diff --git a/src/main/resources/db/changelog/1-rbac/1058-rbac-generators.sql b/src/main/resources/db/changelog/1-rbac/1058-rbac-generators.sql index 547b0397..b8af04f4 100644 --- a/src/main/resources/db/changelog/1-rbac/1058-rbac-generators.sql +++ b/src/main/resources/db/changelog/1-rbac/1058-rbac-generators.sql @@ -223,7 +223,7 @@ begin ) select target.* from %1$s as target - where rbac.hasGlobalAdminRole() or target.uuid in (select * from accessible_uuids) + where target.uuid in (select * from accessible_uuids) order by %2$s; grant all privileges on %1$s_rv to ${HSADMINNG_POSTGRES_RESTRICTED_USERNAME}; diff --git a/src/main/resources/db/changelog/1-rbac/1080-rbac-global.sql b/src/main/resources/db/changelog/1-rbac/1080-rbac-global.sql index cf303db3..51cdb6c2 100644 --- a/src/main/resources/db/changelog/1-rbac/1080-rbac-global.sql +++ b/src/main/resources/db/changelog/1-rbac/1080-rbac-global.sql @@ -35,30 +35,6 @@ end; $$; --// --- ============================================================================ ---changeset michael.hoennig:rbac-global-HAS-GLOBAL-ADMIN-ROLE endDelimiter:--// --- ---------------------------------------------------------------------------- -/* - Returns true if the current user is a global admin and has no assumed role. - */ -create or replace function rbac.hasGlobalAdminRole() - returns boolean - stable -- leakproof - language plpgsql as $$ -declare - currentSubjectOrAssumedRolesUuids text; -begin - begin - currentSubjectOrAssumedRolesUuids := current_setting('hsadminng.currentSubjectOrAssumedRolesUuids'); - exception - when others then - currentSubjectOrAssumedRolesUuids := null; - end; - return currentSubjectOrAssumedRolesUuids is null or length(currentSubjectOrAssumedRolesUuids) = 0; -end; $$; ---// - - -- ============================================================================ --changeset michael.hoennig:rbac-global-HAS-GLOBAL-PERMISSION endDelimiter:--// -- ------------------------------------------------------------------