rbac.grants_rv + rbac.grants_ev
This commit is contained in:
parent
920cd9eead
commit
d522b1cb42
@ -12,7 +12,7 @@ import java.util.List;
|
||||
import java.util.UUID;
|
||||
|
||||
@Entity
|
||||
@Table(name = "rbacgrants_ev")
|
||||
@Table(schema = "rbac", name = "grants_ev")
|
||||
@Getter
|
||||
@Setter
|
||||
@Builder
|
||||
|
@ -8,7 +8,7 @@ import jakarta.persistence.*;
|
||||
import java.util.UUID;
|
||||
|
||||
@Entity
|
||||
@Table(name = "rbacgrants_rv")
|
||||
@Table(schema = "rbac", name = "grants_rv")
|
||||
@IdClass(RbacGrantId.class)
|
||||
@Getter
|
||||
@Setter
|
||||
|
@ -52,8 +52,8 @@ grant all privileges on rbac.role_rv to ${HSADMINNG_POSTGRES_RESTRICTED_USERNAME
|
||||
Creates a view to the grants table with additional columns
|
||||
for easier human readability.
|
||||
*/
|
||||
drop view if exists rbacgrants_ev;
|
||||
create or replace view rbacgrants_ev as
|
||||
drop view if exists rbac.grants_ev;
|
||||
create or replace view rbac.grants_ev as
|
||||
-- @formatter:off
|
||||
select x.grantUuid as uuid,
|
||||
x.grantedByTriggerOf as grantedByTriggerOf,
|
||||
@ -112,8 +112,7 @@ create or replace view rbacgrants_ev as
|
||||
Creates a view to the grants table with row-level limitation
|
||||
based on the direct grants of the current user.
|
||||
*/
|
||||
drop view if exists rbacgrants_rv;
|
||||
create or replace view rbacgrants_rv as
|
||||
create or replace view rbac.grants_rv as
|
||||
-- @formatter:off
|
||||
select o.objectTable || '#' || base.findIdNameByObjectUuid(o.objectTable, o.uuid) || ':' || r.roletype as grantedByRoleIdName,
|
||||
g.objectTable || '#' || g.objectIdName || ':' || g.roletype as grantedRoleIdName, g.userName, g.assumed,
|
||||
@ -142,28 +141,28 @@ grant all privileges on rbac.role_rv to ${HSADMINNG_POSTGRES_RESTRICTED_USERNAME
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
/**
|
||||
Instead of insert trigger function for RbacGrants_RV.
|
||||
Instead of insert trigger function for rbac.grants_rv.
|
||||
*/
|
||||
create or replace function rbac.insert_grant_tf()
|
||||
returns trigger
|
||||
language plpgsql as $$
|
||||
declare
|
||||
newGrant RbacGrants_RV;
|
||||
newGrant rbac.grants_rv;
|
||||
begin
|
||||
call rbac.grantRoleToSubject(rbac.assumedRoleUuid(), new.grantedRoleUuid, new.subjectUuid, new.assumed);
|
||||
select grv.*
|
||||
from RbacGrants_RV grv
|
||||
from rbac.grants_rv grv
|
||||
where grv.subjectUuid=new.subjectUuid and grv.grantedRoleUuid=new.grantedRoleUuid
|
||||
into newGrant;
|
||||
return newGrant;
|
||||
end; $$;
|
||||
|
||||
/*
|
||||
Creates an instead of insert trigger for the RbacGrants_rv view.
|
||||
Creates an instead of insert trigger for the rbac.grants_rv view.
|
||||
*/
|
||||
create trigger insert_grant_tg
|
||||
instead of insert
|
||||
on RbacGrants_rv
|
||||
on rbac.grants_rv
|
||||
for each row
|
||||
execute function rbac.insert_grant_tf();
|
||||
--/
|
||||
@ -174,7 +173,7 @@ execute function rbac.insert_grant_tf();
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
/**
|
||||
Instead of delete trigger function for RbacGrants_RV.
|
||||
Instead of delete trigger function for rbac.grants_rv.
|
||||
|
||||
Checks if the current subject or assumed role have the permission to revoke the grant.
|
||||
*/
|
||||
@ -187,11 +186,11 @@ begin
|
||||
end; $$;
|
||||
|
||||
/*
|
||||
Creates an instead of delete trigger for the RbacGrants_rv view.
|
||||
Creates an instead of delete trigger for the rbac.grants_rv view.
|
||||
*/
|
||||
create trigger delete_grant_tg
|
||||
instead of delete
|
||||
on RbacGrants_rv
|
||||
on rbac.grants_rv
|
||||
for each row
|
||||
execute function rbac.delete_grant_tf();
|
||||
--/
|
||||
|
Loading…
Reference in New Issue
Block a user