hostsharing/hs.hsadmin.ng
6
0
Fork 0
Code Pull Requests 2 Activity

Compare commits

base: hostsharing:d1c8c30d8b6a40545d73bed405cf263e01dbc151
Branches Tags
hostsharing:master
hostsharing:feature/add-advanced-scenario-tests-for-coop-assets
hostsharing:feature/introduce-hasGlobalAdminRole-to-optimize-rbac-select-queries
hostsharing:office-rbac-revision
hostsharing:feature/introduce-global-agent-for-non-hostmaster-admins
hostsharing:spike/auto-build
hostsharing:java-for-gradlew
hostsharing:TP-202408-cors_webui
hostsharing:TP-202405-filtered_import
hostsharing:idea-bug-refactor-inline
hostsharing:api-vision
hostsharing:rbac-object-scope-to-replace-serial-id
hostsharing:office-related-spec-clarifications-and-amendmends
hostsharing:revert-upgrade-openapiprocessor-spring-back-to-2022-5
hostsharing:upgrade-io.openapiprocessoropenapi-processor-spring-to-2024.2
hostsharing:spike/JSonSerializerDeserializerForDTOs
hostsharing:spike/master-detail-for-customer-and-contacts
...
compare: hostsharing:de570c3dd425125ed6f9c0f98664d47db4967295
Branches Tags
hostsharing:feature/add-advanced-scenario-tests-for-coop-assets
hostsharing:feature/introduce-hasGlobalAdminRole-to-optimize-rbac-select-queries
hostsharing:master
hostsharing:office-rbac-revision
hostsharing:feature/introduce-global-agent-for-non-hostmaster-admins
hostsharing:spike/auto-build
hostsharing:java-for-gradlew
hostsharing:TP-202408-cors_webui
hostsharing:TP-202405-filtered_import
hostsharing:idea-bug-refactor-inline
hostsharing:api-vision
hostsharing:rbac-object-scope-to-replace-serial-id
hostsharing:office-related-spec-clarifications-and-amendmends
hostsharing:revert-upgrade-openapiprocessor-spring-back-to-2022-5
hostsharing:upgrade-io.openapiprocessoropenapi-processor-spring-to-2024.2
hostsharing:spike/JSonSerializerDeserializerForDTOs
hostsharing:spike/master-detail-for-customer-and-contacts

2 Commits
d1c8c30d8b ... de570c3dd4

Author SHA1 Message Date
Michael Hoennig
de570c3dd4 rbac.RoleType 2024-09-13 20:59:17 +02:00
Michael Hoennig
88a8d1ed84 rbac.delete_related_rbac_rules_tf 2024-09-13 20:52:48 +02:00
4 changed files with 13 additions and 12 deletions
Show Stats Expand all files Collapse all files

15
src/main/resources/db/changelog/1-rbac/1050-rbac-base.sql
View File

@ -142,8 +142,9 @@ end; $$;
/* /*
Deletes related rbac.object for use in the BEFORE DELETE TRIGGERs on the business objects. Deletes related rbac.object for use in the BEFORE DELETE TRIGGERs on the business objects.
Through cascades all related rbac roles and grants are going to be deleted as well.
*/ */
create or replace function deleteRelatedRbacObject() create or replace function rbac.delete_related_rbac_rules_tf()
returns trigger returns trigger
language plpgsql language plpgsql
strict as $$ strict as $$
@ -164,13 +165,13 @@ end; $$;
*/ */
create type RbacRoleType as enum ('OWNER', 'ADMIN', 'AGENT', 'TENANT', 'GUEST', 'REFERRER'); create type rbac.RoleType as enum ('OWNER', 'ADMIN', 'AGENT', 'TENANT', 'GUEST', 'REFERRER');
create table rbac.role create table rbac.role
( (
uuid uuid primary key references rbac.reference (uuid) on delete cascade initially deferred, -- initially deferred uuid uuid primary key references rbac.reference (uuid) on delete cascade initially deferred, -- initially deferred
objectUuid uuid not null references rbac.object (uuid) initially deferred, objectUuid uuid not null references rbac.object (uuid) initially deferred,
roleType RbacRoleType not null, roleType rbac.RoleType not null,
unique (objectUuid, roleType) unique (objectUuid, roleType)
); );
@ -180,7 +181,7 @@ create type RbacRoleDescriptor as
( (
objectTable varchar(63), -- for human readability and easier debugging objectTable varchar(63), -- for human readability and easier debugging
objectUuid uuid, objectUuid uuid,
roleType RbacRoleType, roleType rbac.RoleType,
assumed boolean assumed boolean
); );
@ -200,13 +201,13 @@ $$;
create or replace function roleDescriptor( create or replace function roleDescriptor(
objectTable varchar(63), objectUuid uuid, roleType RbacRoleType, objectTable varchar(63), objectUuid uuid, roleType rbac.RoleType,
assumed boolean = true) -- just for DSL readability, belongs actually to the grant assumed boolean = true) -- just for DSL readability, belongs actually to the grant
returns RbacRoleDescriptor returns RbacRoleDescriptor
returns null on null input returns null on null input
stable -- leakproof stable -- leakproof
language sql as $$ language sql as $$
select objectTable, objectUuid, roleType::RbacRoleType, assumed; select objectTable, objectUuid, roleType::rbac.RoleType, assumed;
$$; $$;
create or replace function createRole(roleDescriptor RbacRoleDescriptor) create or replace function createRole(roleDescriptor RbacRoleDescriptor)
@ -242,7 +243,7 @@ create or replace function findRoleId(roleIdName varchar)
language plpgsql as $$ language plpgsql as $$
declare declare
roleParts text; roleParts text;
roleTypeFromRoleIdName RbacRoleType; roleTypeFromRoleIdName rbac.RoleType;
objectNameFromRoleIdName text; objectNameFromRoleIdName text;
objectTableFromRoleIdName text; objectTableFromRoleIdName text;
objectUuidOfRole uuid; objectUuidOfRole uuid;

2
src/main/resources/db/changelog/1-rbac/1054-rbac-context.sql
View File

@ -33,7 +33,7 @@ declare
objectTableToAssume varchar(63); objectTableToAssume varchar(63);
objectNameToAssume varchar(63); objectNameToAssume varchar(63);
objectUuidToAssume uuid; objectUuidToAssume uuid;
roleTypeToAssume RbacRoleType; roleTypeToAssume rbac.RoleType;
roleIdsToAssume uuid[]; roleIdsToAssume uuid[];
roleUuidToAssume uuid; roleUuidToAssume uuid;
begin begin

4
src/main/resources/db/changelog/1-rbac/1058-rbac-generators.sql
View File

@ -20,11 +20,11 @@ begin
execute createInsertTriggerSQL; execute createInsertTriggerSQL;
createDeleteTriggerSQL = format($sql$ createDeleteTriggerSQL = format($sql$
create trigger deleteRbacRulesFor_%s_Trigger create trigger delete_related_rbac_rules_for_%s_tg
after delete after delete
on %s on %s
for each row for each row
execute procedure deleteRelatedRbacObject(); execute procedure rbac.delete_related_rbac_rules_tf();
$sql$, targetTable, targetTable); $sql$, targetTable, targetTable);
execute createDeleteTriggerSQL; execute createDeleteTriggerSQL;
end; $$; end; $$;

4
src/main/resources/db/changelog/1-rbac/1080-rbac-global.sql
View File

@ -114,7 +114,7 @@ create or replace function globalAdmin(assumed boolean = true)
returns null on null input returns null on null input
stable -- leakproof stable -- leakproof
language sql as $$ language sql as $$
select 'rbac.global', (select uuid from rbac.object where objectTable = 'rbac.global'), 'ADMIN'::RbacRoleType, assumed; select 'rbac.global', (select uuid from rbac.object where objectTable = 'rbac.global'), 'ADMIN'::rbac.RoleType, assumed;
$$; $$;
begin transaction; begin transaction;
@ -135,7 +135,7 @@ create or replace function globalGuest(assumed boolean = true)
returns null on null input returns null on null input
stable -- leakproof stable -- leakproof
language sql as $$ language sql as $$
select 'rbac.global', (select uuid from rbac.object where objectTable = 'rbac.global'), 'GUEST'::RbacRoleType, assumed; select 'rbac.global', (select uuid from rbac.object where objectTable = 'rbac.global'), 'GUEST'::rbac.RoleType, assumed;
$$; $$;
begin transaction; begin transaction;