Compare commits

...

2 Commits

Author SHA1 Message Date
Michael Hoennig
de570c3dd4 rbac.RoleType 2024-09-13 20:59:17 +02:00
Michael Hoennig
88a8d1ed84 rbac.delete_related_rbac_rules_tf 2024-09-13 20:52:48 +02:00
4 changed files with 13 additions and 12 deletions

View File

@ -142,8 +142,9 @@ end; $$;
/* /*
Deletes related rbac.object for use in the BEFORE DELETE TRIGGERs on the business objects. Deletes related rbac.object for use in the BEFORE DELETE TRIGGERs on the business objects.
Through cascades all related rbac roles and grants are going to be deleted as well.
*/ */
create or replace function deleteRelatedRbacObject() create or replace function rbac.delete_related_rbac_rules_tf()
returns trigger returns trigger
language plpgsql language plpgsql
strict as $$ strict as $$
@ -164,13 +165,13 @@ end; $$;
*/ */
create type RbacRoleType as enum ('OWNER', 'ADMIN', 'AGENT', 'TENANT', 'GUEST', 'REFERRER'); create type rbac.RoleType as enum ('OWNER', 'ADMIN', 'AGENT', 'TENANT', 'GUEST', 'REFERRER');
create table rbac.role create table rbac.role
( (
uuid uuid primary key references rbac.reference (uuid) on delete cascade initially deferred, -- initially deferred uuid uuid primary key references rbac.reference (uuid) on delete cascade initially deferred, -- initially deferred
objectUuid uuid not null references rbac.object (uuid) initially deferred, objectUuid uuid not null references rbac.object (uuid) initially deferred,
roleType RbacRoleType not null, roleType rbac.RoleType not null,
unique (objectUuid, roleType) unique (objectUuid, roleType)
); );
@ -180,7 +181,7 @@ create type RbacRoleDescriptor as
( (
objectTable varchar(63), -- for human readability and easier debugging objectTable varchar(63), -- for human readability and easier debugging
objectUuid uuid, objectUuid uuid,
roleType RbacRoleType, roleType rbac.RoleType,
assumed boolean assumed boolean
); );
@ -200,13 +201,13 @@ $$;
create or replace function roleDescriptor( create or replace function roleDescriptor(
objectTable varchar(63), objectUuid uuid, roleType RbacRoleType, objectTable varchar(63), objectUuid uuid, roleType rbac.RoleType,
assumed boolean = true) -- just for DSL readability, belongs actually to the grant assumed boolean = true) -- just for DSL readability, belongs actually to the grant
returns RbacRoleDescriptor returns RbacRoleDescriptor
returns null on null input returns null on null input
stable -- leakproof stable -- leakproof
language sql as $$ language sql as $$
select objectTable, objectUuid, roleType::RbacRoleType, assumed; select objectTable, objectUuid, roleType::rbac.RoleType, assumed;
$$; $$;
create or replace function createRole(roleDescriptor RbacRoleDescriptor) create or replace function createRole(roleDescriptor RbacRoleDescriptor)
@ -242,7 +243,7 @@ create or replace function findRoleId(roleIdName varchar)
language plpgsql as $$ language plpgsql as $$
declare declare
roleParts text; roleParts text;
roleTypeFromRoleIdName RbacRoleType; roleTypeFromRoleIdName rbac.RoleType;
objectNameFromRoleIdName text; objectNameFromRoleIdName text;
objectTableFromRoleIdName text; objectTableFromRoleIdName text;
objectUuidOfRole uuid; objectUuidOfRole uuid;

View File

@ -33,7 +33,7 @@ declare
objectTableToAssume varchar(63); objectTableToAssume varchar(63);
objectNameToAssume varchar(63); objectNameToAssume varchar(63);
objectUuidToAssume uuid; objectUuidToAssume uuid;
roleTypeToAssume RbacRoleType; roleTypeToAssume rbac.RoleType;
roleIdsToAssume uuid[]; roleIdsToAssume uuid[];
roleUuidToAssume uuid; roleUuidToAssume uuid;
begin begin

View File

@ -20,11 +20,11 @@ begin
execute createInsertTriggerSQL; execute createInsertTriggerSQL;
createDeleteTriggerSQL = format($sql$ createDeleteTriggerSQL = format($sql$
create trigger deleteRbacRulesFor_%s_Trigger create trigger delete_related_rbac_rules_for_%s_tg
after delete after delete
on %s on %s
for each row for each row
execute procedure deleteRelatedRbacObject(); execute procedure rbac.delete_related_rbac_rules_tf();
$sql$, targetTable, targetTable); $sql$, targetTable, targetTable);
execute createDeleteTriggerSQL; execute createDeleteTriggerSQL;
end; $$; end; $$;

View File

@ -114,7 +114,7 @@ create or replace function globalAdmin(assumed boolean = true)
returns null on null input returns null on null input
stable -- leakproof stable -- leakproof
language sql as $$ language sql as $$
select 'rbac.global', (select uuid from rbac.object where objectTable = 'rbac.global'), 'ADMIN'::RbacRoleType, assumed; select 'rbac.global', (select uuid from rbac.object where objectTable = 'rbac.global'), 'ADMIN'::rbac.RoleType, assumed;
$$; $$;
begin transaction; begin transaction;
@ -135,7 +135,7 @@ create or replace function globalGuest(assumed boolean = true)
returns null on null input returns null on null input
stable -- leakproof stable -- leakproof
language sql as $$ language sql as $$
select 'rbac.global', (select uuid from rbac.object where objectTable = 'rbac.global'), 'GUEST'::RbacRoleType, assumed; select 'rbac.global', (select uuid from rbac.object where objectTable = 'rbac.global'), 'GUEST'::rbac.RoleType, assumed;
$$; $$;
begin transaction; begin transaction;