From 109a5157d21047170cb09118ecf11a7389e7c947 Mon Sep 17 00:00:00 2001
From: Rida Abou-Haidar <ridz1208@users.noreply.github.com>
Date: Tue, 17 Dec 2019 15:57:37 -0500
Subject: [PATCH] [SQL] Remove permissions for data_release in LorisMenu
 (#5838)

The permissions removed in this PR are not enforced at the module level, they are solely on the LorisMenu and thus not very secure. Also, they force users to get eith upload permission or edit access permission to just be able to view the module. Users should be able to view the module without any of these permissions.
---
 SQL/0000-00-02-Menus.sql                                     | 5 -----
 ...19-12-05-Remove_lorisMenuPermissions_for_data_release.sql | 3 +++
 2 files changed, 3 insertions(+), 5 deletions(-)
 create mode 100644 SQL/Cleanup_patches/2019-12-05-Remove_lorisMenuPermissions_for_data_release.sql

diff --git a/SQL/0000-00-02-Menus.sql b/SQL/0000-00-02-Menus.sql
index f78a1c68c1c..efdf8c0938d 100644
--- a/SQL/0000-00-02-Menus.sql
+++ b/SQL/0000-00-02-Menus.sql
@@ -211,11 +211,6 @@ INSERT INTO LorisMenuPermissions (MenuID, PermID)
 INSERT INTO LorisMenuPermissions (MenuID, PermID)
     SELECT m.ID, p.PermID FROM permissions p CROSS JOIN LorisMenu m WHERE p.code='issue_tracker_developer' AND m.Label='Issue Tracker';
 
-INSERT INTO LorisMenuPermissions (MenuID, PermID)
-    SELECT m.ID, p.PermID FROM permissions p CROSS JOIN LorisMenu m WHERE p.code='data_release_upload' AND m.Label='Data Release';
-INSERT INTO LorisMenuPermissions (MenuID, PermID)
-    SELECT m.ID, p.PermID FROM permissions p CROSS JOIN LorisMenu m WHERE p.code='data_release_edit_file_access' AND m.Label='Data Release';
-
 INSERT INTO LorisMenuPermissions (MenuID, PermID)
     SELECT m.ID, p.PermID FROM permissions p CROSS JOIN LorisMenu m WHERE p.code='data_team_helper' AND m.Label='Quality Control';
 
diff --git a/SQL/Cleanup_patches/2019-12-05-Remove_lorisMenuPermissions_for_data_release.sql b/SQL/Cleanup_patches/2019-12-05-Remove_lorisMenuPermissions_for_data_release.sql
new file mode 100644
index 00000000000..dfcad63228b
--- /dev/null
+++ b/SQL/Cleanup_patches/2019-12-05-Remove_lorisMenuPermissions_for_data_release.sql
@@ -0,0 +1,3 @@
+DELETE FROM LorisMenuPermissions WHERE PermID=(SELECT PermID FROM permissions WHERE code='data_release_upload');
+DELETE FROM LorisMenuPermissions WHERE PermID=(SELECT PermID FROM permissions WHERE code='data_release_edit_file_access');
+