add schema handling to rbac.generateRelatedRbacObject(varchar)
This commit is contained in:
parent
0446274f11
commit
dccd9bb6af
@ -8,26 +8,40 @@
|
|||||||
create or replace procedure rbac.generateRelatedRbacObject(targetTable varchar)
|
create or replace procedure rbac.generateRelatedRbacObject(targetTable varchar)
|
||||||
language plpgsql as $$
|
language plpgsql as $$
|
||||||
declare
|
declare
|
||||||
|
targetTableName text;
|
||||||
|
targetSchemaPrefix text;
|
||||||
createInsertTriggerSQL text;
|
createInsertTriggerSQL text;
|
||||||
createDeleteTriggerSQL text;
|
createDeleteTriggerSQL text;
|
||||||
begin
|
begin
|
||||||
|
if POSITION('.' IN targetTable) > 0 then
|
||||||
|
targetSchemaPrefix := SPLIT_PART(targetTable, '.', 1) || '.';
|
||||||
|
targetTableName := SPLIT_PART(targetTable, '.', 2);
|
||||||
|
else
|
||||||
|
targetSchemaPrefix := '';
|
||||||
|
targetTableName := targetTable;
|
||||||
|
end if;
|
||||||
|
|
||||||
|
if targetSchemaPrefix = '' and targetTableName = 'customer' then
|
||||||
|
raise exception 'missing targetShemaPrefix: %', targetTable;
|
||||||
|
end if;
|
||||||
|
|
||||||
createInsertTriggerSQL = format($sql$
|
createInsertTriggerSQL = format($sql$
|
||||||
create trigger createRbacObjectFor_%s_Trigger
|
create trigger createRbacObjectFor_%s_insert_tg_1058_25
|
||||||
before insert on %s
|
before insert on %s%s
|
||||||
for each row
|
for each row
|
||||||
execute procedure rbac.insert_related_object();
|
execute procedure rbac.insert_related_object();
|
||||||
$sql$, targetTable, targetTable);
|
$sql$, targetTableName, targetSchemaPrefix, targetTableName);
|
||||||
execute createInsertTriggerSQL;
|
execute createInsertTriggerSQL;
|
||||||
|
|
||||||
createDeleteTriggerSQL = format($sql$
|
createDeleteTriggerSQL = format($sql$
|
||||||
create trigger delete_related_rbac_rules_for_%s_tg
|
create trigger createRbacObjectFor_%s_delete_tg_1058_35
|
||||||
after delete
|
after delete on %s%s
|
||||||
on %s
|
|
||||||
for each row
|
for each row
|
||||||
execute procedure rbac.delete_related_rbac_rules_tf();
|
execute procedure rbac.delete_related_rbac_rules_tf();
|
||||||
$sql$, targetTable, targetTable);
|
$sql$, targetTableName, targetSchemaPrefix, targetTableName);
|
||||||
execute createDeleteTriggerSQL;
|
execute createDeleteTriggerSQL;
|
||||||
end; $$;
|
end;
|
||||||
|
$$;
|
||||||
--//
|
--//
|
||||||
|
|
||||||
|
|
||||||
@ -176,7 +190,7 @@ begin
|
|||||||
*/
|
*/
|
||||||
sql := format($sql$
|
sql := format($sql$
|
||||||
create or replace view %1$s_rv as
|
create or replace view %1$s_rv as
|
||||||
with accessible_%1$s_uuids as (
|
with accessible_uuids as (
|
||||||
with recursive
|
with recursive
|
||||||
recursive_grants as
|
recursive_grants as
|
||||||
(select distinct rbac.grants.descendantuuid,
|
(select distinct rbac.grants.descendantuuid,
|
||||||
@ -209,7 +223,7 @@ begin
|
|||||||
)
|
)
|
||||||
select target.*
|
select target.*
|
||||||
from %1$s as target
|
from %1$s as target
|
||||||
where target.uuid in (select * from accessible_%1$s_uuids)
|
where target.uuid in (select * from accessible_uuids)
|
||||||
order by %2$s;
|
order by %2$s;
|
||||||
|
|
||||||
grant all privileges on %1$s_rv to ${HSADMINNG_POSTGRES_RESTRICTED_USERNAME};
|
grant all privileges on %1$s_rv to ${HSADMINNG_POSTGRES_RESTRICTED_USERNAME};
|
||||||
@ -219,9 +233,9 @@ begin
|
|||||||
/**
|
/**
|
||||||
Instead of insert trigger function for the restricted view.
|
Instead of insert trigger function for the restricted view.
|
||||||
*/
|
*/
|
||||||
newColumns := 'new.' || replace(columnNames, ',', ', new.');
|
newColumns := 'new.' || replace(columnNames, ', ', ', new.');
|
||||||
sql := format($sql$
|
sql := format($sql$
|
||||||
create or replace function %1$sInsert()
|
create function %1$s_instead_of_insert_tf()
|
||||||
returns trigger
|
returns trigger
|
||||||
language plpgsql as $f$
|
language plpgsql as $f$
|
||||||
declare
|
declare
|
||||||
@ -240,11 +254,11 @@ begin
|
|||||||
Creates an instead of insert trigger for the restricted view.
|
Creates an instead of insert trigger for the restricted view.
|
||||||
*/
|
*/
|
||||||
sql := format($sql$
|
sql := format($sql$
|
||||||
create trigger %1$sInsert_tg
|
create trigger instead_of_insert_tg
|
||||||
instead of insert
|
instead of insert
|
||||||
on %1$s_rv
|
on %1$s_rv
|
||||||
for each row
|
for each row
|
||||||
execute function %1$sInsert();
|
execute function %1$s_instead_of_insert_tf();
|
||||||
$sql$, targetTable);
|
$sql$, targetTable);
|
||||||
execute sql;
|
execute sql;
|
||||||
|
|
||||||
@ -252,7 +266,7 @@ begin
|
|||||||
Instead of delete trigger function for the restricted view.
|
Instead of delete trigger function for the restricted view.
|
||||||
*/
|
*/
|
||||||
sql := format($sql$
|
sql := format($sql$
|
||||||
create or replace function %1$sDelete()
|
create function %1$s_instead_of_delete_tf()
|
||||||
returns trigger
|
returns trigger
|
||||||
language plpgsql as $f$
|
language plpgsql as $f$
|
||||||
begin
|
begin
|
||||||
@ -269,11 +283,11 @@ begin
|
|||||||
Creates an instead of delete trigger for the restricted view.
|
Creates an instead of delete trigger for the restricted view.
|
||||||
*/
|
*/
|
||||||
sql := format($sql$
|
sql := format($sql$
|
||||||
create trigger %1$sDelete_tg
|
create trigger instead_of_delete_tg
|
||||||
instead of delete
|
instead of delete
|
||||||
on %1$s_rv
|
on %1$s_rv
|
||||||
for each row
|
for each row
|
||||||
execute function %1$sDelete();
|
execute function %1$s_instead_of_delete_tf();
|
||||||
$sql$, targetTable);
|
$sql$, targetTable);
|
||||||
execute sql;
|
execute sql;
|
||||||
|
|
||||||
@ -283,7 +297,7 @@ begin
|
|||||||
*/
|
*/
|
||||||
if columnUpdates is not null then
|
if columnUpdates is not null then
|
||||||
sql := format($sql$
|
sql := format($sql$
|
||||||
create or replace function %1$sUpdate()
|
create function %1$s_instead_of_update_tf()
|
||||||
returns trigger
|
returns trigger
|
||||||
language plpgsql as $f$
|
language plpgsql as $f$
|
||||||
begin
|
begin
|
||||||
@ -302,11 +316,11 @@ begin
|
|||||||
Creates an instead of delete trigger for the restricted view.
|
Creates an instead of delete trigger for the restricted view.
|
||||||
*/
|
*/
|
||||||
sql = format($sql$
|
sql = format($sql$
|
||||||
create trigger %1$sUpdate_tg
|
create trigger instead_of_update_tg
|
||||||
instead of update
|
instead of update
|
||||||
on %1$s_rv
|
on %1$s_rv
|
||||||
for each row
|
for each row
|
||||||
execute function %1$sUpdate();
|
execute function %1$s_instead_of_update_tf();
|
||||||
$sql$, targetTable);
|
$sql$, targetTable);
|
||||||
execute sql;
|
execute sql;
|
||||||
end if;
|
end if;
|
||||||
|
Loading…
Reference in New Issue
Block a user