hostsharing/hs.hsadmin.ng
6
0
Fork 0
Code Pull Requests 2 Activity

remove superfluous 'INSERT' from hasInsertPermission

Browse Source
This commit is contained in:
Michael Hoennig 2024-04-25 11:33:46 +02:00
parent d285b440ea
commit 21bb9dad19
9 changed files with 10 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/main/resources/db/changelog/1-rbac/1050-rbac-base.sql
View File

@ -569,14 +569,14 @@ select exists(
); );
$$; $$;
create or replace function hasInsertPermission(objectUuid uuid, forOp RbacOp, tableName text ) create or replace function hasInsertPermission(objectUuid uuid, tableName text )
returns BOOL returns BOOL
stable -- leakproof stable -- leakproof
language plpgsql as $$ language plpgsql as $$
declare declare
permissionUuid uuid; permissionUuid uuid;
begin begin
permissionUuid = findPermissionId(objectUuid, forOp, tableName); permissionUuid = findPermissionId(objectUuid, 'INSERT'::RbacOp, tableName);
return permissionUuid is not null; return permissionUuid is not null;
end; end;
$$; $$;

2
src/main/resources/db/changelog/2-test/202-test-package/2023-test-package-rbac.sql
View File

@ -200,7 +200,7 @@ end; $$;
create trigger test_package_insert_permission_check_tg create trigger test_package_insert_permission_check_tg
before insert on test_package before insert on test_package
for each row for each row
when ( not hasInsertPermission(NEW.customerUuid, 'INSERT', 'test_package') ) when ( not hasInsertPermission(NEW.customerUuid, 'test_package') )
execute procedure test_package_insert_permission_missing_tf(); execute procedure test_package_insert_permission_missing_tf();
--// --//

2
src/main/resources/db/changelog/2-test/203-test-domain/2033-test-domain-rbac.sql
View File

@ -199,7 +199,7 @@ end; $$;
create trigger test_domain_insert_permission_check_tg create trigger test_domain_insert_permission_check_tg
before insert on test_domain before insert on test_domain
for each row for each row
when ( not hasInsertPermission(NEW.packageUuid, 'INSERT', 'test_domain') ) when ( not hasInsertPermission(NEW.packageUuid, 'test_domain') )
execute procedure test_domain_insert_permission_missing_tf(); execute procedure test_domain_insert_permission_missing_tf();
--// --//

2
src/main/resources/db/changelog/5-hs-office/503-relation/5033-hs-office-relation-rbac.sql
View File

@ -209,7 +209,7 @@ end; $$;
create trigger hs_office_relation_insert_permission_check_tg create trigger hs_office_relation_insert_permission_check_tg
before insert on hs_office_relation before insert on hs_office_relation
for each row for each row
when ( not hasInsertPermission(NEW.anchorUuid, 'INSERT', 'hs_office_relation') ) when ( not hasInsertPermission(NEW.anchorUuid, 'hs_office_relation') )
execute procedure hs_office_relation_insert_permission_missing_tf(); execute procedure hs_office_relation_insert_permission_missing_tf();
--// --//

2
src/main/resources/db/changelog/5-hs-office/507-sepamandate/5073-hs-office-sepamandate-rbac.sql
View File

@ -168,7 +168,7 @@ begin
); );
assert superRoleObjectUuid is not null, 'superRoleObjectUuid must not be null'; assert superRoleObjectUuid is not null, 'superRoleObjectUuid must not be null';
if ( not hasInsertPermission(superRoleObjectUuid, 'INSERT', 'hs_office_sepamandate') ) then if ( not hasInsertPermission(superRoleObjectUuid, 'hs_office_sepamandate') ) then
raise exception raise exception
'[403] insert into hs_office_sepamandate not allowed for current subjects % (%)', '[403] insert into hs_office_sepamandate not allowed for current subjects % (%)',
currentSubjects(), currentSubjectsUuids(); currentSubjects(), currentSubjectsUuids();

2
src/main/resources/db/changelog/5-hs-office/511-coopshares/5113-hs-office-coopshares-rbac.sql
View File

@ -123,7 +123,7 @@ end; $$;
create trigger hs_office_coopsharestransaction_insert_permission_check_tg create trigger hs_office_coopsharestransaction_insert_permission_check_tg
before insert on hs_office_coopsharestransaction before insert on hs_office_coopsharestransaction
for each row for each row
when ( not hasInsertPermission(NEW.membershipUuid, 'INSERT', 'hs_office_coopsharestransaction') ) when ( not hasInsertPermission(NEW.membershipUuid, 'hs_office_coopsharestransaction') )
execute procedure hs_office_coopsharestransaction_insert_permission_missing_tf(); execute procedure hs_office_coopsharestransaction_insert_permission_missing_tf();
--// --//

2
src/main/resources/db/changelog/5-hs-office/512-coopassets/5123-hs-office-coopassets-rbac.sql
View File

@ -123,7 +123,7 @@ end; $$;
create trigger hs_office_coopassetstransaction_insert_permission_check_tg create trigger hs_office_coopassetstransaction_insert_permission_check_tg
before insert on hs_office_coopassetstransaction before insert on hs_office_coopassetstransaction
for each row for each row
when ( not hasInsertPermission(NEW.membershipUuid, 'INSERT', 'hs_office_coopassetstransaction') ) when ( not hasInsertPermission(NEW.membershipUuid, 'hs_office_coopassetstransaction') )
execute procedure hs_office_coopassetstransaction_insert_permission_missing_tf(); execute procedure hs_office_coopassetstransaction_insert_permission_missing_tf();
--// --//

2
src/main/resources/db/changelog/6-hs-booking/601-booking-item/6013-hs-booking-item-rbac.sql
View File

@ -164,7 +164,7 @@ begin
); );
assert superRoleObjectUuid is not null, 'superRoleObjectUuid must not be null'; assert superRoleObjectUuid is not null, 'superRoleObjectUuid must not be null';
if ( not hasInsertPermission(superRoleObjectUuid, 'INSERT', 'hs_booking_item') ) then if ( not hasInsertPermission(superRoleObjectUuid, 'hs_booking_item') ) then
raise exception raise exception
'[403] insert into hs_booking_item not allowed for current subjects % (%)', '[403] insert into hs_booking_item not allowed for current subjects % (%)',
currentSubjects(), currentSubjectsUuids(); currentSubjects(), currentSubjectsUuids();

2
src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7013-hs-hosting-asset-rbac.sql
View File

@ -203,7 +203,7 @@ create trigger hs_hosting_asset_insert_permission_check_tg
for each row for each row
when ( not ( when ( not (
hasInsertPermission(NEW.bookingItemUuid, 'INSERT', 'hs_hosting_asset') or hasInsertPermission(NEW.bookingItemUuid, 'hs_hosting_asset') or
NEW.type = 'MANAGED_SERVER' and hasInsertPermission(NEW.parentAssetUuid, 'INSERT', 'hs_hosting_asset') ) ) NEW.type = 'MANAGED_SERVER' and hasInsertPermission(NEW.parentAssetUuid, 'INSERT', 'hs_hosting_asset') ) )
execute procedure hs_hosting_asset_insert_permission_missing_tf(); execute procedure hs_hosting_asset_insert_permission_missing_tf();
--// --//