hostsharing/hs.hsadmin.ng
6
0
Fork 0
Code Pull Requests 2 Activity

Compare commits

base: hostsharing:b97243f28f0a1f52d400ba89e68e6537259bc19c
Branches Tags
hostsharing:master
hostsharing:feature/implement-coop-asset-transaction-reversal
hostsharing:TP-20241126-znuny-view-customer_company
hostsharing:office-rbac-revision
hostsharing:feature/introduce-global-agent-for-non-hostmaster-admins
hostsharing:spike/auto-build
hostsharing:java-for-gradlew
hostsharing:TP-202408-cors_webui
hostsharing:idea-bug-refactor-inline
hostsharing:api-vision
hostsharing:rbac-object-scope-to-replace-serial-id
hostsharing:office-related-spec-clarifications-and-amendmends
hostsharing:revert-upgrade-openapiprocessor-spring-back-to-2022-5
hostsharing:upgrade-io.openapiprocessoropenapi-processor-spring-to-2024.2
hostsharing:spike/JSonSerializerDeserializerForDTOs
hostsharing:spike/master-detail-for-customer-and-contacts
..
compare: hostsharing:bb3f979273b46d43831be97ae080259904802dbf
Branches Tags
hostsharing:feature/implement-coop-asset-transaction-reversal
hostsharing:TP-20241126-znuny-view-customer_company
hostsharing:master
hostsharing:office-rbac-revision
hostsharing:feature/introduce-global-agent-for-non-hostmaster-admins
hostsharing:spike/auto-build
hostsharing:java-for-gradlew
hostsharing:TP-202408-cors_webui
hostsharing:idea-bug-refactor-inline
hostsharing:api-vision
hostsharing:rbac-object-scope-to-replace-serial-id
hostsharing:office-related-spec-clarifications-and-amendmends
hostsharing:revert-upgrade-openapiprocessor-spring-back-to-2022-5
hostsharing:upgrade-io.openapiprocessoropenapi-processor-spring-to-2024.2
hostsharing:spike/JSonSerializerDeserializerForDTOs
hostsharing:spike/master-detail-for-customer-and-contacts

No commits in common. "b97243f28f0a1f52d400ba89e68e6537259bc19c" and "bb3f979273b46d43831be97ae080259904802dbf" have entirely different histories.
b97243f28f ... bb3f979273

2 changed files with 15 additions and 50 deletions
Show Stats Expand all files Collapse all files

41
src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RolesGrantsAndPermissionsGenerator.java
View File

@ -91,37 +91,6 @@ class RolesGrantsAndPermissionsGenerator {
plPgSql.writeLn(); plPgSql.writeLn();
} }
private void generateSimplifiedUpdateTriggerFunction(final StringWriter plPgSql) {
final var updateConditions = updatableEntityAliases()
.map(RbacView.EntityAlias::dependsOnColumName)
.distinct()
.map(columnName -> "NEW." + columnName + " is distinct from OLD." + columnName)
.collect(joining( "\n or "));
plPgSql.writeLn("""
/*
Called from the AFTER UPDATE TRIGGER to re-wire the grants.
*/
create or replace procedure updateRbacRulesFor${simpleEntityName}(
OLD ${rawTableName},
NEW ${rawTableName}
)
language plpgsql as $$
begin
if ${updateConditions} then
delete from rbacgrants g where g.grantedbytriggerof = OLD.uuid;
call buildRbacSystemFor${simpleEntityName}(NEW);
end if;
end; $$;
""",
with("simpleEntityName", simpleEntityName),
with("rawTableName", rawTableName),
with("updateConditions", updateConditions));
}
private void generateUpdateTriggerFunction(final StringWriter plPgSql) { private void generateUpdateTriggerFunction(final StringWriter plPgSql) {
plPgSql.writeLn(""" plPgSql.writeLn("""
/* /*
@ -165,12 +134,6 @@ class RolesGrantsAndPermissionsGenerator {
return updatableEntityAliases().anyMatch(e -> true); return updatableEntityAliases().anyMatch(e -> true);
} }
private boolean hasAnyUpdatableAndNullableEntityAliases() {
return updatableEntityAliases()
.filter(ea -> ea.nullable() == RbacView.Nullable.NULLABLE)
.anyMatch(e -> true);
}
private void generateCreateRolesAndGrantsAfterInsert(final StringWriter plPgSql) { private void generateCreateRolesAndGrantsAfterInsert(final StringWriter plPgSql) {
referencedEntityAliases() referencedEntityAliases()
.forEach((ea) -> { .forEach((ea) -> {
@ -502,11 +465,7 @@ class RolesGrantsAndPermissionsGenerator {
private void generateUpdateTrigger(final StringWriter plPgSql) { private void generateUpdateTrigger(final StringWriter plPgSql) {
generateHeader(plPgSql, "update"); generateHeader(plPgSql, "update");
if ( hasAnyUpdatableAndNullableEntityAliases() ) {
generateSimplifiedUpdateTriggerFunction(plPgSql);
} else {
generateUpdateTriggerFunction(plPgSql); generateUpdateTriggerFunction(plPgSql);
}
plPgSql.writeLn(""" plPgSql.writeLn("""
/* /*

18
src/main/resources/db/changelog/273-hs-office-debitor-rbac.sql
View File

@ -1,5 +1,5 @@
--liquibase formatted sql --liquibase formatted sql
-- This code generated was by RbacViewPostgresGenerator at 2024-03-20T13:55:16.722860098. -- This code generated was by RbacViewPostgresGenerator at 2024-03-16T13:52:18.491882945.
-- ============================================================================ -- ============================================================================
@ -54,7 +54,7 @@ begin
SELECT * SELECT *
FROM hs_office_bankaccount AS b FROM hs_office_bankaccount AS b
WHERE b.uuid = NEW.refundBankAccountUuid WHERE b.uuid = NEW.refundbankaccountuuid
INTO newRefundBankAccount; INTO newRefundBankAccount;
call grantRoleToRole(hsOfficeBankAccountReferrer(newRefundBankAccount), hsOfficeRelationshipAgent(newDebitorRel)); call grantRoleToRole(hsOfficeBankAccountReferrer(newRefundBankAccount), hsOfficeRelationshipAgent(newDebitorRel));
@ -103,13 +103,19 @@ create or replace procedure updateRbacRulesForHsOfficeDebitor(
NEW hs_office_debitor NEW hs_office_debitor
) )
language plpgsql as $$ language plpgsql as $$
begin
if NEW.debitorRelUuid is distinct from OLD.debitorRelUuid declare
or NEW.refundBankAccountUuid is distinct from OLD.refundBankAccountUuid then oldPartnerRel hs_office_relationship;
newPartnerRel hs_office_relationship;
oldDebitorRel hs_office_relationship;
newDebitorRel hs_office_relationship;
oldRefundBankAccount hs_office_bankaccount;
newRefundBankAccount hs_office_bankaccount;
begin
delete from rbacgrants g where g.grantedbytriggerof = OLD.uuid; delete from rbacgrants g where g.grantedbytriggerof = OLD.uuid;
call buildRbacSystemForHsOfficeDebitor(NEW); call buildRbacSystemForHsOfficeDebitor(NEW);
end if;
end; $$; end; $$;
/* /*