hs.hsadmin.ng/src/main/resources/db/changelog/243-hs-office-bankaccount-rbac.sql

--liquibase formatted sql
-- This code generated was by RbacViewPostgresGenerator, do not amend manually.


-- ============================================================================
--changeset hs-office-bankaccount-rbac-OBJECT:1 endDelimiter:--//
-- ----------------------------------------------------------------------------
call generateRelatedRbacObject('hs_office_bankaccount');
--//


-- ============================================================================
--changeset hs-office-bankaccount-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--//
-- ----------------------------------------------------------------------------
call generateRbacRoleDescriptors('hsOfficeBankAccount', 'hs_office_bankaccount');
--//


-- ============================================================================
--changeset hs-office-bankaccount-rbac-insert-trigger:1 endDelimiter:--//
-- ----------------------------------------------------------------------------

/*
    Creates the roles, grants and permission for the AFTER INSERT TRIGGER.
 */

create or replace procedure buildRbacSystemForHsOfficeBankAccount(
    NEW hs_office_bankaccount
)
    language plpgsql as $$

declare

begin
    call enterTriggerForObjectUuid(NEW.uuid);

    perform createRoleWithGrants(
        hsOfficeBankAccountOwner(NEW),
            permissions => array['DELETE'],
            incomingSuperRoles => array[globalAdmin()],
            userUuids => array[currentUserUuid()]
    );

    perform createRoleWithGrants(
        hsOfficeBankAccountAdmin(NEW),
            permissions => array['UPDATE'],
            incomingSuperRoles => array[hsOfficeBankAccountOwner(NEW)]
    );

    perform createRoleWithGrants(
        hsOfficeBankAccountReferrer(NEW),
            permissions => array['SELECT'],
            incomingSuperRoles => array[hsOfficeBankAccountAdmin(NEW)]
    );

    call leaveTriggerForObjectUuid(NEW.uuid);
end; $$;

/*
    AFTER INSERT TRIGGER to create the role+grant structure for a new hs_office_bankaccount row.
 */

create or replace function insertTriggerForHsOfficeBankAccount_tf()
    returns trigger
    language plpgsql
    strict as $$
begin
    call buildRbacSystemForHsOfficeBankAccount(NEW);
    return NEW;
end; $$;

create trigger insertTriggerForHsOfficeBankAccount_tg
    after insert on hs_office_bankaccount
    for each row
execute procedure insertTriggerForHsOfficeBankAccount_tf();
--//


-- ============================================================================
--changeset hs-office-bankaccount-rbac-INSERT:1 endDelimiter:--//
-- ----------------------------------------------------------------------------

/*
    Creates INSERT INTO hs_office_bankaccount permissions for the related global rows.
 */
do language plpgsql $$
    declare
        row global;
    begin
        call defineContext('create INSERT INTO hs_office_bankaccount permissions for the related global rows');

        FOR row IN SELECT * FROM global
            LOOP
                call grantPermissionToRole(
                    createPermission(row.uuid, 'INSERT', 'hs_office_bankaccount'),
                    globalGuest());
            END LOOP;
    END;
$$;

/**
    Adds hs_office_bankaccount INSERT permission to specified role of new global rows.
*/
create or replace function hs_office_bankaccount_global_insert_tf()
    returns trigger
    language plpgsql
    strict as $$
begin
    call grantPermissionToRole(
            createPermission(NEW.uuid, 'INSERT', 'hs_office_bankaccount'),
            globalGuest());
    return NEW;
end; $$;

-- z_... is to put it at the end of after insert triggers, to make sure the roles exist
create trigger z_hs_office_bankaccount_global_insert_tg
    after insert on global
    for each row
execute procedure hs_office_bankaccount_global_insert_tf();
--//

-- ============================================================================
--changeset hs-office-bankaccount-rbac-IDENTITY-VIEW:1 endDelimiter:--//
-- ----------------------------------------------------------------------------

call generateRbacIdentityViewFromProjection('hs_office_bankaccount',
    $idName$
        iban
    $idName$);
--//

-- ============================================================================
--changeset hs-office-bankaccount-rbac-RESTRICTED-VIEW:1 endDelimiter:--//
-- ----------------------------------------------------------------------------
call generateRbacRestrictedView('hs_office_bankaccount',
    $orderBy$
        iban
    $orderBy$,
    $updates$
        holder = new.holder,
        iban = new.iban,
        bic = new.bic
    $updates$);
--//
add HsOfficeBankAccount* 2022-10-04 19:09:37 +02:00			`--liquibase formatted sql`
move Parter+Debitor person+contact to related Relationsship (#20) Co-authored-by: Michael Hoennig <michael@hoennig.de> Reviewed-on: https://dev.hostsharing.net/hostsharing/hs.hsadmin.ng/pulls/20 Reviewed-by: Timotheus Pokorra <timotheus.pokorra@hostsharing.net> 2024-03-28 12:15:13 +01:00			`-- This code generated was by RbacViewPostgresGenerator, do not amend manually.`

add HsOfficeBankAccount* 2022-10-04 19:09:37 +02:00
			`-- ============================================================================`
			`--changeset hs-office-bankaccount-rbac-OBJECT:1 endDelimiter:--//`
			`-- ----------------------------------------------------------------------------`
			`call generateRelatedRbacObject('hs_office_bankaccount');`
			`--//`


			`-- ============================================================================`
			`--changeset hs-office-bankaccount-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--//`
			`-- ----------------------------------------------------------------------------`
			`call generateRbacRoleDescriptors('hsOfficeBankAccount', 'hs_office_bankaccount');`
			`--//`


			`-- ============================================================================`
move Parter+Debitor person+contact to related Relationsship (#20) Co-authored-by: Michael Hoennig <michael@hoennig.de> Reviewed-on: https://dev.hostsharing.net/hostsharing/hs.hsadmin.ng/pulls/20 Reviewed-by: Timotheus Pokorra <timotheus.pokorra@hostsharing.net> 2024-03-28 12:15:13 +01:00			`--changeset hs-office-bankaccount-rbac-insert-trigger:1 endDelimiter:--//`
add HsOfficeBankAccount* 2022-10-04 19:09:37 +02:00			`-- ----------------------------------------------------------------------------`

			`/*`
move Parter+Debitor person+contact to related Relationsship (#20) Co-authored-by: Michael Hoennig <michael@hoennig.de> Reviewed-on: https://dev.hostsharing.net/hostsharing/hs.hsadmin.ng/pulls/20 Reviewed-by: Timotheus Pokorra <timotheus.pokorra@hostsharing.net> 2024-03-28 12:15:13 +01:00			`Creates the roles, grants and permission for the AFTER INSERT TRIGGER.`
add HsOfficeBankAccount* 2022-10-04 19:09:37 +02:00			`*/`

move Parter+Debitor person+contact to related Relationsship (#20) Co-authored-by: Michael Hoennig <michael@hoennig.de> Reviewed-on: https://dev.hostsharing.net/hostsharing/hs.hsadmin.ng/pulls/20 Reviewed-by: Timotheus Pokorra <timotheus.pokorra@hostsharing.net> 2024-03-28 12:15:13 +01:00			`create or replace procedure buildRbacSystemForHsOfficeBankAccount(`
			`NEW hs_office_bankaccount`
			`)`
			`language plpgsql as $$`

			`declare`

add HsOfficeBankAccount* 2022-10-04 19:09:37 +02:00			`begin`
move Parter+Debitor person+contact to related Relationsship (#20) Co-authored-by: Michael Hoennig <michael@hoennig.de> Reviewed-on: https://dev.hostsharing.net/hostsharing/hs.hsadmin.ng/pulls/20 Reviewed-by: Timotheus Pokorra <timotheus.pokorra@hostsharing.net> 2024-03-28 12:15:13 +01:00			`call enterTriggerForObjectUuid(NEW.uuid);`
add HsOfficeBankAccount* 2022-10-04 19:09:37 +02:00
introduces agent+guest role for role-system around debitor+partner 2022-10-12 15:48:56 +02:00			`perform createRoleWithGrants(`
move Parter+Debitor person+contact to related Relationsship (#20) Co-authored-by: Michael Hoennig <michael@hoennig.de> Reviewed-on: https://dev.hostsharing.net/hostsharing/hs.hsadmin.ng/pulls/20 Reviewed-by: Timotheus Pokorra <timotheus.pokorra@hostsharing.net> 2024-03-28 12:15:13 +01:00			`hsOfficeBankAccountOwner(NEW),`
RBAC Diagram+PostgreSQL Generator and view->SELECT etc. refactoring (#21) Co-authored-by: Michael Hoennig <michael@hoennig.de> Reviewed-on: https://dev.hostsharing.net/hostsharing/hs.hsadmin.ng/pulls/21 Reviewed-by: Timotheus Pokorra <timotheus.pokorra@hostsharing.net> 2024-03-11 12:30:43 +01:00			`permissions => array['DELETE'],`
introduces agent+guest role for role-system around debitor+partner 2022-10-12 15:48:56 +02:00			`incomingSuperRoles => array[globalAdmin()],`
move Parter+Debitor person+contact to related Relationsship (#20) Co-authored-by: Michael Hoennig <michael@hoennig.de> Reviewed-on: https://dev.hostsharing.net/hostsharing/hs.hsadmin.ng/pulls/20 Reviewed-by: Timotheus Pokorra <timotheus.pokorra@hostsharing.net> 2024-03-28 12:15:13 +01:00			`userUuids => array[currentUserUuid()]`
			`);`
add HsOfficeBankAccount* 2022-10-04 19:09:37 +02:00
introduces agent+guest role for role-system around debitor+partner 2022-10-12 15:48:56 +02:00			`perform createRoleWithGrants(`
move Parter+Debitor person+contact to related Relationsship (#20) Co-authored-by: Michael Hoennig <michael@hoennig.de> Reviewed-on: https://dev.hostsharing.net/hostsharing/hs.hsadmin.ng/pulls/20 Reviewed-by: Timotheus Pokorra <timotheus.pokorra@hostsharing.net> 2024-03-28 12:15:13 +01:00			`hsOfficeBankAccountAdmin(NEW),`
			`permissions => array['UPDATE'],`
introduces agent+guest role for role-system around debitor+partner 2022-10-12 15:48:56 +02:00			`incomingSuperRoles => array[hsOfficeBankAccountOwner(NEW)]`
move Parter+Debitor person+contact to related Relationsship (#20) Co-authored-by: Michael Hoennig <michael@hoennig.de> Reviewed-on: https://dev.hostsharing.net/hostsharing/hs.hsadmin.ng/pulls/20 Reviewed-by: Timotheus Pokorra <timotheus.pokorra@hostsharing.net> 2024-03-28 12:15:13 +01:00			`);`
add refundBankAccount to hs_office_debitor 2022-10-05 17:22:33 +02:00
introduces agent+guest role for role-system around debitor+partner 2022-10-12 15:48:56 +02:00			`perform createRoleWithGrants(`
move Parter+Debitor person+contact to related Relationsship (#20) Co-authored-by: Michael Hoennig <michael@hoennig.de> Reviewed-on: https://dev.hostsharing.net/hostsharing/hs.hsadmin.ng/pulls/20 Reviewed-by: Timotheus Pokorra <timotheus.pokorra@hostsharing.net> 2024-03-28 12:15:13 +01:00			`hsOfficeBankAccountReferrer(NEW),`
RBAC Diagram+PostgreSQL Generator and view->SELECT etc. refactoring (#21) Co-authored-by: Michael Hoennig <michael@hoennig.de> Reviewed-on: https://dev.hostsharing.net/hostsharing/hs.hsadmin.ng/pulls/21 Reviewed-by: Timotheus Pokorra <timotheus.pokorra@hostsharing.net> 2024-03-11 12:30:43 +01:00			`permissions => array['SELECT'],`
move Parter+Debitor person+contact to related Relationsship (#20) Co-authored-by: Michael Hoennig <michael@hoennig.de> Reviewed-on: https://dev.hostsharing.net/hostsharing/hs.hsadmin.ng/pulls/20 Reviewed-by: Timotheus Pokorra <timotheus.pokorra@hostsharing.net> 2024-03-28 12:15:13 +01:00			`incomingSuperRoles => array[hsOfficeBankAccountAdmin(NEW)]`
			`);`
add HsOfficeBankAccount* 2022-10-04 19:09:37 +02:00
move Parter+Debitor person+contact to related Relationsship (#20) Co-authored-by: Michael Hoennig <michael@hoennig.de> Reviewed-on: https://dev.hostsharing.net/hostsharing/hs.hsadmin.ng/pulls/20 Reviewed-by: Timotheus Pokorra <timotheus.pokorra@hostsharing.net> 2024-03-28 12:15:13 +01:00			`call leaveTriggerForObjectUuid(NEW.uuid);`
add HsOfficeBankAccount* 2022-10-04 19:09:37 +02:00			`end; $$;`

			`/*`
move Parter+Debitor person+contact to related Relationsship (#20) Co-authored-by: Michael Hoennig <michael@hoennig.de> Reviewed-on: https://dev.hostsharing.net/hostsharing/hs.hsadmin.ng/pulls/20 Reviewed-by: Timotheus Pokorra <timotheus.pokorra@hostsharing.net> 2024-03-28 12:15:13 +01:00			`AFTER INSERT TRIGGER to create the role+grant structure for a new hs_office_bankaccount row.`
add HsOfficeBankAccount* 2022-10-04 19:09:37 +02:00			`*/`

move Parter+Debitor person+contact to related Relationsship (#20) Co-authored-by: Michael Hoennig <michael@hoennig.de> Reviewed-on: https://dev.hostsharing.net/hostsharing/hs.hsadmin.ng/pulls/20 Reviewed-by: Timotheus Pokorra <timotheus.pokorra@hostsharing.net> 2024-03-28 12:15:13 +01:00			`create or replace function insertTriggerForHsOfficeBankAccount_tf()`
			`returns trigger`
			`language plpgsql`
			`strict as $$`
			`begin`
			`call buildRbacSystemForHsOfficeBankAccount(NEW);`
			`return NEW;`
			`end; $$;`

			`create trigger insertTriggerForHsOfficeBankAccount_tg`
			`after insert on hs_office_bankaccount`
add HsOfficeBankAccount* 2022-10-04 19:09:37 +02:00			`for each row`
move Parter+Debitor person+contact to related Relationsship (#20) Co-authored-by: Michael Hoennig <michael@hoennig.de> Reviewed-on: https://dev.hostsharing.net/hostsharing/hs.hsadmin.ng/pulls/20 Reviewed-by: Timotheus Pokorra <timotheus.pokorra@hostsharing.net> 2024-03-28 12:15:13 +01:00			`execute procedure insertTriggerForHsOfficeBankAccount_tf();`
add HsOfficeBankAccount* 2022-10-04 19:09:37 +02:00			`--//`


			`-- ============================================================================`
move Parter+Debitor person+contact to related Relationsship (#20) Co-authored-by: Michael Hoennig <michael@hoennig.de> Reviewed-on: https://dev.hostsharing.net/hostsharing/hs.hsadmin.ng/pulls/20 Reviewed-by: Timotheus Pokorra <timotheus.pokorra@hostsharing.net> 2024-03-28 12:15:13 +01:00			`--changeset hs-office-bankaccount-rbac-INSERT:1 endDelimiter:--//`
add HsOfficeBankAccount* 2022-10-04 19:09:37 +02:00			`-- ----------------------------------------------------------------------------`

			`/*`
move Parter+Debitor person+contact to related Relationsship (#20) Co-authored-by: Michael Hoennig <michael@hoennig.de> Reviewed-on: https://dev.hostsharing.net/hostsharing/hs.hsadmin.ng/pulls/20 Reviewed-by: Timotheus Pokorra <timotheus.pokorra@hostsharing.net> 2024-03-28 12:15:13 +01:00			`Creates INSERT INTO hs_office_bankaccount permissions for the related global rows.`
add HsOfficeBankAccount* 2022-10-04 19:09:37 +02:00			`*/`
			`do language plpgsql $$`
			`declare`
move Parter+Debitor person+contact to related Relationsship (#20) Co-authored-by: Michael Hoennig <michael@hoennig.de> Reviewed-on: https://dev.hostsharing.net/hostsharing/hs.hsadmin.ng/pulls/20 Reviewed-by: Timotheus Pokorra <timotheus.pokorra@hostsharing.net> 2024-03-28 12:15:13 +01:00			`row global;`
add HsOfficeBankAccount* 2022-10-04 19:09:37 +02:00			`begin`
move Parter+Debitor person+contact to related Relationsship (#20) Co-authored-by: Michael Hoennig <michael@hoennig.de> Reviewed-on: https://dev.hostsharing.net/hostsharing/hs.hsadmin.ng/pulls/20 Reviewed-by: Timotheus Pokorra <timotheus.pokorra@hostsharing.net> 2024-03-28 12:15:13 +01:00			`call defineContext('create INSERT INTO hs_office_bankaccount permissions for the related global rows');`

			`FOR row IN SELECT * FROM global`
			`LOOP`
			`call grantPermissionToRole(`
			`createPermission(row.uuid, 'INSERT', 'hs_office_bankaccount'),`
			`globalGuest());`
			`END LOOP;`
			`END;`
add HsOfficeBankAccount* 2022-10-04 19:09:37 +02:00			`$$;`

			`/**`
move Parter+Debitor person+contact to related Relationsship (#20) Co-authored-by: Michael Hoennig <michael@hoennig.de> Reviewed-on: https://dev.hostsharing.net/hostsharing/hs.hsadmin.ng/pulls/20 Reviewed-by: Timotheus Pokorra <timotheus.pokorra@hostsharing.net> 2024-03-28 12:15:13 +01:00			`Adds hs_office_bankaccount INSERT permission to specified role of new global rows.`
			`*/`
			`create or replace function hs_office_bankaccount_global_insert_tf()`
add HsOfficeBankAccount* 2022-10-04 19:09:37 +02:00			`returns trigger`
move Parter+Debitor person+contact to related Relationsship (#20) Co-authored-by: Michael Hoennig <michael@hoennig.de> Reviewed-on: https://dev.hostsharing.net/hostsharing/hs.hsadmin.ng/pulls/20 Reviewed-by: Timotheus Pokorra <timotheus.pokorra@hostsharing.net> 2024-03-28 12:15:13 +01:00			`language plpgsql`
			`strict as $$`
add HsOfficeBankAccount* 2022-10-04 19:09:37 +02:00			`begin`
move Parter+Debitor person+contact to related Relationsship (#20) Co-authored-by: Michael Hoennig <michael@hoennig.de> Reviewed-on: https://dev.hostsharing.net/hostsharing/hs.hsadmin.ng/pulls/20 Reviewed-by: Timotheus Pokorra <timotheus.pokorra@hostsharing.net> 2024-03-28 12:15:13 +01:00			`call grantPermissionToRole(`
			`createPermission(NEW.uuid, 'INSERT', 'hs_office_bankaccount'),`
			`globalGuest());`
			`return NEW;`
add HsOfficeBankAccount* 2022-10-04 19:09:37 +02:00			`end; $$;`

move Parter+Debitor person+contact to related Relationsship (#20) Co-authored-by: Michael Hoennig <michael@hoennig.de> Reviewed-on: https://dev.hostsharing.net/hostsharing/hs.hsadmin.ng/pulls/20 Reviewed-by: Timotheus Pokorra <timotheus.pokorra@hostsharing.net> 2024-03-28 12:15:13 +01:00			`-- z_... is to put it at the end of after insert triggers, to make sure the roles exist`
			`create trigger z_hs_office_bankaccount_global_insert_tg`
			`after insert on global`
add HsOfficeBankAccount* 2022-10-04 19:09:37 +02:00			`for each row`
move Parter+Debitor person+contact to related Relationsship (#20) Co-authored-by: Michael Hoennig <michael@hoennig.de> Reviewed-on: https://dev.hostsharing.net/hostsharing/hs.hsadmin.ng/pulls/20 Reviewed-by: Timotheus Pokorra <timotheus.pokorra@hostsharing.net> 2024-03-28 12:15:13 +01:00			`execute procedure hs_office_bankaccount_global_insert_tf();`
			`--//`

			`-- ============================================================================`
			`--changeset hs-office-bankaccount-rbac-IDENTITY-VIEW:1 endDelimiter:--//`
			`-- ----------------------------------------------------------------------------`

			`call generateRbacIdentityViewFromProjection('hs_office_bankaccount',`
			$idName$
			`iban`
			`$idName$);`
			`--//`

			`-- ============================================================================`
			`--changeset hs-office-bankaccount-rbac-RESTRICTED-VIEW:1 endDelimiter:--//`
			`-- ----------------------------------------------------------------------------`
			`call generateRbacRestrictedView('hs_office_bankaccount',`
			$orderBy$
			`iban`
			`$orderBy$,`
			$updates$
			`holder = new.holder,`
			`iban = new.iban,`
			`bic = new.bic`
			`$updates$);`
add HsOfficeBankAccount* 2022-10-04 19:09:37 +02:00			`--//`