From 632bf7d29ba70a597f3f33ddb2795b8551dca9db Mon Sep 17 00:00:00 2001 From: Michael Hoennig Date: Thu, 19 Sep 2024 12:14:13 +0200 Subject: [PATCH] rename customerOwner -> rbactest.customer_OWNER etc. --- doc/rbac-performance-analysis.md | 4 +-- .../changelog/1-rbac/1058-rbac-generators.sql | 1 - .../2013-rbactest-customer-rbac.sql | 10 +++--- .../2018-rbactest-customer-test-data.sql | 4 +-- .../2023-rbactest-package-rbac.sql | 26 +++++++------- .../2028-rbactest-package-test-data.sql | 4 +-- .../2033-rbactest-domain-rbac.sql | 28 +++++++-------- .../5013-hs-office-contact-rbac.sql | 10 +++--- .../502-person/5023-hs-office-person-rbac.sql | 10 +++--- .../5033-hs-office-relation-rbac.sql | 36 +++++++++---------- .../5043-hs-office-partner-rbac.sql | 36 +++++++++---------- .../5053-hs-office-bankaccount-rbac.sql | 10 +++--- .../5063-hs-office-debitor-rbac.sql | 16 ++++----- .../5073-hs-office-sepamandate-rbac.sql | 28 +++++++-------- .../5103-hs-office-membership-rbac.sql | 16 ++++----- .../5113-hs-office-coopshares-rbac.sql | 8 ++--- .../5123-hs-office-coopassets-rbac.sql | 8 ++--- .../6203-hs-booking-project-rbac.sql | 22 ++++++------ .../6303-hs-booking-item-rbac.sql | 28 +++++++-------- .../7013-hs-hosting-asset-rbac.sql | 34 +++++++++--------- src/test/resources/application.yml | 2 +- 21 files changed, 170 insertions(+), 171 deletions(-) diff --git a/doc/rbac-performance-analysis.md b/doc/rbac-performance-analysis.md index 39037b8d..2033e160 100644 --- a/doc/rbac-performance-analysis.md +++ b/doc/rbac-performance-analysis.md @@ -338,8 +338,8 @@ Now, the longest running queries are these: | 6 | 123.740 | 3 | 2 | with recursive grants as ( select descendantUuid, ascendantUuid from RbacGrants where descendantUuid = grantedId union all select "grant".descendantUuid, "grant".ascendantUuid from RbacGrants "grant" inner join grants recur on recur.ascendantUuid = "grant".descendantUuid ) select exists ( select $3 from grants where ascendantUuid = any(granteeIds) ) or grantedId = any(granteeIds) | | 7 | 497 | 2 | 259 | select hoce1_0.uuid,hoce1_0.caption,hoce1_0.emailaddresses,hoce1_0.phonenumbers,hoce1_0.postaladdress,hoce1_0.version from public.hs_office.contact_rv hoce1_0 where hoce1_0.uuid=$1 | | 8 | 497 | 2 | 255 | select hope1_0.uuid,hope1_0.familyname,hope1_0.givenname,hope1_0.persontype,hope1_0.salutation,hope1_0.title,hope1_0.tradename,hope1_0.version from public.hs_office.person_rv hope1_0 where hope1_0.uuid=$1 | -| 9 | 13.144 | 1 | 8 | SELECT createRoleWithGrants( hsHostingAssetTENANT(NEW), permissions => array[$7], incomingSuperRoles => array[ hsHostingAssetAGENT(NEW), hsOfficeContactADMIN(newAlarmContact)], outgoingSubRoles => array[ hsBookingItemTENANT(newBookingItem), hsHostingAssetTENANT(newParentAsset)] ) | -| 10 | 13.144 | 1 | 5 | SELECT createRoleWithGrants( hsHostingAssetADMIN(NEW), permissions => array[$7], incomingSuperRoles => array[ hsBookingItemAGENT(newBookingItem), hsHostingAssetAGENT(newParentAsset), hsHostingAssetOWNER(NEW)] ) | +| 9 | 13.144 | 1 | 8 | SELECT createRoleWithGrants( hs_hosting.asset_TENANT(NEW), permissions => array[$7], incomingSuperRoles => array[ hs_hosting.asset_AGENT(NEW), hs_office.contact_ADMIN(newAlarmContact)], outgoingSubRoles => array[ hs_booking.item_TENANT(newBookingItem), hs_hosting.asset_TENANT(newParentAsset)] ) | +| 10 | 13.144 | 1 | 5 | SELECT createRoleWithGrants( hs_hosting.asset_ADMIN(NEW), permissions => array[$7], incomingSuperRoles => array[ hs_booking.item_AGENT(newBookingItem), hs_hosting.asset_AGENT(newParentAsset), hs_hosting.asset_OWNER(NEW)] ) | That the `INSERT into hs_hosting.asset` (No. 1) takes up the most time, seems to be normal, and 21ms for each call is also fine. diff --git a/src/main/resources/db/changelog/1-rbac/1058-rbac-generators.sql b/src/main/resources/db/changelog/1-rbac/1058-rbac-generators.sql index e7e4db47..852a023e 100644 --- a/src/main/resources/db/changelog/1-rbac/1058-rbac-generators.sql +++ b/src/main/resources/db/changelog/1-rbac/1058-rbac-generators.sql @@ -105,7 +105,6 @@ begin end; $f$; $sql$, targetTable); - raise exception 'generated-SQL: %', sql; execute sql; end; $$; --// diff --git a/src/main/resources/db/changelog/2-rbactest/201-rbactest-customer/2013-rbactest-customer-rbac.sql b/src/main/resources/db/changelog/2-rbactest/201-rbactest-customer/2013-rbactest-customer-rbac.sql index 02022c11..f46fdecf 100644 --- a/src/main/resources/db/changelog/2-rbactest/201-rbactest-customer/2013-rbactest-customer-rbac.sql +++ b/src/main/resources/db/changelog/2-rbactest/201-rbactest-customer/2013-rbactest-customer-rbac.sql @@ -35,22 +35,22 @@ begin call rbac.enterTriggerForObjectUuid(NEW.uuid); perform rbac.defineRoleWithGrants( - testCustomerOWNER(NEW), + rbactest.customer_OWNER(NEW), permissions => array['DELETE'], incomingSuperRoles => array[rbac.globalADMIN(rbac.unassumed())], subjectUuids => array[rbac.currentSubjectUuid()] ); perform rbac.defineRoleWithGrants( - testCustomerADMIN(NEW), + rbactest.customer_ADMIN(NEW), permissions => array['UPDATE'], - incomingSuperRoles => array[testCustomerOWNER(NEW)] + incomingSuperRoles => array[rbactest.customer_OWNER(NEW)] ); perform rbac.defineRoleWithGrants( - testCustomerTENANT(NEW), + rbactest.customer_TENANT(NEW), permissions => array['SELECT'], - incomingSuperRoles => array[testCustomerADMIN(NEW)] + incomingSuperRoles => array[rbactest.customer_ADMIN(NEW)] ); call rbac.leaveTriggerForObjectUuid(NEW.uuid); diff --git a/src/main/resources/db/changelog/2-rbactest/201-rbactest-customer/2018-rbactest-customer-test-data.sql b/src/main/resources/db/changelog/2-rbactest/201-rbactest-customer/2018-rbactest-customer-test-data.sql index af57b169..6fbd5d90 100644 --- a/src/main/resources/db/changelog/2-rbactest/201-rbactest-customer/2018-rbactest-customer-test-data.sql +++ b/src/main/resources/db/changelog/2-rbactest/201-rbactest-customer/2018-rbactest-customer-test-data.sql @@ -41,8 +41,8 @@ begin select * into newCust from rbactest.customer where reference=custReference; call rbac.grantRoleToSubject( - rbac.getRoleId(testCustomerOwner(newCust)), - rbac.getRoleId(testCustomerAdmin(newCust)), + rbac.getRoleId(rbactest.customer_OWNER(newCust)), + rbac.getRoleId(rbactest.customer_ADMIN(newCust)), custAdminUuid, true); end; $$; diff --git a/src/main/resources/db/changelog/2-rbactest/202-rbactest-package/2023-rbactest-package-rbac.sql b/src/main/resources/db/changelog/2-rbactest/202-rbactest-package/2023-rbactest-package-rbac.sql index 72a5d33e..6cd43f38 100644 --- a/src/main/resources/db/changelog/2-rbactest/202-rbactest-package/2023-rbactest-package-rbac.sql +++ b/src/main/resources/db/changelog/2-rbactest/202-rbactest-package/2023-rbactest-package-rbac.sql @@ -40,21 +40,21 @@ begin perform rbac.defineRoleWithGrants( - testPackageOWNER(NEW), + rbactest.package_OWNER(NEW), permissions => array['DELETE', 'UPDATE'], - incomingSuperRoles => array[testCustomerADMIN(newCustomer)] + incomingSuperRoles => array[rbactest.customer_ADMIN(newCustomer)] ); perform rbac.defineRoleWithGrants( - testPackageADMIN(NEW), - incomingSuperRoles => array[testPackageOWNER(NEW)] + rbactest.package_ADMIN(NEW), + incomingSuperRoles => array[rbactest.package_OWNER(NEW)] ); perform rbac.defineRoleWithGrants( - testPackageTENANT(NEW), + rbactest.package_TENANT(NEW), permissions => array['SELECT'], - incomingSuperRoles => array[testPackageADMIN(NEW)], - outgoingSubRoles => array[testCustomerTENANT(newCustomer)] + incomingSuperRoles => array[rbactest.package_ADMIN(NEW)], + outgoingSubRoles => array[rbactest.customer_TENANT(newCustomer)] ); call rbac.leaveTriggerForObjectUuid(NEW.uuid); @@ -110,11 +110,11 @@ begin if NEW.customerUuid <> OLD.customerUuid then - call rbac.revokeRoleFromRole(testPackageOWNER(OLD), testCustomerADMIN(oldCustomer)); - call rbac.grantRoleToRole(testPackageOWNER(NEW), testCustomerADMIN(newCustomer)); + call rbac.revokeRoleFromRole(rbactest.package_OWNER(OLD), rbactest.customer_ADMIN(oldCustomer)); + call rbac.grantRoleToRole(rbactest.package_OWNER(NEW), rbactest.customer_ADMIN(newCustomer)); - call rbac.revokeRoleFromRole(testCustomerTENANT(oldCustomer), testPackageTENANT(OLD)); - call rbac.grantRoleToRole(testCustomerTENANT(newCustomer), testPackageTENANT(NEW)); + call rbac.revokeRoleFromRole(rbactest.customer_TENANT(oldCustomer), rbactest.package_TENANT(OLD)); + call rbac.grantRoleToRole(rbactest.customer_TENANT(newCustomer), rbactest.package_TENANT(NEW)); end if; @@ -161,7 +161,7 @@ do language plpgsql $$ LOOP call rbac.grantPermissionToRole( rbac.createPermission(row.uuid, 'INSERT', 'rbactest.package'), - testCustomerADMIN(row)); + rbactest.customer_ADMIN(row)); END LOOP; end; $$; @@ -177,7 +177,7 @@ begin -- unconditional for all rows in that table call rbac.grantPermissionToRole( rbac.createPermission(NEW.uuid, 'INSERT', 'rbactest.package'), - testCustomerADMIN(NEW)); + rbactest.customer_ADMIN(NEW)); -- end. return NEW; end; $$; diff --git a/src/main/resources/db/changelog/2-rbactest/202-rbactest-package/2028-rbactest-package-test-data.sql b/src/main/resources/db/changelog/2-rbactest/202-rbactest-package/2028-rbactest-package-test-data.sql index 4b227df2..c86f5aba 100644 --- a/src/main/resources/db/changelog/2-rbactest/202-rbactest-package/2028-rbactest-package-test-data.sql +++ b/src/main/resources/db/changelog/2-rbactest/202-rbactest-package/2028-rbactest-package-test-data.sql @@ -30,8 +30,8 @@ begin returning * into pac; call rbac.grantRoleToSubject( - rbac.getRoleId(testCustomerAdmin(cust)), - rbac.findRoleId(testPackageAdmin(pac)), + rbac.getRoleId(rbactest.customer_ADMIN(cust)), + rbac.findRoleId(rbactest.package_ADMIN(pac)), rbac.create_subject('pac-admin-' || pacName || '@' || cust.prefix || '.example.com'), true); diff --git a/src/main/resources/db/changelog/2-rbactest/203-rbactest-domain/2033-rbactest-domain-rbac.sql b/src/main/resources/db/changelog/2-rbactest/203-rbactest-domain/2033-rbactest-domain-rbac.sql index 7aada58b..4d5ff601 100644 --- a/src/main/resources/db/changelog/2-rbactest/203-rbactest-domain/2033-rbactest-domain-rbac.sql +++ b/src/main/resources/db/changelog/2-rbactest/203-rbactest-domain/2033-rbactest-domain-rbac.sql @@ -40,17 +40,17 @@ begin perform rbac.defineRoleWithGrants( - testDomainOWNER(NEW), + rbactest.domain_OWNER(NEW), permissions => array['DELETE', 'UPDATE'], - incomingSuperRoles => array[testPackageADMIN(newPackage)], - outgoingSubRoles => array[testPackageTENANT(newPackage)] + incomingSuperRoles => array[rbactest.package_ADMIN(newPackage)], + outgoingSubRoles => array[rbactest.package_TENANT(newPackage)] ); perform rbac.defineRoleWithGrants( - testDomainADMIN(NEW), + rbactest.domain_ADMIN(NEW), permissions => array['SELECT'], - incomingSuperRoles => array[testDomainOWNER(NEW)], - outgoingSubRoles => array[testPackageTENANT(newPackage)] + incomingSuperRoles => array[rbactest.domain_OWNER(NEW)], + outgoingSubRoles => array[rbactest.package_TENANT(newPackage)] ); call rbac.leaveTriggerForObjectUuid(NEW.uuid); @@ -106,14 +106,14 @@ begin if NEW.packageUuid <> OLD.packageUuid then - call rbac.revokeRoleFromRole(testDomainOWNER(OLD), testPackageADMIN(oldPackage)); - call rbac.grantRoleToRole(testDomainOWNER(NEW), testPackageADMIN(newPackage)); + call rbac.revokeRoleFromRole(rbactest.domain_OWNER(OLD), rbactest.package_ADMIN(oldPackage)); + call rbac.grantRoleToRole(rbactest.domain_OWNER(NEW), rbactest.package_ADMIN(newPackage)); - call rbac.revokeRoleFromRole(testPackageTENANT(oldPackage), testDomainOWNER(OLD)); - call rbac.grantRoleToRole(testPackageTENANT(newPackage), testDomainOWNER(NEW)); + call rbac.revokeRoleFromRole(rbactest.package_TENANT(oldPackage), rbactest.domain_OWNER(OLD)); + call rbac.grantRoleToRole(rbactest.package_TENANT(newPackage), rbactest.domain_OWNER(NEW)); - call rbac.revokeRoleFromRole(testPackageTENANT(oldPackage), testDomainADMIN(OLD)); - call rbac.grantRoleToRole(testPackageTENANT(newPackage), testDomainADMIN(NEW)); + call rbac.revokeRoleFromRole(rbactest.package_TENANT(oldPackage), rbactest.domain_ADMIN(OLD)); + call rbac.grantRoleToRole(rbactest.package_TENANT(newPackage), rbactest.domain_ADMIN(NEW)); end if; @@ -160,7 +160,7 @@ do language plpgsql $$ LOOP call rbac.grantPermissionToRole( rbac.createPermission(row.uuid, 'INSERT', 'rbactest.domain'), - testPackageADMIN(row)); + rbactest.package_ADMIN(row)); END LOOP; end; $$; @@ -176,7 +176,7 @@ begin -- unconditional for all rows in that table call rbac.grantPermissionToRole( rbac.createPermission(NEW.uuid, 'INSERT', 'rbactest.domain'), - testPackageADMIN(NEW)); + rbactest.package_ADMIN(NEW)); -- end. return NEW; end; $$; diff --git a/src/main/resources/db/changelog/5-hs-office/501-contact/5013-hs-office-contact-rbac.sql b/src/main/resources/db/changelog/5-hs-office/501-contact/5013-hs-office-contact-rbac.sql index fad804a1..12c2517e 100644 --- a/src/main/resources/db/changelog/5-hs-office/501-contact/5013-hs-office-contact-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/501-contact/5013-hs-office-contact-rbac.sql @@ -35,22 +35,22 @@ begin call rbac.enterTriggerForObjectUuid(NEW.uuid); perform rbac.defineRoleWithGrants( - hsOfficeContactOWNER(NEW), + hs_office.contact_OWNER(NEW), permissions => array['DELETE'], incomingSuperRoles => array[rbac.globalADMIN()], subjectUuids => array[rbac.currentSubjectUuid()] ); perform rbac.defineRoleWithGrants( - hsOfficeContactADMIN(NEW), + hs_office.contact_ADMIN(NEW), permissions => array['UPDATE'], - incomingSuperRoles => array[hsOfficeContactOWNER(NEW)] + incomingSuperRoles => array[hs_office.contact_OWNER(NEW)] ); perform rbac.defineRoleWithGrants( - hsOfficeContactREFERRER(NEW), + hs_office.contact_REFERRER(NEW), permissions => array['SELECT'], - incomingSuperRoles => array[hsOfficeContactADMIN(NEW)] + incomingSuperRoles => array[hs_office.contact_ADMIN(NEW)] ); call rbac.leaveTriggerForObjectUuid(NEW.uuid); diff --git a/src/main/resources/db/changelog/5-hs-office/502-person/5023-hs-office-person-rbac.sql b/src/main/resources/db/changelog/5-hs-office/502-person/5023-hs-office-person-rbac.sql index 2a0f1a42..0a7fabb5 100644 --- a/src/main/resources/db/changelog/5-hs-office/502-person/5023-hs-office-person-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/502-person/5023-hs-office-person-rbac.sql @@ -35,22 +35,22 @@ begin call rbac.enterTriggerForObjectUuid(NEW.uuid); perform rbac.defineRoleWithGrants( - hsOfficePersonOWNER(NEW), + hs_office.person_OWNER(NEW), permissions => array['DELETE'], incomingSuperRoles => array[rbac.globalADMIN()], subjectUuids => array[rbac.currentSubjectUuid()] ); perform rbac.defineRoleWithGrants( - hsOfficePersonADMIN(NEW), + hs_office.person_ADMIN(NEW), permissions => array['UPDATE'], - incomingSuperRoles => array[hsOfficePersonOWNER(NEW)] + incomingSuperRoles => array[hs_office.person_OWNER(NEW)] ); perform rbac.defineRoleWithGrants( - hsOfficePersonREFERRER(NEW), + hs_office.person_REFERRER(NEW), permissions => array['SELECT'], - incomingSuperRoles => array[hsOfficePersonADMIN(NEW)] + incomingSuperRoles => array[hs_office.person_ADMIN(NEW)] ); call rbac.leaveTriggerForObjectUuid(NEW.uuid); diff --git a/src/main/resources/db/changelog/5-hs-office/503-relation/5033-hs-office-relation-rbac.sql b/src/main/resources/db/changelog/5-hs-office/503-relation/5033-hs-office-relation-rbac.sql index 1d750626..b390f638 100644 --- a/src/main/resources/db/changelog/5-hs-office/503-relation/5033-hs-office-relation-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/503-relation/5033-hs-office-relation-rbac.sql @@ -48,42 +48,42 @@ begin perform rbac.defineRoleWithGrants( - hsOfficeRelationOWNER(NEW), + hs_office.relation_OWNER(NEW), permissions => array['DELETE'], incomingSuperRoles => array[rbac.globalADMIN()], subjectUuids => array[rbac.currentSubjectUuid()] ); perform rbac.defineRoleWithGrants( - hsOfficeRelationADMIN(NEW), + hs_office.relation_ADMIN(NEW), permissions => array['UPDATE'], - incomingSuperRoles => array[hsOfficeRelationOWNER(NEW)] + incomingSuperRoles => array[hs_office.relation_OWNER(NEW)] ); perform rbac.defineRoleWithGrants( - hsOfficeRelationAGENT(NEW), - incomingSuperRoles => array[hsOfficeRelationADMIN(NEW)] + hs_office.relation_AGENT(NEW), + incomingSuperRoles => array[hs_office.relation_ADMIN(NEW)] ); perform rbac.defineRoleWithGrants( - hsOfficeRelationTENANT(NEW), + hs_office.relation_TENANT(NEW), permissions => array['SELECT'], incomingSuperRoles => array[ - hsOfficeContactADMIN(newContact), - hsOfficeRelationAGENT(NEW)], + hs_office.contact_ADMIN(newContact), + hs_office.relation_AGENT(NEW)], outgoingSubRoles => array[ - hsOfficeContactREFERRER(newContact), - hsOfficePersonREFERRER(newAnchorPerson), - hsOfficePersonREFERRER(newHolderPerson)] + hs_office.contact_REFERRER(newContact), + hs_office.person_REFERRER(newAnchorPerson), + hs_office.person_REFERRER(newHolderPerson)] ); IF NEW.type = 'REPRESENTATIVE' THEN - call rbac.grantRoleToRole(hsOfficePersonOWNER(newAnchorPerson), hsOfficeRelationADMIN(NEW)); - call rbac.grantRoleToRole(hsOfficeRelationAGENT(NEW), hsOfficePersonADMIN(newAnchorPerson)); - call rbac.grantRoleToRole(hsOfficeRelationOWNER(NEW), hsOfficePersonADMIN(newHolderPerson)); + call rbac.grantRoleToRole(hs_office.person_OWNER(newAnchorPerson), hs_office.relation_ADMIN(NEW)); + call rbac.grantRoleToRole(hs_office.relation_AGENT(NEW), hs_office.person_ADMIN(newAnchorPerson)); + call rbac.grantRoleToRole(hs_office.relation_OWNER(NEW), hs_office.person_ADMIN(newHolderPerson)); ELSE - call rbac.grantRoleToRole(hsOfficeRelationAGENT(NEW), hsOfficePersonADMIN(newHolderPerson)); - call rbac.grantRoleToRole(hsOfficeRelationOWNER(NEW), hsOfficePersonADMIN(newAnchorPerson)); + call rbac.grantRoleToRole(hs_office.relation_AGENT(NEW), hs_office.person_ADMIN(newHolderPerson)); + call rbac.grantRoleToRole(hs_office.relation_OWNER(NEW), hs_office.person_ADMIN(newAnchorPerson)); END IF; call rbac.leaveTriggerForObjectUuid(NEW.uuid); @@ -170,7 +170,7 @@ do language plpgsql $$ LOOP call rbac.grantPermissionToRole( rbac.createPermission(row.uuid, 'INSERT', 'hs_office.relation'), - hsOfficePersonADMIN(row)); + hs_office.person_ADMIN(row)); END LOOP; end; $$; @@ -186,7 +186,7 @@ begin -- unconditional for all rows in that table call rbac.grantPermissionToRole( rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office.relation'), - hsOfficePersonADMIN(NEW)); + hs_office.person_ADMIN(NEW)); -- end. return NEW; end; $$; diff --git a/src/main/resources/db/changelog/5-hs-office/504-partner/5043-hs-office-partner-rbac.sql b/src/main/resources/db/changelog/5-hs-office/504-partner/5043-hs-office-partner-rbac.sql index 79dab51e..c490423b 100644 --- a/src/main/resources/db/changelog/5-hs-office/504-partner/5043-hs-office-partner-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/504-partner/5043-hs-office-partner-rbac.sql @@ -42,12 +42,12 @@ begin SELECT * FROM hs_office.partner_details WHERE uuid = NEW.detailsUuid INTO newPartnerDetails; assert newPartnerDetails.uuid is not null, format('newPartnerDetails must not be null for NEW.detailsUuid = %s', NEW.detailsUuid); - call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'DELETE'), hsOfficeRelationOWNER(newPartnerRel)); - call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'SELECT'), hsOfficeRelationTENANT(newPartnerRel)); - call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'UPDATE'), hsOfficeRelationADMIN(newPartnerRel)); - call rbac.grantPermissionToRole(rbac.createPermission(newPartnerDetails.uuid, 'DELETE'), hsOfficeRelationOWNER(newPartnerRel)); - call rbac.grantPermissionToRole(rbac.createPermission(newPartnerDetails.uuid, 'SELECT'), hsOfficeRelationAGENT(newPartnerRel)); - call rbac.grantPermissionToRole(rbac.createPermission(newPartnerDetails.uuid, 'UPDATE'), hsOfficeRelationAGENT(newPartnerRel)); + call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'DELETE'), hs_office.relation_OWNER(newPartnerRel)); + call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'SELECT'), hs_office.relation_TENANT(newPartnerRel)); + call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'UPDATE'), hs_office.relation_ADMIN(newPartnerRel)); + call rbac.grantPermissionToRole(rbac.createPermission(newPartnerDetails.uuid, 'DELETE'), hs_office.relation_OWNER(newPartnerRel)); + call rbac.grantPermissionToRole(rbac.createPermission(newPartnerDetails.uuid, 'SELECT'), hs_office.relation_AGENT(newPartnerRel)); + call rbac.grantPermissionToRole(rbac.createPermission(newPartnerDetails.uuid, 'UPDATE'), hs_office.relation_AGENT(newPartnerRel)); call rbac.leaveTriggerForObjectUuid(NEW.uuid); end; $$; @@ -110,23 +110,23 @@ begin if NEW.partnerRelUuid <> OLD.partnerRelUuid then - call rbac.revokePermissionFromRole(rbac.getPermissionId(OLD.uuid, 'DELETE'), hsOfficeRelationOWNER(oldPartnerRel)); - call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'DELETE'), hsOfficeRelationOWNER(newPartnerRel)); + call rbac.revokePermissionFromRole(rbac.getPermissionId(OLD.uuid, 'DELETE'), hs_office.relation_OWNER(oldPartnerRel)); + call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'DELETE'), hs_office.relation_OWNER(newPartnerRel)); - call rbac.revokePermissionFromRole(rbac.getPermissionId(OLD.uuid, 'UPDATE'), hsOfficeRelationADMIN(oldPartnerRel)); - call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'UPDATE'), hsOfficeRelationADMIN(newPartnerRel)); + call rbac.revokePermissionFromRole(rbac.getPermissionId(OLD.uuid, 'UPDATE'), hs_office.relation_ADMIN(oldPartnerRel)); + call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'UPDATE'), hs_office.relation_ADMIN(newPartnerRel)); - call rbac.revokePermissionFromRole(rbac.getPermissionId(OLD.uuid, 'SELECT'), hsOfficeRelationTENANT(oldPartnerRel)); - call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'SELECT'), hsOfficeRelationTENANT(newPartnerRel)); + call rbac.revokePermissionFromRole(rbac.getPermissionId(OLD.uuid, 'SELECT'), hs_office.relation_TENANT(oldPartnerRel)); + call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'SELECT'), hs_office.relation_TENANT(newPartnerRel)); - call rbac.revokePermissionFromRole(rbac.getPermissionId(oldPartnerDetails.uuid, 'DELETE'), hsOfficeRelationOWNER(oldPartnerRel)); - call rbac.grantPermissionToRole(rbac.createPermission(newPartnerDetails.uuid, 'DELETE'), hsOfficeRelationOWNER(newPartnerRel)); + call rbac.revokePermissionFromRole(rbac.getPermissionId(oldPartnerDetails.uuid, 'DELETE'), hs_office.relation_OWNER(oldPartnerRel)); + call rbac.grantPermissionToRole(rbac.createPermission(newPartnerDetails.uuid, 'DELETE'), hs_office.relation_OWNER(newPartnerRel)); - call rbac.revokePermissionFromRole(rbac.getPermissionId(oldPartnerDetails.uuid, 'UPDATE'), hsOfficeRelationAGENT(oldPartnerRel)); - call rbac.grantPermissionToRole(rbac.createPermission(newPartnerDetails.uuid, 'UPDATE'), hsOfficeRelationAGENT(newPartnerRel)); + call rbac.revokePermissionFromRole(rbac.getPermissionId(oldPartnerDetails.uuid, 'UPDATE'), hs_office.relation_AGENT(oldPartnerRel)); + call rbac.grantPermissionToRole(rbac.createPermission(newPartnerDetails.uuid, 'UPDATE'), hs_office.relation_AGENT(newPartnerRel)); - call rbac.revokePermissionFromRole(rbac.getPermissionId(oldPartnerDetails.uuid, 'SELECT'), hsOfficeRelationAGENT(oldPartnerRel)); - call rbac.grantPermissionToRole(rbac.createPermission(newPartnerDetails.uuid, 'SELECT'), hsOfficeRelationAGENT(newPartnerRel)); + call rbac.revokePermissionFromRole(rbac.getPermissionId(oldPartnerDetails.uuid, 'SELECT'), hs_office.relation_AGENT(oldPartnerRel)); + call rbac.grantPermissionToRole(rbac.createPermission(newPartnerDetails.uuid, 'SELECT'), hs_office.relation_AGENT(newPartnerRel)); end if; diff --git a/src/main/resources/db/changelog/5-hs-office/505-bankaccount/5053-hs-office-bankaccount-rbac.sql b/src/main/resources/db/changelog/5-hs-office/505-bankaccount/5053-hs-office-bankaccount-rbac.sql index 3257b0a0..0726cc38 100644 --- a/src/main/resources/db/changelog/5-hs-office/505-bankaccount/5053-hs-office-bankaccount-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/505-bankaccount/5053-hs-office-bankaccount-rbac.sql @@ -35,22 +35,22 @@ begin call rbac.enterTriggerForObjectUuid(NEW.uuid); perform rbac.defineRoleWithGrants( - hsOfficeBankAccountOWNER(NEW), + hs_office.bankaccount_OWNER(NEW), permissions => array['DELETE'], incomingSuperRoles => array[rbac.globalADMIN()], subjectUuids => array[rbac.currentSubjectUuid()] ); perform rbac.defineRoleWithGrants( - hsOfficeBankAccountADMIN(NEW), + hs_office.bankaccount_ADMIN(NEW), permissions => array['UPDATE'], - incomingSuperRoles => array[hsOfficeBankAccountOWNER(NEW)] + incomingSuperRoles => array[hs_office.bankaccount_OWNER(NEW)] ); perform rbac.defineRoleWithGrants( - hsOfficeBankAccountREFERRER(NEW), + hs_office.bankaccount_REFERRER(NEW), permissions => array['SELECT'], - incomingSuperRoles => array[hsOfficeBankAccountADMIN(NEW)] + incomingSuperRoles => array[hs_office.bankaccount_ADMIN(NEW)] ); call rbac.leaveTriggerForObjectUuid(NEW.uuid); diff --git a/src/main/resources/db/changelog/5-hs-office/506-debitor/5063-hs-office-debitor-rbac.sql b/src/main/resources/db/changelog/5-hs-office/506-debitor/5063-hs-office-debitor-rbac.sql index 255aa486..449d42fd 100644 --- a/src/main/resources/db/changelog/5-hs-office/506-debitor/5063-hs-office-debitor-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/506-debitor/5063-hs-office-debitor-rbac.sql @@ -51,15 +51,15 @@ begin SELECT * FROM hs_office.bankaccount WHERE uuid = NEW.refundBankAccountUuid INTO newRefundBankAccount; - call rbac.grantRoleToRole(hsOfficeBankAccountREFERRER(newRefundBankAccount), hsOfficeRelationAGENT(newDebitorRel)); - call rbac.grantRoleToRole(hsOfficeRelationADMIN(newDebitorRel), hsOfficeRelationADMIN(newPartnerRel)); - call rbac.grantRoleToRole(hsOfficeRelationAGENT(newDebitorRel), hsOfficeBankAccountADMIN(newRefundBankAccount)); - call rbac.grantRoleToRole(hsOfficeRelationAGENT(newDebitorRel), hsOfficeRelationAGENT(newPartnerRel)); - call rbac.grantRoleToRole(hsOfficeRelationTENANT(newPartnerRel), hsOfficeRelationAGENT(newDebitorRel)); + call rbac.grantRoleToRole(hs_office.bankaccount_REFERRER(newRefundBankAccount), hs_office.relation_AGENT(newDebitorRel)); + call rbac.grantRoleToRole(hs_office.relation_ADMIN(newDebitorRel), hs_office.relation_ADMIN(newPartnerRel)); + call rbac.grantRoleToRole(hs_office.relation_AGENT(newDebitorRel), hs_office.bankaccount_ADMIN(newRefundBankAccount)); + call rbac.grantRoleToRole(hs_office.relation_AGENT(newDebitorRel), hs_office.relation_AGENT(newPartnerRel)); + call rbac.grantRoleToRole(hs_office.relation_TENANT(newPartnerRel), hs_office.relation_AGENT(newDebitorRel)); - call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'DELETE'), hsOfficeRelationOWNER(newDebitorRel)); - call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'SELECT'), hsOfficeRelationTENANT(newDebitorRel)); - call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'UPDATE'), hsOfficeRelationADMIN(newDebitorRel)); + call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'DELETE'), hs_office.relation_OWNER(newDebitorRel)); + call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'SELECT'), hs_office.relation_TENANT(newDebitorRel)); + call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'UPDATE'), hs_office.relation_ADMIN(newDebitorRel)); call rbac.leaveTriggerForObjectUuid(NEW.uuid); end; $$; diff --git a/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5073-hs-office-sepamandate-rbac.sql b/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5073-hs-office-sepamandate-rbac.sql index 300729d8..9f60b327 100644 --- a/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5073-hs-office-sepamandate-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5073-hs-office-sepamandate-rbac.sql @@ -48,34 +48,34 @@ begin perform rbac.defineRoleWithGrants( - hsOfficeSepaMandateOWNER(NEW), + hs_office.sepamandate_OWNER(NEW), permissions => array['DELETE'], incomingSuperRoles => array[rbac.globalADMIN()], subjectUuids => array[rbac.currentSubjectUuid()] ); perform rbac.defineRoleWithGrants( - hsOfficeSepaMandateADMIN(NEW), + hs_office.sepamandate_ADMIN(NEW), permissions => array['UPDATE'], - incomingSuperRoles => array[hsOfficeSepaMandateOWNER(NEW)] + incomingSuperRoles => array[hs_office.sepamandate_OWNER(NEW)] ); perform rbac.defineRoleWithGrants( - hsOfficeSepaMandateAGENT(NEW), - incomingSuperRoles => array[hsOfficeSepaMandateADMIN(NEW)], + hs_office.sepamandate_AGENT(NEW), + incomingSuperRoles => array[hs_office.sepamandate_ADMIN(NEW)], outgoingSubRoles => array[ - hsOfficeBankAccountREFERRER(newBankAccount), - hsOfficeRelationAGENT(newDebitorRel)] + hs_office.bankaccount_REFERRER(newBankAccount), + hs_office.relation_AGENT(newDebitorRel)] ); perform rbac.defineRoleWithGrants( - hsOfficeSepaMandateREFERRER(NEW), + hs_office.sepamandate_REFERRER(NEW), permissions => array['SELECT'], incomingSuperRoles => array[ - hsOfficeBankAccountADMIN(newBankAccount), - hsOfficeRelationAGENT(newDebitorRel), - hsOfficeSepaMandateAGENT(NEW)], - outgoingSubRoles => array[hsOfficeRelationTENANT(newDebitorRel)] + hs_office.bankaccount_ADMIN(newBankAccount), + hs_office.relation_AGENT(newDebitorRel), + hs_office.sepamandate_AGENT(NEW)], + outgoingSubRoles => array[hs_office.relation_TENANT(newDebitorRel)] ); call rbac.leaveTriggerForObjectUuid(NEW.uuid); @@ -121,7 +121,7 @@ do language plpgsql $$ LOOP call rbac.grantPermissionToRole( rbac.createPermission(row.uuid, 'INSERT', 'hs_office.sepamandate'), - hsOfficeRelationADMIN(row)); + hs_office.relation_ADMIN(row)); END LOOP; end; $$; @@ -137,7 +137,7 @@ begin if NEW.type = 'DEBITOR' then call rbac.grantPermissionToRole( rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office.sepamandate'), - hsOfficeRelationADMIN(NEW)); + hs_office.relation_ADMIN(NEW)); end if; return NEW; end; $$; diff --git a/src/main/resources/db/changelog/5-hs-office/510-membership/5103-hs-office-membership-rbac.sql b/src/main/resources/db/changelog/5-hs-office/510-membership/5103-hs-office-membership-rbac.sql index 8ee6d6e4..855b0870 100644 --- a/src/main/resources/db/changelog/5-hs-office/510-membership/5103-hs-office-membership-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/510-membership/5103-hs-office-membership-rbac.sql @@ -44,25 +44,25 @@ begin perform rbac.defineRoleWithGrants( - hsOfficeMembershipOWNER(NEW), + hs_office.membership_OWNER(NEW), subjectUuids => array[rbac.currentSubjectUuid()] ); perform rbac.defineRoleWithGrants( - hsOfficeMembershipADMIN(NEW), + hs_office.membership_ADMIN(NEW), permissions => array['DELETE', 'UPDATE'], incomingSuperRoles => array[ - hsOfficeMembershipOWNER(NEW), - hsOfficeRelationADMIN(newPartnerRel)] + hs_office.membership_OWNER(NEW), + hs_office.relation_ADMIN(newPartnerRel)] ); perform rbac.defineRoleWithGrants( - hsOfficeMembershipAGENT(NEW), + hs_office.membership_AGENT(NEW), permissions => array['SELECT'], incomingSuperRoles => array[ - hsOfficeMembershipADMIN(NEW), - hsOfficeRelationAGENT(newPartnerRel)], - outgoingSubRoles => array[hsOfficeRelationTENANT(newPartnerRel)] + hs_office.membership_ADMIN(NEW), + hs_office.relation_AGENT(newPartnerRel)], + outgoingSubRoles => array[hs_office.relation_TENANT(newPartnerRel)] ); call rbac.leaveTriggerForObjectUuid(NEW.uuid); diff --git a/src/main/resources/db/changelog/5-hs-office/511-coopshares/5113-hs-office-coopshares-rbac.sql b/src/main/resources/db/changelog/5-hs-office/511-coopshares/5113-hs-office-coopshares-rbac.sql index 83e86775..dabbe8f6 100644 --- a/src/main/resources/db/changelog/5-hs-office/511-coopshares/5113-hs-office-coopshares-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/511-coopshares/5113-hs-office-coopshares-rbac.sql @@ -38,8 +38,8 @@ begin SELECT * FROM hs_office.membership WHERE uuid = NEW.membershipUuid INTO newMembership; assert newMembership.uuid is not null, format('newMembership must not be null for NEW.membershipUuid = %s', NEW.membershipUuid); - call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'SELECT'), hsOfficeMembershipAGENT(newMembership)); - call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'UPDATE'), hsOfficeMembershipADMIN(newMembership)); + call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'SELECT'), hs_office.membership_AGENT(newMembership)); + call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'UPDATE'), hs_office.membership_ADMIN(newMembership)); call rbac.leaveTriggerForObjectUuid(NEW.uuid); end; $$; @@ -84,7 +84,7 @@ do language plpgsql $$ LOOP call rbac.grantPermissionToRole( rbac.createPermission(row.uuid, 'INSERT', 'hs_office.coopsharestransaction'), - hsOfficeMembershipADMIN(row)); + hs_office.membership_ADMIN(row)); END LOOP; end; $$; @@ -100,7 +100,7 @@ begin -- unconditional for all rows in that table call rbac.grantPermissionToRole( rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office.coopsharestransaction'), - hsOfficeMembershipADMIN(NEW)); + hs_office.membership_ADMIN(NEW)); -- end. return NEW; end; $$; diff --git a/src/main/resources/db/changelog/5-hs-office/512-coopassets/5123-hs-office-coopassets-rbac.sql b/src/main/resources/db/changelog/5-hs-office/512-coopassets/5123-hs-office-coopassets-rbac.sql index fcbd5cbc..20530fb9 100644 --- a/src/main/resources/db/changelog/5-hs-office/512-coopassets/5123-hs-office-coopassets-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/512-coopassets/5123-hs-office-coopassets-rbac.sql @@ -38,8 +38,8 @@ begin SELECT * FROM hs_office.membership WHERE uuid = NEW.membershipUuid INTO newMembership; assert newMembership.uuid is not null, format('newMembership must not be null for NEW.membershipUuid = %s', NEW.membershipUuid); - call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'SELECT'), hsOfficeMembershipAGENT(newMembership)); - call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'UPDATE'), hsOfficeMembershipADMIN(newMembership)); + call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'SELECT'), hs_office.membership_AGENT(newMembership)); + call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'UPDATE'), hs_office.membership_ADMIN(newMembership)); call rbac.leaveTriggerForObjectUuid(NEW.uuid); end; $$; @@ -84,7 +84,7 @@ do language plpgsql $$ LOOP call rbac.grantPermissionToRole( rbac.createPermission(row.uuid, 'INSERT', 'hs_office.coopassetstransaction'), - hsOfficeMembershipADMIN(row)); + hs_office.membership_ADMIN(row)); END LOOP; end; $$; @@ -100,7 +100,7 @@ begin -- unconditional for all rows in that table call rbac.grantPermissionToRole( rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office.coopassetstransaction'), - hsOfficeMembershipADMIN(NEW)); + hs_office.membership_ADMIN(NEW)); -- end. return NEW; end; $$; diff --git a/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6203-hs-booking-project-rbac.sql b/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6203-hs-booking-project-rbac.sql index 72809815..7417338e 100644 --- a/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6203-hs-booking-project-rbac.sql +++ b/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6203-hs-booking-project-rbac.sql @@ -48,26 +48,26 @@ begin perform rbac.defineRoleWithGrants( - hsBookingProjectOWNER(NEW), - incomingSuperRoles => array[hsOfficeRelationAGENT(newDebitorRel, rbac.unassumed())] + hs_booking.project_OWNER(NEW), + incomingSuperRoles => array[hs_office.relation_AGENT(newDebitorRel, rbac.unassumed())] ); perform rbac.defineRoleWithGrants( - hsBookingProjectADMIN(NEW), + hs_booking.project_ADMIN(NEW), permissions => array['UPDATE'], - incomingSuperRoles => array[hsBookingProjectOWNER(NEW)] + incomingSuperRoles => array[hs_booking.project_OWNER(NEW)] ); perform rbac.defineRoleWithGrants( - hsBookingProjectAGENT(NEW), - incomingSuperRoles => array[hsBookingProjectADMIN(NEW)] + hs_booking.project_AGENT(NEW), + incomingSuperRoles => array[hs_booking.project_ADMIN(NEW)] ); perform rbac.defineRoleWithGrants( - hsBookingProjectTENANT(NEW), + hs_booking.project_TENANT(NEW), permissions => array['SELECT'], - incomingSuperRoles => array[hsBookingProjectAGENT(NEW)], - outgoingSubRoles => array[hsOfficeRelationTENANT(newDebitorRel)] + incomingSuperRoles => array[hs_booking.project_AGENT(NEW)], + outgoingSubRoles => array[hs_office.relation_TENANT(newDebitorRel)] ); call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'DELETE'), rbac.globalAdmin()); @@ -115,7 +115,7 @@ do language plpgsql $$ LOOP call rbac.grantPermissionToRole( rbac.createPermission(row.uuid, 'INSERT', 'hs_booking.project'), - hsOfficeRelationADMIN(row)); + hs_office.relation_ADMIN(row)); END LOOP; end; $$; @@ -131,7 +131,7 @@ begin if NEW.type = 'DEBITOR' then call rbac.grantPermissionToRole( rbac.createPermission(NEW.uuid, 'INSERT', 'hs_booking.project'), - hsOfficeRelationADMIN(NEW)); + hs_office.relation_ADMIN(NEW)); end if; return NEW; end; $$; diff --git a/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6303-hs-booking-item-rbac.sql b/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6303-hs-booking-item-rbac.sql index 483fcdd3..6a955014 100644 --- a/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6303-hs-booking-item-rbac.sql +++ b/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6303-hs-booking-item-rbac.sql @@ -41,30 +41,30 @@ begin SELECT * FROM hs_booking.item WHERE uuid = NEW.parentItemUuid INTO newParentItem; perform rbac.defineRoleWithGrants( - hsBookingItemOWNER(NEW), + hs_booking.item_OWNER(NEW), incomingSuperRoles => array[ - hsBookingItemAGENT(newParentItem), - hsBookingProjectAGENT(newProject)] + hs_booking.item_AGENT(newParentItem), + hs_booking.project_AGENT(newProject)] ); perform rbac.defineRoleWithGrants( - hsBookingItemADMIN(NEW), + hs_booking.item_ADMIN(NEW), permissions => array['UPDATE'], - incomingSuperRoles => array[hsBookingItemOWNER(NEW)] + incomingSuperRoles => array[hs_booking.item_OWNER(NEW)] ); perform rbac.defineRoleWithGrants( - hsBookingItemAGENT(NEW), - incomingSuperRoles => array[hsBookingItemADMIN(NEW)] + hs_booking.item_AGENT(NEW), + incomingSuperRoles => array[hs_booking.item_ADMIN(NEW)] ); perform rbac.defineRoleWithGrants( - hsBookingItemTENANT(NEW), + hs_booking.item_TENANT(NEW), permissions => array['SELECT'], - incomingSuperRoles => array[hsBookingItemAGENT(NEW)], + incomingSuperRoles => array[hs_booking.item_AGENT(NEW)], outgoingSubRoles => array[ - hsBookingItemTENANT(newParentItem), - hsBookingProjectTENANT(newProject)] + hs_booking.item_TENANT(newParentItem), + hs_booking.project_TENANT(newProject)] ); @@ -157,7 +157,7 @@ do language plpgsql $$ LOOP call rbac.grantPermissionToRole( rbac.createPermission(row.uuid, 'INSERT', 'hs_booking.item'), - hsBookingProjectADMIN(row)); + hs_booking.project_ADMIN(row)); END LOOP; end; $$; @@ -173,7 +173,7 @@ begin -- unconditional for all rows in that table call rbac.grantPermissionToRole( rbac.createPermission(NEW.uuid, 'INSERT', 'hs_booking.item'), - hsBookingProjectADMIN(NEW)); + hs_booking.project_ADMIN(NEW)); -- end. return NEW; end; $$; @@ -200,7 +200,7 @@ begin -- unconditional for all rows in that table call rbac.grantPermissionToRole( rbac.createPermission(NEW.uuid, 'INSERT', 'hs_booking.item'), - hsBookingItemADMIN(NEW)); + hs_booking.item_ADMIN(NEW)); -- end. return NEW; end; $$; diff --git a/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7013-hs-hosting-asset-rbac.sql b/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7013-hs-hosting-asset-rbac.sql index ef7849db..fc3492c7 100644 --- a/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7013-hs-hosting-asset-rbac.sql +++ b/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7013-hs-hosting-asset-rbac.sql @@ -47,43 +47,43 @@ begin SELECT * FROM hs_hosting.asset WHERE uuid = NEW.parentAssetUuid INTO newParentAsset; perform rbac.defineRoleWithGrants( - hsHostingAssetOWNER(NEW), + hs_hosting.asset_OWNER(NEW), permissions => array['DELETE'], incomingSuperRoles => array[ - hsBookingItemADMIN(newBookingItem), - hsHostingAssetADMIN(newParentAsset), + hs_booking.item_ADMIN(newBookingItem), + hs_hosting.asset_ADMIN(newParentAsset), rbac.globalADMIN(rbac.unassumed())], subjectUuids => array[rbac.currentSubjectUuid()] ); perform rbac.defineRoleWithGrants( - hsHostingAssetADMIN(NEW), + hs_hosting.asset_ADMIN(NEW), permissions => array['UPDATE'], incomingSuperRoles => array[ - hsBookingItemAGENT(newBookingItem), - hsHostingAssetAGENT(newParentAsset), - hsHostingAssetOWNER(NEW)] + hs_booking.item_AGENT(newBookingItem), + hs_hosting.asset_AGENT(newParentAsset), + hs_hosting.asset_OWNER(NEW)] ); perform rbac.defineRoleWithGrants( - hsHostingAssetAGENT(NEW), + hs_hosting.asset_AGENT(NEW), incomingSuperRoles => array[ - hsHostingAssetADMIN(NEW), - hsHostingAssetAGENT(newAssignedToAsset)], + hs_hosting.asset_ADMIN(NEW), + hs_hosting.asset_AGENT(newAssignedToAsset)], outgoingSubRoles => array[ - hsHostingAssetTENANT(newAssignedToAsset), - hsOfficeContactREFERRER(newAlarmContact)] + hs_hosting.asset_TENANT(newAssignedToAsset), + hs_office.contact_REFERRER(newAlarmContact)] ); perform rbac.defineRoleWithGrants( - hsHostingAssetTENANT(NEW), + hs_hosting.asset_TENANT(NEW), permissions => array['SELECT'], incomingSuperRoles => array[ - hsHostingAssetAGENT(NEW), - hsOfficeContactADMIN(newAlarmContact)], + hs_hosting.asset_AGENT(NEW), + hs_office.contact_ADMIN(newAlarmContact)], outgoingSubRoles => array[ - hsBookingItemTENANT(newBookingItem), - hsHostingAssetTENANT(newParentAsset)] + hs_booking.item_TENANT(newBookingItem), + hs_hosting.asset_TENANT(newParentAsset)] ); IF NEW.type = 'DOMAIN_SETUP' THEN diff --git a/src/test/resources/application.yml b/src/test/resources/application.yml index b4945a0f..923c62e9 100644 --- a/src/test/resources/application.yml +++ b/src/test/resources/application.yml @@ -7,7 +7,7 @@ spring: url-tc: jdbc:tc:postgresql:15.5-bookworm:///spring_boot_testcontainers url-tcx: jdbc:tc:postgresql:15.5-bookworm:///spring_boot_testcontainers?TC_REUSABLE=true&TC_DAEMON=true url-local: jdbc:postgresql://localhost:5432/postgres - url: ${spring.datasource.url-local} + url: ${spring.datasource.url-tc} username: postgres password: password