introduce singleton()

sql/rbac-tests.sql

@@ -19,11 +19,11 @@ select *
 FROM queryAllPermissionsOfSubjectId(findRbacUser('rosa@example.com'));
 
 select *
-FROM queryAllRbacUsersWithPermissionsFor(findPermissionId('customer',
+FROM queryAllRbacUsersWithPermissionsFor(findEffectivePermissionId('customer',
                                                           (SELECT uuid FROM RbacObject WHERE objectTable = 'customer' LIMIT 1),
                                                           'add-package'));
 select *
-FROM queryAllRbacUsersWithPermissionsFor(findPermissionId('package',
+FROM queryAllRbacUsersWithPermissionsFor(findEffectivePermissionId('package',
                                                           (SELECT uuid FROM RbacObject WHERE objectTable = 'package' LIMIT 1),
                                                           'DELETE'));
 

src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/InsertTriggerGenerator.java

@@ -1,6 +1,7 @@
 package net.hostsharing.hsadminng.rbac.rbacdef;
 
 import java.util.Optional;
+import java.util.function.BinaryOperator;
 import java.util.stream.Stream;
 
 import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.INSERT;
@@ -142,19 +143,20 @@ public class InsertTriggerGenerator {
 
     private Optional<RbacView.RbacGrantDefinition> getOptionalInsertGrant() {
         return getInsertGrants()
-                .reduce((x, y) -> {
+                .reduce(singleton());
-                    throw new IllegalStateException("only a single INSERT permission grant allowed");
-                });
     }
 
     private Optional<RbacView.RbacRoleDefinition> getOptionalInsertSuperRole() {
         return getInsertGrants()
                 .map(RbacView.RbacGrantDefinition::getSuperRoleDef)
-                .reduce((x, y) -> {
+                .reduce(singleton());
-                    throw new IllegalStateException("only a single INSERT permission grant allowed");
-                });
     }
 
+    private static <T> BinaryOperator<T> singleton() {
+        return (x, y) -> {
+            throw new IllegalStateException("only a single INSERT permission grant allowed");
+        };
+    }
 
     private static String toVar(final RbacView.RbacRoleDefinition roleDef) {
         return uncapitalize(roleDef.getEntityAlias().simpleName()) + capitalize(roleDef.getRole().roleName());

src/main/resources/db/changelog/050-rbac-base.sql

@@ -443,18 +443,6 @@ begin
 end;
 $$;
 
-create or replace function findPermissionId(forObjectUuid uuid, forOp RbacOp, forOpTableName text = null)
-    returns uuid
-    returns null on null input
-    stable -- leakproof
-    language sql as $$
-select uuid
-    from RbacPermission p
-    where p.objectUuid = forObjectUuid
-      and p.op = forOp
-      and p.opTableName = forOpTableName
-$$;
-
 create or replace function findEffectivePermissionId(forObjectUuid uuid, forOp RbacOp, forOpTableName text = null)
     returns uuid
     returns null on null input
@@ -466,6 +454,18 @@ select uuid
       and (forOp = 'SELECT' or p.op = forOp) -- all other RbacOp include 'SELECT'
       and p.opTableName = forOpTableName
 $$;
+
+create or replace function findPermissionId(forObjectUuid uuid, forOp RbacOp, forOpTableName text = null)
+    returns uuid
+    returns null on null input
+    stable -- leakproof
+    language sql as $$
+select uuid
+    from RbacPermission p
+    where p.objectUuid = forObjectUuid
+      and p.op = forOp
+      and p.opTableName = forOpTableName
+$$;
 --//
 
 -- ============================================================================