split tx_audit_log into tx_context and tx_journal
This commit is contained in:
parent
e880a1c2c8
commit
258f8b1f66
@ -23,9 +23,6 @@ public class RbacUserController implements RbacusersApi {
|
||||
@Autowired
|
||||
private Context context;
|
||||
|
||||
@Autowired
|
||||
private EntityManager em;
|
||||
|
||||
@Autowired
|
||||
private RbacUserRepository rbacUserRepository;
|
||||
|
||||
|
@ -16,82 +16,95 @@ do $$
|
||||
--//
|
||||
|
||||
-- ============================================================================
|
||||
--changeset audit-TABLE-TX-AUDIT-LOG:1 endDelimiter:--//
|
||||
--changeset audit-TX-CONTEXT-TABLE:1 endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
/*
|
||||
A table storing the transaction audit log for all target tables.
|
||||
A table storing transactions with context data.
|
||||
*/
|
||||
create table "tx_audit_log"
|
||||
create table tx_context
|
||||
(
|
||||
txId bigint not null,
|
||||
txTimestamp timestamp not null,
|
||||
currentUser varchar(63) not null, -- TODO.SPEC: Keep user name or uuid in audit-log?
|
||||
assumedRoles varchar not null, -- TODO.SPEC: Store role names or uuids in audit-log?
|
||||
currentTask varchar not null,
|
||||
targetTable text not null,
|
||||
targetUuid uuid not null, -- TODO.SPEC: All audited tables have a uuid column.
|
||||
targetOp operation not null,
|
||||
targetDelta jsonb
|
||||
txId bigint primary key not null,
|
||||
txTimestamp timestamp not null,
|
||||
currentUser varchar(63) not null, -- not the uuid, because users can be deleted
|
||||
assumedRoles varchar not null, -- not the uuids, because roles can be deleted
|
||||
currentTask varchar not null
|
||||
);
|
||||
|
||||
create index on tx_audit_log using brin (txTimestamp);
|
||||
create index on tx_audit_log (targetTable, targetUuid);
|
||||
create index on tx_context using brin (txTimestamp);
|
||||
--//
|
||||
|
||||
-- ============================================================================
|
||||
--changeset audit-TX-AUDIT-TRIGGER:1 endDelimiter:--//
|
||||
--changeset audit-TX-JOURNAL-TABLE:1 endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
/*
|
||||
Trigger function for transaction audit log.
|
||||
A table storing the transaction audit journal for all target tables it's configured for.
|
||||
*/
|
||||
create or replace function tx_audit_log_trigger()
|
||||
create table tx_journal
|
||||
(
|
||||
txId bigint not null references tx_context (txId),
|
||||
targetTable text not null,
|
||||
targetUuid uuid not null, -- Assumes that all audited tables have a uuid column.
|
||||
targetOp operation not null,
|
||||
targetDelta jsonb
|
||||
);
|
||||
|
||||
create index on tx_journal (targetTable, targetUuid);
|
||||
--//
|
||||
|
||||
-- ============================================================================
|
||||
--changeset audit-TX-JOURNAL-TRIGGER:1 endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
/*
|
||||
Trigger function for transaction audit journal.
|
||||
*/
|
||||
create or replace function tx_journal_trigger()
|
||||
returns trigger
|
||||
language plpgsql as $$
|
||||
begin
|
||||
|
||||
insert
|
||||
into tx_context
|
||||
values (txid_current(), now(),
|
||||
currentUser(), assumedRoles(), currentTask())
|
||||
on conflict do nothing;
|
||||
|
||||
case tg_op
|
||||
when 'INSERT' then
|
||||
insert
|
||||
into tx_audit_log
|
||||
values (txid_current(), now(),
|
||||
currentUser(), assumedRoles(), currentTask(),
|
||||
tg_table_name, new.uuid, tg_op::operation,
|
||||
to_jsonb(new));
|
||||
when 'UPDATE' then
|
||||
insert
|
||||
into tx_audit_log
|
||||
values (txid_current(), now(),
|
||||
currentUser(), assumedRoles(), currentTask(),
|
||||
tg_table_name, old.uuid, tg_op::operation,
|
||||
jsonb_changes_delta(to_jsonb(old), to_jsonb(new)));
|
||||
when 'DELETE' then
|
||||
insert
|
||||
into tx_audit_log
|
||||
values (txid_current(), now(),
|
||||
currentUser(), assumedRoles(), currentTask(),
|
||||
tg_table_name, old.uuid, 'DELETE'::operation,
|
||||
null::jsonb);
|
||||
else
|
||||
raise exception 'Trigger op % not supported for %.', tg_op, tg_table_name;
|
||||
end case;
|
||||
when 'INSERT' then insert
|
||||
into tx_journal
|
||||
values (txid_current(),
|
||||
tg_table_name, new.uuid, tg_op::operation,
|
||||
to_jsonb(new));
|
||||
when 'UPDATE' then insert
|
||||
into tx_journal
|
||||
values (txid_current(),
|
||||
tg_table_name, old.uuid, tg_op::operation,
|
||||
jsonb_changes_delta(to_jsonb(old), to_jsonb(new)));
|
||||
when 'DELETE' then insert
|
||||
into tx_journal
|
||||
values (txid_current(),
|
||||
tg_table_name, old.uuid, 'DELETE'::operation,
|
||||
null::jsonb);
|
||||
else raise exception 'Trigger op % not supported for %.', tg_op, tg_table_name;
|
||||
end case;
|
||||
return null;
|
||||
end; $$;
|
||||
--//
|
||||
|
||||
-- ============================================================================
|
||||
--changeset audit-CREATE-AUDIT-LOG:1 endDelimiter:--//
|
||||
--changeset audit-CREATE-JOURNAL-LOG:1 endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
/*
|
||||
Trigger function for transaction audit log.
|
||||
Trigger function for transaction audit journal.
|
||||
*/
|
||||
|
||||
create or replace procedure create_audit_log(targetTable varchar)
|
||||
create or replace procedure create_journal(targetTable varchar)
|
||||
language plpgsql as $$
|
||||
declare
|
||||
createTriggerSQL varchar;
|
||||
createTriggerSQL varchar;
|
||||
begin
|
||||
createTriggerSQL = 'CREATE TRIGGER ' || targetTable || '_audit_log' ||
|
||||
createTriggerSQL = 'CREATE TRIGGER ' || targetTable || '_journal' ||
|
||||
' AFTER INSERT OR UPDATE OR DELETE ON ' || targetTable ||
|
||||
' FOR EACH ROW EXECUTE PROCEDURE tx_audit_log_trigger()';
|
||||
' FOR EACH ROW EXECUTE PROCEDURE tx_journal_trigger()';
|
||||
raise notice 'sql: %', createTriggerSQL;
|
||||
execute createTriggerSQL;
|
||||
end; $$;
|
||||
|
@ -40,7 +40,7 @@ create table RbacUser
|
||||
name varchar(63) not null unique
|
||||
);
|
||||
|
||||
call create_audit_log('RbacUser');
|
||||
call create_journal('RbacUser');
|
||||
|
||||
create or replace function createRbacUser(userName varchar)
|
||||
returns uuid
|
||||
@ -120,7 +120,7 @@ create table RbacObject
|
||||
unique (objectTable, uuid)
|
||||
);
|
||||
|
||||
call create_audit_log('RbacObject');
|
||||
call create_journal('RbacObject');
|
||||
|
||||
create or replace function createRbacObject()
|
||||
returns trigger
|
||||
@ -166,7 +166,7 @@ create table RbacRole
|
||||
unique (objectUuid, roleType)
|
||||
);
|
||||
|
||||
call create_audit_log('RbacRole');
|
||||
call create_journal('RbacRole');
|
||||
|
||||
create type RbacRoleDescriptor as
|
||||
(
|
||||
@ -287,7 +287,7 @@ create table RbacPermission
|
||||
unique (objectUuid, op)
|
||||
);
|
||||
|
||||
call create_audit_log('RbacPermission');
|
||||
call create_journal('RbacPermission');
|
||||
|
||||
create or replace function permissionExists(forObjectUuid uuid, forOp RbacOp)
|
||||
returns bool
|
||||
@ -368,7 +368,7 @@ create table RbacGrants
|
||||
create index on RbacGrants (ascendantUuid);
|
||||
create index on RbacGrants (descendantUuid);
|
||||
|
||||
call create_audit_log('RbacGrants');
|
||||
call create_journal('RbacGrants');
|
||||
|
||||
create or replace function findGrantees(grantedId uuid)
|
||||
returns setof RbacReference
|
||||
|
Loading…
Reference in New Issue
Block a user