hs.hsadmin.ng/sql/21-hs-customer.sql


-- ========================================================
-- Customer example with RBAC
-- --------------------------------------------------------

SET SESSION SESSION AUTHORIZATION DEFAULT ;

CREATE TABLE IF NOT EXISTS customer (
    uuid uuid UNIQUE REFERENCES RbacObject(uuid),
    reference int not null unique CHECK (reference BETWEEN 10000 AND 99999),
    prefix character(3) unique,
    adminUserName varchar(63)
);

DROP TRIGGER IF EXISTS createRbacObjectForCustomer_Trigger ON customer;
CREATE TRIGGER createRbacObjectForCustomer_Trigger
    BEFORE INSERT ON customer
    FOR EACH ROW EXECUTE PROCEDURE createRbacObject();

CREATE OR REPLACE FUNCTION customerOwner(customer customer)
    RETURNS RbacRoleDescriptor
    LANGUAGE plpgsql STRICT AS $$
begin
    return roleDescriptor('customer', customer.uuid, 'owner');
end; $$;

CREATE OR REPLACE FUNCTION customerAdmin(customer customer)
    RETURNS RbacRoleDescriptor
    LANGUAGE plpgsql STRICT AS $$
begin
    return roleDescriptor('customer', customer.uuid, 'admin');
end; $$;

CREATE OR REPLACE FUNCTION customerTenant(customer customer)
    RETURNS RbacRoleDescriptor
    LANGUAGE plpgsql STRICT AS $$
begin
    return roleDescriptor('customer', customer.uuid, 'tenant');
end; $$;


CREATE OR REPLACE FUNCTION createRbacRulesForCustomer()
    RETURNS trigger
    LANGUAGE plpgsql STRICT AS $$
DECLARE
    customerOwnerUuid uuid;
    customerAdminUuid uuid;
BEGIN
    IF TG_OP <> 'INSERT' THEN
        RAISE EXCEPTION 'invalid usage of TRIGGER AFTER INSERT';
    END IF;

    -- the owner role with full access for Hostsharing administrators
    customerOwnerUuid = createRole(
            customerOwner(NEW),
            grantingPermissions(forObjectUuid => NEW.uuid, permitOps => ARRAY['*']),
            beneathRole(hostsharingAdmin())
        );

    -- the admin role for the customer's admins, who can view and add products
    customerAdminUuid = createRole(
            customerAdmin(NEW),
            grantingPermissions(forObjectUuid => NEW.uuid, permitOps => ARRAY['view', 'add-package']),
            -- NO auto follow for customer owner to avoid exploding permissions for administrators
            withUser(NEW.adminUserName, 'create') -- implicitly ignored if null
        );

    -- allow the customer owner role (thus administrators) to assume the customer admin role
    call grantRoleToRole(customerAdminUuid, customerOwnerUuid, FALSE);

    -- the tenant role which later can be used by owners+admins of sub-objects
    perform createRole(
            customerTenant(NEW),
            grantingPermissions(forObjectUuid => NEW.uuid, permitOps => ARRAY['view'])
        );

    RETURN NEW;
END; $$;

DROP TRIGGER IF EXISTS createRbacRulesForCustomer_Trigger ON customer;
CREATE TRIGGER createRbacRulesForCustomer_Trigger
    AFTER INSERT ON customer
    FOR EACH ROW EXECUTE PROCEDURE createRbacRulesForCustomer();

CREATE OR REPLACE FUNCTION deleteRbacRulesForCustomer()
    RETURNS trigger
    LANGUAGE plpgsql STRICT AS $$
DECLARE
    objectTable varchar = 'customer';
BEGIN
    IF TG_OP = 'DELETE' THEN

        -- delete the owner role (for admininstrators)
        call deleteRole(findRoleId(objectTable||'#'||NEW.prefix||'.owner'));

        -- delete the customer admin role
        call deleteRole(findRoleId(objectTable||'#'||NEW.prefix||'.admin'));
    ELSE
        RAISE EXCEPTION 'invalid usage of TRIGGER BEFORE DELETE';
    END IF;
END; $$;

DROP TRIGGER IF EXISTS deleteRbacRulesForCustomer_Trigger ON customer;
CREATE TRIGGER deleteRbacRulesForCustomer_Trigger
    BEFORE DELETE ON customer
    FOR EACH ROW EXECUTE PROCEDURE deleteRbacRulesForCustomer();

-- create a restricted view to access the textual customer ids a idName
SET SESSION SESSION AUTHORIZATION DEFAULT;
-- ALTER TABLE customer ENABLE ROW LEVEL SECURITY;
DROP VIEW IF EXISTS customer_iv;
CREATE OR REPLACE VIEW customer_iv AS
SELECT DISTINCT target.uuid, target.prefix as idName
  FROM customer AS target;
-- TODO: Is it ok that everybody has access to this information?
GRANT ALL PRIVILEGES ON customer_iv TO restricted;

CREATE OR REPLACE FUNCTION customerUuidByIdName(idName varchar)
    RETURNS uuid
    LANGUAGE sql STRICT AS $$
        SELECT uuid FROM customer_iv iv WHERE iv.idName=customerUuidByIdName.idName;
    $$;

-- create RBAC restricted view
SET SESSION SESSION AUTHORIZATION DEFAULT;
-- ALTER TABLE customer ENABLE ROW LEVEL SECURITY;
DROP VIEW IF EXISTS customer_rv;
CREATE OR REPLACE VIEW customer_rv AS
    SELECT DISTINCT target.*
      FROM customer AS target
     WHERE target.uuid IN (SELECT queryAccessibleObjectUuidsOfSubjectIds( 'view', 'customer', currentSubjectIds()));
GRANT ALL PRIVILEGES ON customer_rv TO restricted;


-- generate Customer test data

SET SESSION SESSION AUTHORIZATION DEFAULT;
DO LANGUAGE plpgsql $$
    DECLARE
        currentTask varchar;
        custReference integer;
        custRowId uuid;
        custPrefix varchar;
        custAdminName varchar;
    BEGIN
        SET hsadminng.currentUser TO '';

        FOR t IN 0..9 LOOP
                currentTask = 'creating RBAC test customer #' || t;
                SET LOCAL hsadminng.currentUser TO 'mike@hostsharing.net';
                SET LOCAL hsadminng.assumedRoles = '';
                SET LOCAL hsadminng.currentTask TO currentTask;

                -- When a new customer is created,
                custReference = 10000 + t;
                custRowId = uuid_generate_v4();
                custPrefix = intToVarChar(t, 3 );
                custAdminName = 'admin@' || custPrefix || '.example.com';

                raise notice 'creating customer %:%', custReference, custPrefix;
                insert into customer (reference, prefix, adminUserName)
                VALUES (custReference, custPrefix, custAdminName);

                COMMIT;

            END LOOP;

    END;
$$;
removing JHipster 2022-07-22 13:31:37 +02:00
			`-- ========================================================`
			`-- Customer example with RBAC`
			`-- --------------------------------------------------------`

			`SET SESSION SESSION AUTHORIZATION DEFAULT ;`

			`CREATE TABLE IF NOT EXISTS customer (`
			`uuid uuid UNIQUE REFERENCES RbacObject(uuid),`
			`reference int not null unique CHECK (reference BETWEEN 10000 AND 99999),`
			`prefix character(3) unique,`
			`adminUserName varchar(63)`
			`);`

			`DROP TRIGGER IF EXISTS createRbacObjectForCustomer_Trigger ON customer;`
			`CREATE TRIGGER createRbacObjectForCustomer_Trigger`
			`BEFORE INSERT ON customer`
			`FOR EACH ROW EXECUTE PROCEDURE createRbacObject();`

introduce referential integrity for role identification - part 1 2022-07-27 19:54:05 +02:00			`CREATE OR REPLACE FUNCTION customerOwner(customer customer)`
			`RETURNS RbacRoleDescriptor`
improved role structure including comprised tenant sub roles 2022-07-25 16:38:21 +02:00			`LANGUAGE plpgsql STRICT AS $$`
			`begin`
introduce referential integrity for role identification - part 1 2022-07-27 19:54:05 +02:00			`return roleDescriptor('customer', customer.uuid, 'owner');`
improved role structure including comprised tenant sub roles 2022-07-25 16:38:21 +02:00			`end; $$;`

introduce referential integrity for role identification - part 1 2022-07-27 19:54:05 +02:00			`CREATE OR REPLACE FUNCTION customerAdmin(customer customer)`
			`RETURNS RbacRoleDescriptor`
improved role structure including comprised tenant sub roles 2022-07-25 16:38:21 +02:00			`LANGUAGE plpgsql STRICT AS $$`
			`begin`
introduce referential integrity for role identification - part 1 2022-07-27 19:54:05 +02:00			`return roleDescriptor('customer', customer.uuid, 'admin');`
improved role structure including comprised tenant sub roles 2022-07-25 16:38:21 +02:00			`end; $$;`

introduce referential integrity for role identification - part 1 2022-07-27 19:54:05 +02:00			`CREATE OR REPLACE FUNCTION customerTenant(customer customer)`
			`RETURNS RbacRoleDescriptor`
improved role structure including comprised tenant sub roles 2022-07-25 16:38:21 +02:00			`LANGUAGE plpgsql STRICT AS $$`
			`begin`
introduce referential integrity for role identification - part 1 2022-07-27 19:54:05 +02:00			`return roleDescriptor('customer', customer.uuid, 'tenant');`
improved role structure including comprised tenant sub roles 2022-07-25 16:38:21 +02:00			`end; $$;`


removing JHipster 2022-07-22 13:31:37 +02:00			`CREATE OR REPLACE FUNCTION createRbacRulesForCustomer()`
			`RETURNS trigger`
			`LANGUAGE plpgsql STRICT AS $$`
			`DECLARE`
improved role structure including comprised tenant sub roles 2022-07-25 16:38:21 +02:00			`customerOwnerUuid uuid;`
			`customerAdminUuid uuid;`
removing JHipster 2022-07-22 13:31:37 +02:00			`BEGIN`
			`IF TG_OP <> 'INSERT' THEN`
			`RAISE EXCEPTION 'invalid usage of TRIGGER AFTER INSERT';`
			`END IF;`

improved role structure including comprised tenant sub roles 2022-07-25 16:38:21 +02:00			`-- the owner role with full access for Hostsharing administrators`
			`customerOwnerUuid = createRole(`
introduce referential integrity for role identification - part 1 2022-07-27 19:54:05 +02:00			`customerOwner(NEW),`
improved role structure including comprised tenant sub roles 2022-07-25 16:38:21 +02:00			`grantingPermissions(forObjectUuid => NEW.uuid, permitOps => ARRAY['*']),`
introduce referential integrity for role identification - part 1 2022-07-27 19:54:05 +02:00			`beneathRole(hostsharingAdmin())`
improved role structure including comprised tenant sub roles 2022-07-25 16:38:21 +02:00			`);`

			`-- the admin role for the customer's admins, who can view and add products`
			`customerAdminUuid = createRole(`
introduce referential integrity for role identification - part 1 2022-07-27 19:54:05 +02:00			`customerAdmin(NEW),`
improved role structure including comprised tenant sub roles 2022-07-25 16:38:21 +02:00			`grantingPermissions(forObjectUuid => NEW.uuid, permitOps => ARRAY['view', 'add-package']),`
			`-- NO auto follow for customer owner to avoid exploding permissions for administrators`
			`withUser(NEW.adminUserName, 'create') -- implicitly ignored if null`
			`);`

			`-- allow the customer owner role (thus administrators) to assume the customer admin role`
			`call grantRoleToRole(customerAdminUuid, customerOwnerUuid, FALSE);`

			`-- the tenant role which later can be used by owners+admins of sub-objects`
			`perform createRole(`
introduce referential integrity for role identification - part 1 2022-07-27 19:54:05 +02:00			`customerTenant(NEW),`
improved role structure including comprised tenant sub roles 2022-07-25 16:38:21 +02:00			`grantingPermissions(forObjectUuid => NEW.uuid, permitOps => ARRAY['view'])`
			`);`
removing JHipster 2022-07-22 13:31:37 +02:00
			`RETURN NEW;`
			`END; $$;`

			`DROP TRIGGER IF EXISTS createRbacRulesForCustomer_Trigger ON customer;`
			`CREATE TRIGGER createRbacRulesForCustomer_Trigger`
			`AFTER INSERT ON customer`
			`FOR EACH ROW EXECUTE PROCEDURE createRbacRulesForCustomer();`

			`CREATE OR REPLACE FUNCTION deleteRbacRulesForCustomer()`
			`RETURNS trigger`
			`LANGUAGE plpgsql STRICT AS $$`
			`DECLARE`
			`objectTable varchar = 'customer';`
			`BEGIN`
			`IF TG_OP = 'DELETE' THEN`

			`-- delete the owner role (for admininstrators)`
			`call deleteRole(findRoleId(objectTable\|\|'#'\|\|NEW.prefix\|\|'.owner'));`

			`-- delete the customer admin role`
			`call deleteRole(findRoleId(objectTable\|\|'#'\|\|NEW.prefix\|\|'.admin'));`
			`ELSE`
			`RAISE EXCEPTION 'invalid usage of TRIGGER BEFORE DELETE';`
			`END IF;`
			`END; $$;`

			`DROP TRIGGER IF EXISTS deleteRbacRulesForCustomer_Trigger ON customer;`
			`CREATE TRIGGER deleteRbacRulesForCustomer_Trigger`
			`BEFORE DELETE ON customer`
			`FOR EACH ROW EXECUTE PROCEDURE deleteRbacRulesForCustomer();`

introduce referential integrity for role identification - part 2 assume 2022-07-28 10:43:23 +02:00			`-- create a restricted view to access the textual customer ids a idName`
			`SET SESSION SESSION AUTHORIZATION DEFAULT;`
			`-- ALTER TABLE customer ENABLE ROW LEVEL SECURITY;`
			`DROP VIEW IF EXISTS customer_iv;`
			`CREATE OR REPLACE VIEW customer_iv AS`
			`SELECT DISTINCT target.uuid, target.prefix as idName`
			`FROM customer AS target;`
			`-- TODO: Is it ok that everybody has access to this information?`
			`GRANT ALL PRIVILEGES ON customer_iv TO restricted;`

			`CREATE OR REPLACE FUNCTION customerUuidByIdName(idName varchar)`
			`RETURNS uuid`
			`LANGUAGE sql STRICT AS $$`
			`SELECT uuid FROM customer_iv iv WHERE iv.idName=customerUuidByIdName.idName;`
			`$$;`
removing JHipster 2022-07-22 13:31:37 +02:00
			`-- create RBAC restricted view`
			`SET SESSION SESSION AUTHORIZATION DEFAULT;`
introduce referential integrity for role identification - part 2 assume 2022-07-28 10:43:23 +02:00			`-- ALTER TABLE customer ENABLE ROW LEVEL SECURITY;`
removing JHipster 2022-07-22 13:31:37 +02:00			`DROP VIEW IF EXISTS customer_rv;`
			`CREATE OR REPLACE VIEW customer_rv AS`
			`SELECT DISTINCT target.*`
			`FROM customer AS target`
the _rv query with WHERE IN was faster after all, removing the JOIN variant 2022-07-27 13:05:19 +02:00			`WHERE target.uuid IN (SELECT queryAccessibleObjectUuidsOfSubjectIds( 'view', 'customer', currentSubjectIds()));`
removing JHipster 2022-07-22 13:31:37 +02:00			`GRANT ALL PRIVILEGES ON customer_rv TO restricted;`


			`-- generate Customer test data`

_rv query performance experiments 2022-07-27 12:32:54 +02:00			`SET SESSION SESSION AUTHORIZATION DEFAULT;`
removing JHipster 2022-07-22 13:31:37 +02:00			`DO LANGUAGE plpgsql $$`
			`DECLARE`
			`currentTask varchar;`
			`custReference integer;`
			`custRowId uuid;`
			`custPrefix varchar;`
			`custAdminName varchar;`
			`BEGIN`
			`SET hsadminng.currentUser TO '';`

introduce referential integrity for role identification - part 1 2022-07-27 19:54:05 +02:00			`FOR t IN 0..9 LOOP`
removing JHipster 2022-07-22 13:31:37 +02:00			`currentTask = 'creating RBAC test customer #' \|\| t;`
			`SET LOCAL hsadminng.currentUser TO 'mike@hostsharing.net';`
			`SET LOCAL hsadminng.assumedRoles = '';`
			`SET LOCAL hsadminng.currentTask TO currentTask;`

			`-- When a new customer is created,`
			`custReference = 10000 + t;`
			`custRowId = uuid_generate_v4();`
			`custPrefix = intToVarChar(t, 3 );`
			`custAdminName = 'admin@' \|\| custPrefix \|\| '.example.com';`

			`raise notice 'creating customer %:%', custReference, custPrefix;`
			`insert into customer (reference, prefix, adminUserName)`
			`VALUES (custReference, custPrefix, custAdminName);`

			`COMMIT;`

			`END LOOP;`

			`END;`
			`$$;`