUENCE = "AUTHORIZATION_GROUP_ID_SEQ";
+    public static final String AUTHORIZATION_GROUP_PERSON_ID_SEQUENCE =
+            "AUTHORIZATION_GROUP_PERSON_ID_SEQ";
    private SequenceNames()
    {
        // Can not be instantiated.

--- a/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/dto/TableNames.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/dto/TableNames.java
@@ -106,6 +106,10 @@ public final class TableNames
    public static final String EVENTS_TABLE = "events";
+    public static final String AUTHORIZATION_GROUPS_TABLE = "authorization_groups";
+    public static final String AUTHORIZATION_GROUP_PERSONS_TABLE = "authorization_group_persons";
    private TableNames()
    {
        // This class can not be instantiated.

--- a/openbis/source/java/hibernateContext.xml
+++ b/openbis/source/java/hibernateContext.xml
@@ -73,6 +73,7 @@
                <value>ch.systemsx.cisd.openbis.generic.shared.dto.DataSetTypePropertyTypePE</value>
                <value>ch.systemsx.cisd.openbis.generic.shared.dto.AttachmentHolderPE</value>
+                <value>ch.systemsx.cisd.openbis.generic.shared.dto.AuthorizationGroupPE</value>
            </list>
        </property>
        <!-- 

--- a/openbis/source/sql/generic/039/schema-039.sql
+++ b/openbis/source/sql/generic/039/schema-039.sql
@@ -72,7 +72,7 @@ CREATE TABLE SAMPLE_TYPE_PROPERTY_TYPES (ID TECH_ID NOT NULL,SATY_ID TECH_ID NOT
 CREATE TABLE DATA_SET_PROPERTIES (ID TECH_ID NOT NULL,DS_ID TECH_ID NOT NULL,DSTPT_ID TECH_ID NOT NULL,VALUE GENERIC_VALUE,CVTE_ID TECH_ID, MATE_PROP_ID TECH_ID, PERS_ID_REGISTERER TECH_ID NOT NULL,REGISTRATION_TIMESTAMP TIME_STAMP_DFL NOT NULL DEFAULT CURRENT_TIMESTAMP, MODIFICATION_TIMESTAMP TIME_STAMP DEFAULT CURRENT_TIMESTAMP);
 CREATE TABLE DATA_SET_TYPE_PROPERTY_TYPES (ID TECH_ID NOT NULL,DSTY_ID TECH_ID NOT NULL,PRTY_ID TECH_ID NOT NULL,IS_MANDATORY BOOLEAN_CHAR NOT NULL DEFAULT 'F',IS_MANAGED_INTERNALLY BOOLEAN_CHAR NOT NULL DEFAULT 'F',PERS_ID_REGISTERER TECH_ID NOT NULL,REGISTRATION_TIMESTAMP TIME_STAMP_DFL NOT NULL DEFAULT CURRENT_TIMESTAMP);
-CREATE TABLE AUTHORIZATION_GROUPS (ID TECH_ID NOT NULL, DBIN_ID TECH_ID NOT NULL, CODE CODE NOT NULL, DESCRIPTION DESCRIPTION_1000);
+CREATE TABLE AUTHORIZATION_GROUPS (ID TECH_ID NOT NULL, DBIN_ID TECH_ID NOT NULL, CODE CODE NOT NULL, DESCRIPTION DESCRIPTION_1000,REGISTRATION_TIMESTAMP TIME_STAMP_DFL NOT NULL DEFAULT CURRENT_TIMESTAMP, PERS_ID_REGISTERER TECH_ID NOT NULL, MODIFICATION_TIMESTAMP TIME_STAMP DEFAULT CURRENT_TIMESTAMP);
 CREATE TABLE AUTHORIZATION_GROUP_PERSONS (ID TECH_ID NOT NULL, AG_ID TECH_ID NOT NULL, PERS_ID TECH_ID NOT NULL);
 -- Creating sequences
@@ -306,6 +306,7 @@ ALTER TABLE DATA_SET_PROPERTIES ADD CONSTRAINT DSPR_MAPR_FK FOREIGN KEY (MATE_PR
 ALTER TABLE AUTHORIZATION_GROUPS ADD CONSTRAINT AG_DBIN_FK FOREIGN KEY (DBIN_ID) REFERENCES DATABASE_INSTANCES(ID);
 ALTER TABLE AUTHORIZATION_GROUP_PERSONS ADD CONSTRAINT AGP_AG_FK FOREIGN KEY (AG_ID) REFERENCES AUTHORIZATION_GROUPS(ID);
 ALTER TABLE AUTHORIZATION_GROUP_PERSONS ADD CONSTRAINT AGP_PERS_FK FOREIGN KEY (PERS_ID) REFERENCES PERSONS(ID);
+ALTER TABLE AUTHORIZATION_GROUPS ADD CONSTRAINT AG_PERS_FK FOREIGN KEY (PERS_ID_REGISTERER) REFERENCES PERSONS(ID);
 -- Creating check constraints
@@ -426,3 +427,8 @@ CREATE INDEX DSPR_PERS_FK_I ON DATA_SET_PROPERTIES (PERS_ID_REGISTERER);
 CREATE INDEX DSTPT_DSTY_FK_I ON DATA_SET_TYPE_PROPERTY_TYPES (DSTY_ID);
 CREATE INDEX DSTPT_PERS_FK_I ON DATA_SET_TYPE_PROPERTY_TYPES (PERS_ID_REGISTERER);
 CREATE INDEX DSTPT_PRTY_FK_I ON DATA_SET_TYPE_PROPERTY_TYPES (PRTY_ID);
+CREATE UNIQUE INDEX ROAS_ROLE_GROUP_DBI_AG_PERS_UQ_I ON ROLE_ASSIGNMENTS (ROLE_CODE, COALESCE(PERS_ID_GRANTEE,-1), COALESCE(AG_ID_GRANTEE,-1), COALESCE(GROU_ID,-1), COALESCE(DBIN_ID,-1));
--- a/openbis/source/sql/postgresql/migration/migration-038-039.sql
+++ b/openbis/source/sql/postgresql/migration/migration-038-039.sql
@@ -23,10 +23,11 @@ ALTER TABLE CONTROLLED_VOCABULARY_TERMS ADD COLUMN description DESCRIPTION_1000;
 -- Add authorization groups
-CREATE TABLE AUTHORIZATION_GROUPS (ID TECH_ID NOT NULL, DBIN_ID TECH_ID NOT NULL, CODE CODE NOT NULL, DESCRIPTION DESCRIPTION_1000);
+CREATE TABLE AUTHORIZATION_GROUPS (ID TECH_ID NOT NULL, DBIN_ID TECH_ID NOT NULL, CODE CODE NOT NULL, DESCRIPTION DESCRIPTION_1000,REGISTRATION_TIMESTAMP TIME_STAMP_DFL NOT NULL DEFAULT CURRENT_TIMESTAMP, PERS_ID_REGISTERER TECH_ID NOT NULL, MODIFICATION_TIMESTAMP TIME_STAMP DEFAULT CURRENT_TIMESTAMP);
 ALTER TABLE AUTHORIZATION_GROUPS ADD CONSTRAINT AG_PK PRIMARY KEY(ID);
 ALTER TABLE AUTHORIZATION_GROUPS ADD CONSTRAINT AG_BK_UK UNIQUE(CODE,DBIN_ID);
 ALTER TABLE AUTHORIZATION_GROUPS ADD CONSTRAINT AG_DBIN_FK FOREIGN KEY (DBIN_ID) REFERENCES DATABASE_INSTANCES(ID);
+ALTER TABLE AUTHORIZATION_GROUPS ADD CONSTRAINT AG_PERS_FK FOREIGN KEY (PERS_ID_REGISTERER) REFERENCES PERSONS(ID);
 CREATE SEQUENCE AUTHORIZATION_GROUP_ID_SEQ;
 CREATE TABLE AUTHORIZATION_GROUP_PERSONS (ID TECH_ID NOT NULL, AG_ID TECH_ID NOT NULL, PERS_ID TECH_ID NOT NULL);
@@ -38,12 +39,13 @@ CREATE SEQUENCE AUTHORIZATION_GROUP_PERSON_ID_SEQ;
 ALTER TABLE ROLE_ASSIGNMENTS ALTER COLUMN PERS_ID_GRANTEE DROP NOT NULL;
 ALTER TABLE ROLE_ASSIGNMENTS ADD COLUMN AG_ID_GRANTEE TECH_ID;
--TODO: add uniqueness of role assignment
 ALTER TABLE ROLE_ASSIGNMENTS DROP CONSTRAINT ROAS_GROUP_BK_UK;
 ALTER TABLE ROLE_ASSIGNMENTS DROP CONSTRAINT ROAS_INSTANCE_BK_UK;
 ALTER TABLE ROLE_ASSIGNMENTS ADD CONSTRAINT ROAS_AG_PERS_ARC_CK CHECK ((AG_ID_GRANTEE IS NOT NULL AND PERS_ID_GRANTEE IS NULL) OR (AG_ID_GRANTEE IS NULL AND PERS_ID_GRANTEE IS NOT NULL));
 CREATE INDEX ROAS_AG_FK_I_GRANTEE ON ROLE_ASSIGNMENTS (AG_ID_GRANTEE);
+CREATE UNIQUE INDEX ROAS_ROLE_GROUP_DBI_AG_PERS_UQ_I ON ROLE_ASSIGNMENTS (ROLE_CODE, COALESCE(PERS_ID_GRANTEE,-1), COALESCE(AG_ID_GRANTEE,-1), COALESCE(GROU_ID,-1), COALESCE(DBIN_ID,-1));
 GRANT SELECT ON SEQUENCE AUTHORIZATION_GROUP_ID_SEQ TO GROUP OPENBIS_READONLY;
 GRANT SELECT ON SEQUENCE AUTHORIZATION_GROUP_PERSON_ID_SEQ TO GROUP OPENBIS_READONLY;
 GRANT SELECT ON TABLE AUTHORIZATION_GROUPS TO GROUP OPENBIS_READONLY;