fix rbac.currentSubjects() -> base.currentSubjects()

This commit is contained in:
Michael Hoennig 2024-09-14 10:58:57 +02:00
parent a7e3ae79d0
commit 14866f9539
16 changed files with 19 additions and 19 deletions

View File

@ -255,7 +255,7 @@ public class InsertTriggerGenerator {
plPgSql.writeLn();
plPgSql.writeLn("""
raise exception '[403] insert into ${rawSubTable} values(%) not allowed for current subjects % (%)',
NEW, rbac.currentSubjects(), currentSubjectOrAssumedRolesUuids();
NEW, base.currentSubjects(), currentSubjectOrAssumedRolesUuids();
end; $$;
create trigger ${rawSubTable}_insert_permission_check_tg

View File

@ -51,7 +51,7 @@ begin
if NOT rbac.isGranted(rbac.currentSubjectOrAssumedRolesUuids(), grantedByRoleUuid) then
select roleIdName from rbac.role_ev where uuid=grantedByRoleUuid into grantedByRoleIdName;
raise exception '[403] Access to granted-by-role % (%) forbidden for % (%)',
grantedByRoleIdName, grantedByRoleUuid, rbac.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
grantedByRoleIdName, grantedByRoleUuid, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
end if;
if NOT rbac.isGranted(grantedByRoleUuid, grantedRoleUuid) then
select roleIdName from rbac.role_ev where uuid=grantedByRoleUuid into grantedByRoleIdName;
@ -82,16 +82,16 @@ begin
perform rbac.assertReferenceType('subjectUuid (ascendant)', subjectUuid, 'rbac.subject');
if NOT rbac.isGranted(rbac.currentSubjectOrAssumedRolesUuids(), grantedByRoleUuid) then
raise exception '[403] Revoking role created by % is forbidden for %.', grantedByRoleUuid, rbac.currentSubjects();
raise exception '[403] Revoking role created by % is forbidden for %.', grantedByRoleUuid, base.currentSubjects();
end if;
if NOT rbac.isGranted(grantedByRoleUuid, grantedRoleUuid) then
raise exception '[403] Revoking role % is forbidden for %.', grantedRoleUuid, rbac.currentSubjects();
raise exception '[403] Revoking role % is forbidden for %.', grantedRoleUuid, base.currentSubjects();
end if;
--raise exception 'rbac.isGranted(%, %)', rbac.currentSubjectOrAssumedRolesUuids(), grantedByRoleUuid;
if NOT rbac.isGranted(rbac.currentSubjectOrAssumedRolesUuids(), grantedByRoleUuid) then
raise exception '[403] Revoking role granted by % is forbidden for %.', grantedByRoleUuid, rbac.currentSubjects();
raise exception '[403] Revoking role granted by % is forbidden for %.', grantedByRoleUuid, base.currentSubjects();
end if;
if NOT rbac.isGranted(subjectUuid, grantedRoleUuid) then

View File

@ -143,7 +143,7 @@ begin
end if;
raise exception '[403] insert into test_customer values(%) not allowed for current subjects % (%)',
NEW, rbac.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
end; $$;
create trigger test_customer_insert_permission_check_tg

View File

@ -208,7 +208,7 @@ begin
end if;
raise exception '[403] insert into test_package values(%) not allowed for current subjects % (%)',
NEW, rbac.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
end; $$;
create trigger test_package_insert_permission_check_tg

View File

@ -207,7 +207,7 @@ begin
end if;
raise exception '[403] insert into test_domain values(%) not allowed for current subjects % (%)',
NEW, rbac.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
end; $$;
create trigger test_domain_insert_permission_check_tg

View File

@ -217,7 +217,7 @@ begin
end if;
raise exception '[403] insert into hs_office_relation not allowed for current subjects % (%)',
rbac.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
end; $$;
create trigger hs_office_relation_insert_permission_check_tg

View File

@ -220,7 +220,7 @@ begin
end if;
raise exception '[403] insert into hs_office_partner values(%) not allowed for current subjects % (%)',
NEW, rbac.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
end; $$;
create trigger hs_office_partner_insert_permission_check_tg

View File

@ -124,7 +124,7 @@ begin
end if;
raise exception '[403] insert into hs_office_partner_details values(%) not allowed for current subjects % (%)',
NEW, rbac.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
end; $$;
create trigger hs_office_partner_details_insert_permission_check_tg

View File

@ -193,7 +193,7 @@ begin
end if;
raise exception '[403] insert into hs_office_debitor values(%) not allowed for current subjects % (%)',
NEW, rbac.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
end; $$;
create trigger hs_office_debitor_insert_permission_check_tg

View File

@ -174,7 +174,7 @@ begin
end if;
raise exception '[403] insert into hs_office_sepamandate values(%) not allowed for current subjects % (%)',
NEW, rbac.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
end; $$;
create trigger hs_office_sepamandate_insert_permission_check_tg

View File

@ -155,7 +155,7 @@ begin
end if;
raise exception '[403] insert into hs_office_membership values(%) not allowed for current subjects % (%)',
NEW, rbac.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
end; $$;
create trigger hs_office_membership_insert_permission_check_tg

View File

@ -131,7 +131,7 @@ begin
end if;
raise exception '[403] insert into hs_office_coopsharestransaction values(%) not allowed for current subjects % (%)',
NEW, rbac.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
end; $$;
create trigger hs_office_coopsharestransaction_insert_permission_check_tg

View File

@ -131,7 +131,7 @@ begin
end if;
raise exception '[403] insert into hs_office_coopassetstransaction values(%) not allowed for current subjects % (%)',
NEW, rbac.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
end; $$;
create trigger hs_office_coopassetstransaction_insert_permission_check_tg

View File

@ -168,7 +168,7 @@ begin
end if;
raise exception '[403] insert into hs_booking_project values(%) not allowed for current subjects % (%)',
NEW, rbac.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
end; $$;
create trigger hs_booking_project_insert_permission_check_tg

View File

@ -239,7 +239,7 @@ begin
end if;
raise exception '[403] insert into hs_booking_item values(%) not allowed for current subjects % (%)',
NEW, rbac.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
end; $$;
create trigger hs_booking_item_insert_permission_check_tg

View File

@ -239,7 +239,7 @@ begin
end if;
raise exception '[403] insert into hs_booking_item values(%) not allowed for current subjects % (%)',
NEW, rbac.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
end; $$;
create trigger hs_booking_item_insert_permission_check_tg