hostsharing/hs.hsadmin.ng
6
0
Fork 0
Code Pull Requests 3 Activity

Compare commits

base: hostsharing:8983cfc325529d0c40f5fa8eab2924bea44e78b4
Branches Tags
hostsharing:master
hostsharing:TP-20240927-importfixes
hostsharing:add-hsoting-asset-to-booking-item-resource-and-created-event
hostsharing:spike/auto-build
hostsharing:office-rbac-revision
hostsharing:java-for-gradlew
hostsharing:TP-202408-cors_webui
hostsharing:TP-202405-filtered_import
hostsharing:idea-bug-refactor-inline
hostsharing:api-vision
hostsharing:rbac-object-scope-to-replace-serial-id
hostsharing:office-related-spec-clarifications-and-amendmends
hostsharing:revert-upgrade-openapiprocessor-spring-back-to-2022-5
hostsharing:upgrade-io.openapiprocessoropenapi-processor-spring-to-2024.2
hostsharing:spike/JSonSerializerDeserializerForDTOs
hostsharing:spike/master-detail-for-customer-and-contacts
...
compare: hostsharing:f395091ae4b7cabbc0d95ae5c5312f63f77e759d
Branches Tags
hostsharing:TP-20240927-importfixes
hostsharing:add-hsoting-asset-to-booking-item-resource-and-created-event
hostsharing:master
hostsharing:spike/auto-build
hostsharing:office-rbac-revision
hostsharing:java-for-gradlew
hostsharing:TP-202408-cors_webui
hostsharing:TP-202405-filtered_import
hostsharing:idea-bug-refactor-inline
hostsharing:api-vision
hostsharing:rbac-object-scope-to-replace-serial-id
hostsharing:office-related-spec-clarifications-and-amendmends
hostsharing:revert-upgrade-openapiprocessor-spring-back-to-2022-5
hostsharing:upgrade-io.openapiprocessoropenapi-processor-spring-to-2024.2
hostsharing:spike/JSonSerializerDeserializerForDTOs
hostsharing:spike/master-detail-for-customer-and-contacts

2 Commits
8983cfc325 ... f395091ae4

Author SHA1 Message Date
Michael Hoennig
f395091ae4 fix ImportOfficeData 2024-04-13 13:40:58 +02:00
Michael Hoennig
41ba466808 patch generated rbac trigger to fix too broad INSERT grants 2024-04-13 13:27:24 +02:00
2 changed files with 12 additions and 8 deletions
Show Stats Expand all files Collapse all files

11
src/main/resources/db/changelog/6-hs-booking/601-booking-item/6013-hs-booking-item-rbac.sql
View File

@ -104,25 +104,28 @@ do language plpgsql $$
call defineContext('create INSERT INTO hs_booking_item permissions for the related hs_office_relation rows'); call defineContext('create INSERT INTO hs_booking_item permissions for the related hs_office_relation rows');
FOR row IN SELECT * FROM hs_office_relation FOR row IN SELECT * FROM hs_office_relation
WHERE type in ('DEBITOR') -- TODO.rbac: currently manually patched, needs to be generated
LOOP LOOP
call grantPermissionToRole( call grantPermissionToRole(
createPermission(row.uuid, 'INSERT', 'hs_booking_item'), createPermission(row.uuid, 'INSERT', 'hs_booking_item'),
hsOfficeRelationADMIN(row)); hsOfficeRelationADMIN(row));
END LOOP; END LOOP;
END; END;
$$; $$;
/** /**
Adds hs_booking_item INSERT permission to specified role of new hs_office_relation rows. Adds hs_booking_item INSERT permission to specified roleNSERT permission to specified role of new hs_office_relation rows.
*/ */
create or replace function hs_booking_item_hs_office_relation_insert_tf() create or replace function hs_booking_item_hs_office_relation_insert_tf()
returns trigger returns trigger
language plpgsql language plpgsql
strict as $$ strict as $$
begin begin
call grantPermissionToRole( if NEW.type = 'DEBITOR' then -- TODO.rbac: currently manually patched, needs to be generated
call grantPermissionToRole(
createPermission(NEW.uuid, 'INSERT', 'hs_booking_item'), createPermission(NEW.uuid, 'INSERT', 'hs_booking_item'),
hsOfficeRelationADMIN(NEW)); hsOfficeRelationADMIN(NEW));
end if;
return NEW; return NEW;
end; $$; end; $$;

9
src/test/java/net/hostsharing/hsadminng/hs/office/migration/ImportOfficeData.java
View File

@ -360,10 +360,10 @@ public class ImportOfficeData extends ContextBasedTest {
assertThat(toFormattedString(coopShares)).isEqualToIgnoringWhitespace(""" assertThat(toFormattedString(coopShares)).isEqualToIgnoringWhitespace("""
{ {
33443=CoopShareTransaction(M-1001700, 2000-12-06, SUBSCRIPTION, 20, legacy data import, initial share subscription), 33443=CoopShareTransaction(M-1001700: 2000-12-06, SUBSCRIPTION, 20, legacy data import, initial share subscription),
33451=CoopShareTransaction(M-1002000, 2000-12-06, SUBSCRIPTION, 2, legacy data import, initial share subscription), 33451=CoopShareTransaction(M-1002000: 2000-12-06, SUBSCRIPTION, 2, legacy data import, initial share subscription),
33701=CoopShareTransaction(M-1001700, 2005-01-10, SUBSCRIPTION, 40, legacy data import, increase), 33701=CoopShareTransaction(M-1001700: 2005-01-10, SUBSCRIPTION, 40, legacy data import, increase),
33810=CoopShareTransaction(M-1002000, 2016-12-31, CANCELLATION, 22, legacy data import, membership ended) 33810=CoopShareTransaction(M-1002000: 2016-12-31, CANCELLATION, 22, legacy data import, membership ended)
} }
"""); """);
} }
@ -615,6 +615,7 @@ public class ImportOfficeData extends ContextBasedTest {
private void deleteTestDataFromHsOfficeTables() { private void deleteTestDataFromHsOfficeTables() {
jpaAttempt.transacted(() -> { jpaAttempt.transacted(() -> {
context(rbacSuperuser); context(rbacSuperuser);
em.createNativeQuery("delete from hs_booking_item where true").executeUpdate();
em.createNativeQuery("delete from hs_office_coopassetstransaction where true").executeUpdate(); em.createNativeQuery("delete from hs_office_coopassetstransaction where true").executeUpdate();
em.createNativeQuery("delete from hs_office_coopassetstransaction_legacy_id where true").executeUpdate(); em.createNativeQuery("delete from hs_office_coopassetstransaction_legacy_id where true").executeUpdate();
em.createNativeQuery("delete from hs_office_coopsharestransaction where true").executeUpdate(); em.createNativeQuery("delete from hs_office_coopsharestransaction where true").executeUpdate();