class CreatePermissions < ActiveRecord::Migration
  def self.up
    create_table :permissions do |t|
      t.column :role_id, :integer, :foreign_key => { :on_delete => :cascade }

      t.column :is_grant,         :boolean, :null => false
      t.column :has_grant_option, :boolean, :null => false

      t.column :class_name, :string, :limit => 40, :null => false
      t.column :privilege,  :string, :limit => 40, :null => false

      t.column :target_owned_by_self, :boolean,    :null => false

      t.column :target_owner_id, :integer, 
               :foreign_key => {:table=>:users, :name=>'fk_perm_target_owner'}
      t.column :target_owner_firm_id,  :integer, 
               :foreign_key => {:table=>:firms, :name=>'fk_perm_target_firm' }

      # The following columns govern permissions for specific
      # objects; "target_name" is a presentation hack to allow the 
      # UI to display *something* useful if the underlying object
      # has vanished.

      t.column :target_id,       :integer
      t.column :target_name,     :string,  :limit => 100

      t.column :created_at, :datetime, :null => false
      t.column :updated_at, :datetime, :null => false
    end

    add_index :permissions, :role_id
  end

  def self.down
    drop_table :permissions
  end
end