From cfb3c6d8b43a643f17ed4450945cd1562b147dfa Mon Sep 17 00:00:00 2001 From: Michael Hoennig Date: Thu, 28 Mar 2024 12:04:51 +0100 Subject: [PATCH] fix issues from code-review --- .../rbac/rbac-grant-schemas.yaml | 2 +- .../resources/db/changelog/010-context.sql | 24 +++++-------------- .../resources/db/changelog/020-audit-log.sql | 2 +- 3 files changed, 8 insertions(+), 20 deletions(-) diff --git a/src/main/resources/api-definition/rbac/rbac-grant-schemas.yaml b/src/main/resources/api-definition/rbac/rbac-grant-schemas.yaml index 01a0b63f..12a2cbbd 100644 --- a/src/main/resources/api-definition/rbac/rbac-grant-schemas.yaml +++ b/src/main/resources/api-definition/rbac/rbac-grant-schemas.yaml @@ -8,7 +8,7 @@ components: properties: grantedByRoleIdName: type: string - userGrantsByRoleUuid: + grantedByRoleUuid: type: string format: uuid assumed: diff --git a/src/main/resources/db/changelog/010-context.sql b/src/main/resources/db/changelog/010-context.sql index 5a9c6b99..66ebacc3 100644 --- a/src/main/resources/db/changelog/010-context.sql +++ b/src/main/resources/db/changelog/010-context.sql @@ -87,11 +87,11 @@ end; $$; Raises exception if not set. */ create or replace function currentRequest() - returns varchar(512) + returns text stable -- leakproof language plpgsql as $$ declare - currentRequest varchar(512); + currentRequest text; begin begin currentRequest := current_setting('hsadminng.currentRequest'); @@ -138,20 +138,8 @@ create or replace function assumedRoles() returns varchar(1023)[] stable -- leakproof language plpgsql as $$ -declare - currentSubject varchar(1023); begin - begin - currentSubject := current_setting('hsadminng.assumedRoles'); - exception - when undefined_object then - return array ['error']::varchar[]; - end; - - if (currentSubject = '') then - return array ['empty']::varchar[]; - end if; - return string_to_array(currentSubject, ';'); + return string_to_array(current_setting('hsadminng.assumedRoles', true), ';'); end; $$; create or replace function cleanIdentifier(rawIdentifier varchar) @@ -220,17 +208,17 @@ begin end ; $$; create or replace function currentSubjects() - returns varchar(127)[] + returns varchar(1023)[] stable -- leakproof language plpgsql as $$ declare - assumedRoles varchar(127)[]; + assumedRoles varchar(1023)[]; begin assumedRoles := assumedRoles(); if array_length(assumedRoles, 1) > 0 then return assumedRoles; else - return array [currentUser()]::varchar(127)[]; + return array [currentUser()]::varchar(1023)[]; end if; end; $$; diff --git a/src/main/resources/db/changelog/020-audit-log.sql b/src/main/resources/db/changelog/020-audit-log.sql index 543fc153..2491218d 100644 --- a/src/main/resources/db/changelog/020-audit-log.sql +++ b/src/main/resources/db/changelog/020-audit-log.sql @@ -29,7 +29,7 @@ create table tx_context currentUser varchar(63) not null, -- not the uuid, because users can be deleted assumedRoles varchar(1023) not null, -- not the uuids, because roles can be deleted currentTask varchar(96) not null, - currentRequest text not null + currentRequest text not null ); create index on tx_context using brin (txTimestamp);