From 23b60641e38e9299eec49c1aa525bccc2148c2b3 Mon Sep 17 00:00:00 2001 From: Michael Hoennig Date: Wed, 18 Sep 2024 10:28:21 +0200 Subject: [PATCH] introduce-separate-database-schema-hs-office-and-amend-generators (#105) Co-authored-by: Michael Hoennig Reviewed-on: https://dev.hostsharing.net/hostsharing/hs.hsadmin.ng/pulls/105 Reviewed-by: Marc Sandlus --- doc/rbac-performance-analysis.md | 38 +++--- .../booking/item/HsBookingItemRbacEntity.java | 4 +- .../hs/booking/project/HsBookingProject.java | 8 +- .../project/HsBookingProjectRbacEntity.java | 6 +- .../asset/HsHostingAssetRbacEntity.java | 4 +- .../HsOfficeBankAccountEntity.java | 2 +- .../contact/HsOfficeContactRbacEntity.java | 2 +- .../contact/HsOfficeContactRealEntity.java | 2 +- .../HsOfficeCoopAssetsTransactionEntity.java | 2 +- .../HsOfficeCoopSharesTransactionEntity.java | 2 +- .../office/debitor/HsOfficeDebitorEntity.java | 20 +-- .../membership/HsOfficeMembershipEntity.java | 10 +- .../partner/HsOfficePartnerDetailsEntity.java | 8 +- .../office/partner/HsOfficePartnerEntity.java | 2 +- .../office/person/HsOfficePersonEntity.java | 2 +- .../relation/HsOfficeRelationRbacEntity.java | 8 +- .../HsOfficeRelationRbacRepository.java | 4 +- .../relation/HsOfficeRelationRealEntity.java | 2 +- .../HsOfficeRelationRealRepository.java | 4 +- .../HsOfficeSepaMandateEntity.java | 10 +- .../generator/InsertTriggerGenerator.java | 4 +- .../hsadminng/rbac/generator/RbacView.java | 12 +- .../RolesGrantsAndPermissionsGenerator.java | 73 ++++++----- .../db/changelog/1-rbac/1050-rbac-base.sql | 2 +- .../2013-rbactest-customer-rbac.sql | 12 +- .../2023-rbactest-package-rbac.sql | 22 ++-- .../2033-rbactest-domain-rbac.sql | 22 ++-- .../5-hs-office/500-hs-office-schema.sql | 8 ++ .../501-contact/5010-hs-office-contact.sql | 4 +- .../5013-hs-office-contact-rbac.sql | 36 +++--- .../5016-hs-office-contact-migration.sql | 26 ++-- .../5018-hs-office-contact-test-data.sql | 2 +- .../502-person/5020-hs-office-person.sql | 4 +- .../502-person/5023-hs-office-person-rbac.sql | 24 ++-- .../5028-hs-office-person-test-data.sql | 2 +- .../503-relation/5030-hs-office-relation.sql | 10 +- .../5033-hs-office-relation-rbac.sql | 120 +++++++++--------- .../5038-hs-office-relation-test-data.sql | 22 ++-- .../504-partner/5040-hs-office-partner.sql | 24 ++-- .../5043-hs-office-partner-rbac.sql | 96 +++++++------- .../5044-hs-office-partner-details-rbac.sql | 60 ++++----- .../5046-hs-office-partner-migration.sql | 26 ++-- .../5048-hs-office-partner-test-data.sql | 18 +-- .../5050-hs-office-bankaccount.sql | 4 +- .../5053-hs-office-bankaccount-rbac.sql | 24 ++-- .../5058-hs-office-bankaccount-test-data.sql | 2 +- .../506-debitor/5060-hs-office-debitor.sql | 20 +-- .../5063-hs-office-debitor-rbac.sql | 96 +++++++------- .../5068-hs-office-debitor-test-data.sql | 8 +- .../5070-hs-office-sepamandate.sql | 8 +- .../5073-hs-office-sepamandate-rbac.sql | 82 ++++++------ .../5076-hs-office-sepamandate-migration.sql | 26 ++-- .../5078-hs-office-sepamandate-test-data.sql | 16 +-- .../5100-hs-office-membership.sql | 6 +- .../5103-hs-office-membership-rbac.sql | 64 +++++----- .../5108-hs-office-membership-test-data.sql | 6 +- .../5110-hs-office-coopshares.sql | 18 +-- .../5113-hs-office-coopshares-rbac.sql | 66 +++++----- .../5116-hs-office-coopshares-migration.sql | 26 ++-- .../5118-hs-office-coopshares-test-data.sql | 8 +- .../5120-hs-office-coopassets.sql | 18 +-- .../5123-hs-office-coopassets-rbac.sql | 66 +++++----- .../5126-hs-office-coopassets-migration.sql | 26 ++-- .../5128-hs-office-coopassets-test-data.sql | 8 +- .../6100-hs-booking-debitor.sql | 8 +- .../6200-hs-booking-project.sql | 2 +- .../6203-hs-booking-project-rbac.sql | 60 ++++----- .../6208-hs-booking-project-test-data.sql | 10 +- .../6303-hs-booking-item-rbac.sql | 56 ++++---- .../7010-hs-hosting-asset.sql | 2 +- .../7013-hs-hosting-asset-rbac.sql | 44 +++---- .../7018-hs-hosting-asset-test-data.sql | 4 +- .../db/changelog/db.changelog-master.yaml | 2 + ...okingProjectRepositoryIntegrationTest.java | 4 +- .../hs/migration/BaseOfficeDataImport.java | 14 +- .../hsadminng/hs/migration/CsvDataImport.java | 38 +++--- ...eBankAccountRepositoryIntegrationTest.java | 28 ++-- ...eContactRbacRepositoryIntegrationTest.java | 30 ++--- ...tsTransactionControllerAcceptanceTest.java | 4 +- ...sTransactionRepositoryIntegrationTest.java | 32 ++--- ...esTransactionControllerAcceptanceTest.java | 4 +- ...sTransactionRepositoryIntegrationTest.java | 32 ++--- ...OfficeDebitorControllerAcceptanceTest.java | 4 +- ...fficeDebitorRepositoryIntegrationTest.java | 66 +++++----- ...iceMembershipControllerAcceptanceTest.java | 6 +- ...ceMembershipRepositoryIntegrationTest.java | 28 ++-- ...fficePartnerRepositoryIntegrationTest.java | 44 +++---- ...OfficePersonRepositoryIntegrationTest.java | 32 ++--- ...ficeRelationRepositoryIntegrationTest.java | 62 ++++----- ...eSepaMandateRepositoryIntegrationTest.java | 30 ++--- ...acGrantsDiagramServiceIntegrationTest.java | 4 +- 91 files changed, 1015 insertions(+), 1002 deletions(-) create mode 100644 src/main/resources/db/changelog/5-hs-office/500-hs-office-schema.sql diff --git a/doc/rbac-performance-analysis.md b/doc/rbac-performance-analysis.md index 6cfcdf47..a37f24db 100644 --- a/doc/rbac-performance-analysis.md +++ b/doc/rbac-performance-analysis.md @@ -206,14 +206,14 @@ Limit (cost=6549.08..6549.35 rows=54 width=16) ```SQL SELECT hore1_0.uuid,a1_0.uuid,a1_0.familyname,a1_0.givenname,a1_0.persontype,a1_0.salutation,a1_0.title,a1_0.tradename,a1_0.version,c1_0.uuid,c1_0.caption,c1_0.emailaddresses,c1_0.phonenumbers,c1_0.postaladdress,c1_0.version,h1_0.uuid,h1_0.familyname,h1_0.givenname,h1_0.persontype,h1_0.salutation,h1_0.title,h1_0.tradename,h1_0.version,hore1_0.mark,hore1_0.type,hore1_0.version - FROM hs_office_relation_rv hore1_0 - LEFT JOIN hs_office_person_rv a1_0 ON a1_0.uuid=hore1_0.anchoruuid - LEFT JOIN hs_office_contact_rv c1_0 ON c1_0.uuid=hore1_0.contactuuid - LEFT JOIN hs_office_person_rv h1_0 ON h1_0.uuid=hore1_0.holderuuid + FROM hs_office.relation_rv hore1_0 + LEFT JOIN hs_office.person_rv a1_0 ON a1_0.uuid=hore1_0.anchoruuid + LEFT JOIN hs_office.contact_rv c1_0 ON c1_0.uuid=hore1_0.contactuuid + LEFT JOIN hs_office.person_rv h1_0 ON h1_0.uuid=hore1_0.holderuuid WHERE hore1_0.uuid=$1 ``` -That query on the `hs_office_relation_rv`-table joins the three references anchor-person, holder-person and contact. +That query on the `hs_office.relation_rv`-table joins the three references anchor-person, holder-person and contact. ### Total-Query-Time > Total-Import-Runtime @@ -270,16 +270,16 @@ At this point, the import took 21mins with these statistics: | query | calls | total_m | mean_ms | |-------|-------|---------|---------| -| select hore1_0.uuid,a1_0.uuid,a1_0.familyname,a1_0.givenname,a1_0.persontype,a1_0.salutation,a1_0.title,a1_0.tradename,a1_0.version,c1_0.uuid,c1_0.caption,c1_0.emailaddresses,c1_0.phonenumbers,c1_0.postaladdress, c1_0.version,h1_0.uuid,h1_0.familyname,h1_0.givenname,h1_0.persontype,h1_0.salutation,h1_0.title,h1_0.tradename,h1_0.version,hore1_0.mark,hore1_0.type,hore1_0.version from public.hs_office_relation_rv hore1_0 left join public.hs_office_person_rv a1_0 on a1_0.uuid=hore1_0.anchoruuid left join public.hs_office_contact_rv c1_0 on c1_0.uuid=hore1_0.contactuuid left join public.hs_office_person_rv h1_0 on h1_0.uuid=hore1_0.holderuuid where hore1_0.uuid=$1 | 517 | 11 | 1282 | -| select hope1_0.uuid,hope1_0.familyname,hope1_0.givenname,hope1_0.persontype,hope1_0.salutation,hope1_0.title,hope1_0.tradename,hope1_0.version from public.hs_office_person_rv hope1_0 where hope1_0.uuid=$1 | 973 | 4 | 254 | -| select hoce1_0.uuid,hoce1_0.caption,hoce1_0.emailaddresses,hoce1_0.phonenumbers,hoce1_0.postaladdress,hoce1_0.version from public.hs_office_contact_rv hoce1_0 where hoce1_0.uuid=$1 | 973 | 4 | 253 | +| select hore1_0.uuid,a1_0.uuid,a1_0.familyname,a1_0.givenname,a1_0.persontype,a1_0.salutation,a1_0.title,a1_0.tradename,a1_0.version,c1_0.uuid,c1_0.caption,c1_0.emailaddresses,c1_0.phonenumbers,c1_0.postaladdress, c1_0.version,h1_0.uuid,h1_0.familyname,h1_0.givenname,h1_0.persontype,h1_0.salutation,h1_0.title,h1_0.tradename,h1_0.version,hore1_0.mark,hore1_0.type,hore1_0.version from public.hs_office.relation_rv hore1_0 left join public.hs_office.person_rv a1_0 on a1_0.uuid=hore1_0.anchoruuid left join public.hs_office.contact_rv c1_0 on c1_0.uuid=hore1_0.contactuuid left join public.hs_office.person_rv h1_0 on h1_0.uuid=hore1_0.holderuuid where hore1_0.uuid=$1 | 517 | 11 | 1282 | +| select hope1_0.uuid,hope1_0.familyname,hope1_0.givenname,hope1_0.persontype,hope1_0.salutation,hope1_0.title,hope1_0.tradename,hope1_0.version from public.hs_office.person_rv hope1_0 where hope1_0.uuid=$1 | 973 | 4 | 254 | +| select hoce1_0.uuid,hoce1_0.caption,hoce1_0.emailaddresses,hoce1_0.phonenumbers,hoce1_0.postaladdress,hoce1_0.version from public.hs_office.contact_rv hoce1_0 where hoce1_0.uuid=$1 | 973 | 4 | 253 | | call rbac.grantRoleToRole(roleUuid, superRoleUuid, superRoleDesc.assumed) | 31316 | 0 | 1 | | call buildRbacSystemForHsHostingAsset(NEW) | 2258 | 0 | 7 | | select * from rbac.isGranted(array[granteeId], grantedId) | 44613 | 0 | 0 | | insert into public.hs_hosting_asset_rv (alarmcontactuuid,assignedtoassetuuid,bookingitemuuid,caption,config,identifier,parentassetuuid,type,version,uuid) values ($1,$2,$3,$4,$5,$6,$7,$8,$9,$10) | 2207 | 0 | 7 | | insert into hs_hosting_asset (alarmcontactuuid, version, bookingitemuuid, type, parentassetuuid, assignedtoassetuuid, config, uuid, identifier, caption) values (new.alarmcontactuuid, new. version, new. bookingitemuuid, new. type, new. parentassetuuid, new. assignedtoassetuuid, new. config, new. uuid, new. identifier, new. caption) returning * | 2207 | 0 | 7 | -| insert into public.hs_office_relation_rv (anchoruuid,contactuuid,holderuuid,mark,type,version,uuid) values ($1,$2,$3,$4,$5,$6,$7) | 1261 | 0 | 9 | -| insert into hs_office_relation (uuid, version, anchoruuid, holderuuid, contactuuid, type, mark) values (new.uuid, new. version, new. anchoruuid, new. holderuuid, new. contactuuid, new. type, new. mark) returning * | 1261 | 0 | 9 | +| insert into public.hs_office.relation_rv (anchoruuid,contactuuid,holderuuid,mark,type,version,uuid) values ($1,$2,$3,$4,$5,$6,$7) | 1261 | 0 | 9 | +| insert into hs_office.relation (uuid, version, anchoruuid, holderuuid, contactuuid, type, mark) values (new.uuid, new. version, new. anchoruuid, new. holderuuid, new. contactuuid, new. type, new. mark) returning * | 1261 | 0 | 9 | | call buildRbacSystemForHsOfficeRelation(NEW) | 1276 | 0 | 8 | | with recursive grants as ( select descendantUuid, ascendantUuid from RbacGrants where descendantUuid = grantedId union all select ""grant"".descendantUuid, ""grant"".ascendantUuid from RbacGrants ""grant"" inner join grants recur on recur.ascendantUuid = ""grant"".descendantUuid ) select exists ( select $3 from grants where ascendantUuid = any(granteeIds) ) or grantedId = any(granteeIds) | 47540 | 0 | 0 | | insert into RbacGrants (grantedByTriggerOf, ascendantuuid, descendantUuid, assumed) values (currentTriggerObjectUuid(), superRoleId, subRoleId, doAssume) on conflict do nothing" | 40472 | 0 | 0 | @@ -294,17 +294,17 @@ We changed these mappings from `EAGER` (default) to `LAZY` to `@ManyToOne(fetch :::small | query | calls | total (min) | mean (ms) | |-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------|-------------|----------| -| select hope1_0.uuid,hope1_0.familyname,hope1_0.givenname,hope1_0.persontype,hope1_0.salutation,hope1_0.title,hope1_0.tradename,hope1_0.version from public.hs_office_person_rv hope1_0 where hope1_0.uuid=$1 | 1015 | 4 | 238 | -| select hore1_0.uuid,hore1_0.anchoruuid,hore1_0.contactuuid,hore1_0.holderuuid,hore1_0.mark,hore1_0.type,hore1_0.version from public.hs_office_relation_rv hore1_0 where hore1_0.uuid=$1 | 517 | 4 | 439 | -| select hoce1_0.uuid,hoce1_0.caption,hoce1_0.emailaddresses,hoce1_0.phonenumbers,hoce1_0.postaladdress,hoce1_0.version from public.hs_office_contact_rv hoce1_0 where hoce1_0.uuid=$1 | 497 | 2 | 213 | +| select hope1_0.uuid,hope1_0.familyname,hope1_0.givenname,hope1_0.persontype,hope1_0.salutation,hope1_0.title,hope1_0.tradename,hope1_0.version from public.hs_office.person_rv hope1_0 where hope1_0.uuid=$1 | 1015 | 4 | 238 | +| select hore1_0.uuid,hore1_0.anchoruuid,hore1_0.contactuuid,hore1_0.holderuuid,hore1_0.mark,hore1_0.type,hore1_0.version from public.hs_office.relation_rv hore1_0 where hore1_0.uuid=$1 | 517 | 4 | 439 | +| select hoce1_0.uuid,hoce1_0.caption,hoce1_0.emailaddresses,hoce1_0.phonenumbers,hoce1_0.postaladdress,hoce1_0.version from public.hs_office.contact_rv hoce1_0 where hoce1_0.uuid=$1 | 497 | 2 | 213 | | call rbac.grantRoleToRole(roleUuid, superRoleUuid, superRoleDesc.assumed) | 31316 | 0 | 1 | | select * from rbac.isGranted(array[granteeId], grantedId) | 44613 | 0 | 0 | | call buildRbacSystemForHsHostingAsset(NEW) | 2258 | 0 | 7 | | insert into public.hs_hosting_asset_rv (alarmcontactuuid,assignedtoassetuuid,bookingitemuuid,caption,config,identifier,parentassetuuid,type,version,uuid) values ($1,$2,$3,$4,$5,$6,$7,$8,$9,$10) | 2207 | 0 | 7 | | insert into hs_hosting_asset (alarmcontactuuid, version, bookingitemuuid, type, parentassetuuid, assignedtoassetuuid, config, uuid, identifier, caption) values (new.alarmcontactuuid, new. version, new. bookingitemuuid, new. type, new. parentassetuuid, new. assignedtoassetuuid, new. config, new. uuid, new. identifier, new. caption) returning * | 2207 | 0 | 7 | | with recursive grants as ( select descendantUuid, ascendantUuid from RbacGrants where descendantUuid = grantedId union all select ""grant"".descendantUuid, ""grant"".ascendantUuid from RbacGrants ""grant"" inner join grants recur on recur.ascendantUuid = ""grant"".descendantUuid ) select exists ( select $3 from grants where ascendantUuid = any(granteeIds) ) or grantedId = any(granteeIds) | 47538 | 0 | 0 | - insert into public.hs_office_relation_rv (anchoruuid,contactuuid,holderuuid,mark,type,version,uuid) values ($1,$2,$3,$4,$5,$6,$7) | 1261 | 0 | 8 | -| insert into hs_office_relation (uuid, version, anchoruuid, holderuuid, contactuuid, type, mark) values (new.uuid, new. version, new. anchoruuid, new. holderuuid, new. contactuuid, new. type, new. mark) returning * | 1261 | 0 | 8 | + insert into public.hs_office.relation_rv (anchoruuid,contactuuid,holderuuid,mark,type,version,uuid) values ($1,$2,$3,$4,$5,$6,$7) | 1261 | 0 | 8 | +| insert into hs_office.relation (uuid, version, anchoruuid, holderuuid, contactuuid, type, mark) values (new.uuid, new. version, new. anchoruuid, new. holderuuid, new. contactuuid, new. type, new. mark) returning * | 1261 | 0 | 8 | | call buildRbacSystemForHsOfficeRelation(NEW) | 1276 | 0 | 7 | | insert into public.hs_booking_item_rv (caption,parentitemuuid,projectuuid,resources,type,validity,version,uuid) values ($1,$2,$3,$4,$5,$6,$7,$8) | 926 | 0 | 7 | | insert into hs_booking_item (resources, version, projectuuid, type, parentitemuuid, validity, uuid, caption) values (new.resources, new. version, new. projectuuid, new. type, new. parentitemuuid, new. validity, new. uuid, new. caption) returning * | 926 | 0 | 7 | @@ -331,13 +331,13 @@ Now, the longest running queries are these: | No.| calls | total_m | mean_ms | query | |---:|---------|--------:|--------:|:-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | 1 | 13.093 | 4 | 21 | insert into hs_hosting_asset( uuid, type, bookingitemuuid, parentassetuuid, assignedtoassetuuid, alarmcontactuuid, identifier, caption, config, version) values ( $1, $2, $3, $4, $5, $6, $7, $8, cast($9 as jsonb), $10) | -| 2 | 517 | 4 | 502 | select hore1_0.uuid,hore1_0.anchoruuid,hore1_0.contactuuid,hore1_0.holderuuid,hore1_0.mark,hore1_0.type,hore1_0.version from public.hs_office_relation_rv hore1_0 where hore1_0.uuid=$1 | +| 2 | 517 | 4 | 502 | select hore1_0.uuid,hore1_0.anchoruuid,hore1_0.contactuuid,hore1_0.holderuuid,hore1_0.mark,hore1_0.type,hore1_0.version from public.hs_office.relation_rv hore1_0 where hore1_0.uuid=$1 | | 3 | 13.144 | 4 | 21 | call buildRbacSystemForHsHostingAsset(NEW) | | 4 | 96.632 | 3 | 2 | call rbac.grantRoleToRole(roleUuid, superRoleUuid, superRoleDesc.assumed) | | 5 | 120.815 | 3 | 2 | select * from rbac.isGranted(array[granteeId], grantedId) | | 6 | 123.740 | 3 | 2 | with recursive grants as ( select descendantUuid, ascendantUuid from RbacGrants where descendantUuid = grantedId union all select "grant".descendantUuid, "grant".ascendantUuid from RbacGrants "grant" inner join grants recur on recur.ascendantUuid = "grant".descendantUuid ) select exists ( select $3 from grants where ascendantUuid = any(granteeIds) ) or grantedId = any(granteeIds) | -| 7 | 497 | 2 | 259 | select hoce1_0.uuid,hoce1_0.caption,hoce1_0.emailaddresses,hoce1_0.phonenumbers,hoce1_0.postaladdress,hoce1_0.version from public.hs_office_contact_rv hoce1_0 where hoce1_0.uuid=$1 | -| 8 | 497 | 2 | 255 | select hope1_0.uuid,hope1_0.familyname,hope1_0.givenname,hope1_0.persontype,hope1_0.salutation,hope1_0.title,hope1_0.tradename,hope1_0.version from public.hs_office_person_rv hope1_0 where hope1_0.uuid=$1 | +| 7 | 497 | 2 | 259 | select hoce1_0.uuid,hoce1_0.caption,hoce1_0.emailaddresses,hoce1_0.phonenumbers,hoce1_0.postaladdress,hoce1_0.version from public.hs_office.contact_rv hoce1_0 where hoce1_0.uuid=$1 | +| 8 | 497 | 2 | 255 | select hope1_0.uuid,hope1_0.familyname,hope1_0.givenname,hope1_0.persontype,hope1_0.salutation,hope1_0.title,hope1_0.tradename,hope1_0.version from public.hs_office.person_rv hope1_0 where hope1_0.uuid=$1 | | 9 | 13.144 | 1 | 8 | SELECT createRoleWithGrants( hsHostingAssetTENANT(NEW), permissions => array[$7], incomingSuperRoles => array[ hsHostingAssetAGENT(NEW), hsOfficeContactADMIN(newAlarmContact)], outgoingSubRoles => array[ hsBookingItemTENANT(newBookingItem), hsHostingAssetTENANT(newParentAsset)] ) | | 10 | 13.144 | 1 | 5 | SELECT createRoleWithGrants( hsHostingAssetADMIN(NEW), permissions => array[$7], incomingSuperRoles => array[ hsBookingItemAGENT(newBookingItem), hsHostingAssetAGENT(newParentAsset), hsHostingAssetOWNER(NEW)] ) | @@ -345,7 +345,7 @@ That the `INSERT into hs_hosting_asset` (No. 1) takes up the most time, seems to It seems that the trigger effects (eg. No. 3 and No. 4) are included in the measure for the causing INSERT, otherwise summing up the totals would exceed the actual total time of the whole import. And it was to be expected that building the RBAC rules for new business objects takes most of the time. -In production, the `SELECT ... FROM hs_office_relation_rv` (No. 2) with about 0.5 seconds could still be a problem. But once we apply the improvements from the hosting asset area also to the office area, this should not be a problem for the import anymore. +In production, the `SELECT ... FROM hs_office.relation_rv` (No. 2) with about 0.5 seconds could still be a problem. But once we apply the improvements from the hosting asset area also to the office area, this should not be a problem for the import anymore. ## Further Options To Explore diff --git a/src/main/java/net/hostsharing/hsadminng/hs/booking/item/HsBookingItemRbacEntity.java b/src/main/java/net/hostsharing/hsadminng/hs/booking/item/HsBookingItemRbacEntity.java index b4f40cb2..250b65ef 100644 --- a/src/main/java/net/hostsharing/hsadminng/hs/booking/item/HsBookingItemRbacEntity.java +++ b/src/main/java/net/hostsharing/hsadminng/hs/booking/item/HsBookingItemRbacEntity.java @@ -4,7 +4,7 @@ import lombok.Getter; import lombok.NoArgsConstructor; import lombok.Setter; import lombok.experimental.SuperBuilder; -import net.hostsharing.hsadminng.hs.booking.project.HsBookingProject; +import net.hostsharing.hsadminng.hs.booking.project.HsBookingProjectRbacEntity; import net.hostsharing.hsadminng.rbac.generator.RbacView; import net.hostsharing.hsadminng.rbac.generator.RbacView.SQL; @@ -49,7 +49,7 @@ public class HsBookingItemRbacEntity extends HsBookingItem { .toRole(GLOBAL, ADMIN).grantPermission(INSERT) // TODO.impl: Why is this necessary to insert test data? .toRole(GLOBAL, ADMIN).grantPermission(DELETE) - .importEntityAlias("project", HsBookingProject.class, usingDefaultCase(), + .importEntityAlias("project", HsBookingProjectRbacEntity.class, usingDefaultCase(), dependsOnColumn("projectUuid"), directlyFetchedByDependsOnColumn(), NULLABLE) diff --git a/src/main/java/net/hostsharing/hsadminng/hs/booking/project/HsBookingProject.java b/src/main/java/net/hostsharing/hsadminng/hs/booking/project/HsBookingProject.java index 935051fe..ae997f07 100644 --- a/src/main/java/net/hostsharing/hsadminng/hs/booking/project/HsBookingProject.java +++ b/src/main/java/net/hostsharing/hsadminng/hs/booking/project/HsBookingProject.java @@ -68,11 +68,11 @@ public abstract class HsBookingProject implements Stringifyable, BaseEntity, value = """ ( SELECT DISTINCT partner.uuid - FROM hs_office_partner_rv partner - JOIN hs_office_relation_rv dRel + FROM hs_office.partner_rv partner + JOIN hs_office.relation_rv dRel ON dRel.uuid = debitorreluuid AND dRel.type = 'DEBITOR' - JOIN hs_office_relation_rv pRel + JOIN hs_office.relation_rv pRel ON pRel.uuid = partner.partnerRelUuid AND pRel.type = 'PARTNER' WHERE pRel.holderUuid = dRel.anchorUuid ) @@ -170,14 +170,14 @@ public class HsOfficeDebitorEntity implements BaseEntity, .withIdentityView(SQL.query(""" SELECT debitor.uuid AS uuid, 'D-' || (SELECT partner.partnerNumber - FROM hs_office_partner partner - JOIN hs_office_relation partnerRel + FROM hs_office.partner partner + JOIN hs_office.relation partnerRel ON partnerRel.uuid = partner.partnerRelUUid AND partnerRel.type = 'PARTNER' - JOIN hs_office_relation debitorRel + JOIN hs_office.relation debitorRel ON debitorRel.anchorUuid = partnerRel.holderUuid AND debitorRel.type = 'DEBITOR' WHERE debitorRel.uuid = debitor.debitorRelUuid) || debitorNumberSuffix as idName - FROM hs_office_debitor AS debitor + FROM hs_office.debitor AS debitor """)) .withRestrictedViewOrderBy(SQL.projection("defaultPrefix")) .withUpdatableColumns( @@ -209,8 +209,8 @@ public class HsOfficeDebitorEntity implements BaseEntity, dependsOnColumn("debitorRelUuid"), fetchedBySql(""" SELECT ${columns} - FROM hs_office_relation AS partnerRel - JOIN hs_office_relation AS debitorRel + FROM hs_office.relation AS partnerRel + JOIN hs_office.relation AS debitorRel ON debitorRel.type = 'DEBITOR' AND debitorRel.anchorUuid = partnerRel.holderUuid WHERE partnerRel.type = 'PARTNER' AND ${REF}.debitorRelUuid = debitorRel.uuid diff --git a/src/main/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipEntity.java b/src/main/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipEntity.java index dae389f8..b8c238c1 100644 --- a/src/main/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipEntity.java +++ b/src/main/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipEntity.java @@ -56,7 +56,7 @@ import static net.hostsharing.hsadminng.rbac.generator.RbacView.rbacViewFor; import static net.hostsharing.hsadminng.stringify.Stringify.stringify; @Entity -@Table(name = "hs_office_membership_rv") +@Table(schema = "hs_office", name = "membership_rv") @Getter @Setter @Builder @@ -160,8 +160,8 @@ public class HsOfficeMembershipEntity implements BaseEntity findRelationRelatedToPersonUuid(@NotNull UUID personUuid); @Query(value = """ - SELECT p.* FROM hs_office_relation_rv AS p + SELECT p.* FROM hs_office.relation_rv AS p WHERE (:relationType IS NULL OR p.type = cast(:relationType AS HsOfficeRelationType)) AND ( p.anchorUuid = :personUuid OR p.holderUuid = :personUuid) """, nativeQuery = true) diff --git a/src/main/java/net/hostsharing/hsadminng/hs/office/relation/HsOfficeRelationRealEntity.java b/src/main/java/net/hostsharing/hsadminng/hs/office/relation/HsOfficeRelationRealEntity.java index 3c6c71a9..0c7c3e4d 100644 --- a/src/main/java/net/hostsharing/hsadminng/hs/office/relation/HsOfficeRelationRealEntity.java +++ b/src/main/java/net/hostsharing/hsadminng/hs/office/relation/HsOfficeRelationRealEntity.java @@ -11,7 +11,7 @@ import jakarta.persistence.Table; @Entity -@Table(name = "hs_office_relation") +@Table(schema = "hs_office", name = "relation") @NoArgsConstructor @Getter @Setter diff --git a/src/main/java/net/hostsharing/hsadminng/hs/office/relation/HsOfficeRelationRealRepository.java b/src/main/java/net/hostsharing/hsadminng/hs/office/relation/HsOfficeRelationRealRepository.java index 6a24ad02..220ea6f4 100644 --- a/src/main/java/net/hostsharing/hsadminng/hs/office/relation/HsOfficeRelationRealRepository.java +++ b/src/main/java/net/hostsharing/hsadminng/hs/office/relation/HsOfficeRelationRealRepository.java @@ -17,13 +17,13 @@ public interface HsOfficeRelationRealRepository extends Repository findRelationRelatedToPersonUuid(@NotNull UUID personUuid); @Query(value = """ - SELECT p.* FROM hs_office_relation AS p + SELECT p.* FROM hs_office.relation AS p WHERE (:relationType IS NULL OR p.type = cast(:relationType AS HsOfficeRelationType)) AND ( p.anchorUuid = :personUuid OR p.holderUuid = :personUuid) """, nativeQuery = true) diff --git a/src/main/java/net/hostsharing/hsadminng/hs/office/sepamandate/HsOfficeSepaMandateEntity.java b/src/main/java/net/hostsharing/hsadminng/hs/office/sepamandate/HsOfficeSepaMandateEntity.java index e984ce3b..bd91c44d 100644 --- a/src/main/java/net/hostsharing/hsadminng/hs/office/sepamandate/HsOfficeSepaMandateEntity.java +++ b/src/main/java/net/hostsharing/hsadminng/hs/office/sepamandate/HsOfficeSepaMandateEntity.java @@ -33,7 +33,7 @@ import static net.hostsharing.hsadminng.rbac.generator.RbacView.rbacViewFor; import static net.hostsharing.hsadminng.stringify.Stringify.stringify; @Entity -@Table(name = "hs_office_sepamandate_rv") +@Table(schema = "hs_office", name = "sepamandate_rv") @Getter @Setter @Builder @@ -104,8 +104,8 @@ public class HsOfficeSepaMandateEntity implements Stringifyable, BaseEntity hsof.coopsharetx + // maybe we should shorten the table name e.g. hs_office.coopsharestransaction -> hsof.coopsharetx // this is just a workaround: return getRawTableName() - .replace("hs_office_", "hsof_") + .replace("hs_office.", "hsof.") .replace("hs_booking_", "hsbk_") .replace("hs_hosting_", "hsho_") .replace("coopsharestransaction", "coopsharetx") @@ -1274,13 +1273,14 @@ public class RbacView { public static Set> findRbacEntityClasses(String packageName) { final var reflections = new Reflections(packageName, TypeAnnotationsScanner.class); - return reflections.getTypesAnnotatedWith(Entity.class).stream() - .filter(c -> stream(c.getInterfaces()).anyMatch(i -> i== BaseEntity.class)) + final Set> rbacEntityClasses = reflections.getTypesAnnotatedWith(Entity.class).stream() + .filter(BaseEntity.class::isAssignableFrom) .filter(c -> stream(c.getDeclaredMethods()) - .anyMatch(m -> m.getName().equals("rbac") && Modifier.isStatic(m.getModifiers())) + .anyMatch(m -> m.getName().equals("rbac") && isStatic(m.getModifiers())) ) .map(RbacView::castToSubclassOfBaseEntity) .collect(Collectors.toSet()); + return rbacEntityClasses; } @SuppressWarnings("unchecked") diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/generator/RolesGrantsAndPermissionsGenerator.java b/src/main/java/net/hostsharing/hsadminng/rbac/generator/RolesGrantsAndPermissionsGenerator.java index d183b181..22a9b9d3 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/generator/RolesGrantsAndPermissionsGenerator.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/generator/RolesGrantsAndPermissionsGenerator.java @@ -29,7 +29,7 @@ class RolesGrantsAndPermissionsGenerator { private final String liquibaseTagPrefix; private final String simpleEntityName; private final String simpleEntityVarName; - private final String rawTableName; + private final String qualifiedRawTableName; RolesGrantsAndPermissionsGenerator(final RbacView rbacDef, final String liquibaseTagPrefix) { this.rbacDef = rbacDef; @@ -40,7 +40,7 @@ class RolesGrantsAndPermissionsGenerator { simpleEntityVarName = rbacDef.getRootEntityAlias().simpleName(); simpleEntityName = capitalize(simpleEntityVarName); - rawTableName = rbacDef.getRootEntityAlias().getRawTableNameWithSchema(); + qualifiedRawTableName = rbacDef.getRootEntityAlias().getRawTableNameWithSchema(); } void generateTo(final StringWriter plPgSql) { @@ -66,13 +66,12 @@ class RolesGrantsAndPermissionsGenerator { Creates the roles, grants and permission for the AFTER INSERT TRIGGER. */ - create or replace procedure buildRbacSystemFor${simpleEntityName}( - NEW ${rawTableName} + create or replace procedure ${rawTableQualifiedName}_build_rbac_system( + NEW ${rawTableQualifiedName} ) language plpgsql as $$ """ - .replace("${simpleEntityName}", simpleEntityName) - .replace("${rawTableName}", rawTableName)); + .replace("${rawTableQualifiedName}", qualifiedRawTableName)); plPgSql.writeLn("declare"); plPgSql.indented(() -> { @@ -106,21 +105,21 @@ class RolesGrantsAndPermissionsGenerator { Called from the AFTER UPDATE TRIGGER to re-wire the grants. */ - create or replace procedure updateRbacRulesFor${simpleEntityName}( - OLD ${rawTableName}, - NEW ${rawTableName} + create or replace procedure ${rawTableQualifiedName}_update_rbac_system( + OLD ${rawTableQualifiedName}, + NEW ${rawTableQualifiedName} ) language plpgsql as $$ begin if ${updateConditions} then delete from rbac.grants g where g.grantedbytriggerof = OLD.uuid; - call buildRbacSystemFor${simpleEntityName}(NEW); + call ${rawTableQualifiedName}_build_rbac_system(NEW); end if; end; $$; """, with("simpleEntityName", simpleEntityName), - with("rawTableName", rawTableName), + with("rawTableQualifiedName", qualifiedRawTableName), with("updateConditions", updateConditions)); } @@ -130,16 +129,15 @@ class RolesGrantsAndPermissionsGenerator { Called from the AFTER UPDATE TRIGGER to re-wire the grants. */ - create or replace procedure updateRbacRulesFor${simpleEntityName}( - OLD ${rawTableName}, - NEW ${rawTableName} + create or replace procedure ${rawTableQualifiedName}_update_rbac_system( + OLD ${rawTableQualifiedName}, + NEW ${rawTableQualifiedName} ) language plpgsql as $$ declare - """ - .replace("${simpleEntityName}", simpleEntityName) - .replace("${rawTableName}", rawTableName)); + """, + with("rawTableQualifiedName", qualifiedRawTableName)); plPgSql.chopEmptyLines(); plPgSql.indented(() -> { @@ -514,25 +512,25 @@ class RolesGrantsAndPermissionsGenerator { plPgSql.writeLn(""" /* - AFTER INSERT TRIGGER to create the role+grant structure for a new ${rawTableName} row. + AFTER INSERT TRIGGER to create the role+grant structure for a new ${rawTableQualifiedName} row. */ - create or replace function insertTriggerFor${simpleEntityName}_tf() + create or replace function ${rawTableQualifiedName}_build_rbac_system_after_insert_tf() returns trigger language plpgsql strict as $$ begin - call buildRbacSystemFor${simpleEntityName}(NEW); + call ${rawTableQualifiedName}_build_rbac_system(NEW); return NEW; end; $$; - create trigger insertTriggerFor${simpleEntityName}_tg - after insert on ${rawTableName} + create trigger build_rbac_system_after_insert_tg + after insert on ${rawTableQualifiedName} for each row - execute procedure insertTriggerFor${simpleEntityName}_tf(); + execute procedure ${rawTableQualifiedName}_build_rbac_system_after_insert_tf(); """ - .replace("${simpleEntityName}", simpleEntityName) - .replace("${rawTableName}", rawTableName) + .replace("${schemaPrefix}", schemaPrefix(qualifiedRawTableName)) + .replace("${rawTableQualifiedName}", qualifiedRawTableName) ); generateFooter(plPgSql); @@ -549,30 +547,35 @@ class RolesGrantsAndPermissionsGenerator { plPgSql.writeLn(""" /* - AFTER INSERT TRIGGER to re-wire the grant structure for a new ${rawTableName} row. + AFTER UPDATE TRIGGER to re-wire the grant structure for a new ${rawTableQualifiedName} row. */ - - create or replace function updateTriggerFor${simpleEntityName}_tf() + + create or replace function ${rawTableQualifiedName}_update_rbac_system_after_update_tf() returns trigger language plpgsql strict as $$ begin - call updateRbacRulesFor${simpleEntityName}(OLD, NEW); + call ${rawTableQualifiedName}_update_rbac_system(OLD, NEW); return NEW; end; $$; - - create trigger updateTriggerFor${simpleEntityName}_tg - after update on ${rawTableName} + + create trigger update_rbac_system_after_update_tg + after update on ${rawTableQualifiedName} for each row - execute procedure updateTriggerFor${simpleEntityName}_tf(); + execute procedure ${rawTableQualifiedName}_update_rbac_system_after_update_tf(); """ - .replace("${simpleEntityName}", simpleEntityName) - .replace("${rawTableName}", rawTableName) + .replace("${rawTableQualifiedName}", qualifiedRawTableName) ); generateFooter(plPgSql); } + private String schemaPrefix(final String qualifiedIdentifier) { + return qualifiedIdentifier.contains(".") + ? qualifiedIdentifier.split("\\.")[0] + "." + : ""; + } + private static void generateFooter(final StringWriter plPgSql) { plPgSql.writeLn("--//"); plPgSql.writeLn(); diff --git a/src/main/resources/db/changelog/1-rbac/1050-rbac-base.sql b/src/main/resources/db/changelog/1-rbac/1050-rbac-base.sql index b2e73ca1..6a403e08 100644 --- a/src/main/resources/db/changelog/1-rbac/1050-rbac-base.sql +++ b/src/main/resources/db/changelog/1-rbac/1050-rbac-base.sql @@ -384,7 +384,7 @@ create index on rbac.permission (objectUuid, op); create index on rbac.permission (opTableName, op); ALTER TABLE rbac.permission - ADD CONSTRAINT RbacPermission_uc UNIQUE NULLS NOT DISTINCT (objectUuid, op, opTableName); + ADD CONSTRAINT unique_including_null_values UNIQUE NULLS NOT DISTINCT (objectUuid, op, opTableName); call base.create_journal('rbac.permission'); diff --git a/src/main/resources/db/changelog/2-rbactest/201-rbactest-customer/2013-rbactest-customer-rbac.sql b/src/main/resources/db/changelog/2-rbactest/201-rbactest-customer/2013-rbactest-customer-rbac.sql index 35f64f4a..d7104eff 100644 --- a/src/main/resources/db/changelog/2-rbactest/201-rbactest-customer/2013-rbactest-customer-rbac.sql +++ b/src/main/resources/db/changelog/2-rbactest/201-rbactest-customer/2013-rbactest-customer-rbac.sql @@ -24,7 +24,7 @@ call rbac.generateRbacRoleDescriptors('testCustomer', 'rbactest.customer'); Creates the roles, grants and permission for the AFTER INSERT TRIGGER. */ -create or replace procedure buildRbacSystemForTestCustomer( +create or replace procedure rbactest.customer_build_rbac_system( NEW rbactest.customer ) language plpgsql as $$ @@ -60,19 +60,19 @@ end; $$; AFTER INSERT TRIGGER to create the role+grant structure for a new rbactest.customer row. */ -create or replace function insertTriggerForTestCustomer_tf() +create or replace function rbactest.customer_build_rbac_system_after_insert_tf() returns trigger language plpgsql strict as $$ begin - call buildRbacSystemForTestCustomer(NEW); + call rbactest.customer_build_rbac_system(NEW); return NEW; end; $$; -create trigger insertTriggerForTestCustomer_tg +create trigger build_rbac_system_after_insert_tg after insert on rbactest.customer for each row -execute procedure insertTriggerForTestCustomer_tf(); +execute procedure rbactest.customer_build_rbac_system_after_insert_tf(); --// @@ -137,7 +137,7 @@ create or replace function rbactest.customer_insert_permission_check_tf() declare superObjectUuid uuid; begin - -- check INSERT INSERT if rbac.global ADMIN + -- check INSERT permission if rbac.global ADMIN if rbac.isGlobalAdmin() then return NEW; end if; diff --git a/src/main/resources/db/changelog/2-rbactest/202-rbactest-package/2023-rbactest-package-rbac.sql b/src/main/resources/db/changelog/2-rbactest/202-rbactest-package/2023-rbactest-package-rbac.sql index 6fff59c6..91dd207b 100644 --- a/src/main/resources/db/changelog/2-rbactest/202-rbactest-package/2023-rbactest-package-rbac.sql +++ b/src/main/resources/db/changelog/2-rbactest/202-rbactest-package/2023-rbactest-package-rbac.sql @@ -24,7 +24,7 @@ call rbac.generateRbacRoleDescriptors('testPackage', 'rbactest.package'); Creates the roles, grants and permission for the AFTER INSERT TRIGGER. */ -create or replace procedure buildRbacSystemForTestPackage( +create or replace procedure rbactest.package_build_rbac_system( NEW rbactest.package ) language plpgsql as $$ @@ -64,19 +64,19 @@ end; $$; AFTER INSERT TRIGGER to create the role+grant structure for a new rbactest.package row. */ -create or replace function insertTriggerForTestPackage_tf() +create or replace function rbactest.package_build_rbac_system_after_insert_tf() returns trigger language plpgsql strict as $$ begin - call buildRbacSystemForTestPackage(NEW); + call rbactest.package_build_rbac_system(NEW); return NEW; end; $$; -create trigger insertTriggerForTestPackage_tg +create trigger build_rbac_system_after_insert_tg after insert on rbactest.package for each row -execute procedure insertTriggerForTestPackage_tf(); +execute procedure rbactest.package_build_rbac_system_after_insert_tf(); --// @@ -88,7 +88,7 @@ execute procedure insertTriggerForTestPackage_tf(); Called from the AFTER UPDATE TRIGGER to re-wire the grants. */ -create or replace procedure updateRbacRulesForTestPackage( +create or replace procedure rbactest.package_update_rbac_system( OLD rbactest.package, NEW rbactest.package ) @@ -122,22 +122,22 @@ begin end; $$; /* - AFTER INSERT TRIGGER to re-wire the grant structure for a new rbactest.package row. + AFTER UPDATE TRIGGER to re-wire the grant structure for a new rbactest.package row. */ -create or replace function updateTriggerForTestPackage_tf() +create or replace function rbactest.package_update_rbac_system_after_update_tf() returns trigger language plpgsql strict as $$ begin - call updateRbacRulesForTestPackage(OLD, NEW); + call rbactest.package_update_rbac_system(OLD, NEW); return NEW; end; $$; -create trigger updateTriggerForTestPackage_tg +create trigger update_rbac_system_after_update_tg after update on rbactest.package for each row -execute procedure updateTriggerForTestPackage_tf(); +execute procedure rbactest.package_update_rbac_system_after_update_tf(); --// diff --git a/src/main/resources/db/changelog/2-rbactest/203-rbactest-domain/2033-rbactest-domain-rbac.sql b/src/main/resources/db/changelog/2-rbactest/203-rbactest-domain/2033-rbactest-domain-rbac.sql index 69534c50..b20d12d6 100644 --- a/src/main/resources/db/changelog/2-rbactest/203-rbactest-domain/2033-rbactest-domain-rbac.sql +++ b/src/main/resources/db/changelog/2-rbactest/203-rbactest-domain/2033-rbactest-domain-rbac.sql @@ -24,7 +24,7 @@ call rbac.generateRbacRoleDescriptors('testDomain', 'rbactest.domain'); Creates the roles, grants and permission for the AFTER INSERT TRIGGER. */ -create or replace procedure buildRbacSystemForTestDomain( +create or replace procedure rbactest.domain_build_rbac_system( NEW rbactest.domain ) language plpgsql as $$ @@ -60,19 +60,19 @@ end; $$; AFTER INSERT TRIGGER to create the role+grant structure for a new rbactest.domain row. */ -create or replace function insertTriggerForTestDomain_tf() +create or replace function rbactest.domain_build_rbac_system_after_insert_tf() returns trigger language plpgsql strict as $$ begin - call buildRbacSystemForTestDomain(NEW); + call rbactest.domain_build_rbac_system(NEW); return NEW; end; $$; -create trigger insertTriggerForTestDomain_tg +create trigger build_rbac_system_after_insert_tg after insert on rbactest.domain for each row -execute procedure insertTriggerForTestDomain_tf(); +execute procedure rbactest.domain_build_rbac_system_after_insert_tf(); --// @@ -84,7 +84,7 @@ execute procedure insertTriggerForTestDomain_tf(); Called from the AFTER UPDATE TRIGGER to re-wire the grants. */ -create or replace procedure updateRbacRulesForTestDomain( +create or replace procedure rbactest.domain_update_rbac_system( OLD rbactest.domain, NEW rbactest.domain ) @@ -121,22 +121,22 @@ begin end; $$; /* - AFTER INSERT TRIGGER to re-wire the grant structure for a new rbactest.domain row. + AFTER UPDATE TRIGGER to re-wire the grant structure for a new rbactest.domain row. */ -create or replace function updateTriggerForTestDomain_tf() +create or replace function rbactest.domain_update_rbac_system_after_update_tf() returns trigger language plpgsql strict as $$ begin - call updateRbacRulesForTestDomain(OLD, NEW); + call rbactest.domain_update_rbac_system(OLD, NEW); return NEW; end; $$; -create trigger updateTriggerForTestDomain_tg +create trigger update_rbac_system_after_update_tg after update on rbactest.domain for each row -execute procedure updateTriggerForTestDomain_tf(); +execute procedure rbactest.domain_update_rbac_system_after_update_tf(); --// diff --git a/src/main/resources/db/changelog/5-hs-office/500-hs-office-schema.sql b/src/main/resources/db/changelog/5-hs-office/500-hs-office-schema.sql new file mode 100644 index 00000000..80e09179 --- /dev/null +++ b/src/main/resources/db/changelog/5-hs-office/500-hs-office-schema.sql @@ -0,0 +1,8 @@ +--liquibase formatted sql + + +-- ============================================================================ +--changeset michael.hoennig:hs-office-SCHEMA endDelimiter:--// +-- ---------------------------------------------------------------------------- +CREATE SCHEMA hs_office; +--// diff --git a/src/main/resources/db/changelog/5-hs-office/501-contact/5010-hs-office-contact.sql b/src/main/resources/db/changelog/5-hs-office/501-contact/5010-hs-office-contact.sql index 305d80d1..eeb33f4d 100644 --- a/src/main/resources/db/changelog/5-hs-office/501-contact/5010-hs-office-contact.sql +++ b/src/main/resources/db/changelog/5-hs-office/501-contact/5010-hs-office-contact.sql @@ -4,7 +4,7 @@ --changeset michael.hoennig:hs-office-contact-MAIN-TABLE endDelimiter:--// -- ---------------------------------------------------------------------------- -create table if not exists hs_office_contact +create table if not exists hs_office.contact ( uuid uuid unique references rbac.object (uuid) initially deferred, version int not null default 0, @@ -20,5 +20,5 @@ create table if not exists hs_office_contact --changeset michael.hoennig:hs-office-contact-MAIN-TABLE-JOURNAL endDelimiter:--// -- ---------------------------------------------------------------------------- -call base.create_journal('hs_office_contact'); +call base.create_journal('hs_office.contact'); --// diff --git a/src/main/resources/db/changelog/5-hs-office/501-contact/5013-hs-office-contact-rbac.sql b/src/main/resources/db/changelog/5-hs-office/501-contact/5013-hs-office-contact-rbac.sql index eb83c6e7..39976f0e 100644 --- a/src/main/resources/db/changelog/5-hs-office/501-contact/5013-hs-office-contact-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/501-contact/5013-hs-office-contact-rbac.sql @@ -3,29 +3,29 @@ -- ============================================================================ ---changeset michael.hoennig:hs-office-contact-rbac-OBJECT endDelimiter:--// +--changeset RbacObjectGenerator:hs-office-contact-rbac-OBJECT endDelimiter:--// -- ---------------------------------------------------------------------------- -call rbac.generateRelatedRbacObject('hs_office_contact'); +call rbac.generateRelatedRbacObject('hs_office.contact'); --// -- ============================================================================ ---changeset michael.hoennig:hs-office-contact-rbac-ROLE-DESCRIPTORS endDelimiter:--// +--changeset RbacRoleDescriptorsGenerator:hs-office-contact-rbac-ROLE-DESCRIPTORS endDelimiter:--// -- ---------------------------------------------------------------------------- -call rbac.generateRbacRoleDescriptors('hsOfficeContact', 'hs_office_contact'); +call rbac.generateRbacRoleDescriptors('hsOfficeContact', 'hs_office.contact'); --// -- ============================================================================ ---changeset michael.hoennig:hs-office-contact-rbac-insert-trigger endDelimiter:--// +--changeset RolesGrantsAndPermissionsGenerator:hs-office-contact-rbac-insert-trigger endDelimiter:--// -- ---------------------------------------------------------------------------- /* Creates the roles, grants and permission for the AFTER INSERT TRIGGER. */ -create or replace procedure buildRbacSystemForHsOfficeContact( - NEW hs_office_contact +create or replace procedure hs_office.contact_build_rbac_system( + NEW hs_office.contact ) language plpgsql as $$ @@ -37,7 +37,7 @@ begin perform rbac.defineRoleWithGrants( hsOfficeContactOWNER(NEW), permissions => array['DELETE'], - incomingSuperRoles => array[rbac.globalAdmin()], + incomingSuperRoles => array[rbac.globalADMIN()], subjectUuids => array[rbac.currentSubjectUuid()] ); @@ -57,30 +57,30 @@ begin end; $$; /* - AFTER INSERT TRIGGER to create the role+grant structure for a new hs_office_contact row. + AFTER INSERT TRIGGER to create the role+grant structure for a new hs_office.contact row. */ -create or replace function insertTriggerForHsOfficeContact_tf() +create or replace function hs_office.contact_build_rbac_system_after_insert_tf() returns trigger language plpgsql strict as $$ begin - call buildRbacSystemForHsOfficeContact(NEW); + call hs_office.contact_build_rbac_system(NEW); return NEW; end; $$; -create trigger insertTriggerForHsOfficeContact_tg - after insert on hs_office_contact +create trigger build_rbac_system_after_insert_tg + after insert on hs_office.contact for each row -execute procedure insertTriggerForHsOfficeContact_tf(); +execute procedure hs_office.contact_build_rbac_system_after_insert_tf(); --// -- ============================================================================ ---changeset michael.hoennig:hs-office-contact-rbac-IDENTITY-VIEW endDelimiter:--// +--changeset RbacIdentityViewGenerator:hs-office-contact-rbac-IDENTITY-VIEW endDelimiter:--// -- ---------------------------------------------------------------------------- -call rbac.generateRbacIdentityViewFromProjection('hs_office_contact', +call rbac.generateRbacIdentityViewFromProjection('hs_office.contact', $idName$ caption $idName$); @@ -88,9 +88,9 @@ call rbac.generateRbacIdentityViewFromProjection('hs_office_contact', -- ============================================================================ ---changeset michael.hoennig:hs-office-contact-rbac-RESTRICTED-VIEW endDelimiter:--// +--changeset RbacRestrictedViewGenerator:hs-office-contact-rbac-RESTRICTED-VIEW endDelimiter:--// -- ---------------------------------------------------------------------------- -call rbac.generateRbacRestrictedView('hs_office_contact', +call rbac.generateRbacRestrictedView('hs_office.contact', $orderBy$ caption $orderBy$, diff --git a/src/main/resources/db/changelog/5-hs-office/501-contact/5016-hs-office-contact-migration.sql b/src/main/resources/db/changelog/5-hs-office/501-contact/5016-hs-office-contact-migration.sql index fe0f1553..ae41ee0f 100644 --- a/src/main/resources/db/changelog/5-hs-office/501-contact/5016-hs-office-contact-migration.sql +++ b/src/main/resources/db/changelog/5-hs-office/501-contact/5016-hs-office-contact-migration.sql @@ -7,9 +7,9 @@ --changeset michael.hoennig:hs-office-contact-MIGRATION-mapping endDelimiter:--// -- ---------------------------------------------------------------------------- -CREATE TABLE hs_office_contact_legacy_id +CREATE TABLE hs_office.contact_legacy_id ( - uuid uuid NOT NULL REFERENCES hs_office_contact(uuid), + uuid uuid NOT NULL REFERENCES hs_office.contact(uuid), contact_id integer NOT NULL ); --// @@ -19,10 +19,10 @@ CREATE TABLE hs_office_contact_legacy_id --changeset michael.hoennig:hs-office-contact-MIGRATION-sequence endDelimiter:--// -- ---------------------------------------------------------------------------- -CREATE SEQUENCE IF NOT EXISTS hs_office_contact_legacy_id_seq +CREATE SEQUENCE IF NOT EXISTS hs_office.contact_legacy_id_seq AS integer START 1000000000 - OWNED BY hs_office_contact_legacy_id.contact_id; + OWNED BY hs_office.contact_legacy_id.contact_id; --// @@ -30,9 +30,9 @@ CREATE SEQUENCE IF NOT EXISTS hs_office_contact_legacy_id_seq --changeset michael.hoennig:hs-office-contact-MIGRATION-default endDelimiter:--// -- ---------------------------------------------------------------------------- -ALTER TABLE hs_office_contact_legacy_id +ALTER TABLE hs_office.contact_legacy_id ALTER COLUMN contact_id - SET DEFAULT nextVal('hs_office_contact_legacy_id_seq'); + SET DEFAULT nextVal('hs_office.contact_legacy_id_seq'); --/ @@ -41,8 +41,8 @@ ALTER TABLE hs_office_contact_legacy_id -- ---------------------------------------------------------------------------- CALL base.defineContext('schema-migration'); -INSERT INTO hs_office_contact_legacy_id(uuid, contact_id) - SELECT uuid, nextVal('hs_office_contact_legacy_id_seq') FROM hs_office_contact; +INSERT INTO hs_office.contact_legacy_id(uuid, contact_id) + SELECT uuid, nextVal('hs_office.contact_legacy_id_seq') FROM hs_office.contact; --/ @@ -58,14 +58,14 @@ begin raise exception 'invalid usage of trigger'; end if; - INSERT INTO hs_office_contact_legacy_id VALUES - (NEW.uuid, nextVal('hs_office_contact_legacy_id_seq')); + INSERT INTO hs_office.contact_legacy_id VALUES + (NEW.uuid, nextVal('hs_office.contact_legacy_id_seq')); return NEW; end; $$; create trigger createContactLegacyIdMapping - after insert on hs_office_contact + after insert on hs_office.contact for each row execute procedure insertContactLegacyIdMapping(); --/ @@ -83,14 +83,14 @@ begin raise exception 'invalid usage of trigger'; end if; - DELETE FROM hs_office_contact_legacy_id + DELETE FROM hs_office.contact_legacy_id WHERE uuid = OLD.uuid; return OLD; end; $$; create trigger removeContactLegacyIdMapping - before delete on hs_office_contact + before delete on hs_office.contact for each row execute procedure deleteContactLegacyIdMapping(); --/ diff --git a/src/main/resources/db/changelog/5-hs-office/501-contact/5018-hs-office-contact-test-data.sql b/src/main/resources/db/changelog/5-hs-office/501-contact/5018-hs-office-contact-test-data.sql index 7e77c396..40f9e065 100644 --- a/src/main/resources/db/changelog/5-hs-office/501-contact/5018-hs-office-contact-test-data.sql +++ b/src/main/resources/db/changelog/5-hs-office/501-contact/5018-hs-office-contact-test-data.sql @@ -23,7 +23,7 @@ begin raise notice 'creating test contact: %', contCaption; insert - into hs_office_contact (caption, postaladdress, emailaddresses, phonenumbers) + into hs_office.contact (caption, postaladdress, emailaddresses, phonenumbers) values ( contCaption, postalAddr, diff --git a/src/main/resources/db/changelog/5-hs-office/502-person/5020-hs-office-person.sql b/src/main/resources/db/changelog/5-hs-office/502-person/5020-hs-office-person.sql index 30fa1477..428df466 100644 --- a/src/main/resources/db/changelog/5-hs-office/502-person/5020-hs-office-person.sql +++ b/src/main/resources/db/changelog/5-hs-office/502-person/5020-hs-office-person.sql @@ -14,7 +14,7 @@ CREATE TYPE HsOfficePersonType AS ENUM ( CREATE CAST (character varying as HsOfficePersonType) WITH INOUT AS IMPLICIT; -create table if not exists hs_office_person +create table if not exists hs_office.person ( uuid uuid unique references rbac.object (uuid) initially deferred, version int not null default 0, @@ -31,5 +31,5 @@ create table if not exists hs_office_person --changeset michael.hoennig:hs-office-person-MAIN-TABLE-JOURNAL endDelimiter:--// -- ---------------------------------------------------------------------------- -call base.create_journal('hs_office_person'); +call base.create_journal('hs_office.person'); --// diff --git a/src/main/resources/db/changelog/5-hs-office/502-person/5023-hs-office-person-rbac.sql b/src/main/resources/db/changelog/5-hs-office/502-person/5023-hs-office-person-rbac.sql index f652529f..8e0d7a31 100644 --- a/src/main/resources/db/changelog/5-hs-office/502-person/5023-hs-office-person-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/502-person/5023-hs-office-person-rbac.sql @@ -5,14 +5,14 @@ -- ============================================================================ --changeset RbacObjectGenerator:hs-office-person-rbac-OBJECT endDelimiter:--// -- ---------------------------------------------------------------------------- -call rbac.generateRelatedRbacObject('hs_office_person'); +call rbac.generateRelatedRbacObject('hs_office.person'); --// -- ============================================================================ --changeset RbacRoleDescriptorsGenerator:hs-office-person-rbac-ROLE-DESCRIPTORS endDelimiter:--// -- ---------------------------------------------------------------------------- -call rbac.generateRbacRoleDescriptors('hsOfficePerson', 'hs_office_person'); +call rbac.generateRbacRoleDescriptors('hsOfficePerson', 'hs_office.person'); --// @@ -24,8 +24,8 @@ call rbac.generateRbacRoleDescriptors('hsOfficePerson', 'hs_office_person'); Creates the roles, grants and permission for the AFTER INSERT TRIGGER. */ -create or replace procedure buildRbacSystemForHsOfficePerson( - NEW hs_office_person +create or replace procedure hs_office.person_build_rbac_system( + NEW hs_office.person ) language plpgsql as $$ @@ -57,22 +57,22 @@ begin end; $$; /* - AFTER INSERT TRIGGER to create the role+grant structure for a new hs_office_person row. + AFTER INSERT TRIGGER to create the role+grant structure for a new hs_office.person row. */ -create or replace function insertTriggerForHsOfficePerson_tf() +create or replace function hs_office.person_build_rbac_system_after_insert_tf() returns trigger language plpgsql strict as $$ begin - call buildRbacSystemForHsOfficePerson(NEW); + call hs_office.person_build_rbac_system(NEW); return NEW; end; $$; -create trigger insertTriggerForHsOfficePerson_tg - after insert on hs_office_person +create trigger build_rbac_system_after_insert_tg + after insert on hs_office.person for each row -execute procedure insertTriggerForHsOfficePerson_tf(); +execute procedure hs_office.person_build_rbac_system_after_insert_tf(); --// @@ -80,7 +80,7 @@ execute procedure insertTriggerForHsOfficePerson_tf(); --changeset RbacIdentityViewGenerator:hs-office-person-rbac-IDENTITY-VIEW endDelimiter:--// -- ---------------------------------------------------------------------------- -call rbac.generateRbacIdentityViewFromProjection('hs_office_person', +call rbac.generateRbacIdentityViewFromProjection('hs_office.person', $idName$ concat(tradeName, familyName, givenName) $idName$); @@ -90,7 +90,7 @@ call rbac.generateRbacIdentityViewFromProjection('hs_office_person', -- ============================================================================ --changeset RbacRestrictedViewGenerator:hs-office-person-rbac-RESTRICTED-VIEW endDelimiter:--// -- ---------------------------------------------------------------------------- -call rbac.generateRbacRestrictedView('hs_office_person', +call rbac.generateRbacRestrictedView('hs_office.person', $orderBy$ concat(tradeName, familyName, givenName) $orderBy$, diff --git a/src/main/resources/db/changelog/5-hs-office/502-person/5028-hs-office-person-test-data.sql b/src/main/resources/db/changelog/5-hs-office/502-person/5028-hs-office-person-test-data.sql index c9b078e2..9ba8dd37 100644 --- a/src/main/resources/db/changelog/5-hs-office/502-person/5028-hs-office-person-test-data.sql +++ b/src/main/resources/db/changelog/5-hs-office/502-person/5028-hs-office-person-test-data.sql @@ -27,7 +27,7 @@ begin raise notice 'creating test person: % by %', fullName, emailAddr; insert - into hs_office_person (persontype, tradename, givenname, familyname) + into hs_office.person (persontype, tradename, givenname, familyname) values (newPersonType, newTradeName, newGivenName, newFamilyName); end; $$; --// diff --git a/src/main/resources/db/changelog/5-hs-office/503-relation/5030-hs-office-relation.sql b/src/main/resources/db/changelog/5-hs-office/503-relation/5030-hs-office-relation.sql index 387bacd3..1c17aa78 100644 --- a/src/main/resources/db/changelog/5-hs-office/503-relation/5030-hs-office-relation.sql +++ b/src/main/resources/db/changelog/5-hs-office/503-relation/5030-hs-office-relation.sql @@ -16,13 +16,13 @@ CREATE TYPE HsOfficeRelationType AS ENUM ( CREATE CAST (character varying as HsOfficeRelationType) WITH INOUT AS IMPLICIT; -create table if not exists hs_office_relation +create table if not exists hs_office.relation ( uuid uuid unique references rbac.object (uuid) initially deferred, -- on delete cascade version int not null default 0, - anchorUuid uuid not null references hs_office_person(uuid), - holderUuid uuid not null references hs_office_person(uuid), - contactUuid uuid references hs_office_contact(uuid), + anchorUuid uuid not null references hs_office.person(uuid), + holderUuid uuid not null references hs_office.person(uuid), + contactUuid uuid references hs_office.contact(uuid), type HsOfficeRelationType not null, mark varchar(24) ); @@ -33,5 +33,5 @@ create table if not exists hs_office_relation --changeset michael.hoennig:hs-office-relation-MAIN-TABLE-JOURNAL endDelimiter:--// -- ---------------------------------------------------------------------------- -call base.create_journal('hs_office_relation'); +call base.create_journal('hs_office.relation'); --// diff --git a/src/main/resources/db/changelog/5-hs-office/503-relation/5033-hs-office-relation-rbac.sql b/src/main/resources/db/changelog/5-hs-office/503-relation/5033-hs-office-relation-rbac.sql index d6f36ad5..85301c32 100644 --- a/src/main/resources/db/changelog/5-hs-office/503-relation/5033-hs-office-relation-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/503-relation/5033-hs-office-relation-rbac.sql @@ -3,54 +3,54 @@ -- ============================================================================ ---changeset michael.hoennig:hs-office-relation-rbac-OBJECT endDelimiter:--// +--changeset RbacObjectGenerator:hs-office-relation-rbac-OBJECT endDelimiter:--// -- ---------------------------------------------------------------------------- -call rbac.generateRelatedRbacObject('hs_office_relation'); +call rbac.generateRelatedRbacObject('hs_office.relation'); --// -- ============================================================================ ---changeset michael.hoennig:hs-office-relation-rbac-ROLE-DESCRIPTORS endDelimiter:--// +--changeset RbacRoleDescriptorsGenerator:hs-office-relation-rbac-ROLE-DESCRIPTORS endDelimiter:--// -- ---------------------------------------------------------------------------- -call rbac.generateRbacRoleDescriptors('hsOfficeRelation', 'hs_office_relation'); +call rbac.generateRbacRoleDescriptors('hsOfficeRelation', 'hs_office.relation'); --// -- ============================================================================ ---changeset michael.hoennig:hs-office-relation-rbac-insert-trigger endDelimiter:--// +--changeset RolesGrantsAndPermissionsGenerator:hs-office-relation-rbac-insert-trigger endDelimiter:--// -- ---------------------------------------------------------------------------- /* Creates the roles, grants and permission for the AFTER INSERT TRIGGER. */ -create or replace procedure buildRbacSystemForHsOfficeRelation( - NEW hs_office_relation +create or replace procedure hs_office.relation_build_rbac_system( + NEW hs_office.relation ) language plpgsql as $$ declare - newHolderPerson hs_office_person; - newAnchorPerson hs_office_person; - newContact hs_office_contact; + newHolderPerson hs_office.person; + newAnchorPerson hs_office.person; + newContact hs_office.contact; begin call rbac.enterTriggerForObjectUuid(NEW.uuid); - SELECT * FROM hs_office_person WHERE uuid = NEW.holderUuid INTO newHolderPerson; + SELECT * FROM hs_office.person WHERE uuid = NEW.holderUuid INTO newHolderPerson; assert newHolderPerson.uuid is not null, format('newHolderPerson must not be null for NEW.holderUuid = %s', NEW.holderUuid); - SELECT * FROM hs_office_person WHERE uuid = NEW.anchorUuid INTO newAnchorPerson; + SELECT * FROM hs_office.person WHERE uuid = NEW.anchorUuid INTO newAnchorPerson; assert newAnchorPerson.uuid is not null, format('newAnchorPerson must not be null for NEW.anchorUuid = %s', NEW.anchorUuid); - SELECT * FROM hs_office_contact WHERE uuid = NEW.contactUuid INTO newContact; + SELECT * FROM hs_office.contact WHERE uuid = NEW.contactUuid INTO newContact; assert newContact.uuid is not null, format('newContact must not be null for NEW.contactUuid = %s', NEW.contactUuid); perform rbac.defineRoleWithGrants( hsOfficeRelationOWNER(NEW), permissions => array['DELETE'], - incomingSuperRoles => array[rbac.globalAdmin()], + incomingSuperRoles => array[rbac.globalADMIN()], subjectUuids => array[rbac.currentSubjectUuid()] ); @@ -90,162 +90,162 @@ begin end; $$; /* - AFTER INSERT TRIGGER to create the role+grant structure for a new hs_office_relation row. + AFTER INSERT TRIGGER to create the role+grant structure for a new hs_office.relation row. */ -create or replace function insertTriggerForHsOfficeRelation_tf() +create or replace function hs_office.relation_build_rbac_system_after_insert_tf() returns trigger language plpgsql strict as $$ begin - call buildRbacSystemForHsOfficeRelation(NEW); + call hs_office.relation_build_rbac_system(NEW); return NEW; end; $$; -create trigger insertTriggerForHsOfficeRelation_tg - after insert on hs_office_relation +create trigger build_rbac_system_after_insert_tg + after insert on hs_office.relation for each row -execute procedure insertTriggerForHsOfficeRelation_tf(); +execute procedure hs_office.relation_build_rbac_system_after_insert_tf(); --// -- ============================================================================ ---changeset michael.hoennig:hs-office-relation-rbac-update-trigger endDelimiter:--// +--changeset RolesGrantsAndPermissionsGenerator:hs-office-relation-rbac-update-trigger endDelimiter:--// -- ---------------------------------------------------------------------------- /* Called from the AFTER UPDATE TRIGGER to re-wire the grants. */ -create or replace procedure updateRbacRulesForHsOfficeRelation( - OLD hs_office_relation, - NEW hs_office_relation +create or replace procedure hs_office.relation_update_rbac_system( + OLD hs_office.relation, + NEW hs_office.relation ) language plpgsql as $$ begin if NEW.contactUuid is distinct from OLD.contactUuid then delete from rbac.grants g where g.grantedbytriggerof = OLD.uuid; - call buildRbacSystemForHsOfficeRelation(NEW); + call hs_office.relation_build_rbac_system(NEW); end if; end; $$; /* - AFTER INSERT TRIGGER to re-wire the grant structure for a new hs_office_relation row. + AFTER UPDATE TRIGGER to re-wire the grant structure for a new hs_office.relation row. */ -create or replace function updateTriggerForHsOfficeRelation_tf() +create or replace function hs_office.relation_update_rbac_system_after_update_tf() returns trigger language plpgsql strict as $$ begin - call updateRbacRulesForHsOfficeRelation(OLD, NEW); + call hs_office.relation_update_rbac_system(OLD, NEW); return NEW; end; $$; -create trigger updateTriggerForHsOfficeRelation_tg - after update on hs_office_relation +create trigger update_rbac_system_after_update_tg + after update on hs_office.relation for each row -execute procedure updateTriggerForHsOfficeRelation_tf(); +execute procedure hs_office.relation_update_rbac_system_after_update_tf(); --// -- ============================================================================ ---changeset michael.hoennig:hs-office-relation-rbac-GRANTING-INSERT-PERMISSION endDelimiter:--// +--changeset InsertTriggerGenerator:hs-office-relation-rbac-GRANTING-INSERT-PERMISSION endDelimiter:--// -- ---------------------------------------------------------------------------- --- granting INSERT permission to hs_office_person ---------------------------- +-- granting INSERT permission to hs_office.person ---------------------------- /* - Grants INSERT INTO hs_office_relation permissions to specified role of pre-existing hs_office_person rows. + Grants INSERT INTO hs_office.relation permissions to specified role of pre-existing hs_office.person rows. */ do language plpgsql $$ declare - row hs_office_person; + row hs_office.person; begin - call base.defineContext('create INSERT INTO hs_office_relation permissions for pre-exising hs_office_person rows'); + call base.defineContext('create INSERT INTO hs_office.relation permissions for pre-exising hs_office.person rows'); - FOR row IN SELECT * FROM hs_office_person + FOR row IN SELECT * FROM hs_office.person -- unconditional for all rows in that table LOOP call rbac.grantPermissionToRole( - rbac.createPermission(row.uuid, 'INSERT', 'hs_office_relation'), + rbac.createPermission(row.uuid, 'INSERT', 'hs_office.relation'), hsOfficePersonADMIN(row)); END LOOP; end; $$; /** - Grants hs_office_relation INSERT permission to specified role of new hs_office_person rows. + Grants hs_office.relation INSERT permission to specified role of new person rows. */ -create or replace function new_hs_office_relation_grants_insert_to_hs_office_person_tf() +create or replace function hs_office.new_relation_grants_insert_to_person_tf() returns trigger language plpgsql strict as $$ begin -- unconditional for all rows in that table call rbac.grantPermissionToRole( - rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office_relation'), + rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office.relation'), hsOfficePersonADMIN(NEW)); -- end. return NEW; end; $$; -- z_... is to put it at the end of after insert triggers, to make sure the roles exist -create trigger z_new_hs_office_relation_grants_insert_to_hs_office_person_tg - after insert on hs_office_person +create trigger z_new_relation_grants_after_insert_tg + after insert on hs_office.person for each row -execute procedure new_hs_office_relation_grants_insert_to_hs_office_person_tf(); +execute procedure hs_office.new_relation_grants_insert_to_person_tf(); -- ============================================================================ ---changeset michael.hoennig:hs_office_relation-rbac-CHECKING-INSERT-PERMISSION endDelimiter:--// +--changeset InsertTriggerGenerator:hs-office-relation-rbac-CHECKING-INSERT-PERMISSION endDelimiter:--// -- ---------------------------------------------------------------------------- /** - Checks if the user respectively the assumed roles are allowed to insert a row to hs_office_relation. + Checks if the user respectively the assumed roles are allowed to insert a row to hs_office.relation. */ -create or replace function hs_office_relation_insert_permission_check_tf() +create or replace function hs_office.relation_insert_permission_check_tf() returns trigger language plpgsql as $$ declare superObjectUuid uuid; begin -- check INSERT permission via direct foreign key: NEW.anchorUuid - if rbac.hasInsertPermission(NEW.anchorUuid, 'hs_office_relation') then + if rbac.hasInsertPermission(NEW.anchorUuid, 'hs_office.relation') then return NEW; end if; - raise exception '[403] insert into hs_office_relation not allowed for current subjects % (%)', - base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); + raise exception '[403] insert into hs_office.relation values(%) not allowed for current subjects % (%)', + NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); end; $$; -create trigger hs_office_relation_insert_permission_check_tg - before insert on hs_office_relation +create trigger relation_insert_permission_check_tg + before insert on hs_office.relation for each row - execute procedure hs_office_relation_insert_permission_check_tf(); + execute procedure hs_office.relation_insert_permission_check_tf(); --// -- ============================================================================ ---changeset michael.hoennig:hs-office-relation-rbac-IDENTITY-VIEW endDelimiter:--// +--changeset RbacIdentityViewGenerator:hs-office-relation-rbac-IDENTITY-VIEW endDelimiter:--// -- ---------------------------------------------------------------------------- -call rbac.generateRbacIdentityViewFromProjection('hs_office_relation', +call rbac.generateRbacIdentityViewFromProjection('hs_office.relation', $idName$ - (select idName from hs_office_person_iv p where p.uuid = anchorUuid) + (select idName from hs_office.person_iv p where p.uuid = anchorUuid) || '-with-' || target.type || '-' - || (select idName from hs_office_person_iv p where p.uuid = holderUuid) + || (select idName from hs_office.person_iv p where p.uuid = holderUuid) $idName$); --// -- ============================================================================ ---changeset michael.hoennig:hs-office-relation-rbac-RESTRICTED-VIEW endDelimiter:--// +--changeset RbacRestrictedViewGenerator:hs-office-relation-rbac-RESTRICTED-VIEW endDelimiter:--// -- ---------------------------------------------------------------------------- -call rbac.generateRbacRestrictedView('hs_office_relation', +call rbac.generateRbacRestrictedView('hs_office.relation', $orderBy$ - (select idName from hs_office_person_iv p where p.uuid = target.holderUuid) + (select idName from hs_office.person_iv p where p.uuid = target.holderUuid) $orderBy$, $updates$ contactUuid = new.contactUuid diff --git a/src/main/resources/db/changelog/5-hs-office/503-relation/5038-hs-office-relation-test-data.sql b/src/main/resources/db/changelog/5-hs-office/503-relation/5038-hs-office-relation-test-data.sql index 39c204a9..3cb64e13 100644 --- a/src/main/resources/db/changelog/5-hs-office/503-relation/5038-hs-office-relation-test-data.sql +++ b/src/main/resources/db/changelog/5-hs-office/503-relation/5038-hs-office-relation-test-data.sql @@ -17,16 +17,16 @@ create or replace procedure createHsOfficeRelationTestData( language plpgsql as $$ declare idName varchar; - anchorPerson hs_office_person; - holderPerson hs_office_person; - contact hs_office_contact; + anchorPerson hs_office.person; + holderPerson hs_office.person; + contact hs_office.contact; begin idName := base.cleanIdentifier( anchorPersonName || '-' || holderPersonName); select p.* into anchorPerson - from hs_office_person p + from hs_office.person p where p.tradeName = anchorPersonName or p.familyName = anchorPersonName; if anchorPerson is null then raise exception 'anchorPerson "%" not found', anchorPersonName; @@ -34,13 +34,13 @@ begin select p.* into holderPerson - from hs_office_person p + from hs_office.person p where p.tradeName = holderPersonName or p.familyName = holderPersonName; if holderPerson is null then raise exception 'holderPerson "%" not found', holderPersonName; end if; - select c.* into contact from hs_office_contact c where c.caption = contactCaption; + select c.* into contact from hs_office.contact c where c.caption = contactCaption; if contact is null then raise exception 'contact "%" not found', contactCaption; end if; @@ -50,7 +50,7 @@ begin raise notice '- using holder person (%): %', holderPerson.uuid, holderPerson; raise notice '- using contact (%): %', contact.uuid, contact; insert - into hs_office_relation (uuid, anchoruuid, holderuuid, type, mark, contactUuid) + into hs_office.relation (uuid, anchoruuid, holderuuid, type, mark, contactUuid) values (uuid_generate_v4(), anchorPerson.uuid, holderPerson.uuid, relationType, mark, contact.uuid); end; $$; --// @@ -64,13 +64,13 @@ create or replace procedure createHsOfficeRelationTestData( ) language plpgsql as $$ declare - person hs_office_person; - contact hs_office_contact; + person hs_office.person; + contact hs_office.contact; begin for t in startCount..endCount loop - select p.* from hs_office_person p where tradeName = base.intToVarChar(t, 4) into person; - select c.* from hs_office_contact c where c.caption = base.intToVarChar(t, 4) || '#' || t into contact; + select p.* from hs_office.person p where tradeName = base.intToVarChar(t, 4) into person; + select c.* from hs_office.contact c where c.caption = base.intToVarChar(t, 4) || '#' || t into contact; call createHsOfficeRelationTestData(person.uuid, contact.uuid, 'REPRESENTATIVE'); commit; diff --git a/src/main/resources/db/changelog/5-hs-office/504-partner/5040-hs-office-partner.sql b/src/main/resources/db/changelog/5-hs-office/504-partner/5040-hs-office-partner.sql index eae97773..f696d310 100644 --- a/src/main/resources/db/changelog/5-hs-office/504-partner/5040-hs-office-partner.sql +++ b/src/main/resources/db/changelog/5-hs-office/504-partner/5040-hs-office-partner.sql @@ -5,7 +5,7 @@ --changeset michael.hoennig:hs-office-partner-DETAILS-TABLE endDelimiter:--// -- ---------------------------------------------------------------------------- -create table hs_office_partner_details +create table hs_office.partner_details ( uuid uuid unique references rbac.object (uuid) initially deferred, version int not null default 0, @@ -23,20 +23,20 @@ create table hs_office_partner_details --changeset michael.hoennig:hs-office-partner-DETAILS-TABLE-JOURNAL endDelimiter:--// -- ---------------------------------------------------------------------------- -call base.create_journal('hs_office_partner_details'); +call base.create_journal('hs_office.partner_details'); --// -- ============================================================================ --changeset michael.hoennig:hs-office-partner-MAIN-TABLE endDelimiter:--// -- ---------------------------------------------------------------------------- -create table hs_office_partner +create table hs_office.partner ( uuid uuid unique references rbac.object (uuid) initially deferred, version int not null default 0, partnerNumber numeric(5) unique not null, - partnerRelUuid uuid not null references hs_office_relation(uuid), -- deleted in after delete trigger - detailsUuid uuid not null references hs_office_partner_details(uuid) -- deleted in after delete trigger + partnerRelUuid uuid not null references hs_office.relation(uuid), -- deleted in after delete trigger + detailsUuid uuid not null references hs_office.partner_details(uuid) -- deleted in after delete trigger ); --// @@ -48,20 +48,20 @@ create table hs_office_partner /** Trigger function to delete related details of a partner to delete. */ -create or replace function deleteHsOfficeDependentsOnPartnerDelete() +create or replace function hs_office.partner_delete_dependents_tf() returns trigger language PLPGSQL as $$ declare counter integer; begin - DELETE FROM hs_office_partner_details d WHERE d.uuid = OLD.detailsUuid; + DELETE FROM hs_office.partner_details d WHERE d.uuid = OLD.detailsUuid; GET DIAGNOSTICS counter = ROW_COUNT; if counter = 0 then raise exception 'partner details % could not be deleted', OLD.detailsUuid; end if; - DELETE FROM hs_office_relation r WHERE r.uuid = OLD.partnerRelUuid; + DELETE FROM hs_office.relation r WHERE r.uuid = OLD.partnerRelUuid; GET DIAGNOSTICS counter = ROW_COUNT; if counter = 0 then raise exception 'partner relation % could not be deleted', OLD.partnerRelUuid; @@ -73,15 +73,15 @@ end; $$; /** Triggers deletion of related rows of a partner to delete. */ -create trigger hs_office_partner_delete_dependents_trigger +create trigger delete_dependents_tg after delete - on hs_office_partner + on hs_office.partner for each row - execute procedure deleteHsOfficeDependentsOnPartnerDelete(); + execute procedure hs_office.partner_delete_dependents_tf(); -- ============================================================================ --changeset michael.hoennig:hs-office-partner-MAIN-TABLE-JOURNAL endDelimiter:--// -- ---------------------------------------------------------------------------- -call base.create_journal('hs_office_partner'); +call base.create_journal('hs_office.partner'); --// diff --git a/src/main/resources/db/changelog/5-hs-office/504-partner/5043-hs-office-partner-rbac.sql b/src/main/resources/db/changelog/5-hs-office/504-partner/5043-hs-office-partner-rbac.sql index 8227db94..7ead6151 100644 --- a/src/main/resources/db/changelog/5-hs-office/504-partner/5043-hs-office-partner-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/504-partner/5043-hs-office-partner-rbac.sql @@ -5,14 +5,14 @@ -- ============================================================================ --changeset RbacObjectGenerator:hs-office-partner-rbac-OBJECT endDelimiter:--// -- ---------------------------------------------------------------------------- -call rbac.generateRelatedRbacObject('hs_office_partner'); +call rbac.generateRelatedRbacObject('hs_office.partner'); --// -- ============================================================================ --changeset RbacRoleDescriptorsGenerator:hs-office-partner-rbac-ROLE-DESCRIPTORS endDelimiter:--// -- ---------------------------------------------------------------------------- -call rbac.generateRbacRoleDescriptors('hsOfficePartner', 'hs_office_partner'); +call rbac.generateRbacRoleDescriptors('hsOfficePartner', 'hs_office.partner'); --// @@ -24,22 +24,22 @@ call rbac.generateRbacRoleDescriptors('hsOfficePartner', 'hs_office_partner'); Creates the roles, grants and permission for the AFTER INSERT TRIGGER. */ -create or replace procedure buildRbacSystemForHsOfficePartner( - NEW hs_office_partner +create or replace procedure hs_office.partner_build_rbac_system( + NEW hs_office.partner ) language plpgsql as $$ declare - newPartnerRel hs_office_relation; - newPartnerDetails hs_office_partner_details; + newPartnerRel hs_office.relation; + newPartnerDetails hs_office.partner_details; begin call rbac.enterTriggerForObjectUuid(NEW.uuid); - SELECT * FROM hs_office_relation WHERE uuid = NEW.partnerRelUuid INTO newPartnerRel; + SELECT * FROM hs_office.relation WHERE uuid = NEW.partnerRelUuid INTO newPartnerRel; assert newPartnerRel.uuid is not null, format('newPartnerRel must not be null for NEW.partnerRelUuid = %s', NEW.partnerRelUuid); - SELECT * FROM hs_office_partner_details WHERE uuid = NEW.detailsUuid INTO newPartnerDetails; + SELECT * FROM hs_office.partner_details WHERE uuid = NEW.detailsUuid INTO newPartnerDetails; assert newPartnerDetails.uuid is not null, format('newPartnerDetails must not be null for NEW.detailsUuid = %s', NEW.detailsUuid); call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'DELETE'), hsOfficeRelationOWNER(newPartnerRel)); @@ -53,22 +53,22 @@ begin end; $$; /* - AFTER INSERT TRIGGER to create the role+grant structure for a new hs_office_partner row. + AFTER INSERT TRIGGER to create the role+grant structure for a new hs_office.partner row. */ -create or replace function insertTriggerForHsOfficePartner_tf() +create or replace function hs_office.partner_build_rbac_system_after_insert_tf() returns trigger language plpgsql strict as $$ begin - call buildRbacSystemForHsOfficePartner(NEW); + call hs_office.partner_build_rbac_system(NEW); return NEW; end; $$; -create trigger insertTriggerForHsOfficePartner_tg - after insert on hs_office_partner +create trigger build_rbac_system_after_insert_tg + after insert on hs_office.partner for each row -execute procedure insertTriggerForHsOfficePartner_tf(); +execute procedure hs_office.partner_build_rbac_system_after_insert_tf(); --// @@ -80,31 +80,31 @@ execute procedure insertTriggerForHsOfficePartner_tf(); Called from the AFTER UPDATE TRIGGER to re-wire the grants. */ -create or replace procedure updateRbacRulesForHsOfficePartner( - OLD hs_office_partner, - NEW hs_office_partner +create or replace procedure hs_office.partner_update_rbac_system( + OLD hs_office.partner, + NEW hs_office.partner ) language plpgsql as $$ declare - oldPartnerRel hs_office_relation; - newPartnerRel hs_office_relation; - oldPartnerDetails hs_office_partner_details; - newPartnerDetails hs_office_partner_details; + oldPartnerRel hs_office.relation; + newPartnerRel hs_office.relation; + oldPartnerDetails hs_office.partner_details; + newPartnerDetails hs_office.partner_details; begin call rbac.enterTriggerForObjectUuid(NEW.uuid); - SELECT * FROM hs_office_relation WHERE uuid = OLD.partnerRelUuid INTO oldPartnerRel; + SELECT * FROM hs_office.relation WHERE uuid = OLD.partnerRelUuid INTO oldPartnerRel; assert oldPartnerRel.uuid is not null, format('oldPartnerRel must not be null for OLD.partnerRelUuid = %s', OLD.partnerRelUuid); - SELECT * FROM hs_office_relation WHERE uuid = NEW.partnerRelUuid INTO newPartnerRel; + SELECT * FROM hs_office.relation WHERE uuid = NEW.partnerRelUuid INTO newPartnerRel; assert newPartnerRel.uuid is not null, format('newPartnerRel must not be null for NEW.partnerRelUuid = %s', NEW.partnerRelUuid); - SELECT * FROM hs_office_partner_details WHERE uuid = OLD.detailsUuid INTO oldPartnerDetails; + SELECT * FROM hs_office.partner_details WHERE uuid = OLD.detailsUuid INTO oldPartnerDetails; assert oldPartnerDetails.uuid is not null, format('oldPartnerDetails must not be null for OLD.detailsUuid = %s', OLD.detailsUuid); - SELECT * FROM hs_office_partner_details WHERE uuid = NEW.detailsUuid INTO newPartnerDetails; + SELECT * FROM hs_office.partner_details WHERE uuid = NEW.detailsUuid INTO newPartnerDetails; assert newPartnerDetails.uuid is not null, format('newPartnerDetails must not be null for NEW.detailsUuid = %s', NEW.detailsUuid); @@ -134,22 +134,22 @@ begin end; $$; /* - AFTER INSERT TRIGGER to re-wire the grant structure for a new hs_office_partner row. + AFTER UPDATE TRIGGER to re-wire the grant structure for a new hs_office.partner row. */ -create or replace function updateTriggerForHsOfficePartner_tf() +create or replace function hs_office.partner_update_rbac_system_after_update_tf() returns trigger language plpgsql strict as $$ begin - call updateRbacRulesForHsOfficePartner(OLD, NEW); + call hs_office.partner_update_rbac_system(OLD, NEW); return NEW; end; $$; -create trigger updateTriggerForHsOfficePartner_tg - after update on hs_office_partner +create trigger update_rbac_system_after_update_tg + after update on hs_office.partner for each row -execute procedure updateTriggerForHsOfficePartner_tf(); +execute procedure hs_office.partner_update_rbac_system_after_update_tf(); --// @@ -160,45 +160,45 @@ execute procedure updateTriggerForHsOfficePartner_tf(); -- granting INSERT permission to rbac.global ---------------------------- /* - Grants INSERT INTO hs_office_partner permissions to specified role of pre-existing rbac.global rows. + Grants INSERT INTO hs_office.partner permissions to specified role of pre-existing rbac.global rows. */ do language plpgsql $$ declare row rbac.global; begin - call base.defineContext('create INSERT INTO hs_office_partner permissions for pre-exising rbac.global rows'); + call base.defineContext('create INSERT INTO hs_office.partner permissions for pre-exising rbac.global rows'); FOR row IN SELECT * FROM rbac.global -- unconditional for all rows in that table LOOP call rbac.grantPermissionToRole( - rbac.createPermission(row.uuid, 'INSERT', 'hs_office_partner'), + rbac.createPermission(row.uuid, 'INSERT', 'hs_office.partner'), rbac.globalADMIN()); END LOOP; end; $$; /** - Grants hs_office_partner INSERT permission to specified role of new global rows. + Grants hs_office.partner INSERT permission to specified role of new global rows. */ -create or replace function new_hsof_partner_grants_insert_to_global_tf() +create or replace function hs_office.new_partner_grants_insert_to_global_tf() returns trigger language plpgsql strict as $$ begin -- unconditional for all rows in that table call rbac.grantPermissionToRole( - rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office_partner'), + rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office.partner'), rbac.globalADMIN()); -- end. return NEW; end; $$; -- z_... is to put it at the end of after insert triggers, to make sure the roles exist -create trigger z_new_hs_office_partner_grants_after_insert_tg +create trigger z_new_partner_grants_after_insert_tg after insert on rbac.global for each row -execute procedure new_hsof_partner_grants_insert_to_global_tf(); +execute procedure hs_office.new_partner_grants_insert_to_global_tf(); -- ============================================================================ @@ -206,27 +206,27 @@ execute procedure new_hsof_partner_grants_insert_to_global_tf(); -- ---------------------------------------------------------------------------- /** - Checks if the user respectively the assumed roles are allowed to insert a row to hs_office_partner. + Checks if the user respectively the assumed roles are allowed to insert a row to hs_office.partner. */ -create or replace function hs_office_partner_insert_permission_check_tf() +create or replace function hs_office.partner_insert_permission_check_tf() returns trigger language plpgsql as $$ declare superObjectUuid uuid; begin - -- check INSERT INSERT if rbac.global ADMIN + -- check INSERT permission if rbac.global ADMIN if rbac.isGlobalAdmin() then return NEW; end if; - raise exception '[403] insert into hs_office_partner values(%) not allowed for current subjects % (%)', + raise exception '[403] insert into hs_office.partner values(%) not allowed for current subjects % (%)', NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); end; $$; -create trigger hs_office_partner_insert_permission_check_tg - before insert on hs_office_partner +create trigger partner_insert_permission_check_tg + before insert on hs_office.partner for each row - execute procedure hs_office_partner_insert_permission_check_tf(); + execute procedure hs_office.partner_insert_permission_check_tf(); --// @@ -234,7 +234,7 @@ create trigger hs_office_partner_insert_permission_check_tg --changeset RbacIdentityViewGenerator:hs-office-partner-rbac-IDENTITY-VIEW endDelimiter:--// -- ---------------------------------------------------------------------------- -call rbac.generateRbacIdentityViewFromProjection('hs_office_partner', +call rbac.generateRbacIdentityViewFromProjection('hs_office.partner', $idName$ 'P-' || partnerNumber $idName$); @@ -244,7 +244,7 @@ call rbac.generateRbacIdentityViewFromProjection('hs_office_partner', -- ============================================================================ --changeset RbacRestrictedViewGenerator:hs-office-partner-rbac-RESTRICTED-VIEW endDelimiter:--// -- ---------------------------------------------------------------------------- -call rbac.generateRbacRestrictedView('hs_office_partner', +call rbac.generateRbacRestrictedView('hs_office.partner', $orderBy$ 'P-' || partnerNumber $orderBy$, diff --git a/src/main/resources/db/changelog/5-hs-office/504-partner/5044-hs-office-partner-details-rbac.sql b/src/main/resources/db/changelog/5-hs-office/504-partner/5044-hs-office-partner-details-rbac.sql index 6c360b90..a6209110 100644 --- a/src/main/resources/db/changelog/5-hs-office/504-partner/5044-hs-office-partner-details-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/504-partner/5044-hs-office-partner-details-rbac.sql @@ -5,14 +5,14 @@ -- ============================================================================ --changeset RbacObjectGenerator:hs-office-partner-details-rbac-OBJECT endDelimiter:--// -- ---------------------------------------------------------------------------- -call rbac.generateRelatedRbacObject('hs_office_partner_details'); +call rbac.generateRelatedRbacObject('hs_office.partner_details'); --// -- ============================================================================ --changeset RbacRoleDescriptorsGenerator:hs-office-partner-details-rbac-ROLE-DESCRIPTORS endDelimiter:--// -- ---------------------------------------------------------------------------- -call rbac.generateRbacRoleDescriptors('hsOfficePartnerDetails', 'hs_office_partner_details'); +call rbac.generateRbacRoleDescriptors('hsOfficePartnerDetails', 'hs_office.partner_details'); --// @@ -24,8 +24,8 @@ call rbac.generateRbacRoleDescriptors('hsOfficePartnerDetails', 'hs_office_partn Creates the roles, grants and permission for the AFTER INSERT TRIGGER. */ -create or replace procedure buildRbacSystemForHsOfficePartnerDetails( - NEW hs_office_partner_details +create or replace procedure hs_office.partner_details_build_rbac_system( + NEW hs_office.partner_details ) language plpgsql as $$ @@ -38,22 +38,22 @@ begin end; $$; /* - AFTER INSERT TRIGGER to create the role+grant structure for a new hs_office_partner_details row. + AFTER INSERT TRIGGER to create the role+grant structure for a new hs_office.partner_details row. */ -create or replace function insertTriggerForHsOfficePartnerDetails_tf() +create or replace function hs_office.partner_details_build_rbac_system_after_insert_tf() returns trigger language plpgsql strict as $$ begin - call buildRbacSystemForHsOfficePartnerDetails(NEW); + call hs_office.partner_details_build_rbac_system(NEW); return NEW; end; $$; -create trigger insertTriggerForHsOfficePartnerDetails_tg - after insert on hs_office_partner_details +create trigger build_rbac_system_after_insert_tg + after insert on hs_office.partner_details for each row -execute procedure insertTriggerForHsOfficePartnerDetails_tf(); +execute procedure hs_office.partner_details_build_rbac_system_after_insert_tf(); --// @@ -64,45 +64,45 @@ execute procedure insertTriggerForHsOfficePartnerDetails_tf(); -- granting INSERT permission to rbac.global ---------------------------- /* - Grants INSERT INTO hs_office_partner_details permissions to specified role of pre-existing rbac.global rows. + Grants INSERT INTO hs_office.partner_details permissions to specified role of pre-existing rbac.global rows. */ do language plpgsql $$ declare row rbac.global; begin - call base.defineContext('create INSERT INTO hs_office_partner_details permissions for pre-exising rbac.global rows'); + call base.defineContext('create INSERT INTO hs_office.partner_details permissions for pre-exising rbac.global rows'); FOR row IN SELECT * FROM rbac.global -- unconditional for all rows in that table LOOP call rbac.grantPermissionToRole( - rbac.createPermission(row.uuid, 'INSERT', 'hs_office_partner_details'), + rbac.createPermission(row.uuid, 'INSERT', 'hs_office.partner_details'), rbac.globalADMIN()); END LOOP; end; $$; /** - Grants hs_office_partner_details INSERT permission to specified role of new global rows. + Grants hs_office.partner_details INSERT permission to specified role of new global rows. */ -create or replace function new_hsof_partner_details_grants_insert_to_global_tf() +create or replace function hs_office.new_partner_details_grants_insert_to_global_tf() returns trigger language plpgsql strict as $$ begin -- unconditional for all rows in that table call rbac.grantPermissionToRole( - rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office_partner_details'), + rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office.partner_details'), rbac.globalADMIN()); -- end. return NEW; end; $$; -- z_... is to put it at the end of after insert triggers, to make sure the roles exist -create trigger z_new_hs_office_partner_details_grants_after_insert_tg +create trigger z_new_partner_details_grants_after_insert_tg after insert on rbac.global for each row -execute procedure new_hsof_partner_details_grants_insert_to_global_tf(); +execute procedure hs_office.new_partner_details_grants_insert_to_global_tf(); -- ============================================================================ @@ -110,27 +110,27 @@ execute procedure new_hsof_partner_details_grants_insert_to_global_tf(); -- ---------------------------------------------------------------------------- /** - Checks if the user respectively the assumed roles are allowed to insert a row to hs_office_partner_details. + Checks if the user respectively the assumed roles are allowed to insert a row to hs_office.partner_details. */ -create or replace function hs_office_partner_details_insert_permission_check_tf() +create or replace function hs_office.partner_details_insert_permission_check_tf() returns trigger language plpgsql as $$ declare superObjectUuid uuid; begin - -- check INSERT INSERT if rbac.global ADMIN + -- check INSERT permission if rbac.global ADMIN if rbac.isGlobalAdmin() then return NEW; end if; - raise exception '[403] insert into hs_office_partner_details values(%) not allowed for current subjects % (%)', + raise exception '[403] insert into hs_office.partner_details values(%) not allowed for current subjects % (%)', NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); end; $$; -create trigger hs_office_partner_details_insert_permission_check_tg - before insert on hs_office_partner_details +create trigger partner_details_insert_permission_check_tg + before insert on hs_office.partner_details for each row - execute procedure hs_office_partner_details_insert_permission_check_tf(); + execute procedure hs_office.partner_details_insert_permission_check_tf(); --// @@ -138,12 +138,12 @@ create trigger hs_office_partner_details_insert_permission_check_tg --changeset RbacIdentityViewGenerator:hs-office-partner-details-rbac-IDENTITY-VIEW endDelimiter:--// -- ---------------------------------------------------------------------------- -call rbac.generateRbacIdentityViewFromQuery('hs_office_partner_details', +call rbac.generateRbacIdentityViewFromQuery('hs_office.partner_details', $idName$ SELECT partnerDetails.uuid as uuid, partner_iv.idName as idName - FROM hs_office_partner_details AS partnerDetails - JOIN hs_office_partner partner ON partner.detailsUuid = partnerDetails.uuid - JOIN hs_office_partner_iv partner_iv ON partner_iv.uuid = partner.uuid + FROM hs_office.partner_details AS partnerDetails + JOIN hs_office.partner partner ON partner.detailsUuid = partnerDetails.uuid + JOIN hs_office.partner_iv partner_iv ON partner_iv.uuid = partner.uuid $idName$); --// @@ -151,7 +151,7 @@ call rbac.generateRbacIdentityViewFromQuery('hs_office_partner_details', -- ============================================================================ --changeset RbacRestrictedViewGenerator:hs-office-partner-details-rbac-RESTRICTED-VIEW endDelimiter:--// -- ---------------------------------------------------------------------------- -call rbac.generateRbacRestrictedView('hs_office_partner_details', +call rbac.generateRbacRestrictedView('hs_office.partner_details', $orderBy$ uuid $orderBy$, diff --git a/src/main/resources/db/changelog/5-hs-office/504-partner/5046-hs-office-partner-migration.sql b/src/main/resources/db/changelog/5-hs-office/504-partner/5046-hs-office-partner-migration.sql index 9facdb93..5e79ecf8 100644 --- a/src/main/resources/db/changelog/5-hs-office/504-partner/5046-hs-office-partner-migration.sql +++ b/src/main/resources/db/changelog/5-hs-office/504-partner/5046-hs-office-partner-migration.sql @@ -7,9 +7,9 @@ --changeset michael.hoennig:hs-office-partner-MIGRATION-mapping endDelimiter:--// -- ---------------------------------------------------------------------------- -CREATE TABLE hs_office_partner_legacy_id +CREATE TABLE hs_office.partner_legacy_id ( - uuid uuid NOT NULL REFERENCES hs_office_partner(uuid), + uuid uuid NOT NULL REFERENCES hs_office.partner(uuid), bp_id integer NOT NULL ); --// @@ -19,10 +19,10 @@ CREATE TABLE hs_office_partner_legacy_id --changeset michael.hoennig:hs-office-partner-MIGRATION-sequence endDelimiter:--// -- ---------------------------------------------------------------------------- -CREATE SEQUENCE IF NOT EXISTS hs_office_partner_legacy_id_seq +CREATE SEQUENCE IF NOT EXISTS hs_office.partner_legacy_id_seq AS integer START 1000000000 - OWNED BY hs_office_partner_legacy_id.bp_id; + OWNED BY hs_office.partner_legacy_id.bp_id; --// @@ -30,9 +30,9 @@ CREATE SEQUENCE IF NOT EXISTS hs_office_partner_legacy_id_seq --changeset michael.hoennig:hs-office-partner-MIGRATION-default endDelimiter:--// -- ---------------------------------------------------------------------------- -ALTER TABLE hs_office_partner_legacy_id +ALTER TABLE hs_office.partner_legacy_id ALTER COLUMN bp_id - SET DEFAULT nextVal('hs_office_partner_legacy_id_seq'); + SET DEFAULT nextVal('hs_office.partner_legacy_id_seq'); --/ -- ============================================================================ @@ -40,8 +40,8 @@ ALTER TABLE hs_office_partner_legacy_id -- ---------------------------------------------------------------------------- CALL base.defineContext('schema-migration'); -INSERT INTO hs_office_partner_legacy_id(uuid, bp_id) - SELECT uuid, nextVal('hs_office_partner_legacy_id_seq') FROM hs_office_partner; +INSERT INTO hs_office.partner_legacy_id(uuid, bp_id) + SELECT uuid, nextVal('hs_office.partner_legacy_id_seq') FROM hs_office.partner; --/ @@ -57,14 +57,14 @@ begin raise exception 'invalid usage of trigger'; end if; - INSERT INTO hs_office_partner_legacy_id VALUES - (NEW.uuid, nextVal('hs_office_partner_legacy_id_seq')); + INSERT INTO hs_office.partner_legacy_id VALUES + (NEW.uuid, nextVal('hs_office.partner_legacy_id_seq')); return NEW; end; $$; create trigger createPartnerLegacyIdMapping - after insert on hs_office_partner + after insert on hs_office.partner for each row execute procedure insertPartnerLegacyIdMapping(); --/ @@ -82,14 +82,14 @@ begin raise exception 'invalid usage of trigger'; end if; - DELETE FROM hs_office_partner_legacy_id + DELETE FROM hs_office.partner_legacy_id WHERE uuid = OLD.uuid; return OLD; end; $$; create trigger removePartnerLegacyIdMapping - before delete on hs_office_partner + before delete on hs_office.partner for each row execute procedure deletePartnerLegacyIdMapping(); --/ diff --git a/src/main/resources/db/changelog/5-hs-office/504-partner/5048-hs-office-partner-test-data.sql b/src/main/resources/db/changelog/5-hs-office/504-partner/5048-hs-office-partner-test-data.sql index c28192b3..114158c5 100644 --- a/src/main/resources/db/changelog/5-hs-office/504-partner/5048-hs-office-partner-test-data.sql +++ b/src/main/resources/db/changelog/5-hs-office/504-partner/5048-hs-office-partner-test-data.sql @@ -16,25 +16,25 @@ create or replace procedure createHsOfficePartnerTestData( language plpgsql as $$ declare idName varchar; - mandantPerson hs_office_person; - partnerRel hs_office_relation; - relatedPerson hs_office_person; + mandantPerson hs_office.person; + partnerRel hs_office.relation; + relatedPerson hs_office.person; relatedDetailsUuid uuid; begin idName := base.cleanIdentifier( partnerPersonName|| '-' || contactCaption); - select p.* from hs_office_person p + select p.* from hs_office.person p where p.tradeName = mandantTradeName into mandantPerson; if mandantPerson is null then raise exception 'mandant "%" not found', mandantTradeName; end if; - select p.* from hs_office_person p + select p.* from hs_office.person p where p.tradeName = partnerPersonName or p.familyName = partnerPersonName into relatedPerson; - select r.* from hs_office_relation r + select r.* from hs_office.relation r where r.type = 'PARTNER' and r.anchoruuid = mandantPerson.uuid and r.holderuuid = relatedPerson.uuid into partnerRel; @@ -48,18 +48,18 @@ begin if relatedPerson.persontype = 'NP' then insert - into hs_office_partner_details (uuid, birthName, birthday, birthPlace) + into hs_office.partner_details (uuid, birthName, birthday, birthPlace) values (uuid_generate_v4(), 'Meyer', '1987-10-31', 'Hamburg') returning uuid into relatedDetailsUuid; else insert - into hs_office_partner_details (uuid, registrationOffice, registrationNumber) + into hs_office.partner_details (uuid, registrationOffice, registrationNumber) values (uuid_generate_v4(), 'Hamburg', 'RegNo123456789') returning uuid into relatedDetailsUuid; end if; insert - into hs_office_partner (uuid, partnerNumber, partnerRelUuid, detailsUuid) + into hs_office.partner (uuid, partnerNumber, partnerRelUuid, detailsUuid) values (uuid_generate_v4(), newPartnerNumber, partnerRel.uuid, relatedDetailsUuid); end; $$; --// diff --git a/src/main/resources/db/changelog/5-hs-office/505-bankaccount/5050-hs-office-bankaccount.sql b/src/main/resources/db/changelog/5-hs-office/505-bankaccount/5050-hs-office-bankaccount.sql index 8b27cbe9..f651faaa 100644 --- a/src/main/resources/db/changelog/5-hs-office/505-bankaccount/5050-hs-office-bankaccount.sql +++ b/src/main/resources/db/changelog/5-hs-office/505-bankaccount/5050-hs-office-bankaccount.sql @@ -3,7 +3,7 @@ --changeset michael.hoennig:hs-office-bankaccount-MAIN-TABLE endDelimiter:--// -- ---------------------------------------------------------------------------- -create table hs_office_bankaccount +create table hs_office.bankaccount ( uuid uuid unique references rbac.object (uuid) initially deferred, version int not null default 0, @@ -18,5 +18,5 @@ create table hs_office_bankaccount --changeset michael.hoennig:hs-office-bankaccount-MAIN-TABLE-JOURNAL endDelimiter:--// -- ---------------------------------------------------------------------------- -call base.create_journal('hs_office_bankaccount'); +call base.create_journal('hs_office.bankaccount'); --// diff --git a/src/main/resources/db/changelog/5-hs-office/505-bankaccount/5053-hs-office-bankaccount-rbac.sql b/src/main/resources/db/changelog/5-hs-office/505-bankaccount/5053-hs-office-bankaccount-rbac.sql index 4b8895d7..02775bf1 100644 --- a/src/main/resources/db/changelog/5-hs-office/505-bankaccount/5053-hs-office-bankaccount-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/505-bankaccount/5053-hs-office-bankaccount-rbac.sql @@ -5,14 +5,14 @@ -- ============================================================================ --changeset RbacObjectGenerator:hs-office-bankaccount-rbac-OBJECT endDelimiter:--// -- ---------------------------------------------------------------------------- -call rbac.generateRelatedRbacObject('hs_office_bankaccount'); +call rbac.generateRelatedRbacObject('hs_office.bankaccount'); --// -- ============================================================================ --changeset RbacRoleDescriptorsGenerator:hs-office-bankaccount-rbac-ROLE-DESCRIPTORS endDelimiter:--// -- ---------------------------------------------------------------------------- -call rbac.generateRbacRoleDescriptors('hsOfficeBankAccount', 'hs_office_bankaccount'); +call rbac.generateRbacRoleDescriptors('hsOfficeBankAccount', 'hs_office.bankaccount'); --// @@ -24,8 +24,8 @@ call rbac.generateRbacRoleDescriptors('hsOfficeBankAccount', 'hs_office_bankacco Creates the roles, grants and permission for the AFTER INSERT TRIGGER. */ -create or replace procedure buildRbacSystemForHsOfficeBankAccount( - NEW hs_office_bankaccount +create or replace procedure hs_office.bankaccount_build_rbac_system( + NEW hs_office.bankaccount ) language plpgsql as $$ @@ -57,22 +57,22 @@ begin end; $$; /* - AFTER INSERT TRIGGER to create the role+grant structure for a new hs_office_bankaccount row. + AFTER INSERT TRIGGER to create the role+grant structure for a new hs_office.bankaccount row. */ -create or replace function insertTriggerForHsOfficeBankAccount_tf() +create or replace function hs_office.bankaccount_build_rbac_system_after_insert_tf() returns trigger language plpgsql strict as $$ begin - call buildRbacSystemForHsOfficeBankAccount(NEW); + call hs_office.bankaccount_build_rbac_system(NEW); return NEW; end; $$; -create trigger insertTriggerForHsOfficeBankAccount_tg - after insert on hs_office_bankaccount +create trigger build_rbac_system_after_insert_tg + after insert on hs_office.bankaccount for each row -execute procedure insertTriggerForHsOfficeBankAccount_tf(); +execute procedure hs_office.bankaccount_build_rbac_system_after_insert_tf(); --// @@ -80,7 +80,7 @@ execute procedure insertTriggerForHsOfficeBankAccount_tf(); --changeset RbacIdentityViewGenerator:hs-office-bankaccount-rbac-IDENTITY-VIEW endDelimiter:--// -- ---------------------------------------------------------------------------- -call rbac.generateRbacIdentityViewFromProjection('hs_office_bankaccount', +call rbac.generateRbacIdentityViewFromProjection('hs_office.bankaccount', $idName$ iban $idName$); @@ -90,7 +90,7 @@ call rbac.generateRbacIdentityViewFromProjection('hs_office_bankaccount', -- ============================================================================ --changeset RbacRestrictedViewGenerator:hs-office-bankaccount-rbac-RESTRICTED-VIEW endDelimiter:--// -- ---------------------------------------------------------------------------- -call rbac.generateRbacRestrictedView('hs_office_bankaccount', +call rbac.generateRbacRestrictedView('hs_office.bankaccount', $orderBy$ iban $orderBy$, diff --git a/src/main/resources/db/changelog/5-hs-office/505-bankaccount/5058-hs-office-bankaccount-test-data.sql b/src/main/resources/db/changelog/5-hs-office/505-bankaccount/5058-hs-office-bankaccount-test-data.sql index aa28bdf4..0a8123eb 100644 --- a/src/main/resources/db/changelog/5-hs-office/505-bankaccount/5058-hs-office-bankaccount-test-data.sql +++ b/src/main/resources/db/changelog/5-hs-office/505-bankaccount/5058-hs-office-bankaccount-test-data.sql @@ -19,7 +19,7 @@ begin raise notice 'creating test bankaccount: %', givenHolder; insert - into hs_office_bankaccount(uuid, holder, iban, bic) + into hs_office.bankaccount(uuid, holder, iban, bic) values (uuid_generate_v4(), givenHolder, givenIBAN, givenBIC); end; $$; --// diff --git a/src/main/resources/db/changelog/5-hs-office/506-debitor/5060-hs-office-debitor.sql b/src/main/resources/db/changelog/5-hs-office/506-debitor/5060-hs-office-debitor.sql index 3ea372f7..f9639533 100644 --- a/src/main/resources/db/changelog/5-hs-office/506-debitor/5060-hs-office-debitor.sql +++ b/src/main/resources/db/changelog/5-hs-office/506-debitor/5060-hs-office-debitor.sql @@ -4,18 +4,18 @@ --changeset michael.hoennig:hs-office-debitor-MAIN-TABLE endDelimiter:--// -- ---------------------------------------------------------------------------- -create table hs_office_debitor +create table hs_office.debitor ( uuid uuid unique references rbac.object (uuid) initially deferred, version int not null default 0, debitorNumberSuffix char(2) not null check (debitorNumberSuffix::text ~ '^[0-9][0-9]$'), - debitorRelUuid uuid not null references hs_office_relation(uuid), + debitorRelUuid uuid not null references hs_office.relation(uuid), billable boolean not null default true, vatId varchar(24), vatCountryCode varchar(2), vatBusiness boolean not null, vatReverseCharge boolean not null, - refundBankAccountUuid uuid references hs_office_bankaccount(uuid), + refundBankAccountUuid uuid references hs_office.bankaccount(uuid), defaultPrefix char(3) not null unique constraint check_default_prefix check ( defaultPrefix::text ~ '^([a-z]{3}|al0|bh1|c4s|f3k|k8i|l3d|mh1|o13|p2m|s80|t4w)$' @@ -29,16 +29,16 @@ create table hs_office_debitor -- ---------------------------------------------------------------------------- /** - Trigger function to delete related rows of a debitor to delete. + Trigger function to delete related relations of a debitor to delete. */ -create or replace function deleteHsOfficeDependentsOnDebitorDelete() +create or replace function hs_office.debitor_delete_dependents_tf() returns trigger language PLPGSQL as $$ declare counter integer; begin - DELETE FROM hs_office_relation r WHERE r.uuid = OLD.debitorRelUuid; + DELETE FROM hs_office.relation r WHERE r.uuid = OLD.debitorRelUuid; GET DIAGNOSTICS counter = ROW_COUNT; if counter = 0 then raise exception 'debitor relation % could not be deleted', OLD.debitorRelUuid; @@ -50,16 +50,16 @@ end; $$; /** Triggers deletion of related details of a debitor to delete. */ -create trigger hs_office_debitor_delete_dependents_trigger +create trigger debitor_delete_dependents_tg after delete - on hs_office_debitor + on hs_office.debitor for each row -execute procedure deleteHsOfficeDependentsOnDebitorDelete(); +execute procedure hs_office.debitor_delete_dependents_tf(); -- ============================================================================ --changeset michael.hoennig:hs-office-debitor-MAIN-TABLE-JOURNAL endDelimiter:--// -- ---------------------------------------------------------------------------- -call base.create_journal('hs_office_debitor'); +call base.create_journal('hs_office.debitor'); --// diff --git a/src/main/resources/db/changelog/5-hs-office/506-debitor/5063-hs-office-debitor-rbac.sql b/src/main/resources/db/changelog/5-hs-office/506-debitor/5063-hs-office-debitor-rbac.sql index 994dea2f..dd3abfa8 100644 --- a/src/main/resources/db/changelog/5-hs-office/506-debitor/5063-hs-office-debitor-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/506-debitor/5063-hs-office-debitor-rbac.sql @@ -5,14 +5,14 @@ -- ============================================================================ --changeset RbacObjectGenerator:hs-office-debitor-rbac-OBJECT endDelimiter:--// -- ---------------------------------------------------------------------------- -call rbac.generateRelatedRbacObject('hs_office_debitor'); +call rbac.generateRelatedRbacObject('hs_office.debitor'); --// -- ============================================================================ --changeset RbacRoleDescriptorsGenerator:hs-office-debitor-rbac-ROLE-DESCRIPTORS endDelimiter:--// -- ---------------------------------------------------------------------------- -call rbac.generateRbacRoleDescriptors('hsOfficeDebitor', 'hs_office_debitor'); +call rbac.generateRbacRoleDescriptors('hsOfficeDebitor', 'hs_office.debitor'); --// @@ -24,32 +24,32 @@ call rbac.generateRbacRoleDescriptors('hsOfficeDebitor', 'hs_office_debitor'); Creates the roles, grants and permission for the AFTER INSERT TRIGGER. */ -create or replace procedure buildRbacSystemForHsOfficeDebitor( - NEW hs_office_debitor +create or replace procedure hs_office.debitor_build_rbac_system( + NEW hs_office.debitor ) language plpgsql as $$ declare - newPartnerRel hs_office_relation; - newDebitorRel hs_office_relation; - newRefundBankAccount hs_office_bankaccount; + newPartnerRel hs_office.relation; + newDebitorRel hs_office.relation; + newRefundBankAccount hs_office.bankaccount; begin call rbac.enterTriggerForObjectUuid(NEW.uuid); SELECT partnerRel.* - FROM hs_office_relation AS partnerRel - JOIN hs_office_relation AS debitorRel + FROM hs_office.relation AS partnerRel + JOIN hs_office.relation AS debitorRel ON debitorRel.type = 'DEBITOR' AND debitorRel.anchorUuid = partnerRel.holderUuid WHERE partnerRel.type = 'PARTNER' AND NEW.debitorRelUuid = debitorRel.uuid INTO newPartnerRel; assert newPartnerRel.uuid is not null, format('newPartnerRel must not be null for NEW.debitorRelUuid = %s', NEW.debitorRelUuid); - SELECT * FROM hs_office_relation WHERE uuid = NEW.debitorRelUuid INTO newDebitorRel; + SELECT * FROM hs_office.relation WHERE uuid = NEW.debitorRelUuid INTO newDebitorRel; assert newDebitorRel.uuid is not null, format('newDebitorRel must not be null for NEW.debitorRelUuid = %s', NEW.debitorRelUuid); - SELECT * FROM hs_office_bankaccount WHERE uuid = NEW.refundBankAccountUuid INTO newRefundBankAccount; + SELECT * FROM hs_office.bankaccount WHERE uuid = NEW.refundBankAccountUuid INTO newRefundBankAccount; call rbac.grantRoleToRole(hsOfficeBankAccountREFERRER(newRefundBankAccount), hsOfficeRelationAGENT(newDebitorRel)); call rbac.grantRoleToRole(hsOfficeRelationADMIN(newDebitorRel), hsOfficeRelationADMIN(newPartnerRel)); @@ -65,22 +65,22 @@ begin end; $$; /* - AFTER INSERT TRIGGER to create the role+grant structure for a new hs_office_debitor row. + AFTER INSERT TRIGGER to create the role+grant structure for a new hs_office.debitor row. */ -create or replace function insertTriggerForHsOfficeDebitor_tf() +create or replace function hs_office.debitor_build_rbac_system_after_insert_tf() returns trigger language plpgsql strict as $$ begin - call buildRbacSystemForHsOfficeDebitor(NEW); + call hs_office.debitor_build_rbac_system(NEW); return NEW; end; $$; -create trigger insertTriggerForHsOfficeDebitor_tg - after insert on hs_office_debitor +create trigger build_rbac_system_after_insert_tg + after insert on hs_office.debitor for each row -execute procedure insertTriggerForHsOfficeDebitor_tf(); +execute procedure hs_office.debitor_build_rbac_system_after_insert_tf(); --// @@ -92,9 +92,9 @@ execute procedure insertTriggerForHsOfficeDebitor_tf(); Called from the AFTER UPDATE TRIGGER to re-wire the grants. */ -create or replace procedure updateRbacRulesForHsOfficeDebitor( - OLD hs_office_debitor, - NEW hs_office_debitor +create or replace procedure hs_office.debitor_update_rbac_system( + OLD hs_office.debitor, + NEW hs_office.debitor ) language plpgsql as $$ begin @@ -102,27 +102,27 @@ begin if NEW.debitorRelUuid is distinct from OLD.debitorRelUuid or NEW.refundBankAccountUuid is distinct from OLD.refundBankAccountUuid then delete from rbac.grants g where g.grantedbytriggerof = OLD.uuid; - call buildRbacSystemForHsOfficeDebitor(NEW); + call hs_office.debitor_build_rbac_system(NEW); end if; end; $$; /* - AFTER INSERT TRIGGER to re-wire the grant structure for a new hs_office_debitor row. + AFTER UPDATE TRIGGER to re-wire the grant structure for a new hs_office.debitor row. */ -create or replace function updateTriggerForHsOfficeDebitor_tf() +create or replace function hs_office.debitor_update_rbac_system_after_update_tf() returns trigger language plpgsql strict as $$ begin - call updateRbacRulesForHsOfficeDebitor(OLD, NEW); + call hs_office.debitor_update_rbac_system(OLD, NEW); return NEW; end; $$; -create trigger updateTriggerForHsOfficeDebitor_tg - after update on hs_office_debitor +create trigger update_rbac_system_after_update_tg + after update on hs_office.debitor for each row -execute procedure updateTriggerForHsOfficeDebitor_tf(); +execute procedure hs_office.debitor_update_rbac_system_after_update_tf(); --// @@ -133,45 +133,45 @@ execute procedure updateTriggerForHsOfficeDebitor_tf(); -- granting INSERT permission to rbac.global ---------------------------- /* - Grants INSERT INTO hs_office_debitor permissions to specified role of pre-existing rbac.global rows. + Grants INSERT INTO hs_office.debitor permissions to specified role of pre-existing rbac.global rows. */ do language plpgsql $$ declare row rbac.global; begin - call base.defineContext('create INSERT INTO hs_office_debitor permissions for pre-exising rbac.global rows'); + call base.defineContext('create INSERT INTO hs_office.debitor permissions for pre-exising rbac.global rows'); FOR row IN SELECT * FROM rbac.global -- unconditional for all rows in that table LOOP call rbac.grantPermissionToRole( - rbac.createPermission(row.uuid, 'INSERT', 'hs_office_debitor'), + rbac.createPermission(row.uuid, 'INSERT', 'hs_office.debitor'), rbac.globalADMIN()); END LOOP; end; $$; /** - Grants hs_office_debitor INSERT permission to specified role of new global rows. + Grants hs_office.debitor INSERT permission to specified role of new global rows. */ -create or replace function new_hsof_debitor_grants_insert_to_global_tf() +create or replace function hs_office.new_debitor_grants_insert_to_global_tf() returns trigger language plpgsql strict as $$ begin -- unconditional for all rows in that table call rbac.grantPermissionToRole( - rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office_debitor'), + rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office.debitor'), rbac.globalADMIN()); -- end. return NEW; end; $$; -- z_... is to put it at the end of after insert triggers, to make sure the roles exist -create trigger z_new_hs_office_debitor_grants_after_insert_tg +create trigger z_new_debitor_grants_after_insert_tg after insert on rbac.global for each row -execute procedure new_hsof_debitor_grants_insert_to_global_tf(); +execute procedure hs_office.new_debitor_grants_insert_to_global_tf(); -- ============================================================================ @@ -179,27 +179,27 @@ execute procedure new_hsof_debitor_grants_insert_to_global_tf(); -- ---------------------------------------------------------------------------- /** - Checks if the user respectively the assumed roles are allowed to insert a row to hs_office_debitor. + Checks if the user respectively the assumed roles are allowed to insert a row to hs_office.debitor. */ -create or replace function hs_office_debitor_insert_permission_check_tf() +create or replace function hs_office.debitor_insert_permission_check_tf() returns trigger language plpgsql as $$ declare superObjectUuid uuid; begin - -- check INSERT INSERT if rbac.global ADMIN + -- check INSERT permission if rbac.global ADMIN if rbac.isGlobalAdmin() then return NEW; end if; - raise exception '[403] insert into hs_office_debitor values(%) not allowed for current subjects % (%)', + raise exception '[403] insert into hs_office.debitor values(%) not allowed for current subjects % (%)', NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); end; $$; -create trigger hs_office_debitor_insert_permission_check_tg - before insert on hs_office_debitor +create trigger debitor_insert_permission_check_tg + before insert on hs_office.debitor for each row - execute procedure hs_office_debitor_insert_permission_check_tf(); + execute procedure hs_office.debitor_insert_permission_check_tf(); --// @@ -207,18 +207,18 @@ create trigger hs_office_debitor_insert_permission_check_tg --changeset RbacIdentityViewGenerator:hs-office-debitor-rbac-IDENTITY-VIEW endDelimiter:--// -- ---------------------------------------------------------------------------- -call rbac.generateRbacIdentityViewFromQuery('hs_office_debitor', +call rbac.generateRbacIdentityViewFromQuery('hs_office.debitor', $idName$ SELECT debitor.uuid AS uuid, 'D-' || (SELECT partner.partnerNumber - FROM hs_office_partner partner - JOIN hs_office_relation partnerRel + FROM hs_office.partner partner + JOIN hs_office.relation partnerRel ON partnerRel.uuid = partner.partnerRelUUid AND partnerRel.type = 'PARTNER' - JOIN hs_office_relation debitorRel + JOIN hs_office.relation debitorRel ON debitorRel.anchorUuid = partnerRel.holderUuid AND debitorRel.type = 'DEBITOR' WHERE debitorRel.uuid = debitor.debitorRelUuid) || debitorNumberSuffix as idName - FROM hs_office_debitor AS debitor + FROM hs_office.debitor AS debitor $idName$); --// @@ -226,7 +226,7 @@ call rbac.generateRbacIdentityViewFromQuery('hs_office_debitor', -- ============================================================================ --changeset RbacRestrictedViewGenerator:hs-office-debitor-rbac-RESTRICTED-VIEW endDelimiter:--// -- ---------------------------------------------------------------------------- -call rbac.generateRbacRestrictedView('hs_office_debitor', +call rbac.generateRbacRestrictedView('hs_office.debitor', $orderBy$ defaultPrefix $orderBy$, diff --git a/src/main/resources/db/changelog/5-hs-office/506-debitor/5068-hs-office-debitor-test-data.sql b/src/main/resources/db/changelog/5-hs-office/506-debitor/5068-hs-office-debitor-test-data.sql index a648bace..df82033d 100644 --- a/src/main/resources/db/changelog/5-hs-office/506-debitor/5068-hs-office-debitor-test-data.sql +++ b/src/main/resources/db/changelog/5-hs-office/506-debitor/5068-hs-office-debitor-test-data.sql @@ -24,21 +24,21 @@ begin select debitorRel.uuid into relatedDebitorRelUuid - from hs_office_relation debitorRel - join hs_office_person person on person.uuid = debitorRel.holderUuid + from hs_office.relation debitorRel + join hs_office.person person on person.uuid = debitorRel.holderUuid and (person.tradeName = forPartnerPersonName or person.familyName = forPartnerPersonName) where debitorRel.type = 'DEBITOR'; select b.uuid into relatedBankAccountUuid - from hs_office_bankaccount b + from hs_office.bankaccount b where b.holder = forPartnerPersonName; raise notice 'creating test debitor: % (#%)', idName, withDebitorNumberSuffix; -- raise exception 'creating test debitor: (uuid=%, debitorRelUuid=%, debitornumbersuffix=%, billable=%, vatbusiness=%, vatreversecharge=%, refundbankaccountuuid=%, defaultprefix=%)', -- uuid_generate_v4(), relatedDebitorRelUuid, withDebitorNumberSuffix, true, true, false, relatedBankAccountUuid, withDefaultPrefix; insert - into hs_office_debitor (uuid, debitorRelUuid, debitornumbersuffix, billable, vatbusiness, vatreversecharge, refundbankaccountuuid, defaultprefix) + into hs_office.debitor (uuid, debitorRelUuid, debitornumbersuffix, billable, vatbusiness, vatreversecharge, refundbankaccountuuid, defaultprefix) values (uuid_generate_v4(), relatedDebitorRelUuid, withDebitorNumberSuffix, true, true, false, relatedBankAccountUuid, withDefaultPrefix); end; $$; --// diff --git a/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5070-hs-office-sepamandate.sql b/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5070-hs-office-sepamandate.sql index 16714cda..684ecb7a 100644 --- a/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5070-hs-office-sepamandate.sql +++ b/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5070-hs-office-sepamandate.sql @@ -4,12 +4,12 @@ --changeset michael.hoennig:hs-office-sepamandate-MAIN-TABLE endDelimiter:--// -- ---------------------------------------------------------------------------- -create table if not exists hs_office_sepamandate +create table if not exists hs_office.sepamandate ( uuid uuid unique references rbac.object (uuid) initially deferred, version int not null default 0, - debitorUuid uuid not null references hs_office_debitor(uuid), - bankAccountUuid uuid not null references hs_office_bankaccount(uuid), + debitorUuid uuid not null references hs_office.debitor(uuid), + bankAccountUuid uuid not null references hs_office.bankaccount(uuid), reference varchar(96) not null, agreement date not null, validity daterange not null @@ -21,5 +21,5 @@ create table if not exists hs_office_sepamandate --changeset michael.hoennig:hs-office-sepamandate-MAIN-TABLE-JOURNAL endDelimiter:--// -- ---------------------------------------------------------------------------- -call base.create_journal('hs_office_sepamandate'); +call base.create_journal('hs_office.sepamandate'); --// diff --git a/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5073-hs-office-sepamandate-rbac.sql b/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5073-hs-office-sepamandate-rbac.sql index 76cfe166..f9e4ef66 100644 --- a/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5073-hs-office-sepamandate-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5073-hs-office-sepamandate-rbac.sql @@ -5,14 +5,14 @@ -- ============================================================================ --changeset RbacObjectGenerator:hs-office-sepamandate-rbac-OBJECT endDelimiter:--// -- ---------------------------------------------------------------------------- -call rbac.generateRelatedRbacObject('hs_office_sepamandate'); +call rbac.generateRelatedRbacObject('hs_office.sepamandate'); --// -- ============================================================================ --changeset RbacRoleDescriptorsGenerator:hs-office-sepamandate-rbac-ROLE-DESCRIPTORS endDelimiter:--// -- ---------------------------------------------------------------------------- -call rbac.generateRbacRoleDescriptors('hsOfficeSepaMandate', 'hs_office_sepamandate'); +call rbac.generateRbacRoleDescriptors('hsOfficeSepaMandate', 'hs_office.sepamandate'); --// @@ -24,24 +24,24 @@ call rbac.generateRbacRoleDescriptors('hsOfficeSepaMandate', 'hs_office_sepamand Creates the roles, grants and permission for the AFTER INSERT TRIGGER. */ -create or replace procedure buildRbacSystemForHsOfficeSepaMandate( - NEW hs_office_sepamandate +create or replace procedure hs_office.sepamandate_build_rbac_system( + NEW hs_office.sepamandate ) language plpgsql as $$ declare - newBankAccount hs_office_bankaccount; - newDebitorRel hs_office_relation; + newBankAccount hs_office.bankaccount; + newDebitorRel hs_office.relation; begin call rbac.enterTriggerForObjectUuid(NEW.uuid); - SELECT * FROM hs_office_bankaccount WHERE uuid = NEW.bankAccountUuid INTO newBankAccount; + SELECT * FROM hs_office.bankaccount WHERE uuid = NEW.bankAccountUuid INTO newBankAccount; assert newBankAccount.uuid is not null, format('newBankAccount must not be null for NEW.bankAccountUuid = %s', NEW.bankAccountUuid); SELECT debitorRel.* - FROM hs_office_relation debitorRel - JOIN hs_office_debitor debitor ON debitor.debitorRelUuid = debitorRel.uuid + FROM hs_office.relation debitorRel + JOIN hs_office.debitor debitor ON debitor.debitorRelUuid = debitorRel.uuid WHERE debitor.uuid = NEW.debitorUuid INTO newDebitorRel; assert newDebitorRel.uuid is not null, format('newDebitorRel must not be null for NEW.debitorUuid = %s', NEW.debitorUuid); @@ -82,22 +82,22 @@ begin end; $$; /* - AFTER INSERT TRIGGER to create the role+grant structure for a new hs_office_sepamandate row. + AFTER INSERT TRIGGER to create the role+grant structure for a new hs_office.sepamandate row. */ -create or replace function insertTriggerForHsOfficeSepaMandate_tf() +create or replace function hs_office.sepamandate_build_rbac_system_after_insert_tf() returns trigger language plpgsql strict as $$ begin - call buildRbacSystemForHsOfficeSepaMandate(NEW); + call hs_office.sepamandate_build_rbac_system(NEW); return NEW; end; $$; -create trigger insertTriggerForHsOfficeSepaMandate_tg - after insert on hs_office_sepamandate +create trigger build_rbac_system_after_insert_tg + after insert on hs_office.sepamandate for each row -execute procedure insertTriggerForHsOfficeSepaMandate_tf(); +execute procedure hs_office.sepamandate_build_rbac_system_after_insert_tf(); --// @@ -105,48 +105,48 @@ execute procedure insertTriggerForHsOfficeSepaMandate_tf(); --changeset InsertTriggerGenerator:hs-office-sepamandate-rbac-GRANTING-INSERT-PERMISSION endDelimiter:--// -- ---------------------------------------------------------------------------- --- granting INSERT permission to hs_office_relation ---------------------------- +-- granting INSERT permission to hs_office.relation ---------------------------- /* - Grants INSERT INTO hs_office_sepamandate permissions to specified role of pre-existing hs_office_relation rows. + Grants INSERT INTO hs_office.sepamandate permissions to specified role of pre-existing hs_office.relation rows. */ do language plpgsql $$ declare - row hs_office_relation; + row hs_office.relation; begin - call base.defineContext('create INSERT INTO hs_office_sepamandate permissions for pre-exising hs_office_relation rows'); + call base.defineContext('create INSERT INTO hs_office.sepamandate permissions for pre-exising hs_office.relation rows'); - FOR row IN SELECT * FROM hs_office_relation + FOR row IN SELECT * FROM hs_office.relation WHERE type = 'DEBITOR' LOOP call rbac.grantPermissionToRole( - rbac.createPermission(row.uuid, 'INSERT', 'hs_office_sepamandate'), + rbac.createPermission(row.uuid, 'INSERT', 'hs_office.sepamandate'), hsOfficeRelationADMIN(row)); END LOOP; end; $$; /** - Grants hs_office_sepamandate INSERT permission to specified role of new hs_office_relation rows. + Grants hs_office.sepamandate INSERT permission to specified role of new relation rows. */ -create or replace function new_hsof_sepamandate_grants_insert_to_hsof_relation_tf() +create or replace function hs_office.new_sepamandate_grants_insert_to_relation_tf() returns trigger language plpgsql strict as $$ begin if NEW.type = 'DEBITOR' then call rbac.grantPermissionToRole( - rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office_sepamandate'), + rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office.sepamandate'), hsOfficeRelationADMIN(NEW)); end if; return NEW; end; $$; -- z_... is to put it at the end of after insert triggers, to make sure the roles exist -create trigger z_new_hs_office_sepamandate_grants_after_insert_tg - after insert on hs_office_relation +create trigger z_new_sepamandate_grants_after_insert_tg + after insert on hs_office.relation for each row -execute procedure new_hsof_sepamandate_grants_insert_to_hsof_relation_tf(); +execute procedure hs_office.new_sepamandate_grants_insert_to_relation_tf(); -- ============================================================================ @@ -154,9 +154,9 @@ execute procedure new_hsof_sepamandate_grants_insert_to_hsof_relation_tf(); -- ---------------------------------------------------------------------------- /** - Checks if the user respectively the assumed roles are allowed to insert a row to hs_office_sepamandate. + Checks if the user respectively the assumed roles are allowed to insert a row to hs_office.sepamandate. */ -create or replace function hs_office_sepamandate_insert_permission_check_tf() +create or replace function hs_office.sepamandate_insert_permission_check_tf() returns trigger language plpgsql as $$ declare @@ -164,23 +164,23 @@ declare begin -- check INSERT permission via indirect foreign key: NEW.debitorUuid superObjectUuid := (SELECT debitorRel.uuid - FROM hs_office_relation debitorRel - JOIN hs_office_debitor debitor ON debitor.debitorRelUuid = debitorRel.uuid + FROM hs_office.relation debitorRel + JOIN hs_office.debitor debitor ON debitor.debitorRelUuid = debitorRel.uuid WHERE debitor.uuid = NEW.debitorUuid ); - assert superObjectUuid is not null, 'object uuid fetched depending on hs_office_sepamandate.debitorUuid must not be null, also check fetchSql in RBAC DSL'; - if rbac.hasInsertPermission(superObjectUuid, 'hs_office_sepamandate') then + assert superObjectUuid is not null, 'object uuid fetched depending on hs_office.sepamandate.debitorUuid must not be null, also check fetchSql in RBAC DSL'; + if rbac.hasInsertPermission(superObjectUuid, 'hs_office.sepamandate') then return NEW; end if; - raise exception '[403] insert into hs_office_sepamandate values(%) not allowed for current subjects % (%)', + raise exception '[403] insert into hs_office.sepamandate values(%) not allowed for current subjects % (%)', NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); end; $$; -create trigger hs_office_sepamandate_insert_permission_check_tg - before insert on hs_office_sepamandate +create trigger sepamandate_insert_permission_check_tg + before insert on hs_office.sepamandate for each row - execute procedure hs_office_sepamandate_insert_permission_check_tf(); + execute procedure hs_office.sepamandate_insert_permission_check_tf(); --// @@ -188,11 +188,11 @@ create trigger hs_office_sepamandate_insert_permission_check_tg --changeset RbacIdentityViewGenerator:hs-office-sepamandate-rbac-IDENTITY-VIEW endDelimiter:--// -- ---------------------------------------------------------------------------- -call rbac.generateRbacIdentityViewFromQuery('hs_office_sepamandate', +call rbac.generateRbacIdentityViewFromQuery('hs_office.sepamandate', $idName$ select sm.uuid as uuid, ba.iban || '-' || sm.validity as idName - from hs_office_sepamandate sm - join hs_office_bankaccount ba on ba.uuid = sm.bankAccountUuid + from hs_office.sepamandate sm + join hs_office.bankaccount ba on ba.uuid = sm.bankAccountUuid $idName$); --// @@ -200,7 +200,7 @@ call rbac.generateRbacIdentityViewFromQuery('hs_office_sepamandate', -- ============================================================================ --changeset RbacRestrictedViewGenerator:hs-office-sepamandate-rbac-RESTRICTED-VIEW endDelimiter:--// -- ---------------------------------------------------------------------------- -call rbac.generateRbacRestrictedView('hs_office_sepamandate', +call rbac.generateRbacRestrictedView('hs_office.sepamandate', $orderBy$ validity $orderBy$, diff --git a/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5076-hs-office-sepamandate-migration.sql b/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5076-hs-office-sepamandate-migration.sql index 01e2298b..2446eff9 100644 --- a/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5076-hs-office-sepamandate-migration.sql +++ b/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5076-hs-office-sepamandate-migration.sql @@ -7,9 +7,9 @@ --changeset michael.hoennig:hs-office-sepamandate-MIGRATION-mapping endDelimiter:--// -- ---------------------------------------------------------------------------- -CREATE TABLE hs_office_sepamandate_legacy_id +CREATE TABLE hs_office.sepamandate_legacy_id ( - uuid uuid NOT NULL REFERENCES hs_office_sepamandate(uuid), + uuid uuid NOT NULL REFERENCES hs_office.sepamandate(uuid), sepa_mandate_id integer NOT NULL ); --// @@ -19,10 +19,10 @@ CREATE TABLE hs_office_sepamandate_legacy_id --changeset michael.hoennig:hs-office-sepamandate-MIGRATION-sequence endDelimiter:--// -- ---------------------------------------------------------------------------- -CREATE SEQUENCE IF NOT EXISTS hs_office_sepamandate_legacy_id_seq +CREATE SEQUENCE IF NOT EXISTS hs_office.sepamandate_legacy_id_seq AS integer START 1000000000 - OWNED BY hs_office_sepamandate_legacy_id.sepa_mandate_id; + OWNED BY hs_office.sepamandate_legacy_id.sepa_mandate_id; --// @@ -30,9 +30,9 @@ CREATE SEQUENCE IF NOT EXISTS hs_office_sepamandate_legacy_id_seq --changeset michael.hoennig:hs-office-sepamandate-MIGRATION-default endDelimiter:--// -- ---------------------------------------------------------------------------- -ALTER TABLE hs_office_sepamandate_legacy_id +ALTER TABLE hs_office.sepamandate_legacy_id ALTER COLUMN sepa_mandate_id - SET DEFAULT nextVal('hs_office_sepamandate_legacy_id_seq'); + SET DEFAULT nextVal('hs_office.sepamandate_legacy_id_seq'); --/ @@ -42,8 +42,8 @@ ALTER TABLE hs_office_sepamandate_legacy_id -- ---------------------------------------------------------------------------- CALL base.defineContext('schema-migration'); -INSERT INTO hs_office_sepamandate_legacy_id(uuid, sepa_mandate_id) - SELECT uuid, nextVal('hs_office_sepamandate_legacy_id_seq') FROM hs_office_sepamandate; +INSERT INTO hs_office.sepamandate_legacy_id(uuid, sepa_mandate_id) + SELECT uuid, nextVal('hs_office.sepamandate_legacy_id_seq') FROM hs_office.sepamandate; --/ @@ -59,14 +59,14 @@ begin raise exception 'invalid usage of trigger'; end if; - INSERT INTO hs_office_sepamandate_legacy_id VALUES - (NEW.uuid, nextVal('hs_office_sepamandate_legacy_id_seq')); + INSERT INTO hs_office.sepamandate_legacy_id VALUES + (NEW.uuid, nextVal('hs_office.sepamandate_legacy_id_seq')); return NEW; end; $$; create trigger createSepaMandateLegacyIdMapping - after insert on hs_office_sepamandate + after insert on hs_office.sepamandate for each row execute procedure insertSepaMandateLegacyIdMapping(); --/ @@ -84,14 +84,14 @@ begin raise exception 'invalid usage of trigger'; end if; - DELETE FROM hs_office_sepamandate_legacy_id + DELETE FROM hs_office.sepamandate_legacy_id WHERE uuid = OLD.uuid; return OLD; end; $$; create trigger removeSepaMandateLegacyIdMapping - before delete on hs_office_sepamandate + before delete on hs_office.sepamandate for each row execute procedure deleteSepaMandateLegacyIdMapping(); --/ diff --git a/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5078-hs-office-sepamandate-test-data.sql b/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5078-hs-office-sepamandate-test-data.sql index c737be8f..51e33f6b 100644 --- a/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5078-hs-office-sepamandate-test-data.sql +++ b/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5078-hs-office-sepamandate-test-data.sql @@ -15,23 +15,23 @@ create or replace procedure createHsOfficeSepaMandateTestData( withReference varchar) language plpgsql as $$ declare - relatedDebitor hs_office_debitor; - relatedBankAccount hs_office_bankAccount; + relatedDebitor hs_office.debitor; + relatedBankAccount hs_office.bankAccount; begin select debitor.* into relatedDebitor - from hs_office_debitor debitor - join hs_office_relation debitorRel on debitorRel.uuid = debitor.debitorRelUuid - join hs_office_relation partnerRel on partnerRel.holderUuid = debitorRel.anchorUuid - join hs_office_partner partner on partner.partnerRelUuid = partnerRel.uuid + from hs_office.debitor debitor + join hs_office.relation debitorRel on debitorRel.uuid = debitor.debitorRelUuid + join hs_office.relation partnerRel on partnerRel.holderUuid = debitorRel.anchorUuid + join hs_office.partner partner on partner.partnerRelUuid = partnerRel.uuid where partner.partnerNumber = forPartnerNumber and debitor.debitorNumberSuffix = forDebitorSuffix; select b.* into relatedBankAccount - from hs_office_bankAccount b where b.iban = forIban; + from hs_office.bankAccount b where b.iban = forIban; raise notice 'creating test SEPA-mandate: %', forPartnerNumber::text || forDebitorSuffix::text; raise notice '- using debitor (%): %', relatedDebitor.uuid, relatedDebitor; raise notice '- using bankAccount (%): %', relatedBankAccount.uuid, relatedBankAccount; insert - into hs_office_sepamandate (uuid, debitoruuid, bankAccountuuid, reference, agreement, validity) + into hs_office.sepamandate (uuid, debitoruuid, bankAccountuuid, reference, agreement, validity) values (uuid_generate_v4(), relatedDebitor.uuid, relatedBankAccount.uuid, withReference, '20220930', daterange('20221001' , '20261231', '[]')); end; $$; --// diff --git a/src/main/resources/db/changelog/5-hs-office/510-membership/5100-hs-office-membership.sql b/src/main/resources/db/changelog/5-hs-office/510-membership/5100-hs-office-membership.sql index 7fe4223e..e0147e5a 100644 --- a/src/main/resources/db/changelog/5-hs-office/510-membership/5100-hs-office-membership.sql +++ b/src/main/resources/db/changelog/5-hs-office/510-membership/5100-hs-office-membership.sql @@ -17,11 +17,11 @@ CREATE TYPE HsOfficeMembershipStatus AS ENUM ( CREATE CAST (character varying as HsOfficeMembershipStatus) WITH INOUT AS IMPLICIT; -create table if not exists hs_office_membership +create table if not exists hs_office.membership ( uuid uuid unique references rbac.object (uuid) initially deferred, version int not null default 0, - partnerUuid uuid not null references hs_office_partner(uuid), + partnerUuid uuid not null references hs_office.partner(uuid), memberNumberSuffix char(2) not null check (memberNumberSuffix::text ~ '^[0-9][0-9]$'), validity daterange not null, status HsOfficeMembershipStatus not null default 'ACTIVE', @@ -36,5 +36,5 @@ create table if not exists hs_office_membership --changeset michael.hoennig:hs-office-membership-MAIN-TABLE-JOURNAL endDelimiter:--// -- ---------------------------------------------------------------------------- -call base.create_journal('hs_office_membership'); +call base.create_journal('hs_office.membership'); --// diff --git a/src/main/resources/db/changelog/5-hs-office/510-membership/5103-hs-office-membership-rbac.sql b/src/main/resources/db/changelog/5-hs-office/510-membership/5103-hs-office-membership-rbac.sql index b5239725..18d53198 100644 --- a/src/main/resources/db/changelog/5-hs-office/510-membership/5103-hs-office-membership-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/510-membership/5103-hs-office-membership-rbac.sql @@ -5,14 +5,14 @@ -- ============================================================================ --changeset RbacObjectGenerator:hs-office-membership-rbac-OBJECT endDelimiter:--// -- ---------------------------------------------------------------------------- -call rbac.generateRelatedRbacObject('hs_office_membership'); +call rbac.generateRelatedRbacObject('hs_office.membership'); --// -- ============================================================================ --changeset RbacRoleDescriptorsGenerator:hs-office-membership-rbac-ROLE-DESCRIPTORS endDelimiter:--// -- ---------------------------------------------------------------------------- -call rbac.generateRbacRoleDescriptors('hsOfficeMembership', 'hs_office_membership'); +call rbac.generateRbacRoleDescriptors('hsOfficeMembership', 'hs_office.membership'); --// @@ -24,20 +24,20 @@ call rbac.generateRbacRoleDescriptors('hsOfficeMembership', 'hs_office_membershi Creates the roles, grants and permission for the AFTER INSERT TRIGGER. */ -create or replace procedure buildRbacSystemForHsOfficeMembership( - NEW hs_office_membership +create or replace procedure hs_office.membership_build_rbac_system( + NEW hs_office.membership ) language plpgsql as $$ declare - newPartnerRel hs_office_relation; + newPartnerRel hs_office.relation; begin call rbac.enterTriggerForObjectUuid(NEW.uuid); SELECT partnerRel.* - FROM hs_office_partner AS partner - JOIN hs_office_relation AS partnerRel ON partnerRel.uuid = partner.partnerRelUuid + FROM hs_office.partner AS partner + JOIN hs_office.relation AS partnerRel ON partnerRel.uuid = partner.partnerRelUuid WHERE partner.uuid = NEW.partnerUuid INTO newPartnerRel; assert newPartnerRel.uuid is not null, format('newPartnerRel must not be null for NEW.partnerUuid = %s', NEW.partnerUuid); @@ -69,22 +69,22 @@ begin end; $$; /* - AFTER INSERT TRIGGER to create the role+grant structure for a new hs_office_membership row. + AFTER INSERT TRIGGER to create the role+grant structure for a new hs_office.membership row. */ -create or replace function insertTriggerForHsOfficeMembership_tf() +create or replace function hs_office.membership_build_rbac_system_after_insert_tf() returns trigger language plpgsql strict as $$ begin - call buildRbacSystemForHsOfficeMembership(NEW); + call hs_office.membership_build_rbac_system(NEW); return NEW; end; $$; -create trigger insertTriggerForHsOfficeMembership_tg - after insert on hs_office_membership +create trigger build_rbac_system_after_insert_tg + after insert on hs_office.membership for each row -execute procedure insertTriggerForHsOfficeMembership_tf(); +execute procedure hs_office.membership_build_rbac_system_after_insert_tf(); --// @@ -95,45 +95,45 @@ execute procedure insertTriggerForHsOfficeMembership_tf(); -- granting INSERT permission to rbac.global ---------------------------- /* - Grants INSERT INTO hs_office_membership permissions to specified role of pre-existing rbac.global rows. + Grants INSERT INTO hs_office.membership permissions to specified role of pre-existing rbac.global rows. */ do language plpgsql $$ declare row rbac.global; begin - call base.defineContext('create INSERT INTO hs_office_membership permissions for pre-exising rbac.global rows'); + call base.defineContext('create INSERT INTO hs_office.membership permissions for pre-exising rbac.global rows'); FOR row IN SELECT * FROM rbac.global -- unconditional for all rows in that table LOOP call rbac.grantPermissionToRole( - rbac.createPermission(row.uuid, 'INSERT', 'hs_office_membership'), + rbac.createPermission(row.uuid, 'INSERT', 'hs_office.membership'), rbac.globalADMIN()); END LOOP; end; $$; /** - Grants hs_office_membership INSERT permission to specified role of new global rows. + Grants hs_office.membership INSERT permission to specified role of new global rows. */ -create or replace function new_hsof_membership_grants_insert_to_global_tf() +create or replace function hs_office.new_membership_grants_insert_to_global_tf() returns trigger language plpgsql strict as $$ begin -- unconditional for all rows in that table call rbac.grantPermissionToRole( - rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office_membership'), + rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office.membership'), rbac.globalADMIN()); -- end. return NEW; end; $$; -- z_... is to put it at the end of after insert triggers, to make sure the roles exist -create trigger z_new_hs_office_membership_grants_after_insert_tg +create trigger z_new_membership_grants_after_insert_tg after insert on rbac.global for each row -execute procedure new_hsof_membership_grants_insert_to_global_tf(); +execute procedure hs_office.new_membership_grants_insert_to_global_tf(); -- ============================================================================ @@ -141,27 +141,27 @@ execute procedure new_hsof_membership_grants_insert_to_global_tf(); -- ---------------------------------------------------------------------------- /** - Checks if the user respectively the assumed roles are allowed to insert a row to hs_office_membership. + Checks if the user respectively the assumed roles are allowed to insert a row to hs_office.membership. */ -create or replace function hs_office_membership_insert_permission_check_tf() +create or replace function hs_office.membership_insert_permission_check_tf() returns trigger language plpgsql as $$ declare superObjectUuid uuid; begin - -- check INSERT INSERT if rbac.global ADMIN + -- check INSERT permission if rbac.global ADMIN if rbac.isGlobalAdmin() then return NEW; end if; - raise exception '[403] insert into hs_office_membership values(%) not allowed for current subjects % (%)', + raise exception '[403] insert into hs_office.membership values(%) not allowed for current subjects % (%)', NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); end; $$; -create trigger hs_office_membership_insert_permission_check_tg - before insert on hs_office_membership +create trigger membership_insert_permission_check_tg + before insert on hs_office.membership for each row - execute procedure hs_office_membership_insert_permission_check_tf(); + execute procedure hs_office.membership_insert_permission_check_tf(); --// @@ -169,12 +169,12 @@ create trigger hs_office_membership_insert_permission_check_tg --changeset RbacIdentityViewGenerator:hs-office-membership-rbac-IDENTITY-VIEW endDelimiter:--// -- ---------------------------------------------------------------------------- -call rbac.generateRbacIdentityViewFromQuery('hs_office_membership', +call rbac.generateRbacIdentityViewFromQuery('hs_office.membership', $idName$ SELECT m.uuid AS uuid, 'M-' || p.partnerNumber || m.memberNumberSuffix as idName - FROM hs_office_membership AS m - JOIN hs_office_partner AS p ON p.uuid = m.partnerUuid + FROM hs_office.membership AS m + JOIN hs_office.partner AS p ON p.uuid = m.partnerUuid $idName$); --// @@ -182,7 +182,7 @@ call rbac.generateRbacIdentityViewFromQuery('hs_office_membership', -- ============================================================================ --changeset RbacRestrictedViewGenerator:hs-office-membership-rbac-RESTRICTED-VIEW endDelimiter:--// -- ---------------------------------------------------------------------------- -call rbac.generateRbacRestrictedView('hs_office_membership', +call rbac.generateRbacRestrictedView('hs_office.membership', $orderBy$ validity $orderBy$, diff --git a/src/main/resources/db/changelog/5-hs-office/510-membership/5108-hs-office-membership-test-data.sql b/src/main/resources/db/changelog/5-hs-office/510-membership/5108-hs-office-membership-test-data.sql index bb25dc6f..8b904d6d 100644 --- a/src/main/resources/db/changelog/5-hs-office/510-membership/5108-hs-office-membership-test-data.sql +++ b/src/main/resources/db/changelog/5-hs-office/510-membership/5108-hs-office-membership-test-data.sql @@ -13,15 +13,15 @@ create or replace procedure createHsOfficeMembershipTestData( newMemberNumberSuffix char(2) ) language plpgsql as $$ declare - relatedPartner hs_office_partner; + relatedPartner hs_office.partner; begin - select partner.* from hs_office_partner partner + select partner.* from hs_office.partner partner where partner.partnerNumber = forPartnerNumber into relatedPartner; raise notice 'creating test Membership: M-% %', forPartnerNumber, newMemberNumberSuffix; raise notice '- using partner (%): %', relatedPartner.uuid, relatedPartner; insert - into hs_office_membership (uuid, partneruuid, memberNumberSuffix, validity, status) + into hs_office.membership (uuid, partneruuid, memberNumberSuffix, validity, status) values (uuid_generate_v4(), relatedPartner.uuid, newMemberNumberSuffix, daterange('20221001' , null, '[]'), 'ACTIVE'); end; $$; --// diff --git a/src/main/resources/db/changelog/5-hs-office/511-coopshares/5110-hs-office-coopshares.sql b/src/main/resources/db/changelog/5-hs-office/511-coopshares/5110-hs-office-coopshares.sql index 119b4a2a..7e15a874 100644 --- a/src/main/resources/db/changelog/5-hs-office/511-coopshares/5110-hs-office-coopshares.sql +++ b/src/main/resources/db/changelog/5-hs-office/511-coopshares/5110-hs-office-coopshares.sql @@ -8,16 +8,16 @@ CREATE TYPE HsOfficeCoopSharesTransactionType AS ENUM ('ADJUSTMENT', 'SUBSCRIPTI CREATE CAST (character varying as HsOfficeCoopSharesTransactionType) WITH INOUT AS IMPLICIT; -create table if not exists hs_office_coopsharestransaction +create table if not exists hs_office.coopsharestransaction ( uuid uuid unique references rbac.object (uuid) initially deferred, version int not null default 0, - membershipUuid uuid not null references hs_office_membership(uuid), + membershipUuid uuid not null references hs_office.membership(uuid), transactionType HsOfficeCoopSharesTransactionType not null, valueDate date not null, shareCount integer not null, reference varchar(48) not null, - adjustedShareTxUuid uuid unique REFERENCES hs_office_coopsharestransaction(uuid) DEFERRABLE INITIALLY DEFERRED, + adjustedShareTxUuid uuid unique REFERENCES hs_office.coopsharestransaction(uuid) DEFERRABLE INITIALLY DEFERRED, comment varchar(512) ); --// @@ -26,8 +26,8 @@ create table if not exists hs_office_coopsharestransaction --changeset michael.hoennig:hs-office-coopshares-BUSINESS-RULES endDelimiter:--// -- ---------------------------------------------------------------------------- -alter table hs_office_coopsharestransaction - add constraint hs_office_coopsharestransaction_reverse_entry_missing +alter table hs_office.coopsharestransaction + add constraint reverse_entry_missing check ( transactionType = 'ADJUSTMENT' and adjustedShareTxUuid is not null or transactionType <> 'ADJUSTMENT' and adjustedShareTxUuid is null); --// @@ -44,7 +44,7 @@ declare totalShareCount integer; begin select sum(cst.shareCount) - from hs_office_coopsharestransaction cst + from hs_office.coopsharestransaction cst where cst.membershipUuid = forMembershipUuid into currentShareCount; totalShareCount := currentShareCount + newShareCount; @@ -54,8 +54,8 @@ begin return true; end; $$; -alter table hs_office_coopsharestransaction - add constraint hs_office_coopshares_positive +alter table hs_office.coopsharestransaction + add constraint check_positive_total_shares_count check ( checkSharesByMembershipUuid(membershipUuid, shareCount) ); --// @@ -64,5 +64,5 @@ alter table hs_office_coopsharestransaction --changeset michael.hoennig:hs-office-coopshares-MAIN-TABLE-JOURNAL endDelimiter:--// -- ---------------------------------------------------------------------------- -call base.create_journal('hs_office_coopsharestransaction'); +call base.create_journal('hs_office.coopsharestransaction'); --// diff --git a/src/main/resources/db/changelog/5-hs-office/511-coopshares/5113-hs-office-coopshares-rbac.sql b/src/main/resources/db/changelog/5-hs-office/511-coopshares/5113-hs-office-coopshares-rbac.sql index b77458ee..66df3a08 100644 --- a/src/main/resources/db/changelog/5-hs-office/511-coopshares/5113-hs-office-coopshares-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/511-coopshares/5113-hs-office-coopshares-rbac.sql @@ -5,14 +5,14 @@ -- ============================================================================ --changeset RbacObjectGenerator:hs-office-coopsharestransaction-rbac-OBJECT endDelimiter:--// -- ---------------------------------------------------------------------------- -call rbac.generateRelatedRbacObject('hs_office_coopsharestransaction'); +call rbac.generateRelatedRbacObject('hs_office.coopsharestransaction'); --// -- ============================================================================ --changeset RbacRoleDescriptorsGenerator:hs-office-coopsharestransaction-rbac-ROLE-DESCRIPTORS endDelimiter:--// -- ---------------------------------------------------------------------------- -call rbac.generateRbacRoleDescriptors('hsOfficeCoopSharesTransaction', 'hs_office_coopsharestransaction'); +call rbac.generateRbacRoleDescriptors('hsOfficeCoopSharesTransaction', 'hs_office.coopsharestransaction'); --// @@ -24,18 +24,18 @@ call rbac.generateRbacRoleDescriptors('hsOfficeCoopSharesTransaction', 'hs_offic Creates the roles, grants and permission for the AFTER INSERT TRIGGER. */ -create or replace procedure buildRbacSystemForHsOfficeCoopSharesTransaction( - NEW hs_office_coopsharestransaction +create or replace procedure hs_office.coopsharestransaction_build_rbac_system( + NEW hs_office.coopsharestransaction ) language plpgsql as $$ declare - newMembership hs_office_membership; + newMembership hs_office.membership; begin call rbac.enterTriggerForObjectUuid(NEW.uuid); - SELECT * FROM hs_office_membership WHERE uuid = NEW.membershipUuid INTO newMembership; + SELECT * FROM hs_office.membership WHERE uuid = NEW.membershipUuid INTO newMembership; assert newMembership.uuid is not null, format('newMembership must not be null for NEW.membershipUuid = %s', NEW.membershipUuid); call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'SELECT'), hsOfficeMembershipAGENT(newMembership)); @@ -45,22 +45,22 @@ begin end; $$; /* - AFTER INSERT TRIGGER to create the role+grant structure for a new hs_office_coopsharestransaction row. + AFTER INSERT TRIGGER to create the role+grant structure for a new hs_office.coopsharestransaction row. */ -create or replace function insertTriggerForHsOfficeCoopSharesTransaction_tf() +create or replace function hs_office.coopsharestransaction_build_rbac_system_after_insert_tf() returns trigger language plpgsql strict as $$ begin - call buildRbacSystemForHsOfficeCoopSharesTransaction(NEW); + call hs_office.coopsharestransaction_build_rbac_system(NEW); return NEW; end; $$; -create trigger insertTriggerForHsOfficeCoopSharesTransaction_tg - after insert on hs_office_coopsharestransaction +create trigger build_rbac_system_after_insert_tg + after insert on hs_office.coopsharestransaction for each row -execute procedure insertTriggerForHsOfficeCoopSharesTransaction_tf(); +execute procedure hs_office.coopsharestransaction_build_rbac_system_after_insert_tf(); --// @@ -68,48 +68,48 @@ execute procedure insertTriggerForHsOfficeCoopSharesTransaction_tf(); --changeset InsertTriggerGenerator:hs-office-coopsharestransaction-rbac-GRANTING-INSERT-PERMISSION endDelimiter:--// -- ---------------------------------------------------------------------------- --- granting INSERT permission to hs_office_membership ---------------------------- +-- granting INSERT permission to hs_office.membership ---------------------------- /* - Grants INSERT INTO hs_office_coopsharestransaction permissions to specified role of pre-existing hs_office_membership rows. + Grants INSERT INTO hs_office.coopsharestransaction permissions to specified role of pre-existing hs_office.membership rows. */ do language plpgsql $$ declare - row hs_office_membership; + row hs_office.membership; begin - call base.defineContext('create INSERT INTO hs_office_coopsharestransaction permissions for pre-exising hs_office_membership rows'); + call base.defineContext('create INSERT INTO hs_office.coopsharestransaction permissions for pre-exising hs_office.membership rows'); - FOR row IN SELECT * FROM hs_office_membership + FOR row IN SELECT * FROM hs_office.membership -- unconditional for all rows in that table LOOP call rbac.grantPermissionToRole( - rbac.createPermission(row.uuid, 'INSERT', 'hs_office_coopsharestransaction'), + rbac.createPermission(row.uuid, 'INSERT', 'hs_office.coopsharestransaction'), hsOfficeMembershipADMIN(row)); END LOOP; end; $$; /** - Grants hs_office_coopsharestransaction INSERT permission to specified role of new hs_office_membership rows. + Grants hs_office.coopsharestransaction INSERT permission to specified role of new membership rows. */ -create or replace function new_hsof_coopsharetx_grants_insert_to_hsof_membership_tf() +create or replace function hs_office.new_coopsharetx_grants_insert_to_membership_tf() returns trigger language plpgsql strict as $$ begin -- unconditional for all rows in that table call rbac.grantPermissionToRole( - rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office_coopsharestransaction'), + rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office.coopsharestransaction'), hsOfficeMembershipADMIN(NEW)); -- end. return NEW; end; $$; -- z_... is to put it at the end of after insert triggers, to make sure the roles exist -create trigger z_new_hs_office_coopsharestransaction_grants_after_insert_tg - after insert on hs_office_membership +create trigger z_new_coopsharestransaction_grants_after_insert_tg + after insert on hs_office.membership for each row -execute procedure new_hsof_coopsharetx_grants_insert_to_hsof_membership_tf(); +execute procedure hs_office.new_coopsharetx_grants_insert_to_membership_tf(); -- ============================================================================ @@ -117,27 +117,27 @@ execute procedure new_hsof_coopsharetx_grants_insert_to_hsof_membership_tf(); -- ---------------------------------------------------------------------------- /** - Checks if the user respectively the assumed roles are allowed to insert a row to hs_office_coopsharestransaction. + Checks if the user respectively the assumed roles are allowed to insert a row to hs_office.coopsharestransaction. */ -create or replace function hs_office_coopsharestransaction_insert_permission_check_tf() +create or replace function hs_office.coopsharestransaction_insert_permission_check_tf() returns trigger language plpgsql as $$ declare superObjectUuid uuid; begin -- check INSERT permission via direct foreign key: NEW.membershipUuid - if rbac.hasInsertPermission(NEW.membershipUuid, 'hs_office_coopsharestransaction') then + if rbac.hasInsertPermission(NEW.membershipUuid, 'hs_office.coopsharestransaction') then return NEW; end if; - raise exception '[403] insert into hs_office_coopsharestransaction values(%) not allowed for current subjects % (%)', + raise exception '[403] insert into hs_office.coopsharestransaction values(%) not allowed for current subjects % (%)', NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); end; $$; -create trigger hs_office_coopsharestransaction_insert_permission_check_tg - before insert on hs_office_coopsharestransaction +create trigger coopsharestransaction_insert_permission_check_tg + before insert on hs_office.coopsharestransaction for each row - execute procedure hs_office_coopsharestransaction_insert_permission_check_tf(); + execute procedure hs_office.coopsharestransaction_insert_permission_check_tf(); --// @@ -145,7 +145,7 @@ create trigger hs_office_coopsharestransaction_insert_permission_check_tg --changeset RbacIdentityViewGenerator:hs-office-coopsharestransaction-rbac-IDENTITY-VIEW endDelimiter:--// -- ---------------------------------------------------------------------------- -call rbac.generateRbacIdentityViewFromProjection('hs_office_coopsharestransaction', +call rbac.generateRbacIdentityViewFromProjection('hs_office.coopsharestransaction', $idName$ reference $idName$); @@ -155,7 +155,7 @@ call rbac.generateRbacIdentityViewFromProjection('hs_office_coopsharestransactio -- ============================================================================ --changeset RbacRestrictedViewGenerator:hs-office-coopsharestransaction-rbac-RESTRICTED-VIEW endDelimiter:--// -- ---------------------------------------------------------------------------- -call rbac.generateRbacRestrictedView('hs_office_coopsharestransaction', +call rbac.generateRbacRestrictedView('hs_office.coopsharestransaction', $orderBy$ reference $orderBy$, diff --git a/src/main/resources/db/changelog/5-hs-office/511-coopshares/5116-hs-office-coopshares-migration.sql b/src/main/resources/db/changelog/5-hs-office/511-coopshares/5116-hs-office-coopshares-migration.sql index bd690b3e..40912e0c 100644 --- a/src/main/resources/db/changelog/5-hs-office/511-coopshares/5116-hs-office-coopshares-migration.sql +++ b/src/main/resources/db/changelog/5-hs-office/511-coopshares/5116-hs-office-coopshares-migration.sql @@ -7,9 +7,9 @@ --changeset michael.hoennig:hs-office-coopshares-MIGRATION-mapping endDelimiter:--// -- ---------------------------------------------------------------------------- -CREATE TABLE hs_office_coopsharestransaction_legacy_id +CREATE TABLE hs_office.coopsharestransaction_legacy_id ( - uuid uuid NOT NULL REFERENCES hs_office_coopsharestransaction(uuid), + uuid uuid NOT NULL REFERENCES hs_office.coopsharestransaction(uuid), member_share_id integer NOT NULL ); --// @@ -19,10 +19,10 @@ CREATE TABLE hs_office_coopsharestransaction_legacy_id --changeset michael.hoennig:hs-office-coopshares-MIGRATION-sequence endDelimiter:--// -- ---------------------------------------------------------------------------- -CREATE SEQUENCE IF NOT EXISTS hs_office_coopsharestransaction_legacy_id_seq +CREATE SEQUENCE IF NOT EXISTS hs_office.coopsharestransaction_legacy_id_seq AS integer START 1000000000 - OWNED BY hs_office_coopsharestransaction_legacy_id.member_share_id; + OWNED BY hs_office.coopsharestransaction_legacy_id.member_share_id; --// @@ -30,9 +30,9 @@ CREATE SEQUENCE IF NOT EXISTS hs_office_coopsharestransaction_legacy_id_seq --changeset michael.hoennig:hs-office-coopshares-MIGRATION-default endDelimiter:--// -- ---------------------------------------------------------------------------- -ALTER TABLE hs_office_coopsharestransaction_legacy_id +ALTER TABLE hs_office.coopsharestransaction_legacy_id ALTER COLUMN member_share_id - SET DEFAULT nextVal('hs_office_coopsharestransaction_legacy_id_seq'); + SET DEFAULT nextVal('hs_office.coopsharestransaction_legacy_id_seq'); --/ @@ -41,8 +41,8 @@ ALTER TABLE hs_office_coopsharestransaction_legacy_id -- ---------------------------------------------------------------------------- CALL base.defineContext('schema-migration'); -INSERT INTO hs_office_coopsharestransaction_legacy_id(uuid, member_share_id) - SELECT uuid, nextVal('hs_office_coopsharestransaction_legacy_id_seq') FROM hs_office_coopsharestransaction; +INSERT INTO hs_office.coopsharestransaction_legacy_id(uuid, member_share_id) + SELECT uuid, nextVal('hs_office.coopsharestransaction_legacy_id_seq') FROM hs_office.coopsharestransaction; --/ @@ -58,14 +58,14 @@ begin raise exception 'invalid usage of trigger'; end if; - INSERT INTO hs_office_coopsharestransaction_legacy_id VALUES - (NEW.uuid, nextVal('hs_office_coopsharestransaction_legacy_id_seq')); + INSERT INTO hs_office.coopsharestransaction_legacy_id VALUES + (NEW.uuid, nextVal('hs_office.coopsharestransaction_legacy_id_seq')); return NEW; end; $$; create trigger createCoopSharesLegacyIdMapping - after insert on hs_office_coopsharestransaction + after insert on hs_office.coopsharestransaction for each row execute procedure insertCoopSharesLegacyIdMapping(); --/ @@ -83,14 +83,14 @@ begin raise exception 'invalid usage of trigger'; end if; - DELETE FROM hs_office_coopsharestransaction_legacy_id + DELETE FROM hs_office.coopsharestransaction_legacy_id WHERE uuid = OLD.uuid; return OLD; end; $$; create trigger removeCoopSharesLegacyIdMapping - before delete on hs_office_coopsharestransaction + before delete on hs_office.coopsharestransaction for each row execute procedure deleteCoopSharesLegacyIdMapping(); --/ diff --git a/src/main/resources/db/changelog/5-hs-office/511-coopshares/5118-hs-office-coopshares-test-data.sql b/src/main/resources/db/changelog/5-hs-office/511-coopshares/5118-hs-office-coopshares-test-data.sql index c894b00f..a4c634a7 100644 --- a/src/main/resources/db/changelog/5-hs-office/511-coopshares/5118-hs-office-coopshares-test-data.sql +++ b/src/main/resources/db/changelog/5-hs-office/511-coopshares/5118-hs-office-coopshares-test-data.sql @@ -14,12 +14,12 @@ create or replace procedure createHsOfficeCoopSharesTransactionTestData( ) language plpgsql as $$ declare - membership hs_office_membership; + membership hs_office.membership; subscriptionEntryUuid uuid; begin select m.uuid - from hs_office_membership m - join hs_office_partner p on p.uuid = m.partneruuid + from hs_office.membership m + join hs_office.partner p on p.uuid = m.partneruuid where p.partnerNumber = givenPartnerNumber and m.memberNumberSuffix = givenMemberNumberSuffix into membership; @@ -27,7 +27,7 @@ begin raise notice 'creating test coopSharesTransaction: %', givenPartnerNumber::text || givenMemberNumberSuffix; subscriptionEntryUuid := uuid_generate_v4(); insert - into hs_office_coopsharestransaction(uuid, membershipuuid, transactiontype, valuedate, sharecount, reference, comment, adjustedShareTxUuid) + into hs_office.coopsharestransaction(uuid, membershipuuid, transactiontype, valuedate, sharecount, reference, comment, adjustedShareTxUuid) values (uuid_generate_v4(), membership.uuid, 'SUBSCRIPTION', '2010-03-15', 4, 'ref '||givenPartnerNumber::text || givenMemberNumberSuffix||'-1', 'initial subscription', null), (uuid_generate_v4(), membership.uuid, 'CANCELLATION', '2021-09-01', -2, 'ref '||givenPartnerNumber::text || givenMemberNumberSuffix||'-2', 'cancelling some', null), diff --git a/src/main/resources/db/changelog/5-hs-office/512-coopassets/5120-hs-office-coopassets.sql b/src/main/resources/db/changelog/5-hs-office/512-coopassets/5120-hs-office-coopassets.sql index fa3ddf51..4804f4d7 100644 --- a/src/main/resources/db/changelog/5-hs-office/512-coopassets/5120-hs-office-coopassets.sql +++ b/src/main/resources/db/changelog/5-hs-office/512-coopassets/5120-hs-office-coopassets.sql @@ -15,16 +15,16 @@ CREATE TYPE HsOfficeCoopAssetsTransactionType AS ENUM ('ADJUSTMENT', CREATE CAST (character varying as HsOfficeCoopAssetsTransactionType) WITH INOUT AS IMPLICIT; -create table if not exists hs_office_coopassetstransaction +create table if not exists hs_office.coopassetstransaction ( uuid uuid unique references rbac.object (uuid) initially deferred, version int not null default 0, - membershipUuid uuid not null references hs_office_membership(uuid), + membershipUuid uuid not null references hs_office.membership(uuid), transactionType HsOfficeCoopAssetsTransactionType not null, valueDate date not null, assetValue money not null, reference varchar(48) not null, - adjustedAssetTxUuid uuid unique REFERENCES hs_office_coopassetstransaction(uuid) DEFERRABLE INITIALLY DEFERRED, + adjustedAssetTxUuid uuid unique REFERENCES hs_office.coopassetstransaction(uuid) DEFERRABLE INITIALLY DEFERRED, comment varchar(512) ); --// @@ -34,8 +34,8 @@ create table if not exists hs_office_coopassetstransaction --changeset michael.hoennig:hs-office-coopassets-BUSINESS-RULES endDelimiter:--// -- ---------------------------------------------------------------------------- -alter table hs_office_coopassetstransaction - add constraint hs_office_coopassetstransaction_reverse_entry_missing +alter table hs_office.coopassetstransaction + add constraint reverse_entry_missing check ( transactionType = 'ADJUSTMENT' and adjustedAssetTxUuid is not null or transactionType <> 'ADJUSTMENT' and adjustedAssetTxUuid is null); --// @@ -52,7 +52,7 @@ declare totalAssetValue money; begin select sum(cat.assetValue) - from hs_office_coopassetstransaction cat + from hs_office.coopassetstransaction cat where cat.membershipUuid = forMembershipUuid into currentAssetValue; totalAssetValue := currentAssetValue + newAssetValue; @@ -62,8 +62,8 @@ begin return true; end; $$; -alter table hs_office_coopassetstransaction - add constraint hs_office_coopassets_positive +alter table hs_office.coopassetstransaction + add constraint check_positive_total check ( checkAssetsByMembershipUuid(membershipUuid, assetValue) ); --// @@ -72,5 +72,5 @@ alter table hs_office_coopassetstransaction --changeset michael.hoennig:hs-office-coopassets-MAIN-TABLE-JOURNAL endDelimiter:--// -- ---------------------------------------------------------------------------- -call base.create_journal('hs_office_coopassetstransaction'); +call base.create_journal('hs_office.coopassetstransaction'); --// diff --git a/src/main/resources/db/changelog/5-hs-office/512-coopassets/5123-hs-office-coopassets-rbac.sql b/src/main/resources/db/changelog/5-hs-office/512-coopassets/5123-hs-office-coopassets-rbac.sql index 52b39ae3..d7dbc2b5 100644 --- a/src/main/resources/db/changelog/5-hs-office/512-coopassets/5123-hs-office-coopassets-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/512-coopassets/5123-hs-office-coopassets-rbac.sql @@ -5,14 +5,14 @@ -- ============================================================================ --changeset RbacObjectGenerator:hs-office-coopassetstransaction-rbac-OBJECT endDelimiter:--// -- ---------------------------------------------------------------------------- -call rbac.generateRelatedRbacObject('hs_office_coopassetstransaction'); +call rbac.generateRelatedRbacObject('hs_office.coopassetstransaction'); --// -- ============================================================================ --changeset RbacRoleDescriptorsGenerator:hs-office-coopassetstransaction-rbac-ROLE-DESCRIPTORS endDelimiter:--// -- ---------------------------------------------------------------------------- -call rbac.generateRbacRoleDescriptors('hsOfficeCoopAssetsTransaction', 'hs_office_coopassetstransaction'); +call rbac.generateRbacRoleDescriptors('hsOfficeCoopAssetsTransaction', 'hs_office.coopassetstransaction'); --// @@ -24,18 +24,18 @@ call rbac.generateRbacRoleDescriptors('hsOfficeCoopAssetsTransaction', 'hs_offic Creates the roles, grants and permission for the AFTER INSERT TRIGGER. */ -create or replace procedure buildRbacSystemForHsOfficeCoopAssetsTransaction( - NEW hs_office_coopassetstransaction +create or replace procedure hs_office.coopassetstransaction_build_rbac_system( + NEW hs_office.coopassetstransaction ) language plpgsql as $$ declare - newMembership hs_office_membership; + newMembership hs_office.membership; begin call rbac.enterTriggerForObjectUuid(NEW.uuid); - SELECT * FROM hs_office_membership WHERE uuid = NEW.membershipUuid INTO newMembership; + SELECT * FROM hs_office.membership WHERE uuid = NEW.membershipUuid INTO newMembership; assert newMembership.uuid is not null, format('newMembership must not be null for NEW.membershipUuid = %s', NEW.membershipUuid); call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'SELECT'), hsOfficeMembershipAGENT(newMembership)); @@ -45,22 +45,22 @@ begin end; $$; /* - AFTER INSERT TRIGGER to create the role+grant structure for a new hs_office_coopassetstransaction row. + AFTER INSERT TRIGGER to create the role+grant structure for a new hs_office.coopassetstransaction row. */ -create or replace function insertTriggerForHsOfficeCoopAssetsTransaction_tf() +create or replace function hs_office.coopassetstransaction_build_rbac_system_after_insert_tf() returns trigger language plpgsql strict as $$ begin - call buildRbacSystemForHsOfficeCoopAssetsTransaction(NEW); + call hs_office.coopassetstransaction_build_rbac_system(NEW); return NEW; end; $$; -create trigger insertTriggerForHsOfficeCoopAssetsTransaction_tg - after insert on hs_office_coopassetstransaction +create trigger build_rbac_system_after_insert_tg + after insert on hs_office.coopassetstransaction for each row -execute procedure insertTriggerForHsOfficeCoopAssetsTransaction_tf(); +execute procedure hs_office.coopassetstransaction_build_rbac_system_after_insert_tf(); --// @@ -68,48 +68,48 @@ execute procedure insertTriggerForHsOfficeCoopAssetsTransaction_tf(); --changeset InsertTriggerGenerator:hs-office-coopassetstransaction-rbac-GRANTING-INSERT-PERMISSION endDelimiter:--// -- ---------------------------------------------------------------------------- --- granting INSERT permission to hs_office_membership ---------------------------- +-- granting INSERT permission to hs_office.membership ---------------------------- /* - Grants INSERT INTO hs_office_coopassetstransaction permissions to specified role of pre-existing hs_office_membership rows. + Grants INSERT INTO hs_office.coopassetstransaction permissions to specified role of pre-existing hs_office.membership rows. */ do language plpgsql $$ declare - row hs_office_membership; + row hs_office.membership; begin - call base.defineContext('create INSERT INTO hs_office_coopassetstransaction permissions for pre-exising hs_office_membership rows'); + call base.defineContext('create INSERT INTO hs_office.coopassetstransaction permissions for pre-exising hs_office.membership rows'); - FOR row IN SELECT * FROM hs_office_membership + FOR row IN SELECT * FROM hs_office.membership -- unconditional for all rows in that table LOOP call rbac.grantPermissionToRole( - rbac.createPermission(row.uuid, 'INSERT', 'hs_office_coopassetstransaction'), + rbac.createPermission(row.uuid, 'INSERT', 'hs_office.coopassetstransaction'), hsOfficeMembershipADMIN(row)); END LOOP; end; $$; /** - Grants hs_office_coopassetstransaction INSERT permission to specified role of new hs_office_membership rows. + Grants hs_office.coopassetstransaction INSERT permission to specified role of new membership rows. */ -create or replace function new_hsof_coopassettx_grants_insert_to_hsof_membership_tf() +create or replace function hs_office.new_coopassettx_grants_insert_to_membership_tf() returns trigger language plpgsql strict as $$ begin -- unconditional for all rows in that table call rbac.grantPermissionToRole( - rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office_coopassetstransaction'), + rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office.coopassetstransaction'), hsOfficeMembershipADMIN(NEW)); -- end. return NEW; end; $$; -- z_... is to put it at the end of after insert triggers, to make sure the roles exist -create trigger z_new_hs_office_coopassetstransaction_grants_after_insert_tg - after insert on hs_office_membership +create trigger z_new_coopassetstransaction_grants_after_insert_tg + after insert on hs_office.membership for each row -execute procedure new_hsof_coopassettx_grants_insert_to_hsof_membership_tf(); +execute procedure hs_office.new_coopassettx_grants_insert_to_membership_tf(); -- ============================================================================ @@ -117,27 +117,27 @@ execute procedure new_hsof_coopassettx_grants_insert_to_hsof_membership_tf(); -- ---------------------------------------------------------------------------- /** - Checks if the user respectively the assumed roles are allowed to insert a row to hs_office_coopassetstransaction. + Checks if the user respectively the assumed roles are allowed to insert a row to hs_office.coopassetstransaction. */ -create or replace function hs_office_coopassetstransaction_insert_permission_check_tf() +create or replace function hs_office.coopassetstransaction_insert_permission_check_tf() returns trigger language plpgsql as $$ declare superObjectUuid uuid; begin -- check INSERT permission via direct foreign key: NEW.membershipUuid - if rbac.hasInsertPermission(NEW.membershipUuid, 'hs_office_coopassetstransaction') then + if rbac.hasInsertPermission(NEW.membershipUuid, 'hs_office.coopassetstransaction') then return NEW; end if; - raise exception '[403] insert into hs_office_coopassetstransaction values(%) not allowed for current subjects % (%)', + raise exception '[403] insert into hs_office.coopassetstransaction values(%) not allowed for current subjects % (%)', NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); end; $$; -create trigger hs_office_coopassetstransaction_insert_permission_check_tg - before insert on hs_office_coopassetstransaction +create trigger coopassetstransaction_insert_permission_check_tg + before insert on hs_office.coopassetstransaction for each row - execute procedure hs_office_coopassetstransaction_insert_permission_check_tf(); + execute procedure hs_office.coopassetstransaction_insert_permission_check_tf(); --// @@ -145,7 +145,7 @@ create trigger hs_office_coopassetstransaction_insert_permission_check_tg --changeset RbacIdentityViewGenerator:hs-office-coopassetstransaction-rbac-IDENTITY-VIEW endDelimiter:--// -- ---------------------------------------------------------------------------- -call rbac.generateRbacIdentityViewFromProjection('hs_office_coopassetstransaction', +call rbac.generateRbacIdentityViewFromProjection('hs_office.coopassetstransaction', $idName$ reference $idName$); @@ -155,7 +155,7 @@ call rbac.generateRbacIdentityViewFromProjection('hs_office_coopassetstransactio -- ============================================================================ --changeset RbacRestrictedViewGenerator:hs-office-coopassetstransaction-rbac-RESTRICTED-VIEW endDelimiter:--// -- ---------------------------------------------------------------------------- -call rbac.generateRbacRestrictedView('hs_office_coopassetstransaction', +call rbac.generateRbacRestrictedView('hs_office.coopassetstransaction', $orderBy$ reference $orderBy$, diff --git a/src/main/resources/db/changelog/5-hs-office/512-coopassets/5126-hs-office-coopassets-migration.sql b/src/main/resources/db/changelog/5-hs-office/512-coopassets/5126-hs-office-coopassets-migration.sql index f506e855..3919b13c 100644 --- a/src/main/resources/db/changelog/5-hs-office/512-coopassets/5126-hs-office-coopassets-migration.sql +++ b/src/main/resources/db/changelog/5-hs-office/512-coopassets/5126-hs-office-coopassets-migration.sql @@ -7,9 +7,9 @@ --changeset michael.hoennig:hs-office-coopassets-MIGRATION-mapping endDelimiter:--// -- ---------------------------------------------------------------------------- -CREATE TABLE hs_office_coopassetstransaction_legacy_id +CREATE TABLE hs_office.coopassetstransaction_legacy_id ( - uuid uuid NOT NULL REFERENCES hs_office_coopassetstransaction(uuid), + uuid uuid NOT NULL REFERENCES hs_office.coopassetstransaction(uuid), member_asset_id integer NOT NULL ); --// @@ -19,10 +19,10 @@ CREATE TABLE hs_office_coopassetstransaction_legacy_id --changeset michael.hoennig:hs-office-coopassets-MIGRATION-sequence endDelimiter:--// -- ---------------------------------------------------------------------------- -CREATE SEQUENCE IF NOT EXISTS hs_office_coopassetstransaction_legacy_id_seq +CREATE SEQUENCE IF NOT EXISTS hs_office.coopassetstransaction_legacy_id_seq AS integer START 1000000000 - OWNED BY hs_office_coopassetstransaction_legacy_id.member_asset_id; + OWNED BY hs_office.coopassetstransaction_legacy_id.member_asset_id; --// @@ -30,9 +30,9 @@ CREATE SEQUENCE IF NOT EXISTS hs_office_coopassetstransaction_legacy_id_seq --changeset michael.hoennig:hs-office-coopassets-MIGRATION-default endDelimiter:--// -- ---------------------------------------------------------------------------- -ALTER TABLE hs_office_coopassetstransaction_legacy_id +ALTER TABLE hs_office.coopassetstransaction_legacy_id ALTER COLUMN member_asset_id - SET DEFAULT nextVal('hs_office_coopassetstransaction_legacy_id_seq'); + SET DEFAULT nextVal('hs_office.coopassetstransaction_legacy_id_seq'); --/ @@ -41,8 +41,8 @@ ALTER TABLE hs_office_coopassetstransaction_legacy_id -- ---------------------------------------------------------------------------- CALL base.defineContext('schema-migration'); -INSERT INTO hs_office_coopassetstransaction_legacy_id(uuid, member_asset_id) - SELECT uuid, nextVal('hs_office_coopassetstransaction_legacy_id_seq') FROM hs_office_coopassetstransaction; +INSERT INTO hs_office.coopassetstransaction_legacy_id(uuid, member_asset_id) + SELECT uuid, nextVal('hs_office.coopassetstransaction_legacy_id_seq') FROM hs_office.coopassetstransaction; --/ @@ -58,14 +58,14 @@ begin raise exception 'invalid usage of trigger'; end if; - INSERT INTO hs_office_coopassetstransaction_legacy_id VALUES - (NEW.uuid, nextVal('hs_office_coopassetstransaction_legacy_id_seq')); + INSERT INTO hs_office.coopassetstransaction_legacy_id VALUES + (NEW.uuid, nextVal('hs_office.coopassetstransaction_legacy_id_seq')); return NEW; end; $$; create trigger createCoopAssetsLegacyIdMapping - after insert on hs_office_coopassetstransaction + after insert on hs_office.coopassetstransaction for each row execute procedure insertCoopAssetsLegacyIdMapping(); --/ @@ -83,14 +83,14 @@ begin raise exception 'invalid usage of trigger'; end if; - DELETE FROM hs_office_coopassetstransaction_legacy_id + DELETE FROM hs_office.coopassetstransaction_legacy_id WHERE uuid = OLD.uuid; return OLD; end; $$; create trigger removeCoopAssetsLegacyIdMapping - before delete on hs_office_coopassetstransaction + before delete on hs_office.coopassetstransaction for each row execute procedure deleteCoopAssetsLegacyIdMapping(); --/ diff --git a/src/main/resources/db/changelog/5-hs-office/512-coopassets/5128-hs-office-coopassets-test-data.sql b/src/main/resources/db/changelog/5-hs-office/512-coopassets/5128-hs-office-coopassets-test-data.sql index b2d9c27d..21a4ef82 100644 --- a/src/main/resources/db/changelog/5-hs-office/512-coopassets/5128-hs-office-coopassets-test-data.sql +++ b/src/main/resources/db/changelog/5-hs-office/512-coopassets/5128-hs-office-coopassets-test-data.sql @@ -14,12 +14,12 @@ create or replace procedure createHsOfficeCoopAssetsTransactionTestData( ) language plpgsql as $$ declare - membership hs_office_membership; + membership hs_office.membership; lossEntryUuid uuid; begin select m.uuid - from hs_office_membership m - join hs_office_partner p on p.uuid = m.partneruuid + from hs_office.membership m + join hs_office.partner p on p.uuid = m.partneruuid where p.partnerNumber = givenPartnerNumber and m.memberNumberSuffix = givenMemberNumberSuffix into membership; @@ -27,7 +27,7 @@ begin raise notice 'creating test coopAssetsTransaction: %', givenPartnerNumber || givenMemberNumberSuffix; lossEntryUuid := uuid_generate_v4(); insert - into hs_office_coopassetstransaction(uuid, membershipuuid, transactiontype, valuedate, assetvalue, reference, comment, adjustedAssetTxUuid) + into hs_office.coopassetstransaction(uuid, membershipuuid, transactiontype, valuedate, assetvalue, reference, comment, adjustedAssetTxUuid) values (uuid_generate_v4(), membership.uuid, 'DEPOSIT', '2010-03-15', 320.00, 'ref '||givenPartnerNumber || givenMemberNumberSuffix||'-1', 'initial deposit', null), (uuid_generate_v4(), membership.uuid, 'DISBURSAL', '2021-09-01', -128.00, 'ref '||givenPartnerNumber || givenMemberNumberSuffix||'-2', 'partial disbursal', null), diff --git a/src/main/resources/db/changelog/6-hs-booking/610-booking-debitor/6100-hs-booking-debitor.sql b/src/main/resources/db/changelog/6-hs-booking/610-booking-debitor/6100-hs-booking-debitor.sql index a610023c..f3e0b612 100644 --- a/src/main/resources/db/changelog/6-hs-booking/610-booking-debitor/6100-hs-booking-debitor.sql +++ b/src/main/resources/db/changelog/6-hs-booking/610-booking-debitor/6100-hs-booking-debitor.sql @@ -9,9 +9,9 @@ create view hs_booking_debitor_xv as debitor.version, (partner.partnerNumber::varchar || debitor.debitorNumberSuffix)::numeric as debitorNumber, debitor.defaultPrefix - from hs_office_debitor debitor + from hs_office.debitor debitor -- RBAC for debitor is sufficient, for faster access we are bypassing RBAC for the join tables - join hs_office_relation debitorRel on debitor.debitorReluUid=debitorRel.uuid - join hs_office_relation partnerRel on partnerRel.holderUuid=debitorRel.anchorUuid - join hs_office_partner partner on partner.partnerReluUid=partnerRel.uuid; + join hs_office.relation debitorRel on debitor.debitorReluUid=debitorRel.uuid + join hs_office.relation partnerRel on partnerRel.holderUuid=debitorRel.anchorUuid + join hs_office.partner partner on partner.partnerReluUid=partnerRel.uuid; --// diff --git a/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6200-hs-booking-project.sql b/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6200-hs-booking-project.sql index a0250fc4..70724958 100644 --- a/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6200-hs-booking-project.sql +++ b/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6200-hs-booking-project.sql @@ -8,7 +8,7 @@ create table if not exists hs_booking_project ( uuid uuid unique references rbac.object (uuid), version int not null default 0, - debitorUuid uuid not null references hs_office_debitor(uuid), + debitorUuid uuid not null references hs_office.debitor(uuid), caption varchar(80) not null ); --// diff --git a/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6203-hs-booking-project-rbac.sql b/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6203-hs-booking-project-rbac.sql index 0f0098f7..053c0f86 100644 --- a/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6203-hs-booking-project-rbac.sql +++ b/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6203-hs-booking-project-rbac.sql @@ -3,45 +3,45 @@ -- ============================================================================ ---changeset michael.hoennig:hs-booking-project-rbac-OBJECT endDelimiter:--// +--changeset RbacObjectGenerator:hs-booking-project-rbac-OBJECT endDelimiter:--// -- ---------------------------------------------------------------------------- call rbac.generateRelatedRbacObject('hs_booking_project'); --// -- ============================================================================ ---changeset michael.hoennig:hs-booking-project-rbac-ROLE-DESCRIPTORS endDelimiter:--// +--changeset RbacRoleDescriptorsGenerator:hs-booking-project-rbac-ROLE-DESCRIPTORS endDelimiter:--// -- ---------------------------------------------------------------------------- call rbac.generateRbacRoleDescriptors('hsBookingProject', 'hs_booking_project'); --// -- ============================================================================ ---changeset michael.hoennig:hs-booking-project-rbac-insert-trigger endDelimiter:--// +--changeset RolesGrantsAndPermissionsGenerator:hs-booking-project-rbac-insert-trigger endDelimiter:--// -- ---------------------------------------------------------------------------- /* Creates the roles, grants and permission for the AFTER INSERT TRIGGER. */ -create or replace procedure buildRbacSystemForHsBookingProject( +create or replace procedure hs_booking_project_build_rbac_system( NEW hs_booking_project ) language plpgsql as $$ declare - newDebitor hs_office_debitor; - newDebitorRel hs_office_relation; + newDebitor hs_office.debitor; + newDebitorRel hs_office.relation; begin call rbac.enterTriggerForObjectUuid(NEW.uuid); - SELECT * FROM hs_office_debitor WHERE uuid = NEW.debitorUuid INTO newDebitor; + SELECT * FROM hs_office.debitor WHERE uuid = NEW.debitorUuid INTO newDebitor; assert newDebitor.uuid is not null, format('newDebitor must not be null for NEW.debitorUuid = %s', NEW.debitorUuid); SELECT debitorRel.* - FROM hs_office_relation debitorRel - JOIN hs_office_debitor debitor ON debitor.debitorRelUuid = debitorRel.uuid + FROM hs_office.relation debitorRel + JOIN hs_office.debitor debitor ON debitor.debitorRelUuid = debitorRel.uuid WHERE debitor.uuid = NEW.debitorUuid INTO newDebitorRel; assert newDebitorRel.uuid is not null, format('newDebitorRel must not be null for NEW.debitorUuid = %s', NEW.debitorUuid); @@ -79,38 +79,38 @@ end; $$; AFTER INSERT TRIGGER to create the role+grant structure for a new hs_booking_project row. */ -create or replace function insertTriggerForHsBookingProject_tf() +create or replace function hs_booking_project_build_rbac_system_after_insert_tf() returns trigger language plpgsql strict as $$ begin - call buildRbacSystemForHsBookingProject(NEW); + call hs_booking_project_build_rbac_system(NEW); return NEW; end; $$; -create trigger insertTriggerForHsBookingProject_tg +create trigger build_rbac_system_after_insert_tg after insert on hs_booking_project for each row -execute procedure insertTriggerForHsBookingProject_tf(); +execute procedure hs_booking_project_build_rbac_system_after_insert_tf(); --// -- ============================================================================ ---changeset michael.hoennig:hs-booking-project-rbac-GRANTING-INSERT-PERMISSION endDelimiter:--// +--changeset InsertTriggerGenerator:hs-booking-project-rbac-GRANTING-INSERT-PERMISSION endDelimiter:--// -- ---------------------------------------------------------------------------- --- granting INSERT permission to hs_office_relation ---------------------------- +-- granting INSERT permission to hs_office.relation ---------------------------- /* - Grants INSERT INTO hs_booking_project permissions to specified role of pre-existing hs_office_relation rows. + Grants INSERT INTO hs_booking_project permissions to specified role of pre-existing hs_office.relation rows. */ do language plpgsql $$ declare - row hs_office_relation; + row hs_office.relation; begin - call base.defineContext('create INSERT INTO hs_booking_project permissions for pre-exising hs_office_relation rows'); + call base.defineContext('create INSERT INTO hs_booking_project permissions for pre-exising hs_office.relation rows'); - FOR row IN SELECT * FROM hs_office_relation + FOR row IN SELECT * FROM hs_office.relation WHERE type = 'DEBITOR' LOOP call rbac.grantPermissionToRole( @@ -121,9 +121,9 @@ do language plpgsql $$ $$; /** - Grants hs_booking_project INSERT permission to specified role of new hs_office_relation rows. + Grants hs_booking_project INSERT permission to specified role of new relation rows. */ -create or replace function new_hs_booking_project_grants_insert_to_hs_office_relation_tf() +create or replace function new_hsbk_project_grants_insert_to_relation_tf() returns trigger language plpgsql strict as $$ @@ -137,14 +137,14 @@ begin end; $$; -- z_... is to put it at the end of after insert triggers, to make sure the roles exist -create trigger z_new_hs_booking_project_grants_insert_to_hs_office_relation_tg - after insert on hs_office_relation +create trigger z_new_hs_booking_project_grants_after_insert_tg + after insert on hs_office.relation for each row -execute procedure new_hs_booking_project_grants_insert_to_hs_office_relation_tf(); +execute procedure new_hsbk_project_grants_insert_to_relation_tf(); -- ============================================================================ ---changeset michael.hoennig:hs_booking_project-rbac-CHECKING-INSERT-PERMISSION endDelimiter:--// +--changeset InsertTriggerGenerator:hs-booking-project-rbac-CHECKING-INSERT-PERMISSION endDelimiter:--// -- ---------------------------------------------------------------------------- /** @@ -158,8 +158,8 @@ declare begin -- check INSERT permission via indirect foreign key: NEW.debitorUuid superObjectUuid := (SELECT debitorRel.uuid - FROM hs_office_relation debitorRel - JOIN hs_office_debitor debitor ON debitor.debitorRelUuid = debitorRel.uuid + FROM hs_office.relation debitorRel + JOIN hs_office.debitor debitor ON debitor.debitorRelUuid = debitorRel.uuid WHERE debitor.uuid = NEW.debitorUuid ); assert superObjectUuid is not null, 'object uuid fetched depending on hs_booking_project.debitorUuid must not be null, also check fetchSql in RBAC DSL'; @@ -179,20 +179,20 @@ create trigger hs_booking_project_insert_permission_check_tg -- ============================================================================ ---changeset michael.hoennig:hs-booking-project-rbac-IDENTITY-VIEW endDelimiter:--// +--changeset RbacIdentityViewGenerator:hs-booking-project-rbac-IDENTITY-VIEW endDelimiter:--// -- ---------------------------------------------------------------------------- call rbac.generateRbacIdentityViewFromQuery('hs_booking_project', $idName$ SELECT bookingProject.uuid as uuid, debitorIV.idName || '-' || base.cleanIdentifier(bookingProject.caption) as idName FROM hs_booking_project bookingProject - JOIN hs_office_debitor_iv debitorIV ON debitorIV.uuid = bookingProject.debitorUuid + JOIN hs_office.debitor_iv debitorIV ON debitorIV.uuid = bookingProject.debitorUuid $idName$); --// -- ============================================================================ ---changeset michael.hoennig:hs-booking-project-rbac-RESTRICTED-VIEW endDelimiter:--// +--changeset RbacRestrictedViewGenerator:hs-booking-project-rbac-RESTRICTED-VIEW endDelimiter:--// -- ---------------------------------------------------------------------------- call rbac.generateRbacRestrictedView('hs_booking_project', $orderBy$ diff --git a/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6208-hs-booking-project-test-data.sql b/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6208-hs-booking-project-test-data.sql index 7275ce2c..60871add 100644 --- a/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6208-hs-booking-project-test-data.sql +++ b/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6208-hs-booking-project-test-data.sql @@ -14,14 +14,14 @@ create or replace procedure createHsBookingProjectTransactionTestData( ) language plpgsql as $$ declare - relatedDebitor hs_office_debitor; + relatedDebitor hs_office.debitor; begin select debitor.* into relatedDebitor - from hs_office_debitor debitor - join hs_office_relation debitorRel on debitorRel.uuid = debitor.debitorRelUuid - join hs_office_relation partnerRel on partnerRel.holderUuid = debitorRel.anchorUuid - join hs_office_partner partner on partner.partnerRelUuid = partnerRel.uuid + from hs_office.debitor debitor + join hs_office.relation debitorRel on debitorRel.uuid = debitor.debitorRelUuid + join hs_office.relation partnerRel on partnerRel.holderUuid = debitorRel.anchorUuid + join hs_office.partner partner on partner.partnerRelUuid = partnerRel.uuid where partner.partnerNumber = givenPartnerNumber and debitor.debitorNumberSuffix = givenDebitorSuffix; raise notice 'creating test booking-project: %', givenDebitorSuffix::text; diff --git a/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6303-hs-booking-item-rbac.sql b/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6303-hs-booking-item-rbac.sql index dd0ea486..a27e0f8a 100644 --- a/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6303-hs-booking-item-rbac.sql +++ b/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6303-hs-booking-item-rbac.sql @@ -3,28 +3,28 @@ -- ============================================================================ ---changeset michael.hoennig:hs-booking-item-rbac-OBJECT endDelimiter:--// +--changeset RbacObjectGenerator:hs-booking-item-rbac-OBJECT endDelimiter:--// -- ---------------------------------------------------------------------------- call rbac.generateRelatedRbacObject('hs_booking_item'); --// -- ============================================================================ ---changeset michael.hoennig:hs-booking-item-rbac-ROLE-DESCRIPTORS endDelimiter:--// +--changeset RbacRoleDescriptorsGenerator:hs-booking-item-rbac-ROLE-DESCRIPTORS endDelimiter:--// -- ---------------------------------------------------------------------------- call rbac.generateRbacRoleDescriptors('hsBookingItem', 'hs_booking_item'); --// -- ============================================================================ ---changeset michael.hoennig:hs-booking-item-rbac-insert-trigger endDelimiter:--// +--changeset RolesGrantsAndPermissionsGenerator:hs-booking-item-rbac-insert-trigger endDelimiter:--// -- ---------------------------------------------------------------------------- /* Creates the roles, grants and permission for the AFTER INSERT TRIGGER. */ -create or replace procedure buildRbacSystemForHsBookingItem( +create or replace procedure hs_booking_item_build_rbac_system( NEW hs_booking_item ) language plpgsql as $$ @@ -78,34 +78,34 @@ end; $$; AFTER INSERT TRIGGER to create the role+grant structure for a new hs_booking_item row. */ -create or replace function insertTriggerForHsBookingItem_tf() +create or replace function hs_booking_item_build_rbac_system_after_insert_tf() returns trigger language plpgsql strict as $$ begin - call buildRbacSystemForHsBookingItem(NEW); + call hs_booking_item_build_rbac_system(NEW); return NEW; end; $$; -create trigger insertTriggerForHsBookingItem_tg +create trigger build_rbac_system_after_insert_tg after insert on hs_booking_item for each row -execute procedure insertTriggerForHsBookingItem_tf(); +execute procedure hs_booking_item_build_rbac_system_after_insert_tf(); --// -- ============================================================================ ---changeset michael.hoennig:hs-booking-item-rbac-GRANTING-INSERT-PERMISSION endDelimiter:--// +--changeset InsertTriggerGenerator:hs-booking-item-rbac-GRANTING-INSERT-PERMISSION endDelimiter:--// -- ---------------------------------------------------------------------------- --- granting INSERT permission to global ---------------------------- +-- granting INSERT permission to rbac.global ---------------------------- /* - Grants INSERT INTO hs_booking_item permissions to specified role of pre-existing global rows. + Grants INSERT INTO hs_booking_item permissions to specified role of pre-existing rbac.global rows. */ do language plpgsql $$ declare - row rbac.global%ROWTYPE; + row rbac.global; begin call base.defineContext('create INSERT INTO hs_booking_item permissions for pre-exising rbac.global rows'); @@ -114,15 +114,15 @@ do language plpgsql $$ LOOP call rbac.grantPermissionToRole( rbac.createPermission(row.uuid, 'INSERT', 'hs_booking_item'), - rbac.globalAdmin()); + rbac.globalADMIN()); END LOOP; end; $$; /** - Grants hs_booking_item INSERT permission to specified role of new rbac.global rows. + Grants hs_booking_item INSERT permission to specified role of new global rows. */ -create or replace function new_hs_booking_item_grants_insert_to_global_tf() +create or replace function new_hsbk_item_grants_insert_to_global_tf() returns trigger language plpgsql strict as $$ @@ -130,16 +130,16 @@ begin -- unconditional for all rows in that table call rbac.grantPermissionToRole( rbac.createPermission(NEW.uuid, 'INSERT', 'hs_booking_item'), - rbac.globalAdmin()); + rbac.globalADMIN()); -- end. return NEW; end; $$; -- z_... is to put it at the end of after insert triggers, to make sure the roles exist -create trigger z_new_hs_booking_item_grants_insert_to_global_tg +create trigger z_new_hs_booking_item_grants_after_insert_tg after insert on rbac.global for each row -execute procedure new_hs_booking_item_grants_insert_to_global_tf(); +execute procedure new_hsbk_item_grants_insert_to_global_tf(); -- granting INSERT permission to hs_booking_project ---------------------------- @@ -165,7 +165,7 @@ $$; /** Grants hs_booking_item INSERT permission to specified role of new hs_booking_project rows. */ -create or replace function new_hs_booking_item_grants_insert_to_hs_booking_project_tf() +create or replace function new_hsbk_item_grants_insert_to_hsbk_project_tf() returns trigger language plpgsql strict as $$ @@ -179,10 +179,10 @@ begin end; $$; -- z_... is to put it at the end of after insert triggers, to make sure the roles exist -create trigger z_new_hs_booking_item_grants_insert_to_hs_booking_project_tg +create trigger z_new_hs_booking_item_grants_after_insert_tg after insert on hs_booking_project for each row -execute procedure new_hs_booking_item_grants_insert_to_hs_booking_project_tf(); +execute procedure new_hsbk_item_grants_insert_to_hsbk_project_tf(); -- granting INSERT permission to hs_booking_item ---------------------------- @@ -192,7 +192,7 @@ execute procedure new_hs_booking_item_grants_insert_to_hs_booking_project_tf(); /** Grants hs_booking_item INSERT permission to specified role of new hs_booking_item rows. */ -create or replace function new_hs_booking_item_grants_insert_to_hs_booking_item_tf() +create or replace function new_hsbk_item_grants_insert_to_hsbk_item_tf() returns trigger language plpgsql strict as $$ @@ -206,14 +206,14 @@ begin end; $$; -- z_... is to put it at the end of after insert triggers, to make sure the roles exist -create trigger z_new_hs_booking_item_grants_insert_to_hs_booking_item_tg +create trigger z_new_hs_booking_item_grants_after_insert_tg after insert on hs_booking_item for each row -execute procedure new_hs_booking_item_grants_insert_to_hs_booking_item_tf(); +execute procedure new_hsbk_item_grants_insert_to_hsbk_item_tf(); -- ============================================================================ ---changeset michael.hoennig:hs_booking_item-rbac-CHECKING-INSERT-PERMISSION endDelimiter:--// +--changeset InsertTriggerGenerator:hs-booking-item-rbac-CHECKING-INSERT-PERMISSION endDelimiter:--// -- ---------------------------------------------------------------------------- /** @@ -225,7 +225,7 @@ create or replace function hs_booking_item_insert_permission_check_tf() declare superObjectUuid uuid; begin - -- check INSERT INSERT if rbac.Global ADMIN + -- check INSERT permission if rbac.global ADMIN if rbac.isGlobalAdmin() then return NEW; end if; @@ -250,7 +250,7 @@ create trigger hs_booking_item_insert_permission_check_tg -- ============================================================================ ---changeset michael.hoennig:hs-booking-item-rbac-IDENTITY-VIEW endDelimiter:--// +--changeset RbacIdentityViewGenerator:hs-booking-item-rbac-IDENTITY-VIEW endDelimiter:--// -- ---------------------------------------------------------------------------- call rbac.generateRbacIdentityViewFromProjection('hs_booking_item', @@ -261,7 +261,7 @@ call rbac.generateRbacIdentityViewFromProjection('hs_booking_item', -- ============================================================================ ---changeset michael.hoennig:hs-booking-item-rbac-RESTRICTED-VIEW endDelimiter:--// +--changeset RbacRestrictedViewGenerator:hs-booking-item-rbac-RESTRICTED-VIEW endDelimiter:--// -- ---------------------------------------------------------------------------- call rbac.generateRbacRestrictedView('hs_booking_item', $orderBy$ diff --git a/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7010-hs-hosting-asset.sql b/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7010-hs-hosting-asset.sql index 0bec8667..aef12936 100644 --- a/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7010-hs-hosting-asset.sql +++ b/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7010-hs-hosting-asset.sql @@ -39,7 +39,7 @@ create table if not exists hs_hosting_asset identifier varchar(80) not null, caption varchar(80), config jsonb not null, - alarmContactUuid uuid null references hs_office_contact(uuid) initially deferred, + alarmContactUuid uuid null references hs_office.contact(uuid) initially deferred, constraint chk_hs_hosting_asset_has_booking_item_or_parent_asset check (bookingItemUuid is not null or parentAssetUuid is not null or type in ('DOMAIN_SETUP', 'IPV4_NUMBER', 'IPV6_NUMBER')) diff --git a/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7013-hs-hosting-asset-rbac.sql b/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7013-hs-hosting-asset-rbac.sql index 3bfd9df8..7050afd3 100644 --- a/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7013-hs-hosting-asset-rbac.sql +++ b/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7013-hs-hosting-asset-rbac.sql @@ -3,28 +3,28 @@ -- ============================================================================ ---changeset michael.hoennig:hs-hosting-asset-rbac-OBJECT endDelimiter:--// +--changeset RbacObjectGenerator:hs-hosting-asset-rbac-OBJECT endDelimiter:--// -- ---------------------------------------------------------------------------- call rbac.generateRelatedRbacObject('hs_hosting_asset'); --// -- ============================================================================ ---changeset michael.hoennig:hs-hosting-asset-rbac-ROLE-DESCRIPTORS endDelimiter:--// +--changeset RbacRoleDescriptorsGenerator:hs-hosting-asset-rbac-ROLE-DESCRIPTORS endDelimiter:--// -- ---------------------------------------------------------------------------- call rbac.generateRbacRoleDescriptors('hsHostingAsset', 'hs_hosting_asset'); --// -- ============================================================================ ---changeset michael.hoennig:hs-hosting-asset-rbac-insert-trigger endDelimiter:--// +--changeset RolesGrantsAndPermissionsGenerator:hs-hosting-asset-rbac-insert-trigger endDelimiter:--// -- ---------------------------------------------------------------------------- /* Creates the roles, grants and permission for the AFTER INSERT TRIGGER. */ -create or replace procedure buildRbacSystemForHsHostingAsset( +create or replace procedure hs_hosting_asset_build_rbac_system( NEW hs_hosting_asset ) language plpgsql as $$ @@ -32,7 +32,7 @@ create or replace procedure buildRbacSystemForHsHostingAsset( declare newBookingItem hs_booking_item; newAssignedToAsset hs_hosting_asset; - newAlarmContact hs_office_contact; + newAlarmContact hs_office.contact; newParentAsset hs_hosting_asset; begin @@ -42,7 +42,7 @@ begin SELECT * FROM hs_hosting_asset WHERE uuid = NEW.assignedToAssetUuid INTO newAssignedToAsset; - SELECT * FROM hs_office_contact WHERE uuid = NEW.alarmContactUuid INTO newAlarmContact; + SELECT * FROM hs_office.contact WHERE uuid = NEW.alarmContactUuid INTO newAlarmContact; SELECT * FROM hs_hosting_asset WHERE uuid = NEW.parentAssetUuid INTO newParentAsset; @@ -50,9 +50,9 @@ begin hsHostingAssetOWNER(NEW), permissions => array['DELETE'], incomingSuperRoles => array[ - rbac.globalADMIN(rbac.unassumed()), hsBookingItemADMIN(newBookingItem), - hsHostingAssetADMIN(newParentAsset)], + hsHostingAssetADMIN(newParentAsset), + rbac.globalADMIN(rbac.unassumed())], subjectUuids => array[rbac.currentSubjectUuid()] ); @@ -96,31 +96,31 @@ end; $$; AFTER INSERT TRIGGER to create the role+grant structure for a new hs_hosting_asset row. */ -create or replace function insertTriggerForHsHostingAsset_tf() +create or replace function hs_hosting_asset_build_rbac_system_after_insert_tf() returns trigger language plpgsql strict as $$ begin - call buildRbacSystemForHsHostingAsset(NEW); + call hs_hosting_asset_build_rbac_system(NEW); return NEW; end; $$; -create trigger insertTriggerForHsHostingAsset_tg +create trigger build_rbac_system_after_insert_tg after insert on hs_hosting_asset for each row -execute procedure insertTriggerForHsHostingAsset_tf(); +execute procedure hs_hosting_asset_build_rbac_system_after_insert_tf(); --// -- ============================================================================ ---changeset michael.hoennig:hs-hosting-asset-rbac-update-trigger endDelimiter:--// +--changeset RolesGrantsAndPermissionsGenerator:hs-hosting-asset-rbac-update-trigger endDelimiter:--// -- ---------------------------------------------------------------------------- /* Called from the AFTER UPDATE TRIGGER to re-wire the grants. */ -create or replace procedure updateRbacRulesForHsHostingAsset( +create or replace procedure hs_hosting_asset_update_rbac_system( OLD hs_hosting_asset, NEW hs_hosting_asset ) @@ -130,32 +130,32 @@ begin if NEW.assignedToAssetUuid is distinct from OLD.assignedToAssetUuid or NEW.alarmContactUuid is distinct from OLD.alarmContactUuid then delete from rbac.grants g where g.grantedbytriggerof = OLD.uuid; - call buildRbacSystemForHsHostingAsset(NEW); + call hs_hosting_asset_build_rbac_system(NEW); end if; end; $$; /* - AFTER INSERT TRIGGER to re-wire the grant structure for a new hs_hosting_asset row. + AFTER UPDATE TRIGGER to re-wire the grant structure for a new hs_hosting_asset row. */ -create or replace function updateTriggerForHsHostingAsset_tf() +create or replace function hs_hosting_asset_update_rbac_system_after_update_tf() returns trigger language plpgsql strict as $$ begin - call updateRbacRulesForHsHostingAsset(OLD, NEW); + call hs_hosting_asset_update_rbac_system(OLD, NEW); return NEW; end; $$; -create trigger updateTriggerForHsHostingAsset_tg +create trigger update_rbac_system_after_update_tg after update on hs_hosting_asset for each row -execute procedure updateTriggerForHsHostingAsset_tf(); +execute procedure hs_hosting_asset_update_rbac_system_after_update_tf(); --// -- ============================================================================ ---changeset michael.hoennig:hs-hosting-asset-rbac-IDENTITY-VIEW endDelimiter:--// +--changeset RbacIdentityViewGenerator:hs-hosting-asset-rbac-IDENTITY-VIEW endDelimiter:--// -- ---------------------------------------------------------------------------- call rbac.generateRbacIdentityViewFromProjection('hs_hosting_asset', @@ -166,7 +166,7 @@ call rbac.generateRbacIdentityViewFromProjection('hs_hosting_asset', -- ============================================================================ ---changeset michael.hoennig:hs-hosting-asset-rbac-RESTRICTED-VIEW endDelimiter:--// +--changeset RbacRestrictedViewGenerator:hs-hosting-asset-rbac-RESTRICTED-VIEW endDelimiter:--// -- ---------------------------------------------------------------------------- call rbac.generateRbacRestrictedView('hs_hosting_asset', $orderBy$ diff --git a/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7018-hs-hosting-asset-test-data.sql b/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7018-hs-hosting-asset-test-data.sql index 711773ba..1a89bcc7 100644 --- a/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7018-hs-hosting-asset-test-data.sql +++ b/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7018-hs-hosting-asset-test-data.sql @@ -12,7 +12,7 @@ create or replace procedure createHsHostingAssetTestData(givenProjectCaption var language plpgsql as $$ declare relatedProject hs_booking_project; - relatedDebitor hs_office_debitor; + relatedDebitor hs_office.debitor; privateCloudBI hs_booking_item; managedServerBI hs_booking_item; cloudServerBI hs_booking_item; @@ -38,7 +38,7 @@ begin assert relatedProject.uuid is not null, 'relatedProject for "' || givenProjectCaption || '" must not be null'; select debitor.* into relatedDebitor - from hs_office_debitor debitor + from hs_office.debitor debitor where debitor.uuid = relatedProject.debitorUuid; assert relatedDebitor.uuid is not null, 'relatedDebitor for "' || givenProjectCaption || '" must not be null'; diff --git a/src/main/resources/db/changelog/db.changelog-master.yaml b/src/main/resources/db/changelog/db.changelog-master.yaml index a8029152..ced88d6c 100644 --- a/src/main/resources/db/changelog/db.changelog-master.yaml +++ b/src/main/resources/db/changelog/db.changelog-master.yaml @@ -69,6 +69,8 @@ databaseChangeLog: file: db/changelog/2-rbactest/203-rbactest-domain/2033-rbactest-domain-rbac.sql - include: file: db/changelog/2-rbactest/203-rbactest-domain/2038-rbactest-domain-test-data.sql + - include: + file: db/changelog/5-hs-office/500-hs-office-schema.sql - include: file: db/changelog/5-hs-office/501-contact/5010-hs-office-contact.sql - include: diff --git a/src/test/java/net/hostsharing/hsadminng/hs/booking/project/HsBookingProjectRepositoryIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/hs/booking/project/HsBookingProjectRepositoryIntegrationTest.java index f4ada1b2..beae21e0 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/booking/project/HsBookingProjectRepositoryIntegrationTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/booking/project/HsBookingProjectRepositoryIntegrationTest.java @@ -135,7 +135,7 @@ class HsBookingProjectRepositoryIntegrationTest extends ContextBasedTestWithClea context("superuser-alex@hostsharing.net"); final var initialRoleNames = distinctRoleNamesOf(rawRoleRepo.findAll()); final var initialGrantNames = distinctGrantDisplaysOf(rawGrantRepo.findAll()).stream() - .map(s -> s.replace("hs_office_", "")) + .map(s -> s.replace("hs_office.", "")) .toList(); // when @@ -157,7 +157,7 @@ class HsBookingProjectRepositoryIntegrationTest extends ContextBasedTestWithClea "hs_booking_project#D-1000111-somenewbookingproject:OWNER", "hs_booking_project#D-1000111-somenewbookingproject:TENANT")); assertThat(distinctGrantDisplaysOf(rawGrantRepo.findAll())) - .map(s -> s.replace("hs_office_", "")) + .map(s -> s.replace("hs_office.", "")) .containsExactlyInAnyOrder(fromFormatted( initialGrantNames, diff --git a/src/test/java/net/hostsharing/hsadminng/hs/migration/BaseOfficeDataImport.java b/src/test/java/net/hostsharing/hsadminng/hs/migration/BaseOfficeDataImport.java index c8f107f1..3bdd17b3 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/migration/BaseOfficeDataImport.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/migration/BaseOfficeDataImport.java @@ -112,7 +112,7 @@ public abstract class BaseOfficeDataImport extends CsvDataImport { @Order(1) void verifyInitialDatabase() { // SQL DELETE for thousands of records takes too long, so we make sure, we only start with initial or test data - final var contactCount = (Integer) em.createNativeQuery("select count(*) from hs_office_contact", Integer.class) + final var contactCount = (Integer) em.createNativeQuery("select count(*) from hs_office.contact", Integer.class) .getSingleResult(); assertThat(contactCount).isLessThan(20); } @@ -614,7 +614,7 @@ public abstract class BaseOfficeDataImport extends CsvDataImport { jpaAttempt.transacted(() -> { context(rbacSuperuser); contacts.forEach(this::persist); - updateLegacyIds(contacts, "hs_office_contact_legacy_id", "contact_id"); + updateLegacyIds(contacts, "hs_office.contact_legacy_id", "contact_id"); }).assertSuccessful(); jpaAttempt.transacted(() -> { @@ -640,7 +640,7 @@ public abstract class BaseOfficeDataImport extends CsvDataImport { partner.setPartnerRel(em.merge(partner.getPartnerRel())); em.persist(partner); }); - updateLegacyIds(partners, "hs_office_partner_legacy_id", "bp_id"); + updateLegacyIds(partners, "hs_office.partner_legacy_id", "bp_id"); }).assertSuccessful(); jpaAttempt.transacted(() -> { @@ -664,20 +664,20 @@ public abstract class BaseOfficeDataImport extends CsvDataImport { jpaAttempt.transacted(() -> { context(rbacSuperuser); sepaMandates.forEach(this::persist); - updateLegacyIds(sepaMandates, "hs_office_sepamandate_legacy_id", "sepa_mandate_id"); + updateLegacyIds(sepaMandates, "hs_office.sepamandate_legacy_id", "sepa_mandate_id"); }).assertSuccessful(); jpaAttempt.transacted(() -> { context(rbacSuperuser); coopShares.forEach(this::persist); - updateLegacyIds(coopShares, "hs_office_coopsharestransaction_legacy_id", "member_share_id"); + updateLegacyIds(coopShares, "hs_office.coopsharestransaction_legacy_id", "member_share_id"); }).assertSuccessful(); jpaAttempt.transacted(() -> { context(rbacSuperuser); coopAssets.forEach(this::persist); - updateLegacyIds(coopAssets, "hs_office_coopassetstransaction_legacy_id", "member_asset_id"); + updateLegacyIds(coopAssets, "hs_office.coopassetstransaction_legacy_id", "member_asset_id"); }).assertSuccessful(); } @@ -685,7 +685,7 @@ public abstract class BaseOfficeDataImport extends CsvDataImport { @Test @Order(9190) void verifyMembershipsActuallyPersisted() { - final var biCount = (Integer) em.createNativeQuery("select count(*) from hs_office_membership", Integer.class) + final var biCount = (Integer) em.createNativeQuery("select count(*) from hs_office.membership", Integer.class) .getSingleResult(); assertThat(biCount).isGreaterThan(isImportingControlledTestData() ? 5 : 300); } diff --git a/src/test/java/net/hostsharing/hsadminng/hs/migration/CsvDataImport.java b/src/test/java/net/hostsharing/hsadminng/hs/migration/CsvDataImport.java index 66cfc5e7..59f1d909 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/migration/CsvDataImport.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/migration/CsvDataImport.java @@ -254,34 +254,34 @@ public class CsvDataImport extends ContextBasedTest { em.createNativeQuery("delete from hs_booking_item_ex where true").executeUpdate(); em.createNativeQuery("delete from hs_booking_project where true").executeUpdate(); em.createNativeQuery("delete from hs_booking_project_ex where true").executeUpdate(); - em.createNativeQuery("delete from hs_office_coopassetstransaction where true").executeUpdate(); - em.createNativeQuery("delete from hs_office_coopassetstransaction_legacy_id where true").executeUpdate(); - em.createNativeQuery("delete from hs_office_coopsharestransaction where true").executeUpdate(); - em.createNativeQuery("delete from hs_office_coopsharestransaction_legacy_id where true").executeUpdate(); - em.createNativeQuery("delete from hs_office_membership where true").executeUpdate(); - em.createNativeQuery("delete from hs_office_sepamandate where true").executeUpdate(); - em.createNativeQuery("delete from hs_office_sepamandate_legacy_id where true").executeUpdate(); - em.createNativeQuery("delete from hs_office_debitor where true").executeUpdate(); - em.createNativeQuery("delete from hs_office_bankaccount where true").executeUpdate(); - em.createNativeQuery("delete from hs_office_partner where true").executeUpdate(); - em.createNativeQuery("delete from hs_office_partner_details where true").executeUpdate(); - em.createNativeQuery("delete from hs_office_relation where true").executeUpdate(); - em.createNativeQuery("delete from hs_office_contact where true").executeUpdate(); - em.createNativeQuery("delete from hs_office_person where true").executeUpdate(); + em.createNativeQuery("delete from hs_office.coopassetstransaction where true").executeUpdate(); + em.createNativeQuery("delete from hs_office.coopassetstransaction_legacy_id where true").executeUpdate(); + em.createNativeQuery("delete from hs_office.coopsharestransaction where true").executeUpdate(); + em.createNativeQuery("delete from hs_office.coopsharestransaction_legacy_id where true").executeUpdate(); + em.createNativeQuery("delete from hs_office.membership where true").executeUpdate(); + em.createNativeQuery("delete from hs_office.sepamandate where true").executeUpdate(); + em.createNativeQuery("delete from hs_office.sepamandate_legacy_id where true").executeUpdate(); + em.createNativeQuery("delete from hs_office.debitor where true").executeUpdate(); + em.createNativeQuery("delete from hs_office.bankaccount where true").executeUpdate(); + em.createNativeQuery("delete from hs_office.partner where true").executeUpdate(); + em.createNativeQuery("delete from hs_office.partner_details where true").executeUpdate(); + em.createNativeQuery("delete from hs_office.relation where true").executeUpdate(); + em.createNativeQuery("delete from hs_office.contact where true").executeUpdate(); + em.createNativeQuery("delete from hs_office.person where true").executeUpdate(); }).assertSuccessful(); } protected void resetHsOfficeSequences() { jpaAttempt.transacted(() -> { context(rbacSuperuser); - em.createNativeQuery("alter sequence hs_office_contact_legacy_id_seq restart with 1000000000;").executeUpdate(); - em.createNativeQuery("alter sequence hs_office_coopassetstransaction_legacy_id_seq restart with 1000000000;") + em.createNativeQuery("alter sequence hs_office.contact_legacy_id_seq restart with 1000000000;").executeUpdate(); + em.createNativeQuery("alter sequence hs_office.coopassetstransaction_legacy_id_seq restart with 1000000000;") .executeUpdate(); - em.createNativeQuery("alter sequence public.hs_office_coopsharestransaction_legacy_id_seq restart with 1000000000;") + em.createNativeQuery("alter sequence public.hs_office.coopsharestransaction_legacy_id_seq restart with 1000000000;") .executeUpdate(); - em.createNativeQuery("alter sequence public.hs_office_partner_legacy_id_seq restart with 1000000000;") + em.createNativeQuery("alter sequence public.hs_office.partner_legacy_id_seq restart with 1000000000;") .executeUpdate(); - em.createNativeQuery("alter sequence public.hs_office_sepamandate_legacy_id_seq restart with 1000000000;") + em.createNativeQuery("alter sequence public.hs_office.sepamandate_legacy_id_seq restart with 1000000000;") .executeUpdate(); }); } diff --git a/src/test/java/net/hostsharing/hsadminng/hs/office/bankaccount/HsOfficeBankAccountRepositoryIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/hs/office/bankaccount/HsOfficeBankAccountRepositoryIntegrationTest.java index df853a61..ed573418 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/office/bankaccount/HsOfficeBankAccountRepositoryIntegrationTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/office/bankaccount/HsOfficeBankAccountRepositoryIntegrationTest.java @@ -102,21 +102,21 @@ class HsOfficeBankAccountRepositoryIntegrationTest extends ContextBasedTestWithC final var roles = rawRoleRepo.findAll(); assertThat(distinctRoleNamesOf(roles)).containsExactlyInAnyOrder(Array.from( initialRoleNames, - "hs_office_bankaccount#DE25500105176934832579:OWNER", - "hs_office_bankaccount#DE25500105176934832579:ADMIN", - "hs_office_bankaccount#DE25500105176934832579:REFERRER" + "hs_office.bankaccount#DE25500105176934832579:OWNER", + "hs_office.bankaccount#DE25500105176934832579:ADMIN", + "hs_office.bankaccount#DE25500105176934832579:REFERRER" )); assertThat(distinctGrantDisplaysOf(rawGrantRepo.findAll())).containsExactlyInAnyOrder(Array.fromFormatted( initialGrantNames, - "{ grant perm:hs_office_bankaccount#DE25500105176934832579:DELETE to role:hs_office_bankaccount#DE25500105176934832579:OWNER by system and assume }", - "{ grant role:hs_office_bankaccount#DE25500105176934832579:OWNER to role:rbac.global#global:ADMIN by system and assume }", - "{ grant role:hs_office_bankaccount#DE25500105176934832579:OWNER to user:selfregistered-user-drew@hostsharing.org by hs_office_bankaccount#DE25500105176934832579:OWNER and assume }", + "{ grant perm:hs_office.bankaccount#DE25500105176934832579:DELETE to role:hs_office.bankaccount#DE25500105176934832579:OWNER by system and assume }", + "{ grant role:hs_office.bankaccount#DE25500105176934832579:OWNER to role:rbac.global#global:ADMIN by system and assume }", + "{ grant role:hs_office.bankaccount#DE25500105176934832579:OWNER to user:selfregistered-user-drew@hostsharing.org by hs_office.bankaccount#DE25500105176934832579:OWNER and assume }", - "{ grant role:hs_office_bankaccount#DE25500105176934832579:ADMIN to role:hs_office_bankaccount#DE25500105176934832579:OWNER by system and assume }", - "{ grant perm:hs_office_bankaccount#DE25500105176934832579:UPDATE to role:hs_office_bankaccount#DE25500105176934832579:ADMIN by system and assume }", + "{ grant role:hs_office.bankaccount#DE25500105176934832579:ADMIN to role:hs_office.bankaccount#DE25500105176934832579:OWNER by system and assume }", + "{ grant perm:hs_office.bankaccount#DE25500105176934832579:UPDATE to role:hs_office.bankaccount#DE25500105176934832579:ADMIN by system and assume }", - "{ grant perm:hs_office_bankaccount#DE25500105176934832579:SELECT to role:hs_office_bankaccount#DE25500105176934832579:REFERRER by system and assume }", - "{ grant role:hs_office_bankaccount#DE25500105176934832579:REFERRER to role:hs_office_bankaccount#DE25500105176934832579:ADMIN by system and assume }", + "{ grant perm:hs_office.bankaccount#DE25500105176934832579:SELECT to role:hs_office.bankaccount#DE25500105176934832579:REFERRER by system and assume }", + "{ grant role:hs_office.bankaccount#DE25500105176934832579:REFERRER to role:hs_office.bankaccount#DE25500105176934832579:ADMIN by system and assume }", null )); } @@ -273,7 +273,7 @@ class HsOfficeBankAccountRepositoryIntegrationTest extends ContextBasedTestWithC final var query = em.createNativeQuery(""" select currentTask, targetTable, targetOp, targetdelta->>'iban' from base.tx_journal_v - where targettable = 'hs_office_bankaccount'; + where targettable = 'hs_office.bankaccount'; """); // when @@ -281,9 +281,9 @@ class HsOfficeBankAccountRepositoryIntegrationTest extends ContextBasedTestWithC // then assertThat(customerLogEntries).map(Arrays::toString).contains( - "[creating bankaccount test-data, hs_office_bankaccount, INSERT, DE02120300000000202051]", - "[creating bankaccount test-data, hs_office_bankaccount, INSERT, DE02500105170137075030]", - "[creating bankaccount test-data, hs_office_bankaccount, INSERT, DE02100500000054540402]"); + "[creating bankaccount test-data, hs_office.bankaccount, INSERT, DE02120300000000202051]", + "[creating bankaccount test-data, hs_office.bankaccount, INSERT, DE02500105170137075030]", + "[creating bankaccount test-data, hs_office.bankaccount, INSERT, DE02100500000054540402]"); } private HsOfficeBankAccountEntity givenSomeTemporaryBankAccount(final String createdByUser) { diff --git a/src/test/java/net/hostsharing/hsadminng/hs/office/contact/HsOfficeContactRbacRepositoryIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/hs/office/contact/HsOfficeContactRbacRepositoryIntegrationTest.java index e7759f4b..b05b6da7 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/office/contact/HsOfficeContactRbacRepositoryIntegrationTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/office/contact/HsOfficeContactRbacRepositoryIntegrationTest.java @@ -103,20 +103,20 @@ class HsOfficeContactRbacRepositoryIntegrationTest extends ContextBasedTestWithC final var roles = rawRoleRepo.findAll(); assertThat(distinctRoleNamesOf(roles)).containsExactlyInAnyOrder(Array.from( initialRoleNames, - "hs_office_contact#anothernewcontact:OWNER", - "hs_office_contact#anothernewcontact:ADMIN", - "hs_office_contact#anothernewcontact:REFERRER" + "hs_office.contact#anothernewcontact:OWNER", + "hs_office.contact#anothernewcontact:ADMIN", + "hs_office.contact#anothernewcontact:REFERRER" )); assertThat(distinctGrantDisplaysOf(rawGrantRepo.findAll())).containsExactlyInAnyOrder(Array.fromFormatted( initialGrantNames, - "{ grant role:hs_office_contact#anothernewcontact:OWNER to role:rbac.global#global:ADMIN by system and assume }", - "{ grant perm:hs_office_contact#anothernewcontact:UPDATE to role:hs_office_contact#anothernewcontact:ADMIN by system and assume }", - "{ grant role:hs_office_contact#anothernewcontact:OWNER to user:selfregistered-user-drew@hostsharing.org by hs_office_contact#anothernewcontact:OWNER and assume }", - "{ grant perm:hs_office_contact#anothernewcontact:DELETE to role:hs_office_contact#anothernewcontact:OWNER by system and assume }", - "{ grant role:hs_office_contact#anothernewcontact:ADMIN to role:hs_office_contact#anothernewcontact:OWNER by system and assume }", + "{ grant role:hs_office.contact#anothernewcontact:OWNER to role:rbac.global#global:ADMIN by system and assume }", + "{ grant perm:hs_office.contact#anothernewcontact:UPDATE to role:hs_office.contact#anothernewcontact:ADMIN by system and assume }", + "{ grant role:hs_office.contact#anothernewcontact:OWNER to user:selfregistered-user-drew@hostsharing.org by hs_office.contact#anothernewcontact:OWNER and assume }", + "{ grant perm:hs_office.contact#anothernewcontact:DELETE to role:hs_office.contact#anothernewcontact:OWNER by system and assume }", + "{ grant role:hs_office.contact#anothernewcontact:ADMIN to role:hs_office.contact#anothernewcontact:OWNER by system and assume }", - "{ grant perm:hs_office_contact#anothernewcontact:SELECT to role:hs_office_contact#anothernewcontact:REFERRER by system and assume }", - "{ grant role:hs_office_contact#anothernewcontact:REFERRER to role:hs_office_contact#anothernewcontact:ADMIN by system and assume }" + "{ grant perm:hs_office.contact#anothernewcontact:SELECT to role:hs_office.contact#anothernewcontact:REFERRER by system and assume }", + "{ grant role:hs_office.contact#anothernewcontact:REFERRER to role:hs_office.contact#anothernewcontact:ADMIN by system and assume }" )); } @@ -258,17 +258,17 @@ class HsOfficeContactRbacRepositoryIntegrationTest extends ContextBasedTestWithC final var query = em.createNativeQuery(""" select currentTask, targetTable, targetOp, targetdelta->>'caption' from base.tx_journal_v - where targettable = 'hs_office_contact'; - """); + where targettable = 'hs_office.contact'; + """); // when @SuppressWarnings("unchecked") final List customerLogEntries = query.getResultList(); // then assertThat(customerLogEntries).map(Arrays::toString).contains( - "[creating contact test-data, hs_office_contact, INSERT, first contact]", - "[creating contact test-data, hs_office_contact, INSERT, second contact]", - "[creating contact test-data, hs_office_contact, INSERT, third contact]"); + "[creating contact test-data, hs_office.contact, INSERT, first contact]", + "[creating contact test-data, hs_office.contact, INSERT, second contact]", + "[creating contact test-data, hs_office.contact, INSERT, third contact]"); } private HsOfficeContactRbacEntity givenSomeTemporaryContact( diff --git a/src/test/java/net/hostsharing/hsadminng/hs/office/coopassets/HsOfficeCoopAssetsTransactionControllerAcceptanceTest.java b/src/test/java/net/hostsharing/hsadminng/hs/office/coopassets/HsOfficeCoopAssetsTransactionControllerAcceptanceTest.java index 9358e9ba..1ca91c75 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/office/coopassets/HsOfficeCoopAssetsTransactionControllerAcceptanceTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/office/coopassets/HsOfficeCoopAssetsTransactionControllerAcceptanceTest.java @@ -391,9 +391,9 @@ class HsOfficeCoopAssetsTransactionControllerAcceptanceTest extends ContextBased void cleanup() { jpaAttempt.transacted(() -> { context.define("superuser-alex@hostsharing.net", null); - // HsOfficeCoopAssetsTransactionEntity respectively hs_office_coopassetstransaction_rv + // HsOfficeCoopAssetsTransactionEntity respectively hs_office.coopassetstransaction_rv // cannot be deleted at all, but the underlying table record can be deleted. - em.createNativeQuery("delete from hs_office_coopassetstransaction where reference like 'temp %'") + em.createNativeQuery("delete from hs_office.coopassetstransaction where reference like 'temp %'") .executeUpdate(); }).assertSuccessful(); } diff --git a/src/test/java/net/hostsharing/hsadminng/hs/office/coopassets/HsOfficeCoopAssetsTransactionRepositoryIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/hs/office/coopassets/HsOfficeCoopAssetsTransactionRepositoryIntegrationTest.java index cf636cc6..b13ff2f5 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/office/coopassets/HsOfficeCoopAssetsTransactionRepositoryIntegrationTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/office/coopassets/HsOfficeCoopAssetsTransactionRepositoryIntegrationTest.java @@ -89,7 +89,7 @@ class HsOfficeCoopAssetsTransactionRepositoryIntegrationTest extends ContextBase context("superuser-alex@hostsharing.net"); final var initialRoleNames = distinctRoleNamesOf(rawRoleRepo.findAll()); final var initialGrantNames = distinctGrantDisplaysOf(rawGrantRepo.findAll()).stream() - .map(s -> s.replace("hs_office_", "")) + .map(s -> s.replace("hs_office.", "")) .toList(); // when @@ -109,7 +109,7 @@ class HsOfficeCoopAssetsTransactionRepositoryIntegrationTest extends ContextBase final var all = rawRoleRepo.findAll(); assertThat(distinctRoleNamesOf(all)).containsExactlyInAnyOrder(Array.from(initialRoleNames)); // no new roles created assertThat(distinctGrantDisplaysOf(rawGrantRepo.findAll())) - .map(s -> s.replace("hs_office_", "")) + .map(s -> s.replace("hs_office.", "")) .containsExactlyInAnyOrder(Array.fromFormatted( initialGrantNames, "{ grant perm:coopassetstransaction#temprefB:SELECT to role:membership#M-1000101:AGENT by system and assume }", @@ -198,7 +198,7 @@ class HsOfficeCoopAssetsTransactionRepositoryIntegrationTest extends ContextBase @Test public void partnerPersonAdmin_canViewRelatedCoopAssetsTransactions() { // given: - context("superuser-alex@hostsharing.net", "hs_office_person#FirstGmbH:ADMIN"); + context("superuser-alex@hostsharing.net", "hs_office.person#FirstGmbH:ADMIN"); // when: final var result = coopAssetsTransactionRepo.findCoopAssetsTransactionByOptionalMembershipUuidAndDateRange( @@ -222,7 +222,7 @@ class HsOfficeCoopAssetsTransactionRepositoryIntegrationTest extends ContextBase final var query = em.createNativeQuery(""" select currentTask, targetTable, targetOp, targetdelta->>'reference' from base.tx_journal_v - where targettable = 'hs_office_coopassetstransaction'; + where targettable = 'hs_office.coopassetstransaction'; """); // when @@ -230,18 +230,18 @@ class HsOfficeCoopAssetsTransactionRepositoryIntegrationTest extends ContextBase // then assertThat(customerLogEntries).map(Arrays::toString).contains( - "[creating coopAssetsTransaction test-data, hs_office_coopassetstransaction, INSERT, ref 1000101-1]", - "[creating coopAssetsTransaction test-data, hs_office_coopassetstransaction, INSERT, ref 1000101-2]", - "[creating coopAssetsTransaction test-data, hs_office_coopassetstransaction, INSERT, ref 1000101-3]", - "[creating coopAssetsTransaction test-data, hs_office_coopassetstransaction, INSERT, ref 1000101-3]", - "[creating coopAssetsTransaction test-data, hs_office_coopassetstransaction, INSERT, ref 1000202-1]", - "[creating coopAssetsTransaction test-data, hs_office_coopassetstransaction, INSERT, ref 1000202-2]", - "[creating coopAssetsTransaction test-data, hs_office_coopassetstransaction, INSERT, ref 1000202-3]", - "[creating coopAssetsTransaction test-data, hs_office_coopassetstransaction, INSERT, ref 1000202-3]", - "[creating coopAssetsTransaction test-data, hs_office_coopassetstransaction, INSERT, ref 1000303-1]", - "[creating coopAssetsTransaction test-data, hs_office_coopassetstransaction, INSERT, ref 1000303-2]", - "[creating coopAssetsTransaction test-data, hs_office_coopassetstransaction, INSERT, ref 1000303-3]", - "[creating coopAssetsTransaction test-data, hs_office_coopassetstransaction, INSERT, ref 1000303-3]"); + "[creating coopAssetsTransaction test-data, hs_office.coopassetstransaction, INSERT, ref 1000101-1]", + "[creating coopAssetsTransaction test-data, hs_office.coopassetstransaction, INSERT, ref 1000101-2]", + "[creating coopAssetsTransaction test-data, hs_office.coopassetstransaction, INSERT, ref 1000101-3]", + "[creating coopAssetsTransaction test-data, hs_office.coopassetstransaction, INSERT, ref 1000101-3]", + "[creating coopAssetsTransaction test-data, hs_office.coopassetstransaction, INSERT, ref 1000202-1]", + "[creating coopAssetsTransaction test-data, hs_office.coopassetstransaction, INSERT, ref 1000202-2]", + "[creating coopAssetsTransaction test-data, hs_office.coopassetstransaction, INSERT, ref 1000202-3]", + "[creating coopAssetsTransaction test-data, hs_office.coopassetstransaction, INSERT, ref 1000202-3]", + "[creating coopAssetsTransaction test-data, hs_office.coopassetstransaction, INSERT, ref 1000303-1]", + "[creating coopAssetsTransaction test-data, hs_office.coopassetstransaction, INSERT, ref 1000303-2]", + "[creating coopAssetsTransaction test-data, hs_office.coopassetstransaction, INSERT, ref 1000303-3]", + "[creating coopAssetsTransaction test-data, hs_office.coopassetstransaction, INSERT, ref 1000303-3]"); } @BeforeEach diff --git a/src/test/java/net/hostsharing/hsadminng/hs/office/coopshares/HsOfficeCoopSharesTransactionControllerAcceptanceTest.java b/src/test/java/net/hostsharing/hsadminng/hs/office/coopshares/HsOfficeCoopSharesTransactionControllerAcceptanceTest.java index 83fd3917..a379c415 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/office/coopshares/HsOfficeCoopSharesTransactionControllerAcceptanceTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/office/coopshares/HsOfficeCoopSharesTransactionControllerAcceptanceTest.java @@ -55,9 +55,9 @@ class HsOfficeCoopSharesTransactionControllerAcceptanceTest extends ContextBased void cleanup() { jpaAttempt.transacted(() -> { context.define("superuser-alex@hostsharing.net", null); - // HsOfficeCoopSharesTransactionEntity respectively hs_office_coopsharestransaction_rv + // HsOfficeCoopSharesTransactionEntity respectively hs_office.coopsharestransaction_rv // cannot be deleted at all, but the underlying table record can be deleted. - em.createNativeQuery("delete from hs_office_coopsharestransaction where reference like 'temp %'").executeUpdate(); + em.createNativeQuery("delete from hs_office.coopsharestransaction where reference like 'temp %'").executeUpdate(); }).assertSuccessful(); } diff --git a/src/test/java/net/hostsharing/hsadminng/hs/office/coopshares/HsOfficeCoopSharesTransactionRepositoryIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/hs/office/coopshares/HsOfficeCoopSharesTransactionRepositoryIntegrationTest.java index af627350..6ef36d57 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/office/coopshares/HsOfficeCoopSharesTransactionRepositoryIntegrationTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/office/coopshares/HsOfficeCoopSharesTransactionRepositoryIntegrationTest.java @@ -88,7 +88,7 @@ class HsOfficeCoopSharesTransactionRepositoryIntegrationTest extends ContextBase context("superuser-alex@hostsharing.net"); final var initialRoleNames = distinctRoleNamesOf(rawRoleRepo.findAll()); final var initialGrantNames = distinctGrantDisplaysOf(rawGrantRepo.findAll()).stream() - .map(s -> s.replace("hs_office_", "")) + .map(s -> s.replace("hs_office.", "")) .toList(); // when @@ -108,7 +108,7 @@ class HsOfficeCoopSharesTransactionRepositoryIntegrationTest extends ContextBase final var all = rawRoleRepo.findAll(); assertThat(distinctRoleNamesOf(all)).containsExactlyInAnyOrder(Array.from(initialRoleNames)); // no new roles created assertThat(distinctGrantDisplaysOf(rawGrantRepo.findAll())) - .map(s -> s.replace("hs_office_", "")) + .map(s -> s.replace("hs_office.", "")) .containsExactlyInAnyOrder(Array.fromFormatted( initialGrantNames, "{ grant perm:coopsharestransaction#temprefB:SELECT to role:membership#M-1000101:AGENT by system and assume }", @@ -197,7 +197,7 @@ class HsOfficeCoopSharesTransactionRepositoryIntegrationTest extends ContextBase @Test public void normalUser_canViewOnlyRelatedCoopSharesTransactions() { // given: - context("superuser-alex@hostsharing.net", "hs_office_membership#M-1000101:ADMIN"); + context("superuser-alex@hostsharing.net", "hs_office.membership#M-1000101:ADMIN"); // when: final var result = coopSharesTransactionRepo.findCoopSharesTransactionByOptionalMembershipUuidAndDateRange( @@ -221,7 +221,7 @@ class HsOfficeCoopSharesTransactionRepositoryIntegrationTest extends ContextBase final var query = em.createNativeQuery(""" select currentTask, targetTable, targetOp, targetdelta->>'reference' from base.tx_journal_v - where targettable = 'hs_office_coopsharestransaction'; + where targettable = 'hs_office.coopsharestransaction'; """); // when @@ -229,18 +229,18 @@ class HsOfficeCoopSharesTransactionRepositoryIntegrationTest extends ContextBase // then assertThat(customerLogEntries).map(Arrays::toString).contains( - "[creating coopSharesTransaction test-data, hs_office_coopsharestransaction, INSERT, ref 1000101-1]", - "[creating coopSharesTransaction test-data, hs_office_coopsharestransaction, INSERT, ref 1000101-2]", - "[creating coopSharesTransaction test-data, hs_office_coopsharestransaction, INSERT, ref 1000101-3]", - "[creating coopSharesTransaction test-data, hs_office_coopsharestransaction, INSERT, ref 1000101-4]", - "[creating coopSharesTransaction test-data, hs_office_coopsharestransaction, INSERT, ref 1000202-1]", - "[creating coopSharesTransaction test-data, hs_office_coopsharestransaction, INSERT, ref 1000202-2]", - "[creating coopSharesTransaction test-data, hs_office_coopsharestransaction, INSERT, ref 1000202-3]", - "[creating coopSharesTransaction test-data, hs_office_coopsharestransaction, INSERT, ref 1000202-4]", - "[creating coopSharesTransaction test-data, hs_office_coopsharestransaction, INSERT, ref 1000303-1]", - "[creating coopSharesTransaction test-data, hs_office_coopsharestransaction, INSERT, ref 1000303-2]", - "[creating coopSharesTransaction test-data, hs_office_coopsharestransaction, INSERT, ref 1000303-3]", - "[creating coopSharesTransaction test-data, hs_office_coopsharestransaction, INSERT, ref 1000303-4]"); + "[creating coopSharesTransaction test-data, hs_office.coopsharestransaction, INSERT, ref 1000101-1]", + "[creating coopSharesTransaction test-data, hs_office.coopsharestransaction, INSERT, ref 1000101-2]", + "[creating coopSharesTransaction test-data, hs_office.coopsharestransaction, INSERT, ref 1000101-3]", + "[creating coopSharesTransaction test-data, hs_office.coopsharestransaction, INSERT, ref 1000101-4]", + "[creating coopSharesTransaction test-data, hs_office.coopsharestransaction, INSERT, ref 1000202-1]", + "[creating coopSharesTransaction test-data, hs_office.coopsharestransaction, INSERT, ref 1000202-2]", + "[creating coopSharesTransaction test-data, hs_office.coopsharestransaction, INSERT, ref 1000202-3]", + "[creating coopSharesTransaction test-data, hs_office.coopsharestransaction, INSERT, ref 1000202-4]", + "[creating coopSharesTransaction test-data, hs_office.coopsharestransaction, INSERT, ref 1000303-1]", + "[creating coopSharesTransaction test-data, hs_office.coopsharestransaction, INSERT, ref 1000303-2]", + "[creating coopSharesTransaction test-data, hs_office.coopsharestransaction, INSERT, ref 1000303-3]", + "[creating coopSharesTransaction test-data, hs_office.coopsharestransaction, INSERT, ref 1000303-4]"); } @BeforeEach diff --git a/src/test/java/net/hostsharing/hsadminng/hs/office/debitor/HsOfficeDebitorControllerAcceptanceTest.java b/src/test/java/net/hostsharing/hsadminng/hs/office/debitor/HsOfficeDebitorControllerAcceptanceTest.java index 1f1a188a..98ba650c 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/office/debitor/HsOfficeDebitorControllerAcceptanceTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/office/debitor/HsOfficeDebitorControllerAcceptanceTest.java @@ -638,7 +638,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu RestAssured // @formatter:off .given() .header("current-subject", "superuser-alex@hostsharing.net") - .header("assumed-roles", "hs_office_contact#fourthcontact:ADMIN") + .header("assumed-roles", "hs_office.contact#fourthcontact:ADMIN") .contentType(ContentType.JSON) .body(""" { @@ -651,7 +651,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu .then().log().all().assertThat() .statusCode(403) .body("message", containsString("ERROR: [403] Subject")) - .body("message", containsString("is not allowed to update hs_office_debitor uuid ")); + .body("message", containsString("is not allowed to update hs_office.debitor uuid ")); } } diff --git a/src/test/java/net/hostsharing/hsadminng/hs/office/debitor/HsOfficeDebitorRepositoryIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/hs/office/debitor/HsOfficeDebitorRepositoryIntegrationTest.java index 97f30b8a..53807d89 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/office/debitor/HsOfficeDebitorRepositoryIntegrationTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/office/debitor/HsOfficeDebitorRepositoryIntegrationTest.java @@ -141,7 +141,7 @@ class HsOfficeDebitorRepositoryIntegrationTest extends ContextBasedTestWithClean // then result.assertExceptionWithRootCauseMessage(org.hibernate.exception.ConstraintViolationException.class, - "ERROR: new row for relation \"hs_office_debitor\" violates check constraint \"check_default_prefix\""); + "ERROR: new row for relation \"debitor\" violates check constraint \"check_default_prefix\""); } @Test @@ -151,7 +151,7 @@ class HsOfficeDebitorRepositoryIntegrationTest extends ContextBasedTestWithClean final var initialRoleNames = distinctRoleNamesOf(rawRoleRepo.findAll()); final var initialGrantNames = distinctGrantDisplaysOf(rawGrantRepo.findAll()).stream() // some search+replace to make the output fit into the screen width - .map(s -> s.replace("hs_office_", "")) + .map(s -> s.replace("hs_office.", "")) .toList(); // when @@ -176,12 +176,12 @@ class HsOfficeDebitorRepositoryIntegrationTest extends ContextBasedTestWithClean // then assertThat(distinctRoleNamesOf(rawRoleRepo.findAll())).containsExactlyInAnyOrder(Array.from( initialRoleNames, - "hs_office_relation#FirstGmbH-with-DEBITOR-FourtheG:OWNER", - "hs_office_relation#FirstGmbH-with-DEBITOR-FourtheG:ADMIN", - "hs_office_relation#FirstGmbH-with-DEBITOR-FourtheG:AGENT", - "hs_office_relation#FirstGmbH-with-DEBITOR-FourtheG:TENANT")); + "hs_office.relation#FirstGmbH-with-DEBITOR-FourtheG:OWNER", + "hs_office.relation#FirstGmbH-with-DEBITOR-FourtheG:ADMIN", + "hs_office.relation#FirstGmbH-with-DEBITOR-FourtheG:AGENT", + "hs_office.relation#FirstGmbH-with-DEBITOR-FourtheG:TENANT")); assertThat(distinctGrantDisplaysOf(rawGrantRepo.findAll())) - .map(s -> s.replace("hs_office_", "")) + .map(s -> s.replace("hs_office.", "")) .containsExactlyInAnyOrder(Array.fromFormatted( initialGrantNames, "{ grant perm:relation#FirstGmbH-with-DEBITOR-FourtheG:INSERT>sepamandate to role:relation#FirstGmbH-with-DEBITOR-FourtheG:ADMIN by system and assume }", @@ -247,9 +247,9 @@ class HsOfficeDebitorRepositoryIntegrationTest extends ContextBasedTestWithClean @ParameterizedTest @Disabled // TODO: reactivate once partner.person + partner.contact are removed @ValueSource(strings = { - "hs_office_partner#10001:FirstGmbH-firstcontact:ADMIN", - "hs_office_person#FirstGmbH:ADMIN", - "hs_office_contact#firstcontact:ADMIN", + "hs_office.partner#10001:FirstGmbH-firstcontact:ADMIN", + "hs_office.person#FirstGmbH:ADMIN", + "hs_office.contact#firstcontact:ADMIN", }) public void relatedPersonAdmin_canViewRelatedDebitors(final String assumedRole) { // given: @@ -321,7 +321,7 @@ class HsOfficeDebitorRepositoryIntegrationTest extends ContextBasedTestWithClean assertThatDebitorIsVisibleForUserWithRole( givenDebitor, - "hs_office_relation#FourtheG-with-DEBITOR-FourtheG:ADMIN", true); + "hs_office.relation#FourtheG-with-DEBITOR-FourtheG:ADMIN", true); final var givenNewPartnerPerson = one(personRepo.findPersonByOptionalNameLike("First")); final var givenNewBillingPerson = one(personRepo.findPersonByOptionalNameLike("Firby")); final var givenNewContact = one(contactrealRepo.findContactByOptionalCaptionLike("sixth contact")); @@ -354,26 +354,26 @@ class HsOfficeDebitorRepositoryIntegrationTest extends ContextBasedTestWithClean // ... partner role was reassigned: assertThatDebitorIsNotVisibleForUserWithRole( result.returnedValue(), - "hs_office_relation#FourtheG-with-DEBITOR-FourtheG:ADMIN"); + "hs_office.relation#FourtheG-with-DEBITOR-FourtheG:ADMIN"); assertThatDebitorIsVisibleForUserWithRole( result.returnedValue(), - "hs_office_relation#FirstGmbH-with-DEBITOR-FirbySusan:AGENT", true); + "hs_office.relation#FirstGmbH-with-DEBITOR-FirbySusan:AGENT", true); // ... contact role was reassigned: assertThatDebitorIsNotVisibleForUserWithRole( result.returnedValue(), - "hs_office_contact#fifthcontact:ADMIN"); + "hs_office.contact#fifthcontact:ADMIN"); assertThatDebitorIsVisibleForUserWithRole( result.returnedValue(), - "hs_office_contact#sixthcontact:ADMIN", false); + "hs_office.contact#sixthcontact:ADMIN", false); // ... bank-account role was reassigned: assertThatDebitorIsNotVisibleForUserWithRole( result.returnedValue(), - "hs_office_bankaccount#DE02200505501015871393:ADMIN"); + "hs_office.bankaccount#DE02200505501015871393:ADMIN"); assertThatDebitorIsVisibleForUserWithRole( result.returnedValue(), - "hs_office_bankaccount#DE02120300000000202051:ADMIN", true); + "hs_office.bankaccount#DE02120300000000202051:ADMIN", true); } @Test @@ -383,7 +383,7 @@ class HsOfficeDebitorRepositoryIntegrationTest extends ContextBasedTestWithClean final var givenDebitor = givenSomeTemporaryDebitor("Fourth", "fifth contact", null, "fig"); assertThatDebitorIsVisibleForUserWithRole( givenDebitor, - "hs_office_relation#FourtheG-with-DEBITOR-FourtheG:ADMIN", true); + "hs_office.relation#FourtheG-with-DEBITOR-FourtheG:ADMIN", true); assertThatDebitorActuallyInDatabase(givenDebitor, true); final var givenNewBankAccount = one(bankAccountRepo.findByOptionalHolderLike("first")); @@ -403,7 +403,7 @@ class HsOfficeDebitorRepositoryIntegrationTest extends ContextBasedTestWithClean // ... bank-account role was assigned: assertThatDebitorIsVisibleForUserWithRole( result.returnedValue(), - "hs_office_bankaccount#DE02120300000000202051:ADMIN", true); + "hs_office.bankaccount#DE02120300000000202051:ADMIN", true); } @Test @@ -413,7 +413,7 @@ class HsOfficeDebitorRepositoryIntegrationTest extends ContextBasedTestWithClean final var givenDebitor = givenSomeTemporaryDebitor("Fourth", "fifth contact", "Fourth", "fih"); assertThatDebitorIsVisibleForUserWithRole( givenDebitor, - "hs_office_relation#HostsharingeG-with-PARTNER-FourtheG:AGENT", true); + "hs_office.relation#HostsharingeG-with-PARTNER-FourtheG:AGENT", true); assertThatDebitorActuallyInDatabase(givenDebitor, true); // when @@ -432,7 +432,7 @@ class HsOfficeDebitorRepositoryIntegrationTest extends ContextBasedTestWithClean // ... bank-account role was removed from previous bank-account admin: assertThatDebitorIsNotVisibleForUserWithRole( result.returnedValue(), - "hs_office_bankaccount#DE02200505501015871393:ADMIN"); + "hs_office.bankaccount#DE02200505501015871393:ADMIN"); } @Test @@ -442,19 +442,19 @@ class HsOfficeDebitorRepositoryIntegrationTest extends ContextBasedTestWithClean final var givenDebitor = givenSomeTemporaryDebitor("Fourth", "eighth", "Fourth", "eig"); assertThatDebitorIsVisibleForUserWithRole( givenDebitor, - "hs_office_relation#HostsharingeG-with-PARTNER-FourtheG:AGENT", true); + "hs_office.relation#HostsharingeG-with-PARTNER-FourtheG:AGENT", true); assertThatDebitorActuallyInDatabase(givenDebitor, true); // when final var result = jpaAttempt.transacted(() -> { - context("superuser-alex@hostsharing.net", "hs_office_relation#HostsharingeG-with-PARTNER-FourtheG:AGENT"); + context("superuser-alex@hostsharing.net", "hs_office.relation#HostsharingeG-with-PARTNER-FourtheG:AGENT"); givenDebitor.setVatId("NEW-VAT-ID"); return toCleanup(debitorRepo.save(givenDebitor)); }); // then result.assertExceptionWithRootCauseMessage(JpaSystemException.class, - "[403] Subject ", " is not allowed to update hs_office_debitor uuid"); + "[403] Subject ", " is not allowed to update hs_office.debitor uuid"); } @Test @@ -463,11 +463,11 @@ class HsOfficeDebitorRepositoryIntegrationTest extends ContextBasedTestWithClean context("superuser-alex@hostsharing.net"); final var givenDebitor = givenSomeTemporaryDebitor("Fourth", "ninth", "Fourth", "nin"); assertThatDebitorActuallyInDatabase(givenDebitor, true); - assertThatDebitorIsVisibleForUserWithRole(givenDebitor, "hs_office_contact#ninthcontact:ADMIN", false); + assertThatDebitorIsVisibleForUserWithRole(givenDebitor, "hs_office.contact#ninthcontact:ADMIN", false); // when final var result = jpaAttempt.transacted(() -> { - context("superuser-alex@hostsharing.net", "hs_office_contact#ninthcontact:ADMIN"); + context("superuser-alex@hostsharing.net", "hs_office.contact#ninthcontact:ADMIN"); givenDebitor.setVatId("NEW-VAT-ID"); final HsOfficeDebitorEntity entity = debitorRepo.save(givenDebitor); return toCleanup(entity.load()); @@ -477,7 +477,7 @@ class HsOfficeDebitorRepositoryIntegrationTest extends ContextBasedTestWithClean result.assertExceptionWithRootCauseMessage( JpaSystemException.class, "ERROR: [403]", - "is not allowed to update hs_office_debitor uuid"); + "is not allowed to update hs_office.debitor uuid"); } private void assertThatDebitorActuallyInDatabase(final HsOfficeDebitorEntity saved, final boolean withPartner) { @@ -547,7 +547,7 @@ class HsOfficeDebitorRepositoryIntegrationTest extends ContextBasedTestWithClean // when final var result = jpaAttempt.transacted(() -> { - context("superuser-alex@hostsharing.net", "hs_office_relation#FourtheG-with-DEBITOR-FourtheG:ADMIN"); + context("superuser-alex@hostsharing.net", "hs_office.relation#FourtheG-with-DEBITOR-FourtheG:ADMIN"); assertThat(debitorRepo.findByUuid(givenDebitor.getUuid())).isPresent(); debitorRepo.deleteByUuid(givenDebitor.getUuid()); @@ -556,7 +556,7 @@ class HsOfficeDebitorRepositoryIntegrationTest extends ContextBasedTestWithClean // then result.assertExceptionWithRootCauseMessage( JpaSystemException.class, - "[403] Subject ", " not allowed to delete hs_office_debitor"); + "[403] Subject ", " not allowed to delete hs_office.debitor"); assertThat(jpaAttempt.transacted(() -> { context("superuser-alex@hostsharing.net"); return debitorRepo.findByUuid(givenDebitor.getUuid()); @@ -591,7 +591,7 @@ class HsOfficeDebitorRepositoryIntegrationTest extends ContextBasedTestWithClean final var query = em.createNativeQuery(""" select currentTask, targetTable, targetOp, targetdelta->>'defaultprefix' from base.tx_journal_v - where targettable = 'hs_office_debitor'; + where targettable = 'hs_office.debitor'; """); // when @@ -599,9 +599,9 @@ class HsOfficeDebitorRepositoryIntegrationTest extends ContextBasedTestWithClean // then assertThat(customerLogEntries).map(Arrays::toString).contains( - "[creating debitor test-data, hs_office_debitor, INSERT, fir]", - "[creating debitor test-data, hs_office_debitor, INSERT, sec]", - "[creating debitor test-data, hs_office_debitor, INSERT, thi]"); + "[creating debitor test-data, hs_office.debitor, INSERT, fir]", + "[creating debitor test-data, hs_office.debitor, INSERT, sec]", + "[creating debitor test-data, hs_office.debitor, INSERT, thi]"); } private HsOfficeDebitorEntity givenSomeTemporaryDebitor( diff --git a/src/test/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipControllerAcceptanceTest.java b/src/test/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipControllerAcceptanceTest.java index ee6b956c..55f2fbd7 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipControllerAcceptanceTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipControllerAcceptanceTest.java @@ -263,7 +263,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle RestAssured // @formatter:off .given() .header("current-subject", "superuser-alex@hostsharing.net") - .header("assumed-roles", "hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG:AGENT") + .header("assumed-roles", "hs_office.relation#HostsharingeG-with-PARTNER-ThirdOHG:AGENT") .port(port) .when() .get("http://localhost/api/hs/office/memberships/" + givenMembershipUuid) @@ -331,7 +331,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle void partnerRelAdmin_canPatchValidityOfRelatedMembership() { // given - final var givenPartnerAdmin = "hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH:ADMIN"; + final var givenPartnerAdmin = "hs_office.relation#HostsharingeG-with-PARTNER-FirstGmbH:ADMIN"; context.define("superuser-alex@hostsharing.net", givenPartnerAdmin); final var givenMembership = givenSomeTemporaryMembershipBessler("First"); @@ -392,7 +392,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle RestAssured // @formatter:off .given() .header("current-subject", "superuser-alex@hostsharing.net") - .header("assumed-roles", "hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH:AGENT") + .header("assumed-roles", "hs_office.relation#HostsharingeG-with-PARTNER-FirstGmbH:AGENT") .port(port) .when() .delete("http://localhost/api/hs/office/memberships/" + givenMembership.getUuid()) diff --git a/src/test/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipRepositoryIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipRepositoryIntegrationTest.java index 5916abc0..8192c705 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipRepositoryIntegrationTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipRepositoryIntegrationTest.java @@ -91,7 +91,7 @@ class HsOfficeMembershipRepositoryIntegrationTest extends ContextBasedTestWithCl context("superuser-alex@hostsharing.net"); final var initialRoleNames = distinctRoleNamesOf(rawRoleRepo.findAll()); final var initialGrantNames = distinctGrantDisplaysOf(rawGrantRepo.findAll()).stream() - .map(s -> s.replace("hs_office_", "")) + .map(s -> s.replace("hs_office.", "")) .toList(); // when @@ -110,11 +110,11 @@ class HsOfficeMembershipRepositoryIntegrationTest extends ContextBasedTestWithCl final var all = rawRoleRepo.findAll(); assertThat(distinctRoleNamesOf(all)).containsExactlyInAnyOrder(Array.from( initialRoleNames, - "hs_office_membership#M-1000117:OWNER", - "hs_office_membership#M-1000117:ADMIN", - "hs_office_membership#M-1000117:AGENT")); + "hs_office.membership#M-1000117:OWNER", + "hs_office.membership#M-1000117:ADMIN", + "hs_office.membership#M-1000117:AGENT")); assertThat(distinctGrantDisplaysOf(rawGrantRepo.findAll())) - .map(s -> s.replace("hs_office_", "")) + .map(s -> s.replace("hs_office.", "")) .containsExactlyInAnyOrder(Array.fromFormatted( initialGrantNames, // insert @@ -230,13 +230,13 @@ class HsOfficeMembershipRepositoryIntegrationTest extends ContextBasedTestWithCl assertThatMembershipExistsAndIsAccessibleToCurrentContext(givenMembership); assertThatMembershipIsVisibleForRole( givenMembership, - "hs_office_membership#M-1000113:AGENT"); + "hs_office.membership#M-1000113:AGENT"); final var newValidityEnd = LocalDate.now(); // when final var result = jpaAttempt.transacted(() -> { // TODO: we should test with debitor- and partner-admin as well - context("superuser-alex@hostsharing.net", "hs_office_membership#M-1000113:AGENT"); + context("superuser-alex@hostsharing.net", "hs_office.membership#M-1000113:AGENT"); givenMembership.setValidity( Range.closedOpen(givenMembership.getValidity().lower(), newValidityEnd)); return membershipRepo.save(givenMembership); @@ -244,7 +244,7 @@ class HsOfficeMembershipRepositoryIntegrationTest extends ContextBasedTestWithCl // then result.assertExceptionWithRootCauseMessage(JpaSystemException.class, - "[403] Subject ", " is not allowed to update hs_office_membership uuid"); + "[403] Subject ", " is not allowed to update hs_office.membership uuid"); } private void assertThatMembershipExistsAndIsAccessibleToCurrentContext(final HsOfficeMembershipEntity saved) { @@ -294,7 +294,7 @@ class HsOfficeMembershipRepositoryIntegrationTest extends ContextBasedTestWithCl // when final var result = jpaAttempt.transacted(() -> { - context("superuser-alex@hostsharing.net", "hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH:AGENT"); + context("superuser-alex@hostsharing.net", "hs_office.relation#HostsharingeG-with-PARTNER-FirstGmbH:AGENT"); assertThat(membershipRepo.findByUuid(givenMembership.getUuid())).isPresent(); membershipRepo.deleteByUuid(givenMembership.getUuid()); @@ -303,7 +303,7 @@ class HsOfficeMembershipRepositoryIntegrationTest extends ContextBasedTestWithCl // then result.assertExceptionWithRootCauseMessage( JpaSystemException.class, - "[403] Subject ", " not allowed to delete hs_office_membership"); + "[403] Subject ", " not allowed to delete hs_office.membership"); assertThat(jpaAttempt.transacted(() -> { context("superuser-alex@hostsharing.net"); return membershipRepo.findByUuid(givenMembership.getUuid()); @@ -338,7 +338,7 @@ class HsOfficeMembershipRepositoryIntegrationTest extends ContextBasedTestWithCl final var query = em.createNativeQuery(""" select currentTask, targetTable, targetOp, targetdelta->>'membernumbersuffix' from base.tx_journal_v - where targettable = 'hs_office_membership'; + where targettable = 'hs_office.membership'; """); // when @@ -346,9 +346,9 @@ class HsOfficeMembershipRepositoryIntegrationTest extends ContextBasedTestWithCl // then assertThat(customerLogEntries).map(Arrays::toString).contains( - "[creating Membership test-data, hs_office_membership, INSERT, 01]", - "[creating Membership test-data, hs_office_membership, INSERT, 02]", - "[creating Membership test-data, hs_office_membership, INSERT, 03]"); + "[creating Membership test-data, hs_office.membership, INSERT, 01]", + "[creating Membership test-data, hs_office.membership, INSERT, 02]", + "[creating Membership test-data, hs_office.membership, INSERT, 03]"); } private HsOfficeMembershipEntity givenSomeTemporaryMembership(final String partnerTradeName, final String memberNumberSuffix) { diff --git a/src/test/java/net/hostsharing/hsadminng/hs/office/partner/HsOfficePartnerRepositoryIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/hs/office/partner/HsOfficePartnerRepositoryIntegrationTest.java index f0ad1527..90c79490 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/office/partner/HsOfficePartnerRepositoryIntegrationTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/office/partner/HsOfficePartnerRepositoryIntegrationTest.java @@ -103,7 +103,7 @@ class HsOfficePartnerRepositoryIntegrationTest extends ContextBasedTestWithClean final var initialGrantNames = distinctGrantDisplaysOf(rawGrantRepo.findAll()).stream() .map(s -> s.replace("ErbenBesslerMelBessler", "EBess")) .map(s -> s.replace("fourthcontact", "4th")) - .map(s -> s.replace("hs_office_", "")) + .map(s -> s.replace("hs_office.", "")) .toList(); // when @@ -131,14 +131,14 @@ class HsOfficePartnerRepositoryIntegrationTest extends ContextBasedTestWithClean // then assertThat(distinctRoleNamesOf(rawRoleRepo.findAll())).containsExactlyInAnyOrder(from( initialRoleNames, - "hs_office_relation#HostsharingeG-with-PARTNER-ErbenBesslerMelBessler:OWNER", - "hs_office_relation#HostsharingeG-with-PARTNER-ErbenBesslerMelBessler:ADMIN", - "hs_office_relation#HostsharingeG-with-PARTNER-ErbenBesslerMelBessler:AGENT", - "hs_office_relation#HostsharingeG-with-PARTNER-ErbenBesslerMelBessler:TENANT")); + "hs_office.relation#HostsharingeG-with-PARTNER-ErbenBesslerMelBessler:OWNER", + "hs_office.relation#HostsharingeG-with-PARTNER-ErbenBesslerMelBessler:ADMIN", + "hs_office.relation#HostsharingeG-with-PARTNER-ErbenBesslerMelBessler:AGENT", + "hs_office.relation#HostsharingeG-with-PARTNER-ErbenBesslerMelBessler:TENANT")); assertThat(distinctGrantDisplaysOf(rawGrantRepo.findAll())) .map(s -> s.replace("ErbenBesslerMelBessler", "EBess")) .map(s -> s.replace("fourthcontact", "4th")) - .map(s -> s.replace("hs_office_", "")) + .map(s -> s.replace("hs_office.", "")) .containsExactlyInAnyOrder(distinct(from( initialGrantNames, @@ -263,7 +263,7 @@ class HsOfficePartnerRepositoryIntegrationTest extends ContextBasedTestWithClean final var givenPartner = givenSomeTemporaryHostsharingPartner(20036, "Erben Bessler", "fifth contact"); assertThatPartnerIsVisibleForUserWithRole( givenPartner, - "hs_office_person#ErbenBesslerMelBessler:ADMIN"); + "hs_office.person#ErbenBesslerMelBessler:ADMIN"); assertThatPartnerActuallyInDatabase(givenPartner); // when @@ -281,10 +281,10 @@ class HsOfficePartnerRepositoryIntegrationTest extends ContextBasedTestWithClean "rbac.global#global:ADMIN"); assertThatPartnerIsVisibleForUserWithRole( givenPartner, - "hs_office_person#ThirdOHG:ADMIN"); + "hs_office.person#ThirdOHG:ADMIN"); assertThatPartnerIsNotVisibleForUserWithRole( givenPartner, - "hs_office_person#ErbenBesslerMelBessler:ADMIN"); + "hs_office.person#ErbenBesslerMelBessler:ADMIN"); } @Test @@ -294,13 +294,13 @@ class HsOfficePartnerRepositoryIntegrationTest extends ContextBasedTestWithClean final var givenPartner = givenSomeTemporaryHostsharingPartner(20037, "Erben Bessler", "ninth"); assertThatPartnerIsVisibleForUserWithRole( givenPartner, - "hs_office_person#ErbenBesslerMelBessler:ADMIN"); + "hs_office.person#ErbenBesslerMelBessler:ADMIN"); assertThatPartnerActuallyInDatabase(givenPartner); // when final var result = jpaAttempt.transacted(() -> { context("superuser-alex@hostsharing.net", - "hs_office_person#ErbenBesslerMelBessler:ADMIN"); + "hs_office.person#ErbenBesslerMelBessler:ADMIN"); givenPartner.getDetails().setBirthName("new birthname"); return partnerRepo.save(givenPartner); }); @@ -316,21 +316,21 @@ class HsOfficePartnerRepositoryIntegrationTest extends ContextBasedTestWithClean final var givenPartner = givenSomeTemporaryHostsharingPartner(20037, "Erben Bessler", "ninth"); assertThatPartnerIsVisibleForUserWithRole( givenPartner, - "hs_office_person#ErbenBesslerMelBessler:ADMIN"); + "hs_office.person#ErbenBesslerMelBessler:ADMIN"); assertThatPartnerActuallyInDatabase(givenPartner); // when final var result = jpaAttempt.transacted(() -> { context("superuser-alex@hostsharing.net", - "hs_office_relation#HostsharingeG-with-PARTNER-ErbenBesslerMelBessler:TENANT"); + "hs_office.relation#HostsharingeG-with-PARTNER-ErbenBesslerMelBessler:TENANT"); givenPartner.getDetails().setBirthName("new birthname"); return partnerRepo.save(givenPartner); }); // then result.assertExceptionWithRootCauseMessage(JpaSystemException.class, - "ERROR: [403] insert into hs_office_partner_details ", - " not allowed for current subjects {hs_office_relation#HostsharingeG-with-PARTNER-ErbenBesslerMelBessler:TENANT}"); + "ERROR: [403] insert into hs_office.partner_details ", + " not allowed for current subjects {hs_office.relation#HostsharingeG-with-PARTNER-ErbenBesslerMelBessler:TENANT}"); } private void assertThatPartnerActuallyInDatabase(final HsOfficePartnerEntity saved) { @@ -398,7 +398,7 @@ class HsOfficePartnerRepositoryIntegrationTest extends ContextBasedTestWithClean // then result.assertExceptionWithRootCauseMessage( JpaSystemException.class, - "[403] Subject ", " not allowed to delete hs_office_partner"); + "[403] Subject ", " not allowed to delete hs_office.partner"); assertThat(jpaAttempt.transacted(() -> { context("superuser-alex@hostsharing.net"); return partnerRepo.findByUuid(givenPartner.getUuid()); @@ -435,7 +435,7 @@ class HsOfficePartnerRepositoryIntegrationTest extends ContextBasedTestWithClean final var query = em.createNativeQuery(""" select currentTask, targetTable, targetOp, targetdelta->>'partnernumber' from base.tx_journal_v - where targettable = 'hs_office_partner'; + where targettable = 'hs_office.partner'; """); // when @@ -443,11 +443,11 @@ class HsOfficePartnerRepositoryIntegrationTest extends ContextBasedTestWithClean // then assertThat(customerLogEntries).map(Arrays::toString).contains( - "[creating partner test-data , hs_office_partner, INSERT, 10001]", - "[creating partner test-data , hs_office_partner, INSERT, 10002]", - "[creating partner test-data , hs_office_partner, INSERT, 10003]", - "[creating partner test-data , hs_office_partner, INSERT, 10004]", - "[creating partner test-data , hs_office_partner, INSERT, 10010]"); + "[creating partner test-data , hs_office.partner, INSERT, 10001]", + "[creating partner test-data , hs_office.partner, INSERT, 10002]", + "[creating partner test-data , hs_office.partner, INSERT, 10003]", + "[creating partner test-data , hs_office.partner, INSERT, 10004]", + "[creating partner test-data , hs_office.partner, INSERT, 10010]"); } private HsOfficePartnerEntity givenSomeTemporaryHostsharingPartner( diff --git a/src/test/java/net/hostsharing/hsadminng/hs/office/person/HsOfficePersonRepositoryIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/hs/office/person/HsOfficePersonRepositoryIntegrationTest.java index 43a9792f..595c732a 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/office/person/HsOfficePersonRepositoryIntegrationTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/office/person/HsOfficePersonRepositoryIntegrationTest.java @@ -102,23 +102,23 @@ class HsOfficePersonRepositoryIntegrationTest extends ContextBasedTestWithCleanu assertThat(distinctRoleNamesOf(rawRoleRepo.findAll())).containsExactlyInAnyOrder( Array.from( initialRoleNames, - "hs_office_person#anothernewperson:OWNER", - "hs_office_person#anothernewperson:ADMIN", - "hs_office_person#anothernewperson:REFERRER" + "hs_office.person#anothernewperson:OWNER", + "hs_office.person#anothernewperson:ADMIN", + "hs_office.person#anothernewperson:REFERRER" )); assertThat(distinctGrantDisplaysOf(rawGrantRepo.findAll())).containsExactlyInAnyOrder( Array.fromFormatted( initialGrantNames, - "{ grant perm:hs_office_person#anothernewperson:INSERT>hs_office_relation to role:hs_office_person#anothernewperson:ADMIN by system and assume }", + "{ grant perm:hs_office.person#anothernewperson:INSERT>hs_office.relation to role:hs_office.person#anothernewperson:ADMIN by system and assume }", - "{ grant role:hs_office_person#anothernewperson:OWNER to user:selfregistered-user-drew@hostsharing.org by hs_office_person#anothernewperson:OWNER and assume }", - "{ grant role:hs_office_person#anothernewperson:OWNER to role:rbac.global#global:ADMIN by system and assume }", - "{ grant perm:hs_office_person#anothernewperson:UPDATE to role:hs_office_person#anothernewperson:ADMIN by system and assume }", - "{ grant perm:hs_office_person#anothernewperson:DELETE to role:hs_office_person#anothernewperson:OWNER by system and assume }", - "{ grant role:hs_office_person#anothernewperson:ADMIN to role:hs_office_person#anothernewperson:OWNER by system and assume }", + "{ grant role:hs_office.person#anothernewperson:OWNER to user:selfregistered-user-drew@hostsharing.org by hs_office.person#anothernewperson:OWNER and assume }", + "{ grant role:hs_office.person#anothernewperson:OWNER to role:rbac.global#global:ADMIN by system and assume }", + "{ grant perm:hs_office.person#anothernewperson:UPDATE to role:hs_office.person#anothernewperson:ADMIN by system and assume }", + "{ grant perm:hs_office.person#anothernewperson:DELETE to role:hs_office.person#anothernewperson:OWNER by system and assume }", + "{ grant role:hs_office.person#anothernewperson:ADMIN to role:hs_office.person#anothernewperson:OWNER by system and assume }", - "{ grant perm:hs_office_person#anothernewperson:SELECT to role:hs_office_person#anothernewperson:REFERRER by system and assume }", - "{ grant role:hs_office_person#anothernewperson:REFERRER to role:hs_office_person#anothernewperson:ADMIN by system and assume }" + "{ grant perm:hs_office.person#anothernewperson:SELECT to role:hs_office.person#anothernewperson:REFERRER by system and assume }", + "{ grant role:hs_office.person#anothernewperson:REFERRER to role:hs_office.person#anothernewperson:ADMIN by system and assume }" )); } @@ -262,7 +262,7 @@ class HsOfficePersonRepositoryIntegrationTest extends ContextBasedTestWithCleanu final var query = em.createNativeQuery(""" select currentTask, targetTable, targetOp, targetdelta->>'tradename', targetdelta->>'lastname' from base.tx_journal_v - where targettable = 'hs_office_person'; + where targettable = 'hs_office.person'; """); // when @@ -270,10 +270,10 @@ class HsOfficePersonRepositoryIntegrationTest extends ContextBasedTestWithCleanu // then assertThat(customerLogEntries).map(Arrays::toString).contains( - "[creating person test-data, hs_office_person, INSERT, Hostsharing eG, null]", - "[creating person test-data, hs_office_person, INSERT, First GmbH, null]", - "[creating person test-data, hs_office_person, INSERT, Second e.K., null]", - "[creating person test-data, hs_office_person, INSERT, Third OHG, null]"); + "[creating person test-data, hs_office.person, INSERT, Hostsharing eG, null]", + "[creating person test-data, hs_office.person, INSERT, First GmbH, null]", + "[creating person test-data, hs_office.person, INSERT, Second e.K., null]", + "[creating person test-data, hs_office.person, INSERT, Third OHG, null]"); } private HsOfficePersonEntity givenSomeTemporaryPerson( diff --git a/src/test/java/net/hostsharing/hsadminng/hs/office/relation/HsOfficeRelationRepositoryIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/hs/office/relation/HsOfficeRelationRepositoryIntegrationTest.java index e285e8c3..aa5d54d8 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/office/relation/HsOfficeRelationRepositoryIntegrationTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/office/relation/HsOfficeRelationRepositoryIntegrationTest.java @@ -125,33 +125,33 @@ class HsOfficeRelationRepositoryIntegrationTest extends ContextBasedTestWithClea // then assertThat(distinctRoleNamesOf(rawRoleRepo.findAll())).containsExactlyInAnyOrder(Array.from( initialRoleNames, - "hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:OWNER", - "hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:ADMIN", - "hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:AGENT", - "hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:TENANT")); + "hs_office.relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:OWNER", + "hs_office.relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:ADMIN", + "hs_office.relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:AGENT", + "hs_office.relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:TENANT")); assertThat(distinctGrantDisplaysOf(rawGrantRepo.findAll())).containsExactlyInAnyOrder(Array.fromFormatted( initialGrantNames, - "{ grant perm:hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:DELETE to role:hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:OWNER by system and assume }", - "{ grant role:hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:OWNER to role:rbac.global#global:ADMIN by system and assume }", - "{ grant role:hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:OWNER to user:superuser-alex@hostsharing.net by hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:OWNER and assume }", + "{ grant perm:hs_office.relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:DELETE to role:hs_office.relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:OWNER by system and assume }", + "{ grant role:hs_office.relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:OWNER to role:rbac.global#global:ADMIN by system and assume }", + "{ grant role:hs_office.relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:OWNER to user:superuser-alex@hostsharing.net by hs_office.relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:OWNER and assume }", - "{ grant perm:hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:UPDATE to role:hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:ADMIN by system and assume }", - "{ grant role:hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:ADMIN to role:hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:OWNER by system and assume }", - "{ grant role:hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:OWNER to role:hs_office_person#BesslerBert:ADMIN by system and assume }", - "{ grant role:hs_office_person#ErbenBesslerMelBessler:OWNER to role:hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:ADMIN by system and assume }", + "{ grant perm:hs_office.relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:UPDATE to role:hs_office.relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:ADMIN by system and assume }", + "{ grant role:hs_office.relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:ADMIN to role:hs_office.relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:OWNER by system and assume }", + "{ grant role:hs_office.relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:OWNER to role:hs_office.person#BesslerBert:ADMIN by system and assume }", + "{ grant role:hs_office.person#ErbenBesslerMelBessler:OWNER to role:hs_office.relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:ADMIN by system and assume }", - "{ grant role:hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:AGENT to role:hs_office_person#ErbenBesslerMelBessler:ADMIN by system and assume }", - "{ grant role:hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:AGENT to role:hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:ADMIN by system and assume }", + "{ grant role:hs_office.relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:AGENT to role:hs_office.person#ErbenBesslerMelBessler:ADMIN by system and assume }", + "{ grant role:hs_office.relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:AGENT to role:hs_office.relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:ADMIN by system and assume }", - "{ grant perm:hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:SELECT to role:hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:TENANT by system and assume }", - "{ grant role:hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:TENANT to role:hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:AGENT by system and assume }", - "{ grant role:hs_office_person#BesslerBert:REFERRER to role:hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:TENANT by system and assume }", - "{ grant role:hs_office_person#ErbenBesslerMelBessler:REFERRER to role:hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:TENANT by system and assume }", - "{ grant role:hs_office_contact#fourthcontact:REFERRER to role:hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:TENANT by system and assume }", + "{ grant perm:hs_office.relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:SELECT to role:hs_office.relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:TENANT by system and assume }", + "{ grant role:hs_office.relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:TENANT to role:hs_office.relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:AGENT by system and assume }", + "{ grant role:hs_office.person#BesslerBert:REFERRER to role:hs_office.relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:TENANT by system and assume }", + "{ grant role:hs_office.person#ErbenBesslerMelBessler:REFERRER to role:hs_office.relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:TENANT by system and assume }", + "{ grant role:hs_office.contact#fourthcontact:REFERRER to role:hs_office.relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:TENANT by system and assume }", // REPRESENTATIVE holder person -> (represented) anchor person - "{ grant role:hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:TENANT to role:hs_office_contact#fourthcontact:ADMIN by system and assume }", + "{ grant role:hs_office.relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:TENANT to role:hs_office.contact#fourthcontact:ADMIN by system and assume }", null) ); } @@ -217,7 +217,7 @@ class HsOfficeRelationRepositoryIntegrationTest extends ContextBasedTestWithClea assertThatRelationActuallyInDatabase(givenRelation); assertThatRelationIsVisibleForUserWithRole( givenRelation, - "hs_office_person#ErbenBesslerMelBessler:ADMIN"); + "hs_office.person#ErbenBesslerMelBessler:ADMIN"); context("superuser-alex@hostsharing.net"); final var givenContact = contactrealRepo.findContactByOptionalCaptionLike("sixth contact").stream().findFirst().orElseThrow(); @@ -236,11 +236,11 @@ class HsOfficeRelationRepositoryIntegrationTest extends ContextBasedTestWithClea "rbac.global#global:ADMIN"); assertThatRelationIsVisibleForUserWithRole( result.returnedValue(), - "hs_office_contact#sixthcontact:ADMIN"); + "hs_office.contact#sixthcontact:ADMIN"); assertThatRelationIsNotVisibleForUserWithRole( result.returnedValue(), - "hs_office_contact#fifthcontact:ADMIN"); + "hs_office.contact#fifthcontact:ADMIN"); relationRbacRepo.deleteByUuid(givenRelation.getUuid()); } @@ -253,19 +253,19 @@ class HsOfficeRelationRepositoryIntegrationTest extends ContextBasedTestWithClea "Anita", "eighth"); assertThatRelationIsVisibleForUserWithRole( givenRelation, - "hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerAnita:AGENT"); + "hs_office.relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerAnita:AGENT"); assertThatRelationActuallyInDatabase(givenRelation); // when final var result = jpaAttempt.transacted(() -> { - context("superuser-alex@hostsharing.net", "hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerAnita:AGENT"); + context("superuser-alex@hostsharing.net", "hs_office.relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerAnita:AGENT"); givenRelation.setContact(null); return relationRbacRepo.save(givenRelation); }); // then result.assertExceptionWithRootCauseMessage(JpaSystemException.class, - "[403] Subject ", " is not allowed to update hs_office_relation uuid"); + "[403] Subject ", " is not allowed to update hs_office.relation uuid"); } @Test @@ -276,19 +276,19 @@ class HsOfficeRelationRepositoryIntegrationTest extends ContextBasedTestWithClea "Anita", "ninth"); assertThatRelationIsVisibleForUserWithRole( givenRelation, - "hs_office_contact#ninthcontact:ADMIN"); + "hs_office.contact#ninthcontact:ADMIN"); assertThatRelationActuallyInDatabase(givenRelation); // when final var result = jpaAttempt.transacted(() -> { - context("superuser-alex@hostsharing.net", "hs_office_contact#ninthcontact:ADMIN"); + context("superuser-alex@hostsharing.net", "hs_office.contact#ninthcontact:ADMIN"); givenRelation.setContact(null); // TODO return relationRbacRepo.save(givenRelation); }); // then result.assertExceptionWithRootCauseMessage(JpaSystemException.class, - "[403] Subject ", " is not allowed to update hs_office_relation uuid"); + "[403] Subject ", " is not allowed to update hs_office.relation uuid"); } private void assertThatRelationActuallyInDatabase(final HsOfficeRelation saved) { @@ -360,7 +360,7 @@ class HsOfficeRelationRepositoryIntegrationTest extends ContextBasedTestWithClea // then result.assertExceptionWithRootCauseMessage( JpaSystemException.class, - "[403] Subject ", " not allowed to delete hs_office_relation"); + "[403] Subject ", " not allowed to delete hs_office.relation"); assertThat(jpaAttempt.transacted(() -> { context("superuser-alex@hostsharing.net"); return relationRbacRepo.findByUuid(givenRelation.getUuid()); @@ -396,7 +396,7 @@ class HsOfficeRelationRepositoryIntegrationTest extends ContextBasedTestWithClea final var query = em.createNativeQuery(""" select currentTask, targetTable, targetOp, targetdelta->>'mark' from base.tx_journal_v - where targettable = 'hs_office_relation'; + where targettable = 'hs_office.relation'; """); // when @@ -404,7 +404,7 @@ class HsOfficeRelationRepositoryIntegrationTest extends ContextBasedTestWithClea // then assertThat(customerLogEntries).map(Arrays::toString).contains( - "[creating relation test-data, hs_office_relation, INSERT, members-announce]"); + "[creating relation test-data, hs_office.relation, INSERT, members-announce]"); } private HsOfficeRelationRbacEntity givenSomeTemporaryRelationBessler(final String holderPerson, final String contact) { diff --git a/src/test/java/net/hostsharing/hsadminng/hs/office/sepamandate/HsOfficeSepaMandateRepositoryIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/hs/office/sepamandate/HsOfficeSepaMandateRepositoryIntegrationTest.java index ff5ea172..8046fc68 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/office/sepamandate/HsOfficeSepaMandateRepositoryIntegrationTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/office/sepamandate/HsOfficeSepaMandateRepositoryIntegrationTest.java @@ -95,7 +95,7 @@ class HsOfficeSepaMandateRepositoryIntegrationTest extends ContextBasedTestWithC context("superuser-alex@hostsharing.net"); final var initialRoleNames = distinctRoleNamesOf(rawRoleRepo.findAll()); final var initialGrantNames = distinctGrantDisplaysOf(rawGrantRepo.findAll()).stream() - .map(s -> s.replace("hs_office_", "")) + .map(s -> s.replace("hs_office.", "")) .toList(); // when @@ -117,12 +117,12 @@ class HsOfficeSepaMandateRepositoryIntegrationTest extends ContextBasedTestWithC final var all = rawRoleRepo.findAll(); assertThat(distinctRoleNamesOf(all)).containsExactlyInAnyOrder(Array.from( initialRoleNames, - "hs_office_sepamandate#DE02600501010002034304-[2020-01-01,2023-01-01):ADMIN", - "hs_office_sepamandate#DE02600501010002034304-[2020-01-01,2023-01-01):AGENT", - "hs_office_sepamandate#DE02600501010002034304-[2020-01-01,2023-01-01):OWNER", - "hs_office_sepamandate#DE02600501010002034304-[2020-01-01,2023-01-01):REFERRER")); + "hs_office.sepamandate#DE02600501010002034304-[2020-01-01,2023-01-01):ADMIN", + "hs_office.sepamandate#DE02600501010002034304-[2020-01-01,2023-01-01):AGENT", + "hs_office.sepamandate#DE02600501010002034304-[2020-01-01,2023-01-01):OWNER", + "hs_office.sepamandate#DE02600501010002034304-[2020-01-01,2023-01-01):REFERRER")); assertThat(distinctGrantDisplaysOf(rawGrantRepo.findAll())) - .map(s -> s.replace("hs_office_", "")) + .map(s -> s.replace("hs_office.", "")) .containsExactlyInAnyOrder(fromFormatted( initialGrantNames, @@ -233,7 +233,7 @@ class HsOfficeSepaMandateRepositoryIntegrationTest extends ContextBasedTestWithC final var givenSepaMandate = givenSomeTemporarySepaMandate("DE02600501010002034304"); assertThatSepaMandateIsVisibleForUserWithRole( givenSepaMandate, - "hs_office_bankaccount#DE02600501010002034304:ADMIN"); + "hs_office.bankaccount#DE02600501010002034304:ADMIN"); // when final var result = jpaAttempt.transacted(() -> { @@ -262,13 +262,13 @@ class HsOfficeSepaMandateRepositoryIntegrationTest extends ContextBasedTestWithC final var givenSepaMandate = givenSomeTemporarySepaMandate("DE02300606010002474689"); assertThatSepaMandateIsVisibleForUserWithRole( givenSepaMandate, - "hs_office_bankaccount#DE02300606010002474689:ADMIN"); + "hs_office.bankaccount#DE02300606010002474689:ADMIN"); assertThatSepaMandateActuallyInDatabase(givenSepaMandate); final var newValidityEnd = LocalDate.now(); // when final var result = jpaAttempt.transacted(() -> { - context("superuser-alex@hostsharing.net", "hs_office_bankaccount#DE02300606010002474689:ADMIN"); + context("superuser-alex@hostsharing.net", "hs_office.bankaccount#DE02300606010002474689:ADMIN"); givenSepaMandate.setValidity(Range.closedOpen( givenSepaMandate.getValidity().lower(), newValidityEnd)); @@ -277,7 +277,7 @@ class HsOfficeSepaMandateRepositoryIntegrationTest extends ContextBasedTestWithC // then result.assertExceptionWithRootCauseMessage(JpaSystemException.class, - "[403] Subject ", " is not allowed to update hs_office_sepamandate uuid"); + "[403] Subject ", " is not allowed to update hs_office.sepamandate uuid"); } private void assertThatSepaMandateActuallyInDatabase(final HsOfficeSepaMandateEntity saved) { @@ -346,7 +346,7 @@ class HsOfficeSepaMandateRepositoryIntegrationTest extends ContextBasedTestWithC // then result.assertExceptionWithRootCauseMessage( JpaSystemException.class, - "[403] Subject ", " not allowed to delete hs_office_sepamandate"); + "[403] Subject ", " not allowed to delete hs_office.sepamandate"); assertThat(jpaAttempt.transacted(() -> { context("superuser-alex@hostsharing.net"); return sepaMandateRepo.findByUuid(givenSepaMandate.getUuid()); @@ -381,7 +381,7 @@ class HsOfficeSepaMandateRepositoryIntegrationTest extends ContextBasedTestWithC final var query = em.createNativeQuery(""" select currentTask, targetTable, targetOp, targetdelta->>'reference' from base.tx_journal_v - where targettable = 'hs_office_sepamandate'; + where targettable = 'hs_office.sepamandate'; """); // when @@ -389,9 +389,9 @@ class HsOfficeSepaMandateRepositoryIntegrationTest extends ContextBasedTestWithC // then assertThat(customerLogEntries).map(Arrays::toString).contains( - "[creating SEPA-mandate test-data, hs_office_sepamandate, INSERT, ref-10001-11]", - "[creating SEPA-mandate test-data, hs_office_sepamandate, INSERT, ref-10002-12]", - "[creating SEPA-mandate test-data, hs_office_sepamandate, INSERT, ref-10003-13]"); + "[creating SEPA-mandate test-data, hs_office.sepamandate, INSERT, ref-10001-11]", + "[creating SEPA-mandate test-data, hs_office.sepamandate, INSERT, ref-10002-12]", + "[creating SEPA-mandate test-data, hs_office.sepamandate, INSERT, ref-10003-13]"); } private HsOfficeSepaMandateEntity givenSomeTemporarySepaMandate(final String iban) { diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/grant/RbacGrantsDiagramServiceIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/rbac/grant/RbacGrantsDiagramServiceIntegrationTest.java index 2f6dc3a9..f3ebb87f 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/grant/RbacGrantsDiagramServiceIntegrationTest.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/grant/RbacGrantsDiagramServiceIntegrationTest.java @@ -90,12 +90,12 @@ class RbacGrantsDiagramServiceIntegrationTest extends ContextBasedTestWithCleanu @Test @Disabled // enable to generate from a real database void print() throws IOException { - //context("superuser-alex@hostsharing.net", "hs_office_person#FirbySusan:ADMIN"); + //context("superuser-alex@hostsharing.net", "hs_office.person#FirbySusan:ADMIN"); context("superuser-alex@hostsharing.net"); //final var graph = grantsMermaidService.allGrantsTocurrentSubject(EnumSet.of(Include.NON_TEST_ENTITIES, Include.PERMISSIONS)); - final var targetObject = (UUID) em.createNativeQuery("SELECT uuid FROM hs_office_coopassetstransaction WHERE reference='ref 1000101-1'").getSingleResult(); + final var targetObject = (UUID) em.createNativeQuery("SELECT uuid FROM hs_office.coopassetstransaction WHERE reference='ref 1000101-1'").getSingleResult(); final var graph = grantsMermaidService.allGrantsFrom(targetObject, "view", EnumSet.of(Include.USERS)); RbacGrantsDiagramService.writeToFile(join(";", context.fetchAssumedRoles()), graph, "doc/all-grants.md");