protected function run4($stage)
{
$this->console->out("Adding Read-only base role");
$this->db->BeginTrans();
try {
$this->db->Execute("\n INSERT INTO `acl_roles` (`role_id`, `name`)\n VALUES (?, ?)\n ", [Acl::ROLE_ID_READ_ONLY_ACCESS, 'Read-only']);
$params = [Acl::ROLE_ID_READ_ONLY_ACCESS, Acl::ROLE_ID_FULL_ACCESS];
$noAccessResources = [Acl::RESOURCE_BILLING_ACCOUNT, Acl::RESOURCE_ANALYTICS_ACCOUNT, Acl::RESOURCE_ENV_CLOUDS_ENVIRONMENT, Acl::RESOURCE_GOVERNANCE_ENVIRONMENT, Acl::RESOURCE_ANALYTICS_ENVIRONMENT, Acl::RESOURCE_SECURITY_RETRIEVE_WINDOWS_PASSWORDS, Acl::RESOURCE_SERVICES_RABBITMQ, Acl::RESOURCE_DB_SERVICE_CONFIGURATION, Acl::RESOURCE_DISCOVERY_SERVERS];
$notIn = "AND arc.`resource_id` NOT IN (" . implode(",", array_fill(0, count($noAccessResources), '?')) . ")";
$params = array_merge($params, $noAccessResources);
$this->db->Execute("\n INSERT INTO `acl_role_resources` (`role_id`, `resource_id`, `granted`)\n SELECT ?, arc.`resource_id`, 1\n FROM `acl_role_resources` arc\n WHERE arc.role_id = ? " . $notIn . "\n ", $params);
$this->db->CommitTrans();
} catch (Exception $e) {
$this->db->RollbackTrans();
throw $e;
}
}
