From 86bdeaabe36b651ec36a719e2af5a27fa5b0b0b6 Mon Sep 17 00:00:00 2001 From: Michael Hoennig Date: Mon, 25 Mar 2024 19:58:58 +0100 Subject: [PATCH] get rid of fixme, fix or amend to todo --- .../hsadminng/rbac/rbacdef/InsertTriggerGenerator.java | 3 ++- .../hsadminng/rbac/rbacgrant/RbacGrantsDiagramService.java | 4 ---- src/main/resources/db/changelog/050-rbac-base.sql | 2 +- src/main/resources/db/changelog/057-rbac-role-builder.sql | 2 +- .../resources/db/changelog/253-hs-office-sepamandate-rbac.sql | 3 ++- .../resources/db/changelog/303-hs-office-membership-rbac.sql | 3 ++- 6 files changed, 8 insertions(+), 9 deletions(-) diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/InsertTriggerGenerator.java b/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/InsertTriggerGenerator.java index 469a5d4c..2e0a4a2f 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/InsertTriggerGenerator.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/InsertTriggerGenerator.java @@ -161,7 +161,8 @@ public class InsertTriggerGenerator { Checks if the user or assumed roles are allowed to insert a row to ${rawSubTable}, where the check is performed by an indirect role. - An indirect role is a role FIXME. + An indirect role is a role which depends on an object uuid which is not a direct foreign key + of the source entity, but needs to be fetched via joined tables. */ create or replace function ${rawSubTable}_insert_permission_check_tf() returns trigger diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantsDiagramService.java b/src/main/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantsDiagramService.java index e643fe8d..cf05496a 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantsDiagramService.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantsDiagramService.java @@ -71,10 +71,6 @@ public class RbacGrantsDiagramService { private void traverseGrantsTo(final Set graph, final UUID refUuid, final EnumSet includes) { final var grants = rawGrantRepo.findByAscendingUuid(refUuid); grants.forEach(g -> { - if ( g.getDescendantIdName() == null ) { - // FIXME: what's that? - return; - } if (!includes.contains(PERMISSIONS) && g.getDescendantIdName().startsWith("perm ")) { return; } diff --git a/src/main/resources/db/changelog/050-rbac-base.sql b/src/main/resources/db/changelog/050-rbac-base.sql index 735f1932..ca560bf9 100644 --- a/src/main/resources/db/changelog/050-rbac-base.sql +++ b/src/main/resources/db/changelog/050-rbac-base.sql @@ -691,7 +691,7 @@ declare superRoleId uuid; subRoleId uuid; begin - -- FIXME: maybe separate method grantRoleToRoleIfNotNull(...)? + -- TODO: maybe separate method grantRoleToRoleIfNotNull(...) for NULLABLE references if superRole.objectUuid is null or subRole.objectuuid is null then return; end if; diff --git a/src/main/resources/db/changelog/057-rbac-role-builder.sql b/src/main/resources/db/changelog/057-rbac-role-builder.sql index b3ddbecd..57a97a2f 100644 --- a/src/main/resources/db/changelog/057-rbac-role-builder.sql +++ b/src/main/resources/db/changelog/057-rbac-role-builder.sql @@ -60,7 +60,7 @@ begin if cardinality(userUuids) > 0 then -- direct grants to users need a grantedByRole which can revoke the grant if grantedByRole is null then - userGrantsByRoleUuid := roleUuid; -- FIXME: or do we want to require an explicit userGrantsByRoleUuid? + userGrantsByRoleUuid := roleUuid; -- TODO: or do we want to require an explicit userGrantsByRoleUuid? else userGrantsByRoleUuid := getRoleId(grantedByRole); end if; diff --git a/src/main/resources/db/changelog/253-hs-office-sepamandate-rbac.sql b/src/main/resources/db/changelog/253-hs-office-sepamandate-rbac.sql index b20d786b..9ff47369 100644 --- a/src/main/resources/db/changelog/253-hs-office-sepamandate-rbac.sql +++ b/src/main/resources/db/changelog/253-hs-office-sepamandate-rbac.sql @@ -149,7 +149,8 @@ execute procedure hs_office_sepamandate_hs_office_relation_insert_tf(); Checks if the user or assumed roles are allowed to insert a row to hs_office_sepamandate, where the check is performed by an indirect role. - An indirect role is a role FIXME. + An indirect role is a role which depends on an object uuid which is not a direct foreign key + of the source entity, but needs to be fetched via joined tables. */ create or replace function hs_office_sepamandate_insert_permission_check_tf() returns trigger diff --git a/src/main/resources/db/changelog/303-hs-office-membership-rbac.sql b/src/main/resources/db/changelog/303-hs-office-membership-rbac.sql index 89ccd7fa..b494ca72 100644 --- a/src/main/resources/db/changelog/303-hs-office-membership-rbac.sql +++ b/src/main/resources/db/changelog/303-hs-office-membership-rbac.sql @@ -136,7 +136,8 @@ execute procedure hs_office_membership_hs_office_relation_insert_tf(); Checks if the user or assumed roles are allowed to insert a row to hs_office_membership, where the check is performed by an indirect role. - An indirect role is a role FIXME. + An indirect role is a role which depends on an object uuid which is not a direct foreign key + of the source entity, but needs to be fetched via joined tables. */ create or replace function hs_office_membership_insert_permission_check_tf() returns trigger