get rid of fixme, fix or amend to todo
This commit is contained in:
parent
8f080f407d
commit
86bdeaabe3
@ -161,7 +161,8 @@ public class InsertTriggerGenerator {
|
|||||||
Checks if the user or assumed roles are allowed to insert a row to ${rawSubTable},
|
Checks if the user or assumed roles are allowed to insert a row to ${rawSubTable},
|
||||||
where the check is performed by an indirect role.
|
where the check is performed by an indirect role.
|
||||||
|
|
||||||
An indirect role is a role FIXME.
|
An indirect role is a role which depends on an object uuid which is not a direct foreign key
|
||||||
|
of the source entity, but needs to be fetched via joined tables.
|
||||||
*/
|
*/
|
||||||
create or replace function ${rawSubTable}_insert_permission_check_tf()
|
create or replace function ${rawSubTable}_insert_permission_check_tf()
|
||||||
returns trigger
|
returns trigger
|
||||||
|
@ -71,10 +71,6 @@ public class RbacGrantsDiagramService {
|
|||||||
private void traverseGrantsTo(final Set<RawRbacGrantEntity> graph, final UUID refUuid, final EnumSet<Include> includes) {
|
private void traverseGrantsTo(final Set<RawRbacGrantEntity> graph, final UUID refUuid, final EnumSet<Include> includes) {
|
||||||
final var grants = rawGrantRepo.findByAscendingUuid(refUuid);
|
final var grants = rawGrantRepo.findByAscendingUuid(refUuid);
|
||||||
grants.forEach(g -> {
|
grants.forEach(g -> {
|
||||||
if ( g.getDescendantIdName() == null ) {
|
|
||||||
// FIXME: what's that?
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
if (!includes.contains(PERMISSIONS) && g.getDescendantIdName().startsWith("perm ")) {
|
if (!includes.contains(PERMISSIONS) && g.getDescendantIdName().startsWith("perm ")) {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
@ -691,7 +691,7 @@ declare
|
|||||||
superRoleId uuid;
|
superRoleId uuid;
|
||||||
subRoleId uuid;
|
subRoleId uuid;
|
||||||
begin
|
begin
|
||||||
-- FIXME: maybe separate method grantRoleToRoleIfNotNull(...)?
|
-- TODO: maybe separate method grantRoleToRoleIfNotNull(...) for NULLABLE references
|
||||||
if superRole.objectUuid is null or subRole.objectuuid is null then
|
if superRole.objectUuid is null or subRole.objectuuid is null then
|
||||||
return;
|
return;
|
||||||
end if;
|
end if;
|
||||||
|
@ -60,7 +60,7 @@ begin
|
|||||||
if cardinality(userUuids) > 0 then
|
if cardinality(userUuids) > 0 then
|
||||||
-- direct grants to users need a grantedByRole which can revoke the grant
|
-- direct grants to users need a grantedByRole which can revoke the grant
|
||||||
if grantedByRole is null then
|
if grantedByRole is null then
|
||||||
userGrantsByRoleUuid := roleUuid; -- FIXME: or do we want to require an explicit userGrantsByRoleUuid?
|
userGrantsByRoleUuid := roleUuid; -- TODO: or do we want to require an explicit userGrantsByRoleUuid?
|
||||||
else
|
else
|
||||||
userGrantsByRoleUuid := getRoleId(grantedByRole);
|
userGrantsByRoleUuid := getRoleId(grantedByRole);
|
||||||
end if;
|
end if;
|
||||||
|
@ -149,7 +149,8 @@ execute procedure hs_office_sepamandate_hs_office_relation_insert_tf();
|
|||||||
Checks if the user or assumed roles are allowed to insert a row to hs_office_sepamandate,
|
Checks if the user or assumed roles are allowed to insert a row to hs_office_sepamandate,
|
||||||
where the check is performed by an indirect role.
|
where the check is performed by an indirect role.
|
||||||
|
|
||||||
An indirect role is a role FIXME.
|
An indirect role is a role which depends on an object uuid which is not a direct foreign key
|
||||||
|
of the source entity, but needs to be fetched via joined tables.
|
||||||
*/
|
*/
|
||||||
create or replace function hs_office_sepamandate_insert_permission_check_tf()
|
create or replace function hs_office_sepamandate_insert_permission_check_tf()
|
||||||
returns trigger
|
returns trigger
|
||||||
|
@ -136,7 +136,8 @@ execute procedure hs_office_membership_hs_office_relation_insert_tf();
|
|||||||
Checks if the user or assumed roles are allowed to insert a row to hs_office_membership,
|
Checks if the user or assumed roles are allowed to insert a row to hs_office_membership,
|
||||||
where the check is performed by an indirect role.
|
where the check is performed by an indirect role.
|
||||||
|
|
||||||
An indirect role is a role FIXME.
|
An indirect role is a role which depends on an object uuid which is not a direct foreign key
|
||||||
|
of the source entity, but needs to be fetched via joined tables.
|
||||||
*/
|
*/
|
||||||
create or replace function hs_office_membership_insert_permission_check_tf()
|
create or replace function hs_office_membership_insert_permission_check_tf()
|
||||||
returns trigger
|
returns trigger
|
||||||
|
Loading…
Reference in New Issue
Block a user