convert rbac-statistics and rbac-role-builder*.sql files to Liquibase changesets

This commit is contained in:
Michael Hoennig 2022-07-28 17:17:22 +02:00
parent 583c45c85d
commit fb8862c37e
4 changed files with 58 additions and 39 deletions

View File

@ -1,12 +1,3 @@
-- ========================================================
-- RBAC
-- --------------------------------------------------------
SET SESSION SESSION AUTHORIZATION DEFAULT;
-- https://arctype.com/blog/postgres-uuid/#creating-a-uuid-primary-key-using-uuid-osp-postgresql-example
CREATE EXTENSION IF NOT EXISTS "uuid-ossp";
--liquibase formatted sql --liquibase formatted sql
--changeset rbac-base-reference:1 endDelimiter:--// --changeset rbac-base-reference:1 endDelimiter:--//

View File

@ -1,12 +1,14 @@
--liquibase formatted sql
-- ==================================================================
-- PERMISSIONS
--changeset rbac-role-builder-permissions:1 endDelimiter:--//
-- ------------------------------------------------------------------
-- ======================================================== /*
-- Role-Hierarcy helper functions
-- --------------------------------------------------------
-- PERMISSIONS -------------------------------------------- */
-- drop type RbacPermissions;
CREATE TYPE RbacPermissions AS CREATE TYPE RbacPermissions AS
( (
permissionUuids uuid[] permissionUuids uuid[]
@ -19,15 +21,18 @@ BEGIN
RETURN ROW(createPermissions(forObjectUuid, permitOps))::RbacPermissions; RETURN ROW(createPermissions(forObjectUuid, permitOps))::RbacPermissions;
END; $$; END; $$;
-- SUPER ROLES -------------------------------------------- --//
-- drop type RbacSuperRoles; --changeset rbac-role-builder-super-roles:1 endDelimiter:--//
/*
*/
CREATE TYPE RbacSuperRoles AS CREATE TYPE RbacSuperRoles AS
( (
roleUuids uuid[] roleUuids uuid[]
); );
-- drop function beneathRoles(roleDescriptors RbacRoleDescriptor[])
CREATE OR REPLACE FUNCTION beneathRoles(roleDescriptors RbacRoleDescriptor[]) CREATE OR REPLACE FUNCTION beneathRoles(roleDescriptors RbacRoleDescriptor[])
RETURNS RbacSuperRoles RETURNS RbacSuperRoles
LANGUAGE plpgsql STRICT AS $$ LANGUAGE plpgsql STRICT AS $$
@ -42,7 +47,6 @@ BEGIN
RETURN ROW(superRoleUuids)::RbacSuperRoles; RETURN ROW(superRoleUuids)::RbacSuperRoles;
END; $$; END; $$;
-- drop function beneathRole(roleDescriptor RbacRoleDescriptor)
CREATE OR REPLACE FUNCTION beneathRole(roleDescriptor RbacRoleDescriptor) CREATE OR REPLACE FUNCTION beneathRole(roleDescriptor RbacRoleDescriptor)
RETURNS RbacSuperRoles RETURNS RbacSuperRoles
LANGUAGE plpgsql STRICT AS $$ LANGUAGE plpgsql STRICT AS $$
@ -50,7 +54,6 @@ BEGIN
RETURN beneathRoles(ARRAY[roleDescriptor]); RETURN beneathRoles(ARRAY[roleDescriptor]);
END; $$; END; $$;
-- drop function beneathRole(roleUuid uuid);
CREATE OR REPLACE FUNCTION beneathRole(roleUuid uuid) CREATE OR REPLACE FUNCTION beneathRole(roleUuid uuid)
RETURNS RbacSuperRoles RETURNS RbacSuperRoles
LANGUAGE plpgsql STRICT AS $$ LANGUAGE plpgsql STRICT AS $$
@ -58,7 +61,6 @@ BEGIN
RETURN ROW(ARRAY[roleUuid]::uuid[])::RbacSuperRoles; RETURN ROW(ARRAY[roleUuid]::uuid[])::RbacSuperRoles;
END; $$; END; $$;
-- drop function asTopLevelRole(roleName varchar);
CREATE OR REPLACE FUNCTION asTopLevelRole() CREATE OR REPLACE FUNCTION asTopLevelRole()
RETURNS RbacSuperRoles RETURNS RbacSuperRoles
LANGUAGE plpgsql STRICT AS $$ LANGUAGE plpgsql STRICT AS $$
@ -66,8 +68,16 @@ BEGIN
RETURN ROW(ARRAY[]::uuid[])::RbacSuperRoles; RETURN ROW(ARRAY[]::uuid[])::RbacSuperRoles;
END; $$; END; $$;
-- SUB ROLES ---------------------------------------------- --//
-- =================================================================
-- SUB ROLES
--changeset rbac-role-builder-sub-roles:1 endDelimiter:--//
-- -----------------------------------------------------------------
/*
*/
CREATE TYPE RbacSubRoles AS CREATE TYPE RbacSubRoles AS
( (
roleUuids uuid[] roleUuids uuid[]
@ -89,15 +99,20 @@ BEGIN
RETURN beingItselfA(getRoleId(roleDescriptor, 'fail')); RETURN beingItselfA(getRoleId(roleDescriptor, 'fail'));
END; $$; END; $$;
-- USERS -------------------------------------------------- --//
-- drop type RbacUsers; -- =================================================================
-- USERS
--changeset rbac-role-builder-users:1 endDelimiter:--//
-- -----------------------------------------------------------------
/*
*/
CREATE TYPE RbacUsers AS CREATE TYPE RbacUsers AS
( (
userUuids uuid[] userUuids uuid[]
); );
-- drop function withUsers(userNames varchar);
CREATE OR REPLACE FUNCTION withUsers(userNames varchar[]) CREATE OR REPLACE FUNCTION withUsers(userNames varchar[])
RETURNS RbacUsers RETURNS RbacUsers
LANGUAGE plpgsql STRICT AS $$ LANGUAGE plpgsql STRICT AS $$
@ -113,7 +128,6 @@ BEGIN
END; $$; END; $$;
-- DROP FUNCTION withUser(userName varchar, whenNotExists RbacWhenNotExists);
CREATE OR REPLACE FUNCTION withUser(userName varchar, whenNotExists RbacWhenNotExists = 'fail') CREATE OR REPLACE FUNCTION withUser(userName varchar, whenNotExists RbacWhenNotExists = 'fail')
RETURNS RbacUsers RETURNS RbacUsers
RETURNS NULL ON NULL INPUT RETURNS NULL ON NULL INPUT
@ -122,11 +136,15 @@ BEGIN
RETURN ROW(ARRAY[getRbacUserId(userName, whenNotExists )]); RETURN ROW(ARRAY[getRbacUserId(userName, whenNotExists )]);
END; $$; END; $$;
-- ROLE NAME BUILDER -------------------------------------- --//
-- =================================================================
-- CREATE ROLE
--changeset rbac-role-builder-create-role:1 endDelimiter:--//
-- -----------------------------------------------------------------
-- CREATE ROLE MAIN FUNCTION ------------------------------ /*
*/
CREATE OR REPLACE FUNCTION createRole( CREATE OR REPLACE FUNCTION createRole(
roleDescriptor RbacRoleDescriptor, roleDescriptor RbacRoleDescriptor,
permissions RbacPermissions, permissions RbacPermissions,
@ -195,4 +213,4 @@ BEGIN
RETURN createRole(roleDescriptor, permissions, null, subRoles, users); RETURN createRole(roleDescriptor, permissions, null, subRoles, users);
END; $$; END; $$;
--//

View File

@ -1,18 +1,24 @@
--liquibase formatted sql
DROP VIEW IF EXISTS "RbacStatisticsV"; --changeset rbac-statistics:1 endDelimiter:--//
CREATE VIEW "RbacStatisticsV" AS
SELECT no, to_char("count", '9 999 999 999') as "count", "table" /*
FROM ( Creates a view which presents some statistics about the RBAC tables.
*/
create view RbacStatisticsView AS
select no, to_char("count", '9 999 999 999') as "count", "table"
from (
select 1 as no, count(*) as "count", 'login users' as "table" from RbacUser select 1 as no, count(*) as "count", 'login users' as "table" from RbacUser
UNION union
select 2 as no, count(*) as "count", 'roles' as "table" from RbacRole select 2 as no, count(*) as "count", 'roles' as "table" from RbacRole
UNION union
select 3 as no, count(*) as "count", 'permissions' as "table" from RbacPermission select 3 as no, count(*) as "count", 'permissions' as "table" from RbacPermission
UNION union
select 4 as no, count(*) as "count", 'references' as "table" from RbacReference select 4 as no, count(*) as "count", 'references' as "table" from RbacReference
UNION union
select 5 as no, count(*) as "count", 'grants' as "table" from RbacGrants select 5 as no, count(*) as "count", 'grants' as "table" from RbacGrants
UNION union
select 6 as no, count(*) as "count", 'objects' as "table" from RbacObject select 6 as no, count(*) as "count", 'objects' as "table" from RbacObject
) as totals ) as totals
ORDER BY totals.no; order by totals.no;
--//

View File

@ -9,4 +9,8 @@ databaseChangeLog:
file: db/changelog/2022-07-28-004-uuid-ossp-extension.sql file: db/changelog/2022-07-28-004-uuid-ossp-extension.sql
- include: - include:
file: db/changelog/2022-07-28-005-rbac-base.sql file: db/changelog/2022-07-28-005-rbac-base.sql
- include:
file: db/changelog/2022-07-28-020-rbac-role-builder.sql
- include:
file: db/changelog/2022-07-28-030-rbac-statistics.sql