hostsharing/hs.hsadmin.ng
6
0
Fork 0
Code Pull Requests 3 Activity

Compare commits

base: hostsharing:4c6b7beb2d903f23bd110b5642b32400b9050290
Branches Tags
hostsharing:master
hostsharing:TP-20240927-importfixes
hostsharing:add-hsoting-asset-to-booking-item-resource-and-created-event
hostsharing:spike/auto-build
hostsharing:office-rbac-revision
hostsharing:java-for-gradlew
hostsharing:TP-202408-cors_webui
hostsharing:TP-202405-filtered_import
hostsharing:idea-bug-refactor-inline
hostsharing:api-vision
hostsharing:rbac-object-scope-to-replace-serial-id
hostsharing:office-related-spec-clarifications-and-amendmends
hostsharing:revert-upgrade-openapiprocessor-spring-back-to-2022-5
hostsharing:upgrade-io.openapiprocessoropenapi-processor-spring-to-2024.2
hostsharing:spike/JSonSerializerDeserializerForDTOs
hostsharing:spike/master-detail-for-customer-and-contacts
..
compare: hostsharing:5ef16c11d5b771306d967e9873ce13f3312a3645
Branches Tags
hostsharing:TP-20240927-importfixes
hostsharing:add-hsoting-asset-to-booking-item-resource-and-created-event
hostsharing:master
hostsharing:spike/auto-build
hostsharing:office-rbac-revision
hostsharing:java-for-gradlew
hostsharing:TP-202408-cors_webui
hostsharing:TP-202405-filtered_import
hostsharing:idea-bug-refactor-inline
hostsharing:api-vision
hostsharing:rbac-object-scope-to-replace-serial-id
hostsharing:office-related-spec-clarifications-and-amendmends
hostsharing:revert-upgrade-openapiprocessor-spring-back-to-2022-5
hostsharing:upgrade-io.openapiprocessoropenapi-processor-spring-to-2024.2
hostsharing:spike/JSonSerializerDeserializerForDTOs
hostsharing:spike/master-detail-for-customer-and-contacts

No commits in common. "4c6b7beb2d903f23bd110b5642b32400b9050290" and "5ef16c11d5b771306d967e9873ce13f3312a3645" have entirely different histories.
4c6b7beb2d ... 5ef16c11d5

3 changed files with 297 additions and 126 deletions
Show Stats Expand all files Collapse all files

5
doc/rbac-schema-f.md
View File

@ -24,11 +24,6 @@ Objektorientiert gedacht, enthalten solche Objekte die Zusatzdaten einer Subklas
- Delete (\*) <-- Owner des Hauptobjektes
- Edit <-- **Agent** des Hauptobjektes
- View <-- Agent des Hauptobjektes
- Für die Rollenzuordnung zwischen referenzierten Objekten gilt:
- Für Objekte vom Typ Root werden die Rollen des zugehörigen Aggregator-Objektes verwendet.
- Gibt es Referenzen auf hierarchisch verbundene Objekte (z.B. Debitor.refundBankAccount) gilt folgende Faustregel:
***Nach oben absteigen, nach unten halten oder aufsteigen.*** An einem fachlich übergeordneten Objekt wird also eine niedrigere Rolle (z.B. Debitor-admin -> Partner.agent), einem fachlich untergeordneten Objekt eine gleichwertige Rolle (z.B. Partner.admin -> Debitor.admin) zugewiesen oder sogar aufgestiegen (Debitor.admin -> Package.tenant).
- Für Referenzen zwischen Objekten, die nicht hierarchisch zueinander stehen (z.B. Debitor und Bankverbindung), wird auf beiden seiten abgestiegen (also Debitor.admin -> BankAccount.referrer und BankAccount.admin -> Debitor.tenant).
Anmerkung: Der Typ-Begriff *Root* bezieht sich auf die Rolle im fachlichen Datenmodell. Im Bezug auf den Teilgraphen eines fachlichen Kontexts ist dies auch eine Wurzel im Sinne der Graphentheorie. Aber in anderen fachlichen Kontexten können auch diese Objekte von anderen Teilgraphen referenziert werden und werden dann zum inneren Knoten.

112
src/main/resources/db/changelog/233-hs-office-partner-rbac.md
View File

@ -3,70 +3,76 @@
```mermaid
flowchart TB
subgraph external[ ]
style external fill:#fff
subgraph global
style global fill:#eee
subgraph global
style global fill:#eee
role:global.admin[global.admin]
end
subgraph partnerPerson
style partnerPerson fill:#eee
role:partnerPerson.admin[global.admin]
end
subgraph otherRelatedPerson
style otherRelatedPerson fill:#eee
role:otherRelatedPerson.admin[global.admin]
end
subgraph hsOfficeRelationship[hsOfficeRelationship:PARTNER]
direction TB
style hsOfficeRelationship fill:#eee
role:global.admin
--> role:hsOfficeRelationship.owner[relationship.owner]
--> role:hsOfficeRelationship.admin[relationship.admin]
--> role:hsOfficeRelationship.agent[relationship.agent]
--> role:hsOfficeRelationship.tenant[relationship.tenant]
role:partnerPerson.admin --> role:hsOfficeRelationship.agent
role:otherRelatedPerson.admin --> role:hsOfficeRelationship.tenant
end
role:global.admin[global.admin]
end
subgraph internal[ ]
subgraph hsOfficeContact
direction TB
style hsOfficeContact fill:#eee
subgraph hsOfficePartner
style hsOfficePartner fill:#fff
role:hsOfficeContact.admin[contact.admin]
--> role:hsOfficeContact.tenant[contact.tenant]
--> role:hsOfficeContact.guest[contact.guest]
end
perm:hsOfficePartner.*{{partner.*}}
role:hsOfficeRelationship.owner ==> perm:hsOfficePartner.*
subgraph hsOfficePerson
direction TB
style hsOfficePerson fill:#eee
perm:hsOfficePartner.edit{{partner.edit}}
role:hsOfficeRelationship.admin ==> perm:hsOfficePartner.edit
role:hsOfficePerson.admin[person.admin]
--> role:hsOfficePerson.tenant[person.tenant]
--> role:hsOfficePerson.guest[person.guest]
end
perm:hsOfficePartner.view{{partner.view}}
role:hsOfficeRelationship.tenant ==> perm:hsOfficePartner.view
end
subgraph hsOfficePartnerDetails
direction TB
subgraph hsOfficePartnerDetails
direction TB
style hsOfficePartnerDetails fill:#eee
perm:hsOfficePartnerDetails.*{{partner.*}}
perm:hsOfficePartnerDetails.edit{{partner.edit}}
perm:hsOfficePartnerDetails.view{{partner.view}}
end
perm:hsOfficePartnerDetails.*{{partnerDetails.*}}
role:hsOfficeRelationship.owner ==> perm:hsOfficePartnerDetails.*
subgraph hsOfficePartner
perm:hsOfficePartnerDetails.edit{{partnerDetails.edit}}
role:hsOfficeRelationship.agent ==> perm:hsOfficePartnerDetails.edit
role:hsOfficeRelationship.agent ==> perm:hsOfficePartnerDetails.view
role:hsOfficePartner.owner[partner.owner]
%% permissions
role:hsOfficePartner.owner --> perm:hsOfficePartner.*{{partner.*}}
role:hsOfficePartner.owner --> perm:hsOfficePartnerDetails.*{{partner.*}}
%% incoming
role:global.admin ---> role:hsOfficePartner.owner
perm:hsOfficePartnerDetails.view{{partnerDetails.view}}
end
role:hsOfficePartner.admin[partner.admin]
%% permissions
role:hsOfficePartner.admin --> perm:hsOfficePartner.edit{{partner.edit}}
role:hsOfficePartner.admin --> perm:hsOfficePartnerDetails.edit{{partner.edit}}
%% incoming
role:hsOfficePartner.owner ---> role:hsOfficePartner.admin
%% outgoing
role:hsOfficePartner.admin --> role:hsOfficePerson.tenant
role:hsOfficePartner.admin --> role:hsOfficeContact.tenant
role:hsOfficePartner.agent[partner.agent]
%% permissions
role:hsOfficePartner.agent --> perm:hsOfficePartnerDetails.view{{partner.view}}
%% incoming
role:hsOfficePartner.admin ---> role:hsOfficePartner.agent
role:hsOfficePerson.admin --> role:hsOfficePartner.agent
role:hsOfficeContact.admin --> role:hsOfficePartner.agent
role:hsOfficePartner.tenant[partner.tenant]
%% incoming
role:hsOfficePartner.agent --> role:hsOfficePartner.tenant
%% outgoing
role:hsOfficePartner.tenant --> role:hsOfficePerson.guest
role:hsOfficePartner.tenant --> role:hsOfficeContact.guest
role:hsOfficePartner.guest[partner.guest]
%% permissions
role:hsOfficePartner.guest --> perm:hsOfficePartner.view{{partner.view}}
%% incoming
role:hsOfficePartner.tenant --> role:hsOfficePartner.guest
end
```

264
src/main/resources/db/changelog/273-hs-office-debitor-rbac.md
View File

@ -3,78 +3,248 @@
```mermaid
flowchart TB
subgraph bank[ ]
style bank fill:#fff
subgraph global
style global fill:#eee
subgraph refundBankAccount
direction TB
style refundBankAccount fill:#eee
role:refundBankAccount.owner[bankAccount.owner]
--> role:refundBankAccount.admin[bankAccount.admin]
--> role:refundBankAccount.referrer[bankAccount.referrer]
end
role:global.admin[global.admin]
end
subgraph partner[ ]
style partner fill:#fff
subgraph office
style office fill:#eee
subgraph partnerRelationship[hsOfficeRelationship:PARTNER]
direction TB
style partnerRelationship fill:#eee
subgraph sepa
role:partnerRelationship.owner[relationship.owner]
--> role:partnerRelationship.admin[relationship.admin]
--> role:partnerRelationship.agent[relationship.agent]
--> role:partnerRelationship.tenant[relationship.tenant]
subgraph bankaccount
style bankaccount fill: #e9f7ef
partnerPerson[e.g. partnerPerson.admin] --> role:partnerRelationship.agent
otherPerson[e.g. operationalPerson.admin] --> role:partnerRelationship.tenant
user:hsOfficeBankAccount.creator([bankaccount.creator])
role:hsOfficeBankAccount.owner[bankaccount.owner]
%% permissions
role:hsOfficeBankAccount.owner --> perm:hsOfficeBankAccount.*{{bankaccount.*}}
%% incoming
role:global.admin --> role:hsOfficeBankAccount.owner
user:hsOfficeBankAccount.creator ---> role:hsOfficeBankAccount.owner
role:hsOfficeBankAccount.admin[bankaccount.admin]
%% permissions
role:hsOfficeBankAccount.admin --> perm:hsOfficeBankAccount.edit{{bankaccount.edit}}
%% incoming
role:hsOfficeBankAccount.owner ---> role:hsOfficeBankAccount.admin
role:hsOfficeBankAccount.tenant[bankaccount.tenant]
%% incoming
role:hsOfficeBankAccount.admin ---> role:hsOfficeBankAccount.tenant
role:hsOfficeBankAccount.guest[bankaccount.guest]
%% permissions
role:hsOfficeBankAccount.guest --> perm:hsOfficeBankAccount.view{{bankaccount.view}}
%% incoming
role:hsOfficeBankAccount.tenant ---> role:hsOfficeBankAccount.guest
end
end
subgraph internal[ ]
direction TB
style internal fill:#fff
subgraph hsOfficeSepaMandate
end
subgraph debitorRelationship[hsOfficeRelationship:DEBITOR]
direction TB
style debitorRelationship fill:#eee
end
subgraph contact
style contact fill: #e9f7ef
user:hsOfficeContact.creator([contact.creator])
role:hsOfficeContact.owner[contact.owner]
%% permissions
role:hsOfficeContact.owner --> perm:hsOfficeContact.*{{contact.*}}
%% incoming
role:global.admin --> role:hsOfficeContact.owner
user:hsOfficeContact.creator ---> role:hsOfficeContact.owner
role:hsOfficeContact.admin[contact.admin]
%% permissions
role:hsOfficeContact.admin ---> perm:hsOfficeContact.edit{{contact.edit}}
%% incoming
role:hsOfficeContact.owner ---> role:hsOfficeContact.admin
role:hsOfficeContact.tenant[contact.tenant]
%% incoming
role:hsOfficeContact.admin ----> role:hsOfficeContact.tenant
role:hsOfficeContact.guest[contact.guest]
%% permissions
role:hsOfficeContact.guest --> perm:hsOfficeContact.view{{contact.view}}
%% incoming
role:hsOfficeContact.tenant ---> role:hsOfficeContact.guest
end
subgraph partner-person
subgraph person
style person fill: #e9f7ef
user:hsOfficePerson.creator([personcreator])
role:hsOfficePerson.owner[person.owner]
%% permissions
role:hsOfficePerson.owner --> perm:hsOfficePerson.*{{person.*}}
%% incoming
user:hsOfficePerson.creator ---> role:hsOfficePerson.owner
role:global.admin --> role:hsOfficePerson.owner
role:hsOfficePerson.admin[person.admin]
%% permissions
role:hsOfficePerson.admin --> perm:hsOfficePerson.edit{{person.edit}}
%% incoming
role:hsOfficePerson.owner ---> role:hsOfficePerson.admin
role:hsOfficePerson.tenant[person.tenant]
%% incoming
role:hsOfficePerson.admin -----> role:hsOfficePerson.tenant
role:hsOfficePerson.guest[person.guest]
%% permissions
role:hsOfficePerson.guest --> perm:hsOfficePerson.edit{{person.view}}
%% incoming
role:hsOfficePerson.tenant ---> role:hsOfficePerson.guest
end
subgraph partner
role:hsOfficePartner.owner[partner.owner]
%% permissions
role:hsOfficePartner.owner --> perm:hsOfficePartner.*{{partner.*}}
%% incoming
role:global.admin ---> role:hsOfficePartner.owner
role:hsOfficePartner.admin[partner.admin]
%% permissions
role:hsOfficePartner.admin --> perm:hsOfficePartner.edit{{partner.edit}}
%% incoming
role:hsOfficePartner.owner ---> role:hsOfficePartner.admin
%% outgoing
role:hsOfficePartner.admin --> role:hsOfficePerson.tenant
role:hsOfficePartner.admin --> role:hsOfficeContact.tenant
role:hsOfficePartner.agent[partner.agent]
%% incoming
role:hsOfficePartner.admin --> role:hsOfficePartner.agent
role:hsOfficePerson.admin --> role:hsOfficePartner.agent
role:hsOfficeContact.admin --> role:hsOfficePartner.agent
role:hsOfficePartner.tenant[partner.tenant]
%% incoming
role:hsOfficePartner.agent ---> role:hsOfficePartner.tenant
%% outgoing
role:hsOfficePartner.tenant --> role:hsOfficePerson.guest
role:hsOfficePartner.tenant --> role:hsOfficeContact.guest
role:hsOfficePartner.guest[partner.guest]
%% permissions
role:hsOfficePartner.guest --> perm:hsOfficePartner.view{{partner.view}}
%% incoming
role:hsOfficePartner.tenant ---> role:hsOfficePartner.guest
end
role:debitorRelationship.owner[relationship.owner]
--> role:debitorRelationship.admin[relationship.admin]
--> role:debitorRelationship.agent[relationship.agent]
--> role:debitorRelationship.tenant[relationship.tenant]
end
subgraph debitor
direction TB
style debitor stroke-width:6px
role:debitorRelationship.owner[debitorRelationship.owner]
user:hsOfficeDebitor.creator([debitor.creator])
%% created by role
user:hsOfficeDebitor.creator --> role:hsOfficePartner.agent
role:hsOfficeDebitor.owner[debitor.owner]
%% permissions
==> perm:debitor.*{{debitor.*}}
role:hsOfficeDebitor.owner --> perm:hsOfficeDebitor.*{{debitor.*}}
%% incoming
user:hsOfficeDebitor.creator --> role:hsOfficeDebitor.owner
role:global.admin --> role:hsOfficeDebitor.owner
role:debitorRelationship.admin[debitorRelationship.admin]
role:hsOfficeDebitor.admin[debitor.admin]
%% permissions
==> perm:debitor.edit{{debitorRelationship.edit}}
role:hsOfficeDebitor.admin --> perm:hsOfficeDebitor.edit{{debitor.edit}}
%% incoming
role:partnerRelationship.admin ==> role:debitorRelationship.admin
%% outgoing
role:debitorRelationship.admin ==> role:partnerRelationship.agent
role:hsOfficeDebitor.owner ---> role:hsOfficeDebitor.admin
role:debitorRelationship.agent[debitorRelationship.agent]
role:hsOfficeDebitor.agent[debitor.agent]
%% incoming
role:partnerRelationship.agent ==> role:debitorRelationship.agent
role:refundBankAccount.admin ==> role:debitorRelationship.agent
role:hsOfficeDebitor.admin ---> role:hsOfficeDebitor.agent
role:hsOfficePartner.admin --> role:hsOfficeDebitor.agent
%% outgoing
role:debitorRelationship.agent ==> role:partnerRelationship.tenant
role:debitorRelationship.agent ==> role:refundBankAccount.referrer
role:hsOfficeDebitor.agent --> role:hsOfficeBankAccount.tenant
role:debitorRelationship.tenant[debitorRelationship.tenant]
==> perm:debitor.view{{debitor.view}}
role:hsOfficeDebitor.tenant[debitor.tenant]
%% incoming
role:hsOfficeDebitor.agent ---> role:hsOfficeDebitor.tenant
role:hsOfficePartner.agent --> role:hsOfficeDebitor.tenant
role:hsOfficeBankAccount.admin --> role:hsOfficeDebitor.tenant
%% outgoing
role:hsOfficeDebitor.tenant --> role:hsOfficePartner.tenant
role:hsOfficeDebitor.tenant --> role:hsOfficeContact.guest
role:hsOfficeDebitor.guest[debitor.guest]
%% permissions
role:hsOfficeDebitor.guest --> perm:hsOfficeDebitor.view{{debitor.view}}
%% incoming
role:hsOfficeDebitor.tenant --> role:hsOfficeDebitor.guest
end
end
subgraph hsOfficeSepaMandate
role:hsOfficeSepaMandate.owner[sepaMandate.owner]
%% permissions
role:hsOfficeSepaMandate.owner --> perm:hsOfficeSepaMandate.*{{sepaMandate.*}}
%% incoming
role:global.admin ---> role:hsOfficeSepaMandate.owner
role:hsOfficeSepaMandate.admin[sepaMandate.admin]
%% permissions
role:hsOfficeSepaMandate.admin --> perm:hsOfficeSepaMandate.edit{{sepaMandate.edit}}
%% incoming
role:hsOfficeSepaMandate.owner ---> role:hsOfficeSepaMandate.admin
role:hsOfficeSepaMandate.agent[sepaMandate.agent]
%% incoming
role:hsOfficeSepaMandate.admin ---> role:hsOfficeSepaMandate.agent
role:hsOfficeDebitor.admin --> role:hsOfficeSepaMandate.agent
role:hsOfficeBankAccount.admin --> role:hsOfficeSepaMandate.agent
%% outgoing
role:hsOfficeSepaMandate.agent --> role:hsOfficeDebitor.tenant
role:hsOfficeSepaMandate.admin --> role:hsOfficeBankAccount.tenant
role:hsOfficeSepaMandate.tenant[sepaMandate.tenant]
%% incoming
role:hsOfficeSepaMandate.agent --> role:hsOfficeSepaMandate.tenant
%% outgoing
role:hsOfficeSepaMandate.tenant --> role:hsOfficeDebitor.guest
role:hsOfficeSepaMandate.tenant --> role:hsOfficeBankAccount.guest
role:hsOfficeSepaMandate.guest[sepaMandate.guest]
%% permissions
role:hsOfficeSepaMandate.guest --> perm:hsOfficeSepaMandate.view{{sepaMandate.view}}
%% incoming
role:hsOfficeSepaMandate.tenant --> role:hsOfficeSepaMandate.guest
end
subgraph hosting
style hosting fill:#eee
subgraph package
style package fill: #e9f7ef
role:package.owner[package.owner]
--> role:package.admin[package.admin]
--> role:package.tenant[package.tenant]
role:hsOfficeDebitor.agent --> role:package.owner
role:package.admin --> role:hsOfficeDebitor.tenant
role:hsOfficePartner.tenant --> role:hsOfficeDebitor.guest
end
end
```