procedure hs_office.relation_rebuild_rbac_system() as an example

This commit is contained in:
Michael Hoennig 2024-12-31 12:34:04 +01:00
parent 9debaa1fc0
commit 9a8285e43c

View File

@ -252,3 +252,40 @@ call rbac.generateRbacRestrictedView('hs_office.relation',
$updates$); $updates$);
--// --//
-- ============================================================================
--changeset RbacRestrictedViewGenerator:hs-office-relation-rbac-rebuild endDelimiter:--//
-- ----------------------------------------------------------------------------
--
-- begin transaction;
-- call base.defineContext('re-creating RBAC for table relation', null, <<insert executing global admin user here>>);
-- call hs_office.relation_rebuild_rbac_system();
-- commit;
create or replace procedure hs_office.relation_rebuild_rbac_system()
language plpgsql as $$
DECLARE
DECLARE
row hs_office.relation;
grantsAfter numeric;
grantsBefore numeric;
BEGIN
SELECT count(*) INTO grantsBefore FROM rbac.grants;
FOR row IN SELECT * FROM hs_office.relation LOOP
-- first delete all generated grants for this row from the previously defined RBAC system
DELETE FROM rbac.grants g
WHERE g.grantedbytriggerof = row.uuid;
-- then build the grants according to the currently defined RBAC rules
CALL hs_office.relation_build_rbac_system(row);
END LOOP;
select count(*) into grantsAfter from rbac.grants;
-- print how the total count of grants has changed
raise notice 'total grant count before -> after: % -> %', grantsBefore, grantsAfter;
END;
$$;
--//