Compare commits

..

No commits in common. "de570c3dd425125ed6f9c0f98664d47db4967295" and "d1c8c30d8b6a40545d73bed405cf263e01dbc151" have entirely different histories.

4 changed files with 12 additions and 13 deletions

View File

@ -142,9 +142,8 @@ end; $$;
/* /*
Deletes related rbac.object for use in the BEFORE DELETE TRIGGERs on the business objects. Deletes related rbac.object for use in the BEFORE DELETE TRIGGERs on the business objects.
Through cascades all related rbac roles and grants are going to be deleted as well.
*/ */
create or replace function rbac.delete_related_rbac_rules_tf() create or replace function deleteRelatedRbacObject()
returns trigger returns trigger
language plpgsql language plpgsql
strict as $$ strict as $$
@ -165,13 +164,13 @@ end; $$;
*/ */
create type rbac.RoleType as enum ('OWNER', 'ADMIN', 'AGENT', 'TENANT', 'GUEST', 'REFERRER'); create type RbacRoleType as enum ('OWNER', 'ADMIN', 'AGENT', 'TENANT', 'GUEST', 'REFERRER');
create table rbac.role create table rbac.role
( (
uuid uuid primary key references rbac.reference (uuid) on delete cascade initially deferred, -- initially deferred uuid uuid primary key references rbac.reference (uuid) on delete cascade initially deferred, -- initially deferred
objectUuid uuid not null references rbac.object (uuid) initially deferred, objectUuid uuid not null references rbac.object (uuid) initially deferred,
roleType rbac.RoleType not null, roleType RbacRoleType not null,
unique (objectUuid, roleType) unique (objectUuid, roleType)
); );
@ -181,7 +180,7 @@ create type RbacRoleDescriptor as
( (
objectTable varchar(63), -- for human readability and easier debugging objectTable varchar(63), -- for human readability and easier debugging
objectUuid uuid, objectUuid uuid,
roleType rbac.RoleType, roleType RbacRoleType,
assumed boolean assumed boolean
); );
@ -201,13 +200,13 @@ $$;
create or replace function roleDescriptor( create or replace function roleDescriptor(
objectTable varchar(63), objectUuid uuid, roleType rbac.RoleType, objectTable varchar(63), objectUuid uuid, roleType RbacRoleType,
assumed boolean = true) -- just for DSL readability, belongs actually to the grant assumed boolean = true) -- just for DSL readability, belongs actually to the grant
returns RbacRoleDescriptor returns RbacRoleDescriptor
returns null on null input returns null on null input
stable -- leakproof stable -- leakproof
language sql as $$ language sql as $$
select objectTable, objectUuid, roleType::rbac.RoleType, assumed; select objectTable, objectUuid, roleType::RbacRoleType, assumed;
$$; $$;
create or replace function createRole(roleDescriptor RbacRoleDescriptor) create or replace function createRole(roleDescriptor RbacRoleDescriptor)
@ -243,7 +242,7 @@ create or replace function findRoleId(roleIdName varchar)
language plpgsql as $$ language plpgsql as $$
declare declare
roleParts text; roleParts text;
roleTypeFromRoleIdName rbac.RoleType; roleTypeFromRoleIdName RbacRoleType;
objectNameFromRoleIdName text; objectNameFromRoleIdName text;
objectTableFromRoleIdName text; objectTableFromRoleIdName text;
objectUuidOfRole uuid; objectUuidOfRole uuid;

View File

@ -33,7 +33,7 @@ declare
objectTableToAssume varchar(63); objectTableToAssume varchar(63);
objectNameToAssume varchar(63); objectNameToAssume varchar(63);
objectUuidToAssume uuid; objectUuidToAssume uuid;
roleTypeToAssume rbac.RoleType; roleTypeToAssume RbacRoleType;
roleIdsToAssume uuid[]; roleIdsToAssume uuid[];
roleUuidToAssume uuid; roleUuidToAssume uuid;
begin begin

View File

@ -20,11 +20,11 @@ begin
execute createInsertTriggerSQL; execute createInsertTriggerSQL;
createDeleteTriggerSQL = format($sql$ createDeleteTriggerSQL = format($sql$
create trigger delete_related_rbac_rules_for_%s_tg create trigger deleteRbacRulesFor_%s_Trigger
after delete after delete
on %s on %s
for each row for each row
execute procedure rbac.delete_related_rbac_rules_tf(); execute procedure deleteRelatedRbacObject();
$sql$, targetTable, targetTable); $sql$, targetTable, targetTable);
execute createDeleteTriggerSQL; execute createDeleteTriggerSQL;
end; $$; end; $$;

View File

@ -114,7 +114,7 @@ create or replace function globalAdmin(assumed boolean = true)
returns null on null input returns null on null input
stable -- leakproof stable -- leakproof
language sql as $$ language sql as $$
select 'rbac.global', (select uuid from rbac.object where objectTable = 'rbac.global'), 'ADMIN'::rbac.RoleType, assumed; select 'rbac.global', (select uuid from rbac.object where objectTable = 'rbac.global'), 'ADMIN'::RbacRoleType, assumed;
$$; $$;
begin transaction; begin transaction;
@ -135,7 +135,7 @@ create or replace function globalGuest(assumed boolean = true)
returns null on null input returns null on null input
stable -- leakproof stable -- leakproof
language sql as $$ language sql as $$
select 'rbac.global', (select uuid from rbac.object where objectTable = 'rbac.global'), 'GUEST'::rbac.RoleType, assumed; select 'rbac.global', (select uuid from rbac.object where objectTable = 'rbac.global'), 'GUEST'::RbacRoleType, assumed;
$$; $$;
begin transaction; begin transaction;