introduces generateRbacIdentityView to generate identity views
This commit is contained in:
Michael Hoennig
parent
d63e3f31e9
commit
2cae17a045
@ -70,3 +70,46 @@ begin
|
||||
execute sql;
|
||||
end; $$;
|
||||
--//
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset rbac-generators-IDENTITY-VIEW:1 endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
create or replace procedure generateRbacIdentityView(targetTable text, idNameExpression text)
|
||||
language plpgsql as $$
|
||||
declare
|
||||
sql text;
|
||||
begin
|
||||
-- create a view to the target main table which maps an idName to the objectUuid
|
||||
sql = format($sql$
|
||||
create or replace view %1$s_iv as
|
||||
select target.uuid, cleanIdentifier(%2$s) as idName
|
||||
from %1$s as target;
|
||||
grant all privileges on %1$s_iv to restricted;
|
||||
$sql$, targetTable, idNameExpression);
|
||||
execute sql;
|
||||
|
||||
-- creates a function which maps an idName to the objectUuid
|
||||
sql = format($sql$
|
||||
create or replace function %1$sUuidByIdName(givenIdName varchar)
|
||||
returns uuid
|
||||
language sql
|
||||
strict as $f$
|
||||
select uuid from %1$s_iv iv where iv.idName = givenIdName;
|
||||
$f$;
|
||||
$sql$, targetTable);
|
||||
execute sql;
|
||||
|
||||
-- creates a function which maps an objectUuid to the related idName
|
||||
sql = format($sql$
|
||||
create or replace function %1$sIdNameByUuid(givenUuid uuid)
|
||||
returns varchar
|
||||
language sql
|
||||
strict as $f$
|
||||
select idName from %1$s_iv iv where iv.uuid = givenUuid;
|
||||
$f$;
|
||||
$sql$, targetTable);
|
||||
execute sql;
|
||||
end; $$;
|
||||
--//
|
||||
|
||||
@ -78,37 +78,9 @@ execute procedure createRbacRolesForTestCustomer();
|
||||
-- ============================================================================
|
||||
--changeset test-customer-rbac-IDENTITY-VIEW:1 endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
/*
|
||||
Creates a view to the customer main table which maps the identifying name
|
||||
(in this case, the prefix) to the objectUuid.
|
||||
*/
|
||||
drop view if exists test_customer_iv;
|
||||
create or replace view test_customer_iv as
|
||||
select target.uuid, target.prefix as idName
|
||||
from test_customer as target;
|
||||
-- TODO.spec: Is it ok that everybody has access to this information?
|
||||
grant all privileges on test_customer_iv to restricted;
|
||||
|
||||
/*
|
||||
Returns the objectUuid for a given identifying name (in this case the prefix).
|
||||
*/
|
||||
create or replace function test_customerUuidByIdName(idName varchar)
|
||||
returns uuid
|
||||
language sql
|
||||
strict as $$
|
||||
select uuid from test_customer_iv iv where iv.idName = test_customerUuidByIdName.idName;
|
||||
$$;
|
||||
|
||||
/*
|
||||
Returns the identifying name for a given objectUuid (in this case the prefix).
|
||||
*/
|
||||
create or replace function test_customerIdNameByUuid(uuid uuid)
|
||||
returns varchar
|
||||
language sql
|
||||
strict as $$
|
||||
select idName from test_customer_iv iv where iv.uuid = test_customerIdNameByUuid.uuid;
|
||||
$$;
|
||||
call generateRbacIdentityView('test_customer', $idName$
|
||||
target.prefix
|
||||
$idName$);
|
||||
--//
|
||||
|
||||
|
||||
|
||||
@ -76,38 +76,9 @@ execute procedure createRbacRolesForTestPackage();
|
||||
-- ============================================================================
|
||||
--changeset test-package-rbac-IDENTITY-VIEW:1 endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
/*
|
||||
Creates a view to the package main table which maps the identifying name
|
||||
(in this case, actually the column `name`) to the objectUuid.
|
||||
*/
|
||||
drop view if exists test_package_iv;
|
||||
create or replace view test_package_iv as
|
||||
select distinct target.uuid, target.name as idName
|
||||
from test_package as target;
|
||||
-- TODO: Is it ok that everybody has access to this information?
|
||||
grant all privileges on test_package_iv to restricted;
|
||||
|
||||
/*
|
||||
Returns the objectUuid for a given identifying name (in this case, actually the column `name`).
|
||||
*/
|
||||
create or replace function test_packageUuidByIdName(idName varchar)
|
||||
returns uuid
|
||||
language sql
|
||||
strict as $$
|
||||
select uuid from test_package_iv iv where iv.idName = test_packageUuidByIdName.idName;
|
||||
$$;
|
||||
|
||||
/*
|
||||
Returns the identifying name for a given objectUuid (in this case the name).
|
||||
*/
|
||||
create or replace function test_packageIdNameByUuid(uuid uuid)
|
||||
returns varchar
|
||||
stable leakproof
|
||||
language sql
|
||||
strict as $$
|
||||
select idName from test_package_iv iv where iv.uuid = test_packageIdNameByUuid.uuid;
|
||||
$$;
|
||||
call generateRbacIdentityView('test_package', $idName$
|
||||
target.name
|
||||
$idName$);
|
||||
--//
|
||||
|
||||
|
||||
|
||||
@ -93,38 +93,9 @@ execute procedure createRbacRulesForTestDomain();
|
||||
-- ============================================================================
|
||||
--changeset test-domain-rbac-IDENTITY-VIEW:1 endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
/*
|
||||
Creates a view to the domain main table which maps the identifying name
|
||||
(in this case, actually the column `name`) to the objectUuid.
|
||||
*/
|
||||
drop view if exists test_domain_iv;
|
||||
create or replace view test_domain_iv as
|
||||
select distinct target.uuid, target.name as idName
|
||||
from test_domain as target;
|
||||
-- TODO.spec: Is it ok that everybody has access to this information?
|
||||
grant all privileges on test_domain_iv to restricted;
|
||||
|
||||
/*
|
||||
Returns the objectUuid for a given identifying name (in this case, actually the column `name`).
|
||||
*/
|
||||
create or replace function test_domainUuidByIdName(idName varchar)
|
||||
returns uuid
|
||||
language sql
|
||||
strict as $$
|
||||
select uuid from test_domain_iv iv where iv.idName = test_domainUuidByIdName.idName;
|
||||
$$;
|
||||
|
||||
/*
|
||||
Returns the identifying name for a given objectUuid (in this case the name).
|
||||
*/
|
||||
create or replace function test_domainIdNameByUuid(uuid uuid)
|
||||
returns varchar
|
||||
stable leakproof
|
||||
language sql
|
||||
strict as $$
|
||||
select idName from test_domain_iv iv where iv.uuid = test_domainIdNameByUuid.uuid;
|
||||
$$;
|
||||
call generateRbacIdentityView('test_domain', $idName$
|
||||
target.name
|
||||
$idName$);
|
||||
--//
|
||||
|
||||
|
||||
|
||||
@ -77,35 +77,9 @@ execute procedure createRbacRolesForHsOfficeContact();
|
||||
--changeset hs-office-contact-rbac-IDENTITY-VIEW:1 endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
/*
|
||||
Creates a view to the contact main table which maps the identifying name
|
||||
(in this case, the prefix) to the objectUuid.
|
||||
*/
|
||||
create or replace view hs_office_contact_iv as
|
||||
select target.uuid, cleanIdentifier(target.label) as idName
|
||||
from hs_office_contact as target;
|
||||
-- TODO.spec: Is it ok that everybody has access to this information?
|
||||
grant all privileges on hs_office_contact_iv to restricted;
|
||||
|
||||
/*
|
||||
Returns the objectUuid for a given identifying name (in this case the prefix).
|
||||
*/
|
||||
create or replace function hs_office_contactUuidByIdName(idName varchar)
|
||||
returns uuid
|
||||
language sql
|
||||
strict as $$
|
||||
select uuid from hs_office_contact_iv iv where iv.idName = hs_office_contactUuidByIdName.idName;
|
||||
$$;
|
||||
|
||||
/*
|
||||
Returns the identifying name for a given objectUuid (in this case the label).
|
||||
*/
|
||||
create or replace function hs_office_contactIdNameByUuid(uuid uuid)
|
||||
returns varchar
|
||||
language sql
|
||||
strict as $$
|
||||
select idName from hs_office_contact_iv iv where iv.uuid = hs_office_contactIdNameByUuid.uuid;
|
||||
$$;
|
||||
call generateRbacIdentityView('hs_office_contact', $idName$
|
||||
target.label
|
||||
$idName$);
|
||||
--//
|
||||
|
||||
|
||||
|
||||
@ -76,36 +76,9 @@ execute procedure createRbacRolesForHsOfficePerson();
|
||||
-- ============================================================================
|
||||
--changeset hs-office-person-rbac-IDENTITY-VIEW:1 endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
/*
|
||||
Creates a view to the person main table which maps the identifying name
|
||||
(in this case, the prefix) to the objectUuid.
|
||||
*/
|
||||
create or replace view hs_office_person_iv as
|
||||
select target.uuid, cleanIdentifier(concat(target.tradeName, target.familyName, target.givenName)) as idName
|
||||
from hs_office_person as target;
|
||||
-- TODO.spec: Is it ok that everybody has access to this information?
|
||||
grant all privileges on hs_office_person_iv to restricted;
|
||||
|
||||
/*
|
||||
Returns the objectUuid for a given identifying name (in this case the prefix).
|
||||
*/
|
||||
create or replace function hs_office_personUuidByIdName(idName varchar)
|
||||
returns uuid
|
||||
language sql
|
||||
strict as $$
|
||||
select uuid from hs_office_person_iv iv where iv.idName = hs_office_personUuidByIdName.idName;
|
||||
$$;
|
||||
|
||||
/*
|
||||
Returns the identifying name for a given objectUuid (in this case the label).
|
||||
*/
|
||||
create or replace function hs_office_personIdNameByUuid(uuid uuid)
|
||||
returns varchar
|
||||
language sql
|
||||
strict as $$
|
||||
select idName from hs_office_person_iv iv where iv.uuid = hs_office_personIdNameByUuid.uuid;
|
||||
$$;
|
||||
call generateRbacIdentityView('hs_office_person', $idName$
|
||||
concat(target.tradeName, target.familyName, target.givenName)
|
||||
$idName$);
|
||||
--//
|
||||
|
||||
|
||||
|
||||
@ -116,42 +116,11 @@ execute procedure hsOfficePartnerRbacRolesTrigger();
|
||||
-- ============================================================================
|
||||
--changeset hs-office-partner-rbac-IDENTITY-VIEW:1 endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
/*
|
||||
Creates a view to the partner main table which maps the identifying name
|
||||
(in this case, the prefix) to the objectUuid.
|
||||
*/
|
||||
create or replace view hs_office_partner_iv as
|
||||
select target.uuid,
|
||||
cleanIdentifier(
|
||||
(select idName from hs_office_person_iv p where p.uuid = target.personuuid)
|
||||
|| '-' ||
|
||||
(select idName from hs_office_contact_iv c where c.uuid = target.contactuuid)
|
||||
)
|
||||
as idName
|
||||
from hs_office_partner as target;
|
||||
-- TODO.spec: Is it ok that everybody has access to this information?
|
||||
grant all privileges on hs_office_partner_iv to restricted;
|
||||
|
||||
/*
|
||||
Returns the objectUuid for a given identifying name (in this case the prefix).
|
||||
*/
|
||||
create or replace function hs_office_partnerUuidByIdName(idName varchar)
|
||||
returns uuid
|
||||
language sql
|
||||
strict as $$
|
||||
select uuid from hs_office_partner_iv iv where iv.idName = hs_office_partnerUuidByIdName.idName;
|
||||
$$;
|
||||
|
||||
/*
|
||||
Returns the identifying name for a given objectUuid (in this case the label).
|
||||
*/
|
||||
create or replace function hs_office_partnerIdNameByUuid(uuid uuid)
|
||||
returns varchar
|
||||
language sql
|
||||
strict as $$
|
||||
select idName from hs_office_partner_iv iv where iv.uuid = hs_office_partnerIdNameByUuid.uuid;
|
||||
$$;
|
||||
call generateRbacIdentityView('hs_office_partner', $idName$
|
||||
(select idName from hs_office_person_iv p where p.uuid = target.personuuid)
|
||||
|| '-' ||
|
||||
(select idName from hs_office_contact_iv c where c.uuid = target.contactuuid)
|
||||
$idName$);
|
||||
--//
|
||||
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user