From 9d078da7f59c2a2a9f80c5479cf868255382759e Mon Sep 17 00:00:00 2001 From: Michael Hoennig Date: Tue, 2 Apr 2024 12:17:06 +0200 Subject: [PATCH] re-generated rbac --- .../5103-hs-office-membership-rbac.md | 14 +++++++------- .../5103-hs-office-membership-rbac.sql | 12 ++++++------ .../5113-hs-office-coopshares-rbac.md | 12 ++++++------ .../5113-hs-office-coopshares-rbac.sql | 2 +- .../5123-hs-office-coopassets-rbac.md | 12 ++++++------ .../5123-hs-office-coopassets-rbac.sql | 2 +- 6 files changed, 27 insertions(+), 27 deletions(-) diff --git a/src/main/resources/db/changelog/5-hs-office/510-membership/5103-hs-office-membership-rbac.md b/src/main/resources/db/changelog/5-hs-office/510-membership/5103-hs-office-membership-rbac.md index d458212c..3681b8e6 100644 --- a/src/main/resources/db/changelog/5-hs-office/510-membership/5103-hs-office-membership-rbac.md +++ b/src/main/resources/db/changelog/5-hs-office/510-membership/5103-hs-office-membership-rbac.md @@ -42,7 +42,7 @@ subgraph membership["`**membership**`"] role:membership:OWNER[[membership:OWNER]] role:membership:ADMIN[[membership:ADMIN]] - role:membership:REFERRER[[membership:REFERRER]] + role:membership:AGENT[[membership:AGENT]] end subgraph membership:permissions[ ] @@ -105,16 +105,16 @@ role:partnerRel.contact:ADMIN -.-> role:partnerRel:TENANT role:partnerRel:TENANT -.-> role:partnerRel.anchorPerson:REFERRER role:partnerRel:TENANT -.-> role:partnerRel.holderPerson:REFERRER role:partnerRel:TENANT -.-> role:partnerRel.contact:REFERRER -role:partnerRel:ADMIN ==> role:membership:OWNER role:membership:OWNER ==> role:membership:ADMIN -role:partnerRel:AGENT ==> role:membership:ADMIN -role:membership:ADMIN ==> role:membership:REFERRER -role:membership:REFERRER ==> role:partnerRel:TENANT +role:partnerRel:ADMIN ==> role:membership:ADMIN +role:membership:ADMIN ==> role:membership:AGENT +role:partnerRel:AGENT ==> role:membership:AGENT +role:membership:AGENT ==> role:partnerRel:TENANT %% granting permissions to roles role:global:ADMIN ==> perm:membership:INSERT -role:membership:OWNER ==> perm:membership:DELETE +role:membership:ADMIN ==> perm:membership:DELETE role:membership:ADMIN ==> perm:membership:UPDATE -role:membership:REFERRER ==> perm:membership:SELECT +role:membership:AGENT ==> perm:membership:SELECT ``` diff --git a/src/main/resources/db/changelog/5-hs-office/510-membership/5103-hs-office-membership-rbac.sql b/src/main/resources/db/changelog/5-hs-office/510-membership/5103-hs-office-membership-rbac.sql index 9c423ba4..7f8de66b 100644 --- a/src/main/resources/db/changelog/5-hs-office/510-membership/5103-hs-office-membership-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/510-membership/5103-hs-office-membership-rbac.sql @@ -45,23 +45,23 @@ begin perform createRoleWithGrants( hsOfficeMembershipOWNER(NEW), - permissions => array['DELETE'], - incomingSuperRoles => array[hsOfficeRelationADMIN(newPartnerRel)], userUuids => array[currentUserUuid()] ); perform createRoleWithGrants( hsOfficeMembershipADMIN(NEW), - permissions => array['UPDATE'], + permissions => array['DELETE', 'UPDATE'], incomingSuperRoles => array[ hsOfficeMembershipOWNER(NEW), - hsOfficeRelationAGENT(newPartnerRel)] + hsOfficeRelationADMIN(newPartnerRel)] ); perform createRoleWithGrants( - hsOfficeMembershipREFERRER(NEW), + hsOfficeMembershipAGENT(NEW), permissions => array['SELECT'], - incomingSuperRoles => array[hsOfficeMembershipADMIN(NEW)], + incomingSuperRoles => array[ + hsOfficeMembershipADMIN(NEW), + hsOfficeRelationAGENT(newPartnerRel)], outgoingSubRoles => array[hsOfficeRelationTENANT(newPartnerRel)] ); diff --git a/src/main/resources/db/changelog/5-hs-office/511-coopshares/5113-hs-office-coopshares-rbac.md b/src/main/resources/db/changelog/5-hs-office/511-coopshares/5113-hs-office-coopshares-rbac.md index 129de47c..26ff3d5c 100644 --- a/src/main/resources/db/changelog/5-hs-office/511-coopshares/5113-hs-office-coopshares-rbac.md +++ b/src/main/resources/db/changelog/5-hs-office/511-coopshares/5113-hs-office-coopshares-rbac.md @@ -54,7 +54,7 @@ subgraph membership["`**membership**`"] role:membership:OWNER[[membership:OWNER]] role:membership:ADMIN[[membership:ADMIN]] - role:membership:REFERRER[[membership:REFERRER]] + role:membership:AGENT[[membership:AGENT]] end end @@ -106,15 +106,15 @@ role:membership.partnerRel.contact:ADMIN -.-> role:membership.partnerRel:TENANT role:membership.partnerRel:TENANT -.-> role:membership.partnerRel.anchorPerson:REFERRER role:membership.partnerRel:TENANT -.-> role:membership.partnerRel.holderPerson:REFERRER role:membership.partnerRel:TENANT -.-> role:membership.partnerRel.contact:REFERRER -role:membership.partnerRel:ADMIN -.-> role:membership:OWNER role:membership:OWNER -.-> role:membership:ADMIN -role:membership.partnerRel:AGENT -.-> role:membership:ADMIN -role:membership:ADMIN -.-> role:membership:REFERRER -role:membership:REFERRER -.-> role:membership.partnerRel:TENANT +role:membership.partnerRel:ADMIN -.-> role:membership:ADMIN +role:membership:ADMIN -.-> role:membership:AGENT +role:membership.partnerRel:AGENT -.-> role:membership:AGENT +role:membership:AGENT -.-> role:membership.partnerRel:TENANT %% granting permissions to roles role:membership:ADMIN ==> perm:coopSharesTransaction:INSERT role:membership:ADMIN ==> perm:coopSharesTransaction:UPDATE -role:membership:ADMIN ==> perm:coopSharesTransaction:SELECT +role:membership:AGENT ==> perm:coopSharesTransaction:SELECT ``` diff --git a/src/main/resources/db/changelog/5-hs-office/511-coopshares/5113-hs-office-coopshares-rbac.sql b/src/main/resources/db/changelog/5-hs-office/511-coopshares/5113-hs-office-coopshares-rbac.sql index 1e894300..f4856f0a 100644 --- a/src/main/resources/db/changelog/5-hs-office/511-coopshares/5113-hs-office-coopshares-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/511-coopshares/5113-hs-office-coopshares-rbac.sql @@ -38,7 +38,7 @@ begin SELECT * FROM hs_office_membership WHERE uuid = NEW.membershipUuid INTO newMembership; assert newMembership.uuid is not null, format('newMembership must not be null for NEW.membershipUuid = %s', NEW.membershipUuid); - call grantPermissionToRole(createPermission(NEW.uuid, 'SELECT'), hsOfficeMembershipADMIN(newMembership)); + call grantPermissionToRole(createPermission(NEW.uuid, 'SELECT'), hsOfficeMembershipAGENT(newMembership)); call grantPermissionToRole(createPermission(NEW.uuid, 'UPDATE'), hsOfficeMembershipADMIN(newMembership)); call leaveTriggerForObjectUuid(NEW.uuid); diff --git a/src/main/resources/db/changelog/5-hs-office/512-coopassets/5123-hs-office-coopassets-rbac.md b/src/main/resources/db/changelog/5-hs-office/512-coopassets/5123-hs-office-coopassets-rbac.md index 2b96a199..d220a38c 100644 --- a/src/main/resources/db/changelog/5-hs-office/512-coopassets/5123-hs-office-coopassets-rbac.md +++ b/src/main/resources/db/changelog/5-hs-office/512-coopassets/5123-hs-office-coopassets-rbac.md @@ -54,7 +54,7 @@ subgraph membership["`**membership**`"] role:membership:OWNER[[membership:OWNER]] role:membership:ADMIN[[membership:ADMIN]] - role:membership:REFERRER[[membership:REFERRER]] + role:membership:AGENT[[membership:AGENT]] end end @@ -106,15 +106,15 @@ role:membership.partnerRel.contact:ADMIN -.-> role:membership.partnerRel:TENANT role:membership.partnerRel:TENANT -.-> role:membership.partnerRel.anchorPerson:REFERRER role:membership.partnerRel:TENANT -.-> role:membership.partnerRel.holderPerson:REFERRER role:membership.partnerRel:TENANT -.-> role:membership.partnerRel.contact:REFERRER -role:membership.partnerRel:ADMIN -.-> role:membership:OWNER role:membership:OWNER -.-> role:membership:ADMIN -role:membership.partnerRel:AGENT -.-> role:membership:ADMIN -role:membership:ADMIN -.-> role:membership:REFERRER -role:membership:REFERRER -.-> role:membership.partnerRel:TENANT +role:membership.partnerRel:ADMIN -.-> role:membership:ADMIN +role:membership:ADMIN -.-> role:membership:AGENT +role:membership.partnerRel:AGENT -.-> role:membership:AGENT +role:membership:AGENT -.-> role:membership.partnerRel:TENANT %% granting permissions to roles role:membership:ADMIN ==> perm:coopAssetsTransaction:INSERT role:membership:ADMIN ==> perm:coopAssetsTransaction:UPDATE -role:membership:ADMIN ==> perm:coopAssetsTransaction:SELECT +role:membership:AGENT ==> perm:coopAssetsTransaction:SELECT ``` diff --git a/src/main/resources/db/changelog/5-hs-office/512-coopassets/5123-hs-office-coopassets-rbac.sql b/src/main/resources/db/changelog/5-hs-office/512-coopassets/5123-hs-office-coopassets-rbac.sql index 2c292436..df1fdd3b 100644 --- a/src/main/resources/db/changelog/5-hs-office/512-coopassets/5123-hs-office-coopassets-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/512-coopassets/5123-hs-office-coopassets-rbac.sql @@ -38,7 +38,7 @@ begin SELECT * FROM hs_office_membership WHERE uuid = NEW.membershipUuid INTO newMembership; assert newMembership.uuid is not null, format('newMembership must not be null for NEW.membershipUuid = %s', NEW.membershipUuid); - call grantPermissionToRole(createPermission(NEW.uuid, 'SELECT'), hsOfficeMembershipADMIN(newMembership)); + call grantPermissionToRole(createPermission(NEW.uuid, 'SELECT'), hsOfficeMembershipAGENT(newMembership)); call grantPermissionToRole(createPermission(NEW.uuid, 'UPDATE'), hsOfficeMembershipADMIN(newMembership)); call leaveTriggerForObjectUuid(NEW.uuid);