properly generate imported conditional rbac rules (partner -> partnerRel usingDefaultCase)
This commit is contained in:
Michael Hoennig
parent
c80dfc2fa8
commit
b9706ee4c3
@ -102,16 +102,16 @@ public class HsOfficePartnerEntity implements Stringifyable, RbacObject {
|
||||
usingDefaultCase(),
|
||||
directlyFetchedByDependsOnColumn(),
|
||||
dependsOnColumn("partnerRelUuid"))
|
||||
.createPermission(DELETE).grantedTo("partnerRel", ADMIN)
|
||||
.createPermission(UPDATE).grantedTo("partnerRel", AGENT)
|
||||
.createPermission(DELETE).grantedTo("partnerRel", OWNER)
|
||||
.createPermission(UPDATE).grantedTo("partnerRel", ADMIN)
|
||||
.createPermission(SELECT).grantedTo("partnerRel", TENANT)
|
||||
|
||||
.importSubEntityAlias("partnerDetails", HsOfficePartnerDetailsEntity.class,
|
||||
directlyFetchedByDependsOnColumn(),
|
||||
dependsOnColumn("detailsUuid"))
|
||||
.createPermission("partnerDetails", DELETE).grantedTo("partnerRel", ADMIN)
|
||||
.createPermission("partnerDetails", DELETE).grantedTo("partnerRel", OWNER)
|
||||
.createPermission("partnerDetails", UPDATE).grantedTo("partnerRel", AGENT)
|
||||
.createPermission("partnerDetails", SELECT).grantedTo("partnerRel", AGENT);
|
||||
.createPermission("partnerDetails", SELECT).grantedTo("partnerRel", AGENT); // not TENANT!
|
||||
}
|
||||
|
||||
public static void main(String[] args) throws IOException {
|
||||
|
||||
@ -119,7 +119,6 @@ public class HsOfficeRelationEntity implements RbacObject, Stringifyable {
|
||||
with.incomingSuperRole("anchorPerson", ADMIN);
|
||||
})
|
||||
.createSubRole(TENANT, (with) -> {
|
||||
with.incomingSuperRole("holderPerson", ADMIN);
|
||||
with.incomingSuperRole("contact", ADMIN);
|
||||
with.outgoingSubRole("anchorPerson", REFERRER);
|
||||
with.outgoingSubRole("holderPerson", REFERRER);
|
||||
@ -132,17 +131,20 @@ public class HsOfficeRelationEntity implements RbacObject, Stringifyable {
|
||||
then.createRole(OWNER, (with) -> {
|
||||
with.owningUser(CREATOR);
|
||||
with.incomingSuperRole(GLOBAL, ADMIN);
|
||||
with.incomingSuperRole("anchorPerson", ADMIN);
|
||||
with.permission(DELETE);
|
||||
})
|
||||
.createSubRole(ADMIN, (with) -> {
|
||||
with.incomingSuperRole("anchorPerson", ADMIN);
|
||||
with.permission(UPDATE);
|
||||
})
|
||||
.createSubRole(AGENT, (with) -> {
|
||||
// TODO.spec: we need relation:PROXY, to allow changing the relation contact.
|
||||
// the alternative would be to move this to the relation:ADMIN role,
|
||||
// but then the partner holder person could update the partner relation itself,
|
||||
// see partner entity.
|
||||
with.incomingSuperRole("holderPerson", ADMIN);
|
||||
})
|
||||
.createSubRole(TENANT, (with) -> {
|
||||
with.incomingSuperRole("holderPerson", ADMIN);
|
||||
with.incomingSuperRole("contact", ADMIN);
|
||||
with.outgoingSubRole("anchorPerson", REFERRER);
|
||||
with.outgoingSubRole("holderPerson", REFERRER);
|
||||
|
||||
@ -393,8 +393,8 @@ public class RbacView {
|
||||
new RbacRoleDefinition(findEntityAlias(mapper.map(roleDef.entityAlias.aliasName)), roleDef.role);
|
||||
});
|
||||
importedRbacView.getGrantDefs().forEach(grantDef -> {
|
||||
if ( grantDef.matchesCase(forCase) &&
|
||||
grantDef.grantType() == RbacGrantDefinition.GrantType.ROLE_TO_ROLE) {
|
||||
if ( grantDef.grantType() == RbacGrantDefinition.GrantType.ROLE_TO_ROLE &&
|
||||
grantDef.matchesCase(forCase) ) {
|
||||
final var importedGrantDef = findOrCreateGrantDef(
|
||||
findRbacRole(
|
||||
mapper.map(grantDef.getSubRoleDef().entityAlias.aliasName),
|
||||
@ -484,14 +484,13 @@ public class RbacView {
|
||||
public void generateWithBaseFileName(final String baseFileName) {
|
||||
if (allCases.size() > 1) {
|
||||
allCases.forEach(caseDef -> {
|
||||
if ( caseDef.isDefaultCase() ) { // FIXME remove the condition
|
||||
final var fileName = baseFileName + (caseDef.isDefaultCase() ? "" : "-" + caseDef.val) + ".md";
|
||||
new RbacViewMermaidFlowchartGenerator(this, caseDef)
|
||||
.generateToMarkdownFile(Path.of(OUTPUT_BASEDIR, fileName));
|
||||
}
|
||||
final var fileName = baseFileName + (caseDef.isDefaultCase() ? "" : "-" + caseDef.val) + ".md";
|
||||
new RbacViewMermaidFlowchartGenerator(this, caseDef)
|
||||
.generateToMarkdownFile(Path.of(OUTPUT_BASEDIR, fileName));
|
||||
});
|
||||
} else {
|
||||
new RbacViewMermaidFlowchartGenerator(this).generateToMarkdownFile(Path.of(OUTPUT_BASEDIR, baseFileName + ".md"));
|
||||
}
|
||||
new RbacViewMermaidFlowchartGenerator(this).generateToMarkdownFile(Path.of(OUTPUT_BASEDIR, baseFileName + ".md"));
|
||||
new RbacViewPostgresGenerator(this).generateToChangeLog(Path.of(OUTPUT_BASEDIR, baseFileName + ".sql"));
|
||||
}
|
||||
|
||||
@ -541,7 +540,9 @@ public class RbacView {
|
||||
case ROLE_TO_ROLE -> superRoleDef + arrow + subRoleDef;
|
||||
case PERM_TO_ROLE -> superRoleDef + arrow + permDef;
|
||||
};
|
||||
final var condition = isConditional() ? (" " +forCases.stream().map(CaseDef::toString).collect(Collectors.joining("||"))) : "";
|
||||
final var condition = isConditional()
|
||||
? (" (" +forCases.stream().map(CaseDef::toString).collect(Collectors.joining("||")) + ")")
|
||||
: "";
|
||||
return grant + condition;
|
||||
}
|
||||
|
||||
@ -595,14 +596,19 @@ public class RbacView {
|
||||
return forCases != null && !forCases.isEmpty() && forCases.size()<allCases.size();
|
||||
}
|
||||
|
||||
boolean matchesCase(final ColumnValue value) {
|
||||
return forCases == null || forCases.contains(value.value);
|
||||
boolean matchesCase(final ColumnValue requestedCase) {
|
||||
if (forCases == null) {
|
||||
return true;
|
||||
}
|
||||
final var noCasesDefined = forCases.isEmpty();
|
||||
final var generateForAllCases = requestedCase == null;
|
||||
final boolean isGrantedForRequestedCase = forCases.stream().anyMatch(c -> c.isCase(requestedCase));
|
||||
return noCasesDefined || generateForAllCases || isGrantedForRequestedCase;
|
||||
}
|
||||
|
||||
boolean matchesCase(final CaseDef requestedCase) {
|
||||
final var noCasesDefined = forCases.isEmpty();
|
||||
final var generateForAllCases = requestedCase == null;
|
||||
final var isGrantedOnlyForDefaultCase = forCases.size() == 1 && forCases.iterator().next() == null; // FIXME: needed?
|
||||
final boolean isGrantedForRequestedCase = forCases.contains(requestedCase);
|
||||
return noCasesDefined || generateForAllCases || isGrantedForRequestedCase;
|
||||
}
|
||||
@ -1171,6 +1177,10 @@ public class RbacView {
|
||||
? "inOtherCases"
|
||||
: "inCaseOf:" + val;
|
||||
}
|
||||
|
||||
public boolean isCase(final ColumnValue requestedCase) {
|
||||
return Objects.equals(requestedCase.value, this.val);
|
||||
}
|
||||
}
|
||||
|
||||
private static void generateRbacView(final Class<? extends RbacObject> c) {
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
package net.hostsharing.hsadminng.rbac.rbacdef;
|
||||
|
||||
import lombok.SneakyThrows;
|
||||
import net.hostsharing.hsadminng.rbac.rbacdef.ConditionGenerator.CaseDef;
|
||||
import net.hostsharing.hsadminng.rbac.rbacdef.RbacView.CaseDef;
|
||||
import org.apache.commons.lang3.StringUtils;
|
||||
|
||||
import java.nio.file.*;
|
||||
@ -107,7 +107,7 @@ public class RbacViewMermaidFlowchartGenerator {
|
||||
private void renderGrants(final RbacView.RbacGrantDefinition.GrantType grantType, final String comment) {
|
||||
final var grantsOfRequestedType = rbacDef.getGrantDefs().stream()
|
||||
.filter(g -> g.grantType() == grantType)
|
||||
.filter(g -> g.matchesCase(forCase))
|
||||
.filter(this::isToBeRenderedInThisGraph)
|
||||
.toList();
|
||||
if ( !grantsOfRequestedType.isEmpty()) {
|
||||
flowchart.ensureSingleEmptyLine();
|
||||
@ -116,10 +116,19 @@ public class RbacViewMermaidFlowchartGenerator {
|
||||
}
|
||||
}
|
||||
|
||||
private boolean isToBeRenderedInThisGraph(final RbacView.RbacGrantDefinition g) {
|
||||
if ( g.grantType() != ROLE_TO_ROLE )
|
||||
return true;
|
||||
if ( forCase == null && !g.isConditional() )
|
||||
return true;
|
||||
final var isToBeRenderedInThisGraph = g.getForCases() == null || g.getForCases().contains(forCase);
|
||||
return isToBeRenderedInThisGraph;
|
||||
}
|
||||
|
||||
private String grantDef(final RbacView.RbacGrantDefinition grant) {
|
||||
final var arrow = (grant.isToCreate() ? " ==>" : " -.->")
|
||||
+ (grant.isAssumed() ? " " : "|XX| ");
|
||||
return switch (grant.grantType()) {
|
||||
final var grantDef = switch (grant.grantType()) {
|
||||
case ROLE_TO_USER ->
|
||||
// TODO: other user types not implemented yet
|
||||
"user:creator" + arrow + roleId(grant.getSubRoleDef());
|
||||
@ -127,6 +136,7 @@ public class RbacViewMermaidFlowchartGenerator {
|
||||
roleId(grant.getSuperRoleDef()) + arrow + roleId(grant.getSubRoleDef());
|
||||
case PERM_TO_ROLE -> roleId(grant.getSuperRoleDef()) + arrow + permId(grant.getPermDef());
|
||||
};
|
||||
return grantDef;
|
||||
}
|
||||
|
||||
private String permDef(final RbacView.RbacPermissionDefinition perm) {
|
||||
@ -155,16 +165,16 @@ public class RbacViewMermaidFlowchartGenerator {
|
||||
Files.writeString(
|
||||
path,
|
||||
"""
|
||||
### rbac %{entityAlias}
|
||||
|
||||
This code generated was by RbacViewMermaidFlowchartGenerator, do not amend manually.
|
||||
|
||||
```mermaid
|
||||
%{flowchart}
|
||||
```
|
||||
"""
|
||||
.replace("%{entityAlias}", rbacDef.getRootEntityAlias().aliasName())
|
||||
.replace("%{flowchart}", flowchart.toString()),
|
||||
### rbac %{entityAlias}
|
||||
|
||||
This code generated was by RbacViewMermaidFlowchartGenerator, do not amend manually.
|
||||
|
||||
```mermaid
|
||||
%{flowchart}
|
||||
```
|
||||
"""
|
||||
.replace("%{entityAlias}", rbacDef.getRootEntityAlias().aliasName())
|
||||
.replace("%{flowchart}", flowchart.toString()),
|
||||
StandardOpenOption.CREATE, StandardOpenOption.TRUNCATE_EXISTING);
|
||||
System.out.println("Markdown-File: " + path.toAbsolutePath());
|
||||
}
|
||||
|
||||
@ -1,91 +0,0 @@
|
||||
### rbac relation
|
||||
|
||||
This code generated was by RbacViewMermaidFlowchartGenerator, do not amend manually.
|
||||
|
||||
```mermaid
|
||||
%%{init:{'flowchart':{'htmlLabels':false}}}%%
|
||||
flowchart TB
|
||||
|
||||
subgraph holderPerson["`**holderPerson**`"]
|
||||
direction TB
|
||||
style holderPerson fill:#99bcdb,stroke:#274d6e,stroke-width:8px
|
||||
|
||||
subgraph holderPerson:roles[ ]
|
||||
style holderPerson:roles fill:#99bcdb,stroke:white
|
||||
|
||||
role:holderPerson:OWNER[[holderPerson:OWNER]]
|
||||
role:holderPerson:ADMIN[[holderPerson:ADMIN]]
|
||||
role:holderPerson:REFERRER[[holderPerson:REFERRER]]
|
||||
end
|
||||
end
|
||||
|
||||
subgraph anchorPerson["`**anchorPerson**`"]
|
||||
direction TB
|
||||
style anchorPerson fill:#99bcdb,stroke:#274d6e,stroke-width:8px
|
||||
|
||||
subgraph anchorPerson:roles[ ]
|
||||
style anchorPerson:roles fill:#99bcdb,stroke:white
|
||||
|
||||
role:anchorPerson:OWNER[[anchorPerson:OWNER]]
|
||||
role:anchorPerson:ADMIN[[anchorPerson:ADMIN]]
|
||||
role:anchorPerson:REFERRER[[anchorPerson:REFERRER]]
|
||||
end
|
||||
end
|
||||
|
||||
subgraph contact["`**contact**`"]
|
||||
direction TB
|
||||
style contact fill:#99bcdb,stroke:#274d6e,stroke-width:8px
|
||||
|
||||
subgraph contact:roles[ ]
|
||||
style contact:roles fill:#99bcdb,stroke:white
|
||||
|
||||
role:contact:OWNER[[contact:OWNER]]
|
||||
role:contact:ADMIN[[contact:ADMIN]]
|
||||
role:contact:REFERRER[[contact:REFERRER]]
|
||||
end
|
||||
end
|
||||
|
||||
subgraph relation["`**relation**`"]
|
||||
direction TB
|
||||
style relation fill:#dd4901,stroke:#274d6e,stroke-width:8px
|
||||
|
||||
subgraph relation:roles[ ]
|
||||
style relation:roles fill:#dd4901,stroke:white
|
||||
|
||||
role:relation:OWNER[[relation:OWNER]]
|
||||
role:relation:ADMIN[[relation:ADMIN]]
|
||||
role:relation:AGENT[[relation:AGENT]]
|
||||
role:relation:TENANT[[relation:TENANT]]
|
||||
end
|
||||
|
||||
subgraph relation:permissions[ ]
|
||||
style relation:permissions fill:#dd4901,stroke:white
|
||||
|
||||
perm:relation:DELETE{{relation:DELETE}}
|
||||
perm:relation:UPDATE{{relation:UPDATE}}
|
||||
perm:relation:SELECT{{relation:SELECT}}
|
||||
perm:relation:INSERT{{relation:INSERT}}
|
||||
end
|
||||
end
|
||||
|
||||
%% granting roles to users
|
||||
user:creator ==> role:relation:OWNER
|
||||
|
||||
%% granting roles to roles
|
||||
role:global:ADMIN -.-> role:anchorPerson:OWNER
|
||||
role:anchorPerson:OWNER -.-> role:anchorPerson:ADMIN
|
||||
role:anchorPerson:ADMIN -.-> role:anchorPerson:REFERRER
|
||||
role:global:ADMIN -.-> role:holderPerson:OWNER
|
||||
role:holderPerson:OWNER -.-> role:holderPerson:ADMIN
|
||||
role:holderPerson:ADMIN -.-> role:holderPerson:REFERRER
|
||||
role:global:ADMIN -.-> role:contact:OWNER
|
||||
role:contact:OWNER -.-> role:contact:ADMIN
|
||||
role:contact:ADMIN -.-> role:contact:REFERRER
|
||||
|
||||
%% granting permissions to roles
|
||||
role:relation:OWNER ==> perm:relation:DELETE
|
||||
role:relation:ADMIN ==> perm:relation:UPDATE
|
||||
role:relation:TENANT ==> perm:relation:SELECT
|
||||
role:anchorPerson:ADMIN ==> perm:relation:INSERT
|
||||
|
||||
```
|
||||
@ -88,7 +88,6 @@ role:relation:ADMIN ==> role:anchorPerson:OWNER
|
||||
role:relation:ADMIN ==> role:relation:AGENT
|
||||
role:anchorPerson:ADMIN ==> role:relation:AGENT
|
||||
role:relation:AGENT ==> role:relation:TENANT
|
||||
role:holderPerson:ADMIN ==> role:relation:TENANT
|
||||
role:contact:ADMIN ==> role:relation:TENANT
|
||||
role:relation:TENANT ==> role:anchorPerson:REFERRER
|
||||
role:relation:TENANT ==> role:holderPerson:REFERRER
|
||||
|
||||
@ -82,18 +82,14 @@ role:global:ADMIN -.-> role:contact:OWNER
|
||||
role:contact:OWNER -.-> role:contact:ADMIN
|
||||
role:contact:ADMIN -.-> role:contact:REFERRER
|
||||
role:global:ADMIN ==> role:relation:OWNER
|
||||
role:holderPerson:ADMIN ==> role:relation:OWNER
|
||||
role:relation:OWNER ==> role:relation:ADMIN
|
||||
role:relation:ADMIN ==> role:anchorPerson:OWNER
|
||||
role:relation:ADMIN ==> role:relation:AGENT
|
||||
role:anchorPerson:ADMIN ==> role:relation:AGENT
|
||||
role:relation:AGENT ==> role:relation:TENANT
|
||||
role:holderPerson:ADMIN ==> role:relation:TENANT
|
||||
role:contact:ADMIN ==> role:relation:TENANT
|
||||
role:relation:TENANT ==> role:anchorPerson:REFERRER
|
||||
role:relation:TENANT ==> role:holderPerson:REFERRER
|
||||
role:relation:TENANT ==> role:contact:REFERRER
|
||||
role:anchorPerson:ADMIN ==> role:relation:ADMIN
|
||||
role:anchorPerson:ADMIN ==> role:relation:OWNER
|
||||
role:holderPerson:ADMIN ==> role:relation:AGENT
|
||||
|
||||
%% granting permissions to roles
|
||||
|
||||
@ -70,7 +70,6 @@ begin
|
||||
permissions => array['SELECT'],
|
||||
incomingSuperRoles => array[
|
||||
hsOfficeContactADMIN(newContact),
|
||||
hsOfficePersonADMIN(newHolderPerson),
|
||||
hsOfficeRelationAGENT(NEW)],
|
||||
outgoingSubRoles => array[
|
||||
hsOfficeContactREFERRER(newContact),
|
||||
@ -83,8 +82,8 @@ begin
|
||||
call grantRoleToRole(hsOfficeRelationAGENT(NEW), hsOfficePersonADMIN(newAnchorPerson));
|
||||
call grantRoleToRole(hsOfficeRelationOWNER(NEW), hsOfficePersonADMIN(newHolderPerson));
|
||||
ELSE
|
||||
call grantRoleToRole(hsOfficeRelationADMIN(NEW), hsOfficePersonADMIN(newAnchorPerson));
|
||||
call grantRoleToRole(hsOfficeRelationAGENT(NEW), hsOfficePersonADMIN(newHolderPerson));
|
||||
call grantRoleToRole(hsOfficeRelationOWNER(NEW), hsOfficePersonADMIN(newAnchorPerson));
|
||||
END IF;
|
||||
|
||||
call leaveTriggerForObjectUuid(NEW.uuid);
|
||||
|
||||
@ -98,22 +98,21 @@ role:partnerRel.contact:OWNER -.-> role:partnerRel.contact:ADMIN
|
||||
role:partnerRel.contact:ADMIN -.-> role:partnerRel.contact:REFERRER
|
||||
role:global:ADMIN -.-> role:partnerRel:OWNER
|
||||
role:partnerRel:OWNER -.-> role:partnerRel:ADMIN
|
||||
role:partnerRel.anchorPerson:ADMIN -.-> role:partnerRel:ADMIN
|
||||
role:partnerRel:ADMIN -.-> role:partnerRel:AGENT
|
||||
role:partnerRel.holderPerson:ADMIN -.-> role:partnerRel:AGENT
|
||||
role:partnerRel:AGENT -.-> role:partnerRel:TENANT
|
||||
role:partnerRel.holderPerson:ADMIN -.-> role:partnerRel:TENANT
|
||||
role:partnerRel.contact:ADMIN -.-> role:partnerRel:TENANT
|
||||
role:partnerRel:TENANT -.-> role:partnerRel.anchorPerson:REFERRER
|
||||
role:partnerRel:TENANT -.-> role:partnerRel.holderPerson:REFERRER
|
||||
role:partnerRel:TENANT -.-> role:partnerRel.contact:REFERRER
|
||||
role:partnerRel.anchorPerson:ADMIN -.-> role:partnerRel:OWNER
|
||||
role:partnerRel.holderPerson:ADMIN -.-> role:partnerRel:AGENT
|
||||
|
||||
%% granting permissions to roles
|
||||
role:global:ADMIN ==> perm:partner:INSERT
|
||||
role:partnerRel:ADMIN ==> perm:partner:DELETE
|
||||
role:partnerRel:AGENT ==> perm:partner:UPDATE
|
||||
role:partnerRel:OWNER ==> perm:partner:DELETE
|
||||
role:partnerRel:ADMIN ==> perm:partner:UPDATE
|
||||
role:partnerRel:TENANT ==> perm:partner:SELECT
|
||||
role:partnerRel:ADMIN ==> perm:partnerDetails:DELETE
|
||||
role:partnerRel:OWNER ==> perm:partnerDetails:DELETE
|
||||
role:partnerRel:AGENT ==> perm:partnerDetails:UPDATE
|
||||
role:partnerRel:AGENT ==> perm:partnerDetails:SELECT
|
||||
|
||||
|
||||
@ -42,10 +42,10 @@ begin
|
||||
SELECT * FROM hs_office_partner_details WHERE uuid = NEW.detailsUuid INTO newPartnerDetails;
|
||||
assert newPartnerDetails.uuid is not null, format('newPartnerDetails must not be null for NEW.detailsUuid = %s', NEW.detailsUuid);
|
||||
|
||||
call grantPermissionToRole(createPermission(NEW.uuid, 'DELETE'), hsOfficeRelationADMIN(newPartnerRel));
|
||||
call grantPermissionToRole(createPermission(NEW.uuid, 'DELETE'), hsOfficeRelationOWNER(newPartnerRel));
|
||||
call grantPermissionToRole(createPermission(NEW.uuid, 'SELECT'), hsOfficeRelationTENANT(newPartnerRel));
|
||||
call grantPermissionToRole(createPermission(NEW.uuid, 'UPDATE'), hsOfficeRelationAGENT(newPartnerRel));
|
||||
call grantPermissionToRole(createPermission(newPartnerDetails.uuid, 'DELETE'), hsOfficeRelationADMIN(newPartnerRel));
|
||||
call grantPermissionToRole(createPermission(NEW.uuid, 'UPDATE'), hsOfficeRelationADMIN(newPartnerRel));
|
||||
call grantPermissionToRole(createPermission(newPartnerDetails.uuid, 'DELETE'), hsOfficeRelationOWNER(newPartnerRel));
|
||||
call grantPermissionToRole(createPermission(newPartnerDetails.uuid, 'SELECT'), hsOfficeRelationAGENT(newPartnerRel));
|
||||
call grantPermissionToRole(createPermission(newPartnerDetails.uuid, 'UPDATE'), hsOfficeRelationAGENT(newPartnerRel));
|
||||
|
||||
@ -110,17 +110,17 @@ begin
|
||||
|
||||
if NEW.partnerRelUuid <> OLD.partnerRelUuid then
|
||||
|
||||
call revokePermissionFromRole(getPermissionId(OLD.uuid, 'DELETE'), hsOfficeRelationADMIN(oldPartnerRel));
|
||||
call grantPermissionToRole(createPermission(NEW.uuid, 'DELETE'), hsOfficeRelationADMIN(newPartnerRel));
|
||||
call revokePermissionFromRole(getPermissionId(OLD.uuid, 'DELETE'), hsOfficeRelationOWNER(oldPartnerRel));
|
||||
call grantPermissionToRole(createPermission(NEW.uuid, 'DELETE'), hsOfficeRelationOWNER(newPartnerRel));
|
||||
|
||||
call revokePermissionFromRole(getPermissionId(OLD.uuid, 'UPDATE'), hsOfficeRelationAGENT(oldPartnerRel));
|
||||
call grantPermissionToRole(createPermission(NEW.uuid, 'UPDATE'), hsOfficeRelationAGENT(newPartnerRel));
|
||||
call revokePermissionFromRole(getPermissionId(OLD.uuid, 'UPDATE'), hsOfficeRelationADMIN(oldPartnerRel));
|
||||
call grantPermissionToRole(createPermission(NEW.uuid, 'UPDATE'), hsOfficeRelationADMIN(newPartnerRel));
|
||||
|
||||
call revokePermissionFromRole(getPermissionId(OLD.uuid, 'SELECT'), hsOfficeRelationTENANT(oldPartnerRel));
|
||||
call grantPermissionToRole(createPermission(NEW.uuid, 'SELECT'), hsOfficeRelationTENANT(newPartnerRel));
|
||||
|
||||
call revokePermissionFromRole(getPermissionId(oldPartnerDetails.uuid, 'DELETE'), hsOfficeRelationADMIN(oldPartnerRel));
|
||||
call grantPermissionToRole(createPermission(newPartnerDetails.uuid, 'DELETE'), hsOfficeRelationADMIN(newPartnerRel));
|
||||
call revokePermissionFromRole(getPermissionId(oldPartnerDetails.uuid, 'DELETE'), hsOfficeRelationOWNER(oldPartnerRel));
|
||||
call grantPermissionToRole(createPermission(newPartnerDetails.uuid, 'DELETE'), hsOfficeRelationOWNER(newPartnerRel));
|
||||
|
||||
call revokePermissionFromRole(getPermissionId(oldPartnerDetails.uuid, 'UPDATE'), hsOfficeRelationAGENT(oldPartnerRel));
|
||||
call grantPermissionToRole(createPermission(newPartnerDetails.uuid, 'UPDATE'), hsOfficeRelationAGENT(newPartnerRel));
|
||||
|
||||
@ -149,17 +149,6 @@ role:debitorRel.holderPerson:ADMIN -.-> role:debitorRel.holderPerson:REFERRER
|
||||
role:global:ADMIN -.-> role:debitorRel.contact:OWNER
|
||||
role:debitorRel.contact:OWNER -.-> role:debitorRel.contact:ADMIN
|
||||
role:debitorRel.contact:ADMIN -.-> role:debitorRel.contact:REFERRER
|
||||
role:global:ADMIN -.-> role:debitorRel:OWNER
|
||||
role:debitorRel:OWNER -.-> role:debitorRel:ADMIN
|
||||
role:debitorRel.anchorPerson:ADMIN -.-> role:debitorRel:ADMIN
|
||||
role:debitorRel:ADMIN -.-> role:debitorRel:AGENT
|
||||
role:debitorRel.holderPerson:ADMIN -.-> role:debitorRel:AGENT
|
||||
role:debitorRel:AGENT -.-> role:debitorRel:TENANT
|
||||
role:debitorRel.holderPerson:ADMIN -.-> role:debitorRel:TENANT
|
||||
role:debitorRel.contact:ADMIN -.-> role:debitorRel:TENANT
|
||||
role:debitorRel:TENANT -.-> role:debitorRel.anchorPerson:REFERRER
|
||||
role:debitorRel:TENANT -.-> role:debitorRel.holderPerson:REFERRER
|
||||
role:debitorRel:TENANT -.-> role:debitorRel.contact:REFERRER
|
||||
role:global:ADMIN -.-> role:refundBankAccount:OWNER
|
||||
role:refundBankAccount:OWNER -.-> role:refundBankAccount:ADMIN
|
||||
role:refundBankAccount:ADMIN -.-> role:refundBankAccount:REFERRER
|
||||
@ -176,15 +165,14 @@ role:partnerRel.contact:OWNER -.-> role:partnerRel.contact:ADMIN
|
||||
role:partnerRel.contact:ADMIN -.-> role:partnerRel.contact:REFERRER
|
||||
role:global:ADMIN -.-> role:partnerRel:OWNER
|
||||
role:partnerRel:OWNER -.-> role:partnerRel:ADMIN
|
||||
role:partnerRel.anchorPerson:ADMIN -.-> role:partnerRel:ADMIN
|
||||
role:partnerRel:ADMIN -.-> role:partnerRel:AGENT
|
||||
role:partnerRel.holderPerson:ADMIN -.-> role:partnerRel:AGENT
|
||||
role:partnerRel:AGENT -.-> role:partnerRel:TENANT
|
||||
role:partnerRel.holderPerson:ADMIN -.-> role:partnerRel:TENANT
|
||||
role:partnerRel.contact:ADMIN -.-> role:partnerRel:TENANT
|
||||
role:partnerRel:TENANT -.-> role:partnerRel.anchorPerson:REFERRER
|
||||
role:partnerRel:TENANT -.-> role:partnerRel.holderPerson:REFERRER
|
||||
role:partnerRel:TENANT -.-> role:partnerRel.contact:REFERRER
|
||||
role:partnerRel.anchorPerson:ADMIN -.-> role:partnerRel:OWNER
|
||||
role:partnerRel.holderPerson:ADMIN -.-> role:partnerRel:AGENT
|
||||
role:partnerRel:ADMIN ==> role:debitorRel:ADMIN
|
||||
role:partnerRel:AGENT ==> role:debitorRel:AGENT
|
||||
role:debitorRel:AGENT ==> role:partnerRel:TENANT
|
||||
|
||||
@ -110,15 +110,14 @@ role:debitorRel.contact:OWNER -.-> role:debitorRel.contact:ADMIN
|
||||
role:debitorRel.contact:ADMIN -.-> role:debitorRel.contact:REFERRER
|
||||
role:global:ADMIN -.-> role:debitorRel:OWNER
|
||||
role:debitorRel:OWNER -.-> role:debitorRel:ADMIN
|
||||
role:debitorRel.anchorPerson:ADMIN -.-> role:debitorRel:ADMIN
|
||||
role:debitorRel:ADMIN -.-> role:debitorRel:AGENT
|
||||
role:debitorRel.holderPerson:ADMIN -.-> role:debitorRel:AGENT
|
||||
role:debitorRel:AGENT -.-> role:debitorRel:TENANT
|
||||
role:debitorRel.holderPerson:ADMIN -.-> role:debitorRel:TENANT
|
||||
role:debitorRel.contact:ADMIN -.-> role:debitorRel:TENANT
|
||||
role:debitorRel:TENANT -.-> role:debitorRel.anchorPerson:REFERRER
|
||||
role:debitorRel:TENANT -.-> role:debitorRel.holderPerson:REFERRER
|
||||
role:debitorRel:TENANT -.-> role:debitorRel.contact:REFERRER
|
||||
role:debitorRel.anchorPerson:ADMIN -.-> role:debitorRel:OWNER
|
||||
role:debitorRel.holderPerson:ADMIN -.-> role:debitorRel:AGENT
|
||||
role:global:ADMIN -.-> role:bankAccount:OWNER
|
||||
role:bankAccount:OWNER -.-> role:bankAccount:ADMIN
|
||||
role:bankAccount:ADMIN -.-> role:bankAccount:REFERRER
|
||||
|
||||
@ -96,15 +96,14 @@ role:partnerRel.contact:OWNER -.-> role:partnerRel.contact:ADMIN
|
||||
role:partnerRel.contact:ADMIN -.-> role:partnerRel.contact:REFERRER
|
||||
role:global:ADMIN -.-> role:partnerRel:OWNER
|
||||
role:partnerRel:OWNER -.-> role:partnerRel:ADMIN
|
||||
role:partnerRel.anchorPerson:ADMIN -.-> role:partnerRel:ADMIN
|
||||
role:partnerRel:ADMIN -.-> role:partnerRel:AGENT
|
||||
role:partnerRel.holderPerson:ADMIN -.-> role:partnerRel:AGENT
|
||||
role:partnerRel:AGENT -.-> role:partnerRel:TENANT
|
||||
role:partnerRel.holderPerson:ADMIN -.-> role:partnerRel:TENANT
|
||||
role:partnerRel.contact:ADMIN -.-> role:partnerRel:TENANT
|
||||
role:partnerRel:TENANT -.-> role:partnerRel.anchorPerson:REFERRER
|
||||
role:partnerRel:TENANT -.-> role:partnerRel.holderPerson:REFERRER
|
||||
role:partnerRel:TENANT -.-> role:partnerRel.contact:REFERRER
|
||||
role:partnerRel.anchorPerson:ADMIN -.-> role:partnerRel:OWNER
|
||||
role:partnerRel.holderPerson:ADMIN -.-> role:partnerRel:AGENT
|
||||
role:membership:OWNER ==> role:membership:ADMIN
|
||||
role:partnerRel:ADMIN ==> role:membership:ADMIN
|
||||
role:membership:ADMIN ==> role:membership:AGENT
|
||||
|
||||
@ -97,15 +97,14 @@ role:membership.partnerRel.contact:OWNER -.-> role:membership.partnerRel.contact
|
||||
role:membership.partnerRel.contact:ADMIN -.-> role:membership.partnerRel.contact:REFERRER
|
||||
role:global:ADMIN -.-> role:membership.partnerRel:OWNER
|
||||
role:membership.partnerRel:OWNER -.-> role:membership.partnerRel:ADMIN
|
||||
role:membership.partnerRel.anchorPerson:ADMIN -.-> role:membership.partnerRel:ADMIN
|
||||
role:membership.partnerRel:ADMIN -.-> role:membership.partnerRel:AGENT
|
||||
role:membership.partnerRel.holderPerson:ADMIN -.-> role:membership.partnerRel:AGENT
|
||||
role:membership.partnerRel:AGENT -.-> role:membership.partnerRel:TENANT
|
||||
role:membership.partnerRel.holderPerson:ADMIN -.-> role:membership.partnerRel:TENANT
|
||||
role:membership.partnerRel.contact:ADMIN -.-> role:membership.partnerRel:TENANT
|
||||
role:membership.partnerRel:TENANT -.-> role:membership.partnerRel.anchorPerson:REFERRER
|
||||
role:membership.partnerRel:TENANT -.-> role:membership.partnerRel.holderPerson:REFERRER
|
||||
role:membership.partnerRel:TENANT -.-> role:membership.partnerRel.contact:REFERRER
|
||||
role:membership.partnerRel.anchorPerson:ADMIN -.-> role:membership.partnerRel:OWNER
|
||||
role:membership.partnerRel.holderPerson:ADMIN -.-> role:membership.partnerRel:AGENT
|
||||
role:membership:OWNER -.-> role:membership:ADMIN
|
||||
role:membership.partnerRel:ADMIN -.-> role:membership:ADMIN
|
||||
role:membership:ADMIN -.-> role:membership:AGENT
|
||||
|
||||
@ -97,15 +97,14 @@ role:membership.partnerRel.contact:OWNER -.-> role:membership.partnerRel.contact
|
||||
role:membership.partnerRel.contact:ADMIN -.-> role:membership.partnerRel.contact:REFERRER
|
||||
role:global:ADMIN -.-> role:membership.partnerRel:OWNER
|
||||
role:membership.partnerRel:OWNER -.-> role:membership.partnerRel:ADMIN
|
||||
role:membership.partnerRel.anchorPerson:ADMIN -.-> role:membership.partnerRel:ADMIN
|
||||
role:membership.partnerRel:ADMIN -.-> role:membership.partnerRel:AGENT
|
||||
role:membership.partnerRel.holderPerson:ADMIN -.-> role:membership.partnerRel:AGENT
|
||||
role:membership.partnerRel:AGENT -.-> role:membership.partnerRel:TENANT
|
||||
role:membership.partnerRel.holderPerson:ADMIN -.-> role:membership.partnerRel:TENANT
|
||||
role:membership.partnerRel.contact:ADMIN -.-> role:membership.partnerRel:TENANT
|
||||
role:membership.partnerRel:TENANT -.-> role:membership.partnerRel.anchorPerson:REFERRER
|
||||
role:membership.partnerRel:TENANT -.-> role:membership.partnerRel.holderPerson:REFERRER
|
||||
role:membership.partnerRel:TENANT -.-> role:membership.partnerRel.contact:REFERRER
|
||||
role:membership.partnerRel.anchorPerson:ADMIN -.-> role:membership.partnerRel:OWNER
|
||||
role:membership.partnerRel.holderPerson:ADMIN -.-> role:membership.partnerRel:AGENT
|
||||
role:membership:OWNER -.-> role:membership:ADMIN
|
||||
role:membership.partnerRel:ADMIN -.-> role:membership:ADMIN
|
||||
role:membership:ADMIN -.-> role:membership:AGENT
|
||||
|
||||
Loading…
Reference in New Issue
Block a user