From d7643f0f25f9cf97b500cac3c94cb96477765bd6 Mon Sep 17 00:00:00 2001
From: Michael Hoennig <michael@hoennig.de>
Date: Sat, 14 Sep 2024 10:58:57 +0200
Subject: [PATCH] fix rbac.currentSubjects() -> base.currentSubjects()

---
 .../hsadminng/rbac/rbacdef/InsertTriggerGenerator.java    | 2 +-
 .../db/changelog/1-rbac/1051-rbac-subject-grant.sql       | 8 ++++----
 .../2-test/201-test-customer/2013-test-customer-rbac.sql  | 2 +-
 .../2-test/202-test-package/2023-test-package-rbac.sql    | 2 +-
 .../2-test/203-test-domain/2033-test-domain-rbac.sql      | 2 +-
 .../503-relation/5033-hs-office-relation-rbac.sql         | 2 +-
 .../504-partner/5043-hs-office-partner-rbac.sql           | 2 +-
 .../504-partner/5044-hs-office-partner-details-rbac.sql   | 2 +-
 .../506-debitor/5063-hs-office-debitor-rbac.sql           | 2 +-
 .../507-sepamandate/5073-hs-office-sepamandate-rbac.sql   | 2 +-
 .../510-membership/5103-hs-office-membership-rbac.sql     | 2 +-
 .../511-coopshares/5113-hs-office-coopshares-rbac.sql     | 2 +-
 .../512-coopassets/5123-hs-office-coopassets-rbac.sql     | 2 +-
 .../620-booking-project/6203-hs-booking-project-rbac.sql  | 2 +-
 .../630-booking-item/6203-hs-booking-item-rbac.sql        | 2 +-
 .../630-booking-item/6303-hs-booking-item-rbac.sql        | 2 +-
 16 files changed, 19 insertions(+), 19 deletions(-)

diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/InsertTriggerGenerator.java b/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/InsertTriggerGenerator.java
index 06855099..454a4394 100644
--- a/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/InsertTriggerGenerator.java
+++ b/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/InsertTriggerGenerator.java
@@ -255,7 +255,7 @@ public class InsertTriggerGenerator {
         plPgSql.writeLn();
         plPgSql.writeLn("""
                 raise exception '[403] insert into ${rawSubTable} values(%) not allowed for current subjects % (%)',
-                        NEW, rbac.currentSubjects(), currentSubjectOrAssumedRolesUuids();
+                        NEW, base.currentSubjects(), currentSubjectOrAssumedRolesUuids();
             end; $$;
             
             create trigger ${rawSubTable}_insert_permission_check_tg
diff --git a/src/main/resources/db/changelog/1-rbac/1051-rbac-subject-grant.sql b/src/main/resources/db/changelog/1-rbac/1051-rbac-subject-grant.sql
index cb348008..fb3a50f5 100644
--- a/src/main/resources/db/changelog/1-rbac/1051-rbac-subject-grant.sql
+++ b/src/main/resources/db/changelog/1-rbac/1051-rbac-subject-grant.sql
@@ -51,7 +51,7 @@ begin
     if NOT rbac.isGranted(rbac.currentSubjectOrAssumedRolesUuids(), grantedByRoleUuid) then
         select roleIdName from rbac.role_ev where uuid=grantedByRoleUuid into grantedByRoleIdName;
         raise exception '[403] Access to granted-by-role % (%) forbidden for % (%)',
-                grantedByRoleIdName, grantedByRoleUuid, rbac.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
+                grantedByRoleIdName, grantedByRoleUuid, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
     end if;
     if NOT rbac.isGranted(grantedByRoleUuid, grantedRoleUuid) then
         select roleIdName from rbac.role_ev where uuid=grantedByRoleUuid into grantedByRoleIdName;
@@ -82,16 +82,16 @@ begin
     perform rbac.assertReferenceType('subjectUuid (ascendant)', subjectUuid, 'rbac.subject');
 
     if NOT rbac.isGranted(rbac.currentSubjectOrAssumedRolesUuids(), grantedByRoleUuid) then
-        raise exception '[403] Revoking role created by % is forbidden for %.', grantedByRoleUuid, rbac.currentSubjects();
+        raise exception '[403] Revoking role created by % is forbidden for %.', grantedByRoleUuid, base.currentSubjects();
     end if;
 
     if NOT rbac.isGranted(grantedByRoleUuid, grantedRoleUuid) then
-        raise exception '[403] Revoking role % is forbidden for %.', grantedRoleUuid, rbac.currentSubjects();
+        raise exception '[403] Revoking role % is forbidden for %.', grantedRoleUuid, base.currentSubjects();
     end if;
 
     --raise exception 'rbac.isGranted(%, %)', rbac.currentSubjectOrAssumedRolesUuids(), grantedByRoleUuid;
     if NOT rbac.isGranted(rbac.currentSubjectOrAssumedRolesUuids(), grantedByRoleUuid) then
-        raise exception '[403] Revoking role granted by % is forbidden for %.', grantedByRoleUuid, rbac.currentSubjects();
+        raise exception '[403] Revoking role granted by % is forbidden for %.', grantedByRoleUuid, base.currentSubjects();
     end if;
 
     if NOT rbac.isGranted(subjectUuid, grantedRoleUuid) then
diff --git a/src/main/resources/db/changelog/2-test/201-test-customer/2013-test-customer-rbac.sql b/src/main/resources/db/changelog/2-test/201-test-customer/2013-test-customer-rbac.sql
index ef52b1ee..acd8994c 100644
--- a/src/main/resources/db/changelog/2-test/201-test-customer/2013-test-customer-rbac.sql
+++ b/src/main/resources/db/changelog/2-test/201-test-customer/2013-test-customer-rbac.sql
@@ -143,7 +143,7 @@ begin
     end if;
 
     raise exception '[403] insert into test_customer values(%) not allowed for current subjects % (%)',
-            NEW, rbac.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
+            NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
 end; $$;
 
 create trigger test_customer_insert_permission_check_tg
diff --git a/src/main/resources/db/changelog/2-test/202-test-package/2023-test-package-rbac.sql b/src/main/resources/db/changelog/2-test/202-test-package/2023-test-package-rbac.sql
index 3dcfec24..20f98256 100644
--- a/src/main/resources/db/changelog/2-test/202-test-package/2023-test-package-rbac.sql
+++ b/src/main/resources/db/changelog/2-test/202-test-package/2023-test-package-rbac.sql
@@ -208,7 +208,7 @@ begin
     end if;
 
     raise exception '[403] insert into test_package values(%) not allowed for current subjects % (%)',
-            NEW, rbac.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
+            NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
 end; $$;
 
 create trigger test_package_insert_permission_check_tg
diff --git a/src/main/resources/db/changelog/2-test/203-test-domain/2033-test-domain-rbac.sql b/src/main/resources/db/changelog/2-test/203-test-domain/2033-test-domain-rbac.sql
index 38129b2b..561ea5a7 100644
--- a/src/main/resources/db/changelog/2-test/203-test-domain/2033-test-domain-rbac.sql
+++ b/src/main/resources/db/changelog/2-test/203-test-domain/2033-test-domain-rbac.sql
@@ -207,7 +207,7 @@ begin
     end if;
 
     raise exception '[403] insert into test_domain values(%) not allowed for current subjects % (%)',
-            NEW, rbac.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
+            NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
 end; $$;
 
 create trigger test_domain_insert_permission_check_tg
diff --git a/src/main/resources/db/changelog/5-hs-office/503-relation/5033-hs-office-relation-rbac.sql b/src/main/resources/db/changelog/5-hs-office/503-relation/5033-hs-office-relation-rbac.sql
index 15488f65..a2c75f1a 100644
--- a/src/main/resources/db/changelog/5-hs-office/503-relation/5033-hs-office-relation-rbac.sql
+++ b/src/main/resources/db/changelog/5-hs-office/503-relation/5033-hs-office-relation-rbac.sql
@@ -217,7 +217,7 @@ begin
     end if;
 
     raise exception '[403] insert into hs_office_relation not allowed for current subjects % (%)',
-            rbac.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
+            base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
 end; $$;
 
 create trigger hs_office_relation_insert_permission_check_tg
diff --git a/src/main/resources/db/changelog/5-hs-office/504-partner/5043-hs-office-partner-rbac.sql b/src/main/resources/db/changelog/5-hs-office/504-partner/5043-hs-office-partner-rbac.sql
index e1fb56f8..1cd6335a 100644
--- a/src/main/resources/db/changelog/5-hs-office/504-partner/5043-hs-office-partner-rbac.sql
+++ b/src/main/resources/db/changelog/5-hs-office/504-partner/5043-hs-office-partner-rbac.sql
@@ -220,7 +220,7 @@ begin
     end if;
 
     raise exception '[403] insert into hs_office_partner values(%) not allowed for current subjects % (%)',
-            NEW, rbac.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
+            NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
 end; $$;
 
 create trigger hs_office_partner_insert_permission_check_tg
diff --git a/src/main/resources/db/changelog/5-hs-office/504-partner/5044-hs-office-partner-details-rbac.sql b/src/main/resources/db/changelog/5-hs-office/504-partner/5044-hs-office-partner-details-rbac.sql
index 56cdbfa6..26b4e243 100644
--- a/src/main/resources/db/changelog/5-hs-office/504-partner/5044-hs-office-partner-details-rbac.sql
+++ b/src/main/resources/db/changelog/5-hs-office/504-partner/5044-hs-office-partner-details-rbac.sql
@@ -124,7 +124,7 @@ begin
     end if;
 
     raise exception '[403] insert into hs_office_partner_details values(%) not allowed for current subjects % (%)',
-            NEW, rbac.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
+            NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
 end; $$;
 
 create trigger hs_office_partner_details_insert_permission_check_tg
diff --git a/src/main/resources/db/changelog/5-hs-office/506-debitor/5063-hs-office-debitor-rbac.sql b/src/main/resources/db/changelog/5-hs-office/506-debitor/5063-hs-office-debitor-rbac.sql
index 0e7a68f8..4f000bb0 100644
--- a/src/main/resources/db/changelog/5-hs-office/506-debitor/5063-hs-office-debitor-rbac.sql
+++ b/src/main/resources/db/changelog/5-hs-office/506-debitor/5063-hs-office-debitor-rbac.sql
@@ -193,7 +193,7 @@ begin
     end if;
 
     raise exception '[403] insert into hs_office_debitor values(%) not allowed for current subjects % (%)',
-            NEW, rbac.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
+            NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
 end; $$;
 
 create trigger hs_office_debitor_insert_permission_check_tg
diff --git a/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5073-hs-office-sepamandate-rbac.sql b/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5073-hs-office-sepamandate-rbac.sql
index d795efe3..ff1d7343 100644
--- a/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5073-hs-office-sepamandate-rbac.sql
+++ b/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5073-hs-office-sepamandate-rbac.sql
@@ -174,7 +174,7 @@ begin
     end if;
 
     raise exception '[403] insert into hs_office_sepamandate values(%) not allowed for current subjects % (%)',
-            NEW, rbac.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
+            NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
 end; $$;
 
 create trigger hs_office_sepamandate_insert_permission_check_tg
diff --git a/src/main/resources/db/changelog/5-hs-office/510-membership/5103-hs-office-membership-rbac.sql b/src/main/resources/db/changelog/5-hs-office/510-membership/5103-hs-office-membership-rbac.sql
index 986c4bfd..a3ca38ba 100644
--- a/src/main/resources/db/changelog/5-hs-office/510-membership/5103-hs-office-membership-rbac.sql
+++ b/src/main/resources/db/changelog/5-hs-office/510-membership/5103-hs-office-membership-rbac.sql
@@ -155,7 +155,7 @@ begin
     end if;
 
     raise exception '[403] insert into hs_office_membership values(%) not allowed for current subjects % (%)',
-            NEW, rbac.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
+            NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
 end; $$;
 
 create trigger hs_office_membership_insert_permission_check_tg
diff --git a/src/main/resources/db/changelog/5-hs-office/511-coopshares/5113-hs-office-coopshares-rbac.sql b/src/main/resources/db/changelog/5-hs-office/511-coopshares/5113-hs-office-coopshares-rbac.sql
index 95671db2..e0a9bd0c 100644
--- a/src/main/resources/db/changelog/5-hs-office/511-coopshares/5113-hs-office-coopshares-rbac.sql
+++ b/src/main/resources/db/changelog/5-hs-office/511-coopshares/5113-hs-office-coopshares-rbac.sql
@@ -131,7 +131,7 @@ begin
     end if;
 
     raise exception '[403] insert into hs_office_coopsharestransaction values(%) not allowed for current subjects % (%)',
-            NEW, rbac.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
+            NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
 end; $$;
 
 create trigger hs_office_coopsharestransaction_insert_permission_check_tg
diff --git a/src/main/resources/db/changelog/5-hs-office/512-coopassets/5123-hs-office-coopassets-rbac.sql b/src/main/resources/db/changelog/5-hs-office/512-coopassets/5123-hs-office-coopassets-rbac.sql
index 3f16e717..a0351650 100644
--- a/src/main/resources/db/changelog/5-hs-office/512-coopassets/5123-hs-office-coopassets-rbac.sql
+++ b/src/main/resources/db/changelog/5-hs-office/512-coopassets/5123-hs-office-coopassets-rbac.sql
@@ -131,7 +131,7 @@ begin
     end if;
 
     raise exception '[403] insert into hs_office_coopassetstransaction values(%) not allowed for current subjects % (%)',
-            NEW, rbac.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
+            NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
 end; $$;
 
 create trigger hs_office_coopassetstransaction_insert_permission_check_tg
diff --git a/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6203-hs-booking-project-rbac.sql b/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6203-hs-booking-project-rbac.sql
index 99009a3c..f4bd88c1 100644
--- a/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6203-hs-booking-project-rbac.sql
+++ b/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6203-hs-booking-project-rbac.sql
@@ -168,7 +168,7 @@ begin
     end if;
 
     raise exception '[403] insert into hs_booking_project values(%) not allowed for current subjects % (%)',
-            NEW, rbac.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
+            NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
 end; $$;
 
 create trigger hs_booking_project_insert_permission_check_tg
diff --git a/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6203-hs-booking-item-rbac.sql b/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6203-hs-booking-item-rbac.sql
index 573f1a68..a53ebe84 100644
--- a/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6203-hs-booking-item-rbac.sql
+++ b/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6203-hs-booking-item-rbac.sql
@@ -239,7 +239,7 @@ begin
     end if;
 
     raise exception '[403] insert into hs_booking_item values(%) not allowed for current subjects % (%)',
-            NEW, rbac.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
+            NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
 end; $$;
 
 create trigger hs_booking_item_insert_permission_check_tg
diff --git a/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6303-hs-booking-item-rbac.sql b/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6303-hs-booking-item-rbac.sql
index 573f1a68..a53ebe84 100644
--- a/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6303-hs-booking-item-rbac.sql
+++ b/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6303-hs-booking-item-rbac.sql
@@ -239,7 +239,7 @@ begin
     end if;
 
     raise exception '[403] insert into hs_booking_item values(%) not allowed for current subjects % (%)',
-            NEW, rbac.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
+            NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
 end; $$;
 
 create trigger hs_booking_item_insert_permission_check_tg