From 86bdeaabe36b651ec36a719e2af5a27fa5b0b0b6 Mon Sep 17 00:00:00 2001
From: Michael Hoennig <michael@hoennig.de>
Date: Mon, 25 Mar 2024 19:58:58 +0100
Subject: [PATCH] get rid of fixme, fix or amend to todo

---
 .../hsadminng/rbac/rbacdef/InsertTriggerGenerator.java        | 3 ++-
 .../hsadminng/rbac/rbacgrant/RbacGrantsDiagramService.java    | 4 ----
 src/main/resources/db/changelog/050-rbac-base.sql             | 2 +-
 src/main/resources/db/changelog/057-rbac-role-builder.sql     | 2 +-
 .../resources/db/changelog/253-hs-office-sepamandate-rbac.sql | 3 ++-
 .../resources/db/changelog/303-hs-office-membership-rbac.sql  | 3 ++-
 6 files changed, 8 insertions(+), 9 deletions(-)

diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/InsertTriggerGenerator.java b/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/InsertTriggerGenerator.java
index 469a5d4c..2e0a4a2f 100644
--- a/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/InsertTriggerGenerator.java
+++ b/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/InsertTriggerGenerator.java
@@ -161,7 +161,8 @@ public class InsertTriggerGenerator {
                     Checks if the user or assumed roles are allowed to insert a row to ${rawSubTable},
                     where the check is performed by an indirect role.
                     
-                    An indirect role is a role FIXME.
+                    An indirect role is a role which depends on an object uuid which is not a direct foreign key
+                    of the source entity, but needs to be fetched via joined tables.
                 */
                 create or replace function ${rawSubTable}_insert_permission_check_tf()
                     returns trigger
diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantsDiagramService.java b/src/main/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantsDiagramService.java
index e643fe8d..cf05496a 100644
--- a/src/main/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantsDiagramService.java
+++ b/src/main/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantsDiagramService.java
@@ -71,10 +71,6 @@ public class RbacGrantsDiagramService {
     private void traverseGrantsTo(final Set<RawRbacGrantEntity> graph, final UUID refUuid, final EnumSet<Include> includes) {
         final var grants = rawGrantRepo.findByAscendingUuid(refUuid);
         grants.forEach(g -> {
-            if ( g.getDescendantIdName() == null ) {
-                // FIXME: what's that?
-                return;
-            }
             if (!includes.contains(PERMISSIONS) && g.getDescendantIdName().startsWith("perm ")) {
                 return;
             }
diff --git a/src/main/resources/db/changelog/050-rbac-base.sql b/src/main/resources/db/changelog/050-rbac-base.sql
index 735f1932..ca560bf9 100644
--- a/src/main/resources/db/changelog/050-rbac-base.sql
+++ b/src/main/resources/db/changelog/050-rbac-base.sql
@@ -691,7 +691,7 @@ declare
     superRoleId uuid;
     subRoleId uuid;
 begin
-    -- FIXME: maybe separate method grantRoleToRoleIfNotNull(...)?
+    -- TODO: maybe separate method grantRoleToRoleIfNotNull(...) for NULLABLE references
     if superRole.objectUuid is null or subRole.objectuuid is null then
         return;
     end if;
diff --git a/src/main/resources/db/changelog/057-rbac-role-builder.sql b/src/main/resources/db/changelog/057-rbac-role-builder.sql
index b3ddbecd..57a97a2f 100644
--- a/src/main/resources/db/changelog/057-rbac-role-builder.sql
+++ b/src/main/resources/db/changelog/057-rbac-role-builder.sql
@@ -60,7 +60,7 @@ begin
     if cardinality(userUuids) > 0 then
         -- direct grants to users need a grantedByRole which can revoke the grant
         if grantedByRole is null then
-            userGrantsByRoleUuid := roleUuid; -- FIXME: or do we want to require an explicit userGrantsByRoleUuid?
+            userGrantsByRoleUuid := roleUuid; -- TODO: or do we want to require an explicit userGrantsByRoleUuid?
         else
             userGrantsByRoleUuid := getRoleId(grantedByRole);
         end if;
diff --git a/src/main/resources/db/changelog/253-hs-office-sepamandate-rbac.sql b/src/main/resources/db/changelog/253-hs-office-sepamandate-rbac.sql
index b20d786b..9ff47369 100644
--- a/src/main/resources/db/changelog/253-hs-office-sepamandate-rbac.sql
+++ b/src/main/resources/db/changelog/253-hs-office-sepamandate-rbac.sql
@@ -149,7 +149,8 @@ execute procedure hs_office_sepamandate_hs_office_relation_insert_tf();
     Checks if the user or assumed roles are allowed to insert a row to hs_office_sepamandate,
     where the check is performed by an indirect role.
 
-    An indirect role is a role FIXME.
+    An indirect role is a role which depends on an object uuid which is not a direct foreign key
+    of the source entity, but needs to be fetched via joined tables.
 */
 create or replace function hs_office_sepamandate_insert_permission_check_tf()
     returns trigger
diff --git a/src/main/resources/db/changelog/303-hs-office-membership-rbac.sql b/src/main/resources/db/changelog/303-hs-office-membership-rbac.sql
index 89ccd7fa..b494ca72 100644
--- a/src/main/resources/db/changelog/303-hs-office-membership-rbac.sql
+++ b/src/main/resources/db/changelog/303-hs-office-membership-rbac.sql
@@ -136,7 +136,8 @@ execute procedure hs_office_membership_hs_office_relation_insert_tf();
     Checks if the user or assumed roles are allowed to insert a row to hs_office_membership,
     where the check is performed by an indirect role.
 
-    An indirect role is a role FIXME.
+    An indirect role is a role which depends on an object uuid which is not a direct foreign key
+    of the source entity, but needs to be fetched via joined tables.
 */
 create or replace function hs_office_membership_insert_permission_check_tf()
     returns trigger