rbac.role

rbac.permission
2024-09-13 20:46:54 +02:00 · 2024-09-13 20:33:32 +02:00
10 changed files with 87 additions and 87 deletions
--- a/src/main/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantsDiagramService.java
+++ b/src/main/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantsDiagramService.java
@ -94,7 +94,7 @@ public class RbacGrantsDiagramService {
    }
    public String allGrantsFrom(final UUID targetObject, final String op, final EnumSet<Include> includes) {
-        final var refUuid = (UUID) em.createNativeQuery("SELECT uuid FROM rbacpermission WHERE objectuuid=:targetObject AND op=:op")
+        final var refUuid = (UUID) em.createNativeQuery("SELECT uuid FROM rbac.permission WHERE objectuuid=:targetObject AND op=:op")
                .setParameter("targetObject", targetObject)
                .setParameter("op", op)
                .getSingleResult();
--- a/src/main/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleEntity.java
+++ b/src/main/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleEntity.java
@ -8,7 +8,7 @@ import jakarta.persistence.*;
 import java.util.UUID;
@Entity
-@Table(name = "rbacrole_rv")
+@Table(schema = "rbac", name = "role_rv")
@Getter
@Setter
@ToString
--- a/src/main/resources/db/changelog/1-rbac/1050-rbac-base.sql
+++ b/src/main/resources/db/changelog/1-rbac/1050-rbac-base.sql
@ -6,7 +6,7 @@
 /*
 */
-create type rbac.referenceType as enum ('rbac.subject', 'RbacRole', 'RbacPermission');
+create type rbac.referenceType as enum ('rbac.subject', 'rbac.role', 'rbac.permission');
 create table rbac.reference
 (
@ -166,7 +166,7 @@ end; $$;
 create type RbacRoleType as enum ('OWNER', 'ADMIN', 'AGENT', 'TENANT', 'GUEST', 'REFERRER');
-create table RbacRole
+create table rbac.role
 (
    uuid       uuid primary key references  rbac.reference (uuid) on delete cascade initially deferred, -- initially deferred
    objectUuid uuid not null references rbac.object (uuid) initially deferred,
@ -174,7 +174,7 @@ create table RbacRole
    unique (objectUuid, roleType)
 );
-call base.create_journal('RbacRole');
+call base.create_journal('rbac.role');
 create type RbacRoleDescriptor as
 (
@ -218,10 +218,10 @@ declare
 begin
    insert
        into  rbac.reference (type)
-        values ('RbacRole')
+        values ('rbac.role')
        returning uuid into referenceId;
    insert
-        into RbacRole (uuid, objectUuid, roleType)
+        into rbac.role (uuid, objectUuid, roleType)
        values (referenceId, roleDescriptor.objectUuid, roleDescriptor.roleType);
    return referenceId;
 end;
@ -232,7 +232,7 @@ create or replace procedure deleteRole(roleUUid uuid)
    language plpgsql as $$
 begin
    --raise exception '% deleting role uuid %', rbac.currentSubjectOrAssumedRolesUuids(), roleUUid;
-    delete from RbacRole where uuid = roleUUid;
+    delete from rbac.role where uuid = roleUUid;
 end;
 $$;
@ -256,7 +256,7 @@ begin
    objectUuidOfRole = findObjectUuidByIdName(objectTableFromRoleIdName, objectNameFromRoleIdName);
    select uuid
-        from RbacRole
+        from rbac.role
        where objectUuid = objectUuidOfRole
          and roleType = roleTypeFromRoleIdName
        into roleUuid;
@ -267,7 +267,7 @@ create or replace function findRoleId(roleDescriptor RbacRoleDescriptor)
    returns uuid
    returns null on null input
    language sql as $$
-select uuid from RbacRole where objectUuid = roleDescriptor.objectUuid and roleType = roleDescriptor.roleType;
+select uuid from rbac.role where objectUuid = roleDescriptor.objectUuid and roleType = roleDescriptor.roleType;
 $$;
 create or replace function getRoleId(roleDescriptor RbacRoleDescriptor)
@ -280,7 +280,7 @@ begin
    roleUuid := findRoleId(roleDescriptor);
    if (roleUuid is null) then
-        raise exception 'RbacRole "%#%.%" not found', roleDescriptor.objectTable, roleDescriptor.objectUuid, roleDescriptor.roleType;
+        raise exception 'rbac.role "%#%.%" not found', roleDescriptor.objectTable, roleDescriptor.objectUuid, roleDescriptor.roleType;
    end if;
    return roleUuid;
 end;
@ -292,9 +292,9 @@ $$;
 -- ----------------------------------------------------------------------------
 /*
-    RbacRole BEFORE DELETE TRIGGER function which deletes all related roles.
+    rbac.role BEFORE DELETE TRIGGER function which deletes all related roles.
 */
-create or replace function deleteRbacGrantsOfRbacRole()
+create or replace function rbac.delete_grants_of_role_tf()
    returns trigger
    language plpgsql
    strict as $$
@ -308,13 +308,13 @@ begin
 end; $$;
 /*
-    Installs the RbacRole BEFORE DELETE TRIGGER.
+    Installs the rbac.role BEFORE DELETE TRIGGER.
 */
-create trigger deleteRbacGrantsOfRbacRole_Trigger
+create trigger delete_grants_of_role_tg
    before delete
-    on RbacRole
+    on rbac.role
    for each row
-execute procedure deleteRbacGrantsOfRbacRole();
+execute procedure rbac.delete_grants_of_role_tf();
 --//
@ -325,14 +325,14 @@ execute procedure deleteRbacGrantsOfRbacRole();
 /*
    rbac.object BEFORE DELETE TRIGGER function which deletes all related roles.
 */
-create or replace function deleteRbacRolesOfRbacObject()
+create or replace function rbac.delete_roles_of_object_tf()
    returns trigger
    language plpgsql
    strict as $$
 begin
    if TG_OP = 'DELETE' then
-        delete from RbacPermission p where p.objectuuid = old.uuid;
+        delete from rbac.permission p where p.objectuuid = old.uuid;
-        delete from RbacRole r where r.objectUuid = old.uuid;
+        delete from rbac.role r where r.objectUuid = old.uuid;
    else
        raise exception 'invalid usage of TRIGGER BEFORE DELETE';
    end if;
@ -340,13 +340,13 @@ begin
 end; $$;
 /*
-    Installs the RbacRole BEFORE DELETE TRIGGER.
+    Installs the rbac.role BEFORE DELETE TRIGGER.
 */
-create trigger deleteRbacRolesOfRbacObject_Trigger
+create trigger delete_roles_of_object_tg
    before delete
    on rbac.object
    for each row
-        execute procedure deleteRbacRolesOfRbacObject();
+        execute procedure rbac.delete_roles_of_object_tf();
 --//
@ -365,7 +365,7 @@ create domain RbacOp as varchar(6)
            or VALUE = 'ASSUME'
        );
-create table RbacPermission
+create table rbac.permission
 (
    uuid        uuid primary key references  rbac.reference (uuid) on delete cascade,
    objectUuid  uuid not null references rbac.object,
@ -373,13 +373,13 @@ create table RbacPermission
    opTableName varchar(60)
 );
 -- TODO.perf: check if these indexes are really useful
-create index on RbacPermission (objectUuid, op);
+create index on rbac.permission (objectUuid, op);
-create index on RbacPermission (opTableName, op);
+create index on rbac.permission (opTableName, op);
-ALTER TABLE RbacPermission
+ALTER TABLE rbac.permission
    ADD CONSTRAINT RbacPermission_uc UNIQUE NULLS NOT DISTINCT (objectUuid, op, opTableName);
-call base.create_journal('RbacPermission');
+call base.create_journal('rbac.permission');
 create or replace function createPermission(forObjectUuid uuid, forOp RbacOp, forOpTableName text = null)
    returns uuid
@ -398,19 +398,19 @@ begin
    end if;
    permissionUuid := (
-        select uuid from RbacPermission
+        select uuid from rbac.permission
         where objectUuid = forObjectUuid
           and op = forOp and opTableName is not distinct from forOpTableName);
    if (permissionUuid is null) then
        insert into  rbac.reference ("type")
-            values ('RbacPermission')
+            values ('rbac.permission')
            returning uuid into permissionUuid;
        begin
-            insert into RbacPermission (uuid, objectUuid, op, opTableName)
+            insert into rbac.permission (uuid, objectUuid, op, opTableName)
                values (permissionUuid, forObjectUuid, forOp, forOpTableName);
        exception
            when others then
-                raise exception 'insert into RbacPermission (uuid, objectUuid, op, opTableName)
+                raise exception 'insert into rbac.permission (uuid, objectUuid, op, opTableName)
                values (%, %, %, %);', permissionUuid, forObjectUuid, forOp, forOpTableName;
        end;
    end if;
@ -423,7 +423,7 @@ create or replace function findEffectivePermissionId(forObjectUuid uuid, forOp R
    stable -- leakproof
    language sql as $$
 select uuid
-    from RbacPermission p
+    from rbac.permission p
    where p.objectUuid = forObjectUuid
      and (forOp = 'SELECT' or p.op = forOp) -- all other RbacOp include 'SELECT'
      and p.opTableName = forOpTableName
@ -435,7 +435,7 @@ create or replace function findPermissionId(forObjectUuid uuid, forOp RbacOp, fo
    stable -- leakproof
    language sql as $$
 select uuid
-    from RbacPermission p
+    from rbac.permission p
    where p.objectUuid = forObjectUuid
      and p.op = forOp
      and p.opTableName = forOpTableName
@ -449,7 +449,7 @@ declare
    permissionUuid uuid;
 begin
    select uuid into permissionUuid
-        from RbacPermission p
+        from rbac.permission p
        where p.objectUuid = forObjectUuid
          and p.op = forOp
          and forOpTableName is null or p.opTableName = forOpTableName;
@ -470,8 +470,8 @@ declare
    subRoleIdName text;
    superRoleIdName text;
 begin
-    select roleIdName from rbacRole_ev where uuid=subRoleId into subRoleIdName;
+    select roleIdName from rbac.role_ev where uuid=subRoleId into subRoleIdName;
-    select roleIdName from rbacRole_ev where uuid=superRoleId into superRoleIdName;
+    select roleIdName from rbac.role_ev where uuid=superRoleId into superRoleIdName;
    raise exception '[400] Duplicate role grant detected: role % (%) already granted to % (%)', subRoleId, subRoleIdName, superRoleId, superRoleIdName;
 end;
 $$;
@ -488,7 +488,7 @@ create table rbac.grants
 (
    uuid                uuid primary key default uuid_generate_v4(),
    grantedByTriggerOf  uuid references rbac.object (uuid) on delete cascade initially deferred ,
-    grantedByRoleUuid   uuid references RbacRole (uuid),
+    grantedByRoleUuid   uuid references rbac.role (uuid),
    ascendantUuid       uuid references  rbac.reference (uuid),
    descendantUuid      uuid references  rbac.reference (uuid),
    assumed             boolean not null default true,  -- auto assumed (true) vs. needs assumeRoles (false)
@ -581,7 +581,7 @@ create or replace function hasGlobalRoleGranted(forAscendantUuid uuid)
 select exists(
           select r.uuid
               from rbac.grants as g
-                        join RbacRole as r on r.uuid = g.descendantuuid
+                        join rbac.role as r on r.uuid = g.descendantuuid
                        join rbac.object as o on o.uuid = r.objectuuid
               where g.ascendantuuid = forAscendantUuid
                 and o.objecttable = 'rbac.global'
@ -591,8 +591,8 @@ $$;
 create or replace procedure grantPermissionToRole(permissionUuid uuid, roleUuid uuid)
    language plpgsql as $$
 begin
-    perform rbac.assertReferenceType('roleId (ascendant)', roleUuid, 'RbacRole');
+    perform rbac.assertReferenceType('roleId (ascendant)', roleUuid, 'rbac.role');
-    perform rbac.assertReferenceType('permissionId (descendant)', permissionUuid, 'RbacPermission');
+    perform rbac.assertReferenceType('permissionId (descendant)', permissionUuid, 'rbac.permission');
    insert
        into rbac.grants (grantedByTriggerOf, ascendantUuid, descendantUuid, assumed)
@ -611,8 +611,8 @@ $$;
 create or replace procedure grantRoleToRole(subRoleId uuid, superRoleId uuid, doAssume bool = true)
    language plpgsql as $$
 begin
-    perform rbac.assertReferenceType('superRoleId (ascendant)', superRoleId, 'RbacRole');
+    perform rbac.assertReferenceType('superRoleId (ascendant)', superRoleId, 'rbac.role');
-    perform rbac.assertReferenceType('subRoleId (descendant)', subRoleId, 'RbacRole');
+    perform rbac.assertReferenceType('subRoleId (descendant)', subRoleId, 'rbac.role');
    if isGranted(subRoleId, superRoleId) then
        call raiseDuplicateRoleGrantException(subRoleId, superRoleId);
@ -639,8 +639,8 @@ begin
    superRoleId := findRoleId(superRole);
    subRoleId := findRoleId(subRole);
-    perform rbac.assertReferenceType('superRoleId (ascendant)', superRoleId, 'RbacRole');
+    perform rbac.assertReferenceType('superRoleId (ascendant)', superRoleId, 'rbac.role');
-    perform rbac.assertReferenceType('subRoleId (descendant)', subRoleId, 'RbacRole');
+    perform rbac.assertReferenceType('subRoleId (descendant)', subRoleId, 'rbac.role');
    if isGranted(subRoleId, superRoleId) then
        call raiseDuplicateRoleGrantException(subRoleId, superRoleId);
@ -661,8 +661,8 @@ begin
    superRoleId := findRoleId(superRole);
    subRoleId := findRoleId(subRole);
-    perform rbac.assertReferenceType('superRoleId (ascendant)', superRoleId, 'RbacRole');
+    perform rbac.assertReferenceType('superRoleId (ascendant)', superRoleId, 'rbac.role');
-    perform rbac.assertReferenceType('subRoleId (descendant)', subRoleId, 'RbacRole');
+    perform rbac.assertReferenceType('subRoleId (descendant)', subRoleId, 'rbac.role');
    if (isGranted(superRoleId, subRoleId)) then
        delete from rbac.grants where ascendantUuid = superRoleId and descendantUuid = subRoleId;
@ -682,15 +682,15 @@ declare
 begin
    superRoleId := findRoleId(superRole);
-    perform rbac.assertReferenceType('superRoleId (ascendant)', superRoleId, 'RbacRole');
+    perform rbac.assertReferenceType('superRoleId (ascendant)', superRoleId, 'rbac.role');
-    perform rbac.assertReferenceType('permission (descendant)', permissionId, 'RbacPermission');
+    perform rbac.assertReferenceType('permission (descendant)', permissionId, 'rbac.permission');
    if (isGranted(superRoleId, permissionId)) then
        delete from rbac.grants where ascendantUuid = superRoleId and descendantUuid = permissionId;
    else
        select p.op, o.objectTable, o.uuid
            from rbac.grants g
-                     join rbacPermission p on p.uuid=g.descendantUuid
+                     join rbac.permission p on p.uuid=g.descendantUuid
                     join rbac.object o on o.uuid=p.objectUuid
            where g.uuid=permissionId
            into permissionOp, objectTable, objectUuid;
@ -735,7 +735,7 @@ begin
       )
        SELECT DISTINCT perm.objectUuid
            FROM granted
-                     JOIN RbacPermission perm ON granted.descendantUuid = perm.uuid
+                     JOIN rbac.permission perm ON granted.descendantUuid = perm.uuid
                     JOIN rbac.object obj ON obj.uuid = perm.objectUuid
            WHERE (requiredOp = 'SELECT' OR perm.op = requiredOp)
              AND obj.objectTable = forObjectTable
@ -759,7 +759,7 @@ $$;
    Returns all permissions accessible to the given subject UUID (subject or role).
 */
 create or replace function queryPermissionsGrantedToSubjectId(subjectId uuid)
-    returns setof RbacPermission
+    returns setof rbac.permission
    strict
    language sql as $$
 with recursive grants as (
@ -772,7 +772,7 @@ with recursive grants as (
                 inner join grants on grants.descendantUuid = g.ascendantUuid
 )
 select perm.*
-    from RbacPermission perm
+    from rbac.permission perm
    where perm.uuid in (
        select descendantUuid
            from grants
--- a/src/main/resources/db/changelog/1-rbac/1051-rbac-subject-grant.sql
+++ b/src/main/resources/db/changelog/1-rbac/1051-rbac-subject-grant.sql
@ -23,8 +23,8 @@ end; $$;
 create or replace procedure rbac.grantRoleToUserUnchecked(grantedByRoleUuid uuid, grantedRoleUuid uuid, subjectUuid uuid, doAssume boolean = true)
    language plpgsql as $$
 begin
-    perform rbac.assertReferenceType('grantingRoleUuid', grantedByRoleUuid, 'RbacRole');
+    perform rbac.assertReferenceType('grantingRoleUuid', grantedByRoleUuid, 'rbac.role');
-    perform rbac.assertReferenceType('roleId (descendant)', grantedRoleUuid, 'RbacRole');
+    perform rbac.assertReferenceType('roleId (descendant)', grantedRoleUuid, 'rbac.role');
    perform rbac.assertReferenceType('subjectUuid (ascendant)', subjectUuid, 'rbac.subject');
    insert
@ -40,8 +40,8 @@ declare
    grantedByRoleIdName text;
    grantedRoleIdName text;
 begin
-    perform rbac.assertReferenceType('grantingRoleUuid', grantedByRoleUuid, 'RbacRole');
+    perform rbac.assertReferenceType('grantingRoleUuid', grantedByRoleUuid, 'rbac.role');
-    perform rbac.assertReferenceType('grantedRoleUuid (descendant)', grantedRoleUuid, 'RbacRole');
+    perform rbac.assertReferenceType('grantedRoleUuid (descendant)', grantedRoleUuid, 'rbac.role');
    perform rbac.assertReferenceType('subjectUuid (ascendant)', subjectUuid, 'rbac.subject');
    assert grantedByRoleUuid is not null, 'grantedByRoleUuid must not be null';
@ -49,13 +49,13 @@ begin
    assert subjectUuid is not null, 'subjectUuid must not be null';
    if NOT isGranted(rbac.currentSubjectOrAssumedRolesUuids(), grantedByRoleUuid) then
-        select roleIdName from rbacRole_ev where uuid=grantedByRoleUuid into grantedByRoleIdName;
+        select roleIdName from rbac.role_ev where uuid=grantedByRoleUuid into grantedByRoleIdName;
        raise exception '[403] Access to granted-by-role % (%) forbidden for % (%)',
                grantedByRoleIdName, grantedByRoleUuid, currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
    end if;
    if NOT isGranted(grantedByRoleUuid, grantedRoleUuid) then
-        select roleIdName from rbacRole_ev where uuid=grantedByRoleUuid into grantedByRoleIdName;
+        select roleIdName from rbac.role_ev where uuid=grantedByRoleUuid into grantedByRoleIdName;
-        select roleIdName from rbacRole_ev where uuid=grantedRoleUuid into grantedRoleIdName;
+        select roleIdName from rbac.role_ev where uuid=grantedRoleUuid into grantedRoleIdName;
        raise exception '[403] Access to granted role % (%) forbidden for % (%)',
                grantedRoleIdName, grantedRoleUuid, grantedByRoleIdName, grantedByRoleUuid;
    end if;
@ -77,8 +77,8 @@ end; $$;
 create or replace procedure rbac.checkRevokeRoleFromSubjectPreconditions(grantedByRoleUuid uuid, grantedRoleUuid uuid, subjectUuid uuid)
    language plpgsql as $$
 begin
-    perform rbac.assertReferenceType('grantedByRoleUuid', grantedByRoleUuid, 'RbacRole');
+    perform rbac.assertReferenceType('grantedByRoleUuid', grantedByRoleUuid, 'rbac.role');
-    perform rbac.assertReferenceType('grantedRoleUuid (descendant)', grantedRoleUuid, 'RbacRole');
+    perform rbac.assertReferenceType('grantedRoleUuid (descendant)', grantedRoleUuid, 'rbac.role');
    perform rbac.assertReferenceType('subjectUuid (ascendant)', subjectUuid, 'rbac.subject');
    if NOT isGranted(rbac.currentSubjectOrAssumedRolesUuids(), grantedByRoleUuid) then
--- a/src/main/resources/db/changelog/1-rbac/1054-rbac-context.sql
+++ b/src/main/resources/db/changelog/1-rbac/1054-rbac-context.sql
@ -61,7 +61,7 @@ begin
            end if;
            select uuid
-                from RbacRole r
+                from rbac.role r
                where r.objectUuid = objectUuidToAssume
                  and r.roleType = roleTypeToAssume
                into roleUuidToAssume;
--- a/src/main/resources/db/changelog/1-rbac/1055-rbac-views.sql
+++ b/src/main/resources/db/changelog/1-rbac/1055-rbac-views.sql
@ -7,14 +7,14 @@
    Creates a view to the role table with additional columns
    for easier human readability.
 */
-drop view if exists rbacrole_ev;
+drop view if exists rbac.role_ev;
-create or replace view rbacrole_ev as
+create or replace view rbac.role_ev as
 select (objectTable || '#' || objectIdName || ':' || roleType) as roleIdName, *
       -- @formatter:off
    from (
             select r.*,
                    o.objectTable, findIdNameByObjectUuid(o.objectTable, o.uuid) as objectIdName
-                 from rbacrole as r
+                 from rbac.role as r
                          join rbac.object as o on o.uuid = r.objectuuid
         ) as unordered
         -- @formatter:on
@ -28,20 +28,20 @@ select (objectTable || '#' || objectIdName || ':' || roleType) as roleIdName, *
    Creates a view to the role table with row-level limitation
    based on the grants of the current user or assumed roles.
 */
-drop view if exists rbacrole_rv;
+drop view if exists rbac.role_rv;
-create or replace view rbacrole_rv as
+create or replace view rbac.role_rv as
 select *
       -- @formatter:off
        from (
            select r.*, o.objectTable,
                   findIdNameByObjectUuid(o.objectTable, o.uuid) as objectIdName
-                from rbacrole as r
+                from rbac.role as r
                join rbac.object as o on o.uuid = r.objectuuid
                where isGranted(rbac.currentSubjectOrAssumedRolesUuids(), r.uuid)
        ) as unordered
        -- @formatter:on
        order by objectTable || '#' || objectIdName || ':' || roleType;
-grant all privileges on rbacrole_rv to ${HSADMINNG_POSTGRES_RESTRICTED_USERNAME};
+grant all privileges on rbac.role_rv to ${HSADMINNG_POSTGRES_RESTRICTED_USERNAME};
 --//
@ -87,16 +87,16 @@ create or replace view rbacgrants_ev as
                    dp.op, dp.optablename
                 from rbac.grants as g
-                left outer join rbacrole as ar on ar.uuid = g.ascendantUuid
+                left outer join rbac.role as ar on ar.uuid = g.ascendantUuid
                    left outer join rbac.object as aro on aro.uuid = ar.objectuuid
                left outer join rbac.subject as au on au.uuid = g.ascendantUuid
-                left outer join rbacrole as dr on dr.uuid = g.descendantUuid
+                left outer join rbac.role as dr on dr.uuid = g.descendantUuid
                    left outer join rbac.object as dro on dro.uuid = dr.objectuuid
-                left outer join rbacpermission dp on dp.uuid = g.descendantUuid
+                left outer join rbac.permission dp on dp.uuid = g.descendantUuid
                    left outer join rbac.object as dpo on dpo.uuid = dp.objectUuid
         ) as x
-         left outer join rbacrole as r on r.uuid = grantedByRoleUuid
+         left outer join rbac.role as r on r.uuid = grantedByRoleUuid
         left outer join rbac.subject u on u.uuid = x.ascendantuuid
         left outer join rbac.object go on go.uuid = r.objectuuid
@ -124,16 +124,16 @@ select o.objectTable || '#' || findIdNameByObjectUuid(o.objectTable, o.uuid) ||
                    u.name as userName, o.objecttable, r.objectuuid, r.roletype,
                    findIdNameByObjectUuid(o.objectTable, o.uuid) as objectIdName
                 from rbac.grants as g
-                          join rbacrole as r on r.uuid = g.descendantUuid
+                          join rbac.role as r on r.uuid = g.descendantUuid
                          join rbac.object o on o.uuid = r.objectuuid
                          left outer join rbac.subject u on u.uuid = g.ascendantuuid
                 where isGranted(rbac.currentSubjectOrAssumedRolesUuids(), r.uuid)
         ) as g
-             join RbacRole as r on r.uuid = grantedByRoleUuid
+             join rbac.role as r on r.uuid = grantedByRoleUuid
             join rbac.object as o on o.uuid = r.objectUuid
    order by grantedRoleIdName;
 -- @formatter:on
-grant all privileges on rbacrole_rv to ${HSADMINNG_POSTGRES_RESTRICTED_USERNAME};
+grant all privileges on rbac.role_rv to ${HSADMINNG_POSTGRES_RESTRICTED_USERNAME};
 --//
@ -212,7 +212,7 @@ select distinct *
             select usersInRolesOfcurrentSubject.*
                 from rbac.subject as usersInRolesOfcurrentSubject
                          join rbac.grants as g on g.ascendantuuid = usersInRolesOfcurrentSubject.uuid
-                          join rbacrole_ev as r on r.uuid = g.descendantuuid
+                          join rbac.role_ev as r on r.uuid = g.descendantuuid
             union
             select users.*
                 from rbac.subject as users
@ -237,7 +237,7 @@ create or replace view rbac.subject_rv as
            select usersInRolesOfcurrentSubject.*
                from rbac.subject as usersInRolesOfcurrentSubject
                 join rbac.grants as g on g.ascendantuuid = usersInRolesOfcurrentSubject.uuid
-                 join rbacrole_rv as r on r.uuid = g.descendantuuid
+                 join rbac.role_rv as r on r.uuid = g.descendantuuid
            union
            select users.*
                from rbac.subject as users
@ -329,9 +329,9 @@ create or replace view rbac.own_granted_permissions_rv as
 select r.uuid as roleuuid, p.uuid as permissionUuid,
       (r.objecttable || ':' || r.objectidname || ':' ||  r.roletype) as roleName, p.op,
       o.objecttable, r.objectidname, o.uuid as objectuuid
-    from rbacrole_rv r
+    from rbac.role_rv r
    join rbac.grants g on g.ascendantuuid = r.uuid
-    join rbacpermission p on p.uuid = g.descendantuuid
+    join rbac.permission p on p.uuid = g.descendantuuid
    join rbac.object o on o.uuid = p.objectuuid;
 grant all privileges on rbac.own_granted_permissions_rv to ${HSADMINNG_POSTGRES_RESTRICTED_USERNAME};
 -- @formatter:om
@ -372,7 +372,7 @@ begin
              from queryPermissionsGrantedToSubjectId( targetSubjectUuid) as p
              join rbac.grants as g on g.descendantUuid = p.uuid
              join rbac.object as po on po.uuid = p.objectUuid
-              join rbacrole_rv as r on r.uuid = g.ascendantUuid
+              join rbac.role_rv as r on r.uuid = g.ascendantUuid
              join rbac.object as ro on ro.uuid = r.objectUuid
              where isGranted(targetSubjectUuid, r.uuid)
             ) xp;
--- a/src/main/resources/db/changelog/1-rbac/1058-rbac-generators.sql
+++ b/src/main/resources/db/changelog/1-rbac/1058-rbac-generators.sql
@ -202,7 +202,7 @@ begin
                                                     as valid)
                      select distinct perm.objectuuid
                          from recursive_grants
-                                   join rbacpermission perm on recursive_grants.descendantuuid = perm.uuid
+                                   join rbac.permission perm on recursive_grants.descendantuuid = perm.uuid
                                   join rbac.object obj on obj.uuid = perm.objectuuid
                                   join count_check cc on cc.valid
                          where obj.objectTable = '%1$s' -- 'SELECT' permission is included in all other permissions
--- a/src/main/resources/db/changelog/1-rbac/1059-rbac-statistics.sql
+++ b/src/main/resources/db/changelog/1-rbac/1059-rbac-statistics.sql
@ -11,10 +11,10 @@ select no, to_char("count", '9 999 999 999') as "count", "table"
              from rbac.subject
          union
          select 2 as no, count(*) as "count", 'roles' as "table"
-              from RbacRole
+              from rbac.role
          union
          select 3 as no, count(*) as "count", 'permissions' as "table"
-              from RbacPermission
+              from rbac.permission
          union
          select 4 as no, count(*) as "count", 'references' as "table"
              from  rbac.reference
--- a/src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RawRbacRoleEntity.java
+++ b/src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RawRbacRoleEntity.java
@ -10,7 +10,7 @@ import java.util.List;
 import java.util.UUID;
@Entity
-@Table(name = "rbacrole_ev")
+@Table(schema = "rbac", name = "role_ev")
@Getter
@Setter
@ToString
--- a/src/test/java/net/hostsharing/hsadminng/rbac/test/ContextBasedTestWithCleanup.java
+++ b/src/test/java/net/hostsharing/hsadminng/rbac/test/ContextBasedTestWithCleanup.java
@ -305,7 +305,7 @@ public abstract class ContextBasedTestWithCleanup extends ContextBasedTest {
    protected String[] roleNames(final String sqlLikeExpression) {
        final var pattern = Pattern.compile(sqlLikeExpression);
        //noinspection unchecked
-        final List<Object[]> rows = (List<Object[]>) em.createNativeQuery("select * from rbacrole_ev where roleidname like 'hs_booking_project#%'")
+        final List<Object[]> rows = (List<Object[]>) em.createNativeQuery("select * from rbac.role_ev where roleidname like 'hs_booking_project#%'")
                .getResultList();
        return rows.stream()
                .map(row -> (row[0]).toString())
Author	SHA1	Message	Date
Michael Hoennig	d1c8c30d8b	rbac.role	2024-09-13 20:46:54 +02:00
Michael Hoennig	357c091411	rbac.permission	2024-09-13 20:33:32 +02:00