fix assumedRole max length, so it appears in error messages
This commit is contained in:
Michael Hoennig
parent
954b24ec7c
commit
8bc3c17b89
@ -26,7 +26,7 @@ create or replace procedure defineContext(
|
|||||||
currentTask varchar(96),
|
currentTask varchar(96),
|
||||||
currentRequest text = null,
|
currentRequest text = null,
|
||||||
currentUser varchar(63) = null,
|
currentUser varchar(63) = null,
|
||||||
assumedRoles varchar(256) = null
|
assumedRoles varchar(1023) = null
|
||||||
)
|
)
|
||||||
language plpgsql as $$
|
language plpgsql as $$
|
||||||
begin
|
begin
|
||||||
@ -43,7 +43,7 @@ begin
|
|||||||
execute format('set local hsadminng.currentUser to %L', currentUser);
|
execute format('set local hsadminng.currentUser to %L', currentUser);
|
||||||
|
|
||||||
assumedRoles := coalesce(assumedRoles, '');
|
assumedRoles := coalesce(assumedRoles, '');
|
||||||
assert length(assumedRoles) <= 256, FORMAT('assumedRoles must not be longer than 256 characters: "%s"', assumedRoles);
|
assert length(assumedRoles) <= 1023, FORMAT('assumedRoles must not be longer than 1023 characters: "%s"', assumedRoles);
|
||||||
execute format('set local hsadminng.assumedRoles to %L', assumedRoles);
|
execute format('set local hsadminng.assumedRoles to %L', assumedRoles);
|
||||||
|
|
||||||
call contextDefined(currentTask, currentRequest, currentUser, assumedRoles);
|
call contextDefined(currentTask, currentRequest, currentUser, assumedRoles);
|
||||||
@ -135,20 +135,21 @@ end; $$;
|
|||||||
or empty array, if not set.
|
or empty array, if not set.
|
||||||
*/
|
*/
|
||||||
create or replace function assumedRoles()
|
create or replace function assumedRoles()
|
||||||
returns varchar(63)[]
|
returns varchar(1023)[]
|
||||||
stable -- leakproof
|
stable -- leakproof
|
||||||
language plpgsql as $$
|
language plpgsql as $$
|
||||||
declare
|
declare
|
||||||
currentSubject varchar(63);
|
currentSubject varchar(1023);
|
||||||
begin
|
begin
|
||||||
begin
|
begin
|
||||||
currentSubject := current_setting('hsadminng.assumedRoles');
|
currentSubject := current_setting('hsadminng.assumedRoles');
|
||||||
exception
|
exception
|
||||||
when others then
|
when undefined_object then
|
||||||
return array []::varchar[];
|
return array ['error']::varchar[];
|
||||||
end;
|
end;
|
||||||
|
|
||||||
if (currentSubject = '') then
|
if (currentSubject = '') then
|
||||||
return array []::varchar[];
|
return array ['empty']::varchar[];
|
||||||
end if;
|
end if;
|
||||||
return string_to_array(currentSubject, ';');
|
return string_to_array(currentSubject, ';');
|
||||||
end; $$;
|
end; $$;
|
||||||
@ -219,17 +220,17 @@ begin
|
|||||||
end ; $$;
|
end ; $$;
|
||||||
|
|
||||||
create or replace function currentSubjects()
|
create or replace function currentSubjects()
|
||||||
returns varchar(63)[]
|
returns varchar(127)[]
|
||||||
stable -- leakproof
|
stable -- leakproof
|
||||||
language plpgsql as $$
|
language plpgsql as $$
|
||||||
declare
|
declare
|
||||||
assumedRoles varchar(63)[];
|
assumedRoles varchar(127)[];
|
||||||
begin
|
begin
|
||||||
assumedRoles := assumedRoles();
|
assumedRoles := assumedRoles();
|
||||||
if array_length(assumedRoles, 1) > 0 then
|
if array_length(assumedRoles, 1) > 0 then
|
||||||
return assumedRoles();
|
return assumedRoles;
|
||||||
else
|
else
|
||||||
return array [currentUser()]::varchar(63)[];
|
return array [currentUser()]::varchar(127)[];
|
||||||
end if;
|
end if;
|
||||||
end; $$;
|
end; $$;
|
||||||
|
|
||||||
|
|||||||
@ -27,7 +27,7 @@ create table tx_context
|
|||||||
txId bigint not null,
|
txId bigint not null,
|
||||||
txTimestamp timestamp not null,
|
txTimestamp timestamp not null,
|
||||||
currentUser varchar(63) not null, -- not the uuid, because users can be deleted
|
currentUser varchar(63) not null, -- not the uuid, because users can be deleted
|
||||||
assumedRoles varchar(256) not null, -- not the uuids, because roles can be deleted
|
assumedRoles varchar(1023) not null, -- not the uuids, because roles can be deleted
|
||||||
currentTask varchar(96) not null,
|
currentTask varchar(96) not null,
|
||||||
currentRequest text not null
|
currentRequest text not null
|
||||||
);
|
);
|
||||||
|
|||||||
@ -107,8 +107,8 @@ create or replace function hs_office_partner_details_insert_permission_missing_t
|
|||||||
returns trigger
|
returns trigger
|
||||||
language plpgsql as $$
|
language plpgsql as $$
|
||||||
begin
|
begin
|
||||||
raise exception '[403] insert into hs_office_partner_details not allowed for current subjects % (%)',
|
raise exception '[403] insert into hs_office_partner_details not allowed for current subjects % (%) assumed by user % (%)',
|
||||||
currentSubjects(), currentSubjectsUuids();
|
currentSubjects(), currentSubjectsUuids(), currentUser(), currentUserUuid();
|
||||||
end; $$;
|
end; $$;
|
||||||
|
|
||||||
create trigger hs_office_partner_details_insert_permission_check_tg
|
create trigger hs_office_partner_details_insert_permission_check_tg
|
||||||
|
|||||||
@ -332,9 +332,7 @@ class HsOfficePartnerRepositoryIntegrationTest extends ContextBasedTestWithClean
|
|||||||
|
|
||||||
// then
|
// then
|
||||||
result.assertExceptionWithRootCauseMessage(JpaSystemException.class,
|
result.assertExceptionWithRootCauseMessage(JpaSystemException.class,
|
||||||
// FIXME: the assumed role should appear, but it does not:
|
"[403] insert into hs_office_partner_details not allowed for current subjects {hs_office_relation#HostsharingeG-with-PARTNER-ErbenBesslerMelBessler.tenant}");
|
||||||
//"[403] insert into hs_office_partner_details not allowed for current subjects {hs_office_relation#HostsharingeG-with-PARTNER-ErbenBesslerMelBessler.tenant}");
|
|
||||||
"[403] insert into hs_office_partner_details not allowed for current subjects");
|
|
||||||
}
|
}
|
||||||
|
|
||||||
private void assertThatPartnerActuallyInDatabase(final HsOfficePartnerEntity saved) {
|
private void assertThatPartnerActuallyInDatabase(final HsOfficePartnerEntity saved) {
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user