Compare commits
No commits in common. "8d697e1ea712df05bdb258f22dff8b8573c3d05e" and "e81da57ffde0a262e5f75f7a378f0662b4c3064a" have entirely different histories.
8d697e1ea7
...
e81da57ffd
@ -19,11 +19,11 @@ select *
|
|||||||
FROM queryAllPermissionsOfSubjectId(findRbacUser('rosa@example.com'));
|
FROM queryAllPermissionsOfSubjectId(findRbacUser('rosa@example.com'));
|
||||||
|
|
||||||
select *
|
select *
|
||||||
FROM queryAllRbacUsersWithPermissionsFor(findEffectivePermissionId('customer',
|
FROM queryAllRbacUsersWithPermissionsFor(findPermissionId('customer',
|
||||||
(SELECT uuid FROM RbacObject WHERE objectTable = 'customer' LIMIT 1),
|
(SELECT uuid FROM RbacObject WHERE objectTable = 'customer' LIMIT 1),
|
||||||
'add-package'));
|
'add-package'));
|
||||||
select *
|
select *
|
||||||
FROM queryAllRbacUsersWithPermissionsFor(findEffectivePermissionId('package',
|
FROM queryAllRbacUsersWithPermissionsFor(findPermissionId('package',
|
||||||
(SELECT uuid FROM RbacObject WHERE objectTable = 'package' LIMIT 1),
|
(SELECT uuid FROM RbacObject WHERE objectTable = 'package' LIMIT 1),
|
||||||
'DELETE'));
|
'DELETE'));
|
||||||
|
|
||||||
|
@ -1,7 +1,6 @@
|
|||||||
package net.hostsharing.hsadminng.rbac.rbacdef;
|
package net.hostsharing.hsadminng.rbac.rbacdef;
|
||||||
|
|
||||||
import java.util.Optional;
|
import java.util.Optional;
|
||||||
import java.util.function.BinaryOperator;
|
|
||||||
import java.util.stream.Stream;
|
import java.util.stream.Stream;
|
||||||
|
|
||||||
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.INSERT;
|
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.INSERT;
|
||||||
@ -143,20 +142,19 @@ public class InsertTriggerGenerator {
|
|||||||
|
|
||||||
private Optional<RbacView.RbacGrantDefinition> getOptionalInsertGrant() {
|
private Optional<RbacView.RbacGrantDefinition> getOptionalInsertGrant() {
|
||||||
return getInsertGrants()
|
return getInsertGrants()
|
||||||
.reduce(singleton());
|
.reduce((x, y) -> {
|
||||||
|
throw new IllegalStateException("only a single INSERT permission grant allowed");
|
||||||
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
private Optional<RbacView.RbacRoleDefinition> getOptionalInsertSuperRole() {
|
private Optional<RbacView.RbacRoleDefinition> getOptionalInsertSuperRole() {
|
||||||
return getInsertGrants()
|
return getInsertGrants()
|
||||||
.map(RbacView.RbacGrantDefinition::getSuperRoleDef)
|
.map(RbacView.RbacGrantDefinition::getSuperRoleDef)
|
||||||
.reduce(singleton());
|
.reduce((x, y) -> {
|
||||||
|
throw new IllegalStateException("only a single INSERT permission grant allowed");
|
||||||
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
private static <T> BinaryOperator<T> singleton() {
|
|
||||||
return (x, y) -> {
|
|
||||||
throw new IllegalStateException("only a single INSERT permission grant allowed");
|
|
||||||
};
|
|
||||||
}
|
|
||||||
|
|
||||||
private static String toVar(final RbacView.RbacRoleDefinition roleDef) {
|
private static String toVar(final RbacView.RbacRoleDefinition roleDef) {
|
||||||
return uncapitalize(roleDef.getEntityAlias().simpleName()) + capitalize(roleDef.getRole().roleName());
|
return uncapitalize(roleDef.getEntityAlias().simpleName()) + capitalize(roleDef.getRole().roleName());
|
||||||
|
@ -443,18 +443,6 @@ begin
|
|||||||
end;
|
end;
|
||||||
$$;
|
$$;
|
||||||
|
|
||||||
create or replace function findEffectivePermissionId(forObjectUuid uuid, forOp RbacOp, forOpTableName text = null)
|
|
||||||
returns uuid
|
|
||||||
returns null on null input
|
|
||||||
stable -- leakproof
|
|
||||||
language sql as $$
|
|
||||||
select uuid
|
|
||||||
from RbacPermission p
|
|
||||||
where p.objectUuid = forObjectUuid
|
|
||||||
and (forOp = 'SELECT' or p.op = forOp) -- all other RbacOp include 'SELECT'
|
|
||||||
and p.opTableName = forOpTableName
|
|
||||||
$$;
|
|
||||||
|
|
||||||
create or replace function findPermissionId(forObjectUuid uuid, forOp RbacOp, forOpTableName text = null)
|
create or replace function findPermissionId(forObjectUuid uuid, forOp RbacOp, forOpTableName text = null)
|
||||||
returns uuid
|
returns uuid
|
||||||
returns null on null input
|
returns null on null input
|
||||||
@ -466,6 +454,18 @@ select uuid
|
|||||||
and p.op = forOp
|
and p.op = forOp
|
||||||
and p.opTableName = forOpTableName
|
and p.opTableName = forOpTableName
|
||||||
$$;
|
$$;
|
||||||
|
|
||||||
|
create or replace function findEffectivePermissionId(forObjectUuid uuid, forOp RbacOp, forOpTableName text = null)
|
||||||
|
returns uuid
|
||||||
|
returns null on null input
|
||||||
|
stable -- leakproof
|
||||||
|
language sql as $$
|
||||||
|
select uuid
|
||||||
|
from RbacPermission p
|
||||||
|
where p.objectUuid = forObjectUuid
|
||||||
|
and (forOp = 'SELECT' or p.op = forOp) -- all other RbacOp include 'SELECT'
|
||||||
|
and p.opTableName = forOpTableName
|
||||||
|
$$;
|
||||||
--//
|
--//
|
||||||
|
|
||||||
-- ============================================================================
|
-- ============================================================================
|
||||||
|
Loading…
Reference in New Issue
Block a user