ADR for exchanging the partner (+debitor) person

use the new partner-person for ex-partner-relation
move the changes to the RBACSpec generator
2025-03-02 17:00:18 +01:00 · 2025-02-26 11:50:47 +01:00 · 2025-02-26 10:57:15 +01:00 · 2025-02-26 10:56:52 +01:00 · 2025-02-26 09:13:14 +01:00 · 2025-02-26 09:13:00 +01:00
32 changed files with 307 additions and 124 deletions
--- a/.aliases
+++ b/.aliases
@ -109,8 +109,10 @@ function _gwTest1() {
    echo "RUNNING gw $@"
    printf -- '-%0.s' {1..80}; echo
    ./gradlew "$@"
    local buildResultCode=$?
    printf -- '-%0.s' {1..80}; echo
    echo "DONE gw $@"
    return $buildResultCode
 }
 function _gwTest() {
  . .aliases
--- a/doc/adr/2025-02-27-exchanging-the-partner-person.md
+++ b/doc/adr/2025-02-27-exchanging-the-partner-person.md
@ -0,0 +1,108 @@
 # Änderung eines Geschäftspartners oder Rechnungsempfängers (Debitor)
 **Status:**
 - [x] vorgeschlagen von (Michael Hönnig)
 - [ ] akzeptiert von (...)
 - [ ] abgelehnt von (...)
 - [ ] ersetzt durch (ersetzende ADR)
 ## Kontext und Problemstellung
 In vorgegebenen Datenmodell von Geschäftspartnern und Rechnungsempfängern (Debitor), das auch fachliche Rollen wie Repräsentant, technische Ansprechpartner oder   modellieren kann, stellt sich die Frage, wie eine Änderung der Geschäftspartner-Person effizient und konsistent umgesetzt werden kann.
 Diese fachlichen Rollen hängen jeweils an der Partner-Person.
 Ein konkretes Beispiel hierfür ist die Änderung von einer natürlichen Person, die verstorben ist, zu deren Erbengemeinschaft.
 **Hierbei stellte sich heraus, dass der die API-Bedienung sehr komplex und damit fehleranfällig ist, weil viele neue Objekte erzeugt und korrekt miteinander verbunden werden müssen. Dies wäre zudem nicht transaktionssicher.** 
 Angepasst werden müssen:
 1. alle Relations mit der alten Partner-Person:
 - die PARTNER-Relation
 - die DEBITOR-Relations (ggf. mehrere)
 - die OPERATIONS-Relations (ggf. mehrere)
 - die SUBSCRIBER-Relations (ggf. mehrere)
 - die REPRESENTATIVE-Relations (ggf. mehrere)
 - etc.
 2. Die PARTNER-Relation hat die Besonderheit, dass sie zusätzlich im Debitor ausgetauscht werden muss.
 3. Die DEBITOR-Relation die Besonderheit, dass sie zusätzlich im Debitor ausgetauscht werden muss.
 Daher sollen möglichst viele dieser *Neuverdrahtungen* im Backend gemacht werden.
 Und dafür braucht es dann eine zentrale Stelle, an der die Kaskade ausgelöst wird. 
 Derzeit gibt es zwei mögliche Varianten, diese Änderung dynamisch umzusetzen, die jeweils unterschiedliche Auswirkungen auf die API und die Zugriffsrechte haben.
 ### Technischer Hintergrund
 Zum Zeitpunkt der Erstellung dieses ADR existieren folgende relevante Entitäten:
 - **Person**: Natürliche oder juristische Person (Name, Firma, Anrede etc.)
 - **Contact**: Kontaktdaten einer fachlichen Rolle
 - **Relation**: Mit einem Typ (z.B. PARTNER, DEBITOR, REPRESENTATIVE) und Kontaktdaten versehene Beziehung von einer Person (Holder) zu einer anderen (Anchor)
 - **Partner**: Sind quasi Zusatzdaten einer PARTNER-Relation (derzeit nur die Partnernummer), welche eine Partner-Person mit der Hostsharing-Person verknüpft
 - **Debitor**: Sind quasi Zusatzdaten einer DEBITOR-Relation, welche eine Debitor-Person mit einer Partner-Person verknüpft
 Zugriffsrechte werden über ein hierarchisches, dynamisches RBAC-System gesteuert, bei dem der **OWNER** einer Entitäten-Instanz alle Rechte hat, **ADMIN** definierte Spalten aktualisieren darf, **AGENT** Verknüpfungen anlegen kann, und **TENANT**, **GUEST** sowie **REFERRER** nur Lesezugriff haben.
 Partner und Debitor nutzen dabei die RBAC-Rollen der zugehörigen Relations.
 ## In Betracht gezogene Optionen
 * **Variante 1:** Austausch der PARTNER-/DEBITOR-/OPERATIONS-/...-Relations gegen eine neue Relation für die Erbengemeinschaft als neuen Holder
 * **Variante 2:** Änderung des Holders in der bestehenden PARTNER-Relation auf die Erbengemeinschaft
 ### Variante 1: Austausch der Relations mit neuen Holdern
 Ein Austausch der bestehenden PARTNER-/DEBITOR-/OPERATIONS-/...-Relations mit einer neuen Relation, die die Erbengemeinschaft als neuen Holder referenziert.
 #### Vorteile
 - **Beibehaltung der API:** Dieses Verhalten ist bereits implementiert und benötigt keinen großen Umbau an der API, sondern nur eine Erweiterung um das Austauschen weiterer Relations
 - **UPDATE-Permission für AGENT:** Es wäre möglich, der AGENT-Rolle einer Relation UPDATE-Rechte an der Relation zu geben, weil nur der unkritisch Contact änderbar wäre.
 - **Übereinstimmung von Fachlichkeit und API**: Fachlich handelt es sich um den Austausch der Partner-Person, dazu passend wäre der Endpunkt, allerdings würde nicht direkt die Partner-Person ausgetauscht, sondern eine neue PARTNER-Relation mit der neuen Partner-Person eingesetzt werden.
 #### Nachteile
 - **Verlust expliziter GRANTs:** Gibt es explizite GRANTs an der PARTNER-Relation, gehen diese verloren, da die Relation ausgetauscht wird. Die Übernahme dieser expliziten Grants erfordert also einen zusätzlichen Implementationsaufwand.
 - **Divergenz zwischen Fachlichkeit und API:** Fachlich handelt es sich um den Austausch der Partner-Person, würde aber eine neue PARTNER-Relation dieser Person in den Partner eingesetzt werden. Das erfordert ein höheres Verständnis des Datenmodells.
 ### Variante 2: Änderung des Holders in der bestehenden PARTNER-Relation
 Die bestehende PARTNER-Relation bleibt erhalten, und der Holder wird von der verstorbenen Person auf die Erbengemeinschaft geändert.
 #### Vorteile
 - **Erhalt expliziter GRANTs:** Wer explizite Grants an der PARTNER-Relation oder DEBITOR-Relation vergeben hat, behält diese, da die Relation-Instanzen unverändert bleiben.
 - **Einheitliche API-Struktur:** Die REST-API für Änderungen gehört dann einheitlich zum Relation-Endpunkt, was der bestehenden Handhabung von Contact-Änderungen entspricht.
 - **Übereinstimmung von Fachlichkeit und API**: Fachlich handelt es sich um den Austausch der Partner-Person, genau das würde man dann an der API machen, wenn auch nicht am Partner selbst, sondern an der PARTNER-Relation.
 #### Nachteile
 - **Kein UPDATE durch Relation-AGENT:** Der Relation-AGENT darf nicht das Recht bekommen, den Holder auszutauschen. Da es keine Spalten-spezifischen Update-Rechte gibt, könnte dieser auch den Contact nicht mehr austauschen. Derzeit ist das aber auch nicht vorgesehen.
 - **Umbau der API:** Der Austausch einer Partner-Person würde vom Partner-Endpunkt (/api/hs/office/partner) zur Relation (/api/hs/office/partner) wandern, was ein größerer Umbau, auch bei den Tests wäre.
 - **Divergenz von Fachlichkeit und API**: Fachlich handelt es sich um den Austausch der Partner-Person, aber man würde die Person nicht am Partner selbst austauschen, sondern an der PARTNER-Relation.
 ## Entscheidung und Ergebnis
 **Entscheidung:** Noch kein klares Ergebnis
 **Begründung:**
 - Die meisten Vor- und Nachteile gleichen sich aus, was besonders bei der Übereinstimmung bzw. Divergenz zwischen Fachlichkeit und API zum Ausdruck kommt.
 - Diese Variante erfordert keinen grundsätzlichen Umbau der API und daher weniger aufwändig.
 - Ein großer Aufwand, nämlich die Übernahme der GRANTs, könnte sogar zunächst zurückgestellt werden.
 | Bereich                                                    | 1. Relations ersetzen | 2. Relations aktualisieren |
 |------------------------------------------------------------|----------------------:|---------------------------:|
 | **Aufwände**                                               |                       |                            |
 | Beibehaltung der API vs. Umbau, inkl. Risiko               |                       |                         -3 |
 | Anwendbar auf Partner-Person + Debitor-Person              |                       |                         +1 |
 | Aufwand für explizite Grants                               |                    -1 |                            |
 | **Zwischenergebnis für Aufwände**                          |                **-1** |                     **-2** |
 |                                                            |                       |                            | 
 | **Fachlichkeit/Einheitlichkeit etc.**                      |                       |                            |
 | Kongruenz von Fachlichkeit+API                             |                    +1 |                         -1 |
 | Einheitlichkeit/Generizität der API                        |                       |                         +1 |
 | Direktheit der API                                         |                       |                         +1 |
 | UPDATE Permission für Relation-AGENT möglich               |                    +1 |                            |
 | **Zwischenergebnis für Fachlichkeit/Einheitlichkeit etc.** |                **+2** |                     **+1** |
 |                                                            |                       |                            |
 | **Ergebnis**                                               |                **+1** |                     **-1** | 
--- a/src/main/java/net/hostsharing/hsadminng/hs/office/partner/HsOfficePartnerController.java
+++ b/src/main/java/net/hostsharing/hsadminng/hs/office/partner/HsOfficePartnerController.java
@ -170,8 +170,9 @@ public class HsOfficePartnerController implements HsOfficePartnersApi {
    private void optionallyCreateExPartnerRelation(final HsOfficePartnerRbacEntity saved, final HsOfficeRelationRealEntity previousPartnerRel) {
        if (!saved.getPartnerRel().getUuid().equals(previousPartnerRel.getUuid())) {
-            // TODO.impl: we also need to use the new partner-person as the anchor
+            relationRepo.save(previousPartnerRel.toBuilder().uuid(null)
-            relationRepo.save(previousPartnerRel.toBuilder().uuid(null).type(EX_PARTNER).build());
+                    .type(EX_PARTNER).anchor(saved.getPartnerRel().getHolder())
                    .build());
        }
    }
--- a/src/main/java/net/hostsharing/hsadminng/hs/office/relation/HsOfficeRelationRbacEntity.java
+++ b/src/main/java/net/hostsharing/hsadminng/hs/office/relation/HsOfficeRelationRbacEntity.java
@ -51,7 +51,7 @@ public class HsOfficeRelationRbacEntity extends HsOfficeRelation {
                        """))
                .withRestrictedViewOrderBy(SQL.expression(
                        "(select idName from hs_office.person_iv p where p.uuid = target.holderUuid)"))
-                .withUpdatableColumns("contactUuid")
+                .withUpdatableColumns("anchorUuid", "holderUuid", "contactUuid")
                .importEntityAlias("anchorPerson", HsOfficePersonRbacEntity.class, usingDefaultCase(),
                        dependsOnColumn("anchorUuid"),
                        directlyFetchedByDependsOnColumn(),
--- a/src/main/java/net/hostsharing/hsadminng/rbac/generator/RbacRbacSystemRebuildGenerator.java
+++ b/src/main/java/net/hostsharing/hsadminng/rbac/generator/RbacRbacSystemRebuildGenerator.java
@ -22,7 +22,7 @@ class RbacRbacSystemRebuildGenerator {
    void generateTo(final StringWriter plPgSql) {
        plPgSql.writeLn("""
                -- ============================================================================
-                --changeset RbacRbacSystemRebuildGenerator:${liquibaseTagPrefix}-rbac-rebuild endDelimiter:--//
+                --changeset RbacRbacSystemRebuildGenerator:${liquibaseTagPrefix}-rbac-rebuild runOnChange:true validCheckSum:ANY endDelimiter:--//
                -- ----------------------------------------------------------------------------
                -- HOWTO: Rebuild RBAC-system for table ${rawTableName} after changing its RBAC specification.
--- a/src/main/java/net/hostsharing/hsadminng/rbac/generator/RbacRestrictedViewGenerator.java
+++ b/src/main/java/net/hostsharing/hsadminng/rbac/generator/RbacRestrictedViewGenerator.java
@ -19,7 +19,7 @@ public class RbacRestrictedViewGenerator {
    void generateTo(final StringWriter plPgSql) {
        plPgSql.writeLn("""
                -- ============================================================================
-                --changeset RbacRestrictedViewGenerator:${liquibaseTagPrefix}-rbac-RESTRICTED-VIEW endDelimiter:--//
+                --changeset RbacRestrictedViewGenerator:${liquibaseTagPrefix}-rbac-RESTRICTED-VIEW runOnChange:true validCheckSum:ANY endDelimiter:--//
                -- ----------------------------------------------------------------------------
                call rbac.generateRbacRestrictedView('${rawTableName}',
                    $orderBy$
--- a/src/main/java/net/hostsharing/hsadminng/rbac/generator/RolesGrantsAndPermissionsGenerator.java
+++ b/src/main/java/net/hostsharing/hsadminng/rbac/generator/RolesGrantsAndPermissionsGenerator.java
@ -52,7 +52,7 @@ class RolesGrantsAndPermissionsGenerator {
    private void generateHeader(final StringWriter plPgSql, final String triggerType) {
        plPgSql.writeLn("""
                -- ============================================================================
-                --changeset RolesGrantsAndPermissionsGenerator:${liquibaseTagPrefix}-rbac-${triggerType}-trigger endDelimiter:--//
+                --changeset RolesGrantsAndPermissionsGenerator:${liquibaseTagPrefix}-rbac-${triggerType}-trigger runOnChange:true validCheckSum:ANY endDelimiter:--//
                -- ----------------------------------------------------------------------------
                """,
                with("liquibaseTagPrefix", liquibaseTagPrefix),
@ -523,12 +523,11 @@ class RolesGrantsAndPermissionsGenerator {
                    return NEW;
                end; $$;
-                create trigger build_rbac_system_after_insert_tg
+                create or replace trigger build_rbac_system_after_insert_tg
                    after insert on ${rawTableQualifiedName}
                    for each row
                execute procedure ${rawTableQualifiedName}_build_rbac_system_after_insert_tf();
                """
                .replace("${schemaPrefix}", schemaPrefix(qualifiedRawTableName))
                .replace("${rawTableQualifiedName}", qualifiedRawTableName)
        );
@ -558,7 +557,7 @@ class RolesGrantsAndPermissionsGenerator {
                    return NEW;
                end; $$;
-                create trigger update_rbac_system_after_update_tg
+                create or replace trigger update_rbac_system_after_update_tg
                    after update on ${rawTableQualifiedName}
                    for each row
                execute procedure ${rawTableQualifiedName}_update_rbac_system_after_update_tf();
--- a/src/main/resources/db/changelog/1-rbac/1058-rbac-generators.sql
+++ b/src/main/resources/db/changelog/1-rbac/1058-rbac-generators.sql
@ -235,7 +235,7 @@ begin
     */
    newColumns := 'new.' || replace(columnNames, ', ', ', new.');
    sql := format($sql$
-    create function %1$s_instead_of_insert_tf()
+    create or replace function %1$s_instead_of_insert_tf()
        returns trigger
        language plpgsql as $f$
    declare
@ -254,7 +254,7 @@ begin
        Creates an instead of insert trigger for the restricted view.
     */
    sql := format($sql$
-        create trigger instead_of_insert_tg
+        create or replace trigger instead_of_insert_tg
            instead of insert
            on %1$s_rv
            for each row
@ -266,7 +266,7 @@ begin
        Instead of delete trigger function for the restricted view.
     */
    sql := format($sql$
-        create function %1$s_instead_of_delete_tf()
+        create or replace function %1$s_instead_of_delete_tf()
            returns trigger
            language plpgsql as $f$
        begin
@ -283,7 +283,7 @@ begin
        Creates an instead of delete trigger for the restricted view.
     */
    sql := format($sql$
-        create trigger instead_of_delete_tg
+        create or replace trigger instead_of_delete_tg
            instead of delete
            on %1$s_rv
            for each row
@ -297,7 +297,7 @@ begin
     */
    if columnUpdates is not null then
        sql := format($sql$
-            create function %1$s_instead_of_update_tf()
+            create or replace function %1$s_instead_of_update_tf()
                returns trigger
                language plpgsql as $f$
            begin
@ -316,7 +316,7 @@ begin
            Creates an instead of delete trigger for the restricted view.
         */
        sql = format($sql$
-            create trigger instead_of_update_tg
+            create or replace trigger instead_of_update_tg
                instead of update
                on %1$s_rv
                for each row
--- a/src/main/resources/db/changelog/2-rbactest/201-rbactest-customer/2013-rbactest-customer-rbac.sql
+++ b/src/main/resources/db/changelog/2-rbactest/201-rbactest-customer/2013-rbactest-customer-rbac.sql
@ -17,7 +17,7 @@ call rbac.generateRbacRoleDescriptors('rbactest.customer');
 -- ============================================================================
--changeset RolesGrantsAndPermissionsGenerator:rbactest-customer-rbac-insert-trigger endDelimiter:--//
+--changeset RolesGrantsAndPermissionsGenerator:rbactest-customer-rbac-insert-trigger runOnChange:true validCheckSum:ANY endDelimiter:--//
 -- ----------------------------------------------------------------------------
 /*
@ -69,7 +69,7 @@ begin
    return NEW;
 end; $$;
-create trigger build_rbac_system_after_insert_tg
+create or replace trigger build_rbac_system_after_insert_tg
    after insert on rbactest.customer
    for each row
 execute procedure rbactest.customer_build_rbac_system_after_insert_tf();
@ -165,7 +165,7 @@ call rbac.generateRbacIdentityViewFromProjection('rbactest.customer',
 -- ============================================================================
--changeset RbacRestrictedViewGenerator:rbactest-customer-rbac-RESTRICTED-VIEW endDelimiter:--//
+--changeset RbacRestrictedViewGenerator:rbactest-customer-rbac-RESTRICTED-VIEW runOnChange:true validCheckSum:ANY endDelimiter:--//
 -- ----------------------------------------------------------------------------
 call rbac.generateRbacRestrictedView('rbactest.customer',
    $orderBy$
@ -180,7 +180,7 @@ call rbac.generateRbacRestrictedView('rbactest.customer',
 -- ============================================================================
--changeset RbacRbacSystemRebuildGenerator:rbactest-customer-rbac-rebuild endDelimiter:--//
+--changeset RbacRbacSystemRebuildGenerator:rbactest-customer-rbac-rebuild runOnChange:true validCheckSum:ANY endDelimiter:--//
 -- ----------------------------------------------------------------------------
 -- HOWTO: Rebuild RBAC-system for table rbactest.customer after changing its RBAC specification.
--- a/src/main/resources/db/changelog/2-rbactest/202-rbactest-package/2023-rbactest-package-rbac.sql
+++ b/src/main/resources/db/changelog/2-rbactest/202-rbactest-package/2023-rbactest-package-rbac.sql
@ -17,7 +17,7 @@ call rbac.generateRbacRoleDescriptors('rbactest.package');
 -- ============================================================================
--changeset RolesGrantsAndPermissionsGenerator:rbactest-package-rbac-insert-trigger endDelimiter:--//
+--changeset RolesGrantsAndPermissionsGenerator:rbactest-package-rbac-insert-trigger runOnChange:true validCheckSum:ANY endDelimiter:--//
 -- ----------------------------------------------------------------------------
 /*
@ -73,7 +73,7 @@ begin
    return NEW;
 end; $$;
-create trigger build_rbac_system_after_insert_tg
+create or replace trigger build_rbac_system_after_insert_tg
    after insert on rbactest.package
    for each row
 execute procedure rbactest.package_build_rbac_system_after_insert_tf();
@ -81,7 +81,7 @@ execute procedure rbactest.package_build_rbac_system_after_insert_tf();
 -- ============================================================================
--changeset RolesGrantsAndPermissionsGenerator:rbactest-package-rbac-update-trigger endDelimiter:--//
+--changeset RolesGrantsAndPermissionsGenerator:rbactest-package-rbac-update-trigger runOnChange:true validCheckSum:ANY endDelimiter:--//
 -- ----------------------------------------------------------------------------
 /*
@ -134,7 +134,7 @@ begin
    return NEW;
 end; $$;
-create trigger update_rbac_system_after_update_tg
+create or replace trigger update_rbac_system_after_update_tg
    after update on rbactest.package
    for each row
 execute procedure rbactest.package_update_rbac_system_after_update_tf();
@ -230,7 +230,7 @@ call rbac.generateRbacIdentityViewFromProjection('rbactest.package',
 -- ============================================================================
--changeset RbacRestrictedViewGenerator:rbactest-package-rbac-RESTRICTED-VIEW endDelimiter:--//
+--changeset RbacRestrictedViewGenerator:rbactest-package-rbac-RESTRICTED-VIEW runOnChange:true validCheckSum:ANY endDelimiter:--//
 -- ----------------------------------------------------------------------------
 call rbac.generateRbacRestrictedView('rbactest.package',
    $orderBy$
@ -245,7 +245,7 @@ call rbac.generateRbacRestrictedView('rbactest.package',
 -- ============================================================================
--changeset RbacRbacSystemRebuildGenerator:rbactest-package-rbac-rebuild endDelimiter:--//
+--changeset RbacRbacSystemRebuildGenerator:rbactest-package-rbac-rebuild runOnChange:true validCheckSum:ANY endDelimiter:--//
 -- ----------------------------------------------------------------------------
 -- HOWTO: Rebuild RBAC-system for table rbactest.package after changing its RBAC specification.
--- a/src/main/resources/db/changelog/2-rbactest/203-rbactest-domain/2033-rbactest-domain-rbac.sql
+++ b/src/main/resources/db/changelog/2-rbactest/203-rbactest-domain/2033-rbactest-domain-rbac.sql
@ -17,7 +17,7 @@ call rbac.generateRbacRoleDescriptors('rbactest.domain');
 -- ============================================================================
--changeset RolesGrantsAndPermissionsGenerator:rbactest-domain-rbac-insert-trigger endDelimiter:--//
+--changeset RolesGrantsAndPermissionsGenerator:rbactest-domain-rbac-insert-trigger runOnChange:true validCheckSum:ANY endDelimiter:--//
 -- ----------------------------------------------------------------------------
 /*
@ -69,7 +69,7 @@ begin
    return NEW;
 end; $$;
-create trigger build_rbac_system_after_insert_tg
+create or replace trigger build_rbac_system_after_insert_tg
    after insert on rbactest.domain
    for each row
 execute procedure rbactest.domain_build_rbac_system_after_insert_tf();
@ -77,7 +77,7 @@ execute procedure rbactest.domain_build_rbac_system_after_insert_tf();
 -- ============================================================================
--changeset RolesGrantsAndPermissionsGenerator:rbactest-domain-rbac-update-trigger endDelimiter:--//
+--changeset RolesGrantsAndPermissionsGenerator:rbactest-domain-rbac-update-trigger runOnChange:true validCheckSum:ANY endDelimiter:--//
 -- ----------------------------------------------------------------------------
 /*
@ -133,7 +133,7 @@ begin
    return NEW;
 end; $$;
-create trigger update_rbac_system_after_update_tg
+create or replace trigger update_rbac_system_after_update_tg
    after update on rbactest.domain
    for each row
 execute procedure rbactest.domain_update_rbac_system_after_update_tf();
@ -229,7 +229,7 @@ call rbac.generateRbacIdentityViewFromProjection('rbactest.domain',
 -- ============================================================================
--changeset RbacRestrictedViewGenerator:rbactest-domain-rbac-RESTRICTED-VIEW endDelimiter:--//
+--changeset RbacRestrictedViewGenerator:rbactest-domain-rbac-RESTRICTED-VIEW runOnChange:true validCheckSum:ANY endDelimiter:--//
 -- ----------------------------------------------------------------------------
 call rbac.generateRbacRestrictedView('rbactest.domain',
    $orderBy$
@ -244,7 +244,7 @@ call rbac.generateRbacRestrictedView('rbactest.domain',
 -- ============================================================================
--changeset RbacRbacSystemRebuildGenerator:rbactest-domain-rbac-rebuild endDelimiter:--//
+--changeset RbacRbacSystemRebuildGenerator:rbactest-domain-rbac-rebuild runOnChange:true validCheckSum:ANY endDelimiter:--//
 -- ----------------------------------------------------------------------------
 -- HOWTO: Rebuild RBAC-system for table rbactest.domain after changing its RBAC specification.
--- a/src/main/resources/db/changelog/5-hs-office/501-contact/5013-hs-office-contact-rbac.sql
+++ b/src/main/resources/db/changelog/5-hs-office/501-contact/5013-hs-office-contact-rbac.sql
@ -17,7 +17,7 @@ call rbac.generateRbacRoleDescriptors('hs_office.contact');
 -- ============================================================================
--changeset RolesGrantsAndPermissionsGenerator:hs-office-contact-rbac-insert-trigger endDelimiter:--//
+--changeset RolesGrantsAndPermissionsGenerator:hs-office-contact-rbac-insert-trigger runOnChange:true validCheckSum:ANY endDelimiter:--//
 -- ----------------------------------------------------------------------------
 /*
@ -69,7 +69,7 @@ begin
    return NEW;
 end; $$;
-create trigger build_rbac_system_after_insert_tg
+create or replace trigger build_rbac_system_after_insert_tg
    after insert on hs_office.contact
    for each row
 execute procedure hs_office.contact_build_rbac_system_after_insert_tf();
@ -88,7 +88,7 @@ call rbac.generateRbacIdentityViewFromProjection('hs_office.contact',
 -- ============================================================================
--changeset RbacRestrictedViewGenerator:hs-office-contact-rbac-RESTRICTED-VIEW endDelimiter:--//
+--changeset RbacRestrictedViewGenerator:hs-office-contact-rbac-RESTRICTED-VIEW runOnChange:true validCheckSum:ANY endDelimiter:--//
 -- ----------------------------------------------------------------------------
 call rbac.generateRbacRestrictedView('hs_office.contact',
    $orderBy$
@ -104,7 +104,7 @@ call rbac.generateRbacRestrictedView('hs_office.contact',
 -- ============================================================================
--changeset RbacRbacSystemRebuildGenerator:hs-office-contact-rbac-rebuild endDelimiter:--//
+--changeset RbacRbacSystemRebuildGenerator:hs-office-contact-rbac-rebuild runOnChange:true validCheckSum:ANY endDelimiter:--//
 -- ----------------------------------------------------------------------------
 -- HOWTO: Rebuild RBAC-system for table hs_office.contact after changing its RBAC specification.
--- a/src/main/resources/db/changelog/5-hs-office/502-person/5023-hs-office-person-rbac.sql
+++ b/src/main/resources/db/changelog/5-hs-office/502-person/5023-hs-office-person-rbac.sql
@ -17,7 +17,7 @@ call rbac.generateRbacRoleDescriptors('hs_office.person');
 -- ============================================================================
--changeset RolesGrantsAndPermissionsGenerator:hs-office-person-rbac-insert-trigger endDelimiter:--//
+--changeset RolesGrantsAndPermissionsGenerator:hs-office-person-rbac-insert-trigger runOnChange:true validCheckSum:ANY endDelimiter:--//
 -- ----------------------------------------------------------------------------
 /*
@ -69,7 +69,7 @@ begin
    return NEW;
 end; $$;
-create trigger build_rbac_system_after_insert_tg
+create or replace trigger build_rbac_system_after_insert_tg
    after insert on hs_office.person
    for each row
 execute procedure hs_office.person_build_rbac_system_after_insert_tf();
@ -88,7 +88,7 @@ call rbac.generateRbacIdentityViewFromProjection('hs_office.person',
 -- ============================================================================
--changeset RbacRestrictedViewGenerator:hs-office-person-rbac-RESTRICTED-VIEW endDelimiter:--//
+--changeset RbacRestrictedViewGenerator:hs-office-person-rbac-RESTRICTED-VIEW runOnChange:true validCheckSum:ANY endDelimiter:--//
 -- ----------------------------------------------------------------------------
 call rbac.generateRbacRestrictedView('hs_office.person',
    $orderBy$
@ -106,7 +106,7 @@ call rbac.generateRbacRestrictedView('hs_office.person',
 -- ============================================================================
--changeset RbacRbacSystemRebuildGenerator:hs-office-person-rbac-rebuild endDelimiter:--//
+--changeset RbacRbacSystemRebuildGenerator:hs-office-person-rbac-rebuild runOnChange:true validCheckSum:ANY endDelimiter:--//
 -- ----------------------------------------------------------------------------
 -- HOWTO: Rebuild RBAC-system for table hs_office.person after changing its RBAC specification.
--- a/src/main/resources/db/changelog/5-hs-office/503-relation/5033-hs-office-relation-rbac.sql
+++ b/src/main/resources/db/changelog/5-hs-office/503-relation/5033-hs-office-relation-rbac.sql
@ -17,7 +17,7 @@ call rbac.generateRbacRoleDescriptors('hs_office.relation');
 -- ============================================================================
--changeset RolesGrantsAndPermissionsGenerator:hs-office-relation-rbac-insert-trigger endDelimiter:--//
+--changeset RolesGrantsAndPermissionsGenerator:hs-office-relation-rbac-insert-trigger runOnChange:true validCheckSum:ANY endDelimiter:--//
 -- ----------------------------------------------------------------------------
 /*
@ -102,7 +102,7 @@ begin
    return NEW;
 end; $$;
-create trigger build_rbac_system_after_insert_tg
+create or replace trigger build_rbac_system_after_insert_tg
    after insert on hs_office.relation
    for each row
 execute procedure hs_office.relation_build_rbac_system_after_insert_tf();
@ -110,7 +110,7 @@ execute procedure hs_office.relation_build_rbac_system_after_insert_tf();
 -- ============================================================================
--changeset RolesGrantsAndPermissionsGenerator:hs-office-relation-rbac-update-trigger endDelimiter:--//
+--changeset RolesGrantsAndPermissionsGenerator:hs-office-relation-rbac-update-trigger runOnChange:true validCheckSum:ANY endDelimiter:--//
 -- ----------------------------------------------------------------------------
 /*
@ -124,7 +124,9 @@ create or replace procedure hs_office.relation_update_rbac_system(
    language plpgsql as $$
 begin
-    if NEW.contactUuid is distinct from OLD.contactUuid then
+    if NEW.holderUuid is distinct from OLD.holderUuid
    or NEW.anchorUuid is distinct from OLD.anchorUuid
    or NEW.contactUuid is distinct from OLD.contactUuid then
        delete from rbac.grant g where g.grantedbytriggerof = OLD.uuid;
        call hs_office.relation_build_rbac_system(NEW);
    end if;
@ -143,7 +145,7 @@ begin
    return NEW;
 end; $$;
-create trigger update_rbac_system_after_update_tg
+create or replace trigger update_rbac_system_after_update_tg
    after update on hs_office.relation
    for each row
 execute procedure hs_office.relation_update_rbac_system_after_update_tf();
@ -241,20 +243,22 @@ call rbac.generateRbacIdentityViewFromProjection('hs_office.relation',
 -- ============================================================================
--changeset RbacRestrictedViewGenerator:hs-office-relation-rbac-RESTRICTED-VIEW endDelimiter:--//
+--changeset RbacRestrictedViewGenerator:hs-office-relation-rbac-RESTRICTED-VIEW runOnChange:true validCheckSum:ANY endDelimiter:--//
 -- ----------------------------------------------------------------------------
 call rbac.generateRbacRestrictedView('hs_office.relation',
    $orderBy$
        (select idName from hs_office.person_iv p where p.uuid = target.holderUuid)
    $orderBy$,
    $updates$
        anchorUuid = new.anchorUuid,
        holderUuid = new.holderUuid,
        contactUuid = new.contactUuid
    $updates$);
 --//
 -- ============================================================================
--changeset RbacRbacSystemRebuildGenerator:hs-office-relation-rbac-rebuild endDelimiter:--//
+--changeset RbacRbacSystemRebuildGenerator:hs-office-relation-rbac-rebuild runOnChange:true validCheckSum:ANY endDelimiter:--//
 -- ----------------------------------------------------------------------------
 -- HOWTO: Rebuild RBAC-system for table hs_office.relation after changing its RBAC specification.
@ -305,3 +309,17 @@ END;
 $$;
 --//
 -- ============================================================================
 --changeset RbacRbacSystemRebuildGenerator:hs-office-relation-rbac-actually-rebuild runOnChange:true validCheckSum:ANY endDelimiter:--//
 -- ----------------------------------------------------------------------------
 begin transaction;
 call base.defineContext(
         're-creating RBAC for table hs_office.relation',
         null,
         'superuser-alex@hostsharing.net' -- FIXME: use env-var
  );
 call hs_office.relation_rebuild_rbac_system();
 commit;
 --//
--- a/src/main/resources/db/changelog/5-hs-office/504-partner/5043-hs-office-partner-rbac.sql
+++ b/src/main/resources/db/changelog/5-hs-office/504-partner/5043-hs-office-partner-rbac.sql
@ -17,7 +17,7 @@ call rbac.generateRbacRoleDescriptors('hs_office.partner');
 -- ============================================================================
--changeset RolesGrantsAndPermissionsGenerator:hs-office-partner-rbac-insert-trigger endDelimiter:--//
+--changeset RolesGrantsAndPermissionsGenerator:hs-office-partner-rbac-insert-trigger runOnChange:true validCheckSum:ANY endDelimiter:--//
 -- ----------------------------------------------------------------------------
 /*
@ -65,7 +65,7 @@ begin
    return NEW;
 end; $$;
-create trigger build_rbac_system_after_insert_tg
+create or replace trigger build_rbac_system_after_insert_tg
    after insert on hs_office.partner
    for each row
 execute procedure hs_office.partner_build_rbac_system_after_insert_tf();
@ -73,7 +73,7 @@ execute procedure hs_office.partner_build_rbac_system_after_insert_tf();
 -- ============================================================================
--changeset RolesGrantsAndPermissionsGenerator:hs-office-partner-rbac-update-trigger endDelimiter:--//
+--changeset RolesGrantsAndPermissionsGenerator:hs-office-partner-rbac-update-trigger runOnChange:true validCheckSum:ANY endDelimiter:--//
 -- ----------------------------------------------------------------------------
 /*
@ -146,7 +146,7 @@ begin
    return NEW;
 end; $$;
-create trigger update_rbac_system_after_update_tg
+create or replace trigger update_rbac_system_after_update_tg
    after update on hs_office.partner
    for each row
 execute procedure hs_office.partner_update_rbac_system_after_update_tf();
@ -242,7 +242,7 @@ call rbac.generateRbacIdentityViewFromProjection('hs_office.partner',
 -- ============================================================================
--changeset RbacRestrictedViewGenerator:hs-office-partner-rbac-RESTRICTED-VIEW endDelimiter:--//
+--changeset RbacRestrictedViewGenerator:hs-office-partner-rbac-RESTRICTED-VIEW runOnChange:true validCheckSum:ANY endDelimiter:--//
 -- ----------------------------------------------------------------------------
 call rbac.generateRbacRestrictedView('hs_office.partner',
    $orderBy$
@ -255,7 +255,7 @@ call rbac.generateRbacRestrictedView('hs_office.partner',
 -- ============================================================================
--changeset RbacRbacSystemRebuildGenerator:hs-office-partner-rbac-rebuild endDelimiter:--//
+--changeset RbacRbacSystemRebuildGenerator:hs-office-partner-rbac-rebuild runOnChange:true validCheckSum:ANY endDelimiter:--//
 -- ----------------------------------------------------------------------------
 -- HOWTO: Rebuild RBAC-system for table hs_office.partner after changing its RBAC specification.
--- a/src/main/resources/db/changelog/5-hs-office/504-partner/5044-hs-office-partner-details-rbac.sql
+++ b/src/main/resources/db/changelog/5-hs-office/504-partner/5044-hs-office-partner-details-rbac.sql
@ -17,7 +17,7 @@ call rbac.generateRbacRoleDescriptors('hs_office.partner_details');
 -- ============================================================================
--changeset RolesGrantsAndPermissionsGenerator:hs-office-partner-details-rbac-insert-trigger endDelimiter:--//
+--changeset RolesGrantsAndPermissionsGenerator:hs-office-partner-details-rbac-insert-trigger runOnChange:true validCheckSum:ANY endDelimiter:--//
 -- ----------------------------------------------------------------------------
 /*
@ -50,7 +50,7 @@ begin
    return NEW;
 end; $$;
-create trigger build_rbac_system_after_insert_tg
+create or replace trigger build_rbac_system_after_insert_tg
    after insert on hs_office.partner_details
    for each row
 execute procedure hs_office.partner_details_build_rbac_system_after_insert_tf();
@ -149,7 +149,7 @@ call rbac.generateRbacIdentityViewFromQuery('hs_office.partner_details',
 -- ============================================================================
--changeset RbacRestrictedViewGenerator:hs-office-partner-details-rbac-RESTRICTED-VIEW endDelimiter:--//
+--changeset RbacRestrictedViewGenerator:hs-office-partner-details-rbac-RESTRICTED-VIEW runOnChange:true validCheckSum:ANY endDelimiter:--//
 -- ----------------------------------------------------------------------------
 call rbac.generateRbacRestrictedView('hs_office.partner_details',
    $orderBy$
@ -167,7 +167,7 @@ call rbac.generateRbacRestrictedView('hs_office.partner_details',
 -- ============================================================================
--changeset RbacRbacSystemRebuildGenerator:hs-office-partner-details-rbac-rebuild endDelimiter:--//
+--changeset RbacRbacSystemRebuildGenerator:hs-office-partner-details-rbac-rebuild runOnChange:true validCheckSum:ANY endDelimiter:--//
 -- ----------------------------------------------------------------------------
 -- HOWTO: Rebuild RBAC-system for table hs_office.partner_details after changing its RBAC specification.
--- a/src/main/resources/db/changelog/5-hs-office/505-bankaccount/5053-hs-office-bankaccount-rbac.sql
+++ b/src/main/resources/db/changelog/5-hs-office/505-bankaccount/5053-hs-office-bankaccount-rbac.sql
@ -17,7 +17,7 @@ call rbac.generateRbacRoleDescriptors('hs_office.bankaccount');
 -- ============================================================================
--changeset RolesGrantsAndPermissionsGenerator:hs-office-bankaccount-rbac-insert-trigger endDelimiter:--//
+--changeset RolesGrantsAndPermissionsGenerator:hs-office-bankaccount-rbac-insert-trigger runOnChange:true validCheckSum:ANY endDelimiter:--//
 -- ----------------------------------------------------------------------------
 /*
@ -69,7 +69,7 @@ begin
    return NEW;
 end; $$;
-create trigger build_rbac_system_after_insert_tg
+create or replace trigger build_rbac_system_after_insert_tg
    after insert on hs_office.bankaccount
    for each row
 execute procedure hs_office.bankaccount_build_rbac_system_after_insert_tf();
@ -88,7 +88,7 @@ call rbac.generateRbacIdentityViewFromProjection('hs_office.bankaccount',
 -- ============================================================================
--changeset RbacRestrictedViewGenerator:hs-office-bankaccount-rbac-RESTRICTED-VIEW endDelimiter:--//
+--changeset RbacRestrictedViewGenerator:hs-office-bankaccount-rbac-RESTRICTED-VIEW runOnChange:true validCheckSum:ANY endDelimiter:--//
 -- ----------------------------------------------------------------------------
 call rbac.generateRbacRestrictedView('hs_office.bankaccount',
    $orderBy$
@ -103,7 +103,7 @@ call rbac.generateRbacRestrictedView('hs_office.bankaccount',
 -- ============================================================================
--changeset RbacRbacSystemRebuildGenerator:hs-office-bankaccount-rbac-rebuild endDelimiter:--//
+--changeset RbacRbacSystemRebuildGenerator:hs-office-bankaccount-rbac-rebuild runOnChange:true validCheckSum:ANY endDelimiter:--//
 -- ----------------------------------------------------------------------------
 -- HOWTO: Rebuild RBAC-system for table hs_office.bankaccount after changing its RBAC specification.
--- a/src/main/resources/db/changelog/5-hs-office/506-debitor/5063-hs-office-debitor-rbac.sql
+++ b/src/main/resources/db/changelog/5-hs-office/506-debitor/5063-hs-office-debitor-rbac.sql
@ -17,7 +17,7 @@ call rbac.generateRbacRoleDescriptors('hs_office.debitor');
 -- ============================================================================
--changeset RolesGrantsAndPermissionsGenerator:hs-office-debitor-rbac-insert-trigger endDelimiter:--//
+--changeset RolesGrantsAndPermissionsGenerator:hs-office-debitor-rbac-insert-trigger runOnChange:true validCheckSum:ANY endDelimiter:--//
 -- ----------------------------------------------------------------------------
 /*
@ -77,7 +77,7 @@ begin
    return NEW;
 end; $$;
-create trigger build_rbac_system_after_insert_tg
+create or replace trigger build_rbac_system_after_insert_tg
    after insert on hs_office.debitor
    for each row
 execute procedure hs_office.debitor_build_rbac_system_after_insert_tf();
@ -85,7 +85,7 @@ execute procedure hs_office.debitor_build_rbac_system_after_insert_tf();
 -- ============================================================================
--changeset RolesGrantsAndPermissionsGenerator:hs-office-debitor-rbac-update-trigger endDelimiter:--//
+--changeset RolesGrantsAndPermissionsGenerator:hs-office-debitor-rbac-update-trigger runOnChange:true validCheckSum:ANY endDelimiter:--//
 -- ----------------------------------------------------------------------------
 /*
@ -119,7 +119,7 @@ begin
    return NEW;
 end; $$;
-create trigger update_rbac_system_after_update_tg
+create or replace trigger update_rbac_system_after_update_tg
    after update on hs_office.debitor
    for each row
 execute procedure hs_office.debitor_update_rbac_system_after_update_tf();
@ -224,7 +224,7 @@ call rbac.generateRbacIdentityViewFromQuery('hs_office.debitor',
 -- ============================================================================
--changeset RbacRestrictedViewGenerator:hs-office-debitor-rbac-RESTRICTED-VIEW endDelimiter:--//
+--changeset RbacRestrictedViewGenerator:hs-office-debitor-rbac-RESTRICTED-VIEW runOnChange:true validCheckSum:ANY endDelimiter:--//
 -- ----------------------------------------------------------------------------
 call rbac.generateRbacRestrictedView('hs_office.debitor',
    $orderBy$
@ -244,7 +244,7 @@ call rbac.generateRbacRestrictedView('hs_office.debitor',
 -- ============================================================================
--changeset RbacRbacSystemRebuildGenerator:hs-office-debitor-rbac-rebuild endDelimiter:--//
+--changeset RbacRbacSystemRebuildGenerator:hs-office-debitor-rbac-rebuild runOnChange:true validCheckSum:ANY endDelimiter:--//
 -- ----------------------------------------------------------------------------
 -- HOWTO: Rebuild RBAC-system for table hs_office.debitor after changing its RBAC specification.
--- a/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5073-hs-office-sepamandate-rbac.sql
+++ b/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5073-hs-office-sepamandate-rbac.sql
@ -17,7 +17,7 @@ call rbac.generateRbacRoleDescriptors('hs_office.sepamandate');
 -- ============================================================================
--changeset RolesGrantsAndPermissionsGenerator:hs-office-sepamandate-rbac-insert-trigger endDelimiter:--//
+--changeset RolesGrantsAndPermissionsGenerator:hs-office-sepamandate-rbac-insert-trigger runOnChange:true validCheckSum:ANY endDelimiter:--//
 -- ----------------------------------------------------------------------------
 /*
@ -94,7 +94,7 @@ begin
    return NEW;
 end; $$;
-create trigger build_rbac_system_after_insert_tg
+create or replace trigger build_rbac_system_after_insert_tg
    after insert on hs_office.sepamandate
    for each row
 execute procedure hs_office.sepamandate_build_rbac_system_after_insert_tf();
@ -198,7 +198,7 @@ call rbac.generateRbacIdentityViewFromQuery('hs_office.sepamandate',
 -- ============================================================================
--changeset RbacRestrictedViewGenerator:hs-office-sepamandate-rbac-RESTRICTED-VIEW endDelimiter:--//
+--changeset RbacRestrictedViewGenerator:hs-office-sepamandate-rbac-RESTRICTED-VIEW runOnChange:true validCheckSum:ANY endDelimiter:--//
 -- ----------------------------------------------------------------------------
 call rbac.generateRbacRestrictedView('hs_office.sepamandate',
    $orderBy$
@ -213,7 +213,7 @@ call rbac.generateRbacRestrictedView('hs_office.sepamandate',
 -- ============================================================================
--changeset RbacRbacSystemRebuildGenerator:hs-office-sepamandate-rbac-rebuild endDelimiter:--//
+--changeset RbacRbacSystemRebuildGenerator:hs-office-sepamandate-rbac-rebuild runOnChange:true validCheckSum:ANY endDelimiter:--//
 -- ----------------------------------------------------------------------------
 -- HOWTO: Rebuild RBAC-system for table hs_office.sepamandate after changing its RBAC specification.
--- a/src/main/resources/db/changelog/5-hs-office/510-membership/5103-hs-office-membership-rbac.sql
+++ b/src/main/resources/db/changelog/5-hs-office/510-membership/5103-hs-office-membership-rbac.sql
@ -17,7 +17,7 @@ call rbac.generateRbacRoleDescriptors('hs_office.membership');
 -- ============================================================================
--changeset RolesGrantsAndPermissionsGenerator:hs-office-membership-rbac-insert-trigger endDelimiter:--//
+--changeset RolesGrantsAndPermissionsGenerator:hs-office-membership-rbac-insert-trigger runOnChange:true validCheckSum:ANY endDelimiter:--//
 -- ----------------------------------------------------------------------------
 /*
@ -81,7 +81,7 @@ begin
    return NEW;
 end; $$;
-create trigger build_rbac_system_after_insert_tg
+create or replace trigger build_rbac_system_after_insert_tg
    after insert on hs_office.membership
    for each row
 execute procedure hs_office.membership_build_rbac_system_after_insert_tf();
@ -180,7 +180,7 @@ call rbac.generateRbacIdentityViewFromQuery('hs_office.membership',
 -- ============================================================================
--changeset RbacRestrictedViewGenerator:hs-office-membership-rbac-RESTRICTED-VIEW endDelimiter:--//
+--changeset RbacRestrictedViewGenerator:hs-office-membership-rbac-RESTRICTED-VIEW runOnChange:true validCheckSum:ANY endDelimiter:--//
 -- ----------------------------------------------------------------------------
 call rbac.generateRbacRestrictedView('hs_office.membership',
    $orderBy$
@ -195,7 +195,7 @@ call rbac.generateRbacRestrictedView('hs_office.membership',
 -- ============================================================================
--changeset RbacRbacSystemRebuildGenerator:hs-office-membership-rbac-rebuild endDelimiter:--//
+--changeset RbacRbacSystemRebuildGenerator:hs-office-membership-rbac-rebuild runOnChange:true validCheckSum:ANY endDelimiter:--//
 -- ----------------------------------------------------------------------------
 -- HOWTO: Rebuild RBAC-system for table hs_office.membership after changing its RBAC specification.
--- a/src/main/resources/db/changelog/5-hs-office/510-membership/5108-hs-office-membership-test-data.sql
+++ b/src/main/resources/db/changelog/5-hs-office/510-membership/5108-hs-office-membership-test-data.sql
@ -2,7 +2,7 @@
 -- ============================================================================
--changeset michael.hoennig:hs-office-membership-TEST-DATA-GENERATOR endDelimiter:--//
+--changeset michael.hoennig:hs-office-membership-TEST-DATA-GENERATOR runOnChange:true validCheckSum:ANY endDelimiter:--//
 -- ----------------------------------------------------------------------------
 /*
@ -11,7 +11,8 @@
 create or replace procedure hs_office.membership_create_test_data(
        forPartnerNumber numeric(5),
        newMemberNumberSuffix char(2),
-        validity daterange)
+        newValidity daterange,
        newStatus hs_office.HsOfficeMembershipStatus)
    language plpgsql as $$
 declare
    relatedPartner          hs_office.partner;
@ -21,24 +22,35 @@ begin
    raise notice 'creating test Membership: M-% %', forPartnerNumber, newMemberNumberSuffix;
    raise notice '- using partner (%): %', relatedPartner.uuid, relatedPartner;
-    insert
+    if not exists (select true
-        into hs_office.membership (uuid, partneruuid, memberNumberSuffix, validity, status)
+                from hs_office.membership
-        values (uuid_generate_v4(), relatedPartner.uuid, newMemberNumberSuffix, validity, 'ACTIVE');
+                where partneruuid = relatedPartner.uuid and memberNumberSuffix = newMemberNumberSuffix)
    then
        insert into hs_office.membership (uuid, partneruuid, memberNumberSuffix, validity, status)
               values (uuid_generate_v4(), relatedPartner.uuid, newMemberNumberSuffix,
                       newValidity, newStatus);
    else
        update hs_office.membership
            set memberNumberSuffix = newMemberNumberSuffix,
                validity = newValidity,
                status = newStatus
            where partneruuid = relatedPartner.uuid;
    end if;
 end; $$;
 --//
 -- ============================================================================
--changeset michael.hoennig:hs-office-membership-TEST-DATA-GENERATION context:!without-test-data endDelimiter:--//
+--changeset michael.hoennig:hs-office-membership-TEST-DATA-GENERATION runOnChange:true validCheckSum:ANY context:!without-test-data endDelimiter:--//
 -- ----------------------------------------------------------------------------
 do language plpgsql $$
    begin
        call base.defineContext('creating Membership test-data', null, 'superuser-alex@hostsharing.net', 'rbac.global#global:ADMIN');
-        call hs_office.membership_create_test_data(10001, '01', daterange('20221001' , '20241231', '[)'));
+        call hs_office.membership_create_test_data(10001, '01', daterange('20221001' , '20241231', '[)'), 'CANCELLED');
-        call hs_office.membership_create_test_data(10002, '02', daterange('20221001' , '20251231', '[]'));
+        call hs_office.membership_create_test_data(10002, '02', daterange('20221001' , '20251231', '[]'), 'CANCELLED');
-        call hs_office.membership_create_test_data(10003, '03', daterange('20221001' , null, '[]'));
+        call hs_office.membership_create_test_data(10003, '03', daterange('20221001' , null, '[]'), 'ACTIVE');
    end;
 $$;
 --//
--- a/src/main/resources/db/changelog/5-hs-office/511-coopshares/5113-hs-office-coopshares-rbac.sql
+++ b/src/main/resources/db/changelog/5-hs-office/511-coopshares/5113-hs-office-coopshares-rbac.sql
@ -17,7 +17,7 @@ call rbac.generateRbacRoleDescriptors('hs_office.coopsharetx');
 -- ============================================================================
--changeset RolesGrantsAndPermissionsGenerator:hs-office-coopsharetx-rbac-insert-trigger endDelimiter:--//
+--changeset RolesGrantsAndPermissionsGenerator:hs-office-coopsharetx-rbac-insert-trigger runOnChange:true validCheckSum:ANY endDelimiter:--//
 -- ----------------------------------------------------------------------------
 /*
@ -57,7 +57,7 @@ begin
    return NEW;
 end; $$;
-create trigger build_rbac_system_after_insert_tg
+create or replace trigger build_rbac_system_after_insert_tg
    after insert on hs_office.coopsharetx
    for each row
 execute procedure hs_office.coopsharetx_build_rbac_system_after_insert_tf();
@ -153,7 +153,7 @@ call rbac.generateRbacIdentityViewFromProjection('hs_office.coopsharetx',
 -- ============================================================================
--changeset RbacRestrictedViewGenerator:hs-office-coopsharetx-rbac-RESTRICTED-VIEW endDelimiter:--//
+--changeset RbacRestrictedViewGenerator:hs-office-coopsharetx-rbac-RESTRICTED-VIEW runOnChange:true validCheckSum:ANY endDelimiter:--//
 -- ----------------------------------------------------------------------------
 call rbac.generateRbacRestrictedView('hs_office.coopsharetx',
    $orderBy$
@ -166,7 +166,7 @@ call rbac.generateRbacRestrictedView('hs_office.coopsharetx',
 -- ============================================================================
--changeset RbacRbacSystemRebuildGenerator:hs-office-coopsharetx-rbac-rebuild endDelimiter:--//
+--changeset RbacRbacSystemRebuildGenerator:hs-office-coopsharetx-rbac-rebuild runOnChange:true validCheckSum:ANY endDelimiter:--//
 -- ----------------------------------------------------------------------------
 -- HOWTO: Rebuild RBAC-system for table hs_office.coopsharetx after changing its RBAC specification.
--- a/src/main/resources/db/changelog/5-hs-office/512-coopassets/5123-hs-office-coopassets-rbac.sql
+++ b/src/main/resources/db/changelog/5-hs-office/512-coopassets/5123-hs-office-coopassets-rbac.sql
@ -17,7 +17,7 @@ call rbac.generateRbacRoleDescriptors('hs_office.coopassettx');
 -- ============================================================================
--changeset RolesGrantsAndPermissionsGenerator:hs-office-coopassettx-rbac-insert-trigger endDelimiter:--//
+--changeset RolesGrantsAndPermissionsGenerator:hs-office-coopassettx-rbac-insert-trigger runOnChange:true validCheckSum:ANY endDelimiter:--//
 -- ----------------------------------------------------------------------------
 /*
@ -57,7 +57,7 @@ begin
    return NEW;
 end; $$;
-create trigger build_rbac_system_after_insert_tg
+create or replace trigger build_rbac_system_after_insert_tg
    after insert on hs_office.coopassettx
    for each row
 execute procedure hs_office.coopassettx_build_rbac_system_after_insert_tf();
@ -153,7 +153,7 @@ call rbac.generateRbacIdentityViewFromProjection('hs_office.coopassettx',
 -- ============================================================================
--changeset RbacRestrictedViewGenerator:hs-office-coopassettx-rbac-RESTRICTED-VIEW endDelimiter:--//
+--changeset RbacRestrictedViewGenerator:hs-office-coopassettx-rbac-RESTRICTED-VIEW runOnChange:true validCheckSum:ANY endDelimiter:--//
 -- ----------------------------------------------------------------------------
 call rbac.generateRbacRestrictedView('hs_office.coopassettx',
    $orderBy$
@ -166,7 +166,7 @@ call rbac.generateRbacRestrictedView('hs_office.coopassettx',
 -- ============================================================================
--changeset RbacRbacSystemRebuildGenerator:hs-office-coopassettx-rbac-rebuild endDelimiter:--//
+--changeset RbacRbacSystemRebuildGenerator:hs-office-coopassettx-rbac-rebuild runOnChange:true validCheckSum:ANY endDelimiter:--//
 -- ----------------------------------------------------------------------------
 -- HOWTO: Rebuild RBAC-system for table hs_office.coopassettx after changing its RBAC specification.
--- a/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6203-hs-booking-project-rbac.sql
+++ b/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6203-hs-booking-project-rbac.sql
@ -17,7 +17,7 @@ call rbac.generateRbacRoleDescriptors('hs_booking.project');
 -- ============================================================================
--changeset RolesGrantsAndPermissionsGenerator:hs-booking-project-rbac-insert-trigger endDelimiter:--//
+--changeset RolesGrantsAndPermissionsGenerator:hs-booking-project-rbac-insert-trigger runOnChange:true validCheckSum:ANY endDelimiter:--//
 -- ----------------------------------------------------------------------------
 /*
@ -88,7 +88,7 @@ begin
    return NEW;
 end; $$;
-create trigger build_rbac_system_after_insert_tg
+create or replace trigger build_rbac_system_after_insert_tg
    after insert on hs_booking.project
    for each row
 execute procedure hs_booking.project_build_rbac_system_after_insert_tf();
@ -192,7 +192,7 @@ call rbac.generateRbacIdentityViewFromQuery('hs_booking.project',
 -- ============================================================================
--changeset RbacRestrictedViewGenerator:hs-booking-project-rbac-RESTRICTED-VIEW endDelimiter:--//
+--changeset RbacRestrictedViewGenerator:hs-booking-project-rbac-RESTRICTED-VIEW runOnChange:true validCheckSum:ANY endDelimiter:--//
 -- ----------------------------------------------------------------------------
 call rbac.generateRbacRestrictedView('hs_booking.project',
    $orderBy$
@ -206,7 +206,7 @@ call rbac.generateRbacRestrictedView('hs_booking.project',
 -- ============================================================================
--changeset RbacRbacSystemRebuildGenerator:hs-booking-project-rbac-rebuild endDelimiter:--//
+--changeset RbacRbacSystemRebuildGenerator:hs-booking-project-rbac-rebuild runOnChange:true validCheckSum:ANY endDelimiter:--//
 -- ----------------------------------------------------------------------------
 -- HOWTO: Rebuild RBAC-system for table hs_booking.project after changing its RBAC specification.
--- a/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6303-hs-booking-item-rbac.sql
+++ b/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6303-hs-booking-item-rbac.sql
@ -17,7 +17,7 @@ call rbac.generateRbacRoleDescriptors('hs_booking.item');
 -- ============================================================================
--changeset RolesGrantsAndPermissionsGenerator:hs-booking-item-rbac-insert-trigger endDelimiter:--//
+--changeset RolesGrantsAndPermissionsGenerator:hs-booking-item-rbac-insert-trigger runOnChange:true validCheckSum:ANY endDelimiter:--//
 -- ----------------------------------------------------------------------------
 /*
@ -87,7 +87,7 @@ begin
    return NEW;
 end; $$;
-create trigger build_rbac_system_after_insert_tg
+create or replace trigger build_rbac_system_after_insert_tg
    after insert on hs_booking.item
    for each row
 execute procedure hs_booking.item_build_rbac_system_after_insert_tf();
@ -261,7 +261,7 @@ call rbac.generateRbacIdentityViewFromProjection('hs_booking.item',
 -- ============================================================================
--changeset RbacRestrictedViewGenerator:hs-booking-item-rbac-RESTRICTED-VIEW endDelimiter:--//
+--changeset RbacRestrictedViewGenerator:hs-booking-item-rbac-RESTRICTED-VIEW runOnChange:true validCheckSum:ANY endDelimiter:--//
 -- ----------------------------------------------------------------------------
 call rbac.generateRbacRestrictedView('hs_booking.item',
    $orderBy$
@ -277,7 +277,7 @@ call rbac.generateRbacRestrictedView('hs_booking.item',
 -- ============================================================================
--changeset RbacRbacSystemRebuildGenerator:hs-booking-item-rbac-rebuild endDelimiter:--//
+--changeset RbacRbacSystemRebuildGenerator:hs-booking-item-rbac-rebuild runOnChange:true validCheckSum:ANY endDelimiter:--//
 -- ----------------------------------------------------------------------------
 -- HOWTO: Rebuild RBAC-system for table hs_booking.item after changing its RBAC specification.
--- a/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7013-hs-hosting-asset-rbac.sql
+++ b/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7013-hs-hosting-asset-rbac.sql
@ -17,7 +17,7 @@ call rbac.generateRbacRoleDescriptors('hs_hosting.asset');
 -- ============================================================================
--changeset RolesGrantsAndPermissionsGenerator:hs-hosting-asset-rbac-insert-trigger endDelimiter:--//
+--changeset RolesGrantsAndPermissionsGenerator:hs-hosting-asset-rbac-insert-trigger runOnChange:true validCheckSum:ANY endDelimiter:--//
 -- ----------------------------------------------------------------------------
 /*
@ -105,7 +105,7 @@ begin
    return NEW;
 end; $$;
-create trigger build_rbac_system_after_insert_tg
+create or replace trigger build_rbac_system_after_insert_tg
    after insert on hs_hosting.asset
    for each row
 execute procedure hs_hosting.asset_build_rbac_system_after_insert_tf();
@ -113,7 +113,7 @@ execute procedure hs_hosting.asset_build_rbac_system_after_insert_tf();
 -- ============================================================================
--changeset RolesGrantsAndPermissionsGenerator:hs-hosting-asset-rbac-update-trigger endDelimiter:--//
+--changeset RolesGrantsAndPermissionsGenerator:hs-hosting-asset-rbac-update-trigger runOnChange:true validCheckSum:ANY endDelimiter:--//
 -- ----------------------------------------------------------------------------
 /*
@ -147,7 +147,7 @@ begin
    return NEW;
 end; $$;
-create trigger update_rbac_system_after_update_tg
+create or replace trigger update_rbac_system_after_update_tg
    after update on hs_hosting.asset
    for each row
 execute procedure hs_hosting.asset_update_rbac_system_after_update_tf();
@ -166,7 +166,7 @@ call rbac.generateRbacIdentityViewFromProjection('hs_hosting.asset',
 -- ============================================================================
--changeset RbacRestrictedViewGenerator:hs-hosting-asset-rbac-RESTRICTED-VIEW endDelimiter:--//
+--changeset RbacRestrictedViewGenerator:hs-hosting-asset-rbac-RESTRICTED-VIEW runOnChange:true validCheckSum:ANY endDelimiter:--//
 -- ----------------------------------------------------------------------------
 call rbac.generateRbacRestrictedView('hs_hosting.asset',
    $orderBy$
@ -183,7 +183,7 @@ call rbac.generateRbacRestrictedView('hs_hosting.asset',
 -- ============================================================================
--changeset RbacRbacSystemRebuildGenerator:hs-hosting-asset-rbac-rebuild endDelimiter:--//
+--changeset RbacRbacSystemRebuildGenerator:hs-hosting-asset-rbac-rebuild runOnChange:true validCheckSum:ANY endDelimiter:--//
 -- ----------------------------------------------------------------------------
 -- HOWTO: Rebuild RBAC-system for table hs_hosting.asset after changing its RBAC specification.
--- a/src/test/java/net/hostsharing/hsadminng/hs/migration/LiquibaseCompatibilityIntegrationTest.java
+++ b/src/test/java/net/hostsharing/hsadminng/hs/migration/LiquibaseCompatibilityIntegrationTest.java
@ -37,6 +37,7 @@ import static org.springframework.test.context.jdbc.Sql.ExecutionPhase.BEFORE_TE
@Tag("officeIntegrationTest")
@DataJpaTest(properties = {
        "spring.datasource.url=jdbc:tc:postgresql:15.5-bookworm:///liquibaseMigrationTestTC",
        "hsadminng.superuser=${HSADMINNG_SUPERUSER:import-superuser@hostsharing.net}",
        "spring.liquibase.enabled=false" // @Sql should go first, Liquibase will be initialized programmatically
 })
@DirtiesContext
--- a/src/test/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipControllerAcceptanceTest.java
+++ b/src/test/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipControllerAcceptanceTest.java
@ -87,7 +87,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle
                              "memberNumberSuffix": "01",
                              "validFrom": "2022-10-01",
                              "validTo": "2024-12-30",
-                              "status": "ACTIVE"
+                              "status": "CANCELLED"
                          },
                          {
                              "partner": { "partnerNumber": "P-10002" },
@ -95,7 +95,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle
                              "memberNumberSuffix": "02",
                              "validFrom": "2022-10-01",
                              "validTo": "2025-12-31",
-                              "status": "ACTIVE"
+                              "status": "CANCELLED"
                          },
                          {
                              "partner": { "partnerNumber": "P-10003" },
@ -134,7 +134,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle
                              "memberNumberSuffix": "01",
                              "validFrom": "2022-10-01",
                              "validTo": "2024-12-30",
-                              "status": "ACTIVE"
+                              "status": "CANCELLED"
                          }
                      ]
                    """));
@ -162,7 +162,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle
                                  "memberNumberSuffix": "02",
                                  "validFrom": "2022-10-01",
                                  "validTo": "2025-12-31",
-                                  "status": "ACTIVE"
+                                  "status": "CANCELLED"
                              }
                          ]
                        """));
@ -240,7 +240,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle
                         "memberNumberSuffix": "01",
                         "validFrom": "2022-10-01",
                         "validTo": "2024-12-30",
-                         "status": "ACTIVE"
+                         "status": "CANCELLED"
                     }
                    """)); // @formatter:on
        }
@ -326,7 +326,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle
                    .matches(mandate -> {
                        assertThat(mandate.getPartner().toShortString()).isEqualTo("P-10001");
                        assertThat(mandate.getMemberNumberSuffix()).isEqualTo(givenMembership.getMemberNumberSuffix());
-                        assertThat(mandate.getValidity().asString()).isEqualTo("[2022-11-01,2026-01-01)");
+                        assertThat(mandate.getValidity().asString()).isEqualTo("[2025-02-01,2026-01-01)");
                        assertThat(mandate.getStatus()).isEqualTo(CANCELLED);
                        return true;
                    });
--- a/src/test/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipRepositoryIntegrationTest.java
+++ b/src/test/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipRepositoryIntegrationTest.java
@ -191,8 +191,8 @@ class HsOfficeMembershipRepositoryIntegrationTest extends ContextBasedTestWithCl
            // then
            exactlyTheseMembershipsAreReturned(
                    result,
-                    "Membership(M-1000101, P-10001, [2022-10-01,2024-12-31), ACTIVE)",
+                    "Membership(M-1000101, P-10001, [2022-10-01,2024-12-31), CANCELLED)",
-                    "Membership(M-1000202, P-10002, [2022-10-01,2026-01-01), ACTIVE)",
+                    "Membership(M-1000202, P-10002, [2022-10-01,2026-01-01), CANCELLED)",
                    "Membership(M-1000303, P-10003, [2022-10-01,), ACTIVE)");
        }
@ -208,7 +208,7 @@ class HsOfficeMembershipRepositoryIntegrationTest extends ContextBasedTestWithCl
            // then
            exactlyTheseMembershipsAreReturned(
                    result,
-                    "Membership(M-1000101, P-10001, [2022-10-01,2024-12-31), ACTIVE)");
+                    "Membership(M-1000101, P-10001, [2022-10-01,2024-12-31), CANCELLED)");
        }
        @Test
@ -223,7 +223,7 @@ class HsOfficeMembershipRepositoryIntegrationTest extends ContextBasedTestWithCl
            assertThat(result)
                    .isNotNull()
                    .extracting(Object::toString)
-                    .isEqualTo("Membership(M-1000202, P-10002, [2022-10-01,2026-01-01), ACTIVE)");
+                    .isEqualTo("Membership(M-1000202, P-10002, [2022-10-01,2026-01-01), CANCELLED)");
        }
        @Test
@ -238,7 +238,7 @@ class HsOfficeMembershipRepositoryIntegrationTest extends ContextBasedTestWithCl
            assertThat(result)
                    .isNotNull()
                    .extracting(Object::toString)
-                    .isEqualTo("Membership(M-1000202, P-10002, [2022-10-01,2026-01-01), ACTIVE)");
+                    .isEqualTo("Membership(M-1000202, P-10002, [2022-10-01,2026-01-01), CANCELLED)");
        }
        @Test
@ -252,7 +252,7 @@ class HsOfficeMembershipRepositoryIntegrationTest extends ContextBasedTestWithCl
            // then
            exactlyTheseMembershipsAreReturned(
                    result,
-                    "Membership(M-1000202, P-10002, [2022-10-01,2026-01-01), ACTIVE)");
+                    "Membership(M-1000202, P-10002, [2022-10-01,2026-01-01), CANCELLED)");
        }
    }
--- a/src/test/java/net/hostsharing/hsadminng/hs/office/partner/HsOfficePartnerControllerAcceptanceTest.java
+++ b/src/test/java/net/hostsharing/hsadminng/hs/office/partner/HsOfficePartnerControllerAcceptanceTest.java
@ -411,10 +411,10 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu
                    });
            // and an ex-partner-relation got created
-            final var anchorpartnerPersonUUid = givenPartner.getPartnerRel().getAnchor().getUuid();
+            final var newPartnerPersonUuid = givenPartner.getPartnerRel().getHolder().getUuid();
-            assertThat(relationRepo.findRelationRelatedToPersonUuidRelationTypeMarkPersonAndContactData(anchorpartnerPersonUUid, EX_PARTNER, null, null, null))
+            assertThat(relationRepo.findRelationRelatedToPersonUuidRelationTypeMarkPersonAndContactData(newPartnerPersonUuid, EX_PARTNER, null, null, null))
                    .map(HsOfficeRelation::toShortString)
-                    .contains("rel(anchor='LP Hostsharing eG', type='EX_PARTNER', holder='UF Erben Bessler')");
+                    .contains("rel(anchor='NP Winkler, Paul', type='EX_PARTNER', holder='UF Erben Bessler')");
        }
        @Test
--- a/src/test/java/net/hostsharing/hsadminng/hs/office/relation/HsOfficeRelationRepositoryIntegrationTest.java
+++ b/src/test/java/net/hostsharing/hsadminng/hs/office/relation/HsOfficeRelationRepositoryIntegrationTest.java
@ -28,6 +28,7 @@ import static net.hostsharing.hsadminng.hs.office.person.HsOfficePersonType.NATU
 import static net.hostsharing.hsadminng.hs.office.person.HsOfficePersonType.UNINCORPORATED_FIRM;
 import static net.hostsharing.hsadminng.rbac.grant.RawRbacGrantEntity.distinctGrantDisplaysOf;
 import static net.hostsharing.hsadminng.rbac.role.RawRbacRoleEntity.distinctRoleNamesOf;
 import static net.hostsharing.hsadminng.rbac.role.RbacRoleType.ADMIN;
 import static net.hostsharing.hsadminng.rbac.test.JpaAttempt.attempt;
 import static org.assertj.core.api.Assertions.assertThat;
@ -283,7 +284,44 @@ class HsOfficeRelationRepositoryIntegrationTest extends ContextBasedTestWithClea
                    result.returnedValue(),
                    "hs_office.contact#fifthcontact:ADMIN");
-            relationRbacRepo.deleteByUuid(givenRelation.getUuid());
+            // FIXME relationRbacRepo.deleteByUuid(givenRelation.getUuid());
        }
        @Test
        public void hostsharingAdmin_withoutAssumedRole_canUpdateHolderOfArbitraryRelation() {
            // given
            context("superuser-alex@hostsharing.net");
            final var givenRelation = givenSomeTemporaryRelationBessler(
                    "Bert", "fifth contact");
            final var oldHolderPerson = givenRelation.getHolder();
            final var newHolderPerson = personRepo.findPersonByOptionalNameLike("Paul").getFirst();
            assertThatRelationActuallyInDatabase(givenRelation);
            assertThatRelationIsVisibleForUserWithRole(
                    givenRelation,
                    givenRelation.getHolder().roleId(ADMIN));
            // when
            final var result = jpaAttempt.transacted(() -> {
                context("superuser-alex@hostsharing.net");
                givenRelation.setHolder(newHolderPerson);
                return toCleanup(relationRbacRepo.save(givenRelation).load());
            });
            // then
            result.assertSuccessful();
            assertThat(result.returnedValue().getHolder().getGivenName()).isEqualTo("Paul");
            assertThatRelationIsVisibleForUserWithRole(
                    result.returnedValue(),
                    "rbac.global#global:ADMIN");
            assertThatRelationIsVisibleForUserWithRole(
                    result.returnedValue(),
                    newHolderPerson.roleId(ADMIN));
            assertThatRelationIsNotVisibleForUserWithRole(
                    result.returnedValue(),
                    oldHolderPerson.roleId(ADMIN));
             // FIXME: relationRbacRepo.deleteByUuid(givenRelation.getUuid());
        }
        @Test
@ -296,13 +334,17 @@ class HsOfficeRelationRepositoryIntegrationTest extends ContextBasedTestWithClea
                    givenRelation,
                    "hs_office.relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerAnita:AGENT");
            assertThatRelationActuallyInDatabase(givenRelation);
            final var givenContact = contactRealRepo.findContactByOptionalCaptionLike("sixth contact")
                    .stream()
                    .findFirst()
                    .orElseThrow();
            // when
            final var result = jpaAttempt.transacted(() -> {
                context(
                        "superuser-alex@hostsharing.net",
                        "hs_office.relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerAnita:AGENT");
-                givenRelation.setContact(null);
+                givenRelation.setContact(givenContact);
                return relationRbacRepo.save(givenRelation);
            });
--- a/src/test/resources/db/released-only-office-schema-with-test-data.sql
+++ b/src/test/resources/db/released-only-office-schema-with-test-data.sql
@ -12129,8 +12129,8 @@ INSERT INTO hs_office.debitor (uuid, version, debitornumbersuffix, debitorreluui
 -- Data for Name: membership; Type: TABLE DATA; Schema: hs_office; Owner: postgres
 --
-INSERT INTO hs_office.membership (uuid, version, partneruuid, membernumbersuffix, validity, status, membershipfeebillable) VALUES ('4330e211-e36c-45ec-9332-f7593ff42811', 0, 'c27d1b0c-7e43-4b64-ae69-4317f51023ba', '01', '[2022-10-01,)', 'ACTIVE', true);
+INSERT INTO hs_office.membership (uuid, version, partneruuid, membernumbersuffix, validity, status, membershipfeebillable) VALUES ('4330e211-e36c-45ec-9332-f7593ff42811', 0, 'c27d1b0c-7e43-4b64-ae69-4317f51023ba', '01', '[2022-10-01,2025-01-01)', 'ACTIVE', true);
-INSERT INTO hs_office.membership (uuid, version, partneruuid, membernumbersuffix, validity, status, membershipfeebillable) VALUES ('bed3c145-aa55-425f-9211-be9f5e9f4ebe', 0, '11583dae-da71-4786-a61d-d70f51ce988e', '02', '[2022-10-01,)', 'ACTIVE', true);
+INSERT INTO hs_office.membership (uuid, version, partneruuid, membernumbersuffix, validity, status, membershipfeebillable) VALUES ('bed3c145-aa55-425f-9211-be9f5e9f4ebe', 0, '11583dae-da71-4786-a61d-d70f51ce988e', '02', '[2022-10-01,2026-01-01)', 'ACTIVE', true);
 INSERT INTO hs_office.membership (uuid, version, partneruuid, membernumbersuffix, validity, status, membershipfeebillable) VALUES ('a42d61c5-7dad-4379-9dd9-39a8d21ddc32', 0, '7fe704c0-2e54-463e-891e-533f0274da76', '03', '[2022-10-01,)', 'ACTIVE', true);
Author	SHA1	Message	Date
Michael Hoennig	f8254d9c2f	ADR for exchanging the partner (+debitor) person	2025-03-02 17:00:18 +01:00
Michael Hoennig	25bed710fb	use the new partner-person for ex-partner-relation	2025-02-26 11:50:47 +01:00
Michael Hoennig	7a2b1b6280	move the changes to the RBACSpec generator	2025-02-26 10:57:15 +01:00
Michael Hoennig	4a2091770f	fix gw-test to fail after first gradlew failure	2025-02-26 10:56:52 +01:00
Michael Hoennig	52703d7b1d	fix test data and related assertions	2025-02-26 09:13:14 +01:00
Michael Hoennig	512035b5b4	updatable relation anchor and holder	2025-02-26 09:13:00 +01:00