hostsharing/hs.hsadmin.ng
6
0
Fork 0
Code Pull Requests 3 Activity

Compare commits

merge into: hostsharing:master
Branches Tags
hostsharing:master
hostsharing:feature/update-relations-when-updating-partner-person
hostsharing:feature/updatable-relation-holder
hostsharing:TP-20250224-addSepaMandateWithBankAccountData
hostsharing:feature/add-scenario-test-for-deceased-partner-with-community-of-heirs
hostsharing:feature/faster-hosting-assets-import-by-using-sql
hostsharing:maintenance/upgrade-to-gradle-9
hostsharing:OFFICE_MIGRATION_JANUARY_2025
hostsharing:bugfix/swagger-ui-on-management-port-to-bypass-cas
hostsharing:office-rbac-revision
hostsharing:feature/introduce-global-agent-for-non-hostmaster-admins
hostsharing:spike/auto-build
hostsharing:java-for-gradlew
hostsharing:TP-202408-cors_webui
hostsharing:idea-bug-refactor-inline
hostsharing:api-vision
hostsharing:rbac-object-scope-to-replace-serial-id
hostsharing:office-related-spec-clarifications-and-amendmends
hostsharing:revert-upgrade-openapiprocessor-spring-back-to-2022-5
hostsharing:upgrade-io.openapiprocessoropenapi-processor-spring-to-2024.2
hostsharing:spike/JSonSerializerDeserializerForDTOs
hostsharing:spike/master-detail-for-customer-and-contacts
...
pull from: hostsharing:feature/update-relations-when-updating-partner-person
Branches Tags
hostsharing:feature/update-relations-when-updating-partner-person
hostsharing:feature/updatable-relation-holder
hostsharing:master
hostsharing:TP-20250224-addSepaMandateWithBankAccountData
hostsharing:feature/add-scenario-test-for-deceased-partner-with-community-of-heirs
hostsharing:feature/faster-hosting-assets-import-by-using-sql
hostsharing:maintenance/upgrade-to-gradle-9
hostsharing:OFFICE_MIGRATION_JANUARY_2025
hostsharing:bugfix/swagger-ui-on-management-port-to-bypass-cas
hostsharing:office-rbac-revision
hostsharing:feature/introduce-global-agent-for-non-hostmaster-admins
hostsharing:spike/auto-build
hostsharing:java-for-gradlew
hostsharing:TP-202408-cors_webui
hostsharing:idea-bug-refactor-inline
hostsharing:api-vision
hostsharing:rbac-object-scope-to-replace-serial-id
hostsharing:office-related-spec-clarifications-and-amendmends
hostsharing:revert-upgrade-openapiprocessor-spring-back-to-2022-5
hostsharing:upgrade-io.openapiprocessoropenapi-processor-spring-to-2024.2
hostsharing:spike/JSonSerializerDeserializerForDTOs
hostsharing:spike/master-detail-for-customer-and-contacts

5 Commits
master ... feature/up

Author SHA1 Message Date
Michael Hoennig
25bed710fb use the new partner-person for ex-partner-relation 2025-02-26 11:50:47 +01:00
Michael Hoennig
7a2b1b6280 move the changes to the RBACSpec generator 2025-02-26 10:57:15 +01:00
Michael Hoennig
4a2091770f fix gw-test to fail after first gradlew failure 2025-02-26 10:56:52 +01:00
Michael Hoennig
52703d7b1d fix test data and related assertions 2025-02-26 09:13:14 +01:00
Michael Hoennig
512035b5b4 updatable relation anchor and holder 2025-02-26 09:13:00 +01:00
31 changed files with 199 additions and 124 deletions
Show Stats Expand all files Collapse all files

2
.aliases
View File

@ -109,8 +109,10 @@ function _gwTest1() {
echo "RUNNING gw $@" echo "RUNNING gw $@"
printf -- '-%0.s' {1..80}; echo printf -- '-%0.s' {1..80}; echo
./gradlew "$@" ./gradlew "$@"
local buildResultCode=$?
printf -- '-%0.s' {1..80}; echo printf -- '-%0.s' {1..80}; echo
echo "DONE gw $@" echo "DONE gw $@"
return $buildResultCode
} }
function _gwTest() { function _gwTest() {
. .aliases . .aliases

5
src/main/java/net/hostsharing/hsadminng/hs/office/partner/HsOfficePartnerController.java
View File

@ -170,8 +170,9 @@ public class HsOfficePartnerController implements HsOfficePartnersApi {
private void optionallyCreateExPartnerRelation(final HsOfficePartnerRbacEntity saved, final HsOfficeRelationRealEntity previousPartnerRel) { private void optionallyCreateExPartnerRelation(final HsOfficePartnerRbacEntity saved, final HsOfficeRelationRealEntity previousPartnerRel) {
if (!saved.getPartnerRel().getUuid().equals(previousPartnerRel.getUuid())) { if (!saved.getPartnerRel().getUuid().equals(previousPartnerRel.getUuid())) {
// TODO.impl: we also need to use the new partner-person as the anchor relationRepo.save(previousPartnerRel.toBuilder().uuid(null)
relationRepo.save(previousPartnerRel.toBuilder().uuid(null).type(EX_PARTNER).build()); .type(EX_PARTNER).anchor(saved.getPartnerRel().getHolder())
.build());
} }
} }

2
src/main/java/net/hostsharing/hsadminng/hs/office/relation/HsOfficeRelationRbacEntity.java
View File

@ -51,7 +51,7 @@ public class HsOfficeRelationRbacEntity extends HsOfficeRelation {
""")) """))
.withRestrictedViewOrderBy(SQL.expression( .withRestrictedViewOrderBy(SQL.expression(
"(select idName from hs_office.person_iv p where p.uuid = target.holderUuid)")) "(select idName from hs_office.person_iv p where p.uuid = target.holderUuid)"))
.withUpdatableColumns("contactUuid") .withUpdatableColumns("anchorUuid", "holderUuid", "contactUuid")
.importEntityAlias("anchorPerson", HsOfficePersonRbacEntity.class, usingDefaultCase(), .importEntityAlias("anchorPerson", HsOfficePersonRbacEntity.class, usingDefaultCase(),
dependsOnColumn("anchorUuid"), dependsOnColumn("anchorUuid"),
directlyFetchedByDependsOnColumn(), directlyFetchedByDependsOnColumn(),

2
src/main/java/net/hostsharing/hsadminng/rbac/generator/RbacRbacSystemRebuildGenerator.java
View File

@ -22,7 +22,7 @@ class RbacRbacSystemRebuildGenerator {
void generateTo(final StringWriter plPgSql) { void generateTo(final StringWriter plPgSql) {
plPgSql.writeLn(""" plPgSql.writeLn("""
-- ============================================================================ -- ============================================================================
--changeset RbacRbacSystemRebuildGenerator:${liquibaseTagPrefix}-rbac-rebuild endDelimiter:--// --changeset RbacRbacSystemRebuildGenerator:${liquibaseTagPrefix}-rbac-rebuild runOnChange:true validCheckSum:ANY endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
-- HOWTO: Rebuild RBAC-system for table ${rawTableName} after changing its RBAC specification. -- HOWTO: Rebuild RBAC-system for table ${rawTableName} after changing its RBAC specification.

2
src/main/java/net/hostsharing/hsadminng/rbac/generator/RbacRestrictedViewGenerator.java
View File

@ -19,7 +19,7 @@ public class RbacRestrictedViewGenerator {
void generateTo(final StringWriter plPgSql) { void generateTo(final StringWriter plPgSql) {
plPgSql.writeLn(""" plPgSql.writeLn("""
-- ============================================================================ -- ============================================================================
--changeset RbacRestrictedViewGenerator:${liquibaseTagPrefix}-rbac-RESTRICTED-VIEW endDelimiter:--// --changeset RbacRestrictedViewGenerator:${liquibaseTagPrefix}-rbac-RESTRICTED-VIEW runOnChange:true validCheckSum:ANY endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call rbac.generateRbacRestrictedView('${rawTableName}', call rbac.generateRbacRestrictedView('${rawTableName}',
$orderBy$ $orderBy$

7
src/main/java/net/hostsharing/hsadminng/rbac/generator/RolesGrantsAndPermissionsGenerator.java
View File

@ -52,7 +52,7 @@ class RolesGrantsAndPermissionsGenerator {
private void generateHeader(final StringWriter plPgSql, final String triggerType) { private void generateHeader(final StringWriter plPgSql, final String triggerType) {
plPgSql.writeLn(""" plPgSql.writeLn("""
-- ============================================================================ -- ============================================================================
--changeset RolesGrantsAndPermissionsGenerator:${liquibaseTagPrefix}-rbac-${triggerType}-trigger endDelimiter:--// --changeset RolesGrantsAndPermissionsGenerator:${liquibaseTagPrefix}-rbac-${triggerType}-trigger runOnChange:true validCheckSum:ANY endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
""", """,
with("liquibaseTagPrefix", liquibaseTagPrefix), with("liquibaseTagPrefix", liquibaseTagPrefix),
@ -523,12 +523,11 @@ class RolesGrantsAndPermissionsGenerator {
return NEW; return NEW;
end; $$; end; $$;
create trigger build_rbac_system_after_insert_tg create or replace trigger build_rbac_system_after_insert_tg
after insert on ${rawTableQualifiedName} after insert on ${rawTableQualifiedName}
for each row for each row
execute procedure ${rawTableQualifiedName}_build_rbac_system_after_insert_tf(); execute procedure ${rawTableQualifiedName}_build_rbac_system_after_insert_tf();
""" """
.replace("${schemaPrefix}", schemaPrefix(qualifiedRawTableName))
.replace("${rawTableQualifiedName}", qualifiedRawTableName) .replace("${rawTableQualifiedName}", qualifiedRawTableName)
); );
@ -558,7 +557,7 @@ class RolesGrantsAndPermissionsGenerator {
return NEW; return NEW;
end; $$; end; $$;
create trigger update_rbac_system_after_update_tg create or replace trigger update_rbac_system_after_update_tg
after update on ${rawTableQualifiedName} after update on ${rawTableQualifiedName}
for each row for each row
execute procedure ${rawTableQualifiedName}_update_rbac_system_after_update_tf(); execute procedure ${rawTableQualifiedName}_update_rbac_system_after_update_tf();

12
src/main/resources/db/changelog/1-rbac/1058-rbac-generators.sql
View File

@ -235,7 +235,7 @@ begin
*/ */
newColumns := 'new.' || replace(columnNames, ', ', ', new.'); newColumns := 'new.' || replace(columnNames, ', ', ', new.');
sql := format($sql$ sql := format($sql$
create function %1$s_instead_of_insert_tf() create or replace function %1$s_instead_of_insert_tf()
returns trigger returns trigger
language plpgsql as $f$ language plpgsql as $f$
declare declare
@ -254,7 +254,7 @@ begin
Creates an instead of insert trigger for the restricted view. Creates an instead of insert trigger for the restricted view.
*/ */
sql := format($sql$ sql := format($sql$
create trigger instead_of_insert_tg create or replace trigger instead_of_insert_tg
instead of insert instead of insert
on %1$s_rv on %1$s_rv
for each row for each row
@ -266,7 +266,7 @@ begin
Instead of delete trigger function for the restricted view. Instead of delete trigger function for the restricted view.
*/ */
sql := format($sql$ sql := format($sql$
create function %1$s_instead_of_delete_tf() create or replace function %1$s_instead_of_delete_tf()
returns trigger returns trigger
language plpgsql as $f$ language plpgsql as $f$
begin begin
@ -283,7 +283,7 @@ begin
Creates an instead of delete trigger for the restricted view. Creates an instead of delete trigger for the restricted view.
*/ */
sql := format($sql$ sql := format($sql$
create trigger instead_of_delete_tg create or replace trigger instead_of_delete_tg
instead of delete instead of delete
on %1$s_rv on %1$s_rv
for each row for each row
@ -297,7 +297,7 @@ begin
*/ */
if columnUpdates is not null then if columnUpdates is not null then
sql := format($sql$ sql := format($sql$
create function %1$s_instead_of_update_tf() create or replace function %1$s_instead_of_update_tf()
returns trigger returns trigger
language plpgsql as $f$ language plpgsql as $f$
begin begin
@ -316,7 +316,7 @@ begin
Creates an instead of delete trigger for the restricted view. Creates an instead of delete trigger for the restricted view.
*/ */
sql = format($sql$ sql = format($sql$
create trigger instead_of_update_tg create or replace trigger instead_of_update_tg
instead of update instead of update
on %1$s_rv on %1$s_rv
for each row for each row

8
src/main/resources/db/changelog/2-rbactest/201-rbactest-customer/2013-rbactest-customer-rbac.sql
View File

@ -17,7 +17,7 @@ call rbac.generateRbacRoleDescriptors('rbactest.customer');
-- ============================================================================ -- ============================================================================
--changeset RolesGrantsAndPermissionsGenerator:rbactest-customer-rbac-insert-trigger endDelimiter:--// --changeset RolesGrantsAndPermissionsGenerator:rbactest-customer-rbac-insert-trigger runOnChange:true validCheckSum:ANY endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
/* /*
@ -69,7 +69,7 @@ begin
return NEW; return NEW;
end; $$; end; $$;
create trigger build_rbac_system_after_insert_tg create or replace trigger build_rbac_system_after_insert_tg
after insert on rbactest.customer after insert on rbactest.customer
for each row for each row
execute procedure rbactest.customer_build_rbac_system_after_insert_tf(); execute procedure rbactest.customer_build_rbac_system_after_insert_tf();
@ -165,7 +165,7 @@ call rbac.generateRbacIdentityViewFromProjection('rbactest.customer',
-- ============================================================================ -- ============================================================================
--changeset RbacRestrictedViewGenerator:rbactest-customer-rbac-RESTRICTED-VIEW endDelimiter:--// --changeset RbacRestrictedViewGenerator:rbactest-customer-rbac-RESTRICTED-VIEW runOnChange:true validCheckSum:ANY endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call rbac.generateRbacRestrictedView('rbactest.customer', call rbac.generateRbacRestrictedView('rbactest.customer',
$orderBy$ $orderBy$
@ -180,7 +180,7 @@ call rbac.generateRbacRestrictedView('rbactest.customer',
-- ============================================================================ -- ============================================================================
--changeset RbacRbacSystemRebuildGenerator:rbactest-customer-rbac-rebuild endDelimiter:--// --changeset RbacRbacSystemRebuildGenerator:rbactest-customer-rbac-rebuild runOnChange:true validCheckSum:ANY endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
-- HOWTO: Rebuild RBAC-system for table rbactest.customer after changing its RBAC specification. -- HOWTO: Rebuild RBAC-system for table rbactest.customer after changing its RBAC specification.

12
src/main/resources/db/changelog/2-rbactest/202-rbactest-package/2023-rbactest-package-rbac.sql
View File

@ -17,7 +17,7 @@ call rbac.generateRbacRoleDescriptors('rbactest.package');
-- ============================================================================ -- ============================================================================
--changeset RolesGrantsAndPermissionsGenerator:rbactest-package-rbac-insert-trigger endDelimiter:--// --changeset RolesGrantsAndPermissionsGenerator:rbactest-package-rbac-insert-trigger runOnChange:true validCheckSum:ANY endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
/* /*
@ -73,7 +73,7 @@ begin
return NEW; return NEW;
end; $$; end; $$;
create trigger build_rbac_system_after_insert_tg create or replace trigger build_rbac_system_after_insert_tg
after insert on rbactest.package after insert on rbactest.package
for each row for each row
execute procedure rbactest.package_build_rbac_system_after_insert_tf(); execute procedure rbactest.package_build_rbac_system_after_insert_tf();
@ -81,7 +81,7 @@ execute procedure rbactest.package_build_rbac_system_after_insert_tf();
-- ============================================================================ -- ============================================================================
--changeset RolesGrantsAndPermissionsGenerator:rbactest-package-rbac-update-trigger endDelimiter:--// --changeset RolesGrantsAndPermissionsGenerator:rbactest-package-rbac-update-trigger runOnChange:true validCheckSum:ANY endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
/* /*
@ -134,7 +134,7 @@ begin
return NEW; return NEW;
end; $$; end; $$;
create trigger update_rbac_system_after_update_tg create or replace trigger update_rbac_system_after_update_tg
after update on rbactest.package after update on rbactest.package
for each row for each row
execute procedure rbactest.package_update_rbac_system_after_update_tf(); execute procedure rbactest.package_update_rbac_system_after_update_tf();
@ -230,7 +230,7 @@ call rbac.generateRbacIdentityViewFromProjection('rbactest.package',
-- ============================================================================ -- ============================================================================
--changeset RbacRestrictedViewGenerator:rbactest-package-rbac-RESTRICTED-VIEW endDelimiter:--// --changeset RbacRestrictedViewGenerator:rbactest-package-rbac-RESTRICTED-VIEW runOnChange:true validCheckSum:ANY endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call rbac.generateRbacRestrictedView('rbactest.package', call rbac.generateRbacRestrictedView('rbactest.package',
$orderBy$ $orderBy$
@ -245,7 +245,7 @@ call rbac.generateRbacRestrictedView('rbactest.package',
-- ============================================================================ -- ============================================================================
--changeset RbacRbacSystemRebuildGenerator:rbactest-package-rbac-rebuild endDelimiter:--// --changeset RbacRbacSystemRebuildGenerator:rbactest-package-rbac-rebuild runOnChange:true validCheckSum:ANY endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
-- HOWTO: Rebuild RBAC-system for table rbactest.package after changing its RBAC specification. -- HOWTO: Rebuild RBAC-system for table rbactest.package after changing its RBAC specification.

12
src/main/resources/db/changelog/2-rbactest/203-rbactest-domain/2033-rbactest-domain-rbac.sql
View File

@ -17,7 +17,7 @@ call rbac.generateRbacRoleDescriptors('rbactest.domain');
-- ============================================================================ -- ============================================================================
--changeset RolesGrantsAndPermissionsGenerator:rbactest-domain-rbac-insert-trigger endDelimiter:--// --changeset RolesGrantsAndPermissionsGenerator:rbactest-domain-rbac-insert-trigger runOnChange:true validCheckSum:ANY endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
/* /*
@ -69,7 +69,7 @@ begin
return NEW; return NEW;
end; $$; end; $$;
create trigger build_rbac_system_after_insert_tg create or replace trigger build_rbac_system_after_insert_tg
after insert on rbactest.domain after insert on rbactest.domain
for each row for each row
execute procedure rbactest.domain_build_rbac_system_after_insert_tf(); execute procedure rbactest.domain_build_rbac_system_after_insert_tf();
@ -77,7 +77,7 @@ execute procedure rbactest.domain_build_rbac_system_after_insert_tf();
-- ============================================================================ -- ============================================================================
--changeset RolesGrantsAndPermissionsGenerator:rbactest-domain-rbac-update-trigger endDelimiter:--// --changeset RolesGrantsAndPermissionsGenerator:rbactest-domain-rbac-update-trigger runOnChange:true validCheckSum:ANY endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
/* /*
@ -133,7 +133,7 @@ begin
return NEW; return NEW;
end; $$; end; $$;
create trigger update_rbac_system_after_update_tg create or replace trigger update_rbac_system_after_update_tg
after update on rbactest.domain after update on rbactest.domain
for each row for each row
execute procedure rbactest.domain_update_rbac_system_after_update_tf(); execute procedure rbactest.domain_update_rbac_system_after_update_tf();
@ -229,7 +229,7 @@ call rbac.generateRbacIdentityViewFromProjection('rbactest.domain',
-- ============================================================================ -- ============================================================================
--changeset RbacRestrictedViewGenerator:rbactest-domain-rbac-RESTRICTED-VIEW endDelimiter:--// --changeset RbacRestrictedViewGenerator:rbactest-domain-rbac-RESTRICTED-VIEW runOnChange:true validCheckSum:ANY endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call rbac.generateRbacRestrictedView('rbactest.domain', call rbac.generateRbacRestrictedView('rbactest.domain',
$orderBy$ $orderBy$
@ -244,7 +244,7 @@ call rbac.generateRbacRestrictedView('rbactest.domain',
-- ============================================================================ -- ============================================================================
--changeset RbacRbacSystemRebuildGenerator:rbactest-domain-rbac-rebuild endDelimiter:--// --changeset RbacRbacSystemRebuildGenerator:rbactest-domain-rbac-rebuild runOnChange:true validCheckSum:ANY endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
-- HOWTO: Rebuild RBAC-system for table rbactest.domain after changing its RBAC specification. -- HOWTO: Rebuild RBAC-system for table rbactest.domain after changing its RBAC specification.

8
src/main/resources/db/changelog/5-hs-office/501-contact/5013-hs-office-contact-rbac.sql
View File

@ -17,7 +17,7 @@ call rbac.generateRbacRoleDescriptors('hs_office.contact');
-- ============================================================================ -- ============================================================================
--changeset RolesGrantsAndPermissionsGenerator:hs-office-contact-rbac-insert-trigger endDelimiter:--// --changeset RolesGrantsAndPermissionsGenerator:hs-office-contact-rbac-insert-trigger runOnChange:true validCheckSum:ANY endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
/* /*
@ -69,7 +69,7 @@ begin
return NEW; return NEW;
end; $$; end; $$;
create trigger build_rbac_system_after_insert_tg create or replace trigger build_rbac_system_after_insert_tg
after insert on hs_office.contact after insert on hs_office.contact
for each row for each row
execute procedure hs_office.contact_build_rbac_system_after_insert_tf(); execute procedure hs_office.contact_build_rbac_system_after_insert_tf();
@ -88,7 +88,7 @@ call rbac.generateRbacIdentityViewFromProjection('hs_office.contact',
-- ============================================================================ -- ============================================================================
--changeset RbacRestrictedViewGenerator:hs-office-contact-rbac-RESTRICTED-VIEW endDelimiter:--// --changeset RbacRestrictedViewGenerator:hs-office-contact-rbac-RESTRICTED-VIEW runOnChange:true validCheckSum:ANY endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call rbac.generateRbacRestrictedView('hs_office.contact', call rbac.generateRbacRestrictedView('hs_office.contact',
$orderBy$ $orderBy$
@ -104,7 +104,7 @@ call rbac.generateRbacRestrictedView('hs_office.contact',
-- ============================================================================ -- ============================================================================
--changeset RbacRbacSystemRebuildGenerator:hs-office-contact-rbac-rebuild endDelimiter:--// --changeset RbacRbacSystemRebuildGenerator:hs-office-contact-rbac-rebuild runOnChange:true validCheckSum:ANY endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
-- HOWTO: Rebuild RBAC-system for table hs_office.contact after changing its RBAC specification. -- HOWTO: Rebuild RBAC-system for table hs_office.contact after changing its RBAC specification.

8
src/main/resources/db/changelog/5-hs-office/502-person/5023-hs-office-person-rbac.sql
View File

@ -17,7 +17,7 @@ call rbac.generateRbacRoleDescriptors('hs_office.person');
-- ============================================================================ -- ============================================================================
--changeset RolesGrantsAndPermissionsGenerator:hs-office-person-rbac-insert-trigger endDelimiter:--// --changeset RolesGrantsAndPermissionsGenerator:hs-office-person-rbac-insert-trigger runOnChange:true validCheckSum:ANY endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
/* /*
@ -69,7 +69,7 @@ begin
return NEW; return NEW;
end; $$; end; $$;
create trigger build_rbac_system_after_insert_tg create or replace trigger build_rbac_system_after_insert_tg
after insert on hs_office.person after insert on hs_office.person
for each row for each row
execute procedure hs_office.person_build_rbac_system_after_insert_tf(); execute procedure hs_office.person_build_rbac_system_after_insert_tf();
@ -88,7 +88,7 @@ call rbac.generateRbacIdentityViewFromProjection('hs_office.person',
-- ============================================================================ -- ============================================================================
--changeset RbacRestrictedViewGenerator:hs-office-person-rbac-RESTRICTED-VIEW endDelimiter:--// --changeset RbacRestrictedViewGenerator:hs-office-person-rbac-RESTRICTED-VIEW runOnChange:true validCheckSum:ANY endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call rbac.generateRbacRestrictedView('hs_office.person', call rbac.generateRbacRestrictedView('hs_office.person',
$orderBy$ $orderBy$
@ -106,7 +106,7 @@ call rbac.generateRbacRestrictedView('hs_office.person',
-- ============================================================================ -- ============================================================================
--changeset RbacRbacSystemRebuildGenerator:hs-office-person-rbac-rebuild endDelimiter:--// --changeset RbacRbacSystemRebuildGenerator:hs-office-person-rbac-rebuild runOnChange:true validCheckSum:ANY endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
-- HOWTO: Rebuild RBAC-system for table hs_office.person after changing its RBAC specification. -- HOWTO: Rebuild RBAC-system for table hs_office.person after changing its RBAC specification.

32
src/main/resources/db/changelog/5-hs-office/503-relation/5033-hs-office-relation-rbac.sql
View File

@ -17,7 +17,7 @@ call rbac.generateRbacRoleDescriptors('hs_office.relation');
-- ============================================================================ -- ============================================================================
--changeset RolesGrantsAndPermissionsGenerator:hs-office-relation-rbac-insert-trigger endDelimiter:--// --changeset RolesGrantsAndPermissionsGenerator:hs-office-relation-rbac-insert-trigger runOnChange:true validCheckSum:ANY endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
/* /*
@ -102,7 +102,7 @@ begin
return NEW; return NEW;
end; $$; end; $$;
create trigger build_rbac_system_after_insert_tg create or replace trigger build_rbac_system_after_insert_tg
after insert on hs_office.relation after insert on hs_office.relation
for each row for each row
execute procedure hs_office.relation_build_rbac_system_after_insert_tf(); execute procedure hs_office.relation_build_rbac_system_after_insert_tf();
@ -110,7 +110,7 @@ execute procedure hs_office.relation_build_rbac_system_after_insert_tf();
-- ============================================================================ -- ============================================================================
--changeset RolesGrantsAndPermissionsGenerator:hs-office-relation-rbac-update-trigger endDelimiter:--// --changeset RolesGrantsAndPermissionsGenerator:hs-office-relation-rbac-update-trigger runOnChange:true validCheckSum:ANY endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
/* /*
@ -124,7 +124,9 @@ create or replace procedure hs_office.relation_update_rbac_system(
language plpgsql as $$ language plpgsql as $$
begin begin
if NEW.contactUuid is distinct from OLD.contactUuid then if NEW.holderUuid is distinct from OLD.holderUuid
or NEW.anchorUuid is distinct from OLD.anchorUuid
or NEW.contactUuid is distinct from OLD.contactUuid then
delete from rbac.grant g where g.grantedbytriggerof = OLD.uuid; delete from rbac.grant g where g.grantedbytriggerof = OLD.uuid;
call hs_office.relation_build_rbac_system(NEW); call hs_office.relation_build_rbac_system(NEW);
end if; end if;
@ -143,7 +145,7 @@ begin
return NEW; return NEW;
end; $$; end; $$;
create trigger update_rbac_system_after_update_tg create or replace trigger update_rbac_system_after_update_tg
after update on hs_office.relation after update on hs_office.relation
for each row for each row
execute procedure hs_office.relation_update_rbac_system_after_update_tf(); execute procedure hs_office.relation_update_rbac_system_after_update_tf();
@ -241,20 +243,22 @@ call rbac.generateRbacIdentityViewFromProjection('hs_office.relation',
-- ============================================================================ -- ============================================================================
--changeset RbacRestrictedViewGenerator:hs-office-relation-rbac-RESTRICTED-VIEW endDelimiter:--// --changeset RbacRestrictedViewGenerator:hs-office-relation-rbac-RESTRICTED-VIEW runOnChange:true validCheckSum:ANY endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call rbac.generateRbacRestrictedView('hs_office.relation', call rbac.generateRbacRestrictedView('hs_office.relation',
$orderBy$ $orderBy$
(select idName from hs_office.person_iv p where p.uuid = target.holderUuid) (select idName from hs_office.person_iv p where p.uuid = target.holderUuid)
$orderBy$, $orderBy$,
$updates$ $updates$
anchorUuid = new.anchorUuid,
holderUuid = new.holderUuid,
contactUuid = new.contactUuid contactUuid = new.contactUuid
$updates$); $updates$);
--// --//
-- ============================================================================ -- ============================================================================
--changeset RbacRbacSystemRebuildGenerator:hs-office-relation-rbac-rebuild endDelimiter:--// --changeset RbacRbacSystemRebuildGenerator:hs-office-relation-rbac-rebuild runOnChange:true validCheckSum:ANY endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
-- HOWTO: Rebuild RBAC-system for table hs_office.relation after changing its RBAC specification. -- HOWTO: Rebuild RBAC-system for table hs_office.relation after changing its RBAC specification.
@ -305,3 +309,17 @@ END;
$$; $$;
--// --//
-- ============================================================================
--changeset RbacRbacSystemRebuildGenerator:hs-office-relation-rbac-actually-rebuild runOnChange:true validCheckSum:ANY endDelimiter:--//
-- ----------------------------------------------------------------------------
begin transaction;
call base.defineContext(
're-creating RBAC for table hs_office.relation',
null,
'superuser-alex@hostsharing.net' -- FIXME: use env-var
);
call hs_office.relation_rebuild_rbac_system();
commit;
--//

12
src/main/resources/db/changelog/5-hs-office/504-partner/5043-hs-office-partner-rbac.sql
View File

@ -17,7 +17,7 @@ call rbac.generateRbacRoleDescriptors('hs_office.partner');
-- ============================================================================ -- ============================================================================
--changeset RolesGrantsAndPermissionsGenerator:hs-office-partner-rbac-insert-trigger endDelimiter:--// --changeset RolesGrantsAndPermissionsGenerator:hs-office-partner-rbac-insert-trigger runOnChange:true validCheckSum:ANY endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
/* /*
@ -65,7 +65,7 @@ begin
return NEW; return NEW;
end; $$; end; $$;
create trigger build_rbac_system_after_insert_tg create or replace trigger build_rbac_system_after_insert_tg
after insert on hs_office.partner after insert on hs_office.partner
for each row for each row
execute procedure hs_office.partner_build_rbac_system_after_insert_tf(); execute procedure hs_office.partner_build_rbac_system_after_insert_tf();
@ -73,7 +73,7 @@ execute procedure hs_office.partner_build_rbac_system_after_insert_tf();
-- ============================================================================ -- ============================================================================
--changeset RolesGrantsAndPermissionsGenerator:hs-office-partner-rbac-update-trigger endDelimiter:--// --changeset RolesGrantsAndPermissionsGenerator:hs-office-partner-rbac-update-trigger runOnChange:true validCheckSum:ANY endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
/* /*
@ -146,7 +146,7 @@ begin
return NEW; return NEW;
end; $$; end; $$;
create trigger update_rbac_system_after_update_tg create or replace trigger update_rbac_system_after_update_tg
after update on hs_office.partner after update on hs_office.partner
for each row for each row
execute procedure hs_office.partner_update_rbac_system_after_update_tf(); execute procedure hs_office.partner_update_rbac_system_after_update_tf();
@ -242,7 +242,7 @@ call rbac.generateRbacIdentityViewFromProjection('hs_office.partner',
-- ============================================================================ -- ============================================================================
--changeset RbacRestrictedViewGenerator:hs-office-partner-rbac-RESTRICTED-VIEW endDelimiter:--// --changeset RbacRestrictedViewGenerator:hs-office-partner-rbac-RESTRICTED-VIEW runOnChange:true validCheckSum:ANY endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call rbac.generateRbacRestrictedView('hs_office.partner', call rbac.generateRbacRestrictedView('hs_office.partner',
$orderBy$ $orderBy$
@ -255,7 +255,7 @@ call rbac.generateRbacRestrictedView('hs_office.partner',
-- ============================================================================ -- ============================================================================
--changeset RbacRbacSystemRebuildGenerator:hs-office-partner-rbac-rebuild endDelimiter:--// --changeset RbacRbacSystemRebuildGenerator:hs-office-partner-rbac-rebuild runOnChange:true validCheckSum:ANY endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
-- HOWTO: Rebuild RBAC-system for table hs_office.partner after changing its RBAC specification. -- HOWTO: Rebuild RBAC-system for table hs_office.partner after changing its RBAC specification.

8
src/main/resources/db/changelog/5-hs-office/504-partner/5044-hs-office-partner-details-rbac.sql
View File

@ -17,7 +17,7 @@ call rbac.generateRbacRoleDescriptors('hs_office.partner_details');
-- ============================================================================ -- ============================================================================
--changeset RolesGrantsAndPermissionsGenerator:hs-office-partner-details-rbac-insert-trigger endDelimiter:--// --changeset RolesGrantsAndPermissionsGenerator:hs-office-partner-details-rbac-insert-trigger runOnChange:true validCheckSum:ANY endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
/* /*
@ -50,7 +50,7 @@ begin
return NEW; return NEW;
end; $$; end; $$;
create trigger build_rbac_system_after_insert_tg create or replace trigger build_rbac_system_after_insert_tg
after insert on hs_office.partner_details after insert on hs_office.partner_details
for each row for each row
execute procedure hs_office.partner_details_build_rbac_system_after_insert_tf(); execute procedure hs_office.partner_details_build_rbac_system_after_insert_tf();
@ -149,7 +149,7 @@ call rbac.generateRbacIdentityViewFromQuery('hs_office.partner_details',
-- ============================================================================ -- ============================================================================
--changeset RbacRestrictedViewGenerator:hs-office-partner-details-rbac-RESTRICTED-VIEW endDelimiter:--// --changeset RbacRestrictedViewGenerator:hs-office-partner-details-rbac-RESTRICTED-VIEW runOnChange:true validCheckSum:ANY endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call rbac.generateRbacRestrictedView('hs_office.partner_details', call rbac.generateRbacRestrictedView('hs_office.partner_details',
$orderBy$ $orderBy$
@ -167,7 +167,7 @@ call rbac.generateRbacRestrictedView('hs_office.partner_details',
-- ============================================================================ -- ============================================================================
--changeset RbacRbacSystemRebuildGenerator:hs-office-partner-details-rbac-rebuild endDelimiter:--// --changeset RbacRbacSystemRebuildGenerator:hs-office-partner-details-rbac-rebuild runOnChange:true validCheckSum:ANY endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
-- HOWTO: Rebuild RBAC-system for table hs_office.partner_details after changing its RBAC specification. -- HOWTO: Rebuild RBAC-system for table hs_office.partner_details after changing its RBAC specification.

8
src/main/resources/db/changelog/5-hs-office/505-bankaccount/5053-hs-office-bankaccount-rbac.sql
View File

@ -17,7 +17,7 @@ call rbac.generateRbacRoleDescriptors('hs_office.bankaccount');
-- ============================================================================ -- ============================================================================
--changeset RolesGrantsAndPermissionsGenerator:hs-office-bankaccount-rbac-insert-trigger endDelimiter:--// --changeset RolesGrantsAndPermissionsGenerator:hs-office-bankaccount-rbac-insert-trigger runOnChange:true validCheckSum:ANY endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
/* /*
@ -69,7 +69,7 @@ begin
return NEW; return NEW;
end; $$; end; $$;
create trigger build_rbac_system_after_insert_tg create or replace trigger build_rbac_system_after_insert_tg
after insert on hs_office.bankaccount after insert on hs_office.bankaccount
for each row for each row
execute procedure hs_office.bankaccount_build_rbac_system_after_insert_tf(); execute procedure hs_office.bankaccount_build_rbac_system_after_insert_tf();
@ -88,7 +88,7 @@ call rbac.generateRbacIdentityViewFromProjection('hs_office.bankaccount',
-- ============================================================================ -- ============================================================================
--changeset RbacRestrictedViewGenerator:hs-office-bankaccount-rbac-RESTRICTED-VIEW endDelimiter:--// --changeset RbacRestrictedViewGenerator:hs-office-bankaccount-rbac-RESTRICTED-VIEW runOnChange:true validCheckSum:ANY endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call rbac.generateRbacRestrictedView('hs_office.bankaccount', call rbac.generateRbacRestrictedView('hs_office.bankaccount',
$orderBy$ $orderBy$
@ -103,7 +103,7 @@ call rbac.generateRbacRestrictedView('hs_office.bankaccount',
-- ============================================================================ -- ============================================================================
--changeset RbacRbacSystemRebuildGenerator:hs-office-bankaccount-rbac-rebuild endDelimiter:--// --changeset RbacRbacSystemRebuildGenerator:hs-office-bankaccount-rbac-rebuild runOnChange:true validCheckSum:ANY endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
-- HOWTO: Rebuild RBAC-system for table hs_office.bankaccount after changing its RBAC specification. -- HOWTO: Rebuild RBAC-system for table hs_office.bankaccount after changing its RBAC specification.

12
src/main/resources/db/changelog/5-hs-office/506-debitor/5063-hs-office-debitor-rbac.sql
View File

@ -17,7 +17,7 @@ call rbac.generateRbacRoleDescriptors('hs_office.debitor');
-- ============================================================================ -- ============================================================================
--changeset RolesGrantsAndPermissionsGenerator:hs-office-debitor-rbac-insert-trigger endDelimiter:--// --changeset RolesGrantsAndPermissionsGenerator:hs-office-debitor-rbac-insert-trigger runOnChange:true validCheckSum:ANY endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
/* /*
@ -77,7 +77,7 @@ begin
return NEW; return NEW;
end; $$; end; $$;
create trigger build_rbac_system_after_insert_tg create or replace trigger build_rbac_system_after_insert_tg
after insert on hs_office.debitor after insert on hs_office.debitor
for each row for each row
execute procedure hs_office.debitor_build_rbac_system_after_insert_tf(); execute procedure hs_office.debitor_build_rbac_system_after_insert_tf();
@ -85,7 +85,7 @@ execute procedure hs_office.debitor_build_rbac_system_after_insert_tf();
-- ============================================================================ -- ============================================================================
--changeset RolesGrantsAndPermissionsGenerator:hs-office-debitor-rbac-update-trigger endDelimiter:--// --changeset RolesGrantsAndPermissionsGenerator:hs-office-debitor-rbac-update-trigger runOnChange:true validCheckSum:ANY endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
/* /*
@ -119,7 +119,7 @@ begin
return NEW; return NEW;
end; $$; end; $$;
create trigger update_rbac_system_after_update_tg create or replace trigger update_rbac_system_after_update_tg
after update on hs_office.debitor after update on hs_office.debitor
for each row for each row
execute procedure hs_office.debitor_update_rbac_system_after_update_tf(); execute procedure hs_office.debitor_update_rbac_system_after_update_tf();
@ -224,7 +224,7 @@ call rbac.generateRbacIdentityViewFromQuery('hs_office.debitor',
-- ============================================================================ -- ============================================================================
--changeset RbacRestrictedViewGenerator:hs-office-debitor-rbac-RESTRICTED-VIEW endDelimiter:--// --changeset RbacRestrictedViewGenerator:hs-office-debitor-rbac-RESTRICTED-VIEW runOnChange:true validCheckSum:ANY endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call rbac.generateRbacRestrictedView('hs_office.debitor', call rbac.generateRbacRestrictedView('hs_office.debitor',
$orderBy$ $orderBy$
@ -244,7 +244,7 @@ call rbac.generateRbacRestrictedView('hs_office.debitor',
-- ============================================================================ -- ============================================================================
--changeset RbacRbacSystemRebuildGenerator:hs-office-debitor-rbac-rebuild endDelimiter:--// --changeset RbacRbacSystemRebuildGenerator:hs-office-debitor-rbac-rebuild runOnChange:true validCheckSum:ANY endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
-- HOWTO: Rebuild RBAC-system for table hs_office.debitor after changing its RBAC specification. -- HOWTO: Rebuild RBAC-system for table hs_office.debitor after changing its RBAC specification.

8
src/main/resources/db/changelog/5-hs-office/507-sepamandate/5073-hs-office-sepamandate-rbac.sql
View File

@ -17,7 +17,7 @@ call rbac.generateRbacRoleDescriptors('hs_office.sepamandate');
-- ============================================================================ -- ============================================================================
--changeset RolesGrantsAndPermissionsGenerator:hs-office-sepamandate-rbac-insert-trigger endDelimiter:--// --changeset RolesGrantsAndPermissionsGenerator:hs-office-sepamandate-rbac-insert-trigger runOnChange:true validCheckSum:ANY endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
/* /*
@ -94,7 +94,7 @@ begin
return NEW; return NEW;
end; $$; end; $$;
create trigger build_rbac_system_after_insert_tg create or replace trigger build_rbac_system_after_insert_tg
after insert on hs_office.sepamandate after insert on hs_office.sepamandate
for each row for each row
execute procedure hs_office.sepamandate_build_rbac_system_after_insert_tf(); execute procedure hs_office.sepamandate_build_rbac_system_after_insert_tf();
@ -198,7 +198,7 @@ call rbac.generateRbacIdentityViewFromQuery('hs_office.sepamandate',
-- ============================================================================ -- ============================================================================
--changeset RbacRestrictedViewGenerator:hs-office-sepamandate-rbac-RESTRICTED-VIEW endDelimiter:--// --changeset RbacRestrictedViewGenerator:hs-office-sepamandate-rbac-RESTRICTED-VIEW runOnChange:true validCheckSum:ANY endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call rbac.generateRbacRestrictedView('hs_office.sepamandate', call rbac.generateRbacRestrictedView('hs_office.sepamandate',
$orderBy$ $orderBy$
@ -213,7 +213,7 @@ call rbac.generateRbacRestrictedView('hs_office.sepamandate',
-- ============================================================================ -- ============================================================================
--changeset RbacRbacSystemRebuildGenerator:hs-office-sepamandate-rbac-rebuild endDelimiter:--// --changeset RbacRbacSystemRebuildGenerator:hs-office-sepamandate-rbac-rebuild runOnChange:true validCheckSum:ANY endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
-- HOWTO: Rebuild RBAC-system for table hs_office.sepamandate after changing its RBAC specification. -- HOWTO: Rebuild RBAC-system for table hs_office.sepamandate after changing its RBAC specification.

8
src/main/resources/db/changelog/5-hs-office/510-membership/5103-hs-office-membership-rbac.sql
View File

@ -17,7 +17,7 @@ call rbac.generateRbacRoleDescriptors('hs_office.membership');
-- ============================================================================ -- ============================================================================
--changeset RolesGrantsAndPermissionsGenerator:hs-office-membership-rbac-insert-trigger endDelimiter:--// --changeset RolesGrantsAndPermissionsGenerator:hs-office-membership-rbac-insert-trigger runOnChange:true validCheckSum:ANY endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
/* /*
@ -81,7 +81,7 @@ begin
return NEW; return NEW;
end; $$; end; $$;
create trigger build_rbac_system_after_insert_tg create or replace trigger build_rbac_system_after_insert_tg
after insert on hs_office.membership after insert on hs_office.membership
for each row for each row
execute procedure hs_office.membership_build_rbac_system_after_insert_tf(); execute procedure hs_office.membership_build_rbac_system_after_insert_tf();
@ -180,7 +180,7 @@ call rbac.generateRbacIdentityViewFromQuery('hs_office.membership',
-- ============================================================================ -- ============================================================================
--changeset RbacRestrictedViewGenerator:hs-office-membership-rbac-RESTRICTED-VIEW endDelimiter:--// --changeset RbacRestrictedViewGenerator:hs-office-membership-rbac-RESTRICTED-VIEW runOnChange:true validCheckSum:ANY endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call rbac.generateRbacRestrictedView('hs_office.membership', call rbac.generateRbacRestrictedView('hs_office.membership',
$orderBy$ $orderBy$
@ -195,7 +195,7 @@ call rbac.generateRbacRestrictedView('hs_office.membership',
-- ============================================================================ -- ============================================================================
--changeset RbacRbacSystemRebuildGenerator:hs-office-membership-rbac-rebuild endDelimiter:--// --changeset RbacRbacSystemRebuildGenerator:hs-office-membership-rbac-rebuild runOnChange:true validCheckSum:ANY endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
-- HOWTO: Rebuild RBAC-system for table hs_office.membership after changing its RBAC specification. -- HOWTO: Rebuild RBAC-system for table hs_office.membership after changing its RBAC specification.

30
src/main/resources/db/changelog/5-hs-office/510-membership/5108-hs-office-membership-test-data.sql
View File

@ -2,7 +2,7 @@
-- ============================================================================ -- ============================================================================
--changeset michael.hoennig:hs-office-membership-TEST-DATA-GENERATOR endDelimiter:--// --changeset michael.hoennig:hs-office-membership-TEST-DATA-GENERATOR runOnChange:true validCheckSum:ANY endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
/* /*
@ -11,7 +11,8 @@
create or replace procedure hs_office.membership_create_test_data( create or replace procedure hs_office.membership_create_test_data(
forPartnerNumber numeric(5), forPartnerNumber numeric(5),
newMemberNumberSuffix char(2), newMemberNumberSuffix char(2),
validity daterange) newValidity daterange,
newStatus hs_office.HsOfficeMembershipStatus)
language plpgsql as $$ language plpgsql as $$
declare declare
relatedPartner hs_office.partner; relatedPartner hs_office.partner;
@ -21,24 +22,35 @@ begin
raise notice 'creating test Membership: M-% %', forPartnerNumber, newMemberNumberSuffix; raise notice 'creating test Membership: M-% %', forPartnerNumber, newMemberNumberSuffix;
raise notice '- using partner (%): %', relatedPartner.uuid, relatedPartner; raise notice '- using partner (%): %', relatedPartner.uuid, relatedPartner;
insert if not exists (select true
into hs_office.membership (uuid, partneruuid, memberNumberSuffix, validity, status) from hs_office.membership
values (uuid_generate_v4(), relatedPartner.uuid, newMemberNumberSuffix, validity, 'ACTIVE'); where partneruuid = relatedPartner.uuid and memberNumberSuffix = newMemberNumberSuffix)
then
insert into hs_office.membership (uuid, partneruuid, memberNumberSuffix, validity, status)
values (uuid_generate_v4(), relatedPartner.uuid, newMemberNumberSuffix,
newValidity, newStatus);
else
update hs_office.membership
set memberNumberSuffix = newMemberNumberSuffix,
validity = newValidity,
status = newStatus
where partneruuid = relatedPartner.uuid;
end if;
end; $$; end; $$;
--// --//
-- ============================================================================ -- ============================================================================
--changeset michael.hoennig:hs-office-membership-TEST-DATA-GENERATION context:!without-test-data endDelimiter:--// --changeset michael.hoennig:hs-office-membership-TEST-DATA-GENERATION runOnChange:true validCheckSum:ANY context:!without-test-data endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
do language plpgsql $$ do language plpgsql $$
begin begin
call base.defineContext('creating Membership test-data', null, 'superuser-alex@hostsharing.net', 'rbac.global#global:ADMIN'); call base.defineContext('creating Membership test-data', null, 'superuser-alex@hostsharing.net', 'rbac.global#global:ADMIN');
call hs_office.membership_create_test_data(10001, '01', daterange('20221001' , '20241231', '[)')); call hs_office.membership_create_test_data(10001, '01', daterange('20221001' , '20241231', '[)'), 'CANCELLED');
call hs_office.membership_create_test_data(10002, '02', daterange('20221001' , '20251231', '[]')); call hs_office.membership_create_test_data(10002, '02', daterange('20221001' , '20251231', '[]'), 'CANCELLED');
call hs_office.membership_create_test_data(10003, '03', daterange('20221001' , null, '[]')); call hs_office.membership_create_test_data(10003, '03', daterange('20221001' , null, '[]'), 'ACTIVE');
end; end;
$$; $$;
--// --//

8
src/main/resources/db/changelog/5-hs-office/511-coopshares/5113-hs-office-coopshares-rbac.sql
View File

@ -17,7 +17,7 @@ call rbac.generateRbacRoleDescriptors('hs_office.coopsharetx');
-- ============================================================================ -- ============================================================================
--changeset RolesGrantsAndPermissionsGenerator:hs-office-coopsharetx-rbac-insert-trigger endDelimiter:--// --changeset RolesGrantsAndPermissionsGenerator:hs-office-coopsharetx-rbac-insert-trigger runOnChange:true validCheckSum:ANY endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
/* /*
@ -57,7 +57,7 @@ begin
return NEW; return NEW;
end; $$; end; $$;
create trigger build_rbac_system_after_insert_tg create or replace trigger build_rbac_system_after_insert_tg
after insert on hs_office.coopsharetx after insert on hs_office.coopsharetx
for each row for each row
execute procedure hs_office.coopsharetx_build_rbac_system_after_insert_tf(); execute procedure hs_office.coopsharetx_build_rbac_system_after_insert_tf();
@ -153,7 +153,7 @@ call rbac.generateRbacIdentityViewFromProjection('hs_office.coopsharetx',
-- ============================================================================ -- ============================================================================
--changeset RbacRestrictedViewGenerator:hs-office-coopsharetx-rbac-RESTRICTED-VIEW endDelimiter:--// --changeset RbacRestrictedViewGenerator:hs-office-coopsharetx-rbac-RESTRICTED-VIEW runOnChange:true validCheckSum:ANY endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call rbac.generateRbacRestrictedView('hs_office.coopsharetx', call rbac.generateRbacRestrictedView('hs_office.coopsharetx',
$orderBy$ $orderBy$
@ -166,7 +166,7 @@ call rbac.generateRbacRestrictedView('hs_office.coopsharetx',
-- ============================================================================ -- ============================================================================
--changeset RbacRbacSystemRebuildGenerator:hs-office-coopsharetx-rbac-rebuild endDelimiter:--// --changeset RbacRbacSystemRebuildGenerator:hs-office-coopsharetx-rbac-rebuild runOnChange:true validCheckSum:ANY endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
-- HOWTO: Rebuild RBAC-system for table hs_office.coopsharetx after changing its RBAC specification. -- HOWTO: Rebuild RBAC-system for table hs_office.coopsharetx after changing its RBAC specification.

8
src/main/resources/db/changelog/5-hs-office/512-coopassets/5123-hs-office-coopassets-rbac.sql
View File

@ -17,7 +17,7 @@ call rbac.generateRbacRoleDescriptors('hs_office.coopassettx');
-- ============================================================================ -- ============================================================================
--changeset RolesGrantsAndPermissionsGenerator:hs-office-coopassettx-rbac-insert-trigger endDelimiter:--// --changeset RolesGrantsAndPermissionsGenerator:hs-office-coopassettx-rbac-insert-trigger runOnChange:true validCheckSum:ANY endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
/* /*
@ -57,7 +57,7 @@ begin
return NEW; return NEW;
end; $$; end; $$;
create trigger build_rbac_system_after_insert_tg create or replace trigger build_rbac_system_after_insert_tg
after insert on hs_office.coopassettx after insert on hs_office.coopassettx
for each row for each row
execute procedure hs_office.coopassettx_build_rbac_system_after_insert_tf(); execute procedure hs_office.coopassettx_build_rbac_system_after_insert_tf();
@ -153,7 +153,7 @@ call rbac.generateRbacIdentityViewFromProjection('hs_office.coopassettx',
-- ============================================================================ -- ============================================================================
--changeset RbacRestrictedViewGenerator:hs-office-coopassettx-rbac-RESTRICTED-VIEW endDelimiter:--// --changeset RbacRestrictedViewGenerator:hs-office-coopassettx-rbac-RESTRICTED-VIEW runOnChange:true validCheckSum:ANY endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call rbac.generateRbacRestrictedView('hs_office.coopassettx', call rbac.generateRbacRestrictedView('hs_office.coopassettx',
$orderBy$ $orderBy$
@ -166,7 +166,7 @@ call rbac.generateRbacRestrictedView('hs_office.coopassettx',
-- ============================================================================ -- ============================================================================
--changeset RbacRbacSystemRebuildGenerator:hs-office-coopassettx-rbac-rebuild endDelimiter:--// --changeset RbacRbacSystemRebuildGenerator:hs-office-coopassettx-rbac-rebuild runOnChange:true validCheckSum:ANY endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
-- HOWTO: Rebuild RBAC-system for table hs_office.coopassettx after changing its RBAC specification. -- HOWTO: Rebuild RBAC-system for table hs_office.coopassettx after changing its RBAC specification.

8
src/main/resources/db/changelog/6-hs-booking/620-booking-project/6203-hs-booking-project-rbac.sql
View File

@ -17,7 +17,7 @@ call rbac.generateRbacRoleDescriptors('hs_booking.project');
-- ============================================================================ -- ============================================================================
--changeset RolesGrantsAndPermissionsGenerator:hs-booking-project-rbac-insert-trigger endDelimiter:--// --changeset RolesGrantsAndPermissionsGenerator:hs-booking-project-rbac-insert-trigger runOnChange:true validCheckSum:ANY endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
/* /*
@ -88,7 +88,7 @@ begin
return NEW; return NEW;
end; $$; end; $$;
create trigger build_rbac_system_after_insert_tg create or replace trigger build_rbac_system_after_insert_tg
after insert on hs_booking.project after insert on hs_booking.project
for each row for each row
execute procedure hs_booking.project_build_rbac_system_after_insert_tf(); execute procedure hs_booking.project_build_rbac_system_after_insert_tf();
@ -192,7 +192,7 @@ call rbac.generateRbacIdentityViewFromQuery('hs_booking.project',
-- ============================================================================ -- ============================================================================
--changeset RbacRestrictedViewGenerator:hs-booking-project-rbac-RESTRICTED-VIEW endDelimiter:--// --changeset RbacRestrictedViewGenerator:hs-booking-project-rbac-RESTRICTED-VIEW runOnChange:true validCheckSum:ANY endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call rbac.generateRbacRestrictedView('hs_booking.project', call rbac.generateRbacRestrictedView('hs_booking.project',
$orderBy$ $orderBy$
@ -206,7 +206,7 @@ call rbac.generateRbacRestrictedView('hs_booking.project',
-- ============================================================================ -- ============================================================================
--changeset RbacRbacSystemRebuildGenerator:hs-booking-project-rbac-rebuild endDelimiter:--// --changeset RbacRbacSystemRebuildGenerator:hs-booking-project-rbac-rebuild runOnChange:true validCheckSum:ANY endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
-- HOWTO: Rebuild RBAC-system for table hs_booking.project after changing its RBAC specification. -- HOWTO: Rebuild RBAC-system for table hs_booking.project after changing its RBAC specification.

8
src/main/resources/db/changelog/6-hs-booking/630-booking-item/6303-hs-booking-item-rbac.sql
View File

@ -17,7 +17,7 @@ call rbac.generateRbacRoleDescriptors('hs_booking.item');
-- ============================================================================ -- ============================================================================
--changeset RolesGrantsAndPermissionsGenerator:hs-booking-item-rbac-insert-trigger endDelimiter:--// --changeset RolesGrantsAndPermissionsGenerator:hs-booking-item-rbac-insert-trigger runOnChange:true validCheckSum:ANY endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
/* /*
@ -87,7 +87,7 @@ begin
return NEW; return NEW;
end; $$; end; $$;
create trigger build_rbac_system_after_insert_tg create or replace trigger build_rbac_system_after_insert_tg
after insert on hs_booking.item after insert on hs_booking.item
for each row for each row
execute procedure hs_booking.item_build_rbac_system_after_insert_tf(); execute procedure hs_booking.item_build_rbac_system_after_insert_tf();
@ -261,7 +261,7 @@ call rbac.generateRbacIdentityViewFromProjection('hs_booking.item',
-- ============================================================================ -- ============================================================================
--changeset RbacRestrictedViewGenerator:hs-booking-item-rbac-RESTRICTED-VIEW endDelimiter:--// --changeset RbacRestrictedViewGenerator:hs-booking-item-rbac-RESTRICTED-VIEW runOnChange:true validCheckSum:ANY endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call rbac.generateRbacRestrictedView('hs_booking.item', call rbac.generateRbacRestrictedView('hs_booking.item',
$orderBy$ $orderBy$
@ -277,7 +277,7 @@ call rbac.generateRbacRestrictedView('hs_booking.item',
-- ============================================================================ -- ============================================================================
--changeset RbacRbacSystemRebuildGenerator:hs-booking-item-rbac-rebuild endDelimiter:--// --changeset RbacRbacSystemRebuildGenerator:hs-booking-item-rbac-rebuild runOnChange:true validCheckSum:ANY endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
-- HOWTO: Rebuild RBAC-system for table hs_booking.item after changing its RBAC specification. -- HOWTO: Rebuild RBAC-system for table hs_booking.item after changing its RBAC specification.

12
src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7013-hs-hosting-asset-rbac.sql
View File

@ -17,7 +17,7 @@ call rbac.generateRbacRoleDescriptors('hs_hosting.asset');
-- ============================================================================ -- ============================================================================
--changeset RolesGrantsAndPermissionsGenerator:hs-hosting-asset-rbac-insert-trigger endDelimiter:--// --changeset RolesGrantsAndPermissionsGenerator:hs-hosting-asset-rbac-insert-trigger runOnChange:true validCheckSum:ANY endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
/* /*
@ -105,7 +105,7 @@ begin
return NEW; return NEW;
end; $$; end; $$;
create trigger build_rbac_system_after_insert_tg create or replace trigger build_rbac_system_after_insert_tg
after insert on hs_hosting.asset after insert on hs_hosting.asset
for each row for each row
execute procedure hs_hosting.asset_build_rbac_system_after_insert_tf(); execute procedure hs_hosting.asset_build_rbac_system_after_insert_tf();
@ -113,7 +113,7 @@ execute procedure hs_hosting.asset_build_rbac_system_after_insert_tf();
-- ============================================================================ -- ============================================================================
--changeset RolesGrantsAndPermissionsGenerator:hs-hosting-asset-rbac-update-trigger endDelimiter:--// --changeset RolesGrantsAndPermissionsGenerator:hs-hosting-asset-rbac-update-trigger runOnChange:true validCheckSum:ANY endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
/* /*
@ -147,7 +147,7 @@ begin
return NEW; return NEW;
end; $$; end; $$;
create trigger update_rbac_system_after_update_tg create or replace trigger update_rbac_system_after_update_tg
after update on hs_hosting.asset after update on hs_hosting.asset
for each row for each row
execute procedure hs_hosting.asset_update_rbac_system_after_update_tf(); execute procedure hs_hosting.asset_update_rbac_system_after_update_tf();
@ -166,7 +166,7 @@ call rbac.generateRbacIdentityViewFromProjection('hs_hosting.asset',
-- ============================================================================ -- ============================================================================
--changeset RbacRestrictedViewGenerator:hs-hosting-asset-rbac-RESTRICTED-VIEW endDelimiter:--// --changeset RbacRestrictedViewGenerator:hs-hosting-asset-rbac-RESTRICTED-VIEW runOnChange:true validCheckSum:ANY endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call rbac.generateRbacRestrictedView('hs_hosting.asset', call rbac.generateRbacRestrictedView('hs_hosting.asset',
$orderBy$ $orderBy$
@ -183,7 +183,7 @@ call rbac.generateRbacRestrictedView('hs_hosting.asset',
-- ============================================================================ -- ============================================================================
--changeset RbacRbacSystemRebuildGenerator:hs-hosting-asset-rbac-rebuild endDelimiter:--// --changeset RbacRbacSystemRebuildGenerator:hs-hosting-asset-rbac-rebuild runOnChange:true validCheckSum:ANY endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
-- HOWTO: Rebuild RBAC-system for table hs_hosting.asset after changing its RBAC specification. -- HOWTO: Rebuild RBAC-system for table hs_hosting.asset after changing its RBAC specification.

1
src/test/java/net/hostsharing/hsadminng/hs/migration/LiquibaseCompatibilityIntegrationTest.java
View File

@ -37,6 +37,7 @@ import static org.springframework.test.context.jdbc.Sql.ExecutionPhase.BEFORE_TE
@Tag("officeIntegrationTest") @Tag("officeIntegrationTest")
@DataJpaTest(properties = { @DataJpaTest(properties = {
"spring.datasource.url=jdbc:tc:postgresql:15.5-bookworm:///liquibaseMigrationTestTC", "spring.datasource.url=jdbc:tc:postgresql:15.5-bookworm:///liquibaseMigrationTestTC",
"hsadminng.superuser=${HSADMINNG_SUPERUSER:import-superuser@hostsharing.net}",
"spring.liquibase.enabled=false" // @Sql should go first, Liquibase will be initialized programmatically "spring.liquibase.enabled=false" // @Sql should go first, Liquibase will be initialized programmatically
}) })
@DirtiesContext @DirtiesContext

12
src/test/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipControllerAcceptanceTest.java
View File

@ -87,7 +87,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle
"memberNumberSuffix": "01", "memberNumberSuffix": "01",
"validFrom": "2022-10-01", "validFrom": "2022-10-01",
"validTo": "2024-12-30", "validTo": "2024-12-30",
"status": "ACTIVE" "status": "CANCELLED"
}, },
{ {
"partner": { "partnerNumber": "P-10002" }, "partner": { "partnerNumber": "P-10002" },
@ -95,7 +95,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle
"memberNumberSuffix": "02", "memberNumberSuffix": "02",
"validFrom": "2022-10-01", "validFrom": "2022-10-01",
"validTo": "2025-12-31", "validTo": "2025-12-31",
"status": "ACTIVE" "status": "CANCELLED"
}, },
{ {
"partner": { "partnerNumber": "P-10003" }, "partner": { "partnerNumber": "P-10003" },
@ -134,7 +134,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle
"memberNumberSuffix": "01", "memberNumberSuffix": "01",
"validFrom": "2022-10-01", "validFrom": "2022-10-01",
"validTo": "2024-12-30", "validTo": "2024-12-30",
"status": "ACTIVE" "status": "CANCELLED"
} }
] ]
""")); """));
@ -162,7 +162,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle
"memberNumberSuffix": "02", "memberNumberSuffix": "02",
"validFrom": "2022-10-01", "validFrom": "2022-10-01",
"validTo": "2025-12-31", "validTo": "2025-12-31",
"status": "ACTIVE" "status": "CANCELLED"
} }
] ]
""")); """));
@ -240,7 +240,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle
"memberNumberSuffix": "01", "memberNumberSuffix": "01",
"validFrom": "2022-10-01", "validFrom": "2022-10-01",
"validTo": "2024-12-30", "validTo": "2024-12-30",
"status": "ACTIVE" "status": "CANCELLED"
} }
""")); // @formatter:on """)); // @formatter:on
} }
@ -326,7 +326,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle
.matches(mandate -> { .matches(mandate -> {
assertThat(mandate.getPartner().toShortString()).isEqualTo("P-10001"); assertThat(mandate.getPartner().toShortString()).isEqualTo("P-10001");
assertThat(mandate.getMemberNumberSuffix()).isEqualTo(givenMembership.getMemberNumberSuffix()); assertThat(mandate.getMemberNumberSuffix()).isEqualTo(givenMembership.getMemberNumberSuffix());
assertThat(mandate.getValidity().asString()).isEqualTo("[2022-11-01,2026-01-01)"); assertThat(mandate.getValidity().asString()).isEqualTo("[2025-02-01,2026-01-01)");
assertThat(mandate.getStatus()).isEqualTo(CANCELLED); assertThat(mandate.getStatus()).isEqualTo(CANCELLED);
return true; return true;
}); });

12
src/test/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipRepositoryIntegrationTest.java
View File

@ -191,8 +191,8 @@ class HsOfficeMembershipRepositoryIntegrationTest extends ContextBasedTestWithCl
// then // then
exactlyTheseMembershipsAreReturned( exactlyTheseMembershipsAreReturned(
result, result,
"Membership(M-1000101, P-10001, [2022-10-01,2024-12-31), ACTIVE)", "Membership(M-1000101, P-10001, [2022-10-01,2024-12-31), CANCELLED)",
"Membership(M-1000202, P-10002, [2022-10-01,2026-01-01), ACTIVE)", "Membership(M-1000202, P-10002, [2022-10-01,2026-01-01), CANCELLED)",
"Membership(M-1000303, P-10003, [2022-10-01,), ACTIVE)"); "Membership(M-1000303, P-10003, [2022-10-01,), ACTIVE)");
} }
@ -208,7 +208,7 @@ class HsOfficeMembershipRepositoryIntegrationTest extends ContextBasedTestWithCl
// then // then
exactlyTheseMembershipsAreReturned( exactlyTheseMembershipsAreReturned(
result, result,
"Membership(M-1000101, P-10001, [2022-10-01,2024-12-31), ACTIVE)"); "Membership(M-1000101, P-10001, [2022-10-01,2024-12-31), CANCELLED)");
} }
@Test @Test
@ -223,7 +223,7 @@ class HsOfficeMembershipRepositoryIntegrationTest extends ContextBasedTestWithCl
assertThat(result) assertThat(result)
.isNotNull() .isNotNull()
.extracting(Object::toString) .extracting(Object::toString)
.isEqualTo("Membership(M-1000202, P-10002, [2022-10-01,2026-01-01), ACTIVE)"); .isEqualTo("Membership(M-1000202, P-10002, [2022-10-01,2026-01-01), CANCELLED)");
} }
@Test @Test
@ -238,7 +238,7 @@ class HsOfficeMembershipRepositoryIntegrationTest extends ContextBasedTestWithCl
assertThat(result) assertThat(result)
.isNotNull() .isNotNull()
.extracting(Object::toString) .extracting(Object::toString)
.isEqualTo("Membership(M-1000202, P-10002, [2022-10-01,2026-01-01), ACTIVE)"); .isEqualTo("Membership(M-1000202, P-10002, [2022-10-01,2026-01-01), CANCELLED)");
} }
@Test @Test
@ -252,7 +252,7 @@ class HsOfficeMembershipRepositoryIntegrationTest extends ContextBasedTestWithCl
// then // then
exactlyTheseMembershipsAreReturned( exactlyTheseMembershipsAreReturned(
result, result,
"Membership(M-1000202, P-10002, [2022-10-01,2026-01-01), ACTIVE)"); "Membership(M-1000202, P-10002, [2022-10-01,2026-01-01), CANCELLED)");
} }
} }

6
src/test/java/net/hostsharing/hsadminng/hs/office/partner/HsOfficePartnerControllerAcceptanceTest.java
View File

@ -411,10 +411,10 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu
}); });
// and an ex-partner-relation got created // and an ex-partner-relation got created
final var anchorpartnerPersonUUid = givenPartner.getPartnerRel().getAnchor().getUuid(); final var newPartnerPersonUuid = givenPartner.getPartnerRel().getHolder().getUuid();
assertThat(relationRepo.findRelationRelatedToPersonUuidRelationTypeMarkPersonAndContactData(anchorpartnerPersonUUid, EX_PARTNER, null, null, null)) assertThat(relationRepo.findRelationRelatedToPersonUuidRelationTypeMarkPersonAndContactData(newPartnerPersonUuid, EX_PARTNER, null, null, null))
.map(HsOfficeRelation::toShortString) .map(HsOfficeRelation::toShortString)
.contains("rel(anchor='LP Hostsharing eG', type='EX_PARTNER', holder='UF Erben Bessler')"); .contains("rel(anchor='NP Winkler, Paul', type='EX_PARTNER', holder='UF Erben Bessler')");
} }
@Test @Test

46
src/test/java/net/hostsharing/hsadminng/hs/office/relation/HsOfficeRelationRepositoryIntegrationTest.java
View File

@ -28,6 +28,7 @@ import static net.hostsharing.hsadminng.hs.office.person.HsOfficePersonType.NATU
import static net.hostsharing.hsadminng.hs.office.person.HsOfficePersonType.UNINCORPORATED_FIRM; import static net.hostsharing.hsadminng.hs.office.person.HsOfficePersonType.UNINCORPORATED_FIRM;
import static net.hostsharing.hsadminng.rbac.grant.RawRbacGrantEntity.distinctGrantDisplaysOf; import static net.hostsharing.hsadminng.rbac.grant.RawRbacGrantEntity.distinctGrantDisplaysOf;
import static net.hostsharing.hsadminng.rbac.role.RawRbacRoleEntity.distinctRoleNamesOf; import static net.hostsharing.hsadminng.rbac.role.RawRbacRoleEntity.distinctRoleNamesOf;
import static net.hostsharing.hsadminng.rbac.role.RbacRoleType.ADMIN;
import static net.hostsharing.hsadminng.rbac.test.JpaAttempt.attempt; import static net.hostsharing.hsadminng.rbac.test.JpaAttempt.attempt;
import static org.assertj.core.api.Assertions.assertThat; import static org.assertj.core.api.Assertions.assertThat;
@ -283,7 +284,44 @@ class HsOfficeRelationRepositoryIntegrationTest extends ContextBasedTestWithClea
result.returnedValue(), result.returnedValue(),
"hs_office.contact#fifthcontact:ADMIN"); "hs_office.contact#fifthcontact:ADMIN");
relationRbacRepo.deleteByUuid(givenRelation.getUuid()); // FIXME relationRbacRepo.deleteByUuid(givenRelation.getUuid());
}
@Test
public void hostsharingAdmin_withoutAssumedRole_canUpdateHolderOfArbitraryRelation() {
// given
context("superuser-alex@hostsharing.net");
final var givenRelation = givenSomeTemporaryRelationBessler(
"Bert", "fifth contact");
final var oldHolderPerson = givenRelation.getHolder();
final var newHolderPerson = personRepo.findPersonByOptionalNameLike("Paul").getFirst();
assertThatRelationActuallyInDatabase(givenRelation);
assertThatRelationIsVisibleForUserWithRole(
givenRelation,
givenRelation.getHolder().roleId(ADMIN));
// when
final var result = jpaAttempt.transacted(() -> {
context("superuser-alex@hostsharing.net");
givenRelation.setHolder(newHolderPerson);
return toCleanup(relationRbacRepo.save(givenRelation).load());
});
// then
result.assertSuccessful();
assertThat(result.returnedValue().getHolder().getGivenName()).isEqualTo("Paul");
assertThatRelationIsVisibleForUserWithRole(
result.returnedValue(),
"rbac.global#global:ADMIN");
assertThatRelationIsVisibleForUserWithRole(
result.returnedValue(),
newHolderPerson.roleId(ADMIN));
assertThatRelationIsNotVisibleForUserWithRole(
result.returnedValue(),
oldHolderPerson.roleId(ADMIN));
// FIXME: relationRbacRepo.deleteByUuid(givenRelation.getUuid());
} }
@Test @Test
@ -296,13 +334,17 @@ class HsOfficeRelationRepositoryIntegrationTest extends ContextBasedTestWithClea
givenRelation, givenRelation,
"hs_office.relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerAnita:AGENT"); "hs_office.relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerAnita:AGENT");
assertThatRelationActuallyInDatabase(givenRelation); assertThatRelationActuallyInDatabase(givenRelation);
final var givenContact = contactRealRepo.findContactByOptionalCaptionLike("sixth contact")
.stream()
.findFirst()
.orElseThrow();
// when // when
final var result = jpaAttempt.transacted(() -> { final var result = jpaAttempt.transacted(() -> {
context( context(
"superuser-alex@hostsharing.net", "superuser-alex@hostsharing.net",
"hs_office.relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerAnita:AGENT"); "hs_office.relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerAnita:AGENT");
givenRelation.setContact(null); givenRelation.setContact(givenContact);
return relationRbacRepo.save(givenRelation); return relationRbacRepo.save(givenRelation);
}); });

4
src/test/resources/db/released-only-office-schema-with-test-data.sql
View File

@ -12129,8 +12129,8 @@ INSERT INTO hs_office.debitor (uuid, version, debitornumbersuffix, debitorreluui
-- Data for Name: membership; Type: TABLE DATA; Schema: hs_office; Owner: postgres -- Data for Name: membership; Type: TABLE DATA; Schema: hs_office; Owner: postgres
-- --
INSERT INTO hs_office.membership (uuid, version, partneruuid, membernumbersuffix, validity, status, membershipfeebillable) VALUES ('4330e211-e36c-45ec-9332-f7593ff42811', 0, 'c27d1b0c-7e43-4b64-ae69-4317f51023ba', '01', '[2022-10-01,)', 'ACTIVE', true); INSERT INTO hs_office.membership (uuid, version, partneruuid, membernumbersuffix, validity, status, membershipfeebillable) VALUES ('4330e211-e36c-45ec-9332-f7593ff42811', 0, 'c27d1b0c-7e43-4b64-ae69-4317f51023ba', '01', '[2022-10-01,2025-01-01)', 'ACTIVE', true);
INSERT INTO hs_office.membership (uuid, version, partneruuid, membernumbersuffix, validity, status, membershipfeebillable) VALUES ('bed3c145-aa55-425f-9211-be9f5e9f4ebe', 0, '11583dae-da71-4786-a61d-d70f51ce988e', '02', '[2022-10-01,)', 'ACTIVE', true); INSERT INTO hs_office.membership (uuid, version, partneruuid, membernumbersuffix, validity, status, membershipfeebillable) VALUES ('bed3c145-aa55-425f-9211-be9f5e9f4ebe', 0, '11583dae-da71-4786-a61d-d70f51ce988e', '02', '[2022-10-01,2026-01-01)', 'ACTIVE', true);
INSERT INTO hs_office.membership (uuid, version, partneruuid, membernumbersuffix, validity, status, membershipfeebillable) VALUES ('a42d61c5-7dad-4379-9dd9-39a8d21ddc32', 0, '7fe704c0-2e54-463e-891e-533f0274da76', '03', '[2022-10-01,)', 'ACTIVE', true); INSERT INTO hs_office.membership (uuid, version, partneruuid, membernumbersuffix, validity, status, membershipfeebillable) VALUES ('a42d61c5-7dad-4379-9dd9-39a8d21ddc32', 0, '7fe704c0-2e54-463e-891e-533f0274da76', '03', '[2022-10-01,)', 'ACTIVE', true);