rename customerOwner -> rbactest.customer_OWNER etc.

doc/rbac-performance-analysis.md

@@ -338,8 +338,8 @@ Now, the longest running queries are these:
 |  6 | 123.740 |       3 |       2 | with recursive grants as ( select descendantUuid, ascendantUuid from RbacGrants where descendantUuid = grantedId union all select "grant".descendantUuid, "grant".ascendantUuid from RbacGrants "grant" inner join grants recur on recur.ascendantUuid = "grant".descendantUuid ) select exists ( select $3 from grants where ascendantUuid = any(granteeIds) ) or grantedId = any(granteeIds) |
 |  7 | 497     |       2 |     259 | select hoce1_0.uuid,hoce1_0.caption,hoce1_0.emailaddresses,hoce1_0.phonenumbers,hoce1_0.postaladdress,hoce1_0.version from public.hs_office.contact_rv hoce1_0 where hoce1_0.uuid=$1                                                                                                                                                                                                           |
 |  8 | 497     |       2 |     255 | select hope1_0.uuid,hope1_0.familyname,hope1_0.givenname,hope1_0.persontype,hope1_0.salutation,hope1_0.title,hope1_0.tradename,hope1_0.version from public.hs_office.person_rv hope1_0 where hope1_0.uuid=$1                                                                                                                                                                                   |
-|  9 | 13.144  |       1 |       8 | SELECT createRoleWithGrants( hsHostingAssetTENANT(NEW), permissions => array[$7], incomingSuperRoles => array[ hsHostingAssetAGENT(NEW), hsOfficeContactADMIN(newAlarmContact)], outgoingSubRoles => array[ hsBookingItemTENANT(newBookingItem), hsHostingAssetTENANT(newParentAsset)] ) |
+|  9 | 13.144  |       1 |       8 | SELECT createRoleWithGrants( hs_hosting.asset_TENANT(NEW), permissions => array[$7], incomingSuperRoles => array[ hs_hosting.asset_AGENT(NEW), hs_office.contact_ADMIN(newAlarmContact)], outgoingSubRoles => array[ hs_booking.item_TENANT(newBookingItem), hs_hosting.asset_TENANT(newParentAsset)] ) |
-| 10 |  13.144 |       1 |       5 |  SELECT createRoleWithGrants( hsHostingAssetADMIN(NEW), permissions => array[$7], incomingSuperRoles => array[ hsBookingItemAGENT(newBookingItem), hsHostingAssetAGENT(newParentAsset), hsHostingAssetOWNER(NEW)] ) |
+| 10 |  13.144 |       1 |       5 |  SELECT createRoleWithGrants( hs_hosting.asset_ADMIN(NEW), permissions => array[$7], incomingSuperRoles => array[ hs_booking.item_AGENT(newBookingItem), hs_hosting.asset_AGENT(newParentAsset), hs_hosting.asset_OWNER(NEW)] ) |
 
 That the `INSERT into hs_hosting.asset` (No. 1) takes up the most time, seems to be normal, and 21ms for each call is also fine.
 

src/main/resources/db/changelog/1-rbac/1058-rbac-generators.sql

@@ -105,7 +105,6 @@ begin
         end; $f$;
 
         $sql$, targetTable);
-    raise exception 'generated-SQL: %', sql;
     execute sql;
 end; $$;
 --//

src/main/resources/db/changelog/2-rbactest/201-rbactest-customer/2013-rbactest-customer-rbac.sql

@@ -35,22 +35,22 @@ begin
     call rbac.enterTriggerForObjectUuid(NEW.uuid);
 
     perform rbac.defineRoleWithGrants(
-        testCustomerOWNER(NEW),
+        rbactest.customer_OWNER(NEW),
             permissions => array['DELETE'],
             incomingSuperRoles => array[rbac.globalADMIN(rbac.unassumed())],
             subjectUuids => array[rbac.currentSubjectUuid()]
     );
 
     perform rbac.defineRoleWithGrants(
-        testCustomerADMIN(NEW),
+        rbactest.customer_ADMIN(NEW),
             permissions => array['UPDATE'],
-            incomingSuperRoles => array[testCustomerOWNER(NEW)]
+            incomingSuperRoles => array[rbactest.customer_OWNER(NEW)]
     );
 
     perform rbac.defineRoleWithGrants(
-        testCustomerTENANT(NEW),
+        rbactest.customer_TENANT(NEW),
             permissions => array['SELECT'],
-            incomingSuperRoles => array[testCustomerADMIN(NEW)]
+            incomingSuperRoles => array[rbactest.customer_ADMIN(NEW)]
     );
 
     call rbac.leaveTriggerForObjectUuid(NEW.uuid);

src/main/resources/db/changelog/2-rbactest/201-rbactest-customer/2018-rbactest-customer-test-data.sql

@@ -41,8 +41,8 @@ begin
     select * into newCust
              from rbactest.customer where reference=custReference;
     call rbac.grantRoleToSubject(
-            rbac.getRoleId(testCustomerOwner(newCust)),
+            rbac.getRoleId(rbactest.customer_OWNER(newCust)),
-            rbac.getRoleId(testCustomerAdmin(newCust)),
+            rbac.getRoleId(rbactest.customer_ADMIN(newCust)),
             custAdminUuid,
             true);
 end; $$;

src/main/resources/db/changelog/2-rbactest/202-rbactest-package/2023-rbactest-package-rbac.sql

@@ -40,21 +40,21 @@ begin
 
 
     perform rbac.defineRoleWithGrants(
-        testPackageOWNER(NEW),
+        rbactest.package_OWNER(NEW),
             permissions => array['DELETE', 'UPDATE'],
-            incomingSuperRoles => array[testCustomerADMIN(newCustomer)]
+            incomingSuperRoles => array[rbactest.customer_ADMIN(newCustomer)]
     );
 
     perform rbac.defineRoleWithGrants(
-        testPackageADMIN(NEW),
+        rbactest.package_ADMIN(NEW),
-            incomingSuperRoles => array[testPackageOWNER(NEW)]
+            incomingSuperRoles => array[rbactest.package_OWNER(NEW)]
     );
 
     perform rbac.defineRoleWithGrants(
-        testPackageTENANT(NEW),
+        rbactest.package_TENANT(NEW),
             permissions => array['SELECT'],
-            incomingSuperRoles => array[testPackageADMIN(NEW)],
+            incomingSuperRoles => array[rbactest.package_ADMIN(NEW)],
-            outgoingSubRoles => array[testCustomerTENANT(newCustomer)]
+            outgoingSubRoles => array[rbactest.customer_TENANT(newCustomer)]
     );
 
     call rbac.leaveTriggerForObjectUuid(NEW.uuid);
@@ -110,11 +110,11 @@ begin
 
     if NEW.customerUuid <> OLD.customerUuid then
 
-        call rbac.revokeRoleFromRole(testPackageOWNER(OLD), testCustomerADMIN(oldCustomer));
+        call rbac.revokeRoleFromRole(rbactest.package_OWNER(OLD), rbactest.customer_ADMIN(oldCustomer));
-        call rbac.grantRoleToRole(testPackageOWNER(NEW), testCustomerADMIN(newCustomer));
+        call rbac.grantRoleToRole(rbactest.package_OWNER(NEW), rbactest.customer_ADMIN(newCustomer));
 
-        call rbac.revokeRoleFromRole(testCustomerTENANT(oldCustomer), testPackageTENANT(OLD));
+        call rbac.revokeRoleFromRole(rbactest.customer_TENANT(oldCustomer), rbactest.package_TENANT(OLD));
-        call rbac.grantRoleToRole(testCustomerTENANT(newCustomer), testPackageTENANT(NEW));
+        call rbac.grantRoleToRole(rbactest.customer_TENANT(newCustomer), rbactest.package_TENANT(NEW));
 
     end if;
 
@@ -161,7 +161,7 @@ do language plpgsql $$
             LOOP
                 call rbac.grantPermissionToRole(
                         rbac.createPermission(row.uuid, 'INSERT', 'rbactest.package'),
-                        testCustomerADMIN(row));
+                        rbactest.customer_ADMIN(row));
             END LOOP;
     end;
 $$;
@@ -177,7 +177,7 @@ begin
     -- unconditional for all rows in that table
         call rbac.grantPermissionToRole(
             rbac.createPermission(NEW.uuid, 'INSERT', 'rbactest.package'),
-            testCustomerADMIN(NEW));
+            rbactest.customer_ADMIN(NEW));
     -- end.
     return NEW;
 end; $$;

src/main/resources/db/changelog/2-rbactest/202-rbactest-package/2028-rbactest-package-test-data.sql

@@ -30,8 +30,8 @@ begin
                 returning * into pac;
 
             call rbac.grantRoleToSubject(
-                    rbac.getRoleId(testCustomerAdmin(cust)),
+                    rbac.getRoleId(rbactest.customer_ADMIN(cust)),
-                    rbac.findRoleId(testPackageAdmin(pac)),
+                    rbac.findRoleId(rbactest.package_ADMIN(pac)),
                     rbac.create_subject('pac-admin-' || pacName || '@' || cust.prefix || '.example.com'),
                     true);
 

src/main/resources/db/changelog/2-rbactest/203-rbactest-domain/2033-rbactest-domain-rbac.sql

@@ -40,17 +40,17 @@ begin
 
 
     perform rbac.defineRoleWithGrants(
-        testDomainOWNER(NEW),
+        rbactest.domain_OWNER(NEW),
             permissions => array['DELETE', 'UPDATE'],
-            incomingSuperRoles => array[testPackageADMIN(newPackage)],
+            incomingSuperRoles => array[rbactest.package_ADMIN(newPackage)],
-            outgoingSubRoles => array[testPackageTENANT(newPackage)]
+            outgoingSubRoles => array[rbactest.package_TENANT(newPackage)]
     );
 
     perform rbac.defineRoleWithGrants(
-        testDomainADMIN(NEW),
+        rbactest.domain_ADMIN(NEW),
             permissions => array['SELECT'],
-            incomingSuperRoles => array[testDomainOWNER(NEW)],
+            incomingSuperRoles => array[rbactest.domain_OWNER(NEW)],
-            outgoingSubRoles => array[testPackageTENANT(newPackage)]
+            outgoingSubRoles => array[rbactest.package_TENANT(newPackage)]
     );
 
     call rbac.leaveTriggerForObjectUuid(NEW.uuid);
@@ -106,14 +106,14 @@ begin
 
     if NEW.packageUuid <> OLD.packageUuid then
 
-        call rbac.revokeRoleFromRole(testDomainOWNER(OLD), testPackageADMIN(oldPackage));
+        call rbac.revokeRoleFromRole(rbactest.domain_OWNER(OLD), rbactest.package_ADMIN(oldPackage));
-        call rbac.grantRoleToRole(testDomainOWNER(NEW), testPackageADMIN(newPackage));
+        call rbac.grantRoleToRole(rbactest.domain_OWNER(NEW), rbactest.package_ADMIN(newPackage));
 
-        call rbac.revokeRoleFromRole(testPackageTENANT(oldPackage), testDomainOWNER(OLD));
+        call rbac.revokeRoleFromRole(rbactest.package_TENANT(oldPackage), rbactest.domain_OWNER(OLD));
-        call rbac.grantRoleToRole(testPackageTENANT(newPackage), testDomainOWNER(NEW));
+        call rbac.grantRoleToRole(rbactest.package_TENANT(newPackage), rbactest.domain_OWNER(NEW));
 
-        call rbac.revokeRoleFromRole(testPackageTENANT(oldPackage), testDomainADMIN(OLD));
+        call rbac.revokeRoleFromRole(rbactest.package_TENANT(oldPackage), rbactest.domain_ADMIN(OLD));
-        call rbac.grantRoleToRole(testPackageTENANT(newPackage), testDomainADMIN(NEW));
+        call rbac.grantRoleToRole(rbactest.package_TENANT(newPackage), rbactest.domain_ADMIN(NEW));
 
     end if;
 
@@ -160,7 +160,7 @@ do language plpgsql $$
             LOOP
                 call rbac.grantPermissionToRole(
                         rbac.createPermission(row.uuid, 'INSERT', 'rbactest.domain'),
-                        testPackageADMIN(row));
+                        rbactest.package_ADMIN(row));
             END LOOP;
     end;
 $$;
@@ -176,7 +176,7 @@ begin
     -- unconditional for all rows in that table
         call rbac.grantPermissionToRole(
             rbac.createPermission(NEW.uuid, 'INSERT', 'rbactest.domain'),
-            testPackageADMIN(NEW));
+            rbactest.package_ADMIN(NEW));
     -- end.
     return NEW;
 end; $$;

src/main/resources/db/changelog/5-hs-office/501-contact/5013-hs-office-contact-rbac.sql

@@ -35,22 +35,22 @@ begin
     call rbac.enterTriggerForObjectUuid(NEW.uuid);
 
     perform rbac.defineRoleWithGrants(
-        hsOfficeContactOWNER(NEW),
+        hs_office.contact_OWNER(NEW),
             permissions => array['DELETE'],
             incomingSuperRoles => array[rbac.globalADMIN()],
             subjectUuids => array[rbac.currentSubjectUuid()]
     );
 
     perform rbac.defineRoleWithGrants(
-        hsOfficeContactADMIN(NEW),
+        hs_office.contact_ADMIN(NEW),
             permissions => array['UPDATE'],
-            incomingSuperRoles => array[hsOfficeContactOWNER(NEW)]
+            incomingSuperRoles => array[hs_office.contact_OWNER(NEW)]
     );
 
     perform rbac.defineRoleWithGrants(
-        hsOfficeContactREFERRER(NEW),
+        hs_office.contact_REFERRER(NEW),
             permissions => array['SELECT'],
-            incomingSuperRoles => array[hsOfficeContactADMIN(NEW)]
+            incomingSuperRoles => array[hs_office.contact_ADMIN(NEW)]
     );
 
     call rbac.leaveTriggerForObjectUuid(NEW.uuid);

src/main/resources/db/changelog/5-hs-office/502-person/5023-hs-office-person-rbac.sql

@@ -35,22 +35,22 @@ begin
     call rbac.enterTriggerForObjectUuid(NEW.uuid);
 
     perform rbac.defineRoleWithGrants(
-        hsOfficePersonOWNER(NEW),
+        hs_office.person_OWNER(NEW),
             permissions => array['DELETE'],
             incomingSuperRoles => array[rbac.globalADMIN()],
             subjectUuids => array[rbac.currentSubjectUuid()]
     );
 
     perform rbac.defineRoleWithGrants(
-        hsOfficePersonADMIN(NEW),
+        hs_office.person_ADMIN(NEW),
             permissions => array['UPDATE'],
-            incomingSuperRoles => array[hsOfficePersonOWNER(NEW)]
+            incomingSuperRoles => array[hs_office.person_OWNER(NEW)]
     );
 
     perform rbac.defineRoleWithGrants(
-        hsOfficePersonREFERRER(NEW),
+        hs_office.person_REFERRER(NEW),
             permissions => array['SELECT'],
-            incomingSuperRoles => array[hsOfficePersonADMIN(NEW)]
+            incomingSuperRoles => array[hs_office.person_ADMIN(NEW)]
     );
 
     call rbac.leaveTriggerForObjectUuid(NEW.uuid);

src/main/resources/db/changelog/5-hs-office/503-relation/5033-hs-office-relation-rbac.sql

@@ -48,42 +48,42 @@ begin
 
 
     perform rbac.defineRoleWithGrants(
-        hsOfficeRelationOWNER(NEW),
+        hs_office.relation_OWNER(NEW),
             permissions => array['DELETE'],
             incomingSuperRoles => array[rbac.globalADMIN()],
             subjectUuids => array[rbac.currentSubjectUuid()]
     );
 
     perform rbac.defineRoleWithGrants(
-        hsOfficeRelationADMIN(NEW),
+        hs_office.relation_ADMIN(NEW),
             permissions => array['UPDATE'],
-            incomingSuperRoles => array[hsOfficeRelationOWNER(NEW)]
+            incomingSuperRoles => array[hs_office.relation_OWNER(NEW)]
     );
 
     perform rbac.defineRoleWithGrants(
-        hsOfficeRelationAGENT(NEW),
+        hs_office.relation_AGENT(NEW),
-            incomingSuperRoles => array[hsOfficeRelationADMIN(NEW)]
+            incomingSuperRoles => array[hs_office.relation_ADMIN(NEW)]
     );
 
     perform rbac.defineRoleWithGrants(
-        hsOfficeRelationTENANT(NEW),
+        hs_office.relation_TENANT(NEW),
             permissions => array['SELECT'],
             incomingSuperRoles => array[
-            	hsOfficeContactADMIN(newContact),
+            	hs_office.contact_ADMIN(newContact),
-            	hsOfficeRelationAGENT(NEW)],
+            	hs_office.relation_AGENT(NEW)],
             outgoingSubRoles => array[
-            	hsOfficeContactREFERRER(newContact),
+            	hs_office.contact_REFERRER(newContact),
-            	hsOfficePersonREFERRER(newAnchorPerson),
+            	hs_office.person_REFERRER(newAnchorPerson),
-            	hsOfficePersonREFERRER(newHolderPerson)]
+            	hs_office.person_REFERRER(newHolderPerson)]
     );
 
     IF NEW.type = 'REPRESENTATIVE' THEN
-        call rbac.grantRoleToRole(hsOfficePersonOWNER(newAnchorPerson), hsOfficeRelationADMIN(NEW));
+        call rbac.grantRoleToRole(hs_office.person_OWNER(newAnchorPerson), hs_office.relation_ADMIN(NEW));
-        call rbac.grantRoleToRole(hsOfficeRelationAGENT(NEW), hsOfficePersonADMIN(newAnchorPerson));
+        call rbac.grantRoleToRole(hs_office.relation_AGENT(NEW), hs_office.person_ADMIN(newAnchorPerson));
-        call rbac.grantRoleToRole(hsOfficeRelationOWNER(NEW), hsOfficePersonADMIN(newHolderPerson));
+        call rbac.grantRoleToRole(hs_office.relation_OWNER(NEW), hs_office.person_ADMIN(newHolderPerson));
     ELSE
-        call rbac.grantRoleToRole(hsOfficeRelationAGENT(NEW), hsOfficePersonADMIN(newHolderPerson));
+        call rbac.grantRoleToRole(hs_office.relation_AGENT(NEW), hs_office.person_ADMIN(newHolderPerson));
-        call rbac.grantRoleToRole(hsOfficeRelationOWNER(NEW), hsOfficePersonADMIN(newAnchorPerson));
+        call rbac.grantRoleToRole(hs_office.relation_OWNER(NEW), hs_office.person_ADMIN(newAnchorPerson));
     END IF;
 
     call rbac.leaveTriggerForObjectUuid(NEW.uuid);
@@ -170,7 +170,7 @@ do language plpgsql $$
             LOOP
                 call rbac.grantPermissionToRole(
                         rbac.createPermission(row.uuid, 'INSERT', 'hs_office.relation'),
-                        hsOfficePersonADMIN(row));
+                        hs_office.person_ADMIN(row));
             END LOOP;
     end;
 $$;
@@ -186,7 +186,7 @@ begin
     -- unconditional for all rows in that table
         call rbac.grantPermissionToRole(
             rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office.relation'),
-            hsOfficePersonADMIN(NEW));
+            hs_office.person_ADMIN(NEW));
     -- end.
     return NEW;
 end; $$;

src/main/resources/db/changelog/5-hs-office/504-partner/5043-hs-office-partner-rbac.sql

@@ -42,12 +42,12 @@ begin
     SELECT * FROM hs_office.partner_details WHERE uuid = NEW.detailsUuid    INTO newPartnerDetails;
     assert newPartnerDetails.uuid is not null, format('newPartnerDetails must not be null for NEW.detailsUuid = %s', NEW.detailsUuid);
 
-    call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'DELETE'), hsOfficeRelationOWNER(newPartnerRel));
+    call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'DELETE'), hs_office.relation_OWNER(newPartnerRel));
-    call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'SELECT'), hsOfficeRelationTENANT(newPartnerRel));
+    call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'SELECT'), hs_office.relation_TENANT(newPartnerRel));
-    call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'UPDATE'), hsOfficeRelationADMIN(newPartnerRel));
+    call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'UPDATE'), hs_office.relation_ADMIN(newPartnerRel));
-    call rbac.grantPermissionToRole(rbac.createPermission(newPartnerDetails.uuid, 'DELETE'), hsOfficeRelationOWNER(newPartnerRel));
+    call rbac.grantPermissionToRole(rbac.createPermission(newPartnerDetails.uuid, 'DELETE'), hs_office.relation_OWNER(newPartnerRel));
-    call rbac.grantPermissionToRole(rbac.createPermission(newPartnerDetails.uuid, 'SELECT'), hsOfficeRelationAGENT(newPartnerRel));
+    call rbac.grantPermissionToRole(rbac.createPermission(newPartnerDetails.uuid, 'SELECT'), hs_office.relation_AGENT(newPartnerRel));
-    call rbac.grantPermissionToRole(rbac.createPermission(newPartnerDetails.uuid, 'UPDATE'), hsOfficeRelationAGENT(newPartnerRel));
+    call rbac.grantPermissionToRole(rbac.createPermission(newPartnerDetails.uuid, 'UPDATE'), hs_office.relation_AGENT(newPartnerRel));
 
     call rbac.leaveTriggerForObjectUuid(NEW.uuid);
 end; $$;
@@ -110,23 +110,23 @@ begin
 
     if NEW.partnerRelUuid <> OLD.partnerRelUuid then
 
-        call rbac.revokePermissionFromRole(rbac.getPermissionId(OLD.uuid, 'DELETE'), hsOfficeRelationOWNER(oldPartnerRel));
+        call rbac.revokePermissionFromRole(rbac.getPermissionId(OLD.uuid, 'DELETE'), hs_office.relation_OWNER(oldPartnerRel));
-        call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'DELETE'), hsOfficeRelationOWNER(newPartnerRel));
+        call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'DELETE'), hs_office.relation_OWNER(newPartnerRel));
 
-        call rbac.revokePermissionFromRole(rbac.getPermissionId(OLD.uuid, 'UPDATE'), hsOfficeRelationADMIN(oldPartnerRel));
+        call rbac.revokePermissionFromRole(rbac.getPermissionId(OLD.uuid, 'UPDATE'), hs_office.relation_ADMIN(oldPartnerRel));
-        call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'UPDATE'), hsOfficeRelationADMIN(newPartnerRel));
+        call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'UPDATE'), hs_office.relation_ADMIN(newPartnerRel));
 
-        call rbac.revokePermissionFromRole(rbac.getPermissionId(OLD.uuid, 'SELECT'), hsOfficeRelationTENANT(oldPartnerRel));
+        call rbac.revokePermissionFromRole(rbac.getPermissionId(OLD.uuid, 'SELECT'), hs_office.relation_TENANT(oldPartnerRel));
-        call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'SELECT'), hsOfficeRelationTENANT(newPartnerRel));
+        call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'SELECT'), hs_office.relation_TENANT(newPartnerRel));
 
-        call rbac.revokePermissionFromRole(rbac.getPermissionId(oldPartnerDetails.uuid, 'DELETE'), hsOfficeRelationOWNER(oldPartnerRel));
+        call rbac.revokePermissionFromRole(rbac.getPermissionId(oldPartnerDetails.uuid, 'DELETE'), hs_office.relation_OWNER(oldPartnerRel));
-        call rbac.grantPermissionToRole(rbac.createPermission(newPartnerDetails.uuid, 'DELETE'), hsOfficeRelationOWNER(newPartnerRel));
+        call rbac.grantPermissionToRole(rbac.createPermission(newPartnerDetails.uuid, 'DELETE'), hs_office.relation_OWNER(newPartnerRel));
 
-        call rbac.revokePermissionFromRole(rbac.getPermissionId(oldPartnerDetails.uuid, 'UPDATE'), hsOfficeRelationAGENT(oldPartnerRel));
+        call rbac.revokePermissionFromRole(rbac.getPermissionId(oldPartnerDetails.uuid, 'UPDATE'), hs_office.relation_AGENT(oldPartnerRel));
-        call rbac.grantPermissionToRole(rbac.createPermission(newPartnerDetails.uuid, 'UPDATE'), hsOfficeRelationAGENT(newPartnerRel));
+        call rbac.grantPermissionToRole(rbac.createPermission(newPartnerDetails.uuid, 'UPDATE'), hs_office.relation_AGENT(newPartnerRel));
 
-        call rbac.revokePermissionFromRole(rbac.getPermissionId(oldPartnerDetails.uuid, 'SELECT'), hsOfficeRelationAGENT(oldPartnerRel));
+        call rbac.revokePermissionFromRole(rbac.getPermissionId(oldPartnerDetails.uuid, 'SELECT'), hs_office.relation_AGENT(oldPartnerRel));
-        call rbac.grantPermissionToRole(rbac.createPermission(newPartnerDetails.uuid, 'SELECT'), hsOfficeRelationAGENT(newPartnerRel));
+        call rbac.grantPermissionToRole(rbac.createPermission(newPartnerDetails.uuid, 'SELECT'), hs_office.relation_AGENT(newPartnerRel));
 
     end if;
 

src/main/resources/db/changelog/5-hs-office/505-bankaccount/5053-hs-office-bankaccount-rbac.sql

@@ -35,22 +35,22 @@ begin
     call rbac.enterTriggerForObjectUuid(NEW.uuid);
 
     perform rbac.defineRoleWithGrants(
-        hsOfficeBankAccountOWNER(NEW),
+        hs_office.bankaccount_OWNER(NEW),
             permissions => array['DELETE'],
             incomingSuperRoles => array[rbac.globalADMIN()],
             subjectUuids => array[rbac.currentSubjectUuid()]
     );
 
     perform rbac.defineRoleWithGrants(
-        hsOfficeBankAccountADMIN(NEW),
+        hs_office.bankaccount_ADMIN(NEW),
             permissions => array['UPDATE'],
-            incomingSuperRoles => array[hsOfficeBankAccountOWNER(NEW)]
+            incomingSuperRoles => array[hs_office.bankaccount_OWNER(NEW)]
     );
 
     perform rbac.defineRoleWithGrants(
-        hsOfficeBankAccountREFERRER(NEW),
+        hs_office.bankaccount_REFERRER(NEW),
             permissions => array['SELECT'],
-            incomingSuperRoles => array[hsOfficeBankAccountADMIN(NEW)]
+            incomingSuperRoles => array[hs_office.bankaccount_ADMIN(NEW)]
     );
 
     call rbac.leaveTriggerForObjectUuid(NEW.uuid);

src/main/resources/db/changelog/5-hs-office/506-debitor/5063-hs-office-debitor-rbac.sql

@@ -51,15 +51,15 @@ begin
 
     SELECT * FROM hs_office.bankaccount WHERE uuid = NEW.refundBankAccountUuid    INTO newRefundBankAccount;
 
-    call rbac.grantRoleToRole(hsOfficeBankAccountREFERRER(newRefundBankAccount), hsOfficeRelationAGENT(newDebitorRel));
+    call rbac.grantRoleToRole(hs_office.bankaccount_REFERRER(newRefundBankAccount), hs_office.relation_AGENT(newDebitorRel));
-    call rbac.grantRoleToRole(hsOfficeRelationADMIN(newDebitorRel), hsOfficeRelationADMIN(newPartnerRel));
+    call rbac.grantRoleToRole(hs_office.relation_ADMIN(newDebitorRel), hs_office.relation_ADMIN(newPartnerRel));
-    call rbac.grantRoleToRole(hsOfficeRelationAGENT(newDebitorRel), hsOfficeBankAccountADMIN(newRefundBankAccount));
+    call rbac.grantRoleToRole(hs_office.relation_AGENT(newDebitorRel), hs_office.bankaccount_ADMIN(newRefundBankAccount));
-    call rbac.grantRoleToRole(hsOfficeRelationAGENT(newDebitorRel), hsOfficeRelationAGENT(newPartnerRel));
+    call rbac.grantRoleToRole(hs_office.relation_AGENT(newDebitorRel), hs_office.relation_AGENT(newPartnerRel));
-    call rbac.grantRoleToRole(hsOfficeRelationTENANT(newPartnerRel), hsOfficeRelationAGENT(newDebitorRel));
+    call rbac.grantRoleToRole(hs_office.relation_TENANT(newPartnerRel), hs_office.relation_AGENT(newDebitorRel));
 
-    call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'DELETE'), hsOfficeRelationOWNER(newDebitorRel));
+    call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'DELETE'), hs_office.relation_OWNER(newDebitorRel));
-    call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'SELECT'), hsOfficeRelationTENANT(newDebitorRel));
+    call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'SELECT'), hs_office.relation_TENANT(newDebitorRel));
-    call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'UPDATE'), hsOfficeRelationADMIN(newDebitorRel));
+    call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'UPDATE'), hs_office.relation_ADMIN(newDebitorRel));
 
     call rbac.leaveTriggerForObjectUuid(NEW.uuid);
 end; $$;

src/main/resources/db/changelog/5-hs-office/507-sepamandate/5073-hs-office-sepamandate-rbac.sql

@@ -48,34 +48,34 @@ begin
 
 
     perform rbac.defineRoleWithGrants(
-        hsOfficeSepaMandateOWNER(NEW),
+        hs_office.sepamandate_OWNER(NEW),
             permissions => array['DELETE'],
             incomingSuperRoles => array[rbac.globalADMIN()],
             subjectUuids => array[rbac.currentSubjectUuid()]
     );
 
     perform rbac.defineRoleWithGrants(
-        hsOfficeSepaMandateADMIN(NEW),
+        hs_office.sepamandate_ADMIN(NEW),
             permissions => array['UPDATE'],
-            incomingSuperRoles => array[hsOfficeSepaMandateOWNER(NEW)]
+            incomingSuperRoles => array[hs_office.sepamandate_OWNER(NEW)]
     );
 
     perform rbac.defineRoleWithGrants(
-        hsOfficeSepaMandateAGENT(NEW),
+        hs_office.sepamandate_AGENT(NEW),
-            incomingSuperRoles => array[hsOfficeSepaMandateADMIN(NEW)],
+            incomingSuperRoles => array[hs_office.sepamandate_ADMIN(NEW)],
             outgoingSubRoles => array[
-            	hsOfficeBankAccountREFERRER(newBankAccount),
+            	hs_office.bankaccount_REFERRER(newBankAccount),
-            	hsOfficeRelationAGENT(newDebitorRel)]
+            	hs_office.relation_AGENT(newDebitorRel)]
     );
 
     perform rbac.defineRoleWithGrants(
-        hsOfficeSepaMandateREFERRER(NEW),
+        hs_office.sepamandate_REFERRER(NEW),
             permissions => array['SELECT'],
             incomingSuperRoles => array[
-            	hsOfficeBankAccountADMIN(newBankAccount),
+            	hs_office.bankaccount_ADMIN(newBankAccount),
-            	hsOfficeRelationAGENT(newDebitorRel),
+            	hs_office.relation_AGENT(newDebitorRel),
-            	hsOfficeSepaMandateAGENT(NEW)],
+            	hs_office.sepamandate_AGENT(NEW)],
-            outgoingSubRoles => array[hsOfficeRelationTENANT(newDebitorRel)]
+            outgoingSubRoles => array[hs_office.relation_TENANT(newDebitorRel)]
     );
 
     call rbac.leaveTriggerForObjectUuid(NEW.uuid);
@@ -121,7 +121,7 @@ do language plpgsql $$
             LOOP
                 call rbac.grantPermissionToRole(
                         rbac.createPermission(row.uuid, 'INSERT', 'hs_office.sepamandate'),
-                        hsOfficeRelationADMIN(row));
+                        hs_office.relation_ADMIN(row));
             END LOOP;
     end;
 $$;
@@ -137,7 +137,7 @@ begin
     if NEW.type = 'DEBITOR' then
         call rbac.grantPermissionToRole(
             rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office.sepamandate'),
-            hsOfficeRelationADMIN(NEW));
+            hs_office.relation_ADMIN(NEW));
     end if;
     return NEW;
 end; $$;

src/main/resources/db/changelog/5-hs-office/510-membership/5103-hs-office-membership-rbac.sql

@@ -44,25 +44,25 @@ begin
 
 
     perform rbac.defineRoleWithGrants(
-        hsOfficeMembershipOWNER(NEW),
+        hs_office.membership_OWNER(NEW),
             subjectUuids => array[rbac.currentSubjectUuid()]
     );
 
     perform rbac.defineRoleWithGrants(
-        hsOfficeMembershipADMIN(NEW),
+        hs_office.membership_ADMIN(NEW),
             permissions => array['DELETE', 'UPDATE'],
             incomingSuperRoles => array[
-            	hsOfficeMembershipOWNER(NEW),
+            	hs_office.membership_OWNER(NEW),
-            	hsOfficeRelationADMIN(newPartnerRel)]
+            	hs_office.relation_ADMIN(newPartnerRel)]
     );
 
     perform rbac.defineRoleWithGrants(
-        hsOfficeMembershipAGENT(NEW),
+        hs_office.membership_AGENT(NEW),
             permissions => array['SELECT'],
             incomingSuperRoles => array[
-            	hsOfficeMembershipADMIN(NEW),
+            	hs_office.membership_ADMIN(NEW),
-            	hsOfficeRelationAGENT(newPartnerRel)],
+            	hs_office.relation_AGENT(newPartnerRel)],
-            outgoingSubRoles => array[hsOfficeRelationTENANT(newPartnerRel)]
+            outgoingSubRoles => array[hs_office.relation_TENANT(newPartnerRel)]
     );
 
     call rbac.leaveTriggerForObjectUuid(NEW.uuid);

src/main/resources/db/changelog/5-hs-office/511-coopshares/5113-hs-office-coopshares-rbac.sql

@@ -38,8 +38,8 @@ begin
     SELECT * FROM hs_office.membership WHERE uuid = NEW.membershipUuid    INTO newMembership;
     assert newMembership.uuid is not null, format('newMembership must not be null for NEW.membershipUuid = %s', NEW.membershipUuid);
 
-    call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'SELECT'), hsOfficeMembershipAGENT(newMembership));
+    call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'SELECT'), hs_office.membership_AGENT(newMembership));
-    call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'UPDATE'), hsOfficeMembershipADMIN(newMembership));
+    call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'UPDATE'), hs_office.membership_ADMIN(newMembership));
 
     call rbac.leaveTriggerForObjectUuid(NEW.uuid);
 end; $$;
@@ -84,7 +84,7 @@ do language plpgsql $$
             LOOP
                 call rbac.grantPermissionToRole(
                         rbac.createPermission(row.uuid, 'INSERT', 'hs_office.coopsharestransaction'),
-                        hsOfficeMembershipADMIN(row));
+                        hs_office.membership_ADMIN(row));
             END LOOP;
     end;
 $$;
@@ -100,7 +100,7 @@ begin
     -- unconditional for all rows in that table
         call rbac.grantPermissionToRole(
             rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office.coopsharestransaction'),
-            hsOfficeMembershipADMIN(NEW));
+            hs_office.membership_ADMIN(NEW));
     -- end.
     return NEW;
 end; $$;

src/main/resources/db/changelog/5-hs-office/512-coopassets/5123-hs-office-coopassets-rbac.sql

@@ -38,8 +38,8 @@ begin
     SELECT * FROM hs_office.membership WHERE uuid = NEW.membershipUuid    INTO newMembership;
     assert newMembership.uuid is not null, format('newMembership must not be null for NEW.membershipUuid = %s', NEW.membershipUuid);
 
-    call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'SELECT'), hsOfficeMembershipAGENT(newMembership));
+    call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'SELECT'), hs_office.membership_AGENT(newMembership));
-    call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'UPDATE'), hsOfficeMembershipADMIN(newMembership));
+    call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'UPDATE'), hs_office.membership_ADMIN(newMembership));
 
     call rbac.leaveTriggerForObjectUuid(NEW.uuid);
 end; $$;
@@ -84,7 +84,7 @@ do language plpgsql $$
             LOOP
                 call rbac.grantPermissionToRole(
                         rbac.createPermission(row.uuid, 'INSERT', 'hs_office.coopassetstransaction'),
-                        hsOfficeMembershipADMIN(row));
+                        hs_office.membership_ADMIN(row));
             END LOOP;
     end;
 $$;
@@ -100,7 +100,7 @@ begin
     -- unconditional for all rows in that table
         call rbac.grantPermissionToRole(
             rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office.coopassetstransaction'),
-            hsOfficeMembershipADMIN(NEW));
+            hs_office.membership_ADMIN(NEW));
     -- end.
     return NEW;
 end; $$;

src/main/resources/db/changelog/6-hs-booking/620-booking-project/6203-hs-booking-project-rbac.sql

@@ -48,26 +48,26 @@ begin
 
 
     perform rbac.defineRoleWithGrants(
-        hsBookingProjectOWNER(NEW),
+        hs_booking.project_OWNER(NEW),
-            incomingSuperRoles => array[hsOfficeRelationAGENT(newDebitorRel, rbac.unassumed())]
+            incomingSuperRoles => array[hs_office.relation_AGENT(newDebitorRel, rbac.unassumed())]
     );
 
     perform rbac.defineRoleWithGrants(
-        hsBookingProjectADMIN(NEW),
+        hs_booking.project_ADMIN(NEW),
             permissions => array['UPDATE'],
-            incomingSuperRoles => array[hsBookingProjectOWNER(NEW)]
+            incomingSuperRoles => array[hs_booking.project_OWNER(NEW)]
     );
 
     perform rbac.defineRoleWithGrants(
-        hsBookingProjectAGENT(NEW),
+        hs_booking.project_AGENT(NEW),
-            incomingSuperRoles => array[hsBookingProjectADMIN(NEW)]
+            incomingSuperRoles => array[hs_booking.project_ADMIN(NEW)]
     );
 
     perform rbac.defineRoleWithGrants(
-        hsBookingProjectTENANT(NEW),
+        hs_booking.project_TENANT(NEW),
             permissions => array['SELECT'],
-            incomingSuperRoles => array[hsBookingProjectAGENT(NEW)],
+            incomingSuperRoles => array[hs_booking.project_AGENT(NEW)],
-            outgoingSubRoles => array[hsOfficeRelationTENANT(newDebitorRel)]
+            outgoingSubRoles => array[hs_office.relation_TENANT(newDebitorRel)]
     );
 
     call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'DELETE'), rbac.globalAdmin());
@@ -115,7 +115,7 @@ do language plpgsql $$
             LOOP
                 call rbac.grantPermissionToRole(
                         rbac.createPermission(row.uuid, 'INSERT', 'hs_booking.project'),
-                        hsOfficeRelationADMIN(row));
+                        hs_office.relation_ADMIN(row));
             END LOOP;
     end;
 $$;
@@ -131,7 +131,7 @@ begin
     if NEW.type = 'DEBITOR' then
         call rbac.grantPermissionToRole(
             rbac.createPermission(NEW.uuid, 'INSERT', 'hs_booking.project'),
-            hsOfficeRelationADMIN(NEW));
+            hs_office.relation_ADMIN(NEW));
     end if;
     return NEW;
 end; $$;

src/main/resources/db/changelog/6-hs-booking/630-booking-item/6303-hs-booking-item-rbac.sql

@@ -41,30 +41,30 @@ begin
     SELECT * FROM hs_booking.item WHERE uuid = NEW.parentItemUuid    INTO newParentItem;
 
     perform rbac.defineRoleWithGrants(
-        hsBookingItemOWNER(NEW),
+        hs_booking.item_OWNER(NEW),
             incomingSuperRoles => array[
-            	hsBookingItemAGENT(newParentItem),
+            	hs_booking.item_AGENT(newParentItem),
-            	hsBookingProjectAGENT(newProject)]
+            	hs_booking.project_AGENT(newProject)]
     );
 
     perform rbac.defineRoleWithGrants(
-        hsBookingItemADMIN(NEW),
+        hs_booking.item_ADMIN(NEW),
             permissions => array['UPDATE'],
-            incomingSuperRoles => array[hsBookingItemOWNER(NEW)]
+            incomingSuperRoles => array[hs_booking.item_OWNER(NEW)]
     );
 
     perform rbac.defineRoleWithGrants(
-        hsBookingItemAGENT(NEW),
+        hs_booking.item_AGENT(NEW),
-            incomingSuperRoles => array[hsBookingItemADMIN(NEW)]
+            incomingSuperRoles => array[hs_booking.item_ADMIN(NEW)]
     );
 
     perform rbac.defineRoleWithGrants(
-        hsBookingItemTENANT(NEW),
+        hs_booking.item_TENANT(NEW),
             permissions => array['SELECT'],
-            incomingSuperRoles => array[hsBookingItemAGENT(NEW)],
+            incomingSuperRoles => array[hs_booking.item_AGENT(NEW)],
             outgoingSubRoles => array[
-            	hsBookingItemTENANT(newParentItem),
+            	hs_booking.item_TENANT(newParentItem),
-            	hsBookingProjectTENANT(newProject)]
+            	hs_booking.project_TENANT(newProject)]
     );
 
 
@@ -157,7 +157,7 @@ do language plpgsql $$
             LOOP
                 call rbac.grantPermissionToRole(
                         rbac.createPermission(row.uuid, 'INSERT', 'hs_booking.item'),
-                        hsBookingProjectADMIN(row));
+                        hs_booking.project_ADMIN(row));
             END LOOP;
     end;
 $$;
@@ -173,7 +173,7 @@ begin
     -- unconditional for all rows in that table
         call rbac.grantPermissionToRole(
             rbac.createPermission(NEW.uuid, 'INSERT', 'hs_booking.item'),
-            hsBookingProjectADMIN(NEW));
+            hs_booking.project_ADMIN(NEW));
     -- end.
     return NEW;
 end; $$;
@@ -200,7 +200,7 @@ begin
     -- unconditional for all rows in that table
         call rbac.grantPermissionToRole(
             rbac.createPermission(NEW.uuid, 'INSERT', 'hs_booking.item'),
-            hsBookingItemADMIN(NEW));
+            hs_booking.item_ADMIN(NEW));
     -- end.
     return NEW;
 end; $$;

src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7013-hs-hosting-asset-rbac.sql

@@ -47,43 +47,43 @@ begin
     SELECT * FROM hs_hosting.asset WHERE uuid = NEW.parentAssetUuid    INTO newParentAsset;
 
     perform rbac.defineRoleWithGrants(
-        hsHostingAssetOWNER(NEW),
+        hs_hosting.asset_OWNER(NEW),
             permissions => array['DELETE'],
             incomingSuperRoles => array[
-            	hsBookingItemADMIN(newBookingItem),
+            	hs_booking.item_ADMIN(newBookingItem),
-            	hsHostingAssetADMIN(newParentAsset),
+            	hs_hosting.asset_ADMIN(newParentAsset),
             	rbac.globalADMIN(rbac.unassumed())],
             subjectUuids => array[rbac.currentSubjectUuid()]
     );
 
     perform rbac.defineRoleWithGrants(
-        hsHostingAssetADMIN(NEW),
+        hs_hosting.asset_ADMIN(NEW),
             permissions => array['UPDATE'],
             incomingSuperRoles => array[
-            	hsBookingItemAGENT(newBookingItem),
+            	hs_booking.item_AGENT(newBookingItem),
-            	hsHostingAssetAGENT(newParentAsset),
+            	hs_hosting.asset_AGENT(newParentAsset),
-            	hsHostingAssetOWNER(NEW)]
+            	hs_hosting.asset_OWNER(NEW)]
     );
 
     perform rbac.defineRoleWithGrants(
-        hsHostingAssetAGENT(NEW),
+        hs_hosting.asset_AGENT(NEW),
             incomingSuperRoles => array[
-            	hsHostingAssetADMIN(NEW),
+            	hs_hosting.asset_ADMIN(NEW),
-            	hsHostingAssetAGENT(newAssignedToAsset)],
+            	hs_hosting.asset_AGENT(newAssignedToAsset)],
             outgoingSubRoles => array[
-            	hsHostingAssetTENANT(newAssignedToAsset),
+            	hs_hosting.asset_TENANT(newAssignedToAsset),
-            	hsOfficeContactREFERRER(newAlarmContact)]
+            	hs_office.contact_REFERRER(newAlarmContact)]
     );
 
     perform rbac.defineRoleWithGrants(
-        hsHostingAssetTENANT(NEW),
+        hs_hosting.asset_TENANT(NEW),
             permissions => array['SELECT'],
             incomingSuperRoles => array[
-            	hsHostingAssetAGENT(NEW),
+            	hs_hosting.asset_AGENT(NEW),
-            	hsOfficeContactADMIN(newAlarmContact)],
+            	hs_office.contact_ADMIN(newAlarmContact)],
             outgoingSubRoles => array[
-            	hsBookingItemTENANT(newBookingItem),
+            	hs_booking.item_TENANT(newBookingItem),
-            	hsHostingAssetTENANT(newParentAsset)]
+            	hs_hosting.asset_TENANT(newParentAsset)]
     );
 
     IF NEW.type = 'DOMAIN_SETUP' THEN

src/test/resources/application.yml

@@ -7,7 +7,7 @@ spring:
         url-tc: jdbc:tc:postgresql:15.5-bookworm:///spring_boot_testcontainers
         url-tcx: jdbc:tc:postgresql:15.5-bookworm:///spring_boot_testcontainers?TC_REUSABLE=true&TC_DAEMON=true
         url-local: jdbc:postgresql://localhost:5432/postgres
-        url: ${spring.datasource.url-local}
+        url: ${spring.datasource.url-tc}
         username: postgres
         password: password