diff --git a/.aliases b/.aliases index 7fe29335..6d64df9a 100644 --- a/.aliases +++ b/.aliases @@ -13,6 +13,7 @@ gradleWrapper () { } alias podman-start='systemctl --user enable --now podman.socket && systemctl --user status podman.socket && ls -la /run/user/$UID/podman/podman.sock' +alias podman-stop='systemctl --user disable --now podman.socket && systemctl --user status podman.socket && ls -la /run/user/$UID/podman/podman.sock' alias podman-use='export DOCKER_HOST="unix:///run/user/$UID/podman/podman.sock"; export TESTCONTAINERS_RYUK_DISABLED=true' alias gw=gradleWrapper diff --git a/src/main/resources/db/changelog/050-rbac-base.sql b/src/main/resources/db/changelog/050-rbac-base.sql index 16a00197..8b98808f 100644 --- a/src/main/resources/db/changelog/050-rbac-base.sql +++ b/src/main/resources/db/changelog/050-rbac-base.sql @@ -174,33 +174,6 @@ begin return old; end; $$; -create or replace procedure generateRelatedRbacObject(targetTable varchar) - language plpgsql as $$ -declare - createInsertTriggerSQL text; - createDeleteTriggerSQL text; -begin - createInsertTriggerSQL = format($sql$ - create trigger createRbacObjectFor_%s_Trigger - before insert - on %s - for each row - execute procedure insertRelatedRbacObject(); - $sql$, targetTable, targetTable); - execute createInsertTriggerSQL; - - createDeleteTriggerSQL = format($sql$ - create trigger deleteRbacRulesFor_%s_Trigger - before delete - on %s - for each row - execute procedure deleteRelatedRbacObject(); - $sql$, targetTable, targetTable); - execute createDeleteTriggerSQL; -end; $$; - ---// - -- ============================================================================ --changeset rbac-base-ROLE:1 endDelimiter:--// diff --git a/src/main/resources/db/changelog/058-rbac-generators.sql b/src/main/resources/db/changelog/058-rbac-generators.sql new file mode 100644 index 00000000..fa23989a --- /dev/null +++ b/src/main/resources/db/changelog/058-rbac-generators.sql @@ -0,0 +1,72 @@ +--liquibase formatted sql + + +-- ============================================================================ +--changeset rbac-generators-RELATED-OBJECT:1 endDelimiter:--// +-- ---------------------------------------------------------------------------- + +create or replace procedure generateRelatedRbacObject(targetTable varchar) + language plpgsql as $$ +declare + createInsertTriggerSQL text; + createDeleteTriggerSQL text; +begin + createInsertTriggerSQL = format($sql$ + create trigger createRbacObjectFor_%s_Trigger + before insert + on %s + for each row + execute procedure insertRelatedRbacObject(); + $sql$, targetTable, targetTable); + execute createInsertTriggerSQL; + + createDeleteTriggerSQL = format($sql$ + create trigger deleteRbacRulesFor_%s_Trigger + before delete + on %s + for each row + execute procedure deleteRelatedRbacObject(); + $sql$, targetTable, targetTable); + execute createDeleteTriggerSQL; +end; $$; +--// + + +-- ============================================================================ +--changeset rbac-generators-ROLE-DESCRIPTORS:1 endDelimiter:--// +-- ---------------------------------------------------------------------------- + +create or replace procedure generateRbacRoleDescriptors(prefix text, targetTable text) + language plpgsql as $$ +declare + sql text; +begin + sql = format($sql$ + create or replace function %1$sOwner(entity %2$s) + returns RbacRoleDescriptor + language plpgsql + strict as $f$ + begin + return roleDescriptor('%2$s', entity.uuid, 'owner'); + end; $f$; + + create or replace function %1$sAdmin(entity %2$s) + returns RbacRoleDescriptor + language plpgsql + strict as $f$ + begin + return roleDescriptor('%2$s', entity.uuid, 'admin'); + end; $f$; + + create or replace function %1$sTenant(entity %2$s) + returns RbacRoleDescriptor + language plpgsql + strict as $f$ + begin + return roleDescriptor('%2$s', entity.uuid, 'tenant'); + end; $f$; + + $sql$, prefix, targetTable); + execute sql; +end; $$; +--// diff --git a/src/main/resources/db/changelog/113-test-customer-rbac.sql b/src/main/resources/db/changelog/113-test-customer-rbac.sql index 21ebfda5..380894d7 100644 --- a/src/main/resources/db/changelog/113-test-customer-rbac.sql +++ b/src/main/resources/db/changelog/113-test-customer-rbac.sql @@ -1,47 +1,16 @@ --liquibase formatted sql -- ============================================================================ ---changeset test-customer-rbac-CREATE-OBJECT:1 endDelimiter:--// +--changeset test-customer-rbac-OBJECT:1 endDelimiter:--// -- ---------------------------------------------------------------------------- - -/* - Creates the related RbacObject through a BEFORE INSERT TRIGGER. - */ -drop trigger if exists createRbacObjectForCustomer_Trigger on test_customer; -create trigger createRbacObjectForCustomer_Trigger - before insert - on test_customer - for each row -execute procedure insertRelatedRbacObject(); +call generateRelatedRbacObject('test_customer'); --// + -- ============================================================================ --changeset test-customer-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--// -- ---------------------------------------------------------------------------- - -create or replace function testCustomerOwner(customer test_customer) - returns RbacRoleDescriptor - language plpgsql - strict as $$ -begin - return roleDescriptor('test_customer', customer.uuid, 'owner'); -end; $$; - -create or replace function testCustomerAdmin(customer test_customer) - returns RbacRoleDescriptor - language plpgsql - strict as $$ -begin - return roleDescriptor('test_customer', customer.uuid, 'admin'); -end; $$; - -create or replace function testCustomerTenant(customer test_customer) - returns RbacRoleDescriptor - language plpgsql - strict as $$ -begin - return roleDescriptor('test_customer', customer.uuid, 'tenant'); -end; $$; +call generateRbacRoleDescriptors('testCustomer', 'test_customer'); --// diff --git a/src/main/resources/db/changelog/123-test-package-rbac.sql b/src/main/resources/db/changelog/123-test-package-rbac.sql index 15cc0d1b..585fb6e4 100644 --- a/src/main/resources/db/changelog/123-test-package-rbac.sql +++ b/src/main/resources/db/changelog/123-test-package-rbac.sql @@ -1,47 +1,16 @@ --liquibase formatted sql -- ============================================================================ ---changeset test-package-rbac-CREATE-OBJECT:1 endDelimiter:--// +--changeset test-package-rbac-OBJECT:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -/* - Creates the related RbacObject through a BEFORE INSERT TRIGGER. - */ -drop trigger if exists createRbacObjectForPackage_Trigger on test_package; -create trigger createRbacObjectForPackage_Trigger - before insert - on test_package - for each row -execute procedure insertRelatedRbacObject(); +call generateRelatedRbacObject('test_package'); --// -- ============================================================================ --changeset test-package-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--// -- ---------------------------------------------------------------------------- - -create or replace function testPackageOwner(pac test_package) - returns RbacRoleDescriptor - returns null on null input - language plpgsql as $$ -begin - return roleDescriptor('test_package', pac.uuid, 'owner'); -end; $$; - -create or replace function testPackageAdmin(pac test_package) - returns RbacRoleDescriptor - returns null on null input - language plpgsql as $$ -begin - return roleDescriptor('test_package', pac.uuid, 'admin'); -end; $$; - -create or replace function testPackageTenant(pac test_package) - returns RbacRoleDescriptor - returns null on null input - language plpgsql as $$ -begin - return roleDescriptor('test_package', pac.uuid, 'tenant'); -end; $$; +call generateRbacRoleDescriptors('testPackage', 'test_package'); --// diff --git a/src/main/resources/db/changelog/133-test-domain-rbac.sql b/src/main/resources/db/changelog/133-test-domain-rbac.sql index b50b5f3d..5d7158b4 100644 --- a/src/main/resources/db/changelog/133-test-domain-rbac.sql +++ b/src/main/resources/db/changelog/133-test-domain-rbac.sql @@ -1,47 +1,16 @@ --liquibase formatted sql -- ============================================================================ ---changeset test-package-rbac-CREATE-OBJECT:1 endDelimiter:--// +--changeset test-domain-rbac-OBJECT:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -/* - Creates the related RbacObject through a BEFORE INSERT TRIGGER. - */ -drop trigger if exists createRbacObjectFortest_domain_Trigger on test_domain; -create trigger createRbacObjectFortest_domain_Trigger - before insert - on test_domain - for each row -execute procedure insertRelatedRbacObject(); +call generateRelatedRbacObject('test_domain'); --// -- ============================================================================ --changeset test-domain-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--// -- ---------------------------------------------------------------------------- - -create or replace function testdomainOwner(uu test_domain) - returns RbacRoleDescriptor - returns null on null input - language plpgsql as $$ -begin - return roleDescriptor('test_domain', uu.uuid, 'owner'); -end; $$; - -create or replace function testdomainAdmin(uu test_domain) - returns RbacRoleDescriptor - returns null on null input - language plpgsql as $$ -begin - return roleDescriptor('test_domain', uu.uuid, 'admin'); -end; $$; - -create or replace function testdomainTenant(uu test_domain) - returns RbacRoleDescriptor - returns null on null input - language plpgsql as $$ -begin - return roleDescriptor('test_domain', uu.uuid, 'tenant'); -end; $$; +call generateRbacRoleDescriptors('testDomain', 'test_domain'); create or replace function createTestDomainTenantRoleIfNotExists(domain test_domain) returns uuid diff --git a/src/main/resources/db/changelog/203-hs-office-contact-rbac.sql b/src/main/resources/db/changelog/203-hs-office-contact-rbac.sql index 8967daf4..f2f4516c 100644 --- a/src/main/resources/db/changelog/203-hs-office-contact-rbac.sql +++ b/src/main/resources/db/changelog/203-hs-office-contact-rbac.sql @@ -10,30 +10,7 @@ call generateRelatedRbacObject('hs_office_contact'); -- ============================================================================ --changeset hs-office-contact-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--// -- ---------------------------------------------------------------------------- - -create or replace function hsOfficeContactOwner(contact hs_office_contact) - returns RbacRoleDescriptor - language plpgsql - strict as $$ -begin - return roleDescriptor('hs_office_contact', contact.uuid, 'owner'); -end; $$; - -create or replace function hsOfficeContactAdmin(contact hs_office_contact) - returns RbacRoleDescriptor - language plpgsql - strict as $$ -begin - return roleDescriptor('hs_office_contact', contact.uuid, 'admin'); -end; $$; - -create or replace function hsOfficeContactTenant(contact hs_office_contact) - returns RbacRoleDescriptor - language plpgsql - strict as $$ -begin - return roleDescriptor('hs_office_contact', contact.uuid, 'tenant'); -end; $$; +call generateRbacRoleDescriptors('hsOfficeContact', 'hs_office_contact'); --// diff --git a/src/main/resources/db/changelog/213-hs-office-person-rbac.sql b/src/main/resources/db/changelog/213-hs-office-person-rbac.sql index ccf37673..c7ab28ea 100644 --- a/src/main/resources/db/changelog/213-hs-office-person-rbac.sql +++ b/src/main/resources/db/changelog/213-hs-office-person-rbac.sql @@ -1,6 +1,5 @@ --liquibase formatted sql - -- ============================================================================ --changeset hs-office-person-rbac-OBJECT:1 endDelimiter:--// -- ---------------------------------------------------------------------------- @@ -11,30 +10,7 @@ call generateRelatedRbacObject('hs_office_person'); -- ============================================================================ --changeset hs-office-person-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--// -- ---------------------------------------------------------------------------- - -create or replace function hsOfficePersonOwner(person hs_office_person) - returns RbacRoleDescriptor - language plpgsql - strict as $$ -begin - return roleDescriptor('hs_office_person', person.uuid, 'owner'); -end; $$; - -create or replace function hsOfficePersonAdmin(person hs_office_person) - returns RbacRoleDescriptor - language plpgsql - strict as $$ -begin - return roleDescriptor('hs_office_person', person.uuid, 'admin'); -end; $$; - -create or replace function hsOfficePersonTenant(person hs_office_person) - returns RbacRoleDescriptor - language plpgsql - strict as $$ -begin - return roleDescriptor('hs_office_person', person.uuid, 'tenant'); -end; $$; +call generateRbacRoleDescriptors('hsOfficePerson', 'hs_office_person'); --// diff --git a/src/main/resources/db/changelog/223-hs-office-partner-rbac.sql b/src/main/resources/db/changelog/223-hs-office-partner-rbac.sql index a71331db..f89965d9 100644 --- a/src/main/resources/db/changelog/223-hs-office-partner-rbac.sql +++ b/src/main/resources/db/changelog/223-hs-office-partner-rbac.sql @@ -10,30 +10,7 @@ call generateRelatedRbacObject('hs_office_partner'); -- ============================================================================ --changeset hs-office-partner-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--// -- ---------------------------------------------------------------------------- - -create or replace function hsOfficePartnerOwner(partner hs_office_partner) - returns RbacRoleDescriptor - language plpgsql - strict as $$ -begin - return roleDescriptor('hs_office_partner', partner.uuid, 'owner'); -end; $$; - -create or replace function hsOfficePartnerAdmin(partner hs_office_partner) - returns RbacRoleDescriptor - language plpgsql - strict as $$ -begin - return roleDescriptor('hs_office_partner', partner.uuid, 'admin'); -end; $$; - -create or replace function hsOfficePartnerTenant(partner hs_office_partner) - returns RbacRoleDescriptor - language plpgsql - strict as $$ -begin - return roleDescriptor('hs_office_partner', partner.uuid, 'tenant'); -end; $$; +call generateRbacRoleDescriptors('hsOfficePartner', 'hs_office_partner'); --// diff --git a/src/main/resources/db/changelog/db.changelog-master.yaml b/src/main/resources/db/changelog/db.changelog-master.yaml index 9bc1facf..c62f182e 100644 --- a/src/main/resources/db/changelog/db.changelog-master.yaml +++ b/src/main/resources/db/changelog/db.changelog-master.yaml @@ -23,6 +23,8 @@ databaseChangeLog: file: db/changelog/055-rbac-views.sql - include: file: db/changelog/057-rbac-role-builder.sql + - include: + file: db/changelog/058-rbac-generators.sql - include: file: db/changelog/059-rbac-statistics.sql - include: