hostsharing/hs.hsadmin.ng
6
0
Fork 0
Code Pull Requests 3 Activity
hs.hsadmin.ng/src/main/resources/db/changelog/303-hs-office-membership-rbac.sql

177 lines
5.8 KiB
MySQL
Raw Normal View History

add hs-office-membership RBAC rules (yet without mainDebitor update)
2022-10-17 08:14:09 +02:00
--liquibase formatted sql
test-data-generation working up to membership, fails in coop-shares
2024-03-12 17:36:29 +01:00
-- This code generated was by RbacViewPostgresGenerator at 2024-03-12T17:26:50.179864268.
add hs-office-membership RBAC rules (yet without mainDebitor update)
2022-10-17 08:14:09 +02:00
-- ============================================================================
--changeset hs-office-membership-rbac-OBJECT:1 endDelimiter:--//
-- ----------------------------------------------------------------------------
call generateRelatedRbacObject('hs_office_membership');
--//
-- ============================================================================
--changeset hs-office-membership-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--//
-- ----------------------------------------------------------------------------
call generateRbacRoleDescriptors('hsOfficeMembership', 'hs_office_membership');
--//
-- ============================================================================
test-data-generation working up to membership, fails in coop-shares
2024-03-12 17:36:29 +01:00
--changeset hs-office-membership-rbac-insert-trigger:1 endDelimiter:--//
add hs-office-membership RBAC rules (yet without mainDebitor update)
2022-10-17 08:14:09 +02:00
-- ----------------------------------------------------------------------------
/*
test-data-generation working up to membership, fails in coop-shares
2024-03-12 17:36:29 +01:00
Creates the roles, grants and permission for the AFTER INSERT TRIGGER.
add hs-office-membership RBAC rules (yet without mainDebitor update)
2022-10-17 08:14:09 +02:00
*/
test-data-generation working up to membership, fails in coop-shares
2024-03-12 17:36:29 +01:00
create or replace procedure buildRbacSystemForHsOfficeMembership(
NEW hs_office_membership
)
language plpgsql as $$
add hs-office-membership RBAC rules (yet without mainDebitor update)
2022-10-17 08:14:09 +02:00
declare
test-data-generation working up to membership, fails in coop-shares
2024-03-12 17:36:29 +01:00
newPartnerRel hs_office_relationship;
add hs-office-membership RBAC rules (yet without mainDebitor update)
2022-10-17 08:14:09 +02:00
begin
add rbacgrants.grantedByTriggerOf (WIP: references and delete trigger/cascade still missing)
2024-02-12 15:38:31 +01:00
call enterTriggerForObjectUuid(NEW.uuid);
add hs-office-membership RBAC rules (yet without mainDebitor update)
2022-10-17 08:14:09 +02:00
test-data-generation working up to membership, fails in coop-shares
2024-03-12 17:36:29 +01:00
SELECT r.*
FROM hs_office_partner AS p
JOIN hs_office_relationship AS r ON r.uuid = p.partnerRoleUuid
WHERE p.uuid = NEW.partnerUuid
INTO newPartnerRel;
assert newPartnerRel.uuid is not null, format('newPartnerRel must not be null for NEW.partnerUuid = %s', NEW.partnerUuid);
perform createRoleWithGrants(
hsOfficeMembershipOwner(NEW),
permissions => array['DELETE'],
userUuids => array[currentUserUuid()],
incomingSuperRoles => array[hsOfficeRelationshipAdmin(newPartnerRel)]
);
perform createRoleWithGrants(
hsOfficeMembershipAdmin(NEW),
permissions => array['UPDATE'],
incomingSuperRoles => array[hsOfficeMembershipOwner(NEW)]
);
perform createRoleWithGrants(
hsOfficeMembershipReferrer(NEW),
permissions => array['SELECT'],
incomingSuperRoles => array[hsOfficeMembershipAdmin(NEW)],
outgoingSubRoles => array[hsOfficeRelationshipTenant(newPartnerRel)]
);
add hs-office-membership RBAC rules (yet without mainDebitor update)
2022-10-17 08:14:09 +02:00
add rbacgrants.grantedByTriggerOf (WIP: references and delete trigger/cascade still missing)
2024-02-12 15:38:31 +01:00
call leaveTriggerForObjectUuid(NEW.uuid);
add hs-office-membership RBAC rules (yet without mainDebitor update)
2022-10-17 08:14:09 +02:00
end; $$;
/*
test-data-generation working up to membership, fails in coop-shares
2024-03-12 17:36:29 +01:00
AFTER INSERT TRIGGER to create the role+grant structure for a new hs_office_membership row.
add hs-office-membership RBAC rules (yet without mainDebitor update)
2022-10-17 08:14:09 +02:00
*/
test-data-generation working up to membership, fails in coop-shares
2024-03-12 17:36:29 +01:00
create or replace function insertTriggerForHsOfficeMembership_tf()
returns trigger
language plpgsql
strict as $$
begin
call buildRbacSystemForHsOfficeMembership(NEW);
return NEW;
end; $$;
add hs-office-membership RBAC rules (yet without mainDebitor update)
2022-10-17 08:14:09 +02:00
test-data-generation working up to membership, fails in coop-shares
2024-03-12 17:36:29 +01:00
create trigger insertTriggerForHsOfficeMembership_tg
after insert on hs_office_membership
for each row
execute procedure insertTriggerForHsOfficeMembership_tf();
add hs-office-membership RBAC rules (yet without mainDebitor update)
2022-10-17 08:14:09 +02:00
--//
-- ============================================================================
test-data-generation working up to membership, fails in coop-shares
2024-03-12 17:36:29 +01:00
--changeset hs-office-membership-rbac-INSERT:1 endDelimiter:--//
add hs-office-membership RBAC rules (yet without mainDebitor update)
2022-10-17 08:14:09 +02:00
-- ----------------------------------------------------------------------------
/*
test-data-generation working up to membership, fails in coop-shares
2024-03-12 17:36:29 +01:00
Creates INSERT INTO hs_office_membership permissions for the related global rows.
add hs-office-membership RBAC rules (yet without mainDebitor update)
2022-10-17 08:14:09 +02:00
*/
do language plpgsql $$
declare
test-data-generation working up to membership, fails in coop-shares
2024-03-12 17:36:29 +01:00
row global;
permissionUuid uuid;
roleUuid uuid;
add hs-office-membership RBAC rules (yet without mainDebitor update)
2022-10-17 08:14:09 +02:00
begin
test-data-generation working up to membership, fails in coop-shares
2024-03-12 17:36:29 +01:00
call defineContext('create INSERT INTO hs_office_membership permissions for the related global rows');
FOR row IN SELECT * FROM global
LOOP
roleUuid := findRoleId(globalAdmin());
permissionUuid := createPermission(row.uuid, 'INSERT', 'hs_office_membership');
call grantPermissionToRole(permissionUuid, roleUuid);
END LOOP;
END;
add hs-office-membership RBAC rules (yet without mainDebitor update)
2022-10-17 08:14:09 +02:00
$$;
/**
test-data-generation working up to membership, fails in coop-shares
2024-03-12 17:36:29 +01:00
Adds hs_office_membership INSERT permission to specified role of new global rows.
*/
create or replace function hs_office_membership_global_insert_tf()
add hs-office-membership RBAC rules (yet without mainDebitor update)
2022-10-17 08:14:09 +02:00
returns trigger
test-data-generation working up to membership, fails in coop-shares
2024-03-12 17:36:29 +01:00
language plpgsql
strict as $$
add hs-office-membership RBAC rules (yet without mainDebitor update)
2022-10-17 08:14:09 +02:00
begin
test-data-generation working up to membership, fails in coop-shares
2024-03-12 17:36:29 +01:00
call grantPermissionToRole(
globalAdmin(),
createPermission(NEW.uuid, 'INSERT', 'hs_office_membership'));
return NEW;
add hs-office-membership RBAC rules (yet without mainDebitor update)
2022-10-17 08:14:09 +02:00
end; $$;
fix HsOfficeRelationshipEntity tests
2024-03-15 18:41:02 +01:00
create trigger z_hs_office_membership_global_insert_tg
test-data-generation working up to membership, fails in coop-shares
2024-03-12 17:36:29 +01:00
after insert on global
for each row
execute procedure hs_office_membership_global_insert_tf();
add hs-office-membership RBAC rules (yet without mainDebitor update)
2022-10-17 08:14:09 +02:00
/**
test-data-generation working up to membership, fails in coop-shares
2024-03-12 17:36:29 +01:00
Checks if the user or assumed roles are allowed to insert a row to hs_office_membership.
*/
create or replace function hs_office_membership_insert_permission_missing_tf()
returns trigger
language plpgsql as $$
begin
raise exception '[403] insert into hs_office_membership not allowed for current subjects % (%)',
currentSubjects(), currentSubjectsUuids();
end; $$;
create trigger hs_office_membership_insert_permission_check_tg
before insert on hs_office_membership
add hs-office-membership RBAC rules (yet without mainDebitor update)
2022-10-17 08:14:09 +02:00
for each row
test-data-generation working up to membership, fails in coop-shares
2024-03-12 17:36:29 +01:00
when ( not isGlobalAdmin() )
execute procedure hs_office_membership_insert_permission_missing_tf();
--//
-- ============================================================================
--changeset hs-office-membership-rbac-IDENTITY-VIEW:1 endDelimiter:--//
-- ----------------------------------------------------------------------------
call generateRbacIdentityViewFromQuery('hs_office_membership', $idName$
SELECT m.uuid AS uuid,
'M-' || p.partnerNumber || m.memberNumberSuffix as idName
FROM hs_office_membership AS m
JOIN hs_office_partner AS p ON p.uuid = m.partnerUuid
$idName$);
--//
-- ============================================================================
--changeset hs-office-membership-rbac-RESTRICTED-VIEW:1 endDelimiter:--//
-- ----------------------------------------------------------------------------
call generateRbacRestrictedView('hs_office_membership',
$orderBy$
validity
$orderBy$,
$updates$
validity = new.validity,
membershipFeeBillable = new.membershipFeeBillable,
reasonForTermination = new.reasonForTermination
$updates$);
add hs-office-membership RBAC rules (yet without mainDebitor update)
2022-10-17 08:14:09 +02:00
--//
Copy Permalink