rbac schema in 1057-rbac-role-builder.sql und 1058-rbac-generators.sql
This commit is contained in:
parent
9b80d8ac80
commit
06d8e24e66
@ -26,13 +26,13 @@ public class RbacIdentityViewGenerator {
|
||||
plPgSql.writeLn(
|
||||
switch (rbacDef.getIdentityViewSqlQuery().part) {
|
||||
case SQL_PROJECTION -> """
|
||||
call generateRbacIdentityViewFromProjection('${rawTableName}',
|
||||
call rbac.generateRbacIdentityViewFromProjection('${rawTableName}',
|
||||
$idName$
|
||||
${identityViewSqlPart}
|
||||
$idName$);
|
||||
""";
|
||||
case SQL_QUERY -> """
|
||||
call generateRbacIdentityViewFromQuery('${rawTableName}',
|
||||
call rbac.generateRbacIdentityViewFromQuery('${rawTableName}',
|
||||
$idName$
|
||||
${identityViewSqlPart}
|
||||
$idName$);
|
||||
|
@ -17,7 +17,7 @@ public class RbacObjectGenerator {
|
||||
-- ============================================================================
|
||||
--changeset ${liquibaseTagPrefix}-rbac-OBJECT:1 endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call generateRelatedRbacObject('${rawTableName}');
|
||||
call rbac.generateRelatedRbacObject('${rawTableName}');
|
||||
--//
|
||||
|
||||
""",
|
||||
|
@ -21,7 +21,7 @@ public class RbacRestrictedViewGenerator {
|
||||
-- ============================================================================
|
||||
--changeset ${liquibaseTagPrefix}-rbac-RESTRICTED-VIEW:1 endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call generateRbacRestrictedView('${rawTableName}',
|
||||
call rbac.generateRbacRestrictedView('${rawTableName}',
|
||||
$orderBy$
|
||||
${orderBy}
|
||||
$orderBy$,
|
||||
|
@ -19,7 +19,7 @@ public class RbacRoleDescriptorsGenerator {
|
||||
-- ============================================================================
|
||||
--changeset ${liquibaseTagPrefix}-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call generateRbacRoleDescriptors('${simpleEntityVarName}', '${rawTableName}');
|
||||
call rbac.generateRbacRoleDescriptors('${simpleEntityVarName}', '${rawTableName}');
|
||||
--//
|
||||
|
||||
""",
|
||||
|
@ -389,7 +389,7 @@ class RolesGrantsAndPermissionsGenerator {
|
||||
}
|
||||
|
||||
plPgSql.writeLn();
|
||||
plPgSql.writeLn("perform createRoleWithGrants(");
|
||||
plPgSql.writeLn("perform rbac.defineRoleWithGrants(");
|
||||
plPgSql.indented(() -> {
|
||||
plPgSql.writeLn("${simpleVarName)${roleSuffix}(NEW),"
|
||||
.replace("${simpleVarName)", simpleEntityVarName)
|
||||
|
@ -3,11 +3,10 @@
|
||||
|
||||
-- =================================================================
|
||||
-- CREATE ROLE
|
||||
--changeset rbac-role-builder-create-role:1 endDelimiter:--//
|
||||
--changeset rbac-role-builder-define-role:1 endDelimiter:--//
|
||||
-- -----------------------------------------------------------------
|
||||
|
||||
-- TODO: rename to defineRoleWithGrants because it does not complain if the role already exists
|
||||
create or replace function createRoleWithGrants(
|
||||
create or replace function rbac.defineRoleWithGrants(
|
||||
roleDescriptor RbacRoleDescriptor,
|
||||
permissions RbacOp[] = array[]::RbacOp[],
|
||||
incomingSuperRoles RbacRoleDescriptor[] = array[]::RbacRoleDescriptor[],
|
||||
|
@ -5,7 +5,7 @@
|
||||
--changeset rbac-generators-RELATED-OBJECT:1 endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
create or replace procedure generateRelatedRbacObject(targetTable varchar)
|
||||
create or replace procedure rbac.generateRelatedRbacObject(targetTable varchar)
|
||||
language plpgsql as $$
|
||||
declare
|
||||
createInsertTriggerSQL text;
|
||||
@ -35,7 +35,7 @@ end; $$;
|
||||
--changeset rbac-generators-ROLE-DESCRIPTORS:1 endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
create procedure generateRbacRoleDescriptors(prefix text, targetTable text)
|
||||
create procedure rbac.generateRbacRoleDescriptors(prefix text, targetTable text)
|
||||
language plpgsql as $$
|
||||
declare
|
||||
sql text;
|
||||
@ -100,7 +100,7 @@ end; $$;
|
||||
--changeset rbac-generators-IDENTITY-VIEW:1 endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
create or replace procedure generateRbacIdentityViewFromQuery(targetTable text, sqlQuery text)
|
||||
create or replace procedure rbac.generateRbacIdentityViewFromQuery(targetTable text, sqlQuery text)
|
||||
language plpgsql as $$
|
||||
declare
|
||||
sql text;
|
||||
@ -140,7 +140,7 @@ begin
|
||||
execute sql;
|
||||
end; $$;
|
||||
|
||||
create or replace procedure generateRbacIdentityViewFromProjection(targetTable text, sqlProjection text)
|
||||
create or replace procedure rbac.generateRbacIdentityViewFromProjection(targetTable text, sqlProjection text)
|
||||
language plpgsql as $$
|
||||
declare
|
||||
sqlQuery text;
|
||||
@ -151,7 +151,7 @@ begin
|
||||
select target.uuid, cleanIdentifier(%2$s) as idName
|
||||
from %1$s as target;
|
||||
$sql$, targetTable, sqlProjection);
|
||||
call generateRbacIdentityViewFromQuery(targetTable, sqlQuery);
|
||||
call rbac.generateRbacIdentityViewFromQuery(targetTable, sqlQuery);
|
||||
end; $$;
|
||||
--//
|
||||
|
||||
@ -160,7 +160,7 @@ end; $$;
|
||||
--changeset rbac-generators-RESTRICTED-VIEW:1 endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
create or replace procedure generateRbacRestrictedView(targetTable text, orderBy text, columnUpdates text = null, columnNames text = '*')
|
||||
create or replace procedure rbac.generateRbacRestrictedView(targetTable text, orderBy text, columnUpdates text = null, columnNames text = '*')
|
||||
language plpgsql as $$
|
||||
declare
|
||||
sql text;
|
||||
|
@ -5,14 +5,14 @@
|
||||
-- ============================================================================
|
||||
--changeset test-customer-rbac-OBJECT:1 endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call generateRelatedRbacObject('test_customer');
|
||||
call rbac.generateRelatedRbacObject('test_customer');
|
||||
--//
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset test-customer-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call generateRbacRoleDescriptors('testCustomer', 'test_customer');
|
||||
call rbac.generateRbacRoleDescriptors('testCustomer', 'test_customer');
|
||||
--//
|
||||
|
||||
|
||||
@ -34,20 +34,20 @@ declare
|
||||
begin
|
||||
call rbac.enterTriggerForObjectUuid(NEW.uuid);
|
||||
|
||||
perform createRoleWithGrants(
|
||||
perform rbac.defineRoleWithGrants(
|
||||
testCustomerOWNER(NEW),
|
||||
permissions => array['DELETE'],
|
||||
incomingSuperRoles => array[globalADMIN(unassumed())],
|
||||
subjectUuids => array[rbac.currentSubjectUuid()]
|
||||
);
|
||||
|
||||
perform createRoleWithGrants(
|
||||
perform rbac.defineRoleWithGrants(
|
||||
testCustomerADMIN(NEW),
|
||||
permissions => array['UPDATE'],
|
||||
incomingSuperRoles => array[testCustomerOWNER(NEW)]
|
||||
);
|
||||
|
||||
perform createRoleWithGrants(
|
||||
perform rbac.defineRoleWithGrants(
|
||||
testCustomerTENANT(NEW),
|
||||
permissions => array['SELECT'],
|
||||
incomingSuperRoles => array[testCustomerADMIN(NEW)]
|
||||
@ -157,7 +157,7 @@ create trigger test_customer_insert_permission_check_tg
|
||||
--changeset test-customer-rbac-IDENTITY-VIEW:1 endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
call generateRbacIdentityViewFromProjection('test_customer',
|
||||
call rbac.generateRbacIdentityViewFromProjection('test_customer',
|
||||
$idName$
|
||||
prefix
|
||||
$idName$);
|
||||
@ -167,7 +167,7 @@ call generateRbacIdentityViewFromProjection('test_customer',
|
||||
-- ============================================================================
|
||||
--changeset test-customer-rbac-RESTRICTED-VIEW:1 endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call generateRbacRestrictedView('test_customer',
|
||||
call rbac.generateRbacRestrictedView('test_customer',
|
||||
$orderBy$
|
||||
reference
|
||||
$orderBy$,
|
||||
|
@ -5,14 +5,14 @@
|
||||
-- ============================================================================
|
||||
--changeset test-package-rbac-OBJECT:1 endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call generateRelatedRbacObject('test_package');
|
||||
call rbac.generateRelatedRbacObject('test_package');
|
||||
--//
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset test-package-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call generateRbacRoleDescriptors('testPackage', 'test_package');
|
||||
call rbac.generateRbacRoleDescriptors('testPackage', 'test_package');
|
||||
--//
|
||||
|
||||
|
||||
@ -39,18 +39,18 @@ begin
|
||||
assert newCustomer.uuid is not null, format('newCustomer must not be null for NEW.customerUuid = %s', NEW.customerUuid);
|
||||
|
||||
|
||||
perform createRoleWithGrants(
|
||||
perform rbac.defineRoleWithGrants(
|
||||
testPackageOWNER(NEW),
|
||||
permissions => array['DELETE', 'UPDATE'],
|
||||
incomingSuperRoles => array[testCustomerADMIN(newCustomer)]
|
||||
);
|
||||
|
||||
perform createRoleWithGrants(
|
||||
perform rbac.defineRoleWithGrants(
|
||||
testPackageADMIN(NEW),
|
||||
incomingSuperRoles => array[testPackageOWNER(NEW)]
|
||||
);
|
||||
|
||||
perform createRoleWithGrants(
|
||||
perform rbac.defineRoleWithGrants(
|
||||
testPackageTENANT(NEW),
|
||||
permissions => array['SELECT'],
|
||||
incomingSuperRoles => array[testPackageADMIN(NEW)],
|
||||
@ -222,7 +222,7 @@ create trigger test_package_insert_permission_check_tg
|
||||
--changeset test-package-rbac-IDENTITY-VIEW:1 endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
call generateRbacIdentityViewFromProjection('test_package',
|
||||
call rbac.generateRbacIdentityViewFromProjection('test_package',
|
||||
$idName$
|
||||
name
|
||||
$idName$);
|
||||
@ -232,7 +232,7 @@ call generateRbacIdentityViewFromProjection('test_package',
|
||||
-- ============================================================================
|
||||
--changeset test-package-rbac-RESTRICTED-VIEW:1 endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call generateRbacRestrictedView('test_package',
|
||||
call rbac.generateRbacRestrictedView('test_package',
|
||||
$orderBy$
|
||||
name
|
||||
$orderBy$,
|
||||
|
@ -5,14 +5,14 @@
|
||||
-- ============================================================================
|
||||
--changeset test-domain-rbac-OBJECT:1 endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call generateRelatedRbacObject('test_domain');
|
||||
call rbac.generateRelatedRbacObject('test_domain');
|
||||
--//
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset test-domain-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call generateRbacRoleDescriptors('testDomain', 'test_domain');
|
||||
call rbac.generateRbacRoleDescriptors('testDomain', 'test_domain');
|
||||
--//
|
||||
|
||||
|
||||
@ -39,14 +39,14 @@ begin
|
||||
assert newPackage.uuid is not null, format('newPackage must not be null for NEW.packageUuid = %s', NEW.packageUuid);
|
||||
|
||||
|
||||
perform createRoleWithGrants(
|
||||
perform rbac.defineRoleWithGrants(
|
||||
testDomainOWNER(NEW),
|
||||
permissions => array['DELETE', 'UPDATE'],
|
||||
incomingSuperRoles => array[testPackageADMIN(newPackage)],
|
||||
outgoingSubRoles => array[testPackageTENANT(newPackage)]
|
||||
);
|
||||
|
||||
perform createRoleWithGrants(
|
||||
perform rbac.defineRoleWithGrants(
|
||||
testDomainADMIN(NEW),
|
||||
permissions => array['SELECT'],
|
||||
incomingSuperRoles => array[testDomainOWNER(NEW)],
|
||||
@ -221,7 +221,7 @@ create trigger test_domain_insert_permission_check_tg
|
||||
--changeset test-domain-rbac-IDENTITY-VIEW:1 endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
call generateRbacIdentityViewFromProjection('test_domain',
|
||||
call rbac.generateRbacIdentityViewFromProjection('test_domain',
|
||||
$idName$
|
||||
name
|
||||
$idName$);
|
||||
@ -231,7 +231,7 @@ call generateRbacIdentityViewFromProjection('test_domain',
|
||||
-- ============================================================================
|
||||
--changeset test-domain-rbac-RESTRICTED-VIEW:1 endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call generateRbacRestrictedView('test_domain',
|
||||
call rbac.generateRbacRestrictedView('test_domain',
|
||||
$orderBy$
|
||||
name
|
||||
$orderBy$,
|
||||
|
@ -5,14 +5,14 @@
|
||||
-- ============================================================================
|
||||
--changeset hs-office-contact-rbac-OBJECT:1 endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call generateRelatedRbacObject('hs_office_contact');
|
||||
call rbac.generateRelatedRbacObject('hs_office_contact');
|
||||
--//
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset hs-office-contact-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call generateRbacRoleDescriptors('hsOfficeContact', 'hs_office_contact');
|
||||
call rbac.generateRbacRoleDescriptors('hsOfficeContact', 'hs_office_contact');
|
||||
--//
|
||||
|
||||
|
||||
@ -34,20 +34,20 @@ declare
|
||||
begin
|
||||
call rbac.enterTriggerForObjectUuid(NEW.uuid);
|
||||
|
||||
perform createRoleWithGrants(
|
||||
perform rbac.defineRoleWithGrants(
|
||||
hsOfficeContactOWNER(NEW),
|
||||
permissions => array['DELETE'],
|
||||
incomingSuperRoles => array[globalADMIN()],
|
||||
subjectUuids => array[rbac.currentSubjectUuid()]
|
||||
);
|
||||
|
||||
perform createRoleWithGrants(
|
||||
perform rbac.defineRoleWithGrants(
|
||||
hsOfficeContactADMIN(NEW),
|
||||
permissions => array['UPDATE'],
|
||||
incomingSuperRoles => array[hsOfficeContactOWNER(NEW)]
|
||||
);
|
||||
|
||||
perform createRoleWithGrants(
|
||||
perform rbac.defineRoleWithGrants(
|
||||
hsOfficeContactREFERRER(NEW),
|
||||
permissions => array['SELECT'],
|
||||
incomingSuperRoles => array[hsOfficeContactADMIN(NEW)]
|
||||
@ -80,7 +80,7 @@ execute procedure insertTriggerForHsOfficeContact_tf();
|
||||
--changeset hs-office-contact-rbac-IDENTITY-VIEW:1 endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
call generateRbacIdentityViewFromProjection('hs_office_contact',
|
||||
call rbac.generateRbacIdentityViewFromProjection('hs_office_contact',
|
||||
$idName$
|
||||
caption
|
||||
$idName$);
|
||||
@ -90,7 +90,7 @@ call generateRbacIdentityViewFromProjection('hs_office_contact',
|
||||
-- ============================================================================
|
||||
--changeset hs-office-contact-rbac-RESTRICTED-VIEW:1 endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call generateRbacRestrictedView('hs_office_contact',
|
||||
call rbac.generateRbacRestrictedView('hs_office_contact',
|
||||
$orderBy$
|
||||
caption
|
||||
$orderBy$,
|
||||
|
@ -5,14 +5,14 @@
|
||||
-- ============================================================================
|
||||
--changeset hs-office-person-rbac-OBJECT:1 endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call generateRelatedRbacObject('hs_office_person');
|
||||
call rbac.generateRelatedRbacObject('hs_office_person');
|
||||
--//
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset hs-office-person-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call generateRbacRoleDescriptors('hsOfficePerson', 'hs_office_person');
|
||||
call rbac.generateRbacRoleDescriptors('hsOfficePerson', 'hs_office_person');
|
||||
--//
|
||||
|
||||
|
||||
@ -34,20 +34,20 @@ declare
|
||||
begin
|
||||
call rbac.enterTriggerForObjectUuid(NEW.uuid);
|
||||
|
||||
perform createRoleWithGrants(
|
||||
perform rbac.defineRoleWithGrants(
|
||||
hsOfficePersonOWNER(NEW),
|
||||
permissions => array['DELETE'],
|
||||
incomingSuperRoles => array[globalADMIN()],
|
||||
subjectUuids => array[rbac.currentSubjectUuid()]
|
||||
);
|
||||
|
||||
perform createRoleWithGrants(
|
||||
perform rbac.defineRoleWithGrants(
|
||||
hsOfficePersonADMIN(NEW),
|
||||
permissions => array['UPDATE'],
|
||||
incomingSuperRoles => array[hsOfficePersonOWNER(NEW)]
|
||||
);
|
||||
|
||||
perform createRoleWithGrants(
|
||||
perform rbac.defineRoleWithGrants(
|
||||
hsOfficePersonREFERRER(NEW),
|
||||
permissions => array['SELECT'],
|
||||
incomingSuperRoles => array[hsOfficePersonADMIN(NEW)]
|
||||
@ -80,7 +80,7 @@ execute procedure insertTriggerForHsOfficePerson_tf();
|
||||
--changeset hs-office-person-rbac-IDENTITY-VIEW:1 endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
call generateRbacIdentityViewFromProjection('hs_office_person',
|
||||
call rbac.generateRbacIdentityViewFromProjection('hs_office_person',
|
||||
$idName$
|
||||
concat(tradeName, familyName, givenName)
|
||||
$idName$);
|
||||
@ -90,7 +90,7 @@ call generateRbacIdentityViewFromProjection('hs_office_person',
|
||||
-- ============================================================================
|
||||
--changeset hs-office-person-rbac-RESTRICTED-VIEW:1 endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call generateRbacRestrictedView('hs_office_person',
|
||||
call rbac.generateRbacRestrictedView('hs_office_person',
|
||||
$orderBy$
|
||||
concat(tradeName, familyName, givenName)
|
||||
$orderBy$,
|
||||
|
@ -5,14 +5,14 @@
|
||||
-- ============================================================================
|
||||
--changeset hs-office-relation-rbac-OBJECT:1 endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call generateRelatedRbacObject('hs_office_relation');
|
||||
call rbac.generateRelatedRbacObject('hs_office_relation');
|
||||
--//
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset hs-office-relation-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call generateRbacRoleDescriptors('hsOfficeRelation', 'hs_office_relation');
|
||||
call rbac.generateRbacRoleDescriptors('hsOfficeRelation', 'hs_office_relation');
|
||||
--//
|
||||
|
||||
|
||||
@ -47,25 +47,25 @@ begin
|
||||
assert newContact.uuid is not null, format('newContact must not be null for NEW.contactUuid = %s', NEW.contactUuid);
|
||||
|
||||
|
||||
perform createRoleWithGrants(
|
||||
perform rbac.defineRoleWithGrants(
|
||||
hsOfficeRelationOWNER(NEW),
|
||||
permissions => array['DELETE'],
|
||||
incomingSuperRoles => array[globalADMIN()],
|
||||
subjectUuids => array[rbac.currentSubjectUuid()]
|
||||
);
|
||||
|
||||
perform createRoleWithGrants(
|
||||
perform rbac.defineRoleWithGrants(
|
||||
hsOfficeRelationADMIN(NEW),
|
||||
permissions => array['UPDATE'],
|
||||
incomingSuperRoles => array[hsOfficeRelationOWNER(NEW)]
|
||||
);
|
||||
|
||||
perform createRoleWithGrants(
|
||||
perform rbac.defineRoleWithGrants(
|
||||
hsOfficeRelationAGENT(NEW),
|
||||
incomingSuperRoles => array[hsOfficeRelationADMIN(NEW)]
|
||||
);
|
||||
|
||||
perform createRoleWithGrants(
|
||||
perform rbac.defineRoleWithGrants(
|
||||
hsOfficeRelationTENANT(NEW),
|
||||
permissions => array['SELECT'],
|
||||
incomingSuperRoles => array[
|
||||
@ -231,7 +231,7 @@ create trigger hs_office_relation_insert_permission_check_tg
|
||||
--changeset hs-office-relation-rbac-IDENTITY-VIEW:1 endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
call generateRbacIdentityViewFromProjection('hs_office_relation',
|
||||
call rbac.generateRbacIdentityViewFromProjection('hs_office_relation',
|
||||
$idName$
|
||||
(select idName from hs_office_person_iv p where p.uuid = anchorUuid)
|
||||
|| '-with-' || target.type || '-'
|
||||
@ -243,7 +243,7 @@ call generateRbacIdentityViewFromProjection('hs_office_relation',
|
||||
-- ============================================================================
|
||||
--changeset hs-office-relation-rbac-RESTRICTED-VIEW:1 endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call generateRbacRestrictedView('hs_office_relation',
|
||||
call rbac.generateRbacRestrictedView('hs_office_relation',
|
||||
$orderBy$
|
||||
(select idName from hs_office_person_iv p where p.uuid = target.holderUuid)
|
||||
$orderBy$,
|
||||
|
@ -5,14 +5,14 @@
|
||||
-- ============================================================================
|
||||
--changeset hs-office-partner-rbac-OBJECT:1 endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call generateRelatedRbacObject('hs_office_partner');
|
||||
call rbac.generateRelatedRbacObject('hs_office_partner');
|
||||
--//
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset hs-office-partner-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call generateRbacRoleDescriptors('hsOfficePartner', 'hs_office_partner');
|
||||
call rbac.generateRbacRoleDescriptors('hsOfficePartner', 'hs_office_partner');
|
||||
--//
|
||||
|
||||
|
||||
@ -234,7 +234,7 @@ create trigger hs_office_partner_insert_permission_check_tg
|
||||
--changeset hs-office-partner-rbac-IDENTITY-VIEW:1 endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
call generateRbacIdentityViewFromProjection('hs_office_partner',
|
||||
call rbac.generateRbacIdentityViewFromProjection('hs_office_partner',
|
||||
$idName$
|
||||
'P-' || partnerNumber
|
||||
$idName$);
|
||||
@ -244,7 +244,7 @@ call generateRbacIdentityViewFromProjection('hs_office_partner',
|
||||
-- ============================================================================
|
||||
--changeset hs-office-partner-rbac-RESTRICTED-VIEW:1 endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call generateRbacRestrictedView('hs_office_partner',
|
||||
call rbac.generateRbacRestrictedView('hs_office_partner',
|
||||
$orderBy$
|
||||
'P-' || partnerNumber
|
||||
$orderBy$,
|
||||
|
@ -5,14 +5,14 @@
|
||||
-- ============================================================================
|
||||
--changeset hs-office-partner-details-rbac-OBJECT:1 endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call generateRelatedRbacObject('hs_office_partner_details');
|
||||
call rbac.generateRelatedRbacObject('hs_office_partner_details');
|
||||
--//
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset hs-office-partner-details-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call generateRbacRoleDescriptors('hsOfficePartnerDetails', 'hs_office_partner_details');
|
||||
call rbac.generateRbacRoleDescriptors('hsOfficePartnerDetails', 'hs_office_partner_details');
|
||||
--//
|
||||
|
||||
|
||||
@ -138,7 +138,7 @@ create trigger hs_office_partner_details_insert_permission_check_tg
|
||||
--changeset hs-office-partner-details-rbac-IDENTITY-VIEW:1 endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
call generateRbacIdentityViewFromQuery('hs_office_partner_details',
|
||||
call rbac.generateRbacIdentityViewFromQuery('hs_office_partner_details',
|
||||
$idName$
|
||||
SELECT partnerDetails.uuid as uuid, partner_iv.idName as idName
|
||||
FROM hs_office_partner_details AS partnerDetails
|
||||
@ -151,7 +151,7 @@ call generateRbacIdentityViewFromQuery('hs_office_partner_details',
|
||||
-- ============================================================================
|
||||
--changeset hs-office-partner-details-rbac-RESTRICTED-VIEW:1 endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call generateRbacRestrictedView('hs_office_partner_details',
|
||||
call rbac.generateRbacRestrictedView('hs_office_partner_details',
|
||||
$orderBy$
|
||||
uuid
|
||||
$orderBy$,
|
||||
|
@ -5,14 +5,14 @@
|
||||
-- ============================================================================
|
||||
--changeset hs-office-bankaccount-rbac-OBJECT:1 endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call generateRelatedRbacObject('hs_office_bankaccount');
|
||||
call rbac.generateRelatedRbacObject('hs_office_bankaccount');
|
||||
--//
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset hs-office-bankaccount-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call generateRbacRoleDescriptors('hsOfficeBankAccount', 'hs_office_bankaccount');
|
||||
call rbac.generateRbacRoleDescriptors('hsOfficeBankAccount', 'hs_office_bankaccount');
|
||||
--//
|
||||
|
||||
|
||||
@ -34,20 +34,20 @@ declare
|
||||
begin
|
||||
call rbac.enterTriggerForObjectUuid(NEW.uuid);
|
||||
|
||||
perform createRoleWithGrants(
|
||||
perform rbac.defineRoleWithGrants(
|
||||
hsOfficeBankAccountOWNER(NEW),
|
||||
permissions => array['DELETE'],
|
||||
incomingSuperRoles => array[globalADMIN()],
|
||||
subjectUuids => array[rbac.currentSubjectUuid()]
|
||||
);
|
||||
|
||||
perform createRoleWithGrants(
|
||||
perform rbac.defineRoleWithGrants(
|
||||
hsOfficeBankAccountADMIN(NEW),
|
||||
permissions => array['UPDATE'],
|
||||
incomingSuperRoles => array[hsOfficeBankAccountOWNER(NEW)]
|
||||
);
|
||||
|
||||
perform createRoleWithGrants(
|
||||
perform rbac.defineRoleWithGrants(
|
||||
hsOfficeBankAccountREFERRER(NEW),
|
||||
permissions => array['SELECT'],
|
||||
incomingSuperRoles => array[hsOfficeBankAccountADMIN(NEW)]
|
||||
@ -80,7 +80,7 @@ execute procedure insertTriggerForHsOfficeBankAccount_tf();
|
||||
--changeset hs-office-bankaccount-rbac-IDENTITY-VIEW:1 endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
call generateRbacIdentityViewFromProjection('hs_office_bankaccount',
|
||||
call rbac.generateRbacIdentityViewFromProjection('hs_office_bankaccount',
|
||||
$idName$
|
||||
iban
|
||||
$idName$);
|
||||
@ -90,7 +90,7 @@ call generateRbacIdentityViewFromProjection('hs_office_bankaccount',
|
||||
-- ============================================================================
|
||||
--changeset hs-office-bankaccount-rbac-RESTRICTED-VIEW:1 endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call generateRbacRestrictedView('hs_office_bankaccount',
|
||||
call rbac.generateRbacRestrictedView('hs_office_bankaccount',
|
||||
$orderBy$
|
||||
iban
|
||||
$orderBy$,
|
||||
|
@ -5,14 +5,14 @@
|
||||
-- ============================================================================
|
||||
--changeset hs-office-debitor-rbac-OBJECT:1 endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call generateRelatedRbacObject('hs_office_debitor');
|
||||
call rbac.generateRelatedRbacObject('hs_office_debitor');
|
||||
--//
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset hs-office-debitor-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call generateRbacRoleDescriptors('hsOfficeDebitor', 'hs_office_debitor');
|
||||
call rbac.generateRbacRoleDescriptors('hsOfficeDebitor', 'hs_office_debitor');
|
||||
--//
|
||||
|
||||
|
||||
@ -207,7 +207,7 @@ create trigger hs_office_debitor_insert_permission_check_tg
|
||||
--changeset hs-office-debitor-rbac-IDENTITY-VIEW:1 endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
call generateRbacIdentityViewFromQuery('hs_office_debitor',
|
||||
call rbac.generateRbacIdentityViewFromQuery('hs_office_debitor',
|
||||
$idName$
|
||||
SELECT debitor.uuid AS uuid,
|
||||
'D-' || (SELECT partner.partnerNumber
|
||||
@ -226,7 +226,7 @@ call generateRbacIdentityViewFromQuery('hs_office_debitor',
|
||||
-- ============================================================================
|
||||
--changeset hs-office-debitor-rbac-RESTRICTED-VIEW:1 endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call generateRbacRestrictedView('hs_office_debitor',
|
||||
call rbac.generateRbacRestrictedView('hs_office_debitor',
|
||||
$orderBy$
|
||||
defaultPrefix
|
||||
$orderBy$,
|
||||
|
@ -5,14 +5,14 @@
|
||||
-- ============================================================================
|
||||
--changeset hs-office-sepamandate-rbac-OBJECT:1 endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call generateRelatedRbacObject('hs_office_sepamandate');
|
||||
call rbac.generateRelatedRbacObject('hs_office_sepamandate');
|
||||
--//
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset hs-office-sepamandate-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call generateRbacRoleDescriptors('hsOfficeSepaMandate', 'hs_office_sepamandate');
|
||||
call rbac.generateRbacRoleDescriptors('hsOfficeSepaMandate', 'hs_office_sepamandate');
|
||||
--//
|
||||
|
||||
|
||||
@ -47,20 +47,20 @@ begin
|
||||
assert newDebitorRel.uuid is not null, format('newDebitorRel must not be null for NEW.debitorUuid = %s', NEW.debitorUuid);
|
||||
|
||||
|
||||
perform createRoleWithGrants(
|
||||
perform rbac.defineRoleWithGrants(
|
||||
hsOfficeSepaMandateOWNER(NEW),
|
||||
permissions => array['DELETE'],
|
||||
incomingSuperRoles => array[globalADMIN()],
|
||||
subjectUuids => array[rbac.currentSubjectUuid()]
|
||||
);
|
||||
|
||||
perform createRoleWithGrants(
|
||||
perform rbac.defineRoleWithGrants(
|
||||
hsOfficeSepaMandateADMIN(NEW),
|
||||
permissions => array['UPDATE'],
|
||||
incomingSuperRoles => array[hsOfficeSepaMandateOWNER(NEW)]
|
||||
);
|
||||
|
||||
perform createRoleWithGrants(
|
||||
perform rbac.defineRoleWithGrants(
|
||||
hsOfficeSepaMandateAGENT(NEW),
|
||||
incomingSuperRoles => array[hsOfficeSepaMandateADMIN(NEW)],
|
||||
outgoingSubRoles => array[
|
||||
@ -68,7 +68,7 @@ begin
|
||||
hsOfficeRelationAGENT(newDebitorRel)]
|
||||
);
|
||||
|
||||
perform createRoleWithGrants(
|
||||
perform rbac.defineRoleWithGrants(
|
||||
hsOfficeSepaMandateREFERRER(NEW),
|
||||
permissions => array['SELECT'],
|
||||
incomingSuperRoles => array[
|
||||
@ -188,7 +188,7 @@ create trigger hs_office_sepamandate_insert_permission_check_tg
|
||||
--changeset hs-office-sepamandate-rbac-IDENTITY-VIEW:1 endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
call generateRbacIdentityViewFromQuery('hs_office_sepamandate',
|
||||
call rbac.generateRbacIdentityViewFromQuery('hs_office_sepamandate',
|
||||
$idName$
|
||||
select sm.uuid as uuid, ba.iban || '-' || sm.validity as idName
|
||||
from hs_office_sepamandate sm
|
||||
@ -200,7 +200,7 @@ call generateRbacIdentityViewFromQuery('hs_office_sepamandate',
|
||||
-- ============================================================================
|
||||
--changeset hs-office-sepamandate-rbac-RESTRICTED-VIEW:1 endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call generateRbacRestrictedView('hs_office_sepamandate',
|
||||
call rbac.generateRbacRestrictedView('hs_office_sepamandate',
|
||||
$orderBy$
|
||||
validity
|
||||
$orderBy$,
|
||||
|
@ -5,14 +5,14 @@
|
||||
-- ============================================================================
|
||||
--changeset hs-office-membership-rbac-OBJECT:1 endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call generateRelatedRbacObject('hs_office_membership');
|
||||
call rbac.generateRelatedRbacObject('hs_office_membership');
|
||||
--//
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset hs-office-membership-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call generateRbacRoleDescriptors('hsOfficeMembership', 'hs_office_membership');
|
||||
call rbac.generateRbacRoleDescriptors('hsOfficeMembership', 'hs_office_membership');
|
||||
--//
|
||||
|
||||
|
||||
@ -43,12 +43,12 @@ begin
|
||||
assert newPartnerRel.uuid is not null, format('newPartnerRel must not be null for NEW.partnerUuid = %s', NEW.partnerUuid);
|
||||
|
||||
|
||||
perform createRoleWithGrants(
|
||||
perform rbac.defineRoleWithGrants(
|
||||
hsOfficeMembershipOWNER(NEW),
|
||||
subjectUuids => array[rbac.currentSubjectUuid()]
|
||||
);
|
||||
|
||||
perform createRoleWithGrants(
|
||||
perform rbac.defineRoleWithGrants(
|
||||
hsOfficeMembershipADMIN(NEW),
|
||||
permissions => array['DELETE', 'UPDATE'],
|
||||
incomingSuperRoles => array[
|
||||
@ -56,7 +56,7 @@ begin
|
||||
hsOfficeRelationADMIN(newPartnerRel)]
|
||||
);
|
||||
|
||||
perform createRoleWithGrants(
|
||||
perform rbac.defineRoleWithGrants(
|
||||
hsOfficeMembershipAGENT(NEW),
|
||||
permissions => array['SELECT'],
|
||||
incomingSuperRoles => array[
|
||||
@ -169,7 +169,7 @@ create trigger hs_office_membership_insert_permission_check_tg
|
||||
--changeset hs-office-membership-rbac-IDENTITY-VIEW:1 endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
call generateRbacIdentityViewFromQuery('hs_office_membership',
|
||||
call rbac.generateRbacIdentityViewFromQuery('hs_office_membership',
|
||||
$idName$
|
||||
SELECT m.uuid AS uuid,
|
||||
'M-' || p.partnerNumber || m.memberNumberSuffix as idName
|
||||
@ -182,7 +182,7 @@ call generateRbacIdentityViewFromQuery('hs_office_membership',
|
||||
-- ============================================================================
|
||||
--changeset hs-office-membership-rbac-RESTRICTED-VIEW:1 endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call generateRbacRestrictedView('hs_office_membership',
|
||||
call rbac.generateRbacRestrictedView('hs_office_membership',
|
||||
$orderBy$
|
||||
validity
|
||||
$orderBy$,
|
||||
|
@ -5,14 +5,14 @@
|
||||
-- ============================================================================
|
||||
--changeset hs-office-coopsharestransaction-rbac-OBJECT:1 endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call generateRelatedRbacObject('hs_office_coopsharestransaction');
|
||||
call rbac.generateRelatedRbacObject('hs_office_coopsharestransaction');
|
||||
--//
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset hs-office-coopsharestransaction-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call generateRbacRoleDescriptors('hsOfficeCoopSharesTransaction', 'hs_office_coopsharestransaction');
|
||||
call rbac.generateRbacRoleDescriptors('hsOfficeCoopSharesTransaction', 'hs_office_coopsharestransaction');
|
||||
--//
|
||||
|
||||
|
||||
@ -145,7 +145,7 @@ create trigger hs_office_coopsharestransaction_insert_permission_check_tg
|
||||
--changeset hs-office-coopsharestransaction-rbac-IDENTITY-VIEW:1 endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
call generateRbacIdentityViewFromProjection('hs_office_coopsharestransaction',
|
||||
call rbac.generateRbacIdentityViewFromProjection('hs_office_coopsharestransaction',
|
||||
$idName$
|
||||
reference
|
||||
$idName$);
|
||||
@ -155,7 +155,7 @@ call generateRbacIdentityViewFromProjection('hs_office_coopsharestransaction',
|
||||
-- ============================================================================
|
||||
--changeset hs-office-coopsharestransaction-rbac-RESTRICTED-VIEW:1 endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call generateRbacRestrictedView('hs_office_coopsharestransaction',
|
||||
call rbac.generateRbacRestrictedView('hs_office_coopsharestransaction',
|
||||
$orderBy$
|
||||
reference
|
||||
$orderBy$,
|
||||
|
@ -5,14 +5,14 @@
|
||||
-- ============================================================================
|
||||
--changeset hs-office-coopassetstransaction-rbac-OBJECT:1 endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call generateRelatedRbacObject('hs_office_coopassetstransaction');
|
||||
call rbac.generateRelatedRbacObject('hs_office_coopassetstransaction');
|
||||
--//
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset hs-office-coopassetstransaction-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call generateRbacRoleDescriptors('hsOfficeCoopAssetsTransaction', 'hs_office_coopassetstransaction');
|
||||
call rbac.generateRbacRoleDescriptors('hsOfficeCoopAssetsTransaction', 'hs_office_coopassetstransaction');
|
||||
--//
|
||||
|
||||
|
||||
@ -145,7 +145,7 @@ create trigger hs_office_coopassetstransaction_insert_permission_check_tg
|
||||
--changeset hs-office-coopassetstransaction-rbac-IDENTITY-VIEW:1 endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
call generateRbacIdentityViewFromProjection('hs_office_coopassetstransaction',
|
||||
call rbac.generateRbacIdentityViewFromProjection('hs_office_coopassetstransaction',
|
||||
$idName$
|
||||
reference
|
||||
$idName$);
|
||||
@ -155,7 +155,7 @@ call generateRbacIdentityViewFromProjection('hs_office_coopassetstransaction',
|
||||
-- ============================================================================
|
||||
--changeset hs-office-coopassetstransaction-rbac-RESTRICTED-VIEW:1 endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call generateRbacRestrictedView('hs_office_coopassetstransaction',
|
||||
call rbac.generateRbacRestrictedView('hs_office_coopassetstransaction',
|
||||
$orderBy$
|
||||
reference
|
||||
$orderBy$,
|
||||
|
@ -5,14 +5,14 @@
|
||||
-- ============================================================================
|
||||
--changeset hs-booking-project-rbac-OBJECT:1 endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call generateRelatedRbacObject('hs_booking_project');
|
||||
call rbac.generateRelatedRbacObject('hs_booking_project');
|
||||
--//
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset hs-booking-project-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call generateRbacRoleDescriptors('hsBookingProject', 'hs_booking_project');
|
||||
call rbac.generateRbacRoleDescriptors('hsBookingProject', 'hs_booking_project');
|
||||
--//
|
||||
|
||||
|
||||
@ -47,23 +47,23 @@ begin
|
||||
assert newDebitorRel.uuid is not null, format('newDebitorRel must not be null for NEW.debitorUuid = %s', NEW.debitorUuid);
|
||||
|
||||
|
||||
perform createRoleWithGrants(
|
||||
perform rbac.defineRoleWithGrants(
|
||||
hsBookingProjectOWNER(NEW),
|
||||
incomingSuperRoles => array[hsOfficeRelationAGENT(newDebitorRel, unassumed())]
|
||||
);
|
||||
|
||||
perform createRoleWithGrants(
|
||||
perform rbac.defineRoleWithGrants(
|
||||
hsBookingProjectADMIN(NEW),
|
||||
permissions => array['UPDATE'],
|
||||
incomingSuperRoles => array[hsBookingProjectOWNER(NEW)]
|
||||
);
|
||||
|
||||
perform createRoleWithGrants(
|
||||
perform rbac.defineRoleWithGrants(
|
||||
hsBookingProjectAGENT(NEW),
|
||||
incomingSuperRoles => array[hsBookingProjectADMIN(NEW)]
|
||||
);
|
||||
|
||||
perform createRoleWithGrants(
|
||||
perform rbac.defineRoleWithGrants(
|
||||
hsBookingProjectTENANT(NEW),
|
||||
permissions => array['SELECT'],
|
||||
incomingSuperRoles => array[hsBookingProjectAGENT(NEW)],
|
||||
@ -182,7 +182,7 @@ create trigger hs_booking_project_insert_permission_check_tg
|
||||
--changeset hs-booking-project-rbac-IDENTITY-VIEW:1 endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
call generateRbacIdentityViewFromQuery('hs_booking_project',
|
||||
call rbac.generateRbacIdentityViewFromQuery('hs_booking_project',
|
||||
$idName$
|
||||
SELECT bookingProject.uuid as uuid, debitorIV.idName || '-' || cleanIdentifier(bookingProject.caption) as idName
|
||||
FROM hs_booking_project bookingProject
|
||||
@ -194,7 +194,7 @@ call generateRbacIdentityViewFromQuery('hs_booking_project',
|
||||
-- ============================================================================
|
||||
--changeset hs-booking-project-rbac-RESTRICTED-VIEW:1 endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call generateRbacRestrictedView('hs_booking_project',
|
||||
call rbac.generateRbacRestrictedView('hs_booking_project',
|
||||
$orderBy$
|
||||
caption
|
||||
$orderBy$,
|
||||
|
@ -5,14 +5,14 @@
|
||||
-- ============================================================================
|
||||
--changeset hs-booking-item-rbac-OBJECT:1 endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call generateRelatedRbacObject('hs_booking_item');
|
||||
call rbac.generateRelatedRbacObject('hs_booking_item');
|
||||
--//
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset hs-booking-item-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call generateRbacRoleDescriptors('hsBookingItem', 'hs_booking_item');
|
||||
call rbac.generateRbacRoleDescriptors('hsBookingItem', 'hs_booking_item');
|
||||
--//
|
||||
|
||||
|
||||
@ -40,25 +40,25 @@ begin
|
||||
|
||||
SELECT * FROM hs_booking_item WHERE uuid = NEW.parentItemUuid INTO newParentItem;
|
||||
|
||||
perform createRoleWithGrants(
|
||||
perform rbac.defineRoleWithGrants(
|
||||
hsBookingItemOWNER(NEW),
|
||||
incomingSuperRoles => array[
|
||||
hsBookingItemAGENT(newParentItem),
|
||||
hsBookingProjectAGENT(newProject)]
|
||||
);
|
||||
|
||||
perform createRoleWithGrants(
|
||||
perform rbac.defineRoleWithGrants(
|
||||
hsBookingItemADMIN(NEW),
|
||||
permissions => array['UPDATE'],
|
||||
incomingSuperRoles => array[hsBookingItemOWNER(NEW)]
|
||||
);
|
||||
|
||||
perform createRoleWithGrants(
|
||||
perform rbac.defineRoleWithGrants(
|
||||
hsBookingItemAGENT(NEW),
|
||||
incomingSuperRoles => array[hsBookingItemADMIN(NEW)]
|
||||
);
|
||||
|
||||
perform createRoleWithGrants(
|
||||
perform rbac.defineRoleWithGrants(
|
||||
hsBookingItemTENANT(NEW),
|
||||
permissions => array['SELECT'],
|
||||
incomingSuperRoles => array[hsBookingItemAGENT(NEW)],
|
||||
@ -253,7 +253,7 @@ create trigger hs_booking_item_insert_permission_check_tg
|
||||
--changeset hs-booking-item-rbac-IDENTITY-VIEW:1 endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
call generateRbacIdentityViewFromProjection('hs_booking_item',
|
||||
call rbac.generateRbacIdentityViewFromProjection('hs_booking_item',
|
||||
$idName$
|
||||
caption
|
||||
$idName$);
|
||||
@ -263,7 +263,7 @@ call generateRbacIdentityViewFromProjection('hs_booking_item',
|
||||
-- ============================================================================
|
||||
--changeset hs-booking-item-rbac-RESTRICTED-VIEW:1 endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call generateRbacRestrictedView('hs_booking_item',
|
||||
call rbac.generateRbacRestrictedView('hs_booking_item',
|
||||
$orderBy$
|
||||
validity
|
||||
$orderBy$,
|
||||
|
@ -5,14 +5,14 @@
|
||||
-- ============================================================================
|
||||
--changeset hs-booking-item-rbac-OBJECT:1 endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call generateRelatedRbacObject('hs_booking_item');
|
||||
call rbac.generateRelatedRbacObject('hs_booking_item');
|
||||
--//
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset hs-booking-item-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call generateRbacRoleDescriptors('hsBookingItem', 'hs_booking_item');
|
||||
call rbac.generateRbacRoleDescriptors('hsBookingItem', 'hs_booking_item');
|
||||
--//
|
||||
|
||||
|
||||
@ -40,25 +40,25 @@ begin
|
||||
|
||||
SELECT * FROM hs_booking_item WHERE uuid = NEW.parentItemUuid INTO newParentItem;
|
||||
|
||||
perform createRoleWithGrants(
|
||||
perform rbac.defineRoleWithGrants(
|
||||
hsBookingItemOWNER(NEW),
|
||||
incomingSuperRoles => array[
|
||||
hsBookingItemAGENT(newParentItem),
|
||||
hsBookingProjectAGENT(newProject)]
|
||||
);
|
||||
|
||||
perform createRoleWithGrants(
|
||||
perform rbac.defineRoleWithGrants(
|
||||
hsBookingItemADMIN(NEW),
|
||||
permissions => array['UPDATE'],
|
||||
incomingSuperRoles => array[hsBookingItemOWNER(NEW)]
|
||||
);
|
||||
|
||||
perform createRoleWithGrants(
|
||||
perform rbac.defineRoleWithGrants(
|
||||
hsBookingItemAGENT(NEW),
|
||||
incomingSuperRoles => array[hsBookingItemADMIN(NEW)]
|
||||
);
|
||||
|
||||
perform createRoleWithGrants(
|
||||
perform rbac.defineRoleWithGrants(
|
||||
hsBookingItemTENANT(NEW),
|
||||
permissions => array['SELECT'],
|
||||
incomingSuperRoles => array[hsBookingItemAGENT(NEW)],
|
||||
@ -253,7 +253,7 @@ create trigger hs_booking_item_insert_permission_check_tg
|
||||
--changeset hs-booking-item-rbac-IDENTITY-VIEW:1 endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
call generateRbacIdentityViewFromProjection('hs_booking_item',
|
||||
call rbac.generateRbacIdentityViewFromProjection('hs_booking_item',
|
||||
$idName$
|
||||
caption
|
||||
$idName$);
|
||||
@ -263,7 +263,7 @@ call generateRbacIdentityViewFromProjection('hs_booking_item',
|
||||
-- ============================================================================
|
||||
|