convert rbac-statistics and rbac-role-builder*.sql files to Liquibase changesets
This commit is contained in:
parent
583c45c85d
commit
fb8862c37e
@ -1,12 +1,3 @@
|
|||||||
|
|
||||||
-- ========================================================
|
|
||||||
-- RBAC
|
|
||||||
-- --------------------------------------------------------
|
|
||||||
|
|
||||||
SET SESSION SESSION AUTHORIZATION DEFAULT;
|
|
||||||
|
|
||||||
-- https://arctype.com/blog/postgres-uuid/#creating-a-uuid-primary-key-using-uuid-osp-postgresql-example
|
|
||||||
CREATE EXTENSION IF NOT EXISTS "uuid-ossp";
|
|
||||||
--liquibase formatted sql
|
--liquibase formatted sql
|
||||||
|
|
||||||
--changeset rbac-base-reference:1 endDelimiter:--//
|
--changeset rbac-base-reference:1 endDelimiter:--//
|
||||||
|
@ -1,12 +1,14 @@
|
|||||||
|
--liquibase formatted sql
|
||||||
|
|
||||||
|
-- ==================================================================
|
||||||
|
-- PERMISSIONS
|
||||||
|
--changeset rbac-role-builder-permissions:1 endDelimiter:--//
|
||||||
|
-- ------------------------------------------------------------------
|
||||||
|
|
||||||
-- ========================================================
|
/*
|
||||||
-- Role-Hierarcy helper functions
|
|
||||||
-- --------------------------------------------------------
|
|
||||||
|
|
||||||
-- PERMISSIONS --------------------------------------------
|
*/
|
||||||
|
|
||||||
-- drop type RbacPermissions;
|
|
||||||
CREATE TYPE RbacPermissions AS
|
CREATE TYPE RbacPermissions AS
|
||||||
(
|
(
|
||||||
permissionUuids uuid[]
|
permissionUuids uuid[]
|
||||||
@ -19,15 +21,18 @@ BEGIN
|
|||||||
RETURN ROW(createPermissions(forObjectUuid, permitOps))::RbacPermissions;
|
RETURN ROW(createPermissions(forObjectUuid, permitOps))::RbacPermissions;
|
||||||
END; $$;
|
END; $$;
|
||||||
|
|
||||||
-- SUPER ROLES --------------------------------------------
|
--//
|
||||||
|
|
||||||
-- drop type RbacSuperRoles;
|
--changeset rbac-role-builder-super-roles:1 endDelimiter:--//
|
||||||
|
|
||||||
|
/*
|
||||||
|
|
||||||
|
*/
|
||||||
CREATE TYPE RbacSuperRoles AS
|
CREATE TYPE RbacSuperRoles AS
|
||||||
(
|
(
|
||||||
roleUuids uuid[]
|
roleUuids uuid[]
|
||||||
);
|
);
|
||||||
|
|
||||||
-- drop function beneathRoles(roleDescriptors RbacRoleDescriptor[])
|
|
||||||
CREATE OR REPLACE FUNCTION beneathRoles(roleDescriptors RbacRoleDescriptor[])
|
CREATE OR REPLACE FUNCTION beneathRoles(roleDescriptors RbacRoleDescriptor[])
|
||||||
RETURNS RbacSuperRoles
|
RETURNS RbacSuperRoles
|
||||||
LANGUAGE plpgsql STRICT AS $$
|
LANGUAGE plpgsql STRICT AS $$
|
||||||
@ -42,7 +47,6 @@ BEGIN
|
|||||||
RETURN ROW(superRoleUuids)::RbacSuperRoles;
|
RETURN ROW(superRoleUuids)::RbacSuperRoles;
|
||||||
END; $$;
|
END; $$;
|
||||||
|
|
||||||
-- drop function beneathRole(roleDescriptor RbacRoleDescriptor)
|
|
||||||
CREATE OR REPLACE FUNCTION beneathRole(roleDescriptor RbacRoleDescriptor)
|
CREATE OR REPLACE FUNCTION beneathRole(roleDescriptor RbacRoleDescriptor)
|
||||||
RETURNS RbacSuperRoles
|
RETURNS RbacSuperRoles
|
||||||
LANGUAGE plpgsql STRICT AS $$
|
LANGUAGE plpgsql STRICT AS $$
|
||||||
@ -50,7 +54,6 @@ BEGIN
|
|||||||
RETURN beneathRoles(ARRAY[roleDescriptor]);
|
RETURN beneathRoles(ARRAY[roleDescriptor]);
|
||||||
END; $$;
|
END; $$;
|
||||||
|
|
||||||
-- drop function beneathRole(roleUuid uuid);
|
|
||||||
CREATE OR REPLACE FUNCTION beneathRole(roleUuid uuid)
|
CREATE OR REPLACE FUNCTION beneathRole(roleUuid uuid)
|
||||||
RETURNS RbacSuperRoles
|
RETURNS RbacSuperRoles
|
||||||
LANGUAGE plpgsql STRICT AS $$
|
LANGUAGE plpgsql STRICT AS $$
|
||||||
@ -58,7 +61,6 @@ BEGIN
|
|||||||
RETURN ROW(ARRAY[roleUuid]::uuid[])::RbacSuperRoles;
|
RETURN ROW(ARRAY[roleUuid]::uuid[])::RbacSuperRoles;
|
||||||
END; $$;
|
END; $$;
|
||||||
|
|
||||||
-- drop function asTopLevelRole(roleName varchar);
|
|
||||||
CREATE OR REPLACE FUNCTION asTopLevelRole()
|
CREATE OR REPLACE FUNCTION asTopLevelRole()
|
||||||
RETURNS RbacSuperRoles
|
RETURNS RbacSuperRoles
|
||||||
LANGUAGE plpgsql STRICT AS $$
|
LANGUAGE plpgsql STRICT AS $$
|
||||||
@ -66,8 +68,16 @@ BEGIN
|
|||||||
RETURN ROW(ARRAY[]::uuid[])::RbacSuperRoles;
|
RETURN ROW(ARRAY[]::uuid[])::RbacSuperRoles;
|
||||||
END; $$;
|
END; $$;
|
||||||
|
|
||||||
-- SUB ROLES ----------------------------------------------
|
--//
|
||||||
|
|
||||||
|
-- =================================================================
|
||||||
|
-- SUB ROLES
|
||||||
|
--changeset rbac-role-builder-sub-roles:1 endDelimiter:--//
|
||||||
|
-- -----------------------------------------------------------------
|
||||||
|
|
||||||
|
/*
|
||||||
|
|
||||||
|
*/
|
||||||
CREATE TYPE RbacSubRoles AS
|
CREATE TYPE RbacSubRoles AS
|
||||||
(
|
(
|
||||||
roleUuids uuid[]
|
roleUuids uuid[]
|
||||||
@ -89,15 +99,20 @@ BEGIN
|
|||||||
RETURN beingItselfA(getRoleId(roleDescriptor, 'fail'));
|
RETURN beingItselfA(getRoleId(roleDescriptor, 'fail'));
|
||||||
END; $$;
|
END; $$;
|
||||||
|
|
||||||
-- USERS --------------------------------------------------
|
--//
|
||||||
|
|
||||||
-- drop type RbacUsers;
|
-- =================================================================
|
||||||
|
-- USERS
|
||||||
|
--changeset rbac-role-builder-users:1 endDelimiter:--//
|
||||||
|
-- -----------------------------------------------------------------
|
||||||
|
|
||||||
|
/*
|
||||||
|
*/
|
||||||
CREATE TYPE RbacUsers AS
|
CREATE TYPE RbacUsers AS
|
||||||
(
|
(
|
||||||
userUuids uuid[]
|
userUuids uuid[]
|
||||||
);
|
);
|
||||||
|
|
||||||
-- drop function withUsers(userNames varchar);
|
|
||||||
CREATE OR REPLACE FUNCTION withUsers(userNames varchar[])
|
CREATE OR REPLACE FUNCTION withUsers(userNames varchar[])
|
||||||
RETURNS RbacUsers
|
RETURNS RbacUsers
|
||||||
LANGUAGE plpgsql STRICT AS $$
|
LANGUAGE plpgsql STRICT AS $$
|
||||||
@ -113,7 +128,6 @@ BEGIN
|
|||||||
END; $$;
|
END; $$;
|
||||||
|
|
||||||
|
|
||||||
-- DROP FUNCTION withUser(userName varchar, whenNotExists RbacWhenNotExists);
|
|
||||||
CREATE OR REPLACE FUNCTION withUser(userName varchar, whenNotExists RbacWhenNotExists = 'fail')
|
CREATE OR REPLACE FUNCTION withUser(userName varchar, whenNotExists RbacWhenNotExists = 'fail')
|
||||||
RETURNS RbacUsers
|
RETURNS RbacUsers
|
||||||
RETURNS NULL ON NULL INPUT
|
RETURNS NULL ON NULL INPUT
|
||||||
@ -122,11 +136,15 @@ BEGIN
|
|||||||
RETURN ROW(ARRAY[getRbacUserId(userName, whenNotExists )]);
|
RETURN ROW(ARRAY[getRbacUserId(userName, whenNotExists )]);
|
||||||
END; $$;
|
END; $$;
|
||||||
|
|
||||||
-- ROLE NAME BUILDER --------------------------------------
|
--//
|
||||||
|
|
||||||
|
-- =================================================================
|
||||||
|
-- CREATE ROLE
|
||||||
|
--changeset rbac-role-builder-create-role:1 endDelimiter:--//
|
||||||
|
-- -----------------------------------------------------------------
|
||||||
|
|
||||||
-- CREATE ROLE MAIN FUNCTION ------------------------------
|
/*
|
||||||
|
*/
|
||||||
CREATE OR REPLACE FUNCTION createRole(
|
CREATE OR REPLACE FUNCTION createRole(
|
||||||
roleDescriptor RbacRoleDescriptor,
|
roleDescriptor RbacRoleDescriptor,
|
||||||
permissions RbacPermissions,
|
permissions RbacPermissions,
|
||||||
@ -195,4 +213,4 @@ BEGIN
|
|||||||
RETURN createRole(roleDescriptor, permissions, null, subRoles, users);
|
RETURN createRole(roleDescriptor, permissions, null, subRoles, users);
|
||||||
END; $$;
|
END; $$;
|
||||||
|
|
||||||
|
--//
|
@ -1,18 +1,24 @@
|
|||||||
|
--liquibase formatted sql
|
||||||
|
|
||||||
DROP VIEW IF EXISTS "RbacStatisticsV";
|
--changeset rbac-statistics:1 endDelimiter:--//
|
||||||
CREATE VIEW "RbacStatisticsV" AS
|
|
||||||
SELECT no, to_char("count", '9 999 999 999') as "count", "table"
|
/*
|
||||||
FROM (
|
Creates a view which presents some statistics about the RBAC tables.
|
||||||
|
*/
|
||||||
|
create view RbacStatisticsView AS
|
||||||
|
select no, to_char("count", '9 999 999 999') as "count", "table"
|
||||||
|
from (
|
||||||
select 1 as no, count(*) as "count", 'login users' as "table" from RbacUser
|
select 1 as no, count(*) as "count", 'login users' as "table" from RbacUser
|
||||||
UNION
|
union
|
||||||
select 2 as no, count(*) as "count", 'roles' as "table" from RbacRole
|
select 2 as no, count(*) as "count", 'roles' as "table" from RbacRole
|
||||||
UNION
|
union
|
||||||
select 3 as no, count(*) as "count", 'permissions' as "table" from RbacPermission
|
select 3 as no, count(*) as "count", 'permissions' as "table" from RbacPermission
|
||||||
UNION
|
union
|
||||||
select 4 as no, count(*) as "count", 'references' as "table" from RbacReference
|
select 4 as no, count(*) as "count", 'references' as "table" from RbacReference
|
||||||
UNION
|
union
|
||||||
select 5 as no, count(*) as "count", 'grants' as "table" from RbacGrants
|
select 5 as no, count(*) as "count", 'grants' as "table" from RbacGrants
|
||||||
UNION
|
union
|
||||||
select 6 as no, count(*) as "count", 'objects' as "table" from RbacObject
|
select 6 as no, count(*) as "count", 'objects' as "table" from RbacObject
|
||||||
) as totals
|
) as totals
|
||||||
ORDER BY totals.no;
|
order by totals.no;
|
||||||
|
--//
|
@ -9,4 +9,8 @@ databaseChangeLog:
|
|||||||
file: db/changelog/2022-07-28-004-uuid-ossp-extension.sql
|
file: db/changelog/2022-07-28-004-uuid-ossp-extension.sql
|
||||||
- include:
|
- include:
|
||||||
file: db/changelog/2022-07-28-005-rbac-base.sql
|
file: db/changelog/2022-07-28-005-rbac-base.sql
|
||||||
|
- include:
|
||||||
|
file: db/changelog/2022-07-28-020-rbac-role-builder.sql
|
||||||
|
- include:
|
||||||
|
file: db/changelog/2022-07-28-030-rbac-statistics.sql
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user