From 94f6bab004eb086559a39ed84a3966222a392595 Mon Sep 17 00:00:00 2001 From: Michael Hoennig Date: Wed, 18 Sep 2024 15:58:59 +0200 Subject: [PATCH] WIP towards customerOwner -> rbactest.customer_OWNER for example --- .../RbacRoleDescriptorsGenerator.java | 3 +- .../changelog/1-rbac/1058-rbac-generators.sql | 29 ++++++++++--------- .../2013-rbactest-customer-rbac.sql | 2 +- .../2023-rbactest-package-rbac.sql | 2 +- .../2033-rbactest-domain-rbac.sql | 2 +- .../5013-hs-office-contact-rbac.sql | 2 +- .../502-person/5023-hs-office-person-rbac.sql | 2 +- .../5033-hs-office-relation-rbac.sql | 2 +- .../5043-hs-office-partner-rbac.sql | 2 +- .../5044-hs-office-partner-details-rbac.sql | 2 +- .../5053-hs-office-bankaccount-rbac.sql | 2 +- .../5063-hs-office-debitor-rbac.sql | 2 +- .../5073-hs-office-sepamandate-rbac.sql | 2 +- .../5103-hs-office-membership-rbac.sql | 2 +- .../5113-hs-office-coopshares-rbac.sql | 2 +- .../5123-hs-office-coopassets-rbac.sql | 2 +- .../6203-hs-booking-project-rbac.sql | 2 +- .../6303-hs-booking-item-rbac.sql | 2 +- .../7013-hs-hosting-asset-rbac.sql | 2 +- src/test/resources/application.yml | 2 +- 20 files changed, 34 insertions(+), 34 deletions(-) diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/generator/RbacRoleDescriptorsGenerator.java b/src/main/java/net/hostsharing/hsadminng/rbac/generator/RbacRoleDescriptorsGenerator.java index 098ebf81..4d78d0c2 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/generator/RbacRoleDescriptorsGenerator.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/generator/RbacRoleDescriptorsGenerator.java @@ -19,12 +19,11 @@ public class RbacRoleDescriptorsGenerator { -- ============================================================================ --changeset RbacRoleDescriptorsGenerator:${liquibaseTagPrefix}-rbac-ROLE-DESCRIPTORS endDelimiter:--// -- ---------------------------------------------------------------------------- - call rbac.generateRbacRoleDescriptors('${simpleEntityVarName}', '${rawTableName}'); + call rbac.generateRbacRoleDescriptors('${rawTableName}'); --// """, with("liquibaseTagPrefix", liquibaseTagPrefix), - with("simpleEntityVarName", simpleEntityVarName), with("rawTableName", rawTableName)); } } diff --git a/src/main/resources/db/changelog/1-rbac/1058-rbac-generators.sql b/src/main/resources/db/changelog/1-rbac/1058-rbac-generators.sql index 0c7b8b2e..e7e4db47 100644 --- a/src/main/resources/db/changelog/1-rbac/1058-rbac-generators.sql +++ b/src/main/resources/db/changelog/1-rbac/1058-rbac-generators.sql @@ -49,62 +49,63 @@ $$; --changeset michael.hoennig:rbac-generators-ROLE-DESCRIPTORS endDelimiter:--// -- ---------------------------------------------------------------------------- -create procedure rbac.generateRbacRoleDescriptors(prefix text, targetTable text) +create procedure rbac.generateRbacRoleDescriptors(targetTable text) language plpgsql as $$ declare sql text; begin sql = format($sql$ - create or replace function %1$sOwner(entity %2$s, assumed boolean = true) + create or replace function %1$s_OWNER(entity %1$s, assumed boolean = true) returns rbac.RoleDescriptor language plpgsql strict as $f$ begin - return rbac.roleDescriptorOf('%2$s', entity.uuid, 'OWNER', assumed); + return rbac.roleDescriptorOf('%1$s', entity.uuid, 'OWNER', assumed); end; $f$; - create or replace function %1$sAdmin(entity %2$s, assumed boolean = true) + create or replace function %1$s_ADMIN(entity %1$s, assumed boolean = true) returns rbac.RoleDescriptor language plpgsql strict as $f$ begin - return rbac.roleDescriptorOf('%2$s', entity.uuid, 'ADMIN', assumed); + return rbac.roleDescriptorOf('%1$s', entity.uuid, 'ADMIN', assumed); end; $f$; - create or replace function %1$sAgent(entity %2$s, assumed boolean = true) + create or replace function %1$s_AGENT(entity %1$s, assumed boolean = true) returns rbac.RoleDescriptor language plpgsql strict as $f$ begin - return rbac.roleDescriptorOf('%2$s', entity.uuid, 'AGENT', assumed); + return rbac.roleDescriptorOf('%1$s', entity.uuid, 'AGENT', assumed); end; $f$; - create or replace function %1$sTenant(entity %2$s, assumed boolean = true) + create or replace function %1$s_TENANT(entity %1$s, assumed boolean = true) returns rbac.RoleDescriptor language plpgsql strict as $f$ begin - return rbac.roleDescriptorOf('%2$s', entity.uuid, 'TENANT', assumed); + return rbac.roleDescriptorOf('%1$s', entity.uuid, 'TENANT', assumed); end; $f$; -- TODO: remove guest role - create or replace function %1$sGuest(entity %2$s, assumed boolean = true) + create or replace function %1$s_GUEST(entity %1$s, assumed boolean = true) returns rbac.RoleDescriptor language plpgsql strict as $f$ begin - return rbac.roleDescriptorOf('%2$s', entity.uuid, 'GUEST', assumed); + return rbac.roleDescriptorOf('%1$s', entity.uuid, 'GUEST', assumed); end; $f$; - create or replace function %1$sReferrer(entity %2$s) + create or replace function %1$s_REFERRER(entity %1$s) returns rbac.RoleDescriptor language plpgsql strict as $f$ begin - return rbac.roleDescriptorOf('%2$s', entity.uuid, 'REFERRER'); + return rbac.roleDescriptorOf('%1$s', entity.uuid, 'REFERRER'); end; $f$; - $sql$, prefix, targetTable); + $sql$, targetTable); + raise exception 'generated-SQL: %', sql; execute sql; end; $$; --// diff --git a/src/main/resources/db/changelog/2-rbactest/201-rbactest-customer/2013-rbactest-customer-rbac.sql b/src/main/resources/db/changelog/2-rbactest/201-rbactest-customer/2013-rbactest-customer-rbac.sql index d7104eff..02022c11 100644 --- a/src/main/resources/db/changelog/2-rbactest/201-rbactest-customer/2013-rbactest-customer-rbac.sql +++ b/src/main/resources/db/changelog/2-rbactest/201-rbactest-customer/2013-rbactest-customer-rbac.sql @@ -12,7 +12,7 @@ call rbac.generateRelatedRbacObject('rbactest.customer'); -- ============================================================================ --changeset RbacRoleDescriptorsGenerator:rbactest-customer-rbac-ROLE-DESCRIPTORS endDelimiter:--// -- ---------------------------------------------------------------------------- -call rbac.generateRbacRoleDescriptors('testCustomer', 'rbactest.customer'); +call rbac.generateRbacRoleDescriptors('rbactest.customer'); --// diff --git a/src/main/resources/db/changelog/2-rbactest/202-rbactest-package/2023-rbactest-package-rbac.sql b/src/main/resources/db/changelog/2-rbactest/202-rbactest-package/2023-rbactest-package-rbac.sql index 91dd207b..72a5d33e 100644 --- a/src/main/resources/db/changelog/2-rbactest/202-rbactest-package/2023-rbactest-package-rbac.sql +++ b/src/main/resources/db/changelog/2-rbactest/202-rbactest-package/2023-rbactest-package-rbac.sql @@ -12,7 +12,7 @@ call rbac.generateRelatedRbacObject('rbactest.package'); -- ============================================================================ --changeset RbacRoleDescriptorsGenerator:rbactest-package-rbac-ROLE-DESCRIPTORS endDelimiter:--// -- ---------------------------------------------------------------------------- -call rbac.generateRbacRoleDescriptors('testPackage', 'rbactest.package'); +call rbac.generateRbacRoleDescriptors('rbactest.package'); --// diff --git a/src/main/resources/db/changelog/2-rbactest/203-rbactest-domain/2033-rbactest-domain-rbac.sql b/src/main/resources/db/changelog/2-rbactest/203-rbactest-domain/2033-rbactest-domain-rbac.sql index b20d12d6..7aada58b 100644 --- a/src/main/resources/db/changelog/2-rbactest/203-rbactest-domain/2033-rbactest-domain-rbac.sql +++ b/src/main/resources/db/changelog/2-rbactest/203-rbactest-domain/2033-rbactest-domain-rbac.sql @@ -12,7 +12,7 @@ call rbac.generateRelatedRbacObject('rbactest.domain'); -- ============================================================================ --changeset RbacRoleDescriptorsGenerator:rbactest-domain-rbac-ROLE-DESCRIPTORS endDelimiter:--// -- ---------------------------------------------------------------------------- -call rbac.generateRbacRoleDescriptors('testDomain', 'rbactest.domain'); +call rbac.generateRbacRoleDescriptors('rbactest.domain'); --// diff --git a/src/main/resources/db/changelog/5-hs-office/501-contact/5013-hs-office-contact-rbac.sql b/src/main/resources/db/changelog/5-hs-office/501-contact/5013-hs-office-contact-rbac.sql index 39976f0e..fad804a1 100644 --- a/src/main/resources/db/changelog/5-hs-office/501-contact/5013-hs-office-contact-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/501-contact/5013-hs-office-contact-rbac.sql @@ -12,7 +12,7 @@ call rbac.generateRelatedRbacObject('hs_office.contact'); -- ============================================================================ --changeset RbacRoleDescriptorsGenerator:hs-office-contact-rbac-ROLE-DESCRIPTORS endDelimiter:--// -- ---------------------------------------------------------------------------- -call rbac.generateRbacRoleDescriptors('hsOfficeContact', 'hs_office.contact'); +call rbac.generateRbacRoleDescriptors('hs_office.contact'); --// diff --git a/src/main/resources/db/changelog/5-hs-office/502-person/5023-hs-office-person-rbac.sql b/src/main/resources/db/changelog/5-hs-office/502-person/5023-hs-office-person-rbac.sql index 8e0d7a31..2a0f1a42 100644 --- a/src/main/resources/db/changelog/5-hs-office/502-person/5023-hs-office-person-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/502-person/5023-hs-office-person-rbac.sql @@ -12,7 +12,7 @@ call rbac.generateRelatedRbacObject('hs_office.person'); -- ============================================================================ --changeset RbacRoleDescriptorsGenerator:hs-office-person-rbac-ROLE-DESCRIPTORS endDelimiter:--// -- ---------------------------------------------------------------------------- -call rbac.generateRbacRoleDescriptors('hsOfficePerson', 'hs_office.person'); +call rbac.generateRbacRoleDescriptors('hs_office.person'); --// diff --git a/src/main/resources/db/changelog/5-hs-office/503-relation/5033-hs-office-relation-rbac.sql b/src/main/resources/db/changelog/5-hs-office/503-relation/5033-hs-office-relation-rbac.sql index 85301c32..1d750626 100644 --- a/src/main/resources/db/changelog/5-hs-office/503-relation/5033-hs-office-relation-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/503-relation/5033-hs-office-relation-rbac.sql @@ -12,7 +12,7 @@ call rbac.generateRelatedRbacObject('hs_office.relation'); -- ============================================================================ --changeset RbacRoleDescriptorsGenerator:hs-office-relation-rbac-ROLE-DESCRIPTORS endDelimiter:--// -- ---------------------------------------------------------------------------- -call rbac.generateRbacRoleDescriptors('hsOfficeRelation', 'hs_office.relation'); +call rbac.generateRbacRoleDescriptors('hs_office.relation'); --// diff --git a/src/main/resources/db/changelog/5-hs-office/504-partner/5043-hs-office-partner-rbac.sql b/src/main/resources/db/changelog/5-hs-office/504-partner/5043-hs-office-partner-rbac.sql index 7ead6151..79dab51e 100644 --- a/src/main/resources/db/changelog/5-hs-office/504-partner/5043-hs-office-partner-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/504-partner/5043-hs-office-partner-rbac.sql @@ -12,7 +12,7 @@ call rbac.generateRelatedRbacObject('hs_office.partner'); -- ============================================================================ --changeset RbacRoleDescriptorsGenerator:hs-office-partner-rbac-ROLE-DESCRIPTORS endDelimiter:--// -- ---------------------------------------------------------------------------- -call rbac.generateRbacRoleDescriptors('hsOfficePartner', 'hs_office.partner'); +call rbac.generateRbacRoleDescriptors('hs_office.partner'); --// diff --git a/src/main/resources/db/changelog/5-hs-office/504-partner/5044-hs-office-partner-details-rbac.sql b/src/main/resources/db/changelog/5-hs-office/504-partner/5044-hs-office-partner-details-rbac.sql index a6209110..27b2f489 100644 --- a/src/main/resources/db/changelog/5-hs-office/504-partner/5044-hs-office-partner-details-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/504-partner/5044-hs-office-partner-details-rbac.sql @@ -12,7 +12,7 @@ call rbac.generateRelatedRbacObject('hs_office.partner_details'); -- ============================================================================ --changeset RbacRoleDescriptorsGenerator:hs-office-partner-details-rbac-ROLE-DESCRIPTORS endDelimiter:--// -- ---------------------------------------------------------------------------- -call rbac.generateRbacRoleDescriptors('hsOfficePartnerDetails', 'hs_office.partner_details'); +call rbac.generateRbacRoleDescriptors('hs_office.partner_details'); --// diff --git a/src/main/resources/db/changelog/5-hs-office/505-bankaccount/5053-hs-office-bankaccount-rbac.sql b/src/main/resources/db/changelog/5-hs-office/505-bankaccount/5053-hs-office-bankaccount-rbac.sql index 02775bf1..3257b0a0 100644 --- a/src/main/resources/db/changelog/5-hs-office/505-bankaccount/5053-hs-office-bankaccount-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/505-bankaccount/5053-hs-office-bankaccount-rbac.sql @@ -12,7 +12,7 @@ call rbac.generateRelatedRbacObject('hs_office.bankaccount'); -- ============================================================================ --changeset RbacRoleDescriptorsGenerator:hs-office-bankaccount-rbac-ROLE-DESCRIPTORS endDelimiter:--// -- ---------------------------------------------------------------------------- -call rbac.generateRbacRoleDescriptors('hsOfficeBankAccount', 'hs_office.bankaccount'); +call rbac.generateRbacRoleDescriptors('hs_office.bankaccount'); --// diff --git a/src/main/resources/db/changelog/5-hs-office/506-debitor/5063-hs-office-debitor-rbac.sql b/src/main/resources/db/changelog/5-hs-office/506-debitor/5063-hs-office-debitor-rbac.sql index dd3abfa8..255aa486 100644 --- a/src/main/resources/db/changelog/5-hs-office/506-debitor/5063-hs-office-debitor-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/506-debitor/5063-hs-office-debitor-rbac.sql @@ -12,7 +12,7 @@ call rbac.generateRelatedRbacObject('hs_office.debitor'); -- ============================================================================ --changeset RbacRoleDescriptorsGenerator:hs-office-debitor-rbac-ROLE-DESCRIPTORS endDelimiter:--// -- ---------------------------------------------------------------------------- -call rbac.generateRbacRoleDescriptors('hsOfficeDebitor', 'hs_office.debitor'); +call rbac.generateRbacRoleDescriptors('hs_office.debitor'); --// diff --git a/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5073-hs-office-sepamandate-rbac.sql b/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5073-hs-office-sepamandate-rbac.sql index f9e4ef66..300729d8 100644 --- a/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5073-hs-office-sepamandate-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5073-hs-office-sepamandate-rbac.sql @@ -12,7 +12,7 @@ call rbac.generateRelatedRbacObject('hs_office.sepamandate'); -- ============================================================================ --changeset RbacRoleDescriptorsGenerator:hs-office-sepamandate-rbac-ROLE-DESCRIPTORS endDelimiter:--// -- ---------------------------------------------------------------------------- -call rbac.generateRbacRoleDescriptors('hsOfficeSepaMandate', 'hs_office.sepamandate'); +call rbac.generateRbacRoleDescriptors('hs_office.sepamandate'); --// diff --git a/src/main/resources/db/changelog/5-hs-office/510-membership/5103-hs-office-membership-rbac.sql b/src/main/resources/db/changelog/5-hs-office/510-membership/5103-hs-office-membership-rbac.sql index 18d53198..8ee6d6e4 100644 --- a/src/main/resources/db/changelog/5-hs-office/510-membership/5103-hs-office-membership-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/510-membership/5103-hs-office-membership-rbac.sql @@ -12,7 +12,7 @@ call rbac.generateRelatedRbacObject('hs_office.membership'); -- ============================================================================ --changeset RbacRoleDescriptorsGenerator:hs-office-membership-rbac-ROLE-DESCRIPTORS endDelimiter:--// -- ---------------------------------------------------------------------------- -call rbac.generateRbacRoleDescriptors('hsOfficeMembership', 'hs_office.membership'); +call rbac.generateRbacRoleDescriptors('hs_office.membership'); --// diff --git a/src/main/resources/db/changelog/5-hs-office/511-coopshares/5113-hs-office-coopshares-rbac.sql b/src/main/resources/db/changelog/5-hs-office/511-coopshares/5113-hs-office-coopshares-rbac.sql index 66df3a08..83e86775 100644 --- a/src/main/resources/db/changelog/5-hs-office/511-coopshares/5113-hs-office-coopshares-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/511-coopshares/5113-hs-office-coopshares-rbac.sql @@ -12,7 +12,7 @@ call rbac.generateRelatedRbacObject('hs_office.coopsharestransaction'); -- ============================================================================ --changeset RbacRoleDescriptorsGenerator:hs-office-coopsharestransaction-rbac-ROLE-DESCRIPTORS endDelimiter:--// -- ---------------------------------------------------------------------------- -call rbac.generateRbacRoleDescriptors('hsOfficeCoopSharesTransaction', 'hs_office.coopsharestransaction'); +call rbac.generateRbacRoleDescriptors('hs_office.coopsharestransaction'); --// diff --git a/src/main/resources/db/changelog/5-hs-office/512-coopassets/5123-hs-office-coopassets-rbac.sql b/src/main/resources/db/changelog/5-hs-office/512-coopassets/5123-hs-office-coopassets-rbac.sql index d7dbc2b5..fcbd5cbc 100644 --- a/src/main/resources/db/changelog/5-hs-office/512-coopassets/5123-hs-office-coopassets-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/512-coopassets/5123-hs-office-coopassets-rbac.sql @@ -12,7 +12,7 @@ call rbac.generateRelatedRbacObject('hs_office.coopassetstransaction'); -- ============================================================================ --changeset RbacRoleDescriptorsGenerator:hs-office-coopassetstransaction-rbac-ROLE-DESCRIPTORS endDelimiter:--// -- ---------------------------------------------------------------------------- -call rbac.generateRbacRoleDescriptors('hsOfficeCoopAssetsTransaction', 'hs_office.coopassetstransaction'); +call rbac.generateRbacRoleDescriptors('hs_office.coopassetstransaction'); --// diff --git a/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6203-hs-booking-project-rbac.sql b/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6203-hs-booking-project-rbac.sql index 527a12e8..72809815 100644 --- a/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6203-hs-booking-project-rbac.sql +++ b/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6203-hs-booking-project-rbac.sql @@ -12,7 +12,7 @@ call rbac.generateRelatedRbacObject('hs_booking.project'); -- ============================================================================ --changeset RbacRoleDescriptorsGenerator:hs-booking-project-rbac-ROLE-DESCRIPTORS endDelimiter:--// -- ---------------------------------------------------------------------------- -call rbac.generateRbacRoleDescriptors('hsBookingProject', 'hs_booking.project'); +call rbac.generateRbacRoleDescriptors('hs_booking.project'); --// diff --git a/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6303-hs-booking-item-rbac.sql b/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6303-hs-booking-item-rbac.sql index f357da1f..483fcdd3 100644 --- a/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6303-hs-booking-item-rbac.sql +++ b/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6303-hs-booking-item-rbac.sql @@ -12,7 +12,7 @@ call rbac.generateRelatedRbacObject('hs_booking.item'); -- ============================================================================ --changeset RbacRoleDescriptorsGenerator:hs-booking-item-rbac-ROLE-DESCRIPTORS endDelimiter:--// -- ---------------------------------------------------------------------------- -call rbac.generateRbacRoleDescriptors('hsBookingItem', 'hs_booking.item'); +call rbac.generateRbacRoleDescriptors('hs_booking.item'); --// diff --git a/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7013-hs-hosting-asset-rbac.sql b/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7013-hs-hosting-asset-rbac.sql index 2c739bf5..ef7849db 100644 --- a/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7013-hs-hosting-asset-rbac.sql +++ b/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7013-hs-hosting-asset-rbac.sql @@ -12,7 +12,7 @@ call rbac.generateRelatedRbacObject('hs_hosting.asset'); -- ============================================================================ --changeset RbacRoleDescriptorsGenerator:hs-hosting-asset-rbac-ROLE-DESCRIPTORS endDelimiter:--// -- ---------------------------------------------------------------------------- -call rbac.generateRbacRoleDescriptors('hsHostingAsset', 'hs_hosting.asset'); +call rbac.generateRbacRoleDescriptors('hs_hosting.asset'); --// diff --git a/src/test/resources/application.yml b/src/test/resources/application.yml index 923c62e9..b4945a0f 100644 --- a/src/test/resources/application.yml +++ b/src/test/resources/application.yml @@ -7,7 +7,7 @@ spring: url-tc: jdbc:tc:postgresql:15.5-bookworm:///spring_boot_testcontainers url-tcx: jdbc:tc:postgresql:15.5-bookworm:///spring_boot_testcontainers?TC_REUSABLE=true&TC_DAEMON=true url-local: jdbc:postgresql://localhost:5432/postgres - url: ${spring.datasource.url-tc} + url: ${spring.datasource.url-local} username: postgres password: password