Compare commits
3 Commits
b1da9a5fb8
...
db02b4cb0e
Author | SHA1 | Date | |
---|---|---|---|
|
db02b4cb0e | ||
|
f87097bcbf | ||
f8fb273918 |
@ -1,7 +1,11 @@
|
|||||||
|
|
||||||
package net.hostsharing.hsadminng.hs.office.coopassets;
|
package net.hostsharing.hsadminng.hs.office.coopassets;
|
||||||
|
|
||||||
import lombok.*;
|
import lombok.AllArgsConstructor;
|
||||||
|
import lombok.Builder;
|
||||||
|
import lombok.Getter;
|
||||||
|
import lombok.NoArgsConstructor;
|
||||||
|
import lombok.Setter;
|
||||||
import net.hostsharing.hsadminng.errors.DisplayName;
|
import net.hostsharing.hsadminng.errors.DisplayName;
|
||||||
import net.hostsharing.hsadminng.hs.office.membership.HsOfficeMembershipEntity;
|
import net.hostsharing.hsadminng.hs.office.membership.HsOfficeMembershipEntity;
|
||||||
import net.hostsharing.hsadminng.persistence.HasUuid;
|
import net.hostsharing.hsadminng.persistence.HasUuid;
|
||||||
@ -10,7 +14,16 @@ import net.hostsharing.hsadminng.stringify.Stringify;
|
|||||||
import net.hostsharing.hsadminng.stringify.Stringifyable;
|
import net.hostsharing.hsadminng.stringify.Stringifyable;
|
||||||
import org.hibernate.annotations.GenericGenerator;
|
import org.hibernate.annotations.GenericGenerator;
|
||||||
|
|
||||||
import jakarta.persistence.*;
|
import jakarta.persistence.Column;
|
||||||
|
import jakarta.persistence.Entity;
|
||||||
|
import jakarta.persistence.EnumType;
|
||||||
|
import jakarta.persistence.Enumerated;
|
||||||
|
import jakarta.persistence.GeneratedValue;
|
||||||
|
import jakarta.persistence.Id;
|
||||||
|
import jakarta.persistence.JoinColumn;
|
||||||
|
import jakarta.persistence.ManyToOne;
|
||||||
|
import jakarta.persistence.Table;
|
||||||
|
import java.io.IOException;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.math.BigDecimal;
|
import java.math.BigDecimal;
|
||||||
import java.time.LocalDate;
|
import java.time.LocalDate;
|
||||||
@ -20,8 +33,11 @@ import java.util.UUID;
|
|||||||
import static java.util.Optional.ofNullable;
|
import static java.util.Optional.ofNullable;
|
||||||
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Column.dependsOnColumn;
|
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Column.dependsOnColumn;
|
||||||
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Nullable.NOT_NULL;
|
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Nullable.NOT_NULL;
|
||||||
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.*;
|
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.INSERT;
|
||||||
|
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.SELECT;
|
||||||
|
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.UPDATE;
|
||||||
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.ADMIN;
|
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.ADMIN;
|
||||||
|
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.AGENT;
|
||||||
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.SQL.directlyFetchedByDependsOnColumn;
|
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.SQL.directlyFetchedByDependsOnColumn;
|
||||||
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.rbacViewFor;
|
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.rbacViewFor;
|
||||||
import static net.hostsharing.hsadminng.stringify.Stringify.stringify;
|
import static net.hostsharing.hsadminng.stringify.Stringify.stringify;
|
||||||
@ -109,7 +125,7 @@ public class HsOfficeCoopAssetsTransactionEntity implements Stringifyable, HasUu
|
|||||||
|
|
||||||
.toRole("membership", ADMIN).grantPermission(INSERT)
|
.toRole("membership", ADMIN).grantPermission(INSERT)
|
||||||
.toRole("membership", ADMIN).grantPermission(UPDATE)
|
.toRole("membership", ADMIN).grantPermission(UPDATE)
|
||||||
.toRole("membership", ADMIN).grantPermission(SELECT);
|
.toRole("membership", AGENT).grantPermission(SELECT);
|
||||||
}
|
}
|
||||||
|
|
||||||
public static void main(String[] args) throws IOException {
|
public static void main(String[] args) throws IOException {
|
||||||
|
@ -1,6 +1,10 @@
|
|||||||
package net.hostsharing.hsadminng.hs.office.coopshares;
|
package net.hostsharing.hsadminng.hs.office.coopshares;
|
||||||
|
|
||||||
import lombok.*;
|
import lombok.AllArgsConstructor;
|
||||||
|
import lombok.Builder;
|
||||||
|
import lombok.Getter;
|
||||||
|
import lombok.NoArgsConstructor;
|
||||||
|
import lombok.Setter;
|
||||||
import net.hostsharing.hsadminng.errors.DisplayName;
|
import net.hostsharing.hsadminng.errors.DisplayName;
|
||||||
import net.hostsharing.hsadminng.hs.office.membership.HsOfficeMembershipEntity;
|
import net.hostsharing.hsadminng.hs.office.membership.HsOfficeMembershipEntity;
|
||||||
import net.hostsharing.hsadminng.persistence.HasUuid;
|
import net.hostsharing.hsadminng.persistence.HasUuid;
|
||||||
@ -9,7 +13,16 @@ import net.hostsharing.hsadminng.rbac.rbacdef.RbacView.SQL;
|
|||||||
import net.hostsharing.hsadminng.stringify.Stringify;
|
import net.hostsharing.hsadminng.stringify.Stringify;
|
||||||
import net.hostsharing.hsadminng.stringify.Stringifyable;
|
import net.hostsharing.hsadminng.stringify.Stringifyable;
|
||||||
|
|
||||||
import jakarta.persistence.*;
|
import jakarta.persistence.Column;
|
||||||
|
import jakarta.persistence.Entity;
|
||||||
|
import jakarta.persistence.EnumType;
|
||||||
|
import jakarta.persistence.Enumerated;
|
||||||
|
import jakarta.persistence.GeneratedValue;
|
||||||
|
import jakarta.persistence.Id;
|
||||||
|
import jakarta.persistence.JoinColumn;
|
||||||
|
import jakarta.persistence.ManyToOne;
|
||||||
|
import jakarta.persistence.Table;
|
||||||
|
import java.io.IOException;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.time.LocalDate;
|
import java.time.LocalDate;
|
||||||
import java.util.UUID;
|
import java.util.UUID;
|
||||||
@ -17,9 +30,11 @@ import java.util.UUID;
|
|||||||
import static java.util.Optional.ofNullable;
|
import static java.util.Optional.ofNullable;
|
||||||
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Column.dependsOnColumn;
|
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Column.dependsOnColumn;
|
||||||
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Nullable.NOT_NULL;
|
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Nullable.NOT_NULL;
|
||||||
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.*;
|
|
||||||
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.INSERT;
|
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.INSERT;
|
||||||
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.*;
|
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.SELECT;
|
||||||
|
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.UPDATE;
|
||||||
|
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.ADMIN;
|
||||||
|
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.AGENT;
|
||||||
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.SQL.directlyFetchedByDependsOnColumn;
|
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.SQL.directlyFetchedByDependsOnColumn;
|
||||||
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.rbacViewFor;
|
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.rbacViewFor;
|
||||||
import static net.hostsharing.hsadminng.stringify.Stringify.stringify;
|
import static net.hostsharing.hsadminng.stringify.Stringify.stringify;
|
||||||
@ -105,7 +120,7 @@ public class HsOfficeCoopSharesTransactionEntity implements Stringifyable, HasUu
|
|||||||
|
|
||||||
.toRole("membership", ADMIN).grantPermission(INSERT)
|
.toRole("membership", ADMIN).grantPermission(INSERT)
|
||||||
.toRole("membership", ADMIN).grantPermission(UPDATE)
|
.toRole("membership", ADMIN).grantPermission(UPDATE)
|
||||||
.toRole("membership", ADMIN).grantPermission(SELECT);
|
.toRole("membership", AGENT).grantPermission(SELECT);
|
||||||
}
|
}
|
||||||
|
|
||||||
public static void main(String[] args) throws IOException {
|
public static void main(String[] args) throws IOException {
|
||||||
|
@ -27,7 +27,6 @@ import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.RbacUserReference.
|
|||||||
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.ADMIN;
|
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.ADMIN;
|
||||||
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.AGENT;
|
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.AGENT;
|
||||||
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.OWNER;
|
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.OWNER;
|
||||||
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.REFERRER;
|
|
||||||
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.TENANT;
|
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.TENANT;
|
||||||
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.SQL.fetchedBySql;
|
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.SQL.fetchedBySql;
|
||||||
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.rbacViewFor;
|
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.rbacViewFor;
|
||||||
@ -145,14 +144,14 @@ public class HsOfficeMembershipEntity implements HasUuid, Stringifyable {
|
|||||||
|
|
||||||
.createRole(OWNER, (with) -> {
|
.createRole(OWNER, (with) -> {
|
||||||
with.owningUser(CREATOR);
|
with.owningUser(CREATOR);
|
||||||
with.incomingSuperRole("partnerRel", ADMIN);
|
|
||||||
with.permission(DELETE);
|
|
||||||
})
|
})
|
||||||
.createSubRole(ADMIN, (with) -> {
|
.createSubRole(ADMIN, (with) -> {
|
||||||
with.incomingSuperRole("partnerRel", AGENT);
|
with.incomingSuperRole("partnerRel", ADMIN);
|
||||||
|
with.permission(DELETE);
|
||||||
with.permission(UPDATE);
|
with.permission(UPDATE);
|
||||||
})
|
})
|
||||||
.createSubRole(REFERRER, (with) -> {
|
.createSubRole(AGENT, (with) -> {
|
||||||
|
with.incomingSuperRole("partnerRel", AGENT);
|
||||||
with.outgoingSubRole("partnerRel", TENANT);
|
with.outgoingSubRole("partnerRel", TENANT);
|
||||||
with.permission(SELECT);
|
with.permission(SELECT);
|
||||||
});
|
});
|
||||||
|
@ -42,7 +42,7 @@ subgraph membership["`**membership**`"]
|
|||||||
|
|
||||||
role:membership:OWNER[[membership:OWNER]]
|
role:membership:OWNER[[membership:OWNER]]
|
||||||
role:membership:ADMIN[[membership:ADMIN]]
|
role:membership:ADMIN[[membership:ADMIN]]
|
||||||
role:membership:REFERRER[[membership:REFERRER]]
|
role:membership:AGENT[[membership:AGENT]]
|
||||||
end
|
end
|
||||||
|
|
||||||
subgraph membership:permissions[ ]
|
subgraph membership:permissions[ ]
|
||||||
@ -105,16 +105,16 @@ role:partnerRel.contact:ADMIN -.-> role:partnerRel:TENANT
|
|||||||
role:partnerRel:TENANT -.-> role:partnerRel.anchorPerson:REFERRER
|
role:partnerRel:TENANT -.-> role:partnerRel.anchorPerson:REFERRER
|
||||||
role:partnerRel:TENANT -.-> role:partnerRel.holderPerson:REFERRER
|
role:partnerRel:TENANT -.-> role:partnerRel.holderPerson:REFERRER
|
||||||
role:partnerRel:TENANT -.-> role:partnerRel.contact:REFERRER
|
role:partnerRel:TENANT -.-> role:partnerRel.contact:REFERRER
|
||||||
role:partnerRel:ADMIN ==> role:membership:OWNER
|
|
||||||
role:membership:OWNER ==> role:membership:ADMIN
|
role:membership:OWNER ==> role:membership:ADMIN
|
||||||
role:partnerRel:AGENT ==> role:membership:ADMIN
|
role:partnerRel:ADMIN ==> role:membership:ADMIN
|
||||||
role:membership:ADMIN ==> role:membership:REFERRER
|
role:membership:ADMIN ==> role:membership:AGENT
|
||||||
role:membership:REFERRER ==> role:partnerRel:TENANT
|
role:partnerRel:AGENT ==> role:membership:AGENT
|
||||||
|
role:membership:AGENT ==> role:partnerRel:TENANT
|
||||||
|
|
||||||
%% granting permissions to roles
|
%% granting permissions to roles
|
||||||
role:global:ADMIN ==> perm:membership:INSERT
|
role:global:ADMIN ==> perm:membership:INSERT
|
||||||
role:membership:OWNER ==> perm:membership:DELETE
|
role:membership:ADMIN ==> perm:membership:DELETE
|
||||||
role:membership:ADMIN ==> perm:membership:UPDATE
|
role:membership:ADMIN ==> perm:membership:UPDATE
|
||||||
role:membership:REFERRER ==> perm:membership:SELECT
|
role:membership:AGENT ==> perm:membership:SELECT
|
||||||
|
|
||||||
```
|
```
|
||||||
|
@ -45,23 +45,23 @@ begin
|
|||||||
|
|
||||||
perform createRoleWithGrants(
|
perform createRoleWithGrants(
|
||||||
hsOfficeMembershipOWNER(NEW),
|
hsOfficeMembershipOWNER(NEW),
|
||||||
permissions => array['DELETE'],
|
|
||||||
incomingSuperRoles => array[hsOfficeRelationADMIN(newPartnerRel)],
|
|
||||||
userUuids => array[currentUserUuid()]
|
userUuids => array[currentUserUuid()]
|
||||||
);
|
);
|
||||||
|
|
||||||
perform createRoleWithGrants(
|
perform createRoleWithGrants(
|
||||||
hsOfficeMembershipADMIN(NEW),
|
hsOfficeMembershipADMIN(NEW),
|
||||||
permissions => array['UPDATE'],
|
permissions => array['DELETE', 'UPDATE'],
|
||||||
incomingSuperRoles => array[
|
incomingSuperRoles => array[
|
||||||
hsOfficeMembershipOWNER(NEW),
|
hsOfficeMembershipOWNER(NEW),
|
||||||
hsOfficeRelationAGENT(newPartnerRel)]
|
hsOfficeRelationADMIN(newPartnerRel)]
|
||||||
);
|
);
|
||||||
|
|
||||||
perform createRoleWithGrants(
|
perform createRoleWithGrants(
|
||||||
hsOfficeMembershipREFERRER(NEW),
|
hsOfficeMembershipAGENT(NEW),
|
||||||
permissions => array['SELECT'],
|
permissions => array['SELECT'],
|
||||||
incomingSuperRoles => array[hsOfficeMembershipADMIN(NEW)],
|
incomingSuperRoles => array[
|
||||||
|
hsOfficeMembershipADMIN(NEW),
|
||||||
|
hsOfficeRelationAGENT(newPartnerRel)],
|
||||||
outgoingSubRoles => array[hsOfficeRelationTENANT(newPartnerRel)]
|
outgoingSubRoles => array[hsOfficeRelationTENANT(newPartnerRel)]
|
||||||
);
|
);
|
||||||
|
|
||||||
|
@ -13,9 +13,9 @@ subgraph membership.partnerRel.holderPerson["`**membership.partnerRel.holderPers
|
|||||||
subgraph membership.partnerRel.holderPerson:roles[ ]
|
subgraph membership.partnerRel.holderPerson:roles[ ]
|
||||||
style membership.partnerRel.holderPerson:roles fill:#99bcdb,stroke:white
|
style membership.partnerRel.holderPerson:roles fill:#99bcdb,stroke:white
|
||||||
|
|
||||||
role:membership.partnerRel.holderPerson:owner[[membership.partnerRel.holderPerson:owner]]
|
role:membership.partnerRel.holderPerson:OWNER[[membership.partnerRel.holderPerson:OWNER]]
|
||||||
role:membership.partnerRel.holderPerson:admin[[membership.partnerRel.holderPerson:admin]]
|
role:membership.partnerRel.holderPerson:ADMIN[[membership.partnerRel.holderPerson:ADMIN]]
|
||||||
role:membership.partnerRel.holderPerson:referrer[[membership.partnerRel.holderPerson:referrer]]
|
role:membership.partnerRel.holderPerson:REFERRER[[membership.partnerRel.holderPerson:REFERRER]]
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
@ -26,9 +26,9 @@ subgraph membership.partnerRel.anchorPerson["`**membership.partnerRel.anchorPers
|
|||||||
subgraph membership.partnerRel.anchorPerson:roles[ ]
|
subgraph membership.partnerRel.anchorPerson:roles[ ]
|
||||||
style membership.partnerRel.anchorPerson:roles fill:#99bcdb,stroke:white
|
style membership.partnerRel.anchorPerson:roles fill:#99bcdb,stroke:white
|
||||||
|
|
||||||
role:membership.partnerRel.anchorPerson:owner[[membership.partnerRel.anchorPerson:owner]]
|
role:membership.partnerRel.anchorPerson:OWNER[[membership.partnerRel.anchorPerson:OWNER]]
|
||||||
role:membership.partnerRel.anchorPerson:admin[[membership.partnerRel.anchorPerson:admin]]
|
role:membership.partnerRel.anchorPerson:ADMIN[[membership.partnerRel.anchorPerson:ADMIN]]
|
||||||
role:membership.partnerRel.anchorPerson:referrer[[membership.partnerRel.anchorPerson:referrer]]
|
role:membership.partnerRel.anchorPerson:REFERRER[[membership.partnerRel.anchorPerson:REFERRER]]
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
@ -49,103 +49,12 @@ subgraph membership["`**membership**`"]
|
|||||||
direction TB
|
direction TB
|
||||||
style membership fill:#99bcdb,stroke:#274d6e,stroke-width:8px
|
style membership fill:#99bcdb,stroke:#274d6e,stroke-width:8px
|
||||||
|
|
||||||
subgraph membership.partnerRel.holderPerson["`**membership.partnerRel.holderPerson**`"]
|
|
||||||
direction TB
|
|
||||||
style membership.partnerRel.holderPerson fill:#99bcdb,stroke:#274d6e,stroke-width:8px
|
|
||||||
|
|
||||||
subgraph membership.partnerRel.holderPerson:roles[ ]
|
|
||||||
style membership.partnerRel.holderPerson:roles fill:#99bcdb,stroke:white
|
|
||||||
|
|
||||||
role:membership.partnerRel.holderPerson:owner[[membership.partnerRel.holderPerson:owner]]
|
|
||||||
role:membership.partnerRel.holderPerson:admin[[membership.partnerRel.holderPerson:admin]]
|
|
||||||
role:membership.partnerRel.holderPerson:referrer[[membership.partnerRel.holderPerson:referrer]]
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
subgraph membership.partnerRel.anchorPerson["`**membership.partnerRel.anchorPerson**`"]
|
|
||||||
direction TB
|
|
||||||
style membership.partnerRel.anchorPerson fill:#99bcdb,stroke:#274d6e,stroke-width:8px
|
|
||||||
|
|
||||||
subgraph membership.partnerRel.anchorPerson:roles[ ]
|
|
||||||
style membership.partnerRel.anchorPerson:roles fill:#99bcdb,stroke:white
|
|
||||||
|
|
||||||
role:membership.partnerRel.anchorPerson:owner[[membership.partnerRel.anchorPerson:owner]]
|
|
||||||
role:membership.partnerRel.anchorPerson:admin[[membership.partnerRel.anchorPerson:admin]]
|
|
||||||
role:membership.partnerRel.anchorPerson:referrer[[membership.partnerRel.anchorPerson:referrer]]
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
subgraph membership.partnerRel["`**membership.partnerRel**`"]
|
|
||||||
direction TB
|
|
||||||
style membership.partnerRel fill:#99bcdb,stroke:#274d6e,stroke-width:8px
|
|
||||||
subgraph membership.partnerRel.holderPerson["`**membership.partnerRel.holderPerson**`"]
|
|
||||||
direction TB
|
|
||||||
style membership.partnerRel.holderPerson fill:#99bcdb,stroke:#274d6e,stroke-width:8px
|
|
||||||
|
|
||||||
subgraph membership.partnerRel.holderPerson:roles[ ]
|
|
||||||
style membership.partnerRel.holderPerson:roles fill:#99bcdb,stroke:white
|
|
||||||
|
|
||||||
role:membership.partnerRel.holderPerson:owner[[membership.partnerRel.holderPerson:owner]]
|
|
||||||
role:membership.partnerRel.holderPerson:admin[[membership.partnerRel.holderPerson:admin]]
|
|
||||||
role:membership.partnerRel.holderPerson:referrer[[membership.partnerRel.holderPerson:referrer]]
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
subgraph membership.partnerRel.anchorPerson["`**membership.partnerRel.anchorPerson**`"]
|
|
||||||
direction TB
|
|
||||||
style membership.partnerRel.anchorPerson fill:#99bcdb,stroke:#274d6e,stroke-width:8px
|
|
||||||
|
|
||||||
subgraph membership.partnerRel.anchorPerson:roles[ ]
|
|
||||||
style membership.partnerRel.anchorPerson:roles fill:#99bcdb,stroke:white
|
|
||||||
|
|
||||||
role:membership.partnerRel.anchorPerson:owner[[membership.partnerRel.anchorPerson:owner]]
|
|
||||||
role:membership.partnerRel.anchorPerson:admin[[membership.partnerRel.anchorPerson:admin]]
|
|
||||||
role:membership.partnerRel.anchorPerson:referrer[[membership.partnerRel.anchorPerson:referrer]]
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
subgraph membership.partnerRel.contact["`**membership.partnerRel.contact**`"]
|
|
||||||
direction TB
|
|
||||||
style membership.partnerRel.contact fill:#99bcdb,stroke:#274d6e,stroke-width:8px
|
|
||||||
|
|
||||||
subgraph membership.partnerRel.contact:roles[ ]
|
|
||||||
style membership.partnerRel.contact:roles fill:#99bcdb,stroke:white
|
|
||||||
|
|
||||||
role:membership.partnerRel.contact:owner[[membership.partnerRel.contact:owner]]
|
|
||||||
role:membership.partnerRel.contact:admin[[membership.partnerRel.contact:admin]]
|
|
||||||
role:membership.partnerRel.contact:referrer[[membership.partnerRel.contact:referrer]]
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
subgraph membership.partnerRel:roles[ ]
|
|
||||||
style membership.partnerRel:roles fill:#99bcdb,stroke:white
|
|
||||||
|
|
||||||
role:membership.partnerRel:owner[[membership.partnerRel:owner]]
|
|
||||||
role:membership.partnerRel:admin[[membership.partnerRel:admin]]
|
|
||||||
role:membership.partnerRel:agent[[membership.partnerRel:agent]]
|
|
||||||
role:membership.partnerRel:tenant[[membership.partnerRel:tenant]]
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
subgraph membership.partnerRel.contact["`**membership.partnerRel.contact**`"]
|
|
||||||
direction TB
|
|
||||||
style membership.partnerRel.contact fill:#99bcdb,stroke:#274d6e,stroke-width:8px
|
|
||||||
|
|
||||||
subgraph membership.partnerRel.contact:roles[ ]
|
|
||||||
style membership.partnerRel.contact:roles fill:#99bcdb,stroke:white
|
|
||||||
|
|
||||||
role:membership.partnerRel.contact:owner[[membership.partnerRel.contact:owner]]
|
|
||||||
role:membership.partnerRel.contact:admin[[membership.partnerRel.contact:admin]]
|
|
||||||
role:membership.partnerRel.contact:referrer[[membership.partnerRel.contact:referrer]]
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
subgraph membership:roles[ ]
|
subgraph membership:roles[ ]
|
||||||
style membership:roles fill:#99bcdb,stroke:white
|
style membership:roles fill:#99bcdb,stroke:white
|
||||||
|
|
||||||
role:membership:owner[[membership:owner]]
|
role:membership:OWNER[[membership:OWNER]]
|
||||||
role:membership:admin[[membership:admin]]
|
role:membership:ADMIN[[membership:ADMIN]]
|
||||||
role:membership:referrer[[membership:referrer]]
|
role:membership:AGENT[[membership:AGENT]]
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
@ -153,52 +62,13 @@ subgraph membership.partnerRel["`**membership.partnerRel**`"]
|
|||||||
direction TB
|
direction TB
|
||||||
style membership.partnerRel fill:#99bcdb,stroke:#274d6e,stroke-width:8px
|
style membership.partnerRel fill:#99bcdb,stroke:#274d6e,stroke-width:8px
|
||||||
|
|
||||||
subgraph membership.partnerRel.holderPerson["`**membership.partnerRel.holderPerson**`"]
|
|
||||||
direction TB
|
|
||||||
style membership.partnerRel.holderPerson fill:#99bcdb,stroke:#274d6e,stroke-width:8px
|
|
||||||
|
|
||||||
subgraph membership.partnerRel.holderPerson:roles[ ]
|
|
||||||
style membership.partnerRel.holderPerson:roles fill:#99bcdb,stroke:white
|
|
||||||
|
|
||||||
role:membership.partnerRel.holderPerson:owner[[membership.partnerRel.holderPerson:owner]]
|
|
||||||
role:membership.partnerRel.holderPerson:admin[[membership.partnerRel.holderPerson:admin]]
|
|
||||||
role:membership.partnerRel.holderPerson:referrer[[membership.partnerRel.holderPerson:referrer]]
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
subgraph membership.partnerRel.anchorPerson["`**membership.partnerRel.anchorPerson**`"]
|
|
||||||
direction TB
|
|
||||||
style membership.partnerRel.anchorPerson fill:#99bcdb,stroke:#274d6e,stroke-width:8px
|
|
||||||
|
|
||||||
subgraph membership.partnerRel.anchorPerson:roles[ ]
|
|
||||||
style membership.partnerRel.anchorPerson:roles fill:#99bcdb,stroke:white
|
|
||||||
|
|
||||||
role:membership.partnerRel.anchorPerson:owner[[membership.partnerRel.anchorPerson:owner]]
|
|
||||||
role:membership.partnerRel.anchorPerson:admin[[membership.partnerRel.anchorPerson:admin]]
|
|
||||||
role:membership.partnerRel.anchorPerson:referrer[[membership.partnerRel.anchorPerson:referrer]]
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
subgraph membership.partnerRel.contact["`**membership.partnerRel.contact**`"]
|
|
||||||
direction TB
|
|
||||||
style membership.partnerRel.contact fill:#99bcdb,stroke:#274d6e,stroke-width:8px
|
|
||||||
|
|
||||||
subgraph membership.partnerRel.contact:roles[ ]
|
|
||||||
style membership.partnerRel.contact:roles fill:#99bcdb,stroke:white
|
|
||||||
|
|
||||||
role:membership.partnerRel.contact:owner[[membership.partnerRel.contact:owner]]
|
|
||||||
role:membership.partnerRel.contact:admin[[membership.partnerRel.contact:admin]]
|
|
||||||
role:membership.partnerRel.contact:referrer[[membership.partnerRel.contact:referrer]]
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
subgraph membership.partnerRel:roles[ ]
|
subgraph membership.partnerRel:roles[ ]
|
||||||
style membership.partnerRel:roles fill:#99bcdb,stroke:white
|
style membership.partnerRel:roles fill:#99bcdb,stroke:white
|
||||||
|
|
||||||
role:membership.partnerRel:owner[[membership.partnerRel:owner]]
|
role:membership.partnerRel:OWNER[[membership.partnerRel:OWNER]]
|
||||||
role:membership.partnerRel:admin[[membership.partnerRel:admin]]
|
role:membership.partnerRel:ADMIN[[membership.partnerRel:ADMIN]]
|
||||||
role:membership.partnerRel:agent[[membership.partnerRel:agent]]
|
role:membership.partnerRel:AGENT[[membership.partnerRel:AGENT]]
|
||||||
role:membership.partnerRel:tenant[[membership.partnerRel:tenant]]
|
role:membership.partnerRel:TENANT[[membership.partnerRel:TENANT]]
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
@ -209,42 +79,42 @@ subgraph membership.partnerRel.contact["`**membership.partnerRel.contact**`"]
|
|||||||
subgraph membership.partnerRel.contact:roles[ ]
|
subgraph membership.partnerRel.contact:roles[ ]
|
||||||
style membership.partnerRel.contact:roles fill:#99bcdb,stroke:white
|
style membership.partnerRel.contact:roles fill:#99bcdb,stroke:white
|
||||||
|
|
||||||
role:membership.partnerRel.contact:owner[[membership.partnerRel.contact:owner]]
|
role:membership.partnerRel.contact:OWNER[[membership.partnerRel.contact:OWNER]]
|
||||||
role:membership.partnerRel.contact:admin[[membership.partnerRel.contact:admin]]
|
role:membership.partnerRel.contact:ADMIN[[membership.partnerRel.contact:ADMIN]]
|
||||||
role:membership.partnerRel.contact:referrer[[membership.partnerRel.contact:referrer]]
|
role:membership.partnerRel.contact:REFERRER[[membership.partnerRel.contact:REFERRER]]
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
%% granting roles to roles
|
%% granting roles to roles
|
||||||
role:global:admin -.-> role:membership.partnerRel.anchorPerson:owner
|
role:global:ADMIN -.-> role:membership.partnerRel.anchorPerson:OWNER
|
||||||
role:membership.partnerRel.anchorPerson:owner -.-> role:membership.partnerRel.anchorPerson:admin
|
role:membership.partnerRel.anchorPerson:OWNER -.-> role:membership.partnerRel.anchorPerson:ADMIN
|
||||||
role:membership.partnerRel.anchorPerson:admin -.-> role:membership.partnerRel.anchorPerson:referrer
|
role:membership.partnerRel.anchorPerson:ADMIN -.-> role:membership.partnerRel.anchorPerson:REFERRER
|
||||||
role:global:admin -.-> role:membership.partnerRel.holderPerson:owner
|
role:global:ADMIN -.-> role:membership.partnerRel.holderPerson:OWNER
|
||||||
role:membership.partnerRel.holderPerson:owner -.-> role:membership.partnerRel.holderPerson:admin
|
role:membership.partnerRel.holderPerson:OWNER -.-> role:membership.partnerRel.holderPerson:ADMIN
|
||||||
role:membership.partnerRel.holderPerson:admin -.-> role:membership.partnerRel.holderPerson:referrer
|
role:membership.partnerRel.holderPerson:ADMIN -.-> role:membership.partnerRel.holderPerson:REFERRER
|
||||||
role:global:admin -.-> role:membership.partnerRel.contact:owner
|
role:global:ADMIN -.-> role:membership.partnerRel.contact:OWNER
|
||||||
role:membership.partnerRel.contact:owner -.-> role:membership.partnerRel.contact:admin
|
role:membership.partnerRel.contact:OWNER -.-> role:membership.partnerRel.contact:ADMIN
|
||||||
role:membership.partnerRel.contact:admin -.-> role:membership.partnerRel.contact:referrer
|
role:membership.partnerRel.contact:ADMIN -.-> role:membership.partnerRel.contact:REFERRER
|
||||||
role:global:admin -.-> role:membership.partnerRel:owner
|
role:global:ADMIN -.-> role:membership.partnerRel:OWNER
|
||||||
role:membership.partnerRel:owner -.-> role:membership.partnerRel:admin
|
role:membership.partnerRel:OWNER -.-> role:membership.partnerRel:ADMIN
|
||||||
role:membership.partnerRel.anchorPerson:admin -.-> role:membership.partnerRel:admin
|
role:membership.partnerRel.anchorPerson:ADMIN -.-> role:membership.partnerRel:ADMIN
|
||||||
role:membership.partnerRel:admin -.-> role:membership.partnerRel:agent
|
role:membership.partnerRel:ADMIN -.-> role:membership.partnerRel:AGENT
|
||||||
role:membership.partnerRel.holderPerson:admin -.-> role:membership.partnerRel:agent
|
role:membership.partnerRel.holderPerson:ADMIN -.-> role:membership.partnerRel:AGENT
|
||||||
role:membership.partnerRel:agent -.-> role:membership.partnerRel:tenant
|
role:membership.partnerRel:AGENT -.-> role:membership.partnerRel:TENANT
|
||||||
role:membership.partnerRel.holderPerson:admin -.-> role:membership.partnerRel:tenant
|
role:membership.partnerRel.holderPerson:ADMIN -.-> role:membership.partnerRel:TENANT
|
||||||
role:membership.partnerRel.contact:admin -.-> role:membership.partnerRel:tenant
|
role:membership.partnerRel.contact:ADMIN -.-> role:membership.partnerRel:TENANT
|
||||||
role:membership.partnerRel:tenant -.-> role:membership.partnerRel.anchorPerson:referrer
|
role:membership.partnerRel:TENANT -.-> role:membership.partnerRel.anchorPerson:REFERRER
|
||||||
role:membership.partnerRel:tenant -.-> role:membership.partnerRel.holderPerson:referrer
|
role:membership.partnerRel:TENANT -.-> role:membership.partnerRel.holderPerson:REFERRER
|
||||||
role:membership.partnerRel:tenant -.-> role:membership.partnerRel.contact:referrer
|
role:membership.partnerRel:TENANT -.-> role:membership.partnerRel.contact:REFERRER
|
||||||
role:membership.partnerRel:admin -.-> role:membership:owner
|
role:membership:OWNER -.-> role:membership:ADMIN
|
||||||
role:membership:owner -.-> role:membership:admin
|
role:membership.partnerRel:ADMIN -.-> role:membership:ADMIN
|
||||||
role:membership.partnerRel:agent -.-> role:membership:admin
|
role:membership:ADMIN -.-> role:membership:AGENT
|
||||||
role:membership:admin -.-> role:membership:referrer
|
role:membership.partnerRel:AGENT -.-> role:membership:AGENT
|
||||||
role:membership:referrer -.-> role:membership.partnerRel:tenant
|
role:membership:AGENT -.-> role:membership.partnerRel:TENANT
|
||||||
|
|
||||||
%% granting permissions to roles
|
%% granting permissions to roles
|
||||||
role:membership:admin ==> perm:coopSharesTransaction:INSERT
|
role:membership:ADMIN ==> perm:coopSharesTransaction:INSERT
|
||||||
role:membership:admin ==> perm:coopSharesTransaction:UPDATE
|
role:membership:ADMIN ==> perm:coopSharesTransaction:UPDATE
|
||||||
role:membership:admin ==> perm:coopSharesTransaction:SELECT
|
role:membership:AGENT ==> perm:coopSharesTransaction:SELECT
|
||||||
|
|
||||||
```
|
```
|
||||||
|
@ -38,8 +38,8 @@ begin
|
|||||||
SELECT * FROM hs_office_membership WHERE uuid = NEW.membershipUuid INTO newMembership;
|
SELECT * FROM hs_office_membership WHERE uuid = NEW.membershipUuid INTO newMembership;
|
||||||
assert newMembership.uuid is not null, format('newMembership must not be null for NEW.membershipUuid = %s', NEW.membershipUuid);
|
assert newMembership.uuid is not null, format('newMembership must not be null for NEW.membershipUuid = %s', NEW.membershipUuid);
|
||||||
|
|
||||||
call grantPermissionToRole(createPermission(NEW.uuid, 'SELECT'), hsOfficeMembershipAdmin(newMembership));
|
call grantPermissionToRole(createPermission(NEW.uuid, 'SELECT'), hsOfficeMembershipAGENT(newMembership));
|
||||||
call grantPermissionToRole(createPermission(NEW.uuid, 'UPDATE'), hsOfficeMembershipAdmin(newMembership));
|
call grantPermissionToRole(createPermission(NEW.uuid, 'UPDATE'), hsOfficeMembershipADMIN(newMembership));
|
||||||
|
|
||||||
call leaveTriggerForObjectUuid(NEW.uuid);
|
call leaveTriggerForObjectUuid(NEW.uuid);
|
||||||
end; $$;
|
end; $$;
|
||||||
@ -81,7 +81,7 @@ do language plpgsql $$
|
|||||||
LOOP
|
LOOP
|
||||||
call grantPermissionToRole(
|
call grantPermissionToRole(
|
||||||
createPermission(row.uuid, 'INSERT', 'hs_office_coopsharestransaction'),
|
createPermission(row.uuid, 'INSERT', 'hs_office_coopsharestransaction'),
|
||||||
hsOfficeMembershipAdmin(row));
|
hsOfficeMembershipADMIN(row));
|
||||||
END LOOP;
|
END LOOP;
|
||||||
END;
|
END;
|
||||||
$$;
|
$$;
|
||||||
@ -96,7 +96,7 @@ create or replace function hs_office_coopsharestransaction_hs_office_membership_
|
|||||||
begin
|
begin
|
||||||
call grantPermissionToRole(
|
call grantPermissionToRole(
|
||||||
createPermission(NEW.uuid, 'INSERT', 'hs_office_coopsharestransaction'),
|
createPermission(NEW.uuid, 'INSERT', 'hs_office_coopsharestransaction'),
|
||||||
hsOfficeMembershipAdmin(NEW));
|
hsOfficeMembershipADMIN(NEW));
|
||||||
return NEW;
|
return NEW;
|
||||||
end; $$;
|
end; $$;
|
||||||
|
|
||||||
|
@ -13,9 +13,9 @@ subgraph membership.partnerRel.holderPerson["`**membership.partnerRel.holderPers
|
|||||||
subgraph membership.partnerRel.holderPerson:roles[ ]
|
subgraph membership.partnerRel.holderPerson:roles[ ]
|
||||||
style membership.partnerRel.holderPerson:roles fill:#99bcdb,stroke:white
|
style membership.partnerRel.holderPerson:roles fill:#99bcdb,stroke:white
|
||||||
|
|
||||||
role:membership.partnerRel.holderPerson:owner[[membership.partnerRel.holderPerson:owner]]
|
role:membership.partnerRel.holderPerson:OWNER[[membership.partnerRel.holderPerson:OWNER]]
|
||||||
role:membership.partnerRel.holderPerson:admin[[membership.partnerRel.holderPerson:admin]]
|
role:membership.partnerRel.holderPerson:ADMIN[[membership.partnerRel.holderPerson:ADMIN]]
|
||||||
role:membership.partnerRel.holderPerson:referrer[[membership.partnerRel.holderPerson:referrer]]
|
role:membership.partnerRel.holderPerson:REFERRER[[membership.partnerRel.holderPerson:REFERRER]]
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
@ -26,9 +26,9 @@ subgraph membership.partnerRel.anchorPerson["`**membership.partnerRel.anchorPers
|
|||||||
subgraph membership.partnerRel.anchorPerson:roles[ ]
|
subgraph membership.partnerRel.anchorPerson:roles[ ]
|
||||||
style membership.partnerRel.anchorPerson:roles fill:#99bcdb,stroke:white
|
style membership.partnerRel.anchorPerson:roles fill:#99bcdb,stroke:white
|
||||||
|
|
||||||
role:membership.partnerRel.anchorPerson:owner[[membership.partnerRel.anchorPerson:owner]]
|
role:membership.partnerRel.anchorPerson:OWNER[[membership.partnerRel.anchorPerson:OWNER]]
|
||||||
role:membership.partnerRel.anchorPerson:admin[[membership.partnerRel.anchorPerson:admin]]
|
role:membership.partnerRel.anchorPerson:ADMIN[[membership.partnerRel.anchorPerson:ADMIN]]
|
||||||
role:membership.partnerRel.anchorPerson:referrer[[membership.partnerRel.anchorPerson:referrer]]
|
role:membership.partnerRel.anchorPerson:REFERRER[[membership.partnerRel.anchorPerson:REFERRER]]
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
@ -49,103 +49,12 @@ subgraph membership["`**membership**`"]
|
|||||||
direction TB
|
direction TB
|
||||||
style membership fill:#99bcdb,stroke:#274d6e,stroke-width:8px
|
style membership fill:#99bcdb,stroke:#274d6e,stroke-width:8px
|
||||||
|
|
||||||
subgraph membership.partnerRel.holderPerson["`**membership.partnerRel.holderPerson**`"]
|
|
||||||
direction TB
|
|
||||||
style membership.partnerRel.holderPerson fill:#99bcdb,stroke:#274d6e,stroke-width:8px
|
|
||||||
|
|
||||||
subgraph membership.partnerRel.holderPerson:roles[ ]
|
|
||||||
style membership.partnerRel.holderPerson:roles fill:#99bcdb,stroke:white
|
|
||||||
|
|
||||||
role:membership.partnerRel.holderPerson:owner[[membership.partnerRel.holderPerson:owner]]
|
|
||||||
role:membership.partnerRel.holderPerson:admin[[membership.partnerRel.holderPerson:admin]]
|
|
||||||
role:membership.partnerRel.holderPerson:referrer[[membership.partnerRel.holderPerson:referrer]]
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
subgraph membership.partnerRel.anchorPerson["`**membership.partnerRel.anchorPerson**`"]
|
|
||||||
direction TB
|
|
||||||
style membership.partnerRel.anchorPerson fill:#99bcdb,stroke:#274d6e,stroke-width:8px
|
|
||||||
|
|
||||||
subgraph membership.partnerRel.anchorPerson:roles[ ]
|
|
||||||
style membership.partnerRel.anchorPerson:roles fill:#99bcdb,stroke:white
|
|
||||||
|
|
||||||
role:membership.partnerRel.anchorPerson:owner[[membership.partnerRel.anchorPerson:owner]]
|
|
||||||
role:membership.partnerRel.anchorPerson:admin[[membership.partnerRel.anchorPerson:admin]]
|
|
||||||
role:membership.partnerRel.anchorPerson:referrer[[membership.partnerRel.anchorPerson:referrer]]
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
subgraph membership.partnerRel["`**membership.partnerRel**`"]
|
|
||||||
direction TB
|
|
||||||
style membership.partnerRel fill:#99bcdb,stroke:#274d6e,stroke-width:8px
|
|
||||||
subgraph membership.partnerRel.holderPerson["`**membership.partnerRel.holderPerson**`"]
|
|
||||||
direction TB
|
|
||||||
style membership.partnerRel.holderPerson fill:#99bcdb,stroke:#274d6e,stroke-width:8px
|
|
||||||
|
|
||||||
subgraph membership.partnerRel.holderPerson:roles[ ]
|
|
||||||
style membership.partnerRel.holderPerson:roles fill:#99bcdb,stroke:white
|
|
||||||
|
|
||||||
role:membership.partnerRel.holderPerson:owner[[membership.partnerRel.holderPerson:owner]]
|
|
||||||
role:membership.partnerRel.holderPerson:admin[[membership.partnerRel.holderPerson:admin]]
|
|
||||||
role:membership.partnerRel.holderPerson:referrer[[membership.partnerRel.holderPerson:referrer]]
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
subgraph membership.partnerRel.anchorPerson["`**membership.partnerRel.anchorPerson**`"]
|
|
||||||
direction TB
|
|
||||||
style membership.partnerRel.anchorPerson fill:#99bcdb,stroke:#274d6e,stroke-width:8px
|
|
||||||
|
|
||||||
subgraph membership.partnerRel.anchorPerson:roles[ ]
|
|
||||||
style membership.partnerRel.anchorPerson:roles fill:#99bcdb,stroke:white
|
|
||||||
|
|
||||||
role:membership.partnerRel.anchorPerson:owner[[membership.partnerRel.anchorPerson:owner]]
|
|
||||||
role:membership.partnerRel.anchorPerson:admin[[membership.partnerRel.anchorPerson:admin]]
|
|
||||||
role:membership.partnerRel.anchorPerson:referrer[[membership.partnerRel.anchorPerson:referrer]]
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
subgraph membership.partnerRel.contact["`**membership.partnerRel.contact**`"]
|
|
||||||
direction TB
|
|
||||||
style membership.partnerRel.contact fill:#99bcdb,stroke:#274d6e,stroke-width:8px
|
|
||||||
|
|
||||||
subgraph membership.partnerRel.contact:roles[ ]
|
|
||||||
style membership.partnerRel.contact:roles fill:#99bcdb,stroke:white
|
|
||||||
|
|
||||||
role:membership.partnerRel.contact:owner[[membership.partnerRel.contact:owner]]
|
|
||||||
role:membership.partnerRel.contact:admin[[membership.partnerRel.contact:admin]]
|
|
||||||
role:membership.partnerRel.contact:referrer[[membership.partnerRel.contact:referrer]]
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
subgraph membership.partnerRel:roles[ ]
|
|
||||||
style membership.partnerRel:roles fill:#99bcdb,stroke:white
|
|
||||||
|
|
||||||
role:membership.partnerRel:owner[[membership.partnerRel:owner]]
|
|
||||||
role:membership.partnerRel:admin[[membership.partnerRel:admin]]
|
|
||||||
role:membership.partnerRel:agent[[membership.partnerRel:agent]]
|
|
||||||
role:membership.partnerRel:tenant[[membership.partnerRel:tenant]]
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
subgraph membership.partnerRel.contact["`**membership.partnerRel.contact**`"]
|
|
||||||
direction TB
|
|
||||||
style membership.partnerRel.contact fill:#99bcdb,stroke:#274d6e,stroke-width:8px
|
|
||||||
|
|
||||||
subgraph membership.partnerRel.contact:roles[ ]
|
|
||||||
style membership.partnerRel.contact:roles fill:#99bcdb,stroke:white
|
|
||||||
|
|
||||||
role:membership.partnerRel.contact:owner[[membership.partnerRel.contact:owner]]
|
|
||||||
role:membership.partnerRel.contact:admin[[membership.partnerRel.contact:admin]]
|
|
||||||
role:membership.partnerRel.contact:referrer[[membership.partnerRel.contact:referrer]]
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
subgraph membership:roles[ ]
|
subgraph membership:roles[ ]
|
||||||
style membership:roles fill:#99bcdb,stroke:white
|
style membership:roles fill:#99bcdb,stroke:white
|
||||||
|
|
||||||
role:membership:owner[[membership:owner]]
|
role:membership:OWNER[[membership:OWNER]]
|
||||||
role:membership:admin[[membership:admin]]
|
role:membership:ADMIN[[membership:ADMIN]]
|
||||||
role:membership:referrer[[membership:referrer]]
|
role:membership:AGENT[[membership:AGENT]]
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
@ -153,52 +62,13 @@ subgraph membership.partnerRel["`**membership.partnerRel**`"]
|
|||||||
direction TB
|
direction TB
|
||||||
style membership.partnerRel fill:#99bcdb,stroke:#274d6e,stroke-width:8px
|
style membership.partnerRel fill:#99bcdb,stroke:#274d6e,stroke-width:8px
|
||||||
|
|
||||||
subgraph membership.partnerRel.holderPerson["`**membership.partnerRel.holderPerson**`"]
|
|
||||||
direction TB
|
|
||||||
style membership.partnerRel.holderPerson fill:#99bcdb,stroke:#274d6e,stroke-width:8px
|
|
||||||
|
|
||||||
subgraph membership.partnerRel.holderPerson:roles[ ]
|
|
||||||
style membership.partnerRel.holderPerson:roles fill:#99bcdb,stroke:white
|
|
||||||
|
|
||||||
role:membership.partnerRel.holderPerson:owner[[membership.partnerRel.holderPerson:owner]]
|
|
||||||
role:membership.partnerRel.holderPerson:admin[[membership.partnerRel.holderPerson:admin]]
|
|
||||||
role:membership.partnerRel.holderPerson:referrer[[membership.partnerRel.holderPerson:referrer]]
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
subgraph membership.partnerRel.anchorPerson["`**membership.partnerRel.anchorPerson**`"]
|
|
||||||
direction TB
|
|
||||||
style membership.partnerRel.anchorPerson fill:#99bcdb,stroke:#274d6e,stroke-width:8px
|
|
||||||
|
|
||||||
subgraph membership.partnerRel.anchorPerson:roles[ ]
|
|
||||||
style membership.partnerRel.anchorPerson:roles fill:#99bcdb,stroke:white
|
|
||||||
|
|
||||||
role:membership.partnerRel.anchorPerson:owner[[membership.partnerRel.anchorPerson:owner]]
|
|
||||||
role:membership.partnerRel.anchorPerson:admin[[membership.partnerRel.anchorPerson:admin]]
|
|
||||||
role:membership.partnerRel.anchorPerson:referrer[[membership.partnerRel.anchorPerson:referrer]]
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
subgraph membership.partnerRel.contact["`**membership.partnerRel.contact**`"]
|
|
||||||
direction TB
|
|
||||||
style membership.partnerRel.contact fill:#99bcdb,stroke:#274d6e,stroke-width:8px
|
|
||||||
|
|
||||||
subgraph membership.partnerRel.contact:roles[ ]
|
|
||||||
style membership.partnerRel.contact:roles fill:#99bcdb,stroke:white
|
|
||||||
|
|
||||||
role:membership.partnerRel.contact:owner[[membership.partnerRel.contact:owner]]
|
|
||||||
role:membership.partnerRel.contact:admin[[membership.partnerRel.contact:admin]]
|
|
||||||
role:membership.partnerRel.contact:referrer[[membership.partnerRel.contact:referrer]]
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
subgraph membership.partnerRel:roles[ ]
|
subgraph membership.partnerRel:roles[ ]
|
||||||
style membership.partnerRel:roles fill:#99bcdb,stroke:white
|
style membership.partnerRel:roles fill:#99bcdb,stroke:white
|
||||||
|
|
||||||
role:membership.partnerRel:owner[[membership.partnerRel:owner]]
|
role:membership.partnerRel:OWNER[[membership.partnerRel:OWNER]]
|
||||||
role:membership.partnerRel:admin[[membership.partnerRel:admin]]
|
role:membership.partnerRel:ADMIN[[membership.partnerRel:ADMIN]]
|
||||||
role:membership.partnerRel:agent[[membership.partnerRel:agent]]
|
role:membership.partnerRel:AGENT[[membership.partnerRel:AGENT]]
|
||||||
role:membership.partnerRel:tenant[[membership.partnerRel:tenant]]
|
role:membership.partnerRel:TENANT[[membership.partnerRel:TENANT]]
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
@ -209,42 +79,42 @@ subgraph membership.partnerRel.contact["`**membership.partnerRel.contact**`"]
|
|||||||
subgraph membership.partnerRel.contact:roles[ ]
|
subgraph membership.partnerRel.contact:roles[ ]
|
||||||
style membership.partnerRel.contact:roles fill:#99bcdb,stroke:white
|
style membership.partnerRel.contact:roles fill:#99bcdb,stroke:white
|
||||||
|
|
||||||
role:membership.partnerRel.contact:owner[[membership.partnerRel.contact:owner]]
|
role:membership.partnerRel.contact:OWNER[[membership.partnerRel.contact:OWNER]]
|
||||||
role:membership.partnerRel.contact:admin[[membership.partnerRel.contact:admin]]
|
role:membership.partnerRel.contact:ADMIN[[membership.partnerRel.contact:ADMIN]]
|
||||||
role:membership.partnerRel.contact:referrer[[membership.partnerRel.contact:referrer]]
|
role:membership.partnerRel.contact:REFERRER[[membership.partnerRel.contact:REFERRER]]
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
%% granting roles to roles
|
%% granting roles to roles
|
||||||
role:global:admin -.-> role:membership.partnerRel.anchorPerson:owner
|
role:global:ADMIN -.-> role:membership.partnerRel.anchorPerson:OWNER
|
||||||
role:membership.partnerRel.anchorPerson:owner -.-> role:membership.partnerRel.anchorPerson:admin
|
role:membership.partnerRel.anchorPerson:OWNER -.-> role:membership.partnerRel.anchorPerson:ADMIN
|
||||||
role:membership.partnerRel.anchorPerson:admin -.-> role:membership.partnerRel.anchorPerson:referrer
|
role:membership.partnerRel.anchorPerson:ADMIN -.-> role:membership.partnerRel.anchorPerson:REFERRER
|
||||||
role:global:admin -.-> role:membership.partnerRel.holderPerson:owner
|
role:global:ADMIN -.-> role:membership.partnerRel.holderPerson:OWNER
|
||||||
role:membership.partnerRel.holderPerson:owner -.-> role:membership.partnerRel.holderPerson:admin
|
role:membership.partnerRel.holderPerson:OWNER -.-> role:membership.partnerRel.holderPerson:ADMIN
|
||||||
role:membership.partnerRel.holderPerson:admin -.-> role:membership.partnerRel.holderPerson:referrer
|
role:membership.partnerRel.holderPerson:ADMIN -.-> role:membership.partnerRel.holderPerson:REFERRER
|
||||||
role:global:admin -.-> role:membership.partnerRel.contact:owner
|
role:global:ADMIN -.-> role:membership.partnerRel.contact:OWNER
|
||||||
role:membership.partnerRel.contact:owner -.-> role:membership.partnerRel.contact:admin
|
role:membership.partnerRel.contact:OWNER -.-> role:membership.partnerRel.contact:ADMIN
|
||||||
role:membership.partnerRel.contact:admin -.-> role:membership.partnerRel.contact:referrer
|
role:membership.partnerRel.contact:ADMIN -.-> role:membership.partnerRel.contact:REFERRER
|
||||||
role:global:admin -.-> role:membership.partnerRel:owner
|
role:global:ADMIN -.-> role:membership.partnerRel:OWNER
|
||||||
role:membership.partnerRel:owner -.-> role:membership.partnerRel:admin
|
role:membership.partnerRel:OWNER -.-> role:membership.partnerRel:ADMIN
|
||||||
role:membership.partnerRel.anchorPerson:admin -.-> role:membership.partnerRel:admin
|
role:membership.partnerRel.anchorPerson:ADMIN -.-> role:membership.partnerRel:ADMIN
|
||||||
role:membership.partnerRel:admin -.-> role:membership.partnerRel:agent
|
role:membership.partnerRel:ADMIN -.-> role:membership.partnerRel:AGENT
|
||||||
role:membership.partnerRel.holderPerson:admin -.-> role:membership.partnerRel:agent
|
role:membership.partnerRel.holderPerson:ADMIN -.-> role:membership.partnerRel:AGENT
|
||||||
role:membership.partnerRel:agent -.-> role:membership.partnerRel:tenant
|
role:membership.partnerRel:AGENT -.-> role:membership.partnerRel:TENANT
|
||||||
role:membership.partnerRel.holderPerson:admin -.-> role:membership.partnerRel:tenant
|
role:membership.partnerRel.holderPerson:ADMIN -.-> role:membership.partnerRel:TENANT
|
||||||
role:membership.partnerRel.contact:admin -.-> role:membership.partnerRel:tenant
|
role:membership.partnerRel.contact:ADMIN -.-> role:membership.partnerRel:TENANT
|
||||||
role:membership.partnerRel:tenant -.-> role:membership.partnerRel.anchorPerson:referrer
|
role:membership.partnerRel:TENANT -.-> role:membership.partnerRel.anchorPerson:REFERRER
|
||||||
role:membership.partnerRel:tenant -.-> role:membership.partnerRel.holderPerson:referrer
|
role:membership.partnerRel:TENANT -.-> role:membership.partnerRel.holderPerson:REFERRER
|
||||||
role:membership.partnerRel:tenant -.-> role:membership.partnerRel.contact:referrer
|
role:membership.partnerRel:TENANT -.-> role:membership.partnerRel.contact:REFERRER
|
||||||
role:membership.partnerRel:admin -.-> role:membership:owner
|
role:membership:OWNER -.-> role:membership:ADMIN
|
||||||
role:membership:owner -.-> role:membership:admin
|
role:membership.partnerRel:ADMIN -.-> role:membership:ADMIN
|
||||||
role:membership.partnerRel:agent -.-> role:membership:admin
|
role:membership:ADMIN -.-> role:membership:AGENT
|
||||||
role:membership:admin -.-> role:membership:referrer
|
role:membership.partnerRel:AGENT -.-> role:membership:AGENT
|
||||||
role:membership:referrer -.-> role:membership.partnerRel:tenant
|
role:membership:AGENT -.-> role:membership.partnerRel:TENANT
|
||||||
|
|
||||||
%% granting permissions to roles
|
%% granting permissions to roles
|
||||||
role:membership:admin ==> perm:coopAssetsTransaction:INSERT
|
role:membership:ADMIN ==> perm:coopAssetsTransaction:INSERT
|
||||||
role:membership:admin ==> perm:coopAssetsTransaction:UPDATE
|
role:membership:ADMIN ==> perm:coopAssetsTransaction:UPDATE
|
||||||
role:membership:admin ==> perm:coopAssetsTransaction:SELECT
|
role:membership:AGENT ==> perm:coopAssetsTransaction:SELECT
|
||||||
|
|
||||||
```
|
```
|
||||||
|
@ -38,8 +38,8 @@ begin
|
|||||||
SELECT * FROM hs_office_membership WHERE uuid = NEW.membershipUuid INTO newMembership;
|
SELECT * FROM hs_office_membership WHERE uuid = NEW.membershipUuid INTO newMembership;
|
||||||
assert newMembership.uuid is not null, format('newMembership must not be null for NEW.membershipUuid = %s', NEW.membershipUuid);
|
assert newMembership.uuid is not null, format('newMembership must not be null for NEW.membershipUuid = %s', NEW.membershipUuid);
|
||||||
|
|
||||||
call grantPermissionToRole(createPermission(NEW.uuid, 'SELECT'), hsOfficeMembershipAdmin(newMembership));
|
call grantPermissionToRole(createPermission(NEW.uuid, 'SELECT'), hsOfficeMembershipAGENT(newMembership));
|
||||||
call grantPermissionToRole(createPermission(NEW.uuid, 'UPDATE'), hsOfficeMembershipAdmin(newMembership));
|
call grantPermissionToRole(createPermission(NEW.uuid, 'UPDATE'), hsOfficeMembershipADMIN(newMembership));
|
||||||
|
|
||||||
call leaveTriggerForObjectUuid(NEW.uuid);
|
call leaveTriggerForObjectUuid(NEW.uuid);
|
||||||
end; $$;
|
end; $$;
|
||||||
@ -81,7 +81,7 @@ do language plpgsql $$
|
|||||||
LOOP
|
LOOP
|
||||||
call grantPermissionToRole(
|
call grantPermissionToRole(
|
||||||
createPermission(row.uuid, 'INSERT', 'hs_office_coopassetstransaction'),
|
createPermission(row.uuid, 'INSERT', 'hs_office_coopassetstransaction'),
|
||||||
hsOfficeMembershipAdmin(row));
|
hsOfficeMembershipADMIN(row));
|
||||||
END LOOP;
|
END LOOP;
|
||||||
END;
|
END;
|
||||||
$$;
|
$$;
|
||||||
@ -96,7 +96,7 @@ create or replace function hs_office_coopassetstransaction_hs_office_membership_
|
|||||||
begin
|
begin
|
||||||
call grantPermissionToRole(
|
call grantPermissionToRole(
|
||||||
createPermission(NEW.uuid, 'INSERT', 'hs_office_coopassetstransaction'),
|
createPermission(NEW.uuid, 'INSERT', 'hs_office_coopassetstransaction'),
|
||||||
hsOfficeMembershipAdmin(NEW));
|
hsOfficeMembershipADMIN(NEW));
|
||||||
return NEW;
|
return NEW;
|
||||||
end; $$;
|
end; $$;
|
||||||
|
|
||||||
|
@ -112,7 +112,7 @@ class HsOfficeCoopAssetsTransactionRepositoryIntegrationTest extends ContextBase
|
|||||||
.map(s -> s.replace("hs_office_", ""))
|
.map(s -> s.replace("hs_office_", ""))
|
||||||
.containsExactlyInAnyOrder(Array.fromFormatted(
|
.containsExactlyInAnyOrder(Array.fromFormatted(
|
||||||
initialGrantNames,
|
initialGrantNames,
|
||||||
"{ grant perm:coopassetstransaction#temprefB:SELECT to role:membership#M-1000101:ADMIN by system and assume }",
|
"{ grant perm:coopassetstransaction#temprefB:SELECT to role:membership#M-1000101:AGENT by system and assume }",
|
||||||
"{ grant perm:coopassetstransaction#temprefB:UPDATE to role:membership#M-1000101:ADMIN by system and assume }",
|
"{ grant perm:coopassetstransaction#temprefB:UPDATE to role:membership#M-1000101:ADMIN by system and assume }",
|
||||||
null));
|
null));
|
||||||
}
|
}
|
||||||
|
@ -111,7 +111,7 @@ class HsOfficeCoopSharesTransactionRepositoryIntegrationTest extends ContextBase
|
|||||||
.map(s -> s.replace("hs_office_", ""))
|
.map(s -> s.replace("hs_office_", ""))
|
||||||
.containsExactlyInAnyOrder(Array.fromFormatted(
|
.containsExactlyInAnyOrder(Array.fromFormatted(
|
||||||
initialGrantNames,
|
initialGrantNames,
|
||||||
"{ grant perm:coopsharestransaction#temprefB:SELECT to role:membership#M-1000101:ADMIN by system and assume }",
|
"{ grant perm:coopsharestransaction#temprefB:SELECT to role:membership#M-1000101:AGENT by system and assume }",
|
||||||
"{ grant perm:coopsharestransaction#temprefB:UPDATE to role:membership#M-1000101:ADMIN by system and assume }",
|
"{ grant perm:coopsharestransaction#temprefB:UPDATE to role:membership#M-1000101:ADMIN by system and assume }",
|
||||||
null));
|
null));
|
||||||
}
|
}
|
||||||
|
@ -335,18 +335,18 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle
|
|||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
void partnerRelAgent_canPatchValidityOfRelatedMembership() {
|
void partnerRelAdmin_canPatchValidityOfRelatedMembership() {
|
||||||
|
|
||||||
// given
|
// given
|
||||||
final var givenPartnerAgent = "hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH:AGENT";
|
final var givenPartnerAdmin = "hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH:ADMIN";
|
||||||
context.define("superuser-alex@hostsharing.net", givenPartnerAgent);
|
context.define("superuser-alex@hostsharing.net", givenPartnerAdmin);
|
||||||
final var givenMembership = givenSomeTemporaryMembershipBessler("First");
|
final var givenMembership = givenSomeTemporaryMembershipBessler("First");
|
||||||
|
|
||||||
// when
|
// when
|
||||||
RestAssured // @formatter:off
|
RestAssured // @formatter:off
|
||||||
.given()
|
.given()
|
||||||
.header("current-user", "superuser-alex@hostsharing.net")
|
.header("current-user", "superuser-alex@hostsharing.net")
|
||||||
.header("assumed-roles", givenPartnerAgent)
|
.header("assumed-roles", givenPartnerAdmin)
|
||||||
.contentType(ContentType.JSON)
|
.contentType(ContentType.JSON)
|
||||||
.body("""
|
.body("""
|
||||||
{
|
{
|
||||||
|
@ -110,9 +110,9 @@ class HsOfficeMembershipRepositoryIntegrationTest extends ContextBasedTestWithCl
|
|||||||
final var all = rawRoleRepo.findAll();
|
final var all = rawRoleRepo.findAll();
|
||||||
assertThat(distinctRoleNamesOf(all)).containsExactlyInAnyOrder(Array.from(
|
assertThat(distinctRoleNamesOf(all)).containsExactlyInAnyOrder(Array.from(
|
||||||
initialRoleNames,
|
initialRoleNames,
|
||||||
"hs_office_membership#M-1000117:ADMIN",
|
|
||||||
"hs_office_membership#M-1000117:OWNER",
|
"hs_office_membership#M-1000117:OWNER",
|
||||||
"hs_office_membership#M-1000117:REFERRER"));
|
"hs_office_membership#M-1000117:ADMIN",
|
||||||
|
"hs_office_membership#M-1000117:AGENT"));
|
||||||
assertThat(distinctGrantDisplaysOf(rawGrantRepo.findAll()))
|
assertThat(distinctGrantDisplaysOf(rawGrantRepo.findAll()))
|
||||||
.map(s -> s.replace("hs_office_", ""))
|
.map(s -> s.replace("hs_office_", ""))
|
||||||
.containsExactlyInAnyOrder(Array.fromFormatted(
|
.containsExactlyInAnyOrder(Array.fromFormatted(
|
||||||
@ -121,22 +121,24 @@ class HsOfficeMembershipRepositoryIntegrationTest extends ContextBasedTestWithCl
|
|||||||
"{ grant perm:membership#M-1000117:INSERT>coopassetstransaction to role:membership#M-1000117:ADMIN by system and assume }",
|
"{ grant perm:membership#M-1000117:INSERT>coopassetstransaction to role:membership#M-1000117:ADMIN by system and assume }",
|
||||||
"{ grant perm:membership#M-1000117:INSERT>coopsharestransaction to role:membership#M-1000117:ADMIN by system and assume }",
|
"{ grant perm:membership#M-1000117:INSERT>coopsharestransaction to role:membership#M-1000117:ADMIN by system and assume }",
|
||||||
|
|
||||||
|
// insert
|
||||||
|
"{ grant perm INSERT into coopassetstransaction with membership#M-1000117 to role membership#M-1000117.admin by system and assume }",
|
||||||
|
"{ grant perm INSERT into coopsharestransaction with membership#M-1000117 to role membership#M-1000117.admin by system and assume }",
|
||||||
|
|
||||||
// owner
|
// owner
|
||||||
"{ grant perm:membership#M-1000117:DELETE to role:membership#M-1000117:OWNER by system and assume }",
|
"{ grant perm DELETE on membership#M-1000117 to role membership#M-1000117.admin by system and assume }",
|
||||||
|
"{ grant role membership#M-1000117.owner to user superuser-alex@hostsharing.net by membership#M-1000117.owner and assume }",
|
||||||
|
|
||||||
// admin
|
// admin
|
||||||
"{ grant perm:membership#M-1000117:UPDATE to role:membership#M-1000117:ADMIN by system and assume }",
|
"{ grant perm UPDATE on membership#M-1000117 to role membership#M-1000117.admin by system and assume }",
|
||||||
"{ grant role:membership#M-1000117:ADMIN to role:membership#M-1000117:OWNER by system and assume }",
|
"{ grant role membership#M-1000117.admin to role membership#M-1000117.owner by system and assume }",
|
||||||
"{ grant role:membership#M-1000117:OWNER to role:relation#HostsharingeG-with-PARTNER-FirstGmbH:ADMIN by system and assume }",
|
"{ grant role membership#M-1000117.admin to role relation#HostsharingeG-with-PARTNER-FirstGmbH.admin by system and assume }",
|
||||||
"{ grant role:membership#M-1000117:OWNER to user:superuser-alex@hostsharing.net by membership#M-1000117:OWNER and assume }",
|
|
||||||
|
|
||||||
// agent
|
// agent
|
||||||
"{ grant role:membership#M-1000117:ADMIN to role:relation#HostsharingeG-with-PARTNER-FirstGmbH:AGENT by system and assume }",
|
"{ grant perm SELECT on membership#M-1000117 to role membership#M-1000117.agent by system and assume }",
|
||||||
|
"{ grant role membership#M-1000117.agent to role membership#M-1000117.admin by system and assume }",
|
||||||
// referrer
|
"{ grant role membership#M-1000117.agent to role relation#HostsharingeG-with-PARTNER-FirstGmbH.agent by system and assume }",
|
||||||
"{ grant perm:membership#M-1000117:SELECT to role:membership#M-1000117:REFERRER by system and assume }",
|
"{ grant role relation#HostsharingeG-with-PARTNER-FirstGmbH.tenant to role membership#M-1000117.agent by system and assume }",
|
||||||
"{ grant role:membership#M-1000117:REFERRER to role:membership#M-1000117:ADMIN by system and assume }",
|
|
||||||
"{ grant role:relation#HostsharingeG-with-PARTNER-FirstGmbH:TENANT to role:membership#M-1000117:REFERRER by system and assume }",
|
|
||||||
|
|
||||||
null));
|
null));
|
||||||
}
|
}
|
||||||
@ -224,20 +226,20 @@ class HsOfficeMembershipRepositoryIntegrationTest extends ContextBasedTestWithCl
|
|||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void membershipReferrer_canViewButNotUpdateRelatedMembership() {
|
public void membershipAgent_canViewButNotUpdateRelatedMembership() {
|
||||||
// given
|
// given
|
||||||
context("superuser-alex@hostsharing.net");
|
context("superuser-alex@hostsharing.net");
|
||||||
final var givenMembership = givenSomeTemporaryMembership("First", "13");
|
final var givenMembership = givenSomeTemporaryMembership("First", "13");
|
||||||
assertThatMembershipExistsAndIsAccessibleToCurrentContext(givenMembership);
|
assertThatMembershipExistsAndIsAccessibleToCurrentContext(givenMembership);
|
||||||
assertThatMembershipIsVisibleForRole(
|
assertThatMembershipIsVisibleForRole(
|
||||||
givenMembership,
|
givenMembership,
|
||||||
"hs_office_membership#M-1000113:REFERRER");
|
"hs_office_membership#M-1000113:AGENT");
|
||||||
final var newValidityEnd = LocalDate.now();
|
final var newValidityEnd = LocalDate.now();
|
||||||
|
|
||||||
// when
|
// when
|
||||||
final var result = jpaAttempt.transacted(() -> {
|
final var result = jpaAttempt.transacted(() -> {
|
||||||
// TODO: we should test with debitor- and partner-admin as well
|
// TODO: we should test with debitor- and partner-admin as well
|
||||||
context("superuser-alex@hostsharing.net", "hs_office_membership#M-1000113:REFERRER");
|
context("superuser-alex@hostsharing.net", "hs_office_membership#M-1000113:AGENT");
|
||||||
givenMembership.setValidity(
|
givenMembership.setValidity(
|
||||||
Range.closedOpen(givenMembership.getValidity().lower(), newValidityEnd));
|
Range.closedOpen(givenMembership.getValidity().lower(), newValidityEnd));
|
||||||
return membershipRepo.save(givenMembership);
|
return membershipRepo.save(givenMembership);
|
||||||
|
Loading…
Reference in New Issue
Block a user