diff --git a/sql/rbac-tests.sql b/sql/rbac-tests.sql index ad017189..e30ac926 100644 --- a/sql/rbac-tests.sql +++ b/sql/rbac-tests.sql @@ -19,11 +19,11 @@ select * FROM queryAllPermissionsOfSubjectId(findRbacUser('rosa@example.com')); select * -FROM queryAllRbacUsersWithPermissionsFor(findPermissionId('customer', +FROM queryAllRbacUsersWithPermissionsFor(findEffectivePermissionId('customer', (SELECT uuid FROM RbacObject WHERE objectTable = 'customer' LIMIT 1), 'add-package')); select * -FROM queryAllRbacUsersWithPermissionsFor(findPermissionId('package', +FROM queryAllRbacUsersWithPermissionsFor(findEffectivePermissionId('package', (SELECT uuid FROM RbacObject WHERE objectTable = 'package' LIMIT 1), 'DELETE')); diff --git a/src/main/resources/db/changelog/050-rbac-base.sql b/src/main/resources/db/changelog/050-rbac-base.sql index e27bd907..2992d6a9 100644 --- a/src/main/resources/db/changelog/050-rbac-base.sql +++ b/src/main/resources/db/changelog/050-rbac-base.sql @@ -443,18 +443,6 @@ begin end; $$; -create or replace function findPermissionId(forObjectUuid uuid, forOp RbacOp, forOpTableName text = null) - returns uuid - returns null on null input - stable -- leakproof - language sql as $$ -select uuid - from RbacPermission p - where p.objectUuid = forObjectUuid - and p.op = forOp - and p.opTableName = forOpTableName -$$; - create or replace function findEffectivePermissionId(forObjectUuid uuid, forOp RbacOp, forOpTableName text = null) returns uuid returns null on null input @@ -466,6 +454,18 @@ select uuid and (forOp = 'SELECT' or p.op = forOp) -- all other RbacOp include 'SELECT' and p.opTableName = forOpTableName $$; + +create or replace function findPermissionId(forObjectUuid uuid, forOp RbacOp, forOpTableName text = null) + returns uuid + returns null on null input + stable -- leakproof + language sql as $$ +select uuid + from RbacPermission p + where p.objectUuid = forObjectUuid + and p.op = forOp + and p.opTableName = forOpTableName +$$; --// -- ============================================================================