rename customerOwner -> rbactest.customer_OWNER etc.
This commit is contained in:
Michael Hoennig
parent
94f6bab004
commit
632bf7d29b
@ -338,8 +338,8 @@ Now, the longest running queries are these:
|
||||
| 6 | 123.740 | 3 | 2 | with recursive grants as ( select descendantUuid, ascendantUuid from RbacGrants where descendantUuid = grantedId union all select "grant".descendantUuid, "grant".ascendantUuid from RbacGrants "grant" inner join grants recur on recur.ascendantUuid = "grant".descendantUuid ) select exists ( select $3 from grants where ascendantUuid = any(granteeIds) ) or grantedId = any(granteeIds) |
|
||||
| 7 | 497 | 2 | 259 | select hoce1_0.uuid,hoce1_0.caption,hoce1_0.emailaddresses,hoce1_0.phonenumbers,hoce1_0.postaladdress,hoce1_0.version from public.hs_office.contact_rv hoce1_0 where hoce1_0.uuid=$1 |
|
||||
| 8 | 497 | 2 | 255 | select hope1_0.uuid,hope1_0.familyname,hope1_0.givenname,hope1_0.persontype,hope1_0.salutation,hope1_0.title,hope1_0.tradename,hope1_0.version from public.hs_office.person_rv hope1_0 where hope1_0.uuid=$1 |
|
||||
| 9 | 13.144 | 1 | 8 | SELECT createRoleWithGrants( hsHostingAssetTENANT(NEW), permissions => array[$7], incomingSuperRoles => array[ hsHostingAssetAGENT(NEW), hsOfficeContactADMIN(newAlarmContact)], outgoingSubRoles => array[ hsBookingItemTENANT(newBookingItem), hsHostingAssetTENANT(newParentAsset)] ) |
|
||||
| 10 | 13.144 | 1 | 5 | SELECT createRoleWithGrants( hsHostingAssetADMIN(NEW), permissions => array[$7], incomingSuperRoles => array[ hsBookingItemAGENT(newBookingItem), hsHostingAssetAGENT(newParentAsset), hsHostingAssetOWNER(NEW)] ) |
|
||||
| 9 | 13.144 | 1 | 8 | SELECT createRoleWithGrants( hs_hosting.asset_TENANT(NEW), permissions => array[$7], incomingSuperRoles => array[ hs_hosting.asset_AGENT(NEW), hs_office.contact_ADMIN(newAlarmContact)], outgoingSubRoles => array[ hs_booking.item_TENANT(newBookingItem), hs_hosting.asset_TENANT(newParentAsset)] ) |
|
||||
| 10 | 13.144 | 1 | 5 | SELECT createRoleWithGrants( hs_hosting.asset_ADMIN(NEW), permissions => array[$7], incomingSuperRoles => array[ hs_booking.item_AGENT(newBookingItem), hs_hosting.asset_AGENT(newParentAsset), hs_hosting.asset_OWNER(NEW)] ) |
|
||||
|
||||
That the `INSERT into hs_hosting.asset` (No. 1) takes up the most time, seems to be normal, and 21ms for each call is also fine.
|
||||
|
||||
|
||||
@ -105,7 +105,6 @@ begin
|
||||
end; $f$;
|
||||
|
||||
$sql$, targetTable);
|
||||
raise exception 'generated-SQL: %', sql;
|
||||
execute sql;
|
||||
end; $$;
|
||||
--//
|
||||
|
||||
@ -35,22 +35,22 @@ begin
|
||||
call rbac.enterTriggerForObjectUuid(NEW.uuid);
|
||||
|
||||
perform rbac.defineRoleWithGrants(
|
||||
testCustomerOWNER(NEW),
|
||||
rbactest.customer_OWNER(NEW),
|
||||
permissions => array['DELETE'],
|
||||
incomingSuperRoles => array[rbac.globalADMIN(rbac.unassumed())],
|
||||
subjectUuids => array[rbac.currentSubjectUuid()]
|
||||
);
|
||||
|
||||
perform rbac.defineRoleWithGrants(
|
||||
testCustomerADMIN(NEW),
|
||||
rbactest.customer_ADMIN(NEW),
|
||||
permissions => array['UPDATE'],
|
||||
incomingSuperRoles => array[testCustomerOWNER(NEW)]
|
||||
incomingSuperRoles => array[rbactest.customer_OWNER(NEW)]
|
||||
);
|
||||
|
||||
perform rbac.defineRoleWithGrants(
|
||||
testCustomerTENANT(NEW),
|
||||
rbactest.customer_TENANT(NEW),
|
||||
permissions => array['SELECT'],
|
||||
incomingSuperRoles => array[testCustomerADMIN(NEW)]
|
||||
incomingSuperRoles => array[rbactest.customer_ADMIN(NEW)]
|
||||
);
|
||||
|
||||
call rbac.leaveTriggerForObjectUuid(NEW.uuid);
|
||||
|
||||
@ -41,8 +41,8 @@ begin
|
||||
select * into newCust
|
||||
from rbactest.customer where reference=custReference;
|
||||
call rbac.grantRoleToSubject(
|
||||
rbac.getRoleId(testCustomerOwner(newCust)),
|
||||
rbac.getRoleId(testCustomerAdmin(newCust)),
|
||||
rbac.getRoleId(rbactest.customer_OWNER(newCust)),
|
||||
rbac.getRoleId(rbactest.customer_ADMIN(newCust)),
|
||||
custAdminUuid,
|
||||
true);
|
||||
end; $$;
|
||||
|
||||
@ -40,21 +40,21 @@ begin
|
||||
|
||||
|
||||
perform rbac.defineRoleWithGrants(
|
||||
testPackageOWNER(NEW),
|
||||
rbactest.package_OWNER(NEW),
|
||||
permissions => array['DELETE', 'UPDATE'],
|
||||
incomingSuperRoles => array[testCustomerADMIN(newCustomer)]
|
||||
incomingSuperRoles => array[rbactest.customer_ADMIN(newCustomer)]
|
||||
);
|
||||
|
||||
perform rbac.defineRoleWithGrants(
|
||||
testPackageADMIN(NEW),
|
||||
incomingSuperRoles => array[testPackageOWNER(NEW)]
|
||||
rbactest.package_ADMIN(NEW),
|
||||
incomingSuperRoles => array[rbactest.package_OWNER(NEW)]
|
||||
);
|
||||
|
||||
perform rbac.defineRoleWithGrants(
|
||||
testPackageTENANT(NEW),
|
||||
rbactest.package_TENANT(NEW),
|
||||
permissions => array['SELECT'],
|
||||
incomingSuperRoles => array[testPackageADMIN(NEW)],
|
||||
outgoingSubRoles => array[testCustomerTENANT(newCustomer)]
|
||||
incomingSuperRoles => array[rbactest.package_ADMIN(NEW)],
|
||||
outgoingSubRoles => array[rbactest.customer_TENANT(newCustomer)]
|
||||
);
|
||||
|
||||
call rbac.leaveTriggerForObjectUuid(NEW.uuid);
|
||||
@ -110,11 +110,11 @@ begin
|
||||
|
||||
if NEW.customerUuid <> OLD.customerUuid then
|
||||
|
||||
call rbac.revokeRoleFromRole(testPackageOWNER(OLD), testCustomerADMIN(oldCustomer));
|
||||
call rbac.grantRoleToRole(testPackageOWNER(NEW), testCustomerADMIN(newCustomer));
|
||||
call rbac.revokeRoleFromRole(rbactest.package_OWNER(OLD), rbactest.customer_ADMIN(oldCustomer));
|
||||
call rbac.grantRoleToRole(rbactest.package_OWNER(NEW), rbactest.customer_ADMIN(newCustomer));
|
||||
|
||||
call rbac.revokeRoleFromRole(testCustomerTENANT(oldCustomer), testPackageTENANT(OLD));
|
||||
call rbac.grantRoleToRole(testCustomerTENANT(newCustomer), testPackageTENANT(NEW));
|
||||
call rbac.revokeRoleFromRole(rbactest.customer_TENANT(oldCustomer), rbactest.package_TENANT(OLD));
|
||||
call rbac.grantRoleToRole(rbactest.customer_TENANT(newCustomer), rbactest.package_TENANT(NEW));
|
||||
|
||||
end if;
|
||||
|
||||
@ -161,7 +161,7 @@ do language plpgsql $$
|
||||
LOOP
|
||||
call rbac.grantPermissionToRole(
|
||||
rbac.createPermission(row.uuid, 'INSERT', 'rbactest.package'),
|
||||
testCustomerADMIN(row));
|
||||
rbactest.customer_ADMIN(row));
|
||||
END LOOP;
|
||||
end;
|
||||
$$;
|
||||
@ -177,7 +177,7 @@ begin
|
||||
-- unconditional for all rows in that table
|
||||
call rbac.grantPermissionToRole(
|
||||
rbac.createPermission(NEW.uuid, 'INSERT', 'rbactest.package'),
|
||||
testCustomerADMIN(NEW));
|
||||
rbactest.customer_ADMIN(NEW));
|
||||
-- end.
|
||||
return NEW;
|
||||
end; $$;
|
||||
|
||||
@ -30,8 +30,8 @@ begin
|
||||
returning * into pac;
|
||||
|
||||
call rbac.grantRoleToSubject(
|
||||
rbac.getRoleId(testCustomerAdmin(cust)),
|
||||
rbac.findRoleId(testPackageAdmin(pac)),
|
||||
rbac.getRoleId(rbactest.customer_ADMIN(cust)),
|
||||
rbac.findRoleId(rbactest.package_ADMIN(pac)),
|
||||
rbac.create_subject('pac-admin-' || pacName || '@' || cust.prefix || '.example.com'),
|
||||
true);
|
||||
|
||||
|
||||
@ -40,17 +40,17 @@ begin
|
||||
|
||||
|
||||
perform rbac.defineRoleWithGrants(
|
||||
testDomainOWNER(NEW),
|
||||
rbactest.domain_OWNER(NEW),
|
||||
permissions => array['DELETE', 'UPDATE'],
|
||||
incomingSuperRoles => array[testPackageADMIN(newPackage)],
|
||||
outgoingSubRoles => array[testPackageTENANT(newPackage)]
|
||||
incomingSuperRoles => array[rbactest.package_ADMIN(newPackage)],
|
||||
outgoingSubRoles => array[rbactest.package_TENANT(newPackage)]
|
||||
);
|
||||
|
||||
perform rbac.defineRoleWithGrants(
|
||||
testDomainADMIN(NEW),
|
||||
rbactest.domain_ADMIN(NEW),
|
||||
permissions => array['SELECT'],
|
||||
incomingSuperRoles => array[testDomainOWNER(NEW)],
|
||||
outgoingSubRoles => array[testPackageTENANT(newPackage)]
|
||||
incomingSuperRoles => array[rbactest.domain_OWNER(NEW)],
|
||||
outgoingSubRoles => array[rbactest.package_TENANT(newPackage)]
|
||||
);
|
||||
|
||||
call rbac.leaveTriggerForObjectUuid(NEW.uuid);
|
||||
@ -106,14 +106,14 @@ begin
|
||||
|
||||
if NEW.packageUuid <> OLD.packageUuid then
|
||||
|
||||
call rbac.revokeRoleFromRole(testDomainOWNER(OLD), testPackageADMIN(oldPackage));
|
||||
call rbac.grantRoleToRole(testDomainOWNER(NEW), testPackageADMIN(newPackage));
|
||||
call rbac.revokeRoleFromRole(rbactest.domain_OWNER(OLD), rbactest.package_ADMIN(oldPackage));
|
||||
call rbac.grantRoleToRole(rbactest.domain_OWNER(NEW), rbactest.package_ADMIN(newPackage));
|
||||
|
||||
call rbac.revokeRoleFromRole(testPackageTENANT(oldPackage), testDomainOWNER(OLD));
|
||||
call rbac.grantRoleToRole(testPackageTENANT(newPackage), testDomainOWNER(NEW));
|
||||
call rbac.revokeRoleFromRole(rbactest.package_TENANT(oldPackage), rbactest.domain_OWNER(OLD));
|
||||
call rbac.grantRoleToRole(rbactest.package_TENANT(newPackage), rbactest.domain_OWNER(NEW));
|
||||
|
||||
call rbac.revokeRoleFromRole(testPackageTENANT(oldPackage), testDomainADMIN(OLD));
|
||||
call rbac.grantRoleToRole(testPackageTENANT(newPackage), testDomainADMIN(NEW));
|
||||
call rbac.revokeRoleFromRole(rbactest.package_TENANT(oldPackage), rbactest.domain_ADMIN(OLD));
|
||||
call rbac.grantRoleToRole(rbactest.package_TENANT(newPackage), rbactest.domain_ADMIN(NEW));
|
||||
|
||||
end if;
|
||||
|
||||
@ -160,7 +160,7 @@ do language plpgsql $$
|
||||
LOOP
|
||||
call rbac.grantPermissionToRole(
|
||||
rbac.createPermission(row.uuid, 'INSERT', 'rbactest.domain'),
|
||||
testPackageADMIN(row));
|
||||
rbactest.package_ADMIN(row));
|
||||
END LOOP;
|
||||
end;
|
||||
$$;
|
||||
@ -176,7 +176,7 @@ begin
|
||||
-- unconditional for all rows in that table
|
||||
call rbac.grantPermissionToRole(
|
||||
rbac.createPermission(NEW.uuid, 'INSERT', 'rbactest.domain'),
|
||||
testPackageADMIN(NEW));
|
||||
rbactest.package_ADMIN(NEW));
|
||||
-- end.
|
||||
return NEW;
|
||||
end; $$;
|
||||
|
||||
@ -35,22 +35,22 @@ begin
|
||||
call rbac.enterTriggerForObjectUuid(NEW.uuid);
|
||||
|
||||
perform rbac.defineRoleWithGrants(
|
||||
hsOfficeContactOWNER(NEW),
|
||||
hs_office.contact_OWNER(NEW),
|
||||
permissions => array['DELETE'],
|
||||
incomingSuperRoles => array[rbac.globalADMIN()],
|
||||
subjectUuids => array[rbac.currentSubjectUuid()]
|
||||
);
|
||||
|
||||
perform rbac.defineRoleWithGrants(
|
||||
hsOfficeContactADMIN(NEW),
|
||||
hs_office.contact_ADMIN(NEW),
|
||||
permissions => array['UPDATE'],
|
||||
incomingSuperRoles => array[hsOfficeContactOWNER(NEW)]
|
||||
incomingSuperRoles => array[hs_office.contact_OWNER(NEW)]
|
||||
);
|
||||
|
||||
perform rbac.defineRoleWithGrants(
|
||||
hsOfficeContactREFERRER(NEW),
|
||||
hs_office.contact_REFERRER(NEW),
|
||||
permissions => array['SELECT'],
|
||||
incomingSuperRoles => array[hsOfficeContactADMIN(NEW)]
|
||||
incomingSuperRoles => array[hs_office.contact_ADMIN(NEW)]
|
||||
);
|
||||
|
||||
call rbac.leaveTriggerForObjectUuid(NEW.uuid);
|
||||
|
||||
@ -35,22 +35,22 @@ begin
|
||||
call rbac.enterTriggerForObjectUuid(NEW.uuid);
|
||||
|
||||
perform rbac.defineRoleWithGrants(
|
||||
hsOfficePersonOWNER(NEW),
|
||||
hs_office.person_OWNER(NEW),
|
||||
permissions => array['DELETE'],
|
||||
incomingSuperRoles => array[rbac.globalADMIN()],
|
||||
subjectUuids => array[rbac.currentSubjectUuid()]
|
||||
);
|
||||
|
||||
perform rbac.defineRoleWithGrants(
|
||||
hsOfficePersonADMIN(NEW),
|
||||
hs_office.person_ADMIN(NEW),
|
||||
permissions => array['UPDATE'],
|
||||
incomingSuperRoles => array[hsOfficePersonOWNER(NEW)]
|
||||
incomingSuperRoles => array[hs_office.person_OWNER(NEW)]
|
||||
);
|
||||
|
||||
perform rbac.defineRoleWithGrants(
|
||||
hsOfficePersonREFERRER(NEW),
|
||||
hs_office.person_REFERRER(NEW),
|
||||
permissions => array['SELECT'],
|
||||
incomingSuperRoles => array[hsOfficePersonADMIN(NEW)]
|
||||
incomingSuperRoles => array[hs_office.person_ADMIN(NEW)]
|
||||
);
|
||||
|
||||
call rbac.leaveTriggerForObjectUuid(NEW.uuid);
|
||||
|
||||
@ -48,42 +48,42 @@ begin
|
||||
|
||||
|
||||
perform rbac.defineRoleWithGrants(
|
||||
hsOfficeRelationOWNER(NEW),
|
||||
hs_office.relation_OWNER(NEW),
|
||||
permissions => array['DELETE'],
|
||||
incomingSuperRoles => array[rbac.globalADMIN()],
|
||||
subjectUuids => array[rbac.currentSubjectUuid()]
|
||||
);
|
||||
|
||||
perform rbac.defineRoleWithGrants(
|
||||
hsOfficeRelationADMIN(NEW),
|
||||
hs_office.relation_ADMIN(NEW),
|
||||
permissions => array['UPDATE'],
|
||||
incomingSuperRoles => array[hsOfficeRelationOWNER(NEW)]
|
||||
incomingSuperRoles => array[hs_office.relation_OWNER(NEW)]
|
||||
);
|
||||
|
||||
perform rbac.defineRoleWithGrants(
|
||||
hsOfficeRelationAGENT(NEW),
|
||||
incomingSuperRoles => array[hsOfficeRelationADMIN(NEW)]
|
||||
hs_office.relation_AGENT(NEW),
|
||||
incomingSuperRoles => array[hs_office.relation_ADMIN(NEW)]
|
||||
);
|
||||
|
||||
perform rbac.defineRoleWithGrants(
|
||||
hsOfficeRelationTENANT(NEW),
|
||||
hs_office.relation_TENANT(NEW),
|
||||
permissions => array['SELECT'],
|
||||
incomingSuperRoles => array[
|
||||
hsOfficeContactADMIN(newContact),
|
||||
hsOfficeRelationAGENT(NEW)],
|
||||
hs_office.contact_ADMIN(newContact),
|
||||
hs_office.relation_AGENT(NEW)],
|
||||
outgoingSubRoles => array[
|
||||
hsOfficeContactREFERRER(newContact),
|
||||
hsOfficePersonREFERRER(newAnchorPerson),
|
||||
hsOfficePersonREFERRER(newHolderPerson)]
|
||||
hs_office.contact_REFERRER(newContact),
|
||||
hs_office.person_REFERRER(newAnchorPerson),
|
||||
hs_office.person_REFERRER(newHolderPerson)]
|
||||
);
|
||||
|
||||
IF NEW.type = 'REPRESENTATIVE' THEN
|
||||
call rbac.grantRoleToRole(hsOfficePersonOWNER(newAnchorPerson), hsOfficeRelationADMIN(NEW));
|
||||
call rbac.grantRoleToRole(hsOfficeRelationAGENT(NEW), hsOfficePersonADMIN(newAnchorPerson));
|
||||
call rbac.grantRoleToRole(hsOfficeRelationOWNER(NEW), hsOfficePersonADMIN(newHolderPerson));
|
||||
call rbac.grantRoleToRole(hs_office.person_OWNER(newAnchorPerson), hs_office.relation_ADMIN(NEW));
|
||||
call rbac.grantRoleToRole(hs_office.relation_AGENT(NEW), hs_office.person_ADMIN(newAnchorPerson));
|
||||
call rbac.grantRoleToRole(hs_office.relation_OWNER(NEW), hs_office.person_ADMIN(newHolderPerson));
|
||||
ELSE
|
||||
call rbac.grantRoleToRole(hsOfficeRelationAGENT(NEW), hsOfficePersonADMIN(newHolderPerson));
|
||||
call rbac.grantRoleToRole(hsOfficeRelationOWNER(NEW), hsOfficePersonADMIN(newAnchorPerson));
|
||||
call rbac.grantRoleToRole(hs_office.relation_AGENT(NEW), hs_office.person_ADMIN(newHolderPerson));
|
||||
call rbac.grantRoleToRole(hs_office.relation_OWNER(NEW), hs_office.person_ADMIN(newAnchorPerson));
|
||||
END IF;
|
||||
|
||||
call rbac.leaveTriggerForObjectUuid(NEW.uuid);
|
||||
@ -170,7 +170,7 @@ do language plpgsql $$
|
||||
LOOP
|
||||
call rbac.grantPermissionToRole(
|
||||
rbac.createPermission(row.uuid, 'INSERT', 'hs_office.relation'),
|
||||
hsOfficePersonADMIN(row));
|
||||
hs_office.person_ADMIN(row));
|
||||
END LOOP;
|
||||
end;
|
||||
$$;
|
||||
@ -186,7 +186,7 @@ begin
|
||||
-- unconditional for all rows in that table
|
||||
call rbac.grantPermissionToRole(
|
||||
rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office.relation'),
|
||||
hsOfficePersonADMIN(NEW));
|
||||
hs_office.person_ADMIN(NEW));
|
||||
-- end.
|
||||
return NEW;
|
||||
end; $$;
|
||||
|
||||
@ -42,12 +42,12 @@ begin
|
||||
SELECT * FROM hs_office.partner_details WHERE uuid = NEW.detailsUuid INTO newPartnerDetails;
|
||||
assert newPartnerDetails.uuid is not null, format('newPartnerDetails must not be null for NEW.detailsUuid = %s', NEW.detailsUuid);
|
||||
|
||||
call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'DELETE'), hsOfficeRelationOWNER(newPartnerRel));
|
||||
call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'SELECT'), hsOfficeRelationTENANT(newPartnerRel));
|
||||
call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'UPDATE'), hsOfficeRelationADMIN(newPartnerRel));
|
||||
call rbac.grantPermissionToRole(rbac.createPermission(newPartnerDetails.uuid, 'DELETE'), hsOfficeRelationOWNER(newPartnerRel));
|
||||
call rbac.grantPermissionToRole(rbac.createPermission(newPartnerDetails.uuid, 'SELECT'), hsOfficeRelationAGENT(newPartnerRel));
|
||||
call rbac.grantPermissionToRole(rbac.createPermission(newPartnerDetails.uuid, 'UPDATE'), hsOfficeRelationAGENT(newPartnerRel));
|
||||
call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'DELETE'), hs_office.relation_OWNER(newPartnerRel));
|
||||
call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'SELECT'), hs_office.relation_TENANT(newPartnerRel));
|
||||
call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'UPDATE'), hs_office.relation_ADMIN(newPartnerRel));
|
||||
call rbac.grantPermissionToRole(rbac.createPermission(newPartnerDetails.uuid, 'DELETE'), hs_office.relation_OWNER(newPartnerRel));
|
||||
call rbac.grantPermissionToRole(rbac.createPermission(newPartnerDetails.uuid, 'SELECT'), hs_office.relation_AGENT(newPartnerRel));
|
||||
call rbac.grantPermissionToRole(rbac.createPermission(newPartnerDetails.uuid, 'UPDATE'), hs_office.relation_AGENT(newPartnerRel));
|
||||
|
||||
call rbac.leaveTriggerForObjectUuid(NEW.uuid);
|
||||
end; $$;
|
||||
@ -110,23 +110,23 @@ begin
|
||||
|
||||
if NEW.partnerRelUuid <> OLD.partnerRelUuid then
|
||||
|
||||
call rbac.revokePermissionFromRole(rbac.getPermissionId(OLD.uuid, 'DELETE'), hsOfficeRelationOWNER(oldPartnerRel));
|
||||
call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'DELETE'), hsOfficeRelationOWNER(newPartnerRel));
|
||||
call rbac.revokePermissionFromRole(rbac.getPermissionId(OLD.uuid, 'DELETE'), hs_office.relation_OWNER(oldPartnerRel));
|
||||
call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'DELETE'), hs_office.relation_OWNER(newPartnerRel));
|
||||
|
||||
call rbac.revokePermissionFromRole(rbac.getPermissionId(OLD.uuid, 'UPDATE'), hsOfficeRelationADMIN(oldPartnerRel));
|
||||
call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'UPDATE'), hsOfficeRelationADMIN(newPartnerRel));
|
||||
call rbac.revokePermissionFromRole(rbac.getPermissionId(OLD.uuid, 'UPDATE'), hs_office.relation_ADMIN(oldPartnerRel));
|
||||
call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'UPDATE'), hs_office.relation_ADMIN(newPartnerRel));
|
||||
|
||||
call rbac.revokePermissionFromRole(rbac.getPermissionId(OLD.uuid, 'SELECT'), hsOfficeRelationTENANT(oldPartnerRel));
|
||||
call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'SELECT'), hsOfficeRelationTENANT(newPartnerRel));
|
||||
call rbac.revokePermissionFromRole(rbac.getPermissionId(OLD.uuid, 'SELECT'), hs_office.relation_TENANT(oldPartnerRel));
|
||||
call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'SELECT'), hs_office.relation_TENANT(newPartnerRel));
|
||||
|
||||
call rbac.revokePermissionFromRole(rbac.getPermissionId(oldPartnerDetails.uuid, 'DELETE'), hsOfficeRelationOWNER(oldPartnerRel));
|
||||
call rbac.grantPermissionToRole(rbac.createPermission(newPartnerDetails.uuid, 'DELETE'), hsOfficeRelationOWNER(newPartnerRel));
|
||||
call rbac.revokePermissionFromRole(rbac.getPermissionId(oldPartnerDetails.uuid, 'DELETE'), hs_office.relation_OWNER(oldPartnerRel));
|
||||
call rbac.grantPermissionToRole(rbac.createPermission(newPartnerDetails.uuid, 'DELETE'), hs_office.relation_OWNER(newPartnerRel));
|
||||
|
||||
call rbac.revokePermissionFromRole(rbac.getPermissionId(oldPartnerDetails.uuid, 'UPDATE'), hsOfficeRelationAGENT(oldPartnerRel));
|
||||
call rbac.grantPermissionToRole(rbac.createPermission(newPartnerDetails.uuid, 'UPDATE'), hsOfficeRelationAGENT(newPartnerRel));
|
||||
call rbac.revokePermissionFromRole(rbac.getPermissionId(oldPartnerDetails.uuid, 'UPDATE'), hs_office.relation_AGENT(oldPartnerRel));
|
||||
call rbac.grantPermissionToRole(rbac.createPermission(newPartnerDetails.uuid, 'UPDATE'), hs_office.relation_AGENT(newPartnerRel));
|
||||
|
||||
call rbac.revokePermissionFromRole(rbac.getPermissionId(oldPartnerDetails.uuid, 'SELECT'), hsOfficeRelationAGENT(oldPartnerRel));
|
||||
call rbac.grantPermissionToRole(rbac.createPermission(newPartnerDetails.uuid, 'SELECT'), hsOfficeRelationAGENT(newPartnerRel));
|
||||
call rbac.revokePermissionFromRole(rbac.getPermissionId(oldPartnerDetails.uuid, 'SELECT'), hs_office.relation_AGENT(oldPartnerRel));
|
||||
call rbac.grantPermissionToRole(rbac.createPermission(newPartnerDetails.uuid, 'SELECT'), hs_office.relation_AGENT(newPartnerRel));
|
||||
|
||||
end if;
|
||||
|
||||
|
||||
@ -35,22 +35,22 @@ begin
|
||||
call rbac.enterTriggerForObjectUuid(NEW.uuid);
|
||||
|
||||
perform rbac.defineRoleWithGrants(
|
||||
hsOfficeBankAccountOWNER(NEW),
|
||||
hs_office.bankaccount_OWNER(NEW),
|
||||
permissions => array['DELETE'],
|
||||
incomingSuperRoles => array[rbac.globalADMIN()],
|
||||
subjectUuids => array[rbac.currentSubjectUuid()]
|
||||
);
|
||||
|
||||
perform rbac.defineRoleWithGrants(
|
||||
hsOfficeBankAccountADMIN(NEW),
|
||||
hs_office.bankaccount_ADMIN(NEW),
|
||||
permissions => array['UPDATE'],
|
||||
incomingSuperRoles => array[hsOfficeBankAccountOWNER(NEW)]
|
||||
incomingSuperRoles => array[hs_office.bankaccount_OWNER(NEW)]
|
||||
);
|
||||
|
||||
perform rbac.defineRoleWithGrants(
|
||||
hsOfficeBankAccountREFERRER(NEW),
|
||||
hs_office.bankaccount_REFERRER(NEW),
|
||||
permissions => array['SELECT'],
|
||||
incomingSuperRoles => array[hsOfficeBankAccountADMIN(NEW)]
|
||||
incomingSuperRoles => array[hs_office.bankaccount_ADMIN(NEW)]
|
||||
);
|
||||
|
||||
call rbac.leaveTriggerForObjectUuid(NEW.uuid);
|
||||
|
||||
@ -51,15 +51,15 @@ begin
|
||||
|
||||
SELECT * FROM hs_office.bankaccount WHERE uuid = NEW.refundBankAccountUuid INTO newRefundBankAccount;
|
||||
|
||||
call rbac.grantRoleToRole(hsOfficeBankAccountREFERRER(newRefundBankAccount), hsOfficeRelationAGENT(newDebitorRel));
|
||||
call rbac.grantRoleToRole(hsOfficeRelationADMIN(newDebitorRel), hsOfficeRelationADMIN(newPartnerRel));
|
||||
call rbac.grantRoleToRole(hsOfficeRelationAGENT(newDebitorRel), hsOfficeBankAccountADMIN(newRefundBankAccount));
|
||||
call rbac.grantRoleToRole(hsOfficeRelationAGENT(newDebitorRel), hsOfficeRelationAGENT(newPartnerRel));
|
||||
call rbac.grantRoleToRole(hsOfficeRelationTENANT(newPartnerRel), hsOfficeRelationAGENT(newDebitorRel));
|
||||
call rbac.grantRoleToRole(hs_office.bankaccount_REFERRER(newRefundBankAccount), hs_office.relation_AGENT(newDebitorRel));
|
||||
call rbac.grantRoleToRole(hs_office.relation_ADMIN(newDebitorRel), hs_office.relation_ADMIN(newPartnerRel));
|
||||
call rbac.grantRoleToRole(hs_office.relation_AGENT(newDebitorRel), hs_office.bankaccount_ADMIN(newRefundBankAccount));
|
||||
call rbac.grantRoleToRole(hs_office.relation_AGENT(newDebitorRel), hs_office.relation_AGENT(newPartnerRel));
|
||||
call rbac.grantRoleToRole(hs_office.relation_TENANT(newPartnerRel), hs_office.relation_AGENT(newDebitorRel));
|
||||
|
||||
call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'DELETE'), hsOfficeRelationOWNER(newDebitorRel));
|
||||
call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'SELECT'), hsOfficeRelationTENANT(newDebitorRel));
|
||||
call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'UPDATE'), hsOfficeRelationADMIN(newDebitorRel));
|
||||
call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'DELETE'), hs_office.relation_OWNER(newDebitorRel));
|
||||
call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'SELECT'), hs_office.relation_TENANT(newDebitorRel));
|
||||
call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'UPDATE'), hs_office.relation_ADMIN(newDebitorRel));
|
||||
|
||||
call rbac.leaveTriggerForObjectUuid(NEW.uuid);
|
||||
end; $$;
|
||||
|
||||
@ -48,34 +48,34 @@ begin
|
||||
|
||||
|
||||
perform rbac.defineRoleWithGrants(
|
||||
hsOfficeSepaMandateOWNER(NEW),
|
||||
hs_office.sepamandate_OWNER(NEW),
|
||||
permissions => array['DELETE'],
|
||||
incomingSuperRoles => array[rbac.globalADMIN()],
|
||||
subjectUuids => array[rbac.currentSubjectUuid()]
|
||||
);
|
||||
|
||||
perform rbac.defineRoleWithGrants(
|
||||
hsOfficeSepaMandateADMIN(NEW),
|
||||
hs_office.sepamandate_ADMIN(NEW),
|
||||
permissions => array['UPDATE'],
|
||||
incomingSuperRoles => array[hsOfficeSepaMandateOWNER(NEW)]
|
||||
incomingSuperRoles => array[hs_office.sepamandate_OWNER(NEW)]
|
||||
);
|
||||
|
||||
perform rbac.defineRoleWithGrants(
|
||||
hsOfficeSepaMandateAGENT(NEW),
|
||||
incomingSuperRoles => array[hsOfficeSepaMandateADMIN(NEW)],
|
||||
hs_office.sepamandate_AGENT(NEW),
|
||||
incomingSuperRoles => array[hs_office.sepamandate_ADMIN(NEW)],
|
||||
outgoingSubRoles => array[
|
||||
hsOfficeBankAccountREFERRER(newBankAccount),
|
||||
hsOfficeRelationAGENT(newDebitorRel)]
|
||||
hs_office.bankaccount_REFERRER(newBankAccount),
|
||||
hs_office.relation_AGENT(newDebitorRel)]
|
||||
);
|
||||
|
||||
perform rbac.defineRoleWithGrants(
|
||||
hsOfficeSepaMandateREFERRER(NEW),
|
||||
hs_office.sepamandate_REFERRER(NEW),
|
||||
permissions => array['SELECT'],
|
||||
incomingSuperRoles => array[
|
||||
hsOfficeBankAccountADMIN(newBankAccount),
|
||||
hsOfficeRelationAGENT(newDebitorRel),
|
||||
hsOfficeSepaMandateAGENT(NEW)],
|
||||
outgoingSubRoles => array[hsOfficeRelationTENANT(newDebitorRel)]
|
||||
hs_office.bankaccount_ADMIN(newBankAccount),
|
||||
hs_office.relation_AGENT(newDebitorRel),
|
||||
hs_office.sepamandate_AGENT(NEW)],
|
||||
outgoingSubRoles => array[hs_office.relation_TENANT(newDebitorRel)]
|
||||
);
|
||||
|
||||
call rbac.leaveTriggerForObjectUuid(NEW.uuid);
|
||||
@ -121,7 +121,7 @@ do language plpgsql $$
|
||||
LOOP
|
||||
call rbac.grantPermissionToRole(
|
||||
rbac.createPermission(row.uuid, 'INSERT', 'hs_office.sepamandate'),
|
||||
hsOfficeRelationADMIN(row));
|
||||
hs_office.relation_ADMIN(row));
|
||||
END LOOP;
|
||||
end;
|
||||
$$;
|
||||
@ -137,7 +137,7 @@ begin
|
||||
if NEW.type = 'DEBITOR' then
|
||||
call rbac.grantPermissionToRole(
|
||||
rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office.sepamandate'),
|
||||
hsOfficeRelationADMIN(NEW));
|
||||
hs_office.relation_ADMIN(NEW));
|
||||
end if;
|
||||
return NEW;
|
||||
end; $$;
|
||||
|
||||
@ -44,25 +44,25 @@ begin
|
||||
|
||||
|
||||
perform rbac.defineRoleWithGrants(
|
||||
hsOfficeMembershipOWNER(NEW),
|
||||
hs_office.membership_OWNER(NEW),
|
||||
subjectUuids => array[rbac.currentSubjectUuid()]
|
||||
);
|
||||
|
||||
perform rbac.defineRoleWithGrants(
|
||||
hsOfficeMembershipADMIN(NEW),
|
||||
hs_office.membership_ADMIN(NEW),
|
||||
permissions => array['DELETE', 'UPDATE'],
|
||||
incomingSuperRoles => array[
|
||||
hsOfficeMembershipOWNER(NEW),
|
||||
hsOfficeRelationADMIN(newPartnerRel)]
|
||||
hs_office.membership_OWNER(NEW),
|
||||
hs_office.relation_ADMIN(newPartnerRel)]
|
||||
);
|
||||
|
||||
perform rbac.defineRoleWithGrants(
|
||||
hsOfficeMembershipAGENT(NEW),
|
||||
hs_office.membership_AGENT(NEW),
|
||||
permissions => array['SELECT'],
|
||||
incomingSuperRoles => array[
|
||||
hsOfficeMembershipADMIN(NEW),
|
||||
hsOfficeRelationAGENT(newPartnerRel)],
|
||||
outgoingSubRoles => array[hsOfficeRelationTENANT(newPartnerRel)]
|
||||
hs_office.membership_ADMIN(NEW),
|
||||
hs_office.relation_AGENT(newPartnerRel)],
|
||||
outgoingSubRoles => array[hs_office.relation_TENANT(newPartnerRel)]
|
||||
);
|
||||
|
||||
call rbac.leaveTriggerForObjectUuid(NEW.uuid);
|
||||
|
||||
@ -38,8 +38,8 @@ begin
|
||||
SELECT * FROM hs_office.membership WHERE uuid = NEW.membershipUuid INTO newMembership;
|
||||
assert newMembership.uuid is not null, format('newMembership must not be null for NEW.membershipUuid = %s', NEW.membershipUuid);
|
||||
|
||||
call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'SELECT'), hsOfficeMembershipAGENT(newMembership));
|
||||
call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'UPDATE'), hsOfficeMembershipADMIN(newMembership));
|
||||
call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'SELECT'), hs_office.membership_AGENT(newMembership));
|
||||
call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'UPDATE'), hs_office.membership_ADMIN(newMembership));
|
||||
|
||||
call rbac.leaveTriggerForObjectUuid(NEW.uuid);
|
||||
end; $$;
|
||||
@ -84,7 +84,7 @@ do language plpgsql $$
|
||||
LOOP
|
||||
call rbac.grantPermissionToRole(
|
||||
rbac.createPermission(row.uuid, 'INSERT', 'hs_office.coopsharestransaction'),
|
||||
hsOfficeMembershipADMIN(row));
|
||||
hs_office.membership_ADMIN(row));
|
||||
END LOOP;
|
||||
end;
|
||||
$$;
|
||||
@ -100,7 +100,7 @@ begin
|
||||
-- unconditional for all rows in that table
|
||||
call rbac.grantPermissionToRole(
|
||||
rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office.coopsharestransaction'),
|
||||
hsOfficeMembershipADMIN(NEW));
|
||||
hs_office.membership_ADMIN(NEW));
|
||||
-- end.
|
||||
return NEW;
|
||||
end; $$;
|
||||
|
||||
@ -38,8 +38,8 @@ begin
|
||||
SELECT * FROM hs_office.membership WHERE uuid = NEW.membershipUuid INTO newMembership;
|
||||
assert newMembership.uuid is not null, format('newMembership must not be null for NEW.membershipUuid = %s', NEW.membershipUuid);
|
||||
|
||||
call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'SELECT'), hsOfficeMembershipAGENT(newMembership));
|
||||
call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'UPDATE'), hsOfficeMembershipADMIN(newMembership));
|
||||
call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'SELECT'), hs_office.membership_AGENT(newMembership));
|
||||
call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'UPDATE'), hs_office.membership_ADMIN(newMembership));
|
||||
|
||||
call rbac.leaveTriggerForObjectUuid(NEW.uuid);
|
||||
end; $$;
|
||||
@ -84,7 +84,7 @@ do language plpgsql $$
|
||||
LOOP
|
||||
call rbac.grantPermissionToRole(
|
||||
rbac.createPermission(row.uuid, 'INSERT', 'hs_office.coopassetstransaction'),
|
||||
hsOfficeMembershipADMIN(row));
|
||||
hs_office.membership_ADMIN(row));
|
||||
END LOOP;
|
||||
end;
|
||||
$$;
|
||||
@ -100,7 +100,7 @@ begin
|
||||
-- unconditional for all rows in that table
|
||||
call rbac.grantPermissionToRole(
|
||||
rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office.coopassetstransaction'),
|
||||
hsOfficeMembershipADMIN(NEW));
|
||||
hs_office.membership_ADMIN(NEW));
|
||||
-- end.
|
||||
return NEW;
|
||||
end; $$;
|
||||
|
||||
@ -48,26 +48,26 @@ begin
|
||||
|
||||
|
||||
perform rbac.defineRoleWithGrants(
|
||||
hsBookingProjectOWNER(NEW),
|
||||
incomingSuperRoles => array[hsOfficeRelationAGENT(newDebitorRel, rbac.unassumed())]
|
||||
hs_booking.project_OWNER(NEW),
|
||||
incomingSuperRoles => array[hs_office.relation_AGENT(newDebitorRel, rbac.unassumed())]
|
||||
);
|
||||
|
||||
perform rbac.defineRoleWithGrants(
|
||||
hsBookingProjectADMIN(NEW),
|
||||
hs_booking.project_ADMIN(NEW),
|
||||
permissions => array['UPDATE'],
|
||||
incomingSuperRoles => array[hsBookingProjectOWNER(NEW)]
|
||||
incomingSuperRoles => array[hs_booking.project_OWNER(NEW)]
|
||||
);
|
||||
|
||||
perform rbac.defineRoleWithGrants(
|
||||
hsBookingProjectAGENT(NEW),
|
||||
incomingSuperRoles => array[hsBookingProjectADMIN(NEW)]
|
||||
hs_booking.project_AGENT(NEW),
|
||||
incomingSuperRoles => array[hs_booking.project_ADMIN(NEW)]
|
||||
);
|
||||
|
||||
perform rbac.defineRoleWithGrants(
|
||||
hsBookingProjectTENANT(NEW),
|
||||
hs_booking.project_TENANT(NEW),
|
||||
permissions => array['SELECT'],
|
||||
incomingSuperRoles => array[hsBookingProjectAGENT(NEW)],
|
||||
outgoingSubRoles => array[hsOfficeRelationTENANT(newDebitorRel)]
|
||||
incomingSuperRoles => array[hs_booking.project_AGENT(NEW)],
|
||||
outgoingSubRoles => array[hs_office.relation_TENANT(newDebitorRel)]
|
||||
);
|
||||
|
||||
call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'DELETE'), rbac.globalAdmin());
|
||||
@ -115,7 +115,7 @@ do language plpgsql $$
|
||||
LOOP
|
||||
call rbac.grantPermissionToRole(
|
||||
rbac.createPermission(row.uuid, 'INSERT', 'hs_booking.project'),
|
||||
hsOfficeRelationADMIN(row));
|
||||
hs_office.relation_ADMIN(row));
|
||||
END LOOP;
|
||||
end;
|
||||
$$;
|
||||
@ -131,7 +131,7 @@ begin
|
||||
if NEW.type = 'DEBITOR' then
|
||||
call rbac.grantPermissionToRole(
|
||||
rbac.createPermission(NEW.uuid, 'INSERT', 'hs_booking.project'),
|
||||
hsOfficeRelationADMIN(NEW));
|
||||
hs_office.relation_ADMIN(NEW));
|
||||
end if;
|
||||
return NEW;
|
||||
end; $$;
|
||||
|
||||
@ -41,30 +41,30 @@ begin
|
||||
SELECT * FROM hs_booking.item WHERE uuid = NEW.parentItemUuid INTO newParentItem;
|
||||
|
||||
perform rbac.defineRoleWithGrants(
|
||||
hsBookingItemOWNER(NEW),
|
||||
hs_booking.item_OWNER(NEW),
|
||||
incomingSuperRoles => array[
|
||||
hsBookingItemAGENT(newParentItem),
|
||||
hsBookingProjectAGENT(newProject)]
|
||||
hs_booking.item_AGENT(newParentItem),
|
||||
hs_booking.project_AGENT(newProject)]
|
||||
);
|
||||
|
||||
perform rbac.defineRoleWithGrants(
|
||||
hsBookingItemADMIN(NEW),
|
||||
hs_booking.item_ADMIN(NEW),
|
||||
permissions => array['UPDATE'],
|
||||
incomingSuperRoles => array[hsBookingItemOWNER(NEW)]
|
||||
incomingSuperRoles => array[hs_booking.item_OWNER(NEW)]
|
||||
);
|
||||
|
||||
perform rbac.defineRoleWithGrants(
|
||||
hsBookingItemAGENT(NEW),
|
||||
incomingSuperRoles => array[hsBookingItemADMIN(NEW)]
|
||||
hs_booking.item_AGENT(NEW),
|
||||
incomingSuperRoles => array[hs_booking.item_ADMIN(NEW)]
|
||||
);
|
||||
|
||||
perform rbac.defineRoleWithGrants(
|
||||
hsBookingItemTENANT(NEW),
|
||||
hs_booking.item_TENANT(NEW),
|
||||
permissions => array['SELECT'],
|
||||
incomingSuperRoles => array[hsBookingItemAGENT(NEW)],
|
||||
incomingSuperRoles => array[hs_booking.item_AGENT(NEW)],
|
||||
outgoingSubRoles => array[
|
||||
hsBookingItemTENANT(newParentItem),
|
||||
hsBookingProjectTENANT(newProject)]
|
||||
hs_booking.item_TENANT(newParentItem),
|
||||
hs_booking.project_TENANT(newProject)]
|
||||
);
|
||||
|
||||
|
||||
@ -157,7 +157,7 @@ do language plpgsql $$
|
||||
LOOP
|
||||
call rbac.grantPermissionToRole(
|
||||
rbac.createPermission(row.uuid, 'INSERT', 'hs_booking.item'),
|
||||
hsBookingProjectADMIN(row));
|
||||
hs_booking.project_ADMIN(row));
|
||||
END LOOP;
|
||||
end;
|
||||
$$;
|
||||
@ -173,7 +173,7 @@ begin
|
||||
-- unconditional for all rows in that table
|
||||
call rbac.grantPermissionToRole(
|
||||
rbac.createPermission(NEW.uuid, 'INSERT', 'hs_booking.item'),
|
||||
hsBookingProjectADMIN(NEW));
|
||||
hs_booking.project_ADMIN(NEW));
|
||||
-- end.
|
||||
return NEW;
|
||||
end; $$;
|
||||
@ -200,7 +200,7 @@ begin
|
||||
-- unconditional for all rows in that table
|
||||
call rbac.grantPermissionToRole(
|
||||
rbac.createPermission(NEW.uuid, 'INSERT', 'hs_booking.item'),
|
||||
hsBookingItemADMIN(NEW));
|
||||
hs_booking.item_ADMIN(NEW));
|
||||
-- end.
|
||||
return NEW;
|
||||
end; $$;
|
||||
|
||||
@ -47,43 +47,43 @@ begin
|
||||
SELECT * FROM hs_hosting.asset WHERE uuid = NEW.parentAssetUuid INTO newParentAsset;
|
||||
|
||||
perform rbac.defineRoleWithGrants(
|
||||
hsHostingAssetOWNER(NEW),
|
||||
hs_hosting.asset_OWNER(NEW),
|
||||
permissions => array['DELETE'],
|
||||
incomingSuperRoles => array[
|
||||
hsBookingItemADMIN(newBookingItem),
|
||||
hsHostingAssetADMIN(newParentAsset),
|
||||
hs_booking.item_ADMIN(newBookingItem),
|
||||
hs_hosting.asset_ADMIN(newParentAsset),
|
||||
rbac.globalADMIN(rbac.unassumed())],
|
||||
subjectUuids => array[rbac.currentSubjectUuid()]
|
||||
);
|
||||
|
||||
perform rbac.defineRoleWithGrants(
|
||||
hsHostingAssetADMIN(NEW),
|
||||
hs_hosting.asset_ADMIN(NEW),
|
||||
permissions => array['UPDATE'],
|
||||
incomingSuperRoles => array[
|
||||
hsBookingItemAGENT(newBookingItem),
|
||||
hsHostingAssetAGENT(newParentAsset),
|
||||
hsHostingAssetOWNER(NEW)]
|
||||
hs_booking.item_AGENT(newBookingItem),
|
||||
hs_hosting.asset_AGENT(newParentAsset),
|
||||
hs_hosting.asset_OWNER(NEW)]
|
||||
);
|
||||
|
||||
perform rbac.defineRoleWithGrants(
|
||||
hsHostingAssetAGENT(NEW),
|
||||
hs_hosting.asset_AGENT(NEW),
|
||||
incomingSuperRoles => array[
|
||||
hsHostingAssetADMIN(NEW),
|
||||
hsHostingAssetAGENT(newAssignedToAsset)],
|
||||
hs_hosting.asset_ADMIN(NEW),
|
||||
hs_hosting.asset_AGENT(newAssignedToAsset)],
|
||||
outgoingSubRoles => array[
|
||||
hsHostingAssetTENANT(newAssignedToAsset),
|
||||
hsOfficeContactREFERRER(newAlarmContact)]
|
||||
hs_hosting.asset_TENANT(newAssignedToAsset),
|
||||
hs_office.contact_REFERRER(newAlarmContact)]
|
||||
);
|
||||
|
||||
perform rbac.defineRoleWithGrants(
|
||||
hsHostingAssetTENANT(NEW),
|
||||
hs_hosting.asset_TENANT(NEW),
|
||||
permissions => array['SELECT'],
|
||||
incomingSuperRoles => array[
|
||||
hsHostingAssetAGENT(NEW),
|
||||
hsOfficeContactADMIN(newAlarmContact)],
|
||||
hs_hosting.asset_AGENT(NEW),
|
||||
hs_office.contact_ADMIN(newAlarmContact)],
|
||||
outgoingSubRoles => array[
|
||||
hsBookingItemTENANT(newBookingItem),
|
||||
hsHostingAssetTENANT(newParentAsset)]
|
||||
hs_booking.item_TENANT(newBookingItem),
|
||||
hs_hosting.asset_TENANT(newParentAsset)]
|
||||
);
|
||||
|
||||
IF NEW.type = 'DOMAIN_SETUP' THEN
|
||||
|
||||
@ -7,7 +7,7 @@ spring:
|
||||
url-tc: jdbc:tc:postgresql:15.5-bookworm:///spring_boot_testcontainers
|
||||
url-tcx: jdbc:tc:postgresql:15.5-bookworm:///spring_boot_testcontainers?TC_REUSABLE=true&TC_DAEMON=true
|
||||
url-local: jdbc:postgresql://localhost:5432/postgres
|
||||
url: ${spring.datasource.url-local}
|
||||
url: ${spring.datasource.url-tc}
|
||||
username: postgres
|
||||
password: password
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user