Compare commits

..

2 Commits

Author SHA1 Message Date
Michael Hoennig
86ee6dfe16 code cleanup 2024-03-25 08:55:39 +01:00
Michael Hoennig
399e1d23d9 merging aftermaths 2024-03-25 08:36:42 +01:00
12 changed files with 648 additions and 9 deletions

View File

@ -0,0 +1,76 @@
### all grants to membershipReferrer_canViewButNotUpdateRelatedMembership
```mermaid
%%{init:{'flowchart':{'htmlLabels':false}}}%%
%% too many grants, graph is cropped
flowchart TB
subgraph hs_office_membership#M-1000113[hs_office_membership#M-1000113]
perm:SELECT:on:hs_office_membership#M-1000113{{SELECT
ref:b1b1192e-f2bf-4b9f-836b-90e98903bedc}}
role:hs_office_membership#M-1000113.referrer[referrer
ref:7c95cd77-a124-40ab-87f3-4cd2f33ad32f]
end
subgraph hs_office_partner#P-10001[hs_office_partner#P-10001]
perm:SELECT:on:hs_office_partner#P-10001{{SELECT
ref:74c87064-7e9b-4ead-9344-4f18ba246b80}}
end
subgraph hs_office_person#HostsharingeG[hs_office_person#HostsharingeG]
perm:SELECT:on:hs_office_person#HostsharingeG{{SELECT
ref:38e63031-3245-4e57-b59d-b4f08334adec}}
role:hs_office_person#HostsharingeG.referrer[referrer
ref:b31417b9-6c56-4e79-93dd-c6c11a080370]
end
subgraph hs_office_person#FirstGmbH[hs_office_person#FirstGmbH]
perm:SELECT:on:hs_office_person#FirstGmbH{{SELECT
ref:5cbe42d4-e8d3-40e9-bddd-5635c151c57a}}
role:hs_office_person#FirstGmbH.referrer[referrer
ref:86a4ece0-087f-46ea-94b4-b1f3294ba356]
end
subgraph hs_office_contact#firstcontact[hs_office_contact#firstcontact]
perm:SELECT:on:hs_office_contact#firstcontact{{SELECT
ref:21cc5d9e-d98e-4953-a9e6-d33a5753876f}}
role:hs_office_contact#firstcontact.referrer[referrer
ref:ca3c3e01-fb66-465e-93ee-cbad0e5ee70e]
end
subgraph hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH[hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH]
perm:SELECT:on:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH{{SELECT
ref:b52dd840-289a-4c92-98a1-3ee629318608}}
role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.tenant[tenant
ref:d9395077-4c0b-44d6-924e-811041402abe]
end
role:hs_office_contact#firstcontact.referrer --> perm:SELECT:on:hs_office_contact#firstcontact
role:hs_office_membership#M-1000113.referrer --> perm:SELECT:on:hs_office_membership#M-1000113
role:hs_office_membership#M-1000113.referrer --> role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.tenant
role:hs_office_person#FirstGmbH.referrer --> perm:SELECT:on:hs_office_person#FirstGmbH
role:hs_office_person#HostsharingeG.referrer --> perm:SELECT:on:hs_office_person#HostsharingeG
role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.tenant --> perm:SELECT:on:hs_office_partner#P-10001
role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.tenant --> perm:SELECT:on:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH
role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.tenant --> role:hs_office_contact#firstcontact.referrer
role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.tenant --> role:hs_office_person#FirstGmbH.referrer
role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.tenant --> role:hs_office_person#HostsharingeG.referrer
```

View File

@ -0,0 +1,105 @@
### all grants to coop-share-select
```mermaid
%%{init:{'flowchart':{'htmlLabels':false}}}%%
%% too many grants, graph is cropped
flowchart TB
subgraph hs_office_membership#M-1000101[hs_office_membership#M-1000101]
role:hs_office_membership#M-1000101.admin[admin
ref:6a6eca16-878f-4daf-8814-71bfeef9d531]
role:hs_office_membership#M-1000101.owner[owner
ref:9899101f-f59a-4432-bb5f-85841f94e0b1]
role:hs_office_membership#M-1000101.referrer[referrer
ref:13d84099-cae3-4b9c-9f84-b0c4ca383f64]
end
subgraph global#global[global#global]
role:global#global.admin[admin
ref:e36961c1-3250-4429-9c0f-b85d1d625e2f]
end
subgraph hs_office_coopsharestransaction#ref1000101-1[hs_office_coopsharestransaction#ref1000101-1]
perm:SELECT:on:hs_office_coopsharestransaction#ref1000101-1{{SELECT
ref:6e847eb3-3fb3-41f5-ab10-6aedbaa298e8}}
end
subgraph hs_office_person#FirstGmbH[hs_office_person#FirstGmbH]
role:hs_office_person#FirstGmbH.admin[admin
ref:54293c05-fbc4-45b6-b9f0-aab8705f2cf7]
role:hs_office_person#FirstGmbH.owner[owner
ref:599ae17d-862a-44fc-a7cc-4e0b40c5c785]
end
subgraph hs_office_person#HostsharingeG[hs_office_person#HostsharingeG]
role:hs_office_person#HostsharingeG.admin[admin
ref:0e110d55-665d-4994-85ed-986d3e890214]
role:hs_office_person#HostsharingeG.owner[owner
ref:b92395bf-e4f4-46e6-ad29-2289879171a2]
end
subgraph hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH[hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH]
role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.admin[admin
ref:e92b7f7f-20d4-4c89-a572-e0b2c59ed265]
role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.agent[agent
ref:f42a648f-4474-47c7-bba8-9d1082cf76d7]
role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.owner[owner
ref:776e5533-4630-4d55-957b-25ca16220324]
end
subgraph users[users]
user:person-FirstGmbH(person-FirstGmbH@example.com
ref:661ac654-7ed8-4723-a1c5-41d886cef684)
user:person-HostsharingeG(person-HostsharingeG@example.com
ref:a0c798f6-ea35-4725-857e-0358dfd57b8e)
user:superuser-alex(superuser-alex@hostsharing.net
ref:0849f284-6379-4694-98a6-b777fa80a902)
user:superuser-fran(superuser-fran@hostsharing.net
ref:a780bed7-d970-4c04-8e78-85e33a28af91)
end
role:global#global.admin --> role:hs_office_person#FirstGmbH.owner
role:global#global.admin --> role:hs_office_person#HostsharingeG.owner
role:global#global.admin --> role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.owner
role:hs_office_membership#M-1000101.admin --> role:hs_office_membership#M-1000101.referrer
role:hs_office_membership#M-1000101.owner --> role:hs_office_membership#M-1000101.admin
role:hs_office_membership#M-1000101.referrer --> perm:SELECT:on:hs_office_coopsharestransaction#ref1000101-1
role:hs_office_person#FirstGmbH.admin --> role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.agent
role:hs_office_person#FirstGmbH.owner --> role:hs_office_person#FirstGmbH.admin
role:hs_office_person#HostsharingeG.admin --> role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.admin
role:hs_office_person#HostsharingeG.owner --> role:hs_office_person#HostsharingeG.admin
role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.admin --> role:hs_office_membership#M-1000101.owner
role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.admin --> role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.agent
role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.agent --> role:hs_office_membership#M-1000101.admin
role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.owner --> role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.admin
user:person-FirstGmbH --> role:hs_office_person#FirstGmbH.owner
user:person-HostsharingeG --> role:hs_office_person#HostsharingeG.owner
user:superuser-alex --> role:global#global.admin
user:superuser-alex --> role:hs_office_membership#M-1000101.owner
user:superuser-alex --> role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.owner
user:superuser-fran --> role:global#global.admin
```

View File

@ -0,0 +1,71 @@
### all grants to debitorRelationAgent_canNotDeleteTheirRelatedMembership-delete
```mermaid
%%{init:{'flowchart':{'htmlLabels':false}}}%%
%% too many grants, graph is cropped
flowchart TB
subgraph hs_office_membership#M-1000114[hs_office_membership#M-1000114]
perm:DELETE:on:hs_office_membership#M-1000114{{DELETE
ref:5defb5eb-e9b1-4a1a-8476-a91be89a756f}}
role:hs_office_membership#M-1000114.owner[owner
ref:3da05812-0992-473c-ba8c-0e66ca33f039]
end
subgraph global#global[global#global]
role:global#global.admin[admin
ref:eedfafb8-db39-45ac-b4c2-2b30699f4f72]
end
subgraph hs_office_person#HostsharingeG[hs_office_person#HostsharingeG]
role:hs_office_person#HostsharingeG.admin[admin
ref:c40db171-9d99-4feb-8d91-d9befb053373]
role:hs_office_person#HostsharingeG.owner[owner
ref:626f0656-d00e-471d-a145-72a96180d0d2]
end
subgraph users[users]
user:person-HostsharingeG(person-HostsharingeG@example.com
ref:93e0b9b2-aafd-49fe-b033-10b5e39a0272)
user:superuser-alex(superuser-alex@hostsharing.net
ref:2113a0d5-04c7-4b7f-873c-0a24212bfd4a)
user:superuser-fran(superuser-fran@hostsharing.net
ref:4740f067-13c8-4507-a9b8-c8469c476f5b)
end
subgraph hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH[hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH]
role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.admin[admin
ref:12d2ec68-3df4-45ed-9a8d-035f701cf33e]
role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.owner[owner
ref:341d44b9-73f0-4048-a3c2-d8c7c73881ff]
end
role:global#global.admin --> role:hs_office_person#HostsharingeG.owner
role:global#global.admin --> role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.owner
role:hs_office_membership#M-1000114.owner --> perm:DELETE:on:hs_office_membership#M-1000114
role:hs_office_person#HostsharingeG.admin --> role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.admin
role:hs_office_person#HostsharingeG.owner --> role:hs_office_person#HostsharingeG.admin
role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.admin --> role:hs_office_membership#M-1000114.owner
role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.owner --> role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.admin
user:person-HostsharingeG --> role:hs_office_person#HostsharingeG.owner
user:superuser-alex --> role:global#global.admin
user:superuser-alex --> role:hs_office_membership#M-1000114.owner
user:superuser-alex --> role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.owner
user:superuser-fran --> role:global#global.admin
```

View File

@ -0,0 +1,101 @@
### all grants to debitorRelationAgent_canNotDeleteTheirRelatedMembership-select
```mermaid
%%{init:{'flowchart':{'htmlLabels':false}}}%%
%% too many grants, graph is cropped
flowchart TB
subgraph hs_office_membership#M-1000114[hs_office_membership#M-1000114]
perm:SELECT:on:hs_office_membership#M-1000114{{SELECT
ref:296e0eae-f64c-43c5-818a-84674d7f9af6}}
role:hs_office_membership#M-1000114.admin[admin
ref:2e6a4161-6244-4414-9bee-0a059ed76e79]
role:hs_office_membership#M-1000114.owner[owner
ref:3da05812-0992-473c-ba8c-0e66ca33f039]
role:hs_office_membership#M-1000114.referrer[referrer
ref:fc27995b-e981-4dfe-9d6b-d9e824b1b5c2]
end
subgraph global#global[global#global]
role:global#global.admin[admin
ref:eedfafb8-db39-45ac-b4c2-2b30699f4f72]
end
subgraph hs_office_person#FirstGmbH[hs_office_person#FirstGmbH]
role:hs_office_person#FirstGmbH.admin[admin
ref:870be03d-84ff-4a77-bfe8-8aaab81ee923]
role:hs_office_person#FirstGmbH.owner[owner
ref:1ea6bff9-6d8f-4377-8cf9-7c11f00066e1]
end
subgraph hs_office_person#HostsharingeG[hs_office_person#HostsharingeG]
role:hs_office_person#HostsharingeG.admin[admin
ref:c40db171-9d99-4feb-8d91-d9befb053373]
role:hs_office_person#HostsharingeG.owner[owner
ref:626f0656-d00e-471d-a145-72a96180d0d2]
end
subgraph users[users]
user:person-FirstGmbH(person-FirstGmbH@example.com
ref:375cf977-3c7b-4590-9b5c-ea7a5f6af971)
user:person-HostsharingeG(person-HostsharingeG@example.com
ref:93e0b9b2-aafd-49fe-b033-10b5e39a0272)
user:superuser-alex(superuser-alex@hostsharing.net
ref:2113a0d5-04c7-4b7f-873c-0a24212bfd4a)
user:superuser-fran(superuser-fran@hostsharing.net
ref:4740f067-13c8-4507-a9b8-c8469c476f5b)
end
subgraph hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH[hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH]
role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.admin[admin
ref:12d2ec68-3df4-45ed-9a8d-035f701cf33e]
role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.agent[agent
ref:c949357d-2537-4646-9375-8f01c8ff41e4]
role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.owner[owner
ref:341d44b9-73f0-4048-a3c2-d8c7c73881ff]
end
role:global#global.admin --> role:hs_office_person#FirstGmbH.owner
role:global#global.admin --> role:hs_office_person#HostsharingeG.owner
role:global#global.admin --> role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.owner
role:hs_office_membership#M-1000114.admin --> role:hs_office_membership#M-1000114.referrer
role:hs_office_membership#M-1000114.owner --> role:hs_office_membership#M-1000114.admin
role:hs_office_membership#M-1000114.referrer --> perm:SELECT:on:hs_office_membership#M-1000114
role:hs_office_person#FirstGmbH.admin --> role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.agent
role:hs_office_person#FirstGmbH.owner --> role:hs_office_person#FirstGmbH.admin
role:hs_office_person#HostsharingeG.admin --> role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.admin
role:hs_office_person#HostsharingeG.owner --> role:hs_office_person#HostsharingeG.admin
role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.admin --> role:hs_office_membership#M-1000114.owner
role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.admin --> role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.agent
role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.agent --> role:hs_office_membership#M-1000114.admin
role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.owner --> role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.admin
user:person-FirstGmbH --> role:hs_office_person#FirstGmbH.owner
user:person-HostsharingeG --> role:hs_office_person#HostsharingeG.owner
user:superuser-alex --> role:global#global.admin
user:superuser-alex --> role:hs_office_membership#M-1000114.owner
user:superuser-alex --> role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.owner
user:superuser-fran --> role:global#global.admin
```

View File

@ -0,0 +1,79 @@
### all grants to debitorRelationAgent_canNotDeleteTheirRelatedMembership
```mermaid
%%{init:{'flowchart':{'htmlLabels':false}}}%%
%% too many grants, graph is cropped
flowchart TB
subgraph hs_office_membership#M-1000114[hs_office_membership#M-1000114]
perm:SELECT:on:hs_office_membership#M-1000114{{SELECT
ref:9c63ac3a-6868-4295-9aa7-5050458660d0}}
role:hs_office_membership#M-1000114.admin[admin
ref:50d4ac22-73e0-4099-8d22-dfb8fbbc09c8]
role:hs_office_membership#M-1000114.owner[owner
ref:9d1cf21e-6fd3-4d63-9ad4-235aceae23ea]
role:hs_office_membership#M-1000114.referrer[referrer
ref:d27f9a49-9247-4439-a45a-ca220a86cf8f]
end
subgraph global#global[global#global]
role:global#global.admin[admin
ref:ee4b7242-17ac-4116-b0ee-7047b3d8b5d9]
end
subgraph hs_office_person#HostsharingeG[hs_office_person#HostsharingeG]
role:hs_office_person#HostsharingeG.admin[admin
ref:47c7a3fd-4ccd-4502-b78e-35244041edba]
role:hs_office_person#HostsharingeG.owner[owner
ref:ed265996-7729-46f9-b179-e87a33505930]
end
subgraph hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH[hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH]
role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.admin[admin
ref:dd17fffe-15df-4df1-9457-363ffce49ee8]
role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.owner[owner
ref:f6acdf0e-8a5b-4962-aeb8-880096717aee]
end
subgraph users[users]
user:person-HostsharingeG(person-HostsharingeG@example.com
ref:5d19b678-9ba8-4f63-be72-5720faf32b96)
user:superuser-alex(superuser-alex@hostsharing.net
ref:4576db49-1670-43ec-aaf1-6439dc1e9b01)
user:superuser-fran(superuser-fran@hostsharing.net
ref:291e0d76-f70d-4cef-ba45-6fd630f1ae8d)
end
role:global#global.admin --> role:hs_office_person#HostsharingeG.owner
role:global#global.admin --> role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.owner
role:hs_office_membership#M-1000114.admin --> role:hs_office_membership#M-1000114.referrer
role:hs_office_membership#M-1000114.owner --> role:hs_office_membership#M-1000114.admin
role:hs_office_membership#M-1000114.referrer --> perm:SELECT:on:hs_office_membership#M-1000114
role:hs_office_person#HostsharingeG.admin --> role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.admin
role:hs_office_person#HostsharingeG.owner --> role:hs_office_person#HostsharingeG.admin
role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.admin --> role:hs_office_membership#M-1000114.owner
role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.owner --> role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.admin
user:person-HostsharingeG --> role:hs_office_person#HostsharingeG.owner
user:superuser-alex --> role:global#global.admin
user:superuser-alex --> role:hs_office_membership#M-1000114.owner
user:superuser-alex --> role:hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.owner
user:superuser-fran --> role:global#global.admin
```

View File

@ -0,0 +1,101 @@
### all grants to membership-select
```mermaid
%%{init:{'flowchart':{'htmlLabels':false}}}%%
%% too many grants, graph is cropped
flowchart TB
subgraph global#global[global#global]
role:global#global.admin[admin
ref:d1900267-5848-4bed-851b-70bde78ea586]
end
subgraph hs_office_person#HostsharingeG[hs_office_person#HostsharingeG]
role:hs_office_person#HostsharingeG.admin[admin
ref:a4be908f-202f-412a-b25d-8bf42082ef86]
role:hs_office_person#HostsharingeG.owner[owner
ref:2032c07b-0227-4eb2-bcbf-8c417ef673c1]
end
subgraph hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG[hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG]
role:hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG.admin[admin
ref:aa6dc584-7e50-4f9e-85ff-23792683802f]
role:hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG.agent[agent
ref:a8688860-53c3-45ff-92ce-9442d28d9196]
role:hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG.owner[owner
ref:d0fb0a29-f7f0-48f9-82be-151c4ea3f4ec]
end
subgraph hs_office_person#ThirdOHG[hs_office_person#ThirdOHG]
role:hs_office_person#ThirdOHG.admin[admin
ref:c8b186f5-17d0-460e-aa39-cca1f5f8404d]
role:hs_office_person#ThirdOHG.owner[owner
ref:a0ed218b-a0cf-417d-8f82-73eae57e67f8]
end
subgraph users[users]
user:person-HostsharingeG(person-HostsharingeG@example.com
ref:cc50ddc1-a722-47d7-984f-3094877e4496)
user:person-ThirdOHG(person-ThirdOHG@example.com
ref:494c39a5-b410-4578-8d69-d026493c6731)
user:superuser-alex(superuser-alex@hostsharing.net
ref:a580e215-2243-4c7e-a9e3-169b237b86b4)
user:superuser-fran(superuser-fran@hostsharing.net
ref:ce6958ec-5e7a-4209-95b2-346c2eaaa22c)
end
subgraph hs_office_membership#M-1000303[hs_office_membership#M-1000303]
perm:SELECT:on:hs_office_membership#M-1000303{{SELECT
ref:a1eb00eb-3f0f-471c-bf97-ce415e6991ab}}
role:hs_office_membership#M-1000303.admin[admin
ref:a7eece29-79d1-4d41-beb8-2900b899e087]
role:hs_office_membership#M-1000303.owner[owner
ref:8eee38e9-7bb2-4ad7-b427-3999e1c66fd1]
role:hs_office_membership#M-1000303.referrer[referrer
ref:49506b45-aa23-495e-8938-e54b635691ae]
end
role:global#global.admin --> role:hs_office_person#HostsharingeG.owner
role:global#global.admin --> role:hs_office_person#ThirdOHG.owner
role:global#global.admin --> role:hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG.owner
role:hs_office_membership#M-1000303.admin --> role:hs_office_membership#M-1000303.referrer
role:hs_office_membership#M-1000303.owner --> role:hs_office_membership#M-1000303.admin
role:hs_office_membership#M-1000303.referrer --> perm:SELECT:on:hs_office_membership#M-1000303
role:hs_office_person#HostsharingeG.admin --> role:hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG.admin
role:hs_office_person#HostsharingeG.owner --> role:hs_office_person#HostsharingeG.admin
role:hs_office_person#ThirdOHG.admin --> role:hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG.agent
role:hs_office_person#ThirdOHG.owner --> role:hs_office_person#ThirdOHG.admin
role:hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG.admin --> role:hs_office_membership#M-1000303.owner
role:hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG.admin --> role:hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG.agent
role:hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG.agent --> role:hs_office_membership#M-1000303.admin
role:hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG.owner --> role:hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG.admin
user:person-HostsharingeG --> role:hs_office_person#HostsharingeG.owner
user:person-ThirdOHG --> role:hs_office_person#ThirdOHG.owner
user:superuser-alex --> role:global#global.admin
user:superuser-alex --> role:hs_office_membership#M-1000303.owner
user:superuser-alex --> role:hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG.owner
user:superuser-fran --> role:global#global.admin
```

108
doc/temp/partner-updated.md Normal file
View File

@ -0,0 +1,108 @@
### all grants to partner-updated
```mermaid
%%{init:{'flowchart':{'htmlLabels':false}}}%%
flowchart TB
subgraph global#global[global#global]
role:global#global.admin[admin
ref:b7a0455f-4704-41f5-8ddc-70692bc46c01]
end
subgraph hs_office_partner#P-20036[hs_office_partner#P-20036]
perm:SELECT:on:hs_office_partner#P-20036{{SELECT
ref:da2165d9-fb71-46ed-87bc-fed19e5de092}}
end
subgraph hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG[hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG]
role:hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG.admin[admin
ref:dbefd579-063d-4e06-a9c4-e7ab27288dea]
role:hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG.agent[agent
ref:3cd435a3-9f4f-4acc-a035-f781329db167]
role:hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG.owner[owner
ref:4438ef8f-1fad-4a46-b562-3bdac51b7932]
role:hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG.tenant[tenant
ref:14d138a2-1142-4ae8-b089-a8659654dcc5]
end
subgraph hs_office_person#HostsharingeG[hs_office_person#HostsharingeG]
role:hs_office_person#HostsharingeG.admin[admin
ref:fb52b042-8204-4f96-86c7-ebf7e215aba4]
role:hs_office_person#HostsharingeG.owner[owner
ref:1483555f-72af-40fc-bfed-5c9d13304d94]
end
subgraph hs_office_contact#sixthcontact[hs_office_contact#sixthcontact]
role:hs_office_contact#sixthcontact.admin[admin
ref:3bb16898-f7f4-4dc3-9a45-8756462cc246]
role:hs_office_contact#sixthcontact.owner[owner
ref:625707ee-ef28-4e38-8be5-e0126158f86f]
end
subgraph hs_office_person#ThirdOHG[hs_office_person#ThirdOHG]
role:hs_office_person#ThirdOHG.admin[admin
ref:eccc1981-a813-4d6b-95cd-33ea310b1e8f]
role:hs_office_person#ThirdOHG.owner[owner
ref:bffe1bc4-5a28-4bb5-8008-1d9189eed0dd]
end
subgraph users[users]
user:contact-admin(contact-admin@sixthcontact.example.com
ref:4781a32f-7e5b-436f-8fa0-724cc1b8d74a)
user:person-HostsharingeG(person-HostsharingeG@example.com
ref:e5f21c56-448f-4e69-8421-ad92439ea2db)
user:person-ThirdOHG(person-ThirdOHG@example.com
ref:92c46960-abce-4763-9b10-d6682abed8ff)
user:superuser-alex(superuser-alex@hostsharing.net
ref:bd7ba8ed-57cb-40e0-ab8a-c897f107bddc)
user:superuser-fran(superuser-fran@hostsharing.net
ref:5800fee5-7919-4ef8-9ff8-353f1159925a)
end
role:global#global.admin --> role:hs_office_contact#sixthcontact.owner
role:global#global.admin --> role:hs_office_person#HostsharingeG.owner
role:global#global.admin --> role:hs_office_person#ThirdOHG.owner
role:global#global.admin --> role:hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG.owner
role:hs_office_contact#sixthcontact.admin --> role:hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG.tenant
role:hs_office_contact#sixthcontact.owner --> role:hs_office_contact#sixthcontact.admin
role:hs_office_person#HostsharingeG.admin --> role:hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG.admin
role:hs_office_person#HostsharingeG.owner --> role:hs_office_person#HostsharingeG.admin
role:hs_office_person#ThirdOHG.admin --> role:hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG.agent
role:hs_office_person#ThirdOHG.admin --> role:hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG.tenant
role:hs_office_person#ThirdOHG.owner --> role:hs_office_person#ThirdOHG.admin
role:hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG.admin --> role:hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG.agent
role:hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG.agent --> role:hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG.tenant
role:hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG.owner --> role:hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG.admin
role:hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG.tenant --> perm:SELECT:on:hs_office_partner#P-20036
user:contact-admin --> role:hs_office_contact#sixthcontact.owner
user:person-HostsharingeG --> role:hs_office_person#HostsharingeG.owner
user:person-ThirdOHG --> role:hs_office_person#ThirdOHG.owner
user:superuser-alex --> role:global#global.admin
user:superuser-alex --> role:hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG.owner
user:superuser-fran --> role:global#global.admin
```

View File

@ -116,7 +116,6 @@ public class InsertTriggerGenerator {
} else {
final var superRoleEntityAlias = g.getSuperRoleDef().getEntityAlias();
if (superRoleEntityAlias.fetchSql().part == RbacView.SQL.Part.AUTO_FETCH) {
generateInsertPermissionTriggerAllowByRoleOfDirectForeignKey(plPgSql, g);
} else {
generateInsertPermissionTriggerAllowByRoleOfIndirectForeignKey(plPgSql, g);

View File

@ -19,7 +19,7 @@ get:
content:
'application/json':
schema:
$ref: './hs-office-relations-schemas.yaml#/components/schemas/HsOfficeRelation'
$ref: './hs-office-relation-schemas.yaml#/components/schemas/HsOfficeRelation'
"401":
$ref: './error-responses.yaml#/components/responses/Unauthorized'
@ -44,14 +44,14 @@ patch:
content:
'application/json':
schema:
$ref: './hs-office-relations-schemas.yaml#/components/schemas/HsOfficeRelationPatch'
$ref: './hs-office-relation-schemas.yaml#/components/schemas/HsOfficeRelationPatch'
responses:
"200":
description: OK
content:
'application/json':
schema:
$ref: './hs-office-relations-schemas.yaml#/components/schemas/HsOfficeRelation'
$ref: './hs-office-relation-schemas.yaml#/components/schemas/HsOfficeRelation'
"401":
$ref: './error-responses.yaml#/components/responses/Unauthorized'
"403":

View File

@ -18,7 +18,7 @@ get:
in: query
required: false
schema:
$ref: './hs-office-relations-schemas.yaml#/components/schemas/HsOfficeRelationType'
$ref: './hs-office-relation-schemas.yaml#/components/schemas/HsOfficeRelationType'
description: Prefix of name properties from holder or contact to filter the results.
responses:
"200":
@ -28,7 +28,7 @@ get:
schema:
type: array
items:
$ref: './hs-office-relations-schemas.yaml#/components/schemas/HsOfficeRelation'
$ref: './hs-office-relation-schemas.yaml#/components/schemas/HsOfficeRelation'
"401":
$ref: './error-responses.yaml#/components/responses/Unauthorized'
"403":
@ -46,7 +46,7 @@ post:
content:
'application/json':
schema:
$ref: './hs-office-relations-schemas.yaml#/components/schemas/HsOfficeRelationInsert'
$ref: './hs-office-relation-schemas.yaml#/components/schemas/HsOfficeRelationInsert'
required: true
responses:
"201":
@ -54,7 +54,7 @@ post:
content:
'application/json':
schema:
$ref: './hs-office-relations-schemas.yaml#/components/schemas/HsOfficeRelation'
$ref: './hs-office-relation-schemas.yaml#/components/schemas/HsOfficeRelation'
"401":
$ref: './error-responses.yaml#/components/responses/Unauthorized'
"403":

View File

@ -279,7 +279,6 @@ class HsOfficePartnerRepositoryIntegrationTest extends ContextBasedTestWithClean
// then
result.assertSuccessful();
generateRbacDiagramForObjectPermission(givenPartner.getUuid(), "SELECT", "partner-updated");
assertThatPartnerIsVisibleForUserWithRole(
givenPartner,