procedure hs_office.relation_rebuild_rbac_system() as an example

2024-12-31 12:34:04 +01:00 · 2024-12-31 12:34:04 +01:00 · 9a8285e43c
commit 9a8285e43c
parent 9debaa1fc0
1 changed files with 37 additions and 0 deletions
--- a/src/main/resources/db/changelog/5-hs-office/503-relation/5033-hs-office-relation-rbac.sql
+++ b/src/main/resources/db/changelog/5-hs-office/503-relation/5033-hs-office-relation-rbac.sql
@ -252,3 +252,40 @@ call rbac.generateRbacRestrictedView('hs_office.relation',
    $updates$);
 --//

+
+-- ============================================================================
+--changeset RbacRestrictedViewGenerator:hs-office-relation-rbac-rebuild endDelimiter:--//
+-- ----------------------------------------------------------------------------
+
+--
+-- begin transaction;
+--  call base.defineContext('re-creating RBAC for table relation', null, <<insert executing global admin user here>>);
+--  call hs_office.relation_rebuild_rbac_system();
+-- commit;
+
+create or replace procedure hs_office.relation_rebuild_rbac_system()
+    language plpgsql as $$
+DECLARE
+    DECLARE
+    row hs_office.relation;
+    grantsAfter numeric;
+    grantsBefore numeric;
+BEGIN
+    SELECT count(*) INTO grantsBefore FROM rbac.grants;
+
+    FOR row IN SELECT * FROM hs_office.relation LOOP
+            -- first delete all generated grants for this row from the previously defined RBAC system
+            DELETE FROM rbac.grants g
+                   WHERE g.grantedbytriggerof = row.uuid;
+
+            -- then build the grants according to the currently defined RBAC rules
+            CALL hs_office.relation_build_rbac_system(row);
+        END LOOP;
+
+    select count(*) into grantsAfter from rbac.grants;
+
+    -- print how the total count of grants has changed
+    raise notice 'total grant count before -> after: % -> %', grantsBefore, grantsAfter;
+END;
+$$;
+--//