rbac.permission

2024-09-13 20:33:32 +02:00 · 2024-09-13 20:33:32 +02:00 · bcef4e794d
commit bcef4e794d
parent 342102e85c
5 changed files with 25 additions and 25 deletions
--- a/src/main/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantsDiagramService.java
+++ b/src/main/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantsDiagramService.java
@ -94,7 +94,7 @@ public class RbacGrantsDiagramService {
    }

    public String allGrantsFrom(final UUID targetObject, final String op, final EnumSet<Include> includes) {
-        final var refUuid = (UUID) em.createNativeQuery("SELECT uuid FROM rbacpermission WHERE objectuuid=:targetObject AND op=:op")
+        final var refUuid = (UUID) em.createNativeQuery("SELECT uuid FROM rbac.permission WHERE objectuuid=:targetObject AND op=:op")
                .setParameter("targetObject", targetObject)
                .setParameter("op", op)
                .getSingleResult();
--- a/src/main/resources/db/changelog/1-rbac/1050-rbac-base.sql
+++ b/src/main/resources/db/changelog/1-rbac/1050-rbac-base.sql
@ -6,7 +6,7 @@
 /*

 */
-create type rbac.referenceType as enum ('rbac.subject', 'RbacRole', 'RbacPermission');
+create type rbac.referenceType as enum ('rbac.subject', 'RbacRole', 'rbac.permission');

 create table rbac.reference
 (
@ -331,7 +331,7 @@ create or replace function deleteRbacRolesOfRbacObject()
    strict as $$
 begin
    if TG_OP = 'DELETE' then
-        delete from RbacPermission p where p.objectuuid = old.uuid;
+        delete from rbac.permission p where p.objectuuid = old.uuid;
        delete from RbacRole r where r.objectUuid = old.uuid;
    else
        raise exception 'invalid usage of TRIGGER BEFORE DELETE';
@ -365,7 +365,7 @@ create domain RbacOp as varchar(6)
            or VALUE = 'ASSUME'
        );

-create table RbacPermission
+create table rbac.permission
 (
    uuid        uuid primary key references  rbac.reference (uuid) on delete cascade,
    objectUuid  uuid not null references rbac.object,
@ -373,13 +373,13 @@ create table RbacPermission
    opTableName varchar(60)
 );
 -- TODO.perf: check if these indexes are really useful
-create index on RbacPermission (objectUuid, op);
-create index on RbacPermission (opTableName, op);
+create index on rbac.permission (objectUuid, op);
+create index on rbac.permission (opTableName, op);

-ALTER TABLE RbacPermission
+ALTER TABLE rbac.permission
    ADD CONSTRAINT RbacPermission_uc UNIQUE NULLS NOT DISTINCT (objectUuid, op, opTableName);

-call base.create_journal('RbacPermission');
+call base.create_journal('rbac.permission');

 create or replace function createPermission(forObjectUuid uuid, forOp RbacOp, forOpTableName text = null)
    returns uuid
@ -398,19 +398,19 @@ begin
    end if;

    permissionUuid := (
-        select uuid from RbacPermission
+        select uuid from rbac.permission
         where objectUuid = forObjectUuid
           and op = forOp and opTableName is not distinct from forOpTableName);
    if (permissionUuid is null) then
        insert into  rbac.reference ("type")
-            values ('RbacPermission')
+            values ('rbac.permission')
            returning uuid into permissionUuid;
        begin
-            insert into RbacPermission (uuid, objectUuid, op, opTableName)
+            insert into rbac.permission (uuid, objectUuid, op, opTableName)
                values (permissionUuid, forObjectUuid, forOp, forOpTableName);
        exception
            when others then
-                raise exception 'insert into RbacPermission (uuid, objectUuid, op, opTableName)
+                raise exception 'insert into rbac.permission (uuid, objectUuid, op, opTableName)
                values (%, %, %, %);', permissionUuid, forObjectUuid, forOp, forOpTableName;
        end;
    end if;
@ -423,7 +423,7 @@ create or replace function findEffectivePermissionId(forObjectUuid uuid, forOp R
    stable -- leakproof
    language sql as $$
 select uuid
-    from RbacPermission p
+    from rbac.permission p
    where p.objectUuid = forObjectUuid
      and (forOp = 'SELECT' or p.op = forOp) -- all other RbacOp include 'SELECT'
      and p.opTableName = forOpTableName
@ -435,7 +435,7 @@ create or replace function findPermissionId(forObjectUuid uuid, forOp RbacOp, fo
    stable -- leakproof
    language sql as $$
 select uuid
-    from RbacPermission p
+    from rbac.permission p
    where p.objectUuid = forObjectUuid
      and p.op = forOp
      and p.opTableName = forOpTableName
@ -449,7 +449,7 @@ declare
    permissionUuid uuid;
 begin
    select uuid into permissionUuid
-        from RbacPermission p
+        from rbac.permission p
        where p.objectUuid = forObjectUuid
          and p.op = forOp
          and forOpTableName is null or p.opTableName = forOpTableName;
@ -592,7 +592,7 @@ create or replace procedure grantPermissionToRole(permissionUuid uuid, roleUuid
    language plpgsql as $$
 begin
    perform rbac.assertReferenceType('roleId (ascendant)', roleUuid, 'RbacRole');
-    perform rbac.assertReferenceType('permissionId (descendant)', permissionUuid, 'RbacPermission');
+    perform rbac.assertReferenceType('permissionId (descendant)', permissionUuid, 'rbac.permission');

    insert
        into rbac.grants (grantedByTriggerOf, ascendantUuid, descendantUuid, assumed)
@ -683,14 +683,14 @@ begin
    superRoleId := findRoleId(superRole);

    perform rbac.assertReferenceType('superRoleId (ascendant)', superRoleId, 'RbacRole');
-    perform rbac.assertReferenceType('permission (descendant)', permissionId, 'RbacPermission');
+    perform rbac.assertReferenceType('permission (descendant)', permissionId, 'rbac.permission');

    if (isGranted(superRoleId, permissionId)) then
        delete from rbac.grants where ascendantUuid = superRoleId and descendantUuid = permissionId;
    else
        select p.op, o.objectTable, o.uuid
            from rbac.grants g
-                     join rbacPermission p on p.uuid=g.descendantUuid
+                     join rbac.permission p on p.uuid=g.descendantUuid
                     join rbac.object o on o.uuid=p.objectUuid
            where g.uuid=permissionId
            into permissionOp, objectTable, objectUuid;
@ -735,7 +735,7 @@ begin
       )
        SELECT DISTINCT perm.objectUuid
            FROM granted
-                     JOIN RbacPermission perm ON granted.descendantUuid = perm.uuid
+                     JOIN rbac.permission perm ON granted.descendantUuid = perm.uuid
                     JOIN rbac.object obj ON obj.uuid = perm.objectUuid
            WHERE (requiredOp = 'SELECT' OR perm.op = requiredOp)
              AND obj.objectTable = forObjectTable
@ -759,7 +759,7 @@ $$;
    Returns all permissions accessible to the given subject UUID (subject or role).
 */
 create or replace function queryPermissionsGrantedToSubjectId(subjectId uuid)
-    returns setof RbacPermission
+    returns setof rbac.permission
    strict
    language sql as $$
 with recursive grants as (
@ -772,7 +772,7 @@ with recursive grants as (
                 inner join grants on grants.descendantUuid = g.ascendantUuid
 )
 select perm.*
-    from RbacPermission perm
+    from rbac.permission perm
    where perm.uuid in (
        select descendantUuid
            from grants
--- a/src/main/resources/db/changelog/1-rbac/1055-rbac-views.sql
+++ b/src/main/resources/db/changelog/1-rbac/1055-rbac-views.sql
@ -93,7 +93,7 @@ create or replace view rbacgrants_ev as

                left outer join rbacrole as dr on dr.uuid = g.descendantUuid
                    left outer join rbac.object as dro on dro.uuid = dr.objectuuid
-                left outer join rbacpermission dp on dp.uuid = g.descendantUuid
+                left outer join rbac.permission dp on dp.uuid = g.descendantUuid
                    left outer join rbac.object as dpo on dpo.uuid = dp.objectUuid
         ) as x
         left outer join rbacrole as r on r.uuid = grantedByRoleUuid
@ -331,7 +331,7 @@ select r.uuid as roleuuid, p.uuid as permissionUuid,
       o.objecttable, r.objectidname, o.uuid as objectuuid
    from rbacrole_rv r
    join rbac.grants g on g.ascendantuuid = r.uuid
-    join rbacpermission p on p.uuid = g.descendantuuid
+    join rbac.permission p on p.uuid = g.descendantuuid
    join rbac.object o on o.uuid = p.objectuuid;
 grant all privileges on rbac.own_granted_permissions_rv to ${HSADMINNG_POSTGRES_RESTRICTED_USERNAME};
 -- @formatter:om
--- a/src/main/resources/db/changelog/1-rbac/1058-rbac-generators.sql
+++ b/src/main/resources/db/changelog/1-rbac/1058-rbac-generators.sql
@ -202,7 +202,7 @@ begin
                                                     as valid)
                      select distinct perm.objectuuid
                          from recursive_grants
-                                   join rbacpermission perm on recursive_grants.descendantuuid = perm.uuid
+                                   join rbac.permission perm on recursive_grants.descendantuuid = perm.uuid
                                   join rbac.object obj on obj.uuid = perm.objectuuid
                                   join count_check cc on cc.valid
                          where obj.objectTable = '%1$s' -- 'SELECT' permission is included in all other permissions
--- a/src/main/resources/db/changelog/1-rbac/1059-rbac-statistics.sql
+++ b/src/main/resources/db/changelog/1-rbac/1059-rbac-statistics.sql
@ -14,7 +14,7 @@ select no, to_char("count", '9 999 999 999') as "count", "table"
              from RbacRole
          union
          select 3 as no, count(*) as "count", 'permissions' as "table"
-              from RbacPermission
+              from rbac.permission
          union
          select 4 as no, count(*) as "count", 'references' as "table"
              from  rbac.reference