basis.currentUser(), basis.assumedRoles()

src/main/resources/db/changelog/0-basis/010-context.sql

@@ -110,7 +110,7 @@ end; $$;
 /*
     Returns the current user as defined by `basis.defineContext(...)`.
  */
-create or replace function currentUser()
+create or replace function basis.currentUser()
     returns varchar(63)
     stable -- leakproof
     language plpgsql as $$
@@ -134,7 +134,7 @@ end; $$;
     Returns assumed role names as set in `hsadminng.assumedRoles`
     or empty array, if not set.
  */
-create or replace function assumedRoles()
+create or replace function basis.assumedRoles()
     returns varchar(1023)[]
     stable -- leakproof
     language plpgsql as $$
@@ -213,11 +213,11 @@ create or replace function currentSubjects()
 declare
     assumedRoles varchar(1023)[];
 begin
-    assumedRoles := assumedRoles();
+    assumedRoles := basis.assumedRoles();
     if array_length(assumedRoles, 1) > 0 then
         return assumedRoles;
     else
-        return array [currentUser()]::varchar(1023)[];
+        return array [basis.currentUser()]::varchar(1023)[];
     end if;
 end; $$;
 
@@ -226,7 +226,7 @@ create or replace function hasAssumedRole()
     stable -- leakproof
     language plpgsql as $$
 begin
-    return array_length(assumedRoles(), 1) > 0;
+    return array_length(basis.assumedRoles(), 1) > 0;
 end; $$;
 --//
 

src/main/resources/db/changelog/0-basis/020-audit-log.sql

@@ -84,7 +84,7 @@ begin
     insert
         into basis.tx_context (txId, txTimestamp, currentUser, assumedRoles, currentTask, currentRequest)
             values ( curTxId, now(),
-                    currentUser(), assumedRoles(), curTask, basis.currentRequest())
+                     basis.currentUser(), basis.assumedRoles(), curTask, basis.currentRequest())
         on conflict do nothing;
 
     case tg_op

src/main/resources/db/changelog/1-rbac/1051-rbac-user-grant.sql

@@ -12,8 +12,8 @@ declare
     currentSubjectsUuids uuid[];
 begin
     -- exactly one role must be assumed, not none not more than one
-    if cardinality(assumedRoles()) <> 1 then
-        raise exception '[400] Granting roles to user is only possible if exactly one role is assumed, given: %', assumedRoles();
+    if cardinality(basis.assumedRoles()) <> 1 then
+        raise exception '[400] Granting roles to user is only possible if exactly one role is assumed, given: %', basis.assumedRoles();
     end if;
 
     currentSubjectsUuids := currentSubjectsUuids();

src/main/resources/db/changelog/1-rbac/1054-rbac-context.sql

@@ -66,10 +66,10 @@ begin
                   and r.roleType = roleTypeToAssume
                 into roleUuidToAssume;
             if roleUuidToAssume is null then
-                raise exception '[403] role % does not exist or is not accessible for user %', roleName, currentUser();
+                raise exception '[403] role % does not exist or is not accessible for user %', roleName, basis.currentUser();
             end if;
             if not isGranted(currentUserUuid, roleUuidToAssume) then
-                raise exception '[403] user % has no permission to assume role %', currentUser(), roleName;
+                raise exception '[403] user % has no permission to assume role %', basis.currentUser(), roleName;
             end if;
             roleIdsToAssume := roleIdsToAssume || roleUuidToAssume;
         end loop;
@@ -132,7 +132,7 @@ begin
             currentUserUuid := null;
     end;
     if (currentUserUuid is null or currentUserUuid = '') then
-        currentUserName := currentUser();
+        currentUserName := basis.currentUser();
         if (length(currentUserName) > 0) then
             raise exception '[401] currentUserUuid cannot be determined, unknown user name "%"', currentUserName;
         else
@@ -166,7 +166,7 @@ begin
             currentSubjectsUuids := null;
     end;
     if (currentSubjectsUuids is null or length(currentSubjectsUuids) = 0 ) then
-        currentUserName := currentUser();
+        currentUserName := basis.currentUser();
         if (length(currentUserName) > 0) then
             raise exception '[401] currentSubjectsUuids (%) cannot be determined, unknown user name "%"', currentSubjectsUuids, currentUserName;
         else

src/main/resources/db/changelog/1-rbac/1055-rbac-views.sql

@@ -241,7 +241,7 @@ create or replace view RbacUser_rv as
             union
             select users.*
                 from RbacUser as users
-                where cardinality(assumedRoles()) = 0 and
+                where cardinality(basis.assumedRoles()) = 0 and
                         (currentUserUuid() = users.uuid or hasGlobalRoleGranted(currentUserUuid()))
 
         ) as unordered
@@ -303,7 +303,7 @@ begin
         delete from RbacUser where uuid = old.uuid;
         return old;
     end if;
-    raise exception '[403] User % not allowed to delete user uuid %', currentUser(), old.uuid;
+    raise exception '[403] User % not allowed to delete user uuid %', basis.currentUser(), old.uuid;
 end; $$;
 
 /*
@@ -354,7 +354,7 @@ begin
     currentUserUuid := currentUserUuid();
 
     if hasGlobalRoleGranted(targetUserUuid) and not hasGlobalRoleGranted(currentUserUuid) then
-        raise exception '[403] permissions of user "%" are not accessible to user "%"', targetUserUuid, currentUser();
+        raise exception '[403] permissions of user "%" are not accessible to user "%"', targetUserUuid, basis.currentUser();
     end if;
 
     return query select