rename currentUserId->currentUserUuid + currentSubjectIds->currentSubjectsUuids

This commit is contained in:
Michael Hoennig 2022-08-30 09:18:52 +02:00
parent 1c45443da6
commit 8045b66324
11 changed files with 35 additions and 35 deletions

View File

@ -74,7 +74,7 @@ For restricted DB-users, which are used by the backend, access to rows is filter
FOR SELECT
TO restricted
USING (
isPermissionGrantedToSubject(findPermissionId('customer', id, 'view'), currentUserId())
isPermissionGrantedToSubject(findPermissionId('customer', id, 'view'), currentUserUuid())
);
SET SESSION AUTHORIZATION restricted;
@ -101,7 +101,7 @@ We are bound to PostgreSQL, including integration tests and testing the RBAC sys
CREATE OR REPLACE RULE "_RETURN" AS
ON SELECT TO cust_view
DO INSTEAD
SELECT * FROM customer WHERE isPermissionGrantedToSubject(findPermissionId('customer', id, 'view'), currentUserId());
SELECT * FROM customer WHERE isPermissionGrantedToSubject(findPermissionId('customer', id, 'view'), currentUserUuid());
SET SESSION AUTHORIZATION restricted;
SET hsadminng.currentUser TO 'alex@example.com';
@ -130,7 +130,7 @@ We do not access the tables directly from the backend, but via views which join
CREATE OR REPLACE VIEW cust_view AS
SELECT c.id, c.reference, c.prefix
FROM customer AS c
JOIN queryAllPermissionsOfSubjectId(currentUserId()) AS p
JOIN queryAllPermissionsOfSubjectId(currentUserUuid()) AS p
ON p.tableName='customer' AND p.rowId=c.id AND p.op='view';
GRANT ALL PRIVILEGES ON cust_view TO restricted;

View File

@ -591,7 +591,7 @@ Let's have a look at the two view queries:
WHERE target.uuid IN (
SELECT uuid
FROM queryAccessibleObjectUuidsOfSubjectIds(
'view', 'customer', currentSubjectIds()));
'view', 'customer', currentSubjectsUuids()));
This view should be automatically updatable.
Where, for updates, we actually have to check for 'edit' instead of 'view' operation, which makes it a bit more complicated.
@ -609,7 +609,7 @@ Looks like the query optimizer needed some statistics to find the best path.
SELECT DISTINCT target.*
FROM customer AS target
JOIN queryAccessibleObjectUuidsOfSubjectIds(
'view', 'customer', currentSubjectIds()) AS allowedObjId
'view', 'customer', currentSubjectsUuids()) AS allowedObjId
ON target.uuid = allowedObjId;
This view cannot is not updatable automatically,

View File

@ -102,7 +102,7 @@ drop view if exists domain_rv;
create or replace view domain_rv as
select target.*
from Domain as target
where target.uuid in (select queryAccessibleObjectUuidsOfSubjectIds('view', 'domain', currentSubjectIds()));
where target.uuid in (select queryAccessibleObjectUuidsOfSubjectIds('view', 'domain', currentSubjectsUuids()));
grant all privileges on domain_rv to restricted;

View File

@ -87,7 +87,7 @@ drop view if exists EMailAddress_rv;
create or replace view EMailAddress_rv as
select target.*
from EMailAddress as target
where target.uuid in (select queryAccessibleObjectUuidsOfSubjectIds('view', 'emailaddress', currentSubjectIds()));
where target.uuid in (select queryAccessibleObjectUuidsOfSubjectIds('view', 'emailaddress', currentSubjectsUuids()));
grant all privileges on EMailAddress_rv to restricted;
-- generate EMailAddress test data

View File

@ -20,7 +20,7 @@ CREATE POLICY customer_policy ON customer
TO restricted
USING (
-- id=1000
isPermissionGrantedToSubject(findPermissionId('customer', id, 'view'), currentUserId())
isPermissionGrantedToSubject(findPermissionId('customer', id, 'view'), currentUserUuid())
);
SET SESSION AUTHORIZATION restricted;
@ -35,7 +35,7 @@ SELECT * FROM customer;
CREATE OR REPLACE RULE "_RETURN" AS
ON SELECT TO cust_view
DO INSTEAD
SELECT * FROM customer WHERE isPermissionGrantedToSubject(findPermissionId('customer', id, 'view'), currentUserId());
SELECT * FROM customer WHERE isPermissionGrantedToSubject(findPermissionId('customer', id, 'view'), currentUserUuid());
SELECT * from cust_view LIMIT 10;
select queryAllPermissionsOfSubjectId(findRbacUser('mike@hostsharing.net'));
@ -51,7 +51,7 @@ CREATE OR REPLACE RULE "_RETURN" AS
ON SELECT TO cust_view
DO INSTEAD
SELECT c.uuid, c.reference, c.prefix FROM customer AS c
JOIN queryAllPermissionsOfSubjectId(currentUserId()) AS p
JOIN queryAllPermissionsOfSubjectId(currentUserUuid()) AS p
ON p.objectTable='customer' AND p.objectUuid=c.uuid AND p.op in ('*', 'view');
GRANT ALL PRIVILEGES ON cust_view TO restricted;
@ -67,7 +67,7 @@ DROP VIEW IF EXISTS cust_view;
CREATE OR REPLACE VIEW cust_view AS
SELECT c.uuid, c.reference, c.prefix
FROM customer AS c
JOIN queryAllPermissionsOfSubjectId(currentUserId()) AS p
JOIN queryAllPermissionsOfSubjectId(currentUserUuid()) AS p
ON p.objectUuid=c.uuid AND p.op in ('*', 'view');
GRANT ALL PRIVILEGES ON cust_view TO restricted;

View File

@ -16,7 +16,7 @@ begin
raise exception '[400] Granting roles to user is only possible if exactly one role is assumed, given: %', assumedRoles();
end if;
currentSubjectUuids := currentSubjectIds();
currentSubjectUuids := currentSubjectsUuids();
return currentSubjectUuids[1];
end; $$;
@ -42,7 +42,7 @@ begin
perform assertReferenceType('grantedRoleUuid (descendant)', grantedRoleUuid, 'RbacRole');
perform assertReferenceType('userUuid (ascendant)', userUuid, 'RbacUser');
if NOT isGranted(currentSubjectIds(), grantedByRoleUuid) then
if NOT isGranted(currentSubjectsUuids(), grantedByRoleUuid) then
raise exception '[403] Access to granted-by-role % forbidden for %', grantedByRoleUuid, currentSubjects();
end if;
@ -71,7 +71,7 @@ begin
perform assertReferenceType('grantedRoleUuid (descendant)', grantedRoleUuid, 'RbacRole');
perform assertReferenceType('userUuid (ascendant)', userUuid, 'RbacUser');
if NOT isGranted(currentSubjectIds(), grantedByRoleUuid) then
if NOT isGranted(currentSubjectsUuids(), grantedByRoleUuid) then
raise exception '[403] Revoking role created by % is forbidden for %.', grantedByRoleUuid, currentSubjects();
end if;
@ -79,8 +79,8 @@ begin
raise exception '[403] Revoking role % is forbidden for %.', grantedRoleUuid, currentSubjects();
end if;
--raise exception 'isGranted(%, %)', currentSubjectIds(), grantedByRoleUuid;
if NOT isGranted(currentSubjectIds(), grantedByRoleUuid) then
--raise exception 'isGranted(%, %)', currentSubjectsUuids(), grantedByRoleUuid;
if NOT isGranted(currentSubjectsUuids(), grantedByRoleUuid) then
raise exception '[403] Revoking role granted by % is forbidden for %.', grantedByRoleUuid, currentSubjects();
end if;

View File

@ -8,20 +8,20 @@
Raises exception if not set.
*/
create or replace function currentUserId()
create or replace function currentUserUuid()
returns uuid
stable leakproof
language plpgsql as $$
declare
currentUser varchar(63);
currentUserId uuid;
currentUserUuid uuid;
begin
currentUser := currentUser();
currentUserId = (select uuid from RbacUser where name = currentUser);
if currentUserId is null then
currentUserUuid = (select uuid from RbacUser where name = currentUser);
if currentUserUuid is null then
raise exception '[401] hsadminng.currentUser defined as %, but does not exists', currentUser;
end if;
return currentUserId;
return currentUserUuid;
end; $$;
--//
@ -33,12 +33,12 @@ end; $$;
or, if any, ids of assumed role names as set in `hsadminng.assumedRoles`
or empty array, if not set.
*/
create or replace function currentSubjectIds()
create or replace function currentSubjectsUuids()
returns uuid[]
stable leakproof
language plpgsql as $$
declare
currentUserId uuid;
currentUserUuid uuid;
roleNames varchar(63)[];
roleName varchar(63);
objectTableToAssume varchar(63);
@ -48,14 +48,14 @@ declare
roleIdsToAssume uuid[];
roleUuidToAssume uuid;
begin
currentUserId := currentUserId();
if currentUserId is null then
currentUserUuid := currentUserUuid();
if currentUserUuid is null then
raise exception '[401] user % does not exist', currentUser();
end if;
roleNames := assumedRoles();
if cardinality(roleNames) = 0 then
return array [currentUserId];
return array [currentUserUuid];
end if;
raise notice 'assuming roles: %', roleNames;
@ -75,8 +75,8 @@ begin
where r.objectUuid = objectUuidToAssume
and r.roleType = roleTypeToAssume
into roleUuidToAssume;
if (not isGranted(currentUserId, roleUuidToAssume)) then
raise exception '[403] user % (%) has no permission to assume role % (%)', currentUser(), currentUserId, roleName, roleUuidToAssume;
if (not isGranted(currentUserUuid, roleUuidToAssume)) then
raise exception '[403] user % (%) has no permission to assume role % (%)', currentUser(), currentUserUuid, roleName, roleUuidToAssume;
end if;
roleIdsToAssume := roleIdsToAssume || roleUuidToAssume;
end loop;

View File

@ -41,7 +41,7 @@ $$
-- TODO: this could to be optimized
select (select uuid from global) in
(select queryAccessibleObjectUuidsOfSubjectIds(
op, 'global', currentSubjectIds()));
op, 'global', currentSubjectsUuids()));
$$;
--//
@ -124,7 +124,7 @@ $$;
-- ----------------------------------------------------------------------------
/*
Tests if currentUserId() can fetch the user from the session variable.
Tests if currentUserUuid() can fetch the user from the session variable.
*/
do language plpgsql $$
@ -132,13 +132,13 @@ do language plpgsql $$
userName varchar;
begin
set local hsadminng.currentUser = 'sven@hostsharing.net';
select userName from RbacUser where uuid = currentUserId() into userName;
select userName from RbacUser where uuid = currentUserUuid() into userName;
if userName <> 'sven@hostsharing.net' then
raise exception 'setting or fetching initial currentUser failed, got: %', userName;
end if;
set local hsadminng.currentUser = 'mike@hostsharing.net';
select userName from RbacUser where uuid = currentUserId() into userName;
select userName from RbacUser where uuid = currentUserUuid() into userName;
if userName = 'mike@hostsharing.net' then
raise exception 'currentUser should not change in one transaction, but did change, got: %', userName;
end if;

View File

@ -189,7 +189,7 @@ drop view if exists customer_rv;
create or replace view customer_rv as
select target.*
from customer as target
where target.uuid in (select queryAccessibleObjectUuidsOfSubjectIds('view', 'customer', currentSubjectIds()));
where target.uuid in (select queryAccessibleObjectUuidsOfSubjectIds('view', 'customer', currentSubjectsUuids()));
grant all privileges on customer_rv to restricted;
--//

View File

@ -188,7 +188,7 @@ drop view if exists package_rv;
create or replace view package_rv as
select target.*
from package as target
where target.uuid in (select queryAccessibleObjectUuidsOfSubjectIds('view', 'package', currentSubjectIds()))
where target.uuid in (select queryAccessibleObjectUuidsOfSubjectIds('view', 'package', currentSubjectsUuids()))
order by target.name;
grant all privileges on package_rv to restricted;
--//

View File

@ -206,6 +206,6 @@ drop view if exists unixuser_rv;
create or replace view unixuser_rv as
select target.*
from unixuser as target
where target.uuid in (select queryAccessibleObjectUuidsOfSubjectIds('view', 'unixuser', currentSubjectIds()));
where target.uuid in (select queryAccessibleObjectUuidsOfSubjectIds('view', 'unixuser', currentSubjectsUuids()));
grant all privileges on unixuser_rv to restricted;
--//