introduce separate database-schema for hs-office and amend generators
This commit is contained in:
parent
285e6fbeb5
commit
fc5bd38288
@ -206,14 +206,14 @@ Limit (cost=6549.08..6549.35 rows=54 width=16)
|
||||
|
||||
```SQL
|
||||
SELECT hore1_0.uuid,a1_0.uuid,a1_0.familyname,a1_0.givenname,a1_0.persontype,a1_0.salutation,a1_0.title,a1_0.tradename,a1_0.version,c1_0.uuid,c1_0.caption,c1_0.emailaddresses,c1_0.phonenumbers,c1_0.postaladdress,c1_0.version,h1_0.uuid,h1_0.familyname,h1_0.givenname,h1_0.persontype,h1_0.salutation,h1_0.title,h1_0.tradename,h1_0.version,hore1_0.mark,hore1_0.type,hore1_0.version
|
||||
FROM hs_office_relation_rv hore1_0
|
||||
LEFT JOIN hs_office_person_rv a1_0 ON a1_0.uuid=hore1_0.anchoruuid
|
||||
LEFT JOIN hs_office_contact_rv c1_0 ON c1_0.uuid=hore1_0.contactuuid
|
||||
LEFT JOIN hs_office_person_rv h1_0 ON h1_0.uuid=hore1_0.holderuuid
|
||||
FROM hs_office.relation_rv hore1_0
|
||||
LEFT JOIN hs_office.person_rv a1_0 ON a1_0.uuid=hore1_0.anchoruuid
|
||||
LEFT JOIN hs_office.contact_rv c1_0 ON c1_0.uuid=hore1_0.contactuuid
|
||||
LEFT JOIN hs_office.person_rv h1_0 ON h1_0.uuid=hore1_0.holderuuid
|
||||
WHERE hore1_0.uuid=$1
|
||||
```
|
||||
|
||||
That query on the `hs_office_relation_rv`-table joins the three references anchor-person, holder-person and contact.
|
||||
That query on the `hs_office.relation_rv`-table joins the three references anchor-person, holder-person and contact.
|
||||
|
||||
|
||||
### Total-Query-Time > Total-Import-Runtime
|
||||
@ -270,16 +270,16 @@ At this point, the import took 21mins with these statistics:
|
||||
|
||||
| query | calls | total_m | mean_ms |
|
||||
|-------|-------|---------|---------|
|
||||
| select hore1_0.uuid,a1_0.uuid,a1_0.familyname,a1_0.givenname,a1_0.persontype,a1_0.salutation,a1_0.title,a1_0.tradename,a1_0.version,c1_0.uuid,c1_0.caption,c1_0.emailaddresses,c1_0.phonenumbers,c1_0.postaladdress, c1_0.version,h1_0.uuid,h1_0.familyname,h1_0.givenname,h1_0.persontype,h1_0.salutation,h1_0.title,h1_0.tradename,h1_0.version,hore1_0.mark,hore1_0.type,hore1_0.version from public.hs_office_relation_rv hore1_0 left join public.hs_office_person_rv a1_0 on a1_0.uuid=hore1_0.anchoruuid left join public.hs_office_contact_rv c1_0 on c1_0.uuid=hore1_0.contactuuid left join public.hs_office_person_rv h1_0 on h1_0.uuid=hore1_0.holderuuid where hore1_0.uuid=$1 | 517 | 11 | 1282 |
|
||||
| select hope1_0.uuid,hope1_0.familyname,hope1_0.givenname,hope1_0.persontype,hope1_0.salutation,hope1_0.title,hope1_0.tradename,hope1_0.version from public.hs_office_person_rv hope1_0 where hope1_0.uuid=$1 | 973 | 4 | 254 |
|
||||
| select hoce1_0.uuid,hoce1_0.caption,hoce1_0.emailaddresses,hoce1_0.phonenumbers,hoce1_0.postaladdress,hoce1_0.version from public.hs_office_contact_rv hoce1_0 where hoce1_0.uuid=$1 | 973 | 4 | 253 |
|
||||
| select hore1_0.uuid,a1_0.uuid,a1_0.familyname,a1_0.givenname,a1_0.persontype,a1_0.salutation,a1_0.title,a1_0.tradename,a1_0.version,c1_0.uuid,c1_0.caption,c1_0.emailaddresses,c1_0.phonenumbers,c1_0.postaladdress, c1_0.version,h1_0.uuid,h1_0.familyname,h1_0.givenname,h1_0.persontype,h1_0.salutation,h1_0.title,h1_0.tradename,h1_0.version,hore1_0.mark,hore1_0.type,hore1_0.version from public.hs_office.relation_rv hore1_0 left join public.hs_office.person_rv a1_0 on a1_0.uuid=hore1_0.anchoruuid left join public.hs_office.contact_rv c1_0 on c1_0.uuid=hore1_0.contactuuid left join public.hs_office.person_rv h1_0 on h1_0.uuid=hore1_0.holderuuid where hore1_0.uuid=$1 | 517 | 11 | 1282 |
|
||||
| select hope1_0.uuid,hope1_0.familyname,hope1_0.givenname,hope1_0.persontype,hope1_0.salutation,hope1_0.title,hope1_0.tradename,hope1_0.version from public.hs_office.person_rv hope1_0 where hope1_0.uuid=$1 | 973 | 4 | 254 |
|
||||
| select hoce1_0.uuid,hoce1_0.caption,hoce1_0.emailaddresses,hoce1_0.phonenumbers,hoce1_0.postaladdress,hoce1_0.version from public.hs_office.contact_rv hoce1_0 where hoce1_0.uuid=$1 | 973 | 4 | 253 |
|
||||
| call rbac.grantRoleToRole(roleUuid, superRoleUuid, superRoleDesc.assumed) | 31316 | 0 | 1 |
|
||||
| call buildRbacSystemForHsHostingAsset(NEW) | 2258 | 0 | 7 |
|
||||
| select * from rbac.isGranted(array[granteeId], grantedId) | 44613 | 0 | 0 |
|
||||
| insert into public.hs_hosting_asset_rv (alarmcontactuuid,assignedtoassetuuid,bookingitemuuid,caption,config,identifier,parentassetuuid,type,version,uuid) values ($1,$2,$3,$4,$5,$6,$7,$8,$9,$10) | 2207 | 0 | 7 |
|
||||
| insert into hs_hosting_asset (alarmcontactuuid, version, bookingitemuuid, type, parentassetuuid, assignedtoassetuuid, config, uuid, identifier, caption) values (new.alarmcontactuuid, new. version, new. bookingitemuuid, new. type, new. parentassetuuid, new. assignedtoassetuuid, new. config, new. uuid, new. identifier, new. caption) returning * | 2207 | 0 | 7 |
|
||||
| insert into public.hs_office_relation_rv (anchoruuid,contactuuid,holderuuid,mark,type,version,uuid) values ($1,$2,$3,$4,$5,$6,$7) | 1261 | 0 | 9 |
|
||||
| insert into hs_office_relation (uuid, version, anchoruuid, holderuuid, contactuuid, type, mark) values (new.uuid, new. version, new. anchoruuid, new. holderuuid, new. contactuuid, new. type, new. mark) returning * | 1261 | 0 | 9 |
|
||||
| insert into public.hs_office.relation_rv (anchoruuid,contactuuid,holderuuid,mark,type,version,uuid) values ($1,$2,$3,$4,$5,$6,$7) | 1261 | 0 | 9 |
|
||||
| insert into hs_office.relation (uuid, version, anchoruuid, holderuuid, contactuuid, type, mark) values (new.uuid, new. version, new. anchoruuid, new. holderuuid, new. contactuuid, new. type, new. mark) returning * | 1261 | 0 | 9 |
|
||||
| call buildRbacSystemForHsOfficeRelation(NEW) | 1276 | 0 | 8 |
|
||||
| with recursive grants as ( select descendantUuid, ascendantUuid from RbacGrants where descendantUuid = grantedId union all select ""grant"".descendantUuid, ""grant"".ascendantUuid from RbacGrants ""grant"" inner join grants recur on recur.ascendantUuid = ""grant"".descendantUuid ) select exists ( select $3 from grants where ascendantUuid = any(granteeIds) ) or grantedId = any(granteeIds) | 47540 | 0 | 0 |
|
||||
| insert into RbacGrants (grantedByTriggerOf, ascendantuuid, descendantUuid, assumed) values (currentTriggerObjectUuid(), superRoleId, subRoleId, doAssume) on conflict do nothing" | 40472 | 0 | 0 |
|
||||
@ -294,17 +294,17 @@ We changed these mappings from `EAGER` (default) to `LAZY` to `@ManyToOne(fetch
|
||||
:::small
|
||||
| query | calls | total (min) | mean (ms) |
|
||||
|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------|-------------|----------|
|
||||
| select hope1_0.uuid,hope1_0.familyname,hope1_0.givenname,hope1_0.persontype,hope1_0.salutation,hope1_0.title,hope1_0.tradename,hope1_0.version from public.hs_office_person_rv hope1_0 where hope1_0.uuid=$1 | 1015 | 4 | 238 |
|
||||
| select hore1_0.uuid,hore1_0.anchoruuid,hore1_0.contactuuid,hore1_0.holderuuid,hore1_0.mark,hore1_0.type,hore1_0.version from public.hs_office_relation_rv hore1_0 where hore1_0.uuid=$1 | 517 | 4 | 439 |
|
||||
| select hoce1_0.uuid,hoce1_0.caption,hoce1_0.emailaddresses,hoce1_0.phonenumbers,hoce1_0.postaladdress,hoce1_0.version from public.hs_office_contact_rv hoce1_0 where hoce1_0.uuid=$1 | 497 | 2 | 213 |
|
||||
| select hope1_0.uuid,hope1_0.familyname,hope1_0.givenname,hope1_0.persontype,hope1_0.salutation,hope1_0.title,hope1_0.tradename,hope1_0.version from public.hs_office.person_rv hope1_0 where hope1_0.uuid=$1 | 1015 | 4 | 238 |
|
||||
| select hore1_0.uuid,hore1_0.anchoruuid,hore1_0.contactuuid,hore1_0.holderuuid,hore1_0.mark,hore1_0.type,hore1_0.version from public.hs_office.relation_rv hore1_0 where hore1_0.uuid=$1 | 517 | 4 | 439 |
|
||||
| select hoce1_0.uuid,hoce1_0.caption,hoce1_0.emailaddresses,hoce1_0.phonenumbers,hoce1_0.postaladdress,hoce1_0.version from public.hs_office.contact_rv hoce1_0 where hoce1_0.uuid=$1 | 497 | 2 | 213 |
|
||||
| call rbac.grantRoleToRole(roleUuid, superRoleUuid, superRoleDesc.assumed) | 31316 | 0 | 1 |
|
||||
| select * from rbac.isGranted(array[granteeId], grantedId) | 44613 | 0 | 0 |
|
||||
| call buildRbacSystemForHsHostingAsset(NEW) | 2258 | 0 | 7 |
|
||||
| insert into public.hs_hosting_asset_rv (alarmcontactuuid,assignedtoassetuuid,bookingitemuuid,caption,config,identifier,parentassetuuid,type,version,uuid) values ($1,$2,$3,$4,$5,$6,$7,$8,$9,$10) | 2207 | 0 | 7 |
|
||||
| insert into hs_hosting_asset (alarmcontactuuid, version, bookingitemuuid, type, parentassetuuid, assignedtoassetuuid, config, uuid, identifier, caption) values (new.alarmcontactuuid, new. version, new. bookingitemuuid, new. type, new. parentassetuuid, new. assignedtoassetuuid, new. config, new. uuid, new. identifier, new. caption) returning * | 2207 | 0 | 7 |
|
||||
| with recursive grants as ( select descendantUuid, ascendantUuid from RbacGrants where descendantUuid = grantedId union all select ""grant"".descendantUuid, ""grant"".ascendantUuid from RbacGrants ""grant"" inner join grants recur on recur.ascendantUuid = ""grant"".descendantUuid ) select exists ( select $3 from grants where ascendantUuid = any(granteeIds) ) or grantedId = any(granteeIds) | 47538 | 0 | 0 |
|
||||
insert into public.hs_office_relation_rv (anchoruuid,contactuuid,holderuuid,mark,type,version,uuid) values ($1,$2,$3,$4,$5,$6,$7) | 1261 | 0 | 8 |
|
||||
| insert into hs_office_relation (uuid, version, anchoruuid, holderuuid, contactuuid, type, mark) values (new.uuid, new. version, new. anchoruuid, new. holderuuid, new. contactuuid, new. type, new. mark) returning * | 1261 | 0 | 8 |
|
||||
insert into public.hs_office.relation_rv (anchoruuid,contactuuid,holderuuid,mark,type,version,uuid) values ($1,$2,$3,$4,$5,$6,$7) | 1261 | 0 | 8 |
|
||||
| insert into hs_office.relation (uuid, version, anchoruuid, holderuuid, contactuuid, type, mark) values (new.uuid, new. version, new. anchoruuid, new. holderuuid, new. contactuuid, new. type, new. mark) returning * | 1261 | 0 | 8 |
|
||||
| call buildRbacSystemForHsOfficeRelation(NEW) | 1276 | 0 | 7 |
|
||||
| insert into public.hs_booking_item_rv (caption,parentitemuuid,projectuuid,resources,type,validity,version,uuid) values ($1,$2,$3,$4,$5,$6,$7,$8) | 926 | 0 | 7 |
|
||||
| insert into hs_booking_item (resources, version, projectuuid, type, parentitemuuid, validity, uuid, caption) values (new.resources, new. version, new. projectuuid, new. type, new. parentitemuuid, new. validity, new. uuid, new. caption) returning * | 926 | 0 | 7 |
|
||||
@ -331,13 +331,13 @@ Now, the longest running queries are these:
|
||||
| No.| calls | total_m | mean_ms | query |
|
||||
|---:|---------|--------:|--------:|:-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
|
||||
| 1 | 13.093 | 4 | 21 | insert into hs_hosting_asset( uuid, type, bookingitemuuid, parentassetuuid, assignedtoassetuuid, alarmcontactuuid, identifier, caption, config, version) values ( $1, $2, $3, $4, $5, $6, $7, $8, cast($9 as jsonb), $10) |
|
||||
| 2 | 517 | 4 | 502 | select hore1_0.uuid,hore1_0.anchoruuid,hore1_0.contactuuid,hore1_0.holderuuid,hore1_0.mark,hore1_0.type,hore1_0.version from public.hs_office_relation_rv hore1_0 where hore1_0.uuid=$1 |
|
||||
| 2 | 517 | 4 | 502 | select hore1_0.uuid,hore1_0.anchoruuid,hore1_0.contactuuid,hore1_0.holderuuid,hore1_0.mark,hore1_0.type,hore1_0.version from public.hs_office.relation_rv hore1_0 where hore1_0.uuid=$1 |
|
||||
| 3 | 13.144 | 4 | 21 | call buildRbacSystemForHsHostingAsset(NEW) |
|
||||
| 4 | 96.632 | 3 | 2 | call rbac.grantRoleToRole(roleUuid, superRoleUuid, superRoleDesc.assumed) |
|
||||
| 5 | 120.815 | 3 | 2 | select * from rbac.isGranted(array[granteeId], grantedId) |
|
||||
| 6 | 123.740 | 3 | 2 | with recursive grants as ( select descendantUuid, ascendantUuid from RbacGrants where descendantUuid = grantedId union all select "grant".descendantUuid, "grant".ascendantUuid from RbacGrants "grant" inner join grants recur on recur.ascendantUuid = "grant".descendantUuid ) select exists ( select $3 from grants where ascendantUuid = any(granteeIds) ) or grantedId = any(granteeIds) |
|
||||
| 7 | 497 | 2 | 259 | select hoce1_0.uuid,hoce1_0.caption,hoce1_0.emailaddresses,hoce1_0.phonenumbers,hoce1_0.postaladdress,hoce1_0.version from public.hs_office_contact_rv hoce1_0 where hoce1_0.uuid=$1 |
|
||||
| 8 | 497 | 2 | 255 | select hope1_0.uuid,hope1_0.familyname,hope1_0.givenname,hope1_0.persontype,hope1_0.salutation,hope1_0.title,hope1_0.tradename,hope1_0.version from public.hs_office_person_rv hope1_0 where hope1_0.uuid=$1 |
|
||||
| 7 | 497 | 2 | 259 | select hoce1_0.uuid,hoce1_0.caption,hoce1_0.emailaddresses,hoce1_0.phonenumbers,hoce1_0.postaladdress,hoce1_0.version from public.hs_office.contact_rv hoce1_0 where hoce1_0.uuid=$1 |
|
||||
| 8 | 497 | 2 | 255 | select hope1_0.uuid,hope1_0.familyname,hope1_0.givenname,hope1_0.persontype,hope1_0.salutation,hope1_0.title,hope1_0.tradename,hope1_0.version from public.hs_office.person_rv hope1_0 where hope1_0.uuid=$1 |
|
||||
| 9 | 13.144 | 1 | 8 | SELECT createRoleWithGrants( hsHostingAssetTENANT(NEW), permissions => array[$7], incomingSuperRoles => array[ hsHostingAssetAGENT(NEW), hsOfficeContactADMIN(newAlarmContact)], outgoingSubRoles => array[ hsBookingItemTENANT(newBookingItem), hsHostingAssetTENANT(newParentAsset)] ) |
|
||||
| 10 | 13.144 | 1 | 5 | SELECT createRoleWithGrants( hsHostingAssetADMIN(NEW), permissions => array[$7], incomingSuperRoles => array[ hsBookingItemAGENT(newBookingItem), hsHostingAssetAGENT(newParentAsset), hsHostingAssetOWNER(NEW)] ) |
|
||||
|
||||
@ -345,7 +345,7 @@ That the `INSERT into hs_hosting_asset` (No. 1) takes up the most time, seems to
|
||||
|
||||
It seems that the trigger effects (eg. No. 3 and No. 4) are included in the measure for the causing INSERT, otherwise summing up the totals would exceed the actual total time of the whole import. And it was to be expected that building the RBAC rules for new business objects takes most of the time.
|
||||
|
||||
In production, the `SELECT ... FROM hs_office_relation_rv` (No. 2) with about 0.5 seconds could still be a problem. But once we apply the improvements from the hosting asset area also to the office area, this should not be a problem for the import anymore.
|
||||
In production, the `SELECT ... FROM hs_office.relation_rv` (No. 2) with about 0.5 seconds could still be a problem. But once we apply the improvements from the hosting asset area also to the office area, this should not be a problem for the import anymore.
|
||||
|
||||
|
||||
## Further Options To Explore
|
||||
|
@ -5,6 +5,7 @@ import lombok.NoArgsConstructor;
|
||||
import lombok.Setter;
|
||||
import lombok.experimental.SuperBuilder;
|
||||
import net.hostsharing.hsadminng.hs.booking.project.HsBookingProject;
|
||||
import net.hostsharing.hsadminng.hs.booking.project.HsBookingProjectRbacEntity;
|
||||
import net.hostsharing.hsadminng.rbac.generator.RbacView;
|
||||
import net.hostsharing.hsadminng.rbac.generator.RbacView.SQL;
|
||||
|
||||
@ -49,7 +50,7 @@ public class HsBookingItemRbacEntity extends HsBookingItem {
|
||||
.toRole(GLOBAL, ADMIN).grantPermission(INSERT) // TODO.impl: Why is this necessary to insert test data?
|
||||
.toRole(GLOBAL, ADMIN).grantPermission(DELETE)
|
||||
|
||||
.importEntityAlias("project", HsBookingProject.class, usingDefaultCase(),
|
||||
.importEntityAlias("project", HsBookingProjectRbacEntity.class, usingDefaultCase(),
|
||||
dependsOnColumn("projectUuid"),
|
||||
directlyFetchedByDependsOnColumn(),
|
||||
NULLABLE)
|
||||
|
@ -68,11 +68,11 @@ public abstract class HsBookingProject implements Stringifyable, BaseEntity<HsBo
|
||||
}
|
||||
|
||||
public static RbacView rbac() {
|
||||
return rbacViewFor("project", HsBookingProject.class)
|
||||
return rbacViewFor("project", HsBookingProjectRbacEntity.class)
|
||||
.withIdentityView(SQL.query("""
|
||||
SELECT bookingProject.uuid as uuid, debitorIV.idName || '-' || base.cleanIdentifier(bookingProject.caption) as idName
|
||||
FROM hs_booking_project bookingProject
|
||||
JOIN hs_office_debitor_iv debitorIV ON debitorIV.uuid = bookingProject.debitorUuid
|
||||
JOIN hs_office.debitor_iv debitorIV ON debitorIV.uuid = bookingProject.debitorUuid
|
||||
"""))
|
||||
.withRestrictedViewOrderBy(SQL.expression("caption"))
|
||||
.withUpdatableColumns("version", "caption")
|
||||
@ -86,8 +86,8 @@ public abstract class HsBookingProject implements Stringifyable, BaseEntity<HsBo
|
||||
dependsOnColumn("debitorUuid"),
|
||||
fetchedBySql("""
|
||||
SELECT ${columns}
|
||||
FROM hs_office_relation debitorRel
|
||||
JOIN hs_office_debitor debitor ON debitor.debitorRelUuid = debitorRel.uuid
|
||||
FROM hs_office.relation debitorRel
|
||||
JOIN hs_office.debitor debitor ON debitor.debitorRelUuid = debitorRel.uuid
|
||||
WHERE debitor.uuid = ${REF}.debitorUuid
|
||||
"""),
|
||||
NOT_NULL)
|
||||
|
@ -44,7 +44,7 @@ public class HsBookingProjectRbacEntity extends HsBookingProject {
|
||||
.withIdentityView(SQL.query("""
|
||||
SELECT bookingProject.uuid as uuid, debitorIV.idName || '-' || base.cleanIdentifier(bookingProject.caption) as idName
|
||||
FROM hs_booking_project bookingProject
|
||||
JOIN hs_office_debitor_iv debitorIV ON debitorIV.uuid = bookingProject.debitorUuid
|
||||
JOIN hs_office.debitor_iv debitorIV ON debitorIV.uuid = bookingProject.debitorUuid
|
||||
"""))
|
||||
.withRestrictedViewOrderBy(SQL.expression("caption"))
|
||||
.withUpdatableColumns("version", "caption")
|
||||
@ -58,8 +58,8 @@ public class HsBookingProjectRbacEntity extends HsBookingProject {
|
||||
dependsOnColumn("debitorUuid"),
|
||||
fetchedBySql("""
|
||||
SELECT ${columns}
|
||||
FROM hs_office_relation debitorRel
|
||||
JOIN hs_office_debitor debitor ON debitor.debitorRelUuid = debitorRel.uuid
|
||||
FROM hs_office.relation debitorRel
|
||||
JOIN hs_office.debitor debitor ON debitor.debitorRelUuid = debitorRel.uuid
|
||||
WHERE debitor.uuid = ${REF}.debitorUuid
|
||||
"""),
|
||||
NOT_NULL)
|
||||
|
@ -5,6 +5,7 @@ import lombok.NoArgsConstructor;
|
||||
import lombok.Setter;
|
||||
import lombok.experimental.SuperBuilder;
|
||||
import net.hostsharing.hsadminng.hs.booking.item.HsBookingItem;
|
||||
import net.hostsharing.hsadminng.hs.booking.item.HsBookingItemRbacEntity;
|
||||
import net.hostsharing.hsadminng.hs.office.contact.HsOfficeContactRbacEntity;
|
||||
import net.hostsharing.hsadminng.rbac.generator.RbacView;
|
||||
import net.hostsharing.hsadminng.rbac.generator.RbacView.SQL;
|
||||
@ -47,7 +48,7 @@ public class HsHostingAssetRbacEntity extends HsHostingAsset {
|
||||
.withUpdatableColumns("version", "caption", "config", "assignedToAssetUuid", "alarmContactUuid")
|
||||
.toRole(GLOBAL, ADMIN).grantPermission(INSERT) // TODO.impl: Why is this necessary to insert test data?
|
||||
|
||||
.importEntityAlias("bookingItem", HsBookingItem.class, usingDefaultCase(),
|
||||
.importEntityAlias("bookingItem", HsBookingItemRbacEntity.class, usingDefaultCase(),
|
||||
dependsOnColumn("bookingItemUuid"),
|
||||
directlyFetchedByDependsOnColumn(),
|
||||
NULLABLE)
|
||||
|
@ -19,7 +19,7 @@ import static net.hostsharing.hsadminng.rbac.generator.RbacView.Role.*;
|
||||
import static net.hostsharing.hsadminng.stringify.Stringify.stringify;
|
||||
|
||||
@Entity
|
||||
@Table(name = "hs_office_bankaccount_rv")
|
||||
@Table(schema = "hs_office", name = "bankaccount_rv")
|
||||
@Getter
|
||||
@Setter
|
||||
@Builder
|
||||
|
@ -16,7 +16,7 @@ import static net.hostsharing.hsadminng.rbac.generator.RbacView.Role.*;
|
||||
import static net.hostsharing.hsadminng.rbac.generator.RbacView.rbacViewFor;
|
||||
|
||||
@Entity
|
||||
@Table(name = "hs_office_contact_rv")
|
||||
@Table(schema = "hs_office", name = "contact_rv")
|
||||
@Getter
|
||||
@Setter
|
||||
@NoArgsConstructor
|
||||
|
@ -10,7 +10,7 @@ import jakarta.persistence.Entity;
|
||||
import jakarta.persistence.Table;
|
||||
|
||||
@Entity
|
||||
@Table(name = "hs_office_contact")
|
||||
@Table(schema = "hs_office", name = "contact")
|
||||
@Getter
|
||||
@Setter
|
||||
@NoArgsConstructor
|
||||
|
@ -34,7 +34,7 @@ import static net.hostsharing.hsadminng.rbac.generator.RbacView.rbacViewFor;
|
||||
import static net.hostsharing.hsadminng.stringify.Stringify.stringify;
|
||||
|
||||
@Entity
|
||||
@Table(name = "hs_office_coopassetstransaction_rv")
|
||||
@Table(schema = "hs_office", name = "coopassetstransaction_rv")
|
||||
@Getter
|
||||
@Setter
|
||||
@Builder
|
||||
|
@ -32,7 +32,7 @@ import static net.hostsharing.hsadminng.rbac.generator.RbacView.rbacViewFor;
|
||||
import static net.hostsharing.hsadminng.stringify.Stringify.stringify;
|
||||
|
||||
@Entity
|
||||
@Table(name = "hs_office_coopsharestransaction_rv")
|
||||
@Table(schema = "hs_office", name = "coopsharestransaction_rv")
|
||||
@Getter
|
||||
@Setter
|
||||
@Builder
|
||||
|
@ -54,7 +54,7 @@ import static net.hostsharing.hsadminng.rbac.generator.RbacView.rbacViewFor;
|
||||
import static net.hostsharing.hsadminng.stringify.Stringify.stringify;
|
||||
|
||||
@Entity
|
||||
@Table(name = "hs_office_debitor_rv")
|
||||
@Table(schema = "hs_office", name = "debitor_rv")
|
||||
@Getter
|
||||
@Setter
|
||||
@Builder(toBuilder = true)
|
||||
@ -87,10 +87,10 @@ public class HsOfficeDebitorEntity implements BaseEntity<HsOfficeDebitorEntity>,
|
||||
value = """
|
||||
(
|
||||
SELECT DISTINCT partner.uuid
|
||||
FROM hs_office_partner_rv partner
|
||||
JOIN hs_office_relation_rv dRel
|
||||
FROM hs_office.partner_rv partner
|
||||
JOIN hs_office.relation_rv dRel
|
||||
ON dRel.uuid = debitorreluuid AND dRel.type = 'DEBITOR'
|
||||
JOIN hs_office_relation_rv pRel
|
||||
JOIN hs_office.relation_rv pRel
|
||||
ON pRel.uuid = partner.partnerRelUuid AND pRel.type = 'PARTNER'
|
||||
WHERE pRel.holderUuid = dRel.anchorUuid
|
||||
)
|
||||
@ -170,14 +170,14 @@ public class HsOfficeDebitorEntity implements BaseEntity<HsOfficeDebitorEntity>,
|
||||
.withIdentityView(SQL.query("""
|
||||
SELECT debitor.uuid AS uuid,
|
||||
'D-' || (SELECT partner.partnerNumber
|
||||
FROM hs_office_partner partner
|
||||
JOIN hs_office_relation partnerRel
|
||||
FROM hs_office.partner partner
|
||||
JOIN hs_office.relation partnerRel
|
||||
ON partnerRel.uuid = partner.partnerRelUUid AND partnerRel.type = 'PARTNER'
|
||||
JOIN hs_office_relation debitorRel
|
||||
JOIN hs_office.relation debitorRel
|
||||
ON debitorRel.anchorUuid = partnerRel.holderUuid AND debitorRel.type = 'DEBITOR'
|
||||
WHERE debitorRel.uuid = debitor.debitorRelUuid)
|
||||
|| debitorNumberSuffix as idName
|
||||
FROM hs_office_debitor AS debitor
|
||||
FROM hs_office.debitor AS debitor
|
||||
"""))
|
||||
.withRestrictedViewOrderBy(SQL.projection("defaultPrefix"))
|
||||
.withUpdatableColumns(
|
||||
@ -209,8 +209,8 @@ public class HsOfficeDebitorEntity implements BaseEntity<HsOfficeDebitorEntity>,
|
||||
dependsOnColumn("debitorRelUuid"),
|
||||
fetchedBySql("""
|
||||
SELECT ${columns}
|
||||
FROM hs_office_relation AS partnerRel
|
||||
JOIN hs_office_relation AS debitorRel
|
||||
FROM hs_office.relation AS partnerRel
|
||||
JOIN hs_office.relation AS debitorRel
|
||||
ON debitorRel.type = 'DEBITOR' AND debitorRel.anchorUuid = partnerRel.holderUuid
|
||||
WHERE partnerRel.type = 'PARTNER'
|
||||
AND ${REF}.debitorRelUuid = debitorRel.uuid
|
||||
|
@ -56,7 +56,7 @@ import static net.hostsharing.hsadminng.rbac.generator.RbacView.rbacViewFor;
|
||||
import static net.hostsharing.hsadminng.stringify.Stringify.stringify;
|
||||
|
||||
@Entity
|
||||
@Table(name = "hs_office_membership_rv")
|
||||
@Table(schema = "hs_office", name = "membership_rv")
|
||||
@Getter
|
||||
@Setter
|
||||
@Builder
|
||||
@ -160,8 +160,8 @@ public class HsOfficeMembershipEntity implements BaseEntity<HsOfficeMembershipEn
|
||||
.withIdentityView(SQL.query("""
|
||||
SELECT m.uuid AS uuid,
|
||||
'M-' || p.partnerNumber || m.memberNumberSuffix as idName
|
||||
FROM hs_office_membership AS m
|
||||
JOIN hs_office_partner AS p ON p.uuid = m.partnerUuid
|
||||
FROM hs_office.membership AS m
|
||||
JOIN hs_office.partner AS p ON p.uuid = m.partnerUuid
|
||||
"""))
|
||||
.withRestrictedViewOrderBy(SQL.projection("validity"))
|
||||
.withUpdatableColumns("validity", "membershipFeeBillable", "status")
|
||||
@ -170,8 +170,8 @@ public class HsOfficeMembershipEntity implements BaseEntity<HsOfficeMembershipEn
|
||||
dependsOnColumn("partnerUuid"),
|
||||
fetchedBySql("""
|
||||
SELECT ${columns}
|
||||
FROM hs_office_partner AS partner
|
||||
JOIN hs_office_relation AS partnerRel ON partnerRel.uuid = partner.partnerRelUuid
|
||||
FROM hs_office.partner AS partner
|
||||
JOIN hs_office.relation AS partnerRel ON partnerRel.uuid = partner.partnerRelUuid
|
||||
WHERE partner.uuid = ${REF}.partnerUuid
|
||||
"""),
|
||||
NOT_NULL)
|
||||
|
@ -20,7 +20,7 @@ import static net.hostsharing.hsadminng.rbac.generator.RbacView.rbacViewFor;
|
||||
import static net.hostsharing.hsadminng.stringify.Stringify.stringify;
|
||||
|
||||
@Entity
|
||||
@Table(name = "hs_office_partner_details_rv")
|
||||
@Table(schema = "hs_office", name = "partner_details_rv")
|
||||
@Getter
|
||||
@Setter
|
||||
@Builder
|
||||
@ -71,9 +71,9 @@ public class HsOfficePartnerDetailsEntity implements BaseEntity<HsOfficePartnerD
|
||||
return rbacViewFor("partnerDetails", HsOfficePartnerDetailsEntity.class)
|
||||
.withIdentityView(SQL.query("""
|
||||
SELECT partnerDetails.uuid as uuid, partner_iv.idName as idName
|
||||
FROM hs_office_partner_details AS partnerDetails
|
||||
JOIN hs_office_partner partner ON partner.detailsUuid = partnerDetails.uuid
|
||||
JOIN hs_office_partner_iv partner_iv ON partner_iv.uuid = partner.uuid
|
||||
FROM hs_office.partner_details AS partnerDetails
|
||||
JOIN hs_office.partner partner ON partner.detailsUuid = partnerDetails.uuid
|
||||
JOIN hs_office.partner_iv partner_iv ON partner_iv.uuid = partner.uuid
|
||||
"""))
|
||||
.withRestrictedViewOrderBy(SQL.expression("uuid"))
|
||||
.withUpdatableColumns(
|
||||
|
@ -36,7 +36,7 @@ import static java.util.Optional.ofNullable;
|
||||
import static net.hostsharing.hsadminng.stringify.Stringify.stringify;
|
||||
|
||||
@Entity
|
||||
@Table(name = "hs_office_partner_rv")
|
||||
@Table(schema = "hs_office", name = "partner_rv")
|
||||
@Getter
|
||||
@Setter
|
||||
@Builder
|
||||
|
@ -22,7 +22,7 @@ import static net.hostsharing.hsadminng.rbac.generator.RbacView.rbacViewFor;
|
||||
import static net.hostsharing.hsadminng.stringify.Stringify.stringify;
|
||||
|
||||
@Entity
|
||||
@Table(name = "hs_office_person_rv")
|
||||
@Table(schema = "hs_office", name = "person_rv")
|
||||
@Getter
|
||||
@Setter
|
||||
@Builder
|
||||
|
@ -9,6 +9,8 @@ import net.hostsharing.hsadminng.hs.office.contact.HsOfficeContactRbacEntity;
|
||||
import net.hostsharing.hsadminng.hs.office.person.HsOfficePersonEntity;
|
||||
import net.hostsharing.hsadminng.rbac.generator.RbacView;
|
||||
import net.hostsharing.hsadminng.rbac.generator.RbacView.SQL;
|
||||
import net.hostsharing.hsadminng.rbac.object.BaseEntity;
|
||||
import net.hostsharing.hsadminng.rbac.test.cust.TestCustomerEntity;
|
||||
|
||||
import jakarta.persistence.Entity;
|
||||
import jakarta.persistence.Table;
|
||||
@ -34,7 +36,7 @@ import static net.hostsharing.hsadminng.rbac.generator.RbacView.SQL.directlyFetc
|
||||
import static net.hostsharing.hsadminng.rbac.generator.RbacView.rbacViewFor;
|
||||
|
||||
@Entity
|
||||
@Table(name = "hs_office_relation_rv")
|
||||
@Table(schema = "hs_office", name = "relation_rv")
|
||||
@NoArgsConstructor
|
||||
@Getter
|
||||
@Setter
|
||||
@ -45,12 +47,12 @@ public class HsOfficeRelationRbacEntity extends HsOfficeRelation {
|
||||
public static RbacView rbac() {
|
||||
return rbacViewFor("relation", HsOfficeRelationRbacEntity.class)
|
||||
.withIdentityView(SQL.projection("""
|
||||
(select idName from hs_office_person_iv p where p.uuid = anchorUuid)
|
||||
(select idName from hs_office.person_iv p where p.uuid = anchorUuid)
|
||||
|| '-with-' || target.type || '-'
|
||||
|| (select idName from hs_office_person_iv p where p.uuid = holderUuid)
|
||||
|| (select idName from hs_office.person_iv p where p.uuid = holderUuid)
|
||||
"""))
|
||||
.withRestrictedViewOrderBy(SQL.expression(
|
||||
"(select idName from hs_office_person_iv p where p.uuid = target.holderUuid)"))
|
||||
"(select idName from hs_office.person_iv p where p.uuid = target.holderUuid)"))
|
||||
.withUpdatableColumns("contactUuid")
|
||||
.importEntityAlias("anchorPerson", HsOfficePersonEntity.class, usingDefaultCase(),
|
||||
dependsOnColumn("anchorUuid"),
|
||||
|
@ -17,13 +17,13 @@ public interface HsOfficeRelationRbacRepository extends Repository<HsOfficeRelat
|
||||
}
|
||||
|
||||
@Query(value = """
|
||||
SELECT p.* FROM hs_office_relation_rv AS p
|
||||
SELECT p.* FROM hs_office.relation_rv AS p
|
||||
WHERE p.anchorUuid = :personUuid OR p.holderUuid = :personUuid
|
||||
""", nativeQuery = true)
|
||||
List<HsOfficeRelationRbacEntity> findRelationRelatedToPersonUuid(@NotNull UUID personUuid);
|
||||
|
||||
@Query(value = """
|
||||
SELECT p.* FROM hs_office_relation_rv AS p
|
||||
SELECT p.* FROM hs_office.relation_rv AS p
|
||||
WHERE (:relationType IS NULL OR p.type = cast(:relationType AS HsOfficeRelationType))
|
||||
AND ( p.anchorUuid = :personUuid OR p.holderUuid = :personUuid)
|
||||
""", nativeQuery = true)
|
||||
|
@ -11,7 +11,7 @@ import jakarta.persistence.Table;
|
||||
|
||||
|
||||
@Entity
|
||||
@Table(name = "hs_office_relation")
|
||||
@Table(schema = "hs_office", name = "relation")
|
||||
@NoArgsConstructor
|
||||
@Getter
|
||||
@Setter
|
||||
|
@ -17,13 +17,13 @@ public interface HsOfficeRelationRealRepository extends Repository<HsOfficeRelat
|
||||
}
|
||||
|
||||
@Query(value = """
|
||||
SELECT p.* FROM hs_office_relation AS p
|
||||
SELECT p.* FROM hs_office.relation AS p
|
||||
WHERE p.anchorUuid = :personUuid OR p.holderUuid = :personUuid
|
||||
""", nativeQuery = true)
|
||||
List<HsOfficeRelationRealEntity> findRelationRelatedToPersonUuid(@NotNull UUID personUuid);
|
||||
|
||||
@Query(value = """
|
||||
SELECT p.* FROM hs_office_relation AS p
|
||||
SELECT p.* FROM hs_office.relation AS p
|
||||
WHERE (:relationType IS NULL OR p.type = cast(:relationType AS HsOfficeRelationType))
|
||||
AND ( p.anchorUuid = :personUuid OR p.holderUuid = :personUuid)
|
||||
""", nativeQuery = true)
|
||||
|
@ -33,7 +33,7 @@ import static net.hostsharing.hsadminng.rbac.generator.RbacView.rbacViewFor;
|
||||
import static net.hostsharing.hsadminng.stringify.Stringify.stringify;
|
||||
|
||||
@Entity
|
||||
@Table(name = "hs_office_sepamandate_rv")
|
||||
@Table(schema = "hs_office", name = "sepamandate_rv")
|
||||
@Getter
|
||||
@Setter
|
||||
@Builder
|
||||
@ -104,8 +104,8 @@ public class HsOfficeSepaMandateEntity implements Stringifyable, BaseEntity<HsOf
|
||||
return rbacViewFor("sepaMandate", HsOfficeSepaMandateEntity.class)
|
||||
.withIdentityView(query("""
|
||||
select sm.uuid as uuid, ba.iban || '-' || sm.validity as idName
|
||||
from hs_office_sepamandate sm
|
||||
join hs_office_bankaccount ba on ba.uuid = sm.bankAccountUuid
|
||||
from hs_office.sepamandate sm
|
||||
join hs_office.bankaccount ba on ba.uuid = sm.bankAccountUuid
|
||||
"""))
|
||||
.withRestrictedViewOrderBy(expression("validity"))
|
||||
.withUpdatableColumns("reference", "agreement", "validity")
|
||||
@ -114,8 +114,8 @@ public class HsOfficeSepaMandateEntity implements Stringifyable, BaseEntity<HsOf
|
||||
dependsOnColumn("debitorUuid"),
|
||||
fetchedBySql("""
|
||||
SELECT ${columns}
|
||||
FROM hs_office_relation debitorRel
|
||||
JOIN hs_office_debitor debitor ON debitor.debitorRelUuid = debitorRel.uuid
|
||||
FROM hs_office.relation debitorRel
|
||||
JOIN hs_office.debitor debitor ON debitor.debitorRelUuid = debitorRel.uuid
|
||||
WHERE debitor.uuid = ${REF}.debitorUuid
|
||||
"""),
|
||||
NOT_NULL)
|
||||
|
@ -983,10 +983,10 @@ public class RbacView {
|
||||
|
||||
String getRawTableShortName() {
|
||||
// TODO.impl: some combined function and trigger names are too long
|
||||
// maybe we should shorten the table name e.g. hs_office_coopsharestransaction -> hsof.coopsharetx
|
||||
// maybe we should shorten the table name e.g. hs_office.coopsharestransaction -> hsof.coopsharetx
|
||||
// this is just a workaround:
|
||||
return getRawTableName()
|
||||
.replace("hs_office_", "hsof_")
|
||||
.replace("hs_office.", "hsof.")
|
||||
.replace("hs_booking_", "hsbk_")
|
||||
.replace("hs_hosting_", "hsho_")
|
||||
.replace("coopsharestransaction", "coopsharetx")
|
||||
@ -1274,13 +1274,14 @@ public class RbacView {
|
||||
|
||||
public static Set<Class<? extends BaseEntity>> findRbacEntityClasses(String packageName) {
|
||||
final var reflections = new Reflections(packageName, TypeAnnotationsScanner.class);
|
||||
return reflections.getTypesAnnotatedWith(Entity.class).stream()
|
||||
.filter(c -> stream(c.getInterfaces()).anyMatch(i -> i== BaseEntity.class))
|
||||
final Set<Class<? extends BaseEntity>> rbacEntityClasses = reflections.getTypesAnnotatedWith(Entity.class).stream()
|
||||
.filter(BaseEntity.class::isAssignableFrom)
|
||||
.filter(c -> stream(c.getDeclaredMethods())
|
||||
.anyMatch(m -> m.getName().equals("rbac") && Modifier.isStatic(m.getModifiers()))
|
||||
.anyMatch(m -> m.getName().equals("rbac") && isStatic(m.getModifiers()))
|
||||
)
|
||||
.map(RbacView::castToSubclassOfBaseEntity)
|
||||
.collect(Collectors.toSet());
|
||||
return rbacEntityClasses;
|
||||
}
|
||||
|
||||
@SuppressWarnings("unchecked")
|
||||
|
@ -29,7 +29,7 @@ class RolesGrantsAndPermissionsGenerator {
|
||||
private final String liquibaseTagPrefix;
|
||||
private final String simpleEntityName;
|
||||
private final String simpleEntityVarName;
|
||||
private final String rawTableName;
|
||||
private final String qualifiedRawTableName;
|
||||
|
||||
RolesGrantsAndPermissionsGenerator(final RbacView rbacDef, final String liquibaseTagPrefix) {
|
||||
this.rbacDef = rbacDef;
|
||||
@ -40,7 +40,7 @@ class RolesGrantsAndPermissionsGenerator {
|
||||
|
||||
simpleEntityVarName = rbacDef.getRootEntityAlias().simpleName();
|
||||
simpleEntityName = capitalize(simpleEntityVarName);
|
||||
rawTableName = rbacDef.getRootEntityAlias().getRawTableNameWithSchema();
|
||||
qualifiedRawTableName = rbacDef.getRootEntityAlias().getRawTableNameWithSchema();
|
||||
}
|
||||
|
||||
void generateTo(final StringWriter plPgSql) {
|
||||
@ -72,7 +72,7 @@ class RolesGrantsAndPermissionsGenerator {
|
||||
language plpgsql as $$
|
||||
"""
|
||||
.replace("${simpleEntityName}", simpleEntityName)
|
||||
.replace("${rawTableName}", rawTableName));
|
||||
.replace("${rawTableName}", qualifiedRawTableName));
|
||||
|
||||
plPgSql.writeLn("declare");
|
||||
plPgSql.indented(() -> {
|
||||
@ -120,7 +120,7 @@ class RolesGrantsAndPermissionsGenerator {
|
||||
end; $$;
|
||||
""",
|
||||
with("simpleEntityName", simpleEntityName),
|
||||
with("rawTableName", rawTableName),
|
||||
with("rawTableName", qualifiedRawTableName),
|
||||
with("updateConditions", updateConditions));
|
||||
}
|
||||
|
||||
@ -139,7 +139,7 @@ class RolesGrantsAndPermissionsGenerator {
|
||||
declare
|
||||
"""
|
||||
.replace("${simpleEntityName}", simpleEntityName)
|
||||
.replace("${rawTableName}", rawTableName));
|
||||
.replace("${rawTableName}", qualifiedRawTableName));
|
||||
|
||||
plPgSql.chopEmptyLines();
|
||||
plPgSql.indented(() -> {
|
||||
@ -514,10 +514,10 @@ class RolesGrantsAndPermissionsGenerator {
|
||||
|
||||
plPgSql.writeLn("""
|
||||
/*
|
||||
AFTER INSERT TRIGGER to create the role+grant structure for a new ${rawTableName} row.
|
||||
AFTER INSERT TRIGGER to create the role+grant structure for a new ${qualifiedRawTableName} row.
|
||||
*/
|
||||
|
||||
create or replace function insertTriggerFor${simpleEntityName}_tf()
|
||||
create or replace function ${schemaPrefix}insertTriggerFor${simpleEntityName}_tf()
|
||||
returns trigger
|
||||
language plpgsql
|
||||
strict as $$
|
||||
@ -527,12 +527,13 @@ class RolesGrantsAndPermissionsGenerator {
|
||||
end; $$;
|
||||
|
||||
create trigger insertTriggerFor${simpleEntityName}_tg
|
||||
after insert on ${rawTableName}
|
||||
after insert on ${qualifiedRawTableName}
|
||||
for each row
|
||||
execute procedure insertTriggerFor${simpleEntityName}_tf();
|
||||
execute procedure ${schemaPrefix}insertTriggerFor${simpleEntityName}_tf();
|
||||
"""
|
||||
.replace("${simpleEntityName}", simpleEntityName)
|
||||
.replace("${rawTableName}", rawTableName)
|
||||
.replace("${schemaPrefix}", schemaPrefix(qualifiedRawTableName))
|
||||
.replace("${qualifiedRawTableName}", qualifiedRawTableName)
|
||||
);
|
||||
|
||||
generateFooter(plPgSql);
|
||||
@ -549,10 +550,10 @@ class RolesGrantsAndPermissionsGenerator {
|
||||
|
||||
plPgSql.writeLn("""
|
||||
/*
|
||||
AFTER INSERT TRIGGER to re-wire the grant structure for a new ${rawTableName} row.
|
||||
AFTER INSERT TRIGGER to re-wire the grant structure for a new ${qualifiedRawTableName} row.
|
||||
*/
|
||||
|
||||
create or replace function updateTriggerFor${simpleEntityName}_tf()
|
||||
|
||||
create or replace function ${schemaPrefix}updateTriggerFor${simpleEntityName}_tf()
|
||||
returns trigger
|
||||
language plpgsql
|
||||
strict as $$
|
||||
@ -560,19 +561,26 @@ class RolesGrantsAndPermissionsGenerator {
|
||||
call updateRbacRulesFor${simpleEntityName}(OLD, NEW);
|
||||
return NEW;
|
||||
end; $$;
|
||||
|
||||
|
||||
create trigger updateTriggerFor${simpleEntityName}_tg
|
||||
after update on ${rawTableName}
|
||||
after update on ${qualifiedRawTableName}
|
||||
for each row
|
||||
execute procedure updateTriggerFor${simpleEntityName}_tf();
|
||||
execute procedure ${schemaPrefix}updateTriggerFor${simpleEntityName}_tf();
|
||||
"""
|
||||
.replace("${simpleEntityName}", simpleEntityName)
|
||||
.replace("${rawTableName}", rawTableName)
|
||||
.replace("${schemaPrefix}", schemaPrefix(qualifiedRawTableName))
|
||||
.replace("${qualifiedRawTableName}", qualifiedRawTableName)
|
||||
);
|
||||
|
||||
generateFooter(plPgSql);
|
||||
}
|
||||
|
||||
private String schemaPrefix(final String qualifiedIdentifier) {
|
||||
return qualifiedIdentifier.contains(".")
|
||||
? qualifiedIdentifier.split("\\.")[0] + "."
|
||||
: "";
|
||||
}
|
||||
|
||||
private static void generateFooter(final StringWriter plPgSql) {
|
||||
plPgSql.writeLn("--//");
|
||||
plPgSql.writeLn();
|
||||
|
@ -60,7 +60,7 @@ end; $$;
|
||||
AFTER INSERT TRIGGER to create the role+grant structure for a new rbactest.customer row.
|
||||
*/
|
||||
|
||||
create or replace function insertTriggerForTestCustomer_tf()
|
||||
create or replace function rbactest.insertTriggerForTestCustomer_tf()
|
||||
returns trigger
|
||||
language plpgsql
|
||||
strict as $$
|
||||
@ -72,7 +72,7 @@ end; $$;
|
||||
create trigger insertTriggerForTestCustomer_tg
|
||||
after insert on rbactest.customer
|
||||
for each row
|
||||
execute procedure insertTriggerForTestCustomer_tf();
|
||||
execute procedure rbactest.insertTriggerForTestCustomer_tf();
|
||||
--//
|
||||
|
||||
|
||||
|
@ -64,7 +64,7 @@ end; $$;
|
||||
AFTER INSERT TRIGGER to create the role+grant structure for a new rbactest.package row.
|
||||
*/
|
||||
|
||||
create or replace function insertTriggerForTestPackage_tf()
|
||||
create or replace function rbactest.insertTriggerForTestPackage_tf()
|
||||
returns trigger
|
||||
language plpgsql
|
||||
strict as $$
|
||||
@ -76,7 +76,7 @@ end; $$;
|
||||
create trigger insertTriggerForTestPackage_tg
|
||||
after insert on rbactest.package
|
||||
for each row
|
||||
execute procedure insertTriggerForTestPackage_tf();
|
||||
execute procedure rbactest.insertTriggerForTestPackage_tf();
|
||||
--//
|
||||
|
||||
|
||||
@ -125,7 +125,7 @@ end; $$;
|
||||
AFTER INSERT TRIGGER to re-wire the grant structure for a new rbactest.package row.
|
||||
*/
|
||||
|
||||
create or replace function updateTriggerForTestPackage_tf()
|
||||
create or replace function rbactest.updateTriggerForTestPackage_tf()
|
||||
returns trigger
|
||||
language plpgsql
|
||||
strict as $$
|
||||
@ -137,7 +137,7 @@ end; $$;
|
||||
create trigger updateTriggerForTestPackage_tg
|
||||
after update on rbactest.package
|
||||
for each row
|
||||
execute procedure updateTriggerForTestPackage_tf();
|
||||
execute procedure rbactest.updateTriggerForTestPackage_tf();
|
||||
--//
|
||||
|
||||
|
||||
|
@ -60,7 +60,7 @@ end; $$;
|
||||
AFTER INSERT TRIGGER to create the role+grant structure for a new rbactest.domain row.
|
||||
*/
|
||||
|
||||
create or replace function insertTriggerForTestDomain_tf()
|
||||
create or replace function rbactest.insertTriggerForTestDomain_tf()
|
||||
returns trigger
|
||||
language plpgsql
|
||||
strict as $$
|
||||
@ -72,7 +72,7 @@ end; $$;
|
||||
create trigger insertTriggerForTestDomain_tg
|
||||
after insert on rbactest.domain
|
||||
for each row
|
||||
execute procedure insertTriggerForTestDomain_tf();
|
||||
execute procedure rbactest.insertTriggerForTestDomain_tf();
|
||||
--//
|
||||
|
||||
|
||||
@ -124,7 +124,7 @@ end; $$;
|
||||
AFTER INSERT TRIGGER to re-wire the grant structure for a new rbactest.domain row.
|
||||
*/
|
||||
|
||||
create or replace function updateTriggerForTestDomain_tf()
|
||||
create or replace function rbactest.updateTriggerForTestDomain_tf()
|
||||
returns trigger
|
||||
language plpgsql
|
||||
strict as $$
|
||||
@ -136,7 +136,7 @@ end; $$;
|
||||
create trigger updateTriggerForTestDomain_tg
|
||||
after update on rbactest.domain
|
||||
for each row
|
||||
execute procedure updateTriggerForTestDomain_tf();
|
||||
execute procedure rbactest.updateTriggerForTestDomain_tf();
|
||||
--//
|
||||
|
||||
|
||||
|
@ -0,0 +1,8 @@
|
||||
--liquibase formatted sql
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset michael.hoennig:hs-office-SCHEMA endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
CREATE SCHEMA hs_office;
|
||||
--//
|
@ -4,7 +4,7 @@
|
||||
--changeset michael.hoennig:hs-office-contact-MAIN-TABLE endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
create table if not exists hs_office_contact
|
||||
create table if not exists hs_office.contact
|
||||
(
|
||||
uuid uuid unique references rbac.object (uuid) initially deferred,
|
||||
version int not null default 0,
|
||||
@ -20,5 +20,5 @@ create table if not exists hs_office_contact
|
||||
--changeset michael.hoennig:hs-office-contact-MAIN-TABLE-JOURNAL endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
call base.create_journal('hs_office_contact');
|
||||
call base.create_journal('hs_office.contact');
|
||||
--//
|
||||
|
@ -3,21 +3,21 @@
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset michael.hoennig:hs-office-contact-rbac-OBJECT endDelimiter:--//
|
||||
--changeset RbacObjectGenerator:hs-office-contact-rbac-OBJECT endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call rbac.generateRelatedRbacObject('hs_office_contact');
|
||||
call rbac.generateRelatedRbacObject('hs_office.contact');
|
||||
--//
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset michael.hoennig:hs-office-contact-rbac-ROLE-DESCRIPTORS endDelimiter:--//
|
||||
--changeset RbacRoleDescriptorsGenerator:hs-office-contact-rbac-ROLE-DESCRIPTORS endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call rbac.generateRbacRoleDescriptors('hsOfficeContact', 'hs_office_contact');
|
||||
call rbac.generateRbacRoleDescriptors('hsOfficeContact', 'hs_office.contact');
|
||||
--//
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset michael.hoennig:hs-office-contact-rbac-insert-trigger endDelimiter:--//
|
||||
--changeset RolesGrantsAndPermissionsGenerator:hs-office-contact-rbac-insert-trigger endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
/*
|
||||
@ -25,7 +25,7 @@ call rbac.generateRbacRoleDescriptors('hsOfficeContact', 'hs_office_contact');
|
||||
*/
|
||||
|
||||
create or replace procedure buildRbacSystemForHsOfficeContact(
|
||||
NEW hs_office_contact
|
||||
NEW hs_office.contact
|
||||
)
|
||||
language plpgsql as $$
|
||||
|
||||
@ -37,7 +37,7 @@ begin
|
||||
perform rbac.defineRoleWithGrants(
|
||||
hsOfficeContactOWNER(NEW),
|
||||
permissions => array['DELETE'],
|
||||
incomingSuperRoles => array[rbac.globalAdmin()],
|
||||
incomingSuperRoles => array[rbac.globalADMIN()],
|
||||
subjectUuids => array[rbac.currentSubjectUuid()]
|
||||
);
|
||||
|
||||
@ -57,10 +57,10 @@ begin
|
||||
end; $$;
|
||||
|
||||
/*
|
||||
AFTER INSERT TRIGGER to create the role+grant structure for a new hs_office_contact row.
|
||||
AFTER INSERT TRIGGER to create the role+grant structure for a new hs_office.contact row.
|
||||
*/
|
||||
|
||||
create or replace function insertTriggerForHsOfficeContact_tf()
|
||||
create or replace function hs_office.insertTriggerForHsOfficeContact_tf()
|
||||
returns trigger
|
||||
language plpgsql
|
||||
strict as $$
|
||||
@ -70,17 +70,17 @@ begin
|
||||
end; $$;
|
||||
|
||||
create trigger insertTriggerForHsOfficeContact_tg
|
||||
after insert on hs_office_contact
|
||||
after insert on hs_office.contact
|
||||
for each row
|
||||
execute procedure insertTriggerForHsOfficeContact_tf();
|
||||
execute procedure hs_office.insertTriggerForHsOfficeContact_tf();
|
||||
--//
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset michael.hoennig:hs-office-contact-rbac-IDENTITY-VIEW endDelimiter:--//
|
||||
--changeset RbacIdentityViewGenerator:hs-office-contact-rbac-IDENTITY-VIEW endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
call rbac.generateRbacIdentityViewFromProjection('hs_office_contact',
|
||||
call rbac.generateRbacIdentityViewFromProjection('hs_office.contact',
|
||||
$idName$
|
||||
caption
|
||||
$idName$);
|
||||
@ -88,9 +88,9 @@ call rbac.generateRbacIdentityViewFromProjection('hs_office_contact',
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset michael.hoennig:hs-office-contact-rbac-RESTRICTED-VIEW endDelimiter:--//
|
||||
--changeset RbacRestrictedViewGenerator:hs-office-contact-rbac-RESTRICTED-VIEW endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call rbac.generateRbacRestrictedView('hs_office_contact',
|
||||
call rbac.generateRbacRestrictedView('hs_office.contact',
|
||||
$orderBy$
|
||||
caption
|
||||
$orderBy$,
|
||||
|
@ -7,9 +7,9 @@
|
||||
--changeset michael.hoennig:hs-office-contact-MIGRATION-mapping endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
CREATE TABLE hs_office_contact_legacy_id
|
||||
CREATE TABLE hs_office.contact_legacy_id
|
||||
(
|
||||
uuid uuid NOT NULL REFERENCES hs_office_contact(uuid),
|
||||
uuid uuid NOT NULL REFERENCES hs_office.contact(uuid),
|
||||
contact_id integer NOT NULL
|
||||
);
|
||||
--//
|
||||
@ -19,10 +19,10 @@ CREATE TABLE hs_office_contact_legacy_id
|
||||
--changeset michael.hoennig:hs-office-contact-MIGRATION-sequence endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
CREATE SEQUENCE IF NOT EXISTS hs_office_contact_legacy_id_seq
|
||||
CREATE SEQUENCE IF NOT EXISTS hs_office.contact_legacy_id_seq
|
||||
AS integer
|
||||
START 1000000000
|
||||
OWNED BY hs_office_contact_legacy_id.contact_id;
|
||||
OWNED BY hs_office.contact_legacy_id.contact_id;
|
||||
--//
|
||||
|
||||
|
||||
@ -30,9 +30,9 @@ CREATE SEQUENCE IF NOT EXISTS hs_office_contact_legacy_id_seq
|
||||
--changeset michael.hoennig:hs-office-contact-MIGRATION-default endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
ALTER TABLE hs_office_contact_legacy_id
|
||||
ALTER TABLE hs_office.contact_legacy_id
|
||||
ALTER COLUMN contact_id
|
||||
SET DEFAULT nextVal('hs_office_contact_legacy_id_seq');
|
||||
SET DEFAULT nextVal('hs_office.contact_legacy_id_seq');
|
||||
|
||||
--/
|
||||
|
||||
@ -41,8 +41,8 @@ ALTER TABLE hs_office_contact_legacy_id
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
CALL base.defineContext('schema-migration');
|
||||
INSERT INTO hs_office_contact_legacy_id(uuid, contact_id)
|
||||
SELECT uuid, nextVal('hs_office_contact_legacy_id_seq') FROM hs_office_contact;
|
||||
INSERT INTO hs_office.contact_legacy_id(uuid, contact_id)
|
||||
SELECT uuid, nextVal('hs_office.contact_legacy_id_seq') FROM hs_office.contact;
|
||||
--/
|
||||
|
||||
|
||||
@ -58,14 +58,14 @@ begin
|
||||
raise exception 'invalid usage of trigger';
|
||||
end if;
|
||||
|
||||
INSERT INTO hs_office_contact_legacy_id VALUES
|
||||
(NEW.uuid, nextVal('hs_office_contact_legacy_id_seq'));
|
||||
INSERT INTO hs_office.contact_legacy_id VALUES
|
||||
(NEW.uuid, nextVal('hs_office.contact_legacy_id_seq'));
|
||||
|
||||
return NEW;
|
||||
end; $$;
|
||||
|
||||
create trigger createContactLegacyIdMapping
|
||||
after insert on hs_office_contact
|
||||
after insert on hs_office.contact
|
||||
for each row
|
||||
execute procedure insertContactLegacyIdMapping();
|
||||
--/
|
||||
@ -83,14 +83,14 @@ begin
|
||||
raise exception 'invalid usage of trigger';
|
||||
end if;
|
||||
|
||||
DELETE FROM hs_office_contact_legacy_id
|
||||
DELETE FROM hs_office.contact_legacy_id
|
||||
WHERE uuid = OLD.uuid;
|
||||
|
||||
return OLD;
|
||||
end; $$;
|
||||
|
||||
create trigger removeContactLegacyIdMapping
|
||||
before delete on hs_office_contact
|
||||
before delete on hs_office.contact
|
||||
for each row
|
||||
execute procedure deleteContactLegacyIdMapping();
|
||||
--/
|
||||
|
@ -23,7 +23,7 @@ begin
|
||||
|
||||
raise notice 'creating test contact: %', contCaption;
|
||||
insert
|
||||
into hs_office_contact (caption, postaladdress, emailaddresses, phonenumbers)
|
||||
into hs_office.contact (caption, postaladdress, emailaddresses, phonenumbers)
|
||||
values (
|
||||
contCaption,
|
||||
postalAddr,
|
||||
|
@ -14,7 +14,7 @@ CREATE TYPE HsOfficePersonType AS ENUM (
|
||||
|
||||
CREATE CAST (character varying as HsOfficePersonType) WITH INOUT AS IMPLICIT;
|
||||
|
||||
create table if not exists hs_office_person
|
||||
create table if not exists hs_office.person
|
||||
(
|
||||
uuid uuid unique references rbac.object (uuid) initially deferred,
|
||||
version int not null default 0,
|
||||
@ -31,5 +31,5 @@ create table if not exists hs_office_person
|
||||
--changeset michael.hoennig:hs-office-person-MAIN-TABLE-JOURNAL endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
call base.create_journal('hs_office_person');
|
||||
call base.create_journal('hs_office.person');
|
||||
--//
|
||||
|
@ -5,14 +5,14 @@
|
||||
-- ============================================================================
|
||||
--changeset RbacObjectGenerator:hs-office-person-rbac-OBJECT endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call rbac.generateRelatedRbacObject('hs_office_person');
|
||||
call rbac.generateRelatedRbacObject('hs_office.person');
|
||||
--//
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RbacRoleDescriptorsGenerator:hs-office-person-rbac-ROLE-DESCRIPTORS endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call rbac.generateRbacRoleDescriptors('hsOfficePerson', 'hs_office_person');
|
||||
call rbac.generateRbacRoleDescriptors('hsOfficePerson', 'hs_office.person');
|
||||
--//
|
||||
|
||||
|
||||
@ -25,7 +25,7 @@ call rbac.generateRbacRoleDescriptors('hsOfficePerson', 'hs_office_person');
|
||||
*/
|
||||
|
||||
create or replace procedure buildRbacSystemForHsOfficePerson(
|
||||
NEW hs_office_person
|
||||
NEW hs_office.person
|
||||
)
|
||||
language plpgsql as $$
|
||||
|
||||
@ -57,10 +57,10 @@ begin
|
||||
end; $$;
|
||||
|
||||
/*
|
||||
AFTER INSERT TRIGGER to create the role+grant structure for a new hs_office_person row.
|
||||
AFTER INSERT TRIGGER to create the role+grant structure for a new hs_office.person row.
|
||||
*/
|
||||
|
||||
create or replace function insertTriggerForHsOfficePerson_tf()
|
||||
create or replace function hs_office.insertTriggerForHsOfficePerson_tf()
|
||||
returns trigger
|
||||
language plpgsql
|
||||
strict as $$
|
||||
@ -70,9 +70,9 @@ begin
|
||||
end; $$;
|
||||
|
||||
create trigger insertTriggerForHsOfficePerson_tg
|
||||
after insert on hs_office_person
|
||||
after insert on hs_office.person
|
||||
for each row
|
||||
execute procedure insertTriggerForHsOfficePerson_tf();
|
||||
execute procedure hs_office.insertTriggerForHsOfficePerson_tf();
|
||||
--//
|
||||
|
||||
|
||||
@ -80,7 +80,7 @@ execute procedure insertTriggerForHsOfficePerson_tf();
|
||||
--changeset RbacIdentityViewGenerator:hs-office-person-rbac-IDENTITY-VIEW endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
call rbac.generateRbacIdentityViewFromProjection('hs_office_person',
|
||||
call rbac.generateRbacIdentityViewFromProjection('hs_office.person',
|
||||
$idName$
|
||||
concat(tradeName, familyName, givenName)
|
||||
$idName$);
|
||||
@ -90,7 +90,7 @@ call rbac.generateRbacIdentityViewFromProjection('hs_office_person',
|
||||
-- ============================================================================
|
||||
--changeset RbacRestrictedViewGenerator:hs-office-person-rbac-RESTRICTED-VIEW endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call rbac.generateRbacRestrictedView('hs_office_person',
|
||||
call rbac.generateRbacRestrictedView('hs_office.person',
|
||||
$orderBy$
|
||||
concat(tradeName, familyName, givenName)
|
||||
$orderBy$,
|
||||
|
@ -27,7 +27,7 @@ begin
|
||||
|
||||
raise notice 'creating test person: % by %', fullName, emailAddr;
|
||||
insert
|
||||
into hs_office_person (persontype, tradename, givenname, familyname)
|
||||
into hs_office.person (persontype, tradename, givenname, familyname)
|
||||
values (newPersonType, newTradeName, newGivenName, newFamilyName);
|
||||
end; $$;
|
||||
--//
|
||||
|
@ -16,13 +16,13 @@ CREATE TYPE HsOfficeRelationType AS ENUM (
|
||||
|
||||
CREATE CAST (character varying as HsOfficeRelationType) WITH INOUT AS IMPLICIT;
|
||||
|
||||
create table if not exists hs_office_relation
|
||||
create table if not exists hs_office.relation
|
||||
(
|
||||
uuid uuid unique references rbac.object (uuid) initially deferred, -- on delete cascade
|
||||
version int not null default 0,
|
||||
anchorUuid uuid not null references hs_office_person(uuid),
|
||||
holderUuid uuid not null references hs_office_person(uuid),
|
||||
contactUuid uuid references hs_office_contact(uuid),
|
||||
anchorUuid uuid not null references hs_office.person(uuid),
|
||||
holderUuid uuid not null references hs_office.person(uuid),
|
||||
contactUuid uuid references hs_office.contact(uuid),
|
||||
type HsOfficeRelationType not null,
|
||||
mark varchar(24)
|
||||
);
|
||||
@ -33,5 +33,5 @@ create table if not exists hs_office_relation
|
||||
--changeset michael.hoennig:hs-office-relation-MAIN-TABLE-JOURNAL endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
call base.create_journal('hs_office_relation');
|
||||
call base.create_journal('hs_office.relation');
|
||||
--//
|
||||
|
@ -3,21 +3,21 @@
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset michael.hoennig:hs-office-relation-rbac-OBJECT endDelimiter:--//
|
||||
--changeset RbacObjectGenerator:hs-office-relation-rbac-OBJECT endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call rbac.generateRelatedRbacObject('hs_office_relation');
|
||||
call rbac.generateRelatedRbacObject('hs_office.relation');
|
||||
--//
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset michael.hoennig:hs-office-relation-rbac-ROLE-DESCRIPTORS endDelimiter:--//
|
||||
--changeset RbacRoleDescriptorsGenerator:hs-office-relation-rbac-ROLE-DESCRIPTORS endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call rbac.generateRbacRoleDescriptors('hsOfficeRelation', 'hs_office_relation');
|
||||
call rbac.generateRbacRoleDescriptors('hsOfficeRelation', 'hs_office.relation');
|
||||
--//
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset michael.hoennig:hs-office-relation-rbac-insert-trigger endDelimiter:--//
|
||||
--changeset RolesGrantsAndPermissionsGenerator:hs-office-relation-rbac-insert-trigger endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
/*
|
||||
@ -25,32 +25,32 @@ call rbac.generateRbacRoleDescriptors('hsOfficeRelation', 'hs_office_relation');
|
||||
*/
|
||||
|
||||
create or replace procedure buildRbacSystemForHsOfficeRelation(
|
||||
NEW hs_office_relation
|
||||
NEW hs_office.relation
|
||||
)
|
||||
language plpgsql as $$
|
||||
|
||||
declare
|
||||
newHolderPerson hs_office_person;
|
||||
newAnchorPerson hs_office_person;
|
||||
newContact hs_office_contact;
|
||||
newHolderPerson hs_office.person;
|
||||
newAnchorPerson hs_office.person;
|
||||
newContact hs_office.contact;
|
||||
|
||||
begin
|
||||
call rbac.enterTriggerForObjectUuid(NEW.uuid);
|
||||
|
||||
SELECT * FROM hs_office_person WHERE uuid = NEW.holderUuid INTO newHolderPerson;
|
||||
SELECT * FROM hs_office.person WHERE uuid = NEW.holderUuid INTO newHolderPerson;
|
||||
assert newHolderPerson.uuid is not null, format('newHolderPerson must not be null for NEW.holderUuid = %s', NEW.holderUuid);
|
||||
|
||||
SELECT * FROM hs_office_person WHERE uuid = NEW.anchorUuid INTO newAnchorPerson;
|
||||
SELECT * FROM hs_office.person WHERE uuid = NEW.anchorUuid INTO newAnchorPerson;
|
||||
assert newAnchorPerson.uuid is not null, format('newAnchorPerson must not be null for NEW.anchorUuid = %s', NEW.anchorUuid);
|
||||
|
||||
SELECT * FROM hs_office_contact WHERE uuid = NEW.contactUuid INTO newContact;
|
||||
SELECT * FROM hs_office.contact WHERE uuid = NEW.contactUuid INTO newContact;
|
||||
assert newContact.uuid is not null, format('newContact must not be null for NEW.contactUuid = %s', NEW.contactUuid);
|
||||
|
||||
|
||||
perform rbac.defineRoleWithGrants(
|
||||
hsOfficeRelationOWNER(NEW),
|
||||
permissions => array['DELETE'],
|
||||
incomingSuperRoles => array[rbac.globalAdmin()],
|
||||
incomingSuperRoles => array[rbac.globalADMIN()],
|
||||
subjectUuids => array[rbac.currentSubjectUuid()]
|
||||
);
|
||||
|
||||
@ -90,10 +90,10 @@ begin
|
||||
end; $$;
|
||||
|
||||
/*
|
||||
AFTER INSERT TRIGGER to create the role+grant structure for a new hs_office_relation row.
|
||||
AFTER INSERT TRIGGER to create the role+grant structure for a new hs_office.relation row.
|
||||
*/
|
||||
|
||||
create or replace function insertTriggerForHsOfficeRelation_tf()
|
||||
create or replace function hs_office.insertTriggerForHsOfficeRelation_tf()
|
||||
returns trigger
|
||||
language plpgsql
|
||||
strict as $$
|
||||
@ -103,14 +103,14 @@ begin
|
||||
end; $$;
|
||||
|
||||
create trigger insertTriggerForHsOfficeRelation_tg
|
||||
after insert on hs_office_relation
|
||||
after insert on hs_office.relation
|
||||
for each row
|
||||
execute procedure insertTriggerForHsOfficeRelation_tf();
|
||||
execute procedure hs_office.insertTriggerForHsOfficeRelation_tf();
|
||||
--//
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset michael.hoennig:hs-office-relation-rbac-update-trigger endDelimiter:--//
|
||||
--changeset RolesGrantsAndPermissionsGenerator:hs-office-relation-rbac-update-trigger endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
/*
|
||||
@ -118,8 +118,8 @@ execute procedure insertTriggerForHsOfficeRelation_tf();
|
||||
*/
|
||||
|
||||
create or replace procedure updateRbacRulesForHsOfficeRelation(
|
||||
OLD hs_office_relation,
|
||||
NEW hs_office_relation
|
||||
OLD hs_office.relation,
|
||||
NEW hs_office.relation
|
||||
)
|
||||
language plpgsql as $$
|
||||
begin
|
||||
@ -131,10 +131,10 @@ begin
|
||||
end; $$;
|
||||
|
||||
/*
|
||||
AFTER INSERT TRIGGER to re-wire the grant structure for a new hs_office_relation row.
|
||||
AFTER INSERT TRIGGER to re-wire the grant structure for a new hs_office.relation row.
|
||||
*/
|
||||
|
||||
create or replace function updateTriggerForHsOfficeRelation_tf()
|
||||
create or replace function hs_office.updateTriggerForHsOfficeRelation_tf()
|
||||
returns trigger
|
||||
language plpgsql
|
||||
strict as $$
|
||||
@ -144,108 +144,108 @@ begin
|
||||
end; $$;
|
||||
|
||||
create trigger updateTriggerForHsOfficeRelation_tg
|
||||
after update on hs_office_relation
|
||||
after update on hs_office.relation
|
||||
for each row
|
||||
execute procedure updateTriggerForHsOfficeRelation_tf();
|
||||
execute procedure hs_office.updateTriggerForHsOfficeRelation_tf();
|
||||
--//
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset michael.hoennig:hs-office-relation-rbac-GRANTING-INSERT-PERMISSION endDelimiter:--//
|
||||
--changeset InsertTriggerGenerator:hs-office-relation-rbac-GRANTING-INSERT-PERMISSION endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
-- granting INSERT permission to hs_office_person ----------------------------
|
||||
-- granting INSERT permission to hs_office.person ----------------------------
|
||||
|
||||
/*
|
||||
Grants INSERT INTO hs_office_relation permissions to specified role of pre-existing hs_office_person rows.
|
||||
Grants INSERT INTO hs_office.relation permissions to specified role of pre-existing hs_office.person rows.
|
||||
*/
|
||||
do language plpgsql $$
|
||||
declare
|
||||
row hs_office_person;
|
||||
row hs_office.person;
|
||||
begin
|
||||
call base.defineContext('create INSERT INTO hs_office_relation permissions for pre-exising hs_office_person rows');
|
||||
call base.defineContext('create INSERT INTO hs_office.relation permissions for pre-exising hs_office.person rows');
|
||||
|
||||
FOR row IN SELECT * FROM hs_office_person
|
||||
FOR row IN SELECT * FROM hs_office.person
|
||||
-- unconditional for all rows in that table
|
||||
LOOP
|
||||
call rbac.grantPermissionToRole(
|
||||
rbac.createPermission(row.uuid, 'INSERT', 'hs_office_relation'),
|
||||
rbac.createPermission(row.uuid, 'INSERT', 'hs_office.relation'),
|
||||
hsOfficePersonADMIN(row));
|
||||
END LOOP;
|
||||
end;
|
||||
$$;
|
||||
|
||||
/**
|
||||
Grants hs_office_relation INSERT permission to specified role of new hs_office_person rows.
|
||||
Grants hs_office.relation INSERT permission to specified role of new person rows.
|
||||
*/
|
||||
create or replace function new_hs_office_relation_grants_insert_to_hs_office_person_tf()
|
||||
create or replace function hs_office.new_relation_grants_insert_to_person_tf()
|
||||
returns trigger
|
||||
language plpgsql
|
||||
strict as $$
|
||||
begin
|
||||
-- unconditional for all rows in that table
|
||||
call rbac.grantPermissionToRole(
|
||||
rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office_relation'),
|
||||
rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office.relation'),
|
||||
hsOfficePersonADMIN(NEW));
|
||||
-- end.
|
||||
return NEW;
|
||||
end; $$;
|
||||
|
||||
-- z_... is to put it at the end of after insert triggers, to make sure the roles exist
|
||||
create trigger z_new_hs_office_relation_grants_insert_to_hs_office_person_tg
|
||||
after insert on hs_office_person
|
||||
create trigger z_new_relation_grants_after_insert_tg
|
||||
after insert on hs_office.person
|
||||
for each row
|
||||
execute procedure new_hs_office_relation_grants_insert_to_hs_office_person_tf();
|
||||
execute procedure hs_office.new_relation_grants_insert_to_person_tf();
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset michael.hoennig:hs_office_relation-rbac-CHECKING-INSERT-PERMISSION endDelimiter:--//
|
||||
--changeset InsertTriggerGenerator:hs-office-relation-rbac-CHECKING-INSERT-PERMISSION endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
/**
|
||||
Checks if the user respectively the assumed roles are allowed to insert a row to hs_office_relation.
|
||||
Checks if the user respectively the assumed roles are allowed to insert a row to hs_office.relation.
|
||||
*/
|
||||
create or replace function hs_office_relation_insert_permission_check_tf()
|
||||
create or replace function hs_office.relation_insert_permission_check_tf()
|
||||
returns trigger
|
||||
language plpgsql as $$
|
||||
declare
|
||||
superObjectUuid uuid;
|
||||
begin
|
||||
-- check INSERT permission via direct foreign key: NEW.anchorUuid
|
||||
if rbac.hasInsertPermission(NEW.anchorUuid, 'hs_office_relation') then
|
||||
if rbac.hasInsertPermission(NEW.anchorUuid, 'hs_office.relation') then
|
||||
return NEW;
|
||||
end if;
|
||||
|
||||
raise exception '[403] insert into hs_office_relation not allowed for current subjects % (%)',
|
||||
base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
|
||||
raise exception '[403] insert into hs_office.relation values(%) not allowed for current subjects % (%)',
|
||||
NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
|
||||
end; $$;
|
||||
|
||||
create trigger hs_office_relation_insert_permission_check_tg
|
||||
before insert on hs_office_relation
|
||||
create trigger relation_insert_permission_check_tg
|
||||
before insert on hs_office.relation
|
||||
for each row
|
||||
execute procedure hs_office_relation_insert_permission_check_tf();
|
||||
execute procedure hs_office.relation_insert_permission_check_tf();
|
||||
--//
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset michael.hoennig:hs-office-relation-rbac-IDENTITY-VIEW endDelimiter:--//
|
||||
--changeset RbacIdentityViewGenerator:hs-office-relation-rbac-IDENTITY-VIEW endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
call rbac.generateRbacIdentityViewFromProjection('hs_office_relation',
|
||||
call rbac.generateRbacIdentityViewFromProjection('hs_office.relation',
|
||||
$idName$
|
||||
(select idName from hs_office_person_iv p where p.uuid = anchorUuid)
|
||||
(select idName from hs_office.person_iv p where p.uuid = anchorUuid)
|
||||
|| '-with-' || target.type || '-'
|
||||
|| (select idName from hs_office_person_iv p where p.uuid = holderUuid)
|
||||
|| (select idName from hs_office.person_iv p where p.uuid = holderUuid)
|
||||
$idName$);
|
||||
--//
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset michael.hoennig:hs-office-relation-rbac-RESTRICTED-VIEW endDelimiter:--//
|
||||
--changeset RbacRestrictedViewGenerator:hs-office-relation-rbac-RESTRICTED-VIEW endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call rbac.generateRbacRestrictedView('hs_office_relation',
|
||||
call rbac.generateRbacRestrictedView('hs_office.relation',
|
||||
$orderBy$
|
||||
(select idName from hs_office_person_iv p where p.uuid = target.holderUuid)
|
||||
(select idName from hs_office.person_iv p where p.uuid = target.holderUuid)
|
||||
$orderBy$,
|
||||
$updates$
|
||||
contactUuid = new.contactUuid
|
||||
|
@ -17,16 +17,16 @@ create or replace procedure createHsOfficeRelationTestData(
|
||||
language plpgsql as $$
|
||||
declare
|
||||
idName varchar;
|
||||
anchorPerson hs_office_person;
|
||||
holderPerson hs_office_person;
|
||||
contact hs_office_contact;
|
||||
anchorPerson hs_office.person;
|
||||
holderPerson hs_office.person;
|
||||
contact hs_office.contact;
|
||||
|
||||
begin
|
||||
idName := base.cleanIdentifier( anchorPersonName || '-' || holderPersonName);
|
||||
|
||||
select p.*
|
||||
into anchorPerson
|
||||
from hs_office_person p
|
||||
from hs_office.person p
|
||||
where p.tradeName = anchorPersonName or p.familyName = anchorPersonName;
|
||||
if anchorPerson is null then
|
||||
raise exception 'anchorPerson "%" not found', anchorPersonName;
|
||||
@ -34,13 +34,13 @@ begin
|
||||
|
||||
select p.*
|
||||
into holderPerson
|
||||
from hs_office_person p
|
||||
from hs_office.person p
|
||||
where p.tradeName = holderPersonName or p.familyName = holderPersonName;
|
||||
if holderPerson is null then
|
||||
raise exception 'holderPerson "%" not found', holderPersonName;
|
||||
end if;
|
||||
|
||||
select c.* into contact from hs_office_contact c where c.caption = contactCaption;
|
||||
select c.* into contact from hs_office.contact c where c.caption = contactCaption;
|
||||
if contact is null then
|
||||
raise exception 'contact "%" not found', contactCaption;
|
||||
end if;
|
||||
@ -50,7 +50,7 @@ begin
|
||||
raise notice '- using holder person (%): %', holderPerson.uuid, holderPerson;
|
||||
raise notice '- using contact (%): %', contact.uuid, contact;
|
||||
insert
|
||||
into hs_office_relation (uuid, anchoruuid, holderuuid, type, mark, contactUuid)
|
||||
into hs_office.relation (uuid, anchoruuid, holderuuid, type, mark, contactUuid)
|
||||
values (uuid_generate_v4(), anchorPerson.uuid, holderPerson.uuid, relationType, mark, contact.uuid);
|
||||
end; $$;
|
||||
--//
|
||||
@ -64,13 +64,13 @@ create or replace procedure createHsOfficeRelationTestData(
|
||||
)
|
||||
language plpgsql as $$
|
||||
declare
|
||||
person hs_office_person;
|
||||
contact hs_office_contact;
|
||||
person hs_office.person;
|
||||
contact hs_office.contact;
|
||||
begin
|
||||
for t in startCount..endCount
|
||||
loop
|
||||
select p.* from hs_office_person p where tradeName = base.intToVarChar(t, 4) into person;
|
||||
select c.* from hs_office_contact c where c.caption = base.intToVarChar(t, 4) || '#' || t into contact;
|
||||
select p.* from hs_office.person p where tradeName = base.intToVarChar(t, 4) into person;
|
||||
select c.* from hs_office.contact c where c.caption = base.intToVarChar(t, 4) || '#' || t into contact;
|
||||
|
||||
call createHsOfficeRelationTestData(person.uuid, contact.uuid, 'REPRESENTATIVE');
|
||||
commit;
|
||||
|
@ -5,7 +5,7 @@
|
||||
--changeset michael.hoennig:hs-office-partner-DETAILS-TABLE endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
create table hs_office_partner_details
|
||||
create table hs_office.partner_details
|
||||
(
|
||||
uuid uuid unique references rbac.object (uuid) initially deferred,
|
||||
version int not null default 0,
|
||||
@ -23,20 +23,20 @@ create table hs_office_partner_details
|
||||
--changeset michael.hoennig:hs-office-partner-DETAILS-TABLE-JOURNAL endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
call base.create_journal('hs_office_partner_details');
|
||||
call base.create_journal('hs_office.partner_details');
|
||||
--//
|
||||
|
||||
-- ============================================================================
|
||||
--changeset michael.hoennig:hs-office-partner-MAIN-TABLE endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
create table hs_office_partner
|
||||
create table hs_office.partner
|
||||
(
|
||||
uuid uuid unique references rbac.object (uuid) initially deferred,
|
||||
version int not null default 0,
|
||||
partnerNumber numeric(5) unique not null,
|
||||
partnerRelUuid uuid not null references hs_office_relation(uuid), -- deleted in after delete trigger
|
||||
detailsUuid uuid not null references hs_office_partner_details(uuid) -- deleted in after delete trigger
|
||||
partnerRelUuid uuid not null references hs_office.relation(uuid), -- deleted in after delete trigger
|
||||
detailsUuid uuid not null references hs_office.partner_details(uuid) -- deleted in after delete trigger
|
||||
);
|
||||
--//
|
||||
|
||||
@ -55,13 +55,13 @@ as $$
|
||||
declare
|
||||
counter integer;
|
||||
begin
|
||||
DELETE FROM hs_office_partner_details d WHERE d.uuid = OLD.detailsUuid;
|
||||
DELETE FROM hs_office.partner_details d WHERE d.uuid = OLD.detailsUuid;
|
||||
GET DIAGNOSTICS counter = ROW_COUNT;
|
||||
if counter = 0 then
|
||||
raise exception 'partner details % could not be deleted', OLD.detailsUuid;
|
||||
end if;
|
||||
|
||||
DELETE FROM hs_office_relation r WHERE r.uuid = OLD.partnerRelUuid;
|
||||
DELETE FROM hs_office.relation r WHERE r.uuid = OLD.partnerRelUuid;
|
||||
GET DIAGNOSTICS counter = ROW_COUNT;
|
||||
if counter = 0 then
|
||||
raise exception 'partner relation % could not be deleted', OLD.partnerRelUuid;
|
||||
@ -73,9 +73,9 @@ end; $$;
|
||||
/**
|
||||
Triggers deletion of related rows of a partner to delete.
|
||||
*/
|
||||
create trigger hs_office_partner_delete_dependents_trigger
|
||||
create trigger hs_office.partner_delete_dependents_trigger
|
||||
after delete
|
||||
on hs_office_partner
|
||||
on hs_office.partner
|
||||
for each row
|
||||
execute procedure deleteHsOfficeDependentsOnPartnerDelete();
|
||||
|
||||
@ -83,5 +83,5 @@ create trigger hs_office_partner_delete_dependents_trigger
|
||||
--changeset michael.hoennig:hs-office-partner-MAIN-TABLE-JOURNAL endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
call base.create_journal('hs_office_partner');
|
||||
call base.create_journal('hs_office.partner');
|
||||
--//
|
||||
|
@ -5,14 +5,14 @@
|
||||
-- ============================================================================
|
||||
--changeset RbacObjectGenerator:hs-office-partner-rbac-OBJECT endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call rbac.generateRelatedRbacObject('hs_office_partner');
|
||||
call rbac.generateRelatedRbacObject('hs_office.partner');
|
||||
--//
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RbacRoleDescriptorsGenerator:hs-office-partner-rbac-ROLE-DESCRIPTORS endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call rbac.generateRbacRoleDescriptors('hsOfficePartner', 'hs_office_partner');
|
||||
call rbac.generateRbacRoleDescriptors('hsOfficePartner', 'hs_office.partner');
|
||||
--//
|
||||
|
||||
|
||||
@ -25,21 +25,21 @@ call rbac.generateRbacRoleDescriptors('hsOfficePartner', 'hs_office_partner');
|
||||
*/
|
||||
|
||||
create or replace procedure buildRbacSystemForHsOfficePartner(
|
||||
NEW hs_office_partner
|
||||
NEW hs_office.partner
|
||||
)
|
||||
language plpgsql as $$
|
||||
|
||||
declare
|
||||
newPartnerRel hs_office_relation;
|
||||
newPartnerDetails hs_office_partner_details;
|
||||
newPartnerRel hs_office.relation;
|
||||
newPartnerDetails hs_office.partner_details;
|
||||
|
||||
begin
|
||||
call rbac.enterTriggerForObjectUuid(NEW.uuid);
|
||||
|
||||
SELECT * FROM hs_office_relation WHERE uuid = NEW.partnerRelUuid INTO newPartnerRel;
|
||||
SELECT * FROM hs_office.relation WHERE uuid = NEW.partnerRelUuid INTO newPartnerRel;
|
||||
assert newPartnerRel.uuid is not null, format('newPartnerRel must not be null for NEW.partnerRelUuid = %s', NEW.partnerRelUuid);
|
||||
|
||||
SELECT * FROM hs_office_partner_details WHERE uuid = NEW.detailsUuid INTO newPartnerDetails;
|
||||
SELECT * FROM hs_office.partner_details WHERE uuid = NEW.detailsUuid INTO newPartnerDetails;
|
||||
assert newPartnerDetails.uuid is not null, format('newPartnerDetails must not be null for NEW.detailsUuid = %s', NEW.detailsUuid);
|
||||
|
||||
call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'DELETE'), hsOfficeRelationOWNER(newPartnerRel));
|
||||
@ -53,10 +53,10 @@ begin
|
||||
end; $$;
|
||||
|
||||
/*
|
||||
AFTER INSERT TRIGGER to create the role+grant structure for a new hs_office_partner row.
|
||||
AFTER INSERT TRIGGER to create the role+grant structure for a new hs_office.partner row.
|
||||
*/
|
||||
|
||||
create or replace function insertTriggerForHsOfficePartner_tf()
|
||||
create or replace function hs_office.insertTriggerForHsOfficePartner_tf()
|
||||
returns trigger
|
||||
language plpgsql
|
||||
strict as $$
|
||||
@ -66,9 +66,9 @@ begin
|
||||
end; $$;
|
||||
|
||||
create trigger insertTriggerForHsOfficePartner_tg
|
||||
after insert on hs_office_partner
|
||||
after insert on hs_office.partner
|
||||
for each row
|
||||
execute procedure insertTriggerForHsOfficePartner_tf();
|
||||
execute procedure hs_office.insertTriggerForHsOfficePartner_tf();
|
||||
--//
|
||||
|
||||
|
||||
@ -81,30 +81,30 @@ execute procedure insertTriggerForHsOfficePartner_tf();
|
||||
*/
|
||||
|
||||
create or replace procedure updateRbacRulesForHsOfficePartner(
|
||||
OLD hs_office_partner,
|
||||
NEW hs_office_partner
|
||||
OLD hs_office.partner,
|
||||
NEW hs_office.partner
|
||||
)
|
||||
language plpgsql as $$
|
||||
|
||||
declare
|
||||
oldPartnerRel hs_office_relation;
|
||||
newPartnerRel hs_office_relation;
|
||||
oldPartnerDetails hs_office_partner_details;
|
||||
newPartnerDetails hs_office_partner_details;
|
||||
oldPartnerRel hs_office.relation;
|
||||
newPartnerRel hs_office.relation;
|
||||
oldPartnerDetails hs_office.partner_details;
|
||||
newPartnerDetails hs_office.partner_details;
|
||||
|
||||
begin
|
||||
call rbac.enterTriggerForObjectUuid(NEW.uuid);
|
||||
|
||||
SELECT * FROM hs_office_relation WHERE uuid = OLD.partnerRelUuid INTO oldPartnerRel;
|
||||
SELECT * FROM hs_office.relation WHERE uuid = OLD.partnerRelUuid INTO oldPartnerRel;
|
||||
assert oldPartnerRel.uuid is not null, format('oldPartnerRel must not be null for OLD.partnerRelUuid = %s', OLD.partnerRelUuid);
|
||||
|
||||
SELECT * FROM hs_office_relation WHERE uuid = NEW.partnerRelUuid INTO newPartnerRel;
|
||||
SELECT * FROM hs_office.relation WHERE uuid = NEW.partnerRelUuid INTO newPartnerRel;
|
||||
assert newPartnerRel.uuid is not null, format('newPartnerRel must not be null for NEW.partnerRelUuid = %s', NEW.partnerRelUuid);
|
||||
|
||||
SELECT * FROM hs_office_partner_details WHERE uuid = OLD.detailsUuid INTO oldPartnerDetails;
|
||||
SELECT * FROM hs_office.partner_details WHERE uuid = OLD.detailsUuid INTO oldPartnerDetails;
|
||||
assert oldPartnerDetails.uuid is not null, format('oldPartnerDetails must not be null for OLD.detailsUuid = %s', OLD.detailsUuid);
|
||||
|
||||
SELECT * FROM hs_office_partner_details WHERE uuid = NEW.detailsUuid INTO newPartnerDetails;
|
||||
SELECT * FROM hs_office.partner_details WHERE uuid = NEW.detailsUuid INTO newPartnerDetails;
|
||||
assert newPartnerDetails.uuid is not null, format('newPartnerDetails must not be null for NEW.detailsUuid = %s', NEW.detailsUuid);
|
||||
|
||||
|
||||
@ -134,10 +134,10 @@ begin
|
||||
end; $$;
|
||||
|
||||
/*
|
||||
AFTER INSERT TRIGGER to re-wire the grant structure for a new hs_office_partner row.
|
||||
AFTER INSERT TRIGGER to re-wire the grant structure for a new hs_office.partner row.
|
||||
*/
|
||||
|
||||
create or replace function updateTriggerForHsOfficePartner_tf()
|
||||
create or replace function hs_office.updateTriggerForHsOfficePartner_tf()
|
||||
returns trigger
|
||||
language plpgsql
|
||||
strict as $$
|
||||
@ -147,9 +147,9 @@ begin
|
||||
end; $$;
|
||||
|
||||
create trigger updateTriggerForHsOfficePartner_tg
|
||||
after update on hs_office_partner
|
||||
after update on hs_office.partner
|
||||
for each row
|
||||
execute procedure updateTriggerForHsOfficePartner_tf();
|
||||
execute procedure hs_office.updateTriggerForHsOfficePartner_tf();
|
||||
--//
|
||||
|
||||
|
||||
@ -160,45 +160,45 @@ execute procedure updateTriggerForHsOfficePartner_tf();
|
||||
-- granting INSERT permission to rbac.global ----------------------------
|
||||
|
||||
/*
|
||||
Grants INSERT INTO hs_office_partner permissions to specified role of pre-existing rbac.global rows.
|
||||
Grants INSERT INTO hs_office.partner permissions to specified role of pre-existing rbac.global rows.
|
||||
*/
|
||||
do language plpgsql $$
|
||||
declare
|
||||
row rbac.global;
|
||||
begin
|
||||
call base.defineContext('create INSERT INTO hs_office_partner permissions for pre-exising rbac.global rows');
|
||||
call base.defineContext('create INSERT INTO hs_office.partner permissions for pre-exising rbac.global rows');
|
||||
|
||||
FOR row IN SELECT * FROM rbac.global
|
||||
-- unconditional for all rows in that table
|
||||
LOOP
|
||||
call rbac.grantPermissionToRole(
|
||||
rbac.createPermission(row.uuid, 'INSERT', 'hs_office_partner'),
|
||||
rbac.createPermission(row.uuid, 'INSERT', 'hs_office.partner'),
|
||||
rbac.globalADMIN());
|
||||
END LOOP;
|
||||
end;
|
||||
$$;
|
||||
|
||||
/**
|
||||
Grants hs_office_partner INSERT permission to specified role of new global rows.
|
||||
Grants hs_office.partner INSERT permission to specified role of new global rows.
|
||||
*/
|
||||
create or replace function new_hsof_partner_grants_insert_to_global_tf()
|
||||
create or replace function hs_office.new_partner_grants_insert_to_global_tf()
|
||||
returns trigger
|
||||
language plpgsql
|
||||
strict as $$
|
||||
begin
|
||||
-- unconditional for all rows in that table
|
||||
call rbac.grantPermissionToRole(
|
||||
rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office_partner'),
|
||||
rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office.partner'),
|
||||
rbac.globalADMIN());
|
||||
-- end.
|
||||
return NEW;
|
||||
end; $$;
|
||||
|
||||
-- z_... is to put it at the end of after insert triggers, to make sure the roles exist
|
||||
create trigger z_new_hs_office_partner_grants_after_insert_tg
|
||||
create trigger z_new_partner_grants_after_insert_tg
|
||||
after insert on rbac.global
|
||||
for each row
|
||||
execute procedure new_hsof_partner_grants_insert_to_global_tf();
|
||||
execute procedure hs_office.new_partner_grants_insert_to_global_tf();
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
@ -206,9 +206,9 @@ execute procedure new_hsof_partner_grants_insert_to_global_tf();
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
/**
|
||||
Checks if the user respectively the assumed roles are allowed to insert a row to hs_office_partner.
|
||||
Checks if the user respectively the assumed roles are allowed to insert a row to hs_office.partner.
|
||||
*/
|
||||
create or replace function hs_office_partner_insert_permission_check_tf()
|
||||
create or replace function hs_office.partner_insert_permission_check_tf()
|
||||
returns trigger
|
||||
language plpgsql as $$
|
||||
declare
|
||||
@ -219,14 +219,14 @@ begin
|
||||
return NEW;
|
||||
end if;
|
||||
|
||||
raise exception '[403] insert into hs_office_partner values(%) not allowed for current subjects % (%)',
|
||||
raise exception '[403] insert into hs_office.partner values(%) not allowed for current subjects % (%)',
|
||||
NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
|
||||
end; $$;
|
||||
|
||||
create trigger hs_office_partner_insert_permission_check_tg
|
||||
before insert on hs_office_partner
|
||||
create trigger partner_insert_permission_check_tg
|
||||
before insert on hs_office.partner
|
||||
for each row
|
||||
execute procedure hs_office_partner_insert_permission_check_tf();
|
||||
execute procedure hs_office.partner_insert_permission_check_tf();
|
||||
--//
|
||||
|
||||
|
||||
@ -234,7 +234,7 @@ create trigger hs_office_partner_insert_permission_check_tg
|
||||
--changeset RbacIdentityViewGenerator:hs-office-partner-rbac-IDENTITY-VIEW endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
call rbac.generateRbacIdentityViewFromProjection('hs_office_partner',
|
||||
call rbac.generateRbacIdentityViewFromProjection('hs_office.partner',
|
||||
$idName$
|
||||
'P-' || partnerNumber
|
||||
$idName$);
|
||||
@ -244,7 +244,7 @@ call rbac.generateRbacIdentityViewFromProjection('hs_office_partner',
|
||||
-- ============================================================================
|
||||
--changeset RbacRestrictedViewGenerator:hs-office-partner-rbac-RESTRICTED-VIEW endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call rbac.generateRbacRestrictedView('hs_office_partner',
|
||||
call rbac.generateRbacRestrictedView('hs_office.partner',
|
||||
$orderBy$
|
||||
'P-' || partnerNumber
|
||||
$orderBy$,
|
||||
|
@ -5,14 +5,14 @@
|
||||
-- ============================================================================
|
||||
--changeset RbacObjectGenerator:hs-office-partner-details-rbac-OBJECT endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call rbac.generateRelatedRbacObject('hs_office_partner_details');
|
||||
call rbac.generateRelatedRbacObject('hs_office.partner_details');
|
||||
--//
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RbacRoleDescriptorsGenerator:hs-office-partner-details-rbac-ROLE-DESCRIPTORS endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call rbac.generateRbacRoleDescriptors('hsOfficePartnerDetails', 'hs_office_partner_details');
|
||||
call rbac.generateRbacRoleDescriptors('hsOfficePartnerDetails', 'hs_office.partner_details');
|
||||
--//
|
||||
|
||||
|
||||
@ -25,7 +25,7 @@ call rbac.generateRbacRoleDescriptors('hsOfficePartnerDetails', 'hs_office_partn
|
||||
*/
|
||||
|
||||
create or replace procedure buildRbacSystemForHsOfficePartnerDetails(
|
||||
NEW hs_office_partner_details
|
||||
NEW hs_office.partner_details
|
||||
)
|
||||
language plpgsql as $$
|
||||
|
||||
@ -38,10 +38,10 @@ begin
|
||||
end; $$;
|
||||
|
||||
/*
|
||||
AFTER INSERT TRIGGER to create the role+grant structure for a new hs_office_partner_details row.
|
||||
AFTER INSERT TRIGGER to create the role+grant structure for a new hs_office.partner_details row.
|
||||
*/
|
||||
|
||||
create or replace function insertTriggerForHsOfficePartnerDetails_tf()
|
||||
create or replace function hs_office.insertTriggerForHsOfficePartnerDetails_tf()
|
||||
returns trigger
|
||||
language plpgsql
|
||||
strict as $$
|
||||
@ -51,9 +51,9 @@ begin
|
||||
end; $$;
|
||||
|
||||
create trigger insertTriggerForHsOfficePartnerDetails_tg
|
||||
after insert on hs_office_partner_details
|
||||
after insert on hs_office.partner_details
|
||||
for each row
|
||||
execute procedure insertTriggerForHsOfficePartnerDetails_tf();
|
||||
execute procedure hs_office.insertTriggerForHsOfficePartnerDetails_tf();
|
||||
--//
|
||||
|
||||
|
||||
@ -64,45 +64,45 @@ execute procedure insertTriggerForHsOfficePartnerDetails_tf();
|
||||
-- granting INSERT permission to rbac.global ----------------------------
|
||||
|
||||
/*
|
||||
Grants INSERT INTO hs_office_partner_details permissions to specified role of pre-existing rbac.global rows.
|
||||
Grants INSERT INTO hs_office.partner_details permissions to specified role of pre-existing rbac.global rows.
|
||||
*/
|
||||
do language plpgsql $$
|
||||
declare
|
||||
row rbac.global;
|
||||
begin
|
||||
call base.defineContext('create INSERT INTO hs_office_partner_details permissions for pre-exising rbac.global rows');
|
||||
call base.defineContext('create INSERT INTO hs_office.partner_details permissions for pre-exising rbac.global rows');
|
||||
|
||||
FOR row IN SELECT * FROM rbac.global
|
||||
-- unconditional for all rows in that table
|
||||
LOOP
|
||||
call rbac.grantPermissionToRole(
|
||||
rbac.createPermission(row.uuid, 'INSERT', 'hs_office_partner_details'),
|
||||
rbac.createPermission(row.uuid, 'INSERT', 'hs_office.partner_details'),
|
||||
rbac.globalADMIN());
|
||||
END LOOP;
|
||||
end;
|
||||
$$;
|
||||
|
||||
/**
|
||||
Grants hs_office_partner_details INSERT permission to specified role of new global rows.
|
||||
Grants hs_office.partner_details INSERT permission to specified role of new global rows.
|
||||
*/
|
||||
create or replace function new_hsof_partner_details_grants_insert_to_global_tf()
|
||||
create or replace function hs_office.new_partner_details_grants_insert_to_global_tf()
|
||||
returns trigger
|
||||
language plpgsql
|
||||
strict as $$
|
||||
begin
|
||||
-- unconditional for all rows in that table
|
||||
call rbac.grantPermissionToRole(
|
||||
rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office_partner_details'),
|
||||
rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office.partner_details'),
|
||||
rbac.globalADMIN());
|
||||
-- end.
|
||||
return NEW;
|
||||
end; $$;
|
||||
|
||||
-- z_... is to put it at the end of after insert triggers, to make sure the roles exist
|
||||
create trigger z_new_hs_office_partner_details_grants_after_insert_tg
|
||||
create trigger z_new_partner_details_grants_after_insert_tg
|
||||
after insert on rbac.global
|
||||
for each row
|
||||
execute procedure new_hsof_partner_details_grants_insert_to_global_tf();
|
||||
execute procedure hs_office.new_partner_details_grants_insert_to_global_tf();
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
@ -110,9 +110,9 @@ execute procedure new_hsof_partner_details_grants_insert_to_global_tf();
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
/**
|
||||
Checks if the user respectively the assumed roles are allowed to insert a row to hs_office_partner_details.
|
||||
Checks if the user respectively the assumed roles are allowed to insert a row to hs_office.partner_details.
|
||||
*/
|
||||
create or replace function hs_office_partner_details_insert_permission_check_tf()
|
||||
create or replace function hs_office.partner_details_insert_permission_check_tf()
|
||||
returns trigger
|
||||
language plpgsql as $$
|
||||
declare
|
||||
@ -123,14 +123,14 @@ begin
|
||||
return NEW;
|
||||
end if;
|
||||
|
||||
raise exception '[403] insert into hs_office_partner_details values(%) not allowed for current subjects % (%)',
|
||||
raise exception '[403] insert into hs_office.partner_details values(%) not allowed for current subjects % (%)',
|
||||
NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
|
||||
end; $$;
|
||||
|
||||
create trigger hs_office_partner_details_insert_permission_check_tg
|
||||
before insert on hs_office_partner_details
|
||||
create trigger partner_details_insert_permission_check_tg
|
||||
before insert on hs_office.partner_details
|
||||
for each row
|
||||
execute procedure hs_office_partner_details_insert_permission_check_tf();
|
||||
execute procedure hs_office.partner_details_insert_permission_check_tf();
|
||||
--//
|
||||
|
||||
|
||||
@ -138,12 +138,12 @@ create trigger hs_office_partner_details_insert_permission_check_tg
|
||||
--changeset RbacIdentityViewGenerator:hs-office-partner-details-rbac-IDENTITY-VIEW endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
call rbac.generateRbacIdentityViewFromQuery('hs_office_partner_details',
|
||||
call rbac.generateRbacIdentityViewFromQuery('hs_office.partner_details',
|
||||
$idName$
|
||||
SELECT partnerDetails.uuid as uuid, partner_iv.idName as idName
|
||||
FROM hs_office_partner_details AS partnerDetails
|
||||
JOIN hs_office_partner partner ON partner.detailsUuid = partnerDetails.uuid
|
||||
JOIN hs_office_partner_iv partner_iv ON partner_iv.uuid = partner.uuid
|
||||
FROM hs_office.partner_details AS partnerDetails
|
||||
JOIN hs_office.partner partner ON partner.detailsUuid = partnerDetails.uuid
|
||||
JOIN hs_office.partner_iv partner_iv ON partner_iv.uuid = partner.uuid
|
||||
$idName$);
|
||||
--//
|
||||
|
||||
@ -151,7 +151,7 @@ call rbac.generateRbacIdentityViewFromQuery('hs_office_partner_details',
|
||||
-- ============================================================================
|
||||
--changeset RbacRestrictedViewGenerator:hs-office-partner-details-rbac-RESTRICTED-VIEW endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call rbac.generateRbacRestrictedView('hs_office_partner_details',
|
||||
call rbac.generateRbacRestrictedView('hs_office.partner_details',
|
||||
$orderBy$
|
||||
uuid
|
||||
$orderBy$,
|
||||
|
@ -7,9 +7,9 @@
|
||||
--changeset michael.hoennig:hs-office-partner-MIGRATION-mapping endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
CREATE TABLE hs_office_partner_legacy_id
|
||||
CREATE TABLE hs_office.partner_legacy_id
|
||||
(
|
||||
uuid uuid NOT NULL REFERENCES hs_office_partner(uuid),
|
||||
uuid uuid NOT NULL REFERENCES hs_office.partner(uuid),
|
||||
bp_id integer NOT NULL
|
||||
);
|
||||
--//
|
||||
@ -19,10 +19,10 @@ CREATE TABLE hs_office_partner_legacy_id
|
||||
--changeset michael.hoennig:hs-office-partner-MIGRATION-sequence endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
CREATE SEQUENCE IF NOT EXISTS hs_office_partner_legacy_id_seq
|
||||
CREATE SEQUENCE IF NOT EXISTS hs_office.partner_legacy_id_seq
|
||||
AS integer
|
||||
START 1000000000
|
||||
OWNED BY hs_office_partner_legacy_id.bp_id;
|
||||
OWNED BY hs_office.partner_legacy_id.bp_id;
|
||||
--//
|
||||
|
||||
|
||||
@ -30,9 +30,9 @@ CREATE SEQUENCE IF NOT EXISTS hs_office_partner_legacy_id_seq
|
||||
--changeset michael.hoennig:hs-office-partner-MIGRATION-default endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
ALTER TABLE hs_office_partner_legacy_id
|
||||
ALTER TABLE hs_office.partner_legacy_id
|
||||
ALTER COLUMN bp_id
|
||||
SET DEFAULT nextVal('hs_office_partner_legacy_id_seq');
|
||||
SET DEFAULT nextVal('hs_office.partner_legacy_id_seq');
|
||||
--/
|
||||
|
||||
-- ============================================================================
|
||||
@ -40,8 +40,8 @@ ALTER TABLE hs_office_partner_legacy_id
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
CALL base.defineContext('schema-migration');
|
||||
INSERT INTO hs_office_partner_legacy_id(uuid, bp_id)
|
||||
SELECT uuid, nextVal('hs_office_partner_legacy_id_seq') FROM hs_office_partner;
|
||||
INSERT INTO hs_office.partner_legacy_id(uuid, bp_id)
|
||||
SELECT uuid, nextVal('hs_office.partner_legacy_id_seq') FROM hs_office.partner;
|
||||
--/
|
||||
|
||||
|
||||
@ -57,14 +57,14 @@ begin
|
||||
raise exception 'invalid usage of trigger';
|
||||
end if;
|
||||
|
||||
INSERT INTO hs_office_partner_legacy_id VALUES
|
||||
(NEW.uuid, nextVal('hs_office_partner_legacy_id_seq'));
|
||||
INSERT INTO hs_office.partner_legacy_id VALUES
|
||||
(NEW.uuid, nextVal('hs_office.partner_legacy_id_seq'));
|
||||
|
||||
return NEW;
|
||||
end; $$;
|
||||
|
||||
create trigger createPartnerLegacyIdMapping
|
||||
after insert on hs_office_partner
|
||||
after insert on hs_office.partner
|
||||
for each row
|
||||
execute procedure insertPartnerLegacyIdMapping();
|
||||
--/
|
||||
@ -82,14 +82,14 @@ begin
|
||||
raise exception 'invalid usage of trigger';
|
||||
end if;
|
||||
|
||||
DELETE FROM hs_office_partner_legacy_id
|
||||
DELETE FROM hs_office.partner_legacy_id
|
||||
WHERE uuid = OLD.uuid;
|
||||
|
||||
return OLD;
|
||||
end; $$;
|
||||
|
||||
create trigger removePartnerLegacyIdMapping
|
||||
before delete on hs_office_partner
|
||||
before delete on hs_office.partner
|
||||
for each row
|
||||
execute procedure deletePartnerLegacyIdMapping();
|
||||
--/
|
||||
|
@ -16,25 +16,25 @@ create or replace procedure createHsOfficePartnerTestData(
|
||||
language plpgsql as $$
|
||||
declare
|
||||
idName varchar;
|
||||
mandantPerson hs_office_person;
|
||||
partnerRel hs_office_relation;
|
||||
relatedPerson hs_office_person;
|
||||
mandantPerson hs_office.person;
|
||||
partnerRel hs_office.relation;
|
||||
relatedPerson hs_office.person;
|
||||
relatedDetailsUuid uuid;
|
||||
begin
|
||||
idName := base.cleanIdentifier( partnerPersonName|| '-' || contactCaption);
|
||||
|
||||
select p.* from hs_office_person p
|
||||
select p.* from hs_office.person p
|
||||
where p.tradeName = mandantTradeName
|
||||
into mandantPerson;
|
||||
if mandantPerson is null then
|
||||
raise exception 'mandant "%" not found', mandantTradeName;
|
||||
end if;
|
||||
|
||||
select p.* from hs_office_person p
|
||||
select p.* from hs_office.person p
|
||||
where p.tradeName = partnerPersonName or p.familyName = partnerPersonName
|
||||
into relatedPerson;
|
||||
|
||||
select r.* from hs_office_relation r
|
||||
select r.* from hs_office.relation r
|
||||
where r.type = 'PARTNER'
|
||||
and r.anchoruuid = mandantPerson.uuid and r.holderuuid = relatedPerson.uuid
|
||||
into partnerRel;
|
||||
@ -48,18 +48,18 @@ begin
|
||||
|
||||
if relatedPerson.persontype = 'NP' then
|
||||
insert
|
||||
into hs_office_partner_details (uuid, birthName, birthday, birthPlace)
|
||||
into hs_office.partner_details (uuid, birthName, birthday, birthPlace)
|
||||
values (uuid_generate_v4(), 'Meyer', '1987-10-31', 'Hamburg')
|
||||
returning uuid into relatedDetailsUuid;
|
||||
else
|
||||
insert
|
||||
into hs_office_partner_details (uuid, registrationOffice, registrationNumber)
|
||||
into hs_office.partner_details (uuid, registrationOffice, registrationNumber)
|
||||
values (uuid_generate_v4(), 'Hamburg', 'RegNo123456789')
|
||||
returning uuid into relatedDetailsUuid;
|
||||
end if;
|
||||
|
||||
insert
|
||||
into hs_office_partner (uuid, partnerNumber, partnerRelUuid, detailsUuid)
|
||||
into hs_office.partner (uuid, partnerNumber, partnerRelUuid, detailsUuid)
|
||||
values (uuid_generate_v4(), newPartnerNumber, partnerRel.uuid, relatedDetailsUuid);
|
||||
end; $$;
|
||||
--//
|
||||
|
@ -3,7 +3,7 @@
|
||||
--changeset michael.hoennig:hs-office-bankaccount-MAIN-TABLE endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
create table hs_office_bankaccount
|
||||
create table hs_office.bankaccount
|
||||
(
|
||||
uuid uuid unique references rbac.object (uuid) initially deferred,
|
||||
version int not null default 0,
|
||||
@ -18,5 +18,5 @@ create table hs_office_bankaccount
|
||||
--changeset michael.hoennig:hs-office-bankaccount-MAIN-TABLE-JOURNAL endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
call base.create_journal('hs_office_bankaccount');
|
||||
call base.create_journal('hs_office.bankaccount');
|
||||
--//
|
||||
|
@ -5,14 +5,14 @@
|
||||
-- ============================================================================
|
||||
--changeset RbacObjectGenerator:hs-office-bankaccount-rbac-OBJECT endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call rbac.generateRelatedRbacObject('hs_office_bankaccount');
|
||||
call rbac.generateRelatedRbacObject('hs_office.bankaccount');
|
||||
--//
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RbacRoleDescriptorsGenerator:hs-office-bankaccount-rbac-ROLE-DESCRIPTORS endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call rbac.generateRbacRoleDescriptors('hsOfficeBankAccount', 'hs_office_bankaccount');
|
||||
call rbac.generateRbacRoleDescriptors('hsOfficeBankAccount', 'hs_office.bankaccount');
|
||||
--//
|
||||
|
||||
|
||||
@ -25,7 +25,7 @@ call rbac.generateRbacRoleDescriptors('hsOfficeBankAccount', 'hs_office_bankacco
|
||||
*/
|
||||
|
||||
create or replace procedure buildRbacSystemForHsOfficeBankAccount(
|
||||
NEW hs_office_bankaccount
|
||||
NEW hs_office.bankaccount
|
||||
)
|
||||
language plpgsql as $$
|
||||
|
||||
@ -57,10 +57,10 @@ begin
|
||||
end; $$;
|
||||
|
||||
/*
|
||||
AFTER INSERT TRIGGER to create the role+grant structure for a new hs_office_bankaccount row.
|
||||
AFTER INSERT TRIGGER to create the role+grant structure for a new hs_office.bankaccount row.
|
||||
*/
|
||||
|
||||
create or replace function insertTriggerForHsOfficeBankAccount_tf()
|
||||
create or replace function hs_office.insertTriggerForHsOfficeBankAccount_tf()
|
||||
returns trigger
|
||||
language plpgsql
|
||||
strict as $$
|
||||
@ -70,9 +70,9 @@ begin
|
||||
end; $$;
|
||||
|
||||
create trigger insertTriggerForHsOfficeBankAccount_tg
|
||||
after insert on hs_office_bankaccount
|
||||
after insert on hs_office.bankaccount
|
||||
for each row
|
||||
execute procedure insertTriggerForHsOfficeBankAccount_tf();
|
||||
execute procedure hs_office.insertTriggerForHsOfficeBankAccount_tf();
|
||||
--//
|
||||
|
||||
|
||||
@ -80,7 +80,7 @@ execute procedure insertTriggerForHsOfficeBankAccount_tf();
|
||||
--changeset RbacIdentityViewGenerator:hs-office-bankaccount-rbac-IDENTITY-VIEW endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
call rbac.generateRbacIdentityViewFromProjection('hs_office_bankaccount',
|
||||
call rbac.generateRbacIdentityViewFromProjection('hs_office.bankaccount',
|
||||
$idName$
|
||||
iban
|
||||
$idName$);
|
||||
@ -90,7 +90,7 @@ call rbac.generateRbacIdentityViewFromProjection('hs_office_bankaccount',
|
||||
-- ============================================================================
|
||||
--changeset RbacRestrictedViewGenerator:hs-office-bankaccount-rbac-RESTRICTED-VIEW endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call rbac.generateRbacRestrictedView('hs_office_bankaccount',
|
||||
call rbac.generateRbacRestrictedView('hs_office.bankaccount',
|
||||
$orderBy$
|
||||
iban
|
||||
$orderBy$,
|
||||
|
@ -19,7 +19,7 @@ begin
|
||||
|
||||
raise notice 'creating test bankaccount: %', givenHolder;
|
||||
insert
|
||||
into hs_office_bankaccount(uuid, holder, iban, bic)
|
||||
into hs_office.bankaccount(uuid, holder, iban, bic)
|
||||
values (uuid_generate_v4(), givenHolder, givenIBAN, givenBIC);
|
||||
end; $$;
|
||||
--//
|
||||
|
@ -4,18 +4,18 @@
|
||||
--changeset michael.hoennig:hs-office-debitor-MAIN-TABLE endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
create table hs_office_debitor
|
||||
create table hs_office.debitor
|
||||
(
|
||||
uuid uuid unique references rbac.object (uuid) initially deferred,
|
||||
version int not null default 0,
|
||||
debitorNumberSuffix char(2) not null check (debitorNumberSuffix::text ~ '^[0-9][0-9]$'),
|
||||
debitorRelUuid uuid not null references hs_office_relation(uuid),
|
||||
debitorRelUuid uuid not null references hs_office.relation(uuid),
|
||||
billable boolean not null default true,
|
||||
vatId varchar(24),
|
||||
vatCountryCode varchar(2),
|
||||
vatBusiness boolean not null,
|
||||
vatReverseCharge boolean not null,
|
||||
refundBankAccountUuid uuid references hs_office_bankaccount(uuid),
|
||||
refundBankAccountUuid uuid references hs_office.bankaccount(uuid),
|
||||
defaultPrefix char(3) not null unique
|
||||
constraint check_default_prefix check (
|
||||
defaultPrefix::text ~ '^([a-z]{3}|al0|bh1|c4s|f3k|k8i|l3d|mh1|o13|p2m|s80|t4w)$'
|
||||
@ -38,7 +38,7 @@ as $$
|
||||
declare
|
||||
counter integer;
|
||||
begin
|
||||
DELETE FROM hs_office_relation r WHERE r.uuid = OLD.debitorRelUuid;
|
||||
DELETE FROM hs_office.relation r WHERE r.uuid = OLD.debitorRelUuid;
|
||||
GET DIAGNOSTICS counter = ROW_COUNT;
|
||||
if counter = 0 then
|
||||
raise exception 'debitor relation % could not be deleted', OLD.debitorRelUuid;
|
||||
@ -50,9 +50,9 @@ end; $$;
|
||||
/**
|
||||
Triggers deletion of related details of a debitor to delete.
|
||||
*/
|
||||
create trigger hs_office_debitor_delete_dependents_trigger
|
||||
create trigger hs_office.debitor_delete_dependents_trigger
|
||||
after delete
|
||||
on hs_office_debitor
|
||||
on hs_office.debitor
|
||||
for each row
|
||||
execute procedure deleteHsOfficeDependentsOnDebitorDelete();
|
||||
|
||||
@ -61,5 +61,5 @@ execute procedure deleteHsOfficeDependentsOnDebitorDelete();
|
||||
--changeset michael.hoennig:hs-office-debitor-MAIN-TABLE-JOURNAL endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
call base.create_journal('hs_office_debitor');
|
||||
call base.create_journal('hs_office.debitor');
|
||||
--//
|
||||
|
@ -5,14 +5,14 @@
|
||||
-- ============================================================================
|
||||
--changeset RbacObjectGenerator:hs-office-debitor-rbac-OBJECT endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call rbac.generateRelatedRbacObject('hs_office_debitor');
|
||||
call rbac.generateRelatedRbacObject('hs_office.debitor');
|
||||
--//
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RbacRoleDescriptorsGenerator:hs-office-debitor-rbac-ROLE-DESCRIPTORS endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call rbac.generateRbacRoleDescriptors('hsOfficeDebitor', 'hs_office_debitor');
|
||||
call rbac.generateRbacRoleDescriptors('hsOfficeDebitor', 'hs_office.debitor');
|
||||
--//
|
||||
|
||||
|
||||
@ -25,31 +25,31 @@ call rbac.generateRbacRoleDescriptors('hsOfficeDebitor', 'hs_office_debitor');
|
||||
*/
|
||||
|
||||
create or replace procedure buildRbacSystemForHsOfficeDebitor(
|
||||
NEW hs_office_debitor
|
||||
NEW hs_office.debitor
|
||||
)
|
||||
language plpgsql as $$
|
||||
|
||||
declare
|
||||
newPartnerRel hs_office_relation;
|
||||
newDebitorRel hs_office_relation;
|
||||
newRefundBankAccount hs_office_bankaccount;
|
||||
newPartnerRel hs_office.relation;
|
||||
newDebitorRel hs_office.relation;
|
||||
newRefundBankAccount hs_office.bankaccount;
|
||||
|
||||
begin
|
||||
call rbac.enterTriggerForObjectUuid(NEW.uuid);
|
||||
|
||||
SELECT partnerRel.*
|
||||
FROM hs_office_relation AS partnerRel
|
||||
JOIN hs_office_relation AS debitorRel
|
||||
FROM hs_office.relation AS partnerRel
|
||||
JOIN hs_office.relation AS debitorRel
|
||||
ON debitorRel.type = 'DEBITOR' AND debitorRel.anchorUuid = partnerRel.holderUuid
|
||||
WHERE partnerRel.type = 'PARTNER'
|
||||
AND NEW.debitorRelUuid = debitorRel.uuid
|
||||
INTO newPartnerRel;
|
||||
assert newPartnerRel.uuid is not null, format('newPartnerRel must not be null for NEW.debitorRelUuid = %s', NEW.debitorRelUuid);
|
||||
|
||||
SELECT * FROM hs_office_relation WHERE uuid = NEW.debitorRelUuid INTO newDebitorRel;
|
||||
SELECT * FROM hs_office.relation WHERE uuid = NEW.debitorRelUuid INTO newDebitorRel;
|
||||
assert newDebitorRel.uuid is not null, format('newDebitorRel must not be null for NEW.debitorRelUuid = %s', NEW.debitorRelUuid);
|
||||
|
||||
SELECT * FROM hs_office_bankaccount WHERE uuid = NEW.refundBankAccountUuid INTO newRefundBankAccount;
|
||||
SELECT * FROM hs_office.bankaccount WHERE uuid = NEW.refundBankAccountUuid INTO newRefundBankAccount;
|
||||
|
||||
call rbac.grantRoleToRole(hsOfficeBankAccountREFERRER(newRefundBankAccount), hsOfficeRelationAGENT(newDebitorRel));
|
||||
call rbac.grantRoleToRole(hsOfficeRelationADMIN(newDebitorRel), hsOfficeRelationADMIN(newPartnerRel));
|
||||
@ -65,10 +65,10 @@ begin
|
||||
end; $$;
|
||||
|
||||
/*
|
||||
AFTER INSERT TRIGGER to create the role+grant structure for a new hs_office_debitor row.
|
||||
AFTER INSERT TRIGGER to create the role+grant structure for a new hs_office.debitor row.
|
||||
*/
|
||||
|
||||
create or replace function insertTriggerForHsOfficeDebitor_tf()
|
||||
create or replace function hs_office.insertTriggerForHsOfficeDebitor_tf()
|
||||
returns trigger
|
||||
language plpgsql
|
||||
strict as $$
|
||||
@ -78,9 +78,9 @@ begin
|
||||
end; $$;
|
||||
|
||||
create trigger insertTriggerForHsOfficeDebitor_tg
|
||||
after insert on hs_office_debitor
|
||||
after insert on hs_office.debitor
|
||||
for each row
|
||||
execute procedure insertTriggerForHsOfficeDebitor_tf();
|
||||
execute procedure hs_office.insertTriggerForHsOfficeDebitor_tf();
|
||||
--//
|
||||
|
||||
|
||||
@ -93,8 +93,8 @@ execute procedure insertTriggerForHsOfficeDebitor_tf();
|
||||
*/
|
||||
|
||||
create or replace procedure updateRbacRulesForHsOfficeDebitor(
|
||||
OLD hs_office_debitor,
|
||||
NEW hs_office_debitor
|
||||
OLD hs_office.debitor,
|
||||
NEW hs_office.debitor
|
||||
)
|
||||
language plpgsql as $$
|
||||
begin
|
||||
@ -107,10 +107,10 @@ begin
|
||||
end; $$;
|
||||
|
||||
/*
|
||||
AFTER INSERT TRIGGER to re-wire the grant structure for a new hs_office_debitor row.
|
||||
AFTER INSERT TRIGGER to re-wire the grant structure for a new hs_office.debitor row.
|
||||
*/
|
||||
|
||||
create or replace function updateTriggerForHsOfficeDebitor_tf()
|
||||
create or replace function hs_office.updateTriggerForHsOfficeDebitor_tf()
|
||||
returns trigger
|
||||
language plpgsql
|
||||
strict as $$
|
||||
@ -120,9 +120,9 @@ begin
|
||||
end; $$;
|
||||
|
||||
create trigger updateTriggerForHsOfficeDebitor_tg
|
||||
after update on hs_office_debitor
|
||||
after update on hs_office.debitor
|
||||
for each row
|
||||
execute procedure updateTriggerForHsOfficeDebitor_tf();
|
||||
execute procedure hs_office.updateTriggerForHsOfficeDebitor_tf();
|
||||
--//
|
||||
|
||||
|
||||
@ -133,45 +133,45 @@ execute procedure updateTriggerForHsOfficeDebitor_tf();
|
||||
-- granting INSERT permission to rbac.global ----------------------------
|
||||
|
||||
/*
|
||||
Grants INSERT INTO hs_office_debitor permissions to specified role of pre-existing rbac.global rows.
|
||||
Grants INSERT INTO hs_office.debitor permissions to specified role of pre-existing rbac.global rows.
|
||||
*/
|
||||
do language plpgsql $$
|
||||
declare
|
||||
row rbac.global;
|
||||
begin
|
||||
call base.defineContext('create INSERT INTO hs_office_debitor permissions for pre-exising rbac.global rows');
|
||||
call base.defineContext('create INSERT INTO hs_office.debitor permissions for pre-exising rbac.global rows');
|
||||
|
||||
FOR row IN SELECT * FROM rbac.global
|
||||
-- unconditional for all rows in that table
|
||||
LOOP
|
||||
call rbac.grantPermissionToRole(
|
||||
rbac.createPermission(row.uuid, 'INSERT', 'hs_office_debitor'),
|
||||
rbac.createPermission(row.uuid, 'INSERT', 'hs_office.debitor'),
|
||||
rbac.globalADMIN());
|
||||
END LOOP;
|
||||
end;
|
||||
$$;
|
||||
|
||||
/**
|
||||
Grants hs_office_debitor INSERT permission to specified role of new global rows.
|
||||
Grants hs_office.debitor INSERT permission to specified role of new global rows.
|
||||
*/
|
||||
create or replace function new_hsof_debitor_grants_insert_to_global_tf()
|
||||
create or replace function hs_office.new_debitor_grants_insert_to_global_tf()
|
||||
returns trigger
|
||||
language plpgsql
|
||||
strict as $$
|
||||
begin
|
||||
-- unconditional for all rows in that table
|
||||
call rbac.grantPermissionToRole(
|
||||
rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office_debitor'),
|
||||
rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office.debitor'),
|
||||
rbac.globalADMIN());
|
||||
-- end.
|
||||
return NEW;
|
||||
end; $$;
|
||||
|
||||
-- z_... is to put it at the end of after insert triggers, to make sure the roles exist
|
||||
create trigger z_new_hs_office_debitor_grants_after_insert_tg
|
||||
create trigger z_new_debitor_grants_after_insert_tg
|
||||
after insert on rbac.global
|
||||
for each row
|
||||
execute procedure new_hsof_debitor_grants_insert_to_global_tf();
|
||||
execute procedure hs_office.new_debitor_grants_insert_to_global_tf();
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
@ -179,9 +179,9 @@ execute procedure new_hsof_debitor_grants_insert_to_global_tf();
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
/**
|
||||
Checks if the user respectively the assumed roles are allowed to insert a row to hs_office_debitor.
|
||||
Checks if the user respectively the assumed roles are allowed to insert a row to hs_office.debitor.
|
||||
*/
|
||||
create or replace function hs_office_debitor_insert_permission_check_tf()
|
||||
create or replace function hs_office.debitor_insert_permission_check_tf()
|
||||
returns trigger
|
||||
language plpgsql as $$
|
||||
declare
|
||||
@ -192,14 +192,14 @@ begin
|
||||
return NEW;
|
||||
end if;
|
||||
|
||||
raise exception '[403] insert into hs_office_debitor values(%) not allowed for current subjects % (%)',
|
||||
raise exception '[403] insert into hs_office.debitor values(%) not allowed for current subjects % (%)',
|
||||
NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
|
||||
end; $$;
|
||||
|
||||
create trigger hs_office_debitor_insert_permission_check_tg
|
||||
before insert on hs_office_debitor
|
||||
create trigger debitor_insert_permission_check_tg
|
||||
before insert on hs_office.debitor
|
||||
for each row
|
||||
execute procedure hs_office_debitor_insert_permission_check_tf();
|
||||
execute procedure hs_office.debitor_insert_permission_check_tf();
|
||||
--//
|
||||
|
||||
|
||||
@ -207,18 +207,18 @@ create trigger hs_office_debitor_insert_permission_check_tg
|
||||
--changeset RbacIdentityViewGenerator:hs-office-debitor-rbac-IDENTITY-VIEW endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
call rbac.generateRbacIdentityViewFromQuery('hs_office_debitor',
|
||||
call rbac.generateRbacIdentityViewFromQuery('hs_office.debitor',
|
||||
$idName$
|
||||
SELECT debitor.uuid AS uuid,
|
||||
'D-' || (SELECT partner.partnerNumber
|
||||
FROM hs_office_partner partner
|
||||
JOIN hs_office_relation partnerRel
|
||||
FROM hs_office.partner partner
|
||||
JOIN hs_office.relation partnerRel
|
||||
ON partnerRel.uuid = partner.partnerRelUUid AND partnerRel.type = 'PARTNER'
|
||||
JOIN hs_office_relation debitorRel
|
||||
JOIN hs_office.relation debitorRel
|
||||
ON debitorRel.anchorUuid = partnerRel.holderUuid AND debitorRel.type = 'DEBITOR'
|
||||
WHERE debitorRel.uuid = debitor.debitorRelUuid)
|
||||
|| debitorNumberSuffix as idName
|
||||
FROM hs_office_debitor AS debitor
|
||||
FROM hs_office.debitor AS debitor
|
||||
$idName$);
|
||||
--//
|
||||
|
||||
@ -226,7 +226,7 @@ call rbac.generateRbacIdentityViewFromQuery('hs_office_debitor',
|
||||
-- ============================================================================
|
||||
--changeset RbacRestrictedViewGenerator:hs-office-debitor-rbac-RESTRICTED-VIEW endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call rbac.generateRbacRestrictedView('hs_office_debitor',
|
||||
call rbac.generateRbacRestrictedView('hs_office.debitor',
|
||||
$orderBy$
|
||||
defaultPrefix
|
||||
$orderBy$,
|
||||
|
@ -24,21 +24,21 @@ begin
|
||||
|
||||
select debitorRel.uuid
|
||||
into relatedDebitorRelUuid
|
||||
from hs_office_relation debitorRel
|
||||
join hs_office_person person on person.uuid = debitorRel.holderUuid
|
||||
from hs_office.relation debitorRel
|
||||
join hs_office.person person on person.uuid = debitorRel.holderUuid
|
||||
and (person.tradeName = forPartnerPersonName or person.familyName = forPartnerPersonName)
|
||||
where debitorRel.type = 'DEBITOR';
|
||||
|
||||
select b.uuid
|
||||
into relatedBankAccountUuid
|
||||
from hs_office_bankaccount b
|
||||
from hs_office.bankaccount b
|
||||
where b.holder = forPartnerPersonName;
|
||||
|
||||
raise notice 'creating test debitor: % (#%)', idName, withDebitorNumberSuffix;
|
||||
-- raise exception 'creating test debitor: (uuid=%, debitorRelUuid=%, debitornumbersuffix=%, billable=%, vatbusiness=%, vatreversecharge=%, refundbankaccountuuid=%, defaultprefix=%)',
|
||||
-- uuid_generate_v4(), relatedDebitorRelUuid, withDebitorNumberSuffix, true, true, false, relatedBankAccountUuid, withDefaultPrefix;
|
||||
insert
|
||||
into hs_office_debitor (uuid, debitorRelUuid, debitornumbersuffix, billable, vatbusiness, vatreversecharge, refundbankaccountuuid, defaultprefix)
|
||||
into hs_office.debitor (uuid, debitorRelUuid, debitornumbersuffix, billable, vatbusiness, vatreversecharge, refundbankaccountuuid, defaultprefix)
|
||||
values (uuid_generate_v4(), relatedDebitorRelUuid, withDebitorNumberSuffix, true, true, false, relatedBankAccountUuid, withDefaultPrefix);
|
||||
end; $$;
|
||||
--//
|
||||
|
@ -4,12 +4,12 @@
|
||||
--changeset michael.hoennig:hs-office-sepamandate-MAIN-TABLE endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
create table if not exists hs_office_sepamandate
|
||||
create table if not exists hs_office.sepamandate
|
||||
(
|
||||
uuid uuid unique references rbac.object (uuid) initially deferred,
|
||||
version int not null default 0,
|
||||
debitorUuid uuid not null references hs_office_debitor(uuid),
|
||||
bankAccountUuid uuid not null references hs_office_bankaccount(uuid),
|
||||
debitorUuid uuid not null references hs_office.debitor(uuid),
|
||||
bankAccountUuid uuid not null references hs_office.bankaccount(uuid),
|
||||
reference varchar(96) not null,
|
||||
agreement date not null,
|
||||
validity daterange not null
|
||||
@ -21,5 +21,5 @@ create table if not exists hs_office_sepamandate
|
||||
--changeset michael.hoennig:hs-office-sepamandate-MAIN-TABLE-JOURNAL endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
call base.create_journal('hs_office_sepamandate');
|
||||
call base.create_journal('hs_office.sepamandate');
|
||||
--//
|
||||
|
@ -5,14 +5,14 @@
|
||||
-- ============================================================================
|
||||
--changeset RbacObjectGenerator:hs-office-sepamandate-rbac-OBJECT endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call rbac.generateRelatedRbacObject('hs_office_sepamandate');
|
||||
call rbac.generateRelatedRbacObject('hs_office.sepamandate');
|
||||
--//
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RbacRoleDescriptorsGenerator:hs-office-sepamandate-rbac-ROLE-DESCRIPTORS endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call rbac.generateRbacRoleDescriptors('hsOfficeSepaMandate', 'hs_office_sepamandate');
|
||||
call rbac.generateRbacRoleDescriptors('hsOfficeSepaMandate', 'hs_office.sepamandate');
|
||||
--//
|
||||
|
||||
|
||||
@ -25,23 +25,23 @@ call rbac.generateRbacRoleDescriptors('hsOfficeSepaMandate', 'hs_office_sepamand
|
||||
*/
|
||||
|
||||
create or replace procedure buildRbacSystemForHsOfficeSepaMandate(
|
||||
NEW hs_office_sepamandate
|
||||
NEW hs_office.sepamandate
|
||||
)
|
||||
language plpgsql as $$
|
||||
|
||||
declare
|
||||
newBankAccount hs_office_bankaccount;
|
||||
newDebitorRel hs_office_relation;
|
||||
newBankAccount hs_office.bankaccount;
|
||||
newDebitorRel hs_office.relation;
|
||||
|
||||
begin
|
||||
call rbac.enterTriggerForObjectUuid(NEW.uuid);
|
||||
|
||||
SELECT * FROM hs_office_bankaccount WHERE uuid = NEW.bankAccountUuid INTO newBankAccount;
|
||||
SELECT * FROM hs_office.bankaccount WHERE uuid = NEW.bankAccountUuid INTO newBankAccount;
|
||||
assert newBankAccount.uuid is not null, format('newBankAccount must not be null for NEW.bankAccountUuid = %s', NEW.bankAccountUuid);
|
||||
|
||||
SELECT debitorRel.*
|
||||
FROM hs_office_relation debitorRel
|
||||
JOIN hs_office_debitor debitor ON debitor.debitorRelUuid = debitorRel.uuid
|
||||
FROM hs_office.relation debitorRel
|
||||
JOIN hs_office.debitor debitor ON debitor.debitorRelUuid = debitorRel.uuid
|
||||
WHERE debitor.uuid = NEW.debitorUuid
|
||||
INTO newDebitorRel;
|
||||
assert newDebitorRel.uuid is not null, format('newDebitorRel must not be null for NEW.debitorUuid = %s', NEW.debitorUuid);
|
||||
@ -82,10 +82,10 @@ begin
|
||||
end; $$;
|
||||
|
||||
/*
|
||||
AFTER INSERT TRIGGER to create the role+grant structure for a new hs_office_sepamandate row.
|
||||
AFTER INSERT TRIGGER to create the role+grant structure for a new hs_office.sepamandate row.
|
||||
*/
|
||||
|
||||
create or replace function insertTriggerForHsOfficeSepaMandate_tf()
|
||||
create or replace function hs_office.insertTriggerForHsOfficeSepaMandate_tf()
|
||||
returns trigger
|
||||
language plpgsql
|
||||
strict as $$
|
||||
@ -95,9 +95,9 @@ begin
|
||||
end; $$;
|
||||
|
||||
create trigger insertTriggerForHsOfficeSepaMandate_tg
|
||||
after insert on hs_office_sepamandate
|
||||
after insert on hs_office.sepamandate
|
||||
for each row
|
||||
execute procedure insertTriggerForHsOfficeSepaMandate_tf();
|
||||
execute procedure hs_office.insertTriggerForHsOfficeSepaMandate_tf();
|
||||
--//
|
||||
|
||||
|
||||
@ -105,48 +105,48 @@ execute procedure insertTriggerForHsOfficeSepaMandate_tf();
|
||||
--changeset InsertTriggerGenerator:hs-office-sepamandate-rbac-GRANTING-INSERT-PERMISSION endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
-- granting INSERT permission to hs_office_relation ----------------------------
|
||||
-- granting INSERT permission to hs_office.relation ----------------------------
|
||||
|
||||
/*
|
||||
Grants INSERT INTO hs_office_sepamandate permissions to specified role of pre-existing hs_office_relation rows.
|
||||
Grants INSERT INTO hs_office.sepamandate permissions to specified role of pre-existing hs_office.relation rows.
|
||||
*/
|
||||
do language plpgsql $$
|
||||
declare
|
||||
row hs_office_relation;
|
||||
row hs_office.relation;
|
||||
begin
|
||||
call base.defineContext('create INSERT INTO hs_office_sepamandate permissions for pre-exising hs_office_relation rows');
|
||||
call base.defineContext('create INSERT INTO hs_office.sepamandate permissions for pre-exising hs_office.relation rows');
|
||||
|
||||
FOR row IN SELECT * FROM hs_office_relation
|
||||
FOR row IN SELECT * FROM hs_office.relation
|
||||
WHERE type = 'DEBITOR'
|
||||
LOOP
|
||||
call rbac.grantPermissionToRole(
|
||||
rbac.createPermission(row.uuid, 'INSERT', 'hs_office_sepamandate'),
|
||||
rbac.createPermission(row.uuid, 'INSERT', 'hs_office.sepamandate'),
|
||||
hsOfficeRelationADMIN(row));
|
||||
END LOOP;
|
||||
end;
|
||||
$$;
|
||||
|
||||
/**
|
||||
Grants hs_office_sepamandate INSERT permission to specified role of new hs_office_relation rows.
|
||||
Grants hs_office.sepamandate INSERT permission to specified role of new relation rows.
|
||||
*/
|
||||
create or replace function new_hsof_sepamandate_grants_insert_to_hsof_relation_tf()
|
||||
create or replace function hs_office.new_sepamandate_grants_insert_to_relation_tf()
|
||||
returns trigger
|
||||
language plpgsql
|
||||
strict as $$
|
||||
begin
|
||||
if NEW.type = 'DEBITOR' then
|
||||
call rbac.grantPermissionToRole(
|
||||
rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office_sepamandate'),
|
||||
rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office.sepamandate'),
|
||||
hsOfficeRelationADMIN(NEW));
|
||||
end if;
|
||||
return NEW;
|
||||
end; $$;
|
||||
|
||||
-- z_... is to put it at the end of after insert triggers, to make sure the roles exist
|
||||
create trigger z_new_hs_office_sepamandate_grants_after_insert_tg
|
||||
after insert on hs_office_relation
|
||||
create trigger z_new_sepamandate_grants_after_insert_tg
|
||||
after insert on hs_office.relation
|
||||
for each row
|
||||
execute procedure new_hsof_sepamandate_grants_insert_to_hsof_relation_tf();
|
||||
execute procedure hs_office.new_sepamandate_grants_insert_to_relation_tf();
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
@ -154,9 +154,9 @@ execute procedure new_hsof_sepamandate_grants_insert_to_hsof_relation_tf();
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
/**
|
||||
Checks if the user respectively the assumed roles are allowed to insert a row to hs_office_sepamandate.
|
||||
Checks if the user respectively the assumed roles are allowed to insert a row to hs_office.sepamandate.
|
||||
*/
|
||||
create or replace function hs_office_sepamandate_insert_permission_check_tf()
|
||||
create or replace function hs_office.sepamandate_insert_permission_check_tf()
|
||||
returns trigger
|
||||
language plpgsql as $$
|
||||
declare
|
||||
@ -164,23 +164,23 @@ declare
|
||||
begin
|
||||
-- check INSERT permission via indirect foreign key: NEW.debitorUuid
|
||||
superObjectUuid := (SELECT debitorRel.uuid
|
||||
FROM hs_office_relation debitorRel
|
||||
JOIN hs_office_debitor debitor ON debitor.debitorRelUuid = debitorRel.uuid
|
||||
FROM hs_office.relation debitorRel
|
||||
JOIN hs_office.debitor debitor ON debitor.debitorRelUuid = debitorRel.uuid
|
||||
WHERE debitor.uuid = NEW.debitorUuid
|
||||
);
|
||||
assert superObjectUuid is not null, 'object uuid fetched depending on hs_office_sepamandate.debitorUuid must not be null, also check fetchSql in RBAC DSL';
|
||||
if rbac.hasInsertPermission(superObjectUuid, 'hs_office_sepamandate') then
|
||||
assert superObjectUuid is not null, 'object uuid fetched depending on hs_office.sepamandate.debitorUuid must not be null, also check fetchSql in RBAC DSL';
|
||||
if rbac.hasInsertPermission(superObjectUuid, 'hs_office.sepamandate') then
|
||||
return NEW;
|
||||
end if;
|
||||
|
||||
raise exception '[403] insert into hs_office_sepamandate values(%) not allowed for current subjects % (%)',
|
||||
raise exception '[403] insert into hs_office.sepamandate values(%) not allowed for current subjects % (%)',
|
||||
NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
|
||||
end; $$;
|
||||
|
||||
create trigger hs_office_sepamandate_insert_permission_check_tg
|
||||
before insert on hs_office_sepamandate
|
||||
create trigger sepamandate_insert_permission_check_tg
|
||||
before insert on hs_office.sepamandate
|
||||
for each row
|
||||
execute procedure hs_office_sepamandate_insert_permission_check_tf();
|
||||
execute procedure hs_office.sepamandate_insert_permission_check_tf();
|
||||
--//
|
||||
|
||||
|
||||
@ -188,11 +188,11 @@ create trigger hs_office_sepamandate_insert_permission_check_tg
|
||||
--changeset RbacIdentityViewGenerator:hs-office-sepamandate-rbac-IDENTITY-VIEW endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
call rbac.generateRbacIdentityViewFromQuery('hs_office_sepamandate',
|
||||
call rbac.generateRbacIdentityViewFromQuery('hs_office.sepamandate',
|
||||
$idName$
|
||||
select sm.uuid as uuid, ba.iban || '-' || sm.validity as idName
|
||||
from hs_office_sepamandate sm
|
||||
join hs_office_bankaccount ba on ba.uuid = sm.bankAccountUuid
|
||||
from hs_office.sepamandate sm
|
||||
join hs_office.bankaccount ba on ba.uuid = sm.bankAccountUuid
|
||||
$idName$);
|
||||
--//
|
||||
|
||||
@ -200,7 +200,7 @@ call rbac.generateRbacIdentityViewFromQuery('hs_office_sepamandate',
|
||||
-- ============================================================================
|
||||
--changeset RbacRestrictedViewGenerator:hs-office-sepamandate-rbac-RESTRICTED-VIEW endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call rbac.generateRbacRestrictedView('hs_office_sepamandate',
|
||||
call rbac.generateRbacRestrictedView('hs_office.sepamandate',
|
||||
$orderBy$
|
||||
validity
|
||||
$orderBy$,
|
||||
|
@ -7,9 +7,9 @@
|
||||
--changeset michael.hoennig:hs-office-sepamandate-MIGRATION-mapping endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
CREATE TABLE hs_office_sepamandate_legacy_id
|
||||
CREATE TABLE hs_office.sepamandate_legacy_id
|
||||
(
|
||||
uuid uuid NOT NULL REFERENCES hs_office_sepamandate(uuid),
|
||||
uuid uuid NOT NULL REFERENCES hs_office.sepamandate(uuid),
|
||||
sepa_mandate_id integer NOT NULL
|
||||
);
|
||||
--//
|
||||
@ -19,10 +19,10 @@ CREATE TABLE hs_office_sepamandate_legacy_id
|
||||
--changeset michael.hoennig:hs-office-sepamandate-MIGRATION-sequence endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
CREATE SEQUENCE IF NOT EXISTS hs_office_sepamandate_legacy_id_seq
|
||||
CREATE SEQUENCE IF NOT EXISTS hs_office.sepamandate_legacy_id_seq
|
||||
AS integer
|
||||
START 1000000000
|
||||
OWNED BY hs_office_sepamandate_legacy_id.sepa_mandate_id;
|
||||
OWNED BY hs_office.sepamandate_legacy_id.sepa_mandate_id;
|
||||
--//
|
||||
|
||||
|
||||
@ -30,9 +30,9 @@ CREATE SEQUENCE IF NOT EXISTS hs_office_sepamandate_legacy_id_seq
|
||||
--changeset michael.hoennig:hs-office-sepamandate-MIGRATION-default endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
ALTER TABLE hs_office_sepamandate_legacy_id
|
||||
ALTER TABLE hs_office.sepamandate_legacy_id
|
||||
ALTER COLUMN sepa_mandate_id
|
||||
SET DEFAULT nextVal('hs_office_sepamandate_legacy_id_seq');
|
||||
SET DEFAULT nextVal('hs_office.sepamandate_legacy_id_seq');
|
||||
|
||||
--/
|
||||
|
||||
@ -42,8 +42,8 @@ ALTER TABLE hs_office_sepamandate_legacy_id
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
CALL base.defineContext('schema-migration');
|
||||
INSERT INTO hs_office_sepamandate_legacy_id(uuid, sepa_mandate_id)
|
||||
SELECT uuid, nextVal('hs_office_sepamandate_legacy_id_seq') FROM hs_office_sepamandate;
|
||||
INSERT INTO hs_office.sepamandate_legacy_id(uuid, sepa_mandate_id)
|
||||
SELECT uuid, nextVal('hs_office.sepamandate_legacy_id_seq') FROM hs_office.sepamandate;
|
||||
--/
|
||||
|
||||
|
||||
@ -59,14 +59,14 @@ begin
|
||||
raise exception 'invalid usage of trigger';
|
||||
end if;
|
||||
|
||||
INSERT INTO hs_office_sepamandate_legacy_id VALUES
|
||||
(NEW.uuid, nextVal('hs_office_sepamandate_legacy_id_seq'));
|
||||
INSERT INTO hs_office.sepamandate_legacy_id VALUES
|
||||
(NEW.uuid, nextVal('hs_office.sepamandate_legacy_id_seq'));
|
||||
|
||||
return NEW;
|
||||
end; $$;
|
||||
|
||||
create trigger createSepaMandateLegacyIdMapping
|
||||
after insert on hs_office_sepamandate
|
||||
after insert on hs_office.sepamandate
|
||||
for each row
|
||||
execute procedure insertSepaMandateLegacyIdMapping();
|
||||
--/
|
||||
@ -84,14 +84,14 @@ begin
|
||||
raise exception 'invalid usage of trigger';
|
||||
end if;
|
||||
|
||||
DELETE FROM hs_office_sepamandate_legacy_id
|
||||
DELETE FROM hs_office.sepamandate_legacy_id
|
||||
WHERE uuid = OLD.uuid;
|
||||
|
||||
return OLD;
|
||||
end; $$;
|
||||
|
||||
create trigger removeSepaMandateLegacyIdMapping
|
||||
before delete on hs_office_sepamandate
|
||||
before delete on hs_office.sepamandate
|
||||
for each row
|
||||
execute procedure deleteSepaMandateLegacyIdMapping();
|
||||
--/
|
||||
|
@ -15,23 +15,23 @@ create or replace procedure createHsOfficeSepaMandateTestData(
|
||||
withReference varchar)
|
||||
language plpgsql as $$
|
||||
declare
|
||||
relatedDebitor hs_office_debitor;
|
||||
relatedBankAccount hs_office_bankAccount;
|
||||
relatedDebitor hs_office.debitor;
|
||||
relatedBankAccount hs_office.bankAccount;
|
||||
begin
|
||||
select debitor.* into relatedDebitor
|
||||
from hs_office_debitor debitor
|
||||
join hs_office_relation debitorRel on debitorRel.uuid = debitor.debitorRelUuid
|
||||
join hs_office_relation partnerRel on partnerRel.holderUuid = debitorRel.anchorUuid
|
||||
join hs_office_partner partner on partner.partnerRelUuid = partnerRel.uuid
|
||||
from hs_office.debitor debitor
|
||||
join hs_office.relation debitorRel on debitorRel.uuid = debitor.debitorRelUuid
|
||||
join hs_office.relation partnerRel on partnerRel.holderUuid = debitorRel.anchorUuid
|
||||
join hs_office.partner partner on partner.partnerRelUuid = partnerRel.uuid
|
||||
where partner.partnerNumber = forPartnerNumber and debitor.debitorNumberSuffix = forDebitorSuffix;
|
||||
select b.* into relatedBankAccount
|
||||
from hs_office_bankAccount b where b.iban = forIban;
|
||||
from hs_office.bankAccount b where b.iban = forIban;
|
||||
|
||||
raise notice 'creating test SEPA-mandate: %', forPartnerNumber::text || forDebitorSuffix::text;
|
||||
raise notice '- using debitor (%): %', relatedDebitor.uuid, relatedDebitor;
|
||||
raise notice '- using bankAccount (%): %', relatedBankAccount.uuid, relatedBankAccount;
|
||||
insert
|
||||
into hs_office_sepamandate (uuid, debitoruuid, bankAccountuuid, reference, agreement, validity)
|
||||
into hs_office.sepamandate (uuid, debitoruuid, bankAccountuuid, reference, agreement, validity)
|
||||
values (uuid_generate_v4(), relatedDebitor.uuid, relatedBankAccount.uuid, withReference, '20220930', daterange('20221001' , '20261231', '[]'));
|
||||
end; $$;
|
||||
--//
|
||||
|
@ -17,11 +17,11 @@ CREATE TYPE HsOfficeMembershipStatus AS ENUM (
|
||||
|
||||
CREATE CAST (character varying as HsOfficeMembershipStatus) WITH INOUT AS IMPLICIT;
|
||||
|
||||
create table if not exists hs_office_membership
|
||||
create table if not exists hs_office.membership
|
||||
(
|
||||
uuid uuid unique references rbac.object (uuid) initially deferred,
|
||||
version int not null default 0,
|
||||
partnerUuid uuid not null references hs_office_partner(uuid),
|
||||
partnerUuid uuid not null references hs_office.partner(uuid),
|
||||
memberNumberSuffix char(2) not null check (memberNumberSuffix::text ~ '^[0-9][0-9]$'),
|
||||
validity daterange not null,
|
||||
status HsOfficeMembershipStatus not null default 'ACTIVE',
|
||||
@ -36,5 +36,5 @@ create table if not exists hs_office_membership
|
||||
--changeset michael.hoennig:hs-office-membership-MAIN-TABLE-JOURNAL endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
call base.create_journal('hs_office_membership');
|
||||
call base.create_journal('hs_office.membership');
|
||||
--//
|
||||
|
@ -5,14 +5,14 @@
|
||||
-- ============================================================================
|
||||
--changeset RbacObjectGenerator:hs-office-membership-rbac-OBJECT endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call rbac.generateRelatedRbacObject('hs_office_membership');
|
||||
call rbac.generateRelatedRbacObject('hs_office.membership');
|
||||
--//
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RbacRoleDescriptorsGenerator:hs-office-membership-rbac-ROLE-DESCRIPTORS endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call rbac.generateRbacRoleDescriptors('hsOfficeMembership', 'hs_office_membership');
|
||||
call rbac.generateRbacRoleDescriptors('hsOfficeMembership', 'hs_office.membership');
|
||||
--//
|
||||
|
||||
|
||||
@ -25,19 +25,19 @@ call rbac.generateRbacRoleDescriptors('hsOfficeMembership', 'hs_office_membershi
|
||||
*/
|
||||
|
||||
create or replace procedure buildRbacSystemForHsOfficeMembership(
|
||||
NEW hs_office_membership
|
||||
NEW hs_office.membership
|
||||
)
|
||||
language plpgsql as $$
|
||||
|
||||
declare
|
||||
newPartnerRel hs_office_relation;
|
||||
newPartnerRel hs_office.relation;
|
||||
|
||||
begin
|
||||
call rbac.enterTriggerForObjectUuid(NEW.uuid);
|
||||
|
||||
SELECT partnerRel.*
|
||||
FROM hs_office_partner AS partner
|
||||
JOIN hs_office_relation AS partnerRel ON partnerRel.uuid = partner.partnerRelUuid
|
||||
FROM hs_office.partner AS partner
|
||||
JOIN hs_office.relation AS partnerRel ON partnerRel.uuid = partner.partnerRelUuid
|
||||
WHERE partner.uuid = NEW.partnerUuid
|
||||
INTO newPartnerRel;
|
||||
assert newPartnerRel.uuid is not null, format('newPartnerRel must not be null for NEW.partnerUuid = %s', NEW.partnerUuid);
|
||||
@ -69,10 +69,10 @@ begin
|
||||
end; $$;
|
||||
|
||||
/*
|
||||
AFTER INSERT TRIGGER to create the role+grant structure for a new hs_office_membership row.
|
||||
AFTER INSERT TRIGGER to create the role+grant structure for a new hs_office.membership row.
|
||||
*/
|
||||
|
||||
create or replace function insertTriggerForHsOfficeMembership_tf()
|
||||
create or replace function hs_office.insertTriggerForHsOfficeMembership_tf()
|
||||
returns trigger
|
||||
language plpgsql
|
||||
strict as $$
|
||||
@ -82,9 +82,9 @@ begin
|
||||
end; $$;
|
||||
|
||||
create trigger insertTriggerForHsOfficeMembership_tg
|
||||
after insert on hs_office_membership
|
||||
after insert on hs_office.membership
|
||||
for each row
|
||||
execute procedure insertTriggerForHsOfficeMembership_tf();
|
||||
execute procedure hs_office.insertTriggerForHsOfficeMembership_tf();
|
||||
--//
|
||||
|
||||
|
||||
@ -95,45 +95,45 @@ execute procedure insertTriggerForHsOfficeMembership_tf();
|
||||
-- granting INSERT permission to rbac.global ----------------------------
|
||||
|
||||
/*
|
||||
Grants INSERT INTO hs_office_membership permissions to specified role of pre-existing rbac.global rows.
|
||||
Grants INSERT INTO hs_office.membership permissions to specified role of pre-existing rbac.global rows.
|
||||
*/
|
||||
do language plpgsql $$
|
||||
declare
|
||||
row rbac.global;
|
||||
begin
|
||||
call base.defineContext('create INSERT INTO hs_office_membership permissions for pre-exising rbac.global rows');
|
||||
call base.defineContext('create INSERT INTO hs_office.membership permissions for pre-exising rbac.global rows');
|
||||
|
||||
FOR row IN SELECT * FROM rbac.global
|
||||
-- unconditional for all rows in that table
|
||||
LOOP
|
||||
call rbac.grantPermissionToRole(
|
||||
rbac.createPermission(row.uuid, 'INSERT', 'hs_office_membership'),
|
||||
rbac.createPermission(row.uuid, 'INSERT', 'hs_office.membership'),
|
||||
rbac.globalADMIN());
|
||||
END LOOP;
|
||||
end;
|
||||
$$;
|
||||
|
||||
/**
|
||||
Grants hs_office_membership INSERT permission to specified role of new global rows.
|
||||
Grants hs_office.membership INSERT permission to specified role of new global rows.
|
||||
*/
|
||||
create or replace function new_hsof_membership_grants_insert_to_global_tf()
|
||||
create or replace function hs_office.new_membership_grants_insert_to_global_tf()
|
||||
returns trigger
|
||||
language plpgsql
|
||||
strict as $$
|
||||
begin
|
||||
-- unconditional for all rows in that table
|
||||
call rbac.grantPermissionToRole(
|
||||
rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office_membership'),
|
||||
rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office.membership'),
|
||||
rbac.globalADMIN());
|
||||
-- end.
|
||||
return NEW;
|
||||
end; $$;
|
||||
|
||||
-- z_... is to put it at the end of after insert triggers, to make sure the roles exist
|
||||
create trigger z_new_hs_office_membership_grants_after_insert_tg
|
||||
create trigger z_new_membership_grants_after_insert_tg
|
||||
after insert on rbac.global
|
||||
for each row
|
||||
execute procedure new_hsof_membership_grants_insert_to_global_tf();
|
||||
execute procedure hs_office.new_membership_grants_insert_to_global_tf();
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
@ -141,9 +141,9 @@ execute procedure new_hsof_membership_grants_insert_to_global_tf();
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
/**
|
||||
Checks if the user respectively the assumed roles are allowed to insert a row to hs_office_membership.
|
||||
Checks if the user respectively the assumed roles are allowed to insert a row to hs_office.membership.
|
||||
*/
|
||||
create or replace function hs_office_membership_insert_permission_check_tf()
|
||||
create or replace function hs_office.membership_insert_permission_check_tf()
|
||||
returns trigger
|
||||
language plpgsql as $$
|
||||
declare
|
||||
@ -154,14 +154,14 @@ begin
|
||||
return NEW;
|
||||
end if;
|
||||
|
||||
raise exception '[403] insert into hs_office_membership values(%) not allowed for current subjects % (%)',
|
||||
raise exception '[403] insert into hs_office.membership values(%) not allowed for current subjects % (%)',
|
||||
NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
|
||||
end; $$;
|
||||
|
||||
create trigger hs_office_membership_insert_permission_check_tg
|
||||
before insert on hs_office_membership
|
||||
create trigger membership_insert_permission_check_tg
|
||||
before insert on hs_office.membership
|
||||
for each row
|
||||
execute procedure hs_office_membership_insert_permission_check_tf();
|
||||
execute procedure hs_office.membership_insert_permission_check_tf();
|
||||
--//
|
||||
|
||||
|
||||
@ -169,12 +169,12 @@ create trigger hs_office_membership_insert_permission_check_tg
|
||||
--changeset RbacIdentityViewGenerator:hs-office-membership-rbac-IDENTITY-VIEW endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
call rbac.generateRbacIdentityViewFromQuery('hs_office_membership',
|
||||
call rbac.generateRbacIdentityViewFromQuery('hs_office.membership',
|
||||
$idName$
|
||||
SELECT m.uuid AS uuid,
|
||||
'M-' || p.partnerNumber || m.memberNumberSuffix as idName
|
||||
FROM hs_office_membership AS m
|
||||
JOIN hs_office_partner AS p ON p.uuid = m.partnerUuid
|
||||
FROM hs_office.membership AS m
|
||||
JOIN hs_office.partner AS p ON p.uuid = m.partnerUuid
|
||||
$idName$);
|
||||
--//
|
||||
|
||||
@ -182,7 +182,7 @@ call rbac.generateRbacIdentityViewFromQuery('hs_office_membership',
|
||||
-- ============================================================================
|
||||
--changeset RbacRestrictedViewGenerator:hs-office-membership-rbac-RESTRICTED-VIEW endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call rbac.generateRbacRestrictedView('hs_office_membership',
|
||||
call rbac.generateRbacRestrictedView('hs_office.membership',
|
||||
$orderBy$
|
||||
validity
|
||||
$orderBy$,
|
||||
|
@ -13,15 +13,15 @@ create or replace procedure createHsOfficeMembershipTestData(
|
||||
newMemberNumberSuffix char(2) )
|
||||
language plpgsql as $$
|
||||
declare
|
||||
relatedPartner hs_office_partner;
|
||||
relatedPartner hs_office.partner;
|
||||
begin
|
||||
select partner.* from hs_office_partner partner
|
||||
select partner.* from hs_office.partner partner
|
||||
where partner.partnerNumber = forPartnerNumber into relatedPartner;
|
||||
|
||||
raise notice 'creating test Membership: M-% %', forPartnerNumber, newMemberNumberSuffix;
|
||||
raise notice '- using partner (%): %', relatedPartner.uuid, relatedPartner;
|
||||
insert
|
||||
into hs_office_membership (uuid, partneruuid, memberNumberSuffix, validity, status)
|
||||
into hs_office.membership (uuid, partneruuid, memberNumberSuffix, validity, status)
|
||||
values (uuid_generate_v4(), relatedPartner.uuid, newMemberNumberSuffix, daterange('20221001' , null, '[]'), 'ACTIVE');
|
||||
end; $$;
|
||||
--//
|
||||
|
@ -8,16 +8,16 @@ CREATE TYPE HsOfficeCoopSharesTransactionType AS ENUM ('ADJUSTMENT', 'SUBSCRIPTI
|
||||
|
||||
CREATE CAST (character varying as HsOfficeCoopSharesTransactionType) WITH INOUT AS IMPLICIT;
|
||||
|
||||
create table if not exists hs_office_coopsharestransaction
|
||||
create table if not exists hs_office.coopsharestransaction
|
||||
(
|
||||
uuid uuid unique references rbac.object (uuid) initially deferred,
|
||||
version int not null default 0,
|
||||
membershipUuid uuid not null references hs_office_membership(uuid),
|
||||
membershipUuid uuid not null references hs_office.membership(uuid),
|
||||
transactionType HsOfficeCoopSharesTransactionType not null,
|
||||
valueDate date not null,
|
||||
shareCount integer not null,
|
||||
reference varchar(48) not null,
|
||||
adjustedShareTxUuid uuid unique REFERENCES hs_office_coopsharestransaction(uuid) DEFERRABLE INITIALLY DEFERRED,
|
||||
adjustedShareTxUuid uuid unique REFERENCES hs_office.coopsharestransaction(uuid) DEFERRABLE INITIALLY DEFERRED,
|
||||
comment varchar(512)
|
||||
);
|
||||
--//
|
||||
@ -26,8 +26,8 @@ create table if not exists hs_office_coopsharestransaction
|
||||
--changeset michael.hoennig:hs-office-coopshares-BUSINESS-RULES endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
alter table hs_office_coopsharestransaction
|
||||
add constraint hs_office_coopsharestransaction_reverse_entry_missing
|
||||
alter table hs_office.coopsharestransaction
|
||||
add constraint hs_office.coopsharestransaction_reverse_entry_missing
|
||||
check ( transactionType = 'ADJUSTMENT' and adjustedShareTxUuid is not null
|
||||
or transactionType <> 'ADJUSTMENT' and adjustedShareTxUuid is null);
|
||||
--//
|
||||
@ -44,7 +44,7 @@ declare
|
||||
totalShareCount integer;
|
||||
begin
|
||||
select sum(cst.shareCount)
|
||||
from hs_office_coopsharestransaction cst
|
||||
from hs_office.coopsharestransaction cst
|
||||
where cst.membershipUuid = forMembershipUuid
|
||||
into currentShareCount;
|
||||
totalShareCount := currentShareCount + newShareCount;
|
||||
@ -54,8 +54,8 @@ begin
|
||||
return true;
|
||||
end; $$;
|
||||
|
||||
alter table hs_office_coopsharestransaction
|
||||
add constraint hs_office_coopshares_positive
|
||||
alter table hs_office.coopsharestransaction
|
||||
add constraint hs_office.coopshares_positive
|
||||
check ( checkSharesByMembershipUuid(membershipUuid, shareCount) );
|
||||
|
||||
--//
|
||||
@ -64,5 +64,5 @@ alter table hs_office_coopsharestransaction
|
||||
--changeset michael.hoennig:hs-office-coopshares-MAIN-TABLE-JOURNAL endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
call base.create_journal('hs_office_coopsharestransaction');
|
||||
call base.create_journal('hs_office.coopsharestransaction');
|
||||
--//
|
||||
|
@ -5,14 +5,14 @@
|
||||
-- ============================================================================
|
||||
--changeset RbacObjectGenerator:hs-office-coopsharestransaction-rbac-OBJECT endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call rbac.generateRelatedRbacObject('hs_office_coopsharestransaction');
|
||||
call rbac.generateRelatedRbacObject('hs_office.coopsharestransaction');
|
||||
--//
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RbacRoleDescriptorsGenerator:hs-office-coopsharestransaction-rbac-ROLE-DESCRIPTORS endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call rbac.generateRbacRoleDescriptors('hsOfficeCoopSharesTransaction', 'hs_office_coopsharestransaction');
|
||||
call rbac.generateRbacRoleDescriptors('hsOfficeCoopSharesTransaction', 'hs_office.coopsharestransaction');
|
||||
--//
|
||||
|
||||
|
||||
@ -25,17 +25,17 @@ call rbac.generateRbacRoleDescriptors('hsOfficeCoopSharesTransaction', 'hs_offic
|
||||
*/
|
||||
|
||||
create or replace procedure buildRbacSystemForHsOfficeCoopSharesTransaction(
|
||||
NEW hs_office_coopsharestransaction
|
||||
NEW hs_office.coopsharestransaction
|
||||
)
|
||||
language plpgsql as $$
|
||||
|
||||
declare
|
||||
newMembership hs_office_membership;
|
||||
newMembership hs_office.membership;
|
||||
|
||||
begin
|
||||
call rbac.enterTriggerForObjectUuid(NEW.uuid);
|
||||
|
||||
SELECT * FROM hs_office_membership WHERE uuid = NEW.membershipUuid INTO newMembership;
|
||||
SELECT * FROM hs_office.membership WHERE uuid = NEW.membershipUuid INTO newMembership;
|
||||
assert newMembership.uuid is not null, format('newMembership must not be null for NEW.membershipUuid = %s', NEW.membershipUuid);
|
||||
|
||||
call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'SELECT'), hsOfficeMembershipAGENT(newMembership));
|
||||
@ -45,10 +45,10 @@ begin
|
||||
end; $$;
|
||||
|
||||
/*
|
||||
AFTER INSERT TRIGGER to create the role+grant structure for a new hs_office_coopsharestransaction row.
|
||||
AFTER INSERT TRIGGER to create the role+grant structure for a new hs_office.coopsharestransaction row.
|
||||
*/
|
||||
|
||||
create or replace function insertTriggerForHsOfficeCoopSharesTransaction_tf()
|
||||
create or replace function hs_office.insertTriggerForHsOfficeCoopSharesTransaction_tf()
|
||||
returns trigger
|
||||
language plpgsql
|
||||
strict as $$
|
||||
@ -58,9 +58,9 @@ begin
|
||||
end; $$;
|
||||
|
||||
create trigger insertTriggerForHsOfficeCoopSharesTransaction_tg
|
||||
after insert on hs_office_coopsharestransaction
|
||||
after insert on hs_office.coopsharestransaction
|
||||
for each row
|
||||
execute procedure insertTriggerForHsOfficeCoopSharesTransaction_tf();
|
||||
execute procedure hs_office.insertTriggerForHsOfficeCoopSharesTransaction_tf();
|
||||
--//
|
||||
|
||||
|
||||
@ -68,48 +68,48 @@ execute procedure insertTriggerForHsOfficeCoopSharesTransaction_tf();
|
||||
--changeset InsertTriggerGenerator:hs-office-coopsharestransaction-rbac-GRANTING-INSERT-PERMISSION endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
-- granting INSERT permission to hs_office_membership ----------------------------
|
||||
-- granting INSERT permission to hs_office.membership ----------------------------
|
||||
|
||||
/*
|
||||
Grants INSERT INTO hs_office_coopsharestransaction permissions to specified role of pre-existing hs_office_membership rows.
|
||||
Grants INSERT INTO hs_office.coopsharestransaction permissions to specified role of pre-existing hs_office.membership rows.
|
||||
*/
|
||||
do language plpgsql $$
|
||||
declare
|
||||
row hs_office_membership;
|
||||
row hs_office.membership;
|
||||
begin
|
||||
call base.defineContext('create INSERT INTO hs_office_coopsharestransaction permissions for pre-exising hs_office_membership rows');
|
||||
call base.defineContext('create INSERT INTO hs_office.coopsharestransaction permissions for pre-exising hs_office.membership rows');
|
||||
|
||||
FOR row IN SELECT * FROM hs_office_membership
|
||||
FOR row IN SELECT * FROM hs_office.membership
|
||||
-- unconditional for all rows in that table
|
||||
LOOP
|
||||
call rbac.grantPermissionToRole(
|
||||
rbac.createPermission(row.uuid, 'INSERT', 'hs_office_coopsharestransaction'),
|
||||
rbac.createPermission(row.uuid, 'INSERT', 'hs_office.coopsharestransaction'),
|
||||
hsOfficeMembershipADMIN(row));
|
||||
END LOOP;
|
||||
end;
|
||||
$$;
|
||||
|
||||
/**
|
||||
Grants hs_office_coopsharestransaction INSERT permission to specified role of new hs_office_membership rows.
|
||||
Grants hs_office.coopsharestransaction INSERT permission to specified role of new membership rows.
|
||||
*/
|
||||
create or replace function new_hsof_coopsharetx_grants_insert_to_hsof_membership_tf()
|
||||
create or replace function hs_office.new_coopsharetx_grants_insert_to_membership_tf()
|
||||
returns trigger
|
||||
language plpgsql
|
||||
strict as $$
|
||||
begin
|
||||
-- unconditional for all rows in that table
|
||||
call rbac.grantPermissionToRole(
|
||||
rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office_coopsharestransaction'),
|
||||
rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office.coopsharestransaction'),
|
||||
hsOfficeMembershipADMIN(NEW));
|
||||
-- end.
|
||||
return NEW;
|
||||
end; $$;
|
||||
|
||||
-- z_... is to put it at the end of after insert triggers, to make sure the roles exist
|
||||
create trigger z_new_hs_office_coopsharestransaction_grants_after_insert_tg
|
||||
after insert on hs_office_membership
|
||||
create trigger z_new_coopsharestransaction_grants_after_insert_tg
|
||||
after insert on hs_office.membership
|
||||
for each row
|
||||
execute procedure new_hsof_coopsharetx_grants_insert_to_hsof_membership_tf();
|
||||
execute procedure hs_office.new_coopsharetx_grants_insert_to_membership_tf();
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
@ -117,27 +117,27 @@ execute procedure new_hsof_coopsharetx_grants_insert_to_hsof_membership_tf();
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
/**
|
||||
Checks if the user respectively the assumed roles are allowed to insert a row to hs_office_coopsharestransaction.
|
||||
Checks if the user respectively the assumed roles are allowed to insert a row to hs_office.coopsharestransaction.
|
||||
*/
|
||||
create or replace function hs_office_coopsharestransaction_insert_permission_check_tf()
|
||||
create or replace function hs_office.coopsharestransaction_insert_permission_check_tf()
|
||||
returns trigger
|
||||
language plpgsql as $$
|
||||
declare
|
||||
superObjectUuid uuid;
|
||||
begin
|
||||
-- check INSERT permission via direct foreign key: NEW.membershipUuid
|
||||
if rbac.hasInsertPermission(NEW.membershipUuid, 'hs_office_coopsharestransaction') then
|
||||
if rbac.hasInsertPermission(NEW.membershipUuid, 'hs_office.coopsharestransaction') then
|
||||
return NEW;
|
||||
end if;
|
||||
|
||||
raise exception '[403] insert into hs_office_coopsharestransaction values(%) not allowed for current subjects % (%)',
|
||||
raise exception '[403] insert into hs_office.coopsharestransaction values(%) not allowed for current subjects % (%)',
|
||||
NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
|
||||
end; $$;
|
||||
|
||||
create trigger hs_office_coopsharestransaction_insert_permission_check_tg
|
||||
before insert on hs_office_coopsharestransaction
|
||||
create trigger coopsharestransaction_insert_permission_check_tg
|
||||
before insert on hs_office.coopsharestransaction
|
||||
for each row
|
||||
execute procedure hs_office_coopsharestransaction_insert_permission_check_tf();
|
||||
execute procedure hs_office.coopsharestransaction_insert_permission_check_tf();
|
||||
--//
|
||||
|
||||
|
||||
@ -145,7 +145,7 @@ create trigger hs_office_coopsharestransaction_insert_permission_check_tg
|
||||
--changeset RbacIdentityViewGenerator:hs-office-coopsharestransaction-rbac-IDENTITY-VIEW endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
call rbac.generateRbacIdentityViewFromProjection('hs_office_coopsharestransaction',
|
||||
call rbac.generateRbacIdentityViewFromProjection('hs_office.coopsharestransaction',
|
||||
$idName$
|
||||
reference
|
||||
$idName$);
|
||||
@ -155,7 +155,7 @@ call rbac.generateRbacIdentityViewFromProjection('hs_office_coopsharestransactio
|
||||
-- ============================================================================
|
||||
--changeset RbacRestrictedViewGenerator:hs-office-coopsharestransaction-rbac-RESTRICTED-VIEW endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call rbac.generateRbacRestrictedView('hs_office_coopsharestransaction',
|
||||
call rbac.generateRbacRestrictedView('hs_office.coopsharestransaction',
|
||||
$orderBy$
|
||||
reference
|
||||
$orderBy$,
|
||||
|
@ -7,9 +7,9 @@
|
||||
--changeset michael.hoennig:hs-office-coopshares-MIGRATION-mapping endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
CREATE TABLE hs_office_coopsharestransaction_legacy_id
|
||||
CREATE TABLE hs_office.coopsharestransaction_legacy_id
|
||||
(
|
||||
uuid uuid NOT NULL REFERENCES hs_office_coopsharestransaction(uuid),
|
||||
uuid uuid NOT NULL REFERENCES hs_office.coopsharestransaction(uuid),
|
||||
member_share_id integer NOT NULL
|
||||
);
|
||||
--//
|
||||
@ -19,10 +19,10 @@ CREATE TABLE hs_office_coopsharestransaction_legacy_id
|
||||
--changeset michael.hoennig:hs-office-coopshares-MIGRATION-sequence endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
CREATE SEQUENCE IF NOT EXISTS hs_office_coopsharestransaction_legacy_id_seq
|
||||
CREATE SEQUENCE IF NOT EXISTS hs_office.coopsharestransaction_legacy_id_seq
|
||||
AS integer
|
||||
START 1000000000
|
||||
OWNED BY hs_office_coopsharestransaction_legacy_id.member_share_id;
|
||||
OWNED BY hs_office.coopsharestransaction_legacy_id.member_share_id;
|
||||
--//
|
||||
|
||||
|
||||
@ -30,9 +30,9 @@ CREATE SEQUENCE IF NOT EXISTS hs_office_coopsharestransaction_legacy_id_seq
|
||||
--changeset michael.hoennig:hs-office-coopshares-MIGRATION-default endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
ALTER TABLE hs_office_coopsharestransaction_legacy_id
|
||||
ALTER TABLE hs_office.coopsharestransaction_legacy_id
|
||||
ALTER COLUMN member_share_id
|
||||
SET DEFAULT nextVal('hs_office_coopsharestransaction_legacy_id_seq');
|
||||
SET DEFAULT nextVal('hs_office.coopsharestransaction_legacy_id_seq');
|
||||
|
||||
--/
|
||||
|
||||
@ -41,8 +41,8 @@ ALTER TABLE hs_office_coopsharestransaction_legacy_id
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
CALL base.defineContext('schema-migration');
|
||||
INSERT INTO hs_office_coopsharestransaction_legacy_id(uuid, member_share_id)
|
||||
SELECT uuid, nextVal('hs_office_coopsharestransaction_legacy_id_seq') FROM hs_office_coopsharestransaction;
|
||||
INSERT INTO hs_office.coopsharestransaction_legacy_id(uuid, member_share_id)
|
||||
SELECT uuid, nextVal('hs_office.coopsharestransaction_legacy_id_seq') FROM hs_office.coopsharestransaction;
|
||||
--/
|
||||
|
||||
|
||||
@ -58,14 +58,14 @@ begin
|
||||
raise exception 'invalid usage of trigger';
|
||||
end if;
|
||||
|
||||
INSERT INTO hs_office_coopsharestransaction_legacy_id VALUES
|
||||
(NEW.uuid, nextVal('hs_office_coopsharestransaction_legacy_id_seq'));
|
||||
INSERT INTO hs_office.coopsharestransaction_legacy_id VALUES
|
||||
(NEW.uuid, nextVal('hs_office.coopsharestransaction_legacy_id_seq'));
|
||||
|
||||
return NEW;
|
||||
end; $$;
|
||||
|
||||
create trigger createCoopSharesLegacyIdMapping
|
||||
after insert on hs_office_coopsharestransaction
|
||||
after insert on hs_office.coopsharestransaction
|
||||
for each row
|
||||
execute procedure insertCoopSharesLegacyIdMapping();
|
||||
--/
|
||||
@ -83,14 +83,14 @@ begin
|
||||
raise exception 'invalid usage of trigger';
|
||||
end if;
|
||||
|
||||
DELETE FROM hs_office_coopsharestransaction_legacy_id
|
||||
DELETE FROM hs_office.coopsharestransaction_legacy_id
|
||||
WHERE uuid = OLD.uuid;
|
||||
|
||||
return OLD;
|
||||
end; $$;
|
||||
|
||||
create trigger removeCoopSharesLegacyIdMapping
|
||||
before delete on hs_office_coopsharestransaction
|
||||
before delete on hs_office.coopsharestransaction
|
||||
for each row
|
||||
execute procedure deleteCoopSharesLegacyIdMapping();
|
||||
--/
|
||||
|
@ -14,12 +14,12 @@ create or replace procedure createHsOfficeCoopSharesTransactionTestData(
|
||||
)
|
||||
language plpgsql as $$
|
||||
declare
|
||||
membership hs_office_membership;
|
||||
membership hs_office.membership;
|
||||
subscriptionEntryUuid uuid;
|
||||
begin
|
||||
select m.uuid
|
||||
from hs_office_membership m
|
||||
join hs_office_partner p on p.uuid = m.partneruuid
|
||||
from hs_office.membership m
|
||||
join hs_office.partner p on p.uuid = m.partneruuid
|
||||
where p.partnerNumber = givenPartnerNumber
|
||||
and m.memberNumberSuffix = givenMemberNumberSuffix
|
||||
into membership;
|
||||
@ -27,7 +27,7 @@ begin
|
||||
raise notice 'creating test coopSharesTransaction: %', givenPartnerNumber::text || givenMemberNumberSuffix;
|
||||
subscriptionEntryUuid := uuid_generate_v4();
|
||||
insert
|
||||
into hs_office_coopsharestransaction(uuid, membershipuuid, transactiontype, valuedate, sharecount, reference, comment, adjustedShareTxUuid)
|
||||
into hs_office.coopsharestransaction(uuid, membershipuuid, transactiontype, valuedate, sharecount, reference, comment, adjustedShareTxUuid)
|
||||
values
|
||||
(uuid_generate_v4(), membership.uuid, 'SUBSCRIPTION', '2010-03-15', 4, 'ref '||givenPartnerNumber::text || givenMemberNumberSuffix||'-1', 'initial subscription', null),
|
||||
(uuid_generate_v4(), membership.uuid, 'CANCELLATION', '2021-09-01', -2, 'ref '||givenPartnerNumber::text || givenMemberNumberSuffix||'-2', 'cancelling some', null),
|
||||
|
@ -15,16 +15,16 @@ CREATE TYPE HsOfficeCoopAssetsTransactionType AS ENUM ('ADJUSTMENT',
|
||||
|
||||
CREATE CAST (character varying as HsOfficeCoopAssetsTransactionType) WITH INOUT AS IMPLICIT;
|
||||
|
||||
create table if not exists hs_office_coopassetstransaction
|
||||
create table if not exists hs_office.coopassetstransaction
|
||||
(
|
||||
uuid uuid unique references rbac.object (uuid) initially deferred,
|
||||
version int not null default 0,
|
||||
membershipUuid uuid not null references hs_office_membership(uuid),
|
||||
membershipUuid uuid not null references hs_office.membership(uuid),
|
||||
transactionType HsOfficeCoopAssetsTransactionType not null,
|
||||
valueDate date not null,
|
||||
assetValue money not null,
|
||||
reference varchar(48) not null,
|
||||
adjustedAssetTxUuid uuid unique REFERENCES hs_office_coopassetstransaction(uuid) DEFERRABLE INITIALLY DEFERRED,
|
||||
adjustedAssetTxUuid uuid unique REFERENCES hs_office.coopassetstransaction(uuid) DEFERRABLE INITIALLY DEFERRED,
|
||||
comment varchar(512)
|
||||
);
|
||||
--//
|
||||
@ -34,8 +34,8 @@ create table if not exists hs_office_coopassetstransaction
|
||||
--changeset michael.hoennig:hs-office-coopassets-BUSINESS-RULES endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
alter table hs_office_coopassetstransaction
|
||||
add constraint hs_office_coopassetstransaction_reverse_entry_missing
|
||||
alter table hs_office.coopassetstransaction
|
||||
add constraint hs_office.coopassetstransaction_reverse_entry_missing
|
||||
check ( transactionType = 'ADJUSTMENT' and adjustedAssetTxUuid is not null
|
||||
or transactionType <> 'ADJUSTMENT' and adjustedAssetTxUuid is null);
|
||||
--//
|
||||
@ -52,7 +52,7 @@ declare
|
||||
totalAssetValue money;
|
||||
begin
|
||||
select sum(cat.assetValue)
|
||||
from hs_office_coopassetstransaction cat
|
||||
from hs_office.coopassetstransaction cat
|
||||
where cat.membershipUuid = forMembershipUuid
|
||||
into currentAssetValue;
|
||||
totalAssetValue := currentAssetValue + newAssetValue;
|
||||
@ -62,8 +62,8 @@ begin
|
||||
return true;
|
||||
end; $$;
|
||||
|
||||
alter table hs_office_coopassetstransaction
|
||||
add constraint hs_office_coopassets_positive
|
||||
alter table hs_office.coopassetstransaction
|
||||
add constraint hs_office.coopassets_positive
|
||||
check ( checkAssetsByMembershipUuid(membershipUuid, assetValue) );
|
||||
--//
|
||||
|
||||
@ -72,5 +72,5 @@ alter table hs_office_coopassetstransaction
|
||||
--changeset michael.hoennig:hs-office-coopassets-MAIN-TABLE-JOURNAL endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
call base.create_journal('hs_office_coopassetstransaction');
|
||||
call base.create_journal('hs_office.coopassetstransaction');
|
||||
--//
|
||||
|
@ -5,14 +5,14 @@
|
||||
-- ============================================================================
|
||||
--changeset RbacObjectGenerator:hs-office-coopassetstransaction-rbac-OBJECT endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call rbac.generateRelatedRbacObject('hs_office_coopassetstransaction');
|
||||
call rbac.generateRelatedRbacObject('hs_office.coopassetstransaction');
|
||||
--//
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RbacRoleDescriptorsGenerator:hs-office-coopassetstransaction-rbac-ROLE-DESCRIPTORS endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call rbac.generateRbacRoleDescriptors('hsOfficeCoopAssetsTransaction', 'hs_office_coopassetstransaction');
|
||||
call rbac.generateRbacRoleDescriptors('hsOfficeCoopAssetsTransaction', 'hs_office.coopassetstransaction');
|
||||
--//
|
||||
|
||||
|
||||
@ -25,17 +25,17 @@ call rbac.generateRbacRoleDescriptors('hsOfficeCoopAssetsTransaction', 'hs_offic
|
||||
*/
|
||||
|
||||
create or replace procedure buildRbacSystemForHsOfficeCoopAssetsTransaction(
|
||||
NEW hs_office_coopassetstransaction
|
||||
NEW hs_office.coopassetstransaction
|
||||
)
|
||||
language plpgsql as $$
|
||||
|
||||
declare
|
||||
newMembership hs_office_membership;
|
||||
newMembership hs_office.membership;
|
||||
|
||||
begin
|
||||
call rbac.enterTriggerForObjectUuid(NEW.uuid);
|
||||
|
||||
SELECT * FROM hs_office_membership WHERE uuid = NEW.membershipUuid INTO newMembership;
|
||||
SELECT * FROM hs_office.membership WHERE uuid = NEW.membershipUuid INTO newMembership;
|
||||
assert newMembership.uuid is not null, format('newMembership must not be null for NEW.membershipUuid = %s', NEW.membershipUuid);
|
||||
|
||||
call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'SELECT'), hsOfficeMembershipAGENT(newMembership));
|
||||
@ -45,10 +45,10 @@ begin
|
||||
end; $$;
|
||||
|
||||
/*
|
||||
AFTER INSERT TRIGGER to create the role+grant structure for a new hs_office_coopassetstransaction row.
|
||||
AFTER INSERT TRIGGER to create the role+grant structure for a new hs_office.coopassetstransaction row.
|
||||
*/
|
||||
|
||||
create or replace function insertTriggerForHsOfficeCoopAssetsTransaction_tf()
|
||||
create or replace function hs_office.insertTriggerForHsOfficeCoopAssetsTransaction_tf()
|
||||
returns trigger
|
||||
language plpgsql
|
||||
strict as $$
|
||||
@ -58,9 +58,9 @@ begin
|
||||
end; $$;
|
||||
|
||||
create trigger insertTriggerForHsOfficeCoopAssetsTransaction_tg
|
||||
after insert on hs_office_coopassetstransaction
|
||||
after insert on hs_office.coopassetstransaction
|
||||
for each row
|
||||
execute procedure insertTriggerForHsOfficeCoopAssetsTransaction_tf();
|
||||
execute procedure hs_office.insertTriggerForHsOfficeCoopAssetsTransaction_tf();
|
||||
--//
|
||||
|
||||
|
||||
@ -68,48 +68,48 @@ execute procedure insertTriggerForHsOfficeCoopAssetsTransaction_tf();
|
||||
--changeset InsertTriggerGenerator:hs-office-coopassetstransaction-rbac-GRANTING-INSERT-PERMISSION endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
-- granting INSERT permission to hs_office_membership ----------------------------
|
||||
-- granting INSERT permission to hs_office.membership ----------------------------
|
||||
|
||||
/*
|
||||
Grants INSERT INTO hs_office_coopassetstransaction permissions to specified role of pre-existing hs_office_membership rows.
|
||||
Grants INSERT INTO hs_office.coopassetstransaction permissions to specified role of pre-existing hs_office.membership rows.
|
||||
*/
|
||||
do language plpgsql $$
|
||||
declare
|
||||
row hs_office_membership;
|
||||
row hs_office.membership;
|
||||
begin
|
||||
call base.defineContext('create INSERT INTO hs_office_coopassetstransaction permissions for pre-exising hs_office_membership rows');
|
||||
call base.defineContext('create INSERT INTO hs_office.coopassetstransaction permissions for pre-exising hs_office.membership rows');
|
||||
|
||||
FOR row IN SELECT * FROM hs_office_membership
|
||||
FOR row IN SELECT * FROM hs_office.membership
|
||||
-- unconditional for all rows in that table
|
||||
LOOP
|
||||
call rbac.grantPermissionToRole(
|
||||
rbac.createPermission(row.uuid, 'INSERT', 'hs_office_coopassetstransaction'),
|
||||
rbac.createPermission(row.uuid, 'INSERT', 'hs_office.coopassetstransaction'),
|
||||
hsOfficeMembershipADMIN(row));
|
||||
END LOOP;
|
||||
end;
|
||||
$$;
|
||||
|
||||
/**
|
||||
Grants hs_office_coopassetstransaction INSERT permission to specified role of new hs_office_membership rows.
|
||||
Grants hs_office.coopassetstransaction INSERT permission to specified role of new membership rows.
|
||||
*/
|
||||
create or replace function new_hsof_coopassettx_grants_insert_to_hsof_membership_tf()
|
||||
create or replace function hs_office.new_coopassettx_grants_insert_to_membership_tf()
|
||||
returns trigger
|
||||
language plpgsql
|
||||
strict as $$
|
||||
begin
|
||||
-- unconditional for all rows in that table
|
||||
call rbac.grantPermissionToRole(
|
||||
rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office_coopassetstransaction'),
|
||||
rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office.coopassetstransaction'),
|
||||
hsOfficeMembershipADMIN(NEW));
|
||||
-- end.
|
||||
return NEW;
|
||||
end; $$;
|
||||
|
||||
-- z_... is to put it at the end of after insert triggers, to make sure the roles exist
|
||||
create trigger z_new_hs_office_coopassetstransaction_grants_after_insert_tg
|
||||
after insert on hs_office_membership
|
||||
create trigger z_new_coopassetstransaction_grants_after_insert_tg
|
||||
after insert on hs_office.membership
|
||||
for each row
|
||||
execute procedure new_hsof_coopassettx_grants_insert_to_hsof_membership_tf();
|
||||
execute procedure hs_office.new_coopassettx_grants_insert_to_membership_tf();
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
@ -117,27 +117,27 @@ execute procedure new_hsof_coopassettx_grants_insert_to_hsof_membership_tf();
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
/**
|
||||
Checks if the user respectively the assumed roles are allowed to insert a row to hs_office_coopassetstransaction.
|
||||
Checks if the user respectively the assumed roles are allowed to insert a row to hs_office.coopassetstransaction.
|
||||
*/
|
||||
create or replace function hs_office_coopassetstransaction_insert_permission_check_tf()
|
||||
create or replace function hs_office.coopassetstransaction_insert_permission_check_tf()
|
||||
returns trigger
|
||||
language plpgsql as $$
|
||||
declare
|
||||
superObjectUuid uuid;
|
||||
begin
|
||||
-- check INSERT permission via direct foreign key: NEW.membershipUuid
|
||||
if rbac.hasInsertPermission(NEW.membershipUuid, 'hs_office_coopassetstransaction') then
|
||||
if rbac.hasInsertPermission(NEW.membershipUuid, 'hs_office.coopassetstransaction') then
|
||||
return NEW;
|
||||
end if;
|
||||
|
||||
raise exception '[403] insert into hs_office_coopassetstransaction values(%) not allowed for current subjects % (%)',
|
||||
raise exception '[403] insert into hs_office.coopassetstransaction values(%) not allowed for current subjects % (%)',
|
||||
NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
|
||||
end; $$;
|
||||
|
||||
create trigger hs_office_coopassetstransaction_insert_permission_check_tg
|
||||
before insert on hs_office_coopassetstransaction
|
||||
create trigger coopassetstransaction_insert_permission_check_tg
|
||||
before insert on hs_office.coopassetstransaction
|
||||
for each row
|
||||
execute procedure hs_office_coopassetstransaction_insert_permission_check_tf();
|
||||
execute procedure hs_office.coopassetstransaction_insert_permission_check_tf();
|
||||
--//
|
||||
|
||||
|
||||
@ -145,7 +145,7 @@ create trigger hs_office_coopassetstransaction_insert_permission_check_tg
|
||||
--changeset RbacIdentityViewGenerator:hs-office-coopassetstransaction-rbac-IDENTITY-VIEW endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
call rbac.generateRbacIdentityViewFromProjection('hs_office_coopassetstransaction',
|
||||
call rbac.generateRbacIdentityViewFromProjection('hs_office.coopassetstransaction',
|
||||
$idName$
|
||||
reference
|
||||
$idName$);
|
||||
@ -155,7 +155,7 @@ call rbac.generateRbacIdentityViewFromProjection('hs_office_coopassetstransactio
|
||||
-- ============================================================================
|
||||
--changeset RbacRestrictedViewGenerator:hs-office-coopassetstransaction-rbac-RESTRICTED-VIEW endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call rbac.generateRbacRestrictedView('hs_office_coopassetstransaction',
|
||||
call rbac.generateRbacRestrictedView('hs_office.coopassetstransaction',
|
||||
$orderBy$
|
||||
reference
|
||||
$orderBy$,
|
||||
|
@ -7,9 +7,9 @@
|
||||
--changeset michael.hoennig:hs-office-coopassets-MIGRATION-mapping endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
CREATE TABLE hs_office_coopassetstransaction_legacy_id
|
||||
CREATE TABLE hs_office.coopassetstransaction_legacy_id
|
||||
(
|
||||
uuid uuid NOT NULL REFERENCES hs_office_coopassetstransaction(uuid),
|
||||
uuid uuid NOT NULL REFERENCES hs_office.coopassetstransaction(uuid),
|
||||
member_asset_id integer NOT NULL
|
||||
);
|
||||
--//
|
||||
@ -19,10 +19,10 @@ CREATE TABLE hs_office_coopassetstransaction_legacy_id
|
||||
--changeset michael.hoennig:hs-office-coopassets-MIGRATION-sequence endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
CREATE SEQUENCE IF NOT EXISTS hs_office_coopassetstransaction_legacy_id_seq
|
||||
CREATE SEQUENCE IF NOT EXISTS hs_office.coopassetstransaction_legacy_id_seq
|
||||
AS integer
|
||||
START 1000000000
|
||||
OWNED BY hs_office_coopassetstransaction_legacy_id.member_asset_id;
|
||||
OWNED BY hs_office.coopassetstransaction_legacy_id.member_asset_id;
|
||||
--//
|
||||
|
||||
|
||||
@ -30,9 +30,9 @@ CREATE SEQUENCE IF NOT EXISTS hs_office_coopassetstransaction_legacy_id_seq
|
||||
--changeset michael.hoennig:hs-office-coopassets-MIGRATION-default endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
ALTER TABLE hs_office_coopassetstransaction_legacy_id
|
||||
ALTER TABLE hs_office.coopassetstransaction_legacy_id
|
||||
ALTER COLUMN member_asset_id
|
||||
SET DEFAULT nextVal('hs_office_coopassetstransaction_legacy_id_seq');
|
||||
SET DEFAULT nextVal('hs_office.coopassetstransaction_legacy_id_seq');
|
||||
--/
|
||||
|
||||
|
||||
@ -41,8 +41,8 @@ ALTER TABLE hs_office_coopassetstransaction_legacy_id
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
CALL base.defineContext('schema-migration');
|
||||
INSERT INTO hs_office_coopassetstransaction_legacy_id(uuid, member_asset_id)
|
||||
SELECT uuid, nextVal('hs_office_coopassetstransaction_legacy_id_seq') FROM hs_office_coopassetstransaction;
|
||||
INSERT INTO hs_office.coopassetstransaction_legacy_id(uuid, member_asset_id)
|
||||
SELECT uuid, nextVal('hs_office.coopassetstransaction_legacy_id_seq') FROM hs_office.coopassetstransaction;
|
||||
--/
|
||||
|
||||
|
||||
@ -58,14 +58,14 @@ begin
|
||||
raise exception 'invalid usage of trigger';
|
||||
end if;
|
||||
|
||||
INSERT INTO hs_office_coopassetstransaction_legacy_id VALUES
|
||||
(NEW.uuid, nextVal('hs_office_coopassetstransaction_legacy_id_seq'));
|
||||
INSERT INTO hs_office.coopassetstransaction_legacy_id VALUES
|
||||
(NEW.uuid, nextVal('hs_office.coopassetstransaction_legacy_id_seq'));
|
||||
|
||||
return NEW;
|
||||
end; $$;
|
||||
|
||||
create trigger createCoopAssetsLegacyIdMapping
|
||||
after insert on hs_office_coopassetstransaction
|
||||
after insert on hs_office.coopassetstransaction
|
||||
for each row
|
||||
execute procedure insertCoopAssetsLegacyIdMapping();
|
||||
--/
|
||||
@ -83,14 +83,14 @@ begin
|
||||
raise exception 'invalid usage of trigger';
|
||||
end if;
|
||||
|
||||
DELETE FROM hs_office_coopassetstransaction_legacy_id
|
||||
DELETE FROM hs_office.coopassetstransaction_legacy_id
|
||||
WHERE uuid = OLD.uuid;
|
||||
|
||||
return OLD;
|
||||
end; $$;
|
||||
|
||||
create trigger removeCoopAssetsLegacyIdMapping
|
||||
before delete on hs_office_coopassetstransaction
|
||||
before delete on hs_office.coopassetstransaction
|
||||
for each row
|
||||
execute procedure deleteCoopAssetsLegacyIdMapping();
|
||||
--/
|
||||
|
@ -14,12 +14,12 @@ create or replace procedure createHsOfficeCoopAssetsTransactionTestData(
|
||||
)
|
||||
language plpgsql as $$
|
||||
declare
|
||||
membership hs_office_membership;
|
||||
membership hs_office.membership;
|
||||
lossEntryUuid uuid;
|
||||
begin
|
||||
select m.uuid
|
||||
from hs_office_membership m
|
||||
join hs_office_partner p on p.uuid = m.partneruuid
|
||||
from hs_office.membership m
|
||||
join hs_office.partner p on p.uuid = m.partneruuid
|
||||
where p.partnerNumber = givenPartnerNumber
|
||||
and m.memberNumberSuffix = givenMemberNumberSuffix
|
||||
into membership;
|
||||
@ -27,7 +27,7 @@ begin
|
||||
raise notice 'creating test coopAssetsTransaction: %', givenPartnerNumber || givenMemberNumberSuffix;
|
||||
lossEntryUuid := uuid_generate_v4();
|
||||
insert
|
||||
into hs_office_coopassetstransaction(uuid, membershipuuid, transactiontype, valuedate, assetvalue, reference, comment, adjustedAssetTxUuid)
|
||||
into hs_office.coopassetstransaction(uuid, membershipuuid, transactiontype, valuedate, assetvalue, reference, comment, adjustedAssetTxUuid)
|
||||
values
|
||||
(uuid_generate_v4(), membership.uuid, 'DEPOSIT', '2010-03-15', 320.00, 'ref '||givenPartnerNumber || givenMemberNumberSuffix||'-1', 'initial deposit', null),
|
||||
(uuid_generate_v4(), membership.uuid, 'DISBURSAL', '2021-09-01', -128.00, 'ref '||givenPartnerNumber || givenMemberNumberSuffix||'-2', 'partial disbursal', null),
|
||||
|
@ -9,9 +9,9 @@ create view hs_booking_debitor_xv as
|
||||
debitor.version,
|
||||
(partner.partnerNumber::varchar || debitor.debitorNumberSuffix)::numeric as debitorNumber,
|
||||
debitor.defaultPrefix
|
||||
from hs_office_debitor debitor
|
||||
from hs_office.debitor debitor
|
||||
-- RBAC for debitor is sufficient, for faster access we are bypassing RBAC for the join tables
|
||||
join hs_office_relation debitorRel on debitor.debitorReluUid=debitorRel.uuid
|
||||
join hs_office_relation partnerRel on partnerRel.holderUuid=debitorRel.anchorUuid
|
||||
join hs_office_partner partner on partner.partnerReluUid=partnerRel.uuid;
|
||||
join hs_office.relation debitorRel on debitor.debitorReluUid=debitorRel.uuid
|
||||
join hs_office.relation partnerRel on partnerRel.holderUuid=debitorRel.anchorUuid
|
||||
join hs_office.partner partner on partner.partnerReluUid=partnerRel.uuid;
|
||||
--//
|
||||
|
@ -8,7 +8,7 @@ create table if not exists hs_booking_project
|
||||
(
|
||||
uuid uuid unique references rbac.object (uuid),
|
||||
version int not null default 0,
|
||||
debitorUuid uuid not null references hs_office_debitor(uuid),
|
||||
debitorUuid uuid not null references hs_office.debitor(uuid),
|
||||
caption varchar(80) not null
|
||||
);
|
||||
--//
|
||||
|
@ -3,21 +3,21 @@
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset michael.hoennig:hs-booking-project-rbac-OBJECT endDelimiter:--//
|
||||
--changeset RbacObjectGenerator:hs-booking-project-rbac-OBJECT endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call rbac.generateRelatedRbacObject('hs_booking_project');
|
||||
--//
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset michael.hoennig:hs-booking-project-rbac-ROLE-DESCRIPTORS endDelimiter:--//
|
||||
--changeset RbacRoleDescriptorsGenerator:hs-booking-project-rbac-ROLE-DESCRIPTORS endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call rbac.generateRbacRoleDescriptors('hsBookingProject', 'hs_booking_project');
|
||||
--//
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset michael.hoennig:hs-booking-project-rbac-insert-trigger endDelimiter:--//
|
||||
--changeset RolesGrantsAndPermissionsGenerator:hs-booking-project-rbac-insert-trigger endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
/*
|
||||
@ -30,18 +30,18 @@ create or replace procedure buildRbacSystemForHsBookingProject(
|
||||
language plpgsql as $$
|
||||
|
||||
declare
|
||||
newDebitor hs_office_debitor;
|
||||
newDebitorRel hs_office_relation;
|
||||
newDebitor hs_office.debitor;
|
||||
newDebitorRel hs_office.relation;
|
||||
|
||||
begin
|
||||
call rbac.enterTriggerForObjectUuid(NEW.uuid);
|
||||
|
||||
SELECT * FROM hs_office_debitor WHERE uuid = NEW.debitorUuid INTO newDebitor;
|
||||
SELECT * FROM hs_office.debitor WHERE uuid = NEW.debitorUuid INTO newDebitor;
|
||||
assert newDebitor.uuid is not null, format('newDebitor must not be null for NEW.debitorUuid = %s', NEW.debitorUuid);
|
||||
|
||||
SELECT debitorRel.*
|
||||
FROM hs_office_relation debitorRel
|
||||
JOIN hs_office_debitor debitor ON debitor.debitorRelUuid = debitorRel.uuid
|
||||
FROM hs_office.relation debitorRel
|
||||
JOIN hs_office.debitor debitor ON debitor.debitorRelUuid = debitorRel.uuid
|
||||
WHERE debitor.uuid = NEW.debitorUuid
|
||||
INTO newDebitorRel;
|
||||
assert newDebitorRel.uuid is not null, format('newDebitorRel must not be null for NEW.debitorUuid = %s', NEW.debitorUuid);
|
||||
@ -96,21 +96,21 @@ execute procedure insertTriggerForHsBookingProject_tf();
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset michael.hoennig:hs-booking-project-rbac-GRANTING-INSERT-PERMISSION endDelimiter:--//
|
||||
--changeset InsertTriggerGenerator:hs-booking-project-rbac-GRANTING-INSERT-PERMISSION endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
-- granting INSERT permission to hs_office_relation ----------------------------
|
||||
-- granting INSERT permission to hs_office.relation ----------------------------
|
||||
|
||||
/*
|
||||
Grants INSERT INTO hs_booking_project permissions to specified role of pre-existing hs_office_relation rows.
|
||||
Grants INSERT INTO hs_booking_project permissions to specified role of pre-existing hs_office.relation rows.
|
||||
*/
|
||||
do language plpgsql $$
|
||||
declare
|
||||
row hs_office_relation;
|
||||
row hs_office.relation;
|
||||
begin
|
||||
call base.defineContext('create INSERT INTO hs_booking_project permissions for pre-exising hs_office_relation rows');
|
||||
call base.defineContext('create INSERT INTO hs_booking_project permissions for pre-exising hs_office.relation rows');
|
||||
|
||||
FOR row IN SELECT * FROM hs_office_relation
|
||||
FOR row IN SELECT * FROM hs_office.relation
|
||||
WHERE type = 'DEBITOR'
|
||||
LOOP
|
||||
call rbac.grantPermissionToRole(
|
||||
@ -121,9 +121,9 @@ do language plpgsql $$
|
||||
$$;
|
||||
|
||||
/**
|
||||
Grants hs_booking_project INSERT permission to specified role of new hs_office_relation rows.
|
||||
Grants hs_booking_project INSERT permission to specified role of new relation rows.
|
||||
*/
|
||||
create or replace function new_hs_booking_project_grants_insert_to_hs_office_relation_tf()
|
||||
create or replace function new_hsbk_project_grants_insert_to_relation_tf()
|
||||
returns trigger
|
||||
language plpgsql
|
||||
strict as $$
|
||||
@ -137,14 +137,14 @@ begin
|
||||
end; $$;
|
||||
|
||||
-- z_... is to put it at the end of after insert triggers, to make sure the roles exist
|
||||
create trigger z_new_hs_booking_project_grants_insert_to_hs_office_relation_tg
|
||||
after insert on hs_office_relation
|
||||
create trigger z_new_hs_booking_project_grants_after_insert_tg
|
||||
after insert on hs_office.relation
|
||||
for each row
|
||||
execute procedure new_hs_booking_project_grants_insert_to_hs_office_relation_tf();
|
||||
execute procedure new_hsbk_project_grants_insert_to_relation_tf();
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset michael.hoennig:hs_booking_project-rbac-CHECKING-INSERT-PERMISSION endDelimiter:--//
|
||||
--changeset InsertTriggerGenerator:hs-booking-project-rbac-CHECKING-INSERT-PERMISSION endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
/**
|
||||
@ -158,8 +158,8 @@ declare
|
||||
begin
|
||||
-- check INSERT permission via indirect foreign key: NEW.debitorUuid
|
||||
superObjectUuid := (SELECT debitorRel.uuid
|
||||
FROM hs_office_relation debitorRel
|
||||
JOIN hs_office_debitor debitor ON debitor.debitorRelUuid = debitorRel.uuid
|
||||
FROM hs_office.relation debitorRel
|
||||
JOIN hs_office.debitor debitor ON debitor.debitorRelUuid = debitorRel.uuid
|
||||
WHERE debitor.uuid = NEW.debitorUuid
|
||||
);
|
||||
assert superObjectUuid is not null, 'object uuid fetched depending on hs_booking_project.debitorUuid must not be null, also check fetchSql in RBAC DSL';
|
||||
@ -179,20 +179,20 @@ create trigger hs_booking_project_insert_permission_check_tg
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset michael.hoennig:hs-booking-project-rbac-IDENTITY-VIEW endDelimiter:--//
|
||||
--changeset RbacIdentityViewGenerator:hs-booking-project-rbac-IDENTITY-VIEW endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
call rbac.generateRbacIdentityViewFromQuery('hs_booking_project',
|
||||
$idName$
|
||||
SELECT bookingProject.uuid as uuid, debitorIV.idName || '-' || base.cleanIdentifier(bookingProject.caption) as idName
|
||||
FROM hs_booking_project bookingProject
|
||||
JOIN hs_office_debitor_iv debitorIV ON debitorIV.uuid = bookingProject.debitorUuid
|
||||
JOIN hs_office.debitor_iv debitorIV ON debitorIV.uuid = bookingProject.debitorUuid
|
||||
$idName$);
|
||||
--//
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset michael.hoennig:hs-booking-project-rbac-RESTRICTED-VIEW endDelimiter:--//
|
||||
--changeset RbacRestrictedViewGenerator:hs-booking-project-rbac-RESTRICTED-VIEW endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call rbac.generateRbacRestrictedView('hs_booking_project',
|
||||
$orderBy$
|
||||
|
@ -14,14 +14,14 @@ create or replace procedure createHsBookingProjectTransactionTestData(
|
||||
)
|
||||
language plpgsql as $$
|
||||
declare
|
||||
relatedDebitor hs_office_debitor;
|
||||
relatedDebitor hs_office.debitor;
|
||||
begin
|
||||
|
||||
select debitor.* into relatedDebitor
|
||||
from hs_office_debitor debitor
|
||||
join hs_office_relation debitorRel on debitorRel.uuid = debitor.debitorRelUuid
|
||||
join hs_office_relation partnerRel on partnerRel.holderUuid = debitorRel.anchorUuid
|
||||
join hs_office_partner partner on partner.partnerRelUuid = partnerRel.uuid
|
||||
from hs_office.debitor debitor
|
||||
join hs_office.relation debitorRel on debitorRel.uuid = debitor.debitorRelUuid
|
||||
join hs_office.relation partnerRel on partnerRel.holderUuid = debitorRel.anchorUuid
|
||||
join hs_office.partner partner on partner.partnerRelUuid = partnerRel.uuid
|
||||
where partner.partnerNumber = givenPartnerNumber and debitor.debitorNumberSuffix = givenDebitorSuffix;
|
||||
|
||||
raise notice 'creating test booking-project: %', givenDebitorSuffix::text;
|
||||
|
@ -3,21 +3,21 @@
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset michael.hoennig:hs-booking-item-rbac-OBJECT endDelimiter:--//
|
||||
--changeset RbacObjectGenerator:hs-booking-item-rbac-OBJECT endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call rbac.generateRelatedRbacObject('hs_booking_item');
|
||||
--//
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset michael.hoennig:hs-booking-item-rbac-ROLE-DESCRIPTORS endDelimiter:--//
|
||||
--changeset RbacRoleDescriptorsGenerator:hs-booking-item-rbac-ROLE-DESCRIPTORS endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call rbac.generateRbacRoleDescriptors('hsBookingItem', 'hs_booking_item');
|
||||
--//
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset michael.hoennig:hs-booking-item-rbac-insert-trigger endDelimiter:--//
|
||||
--changeset RolesGrantsAndPermissionsGenerator:hs-booking-item-rbac-insert-trigger endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
/*
|
||||
@ -95,17 +95,17 @@ execute procedure insertTriggerForHsBookingItem_tf();
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset michael.hoennig:hs-booking-item-rbac-GRANTING-INSERT-PERMISSION endDelimiter:--//
|
||||
--changeset InsertTriggerGenerator:hs-booking-item-rbac-GRANTING-INSERT-PERMISSION endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
-- granting INSERT permission to global ----------------------------
|
||||
-- granting INSERT permission to rbac.global ----------------------------
|
||||
|
||||
/*
|
||||
Grants INSERT INTO hs_booking_item permissions to specified role of pre-existing global rows.
|
||||
Grants INSERT INTO hs_booking_item permissions to specified role of pre-existing rbac.global rows.
|
||||
*/
|
||||
do language plpgsql $$
|
||||
declare
|
||||
row rbac.global%ROWTYPE;
|
||||
row rbac.global;
|
||||
begin
|
||||
call base.defineContext('create INSERT INTO hs_booking_item permissions for pre-exising rbac.global rows');
|
||||
|
||||
@ -114,15 +114,15 @@ do language plpgsql $$
|
||||
LOOP
|
||||
call rbac.grantPermissionToRole(
|
||||
rbac.createPermission(row.uuid, 'INSERT', 'hs_booking_item'),
|
||||
rbac.globalAdmin());
|
||||
rbac.globalADMIN());
|
||||
END LOOP;
|
||||
end;
|
||||
$$;
|
||||
|
||||
/**
|
||||
Grants hs_booking_item INSERT permission to specified role of new rbac.global rows.
|
||||
Grants hs_booking_item INSERT permission to specified role of new global rows.
|
||||
*/
|
||||
create or replace function new_hs_booking_item_grants_insert_to_global_tf()
|
||||
create or replace function new_hsbk_item_grants_insert_to_global_tf()
|
||||
returns trigger
|
||||
language plpgsql
|
||||
strict as $$
|
||||
@ -130,16 +130,16 @@ begin
|
||||
-- unconditional for all rows in that table
|
||||
call rbac.grantPermissionToRole(
|
||||
rbac.createPermission(NEW.uuid, 'INSERT', 'hs_booking_item'),
|
||||
rbac.globalAdmin());
|
||||
rbac.globalADMIN());
|
||||
-- end.
|
||||
return NEW;
|
||||
end; $$;
|
||||
|
||||
-- z_... is to put it at the end of after insert triggers, to make sure the roles exist
|
||||
create trigger z_new_hs_booking_item_grants_insert_to_global_tg
|
||||
create trigger z_new_hs_booking_item_grants_after_insert_tg
|
||||
after insert on rbac.global
|
||||
for each row
|
||||
execute procedure new_hs_booking_item_grants_insert_to_global_tf();
|
||||
execute procedure new_hsbk_item_grants_insert_to_global_tf();
|
||||
|
||||
-- granting INSERT permission to hs_booking_project ----------------------------
|
||||
|
||||
@ -165,7 +165,7 @@ $$;
|
||||
/**
|
||||
Grants hs_booking_item INSERT permission to specified role of new hs_booking_project rows.
|
||||
*/
|
||||
create or replace function new_hs_booking_item_grants_insert_to_hs_booking_project_tf()
|
||||
create or replace function new_hsbk_item_grants_insert_to_hsbk_project_tf()
|
||||
returns trigger
|
||||
language plpgsql
|
||||
strict as $$
|
||||
@ -179,10 +179,10 @@ begin
|
||||
end; $$;
|
||||
|
||||
-- z_... is to put it at the end of after insert triggers, to make sure the roles exist
|
||||
create trigger z_new_hs_booking_item_grants_insert_to_hs_booking_project_tg
|
||||
create trigger z_new_hs_booking_item_grants_after_insert_tg
|
||||
after insert on hs_booking_project
|
||||
for each row
|
||||
execute procedure new_hs_booking_item_grants_insert_to_hs_booking_project_tf();
|
||||
execute procedure new_hsbk_item_grants_insert_to_hsbk_project_tf();
|
||||
|
||||
-- granting INSERT permission to hs_booking_item ----------------------------
|
||||
|
||||
@ -192,7 +192,7 @@ execute procedure new_hs_booking_item_grants_insert_to_hs_booking_project_tf();
|
||||
/**
|
||||
Grants hs_booking_item INSERT permission to specified role of new hs_booking_item rows.
|
||||
*/
|
||||
create or replace function new_hs_booking_item_grants_insert_to_hs_booking_item_tf()
|
||||
create or replace function new_hsbk_item_grants_insert_to_hsbk_item_tf()
|
||||
returns trigger
|
||||
language plpgsql
|
||||
strict as $$
|
||||
@ -206,14 +206,14 @@ begin
|
||||
end; $$;
|
||||
|
||||
-- z_... is to put it at the end of after insert triggers, to make sure the roles exist
|
||||
create trigger z_new_hs_booking_item_grants_insert_to_hs_booking_item_tg
|
||||
create trigger z_new_hs_booking_item_grants_after_insert_tg
|
||||
after insert on hs_booking_item
|
||||
for each row
|
||||
execute procedure new_hs_booking_item_grants_insert_to_hs_booking_item_tf();
|
||||
execute procedure new_hsbk_item_grants_insert_to_hsbk_item_tf();
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset michael.hoennig:hs_booking_item-rbac-CHECKING-INSERT-PERMISSION endDelimiter:--//
|
||||
--changeset InsertTriggerGenerator:hs-booking-item-rbac-CHECKING-INSERT-PERMISSION endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
/**
|
||||
@ -225,7 +225,7 @@ create or replace function hs_booking_item_insert_permission_check_tf()
|
||||
declare
|
||||
superObjectUuid uuid;
|
||||
begin
|
||||
-- check INSERT INSERT if rbac.Global ADMIN
|
||||
-- check INSERT INSERT if rbac.global ADMIN
|
||||
if rbac.isGlobalAdmin() then
|
||||
return NEW;
|
||||
end if;
|
||||
@ -250,7 +250,7 @@ create trigger hs_booking_item_insert_permission_check_tg
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset michael.hoennig:hs-booking-item-rbac-IDENTITY-VIEW endDelimiter:--//
|
||||
--changeset RbacIdentityViewGenerator:hs-booking-item-rbac-IDENTITY-VIEW endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
call rbac.generateRbacIdentityViewFromProjection('hs_booking_item',
|
||||
@ -261,7 +261,7 @@ call rbac.generateRbacIdentityViewFromProjection('hs_booking_item',
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset michael.hoennig:hs-booking-item-rbac-RESTRICTED-VIEW endDelimiter:--//
|
||||
--changeset RbacRestrictedViewGenerator:hs-booking-item-rbac-RESTRICTED-VIEW endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call rbac.generateRbacRestrictedView('hs_booking_item',
|
||||
$orderBy$
|
||||
|
@ -39,7 +39,7 @@ create table if not exists hs_hosting_asset
|
||||
identifier varchar(80) not null,
|
||||
caption varchar(80),
|
||||
config jsonb not null,
|
||||
alarmContactUuid uuid null references hs_office_contact(uuid) initially deferred,
|
||||
alarmContactUuid uuid null references hs_office.contact(uuid) initially deferred,
|
||||
|
||||
constraint chk_hs_hosting_asset_has_booking_item_or_parent_asset
|
||||
check (bookingItemUuid is not null or parentAssetUuid is not null or type in ('DOMAIN_SETUP', 'IPV4_NUMBER', 'IPV6_NUMBER'))
|
||||
|
@ -3,21 +3,21 @@
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset michael.hoennig:hs-hosting-asset-rbac-OBJECT endDelimiter:--//
|
||||
--changeset RbacObjectGenerator:hs-hosting-asset-rbac-OBJECT endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call rbac.generateRelatedRbacObject('hs_hosting_asset');
|
||||
--//
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset michael.hoennig:hs-hosting-asset-rbac-ROLE-DESCRIPTORS endDelimiter:--//
|
||||
--changeset RbacRoleDescriptorsGenerator:hs-hosting-asset-rbac-ROLE-DESCRIPTORS endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call rbac.generateRbacRoleDescriptors('hsHostingAsset', 'hs_hosting_asset');
|
||||
--//
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset michael.hoennig:hs-hosting-asset-rbac-insert-trigger endDelimiter:--//
|
||||
--changeset RolesGrantsAndPermissionsGenerator:hs-hosting-asset-rbac-insert-trigger endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
/*
|
||||
@ -32,7 +32,7 @@ create or replace procedure buildRbacSystemForHsHostingAsset(
|
||||
declare
|
||||
newBookingItem hs_booking_item;
|
||||
newAssignedToAsset hs_hosting_asset;
|
||||
newAlarmContact hs_office_contact;
|
||||
newAlarmContact hs_office.contact;
|
||||
newParentAsset hs_hosting_asset;
|
||||
|
||||
begin
|
||||
@ -42,7 +42,7 @@ begin
|
||||
|
||||
SELECT * FROM hs_hosting_asset WHERE uuid = NEW.assignedToAssetUuid INTO newAssignedToAsset;
|
||||
|
||||
SELECT * FROM hs_office_contact WHERE uuid = NEW.alarmContactUuid INTO newAlarmContact;
|
||||
SELECT * FROM hs_office.contact WHERE uuid = NEW.alarmContactUuid INTO newAlarmContact;
|
||||
|
||||
SELECT * FROM hs_hosting_asset WHERE uuid = NEW.parentAssetUuid INTO newParentAsset;
|
||||
|
||||
@ -50,9 +50,9 @@ begin
|
||||
hsHostingAssetOWNER(NEW),
|
||||
permissions => array['DELETE'],
|
||||
incomingSuperRoles => array[
|
||||
rbac.globalADMIN(rbac.unassumed()),
|
||||
hsBookingItemADMIN(newBookingItem),
|
||||
hsHostingAssetADMIN(newParentAsset)],
|
||||
hsHostingAssetADMIN(newParentAsset),
|
||||
rbac.globalADMIN(rbac.unassumed())],
|
||||
subjectUuids => array[rbac.currentSubjectUuid()]
|
||||
);
|
||||
|
||||
@ -113,7 +113,7 @@ execute procedure insertTriggerForHsHostingAsset_tf();
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset michael.hoennig:hs-hosting-asset-rbac-update-trigger endDelimiter:--//
|
||||
--changeset RolesGrantsAndPermissionsGenerator:hs-hosting-asset-rbac-update-trigger endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
/*
|
||||
@ -155,7 +155,7 @@ execute procedure updateTriggerForHsHostingAsset_tf();
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset michael.hoennig:hs-hosting-asset-rbac-IDENTITY-VIEW endDelimiter:--//
|
||||
--changeset RbacIdentityViewGenerator:hs-hosting-asset-rbac-IDENTITY-VIEW endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
call rbac.generateRbacIdentityViewFromProjection('hs_hosting_asset',
|
||||
@ -166,7 +166,7 @@ call rbac.generateRbacIdentityViewFromProjection('hs_hosting_asset',
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset michael.hoennig:hs-hosting-asset-rbac-RESTRICTED-VIEW endDelimiter:--//
|
||||
--changeset RbacRestrictedViewGenerator:hs-hosting-asset-rbac-RESTRICTED-VIEW endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call rbac.generateRbacRestrictedView('hs_hosting_asset',
|
||||
$orderBy$
|
||||
|
@ -12,7 +12,7 @@ create or replace procedure createHsHostingAssetTestData(givenProjectCaption var
|
||||
language plpgsql as $$
|
||||
declare
|
||||
relatedProject hs_booking_project;
|
||||
relatedDebitor hs_office_debitor;
|
||||
relatedDebitor hs_office.debitor;
|
||||
privateCloudBI hs_booking_item;
|
||||
managedServerBI hs_booking_item;
|
||||
cloudServerBI hs_booking_item;
|
||||
@ -38,7 +38,7 @@ begin
|
||||
assert relatedProject.uuid is not null, 'relatedProject for "' || givenProjectCaption || '" must not be null';
|
||||
|
||||
select debitor.* into relatedDebitor
|
||||
from hs_office_debitor debitor
|
||||
from hs_office.debitor debitor
|
||||
where debitor.uuid = relatedProject.debitorUuid;
|
||||
assert relatedDebitor.uuid is not null, 'relatedDebitor for "' || givenProjectCaption || '" must not be null';
|
||||
|
||||
|
@ -69,6 +69,8 @@ databaseChangeLog:
|
||||
file: db/changelog/2-rbactest/203-rbactest-domain/2033-rbactest-domain-rbac.sql
|
||||
- include:
|
||||
file: db/changelog/2-rbactest/203-rbactest-domain/2038-rbactest-domain-test-data.sql
|
||||
- include:
|
||||
file: db/changelog/5-hs-office/500-hs-office-schema.sql
|
||||
- include:
|
||||
file: db/changelog/5-hs-office/501-contact/5010-hs-office-contact.sql
|
||||
- include:
|
||||
|
@ -135,7 +135,7 @@ class HsBookingProjectRepositoryIntegrationTest extends ContextBasedTestWithClea
|
||||
context("superuser-alex@hostsharing.net");
|
||||
final var initialRoleNames = distinctRoleNamesOf(rawRoleRepo.findAll());
|
||||
final var initialGrantNames = distinctGrantDisplaysOf(rawGrantRepo.findAll()).stream()
|
||||
.map(s -> s.replace("hs_office_", ""))
|
||||
.map(s -> s.replace("hs_office.", ""))
|
||||
.toList();
|
||||
|
||||
// when
|
||||
@ -157,7 +157,7 @@ class HsBookingProjectRepositoryIntegrationTest extends ContextBasedTestWithClea
|
||||
"hs_booking_project#D-1000111-somenewbookingproject:OWNER",
|
||||
"hs_booking_project#D-1000111-somenewbookingproject:TENANT"));
|
||||
assertThat(distinctGrantDisplaysOf(rawGrantRepo.findAll()))
|
||||
.map(s -> s.replace("hs_office_", ""))
|
||||
.map(s -> s.replace("hs_office.", ""))
|
||||
.containsExactlyInAnyOrder(fromFormatted(
|
||||
initialGrantNames,
|
||||
|
||||
|
@ -112,7 +112,7 @@ public abstract class BaseOfficeDataImport extends CsvDataImport {
|
||||
@Order(1)
|
||||
void verifyInitialDatabase() {
|
||||
// SQL DELETE for thousands of records takes too long, so we make sure, we only start with initial or test data
|
||||
final var contactCount = (Integer) em.createNativeQuery("select count(*) from hs_office_contact", Integer.class)
|
||||
final var contactCount = (Integer) em.createNativeQuery("select count(*) from hs_office.contact", Integer.class)
|
||||
.getSingleResult();
|
||||
assertThat(contactCount).isLessThan(20);
|
||||
}
|
||||
@ -614,7 +614,7 @@ public abstract class BaseOfficeDataImport extends CsvDataImport {
|
||||
jpaAttempt.transacted(() -> {
|
||||
context(rbacSuperuser);
|
||||
contacts.forEach(this::persist);
|
||||
updateLegacyIds(contacts, "hs_office_contact_legacy_id", "contact_id");
|
||||
updateLegacyIds(contacts, "hs_office.contact_legacy_id", "contact_id");
|
||||
}).assertSuccessful();
|
||||
|
||||
jpaAttempt.transacted(() -> {
|
||||
@ -640,7 +640,7 @@ public abstract class BaseOfficeDataImport extends CsvDataImport {
|
||||
partner.setPartnerRel(em.merge(partner.getPartnerRel()));
|
||||
em.persist(partner);
|
||||
});
|
||||
updateLegacyIds(partners, "hs_office_partner_legacy_id", "bp_id");
|
||||
updateLegacyIds(partners, "hs_office.partner_legacy_id", "bp_id");
|
||||
}).assertSuccessful();
|
||||
|
||||
jpaAttempt.transacted(() -> {
|
||||
@ -664,20 +664,20 @@ public abstract class BaseOfficeDataImport extends CsvDataImport {
|
||||
jpaAttempt.transacted(() -> {
|
||||
context(rbacSuperuser);
|
||||
sepaMandates.forEach(this::persist);
|
||||
updateLegacyIds(sepaMandates, "hs_office_sepamandate_legacy_id", "sepa_mandate_id");
|
||||
updateLegacyIds(sepaMandates, "hs_office.sepamandate_legacy_id", "sepa_mandate_id");
|
||||
}).assertSuccessful();
|
||||
|
||||
jpaAttempt.transacted(() -> {
|
||||
context(rbacSuperuser);
|
||||
coopShares.forEach(this::persist);
|
||||
updateLegacyIds(coopShares, "hs_office_coopsharestransaction_legacy_id", "member_share_id");
|
||||
updateLegacyIds(coopShares, "hs_office.coopsharestransaction_legacy_id", "member_share_id");
|
||||
|
||||
}).assertSuccessful();
|
||||
|
||||
jpaAttempt.transacted(() -> {
|
||||
context(rbacSuperuser);
|
||||
coopAssets.forEach(this::persist);
|
||||
updateLegacyIds(coopAssets, "hs_office_coopassetstransaction_legacy_id", "member_asset_id");
|
||||
updateLegacyIds(coopAssets, "hs_office.coopassetstransaction_legacy_id", "member_asset_id");
|
||||
}).assertSuccessful();
|
||||
|
||||
}
|
||||
@ -685,7 +685,7 @@ public abstract class BaseOfficeDataImport extends CsvDataImport {
|
||||
@Test
|
||||
@Order(9190)
|
||||
void verifyMembershipsActuallyPersisted() {
|
||||
final var biCount = (Integer) em.createNativeQuery("select count(*) from hs_office_membership", Integer.class)
|
||||
final var biCount = (Integer) em.createNativeQuery("select count(*) from hs_office.membership", Integer.class)
|
||||
.getSingleResult();
|
||||
assertThat(biCount).isGreaterThan(isImportingControlledTestData() ? 5 : 300);
|
||||
}
|
||||
|
@ -254,34 +254,34 @@ public class CsvDataImport extends ContextBasedTest {
|
||||
em.createNativeQuery("delete from hs_booking_item_ex where true").executeUpdate();
|
||||
em.createNativeQuery("delete from hs_booking_project where true").executeUpdate();
|
||||
em.createNativeQuery("delete from hs_booking_project_ex where true").executeUpdate();
|
||||
em.createNativeQuery("delete from hs_office_coopassetstransaction where true").executeUpdate();
|
||||
em.createNativeQuery("delete from hs_office_coopassetstransaction_legacy_id where true").executeUpdate();
|
||||
em.createNativeQuery("delete from hs_office_coopsharestransaction where true").executeUpdate();
|
||||
em.createNativeQuery("delete from hs_office_coopsharestransaction_legacy_id where true").executeUpdate();
|
||||
em.createNativeQuery("delete from hs_office_membership where true").executeUpdate();
|
||||
em.createNativeQuery("delete from hs_office_sepamandate where true").executeUpdate();
|
||||
em.createNativeQuery("delete from hs_office_sepamandate_legacy_id where true").executeUpdate();
|
||||
em.createNativeQuery("delete from hs_office_debitor where true").executeUpdate();
|
||||
em.createNativeQuery("delete from hs_office_bankaccount where true").executeUpdate();
|
||||
em.createNativeQuery("delete from hs_office_partner where true").executeUpdate();
|
||||
em.createNativeQuery("delete from hs_office_partner_details where true").executeUpdate();
|
||||
em.createNativeQuery("delete from hs_office_relation where true").executeUpdate();
|
||||
em.createNativeQuery("delete from hs_office_contact where true").executeUpdate();
|
||||
em.createNativeQuery("delete from hs_office_person where true").executeUpdate();
|
||||
em.createNativeQuery("delete from hs_office.coopassetstransaction where true").executeUpdate();
|
||||
em.createNativeQuery("delete from hs_office.coopassetstransaction_legacy_id where true").executeUpdate();
|
||||
em.createNativeQuery("delete from hs_office.coopsharestransaction where true").executeUpdate();
|
||||
em.createNativeQuery("delete from hs_office.coopsharestransaction_legacy_id where true").executeUpdate();
|
||||
em.createNativeQuery("delete from hs_office.membership where true").executeUpdate();
|
||||
em.createNativeQuery("delete from hs_office.sepamandate where true").executeUpdate();
|
||||
em.createNativeQuery("delete from hs_office.sepamandate_legacy_id where true").executeUpdate();
|
||||
em.createNativeQuery("delete from hs_office.debitor where true").executeUpdate();
|
||||
em.createNativeQuery("delete from hs_office.bankaccount where true").executeUpdate();
|
||||
em.createNativeQuery("delete from hs_office.partner where true").executeUpdate();
|
||||
em.createNativeQuery("delete from hs_office.partner_details where true").executeUpdate();
|
||||
em.createNativeQuery("delete from hs_office.relation where true").executeUpdate();
|
||||
em.createNativeQuery("delete from hs_office.contact where true").executeUpdate();
|
||||
em.createNativeQuery("delete from hs_office.person where true").executeUpdate();
|
||||
}).assertSuccessful();
|
||||
}
|
||||
|
||||
protected void resetHsOfficeSequences() {
|
||||
jpaAttempt.transacted(() -> {
|
||||
context(rbacSuperuser);
|
||||
em.createNativeQuery("alter sequence hs_office_contact_legacy_id_seq restart with 1000000000;").executeUpdate();
|
||||
em.createNativeQuery("alter sequence hs_office_coopassetstransaction_legacy_id_seq restart with 1000000000;")
|
||||
em.createNativeQuery("alter sequence hs_office.contact_legacy_id_seq restart with 1000000000;").executeUpdate();
|
||||
em.createNativeQuery("alter sequence hs_office.coopassetstransaction_legacy_id_seq restart with 1000000000;")
|
||||
.executeUpdate();
|
||||
em.createNativeQuery("alter sequence public.hs_office_coopsharestransaction_legacy_id_seq restart with 1000000000;")
|
||||
em.createNativeQuery("alter sequence public.hs_office.coopsharestransaction_legacy_id_seq restart with 1000000000;")
|
||||
.executeUpdate();
|
||||
em.createNativeQuery("alter sequence public.hs_office_partner_legacy_id_seq restart with 1000000000;")
|
||||
em.createNativeQuery("alter sequence public.hs_office.partner_legacy_id_seq restart with 1000000000;")
|
||||
.executeUpdate();
|
||||
em.createNativeQuery("alter sequence public.hs_office_sepamandate_legacy_id_seq restart with 1000000000;")
|
||||
em.createNativeQuery("alter sequence public.hs_office.sepamandate_legacy_id_seq restart with 1000000000;")
|
||||
.executeUpdate();
|
||||
});
|
||||
}
|
||||
|
@ -102,21 +102,21 @@ class HsOfficeBankAccountRepositoryIntegrationTest extends ContextBasedTestWithC
|
||||
final var roles = rawRoleRepo.findAll();
|
||||
assertThat(distinctRoleNamesOf(roles)).containsExactlyInAnyOrder(Array.from(
|
||||
initialRoleNames,
|
||||
"hs_office_bankaccount#DE25500105176934832579:OWNER",
|
||||
"hs_office_bankaccount#DE25500105176934832579:ADMIN",
|
||||
"hs_office_bankaccount#DE25500105176934832579:REFERRER"
|
||||
"hs_office.bankaccount#DE25500105176934832579:OWNER",
|
||||
"hs_office.bankaccount#DE25500105176934832579:ADMIN",
|
||||
"hs_office.bankaccount#DE25500105176934832579:REFERRER"
|
||||
));
|
||||
assertThat(distinctGrantDisplaysOf(rawGrantRepo.findAll())).containsExactlyInAnyOrder(Array.fromFormatted(
|
||||
initialGrantNames,
|
||||
"{ grant perm:hs_office_bankaccount#DE25500105176934832579:DELETE to role:hs_office_bankaccount#DE25500105176934832579:OWNER by system and assume }",
|
||||
"{ grant role:hs_office_bankaccount#DE25500105176934832579:OWNER to role:rbac.global#global:ADMIN by system and assume }",
|
||||
"{ grant role:hs_office_bankaccount#DE25500105176934832579:OWNER to user:selfregistered-user-drew@hostsharing.org by hs_office_bankaccount#DE25500105176934832579:OWNER and assume }",
|
||||
"{ grant perm:hs_office.bankaccount#DE25500105176934832579:DELETE to role:hs_office.bankaccount#DE25500105176934832579:OWNER by system and assume }",
|
||||
"{ grant role:hs_office.bankaccount#DE25500105176934832579:OWNER to role:rbac.global#global:ADMIN by system and assume }",
|
||||
"{ grant role:hs_office.bankaccount#DE25500105176934832579:OWNER to user:selfregistered-user-drew@hostsharing.org by hs_office.bankaccount#DE25500105176934832579:OWNER and assume }",
|
||||
|
||||
"{ grant role:hs_office_bankaccount#DE25500105176934832579:ADMIN to role:hs_office_bankaccount#DE25500105176934832579:OWNER by system and assume }",
|
||||
"{ grant perm:hs_office_bankaccount#DE25500105176934832579:UPDATE to role:hs_office_bankaccount#DE25500105176934832579:ADMIN by system and assume }",
|
||||
"{ grant role:hs_office.bankaccount#DE25500105176934832579:ADMIN to role:hs_office.bankaccount#DE25500105176934832579:OWNER by system and assume }",
|
||||
"{ grant perm:hs_office.bankaccount#DE25500105176934832579:UPDATE to role:hs_office.bankaccount#DE25500105176934832579:ADMIN by system and assume }",
|
||||
|
||||
"{ grant perm:hs_office_bankaccount#DE25500105176934832579:SELECT to role:hs_office_bankaccount#DE25500105176934832579:REFERRER by system and assume }",
|
||||
"{ grant role:hs_office_bankaccount#DE25500105176934832579:REFERRER to role:hs_office_bankaccount#DE25500105176934832579:ADMIN by system and assume }",
|
||||
"{ grant perm:hs_office.bankaccount#DE25500105176934832579:SELECT to role:hs_office.bankaccount#DE25500105176934832579:REFERRER by system and assume }",
|
||||
"{ grant role:hs_office.bankaccount#DE25500105176934832579:REFERRER to role:hs_office.bankaccount#DE25500105176934832579:ADMIN by system and assume }",
|
||||
null
|
||||
));
|
||||
}
|
||||
@ -273,7 +273,7 @@ class HsOfficeBankAccountRepositoryIntegrationTest extends ContextBasedTestWithC
|
||||
final var query = em.createNativeQuery("""
|
||||
select currentTask, targetTable, targetOp, targetdelta->>'iban'
|
||||
from base.tx_journal_v
|
||||
where targettable = 'hs_office_bankaccount';
|
||||
where targettable = 'hs_office.bankaccount';
|
||||
""");
|
||||
|
||||
// when
|
||||
@ -281,9 +281,9 @@ class HsOfficeBankAccountRepositoryIntegrationTest extends ContextBasedTestWithC
|
||||
|
||||
// then
|
||||
assertThat(customerLogEntries).map(Arrays::toString).contains(
|
||||
"[creating bankaccount test-data, hs_office_bankaccount, INSERT, DE02120300000000202051]",
|
||||
"[creating bankaccount test-data, hs_office_bankaccount, INSERT, DE02500105170137075030]",
|
||||
"[creating bankaccount test-data, hs_office_bankaccount, INSERT, DE02100500000054540402]");
|
||||
"[creating bankaccount test-data, hs_office.bankaccount, INSERT, DE02120300000000202051]",
|
||||
"[creating bankaccount test-data, hs_office.bankaccount, INSERT, DE02500105170137075030]",
|
||||
"[creating bankaccount test-data, hs_office.bankaccount, INSERT, DE02100500000054540402]");
|
||||
}
|
||||
|
||||
private HsOfficeBankAccountEntity givenSomeTemporaryBankAccount(final String createdByUser) {
|
||||
|
@ -103,20 +103,20 @@ class HsOfficeContactRbacRepositoryIntegrationTest extends ContextBasedTestWithC
|
||||
final var roles = rawRoleRepo.findAll();
|
||||
assertThat(distinctRoleNamesOf(roles)).containsExactlyInAnyOrder(Array.from(
|
||||
initialRoleNames,
|
||||
"hs_office_contact#anothernewcontact:OWNER",
|
||||
"hs_office_contact#anothernewcontact:ADMIN",
|
||||
"hs_office_contact#anothernewcontact:REFERRER"
|
||||
"hs_office.contact#anothernewcontact:OWNER",
|
||||
"hs_office.contact#anothernewcontact:ADMIN",
|
||||
"hs_office.contact#anothernewcontact:REFERRER"
|
||||
));
|
||||
assertThat(distinctGrantDisplaysOf(rawGrantRepo.findAll())).containsExactlyInAnyOrder(Array.fromFormatted(
|
||||
initialGrantNames,
|
||||
"{ grant role:hs_office_contact#anothernewcontact:OWNER to role:rbac.global#global:ADMIN by system and assume }",
|
||||
"{ grant perm:hs_office_contact#anothernewcontact:UPDATE to role:hs_office_contact#anothernewcontact:ADMIN by system and assume }",
|
||||
"{ grant role:hs_office_contact#anothernewcontact:OWNER to user:selfregistered-user-drew@hostsharing.org by hs_office_contact#anothernewcontact:OWNER and assume }",
|
||||
"{ grant perm:hs_office_contact#anothernewcontact:DELETE to role:hs_office_contact#anothernewcontact:OWNER by system and assume }",
|
||||
"{ grant role:hs_office_contact#anothernewcontact:ADMIN to role:hs_office_contact#anothernewcontact:OWNER by system and assume }",
|
||||
"{ grant role:hs_office.contact#anothernewcontact:OWNER to role:rbac.global#global:ADMIN by system and assume }",
|
||||
"{ grant perm:hs_office.contact#anothernewcontact:UPDATE to role:hs_office.contact#anothernewcontact:ADMIN by system and assume }",
|
||||
"{ grant role:hs_office.contact#anothernewcontact:OWNER to user:selfregistered-user-drew@hostsharing.org by hs_office.contact#anothernewcontact:OWNER and assume }",
|
||||
"{ grant perm:hs_office.contact#anothernewcontact:DELETE to role:hs_office.contact#anothernewcontact:OWNER by system and assume }",
|
||||
"{ grant role:hs_office.contact#anothernewcontact:ADMIN to role:hs_office.contact#anothernewcontact:OWNER by system and assume }",
|
||||
|
||||
"{ grant perm:hs_office_contact#anothernewcontact:SELECT to role:hs_office_contact#anothernewcontact:REFERRER by system and assume }",
|
||||
"{ grant role:hs_office_contact#anothernewcontact:REFERRER to role:hs_office_contact#anothernewcontact:ADMIN by system and assume }"
|
||||
"{ grant perm:hs_office.contact#anothernewcontact:SELECT to role:hs_office.contact#anothernewcontact:REFERRER by system and assume }",
|
||||
"{ grant role:hs_office.contact#anothernewcontact:REFERRER to role:hs_office.contact#anothernewcontact:ADMIN by system and assume }"
|
||||
));
|
||||
}
|
||||
|
||||
@ -258,7 +258,7 @@ class HsOfficeContactRbacRepositoryIntegrationTest extends ContextBasedTestWithC
|
||||
final var query = em.createNativeQuery("""
|
||||
select currentTask, targetTable, targetOp, targetdelta->>'caption'
|
||||
from base.tx_journal_v
|
||||
where targettable = 'hs_office_contact';
|
||||
where targettable = 'hs_office.contact';
|
||||
""");
|
||||
|
||||
// when
|
||||
@ -266,9 +266,9 @@ class HsOfficeContactRbacRepositoryIntegrationTest extends ContextBasedTestWithC
|
||||
|
||||
// then
|
||||
assertThat(customerLogEntries).map(Arrays::toString).contains(
|
||||
"[creating contact test-data, hs_office_contact, INSERT, first contact]",
|
||||
"[creating contact test-data, hs_office_contact, INSERT, second contact]",
|
||||
"[creating contact test-data, hs_office_contact, INSERT, third contact]");
|
||||
"[creating contact test-data, hs_office.contact, INSERT, first contact]",
|
||||
"[creating contact test-data, hs_office.contact, INSERT, second contact]",
|
||||
"[creating contact test-data, hs_office.contact, INSERT, third contact]");
|
||||
}
|
||||
|
||||
private HsOfficeContactRbacEntity givenSomeTemporaryContact(
|
||||
|
@ -391,9 +391,9 @@ class HsOfficeCoopAssetsTransactionControllerAcceptanceTest extends ContextBased
|
||||
void cleanup() {
|
||||
jpaAttempt.transacted(() -> {
|
||||
context.define("superuser-alex@hostsharing.net", null);
|
||||
// HsOfficeCoopAssetsTransactionEntity respectively hs_office_coopassetstransaction_rv
|
||||
// HsOfficeCoopAssetsTransactionEntity respectively hs_office.coopassetstransaction_rv
|
||||
// cannot be deleted at all, but the underlying table record can be deleted.
|
||||
em.createNativeQuery("delete from hs_office_coopassetstransaction where reference like 'temp %'")
|
||||
em.createNativeQuery("delete from hs_office.coopassetstransaction where reference like 'temp %'")
|
||||
.executeUpdate();
|
||||
}).assertSuccessful();
|
||||
}
|
||||
|
@ -89,7 +89,7 @@ class HsOfficeCoopAssetsTransactionRepositoryIntegrationTest extends ContextBase
|
||||
context("superuser-alex@hostsharing.net");
|
||||
final var initialRoleNames = distinctRoleNamesOf(rawRoleRepo.findAll());
|
||||
final var initialGrantNames = distinctGrantDisplaysOf(rawGrantRepo.findAll()).stream()
|
||||
.map(s -> s.replace("hs_office_", ""))
|
||||
.map(s -> s.replace("hs_office.", ""))
|
||||
.toList();
|
||||
|
||||
// when
|
||||
@ -109,7 +109,7 @@ class HsOfficeCoopAssetsTransactionRepositoryIntegrationTest extends ContextBase
|
||||
final var all = rawRoleRepo.findAll();
|
||||
assertThat(distinctRoleNamesOf(all)).containsExactlyInAnyOrder(Array.from(initialRoleNames)); // no new roles created
|
||||
assertThat(distinctGrantDisplaysOf(rawGrantRepo.findAll()))
|
||||
.map(s -> s.replace("hs_office_", ""))
|
||||
.map(s -> s.replace("hs_office.", ""))
|
||||
.containsExactlyInAnyOrder(Array.fromFormatted(
|
||||
initialGrantNames,
|
||||
"{ grant perm:coopassetstransaction#temprefB:SELECT to role:membership#M-1000101:AGENT by system and assume }",
|
||||
@ -198,7 +198,7 @@ class HsOfficeCoopAssetsTransactionRepositoryIntegrationTest extends ContextBase
|
||||
@Test
|
||||
public void partnerPersonAdmin_canViewRelatedCoopAssetsTransactions() {
|
||||
// given:
|
||||
context("superuser-alex@hostsharing.net", "hs_office_person#FirstGmbH:ADMIN");
|
||||
context("superuser-alex@hostsharing.net", "hs_office.person#FirstGmbH:ADMIN");
|
||||
|
||||
// when:
|
||||
final var result = coopAssetsTransactionRepo.findCoopAssetsTransactionByOptionalMembershipUuidAndDateRange(
|
||||
@ -222,7 +222,7 @@ class HsOfficeCoopAssetsTransactionRepositoryIntegrationTest extends ContextBase
|
||||
final var query = em.createNativeQuery("""
|
||||
select currentTask, targetTable, targetOp, targetdelta->>'reference'
|
||||
from base.tx_journal_v
|
||||
where targettable = 'hs_office_coopassetstransaction';
|
||||
where targettable = 'hs_office.coopassetstransaction';
|
||||
""");
|
||||
|
||||
// when
|
||||
@ -230,18 +230,18 @@ class HsOfficeCoopAssetsTransactionRepositoryIntegrationTest extends ContextBase
|
||||
|
||||
// then
|
||||
assertThat(customerLogEntries).map(Arrays::toString).contains(
|
||||
"[creating coopAssetsTransaction test-data, hs_office_coopassetstransaction, INSERT, ref 1000101-1]",
|
||||
"[creating coopAssetsTransaction test-data, hs_office_coopassetstransaction, INSERT, ref 1000101-2]",
|
||||
"[creating coopAssetsTransaction test-data, hs_office_coopassetstransaction, INSERT, ref 1000101-3]",
|
||||
"[creating coopAssetsTransaction test-data, hs_office_coopassetstransaction, INSERT, ref 1000101-3]",
|
||||
"[creating coopAssetsTransaction test-data, hs_office_coopassetstransaction, INSERT, ref 1000202-1]",
|
||||
"[creating coopAssetsTransaction test-data, hs_office_coopassetstransaction, INSERT, ref 1000202-2]",
|
||||
"[creating coopAssetsTransaction test-data, hs_office_coopassetstransaction, INSERT, ref 1000202-3]",
|
||||
"[creating coopAssetsTransaction test-data, hs_office_coopassetstransaction, INSERT, ref 1000202-3]",
|
||||
"[creating coopAssetsTransaction test-data, hs_office_coopassetstransaction, INSERT, ref 1000303-1]",
|
||||
"[creating coopAssetsTransaction test-data, hs_office_coopassetstransaction, INSERT, ref 1000303-2]",
|
||||
"[creating coopAssetsTransaction test-data, hs_office_coopassetstransaction, INSERT, ref 1000303-3]",
|
||||
"[creating coopAssetsTransaction test-data, hs_office_coopassetstransaction, INSERT, ref 1000303-3]");
|
||||
"[creating coopAssetsTransaction test-data, hs_office.coopassetstransaction, INSERT, ref 1000101-1]",
|
||||
"[creating coopAssetsTransaction test-data, hs_office.coopassetstransaction, INSERT, ref 1000101-2]",
|
||||
"[creating coopAssetsTransaction test-data, hs_office.coopassetstransaction, INSERT, ref 1000101-3]",
|
||||
"[creating coopAssetsTransaction test-data, hs_office.coopassetstransaction, INSERT, ref 1000101-3]",
|
||||
"[creating coopAssetsTransaction test-data, hs_office.coopassetstransaction, INSERT, ref 1000202-1]",
|
||||
"[creating coopAssetsTransaction test-data, hs_office.coopassetstransaction, INSERT, ref 1000202-2]",
|
||||
"[creating coopAssetsTransaction test-data, hs_office.coopassetstransaction, INSERT, ref 1000202-3]",
|
||||
"[creating coopAssetsTransaction test-data, hs_office.coopassetstransaction, INSERT, ref 1000202-3]",
|
||||
"[creating coopAssetsTransaction test-data, hs_office.coopassetstransaction, INSERT, ref 1000303-1]",
|
||||
"[creating coopAssetsTransaction test-data, hs_office.coopassetstransaction, INSERT, ref 1000303-2]",
|
||||
"[creating coopAssetsTransaction test-data, hs_office.coopassetstransaction, INSERT, ref 1000303-3]",
|
||||
"[creating coopAssetsTransaction test-data, hs_office.coopassetstransaction, INSERT, ref 1000303-3]");
|
||||
}
|
||||
|
||||
@BeforeEach
|
||||
|
@ -55,9 +55,9 @@ class HsOfficeCoopSharesTransactionControllerAcceptanceTest extends ContextBased
|
||||
void cleanup() {
|
||||
jpaAttempt.transacted(() -> {
|
||||
context.define("superuser-alex@hostsharing.net", null);
|
||||
// HsOfficeCoopSharesTransactionEntity respectively hs_office_coopsharestransaction_rv
|
||||
// HsOfficeCoopSharesTransactionEntity respectively hs_office.coopsharestransaction_rv
|
||||
// cannot be deleted at all, but the underlying table record can be deleted.
|
||||
em.createNativeQuery("delete from hs_office_coopsharestransaction where reference like 'temp %'").executeUpdate();
|
||||
em.createNativeQuery("delete from hs_office.coopsharestransaction where reference like 'temp %'").executeUpdate();
|
||||
}).assertSuccessful();
|
||||
}
|
||||
|
||||
|
@ -88,7 +88,7 @@ class HsOfficeCoopSharesTransactionRepositoryIntegrationTest extends ContextBase
|
||||
context("superuser-alex@hostsharing.net");
|
||||
final var initialRoleNames = distinctRoleNamesOf(rawRoleRepo.findAll());
|
||||
final var initialGrantNames = distinctGrantDisplaysOf(rawGrantRepo.findAll()).stream()
|
||||
.map(s -> s.replace("hs_office_", ""))
|
||||
.map(s -> s.replace("hs_office.", ""))
|
||||
.toList();
|
||||
|
||||
// when
|
||||
@ -108,7 +108,7 @@ class HsOfficeCoopSharesTransactionRepositoryIntegrationTest extends ContextBase
|
||||
final var all = rawRoleRepo.findAll();
|
||||
assertThat(distinctRoleNamesOf(all)).containsExactlyInAnyOrder(Array.from(initialRoleNames)); // no new roles created
|
||||
assertThat(distinctGrantDisplaysOf(rawGrantRepo.findAll()))
|
||||
.map(s -> s.replace("hs_office_", ""))
|
||||
.map(s -> s.replace("hs_office.", ""))
|
||||
.containsExactlyInAnyOrder(Array.fromFormatted(
|
||||
initialGrantNames,
|
||||
"{ grant perm:coopsharestransaction#temprefB:SELECT to role:membership#M-1000101:AGENT by system and assume }",
|
||||
@ -197,7 +197,7 @@ class HsOfficeCoopSharesTransactionRepositoryIntegrationTest extends ContextBase
|
||||
@Test
|
||||
public void normalUser_canViewOnlyRelatedCoopSharesTransactions() {
|
||||
// given:
|
||||
context("superuser-alex@hostsharing.net", "hs_office_membership#M-1000101:ADMIN");
|
||||
context("superuser-alex@hostsharing.net", "hs_office.membership#M-1000101:ADMIN");
|
||||
|
||||
// when:
|
||||
final var result = coopSharesTransactionRepo.findCoopSharesTransactionByOptionalMembershipUuidAndDateRange(
|
||||
@ -221,7 +221,7 @@ class HsOfficeCoopSharesTransactionRepositoryIntegrationTest extends ContextBase
|
||||
final var query = em.createNativeQuery("""
|
||||
select currentTask, targetTable, targetOp, targetdelta->>'reference'
|
||||
from base.tx_journal_v
|
||||
where targettable = 'hs_office_coopsharestransaction';
|
||||
where targettable = 'hs_office.coopsharestransaction';
|
||||
""");
|
||||
|
||||
// when
|
||||
@ -229,18 +229,18 @@ class HsOfficeCoopSharesTransactionRepositoryIntegrationTest extends ContextBase
|
||||
|
||||
// then
|
||||
assertThat(customerLogEntries).map(Arrays::toString).contains(
|
||||
"[creating coopSharesTransaction test-data, hs_office_coopsharestransaction, INSERT, ref 1000101-1]",
|
||||
"[creating coopSharesTransaction test-data, hs_office_coopsharestransaction, INSERT, ref 1000101-2]",
|
||||
"[creating coopSharesTransaction test-data, hs_office_coopsharestransaction, INSERT, ref 1000101-3]",
|
||||
"[creating coopSharesTransaction test-data, hs_office_coopsharestransaction, INSERT, ref 1000101-4]",
|
||||
"[creating coopSharesTransaction test-data, hs_office_coopsharestransaction, INSERT, ref 1000202-1]",
|
||||
"[creating coopSharesTransaction test-data, hs_office_coopsharestransaction, INSERT, ref 1000202-2]",
|
||||
"[creating coopSharesTransaction test-data, hs_office_coopsharestransaction, INSERT, ref 1000202-3]",
|
||||
"[creating coopSharesTransaction test-data, hs_office_coopsharestransaction, INSERT, ref 1000202-4]",
|
||||
"[creating coopSharesTransaction test-data, hs_office_coopsharestransaction, INSERT, ref 1000303-1]",
|
||||
"[creating coopSharesTransaction test-data, hs_office_coopsharestransaction, INSERT, ref 1000303-2]",
|
||||
"[creating coopSharesTransaction test-data, hs_office_coopsharestransaction, INSERT, ref 1000303-3]",
|
||||
"[creating coopSharesTransaction test-data, hs_office_coopsharestransaction, INSERT, ref 1000303-4]");
|
||||
"[creating coopSharesTransaction test-data, hs_office.coopsharestransaction, INSERT, ref 1000101-1]",
|
||||
"[creating coopSharesTransaction test-data, hs_office.coopsharestransaction, INSERT, ref 1000101-2]",
|
||||
"[creating coopSharesTransaction test-data, hs_office.coopsharestransaction, INSERT, ref 1000101-3]",
|
||||
"[creating coopSharesTransaction test-data, hs_office.coopsharestransaction, INSERT, ref 1000101-4]",
|
||||
"[creating coopSharesTransaction test-data, hs_office.coopsharestransaction, INSERT, ref 1000202-1]",
|
||||
"[creating coopSharesTransaction test-data, hs_office.coopsharestransaction, INSERT, ref 1000202-2]",
|
||||
"[creating coopSharesTransaction test-data, hs_office.coopsharestransaction, INSERT, ref 1000202-3]",
|
||||
"[creating coopSharesTransaction test-data, hs_office.coopsharestransaction, INSERT, ref 1000202-4]",
|
||||
"[creating coopSharesTransaction test-data, hs_office.coopsharestransaction, INSERT, ref 1000303-1]",
|
||||
"[creating coopSharesTransaction test-data, hs_office.coopsharestransaction, INSERT, ref 1000303-2]",
|
||||
"[creating coopSharesTransaction test-data, hs_office.coopsharestransaction, INSERT, ref 1000303-3]",
|
||||
"[creating coopSharesTransaction test-data, hs_office.coopsharestransaction, INSERT, ref 1000303-4]");
|
||||
}
|
||||
|
||||
@BeforeEach
|
||||
|
@ -638,7 +638,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu
|
||||
RestAssured // @formatter:off
|
||||
.given()
|
||||
.header("current-subject", "superuser-alex@hostsharing.net")
|
||||
.header("assumed-roles", "hs_office_contact#fourthcontact:ADMIN")
|
||||
.header("assumed-roles", "hs_office.contact#fourthcontact:ADMIN")
|
||||
.contentType(ContentType.JSON)
|
||||
.body("""
|
||||
{
|
||||
@ -651,7 +651,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu
|
||||
.then().log().all().assertThat()
|
||||
.statusCode(403)
|
||||
.body("message", containsString("ERROR: [403] Subject"))
|
||||
.body("message", containsString("is not allowed to update hs_office_debitor uuid "));
|
||||
.body("message", containsString("is not allowed to update hs_office.debitor uuid "));
|
||||
|
||||
}
|
||||
}
|
||||
|
@ -141,7 +141,7 @@ class HsOfficeDebitorRepositoryIntegrationTest extends ContextBasedTestWithClean
|
||||
|
||||
// then
|
||||
result.assertExceptionWithRootCauseMessage(org.hibernate.exception.ConstraintViolationException.class,
|
||||
"ERROR: new row for relation \"hs_office_debitor\" violates check constraint \"check_default_prefix\"");
|
||||
"ERROR: new row for relation \"hs_office.debitor\" violates check constraint \"check_default_prefix\"");
|
||||
}
|
||||
|
||||
@Test
|
||||
@ -151,7 +151,7 @@ class HsOfficeDebitorRepositoryIntegrationTest extends ContextBasedTestWithClean
|
||||
final var initialRoleNames = distinctRoleNamesOf(rawRoleRepo.findAll());
|
||||
final var initialGrantNames = distinctGrantDisplaysOf(rawGrantRepo.findAll()).stream()
|
||||
// some search+replace to make the output fit into the screen width
|
||||
.map(s -> s.replace("hs_office_", ""))
|
||||
.map(s -> s.replace("hs_office.", ""))
|
||||
.toList();
|
||||
|
||||
// when
|
||||
@ -176,12 +176,12 @@ class HsOfficeDebitorRepositoryIntegrationTest extends ContextBasedTestWithClean
|
||||
// then
|
||||
assertThat(distinctRoleNamesOf(rawRoleRepo.findAll())).containsExactlyInAnyOrder(Array.from(
|
||||
initialRoleNames,
|
||||
"hs_office_relation#FirstGmbH-with-DEBITOR-FourtheG:OWNER",
|
||||
"hs_office_relation#FirstGmbH-with-DEBITOR-FourtheG:ADMIN",
|
||||
"hs_office_relation#FirstGmbH-with-DEBITOR-FourtheG:AGENT",
|
||||
"hs_office_relation#FirstGmbH-with-DEBITOR-FourtheG:TENANT"));
|
||||
"hs_office.relation#FirstGmbH-with-DEBITOR-FourtheG:OWNER",
|
||||
"hs_office.relation#FirstGmbH-with-DEBITOR-FourtheG:ADMIN",
|
||||
"hs_office.relation#FirstGmbH-with-DEBITOR-FourtheG:AGENT",
|
||||
"hs_office.relation#FirstGmbH-with-DEBITOR-FourtheG:TENANT"));
|
||||
assertThat(distinctGrantDisplaysOf(rawGrantRepo.findAll()))
|
||||
.map(s -> s.replace("hs_office_", ""))
|
||||
.map(s -> s.replace("hs_office.", ""))
|
||||
.containsExactlyInAnyOrder(Array.fromFormatted(
|
||||
initialGrantNames,
|
||||
"{ grant perm:relation#FirstGmbH-with-DEBITOR-FourtheG:INSERT>sepamandate to role:relation#FirstGmbH-with-DEBITOR-FourtheG:ADMIN by system and assume }",
|
||||
@ -247,9 +247,9 @@ class HsOfficeDebitorRepositoryIntegrationTest extends ContextBasedTestWithClean
|
||||
@ParameterizedTest
|
||||
@Disabled // TODO: reactivate once partner.person + partner.contact are removed
|
||||
@ValueSource(strings = {
|
||||
"hs_office_partner#10001:FirstGmbH-firstcontact:ADMIN",
|
||||
"hs_office_person#FirstGmbH:ADMIN",
|
||||
"hs_office_contact#firstcontact:ADMIN",
|
||||
"hs_office.partner#10001:FirstGmbH-firstcontact:ADMIN",
|
||||
"hs_office.person#FirstGmbH:ADMIN",
|
||||
"hs_office.contact#firstcontact:ADMIN",
|
||||
})
|
||||
public void relatedPersonAdmin_canViewRelatedDebitors(final String assumedRole) {
|
||||
// given:
|
||||
@ -321,7 +321,7 @@ class HsOfficeDebitorRepositoryIntegrationTest extends ContextBasedTestWithClean
|
||||
|
||||
assertThatDebitorIsVisibleForUserWithRole(
|
||||
givenDebitor,
|
||||
"hs_office_relation#FourtheG-with-DEBITOR-FourtheG:ADMIN", true);
|
||||
"hs_office.relation#FourtheG-with-DEBITOR-FourtheG:ADMIN", true);
|
||||
final var givenNewPartnerPerson = one(personRepo.findPersonByOptionalNameLike("First"));
|
||||
final var givenNewBillingPerson = one(personRepo.findPersonByOptionalNameLike("Firby"));
|
||||
final var givenNewContact = one(contactrealRepo.findContactByOptionalCaptionLike("sixth contact"));
|
||||
@ -354,26 +354,26 @@ class HsOfficeDebitorRepositoryIntegrationTest extends ContextBasedTestWithClean
|
||||
// ... partner role was reassigned:
|
||||
assertThatDebitorIsNotVisibleForUserWithRole(
|
||||
result.returnedValue(),
|
||||
"hs_office_relation#FourtheG-with-DEBITOR-FourtheG:ADMIN");
|
||||
"hs_office.relation#FourtheG-with-DEBITOR-FourtheG:ADMIN");
|
||||
assertThatDebitorIsVisibleForUserWithRole(
|
||||
result.returnedValue(),
|
||||
"hs_office_relation#FirstGmbH-with-DEBITOR-FirbySusan:AGENT", true);
|
||||
"hs_office.relation#FirstGmbH-with-DEBITOR-FirbySusan:AGENT", true);
|
||||
|
||||
// ... contact role was reassigned:
|
||||
assertThatDebitorIsNotVisibleForUserWithRole(
|
||||
result.returnedValue(),
|
||||
"hs_office_contact#fifthcontact:ADMIN");
|
||||
"hs_office.contact#fifthcontact:ADMIN");
|
||||
assertThatDebitorIsVisibleForUserWithRole(
|
||||
result.returnedValue(),
|
||||
"hs_office_contact#sixthcontact:ADMIN", false);
|
||||
"hs_office.contact#sixthcontact:ADMIN", false);
|
||||
|
||||
// ... bank-account role was reassigned:
|
||||
assertThatDebitorIsNotVisibleForUserWithRole(
|
||||
result.returnedValue(),
|
||||
"hs_office_bankaccount#DE02200505501015871393:ADMIN");
|
||||
"hs_office.bankaccount#DE02200505501015871393:ADMIN");
|
||||
assertThatDebitorIsVisibleForUserWithRole(
|
||||
result.returnedValue(),
|
||||
"hs_office_bankaccount#DE02120300000000202051:ADMIN", true);
|
||||
"hs_office.bankaccount#DE02120300000000202051:ADMIN", true);
|
||||
}
|
||||
|
||||
@Test
|
||||
@ -383,7 +383,7 @@ class HsOfficeDebitorRepositoryIntegrationTest extends ContextBasedTestWithClean
|
||||
final var givenDebitor = givenSomeTemporaryDebitor("Fourth", "fifth contact", null, "fig");
|
||||
assertThatDebitorIsVisibleForUserWithRole(
|
||||
givenDebitor,
|
||||
"hs_office_relation#FourtheG-with-DEBITOR-FourtheG:ADMIN", true);
|
||||
"hs_office.relation#FourtheG-with-DEBITOR-FourtheG:ADMIN", true);
|
||||
assertThatDebitorActuallyInDatabase(givenDebitor, true);
|
||||
final var givenNewBankAccount = one(bankAccountRepo.findByOptionalHolderLike("first"));
|
||||
|
||||
@ -403,7 +403,7 @@ class HsOfficeDebitorRepositoryIntegrationTest extends ContextBasedTestWithClean
|
||||
// ... bank-account role was assigned:
|
||||
assertThatDebitorIsVisibleForUserWithRole(
|
||||
result.returnedValue(),
|
||||
"hs_office_bankaccount#DE02120300000000202051:ADMIN", true);
|
||||
"hs_office.bankaccount#DE02120300000000202051:ADMIN", true);
|
||||
}
|
||||
|
||||
@Test
|
||||
@ -413,7 +413,7 @@ class HsOfficeDebitorRepositoryIntegrationTest extends ContextBasedTestWithClean
|
||||
final var givenDebitor = givenSomeTemporaryDebitor("Fourth", "fifth contact", "Fourth", "fih");
|
||||
assertThatDebitorIsVisibleForUserWithRole(
|
||||
givenDebitor,
|
||||
"hs_office_relation#HostsharingeG-with-PARTNER-FourtheG:AGENT", true);
|
||||
"hs_office.relation#HostsharingeG-with-PARTNER-FourtheG:AGENT", true);
|
||||
assertThatDebitorActuallyInDatabase(givenDebitor, true);
|
||||
|
||||
// when
|
||||
@ -432,7 +432,7 @@ class HsOfficeDebitorRepositoryIntegrationTest extends ContextBasedTestWithClean
|
||||
// ... bank-account role was removed from previous bank-account admin:
|
||||
assertThatDebitorIsNotVisibleForUserWithRole(
|
||||
result.returnedValue(),
|
||||
"hs_office_bankaccount#DE02200505501015871393:ADMIN");
|
||||
"hs_office.bankaccount#DE02200505501015871393:ADMIN");
|
||||
}
|
||||
|
||||
@Test
|
||||
@ -442,19 +442,19 @@ class HsOfficeDebitorRepositoryIntegrationTest extends ContextBasedTestWithClean
|
||||
final var givenDebitor = givenSomeTemporaryDebitor("Fourth", "eighth", "Fourth", "eig");
|
||||
assertThatDebitorIsVisibleForUserWithRole(
|
||||
givenDebitor,
|
||||
"hs_office_relation#HostsharingeG-with-PARTNER-FourtheG:AGENT", true);
|
||||
"hs_office.relation#HostsharingeG-with-PARTNER-FourtheG:AGENT", true);
|
||||
assertThatDebitorActuallyInDatabase(givenDebitor, true);
|
||||
|
||||
// when
|
||||
final var result = jpaAttempt.transacted(() -> {
|
||||
context("superuser-alex@hostsharing.net", "hs_office_relation#HostsharingeG-with-PARTNER-FourtheG:AGENT");
|
||||
context("superuser-alex@hostsharing.net", "hs_office.relation#HostsharingeG-with-PARTNER-FourtheG:AGENT");
|
||||
givenDebitor.setVatId("NEW-VAT-ID");
|
||||
return toCleanup(debitorRepo.save(givenDebitor));
|
||||
});
|
||||
|
||||
// then
|
||||
result.assertExceptionWithRootCauseMessage(JpaSystemException.class,
|
||||
"[403] Subject ", " is not allowed to update hs_office_debitor uuid");
|
||||
"[403] Subject ", " is not allowed to update hs_office.debitor uuid");
|
||||
}
|
||||
|
||||
@Test
|
||||
@ -463,11 +463,11 @@ class HsOfficeDebitorRepositoryIntegrationTest extends ContextBasedTestWithClean
|
||||
context("superuser-alex@hostsharing.net");
|
||||
final var givenDebitor = givenSomeTemporaryDebitor("Fourth", "ninth", "Fourth", "nin");
|
||||
assertThatDebitorActuallyInDatabase(givenDebitor, true);
|
||||
assertThatDebitorIsVisibleForUserWithRole(givenDebitor, "hs_office_contact#ninthcontact:ADMIN", false);
|
||||
assertThatDebitorIsVisibleForUserWithRole(givenDebitor, "hs_office.contact#ninthcontact:ADMIN", false);
|
||||
|
||||
// when
|
||||
final var result = jpaAttempt.transacted(() -> {
|
||||
context("superuser-alex@hostsharing.net", "hs_office_contact#ninthcontact:ADMIN");
|
||||
context("superuser-alex@hostsharing.net", "hs_office.contact#ninthcontact:ADMIN");
|
||||
givenDebitor.setVatId("NEW-VAT-ID");
|
||||
final HsOfficeDebitorEntity entity = debitorRepo.save(givenDebitor);
|
||||
return toCleanup(entity.load());
|
||||
@ -477,7 +477,7 @@ class HsOfficeDebitorRepositoryIntegrationTest extends ContextBasedTestWithClean
|
||||
result.assertExceptionWithRootCauseMessage(
|
||||
JpaSystemException.class,
|
||||
"ERROR: [403]",
|
||||
"is not allowed to update hs_office_debitor uuid");
|
||||
"is not allowed to update hs_office.debitor uuid");
|
||||
}
|
||||
|
||||
private void assertThatDebitorActuallyInDatabase(final HsOfficeDebitorEntity saved, final boolean withPartner) {
|
||||
@ -547,7 +547,7 @@ class HsOfficeDebitorRepositoryIntegrationTest extends ContextBasedTestWithClean
|
||||
|
||||
// when
|
||||
final var result = jpaAttempt.transacted(() -> {
|
||||
context("superuser-alex@hostsharing.net", "hs_office_relation#FourtheG-with-DEBITOR-FourtheG:ADMIN");
|
||||
context("superuser-alex@hostsharing.net", "hs_office.relation#FourtheG-with-DEBITOR-FourtheG:ADMIN");
|
||||
assertThat(debitorRepo.findByUuid(givenDebitor.getUuid())).isPresent();
|
||||
|
||||
debitorRepo.deleteByUuid(givenDebitor.getUuid());
|
||||
@ -556,7 +556,7 @@ class HsOfficeDebitorRepositoryIntegrationTest extends ContextBasedTestWithClean
|
||||
// then
|
||||
result.assertExceptionWithRootCauseMessage(
|
||||
JpaSystemException.class,
|
||||
"[403] Subject ", " not allowed to delete hs_office_debitor");
|
||||
"[403] Subject ", " not allowed to delete hs_office.debitor");
|
||||
assertThat(jpaAttempt.transacted(() -> {
|
||||
context("superuser-alex@hostsharing.net");
|
||||
return debitorRepo.findByUuid(givenDebitor.getUuid());
|
||||
@ -591,7 +591,7 @@ class HsOfficeDebitorRepositoryIntegrationTest extends ContextBasedTestWithClean
|
||||
final var query = em.createNativeQuery("""
|
||||
select currentTask, targetTable, targetOp, targetdelta->>'defaultprefix'
|
||||
from base.tx_journal_v
|
||||
where targettable = 'hs_office_debitor';
|
||||
where targettable = 'hs_office.debitor';
|
||||
""");
|
||||
|
||||
// when
|
||||
@ -599,9 +599,9 @@ class HsOfficeDebitorRepositoryIntegrationTest extends ContextBasedTestWithClean
|
||||
|
||||
// then
|
||||
assertThat(customerLogEntries).map(Arrays::toString).contains(
|
||||
"[creating debitor test-data, hs_office_debitor, INSERT, fir]",
|
||||
"[creating debitor test-data, hs_office_debitor, INSERT, sec]",
|
||||
"[creating debitor test-data, hs_office_debitor, INSERT, thi]");
|
||||
"[creating debitor test-data, hs_office.debitor, INSERT, fir]",
|
||||
"[creating debitor test-data, hs_office.debitor, INSERT, sec]",
|
||||
"[creating debitor test-data, hs_office.debitor, INSERT, thi]");
|
||||
}
|
||||
|
||||
private HsOfficeDebitorEntity givenSomeTemporaryDebitor(
|
||||
|
@ -263,7 +263,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle
|
||||
RestAssured // @formatter:off
|
||||
.given()
|
||||
.header("current-subject", "superuser-alex@hostsharing.net")
|
||||
.header("assumed-roles", "hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG:AGENT")
|
||||
.header("assumed-roles", "hs_office.relation#HostsharingeG-with-PARTNER-ThirdOHG:AGENT")
|
||||
.port(port)
|
||||
.when()
|
||||
.get("http://localhost/api/hs/office/memberships/" + givenMembershipUuid)
|
||||
@ -331,7 +331,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle
|
||||
void partnerRelAdmin_canPatchValidityOfRelatedMembership() {
|
||||
|
||||
// given
|
||||
final var givenPartnerAdmin = "hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH:ADMIN";
|
||||
final var givenPartnerAdmin = "hs_office.relation#HostsharingeG-with-PARTNER-FirstGmbH:ADMIN";
|
||||
context.define("superuser-alex@hostsharing.net", givenPartnerAdmin);
|
||||
final var givenMembership = givenSomeTemporaryMembershipBessler("First");
|
||||
|
||||
@ -392,7 +392,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle
|
||||
RestAssured // @formatter:off
|
||||
.given()
|
||||
.header("current-subject", "superuser-alex@hostsharing.net")
|
||||
.header("assumed-roles", "hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH:AGENT")
|
||||
.header("assumed-roles", "hs_office.relation#HostsharingeG-with-PARTNER-FirstGmbH:AGENT")
|
||||
.port(port)
|
||||
.when()
|
||||
.delete("http://localhost/api/hs/office/memberships/" + givenMembership.getUuid())
|
||||
|
@ -91,7 +91,7 @@ class HsOfficeMembershipRepositoryIntegrationTest extends ContextBasedTestWithCl
|
||||
context("superuser-alex@hostsharing.net");
|
||||
final var initialRoleNames = distinctRoleNamesOf(rawRoleRepo.findAll());
|
||||
final var initialGrantNames = distinctGrantDisplaysOf(rawGrantRepo.findAll()).stream()
|
||||
.map(s -> s.replace("hs_office_", ""))
|
||||
.map(s -> s.replace("hs_office.", ""))
|
||||
.toList();
|
||||
|
||||
// when
|
||||
@ -110,11 +110,11 @@ class HsOfficeMembershipRepositoryIntegrationTest extends ContextBasedTestWithCl
|
||||
final var all = rawRoleRepo.findAll();
|
||||
assertThat(distinctRoleNamesOf(all)).containsExactlyInAnyOrder(Array.from(
|
||||
initialRoleNames,
|
||||
"hs_office_membership#M-1000117:OWNER",
|
||||
"hs_office_membership#M-1000117:ADMIN",
|
||||
"hs_office_membership#M-1000117:AGENT"));
|
||||
"hs_office.membership#M-1000117:OWNER",
|
||||
"hs_office.membership#M-1000117:ADMIN",
|
||||
"hs_office.membership#M-1000117:AGENT"));
|
||||
assertThat(distinctGrantDisplaysOf(rawGrantRepo.findAll()))
|
||||
.map(s -> s.replace("hs_office_", ""))
|
||||
.map(s -> s.replace("hs_office.", ""))
|
||||
.containsExactlyInAnyOrder(Array.fromFormatted(
|
||||
initialGrantNames,
|
||||
// insert
|
||||
@ -230,13 +230,13 @@ class HsOfficeMembershipRepositoryIntegrationTest extends ContextBasedTestWithCl
|
||||
assertThatMembershipExistsAndIsAccessibleToCurrentContext(givenMembership);
|
||||
assertThatMembershipIsVisibleForRole(
|
||||
givenMembership,
|
||||
"hs_office_membership#M-1000113:AGENT");
|
||||
"hs_office.membership#M-1000113:AGENT");
|
||||
final var newValidityEnd = LocalDate.now();
|
||||
|
||||
// when
|
||||
final var result = jpaAttempt.transacted(() -> {
|
||||
// TODO: we should test with debitor- and partner-admin as well
|
||||
context("superuser-alex@hostsharing.net", "hs_office_membership#M-1000113:AGENT");
|
||||
context("superuser-alex@hostsharing.net", "hs_office.membership#M-1000113:AGENT");
|
||||
givenMembership.setValidity(
|
||||
Range.closedOpen(givenMembership.getValidity().lower(), newValidityEnd));
|
||||
return membershipRepo.save(givenMembership);
|
||||
@ -244,7 +244,7 @@ class HsOfficeMembershipRepositoryIntegrationTest extends ContextBasedTestWithCl
|
||||
|
||||
// then
|
||||
result.assertExceptionWithRootCauseMessage(JpaSystemException.class,
|
||||
"[403] Subject ", " is not allowed to update hs_office_membership uuid");
|
||||
"[403] Subject ", " is not allowed to update hs_office.membership uuid");
|
||||
}
|
||||
|
||||
private void assertThatMembershipExistsAndIsAccessibleToCurrentContext(final HsOfficeMembershipEntity saved) {
|
||||
@ -294,7 +294,7 @@ class HsOfficeMembershipRepositoryIntegrationTest extends ContextBasedTestWithCl
|
||||
|
||||
// when
|
||||
final var result = jpaAttempt.transacted(() -> {
|
||||
context("superuser-alex@hostsharing.net", "hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH:AGENT");
|
||||
context("superuser-alex@hostsharing.net", "hs_office.relation#HostsharingeG-with-PARTNER-FirstGmbH:AGENT");
|
||||
assertThat(membershipRepo.findByUuid(givenMembership.getUuid())).isPresent();
|
||||
|
||||
membershipRepo.deleteByUuid(givenMembership.getUuid());
|
||||
@ -303,7 +303,7 @@ class HsOfficeMembershipRepositoryIntegrationTest extends ContextBasedTestWithCl
|
||||
// then
|
||||
result.assertExceptionWithRootCauseMessage(
|
||||
JpaSystemException.class,
|
||||
"[403] Subject ", " not allowed to delete hs_office_membership");
|
||||
"[403] Subject ", " not allowed to delete hs_office.membership");
|
||||
assertThat(jpaAttempt.transacted(() -> {
|
||||
context("superuser-alex@hostsharing.net");
|
||||
return membershipRepo.findByUuid(givenMembership.getUuid());
|
||||
@ -338,7 +338,7 @@ class HsOfficeMembershipRepositoryIntegrationTest extends ContextBasedTestWithCl
|
||||
final var query = em.createNativeQuery("""
|
||||
select currentTask, targetTable, targetOp, targetdelta->>'membernumbersuffix'
|
||||
from base.tx_journal_v
|
||||
where targettable = 'hs_office_membership';
|
||||
where targettable = 'hs_office.membership';
|
||||
""");
|
||||
|
||||
// when
|
||||
@ -346,9 +346,9 @@ class HsOfficeMembershipRepositoryIntegrationTest extends ContextBasedTestWithCl
|
||||
|
||||
// then
|
||||
assertThat(customerLogEntries).map(Arrays::toString).contains(
|
||||
"[creating Membership test-data, hs_office_membership, INSERT, 01]",
|
||||
"[creating Membership test-data, hs_office_membership, INSERT, 02]",
|
||||
"[creating Membership test-data, hs_office_membership, INSERT, 03]");
|
||||
"[creating Membership test-data, hs_office.membership, INSERT, 01]",
|
||||
"[creating Membership test-data, hs_office.membership, INSERT, 02]",
|
||||
"[creating Membership test-data, hs_office.membership, INSERT, 03]");
|
||||
}
|
||||
|
||||
private HsOfficeMembershipEntity givenSomeTemporaryMembership(final String partnerTradeName, final String memberNumberSuffix) {
|
||||
|
@ -103,7 +103,7 @@ class HsOfficePartnerRepositoryIntegrationTest extends ContextBasedTestWithClean
|
||||
final var initialGrantNames = distinctGrantDisplaysOf(rawGrantRepo.findAll()).stream()
|
||||
.map(s -> s.replace("ErbenBesslerMelBessler", "EBess"))
|
||||
.map(s -> s.replace("fourthcontact", "4th"))
|
||||
.map(s -> s.replace("hs_office_", ""))
|
||||
.map(s -> s.replace("hs_office.", ""))
|
||||
.toList();
|
||||
|
||||
// when
|
||||
@ -131,14 +131,14 @@ class HsOfficePartnerRepositoryIntegrationTest extends ContextBasedTestWithClean
|
||||
// then
|
||||
assertThat(distinctRoleNamesOf(rawRoleRepo.findAll())).containsExactlyInAnyOrder(from(
|
||||
initialRoleNames,
|
||||
"hs_office_relation#HostsharingeG-with-PARTNER-ErbenBesslerMelBessler:OWNER",
|
||||
"hs_office_relation#HostsharingeG-with-PARTNER-ErbenBesslerMelBessler:ADMIN",
|
||||
"hs_office_relation#HostsharingeG-with-PARTNER-ErbenBesslerMelBessler:AGENT",
|
||||
"hs_office_relation#HostsharingeG-with-PARTNER-ErbenBesslerMelBessler:TENANT"));
|
||||
"hs_office.relation#HostsharingeG-with-PARTNER-ErbenBesslerMelBessler:OWNER",
|
||||
"hs_office.relation#HostsharingeG-with-PARTNER-ErbenBesslerMelBessler:ADMIN",
|
||||
"hs_office.relation#HostsharingeG-with-PARTNER-ErbenBesslerMelBessler:AGENT",
|
||||
"hs_office.relation#HostsharingeG-with-PARTNER-ErbenBesslerMelBessler:TENANT"));
|
||||
assertThat(distinctGrantDisplaysOf(rawGrantRepo.findAll()))
|
||||
.map(s -> s.replace("ErbenBesslerMelBessler", "EBess"))
|
||||
.map(s -> s.replace("fourthcontact", "4th"))
|
||||
.map(s -> s.replace("hs_office_", ""))
|
||||
.map(s -> s.replace("hs_office.", ""))
|
||||
.containsExactlyInAnyOrder(distinct(from(
|
||||
initialGrantNames,
|
||||
|
||||
@ -263,7 +263,7 @@ class HsOfficePartnerRepositoryIntegrationTest extends ContextBasedTestWithClean
|
||||
final var givenPartner = givenSomeTemporaryHostsharingPartner(20036, "Erben Bessler", "fifth contact");
|
||||
assertThatPartnerIsVisibleForUserWithRole(
|
||||
givenPartner,
|
||||
"hs_office_person#ErbenBesslerMelBessler:ADMIN");
|
||||
"hs_office.person#ErbenBesslerMelBessler:ADMIN");
|
||||
assertThatPartnerActuallyInDatabase(givenPartner);
|
||||
|
||||
// when
|
||||
@ -281,10 +281,10 @@ class HsOfficePartnerRepositoryIntegrationTest extends ContextBasedTestWithClean
|
||||
"rbac.global#global:ADMIN");
|
||||
assertThatPartnerIsVisibleForUserWithRole(
|
||||
givenPartner,
|
||||
"hs_office_person#ThirdOHG:ADMIN");
|
||||
"hs_office.person#ThirdOHG:ADMIN");
|
||||
assertThatPartnerIsNotVisibleForUserWithRole(
|
||||
givenPartner,
|
||||
"hs_office_person#ErbenBesslerMelBessler:ADMIN");
|
||||
"hs_office.person#ErbenBesslerMelBessler:ADMIN");
|
||||
}
|
||||
|
||||
@Test
|
||||
@ -294,13 +294,13 @@ class HsOfficePartnerRepositoryIntegrationTest extends ContextBasedTestWithClean
|
||||
final var givenPartner = givenSomeTemporaryHostsharingPartner(20037, "Erben Bessler", "ninth");
|
||||
assertThatPartnerIsVisibleForUserWithRole(
|
||||
givenPartner,
|
||||
"hs_office_person#ErbenBesslerMelBessler:ADMIN");
|
||||
"hs_office.person#ErbenBesslerMelBessler:ADMIN");
|
||||
assertThatPartnerActuallyInDatabase(givenPartner);
|
||||
|
||||
// when
|
||||
final var result = jpaAttempt.transacted(() -> {
|
||||
context("superuser-alex@hostsharing.net",
|
||||
"hs_office_person#ErbenBesslerMelBessler:ADMIN");
|
||||
"hs_office.person#ErbenBesslerMelBessler:ADMIN");
|
||||
givenPartner.getDetails().setBirthName("new birthname");
|
||||
return partnerRepo.save(givenPartner);
|
||||
});
|
||||
@ -316,21 +316,21 @@ class HsOfficePartnerRepositoryIntegrationTest extends ContextBasedTestWithClean
|
||||
final var givenPartner = givenSomeTemporaryHostsharingPartner(20037, "Erben Bessler", "ninth");
|
||||
assertThatPartnerIsVisibleForUserWithRole(
|
||||
givenPartner,
|
||||
"hs_office_person#ErbenBesslerMelBessler:ADMIN");
|
||||
"hs_office.person#ErbenBesslerMelBessler:ADMIN");
|
||||
assertThatPartnerActuallyInDatabase(givenPartner);
|
||||
|
||||
// when
|
||||
final var result = jpaAttempt.transacted(() -> {
|
||||
context("superuser-alex@hostsharing.net",
|
||||
"hs_office_relation#HostsharingeG-with-PARTNER-ErbenBesslerMelBessler:TENANT");
|
||||
"hs_office.relation#HostsharingeG-with-PARTNER-ErbenBesslerMelBessler:TENANT");
|
||||
givenPartner.getDetails().setBirthName("new birthname");
|
||||
return partnerRepo.save(givenPartner);
|
||||
});
|
||||
|
||||
// then
|
||||
result.assertExceptionWithRootCauseMessage(JpaSystemException.class,
|
||||
"ERROR: [403] insert into hs_office_partner_details ",
|
||||
" not allowed for current subjects {hs_office_relation#HostsharingeG-with-PARTNER-ErbenBesslerMelBessler:TENANT}");
|
||||
"ERROR: [403] insert into hs_office.partner_details ",
|
||||
" not allowed for current subjects {hs_office.relation#HostsharingeG-with-PARTNER-ErbenBesslerMelBessler:TENANT}");
|
||||
}
|
||||
|
||||
private void assertThatPartnerActuallyInDatabase(final HsOfficePartnerEntity saved) {
|
||||
@ -398,7 +398,7 @@ class HsOfficePartnerRepositoryIntegrationTest extends ContextBasedTestWithClean
|
||||
// then
|
||||
result.assertExceptionWithRootCauseMessage(
|
||||
JpaSystemException.class,
|
||||
"[403] Subject ", " not allowed to delete hs_office_partner");
|
||||
"[403] Subject ", " not allowed to delete hs_office.partner");
|
||||
assertThat(jpaAttempt.transacted(() -> {
|
||||
context("superuser-alex@hostsharing.net");
|
||||
return partnerRepo.findByUuid(givenPartner.getUuid());
|
||||
@ -435,7 +435,7 @@ class HsOfficePartnerRepositoryIntegrationTest extends ContextBasedTestWithClean
|
||||
final var query = em.createNativeQuery("""
|
||||
select currentTask, targetTable, targetOp, targetdelta->>'partnernumber'
|
||||
from base.tx_journal_v
|
||||
where targettable = 'hs_office_partner';
|
||||
where targettable = 'hs_office.partner';
|
||||
""");
|
||||
|
||||
// when
|
||||
@ -443,11 +443,11 @@ class HsOfficePartnerRepositoryIntegrationTest extends ContextBasedTestWithClean
|
||||
|
||||
// then
|
||||
assertThat(customerLogEntries).map(Arrays::toString).contains(
|
||||
"[creating partner test-data , hs_office_partner, INSERT, 10001]",
|
||||
"[creating partner test-data , hs_office_partner, INSERT, 10002]",
|
||||
"[creating partner test-data , hs_office_partner, INSERT, 10003]",
|
||||
"[creating partner test-data , hs_office_partner, INSERT, 10004]",
|
||||
"[creating partner test-data , hs_office_partner, INSERT, 10010]");
|
||||
"[creating partner test-data , hs_office.partner, INSERT, 10001]",
|
||||
"[creating partner test-data , hs_office.partner, INSERT, 10002]",
|
||||
"[creating partner test-data , hs_office.partner, INSERT, 10003]",
|
||||
"[creating partner test-data , hs_office.partner, INSERT, 10004]",
|
||||
"[creating partner test-data , hs_office.partner, INSERT, 10010]");
|
||||
}
|
||||
|
||||
private HsOfficePartnerEntity givenSomeTemporaryHostsharingPartner(
|
||||
|
@ -102,23 +102,23 @@ class HsOfficePersonRepositoryIntegrationTest extends ContextBasedTestWithCleanu
|
||||
assertThat(distinctRoleNamesOf(rawRoleRepo.findAll())).containsExactlyInAnyOrder(
|
||||
Array.from(
|
||||
initialRoleNames,
|
||||
"hs_office_person#anothernewperson:OWNER",
|
||||
"hs_office_person#anothernewperson:ADMIN",
|
||||
"hs_office_person#anothernewperson:REFERRER"
|
||||
"hs_office.person#anothernewperson:OWNER",
|
||||
"hs_office.person#anothernewperson:ADMIN",
|
||||
"hs_office.person#anothernewperson:REFERRER"
|
||||
));
|
||||
assertThat(distinctGrantDisplaysOf(rawGrantRepo.findAll())).containsExactlyInAnyOrder(
|
||||
Array.fromFormatted(
|
||||
initialGrantNames,
|
||||
"{ grant perm:hs_office_person#anothernewperson:INSERT>hs_office_relation to role:hs_office_person#anothernewperson:ADMIN by system and assume }",
|
||||
"{ grant perm:hs_office.person#anothernewperson:INSERT>hs_office.relation to role:hs_office.person#anothernewperson:ADMIN by system and assume }",
|
||||
|
||||
"{ grant role:hs_office_person#anothernewperson:OWNER to user:selfregistered-user-drew@hostsharing.org by hs_office_person#anothernewperson:OWNER and assume }",
|
||||
"{ grant role:hs_office_person#anothernewperson:OWNER to role:rbac.global#global:ADMIN by system and assume }",
|
||||
"{ grant perm:hs_office_person#anothernewperson:UPDATE to role:hs_office_person#anothernewperson:ADMIN by system and assume }",
|
||||
"{ grant perm:hs_office_person#anothernewperson:DELETE to role:hs_office_person#anothernewperson:OWNER by system and assume }",
|
||||
"{ grant role:hs_office_person#anothernewperson:ADMIN to role:hs_office_person#anothernewperson:OWNER by system and assume }",
|
||||
"{ grant role:hs_office.person#anothernewperson:OWNER to user:selfregistered-user-drew@hostsharing.org by hs_office.person#anothernewperson:OWNER and assume }",
|
||||
"{ grant role:hs_office.person#anothernewperson:OWNER to role:rbac.global#global:ADMIN by system and assume }",
|
||||
"{ grant perm:hs_office.person#anothernewperson:UPDATE to role:hs_office.person#anothernewperson:ADMIN by system and assume }",
|
||||
"{ grant perm:hs_office.person#anothernewperson:DELETE to role:hs_office.person#anothernewperson:OWNER by system and assume }",
|
||||
"{ grant role:hs_office.person#anothernewperson:ADMIN to role:hs_office.person#anothernewperson:OWNER by system and assume }",
|
||||
|
||||
"{ grant perm:hs_office_person#anothernewperson:SELECT to role:hs_office_person#anothernewperson:REFERRER by system and assume }",
|
||||
"{ grant role:hs_office_person#anothernewperson:REFERRER to role:hs_office_person#anothernewperson:ADMIN by system and assume }"
|
||||
"{ grant perm:hs_office.person#anothernewperson:SELECT to role:hs_office.person#anothernewperson:REFERRER by system and assume }",
|
||||
"{ grant role:hs_office.person#anothernewperson:REFERRER to role:hs_office.person#anothernewperson:ADMIN by system and assume }"
|
||||
));
|
||||
}
|
||||
|
||||
@ -262,7 +262,7 @@ class HsOfficePersonRepositoryIntegrationTest extends ContextBasedTestWithCleanu
|
||||
final var query = em.createNativeQuery("""
|
||||
select currentTask, targetTable, targetOp, targetdelta->>'tradename', targetdelta->>'lastname'
|
||||
from base.tx_journal_v
|
||||
where targettable = 'hs_office_person';
|
||||
where targettable = 'hs_office.person';
|
||||
""");
|
||||
|
||||
// when
|
||||
@ -270,10 +270,10 @@ class HsOfficePersonRepositoryIntegrationTest extends ContextBasedTestWithCleanu
|
||||
|
||||
// then
|
||||
assertThat(customerLogEntries).map(Arrays::toString).contains(
|
||||
"[creating person test-data, hs_office_person, INSERT, Hostsharing eG, null]",
|
||||
"[creating person test-data, hs_office_person, INSERT, First GmbH, null]",
|
||||
"[creating person test-data, hs_office_person, INSERT, Second e.K., null]",
|
||||
"[creating person test-data, hs_office_person, INSERT, Third OHG, null]");
|
||||
"[creating person test-data, hs_office.person, INSERT, Hostsharing eG, null]",
|
||||
"[creating person test-data, hs_office.person, INSERT, First GmbH, null]",
|
||||
"[creating person test-data, hs_office.person, INSERT, Second e.K., null]",
|
||||
"[creating person test-data, hs_office.person, INSERT, Third OHG, null]");
|
||||
}
|
||||
|
||||
private HsOfficePersonEntity givenSomeTemporaryPerson(
|
||||
|
@ -125,33 +125,33 @@ class HsOfficeRelationRepositoryIntegrationTest extends ContextBasedTestWithClea
|
||||
// then
|
||||
assertThat(distinctRoleNamesOf(rawRoleRepo.findAll())).containsExactlyInAnyOrder(Array.from(
|
||||
initialRoleNames,
|
||||
"hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:OWNER",
|
||||
"hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:ADMIN",
|
||||
"hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:AGENT",
|
||||
"hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:TENANT"));
|
||||
"hs_office.relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:OWNER",
|
||||
"hs_office.relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:ADMIN",
|
||||
"hs_office.relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:AGENT",
|
||||
"hs_office.relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:TENANT"));
|
||||
assertThat(distinctGrantDisplaysOf(rawGrantRepo.findAll())).containsExactlyInAnyOrder(Array.fromFormatted(
|
||||
initialGrantNames,
|
||||
|
||||
"{ grant perm:hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:DELETE to role:hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:OWNER by system and assume }",
|
||||
"{ grant role:hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:OWNER to role:rbac.global#global:ADMIN by system and assume }",
|
||||
"{ grant role:hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:OWNER to user:superuser-alex@hostsharing.net by hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:OWNER and assume }",
|
||||
"{ grant perm:hs_office.relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:DELETE to role:hs_office.relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:OWNER by system and assume }",
|
||||
"{ grant role:hs_office.relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:OWNER to role:rbac.global#global:ADMIN by system and assume }",
|
||||
"{ grant role:hs_office.relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:OWNER to user:superuser-alex@hostsharing.net by hs_office.relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:OWNER and assume }",
|
||||
|
||||
"{ grant perm:hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:UPDATE to role:hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:ADMIN by system and assume }",
|
||||
"{ grant role:hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:ADMIN to role:hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:OWNER by system and assume }",
|
||||
"{ grant role:hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:OWNER to role:hs_office_person#BesslerBert:ADMIN by system and assume }",
|
||||
"{ grant role:hs_office_person#ErbenBesslerMelBessler:OWNER to role:hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:ADMIN by system and assume }",
|
||||
"{ grant perm:hs_office.relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:UPDATE to role:hs_office.relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:ADMIN by system and assume }",
|
||||
"{ grant role:hs_office.relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:ADMIN to role:hs_office.relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:OWNER by system and assume }",
|
||||
"{ grant role:hs_office.relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:OWNER to role:hs_office.person#BesslerBert:ADMIN by system and assume }",
|
||||
"{ grant role:hs_office.person#ErbenBesslerMelBessler:OWNER to role:hs_office.relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:ADMIN by system and assume }",
|
||||
|
||||
"{ grant role:hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:AGENT to role:hs_office_person#ErbenBesslerMelBessler:ADMIN by system and assume }",
|
||||
"{ grant role:hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:AGENT to role:hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:ADMIN by system and assume }",
|
||||
"{ grant role:hs_office.relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:AGENT to role:hs_office.person#ErbenBesslerMelBessler:ADMIN by system and assume }",
|
||||
"{ grant role:hs_office.relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:AGENT to role:hs_office.relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:ADMIN by system and assume }",
|
||||
|
||||
"{ grant perm:hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:SELECT to role:hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:TENANT by system and assume }",
|
||||
"{ grant role:hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:TENANT to role:hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:AGENT by system and assume }",
|
||||
"{ grant role:hs_office_person#BesslerBert:REFERRER to role:hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:TENANT by system and assume }",
|
||||
"{ grant role:hs_office_person#ErbenBesslerMelBessler:REFERRER to role:hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:TENANT by system and assume }",
|
||||
"{ grant role:hs_office_contact#fourthcontact:REFERRER to role:hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:TENANT by system and assume }",
|
||||
"{ grant perm:hs_office.relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:SELECT to role:hs_office.relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:TENANT by system and assume }",
|
||||
"{ grant role:hs_office.relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:TENANT to role:hs_office.relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:AGENT by system and assume }",
|
||||
"{ grant role:hs_office.person#BesslerBert:REFERRER to role:hs_office.relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:TENANT by system and assume }",
|
||||
"{ grant role:hs_office.person#ErbenBesslerMelBessler:REFERRER to role:hs_office.relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:TENANT by system and assume }",
|
||||
"{ grant role:hs_office.contact#fourthcontact:REFERRER to role:hs_office.relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:TENANT by system and assume }",
|
||||
|
||||
// REPRESENTATIVE holder person -> (represented) anchor person
|
||||
"{ grant role:hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:TENANT to role:hs_office_contact#fourthcontact:ADMIN by system and assume }",
|
||||
"{ grant role:hs_office.relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:TENANT to role:hs_office.contact#fourthcontact:ADMIN by system and assume }",
|
||||
null)
|
||||
);
|
||||
}
|
||||
@ -217,7 +217,7 @@ class HsOfficeRelationRepositoryIntegrationTest extends ContextBasedTestWithClea
|
||||
assertThatRelationActuallyInDatabase(givenRelation);
|
||||
assertThatRelationIsVisibleForUserWithRole(
|
||||
givenRelation,
|
||||
"hs_office_person#ErbenBesslerMelBessler:ADMIN");
|
||||
"hs_office.person#ErbenBesslerMelBessler:ADMIN");
|
||||
context("superuser-alex@hostsharing.net");
|
||||
final var givenContact = contactrealRepo.findContactByOptionalCaptionLike("sixth contact").stream().findFirst().orElseThrow();
|
||||
|
||||
@ -236,11 +236,11 @@ class HsOfficeRelationRepositoryIntegrationTest extends ContextBasedTestWithClea
|
||||
"rbac.global#global:ADMIN");
|
||||
assertThatRelationIsVisibleForUserWithRole(
|
||||
result.returnedValue(),
|
||||
"hs_office_contact#sixthcontact:ADMIN");
|
||||
"hs_office.contact#sixthcontact:ADMIN");
|
||||
|
||||
assertThatRelationIsNotVisibleForUserWithRole(
|
||||
result.returnedValue(),
|
||||
"hs_office_contact#fifthcontact:ADMIN");
|
||||
"hs_office.contact#fifthcontact:ADMIN");
|
||||
|
||||
relationRbacRepo.deleteByUuid(givenRelation.getUuid());
|
||||
}
|
||||
@ -253,19 +253,19 @@ class HsOfficeRelationRepositoryIntegrationTest extends ContextBasedTestWithClea
|
||||
"Anita", "eighth");
|
||||
assertThatRelationIsVisibleForUserWithRole(
|
||||
givenRelation,
|
||||
"hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerAnita:AGENT");
|
||||
"hs_office.relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerAnita:AGENT");
|
||||
assertThatRelationActuallyInDatabase(givenRelation);
|
||||
|
||||
// when
|
||||
final var result = jpaAttempt.transacted(() -> {
|
||||
context("superuser-alex@hostsharing.net", "hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerAnita:AGENT");
|
||||
context("superuser-alex@hostsharing.net", "hs_office.relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerAnita:AGENT");
|
||||
givenRelation.setContact(null);
|
||||
return relationRbacRepo.save(givenRelation);
|
||||
});
|
||||
|
||||
// then
|
||||
result.assertExceptionWithRootCauseMessage(JpaSystemException.class,
|
||||
"[403] Subject ", " is not allowed to update hs_office_relation uuid");
|
||||
"[403] Subject ", " is not allowed to update hs_office.relation uuid");
|
||||
}
|
||||
|
||||
@Test
|
||||
@ -276,19 +276,19 @@ class HsOfficeRelationRepositoryIntegrationTest extends ContextBasedTestWithClea
|
||||
"Anita", "ninth");
|
||||
assertThatRelationIsVisibleForUserWithRole(
|
||||
givenRelation,
|
||||
"hs_office_contact#ninthcontact:ADMIN");
|
||||
"hs_office.contact#ninthcontact:ADMIN");
|
||||
assertThatRelationActuallyInDatabase(givenRelation);
|
||||
|
||||
// when
|
||||
final var result = jpaAttempt.transacted(() -> {
|
||||
context("superuser-alex@hostsharing.net", "hs_office_contact#ninthcontact:ADMIN");
|
||||
context("superuser-alex@hostsharing.net", "hs_office.contact#ninthcontact:ADMIN");
|
||||
givenRelation.setContact(null); // TODO
|
||||
return relationRbacRepo.save(givenRelation);
|
||||
});
|
||||
|
||||
// then
|
||||
result.assertExceptionWithRootCauseMessage(JpaSystemException.class,
|
||||
"[403] Subject ", " is not allowed to update hs_office_relation uuid");
|
||||
"[403] Subject ", " is not allowed to update hs_office.relation uuid");
|
||||
}
|
||||
|
||||
private void assertThatRelationActuallyInDatabase(final HsOfficeRelation saved) {
|
||||
@ -360,7 +360,7 @@ class HsOfficeRelationRepositoryIntegrationTest extends ContextBasedTestWithClea
|
||||
// then
|
||||
result.assertExceptionWithRootCauseMessage(
|
||||
JpaSystemException.class,
|
||||
"[403] Subject ", " not allowed to delete hs_office_relation");
|
||||
"[403] Subject ", " not allowed to delete hs_office.relation");
|
||||
assertThat(jpaAttempt.transacted(() -> {
|
||||
context("superuser-alex@hostsharing.net");
|
||||
return relationRbacRepo.findByUuid(givenRelation.getUuid());
|
||||
@ -396,7 +396,7 @@ class HsOfficeRelationRepositoryIntegrationTest extends ContextBasedTestWithClea
|
||||
final var query = em.createNativeQuery("""
|
||||
select currentTask, targetTable, targetOp, targetdelta->>'mark'
|
||||
from base.tx_journal_v
|
||||
where targettable = 'hs_office_relation';
|
||||
where targettable = 'hs_office.relation';
|
||||
""");
|
||||
|
||||
// when
|
||||
@ -404,7 +404,7 @@ class HsOfficeRelationRepositoryIntegrationTest extends ContextBasedTestWithClea
|
||||
|
||||
// then
|
||||
assertThat(customerLogEntries).map(Arrays::toString).contains(
|
||||
"[creating relation test-data, hs_office_relation, INSERT, members-announce]");
|
||||
"[creating relation test-data, hs_office.relation, INSERT, members-announce]");
|
||||
}
|
||||
|
||||
private HsOfficeRelationRbacEntity givenSomeTemporaryRelationBessler(final String holderPerson, final String contact) {
|
||||
|
@ -95,7 +95,7 @@ class HsOfficeSepaMandateRepositoryIntegrationTest extends ContextBasedTestWithC
|
||||
context("superuser-alex@hostsharing.net");
|
||||
final var initialRoleNames = distinctRoleNamesOf(rawRoleRepo.findAll());
|
||||
final var initialGrantNames = distinctGrantDisplaysOf(rawGrantRepo.findAll()).stream()
|
||||
.map(s -> s.replace("hs_office_", ""))
|
||||
.map(s -> s.replace("hs_office.", ""))
|
||||
.toList();
|
||||
|
||||
// when
|
||||
@ -117,12 +117,12 @@ class HsOfficeSepaMandateRepositoryIntegrationTest extends ContextBasedTestWithC
|
||||
final var all = rawRoleRepo.findAll();
|
||||
assertThat(distinctRoleNamesOf(all)).containsExactlyInAnyOrder(Array.from(
|
||||
initialRoleNames,
|
||||
"hs_office_sepamandate#DE02600501010002034304-[2020-01-01,2023-01-01):ADMIN",
|
||||
"hs_office_sepamandate#DE02600501010002034304-[2020-01-01,2023-01-01):AGENT",
|
||||
"hs_office_sepamandate#DE02600501010002034304-[2020-01-01,2023-01-01):OWNER",
|
||||
"hs_office_sepamandate#DE02600501010002034304-[2020-01-01,2023-01-01):REFERRER"));
|
||||
"hs_office.sepamandate#DE02600501010002034304-[2020-01-01,2023-01-01):ADMIN",
|
||||
"hs_office.sepamandate#DE02600501010002034304-[2020-01-01,2023-01-01):AGENT",
|
||||
"hs_office.sepamandate#DE02600501010002034304-[2020-01-01,2023-01-01):OWNER",
|
||||
"hs_office.sepamandate#DE02600501010002034304-[2020-01-01,2023-01-01):REFERRER"));
|
||||
assertThat(distinctGrantDisplaysOf(rawGrantRepo.findAll()))
|
||||
.map(s -> s.replace("hs_office_", ""))
|
||||
.map(s -> s.replace("hs_office.", ""))
|
||||
.containsExactlyInAnyOrder(fromFormatted(
|
||||
initialGrantNames,
|
||||
|
||||
@ -233,7 +233,7 @@ class HsOfficeSepaMandateRepositoryIntegrationTest extends ContextBasedTestWithC
|
||||
final var givenSepaMandate = givenSomeTemporarySepaMandate("DE02600501010002034304");
|
||||
assertThatSepaMandateIsVisibleForUserWithRole(
|
||||
givenSepaMandate,
|
||||
"hs_office_bankaccount#DE02600501010002034304:ADMIN");
|
||||
"hs_office.bankaccount#DE02600501010002034304:ADMIN");
|
||||
|
||||
// when
|
||||
final var result = jpaAttempt.transacted(() -> {
|
||||
@ -262,13 +262,13 @@ class HsOfficeSepaMandateRepositoryIntegrationTest extends ContextBasedTestWithC
|
||||
final var givenSepaMandate = givenSomeTemporarySepaMandate("DE02300606010002474689");
|
||||
assertThatSepaMandateIsVisibleForUserWithRole(
|
||||
givenSepaMandate,
|
||||
"hs_office_bankaccount#DE02300606010002474689:ADMIN");
|
||||
"hs_office.bankaccount#DE02300606010002474689:ADMIN");
|
||||
assertThatSepaMandateActuallyInDatabase(givenSepaMandate);
|
||||
final var newValidityEnd = LocalDate.now();
|
||||
|
||||
// when
|
||||
final var result = jpaAttempt.transacted(() -> {
|
||||
context("superuser-alex@hostsharing.net", "hs_office_bankaccount#DE02300606010002474689:ADMIN");
|
||||
context("superuser-alex@hostsharing.net", "hs_office.bankaccount#DE02300606010002474689:ADMIN");
|
||||
|
||||
givenSepaMandate.setValidity(Range.closedOpen(
|
||||
givenSepaMandate.getValidity().lower(), newValidityEnd));
|
||||
@ -277,7 +277,7 @@ class HsOfficeSepaMandateRepositoryIntegrationTest extends ContextBasedTestWithC
|
||||
|
||||
// then
|
||||
result.assertExceptionWithRootCauseMessage(JpaSystemException.class,
|
||||
"[403] Subject ", " is not allowed to update hs_office_sepamandate uuid");
|
||||
"[403] Subject ", " is not allowed to update hs_office.sepamandate uuid");
|
||||
}
|
||||
|
||||
private void assertThatSepaMandateActuallyInDatabase(final HsOfficeSepaMandateEntity saved) {
|
||||
@ -346,7 +346,7 @@ class HsOfficeSepaMandateRepositoryIntegrationTest extends ContextBasedTestWithC
|
||||
// then
|
||||
result.assertExceptionWithRootCauseMessage(
|
||||
JpaSystemException.class,
|
||||
"[403] Subject ", " not allowed to delete hs_office_sepamandate");
|
||||
"[403] Subject ", " not allowed to delete hs_office.sepamandate");
|
||||
assertThat(jpaAttempt.transacted(() -> {
|
||||
context("superuser-alex@hostsharing.net");
|
||||
return sepaMandateRepo.findByUuid(givenSepaMandate.getUuid());
|
||||
@ -381,7 +381,7 @@ class HsOfficeSepaMandateRepositoryIntegrationTest extends ContextBasedTestWithC
|
||||
final var query = em.createNativeQuery("""
|
||||
select currentTask, targetTable, targetOp, targetdelta->>'reference'
|
||||
from base.tx_journal_v
|
||||
where targettable = 'hs_office_sepamandate';
|
||||
where targettable = 'hs_office.sepamandate';
|
||||
""");
|
||||
|
||||
// when
|
||||
@ -389,9 +389,9 @@ class HsOfficeSepaMandateRepositoryIntegrationTest extends ContextBasedTestWithC
|
||||
|
||||
// then
|
||||
assertThat(customerLogEntries).map(Arrays::toString).contains(
|
||||
"[creating SEPA-mandate test-data, hs_office_sepamandate, INSERT, ref-10001-11]",
|
||||
"[creating SEPA-mandate test-data, hs_office_sepamandate, INSERT, ref-10002-12]",
|
||||
"[creating SEPA-mandate test-data, hs_office_sepamandate, INSERT, ref-10003-13]");
|
||||
"[creating SEPA-mandate test-data, hs_office.sepamandate, INSERT, ref-10001-11]",
|
||||
"[creating SEPA-mandate test-data, hs_office.sepamandate, INSERT, ref-10002-12]",
|
||||
"[creating SEPA-mandate test-data, hs_office.sepamandate, INSERT, ref-10003-13]");
|
||||
}
|
||||
|
||||
private HsOfficeSepaMandateEntity givenSomeTemporarySepaMandate(final String iban) {
|
||||
|
@ -90,12 +90,12 @@ class RbacGrantsDiagramServiceIntegrationTest extends ContextBasedTestWithCleanu
|
||||
@Test
|
||||
@Disabled // enable to generate from a real database
|
||||
void print() throws IOException {
|
||||
//context("superuser-alex@hostsharing.net", "hs_office_person#FirbySusan:ADMIN");
|
||||
//context("superuser-alex@hostsharing.net", "hs_office.person#FirbySusan:ADMIN");
|
||||
context("superuser-alex@hostsharing.net");
|
||||
|
||||
//final var graph = grantsMermaidService.allGrantsTocurrentSubject(EnumSet.of(Include.NON_TEST_ENTITIES, Include.PERMISSIONS));
|
||||
|
||||
final var targetObject = (UUID) em.createNativeQuery("SELECT uuid FROM hs_office_coopassetstransaction WHERE reference='ref 1000101-1'").getSingleResult();
|
||||
final var targetObject = (UUID) em.createNativeQuery("SELECT uuid FROM hs_office.coopassetstransaction WHERE reference='ref 1000101-1'").getSingleResult();
|
||||
final var graph = grantsMermaidService.allGrantsFrom(targetObject, "view", EnumSet.of(Include.USERS));
|
||||
|
||||
RbacGrantsDiagramService.writeToFile(join(";", context.fetchAssumedRoles()), graph, "doc/all-grants.md");
|
||||
|
@ -7,7 +7,7 @@ spring:
|
||||
url-tc: jdbc:tc:postgresql:15.5-bookworm:///spring_boot_testcontainers
|
||||
url-tcx: jdbc:tc:postgresql:15.5-bookworm:///spring_boot_testcontainers?TC_REUSABLE=true&TC_DAEMON=true
|
||||
url-local: jdbc:postgresql://localhost:5432/postgres
|
||||
url: ${spring.datasource.url-tc}
|
||||
url: ${spring.datasource.url-local}
|
||||
username: postgres
|
||||
password: password
|
||||
|
||||
|
Loading…
x
Reference in New Issue
Block a user