WIP towards customerOwner -> rbactest.customer_OWNER for example
This commit is contained in:
Michael Hoennig
parent
a0e1d96278
commit
94f6bab004
@ -19,12 +19,11 @@ public class RbacRoleDescriptorsGenerator {
|
||||
-- ============================================================================
|
||||
--changeset RbacRoleDescriptorsGenerator:${liquibaseTagPrefix}-rbac-ROLE-DESCRIPTORS endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call rbac.generateRbacRoleDescriptors('${simpleEntityVarName}', '${rawTableName}');
|
||||
call rbac.generateRbacRoleDescriptors('${rawTableName}');
|
||||
--//
|
||||
|
||||
""",
|
||||
with("liquibaseTagPrefix", liquibaseTagPrefix),
|
||||
with("simpleEntityVarName", simpleEntityVarName),
|
||||
with("rawTableName", rawTableName));
|
||||
}
|
||||
}
|
||||
|
||||
@ -49,62 +49,63 @@ $$;
|
||||
--changeset michael.hoennig:rbac-generators-ROLE-DESCRIPTORS endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
create procedure rbac.generateRbacRoleDescriptors(prefix text, targetTable text)
|
||||
create procedure rbac.generateRbacRoleDescriptors(targetTable text)
|
||||
language plpgsql as $$
|
||||
declare
|
||||
sql text;
|
||||
begin
|
||||
sql = format($sql$
|
||||
create or replace function %1$sOwner(entity %2$s, assumed boolean = true)
|
||||
create or replace function %1$s_OWNER(entity %1$s, assumed boolean = true)
|
||||
returns rbac.RoleDescriptor
|
||||
language plpgsql
|
||||
strict as $f$
|
||||
begin
|
||||
return rbac.roleDescriptorOf('%2$s', entity.uuid, 'OWNER', assumed);
|
||||
return rbac.roleDescriptorOf('%1$s', entity.uuid, 'OWNER', assumed);
|
||||
end; $f$;
|
||||
|
||||
create or replace function %1$sAdmin(entity %2$s, assumed boolean = true)
|
||||
create or replace function %1$s_ADMIN(entity %1$s, assumed boolean = true)
|
||||
returns rbac.RoleDescriptor
|
||||
language plpgsql
|
||||
strict as $f$
|
||||
begin
|
||||
return rbac.roleDescriptorOf('%2$s', entity.uuid, 'ADMIN', assumed);
|
||||
return rbac.roleDescriptorOf('%1$s', entity.uuid, 'ADMIN', assumed);
|
||||
end; $f$;
|
||||
|
||||
create or replace function %1$sAgent(entity %2$s, assumed boolean = true)
|
||||
create or replace function %1$s_AGENT(entity %1$s, assumed boolean = true)
|
||||
returns rbac.RoleDescriptor
|
||||
language plpgsql
|
||||
strict as $f$
|
||||
begin
|
||||
return rbac.roleDescriptorOf('%2$s', entity.uuid, 'AGENT', assumed);
|
||||
return rbac.roleDescriptorOf('%1$s', entity.uuid, 'AGENT', assumed);
|
||||
end; $f$;
|
||||
|
||||
create or replace function %1$sTenant(entity %2$s, assumed boolean = true)
|
||||
create or replace function %1$s_TENANT(entity %1$s, assumed boolean = true)
|
||||
returns rbac.RoleDescriptor
|
||||
language plpgsql
|
||||
strict as $f$
|
||||
begin
|
||||
return rbac.roleDescriptorOf('%2$s', entity.uuid, 'TENANT', assumed);
|
||||
return rbac.roleDescriptorOf('%1$s', entity.uuid, 'TENANT', assumed);
|
||||
end; $f$;
|
||||
|
||||
-- TODO: remove guest role
|
||||
create or replace function %1$sGuest(entity %2$s, assumed boolean = true)
|
||||
create or replace function %1$s_GUEST(entity %1$s, assumed boolean = true)
|
||||
returns rbac.RoleDescriptor
|
||||
language plpgsql
|
||||
strict as $f$
|
||||
begin
|
||||
return rbac.roleDescriptorOf('%2$s', entity.uuid, 'GUEST', assumed);
|
||||
return rbac.roleDescriptorOf('%1$s', entity.uuid, 'GUEST', assumed);
|
||||
end; $f$;
|
||||
|
||||
create or replace function %1$sReferrer(entity %2$s)
|
||||
create or replace function %1$s_REFERRER(entity %1$s)
|
||||
returns rbac.RoleDescriptor
|
||||
language plpgsql
|
||||
strict as $f$
|
||||
begin
|
||||
return rbac.roleDescriptorOf('%2$s', entity.uuid, 'REFERRER');
|
||||
return rbac.roleDescriptorOf('%1$s', entity.uuid, 'REFERRER');
|
||||
end; $f$;
|
||||
|
||||
$sql$, prefix, targetTable);
|
||||
$sql$, targetTable);
|
||||
raise exception 'generated-SQL: %', sql;
|
||||
execute sql;
|
||||
end; $$;
|
||||
--//
|
||||
|
||||
@ -12,7 +12,7 @@ call rbac.generateRelatedRbacObject('rbactest.customer');
|
||||
-- ============================================================================
|
||||
--changeset RbacRoleDescriptorsGenerator:rbactest-customer-rbac-ROLE-DESCRIPTORS endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call rbac.generateRbacRoleDescriptors('testCustomer', 'rbactest.customer');
|
||||
call rbac.generateRbacRoleDescriptors('rbactest.customer');
|
||||
--//
|
||||
|
||||
|
||||
|
||||
@ -12,7 +12,7 @@ call rbac.generateRelatedRbacObject('rbactest.package');
|
||||
-- ============================================================================
|
||||
--changeset RbacRoleDescriptorsGenerator:rbactest-package-rbac-ROLE-DESCRIPTORS endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call rbac.generateRbacRoleDescriptors('testPackage', 'rbactest.package');
|
||||
call rbac.generateRbacRoleDescriptors('rbactest.package');
|
||||
--//
|
||||
|
||||
|
||||
|
||||
@ -12,7 +12,7 @@ call rbac.generateRelatedRbacObject('rbactest.domain');
|
||||
-- ============================================================================
|
||||
--changeset RbacRoleDescriptorsGenerator:rbactest-domain-rbac-ROLE-DESCRIPTORS endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call rbac.generateRbacRoleDescriptors('testDomain', 'rbactest.domain');
|
||||
call rbac.generateRbacRoleDescriptors('rbactest.domain');
|
||||
--//
|
||||
|
||||
|
||||
|
||||
@ -12,7 +12,7 @@ call rbac.generateRelatedRbacObject('hs_office.contact');
|
||||
-- ============================================================================
|
||||
--changeset RbacRoleDescriptorsGenerator:hs-office-contact-rbac-ROLE-DESCRIPTORS endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call rbac.generateRbacRoleDescriptors('hsOfficeContact', 'hs_office.contact');
|
||||
call rbac.generateRbacRoleDescriptors('hs_office.contact');
|
||||
--//
|
||||
|
||||
|
||||
|
||||
@ -12,7 +12,7 @@ call rbac.generateRelatedRbacObject('hs_office.person');
|
||||
-- ============================================================================
|
||||
--changeset RbacRoleDescriptorsGenerator:hs-office-person-rbac-ROLE-DESCRIPTORS endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call rbac.generateRbacRoleDescriptors('hsOfficePerson', 'hs_office.person');
|
||||
call rbac.generateRbacRoleDescriptors('hs_office.person');
|
||||
--//
|
||||
|
||||
|
||||
|
||||
@ -12,7 +12,7 @@ call rbac.generateRelatedRbacObject('hs_office.relation');
|
||||
-- ============================================================================
|
||||
--changeset RbacRoleDescriptorsGenerator:hs-office-relation-rbac-ROLE-DESCRIPTORS endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call rbac.generateRbacRoleDescriptors('hsOfficeRelation', 'hs_office.relation');
|
||||
call rbac.generateRbacRoleDescriptors('hs_office.relation');
|
||||
--//
|
||||
|
||||
|
||||
|
||||
@ -12,7 +12,7 @@ call rbac.generateRelatedRbacObject('hs_office.partner');
|
||||
-- ============================================================================
|
||||
--changeset RbacRoleDescriptorsGenerator:hs-office-partner-rbac-ROLE-DESCRIPTORS endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call rbac.generateRbacRoleDescriptors('hsOfficePartner', 'hs_office.partner');
|
||||
call rbac.generateRbacRoleDescriptors('hs_office.partner');
|
||||
--//
|
||||
|
||||
|
||||
|
||||
@ -12,7 +12,7 @@ call rbac.generateRelatedRbacObject('hs_office.partner_details');
|
||||
-- ============================================================================
|
||||
--changeset RbacRoleDescriptorsGenerator:hs-office-partner-details-rbac-ROLE-DESCRIPTORS endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call rbac.generateRbacRoleDescriptors('hsOfficePartnerDetails', 'hs_office.partner_details');
|
||||
call rbac.generateRbacRoleDescriptors('hs_office.partner_details');
|
||||
--//
|
||||
|
||||
|
||||
|
||||
@ -12,7 +12,7 @@ call rbac.generateRelatedRbacObject('hs_office.bankaccount');
|
||||
-- ============================================================================
|
||||
--changeset RbacRoleDescriptorsGenerator:hs-office-bankaccount-rbac-ROLE-DESCRIPTORS endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call rbac.generateRbacRoleDescriptors('hsOfficeBankAccount', 'hs_office.bankaccount');
|
||||
call rbac.generateRbacRoleDescriptors('hs_office.bankaccount');
|
||||
--//
|
||||
|
||||
|
||||
|
||||
@ -12,7 +12,7 @@ call rbac.generateRelatedRbacObject('hs_office.debitor');
|
||||
-- ============================================================================
|
||||
--changeset RbacRoleDescriptorsGenerator:hs-office-debitor-rbac-ROLE-DESCRIPTORS endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call rbac.generateRbacRoleDescriptors('hsOfficeDebitor', 'hs_office.debitor');
|
||||
call rbac.generateRbacRoleDescriptors('hs_office.debitor');
|
||||
--//
|
||||
|
||||
|
||||
|
||||
@ -12,7 +12,7 @@ call rbac.generateRelatedRbacObject('hs_office.sepamandate');
|
||||
-- ============================================================================
|
||||
--changeset RbacRoleDescriptorsGenerator:hs-office-sepamandate-rbac-ROLE-DESCRIPTORS endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call rbac.generateRbacRoleDescriptors('hsOfficeSepaMandate', 'hs_office.sepamandate');
|
||||
call rbac.generateRbacRoleDescriptors('hs_office.sepamandate');
|
||||
--//
|
||||
|
||||
|
||||
|
||||
@ -12,7 +12,7 @@ call rbac.generateRelatedRbacObject('hs_office.membership');
|
||||
-- ============================================================================
|
||||
--changeset RbacRoleDescriptorsGenerator:hs-office-membership-rbac-ROLE-DESCRIPTORS endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call rbac.generateRbacRoleDescriptors('hsOfficeMembership', 'hs_office.membership');
|
||||
call rbac.generateRbacRoleDescriptors('hs_office.membership');
|
||||
--//
|
||||
|
||||
|
||||
|
||||
@ -12,7 +12,7 @@ call rbac.generateRelatedRbacObject('hs_office.coopsharestransaction');
|
||||
-- ============================================================================
|
||||
--changeset RbacRoleDescriptorsGenerator:hs-office-coopsharestransaction-rbac-ROLE-DESCRIPTORS endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call rbac.generateRbacRoleDescriptors('hsOfficeCoopSharesTransaction', 'hs_office.coopsharestransaction');
|
||||
call rbac.generateRbacRoleDescriptors('hs_office.coopsharestransaction');
|
||||
--//
|
||||
|
||||
|
||||
|
||||
@ -12,7 +12,7 @@ call rbac.generateRelatedRbacObject('hs_office.coopassetstransaction');
|
||||
-- ============================================================================
|
||||
--changeset RbacRoleDescriptorsGenerator:hs-office-coopassetstransaction-rbac-ROLE-DESCRIPTORS endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call rbac.generateRbacRoleDescriptors('hsOfficeCoopAssetsTransaction', 'hs_office.coopassetstransaction');
|
||||
call rbac.generateRbacRoleDescriptors('hs_office.coopassetstransaction');
|
||||
--//
|
||||
|
||||
|
||||
|
||||
@ -12,7 +12,7 @@ call rbac.generateRelatedRbacObject('hs_booking.project');
|
||||
-- ============================================================================
|
||||
--changeset RbacRoleDescriptorsGenerator:hs-booking-project-rbac-ROLE-DESCRIPTORS endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call rbac.generateRbacRoleDescriptors('hsBookingProject', 'hs_booking.project');
|
||||
call rbac.generateRbacRoleDescriptors('hs_booking.project');
|
||||
--//
|
||||
|
||||
|
||||
|
||||
@ -12,7 +12,7 @@ call rbac.generateRelatedRbacObject('hs_booking.item');
|
||||
-- ============================================================================
|
||||
--changeset RbacRoleDescriptorsGenerator:hs-booking-item-rbac-ROLE-DESCRIPTORS endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call rbac.generateRbacRoleDescriptors('hsBookingItem', 'hs_booking.item');
|
||||
call rbac.generateRbacRoleDescriptors('hs_booking.item');
|
||||
--//
|
||||
|
||||
|
||||
|
||||
@ -12,7 +12,7 @@ call rbac.generateRelatedRbacObject('hs_hosting.asset');
|
||||
-- ============================================================================
|
||||
--changeset RbacRoleDescriptorsGenerator:hs-hosting-asset-rbac-ROLE-DESCRIPTORS endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call rbac.generateRbacRoleDescriptors('hsHostingAsset', 'hs_hosting.asset');
|
||||
call rbac.generateRbacRoleDescriptors('hs_hosting.asset');
|
||||
--//
|
||||
|
||||
|
||||
|
||||
@ -7,7 +7,7 @@ spring:
|
||||
url-tc: jdbc:tc:postgresql:15.5-bookworm:///spring_boot_testcontainers
|
||||
url-tcx: jdbc:tc:postgresql:15.5-bookworm:///spring_boot_testcontainers?TC_REUSABLE=true&TC_DAEMON=true
|
||||
url-local: jdbc:postgresql://localhost:5432/postgres
|
||||
url: ${spring.datasource.url-tc}
|
||||
url: ${spring.datasource.url-local}
|
||||
username: postgres
|
||||
password: password
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user