fix rbac sql generation
This commit is contained in:
parent
09ae27dc68
commit
795a829128
@ -66,13 +66,12 @@ class RolesGrantsAndPermissionsGenerator {
|
||||
Creates the roles, grants and permission for the AFTER INSERT TRIGGER.
|
||||
*/
|
||||
|
||||
create or replace procedure buildRbacSystemFor${simpleEntityName}(
|
||||
NEW ${rawTableName}
|
||||
create or replace procedure ${rawTableQualifiedName}_build_rbac_system(
|
||||
NEW ${rawTableQualifiedName}
|
||||
)
|
||||
language plpgsql as $$
|
||||
"""
|
||||
.replace("${simpleEntityName}", simpleEntityName)
|
||||
.replace("${rawTableName}", qualifiedRawTableName));
|
||||
.replace("${rawTableQualifiedName}", qualifiedRawTableName));
|
||||
|
||||
plPgSql.writeLn("declare");
|
||||
plPgSql.indented(() -> {
|
||||
@ -106,21 +105,21 @@ class RolesGrantsAndPermissionsGenerator {
|
||||
Called from the AFTER UPDATE TRIGGER to re-wire the grants.
|
||||
*/
|
||||
|
||||
create or replace procedure updateRbacRulesFor${simpleEntityName}(
|
||||
OLD ${rawTableName},
|
||||
NEW ${rawTableName}
|
||||
create or replace procedure ${rawTableQualifiedName}_update_rbac_system(
|
||||
OLD ${rawTableQualifiedName},
|
||||
NEW ${rawTableQualifiedName}
|
||||
)
|
||||
language plpgsql as $$
|
||||
begin
|
||||
|
||||
if ${updateConditions} then
|
||||
delete from rbac.grants g where g.grantedbytriggerof = OLD.uuid;
|
||||
call buildRbacSystemFor${simpleEntityName}(NEW);
|
||||
call ${rawTableQualifiedName}_build_rbac_system(NEW);
|
||||
end if;
|
||||
end; $$;
|
||||
""",
|
||||
with("simpleEntityName", simpleEntityName),
|
||||
with("rawTableName", qualifiedRawTableName),
|
||||
with("rawTableQualifiedName", qualifiedRawTableName),
|
||||
with("updateConditions", updateConditions));
|
||||
}
|
||||
|
||||
@ -130,16 +129,15 @@ class RolesGrantsAndPermissionsGenerator {
|
||||
Called from the AFTER UPDATE TRIGGER to re-wire the grants.
|
||||
*/
|
||||
|
||||
create or replace procedure updateRbacRulesFor${simpleEntityName}(
|
||||
OLD ${rawTableName},
|
||||
NEW ${rawTableName}
|
||||
create or replace procedure ${rawTableQualifiedName}_update_rbac_system(
|
||||
OLD ${rawTableQualifiedName},
|
||||
NEW ${rawTableQualifiedName}
|
||||
)
|
||||
language plpgsql as $$
|
||||
|
||||
declare
|
||||
"""
|
||||
.replace("${simpleEntityName}", simpleEntityName)
|
||||
.replace("${rawTableName}", qualifiedRawTableName));
|
||||
""",
|
||||
with("rawTableQualifiedName", qualifiedRawTableName));
|
||||
|
||||
plPgSql.chopEmptyLines();
|
||||
plPgSql.indented(() -> {
|
||||
@ -514,26 +512,25 @@ class RolesGrantsAndPermissionsGenerator {
|
||||
|
||||
plPgSql.writeLn("""
|
||||
/*
|
||||
AFTER INSERT TRIGGER to create the role+grant structure for a new ${qualifiedRawTableName} row.
|
||||
AFTER INSERT TRIGGER to create the role+grant structure for a new ${rawTableQualifiedName} row.
|
||||
*/
|
||||
|
||||
create or replace function ${schemaPrefix}insertTriggerFor${simpleEntityName}_tf()
|
||||
create or replace function ${rawTableQualifiedName}_build_rbac_system_after_insert_tf()
|
||||
returns trigger
|
||||
language plpgsql
|
||||
strict as $$
|
||||
begin
|
||||
call buildRbacSystemFor${simpleEntityName}(NEW);
|
||||
call ${rawTableQualifiedName}_build_rbac_system(NEW);
|
||||
return NEW;
|
||||
end; $$;
|
||||
|
||||
create trigger insertTriggerFor${simpleEntityName}_tg
|
||||
after insert on ${qualifiedRawTableName}
|
||||
create trigger build_rbac_system_after_insert_tg
|
||||
after insert on ${rawTableQualifiedName}
|
||||
for each row
|
||||
execute procedure ${schemaPrefix}insertTriggerFor${simpleEntityName}_tf();
|
||||
execute procedure ${rawTableQualifiedName}_build_rbac_system_after_insert_tf();
|
||||
"""
|
||||
.replace("${simpleEntityName}", simpleEntityName)
|
||||
.replace("${schemaPrefix}", schemaPrefix(qualifiedRawTableName))
|
||||
.replace("${qualifiedRawTableName}", qualifiedRawTableName)
|
||||
.replace("${rawTableQualifiedName}", qualifiedRawTableName)
|
||||
);
|
||||
|
||||
generateFooter(plPgSql);
|
||||
@ -550,26 +547,24 @@ class RolesGrantsAndPermissionsGenerator {
|
||||
|
||||
plPgSql.writeLn("""
|
||||
/*
|
||||
AFTER INSERT TRIGGER to re-wire the grant structure for a new ${qualifiedRawTableName} row.
|
||||
AFTER UPDATE TRIGGER to re-wire the grant structure for a new ${rawTableQualifiedName} row.
|
||||
*/
|
||||
|
||||
create or replace function ${schemaPrefix}updateTriggerFor${simpleEntityName}_tf()
|
||||
create or replace function ${rawTableQualifiedName}_update_rbac_system_after_update_tf()
|
||||
returns trigger
|
||||
language plpgsql
|
||||
strict as $$
|
||||
begin
|
||||
call updateRbacRulesFor${simpleEntityName}(OLD, NEW);
|
||||
call ${rawTableQualifiedName}_update_rbac_system(OLD, NEW);
|
||||
return NEW;
|
||||
end; $$;
|
||||
|
||||
create trigger updateTriggerFor${simpleEntityName}_tg
|
||||
after update on ${qualifiedRawTableName}
|
||||
create trigger update_rbac_system_after_update_tg
|
||||
after update on ${rawTableQualifiedName}
|
||||
for each row
|
||||
execute procedure ${schemaPrefix}updateTriggerFor${simpleEntityName}_tf();
|
||||
execute procedure ${rawTableQualifiedName}_update_rbac_system_after_update_tf();
|
||||
"""
|
||||
.replace("${simpleEntityName}", simpleEntityName)
|
||||
.replace("${schemaPrefix}", schemaPrefix(qualifiedRawTableName))
|
||||
.replace("${qualifiedRawTableName}", qualifiedRawTableName)
|
||||
.replace("${rawTableQualifiedName}", qualifiedRawTableName)
|
||||
);
|
||||
|
||||
generateFooter(plPgSql);
|
||||
|
@ -24,7 +24,7 @@ call rbac.generateRbacRoleDescriptors('testCustomer', 'rbactest.customer');
|
||||
Creates the roles, grants and permission for the AFTER INSERT TRIGGER.
|
||||
*/
|
||||
|
||||
create or replace procedure buildRbacSystemForTestCustomer(
|
||||
create or replace procedure rbactest.customer_build_rbac_system(
|
||||
NEW rbactest.customer
|
||||
)
|
||||
language plpgsql as $$
|
||||
@ -60,19 +60,19 @@ end; $$;
|
||||
AFTER INSERT TRIGGER to create the role+grant structure for a new rbactest.customer row.
|
||||
*/
|
||||
|
||||
create or replace function rbactest.insertTriggerForTestCustomer_tf()
|
||||
create or replace function rbactest.customer_build_rbac_system_after_insert_tf()
|
||||
returns trigger
|
||||
language plpgsql
|
||||
strict as $$
|
||||
begin
|
||||
call buildRbacSystemForTestCustomer(NEW);
|
||||
call rbactest.customer_build_rbac_system(NEW);
|
||||
return NEW;
|
||||
end; $$;
|
||||
|
||||
create trigger insertTriggerForTestCustomer_tg
|
||||
create trigger build_rbac_system_after_insert_tg
|
||||
after insert on rbactest.customer
|
||||
for each row
|
||||
execute procedure rbactest.insertTriggerForTestCustomer_tf();
|
||||
execute procedure rbactest.customer_build_rbac_system_after_insert_tf();
|
||||
--//
|
||||
|
||||
|
||||
|
@ -24,7 +24,7 @@ call rbac.generateRbacRoleDescriptors('testPackage', 'rbactest.package');
|
||||
Creates the roles, grants and permission for the AFTER INSERT TRIGGER.
|
||||
*/
|
||||
|
||||
create or replace procedure buildRbacSystemForTestPackage(
|
||||
create or replace procedure rbactest.package_build_rbac_system(
|
||||
NEW rbactest.package
|
||||
)
|
||||
language plpgsql as $$
|
||||
@ -64,19 +64,19 @@ end; $$;
|
||||
AFTER INSERT TRIGGER to create the role+grant structure for a new rbactest.package row.
|
||||
*/
|
||||
|
||||
create or replace function rbactest.insertTriggerForTestPackage_tf()
|
||||
create or replace function rbactest.package_build_rbac_system_after_insert_tf()
|
||||
returns trigger
|
||||
language plpgsql
|
||||
strict as $$
|
||||
begin
|
||||
call buildRbacSystemForTestPackage(NEW);
|
||||
call rbactest.package_build_rbac_system(NEW);
|
||||
return NEW;
|
||||
end; $$;
|
||||
|
||||
create trigger insertTriggerForTestPackage_tg
|
||||
create trigger build_rbac_system_after_insert_tg
|
||||
after insert on rbactest.package
|
||||
for each row
|
||||
execute procedure rbactest.insertTriggerForTestPackage_tf();
|
||||
execute procedure rbactest.package_build_rbac_system_after_insert_tf();
|
||||
--//
|
||||
|
||||
|
||||
@ -88,7 +88,7 @@ execute procedure rbactest.insertTriggerForTestPackage_tf();
|
||||
Called from the AFTER UPDATE TRIGGER to re-wire the grants.
|
||||
*/
|
||||
|
||||
create or replace procedure updateRbacRulesForTestPackage(
|
||||
create or replace procedure rbactest.package_update_rbac_system(
|
||||
OLD rbactest.package,
|
||||
NEW rbactest.package
|
||||
)
|
||||
@ -122,22 +122,22 @@ begin
|
||||
end; $$;
|
||||
|
||||
/*
|
||||
AFTER INSERT TRIGGER to re-wire the grant structure for a new rbactest.package row.
|
||||
AFTER UPDATE TRIGGER to re-wire the grant structure for a new rbactest.package row.
|
||||
*/
|
||||
|
||||
create or replace function rbactest.updateTriggerForTestPackage_tf()
|
||||
create or replace function rbactest.package_update_rbac_system_after_update_tf()
|
||||
returns trigger
|
||||
language plpgsql
|
||||
strict as $$
|
||||
begin
|
||||
call updateRbacRulesForTestPackage(OLD, NEW);
|
||||
call rbactest.package_update_rbac_system(OLD, NEW);
|
||||
return NEW;
|
||||
end; $$;
|
||||
|
||||
create trigger updateTriggerForTestPackage_tg
|
||||
create trigger update_rbac_system_after_update_tg
|
||||
after update on rbactest.package
|
||||
for each row
|
||||
execute procedure rbactest.updateTriggerForTestPackage_tf();
|
||||
execute procedure rbactest.package_update_rbac_system_after_update_tf();
|
||||
--//
|
||||
|
||||
|
||||
|
@ -24,7 +24,7 @@ call rbac.generateRbacRoleDescriptors('testDomain', 'rbactest.domain');
|
||||
Creates the roles, grants and permission for the AFTER INSERT TRIGGER.
|
||||
*/
|
||||
|
||||
create or replace procedure buildRbacSystemForTestDomain(
|
||||
create or replace procedure rbactest.domain_build_rbac_system(
|
||||
NEW rbactest.domain
|
||||
)
|
||||
language plpgsql as $$
|
||||
@ -60,19 +60,19 @@ end; $$;
|
||||
AFTER INSERT TRIGGER to create the role+grant structure for a new rbactest.domain row.
|
||||
*/
|
||||
|
||||
create or replace function rbactest.insertTriggerForTestDomain_tf()
|
||||
create or replace function rbactest.domain_build_rbac_system_after_insert_tf()
|
||||
returns trigger
|
||||
language plpgsql
|
||||
strict as $$
|
||||
begin
|
||||
call buildRbacSystemForTestDomain(NEW);
|
||||
call rbactest.domain_build_rbac_system(NEW);
|
||||
return NEW;
|
||||
end; $$;
|
||||
|
||||
create trigger insertTriggerForTestDomain_tg
|
||||
create trigger build_rbac_system_after_insert_tg
|
||||
after insert on rbactest.domain
|
||||
for each row
|
||||
execute procedure rbactest.insertTriggerForTestDomain_tf();
|
||||
execute procedure rbactest.domain_build_rbac_system_after_insert_tf();
|
||||
--//
|
||||
|
||||
|
||||
@ -84,7 +84,7 @@ execute procedure rbactest.insertTriggerForTestDomain_tf();
|
||||
Called from the AFTER UPDATE TRIGGER to re-wire the grants.
|
||||
*/
|
||||
|
||||
create or replace procedure updateRbacRulesForTestDomain(
|
||||
create or replace procedure rbactest.domain_update_rbac_system(
|
||||
OLD rbactest.domain,
|
||||
NEW rbactest.domain
|
||||
)
|
||||
@ -121,22 +121,22 @@ begin
|
||||
end; $$;
|
||||
|
||||
/*
|
||||
AFTER INSERT TRIGGER to re-wire the grant structure for a new rbactest.domain row.
|
||||
AFTER UPDATE TRIGGER to re-wire the grant structure for a new rbactest.domain row.
|
||||
*/
|
||||
|
||||
create or replace function rbactest.updateTriggerForTestDomain_tf()
|
||||
create or replace function rbactest.domain_update_rbac_system_after_update_tf()
|
||||
returns trigger
|
||||
language plpgsql
|
||||
strict as $$
|
||||
begin
|
||||
call updateRbacRulesForTestDomain(OLD, NEW);
|
||||
call rbactest.domain_update_rbac_system(OLD, NEW);
|
||||
return NEW;
|
||||
end; $$;
|
||||
|
||||
create trigger updateTriggerForTestDomain_tg
|
||||
create trigger update_rbac_system_after_update_tg
|
||||
after update on rbactest.domain
|
||||
for each row
|
||||
execute procedure rbactest.updateTriggerForTestDomain_tf();
|
||||
execute procedure rbactest.domain_update_rbac_system_after_update_tf();
|
||||
--//
|
||||
|
||||
|
||||
|
@ -24,7 +24,7 @@ call rbac.generateRbacRoleDescriptors('hsOfficeContact', 'hs_office.contact');
|
||||
Creates the roles, grants and permission for the AFTER INSERT TRIGGER.
|
||||
*/
|
||||
|
||||
create or replace procedure buildRbacSystemForHsOfficeContact(
|
||||
create or replace procedure hs_office.contact_build_rbac_system(
|
||||
NEW hs_office.contact
|
||||
)
|
||||
language plpgsql as $$
|
||||
@ -60,19 +60,19 @@ end; $$;
|
||||
AFTER INSERT TRIGGER to create the role+grant structure for a new hs_office.contact row.
|
||||
*/
|
||||
|
||||
create or replace function hs_office.insertTriggerForHsOfficeContact_tf()
|
||||
create or replace function hs_office.contact_build_rbac_system_after_insert_tf()
|
||||
returns trigger
|
||||
language plpgsql
|
||||
strict as $$
|
||||
begin
|
||||
call buildRbacSystemForHsOfficeContact(NEW);
|
||||
call hs_office.contact_build_rbac_system(NEW);
|
||||
return NEW;
|
||||
end; $$;
|
||||
|
||||
create trigger insertTriggerForHsOfficeContact_tg
|
||||
create trigger build_rbac_system_after_insert_tg
|
||||
after insert on hs_office.contact
|
||||
for each row
|
||||
execute procedure hs_office.insertTriggerForHsOfficeContact_tf();
|
||||
execute procedure hs_office.contact_build_rbac_system_after_insert_tf();
|
||||
--//
|
||||
|
||||
|
||||
|
@ -24,7 +24,7 @@ call rbac.generateRbacRoleDescriptors('hsOfficePerson', 'hs_office.person');
|
||||
Creates the roles, grants and permission for the AFTER INSERT TRIGGER.
|
||||
*/
|
||||
|
||||
create or replace procedure buildRbacSystemForHsOfficePerson(
|
||||
create or replace procedure hs_office.person_build_rbac_system(
|
||||
NEW hs_office.person
|
||||
)
|
||||
language plpgsql as $$
|
||||
@ -60,19 +60,19 @@ end; $$;
|
||||
AFTER INSERT TRIGGER to create the role+grant structure for a new hs_office.person row.
|
||||
*/
|
||||
|
||||
create or replace function hs_office.insertTriggerForHsOfficePerson_tf()
|
||||
create or replace function hs_office.person_build_rbac_system_after_insert_tf()
|
||||
returns trigger
|
||||
language plpgsql
|
||||
strict as $$
|
||||
begin
|
||||
call buildRbacSystemForHsOfficePerson(NEW);
|
||||
call hs_office.person_build_rbac_system(NEW);
|
||||
return NEW;
|
||||
end; $$;
|
||||
|
||||
create trigger insertTriggerForHsOfficePerson_tg
|
||||
create trigger build_rbac_system_after_insert_tg
|
||||
after insert on hs_office.person
|
||||
for each row
|
||||
execute procedure hs_office.insertTriggerForHsOfficePerson_tf();
|
||||
execute procedure hs_office.person_build_rbac_system_after_insert_tf();
|
||||
--//
|
||||
|
||||
|
||||
|
@ -24,7 +24,7 @@ call rbac.generateRbacRoleDescriptors('hsOfficeRelation', 'hs_office.relation');
|
||||
Creates the roles, grants and permission for the AFTER INSERT TRIGGER.
|
||||
*/
|
||||
|
||||
create or replace procedure buildRbacSystemForHsOfficeRelation(
|
||||
create or replace procedure hs_office.relation_build_rbac_system(
|
||||
NEW hs_office.relation
|
||||
)
|
||||
language plpgsql as $$
|
||||
@ -93,19 +93,19 @@ end; $$;
|
||||
AFTER INSERT TRIGGER to create the role+grant structure for a new hs_office.relation row.
|
||||
*/
|
||||
|
||||
create or replace function hs_office.insertTriggerForHsOfficeRelation_tf()
|
||||
create or replace function hs_office.relation_build_rbac_system_after_insert_tf()
|
||||
returns trigger
|
||||
language plpgsql
|
||||
strict as $$
|
||||
begin
|
||||
call buildRbacSystemForHsOfficeRelation(NEW);
|
||||
call hs_office.relation_build_rbac_system(NEW);
|
||||
return NEW;
|
||||
end; $$;
|
||||
|
||||
create trigger insertTriggerForHsOfficeRelation_tg
|
||||
create trigger build_rbac_system_after_insert_tg
|
||||
after insert on hs_office.relation
|
||||
for each row
|
||||
execute procedure hs_office.insertTriggerForHsOfficeRelation_tf();
|
||||
execute procedure hs_office.relation_build_rbac_system_after_insert_tf();
|
||||
--//
|
||||
|
||||
|
||||
@ -117,7 +117,7 @@ execute procedure hs_office.insertTriggerForHsOfficeRelation_tf();
|
||||
Called from the AFTER UPDATE TRIGGER to re-wire the grants.
|
||||
*/
|
||||
|
||||
create or replace procedure updateRbacRulesForHsOfficeRelation(
|
||||
create or replace procedure hs_office.relation_update_rbac_system(
|
||||
OLD hs_office.relation,
|
||||
NEW hs_office.relation
|
||||
)
|
||||
@ -126,27 +126,27 @@ begin
|
||||
|
||||
if NEW.contactUuid is distinct from OLD.contactUuid then
|
||||
delete from rbac.grants g where g.grantedbytriggerof = OLD.uuid;
|
||||
call buildRbacSystemForHsOfficeRelation(NEW);
|
||||
call hs_office.relation_build_rbac_system(NEW);
|
||||
end if;
|
||||
end; $$;
|
||||
|
||||
/*
|
||||
AFTER INSERT TRIGGER to re-wire the grant structure for a new hs_office.relation row.
|
||||
AFTER UPDATE TRIGGER to re-wire the grant structure for a new hs_office.relation row.
|
||||
*/
|
||||
|
||||
create or replace function hs_office.updateTriggerForHsOfficeRelation_tf()
|
||||
create or replace function hs_office.relation_update_rbac_system_after_update_tf()
|
||||
returns trigger
|
||||
language plpgsql
|
||||
strict as $$
|
||||
begin
|
||||
call updateRbacRulesForHsOfficeRelation(OLD, NEW);
|
||||
call hs_office.relation_update_rbac_system(OLD, NEW);
|
||||
return NEW;
|
||||
end; $$;
|
||||
|
||||
create trigger updateTriggerForHsOfficeRelation_tg
|
||||
create trigger update_rbac_system_after_update_tg
|
||||
after update on hs_office.relation
|
||||
for each row
|
||||
execute procedure hs_office.updateTriggerForHsOfficeRelation_tf();
|
||||
execute procedure hs_office.relation_update_rbac_system_after_update_tf();
|
||||
--//
|
||||
|
||||
|
||||
|
@ -24,7 +24,7 @@ call rbac.generateRbacRoleDescriptors('hsOfficePartner', 'hs_office.partner');
|
||||
Creates the roles, grants and permission for the AFTER INSERT TRIGGER.
|
||||
*/
|
||||
|
||||
create or replace procedure buildRbacSystemForHsOfficePartner(
|
||||
create or replace procedure hs_office.partner_build_rbac_system(
|
||||
NEW hs_office.partner
|
||||
)
|
||||
language plpgsql as $$
|
||||
@ -56,19 +56,19 @@ end; $$;
|
||||
AFTER INSERT TRIGGER to create the role+grant structure for a new hs_office.partner row.
|
||||
*/
|
||||
|
||||
create or replace function hs_office.insertTriggerForHsOfficePartner_tf()
|
||||
create or replace function hs_office.partner_build_rbac_system_after_insert_tf()
|
||||
returns trigger
|
||||
language plpgsql
|
||||
strict as $$
|
||||
begin
|
||||
call buildRbacSystemForHsOfficePartner(NEW);
|
||||
call hs_office.partner_build_rbac_system(NEW);
|
||||
return NEW;
|
||||
end; $$;
|
||||
|
||||
create trigger insertTriggerForHsOfficePartner_tg
|
||||
create trigger build_rbac_system_after_insert_tg
|
||||
after insert on hs_office.partner
|
||||
for each row
|
||||
execute procedure hs_office.insertTriggerForHsOfficePartner_tf();
|
||||
execute procedure hs_office.partner_build_rbac_system_after_insert_tf();
|
||||
--//
|
||||
|
||||
|
||||
@ -80,7 +80,7 @@ execute procedure hs_office.insertTriggerForHsOfficePartner_tf();
|
||||
Called from the AFTER UPDATE TRIGGER to re-wire the grants.
|
||||
*/
|
||||
|
||||
create or replace procedure updateRbacRulesForHsOfficePartner(
|
||||
create or replace procedure hs_office.partner_update_rbac_system(
|
||||
OLD hs_office.partner,
|
||||
NEW hs_office.partner
|
||||
)
|
||||
@ -134,22 +134,22 @@ begin
|
||||
end; $$;
|
||||
|
||||
/*
|
||||
AFTER INSERT TRIGGER to re-wire the grant structure for a new hs_office.partner row.
|
||||
AFTER UPDATE TRIGGER to re-wire the grant structure for a new hs_office.partner row.
|
||||
*/
|
||||
|
||||
create or replace function hs_office.updateTriggerForHsOfficePartner_tf()
|
||||
create or replace function hs_office.partner_update_rbac_system_after_update_tf()
|
||||
returns trigger
|
||||
language plpgsql
|
||||
strict as $$
|
||||
begin
|
||||
call updateRbacRulesForHsOfficePartner(OLD, NEW);
|
||||
call hs_office.partner_update_rbac_system(OLD, NEW);
|
||||
return NEW;
|
||||
end; $$;
|
||||
|
||||
create trigger updateTriggerForHsOfficePartner_tg
|
||||
create trigger update_rbac_system_after_update_tg
|
||||
after update on hs_office.partner
|
||||
for each row
|
||||
execute procedure hs_office.updateTriggerForHsOfficePartner_tf();
|
||||
execute procedure hs_office.partner_update_rbac_system_after_update_tf();
|
||||
--//
|
||||
|
||||
|
||||
|
@ -24,7 +24,7 @@ call rbac.generateRbacRoleDescriptors('hsOfficePartnerDetails', 'hs_office.partn
|
||||
Creates the roles, grants and permission for the AFTER INSERT TRIGGER.
|
||||
*/
|
||||
|
||||
create or replace procedure buildRbacSystemForHsOfficePartnerDetails(
|
||||
create or replace procedure hs_office.partner_details_build_rbac_system(
|
||||
NEW hs_office.partner_details
|
||||
)
|
||||
language plpgsql as $$
|
||||
@ -41,19 +41,19 @@ end; $$;
|
||||
AFTER INSERT TRIGGER to create the role+grant structure for a new hs_office.partner_details row.
|
||||
*/
|
||||
|
||||
create or replace function hs_office.insertTriggerForHsOfficePartnerDetails_tf()
|
||||
create or replace function hs_office.partner_details_build_rbac_system_after_insert_tf()
|
||||
returns trigger
|
||||
language plpgsql
|
||||
strict as $$
|
||||
begin
|
||||
call buildRbacSystemForHsOfficePartnerDetails(NEW);
|
||||
call hs_office.partner_details_build_rbac_system(NEW);
|
||||
return NEW;
|
||||
end; $$;
|
||||
|
||||
create trigger insertTriggerForHsOfficePartnerDetails_tg
|
||||
create trigger build_rbac_system_after_insert_tg
|
||||
after insert on hs_office.partner_details
|
||||
for each row
|
||||
execute procedure hs_office.insertTriggerForHsOfficePartnerDetails_tf();
|
||||
execute procedure hs_office.partner_details_build_rbac_system_after_insert_tf();
|
||||
--//
|
||||
|
||||
|
||||
|
@ -24,7 +24,7 @@ call rbac.generateRbacRoleDescriptors('hsOfficeBankAccount', 'hs_office.bankacco
|
||||
Creates the roles, grants and permission for the AFTER INSERT TRIGGER.
|
||||
*/
|
||||
|
||||
create or replace procedure buildRbacSystemForHsOfficeBankAccount(
|
||||
create or replace procedure hs_office.bankaccount_build_rbac_system(
|
||||
NEW hs_office.bankaccount
|
||||
)
|
||||
language plpgsql as $$
|
||||
@ -60,19 +60,19 @@ end; $$;
|
||||
AFTER INSERT TRIGGER to create the role+grant structure for a new hs_office.bankaccount row.
|
||||
*/
|
||||
|
||||
create or replace function hs_office.insertTriggerForHsOfficeBankAccount_tf()
|
||||
create or replace function hs_office.bankaccount_build_rbac_system_after_insert_tf()
|
||||
returns trigger
|
||||
language plpgsql
|
||||
strict as $$
|
||||
begin
|
||||
call buildRbacSystemForHsOfficeBankAccount(NEW);
|
||||
call hs_office.bankaccount_build_rbac_system(NEW);
|
||||
return NEW;
|
||||
end; $$;
|
||||
|
||||
create trigger insertTriggerForHsOfficeBankAccount_tg
|
||||
create trigger build_rbac_system_after_insert_tg
|
||||
after insert on hs_office.bankaccount
|
||||
for each row
|
||||
execute procedure hs_office.insertTriggerForHsOfficeBankAccount_tf();
|
||||
execute procedure hs_office.bankaccount_build_rbac_system_after_insert_tf();
|
||||
--//
|
||||
|
||||
|
||||
|
@ -24,7 +24,7 @@ call rbac.generateRbacRoleDescriptors('hsOfficeDebitor', 'hs_office.debitor');
|
||||
Creates the roles, grants and permission for the AFTER INSERT TRIGGER.
|
||||
*/
|
||||
|
||||
create or replace procedure buildRbacSystemForHsOfficeDebitor(
|
||||
create or replace procedure hs_office.debitor_build_rbac_system(
|
||||
NEW hs_office.debitor
|
||||
)
|
||||
language plpgsql as $$
|
||||
@ -68,19 +68,19 @@ end; $$;
|
||||
AFTER INSERT TRIGGER to create the role+grant structure for a new hs_office.debitor row.
|
||||
*/
|
||||
|
||||
create or replace function hs_office.insertTriggerForHsOfficeDebitor_tf()
|
||||
create or replace function hs_office.debitor_build_rbac_system_after_insert_tf()
|
||||
returns trigger
|
||||
language plpgsql
|
||||
strict as $$
|
||||
begin
|
||||
call buildRbacSystemForHsOfficeDebitor(NEW);
|
||||
call hs_office.debitor_build_rbac_system(NEW);
|
||||
return NEW;
|
||||
end; $$;
|
||||
|
||||
create trigger insertTriggerForHsOfficeDebitor_tg
|
||||
create trigger build_rbac_system_after_insert_tg
|
||||
after insert on hs_office.debitor
|
||||
for each row
|
||||
execute procedure hs_office.insertTriggerForHsOfficeDebitor_tf();
|
||||
execute procedure hs_office.debitor_build_rbac_system_after_insert_tf();
|
||||
--//
|
||||
|
||||
|
||||
@ -92,7 +92,7 @@ execute procedure hs_office.insertTriggerForHsOfficeDebitor_tf();
|
||||
Called from the AFTER UPDATE TRIGGER to re-wire the grants.
|
||||
*/
|
||||
|
||||
create or replace procedure updateRbacRulesForHsOfficeDebitor(
|
||||
create or replace procedure hs_office.debitor_update_rbac_system(
|
||||
OLD hs_office.debitor,
|
||||
NEW hs_office.debitor
|
||||
)
|
||||
@ -102,27 +102,27 @@ begin
|
||||
if NEW.debitorRelUuid is distinct from OLD.debitorRelUuid
|
||||
or NEW.refundBankAccountUuid is distinct from OLD.refundBankAccountUuid then
|
||||
delete from rbac.grants g where g.grantedbytriggerof = OLD.uuid;
|
||||
call buildRbacSystemForHsOfficeDebitor(NEW);
|
||||
call hs_office.debitor_build_rbac_system(NEW);
|
||||
end if;
|
||||
end; $$;
|
||||
|
||||
/*
|
||||
AFTER INSERT TRIGGER to re-wire the grant structure for a new hs_office.debitor row.
|
||||
AFTER UPDATE TRIGGER to re-wire the grant structure for a new hs_office.debitor row.
|
||||
*/
|
||||
|
||||
create or replace function hs_office.updateTriggerForHsOfficeDebitor_tf()
|
||||
create or replace function hs_office.debitor_update_rbac_system_after_update_tf()
|
||||
returns trigger
|
||||
language plpgsql
|
||||
strict as $$
|
||||
begin
|
||||
call updateRbacRulesForHsOfficeDebitor(OLD, NEW);
|
||||
call hs_office.debitor_update_rbac_system(OLD, NEW);
|
||||
return NEW;
|
||||
end; $$;
|
||||
|
||||
create trigger updateTriggerForHsOfficeDebitor_tg
|
||||
create trigger update_rbac_system_after_update_tg
|
||||
after update on hs_office.debitor
|
||||
for each row
|
||||
execute procedure hs_office.updateTriggerForHsOfficeDebitor_tf();
|
||||
execute procedure hs_office.debitor_update_rbac_system_after_update_tf();
|
||||
--//
|
||||
|
||||
|
||||
|
@ -24,7 +24,7 @@ call rbac.generateRbacRoleDescriptors('hsOfficeSepaMandate', 'hs_office.sepamand
|
||||
Creates the roles, grants and permission for the AFTER INSERT TRIGGER.
|
||||
*/
|
||||
|
||||
create or replace procedure buildRbacSystemForHsOfficeSepaMandate(
|
||||
create or replace procedure hs_office.sepamandate_build_rbac_system(
|
||||
NEW hs_office.sepamandate
|
||||
)
|
||||
language plpgsql as $$
|
||||
@ -85,19 +85,19 @@ end; $$;
|
||||
AFTER INSERT TRIGGER to create the role+grant structure for a new hs_office.sepamandate row.
|
||||
*/
|
||||
|
||||
create or replace function hs_office.insertTriggerForHsOfficeSepaMandate_tf()
|
||||
create or replace function hs_office.sepamandate_build_rbac_system_after_insert_tf()
|
||||
returns trigger
|
||||
language plpgsql
|
||||
strict as $$
|
||||
begin
|
||||
call buildRbacSystemForHsOfficeSepaMandate(NEW);
|
||||
call hs_office.sepamandate_build_rbac_system(NEW);
|
||||
return NEW;
|
||||
end; $$;
|
||||
|
||||
create trigger insertTriggerForHsOfficeSepaMandate_tg
|
||||
create trigger build_rbac_system_after_insert_tg
|
||||
after insert on hs_office.sepamandate
|
||||
for each row
|
||||
execute procedure hs_office.insertTriggerForHsOfficeSepaMandate_tf();
|
||||
execute procedure hs_office.sepamandate_build_rbac_system_after_insert_tf();
|
||||
--//
|
||||
|
||||
|
||||
|
@ -24,7 +24,7 @@ call rbac.generateRbacRoleDescriptors('hsOfficeMembership', 'hs_office.membershi
|
||||
Creates the roles, grants and permission for the AFTER INSERT TRIGGER.
|
||||
*/
|
||||
|
||||
create or replace procedure buildRbacSystemForHsOfficeMembership(
|
||||
create or replace procedure hs_office.membership_build_rbac_system(
|
||||
NEW hs_office.membership
|
||||
)
|
||||
language plpgsql as $$
|
||||
@ -72,19 +72,19 @@ end; $$;
|
||||
AFTER INSERT TRIGGER to create the role+grant structure for a new hs_office.membership row.
|
||||
*/
|
||||
|
||||
create or replace function hs_office.insertTriggerForHsOfficeMembership_tf()
|
||||
create or replace function hs_office.membership_build_rbac_system_after_insert_tf()
|
||||
returns trigger
|
||||
language plpgsql
|
||||
strict as $$
|
||||
begin
|
||||
call buildRbacSystemForHsOfficeMembership(NEW);
|
||||
call hs_office.membership_build_rbac_system(NEW);
|
||||
return NEW;
|
||||
end; $$;
|
||||
|
||||
create trigger insertTriggerForHsOfficeMembership_tg
|
||||
create trigger build_rbac_system_after_insert_tg
|
||||
after insert on hs_office.membership
|
||||
for each row
|
||||
execute procedure hs_office.insertTriggerForHsOfficeMembership_tf();
|
||||
execute procedure hs_office.membership_build_rbac_system_after_insert_tf();
|
||||
--//
|
||||
|
||||
|
||||
|
@ -24,7 +24,7 @@ call rbac.generateRbacRoleDescriptors('hsOfficeCoopSharesTransaction', 'hs_offic
|
||||
Creates the roles, grants and permission for the AFTER INSERT TRIGGER.
|
||||
*/
|
||||
|
||||
create or replace procedure buildRbacSystemForHsOfficeCoopSharesTransaction(
|
||||
create or replace procedure hs_office.coopsharestransaction_build_rbac_system(
|
||||
NEW hs_office.coopsharestransaction
|
||||
)
|
||||
language plpgsql as $$
|
||||
@ -48,19 +48,19 @@ end; $$;
|
||||
AFTER INSERT TRIGGER to create the role+grant structure for a new hs_office.coopsharestransaction row.
|
||||
*/
|
||||
|
||||
create or replace function hs_office.insertTriggerForHsOfficeCoopSharesTransaction_tf()
|
||||
create or replace function hs_office.coopsharestransaction_build_rbac_system_after_insert_tf()
|
||||
returns trigger
|
||||
language plpgsql
|
||||
strict as $$
|
||||
begin
|
||||
call buildRbacSystemForHsOfficeCoopSharesTransaction(NEW);
|
||||
call hs_office.coopsharestransaction_build_rbac_system(NEW);
|
||||
return NEW;
|
||||
end; $$;
|
||||
|
||||
create trigger insertTriggerForHsOfficeCoopSharesTransaction_tg
|
||||
create trigger build_rbac_system_after_insert_tg
|
||||
after insert on hs_office.coopsharestransaction
|
||||
for each row
|
||||
execute procedure hs_office.insertTriggerForHsOfficeCoopSharesTransaction_tf();
|
||||
execute procedure hs_office.coopsharestransaction_build_rbac_system_after_insert_tf();
|
||||
--//
|
||||
|
||||
|
||||
|
@ -24,7 +24,7 @@ call rbac.generateRbacRoleDescriptors('hsOfficeCoopAssetsTransaction', 'hs_offic
|
||||
Creates the roles, grants and permission for the AFTER INSERT TRIGGER.
|
||||
*/
|
||||
|
||||
create or replace procedure buildRbacSystemForHsOfficeCoopAssetsTransaction(
|
||||
create or replace procedure hs_office.coopassetstransaction_build_rbac_system(
|
||||
NEW hs_office.coopassetstransaction
|
||||
)
|
||||
language plpgsql as $$
|
||||
@ -48,19 +48,19 @@ end; $$;
|
||||
AFTER INSERT TRIGGER to create the role+grant structure for a new hs_office.coopassetstransaction row.
|
||||
*/
|
||||
|
||||
create or replace function hs_office.insertTriggerForHsOfficeCoopAssetsTransaction_tf()
|
||||
create or replace function hs_office.coopassetstransaction_build_rbac_system_after_insert_tf()
|
||||
returns trigger
|
||||
language plpgsql
|
||||
strict as $$
|
||||
begin
|
||||
call buildRbacSystemForHsOfficeCoopAssetsTransaction(NEW);
|
||||
call hs_office.coopassetstransaction_build_rbac_system(NEW);
|
||||
return NEW;
|
||||
end; $$;
|
||||
|
||||
create trigger insertTriggerForHsOfficeCoopAssetsTransaction_tg
|
||||
create trigger build_rbac_system_after_insert_tg
|
||||
after insert on hs_office.coopassetstransaction
|
||||
for each row
|
||||
execute procedure hs_office.insertTriggerForHsOfficeCoopAssetsTransaction_tf();
|
||||
execute procedure hs_office.coopassetstransaction_build_rbac_system_after_insert_tf();
|
||||
--//
|
||||
|
||||
|
||||
|
@ -24,7 +24,7 @@ call rbac.generateRbacRoleDescriptors('hsBookingProject', 'hs_booking_project');
|
||||
Creates the roles, grants and permission for the AFTER INSERT TRIGGER.
|
||||
*/
|
||||
|
||||
create or replace procedure buildRbacSystemForHsBookingProject(
|
||||
create or replace procedure hs_booking_project_build_rbac_system(
|
||||
NEW hs_booking_project
|
||||
)
|
||||
language plpgsql as $$
|
||||
@ -79,19 +79,19 @@ end; $$;
|
||||
AFTER INSERT TRIGGER to create the role+grant structure for a new hs_booking_project row.
|
||||
*/
|
||||
|
||||
create or replace function insertTriggerForHsBookingProject_tf()
|
||||
create or replace function hs_booking_project_build_rbac_system_after_insert_tf()
|
||||
returns trigger
|
||||
language plpgsql
|
||||
strict as $$
|
||||
begin
|
||||
call buildRbacSystemForHsBookingProject(NEW);
|
||||
call hs_booking_project_build_rbac_system(NEW);
|
||||
return NEW;
|
||||
end; $$;
|
||||
|
||||
create trigger insertTriggerForHsBookingProject_tg
|
||||
create trigger build_rbac_system_after_insert_tg
|
||||
after insert on hs_booking_project
|
||||
for each row
|
||||
execute procedure insertTriggerForHsBookingProject_tf();
|
||||
execute procedure hs_booking_project_build_rbac_system_after_insert_tf();
|
||||
--//
|
||||
|
||||
|
||||
|
@ -24,7 +24,7 @@ call rbac.generateRbacRoleDescriptors('hsBookingItem', 'hs_booking_item');
|
||||
Creates the roles, grants and permission for the AFTER INSERT TRIGGER.
|
||||
*/
|
||||
|
||||
create or replace procedure buildRbacSystemForHsBookingItem(
|
||||
create or replace procedure hs_booking_item_build_rbac_system(
|
||||
NEW hs_booking_item
|
||||
)
|
||||
language plpgsql as $$
|
||||
@ -78,19 +78,19 @@ end; $$;
|
||||
AFTER INSERT TRIGGER to create the role+grant structure for a new hs_booking_item row.
|
||||
*/
|
||||
|
||||
create or replace function insertTriggerForHsBookingItem_tf()
|
||||
create or replace function hs_booking_item_build_rbac_system_after_insert_tf()
|
||||
returns trigger
|
||||
language plpgsql
|
||||
strict as $$
|
||||
begin
|
||||
call buildRbacSystemForHsBookingItem(NEW);
|
||||
call hs_booking_item_build_rbac_system(NEW);
|
||||
return NEW;
|
||||
end; $$;
|
||||
|
||||
create trigger insertTriggerForHsBookingItem_tg
|
||||
create trigger build_rbac_system_after_insert_tg
|
||||
after insert on hs_booking_item
|
||||
for each row
|
||||
execute procedure insertTriggerForHsBookingItem_tf();
|
||||
execute procedure hs_booking_item_build_rbac_system_after_insert_tf();
|
||||
--//
|
||||
|
||||
|
||||
|
@ -24,7 +24,7 @@ call rbac.generateRbacRoleDescriptors('hsHostingAsset', 'hs_hosting_asset');
|
||||
Creates the roles, grants and permission for the AFTER INSERT TRIGGER.
|
||||
*/
|
||||
|
||||
create or replace procedure buildRbacSystemForHsHostingAsset(
|
||||
create or replace procedure hs_hosting_asset_build_rbac_system(
|
||||
NEW hs_hosting_asset
|
||||
)
|
||||
language plpgsql as $$
|
||||
@ -96,19 +96,19 @@ end; $$;
|
||||
AFTER INSERT TRIGGER to create the role+grant structure for a new hs_hosting_asset row.
|
||||
*/
|
||||
|
||||
create or replace function insertTriggerForHsHostingAsset_tf()
|
||||
create or replace function hs_hosting_asset_build_rbac_system_after_insert_tf()
|
||||
returns trigger
|
||||
language plpgsql
|
||||
strict as $$
|
||||
begin
|
||||
call buildRbacSystemForHsHostingAsset(NEW);
|
||||
call hs_hosting_asset_build_rbac_system(NEW);
|
||||
return NEW;
|
||||
end; $$;
|
||||
|
||||
create trigger insertTriggerForHsHostingAsset_tg
|
||||
create trigger build_rbac_system_after_insert_tg
|
||||
after insert on hs_hosting_asset
|
||||
for each row
|
||||
execute procedure insertTriggerForHsHostingAsset_tf();
|
||||
execute procedure hs_hosting_asset_build_rbac_system_after_insert_tf();
|
||||
--//
|
||||
|
||||
|
||||
@ -120,7 +120,7 @@ execute procedure insertTriggerForHsHostingAsset_tf();
|
||||
Called from the AFTER UPDATE TRIGGER to re-wire the grants.
|
||||
*/
|
||||
|
||||
create or replace procedure updateRbacRulesForHsHostingAsset(
|
||||
create or replace procedure hs_hosting_asset_update_rbac_system(
|
||||
OLD hs_hosting_asset,
|
||||
NEW hs_hosting_asset
|
||||
)
|
||||
@ -130,27 +130,27 @@ begin
|
||||
if NEW.assignedToAssetUuid is distinct from OLD.assignedToAssetUuid
|
||||
or NEW.alarmContactUuid is distinct from OLD.alarmContactUuid then
|
||||
delete from rbac.grants g where g.grantedbytriggerof = OLD.uuid;
|
||||
call buildRbacSystemForHsHostingAsset(NEW);
|
||||
call hs_hosting_asset_build_rbac_system(NEW);
|
||||
end if;
|
||||
end; $$;
|
||||
|
||||
/*
|
||||
AFTER INSERT TRIGGER to re-wire the grant structure for a new hs_hosting_asset row.
|
||||
AFTER UPDATE TRIGGER to re-wire the grant structure for a new hs_hosting_asset row.
|
||||
*/
|
||||
|
||||
create or replace function updateTriggerForHsHostingAsset_tf()
|
||||
create or replace function hs_hosting_asset_update_rbac_system_after_update_tf()
|
||||
returns trigger
|
||||
language plpgsql
|
||||
strict as $$
|
||||
begin
|
||||
call updateRbacRulesForHsHostingAsset(OLD, NEW);
|
||||
call hs_hosting_asset_update_rbac_system(OLD, NEW);
|
||||
return NEW;
|
||||
end; $$;
|
||||
|
||||
create trigger updateTriggerForHsHostingAsset_tg
|
||||
create trigger update_rbac_system_after_update_tg
|
||||
after update on hs_hosting_asset
|
||||
for each row
|
||||
execute procedure updateTriggerForHsHostingAsset_tf();
|
||||
execute procedure hs_hosting_asset_update_rbac_system_after_update_tf();
|
||||
--//
|
||||
|
||||
|
||||
|
@ -259,7 +259,7 @@ class HsOfficeContactRbacRepositoryIntegrationTest extends ContextBasedTestWithC
|
||||
select currentTask, targetTable, targetOp, targetdelta->>'caption'
|
||||
from base.tx_journal_v
|
||||
where targettable = 'hs_office.contact';
|
||||
""");
|
||||
""");
|
||||
|
||||
// when
|
||||
@SuppressWarnings("unchecked") final List<Object[]> customerLogEntries = query.getResultList();
|
||||
|
Loading…
Reference in New Issue
Block a user