introduces generateRbacIdentityView to generate identity views

This commit is contained in:
Michael Hoennig 2022-09-16 16:14:39 +02:00
parent d63e3f31e9
commit 2cae17a045
7 changed files with 63 additions and 190 deletions

View File

@ -70,3 +70,46 @@ begin
execute sql;
end; $$;
--//
-- ============================================================================
--changeset rbac-generators-IDENTITY-VIEW:1 endDelimiter:--//
-- ----------------------------------------------------------------------------
create or replace procedure generateRbacIdentityView(targetTable text, idNameExpression text)
language plpgsql as $$
declare
sql text;
begin
-- create a view to the target main table which maps an idName to the objectUuid
sql = format($sql$
create or replace view %1$s_iv as
select target.uuid, cleanIdentifier(%2$s) as idName
from %1$s as target;
grant all privileges on %1$s_iv to restricted;
$sql$, targetTable, idNameExpression);
execute sql;
-- creates a function which maps an idName to the objectUuid
sql = format($sql$
create or replace function %1$sUuidByIdName(givenIdName varchar)
returns uuid
language sql
strict as $f$
select uuid from %1$s_iv iv where iv.idName = givenIdName;
$f$;
$sql$, targetTable);
execute sql;
-- creates a function which maps an objectUuid to the related idName
sql = format($sql$
create or replace function %1$sIdNameByUuid(givenUuid uuid)
returns varchar
language sql
strict as $f$
select idName from %1$s_iv iv where iv.uuid = givenUuid;
$f$;
$sql$, targetTable);
execute sql;
end; $$;
--//

View File

@ -78,37 +78,9 @@ execute procedure createRbacRolesForTestCustomer();
-- ============================================================================
--changeset test-customer-rbac-IDENTITY-VIEW:1 endDelimiter:--//
-- ----------------------------------------------------------------------------
/*
Creates a view to the customer main table which maps the identifying name
(in this case, the prefix) to the objectUuid.
*/
drop view if exists test_customer_iv;
create or replace view test_customer_iv as
select target.uuid, target.prefix as idName
from test_customer as target;
-- TODO.spec: Is it ok that everybody has access to this information?
grant all privileges on test_customer_iv to restricted;
/*
Returns the objectUuid for a given identifying name (in this case the prefix).
*/
create or replace function test_customerUuidByIdName(idName varchar)
returns uuid
language sql
strict as $$
select uuid from test_customer_iv iv where iv.idName = test_customerUuidByIdName.idName;
$$;
/*
Returns the identifying name for a given objectUuid (in this case the prefix).
*/
create or replace function test_customerIdNameByUuid(uuid uuid)
returns varchar
language sql
strict as $$
select idName from test_customer_iv iv where iv.uuid = test_customerIdNameByUuid.uuid;
$$;
call generateRbacIdentityView('test_customer', $idName$
target.prefix
$idName$);
--//

View File

@ -76,38 +76,9 @@ execute procedure createRbacRolesForTestPackage();
-- ============================================================================
--changeset test-package-rbac-IDENTITY-VIEW:1 endDelimiter:--//
-- ----------------------------------------------------------------------------
/*
Creates a view to the package main table which maps the identifying name
(in this case, actually the column `name`) to the objectUuid.
*/
drop view if exists test_package_iv;
create or replace view test_package_iv as
select distinct target.uuid, target.name as idName
from test_package as target;
-- TODO: Is it ok that everybody has access to this information?
grant all privileges on test_package_iv to restricted;
/*
Returns the objectUuid for a given identifying name (in this case, actually the column `name`).
*/
create or replace function test_packageUuidByIdName(idName varchar)
returns uuid
language sql
strict as $$
select uuid from test_package_iv iv where iv.idName = test_packageUuidByIdName.idName;
$$;
/*
Returns the identifying name for a given objectUuid (in this case the name).
*/
create or replace function test_packageIdNameByUuid(uuid uuid)
returns varchar
stable leakproof
language sql
strict as $$
select idName from test_package_iv iv where iv.uuid = test_packageIdNameByUuid.uuid;
$$;
call generateRbacIdentityView('test_package', $idName$
target.name
$idName$);
--//

View File

@ -93,38 +93,9 @@ execute procedure createRbacRulesForTestDomain();
-- ============================================================================
--changeset test-domain-rbac-IDENTITY-VIEW:1 endDelimiter:--//
-- ----------------------------------------------------------------------------
/*
Creates a view to the domain main table which maps the identifying name
(in this case, actually the column `name`) to the objectUuid.
*/
drop view if exists test_domain_iv;
create or replace view test_domain_iv as
select distinct target.uuid, target.name as idName
from test_domain as target;
-- TODO.spec: Is it ok that everybody has access to this information?
grant all privileges on test_domain_iv to restricted;
/*
Returns the objectUuid for a given identifying name (in this case, actually the column `name`).
*/
create or replace function test_domainUuidByIdName(idName varchar)
returns uuid
language sql
strict as $$
select uuid from test_domain_iv iv where iv.idName = test_domainUuidByIdName.idName;
$$;
/*
Returns the identifying name for a given objectUuid (in this case the name).
*/
create or replace function test_domainIdNameByUuid(uuid uuid)
returns varchar
stable leakproof
language sql
strict as $$
select idName from test_domain_iv iv where iv.uuid = test_domainIdNameByUuid.uuid;
$$;
call generateRbacIdentityView('test_domain', $idName$
target.name
$idName$);
--//

View File

@ -77,35 +77,9 @@ execute procedure createRbacRolesForHsOfficeContact();
--changeset hs-office-contact-rbac-IDENTITY-VIEW:1 endDelimiter:--//
-- ----------------------------------------------------------------------------
/*
Creates a view to the contact main table which maps the identifying name
(in this case, the prefix) to the objectUuid.
*/
create or replace view hs_office_contact_iv as
select target.uuid, cleanIdentifier(target.label) as idName
from hs_office_contact as target;
-- TODO.spec: Is it ok that everybody has access to this information?
grant all privileges on hs_office_contact_iv to restricted;
/*
Returns the objectUuid for a given identifying name (in this case the prefix).
*/
create or replace function hs_office_contactUuidByIdName(idName varchar)
returns uuid
language sql
strict as $$
select uuid from hs_office_contact_iv iv where iv.idName = hs_office_contactUuidByIdName.idName;
$$;
/*
Returns the identifying name for a given objectUuid (in this case the label).
*/
create or replace function hs_office_contactIdNameByUuid(uuid uuid)
returns varchar
language sql
strict as $$
select idName from hs_office_contact_iv iv where iv.uuid = hs_office_contactIdNameByUuid.uuid;
$$;
call generateRbacIdentityView('hs_office_contact', $idName$
target.label
$idName$);
--//

View File

@ -76,36 +76,9 @@ execute procedure createRbacRolesForHsOfficePerson();
-- ============================================================================
--changeset hs-office-person-rbac-IDENTITY-VIEW:1 endDelimiter:--//
-- ----------------------------------------------------------------------------
/*
Creates a view to the person main table which maps the identifying name
(in this case, the prefix) to the objectUuid.
*/
create or replace view hs_office_person_iv as
select target.uuid, cleanIdentifier(concat(target.tradeName, target.familyName, target.givenName)) as idName
from hs_office_person as target;
-- TODO.spec: Is it ok that everybody has access to this information?
grant all privileges on hs_office_person_iv to restricted;
/*
Returns the objectUuid for a given identifying name (in this case the prefix).
*/
create or replace function hs_office_personUuidByIdName(idName varchar)
returns uuid
language sql
strict as $$
select uuid from hs_office_person_iv iv where iv.idName = hs_office_personUuidByIdName.idName;
$$;
/*
Returns the identifying name for a given objectUuid (in this case the label).
*/
create or replace function hs_office_personIdNameByUuid(uuid uuid)
returns varchar
language sql
strict as $$
select idName from hs_office_person_iv iv where iv.uuid = hs_office_personIdNameByUuid.uuid;
$$;
call generateRbacIdentityView('hs_office_person', $idName$
concat(target.tradeName, target.familyName, target.givenName)
$idName$);
--//

View File

@ -116,42 +116,11 @@ execute procedure hsOfficePartnerRbacRolesTrigger();
-- ============================================================================
--changeset hs-office-partner-rbac-IDENTITY-VIEW:1 endDelimiter:--//
-- ----------------------------------------------------------------------------
/*
Creates a view to the partner main table which maps the identifying name
(in this case, the prefix) to the objectUuid.
*/
create or replace view hs_office_partner_iv as
select target.uuid,
cleanIdentifier(
(select idName from hs_office_person_iv p where p.uuid = target.personuuid)
|| '-' ||
(select idName from hs_office_contact_iv c where c.uuid = target.contactuuid)
)
as idName
from hs_office_partner as target;
-- TODO.spec: Is it ok that everybody has access to this information?
grant all privileges on hs_office_partner_iv to restricted;
/*
Returns the objectUuid for a given identifying name (in this case the prefix).
*/
create or replace function hs_office_partnerUuidByIdName(idName varchar)
returns uuid
language sql
strict as $$
select uuid from hs_office_partner_iv iv where iv.idName = hs_office_partnerUuidByIdName.idName;
$$;
/*
Returns the identifying name for a given objectUuid (in this case the label).
*/
create or replace function hs_office_partnerIdNameByUuid(uuid uuid)
returns varchar
language sql
strict as $$
select idName from hs_office_partner_iv iv where iv.uuid = hs_office_partnerIdNameByUuid.uuid;
$$;
call generateRbacIdentityView('hs_office_partner', $idName$
(select idName from hs_office_person_iv p where p.uuid = target.personuuid)
|| '-' ||
(select idName from hs_office_contact_iv c where c.uuid = target.contactuuid)
$idName$);
--//