WIP towards customerOwner -> rbactest.customer_OWNER for example

This commit is contained in:
Michael Hoennig 2024-09-18 15:58:59 +02:00
parent a0e1d96278
commit 94f6bab004
20 changed files with 34 additions and 34 deletions

View File

@ -19,12 +19,11 @@ public class RbacRoleDescriptorsGenerator {
-- ============================================================================
--changeset RbacRoleDescriptorsGenerator:${liquibaseTagPrefix}-rbac-ROLE-DESCRIPTORS endDelimiter:--//
-- ----------------------------------------------------------------------------
call rbac.generateRbacRoleDescriptors('${simpleEntityVarName}', '${rawTableName}');
call rbac.generateRbacRoleDescriptors('${rawTableName}');
--//
""",
with("liquibaseTagPrefix", liquibaseTagPrefix),
with("simpleEntityVarName", simpleEntityVarName),
with("rawTableName", rawTableName));
}
}

View File

@ -49,62 +49,63 @@ $$;
--changeset michael.hoennig:rbac-generators-ROLE-DESCRIPTORS endDelimiter:--//
-- ----------------------------------------------------------------------------
create procedure rbac.generateRbacRoleDescriptors(prefix text, targetTable text)
create procedure rbac.generateRbacRoleDescriptors(targetTable text)
language plpgsql as $$
declare
sql text;
begin
sql = format($sql$
create or replace function %1$sOwner(entity %2$s, assumed boolean = true)
create or replace function %1$s_OWNER(entity %1$s, assumed boolean = true)
returns rbac.RoleDescriptor
language plpgsql
strict as $f$
begin
return rbac.roleDescriptorOf('%2$s', entity.uuid, 'OWNER', assumed);
return rbac.roleDescriptorOf('%1$s', entity.uuid, 'OWNER', assumed);
end; $f$;
create or replace function %1$sAdmin(entity %2$s, assumed boolean = true)
create or replace function %1$s_ADMIN(entity %1$s, assumed boolean = true)
returns rbac.RoleDescriptor
language plpgsql
strict as $f$
begin
return rbac.roleDescriptorOf('%2$s', entity.uuid, 'ADMIN', assumed);
return rbac.roleDescriptorOf('%1$s', entity.uuid, 'ADMIN', assumed);
end; $f$;
create or replace function %1$sAgent(entity %2$s, assumed boolean = true)
create or replace function %1$s_AGENT(entity %1$s, assumed boolean = true)
returns rbac.RoleDescriptor
language plpgsql
strict as $f$
begin
return rbac.roleDescriptorOf('%2$s', entity.uuid, 'AGENT', assumed);
return rbac.roleDescriptorOf('%1$s', entity.uuid, 'AGENT', assumed);
end; $f$;
create or replace function %1$sTenant(entity %2$s, assumed boolean = true)
create or replace function %1$s_TENANT(entity %1$s, assumed boolean = true)
returns rbac.RoleDescriptor
language plpgsql
strict as $f$
begin
return rbac.roleDescriptorOf('%2$s', entity.uuid, 'TENANT', assumed);
return rbac.roleDescriptorOf('%1$s', entity.uuid, 'TENANT', assumed);
end; $f$;
-- TODO: remove guest role
create or replace function %1$sGuest(entity %2$s, assumed boolean = true)
create or replace function %1$s_GUEST(entity %1$s, assumed boolean = true)
returns rbac.RoleDescriptor
language plpgsql
strict as $f$
begin
return rbac.roleDescriptorOf('%2$s', entity.uuid, 'GUEST', assumed);
return rbac.roleDescriptorOf('%1$s', entity.uuid, 'GUEST', assumed);
end; $f$;
create or replace function %1$sReferrer(entity %2$s)
create or replace function %1$s_REFERRER(entity %1$s)
returns rbac.RoleDescriptor
language plpgsql
strict as $f$
begin
return rbac.roleDescriptorOf('%2$s', entity.uuid, 'REFERRER');
return rbac.roleDescriptorOf('%1$s', entity.uuid, 'REFERRER');
end; $f$;
$sql$, prefix, targetTable);
$sql$, targetTable);
raise exception 'generated-SQL: %', sql;
execute sql;
end; $$;
--//

View File

@ -12,7 +12,7 @@ call rbac.generateRelatedRbacObject('rbactest.customer');
-- ============================================================================
--changeset RbacRoleDescriptorsGenerator:rbactest-customer-rbac-ROLE-DESCRIPTORS endDelimiter:--//
-- ----------------------------------------------------------------------------
call rbac.generateRbacRoleDescriptors('testCustomer', 'rbactest.customer');
call rbac.generateRbacRoleDescriptors('rbactest.customer');
--//

View File

@ -12,7 +12,7 @@ call rbac.generateRelatedRbacObject('rbactest.package');
-- ============================================================================
--changeset RbacRoleDescriptorsGenerator:rbactest-package-rbac-ROLE-DESCRIPTORS endDelimiter:--//
-- ----------------------------------------------------------------------------
call rbac.generateRbacRoleDescriptors('testPackage', 'rbactest.package');
call rbac.generateRbacRoleDescriptors('rbactest.package');
--//

View File

@ -12,7 +12,7 @@ call rbac.generateRelatedRbacObject('rbactest.domain');
-- ============================================================================
--changeset RbacRoleDescriptorsGenerator:rbactest-domain-rbac-ROLE-DESCRIPTORS endDelimiter:--//
-- ----------------------------------------------------------------------------
call rbac.generateRbacRoleDescriptors('testDomain', 'rbactest.domain');
call rbac.generateRbacRoleDescriptors('rbactest.domain');
--//

View File

@ -12,7 +12,7 @@ call rbac.generateRelatedRbacObject('hs_office.contact');
-- ============================================================================
--changeset RbacRoleDescriptorsGenerator:hs-office-contact-rbac-ROLE-DESCRIPTORS endDelimiter:--//
-- ----------------------------------------------------------------------------
call rbac.generateRbacRoleDescriptors('hsOfficeContact', 'hs_office.contact');
call rbac.generateRbacRoleDescriptors('hs_office.contact');
--//

View File

@ -12,7 +12,7 @@ call rbac.generateRelatedRbacObject('hs_office.person');
-- ============================================================================
--changeset RbacRoleDescriptorsGenerator:hs-office-person-rbac-ROLE-DESCRIPTORS endDelimiter:--//
-- ----------------------------------------------------------------------------
call rbac.generateRbacRoleDescriptors('hsOfficePerson', 'hs_office.person');
call rbac.generateRbacRoleDescriptors('hs_office.person');
--//

View File

@ -12,7 +12,7 @@ call rbac.generateRelatedRbacObject('hs_office.relation');
-- ============================================================================
--changeset RbacRoleDescriptorsGenerator:hs-office-relation-rbac-ROLE-DESCRIPTORS endDelimiter:--//
-- ----------------------------------------------------------------------------
call rbac.generateRbacRoleDescriptors('hsOfficeRelation', 'hs_office.relation');
call rbac.generateRbacRoleDescriptors('hs_office.relation');
--//

View File

@ -12,7 +12,7 @@ call rbac.generateRelatedRbacObject('hs_office.partner');
-- ============================================================================
--changeset RbacRoleDescriptorsGenerator:hs-office-partner-rbac-ROLE-DESCRIPTORS endDelimiter:--//
-- ----------------------------------------------------------------------------
call rbac.generateRbacRoleDescriptors('hsOfficePartner', 'hs_office.partner');
call rbac.generateRbacRoleDescriptors('hs_office.partner');
--//

View File

@ -12,7 +12,7 @@ call rbac.generateRelatedRbacObject('hs_office.partner_details');
-- ============================================================================
--changeset RbacRoleDescriptorsGenerator:hs-office-partner-details-rbac-ROLE-DESCRIPTORS endDelimiter:--//
-- ----------------------------------------------------------------------------
call rbac.generateRbacRoleDescriptors('hsOfficePartnerDetails', 'hs_office.partner_details');
call rbac.generateRbacRoleDescriptors('hs_office.partner_details');
--//

View File

@ -12,7 +12,7 @@ call rbac.generateRelatedRbacObject('hs_office.bankaccount');
-- ============================================================================
--changeset RbacRoleDescriptorsGenerator:hs-office-bankaccount-rbac-ROLE-DESCRIPTORS endDelimiter:--//
-- ----------------------------------------------------------------------------
call rbac.generateRbacRoleDescriptors('hsOfficeBankAccount', 'hs_office.bankaccount');
call rbac.generateRbacRoleDescriptors('hs_office.bankaccount');
--//

View File

@ -12,7 +12,7 @@ call rbac.generateRelatedRbacObject('hs_office.debitor');
-- ============================================================================
--changeset RbacRoleDescriptorsGenerator:hs-office-debitor-rbac-ROLE-DESCRIPTORS endDelimiter:--//
-- ----------------------------------------------------------------------------
call rbac.generateRbacRoleDescriptors('hsOfficeDebitor', 'hs_office.debitor');
call rbac.generateRbacRoleDescriptors('hs_office.debitor');
--//

View File

@ -12,7 +12,7 @@ call rbac.generateRelatedRbacObject('hs_office.sepamandate');
-- ============================================================================
--changeset RbacRoleDescriptorsGenerator:hs-office-sepamandate-rbac-ROLE-DESCRIPTORS endDelimiter:--//
-- ----------------------------------------------------------------------------
call rbac.generateRbacRoleDescriptors('hsOfficeSepaMandate', 'hs_office.sepamandate');
call rbac.generateRbacRoleDescriptors('hs_office.sepamandate');
--//

View File

@ -12,7 +12,7 @@ call rbac.generateRelatedRbacObject('hs_office.membership');
-- ============================================================================
--changeset RbacRoleDescriptorsGenerator:hs-office-membership-rbac-ROLE-DESCRIPTORS endDelimiter:--//
-- ----------------------------------------------------------------------------
call rbac.generateRbacRoleDescriptors('hsOfficeMembership', 'hs_office.membership');
call rbac.generateRbacRoleDescriptors('hs_office.membership');
--//

View File

@ -12,7 +12,7 @@ call rbac.generateRelatedRbacObject('hs_office.coopsharestransaction');
-- ============================================================================
--changeset RbacRoleDescriptorsGenerator:hs-office-coopsharestransaction-rbac-ROLE-DESCRIPTORS endDelimiter:--//
-- ----------------------------------------------------------------------------
call rbac.generateRbacRoleDescriptors('hsOfficeCoopSharesTransaction', 'hs_office.coopsharestransaction');
call rbac.generateRbacRoleDescriptors('hs_office.coopsharestransaction');
--//

View File

@ -12,7 +12,7 @@ call rbac.generateRelatedRbacObject('hs_office.coopassetstransaction');
-- ============================================================================
--changeset RbacRoleDescriptorsGenerator:hs-office-coopassetstransaction-rbac-ROLE-DESCRIPTORS endDelimiter:--//
-- ----------------------------------------------------------------------------
call rbac.generateRbacRoleDescriptors('hsOfficeCoopAssetsTransaction', 'hs_office.coopassetstransaction');
call rbac.generateRbacRoleDescriptors('hs_office.coopassetstransaction');
--//

View File

@ -12,7 +12,7 @@ call rbac.generateRelatedRbacObject('hs_booking.project');
-- ============================================================================
--changeset RbacRoleDescriptorsGenerator:hs-booking-project-rbac-ROLE-DESCRIPTORS endDelimiter:--//
-- ----------------------------------------------------------------------------
call rbac.generateRbacRoleDescriptors('hsBookingProject', 'hs_booking.project');
call rbac.generateRbacRoleDescriptors('hs_booking.project');
--//

View File

@ -12,7 +12,7 @@ call rbac.generateRelatedRbacObject('hs_booking.item');
-- ============================================================================
--changeset RbacRoleDescriptorsGenerator:hs-booking-item-rbac-ROLE-DESCRIPTORS endDelimiter:--//
-- ----------------------------------------------------------------------------
call rbac.generateRbacRoleDescriptors('hsBookingItem', 'hs_booking.item');
call rbac.generateRbacRoleDescriptors('hs_booking.item');
--//

View File

@ -12,7 +12,7 @@ call rbac.generateRelatedRbacObject('hs_hosting.asset');
-- ============================================================================
--changeset RbacRoleDescriptorsGenerator:hs-hosting-asset-rbac-ROLE-DESCRIPTORS endDelimiter:--//
-- ----------------------------------------------------------------------------
call rbac.generateRbacRoleDescriptors('hsHostingAsset', 'hs_hosting.asset');
call rbac.generateRbacRoleDescriptors('hs_hosting.asset');
--//

View File

@ -7,7 +7,7 @@ spring:
url-tc: jdbc:tc:postgresql:15.5-bookworm:///spring_boot_testcontainers
url-tcx: jdbc:tc:postgresql:15.5-bookworm:///spring_boot_testcontainers?TC_REUSABLE=true&TC_DAEMON=true
url-local: jdbc:postgresql://localhost:5432/postgres
url: ${spring.datasource.url-tc}
url: ${spring.datasource.url-local}
username: postgres
password: password