From 5ef16c11d5b771306d967e9873ce13f3312a3645 Mon Sep 17 00:00:00 2001
From: Michael Hoennig <michael@hoennig.de>
Date: Tue, 6 Feb 2024 16:19:56 +0100
Subject: [PATCH] improve error message for duplicate grant

---
 .../resources/db/changelog/050-rbac-base.sql  | 26 ++++++++++++++++---
 1 file changed, 22 insertions(+), 4 deletions(-)

diff --git a/src/main/resources/db/changelog/050-rbac-base.sql b/src/main/resources/db/changelog/050-rbac-base.sql
index aab14b95..feedf419 100644
--- a/src/main/resources/db/changelog/050-rbac-base.sql
+++ b/src/main/resources/db/changelog/050-rbac-base.sql
@@ -440,9 +440,27 @@ select uuid
     where p.objectUuid = forObjectUuid
       and p.op in ('*', forOp)
 $$;
-
 --//
 
+
+-- ============================================================================
+--changeset rbac-base-duplicate-role-grant-exception:1 endDelimiter:--//
+-- ----------------------------------------------------------------------------
+
+create or replace procedure raiseDuplicateRoleGrantException(subRoleId uuid, superRoleId uuid)
+    language plpgsql as $$
+declare
+    subRoleIdName text;
+    superRoleIdName text;
+begin
+    select roleIdName from rbacRole_ev where uuid=subRoleId into subRoleIdName;
+    select roleIdName from rbacRole_ev where uuid=superRoleId into superRoleIdName;
+    raise exception '[400] Duplicate role grant detected: role % (%) already granted to % (%)', subRoleId, subRoleIdName, superRoleId, superRoleIdName;
+end;
+$$;
+--//
+
+
 -- ============================================================================
 --changeset rbac-base-GRANTS:1 endDelimiter:--//
 -- ----------------------------------------------------------------------------
@@ -575,7 +593,7 @@ begin
     perform assertReferenceType('subRoleId (descendant)', subRoleId, 'RbacRole');
 
     if isGranted(subRoleId, superRoleId) then
-        raise exception '[400] Cyclic role grant detected between % and %', subRoleId, superRoleId;
+        call raiseDuplicateRoleGrantException(subRoleId, superRoleId);
     end if;
 
     insert
@@ -598,7 +616,7 @@ begin
     perform assertReferenceType('subRoleId (descendant)', subRoleId, 'RbacRole');
 
     if isGranted(subRoleId, superRoleId) then
-        raise exception '[400] Cyclic role grant detected between % and %', subRoleId, superRoleId;
+        call raiseDuplicateRoleGrantException(subRoleId, superRoleId);
     end if;
 
     insert
@@ -621,7 +639,7 @@ begin
     perform assertReferenceType('subRoleId (descendant)', subRoleId, 'RbacRole');
 
     if isGranted(subRoleId, superRoleId) then
-        raise exception '[400] Cyclic role grant detected between % and %', subRoleId, superRoleId;
+        call raiseDuplicateRoleGrantException(subRoleId, superRoleId);
     end if;
 
     insert