2022-07-28 17:17:22 +02:00
|
|
|
--liquibase formatted sql
|
2022-07-25 16:38:21 +02:00
|
|
|
|
2022-07-29 11:38:51 +02:00
|
|
|
-- ============================================================================
|
2022-07-28 17:17:22 +02:00
|
|
|
-- PERMISSIONS
|
2022-10-12 15:48:56 +02:00
|
|
|
--changeset rbac-role-builder-to-uuids:1 endDelimiter:--//
|
2022-07-29 11:38:51 +02:00
|
|
|
-- ----------------------------------------------------------------------------
|
2022-07-25 16:38:21 +02:00
|
|
|
|
2022-10-12 15:48:56 +02:00
|
|
|
create or replace function toPermissionUuids(forObjectUuid uuid, permitOps RbacOp[])
|
|
|
|
returns uuid[]
|
2022-07-29 08:46:04 +02:00
|
|
|
language plpgsql
|
|
|
|
strict as $$
|
|
|
|
begin
|
2022-10-12 15:48:56 +02:00
|
|
|
return createPermissions(forObjectUuid, permitOps);
|
2022-07-29 08:46:04 +02:00
|
|
|
end; $$;
|
2022-07-25 16:38:21 +02:00
|
|
|
|
2022-10-12 15:48:56 +02:00
|
|
|
create or replace function toRoleUuids(roleDescriptors RbacRoleDescriptor[])
|
|
|
|
returns uuid[]
|
2022-07-29 08:46:04 +02:00
|
|
|
language plpgsql
|
|
|
|
strict as $$
|
|
|
|
declare
|
2022-07-27 19:54:05 +02:00
|
|
|
superRoleDescriptor RbacRoleDescriptor;
|
2022-07-29 08:46:04 +02:00
|
|
|
superRoleUuids uuid[] := array []::uuid[];
|
|
|
|
begin
|
|
|
|
foreach superRoleDescriptor in array roleDescriptors
|
|
|
|
loop
|
2022-09-26 10:57:22 +02:00
|
|
|
if superRoleDescriptor is not null then
|
|
|
|
superRoleUuids := superRoleUuids || getRoleId(superRoleDescriptor, 'fail');
|
|
|
|
end if;
|
2022-07-29 08:46:04 +02:00
|
|
|
end loop;
|
|
|
|
|
2022-10-12 15:48:56 +02:00
|
|
|
return superRoleUuids;
|
2022-07-29 08:46:04 +02:00
|
|
|
end; $$;
|
|
|
|
|
|
|
|
|
2022-07-28 17:17:22 +02:00
|
|
|
-- =================================================================
|
|
|
|
-- CREATE ROLE
|
|
|
|
--changeset rbac-role-builder-create-role:1 endDelimiter:--//
|
|
|
|
-- -----------------------------------------------------------------
|
2022-07-25 16:38:21 +02:00
|
|
|
|
2022-10-12 15:48:56 +02:00
|
|
|
create or replace function createRoleWithGrants(
|
2022-07-27 19:54:05 +02:00
|
|
|
roleDescriptor RbacRoleDescriptor,
|
2022-10-12 15:48:56 +02:00
|
|
|
permissions RbacOp[] = array[]::RbacOp[],
|
|
|
|
incomingSuperRoles RbacRoleDescriptor[] = array[]::RbacRoleDescriptor[],
|
|
|
|
outgoingSubRoles RbacRoleDescriptor[] = array[]::RbacRoleDescriptor[],
|
|
|
|
userUuids uuid[] = array[]::uuid[],
|
|
|
|
grantedByRole RbacRoleDescriptor = null
|
2022-07-25 16:38:21 +02:00
|
|
|
)
|
2022-07-29 08:46:04 +02:00
|
|
|
returns uuid
|
|
|
|
called on null input
|
|
|
|
language plpgsql as $$
|
|
|
|
declare
|
|
|
|
roleUuid uuid;
|
2022-07-25 16:38:21 +02:00
|
|
|
superRoleUuid uuid;
|
2022-07-29 08:46:04 +02:00
|
|
|
subRoleUuid uuid;
|
|
|
|
userUuid uuid;
|
2022-10-12 15:48:56 +02:00
|
|
|
grantedByRoleUuid uuid;
|
2022-07-29 08:46:04 +02:00
|
|
|
begin
|
2022-10-12 15:48:56 +02:00
|
|
|
roleUuid := createRole(roleDescriptor);
|
2022-07-25 16:38:21 +02:00
|
|
|
|
2022-10-12 15:48:56 +02:00
|
|
|
if cardinality(permissions) >0 then
|
|
|
|
call grantPermissionsToRole(roleUuid, toPermissionUuids(roleDescriptor.objectuuid, permissions));
|
2022-07-29 08:46:04 +02:00
|
|
|
end if;
|
|
|
|
|
2022-10-12 15:48:56 +02:00
|
|
|
foreach superRoleUuid in array toRoleUuids(incomingSuperRoles)
|
|
|
|
loop
|
|
|
|
call grantRoleToRole(roleUuid, superRoleUuid);
|
|
|
|
end loop;
|
2022-07-29 08:46:04 +02:00
|
|
|
|
2022-10-12 15:48:56 +02:00
|
|
|
foreach subRoleUuid in array toRoleUuids(outgoingSubRoles)
|
|
|
|
loop
|
|
|
|
call grantRoleToRole(subRoleUuid, roleUuid);
|
|
|
|
end loop;
|
|
|
|
|
|
|
|
if cardinality(userUuids) > 0 then
|
|
|
|
if grantedByRole is null then
|
|
|
|
raise exception 'to directly assign users to roles, grantingRole has to be given';
|
|
|
|
end if;
|
|
|
|
grantedByRoleUuid := getRoleId(grantedByRole, 'fail');
|
|
|
|
foreach userUuid in array userUuids
|
2022-07-29 08:46:04 +02:00
|
|
|
loop
|
2022-10-12 15:48:56 +02:00
|
|
|
call grantRoleToUserUnchecked(grantedByRoleUuid, roleUuid, userUuid);
|
2022-07-29 08:46:04 +02:00
|
|
|
end loop;
|
|
|
|
end if;
|
|
|
|
|
|
|
|
return roleUuid;
|
|
|
|
end; $$;
|
2022-07-28 17:17:22 +02:00
|
|
|
--//
|
2022-08-16 10:46:41 +02:00
|
|
|
|