diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml index a1fead7f..5cd25fa5 100644 --- a/src/main/resources/application.yml +++ b/src/main/resources/application.yml @@ -9,3 +9,6 @@ spring: sql: init: mode: never + +liquibase: + contexts: dev diff --git a/src/main/resources/db/changelog/20-hs-base.sql b/src/main/resources/db/changelog/20-hs-base.sql deleted file mode 100644 index b81aa4ae..00000000 --- a/src/main/resources/db/changelog/20-hs-base.sql +++ /dev/null @@ -1,37 +0,0 @@ -create table Hostsharing -( - uuid uuid primary key references RbacObject (uuid) -); -create unique index Hostsharing_Singleton on Hostsharing ((0)); - - -insert -into RbacObject (objecttable) values ('hostsharing'); -insert - into Hostsharing (uuid) values ((select uuid from RbacObject where objectTable = 'hostsharing')); - -create or replace function hostsharingAdmin() - returns RbacRoleDescriptor - returns null on null input - stable leakproof - language sql as $$ -select 'global', (select uuid from RbacObject where objectTable = 'hostsharing'), 'admin'::RbacRoleType; -$$; - --- create administrators role with two assigned users -do language plpgsql $$ - declare - admins uuid ; - begin - admins = createRole(hostsharingAdmin()); - call grantRoleToUser(admins, createRbacUser('mike@hostsharing.net')); - call grantRoleToUser(admins, createRbacUser('sven@hostsharing.net')); - commit; - end; -$$; - - -begin transaction; -set local hsadminng.currentUser = 'mike@hostsharing.net'; -select * from RbacUser where uuid = currentUserId(); -end transaction; diff --git a/src/main/resources/db/changelog/2022-07-28-000-template.sql b/src/main/resources/db/changelog/2022-07-28-000-template.sql index 04fe08fa..1dc12f42 100644 --- a/src/main/resources/db/changelog/2022-07-28-000-template.sql +++ b/src/main/resources/db/changelog/2022-07-28-000-template.sql @@ -1,6 +1,9 @@ --liquibase formatted sql ---changeset template:1 endDelimiter:--// + +-- ============================================================================ +--changeset prefix-TEMPLATE:1 endDelimiter:--// +-- ---------------------------------------------------------------------------- /* diff --git a/src/main/resources/db/changelog/2022-07-28-001-last-row-count.sql b/src/main/resources/db/changelog/2022-07-28-001-last-row-count.sql index f6ca062f..c1f3fe05 100644 --- a/src/main/resources/db/changelog/2022-07-28-001-last-row-count.sql +++ b/src/main/resources/db/changelog/2022-07-28-001-last-row-count.sql @@ -1,7 +1,9 @@ --liquibase formatted sql +-- ============================================================================ +-- LAST-ROW-COUNT --changeset last-row-count:1 endDelimiter:--// - +-- ---------------------------------------------------------------------------- /* Returns the row count from the result of the previous query. Other than the native statement it's usable in an expression. diff --git a/src/main/resources/db/changelog/2022-07-28-002-int-to-var.sql b/src/main/resources/db/changelog/2022-07-28-002-int-to-var.sql index cccc037d..eb3212e3 100644 --- a/src/main/resources/db/changelog/2022-07-28-002-int-to-var.sql +++ b/src/main/resources/db/changelog/2022-07-28-002-int-to-var.sql @@ -1,7 +1,9 @@ --liquibase formatted sql +-- ============================================================================ +-- INT-TO-VAR --changeset int-to-var:1 endDelimiter:--// - +-- ---------------------------------------------------------------------------- /* Returns a textual representation of an integer number to be used as generated test data. diff --git a/src/main/resources/db/changelog/2022-07-28-003-random-in-range.sql b/src/main/resources/db/changelog/2022-07-28-003-random-in-range.sql index 41376770..8ed0112d 100644 --- a/src/main/resources/db/changelog/2022-07-28-003-random-in-range.sql +++ b/src/main/resources/db/changelog/2022-07-28-003-random-in-range.sql @@ -1,7 +1,10 @@ --liquibase formatted sql ---changeset random-in-range:1 endDelimiter:--// +-- ============================================================================ +-- RANDOM-IN-RANGE +--changeset random-in-range:1 endDelimiter:--// +-- ---------------------------------------------------------------------------- /* Returns a random integer in the given range (both included), to be used for test data generation. diff --git a/src/main/resources/db/changelog/2022-07-28-004-uuid-ossp-extension.sql b/src/main/resources/db/changelog/2022-07-28-004-uuid-ossp-extension.sql index 45d6e799..f156af69 100644 --- a/src/main/resources/db/changelog/2022-07-28-004-uuid-ossp-extension.sql +++ b/src/main/resources/db/changelog/2022-07-28-004-uuid-ossp-extension.sql @@ -1,7 +1,10 @@ --liquibase formatted sql ---changeset uuid-ossp-extension:1 endDelimiter:--// +-- ============================================================================ +-- UUID-OSSP-EXTENSION +--changeset uuid-ossp-extension:1 endDelimiter:--// +-- ---------------------------------------------------------------------------- /* Makes improved uuid generation available. */ diff --git a/src/main/resources/db/changelog/2022-07-28-005-rbac-base.sql b/src/main/resources/db/changelog/2022-07-28-005-rbac-base.sql index 1a91f0d0..7006b0e3 100644 --- a/src/main/resources/db/changelog/2022-07-28-005-rbac-base.sql +++ b/src/main/resources/db/changelog/2022-07-28-005-rbac-base.sql @@ -639,3 +639,17 @@ begin return roleIdsToAssume; end; $$; --// + + +-- ============================================================================ +-- PGSQL-ROLES +--changeset rbac-base-pgsql-roles:1 endDelimiter:--// +-- ------------------------------------------------------------------ + +CREATE ROLE admin; +GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO admin; + +CREATE ROLE restricted; +GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO restricted; + +--// diff --git a/src/main/resources/db/changelog/2022-07-28-020-rbac-role-builder.sql b/src/main/resources/db/changelog/2022-07-28-020-rbac-role-builder.sql index 9079100b..2c71640b 100644 --- a/src/main/resources/db/changelog/2022-07-28-020-rbac-role-builder.sql +++ b/src/main/resources/db/changelog/2022-07-28-020-rbac-role-builder.sql @@ -1,10 +1,9 @@ --liquibase formatted sql --- ================================================================== +-- ============================================================================ -- PERMISSIONS --changeset rbac-role-builder-permissions:1 endDelimiter:--// --- ------------------------------------------------------------------ - +-- ---------------------------------------------------------------------------- /* */ diff --git a/src/main/resources/db/changelog/2022-07-29-050-hs-base.sql b/src/main/resources/db/changelog/2022-07-29-050-hs-base.sql new file mode 100644 index 00000000..043a995d --- /dev/null +++ b/src/main/resources/db/changelog/2022-07-29-050-hs-base.sql @@ -0,0 +1,84 @@ +--liquibase formatted sql + +-- ============================================================================ +--changeset hs-base-GLOBAL-OBJECT:1 endDelimiter:--// +-- ---------------------------------------------------------------------------- +/* + The purpose of this table is to contain a single row + which can be referenced from global roles as an object. + Otherwise these columns needed to be nullable and + many queries would be more complicated. + */ +create table Hostsharing +( + uuid uuid primary key references RbacObject (uuid) +); +create unique index Hostsharing_Singleton on Hostsharing ((0)); + +/** + A single row to be referenced as a global object. + */ +insert + into RbacObject (objecttable) values ('hostsharing'); +insert + into Hostsharing (uuid) values ((select uuid from RbacObject where objectTable = 'hostsharing')); +--// + +-- ============================================================================ +--changeset hs-base-ADMIN-ROLE:1 endDelimiter:--// +-- ---------------------------------------------------------------------------- +/* + A global administrator role. + */ +create or replace function hostsharingAdmin() + returns RbacRoleDescriptor + returns null on null input + stable leakproof + language sql as $$ + select 'global', (select uuid from RbacObject where objectTable = 'hostsharing'), 'admin'::RbacRoleType; +$$; +select createRole(hostsharingAdmin()); + +-- ============================================================================ +--changeset hs-base-ADMIN-USERS:1 context:dev endDelimiter:--// +-- ---------------------------------------------------------------------------- +/* + Create two users and assign both to the administrators role. + */ +do language plpgsql $$ + declare + admins uuid ; + begin + admins = findRoleId(hostsharingAdmin()); + call grantRoleToUser(admins, createRbacUser('mike@hostsharing.net')); + call grantRoleToUser(admins, createRbacUser('sven@hostsharing.net')); + end; +$$; +--// + + +-- ============================================================================ +--changeset hs-base-hostsharing-TEST:1 context:dev runAlways:true endDelimiter:--// +-- ---------------------------------------------------------------------------- + +/* + Tests if currentUserId() can fetch the user from the session variable. + */ + +do language plpgsql $$ + declare + userName varchar; + begin + set local hsadminng.currentUser = 'mike@hostsharing.net'; + select userName from RbacUser where uuid = currentUserId() into userName; + if userName <> 'mike@hostsharing.net' then + raise exception 'fetching initial currentUser failed'; + end if; + + set local hsadminng.currentUser = 'sven@hostsharing.net'; + select userName from RbacUser where uuid = currentUserId() into userName; + if userName <> 'sven@hostsharing.net' then + raise exception 'fetching changed currentUser failed'; + end if; + end; $$; +--// diff --git a/src/main/resources/db/changelog/db.changelog-master.yaml b/src/main/resources/db/changelog/db.changelog-master.yaml index ae24da75..ccb1b7d2 100644 --- a/src/main/resources/db/changelog/db.changelog-master.yaml +++ b/src/main/resources/db/changelog/db.changelog-master.yaml @@ -13,4 +13,7 @@ databaseChangeLog: file: db/changelog/2022-07-28-020-rbac-role-builder.sql - include: file: db/changelog/2022-07-28-030-rbac-statistics.sql + - include: + file: db/changelog/2022-07-29-050-hs-base.sql +