Liquibase scripts generally work, grants still have to be amended

This commit is contained in:
Michael Hoennig 2024-02-02 15:54:26 +01:00
parent 38487e0579
commit 345359fd18
6 changed files with 51 additions and 83 deletions

View File

@ -30,16 +30,14 @@ declare
oldPartnerRole hs_office_relationship; oldPartnerRole hs_office_relationship;
newPartnerRole hs_office_relationship; newPartnerRole hs_office_relationship;
oldPerson hs_office_person; oldPersonX hs_office_person;
newPerson hs_office_person; newPersonX hs_office_person;
oldContact hs_office_contact; oldContactX hs_office_contact;
newContact hs_office_contact; newContactX hs_office_contact;
begin begin
select * from hs_office_relationship as r where r.uuid = NEW.partnerroleuuid into newPartnerRole; select * from hs_office_relationship as r where r.uuid = NEW.partnerroleuuid into newPartnerRole;
select * from hs_office_person as p where p.uuid = NEW.personUuid into newPerson;
select * from hs_office_contact as c where c.uuid = NEW.contactUuid into newContact;
if TG_OP = 'INSERT' then if TG_OP = 'INSERT' then
@ -57,18 +55,14 @@ begin
incomingSuperRoles => array[ incomingSuperRoles => array[
hsOfficePartnerOwner(NEW)], hsOfficePartnerOwner(NEW)],
outgoingSubRoles => array[ outgoingSubRoles => array[
hsOfficeRelationshipTenant(newPartnerRole), hsOfficeRelationshipTenant(newPartnerRole)]
hsOfficePersonTenant(newPerson),
hsOfficeContactTenant(newContact)]
); );
perform createRoleWithGrants( perform createRoleWithGrants(
hsOfficePartnerAgent(NEW), hsOfficePartnerAgent(NEW),
incomingSuperRoles => array[ incomingSuperRoles => array[
hsOfficePartnerAdmin(NEW), hsOfficePartnerAdmin(NEW),
hsOfficeRelationshipAdmin(newPartnerRole), hsOfficeRelationshipAdmin(newPartnerRole)]
hsOfficePersonAdmin(newPerson),
hsOfficeContactAdmin(newContact)]
); );
perform createRoleWithGrants( perform createRoleWithGrants(
@ -76,9 +70,7 @@ begin
incomingSuperRoles => array[ incomingSuperRoles => array[
hsOfficePartnerAgent(NEW)], hsOfficePartnerAgent(NEW)],
outgoingSubRoles => array[ outgoingSubRoles => array[
hsOfficeRelationshipTenant(newPartnerRole), hsOfficeRelationshipTenant(newPartnerRole)]
hsOfficePersonGuest(newPerson),
hsOfficeContactGuest(newContact)]
); );
perform createRoleWithGrants( perform createRoleWithGrants(
@ -130,31 +122,6 @@ begin
call grantRoleToRole(hsOfficeRelationshipGuest(newPartnerRole), hsOfficePartnerTenant(NEW)); call grantRoleToRole(hsOfficeRelationshipGuest(newPartnerRole), hsOfficePartnerTenant(NEW));
end if; end if;
if OLD.personUuid <> NEW.personUuid then
select * from hs_office_person as p where p.uuid = OLD.personUuid into oldPerson;
call revokeRoleFromRole(hsOfficePersonTenant(oldPerson), hsOfficePartnerAdmin(OLD));
call grantRoleToRole(hsOfficePersonTenant(newPerson), hsOfficePartnerAdmin(NEW));
call revokeRoleFromRole(hsOfficePartnerAgent(OLD), hsOfficePersonAdmin(oldPerson));
call grantRoleToRole(hsOfficePartnerAgent(NEW), hsOfficePersonAdmin(newPerson));
call revokeRoleFromRole(hsOfficePersonGuest(oldPerson), hsOfficePartnerTenant(OLD));
call grantRoleToRole(hsOfficePersonGuest(newPerson), hsOfficePartnerTenant(NEW));
end if;
if OLD.contactUuid <> NEW.contactUuid then
select * from hs_office_contact as c where c.uuid = OLD.contactUuid into oldContact;
call revokeRoleFromRole(hsOfficeContactTenant(oldContact), hsOfficePartnerAdmin(OLD));
call grantRoleToRole(hsOfficeContactTenant(newContact), hsOfficePartnerAdmin(NEW));
call revokeRoleFromRole(hsOfficePartnerAgent(OLD), hsOfficeContactAdmin(oldContact));
call grantRoleToRole(hsOfficePartnerAgent(NEW), hsOfficeContactAdmin(newContact));
call revokeRoleFromRole(hsOfficeContactGuest(oldContact), hsOfficePartnerTenant(OLD));
call grantRoleToRole(hsOfficeContactGuest(newContact), hsOfficePartnerTenant(NEW));
end if;
else else
raise exception 'invalid usage of TRIGGER'; raise exception 'invalid usage of TRIGGER';
end if; end if;
@ -187,9 +154,15 @@ execute procedure hsOfficePartnerRbacRolesTrigger();
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call generateRbacIdentityView('hs_office_partner', $idName$ call generateRbacIdentityView('hs_office_partner', $idName$
partnerNumber || ':' || partnerNumber || ':' ||
(select idName from hs_office_person_iv p where p.uuid = target.personuuid) (select idName
from hs_office_person_iv p
left join hs_office_relationship r on r.uuid = target.partnerRoleUuid
where p.uuid = r.relHolderUuid)
|| '-' || || '-' ||
(select idName from hs_office_contact_iv c where c.uuid = target.contactuuid) (select idName
from hs_office_contact_iv c
left join hs_office_relationship r on r.uuid = target.partnerRoleUuid
where c.uuid = r.contactUuid)
$idName$); $idName$);
--// --//
@ -198,11 +171,9 @@ call generateRbacIdentityView('hs_office_partner', $idName$
--changeset hs-office-partner-rbac-RESTRICTED-VIEW:1 endDelimiter:--// --changeset hs-office-partner-rbac-RESTRICTED-VIEW:1 endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call generateRbacRestrictedView('hs_office_partner', call generateRbacRestrictedView('hs_office_partner',
'(select idName from hs_office_person_iv p where p.uuid = target.personUuid)', 'target.partnerNumber',
$updates$ $updates$
partnerRoleUuid = new.partnerRoleUuid, partnerRoleUuid = new.partnerRoleUuid
personUuid = new.personUuid,
contactUuid = new.contactUuid
$updates$); $updates$);
--// --//

View File

@ -9,10 +9,10 @@
Creates a single partner test record. Creates a single partner test record.
*/ */
create or replace procedure createHsOfficePartnerTestData( create or replace procedure createHsOfficePartnerTestData(
mandantTradeName varchar, mandantTradeName varchar,
partnerNumber numeric(5), newPartnerNumber numeric(5),
partnerPersonName varchar, partnerPersonName varchar,
contactLabel varchar ) contactLabel varchar )
language plpgsql as $$ language plpgsql as $$
declare declare
currentTask varchar; currentTask varchar;
@ -20,7 +20,6 @@ declare
mandantPerson hs_office_person; mandantPerson hs_office_person;
partnerRole hs_office_relationship; partnerRole hs_office_relationship;
relatedPerson hs_office_person; relatedPerson hs_office_person;
relatedContact hs_office_contact;
relatedDetailsUuid uuid; relatedDetailsUuid uuid;
begin begin
idName := cleanIdentifier( partnerPersonName|| '-' || contactLabel); idName := cleanIdentifier( partnerPersonName|| '-' || contactLabel);
@ -38,9 +37,6 @@ begin
select p.* from hs_office_person p select p.* from hs_office_person p
where p.tradeName = partnerPersonName or p.familyName = partnerPersonName where p.tradeName = partnerPersonName or p.familyName = partnerPersonName
into relatedPerson; into relatedPerson;
select c.* from hs_office_contact c
where c.label = contactLabel
into relatedContact;
select r.* from hs_office_relationship r select r.* from hs_office_relationship r
where r.reltype = 'PARTNER' where r.reltype = 'PARTNER'
@ -53,7 +49,6 @@ begin
raise notice 'creating test partner: %', idName; raise notice 'creating test partner: %', idName;
raise notice '- using partnerRole (%): %', partnerRole.uuid, partnerRole; raise notice '- using partnerRole (%): %', partnerRole.uuid, partnerRole;
raise notice '- using person (%): %', relatedPerson.uuid, relatedPerson; raise notice '- using person (%): %', relatedPerson.uuid, relatedPerson;
raise notice '- using contact (%): %', relatedContact.uuid, relatedContact;
if relatedPerson.persontype = 'NP' then if relatedPerson.persontype = 'NP' then
insert insert
@ -68,8 +63,8 @@ begin
end if; end if;
insert insert
into hs_office_partner (uuid, partnerNumber, partnerRoleUuid, personuuid, contactuuid, detailsUuid) into hs_office_partner (uuid, partnerNumber, partnerRoleUuid, detailsUuid)
values (uuid_generate_v4(), partnerNumber, partnerRole.uuid, relatedPerson.uuid, relatedContact.uuid, relatedDetailsUuid); values (uuid_generate_v4(), newPartnerNumber, partnerRole.uuid, relatedDetailsUuid);
end; $$; end; $$;
--// --//

View File

@ -8,31 +8,34 @@
/* /*
Creates a single sepaMandate test record. Creates a single sepaMandate test record.
*/ */
create or replace procedure createHsOfficeSepaMandateTestData( tradeNameAndHolderName varchar ) create or replace procedure createHsOfficeSepaMandateTestData(
forPartnerNumber numeric(5),
forDebitorSuffix numeric(2),
forIban varchar,
withReference varchar)
language plpgsql as $$ language plpgsql as $$
declare declare
currentTask varchar; currentTask varchar;
idName varchar;
relatedDebitor hs_office_debitor; relatedDebitor hs_office_debitor;
relatedBankAccount hs_office_bankAccount; relatedBankAccount hs_office_bankAccount;
begin begin
idName := cleanIdentifier( tradeNameAndHolderName); currentTask := 'creating SEPA-mandate test-data ' || forPartnerNumber::text || forDebitorSuffix::text;
currentTask := 'creating SEPA-mandate test-data ' || idName;
call defineContext(currentTask, null, 'superuser-alex@hostsharing.net', 'global#global.admin'); call defineContext(currentTask, null, 'superuser-alex@hostsharing.net', 'global#global.admin');
execute format('set local hsadminng.currentTask to %L', currentTask); execute format('set local hsadminng.currentTask to %L', currentTask);
select debitor.* from hs_office_debitor debitor select debitor.*
join hs_office_partner parter on parter.uuid = debitor.partnerUuid from hs_office_debitor debitor
join hs_office_person person on person.uuid = parter.personUuid left join hs_office_partner partner on debitor.partneruuid = partner.uuid
where person.tradeName = tradeNameAndHolderName into relatedDebitor; where partner.partnerNumber = forPartnerNumber and debitor.debitorNumberSuffix = forDebitorSuffix
select c.* from hs_office_bankAccount c where c.holder = tradeNameAndHolderName into relatedBankAccount; into relatedDebitor;
select b.* from hs_office_bankAccount b where b.iban = forIban into relatedBankAccount;
raise notice 'creating test SEPA-mandate: %', idName; raise notice 'creating test SEPA-mandate: %', forPartnerNumber::text || forDebitorSuffix::text;
raise notice '- using debitor (%): %', relatedDebitor.uuid, relatedDebitor; raise notice '- using debitor (%): %', relatedDebitor.uuid, relatedDebitor;
raise notice '- using bankAccount (%): %', relatedBankAccount.uuid, relatedBankAccount; raise notice '- using bankAccount (%): %', relatedBankAccount.uuid, relatedBankAccount;
insert insert
into hs_office_sepamandate (uuid, debitoruuid, bankAccountuuid, reference, agreement, validity) into hs_office_sepamandate (uuid, debitoruuid, bankAccountuuid, reference, agreement, validity)
values (uuid_generate_v4(), relatedDebitor.uuid, relatedBankAccount.uuid, 'ref'||idName, '20220930', daterange('20221001' , '20261231', '[]')); values (uuid_generate_v4(), relatedDebitor.uuid, relatedBankAccount.uuid, withReference, '20220930', daterange('20221001' , '20261231', '[]'));
end; $$; end; $$;
--// --//
@ -43,9 +46,9 @@ end; $$;
do language plpgsql $$ do language plpgsql $$
begin begin
call createHsOfficeSepaMandateTestData('First GmbH'); call createHsOfficeSepaMandateTestData(10001, 11, 'DE02120300000000202051', 'ref-11110001');
call createHsOfficeSepaMandateTestData('Second e.K.'); call createHsOfficeSepaMandateTestData(10002, 12, 'DE02100500000054540402', 'ref-11120002');
call createHsOfficeSepaMandateTestData('Third OHG'); call createHsOfficeSepaMandateTestData(10003, 13, 'DE02300209000106531065', 'ref-11130003');
end; end;
$$; $$;
--// --//

View File

@ -30,7 +30,6 @@ declare
hsOfficeDebitorTenant RbacRoleDescriptor; hsOfficeDebitorTenant RbacRoleDescriptor;
oldPartner hs_office_partner; oldPartner hs_office_partner;
newPartner hs_office_partner; newPartner hs_office_partner;
newPerson hs_office_person;
oldContact hs_office_contact; oldContact hs_office_contact;
newContact hs_office_contact; newContact hs_office_contact;
newBankAccount hs_office_bankaccount; newBankAccount hs_office_bankaccount;
@ -40,7 +39,6 @@ begin
hsOfficeDebitorTenant := hsOfficeDebitorTenant(NEW); hsOfficeDebitorTenant := hsOfficeDebitorTenant(NEW);
select * from hs_office_partner as p where p.uuid = NEW.partnerUuid into newPartner; select * from hs_office_partner as p where p.uuid = NEW.partnerUuid into newPartner;
select * from hs_office_person as p where p.uuid = newPartner.personUuid into newPerson;
select * from hs_office_contact as c where c.uuid = NEW.billingContactUuid into newContact; select * from hs_office_contact as c where c.uuid = NEW.billingContactUuid into newContact;
select * from hs_office_bankaccount as b where b.uuid = NEW.refundBankAccountUuid into newBankAccount; select * from hs_office_bankaccount as b where b.uuid = NEW.refundBankAccountUuid into newBankAccount;
if TG_OP = 'INSERT' then if TG_OP = 'INSERT' then

View File

@ -28,7 +28,8 @@ begin
execute format('set local hsadminng.currentTask to %L', currentTask); execute format('set local hsadminng.currentTask to %L', currentTask);
select partner.* from hs_office_partner partner select partner.* from hs_office_partner partner
join hs_office_person person on person.uuid = partner.personUuid join hs_office_relationship rel on rel.uuid = partner.partnerRoleUuid
join hs_office_person person on person.uuid = rel.relHolderUuid
where person.tradeName = partnerTradeName into relatedPartner; where person.tradeName = partnerTradeName into relatedPartner;
select c.* from hs_office_contact c where c.label = billingContactLabel into relatedContact; select c.* from hs_office_contact c where c.label = billingContactLabel into relatedContact;
select b.uuid from hs_office_bankaccount b where b.holder = partnerTradeName into relatedBankAccountUuid; select b.uuid from hs_office_bankaccount b where b.holder = partnerTradeName into relatedBankAccountUuid;

View File

@ -9,30 +9,30 @@
Creates a single membership test record. Creates a single membership test record.
*/ */
create or replace procedure createHsOfficeMembershipTestData( create or replace procedure createHsOfficeMembershipTestData(
forPartnerTradeName varchar, forPartnerNumber numeric(5),
forMainDebitorNumberSuffix numeric, forMainDebitorNumberSuffix numeric,
newMemberNumberSuffix char(2) ) newMemberNumberSuffix char(2) )
language plpgsql as $$ language plpgsql as $$
declare declare
currentTask varchar; currentTask varchar;
idName varchar;
relatedPartner hs_office_partner; relatedPartner hs_office_partner;
relatedDebitor hs_office_debitor; relatedDebitor hs_office_debitor;
begin begin
idName := cleanIdentifier( forPartnerTradeName || '#' || forMainDebitorNumberSuffix); currentTask := 'creating Membership test-data ' ||
currentTask := 'creating Membership test-data ' || idName; 'P-' || forPartnerNumber::text ||
'D-...' || forMainDebitorNumberSuffix ||
'M-...' || newMemberNumberSuffix;
call defineContext(currentTask, null, 'superuser-alex@hostsharing.net', 'global#global.admin'); call defineContext(currentTask, null, 'superuser-alex@hostsharing.net', 'global#global.admin');
execute format('set local hsadminng.currentTask to %L', currentTask); execute format('set local hsadminng.currentTask to %L', currentTask);
select partner.* from hs_office_partner partner select partner.* from hs_office_partner partner
join hs_office_person person on person.uuid = partner.personUuid where partner.partnerNumber = forPartnerNumber into relatedPartner;
where person.tradeName = forPartnerTradeName into relatedPartner;
select d.* from hs_office_debitor d select d.* from hs_office_debitor d
where d.partneruuid = relatedPartner.uuid where d.partneruuid = relatedPartner.uuid
and d.debitorNumberSuffix = forMainDebitorNumberSuffix and d.debitorNumberSuffix = forMainDebitorNumberSuffix
into relatedDebitor; into relatedDebitor;
raise notice 'creating test Membership: %', idName; raise notice 'creating test Membership: M-% %', forPartnerNumber, newMemberNumberSuffix;
raise notice '- using partner (%): %', relatedPartner.uuid, relatedPartner; raise notice '- using partner (%): %', relatedPartner.uuid, relatedPartner;
raise notice '- using debitor (%): %', relatedDebitor.uuid, relatedDebitor; raise notice '- using debitor (%): %', relatedDebitor.uuid, relatedDebitor;
insert insert
@ -48,9 +48,9 @@ end; $$;
do language plpgsql $$ do language plpgsql $$
begin begin
call createHsOfficeMembershipTestData('First GmbH', 11, '01'); call createHsOfficeMembershipTestData(10001, 11, '01');
call createHsOfficeMembershipTestData('Second e.K.', 12, '02'); call createHsOfficeMembershipTestData(10002, 12, '02');
call createHsOfficeMembershipTestData('Third OHG', 13, '03'); call createHsOfficeMembershipTestData(10003, 13, '03');
end; end;
$$; $$;
--// --//