From 14866f9539195ca2ed76b8b6889c799e4a00b5d8 Mon Sep 17 00:00:00 2001 From: Michael Hoennig Date: Sat, 14 Sep 2024 10:58:57 +0200 Subject: [PATCH] fix rbac.currentSubjects() -> base.currentSubjects() --- .../hsadminng/rbac/rbacdef/InsertTriggerGenerator.java | 2 +- .../db/changelog/1-rbac/1051-rbac-subject-grant.sql | 8 ++++---- .../2-test/201-test-customer/2013-test-customer-rbac.sql | 2 +- .../2-test/202-test-package/2023-test-package-rbac.sql | 2 +- .../2-test/203-test-domain/2033-test-domain-rbac.sql | 2 +- .../503-relation/5033-hs-office-relation-rbac.sql | 2 +- .../504-partner/5043-hs-office-partner-rbac.sql | 2 +- .../504-partner/5044-hs-office-partner-details-rbac.sql | 2 +- .../506-debitor/5063-hs-office-debitor-rbac.sql | 2 +- .../507-sepamandate/5073-hs-office-sepamandate-rbac.sql | 2 +- .../510-membership/5103-hs-office-membership-rbac.sql | 2 +- .../511-coopshares/5113-hs-office-coopshares-rbac.sql | 2 +- .../512-coopassets/5123-hs-office-coopassets-rbac.sql | 2 +- .../620-booking-project/6203-hs-booking-project-rbac.sql | 2 +- .../630-booking-item/6203-hs-booking-item-rbac.sql | 2 +- .../630-booking-item/6303-hs-booking-item-rbac.sql | 2 +- 16 files changed, 19 insertions(+), 19 deletions(-) diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/InsertTriggerGenerator.java b/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/InsertTriggerGenerator.java index 06855099..454a4394 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/InsertTriggerGenerator.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/InsertTriggerGenerator.java @@ -255,7 +255,7 @@ public class InsertTriggerGenerator { plPgSql.writeLn(); plPgSql.writeLn(""" raise exception '[403] insert into ${rawSubTable} values(%) not allowed for current subjects % (%)', - NEW, rbac.currentSubjects(), currentSubjectOrAssumedRolesUuids(); + NEW, base.currentSubjects(), currentSubjectOrAssumedRolesUuids(); end; $$; create trigger ${rawSubTable}_insert_permission_check_tg diff --git a/src/main/resources/db/changelog/1-rbac/1051-rbac-subject-grant.sql b/src/main/resources/db/changelog/1-rbac/1051-rbac-subject-grant.sql index cb348008..fb3a50f5 100644 --- a/src/main/resources/db/changelog/1-rbac/1051-rbac-subject-grant.sql +++ b/src/main/resources/db/changelog/1-rbac/1051-rbac-subject-grant.sql @@ -51,7 +51,7 @@ begin if NOT rbac.isGranted(rbac.currentSubjectOrAssumedRolesUuids(), grantedByRoleUuid) then select roleIdName from rbac.role_ev where uuid=grantedByRoleUuid into grantedByRoleIdName; raise exception '[403] Access to granted-by-role % (%) forbidden for % (%)', - grantedByRoleIdName, grantedByRoleUuid, rbac.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); + grantedByRoleIdName, grantedByRoleUuid, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); end if; if NOT rbac.isGranted(grantedByRoleUuid, grantedRoleUuid) then select roleIdName from rbac.role_ev where uuid=grantedByRoleUuid into grantedByRoleIdName; @@ -82,16 +82,16 @@ begin perform rbac.assertReferenceType('subjectUuid (ascendant)', subjectUuid, 'rbac.subject'); if NOT rbac.isGranted(rbac.currentSubjectOrAssumedRolesUuids(), grantedByRoleUuid) then - raise exception '[403] Revoking role created by % is forbidden for %.', grantedByRoleUuid, rbac.currentSubjects(); + raise exception '[403] Revoking role created by % is forbidden for %.', grantedByRoleUuid, base.currentSubjects(); end if; if NOT rbac.isGranted(grantedByRoleUuid, grantedRoleUuid) then - raise exception '[403] Revoking role % is forbidden for %.', grantedRoleUuid, rbac.currentSubjects(); + raise exception '[403] Revoking role % is forbidden for %.', grantedRoleUuid, base.currentSubjects(); end if; --raise exception 'rbac.isGranted(%, %)', rbac.currentSubjectOrAssumedRolesUuids(), grantedByRoleUuid; if NOT rbac.isGranted(rbac.currentSubjectOrAssumedRolesUuids(), grantedByRoleUuid) then - raise exception '[403] Revoking role granted by % is forbidden for %.', grantedByRoleUuid, rbac.currentSubjects(); + raise exception '[403] Revoking role granted by % is forbidden for %.', grantedByRoleUuid, base.currentSubjects(); end if; if NOT rbac.isGranted(subjectUuid, grantedRoleUuid) then diff --git a/src/main/resources/db/changelog/2-test/201-test-customer/2013-test-customer-rbac.sql b/src/main/resources/db/changelog/2-test/201-test-customer/2013-test-customer-rbac.sql index ef52b1ee..acd8994c 100644 --- a/src/main/resources/db/changelog/2-test/201-test-customer/2013-test-customer-rbac.sql +++ b/src/main/resources/db/changelog/2-test/201-test-customer/2013-test-customer-rbac.sql @@ -143,7 +143,7 @@ begin end if; raise exception '[403] insert into test_customer values(%) not allowed for current subjects % (%)', - NEW, rbac.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); + NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); end; $$; create trigger test_customer_insert_permission_check_tg diff --git a/src/main/resources/db/changelog/2-test/202-test-package/2023-test-package-rbac.sql b/src/main/resources/db/changelog/2-test/202-test-package/2023-test-package-rbac.sql index 3dcfec24..20f98256 100644 --- a/src/main/resources/db/changelog/2-test/202-test-package/2023-test-package-rbac.sql +++ b/src/main/resources/db/changelog/2-test/202-test-package/2023-test-package-rbac.sql @@ -208,7 +208,7 @@ begin end if; raise exception '[403] insert into test_package values(%) not allowed for current subjects % (%)', - NEW, rbac.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); + NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); end; $$; create trigger test_package_insert_permission_check_tg diff --git a/src/main/resources/db/changelog/2-test/203-test-domain/2033-test-domain-rbac.sql b/src/main/resources/db/changelog/2-test/203-test-domain/2033-test-domain-rbac.sql index 38129b2b..561ea5a7 100644 --- a/src/main/resources/db/changelog/2-test/203-test-domain/2033-test-domain-rbac.sql +++ b/src/main/resources/db/changelog/2-test/203-test-domain/2033-test-domain-rbac.sql @@ -207,7 +207,7 @@ begin end if; raise exception '[403] insert into test_domain values(%) not allowed for current subjects % (%)', - NEW, rbac.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); + NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); end; $$; create trigger test_domain_insert_permission_check_tg diff --git a/src/main/resources/db/changelog/5-hs-office/503-relation/5033-hs-office-relation-rbac.sql b/src/main/resources/db/changelog/5-hs-office/503-relation/5033-hs-office-relation-rbac.sql index 15488f65..a2c75f1a 100644 --- a/src/main/resources/db/changelog/5-hs-office/503-relation/5033-hs-office-relation-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/503-relation/5033-hs-office-relation-rbac.sql @@ -217,7 +217,7 @@ begin end if; raise exception '[403] insert into hs_office_relation not allowed for current subjects % (%)', - rbac.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); + base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); end; $$; create trigger hs_office_relation_insert_permission_check_tg diff --git a/src/main/resources/db/changelog/5-hs-office/504-partner/5043-hs-office-partner-rbac.sql b/src/main/resources/db/changelog/5-hs-office/504-partner/5043-hs-office-partner-rbac.sql index e1fb56f8..1cd6335a 100644 --- a/src/main/resources/db/changelog/5-hs-office/504-partner/5043-hs-office-partner-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/504-partner/5043-hs-office-partner-rbac.sql @@ -220,7 +220,7 @@ begin end if; raise exception '[403] insert into hs_office_partner values(%) not allowed for current subjects % (%)', - NEW, rbac.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); + NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); end; $$; create trigger hs_office_partner_insert_permission_check_tg diff --git a/src/main/resources/db/changelog/5-hs-office/504-partner/5044-hs-office-partner-details-rbac.sql b/src/main/resources/db/changelog/5-hs-office/504-partner/5044-hs-office-partner-details-rbac.sql index 56cdbfa6..26b4e243 100644 --- a/src/main/resources/db/changelog/5-hs-office/504-partner/5044-hs-office-partner-details-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/504-partner/5044-hs-office-partner-details-rbac.sql @@ -124,7 +124,7 @@ begin end if; raise exception '[403] insert into hs_office_partner_details values(%) not allowed for current subjects % (%)', - NEW, rbac.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); + NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); end; $$; create trigger hs_office_partner_details_insert_permission_check_tg diff --git a/src/main/resources/db/changelog/5-hs-office/506-debitor/5063-hs-office-debitor-rbac.sql b/src/main/resources/db/changelog/5-hs-office/506-debitor/5063-hs-office-debitor-rbac.sql index 0e7a68f8..4f000bb0 100644 --- a/src/main/resources/db/changelog/5-hs-office/506-debitor/5063-hs-office-debitor-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/506-debitor/5063-hs-office-debitor-rbac.sql @@ -193,7 +193,7 @@ begin end if; raise exception '[403] insert into hs_office_debitor values(%) not allowed for current subjects % (%)', - NEW, rbac.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); + NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); end; $$; create trigger hs_office_debitor_insert_permission_check_tg diff --git a/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5073-hs-office-sepamandate-rbac.sql b/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5073-hs-office-sepamandate-rbac.sql index d795efe3..ff1d7343 100644 --- a/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5073-hs-office-sepamandate-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5073-hs-office-sepamandate-rbac.sql @@ -174,7 +174,7 @@ begin end if; raise exception '[403] insert into hs_office_sepamandate values(%) not allowed for current subjects % (%)', - NEW, rbac.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); + NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); end; $$; create trigger hs_office_sepamandate_insert_permission_check_tg diff --git a/src/main/resources/db/changelog/5-hs-office/510-membership/5103-hs-office-membership-rbac.sql b/src/main/resources/db/changelog/5-hs-office/510-membership/5103-hs-office-membership-rbac.sql index 986c4bfd..a3ca38ba 100644 --- a/src/main/resources/db/changelog/5-hs-office/510-membership/5103-hs-office-membership-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/510-membership/5103-hs-office-membership-rbac.sql @@ -155,7 +155,7 @@ begin end if; raise exception '[403] insert into hs_office_membership values(%) not allowed for current subjects % (%)', - NEW, rbac.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); + NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); end; $$; create trigger hs_office_membership_insert_permission_check_tg diff --git a/src/main/resources/db/changelog/5-hs-office/511-coopshares/5113-hs-office-coopshares-rbac.sql b/src/main/resources/db/changelog/5-hs-office/511-coopshares/5113-hs-office-coopshares-rbac.sql index 95671db2..e0a9bd0c 100644 --- a/src/main/resources/db/changelog/5-hs-office/511-coopshares/5113-hs-office-coopshares-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/511-coopshares/5113-hs-office-coopshares-rbac.sql @@ -131,7 +131,7 @@ begin end if; raise exception '[403] insert into hs_office_coopsharestransaction values(%) not allowed for current subjects % (%)', - NEW, rbac.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); + NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); end; $$; create trigger hs_office_coopsharestransaction_insert_permission_check_tg diff --git a/src/main/resources/db/changelog/5-hs-office/512-coopassets/5123-hs-office-coopassets-rbac.sql b/src/main/resources/db/changelog/5-hs-office/512-coopassets/5123-hs-office-coopassets-rbac.sql index 3f16e717..a0351650 100644 --- a/src/main/resources/db/changelog/5-hs-office/512-coopassets/5123-hs-office-coopassets-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/512-coopassets/5123-hs-office-coopassets-rbac.sql @@ -131,7 +131,7 @@ begin end if; raise exception '[403] insert into hs_office_coopassetstransaction values(%) not allowed for current subjects % (%)', - NEW, rbac.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); + NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); end; $$; create trigger hs_office_coopassetstransaction_insert_permission_check_tg diff --git a/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6203-hs-booking-project-rbac.sql b/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6203-hs-booking-project-rbac.sql index 99009a3c..f4bd88c1 100644 --- a/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6203-hs-booking-project-rbac.sql +++ b/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6203-hs-booking-project-rbac.sql @@ -168,7 +168,7 @@ begin end if; raise exception '[403] insert into hs_booking_project values(%) not allowed for current subjects % (%)', - NEW, rbac.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); + NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); end; $$; create trigger hs_booking_project_insert_permission_check_tg diff --git a/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6203-hs-booking-item-rbac.sql b/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6203-hs-booking-item-rbac.sql index 573f1a68..a53ebe84 100644 --- a/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6203-hs-booking-item-rbac.sql +++ b/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6203-hs-booking-item-rbac.sql @@ -239,7 +239,7 @@ begin end if; raise exception '[403] insert into hs_booking_item values(%) not allowed for current subjects % (%)', - NEW, rbac.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); + NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); end; $$; create trigger hs_booking_item_insert_permission_check_tg diff --git a/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6303-hs-booking-item-rbac.sql b/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6303-hs-booking-item-rbac.sql index 573f1a68..a53ebe84 100644 --- a/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6303-hs-booking-item-rbac.sql +++ b/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6303-hs-booking-item-rbac.sql @@ -239,7 +239,7 @@ begin end if; raise exception '[403] insert into hs_booking_item values(%) not allowed for current subjects % (%)', - NEW, rbac.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); + NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); end; $$; create trigger hs_booking_item_insert_permission_check_tg