hostsharing/hs.hsadmin.ng
6
0
Fork 0
Code Pull Requests 2 Activity

create or replace function base.findObjectUuidByIdName(objectTable varchar, objectIdName varchar)

Browse Source 
create or replace function base.findObjectUuidByIdName(objectTable varchar, objectIdName varchar)
create or replace function base.findObjectUuidByIdName(objectTable varchar, objectIdName varchar)
move findObjectUuidByIdName+findIdNameByObjectUuid from base to rbac and related naming issues
This commit is contained in:
Michael Hoennig 2024-09-20 12:21:58 +02:00
parent 3c32668053
commit 12d74a75ca
6 changed files with 63 additions and 58 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
src/main/resources/db/changelog/0-base/010-context.sql
View File

@ -168,45 +168,6 @@ begin
return cleanIdentifier; return cleanIdentifier;
end; $$; end; $$;
create or replace function base.findObjectUuidByIdName(objectTable varchar, objectIdName varchar)
returns uuid
returns null on null input
language plpgsql as $$
declare
sql varchar;
uuid uuid;
begin
objectTable := base.pureIdentifier(objectTable);
objectIdName := base.pureIdentifier(objectIdName);
sql := format('select * from %sUuidByIdName(%L);', objectTable, objectIdName);
begin
execute sql into uuid;
exception
when others then
raise exception 'function %UuidByIdName(...) not found, add identity view support for table %', objectTable, objectTable;
end;
return uuid;
end ; $$;
create or replace function base.findIdNameByObjectUuid(objectTable varchar, objectUuid uuid)
returns varchar
returns null on null input
language plpgsql as $$
declare
sql varchar;
idName varchar;
begin
objectTable := base.pureIdentifier(objectTable);
sql := format('select * from %sIdNameByUuid(%L::uuid);', objectTable, objectUuid);
begin
execute sql into idName;
exception
when others then
raise exception 'function %IdNameByUuid(...) not found, add identity view support for table %', objectTable, objectTable;
end;
return idName;
end ; $$;
create or replace function base.currentSubjects() create or replace function base.currentSubjects()
returns varchar(1023)[] returns varchar(1023)[]
stable -- leakproof stable -- leakproof

46
src/main/resources/db/changelog/1-rbac/1050-rbac-base.sql
View File

@ -233,6 +233,50 @@ $$;
--// --//
-- ============================================================================
--changeset michael.hoennig:rbac-base-IDNAME-FUNCTIONS endDelimiter:--//
-- ----------------------------------------------------------------------------
create or replace function rbac.findObjectUuidByIdName(objectTable varchar, objectIdName varchar)
returns uuid
returns null on null input
language plpgsql as $$
declare
sql varchar;
uuid uuid;
begin
objectTable := base.pureIdentifier(objectTable);
objectIdName := base.pureIdentifier(objectIdName);
sql := format('select * from %s_uuid_by_id_name(%L);', objectTable, objectIdName);
begin
execute sql into uuid;
exception
when others then
raise exception 'function %_uuid_by_id_name(...) not found, add identity view support for table %', objectTable, objectTable;
end;
return uuid;
end ; $$;
create or replace function rbac.findIdNameByObjectUuid(objectTable varchar, objectUuid uuid)
returns varchar
returns null on null input
language plpgsql as $$
declare
sql varchar;
idName varchar;
begin
objectTable := base.pureIdentifier(objectTable);
sql := format('select * from %s_id_name_by_uuid(%L::uuid);', objectTable, objectUuid);
begin
execute sql into idName;
exception
when others then
raise exception 'function %_id_name_by_uuid(...) not found, add identity view support for table %', objectTable, objectTable;
end;
return idName;
end ; $$;
--//
-- ============================================================================ -- ============================================================================
--changeset michael.hoennig:rbac-base-ROLE-FUNCTIONS endDelimiter:--// --changeset michael.hoennig:rbac-base-ROLE-FUNCTIONS endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
@ -262,7 +306,7 @@ begin
objectTableFromRoleIdName = split_part(roleParts, '#', 1); objectTableFromRoleIdName = split_part(roleParts, '#', 1);
objectNameFromRoleIdName = split_part(roleParts, '#', 2); objectNameFromRoleIdName = split_part(roleParts, '#', 2);
roleTypeFromRoleIdName = split_part(roleParts, '#', 3); roleTypeFromRoleIdName = split_part(roleParts, '#', 3);
objectUuidOfRole = base.findObjectUuidByIdName(objectTableFromRoleIdName, objectNameFromRoleIdName); objectUuidOfRole = rbac.findObjectUuidByIdName(objectTableFromRoleIdName, objectNameFromRoleIdName);
select uuid select uuid
from rbac.role from rbac.role

2
src/main/resources/db/changelog/1-rbac/1054-rbac-context.sql
View File

@ -55,7 +55,7 @@ begin
objectNameToAssume = split_part(roleNameParts, '#', 2); objectNameToAssume = split_part(roleNameParts, '#', 2);
roleTypeToAssume = split_part(roleNameParts, '#', 3); roleTypeToAssume = split_part(roleNameParts, '#', 3);
objectUuidToAssume = base.findObjectUuidByIdName(objectTableToAssume, objectNameToAssume); objectUuidToAssume = rbac.findObjectUuidByIdName(objectTableToAssume, objectNameToAssume);
if objectUuidToAssume is null then if objectUuidToAssume is null then
raise exception '[401] object % cannot be found in table % (from roleNameParts=%)', objectNameToAssume, objectTableToAssume, roleNameParts; raise exception '[401] object % cannot be found in table % (from roleNameParts=%)', objectNameToAssume, objectTableToAssume, roleNameParts;
end if; end if;

22
src/main/resources/db/changelog/1-rbac/1055-rbac-views.sql
View File

@ -13,7 +13,7 @@ select (objectTable || '#' || objectIdName || ':' || roleType) as roleIdName, *
-- @formatter:off -- @formatter:off
from ( from (
select r.*, select r.*,
o.objectTable, base.findIdNameByObjectUuid(o.objectTable, o.uuid) as objectIdName o.objectTable, rbac.findIdNameByObjectUuid(o.objectTable, o.uuid) as objectIdName
from rbac.role as r from rbac.role as r
join rbac.object as o on o.uuid = r.objectuuid join rbac.object as o on o.uuid = r.objectuuid
) as unordered ) as unordered
@ -34,7 +34,7 @@ select *
-- @formatter:off -- @formatter:off
from ( from (
select r.*, o.objectTable, select r.*, o.objectTable,
base.findIdNameByObjectUuid(o.objectTable, o.uuid) as objectIdName rbac.findIdNameByObjectUuid(o.objectTable, o.uuid) as objectIdName
from rbac.role as r from rbac.role as r
join rbac.object as o on o.uuid = r.objectuuid join rbac.object as o on o.uuid = r.objectuuid
where rbac.isGranted(rbac.currentSubjectOrAssumedRolesUuids(), r.uuid) where rbac.isGranted(rbac.currentSubjectOrAssumedRolesUuids(), r.uuid)
@ -57,7 +57,7 @@ create or replace view rbac.grants_ev as
-- @formatter:off -- @formatter:off
select x.grantUuid as uuid, select x.grantUuid as uuid,
x.grantedByTriggerOf as grantedByTriggerOf, x.grantedByTriggerOf as grantedByTriggerOf,
go.objectTable || '#' || base.findIdNameByObjectUuid(go.objectTable, go.uuid) || ':' || r.roletype as grantedByRoleIdName, go.objectTable || '#' || rbac.findIdNameByObjectUuid(go.objectTable, go.uuid) || ':' || r.roletype as grantedByRoleIdName,
x.ascendingIdName as ascendantIdName, x.ascendingIdName as ascendantIdName,
x.descendingIdName as descendantIdName, x.descendingIdName as descendantIdName,
x.grantedByRoleUuid, x.grantedByRoleUuid,
@ -72,15 +72,15 @@ create or replace view rbac.grants_ev as
coalesce( coalesce(
'user:' || au.name, 'user:' || au.name,
'role:' || aro.objectTable || '#' || base.findIdNameByObjectUuid(aro.objectTable, aro.uuid) || ':' || ar.roletype 'role:' || aro.objectTable || '#' || rbac.findIdNameByObjectUuid(aro.objectTable, aro.uuid) || ':' || ar.roletype
) as ascendingIdName, ) as ascendingIdName,
aro.objectTable, aro.uuid, aro.objectTable, aro.uuid,
( case ( case
when dro is not null when dro is not null
then ('role:' || dro.objectTable || '#' || base.findIdNameByObjectUuid(dro.objectTable, dro.uuid) || ':' || dr.roletype) then ('role:' || dro.objectTable || '#' || rbac.findIdNameByObjectUuid(dro.objectTable, dro.uuid) || ':' || dr.roletype)
when dp.op = 'INSERT' when dp.op = 'INSERT'
then 'perm:' || dpo.objecttable || '#' || base.findIdNameByObjectUuid(dpo.objectTable, dpo.uuid) || ':' || dp.op || '>' || dp.opTableName then 'perm:' || dpo.objecttable || '#' || rbac.findIdNameByObjectUuid(dpo.objectTable, dpo.uuid) || ':' || dp.op || '>' || dp.opTableName
else 'perm:' || dpo.objecttable || '#' || base.findIdNameByObjectUuid(dpo.objectTable, dpo.uuid) || ':' || dp.op else 'perm:' || dpo.objecttable || '#' || rbac.findIdNameByObjectUuid(dpo.objectTable, dpo.uuid) || ':' || dp.op
end end
) as descendingIdName, ) as descendingIdName,
dro.objectTable, dro.uuid, dro.objectTable, dro.uuid,
@ -114,14 +114,14 @@ create or replace view rbac.grants_ev as
*/ */
create or replace view rbac.grants_rv as create or replace view rbac.grants_rv as
-- @formatter:off -- @formatter:off
select o.objectTable || '#' || base.findIdNameByObjectUuid(o.objectTable, o.uuid) || ':' || r.roletype as grantedByRoleIdName, select o.objectTable || '#' || rbac.findIdNameByObjectUuid(o.objectTable, o.uuid) || ':' || r.roletype as grantedByRoleIdName,
g.objectTable || '#' || g.objectIdName || ':' || g.roletype as grantedRoleIdName, g.userName, g.assumed, g.objectTable || '#' || g.objectIdName || ':' || g.roletype as grantedRoleIdName, g.userName, g.assumed,
g.grantedByRoleUuid, g.descendantUuid as grantedRoleUuid, g.ascendantUuid as subjectUuid, g.grantedByRoleUuid, g.descendantUuid as grantedRoleUuid, g.ascendantUuid as subjectUuid,
g.objectTable, g.objectUuid, g.objectIdName, g.roleType as grantedRoleType g.objectTable, g.objectUuid, g.objectIdName, g.roleType as grantedRoleType
from ( from (
select g.grantedbyroleuuid, g.ascendantuuid, g.descendantuuid, g.assumed, select g.grantedbyroleuuid, g.ascendantuuid, g.descendantuuid, g.assumed,
u.name as userName, o.objecttable, r.objectuuid, r.roletype, u.name as userName, o.objecttable, r.objectuuid, r.roletype,
base.findIdNameByObjectUuid(o.objectTable, o.uuid) as objectIdName rbac.findIdNameByObjectUuid(o.objectTable, o.uuid) as objectIdName
from rbac.grants as g from rbac.grants as g
join rbac.role as r on r.uuid = g.descendantUuid join rbac.role as r on r.uuid = g.descendantUuid
join rbac.object o on o.uuid = r.objectuuid join rbac.object o on o.uuid = r.objectuuid
@ -363,10 +363,10 @@ begin
xp.permissionObjectTable, xp.permissionObjectIdName, xp.permissionObjectUuid xp.permissionObjectTable, xp.permissionObjectIdName, xp.permissionObjectUuid
from (select from (select
r.uuid as roleUuid, r.roletype, ro.objectTable as roleObjectTable, r.uuid as roleUuid, r.roletype, ro.objectTable as roleObjectTable,
base.findIdNameByObjectUuid(ro.objectTable, ro.uuid) as roleObjectIdName, rbac.findIdNameByObjectUuid(ro.objectTable, ro.uuid) as roleObjectIdName,
p.uuid as permissionUuid, p.op, p.opTableName, p.uuid as permissionUuid, p.op, p.opTableName,
po.objecttable as permissionObjectTable, po.objecttable as permissionObjectTable,
base.findIdNameByObjectUuid(po.objectTable, po.uuid) as permissionObjectIdName, rbac.findIdNameByObjectUuid(po.objectTable, po.uuid) as permissionObjectIdName,
po.uuid as permissionObjectUuid po.uuid as permissionObjectUuid
from rbac.queryPermissionsGrantedToSubjectId( targetSubjectUuid) as p from rbac.queryPermissionsGrantedToSubjectId( targetSubjectUuid) as p
join rbac.grants as g on g.descendantUuid = p.uuid join rbac.grants as g on g.descendantUuid = p.uuid

4
src/main/resources/db/changelog/1-rbac/1058-rbac-generators.sql
View File

@ -130,7 +130,7 @@ begin
-- creates a function which maps an idName to the objectUuid -- creates a function which maps an idName to the objectUuid
sql = format($sql$ sql = format($sql$
create or replace function %1$sUuidByIdName(givenIdName varchar) create or replace function %1$s_uuid_by_id_name(givenIdName varchar)
returns uuid returns uuid
language plpgsql as $f$ language plpgsql as $f$
declare declare
@ -144,7 +144,7 @@ begin
-- creates a function which maps an objectUuid to the related idName -- creates a function which maps an objectUuid to the related idName
sql = format($sql$ sql = format($sql$
create or replace function %1$sIdNameByUuid(givenUuid uuid) create or replace function %1$s_id_name_by_uuid(givenUuid uuid)
returns varchar returns varchar
language sql language sql
strict as $f$ strict as $f$

8
src/main/resources/db/changelog/1-rbac/1080-rbac-global.sql
View File

@ -66,21 +66,21 @@ grant all privileges on rbac.global_iv to ${HSADMINNG_POSTGRES_RESTRICTED_USERNA
/* /*
Returns the objectUuid for a given identifying name (in this case the idName). Returns the objectUuid for a given identifying name (in this case the idName).
*/ */
create or replace function rbac.globalUuidByIdName(idName varchar) create or replace function rbac.global_uuid_by_id_name(idName varchar)
returns uuid returns uuid
language sql language sql
strict as $$ strict as $$
select uuid from rbac.global_iv iv where iv.idName = globalUuidByIdName.idName; select uuid from rbac.global_iv iv where iv.idName = global_uuid_by_id_name.idName;
$$; $$;
/* /*
Returns the identifying name for a given objectUuid (in this case the idName). Returns the identifying name for a given objectUuid (in this case the idName).
*/ */
create or replace function rbac.globalIdNameByUuid(uuid uuid) create or replace function rbac.global_id_name_by_uuid(uuid uuid)
returns varchar returns varchar
language sql language sql
strict as $$ strict as $$
select idName from rbac.global_iv iv where iv.uuid = globalIdNameByUuid.uuid; select idName from rbac.global_iv iv where iv.uuid = global_id_name_by_uuid.uuid;
$$; $$;
--// --//