generateRbacRestrictedView for non-updateable tables
This commit is contained in:
parent
61473abf68
commit
bec559c9c3
@ -135,7 +135,7 @@ end; $$;
|
|||||||
--changeset rbac-generators-RESTRICTED-VIEW:1 endDelimiter:--//
|
--changeset rbac-generators-RESTRICTED-VIEW:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
|
|
||||||
create or replace procedure generateRbacRestrictedView(targetTable text, orderBy text, columnUpdates text)
|
create or replace procedure generateRbacRestrictedView(targetTable text, orderBy text, columnUpdates text = null)
|
||||||
language plpgsql as $$
|
language plpgsql as $$
|
||||||
declare
|
declare
|
||||||
sql text;
|
sql text;
|
||||||
@ -221,32 +221,34 @@ begin
|
|||||||
Instead of update trigger function for the restricted view
|
Instead of update trigger function for the restricted view
|
||||||
based on the 'edit' permission of the current subject.
|
based on the 'edit' permission of the current subject.
|
||||||
*/
|
*/
|
||||||
sql := format($sql$
|
if columnUpdates is not null then
|
||||||
create or replace function %1$sUpdate()
|
sql := format($sql$
|
||||||
returns trigger
|
create or replace function %1$sUpdate()
|
||||||
language plpgsql as $f$
|
returns trigger
|
||||||
begin
|
language plpgsql as $f$
|
||||||
if old.uuid in (select queryAccessibleObjectUuidsOfSubjectIds('edit', '%1$s', currentSubjectsUuids())) then
|
begin
|
||||||
update %1$s
|
if old.uuid in (select queryAccessibleObjectUuidsOfSubjectIds('edit', '%1$s', currentSubjectsUuids())) then
|
||||||
set %2$s
|
update %1$s
|
||||||
where uuid = old.uuid;
|
set %2$s
|
||||||
return old;
|
where uuid = old.uuid;
|
||||||
end if;
|
return old;
|
||||||
raise exception '[403] Subject %% is not allowed to update %1$s uuid %%', currentSubjectsUuids(), old.uuid;
|
end if;
|
||||||
end; $f$;
|
raise exception '[403] Subject %% is not allowed to update %1$s uuid %%', currentSubjectsUuids(), old.uuid;
|
||||||
$sql$, targetTable, columnUpdates);
|
end; $f$;
|
||||||
execute sql;
|
$sql$, targetTable, columnUpdates);
|
||||||
|
execute sql;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
Creates an instead of delete trigger for the restricted view.
|
Creates an instead of delete trigger for the restricted view.
|
||||||
*/
|
*/
|
||||||
sql = format($sql$
|
sql = format($sql$
|
||||||
create trigger %1$sUpdate_tg
|
create trigger %1$sUpdate_tg
|
||||||
instead of update
|
instead of update
|
||||||
on %1$s_rv
|
on %1$s_rv
|
||||||
for each row
|
for each row
|
||||||
execute function %1$sUpdate();
|
execute function %1$sUpdate();
|
||||||
$sql$, targetTable);
|
$sql$, targetTable);
|
||||||
execute sql;
|
execute sql;
|
||||||
|
end if;
|
||||||
end; $$;
|
end; $$;
|
||||||
--//
|
--//
|
||||||
|
Loading…
Reference in New Issue
Block a user