add schema-usage to Java-RBAC-Generators and re-generate

2024-09-16 11:08:53 +02:00 · 2024-09-16 11:08:53 +02:00 · 01399be498
commit 01399be498
parent 64163a4d4c
17 changed files with 47 additions and 38 deletions
--- a/src/main/java/net/hostsharing/hsadminng/rbac/generator/InsertTriggerGenerator.java
+++ b/src/main/java/net/hostsharing/hsadminng/rbac/generator/InsertTriggerGenerator.java
@ -114,7 +114,7 @@ public class InsertTriggerGenerator {
                end; $$;
                -- z_... is to put it at the end of after insert triggers, to make sure the roles exist
-                create trigger z_new_${rawSubTable}_grants_after_insert_tg
+                create trigger z_new_${rawSubTableName}_grants_after_insert_tg
                    after insert on ${rawSuperTableWithSchema}
                    for each row
                execute procedure ${rawSuperTableSchemaName}new_${rawSubTableShortName}_grants_insert_to_${rawSuperTableShortName}_tf();
@ -132,6 +132,7 @@ public class InsertTriggerGenerator {
                    with("rawSuperTable", g.getSuperRoleDef().getEntityAlias().getRawTableName()),
                    with("rawSuperTableSchemaName", g.getSuperRoleDef().getEntityAlias().getRawTableSchemaPrefix()),
                    with("rawSubTable", g.getPermDef().getEntityAlias().getRawTableNameWithSchema()),
                    with("rawSubTableName", g.getPermDef().getEntityAlias().getRawTableName()),
                    with("rawSubTableShortName", g.getPermDef().getEntityAlias().getRawTableShortName()));
        });
@ -154,15 +155,16 @@ public class InsertTriggerGenerator {
                returns trigger
                language plpgsql as $$
            begin
-                raise exception '[403] insert into ${rawSubTable} values(%) not allowed regardless of current subject, no insert permissions granted at all', NEW;
+                raise exception '[403] insert into ${rawSubTableWithSchema} values(%) not allowed regardless of current subject, no insert permissions granted at all', NEW;
            end; $$;
            create trigger ${rawSubTable}_insert_permission_check_tg
                before insert on ${rawSubTable}
                for each row
-                    execute procedure ${rawSubTable}_insert_permission_missing_tf();
+                    execute procedure ${rawSubTableWithSchema}_insert_permission_missing_tf();
            """,
-            with("rawSubTable", rbacDef.getRootEntityAlias().getRawTableNameWithSchema()));
+            with("rawSubTableWithSchema", rbacDef.getRootEntityAlias().getRawTableNameWithSchema()),
            with("rawSubTable", rbacDef.getRootEntityAlias().getRawTableName()));
        plPgSql.writeLn("--//");
    }
@ -258,17 +260,18 @@ public class InsertTriggerGenerator {
    private void generateInsertPermissionsChecksFooter(final StringWriter plPgSql) {
        plPgSql.writeLn();
        plPgSql.writeLn("""
-                raise exception '[403] insert into ${rawSubTable} values(%) not allowed for current subjects % (%)',
+                raise exception '[403] insert into ${rawSubTableWithSchema} values(%) not allowed for current subjects % (%)',
                        NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
            end; $$;
            create trigger ${rawSubTable}_insert_permission_check_tg
-                before insert on ${rawSubTable}
+                before insert on ${rawSubTableWithSchema}
                for each row
-                    execute procedure ${rawSubTable}_insert_permission_check_tf();
+                    execute procedure ${rawSubTableWithSchema}_insert_permission_check_tf();
            --//
            """,
-                with("rawSubTable", rbacDef.getRootEntityAlias().getRawTableNameWithSchema()));
+                with("rawSubTableWithSchema", rbacDef.getRootEntityAlias().getRawTableNameWithSchema()),
                with("rawSubTable", rbacDef.getRootEntityAlias().getRawTableName()));
    }
    private String toStringList(final Set<RbacView.CaseDef> cases) {
--- a/src/main/java/net/hostsharing/hsadminng/rbac/generator/RbacRoleDescriptorsGenerator.java
+++ b/src/main/java/net/hostsharing/hsadminng/rbac/generator/RbacRoleDescriptorsGenerator.java
@ -17,7 +17,7 @@ public class RbacRoleDescriptorsGenerator {
    void generateTo(final StringWriter plPgSql) {
        plPgSql.writeLn("""
                -- ============================================================================
-                --changeset RbacRoleDescirptorsGenerator:${liquibaseTagPrefix}-rbac-ROLE-DESCRIPTORS endDelimiter:--//
+                --changeset RbacRoleDescriptorsGenerator:${liquibaseTagPrefix}-rbac-ROLE-DESCRIPTORS endDelimiter:--//
                -- ----------------------------------------------------------------------------
                call rbac.generateRbacRoleDescriptors('${simpleEntityVarName}', '${rawTableName}');
                --//
--- a/src/main/java/net/hostsharing/hsadminng/rbac/generator/RbacView.java
+++ b/src/main/java/net/hostsharing/hsadminng/rbac/generator/RbacView.java
@ -90,11 +90,11 @@ public class RbacView {
     * @param <E>
     *     a JPA entity class extending RbacObject
     */
-    public static <E extends BaseEntity> RbacView rbacViewFor(final String alias, final Class<E> entityClass) {
+    public static <E extends BaseEntity<?>> RbacView rbacViewFor(final String alias, final Class<E> entityClass) {
        return new RbacView(alias, entityClass);
    }
-    RbacView(final String alias, final Class<? extends BaseEntity> entityClass) {
+    RbacView(final String alias, final Class<? extends BaseEntity<?>> entityClass) {
        rootEntityAlias = new EntityAlias(alias, entityClass);
        entityAliases.put(alias, rootEntityAlias);
        new RbacSubjectReference(CREATOR);
@ -121,7 +121,7 @@ public class RbacView {
     * <p>An identity view is a view which maps an objectUuid to an idName.
     * The idName should be a human-readable representation of the row, but as short as possible.
     * The idName must only consist of letters (A-Z, a-z), digits (0-9), dash (-), dot (.) and unserscore '_'.
-     * It's used to create the object-specific-role-names like test_customer#abc:ADMIN - here 'abc' is the idName.
+     * It's used to create the object-specific-role-names like test.customer#abc:ADMIN - here 'abc' is the idName.
     * The idName not necessarily unique in a table, but it should be avoided.
     * </p>
     *
@ -287,9 +287,9 @@ public class RbacView {
     * @param <EC>
     *     a JPA entity class extending RbacObject
     */
-    public <EC extends BaseEntity> RbacView importRootEntityAliasProxy(
+    public <EC extends BaseEntity<?>> RbacView importRootEntityAliasProxy(
            final String aliasName,
-            final Class<? extends BaseEntity> entityClass,
+            final Class<? extends BaseEntity<?>> entityClass,
            final ColumnValue forCase,
            final SQL fetchSql,
            final Column dependsOnColum) {
@ -313,7 +313,7 @@ public class RbacView {
     *     a JPA entity class extending RbacObject
     */
    public RbacView importSubEntityAlias(
-            final String aliasName, final Class<? extends BaseEntity> entityClass,
+            final String aliasName, final Class<? extends BaseEntity<?>> entityClass,
            final SQL fetchSql, final Column dependsOnColum) {
        importEntityAliasImpl(aliasName, entityClass, usingDefaultCase(), fetchSql, dependsOnColum, true, NOT_NULL);
        return this;
@ -350,14 +350,14 @@ public class RbacView {
     *     a JPA entity class extending RbacObject
     */
    public RbacView importEntityAlias(
-            final String aliasName, final Class<? extends BaseEntity> entityClass, final ColumnValue usingCase,
+            final String aliasName, final Class<? extends BaseEntity<?>> entityClass, final ColumnValue usingCase,
            final Column dependsOnColum, final SQL fetchSql, final Nullable nullable) {
        importEntityAliasImpl(aliasName, entityClass, usingCase, fetchSql, dependsOnColum, false, nullable);
        return this;
    }
    private EntityAlias importEntityAliasImpl(
-            final String aliasName, final Class<? extends BaseEntity> entityClass, final ColumnValue usingCase,
+            final String aliasName, final Class<? extends BaseEntity<?>> entityClass, final ColumnValue usingCase,
            final SQL fetchSql, final Column dependsOnColum, boolean asSubEntity, final Nullable nullable) {
        final var entityAlias = ofNullable(entityAliases.get(aliasName))
@ -911,13 +911,13 @@ public class RbacView {
        return distinctGrantDef;
    }
-    record EntityAlias(String aliasName, Class<? extends BaseEntity> entityClass, ColumnValue usingCase, SQL fetchSql, Column dependsOnColum, boolean isSubEntity, Nullable nullable) {
+    record EntityAlias(String aliasName, Class<? extends BaseEntity<?>> entityClass, ColumnValue usingCase, SQL fetchSql, Column dependsOnColum, boolean isSubEntity, Nullable nullable) {
        public EntityAlias(final String aliasName) {
            this(aliasName, null, null, null, null, false, null);
        }
-        public EntityAlias(final String aliasName, final Class<? extends BaseEntity> entityClass) {
+        public EntityAlias(final String aliasName, final Class<? extends BaseEntity<?>> entityClass) {
            this(aliasName, entityClass, null, null, null, false, null);
        }
@ -964,7 +964,7 @@ public class RbacView {
            if ( aliasName.equals("rbac.global")) {
                return "rbac.global"; // TODO: maybe we should introduce a GlobalEntity class?
            }
-            return withoutRvSuffix(entityClass.getAnnotation(Table.class).name());
+            return qualifiedRealTableName(entityClass);
        }
        String getRawTableSchemaPrefix() {
@ -1010,8 +1010,12 @@ public class RbacView {
        }
    }
-    public static String withoutRvSuffix(final String tableName) {
+    public static String qualifiedRealTableName(final Class<? extends BaseEntity<?>> entityClass) {
-        return tableName.substring(0, tableName.length() - "_rv".length());
+        final var tableAnnotation = entityClass.getAnnotation(Table.class);
        final var schema = tableAnnotation.schema();
        final var tableName = tableAnnotation.name();
        final var realTableName = tableName.substring(0, tableName.length() - "_rv".length());
        return (schema.isEmpty() ? "" : (schema + ".")) + realTableName;
    }
    public enum Role {
--- a/src/main/java/net/hostsharing/hsadminng/rbac/generator/StringWriter.java
+++ b/src/main/java/net/hostsharing/hsadminng/rbac/generator/StringWriter.java
@ -19,9 +19,11 @@ public class StringWriter {
        writeLn();
    }
-    void writeLn(final String text, final VarDef... varDefs) {
+    String writeLn(final String text, final VarDef... varDefs) {
-        string.append( indented( new VarReplacer(varDefs).apply(text) ));
+        final var insertText = indented(new VarReplacer(varDefs).apply(text));
        string.append(insertText);
        writeLn();
        return insertText;
    }
    void writeLn() {
--- a/src/main/resources/db/changelog/2-test/201-test-customer/2013-test-customer-rbac.sql
+++ b/src/main/resources/db/changelog/2-test/201-test-customer/2013-test-customer-rbac.sql
@ -10,7 +10,7 @@ call rbac.generateRelatedRbacObject('test_customer');
 -- ============================================================================
--changeset RbacRoleDescirptorsGenerator:test-customer-rbac-ROLE-DESCRIPTORS endDelimiter:--//
+--changeset RbacRoleDescriptorsGenerator:test-customer-rbac-ROLE-DESCRIPTORS endDelimiter:--//
 -- ----------------------------------------------------------------------------
 call rbac.generateRbacRoleDescriptors('testCustomer', 'test_customer');
 --//
--- a/src/main/resources/db/changelog/2-test/202-test-package/2023-test-package-rbac.sql
+++ b/src/main/resources/db/changelog/2-test/202-test-package/2023-test-package-rbac.sql
@ -10,7 +10,7 @@ call rbac.generateRelatedRbacObject('test_package');
 -- ============================================================================
--changeset RbacRoleDescirptorsGenerator:test-package-rbac-ROLE-DESCRIPTORS endDelimiter:--//
+--changeset RbacRoleDescriptorsGenerator:test-package-rbac-ROLE-DESCRIPTORS endDelimiter:--//
 -- ----------------------------------------------------------------------------
 call rbac.generateRbacRoleDescriptors('testPackage', 'test_package');
 --//
--- a/src/main/resources/db/changelog/2-test/203-test-domain/2033-test-domain-rbac.sql
+++ b/src/main/resources/db/changelog/2-test/203-test-domain/2033-test-domain-rbac.sql
@ -10,7 +10,7 @@ call rbac.generateRelatedRbacObject('test_domain');
 -- ============================================================================
--changeset RbacRoleDescirptorsGenerator:test-domain-rbac-ROLE-DESCRIPTORS endDelimiter:--//
+--changeset RbacRoleDescriptorsGenerator:test-domain-rbac-ROLE-DESCRIPTORS endDelimiter:--//
 -- ----------------------------------------------------------------------------
 call rbac.generateRbacRoleDescriptors('testDomain', 'test_domain');
 --//
--- a/src/main/resources/db/changelog/5-hs-office/502-person/5023-hs-office-person-rbac.sql
+++ b/src/main/resources/db/changelog/5-hs-office/502-person/5023-hs-office-person-rbac.sql
@ -10,7 +10,7 @@ call rbac.generateRelatedRbacObject('hs_office_person');
 -- ============================================================================
--changeset RbacRoleDescirptorsGenerator:hs-office-person-rbac-ROLE-DESCRIPTORS endDelimiter:--//
+--changeset RbacRoleDescriptorsGenerator:hs-office-person-rbac-ROLE-DESCRIPTORS endDelimiter:--//
 -- ----------------------------------------------------------------------------
 call rbac.generateRbacRoleDescriptors('hsOfficePerson', 'hs_office_person');
 --//
--- a/src/main/resources/db/changelog/5-hs-office/504-partner/5043-hs-office-partner-rbac.sql
+++ b/src/main/resources/db/changelog/5-hs-office/504-partner/5043-hs-office-partner-rbac.sql
@ -10,7 +10,7 @@ call rbac.generateRelatedRbacObject('hs_office_partner');
 -- ============================================================================
--changeset RbacRoleDescirptorsGenerator:hs-office-partner-rbac-ROLE-DESCRIPTORS endDelimiter:--//
+--changeset RbacRoleDescriptorsGenerator:hs-office-partner-rbac-ROLE-DESCRIPTORS endDelimiter:--//
 -- ----------------------------------------------------------------------------
 call rbac.generateRbacRoleDescriptors('hsOfficePartner', 'hs_office_partner');
 --//
--- a/src/main/resources/db/changelog/5-hs-office/504-partner/5044-hs-office-partner-details-rbac.sql
+++ b/src/main/resources/db/changelog/5-hs-office/504-partner/5044-hs-office-partner-details-rbac.sql
@ -10,7 +10,7 @@ call rbac.generateRelatedRbacObject('hs_office_partner_details');
 -- ============================================================================
--changeset RbacRoleDescirptorsGenerator:hs-office-partner-details-rbac-ROLE-DESCRIPTORS endDelimiter:--//
+--changeset RbacRoleDescriptorsGenerator:hs-office-partner-details-rbac-ROLE-DESCRIPTORS endDelimiter:--//
 -- ----------------------------------------------------------------------------
 call rbac.generateRbacRoleDescriptors('hsOfficePartnerDetails', 'hs_office_partner_details');
 --//
--- a/src/main/resources/db/changelog/5-hs-office/505-bankaccount/5053-hs-office-bankaccount-rbac.sql
+++ b/src/main/resources/db/changelog/5-hs-office/505-bankaccount/5053-hs-office-bankaccount-rbac.sql
@ -10,7 +10,7 @@ call rbac.generateRelatedRbacObject('hs_office_bankaccount');
 -- ============================================================================
--changeset RbacRoleDescirptorsGenerator:hs-office-bankaccount-rbac-ROLE-DESCRIPTORS endDelimiter:--//
+--changeset RbacRoleDescriptorsGenerator:hs-office-bankaccount-rbac-ROLE-DESCRIPTORS endDelimiter:--//
 -- ----------------------------------------------------------------------------
 call rbac.generateRbacRoleDescriptors('hsOfficeBankAccount', 'hs_office_bankaccount');
 --//
--- a/src/main/resources/db/changelog/5-hs-office/506-debitor/5063-hs-office-debitor-rbac.sql
+++ b/src/main/resources/db/changelog/5-hs-office/506-debitor/5063-hs-office-debitor-rbac.sql
@ -10,7 +10,7 @@ call rbac.generateRelatedRbacObject('hs_office_debitor');
 -- ============================================================================
--changeset RbacRoleDescirptorsGenerator:hs-office-debitor-rbac-ROLE-DESCRIPTORS endDelimiter:--//
+--changeset RbacRoleDescriptorsGenerator:hs-office-debitor-rbac-ROLE-DESCRIPTORS endDelimiter:--//
 -- ----------------------------------------------------------------------------
 call rbac.generateRbacRoleDescriptors('hsOfficeDebitor', 'hs_office_debitor');
 --//
--- a/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5073-hs-office-sepamandate-rbac.sql
+++ b/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5073-hs-office-sepamandate-rbac.sql
@ -10,7 +10,7 @@ call rbac.generateRelatedRbacObject('hs_office_sepamandate');
 -- ============================================================================
--changeset RbacRoleDescirptorsGenerator:hs-office-sepamandate-rbac-ROLE-DESCRIPTORS endDelimiter:--//
+--changeset RbacRoleDescriptorsGenerator:hs-office-sepamandate-rbac-ROLE-DESCRIPTORS endDelimiter:--//
 -- ----------------------------------------------------------------------------
 call rbac.generateRbacRoleDescriptors('hsOfficeSepaMandate', 'hs_office_sepamandate');
 --//
--- a/src/main/resources/db/changelog/5-hs-office/510-membership/5103-hs-office-membership-rbac.sql
+++ b/src/main/resources/db/changelog/5-hs-office/510-membership/5103-hs-office-membership-rbac.sql
@ -10,7 +10,7 @@ call rbac.generateRelatedRbacObject('hs_office_membership');
 -- ============================================================================
--changeset RbacRoleDescirptorsGenerator:hs-office-membership-rbac-ROLE-DESCRIPTORS endDelimiter:--//
+--changeset RbacRoleDescriptorsGenerator:hs-office-membership-rbac-ROLE-DESCRIPTORS endDelimiter:--//
 -- ----------------------------------------------------------------------------
 call rbac.generateRbacRoleDescriptors('hsOfficeMembership', 'hs_office_membership');
 --//
--- a/src/main/resources/db/changelog/5-hs-office/511-coopshares/5113-hs-office-coopshares-rbac.sql
+++ b/src/main/resources/db/changelog/5-hs-office/511-coopshares/5113-hs-office-coopshares-rbac.sql
@ -10,7 +10,7 @@ call rbac.generateRelatedRbacObject('hs_office_coopsharestransaction');
 -- ============================================================================
--changeset RbacRoleDescirptorsGenerator:hs-office-coopsharestransaction-rbac-ROLE-DESCRIPTORS endDelimiter:--//
+--changeset RbacRoleDescriptorsGenerator:hs-office-coopsharestransaction-rbac-ROLE-DESCRIPTORS endDelimiter:--//
 -- ----------------------------------------------------------------------------
 call rbac.generateRbacRoleDescriptors('hsOfficeCoopSharesTransaction', 'hs_office_coopsharestransaction');
 --//
--- a/src/main/resources/db/changelog/5-hs-office/512-coopassets/5123-hs-office-coopassets-rbac.sql
+++ b/src/main/resources/db/changelog/5-hs-office/512-coopassets/5123-hs-office-coopassets-rbac.sql
@ -10,7 +10,7 @@ call rbac.generateRelatedRbacObject('hs_office_coopassetstransaction');
 -- ============================================================================
--changeset RbacRoleDescirptorsGenerator:hs-office-coopassetstransaction-rbac-ROLE-DESCRIPTORS endDelimiter:--//
+--changeset RbacRoleDescriptorsGenerator:hs-office-coopassetstransaction-rbac-ROLE-DESCRIPTORS endDelimiter:--//
 -- ----------------------------------------------------------------------------
 call rbac.generateRbacRoleDescriptors('hsOfficeCoopAssetsTransaction', 'hs_office_coopassetstransaction');
 --//