From 8b2dbaa8bd4343d0c7c7a66377c0c18cbd78688b Mon Sep 17 00:00:00 2001 From: Michael Hoennig Date: Fri, 13 Sep 2024 17:31:08 +0200 Subject: [PATCH] rbac schema in 1056-rbac-trigger-context.sql --- .../rbac/rbacdef/RolesGrantsAndPermissionsGenerator.java | 8 ++++---- src/main/resources/db/changelog/1-rbac/1050-rbac-base.sql | 6 +++--- .../db/changelog/1-rbac/1056-rbac-trigger-context.sql | 8 ++++---- .../2-test/201-test-customer/2013-test-customer-rbac.sql | 4 ++-- .../2-test/202-test-package/2023-test-package-rbac.sql | 8 ++++---- .../2-test/203-test-domain/2033-test-domain-rbac.sql | 8 ++++---- .../501-contact/5013-hs-office-contact-rbac.sql | 4 ++-- .../5-hs-office/502-person/5023-hs-office-person-rbac.sql | 4 ++-- .../503-relation/5033-hs-office-relation-rbac.sql | 4 ++-- .../504-partner/5043-hs-office-partner-rbac.sql | 8 ++++---- .../504-partner/5044-hs-office-partner-details-rbac.sql | 4 ++-- .../505-bankaccount/5053-hs-office-bankaccount-rbac.sql | 4 ++-- .../506-debitor/5063-hs-office-debitor-rbac.sql | 4 ++-- .../507-sepamandate/5073-hs-office-sepamandate-rbac.sql | 4 ++-- .../510-membership/5103-hs-office-membership-rbac.sql | 4 ++-- .../511-coopshares/5113-hs-office-coopshares-rbac.sql | 4 ++-- .../512-coopassets/5123-hs-office-coopassets-rbac.sql | 4 ++-- .../620-booking-project/6203-hs-booking-project-rbac.sql | 4 ++-- .../630-booking-item/6203-hs-booking-item-rbac.sql | 4 ++-- .../630-booking-item/6303-hs-booking-item-rbac.sql | 4 ++-- .../701-hosting-asset/7013-hs-hosting-asset-rbac.sql | 4 ++-- 21 files changed, 53 insertions(+), 53 deletions(-) diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RolesGrantsAndPermissionsGenerator.java b/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RolesGrantsAndPermissionsGenerator.java index c8d1796d..a664c66b 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RolesGrantsAndPermissionsGenerator.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RolesGrantsAndPermissionsGenerator.java @@ -83,11 +83,11 @@ class RolesGrantsAndPermissionsGenerator { plPgSql.writeLn(); plPgSql.writeLn("begin"); plPgSql.indented(() -> { - plPgSql.writeLn("call enterTriggerForObjectUuid(NEW.uuid);"); + plPgSql.writeLn("call rbac.enterTriggerForObjectUuid(NEW.uuid);"); plPgSql.writeLn(); generateCreateRolesAndGrantsAfterInsert(plPgSql); plPgSql.ensureSingleEmptyLine(); - plPgSql.writeLn("call leaveTriggerForObjectUuid(NEW.uuid);"); + plPgSql.writeLn("call rbac.leaveTriggerForObjectUuid(NEW.uuid);"); }); plPgSql.writeLn("end; $$;"); plPgSql.writeLn(); @@ -153,11 +153,11 @@ class RolesGrantsAndPermissionsGenerator { plPgSql.writeLn(); plPgSql.writeLn("begin"); plPgSql.indented(() -> { - plPgSql.writeLn("call enterTriggerForObjectUuid(NEW.uuid);"); + plPgSql.writeLn("call rbac.enterTriggerForObjectUuid(NEW.uuid);"); plPgSql.writeLn(); generateUpdateRolesAndGrantsAfterUpdate(plPgSql); plPgSql.ensureSingleEmptyLine(); - plPgSql.writeLn("call leaveTriggerForObjectUuid(NEW.uuid);"); + plPgSql.writeLn("call rbac.leaveTriggerForObjectUuid(NEW.uuid);"); }); plPgSql.writeLn("end; $$;"); plPgSql.writeLn(); diff --git a/src/main/resources/db/changelog/1-rbac/1050-rbac-base.sql b/src/main/resources/db/changelog/1-rbac/1050-rbac-base.sql index 84f0d262..7c73ec7b 100644 --- a/src/main/resources/db/changelog/1-rbac/1050-rbac-base.sql +++ b/src/main/resources/db/changelog/1-rbac/1050-rbac-base.sql @@ -596,7 +596,7 @@ begin insert into RbacGrants (grantedByTriggerOf, ascendantUuid, descendantUuid, assumed) - values (currentTriggerObjectUuid(), roleUuid, permissionUuid, true) + values (rbac.currentTriggerObjectUuid(), roleUuid, permissionUuid, true) on conflict do nothing; -- allow granting multiple times end; $$; @@ -620,7 +620,7 @@ begin insert into RbacGrants (grantedByTriggerOf, ascendantuuid, descendantUuid, assumed) - values (currentTriggerObjectUuid(), superRoleId, subRoleId, doAssume) + values (rbac.currentTriggerObjectUuid(), superRoleId, subRoleId, doAssume) on conflict do nothing; -- allow granting multiple times end; $$; @@ -648,7 +648,7 @@ begin insert into RbacGrants (grantedByTriggerOf, ascendantuuid, descendantUuid, assumed) - values (currentTriggerObjectUuid(), superRoleId, subRoleId, doAssume) + values (rbac.currentTriggerObjectUuid(), superRoleId, subRoleId, doAssume) on conflict do nothing; -- allow granting multiple times end; $$; diff --git a/src/main/resources/db/changelog/1-rbac/1056-rbac-trigger-context.sql b/src/main/resources/db/changelog/1-rbac/1056-rbac-trigger-context.sql index 80a92987..7e6f3d09 100644 --- a/src/main/resources/db/changelog/1-rbac/1056-rbac-trigger-context.sql +++ b/src/main/resources/db/changelog/1-rbac/1056-rbac-trigger-context.sql @@ -5,7 +5,7 @@ --changeset rbac-trigger-context-ENTER:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -create or replace procedure enterTriggerForObjectUuid(currentObjectUuid uuid) +create or replace procedure rbac.enterTriggerForObjectUuid(currentObjectUuid uuid) language plpgsql as $$ declare existingObjectUuid text; @@ -22,10 +22,10 @@ end; $$; --changeset rbac-trigger-context-CURRENT-ID:1 endDelimiter:--// -- ---------------------------------------------------------------------------- /* - Returns the uuid of the object uuid whose trigger is currently executed as set via `enterTriggerForObjectUuid(...)`. + Returns the uuid of the object uuid whose trigger is currently executed as set via `rbac.enterTriggerForObjectUuid(...)`. */ -create or replace function currentTriggerObjectUuid() +create or replace function rbac.currentTriggerObjectUuid() returns uuid stable -- leakproof language plpgsql as $$ @@ -47,7 +47,7 @@ end; $$; --changeset rbac-trigger-context-LEAVE:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -create or replace procedure leaveTriggerForObjectUuid(currentObjectUuid uuid) +create or replace procedure rbac.leaveTriggerForObjectUuid(currentObjectUuid uuid) language plpgsql as $$ declare existingObjectUuid uuid; diff --git a/src/main/resources/db/changelog/2-test/201-test-customer/2013-test-customer-rbac.sql b/src/main/resources/db/changelog/2-test/201-test-customer/2013-test-customer-rbac.sql index 2435b37e..a50ee080 100644 --- a/src/main/resources/db/changelog/2-test/201-test-customer/2013-test-customer-rbac.sql +++ b/src/main/resources/db/changelog/2-test/201-test-customer/2013-test-customer-rbac.sql @@ -32,7 +32,7 @@ create or replace procedure buildRbacSystemForTestCustomer( declare begin - call enterTriggerForObjectUuid(NEW.uuid); + call rbac.enterTriggerForObjectUuid(NEW.uuid); perform createRoleWithGrants( testCustomerOWNER(NEW), @@ -53,7 +53,7 @@ begin incomingSuperRoles => array[testCustomerADMIN(NEW)] ); - call leaveTriggerForObjectUuid(NEW.uuid); + call rbac.leaveTriggerForObjectUuid(NEW.uuid); end; $$; /* diff --git a/src/main/resources/db/changelog/2-test/202-test-package/2023-test-package-rbac.sql b/src/main/resources/db/changelog/2-test/202-test-package/2023-test-package-rbac.sql index af51c791..5232c35f 100644 --- a/src/main/resources/db/changelog/2-test/202-test-package/2023-test-package-rbac.sql +++ b/src/main/resources/db/changelog/2-test/202-test-package/2023-test-package-rbac.sql @@ -33,7 +33,7 @@ declare newCustomer test_customer; begin - call enterTriggerForObjectUuid(NEW.uuid); + call rbac.enterTriggerForObjectUuid(NEW.uuid); SELECT * FROM test_customer WHERE uuid = NEW.customerUuid INTO newCustomer; assert newCustomer.uuid is not null, format('newCustomer must not be null for NEW.customerUuid = %s', NEW.customerUuid); @@ -57,7 +57,7 @@ begin outgoingSubRoles => array[testCustomerTENANT(newCustomer)] ); - call leaveTriggerForObjectUuid(NEW.uuid); + call rbac.leaveTriggerForObjectUuid(NEW.uuid); end; $$; /* @@ -99,7 +99,7 @@ declare newCustomer test_customer; begin - call enterTriggerForObjectUuid(NEW.uuid); + call rbac.enterTriggerForObjectUuid(NEW.uuid); SELECT * FROM test_customer WHERE uuid = OLD.customerUuid INTO oldCustomer; assert oldCustomer.uuid is not null, format('oldCustomer must not be null for OLD.customerUuid = %s', OLD.customerUuid); @@ -118,7 +118,7 @@ begin end if; - call leaveTriggerForObjectUuid(NEW.uuid); + call rbac.leaveTriggerForObjectUuid(NEW.uuid); end; $$; /* diff --git a/src/main/resources/db/changelog/2-test/203-test-domain/2033-test-domain-rbac.sql b/src/main/resources/db/changelog/2-test/203-test-domain/2033-test-domain-rbac.sql index 1b4a0421..4c5311be 100644 --- a/src/main/resources/db/changelog/2-test/203-test-domain/2033-test-domain-rbac.sql +++ b/src/main/resources/db/changelog/2-test/203-test-domain/2033-test-domain-rbac.sql @@ -33,7 +33,7 @@ declare newPackage test_package; begin - call enterTriggerForObjectUuid(NEW.uuid); + call rbac.enterTriggerForObjectUuid(NEW.uuid); SELECT * FROM test_package WHERE uuid = NEW.packageUuid INTO newPackage; assert newPackage.uuid is not null, format('newPackage must not be null for NEW.packageUuid = %s', NEW.packageUuid); @@ -53,7 +53,7 @@ begin outgoingSubRoles => array[testPackageTENANT(newPackage)] ); - call leaveTriggerForObjectUuid(NEW.uuid); + call rbac.leaveTriggerForObjectUuid(NEW.uuid); end; $$; /* @@ -95,7 +95,7 @@ declare newPackage test_package; begin - call enterTriggerForObjectUuid(NEW.uuid); + call rbac.enterTriggerForObjectUuid(NEW.uuid); SELECT * FROM test_package WHERE uuid = OLD.packageUuid INTO oldPackage; assert oldPackage.uuid is not null, format('oldPackage must not be null for OLD.packageUuid = %s', OLD.packageUuid); @@ -117,7 +117,7 @@ begin end if; - call leaveTriggerForObjectUuid(NEW.uuid); + call rbac.leaveTriggerForObjectUuid(NEW.uuid); end; $$; /* diff --git a/src/main/resources/db/changelog/5-hs-office/501-contact/5013-hs-office-contact-rbac.sql b/src/main/resources/db/changelog/5-hs-office/501-contact/5013-hs-office-contact-rbac.sql index 27d246ef..713cb3e5 100644 --- a/src/main/resources/db/changelog/5-hs-office/501-contact/5013-hs-office-contact-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/501-contact/5013-hs-office-contact-rbac.sql @@ -32,7 +32,7 @@ create or replace procedure buildRbacSystemForHsOfficeContact( declare begin - call enterTriggerForObjectUuid(NEW.uuid); + call rbac.enterTriggerForObjectUuid(NEW.uuid); perform createRoleWithGrants( hsOfficeContactOWNER(NEW), @@ -53,7 +53,7 @@ begin incomingSuperRoles => array[hsOfficeContactADMIN(NEW)] ); - call leaveTriggerForObjectUuid(NEW.uuid); + call rbac.leaveTriggerForObjectUuid(NEW.uuid); end; $$; /* diff --git a/src/main/resources/db/changelog/5-hs-office/502-person/5023-hs-office-person-rbac.sql b/src/main/resources/db/changelog/5-hs-office/502-person/5023-hs-office-person-rbac.sql index ad148e37..ed05b81c 100644 --- a/src/main/resources/db/changelog/5-hs-office/502-person/5023-hs-office-person-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/502-person/5023-hs-office-person-rbac.sql @@ -32,7 +32,7 @@ create or replace procedure buildRbacSystemForHsOfficePerson( declare begin - call enterTriggerForObjectUuid(NEW.uuid); + call rbac.enterTriggerForObjectUuid(NEW.uuid); perform createRoleWithGrants( hsOfficePersonOWNER(NEW), @@ -53,7 +53,7 @@ begin incomingSuperRoles => array[hsOfficePersonADMIN(NEW)] ); - call leaveTriggerForObjectUuid(NEW.uuid); + call rbac.leaveTriggerForObjectUuid(NEW.uuid); end; $$; /* diff --git a/src/main/resources/db/changelog/5-hs-office/503-relation/5033-hs-office-relation-rbac.sql b/src/main/resources/db/changelog/5-hs-office/503-relation/5033-hs-office-relation-rbac.sql index c7d3610b..c226044a 100644 --- a/src/main/resources/db/changelog/5-hs-office/503-relation/5033-hs-office-relation-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/503-relation/5033-hs-office-relation-rbac.sql @@ -35,7 +35,7 @@ declare newContact hs_office_contact; begin - call enterTriggerForObjectUuid(NEW.uuid); + call rbac.enterTriggerForObjectUuid(NEW.uuid); SELECT * FROM hs_office_person WHERE uuid = NEW.holderUuid INTO newHolderPerson; assert newHolderPerson.uuid is not null, format('newHolderPerson must not be null for NEW.holderUuid = %s', NEW.holderUuid); @@ -86,7 +86,7 @@ begin call grantRoleToRole(hsOfficeRelationOWNER(NEW), hsOfficePersonADMIN(newAnchorPerson)); END IF; - call leaveTriggerForObjectUuid(NEW.uuid); + call rbac.leaveTriggerForObjectUuid(NEW.uuid); end; $$; /* diff --git a/src/main/resources/db/changelog/5-hs-office/504-partner/5043-hs-office-partner-rbac.sql b/src/main/resources/db/changelog/5-hs-office/504-partner/5043-hs-office-partner-rbac.sql index 7a865ce3..f7ab04c6 100644 --- a/src/main/resources/db/changelog/5-hs-office/504-partner/5043-hs-office-partner-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/504-partner/5043-hs-office-partner-rbac.sql @@ -34,7 +34,7 @@ declare newPartnerDetails hs_office_partner_details; begin - call enterTriggerForObjectUuid(NEW.uuid); + call rbac.enterTriggerForObjectUuid(NEW.uuid); SELECT * FROM hs_office_relation WHERE uuid = NEW.partnerRelUuid INTO newPartnerRel; assert newPartnerRel.uuid is not null, format('newPartnerRel must not be null for NEW.partnerRelUuid = %s', NEW.partnerRelUuid); @@ -49,7 +49,7 @@ begin call grantPermissionToRole(createPermission(newPartnerDetails.uuid, 'SELECT'), hsOfficeRelationAGENT(newPartnerRel)); call grantPermissionToRole(createPermission(newPartnerDetails.uuid, 'UPDATE'), hsOfficeRelationAGENT(newPartnerRel)); - call leaveTriggerForObjectUuid(NEW.uuid); + call rbac.leaveTriggerForObjectUuid(NEW.uuid); end; $$; /* @@ -93,7 +93,7 @@ declare newPartnerDetails hs_office_partner_details; begin - call enterTriggerForObjectUuid(NEW.uuid); + call rbac.enterTriggerForObjectUuid(NEW.uuid); SELECT * FROM hs_office_relation WHERE uuid = OLD.partnerRelUuid INTO oldPartnerRel; assert oldPartnerRel.uuid is not null, format('oldPartnerRel must not be null for OLD.partnerRelUuid = %s', OLD.partnerRelUuid); @@ -130,7 +130,7 @@ begin end if; - call leaveTriggerForObjectUuid(NEW.uuid); + call rbac.leaveTriggerForObjectUuid(NEW.uuid); end; $$; /* diff --git a/src/main/resources/db/changelog/5-hs-office/504-partner/5044-hs-office-partner-details-rbac.sql b/src/main/resources/db/changelog/5-hs-office/504-partner/5044-hs-office-partner-details-rbac.sql index 7810f838..dc273e56 100644 --- a/src/main/resources/db/changelog/5-hs-office/504-partner/5044-hs-office-partner-details-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/504-partner/5044-hs-office-partner-details-rbac.sql @@ -32,9 +32,9 @@ create or replace procedure buildRbacSystemForHsOfficePartnerDetails( declare begin - call enterTriggerForObjectUuid(NEW.uuid); + call rbac.enterTriggerForObjectUuid(NEW.uuid); - call leaveTriggerForObjectUuid(NEW.uuid); + call rbac.leaveTriggerForObjectUuid(NEW.uuid); end; $$; /* diff --git a/src/main/resources/db/changelog/5-hs-office/505-bankaccount/5053-hs-office-bankaccount-rbac.sql b/src/main/resources/db/changelog/5-hs-office/505-bankaccount/5053-hs-office-bankaccount-rbac.sql index 2a8f3f10..e42c81f6 100644 --- a/src/main/resources/db/changelog/5-hs-office/505-bankaccount/5053-hs-office-bankaccount-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/505-bankaccount/5053-hs-office-bankaccount-rbac.sql @@ -32,7 +32,7 @@ create or replace procedure buildRbacSystemForHsOfficeBankAccount( declare begin - call enterTriggerForObjectUuid(NEW.uuid); + call rbac.enterTriggerForObjectUuid(NEW.uuid); perform createRoleWithGrants( hsOfficeBankAccountOWNER(NEW), @@ -53,7 +53,7 @@ begin incomingSuperRoles => array[hsOfficeBankAccountADMIN(NEW)] ); - call leaveTriggerForObjectUuid(NEW.uuid); + call rbac.leaveTriggerForObjectUuid(NEW.uuid); end; $$; /* diff --git a/src/main/resources/db/changelog/5-hs-office/506-debitor/5063-hs-office-debitor-rbac.sql b/src/main/resources/db/changelog/5-hs-office/506-debitor/5063-hs-office-debitor-rbac.sql index 130f4d95..c08f6cc4 100644 --- a/src/main/resources/db/changelog/5-hs-office/506-debitor/5063-hs-office-debitor-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/506-debitor/5063-hs-office-debitor-rbac.sql @@ -35,7 +35,7 @@ declare newRefundBankAccount hs_office_bankaccount; begin - call enterTriggerForObjectUuid(NEW.uuid); + call rbac.enterTriggerForObjectUuid(NEW.uuid); SELECT partnerRel.* FROM hs_office_relation AS partnerRel @@ -61,7 +61,7 @@ begin call grantPermissionToRole(createPermission(NEW.uuid, 'SELECT'), hsOfficeRelationTENANT(newDebitorRel)); call grantPermissionToRole(createPermission(NEW.uuid, 'UPDATE'), hsOfficeRelationADMIN(newDebitorRel)); - call leaveTriggerForObjectUuid(NEW.uuid); + call rbac.leaveTriggerForObjectUuid(NEW.uuid); end; $$; /* diff --git a/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5073-hs-office-sepamandate-rbac.sql b/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5073-hs-office-sepamandate-rbac.sql index b37acf34..93efcc63 100644 --- a/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5073-hs-office-sepamandate-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5073-hs-office-sepamandate-rbac.sql @@ -34,7 +34,7 @@ declare newDebitorRel hs_office_relation; begin - call enterTriggerForObjectUuid(NEW.uuid); + call rbac.enterTriggerForObjectUuid(NEW.uuid); SELECT * FROM hs_office_bankaccount WHERE uuid = NEW.bankAccountUuid INTO newBankAccount; assert newBankAccount.uuid is not null, format('newBankAccount must not be null for NEW.bankAccountUuid = %s', NEW.bankAccountUuid); @@ -78,7 +78,7 @@ begin outgoingSubRoles => array[hsOfficeRelationTENANT(newDebitorRel)] ); - call leaveTriggerForObjectUuid(NEW.uuid); + call rbac.leaveTriggerForObjectUuid(NEW.uuid); end; $$; /* diff --git a/src/main/resources/db/changelog/5-hs-office/510-membership/5103-hs-office-membership-rbac.sql b/src/main/resources/db/changelog/5-hs-office/510-membership/5103-hs-office-membership-rbac.sql index 903e6161..8d5744e2 100644 --- a/src/main/resources/db/changelog/5-hs-office/510-membership/5103-hs-office-membership-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/510-membership/5103-hs-office-membership-rbac.sql @@ -33,7 +33,7 @@ declare newPartnerRel hs_office_relation; begin - call enterTriggerForObjectUuid(NEW.uuid); + call rbac.enterTriggerForObjectUuid(NEW.uuid); SELECT partnerRel.* FROM hs_office_partner AS partner @@ -65,7 +65,7 @@ begin outgoingSubRoles => array[hsOfficeRelationTENANT(newPartnerRel)] ); - call leaveTriggerForObjectUuid(NEW.uuid); + call rbac.leaveTriggerForObjectUuid(NEW.uuid); end; $$; /* diff --git a/src/main/resources/db/changelog/5-hs-office/511-coopshares/5113-hs-office-coopshares-rbac.sql b/src/main/resources/db/changelog/5-hs-office/511-coopshares/5113-hs-office-coopshares-rbac.sql index f440dd83..b7692428 100644 --- a/src/main/resources/db/changelog/5-hs-office/511-coopshares/5113-hs-office-coopshares-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/511-coopshares/5113-hs-office-coopshares-rbac.sql @@ -33,7 +33,7 @@ declare newMembership hs_office_membership; begin - call enterTriggerForObjectUuid(NEW.uuid); + call rbac.enterTriggerForObjectUuid(NEW.uuid); SELECT * FROM hs_office_membership WHERE uuid = NEW.membershipUuid INTO newMembership; assert newMembership.uuid is not null, format('newMembership must not be null for NEW.membershipUuid = %s', NEW.membershipUuid); @@ -41,7 +41,7 @@ begin call grantPermissionToRole(createPermission(NEW.uuid, 'SELECT'), hsOfficeMembershipAGENT(newMembership)); call grantPermissionToRole(createPermission(NEW.uuid, 'UPDATE'), hsOfficeMembershipADMIN(newMembership)); - call leaveTriggerForObjectUuid(NEW.uuid); + call rbac.leaveTriggerForObjectUuid(NEW.uuid); end; $$; /* diff --git a/src/main/resources/db/changelog/5-hs-office/512-coopassets/5123-hs-office-coopassets-rbac.sql b/src/main/resources/db/changelog/5-hs-office/512-coopassets/5123-hs-office-coopassets-rbac.sql index edaf816e..15af871b 100644 --- a/src/main/resources/db/changelog/5-hs-office/512-coopassets/5123-hs-office-coopassets-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/512-coopassets/5123-hs-office-coopassets-rbac.sql @@ -33,7 +33,7 @@ declare newMembership hs_office_membership; begin - call enterTriggerForObjectUuid(NEW.uuid); + call rbac.enterTriggerForObjectUuid(NEW.uuid); SELECT * FROM hs_office_membership WHERE uuid = NEW.membershipUuid INTO newMembership; assert newMembership.uuid is not null, format('newMembership must not be null for NEW.membershipUuid = %s', NEW.membershipUuid); @@ -41,7 +41,7 @@ begin call grantPermissionToRole(createPermission(NEW.uuid, 'SELECT'), hsOfficeMembershipAGENT(newMembership)); call grantPermissionToRole(createPermission(NEW.uuid, 'UPDATE'), hsOfficeMembershipADMIN(newMembership)); - call leaveTriggerForObjectUuid(NEW.uuid); + call rbac.leaveTriggerForObjectUuid(NEW.uuid); end; $$; /* diff --git a/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6203-hs-booking-project-rbac.sql b/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6203-hs-booking-project-rbac.sql index 7079ea11..9aca37a1 100644 --- a/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6203-hs-booking-project-rbac.sql +++ b/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6203-hs-booking-project-rbac.sql @@ -34,7 +34,7 @@ declare newDebitorRel hs_office_relation; begin - call enterTriggerForObjectUuid(NEW.uuid); + call rbac.enterTriggerForObjectUuid(NEW.uuid); SELECT * FROM hs_office_debitor WHERE uuid = NEW.debitorUuid INTO newDebitor; assert newDebitor.uuid is not null, format('newDebitor must not be null for NEW.debitorUuid = %s', NEW.debitorUuid); @@ -72,7 +72,7 @@ begin call grantPermissionToRole(createPermission(NEW.uuid, 'DELETE'), globalAdmin()); - call leaveTriggerForObjectUuid(NEW.uuid); + call rbac.leaveTriggerForObjectUuid(NEW.uuid); end; $$; /* diff --git a/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6203-hs-booking-item-rbac.sql b/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6203-hs-booking-item-rbac.sql index 9e7c8a8d..fee1d62a 100644 --- a/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6203-hs-booking-item-rbac.sql +++ b/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6203-hs-booking-item-rbac.sql @@ -34,7 +34,7 @@ declare newParentItem hs_booking_item; begin - call enterTriggerForObjectUuid(NEW.uuid); + call rbac.enterTriggerForObjectUuid(NEW.uuid); SELECT * FROM hs_booking_project WHERE uuid = NEW.projectUuid INTO newProject; @@ -71,7 +71,7 @@ begin call grantPermissionToRole(createPermission(NEW.uuid, 'DELETE'), globalAdmin()); - call leaveTriggerForObjectUuid(NEW.uuid); + call rbac.leaveTriggerForObjectUuid(NEW.uuid); end; $$; /* diff --git a/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6303-hs-booking-item-rbac.sql b/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6303-hs-booking-item-rbac.sql index 9e7c8a8d..fee1d62a 100644 --- a/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6303-hs-booking-item-rbac.sql +++ b/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6303-hs-booking-item-rbac.sql @@ -34,7 +34,7 @@ declare newParentItem hs_booking_item; begin - call enterTriggerForObjectUuid(NEW.uuid); + call rbac.enterTriggerForObjectUuid(NEW.uuid); SELECT * FROM hs_booking_project WHERE uuid = NEW.projectUuid INTO newProject; @@ -71,7 +71,7 @@ begin call grantPermissionToRole(createPermission(NEW.uuid, 'DELETE'), globalAdmin()); - call leaveTriggerForObjectUuid(NEW.uuid); + call rbac.leaveTriggerForObjectUuid(NEW.uuid); end; $$; /* diff --git a/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7013-hs-hosting-asset-rbac.sql b/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7013-hs-hosting-asset-rbac.sql index 92bd96b7..7cc413fb 100644 --- a/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7013-hs-hosting-asset-rbac.sql +++ b/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7013-hs-hosting-asset-rbac.sql @@ -36,7 +36,7 @@ declare newParentAsset hs_hosting_asset; begin - call enterTriggerForObjectUuid(NEW.uuid); + call rbac.enterTriggerForObjectUuid(NEW.uuid); SELECT * FROM hs_booking_item WHERE uuid = NEW.bookingItemUuid INTO newBookingItem; @@ -89,7 +89,7 @@ begin IF NEW.type = 'DOMAIN_SETUP' THEN END IF; - call leaveTriggerForObjectUuid(NEW.uuid); + call rbac.leaveTriggerForObjectUuid(NEW.uuid); end; $$; /*