hostsharing/hs.hsadmin.ng
6
0
Fork 0
Code Pull Requests 3 Activity

Compare commits

base: hostsharing:d1c8c30d8b6a40545d73bed405cf263e01dbc151
Branches Tags
hostsharing:master
hostsharing:TP-20240927-importfixes
hostsharing:add-hsoting-asset-to-booking-item-resource-and-created-event
hostsharing:spike/auto-build
hostsharing:office-rbac-revision
hostsharing:java-for-gradlew
hostsharing:TP-202408-cors_webui
hostsharing:TP-202405-filtered_import
hostsharing:idea-bug-refactor-inline
hostsharing:api-vision
hostsharing:rbac-object-scope-to-replace-serial-id
hostsharing:office-related-spec-clarifications-and-amendmends
hostsharing:revert-upgrade-openapiprocessor-spring-back-to-2022-5
hostsharing:upgrade-io.openapiprocessoropenapi-processor-spring-to-2024.2
hostsharing:spike/JSonSerializerDeserializerForDTOs
hostsharing:spike/master-detail-for-customer-and-contacts
...
compare: hostsharing:de570c3dd425125ed6f9c0f98664d47db4967295
Branches Tags
hostsharing:TP-20240927-importfixes
hostsharing:add-hsoting-asset-to-booking-item-resource-and-created-event
hostsharing:master
hostsharing:spike/auto-build
hostsharing:office-rbac-revision
hostsharing:java-for-gradlew
hostsharing:TP-202408-cors_webui
hostsharing:TP-202405-filtered_import
hostsharing:idea-bug-refactor-inline
hostsharing:api-vision
hostsharing:rbac-object-scope-to-replace-serial-id
hostsharing:office-related-spec-clarifications-and-amendmends
hostsharing:revert-upgrade-openapiprocessor-spring-back-to-2022-5
hostsharing:upgrade-io.openapiprocessoropenapi-processor-spring-to-2024.2
hostsharing:spike/JSonSerializerDeserializerForDTOs
hostsharing:spike/master-detail-for-customer-and-contacts

2 Commits
d1c8c30d8b ... de570c3dd4

Author SHA1 Message Date
Michael Hoennig
de570c3dd4 rbac.RoleType 2024-09-13 20:59:17 +02:00
Michael Hoennig
88a8d1ed84 rbac.delete_related_rbac_rules_tf 2024-09-13 20:52:48 +02:00
4 changed files with 13 additions and 12 deletions
Show Stats Expand all files Collapse all files

15
src/main/resources/db/changelog/1-rbac/1050-rbac-base.sql
View File

@ -142,8 +142,9 @@ end; $$;
/*
Deletes related rbac.object for use in the BEFORE DELETE TRIGGERs on the business objects.
Through cascades all related rbac roles and grants are going to be deleted as well.
*/
create or replace function deleteRelatedRbacObject()
create or replace function rbac.delete_related_rbac_rules_tf()
returns trigger
language plpgsql
strict as $$
@ -164,13 +165,13 @@ end; $$;
*/
create type RbacRoleType as enum ('OWNER', 'ADMIN', 'AGENT', 'TENANT', 'GUEST', 'REFERRER');
create type rbac.RoleType as enum ('OWNER', 'ADMIN', 'AGENT', 'TENANT', 'GUEST', 'REFERRER');
create table rbac.role
(
uuid uuid primary key references rbac.reference (uuid) on delete cascade initially deferred, -- initially deferred
objectUuid uuid not null references rbac.object (uuid) initially deferred,
roleType RbacRoleType not null,
roleType rbac.RoleType not null,
unique (objectUuid, roleType)
);
@ -180,7 +181,7 @@ create type RbacRoleDescriptor as
(
objectTable varchar(63), -- for human readability and easier debugging
objectUuid uuid,
roleType RbacRoleType,
roleType rbac.RoleType,
assumed boolean
);
@ -200,13 +201,13 @@ $$;
create or replace function roleDescriptor(
objectTable varchar(63), objectUuid uuid, roleType RbacRoleType,
objectTable varchar(63), objectUuid uuid, roleType rbac.RoleType,
assumed boolean = true) -- just for DSL readability, belongs actually to the grant
returns RbacRoleDescriptor
returns null on null input
stable -- leakproof
language sql as $$
select objectTable, objectUuid, roleType::RbacRoleType, assumed;
select objectTable, objectUuid, roleType::rbac.RoleType, assumed;
$$;
create or replace function createRole(roleDescriptor RbacRoleDescriptor)
@ -242,7 +243,7 @@ create or replace function findRoleId(roleIdName varchar)
language plpgsql as $$
declare
roleParts text;
roleTypeFromRoleIdName RbacRoleType;
roleTypeFromRoleIdName rbac.RoleType;
objectNameFromRoleIdName text;
objectTableFromRoleIdName text;
objectUuidOfRole uuid;

2
src/main/resources/db/changelog/1-rbac/1054-rbac-context.sql
View File

@ -33,7 +33,7 @@ declare
objectTableToAssume varchar(63);
objectNameToAssume varchar(63);
objectUuidToAssume uuid;
roleTypeToAssume RbacRoleType;
roleTypeToAssume rbac.RoleType;
roleIdsToAssume uuid[];
roleUuidToAssume uuid;
begin

4
src/main/resources/db/changelog/1-rbac/1058-rbac-generators.sql
View File

@ -20,11 +20,11 @@ begin
execute createInsertTriggerSQL;
createDeleteTriggerSQL = format($sql$
create trigger deleteRbacRulesFor_%s_Trigger
create trigger delete_related_rbac_rules_for_%s_tg
after delete
on %s
for each row
execute procedure deleteRelatedRbacObject();
execute procedure rbac.delete_related_rbac_rules_tf();
$sql$, targetTable, targetTable);
execute createDeleteTriggerSQL;
end; $$;

4
src/main/resources/db/changelog/1-rbac/1080-rbac-global.sql
View File

@ -114,7 +114,7 @@ create or replace function globalAdmin(assumed boolean = true)
returns null on null input
stable -- leakproof
language sql as $$
select 'rbac.global', (select uuid from rbac.object where objectTable = 'rbac.global'), 'ADMIN'::RbacRoleType, assumed;
select 'rbac.global', (select uuid from rbac.object where objectTable = 'rbac.global'), 'ADMIN'::rbac.RoleType, assumed;
$$;
begin transaction;
@ -135,7 +135,7 @@ create or replace function globalGuest(assumed boolean = true)
returns null on null input
stable -- leakproof
language sql as $$
select 'rbac.global', (select uuid from rbac.object where objectTable = 'rbac.global'), 'GUEST'::RbacRoleType, assumed;
select 'rbac.global', (select uuid from rbac.object where objectTable = 'rbac.global'), 'GUEST'::rbac.RoleType, assumed;
$$;
begin transaction;