remove generated timestamp and explicitly grant INSERT for customer

src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RbacViewMermaidFlowchartGenerator.java

@@ -149,14 +149,13 @@ public class RbacViewMermaidFlowchartGenerator {
                 """
                         ### rbac %{entityAlias}
                         
-                        This code generated was by RbacViewMermaidFlowchartGenerator at  %{timestamp}.
+                        This code generated was by RbacViewMermaidFlowchartGenerator, do not amend manually.
                                         
                         ```mermaid
                         %{flowchart}
                         ```
                         """
                         .replace("%{entityAlias}", rbacDef.getRootEntityAlias().aliasName())
-                        .replace("%{timestamp}", LocalDateTime.now().toString())
                         .replace("%{flowchart}", flowchart.toString()),
                 StandardOpenOption.CREATE, StandardOpenOption.TRUNCATE_EXISTING);
         System.out.println("Markdown-File: " + path.toAbsolutePath());

src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RbacViewPostgresGenerator.java

@@ -21,10 +21,9 @@ public class RbacViewPostgresGenerator {
         liqibaseTagPrefix = rbacDef.getRootEntityAlias().getRawTableName().replace("_", "-");
         plPgSql.writeLn("""
                 --liquibase formatted sql
-                -- This code generated was by ${generator} at ${timestamp}.
+                -- This code generated was by ${generator}, do not amend manually.
                 """,
                 with("generator", getClass().getSimpleName()),
-                with("timestamp", LocalDateTime.now().toString()),
                 with("ref", NEW.name()));
 
         new RbacObjectGenerator(rbacDef, liqibaseTagPrefix).generateTo(plPgSql);

src/main/java/net/hostsharing/hsadminng/test/cust/TestCustomerEntity.java

@@ -41,8 +41,7 @@ public class TestCustomerEntity implements HasUuid {
                 .withIdentityView(SQL.projection("prefix"))
                 .withRestrictedViewOrderBy(SQL.expression("reference"))
                 .withUpdatableColumns("reference", "prefix", "adminUserName")
-                // TODO: do we want explicit specification of parent-independent insert permissions?
+                .toRole("global", ADMIN).grantPermission(INSERT)
-                // .toRole("global", ADMIN).grantPermission("customer", INSERT)
 
                 .createRole(OWNER, (with) -> {
                     with.owningUser(CREATOR).unassumed();

src/main/resources/db/changelog/113-test-customer-rbac.md

@@ -1,6 +1,6 @@
 ### rbac customer
 
-This code generated was by RbacViewMermaidFlowchartGenerator at  2024-03-22T14:44:19.425403022.
+This code generated was by RbacViewMermaidFlowchartGenerator, do not amend manually.
 
 ```mermaid
 %%{init:{'flowchart':{'htmlLabels':false}}}%%
@@ -21,6 +21,7 @@ subgraph customer["`**customer**`"]
     subgraph customer:permissions[ ]
         style customer:permissions fill:#dd4901,stroke:white
 
+        perm:customer:INSERT{{customer:INSERT}}
         perm:customer:DELETE{{customer:DELETE}}
         perm:customer:UPDATE{{customer:UPDATE}}
         perm:customer:SELECT{{customer:SELECT}}
@@ -36,6 +37,7 @@ role:customer:owner ==> role:customer:admin
 role:customer:admin ==> role:customer:tenant
 
 %% granting permissions to roles
+role:global:admin ==> perm:customer:INSERT
 role:customer:owner ==> perm:customer:DELETE
 role:customer:admin ==> perm:customer:UPDATE
 role:customer:tenant ==> perm:customer:SELECT

src/main/resources/db/changelog/113-test-customer-rbac.sql

@@ -1,5 +1,5 @@
 --liquibase formatted sql
--- This code generated was by RbacViewPostgresGenerator at 2024-03-22T14:44:19.441879428.
+-- This code generated was by RbacViewPostgresGenerator, do not amend manually.
 
 
 -- ============================================================================
@@ -80,6 +80,46 @@ execute procedure insertTriggerForTestCustomer_tf();
 --changeset test-customer-rbac-INSERT:1 endDelimiter:--//
 -- ----------------------------------------------------------------------------
 
+/*
+    Creates INSERT INTO test_customer permissions for the related global rows.
+ */
+do language plpgsql $$
+    declare
+        row global;
+        permissionUuid uuid;
+        roleUuid uuid;
+    begin
+        call defineContext('create INSERT INTO test_customer permissions for the related global rows');
+
+        FOR row IN SELECT * FROM global
+            LOOP
+                roleUuid := findRoleId(globalAdmin());
+                permissionUuid := createPermission(row.uuid, 'INSERT', 'test_customer');
+                call grantPermissionToRole(permissionUuid, roleUuid);
+            END LOOP;
+    END;
+$$;
+
+/**
+    Adds test_customer INSERT permission to specified role of new global rows.
+*/
+create or replace function test_customer_global_insert_tf()
+    returns trigger
+    language plpgsql
+    strict as $$
+begin
+    call grantPermissionToRole(
+            createPermission(NEW.uuid, 'INSERT', 'test_customer'),
+            globalAdmin());
+    return NEW;
+end; $$;
+
+-- z_... is to put it at the end of after insert triggers, to make sure the roles exist
+create trigger z_test_customer_global_insert_tg
+    after insert on global
+    for each row
+execute procedure test_customer_global_insert_tf();
+
 /**
     Checks if the user or assumed roles are allowed to insert a row to test_customer,
     where only global-admin has that permission.

src/main/resources/db/changelog/123-test-package-rbac.md

@@ -1,6 +1,6 @@
 ### rbac package
 
-This code generated was by RbacViewMermaidFlowchartGenerator at  2024-03-22T14:44:19.484173294.
+This code generated was by RbacViewMermaidFlowchartGenerator, do not amend manually.
 
 ```mermaid
 %%{init:{'flowchart':{'htmlLabels':false}}}%%

src/main/resources/db/changelog/123-test-package-rbac.sql

@@ -1,5 +1,5 @@
 --liquibase formatted sql
--- This code generated was by RbacViewPostgresGenerator at 2024-03-22T14:44:19.484728385.
+-- This code generated was by RbacViewPostgresGenerator, do not amend manually.
 
 
 -- ============================================================================

src/main/resources/db/changelog/133-test-domain-rbac.md

@@ -1,6 +1,6 @@
 ### rbac domain
 
-This code generated was by RbacViewMermaidFlowchartGenerator at  2024-03-22T14:44:19.510830235.
+This code generated was by RbacViewMermaidFlowchartGenerator, do not amend manually.
 
 ```mermaid
 %%{init:{'flowchart':{'htmlLabels':false}}}%%

src/main/resources/db/changelog/133-test-domain-rbac.sql

@@ -1,5 +1,5 @@
 --liquibase formatted sql
--- This code generated was by RbacViewPostgresGenerator at 2024-03-22T14:44:19.511320177.
+-- This code generated was by RbacViewPostgresGenerator, do not amend manually.
 
 
 -- ============================================================================

src/test/java/net/hostsharing/hsadminng/test/cust/TestCustomerEntityUnitTest.java

@@ -29,6 +29,7 @@ class TestCustomerEntityUnitTest {
                     subgraph customer:permissions[ ]
                         style customer:permissions fill:#dd4901,stroke:white
                    
+                        perm:customer:INSERT{{customer:INSERT}}
                         perm:customer:DELETE{{customer:DELETE}}
                         perm:customer:UPDATE{{customer:UPDATE}}
                         perm:customer:SELECT{{customer:SELECT}}
@@ -44,6 +45,7 @@ class TestCustomerEntityUnitTest {
                 role:customer:admin ==> role:customer:tenant
                 
                 %% granting permissions to roles
+                role:global:admin ==> perm:customer:INSERT
                 role:customer:owner ==> perm:customer:DELETE
                 role:customer:admin ==> perm:customer:UPDATE
                 role:customer:tenant ==> perm:customer:SELECT