prepare hs-admin-customer files to be used as template + generate script v1
This commit is contained in:
parent
23796c56f9
commit
9720b37d85
src/main/resources/db/changelog
tools
@ -280,7 +280,7 @@ create domain RbacOp as varchar(67)
|
||||
or VALUE = 'view'
|
||||
or VALUE = 'assume'
|
||||
or VALUE ~ '^add-[a-z]+$'
|
||||
or VALUE ~ '^set-[a-z]+$'
|
||||
or VALUE ~ '^new-[a-z]+$'
|
||||
);
|
||||
|
||||
create table RbacPermission
|
||||
|
@ -7,7 +7,7 @@
|
||||
/*
|
||||
Creates the related RbacObject through a BEFORE INSERT TRIGGER.
|
||||
*/
|
||||
create trigger createRbacObjectForCustomer_Trigger
|
||||
create trigger createRbacObjectForHsAdminCustomer_Trigger
|
||||
before insert
|
||||
on hs_admin_contact
|
||||
for each row
|
||||
@ -57,14 +57,14 @@ create or replace function createRbacRolesForHsAdminContact()
|
||||
language plpgsql
|
||||
strict as $$
|
||||
declare
|
||||
contOwnerRole uuid;
|
||||
ownerRole uuid;
|
||||
begin
|
||||
if TG_OP <> 'INSERT' then
|
||||
raise exception 'invalid usage of TRIGGER AFTER INSERT';
|
||||
end if;
|
||||
|
||||
-- the owner role with full access for the creator assigned to the contact's email addr
|
||||
contOwnerRole = createRole(
|
||||
-- the owner role with full access for the creator assigned to the current user
|
||||
ownerRole = createRole(
|
||||
hsAdminContactOwner(NEW),
|
||||
grantingPermissions(forObjectUuid => NEW.uuid, permitOps => array ['*']),
|
||||
beneathRole(globalAdmin()),
|
||||
@ -77,7 +77,7 @@ begin
|
||||
perform createRole(
|
||||
hsAdminContactTenant(NEW),
|
||||
grantingPermissions(forObjectUuid => NEW.uuid, permitOps => array ['view']),
|
||||
beneathRole(contOwnerRole)
|
||||
beneathRole(ownerRole)
|
||||
);
|
||||
|
||||
return NEW;
|
||||
@ -102,7 +102,6 @@ execute procedure createRbacRolesForHsAdminContact();
|
||||
/*
|
||||
Deletes the roles and their assignments of a deleted contact for the BEFORE DELETE TRIGGER.
|
||||
*/
|
||||
|
||||
create or replace function deleteRbacRulesForHsAdminContact()
|
||||
returns trigger
|
||||
language plpgsql
|
||||
@ -120,7 +119,6 @@ end; $$;
|
||||
/*
|
||||
An BEFORE DELETE TRIGGER which deletes the role structure of a contact.
|
||||
*/
|
||||
|
||||
create trigger deleteRbacRulesForTestContact_Trigger
|
||||
before delete
|
||||
on hs_admin_contact
|
||||
@ -194,9 +192,6 @@ create or replace function insertHsAdminContact()
|
||||
declare
|
||||
newUser hs_admin_contact;
|
||||
begin
|
||||
-- insert
|
||||
-- into RbacObject as r (uuid, objecttable)
|
||||
-- values( new.uuid, 'hs_admin_contact_rv');
|
||||
insert
|
||||
into hs_admin_contact
|
||||
values (new.*)
|
||||
@ -245,10 +240,10 @@ execute function deleteHsAdminContact();
|
||||
--/
|
||||
|
||||
-- ============================================================================
|
||||
--changeset hs-admin-contact-rbac-SET-CONTACT:1 endDelimiter:--//
|
||||
--changeset hs-admin-contact-rbac-NEW-CONTACT:1 endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
/*
|
||||
Creates a global permission for set-contact and assigns it to the hostsharing admins role.
|
||||
Creates a global permission for new-contact and assigns it to the hostsharing admins role.
|
||||
*/
|
||||
do language plpgsql $$
|
||||
declare
|
||||
@ -256,11 +251,11 @@ do language plpgsql $$
|
||||
globalObjectUuid uuid;
|
||||
globalAdminRoleUuid uuid ;
|
||||
begin
|
||||
call defineContext('granting global set-contact permission to global admin role', null, null, null);
|
||||
call defineContext('granting global new-contact permission to global admin role', null, null, null);
|
||||
|
||||
globalAdminRoleUuid := findRoleId(globalAdmin());
|
||||
globalObjectUuid := (select uuid from global);
|
||||
addCustomerPermissions := createPermissions(globalObjectUuid, array ['set-contact']);
|
||||
addCustomerPermissions := createPermissions(globalObjectUuid, array ['new-contact']);
|
||||
call grantPermissionsToRole(globalAdminRoleUuid, addCustomerPermissions);
|
||||
end;
|
||||
$$;
|
||||
@ -273,7 +268,7 @@ create or replace function addHsAdminContactNotAllowedForCurrentSubjects()
|
||||
language PLPGSQL
|
||||
as $$
|
||||
begin
|
||||
raise exception '[403] set-contact not permitted for %',
|
||||
raise exception '[403] new-contact not permitted for %',
|
||||
array_to_string(currentSubjects(), ';', 'null');
|
||||
end; $$;
|
||||
|
||||
|
@ -12,31 +12,29 @@ create or replace procedure createHsAdminContactTestData(contLabel varchar)
|
||||
language plpgsql as $$
|
||||
declare
|
||||
currentTask varchar;
|
||||
contRowId uuid;
|
||||
contEmailAddr varchar;
|
||||
emailAddr varchar;
|
||||
begin
|
||||
currentTask = 'creating RBAC test contact ' || contLabel;
|
||||
call defineContext(currentTask, null, 'alex@hostsharing.net', 'global#global.admin');
|
||||
execute format('set local hsadminng.currentTask to %L', currentTask);
|
||||
|
||||
-- contRowId = uuid_generate_v4();
|
||||
contEmailAddr = 'customer-admin@' || cleanIdentifier(contLabel) || '.example.com';
|
||||
emailAddr = 'customer-admin@' || cleanIdentifier(contLabel) || '.example.com';
|
||||
|
||||
raise notice 'creating test contact: %', contLabel;
|
||||
insert
|
||||
into hs_admin_contact (label, postaladdress, emailaddresses, phonenumbers)
|
||||
values (contLabel, $addr$
|
||||
values (contLabel, $address$
|
||||
Vorname Nachname
|
||||
Straße Hnr
|
||||
PLZ Stadt
|
||||
$addr$, contEmailAddr, '+49 123 1234567');
|
||||
$address$, emailAddr, '+49 123 1234567');
|
||||
end; $$;
|
||||
--//
|
||||
|
||||
/*
|
||||
Creates a range of test customers for mass data generation.
|
||||
Creates a range of test contact for mass data generation.
|
||||
*/
|
||||
create or replace procedure createTestCustomerTestData(
|
||||
create or replace procedure createTestContactTestData(
|
||||
startCount integer, -- count of auto generated rows before the run
|
||||
endCount integer -- count of auto generated rows after the run
|
||||
)
|
||||
@ -44,7 +42,7 @@ create or replace procedure createTestCustomerTestData(
|
||||
begin
|
||||
for t in startCount..endCount
|
||||
loop
|
||||
call createHsAdminContactTestData(intToVarChar(t, 4)|| ' ' || testCustomerReference(t));
|
||||
call createHsAdminContactTestData(intToVarChar(t, 4) || '#' || t);
|
||||
commit;
|
||||
end loop;
|
||||
end; $$;
|
||||
|
35
tools/generate
Executable file
35
tools/generate
Executable file
@ -0,0 +1,35 @@
|
||||
#!/bin/bash
|
||||
|
||||
sed -e 's/hs-admin-contact/hs-admin-person/g' \
|
||||
-e 's/hs_admin_contact/hs_admin_person/g' \
|
||||
<src/main/resources/db/changelog/200-hs-admin-contact.sql >src/main/resources/db/changelog/210-hs-admin-person.sql
|
||||
|
||||
sed -e 's/hs-admin-contact/hs-admin-person/g' \
|
||||
-e 's/hs_admin_contact/hs_admin_person/g' \
|
||||
-e 's/HsAdminCustomer/HsAdminPerson/g' \
|
||||
-e 's/hsAdminContact/hsAdminPerson/g' \
|
||||
-e 's/contact/person/g' \
|
||||
<src/main/resources/db/changelog/203-hs-admin-contact-rbac.sql >src/main/resources/db/changelog/213-hs-admin-person-rbac.sql
|
||||
|
||||
sed -e 's/hs-admin-contact/hs-admin-person/g' \
|
||||
-e 's/hs_admin_contact/hs_admin_person/g' \
|
||||
-e 's/HsAdminCustomer/HsAdminPerson/g' \
|
||||
-e 's/hsAdminContact/hsAdminPerson/g' \
|
||||
-e 's/contact/person/g' \
|
||||
<src/main/resources/db/changelog/208-hs-admin-contact-test-data.sql >src/main/resources/db/changelog/218-hs-admin-person-test-data.sql
|
||||
|
||||
|
||||
# mkdir -p src/main/java/net/hostsharing/hsadminng/hs/admin/person
|
||||
#
|
||||
# sed -e 's/HsAdminContactEntity/HsAdminPersonEntity/g' \
|
||||
# sed -e 's/admin.contact/admin.person/g' \
|
||||
# <src/main/java/net/hostsharing/hsadminng/hs/admin/contact/HsAdminContactEntity.java >src/main/java/net/hostsharing/hsadminng/hs/admin/person/HsAdminPersonEntity.java
|
||||
|
||||
cat >>src/main/resources/db/changelog/db.changelog-master.yaml <<EOF
|
||||
- include:
|
||||
file: db/changelog/210-hs-admin-person.sql
|
||||
- include:
|
||||
file: db/changelog/213-hs-admin-person-rbac.sql
|
||||
- include:
|
||||
file: db/changelog/218-hs-admin-person-test-data.sql
|
||||
EOF
|
Loading…
Reference in New Issue
Block a user