hostsharing/hs.hsadmin.ng
6
0
Fork 0
Code Pull Requests 2 Activity

Compare commits

base: hostsharing:ce40126e6b706eb32da48570231c844a41a89699
Branches Tags
hostsharing:master
hostsharing:feature/add-advanced-scenario-tests-for-coop-assets
hostsharing:feature/introduce-hasGlobalAdminRole-to-optimize-rbac-select-queries
hostsharing:office-rbac-revision
hostsharing:feature/introduce-global-agent-for-non-hostmaster-admins
hostsharing:spike/auto-build
hostsharing:java-for-gradlew
hostsharing:TP-202408-cors_webui
hostsharing:TP-202405-filtered_import
hostsharing:idea-bug-refactor-inline
hostsharing:api-vision
hostsharing:rbac-object-scope-to-replace-serial-id
hostsharing:office-related-spec-clarifications-and-amendmends
hostsharing:revert-upgrade-openapiprocessor-spring-back-to-2022-5
hostsharing:upgrade-io.openapiprocessoropenapi-processor-spring-to-2024.2
hostsharing:spike/JSonSerializerDeserializerForDTOs
hostsharing:spike/master-detail-for-customer-and-contacts
..
compare: hostsharing:a4054b310da607ad45c0a9a2a9f74b11d1ea8a90
Branches Tags
hostsharing:feature/add-advanced-scenario-tests-for-coop-assets
hostsharing:feature/introduce-hasGlobalAdminRole-to-optimize-rbac-select-queries
hostsharing:master
hostsharing:office-rbac-revision
hostsharing:feature/introduce-global-agent-for-non-hostmaster-admins
hostsharing:spike/auto-build
hostsharing:java-for-gradlew
hostsharing:TP-202408-cors_webui
hostsharing:TP-202405-filtered_import
hostsharing:idea-bug-refactor-inline
hostsharing:api-vision
hostsharing:rbac-object-scope-to-replace-serial-id
hostsharing:office-related-spec-clarifications-and-amendmends
hostsharing:revert-upgrade-openapiprocessor-spring-back-to-2022-5
hostsharing:upgrade-io.openapiprocessoropenapi-processor-spring-to-2024.2
hostsharing:spike/JSonSerializerDeserializerForDTOs
hostsharing:spike/master-detail-for-customer-and-contacts

3 Commits
ce40126e6b ... a4054b310d

Author SHA1 Message Date
Michael Hoennig
a4054b310d add schema rbactest (not just 'test') 2024-09-16 11:59:44 +02:00
Michael Hoennig
dccd9bb6af add schema handling to rbac.generateRelatedRbacObject(varchar) 2024-09-16 11:25:04 +02:00
Michael Hoennig
0446274f11 add schema handling in rbac.insert_related_object() 2024-09-16 11:22:47 +02:00
19 changed files with 67 additions and 43 deletions
Show Stats Expand all files Collapse all files

2
src/main/java/net/hostsharing/hsadminng/rbac/test/cust/TestCustomerEntity.java
View File

@ -62,6 +62,6 @@ public class TestCustomerEntity implements BaseEntity<TestCustomerEntity> {
} }
public static void main(String[] args) throws IOException { public static void main(String[] args) throws IOException {
rbac().generateWithBaseFileName("2-test/201-test-customer/2013-test-customer-rbac"); rbac().generateWithBaseFileName("2-rbactest/201-rbactest-customer/2013-rbactest-customer-rbac");
} }
} }

2
src/main/java/net/hostsharing/hsadminng/rbac/test/dom/TestDomainEntity.java
View File

@ -68,6 +68,6 @@ public class TestDomainEntity implements BaseEntity<TestDomainEntity> {
} }
public static void main(String[] args) throws IOException { public static void main(String[] args) throws IOException {
rbac().generateWithBaseFileName("2-test/203-test-domain/2033-test-domain-rbac"); rbac().generateWithBaseFileName("2-rbactest/203-rbactest-domain/2033-rbactest-domain-rbac");
} }
} }

2
src/main/java/net/hostsharing/hsadminng/rbac/test/pac/TestPackageEntity.java
View File

@ -69,6 +69,6 @@ public class TestPackageEntity implements BaseEntity<TestPackageEntity> {
} }
public static void main(String[] args) throws IOException { public static void main(String[] args) throws IOException {
rbac().generateWithBaseFileName("2-test/202-test-package/2023-test-package-rbac"); rbac().generateWithBaseFileName("2-rbactest/202-rbactest-package/2023-rbactest-package-rbac");
} }
} }

8
src/main/resources/db/changelog/1-rbac/1050-rbac-base.sql
View File

@ -3,9 +3,7 @@
-- ============================================================================ -- ============================================================================
--changeset michael.hoennig:rbac-base-REFERENCE endDelimiter:--// --changeset michael.hoennig:rbac-base-REFERENCE endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
/*
*/
create type rbac.ReferenceType as enum ('rbac.subject', 'rbac.role', 'rbac.permission'); create type rbac.ReferenceType as enum ('rbac.subject', 'rbac.role', 'rbac.permission');
create table rbac.reference create table rbac.reference
@ -120,18 +118,20 @@ create or replace function rbac.insert_related_object()
strict as $$ strict as $$
declare declare
objectUuid uuid; objectUuid uuid;
tableSchemaAndName text;
begin begin
tableSchemaAndName := base.combine_table_schema_and_name(TG_TABLE_SCHEMA, TG_TABLE_NAME);
if TG_OP = 'INSERT' then if TG_OP = 'INSERT' then
if NEW.uuid is null then if NEW.uuid is null then
insert insert
into rbac.object (objectTable) into rbac.object (objectTable)
values (TG_TABLE_NAME) values (tableSchemaAndName)
returning uuid into objectUuid; returning uuid into objectUuid;
NEW.uuid = objectUuid; NEW.uuid = objectUuid;
else else
insert insert
into rbac.object (uuid, objectTable) into rbac.object (uuid, objectTable)
values (NEW.uuid, TG_TABLE_NAME) values (NEW.uuid, tableSchemaAndName)
returning uuid into objectUuid; returning uuid into objectUuid;
end if; end if;
return NEW; return NEW;

54
src/main/resources/db/changelog/1-rbac/1058-rbac-generators.sql
View File

@ -8,26 +8,40 @@
create or replace procedure rbac.generateRelatedRbacObject(targetTable varchar) create or replace procedure rbac.generateRelatedRbacObject(targetTable varchar)
language plpgsql as $$ language plpgsql as $$
declare declare
targetTableName text;
targetSchemaPrefix text;
createInsertTriggerSQL text; createInsertTriggerSQL text;
createDeleteTriggerSQL text; createDeleteTriggerSQL text;
begin begin
if POSITION('.' IN targetTable) > 0 then
targetSchemaPrefix := SPLIT_PART(targetTable, '.', 1) || '.';
targetTableName := SPLIT_PART(targetTable, '.', 2);
else
targetSchemaPrefix := '';
targetTableName := targetTable;
end if;
if targetSchemaPrefix = '' and targetTableName = 'customer' then
raise exception 'missing targetShemaPrefix: %', targetTable;
end if;
createInsertTriggerSQL = format($sql$ createInsertTriggerSQL = format($sql$
create trigger createRbacObjectFor_%s_Trigger create trigger createRbacObjectFor_%s_insert_tg_1058_25
before insert on %s before insert on %s%s
for each row for each row
execute procedure rbac.insert_related_object(); execute procedure rbac.insert_related_object();
$sql$, targetTable, targetTable); $sql$, targetTableName, targetSchemaPrefix, targetTableName);
execute createInsertTriggerSQL; execute createInsertTriggerSQL;
createDeleteTriggerSQL = format($sql$ createDeleteTriggerSQL = format($sql$
create trigger delete_related_rbac_rules_for_%s_tg create trigger createRbacObjectFor_%s_delete_tg_1058_35
after delete after delete on %s%s
on %s
for each row for each row
execute procedure rbac.delete_related_rbac_rules_tf(); execute procedure rbac.delete_related_rbac_rules_tf();
$sql$, targetTable, targetTable); $sql$, targetTableName, targetSchemaPrefix, targetTableName);
execute createDeleteTriggerSQL; execute createDeleteTriggerSQL;
end; $$; end;
$$;
--// --//
@ -176,7 +190,7 @@ begin
*/ */
sql := format($sql$ sql := format($sql$
create or replace view %1$s_rv as create or replace view %1$s_rv as
with accessible_%1$s_uuids as ( with accessible_uuids as (
with recursive with recursive
recursive_grants as recursive_grants as
(select distinct rbac.grants.descendantuuid, (select distinct rbac.grants.descendantuuid,
@ -209,7 +223,7 @@ begin
) )
select target.* select target.*
from %1$s as target from %1$s as target
where target.uuid in (select * from accessible_%1$s_uuids) where target.uuid in (select * from accessible_uuids)
order by %2$s; order by %2$s;
grant all privileges on %1$s_rv to ${HSADMINNG_POSTGRES_RESTRICTED_USERNAME}; grant all privileges on %1$s_rv to ${HSADMINNG_POSTGRES_RESTRICTED_USERNAME};
@ -219,9 +233,9 @@ begin
/** /**
Instead of insert trigger function for the restricted view. Instead of insert trigger function for the restricted view.
*/ */
newColumns := 'new.' || replace(columnNames, ',', ', new.'); newColumns := 'new.' || replace(columnNames, ', ', ', new.');
sql := format($sql$ sql := format($sql$
create or replace function %1$sInsert() create function %1$s_instead_of_insert_tf()
returns trigger returns trigger
language plpgsql as $f$ language plpgsql as $f$
declare declare
@ -240,11 +254,11 @@ begin
Creates an instead of insert trigger for the restricted view. Creates an instead of insert trigger for the restricted view.
*/ */
sql := format($sql$ sql := format($sql$
create trigger %1$sInsert_tg create trigger instead_of_insert_tg
instead of insert instead of insert
on %1$s_rv on %1$s_rv
for each row for each row
execute function %1$sInsert(); execute function %1$s_instead_of_insert_tf();
$sql$, targetTable); $sql$, targetTable);
execute sql; execute sql;
@ -252,7 +266,7 @@ begin
Instead of delete trigger function for the restricted view. Instead of delete trigger function for the restricted view.
*/ */
sql := format($sql$ sql := format($sql$
create or replace function %1$sDelete() create function %1$s_instead_of_delete_tf()
returns trigger returns trigger
language plpgsql as $f$ language plpgsql as $f$
begin begin
@ -269,11 +283,11 @@ begin
Creates an instead of delete trigger for the restricted view. Creates an instead of delete trigger for the restricted view.
*/ */
sql := format($sql$ sql := format($sql$
create trigger %1$sDelete_tg create trigger instead_of_delete_tg
instead of delete instead of delete
on %1$s_rv on %1$s_rv
for each row for each row
execute function %1$sDelete(); execute function %1$s_instead_of_delete_tf();
$sql$, targetTable); $sql$, targetTable);
execute sql; execute sql;
@ -283,7 +297,7 @@ begin
*/ */
if columnUpdates is not null then if columnUpdates is not null then
sql := format($sql$ sql := format($sql$
create or replace function %1$sUpdate() create function %1$s_instead_of_update_tf()
returns trigger returns trigger
language plpgsql as $f$ language plpgsql as $f$
begin begin
@ -302,11 +316,11 @@ begin
Creates an instead of delete trigger for the restricted view. Creates an instead of delete trigger for the restricted view.
*/ */
sql = format($sql$ sql = format($sql$
create trigger %1$sUpdate_tg create trigger instead_of_update_tg
instead of update instead of update
on %1$s_rv on %1$s_rv
for each row for each row
execute function %1$sUpdate(); execute function %1$s_instead_of_update_tf();
$sql$, targetTable); $sql$, targetTable);
execute sql; execute sql;
end if; end if;

8
src/main/resources/db/changelog/2-rbactest/200-rbactest-schema.sql Normal file
View File

@ -0,0 +1,8 @@
--liquibase formatted sql
-- ============================================================================
--changeset michael.hoennig:rbactest-SCHEMA endDelimiter:--//
-- ----------------------------------------------------------------------------
CREATE SCHEMA rbactest; -- just 'test' does not work, databasechangelog gets emptied or deleted
--//

2
src/main/resources/db/changelog/2-test/201-test-customer/2010-test-customer.sql → src/main/resources/db/changelog/2-rbactest/201-rbactest-customer/2010-rbactest-customer.sql
View File

@ -1,7 +1,7 @@
--liquibase formatted sql --liquibase formatted sql
-- ============================================================================ -- ============================================================================
--changeset michael.hoennig:test-customer-MAIN-TABLE endDelimiter:--// --changeset michael.hoennig:rbactest-customer-MAIN-TABLE endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
create table if not exists test_customer create table if not exists test_customer

0
src/main/resources/db/changelog/2-test/201-test-customer/2013-test-customer-rbac.md → src/main/resources/db/changelog/2-rbactest/201-rbactest-customer/2013-rbactest-customer-rbac.md
View File

0
src/main/resources/db/changelog/2-test/201-test-customer/2013-test-customer-rbac.sql → src/main/resources/db/changelog/2-rbactest/201-rbactest-customer/2013-rbactest-customer-rbac.sql
View File

4
src/main/resources/db/changelog/2-test/201-test-customer/2018-test-customer-test-data.sql → src/main/resources/db/changelog/2-rbactest/201-rbactest-customer/2018-rbactest-customer-test-data.sql
View File

@ -2,7 +2,7 @@
-- ============================================================================ -- ============================================================================
--changeset michael.hoennig:test-customer-TEST-DATA-GENERATOR endDelimiter:--// --changeset michael.hoennig:rbactest-customer-TEST-DATA-GENERATOR endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
/* /*
Generates a customer reference number for a given test data counter. Generates a customer reference number for a given test data counter.
@ -67,7 +67,7 @@ end; $$;
-- ============================================================================ -- ============================================================================
--changeset michael.hoennig:test-customer-TEST-DATA-GENERATION context=dev,tc endDelimiter:--// --changeset michael.hoennig:rbactest-customer-TEST-DATA-GENERATION context=dev,tc endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
do language plpgsql $$ do language plpgsql $$

2
src/main/resources/db/changelog/2-test/202-test-package/2020-test-package.sql → src/main/resources/db/changelog/2-rbactest/202-rbactest-package/2020-rbactest-package.sql
View File

@ -1,7 +1,7 @@
--liquibase formatted sql --liquibase formatted sql
-- ============================================================================ -- ============================================================================
--changeset michael.hoennig:test-package-MAIN-TABLE endDelimiter:--// --changeset michael.hoennig:rbactest-package-MAIN-TABLE endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
create table if not exists test_package create table if not exists test_package

0
src/main/resources/db/changelog/2-test/202-test-package/2023-test-package-rbac.md → src/main/resources/db/changelog/2-rbactest/202-rbactest-package/2023-rbactest-package-rbac.md
View File

0
src/main/resources/db/changelog/2-test/202-test-package/2023-test-package-rbac.sql → src/main/resources/db/changelog/2-rbactest/202-rbactest-package/2023-rbactest-package-rbac.sql
View File

4
src/main/resources/db/changelog/2-test/202-test-package/2028-test-package-test-data.sql → src/main/resources/db/changelog/2-rbactest/202-rbactest-package/2028-rbactest-package-test-data.sql
View File

@ -1,7 +1,7 @@
--liquibase formatted sql --liquibase formatted sql
-- ============================================================================ -- ============================================================================
--changeset michael.hoennig:test-package-TEST-DATA-GENERATOR endDelimiter:--// --changeset michael.hoennig:rbactest-package-TEST-DATA-GENERATOR endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
/* /*
Creates the given number of test packages for the given customer. Creates the given number of test packages for the given customer.
@ -59,7 +59,7 @@ $$;
-- ============================================================================ -- ============================================================================
--changeset michael.hoennig:test-package-TEST-DATA-GENERATION context=dev,tc endDelimiter:--// --changeset michael.hoennig:rbactest-package-TEST-DATA-GENERATION context=dev,tc endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
do language plpgsql $$ do language plpgsql $$

2
src/main/resources/db/changelog/2-test/203-test-domain/2030-test-domain.sql → src/main/resources/db/changelog/2-rbactest/203-rbactest-domain/2030-rbactest-domain.sql
View File

@ -1,7 +1,7 @@
--liquibase formatted sql --liquibase formatted sql
-- ============================================================================ -- ============================================================================
--changeset michael.hoennig:test-domain-MAIN-TABLE endDelimiter:--// --changeset michael.hoennig:rbactest-domain-MAIN-TABLE endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
create table if not exists test_domain create table if not exists test_domain

0
src/main/resources/db/changelog/2-test/203-test-domain/2033-test-domain-rbac.md → src/main/resources/db/changelog/2-rbactest/203-rbactest-domain/2033-rbactest-domain-rbac.md
View File

0
src/main/resources/db/changelog/2-test/203-test-domain/2033-test-domain-rbac.sql → src/main/resources/db/changelog/2-rbactest/203-rbactest-domain/2033-rbactest-domain-rbac.sql
View File

0
src/main/resources/db/changelog/2-test/203-test-domain/2038-test-domain-test-data.sql → src/main/resources/db/changelog/2-rbactest/203-rbactest-domain/2038-rbactest-domain-test-data.sql
View File

20
src/main/resources/db/changelog/db.changelog-master.yaml
View File

@ -50,23 +50,25 @@ databaseChangeLog:
- include: - include:
file: db/changelog/1-rbac/1080-rbac-global.sql file: db/changelog/1-rbac/1080-rbac-global.sql
- include: - include:
file: db/changelog/2-test/201-test-customer/2010-test-customer.sql file: db/changelog/2-rbactest/200-rbactest-schema.sql
- include: - include:
file: db/changelog/2-test/201-test-customer/2013-test-customer-rbac.sql file: db/changelog/2-rbactest/201-rbactest-customer/2010-rbactest-customer.sql
- include: - include:
file: db/changelog/2-test/201-test-customer/2018-test-customer-test-data.sql file: db/changelog/2-rbactest/201-rbactest-customer/2013-rbactest-customer-rbac.sql
- include: - include:
file: db/changelog/2-test/202-test-package/2020-test-package.sql file: db/changelog/2-rbactest/201-rbactest-customer/2018-rbactest-customer-test-data.sql
- include: - include:
file: db/changelog/2-test/202-test-package/2023-test-package-rbac.sql file: db/changelog/2-rbactest/202-rbactest-package/2020-rbactest-package.sql
- include: - include:
file: db/changelog/2-test/202-test-package/2028-test-package-test-data.sql file: db/changelog/2-rbactest/202-rbactest-package/2023-rbactest-package-rbac.sql
- include: - include:
file: db/changelog/2-test/203-test-domain/2030-test-domain.sql file: db/changelog/2-rbactest/202-rbactest-package/2028-rbactest-package-test-data.sql
- include: - include:
file: db/changelog/2-test/203-test-domain/2033-test-domain-rbac.sql file: db/changelog/2-rbactest/203-rbactest-domain/2030-rbactest-domain.sql
- include: - include:
file: db/changelog/2-test/203-test-domain/2038-test-domain-test-data.sql file: db/changelog/2-rbactest/203-rbactest-domain/2033-rbactest-domain-rbac.sql
- include:
file: db/changelog/2-rbactest/203-rbactest-domain/2038-rbactest-domain-test-data.sql
- include: - include:
file: db/changelog/5-hs-office/501-contact/5010-hs-office-contact.sql file: db/changelog/5-hs-office/501-contact/5010-hs-office-contact.sql
- include: - include: