Compare commits

..

2 Commits

4 changed files with 25 additions and 21 deletions

View File

@ -14,6 +14,7 @@ import java.util.UUID;
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.GLOBAL;
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.*;
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.RbacUserReference.UserRole.CREATOR;
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.*;
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.rbacViewFor;
@ -42,7 +43,7 @@ public class TestCustomerEntity implements HasUuid {
.withUpdatableColumns("reference", "prefix", "adminUserName")
.createRole(OWNER, (with) -> {
// with.owningUser(CREATOR); FIXME: needs assumed role, was: getRbacUserId(NEW.adminUserName, 'create')
with.owningUser(CREATOR);
with.incomingSuperRole(GLOBAL, ADMIN);
with.permission(DELETE);
})

View File

@ -366,17 +366,17 @@ create trigger deleteRbacRolesOfRbacObject_Trigger
*/
create domain RbacOp as varchar(67) -- TODO: shorten to 8, once the deprecated values are gone
-- FIXME: uncomment check
-- FIXME:
-- check (
-- VALUE = 'INSERT' or
-- VALUE = 'DELETE' or
-- VALUE = 'UPDATE' or
-- VALUE = 'SELECT' or
-- VALUE = 'ASSUME' or
-- VALUE = 'DELETE'
-- or VALUE = 'UPDATE'
-- or VALUE = 'SELECT'
-- or VALUE = 'INSERT'
-- or VALUE = 'ASSUME'
-- -- TODO: all values below are deprecated, use insert with table
-- VALUE ~ '^add-[a-z]+$' or
-- VALUE ~ '^new-[a-z-]+$'
-- );
-- or VALUE ~ '^add-[a-z]+$'
-- or VALUE ~ '^new-[a-z-]+$'
-- )
;
create table RbacPermission
@ -408,18 +408,20 @@ begin
permissionUuid = (select uuid from RbacPermission where objectUuid = forObjectUuid and op = forOp and opTableName = forOpTableName);
if (permissionUuid is null) then
insert
into RbacReference ("type")
insert into RbacReference ("type")
values ('RbacPermission')
returning uuid into permissionUuid;
raise warning 'for values (%, %, %, %)', permissionUuid, forObjectUuid, forOp, forOpTableName; -- TODO: remove
insert
into RbacPermission (uuid, objectUuid, op, opTableName)
begin
insert into RbacPermission (uuid, objectUuid, op, opTableName)
values (permissionUuid, forObjectUuid, forOp, forOpTableName);
exception
when others then
raise exception 'insert into RbacPermission (uuid, objectUuid, op, opTableName)
values (%, %, %, %);', permissionUuid, forObjectUuid, forOp, forOpTableName;
end;
end if;
return permissionUuid;
end;
$$;
end; $$;
-- TODO: deprecated, remove and amend all usages to createPermission
create or replace function createPermissions(forObjectUuid uuid, permitOps RbacOp[])

View File

@ -1,5 +1,5 @@
--liquibase formatted sql
-- This code generated was by RbacViewPostgresGenerator at 2024-03-07T14:39:25.446629076.
-- This code generated was by RbacViewPostgresGenerator at 2024-03-07T15:57:25.487712422.
-- ============================================================================
@ -38,6 +38,7 @@ begin
perform createRoleWithGrants(
testCustomerOwner(NEW),
permissions => array['DELETE'],
userUuids => array[currentUserUuid()],
incomingSuperRoles => array[globalAdmin()]
);

View File

@ -1,5 +1,5 @@
--liquibase formatted sql
-- This code generated was by RbacViewPostgresGenerator at 2024-03-07T14:39:25.488573238.
-- This code generated was by RbacViewPostgresGenerator at 2024-03-07T15:57:25.536171618.
-- ============================================================================