From ed59b877ce10cf6fc607d8a8a2ae491da88ec75e Mon Sep 17 00:00:00 2001 From: Michael Hoennig Date: Thu, 25 Apr 2024 11:41:58 +0200 Subject: [PATCH] new handcoded baseline for multiple insert permission grants to hs_hosting_asset --- .../7013-hs-hosting-asset-rbac.sql | 25 ++++--------------- 1 file changed, 5 insertions(+), 20 deletions(-) diff --git a/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7013-hs-hosting-asset-rbac.sql b/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7013-hs-hosting-asset-rbac.sql index 5271e7a5..4db57b5d 100644 --- a/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7013-hs-hosting-asset-rbac.sql +++ b/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7013-hs-hosting-asset-rbac.sql @@ -93,7 +93,7 @@ execute procedure insertTriggerForHsHostingAsset_tf(); --changeset hs-hosting-asset-rbac-GRANTING-INSERT-PERMISSION:1 endDelimiter:--// -- ---------------------------------------------------------------------------- --- granting INSERT permission to hs_hosting_asset ---------------------------- +-- granting INSERT permission to hs_booking_item ---------------------------- /* Grants INSERT INTO hs_hosting_asset permissions to specified role of pre-existing hs_booking_item rows. @@ -141,21 +141,7 @@ execute procedure new_hs_hosting_asset_grants_insert_to_hs_booking_item_tf(); /* Grants INSERT INTO hs_hosting_asset permissions to specified role of pre-existing hs_hosting_asset rows. */ -do language plpgsql $$ - declare - preExistingRow hs_hosting_asset; - begin - call defineContext('create INSERT INTO hs_hosting_asset permissions for pre-exising hs_hosting_asset rows'); - - FOR preExistingRow IN SELECT * FROM hs_hosting_asset - WHERE preExistingRow.type = 'MANAGED_SERVER' - LOOP - call grantPermissionToRole( - createPermission(preExistingRow.uuid, 'INSERT', 'hs_hosting_asset'), - hsBookingItemAGENT(preExistingRow)); - END LOOP; - end; -$$; +-- Skipped, because there cannot yet be any pre-existing hs_hosting_asset rows. /** Grants hs_hosting_asset INSERT permission to specified role of new hs_hosting_asset rows. @@ -202,11 +188,10 @@ create trigger hs_hosting_asset_insert_permission_check_tg before insert on hs_hosting_asset for each row when ( not ( - - hasInsertPermission(NEW.bookingItemUuid, 'hs_hosting_asset') or - NEW.type = 'MANAGED_SERVER' and hasInsertPermission(NEW.parentAssetUuid, 'INSERT', 'hs_hosting_asset') ) ) + hasInsertPermission(NEW.bookingItemUuid, 'hs_hosting_asset') or + NEW.type = 'MANAGED_WEBSPACE' and hasInsertPermission(NEW.parentAssetUuid, 'INSERT', 'hs_hosting_asset') ) ) execute procedure hs_hosting_asset_insert_permission_missing_tf(); ---// + --// -- ============================================================================