Compare commits
No commits in common. "d522b1cb42b4758f282806172d37215e51456115" and "d7643f0f25f9cf97b500cac3c94cb96477765bd6" have entirely different histories.
d522b1cb42
...
d7643f0f25
@ -1,6 +1,6 @@
|
|||||||
-- just a permanent playground to explore optimization of the central recursive CTE query for RBAC
|
-- just a permanent playground to explore optimization of the central recursive CTE query for RBAC
|
||||||
|
|
||||||
select * from hs_statistics_v;
|
select * from hs_statistics_view;
|
||||||
|
|
||||||
-- ========================================================
|
-- ========================================================
|
||||||
|
|
||||||
|
@ -12,7 +12,7 @@ import java.util.List;
|
|||||||
import java.util.UUID;
|
import java.util.UUID;
|
||||||
|
|
||||||
@Entity
|
@Entity
|
||||||
@Table(schema = "rbac", name = "grants_ev")
|
@Table(name = "rbacgrants_ev")
|
||||||
@Getter
|
@Getter
|
||||||
@Setter
|
@Setter
|
||||||
@Builder
|
@Builder
|
||||||
|
@ -8,7 +8,7 @@ import jakarta.persistence.*;
|
|||||||
import java.util.UUID;
|
import java.util.UUID;
|
||||||
|
|
||||||
@Entity
|
@Entity
|
||||||
@Table(schema = "rbac", name = "grants_rv")
|
@Table(name = "rbacgrants_rv")
|
||||||
@IdClass(RbacGrantId.class)
|
@IdClass(RbacGrantId.class)
|
||||||
@Getter
|
@Getter
|
||||||
@Setter
|
@Setter
|
||||||
|
@ -52,8 +52,8 @@ grant all privileges on rbac.role_rv to ${HSADMINNG_POSTGRES_RESTRICTED_USERNAME
|
|||||||
Creates a view to the grants table with additional columns
|
Creates a view to the grants table with additional columns
|
||||||
for easier human readability.
|
for easier human readability.
|
||||||
*/
|
*/
|
||||||
drop view if exists rbac.grants_ev;
|
drop view if exists rbacgrants_ev;
|
||||||
create or replace view rbac.grants_ev as
|
create or replace view rbacgrants_ev as
|
||||||
-- @formatter:off
|
-- @formatter:off
|
||||||
select x.grantUuid as uuid,
|
select x.grantUuid as uuid,
|
||||||
x.grantedByTriggerOf as grantedByTriggerOf,
|
x.grantedByTriggerOf as grantedByTriggerOf,
|
||||||
@ -112,7 +112,8 @@ create or replace view rbac.grants_ev as
|
|||||||
Creates a view to the grants table with row-level limitation
|
Creates a view to the grants table with row-level limitation
|
||||||
based on the direct grants of the current user.
|
based on the direct grants of the current user.
|
||||||
*/
|
*/
|
||||||
create or replace view rbac.grants_rv as
|
drop view if exists rbacgrants_rv;
|
||||||
|
create or replace view rbacgrants_rv as
|
||||||
-- @formatter:off
|
-- @formatter:off
|
||||||
select o.objectTable || '#' || base.findIdNameByObjectUuid(o.objectTable, o.uuid) || ':' || r.roletype as grantedByRoleIdName,
|
select o.objectTable || '#' || base.findIdNameByObjectUuid(o.objectTable, o.uuid) || ':' || r.roletype as grantedByRoleIdName,
|
||||||
g.objectTable || '#' || g.objectIdName || ':' || g.roletype as grantedRoleIdName, g.userName, g.assumed,
|
g.objectTable || '#' || g.objectIdName || ':' || g.roletype as grantedRoleIdName, g.userName, g.assumed,
|
||||||
@ -141,28 +142,28 @@ grant all privileges on rbac.role_rv to ${HSADMINNG_POSTGRES_RESTRICTED_USERNAME
|
|||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
|
|
||||||
/**
|
/**
|
||||||
Instead of insert trigger function for rbac.grants_rv.
|
Instead of insert trigger function for RbacGrants_RV.
|
||||||
*/
|
*/
|
||||||
create or replace function rbac.insert_grant_tf()
|
create or replace function rbac.insert_grant_tf()
|
||||||
returns trigger
|
returns trigger
|
||||||
language plpgsql as $$
|
language plpgsql as $$
|
||||||
declare
|
declare
|
||||||
newGrant rbac.grants_rv;
|
newGrant RbacGrants_RV;
|
||||||
begin
|
begin
|
||||||
call rbac.grantRoleToSubject(rbac.assumedRoleUuid(), new.grantedRoleUuid, new.subjectUuid, new.assumed);
|
call rbac.grantRoleToSubject(rbac.assumedRoleUuid(), new.grantedRoleUuid, new.subjectUuid, new.assumed);
|
||||||
select grv.*
|
select grv.*
|
||||||
from rbac.grants_rv grv
|
from RbacGrants_RV grv
|
||||||
where grv.subjectUuid=new.subjectUuid and grv.grantedRoleUuid=new.grantedRoleUuid
|
where grv.subjectUuid=new.subjectUuid and grv.grantedRoleUuid=new.grantedRoleUuid
|
||||||
into newGrant;
|
into newGrant;
|
||||||
return newGrant;
|
return newGrant;
|
||||||
end; $$;
|
end; $$;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
Creates an instead of insert trigger for the rbac.grants_rv view.
|
Creates an instead of insert trigger for the RbacGrants_rv view.
|
||||||
*/
|
*/
|
||||||
create trigger insert_grant_tg
|
create trigger insert_grant_tg
|
||||||
instead of insert
|
instead of insert
|
||||||
on rbac.grants_rv
|
on RbacGrants_rv
|
||||||
for each row
|
for each row
|
||||||
execute function rbac.insert_grant_tf();
|
execute function rbac.insert_grant_tf();
|
||||||
--/
|
--/
|
||||||
@ -173,7 +174,7 @@ execute function rbac.insert_grant_tf();
|
|||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
|
|
||||||
/**
|
/**
|
||||||
Instead of delete trigger function for rbac.grants_rv.
|
Instead of delete trigger function for RbacGrants_RV.
|
||||||
|
|
||||||
Checks if the current subject or assumed role have the permission to revoke the grant.
|
Checks if the current subject or assumed role have the permission to revoke the grant.
|
||||||
*/
|
*/
|
||||||
@ -186,11 +187,11 @@ begin
|
|||||||
end; $$;
|
end; $$;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
Creates an instead of delete trigger for the rbac.grants_rv view.
|
Creates an instead of delete trigger for the RbacGrants_rv view.
|
||||||
*/
|
*/
|
||||||
create trigger delete_grant_tg
|
create trigger delete_grant_tg
|
||||||
instead of delete
|
instead of delete
|
||||||
on rbac.grants_rv
|
on RbacGrants_rv
|
||||||
for each row
|
for each row
|
||||||
execute function rbac.delete_grant_tf();
|
execute function rbac.delete_grant_tf();
|
||||||
--/
|
--/
|
||||||
|
@ -3,7 +3,7 @@
|
|||||||
-- ============================================================================
|
-- ============================================================================
|
||||||
--changeset hs-global-object-statistics:1 endDelimiter:--//
|
--changeset hs-global-object-statistics:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
CREATE VIEW hs_statistics_v AS
|
CREATE VIEW hs_statistics_view AS
|
||||||
select *
|
select *
|
||||||
from (select count, "table" as "rbac-table", '' as "hs-table", '' as "type"
|
from (select count, "table" as "rbac-table", '' as "hs-table", '' as "type"
|
||||||
from rbac.statistics_v
|
from rbac.statistics_v
|
||||||
|
Loading…
Reference in New Issue
Block a user