hostsharing/hs.hsadmin.ng
6
0
Fork 0
Code Pull Requests 2 Activity

rename customerOwner -> rbactest.customer_OWNER etc. -- generated

Browse Source
This commit is contained in:
Michael Hoennig 2024-09-19 13:24:08 +02:00
parent 632bf7d29b
commit 7decf28293
30 changed files with 64 additions and 68 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
sql/recursive-cte-experiments-for-accessible-uuids.sql
View File

@ -151,7 +151,7 @@ end transaction;
alter table rbacobject alter table rbacobject
-- just for performance testing, we would need a joined enum or a varchar(16) which would make it slow -- just for performance testing, we would need a joined enum or a varchar(16) which would make it slow
add column type hs_hosting.hshostingassettype; add column type hs_hosting.AssetType;
-- and fill the type column with hs_hosting.asset types: -- and fill the type column with hs_hosting.asset types:

2
src/main/java/net/hostsharing/hsadminng/hs/office/relation/HsOfficeRelationRbacRepository.java
View File

@ -24,7 +24,7 @@ public interface HsOfficeRelationRbacRepository extends Repository<HsOfficeRelat
@Query(value = """ @Query(value = """
SELECT p.* FROM hs_office.relation_rv AS p SELECT p.* FROM hs_office.relation_rv AS p
WHERE (:relationType IS NULL OR p.type = cast(:relationType AS HsOfficeRelationType)) WHERE (:relationType IS NULL OR p.type = cast(:relationType AS hs_office.RelationType))
AND ( p.anchorUuid = :personUuid OR p.holderUuid = :personUuid) AND ( p.anchorUuid = :personUuid OR p.holderUuid = :personUuid)
""", nativeQuery = true) """, nativeQuery = true)
List<HsOfficeRelationRbacEntity> findRelationRelatedToPersonUuidAndRelationTypeString(@NotNull UUID personUuid, String relationType); List<HsOfficeRelationRbacEntity> findRelationRelatedToPersonUuidAndRelationTypeString(@NotNull UUID personUuid, String relationType);

2
src/main/java/net/hostsharing/hsadminng/hs/office/relation/HsOfficeRelationRealRepository.java
View File

@ -24,7 +24,7 @@ public interface HsOfficeRelationRealRepository extends Repository<HsOfficeRelat
@Query(value = """ @Query(value = """
SELECT p.* FROM hs_office.relation AS p SELECT p.* FROM hs_office.relation AS p
WHERE (:relationType IS NULL OR p.type = cast(:relationType AS HsOfficeRelationType)) WHERE (:relationType IS NULL OR p.type = cast(:relationType AS hs_office.RelationType))
AND ( p.anchorUuid = :personUuid OR p.holderUuid = :personUuid) AND ( p.anchorUuid = :personUuid OR p.holderUuid = :personUuid)
""", nativeQuery = true) """, nativeQuery = true)
List<HsOfficeRelationRealEntity> findRelationRelatedToPersonUuidAndRelationTypeString(@NotNull UUID personUuid, String relationType); List<HsOfficeRelationRealEntity> findRelationRelatedToPersonUuidAndRelationTypeString(@NotNull UUID personUuid, String relationType);

2
src/main/java/net/hostsharing/hsadminng/rbac/generator/InsertTriggerGenerator.java
View File

@ -325,7 +325,7 @@ public class InsertTriggerGenerator {
private String toRoleDescriptor(final RbacView.RbacRoleDefinition roleDef, final String ref) { private String toRoleDescriptor(final RbacView.RbacRoleDefinition roleDef, final String ref) {
final var functionName = toVar(roleDef); final var functionName = roleDef.descriptorFunctionName();
if (roleDef.getEntityAlias().isGlobal()) { if (roleDef.getEntityAlias().isGlobal()) {
return functionName + "()"; return functionName + "()";
} }

5
src/main/java/net/hostsharing/hsadminng/rbac/generator/RbacView.java
View File

@ -29,6 +29,7 @@ import static net.hostsharing.hsadminng.rbac.generator.RbacView.RbacGrantDefinit
import static net.hostsharing.hsadminng.rbac.generator.RbacView.RbacSubjectReference.UserRole.CREATOR; import static net.hostsharing.hsadminng.rbac.generator.RbacView.RbacSubjectReference.UserRole.CREATOR;
import static net.hostsharing.hsadminng.rbac.generator.RbacView.SQL.Part.AUTO_FETCH; import static net.hostsharing.hsadminng.rbac.generator.RbacView.SQL.Part.AUTO_FETCH;
import static org.apache.commons.collections4.SetUtils.hashSet; import static org.apache.commons.collections4.SetUtils.hashSet;
import static org.apache.commons.lang3.StringUtils.capitalize;
import static org.apache.commons.lang3.StringUtils.uncapitalize; import static org.apache.commons.lang3.StringUtils.uncapitalize;
@Getter @Getter
@ -830,6 +831,10 @@ public class RbacView {
public boolean isGlobal(final Role role) { public boolean isGlobal(final Role role) {
return entityAlias.isGlobal() && this.role == role; return entityAlias.isGlobal() && this.role == role;
} }
public String descriptorFunctionName() {
return entityAlias.getRawTableNameWithSchema() + "_" + capitalize(role.name());
}
} }
public RbacSubjectReference findUserRef(final RbacSubjectReference.UserRole userRole) { public RbacSubjectReference findUserRef(final RbacSubjectReference.UserRole userRole) {

16
src/main/java/net/hostsharing/hsadminng/rbac/generator/RolesGrantsAndPermissionsGenerator.java
View File

@ -20,7 +20,6 @@ import static net.hostsharing.hsadminng.rbac.generator.RbacView.RbacGrantDefinit
import static net.hostsharing.hsadminng.rbac.generator.RbacView.Role.*; import static net.hostsharing.hsadminng.rbac.generator.RbacView.Role.*;
import static net.hostsharing.hsadminng.rbac.generator.StringWriter.with; import static net.hostsharing.hsadminng.rbac.generator.StringWriter.with;
import static org.apache.commons.lang3.StringUtils.capitalize; import static org.apache.commons.lang3.StringUtils.capitalize;
import static org.apache.commons.lang3.StringUtils.uncapitalize;
class RolesGrantsAndPermissionsGenerator { class RolesGrantsAndPermissionsGenerator {
@ -362,11 +361,10 @@ class RolesGrantsAndPermissionsGenerator {
System.out.println("null"); System.out.println("null");
} }
if (roleDef.getEntityAlias().isGlobal()) { if (roleDef.getEntityAlias().isGlobal()) {
return "rbac.globalAdmin()"; return "rbac.global_ADMIN()";
} }
final String entityRefVar = entityRefVar(rootRefVar, roleDef.getEntityAlias()); final String entityRefVar = entityRefVar(rootRefVar, roleDef.getEntityAlias());
return roleDef.getEntityAlias().simpleName() + capitalize(roleDef.getRole().name()) return roleDef.descriptorFunctionName() + "(" + entityRefVar + ")";
+ "(" + entityRefVar + ")";
} }
private String entityRefVar( private String entityRefVar(
@ -389,8 +387,8 @@ class RolesGrantsAndPermissionsGenerator {
plPgSql.writeLn(); plPgSql.writeLn();
plPgSql.writeLn("perform rbac.defineRoleWithGrants("); plPgSql.writeLn("perform rbac.defineRoleWithGrants(");
plPgSql.indented(() -> { plPgSql.indented(() -> {
plPgSql.writeLn("${simpleVarName)${roleSuffix}(NEW)," plPgSql.writeLn("${qualifiedRawTableName)_${roleSuffix}(NEW),"
.replace("${simpleVarName)", simpleEntityVarName) .replace("${qualifiedRawTableName)", qualifiedRawTableName)
.replace("${roleSuffix}", capitalize(role.name()))); .replace("${roleSuffix}", capitalize(role.name())));
generatePermissionsForRole(plPgSql, role); generatePermissionsForRole(plPgSql, role);
@ -593,16 +591,12 @@ class RolesGrantsAndPermissionsGenerator {
final RbacView.RbacRoleDefinition roleDef, final RbacView.RbacRoleDefinition roleDef,
final boolean assumed) { final boolean assumed) {
final var assumedArg = assumed ? "" : ", rbac.unassumed()"; final var assumedArg = assumed ? "" : ", rbac.unassumed()";
return toRoleRef(roleDef) + return roleDef.descriptorFunctionName() +
(roleDef.getEntityAlias().isGlobal() ? ( assumed ? "()" : "(rbac.unassumed())") (roleDef.getEntityAlias().isGlobal() ? ( assumed ? "()" : "(rbac.unassumed())")
: rbacDef.isRootEntityAlias(roleDef.getEntityAlias()) ? ("(" + triggerRef.name() + ")") : rbacDef.isRootEntityAlias(roleDef.getEntityAlias()) ? ("(" + triggerRef.name() + ")")
: "(" + toTriggerReference(triggerRef, roleDef.getEntityAlias()) + assumedArg + ")"); : "(" + toTriggerReference(triggerRef, roleDef.getEntityAlias()) + assumedArg + ")");
} }
private static String toRoleRef(final RbacView.RbacRoleDefinition roleDef) {
return uncapitalize(roleDef.getEntityAlias().simpleName()) + capitalize(roleDef.getRole().name());
}
private static String toTriggerReference( private static String toTriggerReference(
final PostgresTriggerReference triggerRef, final PostgresTriggerReference triggerRef,
final RbacView.EntityAlias entityAlias) { final RbacView.EntityAlias entityAlias) {

8
src/main/resources/db/changelog/1-rbac/1080-rbac-global.sql
View File

@ -30,7 +30,7 @@ create or replace function rbac.isGlobalAdmin()
returns boolean returns boolean
language plpgsql as $$ language plpgsql as $$
begin begin
return rbac.isGranted(rbac.currentSubjectOrAssumedRolesUuids(), rbac.findRoleId(rbac.globalAdmin())); return rbac.isGranted(rbac.currentSubjectOrAssumedRolesUuids(), rbac.findRoleId(rbac.global_ADMIN()));
end; $$; end; $$;
--// --//
@ -109,7 +109,7 @@ commit;
/* /*
A rbac.Global administrator role. A rbac.Global administrator role.
*/ */
create or replace function rbac.globalAdmin(assumed boolean = true) create or replace function rbac.global_ADMIN(assumed boolean = true)
returns rbac.RoleDescriptor returns rbac.RoleDescriptor
returns null on null input returns null on null input
stable -- leakproof stable -- leakproof
@ -119,7 +119,7 @@ $$;
begin transaction; begin transaction;
call base.defineContext('creating role:rbac.global#global:ADMIN', null, null, null); call base.defineContext('creating role:rbac.global#global:ADMIN', null, null, null);
select rbac.createRole(rbac.globalAdmin()); select rbac.createRole(rbac.global_ADMIN());
commit; commit;
--// --//
@ -157,7 +157,7 @@ do language plpgsql $$
begin begin
call base.defineContext('creating fake test-realm admin users', null, null, null); call base.defineContext('creating fake test-realm admin users', null, null, null);
admins = rbac.findRoleId(rbac.globalAdmin()); admins = rbac.findRoleId(rbac.global_ADMIN());
call rbac.grantRoleToSubjectUnchecked(admins, admins, rbac.create_subject('superuser-alex@hostsharing.net')); call rbac.grantRoleToSubjectUnchecked(admins, admins, rbac.create_subject('superuser-alex@hostsharing.net'));
call rbac.grantRoleToSubjectUnchecked(admins, admins, rbac.create_subject('superuser-fran@hostsharing.net')); call rbac.grantRoleToSubjectUnchecked(admins, admins, rbac.create_subject('superuser-fran@hostsharing.net'));
perform rbac.create_subject('selfregistered-user-drew@hostsharing.org'); perform rbac.create_subject('selfregistered-user-drew@hostsharing.org');

6
src/main/resources/db/changelog/2-rbactest/201-rbactest-customer/2013-rbactest-customer-rbac.sql
View File

@ -37,7 +37,7 @@ begin
perform rbac.defineRoleWithGrants( perform rbac.defineRoleWithGrants(
rbactest.customer_OWNER(NEW), rbactest.customer_OWNER(NEW),
permissions => array['DELETE'], permissions => array['DELETE'],
incomingSuperRoles => array[rbac.globalADMIN(rbac.unassumed())], incomingSuperRoles => array[rbac.global_ADMIN(rbac.unassumed())],
subjectUuids => array[rbac.currentSubjectUuid()] subjectUuids => array[rbac.currentSubjectUuid()]
); );
@ -96,7 +96,7 @@ do language plpgsql $$
LOOP LOOP
call rbac.grantPermissionToRole( call rbac.grantPermissionToRole(
rbac.createPermission(row.uuid, 'INSERT', 'rbactest.customer'), rbac.createPermission(row.uuid, 'INSERT', 'rbactest.customer'),
rbac.globalADMIN()); rbac.global_ADMIN());
END LOOP; END LOOP;
end; end;
$$; $$;
@ -112,7 +112,7 @@ begin
-- unconditional for all rows in that table -- unconditional for all rows in that table
call rbac.grantPermissionToRole( call rbac.grantPermissionToRole(
rbac.createPermission(NEW.uuid, 'INSERT', 'rbactest.customer'), rbac.createPermission(NEW.uuid, 'INSERT', 'rbactest.customer'),
rbac.globalADMIN()); rbac.global_ADMIN());
-- end. -- end.
return NEW; return NEW;
end; $$; end; $$;

2
src/main/resources/db/changelog/5-hs-office/501-contact/5013-hs-office-contact-rbac.sql
View File

@ -37,7 +37,7 @@ begin
perform rbac.defineRoleWithGrants( perform rbac.defineRoleWithGrants(
hs_office.contact_OWNER(NEW), hs_office.contact_OWNER(NEW),
permissions => array['DELETE'], permissions => array['DELETE'],
incomingSuperRoles => array[rbac.globalADMIN()], incomingSuperRoles => array[rbac.global_ADMIN()],
subjectUuids => array[rbac.currentSubjectUuid()] subjectUuids => array[rbac.currentSubjectUuid()]
); );

6
src/main/resources/db/changelog/5-hs-office/502-person/5020-hs-office-person.sql
View File

@ -4,7 +4,7 @@
--changeset michael.hoennig:hs-office-person-MAIN-TABLE endDelimiter:--// --changeset michael.hoennig:hs-office-person-MAIN-TABLE endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
CREATE TYPE hs_office.HsOfficePersonType AS ENUM ( CREATE TYPE hs_office.PersonType AS ENUM (
'??', -- unknown '??', -- unknown
'NP', -- natural person 'NP', -- natural person
'LP', -- legal person 'LP', -- legal person
@ -12,13 +12,13 @@ CREATE TYPE hs_office.HsOfficePersonType AS ENUM (
'UF', -- unincorporated firm 'UF', -- unincorporated firm
'PI'); -- public institution 'PI'); -- public institution
CREATE CAST (character varying as hs_office.HsOfficePersonType) WITH INOUT AS IMPLICIT; CREATE CAST (character varying as hs_office.PersonType) WITH INOUT AS IMPLICIT;
create table if not exists hs_office.person create table if not exists hs_office.person
( (
uuid uuid unique references rbac.object (uuid) initially deferred, uuid uuid unique references rbac.object (uuid) initially deferred,
version int not null default 0, version int not null default 0,
personType hs_office.HsOfficePersonType not null, personType hs_office.PersonType not null,
tradeName varchar(96), tradeName varchar(96),
salutation varchar(30), salutation varchar(30),
title varchar(20), title varchar(20),

2
src/main/resources/db/changelog/5-hs-office/502-person/5023-hs-office-person-rbac.sql
View File

@ -37,7 +37,7 @@ begin
perform rbac.defineRoleWithGrants( perform rbac.defineRoleWithGrants(
hs_office.person_OWNER(NEW), hs_office.person_OWNER(NEW),
permissions => array['DELETE'], permissions => array['DELETE'],
incomingSuperRoles => array[rbac.globalADMIN()], incomingSuperRoles => array[rbac.global_ADMIN()],
subjectUuids => array[rbac.currentSubjectUuid()] subjectUuids => array[rbac.currentSubjectUuid()]
); );

2
src/main/resources/db/changelog/5-hs-office/502-person/5028-hs-office-person-test-data.sql
View File

@ -9,7 +9,7 @@
Creates a single person test record. Creates a single person test record.
*/ */
create or replace procedure createHsOfficePersonTestData( create or replace procedure createHsOfficePersonTestData(
newPersonType hs_office.HsOfficePersonType, newPersonType hs_office.PersonType,
newTradeName varchar, newTradeName varchar,
newFamilyName varchar = null, newFamilyName varchar = null,
newGivenName varchar = null newGivenName varchar = null

6
src/main/resources/db/changelog/5-hs-office/503-relation/5030-hs-office-relation.sql
View File

@ -4,7 +4,7 @@
--changeset michael.hoennig:hs-office-relation-MAIN-TABLE endDelimiter:--// --changeset michael.hoennig:hs-office-relation-MAIN-TABLE endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
CREATE TYPE hs_office.HsOfficeRelationType AS ENUM ( CREATE TYPE hs_office.RelationType AS ENUM (
'UNKNOWN', 'UNKNOWN',
'PARTNER', 'PARTNER',
'EX_PARTNER', 'EX_PARTNER',
@ -14,7 +14,7 @@ CREATE TYPE hs_office.HsOfficeRelationType AS ENUM (
'OPERATIONS', 'OPERATIONS',
'SUBSCRIBER'); 'SUBSCRIBER');
CREATE CAST (character varying as hs_office.HsOfficeRelationType) WITH INOUT AS IMPLICIT; CREATE CAST (character varying as hs_office.RelationType) WITH INOUT AS IMPLICIT;
create table if not exists hs_office.relation create table if not exists hs_office.relation
( (
@ -23,7 +23,7 @@ create table if not exists hs_office.relation
anchorUuid uuid not null references hs_office.person(uuid), anchorUuid uuid not null references hs_office.person(uuid),
holderUuid uuid not null references hs_office.person(uuid), holderUuid uuid not null references hs_office.person(uuid),
contactUuid uuid references hs_office.contact(uuid), contactUuid uuid references hs_office.contact(uuid),
type hs_office.HsOfficeRelationType not null, type hs_office.RelationType not null,
mark varchar(24) mark varchar(24)
); );
--// --//

2
src/main/resources/db/changelog/5-hs-office/503-relation/5033-hs-office-relation-rbac.sql
View File

@ -50,7 +50,7 @@ begin
perform rbac.defineRoleWithGrants( perform rbac.defineRoleWithGrants(
hs_office.relation_OWNER(NEW), hs_office.relation_OWNER(NEW),
permissions => array['DELETE'], permissions => array['DELETE'],
incomingSuperRoles => array[rbac.globalADMIN()], incomingSuperRoles => array[rbac.global_ADMIN()],
subjectUuids => array[rbac.currentSubjectUuid()] subjectUuids => array[rbac.currentSubjectUuid()]
); );

2
src/main/resources/db/changelog/5-hs-office/503-relation/5038-hs-office-relation-test-data.sql
View File

@ -10,7 +10,7 @@
*/ */
create or replace procedure createHsOfficeRelationTestData( create or replace procedure createHsOfficeRelationTestData(
holderPersonName varchar, holderPersonName varchar,
relationType hs_office.HsOfficeRelationType, relationType hs_office.RelationType,
anchorPersonName varchar, anchorPersonName varchar,
contactCaption varchar, contactCaption varchar,
mark varchar default null) mark varchar default null)

4
src/main/resources/db/changelog/5-hs-office/504-partner/5043-hs-office-partner-rbac.sql
View File

@ -173,7 +173,7 @@ do language plpgsql $$
LOOP LOOP
call rbac.grantPermissionToRole( call rbac.grantPermissionToRole(
rbac.createPermission(row.uuid, 'INSERT', 'hs_office.partner'), rbac.createPermission(row.uuid, 'INSERT', 'hs_office.partner'),
rbac.globalADMIN()); rbac.global_ADMIN());
END LOOP; END LOOP;
end; end;
$$; $$;
@ -189,7 +189,7 @@ begin
-- unconditional for all rows in that table -- unconditional for all rows in that table
call rbac.grantPermissionToRole( call rbac.grantPermissionToRole(
rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office.partner'), rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office.partner'),
rbac.globalADMIN()); rbac.global_ADMIN());
-- end. -- end.
return NEW; return NEW;
end; $$; end; $$;

4
src/main/resources/db/changelog/5-hs-office/504-partner/5044-hs-office-partner-details-rbac.sql
View File

@ -77,7 +77,7 @@ do language plpgsql $$
LOOP LOOP
call rbac.grantPermissionToRole( call rbac.grantPermissionToRole(
rbac.createPermission(row.uuid, 'INSERT', 'hs_office.partner_details'), rbac.createPermission(row.uuid, 'INSERT', 'hs_office.partner_details'),
rbac.globalADMIN()); rbac.global_ADMIN());
END LOOP; END LOOP;
end; end;
$$; $$;
@ -93,7 +93,7 @@ begin
-- unconditional for all rows in that table -- unconditional for all rows in that table
call rbac.grantPermissionToRole( call rbac.grantPermissionToRole(
rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office.partner_details'), rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office.partner_details'),
rbac.globalADMIN()); rbac.global_ADMIN());
-- end. -- end.
return NEW; return NEW;
end; $$; end; $$;

2
src/main/resources/db/changelog/5-hs-office/505-bankaccount/5053-hs-office-bankaccount-rbac.sql
View File

@ -37,7 +37,7 @@ begin
perform rbac.defineRoleWithGrants( perform rbac.defineRoleWithGrants(
hs_office.bankaccount_OWNER(NEW), hs_office.bankaccount_OWNER(NEW),
permissions => array['DELETE'], permissions => array['DELETE'],
incomingSuperRoles => array[rbac.globalADMIN()], incomingSuperRoles => array[rbac.global_ADMIN()],
subjectUuids => array[rbac.currentSubjectUuid()] subjectUuids => array[rbac.currentSubjectUuid()]
); );

4
src/main/resources/db/changelog/5-hs-office/506-debitor/5063-hs-office-debitor-rbac.sql
View File

@ -146,7 +146,7 @@ do language plpgsql $$
LOOP LOOP
call rbac.grantPermissionToRole( call rbac.grantPermissionToRole(
rbac.createPermission(row.uuid, 'INSERT', 'hs_office.debitor'), rbac.createPermission(row.uuid, 'INSERT', 'hs_office.debitor'),
rbac.globalADMIN()); rbac.global_ADMIN());
END LOOP; END LOOP;
end; end;
$$; $$;
@ -162,7 +162,7 @@ begin
-- unconditional for all rows in that table -- unconditional for all rows in that table
call rbac.grantPermissionToRole( call rbac.grantPermissionToRole(
rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office.debitor'), rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office.debitor'),
rbac.globalADMIN()); rbac.global_ADMIN());
-- end. -- end.
return NEW; return NEW;
end; $$; end; $$;

2
src/main/resources/db/changelog/5-hs-office/507-sepamandate/5073-hs-office-sepamandate-rbac.sql
View File

@ -50,7 +50,7 @@ begin
perform rbac.defineRoleWithGrants( perform rbac.defineRoleWithGrants(
hs_office.sepamandate_OWNER(NEW), hs_office.sepamandate_OWNER(NEW),
permissions => array['DELETE'], permissions => array['DELETE'],
incomingSuperRoles => array[rbac.globalADMIN()], incomingSuperRoles => array[rbac.global_ADMIN()],
subjectUuids => array[rbac.currentSubjectUuid()] subjectUuids => array[rbac.currentSubjectUuid()]
); );

4
src/main/resources/db/changelog/5-hs-office/510-membership/5103-hs-office-membership-rbac.sql
View File

@ -108,7 +108,7 @@ do language plpgsql $$
LOOP LOOP
call rbac.grantPermissionToRole( call rbac.grantPermissionToRole(
rbac.createPermission(row.uuid, 'INSERT', 'hs_office.membership'), rbac.createPermission(row.uuid, 'INSERT', 'hs_office.membership'),
rbac.globalADMIN()); rbac.global_ADMIN());
END LOOP; END LOOP;
end; end;
$$; $$;
@ -124,7 +124,7 @@ begin
-- unconditional for all rows in that table -- unconditional for all rows in that table
call rbac.grantPermissionToRole( call rbac.grantPermissionToRole(
rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office.membership'), rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office.membership'),
rbac.globalADMIN()); rbac.global_ADMIN());
-- end. -- end.
return NEW; return NEW;
end; $$; end; $$;

6
src/main/resources/db/changelog/5-hs-office/511-coopshares/5110-hs-office-coopshares.sql
View File

@ -4,16 +4,16 @@
--changeset michael.hoennig:hs-office-coopshares-MAIN-TABLE endDelimiter:--// --changeset michael.hoennig:hs-office-coopshares-MAIN-TABLE endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
CREATE TYPE hs_office.HsOfficeCoopSharesTransactionType AS ENUM ('ADJUSTMENT', 'SUBSCRIPTION', 'CANCELLATION'); CREATE TYPE hs_office.CoopSharesTransactionType AS ENUM ('ADJUSTMENT', 'SUBSCRIPTION', 'CANCELLATION');
CREATE CAST (character varying as hs_office.HsOfficeCoopSharesTransactionType) WITH INOUT AS IMPLICIT; CREATE CAST (character varying as hs_office.CoopSharesTransactionType) WITH INOUT AS IMPLICIT;
create table if not exists hs_office.coopsharestransaction create table if not exists hs_office.coopsharestransaction
( (
uuid uuid unique references rbac.object (uuid) initially deferred, uuid uuid unique references rbac.object (uuid) initially deferred,
version int not null default 0, version int not null default 0,
membershipUuid uuid not null references hs_office.membership(uuid), membershipUuid uuid not null references hs_office.membership(uuid),
transactionType hs_office.HsOfficeCoopSharesTransactionType not null, transactionType hs_office.CoopSharesTransactionType not null,
valueDate date not null, valueDate date not null,
shareCount integer not null, shareCount integer not null,
reference varchar(48) not null, reference varchar(48) not null,

6
src/main/resources/db/changelog/5-hs-office/512-coopassets/5120-hs-office-coopassets.sql
View File

@ -4,7 +4,7 @@
--changeset michael.hoennig:hs-office-coopassets-MAIN-TABLE endDelimiter:--// --changeset michael.hoennig:hs-office-coopassets-MAIN-TABLE endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
CREATE TYPE hs_office.HsOfficeCoopAssetsTransactionType AS ENUM ('ADJUSTMENT', CREATE TYPE hs_office.CoopAssetsTransactionType AS ENUM ('ADJUSTMENT',
'DEPOSIT', 'DEPOSIT',
'DISBURSAL', 'DISBURSAL',
'TRANSFER', 'TRANSFER',
@ -13,14 +13,14 @@ CREATE TYPE hs_office.HsOfficeCoopAssetsTransactionType AS ENUM ('ADJUSTMENT',
'LOSS', 'LOSS',
'LIMITATION'); 'LIMITATION');
CREATE CAST (character varying as hs_office.HsOfficeCoopAssetsTransactionType) WITH INOUT AS IMPLICIT; CREATE CAST (character varying as hs_office.CoopAssetsTransactionType) WITH INOUT AS IMPLICIT;
create table if not exists hs_office.coopassetstransaction create table if not exists hs_office.coopassetstransaction
( (
uuid uuid unique references rbac.object (uuid) initially deferred, uuid uuid unique references rbac.object (uuid) initially deferred,
version int not null default 0, version int not null default 0,
membershipUuid uuid not null references hs_office.membership(uuid), membershipUuid uuid not null references hs_office.membership(uuid),
transactionType hs_office.HsOfficeCoopAssetsTransactionType not null, transactionType hs_office.CoopAssetsTransactionType not null,
valueDate date not null, valueDate date not null,
assetValue money not null, assetValue money not null,
reference varchar(48) not null, reference varchar(48) not null,

2
src/main/resources/db/changelog/6-hs-booking/620-booking-project/6203-hs-booking-project-rbac.sql
View File

@ -70,7 +70,7 @@ begin
outgoingSubRoles => array[hs_office.relation_TENANT(newDebitorRel)] outgoingSubRoles => array[hs_office.relation_TENANT(newDebitorRel)]
); );
call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'DELETE'), rbac.globalAdmin()); call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'DELETE'), rbac.global_ADMIN());
call rbac.leaveTriggerForObjectUuid(NEW.uuid); call rbac.leaveTriggerForObjectUuid(NEW.uuid);
end; $$; end; $$;

6
src/main/resources/db/changelog/6-hs-booking/630-booking-item/6300-hs-booking-item.sql
View File

@ -4,7 +4,7 @@
--changeset michael.hoennig:booking-item-MAIN-TABLE endDelimiter:--// --changeset michael.hoennig:booking-item-MAIN-TABLE endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
create type hs_booking.HsBookingItemType as enum ( create type hs_booking.ItemType as enum (
'PRIVATE_CLOUD', 'PRIVATE_CLOUD',
'CLOUD_SERVER', 'CLOUD_SERVER',
'MANAGED_SERVER', 'MANAGED_SERVER',
@ -12,14 +12,14 @@ create type hs_booking.HsBookingItemType as enum (
'DOMAIN_SETUP' 'DOMAIN_SETUP'
); );
CREATE CAST (character varying as hs_booking.HsBookingItemType) WITH INOUT AS IMPLICIT; CREATE CAST (character varying as hs_booking.ItemType) WITH INOUT AS IMPLICIT;
create table if not exists hs_booking.item create table if not exists hs_booking.item
( (
uuid uuid unique references rbac.object (uuid), uuid uuid unique references rbac.object (uuid),
version int not null default 0, version int not null default 0,
projectUuid uuid null references hs_booking.project(uuid), projectUuid uuid null references hs_booking.project(uuid),
type hs_booking.HsBookingItemType not null, type hs_booking.ItemType not null,
parentItemUuid uuid null references hs_booking.item(uuid) initially deferred, parentItemUuid uuid null references hs_booking.item(uuid) initially deferred,
validity daterange not null, validity daterange not null,
caption varchar(80) not null, caption varchar(80) not null,

6
src/main/resources/db/changelog/6-hs-booking/630-booking-item/6303-hs-booking-item-rbac.sql
View File

@ -69,7 +69,7 @@ begin
call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'DELETE'), rbac.globalAdmin()); call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'DELETE'), rbac.global_ADMIN());
call rbac.leaveTriggerForObjectUuid(NEW.uuid); call rbac.leaveTriggerForObjectUuid(NEW.uuid);
end; $$; end; $$;
@ -114,7 +114,7 @@ do language plpgsql $$
LOOP LOOP
call rbac.grantPermissionToRole( call rbac.grantPermissionToRole(
rbac.createPermission(row.uuid, 'INSERT', 'hs_booking.item'), rbac.createPermission(row.uuid, 'INSERT', 'hs_booking.item'),
rbac.globalADMIN()); rbac.global_ADMIN());
END LOOP; END LOOP;
end; end;
$$; $$;
@ -130,7 +130,7 @@ begin
-- unconditional for all rows in that table -- unconditional for all rows in that table
call rbac.grantPermissionToRole( call rbac.grantPermissionToRole(
rbac.createPermission(NEW.uuid, 'INSERT', 'hs_booking.item'), rbac.createPermission(NEW.uuid, 'INSERT', 'hs_booking.item'),
rbac.globalADMIN()); rbac.global_ADMIN());
-- end. -- end.
return NEW; return NEW;
end; $$; end; $$;

14
src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7010-hs-hosting-asset.sql
View File

@ -4,7 +4,7 @@
--changeset michael.hoennig:hosting-asset-MAIN-TABLE endDelimiter:--// --changeset michael.hoennig:hosting-asset-MAIN-TABLE endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
create type hs_hosting.HsHostingAssetType as enum ( create type hs_hosting.AssetType as enum (
'CLOUD_SERVER', 'CLOUD_SERVER',
'MANAGED_SERVER', 'MANAGED_SERVER',
'MANAGED_WEBSPACE', 'MANAGED_WEBSPACE',
@ -26,14 +26,14 @@ create type hs_hosting.HsHostingAssetType as enum (
'IPV6_NUMBER' 'IPV6_NUMBER'
); );
CREATE CAST (character varying as hs_hosting.HsHostingAssetType) WITH INOUT AS IMPLICIT; CREATE CAST (character varying as hs_hosting.AssetType) WITH INOUT AS IMPLICIT;
create table if not exists hs_hosting.asset create table if not exists hs_hosting.asset
( (
uuid uuid unique references rbac.object (uuid), uuid uuid unique references rbac.object (uuid),
version int not null default 0, version int not null default 0,
bookingItemUuid uuid null references hs_booking.item(uuid), bookingItemUuid uuid null references hs_booking.item(uuid),
type hs_hosting.HsHostingAssetType not null, type hs_hosting.AssetType not null,
parentAssetUuid uuid null references hs_hosting.asset(uuid) initially deferred, parentAssetUuid uuid null references hs_hosting.asset(uuid) initially deferred,
assignedToAssetUuid uuid null references hs_hosting.asset(uuid) initially deferred, assignedToAssetUuid uuid null references hs_hosting.asset(uuid) initially deferred,
identifier varchar(80) not null, identifier varchar(80) not null,
@ -58,8 +58,8 @@ create or replace function hs_hosting.asset_type_hierarchy_check_tf()
returns trigger returns trigger
language plpgsql as $$ language plpgsql as $$
declare declare
actualParentType hs_hosting.HsHostingAssetType; actualParentType hs_hosting.AssetType;
expectedParentType hs_hosting.HsHostingAssetType; expectedParentType hs_hosting.AssetType;
begin begin
if NEW.parentAssetUuid is not null then if NEW.parentAssetUuid is not null then
actualParentType := (select type actualParentType := (select type
@ -134,8 +134,8 @@ create or replace function hs_hosting.asset_booking_item_hierarchy_check_tf()
returns trigger returns trigger
language plpgsql as $$ language plpgsql as $$
declare declare
actualBookingItemType hs_booking.HsBookingItemType; actualBookingItemType hs_booking.ItemType;
expectedBookingItemType hs_booking.HsBookingItemType; expectedBookingItemType hs_booking.ItemType;
begin begin
actualBookingItemType := (select type actualBookingItemType := (select type
from hs_booking.item from hs_booking.item

2
src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7013-hs-hosting-asset-rbac.sql
View File

@ -52,7 +52,7 @@ begin
incomingSuperRoles => array[ incomingSuperRoles => array[
hs_booking.item_ADMIN(newBookingItem), hs_booking.item_ADMIN(newBookingItem),
hs_hosting.asset_ADMIN(newParentAsset), hs_hosting.asset_ADMIN(newParentAsset),
rbac.globalADMIN(rbac.unassumed())], rbac.global_ADMIN(rbac.unassumed())],
subjectUuids => array[rbac.currentSubjectUuid()] subjectUuids => array[rbac.currentSubjectUuid()]
); );

2
src/test/java/net/hostsharing/hsadminng/hs/migration/ImportHostingAssets.java
View File

@ -1145,7 +1145,7 @@ public class ImportHostingAssets extends BaseOfficeDataImport {
final int expectedCountInTestDataCount, final int expectedCountInTestDataCount,
final int minCountExpectedInProdData) { final int minCountExpectedInProdData) {
final var q = em.createNativeQuery( final var q = em.createNativeQuery(
"select count(*) from hs_hosting.asset where type = cast(:type as hs_hosting.HsHostingAssetType)", "select count(*) from hs_hosting.asset where type = cast(:type as hs_hosting.AssetType)",
Integer.class); Integer.class);
q.setParameter("type", assetType.name()); q.setParameter("type", assetType.name());
final var count = (Integer) q.getSingleResult(); final var count = (Integer) q.getSingleResult();

3
src/test/java/net/hostsharing/hsadminng/hs/office/relation/HsOfficeRelationControllerAcceptanceTest.java
View File

@ -39,9 +39,6 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean
@Autowired @Autowired
Context context; Context context;
@Autowired
Context contextMock;
@Autowired @Autowired
HsOfficeRelationRealRepository relationrealRepo; HsOfficeRelationRealRepository relationrealRepo;