new handcoded baseline for multiple insert permission grants to hs_hosting_asset
This commit is contained in:
parent
21bb9dad19
commit
ed59b877ce
@ -93,7 +93,7 @@ execute procedure insertTriggerForHsHostingAsset_tf();
|
||||
--changeset hs-hosting-asset-rbac-GRANTING-INSERT-PERMISSION:1 endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
-- granting INSERT permission to hs_hosting_asset ----------------------------
|
||||
-- granting INSERT permission to hs_booking_item ----------------------------
|
||||
|
||||
/*
|
||||
Grants INSERT INTO hs_hosting_asset permissions to specified role of pre-existing hs_booking_item rows.
|
||||
@ -141,21 +141,7 @@ execute procedure new_hs_hosting_asset_grants_insert_to_hs_booking_item_tf();
|
||||
/*
|
||||
Grants INSERT INTO hs_hosting_asset permissions to specified role of pre-existing hs_hosting_asset rows.
|
||||
*/
|
||||
do language plpgsql $$
|
||||
declare
|
||||
preExistingRow hs_hosting_asset;
|
||||
begin
|
||||
call defineContext('create INSERT INTO hs_hosting_asset permissions for pre-exising hs_hosting_asset rows');
|
||||
|
||||
FOR preExistingRow IN SELECT * FROM hs_hosting_asset
|
||||
WHERE preExistingRow.type = 'MANAGED_SERVER'
|
||||
LOOP
|
||||
call grantPermissionToRole(
|
||||
createPermission(preExistingRow.uuid, 'INSERT', 'hs_hosting_asset'),
|
||||
hsBookingItemAGENT(preExistingRow));
|
||||
END LOOP;
|
||||
end;
|
||||
$$;
|
||||
-- Skipped, because there cannot yet be any pre-existing hs_hosting_asset rows.
|
||||
|
||||
/**
|
||||
Grants hs_hosting_asset INSERT permission to specified role of new hs_hosting_asset rows.
|
||||
@ -202,11 +188,10 @@ create trigger hs_hosting_asset_insert_permission_check_tg
|
||||
before insert on hs_hosting_asset
|
||||
for each row
|
||||
when ( not (
|
||||
|
||||
hasInsertPermission(NEW.bookingItemUuid, 'hs_hosting_asset') or
|
||||
NEW.type = 'MANAGED_SERVER' and hasInsertPermission(NEW.parentAssetUuid, 'INSERT', 'hs_hosting_asset') ) )
|
||||
NEW.type = 'MANAGED_WEBSPACE' and hasInsertPermission(NEW.parentAssetUuid, 'INSERT', 'hs_hosting_asset') ) )
|
||||
execute procedure hs_hosting_asset_insert_permission_missing_tf();
|
||||
--//
|
||||
|
||||
--//
|
||||
|
||||
-- ============================================================================
|
||||
|
Loading…
Reference in New Issue
Block a user