rbac.globalAdmin(), rbac.globalGuest()

src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RolesGrantsAndPermissionsGenerator.java

@@ -364,7 +364,7 @@ class RolesGrantsAndPermissionsGenerator {
             System.out.println("null");
         }
         if (roleDef.getEntityAlias().isGlobal()) {
-            return "globalAdmin()";
+            return "rbac.globalAdmin()";
         }
         final String entityRefVar = entityRefVar(rootRefVar, roleDef.getEntityAlias());
         return roleDef.getEntityAlias().simpleName() + capitalize(roleDef.getRole().name())

src/main/resources/db/changelog/1-rbac/1080-rbac-global.sql

@@ -30,7 +30,7 @@ create or replace function rbac.isGlobalAdmin()
     returns boolean
     language plpgsql as $$
 begin
-    return isGranted(rbac.currentSubjectOrAssumedRolesUuids(), rbac.findRoleId(globalAdmin()));
+    return isGranted(rbac.currentSubjectOrAssumedRolesUuids(), rbac.findRoleId(rbac.globalAdmin()));
 end; $$;
 --//
 
@@ -109,7 +109,7 @@ commit;
 /*
     A rbac.Global administrator role.
  */
-create or replace function globalAdmin(assumed boolean = true)
+create or replace function rbac.globalAdmin(assumed boolean = true)
     returns rbac.RoleDescriptor
     returns null on null input
     stable -- leakproof
@@ -119,7 +119,7 @@ $$;
 
 begin transaction;
     call base.defineContext('creating role:rbac.global#global:ADMIN', null, null, null);
-    select rbac.createRole(globalAdmin());
+    select rbac.createRole(rbac.globalAdmin());
 commit;
 --//
 
@@ -130,7 +130,7 @@ commit;
 /*
     A rbac.Global guest role.
  */
-create or replace function globalGuest(assumed boolean = true)
+create or replace function rbac.globalglobalGuest(assumed boolean = true)
     returns rbac.RoleDescriptor
     returns null on null input
     stable -- leakproof
@@ -140,7 +140,7 @@ $$;
 
 begin transaction;
     call base.defineContext('creating role:rbac.global#global:guest', null, null, null);
-    select rbac.createRole(globalGuest());
+    select rbac.createRole(rbac.globalglobalGuest());
 commit;
 --//
 
@@ -157,7 +157,7 @@ do language plpgsql $$
     begin
         call base.defineContext('creating fake test-realm admin users', null, null, null);
 
-        admins = rbac.findRoleId(globalAdmin());
+        admins = rbac.findRoleId(rbac.globalAdmin());
         call rbac.grantRoleToUserUnchecked(admins, admins, rbac.create_subject('superuser-alex@hostsharing.net'));
         call rbac.grantRoleToUserUnchecked(admins, admins, rbac.create_subject('superuser-fran@hostsharing.net'));
         perform rbac.create_subject('selfregistered-user-drew@hostsharing.org');

src/main/resources/db/changelog/2-test/201-test-customer/2013-test-customer-rbac.sql

@@ -37,7 +37,7 @@ begin
     perform rbac.defineRoleWithGrants(
         testCustomerOWNER(NEW),
             permissions => array['DELETE'],
-            incomingSuperRoles => array[globalADMIN(rbac.unassumed())],
+            incomingSuperRoles => array[rbac.globalADMIN(rbac.unassumed())],
             subjectUuids => array[rbac.currentSubjectUuid()]
     );
 
@@ -96,7 +96,7 @@ do language plpgsql $$
             LOOP
                 call grantPermissionToRole(
                         rbac.createPermission(row.uuid, 'INSERT', 'test_customer'),
-                        globalADMIN());
+                        rbac.globalAdmin());
             END LOOP;
     end;
 $$;
@@ -112,7 +112,7 @@ begin
     -- unconditional for all rows in that table
         call grantPermissionToRole(
             rbac.createPermission(NEW.uuid, 'INSERT', 'test_customer'),
-            globalADMIN());
+            rbac.globalAdmin());
     -- end.
     return NEW;
 end; $$;

src/main/resources/db/changelog/5-hs-office/501-contact/5013-hs-office-contact-rbac.sql

@@ -37,7 +37,7 @@ begin
     perform rbac.defineRoleWithGrants(
         hsOfficeContactOWNER(NEW),
             permissions => array['DELETE'],
-            incomingSuperRoles => array[globalADMIN()],
+            incomingSuperRoles => array[rbac.globalAdmin()],
             subjectUuids => array[rbac.currentSubjectUuid()]
     );
 

src/main/resources/db/changelog/5-hs-office/502-person/5023-hs-office-person-rbac.sql

@@ -37,7 +37,7 @@ begin
     perform rbac.defineRoleWithGrants(
         hsOfficePersonOWNER(NEW),
             permissions => array['DELETE'],
-            incomingSuperRoles => array[globalADMIN()],
+            incomingSuperRoles => array[rbac.globalAdmin()],
             subjectUuids => array[rbac.currentSubjectUuid()]
     );
 

src/main/resources/db/changelog/5-hs-office/503-relation/5033-hs-office-relation-rbac.sql

@@ -50,7 +50,7 @@ begin
     perform rbac.defineRoleWithGrants(
         hsOfficeRelationOWNER(NEW),
             permissions => array['DELETE'],
-            incomingSuperRoles => array[globalADMIN()],
+            incomingSuperRoles => array[rbac.globalAdmin()],
             subjectUuids => array[rbac.currentSubjectUuid()]
     );
 

src/main/resources/db/changelog/5-hs-office/504-partner/5043-hs-office-partner-rbac.sql

@@ -173,7 +173,7 @@ do language plpgsql $$
             LOOP
                 call grantPermissionToRole(
                         rbac.createPermission(row.uuid, 'INSERT', 'hs_office_partner'),
-                        globalADMIN());
+                        rbac.globalAdmin());
             END LOOP;
     end;
 $$;
@@ -189,7 +189,7 @@ begin
     -- unconditional for all rows in that table
         call grantPermissionToRole(
             rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office_partner'),
-            globalADMIN());
+            rbac.globalAdmin());
     -- end.
     return NEW;
 end; $$;

src/main/resources/db/changelog/5-hs-office/504-partner/5044-hs-office-partner-details-rbac.sql

@@ -77,7 +77,7 @@ begin
                         LOOP
                 call grantPermissionToRole(
                         rbac.createPermission(row.uuid, 'INSERT', 'hs_office_partner_details'),
-                        globalADMIN());
+                        rbac.globalAdmin());
     END LOOP;
 end;
 $$;
@@ -93,7 +93,7 @@ begin
     -- unconditional for all rows in that table
         call grantPermissionToRole(
             rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office_partner_details'),
-            globalADMIN());
+            rbac.globalAdmin());
     -- end.
     return NEW;
 end; $$;

src/main/resources/db/changelog/5-hs-office/505-bankaccount/5053-hs-office-bankaccount-rbac.sql

@@ -37,7 +37,7 @@ begin
     perform rbac.defineRoleWithGrants(
         hsOfficeBankAccountOWNER(NEW),
             permissions => array['DELETE'],
-            incomingSuperRoles => array[globalADMIN()],
+            incomingSuperRoles => array[rbac.globalAdmin()],
             subjectUuids => array[rbac.currentSubjectUuid()]
     );
 

src/main/resources/db/changelog/5-hs-office/506-debitor/5063-hs-office-debitor-rbac.sql

@@ -146,7 +146,7 @@ do language plpgsql $$
             LOOP
                 call grantPermissionToRole(
                         rbac.createPermission(row.uuid, 'INSERT', 'hs_office_debitor'),
-                        globalADMIN());
+                        rbac.globalAdmin());
             END LOOP;
     end;
 $$;
@@ -162,7 +162,7 @@ begin
     -- unconditional for all rows in that table
         call grantPermissionToRole(
             rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office_debitor'),
-            globalADMIN());
+            rbac.globalAdmin());
     -- end.
     return NEW;
 end; $$;

src/main/resources/db/changelog/5-hs-office/507-sepamandate/5073-hs-office-sepamandate-rbac.sql

@@ -50,7 +50,7 @@ begin
     perform rbac.defineRoleWithGrants(
         hsOfficeSepaMandateOWNER(NEW),
             permissions => array['DELETE'],
-            incomingSuperRoles => array[globalADMIN()],
+            incomingSuperRoles => array[rbac.globalAdmin()],
             subjectUuids => array[rbac.currentSubjectUuid()]
     );
 

src/main/resources/db/changelog/5-hs-office/510-membership/5103-hs-office-membership-rbac.sql

@@ -108,7 +108,7 @@ do language plpgsql $$
             LOOP
                 call grantPermissionToRole(
                         rbac.createPermission(row.uuid, 'INSERT', 'hs_office_membership'),
-                        globalADMIN());
+                        rbac.globalAdmin());
             END LOOP;
     end;
 $$;
@@ -124,7 +124,7 @@ begin
     -- unconditional for all rows in that table
         call grantPermissionToRole(
             rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office_membership'),
-            globalADMIN());
+            rbac.globalAdmin());
     -- end.
     return NEW;
 end; $$;

src/main/resources/db/changelog/6-hs-booking/620-booking-project/6203-hs-booking-project-rbac.sql

@@ -70,7 +70,7 @@ begin
             outgoingSubRoles => array[hsOfficeRelationTENANT(newDebitorRel)]
     );
 
-    call grantPermissionToRole(rbac.createPermission(NEW.uuid, 'DELETE'), globalAdmin());
+    call grantPermissionToRole(rbac.createPermission(NEW.uuid, 'DELETE'), rbac.globalAdmin());
 
     call rbac.leaveTriggerForObjectUuid(NEW.uuid);
 end; $$;

src/main/resources/db/changelog/6-hs-booking/630-booking-item/6203-hs-booking-item-rbac.sql

@@ -69,7 +69,7 @@ begin
 
 
 
-    call grantPermissionToRole(rbac.createPermission(NEW.uuid, 'DELETE'), globalAdmin());
+    call grantPermissionToRole(rbac.createPermission(NEW.uuid, 'DELETE'), rbac.globalAdmin());
 
     call rbac.leaveTriggerForObjectUuid(NEW.uuid);
 end; $$;
@@ -114,7 +114,7 @@ do language plpgsql $$
             LOOP
                 call grantPermissionToRole(
                         rbac.createPermission(row.uuid, 'INSERT', 'hs_booking_item'),
-                        globalADMIN());
+                        rbac.globalAdmin());
             END LOOP;
     end;
 $$;
@@ -130,7 +130,7 @@ begin
     -- unconditional for all rows in that table
         call grantPermissionToRole(
             rbac.createPermission(NEW.uuid, 'INSERT', 'hs_booking_item'),
-            globalADMIN());
+            rbac.globalAdmin());
     -- end.
     return NEW;
 end; $$;

src/main/resources/db/changelog/6-hs-booking/630-booking-item/6303-hs-booking-item-rbac.sql

@@ -69,7 +69,7 @@ begin
 
 
 
-    call grantPermissionToRole(rbac.createPermission(NEW.uuid, 'DELETE'), globalAdmin());
+    call grantPermissionToRole(rbac.createPermission(NEW.uuid, 'DELETE'), rbac.globalAdmin());
 
     call rbac.leaveTriggerForObjectUuid(NEW.uuid);
 end; $$;
@@ -114,7 +114,7 @@ do language plpgsql $$
             LOOP
                 call grantPermissionToRole(
                         rbac.createPermission(row.uuid, 'INSERT', 'hs_booking_item'),
-                        globalADMIN());
+                        rbac.globalAdmin());
             END LOOP;
     end;
 $$;
@@ -130,7 +130,7 @@ begin
     -- unconditional for all rows in that table
         call grantPermissionToRole(
             rbac.createPermission(NEW.uuid, 'INSERT', 'hs_booking_item'),
-            globalADMIN());
+            rbac.globalAdmin());
     -- end.
     return NEW;
 end; $$;

src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7013-hs-hosting-asset-rbac.sql

@@ -50,7 +50,7 @@ begin
         hsHostingAssetOWNER(NEW),
             permissions => array['DELETE'],
             incomingSuperRoles => array[
-            	globalADMIN(rbac.unassumed()),
+            	rbac.globalADMIN(rbac.unassumed()),
             	hsBookingItemADMIN(newBookingItem),
             	hsHostingAssetADMIN(newParentAsset)],
             subjectUuids => array[rbac.currentSubjectUuid()]