Compare commits
No commits in common. "feature/update-relations-when-updating-partner-person" and "master" have entirely different histories.
feature/up
...
master
2
.aliases
2
.aliases
@ -109,10 +109,8 @@ function _gwTest1() {
|
||||
echo "RUNNING gw $@"
|
||||
printf -- '-%0.s' {1..80}; echo
|
||||
./gradlew "$@"
|
||||
local buildResultCode=$?
|
||||
printf -- '-%0.s' {1..80}; echo
|
||||
echo "DONE gw $@"
|
||||
return $buildResultCode
|
||||
}
|
||||
function _gwTest() {
|
||||
. .aliases
|
||||
|
||||
@ -1,108 +0,0 @@
|
||||
# Änderung eines Geschäftspartners oder Rechnungsempfängers (Debitor)
|
||||
|
||||
**Status:**
|
||||
- [x] vorgeschlagen von (Michael Hönnig)
|
||||
- [ ] akzeptiert von (...)
|
||||
- [ ] abgelehnt von (...)
|
||||
- [ ] ersetzt durch (ersetzende ADR)
|
||||
|
||||
## Kontext und Problemstellung
|
||||
|
||||
In vorgegebenen Datenmodell von Geschäftspartnern und Rechnungsempfängern (Debitor), das auch fachliche Rollen wie Repräsentant, technische Ansprechpartner oder modellieren kann, stellt sich die Frage, wie eine Änderung der Geschäftspartner-Person effizient und konsistent umgesetzt werden kann.
|
||||
Diese fachlichen Rollen hängen jeweils an der Partner-Person.
|
||||
|
||||
Ein konkretes Beispiel hierfür ist die Änderung von einer natürlichen Person, die verstorben ist, zu deren Erbengemeinschaft.
|
||||
**Hierbei stellte sich heraus, dass der die API-Bedienung sehr komplex und damit fehleranfällig ist, weil viele neue Objekte erzeugt und korrekt miteinander verbunden werden müssen. Dies wäre zudem nicht transaktionssicher.**
|
||||
|
||||
Angepasst werden müssen:
|
||||
|
||||
1. alle Relations mit der alten Partner-Person:
|
||||
- die PARTNER-Relation
|
||||
- die DEBITOR-Relations (ggf. mehrere)
|
||||
- die OPERATIONS-Relations (ggf. mehrere)
|
||||
- die SUBSCRIBER-Relations (ggf. mehrere)
|
||||
- die REPRESENTATIVE-Relations (ggf. mehrere)
|
||||
- etc.
|
||||
2. Die PARTNER-Relation hat die Besonderheit, dass sie zusätzlich im Debitor ausgetauscht werden muss.
|
||||
3. Die DEBITOR-Relation die Besonderheit, dass sie zusätzlich im Debitor ausgetauscht werden muss.
|
||||
|
||||
Daher sollen möglichst viele dieser *Neuverdrahtungen* im Backend gemacht werden.
|
||||
Und dafür braucht es dann eine zentrale Stelle, an der die Kaskade ausgelöst wird.
|
||||
|
||||
Derzeit gibt es zwei mögliche Varianten, diese Änderung dynamisch umzusetzen, die jeweils unterschiedliche Auswirkungen auf die API und die Zugriffsrechte haben.
|
||||
|
||||
### Technischer Hintergrund
|
||||
|
||||
Zum Zeitpunkt der Erstellung dieses ADR existieren folgende relevante Entitäten:
|
||||
- **Person**: Natürliche oder juristische Person (Name, Firma, Anrede etc.)
|
||||
- **Contact**: Kontaktdaten einer fachlichen Rolle
|
||||
- **Relation**: Mit einem Typ (z.B. PARTNER, DEBITOR, REPRESENTATIVE) und Kontaktdaten versehene Beziehung von einer Person (Holder) zu einer anderen (Anchor)
|
||||
- **Partner**: Sind quasi Zusatzdaten einer PARTNER-Relation (derzeit nur die Partnernummer), welche eine Partner-Person mit der Hostsharing-Person verknüpft
|
||||
- **Debitor**: Sind quasi Zusatzdaten einer DEBITOR-Relation, welche eine Debitor-Person mit einer Partner-Person verknüpft
|
||||
|
||||
Zugriffsrechte werden über ein hierarchisches, dynamisches RBAC-System gesteuert, bei dem der **OWNER** einer Entitäten-Instanz alle Rechte hat, **ADMIN** definierte Spalten aktualisieren darf, **AGENT** Verknüpfungen anlegen kann, und **TENANT**, **GUEST** sowie **REFERRER** nur Lesezugriff haben.
|
||||
Partner und Debitor nutzen dabei die RBAC-Rollen der zugehörigen Relations.
|
||||
|
||||
## In Betracht gezogene Optionen
|
||||
|
||||
* **Variante 1:** Austausch der PARTNER-/DEBITOR-/OPERATIONS-/...-Relations gegen eine neue Relation für die Erbengemeinschaft als neuen Holder
|
||||
* **Variante 2:** Änderung des Holders in der bestehenden PARTNER-Relation auf die Erbengemeinschaft
|
||||
|
||||
### Variante 1: Austausch der Relations mit neuen Holdern
|
||||
|
||||
Ein Austausch der bestehenden PARTNER-/DEBITOR-/OPERATIONS-/...-Relations mit einer neuen Relation, die die Erbengemeinschaft als neuen Holder referenziert.
|
||||
|
||||
#### Vorteile
|
||||
|
||||
- **Beibehaltung der API:** Dieses Verhalten ist bereits implementiert und benötigt keinen großen Umbau an der API, sondern nur eine Erweiterung um das Austauschen weiterer Relations
|
||||
- **UPDATE-Permission für AGENT:** Es wäre möglich, der AGENT-Rolle einer Relation UPDATE-Rechte an der Relation zu geben, weil nur der unkritisch Contact änderbar wäre.
|
||||
- **Übereinstimmung von Fachlichkeit und API**: Fachlich handelt es sich um den Austausch der Partner-Person, dazu passend wäre der Endpunkt, allerdings würde nicht direkt die Partner-Person ausgetauscht, sondern eine neue PARTNER-Relation mit der neuen Partner-Person eingesetzt werden.
|
||||
|
||||
#### Nachteile
|
||||
|
||||
- **Verlust expliziter GRANTs:** Gibt es explizite GRANTs an der PARTNER-Relation, gehen diese verloren, da die Relation ausgetauscht wird. Die Übernahme dieser expliziten Grants erfordert also einen zusätzlichen Implementationsaufwand.
|
||||
- **Divergenz zwischen Fachlichkeit und API:** Fachlich handelt es sich um den Austausch der Partner-Person, würde aber eine neue PARTNER-Relation dieser Person in den Partner eingesetzt werden. Das erfordert ein höheres Verständnis des Datenmodells.
|
||||
|
||||
### Variante 2: Änderung des Holders in der bestehenden PARTNER-Relation
|
||||
|
||||
Die bestehende PARTNER-Relation bleibt erhalten, und der Holder wird von der verstorbenen Person auf die Erbengemeinschaft geändert.
|
||||
|
||||
#### Vorteile
|
||||
|
||||
- **Erhalt expliziter GRANTs:** Wer explizite Grants an der PARTNER-Relation oder DEBITOR-Relation vergeben hat, behält diese, da die Relation-Instanzen unverändert bleiben.
|
||||
- **Einheitliche API-Struktur:** Die REST-API für Änderungen gehört dann einheitlich zum Relation-Endpunkt, was der bestehenden Handhabung von Contact-Änderungen entspricht.
|
||||
- **Übereinstimmung von Fachlichkeit und API**: Fachlich handelt es sich um den Austausch der Partner-Person, genau das würde man dann an der API machen, wenn auch nicht am Partner selbst, sondern an der PARTNER-Relation.
|
||||
|
||||
#### Nachteile
|
||||
|
||||
- **Kein UPDATE durch Relation-AGENT:** Der Relation-AGENT darf nicht das Recht bekommen, den Holder auszutauschen. Da es keine Spalten-spezifischen Update-Rechte gibt, könnte dieser auch den Contact nicht mehr austauschen. Derzeit ist das aber auch nicht vorgesehen.
|
||||
- **Umbau der API:** Der Austausch einer Partner-Person würde vom Partner-Endpunkt (/api/hs/office/partner) zur Relation (/api/hs/office/partner) wandern, was ein größerer Umbau, auch bei den Tests wäre.
|
||||
- **Divergenz von Fachlichkeit und API**: Fachlich handelt es sich um den Austausch der Partner-Person, aber man würde die Person nicht am Partner selbst austauschen, sondern an der PARTNER-Relation.
|
||||
|
||||
## Entscheidung und Ergebnis
|
||||
|
||||
**Entscheidung:** Noch kein klares Ergebnis
|
||||
|
||||
**Begründung:**
|
||||
- Die meisten Vor- und Nachteile gleichen sich aus, was besonders bei der Übereinstimmung bzw. Divergenz zwischen Fachlichkeit und API zum Ausdruck kommt.
|
||||
- Diese Variante erfordert keinen grundsätzlichen Umbau der API und daher weniger aufwändig.
|
||||
- Ein großer Aufwand, nämlich die Übernahme der GRANTs, könnte sogar zunächst zurückgestellt werden.
|
||||
|
||||
| Bereich | 1. Relations ersetzen | 2. Relations aktualisieren |
|
||||
|------------------------------------------------------------|----------------------:|---------------------------:|
|
||||
| **Aufwände** | | |
|
||||
| Beibehaltung der API vs. Umbau, inkl. Risiko | | -3 |
|
||||
| Anwendbar auf Partner-Person + Debitor-Person | | +1 |
|
||||
| Aufwand für explizite Grants | -1 | |
|
||||
| **Zwischenergebnis für Aufwände** | **-1** | **-2** |
|
||||
| | | |
|
||||
| **Fachlichkeit/Einheitlichkeit etc.** | | |
|
||||
| Kongruenz von Fachlichkeit+API | +1 | -1 |
|
||||
| Einheitlichkeit/Generizität der API | | +1 |
|
||||
| Direktheit der API | | +1 |
|
||||
| UPDATE Permission für Relation-AGENT möglich | +1 | |
|
||||
| **Zwischenergebnis für Fachlichkeit/Einheitlichkeit etc.** | **+2** | **+1** |
|
||||
| | | |
|
||||
| **Ergebnis** | **+1** | **-1** |
|
||||
|
||||
|
||||
@ -170,9 +170,8 @@ public class HsOfficePartnerController implements HsOfficePartnersApi {
|
||||
|
||||
private void optionallyCreateExPartnerRelation(final HsOfficePartnerRbacEntity saved, final HsOfficeRelationRealEntity previousPartnerRel) {
|
||||
if (!saved.getPartnerRel().getUuid().equals(previousPartnerRel.getUuid())) {
|
||||
relationRepo.save(previousPartnerRel.toBuilder().uuid(null)
|
||||
.type(EX_PARTNER).anchor(saved.getPartnerRel().getHolder())
|
||||
.build());
|
||||
// TODO.impl: we also need to use the new partner-person as the anchor
|
||||
relationRepo.save(previousPartnerRel.toBuilder().uuid(null).type(EX_PARTNER).build());
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -51,7 +51,7 @@ public class HsOfficeRelationRbacEntity extends HsOfficeRelation {
|
||||
"""))
|
||||
.withRestrictedViewOrderBy(SQL.expression(
|
||||
"(select idName from hs_office.person_iv p where p.uuid = target.holderUuid)"))
|
||||
.withUpdatableColumns("anchorUuid", "holderUuid", "contactUuid")
|
||||
.withUpdatableColumns("contactUuid")
|
||||
.importEntityAlias("anchorPerson", HsOfficePersonRbacEntity.class, usingDefaultCase(),
|
||||
dependsOnColumn("anchorUuid"),
|
||||
directlyFetchedByDependsOnColumn(),
|
||||
|
||||
@ -22,7 +22,7 @@ class RbacRbacSystemRebuildGenerator {
|
||||
void generateTo(final StringWriter plPgSql) {
|
||||
plPgSql.writeLn("""
|
||||
-- ============================================================================
|
||||
--changeset RbacRbacSystemRebuildGenerator:${liquibaseTagPrefix}-rbac-rebuild runOnChange:true validCheckSum:ANY endDelimiter:--//
|
||||
--changeset RbacRbacSystemRebuildGenerator:${liquibaseTagPrefix}-rbac-rebuild endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
-- HOWTO: Rebuild RBAC-system for table ${rawTableName} after changing its RBAC specification.
|
||||
|
||||
@ -19,7 +19,7 @@ public class RbacRestrictedViewGenerator {
|
||||
void generateTo(final StringWriter plPgSql) {
|
||||
plPgSql.writeLn("""
|
||||
-- ============================================================================
|
||||
--changeset RbacRestrictedViewGenerator:${liquibaseTagPrefix}-rbac-RESTRICTED-VIEW runOnChange:true validCheckSum:ANY endDelimiter:--//
|
||||
--changeset RbacRestrictedViewGenerator:${liquibaseTagPrefix}-rbac-RESTRICTED-VIEW endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call rbac.generateRbacRestrictedView('${rawTableName}',
|
||||
$orderBy$
|
||||
|
||||
@ -52,7 +52,7 @@ class RolesGrantsAndPermissionsGenerator {
|
||||
private void generateHeader(final StringWriter plPgSql, final String triggerType) {
|
||||
plPgSql.writeLn("""
|
||||
-- ============================================================================
|
||||
--changeset RolesGrantsAndPermissionsGenerator:${liquibaseTagPrefix}-rbac-${triggerType}-trigger runOnChange:true validCheckSum:ANY endDelimiter:--//
|
||||
--changeset RolesGrantsAndPermissionsGenerator:${liquibaseTagPrefix}-rbac-${triggerType}-trigger endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
""",
|
||||
with("liquibaseTagPrefix", liquibaseTagPrefix),
|
||||
@ -523,11 +523,12 @@ class RolesGrantsAndPermissionsGenerator {
|
||||
return NEW;
|
||||
end; $$;
|
||||
|
||||
create or replace trigger build_rbac_system_after_insert_tg
|
||||
create trigger build_rbac_system_after_insert_tg
|
||||
after insert on ${rawTableQualifiedName}
|
||||
for each row
|
||||
execute procedure ${rawTableQualifiedName}_build_rbac_system_after_insert_tf();
|
||||
"""
|
||||
.replace("${schemaPrefix}", schemaPrefix(qualifiedRawTableName))
|
||||
.replace("${rawTableQualifiedName}", qualifiedRawTableName)
|
||||
);
|
||||
|
||||
@ -557,7 +558,7 @@ class RolesGrantsAndPermissionsGenerator {
|
||||
return NEW;
|
||||
end; $$;
|
||||
|
||||
create or replace trigger update_rbac_system_after_update_tg
|
||||
create trigger update_rbac_system_after_update_tg
|
||||
after update on ${rawTableQualifiedName}
|
||||
for each row
|
||||
execute procedure ${rawTableQualifiedName}_update_rbac_system_after_update_tf();
|
||||
|
||||
@ -235,7 +235,7 @@ begin
|
||||
*/
|
||||
newColumns := 'new.' || replace(columnNames, ', ', ', new.');
|
||||
sql := format($sql$
|
||||
create or replace function %1$s_instead_of_insert_tf()
|
||||
create function %1$s_instead_of_insert_tf()
|
||||
returns trigger
|
||||
language plpgsql as $f$
|
||||
declare
|
||||
@ -254,7 +254,7 @@ begin
|
||||
Creates an instead of insert trigger for the restricted view.
|
||||
*/
|
||||
sql := format($sql$
|
||||
create or replace trigger instead_of_insert_tg
|
||||
create trigger instead_of_insert_tg
|
||||
instead of insert
|
||||
on %1$s_rv
|
||||
for each row
|
||||
@ -266,7 +266,7 @@ begin
|
||||
Instead of delete trigger function for the restricted view.
|
||||
*/
|
||||
sql := format($sql$
|
||||
create or replace function %1$s_instead_of_delete_tf()
|
||||
create function %1$s_instead_of_delete_tf()
|
||||
returns trigger
|
||||
language plpgsql as $f$
|
||||
begin
|
||||
@ -283,7 +283,7 @@ begin
|
||||
Creates an instead of delete trigger for the restricted view.
|
||||
*/
|
||||
sql := format($sql$
|
||||
create or replace trigger instead_of_delete_tg
|
||||
create trigger instead_of_delete_tg
|
||||
instead of delete
|
||||
on %1$s_rv
|
||||
for each row
|
||||
@ -297,7 +297,7 @@ begin
|
||||
*/
|
||||
if columnUpdates is not null then
|
||||
sql := format($sql$
|
||||
create or replace function %1$s_instead_of_update_tf()
|
||||
create function %1$s_instead_of_update_tf()
|
||||
returns trigger
|
||||
language plpgsql as $f$
|
||||
begin
|
||||
@ -316,7 +316,7 @@ begin
|
||||
Creates an instead of delete trigger for the restricted view.
|
||||
*/
|
||||
sql = format($sql$
|
||||
create or replace trigger instead_of_update_tg
|
||||
create trigger instead_of_update_tg
|
||||
instead of update
|
||||
on %1$s_rv
|
||||
for each row
|
||||
|
||||
@ -17,7 +17,7 @@ call rbac.generateRbacRoleDescriptors('rbactest.customer');
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RolesGrantsAndPermissionsGenerator:rbactest-customer-rbac-insert-trigger runOnChange:true validCheckSum:ANY endDelimiter:--//
|
||||
--changeset RolesGrantsAndPermissionsGenerator:rbactest-customer-rbac-insert-trigger endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
/*
|
||||
@ -69,7 +69,7 @@ begin
|
||||
return NEW;
|
||||
end; $$;
|
||||
|
||||
create or replace trigger build_rbac_system_after_insert_tg
|
||||
create trigger build_rbac_system_after_insert_tg
|
||||
after insert on rbactest.customer
|
||||
for each row
|
||||
execute procedure rbactest.customer_build_rbac_system_after_insert_tf();
|
||||
@ -165,7 +165,7 @@ call rbac.generateRbacIdentityViewFromProjection('rbactest.customer',
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RbacRestrictedViewGenerator:rbactest-customer-rbac-RESTRICTED-VIEW runOnChange:true validCheckSum:ANY endDelimiter:--//
|
||||
--changeset RbacRestrictedViewGenerator:rbactest-customer-rbac-RESTRICTED-VIEW endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call rbac.generateRbacRestrictedView('rbactest.customer',
|
||||
$orderBy$
|
||||
@ -180,7 +180,7 @@ call rbac.generateRbacRestrictedView('rbactest.customer',
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RbacRbacSystemRebuildGenerator:rbactest-customer-rbac-rebuild runOnChange:true validCheckSum:ANY endDelimiter:--//
|
||||
--changeset RbacRbacSystemRebuildGenerator:rbactest-customer-rbac-rebuild endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
-- HOWTO: Rebuild RBAC-system for table rbactest.customer after changing its RBAC specification.
|
||||
|
||||
@ -17,7 +17,7 @@ call rbac.generateRbacRoleDescriptors('rbactest.package');
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RolesGrantsAndPermissionsGenerator:rbactest-package-rbac-insert-trigger runOnChange:true validCheckSum:ANY endDelimiter:--//
|
||||
--changeset RolesGrantsAndPermissionsGenerator:rbactest-package-rbac-insert-trigger endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
/*
|
||||
@ -73,7 +73,7 @@ begin
|
||||
return NEW;
|
||||
end; $$;
|
||||
|
||||
create or replace trigger build_rbac_system_after_insert_tg
|
||||
create trigger build_rbac_system_after_insert_tg
|
||||
after insert on rbactest.package
|
||||
for each row
|
||||
execute procedure rbactest.package_build_rbac_system_after_insert_tf();
|
||||
@ -81,7 +81,7 @@ execute procedure rbactest.package_build_rbac_system_after_insert_tf();
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RolesGrantsAndPermissionsGenerator:rbactest-package-rbac-update-trigger runOnChange:true validCheckSum:ANY endDelimiter:--//
|
||||
--changeset RolesGrantsAndPermissionsGenerator:rbactest-package-rbac-update-trigger endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
/*
|
||||
@ -134,7 +134,7 @@ begin
|
||||
return NEW;
|
||||
end; $$;
|
||||
|
||||
create or replace trigger update_rbac_system_after_update_tg
|
||||
create trigger update_rbac_system_after_update_tg
|
||||
after update on rbactest.package
|
||||
for each row
|
||||
execute procedure rbactest.package_update_rbac_system_after_update_tf();
|
||||
@ -230,7 +230,7 @@ call rbac.generateRbacIdentityViewFromProjection('rbactest.package',
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RbacRestrictedViewGenerator:rbactest-package-rbac-RESTRICTED-VIEW runOnChange:true validCheckSum:ANY endDelimiter:--//
|
||||
--changeset RbacRestrictedViewGenerator:rbactest-package-rbac-RESTRICTED-VIEW endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call rbac.generateRbacRestrictedView('rbactest.package',
|
||||
$orderBy$
|
||||
@ -245,7 +245,7 @@ call rbac.generateRbacRestrictedView('rbactest.package',
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RbacRbacSystemRebuildGenerator:rbactest-package-rbac-rebuild runOnChange:true validCheckSum:ANY endDelimiter:--//
|
||||
--changeset RbacRbacSystemRebuildGenerator:rbactest-package-rbac-rebuild endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
-- HOWTO: Rebuild RBAC-system for table rbactest.package after changing its RBAC specification.
|
||||
|
||||
@ -17,7 +17,7 @@ call rbac.generateRbacRoleDescriptors('rbactest.domain');
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RolesGrantsAndPermissionsGenerator:rbactest-domain-rbac-insert-trigger runOnChange:true validCheckSum:ANY endDelimiter:--//
|
||||
--changeset RolesGrantsAndPermissionsGenerator:rbactest-domain-rbac-insert-trigger endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
/*
|
||||
@ -69,7 +69,7 @@ begin
|
||||
return NEW;
|
||||
end; $$;
|
||||
|
||||
create or replace trigger build_rbac_system_after_insert_tg
|
||||
create trigger build_rbac_system_after_insert_tg
|
||||
after insert on rbactest.domain
|
||||
for each row
|
||||
execute procedure rbactest.domain_build_rbac_system_after_insert_tf();
|
||||
@ -77,7 +77,7 @@ execute procedure rbactest.domain_build_rbac_system_after_insert_tf();
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RolesGrantsAndPermissionsGenerator:rbactest-domain-rbac-update-trigger runOnChange:true validCheckSum:ANY endDelimiter:--//
|
||||
--changeset RolesGrantsAndPermissionsGenerator:rbactest-domain-rbac-update-trigger endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
/*
|
||||
@ -133,7 +133,7 @@ begin
|
||||
return NEW;
|
||||
end; $$;
|
||||
|
||||
create or replace trigger update_rbac_system_after_update_tg
|
||||
create trigger update_rbac_system_after_update_tg
|
||||
after update on rbactest.domain
|
||||
for each row
|
||||
execute procedure rbactest.domain_update_rbac_system_after_update_tf();
|
||||
@ -229,7 +229,7 @@ call rbac.generateRbacIdentityViewFromProjection('rbactest.domain',
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RbacRestrictedViewGenerator:rbactest-domain-rbac-RESTRICTED-VIEW runOnChange:true validCheckSum:ANY endDelimiter:--//
|
||||
--changeset RbacRestrictedViewGenerator:rbactest-domain-rbac-RESTRICTED-VIEW endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call rbac.generateRbacRestrictedView('rbactest.domain',
|
||||
$orderBy$
|
||||
@ -244,7 +244,7 @@ call rbac.generateRbacRestrictedView('rbactest.domain',
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RbacRbacSystemRebuildGenerator:rbactest-domain-rbac-rebuild runOnChange:true validCheckSum:ANY endDelimiter:--//
|
||||
--changeset RbacRbacSystemRebuildGenerator:rbactest-domain-rbac-rebuild endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
-- HOWTO: Rebuild RBAC-system for table rbactest.domain after changing its RBAC specification.
|
||||
|
||||
@ -17,7 +17,7 @@ call rbac.generateRbacRoleDescriptors('hs_office.contact');
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RolesGrantsAndPermissionsGenerator:hs-office-contact-rbac-insert-trigger runOnChange:true validCheckSum:ANY endDelimiter:--//
|
||||
--changeset RolesGrantsAndPermissionsGenerator:hs-office-contact-rbac-insert-trigger endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
/*
|
||||
@ -69,7 +69,7 @@ begin
|
||||
return NEW;
|
||||
end; $$;
|
||||
|
||||
create or replace trigger build_rbac_system_after_insert_tg
|
||||
create trigger build_rbac_system_after_insert_tg
|
||||
after insert on hs_office.contact
|
||||
for each row
|
||||
execute procedure hs_office.contact_build_rbac_system_after_insert_tf();
|
||||
@ -88,7 +88,7 @@ call rbac.generateRbacIdentityViewFromProjection('hs_office.contact',
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RbacRestrictedViewGenerator:hs-office-contact-rbac-RESTRICTED-VIEW runOnChange:true validCheckSum:ANY endDelimiter:--//
|
||||
--changeset RbacRestrictedViewGenerator:hs-office-contact-rbac-RESTRICTED-VIEW endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call rbac.generateRbacRestrictedView('hs_office.contact',
|
||||
$orderBy$
|
||||
@ -104,7 +104,7 @@ call rbac.generateRbacRestrictedView('hs_office.contact',
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RbacRbacSystemRebuildGenerator:hs-office-contact-rbac-rebuild runOnChange:true validCheckSum:ANY endDelimiter:--//
|
||||
--changeset RbacRbacSystemRebuildGenerator:hs-office-contact-rbac-rebuild endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
-- HOWTO: Rebuild RBAC-system for table hs_office.contact after changing its RBAC specification.
|
||||
|
||||
@ -17,7 +17,7 @@ call rbac.generateRbacRoleDescriptors('hs_office.person');
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RolesGrantsAndPermissionsGenerator:hs-office-person-rbac-insert-trigger runOnChange:true validCheckSum:ANY endDelimiter:--//
|
||||
--changeset RolesGrantsAndPermissionsGenerator:hs-office-person-rbac-insert-trigger endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
/*
|
||||
@ -69,7 +69,7 @@ begin
|
||||
return NEW;
|
||||
end; $$;
|
||||
|
||||
create or replace trigger build_rbac_system_after_insert_tg
|
||||
create trigger build_rbac_system_after_insert_tg
|
||||
after insert on hs_office.person
|
||||
for each row
|
||||
execute procedure hs_office.person_build_rbac_system_after_insert_tf();
|
||||
@ -88,7 +88,7 @@ call rbac.generateRbacIdentityViewFromProjection('hs_office.person',
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RbacRestrictedViewGenerator:hs-office-person-rbac-RESTRICTED-VIEW runOnChange:true validCheckSum:ANY endDelimiter:--//
|
||||
--changeset RbacRestrictedViewGenerator:hs-office-person-rbac-RESTRICTED-VIEW endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call rbac.generateRbacRestrictedView('hs_office.person',
|
||||
$orderBy$
|
||||
@ -106,7 +106,7 @@ call rbac.generateRbacRestrictedView('hs_office.person',
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RbacRbacSystemRebuildGenerator:hs-office-person-rbac-rebuild runOnChange:true validCheckSum:ANY endDelimiter:--//
|
||||
--changeset RbacRbacSystemRebuildGenerator:hs-office-person-rbac-rebuild endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
-- HOWTO: Rebuild RBAC-system for table hs_office.person after changing its RBAC specification.
|
||||
|
||||
@ -17,7 +17,7 @@ call rbac.generateRbacRoleDescriptors('hs_office.relation');
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RolesGrantsAndPermissionsGenerator:hs-office-relation-rbac-insert-trigger runOnChange:true validCheckSum:ANY endDelimiter:--//
|
||||
--changeset RolesGrantsAndPermissionsGenerator:hs-office-relation-rbac-insert-trigger endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
/*
|
||||
@ -102,7 +102,7 @@ begin
|
||||
return NEW;
|
||||
end; $$;
|
||||
|
||||
create or replace trigger build_rbac_system_after_insert_tg
|
||||
create trigger build_rbac_system_after_insert_tg
|
||||
after insert on hs_office.relation
|
||||
for each row
|
||||
execute procedure hs_office.relation_build_rbac_system_after_insert_tf();
|
||||
@ -110,7 +110,7 @@ execute procedure hs_office.relation_build_rbac_system_after_insert_tf();
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RolesGrantsAndPermissionsGenerator:hs-office-relation-rbac-update-trigger runOnChange:true validCheckSum:ANY endDelimiter:--//
|
||||
--changeset RolesGrantsAndPermissionsGenerator:hs-office-relation-rbac-update-trigger endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
/*
|
||||
@ -124,9 +124,7 @@ create or replace procedure hs_office.relation_update_rbac_system(
|
||||
language plpgsql as $$
|
||||
begin
|
||||
|
||||
if NEW.holderUuid is distinct from OLD.holderUuid
|
||||
or NEW.anchorUuid is distinct from OLD.anchorUuid
|
||||
or NEW.contactUuid is distinct from OLD.contactUuid then
|
||||
if NEW.contactUuid is distinct from OLD.contactUuid then
|
||||
delete from rbac.grant g where g.grantedbytriggerof = OLD.uuid;
|
||||
call hs_office.relation_build_rbac_system(NEW);
|
||||
end if;
|
||||
@ -145,7 +143,7 @@ begin
|
||||
return NEW;
|
||||
end; $$;
|
||||
|
||||
create or replace trigger update_rbac_system_after_update_tg
|
||||
create trigger update_rbac_system_after_update_tg
|
||||
after update on hs_office.relation
|
||||
for each row
|
||||
execute procedure hs_office.relation_update_rbac_system_after_update_tf();
|
||||
@ -243,22 +241,20 @@ call rbac.generateRbacIdentityViewFromProjection('hs_office.relation',
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RbacRestrictedViewGenerator:hs-office-relation-rbac-RESTRICTED-VIEW runOnChange:true validCheckSum:ANY endDelimiter:--//
|
||||
--changeset RbacRestrictedViewGenerator:hs-office-relation-rbac-RESTRICTED-VIEW endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call rbac.generateRbacRestrictedView('hs_office.relation',
|
||||
$orderBy$
|
||||
(select idName from hs_office.person_iv p where p.uuid = target.holderUuid)
|
||||
$orderBy$,
|
||||
$updates$
|
||||
anchorUuid = new.anchorUuid,
|
||||
holderUuid = new.holderUuid,
|
||||
contactUuid = new.contactUuid
|
||||
$updates$);
|
||||
--//
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RbacRbacSystemRebuildGenerator:hs-office-relation-rbac-rebuild runOnChange:true validCheckSum:ANY endDelimiter:--//
|
||||
--changeset RbacRbacSystemRebuildGenerator:hs-office-relation-rbac-rebuild endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
-- HOWTO: Rebuild RBAC-system for table hs_office.relation after changing its RBAC specification.
|
||||
@ -309,17 +305,3 @@ END;
|
||||
$$;
|
||||
--//
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RbacRbacSystemRebuildGenerator:hs-office-relation-rbac-actually-rebuild runOnChange:true validCheckSum:ANY endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
begin transaction;
|
||||
call base.defineContext(
|
||||
're-creating RBAC for table hs_office.relation',
|
||||
null,
|
||||
'superuser-alex@hostsharing.net' -- FIXME: use env-var
|
||||
);
|
||||
call hs_office.relation_rebuild_rbac_system();
|
||||
commit;
|
||||
--//
|
||||
|
||||
@ -17,7 +17,7 @@ call rbac.generateRbacRoleDescriptors('hs_office.partner');
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RolesGrantsAndPermissionsGenerator:hs-office-partner-rbac-insert-trigger runOnChange:true validCheckSum:ANY endDelimiter:--//
|
||||
--changeset RolesGrantsAndPermissionsGenerator:hs-office-partner-rbac-insert-trigger endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
/*
|
||||
@ -65,7 +65,7 @@ begin
|
||||
return NEW;
|
||||
end; $$;
|
||||
|
||||
create or replace trigger build_rbac_system_after_insert_tg
|
||||
create trigger build_rbac_system_after_insert_tg
|
||||
after insert on hs_office.partner
|
||||
for each row
|
||||
execute procedure hs_office.partner_build_rbac_system_after_insert_tf();
|
||||
@ -73,7 +73,7 @@ execute procedure hs_office.partner_build_rbac_system_after_insert_tf();
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RolesGrantsAndPermissionsGenerator:hs-office-partner-rbac-update-trigger runOnChange:true validCheckSum:ANY endDelimiter:--//
|
||||
--changeset RolesGrantsAndPermissionsGenerator:hs-office-partner-rbac-update-trigger endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
/*
|
||||
@ -146,7 +146,7 @@ begin
|
||||
return NEW;
|
||||
end; $$;
|
||||
|
||||
create or replace trigger update_rbac_system_after_update_tg
|
||||
create trigger update_rbac_system_after_update_tg
|
||||
after update on hs_office.partner
|
||||
for each row
|
||||
execute procedure hs_office.partner_update_rbac_system_after_update_tf();
|
||||
@ -242,7 +242,7 @@ call rbac.generateRbacIdentityViewFromProjection('hs_office.partner',
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RbacRestrictedViewGenerator:hs-office-partner-rbac-RESTRICTED-VIEW runOnChange:true validCheckSum:ANY endDelimiter:--//
|
||||
--changeset RbacRestrictedViewGenerator:hs-office-partner-rbac-RESTRICTED-VIEW endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call rbac.generateRbacRestrictedView('hs_office.partner',
|
||||
$orderBy$
|
||||
@ -255,7 +255,7 @@ call rbac.generateRbacRestrictedView('hs_office.partner',
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RbacRbacSystemRebuildGenerator:hs-office-partner-rbac-rebuild runOnChange:true validCheckSum:ANY endDelimiter:--//
|
||||
--changeset RbacRbacSystemRebuildGenerator:hs-office-partner-rbac-rebuild endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
-- HOWTO: Rebuild RBAC-system for table hs_office.partner after changing its RBAC specification.
|
||||
|
||||
@ -17,7 +17,7 @@ call rbac.generateRbacRoleDescriptors('hs_office.partner_details');
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RolesGrantsAndPermissionsGenerator:hs-office-partner-details-rbac-insert-trigger runOnChange:true validCheckSum:ANY endDelimiter:--//
|
||||
--changeset RolesGrantsAndPermissionsGenerator:hs-office-partner-details-rbac-insert-trigger endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
/*
|
||||
@ -50,7 +50,7 @@ begin
|
||||
return NEW;
|
||||
end; $$;
|
||||
|
||||
create or replace trigger build_rbac_system_after_insert_tg
|
||||
create trigger build_rbac_system_after_insert_tg
|
||||
after insert on hs_office.partner_details
|
||||
for each row
|
||||
execute procedure hs_office.partner_details_build_rbac_system_after_insert_tf();
|
||||
@ -149,7 +149,7 @@ call rbac.generateRbacIdentityViewFromQuery('hs_office.partner_details',
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RbacRestrictedViewGenerator:hs-office-partner-details-rbac-RESTRICTED-VIEW runOnChange:true validCheckSum:ANY endDelimiter:--//
|
||||
--changeset RbacRestrictedViewGenerator:hs-office-partner-details-rbac-RESTRICTED-VIEW endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call rbac.generateRbacRestrictedView('hs_office.partner_details',
|
||||
$orderBy$
|
||||
@ -167,7 +167,7 @@ call rbac.generateRbacRestrictedView('hs_office.partner_details',
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RbacRbacSystemRebuildGenerator:hs-office-partner-details-rbac-rebuild runOnChange:true validCheckSum:ANY endDelimiter:--//
|
||||
--changeset RbacRbacSystemRebuildGenerator:hs-office-partner-details-rbac-rebuild endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
-- HOWTO: Rebuild RBAC-system for table hs_office.partner_details after changing its RBAC specification.
|
||||
|
||||
@ -17,7 +17,7 @@ call rbac.generateRbacRoleDescriptors('hs_office.bankaccount');
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RolesGrantsAndPermissionsGenerator:hs-office-bankaccount-rbac-insert-trigger runOnChange:true validCheckSum:ANY endDelimiter:--//
|
||||
--changeset RolesGrantsAndPermissionsGenerator:hs-office-bankaccount-rbac-insert-trigger endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
/*
|
||||
@ -69,7 +69,7 @@ begin
|
||||
return NEW;
|
||||
end; $$;
|
||||
|
||||
create or replace trigger build_rbac_system_after_insert_tg
|
||||
create trigger build_rbac_system_after_insert_tg
|
||||
after insert on hs_office.bankaccount
|
||||
for each row
|
||||
execute procedure hs_office.bankaccount_build_rbac_system_after_insert_tf();
|
||||
@ -88,7 +88,7 @@ call rbac.generateRbacIdentityViewFromProjection('hs_office.bankaccount',
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RbacRestrictedViewGenerator:hs-office-bankaccount-rbac-RESTRICTED-VIEW runOnChange:true validCheckSum:ANY endDelimiter:--//
|
||||
--changeset RbacRestrictedViewGenerator:hs-office-bankaccount-rbac-RESTRICTED-VIEW endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call rbac.generateRbacRestrictedView('hs_office.bankaccount',
|
||||
$orderBy$
|
||||
@ -103,7 +103,7 @@ call rbac.generateRbacRestrictedView('hs_office.bankaccount',
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RbacRbacSystemRebuildGenerator:hs-office-bankaccount-rbac-rebuild runOnChange:true validCheckSum:ANY endDelimiter:--//
|
||||
--changeset RbacRbacSystemRebuildGenerator:hs-office-bankaccount-rbac-rebuild endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
-- HOWTO: Rebuild RBAC-system for table hs_office.bankaccount after changing its RBAC specification.
|
||||
|
||||
@ -17,7 +17,7 @@ call rbac.generateRbacRoleDescriptors('hs_office.debitor');
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RolesGrantsAndPermissionsGenerator:hs-office-debitor-rbac-insert-trigger runOnChange:true validCheckSum:ANY endDelimiter:--//
|
||||
--changeset RolesGrantsAndPermissionsGenerator:hs-office-debitor-rbac-insert-trigger endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
/*
|
||||
@ -77,7 +77,7 @@ begin
|
||||
return NEW;
|
||||
end; $$;
|
||||
|
||||
create or replace trigger build_rbac_system_after_insert_tg
|
||||
create trigger build_rbac_system_after_insert_tg
|
||||
after insert on hs_office.debitor
|
||||
for each row
|
||||
execute procedure hs_office.debitor_build_rbac_system_after_insert_tf();
|
||||
@ -85,7 +85,7 @@ execute procedure hs_office.debitor_build_rbac_system_after_insert_tf();
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RolesGrantsAndPermissionsGenerator:hs-office-debitor-rbac-update-trigger runOnChange:true validCheckSum:ANY endDelimiter:--//
|
||||
--changeset RolesGrantsAndPermissionsGenerator:hs-office-debitor-rbac-update-trigger endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
/*
|
||||
@ -119,7 +119,7 @@ begin
|
||||
return NEW;
|
||||
end; $$;
|
||||
|
||||
create or replace trigger update_rbac_system_after_update_tg
|
||||
create trigger update_rbac_system_after_update_tg
|
||||
after update on hs_office.debitor
|
||||
for each row
|
||||
execute procedure hs_office.debitor_update_rbac_system_after_update_tf();
|
||||
@ -224,7 +224,7 @@ call rbac.generateRbacIdentityViewFromQuery('hs_office.debitor',
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RbacRestrictedViewGenerator:hs-office-debitor-rbac-RESTRICTED-VIEW runOnChange:true validCheckSum:ANY endDelimiter:--//
|
||||
--changeset RbacRestrictedViewGenerator:hs-office-debitor-rbac-RESTRICTED-VIEW endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call rbac.generateRbacRestrictedView('hs_office.debitor',
|
||||
$orderBy$
|
||||
@ -244,7 +244,7 @@ call rbac.generateRbacRestrictedView('hs_office.debitor',
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RbacRbacSystemRebuildGenerator:hs-office-debitor-rbac-rebuild runOnChange:true validCheckSum:ANY endDelimiter:--//
|
||||
--changeset RbacRbacSystemRebuildGenerator:hs-office-debitor-rbac-rebuild endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
-- HOWTO: Rebuild RBAC-system for table hs_office.debitor after changing its RBAC specification.
|
||||
|
||||
@ -17,7 +17,7 @@ call rbac.generateRbacRoleDescriptors('hs_office.sepamandate');
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RolesGrantsAndPermissionsGenerator:hs-office-sepamandate-rbac-insert-trigger runOnChange:true validCheckSum:ANY endDelimiter:--//
|
||||
--changeset RolesGrantsAndPermissionsGenerator:hs-office-sepamandate-rbac-insert-trigger endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
/*
|
||||
@ -94,7 +94,7 @@ begin
|
||||
return NEW;
|
||||
end; $$;
|
||||
|
||||
create or replace trigger build_rbac_system_after_insert_tg
|
||||
create trigger build_rbac_system_after_insert_tg
|
||||
after insert on hs_office.sepamandate
|
||||
for each row
|
||||
execute procedure hs_office.sepamandate_build_rbac_system_after_insert_tf();
|
||||
@ -198,7 +198,7 @@ call rbac.generateRbacIdentityViewFromQuery('hs_office.sepamandate',
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RbacRestrictedViewGenerator:hs-office-sepamandate-rbac-RESTRICTED-VIEW runOnChange:true validCheckSum:ANY endDelimiter:--//
|
||||
--changeset RbacRestrictedViewGenerator:hs-office-sepamandate-rbac-RESTRICTED-VIEW endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call rbac.generateRbacRestrictedView('hs_office.sepamandate',
|
||||
$orderBy$
|
||||
@ -213,7 +213,7 @@ call rbac.generateRbacRestrictedView('hs_office.sepamandate',
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RbacRbacSystemRebuildGenerator:hs-office-sepamandate-rbac-rebuild runOnChange:true validCheckSum:ANY endDelimiter:--//
|
||||
--changeset RbacRbacSystemRebuildGenerator:hs-office-sepamandate-rbac-rebuild endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
-- HOWTO: Rebuild RBAC-system for table hs_office.sepamandate after changing its RBAC specification.
|
||||
|
||||
@ -17,7 +17,7 @@ call rbac.generateRbacRoleDescriptors('hs_office.membership');
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RolesGrantsAndPermissionsGenerator:hs-office-membership-rbac-insert-trigger runOnChange:true validCheckSum:ANY endDelimiter:--//
|
||||
--changeset RolesGrantsAndPermissionsGenerator:hs-office-membership-rbac-insert-trigger endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
/*
|
||||
@ -81,7 +81,7 @@ begin
|
||||
return NEW;
|
||||
end; $$;
|
||||
|
||||
create or replace trigger build_rbac_system_after_insert_tg
|
||||
create trigger build_rbac_system_after_insert_tg
|
||||
after insert on hs_office.membership
|
||||
for each row
|
||||
execute procedure hs_office.membership_build_rbac_system_after_insert_tf();
|
||||
@ -180,7 +180,7 @@ call rbac.generateRbacIdentityViewFromQuery('hs_office.membership',
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RbacRestrictedViewGenerator:hs-office-membership-rbac-RESTRICTED-VIEW runOnChange:true validCheckSum:ANY endDelimiter:--//
|
||||
--changeset RbacRestrictedViewGenerator:hs-office-membership-rbac-RESTRICTED-VIEW endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call rbac.generateRbacRestrictedView('hs_office.membership',
|
||||
$orderBy$
|
||||
@ -195,7 +195,7 @@ call rbac.generateRbacRestrictedView('hs_office.membership',
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RbacRbacSystemRebuildGenerator:hs-office-membership-rbac-rebuild runOnChange:true validCheckSum:ANY endDelimiter:--//
|
||||
--changeset RbacRbacSystemRebuildGenerator:hs-office-membership-rbac-rebuild endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
-- HOWTO: Rebuild RBAC-system for table hs_office.membership after changing its RBAC specification.
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset michael.hoennig:hs-office-membership-TEST-DATA-GENERATOR runOnChange:true validCheckSum:ANY endDelimiter:--//
|
||||
--changeset michael.hoennig:hs-office-membership-TEST-DATA-GENERATOR endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
/*
|
||||
@ -11,8 +11,7 @@
|
||||
create or replace procedure hs_office.membership_create_test_data(
|
||||
forPartnerNumber numeric(5),
|
||||
newMemberNumberSuffix char(2),
|
||||
newValidity daterange,
|
||||
newStatus hs_office.HsOfficeMembershipStatus)
|
||||
validity daterange)
|
||||
language plpgsql as $$
|
||||
declare
|
||||
relatedPartner hs_office.partner;
|
||||
@ -22,35 +21,24 @@ begin
|
||||
|
||||
raise notice 'creating test Membership: M-% %', forPartnerNumber, newMemberNumberSuffix;
|
||||
raise notice '- using partner (%): %', relatedPartner.uuid, relatedPartner;
|
||||
if not exists (select true
|
||||
from hs_office.membership
|
||||
where partneruuid = relatedPartner.uuid and memberNumberSuffix = newMemberNumberSuffix)
|
||||
then
|
||||
insert into hs_office.membership (uuid, partneruuid, memberNumberSuffix, validity, status)
|
||||
values (uuid_generate_v4(), relatedPartner.uuid, newMemberNumberSuffix,
|
||||
newValidity, newStatus);
|
||||
else
|
||||
update hs_office.membership
|
||||
set memberNumberSuffix = newMemberNumberSuffix,
|
||||
validity = newValidity,
|
||||
status = newStatus
|
||||
where partneruuid = relatedPartner.uuid;
|
||||
end if;
|
||||
insert
|
||||
into hs_office.membership (uuid, partneruuid, memberNumberSuffix, validity, status)
|
||||
values (uuid_generate_v4(), relatedPartner.uuid, newMemberNumberSuffix, validity, 'ACTIVE');
|
||||
end; $$;
|
||||
--//
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset michael.hoennig:hs-office-membership-TEST-DATA-GENERATION runOnChange:true validCheckSum:ANY context:!without-test-data endDelimiter:--//
|
||||
--changeset michael.hoennig:hs-office-membership-TEST-DATA-GENERATION context:!without-test-data endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
do language plpgsql $$
|
||||
begin
|
||||
call base.defineContext('creating Membership test-data', null, 'superuser-alex@hostsharing.net', 'rbac.global#global:ADMIN');
|
||||
|
||||
call hs_office.membership_create_test_data(10001, '01', daterange('20221001' , '20241231', '[)'), 'CANCELLED');
|
||||
call hs_office.membership_create_test_data(10002, '02', daterange('20221001' , '20251231', '[]'), 'CANCELLED');
|
||||
call hs_office.membership_create_test_data(10003, '03', daterange('20221001' , null, '[]'), 'ACTIVE');
|
||||
call hs_office.membership_create_test_data(10001, '01', daterange('20221001' , '20241231', '[)'));
|
||||
call hs_office.membership_create_test_data(10002, '02', daterange('20221001' , '20251231', '[]'));
|
||||
call hs_office.membership_create_test_data(10003, '03', daterange('20221001' , null, '[]'));
|
||||
end;
|
||||
$$;
|
||||
--//
|
||||
|
||||
@ -17,7 +17,7 @@ call rbac.generateRbacRoleDescriptors('hs_office.coopsharetx');
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RolesGrantsAndPermissionsGenerator:hs-office-coopsharetx-rbac-insert-trigger runOnChange:true validCheckSum:ANY endDelimiter:--//
|
||||
--changeset RolesGrantsAndPermissionsGenerator:hs-office-coopsharetx-rbac-insert-trigger endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
/*
|
||||
@ -57,7 +57,7 @@ begin
|
||||
return NEW;
|
||||
end; $$;
|
||||
|
||||
create or replace trigger build_rbac_system_after_insert_tg
|
||||
create trigger build_rbac_system_after_insert_tg
|
||||
after insert on hs_office.coopsharetx
|
||||
for each row
|
||||
execute procedure hs_office.coopsharetx_build_rbac_system_after_insert_tf();
|
||||
@ -153,7 +153,7 @@ call rbac.generateRbacIdentityViewFromProjection('hs_office.coopsharetx',
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RbacRestrictedViewGenerator:hs-office-coopsharetx-rbac-RESTRICTED-VIEW runOnChange:true validCheckSum:ANY endDelimiter:--//
|
||||
--changeset RbacRestrictedViewGenerator:hs-office-coopsharetx-rbac-RESTRICTED-VIEW endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call rbac.generateRbacRestrictedView('hs_office.coopsharetx',
|
||||
$orderBy$
|
||||
@ -166,7 +166,7 @@ call rbac.generateRbacRestrictedView('hs_office.coopsharetx',
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RbacRbacSystemRebuildGenerator:hs-office-coopsharetx-rbac-rebuild runOnChange:true validCheckSum:ANY endDelimiter:--//
|
||||
--changeset RbacRbacSystemRebuildGenerator:hs-office-coopsharetx-rbac-rebuild endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
-- HOWTO: Rebuild RBAC-system for table hs_office.coopsharetx after changing its RBAC specification.
|
||||
|
||||
@ -17,7 +17,7 @@ call rbac.generateRbacRoleDescriptors('hs_office.coopassettx');
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RolesGrantsAndPermissionsGenerator:hs-office-coopassettx-rbac-insert-trigger runOnChange:true validCheckSum:ANY endDelimiter:--//
|
||||
--changeset RolesGrantsAndPermissionsGenerator:hs-office-coopassettx-rbac-insert-trigger endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
/*
|
||||
@ -57,7 +57,7 @@ begin
|
||||
return NEW;
|
||||
end; $$;
|
||||
|
||||
create or replace trigger build_rbac_system_after_insert_tg
|
||||
create trigger build_rbac_system_after_insert_tg
|
||||
after insert on hs_office.coopassettx
|
||||
for each row
|
||||
execute procedure hs_office.coopassettx_build_rbac_system_after_insert_tf();
|
||||
@ -153,7 +153,7 @@ call rbac.generateRbacIdentityViewFromProjection('hs_office.coopassettx',
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RbacRestrictedViewGenerator:hs-office-coopassettx-rbac-RESTRICTED-VIEW runOnChange:true validCheckSum:ANY endDelimiter:--//
|
||||
--changeset RbacRestrictedViewGenerator:hs-office-coopassettx-rbac-RESTRICTED-VIEW endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call rbac.generateRbacRestrictedView('hs_office.coopassettx',
|
||||
$orderBy$
|
||||
@ -166,7 +166,7 @@ call rbac.generateRbacRestrictedView('hs_office.coopassettx',
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RbacRbacSystemRebuildGenerator:hs-office-coopassettx-rbac-rebuild runOnChange:true validCheckSum:ANY endDelimiter:--//
|
||||
--changeset RbacRbacSystemRebuildGenerator:hs-office-coopassettx-rbac-rebuild endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
-- HOWTO: Rebuild RBAC-system for table hs_office.coopassettx after changing its RBAC specification.
|
||||
|
||||
@ -17,7 +17,7 @@ call rbac.generateRbacRoleDescriptors('hs_booking.project');
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RolesGrantsAndPermissionsGenerator:hs-booking-project-rbac-insert-trigger runOnChange:true validCheckSum:ANY endDelimiter:--//
|
||||
--changeset RolesGrantsAndPermissionsGenerator:hs-booking-project-rbac-insert-trigger endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
/*
|
||||
@ -88,7 +88,7 @@ begin
|
||||
return NEW;
|
||||
end; $$;
|
||||
|
||||
create or replace trigger build_rbac_system_after_insert_tg
|
||||
create trigger build_rbac_system_after_insert_tg
|
||||
after insert on hs_booking.project
|
||||
for each row
|
||||
execute procedure hs_booking.project_build_rbac_system_after_insert_tf();
|
||||
@ -192,7 +192,7 @@ call rbac.generateRbacIdentityViewFromQuery('hs_booking.project',
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RbacRestrictedViewGenerator:hs-booking-project-rbac-RESTRICTED-VIEW runOnChange:true validCheckSum:ANY endDelimiter:--//
|
||||
--changeset RbacRestrictedViewGenerator:hs-booking-project-rbac-RESTRICTED-VIEW endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call rbac.generateRbacRestrictedView('hs_booking.project',
|
||||
$orderBy$
|
||||
@ -206,7 +206,7 @@ call rbac.generateRbacRestrictedView('hs_booking.project',
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RbacRbacSystemRebuildGenerator:hs-booking-project-rbac-rebuild runOnChange:true validCheckSum:ANY endDelimiter:--//
|
||||
--changeset RbacRbacSystemRebuildGenerator:hs-booking-project-rbac-rebuild endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
-- HOWTO: Rebuild RBAC-system for table hs_booking.project after changing its RBAC specification.
|
||||
|
||||
@ -17,7 +17,7 @@ call rbac.generateRbacRoleDescriptors('hs_booking.item');
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RolesGrantsAndPermissionsGenerator:hs-booking-item-rbac-insert-trigger runOnChange:true validCheckSum:ANY endDelimiter:--//
|
||||
--changeset RolesGrantsAndPermissionsGenerator:hs-booking-item-rbac-insert-trigger endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
/*
|
||||
@ -87,7 +87,7 @@ begin
|
||||
return NEW;
|
||||
end; $$;
|
||||
|
||||
create or replace trigger build_rbac_system_after_insert_tg
|
||||
create trigger build_rbac_system_after_insert_tg
|
||||
after insert on hs_booking.item
|
||||
for each row
|
||||
execute procedure hs_booking.item_build_rbac_system_after_insert_tf();
|
||||
@ -261,7 +261,7 @@ call rbac.generateRbacIdentityViewFromProjection('hs_booking.item',
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RbacRestrictedViewGenerator:hs-booking-item-rbac-RESTRICTED-VIEW runOnChange:true validCheckSum:ANY endDelimiter:--//
|
||||
--changeset RbacRestrictedViewGenerator:hs-booking-item-rbac-RESTRICTED-VIEW endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call rbac.generateRbacRestrictedView('hs_booking.item',
|
||||
$orderBy$
|
||||
@ -277,7 +277,7 @@ call rbac.generateRbacRestrictedView('hs_booking.item',
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RbacRbacSystemRebuildGenerator:hs-booking-item-rbac-rebuild runOnChange:true validCheckSum:ANY endDelimiter:--//
|
||||
--changeset RbacRbacSystemRebuildGenerator:hs-booking-item-rbac-rebuild endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
-- HOWTO: Rebuild RBAC-system for table hs_booking.item after changing its RBAC specification.
|
||||
|
||||
@ -17,7 +17,7 @@ call rbac.generateRbacRoleDescriptors('hs_hosting.asset');
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RolesGrantsAndPermissionsGenerator:hs-hosting-asset-rbac-insert-trigger runOnChange:true validCheckSum:ANY endDelimiter:--//
|
||||
--changeset RolesGrantsAndPermissionsGenerator:hs-hosting-asset-rbac-insert-trigger endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
/*
|
||||
@ -105,7 +105,7 @@ begin
|
||||
return NEW;
|
||||
end; $$;
|
||||
|
||||
create or replace trigger build_rbac_system_after_insert_tg
|
||||
create trigger build_rbac_system_after_insert_tg
|
||||
after insert on hs_hosting.asset
|
||||
for each row
|
||||
execute procedure hs_hosting.asset_build_rbac_system_after_insert_tf();
|
||||
@ -113,7 +113,7 @@ execute procedure hs_hosting.asset_build_rbac_system_after_insert_tf();
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RolesGrantsAndPermissionsGenerator:hs-hosting-asset-rbac-update-trigger runOnChange:true validCheckSum:ANY endDelimiter:--//
|
||||
--changeset RolesGrantsAndPermissionsGenerator:hs-hosting-asset-rbac-update-trigger endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
/*
|
||||
@ -147,7 +147,7 @@ begin
|
||||
return NEW;
|
||||
end; $$;
|
||||
|
||||
create or replace trigger update_rbac_system_after_update_tg
|
||||
create trigger update_rbac_system_after_update_tg
|
||||
after update on hs_hosting.asset
|
||||
for each row
|
||||
execute procedure hs_hosting.asset_update_rbac_system_after_update_tf();
|
||||
@ -166,7 +166,7 @@ call rbac.generateRbacIdentityViewFromProjection('hs_hosting.asset',
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RbacRestrictedViewGenerator:hs-hosting-asset-rbac-RESTRICTED-VIEW runOnChange:true validCheckSum:ANY endDelimiter:--//
|
||||
--changeset RbacRestrictedViewGenerator:hs-hosting-asset-rbac-RESTRICTED-VIEW endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call rbac.generateRbacRestrictedView('hs_hosting.asset',
|
||||
$orderBy$
|
||||
@ -183,7 +183,7 @@ call rbac.generateRbacRestrictedView('hs_hosting.asset',
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RbacRbacSystemRebuildGenerator:hs-hosting-asset-rbac-rebuild runOnChange:true validCheckSum:ANY endDelimiter:--//
|
||||
--changeset RbacRbacSystemRebuildGenerator:hs-hosting-asset-rbac-rebuild endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
-- HOWTO: Rebuild RBAC-system for table hs_hosting.asset after changing its RBAC specification.
|
||||
|
||||
@ -37,7 +37,6 @@ import static org.springframework.test.context.jdbc.Sql.ExecutionPhase.BEFORE_TE
|
||||
@Tag("officeIntegrationTest")
|
||||
@DataJpaTest(properties = {
|
||||
"spring.datasource.url=jdbc:tc:postgresql:15.5-bookworm:///liquibaseMigrationTestTC",
|
||||
"hsadminng.superuser=${HSADMINNG_SUPERUSER:import-superuser@hostsharing.net}",
|
||||
"spring.liquibase.enabled=false" // @Sql should go first, Liquibase will be initialized programmatically
|
||||
})
|
||||
@DirtiesContext
|
||||
|
||||
@ -87,7 +87,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle
|
||||
"memberNumberSuffix": "01",
|
||||
"validFrom": "2022-10-01",
|
||||
"validTo": "2024-12-30",
|
||||
"status": "CANCELLED"
|
||||
"status": "ACTIVE"
|
||||
},
|
||||
{
|
||||
"partner": { "partnerNumber": "P-10002" },
|
||||
@ -95,7 +95,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle
|
||||
"memberNumberSuffix": "02",
|
||||
"validFrom": "2022-10-01",
|
||||
"validTo": "2025-12-31",
|
||||
"status": "CANCELLED"
|
||||
"status": "ACTIVE"
|
||||
},
|
||||
{
|
||||
"partner": { "partnerNumber": "P-10003" },
|
||||
@ -134,7 +134,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle
|
||||
"memberNumberSuffix": "01",
|
||||
"validFrom": "2022-10-01",
|
||||
"validTo": "2024-12-30",
|
||||
"status": "CANCELLED"
|
||||
"status": "ACTIVE"
|
||||
}
|
||||
]
|
||||
"""));
|
||||
@ -162,7 +162,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle
|
||||
"memberNumberSuffix": "02",
|
||||
"validFrom": "2022-10-01",
|
||||
"validTo": "2025-12-31",
|
||||
"status": "CANCELLED"
|
||||
"status": "ACTIVE"
|
||||
}
|
||||
]
|
||||
"""));
|
||||
@ -240,7 +240,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle
|
||||
"memberNumberSuffix": "01",
|
||||
"validFrom": "2022-10-01",
|
||||
"validTo": "2024-12-30",
|
||||
"status": "CANCELLED"
|
||||
"status": "ACTIVE"
|
||||
}
|
||||
""")); // @formatter:on
|
||||
}
|
||||
@ -326,7 +326,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle
|
||||
.matches(mandate -> {
|
||||
assertThat(mandate.getPartner().toShortString()).isEqualTo("P-10001");
|
||||
assertThat(mandate.getMemberNumberSuffix()).isEqualTo(givenMembership.getMemberNumberSuffix());
|
||||
assertThat(mandate.getValidity().asString()).isEqualTo("[2025-02-01,2026-01-01)");
|
||||
assertThat(mandate.getValidity().asString()).isEqualTo("[2022-11-01,2026-01-01)");
|
||||
assertThat(mandate.getStatus()).isEqualTo(CANCELLED);
|
||||
return true;
|
||||
});
|
||||
|
||||
@ -191,8 +191,8 @@ class HsOfficeMembershipRepositoryIntegrationTest extends ContextBasedTestWithCl
|
||||
// then
|
||||
exactlyTheseMembershipsAreReturned(
|
||||
result,
|
||||
"Membership(M-1000101, P-10001, [2022-10-01,2024-12-31), CANCELLED)",
|
||||
"Membership(M-1000202, P-10002, [2022-10-01,2026-01-01), CANCELLED)",
|
||||
"Membership(M-1000101, P-10001, [2022-10-01,2024-12-31), ACTIVE)",
|
||||
"Membership(M-1000202, P-10002, [2022-10-01,2026-01-01), ACTIVE)",
|
||||
"Membership(M-1000303, P-10003, [2022-10-01,), ACTIVE)");
|
||||
}
|
||||
|
||||
@ -208,7 +208,7 @@ class HsOfficeMembershipRepositoryIntegrationTest extends ContextBasedTestWithCl
|
||||
// then
|
||||
exactlyTheseMembershipsAreReturned(
|
||||
result,
|
||||
"Membership(M-1000101, P-10001, [2022-10-01,2024-12-31), CANCELLED)");
|
||||
"Membership(M-1000101, P-10001, [2022-10-01,2024-12-31), ACTIVE)");
|
||||
}
|
||||
|
||||
@Test
|
||||
@ -223,7 +223,7 @@ class HsOfficeMembershipRepositoryIntegrationTest extends ContextBasedTestWithCl
|
||||
assertThat(result)
|
||||
.isNotNull()
|
||||
.extracting(Object::toString)
|
||||
.isEqualTo("Membership(M-1000202, P-10002, [2022-10-01,2026-01-01), CANCELLED)");
|
||||
.isEqualTo("Membership(M-1000202, P-10002, [2022-10-01,2026-01-01), ACTIVE)");
|
||||
}
|
||||
|
||||
@Test
|
||||
@ -238,7 +238,7 @@ class HsOfficeMembershipRepositoryIntegrationTest extends ContextBasedTestWithCl
|
||||
assertThat(result)
|
||||
.isNotNull()
|
||||
.extracting(Object::toString)
|
||||
.isEqualTo("Membership(M-1000202, P-10002, [2022-10-01,2026-01-01), CANCELLED)");
|
||||
.isEqualTo("Membership(M-1000202, P-10002, [2022-10-01,2026-01-01), ACTIVE)");
|
||||
}
|
||||
|
||||
@Test
|
||||
@ -252,7 +252,7 @@ class HsOfficeMembershipRepositoryIntegrationTest extends ContextBasedTestWithCl
|
||||
// then
|
||||
exactlyTheseMembershipsAreReturned(
|
||||
result,
|
||||
"Membership(M-1000202, P-10002, [2022-10-01,2026-01-01), CANCELLED)");
|
||||
"Membership(M-1000202, P-10002, [2022-10-01,2026-01-01), ACTIVE)");
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -411,10 +411,10 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu
|
||||
});
|
||||
|
||||
// and an ex-partner-relation got created
|
||||
final var newPartnerPersonUuid = givenPartner.getPartnerRel().getHolder().getUuid();
|
||||
assertThat(relationRepo.findRelationRelatedToPersonUuidRelationTypeMarkPersonAndContactData(newPartnerPersonUuid, EX_PARTNER, null, null, null))
|
||||
final var anchorpartnerPersonUUid = givenPartner.getPartnerRel().getAnchor().getUuid();
|
||||
assertThat(relationRepo.findRelationRelatedToPersonUuidRelationTypeMarkPersonAndContactData(anchorpartnerPersonUUid, EX_PARTNER, null, null, null))
|
||||
.map(HsOfficeRelation::toShortString)
|
||||
.contains("rel(anchor='NP Winkler, Paul', type='EX_PARTNER', holder='UF Erben Bessler')");
|
||||
.contains("rel(anchor='LP Hostsharing eG', type='EX_PARTNER', holder='UF Erben Bessler')");
|
||||
}
|
||||
|
||||
@Test
|
||||
|
||||
@ -28,7 +28,6 @@ import static net.hostsharing.hsadminng.hs.office.person.HsOfficePersonType.NATU
|
||||
import static net.hostsharing.hsadminng.hs.office.person.HsOfficePersonType.UNINCORPORATED_FIRM;
|
||||
import static net.hostsharing.hsadminng.rbac.grant.RawRbacGrantEntity.distinctGrantDisplaysOf;
|
||||
import static net.hostsharing.hsadminng.rbac.role.RawRbacRoleEntity.distinctRoleNamesOf;
|
||||
import static net.hostsharing.hsadminng.rbac.role.RbacRoleType.ADMIN;
|
||||
import static net.hostsharing.hsadminng.rbac.test.JpaAttempt.attempt;
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
|
||||
@ -284,44 +283,7 @@ class HsOfficeRelationRepositoryIntegrationTest extends ContextBasedTestWithClea
|
||||
result.returnedValue(),
|
||||
"hs_office.contact#fifthcontact:ADMIN");
|
||||
|
||||
// FIXME relationRbacRepo.deleteByUuid(givenRelation.getUuid());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void hostsharingAdmin_withoutAssumedRole_canUpdateHolderOfArbitraryRelation() {
|
||||
// given
|
||||
context("superuser-alex@hostsharing.net");
|
||||
final var givenRelation = givenSomeTemporaryRelationBessler(
|
||||
"Bert", "fifth contact");
|
||||
final var oldHolderPerson = givenRelation.getHolder();
|
||||
final var newHolderPerson = personRepo.findPersonByOptionalNameLike("Paul").getFirst();
|
||||
assertThatRelationActuallyInDatabase(givenRelation);
|
||||
assertThatRelationIsVisibleForUserWithRole(
|
||||
givenRelation,
|
||||
givenRelation.getHolder().roleId(ADMIN));
|
||||
|
||||
// when
|
||||
final var result = jpaAttempt.transacted(() -> {
|
||||
context("superuser-alex@hostsharing.net");
|
||||
givenRelation.setHolder(newHolderPerson);
|
||||
return toCleanup(relationRbacRepo.save(givenRelation).load());
|
||||
});
|
||||
|
||||
// then
|
||||
result.assertSuccessful();
|
||||
assertThat(result.returnedValue().getHolder().getGivenName()).isEqualTo("Paul");
|
||||
assertThatRelationIsVisibleForUserWithRole(
|
||||
result.returnedValue(),
|
||||
"rbac.global#global:ADMIN");
|
||||
assertThatRelationIsVisibleForUserWithRole(
|
||||
result.returnedValue(),
|
||||
newHolderPerson.roleId(ADMIN));
|
||||
|
||||
assertThatRelationIsNotVisibleForUserWithRole(
|
||||
result.returnedValue(),
|
||||
oldHolderPerson.roleId(ADMIN));
|
||||
|
||||
// FIXME: relationRbacRepo.deleteByUuid(givenRelation.getUuid());
|
||||
relationRbacRepo.deleteByUuid(givenRelation.getUuid());
|
||||
}
|
||||
|
||||
@Test
|
||||
@ -334,17 +296,13 @@ class HsOfficeRelationRepositoryIntegrationTest extends ContextBasedTestWithClea
|
||||
givenRelation,
|
||||
"hs_office.relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerAnita:AGENT");
|
||||
assertThatRelationActuallyInDatabase(givenRelation);
|
||||
final var givenContact = contactRealRepo.findContactByOptionalCaptionLike("sixth contact")
|
||||
.stream()
|
||||
.findFirst()
|
||||
.orElseThrow();
|
||||
|
||||
// when
|
||||
final var result = jpaAttempt.transacted(() -> {
|
||||
context(
|
||||
"superuser-alex@hostsharing.net",
|
||||
"hs_office.relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerAnita:AGENT");
|
||||
givenRelation.setContact(givenContact);
|
||||
givenRelation.setContact(null);
|
||||
return relationRbacRepo.save(givenRelation);
|
||||
});
|
||||
|
||||
|
||||
@ -12129,8 +12129,8 @@ INSERT INTO hs_office.debitor (uuid, version, debitornumbersuffix, debitorreluui
|
||||
-- Data for Name: membership; Type: TABLE DATA; Schema: hs_office; Owner: postgres
|
||||
--
|
||||
|
||||
INSERT INTO hs_office.membership (uuid, version, partneruuid, membernumbersuffix, validity, status, membershipfeebillable) VALUES ('4330e211-e36c-45ec-9332-f7593ff42811', 0, 'c27d1b0c-7e43-4b64-ae69-4317f51023ba', '01', '[2022-10-01,2025-01-01)', 'ACTIVE', true);
|
||||
INSERT INTO hs_office.membership (uuid, version, partneruuid, membernumbersuffix, validity, status, membershipfeebillable) VALUES ('bed3c145-aa55-425f-9211-be9f5e9f4ebe', 0, '11583dae-da71-4786-a61d-d70f51ce988e', '02', '[2022-10-01,2026-01-01)', 'ACTIVE', true);
|
||||
INSERT INTO hs_office.membership (uuid, version, partneruuid, membernumbersuffix, validity, status, membershipfeebillable) VALUES ('4330e211-e36c-45ec-9332-f7593ff42811', 0, 'c27d1b0c-7e43-4b64-ae69-4317f51023ba', '01', '[2022-10-01,)', 'ACTIVE', true);
|
||||
INSERT INTO hs_office.membership (uuid, version, partneruuid, membernumbersuffix, validity, status, membershipfeebillable) VALUES ('bed3c145-aa55-425f-9211-be9f5e9f4ebe', 0, '11583dae-da71-4786-a61d-d70f51ce988e', '02', '[2022-10-01,)', 'ACTIVE', true);
|
||||
INSERT INTO hs_office.membership (uuid, version, partneruuid, membernumbersuffix, validity, status, membershipfeebillable) VALUES ('a42d61c5-7dad-4379-9dd9-39a8d21ddc32', 0, '7fe704c0-2e54-463e-891e-533f0274da76', '03', '[2022-10-01,)', 'ACTIVE', true);
|
||||
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user