hostsharing/hs.hsadmin.ng
6
0
Fork 0
Code Pull Requests 1 Activity

Compare commits

base: hostsharing:9ecfdc722adf5d21e9423a0ade0682c004770b94
Branches Tags
hostsharing:master
hostsharing:TP-20241126-znuny-view-customer_company
hostsharing:feature/implement-coop-asset-transaction-reversal
hostsharing:office-rbac-revision
hostsharing:feature/introduce-global-agent-for-non-hostmaster-admins
hostsharing:spike/auto-build
hostsharing:java-for-gradlew
hostsharing:TP-202408-cors_webui
hostsharing:idea-bug-refactor-inline
hostsharing:api-vision
hostsharing:rbac-object-scope-to-replace-serial-id
hostsharing:office-related-spec-clarifications-and-amendmends
hostsharing:revert-upgrade-openapiprocessor-spring-back-to-2022-5
hostsharing:upgrade-io.openapiprocessoropenapi-processor-spring-to-2024.2
hostsharing:spike/JSonSerializerDeserializerForDTOs
hostsharing:spike/master-detail-for-customer-and-contacts
...
compare: hostsharing:1fb1dcce50b63503d42a5325cba0278354188675
Branches Tags
hostsharing:TP-20241126-znuny-view-customer_company
hostsharing:feature/implement-coop-asset-transaction-reversal
hostsharing:master
hostsharing:office-rbac-revision
hostsharing:feature/introduce-global-agent-for-non-hostmaster-admins
hostsharing:spike/auto-build
hostsharing:java-for-gradlew
hostsharing:TP-202408-cors_webui
hostsharing:idea-bug-refactor-inline
hostsharing:api-vision
hostsharing:rbac-object-scope-to-replace-serial-id
hostsharing:office-related-spec-clarifications-and-amendmends
hostsharing:revert-upgrade-openapiprocessor-spring-back-to-2022-5
hostsharing:upgrade-io.openapiprocessoropenapi-processor-spring-to-2024.2
hostsharing:spike/JSonSerializerDeserializerForDTOs
hostsharing:spike/master-detail-for-customer-and-contacts

2 Commits
9ecfdc722a ... 1fb1dcce50

Author SHA1 Message Date
Michael Hoennig
1fb1dcce50 .createRole().with.owningUser(CREATOR) is not working 2024-03-07 16:03:44 +01:00
Michael Hoennig
20fc37da22 better error message for failing insert of rbacpermission, but leaving RbacOp domain check commented for now 2024-03-07 15:54:22 +01:00
4 changed files with 25 additions and 21 deletions
Show Stats Expand all files Collapse all files

3
src/main/java/net/hostsharing/hsadminng/test/cust/TestCustomerEntity.java
View File

@ -14,6 +14,7 @@ import java.util.UUID;
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.GLOBAL; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.GLOBAL;
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.*; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.*;
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.RbacUserReference.UserRole.CREATOR;
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.*; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.*;
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.rbacViewFor; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.rbacViewFor;
@ -42,7 +43,7 @@ public class TestCustomerEntity implements HasUuid {
.withUpdatableColumns("reference", "prefix", "adminUserName") .withUpdatableColumns("reference", "prefix", "adminUserName")
.createRole(OWNER, (with) -> { .createRole(OWNER, (with) -> {
// with.owningUser(CREATOR); FIXME: needs assumed role, was: getRbacUserId(NEW.adminUserName, 'create') with.owningUser(CREATOR);
with.incomingSuperRole(GLOBAL, ADMIN); with.incomingSuperRole(GLOBAL, ADMIN);
with.permission(DELETE); with.permission(DELETE);
}) })

34
src/main/resources/db/changelog/050-rbac-base.sql
View File

@ -366,17 +366,17 @@ create trigger deleteRbacRolesOfRbacObject_Trigger
*/ */
create domain RbacOp as varchar(67) -- TODO: shorten to 8, once the deprecated values are gone create domain RbacOp as varchar(67) -- TODO: shorten to 8, once the deprecated values are gone
-- FIXME: uncomment check -- FIXME:
-- check ( -- check (
-- VALUE = 'INSERT' or -- VALUE = 'DELETE'
-- VALUE = 'DELETE' or -- or VALUE = 'UPDATE'
-- VALUE = 'UPDATE' or -- or VALUE = 'SELECT'
-- VALUE = 'SELECT' or -- or VALUE = 'INSERT'
-- VALUE = 'ASSUME' or -- or VALUE = 'ASSUME'
-- -- TODO: all values below are deprecated, use insert with table -- -- TODO: all values below are deprecated, use insert with table
-- VALUE ~ '^add-[a-z]+$' or -- or VALUE ~ '^add-[a-z]+$'
-- VALUE ~ '^new-[a-z-]+$' -- or VALUE ~ '^new-[a-z-]+$'
-- ); -- )
; ;
create table RbacPermission create table RbacPermission
@ -408,18 +408,20 @@ begin
permissionUuid = (select uuid from RbacPermission where objectUuid = forObjectUuid and op = forOp and opTableName = forOpTableName); permissionUuid = (select uuid from RbacPermission where objectUuid = forObjectUuid and op = forOp and opTableName = forOpTableName);
if (permissionUuid is null) then if (permissionUuid is null) then
insert insert into RbacReference ("type")
into RbacReference ("type")
values ('RbacPermission') values ('RbacPermission')
returning uuid into permissionUuid; returning uuid into permissionUuid;
raise warning 'for values (%, %, %, %)', permissionUuid, forObjectUuid, forOp, forOpTableName; -- TODO: remove begin
insert insert into RbacPermission (uuid, objectUuid, op, opTableName)
into RbacPermission (uuid, objectUuid, op, opTableName)
values (permissionUuid, forObjectUuid, forOp, forOpTableName); values (permissionUuid, forObjectUuid, forOp, forOpTableName);
exception
when others then
raise exception 'insert into RbacPermission (uuid, objectUuid, op, opTableName)
values (%, %, %, %);', permissionUuid, forObjectUuid, forOp, forOpTableName;
end;
end if; end if;
return permissionUuid; return permissionUuid;
end; end; $$;
$$;
-- TODO: deprecated, remove and amend all usages to createPermission -- TODO: deprecated, remove and amend all usages to createPermission
create or replace function createPermissions(forObjectUuid uuid, permitOps RbacOp[]) create or replace function createPermissions(forObjectUuid uuid, permitOps RbacOp[])

3
src/main/resources/db/changelog/113-test-customer-rbac.sql
View File

@ -1,5 +1,5 @@
--liquibase formatted sql --liquibase formatted sql
-- This code generated was by RbacViewPostgresGenerator at 2024-03-07T14:39:25.446629076. -- This code generated was by RbacViewPostgresGenerator at 2024-03-07T15:57:25.487712422.
-- ============================================================================ -- ============================================================================
@ -38,6 +38,7 @@ begin
perform createRoleWithGrants( perform createRoleWithGrants(
testCustomerOwner(NEW), testCustomerOwner(NEW),
permissions => array['DELETE'], permissions => array['DELETE'],
userUuids => array[currentUserUuid()],
incomingSuperRoles => array[globalAdmin()] incomingSuperRoles => array[globalAdmin()]
); );

2
src/main/resources/db/changelog/123-test-package-rbac.sql
View File

@ -1,5 +1,5 @@
--liquibase formatted sql --liquibase formatted sql
-- This code generated was by RbacViewPostgresGenerator at 2024-03-07T14:39:25.488573238. -- This code generated was by RbacViewPostgresGenerator at 2024-03-07T15:57:25.536171618.
-- ============================================================================ -- ============================================================================