fix ImportOfficeData

patch generated rbac trigger to fix too broad INSERT grants
2024-04-13 13:40:58 +02:00 · 2024-04-13 13:27:24 +02:00
2 changed files with 12 additions and 8 deletions
--- a/src/main/resources/db/changelog/6-hs-booking/601-booking-item/6013-hs-booking-item-rbac.sql
+++ b/src/main/resources/db/changelog/6-hs-booking/601-booking-item/6013-hs-booking-item-rbac.sql
@ -104,25 +104,28 @@ do language plpgsql $$
        call defineContext('create INSERT INTO hs_booking_item permissions for the related hs_office_relation rows');

        FOR row IN SELECT * FROM hs_office_relation
+                WHERE type in ('DEBITOR') -- TODO.rbac: currently manually patched, needs to be generated
            LOOP
                call grantPermissionToRole(
-                    createPermission(row.uuid, 'INSERT', 'hs_booking_item'),
-                    hsOfficeRelationADMIN(row));
+                createPermission(row.uuid, 'INSERT', 'hs_booking_item'),
+                hsOfficeRelationADMIN(row));
            END LOOP;
    END;
 $$;

 /**
-    Adds hs_booking_item INSERT permission to specified role of new hs_office_relation rows.
+    Adds hs_booking_item INSERT permission to specified roleNSERT permission to specified role of new hs_office_relation rows.
 */
 create or replace function hs_booking_item_hs_office_relation_insert_tf()
    returns trigger
    language plpgsql
    strict as $$
 begin
-    call grantPermissionToRole(
+    if NEW.type = 'DEBITOR' then -- TODO.rbac: currently manually patched, needs to be generated
+        call grantPermissionToRole(
            createPermission(NEW.uuid, 'INSERT', 'hs_booking_item'),
            hsOfficeRelationADMIN(NEW));
+    end if;
    return NEW;
 end; $$;

--- a/src/test/java/net/hostsharing/hsadminng/hs/office/migration/ImportOfficeData.java
+++ b/src/test/java/net/hostsharing/hsadminng/hs/office/migration/ImportOfficeData.java
@ -360,10 +360,10 @@ public class ImportOfficeData extends ContextBasedTest {

        assertThat(toFormattedString(coopShares)).isEqualToIgnoringWhitespace("""
                {
-                    33443=CoopShareTransaction(M-1001700, 2000-12-06, SUBSCRIPTION, 20, legacy data import, initial share subscription),
-                    33451=CoopShareTransaction(M-1002000, 2000-12-06, SUBSCRIPTION, 2, legacy data import, initial share subscription),
-                    33701=CoopShareTransaction(M-1001700, 2005-01-10, SUBSCRIPTION, 40, legacy data import, increase),
-                    33810=CoopShareTransaction(M-1002000, 2016-12-31, CANCELLATION, 22, legacy data import, membership ended)
+                    33443=CoopShareTransaction(M-1001700: 2000-12-06, SUBSCRIPTION, 20, legacy data import, initial share subscription),
+                    33451=CoopShareTransaction(M-1002000: 2000-12-06, SUBSCRIPTION, 2, legacy data import, initial share subscription),
+                    33701=CoopShareTransaction(M-1001700: 2005-01-10, SUBSCRIPTION, 40, legacy data import, increase),
+                    33810=CoopShareTransaction(M-1002000: 2016-12-31, CANCELLATION, 22, legacy data import, membership ended)
                }
                """);
    }
@ -615,6 +615,7 @@ public class ImportOfficeData extends ContextBasedTest {
    private void deleteTestDataFromHsOfficeTables() {
        jpaAttempt.transacted(() -> {
            context(rbacSuperuser);
+            em.createNativeQuery("delete from hs_booking_item where true").executeUpdate();
            em.createNativeQuery("delete from hs_office_coopassetstransaction where true").executeUpdate();
            em.createNativeQuery("delete from hs_office_coopassetstransaction_legacy_id where true").executeUpdate();
            em.createNativeQuery("delete from hs_office_coopsharestransaction where true").executeUpdate();
Author	SHA1	Message	Date
Michael Hoennig	f395091ae4	fix ImportOfficeData	2024-04-13 13:40:58 +02:00
Michael Hoennig	41ba466808	patch generated rbac trigger to fix too broad INSERT grants	2024-04-13 13:27:24 +02:00