hostsharing/hs.hsadmin.ng
6
0
Fork 0
Code Pull Requests 2 Activity

rbac.globalAdmin(), rbac.globalGuest()

Browse Source
This commit is contained in:
Michael Hoennig 2024-09-14 07:25:18 +02:00
parent 5166bb5fc9
commit 6465a2457c
16 changed files with 31 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RolesGrantsAndPermissionsGenerator.java
View File

@ -364,7 +364,7 @@ class RolesGrantsAndPermissionsGenerator {
System.out.println("null");
}
if (roleDef.getEntityAlias().isGlobal()) {
return "globalAdmin()";
return "rbac.globalAdmin()";
}
final String entityRefVar = entityRefVar(rootRefVar, roleDef.getEntityAlias());
return roleDef.getEntityAlias().simpleName() + capitalize(roleDef.getRole().name())

12
src/main/resources/db/changelog/1-rbac/1080-rbac-global.sql
View File

@ -30,7 +30,7 @@ create or replace function rbac.isGlobalAdmin()
returns boolean
language plpgsql as $$
begin
return isGranted(rbac.currentSubjectOrAssumedRolesUuids(), rbac.findRoleId(globalAdmin()));
return isGranted(rbac.currentSubjectOrAssumedRolesUuids(), rbac.findRoleId(rbac.globalAdmin()));
end; $$;
--//
@ -109,7 +109,7 @@ commit;
/*
A rbac.Global administrator role.
*/
create or replace function globalAdmin(assumed boolean = true)
create or replace function rbac.globalAdmin(assumed boolean = true)
returns rbac.RoleDescriptor
returns null on null input
stable -- leakproof
@ -119,7 +119,7 @@ $$;
begin transaction;
call base.defineContext('creating role:rbac.global#global:ADMIN', null, null, null);
select rbac.createRole(globalAdmin());
select rbac.createRole(rbac.globalAdmin());
commit;
--//
@ -130,7 +130,7 @@ commit;
/*
A rbac.Global guest role.
*/
create or replace function globalGuest(assumed boolean = true)
create or replace function rbac.globalglobalGuest(assumed boolean = true)
returns rbac.RoleDescriptor
returns null on null input
stable -- leakproof
@ -140,7 +140,7 @@ $$;
begin transaction;
call base.defineContext('creating role:rbac.global#global:guest', null, null, null);
select rbac.createRole(globalGuest());
select rbac.createRole(rbac.globalglobalGuest());
commit;
--//
@ -157,7 +157,7 @@ do language plpgsql $$
begin
call base.defineContext('creating fake test-realm admin users', null, null, null);
admins = rbac.findRoleId(globalAdmin());
admins = rbac.findRoleId(rbac.globalAdmin());
call rbac.grantRoleToUserUnchecked(admins, admins, rbac.create_subject('superuser-alex@hostsharing.net'));
call rbac.grantRoleToUserUnchecked(admins, admins, rbac.create_subject('superuser-fran@hostsharing.net'));
perform rbac.create_subject('selfregistered-user-drew@hostsharing.org');

6
src/main/resources/db/changelog/2-test/201-test-customer/2013-test-customer-rbac.sql
View File

@ -37,7 +37,7 @@ begin
perform rbac.defineRoleWithGrants(
testCustomerOWNER(NEW),
permissions => array['DELETE'],
incomingSuperRoles => array[globalADMIN(rbac.unassumed())],
incomingSuperRoles => array[rbac.globalADMIN(rbac.unassumed())],
subjectUuids => array[rbac.currentSubjectUuid()]
);
@ -96,7 +96,7 @@ do language plpgsql $$
LOOP
call grantPermissionToRole(
rbac.createPermission(row.uuid, 'INSERT', 'test_customer'),
globalADMIN());
rbac.globalAdmin());
END LOOP;
end;
$$;
@ -112,7 +112,7 @@ begin
-- unconditional for all rows in that table
call grantPermissionToRole(
rbac.createPermission(NEW.uuid, 'INSERT', 'test_customer'),
globalADMIN());
rbac.globalAdmin());
-- end.
return NEW;
end; $$;

2
src/main/resources/db/changelog/5-hs-office/501-contact/5013-hs-office-contact-rbac.sql
View File

@ -37,7 +37,7 @@ begin
perform rbac.defineRoleWithGrants(
hsOfficeContactOWNER(NEW),
permissions => array['DELETE'],
incomingSuperRoles => array[globalADMIN()],
incomingSuperRoles => array[rbac.globalAdmin()],
subjectUuids => array[rbac.currentSubjectUuid()]
);

2
src/main/resources/db/changelog/5-hs-office/502-person/5023-hs-office-person-rbac.sql
View File

@ -37,7 +37,7 @@ begin
perform rbac.defineRoleWithGrants(
hsOfficePersonOWNER(NEW),
permissions => array['DELETE'],
incomingSuperRoles => array[globalADMIN()],
incomingSuperRoles => array[rbac.globalAdmin()],
subjectUuids => array[rbac.currentSubjectUuid()]
);

2
src/main/resources/db/changelog/5-hs-office/503-relation/5033-hs-office-relation-rbac.sql
View File

@ -50,7 +50,7 @@ begin
perform rbac.defineRoleWithGrants(
hsOfficeRelationOWNER(NEW),
permissions => array['DELETE'],
incomingSuperRoles => array[globalADMIN()],
incomingSuperRoles => array[rbac.globalAdmin()],
subjectUuids => array[rbac.currentSubjectUuid()]
);

4
src/main/resources/db/changelog/5-hs-office/504-partner/5043-hs-office-partner-rbac.sql
View File

@ -173,7 +173,7 @@ do language plpgsql $$
LOOP
call grantPermissionToRole(
rbac.createPermission(row.uuid, 'INSERT', 'hs_office_partner'),
globalADMIN());
rbac.globalAdmin());
END LOOP;
end;
$$;
@ -189,7 +189,7 @@ begin
-- unconditional for all rows in that table
call grantPermissionToRole(
rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office_partner'),
globalADMIN());
rbac.globalAdmin());
-- end.
return NEW;
end; $$;

4
src/main/resources/db/changelog/5-hs-office/504-partner/5044-hs-office-partner-details-rbac.sql
View File

@ -77,7 +77,7 @@ begin
LOOP
call grantPermissionToRole(
rbac.createPermission(row.uuid, 'INSERT', 'hs_office_partner_details'),
globalADMIN());
rbac.globalAdmin());
END LOOP;
end;
$$;
@ -93,7 +93,7 @@ begin
-- unconditional for all rows in that table
call grantPermissionToRole(
rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office_partner_details'),
globalADMIN());
rbac.globalAdmin());
-- end.
return NEW;
end; $$;

2
src/main/resources/db/changelog/5-hs-office/505-bankaccount/5053-hs-office-bankaccount-rbac.sql
View File

@ -37,7 +37,7 @@ begin
perform rbac.defineRoleWithGrants(
hsOfficeBankAccountOWNER(NEW),
permissions => array['DELETE'],
incomingSuperRoles => array[globalADMIN()],
incomingSuperRoles => array[rbac.globalAdmin()],
subjectUuids => array[rbac.currentSubjectUuid()]
);

4
src/main/resources/db/changelog/5-hs-office/506-debitor/5063-hs-office-debitor-rbac.sql
View File

@ -146,7 +146,7 @@ do language plpgsql $$
LOOP
call grantPermissionToRole(
rbac.createPermission(row.uuid, 'INSERT', 'hs_office_debitor'),
globalADMIN());
rbac.globalAdmin());
END LOOP;
end;
$$;
@ -162,7 +162,7 @@ begin
-- unconditional for all rows in that table
call grantPermissionToRole(
rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office_debitor'),
globalADMIN());
rbac.globalAdmin());
-- end.
return NEW;
end; $$;

2
src/main/resources/db/changelog/5-hs-office/507-sepamandate/5073-hs-office-sepamandate-rbac.sql
View File

@ -50,7 +50,7 @@ begin
perform rbac.defineRoleWithGrants(
hsOfficeSepaMandateOWNER(NEW),
permissions => array['DELETE'],
incomingSuperRoles => array[globalADMIN()],
incomingSuperRoles => array[rbac.globalAdmin()],
subjectUuids => array[rbac.currentSubjectUuid()]
);

4
src/main/resources/db/changelog/5-hs-office/510-membership/5103-hs-office-membership-rbac.sql
View File

@ -108,7 +108,7 @@ do language plpgsql $$
LOOP
call grantPermissionToRole(
rbac.createPermission(row.uuid, 'INSERT', 'hs_office_membership'),
globalADMIN());
rbac.globalAdmin());
END LOOP;
end;
$$;
@ -124,7 +124,7 @@ begin
-- unconditional for all rows in that table
call grantPermissionToRole(
rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office_membership'),
globalADMIN());
rbac.globalAdmin());
-- end.
return NEW;
end; $$;

2
src/main/resources/db/changelog/6-hs-booking/620-booking-project/6203-hs-booking-project-rbac.sql
View File

@ -70,7 +70,7 @@ begin
outgoingSubRoles => array[hsOfficeRelationTENANT(newDebitorRel)]
);
call grantPermissionToRole(rbac.createPermission(NEW.uuid, 'DELETE'), globalAdmin());
call grantPermissionToRole(rbac.createPermission(NEW.uuid, 'DELETE'), rbac.globalAdmin());
call rbac.leaveTriggerForObjectUuid(NEW.uuid);
end; $$;

6
src/main/resources/db/changelog/6-hs-booking/630-booking-item/6203-hs-booking-item-rbac.sql
View File

@ -69,7 +69,7 @@ begin
call grantPermissionToRole(rbac.createPermission(NEW.uuid, 'DELETE'), globalAdmin());
call grantPermissionToRole(rbac.createPermission(NEW.uuid, 'DELETE'), rbac.globalAdmin());
call rbac.leaveTriggerForObjectUuid(NEW.uuid);
end; $$;
@ -114,7 +114,7 @@ do language plpgsql $$
LOOP
call grantPermissionToRole(
rbac.createPermission(row.uuid, 'INSERT', 'hs_booking_item'),
globalADMIN());
rbac.globalAdmin());
END LOOP;
end;
$$;
@ -130,7 +130,7 @@ begin
-- unconditional for all rows in that table
call grantPermissionToRole(
rbac.createPermission(NEW.uuid, 'INSERT', 'hs_booking_item'),
globalADMIN());
rbac.globalAdmin());
-- end.
return NEW;
end; $$;

6
src/main/resources/db/changelog/6-hs-booking/630-booking-item/6303-hs-booking-item-rbac.sql
View File

@ -69,7 +69,7 @@ begin
call grantPermissionToRole(rbac.createPermission(NEW.uuid, 'DELETE'), globalAdmin());
call grantPermissionToRole(rbac.createPermission(NEW.uuid, 'DELETE'), rbac.globalAdmin());
call rbac.leaveTriggerForObjectUuid(NEW.uuid);
end; $$;
@ -114,7 +114,7 @@ do language plpgsql $$
LOOP
call grantPermissionToRole(
rbac.createPermission(row.uuid, 'INSERT', 'hs_booking_item'),
globalADMIN());
rbac.globalAdmin());
END LOOP;
end;
$$;
@ -130,7 +130,7 @@ begin
-- unconditional for all rows in that table
call grantPermissionToRole(
rbac.createPermission(NEW.uuid, 'INSERT', 'hs_booking_item'),
globalADMIN());
rbac.globalAdmin());
-- end.
return NEW;
end; $$;

2
src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7013-hs-hosting-asset-rbac.sql
View File

@ -50,7 +50,7 @@ begin
hsHostingAssetOWNER(NEW),
permissions => array['DELETE'],
incomingSuperRoles => array[
globalADMIN(rbac.unassumed()),
rbac.globalADMIN(rbac.unassumed()),
hsBookingItemADMIN(newBookingItem),
hsHostingAssetADMIN(newParentAsset)],
subjectUuids => array[rbac.currentSubjectUuid()]