hostsharing/hs.hsadmin.ng
6
0
Fork 0
Code Pull Requests 3 Activity

Compare commits

base: hostsharing:8d697e1ea712df05bdb258f22dff8b8573c3d05e
Branches Tags
hostsharing:master
hostsharing:TP-20240927-importfixes
hostsharing:add-hsoting-asset-to-booking-item-resource-and-created-event
hostsharing:spike/auto-build
hostsharing:office-rbac-revision
hostsharing:java-for-gradlew
hostsharing:TP-202408-cors_webui
hostsharing:TP-202405-filtered_import
hostsharing:idea-bug-refactor-inline
hostsharing:api-vision
hostsharing:rbac-object-scope-to-replace-serial-id
hostsharing:office-related-spec-clarifications-and-amendmends
hostsharing:revert-upgrade-openapiprocessor-spring-back-to-2022-5
hostsharing:upgrade-io.openapiprocessoropenapi-processor-spring-to-2024.2
hostsharing:spike/JSonSerializerDeserializerForDTOs
hostsharing:spike/master-detail-for-customer-and-contacts
..
compare: hostsharing:e81da57ffde0a262e5f75f7a378f0662b4c3064a
Branches Tags
hostsharing:TP-20240927-importfixes
hostsharing:add-hsoting-asset-to-booking-item-resource-and-created-event
hostsharing:master
hostsharing:spike/auto-build
hostsharing:office-rbac-revision
hostsharing:java-for-gradlew
hostsharing:TP-202408-cors_webui
hostsharing:TP-202405-filtered_import
hostsharing:idea-bug-refactor-inline
hostsharing:api-vision
hostsharing:rbac-object-scope-to-replace-serial-id
hostsharing:office-related-spec-clarifications-and-amendmends
hostsharing:revert-upgrade-openapiprocessor-spring-back-to-2022-5
hostsharing:upgrade-io.openapiprocessoropenapi-processor-spring-to-2024.2
hostsharing:spike/JSonSerializerDeserializerForDTOs
hostsharing:spike/master-detail-for-customer-and-contacts

No commits in common. "8d697e1ea712df05bdb258f22dff8b8573c3d05e" and "e81da57ffde0a262e5f75f7a378f0662b4c3064a" have entirely different histories.
8d697e1ea7 ... e81da57ffd

3 changed files with 20 additions and 22 deletions
Show Stats Expand all files Collapse all files

4
sql/rbac-tests.sql
View File

@ -19,11 +19,11 @@ select *
FROM queryAllPermissionsOfSubjectId(findRbacUser('rosa@example.com')); FROM queryAllPermissionsOfSubjectId(findRbacUser('rosa@example.com'));
select * select *
FROM queryAllRbacUsersWithPermissionsFor(findEffectivePermissionId('customer', FROM queryAllRbacUsersWithPermissionsFor(findPermissionId('customer',
(SELECT uuid FROM RbacObject WHERE objectTable = 'customer' LIMIT 1), (SELECT uuid FROM RbacObject WHERE objectTable = 'customer' LIMIT 1),
'add-package')); 'add-package'));
select * select *
FROM queryAllRbacUsersWithPermissionsFor(findEffectivePermissionId('package', FROM queryAllRbacUsersWithPermissionsFor(findPermissionId('package',
(SELECT uuid FROM RbacObject WHERE objectTable = 'package' LIMIT 1), (SELECT uuid FROM RbacObject WHERE objectTable = 'package' LIMIT 1),
'DELETE')); 'DELETE'));

14
src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/InsertTriggerGenerator.java
View File

@ -1,7 +1,6 @@
package net.hostsharing.hsadminng.rbac.rbacdef; package net.hostsharing.hsadminng.rbac.rbacdef;
import java.util.Optional; import java.util.Optional;
import java.util.function.BinaryOperator;
import java.util.stream.Stream; import java.util.stream.Stream;
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.INSERT; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.INSERT;
@ -143,20 +142,19 @@ public class InsertTriggerGenerator {
private Optional<RbacView.RbacGrantDefinition> getOptionalInsertGrant() { private Optional<RbacView.RbacGrantDefinition> getOptionalInsertGrant() {
return getInsertGrants() return getInsertGrants()
.reduce(singleton()); .reduce((x, y) -> {
throw new IllegalStateException("only a single INSERT permission grant allowed");
});
} }
private Optional<RbacView.RbacRoleDefinition> getOptionalInsertSuperRole() { private Optional<RbacView.RbacRoleDefinition> getOptionalInsertSuperRole() {
return getInsertGrants() return getInsertGrants()
.map(RbacView.RbacGrantDefinition::getSuperRoleDef) .map(RbacView.RbacGrantDefinition::getSuperRoleDef)
.reduce(singleton()); .reduce((x, y) -> {
throw new IllegalStateException("only a single INSERT permission grant allowed");
});
} }
private static <T> BinaryOperator<T> singleton() {
return (x, y) -> {
throw new IllegalStateException("only a single INSERT permission grant allowed");
};
}
private static String toVar(final RbacView.RbacRoleDefinition roleDef) { private static String toVar(final RbacView.RbacRoleDefinition roleDef) {
return uncapitalize(roleDef.getEntityAlias().simpleName()) + capitalize(roleDef.getRole().roleName()); return uncapitalize(roleDef.getEntityAlias().simpleName()) + capitalize(roleDef.getRole().roleName());

24
src/main/resources/db/changelog/050-rbac-base.sql
View File

@ -443,18 +443,6 @@ begin
end; end;
$$; $$;
create or replace function findEffectivePermissionId(forObjectUuid uuid, forOp RbacOp, forOpTableName text = null)
returns uuid
returns null on null input
stable -- leakproof
language sql as $$
select uuid
from RbacPermission p
where p.objectUuid = forObjectUuid
and (forOp = 'SELECT' or p.op = forOp) -- all other RbacOp include 'SELECT'
and p.opTableName = forOpTableName
$$;
create or replace function findPermissionId(forObjectUuid uuid, forOp RbacOp, forOpTableName text = null) create or replace function findPermissionId(forObjectUuid uuid, forOp RbacOp, forOpTableName text = null)
returns uuid returns uuid
returns null on null input returns null on null input
@ -466,6 +454,18 @@ select uuid
and p.op = forOp and p.op = forOp
and p.opTableName = forOpTableName and p.opTableName = forOpTableName
$$; $$;
create or replace function findEffectivePermissionId(forObjectUuid uuid, forOp RbacOp, forOpTableName text = null)
returns uuid
returns null on null input
stable -- leakproof
language sql as $$
select uuid
from RbacPermission p
where p.objectUuid = forObjectUuid
and (forOp = 'SELECT' or p.op = forOp) -- all other RbacOp include 'SELECT'
and p.opTableName = forOpTableName
$$;
--// --//
-- ============================================================================ -- ============================================================================