2022-07-28 17:17:22 +02:00
|
|
|
--liquibase formatted sql
|
2022-07-25 16:38:21 +02:00
|
|
|
|
2022-07-29 11:38:51 +02:00
|
|
|
-- ============================================================================
|
2022-07-28 17:17:22 +02:00
|
|
|
-- PERMISSIONS
|
2022-10-12 15:48:56 +02:00
|
|
|
--changeset rbac-role-builder-to-uuids:1 endDelimiter:--//
|
2022-07-29 11:38:51 +02:00
|
|
|
-- ----------------------------------------------------------------------------
|
2022-07-25 16:38:21 +02:00
|
|
|
|
2022-10-12 15:48:56 +02:00
|
|
|
create or replace function toPermissionUuids(forObjectUuid uuid, permitOps RbacOp[])
|
|
|
|
|
returns uuid[]
|
2022-07-29 08:46:04 +02:00
|
|
|
language plpgsql
|
|
|
|
|
strict as $$
|
|
|
|
|
begin
|
2022-10-12 15:48:56 +02:00
|
|
|
return createPermissions(forObjectUuid, permitOps);
|
2022-07-29 08:46:04 +02:00
|
|
|
end; $$;
|
2022-07-25 16:38:21 +02:00
|
|
|
|
2022-07-29 08:46:04 +02:00
|
|
|
|
2022-07-28 17:17:22 +02:00
|
|
|
-- =================================================================
|
|
|
|
|
-- CREATE ROLE
|
|
|
|
|
--changeset rbac-role-builder-create-role:1 endDelimiter:--//
|
|
|
|
|
-- -----------------------------------------------------------------
|
2022-07-25 16:38:21 +02:00
|
|
|
|
2022-10-12 15:48:56 +02:00
|
|
|
create or replace function createRoleWithGrants(
|
2022-07-27 19:54:05 +02:00
|
|
|
roleDescriptor RbacRoleDescriptor,
|
2022-10-12 15:48:56 +02:00
|
|
|
permissions RbacOp[] = array[]::RbacOp[],
|
|
|
|
|
incomingSuperRoles RbacRoleDescriptor[] = array[]::RbacRoleDescriptor[],
|
|
|
|
|
outgoingSubRoles RbacRoleDescriptor[] = array[]::RbacRoleDescriptor[],
|
|
|
|
|
userUuids uuid[] = array[]::uuid[],
|
|
|
|
|
grantedByRole RbacRoleDescriptor = null
|
2022-07-25 16:38:21 +02:00
|
|
|
)
|
2022-07-29 08:46:04 +02:00
|
|
|
returns uuid
|
|
|
|
|
called on null input
|
|
|
|
|
language plpgsql as $$
|
|
|
|
|
declare
|
|
|
|
|
roleUuid uuid;
|
2024-03-11 12:30:43 +01:00
|
|
|
subRoleDesc RbacRoleDescriptor;
|
|
|
|
|
superRoleDesc RbacRoleDescriptor;
|
2022-07-29 08:46:04 +02:00
|
|
|
subRoleUuid uuid;
|
2024-03-11 12:30:43 +01:00
|
|
|
superRoleUuid uuid;
|
2022-07-29 08:46:04 +02:00
|
|
|
userUuid uuid;
|
2022-10-12 15:48:56 +02:00
|
|
|
grantedByRoleUuid uuid;
|
2022-07-29 08:46:04 +02:00
|
|
|
begin
|
2022-10-12 15:48:56 +02:00
|
|
|
roleUuid := createRole(roleDescriptor);
|
2022-07-25 16:38:21 +02:00
|
|
|
|
2024-03-11 12:30:43 +01:00
|
|
|
if cardinality(permissions) > 0 then
|
2022-10-12 15:48:56 +02:00
|
|
|
call grantPermissionsToRole(roleUuid, toPermissionUuids(roleDescriptor.objectuuid, permissions));
|
2022-07-29 08:46:04 +02:00
|
|
|
end if;
|
|
|
|
|
|
2024-03-11 12:30:43 +01:00
|
|
|
foreach superRoleDesc in array array_remove(incomingSuperRoles, null)
|
2022-10-12 15:48:56 +02:00
|
|
|
loop
|
2024-03-11 12:30:43 +01:00
|
|
|
superRoleUuid := getRoleId(superRoleDesc);
|
|
|
|
|
call grantRoleToRole(roleUuid, superRoleUuid, superRoleDesc.assumed);
|
2022-10-12 15:48:56 +02:00
|
|
|
end loop;
|
2022-07-29 08:46:04 +02:00
|
|
|
|
2024-03-11 12:30:43 +01:00
|
|
|
foreach subRoleDesc in array array_remove(outgoingSubRoles, null)
|
2022-10-12 15:48:56 +02:00
|
|
|
loop
|
2024-03-11 12:30:43 +01:00
|
|
|
subRoleUuid := getRoleId(subRoleDesc);
|
|
|
|
|
call grantRoleToRole(subRoleUuid, roleUuid, subRoleDesc.assumed);
|
2022-10-12 15:48:56 +02:00
|
|
|
end loop;
|
|
|
|
|
|
|
|
|
|
if cardinality(userUuids) > 0 then
|
|
|
|
|
if grantedByRole is null then
|
2024-03-11 12:30:43 +01:00
|
|
|
grantedByRoleUuid := roleUuid;
|
|
|
|
|
else
|
|
|
|
|
grantedByRoleUuid := getRoleId(grantedByRole);
|
2022-10-12 15:48:56 +02:00
|
|
|
end if;
|
|
|
|
|
foreach userUuid in array userUuids
|
2022-07-29 08:46:04 +02:00
|
|
|
loop
|
2022-10-12 15:48:56 +02:00
|
|
|
call grantRoleToUserUnchecked(grantedByRoleUuid, roleUuid, userUuid);
|
2022-07-29 08:46:04 +02:00
|
|
|
end loop;
|
|
|
|
|
end if;
|
|
|
|
|
|
|
|
|
|
return roleUuid;
|
|
|
|
|
end; $$;
|
2022-07-28 17:17:22 +02:00
|
|
|
--//
|
2022-08-16 10:46:41 +02:00
|
|
|
|
