rbac.grants_rv + rbac.grants_ev

2024-09-14 11:15:17 +02:00 · 2024-09-14 11:15:17 +02:00 · d522b1cb42
commit d522b1cb42
parent 920cd9eead
3 changed files with 13 additions and 14 deletions
--- a/src/main/java/net/hostsharing/hsadminng/rbac/rbacgrant/RawRbacGrantEntity.java
+++ b/src/main/java/net/hostsharing/hsadminng/rbac/rbacgrant/RawRbacGrantEntity.java
@ -12,7 +12,7 @@ import java.util.List;
 import java.util.UUID;
@Entity
-@Table(name = "rbacgrants_ev")
+@Table(schema = "rbac", name = "grants_ev")
@Getter
@Setter
@Builder
--- a/src/main/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantEntity.java
+++ b/src/main/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantEntity.java
@ -8,7 +8,7 @@ import jakarta.persistence.*;
 import java.util.UUID;
@Entity
-@Table(name = "rbacgrants_rv")
+@Table(schema = "rbac", name = "grants_rv")
@IdClass(RbacGrantId.class)
@Getter
@Setter
--- a/src/main/resources/db/changelog/1-rbac/1055-rbac-views.sql
+++ b/src/main/resources/db/changelog/1-rbac/1055-rbac-views.sql
@ -52,8 +52,8 @@ grant all privileges on rbac.role_rv to ${HSADMINNG_POSTGRES_RESTRICTED_USERNAME
    Creates a view to the grants table with additional columns
    for easier human readability.
 */
-drop view if exists rbacgrants_ev;
+drop view if exists rbac.grants_ev;
-create or replace view rbacgrants_ev as
+create or replace view rbac.grants_ev as
    -- @formatter:off
    select x.grantUuid as uuid,
           x.grantedByTriggerOf as grantedByTriggerOf,
@ -112,8 +112,7 @@ create or replace view rbacgrants_ev as
    Creates a view to the grants table with row-level limitation
    based on the direct grants of the current user.
 */
-drop view if exists rbacgrants_rv;
+create or replace view rbac.grants_rv as
 create or replace view rbacgrants_rv as
 -- @formatter:off
 select o.objectTable || '#' || base.findIdNameByObjectUuid(o.objectTable, o.uuid) || ':' || r.roletype as grantedByRoleIdName,
       g.objectTable || '#' || g.objectIdName || ':' || g.roletype as grantedRoleIdName, g.userName, g.assumed,
@ -142,28 +141,28 @@ grant all privileges on rbac.role_rv to ${HSADMINNG_POSTGRES_RESTRICTED_USERNAME
 -- ----------------------------------------------------------------------------
 /**
-    Instead of insert trigger function for RbacGrants_RV.
+    Instead of insert trigger function for rbac.grants_rv.
 */
 create or replace function rbac.insert_grant_tf()
    returns trigger
    language plpgsql as $$
 declare
-    newGrant RbacGrants_RV;
+    newGrant rbac.grants_rv;
 begin
    call rbac.grantRoleToSubject(rbac.assumedRoleUuid(), new.grantedRoleUuid, new.subjectUuid, new.assumed);
    select grv.*
-        from RbacGrants_RV grv
+        from rbac.grants_rv grv
        where grv.subjectUuid=new.subjectUuid and grv.grantedRoleUuid=new.grantedRoleUuid
        into newGrant;
    return newGrant;
 end; $$;
 /*
-    Creates an instead of insert trigger for the RbacGrants_rv view.
+    Creates an instead of insert trigger for the rbac.grants_rv view.
 */
 create trigger insert_grant_tg
    instead of insert
-    on RbacGrants_rv
+    on rbac.grants_rv
    for each row
 execute function rbac.insert_grant_tf();
 --/
@ -174,7 +173,7 @@ execute function rbac.insert_grant_tf();
 -- ----------------------------------------------------------------------------
 /**
-    Instead of delete trigger function for RbacGrants_RV.
+    Instead of delete trigger function for rbac.grants_rv.
    Checks if the current subject or assumed role have the permission to revoke the grant.
 */
@ -187,11 +186,11 @@ begin
 end; $$;
 /*
-    Creates an instead of delete trigger for the RbacGrants_rv view.
+    Creates an instead of delete trigger for the rbac.grants_rv view.
 */
 create trigger delete_grant_tg
    instead of delete
-    on RbacGrants_rv
+    on rbac.grants_rv
    for each row
 execute function rbac.delete_grant_tf();
 --/