rbac schema in 1055-rbac-views.sql

This commit is contained in:
Michael Hoennig 2024-09-13 16:30:03 +02:00
parent e3f48127d2
commit fd11f5903a
2 changed files with 12 additions and 12 deletions

View File

@ -144,7 +144,7 @@ grant all privileges on rbacrole_rv to ${HSADMINNG_POSTGRES_RESTRICTED_USERNAME}
/**
Instead of insert trigger function for RbacGrants_RV.
*/
create or replace function insertRbacGrant()
create or replace function rbac.insert_grant_tf()
returns trigger
language plpgsql as $$
declare
@ -161,11 +161,11 @@ end; $$;
/*
Creates an instead of insert trigger for the RbacGrants_rv view.
*/
create trigger insertRbacGrant_Trigger
create trigger insert_grant_tg
instead of insert
on RbacGrants_rv
for each row
execute function insertRbacGrant();
execute function rbac.insert_grant_tf();
--/
@ -178,7 +178,7 @@ execute function insertRbacGrant();
Checks if the current subject or assumed role have the permission to revoke the grant.
*/
create or replace function deleteRbacGrant()
create or replace function rbac.delete_grant_tf()
returns trigger
language plpgsql as $$
begin
@ -189,11 +189,11 @@ end; $$;
/*
Creates an instead of delete trigger for the RbacGrants_rv view.
*/
create trigger deleteRbacGrant_Trigger
create trigger delete_grant_tg
instead of delete
on RbacGrants_rv
for each row
execute function deleteRbacGrant();
execute function rbac.delete_grant_tf();
--/

View File

@ -304,28 +304,28 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest {
// given
final var givenArbitraryUser = createRBacUser();
final var givenRoleToGrant = "test_package#xxx00:ADMIN";
final var givencurrentSubjectAsPackageAdmin = new Subject("pac-admin-xxx00@xxx.example.com", givenRoleToGrant);
final var givenCurrentSubjectAsPackageAdmin = new Subject("pac-admin-xxx00@xxx.example.com", givenRoleToGrant);
final var givenOwnPackageAdminRole = getRbacRoleByName("test_package#xxx00:ADMIN");
// and given an existing grant
assumeCreated(givencurrentSubjectAsPackageAdmin
assumeCreated(givenCurrentSubjectAsPackageAdmin
.grantsRole(givenOwnPackageAdminRole).assumed()
.toUser(givenArbitraryUser));
assumeGrantExists(
givencurrentSubjectAsPackageAdmin,
givenCurrentSubjectAsPackageAdmin,
"{ grant role:%s to user:%s by role:%s and assume }".formatted(
givenOwnPackageAdminRole.getRoleName(),
givenArbitraryUser.getName(),
givencurrentSubjectAsPackageAdmin.assumedRole));
givenCurrentSubjectAsPackageAdmin.assumedRole));
// when
final var revokeResponse = givencurrentSubjectAsPackageAdmin
final var revokeResponse = givenCurrentSubjectAsPackageAdmin
.revokesRole(givenOwnPackageAdminRole)
.fromUser(givenArbitraryUser);
// then
revokeResponse.assertThat().statusCode(204);
assertThat(findAllGrantsOf(givencurrentSubjectAsPackageAdmin))
assertThat(findAllGrantsOf(givenCurrentSubjectAsPackageAdmin))
.extracting(RbacGrantEntity::getGranteeUserName)
.doesNotContain(givenArbitraryUser.getName());
}