From 399e1d23d9d2956b7e80652680bd7cbcd96ade30 Mon Sep 17 00:00:00 2001 From: Michael Hoennig Date: Mon, 25 Mar 2024 08:36:42 +0100 Subject: [PATCH] merging aftermaths --- ...er_canViewButNotUpdateRelatedMembership.md | 76 ++++++++++++ doc/temp/coop-share-select.md | 105 +++++++++++++++++ ...nNotDeleteTheirRelatedMembership-delete.md | 71 ++++++++++++ ...nNotDeleteTheirRelatedMembership-select.md | 101 ++++++++++++++++ ...gent_canNotDeleteTheirRelatedMembership.md | 79 +++++++++++++ doc/temp/membership-select.md | 101 ++++++++++++++++ doc/temp/partner-updated.md | 108 ++++++++++++++++++ .../rbac/rbacdef/InsertTriggerGenerator.java | 1 - ...s.yaml => hs-office-relation-schemas.yaml} | 0 .../hs-office-relations-with-uuid.yaml | 6 +- .../hs-office/hs-office-relations.yaml | 8 +- 11 files changed, 648 insertions(+), 8 deletions(-) create mode 100644 doc/membershipReferrer_canViewButNotUpdateRelatedMembership.md create mode 100644 doc/temp/coop-share-select.md create mode 100644 doc/temp/debitorRelationAgent_canNotDeleteTheirRelatedMembership-delete.md create mode 100644 doc/temp/debitorRelationAgent_canNotDeleteTheirRelatedMembership-select.md create mode 100644 doc/temp/debitorRelationAgent_canNotDeleteTheirRelatedMembership.md create mode 100644 doc/temp/membership-select.md create mode 100644 doc/temp/partner-updated.md rename src/main/resources/api-definition/hs-office/{hs-office-relations-schemas.yaml => hs-office-relation-schemas.yaml} (100%) diff --git a/doc/membershipReferrer_canViewButNotUpdateRelatedMembership.md b/doc/membershipReferrer_canViewButNotUpdateRelatedMembership.md new file mode 100644 index 00000000..50e770e6 --- /dev/null +++ b/doc/membershipReferrer_canViewButNotUpdateRelatedMembership.md @@ -0,0 +1,76 @@ +### all grants to membershipReferrer_canViewButNotUpdateRelatedMembership + +```mermaid +%%{init:{'flowchart':{'htmlLabels':false}}}%% + +%% too many grants, graph is cropped +flowchart TB + +subgraph hs_office_membership#M-1000113[hs_office_membership#M-1000113] + + perm:SELECT:on:hs_office_membership#M-1000113{{SELECT + ref:b1b1192e-f2bf-4b9f-836b-90e98903bedc}} + + role:hs_office_membership#M-1000113.referrer[referrer + ref:7c95cd77-a124-40ab-87f3-4cd2f33ad32f] + +end + +subgraph hs_office_partner#P-10001[hs_office_partner#P-10001] + + perm:SELECT:on:hs_office_partner#P-10001{{SELECT + ref:74c87064-7e9b-4ead-9344-4f18ba246b80}} + +end + +subgraph hs_office_person#HostsharingeG[hs_office_person#HostsharingeG] + + perm:SELECT:on:hs_office_person#HostsharingeG{{SELECT + ref:38e63031-3245-4e57-b59d-b4f08334adec}} + + role:hs_office_person#HostsharingeG.referrer[referrer + ref:b31417b9-6c56-4e79-93dd-c6c11a080370] + +end + +subgraph hs_office_person#FirstGmbH[hs_office_person#FirstGmbH] + + perm:SELECT:on:hs_office_person#FirstGmbH{{SELECT + ref:5cbe42d4-e8d3-40e9-bddd-5635c151c57a}} + + role:hs_office_person#FirstGmbH.referrer[referrer + ref:86a4ece0-087f-46ea-94b4-b1f3294ba356] + +end + +subgraph hs_office_contact#firstcontact[hs_office_contact#firstcontact] + + perm:SELECT:on:hs_office_contact#firstcontact{{SELECT + ref:21cc5d9e-d98e-4953-a9e6-d33a5753876f}} + + role:hs_office_contact#firstcontact.referrer[referrer + ref:ca3c3e01-fb66-465e-93ee-cbad0e5ee70e] + +end + +subgraph hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH[hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH] + + perm:SELECT:on:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH{{SELECT + ref:b52dd840-289a-4c92-98a1-3ee629318608}} + + role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.tenant[tenant + ref:d9395077-4c0b-44d6-924e-811041402abe] + +end + +role:hs_office_contact#firstcontact.referrer --> perm:SELECT:on:hs_office_contact#firstcontact +role:hs_office_membership#M-1000113.referrer --> perm:SELECT:on:hs_office_membership#M-1000113 +role:hs_office_membership#M-1000113.referrer --> role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.tenant +role:hs_office_person#FirstGmbH.referrer --> perm:SELECT:on:hs_office_person#FirstGmbH +role:hs_office_person#HostsharingeG.referrer --> perm:SELECT:on:hs_office_person#HostsharingeG +role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.tenant --> perm:SELECT:on:hs_office_partner#P-10001 +role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.tenant --> perm:SELECT:on:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH +role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.tenant --> role:hs_office_contact#firstcontact.referrer +role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.tenant --> role:hs_office_person#FirstGmbH.referrer +role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.tenant --> role:hs_office_person#HostsharingeG.referrer +``` diff --git a/doc/temp/coop-share-select.md b/doc/temp/coop-share-select.md new file mode 100644 index 00000000..23a80d3b --- /dev/null +++ b/doc/temp/coop-share-select.md @@ -0,0 +1,105 @@ +### all grants to coop-share-select + +```mermaid +%%{init:{'flowchart':{'htmlLabels':false}}}%% + +%% too many grants, graph is cropped +flowchart TB + +subgraph hs_office_membership#M-1000101[hs_office_membership#M-1000101] + + role:hs_office_membership#M-1000101.admin[admin + ref:6a6eca16-878f-4daf-8814-71bfeef9d531] + + role:hs_office_membership#M-1000101.owner[owner + ref:9899101f-f59a-4432-bb5f-85841f94e0b1] + + role:hs_office_membership#M-1000101.referrer[referrer + ref:13d84099-cae3-4b9c-9f84-b0c4ca383f64] + +end + +subgraph global#global[global#global] + + role:global#global.admin[admin + ref:e36961c1-3250-4429-9c0f-b85d1d625e2f] + +end + +subgraph hs_office_coopsharestransaction#ref1000101-1[hs_office_coopsharestransaction#ref1000101-1] + + perm:SELECT:on:hs_office_coopsharestransaction#ref1000101-1{{SELECT + ref:6e847eb3-3fb3-41f5-ab10-6aedbaa298e8}} + +end + +subgraph hs_office_person#FirstGmbH[hs_office_person#FirstGmbH] + + role:hs_office_person#FirstGmbH.admin[admin + ref:54293c05-fbc4-45b6-b9f0-aab8705f2cf7] + + role:hs_office_person#FirstGmbH.owner[owner + ref:599ae17d-862a-44fc-a7cc-4e0b40c5c785] + +end + +subgraph hs_office_person#HostsharingeG[hs_office_person#HostsharingeG] + + role:hs_office_person#HostsharingeG.admin[admin + ref:0e110d55-665d-4994-85ed-986d3e890214] + + role:hs_office_person#HostsharingeG.owner[owner + ref:b92395bf-e4f4-46e6-ad29-2289879171a2] + +end + +subgraph hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH[hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH] + + role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.admin[admin + ref:e92b7f7f-20d4-4c89-a572-e0b2c59ed265] + + role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.agent[agent + ref:f42a648f-4474-47c7-bba8-9d1082cf76d7] + + role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.owner[owner + ref:776e5533-4630-4d55-957b-25ca16220324] + +end + +subgraph users[users] + + user:person-FirstGmbH(person-FirstGmbH@example.com + ref:661ac654-7ed8-4723-a1c5-41d886cef684) + + user:person-HostsharingeG(person-HostsharingeG@example.com + ref:a0c798f6-ea35-4725-857e-0358dfd57b8e) + + user:superuser-alex(superuser-alex@hostsharing.net + ref:0849f284-6379-4694-98a6-b777fa80a902) + + user:superuser-fran(superuser-fran@hostsharing.net + ref:a780bed7-d970-4c04-8e78-85e33a28af91) + +end + +role:global#global.admin --> role:hs_office_person#FirstGmbH.owner +role:global#global.admin --> role:hs_office_person#HostsharingeG.owner +role:global#global.admin --> role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.owner +role:hs_office_membership#M-1000101.admin --> role:hs_office_membership#M-1000101.referrer +role:hs_office_membership#M-1000101.owner --> role:hs_office_membership#M-1000101.admin +role:hs_office_membership#M-1000101.referrer --> perm:SELECT:on:hs_office_coopsharestransaction#ref1000101-1 +role:hs_office_person#FirstGmbH.admin --> role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.agent +role:hs_office_person#FirstGmbH.owner --> role:hs_office_person#FirstGmbH.admin +role:hs_office_person#HostsharingeG.admin --> role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.admin +role:hs_office_person#HostsharingeG.owner --> role:hs_office_person#HostsharingeG.admin +role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.admin --> role:hs_office_membership#M-1000101.owner +role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.admin --> role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.agent +role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.agent --> role:hs_office_membership#M-1000101.admin +role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.owner --> role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.admin +user:person-FirstGmbH --> role:hs_office_person#FirstGmbH.owner +user:person-HostsharingeG --> role:hs_office_person#HostsharingeG.owner +user:superuser-alex --> role:global#global.admin +user:superuser-alex --> role:hs_office_membership#M-1000101.owner +user:superuser-alex --> role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.owner +user:superuser-fran --> role:global#global.admin +``` diff --git a/doc/temp/debitorRelationAgent_canNotDeleteTheirRelatedMembership-delete.md b/doc/temp/debitorRelationAgent_canNotDeleteTheirRelatedMembership-delete.md new file mode 100644 index 00000000..7296d693 --- /dev/null +++ b/doc/temp/debitorRelationAgent_canNotDeleteTheirRelatedMembership-delete.md @@ -0,0 +1,71 @@ +### all grants to debitorRelationAgent_canNotDeleteTheirRelatedMembership-delete + +```mermaid +%%{init:{'flowchart':{'htmlLabels':false}}}%% + +%% too many grants, graph is cropped +flowchart TB + +subgraph hs_office_membership#M-1000114[hs_office_membership#M-1000114] + + perm:DELETE:on:hs_office_membership#M-1000114{{DELETE + ref:5defb5eb-e9b1-4a1a-8476-a91be89a756f}} + + role:hs_office_membership#M-1000114.owner[owner + ref:3da05812-0992-473c-ba8c-0e66ca33f039] + +end + +subgraph global#global[global#global] + + role:global#global.admin[admin + ref:eedfafb8-db39-45ac-b4c2-2b30699f4f72] + +end + +subgraph hs_office_person#HostsharingeG[hs_office_person#HostsharingeG] + + role:hs_office_person#HostsharingeG.admin[admin + ref:c40db171-9d99-4feb-8d91-d9befb053373] + + role:hs_office_person#HostsharingeG.owner[owner + ref:626f0656-d00e-471d-a145-72a96180d0d2] + +end + +subgraph users[users] + + user:person-HostsharingeG(person-HostsharingeG@example.com + ref:93e0b9b2-aafd-49fe-b033-10b5e39a0272) + + user:superuser-alex(superuser-alex@hostsharing.net + ref:2113a0d5-04c7-4b7f-873c-0a24212bfd4a) + + user:superuser-fran(superuser-fran@hostsharing.net + ref:4740f067-13c8-4507-a9b8-c8469c476f5b) + +end + +subgraph hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH[hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH] + + role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.admin[admin + ref:12d2ec68-3df4-45ed-9a8d-035f701cf33e] + + role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.owner[owner + ref:341d44b9-73f0-4048-a3c2-d8c7c73881ff] + +end + +role:global#global.admin --> role:hs_office_person#HostsharingeG.owner +role:global#global.admin --> role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.owner +role:hs_office_membership#M-1000114.owner --> perm:DELETE:on:hs_office_membership#M-1000114 +role:hs_office_person#HostsharingeG.admin --> role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.admin +role:hs_office_person#HostsharingeG.owner --> role:hs_office_person#HostsharingeG.admin +role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.admin --> role:hs_office_membership#M-1000114.owner +role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.owner --> role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.admin +user:person-HostsharingeG --> role:hs_office_person#HostsharingeG.owner +user:superuser-alex --> role:global#global.admin +user:superuser-alex --> role:hs_office_membership#M-1000114.owner +user:superuser-alex --> role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.owner +user:superuser-fran --> role:global#global.admin +``` diff --git a/doc/temp/debitorRelationAgent_canNotDeleteTheirRelatedMembership-select.md b/doc/temp/debitorRelationAgent_canNotDeleteTheirRelatedMembership-select.md new file mode 100644 index 00000000..95ee82ce --- /dev/null +++ b/doc/temp/debitorRelationAgent_canNotDeleteTheirRelatedMembership-select.md @@ -0,0 +1,101 @@ +### all grants to debitorRelationAgent_canNotDeleteTheirRelatedMembership-select + +```mermaid +%%{init:{'flowchart':{'htmlLabels':false}}}%% + +%% too many grants, graph is cropped +flowchart TB + +subgraph hs_office_membership#M-1000114[hs_office_membership#M-1000114] + + perm:SELECT:on:hs_office_membership#M-1000114{{SELECT + ref:296e0eae-f64c-43c5-818a-84674d7f9af6}} + + role:hs_office_membership#M-1000114.admin[admin + ref:2e6a4161-6244-4414-9bee-0a059ed76e79] + + role:hs_office_membership#M-1000114.owner[owner + ref:3da05812-0992-473c-ba8c-0e66ca33f039] + + role:hs_office_membership#M-1000114.referrer[referrer + ref:fc27995b-e981-4dfe-9d6b-d9e824b1b5c2] + +end + +subgraph global#global[global#global] + + role:global#global.admin[admin + ref:eedfafb8-db39-45ac-b4c2-2b30699f4f72] + +end + +subgraph hs_office_person#FirstGmbH[hs_office_person#FirstGmbH] + + role:hs_office_person#FirstGmbH.admin[admin + ref:870be03d-84ff-4a77-bfe8-8aaab81ee923] + + role:hs_office_person#FirstGmbH.owner[owner + ref:1ea6bff9-6d8f-4377-8cf9-7c11f00066e1] + +end + +subgraph hs_office_person#HostsharingeG[hs_office_person#HostsharingeG] + + role:hs_office_person#HostsharingeG.admin[admin + ref:c40db171-9d99-4feb-8d91-d9befb053373] + + role:hs_office_person#HostsharingeG.owner[owner + ref:626f0656-d00e-471d-a145-72a96180d0d2] + +end + +subgraph users[users] + + user:person-FirstGmbH(person-FirstGmbH@example.com + ref:375cf977-3c7b-4590-9b5c-ea7a5f6af971) + + user:person-HostsharingeG(person-HostsharingeG@example.com + ref:93e0b9b2-aafd-49fe-b033-10b5e39a0272) + + user:superuser-alex(superuser-alex@hostsharing.net + ref:2113a0d5-04c7-4b7f-873c-0a24212bfd4a) + + user:superuser-fran(superuser-fran@hostsharing.net + ref:4740f067-13c8-4507-a9b8-c8469c476f5b) + +end + +subgraph hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH[hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH] + + role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.admin[admin + ref:12d2ec68-3df4-45ed-9a8d-035f701cf33e] + + role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.agent[agent + ref:c949357d-2537-4646-9375-8f01c8ff41e4] + + role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.owner[owner + ref:341d44b9-73f0-4048-a3c2-d8c7c73881ff] + +end + +role:global#global.admin --> role:hs_office_person#FirstGmbH.owner +role:global#global.admin --> role:hs_office_person#HostsharingeG.owner +role:global#global.admin --> role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.owner +role:hs_office_membership#M-1000114.admin --> role:hs_office_membership#M-1000114.referrer +role:hs_office_membership#M-1000114.owner --> role:hs_office_membership#M-1000114.admin +role:hs_office_membership#M-1000114.referrer --> perm:SELECT:on:hs_office_membership#M-1000114 +role:hs_office_person#FirstGmbH.admin --> role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.agent +role:hs_office_person#FirstGmbH.owner --> role:hs_office_person#FirstGmbH.admin +role:hs_office_person#HostsharingeG.admin --> role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.admin +role:hs_office_person#HostsharingeG.owner --> role:hs_office_person#HostsharingeG.admin +role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.admin --> role:hs_office_membership#M-1000114.owner +role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.admin --> role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.agent +role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.agent --> role:hs_office_membership#M-1000114.admin +role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.owner --> role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.admin +user:person-FirstGmbH --> role:hs_office_person#FirstGmbH.owner +user:person-HostsharingeG --> role:hs_office_person#HostsharingeG.owner +user:superuser-alex --> role:global#global.admin +user:superuser-alex --> role:hs_office_membership#M-1000114.owner +user:superuser-alex --> role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.owner +user:superuser-fran --> role:global#global.admin +``` diff --git a/doc/temp/debitorRelationAgent_canNotDeleteTheirRelatedMembership.md b/doc/temp/debitorRelationAgent_canNotDeleteTheirRelatedMembership.md new file mode 100644 index 00000000..4dac220b --- /dev/null +++ b/doc/temp/debitorRelationAgent_canNotDeleteTheirRelatedMembership.md @@ -0,0 +1,79 @@ +### all grants to debitorRelationAgent_canNotDeleteTheirRelatedMembership + +```mermaid +%%{init:{'flowchart':{'htmlLabels':false}}}%% + +%% too many grants, graph is cropped +flowchart TB + +subgraph hs_office_membership#M-1000114[hs_office_membership#M-1000114] + + perm:SELECT:on:hs_office_membership#M-1000114{{SELECT + ref:9c63ac3a-6868-4295-9aa7-5050458660d0}} + + role:hs_office_membership#M-1000114.admin[admin + ref:50d4ac22-73e0-4099-8d22-dfb8fbbc09c8] + + role:hs_office_membership#M-1000114.owner[owner + ref:9d1cf21e-6fd3-4d63-9ad4-235aceae23ea] + + role:hs_office_membership#M-1000114.referrer[referrer + ref:d27f9a49-9247-4439-a45a-ca220a86cf8f] + +end + +subgraph global#global[global#global] + + role:global#global.admin[admin + ref:ee4b7242-17ac-4116-b0ee-7047b3d8b5d9] + +end + +subgraph hs_office_person#HostsharingeG[hs_office_person#HostsharingeG] + + role:hs_office_person#HostsharingeG.admin[admin + ref:47c7a3fd-4ccd-4502-b78e-35244041edba] + + role:hs_office_person#HostsharingeG.owner[owner + ref:ed265996-7729-46f9-b179-e87a33505930] + +end + +subgraph hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH[hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH] + + role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.admin[admin + ref:dd17fffe-15df-4df1-9457-363ffce49ee8] + + role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.owner[owner + ref:f6acdf0e-8a5b-4962-aeb8-880096717aee] + +end + +subgraph users[users] + + user:person-HostsharingeG(person-HostsharingeG@example.com + ref:5d19b678-9ba8-4f63-be72-5720faf32b96) + + user:superuser-alex(superuser-alex@hostsharing.net + ref:4576db49-1670-43ec-aaf1-6439dc1e9b01) + + user:superuser-fran(superuser-fran@hostsharing.net + ref:291e0d76-f70d-4cef-ba45-6fd630f1ae8d) + +end + +role:global#global.admin --> role:hs_office_person#HostsharingeG.owner +role:global#global.admin --> role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.owner +role:hs_office_membership#M-1000114.admin --> role:hs_office_membership#M-1000114.referrer +role:hs_office_membership#M-1000114.owner --> role:hs_office_membership#M-1000114.admin +role:hs_office_membership#M-1000114.referrer --> perm:SELECT:on:hs_office_membership#M-1000114 +role:hs_office_person#HostsharingeG.admin --> role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.admin +role:hs_office_person#HostsharingeG.owner --> role:hs_office_person#HostsharingeG.admin +role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.admin --> role:hs_office_membership#M-1000114.owner +role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.owner --> role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.admin +user:person-HostsharingeG --> role:hs_office_person#HostsharingeG.owner +user:superuser-alex --> role:global#global.admin +user:superuser-alex --> role:hs_office_membership#M-1000114.owner +user:superuser-alex --> role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.owner +user:superuser-fran --> role:global#global.admin +``` diff --git a/doc/temp/membership-select.md b/doc/temp/membership-select.md new file mode 100644 index 00000000..e5a643bd --- /dev/null +++ b/doc/temp/membership-select.md @@ -0,0 +1,101 @@ +### all grants to membership-select + +```mermaid +%%{init:{'flowchart':{'htmlLabels':false}}}%% + +%% too many grants, graph is cropped +flowchart TB + +subgraph global#global[global#global] + + role:global#global.admin[admin + ref:d1900267-5848-4bed-851b-70bde78ea586] + +end + +subgraph hs_office_person#HostsharingeG[hs_office_person#HostsharingeG] + + role:hs_office_person#HostsharingeG.admin[admin + ref:a4be908f-202f-412a-b25d-8bf42082ef86] + + role:hs_office_person#HostsharingeG.owner[owner + ref:2032c07b-0227-4eb2-bcbf-8c417ef673c1] + +end + +subgraph hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG[hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG] + + role:hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG.admin[admin + ref:aa6dc584-7e50-4f9e-85ff-23792683802f] + + role:hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG.agent[agent + ref:a8688860-53c3-45ff-92ce-9442d28d9196] + + role:hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG.owner[owner + ref:d0fb0a29-f7f0-48f9-82be-151c4ea3f4ec] + +end + +subgraph hs_office_person#ThirdOHG[hs_office_person#ThirdOHG] + + role:hs_office_person#ThirdOHG.admin[admin + ref:c8b186f5-17d0-460e-aa39-cca1f5f8404d] + + role:hs_office_person#ThirdOHG.owner[owner + ref:a0ed218b-a0cf-417d-8f82-73eae57e67f8] + +end + +subgraph users[users] + + user:person-HostsharingeG(person-HostsharingeG@example.com + ref:cc50ddc1-a722-47d7-984f-3094877e4496) + + user:person-ThirdOHG(person-ThirdOHG@example.com + ref:494c39a5-b410-4578-8d69-d026493c6731) + + user:superuser-alex(superuser-alex@hostsharing.net + ref:a580e215-2243-4c7e-a9e3-169b237b86b4) + + user:superuser-fran(superuser-fran@hostsharing.net + ref:ce6958ec-5e7a-4209-95b2-346c2eaaa22c) + +end + +subgraph hs_office_membership#M-1000303[hs_office_membership#M-1000303] + + perm:SELECT:on:hs_office_membership#M-1000303{{SELECT + ref:a1eb00eb-3f0f-471c-bf97-ce415e6991ab}} + + role:hs_office_membership#M-1000303.admin[admin + ref:a7eece29-79d1-4d41-beb8-2900b899e087] + + role:hs_office_membership#M-1000303.owner[owner + ref:8eee38e9-7bb2-4ad7-b427-3999e1c66fd1] + + role:hs_office_membership#M-1000303.referrer[referrer + ref:49506b45-aa23-495e-8938-e54b635691ae] + +end + +role:global#global.admin --> role:hs_office_person#HostsharingeG.owner +role:global#global.admin --> role:hs_office_person#ThirdOHG.owner +role:global#global.admin --> role:hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG.owner +role:hs_office_membership#M-1000303.admin --> role:hs_office_membership#M-1000303.referrer +role:hs_office_membership#M-1000303.owner --> role:hs_office_membership#M-1000303.admin +role:hs_office_membership#M-1000303.referrer --> perm:SELECT:on:hs_office_membership#M-1000303 +role:hs_office_person#HostsharingeG.admin --> role:hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG.admin +role:hs_office_person#HostsharingeG.owner --> role:hs_office_person#HostsharingeG.admin +role:hs_office_person#ThirdOHG.admin --> role:hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG.agent +role:hs_office_person#ThirdOHG.owner --> role:hs_office_person#ThirdOHG.admin +role:hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG.admin --> role:hs_office_membership#M-1000303.owner +role:hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG.admin --> role:hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG.agent +role:hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG.agent --> role:hs_office_membership#M-1000303.admin +role:hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG.owner --> role:hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG.admin +user:person-HostsharingeG --> role:hs_office_person#HostsharingeG.owner +user:person-ThirdOHG --> role:hs_office_person#ThirdOHG.owner +user:superuser-alex --> role:global#global.admin +user:superuser-alex --> role:hs_office_membership#M-1000303.owner +user:superuser-alex --> role:hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG.owner +user:superuser-fran --> role:global#global.admin +``` diff --git a/doc/temp/partner-updated.md b/doc/temp/partner-updated.md new file mode 100644 index 00000000..7de527f2 --- /dev/null +++ b/doc/temp/partner-updated.md @@ -0,0 +1,108 @@ +### all grants to partner-updated + +```mermaid +%%{init:{'flowchart':{'htmlLabels':false}}}%% + +flowchart TB + +subgraph global#global[global#global] + + role:global#global.admin[admin + ref:b7a0455f-4704-41f5-8ddc-70692bc46c01] + +end + +subgraph hs_office_partner#P-20036[hs_office_partner#P-20036] + + perm:SELECT:on:hs_office_partner#P-20036{{SELECT + ref:da2165d9-fb71-46ed-87bc-fed19e5de092}} + +end + +subgraph hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG[hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG] + + role:hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG.admin[admin + ref:dbefd579-063d-4e06-a9c4-e7ab27288dea] + + role:hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG.agent[agent + ref:3cd435a3-9f4f-4acc-a035-f781329db167] + + role:hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG.owner[owner + ref:4438ef8f-1fad-4a46-b562-3bdac51b7932] + + role:hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG.tenant[tenant + ref:14d138a2-1142-4ae8-b089-a8659654dcc5] + +end + +subgraph hs_office_person#HostsharingeG[hs_office_person#HostsharingeG] + + role:hs_office_person#HostsharingeG.admin[admin + ref:fb52b042-8204-4f96-86c7-ebf7e215aba4] + + role:hs_office_person#HostsharingeG.owner[owner + ref:1483555f-72af-40fc-bfed-5c9d13304d94] + +end + +subgraph hs_office_contact#sixthcontact[hs_office_contact#sixthcontact] + + role:hs_office_contact#sixthcontact.admin[admin + ref:3bb16898-f7f4-4dc3-9a45-8756462cc246] + + role:hs_office_contact#sixthcontact.owner[owner + ref:625707ee-ef28-4e38-8be5-e0126158f86f] + +end + +subgraph hs_office_person#ThirdOHG[hs_office_person#ThirdOHG] + + role:hs_office_person#ThirdOHG.admin[admin + ref:eccc1981-a813-4d6b-95cd-33ea310b1e8f] + + role:hs_office_person#ThirdOHG.owner[owner + ref:bffe1bc4-5a28-4bb5-8008-1d9189eed0dd] + +end + +subgraph users[users] + + user:contact-admin(contact-admin@sixthcontact.example.com + ref:4781a32f-7e5b-436f-8fa0-724cc1b8d74a) + + user:person-HostsharingeG(person-HostsharingeG@example.com + ref:e5f21c56-448f-4e69-8421-ad92439ea2db) + + user:person-ThirdOHG(person-ThirdOHG@example.com + ref:92c46960-abce-4763-9b10-d6682abed8ff) + + user:superuser-alex(superuser-alex@hostsharing.net + ref:bd7ba8ed-57cb-40e0-ab8a-c897f107bddc) + + user:superuser-fran(superuser-fran@hostsharing.net + ref:5800fee5-7919-4ef8-9ff8-353f1159925a) + +end + +role:global#global.admin --> role:hs_office_contact#sixthcontact.owner +role:global#global.admin --> role:hs_office_person#HostsharingeG.owner +role:global#global.admin --> role:hs_office_person#ThirdOHG.owner +role:global#global.admin --> role:hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG.owner +role:hs_office_contact#sixthcontact.admin --> role:hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG.tenant +role:hs_office_contact#sixthcontact.owner --> role:hs_office_contact#sixthcontact.admin +role:hs_office_person#HostsharingeG.admin --> role:hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG.admin +role:hs_office_person#HostsharingeG.owner --> role:hs_office_person#HostsharingeG.admin +role:hs_office_person#ThirdOHG.admin --> role:hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG.agent +role:hs_office_person#ThirdOHG.admin --> role:hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG.tenant +role:hs_office_person#ThirdOHG.owner --> role:hs_office_person#ThirdOHG.admin +role:hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG.admin --> role:hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG.agent +role:hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG.agent --> role:hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG.tenant +role:hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG.owner --> role:hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG.admin +role:hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG.tenant --> perm:SELECT:on:hs_office_partner#P-20036 +user:contact-admin --> role:hs_office_contact#sixthcontact.owner +user:person-HostsharingeG --> role:hs_office_person#HostsharingeG.owner +user:person-ThirdOHG --> role:hs_office_person#ThirdOHG.owner +user:superuser-alex --> role:global#global.admin +user:superuser-alex --> role:hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG.owner +user:superuser-fran --> role:global#global.admin +``` diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/InsertTriggerGenerator.java b/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/InsertTriggerGenerator.java index 329522c7..000988fa 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/InsertTriggerGenerator.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/InsertTriggerGenerator.java @@ -116,7 +116,6 @@ public class InsertTriggerGenerator { } else { final var superRoleEntityAlias = g.getSuperRoleDef().getEntityAlias(); if (superRoleEntityAlias.fetchSql().part == RbacView.SQL.Part.AUTO_FETCH) { - generateInsertPermissionTriggerAllowByRoleOfDirectForeignKey(plPgSql, g); } else { generateInsertPermissionTriggerAllowByRoleOfIndirectForeignKey(plPgSql, g); diff --git a/src/main/resources/api-definition/hs-office/hs-office-relations-schemas.yaml b/src/main/resources/api-definition/hs-office/hs-office-relation-schemas.yaml similarity index 100% rename from src/main/resources/api-definition/hs-office/hs-office-relations-schemas.yaml rename to src/main/resources/api-definition/hs-office/hs-office-relation-schemas.yaml diff --git a/src/main/resources/api-definition/hs-office/hs-office-relations-with-uuid.yaml b/src/main/resources/api-definition/hs-office/hs-office-relations-with-uuid.yaml index 4511b895..83b9cf3e 100644 --- a/src/main/resources/api-definition/hs-office/hs-office-relations-with-uuid.yaml +++ b/src/main/resources/api-definition/hs-office/hs-office-relations-with-uuid.yaml @@ -19,7 +19,7 @@ get: content: 'application/json': schema: - $ref: './hs-office-relations-schemas.yaml#/components/schemas/HsOfficeRelation' + $ref: './hs-office-relation-schemas.yaml#/components/schemas/HsOfficeRelation' "401": $ref: './error-responses.yaml#/components/responses/Unauthorized' @@ -44,14 +44,14 @@ patch: content: 'application/json': schema: - $ref: './hs-office-relations-schemas.yaml#/components/schemas/HsOfficeRelationPatch' + $ref: './hs-office-relation-schemas.yaml#/components/schemas/HsOfficeRelationPatch' responses: "200": description: OK content: 'application/json': schema: - $ref: './hs-office-relations-schemas.yaml#/components/schemas/HsOfficeRelation' + $ref: './hs-office-relation-schemas.yaml#/components/schemas/HsOfficeRelation' "401": $ref: './error-responses.yaml#/components/responses/Unauthorized' "403": diff --git a/src/main/resources/api-definition/hs-office/hs-office-relations.yaml b/src/main/resources/api-definition/hs-office/hs-office-relations.yaml index 6328974f..0c98075f 100644 --- a/src/main/resources/api-definition/hs-office/hs-office-relations.yaml +++ b/src/main/resources/api-definition/hs-office/hs-office-relations.yaml @@ -18,7 +18,7 @@ get: in: query required: false schema: - $ref: './hs-office-relations-schemas.yaml#/components/schemas/HsOfficeRelationType' + $ref: './hs-office-relation-schemas.yaml#/components/schemas/HsOfficeRelationType' description: Prefix of name properties from holder or contact to filter the results. responses: "200": @@ -28,7 +28,7 @@ get: schema: type: array items: - $ref: './hs-office-relations-schemas.yaml#/components/schemas/HsOfficeRelation' + $ref: './hs-office-relation-schemas.yaml#/components/schemas/HsOfficeRelation' "401": $ref: './error-responses.yaml#/components/responses/Unauthorized' "403": @@ -46,7 +46,7 @@ post: content: 'application/json': schema: - $ref: './hs-office-relations-schemas.yaml#/components/schemas/HsOfficeRelationInsert' + $ref: './hs-office-relation-schemas.yaml#/components/schemas/HsOfficeRelationInsert' required: true responses: "201": @@ -54,7 +54,7 @@ post: content: 'application/json': schema: - $ref: './hs-office-relations-schemas.yaml#/components/schemas/HsOfficeRelation' + $ref: './hs-office-relation-schemas.yaml#/components/schemas/HsOfficeRelation' "401": $ref: './error-responses.yaml#/components/responses/Unauthorized' "403":