fix assumedRole max length, so it appears in error messages
This commit is contained in:
parent
954b24ec7c
commit
8bc3c17b89
@ -26,7 +26,7 @@ create or replace procedure defineContext(
|
||||
currentTask varchar(96),
|
||||
currentRequest text = null,
|
||||
currentUser varchar(63) = null,
|
||||
assumedRoles varchar(256) = null
|
||||
assumedRoles varchar(1023) = null
|
||||
)
|
||||
language plpgsql as $$
|
||||
begin
|
||||
@ -43,7 +43,7 @@ begin
|
||||
execute format('set local hsadminng.currentUser to %L', currentUser);
|
||||
|
||||
assumedRoles := coalesce(assumedRoles, '');
|
||||
assert length(assumedRoles) <= 256, FORMAT('assumedRoles must not be longer than 256 characters: "%s"', assumedRoles);
|
||||
assert length(assumedRoles) <= 1023, FORMAT('assumedRoles must not be longer than 1023 characters: "%s"', assumedRoles);
|
||||
execute format('set local hsadminng.assumedRoles to %L', assumedRoles);
|
||||
|
||||
call contextDefined(currentTask, currentRequest, currentUser, assumedRoles);
|
||||
@ -135,20 +135,21 @@ end; $$;
|
||||
or empty array, if not set.
|
||||
*/
|
||||
create or replace function assumedRoles()
|
||||
returns varchar(63)[]
|
||||
returns varchar(1023)[]
|
||||
stable -- leakproof
|
||||
language plpgsql as $$
|
||||
declare
|
||||
currentSubject varchar(63);
|
||||
currentSubject varchar(1023);
|
||||
begin
|
||||
begin
|
||||
currentSubject := current_setting('hsadminng.assumedRoles');
|
||||
exception
|
||||
when others then
|
||||
return array []::varchar[];
|
||||
when undefined_object then
|
||||
return array ['error']::varchar[];
|
||||
end;
|
||||
|
||||
if (currentSubject = '') then
|
||||
return array []::varchar[];
|
||||
return array ['empty']::varchar[];
|
||||
end if;
|
||||
return string_to_array(currentSubject, ';');
|
||||
end; $$;
|
||||
@ -219,17 +220,17 @@ begin
|
||||
end ; $$;
|
||||
|
||||
create or replace function currentSubjects()
|
||||
returns varchar(63)[]
|
||||
returns varchar(127)[]
|
||||
stable -- leakproof
|
||||
language plpgsql as $$
|
||||
declare
|
||||
assumedRoles varchar(63)[];
|
||||
assumedRoles varchar(127)[];
|
||||
begin
|
||||
assumedRoles := assumedRoles();
|
||||
if array_length(assumedRoles, 1) > 0 then
|
||||
return assumedRoles();
|
||||
return assumedRoles;
|
||||
else
|
||||
return array [currentUser()]::varchar(63)[];
|
||||
return array [currentUser()]::varchar(127)[];
|
||||
end if;
|
||||
end; $$;
|
||||
|
||||
|
@ -27,7 +27,7 @@ create table tx_context
|
||||
txId bigint not null,
|
||||
txTimestamp timestamp not null,
|
||||
currentUser varchar(63) not null, -- not the uuid, because users can be deleted
|
||||
assumedRoles varchar(256) not null, -- not the uuids, because roles can be deleted
|
||||
assumedRoles varchar(1023) not null, -- not the uuids, because roles can be deleted
|
||||
currentTask varchar(96) not null,
|
||||
currentRequest text not null
|
||||
);
|
||||
|
@ -107,8 +107,8 @@ create or replace function hs_office_partner_details_insert_permission_missing_t
|
||||
returns trigger
|
||||
language plpgsql as $$
|
||||
begin
|
||||
raise exception '[403] insert into hs_office_partner_details not allowed for current subjects % (%)',
|
||||
currentSubjects(), currentSubjectsUuids();
|
||||
raise exception '[403] insert into hs_office_partner_details not allowed for current subjects % (%) assumed by user % (%)',
|
||||
currentSubjects(), currentSubjectsUuids(), currentUser(), currentUserUuid();
|
||||
end; $$;
|
||||
|
||||
create trigger hs_office_partner_details_insert_permission_check_tg
|
||||
|
@ -332,9 +332,7 @@ class HsOfficePartnerRepositoryIntegrationTest extends ContextBasedTestWithClean
|
||||
|
||||
// then
|
||||
result.assertExceptionWithRootCauseMessage(JpaSystemException.class,
|
||||
// FIXME: the assumed role should appear, but it does not:
|
||||
//"[403] insert into hs_office_partner_details not allowed for current subjects {hs_office_relation#HostsharingeG-with-PARTNER-ErbenBesslerMelBessler.tenant}");
|
||||
"[403] insert into hs_office_partner_details not allowed for current subjects");
|
||||
"[403] insert into hs_office_partner_details not allowed for current subjects {hs_office_relation#HostsharingeG-with-PARTNER-ErbenBesslerMelBessler.tenant}");
|
||||
}
|
||||
|
||||
private void assertThatPartnerActuallyInDatabase(final HsOfficePartnerEntity saved) {
|
||||
|
Loading…
Reference in New Issue
Block a user