2022-10-17 08:14:09 +02:00
|
|
|
--liquibase formatted sql
|
2024-03-12 17:36:29 +01:00
|
|
|
-- This code generated was by RbacViewPostgresGenerator at 2024-03-12T17:26:50.179864268.
|
|
|
|
|
2022-10-17 08:14:09 +02:00
|
|
|
|
|
|
|
-- ============================================================================
|
|
|
|
--changeset hs-office-membership-rbac-OBJECT:1 endDelimiter:--//
|
|
|
|
-- ----------------------------------------------------------------------------
|
|
|
|
call generateRelatedRbacObject('hs_office_membership');
|
|
|
|
--//
|
|
|
|
|
|
|
|
|
|
|
|
-- ============================================================================
|
|
|
|
--changeset hs-office-membership-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--//
|
|
|
|
-- ----------------------------------------------------------------------------
|
|
|
|
call generateRbacRoleDescriptors('hsOfficeMembership', 'hs_office_membership');
|
|
|
|
--//
|
|
|
|
|
|
|
|
|
|
|
|
-- ============================================================================
|
2024-03-12 17:36:29 +01:00
|
|
|
--changeset hs-office-membership-rbac-insert-trigger:1 endDelimiter:--//
|
2022-10-17 08:14:09 +02:00
|
|
|
-- ----------------------------------------------------------------------------
|
|
|
|
|
|
|
|
/*
|
2024-03-12 17:36:29 +01:00
|
|
|
Creates the roles, grants and permission for the AFTER INSERT TRIGGER.
|
2022-10-17 08:14:09 +02:00
|
|
|
*/
|
|
|
|
|
2024-03-12 17:36:29 +01:00
|
|
|
create or replace procedure buildRbacSystemForHsOfficeMembership(
|
|
|
|
NEW hs_office_membership
|
|
|
|
)
|
|
|
|
language plpgsql as $$
|
|
|
|
|
2022-10-17 08:14:09 +02:00
|
|
|
declare
|
2024-03-12 17:36:29 +01:00
|
|
|
newPartnerRel hs_office_relationship;
|
|
|
|
|
2022-10-17 08:14:09 +02:00
|
|
|
begin
|
2024-02-12 15:38:31 +01:00
|
|
|
call enterTriggerForObjectUuid(NEW.uuid);
|
2022-10-17 08:14:09 +02:00
|
|
|
|
2024-03-12 17:36:29 +01:00
|
|
|
SELECT r.*
|
|
|
|
FROM hs_office_partner AS p
|
|
|
|
JOIN hs_office_relationship AS r ON r.uuid = p.partnerRoleUuid
|
|
|
|
WHERE p.uuid = NEW.partnerUuid
|
|
|
|
INTO newPartnerRel;
|
|
|
|
assert newPartnerRel.uuid is not null, format('newPartnerRel must not be null for NEW.partnerUuid = %s', NEW.partnerUuid);
|
|
|
|
|
|
|
|
|
|
|
|
perform createRoleWithGrants(
|
|
|
|
hsOfficeMembershipOwner(NEW),
|
|
|
|
permissions => array['DELETE'],
|
|
|
|
userUuids => array[currentUserUuid()],
|
|
|
|
incomingSuperRoles => array[hsOfficeRelationshipAdmin(newPartnerRel)]
|
|
|
|
);
|
|
|
|
|
|
|
|
perform createRoleWithGrants(
|
|
|
|
hsOfficeMembershipAdmin(NEW),
|
|
|
|
permissions => array['UPDATE'],
|
|
|
|
incomingSuperRoles => array[hsOfficeMembershipOwner(NEW)]
|
|
|
|
);
|
|
|
|
|
|
|
|
perform createRoleWithGrants(
|
|
|
|
hsOfficeMembershipReferrer(NEW),
|
|
|
|
permissions => array['SELECT'],
|
|
|
|
incomingSuperRoles => array[hsOfficeMembershipAdmin(NEW)],
|
|
|
|
outgoingSubRoles => array[hsOfficeRelationshipTenant(newPartnerRel)]
|
|
|
|
);
|
2022-10-17 08:14:09 +02:00
|
|
|
|
2024-02-12 15:38:31 +01:00
|
|
|
call leaveTriggerForObjectUuid(NEW.uuid);
|
2022-10-17 08:14:09 +02:00
|
|
|
end; $$;
|
|
|
|
|
|
|
|
/*
|
2024-03-12 17:36:29 +01:00
|
|
|
AFTER INSERT TRIGGER to create the role+grant structure for a new hs_office_membership row.
|
2022-10-17 08:14:09 +02:00
|
|
|
*/
|
|
|
|
|
2024-03-12 17:36:29 +01:00
|
|
|
create or replace function insertTriggerForHsOfficeMembership_tf()
|
|
|
|
returns trigger
|
|
|
|
language plpgsql
|
|
|
|
strict as $$
|
|
|
|
begin
|
|
|
|
call buildRbacSystemForHsOfficeMembership(NEW);
|
|
|
|
return NEW;
|
|
|
|
end; $$;
|
2022-10-17 08:14:09 +02:00
|
|
|
|
2024-03-12 17:36:29 +01:00
|
|
|
create trigger insertTriggerForHsOfficeMembership_tg
|
|
|
|
after insert on hs_office_membership
|
|
|
|
for each row
|
|
|
|
execute procedure insertTriggerForHsOfficeMembership_tf();
|
2022-10-17 08:14:09 +02:00
|
|
|
--//
|
|
|
|
|
|
|
|
|
|
|
|
-- ============================================================================
|
2024-03-12 17:36:29 +01:00
|
|
|
--changeset hs-office-membership-rbac-INSERT:1 endDelimiter:--//
|
2022-10-17 08:14:09 +02:00
|
|
|
-- ----------------------------------------------------------------------------
|
|
|
|
|
|
|
|
/*
|
2024-03-12 17:36:29 +01:00
|
|
|
Creates INSERT INTO hs_office_membership permissions for the related global rows.
|
2022-10-17 08:14:09 +02:00
|
|
|
*/
|
|
|
|
do language plpgsql $$
|
|
|
|
declare
|
2024-03-12 17:36:29 +01:00
|
|
|
row global;
|
|
|
|
permissionUuid uuid;
|
|
|
|
roleUuid uuid;
|
2022-10-17 08:14:09 +02:00
|
|
|
begin
|
2024-03-12 17:36:29 +01:00
|
|
|
call defineContext('create INSERT INTO hs_office_membership permissions for the related global rows');
|
|
|
|
|
|
|
|
FOR row IN SELECT * FROM global
|
|
|
|
LOOP
|
|
|
|
roleUuid := findRoleId(globalAdmin());
|
|
|
|
permissionUuid := createPermission(row.uuid, 'INSERT', 'hs_office_membership');
|
|
|
|
call grantPermissionToRole(permissionUuid, roleUuid);
|
|
|
|
END LOOP;
|
|
|
|
END;
|
2022-10-17 08:14:09 +02:00
|
|
|
$$;
|
|
|
|
|
|
|
|
/**
|
2024-03-12 17:36:29 +01:00
|
|
|
Adds hs_office_membership INSERT permission to specified role of new global rows.
|
|
|
|
*/
|
|
|
|
create or replace function hs_office_membership_global_insert_tf()
|
2022-10-17 08:14:09 +02:00
|
|
|
returns trigger
|
2024-03-12 17:36:29 +01:00
|
|
|
language plpgsql
|
|
|
|
strict as $$
|
2022-10-17 08:14:09 +02:00
|
|
|
begin
|
2024-03-12 17:36:29 +01:00
|
|
|
call grantPermissionToRole(
|
|
|
|
globalAdmin(),
|
|
|
|
createPermission(NEW.uuid, 'INSERT', 'hs_office_membership'));
|
|
|
|
return NEW;
|
2022-10-17 08:14:09 +02:00
|
|
|
end; $$;
|
|
|
|
|
2024-03-15 18:41:02 +01:00
|
|
|
create trigger z_hs_office_membership_global_insert_tg
|
2024-03-12 17:36:29 +01:00
|
|
|
after insert on global
|
|
|
|
for each row
|
|
|
|
execute procedure hs_office_membership_global_insert_tf();
|
|
|
|
|
2022-10-17 08:14:09 +02:00
|
|
|
/**
|
2024-03-12 17:36:29 +01:00
|
|
|
Checks if the user or assumed roles are allowed to insert a row to hs_office_membership.
|
|
|
|
*/
|
|
|
|
create or replace function hs_office_membership_insert_permission_missing_tf()
|
|
|
|
returns trigger
|
|
|
|
language plpgsql as $$
|
|
|
|
begin
|
|
|
|
raise exception '[403] insert into hs_office_membership not allowed for current subjects % (%)',
|
|
|
|
currentSubjects(), currentSubjectsUuids();
|
|
|
|
end; $$;
|
|
|
|
|
|
|
|
create trigger hs_office_membership_insert_permission_check_tg
|
|
|
|
before insert on hs_office_membership
|
2022-10-17 08:14:09 +02:00
|
|
|
for each row
|
2024-03-12 17:36:29 +01:00
|
|
|
when ( not isGlobalAdmin() )
|
|
|
|
execute procedure hs_office_membership_insert_permission_missing_tf();
|
|
|
|
--//
|
|
|
|
|
|
|
|
-- ============================================================================
|
|
|
|
--changeset hs-office-membership-rbac-IDENTITY-VIEW:1 endDelimiter:--//
|
|
|
|
-- ----------------------------------------------------------------------------
|
|
|
|
|
|
|
|
call generateRbacIdentityViewFromQuery('hs_office_membership', $idName$
|
|
|
|
SELECT m.uuid AS uuid,
|
|
|
|
'M-' || p.partnerNumber || m.memberNumberSuffix as idName
|
|
|
|
FROM hs_office_membership AS m
|
|
|
|
JOIN hs_office_partner AS p ON p.uuid = m.partnerUuid
|
|
|
|
|
|
|
|
$idName$);
|
|
|
|
--//
|
|
|
|
|
|
|
|
-- ============================================================================
|
|
|
|
--changeset hs-office-membership-rbac-RESTRICTED-VIEW:1 endDelimiter:--//
|
|
|
|
-- ----------------------------------------------------------------------------
|
|
|
|
call generateRbacRestrictedView('hs_office_membership',
|
|
|
|
$orderBy$
|
|
|
|
validity
|
|
|
|
$orderBy$,
|
|
|
|
$updates$
|
|
|
|
validity = new.validity,
|
|
|
|
membershipFeeBillable = new.membershipFeeBillable,
|
|
|
|
reasonForTermination = new.reasonForTermination
|
|
|
|
$updates$);
|
2022-10-17 08:14:09 +02:00
|
|
|
--//
|
|
|
|
|