RCOSDP · ryoya-hayase · May 22, 2026 · May 22, 2026 · May 29, 2026 · May 29, 2026
diff --git a/postgresql/ddl/W2025-29.sql b/postgresql/ddl/W2025-29.sql
@@ -72,7 +72,7 @@ CREATE TABLE IF NOT EXISTS mail_templates (
 -- modules/invenio-mail/invenio_mail/alembic/b1495e98969b_create_mailtemplateusers.py
 PERFORM 1 FROM pg_type t JOIN pg_namespace n ON n.oid = t.typnamespace WHERE n.nspname = current_schema() AND t.typname = 'mailtype';
 IF NOT FOUND THEN
-    CREATE TYPE mailtype AS ENUM ('recipient', 'cc', 'bcc');
+    CREATE TYPE mailtype AS ENUM ('RECIPIENT', 'CC', 'BCC');
     RAISE NOTICE 'CREATE TYPE mailtype: created successfully';
 ELSE
     RAISE NOTICE 'CREATE TYPE mailtype: already exists, skipping';

diff --git a/scripts/demo/resticted_access.sql b/scripts/demo/resticted_access.sql
@@ -16,10 +16,10 @@ BEGIN;
 --
 
 INSERT INTO item_type_name (created, updated, id, name, has_site_license, is_active) VALUES
-('2021-03-20 06:37:13.052787', '2021-03-20 06:37:13.052812', 31001, '利用申請', true, true),
-('2021-03-20 06:39:00.459722', '2021-03-20 06:39:00.459741', 31002, '二段階利用申請', true, true),
-('2021-03-20 06:42:51.677528', '2021-03-20 06:42:51.677548', 31003, '利用報告-Data Usage Report', true, true),
-('2023-12-22 02:53:51.907000', '2023-12-22 02:54:55.171000', 31004, '制限公開用アイテムタイプ', true, true)
+('2021-03-20 06:37:13.052787', '2021-03-20 06:37:13.052812', 31001, '利用申請', false, true),
+('2021-03-20 06:39:00.459722', '2021-03-20 06:39:00.459741', 31002, '二段階利用申請', false, true),
+('2021-03-20 06:42:51.677528', '2021-03-20 06:42:51.677548', 31003, '利用報告-Data Usage Report', false, true),
+('2023-12-22 02:53:51.907000', '2023-12-22 02:54:55.171000', 31004, '制限公開用アイテムタイプ', false, true)
 ON CONFLICT (id) DO NOTHING;
 
 --

diff --git a/tools/disable_restricted_access.sh b/tools/disable_restricted_access.sh
@@ -1,3 +1,7 @@
+set -euo pipefail
+IFS=$'\n\t'
+trap 'rc=$?; echo "Error: ${BASH_COMMAND} (line $LINENO) exited with ${rc}" >&2; exit ${rc}' ERR
+
 SETTING_FILE=scripts/instance.cfg
 RESTRICTED_ACCESS_PROPERTY=30015
 
@@ -69,10 +73,14 @@ else
 fi
 
 docker cp scripts/demo/disable_restricted_access.sql $(docker compose ps -q postgresql):/tmp/disable_restricted_access.sql
-docker-compose exec postgresql psql -U invenio -d invenio -f /tmp/disable_restricted_access.sql
+docker-compose exec postgresql psql -U invenio -d invenio -v ON_ERROR_STOP=1 -f /tmp/disable_restricted_access.sql
 
 docker-compose exec web invenio shell tools/update_restricted_access_property.py $RESTRICTED_ACCESS_PROPERTY disable
 
-docker-compose exec web bash -c "jinja2 /code/scripts/instance.cfg > /home/invenio/.virtualenvs/invenio/var/instance/invenio.cfg"
-docker-compose down
-docker-compose up -d
+# verify the update
+tools/verify_restricted_update.sh $SETTING_FILE False
+docker compose exec web invenio shell tools/verify_restricted_records.py disable
+
+# docker-compose exec web bash -c "jinja2 /code/scripts/instance.cfg > /home/invenio/.virtualenvs/invenio/var/instance/invenio.cfg"
+# docker-compose down
+# docker-compose up -d
diff --git a/tools/restricted_upadate.sh b/tools/restricted_upadate.sh
@@ -1,3 +1,7 @@
+set -euo pipefail
+IFS=$'\n\t'
+trap 'rc=$?; echo "Error: ${BASH_COMMAND} (line $LINENO) exited with ${rc}" >&2; exit ${rc}' ERR
+
 SETTING_FILE=scripts/instance.cfg
 RESTRICTED_ACCESS_PROPERTY=30015
 
@@ -69,10 +73,14 @@ else
 fi
 
 docker cp scripts/demo/resticted_access.sql $(docker compose ps -q postgresql):/tmp/resticted_access.sql
-docker-compose exec postgresql psql -U invenio -d invenio -f /tmp/resticted_access.sql
+docker-compose exec postgresql psql -U invenio -d invenio -v ON_ERROR_STOP=1 -f /tmp/resticted_access.sql
 
 docker-compose exec web invenio shell tools/update_restricted_access_property.py $RESTRICTED_ACCESS_PROPERTY enable
 
-docker-compose exec web bash -c "jinja2 /code/scripts/instance.cfg > /home/invenio/.virtualenvs/invenio/var/instance/invenio.cfg"
-docker-compose down
-docker-compose up -d
+# verify the update
+tools/verify_restricted_update.sh $SETTING_FILE True
+docker compose exec web invenio shell tools/verify_restricted_records.py enable
+
+# docker-compose exec web bash -c "jinja2 /code/scripts/instance.cfg > /home/invenio/.virtualenvs/invenio/var/instance/invenio.cfg"
+# docker-compose down
+# docker-compose up -d
diff --git a/tools/switch_restricted_access/disable/get_target_table_hash.sql b/tools/switch_restricted_access/disable/get_target_table_hash.sql
@@ -0,0 +1,69 @@
+SELECT *
+FROM (
+    SELECT 'item_type' AS table_name,
+        md5(STRING_AGG(t::text, ',' ORDER BY t::text)) AS hash
+    FROM (
+        SELECT * FROM item_type
+    ) t
+    UNION ALL
+    SELECT 'item_type_property' AS table_name,
+        md5(STRING_AGG(t::text, ',' ORDER BY t::text)) AS hash
+    FROM (
+        SELECT * FROM item_type_property
+    ) t
+    UNION ALL
+    SELECT 'workflow_workflow' AS table_name,
+        md5(STRING_AGG(t::text, ',' ORDER BY t::text)) AS hash
+    FROM (
+        SELECT * FROM workflow_workflow
+    ) t
+    UNION ALL
+    SELECT 'workflow_userrole' AS table_name,
+        md5(STRING_AGG(t::text, ',' ORDER BY t::text)) AS hash
+    FROM (
+        SELECT * FROM workflow_userrole
+    ) t
+    UNION ALL
+    SELECT 'admin_settings' AS table_name,
+        md5(STRING_AGG(t::text, ',' ORDER BY t::text)) AS hash
+    FROM (
+        SELECT * FROM admin_settings
+    ) t
+    UNION ALL
+    SELECT 'item_type_edit_history' AS table_name,
+        md5(STRING_AGG(t::text, ',' ORDER BY t::text)) AS hash
+    FROM (
+        SELECT * FROM item_type_edit_history
+    ) t
+    UNION ALL
+    SELECT 'jsonld_mappings' AS table_name,
+        md5(STRING_AGG(t::text, ',' ORDER BY t::text)) AS hash
+    FROM (
+        SELECT * FROM jsonld_mappings
+    ) t
+    UNION ALL
+    SELECT 'rocrate_mapping' AS table_name,
+        md5(STRING_AGG(t::text, ',' ORDER BY t::text)) AS hash
+    FROM (
+        SELECT * FROM rocrate_mapping
+    ) t
+    UNION ALL
+    SELECT 'workflow_activity' AS table_name,
+        md5(STRING_AGG(t::text, ',' ORDER BY t::text)) AS hash
+    FROM (
+        SELECT * FROM workflow_activity
+    ) t
+    UNION ALL
+    SELECT 'sword_clients' AS table_name,
+        md5(STRING_AGG(t::text, ',' ORDER BY t::text)) AS hash
+    FROM (
+        SELECT * FROM sword_clients
+    ) t
+    UNION ALL
+    SELECT 'workflow_activity_action' AS table_name,
+        md5(STRING_AGG(t::text, ',' ORDER BY t::text)) AS hash
+    FROM (
+        SELECT * FROM workflow_activity_action
+    ) t
+) s
+ORDER BY table_name;
diff --git a/tools/switch_restricted_access/disable/verify_table.json b/tools/switch_restricted_access/disable/verify_table.json
diff --git a/tools/switch_restricted_access/enable/get_target_table_hash.sql b/tools/switch_restricted_access/enable/get_target_table_hash.sql
@@ -0,0 +1,213 @@
+SELECT *
+FROM (
+    SELECT 'item_type_name' AS table_name,
+        md5(STRING_AGG(t::text, ',' ORDER BY t::text)) AS hash
+    FROM (
+        SELECT * FROM item_type_name
+    ) t
+    UNION ALL
+    SELECT 'item_type' AS table_name,
+        md5(STRING_AGG(t::text, ',' ORDER BY t::text)) AS hash
+    FROM (
+        SELECT * FROM item_type
+    ) t
+    UNION ALL
+    SELECT 'item_type_mapping' AS table_name,
+        md5(STRING_AGG(t::text, ',' ORDER BY t::text)) AS hash
+    FROM (
+        SELECT * FROM item_type_mapping
+    ) t
+    UNION ALL
+    SELECT 'item_type_property' AS table_name,
+        md5(STRING_AGG(t::text, ',' ORDER BY t::text)) AS hash
+    FROM (
+        SELECT * FROM item_type_property
+    ) t
+    UNION ALL
+    SELECT 'accounts_role' AS table_name,
+        md5(STRING_AGG(t::text, ',' ORDER BY t::text)) AS hash
+    FROM (
+        SELECT * FROM accounts_role
+    ) t
+    UNION ALL
+    SELECT 'index' AS table_name,
+        md5(STRING_AGG(t::text, ',' ORDER BY t::text)) AS hash
+    FROM (
+        SELECT * FROM index
+    ) t
+    UNION ALL
+    SELECT 'workflow_flow_define' AS table_name,
+        md5(STRING_AGG(t::text, ',' ORDER BY t::text)) AS hash
+    FROM (
+        SELECT * FROM workflow_flow_define
+    ) t
+    UNION ALL
+    SELECT 'workflow_flow_action' AS table_name,
+        md5(STRING_AGG(t::text, ',' ORDER BY t::text)) AS hash
+    FROM (
+        SELECT * FROM workflow_flow_action
+    ) t
+    UNION ALL
+    SELECT 'workflow_workflow' AS table_name,
+        md5(STRING_AGG(t::text, ',' ORDER BY t::text)) AS hash
+    FROM (
+        SELECT * FROM workflow_workflow
+    ) t
+    UNION ALL
+    SELECT 'workflow_userrole' AS table_name,
+        md5(STRING_AGG(t::text, ',' ORDER BY t::text)) AS hash
+    FROM (
+        SELECT * FROM workflow_userrole
+    ) t
+    UNION ALL
+    SELECT 'mail_template_genres' AS table_name,
+        md5(STRING_AGG(t::text, ',' ORDER BY t::text)) AS hash
+    FROM (
+        SELECT * FROM mail_template_genres
+    ) t
+    UNION ALL
+    SELECT 'mail_templates' AS table_name,
+        md5(STRING_AGG(t::text, ',' ORDER BY t::text)) AS hash
+    FROM (
+        SELECT * FROM mail_templates
+    ) t
+    UNION ALL
+    SELECT 'admin_settings' AS table_name,
+        md5(STRING_AGG(t::text, ',' ORDER BY t::text)) AS hash
+    FROM (
+        SELECT * FROM admin_settings
+    ) t
+    UNION ALL
+    SELECT 'item_type_edit_history' AS table_name,
+        md5(STRING_AGG(t::text, ',' ORDER BY t::text)) AS hash
+    FROM (
+        SELECT * FROM item_type_edit_history
+    ) t
+    UNION ALL
+    SELECT 'jsonld_mappings' AS table_name,
+        md5(STRING_AGG(t::text, ',' ORDER BY t::text)) AS hash
+    FROM (
+        SELECT * FROM jsonld_mappings
+    ) t
+    UNION ALL
+    SELECT 'rocrate_mapping' AS table_name,
+        md5(STRING_AGG(t::text, ',' ORDER BY t::text)) AS hash
+    FROM (
+        SELECT * FROM rocrate_mapping
+    ) t
+    UNION ALL
+    SELECT 'access_actionsroles' AS table_name,
+        md5(STRING_AGG(t::text, ',' ORDER BY t::text)) AS hash
+    FROM (
+        SELECT * FROM access_actionsroles
+    ) t
+    UNION ALL
+    SELECT 'accounts_userrole' AS table_name,
+        md5(STRING_AGG(t::text, ',' ORDER BY t::text)) AS hash
+    FROM (
+        SELECT * FROM accounts_userrole
+    ) t
+    UNION ALL
+    SELECT 'communities_community' AS table_name,
+        md5(STRING_AGG(t::text, ',' ORDER BY t::text)) AS hash
+    FROM (
+        SELECT * FROM communities_community
+    ) t
+    UNION ALL
+    SELECT 'shibboleth_userrole' AS table_name,
+        md5(STRING_AGG(t::text, ',' ORDER BY t::text)) AS hash
+    FROM (
+        SELECT * FROM shibboleth_userrole
+    ) t
+    UNION ALL
+    SELECT 'workflow_flow_action_role' AS table_name,
+        md5(STRING_AGG(t::text, ',' ORDER BY t::text)) AS hash
+    FROM (
+        SELECT * FROM workflow_flow_action_role
+    ) t
+    UNION ALL
+    SELECT 'harvest_settings' AS table_name,
+        md5(STRING_AGG(t::text, ',' ORDER BY t::text)) AS hash
+    FROM (
+        SELECT * FROM harvest_settings
+    ) t
+    UNION ALL
+    SELECT 'journal' AS table_name,
+        md5(STRING_AGG(t::text, ',' ORDER BY t::text)) AS hash
+    FROM (
+        SELECT * FROM journal
+    ) t
+    UNION ALL
+    SELECT 'resync_indexes' AS table_name,
+        md5(STRING_AGG(t::text, ',' ORDER BY t::text)) AS hash
+    FROM (
+        SELECT * FROM resync_indexes
+    ) t
+    UNION ALL
+    SELECT 'workflow_activity' AS table_name,
+        md5(STRING_AGG(t::text, ',' ORDER BY t::text)) AS hash
+    FROM (
+        SELECT * FROM workflow_activity
+    ) t
+    UNION ALL
+    SELECT 'sword_clients' AS table_name,
+        md5(STRING_AGG(t::text, ',' ORDER BY t::text)) AS hash
+    FROM (
+        SELECT * FROM sword_clients
+    ) t
+    UNION ALL
+    SELECT 'mail_template_users' AS table_name,
+        md5(STRING_AGG(t::text, ',' ORDER BY t::text)) AS hash
+    FROM (
+        SELECT * FROM mail_template_users
+    ) t
+    UNION ALL
+    SELECT 'author_affiliation_community_relations' AS table_name,
+        md5(STRING_AGG(t::text, ',' ORDER BY t::text)) AS hash
+    FROM (
+        SELECT * FROM author_affiliation_community_relations
+    ) t
+    UNION ALL
+    SELECT 'author_community_relations' AS table_name,
+        md5(STRING_AGG(t::text, ',' ORDER BY t::text)) AS hash
+    FROM (
+        SELECT * FROM author_community_relations
+    ) t
+    UNION ALL
+    SELECT 'author_prefix_community_relations' AS table_name,
+        md5(STRING_AGG(t::text, ',' ORDER BY t::text)) AS hash
+    FROM (
+        SELECT * FROM author_prefix_community_relations
+    ) t
+    UNION ALL
+    SELECT 'communities_community_record' AS table_name,
+        md5(STRING_AGG(t::text, ',' ORDER BY t::text)) AS hash
+    FROM (
+        SELECT * FROM communities_community_record
+    ) t
+    UNION ALL
+    SELECT 'communities_featured_community' AS table_name,
+        md5(STRING_AGG(t::text, ',' ORDER BY t::text)) AS hash
+    FROM (
+        SELECT * FROM communities_featured_community
+    ) t
+    UNION ALL
+    SELECT 'user_activity_logs' AS table_name,
+        md5(STRING_AGG(t::text, ',' ORDER BY t::text)) AS hash
+    FROM (
+        SELECT * FROM user_activity_logs
+    ) t
+    UNION ALL
+    SELECT 'resync_logs' AS table_name,
+        md5(STRING_AGG(t::text, ',' ORDER BY t::text)) AS hash
+    FROM (
+        SELECT * FROM resync_logs
+    ) t
+    UNION ALL
+    SELECT 'workflow_activity_action' AS table_name,
+        md5(STRING_AGG(t::text, ',' ORDER BY t::text)) AS hash
+    FROM (
+        SELECT * FROM workflow_activity_action
+    ) t
+) s
+ORDER BY table_name;