hostsharing/hs.hsadmin.ng
6
0
Fork 0
Code Pull Requests 2 Activity

fix rbac sql generation

Browse Source
This commit is contained in:
Michael Hoennig 2024-09-18 09:41:50 +02:00
parent 09ae27dc68
commit 795a829128
19 changed files with 152 additions and 157 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

59
src/main/java/net/hostsharing/hsadminng/rbac/generator/RolesGrantsAndPermissionsGenerator.java
View File

@ -66,13 +66,12 @@ class RolesGrantsAndPermissionsGenerator {
Creates the roles, grants and permission for the AFTER INSERT TRIGGER.
*/
create or replace procedure buildRbacSystemFor${simpleEntityName}(
NEW ${rawTableName}
create or replace procedure ${rawTableQualifiedName}_build_rbac_system(
NEW ${rawTableQualifiedName}
)
language plpgsql as $$
"""
.replace("${simpleEntityName}", simpleEntityName)
.replace("${rawTableName}", qualifiedRawTableName));
.replace("${rawTableQualifiedName}", qualifiedRawTableName));
plPgSql.writeLn("declare");
plPgSql.indented(() -> {
@ -106,21 +105,21 @@ class RolesGrantsAndPermissionsGenerator {
Called from the AFTER UPDATE TRIGGER to re-wire the grants.
*/
create or replace procedure updateRbacRulesFor${simpleEntityName}(
OLD ${rawTableName},
NEW ${rawTableName}
create or replace procedure ${rawTableQualifiedName}_update_rbac_system(
OLD ${rawTableQualifiedName},
NEW ${rawTableQualifiedName}
)
language plpgsql as $$
begin
if ${updateConditions} then
delete from rbac.grants g where g.grantedbytriggerof = OLD.uuid;
call buildRbacSystemFor${simpleEntityName}(NEW);
call ${rawTableQualifiedName}_build_rbac_system(NEW);
end if;
end; $$;
""",
with("simpleEntityName", simpleEntityName),
with("rawTableName", qualifiedRawTableName),
with("rawTableQualifiedName", qualifiedRawTableName),
with("updateConditions", updateConditions));
}
@ -130,16 +129,15 @@ class RolesGrantsAndPermissionsGenerator {
Called from the AFTER UPDATE TRIGGER to re-wire the grants.
*/
create or replace procedure updateRbacRulesFor${simpleEntityName}(
OLD ${rawTableName},
NEW ${rawTableName}
create or replace procedure ${rawTableQualifiedName}_update_rbac_system(
OLD ${rawTableQualifiedName},
NEW ${rawTableQualifiedName}
)
language plpgsql as $$
declare
"""
.replace("${simpleEntityName}", simpleEntityName)
.replace("${rawTableName}", qualifiedRawTableName));
""",
with("rawTableQualifiedName", qualifiedRawTableName));
plPgSql.chopEmptyLines();
plPgSql.indented(() -> {
@ -514,26 +512,25 @@ class RolesGrantsAndPermissionsGenerator {
plPgSql.writeLn("""
/*
AFTER INSERT TRIGGER to create the role+grant structure for a new ${qualifiedRawTableName} row.
AFTER INSERT TRIGGER to create the role+grant structure for a new ${rawTableQualifiedName} row.
*/
create or replace function ${schemaPrefix}insertTriggerFor${simpleEntityName}_tf()
create or replace function ${rawTableQualifiedName}_build_rbac_system_after_insert_tf()
returns trigger
language plpgsql
strict as $$
begin
call buildRbacSystemFor${simpleEntityName}(NEW);
call ${rawTableQualifiedName}_build_rbac_system(NEW);
return NEW;
end; $$;
create trigger insertTriggerFor${simpleEntityName}_tg
after insert on ${qualifiedRawTableName}
create trigger build_rbac_system_after_insert_tg
after insert on ${rawTableQualifiedName}
for each row
execute procedure ${schemaPrefix}insertTriggerFor${simpleEntityName}_tf();
execute procedure ${rawTableQualifiedName}_build_rbac_system_after_insert_tf();
"""
.replace("${simpleEntityName}", simpleEntityName)
.replace("${schemaPrefix}", schemaPrefix(qualifiedRawTableName))
.replace("${qualifiedRawTableName}", qualifiedRawTableName)
.replace("${rawTableQualifiedName}", qualifiedRawTableName)
);
generateFooter(plPgSql);
@ -550,26 +547,24 @@ class RolesGrantsAndPermissionsGenerator {
plPgSql.writeLn("""
/*
AFTER INSERT TRIGGER to re-wire the grant structure for a new ${qualifiedRawTableName} row.
AFTER UPDATE TRIGGER to re-wire the grant structure for a new ${rawTableQualifiedName} row.
*/
create or replace function ${schemaPrefix}updateTriggerFor${simpleEntityName}_tf()
create or replace function ${rawTableQualifiedName}_update_rbac_system_after_update_tf()
returns trigger
language plpgsql
strict as $$
begin
call updateRbacRulesFor${simpleEntityName}(OLD, NEW);
call ${rawTableQualifiedName}_update_rbac_system(OLD, NEW);
return NEW;
end; $$;
create trigger updateTriggerFor${simpleEntityName}_tg
after update on ${qualifiedRawTableName}
create trigger update_rbac_system_after_update_tg
after update on ${rawTableQualifiedName}
for each row
execute procedure ${schemaPrefix}updateTriggerFor${simpleEntityName}_tf();
execute procedure ${rawTableQualifiedName}_update_rbac_system_after_update_tf();
"""
.replace("${simpleEntityName}", simpleEntityName)
.replace("${schemaPrefix}", schemaPrefix(qualifiedRawTableName))
.replace("${qualifiedRawTableName}", qualifiedRawTableName)
.replace("${rawTableQualifiedName}", qualifiedRawTableName)
);
generateFooter(plPgSql);

10
src/main/resources/db/changelog/2-rbactest/201-rbactest-customer/2013-rbactest-customer-rbac.sql
View File

@ -24,7 +24,7 @@ call rbac.generateRbacRoleDescriptors('testCustomer', 'rbactest.customer');
Creates the roles, grants and permission for the AFTER INSERT TRIGGER.
*/
create or replace procedure buildRbacSystemForTestCustomer(
create or replace procedure rbactest.customer_build_rbac_system(
NEW rbactest.customer
)
language plpgsql as $$
@ -60,19 +60,19 @@ end; $$;
AFTER INSERT TRIGGER to create the role+grant structure for a new rbactest.customer row.
*/
create or replace function rbactest.insertTriggerForTestCustomer_tf()
create or replace function rbactest.customer_build_rbac_system_after_insert_tf()
returns trigger
language plpgsql
strict as $$
begin
call buildRbacSystemForTestCustomer(NEW);
call rbactest.customer_build_rbac_system(NEW);
return NEW;
end; $$;
create trigger insertTriggerForTestCustomer_tg
create trigger build_rbac_system_after_insert_tg
after insert on rbactest.customer
for each row
execute procedure rbactest.insertTriggerForTestCustomer_tf();
execute procedure rbactest.customer_build_rbac_system_after_insert_tf();
--//

22
src/main/resources/db/changelog/2-rbactest/202-rbactest-package/2023-rbactest-package-rbac.sql
View File

@ -24,7 +24,7 @@ call rbac.generateRbacRoleDescriptors('testPackage', 'rbactest.package');
Creates the roles, grants and permission for the AFTER INSERT TRIGGER.
*/
create or replace procedure buildRbacSystemForTestPackage(
create or replace procedure rbactest.package_build_rbac_system(
NEW rbactest.package
)
language plpgsql as $$
@ -64,19 +64,19 @@ end; $$;
AFTER INSERT TRIGGER to create the role+grant structure for a new rbactest.package row.
*/
create or replace function rbactest.insertTriggerForTestPackage_tf()
create or replace function rbactest.package_build_rbac_system_after_insert_tf()
returns trigger
language plpgsql
strict as $$
begin
call buildRbacSystemForTestPackage(NEW);
call rbactest.package_build_rbac_system(NEW);
return NEW;
end; $$;
create trigger insertTriggerForTestPackage_tg
create trigger build_rbac_system_after_insert_tg
after insert on rbactest.package
for each row
execute procedure rbactest.insertTriggerForTestPackage_tf();
execute procedure rbactest.package_build_rbac_system_after_insert_tf();
--//
@ -88,7 +88,7 @@ execute procedure rbactest.insertTriggerForTestPackage_tf();
Called from the AFTER UPDATE TRIGGER to re-wire the grants.
*/
create or replace procedure updateRbacRulesForTestPackage(
create or replace procedure rbactest.package_update_rbac_system(
OLD rbactest.package,
NEW rbactest.package
)
@ -122,22 +122,22 @@ begin
end; $$;
/*
AFTER INSERT TRIGGER to re-wire the grant structure for a new rbactest.package row.
AFTER UPDATE TRIGGER to re-wire the grant structure for a new rbactest.package row.
*/
create or replace function rbactest.updateTriggerForTestPackage_tf()
create or replace function rbactest.package_update_rbac_system_after_update_tf()
returns trigger
language plpgsql
strict as $$
begin
call updateRbacRulesForTestPackage(OLD, NEW);
call rbactest.package_update_rbac_system(OLD, NEW);
return NEW;
end; $$;
create trigger updateTriggerForTestPackage_tg
create trigger update_rbac_system_after_update_tg
after update on rbactest.package
for each row
execute procedure rbactest.updateTriggerForTestPackage_tf();
execute procedure rbactest.package_update_rbac_system_after_update_tf();
--//

22
src/main/resources/db/changelog/2-rbactest/203-rbactest-domain/2033-rbactest-domain-rbac.sql
View File

@ -24,7 +24,7 @@ call rbac.generateRbacRoleDescriptors('testDomain', 'rbactest.domain');
Creates the roles, grants and permission for the AFTER INSERT TRIGGER.
*/
create or replace procedure buildRbacSystemForTestDomain(
create or replace procedure rbactest.domain_build_rbac_system(
NEW rbactest.domain
)
language plpgsql as $$
@ -60,19 +60,19 @@ end; $$;
AFTER INSERT TRIGGER to create the role+grant structure for a new rbactest.domain row.
*/
create or replace function rbactest.insertTriggerForTestDomain_tf()
create or replace function rbactest.domain_build_rbac_system_after_insert_tf()
returns trigger
language plpgsql
strict as $$
begin
call buildRbacSystemForTestDomain(NEW);
call rbactest.domain_build_rbac_system(NEW);
return NEW;
end; $$;
create trigger insertTriggerForTestDomain_tg
create trigger build_rbac_system_after_insert_tg
after insert on rbactest.domain
for each row
execute procedure rbactest.insertTriggerForTestDomain_tf();
execute procedure rbactest.domain_build_rbac_system_after_insert_tf();
--//
@ -84,7 +84,7 @@ execute procedure rbactest.insertTriggerForTestDomain_tf();
Called from the AFTER UPDATE TRIGGER to re-wire the grants.
*/
create or replace procedure updateRbacRulesForTestDomain(
create or replace procedure rbactest.domain_update_rbac_system(
OLD rbactest.domain,
NEW rbactest.domain
)
@ -121,22 +121,22 @@ begin
end; $$;
/*
AFTER INSERT TRIGGER to re-wire the grant structure for a new rbactest.domain row.
AFTER UPDATE TRIGGER to re-wire the grant structure for a new rbactest.domain row.
*/
create or replace function rbactest.updateTriggerForTestDomain_tf()
create or replace function rbactest.domain_update_rbac_system_after_update_tf()
returns trigger
language plpgsql
strict as $$
begin
call updateRbacRulesForTestDomain(OLD, NEW);
call rbactest.domain_update_rbac_system(OLD, NEW);
return NEW;
end; $$;
create trigger updateTriggerForTestDomain_tg
create trigger update_rbac_system_after_update_tg
after update on rbactest.domain
for each row
execute procedure rbactest.updateTriggerForTestDomain_tf();
execute procedure rbactest.domain_update_rbac_system_after_update_tf();
--//

10
src/main/resources/db/changelog/5-hs-office/501-contact/5013-hs-office-contact-rbac.sql
View File

@ -24,7 +24,7 @@ call rbac.generateRbacRoleDescriptors('hsOfficeContact', 'hs_office.contact');
Creates the roles, grants and permission for the AFTER INSERT TRIGGER.
*/
create or replace procedure buildRbacSystemForHsOfficeContact(
create or replace procedure hs_office.contact_build_rbac_system(
NEW hs_office.contact
)
language plpgsql as $$
@ -60,19 +60,19 @@ end; $$;
AFTER INSERT TRIGGER to create the role+grant structure for a new hs_office.contact row.
*/
create or replace function hs_office.insertTriggerForHsOfficeContact_tf()
create or replace function hs_office.contact_build_rbac_system_after_insert_tf()
returns trigger
language plpgsql
strict as $$
begin
call buildRbacSystemForHsOfficeContact(NEW);
call hs_office.contact_build_rbac_system(NEW);
return NEW;
end; $$;
create trigger insertTriggerForHsOfficeContact_tg
create trigger build_rbac_system_after_insert_tg
after insert on hs_office.contact
for each row
execute procedure hs_office.insertTriggerForHsOfficeContact_tf();
execute procedure hs_office.contact_build_rbac_system_after_insert_tf();
--//

10
src/main/resources/db/changelog/5-hs-office/502-person/5023-hs-office-person-rbac.sql
View File

@ -24,7 +24,7 @@ call rbac.generateRbacRoleDescriptors('hsOfficePerson', 'hs_office.person');
Creates the roles, grants and permission for the AFTER INSERT TRIGGER.
*/
create or replace procedure buildRbacSystemForHsOfficePerson(
create or replace procedure hs_office.person_build_rbac_system(
NEW hs_office.person
)
language plpgsql as $$
@ -60,19 +60,19 @@ end; $$;
AFTER INSERT TRIGGER to create the role+grant structure for a new hs_office.person row.
*/
create or replace function hs_office.insertTriggerForHsOfficePerson_tf()
create or replace function hs_office.person_build_rbac_system_after_insert_tf()
returns trigger
language plpgsql
strict as $$
begin
call buildRbacSystemForHsOfficePerson(NEW);
call hs_office.person_build_rbac_system(NEW);
return NEW;
end; $$;
create trigger insertTriggerForHsOfficePerson_tg
create trigger build_rbac_system_after_insert_tg
after insert on hs_office.person
for each row
execute procedure hs_office.insertTriggerForHsOfficePerson_tf();
execute procedure hs_office.person_build_rbac_system_after_insert_tf();
--//

24
src/main/resources/db/changelog/5-hs-office/503-relation/5033-hs-office-relation-rbac.sql
View File

@ -24,7 +24,7 @@ call rbac.generateRbacRoleDescriptors('hsOfficeRelation', 'hs_office.relation');
Creates the roles, grants and permission for the AFTER INSERT TRIGGER.
*/
create or replace procedure buildRbacSystemForHsOfficeRelation(
create or replace procedure hs_office.relation_build_rbac_system(
NEW hs_office.relation
)
language plpgsql as $$
@ -93,19 +93,19 @@ end; $$;
AFTER INSERT TRIGGER to create the role+grant structure for a new hs_office.relation row.
*/
create or replace function hs_office.insertTriggerForHsOfficeRelation_tf()
create or replace function hs_office.relation_build_rbac_system_after_insert_tf()
returns trigger
language plpgsql
strict as $$
begin
call buildRbacSystemForHsOfficeRelation(NEW);
call hs_office.relation_build_rbac_system(NEW);
return NEW;
end; $$;
create trigger insertTriggerForHsOfficeRelation_tg
create trigger build_rbac_system_after_insert_tg
after insert on hs_office.relation
for each row
execute procedure hs_office.insertTriggerForHsOfficeRelation_tf();
execute procedure hs_office.relation_build_rbac_system_after_insert_tf();
--//
@ -117,7 +117,7 @@ execute procedure hs_office.insertTriggerForHsOfficeRelation_tf();
Called from the AFTER UPDATE TRIGGER to re-wire the grants.
*/
create or replace procedure updateRbacRulesForHsOfficeRelation(
create or replace procedure hs_office.relation_update_rbac_system(
OLD hs_office.relation,
NEW hs_office.relation
)
@ -126,27 +126,27 @@ begin
if NEW.contactUuid is distinct from OLD.contactUuid then
delete from rbac.grants g where g.grantedbytriggerof = OLD.uuid;
call buildRbacSystemForHsOfficeRelation(NEW);
call hs_office.relation_build_rbac_system(NEW);
end if;
end; $$;
/*
AFTER INSERT TRIGGER to re-wire the grant structure for a new hs_office.relation row.
AFTER UPDATE TRIGGER to re-wire the grant structure for a new hs_office.relation row.
*/
create or replace function hs_office.updateTriggerForHsOfficeRelation_tf()
create or replace function hs_office.relation_update_rbac_system_after_update_tf()
returns trigger
language plpgsql
strict as $$
begin
call updateRbacRulesForHsOfficeRelation(OLD, NEW);
call hs_office.relation_update_rbac_system(OLD, NEW);
return NEW;
end; $$;
create trigger updateTriggerForHsOfficeRelation_tg
create trigger update_rbac_system_after_update_tg
after update on hs_office.relation
for each row
execute procedure hs_office.updateTriggerForHsOfficeRelation_tf();
execute procedure hs_office.relation_update_rbac_system_after_update_tf();
--//

22
src/main/resources/db/changelog/5-hs-office/504-partner/5043-hs-office-partner-rbac.sql
View File

@ -24,7 +24,7 @@ call rbac.generateRbacRoleDescriptors('hsOfficePartner', 'hs_office.partner');
Creates the roles, grants and permission for the AFTER INSERT TRIGGER.
*/
create or replace procedure buildRbacSystemForHsOfficePartner(
create or replace procedure hs_office.partner_build_rbac_system(
NEW hs_office.partner
)
language plpgsql as $$
@ -56,19 +56,19 @@ end; $$;
AFTER INSERT TRIGGER to create the role+grant structure for a new hs_office.partner row.
*/
create or replace function hs_office.insertTriggerForHsOfficePartner_tf()
create or replace function hs_office.partner_build_rbac_system_after_insert_tf()
returns trigger
language plpgsql
strict as $$
begin
call buildRbacSystemForHsOfficePartner(NEW);
call hs_office.partner_build_rbac_system(NEW);
return NEW;
end; $$;
create trigger insertTriggerForHsOfficePartner_tg
create trigger build_rbac_system_after_insert_tg
after insert on hs_office.partner
for each row
execute procedure hs_office.insertTriggerForHsOfficePartner_tf();
execute procedure hs_office.partner_build_rbac_system_after_insert_tf();
--//
@ -80,7 +80,7 @@ execute procedure hs_office.insertTriggerForHsOfficePartner_tf();
Called from the AFTER UPDATE TRIGGER to re-wire the grants.
*/
create or replace procedure updateRbacRulesForHsOfficePartner(
create or replace procedure hs_office.partner_update_rbac_system(
OLD hs_office.partner,
NEW hs_office.partner
)
@ -134,22 +134,22 @@ begin
end; $$;
/*
AFTER INSERT TRIGGER to re-wire the grant structure for a new hs_office.partner row.
AFTER UPDATE TRIGGER to re-wire the grant structure for a new hs_office.partner row.
*/
create or replace function hs_office.updateTriggerForHsOfficePartner_tf()
create or replace function hs_office.partner_update_rbac_system_after_update_tf()
returns trigger
language plpgsql
strict as $$
begin
call updateRbacRulesForHsOfficePartner(OLD, NEW);
call hs_office.partner_update_rbac_system(OLD, NEW);
return NEW;
end; $$;
create trigger updateTriggerForHsOfficePartner_tg
create trigger update_rbac_system_after_update_tg
after update on hs_office.partner
for each row
execute procedure hs_office.updateTriggerForHsOfficePartner_tf();
execute procedure hs_office.partner_update_rbac_system_after_update_tf();
--//

10
src/main/resources/db/changelog/5-hs-office/504-partner/5044-hs-office-partner-details-rbac.sql
View File

@ -24,7 +24,7 @@ call rbac.generateRbacRoleDescriptors('hsOfficePartnerDetails', 'hs_office.partn
Creates the roles, grants and permission for the AFTER INSERT TRIGGER.
*/
create or replace procedure buildRbacSystemForHsOfficePartnerDetails(
create or replace procedure hs_office.partner_details_build_rbac_system(
NEW hs_office.partner_details
)
language plpgsql as $$
@ -41,19 +41,19 @@ end; $$;
AFTER INSERT TRIGGER to create the role+grant structure for a new hs_office.partner_details row.
*/
create or replace function hs_office.insertTriggerForHsOfficePartnerDetails_tf()
create or replace function hs_office.partner_details_build_rbac_system_after_insert_tf()
returns trigger
language plpgsql
strict as $$
begin
call buildRbacSystemForHsOfficePartnerDetails(NEW);
call hs_office.partner_details_build_rbac_system(NEW);
return NEW;
end; $$;
create trigger insertTriggerForHsOfficePartnerDetails_tg
create trigger build_rbac_system_after_insert_tg
after insert on hs_office.partner_details
for each row
execute procedure hs_office.insertTriggerForHsOfficePartnerDetails_tf();
execute procedure hs_office.partner_details_build_rbac_system_after_insert_tf();
--//

10
src/main/resources/db/changelog/5-hs-office/505-bankaccount/5053-hs-office-bankaccount-rbac.sql
View File

@ -24,7 +24,7 @@ call rbac.generateRbacRoleDescriptors('hsOfficeBankAccount', 'hs_office.bankacco
Creates the roles, grants and permission for the AFTER INSERT TRIGGER.
*/
create or replace procedure buildRbacSystemForHsOfficeBankAccount(
create or replace procedure hs_office.bankaccount_build_rbac_system(
NEW hs_office.bankaccount
)
language plpgsql as $$
@ -60,19 +60,19 @@ end; $$;
AFTER INSERT TRIGGER to create the role+grant structure for a new hs_office.bankaccount row.
*/
create or replace function hs_office.insertTriggerForHsOfficeBankAccount_tf()
create or replace function hs_office.bankaccount_build_rbac_system_after_insert_tf()
returns trigger
language plpgsql
strict as $$
begin
call buildRbacSystemForHsOfficeBankAccount(NEW);
call hs_office.bankaccount_build_rbac_system(NEW);
return NEW;
end; $$;
create trigger insertTriggerForHsOfficeBankAccount_tg
create trigger build_rbac_system_after_insert_tg
after insert on hs_office.bankaccount
for each row
execute procedure hs_office.insertTriggerForHsOfficeBankAccount_tf();
execute procedure hs_office.bankaccount_build_rbac_system_after_insert_tf();
--//

24
src/main/resources/db/changelog/5-hs-office/506-debitor/5063-hs-office-debitor-rbac.sql
View File

@ -24,7 +24,7 @@ call rbac.generateRbacRoleDescriptors('hsOfficeDebitor', 'hs_office.debitor');
Creates the roles, grants and permission for the AFTER INSERT TRIGGER.
*/
create or replace procedure buildRbacSystemForHsOfficeDebitor(
create or replace procedure hs_office.debitor_build_rbac_system(
NEW hs_office.debitor
)
language plpgsql as $$
@ -68,19 +68,19 @@ end; $$;
AFTER INSERT TRIGGER to create the role+grant structure for a new hs_office.debitor row.
*/
create or replace function hs_office.insertTriggerForHsOfficeDebitor_tf()
create or replace function hs_office.debitor_build_rbac_system_after_insert_tf()
returns trigger
language plpgsql
strict as $$
begin
call buildRbacSystemForHsOfficeDebitor(NEW);
call hs_office.debitor_build_rbac_system(NEW);
return NEW;
end; $$;
create trigger insertTriggerForHsOfficeDebitor_tg
create trigger build_rbac_system_after_insert_tg
after insert on hs_office.debitor
for each row
execute procedure hs_office.insertTriggerForHsOfficeDebitor_tf();
execute procedure hs_office.debitor_build_rbac_system_after_insert_tf();
--//
@ -92,7 +92,7 @@ execute procedure hs_office.insertTriggerForHsOfficeDebitor_tf();
Called from the AFTER UPDATE TRIGGER to re-wire the grants.
*/
create or replace procedure updateRbacRulesForHsOfficeDebitor(
create or replace procedure hs_office.debitor_update_rbac_system(
OLD hs_office.debitor,
NEW hs_office.debitor
)
@ -102,27 +102,27 @@ begin
if NEW.debitorRelUuid is distinct from OLD.debitorRelUuid
or NEW.refundBankAccountUuid is distinct from OLD.refundBankAccountUuid then
delete from rbac.grants g where g.grantedbytriggerof = OLD.uuid;
call buildRbacSystemForHsOfficeDebitor(NEW);
call hs_office.debitor_build_rbac_system(NEW);
end if;
end; $$;
/*
AFTER INSERT TRIGGER to re-wire the grant structure for a new hs_office.debitor row.
AFTER UPDATE TRIGGER to re-wire the grant structure for a new hs_office.debitor row.
*/
create or replace function hs_office.updateTriggerForHsOfficeDebitor_tf()
create or replace function hs_office.debitor_update_rbac_system_after_update_tf()
returns trigger
language plpgsql
strict as $$
begin
call updateRbacRulesForHsOfficeDebitor(OLD, NEW);
call hs_office.debitor_update_rbac_system(OLD, NEW);
return NEW;
end; $$;
create trigger updateTriggerForHsOfficeDebitor_tg
create trigger update_rbac_system_after_update_tg
after update on hs_office.debitor
for each row
execute procedure hs_office.updateTriggerForHsOfficeDebitor_tf();
execute procedure hs_office.debitor_update_rbac_system_after_update_tf();
--//

10
src/main/resources/db/changelog/5-hs-office/507-sepamandate/5073-hs-office-sepamandate-rbac.sql
View File

@ -24,7 +24,7 @@ call rbac.generateRbacRoleDescriptors('hsOfficeSepaMandate', 'hs_office.sepamand
Creates the roles, grants and permission for the AFTER INSERT TRIGGER.
*/
create or replace procedure buildRbacSystemForHsOfficeSepaMandate(
create or replace procedure hs_office.sepamandate_build_rbac_system(
NEW hs_office.sepamandate
)
language plpgsql as $$
@ -85,19 +85,19 @@ end; $$;
AFTER INSERT TRIGGER to create the role+grant structure for a new hs_office.sepamandate row.
*/
create or replace function hs_office.insertTriggerForHsOfficeSepaMandate_tf()
create or replace function hs_office.sepamandate_build_rbac_system_after_insert_tf()
returns trigger
language plpgsql
strict as $$
begin
call buildRbacSystemForHsOfficeSepaMandate(NEW);
call hs_office.sepamandate_build_rbac_system(NEW);
return NEW;
end; $$;
create trigger insertTriggerForHsOfficeSepaMandate_tg
create trigger build_rbac_system_after_insert_tg
after insert on hs_office.sepamandate
for each row
execute procedure hs_office.insertTriggerForHsOfficeSepaMandate_tf();
execute procedure hs_office.sepamandate_build_rbac_system_after_insert_tf();
--//

10
src/main/resources/db/changelog/5-hs-office/510-membership/5103-hs-office-membership-rbac.sql
View File

@ -24,7 +24,7 @@ call rbac.generateRbacRoleDescriptors('hsOfficeMembership', 'hs_office.membershi
Creates the roles, grants and permission for the AFTER INSERT TRIGGER.
*/
create or replace procedure buildRbacSystemForHsOfficeMembership(
create or replace procedure hs_office.membership_build_rbac_system(
NEW hs_office.membership
)
language plpgsql as $$
@ -72,19 +72,19 @@ end; $$;
AFTER INSERT TRIGGER to create the role+grant structure for a new hs_office.membership row.
*/
create or replace function hs_office.insertTriggerForHsOfficeMembership_tf()
create or replace function hs_office.membership_build_rbac_system_after_insert_tf()
returns trigger
language plpgsql
strict as $$
begin
call buildRbacSystemForHsOfficeMembership(NEW);
call hs_office.membership_build_rbac_system(NEW);
return NEW;
end; $$;
create trigger insertTriggerForHsOfficeMembership_tg
create trigger build_rbac_system_after_insert_tg
after insert on hs_office.membership
for each row
execute procedure hs_office.insertTriggerForHsOfficeMembership_tf();
execute procedure hs_office.membership_build_rbac_system_after_insert_tf();
--//

10
src/main/resources/db/changelog/5-hs-office/511-coopshares/5113-hs-office-coopshares-rbac.sql
View File

@ -24,7 +24,7 @@ call rbac.generateRbacRoleDescriptors('hsOfficeCoopSharesTransaction', 'hs_offic
Creates the roles, grants and permission for the AFTER INSERT TRIGGER.
*/
create or replace procedure buildRbacSystemForHsOfficeCoopSharesTransaction(
create or replace procedure hs_office.coopsharestransaction_build_rbac_system(
NEW hs_office.coopsharestransaction
)
language plpgsql as $$
@ -48,19 +48,19 @@ end; $$;
AFTER INSERT TRIGGER to create the role+grant structure for a new hs_office.coopsharestransaction row.
*/
create or replace function hs_office.insertTriggerForHsOfficeCoopSharesTransaction_tf()
create or replace function hs_office.coopsharestransaction_build_rbac_system_after_insert_tf()
returns trigger
language plpgsql
strict as $$
begin
call buildRbacSystemForHsOfficeCoopSharesTransaction(NEW);
call hs_office.coopsharestransaction_build_rbac_system(NEW);
return NEW;
end; $$;
create trigger insertTriggerForHsOfficeCoopSharesTransaction_tg
create trigger build_rbac_system_after_insert_tg
after insert on hs_office.coopsharestransaction
for each row
execute procedure hs_office.insertTriggerForHsOfficeCoopSharesTransaction_tf();
execute procedure hs_office.coopsharestransaction_build_rbac_system_after_insert_tf();
--//

10
src/main/resources/db/changelog/5-hs-office/512-coopassets/5123-hs-office-coopassets-rbac.sql
View File

@ -24,7 +24,7 @@ call rbac.generateRbacRoleDescriptors('hsOfficeCoopAssetsTransaction', 'hs_offic
Creates the roles, grants and permission for the AFTER INSERT TRIGGER.
*/
create or replace procedure buildRbacSystemForHsOfficeCoopAssetsTransaction(
create or replace procedure hs_office.coopassetstransaction_build_rbac_system(
NEW hs_office.coopassetstransaction
)
language plpgsql as $$
@ -48,19 +48,19 @@ end; $$;
AFTER INSERT TRIGGER to create the role+grant structure for a new hs_office.coopassetstransaction row.
*/
create or replace function hs_office.insertTriggerForHsOfficeCoopAssetsTransaction_tf()
create or replace function hs_office.coopassetstransaction_build_rbac_system_after_insert_tf()
returns trigger
language plpgsql
strict as $$
begin
call buildRbacSystemForHsOfficeCoopAssetsTransaction(NEW);
call hs_office.coopassetstransaction_build_rbac_system(NEW);
return NEW;
end; $$;
create trigger insertTriggerForHsOfficeCoopAssetsTransaction_tg
create trigger build_rbac_system_after_insert_tg
after insert on hs_office.coopassetstransaction
for each row
execute procedure hs_office.insertTriggerForHsOfficeCoopAssetsTransaction_tf();
execute procedure hs_office.coopassetstransaction_build_rbac_system_after_insert_tf();
--//

10
src/main/resources/db/changelog/6-hs-booking/620-booking-project/6203-hs-booking-project-rbac.sql
View File

@ -24,7 +24,7 @@ call rbac.generateRbacRoleDescriptors('hsBookingProject', 'hs_booking_project');
Creates the roles, grants and permission for the AFTER INSERT TRIGGER.
*/
create or replace procedure buildRbacSystemForHsBookingProject(
create or replace procedure hs_booking_project_build_rbac_system(
NEW hs_booking_project
)
language plpgsql as $$
@ -79,19 +79,19 @@ end; $$;
AFTER INSERT TRIGGER to create the role+grant structure for a new hs_booking_project row.
*/
create or replace function insertTriggerForHsBookingProject_tf()
create or replace function hs_booking_project_build_rbac_system_after_insert_tf()
returns trigger
language plpgsql
strict as $$
begin
call buildRbacSystemForHsBookingProject(NEW);
call hs_booking_project_build_rbac_system(NEW);
return NEW;
end; $$;
create trigger insertTriggerForHsBookingProject_tg
create trigger build_rbac_system_after_insert_tg
after insert on hs_booking_project
for each row
execute procedure insertTriggerForHsBookingProject_tf();
execute procedure hs_booking_project_build_rbac_system_after_insert_tf();
--//

10
src/main/resources/db/changelog/6-hs-booking/630-booking-item/6303-hs-booking-item-rbac.sql
View File

@ -24,7 +24,7 @@ call rbac.generateRbacRoleDescriptors('hsBookingItem', 'hs_booking_item');
Creates the roles, grants and permission for the AFTER INSERT TRIGGER.
*/
create or replace procedure buildRbacSystemForHsBookingItem(
create or replace procedure hs_booking_item_build_rbac_system(
NEW hs_booking_item
)
language plpgsql as $$
@ -78,19 +78,19 @@ end; $$;
AFTER INSERT TRIGGER to create the role+grant structure for a new hs_booking_item row.
*/
create or replace function insertTriggerForHsBookingItem_tf()
create or replace function hs_booking_item_build_rbac_system_after_insert_tf()
returns trigger
language plpgsql
strict as $$
begin
call buildRbacSystemForHsBookingItem(NEW);
call hs_booking_item_build_rbac_system(NEW);
return NEW;
end; $$;
create trigger insertTriggerForHsBookingItem_tg
create trigger build_rbac_system_after_insert_tg
after insert on hs_booking_item
for each row
execute procedure insertTriggerForHsBookingItem_tf();
execute procedure hs_booking_item_build_rbac_system_after_insert_tf();
--//

24
src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7013-hs-hosting-asset-rbac.sql
View File

@ -24,7 +24,7 @@ call rbac.generateRbacRoleDescriptors('hsHostingAsset', 'hs_hosting_asset');
Creates the roles, grants and permission for the AFTER INSERT TRIGGER.
*/
create or replace procedure buildRbacSystemForHsHostingAsset(
create or replace procedure hs_hosting_asset_build_rbac_system(
NEW hs_hosting_asset
)
language plpgsql as $$
@ -96,19 +96,19 @@ end; $$;
AFTER INSERT TRIGGER to create the role+grant structure for a new hs_hosting_asset row.
*/
create or replace function insertTriggerForHsHostingAsset_tf()
create or replace function hs_hosting_asset_build_rbac_system_after_insert_tf()
returns trigger
language plpgsql
strict as $$
begin
call buildRbacSystemForHsHostingAsset(NEW);
call hs_hosting_asset_build_rbac_system(NEW);
return NEW;
end; $$;
create trigger insertTriggerForHsHostingAsset_tg
create trigger build_rbac_system_after_insert_tg
after insert on hs_hosting_asset
for each row
execute procedure insertTriggerForHsHostingAsset_tf();
execute procedure hs_hosting_asset_build_rbac_system_after_insert_tf();
--//
@ -120,7 +120,7 @@ execute procedure insertTriggerForHsHostingAsset_tf();
Called from the AFTER UPDATE TRIGGER to re-wire the grants.
*/
create or replace procedure updateRbacRulesForHsHostingAsset(
create or replace procedure hs_hosting_asset_update_rbac_system(
OLD hs_hosting_asset,
NEW hs_hosting_asset
)
@ -130,27 +130,27 @@ begin
if NEW.assignedToAssetUuid is distinct from OLD.assignedToAssetUuid
or NEW.alarmContactUuid is distinct from OLD.alarmContactUuid then
delete from rbac.grants g where g.grantedbytriggerof = OLD.uuid;
call buildRbacSystemForHsHostingAsset(NEW);
call hs_hosting_asset_build_rbac_system(NEW);
end if;
end; $$;
/*
AFTER INSERT TRIGGER to re-wire the grant structure for a new hs_hosting_asset row.
AFTER UPDATE TRIGGER to re-wire the grant structure for a new hs_hosting_asset row.
*/
create or replace function updateTriggerForHsHostingAsset_tf()
create or replace function hs_hosting_asset_update_rbac_system_after_update_tf()
returns trigger
language plpgsql
strict as $$
begin
call updateRbacRulesForHsHostingAsset(OLD, NEW);
call hs_hosting_asset_update_rbac_system(OLD, NEW);
return NEW;
end; $$;
create trigger updateTriggerForHsHostingAsset_tg
create trigger update_rbac_system_after_update_tg
after update on hs_hosting_asset
for each row
execute procedure updateTriggerForHsHostingAsset_tf();
execute procedure hs_hosting_asset_update_rbac_system_after_update_tf();
--//

2
src/test/java/net/hostsharing/hsadminng/hs/office/contact/HsOfficeContactRbacRepositoryIntegrationTest.java
View File

@ -259,7 +259,7 @@ class HsOfficeContactRbacRepositoryIntegrationTest extends ContextBasedTestWithC
select currentTask, targetTable, targetOp, targetdelta->>'caption'
from base.tx_journal_v
where targettable = 'hs_office.contact';
""");
""");
// when
@SuppressWarnings("unchecked") final List<Object[]> customerLogEntries = query.getResultList();