introduce 058-rbac-generators.sql with generateRelatedRbacObject+generateRbacRoleDescriptors
This commit is contained in:
parent
1dd63161ab
commit
d63e3f31e9
1
.aliases
1
.aliases
@ -13,6 +13,7 @@ gradleWrapper () {
|
|||||||
}
|
}
|
||||||
|
|
||||||
alias podman-start='systemctl --user enable --now podman.socket && systemctl --user status podman.socket && ls -la /run/user/$UID/podman/podman.sock'
|
alias podman-start='systemctl --user enable --now podman.socket && systemctl --user status podman.socket && ls -la /run/user/$UID/podman/podman.sock'
|
||||||
|
alias podman-stop='systemctl --user disable --now podman.socket && systemctl --user status podman.socket && ls -la /run/user/$UID/podman/podman.sock'
|
||||||
alias podman-use='export DOCKER_HOST="unix:///run/user/$UID/podman/podman.sock"; export TESTCONTAINERS_RYUK_DISABLED=true'
|
alias podman-use='export DOCKER_HOST="unix:///run/user/$UID/podman/podman.sock"; export TESTCONTAINERS_RYUK_DISABLED=true'
|
||||||
|
|
||||||
alias gw=gradleWrapper
|
alias gw=gradleWrapper
|
||||||
|
@ -174,33 +174,6 @@ begin
|
|||||||
return old;
|
return old;
|
||||||
end; $$;
|
end; $$;
|
||||||
|
|
||||||
create or replace procedure generateRelatedRbacObject(targetTable varchar)
|
|
||||||
language plpgsql as $$
|
|
||||||
declare
|
|
||||||
createInsertTriggerSQL text;
|
|
||||||
createDeleteTriggerSQL text;
|
|
||||||
begin
|
|
||||||
createInsertTriggerSQL = format($sql$
|
|
||||||
create trigger createRbacObjectFor_%s_Trigger
|
|
||||||
before insert
|
|
||||||
on %s
|
|
||||||
for each row
|
|
||||||
execute procedure insertRelatedRbacObject();
|
|
||||||
$sql$, targetTable, targetTable);
|
|
||||||
execute createInsertTriggerSQL;
|
|
||||||
|
|
||||||
createDeleteTriggerSQL = format($sql$
|
|
||||||
create trigger deleteRbacRulesFor_%s_Trigger
|
|
||||||
before delete
|
|
||||||
on %s
|
|
||||||
for each row
|
|
||||||
execute procedure deleteRelatedRbacObject();
|
|
||||||
$sql$, targetTable, targetTable);
|
|
||||||
execute createDeleteTriggerSQL;
|
|
||||||
end; $$;
|
|
||||||
|
|
||||||
--//
|
|
||||||
|
|
||||||
|
|
||||||
-- ============================================================================
|
-- ============================================================================
|
||||||
--changeset rbac-base-ROLE:1 endDelimiter:--//
|
--changeset rbac-base-ROLE:1 endDelimiter:--//
|
||||||
|
72
src/main/resources/db/changelog/058-rbac-generators.sql
Normal file
72
src/main/resources/db/changelog/058-rbac-generators.sql
Normal file
@ -0,0 +1,72 @@
|
|||||||
|
--liquibase formatted sql
|
||||||
|
|
||||||
|
|
||||||
|
-- ============================================================================
|
||||||
|
--changeset rbac-generators-RELATED-OBJECT:1 endDelimiter:--//
|
||||||
|
-- ----------------------------------------------------------------------------
|
||||||
|
|
||||||
|
create or replace procedure generateRelatedRbacObject(targetTable varchar)
|
||||||
|
language plpgsql as $$
|
||||||
|
declare
|
||||||
|
createInsertTriggerSQL text;
|
||||||
|
createDeleteTriggerSQL text;
|
||||||
|
begin
|
||||||
|
createInsertTriggerSQL = format($sql$
|
||||||
|
create trigger createRbacObjectFor_%s_Trigger
|
||||||
|
before insert
|
||||||
|
on %s
|
||||||
|
for each row
|
||||||
|
execute procedure insertRelatedRbacObject();
|
||||||
|
$sql$, targetTable, targetTable);
|
||||||
|
execute createInsertTriggerSQL;
|
||||||
|
|
||||||
|
createDeleteTriggerSQL = format($sql$
|
||||||
|
create trigger deleteRbacRulesFor_%s_Trigger
|
||||||
|
before delete
|
||||||
|
on %s
|
||||||
|
for each row
|
||||||
|
execute procedure deleteRelatedRbacObject();
|
||||||
|
$sql$, targetTable, targetTable);
|
||||||
|
execute createDeleteTriggerSQL;
|
||||||
|
end; $$;
|
||||||
|
--//
|
||||||
|
|
||||||
|
|
||||||
|
-- ============================================================================
|
||||||
|
--changeset rbac-generators-ROLE-DESCRIPTORS:1 endDelimiter:--//
|
||||||
|
-- ----------------------------------------------------------------------------
|
||||||
|
|
||||||
|
create or replace procedure generateRbacRoleDescriptors(prefix text, targetTable text)
|
||||||
|
language plpgsql as $$
|
||||||
|
declare
|
||||||
|
sql text;
|
||||||
|
begin
|
||||||
|
sql = format($sql$
|
||||||
|
create or replace function %1$sOwner(entity %2$s)
|
||||||
|
returns RbacRoleDescriptor
|
||||||
|
language plpgsql
|
||||||
|
strict as $f$
|
||||||
|
begin
|
||||||
|
return roleDescriptor('%2$s', entity.uuid, 'owner');
|
||||||
|
end; $f$;
|
||||||
|
|
||||||
|
create or replace function %1$sAdmin(entity %2$s)
|
||||||
|
returns RbacRoleDescriptor
|
||||||
|
language plpgsql
|
||||||
|
strict as $f$
|
||||||
|
begin
|
||||||
|
return roleDescriptor('%2$s', entity.uuid, 'admin');
|
||||||
|
end; $f$;
|
||||||
|
|
||||||
|
create or replace function %1$sTenant(entity %2$s)
|
||||||
|
returns RbacRoleDescriptor
|
||||||
|
language plpgsql
|
||||||
|
strict as $f$
|
||||||
|
begin
|
||||||
|
return roleDescriptor('%2$s', entity.uuid, 'tenant');
|
||||||
|
end; $f$;
|
||||||
|
|
||||||
|
$sql$, prefix, targetTable);
|
||||||
|
execute sql;
|
||||||
|
end; $$;
|
||||||
|
--//
|
@ -1,47 +1,16 @@
|
|||||||
--liquibase formatted sql
|
--liquibase formatted sql
|
||||||
|
|
||||||
-- ============================================================================
|
-- ============================================================================
|
||||||
--changeset test-customer-rbac-CREATE-OBJECT:1 endDelimiter:--//
|
--changeset test-customer-rbac-OBJECT:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
|
call generateRelatedRbacObject('test_customer');
|
||||||
/*
|
|
||||||
Creates the related RbacObject through a BEFORE INSERT TRIGGER.
|
|
||||||
*/
|
|
||||||
drop trigger if exists createRbacObjectForCustomer_Trigger on test_customer;
|
|
||||||
create trigger createRbacObjectForCustomer_Trigger
|
|
||||||
before insert
|
|
||||||
on test_customer
|
|
||||||
for each row
|
|
||||||
execute procedure insertRelatedRbacObject();
|
|
||||||
--//
|
--//
|
||||||
|
|
||||||
|
|
||||||
-- ============================================================================
|
-- ============================================================================
|
||||||
--changeset test-customer-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--//
|
--changeset test-customer-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
|
call generateRbacRoleDescriptors('testCustomer', 'test_customer');
|
||||||
create or replace function testCustomerOwner(customer test_customer)
|
|
||||||
returns RbacRoleDescriptor
|
|
||||||
language plpgsql
|
|
||||||
strict as $$
|
|
||||||
begin
|
|
||||||
return roleDescriptor('test_customer', customer.uuid, 'owner');
|
|
||||||
end; $$;
|
|
||||||
|
|
||||||
create or replace function testCustomerAdmin(customer test_customer)
|
|
||||||
returns RbacRoleDescriptor
|
|
||||||
language plpgsql
|
|
||||||
strict as $$
|
|
||||||
begin
|
|
||||||
return roleDescriptor('test_customer', customer.uuid, 'admin');
|
|
||||||
end; $$;
|
|
||||||
|
|
||||||
create or replace function testCustomerTenant(customer test_customer)
|
|
||||||
returns RbacRoleDescriptor
|
|
||||||
language plpgsql
|
|
||||||
strict as $$
|
|
||||||
begin
|
|
||||||
return roleDescriptor('test_customer', customer.uuid, 'tenant');
|
|
||||||
end; $$;
|
|
||||||
--//
|
--//
|
||||||
|
|
||||||
|
|
||||||
|
@ -1,47 +1,16 @@
|
|||||||
--liquibase formatted sql
|
--liquibase formatted sql
|
||||||
|
|
||||||
-- ============================================================================
|
-- ============================================================================
|
||||||
--changeset test-package-rbac-CREATE-OBJECT:1 endDelimiter:--//
|
--changeset test-package-rbac-OBJECT:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
/*
|
call generateRelatedRbacObject('test_package');
|
||||||
Creates the related RbacObject through a BEFORE INSERT TRIGGER.
|
|
||||||
*/
|
|
||||||
drop trigger if exists createRbacObjectForPackage_Trigger on test_package;
|
|
||||||
create trigger createRbacObjectForPackage_Trigger
|
|
||||||
before insert
|
|
||||||
on test_package
|
|
||||||
for each row
|
|
||||||
execute procedure insertRelatedRbacObject();
|
|
||||||
--//
|
--//
|
||||||
|
|
||||||
|
|
||||||
-- ============================================================================
|
-- ============================================================================
|
||||||
--changeset test-package-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--//
|
--changeset test-package-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
|
call generateRbacRoleDescriptors('testPackage', 'test_package');
|
||||||
create or replace function testPackageOwner(pac test_package)
|
|
||||||
returns RbacRoleDescriptor
|
|
||||||
returns null on null input
|
|
||||||
language plpgsql as $$
|
|
||||||
begin
|
|
||||||
return roleDescriptor('test_package', pac.uuid, 'owner');
|
|
||||||
end; $$;
|
|
||||||
|
|
||||||
create or replace function testPackageAdmin(pac test_package)
|
|
||||||
returns RbacRoleDescriptor
|
|
||||||
returns null on null input
|
|
||||||
language plpgsql as $$
|
|
||||||
begin
|
|
||||||
return roleDescriptor('test_package', pac.uuid, 'admin');
|
|
||||||
end; $$;
|
|
||||||
|
|
||||||
create or replace function testPackageTenant(pac test_package)
|
|
||||||
returns RbacRoleDescriptor
|
|
||||||
returns null on null input
|
|
||||||
language plpgsql as $$
|
|
||||||
begin
|
|
||||||
return roleDescriptor('test_package', pac.uuid, 'tenant');
|
|
||||||
end; $$;
|
|
||||||
--//
|
--//
|
||||||
|
|
||||||
|
|
||||||
|
@ -1,47 +1,16 @@
|
|||||||
--liquibase formatted sql
|
--liquibase formatted sql
|
||||||
|
|
||||||
-- ============================================================================
|
-- ============================================================================
|
||||||
--changeset test-package-rbac-CREATE-OBJECT:1 endDelimiter:--//
|
--changeset test-domain-rbac-OBJECT:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
/*
|
call generateRelatedRbacObject('test_domain');
|
||||||
Creates the related RbacObject through a BEFORE INSERT TRIGGER.
|
|
||||||
*/
|
|
||||||
drop trigger if exists createRbacObjectFortest_domain_Trigger on test_domain;
|
|
||||||
create trigger createRbacObjectFortest_domain_Trigger
|
|
||||||
before insert
|
|
||||||
on test_domain
|
|
||||||
for each row
|
|
||||||
execute procedure insertRelatedRbacObject();
|
|
||||||
--//
|
--//
|
||||||
|
|
||||||
|
|
||||||
-- ============================================================================
|
-- ============================================================================
|
||||||
--changeset test-domain-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--//
|
--changeset test-domain-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
|
call generateRbacRoleDescriptors('testDomain', 'test_domain');
|
||||||
create or replace function testdomainOwner(uu test_domain)
|
|
||||||
returns RbacRoleDescriptor
|
|
||||||
returns null on null input
|
|
||||||
language plpgsql as $$
|
|
||||||
begin
|
|
||||||
return roleDescriptor('test_domain', uu.uuid, 'owner');
|
|
||||||
end; $$;
|
|
||||||
|
|
||||||
create or replace function testdomainAdmin(uu test_domain)
|
|
||||||
returns RbacRoleDescriptor
|
|
||||||
returns null on null input
|
|
||||||
language plpgsql as $$
|
|
||||||
begin
|
|
||||||
return roleDescriptor('test_domain', uu.uuid, 'admin');
|
|
||||||
end; $$;
|
|
||||||
|
|
||||||
create or replace function testdomainTenant(uu test_domain)
|
|
||||||
returns RbacRoleDescriptor
|
|
||||||
returns null on null input
|
|
||||||
language plpgsql as $$
|
|
||||||
begin
|
|
||||||
return roleDescriptor('test_domain', uu.uuid, 'tenant');
|
|
||||||
end; $$;
|
|
||||||
|
|
||||||
create or replace function createTestDomainTenantRoleIfNotExists(domain test_domain)
|
create or replace function createTestDomainTenantRoleIfNotExists(domain test_domain)
|
||||||
returns uuid
|
returns uuid
|
||||||
|
@ -10,30 +10,7 @@ call generateRelatedRbacObject('hs_office_contact');
|
|||||||
-- ============================================================================
|
-- ============================================================================
|
||||||
--changeset hs-office-contact-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--//
|
--changeset hs-office-contact-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
|
call generateRbacRoleDescriptors('hsOfficeContact', 'hs_office_contact');
|
||||||
create or replace function hsOfficeContactOwner(contact hs_office_contact)
|
|
||||||
returns RbacRoleDescriptor
|
|
||||||
language plpgsql
|
|
||||||
strict as $$
|
|
||||||
begin
|
|
||||||
return roleDescriptor('hs_office_contact', contact.uuid, 'owner');
|
|
||||||
end; $$;
|
|
||||||
|
|
||||||
create or replace function hsOfficeContactAdmin(contact hs_office_contact)
|
|
||||||
returns RbacRoleDescriptor
|
|
||||||
language plpgsql
|
|
||||||
strict as $$
|
|
||||||
begin
|
|
||||||
return roleDescriptor('hs_office_contact', contact.uuid, 'admin');
|
|
||||||
end; $$;
|
|
||||||
|
|
||||||
create or replace function hsOfficeContactTenant(contact hs_office_contact)
|
|
||||||
returns RbacRoleDescriptor
|
|
||||||
language plpgsql
|
|
||||||
strict as $$
|
|
||||||
begin
|
|
||||||
return roleDescriptor('hs_office_contact', contact.uuid, 'tenant');
|
|
||||||
end; $$;
|
|
||||||
--//
|
--//
|
||||||
|
|
||||||
|
|
||||||
|
@ -1,6 +1,5 @@
|
|||||||
--liquibase formatted sql
|
--liquibase formatted sql
|
||||||
|
|
||||||
|
|
||||||
-- ============================================================================
|
-- ============================================================================
|
||||||
--changeset hs-office-person-rbac-OBJECT:1 endDelimiter:--//
|
--changeset hs-office-person-rbac-OBJECT:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
@ -11,30 +10,7 @@ call generateRelatedRbacObject('hs_office_person');
|
|||||||
-- ============================================================================
|
-- ============================================================================
|
||||||
--changeset hs-office-person-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--//
|
--changeset hs-office-person-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
|
call generateRbacRoleDescriptors('hsOfficePerson', 'hs_office_person');
|
||||||
create or replace function hsOfficePersonOwner(person hs_office_person)
|
|
||||||
returns RbacRoleDescriptor
|
|
||||||
language plpgsql
|
|
||||||
strict as $$
|
|
||||||
begin
|
|
||||||
return roleDescriptor('hs_office_person', person.uuid, 'owner');
|
|
||||||
end; $$;
|
|
||||||
|
|
||||||
create or replace function hsOfficePersonAdmin(person hs_office_person)
|
|
||||||
returns RbacRoleDescriptor
|
|
||||||
language plpgsql
|
|
||||||
strict as $$
|
|
||||||
begin
|
|
||||||
return roleDescriptor('hs_office_person', person.uuid, 'admin');
|
|
||||||
end; $$;
|
|
||||||
|
|
||||||
create or replace function hsOfficePersonTenant(person hs_office_person)
|
|
||||||
returns RbacRoleDescriptor
|
|
||||||
language plpgsql
|
|
||||||
strict as $$
|
|
||||||
begin
|
|
||||||
return roleDescriptor('hs_office_person', person.uuid, 'tenant');
|
|
||||||
end; $$;
|
|
||||||
--//
|
--//
|
||||||
|
|
||||||
|
|
||||||
|
@ -10,30 +10,7 @@ call generateRelatedRbacObject('hs_office_partner');
|
|||||||
-- ============================================================================
|
-- ============================================================================
|
||||||
--changeset hs-office-partner-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--//
|
--changeset hs-office-partner-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
|
call generateRbacRoleDescriptors('hsOfficePartner', 'hs_office_partner');
|
||||||
create or replace function hsOfficePartnerOwner(partner hs_office_partner)
|
|
||||||
returns RbacRoleDescriptor
|
|
||||||
language plpgsql
|
|
||||||
strict as $$
|
|
||||||
begin
|
|
||||||
return roleDescriptor('hs_office_partner', partner.uuid, 'owner');
|
|
||||||
end; $$;
|
|
||||||
|
|
||||||
create or replace function hsOfficePartnerAdmin(partner hs_office_partner)
|
|
||||||
returns RbacRoleDescriptor
|
|
||||||
language plpgsql
|
|
||||||
strict as $$
|
|
||||||
begin
|
|
||||||
return roleDescriptor('hs_office_partner', partner.uuid, 'admin');
|
|
||||||
end; $$;
|
|
||||||
|
|
||||||
create or replace function hsOfficePartnerTenant(partner hs_office_partner)
|
|
||||||
returns RbacRoleDescriptor
|
|
||||||
language plpgsql
|
|
||||||
strict as $$
|
|
||||||
begin
|
|
||||||
return roleDescriptor('hs_office_partner', partner.uuid, 'tenant');
|
|
||||||
end; $$;
|
|
||||||
--//
|
--//
|
||||||
|
|
||||||
|
|
||||||
|
@ -23,6 +23,8 @@ databaseChangeLog:
|
|||||||
file: db/changelog/055-rbac-views.sql
|
file: db/changelog/055-rbac-views.sql
|
||||||
- include:
|
- include:
|
||||||
file: db/changelog/057-rbac-role-builder.sql
|
file: db/changelog/057-rbac-role-builder.sql
|
||||||
|
- include:
|
||||||
|
file: db/changelog/058-rbac-generators.sql
|
||||||
- include:
|
- include:
|
||||||
file: db/changelog/059-rbac-statistics.sql
|
file: db/changelog/059-rbac-statistics.sql
|
||||||
- include:
|
- include:
|
||||||
|
Loading…
Reference in New Issue
Block a user