diff --git a/src/main/resources/db/changelog/050-rbac-base.sql b/src/main/resources/db/changelog/050-rbac-base.sql index 4c77f73c..7bdb2cd8 100644 --- a/src/main/resources/db/changelog/050-rbac-base.sql +++ b/src/main/resources/db/changelog/050-rbac-base.sql @@ -280,7 +280,7 @@ create domain RbacOp as varchar(67) or VALUE = 'view' or VALUE = 'assume' or VALUE ~ '^add-[a-z]+$' - or VALUE ~ '^set-[a-z]+$' + or VALUE ~ '^new-[a-z]+$' ); create table RbacPermission diff --git a/src/main/resources/db/changelog/203-hs-admin-contact-rbac.sql b/src/main/resources/db/changelog/203-hs-admin-contact-rbac.sql index 4905bfb7..b1557dcd 100644 --- a/src/main/resources/db/changelog/203-hs-admin-contact-rbac.sql +++ b/src/main/resources/db/changelog/203-hs-admin-contact-rbac.sql @@ -7,7 +7,7 @@ /* Creates the related RbacObject through a BEFORE INSERT TRIGGER. */ -create trigger createRbacObjectForCustomer_Trigger +create trigger createRbacObjectForHsAdminCustomer_Trigger before insert on hs_admin_contact for each row @@ -57,14 +57,14 @@ create or replace function createRbacRolesForHsAdminContact() language plpgsql strict as $$ declare - contOwnerRole uuid; + ownerRole uuid; begin if TG_OP <> 'INSERT' then raise exception 'invalid usage of TRIGGER AFTER INSERT'; end if; - -- the owner role with full access for the creator assigned to the contact's email addr - contOwnerRole = createRole( + -- the owner role with full access for the creator assigned to the current user + ownerRole = createRole( hsAdminContactOwner(NEW), grantingPermissions(forObjectUuid => NEW.uuid, permitOps => array ['*']), beneathRole(globalAdmin()), @@ -77,7 +77,7 @@ begin perform createRole( hsAdminContactTenant(NEW), grantingPermissions(forObjectUuid => NEW.uuid, permitOps => array ['view']), - beneathRole(contOwnerRole) + beneathRole(ownerRole) ); return NEW; @@ -102,7 +102,6 @@ execute procedure createRbacRolesForHsAdminContact(); /* Deletes the roles and their assignments of a deleted contact for the BEFORE DELETE TRIGGER. */ - create or replace function deleteRbacRulesForHsAdminContact() returns trigger language plpgsql @@ -120,7 +119,6 @@ end; $$; /* An BEFORE DELETE TRIGGER which deletes the role structure of a contact. */ - create trigger deleteRbacRulesForTestContact_Trigger before delete on hs_admin_contact @@ -194,9 +192,6 @@ create or replace function insertHsAdminContact() declare newUser hs_admin_contact; begin --- insert --- into RbacObject as r (uuid, objecttable) --- values( new.uuid, 'hs_admin_contact_rv'); insert into hs_admin_contact values (new.*) @@ -245,10 +240,10 @@ execute function deleteHsAdminContact(); --/ -- ============================================================================ ---changeset hs-admin-contact-rbac-SET-CONTACT:1 endDelimiter:--// +--changeset hs-admin-contact-rbac-NEW-CONTACT:1 endDelimiter:--// -- ---------------------------------------------------------------------------- /* - Creates a global permission for set-contact and assigns it to the hostsharing admins role. + Creates a global permission for new-contact and assigns it to the hostsharing admins role. */ do language plpgsql $$ declare @@ -256,11 +251,11 @@ do language plpgsql $$ globalObjectUuid uuid; globalAdminRoleUuid uuid ; begin - call defineContext('granting global set-contact permission to global admin role', null, null, null); + call defineContext('granting global new-contact permission to global admin role', null, null, null); globalAdminRoleUuid := findRoleId(globalAdmin()); globalObjectUuid := (select uuid from global); - addCustomerPermissions := createPermissions(globalObjectUuid, array ['set-contact']); + addCustomerPermissions := createPermissions(globalObjectUuid, array ['new-contact']); call grantPermissionsToRole(globalAdminRoleUuid, addCustomerPermissions); end; $$; @@ -273,7 +268,7 @@ create or replace function addHsAdminContactNotAllowedForCurrentSubjects() language PLPGSQL as $$ begin - raise exception '[403] set-contact not permitted for %', + raise exception '[403] new-contact not permitted for %', array_to_string(currentSubjects(), ';', 'null'); end; $$; diff --git a/src/main/resources/db/changelog/208-hs-admin-contact-test-data.sql b/src/main/resources/db/changelog/208-hs-admin-contact-test-data.sql index 5c890a4a..6be893ab 100644 --- a/src/main/resources/db/changelog/208-hs-admin-contact-test-data.sql +++ b/src/main/resources/db/changelog/208-hs-admin-contact-test-data.sql @@ -12,31 +12,29 @@ create or replace procedure createHsAdminContactTestData(contLabel varchar) language plpgsql as $$ declare currentTask varchar; - contRowId uuid; - contEmailAddr varchar; + emailAddr varchar; begin currentTask = 'creating RBAC test contact ' || contLabel; call defineContext(currentTask, null, 'alex@hostsharing.net', 'global#global.admin'); execute format('set local hsadminng.currentTask to %L', currentTask); - -- contRowId = uuid_generate_v4(); - contEmailAddr = 'customer-admin@' || cleanIdentifier(contLabel) || '.example.com'; + emailAddr = 'customer-admin@' || cleanIdentifier(contLabel) || '.example.com'; raise notice 'creating test contact: %', contLabel; insert into hs_admin_contact (label, postaladdress, emailaddresses, phonenumbers) - values (contLabel, $addr$ + values (contLabel, $address$ Vorname Nachname Straße Hnr PLZ Stadt -$addr$, contEmailAddr, '+49 123 1234567'); +$address$, emailAddr, '+49 123 1234567'); end; $$; --// /* - Creates a range of test customers for mass data generation. + Creates a range of test contact for mass data generation. */ -create or replace procedure createTestCustomerTestData( +create or replace procedure createTestContactTestData( startCount integer, -- count of auto generated rows before the run endCount integer -- count of auto generated rows after the run ) @@ -44,7 +42,7 @@ create or replace procedure createTestCustomerTestData( begin for t in startCount..endCount loop - call createHsAdminContactTestData(intToVarChar(t, 4)|| ' ' || testCustomerReference(t)); + call createHsAdminContactTestData(intToVarChar(t, 4) || '#' || t); commit; end loop; end; $$; diff --git a/tools/generate b/tools/generate new file mode 100755 index 00000000..cfc07e77 --- /dev/null +++ b/tools/generate @@ -0,0 +1,35 @@ +#!/bin/bash + +sed -e 's/hs-admin-contact/hs-admin-person/g' \ + -e 's/hs_admin_contact/hs_admin_person/g' \ + src/main/resources/db/changelog/210-hs-admin-person.sql + +sed -e 's/hs-admin-contact/hs-admin-person/g' \ + -e 's/hs_admin_contact/hs_admin_person/g' \ + -e 's/HsAdminCustomer/HsAdminPerson/g' \ + -e 's/hsAdminContact/hsAdminPerson/g' \ + -e 's/contact/person/g' \ + src/main/resources/db/changelog/213-hs-admin-person-rbac.sql + +sed -e 's/hs-admin-contact/hs-admin-person/g' \ + -e 's/hs_admin_contact/hs_admin_person/g' \ + -e 's/HsAdminCustomer/HsAdminPerson/g' \ + -e 's/hsAdminContact/hsAdminPerson/g' \ + -e 's/contact/person/g' \ + src/main/resources/db/changelog/218-hs-admin-person-test-data.sql + + +# mkdir -p src/main/java/net/hostsharing/hsadminng/hs/admin/person +# +# sed -e 's/HsAdminContactEntity/HsAdminPersonEntity/g' \ +# sed -e 's/admin.contact/admin.person/g' \ +# src/main/java/net/hostsharing/hsadminng/hs/admin/person/HsAdminPersonEntity.java + +cat >>src/main/resources/db/changelog/db.changelog-master.yaml <