Liquibase scripts generally work, grants still have to be amended

This commit is contained in:
Michael Hoennig 2024-02-02 15:54:26 +01:00
parent 38487e0579
commit 345359fd18
6 changed files with 51 additions and 83 deletions

View File

@ -30,16 +30,14 @@ declare
oldPartnerRole hs_office_relationship;
newPartnerRole hs_office_relationship;
oldPerson hs_office_person;
newPerson hs_office_person;
oldPersonX hs_office_person;
newPersonX hs_office_person;
oldContact hs_office_contact;
newContact hs_office_contact;
oldContactX hs_office_contact;
newContactX hs_office_contact;
begin
select * from hs_office_relationship as r where r.uuid = NEW.partnerroleuuid into newPartnerRole;
select * from hs_office_person as p where p.uuid = NEW.personUuid into newPerson;
select * from hs_office_contact as c where c.uuid = NEW.contactUuid into newContact;
if TG_OP = 'INSERT' then
@ -57,18 +55,14 @@ begin
incomingSuperRoles => array[
hsOfficePartnerOwner(NEW)],
outgoingSubRoles => array[
hsOfficeRelationshipTenant(newPartnerRole),
hsOfficePersonTenant(newPerson),
hsOfficeContactTenant(newContact)]
hsOfficeRelationshipTenant(newPartnerRole)]
);
perform createRoleWithGrants(
hsOfficePartnerAgent(NEW),
incomingSuperRoles => array[
hsOfficePartnerAdmin(NEW),
hsOfficeRelationshipAdmin(newPartnerRole),
hsOfficePersonAdmin(newPerson),
hsOfficeContactAdmin(newContact)]
hsOfficeRelationshipAdmin(newPartnerRole)]
);
perform createRoleWithGrants(
@ -76,9 +70,7 @@ begin
incomingSuperRoles => array[
hsOfficePartnerAgent(NEW)],
outgoingSubRoles => array[
hsOfficeRelationshipTenant(newPartnerRole),
hsOfficePersonGuest(newPerson),
hsOfficeContactGuest(newContact)]
hsOfficeRelationshipTenant(newPartnerRole)]
);
perform createRoleWithGrants(
@ -130,31 +122,6 @@ begin
call grantRoleToRole(hsOfficeRelationshipGuest(newPartnerRole), hsOfficePartnerTenant(NEW));
end if;
if OLD.personUuid <> NEW.personUuid then
select * from hs_office_person as p where p.uuid = OLD.personUuid into oldPerson;
call revokeRoleFromRole(hsOfficePersonTenant(oldPerson), hsOfficePartnerAdmin(OLD));
call grantRoleToRole(hsOfficePersonTenant(newPerson), hsOfficePartnerAdmin(NEW));
call revokeRoleFromRole(hsOfficePartnerAgent(OLD), hsOfficePersonAdmin(oldPerson));
call grantRoleToRole(hsOfficePartnerAgent(NEW), hsOfficePersonAdmin(newPerson));
call revokeRoleFromRole(hsOfficePersonGuest(oldPerson), hsOfficePartnerTenant(OLD));
call grantRoleToRole(hsOfficePersonGuest(newPerson), hsOfficePartnerTenant(NEW));
end if;
if OLD.contactUuid <> NEW.contactUuid then
select * from hs_office_contact as c where c.uuid = OLD.contactUuid into oldContact;
call revokeRoleFromRole(hsOfficeContactTenant(oldContact), hsOfficePartnerAdmin(OLD));
call grantRoleToRole(hsOfficeContactTenant(newContact), hsOfficePartnerAdmin(NEW));
call revokeRoleFromRole(hsOfficePartnerAgent(OLD), hsOfficeContactAdmin(oldContact));
call grantRoleToRole(hsOfficePartnerAgent(NEW), hsOfficeContactAdmin(newContact));
call revokeRoleFromRole(hsOfficeContactGuest(oldContact), hsOfficePartnerTenant(OLD));
call grantRoleToRole(hsOfficeContactGuest(newContact), hsOfficePartnerTenant(NEW));
end if;
else
raise exception 'invalid usage of TRIGGER';
end if;
@ -187,9 +154,15 @@ execute procedure hsOfficePartnerRbacRolesTrigger();
-- ----------------------------------------------------------------------------
call generateRbacIdentityView('hs_office_partner', $idName$
partnerNumber || ':' ||
(select idName from hs_office_person_iv p where p.uuid = target.personuuid)
(select idName
from hs_office_person_iv p
left join hs_office_relationship r on r.uuid = target.partnerRoleUuid
where p.uuid = r.relHolderUuid)
|| '-' ||
(select idName from hs_office_contact_iv c where c.uuid = target.contactuuid)
(select idName
from hs_office_contact_iv c
left join hs_office_relationship r on r.uuid = target.partnerRoleUuid
where c.uuid = r.contactUuid)
$idName$);
--//
@ -198,11 +171,9 @@ call generateRbacIdentityView('hs_office_partner', $idName$
--changeset hs-office-partner-rbac-RESTRICTED-VIEW:1 endDelimiter:--//
-- ----------------------------------------------------------------------------
call generateRbacRestrictedView('hs_office_partner',
'(select idName from hs_office_person_iv p where p.uuid = target.personUuid)',
'target.partnerNumber',
$updates$
partnerRoleUuid = new.partnerRoleUuid,
personUuid = new.personUuid,
contactUuid = new.contactUuid
partnerRoleUuid = new.partnerRoleUuid
$updates$);
--//

View File

@ -10,7 +10,7 @@
*/
create or replace procedure createHsOfficePartnerTestData(
mandantTradeName varchar,
partnerNumber numeric(5),
newPartnerNumber numeric(5),
partnerPersonName varchar,
contactLabel varchar )
language plpgsql as $$
@ -20,7 +20,6 @@ declare
mandantPerson hs_office_person;
partnerRole hs_office_relationship;
relatedPerson hs_office_person;
relatedContact hs_office_contact;
relatedDetailsUuid uuid;
begin
idName := cleanIdentifier( partnerPersonName|| '-' || contactLabel);
@ -38,9 +37,6 @@ begin
select p.* from hs_office_person p
where p.tradeName = partnerPersonName or p.familyName = partnerPersonName
into relatedPerson;
select c.* from hs_office_contact c
where c.label = contactLabel
into relatedContact;
select r.* from hs_office_relationship r
where r.reltype = 'PARTNER'
@ -53,7 +49,6 @@ begin
raise notice 'creating test partner: %', idName;
raise notice '- using partnerRole (%): %', partnerRole.uuid, partnerRole;
raise notice '- using person (%): %', relatedPerson.uuid, relatedPerson;
raise notice '- using contact (%): %', relatedContact.uuid, relatedContact;
if relatedPerson.persontype = 'NP' then
insert
@ -68,8 +63,8 @@ begin
end if;
insert
into hs_office_partner (uuid, partnerNumber, partnerRoleUuid, personuuid, contactuuid, detailsUuid)
values (uuid_generate_v4(), partnerNumber, partnerRole.uuid, relatedPerson.uuid, relatedContact.uuid, relatedDetailsUuid);
into hs_office_partner (uuid, partnerNumber, partnerRoleUuid, detailsUuid)
values (uuid_generate_v4(), newPartnerNumber, partnerRole.uuid, relatedDetailsUuid);
end; $$;
--//

View File

@ -8,31 +8,34 @@
/*
Creates a single sepaMandate test record.
*/
create or replace procedure createHsOfficeSepaMandateTestData( tradeNameAndHolderName varchar )
create or replace procedure createHsOfficeSepaMandateTestData(
forPartnerNumber numeric(5),
forDebitorSuffix numeric(2),
forIban varchar,
withReference varchar)
language plpgsql as $$
declare
currentTask varchar;
idName varchar;
relatedDebitor hs_office_debitor;
relatedBankAccount hs_office_bankAccount;
begin
idName := cleanIdentifier( tradeNameAndHolderName);
currentTask := 'creating SEPA-mandate test-data ' || idName;
currentTask := 'creating SEPA-mandate test-data ' || forPartnerNumber::text || forDebitorSuffix::text;
call defineContext(currentTask, null, 'superuser-alex@hostsharing.net', 'global#global.admin');
execute format('set local hsadminng.currentTask to %L', currentTask);
select debitor.* from hs_office_debitor debitor
join hs_office_partner parter on parter.uuid = debitor.partnerUuid
join hs_office_person person on person.uuid = parter.personUuid
where person.tradeName = tradeNameAndHolderName into relatedDebitor;
select c.* from hs_office_bankAccount c where c.holder = tradeNameAndHolderName into relatedBankAccount;
select debitor.*
from hs_office_debitor debitor
left join hs_office_partner partner on debitor.partneruuid = partner.uuid
where partner.partnerNumber = forPartnerNumber and debitor.debitorNumberSuffix = forDebitorSuffix
into relatedDebitor;
select b.* from hs_office_bankAccount b where b.iban = forIban into relatedBankAccount;
raise notice 'creating test SEPA-mandate: %', idName;
raise notice 'creating test SEPA-mandate: %', forPartnerNumber::text || forDebitorSuffix::text;
raise notice '- using debitor (%): %', relatedDebitor.uuid, relatedDebitor;
raise notice '- using bankAccount (%): %', relatedBankAccount.uuid, relatedBankAccount;
insert
into hs_office_sepamandate (uuid, debitoruuid, bankAccountuuid, reference, agreement, validity)
values (uuid_generate_v4(), relatedDebitor.uuid, relatedBankAccount.uuid, 'ref'||idName, '20220930', daterange('20221001' , '20261231', '[]'));
values (uuid_generate_v4(), relatedDebitor.uuid, relatedBankAccount.uuid, withReference, '20220930', daterange('20221001' , '20261231', '[]'));
end; $$;
--//
@ -43,9 +46,9 @@ end; $$;
do language plpgsql $$
begin
call createHsOfficeSepaMandateTestData('First GmbH');
call createHsOfficeSepaMandateTestData('Second e.K.');
call createHsOfficeSepaMandateTestData('Third OHG');
call createHsOfficeSepaMandateTestData(10001, 11, 'DE02120300000000202051', 'ref-11110001');
call createHsOfficeSepaMandateTestData(10002, 12, 'DE02100500000054540402', 'ref-11120002');
call createHsOfficeSepaMandateTestData(10003, 13, 'DE02300209000106531065', 'ref-11130003');
end;
$$;
--//

View File

@ -30,7 +30,6 @@ declare
hsOfficeDebitorTenant RbacRoleDescriptor;
oldPartner hs_office_partner;
newPartner hs_office_partner;
newPerson hs_office_person;
oldContact hs_office_contact;
newContact hs_office_contact;
newBankAccount hs_office_bankaccount;
@ -40,7 +39,6 @@ begin
hsOfficeDebitorTenant := hsOfficeDebitorTenant(NEW);
select * from hs_office_partner as p where p.uuid = NEW.partnerUuid into newPartner;
select * from hs_office_person as p where p.uuid = newPartner.personUuid into newPerson;
select * from hs_office_contact as c where c.uuid = NEW.billingContactUuid into newContact;
select * from hs_office_bankaccount as b where b.uuid = NEW.refundBankAccountUuid into newBankAccount;
if TG_OP = 'INSERT' then

View File

@ -28,7 +28,8 @@ begin
execute format('set local hsadminng.currentTask to %L', currentTask);
select partner.* from hs_office_partner partner
join hs_office_person person on person.uuid = partner.personUuid
join hs_office_relationship rel on rel.uuid = partner.partnerRoleUuid
join hs_office_person person on person.uuid = rel.relHolderUuid
where person.tradeName = partnerTradeName into relatedPartner;
select c.* from hs_office_contact c where c.label = billingContactLabel into relatedContact;
select b.uuid from hs_office_bankaccount b where b.holder = partnerTradeName into relatedBankAccountUuid;

View File

@ -9,30 +9,30 @@
Creates a single membership test record.
*/
create or replace procedure createHsOfficeMembershipTestData(
forPartnerTradeName varchar,
forPartnerNumber numeric(5),
forMainDebitorNumberSuffix numeric,
newMemberNumberSuffix char(2) )
language plpgsql as $$
declare
currentTask varchar;
idName varchar;
relatedPartner hs_office_partner;
relatedDebitor hs_office_debitor;
begin
idName := cleanIdentifier( forPartnerTradeName || '#' || forMainDebitorNumberSuffix);
currentTask := 'creating Membership test-data ' || idName;
currentTask := 'creating Membership test-data ' ||
'P-' || forPartnerNumber::text ||
'D-...' || forMainDebitorNumberSuffix ||
'M-...' || newMemberNumberSuffix;
call defineContext(currentTask, null, 'superuser-alex@hostsharing.net', 'global#global.admin');
execute format('set local hsadminng.currentTask to %L', currentTask);
select partner.* from hs_office_partner partner
join hs_office_person person on person.uuid = partner.personUuid
where person.tradeName = forPartnerTradeName into relatedPartner;
where partner.partnerNumber = forPartnerNumber into relatedPartner;
select d.* from hs_office_debitor d
where d.partneruuid = relatedPartner.uuid
and d.debitorNumberSuffix = forMainDebitorNumberSuffix
into relatedDebitor;
raise notice 'creating test Membership: %', idName;
raise notice 'creating test Membership: M-% %', forPartnerNumber, newMemberNumberSuffix;
raise notice '- using partner (%): %', relatedPartner.uuid, relatedPartner;
raise notice '- using debitor (%): %', relatedDebitor.uuid, relatedDebitor;
insert
@ -48,9 +48,9 @@ end; $$;
do language plpgsql $$
begin
call createHsOfficeMembershipTestData('First GmbH', 11, '01');
call createHsOfficeMembershipTestData('Second e.K.', 12, '02');
call createHsOfficeMembershipTestData('Third OHG', 13, '03');
call createHsOfficeMembershipTestData(10001, 11, '01');
call createHsOfficeMembershipTestData(10002, 12, '02');
call createHsOfficeMembershipTestData(10003, 13, '03');
end;
$$;
--//