hs.hsadmin.ng/src/main/resources/db/changelog/058-rbac-generators.sql

--liquibase formatted sql


-- ============================================================================
--changeset rbac-generators-RELATED-OBJECT:1 endDelimiter:--//
-- ----------------------------------------------------------------------------

create or replace procedure generateRelatedRbacObject(targetTable varchar)
    language plpgsql as $$
declare
    createInsertTriggerSQL text;
    createDeleteTriggerSQL text;
begin
    createInsertTriggerSQL = format($sql$
        create trigger createRbacObjectFor_%s_Trigger
            before insert
            on %s
            for each row
                execute procedure insertRelatedRbacObject();
        $sql$, targetTable, targetTable);
    execute createInsertTriggerSQL;

    createDeleteTriggerSQL = format($sql$
        create trigger deleteRbacRulesFor_%s_Trigger
            before delete
            on %s
            for each row
                execute procedure deleteRelatedRbacObject();
        $sql$, targetTable, targetTable);
    execute createDeleteTriggerSQL;
end; $$;
--//


-- ============================================================================
--changeset rbac-generators-ROLE-DESCRIPTORS:1 endDelimiter:--//
-- ----------------------------------------------------------------------------

create or replace procedure generateRbacRoleDescriptors(prefix text, targetTable text)
    language plpgsql as $$
declare
    sql text;
begin
    sql = format($sql$
        create or replace function %1$sOwner(entity %2$s)
            returns RbacRoleDescriptor
            language plpgsql
            strict as $f$
        begin
            return roleDescriptor('%2$s', entity.uuid, 'owner');
        end; $f$;

        create or replace function %1$sAdmin(entity %2$s)
            returns RbacRoleDescriptor
            language plpgsql
            strict as $f$
        begin
            return roleDescriptor('%2$s', entity.uuid, 'admin');
        end; $f$;

        create or replace function %1$sTenant(entity %2$s)
            returns RbacRoleDescriptor
            language plpgsql
            strict as $f$
        begin
            return roleDescriptor('%2$s', entity.uuid, 'tenant');
        end; $f$;

        $sql$, prefix, targetTable);
    execute sql;
end; $$;
--//


-- ============================================================================
--changeset rbac-generators-IDENTITY-VIEW:1 endDelimiter:--//
-- ----------------------------------------------------------------------------

create or replace procedure generateRbacIdentityView(targetTable text, idNameExpression text)
    language plpgsql as $$
declare
    sql text;
begin
    -- create a view to the target main table which maps an idName to the objectUuid
    sql = format($sql$
            create or replace view %1$s_iv as
            select target.uuid, cleanIdentifier(%2$s) as idName
                from %1$s as target;
            grant all privileges on %1$s_iv to restricted;
        $sql$, targetTable, idNameExpression);
    execute sql;

    -- creates a function which maps an idName to the objectUuid
    sql = format($sql$
        create or replace function %1$sUuidByIdName(givenIdName varchar)
            returns uuid
            language sql
            strict as $f$
        select uuid from %1$s_iv iv where iv.idName = givenIdName;
        $f$;
        $sql$, targetTable);
    execute sql;

    -- creates a function which maps an objectUuid to the related idName
    sql = format($sql$
        create or replace function %1$sIdNameByUuid(givenUuid uuid)
            returns varchar
            language sql
            strict as $f$
        select idName from %1$s_iv iv where iv.uuid = givenUuid;
        $f$;
    $sql$, targetTable);
    execute sql;
end; $$;
--//
introduce 058-rbac-generators.sql with generateRelatedRbacObject+generateRbacRoleDescriptors 2022-09-16 15:25:58 +02:00			`--liquibase formatted sql`


			`-- ============================================================================`
			`--changeset rbac-generators-RELATED-OBJECT:1 endDelimiter:--//`
			`-- ----------------------------------------------------------------------------`

			`create or replace procedure generateRelatedRbacObject(targetTable varchar)`
			`language plpgsql as $$`
			`declare`
			`createInsertTriggerSQL text;`
			`createDeleteTriggerSQL text;`
			`begin`
			`createInsertTriggerSQL = format($sql$`
			`create trigger createRbacObjectFor_%s_Trigger`
			`before insert`
			`on %s`
			`for each row`
			`execute procedure insertRelatedRbacObject();`
			`$sql$, targetTable, targetTable);`
			`execute createInsertTriggerSQL;`

			`createDeleteTriggerSQL = format($sql$`
			`create trigger deleteRbacRulesFor_%s_Trigger`
			`before delete`
			`on %s`
			`for each row`
			`execute procedure deleteRelatedRbacObject();`
			`$sql$, targetTable, targetTable);`
			`execute createDeleteTriggerSQL;`
			`end; $$;`
			`--//`


			`-- ============================================================================`
			`--changeset rbac-generators-ROLE-DESCRIPTORS:1 endDelimiter:--//`
			`-- ----------------------------------------------------------------------------`

			`create or replace procedure generateRbacRoleDescriptors(prefix text, targetTable text)`
			`language plpgsql as $$`
			`declare`
			`sql text;`
			`begin`
			`sql = format($sql$`
			`create or replace function %1$sOwner(entity %2$s)`
			`returns RbacRoleDescriptor`
			`language plpgsql`
			`strict as $f$`
			`begin`
			`return roleDescriptor('%2$s', entity.uuid, 'owner');`
			`end; $f$;`

			`create or replace function %1$sAdmin(entity %2$s)`
			`returns RbacRoleDescriptor`
			`language plpgsql`
			`strict as $f$`
			`begin`
			`return roleDescriptor('%2$s', entity.uuid, 'admin');`
			`end; $f$;`

			`create or replace function %1$sTenant(entity %2$s)`
			`returns RbacRoleDescriptor`
			`language plpgsql`
			`strict as $f$`
			`begin`
			`return roleDescriptor('%2$s', entity.uuid, 'tenant');`
			`end; $f$;`

			`$sql$, prefix, targetTable);`
			`execute sql;`
			`end; $$;`
			`--//`
introduces generateRbacIdentityView to generate identity views 2022-09-16 16:14:39 +02:00

			`-- ============================================================================`
			`--changeset rbac-generators-IDENTITY-VIEW:1 endDelimiter:--//`
			`-- ----------------------------------------------------------------------------`

			`create or replace procedure generateRbacIdentityView(targetTable text, idNameExpression text)`
			`language plpgsql as $$`
			`declare`
			`sql text;`
			`begin`
			`-- create a view to the target main table which maps an idName to the objectUuid`
			`sql = format($sql$`
			`create or replace view %1$s_iv as`
			`select target.uuid, cleanIdentifier(%2$s) as idName`
			`from %1$s as target;`
			`grant all privileges on %1$s_iv to restricted;`
			`$sql$, targetTable, idNameExpression);`
			`execute sql;`

			`-- creates a function which maps an idName to the objectUuid`
			`sql = format($sql$`
			`create or replace function %1$sUuidByIdName(givenIdName varchar)`
			`returns uuid`
			`language sql`
			`strict as $f$`
			`select uuid from %1$s_iv iv where iv.idName = givenIdName;`
			`$f$;`
			`$sql$, targetTable);`
			`execute sql;`

			`-- creates a function which maps an objectUuid to the related idName`
			`sql = format($sql$`
			`create or replace function %1$sIdNameByUuid(givenUuid uuid)`
			`returns varchar`
			`language sql`
			`strict as $f$`
			`select idName from %1$s_iv iv where iv.uuid = givenUuid;`
			`$f$;`
			`$sql$, targetTable);`
			`execute sql;`
			`end; $$;`
			`--//`