Compare commits
5 Commits
master
...
feature/up
| Author | SHA1 | Date | |
|---|---|---|---|
|
25bed710fb | ||
|
|
7a2b1b6280 | ||
|
|
4a2091770f | ||
|
|
52703d7b1d | ||
|
|
512035b5b4 |
2
.aliases
2
.aliases
@ -109,8 +109,10 @@ function _gwTest1() {
|
||||
echo "RUNNING gw $@"
|
||||
printf -- '-%0.s' {1..80}; echo
|
||||
./gradlew "$@"
|
||||
local buildResultCode=$?
|
||||
printf -- '-%0.s' {1..80}; echo
|
||||
echo "DONE gw $@"
|
||||
return $buildResultCode
|
||||
}
|
||||
function _gwTest() {
|
||||
. .aliases
|
||||
|
||||
@ -170,8 +170,9 @@ public class HsOfficePartnerController implements HsOfficePartnersApi {
|
||||
|
||||
private void optionallyCreateExPartnerRelation(final HsOfficePartnerRbacEntity saved, final HsOfficeRelationRealEntity previousPartnerRel) {
|
||||
if (!saved.getPartnerRel().getUuid().equals(previousPartnerRel.getUuid())) {
|
||||
// TODO.impl: we also need to use the new partner-person as the anchor
|
||||
relationRepo.save(previousPartnerRel.toBuilder().uuid(null).type(EX_PARTNER).build());
|
||||
relationRepo.save(previousPartnerRel.toBuilder().uuid(null)
|
||||
.type(EX_PARTNER).anchor(saved.getPartnerRel().getHolder())
|
||||
.build());
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -51,7 +51,7 @@ public class HsOfficeRelationRbacEntity extends HsOfficeRelation {
|
||||
"""))
|
||||
.withRestrictedViewOrderBy(SQL.expression(
|
||||
"(select idName from hs_office.person_iv p where p.uuid = target.holderUuid)"))
|
||||
.withUpdatableColumns("contactUuid")
|
||||
.withUpdatableColumns("anchorUuid", "holderUuid", "contactUuid")
|
||||
.importEntityAlias("anchorPerson", HsOfficePersonRbacEntity.class, usingDefaultCase(),
|
||||
dependsOnColumn("anchorUuid"),
|
||||
directlyFetchedByDependsOnColumn(),
|
||||
|
||||
@ -22,7 +22,7 @@ class RbacRbacSystemRebuildGenerator {
|
||||
void generateTo(final StringWriter plPgSql) {
|
||||
plPgSql.writeLn("""
|
||||
-- ============================================================================
|
||||
--changeset RbacRbacSystemRebuildGenerator:${liquibaseTagPrefix}-rbac-rebuild endDelimiter:--//
|
||||
--changeset RbacRbacSystemRebuildGenerator:${liquibaseTagPrefix}-rbac-rebuild runOnChange:true validCheckSum:ANY endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
-- HOWTO: Rebuild RBAC-system for table ${rawTableName} after changing its RBAC specification.
|
||||
|
||||
@ -19,7 +19,7 @@ public class RbacRestrictedViewGenerator {
|
||||
void generateTo(final StringWriter plPgSql) {
|
||||
plPgSql.writeLn("""
|
||||
-- ============================================================================
|
||||
--changeset RbacRestrictedViewGenerator:${liquibaseTagPrefix}-rbac-RESTRICTED-VIEW endDelimiter:--//
|
||||
--changeset RbacRestrictedViewGenerator:${liquibaseTagPrefix}-rbac-RESTRICTED-VIEW runOnChange:true validCheckSum:ANY endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call rbac.generateRbacRestrictedView('${rawTableName}',
|
||||
$orderBy$
|
||||
|
||||
@ -52,7 +52,7 @@ class RolesGrantsAndPermissionsGenerator {
|
||||
private void generateHeader(final StringWriter plPgSql, final String triggerType) {
|
||||
plPgSql.writeLn("""
|
||||
-- ============================================================================
|
||||
--changeset RolesGrantsAndPermissionsGenerator:${liquibaseTagPrefix}-rbac-${triggerType}-trigger endDelimiter:--//
|
||||
--changeset RolesGrantsAndPermissionsGenerator:${liquibaseTagPrefix}-rbac-${triggerType}-trigger runOnChange:true validCheckSum:ANY endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
""",
|
||||
with("liquibaseTagPrefix", liquibaseTagPrefix),
|
||||
@ -523,12 +523,11 @@ class RolesGrantsAndPermissionsGenerator {
|
||||
return NEW;
|
||||
end; $$;
|
||||
|
||||
create trigger build_rbac_system_after_insert_tg
|
||||
create or replace trigger build_rbac_system_after_insert_tg
|
||||
after insert on ${rawTableQualifiedName}
|
||||
for each row
|
||||
execute procedure ${rawTableQualifiedName}_build_rbac_system_after_insert_tf();
|
||||
"""
|
||||
.replace("${schemaPrefix}", schemaPrefix(qualifiedRawTableName))
|
||||
.replace("${rawTableQualifiedName}", qualifiedRawTableName)
|
||||
);
|
||||
|
||||
@ -558,7 +557,7 @@ class RolesGrantsAndPermissionsGenerator {
|
||||
return NEW;
|
||||
end; $$;
|
||||
|
||||
create trigger update_rbac_system_after_update_tg
|
||||
create or replace trigger update_rbac_system_after_update_tg
|
||||
after update on ${rawTableQualifiedName}
|
||||
for each row
|
||||
execute procedure ${rawTableQualifiedName}_update_rbac_system_after_update_tf();
|
||||
|
||||
@ -235,7 +235,7 @@ begin
|
||||
*/
|
||||
newColumns := 'new.' || replace(columnNames, ', ', ', new.');
|
||||
sql := format($sql$
|
||||
create function %1$s_instead_of_insert_tf()
|
||||
create or replace function %1$s_instead_of_insert_tf()
|
||||
returns trigger
|
||||
language plpgsql as $f$
|
||||
declare
|
||||
@ -254,7 +254,7 @@ begin
|
||||
Creates an instead of insert trigger for the restricted view.
|
||||
*/
|
||||
sql := format($sql$
|
||||
create trigger instead_of_insert_tg
|
||||
create or replace trigger instead_of_insert_tg
|
||||
instead of insert
|
||||
on %1$s_rv
|
||||
for each row
|
||||
@ -266,7 +266,7 @@ begin
|
||||
Instead of delete trigger function for the restricted view.
|
||||
*/
|
||||
sql := format($sql$
|
||||
create function %1$s_instead_of_delete_tf()
|
||||
create or replace function %1$s_instead_of_delete_tf()
|
||||
returns trigger
|
||||
language plpgsql as $f$
|
||||
begin
|
||||
@ -283,7 +283,7 @@ begin
|
||||
Creates an instead of delete trigger for the restricted view.
|
||||
*/
|
||||
sql := format($sql$
|
||||
create trigger instead_of_delete_tg
|
||||
create or replace trigger instead_of_delete_tg
|
||||
instead of delete
|
||||
on %1$s_rv
|
||||
for each row
|
||||
@ -297,7 +297,7 @@ begin
|
||||
*/
|
||||
if columnUpdates is not null then
|
||||
sql := format($sql$
|
||||
create function %1$s_instead_of_update_tf()
|
||||
create or replace function %1$s_instead_of_update_tf()
|
||||
returns trigger
|
||||
language plpgsql as $f$
|
||||
begin
|
||||
@ -316,7 +316,7 @@ begin
|
||||
Creates an instead of delete trigger for the restricted view.
|
||||
*/
|
||||
sql = format($sql$
|
||||
create trigger instead_of_update_tg
|
||||
create or replace trigger instead_of_update_tg
|
||||
instead of update
|
||||
on %1$s_rv
|
||||
for each row
|
||||
|
||||
@ -17,7 +17,7 @@ call rbac.generateRbacRoleDescriptors('rbactest.customer');
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RolesGrantsAndPermissionsGenerator:rbactest-customer-rbac-insert-trigger endDelimiter:--//
|
||||
--changeset RolesGrantsAndPermissionsGenerator:rbactest-customer-rbac-insert-trigger runOnChange:true validCheckSum:ANY endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
/*
|
||||
@ -69,7 +69,7 @@ begin
|
||||
return NEW;
|
||||
end; $$;
|
||||
|
||||
create trigger build_rbac_system_after_insert_tg
|
||||
create or replace trigger build_rbac_system_after_insert_tg
|
||||
after insert on rbactest.customer
|
||||
for each row
|
||||
execute procedure rbactest.customer_build_rbac_system_after_insert_tf();
|
||||
@ -165,7 +165,7 @@ call rbac.generateRbacIdentityViewFromProjection('rbactest.customer',
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RbacRestrictedViewGenerator:rbactest-customer-rbac-RESTRICTED-VIEW endDelimiter:--//
|
||||
--changeset RbacRestrictedViewGenerator:rbactest-customer-rbac-RESTRICTED-VIEW runOnChange:true validCheckSum:ANY endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call rbac.generateRbacRestrictedView('rbactest.customer',
|
||||
$orderBy$
|
||||
@ -180,7 +180,7 @@ call rbac.generateRbacRestrictedView('rbactest.customer',
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RbacRbacSystemRebuildGenerator:rbactest-customer-rbac-rebuild endDelimiter:--//
|
||||
--changeset RbacRbacSystemRebuildGenerator:rbactest-customer-rbac-rebuild runOnChange:true validCheckSum:ANY endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
-- HOWTO: Rebuild RBAC-system for table rbactest.customer after changing its RBAC specification.
|
||||
|
||||
@ -17,7 +17,7 @@ call rbac.generateRbacRoleDescriptors('rbactest.package');
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RolesGrantsAndPermissionsGenerator:rbactest-package-rbac-insert-trigger endDelimiter:--//
|
||||
--changeset RolesGrantsAndPermissionsGenerator:rbactest-package-rbac-insert-trigger runOnChange:true validCheckSum:ANY endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
/*
|
||||
@ -73,7 +73,7 @@ begin
|
||||
return NEW;
|
||||
end; $$;
|
||||
|
||||
create trigger build_rbac_system_after_insert_tg
|
||||
create or replace trigger build_rbac_system_after_insert_tg
|
||||
after insert on rbactest.package
|
||||
for each row
|
||||
execute procedure rbactest.package_build_rbac_system_after_insert_tf();
|
||||
@ -81,7 +81,7 @@ execute procedure rbactest.package_build_rbac_system_after_insert_tf();
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RolesGrantsAndPermissionsGenerator:rbactest-package-rbac-update-trigger endDelimiter:--//
|
||||
--changeset RolesGrantsAndPermissionsGenerator:rbactest-package-rbac-update-trigger runOnChange:true validCheckSum:ANY endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
/*
|
||||
@ -134,7 +134,7 @@ begin
|
||||
return NEW;
|
||||
end; $$;
|
||||
|
||||
create trigger update_rbac_system_after_update_tg
|
||||
create or replace trigger update_rbac_system_after_update_tg
|
||||
after update on rbactest.package
|
||||
for each row
|
||||
execute procedure rbactest.package_update_rbac_system_after_update_tf();
|
||||
@ -230,7 +230,7 @@ call rbac.generateRbacIdentityViewFromProjection('rbactest.package',
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RbacRestrictedViewGenerator:rbactest-package-rbac-RESTRICTED-VIEW endDelimiter:--//
|
||||
--changeset RbacRestrictedViewGenerator:rbactest-package-rbac-RESTRICTED-VIEW runOnChange:true validCheckSum:ANY endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call rbac.generateRbacRestrictedView('rbactest.package',
|
||||
$orderBy$
|
||||
@ -245,7 +245,7 @@ call rbac.generateRbacRestrictedView('rbactest.package',
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RbacRbacSystemRebuildGenerator:rbactest-package-rbac-rebuild endDelimiter:--//
|
||||
--changeset RbacRbacSystemRebuildGenerator:rbactest-package-rbac-rebuild runOnChange:true validCheckSum:ANY endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
-- HOWTO: Rebuild RBAC-system for table rbactest.package after changing its RBAC specification.
|
||||
|
||||
@ -17,7 +17,7 @@ call rbac.generateRbacRoleDescriptors('rbactest.domain');
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RolesGrantsAndPermissionsGenerator:rbactest-domain-rbac-insert-trigger endDelimiter:--//
|
||||
--changeset RolesGrantsAndPermissionsGenerator:rbactest-domain-rbac-insert-trigger runOnChange:true validCheckSum:ANY endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
/*
|
||||
@ -69,7 +69,7 @@ begin
|
||||
return NEW;
|
||||
end; $$;
|
||||
|
||||
create trigger build_rbac_system_after_insert_tg
|
||||
create or replace trigger build_rbac_system_after_insert_tg
|
||||
after insert on rbactest.domain
|
||||
for each row
|
||||
execute procedure rbactest.domain_build_rbac_system_after_insert_tf();
|
||||
@ -77,7 +77,7 @@ execute procedure rbactest.domain_build_rbac_system_after_insert_tf();
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RolesGrantsAndPermissionsGenerator:rbactest-domain-rbac-update-trigger endDelimiter:--//
|
||||
--changeset RolesGrantsAndPermissionsGenerator:rbactest-domain-rbac-update-trigger runOnChange:true validCheckSum:ANY endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
/*
|
||||
@ -133,7 +133,7 @@ begin
|
||||
return NEW;
|
||||
end; $$;
|
||||
|
||||
create trigger update_rbac_system_after_update_tg
|
||||
create or replace trigger update_rbac_system_after_update_tg
|
||||
after update on rbactest.domain
|
||||
for each row
|
||||
execute procedure rbactest.domain_update_rbac_system_after_update_tf();
|
||||
@ -229,7 +229,7 @@ call rbac.generateRbacIdentityViewFromProjection('rbactest.domain',
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RbacRestrictedViewGenerator:rbactest-domain-rbac-RESTRICTED-VIEW endDelimiter:--//
|
||||
--changeset RbacRestrictedViewGenerator:rbactest-domain-rbac-RESTRICTED-VIEW runOnChange:true validCheckSum:ANY endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call rbac.generateRbacRestrictedView('rbactest.domain',
|
||||
$orderBy$
|
||||
@ -244,7 +244,7 @@ call rbac.generateRbacRestrictedView('rbactest.domain',
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RbacRbacSystemRebuildGenerator:rbactest-domain-rbac-rebuild endDelimiter:--//
|
||||
--changeset RbacRbacSystemRebuildGenerator:rbactest-domain-rbac-rebuild runOnChange:true validCheckSum:ANY endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
-- HOWTO: Rebuild RBAC-system for table rbactest.domain after changing its RBAC specification.
|
||||
|
||||
@ -17,7 +17,7 @@ call rbac.generateRbacRoleDescriptors('hs_office.contact');
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RolesGrantsAndPermissionsGenerator:hs-office-contact-rbac-insert-trigger endDelimiter:--//
|
||||
--changeset RolesGrantsAndPermissionsGenerator:hs-office-contact-rbac-insert-trigger runOnChange:true validCheckSum:ANY endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
/*
|
||||
@ -69,7 +69,7 @@ begin
|
||||
return NEW;
|
||||
end; $$;
|
||||
|
||||
create trigger build_rbac_system_after_insert_tg
|
||||
create or replace trigger build_rbac_system_after_insert_tg
|
||||
after insert on hs_office.contact
|
||||
for each row
|
||||
execute procedure hs_office.contact_build_rbac_system_after_insert_tf();
|
||||
@ -88,7 +88,7 @@ call rbac.generateRbacIdentityViewFromProjection('hs_office.contact',
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RbacRestrictedViewGenerator:hs-office-contact-rbac-RESTRICTED-VIEW endDelimiter:--//
|
||||
--changeset RbacRestrictedViewGenerator:hs-office-contact-rbac-RESTRICTED-VIEW runOnChange:true validCheckSum:ANY endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call rbac.generateRbacRestrictedView('hs_office.contact',
|
||||
$orderBy$
|
||||
@ -104,7 +104,7 @@ call rbac.generateRbacRestrictedView('hs_office.contact',
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RbacRbacSystemRebuildGenerator:hs-office-contact-rbac-rebuild endDelimiter:--//
|
||||
--changeset RbacRbacSystemRebuildGenerator:hs-office-contact-rbac-rebuild runOnChange:true validCheckSum:ANY endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
-- HOWTO: Rebuild RBAC-system for table hs_office.contact after changing its RBAC specification.
|
||||
|
||||
@ -17,7 +17,7 @@ call rbac.generateRbacRoleDescriptors('hs_office.person');
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RolesGrantsAndPermissionsGenerator:hs-office-person-rbac-insert-trigger endDelimiter:--//
|
||||
--changeset RolesGrantsAndPermissionsGenerator:hs-office-person-rbac-insert-trigger runOnChange:true validCheckSum:ANY endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
/*
|
||||
@ -69,7 +69,7 @@ begin
|
||||
return NEW;
|
||||
end; $$;
|
||||
|
||||
create trigger build_rbac_system_after_insert_tg
|
||||
create or replace trigger build_rbac_system_after_insert_tg
|
||||
after insert on hs_office.person
|
||||
for each row
|
||||
execute procedure hs_office.person_build_rbac_system_after_insert_tf();
|
||||
@ -88,7 +88,7 @@ call rbac.generateRbacIdentityViewFromProjection('hs_office.person',
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RbacRestrictedViewGenerator:hs-office-person-rbac-RESTRICTED-VIEW endDelimiter:--//
|
||||
--changeset RbacRestrictedViewGenerator:hs-office-person-rbac-RESTRICTED-VIEW runOnChange:true validCheckSum:ANY endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call rbac.generateRbacRestrictedView('hs_office.person',
|
||||
$orderBy$
|
||||
@ -106,7 +106,7 @@ call rbac.generateRbacRestrictedView('hs_office.person',
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RbacRbacSystemRebuildGenerator:hs-office-person-rbac-rebuild endDelimiter:--//
|
||||
--changeset RbacRbacSystemRebuildGenerator:hs-office-person-rbac-rebuild runOnChange:true validCheckSum:ANY endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
-- HOWTO: Rebuild RBAC-system for table hs_office.person after changing its RBAC specification.
|
||||
|
||||
@ -17,7 +17,7 @@ call rbac.generateRbacRoleDescriptors('hs_office.relation');
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RolesGrantsAndPermissionsGenerator:hs-office-relation-rbac-insert-trigger endDelimiter:--//
|
||||
--changeset RolesGrantsAndPermissionsGenerator:hs-office-relation-rbac-insert-trigger runOnChange:true validCheckSum:ANY endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
/*
|
||||
@ -102,7 +102,7 @@ begin
|
||||
return NEW;
|
||||
end; $$;
|
||||
|
||||
create trigger build_rbac_system_after_insert_tg
|
||||
create or replace trigger build_rbac_system_after_insert_tg
|
||||
after insert on hs_office.relation
|
||||
for each row
|
||||
execute procedure hs_office.relation_build_rbac_system_after_insert_tf();
|
||||
@ -110,7 +110,7 @@ execute procedure hs_office.relation_build_rbac_system_after_insert_tf();
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RolesGrantsAndPermissionsGenerator:hs-office-relation-rbac-update-trigger endDelimiter:--//
|
||||
--changeset RolesGrantsAndPermissionsGenerator:hs-office-relation-rbac-update-trigger runOnChange:true validCheckSum:ANY endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
/*
|
||||
@ -124,7 +124,9 @@ create or replace procedure hs_office.relation_update_rbac_system(
|
||||
language plpgsql as $$
|
||||
begin
|
||||
|
||||
if NEW.contactUuid is distinct from OLD.contactUuid then
|
||||
if NEW.holderUuid is distinct from OLD.holderUuid
|
||||
or NEW.anchorUuid is distinct from OLD.anchorUuid
|
||||
or NEW.contactUuid is distinct from OLD.contactUuid then
|
||||
delete from rbac.grant g where g.grantedbytriggerof = OLD.uuid;
|
||||
call hs_office.relation_build_rbac_system(NEW);
|
||||
end if;
|
||||
@ -143,7 +145,7 @@ begin
|
||||
return NEW;
|
||||
end; $$;
|
||||
|
||||
create trigger update_rbac_system_after_update_tg
|
||||
create or replace trigger update_rbac_system_after_update_tg
|
||||
after update on hs_office.relation
|
||||
for each row
|
||||
execute procedure hs_office.relation_update_rbac_system_after_update_tf();
|
||||
@ -241,20 +243,22 @@ call rbac.generateRbacIdentityViewFromProjection('hs_office.relation',
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RbacRestrictedViewGenerator:hs-office-relation-rbac-RESTRICTED-VIEW endDelimiter:--//
|
||||
--changeset RbacRestrictedViewGenerator:hs-office-relation-rbac-RESTRICTED-VIEW runOnChange:true validCheckSum:ANY endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call rbac.generateRbacRestrictedView('hs_office.relation',
|
||||
$orderBy$
|
||||
(select idName from hs_office.person_iv p where p.uuid = target.holderUuid)
|
||||
$orderBy$,
|
||||
$updates$
|
||||
anchorUuid = new.anchorUuid,
|
||||
holderUuid = new.holderUuid,
|
||||
contactUuid = new.contactUuid
|
||||
$updates$);
|
||||
--//
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RbacRbacSystemRebuildGenerator:hs-office-relation-rbac-rebuild endDelimiter:--//
|
||||
--changeset RbacRbacSystemRebuildGenerator:hs-office-relation-rbac-rebuild runOnChange:true validCheckSum:ANY endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
-- HOWTO: Rebuild RBAC-system for table hs_office.relation after changing its RBAC specification.
|
||||
@ -305,3 +309,17 @@ END;
|
||||
$$;
|
||||
--//
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RbacRbacSystemRebuildGenerator:hs-office-relation-rbac-actually-rebuild runOnChange:true validCheckSum:ANY endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
begin transaction;
|
||||
call base.defineContext(
|
||||
're-creating RBAC for table hs_office.relation',
|
||||
null,
|
||||
'superuser-alex@hostsharing.net' -- FIXME: use env-var
|
||||
);
|
||||
call hs_office.relation_rebuild_rbac_system();
|
||||
commit;
|
||||
--//
|
||||
|
||||
@ -17,7 +17,7 @@ call rbac.generateRbacRoleDescriptors('hs_office.partner');
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RolesGrantsAndPermissionsGenerator:hs-office-partner-rbac-insert-trigger endDelimiter:--//
|
||||
--changeset RolesGrantsAndPermissionsGenerator:hs-office-partner-rbac-insert-trigger runOnChange:true validCheckSum:ANY endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
/*
|
||||
@ -65,7 +65,7 @@ begin
|
||||
return NEW;
|
||||
end; $$;
|
||||
|
||||
create trigger build_rbac_system_after_insert_tg
|
||||
create or replace trigger build_rbac_system_after_insert_tg
|
||||
after insert on hs_office.partner
|
||||
for each row
|
||||
execute procedure hs_office.partner_build_rbac_system_after_insert_tf();
|
||||
@ -73,7 +73,7 @@ execute procedure hs_office.partner_build_rbac_system_after_insert_tf();
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RolesGrantsAndPermissionsGenerator:hs-office-partner-rbac-update-trigger endDelimiter:--//
|
||||
--changeset RolesGrantsAndPermissionsGenerator:hs-office-partner-rbac-update-trigger runOnChange:true validCheckSum:ANY endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
/*
|
||||
@ -146,7 +146,7 @@ begin
|
||||
return NEW;
|
||||
end; $$;
|
||||
|
||||
create trigger update_rbac_system_after_update_tg
|
||||
create or replace trigger update_rbac_system_after_update_tg
|
||||
after update on hs_office.partner
|
||||
for each row
|
||||
execute procedure hs_office.partner_update_rbac_system_after_update_tf();
|
||||
@ -242,7 +242,7 @@ call rbac.generateRbacIdentityViewFromProjection('hs_office.partner',
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RbacRestrictedViewGenerator:hs-office-partner-rbac-RESTRICTED-VIEW endDelimiter:--//
|
||||
--changeset RbacRestrictedViewGenerator:hs-office-partner-rbac-RESTRICTED-VIEW runOnChange:true validCheckSum:ANY endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call rbac.generateRbacRestrictedView('hs_office.partner',
|
||||
$orderBy$
|
||||
@ -255,7 +255,7 @@ call rbac.generateRbacRestrictedView('hs_office.partner',
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RbacRbacSystemRebuildGenerator:hs-office-partner-rbac-rebuild endDelimiter:--//
|
||||
--changeset RbacRbacSystemRebuildGenerator:hs-office-partner-rbac-rebuild runOnChange:true validCheckSum:ANY endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
-- HOWTO: Rebuild RBAC-system for table hs_office.partner after changing its RBAC specification.
|
||||
|
||||
@ -17,7 +17,7 @@ call rbac.generateRbacRoleDescriptors('hs_office.partner_details');
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RolesGrantsAndPermissionsGenerator:hs-office-partner-details-rbac-insert-trigger endDelimiter:--//
|
||||
--changeset RolesGrantsAndPermissionsGenerator:hs-office-partner-details-rbac-insert-trigger runOnChange:true validCheckSum:ANY endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
/*
|
||||
@ -50,7 +50,7 @@ begin
|
||||
return NEW;
|
||||
end; $$;
|
||||
|
||||
create trigger build_rbac_system_after_insert_tg
|
||||
create or replace trigger build_rbac_system_after_insert_tg
|
||||
after insert on hs_office.partner_details
|
||||
for each row
|
||||
execute procedure hs_office.partner_details_build_rbac_system_after_insert_tf();
|
||||
@ -149,7 +149,7 @@ call rbac.generateRbacIdentityViewFromQuery('hs_office.partner_details',
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RbacRestrictedViewGenerator:hs-office-partner-details-rbac-RESTRICTED-VIEW endDelimiter:--//
|
||||
--changeset RbacRestrictedViewGenerator:hs-office-partner-details-rbac-RESTRICTED-VIEW runOnChange:true validCheckSum:ANY endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call rbac.generateRbacRestrictedView('hs_office.partner_details',
|
||||
$orderBy$
|
||||
@ -167,7 +167,7 @@ call rbac.generateRbacRestrictedView('hs_office.partner_details',
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RbacRbacSystemRebuildGenerator:hs-office-partner-details-rbac-rebuild endDelimiter:--//
|
||||
--changeset RbacRbacSystemRebuildGenerator:hs-office-partner-details-rbac-rebuild runOnChange:true validCheckSum:ANY endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
-- HOWTO: Rebuild RBAC-system for table hs_office.partner_details after changing its RBAC specification.
|
||||
|
||||
@ -17,7 +17,7 @@ call rbac.generateRbacRoleDescriptors('hs_office.bankaccount');
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RolesGrantsAndPermissionsGenerator:hs-office-bankaccount-rbac-insert-trigger endDelimiter:--//
|
||||
--changeset RolesGrantsAndPermissionsGenerator:hs-office-bankaccount-rbac-insert-trigger runOnChange:true validCheckSum:ANY endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
/*
|
||||
@ -69,7 +69,7 @@ begin
|
||||
return NEW;
|
||||
end; $$;
|
||||
|
||||
create trigger build_rbac_system_after_insert_tg
|
||||
create or replace trigger build_rbac_system_after_insert_tg
|
||||
after insert on hs_office.bankaccount
|
||||
for each row
|
||||
execute procedure hs_office.bankaccount_build_rbac_system_after_insert_tf();
|
||||
@ -88,7 +88,7 @@ call rbac.generateRbacIdentityViewFromProjection('hs_office.bankaccount',
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RbacRestrictedViewGenerator:hs-office-bankaccount-rbac-RESTRICTED-VIEW endDelimiter:--//
|
||||
--changeset RbacRestrictedViewGenerator:hs-office-bankaccount-rbac-RESTRICTED-VIEW runOnChange:true validCheckSum:ANY endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call rbac.generateRbacRestrictedView('hs_office.bankaccount',
|
||||
$orderBy$
|
||||
@ -103,7 +103,7 @@ call rbac.generateRbacRestrictedView('hs_office.bankaccount',
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RbacRbacSystemRebuildGenerator:hs-office-bankaccount-rbac-rebuild endDelimiter:--//
|
||||
--changeset RbacRbacSystemRebuildGenerator:hs-office-bankaccount-rbac-rebuild runOnChange:true validCheckSum:ANY endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
-- HOWTO: Rebuild RBAC-system for table hs_office.bankaccount after changing its RBAC specification.
|
||||
|
||||
@ -17,7 +17,7 @@ call rbac.generateRbacRoleDescriptors('hs_office.debitor');
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RolesGrantsAndPermissionsGenerator:hs-office-debitor-rbac-insert-trigger endDelimiter:--//
|
||||
--changeset RolesGrantsAndPermissionsGenerator:hs-office-debitor-rbac-insert-trigger runOnChange:true validCheckSum:ANY endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
/*
|
||||
@ -77,7 +77,7 @@ begin
|
||||
return NEW;
|
||||
end; $$;
|
||||
|
||||
create trigger build_rbac_system_after_insert_tg
|
||||
create or replace trigger build_rbac_system_after_insert_tg
|
||||
after insert on hs_office.debitor
|
||||
for each row
|
||||
execute procedure hs_office.debitor_build_rbac_system_after_insert_tf();
|
||||
@ -85,7 +85,7 @@ execute procedure hs_office.debitor_build_rbac_system_after_insert_tf();
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RolesGrantsAndPermissionsGenerator:hs-office-debitor-rbac-update-trigger endDelimiter:--//
|
||||
--changeset RolesGrantsAndPermissionsGenerator:hs-office-debitor-rbac-update-trigger runOnChange:true validCheckSum:ANY endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
/*
|
||||
@ -119,7 +119,7 @@ begin
|
||||
return NEW;
|
||||
end; $$;
|
||||
|
||||
create trigger update_rbac_system_after_update_tg
|
||||
create or replace trigger update_rbac_system_after_update_tg
|
||||
after update on hs_office.debitor
|
||||
for each row
|
||||
execute procedure hs_office.debitor_update_rbac_system_after_update_tf();
|
||||
@ -224,7 +224,7 @@ call rbac.generateRbacIdentityViewFromQuery('hs_office.debitor',
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RbacRestrictedViewGenerator:hs-office-debitor-rbac-RESTRICTED-VIEW endDelimiter:--//
|
||||
--changeset RbacRestrictedViewGenerator:hs-office-debitor-rbac-RESTRICTED-VIEW runOnChange:true validCheckSum:ANY endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call rbac.generateRbacRestrictedView('hs_office.debitor',
|
||||
$orderBy$
|
||||
@ -244,7 +244,7 @@ call rbac.generateRbacRestrictedView('hs_office.debitor',
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RbacRbacSystemRebuildGenerator:hs-office-debitor-rbac-rebuild endDelimiter:--//
|
||||
--changeset RbacRbacSystemRebuildGenerator:hs-office-debitor-rbac-rebuild runOnChange:true validCheckSum:ANY endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
-- HOWTO: Rebuild RBAC-system for table hs_office.debitor after changing its RBAC specification.
|
||||
|
||||
@ -17,7 +17,7 @@ call rbac.generateRbacRoleDescriptors('hs_office.sepamandate');
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RolesGrantsAndPermissionsGenerator:hs-office-sepamandate-rbac-insert-trigger endDelimiter:--//
|
||||
--changeset RolesGrantsAndPermissionsGenerator:hs-office-sepamandate-rbac-insert-trigger runOnChange:true validCheckSum:ANY endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
/*
|
||||
@ -94,7 +94,7 @@ begin
|
||||
return NEW;
|
||||
end; $$;
|
||||
|
||||
create trigger build_rbac_system_after_insert_tg
|
||||
create or replace trigger build_rbac_system_after_insert_tg
|
||||
after insert on hs_office.sepamandate
|
||||
for each row
|
||||
execute procedure hs_office.sepamandate_build_rbac_system_after_insert_tf();
|
||||
@ -198,7 +198,7 @@ call rbac.generateRbacIdentityViewFromQuery('hs_office.sepamandate',
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RbacRestrictedViewGenerator:hs-office-sepamandate-rbac-RESTRICTED-VIEW endDelimiter:--//
|
||||
--changeset RbacRestrictedViewGenerator:hs-office-sepamandate-rbac-RESTRICTED-VIEW runOnChange:true validCheckSum:ANY endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call rbac.generateRbacRestrictedView('hs_office.sepamandate',
|
||||
$orderBy$
|
||||
@ -213,7 +213,7 @@ call rbac.generateRbacRestrictedView('hs_office.sepamandate',
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RbacRbacSystemRebuildGenerator:hs-office-sepamandate-rbac-rebuild endDelimiter:--//
|
||||
--changeset RbacRbacSystemRebuildGenerator:hs-office-sepamandate-rbac-rebuild runOnChange:true validCheckSum:ANY endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
-- HOWTO: Rebuild RBAC-system for table hs_office.sepamandate after changing its RBAC specification.
|
||||
|
||||
@ -17,7 +17,7 @@ call rbac.generateRbacRoleDescriptors('hs_office.membership');
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RolesGrantsAndPermissionsGenerator:hs-office-membership-rbac-insert-trigger endDelimiter:--//
|
||||
--changeset RolesGrantsAndPermissionsGenerator:hs-office-membership-rbac-insert-trigger runOnChange:true validCheckSum:ANY endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
/*
|
||||
@ -81,7 +81,7 @@ begin
|
||||
return NEW;
|
||||
end; $$;
|
||||
|
||||
create trigger build_rbac_system_after_insert_tg
|
||||
create or replace trigger build_rbac_system_after_insert_tg
|
||||
after insert on hs_office.membership
|
||||
for each row
|
||||
execute procedure hs_office.membership_build_rbac_system_after_insert_tf();
|
||||
@ -180,7 +180,7 @@ call rbac.generateRbacIdentityViewFromQuery('hs_office.membership',
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RbacRestrictedViewGenerator:hs-office-membership-rbac-RESTRICTED-VIEW endDelimiter:--//
|
||||
--changeset RbacRestrictedViewGenerator:hs-office-membership-rbac-RESTRICTED-VIEW runOnChange:true validCheckSum:ANY endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call rbac.generateRbacRestrictedView('hs_office.membership',
|
||||
$orderBy$
|
||||
@ -195,7 +195,7 @@ call rbac.generateRbacRestrictedView('hs_office.membership',
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RbacRbacSystemRebuildGenerator:hs-office-membership-rbac-rebuild endDelimiter:--//
|
||||
--changeset RbacRbacSystemRebuildGenerator:hs-office-membership-rbac-rebuild runOnChange:true validCheckSum:ANY endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
-- HOWTO: Rebuild RBAC-system for table hs_office.membership after changing its RBAC specification.
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset michael.hoennig:hs-office-membership-TEST-DATA-GENERATOR endDelimiter:--//
|
||||
--changeset michael.hoennig:hs-office-membership-TEST-DATA-GENERATOR runOnChange:true validCheckSum:ANY endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
/*
|
||||
@ -11,7 +11,8 @@
|
||||
create or replace procedure hs_office.membership_create_test_data(
|
||||
forPartnerNumber numeric(5),
|
||||
newMemberNumberSuffix char(2),
|
||||
validity daterange)
|
||||
newValidity daterange,
|
||||
newStatus hs_office.HsOfficeMembershipStatus)
|
||||
language plpgsql as $$
|
||||
declare
|
||||
relatedPartner hs_office.partner;
|
||||
@ -21,24 +22,35 @@ begin
|
||||
|
||||
raise notice 'creating test Membership: M-% %', forPartnerNumber, newMemberNumberSuffix;
|
||||
raise notice '- using partner (%): %', relatedPartner.uuid, relatedPartner;
|
||||
insert
|
||||
into hs_office.membership (uuid, partneruuid, memberNumberSuffix, validity, status)
|
||||
values (uuid_generate_v4(), relatedPartner.uuid, newMemberNumberSuffix, validity, 'ACTIVE');
|
||||
if not exists (select true
|
||||
from hs_office.membership
|
||||
where partneruuid = relatedPartner.uuid and memberNumberSuffix = newMemberNumberSuffix)
|
||||
then
|
||||
insert into hs_office.membership (uuid, partneruuid, memberNumberSuffix, validity, status)
|
||||
values (uuid_generate_v4(), relatedPartner.uuid, newMemberNumberSuffix,
|
||||
newValidity, newStatus);
|
||||
else
|
||||
update hs_office.membership
|
||||
set memberNumberSuffix = newMemberNumberSuffix,
|
||||
validity = newValidity,
|
||||
status = newStatus
|
||||
where partneruuid = relatedPartner.uuid;
|
||||
end if;
|
||||
end; $$;
|
||||
--//
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset michael.hoennig:hs-office-membership-TEST-DATA-GENERATION context:!without-test-data endDelimiter:--//
|
||||
--changeset michael.hoennig:hs-office-membership-TEST-DATA-GENERATION runOnChange:true validCheckSum:ANY context:!without-test-data endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
do language plpgsql $$
|
||||
begin
|
||||
call base.defineContext('creating Membership test-data', null, 'superuser-alex@hostsharing.net', 'rbac.global#global:ADMIN');
|
||||
|
||||
call hs_office.membership_create_test_data(10001, '01', daterange('20221001' , '20241231', '[)'));
|
||||
call hs_office.membership_create_test_data(10002, '02', daterange('20221001' , '20251231', '[]'));
|
||||
call hs_office.membership_create_test_data(10003, '03', daterange('20221001' , null, '[]'));
|
||||
call hs_office.membership_create_test_data(10001, '01', daterange('20221001' , '20241231', '[)'), 'CANCELLED');
|
||||
call hs_office.membership_create_test_data(10002, '02', daterange('20221001' , '20251231', '[]'), 'CANCELLED');
|
||||
call hs_office.membership_create_test_data(10003, '03', daterange('20221001' , null, '[]'), 'ACTIVE');
|
||||
end;
|
||||
$$;
|
||||
--//
|
||||
|
||||
@ -17,7 +17,7 @@ call rbac.generateRbacRoleDescriptors('hs_office.coopsharetx');
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RolesGrantsAndPermissionsGenerator:hs-office-coopsharetx-rbac-insert-trigger endDelimiter:--//
|
||||
--changeset RolesGrantsAndPermissionsGenerator:hs-office-coopsharetx-rbac-insert-trigger runOnChange:true validCheckSum:ANY endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
/*
|
||||
@ -57,7 +57,7 @@ begin
|
||||
return NEW;
|
||||
end; $$;
|
||||
|
||||
create trigger build_rbac_system_after_insert_tg
|
||||
create or replace trigger build_rbac_system_after_insert_tg
|
||||
after insert on hs_office.coopsharetx
|
||||
for each row
|
||||
execute procedure hs_office.coopsharetx_build_rbac_system_after_insert_tf();
|
||||
@ -153,7 +153,7 @@ call rbac.generateRbacIdentityViewFromProjection('hs_office.coopsharetx',
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RbacRestrictedViewGenerator:hs-office-coopsharetx-rbac-RESTRICTED-VIEW endDelimiter:--//
|
||||
--changeset RbacRestrictedViewGenerator:hs-office-coopsharetx-rbac-RESTRICTED-VIEW runOnChange:true validCheckSum:ANY endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call rbac.generateRbacRestrictedView('hs_office.coopsharetx',
|
||||
$orderBy$
|
||||
@ -166,7 +166,7 @@ call rbac.generateRbacRestrictedView('hs_office.coopsharetx',
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RbacRbacSystemRebuildGenerator:hs-office-coopsharetx-rbac-rebuild endDelimiter:--//
|
||||
--changeset RbacRbacSystemRebuildGenerator:hs-office-coopsharetx-rbac-rebuild runOnChange:true validCheckSum:ANY endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
-- HOWTO: Rebuild RBAC-system for table hs_office.coopsharetx after changing its RBAC specification.
|
||||
|
||||
@ -17,7 +17,7 @@ call rbac.generateRbacRoleDescriptors('hs_office.coopassettx');
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RolesGrantsAndPermissionsGenerator:hs-office-coopassettx-rbac-insert-trigger endDelimiter:--//
|
||||
--changeset RolesGrantsAndPermissionsGenerator:hs-office-coopassettx-rbac-insert-trigger runOnChange:true validCheckSum:ANY endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
/*
|
||||
@ -57,7 +57,7 @@ begin
|
||||
return NEW;
|
||||
end; $$;
|
||||
|
||||
create trigger build_rbac_system_after_insert_tg
|
||||
create or replace trigger build_rbac_system_after_insert_tg
|
||||
after insert on hs_office.coopassettx
|
||||
for each row
|
||||
execute procedure hs_office.coopassettx_build_rbac_system_after_insert_tf();
|
||||
@ -153,7 +153,7 @@ call rbac.generateRbacIdentityViewFromProjection('hs_office.coopassettx',
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RbacRestrictedViewGenerator:hs-office-coopassettx-rbac-RESTRICTED-VIEW endDelimiter:--//
|
||||
--changeset RbacRestrictedViewGenerator:hs-office-coopassettx-rbac-RESTRICTED-VIEW runOnChange:true validCheckSum:ANY endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call rbac.generateRbacRestrictedView('hs_office.coopassettx',
|
||||
$orderBy$
|
||||
@ -166,7 +166,7 @@ call rbac.generateRbacRestrictedView('hs_office.coopassettx',
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RbacRbacSystemRebuildGenerator:hs-office-coopassettx-rbac-rebuild endDelimiter:--//
|
||||
--changeset RbacRbacSystemRebuildGenerator:hs-office-coopassettx-rbac-rebuild runOnChange:true validCheckSum:ANY endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
-- HOWTO: Rebuild RBAC-system for table hs_office.coopassettx after changing its RBAC specification.
|
||||
|
||||
@ -17,7 +17,7 @@ call rbac.generateRbacRoleDescriptors('hs_booking.project');
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RolesGrantsAndPermissionsGenerator:hs-booking-project-rbac-insert-trigger endDelimiter:--//
|
||||
--changeset RolesGrantsAndPermissionsGenerator:hs-booking-project-rbac-insert-trigger runOnChange:true validCheckSum:ANY endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
/*
|
||||
@ -88,7 +88,7 @@ begin
|
||||
return NEW;
|
||||
end; $$;
|
||||
|
||||
create trigger build_rbac_system_after_insert_tg
|
||||
create or replace trigger build_rbac_system_after_insert_tg
|
||||
after insert on hs_booking.project
|
||||
for each row
|
||||
execute procedure hs_booking.project_build_rbac_system_after_insert_tf();
|
||||
@ -192,7 +192,7 @@ call rbac.generateRbacIdentityViewFromQuery('hs_booking.project',
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RbacRestrictedViewGenerator:hs-booking-project-rbac-RESTRICTED-VIEW endDelimiter:--//
|
||||
--changeset RbacRestrictedViewGenerator:hs-booking-project-rbac-RESTRICTED-VIEW runOnChange:true validCheckSum:ANY endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call rbac.generateRbacRestrictedView('hs_booking.project',
|
||||
$orderBy$
|
||||
@ -206,7 +206,7 @@ call rbac.generateRbacRestrictedView('hs_booking.project',
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RbacRbacSystemRebuildGenerator:hs-booking-project-rbac-rebuild endDelimiter:--//
|
||||
--changeset RbacRbacSystemRebuildGenerator:hs-booking-project-rbac-rebuild runOnChange:true validCheckSum:ANY endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
-- HOWTO: Rebuild RBAC-system for table hs_booking.project after changing its RBAC specification.
|
||||
|
||||
@ -17,7 +17,7 @@ call rbac.generateRbacRoleDescriptors('hs_booking.item');
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RolesGrantsAndPermissionsGenerator:hs-booking-item-rbac-insert-trigger endDelimiter:--//
|
||||
--changeset RolesGrantsAndPermissionsGenerator:hs-booking-item-rbac-insert-trigger runOnChange:true validCheckSum:ANY endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
/*
|
||||
@ -87,7 +87,7 @@ begin
|
||||
return NEW;
|
||||
end; $$;
|
||||
|
||||
create trigger build_rbac_system_after_insert_tg
|
||||
create or replace trigger build_rbac_system_after_insert_tg
|
||||
after insert on hs_booking.item
|
||||
for each row
|
||||
execute procedure hs_booking.item_build_rbac_system_after_insert_tf();
|
||||
@ -261,7 +261,7 @@ call rbac.generateRbacIdentityViewFromProjection('hs_booking.item',
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RbacRestrictedViewGenerator:hs-booking-item-rbac-RESTRICTED-VIEW endDelimiter:--//
|
||||
--changeset RbacRestrictedViewGenerator:hs-booking-item-rbac-RESTRICTED-VIEW runOnChange:true validCheckSum:ANY endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call rbac.generateRbacRestrictedView('hs_booking.item',
|
||||
$orderBy$
|
||||
@ -277,7 +277,7 @@ call rbac.generateRbacRestrictedView('hs_booking.item',
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RbacRbacSystemRebuildGenerator:hs-booking-item-rbac-rebuild endDelimiter:--//
|
||||
--changeset RbacRbacSystemRebuildGenerator:hs-booking-item-rbac-rebuild runOnChange:true validCheckSum:ANY endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
-- HOWTO: Rebuild RBAC-system for table hs_booking.item after changing its RBAC specification.
|
||||
|
||||
@ -17,7 +17,7 @@ call rbac.generateRbacRoleDescriptors('hs_hosting.asset');
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RolesGrantsAndPermissionsGenerator:hs-hosting-asset-rbac-insert-trigger endDelimiter:--//
|
||||
--changeset RolesGrantsAndPermissionsGenerator:hs-hosting-asset-rbac-insert-trigger runOnChange:true validCheckSum:ANY endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
/*
|
||||
@ -105,7 +105,7 @@ begin
|
||||
return NEW;
|
||||
end; $$;
|
||||
|
||||
create trigger build_rbac_system_after_insert_tg
|
||||
create or replace trigger build_rbac_system_after_insert_tg
|
||||
after insert on hs_hosting.asset
|
||||
for each row
|
||||
execute procedure hs_hosting.asset_build_rbac_system_after_insert_tf();
|
||||
@ -113,7 +113,7 @@ execute procedure hs_hosting.asset_build_rbac_system_after_insert_tf();
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RolesGrantsAndPermissionsGenerator:hs-hosting-asset-rbac-update-trigger endDelimiter:--//
|
||||
--changeset RolesGrantsAndPermissionsGenerator:hs-hosting-asset-rbac-update-trigger runOnChange:true validCheckSum:ANY endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
/*
|
||||
@ -147,7 +147,7 @@ begin
|
||||
return NEW;
|
||||
end; $$;
|
||||
|
||||
create trigger update_rbac_system_after_update_tg
|
||||
create or replace trigger update_rbac_system_after_update_tg
|
||||
after update on hs_hosting.asset
|
||||
for each row
|
||||
execute procedure hs_hosting.asset_update_rbac_system_after_update_tf();
|
||||
@ -166,7 +166,7 @@ call rbac.generateRbacIdentityViewFromProjection('hs_hosting.asset',
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RbacRestrictedViewGenerator:hs-hosting-asset-rbac-RESTRICTED-VIEW endDelimiter:--//
|
||||
--changeset RbacRestrictedViewGenerator:hs-hosting-asset-rbac-RESTRICTED-VIEW runOnChange:true validCheckSum:ANY endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
call rbac.generateRbacRestrictedView('hs_hosting.asset',
|
||||
$orderBy$
|
||||
@ -183,7 +183,7 @@ call rbac.generateRbacRestrictedView('hs_hosting.asset',
|
||||
|
||||
|
||||
-- ============================================================================
|
||||
--changeset RbacRbacSystemRebuildGenerator:hs-hosting-asset-rbac-rebuild endDelimiter:--//
|
||||
--changeset RbacRbacSystemRebuildGenerator:hs-hosting-asset-rbac-rebuild runOnChange:true validCheckSum:ANY endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
-- HOWTO: Rebuild RBAC-system for table hs_hosting.asset after changing its RBAC specification.
|
||||
|
||||
@ -37,6 +37,7 @@ import static org.springframework.test.context.jdbc.Sql.ExecutionPhase.BEFORE_TE
|
||||
@Tag("officeIntegrationTest")
|
||||
@DataJpaTest(properties = {
|
||||
"spring.datasource.url=jdbc:tc:postgresql:15.5-bookworm:///liquibaseMigrationTestTC",
|
||||
"hsadminng.superuser=${HSADMINNG_SUPERUSER:import-superuser@hostsharing.net}",
|
||||
"spring.liquibase.enabled=false" // @Sql should go first, Liquibase will be initialized programmatically
|
||||
})
|
||||
@DirtiesContext
|
||||
|
||||
@ -87,7 +87,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle
|
||||
"memberNumberSuffix": "01",
|
||||
"validFrom": "2022-10-01",
|
||||
"validTo": "2024-12-30",
|
||||
"status": "ACTIVE"
|
||||
"status": "CANCELLED"
|
||||
},
|
||||
{
|
||||
"partner": { "partnerNumber": "P-10002" },
|
||||
@ -95,7 +95,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle
|
||||
"memberNumberSuffix": "02",
|
||||
"validFrom": "2022-10-01",
|
||||
"validTo": "2025-12-31",
|
||||
"status": "ACTIVE"
|
||||
"status": "CANCELLED"
|
||||
},
|
||||
{
|
||||
"partner": { "partnerNumber": "P-10003" },
|
||||
@ -134,7 +134,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle
|
||||
"memberNumberSuffix": "01",
|
||||
"validFrom": "2022-10-01",
|
||||
"validTo": "2024-12-30",
|
||||
"status": "ACTIVE"
|
||||
"status": "CANCELLED"
|
||||
}
|
||||
]
|
||||
"""));
|
||||
@ -162,7 +162,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle
|
||||
"memberNumberSuffix": "02",
|
||||
"validFrom": "2022-10-01",
|
||||
"validTo": "2025-12-31",
|
||||
"status": "ACTIVE"
|
||||
"status": "CANCELLED"
|
||||
}
|
||||
]
|
||||
"""));
|
||||
@ -240,7 +240,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle
|
||||
"memberNumberSuffix": "01",
|
||||
"validFrom": "2022-10-01",
|
||||
"validTo": "2024-12-30",
|
||||
"status": "ACTIVE"
|
||||
"status": "CANCELLED"
|
||||
}
|
||||
""")); // @formatter:on
|
||||
}
|
||||
@ -326,7 +326,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle
|
||||
.matches(mandate -> {
|
||||
assertThat(mandate.getPartner().toShortString()).isEqualTo("P-10001");
|
||||
assertThat(mandate.getMemberNumberSuffix()).isEqualTo(givenMembership.getMemberNumberSuffix());
|
||||
assertThat(mandate.getValidity().asString()).isEqualTo("[2022-11-01,2026-01-01)");
|
||||
assertThat(mandate.getValidity().asString()).isEqualTo("[2025-02-01,2026-01-01)");
|
||||
assertThat(mandate.getStatus()).isEqualTo(CANCELLED);
|
||||
return true;
|
||||
});
|
||||
|
||||
@ -191,8 +191,8 @@ class HsOfficeMembershipRepositoryIntegrationTest extends ContextBasedTestWithCl
|
||||
// then
|
||||
exactlyTheseMembershipsAreReturned(
|
||||
result,
|
||||
"Membership(M-1000101, P-10001, [2022-10-01,2024-12-31), ACTIVE)",
|
||||
"Membership(M-1000202, P-10002, [2022-10-01,2026-01-01), ACTIVE)",
|
||||
"Membership(M-1000101, P-10001, [2022-10-01,2024-12-31), CANCELLED)",
|
||||
"Membership(M-1000202, P-10002, [2022-10-01,2026-01-01), CANCELLED)",
|
||||
"Membership(M-1000303, P-10003, [2022-10-01,), ACTIVE)");
|
||||
}
|
||||
|
||||
@ -208,7 +208,7 @@ class HsOfficeMembershipRepositoryIntegrationTest extends ContextBasedTestWithCl
|
||||
// then
|
||||
exactlyTheseMembershipsAreReturned(
|
||||
result,
|
||||
"Membership(M-1000101, P-10001, [2022-10-01,2024-12-31), ACTIVE)");
|
||||
"Membership(M-1000101, P-10001, [2022-10-01,2024-12-31), CANCELLED)");
|
||||
}
|
||||
|
||||
@Test
|
||||
@ -223,7 +223,7 @@ class HsOfficeMembershipRepositoryIntegrationTest extends ContextBasedTestWithCl
|
||||
assertThat(result)
|
||||
.isNotNull()
|
||||
.extracting(Object::toString)
|
||||
.isEqualTo("Membership(M-1000202, P-10002, [2022-10-01,2026-01-01), ACTIVE)");
|
||||
.isEqualTo("Membership(M-1000202, P-10002, [2022-10-01,2026-01-01), CANCELLED)");
|
||||
}
|
||||
|
||||
@Test
|
||||
@ -238,7 +238,7 @@ class HsOfficeMembershipRepositoryIntegrationTest extends ContextBasedTestWithCl
|
||||
assertThat(result)
|
||||
.isNotNull()
|
||||
.extracting(Object::toString)
|
||||
.isEqualTo("Membership(M-1000202, P-10002, [2022-10-01,2026-01-01), ACTIVE)");
|
||||
.isEqualTo("Membership(M-1000202, P-10002, [2022-10-01,2026-01-01), CANCELLED)");
|
||||
}
|
||||
|
||||
@Test
|
||||
@ -252,7 +252,7 @@ class HsOfficeMembershipRepositoryIntegrationTest extends ContextBasedTestWithCl
|
||||
// then
|
||||
exactlyTheseMembershipsAreReturned(
|
||||
result,
|
||||
"Membership(M-1000202, P-10002, [2022-10-01,2026-01-01), ACTIVE)");
|
||||
"Membership(M-1000202, P-10002, [2022-10-01,2026-01-01), CANCELLED)");
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -411,10 +411,10 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu
|
||||
});
|
||||
|
||||
// and an ex-partner-relation got created
|
||||
final var anchorpartnerPersonUUid = givenPartner.getPartnerRel().getAnchor().getUuid();
|
||||
assertThat(relationRepo.findRelationRelatedToPersonUuidRelationTypeMarkPersonAndContactData(anchorpartnerPersonUUid, EX_PARTNER, null, null, null))
|
||||
final var newPartnerPersonUuid = givenPartner.getPartnerRel().getHolder().getUuid();
|
||||
assertThat(relationRepo.findRelationRelatedToPersonUuidRelationTypeMarkPersonAndContactData(newPartnerPersonUuid, EX_PARTNER, null, null, null))
|
||||
.map(HsOfficeRelation::toShortString)
|
||||
.contains("rel(anchor='LP Hostsharing eG', type='EX_PARTNER', holder='UF Erben Bessler')");
|
||||
.contains("rel(anchor='NP Winkler, Paul', type='EX_PARTNER', holder='UF Erben Bessler')");
|
||||
}
|
||||
|
||||
@Test
|
||||
|
||||
@ -28,6 +28,7 @@ import static net.hostsharing.hsadminng.hs.office.person.HsOfficePersonType.NATU
|
||||
import static net.hostsharing.hsadminng.hs.office.person.HsOfficePersonType.UNINCORPORATED_FIRM;
|
||||
import static net.hostsharing.hsadminng.rbac.grant.RawRbacGrantEntity.distinctGrantDisplaysOf;
|
||||
import static net.hostsharing.hsadminng.rbac.role.RawRbacRoleEntity.distinctRoleNamesOf;
|
||||
import static net.hostsharing.hsadminng.rbac.role.RbacRoleType.ADMIN;
|
||||
import static net.hostsharing.hsadminng.rbac.test.JpaAttempt.attempt;
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
|
||||
@ -283,7 +284,44 @@ class HsOfficeRelationRepositoryIntegrationTest extends ContextBasedTestWithClea
|
||||
result.returnedValue(),
|
||||
"hs_office.contact#fifthcontact:ADMIN");
|
||||
|
||||
relationRbacRepo.deleteByUuid(givenRelation.getUuid());
|
||||
// FIXME relationRbacRepo.deleteByUuid(givenRelation.getUuid());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void hostsharingAdmin_withoutAssumedRole_canUpdateHolderOfArbitraryRelation() {
|
||||
// given
|
||||
context("superuser-alex@hostsharing.net");
|
||||
final var givenRelation = givenSomeTemporaryRelationBessler(
|
||||
"Bert", "fifth contact");
|
||||
final var oldHolderPerson = givenRelation.getHolder();
|
||||
final var newHolderPerson = personRepo.findPersonByOptionalNameLike("Paul").getFirst();
|
||||
assertThatRelationActuallyInDatabase(givenRelation);
|
||||
assertThatRelationIsVisibleForUserWithRole(
|
||||
givenRelation,
|
||||
givenRelation.getHolder().roleId(ADMIN));
|
||||
|
||||
// when
|
||||
final var result = jpaAttempt.transacted(() -> {
|
||||
context("superuser-alex@hostsharing.net");
|
||||
givenRelation.setHolder(newHolderPerson);
|
||||
return toCleanup(relationRbacRepo.save(givenRelation).load());
|
||||
});
|
||||
|
||||
// then
|
||||
result.assertSuccessful();
|
||||
assertThat(result.returnedValue().getHolder().getGivenName()).isEqualTo("Paul");
|
||||
assertThatRelationIsVisibleForUserWithRole(
|
||||
result.returnedValue(),
|
||||
"rbac.global#global:ADMIN");
|
||||
assertThatRelationIsVisibleForUserWithRole(
|
||||
result.returnedValue(),
|
||||
newHolderPerson.roleId(ADMIN));
|
||||
|
||||
assertThatRelationIsNotVisibleForUserWithRole(
|
||||
result.returnedValue(),
|
||||
oldHolderPerson.roleId(ADMIN));
|
||||
|
||||
// FIXME: relationRbacRepo.deleteByUuid(givenRelation.getUuid());
|
||||
}
|
||||
|
||||
@Test
|
||||
@ -296,13 +334,17 @@ class HsOfficeRelationRepositoryIntegrationTest extends ContextBasedTestWithClea
|
||||
givenRelation,
|
||||
"hs_office.relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerAnita:AGENT");
|
||||
assertThatRelationActuallyInDatabase(givenRelation);
|
||||
final var givenContact = contactRealRepo.findContactByOptionalCaptionLike("sixth contact")
|
||||
.stream()
|
||||
.findFirst()
|
||||
.orElseThrow();
|
||||
|
||||
// when
|
||||
final var result = jpaAttempt.transacted(() -> {
|
||||
context(
|
||||
"superuser-alex@hostsharing.net",
|
||||
"hs_office.relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerAnita:AGENT");
|
||||
givenRelation.setContact(null);
|
||||
givenRelation.setContact(givenContact);
|
||||
return relationRbacRepo.save(givenRelation);
|
||||
});
|
||||
|
||||
|
||||
@ -12129,8 +12129,8 @@ INSERT INTO hs_office.debitor (uuid, version, debitornumbersuffix, debitorreluui
|
||||
-- Data for Name: membership; Type: TABLE DATA; Schema: hs_office; Owner: postgres
|
||||
--
|
||||
|
||||
INSERT INTO hs_office.membership (uuid, version, partneruuid, membernumbersuffix, validity, status, membershipfeebillable) VALUES ('4330e211-e36c-45ec-9332-f7593ff42811', 0, 'c27d1b0c-7e43-4b64-ae69-4317f51023ba', '01', '[2022-10-01,)', 'ACTIVE', true);
|
||||
INSERT INTO hs_office.membership (uuid, version, partneruuid, membernumbersuffix, validity, status, membershipfeebillable) VALUES ('bed3c145-aa55-425f-9211-be9f5e9f4ebe', 0, '11583dae-da71-4786-a61d-d70f51ce988e', '02', '[2022-10-01,)', 'ACTIVE', true);
|
||||
INSERT INTO hs_office.membership (uuid, version, partneruuid, membernumbersuffix, validity, status, membershipfeebillable) VALUES ('4330e211-e36c-45ec-9332-f7593ff42811', 0, 'c27d1b0c-7e43-4b64-ae69-4317f51023ba', '01', '[2022-10-01,2025-01-01)', 'ACTIVE', true);
|
||||
INSERT INTO hs_office.membership (uuid, version, partneruuid, membernumbersuffix, validity, status, membershipfeebillable) VALUES ('bed3c145-aa55-425f-9211-be9f5e9f4ebe', 0, '11583dae-da71-4786-a61d-d70f51ce988e', '02', '[2022-10-01,2026-01-01)', 'ACTIVE', true);
|
||||
INSERT INTO hs_office.membership (uuid, version, partneruuid, membernumbersuffix, validity, status, membershipfeebillable) VALUES ('a42d61c5-7dad-4379-9dd9-39a8d21ddc32', 0, '7fe704c0-2e54-463e-891e-533f0274da76', '03', '[2022-10-01,)', 'ACTIVE', true);
|
||||
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user