basis.currentUser(), basis.assumedRoles()

2024-09-13 09:01:15 +02:00 · 2024-09-13 09:01:15 +02:00 · d5b708933c
commit d5b708933c
parent b265e57b4b
5 changed files with 15 additions and 15 deletions
--- a/src/main/resources/db/changelog/0-basis/010-context.sql
+++ b/src/main/resources/db/changelog/0-basis/010-context.sql
@ -110,7 +110,7 @@ end; $$;
 /*
    Returns the current user as defined by `basis.defineContext(...)`.
 */
-create or replace function currentUser()
+create or replace function basis.currentUser()
    returns varchar(63)
    stable -- leakproof
    language plpgsql as $$
@ -134,7 +134,7 @@ end; $$;
    Returns assumed role names as set in `hsadminng.assumedRoles`
    or empty array, if not set.
 */
-create or replace function assumedRoles()
+create or replace function basis.assumedRoles()
    returns varchar(1023)[]
    stable -- leakproof
    language plpgsql as $$
@ -213,11 +213,11 @@ create or replace function currentSubjects()
 declare
    assumedRoles varchar(1023)[];
 begin
-    assumedRoles := assumedRoles();
+    assumedRoles := basis.assumedRoles();
    if array_length(assumedRoles, 1) > 0 then
        return assumedRoles;
    else
-        return array [currentUser()]::varchar(1023)[];
+        return array [basis.currentUser()]::varchar(1023)[];
    end if;
 end; $$;
@ -226,7 +226,7 @@ create or replace function hasAssumedRole()
    stable -- leakproof
    language plpgsql as $$
 begin
-    return array_length(assumedRoles(), 1) > 0;
+    return array_length(basis.assumedRoles(), 1) > 0;
 end; $$;
 --//
--- a/src/main/resources/db/changelog/0-basis/020-audit-log.sql
+++ b/src/main/resources/db/changelog/0-basis/020-audit-log.sql
@ -84,7 +84,7 @@ begin
    insert
        into basis.tx_context (txId, txTimestamp, currentUser, assumedRoles, currentTask, currentRequest)
            values ( curTxId, now(),
-                    currentUser(), assumedRoles(), curTask, basis.currentRequest())
+                     basis.currentUser(), basis.assumedRoles(), curTask, basis.currentRequest())
        on conflict do nothing;
    case tg_op
--- a/src/main/resources/db/changelog/1-rbac/1051-rbac-user-grant.sql
+++ b/src/main/resources/db/changelog/1-rbac/1051-rbac-user-grant.sql
@ -12,8 +12,8 @@ declare
    currentSubjectsUuids uuid[];
 begin
    -- exactly one role must be assumed, not none not more than one
-    if cardinality(assumedRoles()) <> 1 then
+    if cardinality(basis.assumedRoles()) <> 1 then
-        raise exception '[400] Granting roles to user is only possible if exactly one role is assumed, given: %', assumedRoles();
+        raise exception '[400] Granting roles to user is only possible if exactly one role is assumed, given: %', basis.assumedRoles();
    end if;
    currentSubjectsUuids := currentSubjectsUuids();
--- a/src/main/resources/db/changelog/1-rbac/1054-rbac-context.sql
+++ b/src/main/resources/db/changelog/1-rbac/1054-rbac-context.sql
@ -66,10 +66,10 @@ begin
                  and r.roleType = roleTypeToAssume
                into roleUuidToAssume;
            if roleUuidToAssume is null then
-                raise exception '[403] role % does not exist or is not accessible for user %', roleName, currentUser();
+                raise exception '[403] role % does not exist or is not accessible for user %', roleName, basis.currentUser();
            end if;
            if not isGranted(currentUserUuid, roleUuidToAssume) then
-                raise exception '[403] user % has no permission to assume role %', currentUser(), roleName;
+                raise exception '[403] user % has no permission to assume role %', basis.currentUser(), roleName;
            end if;
            roleIdsToAssume := roleIdsToAssume || roleUuidToAssume;
        end loop;
@ -132,7 +132,7 @@ begin
            currentUserUuid := null;
    end;
    if (currentUserUuid is null or currentUserUuid = '') then
-        currentUserName := currentUser();
+        currentUserName := basis.currentUser();
        if (length(currentUserName) > 0) then
            raise exception '[401] currentUserUuid cannot be determined, unknown user name "%"', currentUserName;
        else
@ -166,7 +166,7 @@ begin
            currentSubjectsUuids := null;
    end;
    if (currentSubjectsUuids is null or length(currentSubjectsUuids) = 0 ) then
-        currentUserName := currentUser();
+        currentUserName := basis.currentUser();
        if (length(currentUserName) > 0) then
            raise exception '[401] currentSubjectsUuids (%) cannot be determined, unknown user name "%"', currentSubjectsUuids, currentUserName;
        else
--- a/src/main/resources/db/changelog/1-rbac/1055-rbac-views.sql
+++ b/src/main/resources/db/changelog/1-rbac/1055-rbac-views.sql
@ -241,7 +241,7 @@ create or replace view RbacUser_rv as
            union
            select users.*
                from RbacUser as users
-                where cardinality(assumedRoles()) = 0 and
+                where cardinality(basis.assumedRoles()) = 0 and
                        (currentUserUuid() = users.uuid or hasGlobalRoleGranted(currentUserUuid()))
        ) as unordered
@ -303,7 +303,7 @@ begin
        delete from RbacUser where uuid = old.uuid;
        return old;
    end if;
-    raise exception '[403] User % not allowed to delete user uuid %', currentUser(), old.uuid;
+    raise exception '[403] User % not allowed to delete user uuid %', basis.currentUser(), old.uuid;
 end; $$;
 /*
@ -354,7 +354,7 @@ begin
    currentUserUuid := currentUserUuid();
    if hasGlobalRoleGranted(targetUserUuid) and not hasGlobalRoleGranted(currentUserUuid) then
-        raise exception '[403] permissions of user "%" are not accessible to user "%"', targetUserUuid, currentUser();
+        raise exception '[403] permissions of user "%" are not accessible to user "%"', targetUserUuid, basis.currentUser();
    end if;
    return query select