hostsharing/hs.hsadmin.ng
6
0
Fork 0
Code Pull Requests 1 Activity

new handcoded baseline for multiple insert permission grants to hs_hosting_asset

Browse Source
This commit is contained in:
Michael Hoennig 2024-04-25 11:41:58 +02:00
parent 21bb9dad19
commit ed59b877ce
1 changed files with 5 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7013-hs-hosting-asset-rbac.sql
View File

@ -93,7 +93,7 @@ execute procedure insertTriggerForHsHostingAsset_tf();
--changeset hs-hosting-asset-rbac-GRANTING-INSERT-PERMISSION:1 endDelimiter:--//
-- ----------------------------------------------------------------------------
-- granting INSERT permission to hs_hosting_asset ----------------------------
-- granting INSERT permission to hs_booking_item ----------------------------
/*
Grants INSERT INTO hs_hosting_asset permissions to specified role of pre-existing hs_booking_item rows.
@ -141,21 +141,7 @@ execute procedure new_hs_hosting_asset_grants_insert_to_hs_booking_item_tf();
/*
Grants INSERT INTO hs_hosting_asset permissions to specified role of pre-existing hs_hosting_asset rows.
*/
do language plpgsql $$
declare
preExistingRow hs_hosting_asset;
begin
call defineContext('create INSERT INTO hs_hosting_asset permissions for pre-exising hs_hosting_asset rows');
FOR preExistingRow IN SELECT * FROM hs_hosting_asset
WHERE preExistingRow.type = 'MANAGED_SERVER'
LOOP
call grantPermissionToRole(
createPermission(preExistingRow.uuid, 'INSERT', 'hs_hosting_asset'),
hsBookingItemAGENT(preExistingRow));
END LOOP;
end;
$$;
-- Skipped, because there cannot yet be any pre-existing hs_hosting_asset rows.
/**
Grants hs_hosting_asset INSERT permission to specified role of new hs_hosting_asset rows.
@ -202,11 +188,10 @@ create trigger hs_hosting_asset_insert_permission_check_tg
before insert on hs_hosting_asset
for each row
when ( not (
hasInsertPermission(NEW.bookingItemUuid, 'hs_hosting_asset') or
NEW.type = 'MANAGED_SERVER' and hasInsertPermission(NEW.parentAssetUuid, 'INSERT', 'hs_hosting_asset') ) )
hasInsertPermission(NEW.bookingItemUuid, 'hs_hosting_asset') or
NEW.type = 'MANAGED_WEBSPACE' and hasInsertPermission(NEW.parentAssetUuid, 'INSERT', 'hs_hosting_asset') ) )
execute procedure hs_hosting_asset_insert_permission_missing_tf();
--//
--//
-- ============================================================================