patch generated rbac trigger to fix too broad INSERT grants
This commit is contained in:
parent
e46813bf9c
commit
38b1c20f64
@ -104,6 +104,7 @@ do language plpgsql $$
|
||||
call defineContext('create INSERT INTO hs_booking_item permissions for the related hs_office_relation rows');
|
||||
|
||||
FOR row IN SELECT * FROM hs_office_relation
|
||||
WHERE type in ('DEBITOR') -- TODO.rbac: currently manually patched, needs to be generated
|
||||
LOOP
|
||||
call grantPermissionToRole(
|
||||
createPermission(row.uuid, 'INSERT', 'hs_booking_item'),
|
||||
@ -113,16 +114,18 @@ do language plpgsql $$
|
||||
$$;
|
||||
|
||||
/**
|
||||
Adds hs_booking_item INSERT permission to specified role of new hs_office_relation rows.
|
||||
Adds hs_booking_item INSERT permission to specified roleNSERT permission to specified role of new hs_office_relation rows.
|
||||
*/
|
||||
create or replace function hs_booking_item_hs_office_relation_insert_tf()
|
||||
returns trigger
|
||||
language plpgsql
|
||||
strict as $$
|
||||
begin
|
||||
if NEW.type = 'DEBITOR' then -- TODO.rbac: currently manually patched, needs to be generated
|
||||
call grantPermissionToRole(
|
||||
createPermission(NEW.uuid, 'INSERT', 'hs_booking_item'),
|
||||
hsOfficeRelationADMIN(NEW));
|
||||
end if;
|
||||
return NEW;
|
||||
end; $$;
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user