From 1c27eae5f722a7f1ff2fa152cdaf54e697dd1285 Mon Sep 17 00:00:00 2001 From: Michael Hoennig Date: Fri, 13 Sep 2024 07:57:30 +0200 Subject: [PATCH 01/57] introduce basis schema, yet unused --- sql/historization.sql | 4 ++-- .../0-basis/{000-template.sql => 000-basis-schema.sql} | 8 ++------ src/main/resources/db/changelog/db.changelog-master.yaml | 2 ++ 3 files changed, 6 insertions(+), 8 deletions(-) rename src/main/resources/db/changelog/0-basis/{000-template.sql => 000-basis-schema.sql} (74%) diff --git a/sql/historization.sql b/sql/historization.sql index 6f50f428..a240b30b 100644 --- a/sql/historization.sql +++ b/sql/historization.sql @@ -24,13 +24,13 @@ delete from hs_hosting_asset where uuid='5aea68d2-3b55-464f-8362-b05c76c5a681':: commit; -- single version at point in time --- set hsadminng.tx_history_txid to (select max(txid) from tx_context where txtimestamp<='2024-08-27 12:13:13.450821'); +-- set hsadminng.tx_history_txid to (select max(txid) from basis.tx_context where txtimestamp<='2024-08-27 12:13:13.450821'); set hsadminng.tx_history_txid to ''; set hsadminng.tx_history_timestamp to '2024-08-29 12:42'; -- all versions select tx_history_txid(), txc.txtimestamp, txc.currentUser, txc.currentTask, haex.* from hs_hosting_asset_ex haex - join tx_context txc on haex.txid=txc.txid + join basis.tx_context txc on haex.txid=txc.txid where haex.identifier = 'test@thi.example.org'; select uuid, version, type, identifier, caption from hs_hosting_asset_hv p where identifier = 'test@thi.example.org'; diff --git a/src/main/resources/db/changelog/0-basis/000-template.sql b/src/main/resources/db/changelog/0-basis/000-basis-schema.sql similarity index 74% rename from src/main/resources/db/changelog/0-basis/000-template.sql rename to src/main/resources/db/changelog/0-basis/000-basis-schema.sql index 1dc12f42..689a94ba 100644 --- a/src/main/resources/db/changelog/0-basis/000-template.sql +++ b/src/main/resources/db/changelog/0-basis/000-basis-schema.sql @@ -2,11 +2,7 @@ -- ============================================================================ ---changeset prefix-TEMPLATE:1 endDelimiter:--// +--changeset basis-schema:1 endDelimiter:--// -- ---------------------------------------------------------------------------- - -/* - - */ - +CREATE SCHEMA basis; --// diff --git a/src/main/resources/db/changelog/db.changelog-master.yaml b/src/main/resources/db/changelog/db.changelog-master.yaml index 17d4d40a..f30020ae 100644 --- a/src/main/resources/db/changelog/db.changelog-master.yaml +++ b/src/main/resources/db/changelog/db.changelog-master.yaml @@ -1,4 +1,6 @@ databaseChangeLog: + - include: + file: db/changelog/0-basis/000-basis-schema.sql - include: file: db/changelog/0-basis/001-last-row-count.sql - include: -- 2.39.5 From e3292b7049dae96b9eaed74539115d3d311f58a0 Mon Sep 17 00:00:00 2001 From: Michael Hoennig Date: Fri, 13 Sep 2024 08:01:09 +0200 Subject: [PATCH 02/57] basis.lastRowCount() --- .../resources/db/changelog/0-basis/001-last-row-count.sql | 4 ++-- src/main/resources/db/changelog/1-rbac/1050-rbac-base.sql | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/main/resources/db/changelog/0-basis/001-last-row-count.sql b/src/main/resources/db/changelog/0-basis/001-last-row-count.sql index c1f3fe05..b545009c 100644 --- a/src/main/resources/db/changelog/0-basis/001-last-row-count.sql +++ b/src/main/resources/db/changelog/0-basis/001-last-row-count.sql @@ -8,13 +8,13 @@ Returns the row count from the result of the previous query. Other than the native statement it's usable in an expression. */ -create or replace function lastRowCount() +create or replace function basis.lastRowCount() returns bigint language plpgsql as $$ declare lastRowCount bigint; begin - get diagnostics lastrowCount = row_count; + get diagnostics lastRowCount = row_count; return lastRowCount; end; $$; --// diff --git a/src/main/resources/db/changelog/1-rbac/1050-rbac-base.sql b/src/main/resources/db/changelog/1-rbac/1050-rbac-base.sql index 6199abcd..1ff3463a 100644 --- a/src/main/resources/db/changelog/1-rbac/1050-rbac-base.sql +++ b/src/main/resources/db/changelog/1-rbac/1050-rbac-base.sql @@ -741,7 +741,7 @@ begin AND obj.objectTable = forObjectTable LIMIT maxObjects+1; - foundRows = lastRowCount(); + foundRows = basis.lastRowCount(); if foundRows > maxObjects then raise exception '[400] Too many accessible objects, limit is %, found %.', maxObjects, foundRows using -- 2.39.5 From ffd20a67643ba3a1bbf72ce151f182c54c56977b Mon Sep 17 00:00:00 2001 From: Michael Hoennig Date: Fri, 13 Sep 2024 08:08:19 +0200 Subject: [PATCH 03/57] basis.intToVarChar(...) --- .../resources/db/changelog/0-basis/002-int-to-var.sql | 8 ++++---- .../201-test-customer/2018-test-customer-test-data.sql | 2 +- .../2-test/203-test-domain/2038-test-domain-test-data.sql | 2 +- .../501-contact/5018-hs-office-contact-test-data.sql | 2 +- .../502-person/5028-hs-office-person-test-data.sql | 2 +- .../503-relation/5038-hs-office-relation-test-data.sql | 4 ++-- 6 files changed, 10 insertions(+), 10 deletions(-) diff --git a/src/main/resources/db/changelog/0-basis/002-int-to-var.sql b/src/main/resources/db/changelog/0-basis/002-int-to-var.sql index eb3212e3..245f767f 100644 --- a/src/main/resources/db/changelog/0-basis/002-int-to-var.sql +++ b/src/main/resources/db/changelog/0-basis/002-int-to-var.sql @@ -8,10 +8,10 @@ Returns a textual representation of an integer number to be used as generated test data. Examples : - intToVarChar(0, 3) => 'aaa' - intToVarChar(1, 3) => 'aab' + basis.intToVarChar(0, 3) => 'aaa' + basis.intToVarChar(1, 3) => 'aab' */ -create or replace function intToVarChar(i integer, len integer) +create or replace function basis.intToVarChar(i integer, len integer) returns varchar language plpgsql as $$ declare @@ -19,7 +19,7 @@ declare begin select chr(ascii('a') + i % 26) into partial; if len > 1 then - return intToVarChar(i / 26, len - 1) || partial; + return basis.intToVarChar(i / 26, len - 1) || partial; else return partial; end if; diff --git a/src/main/resources/db/changelog/2-test/201-test-customer/2018-test-customer-test-data.sql b/src/main/resources/db/changelog/2-test/201-test-customer/2018-test-customer-test-data.sql index f05cbafb..832e41c2 100644 --- a/src/main/resources/db/changelog/2-test/201-test-customer/2018-test-customer-test-data.sql +++ b/src/main/resources/db/changelog/2-test/201-test-customer/2018-test-customer-test-data.sql @@ -59,7 +59,7 @@ create or replace procedure createTestCustomerTestData( begin for t in startCount..endCount loop - call createTestCustomerTestData(testCustomerReference(t), intToVarChar(t, 3)); + call createTestCustomerTestData(testCustomerReference(t), basis.intToVarChar(t, 3)); commit; end loop; end; $$; diff --git a/src/main/resources/db/changelog/2-test/203-test-domain/2038-test-domain-test-data.sql b/src/main/resources/db/changelog/2-test/203-test-domain/2038-test-domain-test-data.sql index e2aa870f..13d03f14 100644 --- a/src/main/resources/db/changelog/2-test/203-test-domain/2038-test-domain-test-data.sql +++ b/src/main/resources/db/changelog/2-test/203-test-domain/2038-test-domain-test-data.sql @@ -25,7 +25,7 @@ begin insert into test_domain (name, packageUuid) - values (pac.name || '-' || intToVarChar(t, 4), pac.uuid); + values (pac.name || '-' || basis.intToVarChar(t, 4), pac.uuid); end loop; end; $$; diff --git a/src/main/resources/db/changelog/5-hs-office/501-contact/5018-hs-office-contact-test-data.sql b/src/main/resources/db/changelog/5-hs-office/501-contact/5018-hs-office-contact-test-data.sql index fbee80ad..03bb29ef 100644 --- a/src/main/resources/db/changelog/5-hs-office/501-contact/5018-hs-office-contact-test-data.sql +++ b/src/main/resources/db/changelog/5-hs-office/501-contact/5018-hs-office-contact-test-data.sql @@ -44,7 +44,7 @@ create or replace procedure createHsOfficeContactTestData( begin for t in startCount..endCount loop - call createHsOfficeContactTestData(intToVarChar(t, 4) || '#' || t); + call createHsOfficeContactTestData(basis.intToVarChar(t, 4) || '#' || t); commit; end loop; end; $$; diff --git a/src/main/resources/db/changelog/5-hs-office/502-person/5028-hs-office-person-test-data.sql b/src/main/resources/db/changelog/5-hs-office/502-person/5028-hs-office-person-test-data.sql index 8900886c..b2ffde0e 100644 --- a/src/main/resources/db/changelog/5-hs-office/502-person/5028-hs-office-person-test-data.sql +++ b/src/main/resources/db/changelog/5-hs-office/502-person/5028-hs-office-person-test-data.sql @@ -43,7 +43,7 @@ create or replace procedure createTestPersonTestData( begin for t in startCount..endCount loop - call createHsOfficePersonTestData('LP', intToVarChar(t, 4)); + call createHsOfficePersonTestData('LP', basis.intToVarChar(t, 4)); commit; end loop; end; $$; diff --git a/src/main/resources/db/changelog/5-hs-office/503-relation/5038-hs-office-relation-test-data.sql b/src/main/resources/db/changelog/5-hs-office/503-relation/5038-hs-office-relation-test-data.sql index 120ffe62..c9975c50 100644 --- a/src/main/resources/db/changelog/5-hs-office/503-relation/5038-hs-office-relation-test-data.sql +++ b/src/main/resources/db/changelog/5-hs-office/503-relation/5038-hs-office-relation-test-data.sql @@ -69,8 +69,8 @@ declare begin for t in startCount..endCount loop - select p.* from hs_office_person p where tradeName = intToVarChar(t, 4) into person; - select c.* from hs_office_contact c where c.caption = intToVarChar(t, 4) || '#' || t into contact; + select p.* from hs_office_person p where tradeName = basis.intToVarChar(t, 4) into person; + select c.* from hs_office_contact c where c.caption = basis.intToVarChar(t, 4) || '#' || t into contact; call createHsOfficeRelationTestData(person.uuid, contact.uuid, 'REPRESENTATIVE'); commit; -- 2.39.5 From 2f59e762c57d2ab0fbe7ba21aa5830a49069ba67 Mon Sep 17 00:00:00 2001 From: Michael Hoennig Date: Fri, 13 Sep 2024 08:13:09 +0200 Subject: [PATCH 04/57] basis.randomInRange, basis.jsonb_changes_delta, asis.bigIntHash, basis.tableColumnNames, basis.raiseException, basis.assertTrue --- .../db/changelog/0-basis/003-random-in-range.sql | 4 ++-- .../changelog/0-basis/004-jsonb-changes-delta.sql | 14 +++++++------- .../0-basis/006-numeric-hash-functions.sql | 2 +- .../db/changelog/0-basis/007-table-columns.sql | 2 +- .../db/changelog/0-basis/008-raise-functions.sql | 4 ++-- .../db/changelog/0-basis/020-audit-log.sql | 2 +- .../db/changelog/1-rbac/1058-rbac-generators.sql | 6 +++--- .../701-hosting-asset/7010-hs-hosting-asset.sql | 2 +- 8 files changed, 18 insertions(+), 18 deletions(-) diff --git a/src/main/resources/db/changelog/0-basis/003-random-in-range.sql b/src/main/resources/db/changelog/0-basis/003-random-in-range.sql index 8ed0112d..bff3b2c2 100644 --- a/src/main/resources/db/changelog/0-basis/003-random-in-range.sql +++ b/src/main/resources/db/changelog/0-basis/003-random-in-range.sql @@ -10,9 +10,9 @@ to be used for test data generation. Example: - randomInRange(0, 4) might return any of 0, 1, 2, 3, 4 + basis.randomInRange(0, 4) might return any of 0, 1, 2, 3, 4 */ -create or replace function randomInRange(min integer, max integer) +create or replace function basis.randomInRange(min integer, max integer) returns integer returns null on null input language 'plpgsql' as $$ diff --git a/src/main/resources/db/changelog/0-basis/004-jsonb-changes-delta.sql b/src/main/resources/db/changelog/0-basis/004-jsonb-changes-delta.sql index d6cdd7d3..61cfd6e3 100644 --- a/src/main/resources/db/changelog/0-basis/004-jsonb-changes-delta.sql +++ b/src/main/resources/db/changelog/0-basis/004-jsonb-changes-delta.sql @@ -9,7 +9,7 @@ This is a kind of right sided json diff. */ -create or replace function jsonb_changes_delta(oldJson jsonb, newJson jsonb) +create or replace function basis.jsonb_changes_delta(oldJson jsonb, newJson jsonb) returns jsonb called on null input language plpgsql as $$ @@ -31,7 +31,7 @@ begin if jsonb_typeof(newJson -> (oldJsonElement.key)) = 'object' then diffJson = diffJson || jsonb_build_object(oldJsonElement.key, - jsonb_changes_delta(oldJsonElement.value, newJson -> (oldJsonElement.key))); + basis.jsonb_changes_delta(oldJsonElement.value, newJson -> (oldJsonElement.key))); end if; else diffJson = diffJson || jsonb_build_object(oldJsonElement.key, null); @@ -49,30 +49,30 @@ do language plpgsql $$ actual text; begin - select jsonb_changes_delta(null::jsonb, null::jsonb) into actual; + select basis.jsonb_changes_delta(null::jsonb, null::jsonb) into actual; if actual is not null then raise exception 'jsonb_diff #1 failed:% expected: %,% actually: %', E'\n', expected, E'\n', actual; end if; - select jsonb_changes_delta(null::jsonb, '{"a": "new"}'::jsonb) into actual; + select basis.jsonb_changes_delta(null::jsonb, '{"a": "new"}'::jsonb) into actual; expected := '{"a": "new"}'::jsonb; if actual <> expected then raise exception 'jsonb_diff #2 failed:% expected: %,% actual: %', E'\n', expected, E'\n', actual; end if; - select jsonb_changes_delta('{"a": "old"}'::jsonb, '{"a": "new"}'::jsonb) into actual; + select basis.jsonb_changes_delta('{"a": "old"}'::jsonb, '{"a": "new"}'::jsonb) into actual; expected := '{"a": "new"}'::jsonb; if actual <> expected then raise exception 'jsonb_diff #3 failed:% expected: %,% actual: %', E'\n', expected, E'\n', actual; end if; - select jsonb_changes_delta('{"a": "old"}'::jsonb, '{"a": "old"}'::jsonb) into actual; + select basis.jsonb_changes_delta('{"a": "old"}'::jsonb, '{"a": "old"}'::jsonb) into actual; expected := '{}'::jsonb; if actual <> expected then raise exception 'jsonb_diff #4 failed:% expected: %,% actual: %', E'\n', expected, E'\n', actual; end if; - select jsonb_changes_delta( + select basis.jsonb_changes_delta( $json${ "a": "same", "b": "old", diff --git a/src/main/resources/db/changelog/0-basis/006-numeric-hash-functions.sql b/src/main/resources/db/changelog/0-basis/006-numeric-hash-functions.sql index 13d31931..a2d83d23 100644 --- a/src/main/resources/db/changelog/0-basis/006-numeric-hash-functions.sql +++ b/src/main/resources/db/changelog/0-basis/006-numeric-hash-functions.sql @@ -6,7 +6,7 @@ --changeset numeric-hash-functions:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -create function bigIntHash(text) returns bigint as $$ +create function basis.bigIntHash(text) returns bigint as $$ select ('x'||substr(md5($1),1,16))::bit(64)::bigint; $$ language sql; --// diff --git a/src/main/resources/db/changelog/0-basis/007-table-columns.sql b/src/main/resources/db/changelog/0-basis/007-table-columns.sql index 588defba..d345b9f7 100644 --- a/src/main/resources/db/changelog/0-basis/007-table-columns.sql +++ b/src/main/resources/db/changelog/0-basis/007-table-columns.sql @@ -6,7 +6,7 @@ --changeset table-columns-function:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -create or replace function columnsNames( tableName text ) +create or replace function basis.tableColumnNames( tableName text ) returns text stable language 'plpgsql' as $$ diff --git a/src/main/resources/db/changelog/0-basis/008-raise-functions.sql b/src/main/resources/db/changelog/0-basis/008-raise-functions.sql index ad298dc9..ddf3cbfb 100644 --- a/src/main/resources/db/changelog/0-basis/008-raise-functions.sql +++ b/src/main/resources/db/changelog/0-basis/008-raise-functions.sql @@ -6,7 +6,7 @@ /* Like `RAISE EXCEPTION` ... just as an expression instead of a statement. */ -create or replace function raiseException(msg text) +create or replace function basis.raiseException(msg text) returns varchar language plpgsql as $$ begin @@ -21,7 +21,7 @@ end; $$; /* Like `ASSERT` but as an expression instead of a statement. */ -create or replace function assertTrue(expectedTrue boolean, msg text) +create or replace function basis.assertTrue(expectedTrue boolean, msg text) returns boolean language plpgsql as $$ begin diff --git a/src/main/resources/db/changelog/0-basis/020-audit-log.sql b/src/main/resources/db/changelog/0-basis/020-audit-log.sql index c231814c..b2679dd8 100644 --- a/src/main/resources/db/changelog/0-basis/020-audit-log.sql +++ b/src/main/resources/db/changelog/0-basis/020-audit-log.sql @@ -97,7 +97,7 @@ begin into tx_journal values (curTxId, tg_table_name, old.uuid, tg_op::operation, - jsonb_changes_delta(to_jsonb(old), to_jsonb(new))); + basis.jsonb_changes_delta(to_jsonb(old), to_jsonb(new))); when 'DELETE' then insert into tx_journal values (curTxId, diff --git a/src/main/resources/db/changelog/1-rbac/1058-rbac-generators.sql b/src/main/resources/db/changelog/1-rbac/1058-rbac-generators.sql index 44281bed..233cc316 100644 --- a/src/main/resources/db/changelog/1-rbac/1058-rbac-generators.sql +++ b/src/main/resources/db/changelog/1-rbac/1058-rbac-generators.sql @@ -168,7 +168,7 @@ declare begin targetTable := lower(targetTable); if columnNames = '*' then - columnNames := columnsNames(targetTable); + columnNames := basis.tableColumnNames(targetTable); end if; /* @@ -190,14 +190,14 @@ begin select distinct g.descendantuuid, g.ascendantuuid, grants.level + 1 as level, - assertTrue(grants.level < 22, 'too many grant-levels: ' || grants.level) + basis.assertTrue(grants.level < 22, 'too many grant-levels: ' || grants.level) from rbacgrants g join recursive_grants grants on grants.descendantuuid = g.ascendantuuid where g.assumed), grant_count AS ( SELECT COUNT(*) AS grant_count FROM recursive_grants ), - count_check as (select assertTrue((select count(*) as grant_count from recursive_grants) < 400000, + count_check as (select basis.assertTrue((select count(*) as grant_count from recursive_grants) < 400000, 'too many grants for current subjects: ' || (select count(*) as grant_count from recursive_grants)) as valid) select distinct perm.objectuuid diff --git a/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7010-hs-hosting-asset.sql b/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7010-hs-hosting-asset.sql index 83d6cacb..aa39bb28 100644 --- a/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7010-hs-hosting-asset.sql +++ b/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7010-hs-hosting-asset.sql @@ -91,7 +91,7 @@ begin when 'IPV4_NUMBER' then null when 'IPV6_NUMBER' then null - else raiseException(format('[400] unknown asset type %s', NEW.type::text)) + else basis.raiseException(format('[400] unknown asset type %s', NEW.type::text)) end); if expectedParentType is not null and actualParentType is null then -- 2.39.5 From 90d3db1e3ec634b959b831a48e9839c1db4d40ed Mon Sep 17 00:00:00 2001 From: Michael Hoennig Date: Fri, 13 Sep 2024 08:16:22 +0200 Subject: [PATCH 05/57] basis.defineContext(...) --- .../net/hostsharing/hsadminng/context/Context.java | 2 +- .../rbac/rbacdef/InsertTriggerGenerator.java | 2 +- .../resources/db/changelog/0-basis/010-context.sql | 12 ++++++------ .../db/changelog/1-rbac/1054-rbac-context.sql | 14 +++++++------- .../db/changelog/1-rbac/1080-rbac-global.sql | 12 ++++++------ .../201-test-customer/2013-test-customer-rbac.sql | 2 +- .../2018-test-customer-test-data.sql | 2 +- .../202-test-package/2023-test-package-rbac.sql | 2 +- .../2028-test-package-test-data.sql | 2 +- .../203-test-domain/2033-test-domain-rbac.sql | 2 +- .../203-test-domain/2038-test-domain-test-data.sql | 2 +- .../5016-hs-office-contact-migration.sql | 2 +- .../5018-hs-office-contact-test-data.sql | 4 ++-- .../502-person/5028-hs-office-person-test-data.sql | 4 ++-- .../503-relation/5033-hs-office-relation-rbac.sql | 2 +- .../5038-hs-office-relation-test-data.sql | 2 +- .../504-partner/5043-hs-office-partner-rbac.sql | 2 +- .../5044-hs-office-partner-details-rbac.sql | 2 +- .../5046-hs-office-partner-migration.sql | 2 +- .../5048-hs-office-partner-test-data.sql | 2 +- .../5058-hs-office-bankaccount-test-data.sql | 4 ++-- .../506-debitor/5063-hs-office-debitor-rbac.sql | 2 +- .../5068-hs-office-debitor-test-data.sql | 2 +- .../5073-hs-office-sepamandate-rbac.sql | 2 +- .../5076-hs-office-sepamandate-migration.sql | 2 +- .../5078-hs-office-sepamandate-test-data.sql | 2 +- .../5103-hs-office-membership-rbac.sql | 2 +- .../5108-hs-office-membership-test-data.sql | 2 +- .../5113-hs-office-coopshares-rbac.sql | 2 +- .../5116-hs-office-coopshares-migration.sql | 2 +- .../5118-hs-office-coopshares-test-data.sql | 2 +- .../5123-hs-office-coopassets-rbac.sql | 2 +- .../5126-hs-office-coopassets-migration.sql | 2 +- .../5128-hs-office-coopassets-test-data.sql | 2 +- .../6203-hs-booking-project-rbac.sql | 2 +- .../6208-hs-booking-project-test-data.sql | 2 +- .../630-booking-item/6203-hs-booking-item-rbac.sql | 4 ++-- .../6208-hs-booking-item-test-data.sql | 2 +- .../630-booking-item/6303-hs-booking-item-rbac.sql | 4 ++-- .../7018-hs-hosting-asset-test-data.sql | 4 ++-- .../rbac/context/ContextIntegrationTests.java | 2 +- .../hsadminng/rbac/context/ContextUnitTest.java | 2 +- .../RbacRoleRepositoryIntegrationTest.java | 2 +- 43 files changed, 65 insertions(+), 65 deletions(-) diff --git a/src/main/java/net/hostsharing/hsadminng/context/Context.java b/src/main/java/net/hostsharing/hsadminng/context/Context.java index b3dac96b..9c3b6a3f 100644 --- a/src/main/java/net/hostsharing/hsadminng/context/Context.java +++ b/src/main/java/net/hostsharing/hsadminng/context/Context.java @@ -54,7 +54,7 @@ public class Context { final String currentUser, final String assumedRoles) { final var query = em.createNativeQuery(""" - call defineContext( + call basis.defineContext( cast(:currentTask as varchar(127)), cast(:currentRequest as text), cast(:currentUser as varchar(63)), diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/InsertTriggerGenerator.java b/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/InsertTriggerGenerator.java index 7c8b08ea..521ba66b 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/InsertTriggerGenerator.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/InsertTriggerGenerator.java @@ -67,7 +67,7 @@ public class InsertTriggerGenerator { declare row ${rawSuperTable}; begin - call defineContext('create INSERT INTO ${rawSubTable} permissions for pre-exising ${rawSuperTable} rows'); + call basis.defineContext('create INSERT INTO ${rawSubTable} permissions for pre-exising ${rawSuperTable} rows'); FOR row IN SELECT * FROM ${rawSuperTable} ${whenCondition} diff --git a/src/main/resources/db/changelog/0-basis/010-context.sql b/src/main/resources/db/changelog/0-basis/010-context.sql index 25c6c48c..c770d7fd 100644 --- a/src/main/resources/db/changelog/0-basis/010-context.sql +++ b/src/main/resources/db/changelog/0-basis/010-context.sql @@ -9,7 +9,7 @@ Callback which is called after the context has been (re-) defined. This function will be overwritten by later changesets. */ -create procedure contextDefined( +create procedure basis.contextDefined( currentTask varchar(127), currentRequest text, currentUser varchar(63), @@ -22,7 +22,7 @@ end; $$; /* Defines the transaction context. */ -create or replace procedure defineContext( +create or replace procedure basis.defineContext( currentTask varchar(127), currentRequest text = null, currentUser varchar(63) = null, @@ -46,7 +46,7 @@ begin assert length(assumedRoles) <= 1023, FORMAT('assumedRoles must not be longer than 1023 characters: "%s"', assumedRoles); execute format('set local hsadminng.assumedRoles to %L', assumedRoles); - call contextDefined(currentTask, currentRequest, currentUser, assumedRoles); + call basis.contextDefined(currentTask, currentRequest, currentUser, assumedRoles); end; $$; --// @@ -72,7 +72,7 @@ begin currentTask := null; end; if (currentTask is null or currentTask = '') then - raise exception '[401] currentTask must be defined, please call `defineContext(...)`'; + raise exception '[401] currentTask must be defined, please call `basis.defineContext(...)`'; end if; return currentTask; end; $$; @@ -83,7 +83,7 @@ end; $$; --changeset context-CURRENT-REQUEST:1 endDelimiter:--// -- ---------------------------------------------------------------------------- /* - Returns the current http request as set via `defineContext(...)`. + Returns the current http request as set via `basis.defineContext(...)`. Raises exception if not set. */ create or replace function currentRequest() @@ -108,7 +108,7 @@ end; $$; --changeset context-CURRENT-USER:1 endDelimiter:--// -- ---------------------------------------------------------------------------- /* - Returns the current user as defined by `defineContext(...)`. + Returns the current user as defined by `basis.defineContext(...)`. */ create or replace function currentUser() returns varchar(63) diff --git a/src/main/resources/db/changelog/1-rbac/1054-rbac-context.sql b/src/main/resources/db/changelog/1-rbac/1054-rbac-context.sql index ab3a9bd5..e222596c 100644 --- a/src/main/resources/db/changelog/1-rbac/1054-rbac-context.sql +++ b/src/main/resources/db/changelog/1-rbac/1054-rbac-context.sql @@ -18,7 +18,7 @@ begin select uuid from RbacUser where name = currentUser into currentUserUuid; if currentUserUuid is null then - raise exception '[401] user % given in `defineContext(...)` does not exist', currentUser; + raise exception '[401] user % given in `basis.defineContext(...)` does not exist', currentUser; end if; return currentUserUuid; end; $$; @@ -84,7 +84,7 @@ end; $$; Callback which is called after the context has been (re-) defined. This function will be overwritten by later changesets. */ -create or replace procedure contextDefined( +create or replace procedure basis.contextDefined( currentTask varchar(127), currentRequest text, currentUser varchar(63), @@ -114,7 +114,7 @@ end; $$; --changeset rbac-context-CURRENT-USER-ID:1 endDelimiter:--// -- ---------------------------------------------------------------------------- /* - Returns the uuid of the current user as set via `defineContext(...)`. + Returns the uuid of the current user as set via `basis.defineContext(...)`. */ create or replace function currentUserUuid() @@ -136,7 +136,7 @@ begin if (length(currentUserName) > 0) then raise exception '[401] currentUserUuid cannot be determined, unknown user name "%"', currentUserName; else - raise exception '[401] currentUserUuid cannot be determined, please call `defineContext(...)` first;"'; + raise exception '[401] currentUserUuid cannot be determined, please call `basis.defineContext(...)` first;"'; end if; end if; return currentUserUuid::uuid; @@ -147,8 +147,8 @@ end; $$; --changeset rbac-context-CURRENT-SUBJECT-UUIDS:1 endDelimiter:--// -- ---------------------------------------------------------------------------- /* - Returns the uuid of the current user as set via `defineContext(...)`, - or, if any, the uuids of all assumed roles as set via `defineContext(...)` + Returns the uuid of the current user as set via `basis.defineContext(...)`, + or, if any, the uuids of all assumed roles as set via `basis.defineContext(...)` or empty array, if context is not defined. */ create or replace function currentSubjectsUuids() @@ -170,7 +170,7 @@ begin if (length(currentUserName) > 0) then raise exception '[401] currentSubjectsUuids (%) cannot be determined, unknown user name "%"', currentSubjectsUuids, currentUserName; else - raise exception '[401] currentSubjectsUuids cannot be determined, please call `defineContext(...)` with a valid user;"'; + raise exception '[401] currentSubjectsUuids cannot be determined, please call `basis.defineContext(...)` with a valid user;"'; end if; end if; return string_to_array(currentSubjectsUuids, ';'); diff --git a/src/main/resources/db/changelog/1-rbac/1080-rbac-global.sql b/src/main/resources/db/changelog/1-rbac/1080-rbac-global.sql index c28a464d..c20238c7 100644 --- a/src/main/resources/db/changelog/1-rbac/1080-rbac-global.sql +++ b/src/main/resources/db/changelog/1-rbac/1080-rbac-global.sql @@ -94,7 +94,7 @@ $$; A single row to be referenced as a global object. */ begin transaction; -call defineContext('initializing table "global"', null, null, null); +call basis.defineContext('initializing table "global"', null, null, null); insert into RbacObject (objecttable) values ('global'); insert @@ -118,7 +118,7 @@ select 'global', (select uuid from RbacObject where objectTable = 'global'), 'AD $$; begin transaction; - call defineContext('creating role:global#global:ADMIN', null, null, null); + call basis.defineContext('creating role:global#global:ADMIN', null, null, null); select createRole(globalAdmin()); commit; --// @@ -139,7 +139,7 @@ select 'global', (select uuid from RbacObject where objectTable = 'global'), 'GU $$; begin transaction; - call defineContext('creating role:global#global:guest', null, null, null); + call basis.defineContext('creating role:global#global:guest', null, null, null); select createRole(globalGuest()); commit; --// @@ -155,7 +155,7 @@ do language plpgsql $$ declare admins uuid ; begin - call defineContext('creating fake test-realm admin users', null, null, null); + call basis.defineContext('creating fake test-realm admin users', null, null, null); admins = findRoleId(globalAdmin()); call grantRoleToUserUnchecked(admins, admins, createRbacUser('superuser-alex@hostsharing.net')); @@ -179,13 +179,13 @@ do language plpgsql $$ declare userName varchar; begin - call defineContext('testing currentUserUuid', null, 'superuser-fran@hostsharing.net', null); + call basis.defineContext('testing currentUserUuid', null, 'superuser-fran@hostsharing.net', null); select userName from RbacUser where uuid = currentUserUuid() into userName; if userName <> 'superuser-fran@hostsharing.net' then raise exception 'setting or fetching initial currentUser failed, got: %', userName; end if; - call defineContext('testing currentUserUuid', null, 'superuser-alex@hostsharing.net', null); + call basis.defineContext('testing currentUserUuid', null, 'superuser-alex@hostsharing.net', null); select userName from RbacUser where uuid = currentUserUuid() into userName; if userName = 'superuser-alex@hostsharing.net' then raise exception 'currentUser should not change in one transaction, but did change, got: %', userName; diff --git a/src/main/resources/db/changelog/2-test/201-test-customer/2013-test-customer-rbac.sql b/src/main/resources/db/changelog/2-test/201-test-customer/2013-test-customer-rbac.sql index e1540c9a..6e084160 100644 --- a/src/main/resources/db/changelog/2-test/201-test-customer/2013-test-customer-rbac.sql +++ b/src/main/resources/db/changelog/2-test/201-test-customer/2013-test-customer-rbac.sql @@ -89,7 +89,7 @@ do language plpgsql $$ declare row global; begin - call defineContext('create INSERT INTO test_customer permissions for pre-exising global rows'); + call basis.defineContext('create INSERT INTO test_customer permissions for pre-exising global rows'); FOR row IN SELECT * FROM global -- unconditional for all rows in that table diff --git a/src/main/resources/db/changelog/2-test/201-test-customer/2018-test-customer-test-data.sql b/src/main/resources/db/changelog/2-test/201-test-customer/2018-test-customer-test-data.sql index 832e41c2..a05835f8 100644 --- a/src/main/resources/db/changelog/2-test/201-test-customer/2018-test-customer-test-data.sql +++ b/src/main/resources/db/changelog/2-test/201-test-customer/2018-test-customer-test-data.sql @@ -72,7 +72,7 @@ end; $$; do language plpgsql $$ begin - call defineContext('creating RBAC test customer', null, 'superuser-alex@hostsharing.net', 'global#global:ADMIN'); + call basis.defineContext('creating RBAC test customer', null, 'superuser-alex@hostsharing.net', 'global#global:ADMIN'); call createTestCustomerTestData(99901, 'xxx'); call createTestCustomerTestData(99902, 'yyy'); diff --git a/src/main/resources/db/changelog/2-test/202-test-package/2023-test-package-rbac.sql b/src/main/resources/db/changelog/2-test/202-test-package/2023-test-package-rbac.sql index 9ec9c06a..4cc51b27 100644 --- a/src/main/resources/db/changelog/2-test/202-test-package/2023-test-package-rbac.sql +++ b/src/main/resources/db/changelog/2-test/202-test-package/2023-test-package-rbac.sql @@ -154,7 +154,7 @@ do language plpgsql $$ declare row test_customer; begin - call defineContext('create INSERT INTO test_package permissions for pre-exising test_customer rows'); + call basis.defineContext('create INSERT INTO test_package permissions for pre-exising test_customer rows'); FOR row IN SELECT * FROM test_customer -- unconditional for all rows in that table diff --git a/src/main/resources/db/changelog/2-test/202-test-package/2028-test-package-test-data.sql b/src/main/resources/db/changelog/2-test/202-test-package/2028-test-package-test-data.sql index bf4a9f3b..d471a421 100644 --- a/src/main/resources/db/changelog/2-test/202-test-package/2028-test-package-test-data.sql +++ b/src/main/resources/db/changelog/2-test/202-test-package/2028-test-package-test-data.sql @@ -22,7 +22,7 @@ begin pacName = cust.prefix || to_char(t, 'fm00'); custAdminUser = 'customer-admin@' || cust.prefix || '.example.com'; custAdminRole = 'test_customer#' || cust.prefix || ':ADMIN'; - call defineContext('creating RBAC test package', null, 'superuser-fran@hostsharing.net', custAdminRole); + call basis.defineContext('creating RBAC test package', null, 'superuser-fran@hostsharing.net', custAdminRole); insert into test_package (customerUuid, name, description) diff --git a/src/main/resources/db/changelog/2-test/203-test-domain/2033-test-domain-rbac.sql b/src/main/resources/db/changelog/2-test/203-test-domain/2033-test-domain-rbac.sql index 042021c9..ab12d7fd 100644 --- a/src/main/resources/db/changelog/2-test/203-test-domain/2033-test-domain-rbac.sql +++ b/src/main/resources/db/changelog/2-test/203-test-domain/2033-test-domain-rbac.sql @@ -153,7 +153,7 @@ do language plpgsql $$ declare row test_package; begin - call defineContext('create INSERT INTO test_domain permissions for pre-exising test_package rows'); + call basis.defineContext('create INSERT INTO test_domain permissions for pre-exising test_package rows'); FOR row IN SELECT * FROM test_package -- unconditional for all rows in that table diff --git a/src/main/resources/db/changelog/2-test/203-test-domain/2038-test-domain-test-data.sql b/src/main/resources/db/changelog/2-test/203-test-domain/2038-test-domain-test-data.sql index 13d03f14..f1a1cb79 100644 --- a/src/main/resources/db/changelog/2-test/203-test-domain/2038-test-domain-test-data.sql +++ b/src/main/resources/db/changelog/2-test/203-test-domain/2038-test-domain-test-data.sql @@ -21,7 +21,7 @@ begin for t in 0..(domainCount-1) loop pacAdmin = 'pac-admin-' || pac.name || '@' || pac.custPrefix || '.example.com'; - call defineContext('creating RBAC test domain', null, pacAdmin, null); + call basis.defineContext('creating RBAC test domain', null, pacAdmin, null); insert into test_domain (name, packageUuid) diff --git a/src/main/resources/db/changelog/5-hs-office/501-contact/5016-hs-office-contact-migration.sql b/src/main/resources/db/changelog/5-hs-office/501-contact/5016-hs-office-contact-migration.sql index 79cdd3bf..bc7921db 100644 --- a/src/main/resources/db/changelog/5-hs-office/501-contact/5016-hs-office-contact-migration.sql +++ b/src/main/resources/db/changelog/5-hs-office/501-contact/5016-hs-office-contact-migration.sql @@ -40,7 +40,7 @@ ALTER TABLE hs_office_contact_legacy_id --changeset hs-office-contact-MIGRATION-insert:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -CALL defineContext('schema-migration'); +CALL basis.defineContext('schema-migration'); INSERT INTO hs_office_contact_legacy_id(uuid, contact_id) SELECT uuid, nextVal('hs_office_contact_legacy_id_seq') FROM hs_office_contact; --/ diff --git a/src/main/resources/db/changelog/5-hs-office/501-contact/5018-hs-office-contact-test-data.sql b/src/main/resources/db/changelog/5-hs-office/501-contact/5018-hs-office-contact-test-data.sql index 03bb29ef..d8bbcd74 100644 --- a/src/main/resources/db/changelog/5-hs-office/501-contact/5018-hs-office-contact-test-data.sql +++ b/src/main/resources/db/changelog/5-hs-office/501-contact/5018-hs-office-contact-test-data.sql @@ -15,9 +15,9 @@ declare emailAddr varchar; begin emailAddr = 'contact-admin@' || cleanIdentifier(contCaption) || '.example.com'; - call defineContext('creating contact test-data'); + call basis.defineContext('creating contact test-data'); perform createRbacUser(emailAddr); - call defineContext('creating contact test-data', null, emailAddr); + call basis.defineContext('creating contact test-data', null, emailAddr); postalAddr := E'Vorname Nachname\nStraße Hnr\nPLZ Stadt'; diff --git a/src/main/resources/db/changelog/5-hs-office/502-person/5028-hs-office-person-test-data.sql b/src/main/resources/db/changelog/5-hs-office/502-person/5028-hs-office-person-test-data.sql index b2ffde0e..4040ceb4 100644 --- a/src/main/resources/db/changelog/5-hs-office/502-person/5028-hs-office-person-test-data.sql +++ b/src/main/resources/db/changelog/5-hs-office/502-person/5028-hs-office-person-test-data.sql @@ -21,9 +21,9 @@ declare begin fullName := concat_ws(', ', newTradeName, newFamilyName, newGivenName); emailAddr = 'person-' || left(cleanIdentifier(fullName), 32) || '@example.com'; - call defineContext('creating person test-data'); + call basis.defineContext('creating person test-data'); perform createRbacUser(emailAddr); - call defineContext('creating person test-data', null, emailAddr); + call basis.defineContext('creating person test-data', null, emailAddr); raise notice 'creating test person: % by %', fullName, emailAddr; insert diff --git a/src/main/resources/db/changelog/5-hs-office/503-relation/5033-hs-office-relation-rbac.sql b/src/main/resources/db/changelog/5-hs-office/503-relation/5033-hs-office-relation-rbac.sql index 63c2061a..84ae494c 100644 --- a/src/main/resources/db/changelog/5-hs-office/503-relation/5033-hs-office-relation-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/503-relation/5033-hs-office-relation-rbac.sql @@ -163,7 +163,7 @@ do language plpgsql $$ declare row hs_office_person; begin - call defineContext('create INSERT INTO hs_office_relation permissions for pre-exising hs_office_person rows'); + call basis.defineContext('create INSERT INTO hs_office_relation permissions for pre-exising hs_office_person rows'); FOR row IN SELECT * FROM hs_office_person -- unconditional for all rows in that table diff --git a/src/main/resources/db/changelog/5-hs-office/503-relation/5038-hs-office-relation-test-data.sql b/src/main/resources/db/changelog/5-hs-office/503-relation/5038-hs-office-relation-test-data.sql index c9975c50..56ee5791 100644 --- a/src/main/resources/db/changelog/5-hs-office/503-relation/5038-hs-office-relation-test-data.sql +++ b/src/main/resources/db/changelog/5-hs-office/503-relation/5038-hs-office-relation-test-data.sql @@ -85,7 +85,7 @@ end; $$; do language plpgsql $$ begin - call defineContext('creating relation test-data', null, 'superuser-alex@hostsharing.net', 'global#global:ADMIN'); + call basis.defineContext('creating relation test-data', null, 'superuser-alex@hostsharing.net', 'global#global:ADMIN'); call createHsOfficeRelationTestData('First GmbH', 'PARTNER', 'Hostsharing eG', 'first contact'); call createHsOfficeRelationTestData('Firby', 'REPRESENTATIVE', 'First GmbH', 'first contact'); diff --git a/src/main/resources/db/changelog/5-hs-office/504-partner/5043-hs-office-partner-rbac.sql b/src/main/resources/db/changelog/5-hs-office/504-partner/5043-hs-office-partner-rbac.sql index bd1c673d..9bc7f773 100644 --- a/src/main/resources/db/changelog/5-hs-office/504-partner/5043-hs-office-partner-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/504-partner/5043-hs-office-partner-rbac.sql @@ -166,7 +166,7 @@ do language plpgsql $$ declare row global; begin - call defineContext('create INSERT INTO hs_office_partner permissions for pre-exising global rows'); + call basis.defineContext('create INSERT INTO hs_office_partner permissions for pre-exising global rows'); FOR row IN SELECT * FROM global -- unconditional for all rows in that table diff --git a/src/main/resources/db/changelog/5-hs-office/504-partner/5044-hs-office-partner-details-rbac.sql b/src/main/resources/db/changelog/5-hs-office/504-partner/5044-hs-office-partner-details-rbac.sql index 8a7f2725..09ed6dc5 100644 --- a/src/main/resources/db/changelog/5-hs-office/504-partner/5044-hs-office-partner-details-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/504-partner/5044-hs-office-partner-details-rbac.sql @@ -70,7 +70,7 @@ do language plpgsql $$ declare row global; begin - call defineContext('create INSERT INTO hs_office_partner_details permissions for pre-exising global rows'); + call basis.defineContext('create INSERT INTO hs_office_partner_details permissions for pre-exising global rows'); FOR row IN SELECT * FROM global -- unconditional for all rows in that table diff --git a/src/main/resources/db/changelog/5-hs-office/504-partner/5046-hs-office-partner-migration.sql b/src/main/resources/db/changelog/5-hs-office/504-partner/5046-hs-office-partner-migration.sql index f48e99d5..a07d4c72 100644 --- a/src/main/resources/db/changelog/5-hs-office/504-partner/5046-hs-office-partner-migration.sql +++ b/src/main/resources/db/changelog/5-hs-office/504-partner/5046-hs-office-partner-migration.sql @@ -39,7 +39,7 @@ ALTER TABLE hs_office_partner_legacy_id --changeset hs-office-partner-MIGRATION-insert:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -CALL defineContext('schema-migration'); +CALL basis.defineContext('schema-migration'); INSERT INTO hs_office_partner_legacy_id(uuid, bp_id) SELECT uuid, nextVal('hs_office_partner_legacy_id_seq') FROM hs_office_partner; --/ diff --git a/src/main/resources/db/changelog/5-hs-office/504-partner/5048-hs-office-partner-test-data.sql b/src/main/resources/db/changelog/5-hs-office/504-partner/5048-hs-office-partner-test-data.sql index 4ac1dff9..ae932604 100644 --- a/src/main/resources/db/changelog/5-hs-office/504-partner/5048-hs-office-partner-test-data.sql +++ b/src/main/resources/db/changelog/5-hs-office/504-partner/5048-hs-office-partner-test-data.sql @@ -71,7 +71,7 @@ end; $$; do language plpgsql $$ begin - call defineContext('creating partner test-data ', null, 'superuser-alex@hostsharing.net', 'global#global:ADMIN'); + call basis.defineContext('creating partner test-data ', null, 'superuser-alex@hostsharing.net', 'global#global:ADMIN'); call createHsOfficePartnerTestData('Hostsharing eG', 10001, 'First GmbH', 'first contact'); call createHsOfficePartnerTestData('Hostsharing eG', 10002, 'Second e.K.', 'second contact'); diff --git a/src/main/resources/db/changelog/5-hs-office/505-bankaccount/5058-hs-office-bankaccount-test-data.sql b/src/main/resources/db/changelog/5-hs-office/505-bankaccount/5058-hs-office-bankaccount-test-data.sql index 338ab61c..ed00ca3a 100644 --- a/src/main/resources/db/changelog/5-hs-office/505-bankaccount/5058-hs-office-bankaccount-test-data.sql +++ b/src/main/resources/db/changelog/5-hs-office/505-bankaccount/5058-hs-office-bankaccount-test-data.sql @@ -15,7 +15,7 @@ declare begin emailAddr = 'bankaccount-admin@' || cleanIdentifier(givenHolder) || '.example.com'; perform createRbacUser(emailAddr); - call defineContext('creating bankaccount test-data', null, emailAddr); + call basis.defineContext('creating bankaccount test-data', null, emailAddr); raise notice 'creating test bankaccount: %', givenHolder; insert @@ -31,7 +31,7 @@ end; $$; do language plpgsql $$ begin - call defineContext('creating bankaccount test-data'); + call basis.defineContext('creating bankaccount test-data'); -- IBANs+BICs taken from https://ibanvalidieren.de/beispiele.html call createHsOfficeBankAccountTestData('First GmbH', 'DE02120300000000202051', 'BYLADEM1001'); diff --git a/src/main/resources/db/changelog/5-hs-office/506-debitor/5063-hs-office-debitor-rbac.sql b/src/main/resources/db/changelog/5-hs-office/506-debitor/5063-hs-office-debitor-rbac.sql index 8e91d7e7..b0c77c67 100644 --- a/src/main/resources/db/changelog/5-hs-office/506-debitor/5063-hs-office-debitor-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/506-debitor/5063-hs-office-debitor-rbac.sql @@ -139,7 +139,7 @@ do language plpgsql $$ declare row global; begin - call defineContext('create INSERT INTO hs_office_debitor permissions for pre-exising global rows'); + call basis.defineContext('create INSERT INTO hs_office_debitor permissions for pre-exising global rows'); FOR row IN SELECT * FROM global -- unconditional for all rows in that table diff --git a/src/main/resources/db/changelog/5-hs-office/506-debitor/5068-hs-office-debitor-test-data.sql b/src/main/resources/db/changelog/5-hs-office/506-debitor/5068-hs-office-debitor-test-data.sql index da9a5f2e..399c9e70 100644 --- a/src/main/resources/db/changelog/5-hs-office/506-debitor/5068-hs-office-debitor-test-data.sql +++ b/src/main/resources/db/changelog/5-hs-office/506-debitor/5068-hs-office-debitor-test-data.sql @@ -50,7 +50,7 @@ end; $$; do language plpgsql $$ begin - call defineContext('creating debitor test-data', null, 'superuser-alex@hostsharing.net', 'global#global:ADMIN'); + call basis.defineContext('creating debitor test-data', null, 'superuser-alex@hostsharing.net', 'global#global:ADMIN'); call createHsOfficeDebitorTestData(11, 'First GmbH', 'first contact', 'fir'); call createHsOfficeDebitorTestData(12, 'Second e.K.', 'second contact', 'sec'); diff --git a/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5073-hs-office-sepamandate-rbac.sql b/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5073-hs-office-sepamandate-rbac.sql index 6b6595a0..e794d97a 100644 --- a/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5073-hs-office-sepamandate-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5073-hs-office-sepamandate-rbac.sql @@ -114,7 +114,7 @@ do language plpgsql $$ declare row hs_office_relation; begin - call defineContext('create INSERT INTO hs_office_sepamandate permissions for pre-exising hs_office_relation rows'); + call basis.defineContext('create INSERT INTO hs_office_sepamandate permissions for pre-exising hs_office_relation rows'); FOR row IN SELECT * FROM hs_office_relation WHERE type = 'DEBITOR' diff --git a/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5076-hs-office-sepamandate-migration.sql b/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5076-hs-office-sepamandate-migration.sql index 4b483c6b..f53e340d 100644 --- a/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5076-hs-office-sepamandate-migration.sql +++ b/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5076-hs-office-sepamandate-migration.sql @@ -41,7 +41,7 @@ ALTER TABLE hs_office_sepamandate_legacy_id --changeset hs-office-sepamandate-MIGRATION-insert:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -CALL defineContext('schema-migration'); +CALL basis.defineContext('schema-migration'); INSERT INTO hs_office_sepamandate_legacy_id(uuid, sepa_mandate_id) SELECT uuid, nextVal('hs_office_sepamandate_legacy_id_seq') FROM hs_office_sepamandate; --/ diff --git a/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5078-hs-office-sepamandate-test-data.sql b/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5078-hs-office-sepamandate-test-data.sql index 6c8aa15e..071ad1b8 100644 --- a/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5078-hs-office-sepamandate-test-data.sql +++ b/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5078-hs-office-sepamandate-test-data.sql @@ -43,7 +43,7 @@ end; $$; do language plpgsql $$ begin - call defineContext('creating SEPA-mandate test-data', null, 'superuser-alex@hostsharing.net', 'global#global:ADMIN'); + call basis.defineContext('creating SEPA-mandate test-data', null, 'superuser-alex@hostsharing.net', 'global#global:ADMIN'); call createHsOfficeSepaMandateTestData(10001, '11', 'DE02120300000000202051', 'ref-10001-11'); call createHsOfficeSepaMandateTestData(10002, '12', 'DE02100500000054540402', 'ref-10002-12'); diff --git a/src/main/resources/db/changelog/5-hs-office/510-membership/5103-hs-office-membership-rbac.sql b/src/main/resources/db/changelog/5-hs-office/510-membership/5103-hs-office-membership-rbac.sql index 7e628d39..ec39c6d3 100644 --- a/src/main/resources/db/changelog/5-hs-office/510-membership/5103-hs-office-membership-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/510-membership/5103-hs-office-membership-rbac.sql @@ -101,7 +101,7 @@ do language plpgsql $$ declare row global; begin - call defineContext('create INSERT INTO hs_office_membership permissions for pre-exising global rows'); + call basis.defineContext('create INSERT INTO hs_office_membership permissions for pre-exising global rows'); FOR row IN SELECT * FROM global -- unconditional for all rows in that table diff --git a/src/main/resources/db/changelog/5-hs-office/510-membership/5108-hs-office-membership-test-data.sql b/src/main/resources/db/changelog/5-hs-office/510-membership/5108-hs-office-membership-test-data.sql index 205efcc9..36195fdb 100644 --- a/src/main/resources/db/changelog/5-hs-office/510-membership/5108-hs-office-membership-test-data.sql +++ b/src/main/resources/db/changelog/5-hs-office/510-membership/5108-hs-office-membership-test-data.sql @@ -33,7 +33,7 @@ end; $$; do language plpgsql $$ begin - call defineContext('creating Membership test-data', null, 'superuser-alex@hostsharing.net', 'global#global:ADMIN'); + call basis.defineContext('creating Membership test-data', null, 'superuser-alex@hostsharing.net', 'global#global:ADMIN'); call createHsOfficeMembershipTestData(10001, '01'); call createHsOfficeMembershipTestData(10002, '02'); diff --git a/src/main/resources/db/changelog/5-hs-office/511-coopshares/5113-hs-office-coopshares-rbac.sql b/src/main/resources/db/changelog/5-hs-office/511-coopshares/5113-hs-office-coopshares-rbac.sql index 6707bdaa..e632b648 100644 --- a/src/main/resources/db/changelog/5-hs-office/511-coopshares/5113-hs-office-coopshares-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/511-coopshares/5113-hs-office-coopshares-rbac.sql @@ -77,7 +77,7 @@ do language plpgsql $$ declare row hs_office_membership; begin - call defineContext('create INSERT INTO hs_office_coopsharestransaction permissions for pre-exising hs_office_membership rows'); + call basis.defineContext('create INSERT INTO hs_office_coopsharestransaction permissions for pre-exising hs_office_membership rows'); FOR row IN SELECT * FROM hs_office_membership -- unconditional for all rows in that table diff --git a/src/main/resources/db/changelog/5-hs-office/511-coopshares/5116-hs-office-coopshares-migration.sql b/src/main/resources/db/changelog/5-hs-office/511-coopshares/5116-hs-office-coopshares-migration.sql index dd64356e..e7dec7c1 100644 --- a/src/main/resources/db/changelog/5-hs-office/511-coopshares/5116-hs-office-coopshares-migration.sql +++ b/src/main/resources/db/changelog/5-hs-office/511-coopshares/5116-hs-office-coopshares-migration.sql @@ -40,7 +40,7 @@ ALTER TABLE hs_office_coopsharestransaction_legacy_id --changeset hs-office-coopshares-MIGRATION-insert:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -CALL defineContext('schema-migration'); +CALL basis.defineContext('schema-migration'); INSERT INTO hs_office_coopsharestransaction_legacy_id(uuid, member_share_id) SELECT uuid, nextVal('hs_office_coopsharestransaction_legacy_id_seq') FROM hs_office_coopsharestransaction; --/ diff --git a/src/main/resources/db/changelog/5-hs-office/511-coopshares/5118-hs-office-coopshares-test-data.sql b/src/main/resources/db/changelog/5-hs-office/511-coopshares/5118-hs-office-coopshares-test-data.sql index 4efb55db..594300d2 100644 --- a/src/main/resources/db/changelog/5-hs-office/511-coopshares/5118-hs-office-coopshares-test-data.sql +++ b/src/main/resources/db/changelog/5-hs-office/511-coopshares/5118-hs-office-coopshares-test-data.sql @@ -43,7 +43,7 @@ end; $$; do language plpgsql $$ begin - call defineContext('creating coopSharesTransaction test-data'); + call basis.defineContext('creating coopSharesTransaction test-data'); SET CONSTRAINTS ALL DEFERRED; call createHsOfficeCoopSharesTransactionTestData(10001, '01'); diff --git a/src/main/resources/db/changelog/5-hs-office/512-coopassets/5123-hs-office-coopassets-rbac.sql b/src/main/resources/db/changelog/5-hs-office/512-coopassets/5123-hs-office-coopassets-rbac.sql index 39f5a8fe..4ef072a1 100644 --- a/src/main/resources/db/changelog/5-hs-office/512-coopassets/5123-hs-office-coopassets-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/512-coopassets/5123-hs-office-coopassets-rbac.sql @@ -77,7 +77,7 @@ do language plpgsql $$ declare row hs_office_membership; begin - call defineContext('create INSERT INTO hs_office_coopassetstransaction permissions for pre-exising hs_office_membership rows'); + call basis.defineContext('create INSERT INTO hs_office_coopassetstransaction permissions for pre-exising hs_office_membership rows'); FOR row IN SELECT * FROM hs_office_membership -- unconditional for all rows in that table diff --git a/src/main/resources/db/changelog/5-hs-office/512-coopassets/5126-hs-office-coopassets-migration.sql b/src/main/resources/db/changelog/5-hs-office/512-coopassets/5126-hs-office-coopassets-migration.sql index 8c346566..47bbfbb7 100644 --- a/src/main/resources/db/changelog/5-hs-office/512-coopassets/5126-hs-office-coopassets-migration.sql +++ b/src/main/resources/db/changelog/5-hs-office/512-coopassets/5126-hs-office-coopassets-migration.sql @@ -40,7 +40,7 @@ ALTER TABLE hs_office_coopassetstransaction_legacy_id --changeset hs-office-coopassets-MIGRATION-insert:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -CALL defineContext('schema-migration'); +CALL basis.defineContext('schema-migration'); INSERT INTO hs_office_coopassetstransaction_legacy_id(uuid, member_asset_id) SELECT uuid, nextVal('hs_office_coopassetstransaction_legacy_id_seq') FROM hs_office_coopassetstransaction; --/ diff --git a/src/main/resources/db/changelog/5-hs-office/512-coopassets/5128-hs-office-coopassets-test-data.sql b/src/main/resources/db/changelog/5-hs-office/512-coopassets/5128-hs-office-coopassets-test-data.sql index b3cdab98..ff22f705 100644 --- a/src/main/resources/db/changelog/5-hs-office/512-coopassets/5128-hs-office-coopassets-test-data.sql +++ b/src/main/resources/db/changelog/5-hs-office/512-coopassets/5128-hs-office-coopassets-test-data.sql @@ -43,7 +43,7 @@ end; $$; do language plpgsql $$ begin - call defineContext('creating coopAssetsTransaction test-data'); + call basis.defineContext('creating coopAssetsTransaction test-data'); SET CONSTRAINTS ALL DEFERRED; call createHsOfficeCoopAssetsTransactionTestData(10001, '01'); diff --git a/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6203-hs-booking-project-rbac.sql b/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6203-hs-booking-project-rbac.sql index c6f3544d..7137f162 100644 --- a/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6203-hs-booking-project-rbac.sql +++ b/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6203-hs-booking-project-rbac.sql @@ -108,7 +108,7 @@ do language plpgsql $$ declare row hs_office_relation; begin - call defineContext('create INSERT INTO hs_booking_project permissions for pre-exising hs_office_relation rows'); + call basis.defineContext('create INSERT INTO hs_booking_project permissions for pre-exising hs_office_relation rows'); FOR row IN SELECT * FROM hs_office_relation WHERE type = 'DEBITOR' diff --git a/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6208-hs-booking-project-test-data.sql b/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6208-hs-booking-project-test-data.sql index 2113ae5e..459f4cee 100644 --- a/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6208-hs-booking-project-test-data.sql +++ b/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6208-hs-booking-project-test-data.sql @@ -39,7 +39,7 @@ end; $$; do language plpgsql $$ begin - call defineContext('creating booking-project test-data', null, 'superuser-alex@hostsharing.net', 'global#global:ADMIN'); + call basis.defineContext('creating booking-project test-data', null, 'superuser-alex@hostsharing.net', 'global#global:ADMIN'); call createHsBookingProjectTransactionTestData(10001, '11'); call createHsBookingProjectTransactionTestData(10002, '12'); diff --git a/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6203-hs-booking-item-rbac.sql b/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6203-hs-booking-item-rbac.sql index bcd6523e..e9ce4c33 100644 --- a/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6203-hs-booking-item-rbac.sql +++ b/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6203-hs-booking-item-rbac.sql @@ -107,7 +107,7 @@ do language plpgsql $$ declare row global; begin - call defineContext('create INSERT INTO hs_booking_item permissions for pre-exising global rows'); + call basis.defineContext('create INSERT INTO hs_booking_item permissions for pre-exising global rows'); FOR row IN SELECT * FROM global -- unconditional for all rows in that table @@ -150,7 +150,7 @@ do language plpgsql $$ declare row hs_booking_project; begin - call defineContext('create INSERT INTO hs_booking_item permissions for pre-exising hs_booking_project rows'); + call basis.defineContext('create INSERT INTO hs_booking_item permissions for pre-exising hs_booking_project rows'); FOR row IN SELECT * FROM hs_booking_project -- unconditional for all rows in that table diff --git a/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6208-hs-booking-item-test-data.sql b/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6208-hs-booking-item-test-data.sql index 4052b5c3..aa610cf8 100644 --- a/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6208-hs-booking-item-test-data.sql +++ b/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6208-hs-booking-item-test-data.sql @@ -47,7 +47,7 @@ do language plpgsql $$ declare currentTask text; begin - call defineContext('creating booking-item test-data', null, 'superuser-alex@hostsharing.net', 'global#global:ADMIN'); + call basis.defineContext('creating booking-item test-data', null, 'superuser-alex@hostsharing.net', 'global#global:ADMIN'); call createHsBookingItemTransactionTestData(10001, '11'); call createHsBookingItemTransactionTestData(10002, '12'); diff --git a/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6303-hs-booking-item-rbac.sql b/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6303-hs-booking-item-rbac.sql index bcd6523e..e9ce4c33 100644 --- a/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6303-hs-booking-item-rbac.sql +++ b/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6303-hs-booking-item-rbac.sql @@ -107,7 +107,7 @@ do language plpgsql $$ declare row global; begin - call defineContext('create INSERT INTO hs_booking_item permissions for pre-exising global rows'); + call basis.defineContext('create INSERT INTO hs_booking_item permissions for pre-exising global rows'); FOR row IN SELECT * FROM global -- unconditional for all rows in that table @@ -150,7 +150,7 @@ do language plpgsql $$ declare row hs_booking_project; begin - call defineContext('create INSERT INTO hs_booking_item permissions for pre-exising hs_booking_project rows'); + call basis.defineContext('create INSERT INTO hs_booking_item permissions for pre-exising hs_booking_project rows'); FOR row IN SELECT * FROM hs_booking_project -- unconditional for all rows in that table diff --git a/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7018-hs-hosting-asset-test-data.sql b/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7018-hs-hosting-asset-test-data.sql index 0af7e38e..05494057 100644 --- a/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7018-hs-hosting-asset-test-data.sql +++ b/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7018-hs-hosting-asset-test-data.sql @@ -30,7 +30,7 @@ declare pgSqlInstanceUuid uuid; PgSqlUserUuid uuid; begin - call defineContext('creating hosting-asset test-data', null, 'superuser-alex@hostsharing.net', 'global#global:ADMIN'); + call basis.defineContext('creating hosting-asset test-data', null, 'superuser-alex@hostsharing.net', 'global#global:ADMIN'); select project.* into relatedProject from hs_booking_project project @@ -110,7 +110,7 @@ end; $$; do language plpgsql $$ begin - call defineContext('creating hosting-asset test-data', null, 'superuser-alex@hostsharing.net', 'global#global:ADMIN'); + call basis.defineContext('creating hosting-asset test-data', null, 'superuser-alex@hostsharing.net', 'global#global:ADMIN'); call createHsHostingAssetTestData('D-1000111 default project'); call createHsHostingAssetTestData('D-1000212 default project'); diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/context/ContextIntegrationTests.java b/src/test/java/net/hostsharing/hsadminng/rbac/context/ContextIntegrationTests.java index 22e1df04..1838958e 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/context/ContextIntegrationTests.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/context/ContextIntegrationTests.java @@ -81,7 +81,7 @@ class ContextIntegrationTests { // then result.assertExceptionWithRootCauseMessage( jakarta.persistence.PersistenceException.class, - "[401] user unknown@example.org given in `defineContext(...)` does not exist"); + "[401] user unknown@example.org given in `basis.defineContext(...)` does not exist"); } @Test diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/context/ContextUnitTest.java b/src/test/java/net/hostsharing/hsadminng/rbac/context/ContextUnitTest.java index ae64d8c1..3b1f6cf5 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/context/ContextUnitTest.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/context/ContextUnitTest.java @@ -28,7 +28,7 @@ import static org.mockito.Mockito.verify; class ContextUnitTest { private static final String DEFINE_CONTEXT_QUERY_STRING = """ - call defineContext( + call basis.defineContext( cast(:currentTask as varchar(127)), cast(:currentRequest as text), cast(:currentUser as varchar(63)), diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleRepositoryIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleRepositoryIntegrationTest.java index e7a28261..092ac91a 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleRepositoryIntegrationTest.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleRepositoryIntegrationTest.java @@ -146,7 +146,7 @@ class RbacRoleRepositoryIntegrationTest { result.assertExceptionWithRootCauseMessage( JpaSystemException.class, - "[401] currentSubjectsUuids cannot be determined, please call `defineContext(...)` with a valid user"); + "[401] currentSubjectsUuids cannot be determined, please call `basis.defineContext(...)` with a valid user"); } } -- 2.39.5 From a4c2cd3eddc19dd3a91e39815a6ed7841c36eb9a Mon Sep 17 00:00:00 2001 From: Michael Hoennig Date: Fri, 13 Sep 2024 08:32:10 +0200 Subject: [PATCH 06/57] basis.currentTask() --- src/main/resources/db/changelog/0-basis/010-context.sql | 2 +- src/main/resources/db/changelog/0-basis/020-audit-log.sql | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/main/resources/db/changelog/0-basis/010-context.sql b/src/main/resources/db/changelog/0-basis/010-context.sql index c770d7fd..c27330cc 100644 --- a/src/main/resources/db/changelog/0-basis/010-context.sql +++ b/src/main/resources/db/changelog/0-basis/010-context.sql @@ -58,7 +58,7 @@ end; $$; Returns the current task as set by `hsadminng.currentTask`. Raises exception if not set. */ -create or replace function currentTask() +create or replace function basis.currentTask() returns varchar(127) stable -- leakproof language plpgsql as $$ diff --git a/src/main/resources/db/changelog/0-basis/020-audit-log.sql b/src/main/resources/db/changelog/0-basis/020-audit-log.sql index b2679dd8..8bd319e0 100644 --- a/src/main/resources/db/changelog/0-basis/020-audit-log.sql +++ b/src/main/resources/db/changelog/0-basis/020-audit-log.sql @@ -78,7 +78,7 @@ declare curTask text; curTxId xid8; begin - curTask := currentTask(); + curTask := basis.currentTask(); curTxId := pg_current_xact_id(); insert -- 2.39.5 From 18b53ad2200c912f8a4512c2c8c7491bf69e473a Mon Sep 17 00:00:00 2001 From: Michael Hoennig Date: Fri, 13 Sep 2024 08:46:16 +0200 Subject: [PATCH 07/57] basis.currentRequest(), basis.tx_journal_trigger() --- src/main/resources/db/changelog/0-basis/010-context.sql | 2 +- src/main/resources/db/changelog/0-basis/020-audit-log.sql | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/src/main/resources/db/changelog/0-basis/010-context.sql b/src/main/resources/db/changelog/0-basis/010-context.sql index c27330cc..10c24ad2 100644 --- a/src/main/resources/db/changelog/0-basis/010-context.sql +++ b/src/main/resources/db/changelog/0-basis/010-context.sql @@ -86,7 +86,7 @@ end; $$; Returns the current http request as set via `basis.defineContext(...)`. Raises exception if not set. */ -create or replace function currentRequest() +create or replace function basis.currentRequest() returns text stable -- leakproof language plpgsql as $$ diff --git a/src/main/resources/db/changelog/0-basis/020-audit-log.sql b/src/main/resources/db/changelog/0-basis/020-audit-log.sql index 8bd319e0..d0fe6082 100644 --- a/src/main/resources/db/changelog/0-basis/020-audit-log.sql +++ b/src/main/resources/db/changelog/0-basis/020-audit-log.sql @@ -71,7 +71,7 @@ select txc.*, txj.targettable, txj.targetop, txj.targetuuid, txj.targetdelta /* Trigger function for transaction audit journal. */ -create or replace function tx_journal_trigger() +create or replace function basis.tx_journal_trigger() returns trigger language plpgsql as $$ declare @@ -84,7 +84,7 @@ begin insert into tx_context (txId, txTimestamp, currentUser, assumedRoles, currentTask, currentRequest) values ( curTxId, now(), - currentUser(), assumedRoles(), curTask, currentRequest()) + currentUser(), assumedRoles(), curTask, basis.currentRequest()) on conflict do nothing; case tg_op @@ -125,7 +125,7 @@ begin createTriggerSQL = 'CREATE TRIGGER ' || targetTable || '_journal' || ' AFTER INSERT OR UPDATE OR DELETE ON ' || targetTable || - ' FOR EACH ROW EXECUTE PROCEDURE tx_journal_trigger()'; + ' FOR EACH ROW EXECUTE PROCEDURE basis.tx_journal_trigger()'; execute createTriggerSQL; end; $$; --// -- 2.39.5 From 5f00a093e41689437e6bd62259c07e35c088231e Mon Sep 17 00:00:00 2001 From: Michael Hoennig Date: Fri, 13 Sep 2024 08:51:12 +0200 Subject: [PATCH 08/57] basis.tx_context, basis.tx_journal, basis.tx_journal_v, asis.create_journal --- .../db/changelog/0-basis/020-audit-log.sql | 28 +++++++++---------- .../changelog/0-basis/030-historization.sql | 8 +++--- .../db/changelog/1-rbac/1050-rbac-base.sql | 10 +++---- .../501-contact/5010-hs-office-contact.sql | 2 +- .../502-person/5020-hs-office-person.sql | 2 +- .../503-relation/5030-hs-office-relation.sql | 2 +- .../504-partner/5040-hs-office-partner.sql | 4 +-- .../5050-hs-office-bankaccount.sql | 2 +- .../506-debitor/5060-hs-office-debitor.sql | 2 +- .../5070-hs-office-sepamandate.sql | 2 +- .../5100-hs-office-membership.sql | 2 +- .../5110-hs-office-coopshares.sql | 2 +- .../5120-hs-office-coopassets.sql | 2 +- .../6200-hs-booking-project.sql | 2 +- .../630-booking-item/6200-hs-booking-item.sql | 2 +- .../7010-hs-hosting-asset.sql | 2 +- ...sBookingItemRepositoryIntegrationTest.java | 2 +- ...okingProjectRepositoryIntegrationTest.java | 2 +- ...HostingAssetRepositoryIntegrationTest.java | 2 +- .../hsadminng/hs/migration/CsvDataImport.java | 4 +-- ...eBankAccountRepositoryIntegrationTest.java | 2 +- ...eContactRbacRepositoryIntegrationTest.java | 2 +- ...sTransactionRepositoryIntegrationTest.java | 2 +- ...sTransactionRepositoryIntegrationTest.java | 2 +- ...fficeDebitorRepositoryIntegrationTest.java | 2 +- ...ceMembershipRepositoryIntegrationTest.java | 2 +- ...fficePartnerRepositoryIntegrationTest.java | 2 +- ...OfficePersonRepositoryIntegrationTest.java | 2 +- ...ficeRelationRepositoryIntegrationTest.java | 2 +- ...eSepaMandateRepositoryIntegrationTest.java | 2 +- 30 files changed, 52 insertions(+), 52 deletions(-) diff --git a/src/main/resources/db/changelog/0-basis/020-audit-log.sql b/src/main/resources/db/changelog/0-basis/020-audit-log.sql index d0fe6082..74af2623 100644 --- a/src/main/resources/db/changelog/0-basis/020-audit-log.sql +++ b/src/main/resources/db/changelog/0-basis/020-audit-log.sql @@ -21,7 +21,7 @@ do $$ /* A table storing transactions with context data. */ -create table tx_context +create table basis.tx_context ( txId xid8 primary key not null, txTimestamp timestamp not null, @@ -31,7 +31,7 @@ create table tx_context currentRequest text not null ); -create index on tx_context using brin (txTimestamp); +create index on basis.tx_context using brin (txTimestamp); --// -- ============================================================================ @@ -40,28 +40,28 @@ create index on tx_context using brin (txTimestamp); /* A table storing the transaction audit journal for all target tables it's configured for. */ -create table tx_journal +create table basis.tx_journal ( - txId xid8 not null references tx_context (txId), + txId xid8 not null references basis.tx_context (txId), targetTable text not null, targetUuid uuid not null, -- Assumes that all audited tables have a uuid column. targetOp operation not null, targetDelta jsonb ); -create index on tx_journal (targetTable, targetUuid); +create index on basis.tx_journal (targetTable, targetUuid); --// -- ============================================================================ --changeset audit-TX-JOURNAL-VIEW:1 endDelimiter:--// -- ---------------------------------------------------------------------------- /* - A view combining tx_journal with tx_context. + A view combining basis.tx_journal with basis.tx_context. */ -create view tx_journal_v as +create view basis.tx_journal_v as select txc.*, txj.targettable, txj.targetop, txj.targetuuid, txj.targetdelta - from tx_journal txj - left join tx_context txc using (txId) + from basis.tx_journal txj + left join basis.tx_context txc using (txId) order by txc.txtimestamp; --// @@ -82,24 +82,24 @@ begin curTxId := pg_current_xact_id(); insert - into tx_context (txId, txTimestamp, currentUser, assumedRoles, currentTask, currentRequest) + into basis.tx_context (txId, txTimestamp, currentUser, assumedRoles, currentTask, currentRequest) values ( curTxId, now(), currentUser(), assumedRoles(), curTask, basis.currentRequest()) on conflict do nothing; case tg_op when 'INSERT' then insert - into tx_journal + into basis.tx_journal values (curTxId, tg_table_name, new.uuid, tg_op::operation, to_jsonb(new)); when 'UPDATE' then insert - into tx_journal + into basis.tx_journal values (curTxId, tg_table_name, old.uuid, tg_op::operation, basis.jsonb_changes_delta(to_jsonb(old), to_jsonb(new))); when 'DELETE' then insert - into tx_journal + into basis.tx_journal values (curTxId, tg_table_name, old.uuid, 'DELETE'::operation, null::jsonb); @@ -116,7 +116,7 @@ end; $$; Trigger function for transaction audit journal. */ -create or replace procedure create_journal(targetTable varchar) +create or replace procedure basis.create_journal(targetTable varchar) language plpgsql as $$ declare createTriggerSQL varchar; diff --git a/src/main/resources/db/changelog/0-basis/030-historization.sql b/src/main/resources/db/changelog/0-basis/030-historization.sql index 709cb9c8..f5e4eba2 100644 --- a/src/main/resources/db/changelog/0-basis/030-historization.sql +++ b/src/main/resources/db/changelog/0-basis/030-historization.sql @@ -27,7 +27,7 @@ begin if historicalTxIdSetting is null or historicalTxIdSetting = '' then select historicalTimestampSetting::timestamp into historicalTimestamp; - select max(txc.txid) from tx_context txc where txc.txtimestamp <= historicalTimestamp into historicalTxId; + select max(txc.txid) from basis.tx_context txc where txc.txtimestamp <= historicalTimestamp into historicalTxId; else historicalTxId = historicalTxIdSetting::xid8; end if; @@ -110,7 +110,7 @@ begin createHistTableSql = '' || 'CREATE TABLE ' || baseTable || '_ex (' || ' version_id serial PRIMARY KEY,' || - ' txid xid8 NOT NULL REFERENCES tx_context(txid),' || + ' txid xid8 NOT NULL REFERENCES basis.tx_context(txid),' || ' trigger_op tx_operation NOT NULL,' || ' alive boolean not null,' || ' LIKE ' || baseTable || @@ -131,7 +131,7 @@ begin createViewSQL = format( 'CREATE OR REPLACE VIEW %1$s AS' || '(' || - -- make sure the function is only called once, not for every matching row in tx_context + -- make sure the function is only called once, not for every matching row in basis.tx_context ' WITH txh AS (SELECT tx_history_txid() AS txid) ' || ' SELECT %2$s' || ' FROM %3$s' || @@ -140,7 +140,7 @@ begin ' (' || ' SELECT max(ex.version_id) AS history_id' || ' FROM %3$s AS ex' || - ' JOIN tx_context as txc ON ex.txid = txc.txid' || + ' JOIN basis.tx_context as txc ON ex.txid = txc.txid' || ' WHERE txc.txid <= (SELECT txid FROM txh)' || ' GROUP BY uuid' || ' )' || diff --git a/src/main/resources/db/changelog/1-rbac/1050-rbac-base.sql b/src/main/resources/db/changelog/1-rbac/1050-rbac-base.sql index 1ff3463a..695719be 100644 --- a/src/main/resources/db/changelog/1-rbac/1050-rbac-base.sql +++ b/src/main/resources/db/changelog/1-rbac/1050-rbac-base.sql @@ -44,7 +44,7 @@ create table RbacUser name varchar(63) not null unique ); -call create_journal('RbacUser'); +call basis.create_journal('RbacUser'); create or replace function createRbacUser(userName varchar) returns uuid @@ -102,7 +102,7 @@ create table RbacObject unique (objectTable, uuid) ); -call create_journal('RbacObject'); +call basis.create_journal('RbacObject'); --// @@ -174,7 +174,7 @@ create table RbacRole unique (objectUuid, roleType) ); -call create_journal('RbacRole'); +call basis.create_journal('RbacRole'); create type RbacRoleDescriptor as ( @@ -379,7 +379,7 @@ create index on RbacPermission (opTableName, op); ALTER TABLE RbacPermission ADD CONSTRAINT RbacPermission_uc UNIQUE NULLS NOT DISTINCT (objectUuid, op, opTableName); -call create_journal('RbacPermission'); +call basis.create_journal('RbacPermission'); create or replace function createPermission(forObjectUuid uuid, forOp RbacOp, forOpTableName text = null) returns uuid @@ -497,7 +497,7 @@ create table RbacGrants create index on RbacGrants (ascendantUuid); create index on RbacGrants (descendantUuid); -call create_journal('RbacGrants'); +call basis.create_journal('RbacGrants'); create or replace function findGrantees(grantedId uuid) returns setof RbacReference returns null on null input diff --git a/src/main/resources/db/changelog/5-hs-office/501-contact/5010-hs-office-contact.sql b/src/main/resources/db/changelog/5-hs-office/501-contact/5010-hs-office-contact.sql index 514f2ca0..9c187d11 100644 --- a/src/main/resources/db/changelog/5-hs-office/501-contact/5010-hs-office-contact.sql +++ b/src/main/resources/db/changelog/5-hs-office/501-contact/5010-hs-office-contact.sql @@ -20,5 +20,5 @@ create table if not exists hs_office_contact --changeset hs-office-contact-MAIN-TABLE-JOURNAL:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -call create_journal('hs_office_contact'); +call basis.create_journal('hs_office_contact'); --// diff --git a/src/main/resources/db/changelog/5-hs-office/502-person/5020-hs-office-person.sql b/src/main/resources/db/changelog/5-hs-office/502-person/5020-hs-office-person.sql index 528b512c..97435390 100644 --- a/src/main/resources/db/changelog/5-hs-office/502-person/5020-hs-office-person.sql +++ b/src/main/resources/db/changelog/5-hs-office/502-person/5020-hs-office-person.sql @@ -31,5 +31,5 @@ create table if not exists hs_office_person --changeset hs-office-person-MAIN-TABLE-JOURNAL:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -call create_journal('hs_office_person'); +call basis.create_journal('hs_office_person'); --// diff --git a/src/main/resources/db/changelog/5-hs-office/503-relation/5030-hs-office-relation.sql b/src/main/resources/db/changelog/5-hs-office/503-relation/5030-hs-office-relation.sql index 1c207177..e4d6d166 100644 --- a/src/main/resources/db/changelog/5-hs-office/503-relation/5030-hs-office-relation.sql +++ b/src/main/resources/db/changelog/5-hs-office/503-relation/5030-hs-office-relation.sql @@ -33,5 +33,5 @@ create table if not exists hs_office_relation --changeset hs-office-relation-MAIN-TABLE-JOURNAL:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -call create_journal('hs_office_relation'); +call basis.create_journal('hs_office_relation'); --// diff --git a/src/main/resources/db/changelog/5-hs-office/504-partner/5040-hs-office-partner.sql b/src/main/resources/db/changelog/5-hs-office/504-partner/5040-hs-office-partner.sql index a8a88adc..aac22c5b 100644 --- a/src/main/resources/db/changelog/5-hs-office/504-partner/5040-hs-office-partner.sql +++ b/src/main/resources/db/changelog/5-hs-office/504-partner/5040-hs-office-partner.sql @@ -23,7 +23,7 @@ create table hs_office_partner_details --changeset hs-office-partner-DETAILS-TABLE-JOURNAL:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -call create_journal('hs_office_partner_details'); +call basis.create_journal('hs_office_partner_details'); --// -- ============================================================================ @@ -83,5 +83,5 @@ create trigger hs_office_partner_delete_dependents_trigger --changeset hs-office-partner-MAIN-TABLE-JOURNAL:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -call create_journal('hs_office_partner'); +call basis.create_journal('hs_office_partner'); --// diff --git a/src/main/resources/db/changelog/5-hs-office/505-bankaccount/5050-hs-office-bankaccount.sql b/src/main/resources/db/changelog/5-hs-office/505-bankaccount/5050-hs-office-bankaccount.sql index e061a3ca..1dec8bc3 100644 --- a/src/main/resources/db/changelog/5-hs-office/505-bankaccount/5050-hs-office-bankaccount.sql +++ b/src/main/resources/db/changelog/5-hs-office/505-bankaccount/5050-hs-office-bankaccount.sql @@ -18,5 +18,5 @@ create table hs_office_bankaccount --changeset hs-office-bankaccount-MAIN-TABLE-JOURNAL:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -call create_journal('hs_office_bankaccount'); +call basis.create_journal('hs_office_bankaccount'); --// diff --git a/src/main/resources/db/changelog/5-hs-office/506-debitor/5060-hs-office-debitor.sql b/src/main/resources/db/changelog/5-hs-office/506-debitor/5060-hs-office-debitor.sql index bbf72543..462a9dbd 100644 --- a/src/main/resources/db/changelog/5-hs-office/506-debitor/5060-hs-office-debitor.sql +++ b/src/main/resources/db/changelog/5-hs-office/506-debitor/5060-hs-office-debitor.sql @@ -61,5 +61,5 @@ execute procedure deleteHsOfficeDependentsOnDebitorDelete(); --changeset hs-office-debitor-MAIN-TABLE-JOURNAL:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -call create_journal('hs_office_debitor'); +call basis.create_journal('hs_office_debitor'); --// diff --git a/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5070-hs-office-sepamandate.sql b/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5070-hs-office-sepamandate.sql index c2ffd86d..ff020fb3 100644 --- a/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5070-hs-office-sepamandate.sql +++ b/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5070-hs-office-sepamandate.sql @@ -21,5 +21,5 @@ create table if not exists hs_office_sepamandate --changeset hs-office-sepamandate-MAIN-TABLE-JOURNAL:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -call create_journal('hs_office_sepamandate'); +call basis.create_journal('hs_office_sepamandate'); --// diff --git a/src/main/resources/db/changelog/5-hs-office/510-membership/5100-hs-office-membership.sql b/src/main/resources/db/changelog/5-hs-office/510-membership/5100-hs-office-membership.sql index 47831f9d..ab9d3e43 100644 --- a/src/main/resources/db/changelog/5-hs-office/510-membership/5100-hs-office-membership.sql +++ b/src/main/resources/db/changelog/5-hs-office/510-membership/5100-hs-office-membership.sql @@ -36,5 +36,5 @@ create table if not exists hs_office_membership --changeset hs-office-membership-MAIN-TABLE-JOURNAL:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -call create_journal('hs_office_membership'); +call basis.create_journal('hs_office_membership'); --// diff --git a/src/main/resources/db/changelog/5-hs-office/511-coopshares/5110-hs-office-coopshares.sql b/src/main/resources/db/changelog/5-hs-office/511-coopshares/5110-hs-office-coopshares.sql index 599c9cfc..1adf48d6 100644 --- a/src/main/resources/db/changelog/5-hs-office/511-coopshares/5110-hs-office-coopshares.sql +++ b/src/main/resources/db/changelog/5-hs-office/511-coopshares/5110-hs-office-coopshares.sql @@ -64,5 +64,5 @@ alter table hs_office_coopsharestransaction --changeset hs-office-coopshares-MAIN-TABLE-JOURNAL:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -call create_journal('hs_office_coopsharestransaction'); +call basis.create_journal('hs_office_coopsharestransaction'); --// diff --git a/src/main/resources/db/changelog/5-hs-office/512-coopassets/5120-hs-office-coopassets.sql b/src/main/resources/db/changelog/5-hs-office/512-coopassets/5120-hs-office-coopassets.sql index 289d5c2e..3b93e61e 100644 --- a/src/main/resources/db/changelog/5-hs-office/512-coopassets/5120-hs-office-coopassets.sql +++ b/src/main/resources/db/changelog/5-hs-office/512-coopassets/5120-hs-office-coopassets.sql @@ -72,5 +72,5 @@ alter table hs_office_coopassetstransaction --changeset hs-office-coopassets-MAIN-TABLE-JOURNAL:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -call create_journal('hs_office_coopassetstransaction'); +call basis.create_journal('hs_office_coopassetstransaction'); --// diff --git a/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6200-hs-booking-project.sql b/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6200-hs-booking-project.sql index 564e36c0..7154fff6 100644 --- a/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6200-hs-booking-project.sql +++ b/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6200-hs-booking-project.sql @@ -18,7 +18,7 @@ create table if not exists hs_booking_project --changeset hs-booking-project-MAIN-TABLE-JOURNAL:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -call create_journal('hs_booking_project'); +call basis.create_journal('hs_booking_project'); --// diff --git a/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6200-hs-booking-item.sql b/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6200-hs-booking-item.sql index 4796ac58..228cd7d7 100644 --- a/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6200-hs-booking-item.sql +++ b/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6200-hs-booking-item.sql @@ -35,7 +35,7 @@ create table if not exists hs_booking_item --changeset hs-booking-item-MAIN-TABLE-JOURNAL:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -call create_journal('hs_booking_item'); +call basis.create_journal('hs_booking_item'); --// diff --git a/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7010-hs-hosting-asset.sql b/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7010-hs-hosting-asset.sql index aa39bb28..e791b67c 100644 --- a/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7010-hs-hosting-asset.sql +++ b/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7010-hs-hosting-asset.sql @@ -166,7 +166,7 @@ execute procedure hs_hosting_asset_booking_item_hierarchy_check_tf(); -- ============================================================================ --changeset hs-hosting-asset-MAIN-TABLE-JOURNAL:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -call create_journal('hs_hosting_asset'); +call basis.create_journal('hs_hosting_asset'); --// diff --git a/src/test/java/net/hostsharing/hsadminng/hs/booking/item/HsBookingItemRepositoryIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/hs/booking/item/HsBookingItemRepositoryIntegrationTest.java index ca931e44..40292ce3 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/booking/item/HsBookingItemRepositoryIntegrationTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/booking/item/HsBookingItemRepositoryIntegrationTest.java @@ -69,7 +69,7 @@ class HsBookingItemRepositoryIntegrationTest extends ContextBasedTestWithCleanup // given final var query = em.createNativeQuery(""" select currentTask, targetTable, targetOp, targetdelta->>'caption' - from tx_journal_v + from basis.tx_journal_v where targettable = 'hs_booking_item'; """); diff --git a/src/test/java/net/hostsharing/hsadminng/hs/booking/project/HsBookingProjectRepositoryIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/hs/booking/project/HsBookingProjectRepositoryIntegrationTest.java index b3a05ffa..6fc7c555 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/booking/project/HsBookingProjectRepositoryIntegrationTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/booking/project/HsBookingProjectRepositoryIntegrationTest.java @@ -64,7 +64,7 @@ class HsBookingProjectRepositoryIntegrationTest extends ContextBasedTestWithClea // given final var query = em.createNativeQuery(""" select currentTask, targetTable, targetOp, targetdelta->>'caption' - from tx_journal_v + from basis.tx_journal_v where targettable = 'hs_booking_project'; """); diff --git a/src/test/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAssetRepositoryIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAssetRepositoryIntegrationTest.java index 26861624..c2469a30 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAssetRepositoryIntegrationTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAssetRepositoryIntegrationTest.java @@ -77,7 +77,7 @@ class HsHostingAssetRepositoryIntegrationTest extends ContextBasedTestWithCleanu // given final var query = em.createNativeQuery(""" select currentTask, targetTable, targetOp, targetdelta->>'caption' - from tx_journal_v + from basis.tx_journal_v where targettable = 'hs_hosting_asset'; """); diff --git a/src/test/java/net/hostsharing/hsadminng/hs/migration/CsvDataImport.java b/src/test/java/net/hostsharing/hsadminng/hs/migration/CsvDataImport.java index d10f3577..553cc045 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/migration/CsvDataImport.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/migration/CsvDataImport.java @@ -299,8 +299,8 @@ public class CsvDataImport extends ContextBasedTest { jpaAttempt.transacted(() -> { context(rbacSuperuser); em.createNativeQuery("delete from rbacuser_rv where name not like 'superuser-%'").executeUpdate(); - em.createNativeQuery("delete from tx_journal where true").executeUpdate(); - em.createNativeQuery("delete from tx_context where true").executeUpdate(); + em.createNativeQuery("delete from basis.tx_journal where true").executeUpdate(); + em.createNativeQuery("delete from basis.tx_context where true").executeUpdate(); }).assertSuccessful(); } diff --git a/src/test/java/net/hostsharing/hsadminng/hs/office/bankaccount/HsOfficeBankAccountRepositoryIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/hs/office/bankaccount/HsOfficeBankAccountRepositoryIntegrationTest.java index 5fbd89a3..b7baaa95 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/office/bankaccount/HsOfficeBankAccountRepositoryIntegrationTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/office/bankaccount/HsOfficeBankAccountRepositoryIntegrationTest.java @@ -272,7 +272,7 @@ class HsOfficeBankAccountRepositoryIntegrationTest extends ContextBasedTestWithC // given final var query = em.createNativeQuery(""" select currentTask, targetTable, targetOp, targetdelta->>'iban' - from tx_journal_v + from basis.tx_journal_v where targettable = 'hs_office_bankaccount'; """); diff --git a/src/test/java/net/hostsharing/hsadminng/hs/office/contact/HsOfficeContactRbacRepositoryIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/hs/office/contact/HsOfficeContactRbacRepositoryIntegrationTest.java index 5eea0091..dbaccbbd 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/office/contact/HsOfficeContactRbacRepositoryIntegrationTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/office/contact/HsOfficeContactRbacRepositoryIntegrationTest.java @@ -257,7 +257,7 @@ class HsOfficeContactRbacRepositoryIntegrationTest extends ContextBasedTestWithC // given final var query = em.createNativeQuery(""" select currentTask, targetTable, targetOp, targetdelta->>'caption' - from tx_journal_v + from basis.tx_journal_v where targettable = 'hs_office_contact'; """); diff --git a/src/test/java/net/hostsharing/hsadminng/hs/office/coopassets/HsOfficeCoopAssetsTransactionRepositoryIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/hs/office/coopassets/HsOfficeCoopAssetsTransactionRepositoryIntegrationTest.java index ad059e16..87c4da19 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/office/coopassets/HsOfficeCoopAssetsTransactionRepositoryIntegrationTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/office/coopassets/HsOfficeCoopAssetsTransactionRepositoryIntegrationTest.java @@ -221,7 +221,7 @@ class HsOfficeCoopAssetsTransactionRepositoryIntegrationTest extends ContextBase // given final var query = em.createNativeQuery(""" select currentTask, targetTable, targetOp, targetdelta->>'reference' - from tx_journal_v + from basis.tx_journal_v where targettable = 'hs_office_coopassetstransaction'; """); diff --git a/src/test/java/net/hostsharing/hsadminng/hs/office/coopshares/HsOfficeCoopSharesTransactionRepositoryIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/hs/office/coopshares/HsOfficeCoopSharesTransactionRepositoryIntegrationTest.java index db1b0f39..d9b420f9 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/office/coopshares/HsOfficeCoopSharesTransactionRepositoryIntegrationTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/office/coopshares/HsOfficeCoopSharesTransactionRepositoryIntegrationTest.java @@ -220,7 +220,7 @@ class HsOfficeCoopSharesTransactionRepositoryIntegrationTest extends ContextBase // given final var query = em.createNativeQuery(""" select currentTask, targetTable, targetOp, targetdelta->>'reference' - from tx_journal_v + from basis.tx_journal_v where targettable = 'hs_office_coopsharestransaction'; """); diff --git a/src/test/java/net/hostsharing/hsadminng/hs/office/debitor/HsOfficeDebitorRepositoryIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/hs/office/debitor/HsOfficeDebitorRepositoryIntegrationTest.java index 1d16254d..ac29eb5e 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/office/debitor/HsOfficeDebitorRepositoryIntegrationTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/office/debitor/HsOfficeDebitorRepositoryIntegrationTest.java @@ -590,7 +590,7 @@ class HsOfficeDebitorRepositoryIntegrationTest extends ContextBasedTestWithClean // given final var query = em.createNativeQuery(""" select currentTask, targetTable, targetOp, targetdelta->>'defaultprefix' - from tx_journal_v + from basis.tx_journal_v where targettable = 'hs_office_debitor'; """); diff --git a/src/test/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipRepositoryIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipRepositoryIntegrationTest.java index 6e013be2..f4acbf9f 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipRepositoryIntegrationTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipRepositoryIntegrationTest.java @@ -337,7 +337,7 @@ class HsOfficeMembershipRepositoryIntegrationTest extends ContextBasedTestWithCl // given final var query = em.createNativeQuery(""" select currentTask, targetTable, targetOp, targetdelta->>'membernumbersuffix' - from tx_journal_v + from basis.tx_journal_v where targettable = 'hs_office_membership'; """); diff --git a/src/test/java/net/hostsharing/hsadminng/hs/office/partner/HsOfficePartnerRepositoryIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/hs/office/partner/HsOfficePartnerRepositoryIntegrationTest.java index 2d871048..055a835c 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/office/partner/HsOfficePartnerRepositoryIntegrationTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/office/partner/HsOfficePartnerRepositoryIntegrationTest.java @@ -434,7 +434,7 @@ class HsOfficePartnerRepositoryIntegrationTest extends ContextBasedTestWithClean // given final var query = em.createNativeQuery(""" select currentTask, targetTable, targetOp, targetdelta->>'partnernumber' - from tx_journal_v + from basis.tx_journal_v where targettable = 'hs_office_partner'; """); diff --git a/src/test/java/net/hostsharing/hsadminng/hs/office/person/HsOfficePersonRepositoryIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/hs/office/person/HsOfficePersonRepositoryIntegrationTest.java index 6ee4f486..5445ff29 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/office/person/HsOfficePersonRepositoryIntegrationTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/office/person/HsOfficePersonRepositoryIntegrationTest.java @@ -261,7 +261,7 @@ class HsOfficePersonRepositoryIntegrationTest extends ContextBasedTestWithCleanu // given final var query = em.createNativeQuery(""" select currentTask, targetTable, targetOp, targetdelta->>'tradename', targetdelta->>'lastname' - from tx_journal_v + from basis.tx_journal_v where targettable = 'hs_office_person'; """); diff --git a/src/test/java/net/hostsharing/hsadminng/hs/office/relation/HsOfficeRelationRepositoryIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/hs/office/relation/HsOfficeRelationRepositoryIntegrationTest.java index b9ccb589..3092fb54 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/office/relation/HsOfficeRelationRepositoryIntegrationTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/office/relation/HsOfficeRelationRepositoryIntegrationTest.java @@ -395,7 +395,7 @@ class HsOfficeRelationRepositoryIntegrationTest extends ContextBasedTestWithClea // given final var query = em.createNativeQuery(""" select currentTask, targetTable, targetOp, targetdelta->>'mark' - from tx_journal_v + from basis.tx_journal_v where targettable = 'hs_office_relation'; """); diff --git a/src/test/java/net/hostsharing/hsadminng/hs/office/sepamandate/HsOfficeSepaMandateRepositoryIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/hs/office/sepamandate/HsOfficeSepaMandateRepositoryIntegrationTest.java index 3fb90976..8f7d7260 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/office/sepamandate/HsOfficeSepaMandateRepositoryIntegrationTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/office/sepamandate/HsOfficeSepaMandateRepositoryIntegrationTest.java @@ -380,7 +380,7 @@ class HsOfficeSepaMandateRepositoryIntegrationTest extends ContextBasedTestWithC // given final var query = em.createNativeQuery(""" select currentTask, targetTable, targetOp, targetdelta->>'reference' - from tx_journal_v + from basis.tx_journal_v where targettable = 'hs_office_sepamandate'; """); -- 2.39.5 From a7037c4306d9194c14df7f71b0f1841c5c8221de Mon Sep 17 00:00:00 2001 From: Michael Hoennig Date: Fri, 13 Sep 2024 08:56:27 +0200 Subject: [PATCH 09/57] basis.tx_history_txid(), basis.tx_operation, basis.tx_create_historicization(...) --- .../db/changelog/0-basis/030-historization.sql | 18 +++++++++--------- .../6200-hs-booking-project.sql | 2 +- .../630-booking-item/6200-hs-booking-item.sql | 2 +- .../7010-hs-hosting-asset.sql | 2 +- .../rbac/context/ContextBasedTest.java | 4 ++-- 5 files changed, 14 insertions(+), 14 deletions(-) diff --git a/src/main/resources/db/changelog/0-basis/030-historization.sql b/src/main/resources/db/changelog/0-basis/030-historization.sql index f5e4eba2..6368df06 100644 --- a/src/main/resources/db/changelog/0-basis/030-historization.sql +++ b/src/main/resources/db/changelog/0-basis/030-historization.sql @@ -3,7 +3,7 @@ -- ============================================================================ --changeset hs-global-historization-tx-history-txid:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -create or replace function tx_history_txid() +create or replace function basis.tx_history_txid() returns xid8 stable language plpgsql as $$ declare @@ -12,18 +12,18 @@ declare historicalTxId xid8; historicalTimestamp timestamp; begin - select coalesce(current_setting('hsadminng.tx_history_txid', true), '') into historicalTxIdSetting; + select coalesce(current_setting('hsadminng.basis.tx_history_txid', true), '') into historicalTxIdSetting; select coalesce(current_setting('hsadminng.tx_history_timestamp', true), '') into historicalTimestampSetting; if historicalTxIdSetting > '' and historicalTimestampSetting > '' then - raise exception 'either hsadminng.tx_history_txid or hsadminng.tx_history_timestamp must be set, but both are set: (%, %)', + raise exception 'either hsadminng.basis.tx_history_txid or hsadminng.tx_history_timestamp must be set, but both are set: (%, %)', historicalTxIdSetting, historicalTimestampSetting; end if; if historicalTxIdSetting = '' and historicalTimestampSetting = '' then - raise exception 'either hsadminng.tx_history_txid or hsadminng.tx_history_timestamp must be set, but both are unset or empty: (%, %)', + raise exception 'either hsadminng.basis.tx_history_txid or hsadminng.tx_history_timestamp must be set, but both are unset or empty: (%, %)', historicalTxIdSetting, historicalTimestampSetting; end if; -- just for debugging / making sure the function is only called once per query - -- raise notice 'tx_history_txid() called with: (%, %)', historicalTxIdSetting, historicalTimestampSetting; + -- raise notice 'basis.tx_history_txid() called with: (%, %)', historicalTxIdSetting, historicalTimestampSetting; if historicalTxIdSetting is null or historicalTxIdSetting = '' then select historicalTimestampSetting::timestamp into historicalTimestamp; @@ -40,7 +40,7 @@ end; $$; --changeset hs-global-historization-tx-historicize-tf:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -create type "tx_operation" as enum ('INSERT', 'UPDATE', 'DELETE', 'TRUNCATE'); +create type basis.tx_operation as enum ('INSERT', 'UPDATE', 'DELETE', 'TRUNCATE'); create or replace function tx_historicize_tf() returns trigger @@ -95,7 +95,7 @@ end; $$; -- ---------------------------------------------------------------------------- -create or replace procedure tx_create_historicization(baseTable varchar) +create or replace procedure basis.tx_create_historicization(baseTable varchar) language plpgsql as $$ declare createHistTableSql varchar; @@ -111,7 +111,7 @@ begin 'CREATE TABLE ' || baseTable || '_ex (' || ' version_id serial PRIMARY KEY,' || ' txid xid8 NOT NULL REFERENCES basis.tx_context(txid),' || - ' trigger_op tx_operation NOT NULL,' || + ' trigger_op basis.tx_operation NOT NULL,' || ' alive boolean not null,' || ' LIKE ' || baseTable || ' EXCLUDING CONSTRAINTS' || @@ -132,7 +132,7 @@ begin 'CREATE OR REPLACE VIEW %1$s AS' || '(' || -- make sure the function is only called once, not for every matching row in basis.tx_context - ' WITH txh AS (SELECT tx_history_txid() AS txid) ' || + ' WITH txh AS (SELECT basis.tx_history_txid() AS txid) ' || ' SELECT %2$s' || ' FROM %3$s' || ' WHERE alive = TRUE' || diff --git a/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6200-hs-booking-project.sql b/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6200-hs-booking-project.sql index 7154fff6..8ea0cc68 100644 --- a/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6200-hs-booking-project.sql +++ b/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6200-hs-booking-project.sql @@ -25,5 +25,5 @@ call basis.create_journal('hs_booking_project'); -- ============================================================================ --changeset hs-booking-project-MAIN-TABLE-HISTORIZATION:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -call tx_create_historicization('hs_booking_project'); +call basis.tx_create_historicization('hs_booking_project'); --// diff --git a/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6200-hs-booking-item.sql b/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6200-hs-booking-item.sql index 228cd7d7..6cb8808a 100644 --- a/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6200-hs-booking-item.sql +++ b/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6200-hs-booking-item.sql @@ -42,6 +42,6 @@ call basis.create_journal('hs_booking_item'); -- ============================================================================ --changeset hs-booking-item-MAIN-TABLE-HISTORIZATION:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -call tx_create_historicization('hs_booking_item'); +call basis.tx_create_historicization('hs_booking_item'); --// diff --git a/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7010-hs-hosting-asset.sql b/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7010-hs-hosting-asset.sql index e791b67c..34a79af5 100644 --- a/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7010-hs-hosting-asset.sql +++ b/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7010-hs-hosting-asset.sql @@ -173,7 +173,7 @@ call basis.create_journal('hs_hosting_asset'); -- ============================================================================ --changeset hs-hosting-asset-MAIN-TABLE-HISTORIZATION:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -call tx_create_historicization('hs_hosting_asset'); +call basis.tx_create_historicization('hs_hosting_asset'); --// diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/context/ContextBasedTest.java b/src/test/java/net/hostsharing/hsadminng/rbac/context/ContextBasedTest.java index 59704ad4..1ba06236 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/context/ContextBasedTest.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/context/ContextBasedTest.java @@ -52,7 +52,7 @@ public abstract class ContextBasedTest { protected void historicalContext(final Long txId) { // set local cannot be used with query parameters em.createNativeQuery(""" - set local hsadminng.tx_history_txid to ':txid'; + set local hsadminng.basis.tx_history_txid to ':txid'; """.replace(":txid", txId.toString())).executeUpdate(); em.createNativeQuery(""" set local hsadminng.tx_history_timestamp to ''; @@ -66,7 +66,7 @@ public abstract class ContextBasedTest { set local hsadminng.tx_history_timestamp to ':timestamp'; """.replace(":timestamp", txTimestamp.toString())).executeUpdate(); em.createNativeQuery(""" - set local hsadminng.tx_history_txid to ''; + set local hsadminng.basis.tx_history_txid to ''; """).executeUpdate(); } -- 2.39.5 From 77aba67af985c496b1c9085cb42f7c0e082f4c29 Mon Sep 17 00:00:00 2001 From: Michael Hoennig Date: Fri, 13 Sep 2024 09:01:15 +0200 Subject: [PATCH 10/57] basis.currentUser(), basis.assumedRoles() --- .../resources/db/changelog/0-basis/010-context.sql | 10 +++++----- .../resources/db/changelog/0-basis/020-audit-log.sql | 2 +- .../db/changelog/1-rbac/1051-rbac-user-grant.sql | 4 ++-- .../db/changelog/1-rbac/1054-rbac-context.sql | 8 ++++---- .../resources/db/changelog/1-rbac/1055-rbac-views.sql | 6 +++--- 5 files changed, 15 insertions(+), 15 deletions(-) diff --git a/src/main/resources/db/changelog/0-basis/010-context.sql b/src/main/resources/db/changelog/0-basis/010-context.sql index 10c24ad2..e0ff1818 100644 --- a/src/main/resources/db/changelog/0-basis/010-context.sql +++ b/src/main/resources/db/changelog/0-basis/010-context.sql @@ -110,7 +110,7 @@ end; $$; /* Returns the current user as defined by `basis.defineContext(...)`. */ -create or replace function currentUser() +create or replace function basis.currentUser() returns varchar(63) stable -- leakproof language plpgsql as $$ @@ -134,7 +134,7 @@ end; $$; Returns assumed role names as set in `hsadminng.assumedRoles` or empty array, if not set. */ -create or replace function assumedRoles() +create or replace function basis.assumedRoles() returns varchar(1023)[] stable -- leakproof language plpgsql as $$ @@ -213,11 +213,11 @@ create or replace function currentSubjects() declare assumedRoles varchar(1023)[]; begin - assumedRoles := assumedRoles(); + assumedRoles := basis.assumedRoles(); if array_length(assumedRoles, 1) > 0 then return assumedRoles; else - return array [currentUser()]::varchar(1023)[]; + return array [basis.currentUser()]::varchar(1023)[]; end if; end; $$; @@ -226,7 +226,7 @@ create or replace function hasAssumedRole() stable -- leakproof language plpgsql as $$ begin - return array_length(assumedRoles(), 1) > 0; + return array_length(basis.assumedRoles(), 1) > 0; end; $$; --// diff --git a/src/main/resources/db/changelog/0-basis/020-audit-log.sql b/src/main/resources/db/changelog/0-basis/020-audit-log.sql index 74af2623..51efc301 100644 --- a/src/main/resources/db/changelog/0-basis/020-audit-log.sql +++ b/src/main/resources/db/changelog/0-basis/020-audit-log.sql @@ -84,7 +84,7 @@ begin insert into basis.tx_context (txId, txTimestamp, currentUser, assumedRoles, currentTask, currentRequest) values ( curTxId, now(), - currentUser(), assumedRoles(), curTask, basis.currentRequest()) + basis.currentUser(), basis.assumedRoles(), curTask, basis.currentRequest()) on conflict do nothing; case tg_op diff --git a/src/main/resources/db/changelog/1-rbac/1051-rbac-user-grant.sql b/src/main/resources/db/changelog/1-rbac/1051-rbac-user-grant.sql index fc74a6de..99a0b349 100644 --- a/src/main/resources/db/changelog/1-rbac/1051-rbac-user-grant.sql +++ b/src/main/resources/db/changelog/1-rbac/1051-rbac-user-grant.sql @@ -12,8 +12,8 @@ declare currentSubjectsUuids uuid[]; begin -- exactly one role must be assumed, not none not more than one - if cardinality(assumedRoles()) <> 1 then - raise exception '[400] Granting roles to user is only possible if exactly one role is assumed, given: %', assumedRoles(); + if cardinality(basis.assumedRoles()) <> 1 then + raise exception '[400] Granting roles to user is only possible if exactly one role is assumed, given: %', basis.assumedRoles(); end if; currentSubjectsUuids := currentSubjectsUuids(); diff --git a/src/main/resources/db/changelog/1-rbac/1054-rbac-context.sql b/src/main/resources/db/changelog/1-rbac/1054-rbac-context.sql index e222596c..552bcd22 100644 --- a/src/main/resources/db/changelog/1-rbac/1054-rbac-context.sql +++ b/src/main/resources/db/changelog/1-rbac/1054-rbac-context.sql @@ -66,10 +66,10 @@ begin and r.roleType = roleTypeToAssume into roleUuidToAssume; if roleUuidToAssume is null then - raise exception '[403] role % does not exist or is not accessible for user %', roleName, currentUser(); + raise exception '[403] role % does not exist or is not accessible for user %', roleName, basis.currentUser(); end if; if not isGranted(currentUserUuid, roleUuidToAssume) then - raise exception '[403] user % has no permission to assume role %', currentUser(), roleName; + raise exception '[403] user % has no permission to assume role %', basis.currentUser(), roleName; end if; roleIdsToAssume := roleIdsToAssume || roleUuidToAssume; end loop; @@ -132,7 +132,7 @@ begin currentUserUuid := null; end; if (currentUserUuid is null or currentUserUuid = '') then - currentUserName := currentUser(); + currentUserName := basis.currentUser(); if (length(currentUserName) > 0) then raise exception '[401] currentUserUuid cannot be determined, unknown user name "%"', currentUserName; else @@ -166,7 +166,7 @@ begin currentSubjectsUuids := null; end; if (currentSubjectsUuids is null or length(currentSubjectsUuids) = 0 ) then - currentUserName := currentUser(); + currentUserName := basis.currentUser(); if (length(currentUserName) > 0) then raise exception '[401] currentSubjectsUuids (%) cannot be determined, unknown user name "%"', currentSubjectsUuids, currentUserName; else diff --git a/src/main/resources/db/changelog/1-rbac/1055-rbac-views.sql b/src/main/resources/db/changelog/1-rbac/1055-rbac-views.sql index a8570f6c..38530ba7 100644 --- a/src/main/resources/db/changelog/1-rbac/1055-rbac-views.sql +++ b/src/main/resources/db/changelog/1-rbac/1055-rbac-views.sql @@ -241,7 +241,7 @@ create or replace view RbacUser_rv as union select users.* from RbacUser as users - where cardinality(assumedRoles()) = 0 and + where cardinality(basis.assumedRoles()) = 0 and (currentUserUuid() = users.uuid or hasGlobalRoleGranted(currentUserUuid())) ) as unordered @@ -303,7 +303,7 @@ begin delete from RbacUser where uuid = old.uuid; return old; end if; - raise exception '[403] User % not allowed to delete user uuid %', currentUser(), old.uuid; + raise exception '[403] User % not allowed to delete user uuid %', basis.currentUser(), old.uuid; end; $$; /* @@ -354,7 +354,7 @@ begin currentUserUuid := currentUserUuid(); if hasGlobalRoleGranted(targetUserUuid) and not hasGlobalRoleGranted(currentUserUuid) then - raise exception '[403] permissions of user "%" are not accessible to user "%"', targetUserUuid, currentUser(); + raise exception '[403] permissions of user "%" are not accessible to user "%"', targetUserUuid, basis.currentUser(); end if; return query select -- 2.39.5 From 1fbcd661b016687d377e59070edf059f87b22366 Mon Sep 17 00:00:00 2001 From: Michael Hoennig Date: Fri, 13 Sep 2024 09:46:01 +0200 Subject: [PATCH 11/57] add bin/git-pull-and-run-if-origin-changed --- bin/git-pull-and-run-if-origin-changed | 32 ++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) create mode 100755 bin/git-pull-and-run-if-origin-changed diff --git a/bin/git-pull-and-run-if-origin-changed b/bin/git-pull-and-run-if-origin-changed new file mode 100755 index 00000000..48c5f22e --- /dev/null +++ b/bin/git-pull-and-run-if-origin-changed @@ -0,0 +1,32 @@ +#!/bin/bash + +if [ -z "$1" ]; then + echo "command missing in arguments" >&2 + exit 1 +fi + +# get the current branch name +BRANCH=$(git rev-parse --abbrev-ref HEAD) + +while true; do + + # get the latest commit hashes from origin and local + git fetch origin + LOCAL=$(git rev-parse HEAD) + REMOTE=$(git rev-parse origin/$BRANCH) + + # check if the local branch differs from the remote branch + if [ "$LOCAL" != "$REMOTE" ]; then + echo "pulling changes from origin" + git pull origin $BRANCH + + # run the command + echo "Running $*" + "$@" + else + echo "no changes detected on the origin branch" + fi + + echo "waiting for 1 minute before checking again..." + sleep 60 +done -- 2.39.5 From 9f4ec472815588a85bef60d1c66e987bd0c1edc0 Mon Sep 17 00:00:00 2001 From: Michael Hoennig Date: Fri, 13 Sep 2024 12:44:56 +0200 Subject: [PATCH 12/57] rbacuser->rbac.subject, tx_journal_tg, rbac.referenceType, rbac.reference, rbac.create_subject, rbac.find_subject_id, rbac.insert_related_object tc. --- README.md | 6 +- ...2022-07-18.row-level-security-mechanism.md | 18 +-- doc/rbac-performance-analysis.md | 4 +- doc/rbac.md | 10 +- sql/historization.sql | 2 +- sql/rbac-view-option-experiments.sql | 18 +-- ...e-cte-experiments-for-accessible-uuids.sql | 2 +- .../hsadminng/context/Context.java | 32 ++--- .../booking/item/HsBookingItemController.java | 20 +-- .../project/HsBookingProjectController.java | 20 +-- .../asset/HsHostingAssetController.java | 20 +-- .../HsOfficeBankAccountController.java | 16 +-- .../contact/HsOfficeContactController.java | 20 +-- ...OfficeCoopAssetsTransactionController.java | 12 +- ...OfficeCoopSharesTransactionController.java | 12 +- .../debitor/HsOfficeDebitorController.java | 20 +-- .../HsOfficeMembershipController.java | 20 +-- .../partner/HsOfficePartnerController.java | 20 +-- .../person/HsOfficePersonController.java | 20 +-- .../relation/HsOfficeRelationController.java | 20 +-- .../HsOfficeSepaMandateController.java | 20 +-- .../rbac/rbacdef/InsertTriggerGenerator.java | 2 +- .../RolesGrantsAndPermissionsGenerator.java | 2 +- .../rbac/rbacgrant/RbacGrantController.java | 20 +-- .../rbacgrant/RbacGrantsDiagramService.java | 4 +- .../rbac/rbacrole/RbacRoleController.java | 4 +- .../rbac/rbacuser/RbacUserController.java | 16 +-- .../rbac/rbacuser/RbacUserRepository.java | 4 +- .../test/cust/TestCustomerController.java | 8 +- .../rbac/test/pac/TestPackageController.java | 8 +- src/main/resources/api-definition/auth.yaml | 4 +- .../api-definition/hs-booking/auth.yaml | 4 +- .../hs-booking-items-with-uuid.yaml | 6 +- .../hs-booking/hs-booking-items.yaml | 4 +- .../hs-booking-projects-with-uuid.yaml | 6 +- .../hs-booking/hs-booking-projects.yaml | 4 +- .../api-definition/hs-hosting/auth.yaml | 4 +- .../hs-hosting-assets-with-uuid.yaml | 6 +- .../hs-hosting/hs-hosting-assets.yaml | 4 +- .../hs-office-bankaccounts-with-uuid.yaml | 4 +- .../hs-office/hs-office-bankaccounts.yaml | 4 +- .../hs-office-contacts-with-uuid.yaml | 6 +- .../hs-office/hs-office-contacts.yaml | 4 +- .../hs-office-coopassets-with-uuid.yaml | 2 +- .../hs-office/hs-office-coopassets.yaml | 4 +- .../hs-office-coopshares-with-uuid.yaml | 2 +- .../hs-office/hs-office-coopshares.yaml | 4 +- .../hs-office-debitors-with-uuid.yaml | 6 +- .../hs-office/hs-office-debitors.yaml | 4 +- .../hs-office-memberships-with-uuid.yaml | 6 +- .../hs-office/hs-office-memberships.yaml | 4 +- .../hs-office-partners-with-uuid.yaml | 6 +- .../hs-office/hs-office-partners.yaml | 4 +- .../hs-office-persons-with-uuid.yaml | 6 +- .../hs-office/hs-office-persons.yaml | 4 +- .../hs-office-relations-with-uuid.yaml | 6 +- .../hs-office/hs-office-relations.yaml | 4 +- .../hs-office-sepamandates-with-uuid.yaml | 6 +- .../hs-office/hs-office-sepamandates.yaml | 4 +- .../rbac/rbac-grants-with-id.yaml | 4 +- .../api-definition/rbac/rbac-grants.yaml | 4 +- .../api-definition/rbac/rbac-roles.yaml | 2 +- .../rbac/rbac-users-with-id-permissions.yaml | 2 +- .../rbac/rbac-users-with-uuid.yaml | 4 +- .../api-definition/rbac/rbac-users.yaml | 2 +- .../api-definition/test/test-customers.yaml | 4 +- .../test/test-packages-uuid.yaml | 2 +- .../api-definition/test/test-packages.yaml | 2 +- .../db/changelog/0-basis/000-basis-schema.sql | 2 +- .../db/changelog/0-basis/010-context.sql | 26 ++-- .../db/changelog/0-basis/020-audit-log.sql | 8 +- .../changelog/0-basis/030-historization.sql | 12 +- .../db/changelog/1-rbac/1000-rbac-schema.sql | 8 ++ .../db/changelog/1-rbac/1050-rbac-base.sql | 134 +++++++++--------- .../changelog/1-rbac/1051-rbac-user-grant.sql | 34 ++--- .../db/changelog/1-rbac/1054-rbac-context.sql | 92 ++++++------ .../db/changelog/1-rbac/1055-rbac-views.sql | 72 +++++----- .../changelog/1-rbac/1058-rbac-generators.sql | 14 +- .../changelog/1-rbac/1059-rbac-statistics.sql | 6 +- .../db/changelog/1-rbac/1080-rbac-global.sql | 36 ++--- .../201-test-customer/2010-test-customer.sql | 2 +- .../2013-test-customer-rbac.sql | 4 +- .../2018-test-customer-test-data.sql | 2 +- .../202-test-package/2020-test-package.sql | 2 +- .../2023-test-package-rbac.sql | 2 +- .../2028-test-package-test-data.sql | 2 +- .../203-test-domain/2030-test-domain.sql | 2 +- .../203-test-domain/2033-test-domain-rbac.sql | 2 +- .../501-contact/5010-hs-office-contact.sql | 2 +- .../5013-hs-office-contact-rbac.sql | 2 +- .../5018-hs-office-contact-test-data.sql | 2 +- .../502-person/5020-hs-office-person.sql | 2 +- .../502-person/5023-hs-office-person-rbac.sql | 2 +- .../5028-hs-office-person-test-data.sql | 2 +- .../503-relation/5030-hs-office-relation.sql | 2 +- .../5033-hs-office-relation-rbac.sql | 4 +- .../504-partner/5040-hs-office-partner.sql | 4 +- .../5043-hs-office-partner-rbac.sql | 2 +- .../5044-hs-office-partner-details-rbac.sql | 2 +- .../5050-hs-office-bankaccount.sql | 2 +- .../5053-hs-office-bankaccount-rbac.sql | 2 +- .../5058-hs-office-bankaccount-test-data.sql | 2 +- .../506-debitor/5060-hs-office-debitor.sql | 2 +- .../5063-hs-office-debitor-rbac.sql | 2 +- .../5070-hs-office-sepamandate.sql | 2 +- .../5073-hs-office-sepamandate-rbac.sql | 4 +- .../5100-hs-office-membership.sql | 2 +- .../5103-hs-office-membership-rbac.sql | 4 +- .../5110-hs-office-coopshares.sql | 2 +- .../5113-hs-office-coopshares-rbac.sql | 2 +- .../5120-hs-office-coopassets.sql | 2 +- .../5123-hs-office-coopassets-rbac.sql | 2 +- .../6200-hs-booking-project.sql | 2 +- .../6203-hs-booking-project-rbac.sql | 2 +- .../630-booking-item/6200-hs-booking-item.sql | 2 +- .../6203-hs-booking-item-rbac.sql | 2 +- .../6303-hs-booking-item-rbac.sql | 2 +- .../7010-hs-hosting-asset.sql | 2 +- .../7013-hs-hosting-asset-rbac.sql | 2 +- .../changelog/9-hs-global/9000-statistics.sql | 2 +- .../db/changelog/db.changelog-master.yaml | 2 + .../hsadminng/arch/ArchitectureTest.java | 4 +- ...HsBookingItemControllerAcceptanceTest.java | 16 +-- .../item/HsBookingItemControllerRestTest.java | 4 +- ...ookingProjectControllerAcceptanceTest.java | 16 +-- ...sHostingAssetControllerAcceptanceTest.java | 28 ++-- .../HsHostingAssetControllerRestTest.java | 4 +- ...ceBankAccountControllerAcceptanceTest.java | 18 +-- ...HsOfficeBankAccountControllerRestTest.java | 4 +- ...OfficeContactControllerAcceptanceTest.java | 20 +-- ...tsTransactionControllerAcceptanceTest.java | 18 +-- ...opAssetsTransactionControllerRestTest.java | 2 +- ...esTransactionControllerAcceptanceTest.java | 18 +-- ...opSharesTransactionControllerRestTest.java | 2 +- ...OfficeDebitorControllerAcceptanceTest.java | 28 ++-- ...iceMembershipControllerAcceptanceTest.java | 24 ++-- .../HsOfficeMembershipControllerRestTest.java | 6 +- ...OfficePartnerControllerAcceptanceTest.java | 26 ++-- .../HsOfficePartnerControllerRestTest.java | 6 +- ...sOfficePersonControllerAcceptanceTest.java | 20 +-- ...fficeRelationControllerAcceptanceTest.java | 24 ++-- ...ceSepaMandateControllerAcceptanceTest.java | 28 ++-- .../rbac/context/ContextBasedTest.java | 10 +- .../rbac/context/ContextIntegrationTests.java | 34 ++--- .../rbac/context/ContextUnitTest.java | 22 +-- .../RbacGrantControllerAcceptanceTest.java | 66 ++++----- ...acGrantsDiagramServiceIntegrationTest.java | 20 +-- .../rbac/rbacrole/RawRbacObjectEntity.java | 2 +- .../RbacRoleControllerAcceptanceTest.java | 6 +- .../rbacrole/RbacRoleControllerRestTest.java | 2 +- .../RbacRoleRepositoryIntegrationTest.java | 4 +- .../RbacUserControllerAcceptanceTest.java | 32 ++--- .../test/ContextBasedTestWithCleanup.java | 7 +- .../TestCustomerControllerAcceptanceTest.java | 16 +-- .../TestPackageControllerAcceptanceTest.java | 12 +- 155 files changed, 827 insertions(+), 816 deletions(-) create mode 100644 src/main/resources/db/changelog/1-rbac/1000-rbac-schema.sql diff --git a/README.md b/README.md index 4d03a6d3..9cca4fc4 100644 --- a/README.md +++ b/README.md @@ -77,17 +77,17 @@ If you have at least Docker and the Java JDK installed in appropriate versions a # the following command should return a JSON array with just all customers: curl \ - -H 'current-user: superuser-alex@hostsharing.net' \ + -H 'current-subject: superuser-alex@hostsharing.net' \ http://localhost:8080/api/test/customers # the following command should return a JSON array with just all packages visible for the admin of the customer yyy: curl \ - -H 'current-user: superuser-alex@hostsharing.net' -H 'assumed-roles: test_customer#yyy:ADMIN' \ + -H 'current-subject: superuser-alex@hostsharing.net' -H 'assumed-roles: test_customer#yyy:ADMIN' \ http://localhost:8080/api/test/packages # add a new customer curl \ - -H 'current-user: superuser-alex@hostsharing.net' -H "Content-Type: application/json" \ + -H 'current-subject: superuser-alex@hostsharing.net' -H "Content-Type: application/json" \ -d '{ "prefix":"ttt", "reference":80001, "adminUserName":"admin@ttt.example.com" }' \ -X POST http://localhost:8080/api/test/customers diff --git a/doc/adr/2022-07-18.row-level-security-mechanism.md b/doc/adr/2022-07-18.row-level-security-mechanism.md index 6276bd4d..e59c7f8a 100644 --- a/doc/adr/2022-07-18.row-level-security-mechanism.md +++ b/doc/adr/2022-07-18.row-level-security-mechanism.md @@ -14,9 +14,9 @@ The core problem here is, that in our RBAC system, determining the permissions o ### Technical Background -The session variable `hsadminng.currentUser` contains the accessing (domain-level) user, which is unrelated to the PostgreSQL user). +The session variable `hsadminng.currentSubject` contains the accessing (domain-level) user, which is unrelated to the PostgreSQL user). -Given is a stored function `isPermissionGrantedToSubject` which detects if the accessing user has a given permission (e.g. 'view'). +Given is a stored function `isPermissionGrantedToSubject` which detects if the accessing subject has a given permission (e.g. 'view'). Given is also a stored function `queryAllPermissionsOfSubjectId` which returns the flattened view to all permissions assigned to the given accessing user. @@ -38,7 +38,7 @@ In this solution, the database ignores row level visibility and returns all rows Very flexible access, programmatic, rules could be implemented. -The role-hierarchy and permissions for currently logged-in users user could be cached in the backend. +The role-hierarchy and permissions for currently logged-in sujects could be cached in the backend. The access logic can be tested in pure Java unit tests. @@ -74,11 +74,11 @@ For restricted DB-users, which are used by the backend, access to rows is filter FOR SELECT TO restricted USING ( - isPermissionGrantedToSubject(findEffectivePermissionId('customer', id, 'view'), currentUserUuid()) + isPermissionGrantedToSubject(findEffectivePermissionId('customer', id, 'view'), currentSubjectUuid()) ); SET SESSION AUTHORIZATION restricted; - SET hsadminng.currentUser TO 'alex@example.com'; + SET hsadminng.currentSubject TO 'alex@example.com'; SELECT * from customer; -- will only return visible rows #### Advantages @@ -101,10 +101,10 @@ We are bound to PostgreSQL, including integration tests and testing the RBAC sys CREATE OR REPLACE RULE "_RETURN" AS ON SELECT TO cust_view DO INSTEAD - SELECT * FROM customer WHERE isPermissionGrantedToSubject(findEffectivePermissionId('customer', id, 'view'), currentUserUuid()); + SELECT * FROM customer WHERE isPermissionGrantedToSubject(findEffectivePermissionId('customer', id, 'view'), currentSubjectUuid()); SET SESSION AUTHORIZATION restricted; - SET hsadminng.currentUser TO 'alex@example.com'; + SET hsadminng.currentSubject TO 'alex@example.com'; SELECT * from customer; -- will only return visible rows #### Advantages @@ -130,12 +130,12 @@ We do not access the tables directly from the backend, but via views which join CREATE OR REPLACE VIEW cust_view AS SELECT c.id, c.reference, c.prefix FROM customer AS c - JOIN queryAllPermissionsOfSubjectId(currentUserUuid()) AS p + JOIN queryAllPermissionsOfSubjectId(currentSubjectUuid()) AS p ON p.tableName='customer' AND p.rowId=c.id AND p.op='view'; GRANT ALL PRIVILEGES ON cust_view TO restricted; SET SESSION SESSION AUTHORIZATION restricted; - SET hsadminng.currentUser TO 'alex@example.com'; + SET hsadminng.currentSubject TO 'alex@example.com'; SELECT * from cust_view; -- will only return visible rows Alternatively the JOIN could also be applied in a "ON SELECT DO INSTEAD"-RULE, if there is any advantage for later features. diff --git a/doc/rbac-performance-analysis.md b/doc/rbac-performance-analysis.md index fa80dde4..10ec6593 100644 --- a/doc/rbac-performance-analysis.md +++ b/doc/rbac-performance-analysis.md @@ -392,9 +392,9 @@ We found some solution approaches: 3. Inverting the recursion of the CTE-query, combined with the type condition. - Instead of starting the recursion with `currentsubjectsuuids()`, + Instead of starting the recursion with `currentSubjectOrAssumedRolesUuids()`, we could start it with the target table name and row-type, - then recurse down to the `currentsubjectsuuids()`. + then recurse down to the `currentSubjectOrAssumedRolesUuids()`. In the end, we need the object UUIDs, though. But if we start with the join of `rbacObject` with `rbacPermission`, diff --git a/doc/rbac.md b/doc/rbac.md index 662bed29..e7cb12d3 100644 --- a/doc/rbac.md +++ b/doc/rbac.md @@ -364,10 +364,10 @@ This way, each user can only select the data they have 'SELECT'-permission for, ### Current User -The current use is taken from the session variable `hsadminng.currentUser` which contains the name of the user as stored in the +The current use is taken from the session variable `hsadminng.currentSubject` which contains the name of the user as stored in the *RbacUser*s table. Example: - SET LOCAL hsadminng.currentUser = 'mike@hostsharing.net'; + SET LOCAL hsadminng.currentSubject = 'mike@hostsharing.net'; That user is also used for historicization and audit log, but which is a different topic. @@ -388,7 +388,7 @@ A full example is shown here: BEGIN TRANSACTION; SET SESSION SESSION AUTHORIZATION restricted; - SET LOCAL hsadminng.currentUser = 'mike@hostsharing.net'; + SET LOCAL hsadminng.currentSubject = 'mike@hostsharing.net'; SET LOCAL hsadminng.assumedRoles = 'customer#aab:admin;customer#aac:admin'; SELECT c.prefix, p.name as "package", ema.localPart || '@' || dom.name as "email-address" @@ -624,7 +624,7 @@ Let's have a look at the two view queries: WHERE target.uuid IN ( SELECT uuid FROM queryAccessibleObjectUuidsOfSubjectIds( - 'SELECT, 'customer', currentSubjectsUuids())); + 'SELECT, 'customer', currentSubjectOrAssumedRolesUuids())); This view should be automatically updatable. Where, for updates, we actually have to check for 'UPDATE' instead of 'SELECT' operation, which makes it a bit more complicated. @@ -642,7 +642,7 @@ Looks like the query optimizer needed some statistics to find the best path. SELECT DISTINCT target.* FROM customer AS target JOIN queryAccessibleObjectUuidsOfSubjectIds( - 'SELECT, 'customer', currentSubjectsUuids()) AS allowedObjId + 'SELECT, 'customer', currentSubjectOrAssumedRolesUuids()) AS allowedObjId ON target.uuid = allowedObjId; This view cannot is not updatable automatically, diff --git a/sql/historization.sql b/sql/historization.sql index a240b30b..89dfbe62 100644 --- a/sql/historization.sql +++ b/sql/historization.sql @@ -28,7 +28,7 @@ commit; set hsadminng.tx_history_txid to ''; set hsadminng.tx_history_timestamp to '2024-08-29 12:42'; -- all versions -select tx_history_txid(), txc.txtimestamp, txc.currentUser, txc.currentTask, haex.* +select tx_history_txid(), txc.txtimestamp, txc.currentSubject, txc.currentTask, haex.* from hs_hosting_asset_ex haex join basis.tx_context txc on haex.txid=txc.txid where haex.identifier = 'test@thi.example.org'; diff --git a/sql/rbac-view-option-experiments.sql b/sql/rbac-view-option-experiments.sql index c5c04487..d058ac49 100644 --- a/sql/rbac-view-option-experiments.sql +++ b/sql/rbac-view-option-experiments.sql @@ -20,11 +20,11 @@ CREATE POLICY customer_policy ON customer TO restricted USING ( -- id=1000 - isPermissionGrantedToSubject(findEffectivePermissionId('test_customer', id, 'SELECT'), currentUserUuid()) + isPermissionGrantedToSubject(findEffectivePermissionId('test_customer', id, 'SELECT'), rbac.currentSubjectUuid()) ); SET SESSION AUTHORIZATION restricted; -SET hsadminng.currentUser TO 'alex@example.com'; +SET hsadminng.currentSubject TO 'alex@example.com'; SELECT * from customer; -- access control via view-rule and isPermissionGrantedToSubject - way too slow (35 s 580 ms for 1 million rows) @@ -35,7 +35,7 @@ SELECT * FROM customer; CREATE OR REPLACE RULE "_RETURN" AS ON SELECT TO cust_view DO INSTEAD - SELECT * FROM customer WHERE isPermissionGrantedToSubject(findEffectivePermissionId('test_customer', id, 'SELECT'), currentUserUuid()); + SELECT * FROM customer WHERE isPermissionGrantedToSubject(findEffectivePermissionId('test_customer', id, 'SELECT'), rbac.currentSubjectUuid()); SELECT * from cust_view LIMIT 10; select queryAllPermissionsOfSubjectId(findRbacUser('superuser-alex@hostsharing.net')); @@ -51,12 +51,12 @@ CREATE OR REPLACE RULE "_RETURN" AS ON SELECT TO cust_view DO INSTEAD SELECT c.uuid, c.reference, c.prefix FROM customer AS c - JOIN queryAllPermissionsOfSubjectId(currentUserUuid()) AS p + JOIN queryAllPermissionsOfSubjectId(rbac.currentSubjectUuid()) AS p ON p.objectTable='test_customer' AND p.objectUuid=c.uuid; GRANT ALL PRIVILEGES ON cust_view TO restricted; SET SESSION SESSION AUTHORIZATION restricted; -SET hsadminng.currentUser TO 'alex@example.com'; +SET hsadminng.currentSubject TO 'alex@example.com'; SELECT * from cust_view; @@ -67,14 +67,14 @@ DROP VIEW IF EXISTS cust_view; CREATE OR REPLACE VIEW cust_view AS SELECT c.uuid, c.reference, c.prefix FROM customer AS c - JOIN queryAllPermissionsOfSubjectId(currentUserUuid()) AS p + JOIN queryAllPermissionsOfSubjectId(rbac.currentSubjectUuid()) AS p ON p.objectUuid=c.uuid; GRANT ALL PRIVILEGES ON cust_view TO restricted; SET SESSION SESSION AUTHORIZATION restricted; --- SET hsadminng.currentUser TO 'alex@example.com'; -SET hsadminng.currentUser TO 'superuser-alex@hostsharing.net'; --- SET hsadminng.currentUser TO 'aaaaouq@example.com'; +-- SET hsadminng.currentSubject TO 'alex@example.com'; +SET hsadminng.currentSubject TO 'superuser-alex@hostsharing.net'; +-- SET hsadminng.currentSubject TO 'aaaaouq@example.com'; SELECT * from cust_view where reference=1144150; select rr.uuid, rr.type from RbacGrants g diff --git a/sql/recursive-cte-experiments-for-accessible-uuids.sql b/sql/recursive-cte-experiments-for-accessible-uuids.sql index 5e9a7be5..669a6f24 100644 --- a/sql/recursive-cte-experiments-for-accessible-uuids.sql +++ b/sql/recursive-cte-experiments-for-accessible-uuids.sql @@ -17,7 +17,7 @@ with recursive 1 as level, true from rbacgrants - where (rbacgrants.ascendantuuid = any (currentsubjectsuuids())) + where (rbacgrants.ascendantuuid = any (rbac.currentSubjectOrAssumedRolesUuids())) and rbacgrants.assumed union all select distinct g.descendantuuid, diff --git a/src/main/java/net/hostsharing/hsadminng/context/Context.java b/src/main/java/net/hostsharing/hsadminng/context/Context.java index 9c3b6a3f..cf2cf4c4 100644 --- a/src/main/java/net/hostsharing/hsadminng/context/Context.java +++ b/src/main/java/net/hostsharing/hsadminng/context/Context.java @@ -38,53 +38,53 @@ public class Context { private HttpServletRequest request; @Transactional(propagation = MANDATORY) - public void define(final String currentUser) { - define(currentUser, null); + public void define(final String currentSubject) { + define(currentSubject, null); } @Transactional(propagation = MANDATORY) - public void define(final String currentUser, final String assumedRoles) { - define(toTask(request), toCurl(request), currentUser, assumedRoles); + public void define(final String currentSubject, final String assumedRoles) { + define(toTask(request), toCurl(request), currentSubject, assumedRoles); } @Transactional(propagation = MANDATORY) public void define( final String currentTask, final String currentRequest, - final String currentUser, + final String currentSubject, final String assumedRoles) { final var query = em.createNativeQuery(""" call basis.defineContext( cast(:currentTask as varchar(127)), cast(:currentRequest as text), - cast(:currentUser as varchar(63)), + cast(:currentSubject as varchar(63)), cast(:assumedRoles as varchar(1023))); """); query.setParameter("currentTask", shortenToMaxLength(currentTask, 127)); query.setParameter("currentRequest", currentRequest); - query.setParameter("currentUser", currentUser); + query.setParameter("currentSubject", currentSubject); query.setParameter("assumedRoles", assumedRoles != null ? assumedRoles : ""); query.executeUpdate(); } - public String getCurrentTask() { + public String fetchCurrentTask() { return (String) em.createNativeQuery("select current_setting('hsadminng.currentTask');").getSingleResult(); } - public String getCurrentUser() { - return String.valueOf(em.createNativeQuery("select currentUser()").getSingleResult()); + public String fetchCurrentSubject() { + return String.valueOf(em.createNativeQuery("select basis.currentSubject()").getSingleResult()); } - public UUID getCurrentUserUUid() { - return (UUID) em.createNativeQuery("select currentUserUUid()", UUID.class).getSingleResult(); + public UUID fetchCurrentSubjectUuid() { + return (UUID) em.createNativeQuery("select rbac.currentSubjectUuid()", UUID.class).getSingleResult(); } - public String[] getAssumedRoles() { - return (String[]) em.createNativeQuery("select assumedRoles() as roles", String[].class).getSingleResult(); + public String[] fetchAssumedRoles() { + return (String[]) em.createNativeQuery("select basis.assumedRoles() as roles", String[].class).getSingleResult(); } - public UUID[] currentSubjectsUuids() { - return (UUID[]) em.createNativeQuery("select currentSubjectsUuids() as uuids", UUID[].class).getSingleResult(); + public UUID[] fetchCurrentSubjectOrAssumedRolesUuids() { + return (UUID[]) em.createNativeQuery("select rbac.currentSubjectOrAssumedRolesUuids() as uuids", UUID[].class).getSingleResult(); } public static String getCallerMethodNameFromStackFrame(final int skipFrames) { diff --git a/src/main/java/net/hostsharing/hsadminng/hs/booking/item/HsBookingItemController.java b/src/main/java/net/hostsharing/hsadminng/hs/booking/item/HsBookingItemController.java index 01d2e6a5..6afd5219 100644 --- a/src/main/java/net/hostsharing/hsadminng/hs/booking/item/HsBookingItemController.java +++ b/src/main/java/net/hostsharing/hsadminng/hs/booking/item/HsBookingItemController.java @@ -41,10 +41,10 @@ public class HsBookingItemController implements HsBookingItemsApi { @Override @Transactional(readOnly = true) public ResponseEntity> listBookingItemsByProjectUuid( - final String currentUser, + final String currentSubject, final String assumedRoles, final UUID projectUuid) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var entities = bookingItemRepo.findAllByProjectUuid(projectUuid); @@ -55,11 +55,11 @@ public class HsBookingItemController implements HsBookingItemsApi { @Override @Transactional public ResponseEntity addBookingItem( - final String currentUser, + final String currentSubject, final String assumedRoles, final HsBookingItemInsertResource body) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var entityToSave = mapper.map(body, HsBookingItemRbacEntity.class, RESOURCE_TO_ENTITY_POSTMAPPER); @@ -77,11 +77,11 @@ public class HsBookingItemController implements HsBookingItemsApi { @Override @Transactional(readOnly = true) public ResponseEntity getBookingItemByUuid( - final String currentUser, + final String currentSubject, final String assumedRoles, final UUID bookingItemUuid) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var result = bookingItemRepo.findByUuid(bookingItemUuid); result.ifPresent(entity -> em.detach(entity)); // prevent further LAZY-loading @@ -94,10 +94,10 @@ public class HsBookingItemController implements HsBookingItemsApi { @Override @Transactional public ResponseEntity deleteBookingIemByUuid( - final String currentUser, + final String currentSubject, final String assumedRoles, final UUID bookingItemUuid) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var result = bookingItemRepo.deleteByUuid(bookingItemUuid); return result == 0 @@ -108,12 +108,12 @@ public class HsBookingItemController implements HsBookingItemsApi { @Override @Transactional public ResponseEntity patchBookingItem( - final String currentUser, + final String currentSubject, final String assumedRoles, final UUID bookingItemUuid, final HsBookingItemPatchResource body) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var current = bookingItemRepo.findByUuid(bookingItemUuid).orElseThrow(); diff --git a/src/main/java/net/hostsharing/hsadminng/hs/booking/project/HsBookingProjectController.java b/src/main/java/net/hostsharing/hsadminng/hs/booking/project/HsBookingProjectController.java index 9247ff83..55d26b36 100644 --- a/src/main/java/net/hostsharing/hsadminng/hs/booking/project/HsBookingProjectController.java +++ b/src/main/java/net/hostsharing/hsadminng/hs/booking/project/HsBookingProjectController.java @@ -36,10 +36,10 @@ public class HsBookingProjectController implements HsBookingProjectsApi { @Override @Transactional(readOnly = true) public ResponseEntity> listBookingProjectsByDebitorUuid( - final String currentUser, + final String currentSubject, final String assumedRoles, final UUID debitorUuid) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var entities = bookingProjectRepo.findAllByDebitorUuid(debitorUuid); @@ -50,11 +50,11 @@ public class HsBookingProjectController implements HsBookingProjectsApi { @Override @Transactional public ResponseEntity addBookingProject( - final String currentUser, + final String currentSubject, final String assumedRoles, final HsBookingProjectInsertResource body) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var entityToSave = mapper.map(body, HsBookingProjectRbacEntity.class, RESOURCE_TO_ENTITY_POSTMAPPER); @@ -72,11 +72,11 @@ public class HsBookingProjectController implements HsBookingProjectsApi { @Override @Transactional(readOnly = true) public ResponseEntity getBookingProjectByUuid( - final String currentUser, + final String currentSubject, final String assumedRoles, final UUID bookingProjectUuid) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var result = bookingProjectRepo.findByUuid(bookingProjectUuid); return result @@ -88,10 +88,10 @@ public class HsBookingProjectController implements HsBookingProjectsApi { @Override @Transactional public ResponseEntity deleteBookingIemByUuid( - final String currentUser, + final String currentSubject, final String assumedRoles, final UUID bookingProjectUuid) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var result = bookingProjectRepo.deleteByUuid(bookingProjectUuid); return result == 0 @@ -102,12 +102,12 @@ public class HsBookingProjectController implements HsBookingProjectsApi { @Override @Transactional public ResponseEntity patchBookingProject( - final String currentUser, + final String currentSubject, final String assumedRoles, final UUID bookingProjectUuid, final HsBookingProjectPatchResource body) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var current = bookingProjectRepo.findByUuid(bookingProjectUuid).orElseThrow(); diff --git a/src/main/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAssetController.java b/src/main/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAssetController.java index 26636eb4..8973d0cc 100644 --- a/src/main/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAssetController.java +++ b/src/main/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAssetController.java @@ -49,12 +49,12 @@ public class HsHostingAssetController implements HsHostingAssetsApi { @Override @Transactional(readOnly = true) public ResponseEntity> listAssets( - final String currentUser, + final String currentSubject, final String assumedRoles, final UUID debitorUuid, final UUID parentAssetUuid, final HsHostingAssetTypeResource type) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var entities = rbacAssetRepo.findAllByCriteria(debitorUuid, parentAssetUuid, HsHostingAssetType.of(type)); @@ -66,11 +66,11 @@ public class HsHostingAssetController implements HsHostingAssetsApi { @Override @Transactional public ResponseEntity addAsset( - final String currentUser, + final String currentSubject, final String assumedRoles, final HsHostingAssetInsertResource body) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var entity = mapper.map(body, HsHostingAssetRbacEntity.class, RESOURCE_TO_ENTITY_POSTMAPPER); @@ -94,11 +94,11 @@ public class HsHostingAssetController implements HsHostingAssetsApi { @Override @Transactional(readOnly = true) public ResponseEntity getAssetByUuid( - final String currentUser, + final String currentSubject, final String assumedRoles, final UUID assetUuid) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var result = rbacAssetRepo.findByUuid(assetUuid); return result @@ -110,10 +110,10 @@ public class HsHostingAssetController implements HsHostingAssetsApi { @Override @Transactional public ResponseEntity deleteAssetUuid( - final String currentUser, + final String currentSubject, final String assumedRoles, final UUID assetUuid) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var result = rbacAssetRepo.deleteByUuid(assetUuid); return result == 0 @@ -124,12 +124,12 @@ public class HsHostingAssetController implements HsHostingAssetsApi { @Override @Transactional public ResponseEntity patchAsset( - final String currentUser, + final String currentSubject, final String assumedRoles, final UUID assetUuid, final HsHostingAssetPatchResource body) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var entity = rbacAssetRepo.findByUuid(assetUuid).orElseThrow(); diff --git a/src/main/java/net/hostsharing/hsadminng/hs/office/bankaccount/HsOfficeBankAccountController.java b/src/main/java/net/hostsharing/hsadminng/hs/office/bankaccount/HsOfficeBankAccountController.java index 9f39767f..50183bf7 100644 --- a/src/main/java/net/hostsharing/hsadminng/hs/office/bankaccount/HsOfficeBankAccountController.java +++ b/src/main/java/net/hostsharing/hsadminng/hs/office/bankaccount/HsOfficeBankAccountController.java @@ -32,10 +32,10 @@ public class HsOfficeBankAccountController implements HsOfficeBankAccountsApi { @Override @Transactional(readOnly = true) public ResponseEntity> listBankAccounts( - final String currentUser, + final String currentSubject, final String assumedRoles, final String holder) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var entities = bankAccountRepo.findByOptionalHolderLike(holder); @@ -46,11 +46,11 @@ public class HsOfficeBankAccountController implements HsOfficeBankAccountsApi { @Override @Transactional public ResponseEntity addBankAccount( - final String currentUser, + final String currentSubject, final String assumedRoles, final HsOfficeBankAccountInsertResource body) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); IbanUtil.validate(body.getIban()); BicUtil.validate(body.getBic()); @@ -72,11 +72,11 @@ public class HsOfficeBankAccountController implements HsOfficeBankAccountsApi { @Override @Transactional(readOnly = true) public ResponseEntity getBankAccountByUuid( - final String currentUser, + final String currentSubject, final String assumedRoles, final UUID bankAccountUuid) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var result = bankAccountRepo.findByUuid(bankAccountUuid); if (result.isEmpty()) { @@ -88,10 +88,10 @@ public class HsOfficeBankAccountController implements HsOfficeBankAccountsApi { @Override @Transactional public ResponseEntity deleteBankAccountByUuid( - final String currentUser, + final String currentSubject, final String assumedRoles, final UUID BankAccountUuid) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var result = bankAccountRepo.deleteByUuid(BankAccountUuid); if (result == 0) { diff --git a/src/main/java/net/hostsharing/hsadminng/hs/office/contact/HsOfficeContactController.java b/src/main/java/net/hostsharing/hsadminng/hs/office/contact/HsOfficeContactController.java index cee7e28a..17d39b7f 100644 --- a/src/main/java/net/hostsharing/hsadminng/hs/office/contact/HsOfficeContactController.java +++ b/src/main/java/net/hostsharing/hsadminng/hs/office/contact/HsOfficeContactController.java @@ -34,10 +34,10 @@ public class HsOfficeContactController implements HsOfficeContactsApi { @Override @Transactional(readOnly = true) public ResponseEntity> listContacts( - final String currentUser, + final String currentSubject, final String assumedRoles, final String caption) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var entities = contactRepo.findContactByOptionalCaptionLike(caption); @@ -48,11 +48,11 @@ public class HsOfficeContactController implements HsOfficeContactsApi { @Override @Transactional public ResponseEntity addContact( - final String currentUser, + final String currentSubject, final String assumedRoles, final HsOfficeContactInsertResource body) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var entityToSave = mapper.map(body, HsOfficeContactRbacEntity.class, RESOURCE_TO_ENTITY_POSTMAPPER); @@ -70,11 +70,11 @@ public class HsOfficeContactController implements HsOfficeContactsApi { @Override @Transactional(readOnly = true) public ResponseEntity getContactByUuid( - final String currentUser, + final String currentSubject, final String assumedRoles, final UUID contactUuid) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var result = contactRepo.findByUuid(contactUuid); if (result.isEmpty()) { @@ -86,10 +86,10 @@ public class HsOfficeContactController implements HsOfficeContactsApi { @Override @Transactional public ResponseEntity deleteContactByUuid( - final String currentUser, + final String currentSubject, final String assumedRoles, final UUID contactUuid) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var result = contactRepo.deleteByUuid(contactUuid); if (result == 0) { @@ -102,12 +102,12 @@ public class HsOfficeContactController implements HsOfficeContactsApi { @Override @Transactional public ResponseEntity patchContact( - final String currentUser, + final String currentSubject, final String assumedRoles, final UUID contactUuid, final HsOfficeContactPatchResource body) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var current = contactRepo.findByUuid(contactUuid).orElseThrow(); diff --git a/src/main/java/net/hostsharing/hsadminng/hs/office/coopassets/HsOfficeCoopAssetsTransactionController.java b/src/main/java/net/hostsharing/hsadminng/hs/office/coopassets/HsOfficeCoopAssetsTransactionController.java index 8ec1d956..f4cb28a3 100644 --- a/src/main/java/net/hostsharing/hsadminng/hs/office/coopassets/HsOfficeCoopAssetsTransactionController.java +++ b/src/main/java/net/hostsharing/hsadminng/hs/office/coopassets/HsOfficeCoopAssetsTransactionController.java @@ -37,12 +37,12 @@ public class HsOfficeCoopAssetsTransactionController implements HsOfficeCoopAsse @Override @Transactional(readOnly = true) public ResponseEntity> listCoopAssets( - final String currentUser, + final String currentSubject, final String assumedRoles, final UUID membershipUuid, final @DateTimeFormat(iso = ISO.DATE) LocalDate fromValueDate, final @DateTimeFormat(iso = ISO.DATE) LocalDate toValueDate) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var entities = coopAssetsTransactionRepo.findCoopAssetsTransactionByOptionalMembershipUuidAndDateRange( membershipUuid, @@ -56,11 +56,11 @@ public class HsOfficeCoopAssetsTransactionController implements HsOfficeCoopAsse @Override @Transactional public ResponseEntity addCoopAssetsTransaction( - final String currentUser, + final String currentSubject, final String assumedRoles, final HsOfficeCoopAssetsTransactionInsertResource requestBody) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); validate(requestBody); final var entityToSave = mapper.map(requestBody, HsOfficeCoopAssetsTransactionEntity.class, RESOURCE_TO_ENTITY_POSTMAPPER); @@ -79,9 +79,9 @@ public class HsOfficeCoopAssetsTransactionController implements HsOfficeCoopAsse @Transactional(readOnly = true) public ResponseEntity getCoopAssetTransactionByUuid( - final String currentUser, final String assumedRoles, final UUID assetTransactionUuid) { + final String currentSubject, final String assumedRoles, final UUID assetTransactionUuid) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var result = coopAssetsTransactionRepo.findByUuid(assetTransactionUuid); if (result.isEmpty()) { diff --git a/src/main/java/net/hostsharing/hsadminng/hs/office/coopshares/HsOfficeCoopSharesTransactionController.java b/src/main/java/net/hostsharing/hsadminng/hs/office/coopshares/HsOfficeCoopSharesTransactionController.java index 78b41c9f..1616568d 100644 --- a/src/main/java/net/hostsharing/hsadminng/hs/office/coopshares/HsOfficeCoopSharesTransactionController.java +++ b/src/main/java/net/hostsharing/hsadminng/hs/office/coopshares/HsOfficeCoopSharesTransactionController.java @@ -39,12 +39,12 @@ public class HsOfficeCoopSharesTransactionController implements HsOfficeCoopShar @Override @Transactional(readOnly = true) public ResponseEntity> listCoopShares( - final String currentUser, + final String currentSubject, final String assumedRoles, final UUID membershipUuid, final @DateTimeFormat(iso = ISO.DATE) LocalDate fromValueDate, final @DateTimeFormat(iso = ISO.DATE) LocalDate toValueDate) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var entities = coopSharesTransactionRepo.findCoopSharesTransactionByOptionalMembershipUuidAndDateRange( membershipUuid, @@ -58,11 +58,11 @@ public class HsOfficeCoopSharesTransactionController implements HsOfficeCoopShar @Override @Transactional public ResponseEntity addCoopSharesTransaction( - final String currentUser, + final String currentSubject, final String assumedRoles, final HsOfficeCoopSharesTransactionInsertResource requestBody) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); validate(requestBody); final var entityToSave = mapper.map(requestBody, HsOfficeCoopSharesTransactionEntity.class, RESOURCE_TO_ENTITY_POSTMAPPER); @@ -81,9 +81,9 @@ public class HsOfficeCoopSharesTransactionController implements HsOfficeCoopShar @Override @Transactional(readOnly = true) public ResponseEntity getCoopShareTransactionByUuid( - final String currentUser, final String assumedRoles, final UUID shareTransactionUuid) { + final String currentSubject, final String assumedRoles, final UUID shareTransactionUuid) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var result = coopSharesTransactionRepo.findByUuid(shareTransactionUuid); if (result.isEmpty()) { diff --git a/src/main/java/net/hostsharing/hsadminng/hs/office/debitor/HsOfficeDebitorController.java b/src/main/java/net/hostsharing/hsadminng/hs/office/debitor/HsOfficeDebitorController.java index 73fe78af..17ab0e70 100644 --- a/src/main/java/net/hostsharing/hsadminng/hs/office/debitor/HsOfficeDebitorController.java +++ b/src/main/java/net/hostsharing/hsadminng/hs/office/debitor/HsOfficeDebitorController.java @@ -48,11 +48,11 @@ public class HsOfficeDebitorController implements HsOfficeDebitorsApi { @Override @Transactional(readOnly = true) public ResponseEntity> listDebitors( - final String currentUser, + final String currentSubject, final String assumedRoles, final String name, final Integer debitorNumber) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var entities = debitorNumber != null ? debitorRepo.findDebitorByDebitorNumber(debitorNumber) @@ -65,11 +65,11 @@ public class HsOfficeDebitorController implements HsOfficeDebitorsApi { @Override @Transactional public ResponseEntity addDebitor( - String currentUser, + String currentSubject, String assumedRoles, HsOfficeDebitorInsertResource body) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); Validate.isTrue(body.getDebitorRel() == null || body.getDebitorRelUuid() == null, "ERROR: [400] exactly one of debitorRel and debitorRelUuid must be supplied, but found both"); @@ -112,11 +112,11 @@ public class HsOfficeDebitorController implements HsOfficeDebitorsApi { @Override @Transactional(readOnly = true) public ResponseEntity getDebitorByUuid( - final String currentUser, + final String currentSubject, final String assumedRoles, final UUID debitorUuid) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var result = debitorRepo.findByUuid(debitorUuid); if (result.isEmpty()) { @@ -128,10 +128,10 @@ public class HsOfficeDebitorController implements HsOfficeDebitorsApi { @Override @Transactional public ResponseEntity deleteDebitorByUuid( - final String currentUser, + final String currentSubject, final String assumedRoles, final UUID debitorUuid) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var result = debitorRepo.deleteByUuid(debitorUuid); if (result == 0) { @@ -144,12 +144,12 @@ public class HsOfficeDebitorController implements HsOfficeDebitorsApi { @Override @Transactional public ResponseEntity patchDebitor( - final String currentUser, + final String currentSubject, final String assumedRoles, final UUID debitorUuid, final HsOfficeDebitorPatchResource body) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var current = debitorRepo.findByUuid(debitorUuid).orElseThrow(); diff --git a/src/main/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipController.java b/src/main/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipController.java index 3c783aae..8c87e5fa 100644 --- a/src/main/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipController.java +++ b/src/main/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipController.java @@ -32,11 +32,11 @@ public class HsOfficeMembershipController implements HsOfficeMembershipsApi { @Override @Transactional(readOnly = true) public ResponseEntity> listMemberships( - final String currentUser, + final String currentSubject, final String assumedRoles, UUID partnerUuid, Integer memberNumber) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var entities = ( memberNumber != null) ? List.of(membershipRepo.findMembershipByMemberNumber(memberNumber)) @@ -50,11 +50,11 @@ public class HsOfficeMembershipController implements HsOfficeMembershipsApi { @Override @Transactional public ResponseEntity addMembership( - final String currentUser, + final String currentSubject, final String assumedRoles, final HsOfficeMembershipInsertResource body) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var entityToSave = mapper.map(body, HsOfficeMembershipEntity.class); @@ -73,11 +73,11 @@ public class HsOfficeMembershipController implements HsOfficeMembershipsApi { @Override @Transactional(readOnly = true) public ResponseEntity getMembershipByUuid( - final String currentUser, + final String currentSubject, final String assumedRoles, final UUID membershipUuid) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var result = membershipRepo.findByUuid(membershipUuid); if (result.isEmpty()) { @@ -90,10 +90,10 @@ public class HsOfficeMembershipController implements HsOfficeMembershipsApi { @Override @Transactional public ResponseEntity deleteMembershipByUuid( - final String currentUser, + final String currentSubject, final String assumedRoles, final UUID membershipUuid) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var result = membershipRepo.deleteByUuid(membershipUuid); if (result == 0) { @@ -106,12 +106,12 @@ public class HsOfficeMembershipController implements HsOfficeMembershipsApi { @Override @Transactional public ResponseEntity patchMembership( - final String currentUser, + final String currentSubject, final String assumedRoles, final UUID membershipUuid, final HsOfficeMembershipPatchResource body) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var current = membershipRepo.findByUuid(membershipUuid).orElseThrow(); diff --git a/src/main/java/net/hostsharing/hsadminng/hs/office/partner/HsOfficePartnerController.java b/src/main/java/net/hostsharing/hsadminng/hs/office/partner/HsOfficePartnerController.java index 5965d990..e4da02b8 100644 --- a/src/main/java/net/hostsharing/hsadminng/hs/office/partner/HsOfficePartnerController.java +++ b/src/main/java/net/hostsharing/hsadminng/hs/office/partner/HsOfficePartnerController.java @@ -50,10 +50,10 @@ public class HsOfficePartnerController implements HsOfficePartnersApi { @Override @Transactional(readOnly = true) public ResponseEntity> listPartners( - final String currentUser, + final String currentSubject, final String assumedRoles, final String name) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var entities = partnerRepo.findPartnerByOptionalNameLike(name); @@ -64,11 +64,11 @@ public class HsOfficePartnerController implements HsOfficePartnersApi { @Override @Transactional public ResponseEntity addPartner( - final String currentUser, + final String currentSubject, final String assumedRoles, final HsOfficePartnerInsertResource body) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var entityToSave = createPartnerEntity(body); @@ -86,11 +86,11 @@ public class HsOfficePartnerController implements HsOfficePartnersApi { @Override @Transactional(readOnly = true) public ResponseEntity getPartnerByUuid( - final String currentUser, + final String currentSubject, final String assumedRoles, final UUID partnerUuid) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var result = partnerRepo.findByUuid(partnerUuid); if (result.isEmpty()) { @@ -102,10 +102,10 @@ public class HsOfficePartnerController implements HsOfficePartnersApi { @Override @Transactional public ResponseEntity deletePartnerByUuid( - final String currentUser, + final String currentSubject, final String assumedRoles, final UUID partnerUuid) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var partnerToDelete = partnerRepo.findByUuid(partnerUuid); if (partnerToDelete.isEmpty()) { @@ -122,12 +122,12 @@ public class HsOfficePartnerController implements HsOfficePartnersApi { @Override @Transactional public ResponseEntity patchPartner( - final String currentUser, + final String currentSubject, final String assumedRoles, final UUID partnerUuid, final HsOfficePartnerPatchResource body) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var current = partnerRepo.findByUuid(partnerUuid).orElseThrow(); final var previousPartnerRel = current.getPartnerRel(); diff --git a/src/main/java/net/hostsharing/hsadminng/hs/office/person/HsOfficePersonController.java b/src/main/java/net/hostsharing/hsadminng/hs/office/person/HsOfficePersonController.java index c3a52c50..41d9d441 100644 --- a/src/main/java/net/hostsharing/hsadminng/hs/office/person/HsOfficePersonController.java +++ b/src/main/java/net/hostsharing/hsadminng/hs/office/person/HsOfficePersonController.java @@ -31,10 +31,10 @@ public class HsOfficePersonController implements HsOfficePersonsApi { @Override @Transactional(readOnly = true) public ResponseEntity> listPersons( - final String currentUser, + final String currentSubject, final String assumedRoles, final String caption) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var entities = personRepo.findPersonByOptionalNameLike(caption); @@ -45,11 +45,11 @@ public class HsOfficePersonController implements HsOfficePersonsApi { @Override @Transactional public ResponseEntity addPerson( - final String currentUser, + final String currentSubject, final String assumedRoles, final HsOfficePersonInsertResource body) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var entityToSave = mapper.map(body, HsOfficePersonEntity.class); @@ -67,11 +67,11 @@ public class HsOfficePersonController implements HsOfficePersonsApi { @Override @Transactional(readOnly = true) public ResponseEntity getPersonByUuid( - final String currentUser, + final String currentSubject, final String assumedRoles, final UUID personUuid) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var result = personRepo.findByUuid(personUuid); if (result.isEmpty()) { @@ -83,10 +83,10 @@ public class HsOfficePersonController implements HsOfficePersonsApi { @Override @Transactional public ResponseEntity deletePersonByUuid( - final String currentUser, + final String currentSubject, final String assumedRoles, final UUID personUuid) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var result = personRepo.deleteByUuid(personUuid); if (result == 0) { @@ -99,12 +99,12 @@ public class HsOfficePersonController implements HsOfficePersonsApi { @Override @Transactional public ResponseEntity patchPerson( - final String currentUser, + final String currentSubject, final String assumedRoles, final UUID personUuid, final HsOfficePersonPatchResource body) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var current = personRepo.findByUuid(personUuid).orElseThrow(); diff --git a/src/main/java/net/hostsharing/hsadminng/hs/office/relation/HsOfficeRelationController.java b/src/main/java/net/hostsharing/hsadminng/hs/office/relation/HsOfficeRelationController.java index a3f4d136..f054e563 100644 --- a/src/main/java/net/hostsharing/hsadminng/hs/office/relation/HsOfficeRelationController.java +++ b/src/main/java/net/hostsharing/hsadminng/hs/office/relation/HsOfficeRelationController.java @@ -45,11 +45,11 @@ public class HsOfficeRelationController implements HsOfficeRelationsApi { @Override @Transactional(readOnly = true) public ResponseEntity> listRelations( - final String currentUser, + final String currentSubject, final String assumedRoles, final UUID personUuid, final HsOfficeRelationTypeResource relationType) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var entities = relationRbacRepo.findRelationRelatedToPersonUuidAndRelationType(personUuid, mapper.map(relationType, HsOfficeRelationType.class)); @@ -62,11 +62,11 @@ public class HsOfficeRelationController implements HsOfficeRelationsApi { @Override @Transactional public ResponseEntity addRelation( - final String currentUser, + final String currentSubject, final String assumedRoles, final HsOfficeRelationInsertResource body) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var entityToSave = new HsOfficeRelationRbacEntity(); entityToSave.setType(HsOfficeRelationType.valueOf(body.getType())); @@ -96,11 +96,11 @@ public class HsOfficeRelationController implements HsOfficeRelationsApi { @Override @Transactional(readOnly = true) public ResponseEntity getRelationByUuid( - final String currentUser, + final String currentSubject, final String assumedRoles, final UUID relationUuid) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var result = relationRbacRepo.findByUuid(relationUuid); if (result.isEmpty()) { @@ -112,10 +112,10 @@ public class HsOfficeRelationController implements HsOfficeRelationsApi { @Override @Transactional public ResponseEntity deleteRelationByUuid( - final String currentUser, + final String currentSubject, final String assumedRoles, final UUID relationUuid) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var result = relationRbacRepo.deleteByUuid(relationUuid); if (result == 0) { @@ -128,12 +128,12 @@ public class HsOfficeRelationController implements HsOfficeRelationsApi { @Override @Transactional public ResponseEntity patchRelation( - final String currentUser, + final String currentSubject, final String assumedRoles, final UUID relationUuid, final HsOfficeRelationPatchResource body) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var current = relationRbacRepo.findByUuid(relationUuid).orElseThrow(); diff --git a/src/main/java/net/hostsharing/hsadminng/hs/office/sepamandate/HsOfficeSepaMandateController.java b/src/main/java/net/hostsharing/hsadminng/hs/office/sepamandate/HsOfficeSepaMandateController.java index 115b8948..9511bdd6 100644 --- a/src/main/java/net/hostsharing/hsadminng/hs/office/sepamandate/HsOfficeSepaMandateController.java +++ b/src/main/java/net/hostsharing/hsadminng/hs/office/sepamandate/HsOfficeSepaMandateController.java @@ -39,10 +39,10 @@ public class HsOfficeSepaMandateController implements HsOfficeSepaMandatesApi { @Override @Transactional(readOnly = true) public ResponseEntity> listSepaMandatesByIban( - final String currentUser, + final String currentSubject, final String assumedRoles, final String iban) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var entities = sepaMandateRepo.findSepaMandateByOptionalIban(iban); @@ -54,11 +54,11 @@ public class HsOfficeSepaMandateController implements HsOfficeSepaMandatesApi { @Override @Transactional public ResponseEntity addSepaMandate( - final String currentUser, + final String currentSubject, final String assumedRoles, final HsOfficeSepaMandateInsertResource body) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var entityToSave = mapper.map(body, HsOfficeSepaMandateEntity.class, SEPA_MANDATE_RESOURCE_TO_ENTITY_POSTMAPPER); @@ -77,11 +77,11 @@ public class HsOfficeSepaMandateController implements HsOfficeSepaMandatesApi { @Override @Transactional(readOnly = true) public ResponseEntity getSepaMandateByUuid( - final String currentUser, + final String currentSubject, final String assumedRoles, final UUID sepaMandateUuid) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var result = sepaMandateRepo.findByUuid(sepaMandateUuid); if (result.isEmpty()) { @@ -94,10 +94,10 @@ public class HsOfficeSepaMandateController implements HsOfficeSepaMandatesApi { @Override @Transactional public ResponseEntity deleteSepaMandateByUuid( - final String currentUser, + final String currentSubject, final String assumedRoles, final UUID sepaMandateUuid) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var result = sepaMandateRepo.deleteByUuid(sepaMandateUuid); if (result == 0) { @@ -110,12 +110,12 @@ public class HsOfficeSepaMandateController implements HsOfficeSepaMandatesApi { @Override @Transactional public ResponseEntity patchSepaMandate( - final String currentUser, + final String currentSubject, final String assumedRoles, final UUID sepaMandateUuid, final HsOfficeSepaMandatePatchResource body) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var current = sepaMandateRepo.findByUuid(sepaMandateUuid).orElseThrow(); diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/InsertTriggerGenerator.java b/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/InsertTriggerGenerator.java index 521ba66b..41e9bfc6 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/InsertTriggerGenerator.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/InsertTriggerGenerator.java @@ -255,7 +255,7 @@ public class InsertTriggerGenerator { plPgSql.writeLn(); plPgSql.writeLn(""" raise exception '[403] insert into ${rawSubTable} values(%) not allowed for current subjects % (%)', - NEW, currentSubjects(), currentSubjectsUuids(); + NEW, currentSubjects(), currentSubjectOrAssumedRolesUuids(); end; $$; create trigger ${rawSubTable}_insert_permission_check_tg diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RolesGrantsAndPermissionsGenerator.java b/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RolesGrantsAndPermissionsGenerator.java index 2089d4d9..238e1208 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RolesGrantsAndPermissionsGenerator.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RolesGrantsAndPermissionsGenerator.java @@ -580,7 +580,7 @@ class RolesGrantsAndPermissionsGenerator { private String toPlPgSqlReference(final RbacView.RbacUserReference userRef) { return switch (userRef.role) { - case CREATOR -> "currentUserUuid()"; + case CREATOR -> "currentSubjectUuid()"; default -> throw new IllegalArgumentException("unknown user role: " + userRef); }; } diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantController.java b/src/main/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantController.java index 9dfaea74..ccdfb38b 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantController.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantController.java @@ -33,12 +33,12 @@ public class RbacGrantController implements RbacGrantsApi { @Override @Transactional(readOnly = true) public ResponseEntity getGrantById( - final String currentUser, + final String currentSubject, final String assumedRoles, final UUID grantedRoleUuid, final UUID granteeUserUuid) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var id = new RbacGrantId(granteeUserUuid, grantedRoleUuid); final var result = rbacGrantRepository.findById(id); @@ -51,10 +51,10 @@ public class RbacGrantController implements RbacGrantsApi { @Override @Transactional(readOnly = true) public ResponseEntity> listUserGrants( - final String currentUser, + final String currentSubject, final String assumedRoles) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); return ResponseEntity.ok(mapper.mapList(rbacGrantRepository.findAll(), RbacGrantResource.class)); } @@ -62,11 +62,11 @@ public class RbacGrantController implements RbacGrantsApi { @Override @Transactional public ResponseEntity grantRoleToUser( - final String currentUser, + final String currentSubject, final String assumedRoles, final RbacGrantResource body) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var granted = rbacGrantRepository.save(mapper.map(body, RbacGrantEntity.class)); em.flush(); @@ -83,12 +83,12 @@ public class RbacGrantController implements RbacGrantsApi { @Override @Transactional public ResponseEntity revokeRoleFromUser( - final String currentUser, + final String currentSubject, final String assumedRoles, final UUID grantedRoleUuid, final UUID granteeUserUuid) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); rbacGrantRepository.deleteByRbacGrantId(new RbacGrantId(granteeUserUuid, grantedRoleUuid)); @@ -101,9 +101,9 @@ public class RbacGrantController implements RbacGrantsApi { // produces = {"text/vnd.mermaid"}) // @Transactional(readOnly = true) // public ResponseEntity allGrantsOfUserAsMermaid( -// @RequestHeader(name = "current-user") String currentUser, +// @RequestHeader(name = "current-subject") String currentSubject, // @RequestHeader(name = "assumed-roles", required = false) String assumedRoles) { -// final var graph = RbacGrantsDiagramService.allGrantsToUser(currentUser); +// final var graph = RbacGrantsDiagramService.allGrantsToUser(currentSubject); // return ResponseEntity.ok(graph); // } diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantsDiagramService.java b/src/main/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantsDiagramService.java index f1369067..39ee73aa 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantsDiagramService.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantsDiagramService.java @@ -64,9 +64,9 @@ public class RbacGrantsDiagramService { private Map> descendantsByUuid = new HashMap<>(); - public String allGrantsToCurrentUser(final EnumSet includes) { + public String allGrantsTocurrentSubject(final EnumSet includes) { final var graph = new LimitedHashSet(); - for ( UUID subjectUuid: context.currentSubjectsUuids() ) { + for ( UUID subjectUuid: context.fetchCurrentSubjectOrAssumedRolesUuids() ) { traverseGrantsTo(graph, subjectUuid, includes); } return toMermaidFlowchart(graph, includes); diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleController.java b/src/main/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleController.java index 0405fee2..1a5d8108 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleController.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleController.java @@ -26,10 +26,10 @@ public class RbacRoleController implements RbacRolesApi { @Override @Transactional(readOnly = true) public ResponseEntity> listRoles( - final String currentUser, + final String currentSubject, final String assumedRoles) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final List result = rbacRoleRepository.findAll(); diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserController.java b/src/main/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserController.java index bcc7844b..e0885a16 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserController.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserController.java @@ -49,11 +49,11 @@ public class RbacUserController implements RbacUsersApi { @Override @Transactional public ResponseEntity deleteUserByUuid( - final String currentUser, + final String currentSubject, final String assumedRoles, final UUID userUuid ) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); rbacUserRepository.deleteByUuid(userUuid); @@ -63,11 +63,11 @@ public class RbacUserController implements RbacUsersApi { @Override @Transactional(readOnly = true) public ResponseEntity getUserById( - final String currentUser, + final String currentSubject, final String assumedRoles, final UUID userUuid) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var result = rbacUserRepository.findByUuid(userUuid); if (result == null) { @@ -79,11 +79,11 @@ public class RbacUserController implements RbacUsersApi { @Override @Transactional(readOnly = true) public ResponseEntity> listUsers( - final String currentUser, + final String currentSubject, final String assumedRoles, final String userName ) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); return ResponseEntity.ok(mapper.mapList(rbacUserRepository.findByOptionalNameLike(userName), RbacUserResource.class)); } @@ -91,11 +91,11 @@ public class RbacUserController implements RbacUsersApi { @Override @Transactional(readOnly = true) public ResponseEntity> listUserPermissions( - final String currentUser, + final String currentSubject, final String assumedRoles, final UUID userUuid ) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); return ResponseEntity.ok(mapper.mapList( rbacUserRepository.findPermissionsOfUserByUuid(userUuid), diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserRepository.java b/src/main/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserRepository.java index 0c1a168b..3560741e 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserRepository.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserRepository.java @@ -17,7 +17,7 @@ public interface RbacUserRepository extends Repository { List findByOptionalNameLike(String userName); // bypasses the restricted view, to be able to grant rights to arbitrary user - @Query(value = "select * from rbacuser where name=:userName", nativeQuery = true) + @Query(value = "select * from rbac.subject where name=:userName", nativeQuery = true) RbacUserEntity findByName(String userName); RbacUserEntity findByUuid(UUID uuid); @@ -28,7 +28,7 @@ public interface RbacUserRepository extends Repository { /* Can't use save/saveAndFlush from SpringData because the uuid is not generated on the entity level, but explicitly, and then SpringData check's if it exists using an SQL SELECT. - And SQL SELECT needs a currentUser which we don't yet have in the case of self registration. + And SQL SELECT needs a currentSubject which we don't yet have in the case of self registration. */ @Modifying @Query(value = "insert into RBacUser_RV (uuid, name) values( :#{#newUser.uuid}, :#{#newUser.name})", nativeQuery = true) diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/test/cust/TestCustomerController.java b/src/main/java/net/hostsharing/hsadminng/rbac/test/cust/TestCustomerController.java index d0ab74bf..c6bbc115 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/test/cust/TestCustomerController.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/test/cust/TestCustomerController.java @@ -32,11 +32,11 @@ public class TestCustomerController implements TestCustomersApi { @Override @Transactional(readOnly = true) public ResponseEntity> listCustomers( - String currentUser, + String currentSubject, String assumedRoles, String prefix ) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var result = testCustomerRepository.findCustomerByOptionalPrefixLike(prefix); @@ -46,11 +46,11 @@ public class TestCustomerController implements TestCustomersApi { @Override @Transactional public ResponseEntity addCustomer( - final String currentUser, + final String currentSubject, final String assumedRoles, final TestCustomerResource customer) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var saved = testCustomerRepository.save(mapper.map(customer, TestCustomerEntity.class)); final var uri = diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/test/pac/TestPackageController.java b/src/main/java/net/hostsharing/hsadminng/rbac/test/pac/TestPackageController.java index 8bb94971..c6ecc7e0 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/test/pac/TestPackageController.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/test/pac/TestPackageController.java @@ -29,11 +29,11 @@ public class TestPackageController implements TestPackagesApi { @Override @Transactional(readOnly = true) public ResponseEntity> listPackages( - String currentUser, + String currentSubject, String assumedRoles, String name ) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var result = testPackageRepository.findAllByOptionalNameLike(name); return ResponseEntity.ok(mapper.mapList(result, TestPackageResource.class)); @@ -42,12 +42,12 @@ public class TestPackageController implements TestPackagesApi { @Override @Transactional public ResponseEntity updatePackage( - final String currentUser, + final String currentSubject, final String assumedRoles, final UUID packageUuid, final TestPackageUpdateResource body) { - context.define(currentUser, assumedRoles); + context.define(currentSubject, assumedRoles); final var current = testPackageRepository.findByUuid(packageUuid); OptionalFromJson.of(body.getDescription()).ifPresent(current::setDescription); diff --git a/src/main/resources/api-definition/auth.yaml b/src/main/resources/api-definition/auth.yaml index 65d491fb..e46f0f38 100644 --- a/src/main/resources/api-definition/auth.yaml +++ b/src/main/resources/api-definition/auth.yaml @@ -3,8 +3,8 @@ components: parameters: - currentUser: - name: current-user + currentSubject: + name: current-subject in: header required: true schema: diff --git a/src/main/resources/api-definition/hs-booking/auth.yaml b/src/main/resources/api-definition/hs-booking/auth.yaml index 65d491fb..e46f0f38 100644 --- a/src/main/resources/api-definition/hs-booking/auth.yaml +++ b/src/main/resources/api-definition/hs-booking/auth.yaml @@ -3,8 +3,8 @@ components: parameters: - currentUser: - name: current-user + currentSubject: + name: current-subject in: header required: true schema: diff --git a/src/main/resources/api-definition/hs-booking/hs-booking-items-with-uuid.yaml b/src/main/resources/api-definition/hs-booking/hs-booking-items-with-uuid.yaml index 3d7567c8..e93cb7b6 100644 --- a/src/main/resources/api-definition/hs-booking/hs-booking-items-with-uuid.yaml +++ b/src/main/resources/api-definition/hs-booking/hs-booking-items-with-uuid.yaml @@ -4,7 +4,7 @@ get: description: 'Fetch a single booking item its uuid, if visible for the current subject.' operationId: getBookingItemByUuid parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' - name: bookingItemUuid in: path @@ -32,7 +32,7 @@ patch: description: 'Updates a single booking item identified by its uuid, if permitted for the current subject.' operationId: patchBookingItem parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' - name: bookingItemUuid in: path @@ -63,7 +63,7 @@ delete: description: 'Delete a single booking item identified by its uuid, if permitted for the current subject.' operationId: deleteBookingIemByUuid parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' - name: bookingItemUuid in: path diff --git a/src/main/resources/api-definition/hs-booking/hs-booking-items.yaml b/src/main/resources/api-definition/hs-booking/hs-booking-items.yaml index 40a3d010..fca2209a 100644 --- a/src/main/resources/api-definition/hs-booking/hs-booking-items.yaml +++ b/src/main/resources/api-definition/hs-booking/hs-booking-items.yaml @@ -5,7 +5,7 @@ get: - hs-booking-items operationId: listBookingItemsByProjectUuid parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' - name: projectUuid in: query @@ -34,7 +34,7 @@ post: - hs-booking-items operationId: addBookingItem parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' requestBody: description: A JSON object describing the new booking item. diff --git a/src/main/resources/api-definition/hs-booking/hs-booking-projects-with-uuid.yaml b/src/main/resources/api-definition/hs-booking/hs-booking-projects-with-uuid.yaml index 085205a7..4c41d51c 100644 --- a/src/main/resources/api-definition/hs-booking/hs-booking-projects-with-uuid.yaml +++ b/src/main/resources/api-definition/hs-booking/hs-booking-projects-with-uuid.yaml @@ -4,7 +4,7 @@ get: description: 'Fetch a single booking project its uuid, if visible for the current subject.' operationId: getBookingProjectByUuid parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' - name: bookingProjectUuid in: path @@ -32,7 +32,7 @@ patch: description: 'Updates a single booking project identified by its uuid, if permitted for the current subject.' operationId: patchBookingProject parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' - name: bookingProjectUuid in: path @@ -63,7 +63,7 @@ delete: description: 'Delete a single booking project identified by its uuid, if permitted for the current subject.' operationId: deleteBookingIemByUuid parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' - name: bookingProjectUuid in: path diff --git a/src/main/resources/api-definition/hs-booking/hs-booking-projects.yaml b/src/main/resources/api-definition/hs-booking/hs-booking-projects.yaml index bccb7443..e5081a6f 100644 --- a/src/main/resources/api-definition/hs-booking/hs-booking-projects.yaml +++ b/src/main/resources/api-definition/hs-booking/hs-booking-projects.yaml @@ -5,7 +5,7 @@ get: - hs-booking-projects operationId: listBookingProjectsByDebitorUuid parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' - name: debitorUuid in: query @@ -34,7 +34,7 @@ post: - hs-booking-projects operationId: addBookingProject parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' requestBody: description: A JSON object describing the new booking project. diff --git a/src/main/resources/api-definition/hs-hosting/auth.yaml b/src/main/resources/api-definition/hs-hosting/auth.yaml index 65d491fb..e46f0f38 100644 --- a/src/main/resources/api-definition/hs-hosting/auth.yaml +++ b/src/main/resources/api-definition/hs-hosting/auth.yaml @@ -3,8 +3,8 @@ components: parameters: - currentUser: - name: current-user + currentSubject: + name: current-subject in: header required: true schema: diff --git a/src/main/resources/api-definition/hs-hosting/hs-hosting-assets-with-uuid.yaml b/src/main/resources/api-definition/hs-hosting/hs-hosting-assets-with-uuid.yaml index 6630d245..625afdd0 100644 --- a/src/main/resources/api-definition/hs-hosting/hs-hosting-assets-with-uuid.yaml +++ b/src/main/resources/api-definition/hs-hosting/hs-hosting-assets-with-uuid.yaml @@ -4,7 +4,7 @@ get: description: 'Fetch a single managed asset by its uuid, if visible for the current subject.' operationId: getAssetByUuid parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' - name: assetUuid in: path @@ -32,7 +32,7 @@ patch: description: 'Updates a single hosting asset identified by its uuid, if permitted for the current subject.' operationId: patchAsset parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' - name: assetUuid in: path @@ -63,7 +63,7 @@ delete: description: 'Delete a single hosting asset identified by its uuid, if permitted for the current subject.' operationId: deleteAssetUuid parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' - name: assetUuid in: path diff --git a/src/main/resources/api-definition/hs-hosting/hs-hosting-assets.yaml b/src/main/resources/api-definition/hs-hosting/hs-hosting-assets.yaml index 8a208c68..6396d2a7 100644 --- a/src/main/resources/api-definition/hs-hosting/hs-hosting-assets.yaml +++ b/src/main/resources/api-definition/hs-hosting/hs-hosting-assets.yaml @@ -5,7 +5,7 @@ get: - hs-hosting-assets operationId: listAssets parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' - name: projectUuid in: query @@ -47,7 +47,7 @@ post: - hs-hosting-assets operationId: addAsset parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' requestBody: description: A JSON object describing the new hosting asset. diff --git a/src/main/resources/api-definition/hs-office/hs-office-bankaccounts-with-uuid.yaml b/src/main/resources/api-definition/hs-office/hs-office-bankaccounts-with-uuid.yaml index 44f89fa1..cdef972a 100644 --- a/src/main/resources/api-definition/hs-office/hs-office-bankaccounts-with-uuid.yaml +++ b/src/main/resources/api-definition/hs-office/hs-office-bankaccounts-with-uuid.yaml @@ -4,7 +4,7 @@ get: description: 'Fetch a single bank account by its uuid, if visible for the current subject.' operationId: getBankAccountByUuid parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' - name: bankAccountUUID in: path @@ -31,7 +31,7 @@ delete: description: 'Delete a single bank account by its uuid, if permitted for the current subject.' operationId: deleteBankAccountByUuid parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' - name: bankAccountUUID in: path diff --git a/src/main/resources/api-definition/hs-office/hs-office-bankaccounts.yaml b/src/main/resources/api-definition/hs-office/hs-office-bankaccounts.yaml index 75380d5d..2207fd9c 100644 --- a/src/main/resources/api-definition/hs-office/hs-office-bankaccounts.yaml +++ b/src/main/resources/api-definition/hs-office/hs-office-bankaccounts.yaml @@ -5,7 +5,7 @@ get: - hs-office-bank-accounts operationId: listBankAccounts parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' - name: holder in: query @@ -33,7 +33,7 @@ post: - hs-office-bank-accounts operationId: addBankAccount parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' requestBody: content: diff --git a/src/main/resources/api-definition/hs-office/hs-office-contacts-with-uuid.yaml b/src/main/resources/api-definition/hs-office/hs-office-contacts-with-uuid.yaml index 13e96f39..a6561e8d 100644 --- a/src/main/resources/api-definition/hs-office/hs-office-contacts-with-uuid.yaml +++ b/src/main/resources/api-definition/hs-office/hs-office-contacts-with-uuid.yaml @@ -4,7 +4,7 @@ get: description: 'Fetch a single business contact by its uuid, if visible for the current subject.' operationId: getContactByUuid parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' - name: contactUUID in: path @@ -32,7 +32,7 @@ patch: description: 'Updates a single contact by its uuid, if permitted for the current subject.' operationId: patchContact parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' - name: contactUUID in: path @@ -63,7 +63,7 @@ delete: description: 'Delete a single business contact by its uuid, if permitted for the current subject.' operationId: deleteContactByUuid parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' - name: contactUUID in: path diff --git a/src/main/resources/api-definition/hs-office/hs-office-contacts.yaml b/src/main/resources/api-definition/hs-office/hs-office-contacts.yaml index 52d54a87..03a6ff70 100644 --- a/src/main/resources/api-definition/hs-office/hs-office-contacts.yaml +++ b/src/main/resources/api-definition/hs-office/hs-office-contacts.yaml @@ -5,7 +5,7 @@ get: - hs-office-contacts operationId: listContacts parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' - name: name in: query @@ -33,7 +33,7 @@ post: - hs-office-contacts operationId: addContact parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' requestBody: content: diff --git a/src/main/resources/api-definition/hs-office/hs-office-coopassets-with-uuid.yaml b/src/main/resources/api-definition/hs-office/hs-office-coopassets-with-uuid.yaml index 7fd6d243..51d51c2c 100644 --- a/src/main/resources/api-definition/hs-office/hs-office-coopassets-with-uuid.yaml +++ b/src/main/resources/api-definition/hs-office/hs-office-coopassets-with-uuid.yaml @@ -4,7 +4,7 @@ get: description: 'Fetch a single asset transaction by its uuid, if visible for the current subject.' operationId: getCoopAssetTransactionByUuid parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' - name: assetTransactionUUID in: path diff --git a/src/main/resources/api-definition/hs-office/hs-office-coopassets.yaml b/src/main/resources/api-definition/hs-office/hs-office-coopassets.yaml index aa0ae953..24ffd3d1 100644 --- a/src/main/resources/api-definition/hs-office/hs-office-coopassets.yaml +++ b/src/main/resources/api-definition/hs-office/hs-office-coopassets.yaml @@ -5,7 +5,7 @@ get: - hs-office-coopAssets operationId: listCoopAssets parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' - name: membershipUuid in: query @@ -48,7 +48,7 @@ post: - hs-office-coopAssets operationId: addCoopAssetsTransaction parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' requestBody: description: A JSON object describing the new cooperative assets transaction. diff --git a/src/main/resources/api-definition/hs-office/hs-office-coopshares-with-uuid.yaml b/src/main/resources/api-definition/hs-office/hs-office-coopshares-with-uuid.yaml index cd7ff827..a37dbf7e 100644 --- a/src/main/resources/api-definition/hs-office/hs-office-coopshares-with-uuid.yaml +++ b/src/main/resources/api-definition/hs-office/hs-office-coopshares-with-uuid.yaml @@ -4,7 +4,7 @@ get: description: 'Fetch a single share transaction by its uuid, if visible for the current subject.' operationId: getCoopShareTransactionByUuid parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' - name: shareTransactionUUID in: path diff --git a/src/main/resources/api-definition/hs-office/hs-office-coopshares.yaml b/src/main/resources/api-definition/hs-office/hs-office-coopshares.yaml index 338018ad..a886ab82 100644 --- a/src/main/resources/api-definition/hs-office/hs-office-coopshares.yaml +++ b/src/main/resources/api-definition/hs-office/hs-office-coopshares.yaml @@ -5,7 +5,7 @@ get: - hs-office-coopShares operationId: listCoopShares parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' - name: membershipUuid in: query @@ -48,7 +48,7 @@ post: - hs-office-coopShares operationId: addCoopSharesTransaction parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' requestBody: description: A JSON object describing the new cooperative shares transaction. diff --git a/src/main/resources/api-definition/hs-office/hs-office-debitors-with-uuid.yaml b/src/main/resources/api-definition/hs-office/hs-office-debitors-with-uuid.yaml index 09c6d42d..feb8e473 100644 --- a/src/main/resources/api-definition/hs-office/hs-office-debitors-with-uuid.yaml +++ b/src/main/resources/api-definition/hs-office/hs-office-debitors-with-uuid.yaml @@ -4,7 +4,7 @@ get: description: 'Fetch a single debitor by its uuid, if visible for the current subject.' operationId: getDebitorByUuid parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' - name: debitorUUID in: path @@ -32,7 +32,7 @@ patch: description: 'Updates a single debitor by its uuid, if permitted for the current subject.' operationId: patchDebitor parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' - name: debitorUUID in: path @@ -63,7 +63,7 @@ delete: description: 'Delete a single debitor by its uuid, if permitted for the current subject.' operationId: deleteDebitorByUuid parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' - name: debitorUUID in: path diff --git a/src/main/resources/api-definition/hs-office/hs-office-debitors.yaml b/src/main/resources/api-definition/hs-office/hs-office-debitors.yaml index 5936198b..e0327d2f 100644 --- a/src/main/resources/api-definition/hs-office/hs-office-debitors.yaml +++ b/src/main/resources/api-definition/hs-office/hs-office-debitors.yaml @@ -5,7 +5,7 @@ get: - hs-office-debitors operationId: listDebitors parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' - name: name in: query @@ -39,7 +39,7 @@ post: - hs-office-debitors operationId: addDebitor parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' requestBody: content: diff --git a/src/main/resources/api-definition/hs-office/hs-office-memberships-with-uuid.yaml b/src/main/resources/api-definition/hs-office/hs-office-memberships-with-uuid.yaml index 4bd1b3fb..1511e09f 100644 --- a/src/main/resources/api-definition/hs-office/hs-office-memberships-with-uuid.yaml +++ b/src/main/resources/api-definition/hs-office/hs-office-memberships-with-uuid.yaml @@ -4,7 +4,7 @@ get: description: 'Fetch a single membership by its uuid, if visible for the current subject.' operationId: getMembershipByUuid parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' - name: membershipUUID in: path @@ -32,7 +32,7 @@ patch: description: 'Updates a single membership by its uuid, if permitted for the current subject.' operationId: patchMembership parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' - name: membershipUUID in: path @@ -63,7 +63,7 @@ delete: description: 'Delete a single membership by its uuid, if permitted for the current subject.' operationId: deleteMembershipByUuid parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' - name: membershipUUID in: path diff --git a/src/main/resources/api-definition/hs-office/hs-office-memberships.yaml b/src/main/resources/api-definition/hs-office/hs-office-memberships.yaml index 260dee51..e394faf0 100644 --- a/src/main/resources/api-definition/hs-office/hs-office-memberships.yaml +++ b/src/main/resources/api-definition/hs-office/hs-office-memberships.yaml @@ -6,7 +6,7 @@ get: - hs-office-memberships operationId: listMemberships parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' - name: partnerUuid in: query @@ -41,7 +41,7 @@ post: - hs-office-memberships operationId: addMembership parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' requestBody: description: A JSON object describing the new membership. diff --git a/src/main/resources/api-definition/hs-office/hs-office-partners-with-uuid.yaml b/src/main/resources/api-definition/hs-office/hs-office-partners-with-uuid.yaml index 914df66b..e19e6cd2 100644 --- a/src/main/resources/api-definition/hs-office/hs-office-partners-with-uuid.yaml +++ b/src/main/resources/api-definition/hs-office/hs-office-partners-with-uuid.yaml @@ -4,7 +4,7 @@ get: description: 'Fetch a single business partner by its uuid, if visible for the current subject.' operationId: getPartnerByUuid parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' - name: partnerUUID in: path @@ -32,7 +32,7 @@ patch: description: 'Updates a single business partner by its uuid, if permitted for the current subject.' operationId: patchPartner parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' - name: partnerUUID in: path @@ -63,7 +63,7 @@ delete: description: 'Delete a single business partner by its uuid, if permitted for the current subject.' operationId: deletePartnerByUuid parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' - name: partnerUUID in: path diff --git a/src/main/resources/api-definition/hs-office/hs-office-partners.yaml b/src/main/resources/api-definition/hs-office/hs-office-partners.yaml index 1f6ee36e..1936a7cb 100644 --- a/src/main/resources/api-definition/hs-office/hs-office-partners.yaml +++ b/src/main/resources/api-definition/hs-office/hs-office-partners.yaml @@ -5,7 +5,7 @@ get: - hs-office-partners operationId: listPartners parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' - name: name in: query @@ -33,7 +33,7 @@ post: - hs-office-partners operationId: addPartner parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' requestBody: content: diff --git a/src/main/resources/api-definition/hs-office/hs-office-persons-with-uuid.yaml b/src/main/resources/api-definition/hs-office/hs-office-persons-with-uuid.yaml index 1b90c777..fe63c509 100644 --- a/src/main/resources/api-definition/hs-office/hs-office-persons-with-uuid.yaml +++ b/src/main/resources/api-definition/hs-office/hs-office-persons-with-uuid.yaml @@ -4,7 +4,7 @@ get: description: 'Fetch a single business person by its uuid, if visible for the current subject.' operationId: getPersonByUuid parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' - name: personUUID in: path @@ -32,7 +32,7 @@ patch: description: 'Updates a single person by its uuid, if permitted for the current subject.' operationId: patchPerson parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' - name: personUUID in: path @@ -63,7 +63,7 @@ delete: description: 'Delete a single business person by its uuid, if permitted for the current subject.' operationId: deletePersonByUuid parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' - name: personUUID in: path diff --git a/src/main/resources/api-definition/hs-office/hs-office-persons.yaml b/src/main/resources/api-definition/hs-office/hs-office-persons.yaml index f7cba51a..71471c83 100644 --- a/src/main/resources/api-definition/hs-office/hs-office-persons.yaml +++ b/src/main/resources/api-definition/hs-office/hs-office-persons.yaml @@ -5,7 +5,7 @@ get: - hs-office-persons operationId: listPersons parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' - name: name in: query @@ -33,7 +33,7 @@ post: - hs-office-persons operationId: addPerson parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' requestBody: content: diff --git a/src/main/resources/api-definition/hs-office/hs-office-relations-with-uuid.yaml b/src/main/resources/api-definition/hs-office/hs-office-relations-with-uuid.yaml index 4e8010e7..3dbe1391 100644 --- a/src/main/resources/api-definition/hs-office/hs-office-relations-with-uuid.yaml +++ b/src/main/resources/api-definition/hs-office/hs-office-relations-with-uuid.yaml @@ -4,7 +4,7 @@ get: description: 'Fetch a single person relation by its uuid, if visible for the current subject.' operationId: getRelationByUuid parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' - name: relationUUID in: path @@ -32,7 +32,7 @@ patch: description: 'Updates a single person relation by its uuid, if permitted for the current subject.' operationId: patchRelation parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' - name: relationUUID in: path @@ -63,7 +63,7 @@ delete: description: 'Delete a single person relation by its uuid, if permitted for the current subject.' operationId: deleteRelationByUuid parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' - name: relationUUID in: path diff --git a/src/main/resources/api-definition/hs-office/hs-office-relations.yaml b/src/main/resources/api-definition/hs-office/hs-office-relations.yaml index 94131df5..0bcb9145 100644 --- a/src/main/resources/api-definition/hs-office/hs-office-relations.yaml +++ b/src/main/resources/api-definition/hs-office/hs-office-relations.yaml @@ -5,7 +5,7 @@ get: - hs-office-relations operationId: listRelations parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' - name: personUuid in: query @@ -40,7 +40,7 @@ post: - hs-office-relations operationId: addRelation parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' requestBody: content: diff --git a/src/main/resources/api-definition/hs-office/hs-office-sepamandates-with-uuid.yaml b/src/main/resources/api-definition/hs-office/hs-office-sepamandates-with-uuid.yaml index 52d050ee..1e14a235 100644 --- a/src/main/resources/api-definition/hs-office/hs-office-sepamandates-with-uuid.yaml +++ b/src/main/resources/api-definition/hs-office/hs-office-sepamandates-with-uuid.yaml @@ -4,7 +4,7 @@ get: description: 'Fetch a single SEPA Mandate by its uuid, if visible for the current subject.' operationId: getSepaMandateByUuid parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' - name: sepaMandateUUID in: path @@ -32,7 +32,7 @@ patch: description: 'Updates a single SEPA Mandate by its uuid, if permitted for the current subject.' operationId: patchSepaMandate parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' - name: sepaMandateUUID in: path @@ -63,7 +63,7 @@ delete: description: 'Delete a single SEPA Mandate by its uuid, if permitted for the current subject.' operationId: deleteSepaMandateByUuid parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' - name: sepaMandateUUID in: path diff --git a/src/main/resources/api-definition/hs-office/hs-office-sepamandates.yaml b/src/main/resources/api-definition/hs-office/hs-office-sepamandates.yaml index 82f8f154..76f28092 100644 --- a/src/main/resources/api-definition/hs-office/hs-office-sepamandates.yaml +++ b/src/main/resources/api-definition/hs-office/hs-office-sepamandates.yaml @@ -5,7 +5,7 @@ get: - hs-office-sepaMandates operationId: listSepaMandatesByIBAN parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' - name: name in: query @@ -33,7 +33,7 @@ post: - hs-office-sepaMandates operationId: addSepaMandate parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' requestBody: description: A JSON object describing the new SEPA-Mandate. diff --git a/src/main/resources/api-definition/rbac/rbac-grants-with-id.yaml b/src/main/resources/api-definition/rbac/rbac-grants-with-id.yaml index b45ebb4e..5bdcd29e 100644 --- a/src/main/resources/api-definition/rbac/rbac-grants-with-id.yaml +++ b/src/main/resources/api-definition/rbac/rbac-grants-with-id.yaml @@ -3,7 +3,7 @@ get: - rbac-grants operationId: getGrantById parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' - name: grantedRoleUuid in: path @@ -38,7 +38,7 @@ delete: - rbac-grants operationId: revokeRoleFromUser parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' - name: grantedRoleUuid in: path diff --git a/src/main/resources/api-definition/rbac/rbac-grants.yaml b/src/main/resources/api-definition/rbac/rbac-grants.yaml index 16011bcd..1452b8c6 100644 --- a/src/main/resources/api-definition/rbac/rbac-grants.yaml +++ b/src/main/resources/api-definition/rbac/rbac-grants.yaml @@ -3,7 +3,7 @@ get: - rbac-grants operationId: listUserGrants parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' responses: "200": @@ -20,7 +20,7 @@ post: - rbac-grants operationId: grantRoleToUser parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' requestBody: required: true diff --git a/src/main/resources/api-definition/rbac/rbac-roles.yaml b/src/main/resources/api-definition/rbac/rbac-roles.yaml index b97aa387..e35ee44e 100644 --- a/src/main/resources/api-definition/rbac/rbac-roles.yaml +++ b/src/main/resources/api-definition/rbac/rbac-roles.yaml @@ -3,7 +3,7 @@ get: - rbac-roles operationId: listRoles parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' responses: "200": diff --git a/src/main/resources/api-definition/rbac/rbac-users-with-id-permissions.yaml b/src/main/resources/api-definition/rbac/rbac-users-with-id-permissions.yaml index ba6eb3fe..34ea9fcc 100644 --- a/src/main/resources/api-definition/rbac/rbac-users-with-id-permissions.yaml +++ b/src/main/resources/api-definition/rbac/rbac-users-with-id-permissions.yaml @@ -4,7 +4,7 @@ get: description: 'List all visible permissions granted to the given user; reduced ' operationId: listUserPermissions parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' - name: userUuid in: path diff --git a/src/main/resources/api-definition/rbac/rbac-users-with-uuid.yaml b/src/main/resources/api-definition/rbac/rbac-users-with-uuid.yaml index 058fc5cd..974faa3c 100644 --- a/src/main/resources/api-definition/rbac/rbac-users-with-uuid.yaml +++ b/src/main/resources/api-definition/rbac/rbac-users-with-uuid.yaml @@ -4,7 +4,7 @@ get: description: 'Fetch a single user by its id, if visible for the current subject.' operationId: getUserById parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' - name: userUuid in: path @@ -31,7 +31,7 @@ delete: - rbac-users operationId: deleteUserByUuid parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' - name: userUuid in: path diff --git a/src/main/resources/api-definition/rbac/rbac-users.yaml b/src/main/resources/api-definition/rbac/rbac-users.yaml index 4acb729e..e447f25d 100644 --- a/src/main/resources/api-definition/rbac/rbac-users.yaml +++ b/src/main/resources/api-definition/rbac/rbac-users.yaml @@ -4,7 +4,7 @@ get: description: List accessible RBAC users with optional filter by name. operationId: listUsers parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' - name: name in: query diff --git a/src/main/resources/api-definition/test/test-customers.yaml b/src/main/resources/api-definition/test/test-customers.yaml index 89a8fb6b..25800099 100644 --- a/src/main/resources/api-definition/test/test-customers.yaml +++ b/src/main/resources/api-definition/test/test-customers.yaml @@ -5,7 +5,7 @@ get: - testCustomers operationId: listCustomers parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' - name: prefix in: query @@ -33,7 +33,7 @@ post: - testCustomers operationId: addCustomer parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' requestBody: content: diff --git a/src/main/resources/api-definition/test/test-packages-uuid.yaml b/src/main/resources/api-definition/test/test-packages-uuid.yaml index 4fc8ef80..994810df 100644 --- a/src/main/resources/api-definition/test/test-packages-uuid.yaml +++ b/src/main/resources/api-definition/test/test-packages-uuid.yaml @@ -3,7 +3,7 @@ patch: - testPackages operationId: updatePackage parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' - name: packageUUID in: path diff --git a/src/main/resources/api-definition/test/test-packages.yaml b/src/main/resources/api-definition/test/test-packages.yaml index 6a3e0e7f..98190e30 100644 --- a/src/main/resources/api-definition/test/test-packages.yaml +++ b/src/main/resources/api-definition/test/test-packages.yaml @@ -3,7 +3,7 @@ get: - testPackages operationId: listPackages parameters: - - $ref: 'auth.yaml#/components/parameters/currentUser' + - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' - name: name in: query diff --git a/src/main/resources/db/changelog/0-basis/000-basis-schema.sql b/src/main/resources/db/changelog/0-basis/000-basis-schema.sql index 689a94ba..a20d690f 100644 --- a/src/main/resources/db/changelog/0-basis/000-basis-schema.sql +++ b/src/main/resources/db/changelog/0-basis/000-basis-schema.sql @@ -2,7 +2,7 @@ -- ============================================================================ ---changeset basis-schema:1 endDelimiter:--// +--changeset basis-SCHEMA:1 endDelimiter:--// -- ---------------------------------------------------------------------------- CREATE SCHEMA basis; --// diff --git a/src/main/resources/db/changelog/0-basis/010-context.sql b/src/main/resources/db/changelog/0-basis/010-context.sql index e0ff1818..d6e14ee6 100644 --- a/src/main/resources/db/changelog/0-basis/010-context.sql +++ b/src/main/resources/db/changelog/0-basis/010-context.sql @@ -12,7 +12,7 @@ create procedure basis.contextDefined( currentTask varchar(127), currentRequest text, - currentUser varchar(63), + currentSubject varchar(63), assumedRoles varchar(1023) ) language plpgsql as $$ @@ -25,7 +25,7 @@ end; $$; create or replace procedure basis.defineContext( currentTask varchar(127), currentRequest text = null, - currentUser varchar(63) = null, + currentSubject varchar(63) = null, assumedRoles varchar(1023) = null ) language plpgsql as $$ @@ -38,15 +38,15 @@ begin currentRequest := coalesce(currentRequest, ''); execute format('set local hsadminng.currentRequest to %L', currentRequest); - currentUser := coalesce(currentUser, ''); - assert length(currentUser) <= 63, FORMAT('currentUser must not be longer than 63 characters: "%s"', currentUser); - execute format('set local hsadminng.currentUser to %L', currentUser); + currentSubject := coalesce(currentSubject, ''); + assert length(currentSubject) <= 63, FORMAT('currentSubject must not be longer than 63 characters: "%s"', currentSubject); + execute format('set local hsadminng.currentSubject to %L', currentSubject); assumedRoles := coalesce(assumedRoles, ''); assert length(assumedRoles) <= 1023, FORMAT('assumedRoles must not be longer than 1023 characters: "%s"', assumedRoles); execute format('set local hsadminng.assumedRoles to %L', assumedRoles); - call basis.contextDefined(currentTask, currentRequest, currentUser, assumedRoles); + call basis.contextDefined(currentTask, currentRequest, currentSubject, assumedRoles); end; $$; --// @@ -105,25 +105,25 @@ end; $$; -- ============================================================================ ---changeset context-CURRENT-USER:1 endDelimiter:--// +--changeset context-current-subject:1 endDelimiter:--// -- ---------------------------------------------------------------------------- /* Returns the current user as defined by `basis.defineContext(...)`. */ -create or replace function basis.currentUser() +create or replace function basis.currentSubject() -- FIXME: move to schema rbac? returns varchar(63) stable -- leakproof language plpgsql as $$ declare - currentUser varchar(63); + currentSubject varchar(63); begin begin - currentUser := current_setting('hsadminng.currentUser'); + currentSubject := current_setting('hsadminng.currentSubject'); exception when others then - currentUser := null; + currentSubject := null; end; - return currentUser; + return currentSubject; end; $$; --// @@ -217,7 +217,7 @@ begin if array_length(assumedRoles, 1) > 0 then return assumedRoles; else - return array [basis.currentUser()]::varchar(1023)[]; + return array [basis.currentSubject()]::varchar(1023)[]; end if; end; $$; diff --git a/src/main/resources/db/changelog/0-basis/020-audit-log.sql b/src/main/resources/db/changelog/0-basis/020-audit-log.sql index 51efc301..b1835fff 100644 --- a/src/main/resources/db/changelog/0-basis/020-audit-log.sql +++ b/src/main/resources/db/changelog/0-basis/020-audit-log.sql @@ -25,7 +25,7 @@ create table basis.tx_context ( txId xid8 primary key not null, txTimestamp timestamp not null, - currentUser varchar(63) not null, -- not the uuid, because users can be deleted + currentSubject varchar(63) not null, -- not the uuid, because users can be deleted assumedRoles varchar(1023) not null, -- not the uuids, because roles can be deleted currentTask varchar(127) not null, currentRequest text not null @@ -82,9 +82,9 @@ begin curTxId := pg_current_xact_id(); insert - into basis.tx_context (txId, txTimestamp, currentUser, assumedRoles, currentTask, currentRequest) + into basis.tx_context (txId, txTimestamp, currentSubject, assumedRoles, currentTask, currentRequest) values ( curTxId, now(), - basis.currentUser(), basis.assumedRoles(), curTask, basis.currentRequest()) + basis.currentSubject(), basis.assumedRoles(), curTask, basis.currentRequest()) on conflict do nothing; case tg_op @@ -123,7 +123,7 @@ declare begin targetTable := lower(targetTable); - createTriggerSQL = 'CREATE TRIGGER ' || targetTable || '_journal' || + createTriggerSQL = 'CREATE TRIGGER tx_journal_tg' || ' AFTER INSERT OR UPDATE OR DELETE ON ' || targetTable || ' FOR EACH ROW EXECUTE PROCEDURE basis.tx_journal_trigger()'; execute createTriggerSQL; diff --git a/src/main/resources/db/changelog/0-basis/030-historization.sql b/src/main/resources/db/changelog/0-basis/030-historization.sql index 6368df06..dd523006 100644 --- a/src/main/resources/db/changelog/0-basis/030-historization.sql +++ b/src/main/resources/db/changelog/0-basis/030-historization.sql @@ -47,7 +47,7 @@ create or replace function tx_historicize_tf() language plpgsql strict as $$ declare - currentUser varchar(63); + currentSubject varchar(63); currentTask varchar(127); "row" record; "alive" boolean; @@ -55,15 +55,15 @@ declare begin -- determine user_id begin - currentUser := current_setting('hsadminng.currentUser'); + currentSubject := current_setting('hsadminng.currentSubject'); exception when others then - currentUser := null; + currentSubject := null; end; - if (currentUser is null or currentUser = '') then - raise exception 'hsadminng.currentUser must be defined, please use "SET LOCAL ...;"'; + if (currentSubject is null or currentSubject = '') then + raise exception 'hsadminng.currentSubject must be defined, please use "SET LOCAL ...;"'; end if; - raise notice 'currentUser: %', currentUser; + raise notice 'currentSubject: %', currentSubject; -- determine task currentTask = current_setting('hsadminng.currentTask'); diff --git a/src/main/resources/db/changelog/1-rbac/1000-rbac-schema.sql b/src/main/resources/db/changelog/1-rbac/1000-rbac-schema.sql new file mode 100644 index 00000000..14f3ba93 --- /dev/null +++ b/src/main/resources/db/changelog/1-rbac/1000-rbac-schema.sql @@ -0,0 +1,8 @@ +--liquibase formatted sql + + +-- ============================================================================ +--changeset rbac-SCHEMA:1 endDelimiter:--// +-- ---------------------------------------------------------------------------- +CREATE SCHEMA rbac; +--// diff --git a/src/main/resources/db/changelog/1-rbac/1050-rbac-base.sql b/src/main/resources/db/changelog/1-rbac/1050-rbac-base.sql index 695719be..99665c18 100644 --- a/src/main/resources/db/changelog/1-rbac/1050-rbac-base.sql +++ b/src/main/resources/db/changelog/1-rbac/1050-rbac-base.sql @@ -6,25 +6,25 @@ /* */ -create type ReferenceType as enum ('RbacUser', 'RbacRole', 'RbacPermission'); +create type rbac.referenceType as enum ('rbac.subject', 'RbacRole', 'RbacPermission'); -create table RbacReference +create table rbac.reference ( uuid uuid unique default uuid_generate_v4(), - type ReferenceType not null + type rbac.referenceType not null ); -create or replace function assertReferenceType(argument varchar, referenceId uuid, expectedType ReferenceType) - returns ReferenceType +create or replace function rbac.assertReferenceType(argument varchar, referenceId uuid, expectedType rbac.referenceType) + returns rbac.referenceType language plpgsql as $$ declare - actualType ReferenceType; + actualType rbac.referenceType; begin if referenceId is null then raise exception '% must be a % and not null', argument, expectedType; end if; - actualType = (select type from RbacReference where uuid = referenceId); + actualType = (select type from rbac.reference where uuid = referenceId); if (actualType <> expectedType) then raise exception '% must reference a %, but got a %', argument, expectedType, actualType; end if; @@ -33,20 +33,20 @@ end; $$; --// -- ============================================================================ ---changeset rbac-base-USER:1 endDelimiter:--// +--changeset rbac-base-SUBJECT:1 endDelimiter:--// -- ---------------------------------------------------------------------------- /* */ -create table RbacUser +create table rbac.subject ( - uuid uuid primary key references RbacReference (uuid) on delete cascade, + uuid uuid primary key references rbac.reference (uuid) on delete cascade, name varchar(63) not null unique ); -call basis.create_journal('RbacUser'); +call basis.create_journal('rbac.subject'); -create or replace function createRbacUser(userName varchar) +create or replace function rbac.create_subject(subjectName varchar) returns uuid returns null on null input language plpgsql as $$ @@ -54,37 +54,37 @@ declare objectId uuid; begin insert - into RbacReference (type) - values ('RbacUser') + into rbac.reference (type) + values ('rbac.subject') returning uuid into objectId; insert - into RbacUser (uuid, name) - values (objectid, userName); + into rbac.subject (uuid, name) + values (objectid, subjectName); return objectId; end; $$; -create or replace function createRbacUser(refUuid uuid, userName varchar) +create or replace function rbac.create_subject(refUuid uuid, subjectName varchar) returns uuid called on null input language plpgsql as $$ begin insert - into RbacReference as r (uuid, type) - values (coalesce(refUuid, uuid_generate_v4()), 'RbacUser') + into rbac.reference as r (uuid, type) + values (coalesce(refUuid, uuid_generate_v4()), 'rbac.subject') returning r.uuid into refUuid; insert - into RbacUser (uuid, name) - values (refUuid, userName); + into rbac.subject (uuid, name) + values (refUuid, subjectName); return refUuid; end; $$; -create or replace function findRbacUserId(userName varchar) +create or replace function rbac.find_subject_id(subjectName varchar) returns uuid returns null on null input language sql as $$ -select uuid from RbacUser where name = userName +select uuid from rbac.subject where name = subjectName $$; --// @@ -94,7 +94,7 @@ $$; /* */ -create table RbacObject +create table rbac.object ( uuid uuid primary key default uuid_generate_v4(), serialId serial, -- TODO.perf: only needed for reverse deletion of temp test data @@ -102,7 +102,7 @@ create table RbacObject unique (objectTable, uuid) ); -call basis.create_journal('RbacObject'); +call basis.create_journal('rbac.object'); --// @@ -112,9 +112,9 @@ call basis.create_journal('RbacObject'); -- ---------------------------------------------------------------------------- /* - Inserts related RbacObject for use in the BEFORE ONSERT TRIGGERs on the business objects. + Inserts related rbac.object for use in the BEFORE INSERT TRIGGERs on the business objects. */ -create or replace function insertRelatedRbacObject() +create or replace function rbac.insert_related_object() returns trigger language plpgsql strict as $$ @@ -124,13 +124,13 @@ begin if TG_OP = 'INSERT' then if NEW.uuid is null then insert - into RbacObject (objectTable) + into rbac.object (objectTable) values (TG_TABLE_NAME) returning uuid into objectUuid; NEW.uuid = objectUuid; else insert - into RbacObject (uuid, objectTable) + into rbac.object (uuid, objectTable) values (NEW.uuid, TG_TABLE_NAME) returning uuid into objectUuid; end if; @@ -141,7 +141,7 @@ begin end; $$; /* - Deletes related RbacObject for use in the BEFORE DELETE TRIGGERs on the business objects. + Deletes related rbac.object for use in the BEFORE DELETE TRIGGERs on the business objects. */ create or replace function deleteRelatedRbacObject() returns trigger @@ -149,7 +149,7 @@ create or replace function deleteRelatedRbacObject() strict as $$ begin if TG_OP = 'DELETE' then - delete from RbacObject where rbacobject.uuid = old.uuid; + delete from rbac.object where rbac.object.uuid = old.uuid; else raise exception 'invalid usage of TRIGGER BEFORE DELETE'; end if; @@ -168,8 +168,8 @@ create type RbacRoleType as enum ('OWNER', 'ADMIN', 'AGENT', 'TENANT', 'GUEST', create table RbacRole ( - uuid uuid primary key references RbacReference (uuid) on delete cascade initially deferred, -- initially deferred - objectUuid uuid not null references RbacObject (uuid) initially deferred, + uuid uuid primary key references rbac.reference (uuid) on delete cascade initially deferred, -- initially deferred + objectUuid uuid not null references rbac.object (uuid) initially deferred, roleType RbacRoleType not null, unique (objectUuid, roleType) ); @@ -217,7 +217,7 @@ declare referenceId uuid; begin insert - into RbacReference (type) + into rbac.reference (type) values ('RbacRole') returning uuid into referenceId; insert @@ -231,7 +231,7 @@ $$; create or replace procedure deleteRole(roleUUid uuid) language plpgsql as $$ begin - --raise exception '% deleting role uuid %', currentsubjectsuuids(), roleUUid; + --raise exception '% deleting role uuid %', rbac.currentSubjectOrAssumedRolesUuids(), roleUUid; delete from RbacRole where uuid = roleUUid; end; $$; @@ -323,7 +323,7 @@ execute procedure deleteRbacGrantsOfRbacRole(); -- ---------------------------------------------------------------------------- /* - RbacObject BEFORE DELETE TRIGGER function which deletes all related roles. + rbac.object BEFORE DELETE TRIGGER function which deletes all related roles. */ create or replace function deleteRbacRolesOfRbacObject() returns trigger @@ -344,7 +344,7 @@ end; $$; */ create trigger deleteRbacRolesOfRbacObject_Trigger before delete - on RbacObject + on rbac.object for each row execute procedure deleteRbacRolesOfRbacObject(); --// @@ -367,8 +367,8 @@ create domain RbacOp as varchar(6) create table RbacPermission ( - uuid uuid primary key references RbacReference (uuid) on delete cascade, - objectUuid uuid not null references RbacObject, + uuid uuid primary key references rbac.reference (uuid) on delete cascade, + objectUuid uuid not null references rbac.object, op RbacOp not null, opTableName varchar(60) ); @@ -402,7 +402,7 @@ begin where objectUuid = forObjectUuid and op = forOp and opTableName is not distinct from forOpTableName); if (permissionUuid is null) then - insert into RbacReference ("type") + insert into rbac.reference ("type") values ('RbacPermission') returning uuid into permissionUuid; begin @@ -482,15 +482,15 @@ $$; --changeset rbac-base-GRANTS:1 endDelimiter:--// -- ---------------------------------------------------------------------------- /* - Table to store grants / role- or permission assignments to users or roles. + Table to store grants / role- or permission assignments to subjects or roles. */ create table RbacGrants ( uuid uuid primary key default uuid_generate_v4(), - grantedByTriggerOf uuid references RbacObject (uuid) on delete cascade initially deferred , + grantedByTriggerOf uuid references rbac.object (uuid) on delete cascade initially deferred , grantedByRoleUuid uuid references RbacRole (uuid), - ascendantUuid uuid references RbacReference (uuid), - descendantUuid uuid references RbacReference (uuid), + ascendantUuid uuid references rbac.reference (uuid), + descendantUuid uuid references rbac.reference (uuid), assumed boolean not null default true, -- auto assumed (true) vs. needs assumeRoles (false) unique (ascendantUuid, descendantUuid), constraint rbacGrant_createdBy check ( grantedByRoleUuid is null or grantedByTriggerOf is null) ); @@ -499,7 +499,7 @@ create index on RbacGrants (descendantUuid); call basis.create_journal('RbacGrants'); create or replace function findGrantees(grantedId uuid) - returns setof RbacReference + returns setof rbac.reference returns null on null input language sql as $$ with recursive grants as ( @@ -513,7 +513,7 @@ with recursive grants as ( ) select ref.* from grants - join RbacReference ref on ref.uuid = grants.ascendantUuid; + join rbac.reference ref on ref.uuid = grants.ascendantUuid; $$; create or replace function isGranted(granteeIds uuid[], grantedId uuid) @@ -574,7 +574,7 @@ begin end; $$; -create or replace function hasGlobalRoleGranted(userUuid uuid) +create or replace function hasGlobalRoleGranted(forAscendantUuid uuid) returns bool stable -- leakproof language sql as $$ @@ -582,8 +582,8 @@ select exists( select r.uuid from RbacGrants as g join RbacRole as r on r.uuid = g.descendantuuid - join RbacObject as o on o.uuid = r.objectuuid - where g.ascendantuuid = userUuid + join rbac.object as o on o.uuid = r.objectuuid + where g.ascendantuuid = forAscendantUuid and o.objecttable = 'global' ); $$; @@ -591,8 +591,8 @@ $$; create or replace procedure grantPermissionToRole(permissionUuid uuid, roleUuid uuid) language plpgsql as $$ begin - perform assertReferenceType('roleId (ascendant)', roleUuid, 'RbacRole'); - perform assertReferenceType('permissionId (descendant)', permissionUuid, 'RbacPermission'); + perform rbac.assertReferenceType('roleId (ascendant)', roleUuid, 'RbacRole'); + perform rbac.assertReferenceType('permissionId (descendant)', permissionUuid, 'RbacPermission'); insert into RbacGrants (grantedByTriggerOf, ascendantUuid, descendantUuid, assumed) @@ -611,8 +611,8 @@ $$; create or replace procedure grantRoleToRole(subRoleId uuid, superRoleId uuid, doAssume bool = true) language plpgsql as $$ begin - perform assertReferenceType('superRoleId (ascendant)', superRoleId, 'RbacRole'); - perform assertReferenceType('subRoleId (descendant)', subRoleId, 'RbacRole'); + perform rbac.assertReferenceType('superRoleId (ascendant)', superRoleId, 'RbacRole'); + perform rbac.assertReferenceType('subRoleId (descendant)', subRoleId, 'RbacRole'); if isGranted(subRoleId, superRoleId) then call raiseDuplicateRoleGrantException(subRoleId, superRoleId); @@ -639,8 +639,8 @@ begin superRoleId := findRoleId(superRole); subRoleId := findRoleId(subRole); - perform assertReferenceType('superRoleId (ascendant)', superRoleId, 'RbacRole'); - perform assertReferenceType('subRoleId (descendant)', subRoleId, 'RbacRole'); + perform rbac.assertReferenceType('superRoleId (ascendant)', superRoleId, 'RbacRole'); + perform rbac.assertReferenceType('subRoleId (descendant)', subRoleId, 'RbacRole'); if isGranted(subRoleId, superRoleId) then call raiseDuplicateRoleGrantException(subRoleId, superRoleId); @@ -661,8 +661,8 @@ begin superRoleId := findRoleId(superRole); subRoleId := findRoleId(subRole); - perform assertReferenceType('superRoleId (ascendant)', superRoleId, 'RbacRole'); - perform assertReferenceType('subRoleId (descendant)', subRoleId, 'RbacRole'); + perform rbac.assertReferenceType('superRoleId (ascendant)', superRoleId, 'RbacRole'); + perform rbac.assertReferenceType('subRoleId (descendant)', subRoleId, 'RbacRole'); if (isGranted(superRoleId, subRoleId)) then delete from RbacGrants where ascendantUuid = superRoleId and descendantUuid = subRoleId; @@ -682,8 +682,8 @@ declare begin superRoleId := findRoleId(superRole); - perform assertReferenceType('superRoleId (ascendant)', superRoleId, 'RbacRole'); - perform assertReferenceType('permission (descendant)', permissionId, 'RbacPermission'); + perform rbac.assertReferenceType('superRoleId (ascendant)', superRoleId, 'RbacRole'); + perform rbac.assertReferenceType('permission (descendant)', permissionId, 'RbacPermission'); if (isGranted(superRoleId, permissionId)) then delete from RbacGrants where ascendantUuid = superRoleId and descendantUuid = permissionId; @@ -691,7 +691,7 @@ begin select p.op, o.objectTable, o.uuid from rbacGrants g join rbacPermission p on p.uuid=g.descendantUuid - join rbacobject o on o.uuid=p.objectUuid + join rbac.object o on o.uuid=p.objectUuid where g.uuid=permissionId into permissionOp, objectTable, objectUuid; @@ -736,7 +736,7 @@ begin SELECT DISTINCT perm.objectUuid FROM granted JOIN RbacPermission perm ON granted.descendantUuid = perm.uuid - JOIN RbacObject obj ON obj.uuid = perm.objectUuid + JOIN rbac.object obj ON obj.uuid = perm.objectUuid WHERE (requiredOp = 'SELECT' OR perm.op = requiredOp) AND obj.objectTable = forObjectTable LIMIT maxObjects+1; @@ -756,7 +756,7 @@ $$; --changeset rbac-base-QUERY-GRANTED-PERMISSIONS:1 endDelimiter:--// -- ---------------------------------------------------------------------------- /* - Returns all permissions accessible to the given subject UUID (user or role). + Returns all permissions accessible to the given subject UUID (subject or role). */ create or replace function queryPermissionsGrantedToSubjectId(subjectId uuid) returns setof RbacPermission @@ -782,18 +782,18 @@ $$; --// -- ============================================================================ ---changeset rbac-base-QUERY-USERS-WITH-PERMISSION-FOR-OBJECT:1 endDelimiter:--// +--changeset rbac-base-QUERY-SUBJECTS-WITH-PERMISSION-FOR-OBJECT:1 endDelimiter:--// -- ---------------------------------------------------------------------------- /* - Returns all user UUIDs which have any permission for the given object UUID. + Returns all subject UUIDs which have any permission for the given object UUID. */ -create or replace function queryAllRbacUsersWithPermissionsFor(objectId uuid) - returns setof RbacUser +create or replace function queryAllRbacSubjectsWithPermissionsFor(objectId uuid) + returns setof rbac.subject returns null on null input language sql as $$ select * - from RbacUser + from rbac.subject where uuid in ( -- @formatter:off with recursive grants as ( diff --git a/src/main/resources/db/changelog/1-rbac/1051-rbac-user-grant.sql b/src/main/resources/db/changelog/1-rbac/1051-rbac-user-grant.sql index 99a0b349..087a2e2f 100644 --- a/src/main/resources/db/changelog/1-rbac/1051-rbac-user-grant.sql +++ b/src/main/resources/db/changelog/1-rbac/1051-rbac-user-grant.sql @@ -9,23 +9,23 @@ create or replace function assumedRoleUuid() stable -- leakproof language plpgsql as $$ declare - currentSubjectsUuids uuid[]; + currentSubjectOrAssumedRolesUuids uuid[]; begin -- exactly one role must be assumed, not none not more than one if cardinality(basis.assumedRoles()) <> 1 then raise exception '[400] Granting roles to user is only possible if exactly one role is assumed, given: %', basis.assumedRoles(); end if; - currentSubjectsUuids := currentSubjectsUuids(); - return currentSubjectsUuids[1]; + currentSubjectOrAssumedRolesUuids := rbac.currentSubjectOrAssumedRolesUuids(); + return currentSubjectOrAssumedRolesUuids[1]; end; $$; create or replace procedure grantRoleToUserUnchecked(grantedByRoleUuid uuid, grantedRoleUuid uuid, userUuid uuid, doAssume boolean = true) language plpgsql as $$ begin - perform assertReferenceType('grantingRoleUuid', grantedByRoleUuid, 'RbacRole'); - perform assertReferenceType('roleId (descendant)', grantedRoleUuid, 'RbacRole'); - perform assertReferenceType('userId (ascendant)', userUuid, 'RbacUser'); + perform rbac.assertReferenceType('grantingRoleUuid', grantedByRoleUuid, 'RbacRole'); + perform rbac.assertReferenceType('roleId (descendant)', grantedRoleUuid, 'RbacRole'); + perform rbac.assertReferenceType('userId (ascendant)', userUuid, 'rbac.subject'); insert into RbacGrants (grantedByRoleUuid, ascendantUuid, descendantUuid, assumed) @@ -40,18 +40,18 @@ declare grantedByRoleIdName text; grantedRoleIdName text; begin - perform assertReferenceType('grantingRoleUuid', grantedByRoleUuid, 'RbacRole'); - perform assertReferenceType('grantedRoleUuid (descendant)', grantedRoleUuid, 'RbacRole'); - perform assertReferenceType('userUuid (ascendant)', userUuid, 'RbacUser'); + perform rbac.assertReferenceType('grantingRoleUuid', grantedByRoleUuid, 'RbacRole'); + perform rbac.assertReferenceType('grantedRoleUuid (descendant)', grantedRoleUuid, 'RbacRole'); + perform rbac.assertReferenceType('userUuid (ascendant)', userUuid, 'rbac.subject'); assert grantedByRoleUuid is not null, 'grantedByRoleUuid must not be null'; assert grantedRoleUuid is not null, 'grantedRoleUuid must not be null'; assert userUuid is not null, 'userUuid must not be null'; - if NOT isGranted(currentSubjectsUuids(), grantedByRoleUuid) then + if NOT isGranted(rbac.currentSubjectOrAssumedRolesUuids(), grantedByRoleUuid) then select roleIdName from rbacRole_ev where uuid=grantedByRoleUuid into grantedByRoleIdName; raise exception '[403] Access to granted-by-role % (%) forbidden for % (%)', - grantedByRoleIdName, grantedByRoleUuid, currentSubjects(), currentSubjectsUuids(); + grantedByRoleIdName, grantedByRoleUuid, currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); end if; if NOT isGranted(grantedByRoleUuid, grantedRoleUuid) then select roleIdName from rbacRole_ev where uuid=grantedByRoleUuid into grantedByRoleIdName; @@ -77,11 +77,11 @@ end; $$; create or replace procedure checkRevokeRoleFromUserPreconditions(grantedByRoleUuid uuid, grantedRoleUuid uuid, userUuid uuid) language plpgsql as $$ begin - perform assertReferenceType('grantedByRoleUuid', grantedByRoleUuid, 'RbacRole'); - perform assertReferenceType('grantedRoleUuid (descendant)', grantedRoleUuid, 'RbacRole'); - perform assertReferenceType('userUuid (ascendant)', userUuid, 'RbacUser'); + perform rbac.assertReferenceType('grantedByRoleUuid', grantedByRoleUuid, 'RbacRole'); + perform rbac.assertReferenceType('grantedRoleUuid (descendant)', grantedRoleUuid, 'RbacRole'); + perform rbac.assertReferenceType('userUuid (ascendant)', userUuid, 'rbac.subject'); - if NOT isGranted(currentSubjectsUuids(), grantedByRoleUuid) then + if NOT isGranted(rbac.currentSubjectOrAssumedRolesUuids(), grantedByRoleUuid) then raise exception '[403] Revoking role created by % is forbidden for %.', grantedByRoleUuid, currentSubjects(); end if; @@ -89,8 +89,8 @@ begin raise exception '[403] Revoking role % is forbidden for %.', grantedRoleUuid, currentSubjects(); end if; - --raise exception 'isGranted(%, %)', currentSubjectsUuids(), grantedByRoleUuid; - if NOT isGranted(currentSubjectsUuids(), grantedByRoleUuid) then + --raise exception 'isGranted(%, %)', rbac.currentSubjectOrAssumedRolesUuids(), grantedByRoleUuid; + if NOT isGranted(rbac.currentSubjectOrAssumedRolesUuids(), grantedByRoleUuid) then raise exception '[403] Revoking role granted by % is forbidden for %.', grantedByRoleUuid, currentSubjects(); end if; diff --git a/src/main/resources/db/changelog/1-rbac/1054-rbac-context.sql b/src/main/resources/db/changelog/1-rbac/1054-rbac-context.sql index 552bcd22..2380c84d 100644 --- a/src/main/resources/db/changelog/1-rbac/1054-rbac-context.sql +++ b/src/main/resources/db/changelog/1-rbac/1054-rbac-context.sql @@ -5,25 +5,25 @@ --changeset rbac-context-DETERMINE:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -create or replace function determineCurrentUserUuid(currentUser varchar) +create or replace function determineCurrentSubjectUuid(currentSubject varchar) returns uuid stable -- leakproof language plpgsql as $$ declare - currentUserUuid uuid; + currentSubjectUuid uuid; begin - if currentUser = '' then + if currentSubject = '' then return null; end if; - select uuid from RbacUser where name = currentUser into currentUserUuid; - if currentUserUuid is null then - raise exception '[401] user % given in `basis.defineContext(...)` does not exist', currentUser; + select uuid from rbac.subject where name = currentSubject into currentSubjectUuid; + if currentSubjectUuid is null then + raise exception '[401] subject % given in `basis.defineContext(...)` does not exist', currentSubject; end if; - return currentUserUuid; + return currentSubjectUuid; end; $$; -create or replace function determineCurrentSubjectsUuids(currentUserUuid uuid, assumedRoles varchar) +create or replace function determineCurrentSubjectOrAssumedRolesUuids(currentSubjectOrAssumedRolesUuids uuid, assumedRoles varchar) returns uuid[] stable -- leakproof language plpgsql as $$ @@ -37,7 +37,7 @@ declare roleIdsToAssume uuid[]; roleUuidToAssume uuid; begin - if currentUserUuid is null then + if currentSubjectOrAssumedRolesUuids is null then if length(coalesce(assumedRoles, '')) > 0 then raise exception '[403] undefined has no permission to assume role %', assumedRoles; else @@ -45,7 +45,7 @@ begin end if; end if; if length(coalesce(assumedRoles, '')) = 0 then - return array [currentUserUuid]; + return array [currentSubjectOrAssumedRolesUuids]; end if; foreach roleName in array string_to_array(assumedRoles, ';') @@ -66,10 +66,10 @@ begin and r.roleType = roleTypeToAssume into roleUuidToAssume; if roleUuidToAssume is null then - raise exception '[403] role % does not exist or is not accessible for user %', roleName, basis.currentUser(); + raise exception '[403] role % does not exist or is not accessible for subject %', roleName, basis.currentSubject(); end if; - if not isGranted(currentUserUuid, roleUuidToAssume) then - raise exception '[403] user % has no permission to assume role %', basis.currentUser(), roleName; + if not isGranted(currentSubjectOrAssumedRolesUuids, roleUuidToAssume) then + raise exception '[403] subject % has no permission to assume role %', basis.currentSubject(), roleName; end if; roleIdsToAssume := roleIdsToAssume || roleUuidToAssume; end loop; @@ -87,59 +87,59 @@ end; $$; create or replace procedure basis.contextDefined( currentTask varchar(127), currentRequest text, - currentUser varchar(63), + currentSubject varchar(63), assumedRoles varchar(1023) ) language plpgsql as $$ declare - currentUserUuid uuid; + currentSubjectUuid uuid; begin execute format('set local hsadminng.currentTask to %L', currentTask); execute format('set local hsadminng.currentRequest to %L', currentRequest); - execute format('set local hsadminng.currentUser to %L', currentUser); - select determineCurrentUserUuid(currentUser) into currentUserUuid; - execute format('set local hsadminng.currentUserUuid to %L', coalesce(currentUserUuid::text, '')); + execute format('set local hsadminng.currentSubject to %L', currentSubject); + select determineCurrentSubjectUuid(currentSubject) into currentSubjectUuid; + execute format('set local hsadminng.currentSubjectUuid to %L', coalesce(currentSubjectUuid::text, '')); execute format('set local hsadminng.assumedRoles to %L', assumedRoles); - execute format('set local hsadminng.currentSubjectsUuids to %L', - (select array_to_string(determinecurrentSubjectsUuids(currentUserUuid, assumedRoles), ';'))); + execute format('set local hsadminng.currentSubjectOrAssumedRolesUuids to %L', + (select array_to_string(determineCurrentSubjectOrAssumedRolesUuids(currentSubjectUuid, assumedRoles), ';'))); - raise notice 'Context defined as: %, %, %, [%]', currentTask, currentRequest, currentUser, assumedRoles; + raise notice 'Context defined as: %, %, %, [%]', currentTask, currentRequest, currentSubject, assumedRoles; end; $$; -- ============================================================================ ---changeset rbac-context-CURRENT-USER-ID:1 endDelimiter:--// +--changeset rbac-context-current-subject-ID:1 endDelimiter:--// -- ---------------------------------------------------------------------------- /* - Returns the uuid of the current user as set via `basis.defineContext(...)`. + Returns the uuid of the current subject as set via `basis.defineContext(...)`. */ -create or replace function currentUserUuid() +create or replace function rbac.currentSubjectUuid() returns uuid stable -- leakproof language plpgsql as $$ declare - currentUserUuid text; - currentUserName text; + currentSubjectUuid text; + currentSubjectName text; begin begin - currentUserUuid := current_setting('hsadminng.currentUserUuid'); + currentSubjectUuid := current_setting('hsadminng.currentSubjectUuid'); exception when others then - currentUserUuid := null; + currentSubjectUuid := null; end; - if (currentUserUuid is null or currentUserUuid = '') then - currentUserName := basis.currentUser(); - if (length(currentUserName) > 0) then - raise exception '[401] currentUserUuid cannot be determined, unknown user name "%"', currentUserName; + if (currentSubjectUuid is null or currentSubjectUuid = '') then + currentSubjectName := basis.currentSubject(); + if (length(currentSubjectName) > 0) then + raise exception '[401] currentSubjectUuid cannot be determined, unknown subject name "%"', currentSubjectName; else - raise exception '[401] currentUserUuid cannot be determined, please call `basis.defineContext(...)` first;"'; + raise exception '[401] currentSubjectUuid cannot be determined, please call `basis.defineContext(...)` first;"'; end if; end if; - return currentUserUuid::uuid; + return currentSubjectUuid::uuid; end; $$; --// @@ -147,33 +147,33 @@ end; $$; --changeset rbac-context-CURRENT-SUBJECT-UUIDS:1 endDelimiter:--// -- ---------------------------------------------------------------------------- /* - Returns the uuid of the current user as set via `basis.defineContext(...)`, + Returns the uuid of the current subject as set via `basis.defineContext(...)`, or, if any, the uuids of all assumed roles as set via `basis.defineContext(...)` or empty array, if context is not defined. */ -create or replace function currentSubjectsUuids() +create or replace function rbac.currentSubjectOrAssumedRolesUuids() returns uuid[] stable -- leakproof language plpgsql as $$ declare - currentSubjectsUuids text; - currentUserName text; + currentSubjectOrAssumedRolesUuids text; + currentSubjectName text; begin begin - currentSubjectsUuids := current_setting('hsadminng.currentSubjectsUuids'); + currentSubjectOrAssumedRolesUuids := current_setting('hsadminng.currentSubjectOrAssumedRolesUuids'); exception when others then - currentSubjectsUuids := null; + currentSubjectOrAssumedRolesUuids := null; end; - if (currentSubjectsUuids is null or length(currentSubjectsUuids) = 0 ) then - currentUserName := basis.currentUser(); - if (length(currentUserName) > 0) then - raise exception '[401] currentSubjectsUuids (%) cannot be determined, unknown user name "%"', currentSubjectsUuids, currentUserName; + if (currentSubjectOrAssumedRolesUuids is null or length(currentSubjectOrAssumedRolesUuids) = 0 ) then + currentSubjectName := basis.currentSubject(); + if (length(currentSubjectName) > 0) then + raise exception '[401] currentSubjectOrAssumedRolesUuids (%) cannot be determined, unknown subject name "%"', currentSubjectOrAssumedRolesUuids, currentSubjectName; else - raise exception '[401] currentSubjectsUuids cannot be determined, please call `basis.defineContext(...)` with a valid user;"'; + raise exception '[401] currentSubjectOrAssumedRolesUuids cannot be determined, please call `basis.defineContext(...)` with a valid subject;"'; end if; end if; - return string_to_array(currentSubjectsUuids, ';'); + return string_to_array(currentSubjectOrAssumedRolesUuids, ';'); end; $$; --// diff --git a/src/main/resources/db/changelog/1-rbac/1055-rbac-views.sql b/src/main/resources/db/changelog/1-rbac/1055-rbac-views.sql index 38530ba7..e753798e 100644 --- a/src/main/resources/db/changelog/1-rbac/1055-rbac-views.sql +++ b/src/main/resources/db/changelog/1-rbac/1055-rbac-views.sql @@ -15,7 +15,7 @@ select (objectTable || '#' || objectIdName || ':' || roleType) as roleIdName, * select r.*, o.objectTable, findIdNameByObjectUuid(o.objectTable, o.uuid) as objectIdName from rbacrole as r - join rbacobject as o on o.uuid = r.objectuuid + join rbac.object as o on o.uuid = r.objectuuid ) as unordered -- @formatter:on order by roleIdName; @@ -36,8 +36,8 @@ select * select r.*, o.objectTable, findIdNameByObjectUuid(o.objectTable, o.uuid) as objectIdName from rbacrole as r - join rbacobject as o on o.uuid = r.objectuuid - where isGranted(currentSubjectsUuids(), r.uuid) + join rbac.object as o on o.uuid = r.objectuuid + where isGranted(rbac.currentSubjectOrAssumedRolesUuids(), r.uuid) ) as unordered -- @formatter:on order by objectTable || '#' || objectIdName || ':' || roleType; @@ -88,17 +88,17 @@ create or replace view rbacgrants_ev as from rbacgrants as g left outer join rbacrole as ar on ar.uuid = g.ascendantUuid - left outer join rbacobject as aro on aro.uuid = ar.objectuuid - left outer join rbacuser as au on au.uuid = g.ascendantUuid + left outer join rbac.object as aro on aro.uuid = ar.objectuuid + left outer join rbac.subject as au on au.uuid = g.ascendantUuid left outer join rbacrole as dr on dr.uuid = g.descendantUuid - left outer join rbacobject as dro on dro.uuid = dr.objectuuid + left outer join rbac.object as dro on dro.uuid = dr.objectuuid left outer join rbacpermission dp on dp.uuid = g.descendantUuid - left outer join rbacobject as dpo on dpo.uuid = dp.objectUuid + left outer join rbac.object as dpo on dpo.uuid = dp.objectUuid ) as x left outer join rbacrole as r on r.uuid = grantedByRoleUuid - left outer join rbacuser u on u.uuid = x.ascendantuuid - left outer join rbacobject go on go.uuid = r.objectuuid + left outer join rbac.subject u on u.uuid = x.ascendantuuid + left outer join rbac.object go on go.uuid = r.objectuuid order by x.ascendingIdName, x.descendingIdName; -- @formatter:on @@ -125,12 +125,12 @@ select o.objectTable || '#' || findIdNameByObjectUuid(o.objectTable, o.uuid) || findIdNameByObjectUuid(o.objectTable, o.uuid) as objectIdName from rbacgrants as g join rbacrole as r on r.uuid = g.descendantUuid - join rbacobject o on o.uuid = r.objectuuid - left outer join rbacuser u on u.uuid = g.ascendantuuid - where isGranted(currentSubjectsUuids(), r.uuid) + join rbac.object o on o.uuid = r.objectuuid + left outer join rbac.subject u on u.uuid = g.ascendantuuid + where isGranted(rbac.currentSubjectOrAssumedRolesUuids(), r.uuid) ) as g join RbacRole as r on r.uuid = grantedByRoleUuid - join RbacObject as o on o.uuid = r.objectUuid + join rbac.object as o on o.uuid = r.objectUuid order by grantedRoleIdName; -- @formatter:on grant all privileges on rbacrole_rv to ${HSADMINNG_POSTGRES_RESTRICTED_USERNAME}; @@ -209,13 +209,13 @@ create or replace view RbacUser_ev as select distinct * -- @formatter:off from ( - select usersInRolesOfCurrentUser.* - from RbacUser as usersInRolesOfCurrentUser - join RbacGrants as g on g.ascendantuuid = usersInRolesOfCurrentUser.uuid + select usersInRolesOfcurrentSubject.* + from rbac.subject as usersInRolesOfcurrentSubject + join RbacGrants as g on g.ascendantuuid = usersInRolesOfcurrentSubject.uuid join rbacrole_ev as r on r.uuid = g.descendantuuid union select users.* - from RbacUser as users + from rbac.subject as users ) as unordered -- @formatter:on order by unordered.name; @@ -234,15 +234,15 @@ create or replace view RbacUser_rv as select distinct * -- @formatter:off from ( - select usersInRolesOfCurrentUser.* - from RbacUser as usersInRolesOfCurrentUser - join RbacGrants as g on g.ascendantuuid = usersInRolesOfCurrentUser.uuid + select usersInRolesOfcurrentSubject.* + from rbac.subject as usersInRolesOfcurrentSubject + join RbacGrants as g on g.ascendantuuid = usersInRolesOfcurrentSubject.uuid join rbacrole_rv as r on r.uuid = g.descendantuuid union select users.* - from RbacUser as users + from rbac.subject as users where cardinality(basis.assumedRoles()) = 0 and - (currentUserUuid() = users.uuid or hasGlobalRoleGranted(currentUserUuid())) + (rbac.currentSubjectUuid() = users.uuid or hasGlobalRoleGranted(rbac.currentSubjectUuid())) ) as unordered -- @formatter:on @@ -262,14 +262,14 @@ create or replace function insertRbacUser() language plpgsql as $$ declare refUuid uuid; - newUser RbacUser; + newUser rbac.subject; begin insert - into RbacReference as r (uuid, type) - values( new.uuid, 'RbacUser') + into rbac.reference as r (uuid, type) + values( new.uuid, 'rbac.subject') returning r.uuid into refUuid; insert - into RbacUser (uuid, name) + into rbac.subject (uuid, name) values (refUuid, new.name) returning * into newUser; return newUser; @@ -299,11 +299,11 @@ create or replace function deleteRbacUser() returns trigger language plpgsql as $$ begin - if currentUserUuid() = old.uuid or hasGlobalRoleGranted(currentUserUuid()) then - delete from RbacUser where uuid = old.uuid; + if rbac.currentSubjectUuid() = old.uuid or hasGlobalRoleGranted(rbac.currentSubjectUuid()) then + delete from rbac.subject where uuid = old.uuid; return old; end if; - raise exception '[403] User % not allowed to delete user uuid %', basis.currentUser(), old.uuid; + raise exception '[403] User % not allowed to delete user uuid %', basis.currentSubject(), old.uuid; end; $$; /* @@ -332,7 +332,7 @@ select r.uuid as roleuuid, p.uuid as permissionUuid, from rbacrole_rv r join rbacgrants g on g.ascendantuuid = r.uuid join rbacpermission p on p.uuid = g.descendantuuid - join rbacobject o on o.uuid = p.objectuuid; + join rbac.object o on o.uuid = p.objectuuid; grant all privileges on RbacOwnGrantedPermissions_rv to ${HSADMINNG_POSTGRES_RESTRICTED_USERNAME}; -- @formatter:om @@ -348,13 +348,13 @@ create or replace function grantedPermissionsRaw(targetUserUuid uuid) returns null on null input language plpgsql as $$ declare - currentUserUuid uuid; + currentSubjectUuid uuid; begin -- @formatter:off - currentUserUuid := currentUserUuid(); + currentSubjectUuid := rbac.currentSubjectUuid(); - if hasGlobalRoleGranted(targetUserUuid) and not hasGlobalRoleGranted(currentUserUuid) then - raise exception '[403] permissions of user "%" are not accessible to user "%"', targetUserUuid, basis.currentUser(); + if hasGlobalRoleGranted(targetUserUuid) and not hasGlobalRoleGranted(currentSubjectUuid) then + raise exception '[403] permissions of user "%" are not accessible to user "%"', targetUserUuid, basis.currentSubject(); end if; return query select @@ -371,9 +371,9 @@ begin po.uuid as permissionObjectUuid from queryPermissionsGrantedToSubjectId( targetUserUuid) as p join rbacgrants as g on g.descendantUuid = p.uuid - join rbacobject as po on po.uuid = p.objectUuid + join rbac.object as po on po.uuid = p.objectUuid join rbacrole_rv as r on r.uuid = g.ascendantUuid - join rbacobject as ro on ro.uuid = r.objectUuid + join rbac.object as ro on ro.uuid = r.objectUuid where isGranted(targetUserUuid, r.uuid) ) xp; -- @formatter:on diff --git a/src/main/resources/db/changelog/1-rbac/1058-rbac-generators.sql b/src/main/resources/db/changelog/1-rbac/1058-rbac-generators.sql index 233cc316..a1fd2e52 100644 --- a/src/main/resources/db/changelog/1-rbac/1058-rbac-generators.sql +++ b/src/main/resources/db/changelog/1-rbac/1058-rbac-generators.sql @@ -15,7 +15,7 @@ begin create trigger createRbacObjectFor_%s_Trigger before insert on %s for each row - execute procedure insertRelatedRbacObject(); + execute procedure rbac.insert_related_object(); $sql$, targetTable, targetTable); execute createInsertTriggerSQL; @@ -185,7 +185,7 @@ begin true from rbacgrants where rbacgrants.assumed - and (rbacgrants.ascendantuuid = any (currentsubjectsuuids())) + and (rbacgrants.ascendantuuid = any (rbac.currentSubjectOrAssumedRolesUuids())) union all select distinct g.descendantuuid, g.ascendantuuid, @@ -203,7 +203,7 @@ begin select distinct perm.objectuuid from recursive_grants join rbacpermission perm on recursive_grants.descendantuuid = perm.uuid - join rbacobject obj on obj.uuid = perm.objectuuid + join rbac.object obj on obj.uuid = perm.objectuuid join count_check cc on cc.valid where obj.objectTable = '%1$s' -- 'SELECT' permission is included in all other permissions ) @@ -256,11 +256,11 @@ begin returns trigger language plpgsql as $f$ begin - if old.uuid in (select queryAccessibleObjectUuidsOfSubjectIds('DELETE', '%1$s', currentSubjectsUuids())) then + if old.uuid in (select queryAccessibleObjectUuidsOfSubjectIds('DELETE', '%1$s', rbac.currentSubjectOrAssumedRolesUuids())) then delete from %1$s p where p.uuid = old.uuid; return old; end if; - raise exception '[403] Subject %% is not allowed to delete %1$s uuid %%', currentSubjectsUuids(), old.uuid; + raise exception '[403] Subject %% is not allowed to delete %1$s uuid %%', rbac.currentSubjectOrAssumedRolesUuids(), old.uuid; end; $f$; $sql$, targetTable); execute sql; @@ -287,13 +287,13 @@ begin returns trigger language plpgsql as $f$ begin - if old.uuid in (select queryAccessibleObjectUuidsOfSubjectIds('UPDATE', '%1$s', currentSubjectsUuids())) then + if old.uuid in (select queryAccessibleObjectUuidsOfSubjectIds('UPDATE', '%1$s', rbac.currentSubjectOrAssumedRolesUuids())) then update %1$s set %2$s where uuid = old.uuid; return old; end if; - raise exception '[403] Subject %% is not allowed to update %1$s uuid %%', currentSubjectsUuids(), old.uuid; + raise exception '[403] Subject %% is not allowed to update %1$s uuid %%', rbac.currentSubjectOrAssumedRolesUuids(), old.uuid; end; $f$; $sql$, targetTable, columnUpdates); execute sql; diff --git a/src/main/resources/db/changelog/1-rbac/1059-rbac-statistics.sql b/src/main/resources/db/changelog/1-rbac/1059-rbac-statistics.sql index 1ef6283a..4cb5ff19 100644 --- a/src/main/resources/db/changelog/1-rbac/1059-rbac-statistics.sql +++ b/src/main/resources/db/changelog/1-rbac/1059-rbac-statistics.sql @@ -8,7 +8,7 @@ create view RbacStatisticsView as select no, to_char("count", '9 999 999 999') as "count", "table" from (select 1 as no, count(*) as "count", 'login users' as "table" - from RbacUser + from rbac.subject union select 2 as no, count(*) as "count", 'roles' as "table" from RbacRole @@ -17,12 +17,12 @@ select no, to_char("count", '9 999 999 999') as "count", "table" from RbacPermission union select 4 as no, count(*) as "count", 'references' as "table" - from RbacReference + from rbac.reference union select 5 as no, count(*) as "count", 'grants' as "table" from RbacGrants union select 6 as no, count(*) as "count", 'objects' as "table" - from RbacObject) as totals + from rbac.object) as totals order by totals.no; --// diff --git a/src/main/resources/db/changelog/1-rbac/1080-rbac-global.sql b/src/main/resources/db/changelog/1-rbac/1080-rbac-global.sql index c20238c7..8fb1f19e 100644 --- a/src/main/resources/db/changelog/1-rbac/1080-rbac-global.sql +++ b/src/main/resources/db/changelog/1-rbac/1080-rbac-global.sql @@ -13,7 +13,7 @@ */ create table Global ( - uuid uuid primary key references RbacObject (uuid) on delete cascade, + uuid uuid primary key references rbac.object (uuid) on delete cascade, name varchar(63) unique ); create unique index Global_Singleton on Global ((0)); @@ -30,7 +30,7 @@ create or replace function isGlobalAdmin() returns boolean language plpgsql as $$ begin - return isGranted(currentSubjectsUuids(), findRoleId(globalAdmin())); + return isGranted(rbac.currentSubjectOrAssumedRolesUuids(), findRoleId(globalAdmin())); end; $$; --// @@ -45,7 +45,7 @@ create or replace function hasGlobalPermission(op RbacOp) $$ -- TODO.perf: this could to be optimized select (select uuid from global) in - (select queryAccessibleObjectUuidsOfSubjectIds(op, 'global', currentSubjectsUuids())); + (select queryAccessibleObjectUuidsOfSubjectIds(op, 'global', rbac.currentSubjectOrAssumedRolesUuids())); $$; --// @@ -96,9 +96,9 @@ $$; begin transaction; call basis.defineContext('initializing table "global"', null, null, null); insert - into RbacObject (objecttable) values ('global'); + into rbac.object (objecttable) values ('global'); insert - into Global (uuid, name) values ((select uuid from RbacObject where objectTable = 'global'), 'global'); + into Global (uuid, name) values ((select uuid from rbac.object where objectTable = 'global'), 'global'); commit; --// @@ -114,7 +114,7 @@ create or replace function globalAdmin(assumed boolean = true) returns null on null input stable -- leakproof language sql as $$ -select 'global', (select uuid from RbacObject where objectTable = 'global'), 'ADMIN'::RbacRoleType, assumed; +select 'global', (select uuid from rbac.object where objectTable = 'global'), 'ADMIN'::RbacRoleType, assumed; $$; begin transaction; @@ -135,7 +135,7 @@ create or replace function globalGuest(assumed boolean = true) returns null on null input stable -- leakproof language sql as $$ -select 'global', (select uuid from RbacObject where objectTable = 'global'), 'GUEST'::RbacRoleType, assumed; +select 'global', (select uuid from rbac.object where objectTable = 'global'), 'GUEST'::RbacRoleType, assumed; $$; begin transaction; @@ -158,10 +158,10 @@ do language plpgsql $$ call basis.defineContext('creating fake test-realm admin users', null, null, null); admins = findRoleId(globalAdmin()); - call grantRoleToUserUnchecked(admins, admins, createRbacUser('superuser-alex@hostsharing.net')); - call grantRoleToUserUnchecked(admins, admins, createRbacUser('superuser-fran@hostsharing.net')); - perform createRbacUser('selfregistered-user-drew@hostsharing.org'); - perform createRbacUser('selfregistered-test-user@hostsharing.org'); + call grantRoleToUserUnchecked(admins, admins, rbac.create_subject('superuser-alex@hostsharing.net')); + call grantRoleToUserUnchecked(admins, admins, rbac.create_subject('superuser-fran@hostsharing.net')); + perform rbac.create_subject('selfregistered-user-drew@hostsharing.org'); + perform rbac.create_subject('selfregistered-test-user@hostsharing.org'); end; $$; --// @@ -172,23 +172,23 @@ $$; -- ---------------------------------------------------------------------------- /* - Tests if currentUserUuid() can fetch the user from the session variable. + Tests if rbac.currentSubjectUuid() can fetch the user from the session variable. */ do language plpgsql $$ declare userName varchar; begin - call basis.defineContext('testing currentUserUuid', null, 'superuser-fran@hostsharing.net', null); - select userName from RbacUser where uuid = currentUserUuid() into userName; + call basis.defineContext('testing currentSubjectUuid', null, 'superuser-fran@hostsharing.net', null); + select userName from rbac.subject where uuid = rbac.currentSubjectUuid() into userName; if userName <> 'superuser-fran@hostsharing.net' then - raise exception 'setting or fetching initial currentUser failed, got: %', userName; + raise exception 'setting or fetching initial currentSubject failed, got: %', userName; end if; - call basis.defineContext('testing currentUserUuid', null, 'superuser-alex@hostsharing.net', null); - select userName from RbacUser where uuid = currentUserUuid() into userName; + call basis.defineContext('testing currentSubjectUuid', null, 'superuser-alex@hostsharing.net', null); + select userName from rbac.subject where uuid = rbac.currentSubjectUuid() into userName; if userName = 'superuser-alex@hostsharing.net' then - raise exception 'currentUser should not change in one transaction, but did change, got: %', userName; + raise exception 'currentSubject should not change in one transaction, but did change, got: %', userName; end if; end; $$; --// diff --git a/src/main/resources/db/changelog/2-test/201-test-customer/2010-test-customer.sql b/src/main/resources/db/changelog/2-test/201-test-customer/2010-test-customer.sql index 559ba51a..f956cb1d 100644 --- a/src/main/resources/db/changelog/2-test/201-test-customer/2010-test-customer.sql +++ b/src/main/resources/db/changelog/2-test/201-test-customer/2010-test-customer.sql @@ -6,7 +6,7 @@ create table if not exists test_customer ( - uuid uuid unique references RbacObject (uuid), + uuid uuid unique references rbac.object (uuid), version int not null default 0, reference int not null unique check (reference between 10000 and 99999), prefix character(3) unique, diff --git a/src/main/resources/db/changelog/2-test/201-test-customer/2013-test-customer-rbac.sql b/src/main/resources/db/changelog/2-test/201-test-customer/2013-test-customer-rbac.sql index 6e084160..f1ebb9dd 100644 --- a/src/main/resources/db/changelog/2-test/201-test-customer/2013-test-customer-rbac.sql +++ b/src/main/resources/db/changelog/2-test/201-test-customer/2013-test-customer-rbac.sql @@ -38,7 +38,7 @@ begin testCustomerOWNER(NEW), permissions => array['DELETE'], incomingSuperRoles => array[globalADMIN(unassumed())], - userUuids => array[currentUserUuid()] + userUuids => array[rbac.currentSubjectUuid()] ); perform createRoleWithGrants( @@ -143,7 +143,7 @@ begin end if; raise exception '[403] insert into test_customer values(%) not allowed for current subjects % (%)', - NEW, currentSubjects(), currentSubjectsUuids(); + NEW, currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); end; $$; create trigger test_customer_insert_permission_check_tg diff --git a/src/main/resources/db/changelog/2-test/201-test-customer/2018-test-customer-test-data.sql b/src/main/resources/db/changelog/2-test/201-test-customer/2018-test-customer-test-data.sql index a05835f8..e9a63044 100644 --- a/src/main/resources/db/changelog/2-test/201-test-customer/2018-test-customer-test-data.sql +++ b/src/main/resources/db/changelog/2-test/201-test-customer/2018-test-customer-test-data.sql @@ -32,7 +32,7 @@ declare begin custRowId = uuid_generate_v4(); custAdminName = 'customer-admin@' || custPrefix || '.example.com'; - custAdminUuid = createRbacUser(custAdminName); + custAdminUuid = rbac.create_subject(custAdminName); insert into test_customer (reference, prefix, adminUserName) diff --git a/src/main/resources/db/changelog/2-test/202-test-package/2020-test-package.sql b/src/main/resources/db/changelog/2-test/202-test-package/2020-test-package.sql index 30739cd3..794f558f 100644 --- a/src/main/resources/db/changelog/2-test/202-test-package/2020-test-package.sql +++ b/src/main/resources/db/changelog/2-test/202-test-package/2020-test-package.sql @@ -6,7 +6,7 @@ create table if not exists test_package ( - uuid uuid unique references RbacObject (uuid), + uuid uuid unique references rbac.object (uuid), version int not null default 0, customerUuid uuid references test_customer (uuid), name varchar(5), diff --git a/src/main/resources/db/changelog/2-test/202-test-package/2023-test-package-rbac.sql b/src/main/resources/db/changelog/2-test/202-test-package/2023-test-package-rbac.sql index 4cc51b27..af51c791 100644 --- a/src/main/resources/db/changelog/2-test/202-test-package/2023-test-package-rbac.sql +++ b/src/main/resources/db/changelog/2-test/202-test-package/2023-test-package-rbac.sql @@ -208,7 +208,7 @@ begin end if; raise exception '[403] insert into test_package values(%) not allowed for current subjects % (%)', - NEW, currentSubjects(), currentSubjectsUuids(); + NEW, currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); end; $$; create trigger test_package_insert_permission_check_tg diff --git a/src/main/resources/db/changelog/2-test/202-test-package/2028-test-package-test-data.sql b/src/main/resources/db/changelog/2-test/202-test-package/2028-test-package-test-data.sql index d471a421..d8c64916 100644 --- a/src/main/resources/db/changelog/2-test/202-test-package/2028-test-package-test-data.sql +++ b/src/main/resources/db/changelog/2-test/202-test-package/2028-test-package-test-data.sql @@ -32,7 +32,7 @@ begin call grantRoleToUser( getRoleId(testCustomerAdmin(cust)), findRoleId(testPackageAdmin(pac)), - createRbacUser('pac-admin-' || pacName || '@' || cust.prefix || '.example.com'), + rbac.create_subject('pac-admin-' || pacName || '@' || cust.prefix || '.example.com'), true); end loop; diff --git a/src/main/resources/db/changelog/2-test/203-test-domain/2030-test-domain.sql b/src/main/resources/db/changelog/2-test/203-test-domain/2030-test-domain.sql index 6b50dcae..c4318617 100644 --- a/src/main/resources/db/changelog/2-test/203-test-domain/2030-test-domain.sql +++ b/src/main/resources/db/changelog/2-test/203-test-domain/2030-test-domain.sql @@ -6,7 +6,7 @@ create table if not exists test_domain ( - uuid uuid unique references RbacObject (uuid), + uuid uuid unique references rbac.object (uuid), packageUuid uuid references test_package (uuid), name character varying(253), description character varying(96) diff --git a/src/main/resources/db/changelog/2-test/203-test-domain/2033-test-domain-rbac.sql b/src/main/resources/db/changelog/2-test/203-test-domain/2033-test-domain-rbac.sql index ab12d7fd..1b4a0421 100644 --- a/src/main/resources/db/changelog/2-test/203-test-domain/2033-test-domain-rbac.sql +++ b/src/main/resources/db/changelog/2-test/203-test-domain/2033-test-domain-rbac.sql @@ -207,7 +207,7 @@ begin end if; raise exception '[403] insert into test_domain values(%) not allowed for current subjects % (%)', - NEW, currentSubjects(), currentSubjectsUuids(); + NEW, currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); end; $$; create trigger test_domain_insert_permission_check_tg diff --git a/src/main/resources/db/changelog/5-hs-office/501-contact/5010-hs-office-contact.sql b/src/main/resources/db/changelog/5-hs-office/501-contact/5010-hs-office-contact.sql index 9c187d11..d1694eb6 100644 --- a/src/main/resources/db/changelog/5-hs-office/501-contact/5010-hs-office-contact.sql +++ b/src/main/resources/db/changelog/5-hs-office/501-contact/5010-hs-office-contact.sql @@ -6,7 +6,7 @@ create table if not exists hs_office_contact ( - uuid uuid unique references RbacObject (uuid) initially deferred, + uuid uuid unique references rbac.object (uuid) initially deferred, version int not null default 0, caption varchar(128) not null, postalAddress text, diff --git a/src/main/resources/db/changelog/5-hs-office/501-contact/5013-hs-office-contact-rbac.sql b/src/main/resources/db/changelog/5-hs-office/501-contact/5013-hs-office-contact-rbac.sql index d1fabf3e..bfd66de5 100644 --- a/src/main/resources/db/changelog/5-hs-office/501-contact/5013-hs-office-contact-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/501-contact/5013-hs-office-contact-rbac.sql @@ -38,7 +38,7 @@ begin hsOfficeContactOWNER(NEW), permissions => array['DELETE'], incomingSuperRoles => array[globalADMIN()], - userUuids => array[currentUserUuid()] + userUuids => array[rbac.currentSubjectUuid()] ); perform createRoleWithGrants( diff --git a/src/main/resources/db/changelog/5-hs-office/501-contact/5018-hs-office-contact-test-data.sql b/src/main/resources/db/changelog/5-hs-office/501-contact/5018-hs-office-contact-test-data.sql index d8bbcd74..cb431d26 100644 --- a/src/main/resources/db/changelog/5-hs-office/501-contact/5018-hs-office-contact-test-data.sql +++ b/src/main/resources/db/changelog/5-hs-office/501-contact/5018-hs-office-contact-test-data.sql @@ -16,7 +16,7 @@ declare begin emailAddr = 'contact-admin@' || cleanIdentifier(contCaption) || '.example.com'; call basis.defineContext('creating contact test-data'); - perform createRbacUser(emailAddr); + perform rbac.create_subject(emailAddr); call basis.defineContext('creating contact test-data', null, emailAddr); postalAddr := E'Vorname Nachname\nStraße Hnr\nPLZ Stadt'; diff --git a/src/main/resources/db/changelog/5-hs-office/502-person/5020-hs-office-person.sql b/src/main/resources/db/changelog/5-hs-office/502-person/5020-hs-office-person.sql index 97435390..f73696c0 100644 --- a/src/main/resources/db/changelog/5-hs-office/502-person/5020-hs-office-person.sql +++ b/src/main/resources/db/changelog/5-hs-office/502-person/5020-hs-office-person.sql @@ -16,7 +16,7 @@ CREATE CAST (character varying as HsOfficePersonType) WITH INOUT AS IMPLICIT; create table if not exists hs_office_person ( - uuid uuid unique references RbacObject (uuid) initially deferred, + uuid uuid unique references rbac.object (uuid) initially deferred, version int not null default 0, personType HsOfficePersonType not null, tradeName varchar(96), diff --git a/src/main/resources/db/changelog/5-hs-office/502-person/5023-hs-office-person-rbac.sql b/src/main/resources/db/changelog/5-hs-office/502-person/5023-hs-office-person-rbac.sql index bdaca63c..4fb80622 100644 --- a/src/main/resources/db/changelog/5-hs-office/502-person/5023-hs-office-person-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/502-person/5023-hs-office-person-rbac.sql @@ -38,7 +38,7 @@ begin hsOfficePersonOWNER(NEW), permissions => array['DELETE'], incomingSuperRoles => array[globalADMIN()], - userUuids => array[currentUserUuid()] + userUuids => array[rbac.currentSubjectUuid()] ); perform createRoleWithGrants( diff --git a/src/main/resources/db/changelog/5-hs-office/502-person/5028-hs-office-person-test-data.sql b/src/main/resources/db/changelog/5-hs-office/502-person/5028-hs-office-person-test-data.sql index 4040ceb4..f04b2d5c 100644 --- a/src/main/resources/db/changelog/5-hs-office/502-person/5028-hs-office-person-test-data.sql +++ b/src/main/resources/db/changelog/5-hs-office/502-person/5028-hs-office-person-test-data.sql @@ -22,7 +22,7 @@ begin fullName := concat_ws(', ', newTradeName, newFamilyName, newGivenName); emailAddr = 'person-' || left(cleanIdentifier(fullName), 32) || '@example.com'; call basis.defineContext('creating person test-data'); - perform createRbacUser(emailAddr); + perform rbac.create_subject(emailAddr); call basis.defineContext('creating person test-data', null, emailAddr); raise notice 'creating test person: % by %', fullName, emailAddr; diff --git a/src/main/resources/db/changelog/5-hs-office/503-relation/5030-hs-office-relation.sql b/src/main/resources/db/changelog/5-hs-office/503-relation/5030-hs-office-relation.sql index e4d6d166..ee02668d 100644 --- a/src/main/resources/db/changelog/5-hs-office/503-relation/5030-hs-office-relation.sql +++ b/src/main/resources/db/changelog/5-hs-office/503-relation/5030-hs-office-relation.sql @@ -18,7 +18,7 @@ CREATE CAST (character varying as HsOfficeRelationType) WITH INOUT AS IMPLICIT; create table if not exists hs_office_relation ( - uuid uuid unique references RbacObject (uuid) initially deferred, -- on delete cascade + uuid uuid unique references rbac.object (uuid) initially deferred, -- on delete cascade version int not null default 0, anchorUuid uuid not null references hs_office_person(uuid), holderUuid uuid not null references hs_office_person(uuid), diff --git a/src/main/resources/db/changelog/5-hs-office/503-relation/5033-hs-office-relation-rbac.sql b/src/main/resources/db/changelog/5-hs-office/503-relation/5033-hs-office-relation-rbac.sql index 84ae494c..3941456a 100644 --- a/src/main/resources/db/changelog/5-hs-office/503-relation/5033-hs-office-relation-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/503-relation/5033-hs-office-relation-rbac.sql @@ -51,7 +51,7 @@ begin hsOfficeRelationOWNER(NEW), permissions => array['DELETE'], incomingSuperRoles => array[globalADMIN()], - userUuids => array[currentUserUuid()] + userUuids => array[rbac.currentSubjectUuid()] ); perform createRoleWithGrants( @@ -217,7 +217,7 @@ begin end if; raise exception '[403] insert into hs_office_relation not allowed for current subjects % (%)', - currentSubjects(), currentSubjectsUuids(); + currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); end; $$; create trigger hs_office_relation_insert_permission_check_tg diff --git a/src/main/resources/db/changelog/5-hs-office/504-partner/5040-hs-office-partner.sql b/src/main/resources/db/changelog/5-hs-office/504-partner/5040-hs-office-partner.sql index aac22c5b..8dc99bf3 100644 --- a/src/main/resources/db/changelog/5-hs-office/504-partner/5040-hs-office-partner.sql +++ b/src/main/resources/db/changelog/5-hs-office/504-partner/5040-hs-office-partner.sql @@ -7,7 +7,7 @@ create table hs_office_partner_details ( - uuid uuid unique references RbacObject (uuid) initially deferred, + uuid uuid unique references rbac.object (uuid) initially deferred, version int not null default 0, registrationOffice varchar(96), registrationNumber varchar(96), @@ -32,7 +32,7 @@ call basis.create_journal('hs_office_partner_details'); create table hs_office_partner ( - uuid uuid unique references RbacObject (uuid) initially deferred, + uuid uuid unique references rbac.object (uuid) initially deferred, version int not null default 0, partnerNumber numeric(5) unique not null, partnerRelUuid uuid not null references hs_office_relation(uuid), -- deleted in after delete trigger diff --git a/src/main/resources/db/changelog/5-hs-office/504-partner/5043-hs-office-partner-rbac.sql b/src/main/resources/db/changelog/5-hs-office/504-partner/5043-hs-office-partner-rbac.sql index 9bc7f773..36040336 100644 --- a/src/main/resources/db/changelog/5-hs-office/504-partner/5043-hs-office-partner-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/504-partner/5043-hs-office-partner-rbac.sql @@ -220,7 +220,7 @@ begin end if; raise exception '[403] insert into hs_office_partner values(%) not allowed for current subjects % (%)', - NEW, currentSubjects(), currentSubjectsUuids(); + NEW, currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); end; $$; create trigger hs_office_partner_insert_permission_check_tg diff --git a/src/main/resources/db/changelog/5-hs-office/504-partner/5044-hs-office-partner-details-rbac.sql b/src/main/resources/db/changelog/5-hs-office/504-partner/5044-hs-office-partner-details-rbac.sql index 09ed6dc5..7810f838 100644 --- a/src/main/resources/db/changelog/5-hs-office/504-partner/5044-hs-office-partner-details-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/504-partner/5044-hs-office-partner-details-rbac.sql @@ -124,7 +124,7 @@ begin end if; raise exception '[403] insert into hs_office_partner_details values(%) not allowed for current subjects % (%)', - NEW, currentSubjects(), currentSubjectsUuids(); + NEW, currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); end; $$; create trigger hs_office_partner_details_insert_permission_check_tg diff --git a/src/main/resources/db/changelog/5-hs-office/505-bankaccount/5050-hs-office-bankaccount.sql b/src/main/resources/db/changelog/5-hs-office/505-bankaccount/5050-hs-office-bankaccount.sql index 1dec8bc3..a1c577c6 100644 --- a/src/main/resources/db/changelog/5-hs-office/505-bankaccount/5050-hs-office-bankaccount.sql +++ b/src/main/resources/db/changelog/5-hs-office/505-bankaccount/5050-hs-office-bankaccount.sql @@ -5,7 +5,7 @@ create table hs_office_bankaccount ( - uuid uuid unique references RbacObject (uuid) initially deferred, + uuid uuid unique references rbac.object (uuid) initially deferred, version int not null default 0, holder varchar(64) not null, iban varchar(34) not null, diff --git a/src/main/resources/db/changelog/5-hs-office/505-bankaccount/5053-hs-office-bankaccount-rbac.sql b/src/main/resources/db/changelog/5-hs-office/505-bankaccount/5053-hs-office-bankaccount-rbac.sql index 724dd658..4d05ae0c 100644 --- a/src/main/resources/db/changelog/5-hs-office/505-bankaccount/5053-hs-office-bankaccount-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/505-bankaccount/5053-hs-office-bankaccount-rbac.sql @@ -38,7 +38,7 @@ begin hsOfficeBankAccountOWNER(NEW), permissions => array['DELETE'], incomingSuperRoles => array[globalADMIN()], - userUuids => array[currentUserUuid()] + userUuids => array[rbac.currentSubjectUuid()] ); perform createRoleWithGrants( diff --git a/src/main/resources/db/changelog/5-hs-office/505-bankaccount/5058-hs-office-bankaccount-test-data.sql b/src/main/resources/db/changelog/5-hs-office/505-bankaccount/5058-hs-office-bankaccount-test-data.sql index ed00ca3a..20891c37 100644 --- a/src/main/resources/db/changelog/5-hs-office/505-bankaccount/5058-hs-office-bankaccount-test-data.sql +++ b/src/main/resources/db/changelog/5-hs-office/505-bankaccount/5058-hs-office-bankaccount-test-data.sql @@ -14,7 +14,7 @@ declare emailAddr varchar; begin emailAddr = 'bankaccount-admin@' || cleanIdentifier(givenHolder) || '.example.com'; - perform createRbacUser(emailAddr); + perform rbac.create_subject(emailAddr); call basis.defineContext('creating bankaccount test-data', null, emailAddr); raise notice 'creating test bankaccount: %', givenHolder; diff --git a/src/main/resources/db/changelog/5-hs-office/506-debitor/5060-hs-office-debitor.sql b/src/main/resources/db/changelog/5-hs-office/506-debitor/5060-hs-office-debitor.sql index 462a9dbd..6d680d49 100644 --- a/src/main/resources/db/changelog/5-hs-office/506-debitor/5060-hs-office-debitor.sql +++ b/src/main/resources/db/changelog/5-hs-office/506-debitor/5060-hs-office-debitor.sql @@ -6,7 +6,7 @@ create table hs_office_debitor ( - uuid uuid unique references RbacObject (uuid) initially deferred, + uuid uuid unique references rbac.object (uuid) initially deferred, version int not null default 0, debitorNumberSuffix char(2) not null check (debitorNumberSuffix::text ~ '^[0-9][0-9]$'), debitorRelUuid uuid not null references hs_office_relation(uuid), diff --git a/src/main/resources/db/changelog/5-hs-office/506-debitor/5063-hs-office-debitor-rbac.sql b/src/main/resources/db/changelog/5-hs-office/506-debitor/5063-hs-office-debitor-rbac.sql index b0c77c67..130f4d95 100644 --- a/src/main/resources/db/changelog/5-hs-office/506-debitor/5063-hs-office-debitor-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/506-debitor/5063-hs-office-debitor-rbac.sql @@ -193,7 +193,7 @@ begin end if; raise exception '[403] insert into hs_office_debitor values(%) not allowed for current subjects % (%)', - NEW, currentSubjects(), currentSubjectsUuids(); + NEW, currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); end; $$; create trigger hs_office_debitor_insert_permission_check_tg diff --git a/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5070-hs-office-sepamandate.sql b/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5070-hs-office-sepamandate.sql index ff020fb3..35aad65a 100644 --- a/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5070-hs-office-sepamandate.sql +++ b/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5070-hs-office-sepamandate.sql @@ -6,7 +6,7 @@ create table if not exists hs_office_sepamandate ( - uuid uuid unique references RbacObject (uuid) initially deferred, + uuid uuid unique references rbac.object (uuid) initially deferred, version int not null default 0, debitorUuid uuid not null references hs_office_debitor(uuid), bankAccountUuid uuid not null references hs_office_bankaccount(uuid), diff --git a/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5073-hs-office-sepamandate-rbac.sql b/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5073-hs-office-sepamandate-rbac.sql index e794d97a..ea2fe7c0 100644 --- a/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5073-hs-office-sepamandate-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5073-hs-office-sepamandate-rbac.sql @@ -51,7 +51,7 @@ begin hsOfficeSepaMandateOWNER(NEW), permissions => array['DELETE'], incomingSuperRoles => array[globalADMIN()], - userUuids => array[currentUserUuid()] + userUuids => array[rbac.currentSubjectUuid()] ); perform createRoleWithGrants( @@ -174,7 +174,7 @@ begin end if; raise exception '[403] insert into hs_office_sepamandate values(%) not allowed for current subjects % (%)', - NEW, currentSubjects(), currentSubjectsUuids(); + NEW, currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); end; $$; create trigger hs_office_sepamandate_insert_permission_check_tg diff --git a/src/main/resources/db/changelog/5-hs-office/510-membership/5100-hs-office-membership.sql b/src/main/resources/db/changelog/5-hs-office/510-membership/5100-hs-office-membership.sql index ab9d3e43..26d1a0d2 100644 --- a/src/main/resources/db/changelog/5-hs-office/510-membership/5100-hs-office-membership.sql +++ b/src/main/resources/db/changelog/5-hs-office/510-membership/5100-hs-office-membership.sql @@ -19,7 +19,7 @@ CREATE CAST (character varying as HsOfficeMembershipStatus) WITH INOUT AS IMPLIC create table if not exists hs_office_membership ( - uuid uuid unique references RbacObject (uuid) initially deferred, + uuid uuid unique references rbac.object (uuid) initially deferred, version int not null default 0, partnerUuid uuid not null references hs_office_partner(uuid), memberNumberSuffix char(2) not null check (memberNumberSuffix::text ~ '^[0-9][0-9]$'), diff --git a/src/main/resources/db/changelog/5-hs-office/510-membership/5103-hs-office-membership-rbac.sql b/src/main/resources/db/changelog/5-hs-office/510-membership/5103-hs-office-membership-rbac.sql index ec39c6d3..ad90b0c2 100644 --- a/src/main/resources/db/changelog/5-hs-office/510-membership/5103-hs-office-membership-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/510-membership/5103-hs-office-membership-rbac.sql @@ -45,7 +45,7 @@ begin perform createRoleWithGrants( hsOfficeMembershipOWNER(NEW), - userUuids => array[currentUserUuid()] + userUuids => array[rbac.currentSubjectUuid()] ); perform createRoleWithGrants( @@ -155,7 +155,7 @@ begin end if; raise exception '[403] insert into hs_office_membership values(%) not allowed for current subjects % (%)', - NEW, currentSubjects(), currentSubjectsUuids(); + NEW, currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); end; $$; create trigger hs_office_membership_insert_permission_check_tg diff --git a/src/main/resources/db/changelog/5-hs-office/511-coopshares/5110-hs-office-coopshares.sql b/src/main/resources/db/changelog/5-hs-office/511-coopshares/5110-hs-office-coopshares.sql index 1adf48d6..1cb9dd72 100644 --- a/src/main/resources/db/changelog/5-hs-office/511-coopshares/5110-hs-office-coopshares.sql +++ b/src/main/resources/db/changelog/5-hs-office/511-coopshares/5110-hs-office-coopshares.sql @@ -10,7 +10,7 @@ CREATE CAST (character varying as HsOfficeCoopSharesTransactionType) WITH INOUT create table if not exists hs_office_coopsharestransaction ( - uuid uuid unique references RbacObject (uuid) initially deferred, + uuid uuid unique references rbac.object (uuid) initially deferred, version int not null default 0, membershipUuid uuid not null references hs_office_membership(uuid), transactionType HsOfficeCoopSharesTransactionType not null, diff --git a/src/main/resources/db/changelog/5-hs-office/511-coopshares/5113-hs-office-coopshares-rbac.sql b/src/main/resources/db/changelog/5-hs-office/511-coopshares/5113-hs-office-coopshares-rbac.sql index e632b648..f440dd83 100644 --- a/src/main/resources/db/changelog/5-hs-office/511-coopshares/5113-hs-office-coopshares-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/511-coopshares/5113-hs-office-coopshares-rbac.sql @@ -131,7 +131,7 @@ begin end if; raise exception '[403] insert into hs_office_coopsharestransaction values(%) not allowed for current subjects % (%)', - NEW, currentSubjects(), currentSubjectsUuids(); + NEW, currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); end; $$; create trigger hs_office_coopsharestransaction_insert_permission_check_tg diff --git a/src/main/resources/db/changelog/5-hs-office/512-coopassets/5120-hs-office-coopassets.sql b/src/main/resources/db/changelog/5-hs-office/512-coopassets/5120-hs-office-coopassets.sql index 3b93e61e..65adf724 100644 --- a/src/main/resources/db/changelog/5-hs-office/512-coopassets/5120-hs-office-coopassets.sql +++ b/src/main/resources/db/changelog/5-hs-office/512-coopassets/5120-hs-office-coopassets.sql @@ -17,7 +17,7 @@ CREATE CAST (character varying as HsOfficeCoopAssetsTransactionType) WITH INOUT create table if not exists hs_office_coopassetstransaction ( - uuid uuid unique references RbacObject (uuid) initially deferred, + uuid uuid unique references rbac.object (uuid) initially deferred, version int not null default 0, membershipUuid uuid not null references hs_office_membership(uuid), transactionType HsOfficeCoopAssetsTransactionType not null, diff --git a/src/main/resources/db/changelog/5-hs-office/512-coopassets/5123-hs-office-coopassets-rbac.sql b/src/main/resources/db/changelog/5-hs-office/512-coopassets/5123-hs-office-coopassets-rbac.sql index 4ef072a1..edaf816e 100644 --- a/src/main/resources/db/changelog/5-hs-office/512-coopassets/5123-hs-office-coopassets-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/512-coopassets/5123-hs-office-coopassets-rbac.sql @@ -131,7 +131,7 @@ begin end if; raise exception '[403] insert into hs_office_coopassetstransaction values(%) not allowed for current subjects % (%)', - NEW, currentSubjects(), currentSubjectsUuids(); + NEW, currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); end; $$; create trigger hs_office_coopassetstransaction_insert_permission_check_tg diff --git a/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6200-hs-booking-project.sql b/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6200-hs-booking-project.sql index 8ea0cc68..d8471d71 100644 --- a/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6200-hs-booking-project.sql +++ b/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6200-hs-booking-project.sql @@ -6,7 +6,7 @@ create table if not exists hs_booking_project ( - uuid uuid unique references RbacObject (uuid), + uuid uuid unique references rbac.object (uuid), version int not null default 0, debitorUuid uuid not null references hs_office_debitor(uuid), caption varchar(80) not null diff --git a/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6203-hs-booking-project-rbac.sql b/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6203-hs-booking-project-rbac.sql index 7137f162..7079ea11 100644 --- a/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6203-hs-booking-project-rbac.sql +++ b/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6203-hs-booking-project-rbac.sql @@ -168,7 +168,7 @@ begin end if; raise exception '[403] insert into hs_booking_project values(%) not allowed for current subjects % (%)', - NEW, currentSubjects(), currentSubjectsUuids(); + NEW, currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); end; $$; create trigger hs_booking_project_insert_permission_check_tg diff --git a/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6200-hs-booking-item.sql b/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6200-hs-booking-item.sql index 6cb8808a..215a5eb1 100644 --- a/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6200-hs-booking-item.sql +++ b/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6200-hs-booking-item.sql @@ -16,7 +16,7 @@ CREATE CAST (character varying as HsBookingItemType) WITH INOUT AS IMPLICIT; create table if not exists hs_booking_item ( - uuid uuid unique references RbacObject (uuid), + uuid uuid unique references rbac.object (uuid), version int not null default 0, projectUuid uuid null references hs_booking_project(uuid), type HsBookingItemType not null, diff --git a/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6203-hs-booking-item-rbac.sql b/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6203-hs-booking-item-rbac.sql index e9ce4c33..9e7c8a8d 100644 --- a/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6203-hs-booking-item-rbac.sql +++ b/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6203-hs-booking-item-rbac.sql @@ -239,7 +239,7 @@ begin end if; raise exception '[403] insert into hs_booking_item values(%) not allowed for current subjects % (%)', - NEW, currentSubjects(), currentSubjectsUuids(); + NEW, currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); end; $$; create trigger hs_booking_item_insert_permission_check_tg diff --git a/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6303-hs-booking-item-rbac.sql b/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6303-hs-booking-item-rbac.sql index e9ce4c33..9e7c8a8d 100644 --- a/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6303-hs-booking-item-rbac.sql +++ b/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6303-hs-booking-item-rbac.sql @@ -239,7 +239,7 @@ begin end if; raise exception '[403] insert into hs_booking_item values(%) not allowed for current subjects % (%)', - NEW, currentSubjects(), currentSubjectsUuids(); + NEW, currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); end; $$; create trigger hs_booking_item_insert_permission_check_tg diff --git a/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7010-hs-hosting-asset.sql b/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7010-hs-hosting-asset.sql index 34a79af5..5c1bd781 100644 --- a/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7010-hs-hosting-asset.sql +++ b/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7010-hs-hosting-asset.sql @@ -30,7 +30,7 @@ CREATE CAST (character varying as HsHostingAssetType) WITH INOUT AS IMPLICIT; create table if not exists hs_hosting_asset ( - uuid uuid unique references RbacObject (uuid), + uuid uuid unique references rbac.object (uuid), version int not null default 0, bookingItemUuid uuid null references hs_booking_item(uuid), type HsHostingAssetType not null, diff --git a/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7013-hs-hosting-asset-rbac.sql b/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7013-hs-hosting-asset-rbac.sql index 5ec3e044..b237a18a 100644 --- a/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7013-hs-hosting-asset-rbac.sql +++ b/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7013-hs-hosting-asset-rbac.sql @@ -53,7 +53,7 @@ begin globalADMIN(unassumed()), hsBookingItemADMIN(newBookingItem), hsHostingAssetADMIN(newParentAsset)], - userUuids => array[currentUserUuid()] + userUuids => array[rbac.currentSubjectUuid()] ); perform createRoleWithGrants( diff --git a/src/main/resources/db/changelog/9-hs-global/9000-statistics.sql b/src/main/resources/db/changelog/9-hs-global/9000-statistics.sql index 7c4304b3..7265d2cc 100644 --- a/src/main/resources/db/changelog/9-hs-global/9000-statistics.sql +++ b/src/main/resources/db/changelog/9-hs-global/9000-statistics.sql @@ -9,7 +9,7 @@ select * from rbacstatisticsview union all select to_char(count(*)::int, '9 999 999 999') as "count", 'objects' as "rbac-table", objecttable as "hs-table", '' as "type" - from rbacobject + from rbac.object group by objecttable union all select to_char(count(*)::int, '9 999 999 999'), 'objects', 'hs_hosting_asset', type::text diff --git a/src/main/resources/db/changelog/db.changelog-master.yaml b/src/main/resources/db/changelog/db.changelog-master.yaml index f30020ae..82ab190e 100644 --- a/src/main/resources/db/changelog/db.changelog-master.yaml +++ b/src/main/resources/db/changelog/db.changelog-master.yaml @@ -27,6 +27,8 @@ databaseChangeLog: file: db/changelog/0-basis/030-historization.sql - include: file: db/changelog/0-basis/090-log-slow-queries-extensions.sql + - include: + file: db/changelog/1-rbac/1000-rbac-schema.sql - include: file: db/changelog/1-rbac/1050-rbac-base.sql - include: diff --git a/src/test/java/net/hostsharing/hsadminng/arch/ArchitectureTest.java b/src/test/java/net/hostsharing/hsadminng/arch/ArchitectureTest.java index 8a51a3f2..cb214959 100644 --- a/src/test/java/net/hostsharing/hsadminng/arch/ArchitectureTest.java +++ b/src/test/java/net/hostsharing/hsadminng/arch/ArchitectureTest.java @@ -71,7 +71,7 @@ public class ArchitectureTest { "..rbac.rbacuser", "..rbac.rbacgrant", "..rbac.rbacrole", - "..rbac.rbacobject", + "..rbac.object", "..rbac.rbacdef", "..stringify" // ATTENTION: Don't simply add packages here, also add arch rules for the new package! @@ -160,7 +160,7 @@ public class ArchitectureTest { "..hs.booking.(*)..", "..hs.hosting.(*)..", "..hs.migration", - "..rbac.rbacgrant" // TODO.test: just because of RbacGrantsDiagramServiceIntegrationTest + "..rbacgrant" // TODO.test: just because of RbacGrantsDiagramServiceIntegrationTest ); @ArchTest diff --git a/src/test/java/net/hostsharing/hsadminng/hs/booking/item/HsBookingItemControllerAcceptanceTest.java b/src/test/java/net/hostsharing/hsadminng/hs/booking/item/HsBookingItemControllerAcceptanceTest.java index 539df3e5..25222f6c 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/booking/item/HsBookingItemControllerAcceptanceTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/booking/item/HsBookingItemControllerAcceptanceTest.java @@ -72,7 +72,7 @@ class HsBookingItemControllerAcceptanceTest extends ContextBasedTestWithCleanup RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .port(port) .when() .get("http://localhost/api/hs/booking/items?projectUuid=" + givenProject.getUuid()) @@ -140,7 +140,7 @@ class HsBookingItemControllerAcceptanceTest extends ContextBasedTestWithCleanup final var location = RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .contentType(ContentType.JSON) .body(""" { @@ -198,7 +198,7 @@ class HsBookingItemControllerAcceptanceTest extends ContextBasedTestWithCleanup RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .port(port) .when() .get("http://localhost/api/hs/booking/items/" + givenBookingItemUuid) @@ -232,7 +232,7 @@ class HsBookingItemControllerAcceptanceTest extends ContextBasedTestWithCleanup RestAssured // @formatter:off .given() - .header("current-user", "selfregistered-user-drew@hostsharing.org") + .header("current-subject", "selfregistered-user-drew@hostsharing.org") .port(port) .when() .get("http://localhost/api/hs/booking/items/" + givenBookingItemUuid) @@ -250,7 +250,7 @@ class HsBookingItemControllerAcceptanceTest extends ContextBasedTestWithCleanup RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .header("assumed-roles", "hs_booking_project#D-1000313-D-1000313defaultproject:ADMIN") .port(port) .when() @@ -294,7 +294,7 @@ class HsBookingItemControllerAcceptanceTest extends ContextBasedTestWithCleanup RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .header("assumed-roles", "hs_booking_project#D-1000111-D-1000111defaultproject:AGENT") .contentType(ContentType.JSON) .body(""" @@ -350,7 +350,7 @@ class HsBookingItemControllerAcceptanceTest extends ContextBasedTestWithCleanup RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .port(port) .when() .delete("http://localhost/api/hs/booking/items/" + givenBookingItem.getUuid()) @@ -369,7 +369,7 @@ class HsBookingItemControllerAcceptanceTest extends ContextBasedTestWithCleanup RestAssured // @formatter:off .given() - .header("current-user", "selfregistered-user-drew@hostsharing.org") + .header("current-subject", "selfregistered-user-drew@hostsharing.org") .port(port) .when() .delete("http://localhost/api/hs/booking/items/" + givenBookingItem.getUuid()) diff --git a/src/test/java/net/hostsharing/hsadminng/hs/booking/item/HsBookingItemControllerRestTest.java b/src/test/java/net/hostsharing/hsadminng/hs/booking/item/HsBookingItemControllerRestTest.java index 55893753..e28f4d38 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/booking/item/HsBookingItemControllerRestTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/booking/item/HsBookingItemControllerRestTest.java @@ -83,7 +83,7 @@ class HsBookingItemControllerRestTest { // when mockMvc.perform(MockMvcRequestBuilders .post("/api/hs/booking/items") - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .contentType(MediaType.APPLICATION_JSON) .content(""" { @@ -133,7 +133,7 @@ class HsBookingItemControllerRestTest { // when mockMvc.perform(MockMvcRequestBuilders .post("/api/hs/booking/items") - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .contentType(MediaType.APPLICATION_JSON) .content(""" { diff --git a/src/test/java/net/hostsharing/hsadminng/hs/booking/project/HsBookingProjectControllerAcceptanceTest.java b/src/test/java/net/hostsharing/hsadminng/hs/booking/project/HsBookingProjectControllerAcceptanceTest.java index c4bc8e2e..ba182483 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/booking/project/HsBookingProjectControllerAcceptanceTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/booking/project/HsBookingProjectControllerAcceptanceTest.java @@ -57,7 +57,7 @@ class HsBookingProjectControllerAcceptanceTest extends ContextBasedTestWithClean RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .port(port) .when() .get("http://localhost/api/hs/booking/projects?debitorUuid=" + givenDebitor.getUuid()) @@ -88,7 +88,7 @@ class HsBookingProjectControllerAcceptanceTest extends ContextBasedTestWithClean final var location = RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .contentType(ContentType.JSON) .body(""" { @@ -128,7 +128,7 @@ class HsBookingProjectControllerAcceptanceTest extends ContextBasedTestWithClean RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .port(port) .when() .get("http://localhost/api/hs/booking/projects/" + givenBookingProjectUuid) @@ -151,7 +151,7 @@ class HsBookingProjectControllerAcceptanceTest extends ContextBasedTestWithClean RestAssured // @formatter:off .given() - .header("current-user", "selfregistered-user-drew@hostsharing.org") + .header("current-subject", "selfregistered-user-drew@hostsharing.org") .port(port) .when() .get("http://localhost/api/hs/booking/projects/" + givenBookingProjectUuid) @@ -167,7 +167,7 @@ class HsBookingProjectControllerAcceptanceTest extends ContextBasedTestWithClean RestAssured // @formatter:off .given() - .header("current-user", "person-TuckerJack@example.com") + .header("current-subject", "person-TuckerJack@example.com") .header("assumed-roles", "hs_booking_project#D-1000313-D-1000313defaultproject:AGENT") .port(port) .when() @@ -193,7 +193,7 @@ class HsBookingProjectControllerAcceptanceTest extends ContextBasedTestWithClean RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .contentType(ContentType.JSON) .body(""" { @@ -232,7 +232,7 @@ class HsBookingProjectControllerAcceptanceTest extends ContextBasedTestWithClean RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .port(port) .when() .delete("http://localhost/api/hs/booking/projects/" + givenBookingProject.getUuid()) @@ -250,7 +250,7 @@ class HsBookingProjectControllerAcceptanceTest extends ContextBasedTestWithClean RestAssured // @formatter:off .given() - .header("current-user", "selfregistered-user-drew@hostsharing.org") + .header("current-subject", "selfregistered-user-drew@hostsharing.org") .port(port) .when() .delete("http://localhost/api/hs/booking/projects/" + givenBookingProject.getUuid()) diff --git a/src/test/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAssetControllerAcceptanceTest.java b/src/test/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAssetControllerAcceptanceTest.java index 81f3192e..23eecaf2 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAssetControllerAcceptanceTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAssetControllerAcceptanceTest.java @@ -85,7 +85,7 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .port(port) .when() .get("http://localhost/api/hs/hosting/assets?projectUuid=" + givenProject.getUuid() + "&type=MANAGED_WEBSPACE") @@ -113,7 +113,7 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .header("assumed-roles", "hs_hosting_asset#fir01:AGENT") .port(port) .when() @@ -160,7 +160,7 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup final var location = RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .contentType(ContentType.JSON) .body(""" { @@ -217,7 +217,7 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup final var location = RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .header("assumed-roles", "hs_hosting_asset#vm1011:ADMIN") .contentType(ContentType.JSON) .body(""" @@ -271,7 +271,7 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup final var location = RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .contentType(ContentType.JSON) .body(""" { @@ -317,7 +317,7 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .contentType(ContentType.JSON) .body(""" { @@ -372,7 +372,7 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .contentType(ContentType.JSON) .body(""" { @@ -411,7 +411,7 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .port(port) .when() .get("http://localhost/api/hs/hosting/assets/" + givenAssetUuid) @@ -436,7 +436,7 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup RestAssured // @formatter:off .given() - .header("current-user", "selfregistered-user-drew@hostsharing.org") + .header("current-subject", "selfregistered-user-drew@hostsharing.org") .port(port) .when() .get("http://localhost/api/hs/hosting/assets/" + givenAssetUuid) @@ -453,7 +453,7 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup RestAssured // @formatter:off .given() - .header("current-user", "person-TuckerJack@example.com") + .header("current-subject", "person-TuckerJack@example.com") .header("assumed-roles", "hs_booking_project#D-1000313-D-1000313defaultproject:AGENT") .port(port) .when() @@ -499,7 +499,7 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .contentType(ContentType.JSON) .body(""" { @@ -573,7 +573,7 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") //.header("assumed-roles", "hs_hosting_asset#vm2001:ADMIN") .contentType(ContentType.JSON) .body(""" @@ -657,7 +657,7 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup .build()); RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .port(port) .when() .delete("http://localhost/api/hs/hosting/assets/" + givenAsset.getUuid()) @@ -690,7 +690,7 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup .build()); RestAssured // @formatter:off .given() - .header("current-user", "selfregistered-user-drew@hostsharing.org") + .header("current-subject", "selfregistered-user-drew@hostsharing.org") .port(port) .when() .delete("http://localhost/api/hs/hosting/assets/" + givenAsset.getUuid()) diff --git a/src/test/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAssetControllerRestTest.java b/src/test/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAssetControllerRestTest.java index ff2da459..0d9dd87b 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAssetControllerRestTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAssetControllerRestTest.java @@ -590,7 +590,7 @@ public class HsHostingAssetControllerRestTest { // when final var result = mockMvc.perform(MockMvcRequestBuilders .get("/api/hs/hosting/assets?type="+testCase.name()) - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .accept(MediaType.APPLICATION_JSON)) // then @@ -660,7 +660,7 @@ public class HsHostingAssetControllerRestTest { // when final var result = mockMvc.perform(MockMvcRequestBuilders .patch("/api/hs/hosting/assets/" + givenDomainHttpSetupUuid) - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .contentType(MediaType.APPLICATION_JSON) .content(""" { diff --git a/src/test/java/net/hostsharing/hsadminng/hs/office/bankaccount/HsOfficeBankAccountControllerAcceptanceTest.java b/src/test/java/net/hostsharing/hsadminng/hs/office/bankaccount/HsOfficeBankAccountControllerAcceptanceTest.java index 540fd2c7..3e43ea3a 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/office/bankaccount/HsOfficeBankAccountControllerAcceptanceTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/office/bankaccount/HsOfficeBankAccountControllerAcceptanceTest.java @@ -54,7 +54,7 @@ class HsOfficeBankAccountControllerAcceptanceTest extends ContextBasedTestWithCl RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .port(port) .when() .get("http://localhost/api/hs/office/bankaccounts") @@ -120,7 +120,7 @@ class HsOfficeBankAccountControllerAcceptanceTest extends ContextBasedTestWithCl final var location = RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .contentType(ContentType.JSON) .body(""" { @@ -159,7 +159,7 @@ class HsOfficeBankAccountControllerAcceptanceTest extends ContextBasedTestWithCl RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .port(port) .when() .get("http://localhost/api/hs/office/bankaccounts/" + givenBankAccountUuid) @@ -180,7 +180,7 @@ class HsOfficeBankAccountControllerAcceptanceTest extends ContextBasedTestWithCl RestAssured // @formatter:off .given() - .header("current-user", "selfregistered-user-drew@hostsharing.org") + .header("current-subject", "selfregistered-user-drew@hostsharing.org") .port(port) .when() .get("http://localhost/api/hs/office/bankaccounts/" + givenBankAccountUuid) @@ -196,7 +196,7 @@ class HsOfficeBankAccountControllerAcceptanceTest extends ContextBasedTestWithCl RestAssured // @formatter:off .given() - .header("current-user", "bankaccount-admin@firstbankaccount.example.com") + .header("current-subject", "bankaccount-admin@firstbankaccount.example.com") .port(port) .when() .get("http://localhost/api/hs/office/bankaccounts/" + givenBankAccountUuid) @@ -224,7 +224,7 @@ class HsOfficeBankAccountControllerAcceptanceTest extends ContextBasedTestWithCl final var location = RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .contentType(ContentType.JSON) .body(""" { @@ -262,7 +262,7 @@ class HsOfficeBankAccountControllerAcceptanceTest extends ContextBasedTestWithCl RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .port(port) .when() .delete("http://localhost/api/hs/office/bankaccounts/" + givenBankAccount.getUuid()) @@ -279,7 +279,7 @@ class HsOfficeBankAccountControllerAcceptanceTest extends ContextBasedTestWithCl RestAssured // @formatter:off .given() - .header("current-user", "selfregistered-test-user@hostsharing.org") + .header("current-subject", "selfregistered-test-user@hostsharing.org") .port(port) .when() .delete("http://localhost/api/hs/office/bankaccounts/" + givenBankAccount.getUuid()) @@ -300,7 +300,7 @@ class HsOfficeBankAccountControllerAcceptanceTest extends ContextBasedTestWithCl RestAssured // @formatter:off .given() - .header("current-user", "selfregistered-user-drew@hostsharing.org") + .header("current-subject", "selfregistered-user-drew@hostsharing.org") .port(port) .when() .delete("http://localhost/api/hs/office/bankaccounts/" + givenBankAccount.getUuid()) diff --git a/src/test/java/net/hostsharing/hsadminng/hs/office/bankaccount/HsOfficeBankAccountControllerRestTest.java b/src/test/java/net/hostsharing/hsadminng/hs/office/bankaccount/HsOfficeBankAccountControllerRestTest.java index 37f85f83..6dcd1cb5 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/office/bankaccount/HsOfficeBankAccountControllerRestTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/office/bankaccount/HsOfficeBankAccountControllerRestTest.java @@ -62,7 +62,7 @@ class HsOfficeBankAccountControllerRestTest { // when mockMvc.perform(MockMvcRequestBuilders .post("/api/hs/office/bankaccounts") - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .contentType(MediaType.APPLICATION_JSON) .content(""" { @@ -109,7 +109,7 @@ class HsOfficeBankAccountControllerRestTest { // when mockMvc.perform(MockMvcRequestBuilders .post("/api/hs/office/bankaccounts") - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .contentType(MediaType.APPLICATION_JSON) .content(""" { diff --git a/src/test/java/net/hostsharing/hsadminng/hs/office/contact/HsOfficeContactControllerAcceptanceTest.java b/src/test/java/net/hostsharing/hsadminng/hs/office/contact/HsOfficeContactControllerAcceptanceTest.java index 4bd2a4be..ba959ad5 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/office/contact/HsOfficeContactControllerAcceptanceTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/office/contact/HsOfficeContactControllerAcceptanceTest.java @@ -61,7 +61,7 @@ class HsOfficeContactControllerAcceptanceTest extends ContextBasedTestWithCleanu RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .port(port) .when() .get("http://localhost/api/hs/office/contacts") @@ -99,7 +99,7 @@ class HsOfficeContactControllerAcceptanceTest extends ContextBasedTestWithCleanu final var location = RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .contentType(ContentType.JSON) .body(""" { @@ -138,7 +138,7 @@ class HsOfficeContactControllerAcceptanceTest extends ContextBasedTestWithCleanu RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .port(port) .when() .get("http://localhost/api/hs/office/contacts/" + givenContactUuid) @@ -159,7 +159,7 @@ class HsOfficeContactControllerAcceptanceTest extends ContextBasedTestWithCleanu RestAssured // @formatter:off .given() - .header("current-user", "selfregistered-user-drew@hostsharing.org") + .header("current-subject", "selfregistered-user-drew@hostsharing.org") .port(port) .when() .get("http://localhost/api/hs/office/contacts/" + givenContactUuid) @@ -174,7 +174,7 @@ class HsOfficeContactControllerAcceptanceTest extends ContextBasedTestWithCleanu RestAssured // @formatter:off .given() - .header("current-user", "contact-admin@firstcontact.example.com") + .header("current-subject", "contact-admin@firstcontact.example.com") .port(port) .when() .get("http://localhost/api/hs/office/contacts/" + givenContactUuid) @@ -206,7 +206,7 @@ class HsOfficeContactControllerAcceptanceTest extends ContextBasedTestWithCleanu final var location = RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .contentType(ContentType.JSON) .body(""" { @@ -253,7 +253,7 @@ class HsOfficeContactControllerAcceptanceTest extends ContextBasedTestWithCleanu final var location = RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .contentType(ContentType.JSON) .body(""" { @@ -301,7 +301,7 @@ class HsOfficeContactControllerAcceptanceTest extends ContextBasedTestWithCleanu RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .port(port) .when() .delete("http://localhost/api/hs/office/contacts/" + givenContact.getUuid()) @@ -321,7 +321,7 @@ class HsOfficeContactControllerAcceptanceTest extends ContextBasedTestWithCleanu RestAssured // @formatter:off .given() - .header("current-user", "selfregistered-test-user@hostsharing.org") + .header("current-subject", "selfregistered-test-user@hostsharing.org") .port(port) .when() .delete("http://localhost/api/hs/office/contacts/" + givenContact.getUuid()) @@ -342,7 +342,7 @@ class HsOfficeContactControllerAcceptanceTest extends ContextBasedTestWithCleanu RestAssured // @formatter:off .given() - .header("current-user", "selfregistered-user-drew@hostsharing.org") + .header("current-subject", "selfregistered-user-drew@hostsharing.org") .port(port) .when() .delete("http://localhost/api/hs/office/contacts/" + givenContact.getUuid()) diff --git a/src/test/java/net/hostsharing/hsadminng/hs/office/coopassets/HsOfficeCoopAssetsTransactionControllerAcceptanceTest.java b/src/test/java/net/hostsharing/hsadminng/hs/office/coopassets/HsOfficeCoopAssetsTransactionControllerAcceptanceTest.java index cb2b937b..9358e9ba 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/office/coopassets/HsOfficeCoopAssetsTransactionControllerAcceptanceTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/office/coopassets/HsOfficeCoopAssetsTransactionControllerAcceptanceTest.java @@ -62,7 +62,7 @@ class HsOfficeCoopAssetsTransactionControllerAcceptanceTest extends ContextBased RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .port(port) .when() .get("http://localhost/api/hs/office/coopassetstransactions") @@ -80,7 +80,7 @@ class HsOfficeCoopAssetsTransactionControllerAcceptanceTest extends ContextBased RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .port(port) .when() .get("http://localhost/api/hs/office/coopassetstransactions?membershipUuid="+givenMembership.getUuid()) @@ -143,7 +143,7 @@ class HsOfficeCoopAssetsTransactionControllerAcceptanceTest extends ContextBased RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .port(port) .when() .get("http://localhost/api/hs/office/coopassetstransactions?membershipUuid=" @@ -176,7 +176,7 @@ class HsOfficeCoopAssetsTransactionControllerAcceptanceTest extends ContextBased final var location = RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .contentType(ContentType.JSON) .body(""" { @@ -233,7 +233,7 @@ class HsOfficeCoopAssetsTransactionControllerAcceptanceTest extends ContextBased final var location = RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .contentType(ContentType.JSON) .body(""" { @@ -289,7 +289,7 @@ class HsOfficeCoopAssetsTransactionControllerAcceptanceTest extends ContextBased RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .contentType(ContentType.JSON) .body(""" { @@ -329,7 +329,7 @@ class HsOfficeCoopAssetsTransactionControllerAcceptanceTest extends ContextBased LocalDate.of(2010, 3, 15)).get(0).getUuid(); RestAssured // @formatter:off - .given().header("current-user", "superuser-alex@hostsharing.net") + .given().header("current-subject", "superuser-alex@hostsharing.net") .port(port) .when() .get("http://localhost/api/hs/office/coopassetstransactions/" + givenCoopAssetTransactionUuid) @@ -352,7 +352,7 @@ class HsOfficeCoopAssetsTransactionControllerAcceptanceTest extends ContextBased LocalDate.of(2010, 3, 15)).get(0).getUuid(); RestAssured // @formatter:off - .given().header("current-user", "selfregistered-user-drew@hostsharing.org") + .given().header("current-subject", "selfregistered-user-drew@hostsharing.org") .port(port) .when() .get("http://localhost/api/hs/office/coopassetstransactions/" + givenCoopAssetTransactionUuid) @@ -370,7 +370,7 @@ class HsOfficeCoopAssetsTransactionControllerAcceptanceTest extends ContextBased RestAssured // @formatter:off .given() - .header("current-user", "person-FirstGmbH@example.com") + .header("current-subject", "person-FirstGmbH@example.com") .port(port) .when() .get("http://localhost/api/hs/office/coopassetstransactions/" + givenCoopAssetTransactionUuid) diff --git a/src/test/java/net/hostsharing/hsadminng/hs/office/coopassets/HsOfficeCoopAssetsTransactionControllerRestTest.java b/src/test/java/net/hostsharing/hsadminng/hs/office/coopassets/HsOfficeCoopAssetsTransactionControllerRestTest.java index 8176df09..0e4716d4 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/office/coopassets/HsOfficeCoopAssetsTransactionControllerRestTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/office/coopassets/HsOfficeCoopAssetsTransactionControllerRestTest.java @@ -115,7 +115,7 @@ class HsOfficeCoopAssetsTransactionControllerRestTest { // when mockMvc.perform(MockMvcRequestBuilders .post("/api/hs/office/coopassetstransactions") - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .contentType(MediaType.APPLICATION_JSON) .content(testCase.givenRequestBody()) .accept(MediaType.APPLICATION_JSON)) diff --git a/src/test/java/net/hostsharing/hsadminng/hs/office/coopshares/HsOfficeCoopSharesTransactionControllerAcceptanceTest.java b/src/test/java/net/hostsharing/hsadminng/hs/office/coopshares/HsOfficeCoopSharesTransactionControllerAcceptanceTest.java index bdd9a34a..83fd3917 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/office/coopshares/HsOfficeCoopSharesTransactionControllerAcceptanceTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/office/coopshares/HsOfficeCoopSharesTransactionControllerAcceptanceTest.java @@ -69,7 +69,7 @@ class HsOfficeCoopSharesTransactionControllerAcceptanceTest extends ContextBased RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .port(port) .when() .get("http://localhost/api/hs/office/coopsharestransactions") @@ -86,7 +86,7 @@ class HsOfficeCoopSharesTransactionControllerAcceptanceTest extends ContextBased final var givenMembership = membershipRepo.findMembershipByMemberNumber(1000202); RestAssured // @formatter:off - .given().header("current-user", "superuser-alex@hostsharing.net").port(port).when().get("http://localhost/api/hs/office/coopsharestransactions?membershipUuid=" + givenMembership.getUuid()).then().log().all().assertThat().statusCode(200).contentType("application/json").body("", lenientlyEquals(""" + .given().header("current-subject", "superuser-alex@hostsharing.net").port(port).when().get("http://localhost/api/hs/office/coopsharestransactions?membershipUuid=" + givenMembership.getUuid()).then().log().all().assertThat().statusCode(200).contentType("application/json").body("", lenientlyEquals(""" [ { "transactionType": "SUBSCRIPTION", @@ -141,7 +141,7 @@ class HsOfficeCoopSharesTransactionControllerAcceptanceTest extends ContextBased final var givenMembership = membershipRepo.findMembershipByMemberNumber(1000202); RestAssured // @formatter:off - .given().header("current-user", "superuser-alex@hostsharing.net").port(port).when() + .given().header("current-subject", "superuser-alex@hostsharing.net").port(port).when() .get("http://localhost/api/hs/office/coopsharestransactions?membershipUuid=" + givenMembership.getUuid() + "&fromValueDate=2020-01-01&toValueDate=2021-12-31").then().log().all().assertThat().statusCode(200).contentType("application/json").body("", lenientlyEquals(""" [ { @@ -166,7 +166,7 @@ class HsOfficeCoopSharesTransactionControllerAcceptanceTest extends ContextBased final var givenMembership = membershipRepo.findMembershipByMemberNumber(1000101); final var location = RestAssured // @formatter:off - .given().header("current-user", "superuser-alex@hostsharing.net").contentType(ContentType.JSON).body(""" + .given().header("current-subject", "superuser-alex@hostsharing.net").contentType(ContentType.JSON).body(""" { "membershipUuid": "%s", "transactionType": "SUBSCRIPTION", @@ -210,7 +210,7 @@ class HsOfficeCoopSharesTransactionControllerAcceptanceTest extends ContextBased final var location = RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .contentType(ContentType.JSON) .body(""" { @@ -265,7 +265,7 @@ class HsOfficeCoopSharesTransactionControllerAcceptanceTest extends ContextBased final var givenMembership = membershipRepo.findMembershipByMemberNumber(1000101); RestAssured // @formatter:off - .given().header("current-user", "superuser-alex@hostsharing.net").contentType(ContentType.JSON).body(""" + .given().header("current-subject", "superuser-alex@hostsharing.net").contentType(ContentType.JSON).body(""" { "membershipUuid": "%s", "transactionType": "CANCELLATION", @@ -293,7 +293,7 @@ class HsOfficeCoopSharesTransactionControllerAcceptanceTest extends ContextBased final var givenCoopShareTransactionUuid = coopSharesTransactionRepo.findCoopSharesTransactionByOptionalMembershipUuidAndDateRange(null, LocalDate.of(2010, 3, 15), LocalDate.of(2010, 3, 15)).get(0).getUuid(); RestAssured // @formatter:off - .given().header("current-user", "superuser-alex@hostsharing.net").port(port).when().get("http://localhost/api/hs/office/coopsharestransactions/" + givenCoopShareTransactionUuid).then().log().body().assertThat().statusCode(200).contentType("application/json").body("", lenientlyEquals(""" + .given().header("current-subject", "superuser-alex@hostsharing.net").port(port).when().get("http://localhost/api/hs/office/coopsharestransactions/" + givenCoopShareTransactionUuid).then().log().body().assertThat().statusCode(200).contentType("application/json").body("", lenientlyEquals(""" { "transactionType": "SUBSCRIPTION" } @@ -306,7 +306,7 @@ class HsOfficeCoopSharesTransactionControllerAcceptanceTest extends ContextBased final var givenCoopShareTransactionUuid = coopSharesTransactionRepo.findCoopSharesTransactionByOptionalMembershipUuidAndDateRange(null, LocalDate.of(2010, 3, 15), LocalDate.of(2010, 3, 15)).get(0).getUuid(); RestAssured // @formatter:off - .given().header("current-user", "selfregistered-user-drew@hostsharing.org").port(port).when().get("http://localhost/api/hs/office/coopsharestransactions/" + givenCoopShareTransactionUuid).then().log().body().assertThat().statusCode(404); // @formatter:on + .given().header("current-subject", "selfregistered-user-drew@hostsharing.org").port(port).when().get("http://localhost/api/hs/office/coopsharestransactions/" + givenCoopShareTransactionUuid).then().log().body().assertThat().statusCode(404); // @formatter:on } @Test @@ -316,7 +316,7 @@ class HsOfficeCoopSharesTransactionControllerAcceptanceTest extends ContextBased RestAssured // @formatter:off .given() - .header("current-user", "person-FirstGmbH@example.com") + .header("current-subject", "person-FirstGmbH@example.com") .port(port) .when() .get("http://localhost/api/hs/office/coopsharestransactions/" + givenCoopShareTransactionUuid) diff --git a/src/test/java/net/hostsharing/hsadminng/hs/office/coopshares/HsOfficeCoopSharesTransactionControllerRestTest.java b/src/test/java/net/hostsharing/hsadminng/hs/office/coopshares/HsOfficeCoopSharesTransactionControllerRestTest.java index 6c126978..4d44c0fb 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/office/coopshares/HsOfficeCoopSharesTransactionControllerRestTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/office/coopshares/HsOfficeCoopSharesTransactionControllerRestTest.java @@ -111,7 +111,7 @@ class HsOfficeCoopSharesTransactionControllerRestTest { // when mockMvc.perform(MockMvcRequestBuilders .post("/api/hs/office/coopsharestransactions") - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .contentType(MediaType.APPLICATION_JSON) .content(testCase.givenRequestBody()) .accept(MediaType.APPLICATION_JSON)) diff --git a/src/test/java/net/hostsharing/hsadminng/hs/office/debitor/HsOfficeDebitorControllerAcceptanceTest.java b/src/test/java/net/hostsharing/hsadminng/hs/office/debitor/HsOfficeDebitorControllerAcceptanceTest.java index 68545a78..7c531fa2 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/office/debitor/HsOfficeDebitorControllerAcceptanceTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/office/debitor/HsOfficeDebitorControllerAcceptanceTest.java @@ -80,7 +80,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .port(port) .when() .get("http://localhost/api/hs/office/debitors") @@ -235,7 +235,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .port(port) .when() .get("http://localhost/api/hs/office/debitors?debitorNumber=1000212") @@ -284,7 +284,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu final var location = RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .contentType(ContentType.JSON) .body(""" { @@ -329,7 +329,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu final var location = RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .contentType(ContentType.JSON) .body(""" { @@ -381,7 +381,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu final var location = RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .contentType(ContentType.JSON) .body(""" { @@ -417,7 +417,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .contentType(ContentType.JSON) .body(""" { @@ -448,7 +448,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .port(port) .when() .get("http://localhost/api/hs/office/debitors/" + givenDebitorUuid) @@ -509,7 +509,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu RestAssured // @formatter:off .given() - .header("current-user", "selfregistered-user-drew@hostsharing.org") + .header("current-subject", "selfregistered-user-drew@hostsharing.org") .port(port) .when() .get("http://localhost/api/hs/office/debitors/" + givenDebitorUuid) @@ -524,7 +524,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu RestAssured // @formatter:off .given() - .header("current-user", "contact-admin@firstcontact.example.com") + .header("current-subject", "contact-admin@firstcontact.example.com") .port(port) .when() .get("http://localhost/api/hs/office/debitors/" + givenDebitorUuid) @@ -554,7 +554,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu final var location = RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .contentType(ContentType.JSON) .body(""" { @@ -637,7 +637,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu // @formatter:on RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .header("assumed-roles", "hs_office_contact#fourthcontact:ADMIN") .contentType(ContentType.JSON) .body(""" @@ -666,7 +666,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .port(port) .when() .delete("http://localhost/api/hs/office/debitors/" + givenDebitor.getUuid()) @@ -685,7 +685,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu RestAssured // @formatter:off .given() - .header("current-user", "contact-admin@fourthcontact.example.com") + .header("current-subject", "contact-admin@fourthcontact.example.com") .port(port) .when() .delete("http://localhost/api/hs/office/debitors/" + givenDebitor.getUuid()) @@ -704,7 +704,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu RestAssured // @formatter:off .given() - .header("current-user", "selfregistered-user-drew@hostsharing.org") + .header("current-subject", "selfregistered-user-drew@hostsharing.org") .port(port) .when() .delete("http://localhost/api/hs/office/debitors/" + givenDebitor.getUuid()) diff --git a/src/test/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipControllerAcceptanceTest.java b/src/test/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipControllerAcceptanceTest.java index f0e108dc..88e35268 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipControllerAcceptanceTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipControllerAcceptanceTest.java @@ -67,7 +67,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .port(port) .when() .get("http://localhost/api/hs/office/memberships") @@ -113,7 +113,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .port(port) .when() .queryParam("partnerUuid", partner.getUuid() ) @@ -141,7 +141,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .port(port) .when() .queryParam("memberNumber", 1000202 ) @@ -178,7 +178,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle final var location = RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .contentType(ContentType.JSON) .body(""" { @@ -221,7 +221,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .port(port) .when() .get("http://localhost/api/hs/office/memberships/" + givenMembershipUuid) @@ -247,7 +247,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle RestAssured // @formatter:off .given() - .header("current-user", "selfregistered-user-drew@hostsharing.org") + .header("current-subject", "selfregistered-user-drew@hostsharing.org") .port(port) .when() .get("http://localhost/api/hs/office/memberships/" + givenMembershipUuid) @@ -262,7 +262,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .header("assumed-roles", "hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG:AGENT") .port(port) .when() @@ -294,7 +294,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle final var location = RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .contentType(ContentType.JSON) .body(""" { @@ -338,7 +338,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle // when RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .header("assumed-roles", givenPartnerAdmin) .contentType(ContentType.JSON) .body(""" @@ -373,7 +373,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .port(port) .when() .delete("http://localhost/api/hs/office/memberships/" + givenMembership.getUuid()) @@ -391,7 +391,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .header("assumed-roles", "hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH:AGENT") .port(port) .when() @@ -410,7 +410,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle RestAssured // @formatter:off .given() - .header("current-user", "selfregistered-user-drew@hostsharing.org") + .header("current-subject", "selfregistered-user-drew@hostsharing.org") .port(port) .when() .delete("http://localhost/api/hs/office/memberships/" + givenMembership.getUuid()) diff --git a/src/test/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipControllerRestTest.java b/src/test/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipControllerRestTest.java index 7c62859b..2a5005e6 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipControllerRestTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipControllerRestTest.java @@ -69,7 +69,7 @@ public class HsOfficeMembershipControllerRestTest { // when mockMvc.perform(MockMvcRequestBuilders .post("/api/hs/office/memberships") - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .contentType(MediaType.APPLICATION_JSON) .content(""" { @@ -99,7 +99,7 @@ public class HsOfficeMembershipControllerRestTest { // when mockMvc.perform(MockMvcRequestBuilders .post("/api/hs/office/memberships") - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .contentType(MediaType.APPLICATION_JSON) .content(""" { @@ -125,7 +125,7 @@ public class HsOfficeMembershipControllerRestTest { // when mockMvc.perform(MockMvcRequestBuilders .post("/api/hs/office/memberships") - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .contentType(MediaType.APPLICATION_JSON) .content(""" { diff --git a/src/test/java/net/hostsharing/hsadminng/hs/office/partner/HsOfficePartnerControllerAcceptanceTest.java b/src/test/java/net/hostsharing/hsadminng/hs/office/partner/HsOfficePartnerControllerAcceptanceTest.java index fc7287e4..c293e59a 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/office/partner/HsOfficePartnerControllerAcceptanceTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/office/partner/HsOfficePartnerControllerAcceptanceTest.java @@ -62,7 +62,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .port(port) .when() .get("http://localhost/api/hs/office/partners") @@ -96,7 +96,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu final var location = RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .contentType(ContentType.JSON) .body(""" { @@ -155,7 +155,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu final var location = RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .contentType(ContentType.JSON) .body(""" { @@ -193,7 +193,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu final var location = RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .contentType(ContentType.JSON) .body(""" { @@ -238,7 +238,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .port(port) .when() .get("http://localhost/api/hs/office/partners/" + givenPartnerUuid) @@ -270,7 +270,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu RestAssured // @formatter:off .given() - .header("current-user", "selfregistered-user-drew@hostsharing.org") + .header("current-subject", "selfregistered-user-drew@hostsharing.org") .port(port) .when() .get("http://localhost/api/hs/office/partners/" + givenPartnerUuid) @@ -285,7 +285,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu RestAssured // @formatter:off .given() - .header("current-user", "contact-admin@firstcontact.example.com") + .header("current-subject", "contact-admin@firstcontact.example.com") .port(port) .when() .get("http://localhost/api/hs/office/partners/" + givenPartnerUuid) @@ -316,7 +316,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .contentType(ContentType.JSON) .body(""" { @@ -383,7 +383,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .contentType(ContentType.JSON) .body(""" { @@ -421,7 +421,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu final var location = RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .contentType(ContentType.JSON) .body(""" { @@ -469,7 +469,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .port(port) .when() .delete("http://localhost/api/hs/office/partners/" + givenPartner.getUuid()) @@ -489,7 +489,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu RestAssured // @formatter:off .given() - .header("current-user", "contact-admin@fourthcontact.example.com") + .header("current-subject", "contact-admin@fourthcontact.example.com") .port(port) .when() .delete("http://localhost/api/hs/office/partners/" + givenPartner.getUuid()) @@ -508,7 +508,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu RestAssured // @formatter:off .given() - .header("current-user", "selfregistered-user-drew@hostsharing.org") + .header("current-subject", "selfregistered-user-drew@hostsharing.org") .port(port) .when() .delete("http://localhost/api/hs/office/partners/" + givenPartner.getUuid()) diff --git a/src/test/java/net/hostsharing/hsadminng/hs/office/partner/HsOfficePartnerControllerRestTest.java b/src/test/java/net/hostsharing/hsadminng/hs/office/partner/HsOfficePartnerControllerRestTest.java index 97b56052..a42a4780 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/office/partner/HsOfficePartnerControllerRestTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/office/partner/HsOfficePartnerControllerRestTest.java @@ -95,7 +95,7 @@ class HsOfficePartnerControllerRestTest { // when mockMvc.perform(MockMvcRequestBuilders .post("/api/hs/office/partners") - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .contentType(MediaType.APPLICATION_JSON) .content(""" { @@ -132,7 +132,7 @@ class HsOfficePartnerControllerRestTest { // when mockMvc.perform(MockMvcRequestBuilders .post("/api/hs/office/partners") - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .contentType(MediaType.APPLICATION_JSON) .content(""" { @@ -184,7 +184,7 @@ class HsOfficePartnerControllerRestTest { // when mockMvc.perform(MockMvcRequestBuilders .delete("/api/hs/office/partners/" + givenPartnerUuid) - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .contentType(MediaType.APPLICATION_JSON) .accept(MediaType.APPLICATION_JSON)) diff --git a/src/test/java/net/hostsharing/hsadminng/hs/office/person/HsOfficePersonControllerAcceptanceTest.java b/src/test/java/net/hostsharing/hsadminng/hs/office/person/HsOfficePersonControllerAcceptanceTest.java index 4a136331..1bce926c 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/office/person/HsOfficePersonControllerAcceptanceTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/office/person/HsOfficePersonControllerAcceptanceTest.java @@ -56,7 +56,7 @@ class HsOfficePersonControllerAcceptanceTest extends ContextBasedTestWithCleanup RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .port(port) .when() .get("http://localhost/api/hs/office/persons") @@ -76,7 +76,7 @@ class HsOfficePersonControllerAcceptanceTest extends ContextBasedTestWithCleanup final var location = RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .contentType(ContentType.JSON) .body(""" { @@ -116,7 +116,7 @@ class HsOfficePersonControllerAcceptanceTest extends ContextBasedTestWithCleanup RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .port(port) .when() .get("http://localhost/api/hs/office/persons/" + givenPersonUuid) @@ -139,7 +139,7 @@ class HsOfficePersonControllerAcceptanceTest extends ContextBasedTestWithCleanup RestAssured // @formatter:off .given() - .header("current-user", "selfregistered-user-drew@hostsharing.org") + .header("current-subject", "selfregistered-user-drew@hostsharing.org") .port(port) .when() .get("http://localhost/api/hs/office/persons/" + givenPersonUuid) @@ -156,7 +156,7 @@ class HsOfficePersonControllerAcceptanceTest extends ContextBasedTestWithCleanup RestAssured // @formatter:off .given() - .header("current-user", "person-ErbenBesslerMelBessler@example.com") + .header("current-subject", "person-ErbenBesslerMelBessler@example.com") .port(port) .when() .get("http://localhost/api/hs/office/persons/" + givenPersonUuid) @@ -185,7 +185,7 @@ class HsOfficePersonControllerAcceptanceTest extends ContextBasedTestWithCleanup final var location = RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .contentType(ContentType.JSON) .body(""" { @@ -227,7 +227,7 @@ class HsOfficePersonControllerAcceptanceTest extends ContextBasedTestWithCleanup final var location = RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .contentType(ContentType.JSON) .body(""" { @@ -271,7 +271,7 @@ class HsOfficePersonControllerAcceptanceTest extends ContextBasedTestWithCleanup RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .port(port) .when() .delete("http://localhost/api/hs/office/persons/" + givenPerson.getUuid()) @@ -290,7 +290,7 @@ class HsOfficePersonControllerAcceptanceTest extends ContextBasedTestWithCleanup RestAssured // @formatter:off .given() - .header("current-user", "selfregistered-test-user@hostsharing.org") + .header("current-subject", "selfregistered-test-user@hostsharing.org") .port(port) .when() .delete("http://localhost/api/hs/office/persons/" + givenPerson.getUuid()) @@ -310,7 +310,7 @@ class HsOfficePersonControllerAcceptanceTest extends ContextBasedTestWithCleanup RestAssured // @formatter:off .given() - .header("current-user", "selfregistered-user-drew@hostsharing.org") + .header("current-subject", "selfregistered-user-drew@hostsharing.org") .port(port) .when() .delete("http://localhost/api/hs/office/persons/" + givenPerson.getUuid()) diff --git a/src/test/java/net/hostsharing/hsadminng/hs/office/relation/HsOfficeRelationControllerAcceptanceTest.java b/src/test/java/net/hostsharing/hsadminng/hs/office/relation/HsOfficeRelationControllerAcceptanceTest.java index 265a65e3..bf80c3ff 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/office/relation/HsOfficeRelationControllerAcceptanceTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/office/relation/HsOfficeRelationControllerAcceptanceTest.java @@ -66,7 +66,7 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .port(port) .when() .get("http://localhost/api/hs/office/relations?personUuid=%s&relationType=%s" @@ -129,7 +129,7 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean final var location = RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .contentType(ContentType.JSON) .body(""" { @@ -176,7 +176,7 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean final var location = RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .contentType(ContentType.JSON) .body(""" { @@ -208,7 +208,7 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean final var location = RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .contentType(ContentType.JSON) .body(""" { @@ -241,7 +241,7 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean final var location = RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .contentType(ContentType.JSON) .body(""" { @@ -275,7 +275,7 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .port(port) .when() .get("http://localhost/api/hs/office/relations/" + givenRelationUuid) @@ -298,7 +298,7 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean RestAssured // @formatter:off .given() - .header("current-user", "selfregistered-user-drew@hostsharing.org") + .header("current-subject", "selfregistered-user-drew@hostsharing.org") .port(port) .when() .get("http://localhost/api/hs/office/relations/" + givenRelationUuid) @@ -314,7 +314,7 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean RestAssured // @formatter:off .given() - .header("current-user", "contact-admin@firstcontact.example.com") + .header("current-subject", "contact-admin@firstcontact.example.com") .port(port) .when() .get("http://localhost/api/hs/office/relations/" + givenRelation.getUuid()) @@ -357,7 +357,7 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .contentType(ContentType.JSON) .body(""" { @@ -400,7 +400,7 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .port(port) .when() .delete("http://localhost/api/hs/office/relations/" + givenRelation.getUuid()) @@ -419,7 +419,7 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean RestAssured // @formatter:off .given() - .header("current-user", "contact-admin@seventhcontact.example.com") + .header("current-subject", "contact-admin@seventhcontact.example.com") .port(port) .when() .delete("http://localhost/api/hs/office/relations/" + givenRelation.getUuid()) @@ -438,7 +438,7 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean RestAssured // @formatter:off .given() - .header("current-user", "selfregistered-user-drew@hostsharing.org") + .header("current-subject", "selfregistered-user-drew@hostsharing.org") .port(port) .when() .delete("http://localhost/api/hs/office/relations/" + givenRelation.getUuid()) diff --git a/src/test/java/net/hostsharing/hsadminng/hs/office/sepamandate/HsOfficeSepaMandateControllerAcceptanceTest.java b/src/test/java/net/hostsharing/hsadminng/hs/office/sepamandate/HsOfficeSepaMandateControllerAcceptanceTest.java index 7d7e2c3a..ebcb817a 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/office/sepamandate/HsOfficeSepaMandateControllerAcceptanceTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/office/sepamandate/HsOfficeSepaMandateControllerAcceptanceTest.java @@ -62,7 +62,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .port(port) .when() .get("http://localhost/api/hs/office/sepamandates") @@ -111,7 +111,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl final var location = RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .contentType(ContentType.JSON) .body(""" { @@ -153,7 +153,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl final var location = RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .contentType(ContentType.JSON) .body(""" { @@ -178,7 +178,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl final var location = RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .contentType(ContentType.JSON) .body(""" { @@ -208,7 +208,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl final var location = RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .contentType(ContentType.JSON) .body(""" { @@ -242,7 +242,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .port(port) .when() .get("http://localhost/api/hs/office/sepamandates/" + givenSepaMandateUuid) @@ -272,7 +272,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl RestAssured // @formatter:off .given() - .header("current-user", "selfregistered-user-drew@hostsharing.org") + .header("current-subject", "selfregistered-user-drew@hostsharing.org") .port(port) .when() .get("http://localhost/api/hs/office/sepamandates/" + givenSepaMandateUuid) @@ -289,7 +289,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl RestAssured // @formatter:off .given() - .header("current-user", "bankaccount-admin@FirstGmbH.example.com") + .header("current-subject", "bankaccount-admin@FirstGmbH.example.com") .port(port) .when() .get("http://localhost/api/hs/office/sepamandates/" + givenSepaMandateUuid) @@ -321,7 +321,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl final var location = RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .contentType(ContentType.JSON) .body(""" { @@ -367,7 +367,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl final var location = RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .contentType(ContentType.JSON) .body(""" { @@ -407,7 +407,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl final var location = RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .contentType(ContentType.JSON) .body(""" { @@ -441,7 +441,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .port(port) .when() .delete("http://localhost/api/hs/office/sepamandates/" + givenSepaMandate.getUuid()) @@ -459,7 +459,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl RestAssured // @formatter:off .given() - .header("current-user", "bankaccount-admin@FirstGmbH.example.com") + .header("current-subject", "bankaccount-admin@FirstGmbH.example.com") .port(port) .when() .delete("http://localhost/api/hs/office/sepamandates/" + givenSepaMandate.getUuid()) @@ -477,7 +477,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl RestAssured // @formatter:off .given() - .header("current-user", "selfregistered-user-drew@hostsharing.org") + .header("current-subject", "selfregistered-user-drew@hostsharing.org") .port(port) .when() .delete("http://localhost/api/hs/office/sepamandates/" + givenSepaMandate.getUuid()) diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/context/ContextBasedTest.java b/src/test/java/net/hostsharing/hsadminng/rbac/context/ContextBasedTest.java index 1ba06236..dbe873c3 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/context/ContextBasedTest.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/context/ContextBasedTest.java @@ -26,7 +26,7 @@ public abstract class ContextBasedTest { 
      RbacGrantsDiagramService.writeToFile(
          "title",
-         diagramService.allGrantsToCurrentUser(of(RbacGrantsDiagramService.Include.USERS, RbacGrantsDiagramService.Include.TEST_ENTITIES, RbacGrantsDiagramService.Include.NOT_ASSUMED, RbacGrantsDiagramService.Include.DETAILS, RbacGrantsDiagramService.Include.PERMISSIONS)),
+         diagramService.allGrantsTocurrentSubject(of(RbacGrantsDiagramService.Include.USERS, RbacGrantsDiagramService.Include.TEST_ENTITIES, RbacGrantsDiagramService.Include.NOT_ASSUMED, RbacGrantsDiagramService.Include.DETAILS, RbacGrantsDiagramService.Include.PERMISSIONS)),
          "filename.md
      );
@@ -41,12 +41,12 @@ public abstract class ContextBasedTest { this.test = testInfo; } - protected void context(final String currentUser, final String assumedRoles) { - context.define(test.getDisplayName(), null, currentUser, assumedRoles); + protected void context(final String currentSubject, final String assumedRoles) { + context.define(test.getDisplayName(), null, currentSubject, assumedRoles); } - protected void context(final String currentUser) { - context(currentUser, null); + protected void context(final String currentSubject) { + context(currentSubject, null); } protected void historicalContext(final Long txId) { diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/context/ContextIntegrationTests.java b/src/test/java/net/hostsharing/hsadminng/rbac/context/ContextIntegrationTests.java index 1838958e..1bace68c 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/context/ContextIntegrationTests.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/context/ContextIntegrationTests.java @@ -36,30 +36,30 @@ class ContextIntegrationTests { context.define("superuser-alex@hostsharing.net", null); - assertThat(context.getCurrentTask()) + assertThat(context.fetchCurrentTask()) .isEqualTo("ContextIntegrationTests.defineWithoutHttpServletRequestUsesCallStack"); } @Test @Transactional - void defineWithCurrentUserButWithoutAssumedRoles() { + void defineWithcurrentSubjectButWithoutAssumedRoles() { // when context.define("superuser-alex@hostsharing.net"); // then - assertThat(context.getCurrentUser()). + assertThat(context.fetchCurrentSubject()). isEqualTo("superuser-alex@hostsharing.net"); - assertThat(context.getCurrentUserUUid()).isNotNull(); + assertThat(context.fetchCurrentSubjectUuid()).isNotNull(); - assertThat(context.getAssumedRoles()).isEmpty(); + assertThat(context.fetchAssumedRoles()).isEmpty(); - assertThat(context.currentSubjectsUuids()) - .containsExactly(context.getCurrentUserUUid()); + assertThat(context.fetchCurrentSubjectOrAssumedRolesUuids()) + .containsExactly(context.fetchCurrentSubjectUuid()); } @Test - void defineWithoutCurrentUserButWithAssumedRoles() { + void defineWithoutcurrentSubjectButWithAssumedRoles() { // when final var result = jpaAttempt.transacted(() -> context.define(null, "test_package#yyy00:ADMIN") @@ -72,7 +72,7 @@ class ContextIntegrationTests { } @Test - void defineWithUnknownCurrentUser() { + void defineWithUnknowncurrentSubject() { // when final var result = jpaAttempt.transacted(() -> context.define("unknown@example.org") @@ -81,27 +81,27 @@ class ContextIntegrationTests { // then result.assertExceptionWithRootCauseMessage( jakarta.persistence.PersistenceException.class, - "[401] user unknown@example.org given in `basis.defineContext(...)` does not exist"); + "[401] subject unknown@example.org given in `basis.defineContext(...)` does not exist"); } @Test @Transactional - void defineWithCurrentUserAndAssumedRoles() { + void defineWithcurrentSubjectAndAssumedRoles() { // given context.define("superuser-alex@hostsharing.net", "test_customer#xxx:OWNER;test_customer#yyy:OWNER"); // when - final var currentUser = context.getCurrentUser(); - assertThat(currentUser).isEqualTo("superuser-alex@hostsharing.net"); + final var currentSubject = context.fetchCurrentSubject(); + assertThat(currentSubject).isEqualTo("superuser-alex@hostsharing.net"); // then - assertThat(context.getAssumedRoles()) + assertThat(context.fetchAssumedRoles()) .isEqualTo(Array.of("test_customer#xxx:OWNER", "test_customer#yyy:OWNER")); - assertThat(context.currentSubjectsUuids()).hasSize(2); + assertThat(context.fetchCurrentSubjectOrAssumedRolesUuids()).hasSize(2); } @Test - public void defineContextWithCurrentUserAndAssumeInaccessibleRole() { + public void defineContextWithcurrentSubjectAndAssumeInaccessibleRole() { // when final var result = jpaAttempt.transacted(() -> context.define("customer-admin@xxx.example.com", "test_package#yyy00:ADMIN") @@ -110,6 +110,6 @@ class ContextIntegrationTests { // then result.assertExceptionWithRootCauseMessage( jakarta.persistence.PersistenceException.class, - "ERROR: [403] user customer-admin@xxx.example.com has no permission to assume role test_package#yyy00:ADMIN"); + "ERROR: [403] subject customer-admin@xxx.example.com has no permission to assume role test_package#yyy00:ADMIN"); } } diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/context/ContextUnitTest.java b/src/test/java/net/hostsharing/hsadminng/rbac/context/ContextUnitTest.java index 3b1f6cf5..1a9f9140 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/context/ContextUnitTest.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/context/ContextUnitTest.java @@ -31,7 +31,7 @@ class ContextUnitTest { call basis.defineContext( cast(:currentTask as varchar(127)), cast(:currentRequest as text), - cast(:currentUser as varchar(63)), + cast(:currentSubject as varchar(63)), cast(:assumedRoles as varchar(1023))); """; @@ -57,7 +57,7 @@ class ContextUnitTest { void registerWithoutHttpServletRequestUsesCallStackForTask() { given(em.createNativeQuery(any())).willReturn(nativeQuery); - context.define("current-user"); + context.define("current-subject"); verify(em).createNativeQuery(DEFINE_CONTEXT_QUERY_STRING); verify(nativeQuery).setParameter( @@ -69,7 +69,7 @@ class ContextUnitTest { void registerWithoutHttpServletRequestUsesEmptyStringForRequest() { given(em.createNativeQuery(any())).willReturn(nativeQuery); - context.define("current-user"); + context.define("current-subject"); verify(em).createNativeQuery(DEFINE_CONTEXT_QUERY_STRING); verify(nativeQuery).setParameter("currentRequest", null); @@ -109,12 +109,12 @@ class ContextUnitTest { @Test void registerWithHttpServletRequestUsesRequest() throws IOException { givenRequest("POST", "http://localhost:9999/api/endpoint", Map.ofEntries( - Map.entry("current-user", "given-user"), + Map.entry("current-subject", "given-user"), Map.entry("content-type", "application/json"), Map.entry("user-agent", "given-user-agent")), "{}"); - context.define("current-user"); + context.define("current-subject"); verify(em).createNativeQuery(DEFINE_CONTEXT_QUERY_STRING); verify(nativeQuery).setParameter("currentTask", "POST http://localhost:9999/api/endpoint"); @@ -123,20 +123,20 @@ class ContextUnitTest { @Test void registerWithHttpServletRequestForwardsRequestAsCurl() throws IOException { givenRequest("POST", "http://localhost:9999/api/endpoint", Map.ofEntries( - Map.entry("current-user", "given-user"), + Map.entry("current-subject", "given-user"), Map.entry("content-type", "application/json"), Map.entry("user-agent", "given-user-agent")), "{}"); - context.define("current-user"); + context.define("current-subject"); verify(em).createNativeQuery(DEFINE_CONTEXT_QUERY_STRING); verify(nativeQuery).setParameter("currentRequest", """ curl -0 -v -X POST http://localhost:9999/api/endpoint \\ - -H 'current-user:given-user' \\ -H 'content-type:application/json' \\ + -H 'current-subject:given-user' \\ --data-binary @- << EOF - + {} EOF """.trim()); @@ -146,12 +146,12 @@ class ContextUnitTest { void shortensCurrentTaskToMaxLength() throws IOException { givenRequest("GET", "http://localhost:9999/api/endpoint/" + "0123456789".repeat(13), Map.ofEntries( - Map.entry("current-user", "given-user"), + Map.entry("current-subject", "given-user"), Map.entry("content-type", "application/json"), Map.entry("user-agent", "given-user-agent")), "{}"); - context.define("current-user"); + context.define("current-subject"); verify(em).createNativeQuery(DEFINE_CONTEXT_QUERY_STRING); verify(nativeQuery).setParameter(eq("currentTask"), argThat((String t) -> t.length() == 127)); diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantControllerAcceptanceTest.java b/src/test/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantControllerAcceptanceTest.java index aa2f0afb..4dbbde15 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantControllerAcceptanceTest.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantControllerAcceptanceTest.java @@ -61,7 +61,7 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest { void globalAdmin_withoutAssumedRole_canViewAllGrants() { RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .port(port) .when() .get("http://localhost/api/rbac/grants") @@ -113,7 +113,7 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest { void globalAdmin_withAssumedPackageAdminRole_canViewPacketRelatedGrants() { RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .header("assumed-roles", "test_package#yyy00:ADMIN") .port(port) .when() @@ -136,7 +136,7 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest { void packageAdmin_withoutAssumedRole_canViewPacketRelatedGrants() { RestAssured // @formatter:off .given() - .header("current-user", "pac-admin-yyy00@yyy.example.com") + .header("current-subject", "pac-admin-yyy00@yyy.example.com") .port(port) .when() .get("http://localhost/api/rbac/grants") @@ -163,12 +163,12 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest { @Test void customerAdmin_withAssumedPacketAdminRole_canReadPacketAdminsGrantById() { // given - final var givenCurrentUserAsPackageAdmin = new Subject("customer-admin@xxx.example.com"); + final var givencurrentSubjectAsPackageAdmin = new Subject("customer-admin@xxx.example.com"); final var givenGranteeUser = findRbacUserByName("pac-admin-xxx00@xxx.example.com"); final var givenGrantedRole = getRbacRoleByName("test_package#xxx00:ADMIN"); // when - final var grant = givenCurrentUserAsPackageAdmin.getGrantById() + final var grant = givencurrentSubjectAsPackageAdmin.getGrantById() .forGrantedRole(givenGrantedRole).toGranteeUser(givenGranteeUser); // then @@ -182,12 +182,12 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest { @Test void packageAdmin_withoutAssumedRole_canReadItsOwnGrantById() { // given - final var givenCurrentUserAsPackageAdmin = new Subject("pac-admin-xxx00@xxx.example.com"); + final var givencurrentSubjectAsPackageAdmin = new Subject("pac-admin-xxx00@xxx.example.com"); final var givenGranteeUser = findRbacUserByName("pac-admin-xxx00@xxx.example.com"); final var givenGrantedRole = getRbacRoleByName("test_package#xxx00:ADMIN"); // when - final var grant = givenCurrentUserAsPackageAdmin.getGrantById() + final var grant = givencurrentSubjectAsPackageAdmin.getGrantById() .forGrantedRole(givenGrantedRole).toGranteeUser(givenGranteeUser); // then @@ -201,14 +201,14 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest { @Test void packageAdmin_withAssumedPackageAdmin_canStillReadItsOwnGrantById() { // given - final var givenCurrentUserAsPackageAdmin = new Subject( + final var givencurrentSubjectAsPackageAdmin = new Subject( "pac-admin-xxx00@xxx.example.com", "test_package#xxx00:ADMIN"); final var givenGranteeUser = findRbacUserByName("pac-admin-xxx00@xxx.example.com"); final var givenGrantedRole = getRbacRoleByName("test_package#xxx00:ADMIN"); // when - final var grant = givenCurrentUserAsPackageAdmin.getGrantById() + final var grant = givencurrentSubjectAsPackageAdmin.getGrantById() .forGrantedRole(givenGrantedRole).toGranteeUser(givenGranteeUser); // then @@ -223,12 +223,12 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest { void packageAdmin_withAssumedPackageTenantRole_canNotReadItsOwnGrantByIdAnymore() { // given - final var givenCurrentUserAsPackageAdmin = new Subject( + final var givencurrentSubjectAsPackageAdmin = new Subject( "pac-admin-xxx00@xxx.example.com", "test_package#xxx00:TENANT"); final var givenGranteeUser = findRbacUserByName("pac-admin-xxx00@xxx.example.com"); final var givenGrantedRole = getRbacRoleByName("test_package#xxx00:ADMIN"); - final var grant = givenCurrentUserAsPackageAdmin.getGrantById() + final var grant = givencurrentSubjectAsPackageAdmin.getGrantById() .forGrantedRole(givenGrantedRole).toGranteeUser(givenGranteeUser); // then @@ -246,12 +246,12 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest { // given final var givenNewUser = createRBacUser(); final var givenRoleToGrant = "test_package#xxx00:ADMIN"; - final var givenCurrentUserAsPackageAdmin = new Subject("pac-admin-xxx00@xxx.example.com", givenRoleToGrant); + final var givencurrentSubjectAsPackageAdmin = new Subject("pac-admin-xxx00@xxx.example.com", givenRoleToGrant); final var givenOwnPackageAdminRole = - getRbacRoleByName(givenCurrentUserAsPackageAdmin.assumedRole); + getRbacRoleByName(givencurrentSubjectAsPackageAdmin.assumedRole); // when - final var response = givenCurrentUserAsPackageAdmin + final var response = givencurrentSubjectAsPackageAdmin .grantsRole(givenOwnPackageAdminRole).assumed() .toUser(givenNewUser); @@ -262,7 +262,7 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest { .body("assumed", is(true)) .body("grantedRoleIdName", is("test_package#xxx00:ADMIN")) .body("granteeUserName", is(givenNewUser.getName())); - assertThat(findAllGrantsOf(givenCurrentUserAsPackageAdmin)) + assertThat(findAllGrantsOf(givencurrentSubjectAsPackageAdmin)) .extracting(RbacGrantEntity::toDisplay) .contains("{ grant role:" + givenOwnPackageAdminRole.getRoleName() + " to user:" + givenNewUser.getName() + @@ -275,11 +275,11 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest { // given final var givenNewUser = createRBacUser(); final var givenRoleToGrant = "test_package#xxx00:ADMIN"; - final var givenCurrentUserAsPackageAdmin = new Subject("pac-admin-xxx00@xxx.example.com", givenRoleToGrant); + final var givencurrentSubjectAsPackageAdmin = new Subject("pac-admin-xxx00@xxx.example.com", givenRoleToGrant); final var givenAlienPackageAdminRole = getRbacRoleByName("test_package#yyy00:ADMIN"); // when - final var result = givenCurrentUserAsPackageAdmin + final var result = givencurrentSubjectAsPackageAdmin .grantsRole(givenAlienPackageAdminRole).assumed() .toUser(givenNewUser); @@ -288,7 +288,7 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest { .statusCode(403) .body("message", containsString("Access to granted role")) .body("message", containsString("forbidden for test_package#xxx00:ADMIN")); - assertThat(findAllGrantsOf(givenCurrentUserAsPackageAdmin)) + assertThat(findAllGrantsOf(givencurrentSubjectAsPackageAdmin)) .extracting(RbacGrantEntity::getGranteeUserName) .doesNotContain(givenNewUser.getName()); } @@ -304,28 +304,28 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest { // given final var givenArbitraryUser = createRBacUser(); final var givenRoleToGrant = "test_package#xxx00:ADMIN"; - final var givenCurrentUserAsPackageAdmin = new Subject("pac-admin-xxx00@xxx.example.com", givenRoleToGrant); + final var givencurrentSubjectAsPackageAdmin = new Subject("pac-admin-xxx00@xxx.example.com", givenRoleToGrant); final var givenOwnPackageAdminRole = getRbacRoleByName("test_package#xxx00:ADMIN"); // and given an existing grant - assumeCreated(givenCurrentUserAsPackageAdmin + assumeCreated(givencurrentSubjectAsPackageAdmin .grantsRole(givenOwnPackageAdminRole).assumed() .toUser(givenArbitraryUser)); assumeGrantExists( - givenCurrentUserAsPackageAdmin, + givencurrentSubjectAsPackageAdmin, "{ grant role:%s to user:%s by role:%s and assume }".formatted( givenOwnPackageAdminRole.getRoleName(), givenArbitraryUser.getName(), - givenCurrentUserAsPackageAdmin.assumedRole)); + givencurrentSubjectAsPackageAdmin.assumedRole)); // when - final var revokeResponse = givenCurrentUserAsPackageAdmin + final var revokeResponse = givencurrentSubjectAsPackageAdmin .revokesRole(givenOwnPackageAdminRole) .fromUser(givenArbitraryUser); // then revokeResponse.assertThat().statusCode(204); - assertThat(findAllGrantsOf(givenCurrentUserAsPackageAdmin)) + assertThat(findAllGrantsOf(givencurrentSubjectAsPackageAdmin)) .extracting(RbacGrantEntity::getGranteeUserName) .doesNotContain(givenArbitraryUser.getName()); } @@ -337,16 +337,16 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest { class Subject { - final String currentUser; + final String currentSubject; final String assumedRole; - public Subject(final String currentUser, final String assumedRole) { - this.currentUser = currentUser; + public Subject(final String currentSubject, final String assumedRole) { + this.currentSubject = currentSubject; this.assumedRole = assumedRole; } - public Subject(final String currentUser) { - this(currentUser, ""); + public Subject(final String currentSubject) { + this(currentSubject, ""); } GrantFixture grantsRole(final RbacRoleEntity givenOwnPackageAdminRole) { @@ -382,7 +382,7 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest { return RestAssured // @formatter:ff .given() - .header("current-user", grantingSubject.currentUser) + .header("current-subject", grantingSubject.currentSubject) .header("assumed-roles", grantingSubject.assumedRole) .contentType(ContentType.JSON) .body(""" @@ -418,7 +418,7 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest { return RestAssured // @formatter:ff .given() - .header("current-user", currentSubject.currentUser) + .header("current-subject", currentSubject.currentSubject) .header("assumed-roles", currentSubject.assumedRole) .contentType(ContentType.JSON) .body(""" @@ -454,7 +454,7 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest { return RestAssured // @formatter:ff .given() - .header("current-user", currentSubject.currentUser) + .header("current-subject", currentSubject.currentSubject) .header("assumed-roles", currentSubject.assumedRole) .port(port) .when() @@ -475,7 +475,7 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest { List findAllGrantsOf(final Subject grantingSubject) { return jpaAttempt.transacted(() -> { - context(grantingSubject.currentUser, null); + context(grantingSubject.currentSubject, null); return rbacGrantRepository.findAll(); }).returnedValue(); } diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantsDiagramServiceIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantsDiagramServiceIntegrationTest.java index 7f183ba3..7c7dccee 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantsDiagramServiceIntegrationTest.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantsDiagramServiceIntegrationTest.java @@ -44,18 +44,18 @@ class RbacGrantsDiagramServiceIntegrationTest extends ContextBasedTestWithCleanu this.test = testInfo; } - protected void context(final String currentUser, final String assumedRoles) { - context.define(test.getDisplayName(), null, currentUser, assumedRoles); + protected void context(final String currentSubject, final String assumedRoles) { + context.define(test.getDisplayName(), null, currentSubject, assumedRoles); } - protected void context(final String currentUser) { - context(currentUser, null); + protected void context(final String currentSubject) { + context(currentSubject, null); } @Test - void allGrantsToCurrentUser() { + void allGrantsTocurrentSubject() { context("superuser-alex@hostsharing.net", "test_domain#xxx00-aaaa:OWNER"); - final var graph = grantsMermaidService.allGrantsToCurrentUser(EnumSet.of(Include.TEST_ENTITIES)); + final var graph = grantsMermaidService.allGrantsTocurrentSubject(EnumSet.of(Include.TEST_ENTITIES)); assertThat(graph).isEqualTo(""" flowchart TB @@ -68,9 +68,9 @@ class RbacGrantsDiagramServiceIntegrationTest extends ContextBasedTestWithCleanu } @Test - void allGrantsToCurrentUserIncludingPermissions() { + void allGrantsTocurrentSubjectIncludingPermissions() { context("superuser-alex@hostsharing.net", "test_domain#xxx00-aaaa:OWNER"); - final var graph = grantsMermaidService.allGrantsToCurrentUser(EnumSet.of(Include.TEST_ENTITIES, Include.PERMISSIONS)); + final var graph = grantsMermaidService.allGrantsTocurrentSubject(EnumSet.of(Include.TEST_ENTITIES, Include.PERMISSIONS)); assertThat(graph).isEqualTo(""" flowchart TB @@ -93,11 +93,11 @@ class RbacGrantsDiagramServiceIntegrationTest extends ContextBasedTestWithCleanu //context("superuser-alex@hostsharing.net", "hs_office_person#FirbySusan:ADMIN"); context("superuser-alex@hostsharing.net"); - //final var graph = grantsMermaidService.allGrantsToCurrentUser(EnumSet.of(Include.NON_TEST_ENTITIES, Include.PERMISSIONS)); + //final var graph = grantsMermaidService.allGrantsTocurrentSubject(EnumSet.of(Include.NON_TEST_ENTITIES, Include.PERMISSIONS)); final var targetObject = (UUID) em.createNativeQuery("SELECT uuid FROM hs_office_coopassetstransaction WHERE reference='ref 1000101-1'").getSingleResult(); final var graph = grantsMermaidService.allGrantsFrom(targetObject, "view", EnumSet.of(Include.USERS)); - RbacGrantsDiagramService.writeToFile(join(";", context.getAssumedRoles()), graph, "doc/all-grants.md"); + RbacGrantsDiagramService.writeToFile(join(";", context.fetchAssumedRoles()), graph, "doc/all-grants.md"); } } diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RawRbacObjectEntity.java b/src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RawRbacObjectEntity.java index d4256e56..dedda7c2 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RawRbacObjectEntity.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RawRbacObjectEntity.java @@ -9,7 +9,7 @@ import java.util.List; import java.util.UUID; @Entity -@Table(name = "rbacobject") // TODO: create view rbacobject_ev +@Table(schema = "rbac", name = "object") // TODO.impl: create view rbacobject_ev @Getter @Setter @ToString diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleControllerAcceptanceTest.java b/src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleControllerAcceptanceTest.java index 5f20b0ab..2b710bfb 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleControllerAcceptanceTest.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleControllerAcceptanceTest.java @@ -35,7 +35,7 @@ class RbacRoleControllerAcceptanceTest { // @formatter:off RestAssured .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .port(port) .when() .get("http://localhost/api/rbac/roles") @@ -60,7 +60,7 @@ class RbacRoleControllerAcceptanceTest { // @formatter:off RestAssured .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .header("assumed-roles", "test_package#yyy00:ADMIN") .port(port) .when() @@ -93,7 +93,7 @@ class RbacRoleControllerAcceptanceTest { // @formatter:off RestAssured .given() - .header("current-user", "pac-admin-zzz00@zzz.example.com") + .header("current-subject", "pac-admin-zzz00@zzz.example.com") .port(port) .when() .get("http://localhost/api/rbac/roles") diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleControllerRestTest.java b/src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleControllerRestTest.java index 44b3885e..2686ade7 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleControllerRestTest.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleControllerRestTest.java @@ -67,7 +67,7 @@ class RbacRoleControllerRestTest { // when mockMvc.perform(MockMvcRequestBuilders .get("/api/rbac/roles") - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .accept(MediaType.APPLICATION_JSON)) // then diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleRepositoryIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleRepositoryIntegrationTest.java index 092ac91a..71182cd1 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleRepositoryIntegrationTest.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleRepositoryIntegrationTest.java @@ -38,7 +38,7 @@ class RbacRoleRepositoryIntegrationTest { class FindAllRbacRoles { private static final String[] ALL_TEST_DATA_ROLES = Array.of( - // @formatter:off + // @formatter:off "global#global:ADMIN", "test_customer#xxx:ADMIN", "test_customer#xxx:OWNER", "test_customer#xxx:TENANT", "test_package#xxx00:ADMIN", "test_package#xxx00:OWNER", "test_package#xxx00:TENANT", @@ -146,7 +146,7 @@ class RbacRoleRepositoryIntegrationTest { result.assertExceptionWithRootCauseMessage( JpaSystemException.class, - "[401] currentSubjectsUuids cannot be determined, please call `basis.defineContext(...)` with a valid user"); + "[401] currentSubjectOrAssumedRolesUuids cannot be determined, please call `basis.defineContext(...)` with a valid subject"); } } diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserControllerAcceptanceTest.java b/src/test/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserControllerAcceptanceTest.java index 601fadad..f5abca18 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserControllerAcceptanceTest.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserControllerAcceptanceTest.java @@ -81,7 +81,7 @@ class RbacUserControllerAcceptanceTest { // @formatter:off RestAssured .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .port(port) .when() .get("http://localhost/api/rbac/users/" + givenUser.getUuid()) @@ -99,7 +99,7 @@ class RbacUserControllerAcceptanceTest { // @formatter:off RestAssured .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .header("assumed-roles", "test_customer#yyy:ADMIN") .port(port) .when() @@ -118,7 +118,7 @@ class RbacUserControllerAcceptanceTest { // @formatter:off RestAssured .given() - .header("current-user", "customer-admin@yyy.example.com") + .header("current-subject", "customer-admin@yyy.example.com") .port(port) .when() .get("http://localhost/api/rbac/users/" + givenUser.getUuid()) @@ -136,7 +136,7 @@ class RbacUserControllerAcceptanceTest { // @formatter:off RestAssured .given() - .header("current-user", "customer-admin@xxx.example.com") + .header("current-subject", "customer-admin@xxx.example.com") .port(port) .when() .get("http://localhost/api/rbac/users/" + givenUser.getUuid()) @@ -155,7 +155,7 @@ class RbacUserControllerAcceptanceTest { // @formatter:off RestAssured .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .port(port) .when() .get("http://localhost/api/rbac/users") @@ -180,7 +180,7 @@ class RbacUserControllerAcceptanceTest { // @formatter:off RestAssured .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .port(port) .when() .get("http://localhost/api/rbac/users?name=pac-admin-zzz0") @@ -200,7 +200,7 @@ class RbacUserControllerAcceptanceTest { // @formatter:off RestAssured .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .header("assumed-roles", "test_customer#yyy:ADMIN") .port(port) .when() @@ -222,7 +222,7 @@ class RbacUserControllerAcceptanceTest { // @formatter:off RestAssured .given() - .header("current-user", "customer-admin@yyy.example.com") + .header("current-subject", "customer-admin@yyy.example.com") .port(port) .when() .get("http://localhost/api/rbac/users") @@ -243,7 +243,7 @@ class RbacUserControllerAcceptanceTest { // @formatter:off RestAssured .given() - .header("current-user", "pac-admin-xxx01@xxx.example.com") + .header("current-subject", "pac-admin-xxx01@xxx.example.com") .port(port) .when() .get("http://localhost/api/rbac/users") @@ -266,7 +266,7 @@ class RbacUserControllerAcceptanceTest { // @formatter:off RestAssured .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .port(port) .when() .get("http://localhost/api/rbac/users/" + givenUser.getUuid() + "/permissions") @@ -295,7 +295,7 @@ class RbacUserControllerAcceptanceTest { // @formatter:off RestAssured .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .header("assumed-roles", "test_customer#yyy:ADMIN") .port(port) .when() @@ -325,7 +325,7 @@ class RbacUserControllerAcceptanceTest { // @formatter:off RestAssured .given() - .header("current-user", "pac-admin-yyy00@yyy.example.com") + .header("current-subject", "pac-admin-yyy00@yyy.example.com") .port(port) .when() .get("http://localhost/api/rbac/users/" + givenUser.getUuid() + "/permissions") @@ -354,7 +354,7 @@ class RbacUserControllerAcceptanceTest { // @formatter:off RestAssured .given() - .header("current-user", "pac-admin-yyy00@yyy.example.com") + .header("current-subject", "pac-admin-yyy00@yyy.example.com") .port(port) .when() .get("http://localhost/api/rbac/users/" + givenUser.getUuid() + "/permissions") @@ -378,7 +378,7 @@ class RbacUserControllerAcceptanceTest { // @formatter:off final var location = RestAssured .given() - .header("current-user", givenUser.getName()) + .header("current-subject", givenUser.getName()) .port(port) .when() .delete("http://localhost/api/rbac/users/" + givenUser.getUuid()) @@ -399,7 +399,7 @@ class RbacUserControllerAcceptanceTest { // @formatter:off final var location = RestAssured .given() - .header("current-user", "customer-admin@xxx.example.com") + .header("current-subject", "customer-admin@xxx.example.com") .port(port) .when() .delete("http://localhost/api/rbac/users/" + givenUser.getUuid()) @@ -421,7 +421,7 @@ class RbacUserControllerAcceptanceTest { // @formatter:off final var location = RestAssured .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .port(port) .when() .delete("http://localhost/api/rbac/users/" + givenUser.getUuid()) diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/test/ContextBasedTestWithCleanup.java b/src/test/java/net/hostsharing/hsadminng/rbac/test/ContextBasedTestWithCleanup.java index 366e79d7..ac285a45 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/test/ContextBasedTestWithCleanup.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/test/ContextBasedTestWithCleanup.java @@ -18,6 +18,7 @@ import org.springframework.data.repository.Repository; import org.springframework.transaction.PlatformTransactionManager; import jakarta.persistence.*; +import jakarta.transaction.Transactional; import java.util.*; import java.util.concurrent.atomic.AtomicBoolean; import java.util.function.Supplier; @@ -200,7 +201,7 @@ public abstract class ContextBasedTestWithCleanup extends ContextBasedTest { }); }).caughtException(); - // ... and in case of foreign key violations, we rely on the RbacObject cleanup. + // ... and in case of foreign key violations, we rely on the rbac.object cleanup. if (exception != null) { System.err.println(exception); } @@ -322,7 +323,7 @@ public abstract class ContextBasedTestWithCleanup extends ContextBasedTest { protected void generateRbacDiagramForCurrentSubjects(final EnumSet include, final String name) { RbacGrantsDiagramService.writeToFile( name, - diagramService.allGrantsToCurrentUser(include), + diagramService.allGrantsTocurrentSubject(include), "doc/temp/" + name + ".md" ); } @@ -362,7 +363,7 @@ interface RbacObjectRepository extends Repository { } @Entity -@Table(name = "rbacobject") +@Table(schema ="rbac", name = "object") class RbacObjectEntity { @Id diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/test/cust/TestCustomerControllerAcceptanceTest.java b/src/test/java/net/hostsharing/hsadminng/rbac/test/cust/TestCustomerControllerAcceptanceTest.java index 2d6d5a70..60b7148d 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/test/cust/TestCustomerControllerAcceptanceTest.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/test/cust/TestCustomerControllerAcceptanceTest.java @@ -54,7 +54,7 @@ class TestCustomerControllerAcceptanceTest { void globalAdmin_withoutAssumedRoles_canViewAllCustomers_ifNoCriteriaGiven() { RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .port(port) .when() .get("http://localhost/api/test/customers") @@ -72,7 +72,7 @@ class TestCustomerControllerAcceptanceTest { void globalAdmin_withoutAssumedRoles_canViewMatchingCustomers_ifCriteriaGiven() { RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .port(port) .when() .get("http://localhost/api/test/customers?prefix=y") @@ -88,7 +88,7 @@ class TestCustomerControllerAcceptanceTest { void globalAdmin_withoutAssumedCustomerAdminRole_canOnlyViewOwnCustomer() { RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .header("assumed-roles", "test_customer#yyy:ADMIN") .port(port) .when() @@ -105,7 +105,7 @@ class TestCustomerControllerAcceptanceTest { void customerAdmin_withoutAssumedRole_canOnlyViewOwnCustomer() { RestAssured // @formatter:off .given() - .header("current-user", "customer-admin@yyy.example.com") + .header("current-subject", "customer-admin@yyy.example.com") .port(port) .when() .get("http://localhost/api/test/customers") @@ -126,7 +126,7 @@ class TestCustomerControllerAcceptanceTest { final var location = RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .contentType(ContentType.JSON) .body(""" { @@ -158,7 +158,7 @@ class TestCustomerControllerAcceptanceTest { RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .header("assumed-roles", "test_customer#xxx:ADMIN") .contentType(ContentType.JSON) .body(""" @@ -189,7 +189,7 @@ class TestCustomerControllerAcceptanceTest { RestAssured // @formatter:off .given() - .header("current-user", "customer-admin@yyy.example.com") + .header("current-subject", "customer-admin@yyy.example.com") .contentType(ContentType.JSON) .body(""" { @@ -219,7 +219,7 @@ class TestCustomerControllerAcceptanceTest { RestAssured // @formatter:off .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .contentType(ContentType.JSON) .body("{]") // deliberately invalid JSON .port(port) diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/test/pac/TestPackageControllerAcceptanceTest.java b/src/test/java/net/hostsharing/hsadminng/rbac/test/pac/TestPackageControllerAcceptanceTest.java index a5e89330..fd9ec9a0 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/test/pac/TestPackageControllerAcceptanceTest.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/test/pac/TestPackageControllerAcceptanceTest.java @@ -43,7 +43,7 @@ class TestPackageControllerAcceptanceTest { // @formatter:off RestAssured .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .header("assumed-roles", "test_customer#xxx:ADMIN") .port(port) .when() @@ -65,7 +65,7 @@ class TestPackageControllerAcceptanceTest { // @formatter:off RestAssured .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .header("assumed-roles", "test_customer#xxx:ADMIN") .port(port) .when() @@ -94,7 +94,7 @@ class TestPackageControllerAcceptanceTest { // @formatter:off RestAssured .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .header("assumed-roles", "test_customer#xxx:ADMIN") .contentType(ContentType.JSON) .body(format(""" @@ -125,7 +125,7 @@ class TestPackageControllerAcceptanceTest { // @formatter:off RestAssured .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .header("assumed-roles", "test_customer#xxx:ADMIN") .contentType(ContentType.JSON) .body(""" @@ -155,7 +155,7 @@ class TestPackageControllerAcceptanceTest { // @formatter:off RestAssured .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .header("assumed-roles", "test_customer#xxx:ADMIN") .contentType(ContentType.JSON) .body("{}") @@ -175,7 +175,7 @@ class TestPackageControllerAcceptanceTest { // @formatter:off return UUID.fromString(RestAssured .given() - .header("current-user", "superuser-alex@hostsharing.net") + .header("current-subject", "superuser-alex@hostsharing.net") .header("assumed-roles", "test_customer#xxx:ADMIN") .port(port) .when() -- 2.39.5 From 0fa8f56f99fbc98dda6fb89bdd39d3c577cdb706 Mon Sep 17 00:00:00 2001 From: Michael Hoennig Date: Fri, 13 Sep 2024 13:06:25 +0200 Subject: [PATCH 13/57] fix alias usage in git-pull-and-run-if-origin-changed --- bin/git-pull-and-run-if-origin-changed | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/bin/git-pull-and-run-if-origin-changed b/bin/git-pull-and-run-if-origin-changed index 48c5f22e..fa34e06a 100755 --- a/bin/git-pull-and-run-if-origin-changed +++ b/bin/git-pull-and-run-if-origin-changed @@ -5,6 +5,9 @@ if [ -z "$1" ]; then exit 1 fi +shopt -s expand_aliases +source .aliases + # get the current branch name BRANCH=$(git rev-parse --abbrev-ref HEAD) @@ -16,7 +19,7 @@ while true; do REMOTE=$(git rev-parse origin/$BRANCH) # check if the local branch differs from the remote branch - if [ "$LOCAL" != "$REMOTE" ]; then + if [ "$LOCAL" == "$REMOTE" ]; then echo "pulling changes from origin" git pull origin $BRANCH -- 2.39.5 From 51bff646ab4a8410f5f4b32127bb54fc601bb63d Mon Sep 17 00:00:00 2001 From: Michael Hoennig Date: Fri, 13 Sep 2024 13:15:06 +0200 Subject: [PATCH 14/57] fix alias usage in git-pull-and-run-if-origin-changed --- ...ed => git-pull-and-if-origin-changed-run-tests} | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) rename bin/{git-pull-and-run-if-origin-changed => git-pull-and-if-origin-changed-run-tests} (79%) diff --git a/bin/git-pull-and-run-if-origin-changed b/bin/git-pull-and-if-origin-changed-run-tests similarity index 79% rename from bin/git-pull-and-run-if-origin-changed rename to bin/git-pull-and-if-origin-changed-run-tests index fa34e06a..945c4dbd 100755 --- a/bin/git-pull-and-run-if-origin-changed +++ b/bin/git-pull-and-if-origin-changed-run-tests @@ -1,13 +1,5 @@ #!/bin/bash -if [ -z "$1" ]; then - echo "command missing in arguments" >&2 - exit 1 -fi - -shopt -s expand_aliases -source .aliases - # get the current branch name BRANCH=$(git rev-parse --abbrev-ref HEAD) @@ -24,8 +16,10 @@ while true; do git pull origin $BRANCH # run the command - echo "Running $*" - "$@" + echo "Running gw-test" + shopt -s expand_aliases + source .aliases + gw-test else echo "no changes detected on the origin branch" fi -- 2.39.5 From 33f1706d3477d834a4cbdc4620a9ae990286ff26 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michael=20H=C3=B6nnig?= Date: Fri, 13 Sep 2024 13:19:29 +0200 Subject: [PATCH 15/57] run ./gradlew test not gw-test alias in git-pull-... --- bin/git-pull-and-if-origin-changed-run-tests | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/bin/git-pull-and-if-origin-changed-run-tests b/bin/git-pull-and-if-origin-changed-run-tests index 945c4dbd..ad741f6d 100755 --- a/bin/git-pull-and-if-origin-changed-run-tests +++ b/bin/git-pull-and-if-origin-changed-run-tests @@ -16,10 +16,9 @@ while true; do git pull origin $BRANCH # run the command - echo "Running gw-test" - shopt -s expand_aliases - source .aliases - gw-test + echo "Running ./gradlew test" + source .aliases # only variables, aliases are not expanded in scripts + ./gradlew test else echo "no changes detected on the origin branch" fi -- 2.39.5 From fde46d26ccd9a017aed2cdf7536b4b243b469a16 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michael=20H=C3=B6nnig?= Date: Fri, 13 Sep 2024 13:20:07 +0200 Subject: [PATCH 16/57] run ./gradlew test not gw-test alias in git-pull-... --- bin/git-pull-and-if-origin-changed-run-tests | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/git-pull-and-if-origin-changed-run-tests b/bin/git-pull-and-if-origin-changed-run-tests index ad741f6d..7eb86a66 100755 --- a/bin/git-pull-and-if-origin-changed-run-tests +++ b/bin/git-pull-and-if-origin-changed-run-tests @@ -11,7 +11,7 @@ while true; do REMOTE=$(git rev-parse origin/$BRANCH) # check if the local branch differs from the remote branch - if [ "$LOCAL" == "$REMOTE" ]; then + if [ "$LOCAL" != "$REMOTE" ]; then echo "pulling changes from origin" git pull origin $BRANCH -- 2.39.5 From b33bafb753e8512d3cf9b88c4fc30d0f3367683c Mon Sep 17 00:00:00 2001 From: Michael Hoennig Date: Fri, 13 Sep 2024 13:57:39 +0200 Subject: [PATCH 17/57] git-pull-and-run-if-origin-changed: pull every 10s and show commit-ids --- bin/git-pull-and-if-origin-changed-run-tests | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/bin/git-pull-and-if-origin-changed-run-tests b/bin/git-pull-and-if-origin-changed-run-tests index 7eb86a66..b1742689 100755 --- a/bin/git-pull-and-if-origin-changed-run-tests +++ b/bin/git-pull-and-if-origin-changed-run-tests @@ -12,7 +12,7 @@ while true; do # check if the local branch differs from the remote branch if [ "$LOCAL" != "$REMOTE" ]; then - echo "pulling changes from origin" + echo "local $LOCAL differs from remote $REMOTE => pulling changes from origin" git pull origin $BRANCH # run the command @@ -23,6 +23,7 @@ while true; do echo "no changes detected on the origin branch" fi - echo "waiting for 1 minute before checking again..." - sleep 60 + echo -e "waiting for changes..." + sleep 10 + echo -e "\r\033[K" done -- 2.39.5 From e88ab1b60bdc744139bf718e4e876e6275045d44 Mon Sep 17 00:00:00 2001 From: Michael Hoennig Date: Fri, 13 Sep 2024 14:19:12 +0200 Subject: [PATCH 18/57] fix trigger order --- .../resources/db/changelog/0-basis/020-audit-log.sql | 5 +++-- .../resources/db/changelog/0-basis/030-historization.sql | 9 +++++---- .../hsadminng/rbac/context/ContextBasedTest.java | 4 ++-- 3 files changed, 10 insertions(+), 8 deletions(-) diff --git a/src/main/resources/db/changelog/0-basis/020-audit-log.sql b/src/main/resources/db/changelog/0-basis/020-audit-log.sql index b1835fff..7ac3f790 100644 --- a/src/main/resources/db/changelog/0-basis/020-audit-log.sql +++ b/src/main/resources/db/changelog/0-basis/020-audit-log.sql @@ -25,7 +25,7 @@ create table basis.tx_context ( txId xid8 primary key not null, txTimestamp timestamp not null, - currentSubject varchar(63) not null, -- not the uuid, because users can be deleted + currentSubject varchar(63) not null, -- not the uuid, because users can be deleted assumedRoles varchar(1023) not null, -- not the uuids, because roles can be deleted currentTask varchar(127) not null, currentRequest text not null @@ -123,7 +123,8 @@ declare begin targetTable := lower(targetTable); - createTriggerSQL = 'CREATE TRIGGER tx_journal_tg' || + -- "-0-" to put the trigger execution before any alphabetically greater tx-triggers + createTriggerSQL = 'CREATE TRIGGER tx_0_journal_tg' || ' AFTER INSERT OR UPDATE OR DELETE ON ' || targetTable || ' FOR EACH ROW EXECUTE PROCEDURE basis.tx_journal_trigger()'; execute createTriggerSQL; diff --git a/src/main/resources/db/changelog/0-basis/030-historization.sql b/src/main/resources/db/changelog/0-basis/030-historization.sql index dd523006..cc200acc 100644 --- a/src/main/resources/db/changelog/0-basis/030-historization.sql +++ b/src/main/resources/db/changelog/0-basis/030-historization.sql @@ -12,14 +12,14 @@ declare historicalTxId xid8; historicalTimestamp timestamp; begin - select coalesce(current_setting('hsadminng.basis.tx_history_txid', true), '') into historicalTxIdSetting; + select coalesce(current_setting('hsadminng.tx_history_txid', true), '') into historicalTxIdSetting; select coalesce(current_setting('hsadminng.tx_history_timestamp', true), '') into historicalTimestampSetting; if historicalTxIdSetting > '' and historicalTimestampSetting > '' then - raise exception 'either hsadminng.basis.tx_history_txid or hsadminng.tx_history_timestamp must be set, but both are set: (%, %)', + raise exception 'either hsadminng.tx_history_txid or hsadminng.tx_history_timestamp must be set, but both are set: (%, %)', historicalTxIdSetting, historicalTimestampSetting; end if; if historicalTxIdSetting = '' and historicalTimestampSetting = '' then - raise exception 'either hsadminng.basis.tx_history_txid or hsadminng.tx_history_timestamp must be set, but both are unset or empty: (%, %)', + raise exception 'either hsadminng.tx_history_txid or hsadminng.tx_history_timestamp must be set, but both are unset or empty: (%, %)', historicalTxIdSetting, historicalTimestampSetting; end if; -- just for debugging / making sure the function is only called once per query @@ -150,7 +150,8 @@ begin raise notice 'sql: %', createViewSQL; execute createViewSQL; - createTriggerSQL = 'CREATE TRIGGER ' || baseTable || '_tx_historicize_tg' || + -- "-9-" to put the trigger execution after any alphabetically lesser tx-triggers + createTriggerSQL = 'CREATE TRIGGER tx_9_historicize_tg' || ' AFTER INSERT OR DELETE OR UPDATE ON ' || baseTable || ' FOR EACH ROW EXECUTE PROCEDURE tx_historicize_tf()'; raise notice 'sql: %', createTriggerSQL; diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/context/ContextBasedTest.java b/src/test/java/net/hostsharing/hsadminng/rbac/context/ContextBasedTest.java index dbe873c3..69a6fae1 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/context/ContextBasedTest.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/context/ContextBasedTest.java @@ -52,7 +52,7 @@ public abstract class ContextBasedTest { protected void historicalContext(final Long txId) { // set local cannot be used with query parameters em.createNativeQuery(""" - set local hsadminng.basis.tx_history_txid to ':txid'; + set local hsadminng.tx_history_txid to ':txid'; """.replace(":txid", txId.toString())).executeUpdate(); em.createNativeQuery(""" set local hsadminng.tx_history_timestamp to ''; @@ -66,7 +66,7 @@ public abstract class ContextBasedTest { set local hsadminng.tx_history_timestamp to ':timestamp'; """.replace(":timestamp", txTimestamp.toString())).executeUpdate(); em.createNativeQuery(""" - set local hsadminng.basis.tx_history_txid to ''; + set local hsadminng.tx_history_txid to ''; """).executeUpdate(); } -- 2.39.5 From 37835637f614326829407b1da5545bd970b4e9cc Mon Sep 17 00:00:00 2001 From: Michael Hoennig Date: Fri, 13 Sep 2024 14:19:22 +0200 Subject: [PATCH 19/57] fix package name in arch test --- .../java/net/hostsharing/hsadminng/arch/ArchitectureTest.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/test/java/net/hostsharing/hsadminng/arch/ArchitectureTest.java b/src/test/java/net/hostsharing/hsadminng/arch/ArchitectureTest.java index cb214959..85a1d462 100644 --- a/src/test/java/net/hostsharing/hsadminng/arch/ArchitectureTest.java +++ b/src/test/java/net/hostsharing/hsadminng/arch/ArchitectureTest.java @@ -71,7 +71,7 @@ public class ArchitectureTest { "..rbac.rbacuser", "..rbac.rbacgrant", "..rbac.rbacrole", - "..rbac.object", + "..rbac.rbacobject", "..rbac.rbacdef", "..stringify" // ATTENTION: Don't simply add packages here, also add arch rules for the new package! -- 2.39.5 From 62180b9cf68ac7a4e345a34d0cbf7e59eb394716 Mon Sep 17 00:00:00 2001 From: Michael Hoennig Date: Fri, 13 Sep 2024 14:20:00 +0200 Subject: [PATCH 20/57] less output from git-pull-and-if-origin-changed-run-tests --- bin/git-pull-and-if-origin-changed-run-tests | 2 -- 1 file changed, 2 deletions(-) diff --git a/bin/git-pull-and-if-origin-changed-run-tests b/bin/git-pull-and-if-origin-changed-run-tests index b1742689..bc0a5da1 100755 --- a/bin/git-pull-and-if-origin-changed-run-tests +++ b/bin/git-pull-and-if-origin-changed-run-tests @@ -19,8 +19,6 @@ while true; do echo "Running ./gradlew test" source .aliases # only variables, aliases are not expanded in scripts ./gradlew test - else - echo "no changes detected on the origin branch" fi echo -e "waiting for changes..." -- 2.39.5 From 5183dcd044851c220334745e06b947d62aed4398 Mon Sep 17 00:00:00 2001 From: Michael Hoennig Date: Fri, 13 Sep 2024 14:53:40 +0200 Subject: [PATCH 21/57] rbac.assumedRoleUuid --- src/main/resources/db/changelog/1-rbac/1051-rbac-user-grant.sql | 2 +- src/main/resources/db/changelog/1-rbac/1055-rbac-views.sql | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/main/resources/db/changelog/1-rbac/1051-rbac-user-grant.sql b/src/main/resources/db/changelog/1-rbac/1051-rbac-user-grant.sql index 087a2e2f..397ec9df 100644 --- a/src/main/resources/db/changelog/1-rbac/1051-rbac-user-grant.sql +++ b/src/main/resources/db/changelog/1-rbac/1051-rbac-user-grant.sql @@ -4,7 +4,7 @@ --changeset rbac-user-grant-GRANT-ROLE-TO-USER:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -create or replace function assumedRoleUuid() +create or replace function rbac.assumedRoleUuid() returns uuid stable -- leakproof language plpgsql as $$ diff --git a/src/main/resources/db/changelog/1-rbac/1055-rbac-views.sql b/src/main/resources/db/changelog/1-rbac/1055-rbac-views.sql index e753798e..aa611aed 100644 --- a/src/main/resources/db/changelog/1-rbac/1055-rbac-views.sql +++ b/src/main/resources/db/changelog/1-rbac/1055-rbac-views.sql @@ -150,7 +150,7 @@ create or replace function insertRbacGrant() declare newGrant RbacGrants_RV; begin - call grantRoleToUser(assumedRoleUuid(), new.grantedRoleUuid, new.userUuid, new.assumed); + call grantRoleToUser(rbac.assumedRoleUuid(), new.grantedRoleUuid, new.userUuid, new.assumed); select grv.* from RbacGrants_RV grv where grv.userUuid=new.userUuid and grv.grantedRoleUuid=new.grantedRoleUuid -- 2.39.5 From ba226fd802ffa0419e56a3dff95ac0325bcda302 Mon Sep 17 00:00:00 2001 From: Michael Hoennig Date: Fri, 13 Sep 2024 15:55:42 +0200 Subject: [PATCH 22/57] waiting animation for git-pull-and-if-origin-changed-run-tests --- bin/git-pull-and-if-origin-changed-run-tests | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/bin/git-pull-and-if-origin-changed-run-tests b/bin/git-pull-and-if-origin-changed-run-tests index bc0a5da1..f955323d 100755 --- a/bin/git-pull-and-if-origin-changed-run-tests +++ b/bin/git-pull-and-if-origin-changed-run-tests @@ -21,7 +21,16 @@ while true; do ./gradlew test fi - echo -e "waiting for changes..." - sleep 10 - echo -e "\r\033[K" + # wait 10s with a little animation + echo -e -n " waiting for changes (/) ..." + sleep 2 + echo -e -n "\r\033[K waiting for changes (-) ..." + sleep 2 + echo -e -n "\r\033[K waiting for changes (\) ..." + sleep 2 + echo -e -n "\r\033[K waiting for changes (|) ..." + sleep 2 + echo -e -n "\r\033[K waiting for changes ( ) ... " + sleep 2 + echo -e -n "\r\033[K" done -- 2.39.5 From dbf0aa5980d1118a8d55174b1b24a2b090613e85 Mon Sep 17 00:00:00 2001 From: Michael Hoennig Date: Fri, 13 Sep 2024 16:20:14 +0200 Subject: [PATCH 23/57] rbac schema for user-grant --- .../hsadminng/rbac/rbacdef/RbacView.java | 4 +-- .../RolesGrantsAndPermissionsGenerator.java | 4 +-- .../rbac/rbacgrant/RbacGrantController.java | 16 ++++----- .../rbac/rbacgrant/RbacGrantEntity.java | 6 ++-- .../hsadminng/rbac/rbacgrant/RbacGrantId.java | 2 +- .../rbac/rbacgrant/RbacGrantRepository.java | 4 +-- .../rbac/rbacuser/RbacUserController.java | 12 +++---- .../rbac/rbacuser/RbacUserRepository.java | 6 ++-- .../rbac/rbac-grant-schemas.yaml | 4 +-- .../rbac/rbac-grants-with-id.yaml | 6 ++-- .../api-definition/rbac/rbac-grants.yaml | 2 +- .../rbac/rbac-users-with-id-permissions.yaml | 2 +- .../rbac/rbac-users-with-uuid.yaml | 4 +-- .../resources/api-definition/rbac/rbac.yaml | 6 ++-- .../db/changelog/1-rbac/1050-rbac-base.sql | 2 +- .../changelog/1-rbac/1051-rbac-user-grant.sql | 36 +++++++++---------- .../db/changelog/1-rbac/1055-rbac-views.sql | 26 +++++++------- .../1-rbac/1057-rbac-role-builder.sql | 10 +++--- .../db/changelog/1-rbac/1080-rbac-global.sql | 4 +-- .../2013-test-customer-rbac.sql | 2 +- .../2018-test-customer-test-data.sql | 2 +- .../2028-test-package-test-data.sql | 2 +- .../5013-hs-office-contact-rbac.sql | 2 +- .../502-person/5023-hs-office-person-rbac.sql | 2 +- .../5033-hs-office-relation-rbac.sql | 2 +- .../5043-hs-office-partner-rbac.sql | 12 +++---- .../5053-hs-office-bankaccount-rbac.sql | 2 +- .../5073-hs-office-sepamandate-rbac.sql | 2 +- .../5103-hs-office-membership-rbac.sql | 2 +- .../7013-hs-hosting-asset-rbac.sql | 2 +- .../7018-hs-hosting-asset-test-data.sql | 30 ++++++++-------- ...HsBookingItemControllerAcceptanceTest.java | 4 +-- ...ookingProjectControllerAcceptanceTest.java | 4 +-- ...sHostingAssetControllerAcceptanceTest.java | 4 +-- ...ceBankAccountControllerAcceptanceTest.java | 4 +-- ...OfficeContactControllerAcceptanceTest.java | 4 +-- ...OfficeDebitorControllerAcceptanceTest.java | 8 ++--- ...iceMembershipControllerAcceptanceTest.java | 6 ++-- ...OfficePartnerControllerAcceptanceTest.java | 4 +-- ...sOfficePersonControllerAcceptanceTest.java | 4 +-- ...fficeRelationControllerAcceptanceTest.java | 4 +-- ...ceSepaMandateControllerAcceptanceTest.java | 4 +-- .../RbacGrantControllerAcceptanceTest.java | 8 ++--- .../rbacgrant/RbacGrantEntityUnitTest.java | 6 ++-- .../RbacGrantRepositoryIntegrationTest.java | 14 ++++---- .../RbacUserControllerAcceptanceTest.java | 4 +-- .../RbacUserRepositoryIntegrationTest.java | 18 +++++----- .../test/ContextBasedTestWithCleanup.java | 1 - .../TestCustomerControllerAcceptanceTest.java | 4 +-- 49 files changed, 161 insertions(+), 162 deletions(-) diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RbacView.java b/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RbacView.java index ed3a1486..32f5d7af 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RbacView.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RbacView.java @@ -467,7 +467,7 @@ public class RbacView { return new RbacExampleRole(entityAlias, role); } - private RbacGrantDefinition grantRoleToUser(final RbacRoleDefinition roleDefinition, final RbacUserReference user) { + private RbacGrantDefinition grantRoleToSubject(final RbacRoleDefinition roleDefinition, final RbacUserReference user) { return findOrCreateGrantDef(roleDefinition, user).toCreate(); } @@ -771,7 +771,7 @@ public class RbacView { * The grant definition for further chained calls. */ public RbacGrantDefinition owningUser(final RbacUserReference.UserRole userRole) { - return grantRoleToUser(this, findUserRef(userRole)); + return grantRoleToSubject(this, findUserRef(userRole)); } /** diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RolesGrantsAndPermissionsGenerator.java b/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RolesGrantsAndPermissionsGenerator.java index 238e1208..7b3d9d06 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RolesGrantsAndPermissionsGenerator.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RolesGrantsAndPermissionsGenerator.java @@ -312,7 +312,7 @@ class RolesGrantsAndPermissionsGenerator { case ROLE_TO_ROLE -> "call revokeRoleFromRole(${subRoleRef}, ${superRoleRef});" .replace("${subRoleRef}", roleRef(OLD, grantDef.getSubRoleDef())) .replace("${superRoleRef}", roleRef(OLD, grantDef.getSuperRoleDef())); - case PERM_TO_ROLE -> "call revokePermissionFromRole(${permRef}, ${superRoleRef});" + case PERM_TO_ROLE -> "call rbac.revokePermissionFromRole(${permRef}, ${superRoleRef});" .replace("${permRef}", getPerm(OLD, grantDef.getPermDef())) .replace("${superRoleRef}", roleRef(OLD, grantDef.getSuperRoleDef())); }; @@ -415,7 +415,7 @@ class RolesGrantsAndPermissionsGenerator { .map(this::toPlPgSqlReference) .toList(); plPgSql.indented(() -> - plPgSql.writeLn("userUuids => array[" + joinArrayElements(arrayElements, 2) + "],\n")); + plPgSql.writeLn("subjectUuids => array[" + joinArrayElements(arrayElements, 2) + "],\n")); rbacGrants.removeAll(grantsToUsers); } } diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantController.java b/src/main/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantController.java index ccdfb38b..a002254d 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantController.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantController.java @@ -36,11 +36,11 @@ public class RbacGrantController implements RbacGrantsApi { final String currentSubject, final String assumedRoles, final UUID grantedRoleUuid, - final UUID granteeUserUuid) { + final UUID granteeSubjectUuid) { context.define(currentSubject, assumedRoles); - final var id = new RbacGrantId(granteeUserUuid, grantedRoleUuid); + final var id = new RbacGrantId(granteeSubjectUuid, grantedRoleUuid); final var result = rbacGrantRepository.findById(id); if (result == null) { return ResponseEntity.notFound().build(); @@ -61,7 +61,7 @@ public class RbacGrantController implements RbacGrantsApi { @Override @Transactional - public ResponseEntity grantRoleToUser( + public ResponseEntity grantRoleToSubject( final String currentSubject, final String assumedRoles, final RbacGrantResource body) { @@ -82,22 +82,22 @@ public class RbacGrantController implements RbacGrantsApi { @Override @Transactional - public ResponseEntity revokeRoleFromUser( + public ResponseEntity revokeRoleFromSubject( final String currentSubject, final String assumedRoles, final UUID grantedRoleUuid, - final UUID granteeUserUuid) { + final UUID granteeSubjectUuid) { context.define(currentSubject, assumedRoles); - rbacGrantRepository.deleteByRbacGrantId(new RbacGrantId(granteeUserUuid, grantedRoleUuid)); + rbacGrantRepository.deleteByRbacGrantId(new RbacGrantId(granteeSubjectUuid, grantedRoleUuid)); return ResponseEntity.noContent().build(); } -// TODO: implement an endpoint to create a Mermaid flowchart with all grants of a given user +// TODO.feat: implement an endpoint to create a Mermaid flowchart with all grants of a given user // @GetMapping( -// path = "/api/rbac/users/{userUuid}/grants", +// path = "/api/rbac/users/{subjectUuid}/grants", // produces = {"text/vnd.mermaid"}) // @Transactional(readOnly = true) // public ResponseEntity allGrantsOfUserAsMermaid( diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantEntity.java b/src/main/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantEntity.java index c2f2d524..88541762 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantEntity.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantEntity.java @@ -36,8 +36,8 @@ public class RbacGrantEntity { private String granteeUserName; @Id - @Column(name = "useruuid") - private UUID granteeUserUuid; + @Column(name = "subjectuuid") + private UUID granteeSubjectUuid; private boolean assumed; @@ -55,7 +55,7 @@ public class RbacGrantEntity { private RbacRoleType grantedRoleType; RbacGrantId getRbacGrantId() { - return new RbacGrantId(granteeUserUuid, grantedRoleUuid); + return new RbacGrantId(granteeSubjectUuid, grantedRoleUuid); } public String toDisplay() { diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantId.java b/src/main/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantId.java index 4c3449e7..a5e73a0c 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantId.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantId.java @@ -14,6 +14,6 @@ import java.util.UUID; @AllArgsConstructor public class RbacGrantId implements Serializable { - private UUID granteeUserUuid; + private UUID granteeSubjectUuid; private UUID grantedRoleUuid; } diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantRepository.java b/src/main/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantRepository.java index 90cf0e58..87ffd3c2 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantRepository.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantRepository.java @@ -11,7 +11,7 @@ public interface RbacGrantRepository extends Repository deleteUserByUuid( final String currentSubject, final String assumedRoles, - final UUID userUuid + final UUID subjectUuid ) { context.define(currentSubject, assumedRoles); - rbacUserRepository.deleteByUuid(userUuid); + rbacUserRepository.deleteByUuid(subjectUuid); return ResponseEntity.noContent().build(); } @@ -65,11 +65,11 @@ public class RbacUserController implements RbacUsersApi { public ResponseEntity getUserById( final String currentSubject, final String assumedRoles, - final UUID userUuid) { + final UUID subjectUuid) { context.define(currentSubject, assumedRoles); - final var result = rbacUserRepository.findByUuid(userUuid); + final var result = rbacUserRepository.findByUuid(subjectUuid); if (result == null) { return ResponseEntity.notFound().build(); } @@ -93,12 +93,12 @@ public class RbacUserController implements RbacUsersApi { public ResponseEntity> listUserPermissions( final String currentSubject, final String assumedRoles, - final UUID userUuid + final UUID subjectUuid ) { context.define(currentSubject, assumedRoles); return ResponseEntity.ok(mapper.mapList( - rbacUserRepository.findPermissionsOfUserByUuid(userUuid), + rbacUserRepository.findPermissionsOfUserByUuid(subjectUuid), RbacUserPermissionResource.class)); } } diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserRepository.java b/src/main/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserRepository.java index 3560741e..88d854c2 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserRepository.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserRepository.java @@ -22,8 +22,8 @@ public interface RbacUserRepository extends Repository { RbacUserEntity findByUuid(UUID uuid); - @Query(value = "select * from grantedPermissions(:userUuid)", nativeQuery = true) - List findPermissionsOfUserByUuid(UUID userUuid); + @Query(value = "select * from grantedPermissions(:subjectUuid)", nativeQuery = true) + List findPermissionsOfUserByUuid(UUID subjectUuid); /* Can't use save/saveAndFlush from SpringData because the uuid is not generated on the entity level, @@ -42,5 +42,5 @@ public interface RbacUserRepository extends Repository { return rbacUserEntity; } - void deleteByUuid(UUID userUuid); + void deleteByUuid(UUID subjectUuid); } diff --git a/src/main/resources/api-definition/rbac/rbac-grant-schemas.yaml b/src/main/resources/api-definition/rbac/rbac-grant-schemas.yaml index 12a2cbbd..4f64f575 100644 --- a/src/main/resources/api-definition/rbac/rbac-grant-schemas.yaml +++ b/src/main/resources/api-definition/rbac/rbac-grant-schemas.yaml @@ -20,9 +20,9 @@ components: format: uuid granteeUserName: type: string - granteeUserUuid: + granteeSubjectUuid: type: string format: uuid required: - grantedRoleUuid - - granteeUserUuid + - granteeSubjectUuid diff --git a/src/main/resources/api-definition/rbac/rbac-grants-with-id.yaml b/src/main/resources/api-definition/rbac/rbac-grants-with-id.yaml index 5bdcd29e..be0b1e08 100644 --- a/src/main/resources/api-definition/rbac/rbac-grants-with-id.yaml +++ b/src/main/resources/api-definition/rbac/rbac-grants-with-id.yaml @@ -12,7 +12,7 @@ get: type: string format: uuid description: UUID of the granted role. - - name: granteeUserUuid + - name: granteeSubjectUuid in: path required: true schema: @@ -36,7 +36,7 @@ get: delete: tags: - rbac-grants - operationId: revokeRoleFromUser + operationId: revokeRoleFromSubject parameters: - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' @@ -47,7 +47,7 @@ delete: type: string format: uuid description: UUID of the granted role. - - name: granteeUserUuid + - name: granteeSubjectUuid in: path required: true schema: diff --git a/src/main/resources/api-definition/rbac/rbac-grants.yaml b/src/main/resources/api-definition/rbac/rbac-grants.yaml index 1452b8c6..4fbfd43c 100644 --- a/src/main/resources/api-definition/rbac/rbac-grants.yaml +++ b/src/main/resources/api-definition/rbac/rbac-grants.yaml @@ -18,7 +18,7 @@ get: post: tags: - rbac-grants - operationId: grantRoleToUser + operationId: grantRoleToSubject parameters: - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' diff --git a/src/main/resources/api-definition/rbac/rbac-users-with-id-permissions.yaml b/src/main/resources/api-definition/rbac/rbac-users-with-id-permissions.yaml index 34ea9fcc..dd3594ca 100644 --- a/src/main/resources/api-definition/rbac/rbac-users-with-id-permissions.yaml +++ b/src/main/resources/api-definition/rbac/rbac-users-with-id-permissions.yaml @@ -6,7 +6,7 @@ get: parameters: - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' - - name: userUuid + - name: subjectUuid in: path required: true schema: diff --git a/src/main/resources/api-definition/rbac/rbac-users-with-uuid.yaml b/src/main/resources/api-definition/rbac/rbac-users-with-uuid.yaml index 974faa3c..fa6de05f 100644 --- a/src/main/resources/api-definition/rbac/rbac-users-with-uuid.yaml +++ b/src/main/resources/api-definition/rbac/rbac-users-with-uuid.yaml @@ -6,7 +6,7 @@ get: parameters: - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' - - name: userUuid + - name: subjectUuid in: path required: true schema: @@ -33,7 +33,7 @@ delete: parameters: - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' - - name: userUuid + - name: subjectUuid in: path required: true schema: diff --git a/src/main/resources/api-definition/rbac/rbac.yaml b/src/main/resources/api-definition/rbac/rbac.yaml index ad6dfca4..a02e3cd9 100644 --- a/src/main/resources/api-definition/rbac/rbac.yaml +++ b/src/main/resources/api-definition/rbac/rbac.yaml @@ -11,10 +11,10 @@ paths: /api/rbac/users: $ref: 'rbac-users.yaml' - /api/rbac/users/{userUuid}/permissions: + /api/rbac/users/{subjectUuid}/permissions: $ref: 'rbac-users-with-id-permissions.yaml' - /api/rbac/users/{userUuid}: + /api/rbac/users/{subjectUuid}: $ref: 'rbac-users-with-uuid.yaml' /api/rbac/roles: @@ -23,6 +23,6 @@ paths: /api/rbac/grants: $ref: 'rbac-grants.yaml' - /api/rbac/grants/{grantedRoleUuid}/{granteeUserUuid}: + /api/rbac/grants/{grantedRoleUuid}/{granteeSubjectUuid}: $ref: 'rbac-grants-with-id.yaml' diff --git a/src/main/resources/db/changelog/1-rbac/1050-rbac-base.sql b/src/main/resources/db/changelog/1-rbac/1050-rbac-base.sql index 99665c18..84f0d262 100644 --- a/src/main/resources/db/changelog/1-rbac/1050-rbac-base.sql +++ b/src/main/resources/db/changelog/1-rbac/1050-rbac-base.sql @@ -672,7 +672,7 @@ begin end if; end; $$; -create or replace procedure revokePermissionFromRole(permissionId UUID, superRole RbacRoleDescriptor) +create or replace procedure rbac.revokePermissionFromRole(permissionId UUID, superRole RbacRoleDescriptor) language plpgsql as $$ declare superRoleId uuid; diff --git a/src/main/resources/db/changelog/1-rbac/1051-rbac-user-grant.sql b/src/main/resources/db/changelog/1-rbac/1051-rbac-user-grant.sql index 397ec9df..52ab4f21 100644 --- a/src/main/resources/db/changelog/1-rbac/1051-rbac-user-grant.sql +++ b/src/main/resources/db/changelog/1-rbac/1051-rbac-user-grant.sql @@ -20,21 +20,21 @@ begin return currentSubjectOrAssumedRolesUuids[1]; end; $$; -create or replace procedure grantRoleToUserUnchecked(grantedByRoleUuid uuid, grantedRoleUuid uuid, userUuid uuid, doAssume boolean = true) +create or replace procedure rbac.grantRoleToUserUnchecked(grantedByRoleUuid uuid, grantedRoleUuid uuid, subjectUuid uuid, doAssume boolean = true) language plpgsql as $$ begin perform rbac.assertReferenceType('grantingRoleUuid', grantedByRoleUuid, 'RbacRole'); perform rbac.assertReferenceType('roleId (descendant)', grantedRoleUuid, 'RbacRole'); - perform rbac.assertReferenceType('userId (ascendant)', userUuid, 'rbac.subject'); + perform rbac.assertReferenceType('subjectUuid (ascendant)', subjectUuid, 'rbac.subject'); insert into RbacGrants (grantedByRoleUuid, ascendantUuid, descendantUuid, assumed) - values (grantedByRoleUuid, userUuid, grantedRoleUuid, doAssume) + values (grantedByRoleUuid, subjectUuid, grantedRoleUuid, doAssume) -- TODO: check if grantedByRoleUuid+doAssume are the same, otherwise raise exception? on conflict do nothing; -- allow granting multiple times end; $$; -create or replace procedure grantRoleToUser(grantedByRoleUuid uuid, grantedRoleUuid uuid, userUuid uuid, doAssume boolean = true) +create or replace procedure rbac.grantRoleToSubject(grantedByRoleUuid uuid, grantedRoleUuid uuid, subjectUuid uuid, doAssume boolean = true) language plpgsql as $$ declare grantedByRoleIdName text; @@ -42,11 +42,11 @@ declare begin perform rbac.assertReferenceType('grantingRoleUuid', grantedByRoleUuid, 'RbacRole'); perform rbac.assertReferenceType('grantedRoleUuid (descendant)', grantedRoleUuid, 'RbacRole'); - perform rbac.assertReferenceType('userUuid (ascendant)', userUuid, 'rbac.subject'); + perform rbac.assertReferenceType('subjectUuid (ascendant)', subjectUuid, 'rbac.subject'); assert grantedByRoleUuid is not null, 'grantedByRoleUuid must not be null'; assert grantedRoleUuid is not null, 'grantedRoleUuid must not be null'; - assert userUuid is not null, 'userUuid must not be null'; + assert subjectUuid is not null, 'subjectUuid must not be null'; if NOT isGranted(rbac.currentSubjectOrAssumedRolesUuids(), grantedByRoleUuid) then select roleIdName from rbacRole_ev where uuid=grantedByRoleUuid into grantedByRoleIdName; @@ -62,8 +62,8 @@ begin insert into RbacGrants (grantedByRoleUuid, ascendantUuid, descendantUuid, assumed) - values (grantedByRoleUuid, userUuid, grantedRoleUuid, doAssume); - -- TODO.impl: What should happen on mupltiple grants? What if options (doAssume) are not the same? + values (grantedByRoleUuid, subjectUuid, grantedRoleUuid, doAssume); + -- TODO.impl: What should happen on multiple grants? What if options (doAssume) are not the same? -- Most powerful or latest grant wins? What about managed? -- on conflict do nothing; -- allow granting multiple times end; $$; @@ -74,12 +74,12 @@ end; $$; --changeset rbac-user-grant-REVOKE-ROLE-FROM-USER:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -create or replace procedure checkRevokeRoleFromUserPreconditions(grantedByRoleUuid uuid, grantedRoleUuid uuid, userUuid uuid) +create or replace procedure rbac.checkRevokeRoleFromSubjectPreconditions(grantedByRoleUuid uuid, grantedRoleUuid uuid, subjectUuid uuid) language plpgsql as $$ begin perform rbac.assertReferenceType('grantedByRoleUuid', grantedByRoleUuid, 'RbacRole'); perform rbac.assertReferenceType('grantedRoleUuid (descendant)', grantedRoleUuid, 'RbacRole'); - perform rbac.assertReferenceType('userUuid (ascendant)', userUuid, 'rbac.subject'); + perform rbac.assertReferenceType('subjectUuid (ascendant)', subjectUuid, 'rbac.subject'); if NOT isGranted(rbac.currentSubjectOrAssumedRolesUuids(), grantedByRoleUuid) then raise exception '[403] Revoking role created by % is forbidden for %.', grantedByRoleUuid, currentSubjects(); @@ -94,20 +94,20 @@ begin raise exception '[403] Revoking role granted by % is forbidden for %.', grantedByRoleUuid, currentSubjects(); end if; - if NOT isGranted(userUuid, grantedRoleUuid) then - raise exception '[404] No such grant found granted by % for user % to role %.', grantedByRoleUuid, userUuid, grantedRoleUuid; + if NOT isGranted(subjectUuid, grantedRoleUuid) then + raise exception '[404] No such grant found granted by % for subject % to role %.', grantedByRoleUuid, subjectUuid, grantedRoleUuid; end if; end; $$; -create or replace procedure revokeRoleFromUser(grantedByRoleUuid uuid, grantedRoleUuid uuid, userUuid uuid) +create or replace procedure rbac.revokeRoleFromSubject(grantedByRoleUuid uuid, grantedRoleUuid uuid, subjectUuid uuid) language plpgsql as $$ begin - call checkRevokeRoleFromUserPreconditions(grantedByRoleUuid, grantedRoleUuid, userUuid); + call rbac.checkRevokeRoleFromSubjectPreconditions(grantedByRoleUuid, grantedRoleUuid, subjectUuid); - raise INFO 'delete from RbacGrants where ascendantUuid = % and descendantUuid = %', userUuid, grantedRoleUuid; + raise INFO 'delete from RbacGrants where ascendantUuid = % and descendantUuid = %', subjectUuid, grantedRoleUuid; delete from RbacGrants as g - where g.ascendantUuid = userUuid and g.descendantUuid = grantedRoleUuid - and g.grantedByRoleUuid = revokeRoleFromUser.grantedByRoleUuid; + where g.ascendantUuid = subjectUuid and g.descendantUuid = grantedRoleUuid + and g.grantedByRoleUuid = revokeRoleFromSubject.grantedByRoleUuid; end; $$; --// @@ -115,7 +115,7 @@ end; $$; --changeset rbac-user-grant-REVOKE-PERMISSION-FROM-ROLE:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -create or replace procedure revokePermissionFromRole(permissionUuid uuid, superRoleUuid uuid) +create or replace procedure rbac.revokePermissionFromRole(permissionUuid uuid, superRoleUuid uuid) language plpgsql as $$ begin raise INFO 'delete from RbacGrants where ascendantUuid = % and descendantUuid = %', superRoleUuid, permissionUuid; diff --git a/src/main/resources/db/changelog/1-rbac/1055-rbac-views.sql b/src/main/resources/db/changelog/1-rbac/1055-rbac-views.sql index aa611aed..4db11c7b 100644 --- a/src/main/resources/db/changelog/1-rbac/1055-rbac-views.sql +++ b/src/main/resources/db/changelog/1-rbac/1055-rbac-views.sql @@ -117,7 +117,7 @@ create or replace view rbacgrants_rv as -- @formatter:off select o.objectTable || '#' || findIdNameByObjectUuid(o.objectTable, o.uuid) || ':' || r.roletype as grantedByRoleIdName, g.objectTable || '#' || g.objectIdName || ':' || g.roletype as grantedRoleIdName, g.userName, g.assumed, - g.grantedByRoleUuid, g.descendantUuid as grantedRoleUuid, g.ascendantUuid as userUuid, + g.grantedByRoleUuid, g.descendantUuid as grantedRoleUuid, g.ascendantUuid as subjectUuid, g.objectTable, g.objectUuid, g.objectIdName, g.roleType as grantedRoleType from ( select g.grantedbyroleuuid, g.ascendantuuid, g.descendantuuid, g.assumed, @@ -150,10 +150,10 @@ create or replace function insertRbacGrant() declare newGrant RbacGrants_RV; begin - call grantRoleToUser(rbac.assumedRoleUuid(), new.grantedRoleUuid, new.userUuid, new.assumed); + call rbac.grantRoleToSubject(rbac.assumedRoleUuid(), new.grantedRoleUuid, new.subjectUuid, new.assumed); select grv.* from RbacGrants_RV grv - where grv.userUuid=new.userUuid and grv.grantedRoleUuid=new.grantedRoleUuid + where grv.subjectUuid=new.subjectUuid and grv.grantedRoleUuid=new.grantedRoleUuid into newGrant; return newGrant; end; $$; @@ -176,13 +176,13 @@ execute function insertRbacGrant(); /** Instead of delete trigger function for RbacGrants_RV. - Checks if the current subject (user / assumed role) has the permission to revoke the grant. + Checks if the current subject or assumed role have the permission to revoke the grant. */ create or replace function deleteRbacGrant() returns trigger language plpgsql as $$ begin - call revokeRoleFromUser(old.grantedByRoleUuid, old.grantedRoleUuid, old.userUuid); + call rbac.revokeRoleFromSubject(old.grantedByRoleUuid, old.grantedRoleUuid, old.subjectUuid); return old; end; $$; @@ -343,7 +343,7 @@ grant all privileges on RbacOwnGrantedPermissions_rv to ${HSADMINNG_POSTGRES_RES Returns all permissions granted to the given user, which are also visible to the current user or assumed roles. */ -create or replace function grantedPermissionsRaw(targetUserUuid uuid) +create or replace function grantedPermissionsRaw(targetSubjectUuid uuid) returns table(roleUuid uuid, roleName text, permissionUuid uuid, op RbacOp, opTableName varchar(60), objectTable varchar(60), objectIdName varchar, objectUuid uuid) returns null on null input language plpgsql as $$ @@ -353,8 +353,8 @@ begin -- @formatter:off currentSubjectUuid := rbac.currentSubjectUuid(); - if hasGlobalRoleGranted(targetUserUuid) and not hasGlobalRoleGranted(currentSubjectUuid) then - raise exception '[403] permissions of user "%" are not accessible to user "%"', targetUserUuid, basis.currentSubject(); + if hasGlobalRoleGranted(targetSubjectUuid) and not hasGlobalRoleGranted(currentSubjectUuid) then + raise exception '[403] permissions of user "%" are not accessible to user "%"', targetSubjectUuid, basis.currentSubject(); end if; return query select @@ -369,24 +369,24 @@ begin po.objecttable as permissionObjectTable, findIdNameByObjectUuid(po.objectTable, po.uuid) as permissionObjectIdName, po.uuid as permissionObjectUuid - from queryPermissionsGrantedToSubjectId( targetUserUuid) as p + from queryPermissionsGrantedToSubjectId( targetSubjectUuid) as p join rbacgrants as g on g.descendantUuid = p.uuid join rbac.object as po on po.uuid = p.objectUuid join rbacrole_rv as r on r.uuid = g.ascendantUuid join rbac.object as ro on ro.uuid = r.objectUuid - where isGranted(targetUserUuid, r.uuid) + where isGranted(targetSubjectUuid, r.uuid) ) xp; -- @formatter:on end; $$; -create or replace function grantedPermissions(targetUserUuid uuid) +create or replace function grantedPermissions(targetSubjectUuid uuid) returns table(roleUuid uuid, roleName text, permissionUuid uuid, op RbacOp, opTableName varchar(60), objectTable varchar(60), objectIdName varchar, objectUuid uuid) returns null on null input language sql as $$ - select * from grantedPermissionsRaw(targetUserUuid) + select * from grantedPermissionsRaw(targetSubjectUuid) union all select roleUuid, roleName, permissionUuid, 'SELECT'::RbacOp, opTableName, objectTable, objectIdName, objectUuid - from grantedPermissionsRaw(targetUserUuid) + from grantedPermissionsRaw(targetSubjectUuid) where op <> 'SELECT'::RbacOp; $$; --// diff --git a/src/main/resources/db/changelog/1-rbac/1057-rbac-role-builder.sql b/src/main/resources/db/changelog/1-rbac/1057-rbac-role-builder.sql index cb20bbbc..d56dddeb 100644 --- a/src/main/resources/db/changelog/1-rbac/1057-rbac-role-builder.sql +++ b/src/main/resources/db/changelog/1-rbac/1057-rbac-role-builder.sql @@ -12,7 +12,7 @@ create or replace function createRoleWithGrants( permissions RbacOp[] = array[]::RbacOp[], incomingSuperRoles RbacRoleDescriptor[] = array[]::RbacRoleDescriptor[], outgoingSubRoles RbacRoleDescriptor[] = array[]::RbacRoleDescriptor[], - userUuids uuid[] = array[]::uuid[], + subjectUuids uuid[] = array[]::uuid[], grantedByRole RbacRoleDescriptor = null ) returns uuid @@ -26,7 +26,7 @@ declare superRoleDesc RbacRoleDescriptor; subRoleUuid uuid; superRoleUuid uuid; - userUuid uuid; + subjectUuid uuid; userGrantsByRoleUuid uuid; begin roleUuid := coalesce(findRoleId(roleDescriptor), createRole(roleDescriptor)); @@ -49,16 +49,16 @@ begin call grantRoleToRole(subRoleUuid, roleUuid, subRoleDesc.assumed); end loop; - if cardinality(userUuids) > 0 then + if cardinality(subjectUuids) > 0 then -- direct grants to users need a grantedByRole which can revoke the grant if grantedByRole is null then userGrantsByRoleUuid := roleUuid; -- TODO.impl: or do we want to require an explicit userGrantsByRoleUuid? else userGrantsByRoleUuid := getRoleId(grantedByRole); end if; - foreach userUuid in array userUuids + foreach subjectUuid in array subjectUuids loop - call grantRoleToUserUnchecked(userGrantsByRoleUuid, roleUuid, userUuid); + call rbac.grantRoleToUserUnchecked(userGrantsByRoleUuid, roleUuid, subjectUuid); end loop; end if; diff --git a/src/main/resources/db/changelog/1-rbac/1080-rbac-global.sql b/src/main/resources/db/changelog/1-rbac/1080-rbac-global.sql index 8fb1f19e..d0c0f444 100644 --- a/src/main/resources/db/changelog/1-rbac/1080-rbac-global.sql +++ b/src/main/resources/db/changelog/1-rbac/1080-rbac-global.sql @@ -158,8 +158,8 @@ do language plpgsql $$ call basis.defineContext('creating fake test-realm admin users', null, null, null); admins = findRoleId(globalAdmin()); - call grantRoleToUserUnchecked(admins, admins, rbac.create_subject('superuser-alex@hostsharing.net')); - call grantRoleToUserUnchecked(admins, admins, rbac.create_subject('superuser-fran@hostsharing.net')); + call rbac.grantRoleToUserUnchecked(admins, admins, rbac.create_subject('superuser-alex@hostsharing.net')); + call rbac.grantRoleToUserUnchecked(admins, admins, rbac.create_subject('superuser-fran@hostsharing.net')); perform rbac.create_subject('selfregistered-user-drew@hostsharing.org'); perform rbac.create_subject('selfregistered-test-user@hostsharing.org'); end; diff --git a/src/main/resources/db/changelog/2-test/201-test-customer/2013-test-customer-rbac.sql b/src/main/resources/db/changelog/2-test/201-test-customer/2013-test-customer-rbac.sql index f1ebb9dd..2435b37e 100644 --- a/src/main/resources/db/changelog/2-test/201-test-customer/2013-test-customer-rbac.sql +++ b/src/main/resources/db/changelog/2-test/201-test-customer/2013-test-customer-rbac.sql @@ -38,7 +38,7 @@ begin testCustomerOWNER(NEW), permissions => array['DELETE'], incomingSuperRoles => array[globalADMIN(unassumed())], - userUuids => array[rbac.currentSubjectUuid()] + subjectUuids => array[rbac.currentSubjectUuid()] ); perform createRoleWithGrants( diff --git a/src/main/resources/db/changelog/2-test/201-test-customer/2018-test-customer-test-data.sql b/src/main/resources/db/changelog/2-test/201-test-customer/2018-test-customer-test-data.sql index e9a63044..7fd294f0 100644 --- a/src/main/resources/db/changelog/2-test/201-test-customer/2018-test-customer-test-data.sql +++ b/src/main/resources/db/changelog/2-test/201-test-customer/2018-test-customer-test-data.sql @@ -40,7 +40,7 @@ begin select * into newCust from test_customer where reference=custReference; - call grantRoleToUser( + call rbac.grantRoleToSubject( getRoleId(testCustomerOwner(newCust)), getRoleId(testCustomerAdmin(newCust)), custAdminUuid, diff --git a/src/main/resources/db/changelog/2-test/202-test-package/2028-test-package-test-data.sql b/src/main/resources/db/changelog/2-test/202-test-package/2028-test-package-test-data.sql index d8c64916..8a5283f3 100644 --- a/src/main/resources/db/changelog/2-test/202-test-package/2028-test-package-test-data.sql +++ b/src/main/resources/db/changelog/2-test/202-test-package/2028-test-package-test-data.sql @@ -29,7 +29,7 @@ begin values (cust.uuid, pacName, 'Here you can add your own description of package ' || pacName || '.') returning * into pac; - call grantRoleToUser( + call rbac.grantRoleToSubject( getRoleId(testCustomerAdmin(cust)), findRoleId(testPackageAdmin(pac)), rbac.create_subject('pac-admin-' || pacName || '@' || cust.prefix || '.example.com'), diff --git a/src/main/resources/db/changelog/5-hs-office/501-contact/5013-hs-office-contact-rbac.sql b/src/main/resources/db/changelog/5-hs-office/501-contact/5013-hs-office-contact-rbac.sql index bfd66de5..27d246ef 100644 --- a/src/main/resources/db/changelog/5-hs-office/501-contact/5013-hs-office-contact-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/501-contact/5013-hs-office-contact-rbac.sql @@ -38,7 +38,7 @@ begin hsOfficeContactOWNER(NEW), permissions => array['DELETE'], incomingSuperRoles => array[globalADMIN()], - userUuids => array[rbac.currentSubjectUuid()] + subjectUuids => array[rbac.currentSubjectUuid()] ); perform createRoleWithGrants( diff --git a/src/main/resources/db/changelog/5-hs-office/502-person/5023-hs-office-person-rbac.sql b/src/main/resources/db/changelog/5-hs-office/502-person/5023-hs-office-person-rbac.sql index 4fb80622..ad148e37 100644 --- a/src/main/resources/db/changelog/5-hs-office/502-person/5023-hs-office-person-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/502-person/5023-hs-office-person-rbac.sql @@ -38,7 +38,7 @@ begin hsOfficePersonOWNER(NEW), permissions => array['DELETE'], incomingSuperRoles => array[globalADMIN()], - userUuids => array[rbac.currentSubjectUuid()] + subjectUuids => array[rbac.currentSubjectUuid()] ); perform createRoleWithGrants( diff --git a/src/main/resources/db/changelog/5-hs-office/503-relation/5033-hs-office-relation-rbac.sql b/src/main/resources/db/changelog/5-hs-office/503-relation/5033-hs-office-relation-rbac.sql index 3941456a..c7d3610b 100644 --- a/src/main/resources/db/changelog/5-hs-office/503-relation/5033-hs-office-relation-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/503-relation/5033-hs-office-relation-rbac.sql @@ -51,7 +51,7 @@ begin hsOfficeRelationOWNER(NEW), permissions => array['DELETE'], incomingSuperRoles => array[globalADMIN()], - userUuids => array[rbac.currentSubjectUuid()] + subjectUuids => array[rbac.currentSubjectUuid()] ); perform createRoleWithGrants( diff --git a/src/main/resources/db/changelog/5-hs-office/504-partner/5043-hs-office-partner-rbac.sql b/src/main/resources/db/changelog/5-hs-office/504-partner/5043-hs-office-partner-rbac.sql index 36040336..7a865ce3 100644 --- a/src/main/resources/db/changelog/5-hs-office/504-partner/5043-hs-office-partner-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/504-partner/5043-hs-office-partner-rbac.sql @@ -110,22 +110,22 @@ begin if NEW.partnerRelUuid <> OLD.partnerRelUuid then - call revokePermissionFromRole(getPermissionId(OLD.uuid, 'DELETE'), hsOfficeRelationOWNER(oldPartnerRel)); + call rbac.revokePermissionFromRole(getPermissionId(OLD.uuid, 'DELETE'), hsOfficeRelationOWNER(oldPartnerRel)); call grantPermissionToRole(createPermission(NEW.uuid, 'DELETE'), hsOfficeRelationOWNER(newPartnerRel)); - call revokePermissionFromRole(getPermissionId(OLD.uuid, 'UPDATE'), hsOfficeRelationADMIN(oldPartnerRel)); + call rbac.revokePermissionFromRole(getPermissionId(OLD.uuid, 'UPDATE'), hsOfficeRelationADMIN(oldPartnerRel)); call grantPermissionToRole(createPermission(NEW.uuid, 'UPDATE'), hsOfficeRelationADMIN(newPartnerRel)); - call revokePermissionFromRole(getPermissionId(OLD.uuid, 'SELECT'), hsOfficeRelationTENANT(oldPartnerRel)); + call rbac.revokePermissionFromRole(getPermissionId(OLD.uuid, 'SELECT'), hsOfficeRelationTENANT(oldPartnerRel)); call grantPermissionToRole(createPermission(NEW.uuid, 'SELECT'), hsOfficeRelationTENANT(newPartnerRel)); - call revokePermissionFromRole(getPermissionId(oldPartnerDetails.uuid, 'DELETE'), hsOfficeRelationOWNER(oldPartnerRel)); + call rbac.revokePermissionFromRole(getPermissionId(oldPartnerDetails.uuid, 'DELETE'), hsOfficeRelationOWNER(oldPartnerRel)); call grantPermissionToRole(createPermission(newPartnerDetails.uuid, 'DELETE'), hsOfficeRelationOWNER(newPartnerRel)); - call revokePermissionFromRole(getPermissionId(oldPartnerDetails.uuid, 'UPDATE'), hsOfficeRelationAGENT(oldPartnerRel)); + call rbac.revokePermissionFromRole(getPermissionId(oldPartnerDetails.uuid, 'UPDATE'), hsOfficeRelationAGENT(oldPartnerRel)); call grantPermissionToRole(createPermission(newPartnerDetails.uuid, 'UPDATE'), hsOfficeRelationAGENT(newPartnerRel)); - call revokePermissionFromRole(getPermissionId(oldPartnerDetails.uuid, 'SELECT'), hsOfficeRelationAGENT(oldPartnerRel)); + call rbac.revokePermissionFromRole(getPermissionId(oldPartnerDetails.uuid, 'SELECT'), hsOfficeRelationAGENT(oldPartnerRel)); call grantPermissionToRole(createPermission(newPartnerDetails.uuid, 'SELECT'), hsOfficeRelationAGENT(newPartnerRel)); end if; diff --git a/src/main/resources/db/changelog/5-hs-office/505-bankaccount/5053-hs-office-bankaccount-rbac.sql b/src/main/resources/db/changelog/5-hs-office/505-bankaccount/5053-hs-office-bankaccount-rbac.sql index 4d05ae0c..2a8f3f10 100644 --- a/src/main/resources/db/changelog/5-hs-office/505-bankaccount/5053-hs-office-bankaccount-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/505-bankaccount/5053-hs-office-bankaccount-rbac.sql @@ -38,7 +38,7 @@ begin hsOfficeBankAccountOWNER(NEW), permissions => array['DELETE'], incomingSuperRoles => array[globalADMIN()], - userUuids => array[rbac.currentSubjectUuid()] + subjectUuids => array[rbac.currentSubjectUuid()] ); perform createRoleWithGrants( diff --git a/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5073-hs-office-sepamandate-rbac.sql b/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5073-hs-office-sepamandate-rbac.sql index ea2fe7c0..b37acf34 100644 --- a/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5073-hs-office-sepamandate-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5073-hs-office-sepamandate-rbac.sql @@ -51,7 +51,7 @@ begin hsOfficeSepaMandateOWNER(NEW), permissions => array['DELETE'], incomingSuperRoles => array[globalADMIN()], - userUuids => array[rbac.currentSubjectUuid()] + subjectUuids => array[rbac.currentSubjectUuid()] ); perform createRoleWithGrants( diff --git a/src/main/resources/db/changelog/5-hs-office/510-membership/5103-hs-office-membership-rbac.sql b/src/main/resources/db/changelog/5-hs-office/510-membership/5103-hs-office-membership-rbac.sql index ad90b0c2..903e6161 100644 --- a/src/main/resources/db/changelog/5-hs-office/510-membership/5103-hs-office-membership-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/510-membership/5103-hs-office-membership-rbac.sql @@ -45,7 +45,7 @@ begin perform createRoleWithGrants( hsOfficeMembershipOWNER(NEW), - userUuids => array[rbac.currentSubjectUuid()] + subjectUuids => array[rbac.currentSubjectUuid()] ); perform createRoleWithGrants( diff --git a/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7013-hs-hosting-asset-rbac.sql b/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7013-hs-hosting-asset-rbac.sql index b237a18a..92bd96b7 100644 --- a/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7013-hs-hosting-asset-rbac.sql +++ b/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7013-hs-hosting-asset-rbac.sql @@ -53,7 +53,7 @@ begin globalADMIN(unassumed()), hsBookingItemADMIN(newBookingItem), hsHostingAssetADMIN(newParentAsset)], - userUuids => array[rbac.currentSubjectUuid()] + subjectUuids => array[rbac.currentSubjectUuid()] ); perform createRoleWithGrants( diff --git a/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7018-hs-hosting-asset-test-data.sql b/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7018-hs-hosting-asset-test-data.sql index 05494057..91610a8b 100644 --- a/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7018-hs-hosting-asset-test-data.sql +++ b/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7018-hs-hosting-asset-test-data.sql @@ -21,14 +21,14 @@ declare defaultPrefix varchar; managedServerUuid uuid; managedWebspaceUuid uuid; - webUnixUserUuid uuid; - mboxUnixUserUuid uuid; + webUnixSubjectUuid uuid; + mboxUnixSubjectUuid uuid; domainSetupUuid uuid; domainMBoxSetupUuid uuid; mariaDbInstanceUuid uuid; - mariaDbUserUuid uuid; + mariaDbSubjectUuid uuid; pgSqlInstanceUuid uuid; - PgSqlUserUuid uuid; + PgSqlSubjectUuid uuid; begin call basis.defineContext('creating hosting-asset test-data', null, 'superuser-alex@hostsharing.net', 'global#global:ADMIN'); @@ -68,14 +68,14 @@ begin select uuid_generate_v4() into managedServerUuid; select uuid_generate_v4() into managedWebspaceUuid; - select uuid_generate_v4() into webUnixUserUuid; - select uuid_generate_v4() into mboxUnixUserUuid; + select uuid_generate_v4() into webUnixSubjectUuid; + select uuid_generate_v4() into mboxUnixSubjectUuid; select uuid_generate_v4() into domainSetupUuid; select uuid_generate_v4() into domainMBoxSetupUuid; select uuid_generate_v4() into mariaDbInstanceUuid; - select uuid_generate_v4() into mariaDbUserUuid; + select uuid_generate_v4() into mariaDbSubjectUuid; select uuid_generate_v4() into pgSqlInstanceUuid; - select uuid_generate_v4() into pgSqlUserUuid; + select uuid_generate_v4() into pgSqlSubjectUuid; debitorNumberSuffix := relatedDebitor.debitorNumberSuffix; defaultPrefix := relatedDebitor.defaultPrefix; @@ -86,17 +86,17 @@ begin (uuid_generate_v4(), cloudServerBI.uuid, 'CLOUD_SERVER', null, null, 'vm20' || debitorNumberSuffix, 'another CloudServer', '{}'::jsonb), (managedWebspaceUuid, managedWebspaceBI.uuid, 'MANAGED_WEBSPACE', managedServerUuid, null, defaultPrefix || '01', 'some Webspace', '{}'::jsonb), (mariaDbInstanceUuid, null, 'MARIADB_INSTANCE', managedServerUuid, null, 'vm10' || debitorNumberSuffix || '.MariaDB.default', 'some default MariaDB instance','{}'::jsonb), - (mariaDbUserUuid, null, 'MARIADB_USER', managedWebspaceUuid, mariaDbInstanceUuid, defaultPrefix || '01_web', 'some default MariaDB user', '{ "password": " @@ -148,7 +148,7 @@ class RbacGrantRepositoryIntegrationTest extends ContextBasedTest { // now we try to use these uuids as a less privileged user context("pac-admin-xxx00@xxx.example.com", "test_package#xxx00:ADMIN"); final var grant = RbacGrantEntity.builder() - .granteeUserUuid(given.arbitraryUser.getUuid()) + .granteeSubjectUuid(given.arbitraryUser.getUuid()) .grantedRoleUuid(given.packageOwnerRoleUuid) .assumed(true) .build(); @@ -170,7 +170,7 @@ class RbacGrantRepositoryIntegrationTest extends ContextBasedTest { } @Nested - class RevokeRoleFromUser { + class revokeRoleFromSubject { @Test public void customerAdmin_canRevokeSelfGrantedPackageAdminRole() { @@ -236,11 +236,11 @@ class RbacGrantRepositoryIntegrationTest extends ContextBasedTest { private RbacGrantEntity create(GrantBuilder with) { context(with.byUserName, with.assumedRole); - final var givenArbitraryUserUuid = rbacUserRepository.findByName(with.granteeUserName).getUuid(); + final var givenArbitrarySubjectUuid = rbacUserRepository.findByName(with.granteeUserName).getUuid(); final var givenOwnPackageRoleUuid = rbacRoleRepository.findByRoleName(with.grantedRole).getUuid(); final var grant = RbacGrantEntity.builder() - .granteeUserUuid(givenArbitraryUserUuid).grantedRoleUuid(givenOwnPackageRoleUuid) + .granteeSubjectUuid(givenArbitrarySubjectUuid).grantedRoleUuid(givenOwnPackageRoleUuid) .assumed(true) .build(); final var grantAttempt = attempt(em, () -> diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserControllerAcceptanceTest.java b/src/test/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserControllerAcceptanceTest.java index f5abca18..e4c4cdaa 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserControllerAcceptanceTest.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserControllerAcceptanceTest.java @@ -63,10 +63,10 @@ class RbacUserControllerAcceptanceTest { // @formatter:on // finally, the user can view its own record - final var newUserUuid = UUID.fromString( + final var newSubjectUuid = UUID.fromString( location.substring(location.lastIndexOf('/') + 1)); context.define("new-user@example.com"); - assertThat(rbacUserRepository.findByUuid(newUserUuid)) + assertThat(rbacUserRepository.findByUuid(newSubjectUuid)) .extracting(RbacUserEntity::getName).isEqualTo("new-user@example.com"); } } diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserRepositoryIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserRepositoryIntegrationTest.java index be6377a0..d19c7454 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserRepositoryIntegrationTest.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserRepositoryIntegrationTest.java @@ -232,7 +232,7 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest { context("superuser-alex@hostsharing.net"); // when - final var result = rbacUserRepository.findPermissionsOfUserByUuid(userUUID("superuser-fran@hostsharing.net")) + final var result = rbacUserRepository.findPermissionsOfUserByUuid(subjectUuid("superuser-fran@hostsharing.net")) .stream().filter(p -> p.getObjectTable().contains("test_")) .sorted(comparing(RbacUserPermission::toString)).toList(); @@ -246,7 +246,7 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest { context("customer-admin@xxx.example.com"); // when - final var result = rbacUserRepository.findPermissionsOfUserByUuid(userUUID("customer-admin@xxx.example.com")); + final var result = rbacUserRepository.findPermissionsOfUserByUuid(subjectUuid("customer-admin@xxx.example.com")); // then allTheseRbacPermissionsAreReturned( @@ -286,17 +286,17 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest { public void customerAdmin_withoutAssumedRole_isNotAllowedToViewGlobalAdminsPermissions() { // given context("customer-admin@xxx.example.com"); - final UUID userUuid = userUUID("superuser-alex@hostsharing.net"); + final UUID subjectUuid = subjectUuid("superuser-alex@hostsharing.net"); // when final var result = attempt(em, () -> - rbacUserRepository.findPermissionsOfUserByUuid(userUuid) + rbacUserRepository.findPermissionsOfUserByUuid(subjectUuid) ); // then result.assertExceptionWithRootCauseMessage( JpaSystemException.class, - "[403] permissions of user \"" + userUuid + "[403] permissions of user \"" + subjectUuid + "\" are not accessible to user \"customer-admin@xxx.example.com\""); } @@ -306,7 +306,7 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest { context("customer-admin@xxx.example.com"); // when - final var result = rbacUserRepository.findPermissionsOfUserByUuid(userUUID("pac-admin-xxx00@xxx.example.com")); + final var result = rbacUserRepository.findPermissionsOfUserByUuid(subjectUuid("pac-admin-xxx00@xxx.example.com")); // then allTheseRbacPermissionsAreReturned( @@ -342,7 +342,7 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest { context("customer-admin@xxx.example.com"); // when - final var result = rbacUserRepository.findPermissionsOfUserByUuid(userUUID("pac-admin-yyy00@yyy.example.com")); + final var result = rbacUserRepository.findPermissionsOfUserByUuid(subjectUuid("pac-admin-yyy00@yyy.example.com")); // then noRbacPermissionsAreReturned(result); @@ -354,7 +354,7 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest { context("pac-admin-xxx00@xxx.example.com"); // when - final var result = rbacUserRepository.findPermissionsOfUserByUuid(userUUID("pac-admin-xxx00@xxx.example.com")); + final var result = rbacUserRepository.findPermissionsOfUserByUuid(subjectUuid("pac-admin-xxx00@xxx.example.com")); // then allTheseRbacPermissionsAreReturned( @@ -385,7 +385,7 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest { } } - UUID userUUID(final String userName) { + UUID subjectUuid(final String userName) { return rbacUserRepository.findByName(userName).getUuid(); } diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/test/ContextBasedTestWithCleanup.java b/src/test/java/net/hostsharing/hsadminng/rbac/test/ContextBasedTestWithCleanup.java index ac285a45..e386bd4a 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/test/ContextBasedTestWithCleanup.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/test/ContextBasedTestWithCleanup.java @@ -18,7 +18,6 @@ import org.springframework.data.repository.Repository; import org.springframework.transaction.PlatformTransactionManager; import jakarta.persistence.*; -import jakarta.transaction.Transactional; import java.util.*; import java.util.concurrent.atomic.AtomicBoolean; import java.util.function.Supplier; diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/test/cust/TestCustomerControllerAcceptanceTest.java b/src/test/java/net/hostsharing/hsadminng/rbac/test/cust/TestCustomerControllerAcceptanceTest.java index 60b7148d..89783f25 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/test/cust/TestCustomerControllerAcceptanceTest.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/test/cust/TestCustomerControllerAcceptanceTest.java @@ -146,10 +146,10 @@ class TestCustomerControllerAcceptanceTest { .extract().header("Location"); // @formatter:on // finally, the new customer can be viewed by its own admin - final var newUserUuid = UUID.fromString( + final var newSubjectUuid = UUID.fromString( location.substring(location.lastIndexOf('/') + 1)); context.define("superuser-fran@hostsharing.net", "test_customer#uuu:ADMIN"); - assertThat(testCustomerRepository.findByUuid(newUserUuid)) + assertThat(testCustomerRepository.findByUuid(newSubjectUuid)) .hasValueSatisfying(c -> assertThat(c.getPrefix()).isEqualTo("uuu")); } -- 2.39.5 From e3f48127d2eb6418b82262c70a9f8b9a64ac8d71 Mon Sep 17 00:00:00 2001 From: Michael Hoennig Date: Fri, 13 Sep 2024 16:21:04 +0200 Subject: [PATCH 24/57] rename 1051-rbac-subject-grant.sql --- .../{1051-rbac-user-grant.sql => 1051-rbac-subject-grant.sql} | 0 src/main/resources/db/changelog/db.changelog-master.yaml | 2 +- 2 files changed, 1 insertion(+), 1 deletion(-) rename src/main/resources/db/changelog/1-rbac/{1051-rbac-user-grant.sql => 1051-rbac-subject-grant.sql} (100%) diff --git a/src/main/resources/db/changelog/1-rbac/1051-rbac-user-grant.sql b/src/main/resources/db/changelog/1-rbac/1051-rbac-subject-grant.sql similarity index 100% rename from src/main/resources/db/changelog/1-rbac/1051-rbac-user-grant.sql rename to src/main/resources/db/changelog/1-rbac/1051-rbac-subject-grant.sql diff --git a/src/main/resources/db/changelog/db.changelog-master.yaml b/src/main/resources/db/changelog/db.changelog-master.yaml index 82ab190e..51fa853b 100644 --- a/src/main/resources/db/changelog/db.changelog-master.yaml +++ b/src/main/resources/db/changelog/db.changelog-master.yaml @@ -32,7 +32,7 @@ databaseChangeLog: - include: file: db/changelog/1-rbac/1050-rbac-base.sql - include: - file: db/changelog/1-rbac/1051-rbac-user-grant.sql + file: db/changelog/1-rbac/1051-rbac-subject-grant.sql - include: file: db/changelog/1-rbac/1054-rbac-context.sql - include: -- 2.39.5 From fd11f5903a2e1abcb203d55bcdb562b3bef97da6 Mon Sep 17 00:00:00 2001 From: Michael Hoennig Date: Fri, 13 Sep 2024 16:30:03 +0200 Subject: [PATCH 25/57] rbac schema in 1055-rbac-views.sql --- .../db/changelog/1-rbac/1055-rbac-views.sql | 12 ++++++------ .../rbacgrant/RbacGrantControllerAcceptanceTest.java | 12 ++++++------ 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/src/main/resources/db/changelog/1-rbac/1055-rbac-views.sql b/src/main/resources/db/changelog/1-rbac/1055-rbac-views.sql index 4db11c7b..0efd2c45 100644 --- a/src/main/resources/db/changelog/1-rbac/1055-rbac-views.sql +++ b/src/main/resources/db/changelog/1-rbac/1055-rbac-views.sql @@ -144,7 +144,7 @@ grant all privileges on rbacrole_rv to ${HSADMINNG_POSTGRES_RESTRICTED_USERNAME} /** Instead of insert trigger function for RbacGrants_RV. */ -create or replace function insertRbacGrant() +create or replace function rbac.insert_grant_tf() returns trigger language plpgsql as $$ declare @@ -161,11 +161,11 @@ end; $$; /* Creates an instead of insert trigger for the RbacGrants_rv view. */ -create trigger insertRbacGrant_Trigger +create trigger insert_grant_tg instead of insert on RbacGrants_rv for each row -execute function insertRbacGrant(); +execute function rbac.insert_grant_tf(); --/ @@ -178,7 +178,7 @@ execute function insertRbacGrant(); Checks if the current subject or assumed role have the permission to revoke the grant. */ -create or replace function deleteRbacGrant() +create or replace function rbac.delete_grant_tf() returns trigger language plpgsql as $$ begin @@ -189,11 +189,11 @@ end; $$; /* Creates an instead of delete trigger for the RbacGrants_rv view. */ -create trigger deleteRbacGrant_Trigger +create trigger delete_grant_tg instead of delete on RbacGrants_rv for each row -execute function deleteRbacGrant(); +execute function rbac.delete_grant_tf(); --/ diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantControllerAcceptanceTest.java b/src/test/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantControllerAcceptanceTest.java index 00571d19..402aee38 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantControllerAcceptanceTest.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantControllerAcceptanceTest.java @@ -304,28 +304,28 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest { // given final var givenArbitraryUser = createRBacUser(); final var givenRoleToGrant = "test_package#xxx00:ADMIN"; - final var givencurrentSubjectAsPackageAdmin = new Subject("pac-admin-xxx00@xxx.example.com", givenRoleToGrant); + final var givenCurrentSubjectAsPackageAdmin = new Subject("pac-admin-xxx00@xxx.example.com", givenRoleToGrant); final var givenOwnPackageAdminRole = getRbacRoleByName("test_package#xxx00:ADMIN"); // and given an existing grant - assumeCreated(givencurrentSubjectAsPackageAdmin + assumeCreated(givenCurrentSubjectAsPackageAdmin .grantsRole(givenOwnPackageAdminRole).assumed() .toUser(givenArbitraryUser)); assumeGrantExists( - givencurrentSubjectAsPackageAdmin, + givenCurrentSubjectAsPackageAdmin, "{ grant role:%s to user:%s by role:%s and assume }".formatted( givenOwnPackageAdminRole.getRoleName(), givenArbitraryUser.getName(), - givencurrentSubjectAsPackageAdmin.assumedRole)); + givenCurrentSubjectAsPackageAdmin.assumedRole)); // when - final var revokeResponse = givencurrentSubjectAsPackageAdmin + final var revokeResponse = givenCurrentSubjectAsPackageAdmin .revokesRole(givenOwnPackageAdminRole) .fromUser(givenArbitraryUser); // then revokeResponse.assertThat().statusCode(204); - assertThat(findAllGrantsOf(givencurrentSubjectAsPackageAdmin)) + assertThat(findAllGrantsOf(givenCurrentSubjectAsPackageAdmin)) .extracting(RbacGrantEntity::getGranteeUserName) .doesNotContain(givenArbitraryUser.getName()); } -- 2.39.5 From d4b767af0da5b4087ea31725e551d379a908e4fc Mon Sep 17 00:00:00 2001 From: Michael Hoennig Date: Fri, 13 Sep 2024 17:23:35 +0200 Subject: [PATCH 26/57] renaming user to subject in API --- doc/rbac.md | 38 ++++---- sql/rbac-tests.sql | 14 +-- sql/rbac-view-option-experiments.sql | 8 +- .../asset/HsHostingAssetRbacEntity.java | 2 +- .../HsOfficeBankAccountEntity.java | 2 +- .../contact/HsOfficeContactRbacEntity.java | 2 +- .../membership/HsOfficeMembershipEntity.java | 2 +- .../office/person/HsOfficePersonEntity.java | 2 +- .../relation/HsOfficeRelationRbacEntity.java | 2 +- .../HsOfficeSepaMandateEntity.java | 2 +- .../hsadminng/rbac/rbacdef/RbacView.java | 22 ++--- .../RolesGrantsAndPermissionsGenerator.java | 2 +- .../rbac/rbacgrant/RbacGrantController.java | 4 +- .../rbac/rbacgrant/RbacGrantEntity.java | 4 +- .../rbac/rbacuser/RbacUserRepository.java | 46 --------- .../RbacSubjectController.java} | 42 ++++---- .../RbacSubjectEntity.java} | 6 +- .../RbacSubjectPermission.java} | 4 +- .../rbac/subject/RbacSubjectRepository.java | 46 +++++++++ .../rbac/test/cust/TestCustomerEntity.java | 2 +- src/main/resources/api-definition/auth.yaml | 4 +- .../api-definition/error-responses.yaml | 4 +- .../api-definition/hs-booking/auth.yaml | 4 +- .../hs-booking/error-responses.yaml | 4 +- .../hs-booking/hs-booking-items.yaml | 2 +- .../hs-booking/hs-booking-projects.yaml | 2 +- .../api-definition/hs-hosting/auth.yaml | 4 +- .../hs-hosting/error-responses.yaml | 4 +- .../hs-hosting/hs-hosting-assets.yaml | 2 +- .../hs-office/hs-office-bankaccounts.yaml | 2 +- .../hs-office/hs-office-contacts.yaml | 2 +- .../hs-office/hs-office-coopassets.yaml | 2 +- .../hs-office/hs-office-coopshares.yaml | 2 +- .../hs-office/hs-office-debitors.yaml | 2 +- .../hs-office/hs-office-memberships.yaml | 2 +- .../hs-office/hs-office-partners.yaml | 2 +- .../hs-office/hs-office-persons.yaml | 2 +- .../hs-office/hs-office-relations.yaml | 2 +- .../hs-office/hs-office-sepamandates.yaml | 2 +- .../rbac/rbac-grant-schemas.yaml | 2 +- .../rbac/rbac-grants-with-id.yaml | 4 +- .../api-definition/rbac/rbac-grants.yaml | 2 +- ...schemas.yaml => rbac-subject-schemas.yaml} | 4 +- ...=> rbac-subjects-with-id-permissions.yaml} | 8 +- ...uuid.yaml => rbac-subjects-with-uuid.yaml} | 14 +-- .../{rbac-users.yaml => rbac-subjects.yaml} | 18 ++-- .../resources/api-definition/rbac/rbac.yaml | 12 +-- .../api-definition/test/test-customers.yaml | 2 +- .../db/changelog/1-rbac/1055-rbac-views.sql | 48 +++++----- .../hsadminng/arch/ArchitectureTest.java | 2 +- .../hsadminng/hs/migration/CsvDataImport.java | 2 +- .../RbacGrantControllerAcceptanceTest.java | 66 ++++++------- .../RbacGrantRepositoryIntegrationTest.java | 34 +++---- .../RbacRoleControllerAcceptanceTest.java | 4 +- .../hsadminng/rbac/rbacuser/TestRbacUser.java | 14 --- .../RbacSubjectControllerAcceptanceTest.java} | 86 ++++++++--------- .../RbacSubjectControllerRestTest.java} | 20 ++-- .../RbacSubjectEntityUnitTest.java} | 6 +- ...RbacSubjectRepositoryIntegrationTest.java} | 96 +++++++++---------- .../rbac/subject/TestRbacSubject.java | 14 +++ 60 files changed, 376 insertions(+), 384 deletions(-) delete mode 100644 src/main/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserRepository.java rename src/main/java/net/hostsharing/hsadminng/rbac/{rbacuser/RbacUserController.java => subject/RbacSubjectController.java} (64%) rename src/main/java/net/hostsharing/hsadminng/rbac/{rbacuser/RbacUserEntity.java => subject/RbacSubjectEntity.java} (92%) rename src/main/java/net/hostsharing/hsadminng/rbac/{rbacuser/RbacUserPermission.java => subject/RbacSubjectPermission.java} (73%) create mode 100644 src/main/java/net/hostsharing/hsadminng/rbac/subject/RbacSubjectRepository.java rename src/main/resources/api-definition/rbac/{rbac-user-schemas.yaml => rbac-subject-schemas.yaml} (93%) rename src/main/resources/api-definition/rbac/{rbac-users-with-id-permissions.yaml => rbac-subjects-with-id-permissions.yaml} (79%) rename src/main/resources/api-definition/rbac/{rbac-users-with-uuid.yaml => rbac-subjects-with-uuid.yaml} (78%) rename src/main/resources/api-definition/rbac/{rbac-users.yaml => rbac-subjects.yaml} (66%) delete mode 100644 src/test/java/net/hostsharing/hsadminng/rbac/rbacuser/TestRbacUser.java rename src/test/java/net/hostsharing/hsadminng/rbac/{rbacuser/RbacUserControllerAcceptanceTest.java => subject/RbacSubjectControllerAcceptanceTest.java} (82%) rename src/test/java/net/hostsharing/hsadminng/rbac/{rbacuser/RbacUserControllerRestTest.java => subject/RbacSubjectControllerRestTest.java} (83%) rename src/test/java/net/hostsharing/hsadminng/rbac/{rbacuser/RbacUserEntityUnitTest.java => subject/RbacSubjectEntityUnitTest.java} (91%) rename src/test/java/net/hostsharing/hsadminng/rbac/{rbacuser/RbacUserRepositoryIntegrationTest.java => subject/RbacSubjectRepositoryIntegrationTest.java} (82%) create mode 100644 src/test/java/net/hostsharing/hsadminng/rbac/subject/TestRbacSubject.java diff --git a/doc/rbac.md b/doc/rbac.md index e7cb12d3..f859e2e1 100644 --- a/doc/rbac.md +++ b/doc/rbac.md @@ -29,7 +29,7 @@ skinparam linetype ortho package RBAC { ' forward declarations - entity RbacUser + entity RbacSubject together { @@ -37,8 +37,8 @@ package RBAC { entity RbacPermission - RbacUser -[hidden]> RbacRole - RbacRole -[hidden]> RbacUser + RbacSubject -[hidden]> RbacRole + RbacRole -[hidden]> RbacSubject } together { @@ -57,11 +57,11 @@ package RBAC { RbacGrant o-u-> RbacReference enum RbacReferenceType { - RbacUser + RbacSubject RbacRole RbacPermission } - RbacReferenceType ..> RbacUser + RbacReferenceType ..> RbacSubject RbacReferenceType ..> RbacRole RbacReferenceType ..> RbacPermission @@ -71,12 +71,12 @@ package RBAC { type : RbacReferenceType } RbacReference o--> RbacReferenceType - entity RbacUser { + entity RbacSubject { *uuid : uuid <> -- name : varchar } - RbacUser o-- RbacReference + RbacSubject o-- RbacReference entity RbacRole { *uuid : uuid(RbacReference) @@ -143,20 +143,20 @@ The primary key of the *RbacReference* and its referred object is always identic #### RbacReferenceType The enum *RbacReferenceType* describes the type of reference. -It's only needed to make it easier to find the referred object in *RbacUser*, *RbacRole* or *RbacPermission*. +It's only needed to make it easier to find the referred object in *RbacSubject*, *RbacRole* or *RbacPermission*. -#### RbacUser +#### RbacSubject -An *RbacUser* is a type of RBAC-subject which references a login account outside this system, identified by a name (usually an email-address). +An *RbacSubject* is a type of RBAC-subject which references a login account outside this system, identified by a name (usually an email-address). -*RbacUser*s can be assigned to multiple *RbacRole*s, through which they can get permissions to *RbacObject*s. +*RbacSubject*s can be assigned to multiple *RbacRole*s, through which they can get permissions to *RbacObject*s. -The primary key of the *RbacUser* is identical to its related *RbacReference*. +The primary key of the *RbacSubject* is identical to its related *RbacReference*. #### RbacRole An *RbacRole* represents a collection of directly or indirectly assigned *RbacPermission*s. -Each *RbacRole* can be assigned to *RbacUser*s or to another *RbacRole*. +Each *RbacRole* can be assigned to *RbacSubject*s or to another *RbacRole*. Both kinds of assignments are represented via *RbacGrant*. @@ -184,7 +184,7 @@ Only with this rule, the foreign key in *RbacPermission* can be defined as `NOT #### RbacGrant -The *RbacGrant* entities represent the access-rights structure from *RbacUser*s via hierarchical *RbacRoles* down to *RbacPermission*s. +The *RbacGrant* entities represent the access-rights structure from *RbacSubject*s via hierarchical *RbacRoles* down to *RbacPermission*s. The core SQL queries to determine access rights are all recursive queries on the *RbacGrant* table. @@ -284,7 +284,7 @@ hide circle ' use right-angled line routing ' skinparam linetype ortho -package RbacUsers { +package RbacSubjects { object UserMike object UserSuse object UserPaul @@ -296,7 +296,7 @@ package RbacRoles { object RoleCustXyz_Admin object RolePackXyz00_Owner } -RbacUsers -[hidden]> RbacRoles +RbacSubjects -[hidden]> RbacRoles package RbacPermissions { object PermCustXyz_SELECT @@ -365,7 +365,7 @@ This way, each user can only select the data they have 'SELECT'-permission for, ### Current User The current use is taken from the session variable `hsadminng.currentSubject` which contains the name of the user as stored in the -*RbacUser*s table. Example: +*RbacSubject*s table. Example: SET LOCAL hsadminng.currentSubject = 'mike@hostsharing.net'; @@ -671,9 +671,9 @@ Access Control for business objects checked according to the assigned roles. But we decided not to create such roles and permissions for the RBAC-Objects itself. It would have overcomplicated the system and the necessary information can easily be added to the RBAC-Objects itself, mostly the `RbacGrant`s. -### RbacUser +### RbacSubject -Users can self-register, thus to create a new RbacUser entity, no login is required. +Users can self-register, thus to create a new RbacSubject entity, no login is required. But such a user has no access-rights except viewing itself. Users can view themselves. diff --git a/sql/rbac-tests.sql b/sql/rbac-tests.sql index 351d1509..e04b2177 100644 --- a/sql/rbac-tests.sql +++ b/sql/rbac-tests.sql @@ -9,21 +9,21 @@ select isGranted(findRoleId('test_package#aaa00:OWNER'), findRoleId('administrat -- call grantRoleToRole(findRoleId('administrators'), findRoleId('test_package#aaa00:OWNER')); select count(*) -FROM queryAllPermissionsOfSubjectIdForObjectUuids(findRbacUser('superuser-fran@hostsharing.net'), +FROM queryAllPermissionsOfSubjectIdForObjectUuids(findRbacSubject('superuser-fran@hostsharing.net'), ARRAY(select uuid from customer where reference < 1100000)); select count(*) -FROM queryAllPermissionsOfSubjectId(findRbacUser('superuser-fran@hostsharing.net')); +FROM queryAllPermissionsOfSubjectId(findRbacSubject('superuser-fran@hostsharing.net')); select * -FROM queryAllPermissionsOfSubjectId(findRbacUser('alex@example.com')); +FROM queryAllPermissionsOfSubjectId(findRbacSubject('alex@example.com')); select * -FROM queryAllPermissionsOfSubjectId(findRbacUser('rosa@example.com')); +FROM queryAllPermissionsOfSubjectId(findRbacSubject('rosa@example.com')); select * -FROM queryAllRbacUsersWithPermissionsFor(findEffectivePermissionId('customer', +FROM queryAllRbacSubjectsWithPermissionsFor(findEffectivePermissionId('customer', (SELECT uuid FROM RbacObject WHERE objectTable = 'customer' LIMIT 1), 'add-package')); select * -FROM queryAllRbacUsersWithPermissionsFor(findEffectivePermissionId('package', +FROM queryAllRbacSubjectsWithPermissionsFor(findEffectivePermissionId('package', (SELECT uuid FROM RbacObject WHERE objectTable = 'package' LIMIT 1), 'DELETE')); @@ -33,7 +33,7 @@ $$ userId uuid; result bool; BEGIN - userId = findRbacUser('superuser-alex@hostsharing.net'); + userId = findRbacSubject('superuser-alex@hostsharing.net'); result = (SELECT * FROM isPermissionGrantedToSubject(findPermissionId('package', 94928, 'add-package'), userId)); IF (result) THEN RAISE EXCEPTION 'expected permission NOT to be granted, but it is'; diff --git a/sql/rbac-view-option-experiments.sql b/sql/rbac-view-option-experiments.sql index d058ac49..be38d3a4 100644 --- a/sql/rbac-view-option-experiments.sql +++ b/sql/rbac-view-option-experiments.sql @@ -38,7 +38,7 @@ CREATE OR REPLACE RULE "_RETURN" AS SELECT * FROM customer WHERE isPermissionGrantedToSubject(findEffectivePermissionId('test_customer', id, 'SELECT'), rbac.currentSubjectUuid()); SELECT * from cust_view LIMIT 10; -select queryAllPermissionsOfSubjectId(findRbacUser('superuser-alex@hostsharing.net')); +select queryAllPermissionsOfSubjectId(findRbacSubject('superuser-alex@hostsharing.net')); -- access control via view-rule with join to recursive permissions - really fast (38ms for 1 million rows) SET SESSION SESSION AUTHORIZATION DEFAULT; @@ -80,10 +80,10 @@ SELECT * from cust_view where reference=1144150; select rr.uuid, rr.type from RbacGrants g join RbacReference RR on g.ascendantUuid = RR.uuid where g.descendantUuid in ( - select uuid from queryAllPermissionsOfSubjectId(findRbacUser('alex@example.com')) + select uuid from queryAllPermissionsOfSubjectId(findRbacSubject('alex@example.com')) where objectTable='test_customer'); -call grantRoleToUser(findRoleId('test_customer#aaa:ADMIN'), findRbacUser('aaaaouq@example.com')); +call grantRoleToUser(findRoleId('test_customer#aaa:ADMIN'), findRbacSubject('aaaaouq@example.com')); -select queryAllPermissionsOfSubjectId(findRbacUser('aaaaouq@example.com')); +select queryAllPermissionsOfSubjectId(findRbacSubject('aaaaouq@example.com')); diff --git a/src/main/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAssetRbacEntity.java b/src/main/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAssetRbacEntity.java index be568944..bd432dfa 100644 --- a/src/main/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAssetRbacEntity.java +++ b/src/main/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAssetRbacEntity.java @@ -22,7 +22,7 @@ import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.DELETE; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.INSERT; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.SELECT; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.UPDATE; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.RbacUserReference.UserRole.CREATOR; +import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.RbacSubjectReference.UserRole.CREATOR; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.ADMIN; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.AGENT; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.GUEST; diff --git a/src/main/java/net/hostsharing/hsadminng/hs/office/bankaccount/HsOfficeBankAccountEntity.java b/src/main/java/net/hostsharing/hsadminng/hs/office/bankaccount/HsOfficeBankAccountEntity.java index 94fe2b16..e58361b7 100644 --- a/src/main/java/net/hostsharing/hsadminng/hs/office/bankaccount/HsOfficeBankAccountEntity.java +++ b/src/main/java/net/hostsharing/hsadminng/hs/office/bankaccount/HsOfficeBankAccountEntity.java @@ -14,7 +14,7 @@ import java.util.UUID; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.*; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.*; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.RbacUserReference.UserRole.CREATOR; +import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.RbacSubjectReference.UserRole.CREATOR; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.*; import static net.hostsharing.hsadminng.stringify.Stringify.stringify; diff --git a/src/main/java/net/hostsharing/hsadminng/hs/office/contact/HsOfficeContactRbacEntity.java b/src/main/java/net/hostsharing/hsadminng/hs/office/contact/HsOfficeContactRbacEntity.java index c4e934cc..0716f1e7 100644 --- a/src/main/java/net/hostsharing/hsadminng/hs/office/contact/HsOfficeContactRbacEntity.java +++ b/src/main/java/net/hostsharing/hsadminng/hs/office/contact/HsOfficeContactRbacEntity.java @@ -11,7 +11,7 @@ import java.io.IOException; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.GLOBAL; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.*; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.RbacUserReference.UserRole.CREATOR; +import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.RbacSubjectReference.UserRole.CREATOR; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.*; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.rbacViewFor; diff --git a/src/main/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipEntity.java b/src/main/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipEntity.java index 9d05f5f9..447d92ba 100644 --- a/src/main/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipEntity.java +++ b/src/main/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipEntity.java @@ -45,7 +45,7 @@ import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.DELETE; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.INSERT; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.SELECT; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.UPDATE; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.RbacUserReference.UserRole.CREATOR; +import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.RbacSubjectReference.UserRole.CREATOR; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.ADMIN; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.AGENT; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.OWNER; diff --git a/src/main/java/net/hostsharing/hsadminng/hs/office/person/HsOfficePersonEntity.java b/src/main/java/net/hostsharing/hsadminng/hs/office/person/HsOfficePersonEntity.java index dd21a5c3..ccf44d55 100644 --- a/src/main/java/net/hostsharing/hsadminng/hs/office/person/HsOfficePersonEntity.java +++ b/src/main/java/net/hostsharing/hsadminng/hs/office/person/HsOfficePersonEntity.java @@ -16,7 +16,7 @@ import java.util.UUID; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.GLOBAL; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.*; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.RbacUserReference.UserRole.CREATOR; +import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.RbacSubjectReference.UserRole.CREATOR; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.*; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.rbacViewFor; import static net.hostsharing.hsadminng.stringify.Stringify.stringify; diff --git a/src/main/java/net/hostsharing/hsadminng/hs/office/relation/HsOfficeRelationRbacEntity.java b/src/main/java/net/hostsharing/hsadminng/hs/office/relation/HsOfficeRelationRbacEntity.java index f081404e..bd4274aa 100644 --- a/src/main/java/net/hostsharing/hsadminng/hs/office/relation/HsOfficeRelationRbacEntity.java +++ b/src/main/java/net/hostsharing/hsadminng/hs/office/relation/HsOfficeRelationRbacEntity.java @@ -24,7 +24,7 @@ import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.DELETE; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.INSERT; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.SELECT; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.UPDATE; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.RbacUserReference.UserRole.CREATOR; +import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.RbacSubjectReference.UserRole.CREATOR; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.ADMIN; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.AGENT; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.OWNER; diff --git a/src/main/java/net/hostsharing/hsadminng/hs/office/sepamandate/HsOfficeSepaMandateEntity.java b/src/main/java/net/hostsharing/hsadminng/hs/office/sepamandate/HsOfficeSepaMandateEntity.java index a57ee32a..27f5b221 100644 --- a/src/main/java/net/hostsharing/hsadminng/hs/office/sepamandate/HsOfficeSepaMandateEntity.java +++ b/src/main/java/net/hostsharing/hsadminng/hs/office/sepamandate/HsOfficeSepaMandateEntity.java @@ -26,7 +26,7 @@ import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.ColumnValue.usingD import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.GLOBAL; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Nullable.NOT_NULL; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.*; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.RbacUserReference.UserRole.CREATOR; +import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.RbacSubjectReference.UserRole.CREATOR; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.*; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.SQL.*; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.rbacViewFor; diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RbacView.java b/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RbacView.java index 32f5d7af..f282563a 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RbacView.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RbacView.java @@ -27,7 +27,7 @@ import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.ColumnValue.usingD import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Nullable.NOT_NULL; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.RbacGrantDefinition.GrantType.PERM_TO_ROLE; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.RbacGrantDefinition.GrantType.ROLE_TO_ROLE; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.RbacUserReference.UserRole.CREATOR; +import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.RbacSubjectReference.UserRole.CREATOR; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.SQL.Part.AUTO_FETCH; import static org.apache.commons.collections4.SetUtils.hashSet; import static org.apache.commons.lang3.StringUtils.uncapitalize; @@ -41,7 +41,7 @@ public class RbacView { private final EntityAlias rootEntityAlias; - private final Set userDefs = new LinkedHashSet<>(); + private final Set userDefs = new LinkedHashSet<>(); private final Set roleDefs = new LinkedHashSet<>(); private final Set permDefs = new LinkedHashSet<>(); private final Map entityAliases = new HashMap<>() { @@ -97,7 +97,7 @@ public class RbacView { RbacView(final String alias, final Class entityClass) { rootEntityAlias = new EntityAlias(alias, entityClass); entityAliases.put(alias, rootEntityAlias); - new RbacUserReference(CREATOR); + new RbacSubjectReference(CREATOR); entityAliases.put("global", new EntityAlias("global")); } @@ -467,7 +467,7 @@ public class RbacView { return new RbacExampleRole(entityAlias, role); } - private RbacGrantDefinition grantRoleToSubject(final RbacRoleDefinition roleDefinition, final RbacUserReference user) { + private RbacGrantDefinition grantRoleToSubject(final RbacRoleDefinition roleDefinition, final RbacSubjectReference user) { return findOrCreateGrantDef(roleDefinition, user).toCreate(); } @@ -564,7 +564,7 @@ public class RbacView { @EqualsAndHashCode public class RbacGrantDefinition { - private final RbacUserReference userDef; + private final RbacSubjectReference userDef; private final RbacRoleDefinition superRoleDef; private final RbacRoleDefinition subRoleDef; private final RbacPermissionDefinition permDef; @@ -605,7 +605,7 @@ public class RbacView { register(this); } - public RbacGrantDefinition(final RbacRoleDefinition roleDef, final RbacUserReference userDef) { + public RbacGrantDefinition(final RbacRoleDefinition roleDef, final RbacSubjectReference userDef) { this.userDef = userDef; this.subRoleDef = roleDef; this.superRoleDef = null; @@ -770,7 +770,7 @@ public class RbacView { * @return * The grant definition for further chained calls. */ - public RbacGrantDefinition owningUser(final RbacUserReference.UserRole userRole) { + public RbacGrantDefinition owningUser(final RbacSubjectReference.UserRole userRole) { return grantRoleToSubject(this, findUserRef(userRole)); } @@ -833,12 +833,12 @@ public class RbacView { } } - public RbacUserReference findUserRef(final RbacUserReference.UserRole userRole) { + public RbacSubjectReference findUserRef(final RbacSubjectReference.UserRole userRole) { return userDefs.stream().filter(u -> u.role == userRole).findFirst().orElseThrow(); } @EqualsAndHashCode - public class RbacUserReference { + public class RbacSubjectReference { public enum UserRole { GLOBAL_ADMIN, @@ -847,7 +847,7 @@ public class RbacView { final UserRole role; - public RbacUserReference(final UserRole creator) { + public RbacSubjectReference(final UserRole creator) { this.role = creator; userDefs.add(this); } @@ -885,7 +885,7 @@ public class RbacView { .orElseGet(() -> new RbacPermissionDefinition(entityAlias, perm, tableName, true)); // TODO: true => toCreate } - private RbacGrantDefinition findOrCreateGrantDef(final RbacRoleDefinition roleDefinition, final RbacUserReference user) { + private RbacGrantDefinition findOrCreateGrantDef(final RbacRoleDefinition roleDefinition, final RbacSubjectReference user) { return grantDefs.stream() .filter(g -> g.subRoleDef == roleDefinition && g.userDef == user) .findFirst() diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RolesGrantsAndPermissionsGenerator.java b/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RolesGrantsAndPermissionsGenerator.java index 7b3d9d06..c8d1796d 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RolesGrantsAndPermissionsGenerator.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RolesGrantsAndPermissionsGenerator.java @@ -578,7 +578,7 @@ class RolesGrantsAndPermissionsGenerator { plPgSql.writeLn(); } - private String toPlPgSqlReference(final RbacView.RbacUserReference userRef) { + private String toPlPgSqlReference(final RbacView.RbacSubjectReference userRef) { return switch (userRef.role) { case CREATOR -> "currentSubjectUuid()"; default -> throw new IllegalArgumentException("unknown user role: " + userRef); diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantController.java b/src/main/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantController.java index a002254d..fce1f33b 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantController.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantController.java @@ -50,7 +50,7 @@ public class RbacGrantController implements RbacGrantsApi { @Override @Transactional(readOnly = true) - public ResponseEntity> listUserGrants( + public ResponseEntity> listSubjectGrants( final String currentSubject, final String assumedRoles) { @@ -97,7 +97,7 @@ public class RbacGrantController implements RbacGrantsApi { // TODO.feat: implement an endpoint to create a Mermaid flowchart with all grants of a given user // @GetMapping( -// path = "/api/rbac/users/{subjectUuid}/grants", +// path = "/api/rbac/subjects/{subjectUuid}/grants", // produces = {"text/vnd.mermaid"}) // @Transactional(readOnly = true) // public ResponseEntity allGrantsOfUserAsMermaid( diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantEntity.java b/src/main/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantEntity.java index 88541762..bb422f62 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantEntity.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantEntity.java @@ -33,7 +33,7 @@ public class RbacGrantEntity { private UUID grantedRoleUuid; @Column(name = "username", updatable = false, insertable = false) - private String granteeUserName; + private String granteeSubjectName; @Id @Column(name = "subjectuuid") @@ -60,7 +60,7 @@ public class RbacGrantEntity { public String toDisplay() { return "{ grant role:" + grantedRoleIdName + - " to user:" + granteeUserName + + " to user:" + granteeSubjectName + " by role:" + grantedByRoleIdName + (assumed ? " and assume" : "") + " }"; diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserRepository.java b/src/main/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserRepository.java deleted file mode 100644 index 88d854c2..00000000 --- a/src/main/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserRepository.java +++ /dev/null @@ -1,46 +0,0 @@ -package net.hostsharing.hsadminng.rbac.rbacuser; - -import org.springframework.data.jpa.repository.Modifying; -import org.springframework.data.jpa.repository.Query; -import org.springframework.data.repository.Repository; - -import java.util.List; -import java.util.UUID; - -public interface RbacUserRepository extends Repository { - - @Query(""" - select u from RbacUserEntity u - where :userName is null or u.name like concat(cast(:userName as text), '%') - order by u.name - """) - List findByOptionalNameLike(String userName); - - // bypasses the restricted view, to be able to grant rights to arbitrary user - @Query(value = "select * from rbac.subject where name=:userName", nativeQuery = true) - RbacUserEntity findByName(String userName); - - RbacUserEntity findByUuid(UUID uuid); - - @Query(value = "select * from grantedPermissions(:subjectUuid)", nativeQuery = true) - List findPermissionsOfUserByUuid(UUID subjectUuid); - - /* - Can't use save/saveAndFlush from SpringData because the uuid is not generated on the entity level, - but explicitly, and then SpringData check's if it exists using an SQL SELECT. - And SQL SELECT needs a currentSubject which we don't yet have in the case of self registration. - */ - @Modifying - @Query(value = "insert into RBacUser_RV (uuid, name) values( :#{#newUser.uuid}, :#{#newUser.name})", nativeQuery = true) - void insert(final RbacUserEntity newUser); - - default RbacUserEntity create(final RbacUserEntity rbacUserEntity) { - if (rbacUserEntity.getUuid() == null) { - rbacUserEntity.setUuid(UUID.randomUUID()); - } - insert(rbacUserEntity); - return rbacUserEntity; - } - - void deleteByUuid(UUID subjectUuid); -} diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserController.java b/src/main/java/net/hostsharing/hsadminng/rbac/subject/RbacSubjectController.java similarity index 64% rename from src/main/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserController.java rename to src/main/java/net/hostsharing/hsadminng/rbac/subject/RbacSubjectController.java index 10add2fb..52c0649b 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserController.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/subject/RbacSubjectController.java @@ -1,10 +1,10 @@ -package net.hostsharing.hsadminng.rbac.rbacuser; +package net.hostsharing.hsadminng.rbac.subject; import net.hostsharing.hsadminng.context.Context; import net.hostsharing.hsadminng.mapper.Mapper; -import net.hostsharing.hsadminng.rbac.generated.api.v1.api.RbacUsersApi; -import net.hostsharing.hsadminng.rbac.generated.api.v1.model.RbacUserPermissionResource; -import net.hostsharing.hsadminng.rbac.generated.api.v1.model.RbacUserResource; +import net.hostsharing.hsadminng.rbac.generated.api.v1.api.RbacSubjectsApi; +import net.hostsharing.hsadminng.rbac.generated.api.v1.model.RbacSubjectPermissionResource; +import net.hostsharing.hsadminng.rbac.generated.api.v1.model.RbacSubjectResource; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.ResponseEntity; import org.springframework.transaction.annotation.Transactional; @@ -15,7 +15,7 @@ import java.util.List; import java.util.UUID; @RestController -public class RbacUserController implements RbacUsersApi { +public class RbacSubjectController implements RbacSubjectsApi { @Autowired private Context context; @@ -24,73 +24,73 @@ public class RbacUserController implements RbacUsersApi { private Mapper mapper; @Autowired - private RbacUserRepository rbacUserRepository; + private RbacSubjectRepository rbacSubjectRepository; @Override @Transactional - public ResponseEntity createUser( - final RbacUserResource body + public ResponseEntity createSubject( + final RbacSubjectResource body ) { context.define(null); if (body.getUuid() == null) { body.setUuid(UUID.randomUUID()); } - final var saved = mapper.map(body, RbacUserEntity.class); - rbacUserRepository.create(saved); + final var saved = mapper.map(body, RbacSubjectEntity.class); + rbacSubjectRepository.create(saved); final var uri = MvcUriComponentsBuilder.fromController(getClass()) .path("/api/rbac.yaml/users/{id}") .buildAndExpand(saved.getUuid()) .toUri(); - return ResponseEntity.created(uri).body(mapper.map(saved, RbacUserResource.class)); + return ResponseEntity.created(uri).body(mapper.map(saved, RbacSubjectResource.class)); } @Override @Transactional - public ResponseEntity deleteUserByUuid( + public ResponseEntity deleteSubjectByUuid( final String currentSubject, final String assumedRoles, final UUID subjectUuid ) { context.define(currentSubject, assumedRoles); - rbacUserRepository.deleteByUuid(subjectUuid); + rbacSubjectRepository.deleteByUuid(subjectUuid); return ResponseEntity.noContent().build(); } @Override @Transactional(readOnly = true) - public ResponseEntity getUserById( + public ResponseEntity getSubjectById( final String currentSubject, final String assumedRoles, final UUID subjectUuid) { context.define(currentSubject, assumedRoles); - final var result = rbacUserRepository.findByUuid(subjectUuid); + final var result = rbacSubjectRepository.findByUuid(subjectUuid); if (result == null) { return ResponseEntity.notFound().build(); } - return ResponseEntity.ok(mapper.map(result, RbacUserResource.class)); + return ResponseEntity.ok(mapper.map(result, RbacSubjectResource.class)); } @Override @Transactional(readOnly = true) - public ResponseEntity> listUsers( + public ResponseEntity> listSubjects( final String currentSubject, final String assumedRoles, final String userName ) { context.define(currentSubject, assumedRoles); - return ResponseEntity.ok(mapper.mapList(rbacUserRepository.findByOptionalNameLike(userName), RbacUserResource.class)); + return ResponseEntity.ok(mapper.mapList(rbacSubjectRepository.findByOptionalNameLike(userName), RbacSubjectResource.class)); } @Override @Transactional(readOnly = true) - public ResponseEntity> listUserPermissions( + public ResponseEntity> listSubjectPermissions( final String currentSubject, final String assumedRoles, final UUID subjectUuid @@ -98,7 +98,7 @@ public class RbacUserController implements RbacUsersApi { context.define(currentSubject, assumedRoles); return ResponseEntity.ok(mapper.mapList( - rbacUserRepository.findPermissionsOfUserByUuid(subjectUuid), - RbacUserPermissionResource.class)); + rbacSubjectRepository.findPermissionsOfUserByUuid(subjectUuid), + RbacSubjectPermissionResource.class)); } } diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserEntity.java b/src/main/java/net/hostsharing/hsadminng/rbac/subject/RbacSubjectEntity.java similarity index 92% rename from src/main/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserEntity.java rename to src/main/java/net/hostsharing/hsadminng/rbac/subject/RbacSubjectEntity.java index 8da64357..3ff2c81d 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserEntity.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/subject/RbacSubjectEntity.java @@ -1,4 +1,4 @@ -package net.hostsharing.hsadminng.rbac.rbacuser; +package net.hostsharing.hsadminng.rbac.subject; import lombok.*; import org.springframework.data.annotation.Immutable; @@ -13,14 +13,14 @@ import java.time.temporal.ChronoUnit; import java.util.UUID; @Entity -@Table(name = "rbacuser_rv") +@Table(schema = "rbac", name = "subject_rv") @Getter @Setter @ToString @Immutable @NoArgsConstructor @AllArgsConstructor -public class RbacUserEntity { +public class RbacSubjectEntity { private static final int MAX_VALIDITY_DAYS = 21; private static DateTimeFormatter DATE_FORMAT_WITH_FULLHOUR = DateTimeFormatter.ofPattern("MM-dd-yyyy HH"); diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserPermission.java b/src/main/java/net/hostsharing/hsadminng/rbac/subject/RbacSubjectPermission.java similarity index 73% rename from src/main/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserPermission.java rename to src/main/java/net/hostsharing/hsadminng/rbac/subject/RbacSubjectPermission.java index f29503c3..9a82ad2d 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserPermission.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/subject/RbacSubjectPermission.java @@ -1,8 +1,8 @@ -package net.hostsharing.hsadminng.rbac.rbacuser; +package net.hostsharing.hsadminng.rbac.subject; import java.util.UUID; -public interface RbacUserPermission { +public interface RbacSubjectPermission { UUID getRoleUuid(); String getRoleName(); diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/subject/RbacSubjectRepository.java b/src/main/java/net/hostsharing/hsadminng/rbac/subject/RbacSubjectRepository.java new file mode 100644 index 00000000..16a13962 --- /dev/null +++ b/src/main/java/net/hostsharing/hsadminng/rbac/subject/RbacSubjectRepository.java @@ -0,0 +1,46 @@ +package net.hostsharing.hsadminng.rbac.subject; + +import org.springframework.data.jpa.repository.Modifying; +import org.springframework.data.jpa.repository.Query; +import org.springframework.data.repository.Repository; + +import java.util.List; +import java.util.UUID; + +public interface RbacSubjectRepository extends Repository { + + @Query(""" + select u from RbacSubjectEntity u + where :userName is null or u.name like concat(cast(:userName as text), '%') + order by u.name + """) + List findByOptionalNameLike(String userName); + + // bypasses the restricted view, to be able to grant rights to arbitrary user + @Query(value = "select * from rbac.subject where name=:userName", nativeQuery = true) + RbacSubjectEntity findByName(String userName); + + RbacSubjectEntity findByUuid(UUID uuid); + + @Query(value = "select * from rbac.grantedPermissions(:subjectUuid)", nativeQuery = true) + List findPermissionsOfUserByUuid(UUID subjectUuid); + + /* + Can't use save/saveAndFlush from SpringData because the uuid is not generated on the entity level, + but explicitly, and then SpringData check's if it exists using an SQL SELECT. + And SQL SELECT needs a currentSubject which we don't yet have in the case of self registration. + */ + @Modifying + @Query(value = "insert into rbac.subject_rv (uuid, name) values( :#{#newUser.uuid}, :#{#newUser.name})", nativeQuery = true) + void insert(final RbacSubjectEntity newUser); + + default RbacSubjectEntity create(final RbacSubjectEntity rbacSubjectEntity) { + if (rbacSubjectEntity.getUuid() == null) { + rbacSubjectEntity.setUuid(UUID.randomUUID()); + } + insert(rbacSubjectEntity); + return rbacSubjectEntity; + } + + void deleteByUuid(UUID subjectUuid); +} diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/test/cust/TestCustomerEntity.java b/src/main/java/net/hostsharing/hsadminng/rbac/test/cust/TestCustomerEntity.java index 72df9c48..8bed127c 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/test/cust/TestCustomerEntity.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/test/cust/TestCustomerEntity.java @@ -15,7 +15,7 @@ import java.util.UUID; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.GLOBAL; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.*; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.RbacUserReference.UserRole.CREATOR; +import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.RbacSubjectReference.UserRole.CREATOR; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.*; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.rbacViewFor; diff --git a/src/main/resources/api-definition/auth.yaml b/src/main/resources/api-definition/auth.yaml index e46f0f38..138c5eaa 100644 --- a/src/main/resources/api-definition/auth.yaml +++ b/src/main/resources/api-definition/auth.yaml @@ -9,7 +9,7 @@ components: required: true schema: type: string - description: Identifying name of the currently logged in user. + description: Identifying name of the current subject (e.g. user). assumedRoles: name: assumed-roles @@ -17,4 +17,4 @@ components: required: false schema: type: string - description: Semicolon-separated list of roles to assume. The current user needs to have the right to assume these roles. + description: Semicolon-separated list of roles to assume. The current subject needs to have the right to assume these roles. diff --git a/src/main/resources/api-definition/error-responses.yaml b/src/main/resources/api-definition/error-responses.yaml index 83ca3dfb..d7999f91 100644 --- a/src/main/resources/api-definition/error-responses.yaml +++ b/src/main/resources/api-definition/error-responses.yaml @@ -8,13 +8,13 @@ components: schema: $ref: '#/components/schemas/Error' Unauthorized: - description: The current user is unknown or not authorized. + description: The current subject is unknown or not authorized. content: application/json: schema: $ref: '#/components/schemas/Error' Forbidden: - description: The current user or none of the assumed or roles is granted access to the resource. + description: The current subject or none of the assumed or roles is granted access to the resource. content: application/json: schema: diff --git a/src/main/resources/api-definition/hs-booking/auth.yaml b/src/main/resources/api-definition/hs-booking/auth.yaml index e46f0f38..0aa48bf5 100644 --- a/src/main/resources/api-definition/hs-booking/auth.yaml +++ b/src/main/resources/api-definition/hs-booking/auth.yaml @@ -9,7 +9,7 @@ components: required: true schema: type: string - description: Identifying name of the currently logged in user. + description: Identifying name of the currently logged in subject. assumedRoles: name: assumed-roles @@ -17,4 +17,4 @@ components: required: false schema: type: string - description: Semicolon-separated list of roles to assume. The current user needs to have the right to assume these roles. + description: Semicolon-separated list of roles to assume. The current subject needs to have the right to assume these roles. diff --git a/src/main/resources/api-definition/hs-booking/error-responses.yaml b/src/main/resources/api-definition/hs-booking/error-responses.yaml index 83ca3dfb..d7999f91 100644 --- a/src/main/resources/api-definition/hs-booking/error-responses.yaml +++ b/src/main/resources/api-definition/hs-booking/error-responses.yaml @@ -8,13 +8,13 @@ components: schema: $ref: '#/components/schemas/Error' Unauthorized: - description: The current user is unknown or not authorized. + description: The current subject is unknown or not authorized. content: application/json: schema: $ref: '#/components/schemas/Error' Forbidden: - description: The current user or none of the assumed or roles is granted access to the resource. + description: The current subject or none of the assumed or roles is granted access to the resource. content: application/json: schema: diff --git a/src/main/resources/api-definition/hs-booking/hs-booking-items.yaml b/src/main/resources/api-definition/hs-booking/hs-booking-items.yaml index fca2209a..e18e4926 100644 --- a/src/main/resources/api-definition/hs-booking/hs-booking-items.yaml +++ b/src/main/resources/api-definition/hs-booking/hs-booking-items.yaml @@ -1,6 +1,6 @@ get: summary: Returns a list of all booking items for a specified project. - description: Returns the list of all booking items for a specified project which are visible to the current user or any of it's assumed roles. + description: Returns the list of all booking items for a specified project which are visible to the current subject or any of it's assumed roles. tags: - hs-booking-items operationId: listBookingItemsByProjectUuid diff --git a/src/main/resources/api-definition/hs-booking/hs-booking-projects.yaml b/src/main/resources/api-definition/hs-booking/hs-booking-projects.yaml index e5081a6f..3b567346 100644 --- a/src/main/resources/api-definition/hs-booking/hs-booking-projects.yaml +++ b/src/main/resources/api-definition/hs-booking/hs-booking-projects.yaml @@ -1,6 +1,6 @@ get: summary: Returns a list of all booking projects for a specified debitor. - description: Returns the list of all booking projects for a specified debitor which are visible to the current user or any of it's assumed roles. + description: Returns the list of all booking projects for a specified debitor which are visible to the current subject or any of it's assumed roles. tags: - hs-booking-projects operationId: listBookingProjectsByDebitorUuid diff --git a/src/main/resources/api-definition/hs-hosting/auth.yaml b/src/main/resources/api-definition/hs-hosting/auth.yaml index e46f0f38..0aa48bf5 100644 --- a/src/main/resources/api-definition/hs-hosting/auth.yaml +++ b/src/main/resources/api-definition/hs-hosting/auth.yaml @@ -9,7 +9,7 @@ components: required: true schema: type: string - description: Identifying name of the currently logged in user. + description: Identifying name of the currently logged in subject. assumedRoles: name: assumed-roles @@ -17,4 +17,4 @@ components: required: false schema: type: string - description: Semicolon-separated list of roles to assume. The current user needs to have the right to assume these roles. + description: Semicolon-separated list of roles to assume. The current subject needs to have the right to assume these roles. diff --git a/src/main/resources/api-definition/hs-hosting/error-responses.yaml b/src/main/resources/api-definition/hs-hosting/error-responses.yaml index 83ca3dfb..d7999f91 100644 --- a/src/main/resources/api-definition/hs-hosting/error-responses.yaml +++ b/src/main/resources/api-definition/hs-hosting/error-responses.yaml @@ -8,13 +8,13 @@ components: schema: $ref: '#/components/schemas/Error' Unauthorized: - description: The current user is unknown or not authorized. + description: The current subject is unknown or not authorized. content: application/json: schema: $ref: '#/components/schemas/Error' Forbidden: - description: The current user or none of the assumed or roles is granted access to the resource. + description: The current subject or none of the assumed or roles is granted access to the resource. content: application/json: schema: diff --git a/src/main/resources/api-definition/hs-hosting/hs-hosting-assets.yaml b/src/main/resources/api-definition/hs-hosting/hs-hosting-assets.yaml index 6396d2a7..8aae49a8 100644 --- a/src/main/resources/api-definition/hs-hosting/hs-hosting-assets.yaml +++ b/src/main/resources/api-definition/hs-hosting/hs-hosting-assets.yaml @@ -1,6 +1,6 @@ get: summary: Returns a filtered list of all hosting assets. - description: Returns the list of all hosting assets which match the given filters and are visible to the current user or any of it's assumed roles. + description: Returns the list of all hosting assets which match the given filters and are visible to the current subject or any of it's assumed roles. tags: - hs-hosting-assets operationId: listAssets diff --git a/src/main/resources/api-definition/hs-office/hs-office-bankaccounts.yaml b/src/main/resources/api-definition/hs-office/hs-office-bankaccounts.yaml index 2207fd9c..316fc250 100644 --- a/src/main/resources/api-definition/hs-office/hs-office-bankaccounts.yaml +++ b/src/main/resources/api-definition/hs-office/hs-office-bankaccounts.yaml @@ -1,6 +1,6 @@ get: summary: Returns a list of (optionally filtered) bankaccounts. - description: Returns the list of (optionally filtered) bankaccounts which are visible to the current user or any of it's assumed roles. + description: Returns the list of (optionally filtered) bankaccounts which are visible to the current subject or any of it's assumed roles. tags: - hs-office-bank-accounts operationId: listBankAccounts diff --git a/src/main/resources/api-definition/hs-office/hs-office-contacts.yaml b/src/main/resources/api-definition/hs-office/hs-office-contacts.yaml index 03a6ff70..cc3f56af 100644 --- a/src/main/resources/api-definition/hs-office/hs-office-contacts.yaml +++ b/src/main/resources/api-definition/hs-office/hs-office-contacts.yaml @@ -1,6 +1,6 @@ get: summary: Returns a list of (optionally filtered) contacts. - description: Returns the list of (optionally filtered) contacts which are visible to the current user or any of it's assumed roles. + description: Returns the list of (optionally filtered) contacts which are visible to the current subject or any of it's assumed roles. tags: - hs-office-contacts operationId: listContacts diff --git a/src/main/resources/api-definition/hs-office/hs-office-coopassets.yaml b/src/main/resources/api-definition/hs-office/hs-office-coopassets.yaml index 24ffd3d1..bff3e1d5 100644 --- a/src/main/resources/api-definition/hs-office/hs-office-coopassets.yaml +++ b/src/main/resources/api-definition/hs-office/hs-office-coopassets.yaml @@ -1,6 +1,6 @@ get: summary: Returns a list of (optionally filtered) cooperative asset transactions. - description: Returns the list of (optionally filtered) cooperative asset transactions which are visible to the current user or any of it's assumed roles. + description: Returns the list of (optionally filtered) cooperative asset transactions which are visible to the current subject or any of it's assumed roles. tags: - hs-office-coopAssets operationId: listCoopAssets diff --git a/src/main/resources/api-definition/hs-office/hs-office-coopshares.yaml b/src/main/resources/api-definition/hs-office/hs-office-coopshares.yaml index a886ab82..215df97e 100644 --- a/src/main/resources/api-definition/hs-office/hs-office-coopshares.yaml +++ b/src/main/resources/api-definition/hs-office/hs-office-coopshares.yaml @@ -1,6 +1,6 @@ get: summary: Returns a list of (optionally filtered) cooperative share transactions. - description: Returns the list of (optionally filtered) cooperative share transactions which are visible to the current user or any of it's assumed roles. + description: Returns the list of (optionally filtered) cooperative share transactions which are visible to the current subject or any of it's assumed roles. tags: - hs-office-coopShares operationId: listCoopShares diff --git a/src/main/resources/api-definition/hs-office/hs-office-debitors.yaml b/src/main/resources/api-definition/hs-office/hs-office-debitors.yaml index e0327d2f..16554531 100644 --- a/src/main/resources/api-definition/hs-office/hs-office-debitors.yaml +++ b/src/main/resources/api-definition/hs-office/hs-office-debitors.yaml @@ -1,6 +1,6 @@ get: summary: Returns a list of (optionally filtered) debitors. - description: Returns the list of (optionally filtered) debitors which are visible to the current user or any of it's assumed roles. + description: Returns the list of (optionally filtered) debitors which are visible to the current subject or any of it's assumed roles. tags: - hs-office-debitors operationId: listDebitors diff --git a/src/main/resources/api-definition/hs-office/hs-office-memberships.yaml b/src/main/resources/api-definition/hs-office/hs-office-memberships.yaml index e394faf0..8436134b 100644 --- a/src/main/resources/api-definition/hs-office/hs-office-memberships.yaml +++ b/src/main/resources/api-definition/hs-office/hs-office-memberships.yaml @@ -1,6 +1,6 @@ get: summary: Returns a list of (optionally filtered) memberships. - description: Returns the list of memberships which are visible to the current user or any of it's assumed roles. + description: Returns the list of memberships which are visible to the current subject or any of it's assumed roles. The list can optionally be filtered by either the `partnerUuid` or the `memberNumber` - not both at the same time. tags: - hs-office-memberships diff --git a/src/main/resources/api-definition/hs-office/hs-office-partners.yaml b/src/main/resources/api-definition/hs-office/hs-office-partners.yaml index 1936a7cb..9e97a91d 100644 --- a/src/main/resources/api-definition/hs-office/hs-office-partners.yaml +++ b/src/main/resources/api-definition/hs-office/hs-office-partners.yaml @@ -1,6 +1,6 @@ get: summary: Returns a list of (optionally filtered) business partners. - description: Returns the list of (optionally filtered) business partners which are visible to the current user or any of it's assumed roles. + description: Returns the list of (optionally filtered) business partners which are visible to the current subject or any of it's assumed roles. tags: - hs-office-partners operationId: listPartners diff --git a/src/main/resources/api-definition/hs-office/hs-office-persons.yaml b/src/main/resources/api-definition/hs-office/hs-office-persons.yaml index 71471c83..e761957c 100644 --- a/src/main/resources/api-definition/hs-office/hs-office-persons.yaml +++ b/src/main/resources/api-definition/hs-office/hs-office-persons.yaml @@ -1,6 +1,6 @@ get: summary: Returns a list of (optionally filtered) persons. - description: Returns the list of (optionally filtered) persons which are visible to the current user or any of it's assumed roles. + description: Returns the list of (optionally filtered) persons which are visible to the current subject or any of it's assumed roles. tags: - hs-office-persons operationId: listPersons diff --git a/src/main/resources/api-definition/hs-office/hs-office-relations.yaml b/src/main/resources/api-definition/hs-office/hs-office-relations.yaml index 0bcb9145..ce7a865b 100644 --- a/src/main/resources/api-definition/hs-office/hs-office-relations.yaml +++ b/src/main/resources/api-definition/hs-office/hs-office-relations.yaml @@ -1,6 +1,6 @@ get: summary: Returns a list of (optionally filtered) person relations for a given person. - description: Returns the list of (optionally filtered) person relations of a given person and which are visible to the current user or any of it's assumed roles. + description: Returns the list of (optionally filtered) person relations of a given person and which are visible to the current subject or any of it's assumed roles. tags: - hs-office-relations operationId: listRelations diff --git a/src/main/resources/api-definition/hs-office/hs-office-sepamandates.yaml b/src/main/resources/api-definition/hs-office/hs-office-sepamandates.yaml index 76f28092..3050ab79 100644 --- a/src/main/resources/api-definition/hs-office/hs-office-sepamandates.yaml +++ b/src/main/resources/api-definition/hs-office/hs-office-sepamandates.yaml @@ -1,6 +1,6 @@ get: summary: Returns a list of (optionally filtered) SEPA Mandates. - description: Returns the list of (optionally filtered) SEPA Mandates which are visible to the current user or any of it's assumed roles. + description: Returns the list of (optionally filtered) SEPA Mandates which are visible to the current subject or any of it's assumed roles. tags: - hs-office-sepaMandates operationId: listSepaMandatesByIBAN diff --git a/src/main/resources/api-definition/rbac/rbac-grant-schemas.yaml b/src/main/resources/api-definition/rbac/rbac-grant-schemas.yaml index 4f64f575..90700354 100644 --- a/src/main/resources/api-definition/rbac/rbac-grant-schemas.yaml +++ b/src/main/resources/api-definition/rbac/rbac-grant-schemas.yaml @@ -18,7 +18,7 @@ components: grantedRoleUuid: type: string format: uuid - granteeUserName: + granteeSubjectName: type: string granteeSubjectUuid: type: string diff --git a/src/main/resources/api-definition/rbac/rbac-grants-with-id.yaml b/src/main/resources/api-definition/rbac/rbac-grants-with-id.yaml index be0b1e08..ddda4510 100644 --- a/src/main/resources/api-definition/rbac/rbac-grants-with-id.yaml +++ b/src/main/resources/api-definition/rbac/rbac-grants-with-id.yaml @@ -18,7 +18,7 @@ get: schema: type: string format: uuid - description: UUID of the user to whom the role was granted. + description: UUID of the subject to who the role was granted. responses: "200": description: OK @@ -53,7 +53,7 @@ delete: schema: type: string format: uuid - description: UUID of the user to whom the role was granted. + description: UUID of the subject to which the role was granted. responses: "204": description: No Content diff --git a/src/main/resources/api-definition/rbac/rbac-grants.yaml b/src/main/resources/api-definition/rbac/rbac-grants.yaml index 4fbfd43c..7c5392cd 100644 --- a/src/main/resources/api-definition/rbac/rbac-grants.yaml +++ b/src/main/resources/api-definition/rbac/rbac-grants.yaml @@ -1,7 +1,7 @@ get: tags: - rbac-grants - operationId: listUserGrants + operationId: listSubjectGrants parameters: - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' diff --git a/src/main/resources/api-definition/rbac/rbac-user-schemas.yaml b/src/main/resources/api-definition/rbac/rbac-subject-schemas.yaml similarity index 93% rename from src/main/resources/api-definition/rbac/rbac-user-schemas.yaml rename to src/main/resources/api-definition/rbac/rbac-subject-schemas.yaml index c7ca49c0..9cb8ec0f 100644 --- a/src/main/resources/api-definition/rbac/rbac-user-schemas.yaml +++ b/src/main/resources/api-definition/rbac/rbac-subject-schemas.yaml @@ -3,7 +3,7 @@ components: schemas: - RbacUser: + RbacSubject: type: object properties: uuid: @@ -11,7 +11,7 @@ components: format: uuid name: type: string - RbacUserPermission: + RbacSubjectPermission: type: object properties: objectUuid: diff --git a/src/main/resources/api-definition/rbac/rbac-users-with-id-permissions.yaml b/src/main/resources/api-definition/rbac/rbac-subjects-with-id-permissions.yaml similarity index 79% rename from src/main/resources/api-definition/rbac/rbac-users-with-id-permissions.yaml rename to src/main/resources/api-definition/rbac/rbac-subjects-with-id-permissions.yaml index dd3594ca..a92407db 100644 --- a/src/main/resources/api-definition/rbac/rbac-users-with-id-permissions.yaml +++ b/src/main/resources/api-definition/rbac/rbac-subjects-with-id-permissions.yaml @@ -1,8 +1,8 @@ get: tags: - - rbac-users - description: 'List all visible permissions granted to the given user; reduced ' - operationId: listUserPermissions + - rbac-subjects + description: 'List all visible permissions granted to the given subject; reduced ' + operationId: listSubjectPermissions parameters: - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' @@ -20,7 +20,7 @@ get: schema: type: array items: - $ref: 'rbac-user-schemas.yaml#/components/schemas/RbacUserPermission' + $ref: 'rbac-subject-schemas.yaml#/components/schemas/RbacSubjectPermission' "401": $ref: 'error-responses.yaml#/components/responses/Unauthorized' diff --git a/src/main/resources/api-definition/rbac/rbac-users-with-uuid.yaml b/src/main/resources/api-definition/rbac/rbac-subjects-with-uuid.yaml similarity index 78% rename from src/main/resources/api-definition/rbac/rbac-users-with-uuid.yaml rename to src/main/resources/api-definition/rbac/rbac-subjects-with-uuid.yaml index fa6de05f..67e0ac6d 100644 --- a/src/main/resources/api-definition/rbac/rbac-users-with-uuid.yaml +++ b/src/main/resources/api-definition/rbac/rbac-subjects-with-uuid.yaml @@ -1,8 +1,8 @@ get: tags: - - rbac-users - description: 'Fetch a single user by its id, if visible for the current subject.' - operationId: getUserById + - rbac-subjects + description: 'Fetch a single subject by its id, if visible for the current subject.' + operationId: getSubjectById parameters: - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' @@ -18,7 +18,7 @@ get: content: 'application/json': schema: - $ref: 'rbac-user-schemas.yaml#/components/schemas/RbacUser' + $ref: 'rbac-subject-schemas.yaml#/components/schemas/RbacSubject' "401": $ref: 'error-responses.yaml#/components/responses/Unauthorized' @@ -28,8 +28,8 @@ get: delete: tags: - - rbac-users - operationId: deleteUserByUuid + - rbac-subjects + operationId: deleteSubjectByUuid parameters: - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' @@ -39,7 +39,7 @@ delete: schema: type: string format: uuid - description: UUID of the user to delete. + description: UUID of the subject to delete. responses: "204": description: No Content diff --git a/src/main/resources/api-definition/rbac/rbac-users.yaml b/src/main/resources/api-definition/rbac/rbac-subjects.yaml similarity index 66% rename from src/main/resources/api-definition/rbac/rbac-users.yaml rename to src/main/resources/api-definition/rbac/rbac-subjects.yaml index e447f25d..0877163e 100644 --- a/src/main/resources/api-definition/rbac/rbac-users.yaml +++ b/src/main/resources/api-definition/rbac/rbac-subjects.yaml @@ -1,8 +1,8 @@ get: tags: - - rbac-users - description: List accessible RBAC users with optional filter by name. - operationId: listUsers + - rbac-subjects + description: List accessible RBAC subjects with optional filter by name. + operationId: listSubjects parameters: - $ref: 'auth.yaml#/components/parameters/currentSubject' - $ref: 'auth.yaml#/components/parameters/assumedRoles' @@ -19,7 +19,7 @@ get: schema: type: array items: - $ref: 'rbac-user-schemas.yaml#/components/schemas/RbacUser' + $ref: 'rbac-subject-schemas.yaml#/components/schemas/RbacSubject' '401': $ref: 'error-responses.yaml#/components/responses/Unauthorized' '403': @@ -27,22 +27,22 @@ get: post: tags: - - rbac-users - description: Create a new RBAC user. - operationId: createUser + - rbac-subjects + description: Create a new RBAC subject (e.g. user). + operationId: createSubject requestBody: required: true content: application/json: schema: - $ref: 'rbac-user-schemas.yaml#/components/schemas/RbacUser' + $ref: 'rbac-subject-schemas.yaml#/components/schemas/RbacSubject' responses: '201': description: Created content: 'application/json': schema: - $ref: 'rbac-user-schemas.yaml#/components/schemas/RbacUser' + $ref: 'rbac-subject-schemas.yaml#/components/schemas/RbacSubject' '409': $ref: 'error-responses.yaml#/components/responses/Conflict' diff --git a/src/main/resources/api-definition/rbac/rbac.yaml b/src/main/resources/api-definition/rbac/rbac.yaml index a02e3cd9..463692d0 100644 --- a/src/main/resources/api-definition/rbac/rbac.yaml +++ b/src/main/resources/api-definition/rbac/rbac.yaml @@ -8,14 +8,14 @@ servers: paths: - /api/rbac/users: - $ref: 'rbac-users.yaml' + /api/rbac/subjects: + $ref: 'rbac-subjects.yaml' - /api/rbac/users/{subjectUuid}/permissions: - $ref: 'rbac-users-with-id-permissions.yaml' + /api/rbac/subjects/{subjectUuid}/permissions: + $ref: 'rbac-subjects-with-id-permissions.yaml' - /api/rbac/users/{subjectUuid}: - $ref: 'rbac-users-with-uuid.yaml' + /api/rbac/subjects/{subjectUuid}: + $ref: 'rbac-subjects-with-uuid.yaml' /api/rbac/roles: $ref: 'rbac-roles.yaml' diff --git a/src/main/resources/api-definition/test/test-customers.yaml b/src/main/resources/api-definition/test/test-customers.yaml index 25800099..8e81426a 100644 --- a/src/main/resources/api-definition/test/test-customers.yaml +++ b/src/main/resources/api-definition/test/test-customers.yaml @@ -1,6 +1,6 @@ get: summary: Returns a list of (optionally filtered) customers. - description: Returns the list of (optionally filtered) customers which are visible to the current user or any of it's assumed roles. + description: Returns the list of (optionally filtered) customers which are visible to the current subject or any of it's assumed roles. tags: - testCustomers operationId: listCustomers diff --git a/src/main/resources/db/changelog/1-rbac/1055-rbac-views.sql b/src/main/resources/db/changelog/1-rbac/1055-rbac-views.sql index 0efd2c45..974bf7e8 100644 --- a/src/main/resources/db/changelog/1-rbac/1055-rbac-views.sql +++ b/src/main/resources/db/changelog/1-rbac/1055-rbac-views.sql @@ -204,8 +204,8 @@ execute function rbac.delete_grant_tf(); Creates a view to the users table with additional columns for easier human readability. */ -drop view if exists RbacUser_ev; -create or replace view RbacUser_ev as +drop view if exists rbac.subject_ev; +create or replace view rbac.subject_ev as select distinct * -- @formatter:off from ( @@ -229,8 +229,8 @@ select distinct * Creates a view to the users table with row-level limitation based on the grants of the current user or assumed roles. */ -drop view if exists RbacUser_rv; -create or replace view RbacUser_rv as +drop view if exists rbac.subject_rv; +create or replace view rbac.subject_rv as select distinct * -- @formatter:off from ( @@ -247,7 +247,7 @@ create or replace view RbacUser_rv as ) as unordered -- @formatter:on order by unordered.name; -grant all privileges on RbacUser_rv to ${HSADMINNG_POSTGRES_RESTRICTED_USERNAME}; +grant all privileges on rbac.subject_rv to ${HSADMINNG_POSTGRES_RESTRICTED_USERNAME}; --// -- ============================================================================ @@ -255,9 +255,9 @@ grant all privileges on RbacUser_rv to ${HSADMINNG_POSTGRES_RESTRICTED_USERNAME} -- ---------------------------------------------------------------------------- /** - Instead of insert trigger function for RbacUser_rv. + Instead of insert trigger function for rbac.subject_rv. */ -create or replace function insertRbacUser() +create or replace function rbac.insert_subject_tf() returns trigger language plpgsql as $$ declare @@ -277,13 +277,13 @@ end; $$; /* - Creates an instead of insert trigger for the RbacUser_rv view. + Creates an instead of insert trigger for the rbac.subject_rv view. */ -create trigger insertRbacUser_Trigger +create trigger insert_subject_tg instead of insert - on RbacUser_rv + on rbac.subject_rv for each row -execute function insertRbacUser(); +execute function rbac.insert_subject_tf(); --// -- ============================================================================ @@ -291,11 +291,11 @@ execute function insertRbacUser(); -- ---------------------------------------------------------------------------- /** - Instead of delete trigger function for RbacUser_RV. + Instead of delete trigger function for rbac.subject_rv. Checks if the current subject (user / assumed role) has the permission to delete the user. */ -create or replace function deleteRbacUser() +create or replace function delete_subject_tf() returns trigger language plpgsql as $$ begin @@ -307,13 +307,13 @@ begin end; $$; /* - Creates an instead of delete trigger for the RbacUser_rv view. + Creates an instead of delete trigger for the rbac.subject_rv view. */ -create trigger deleteRbacUser_Trigger +create trigger delete_subject_tg instead of delete - on RbacUser_rv + on rbac.subject_rv for each row -execute function deleteRbacUser(); +execute function delete_subject_tf(); --/ -- ============================================================================ @@ -324,8 +324,8 @@ execute function deleteRbacUser(); based on the grants of the current user or assumed roles. */ -- @formatter:off -drop view if exists RbacOwnGrantedPermissions_rv; -create or replace view RbacOwnGrantedPermissions_rv as +drop view if exists rbac.own_granted_permissions_rv; +create or replace view rbac.own_granted_permissions_rv as select r.uuid as roleuuid, p.uuid as permissionUuid, (r.objecttable || ':' || r.objectidname || ':' || r.roletype) as roleName, p.op, o.objecttable, r.objectidname, o.uuid as objectuuid @@ -333,7 +333,7 @@ select r.uuid as roleuuid, p.uuid as permissionUuid, join rbacgrants g on g.ascendantuuid = r.uuid join rbacpermission p on p.uuid = g.descendantuuid join rbac.object o on o.uuid = p.objectuuid; -grant all privileges on RbacOwnGrantedPermissions_rv to ${HSADMINNG_POSTGRES_RESTRICTED_USERNAME}; +grant all privileges on rbac.own_granted_permissions_rv to ${HSADMINNG_POSTGRES_RESTRICTED_USERNAME}; -- @formatter:om -- ============================================================================ @@ -343,7 +343,7 @@ grant all privileges on RbacOwnGrantedPermissions_rv to ${HSADMINNG_POSTGRES_RES Returns all permissions granted to the given user, which are also visible to the current user or assumed roles. */ -create or replace function grantedPermissionsRaw(targetSubjectUuid uuid) +create or replace function rbac.grantedPermissionsRaw(targetSubjectUuid uuid) returns table(roleUuid uuid, roleName text, permissionUuid uuid, op RbacOp, opTableName varchar(60), objectTable varchar(60), objectIdName varchar, objectUuid uuid) returns null on null input language plpgsql as $$ @@ -379,14 +379,14 @@ begin -- @formatter:on end; $$; -create or replace function grantedPermissions(targetSubjectUuid uuid) +create or replace function rbac.grantedPermissions(targetSubjectUuid uuid) returns table(roleUuid uuid, roleName text, permissionUuid uuid, op RbacOp, opTableName varchar(60), objectTable varchar(60), objectIdName varchar, objectUuid uuid) returns null on null input language sql as $$ - select * from grantedPermissionsRaw(targetSubjectUuid) + select * from rbac.grantedPermissionsRaw(targetSubjectUuid) union all select roleUuid, roleName, permissionUuid, 'SELECT'::RbacOp, opTableName, objectTable, objectIdName, objectUuid - from grantedPermissionsRaw(targetSubjectUuid) + from rbac.grantedPermissionsRaw(targetSubjectUuid) where op <> 'SELECT'::RbacOp; $$; --// diff --git a/src/test/java/net/hostsharing/hsadminng/arch/ArchitectureTest.java b/src/test/java/net/hostsharing/hsadminng/arch/ArchitectureTest.java index 85a1d462..ee19f534 100644 --- a/src/test/java/net/hostsharing/hsadminng/arch/ArchitectureTest.java +++ b/src/test/java/net/hostsharing/hsadminng/arch/ArchitectureTest.java @@ -68,7 +68,7 @@ public class ArchitectureTest { "..mapper", "..ping", "..rbac", - "..rbac.rbacuser", + "..rbac.rbacSubject", "..rbac.rbacgrant", "..rbac.rbacrole", "..rbac.rbacobject", diff --git a/src/test/java/net/hostsharing/hsadminng/hs/migration/CsvDataImport.java b/src/test/java/net/hostsharing/hsadminng/hs/migration/CsvDataImport.java index 553cc045..60bb12dd 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/migration/CsvDataImport.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/migration/CsvDataImport.java @@ -298,7 +298,7 @@ public class CsvDataImport extends ContextBasedTest { protected void deleteFromCommonTables() { jpaAttempt.transacted(() -> { context(rbacSuperuser); - em.createNativeQuery("delete from rbacuser_rv where name not like 'superuser-%'").executeUpdate(); + em.createNativeQuery("delete from rbac.subject_rv where name not like 'superuser-%'").executeUpdate(); em.createNativeQuery("delete from basis.tx_journal where true").executeUpdate(); em.createNativeQuery("delete from basis.tx_context where true").executeUpdate(); }).assertSuccessful(); diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantControllerAcceptanceTest.java b/src/test/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantControllerAcceptanceTest.java index 402aee38..fca0ab74 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantControllerAcceptanceTest.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantControllerAcceptanceTest.java @@ -7,8 +7,8 @@ import net.hostsharing.hsadminng.HsadminNgApplication; import net.hostsharing.hsadminng.rbac.context.ContextBasedTest; import net.hostsharing.hsadminng.rbac.rbacrole.RbacRoleEntity; import net.hostsharing.hsadminng.rbac.rbacrole.RbacRoleRepository; -import net.hostsharing.hsadminng.rbac.rbacuser.RbacUserEntity; -import net.hostsharing.hsadminng.rbac.rbacuser.RbacUserRepository; +import net.hostsharing.hsadminng.rbac.subject.RbacSubjectEntity; +import net.hostsharing.hsadminng.rbac.subject.RbacSubjectRepository; import net.hostsharing.hsadminng.rbac.test.JpaAttempt; import org.apache.commons.lang3.RandomStringUtils; import org.junit.jupiter.api.Nested; @@ -43,7 +43,7 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest { EntityManager em; @Autowired - RbacUserRepository rbacUserRepository; + RbacSubjectRepository rbacSubjectRepository; @Autowired RbacRoleRepository rbacRoleRepository; @@ -73,7 +73,7 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest { // TODO: should there be a grantedByRole or just a grantedByTrigger? hasEntry("grantedByRoleIdName", "test_customer#xxx:OWNER"), hasEntry("grantedRoleIdName", "test_customer#xxx:ADMIN"), - hasEntry("granteeUserName", "customer-admin@xxx.example.com") + hasEntry("granteeSubjectName", "customer-admin@xxx.example.com") ) )) .body("", hasItem( @@ -81,28 +81,28 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest { // TODO: should there be a grantedByRole or just a grantedByTrigger? hasEntry("grantedByRoleIdName", "test_customer#yyy:OWNER"), hasEntry("grantedRoleIdName", "test_customer#yyy:ADMIN"), - hasEntry("granteeUserName", "customer-admin@yyy.example.com") + hasEntry("granteeSubjectName", "customer-admin@yyy.example.com") ) )) .body("", hasItem( allOf( hasEntry("grantedByRoleIdName", "global#global:ADMIN"), hasEntry("grantedRoleIdName", "global#global:ADMIN"), - hasEntry("granteeUserName", "superuser-fran@hostsharing.net") + hasEntry("granteeSubjectName", "superuser-fran@hostsharing.net") ) )) .body("", hasItem( allOf( hasEntry("grantedByRoleIdName", "test_customer#xxx:ADMIN"), hasEntry("grantedRoleIdName", "test_package#xxx00:ADMIN"), - hasEntry("granteeUserName", "pac-admin-xxx00@xxx.example.com") + hasEntry("granteeSubjectName", "pac-admin-xxx00@xxx.example.com") ) )) .body("", hasItem( allOf( hasEntry("grantedByRoleIdName", "test_customer#zzz:ADMIN"), hasEntry("grantedRoleIdName", "test_package#zzz02:ADMIN"), - hasEntry("granteeUserName", "pac-admin-zzz02@zzz.example.com") + hasEntry("granteeSubjectName", "pac-admin-zzz02@zzz.example.com") ) )) .body("size()", greaterThanOrEqualTo(14)); @@ -125,7 +125,7 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest { allOf( hasEntry("grantedByRoleIdName", "test_customer#yyy:ADMIN"), hasEntry("grantedRoleIdName", "test_package#yyy00:ADMIN"), - hasEntry("granteeUserName", "pac-admin-yyy00@yyy.example.com") + hasEntry("granteeSubjectName", "pac-admin-yyy00@yyy.example.com") ) )) .body("size()", is(1)); @@ -147,12 +147,12 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest { allOf( hasEntry("grantedByRoleIdName", "test_customer#yyy:ADMIN"), hasEntry("grantedRoleIdName", "test_package#yyy00:ADMIN"), - hasEntry("granteeUserName", "pac-admin-yyy00@yyy.example.com") + hasEntry("granteeSubjectName", "pac-admin-yyy00@yyy.example.com") ) )) .body("[0].grantedByRoleIdName", is("test_customer#yyy:ADMIN")) .body("[0].grantedRoleIdName", is("test_package#yyy00:ADMIN")) - .body("[0].granteeUserName", is("pac-admin-yyy00@yyy.example.com")); + .body("[0].granteeSubjectName", is("pac-admin-yyy00@yyy.example.com")); // @formatter:on } } @@ -164,7 +164,7 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest { void customerAdmin_withAssumedPacketAdminRole_canReadPacketAdminsGrantById() { // given final var givencurrentSubjectAsPackageAdmin = new Subject("customer-admin@xxx.example.com"); - final var givenGranteeUser = findRbacUserByName("pac-admin-xxx00@xxx.example.com"); + final var givenGranteeUser = findRbacSubjectByName("pac-admin-xxx00@xxx.example.com"); final var givenGrantedRole = getRbacRoleByName("test_package#xxx00:ADMIN"); // when @@ -176,14 +176,14 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest { .statusCode(200) .body("grantedByRoleIdName", is("test_customer#xxx:ADMIN")) .body("grantedRoleIdName", is("test_package#xxx00:ADMIN")) - .body("granteeUserName", is("pac-admin-xxx00@xxx.example.com")); + .body("granteeSubjectName", is("pac-admin-xxx00@xxx.example.com")); } @Test void packageAdmin_withoutAssumedRole_canReadItsOwnGrantById() { // given final var givencurrentSubjectAsPackageAdmin = new Subject("pac-admin-xxx00@xxx.example.com"); - final var givenGranteeUser = findRbacUserByName("pac-admin-xxx00@xxx.example.com"); + final var givenGranteeUser = findRbacSubjectByName("pac-admin-xxx00@xxx.example.com"); final var givenGrantedRole = getRbacRoleByName("test_package#xxx00:ADMIN"); // when @@ -195,7 +195,7 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest { .statusCode(200) .body("grantedByRoleIdName", is("test_customer#xxx:ADMIN")) .body("grantedRoleIdName", is("test_package#xxx00:ADMIN")) - .body("granteeUserName", is("pac-admin-xxx00@xxx.example.com")); + .body("granteeSubjectName", is("pac-admin-xxx00@xxx.example.com")); } @Test @@ -204,7 +204,7 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest { final var givencurrentSubjectAsPackageAdmin = new Subject( "pac-admin-xxx00@xxx.example.com", "test_package#xxx00:ADMIN"); - final var givenGranteeUser = findRbacUserByName("pac-admin-xxx00@xxx.example.com"); + final var givenGranteeUser = findRbacSubjectByName("pac-admin-xxx00@xxx.example.com"); final var givenGrantedRole = getRbacRoleByName("test_package#xxx00:ADMIN"); // when @@ -216,7 +216,7 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest { .statusCode(200) .body("grantedByRoleIdName", is("test_customer#xxx:ADMIN")) .body("grantedRoleIdName", is("test_package#xxx00:ADMIN")) - .body("granteeUserName", is("pac-admin-xxx00@xxx.example.com")); + .body("granteeSubjectName", is("pac-admin-xxx00@xxx.example.com")); } @Test @@ -226,7 +226,7 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest { final var givencurrentSubjectAsPackageAdmin = new Subject( "pac-admin-xxx00@xxx.example.com", "test_package#xxx00:TENANT"); - final var givenGranteeUser = findRbacUserByName("pac-admin-xxx00@xxx.example.com"); + final var givenGranteeUser = findRbacSubjectByName("pac-admin-xxx00@xxx.example.com"); final var givenGrantedRole = getRbacRoleByName("test_package#xxx00:ADMIN"); final var grant = givencurrentSubjectAsPackageAdmin.getGrantById() .forGrantedRole(givenGrantedRole).toGranteeUser(givenGranteeUser); @@ -244,7 +244,7 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest { void packageAdmin_canGrantOwnPackageAdminRole_toArbitraryUser() { // given - final var givenNewUser = createRBacUser(); + final var givenNewUser = createRbacSubject(); final var givenRoleToGrant = "test_package#xxx00:ADMIN"; final var givencurrentSubjectAsPackageAdmin = new Subject("pac-admin-xxx00@xxx.example.com", givenRoleToGrant); final var givenOwnPackageAdminRole = @@ -261,7 +261,7 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest { .body("grantedByRoleIdName", is("test_package#xxx00:ADMIN")) .body("assumed", is(true)) .body("grantedRoleIdName", is("test_package#xxx00:ADMIN")) - .body("granteeUserName", is(givenNewUser.getName())); + .body("granteeSubjectName", is(givenNewUser.getName())); assertThat(findAllGrantsOf(givencurrentSubjectAsPackageAdmin)) .extracting(RbacGrantEntity::toDisplay) .contains("{ grant role:" + givenOwnPackageAdminRole.getRoleName() + @@ -273,7 +273,7 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest { void packageAdmin_canNotGrantAlienPackageAdminRole_toArbitraryUser() { // given - final var givenNewUser = createRBacUser(); + final var givenNewUser = createRbacSubject(); final var givenRoleToGrant = "test_package#xxx00:ADMIN"; final var givencurrentSubjectAsPackageAdmin = new Subject("pac-admin-xxx00@xxx.example.com", givenRoleToGrant); final var givenAlienPackageAdminRole = getRbacRoleByName("test_package#yyy00:ADMIN"); @@ -289,7 +289,7 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest { .body("message", containsString("Access to granted role")) .body("message", containsString("forbidden for test_package#xxx00:ADMIN")); assertThat(findAllGrantsOf(givencurrentSubjectAsPackageAdmin)) - .extracting(RbacGrantEntity::getGranteeUserName) + .extracting(RbacGrantEntity::getGranteeSubjectName) .doesNotContain(givenNewUser.getName()); } } @@ -302,7 +302,7 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest { void packageAdmin_canRevokePackageAdminRole_grantedByPackageAdmin_fromArbitraryUser() { // given - final var givenArbitraryUser = createRBacUser(); + final var givenArbitraryUser = createRbacSubject(); final var givenRoleToGrant = "test_package#xxx00:ADMIN"; final var givenCurrentSubjectAsPackageAdmin = new Subject("pac-admin-xxx00@xxx.example.com", givenRoleToGrant); final var givenOwnPackageAdminRole = getRbacRoleByName("test_package#xxx00:ADMIN"); @@ -326,7 +326,7 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest { // then revokeResponse.assertThat().statusCode(204); assertThat(findAllGrantsOf(givenCurrentSubjectAsPackageAdmin)) - .extracting(RbacGrantEntity::getGranteeUserName) + .extracting(RbacGrantEntity::getGranteeSubjectName) .doesNotContain(givenArbitraryUser.getName()); } } @@ -366,7 +366,7 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest { private Subject grantingSubject = Subject.this; private final RbacRoleEntity grantedRole; private boolean assumed; - private RbacUserEntity granteeUser; + private RbacSubjectEntity granteeUser; public GrantFixture(final RbacRoleEntity roleToGrant) { this.grantedRole = roleToGrant; @@ -377,7 +377,7 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest { return this; } - ValidatableResponse toUser(final RbacUserEntity granteeUser) { + ValidatableResponse toUser(final RbacSubjectEntity granteeUser) { this.granteeUser = granteeUser; return RestAssured // @formatter:ff @@ -407,13 +407,13 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest { private Subject currentSubject = Subject.this; private final RbacRoleEntity grantedRole; private boolean assumed; - private RbacUserEntity granteeUser; + private RbacSubjectEntity granteeUser; public RevokeFixture(final RbacRoleEntity roleToGrant) { this.grantedRole = roleToGrant; } - ValidatableResponse fromUser(final RbacUserEntity granteeUser) { + ValidatableResponse fromUser(final RbacSubjectEntity granteeUser) { this.granteeUser = granteeUser; return RestAssured // @formatter:ff @@ -450,7 +450,7 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest { return this; } - ValidatableResponse toGranteeUser(final RbacUserEntity granteeUser) { + ValidatableResponse toGranteeUser(final RbacSubjectEntity granteeUser) { return RestAssured // @formatter:ff .given() @@ -480,18 +480,18 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest { }).returnedValue(); } - RbacUserEntity createRBacUser() { + RbacSubjectEntity createRbacSubject() { return jpaAttempt.transacted(() -> { final String newUserName = "test-user-" + RandomStringUtils.randomAlphabetic(8) + "@example.com"; context(null); - return rbacUserRepository.create(new RbacUserEntity(UUID.randomUUID(), newUserName)); + return rbacSubjectRepository.create(new RbacSubjectEntity(UUID.randomUUID(), newUserName)); }).returnedValue(); } - RbacUserEntity findRbacUserByName(final String userName) { + RbacSubjectEntity findRbacSubjectByName(final String userName) { return jpaAttempt.transacted(() -> { context("superuser-alex@hostsharing.net", null); - return rbacUserRepository.findByName(userName); + return rbacSubjectRepository.findByName(userName); }).assertNotNull().returnedValue(); } diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantRepositoryIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantRepositoryIntegrationTest.java index 59ca05df..7b5e42f2 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantRepositoryIntegrationTest.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantRepositoryIntegrationTest.java @@ -3,8 +3,8 @@ package net.hostsharing.hsadminng.rbac.rbacgrant; import net.hostsharing.hsadminng.context.Context; import net.hostsharing.hsadminng.rbac.context.ContextBasedTest; import net.hostsharing.hsadminng.rbac.rbacrole.RbacRoleRepository; -import net.hostsharing.hsadminng.rbac.rbacuser.RbacUserEntity; -import net.hostsharing.hsadminng.rbac.rbacuser.RbacUserRepository; +import net.hostsharing.hsadminng.rbac.subject.RbacSubjectEntity; +import net.hostsharing.hsadminng.rbac.subject.RbacSubjectRepository; import net.hostsharing.hsadminng.rbac.test.JpaAttempt; import org.junit.jupiter.api.Nested; import org.junit.jupiter.api.Test; @@ -42,7 +42,7 @@ class RbacGrantRepositoryIntegrationTest extends ContextBasedTest { RawRbacGrantRepository rawRbacGrantRepository; @Autowired - RbacUserRepository rbacUserRepository; + RbacSubjectRepository rbacSubjectRepository; @Autowired RbacRoleRepository rbacRoleRepository; @@ -109,7 +109,7 @@ class RbacGrantRepositoryIntegrationTest extends ContextBasedTest { public void customerAdmin_canGrantOwnPackageAdminRole_toArbitraryUser() { // given context("customer-admin@xxx.example.com", "test_customer#xxx:ADMIN"); - final var givenArbitrarySubjectUuid = rbacUserRepository.findByName("pac-admin-zzz00@zzz.example.com").getUuid(); + final var givenArbitrarySubjectUuid = rbacSubjectRepository.findByName("pac-admin-zzz00@zzz.example.com").getUuid(); final var givenOwnPackageRoleUuid = rbacRoleRepository.findByRoleName("test_package#xxx00:ADMIN").getUuid(); // when @@ -133,7 +133,7 @@ class RbacGrantRepositoryIntegrationTest extends ContextBasedTest { @Transactional(propagation = Propagation.NEVER) public void packageAdmin_canNotGrantPackageOwnerRole() { // given - record Given(RbacUserEntity arbitraryUser, UUID packageOwnerRoleUuid) {} + record Given(RbacSubjectEntity arbitraryUser, UUID packageOwnerRoleUuid) {} final var given = jpaAttempt.transacted(() -> { // to find the uuids of we need to have access rights to these context("customer-admin@xxx.example.com", null); @@ -188,7 +188,7 @@ class RbacGrantRepositoryIntegrationTest extends ContextBasedTest { context("customer-admin@xxx.example.com", "test_customer#xxx:ADMIN"); assertThat(revokeAttempt.caughtExceptionsRootCause()).isNull(); assertThat(rbacGrantRepository.findAll()) - .extracting(RbacGrantEntity::getGranteeUserName) + .extracting(RbacGrantEntity::getGranteeSubjectName) .doesNotContain("pac-admin-zzz00@zzz.example.com"); } @@ -209,7 +209,7 @@ class RbacGrantRepositoryIntegrationTest extends ContextBasedTest { assertThat(revokeAttempt.caughtExceptionsRootCause()).isNull(); context("customer-admin@xxx.example.com", "test_customer#xxx:ADMIN"); assertThat(rbacGrantRepository.findAll()) - .extracting(RbacGrantEntity::getGranteeUserName) + .extracting(RbacGrantEntity::getGranteeSubjectName) .doesNotContain("pac-admin-zzz00@zzz.example.com"); } @@ -236,7 +236,7 @@ class RbacGrantRepositoryIntegrationTest extends ContextBasedTest { private RbacGrantEntity create(GrantBuilder with) { context(with.byUserName, with.assumedRole); - final var givenArbitrarySubjectUuid = rbacUserRepository.findByName(with.granteeUserName).getUuid(); + final var givenArbitrarySubjectUuid = rbacSubjectRepository.findByName(with.granteeSubjectName).getUuid(); final var givenOwnPackageRoleUuid = rbacRoleRepository.findByRoleName(with.grantedRole).getUuid(); final var grant = RbacGrantEntity.builder() @@ -251,7 +251,7 @@ class RbacGrantRepositoryIntegrationTest extends ContextBasedTest { assertThat(rawRbacGrantRepository.findAll()) .extracting(RawRbacGrantEntity::toDisplay) .contains("{ grant role:%s to user:%s by %s and assume }".formatted( - with.grantedRole, with.granteeUserName, with.assumedRole + with.grantedRole, with.granteeSubjectName, with.assumedRole )); return grant; @@ -266,7 +266,7 @@ class RbacGrantRepositoryIntegrationTest extends ContextBasedTest { String byUserName; String assumedRole = ""; String grantedRole; - String granteeUserName; + String granteeSubjectName; GrantBuilder byUser(final String userName) { byUserName = userName; @@ -284,28 +284,28 @@ class RbacGrantRepositoryIntegrationTest extends ContextBasedTest { } GrantBuilder toUser(final String toUser) { - this.granteeUserName = toUser; + this.granteeSubjectName = toUser; return this; } } } - private RbacUserEntity createNewUserTransacted() { + private RbacSubjectEntity createNewUserTransacted() { return jpaAttempt.transacted(() -> { final var newUserName = "test-user-" + System.currentTimeMillis() + "@example.com"; context(null); - return rbacUserRepository.create(new RbacUserEntity(null, newUserName)); + return rbacSubjectRepository.create(new RbacSubjectEntity(null, newUserName)); }).assumeSuccessful().returnedValue(); } - private RbacUserEntity createNewUser() { - return rbacUserRepository.create( - new RbacUserEntity(null, "test-user-" + System.currentTimeMillis() + "@example.com")); + private RbacSubjectEntity createNewUser() { + return rbacSubjectRepository.create( + new RbacSubjectEntity(null, "test-user-" + System.currentTimeMillis() + "@example.com")); } void exactlyTheseRbacGrantsAreReturned(final List actualResult, final String... expectedGrant) { assertThat(actualResult) - .filteredOn(g -> !g.getGranteeUserName().startsWith("test-user-")) // ignore test-users created by other tests + .filteredOn(g -> !g.getGranteeSubjectName().startsWith("test-user-")) // ignore test-users created by other tests .extracting(RbacGrantEntity::toDisplay) .containsExactlyInAnyOrder(expectedGrant); } diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleControllerAcceptanceTest.java b/src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleControllerAcceptanceTest.java index 2b710bfb..5492d6d1 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleControllerAcceptanceTest.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleControllerAcceptanceTest.java @@ -3,7 +3,7 @@ package net.hostsharing.hsadminng.rbac.rbacrole; import io.restassured.RestAssured; import net.hostsharing.hsadminng.HsadminNgApplication; import net.hostsharing.hsadminng.context.Context; -import net.hostsharing.hsadminng.rbac.rbacuser.RbacUserRepository; +import net.hostsharing.hsadminng.rbac.subject.RbacSubjectRepository; import org.junit.jupiter.api.Test; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.boot.test.context.SpringBootTest; @@ -24,7 +24,7 @@ class RbacRoleControllerAcceptanceTest { Context context; @Autowired - RbacUserRepository rbacUserRepository; + RbacSubjectRepository rbacSubjectRepository; @Autowired RbacRoleRepository rbacRoleRepository; diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/rbacuser/TestRbacUser.java b/src/test/java/net/hostsharing/hsadminng/rbac/rbacuser/TestRbacUser.java deleted file mode 100644 index bd096c9e..00000000 --- a/src/test/java/net/hostsharing/hsadminng/rbac/rbacuser/TestRbacUser.java +++ /dev/null @@ -1,14 +0,0 @@ -package net.hostsharing.hsadminng.rbac.rbacuser; - - -import static java.util.UUID.randomUUID; - -public class TestRbacUser { - - static final RbacUserEntity userxxx = rbacRole("customer-admin@xxx.example.com"); - static final RbacUserEntity userBbb = rbacRole("customer-admin@bbb.example.com"); - - static public RbacUserEntity rbacRole(final String userName) { - return new RbacUserEntity(randomUUID(), userName); - } -} diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserControllerAcceptanceTest.java b/src/test/java/net/hostsharing/hsadminng/rbac/subject/RbacSubjectControllerAcceptanceTest.java similarity index 82% rename from src/test/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserControllerAcceptanceTest.java rename to src/test/java/net/hostsharing/hsadminng/rbac/subject/RbacSubjectControllerAcceptanceTest.java index e4c4cdaa..e62d39c4 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserControllerAcceptanceTest.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/subject/RbacSubjectControllerAcceptanceTest.java @@ -1,4 +1,4 @@ -package net.hostsharing.hsadminng.rbac.rbacuser; +package net.hostsharing.hsadminng.rbac.subject; import io.restassured.RestAssured; import io.restassured.http.ContentType; @@ -22,7 +22,7 @@ import static org.hamcrest.Matchers.*; classes = { HsadminNgApplication.class, JpaAttempt.class } ) @Transactional -class RbacUserControllerAcceptanceTest { +class RbacSubjectControllerAcceptanceTest { @LocalServerPort private Integer port; @@ -34,10 +34,10 @@ class RbacUserControllerAcceptanceTest { Context context; @Autowired - RbacUserRepository rbacUserRepository; + RbacSubjectRepository rbacSubjectRepository; @Nested - class CreateRbacUser { + class CreateRbacSubject { @Test void anybody_canCreateANewUser() { @@ -53,7 +53,7 @@ class RbacUserControllerAcceptanceTest { """) .port(port) .when() - .post("http://localhost/api/rbac/users") + .post("http://localhost/api/rbac/subjects") .then().assertThat() .statusCode(201) .contentType(ContentType.JSON) @@ -66,17 +66,17 @@ class RbacUserControllerAcceptanceTest { final var newSubjectUuid = UUID.fromString( location.substring(location.lastIndexOf('/') + 1)); context.define("new-user@example.com"); - assertThat(rbacUserRepository.findByUuid(newSubjectUuid)) - .extracting(RbacUserEntity::getName).isEqualTo("new-user@example.com"); + assertThat(rbacSubjectRepository.findByUuid(newSubjectUuid)) + .extracting(RbacSubjectEntity::getName).isEqualTo("new-user@example.com"); } } @Nested - class GetRbacUser { + class GetRbacSubject { @Test void globalAdmin_withoutAssumedRole_canGetArbitraryUser() { - final var givenUser = findRbacUserByName("pac-admin-xxx00@xxx.example.com"); + final var givenUser = findRbacSubjectByName("pac-admin-xxx00@xxx.example.com"); // @formatter:off RestAssured @@ -84,7 +84,7 @@ class RbacUserControllerAcceptanceTest { .header("current-subject", "superuser-alex@hostsharing.net") .port(port) .when() - .get("http://localhost/api/rbac/users/" + givenUser.getUuid()) + .get("http://localhost/api/rbac/subjects/" + givenUser.getUuid()) .then().log().body().assertThat() .statusCode(200) .contentType("application/json") @@ -94,7 +94,7 @@ class RbacUserControllerAcceptanceTest { @Test void globalAdmin_withAssumedCustomerAdminRole_canGetUserWithinInItsRealm() { - final var givenUser = findRbacUserByName("pac-admin-yyy00@yyy.example.com"); + final var givenUser = findRbacSubjectByName("pac-admin-yyy00@yyy.example.com"); // @formatter:off RestAssured @@ -103,7 +103,7 @@ class RbacUserControllerAcceptanceTest { .header("assumed-roles", "test_customer#yyy:ADMIN") .port(port) .when() - .get("http://localhost/api/rbac/users/" + givenUser.getUuid()) + .get("http://localhost/api/rbac/subjects/" + givenUser.getUuid()) .then().log().body().assertThat() .statusCode(200) .contentType("application/json") @@ -113,7 +113,7 @@ class RbacUserControllerAcceptanceTest { @Test void customerAdmin_withoutAssumedRole_canGetUserWithinInItsRealm() { - final var givenUser = findRbacUserByName("pac-admin-yyy00@yyy.example.com"); + final var givenUser = findRbacSubjectByName("pac-admin-yyy00@yyy.example.com"); // @formatter:off RestAssured @@ -121,7 +121,7 @@ class RbacUserControllerAcceptanceTest { .header("current-subject", "customer-admin@yyy.example.com") .port(port) .when() - .get("http://localhost/api/rbac/users/" + givenUser.getUuid()) + .get("http://localhost/api/rbac/subjects/" + givenUser.getUuid()) .then().log().body().assertThat() .statusCode(200) .contentType("application/json") @@ -131,7 +131,7 @@ class RbacUserControllerAcceptanceTest { @Test void customerAdmin_withoutAssumedRole_canNotGetUserOutsideOfItsRealm() { - final var givenUser = findRbacUserByName("pac-admin-yyy00@yyy.example.com"); + final var givenUser = findRbacSubjectByName("pac-admin-yyy00@yyy.example.com"); // @formatter:off RestAssured @@ -139,7 +139,7 @@ class RbacUserControllerAcceptanceTest { .header("current-subject", "customer-admin@xxx.example.com") .port(port) .when() - .get("http://localhost/api/rbac/users/" + givenUser.getUuid()) + .get("http://localhost/api/rbac/subjects/" + givenUser.getUuid()) .then().log().body().assertThat() .statusCode(404); // @formatter:on @@ -147,7 +147,7 @@ class RbacUserControllerAcceptanceTest { } @Nested - class ListRbacUsers { + class ListRbacSubjects { @Test void globalAdmin_withoutAssumedRole_canViewAllUsers() { @@ -158,7 +158,7 @@ class RbacUserControllerAcceptanceTest { .header("current-subject", "superuser-alex@hostsharing.net") .port(port) .when() - .get("http://localhost/api/rbac/users") + .get("http://localhost/api/rbac/subjects") .then().log().body().assertThat() .statusCode(200) .contentType("application/json") @@ -183,7 +183,7 @@ class RbacUserControllerAcceptanceTest { .header("current-subject", "superuser-alex@hostsharing.net") .port(port) .when() - .get("http://localhost/api/rbac/users?name=pac-admin-zzz0") + .get("http://localhost/api/rbac/subjects?name=pac-admin-zzz0") .then().log().body().assertThat() .statusCode(200) .contentType("application/json") @@ -204,7 +204,7 @@ class RbacUserControllerAcceptanceTest { .header("assumed-roles", "test_customer#yyy:ADMIN") .port(port) .when() - .get("http://localhost/api/rbac/users") + .get("http://localhost/api/rbac/subjects") .then().assertThat() .statusCode(200) .contentType("application/json") @@ -225,7 +225,7 @@ class RbacUserControllerAcceptanceTest { .header("current-subject", "customer-admin@yyy.example.com") .port(port) .when() - .get("http://localhost/api/rbac/users") + .get("http://localhost/api/rbac/subjects") .then().assertThat() .statusCode(200) .contentType("application/json") @@ -246,7 +246,7 @@ class RbacUserControllerAcceptanceTest { .header("current-subject", "pac-admin-xxx01@xxx.example.com") .port(port) .when() - .get("http://localhost/api/rbac/users") + .get("http://localhost/api/rbac/subjects") .then().assertThat() .statusCode(200) .contentType("application/json") @@ -257,11 +257,11 @@ class RbacUserControllerAcceptanceTest { } @Nested - class ListRbacUserPermissions { + class ListRbacSubjectPermissions { @Test void globalAdmin_withoutAssumedRole_canViewArbitraryUsersPermissions() { - final var givenUser = findRbacUserByName("pac-admin-yyy00@yyy.example.com"); + final var givenUser = findRbacSubjectByName("pac-admin-yyy00@yyy.example.com"); // @formatter:off RestAssured @@ -269,7 +269,7 @@ class RbacUserControllerAcceptanceTest { .header("current-subject", "superuser-alex@hostsharing.net") .port(port) .when() - .get("http://localhost/api/rbac/users/" + givenUser.getUuid() + "/permissions") + .get("http://localhost/api/rbac/subjects/" + givenUser.getUuid() + "/permissions") .then().log().body().assertThat() .statusCode(200) .contentType("application/json") @@ -290,7 +290,7 @@ class RbacUserControllerAcceptanceTest { @Test void globalAdmin_withAssumedCustomerAdminRole_canViewArbitraryUsersPermissions() { - final var givenUser = findRbacUserByName("pac-admin-yyy00@yyy.example.com"); + final var givenUser = findRbacSubjectByName("pac-admin-yyy00@yyy.example.com"); // @formatter:off RestAssured @@ -299,7 +299,7 @@ class RbacUserControllerAcceptanceTest { .header("assumed-roles", "test_customer#yyy:ADMIN") .port(port) .when() - .get("http://localhost/api/rbac/users/" + givenUser.getUuid() + "/permissions") + .get("http://localhost/api/rbac/subjects/" + givenUser.getUuid() + "/permissions") .then().log().body().assertThat() .statusCode(200) .contentType("application/json") @@ -320,7 +320,7 @@ class RbacUserControllerAcceptanceTest { @Test void packageAdmin_withoutAssumedRole_canViewPermissionsOfUsersInItsRealm() { - final var givenUser = findRbacUserByName("pac-admin-yyy00@yyy.example.com"); + final var givenUser = findRbacSubjectByName("pac-admin-yyy00@yyy.example.com"); // @formatter:off RestAssured @@ -328,7 +328,7 @@ class RbacUserControllerAcceptanceTest { .header("current-subject", "pac-admin-yyy00@yyy.example.com") .port(port) .when() - .get("http://localhost/api/rbac/users/" + givenUser.getUuid() + "/permissions") + .get("http://localhost/api/rbac/subjects/" + givenUser.getUuid() + "/permissions") .then().log().body().assertThat() .statusCode(200) .contentType("application/json") @@ -349,7 +349,7 @@ class RbacUserControllerAcceptanceTest { @Test void packageAdmin_canViewPermissionsOfUsersOutsideOfItsRealm() { - final var givenUser = findRbacUserByName("pac-admin-xxx00@xxx.example.com"); + final var givenUser = findRbacSubjectByName("pac-admin-xxx00@xxx.example.com"); // @formatter:off RestAssured @@ -357,7 +357,7 @@ class RbacUserControllerAcceptanceTest { .header("current-subject", "pac-admin-yyy00@yyy.example.com") .port(port) .when() - .get("http://localhost/api/rbac/users/" + givenUser.getUuid() + "/permissions") + .get("http://localhost/api/rbac/subjects/" + givenUser.getUuid() + "/permissions") .then().log().body().assertThat() .statusCode(200) .contentType("application/json") @@ -367,7 +367,7 @@ class RbacUserControllerAcceptanceTest { } @Nested - class DeleteRbacUser { + class DeleteRbacSubject { @Test void anybody_canDeleteTheirOwnUser() { @@ -381,13 +381,13 @@ class RbacUserControllerAcceptanceTest { .header("current-subject", givenUser.getName()) .port(port) .when() - .delete("http://localhost/api/rbac/users/" + givenUser.getUuid()) + .delete("http://localhost/api/rbac/subjects/" + givenUser.getUuid()) .then().log().all().assertThat() .statusCode(204); // @formatter:on // finally, the user is actually deleted - assertThat(rbacUserRepository.findByName(givenUser.getName())).isNull(); + assertThat(rbacSubjectRepository.findByName(givenUser.getName())).isNull(); } @Test @@ -402,14 +402,14 @@ class RbacUserControllerAcceptanceTest { .header("current-subject", "customer-admin@xxx.example.com") .port(port) .when() - .delete("http://localhost/api/rbac/users/" + givenUser.getUuid()) + .delete("http://localhost/api/rbac/subjects/" + givenUser.getUuid()) .then().log().all().assertThat() // that user cannot even see other users, thus the system won't even try to delete .statusCode(204); // @formatter:on // finally, the user is still there - assertThat(rbacUserRepository.findByName(givenUser.getName())).isNotNull(); + assertThat(rbacSubjectRepository.findByName(givenUser.getName())).isNotNull(); } @Test @@ -424,30 +424,30 @@ class RbacUserControllerAcceptanceTest { .header("current-subject", "superuser-alex@hostsharing.net") .port(port) .when() - .delete("http://localhost/api/rbac/users/" + givenUser.getUuid()) + .delete("http://localhost/api/rbac/subjects/" + givenUser.getUuid()) .then().log().all().assertThat() .statusCode(204); // @formatter:on // finally, the user is actually deleted - assertThat(rbacUserRepository.findByName(givenUser.getName())).isNull(); + assertThat(rbacSubjectRepository.findByName(givenUser.getName())).isNull(); } } - RbacUserEntity findRbacUserByName(final String userName) { + RbacSubjectEntity findRbacSubjectByName(final String userName) { return jpaAttempt.transacted(() -> { context.define("superuser-alex@hostsharing.net"); - return rbacUserRepository.findByName(userName); + return rbacSubjectRepository.findByName(userName); }).returnedValue(); } - RbacUserEntity givenANewUser() { + RbacSubjectEntity givenANewUser() { final var givenUserName = "test-user-" + System.currentTimeMillis() + "@example.com"; final var givenUser = jpaAttempt.transacted(() -> { context.define(null); - return rbacUserRepository.create(new RbacUserEntity(UUID.randomUUID(), givenUserName)); + return rbacSubjectRepository.create(new RbacSubjectEntity(UUID.randomUUID(), givenUserName)); }).assumeSuccessful().returnedValue(); - assertThat(rbacUserRepository.findByName(givenUser.getName())).isNotNull(); + assertThat(rbacSubjectRepository.findByName(givenUser.getName())).isNotNull(); return givenUser; } diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserControllerRestTest.java b/src/test/java/net/hostsharing/hsadminng/rbac/subject/RbacSubjectControllerRestTest.java similarity index 83% rename from src/test/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserControllerRestTest.java rename to src/test/java/net/hostsharing/hsadminng/rbac/subject/RbacSubjectControllerRestTest.java index 6e59f38a..d23a8394 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserControllerRestTest.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/subject/RbacSubjectControllerRestTest.java @@ -1,4 +1,4 @@ -package net.hostsharing.hsadminng.rbac.rbacuser; +package net.hostsharing.hsadminng.rbac.subject; import net.hostsharing.hsadminng.context.Context; import net.hostsharing.hsadminng.mapper.Mapper; @@ -30,10 +30,10 @@ import static org.mockito.Mockito.when; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; -@WebMvcTest(RbacUserController.class) +@WebMvcTest(RbacSubjectController.class) @Import(Mapper.class) @RunWith(SpringRunner.class) -class RbacUserControllerRestTest { +class RbacSubjectControllerRestTest { @Autowired MockMvc mockMvc; @@ -42,7 +42,7 @@ class RbacUserControllerRestTest { Context contextMock; @MockBean - RbacUserRepository rbacUserRepository; + RbacSubjectRepository rbacSubjectRepository; @Mock EntityManager em; @@ -59,13 +59,13 @@ class RbacUserControllerRestTest { } @Test - void createUserUsesGivenUuid() throws Exception { + void createSubjectUsesGivenUuid() throws Exception { // given final var givenUuid = UUID.randomUUID(); // when mockMvc.perform(MockMvcRequestBuilders - .post("/api/rbac/users") + .post("/api/rbac/subjects") .contentType(MediaType.APPLICATION_JSON) .content(""" { @@ -79,14 +79,14 @@ class RbacUserControllerRestTest { .andExpect(jsonPath("uuid", is(givenUuid.toString()))); // then - verify(rbacUserRepository).create(argThat(entity -> entity.getUuid().equals(givenUuid))); + verify(rbacSubjectRepository).create(argThat(entity -> entity.getUuid().equals(givenUuid))); } @Test - void createUserGeneratesRandomUuidIfNotGiven() throws Exception { + void createSubjectGeneratesRandomUuidIfNotGiven() throws Exception { // when mockMvc.perform(MockMvcRequestBuilders - .post("/api/rbac/users") + .post("/api/rbac/subjects") .contentType(MediaType.APPLICATION_JSON) .content("{}") .accept(MediaType.APPLICATION_JSON)) @@ -96,6 +96,6 @@ class RbacUserControllerRestTest { .andExpect(jsonPath("uuid", isUuidValid())); // then - verify(rbacUserRepository).create(argThat(entity -> entity.getUuid() != null)); + verify(rbacSubjectRepository).create(argThat(entity -> entity.getUuid() != null)); } } diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserEntityUnitTest.java b/src/test/java/net/hostsharing/hsadminng/rbac/subject/RbacSubjectEntityUnitTest.java similarity index 91% rename from src/test/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserEntityUnitTest.java rename to src/test/java/net/hostsharing/hsadminng/rbac/subject/RbacSubjectEntityUnitTest.java index b1cff68e..44dde522 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserEntityUnitTest.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/subject/RbacSubjectEntityUnitTest.java @@ -1,4 +1,4 @@ -package net.hostsharing.hsadminng.rbac.rbacuser; +package net.hostsharing.hsadminng.rbac.subject; import org.junit.jupiter.api.Test; @@ -9,9 +9,9 @@ import java.util.UUID; import static org.assertj.core.api.Assertions.assertThat; import static org.assertj.core.api.Assertions.assertThatThrownBy; -class RbacUserEntityUnitTest { +class RbacSubjectEntityUnitTest { - RbacUserEntity givenUser = new RbacUserEntity(UUID.randomUUID(), "test@example.org"); + RbacSubjectEntity givenUser = new RbacSubjectEntity(UUID.randomUUID(), "test@example.org"); @Test void generatedAccessCodeMatchesDefinedPattern() { diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserRepositoryIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/rbac/subject/RbacSubjectRepositoryIntegrationTest.java similarity index 82% rename from src/test/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserRepositoryIntegrationTest.java rename to src/test/java/net/hostsharing/hsadminng/rbac/subject/RbacSubjectRepositoryIntegrationTest.java index d19c7454..841acfdf 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/rbacuser/RbacUserRepositoryIntegrationTest.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/subject/RbacSubjectRepositoryIntegrationTest.java @@ -1,4 +1,4 @@ -package net.hostsharing.hsadminng.rbac.rbacuser; +package net.hostsharing.hsadminng.rbac.subject; import net.hostsharing.hsadminng.context.Context; import net.hostsharing.hsadminng.rbac.context.ContextBasedTest; @@ -26,10 +26,10 @@ import static org.assertj.core.api.Assertions.assertThat; @DataJpaTest @Import( { Context.class, JpaAttempt.class }) -class RbacUserRepositoryIntegrationTest extends ContextBasedTest { +class RbacSubjectRepositoryIntegrationTest extends ContextBasedTest { @Autowired - RbacUserRepository rbacUserRepository; + RbacSubjectRepository rbacSubjectRepository; @Autowired JpaAttempt jpaAttempt; @@ -41,7 +41,7 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest { HttpServletRequest request; @Nested - class CreateUser { + class CreateSubject { @Test @Transactional(propagation = Propagation.NEVER) @@ -54,35 +54,35 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest { // when: final var result = jpaAttempt.transacted(() -> { context(null); - return rbacUserRepository.create(new RbacUserEntity(givenUuid, newUserName)); + return rbacSubjectRepository.create(new RbacSubjectEntity(givenUuid, newUserName)); }); // then: assertThat(result.wasSuccessful()).isTrue(); assertThat(result.returnedValue()).isNotNull() - .extracting(RbacUserEntity::getUuid).isEqualTo(givenUuid); - assertThat(rbacUserRepository.findByName(result.returnedValue().getName())).isNotNull(); + .extracting(RbacSubjectEntity::getUuid).isEqualTo(givenUuid); + assertThat(rbacSubjectRepository.findByName(result.returnedValue().getName())).isNotNull(); } } @Nested - class DeleteUser { + class DeleteSubject { @Test @Transactional(propagation = Propagation.NEVER) public void anyoneCanDeleteTheirOwnUser() { // given - final RbacUserEntity givenUser = givenANewUser(); + final RbacSubjectEntity givenUser = givenANewSubject(); // when final var result = jpaAttempt.transacted(() -> { context(givenUser.getName()); - rbacUserRepository.deleteByUuid(givenUser.getUuid()); + rbacSubjectRepository.deleteByUuid(givenUser.getUuid()); }); // then the user is deleted result.assertSuccessful(); - assertThat(rbacUserRepository.findByName(givenUser.getName())).isNull(); + assertThat(rbacSubjectRepository.findByName(givenUser.getName())).isNull(); } } @@ -102,27 +102,27 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest { ); @Test - public void globalAdmin_withoutAssumedRole_canViewAllRbacUsers() { + public void globalAdmin_withoutAssumedRole_canViewAllRbacSubjects() { // given context("superuser-alex@hostsharing.net"); // when - final var result = rbacUserRepository.findByOptionalNameLike(null); + final var result = rbacSubjectRepository.findByOptionalNameLike(null); // then - allTheseRbacUsersAreReturned(result, ALL_TEST_DATA_USERS); + allTheseRbacSubjectsAreReturned(result, ALL_TEST_DATA_USERS); } @Test - public void globalAdmin_withAssumedglobalAdminRole_canViewAllRbacUsers() { + public void globalAdmin_withAssumedglobalAdminRole_canViewAllRbacSubjects() { given: context("superuser-alex@hostsharing.net", "global#global:ADMIN"); // when - final var result = rbacUserRepository.findByOptionalNameLike(null); + final var result = rbacSubjectRepository.findByOptionalNameLike(null); then: - allTheseRbacUsersAreReturned(result, ALL_TEST_DATA_USERS); + allTheseRbacSubjectsAreReturned(result, ALL_TEST_DATA_USERS); } @Test @@ -131,10 +131,10 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest { context("superuser-alex@hostsharing.net", "test_customer#xxx:ADMIN"); // when - final var result = rbacUserRepository.findByOptionalNameLike(null); + final var result = rbacSubjectRepository.findByOptionalNameLike(null); then: - exactlyTheseRbacUsersAreReturned( + exactlyTheseRbacSubjectsAreReturned( result, "customer-admin@xxx.example.com", "pac-admin-xxx00@xxx.example.com", "pac-admin-xxx01@xxx.example.com", "pac-admin-xxx02@xxx.example.com" @@ -147,10 +147,10 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest { context("customer-admin@xxx.example.com"); // when: - final var result = rbacUserRepository.findByOptionalNameLike(null); + final var result = rbacSubjectRepository.findByOptionalNameLike(null); // then: - exactlyTheseRbacUsersAreReturned( + exactlyTheseRbacSubjectsAreReturned( result, "customer-admin@xxx.example.com", "pac-admin-xxx00@xxx.example.com", "pac-admin-xxx01@xxx.example.com", "pac-admin-xxx02@xxx.example.com" @@ -161,24 +161,24 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest { public void customerAdmin_withAssumedOwnedPackageAdminRole_canViewOnlyUsersHavingRolesInThatPackage() { context("customer-admin@xxx.example.com", "test_package#xxx00:ADMIN"); - final var result = rbacUserRepository.findByOptionalNameLike(null); + final var result = rbacSubjectRepository.findByOptionalNameLike(null); - exactlyTheseRbacUsersAreReturned(result, "pac-admin-xxx00@xxx.example.com"); + exactlyTheseRbacSubjectsAreReturned(result, "pac-admin-xxx00@xxx.example.com"); } @Test public void packageAdmin_withoutAssumedRole_canViewOnlyUsersHavingRolesInThatPackage() { context("pac-admin-xxx00@xxx.example.com"); - final var result = rbacUserRepository.findByOptionalNameLike(null); + final var result = rbacSubjectRepository.findByOptionalNameLike(null); - exactlyTheseRbacUsersAreReturned(result, "pac-admin-xxx00@xxx.example.com"); + exactlyTheseRbacSubjectsAreReturned(result, "pac-admin-xxx00@xxx.example.com"); } } @Nested - class ListUserPermissions { + class ListSubjectPermissions { private static final String[] ALL_USER_PERMISSIONS = Array.of( // @formatter:off @@ -232,9 +232,9 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest { context("superuser-alex@hostsharing.net"); // when - final var result = rbacUserRepository.findPermissionsOfUserByUuid(subjectUuid("superuser-fran@hostsharing.net")) + final var result = rbacSubjectRepository.findPermissionsOfUserByUuid(subjectUuid("superuser-fran@hostsharing.net")) .stream().filter(p -> p.getObjectTable().contains("test_")) - .sorted(comparing(RbacUserPermission::toString)).toList(); + .sorted(comparing(RbacSubjectPermission::toString)).toList(); // then allTheseRbacPermissionsAreReturned(result, ALL_USER_PERMISSIONS); @@ -246,7 +246,7 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest { context("customer-admin@xxx.example.com"); // when - final var result = rbacUserRepository.findPermissionsOfUserByUuid(subjectUuid("customer-admin@xxx.example.com")); + final var result = rbacSubjectRepository.findPermissionsOfUserByUuid(subjectUuid("customer-admin@xxx.example.com")); // then allTheseRbacPermissionsAreReturned( @@ -290,7 +290,7 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest { // when final var result = attempt(em, () -> - rbacUserRepository.findPermissionsOfUserByUuid(subjectUuid) + rbacSubjectRepository.findPermissionsOfUserByUuid(subjectUuid) ); // then @@ -306,7 +306,7 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest { context("customer-admin@xxx.example.com"); // when - final var result = rbacUserRepository.findPermissionsOfUserByUuid(subjectUuid("pac-admin-xxx00@xxx.example.com")); + final var result = rbacSubjectRepository.findPermissionsOfUserByUuid(subjectUuid("pac-admin-xxx00@xxx.example.com")); // then allTheseRbacPermissionsAreReturned( @@ -342,7 +342,7 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest { context("customer-admin@xxx.example.com"); // when - final var result = rbacUserRepository.findPermissionsOfUserByUuid(subjectUuid("pac-admin-yyy00@yyy.example.com")); + final var result = rbacSubjectRepository.findPermissionsOfUserByUuid(subjectUuid("pac-admin-yyy00@yyy.example.com")); // then noRbacPermissionsAreReturned(result); @@ -354,7 +354,7 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest { context("pac-admin-xxx00@xxx.example.com"); // when - final var result = rbacUserRepository.findPermissionsOfUserByUuid(subjectUuid("pac-admin-xxx00@xxx.example.com")); + final var result = rbacSubjectRepository.findPermissionsOfUserByUuid(subjectUuid("pac-admin-xxx00@xxx.example.com")); // then allTheseRbacPermissionsAreReturned( @@ -386,50 +386,42 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest { } UUID subjectUuid(final String userName) { - return rbacUserRepository.findByName(userName).getUuid(); + return rbacSubjectRepository.findByName(userName).getUuid(); } - RbacUserEntity givenANewUser() { + RbacSubjectEntity givenANewSubject() { final var givenUserName = "test-user-" + System.currentTimeMillis() + "@example.com"; final var givenUser = jpaAttempt.transacted(() -> { context(null); - return rbacUserRepository.create(new RbacUserEntity(UUID.randomUUID(), givenUserName)); + return rbacSubjectRepository.create(new RbacSubjectEntity(UUID.randomUUID(), givenUserName)); }).assumeSuccessful().returnedValue(); - assertThat(rbacUserRepository.findByName(givenUser.getName())).isNotNull(); + assertThat(rbacSubjectRepository.findByName(givenUser.getName())).isNotNull(); return givenUser; } - void exactlyTheseRbacUsersAreReturned(final List actualResult, final String... expectedUserNames) { + void exactlyTheseRbacSubjectsAreReturned(final List actualResult, final String... expectedUserNames) { assertThat(actualResult) - .extracting(RbacUserEntity::getName) + .extracting(RbacSubjectEntity::getName) .filteredOn(n -> !n.startsWith("test-user")) .containsExactlyInAnyOrder(expectedUserNames); } - void allTheseRbacUsersAreReturned(final List actualResult, final String... expectedUserNames) { + void allTheseRbacSubjectsAreReturned(final List actualResult, final String... expectedUserNames) { assertThat(actualResult) - .extracting(RbacUserEntity::getName) + .extracting(RbacSubjectEntity::getName) .filteredOn(n -> !n.startsWith("test-user")) .contains(expectedUserNames); } void noRbacPermissionsAreReturned( - final List actualResult) { + final List actualResult) { assertThat(actualResult) .extracting(p -> p.getRoleName() + " -> " + p.getObjectTable() + "#" + p.getObjectIdName() + ": " + p.getOp()) .containsExactlyInAnyOrder(); } - void exactlyTheseRbacPermissionsAreReturned( - final List actualResult, - final String... expectedRoleNames) { - assertThat(actualResult) - .extracting(p -> p.getRoleName() + " -> " + p.getObjectTable() + "#" + p.getObjectIdName() + ": " + p.getOp()) - .containsExactlyInAnyOrder(expectedRoleNames); - } - void allTheseRbacPermissionsAreReturned( - final List actualResult, + final List actualResult, final String... expectedRoleNames) { assertThat(actualResult) .extracting(p -> p.getRoleName() + " -> " + p.getObjectTable() + "#" + p.getObjectIdName() + ": " + p.getOp() @@ -438,7 +430,7 @@ class RbacUserRepositoryIntegrationTest extends ContextBasedTest { } void noneOfTheseRbacPermissionsAreReturned( - final List actualResult, + final List actualResult, final String... unexpectedRoleNames) { assertThat(actualResult) .extracting(p -> p.getRoleName() + " -> " + p.getObjectTable() + "#" + p.getObjectIdName() + ": " + p.getOp()) diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/subject/TestRbacSubject.java b/src/test/java/net/hostsharing/hsadminng/rbac/subject/TestRbacSubject.java new file mode 100644 index 00000000..05388f0c --- /dev/null +++ b/src/test/java/net/hostsharing/hsadminng/rbac/subject/TestRbacSubject.java @@ -0,0 +1,14 @@ +package net.hostsharing.hsadminng.rbac.subject; + + +import static java.util.UUID.randomUUID; + +public class TestRbacSubject { + + static final RbacSubjectEntity userxxx = rbacRole("customer-admin@xxx.example.com"); + static final RbacSubjectEntity userBbb = rbacRole("customer-admin@bbb.example.com"); + + static public RbacSubjectEntity rbacRole(final String userName) { + return new RbacSubjectEntity(randomUUID(), userName); + } +} -- 2.39.5 From 8b2dbaa8bd4343d0c7c7a66377c0c18cbd78688b Mon Sep 17 00:00:00 2001 From: Michael Hoennig Date: Fri, 13 Sep 2024 17:31:08 +0200 Subject: [PATCH 27/57] rbac schema in 1056-rbac-trigger-context.sql --- .../rbac/rbacdef/RolesGrantsAndPermissionsGenerator.java | 8 ++++---- src/main/resources/db/changelog/1-rbac/1050-rbac-base.sql | 6 +++--- .../db/changelog/1-rbac/1056-rbac-trigger-context.sql | 8 ++++---- .../2-test/201-test-customer/2013-test-customer-rbac.sql | 4 ++-- .../2-test/202-test-package/2023-test-package-rbac.sql | 8 ++++---- .../2-test/203-test-domain/2033-test-domain-rbac.sql | 8 ++++---- .../501-contact/5013-hs-office-contact-rbac.sql | 4 ++-- .../5-hs-office/502-person/5023-hs-office-person-rbac.sql | 4 ++-- .../503-relation/5033-hs-office-relation-rbac.sql | 4 ++-- .../504-partner/5043-hs-office-partner-rbac.sql | 8 ++++---- .../504-partner/5044-hs-office-partner-details-rbac.sql | 4 ++-- .../505-bankaccount/5053-hs-office-bankaccount-rbac.sql | 4 ++-- .../506-debitor/5063-hs-office-debitor-rbac.sql | 4 ++-- .../507-sepamandate/5073-hs-office-sepamandate-rbac.sql | 4 ++-- .../510-membership/5103-hs-office-membership-rbac.sql | 4 ++-- .../511-coopshares/5113-hs-office-coopshares-rbac.sql | 4 ++-- .../512-coopassets/5123-hs-office-coopassets-rbac.sql | 4 ++-- .../620-booking-project/6203-hs-booking-project-rbac.sql | 4 ++-- .../630-booking-item/6203-hs-booking-item-rbac.sql | 4 ++-- .../630-booking-item/6303-hs-booking-item-rbac.sql | 4 ++-- .../701-hosting-asset/7013-hs-hosting-asset-rbac.sql | 4 ++-- 21 files changed, 53 insertions(+), 53 deletions(-) diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RolesGrantsAndPermissionsGenerator.java b/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RolesGrantsAndPermissionsGenerator.java index c8d1796d..a664c66b 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RolesGrantsAndPermissionsGenerator.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RolesGrantsAndPermissionsGenerator.java @@ -83,11 +83,11 @@ class RolesGrantsAndPermissionsGenerator { plPgSql.writeLn(); plPgSql.writeLn("begin"); plPgSql.indented(() -> { - plPgSql.writeLn("call enterTriggerForObjectUuid(NEW.uuid);"); + plPgSql.writeLn("call rbac.enterTriggerForObjectUuid(NEW.uuid);"); plPgSql.writeLn(); generateCreateRolesAndGrantsAfterInsert(plPgSql); plPgSql.ensureSingleEmptyLine(); - plPgSql.writeLn("call leaveTriggerForObjectUuid(NEW.uuid);"); + plPgSql.writeLn("call rbac.leaveTriggerForObjectUuid(NEW.uuid);"); }); plPgSql.writeLn("end; $$;"); plPgSql.writeLn(); @@ -153,11 +153,11 @@ class RolesGrantsAndPermissionsGenerator { plPgSql.writeLn(); plPgSql.writeLn("begin"); plPgSql.indented(() -> { - plPgSql.writeLn("call enterTriggerForObjectUuid(NEW.uuid);"); + plPgSql.writeLn("call rbac.enterTriggerForObjectUuid(NEW.uuid);"); plPgSql.writeLn(); generateUpdateRolesAndGrantsAfterUpdate(plPgSql); plPgSql.ensureSingleEmptyLine(); - plPgSql.writeLn("call leaveTriggerForObjectUuid(NEW.uuid);"); + plPgSql.writeLn("call rbac.leaveTriggerForObjectUuid(NEW.uuid);"); }); plPgSql.writeLn("end; $$;"); plPgSql.writeLn(); diff --git a/src/main/resources/db/changelog/1-rbac/1050-rbac-base.sql b/src/main/resources/db/changelog/1-rbac/1050-rbac-base.sql index 84f0d262..7c73ec7b 100644 --- a/src/main/resources/db/changelog/1-rbac/1050-rbac-base.sql +++ b/src/main/resources/db/changelog/1-rbac/1050-rbac-base.sql @@ -596,7 +596,7 @@ begin insert into RbacGrants (grantedByTriggerOf, ascendantUuid, descendantUuid, assumed) - values (currentTriggerObjectUuid(), roleUuid, permissionUuid, true) + values (rbac.currentTriggerObjectUuid(), roleUuid, permissionUuid, true) on conflict do nothing; -- allow granting multiple times end; $$; @@ -620,7 +620,7 @@ begin insert into RbacGrants (grantedByTriggerOf, ascendantuuid, descendantUuid, assumed) - values (currentTriggerObjectUuid(), superRoleId, subRoleId, doAssume) + values (rbac.currentTriggerObjectUuid(), superRoleId, subRoleId, doAssume) on conflict do nothing; -- allow granting multiple times end; $$; @@ -648,7 +648,7 @@ begin insert into RbacGrants (grantedByTriggerOf, ascendantuuid, descendantUuid, assumed) - values (currentTriggerObjectUuid(), superRoleId, subRoleId, doAssume) + values (rbac.currentTriggerObjectUuid(), superRoleId, subRoleId, doAssume) on conflict do nothing; -- allow granting multiple times end; $$; diff --git a/src/main/resources/db/changelog/1-rbac/1056-rbac-trigger-context.sql b/src/main/resources/db/changelog/1-rbac/1056-rbac-trigger-context.sql index 80a92987..7e6f3d09 100644 --- a/src/main/resources/db/changelog/1-rbac/1056-rbac-trigger-context.sql +++ b/src/main/resources/db/changelog/1-rbac/1056-rbac-trigger-context.sql @@ -5,7 +5,7 @@ --changeset rbac-trigger-context-ENTER:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -create or replace procedure enterTriggerForObjectUuid(currentObjectUuid uuid) +create or replace procedure rbac.enterTriggerForObjectUuid(currentObjectUuid uuid) language plpgsql as $$ declare existingObjectUuid text; @@ -22,10 +22,10 @@ end; $$; --changeset rbac-trigger-context-CURRENT-ID:1 endDelimiter:--// -- ---------------------------------------------------------------------------- /* - Returns the uuid of the object uuid whose trigger is currently executed as set via `enterTriggerForObjectUuid(...)`. + Returns the uuid of the object uuid whose trigger is currently executed as set via `rbac.enterTriggerForObjectUuid(...)`. */ -create or replace function currentTriggerObjectUuid() +create or replace function rbac.currentTriggerObjectUuid() returns uuid stable -- leakproof language plpgsql as $$ @@ -47,7 +47,7 @@ end; $$; --changeset rbac-trigger-context-LEAVE:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -create or replace procedure leaveTriggerForObjectUuid(currentObjectUuid uuid) +create or replace procedure rbac.leaveTriggerForObjectUuid(currentObjectUuid uuid) language plpgsql as $$ declare existingObjectUuid uuid; diff --git a/src/main/resources/db/changelog/2-test/201-test-customer/2013-test-customer-rbac.sql b/src/main/resources/db/changelog/2-test/201-test-customer/2013-test-customer-rbac.sql index 2435b37e..a50ee080 100644 --- a/src/main/resources/db/changelog/2-test/201-test-customer/2013-test-customer-rbac.sql +++ b/src/main/resources/db/changelog/2-test/201-test-customer/2013-test-customer-rbac.sql @@ -32,7 +32,7 @@ create or replace procedure buildRbacSystemForTestCustomer( declare begin - call enterTriggerForObjectUuid(NEW.uuid); + call rbac.enterTriggerForObjectUuid(NEW.uuid); perform createRoleWithGrants( testCustomerOWNER(NEW), @@ -53,7 +53,7 @@ begin incomingSuperRoles => array[testCustomerADMIN(NEW)] ); - call leaveTriggerForObjectUuid(NEW.uuid); + call rbac.leaveTriggerForObjectUuid(NEW.uuid); end; $$; /* diff --git a/src/main/resources/db/changelog/2-test/202-test-package/2023-test-package-rbac.sql b/src/main/resources/db/changelog/2-test/202-test-package/2023-test-package-rbac.sql index af51c791..5232c35f 100644 --- a/src/main/resources/db/changelog/2-test/202-test-package/2023-test-package-rbac.sql +++ b/src/main/resources/db/changelog/2-test/202-test-package/2023-test-package-rbac.sql @@ -33,7 +33,7 @@ declare newCustomer test_customer; begin - call enterTriggerForObjectUuid(NEW.uuid); + call rbac.enterTriggerForObjectUuid(NEW.uuid); SELECT * FROM test_customer WHERE uuid = NEW.customerUuid INTO newCustomer; assert newCustomer.uuid is not null, format('newCustomer must not be null for NEW.customerUuid = %s', NEW.customerUuid); @@ -57,7 +57,7 @@ begin outgoingSubRoles => array[testCustomerTENANT(newCustomer)] ); - call leaveTriggerForObjectUuid(NEW.uuid); + call rbac.leaveTriggerForObjectUuid(NEW.uuid); end; $$; /* @@ -99,7 +99,7 @@ declare newCustomer test_customer; begin - call enterTriggerForObjectUuid(NEW.uuid); + call rbac.enterTriggerForObjectUuid(NEW.uuid); SELECT * FROM test_customer WHERE uuid = OLD.customerUuid INTO oldCustomer; assert oldCustomer.uuid is not null, format('oldCustomer must not be null for OLD.customerUuid = %s', OLD.customerUuid); @@ -118,7 +118,7 @@ begin end if; - call leaveTriggerForObjectUuid(NEW.uuid); + call rbac.leaveTriggerForObjectUuid(NEW.uuid); end; $$; /* diff --git a/src/main/resources/db/changelog/2-test/203-test-domain/2033-test-domain-rbac.sql b/src/main/resources/db/changelog/2-test/203-test-domain/2033-test-domain-rbac.sql index 1b4a0421..4c5311be 100644 --- a/src/main/resources/db/changelog/2-test/203-test-domain/2033-test-domain-rbac.sql +++ b/src/main/resources/db/changelog/2-test/203-test-domain/2033-test-domain-rbac.sql @@ -33,7 +33,7 @@ declare newPackage test_package; begin - call enterTriggerForObjectUuid(NEW.uuid); + call rbac.enterTriggerForObjectUuid(NEW.uuid); SELECT * FROM test_package WHERE uuid = NEW.packageUuid INTO newPackage; assert newPackage.uuid is not null, format('newPackage must not be null for NEW.packageUuid = %s', NEW.packageUuid); @@ -53,7 +53,7 @@ begin outgoingSubRoles => array[testPackageTENANT(newPackage)] ); - call leaveTriggerForObjectUuid(NEW.uuid); + call rbac.leaveTriggerForObjectUuid(NEW.uuid); end; $$; /* @@ -95,7 +95,7 @@ declare newPackage test_package; begin - call enterTriggerForObjectUuid(NEW.uuid); + call rbac.enterTriggerForObjectUuid(NEW.uuid); SELECT * FROM test_package WHERE uuid = OLD.packageUuid INTO oldPackage; assert oldPackage.uuid is not null, format('oldPackage must not be null for OLD.packageUuid = %s', OLD.packageUuid); @@ -117,7 +117,7 @@ begin end if; - call leaveTriggerForObjectUuid(NEW.uuid); + call rbac.leaveTriggerForObjectUuid(NEW.uuid); end; $$; /* diff --git a/src/main/resources/db/changelog/5-hs-office/501-contact/5013-hs-office-contact-rbac.sql b/src/main/resources/db/changelog/5-hs-office/501-contact/5013-hs-office-contact-rbac.sql index 27d246ef..713cb3e5 100644 --- a/src/main/resources/db/changelog/5-hs-office/501-contact/5013-hs-office-contact-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/501-contact/5013-hs-office-contact-rbac.sql @@ -32,7 +32,7 @@ create or replace procedure buildRbacSystemForHsOfficeContact( declare begin - call enterTriggerForObjectUuid(NEW.uuid); + call rbac.enterTriggerForObjectUuid(NEW.uuid); perform createRoleWithGrants( hsOfficeContactOWNER(NEW), @@ -53,7 +53,7 @@ begin incomingSuperRoles => array[hsOfficeContactADMIN(NEW)] ); - call leaveTriggerForObjectUuid(NEW.uuid); + call rbac.leaveTriggerForObjectUuid(NEW.uuid); end; $$; /* diff --git a/src/main/resources/db/changelog/5-hs-office/502-person/5023-hs-office-person-rbac.sql b/src/main/resources/db/changelog/5-hs-office/502-person/5023-hs-office-person-rbac.sql index ad148e37..ed05b81c 100644 --- a/src/main/resources/db/changelog/5-hs-office/502-person/5023-hs-office-person-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/502-person/5023-hs-office-person-rbac.sql @@ -32,7 +32,7 @@ create or replace procedure buildRbacSystemForHsOfficePerson( declare begin - call enterTriggerForObjectUuid(NEW.uuid); + call rbac.enterTriggerForObjectUuid(NEW.uuid); perform createRoleWithGrants( hsOfficePersonOWNER(NEW), @@ -53,7 +53,7 @@ begin incomingSuperRoles => array[hsOfficePersonADMIN(NEW)] ); - call leaveTriggerForObjectUuid(NEW.uuid); + call rbac.leaveTriggerForObjectUuid(NEW.uuid); end; $$; /* diff --git a/src/main/resources/db/changelog/5-hs-office/503-relation/5033-hs-office-relation-rbac.sql b/src/main/resources/db/changelog/5-hs-office/503-relation/5033-hs-office-relation-rbac.sql index c7d3610b..c226044a 100644 --- a/src/main/resources/db/changelog/5-hs-office/503-relation/5033-hs-office-relation-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/503-relation/5033-hs-office-relation-rbac.sql @@ -35,7 +35,7 @@ declare newContact hs_office_contact; begin - call enterTriggerForObjectUuid(NEW.uuid); + call rbac.enterTriggerForObjectUuid(NEW.uuid); SELECT * FROM hs_office_person WHERE uuid = NEW.holderUuid INTO newHolderPerson; assert newHolderPerson.uuid is not null, format('newHolderPerson must not be null for NEW.holderUuid = %s', NEW.holderUuid); @@ -86,7 +86,7 @@ begin call grantRoleToRole(hsOfficeRelationOWNER(NEW), hsOfficePersonADMIN(newAnchorPerson)); END IF; - call leaveTriggerForObjectUuid(NEW.uuid); + call rbac.leaveTriggerForObjectUuid(NEW.uuid); end; $$; /* diff --git a/src/main/resources/db/changelog/5-hs-office/504-partner/5043-hs-office-partner-rbac.sql b/src/main/resources/db/changelog/5-hs-office/504-partner/5043-hs-office-partner-rbac.sql index 7a865ce3..f7ab04c6 100644 --- a/src/main/resources/db/changelog/5-hs-office/504-partner/5043-hs-office-partner-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/504-partner/5043-hs-office-partner-rbac.sql @@ -34,7 +34,7 @@ declare newPartnerDetails hs_office_partner_details; begin - call enterTriggerForObjectUuid(NEW.uuid); + call rbac.enterTriggerForObjectUuid(NEW.uuid); SELECT * FROM hs_office_relation WHERE uuid = NEW.partnerRelUuid INTO newPartnerRel; assert newPartnerRel.uuid is not null, format('newPartnerRel must not be null for NEW.partnerRelUuid = %s', NEW.partnerRelUuid); @@ -49,7 +49,7 @@ begin call grantPermissionToRole(createPermission(newPartnerDetails.uuid, 'SELECT'), hsOfficeRelationAGENT(newPartnerRel)); call grantPermissionToRole(createPermission(newPartnerDetails.uuid, 'UPDATE'), hsOfficeRelationAGENT(newPartnerRel)); - call leaveTriggerForObjectUuid(NEW.uuid); + call rbac.leaveTriggerForObjectUuid(NEW.uuid); end; $$; /* @@ -93,7 +93,7 @@ declare newPartnerDetails hs_office_partner_details; begin - call enterTriggerForObjectUuid(NEW.uuid); + call rbac.enterTriggerForObjectUuid(NEW.uuid); SELECT * FROM hs_office_relation WHERE uuid = OLD.partnerRelUuid INTO oldPartnerRel; assert oldPartnerRel.uuid is not null, format('oldPartnerRel must not be null for OLD.partnerRelUuid = %s', OLD.partnerRelUuid); @@ -130,7 +130,7 @@ begin end if; - call leaveTriggerForObjectUuid(NEW.uuid); + call rbac.leaveTriggerForObjectUuid(NEW.uuid); end; $$; /* diff --git a/src/main/resources/db/changelog/5-hs-office/504-partner/5044-hs-office-partner-details-rbac.sql b/src/main/resources/db/changelog/5-hs-office/504-partner/5044-hs-office-partner-details-rbac.sql index 7810f838..dc273e56 100644 --- a/src/main/resources/db/changelog/5-hs-office/504-partner/5044-hs-office-partner-details-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/504-partner/5044-hs-office-partner-details-rbac.sql @@ -32,9 +32,9 @@ create or replace procedure buildRbacSystemForHsOfficePartnerDetails( declare begin - call enterTriggerForObjectUuid(NEW.uuid); + call rbac.enterTriggerForObjectUuid(NEW.uuid); - call leaveTriggerForObjectUuid(NEW.uuid); + call rbac.leaveTriggerForObjectUuid(NEW.uuid); end; $$; /* diff --git a/src/main/resources/db/changelog/5-hs-office/505-bankaccount/5053-hs-office-bankaccount-rbac.sql b/src/main/resources/db/changelog/5-hs-office/505-bankaccount/5053-hs-office-bankaccount-rbac.sql index 2a8f3f10..e42c81f6 100644 --- a/src/main/resources/db/changelog/5-hs-office/505-bankaccount/5053-hs-office-bankaccount-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/505-bankaccount/5053-hs-office-bankaccount-rbac.sql @@ -32,7 +32,7 @@ create or replace procedure buildRbacSystemForHsOfficeBankAccount( declare begin - call enterTriggerForObjectUuid(NEW.uuid); + call rbac.enterTriggerForObjectUuid(NEW.uuid); perform createRoleWithGrants( hsOfficeBankAccountOWNER(NEW), @@ -53,7 +53,7 @@ begin incomingSuperRoles => array[hsOfficeBankAccountADMIN(NEW)] ); - call leaveTriggerForObjectUuid(NEW.uuid); + call rbac.leaveTriggerForObjectUuid(NEW.uuid); end; $$; /* diff --git a/src/main/resources/db/changelog/5-hs-office/506-debitor/5063-hs-office-debitor-rbac.sql b/src/main/resources/db/changelog/5-hs-office/506-debitor/5063-hs-office-debitor-rbac.sql index 130f4d95..c08f6cc4 100644 --- a/src/main/resources/db/changelog/5-hs-office/506-debitor/5063-hs-office-debitor-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/506-debitor/5063-hs-office-debitor-rbac.sql @@ -35,7 +35,7 @@ declare newRefundBankAccount hs_office_bankaccount; begin - call enterTriggerForObjectUuid(NEW.uuid); + call rbac.enterTriggerForObjectUuid(NEW.uuid); SELECT partnerRel.* FROM hs_office_relation AS partnerRel @@ -61,7 +61,7 @@ begin call grantPermissionToRole(createPermission(NEW.uuid, 'SELECT'), hsOfficeRelationTENANT(newDebitorRel)); call grantPermissionToRole(createPermission(NEW.uuid, 'UPDATE'), hsOfficeRelationADMIN(newDebitorRel)); - call leaveTriggerForObjectUuid(NEW.uuid); + call rbac.leaveTriggerForObjectUuid(NEW.uuid); end; $$; /* diff --git a/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5073-hs-office-sepamandate-rbac.sql b/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5073-hs-office-sepamandate-rbac.sql index b37acf34..93efcc63 100644 --- a/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5073-hs-office-sepamandate-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5073-hs-office-sepamandate-rbac.sql @@ -34,7 +34,7 @@ declare newDebitorRel hs_office_relation; begin - call enterTriggerForObjectUuid(NEW.uuid); + call rbac.enterTriggerForObjectUuid(NEW.uuid); SELECT * FROM hs_office_bankaccount WHERE uuid = NEW.bankAccountUuid INTO newBankAccount; assert newBankAccount.uuid is not null, format('newBankAccount must not be null for NEW.bankAccountUuid = %s', NEW.bankAccountUuid); @@ -78,7 +78,7 @@ begin outgoingSubRoles => array[hsOfficeRelationTENANT(newDebitorRel)] ); - call leaveTriggerForObjectUuid(NEW.uuid); + call rbac.leaveTriggerForObjectUuid(NEW.uuid); end; $$; /* diff --git a/src/main/resources/db/changelog/5-hs-office/510-membership/5103-hs-office-membership-rbac.sql b/src/main/resources/db/changelog/5-hs-office/510-membership/5103-hs-office-membership-rbac.sql index 903e6161..8d5744e2 100644 --- a/src/main/resources/db/changelog/5-hs-office/510-membership/5103-hs-office-membership-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/510-membership/5103-hs-office-membership-rbac.sql @@ -33,7 +33,7 @@ declare newPartnerRel hs_office_relation; begin - call enterTriggerForObjectUuid(NEW.uuid); + call rbac.enterTriggerForObjectUuid(NEW.uuid); SELECT partnerRel.* FROM hs_office_partner AS partner @@ -65,7 +65,7 @@ begin outgoingSubRoles => array[hsOfficeRelationTENANT(newPartnerRel)] ); - call leaveTriggerForObjectUuid(NEW.uuid); + call rbac.leaveTriggerForObjectUuid(NEW.uuid); end; $$; /* diff --git a/src/main/resources/db/changelog/5-hs-office/511-coopshares/5113-hs-office-coopshares-rbac.sql b/src/main/resources/db/changelog/5-hs-office/511-coopshares/5113-hs-office-coopshares-rbac.sql index f440dd83..b7692428 100644 --- a/src/main/resources/db/changelog/5-hs-office/511-coopshares/5113-hs-office-coopshares-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/511-coopshares/5113-hs-office-coopshares-rbac.sql @@ -33,7 +33,7 @@ declare newMembership hs_office_membership; begin - call enterTriggerForObjectUuid(NEW.uuid); + call rbac.enterTriggerForObjectUuid(NEW.uuid); SELECT * FROM hs_office_membership WHERE uuid = NEW.membershipUuid INTO newMembership; assert newMembership.uuid is not null, format('newMembership must not be null for NEW.membershipUuid = %s', NEW.membershipUuid); @@ -41,7 +41,7 @@ begin call grantPermissionToRole(createPermission(NEW.uuid, 'SELECT'), hsOfficeMembershipAGENT(newMembership)); call grantPermissionToRole(createPermission(NEW.uuid, 'UPDATE'), hsOfficeMembershipADMIN(newMembership)); - call leaveTriggerForObjectUuid(NEW.uuid); + call rbac.leaveTriggerForObjectUuid(NEW.uuid); end; $$; /* diff --git a/src/main/resources/db/changelog/5-hs-office/512-coopassets/5123-hs-office-coopassets-rbac.sql b/src/main/resources/db/changelog/5-hs-office/512-coopassets/5123-hs-office-coopassets-rbac.sql index edaf816e..15af871b 100644 --- a/src/main/resources/db/changelog/5-hs-office/512-coopassets/5123-hs-office-coopassets-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/512-coopassets/5123-hs-office-coopassets-rbac.sql @@ -33,7 +33,7 @@ declare newMembership hs_office_membership; begin - call enterTriggerForObjectUuid(NEW.uuid); + call rbac.enterTriggerForObjectUuid(NEW.uuid); SELECT * FROM hs_office_membership WHERE uuid = NEW.membershipUuid INTO newMembership; assert newMembership.uuid is not null, format('newMembership must not be null for NEW.membershipUuid = %s', NEW.membershipUuid); @@ -41,7 +41,7 @@ begin call grantPermissionToRole(createPermission(NEW.uuid, 'SELECT'), hsOfficeMembershipAGENT(newMembership)); call grantPermissionToRole(createPermission(NEW.uuid, 'UPDATE'), hsOfficeMembershipADMIN(newMembership)); - call leaveTriggerForObjectUuid(NEW.uuid); + call rbac.leaveTriggerForObjectUuid(NEW.uuid); end; $$; /* diff --git a/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6203-hs-booking-project-rbac.sql b/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6203-hs-booking-project-rbac.sql index 7079ea11..9aca37a1 100644 --- a/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6203-hs-booking-project-rbac.sql +++ b/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6203-hs-booking-project-rbac.sql @@ -34,7 +34,7 @@ declare newDebitorRel hs_office_relation; begin - call enterTriggerForObjectUuid(NEW.uuid); + call rbac.enterTriggerForObjectUuid(NEW.uuid); SELECT * FROM hs_office_debitor WHERE uuid = NEW.debitorUuid INTO newDebitor; assert newDebitor.uuid is not null, format('newDebitor must not be null for NEW.debitorUuid = %s', NEW.debitorUuid); @@ -72,7 +72,7 @@ begin call grantPermissionToRole(createPermission(NEW.uuid, 'DELETE'), globalAdmin()); - call leaveTriggerForObjectUuid(NEW.uuid); + call rbac.leaveTriggerForObjectUuid(NEW.uuid); end; $$; /* diff --git a/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6203-hs-booking-item-rbac.sql b/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6203-hs-booking-item-rbac.sql index 9e7c8a8d..fee1d62a 100644 --- a/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6203-hs-booking-item-rbac.sql +++ b/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6203-hs-booking-item-rbac.sql @@ -34,7 +34,7 @@ declare newParentItem hs_booking_item; begin - call enterTriggerForObjectUuid(NEW.uuid); + call rbac.enterTriggerForObjectUuid(NEW.uuid); SELECT * FROM hs_booking_project WHERE uuid = NEW.projectUuid INTO newProject; @@ -71,7 +71,7 @@ begin call grantPermissionToRole(createPermission(NEW.uuid, 'DELETE'), globalAdmin()); - call leaveTriggerForObjectUuid(NEW.uuid); + call rbac.leaveTriggerForObjectUuid(NEW.uuid); end; $$; /* diff --git a/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6303-hs-booking-item-rbac.sql b/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6303-hs-booking-item-rbac.sql index 9e7c8a8d..fee1d62a 100644 --- a/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6303-hs-booking-item-rbac.sql +++ b/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6303-hs-booking-item-rbac.sql @@ -34,7 +34,7 @@ declare newParentItem hs_booking_item; begin - call enterTriggerForObjectUuid(NEW.uuid); + call rbac.enterTriggerForObjectUuid(NEW.uuid); SELECT * FROM hs_booking_project WHERE uuid = NEW.projectUuid INTO newProject; @@ -71,7 +71,7 @@ begin call grantPermissionToRole(createPermission(NEW.uuid, 'DELETE'), globalAdmin()); - call leaveTriggerForObjectUuid(NEW.uuid); + call rbac.leaveTriggerForObjectUuid(NEW.uuid); end; $$; /* diff --git a/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7013-hs-hosting-asset-rbac.sql b/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7013-hs-hosting-asset-rbac.sql index 92bd96b7..7cc413fb 100644 --- a/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7013-hs-hosting-asset-rbac.sql +++ b/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7013-hs-hosting-asset-rbac.sql @@ -36,7 +36,7 @@ declare newParentAsset hs_hosting_asset; begin - call enterTriggerForObjectUuid(NEW.uuid); + call rbac.enterTriggerForObjectUuid(NEW.uuid); SELECT * FROM hs_booking_item WHERE uuid = NEW.bookingItemUuid INTO newBookingItem; @@ -89,7 +89,7 @@ begin IF NEW.type = 'DOMAIN_SETUP' THEN END IF; - call leaveTriggerForObjectUuid(NEW.uuid); + call rbac.leaveTriggerForObjectUuid(NEW.uuid); end; $$; /* -- 2.39.5 From 55c498350926bd904391602071a582f40efdb3f9 Mon Sep 17 00:00:00 2001 From: Michael Hoennig Date: Fri, 13 Sep 2024 17:38:27 +0200 Subject: [PATCH 28/57] rbac schema in 1057-rbac-role-builder.sql und 1058-rbac-generators.sql --- .../rbac/rbacdef/RbacIdentityViewGenerator.java | 4 ++-- .../rbac/rbacdef/RbacObjectGenerator.java | 2 +- .../rbacdef/RbacRestrictedViewGenerator.java | 2 +- .../rbacdef/RbacRoleDescriptorsGenerator.java | 2 +- .../RolesGrantsAndPermissionsGenerator.java | 2 +- .../changelog/1-rbac/1057-rbac-role-builder.sql | 5 ++--- .../db/changelog/1-rbac/1058-rbac-generators.sql | 12 ++++++------ .../2013-test-customer-rbac.sql | 14 +++++++------- .../202-test-package/2023-test-package-rbac.sql | 14 +++++++------- .../203-test-domain/2033-test-domain-rbac.sql | 12 ++++++------ .../501-contact/5013-hs-office-contact-rbac.sql | 14 +++++++------- .../502-person/5023-hs-office-person-rbac.sql | 14 +++++++------- .../5033-hs-office-relation-rbac.sql | 16 ++++++++-------- .../504-partner/5043-hs-office-partner-rbac.sql | 8 ++++---- .../5044-hs-office-partner-details-rbac.sql | 8 ++++---- .../5053-hs-office-bankaccount-rbac.sql | 14 +++++++------- .../506-debitor/5063-hs-office-debitor-rbac.sql | 8 ++++---- .../5073-hs-office-sepamandate-rbac.sql | 16 ++++++++-------- .../5103-hs-office-membership-rbac.sql | 14 +++++++------- .../5113-hs-office-coopshares-rbac.sql | 8 ++++---- .../5123-hs-office-coopassets-rbac.sql | 8 ++++---- .../6203-hs-booking-project-rbac.sql | 16 ++++++++-------- .../6203-hs-booking-item-rbac.sql | 16 ++++++++-------- .../6303-hs-booking-item-rbac.sql | 16 ++++++++-------- .../7013-hs-hosting-asset-rbac.sql | 16 ++++++++-------- 25 files changed, 130 insertions(+), 131 deletions(-) diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RbacIdentityViewGenerator.java b/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RbacIdentityViewGenerator.java index 50b404eb..f7c4d20d 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RbacIdentityViewGenerator.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RbacIdentityViewGenerator.java @@ -26,13 +26,13 @@ public class RbacIdentityViewGenerator { plPgSql.writeLn( switch (rbacDef.getIdentityViewSqlQuery().part) { case SQL_PROJECTION -> """ - call generateRbacIdentityViewFromProjection('${rawTableName}', + call rbac.generateRbacIdentityViewFromProjection('${rawTableName}', $idName$ ${identityViewSqlPart} $idName$); """; case SQL_QUERY -> """ - call generateRbacIdentityViewFromQuery('${rawTableName}', + call rbac.generateRbacIdentityViewFromQuery('${rawTableName}', $idName$ ${identityViewSqlPart} $idName$); diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RbacObjectGenerator.java b/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RbacObjectGenerator.java index a7377301..45c5cfbe 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RbacObjectGenerator.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RbacObjectGenerator.java @@ -17,7 +17,7 @@ public class RbacObjectGenerator { -- ============================================================================ --changeset ${liquibaseTagPrefix}-rbac-OBJECT:1 endDelimiter:--// -- ---------------------------------------------------------------------------- - call generateRelatedRbacObject('${rawTableName}'); + call rbac.generateRelatedRbacObject('${rawTableName}'); --// """, diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RbacRestrictedViewGenerator.java b/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RbacRestrictedViewGenerator.java index b5757865..b66c8e19 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RbacRestrictedViewGenerator.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RbacRestrictedViewGenerator.java @@ -21,7 +21,7 @@ public class RbacRestrictedViewGenerator { -- ============================================================================ --changeset ${liquibaseTagPrefix}-rbac-RESTRICTED-VIEW:1 endDelimiter:--// -- ---------------------------------------------------------------------------- - call generateRbacRestrictedView('${rawTableName}', + call rbac.generateRbacRestrictedView('${rawTableName}', $orderBy$ ${orderBy} $orderBy$, diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RbacRoleDescriptorsGenerator.java b/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RbacRoleDescriptorsGenerator.java index dab3ab01..894a5e6e 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RbacRoleDescriptorsGenerator.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RbacRoleDescriptorsGenerator.java @@ -19,7 +19,7 @@ public class RbacRoleDescriptorsGenerator { -- ============================================================================ --changeset ${liquibaseTagPrefix}-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--// -- ---------------------------------------------------------------------------- - call generateRbacRoleDescriptors('${simpleEntityVarName}', '${rawTableName}'); + call rbac.generateRbacRoleDescriptors('${simpleEntityVarName}', '${rawTableName}'); --// """, diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RolesGrantsAndPermissionsGenerator.java b/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RolesGrantsAndPermissionsGenerator.java index a664c66b..d28f3193 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RolesGrantsAndPermissionsGenerator.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RolesGrantsAndPermissionsGenerator.java @@ -389,7 +389,7 @@ class RolesGrantsAndPermissionsGenerator { } plPgSql.writeLn(); - plPgSql.writeLn("perform createRoleWithGrants("); + plPgSql.writeLn("perform rbac.defineRoleWithGrants("); plPgSql.indented(() -> { plPgSql.writeLn("${simpleVarName)${roleSuffix}(NEW)," .replace("${simpleVarName)", simpleEntityVarName) diff --git a/src/main/resources/db/changelog/1-rbac/1057-rbac-role-builder.sql b/src/main/resources/db/changelog/1-rbac/1057-rbac-role-builder.sql index d56dddeb..84ab8cf7 100644 --- a/src/main/resources/db/changelog/1-rbac/1057-rbac-role-builder.sql +++ b/src/main/resources/db/changelog/1-rbac/1057-rbac-role-builder.sql @@ -3,11 +3,10 @@ -- ================================================================= -- CREATE ROLE ---changeset rbac-role-builder-create-role:1 endDelimiter:--// +--changeset rbac-role-builder-define-role:1 endDelimiter:--// -- ----------------------------------------------------------------- --- TODO: rename to defineRoleWithGrants because it does not complain if the role already exists -create or replace function createRoleWithGrants( +create or replace function rbac.defineRoleWithGrants( roleDescriptor RbacRoleDescriptor, permissions RbacOp[] = array[]::RbacOp[], incomingSuperRoles RbacRoleDescriptor[] = array[]::RbacRoleDescriptor[], diff --git a/src/main/resources/db/changelog/1-rbac/1058-rbac-generators.sql b/src/main/resources/db/changelog/1-rbac/1058-rbac-generators.sql index a1fd2e52..6062539f 100644 --- a/src/main/resources/db/changelog/1-rbac/1058-rbac-generators.sql +++ b/src/main/resources/db/changelog/1-rbac/1058-rbac-generators.sql @@ -5,7 +5,7 @@ --changeset rbac-generators-RELATED-OBJECT:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -create or replace procedure generateRelatedRbacObject(targetTable varchar) +create or replace procedure rbac.generateRelatedRbacObject(targetTable varchar) language plpgsql as $$ declare createInsertTriggerSQL text; @@ -35,7 +35,7 @@ end; $$; --changeset rbac-generators-ROLE-DESCRIPTORS:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -create procedure generateRbacRoleDescriptors(prefix text, targetTable text) +create procedure rbac.generateRbacRoleDescriptors(prefix text, targetTable text) language plpgsql as $$ declare sql text; @@ -100,7 +100,7 @@ end; $$; --changeset rbac-generators-IDENTITY-VIEW:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -create or replace procedure generateRbacIdentityViewFromQuery(targetTable text, sqlQuery text) +create or replace procedure rbac.generateRbacIdentityViewFromQuery(targetTable text, sqlQuery text) language plpgsql as $$ declare sql text; @@ -140,7 +140,7 @@ begin execute sql; end; $$; -create or replace procedure generateRbacIdentityViewFromProjection(targetTable text, sqlProjection text) +create or replace procedure rbac.generateRbacIdentityViewFromProjection(targetTable text, sqlProjection text) language plpgsql as $$ declare sqlQuery text; @@ -151,7 +151,7 @@ begin select target.uuid, cleanIdentifier(%2$s) as idName from %1$s as target; $sql$, targetTable, sqlProjection); - call generateRbacIdentityViewFromQuery(targetTable, sqlQuery); + call rbac.generateRbacIdentityViewFromQuery(targetTable, sqlQuery); end; $$; --// @@ -160,7 +160,7 @@ end; $$; --changeset rbac-generators-RESTRICTED-VIEW:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -create or replace procedure generateRbacRestrictedView(targetTable text, orderBy text, columnUpdates text = null, columnNames text = '*') +create or replace procedure rbac.generateRbacRestrictedView(targetTable text, orderBy text, columnUpdates text = null, columnNames text = '*') language plpgsql as $$ declare sql text; diff --git a/src/main/resources/db/changelog/2-test/201-test-customer/2013-test-customer-rbac.sql b/src/main/resources/db/changelog/2-test/201-test-customer/2013-test-customer-rbac.sql index a50ee080..6117c1e6 100644 --- a/src/main/resources/db/changelog/2-test/201-test-customer/2013-test-customer-rbac.sql +++ b/src/main/resources/db/changelog/2-test/201-test-customer/2013-test-customer-rbac.sql @@ -5,14 +5,14 @@ -- ============================================================================ --changeset test-customer-rbac-OBJECT:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -call generateRelatedRbacObject('test_customer'); +call rbac.generateRelatedRbacObject('test_customer'); --// -- ============================================================================ --changeset test-customer-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -call generateRbacRoleDescriptors('testCustomer', 'test_customer'); +call rbac.generateRbacRoleDescriptors('testCustomer', 'test_customer'); --// @@ -34,20 +34,20 @@ declare begin call rbac.enterTriggerForObjectUuid(NEW.uuid); - perform createRoleWithGrants( + perform rbac.defineRoleWithGrants( testCustomerOWNER(NEW), permissions => array['DELETE'], incomingSuperRoles => array[globalADMIN(unassumed())], subjectUuids => array[rbac.currentSubjectUuid()] ); - perform createRoleWithGrants( + perform rbac.defineRoleWithGrants( testCustomerADMIN(NEW), permissions => array['UPDATE'], incomingSuperRoles => array[testCustomerOWNER(NEW)] ); - perform createRoleWithGrants( + perform rbac.defineRoleWithGrants( testCustomerTENANT(NEW), permissions => array['SELECT'], incomingSuperRoles => array[testCustomerADMIN(NEW)] @@ -157,7 +157,7 @@ create trigger test_customer_insert_permission_check_tg --changeset test-customer-rbac-IDENTITY-VIEW:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -call generateRbacIdentityViewFromProjection('test_customer', +call rbac.generateRbacIdentityViewFromProjection('test_customer', $idName$ prefix $idName$); @@ -167,7 +167,7 @@ call generateRbacIdentityViewFromProjection('test_customer', -- ============================================================================ --changeset test-customer-rbac-RESTRICTED-VIEW:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -call generateRbacRestrictedView('test_customer', +call rbac.generateRbacRestrictedView('test_customer', $orderBy$ reference $orderBy$, diff --git a/src/main/resources/db/changelog/2-test/202-test-package/2023-test-package-rbac.sql b/src/main/resources/db/changelog/2-test/202-test-package/2023-test-package-rbac.sql index 5232c35f..ef795245 100644 --- a/src/main/resources/db/changelog/2-test/202-test-package/2023-test-package-rbac.sql +++ b/src/main/resources/db/changelog/2-test/202-test-package/2023-test-package-rbac.sql @@ -5,14 +5,14 @@ -- ============================================================================ --changeset test-package-rbac-OBJECT:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -call generateRelatedRbacObject('test_package'); +call rbac.generateRelatedRbacObject('test_package'); --// -- ============================================================================ --changeset test-package-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -call generateRbacRoleDescriptors('testPackage', 'test_package'); +call rbac.generateRbacRoleDescriptors('testPackage', 'test_package'); --// @@ -39,18 +39,18 @@ begin assert newCustomer.uuid is not null, format('newCustomer must not be null for NEW.customerUuid = %s', NEW.customerUuid); - perform createRoleWithGrants( + perform rbac.defineRoleWithGrants( testPackageOWNER(NEW), permissions => array['DELETE', 'UPDATE'], incomingSuperRoles => array[testCustomerADMIN(newCustomer)] ); - perform createRoleWithGrants( + perform rbac.defineRoleWithGrants( testPackageADMIN(NEW), incomingSuperRoles => array[testPackageOWNER(NEW)] ); - perform createRoleWithGrants( + perform rbac.defineRoleWithGrants( testPackageTENANT(NEW), permissions => array['SELECT'], incomingSuperRoles => array[testPackageADMIN(NEW)], @@ -222,7 +222,7 @@ create trigger test_package_insert_permission_check_tg --changeset test-package-rbac-IDENTITY-VIEW:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -call generateRbacIdentityViewFromProjection('test_package', +call rbac.generateRbacIdentityViewFromProjection('test_package', $idName$ name $idName$); @@ -232,7 +232,7 @@ call generateRbacIdentityViewFromProjection('test_package', -- ============================================================================ --changeset test-package-rbac-RESTRICTED-VIEW:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -call generateRbacRestrictedView('test_package', +call rbac.generateRbacRestrictedView('test_package', $orderBy$ name $orderBy$, diff --git a/src/main/resources/db/changelog/2-test/203-test-domain/2033-test-domain-rbac.sql b/src/main/resources/db/changelog/2-test/203-test-domain/2033-test-domain-rbac.sql index 4c5311be..f14cefb2 100644 --- a/src/main/resources/db/changelog/2-test/203-test-domain/2033-test-domain-rbac.sql +++ b/src/main/resources/db/changelog/2-test/203-test-domain/2033-test-domain-rbac.sql @@ -5,14 +5,14 @@ -- ============================================================================ --changeset test-domain-rbac-OBJECT:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -call generateRelatedRbacObject('test_domain'); +call rbac.generateRelatedRbacObject('test_domain'); --// -- ============================================================================ --changeset test-domain-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -call generateRbacRoleDescriptors('testDomain', 'test_domain'); +call rbac.generateRbacRoleDescriptors('testDomain', 'test_domain'); --// @@ -39,14 +39,14 @@ begin assert newPackage.uuid is not null, format('newPackage must not be null for NEW.packageUuid = %s', NEW.packageUuid); - perform createRoleWithGrants( + perform rbac.defineRoleWithGrants( testDomainOWNER(NEW), permissions => array['DELETE', 'UPDATE'], incomingSuperRoles => array[testPackageADMIN(newPackage)], outgoingSubRoles => array[testPackageTENANT(newPackage)] ); - perform createRoleWithGrants( + perform rbac.defineRoleWithGrants( testDomainADMIN(NEW), permissions => array['SELECT'], incomingSuperRoles => array[testDomainOWNER(NEW)], @@ -221,7 +221,7 @@ create trigger test_domain_insert_permission_check_tg --changeset test-domain-rbac-IDENTITY-VIEW:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -call generateRbacIdentityViewFromProjection('test_domain', +call rbac.generateRbacIdentityViewFromProjection('test_domain', $idName$ name $idName$); @@ -231,7 +231,7 @@ call generateRbacIdentityViewFromProjection('test_domain', -- ============================================================================ --changeset test-domain-rbac-RESTRICTED-VIEW:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -call generateRbacRestrictedView('test_domain', +call rbac.generateRbacRestrictedView('test_domain', $orderBy$ name $orderBy$, diff --git a/src/main/resources/db/changelog/5-hs-office/501-contact/5013-hs-office-contact-rbac.sql b/src/main/resources/db/changelog/5-hs-office/501-contact/5013-hs-office-contact-rbac.sql index 713cb3e5..f7f76b06 100644 --- a/src/main/resources/db/changelog/5-hs-office/501-contact/5013-hs-office-contact-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/501-contact/5013-hs-office-contact-rbac.sql @@ -5,14 +5,14 @@ -- ============================================================================ --changeset hs-office-contact-rbac-OBJECT:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -call generateRelatedRbacObject('hs_office_contact'); +call rbac.generateRelatedRbacObject('hs_office_contact'); --// -- ============================================================================ --changeset hs-office-contact-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -call generateRbacRoleDescriptors('hsOfficeContact', 'hs_office_contact'); +call rbac.generateRbacRoleDescriptors('hsOfficeContact', 'hs_office_contact'); --// @@ -34,20 +34,20 @@ declare begin call rbac.enterTriggerForObjectUuid(NEW.uuid); - perform createRoleWithGrants( + perform rbac.defineRoleWithGrants( hsOfficeContactOWNER(NEW), permissions => array['DELETE'], incomingSuperRoles => array[globalADMIN()], subjectUuids => array[rbac.currentSubjectUuid()] ); - perform createRoleWithGrants( + perform rbac.defineRoleWithGrants( hsOfficeContactADMIN(NEW), permissions => array['UPDATE'], incomingSuperRoles => array[hsOfficeContactOWNER(NEW)] ); - perform createRoleWithGrants( + perform rbac.defineRoleWithGrants( hsOfficeContactREFERRER(NEW), permissions => array['SELECT'], incomingSuperRoles => array[hsOfficeContactADMIN(NEW)] @@ -80,7 +80,7 @@ execute procedure insertTriggerForHsOfficeContact_tf(); --changeset hs-office-contact-rbac-IDENTITY-VIEW:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -call generateRbacIdentityViewFromProjection('hs_office_contact', +call rbac.generateRbacIdentityViewFromProjection('hs_office_contact', $idName$ caption $idName$); @@ -90,7 +90,7 @@ call generateRbacIdentityViewFromProjection('hs_office_contact', -- ============================================================================ --changeset hs-office-contact-rbac-RESTRICTED-VIEW:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -call generateRbacRestrictedView('hs_office_contact', +call rbac.generateRbacRestrictedView('hs_office_contact', $orderBy$ caption $orderBy$, diff --git a/src/main/resources/db/changelog/5-hs-office/502-person/5023-hs-office-person-rbac.sql b/src/main/resources/db/changelog/5-hs-office/502-person/5023-hs-office-person-rbac.sql index ed05b81c..d22a195f 100644 --- a/src/main/resources/db/changelog/5-hs-office/502-person/5023-hs-office-person-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/502-person/5023-hs-office-person-rbac.sql @@ -5,14 +5,14 @@ -- ============================================================================ --changeset hs-office-person-rbac-OBJECT:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -call generateRelatedRbacObject('hs_office_person'); +call rbac.generateRelatedRbacObject('hs_office_person'); --// -- ============================================================================ --changeset hs-office-person-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -call generateRbacRoleDescriptors('hsOfficePerson', 'hs_office_person'); +call rbac.generateRbacRoleDescriptors('hsOfficePerson', 'hs_office_person'); --// @@ -34,20 +34,20 @@ declare begin call rbac.enterTriggerForObjectUuid(NEW.uuid); - perform createRoleWithGrants( + perform rbac.defineRoleWithGrants( hsOfficePersonOWNER(NEW), permissions => array['DELETE'], incomingSuperRoles => array[globalADMIN()], subjectUuids => array[rbac.currentSubjectUuid()] ); - perform createRoleWithGrants( + perform rbac.defineRoleWithGrants( hsOfficePersonADMIN(NEW), permissions => array['UPDATE'], incomingSuperRoles => array[hsOfficePersonOWNER(NEW)] ); - perform createRoleWithGrants( + perform rbac.defineRoleWithGrants( hsOfficePersonREFERRER(NEW), permissions => array['SELECT'], incomingSuperRoles => array[hsOfficePersonADMIN(NEW)] @@ -80,7 +80,7 @@ execute procedure insertTriggerForHsOfficePerson_tf(); --changeset hs-office-person-rbac-IDENTITY-VIEW:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -call generateRbacIdentityViewFromProjection('hs_office_person', +call rbac.generateRbacIdentityViewFromProjection('hs_office_person', $idName$ concat(tradeName, familyName, givenName) $idName$); @@ -90,7 +90,7 @@ call generateRbacIdentityViewFromProjection('hs_office_person', -- ============================================================================ --changeset hs-office-person-rbac-RESTRICTED-VIEW:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -call generateRbacRestrictedView('hs_office_person', +call rbac.generateRbacRestrictedView('hs_office_person', $orderBy$ concat(tradeName, familyName, givenName) $orderBy$, diff --git a/src/main/resources/db/changelog/5-hs-office/503-relation/5033-hs-office-relation-rbac.sql b/src/main/resources/db/changelog/5-hs-office/503-relation/5033-hs-office-relation-rbac.sql index c226044a..4bc8e89d 100644 --- a/src/main/resources/db/changelog/5-hs-office/503-relation/5033-hs-office-relation-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/503-relation/5033-hs-office-relation-rbac.sql @@ -5,14 +5,14 @@ -- ============================================================================ --changeset hs-office-relation-rbac-OBJECT:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -call generateRelatedRbacObject('hs_office_relation'); +call rbac.generateRelatedRbacObject('hs_office_relation'); --// -- ============================================================================ --changeset hs-office-relation-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -call generateRbacRoleDescriptors('hsOfficeRelation', 'hs_office_relation'); +call rbac.generateRbacRoleDescriptors('hsOfficeRelation', 'hs_office_relation'); --// @@ -47,25 +47,25 @@ begin assert newContact.uuid is not null, format('newContact must not be null for NEW.contactUuid = %s', NEW.contactUuid); - perform createRoleWithGrants( + perform rbac.defineRoleWithGrants( hsOfficeRelationOWNER(NEW), permissions => array['DELETE'], incomingSuperRoles => array[globalADMIN()], subjectUuids => array[rbac.currentSubjectUuid()] ); - perform createRoleWithGrants( + perform rbac.defineRoleWithGrants( hsOfficeRelationADMIN(NEW), permissions => array['UPDATE'], incomingSuperRoles => array[hsOfficeRelationOWNER(NEW)] ); - perform createRoleWithGrants( + perform rbac.defineRoleWithGrants( hsOfficeRelationAGENT(NEW), incomingSuperRoles => array[hsOfficeRelationADMIN(NEW)] ); - perform createRoleWithGrants( + perform rbac.defineRoleWithGrants( hsOfficeRelationTENANT(NEW), permissions => array['SELECT'], incomingSuperRoles => array[ @@ -231,7 +231,7 @@ create trigger hs_office_relation_insert_permission_check_tg --changeset hs-office-relation-rbac-IDENTITY-VIEW:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -call generateRbacIdentityViewFromProjection('hs_office_relation', +call rbac.generateRbacIdentityViewFromProjection('hs_office_relation', $idName$ (select idName from hs_office_person_iv p where p.uuid = anchorUuid) || '-with-' || target.type || '-' @@ -243,7 +243,7 @@ call generateRbacIdentityViewFromProjection('hs_office_relation', -- ============================================================================ --changeset hs-office-relation-rbac-RESTRICTED-VIEW:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -call generateRbacRestrictedView('hs_office_relation', +call rbac.generateRbacRestrictedView('hs_office_relation', $orderBy$ (select idName from hs_office_person_iv p where p.uuid = target.holderUuid) $orderBy$, diff --git a/src/main/resources/db/changelog/5-hs-office/504-partner/5043-hs-office-partner-rbac.sql b/src/main/resources/db/changelog/5-hs-office/504-partner/5043-hs-office-partner-rbac.sql index f7ab04c6..debae10b 100644 --- a/src/main/resources/db/changelog/5-hs-office/504-partner/5043-hs-office-partner-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/504-partner/5043-hs-office-partner-rbac.sql @@ -5,14 +5,14 @@ -- ============================================================================ --changeset hs-office-partner-rbac-OBJECT:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -call generateRelatedRbacObject('hs_office_partner'); +call rbac.generateRelatedRbacObject('hs_office_partner'); --// -- ============================================================================ --changeset hs-office-partner-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -call generateRbacRoleDescriptors('hsOfficePartner', 'hs_office_partner'); +call rbac.generateRbacRoleDescriptors('hsOfficePartner', 'hs_office_partner'); --// @@ -234,7 +234,7 @@ create trigger hs_office_partner_insert_permission_check_tg --changeset hs-office-partner-rbac-IDENTITY-VIEW:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -call generateRbacIdentityViewFromProjection('hs_office_partner', +call rbac.generateRbacIdentityViewFromProjection('hs_office_partner', $idName$ 'P-' || partnerNumber $idName$); @@ -244,7 +244,7 @@ call generateRbacIdentityViewFromProjection('hs_office_partner', -- ============================================================================ --changeset hs-office-partner-rbac-RESTRICTED-VIEW:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -call generateRbacRestrictedView('hs_office_partner', +call rbac.generateRbacRestrictedView('hs_office_partner', $orderBy$ 'P-' || partnerNumber $orderBy$, diff --git a/src/main/resources/db/changelog/5-hs-office/504-partner/5044-hs-office-partner-details-rbac.sql b/src/main/resources/db/changelog/5-hs-office/504-partner/5044-hs-office-partner-details-rbac.sql index dc273e56..93d6de7f 100644 --- a/src/main/resources/db/changelog/5-hs-office/504-partner/5044-hs-office-partner-details-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/504-partner/5044-hs-office-partner-details-rbac.sql @@ -5,14 +5,14 @@ -- ============================================================================ --changeset hs-office-partner-details-rbac-OBJECT:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -call generateRelatedRbacObject('hs_office_partner_details'); +call rbac.generateRelatedRbacObject('hs_office_partner_details'); --// -- ============================================================================ --changeset hs-office-partner-details-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -call generateRbacRoleDescriptors('hsOfficePartnerDetails', 'hs_office_partner_details'); +call rbac.generateRbacRoleDescriptors('hsOfficePartnerDetails', 'hs_office_partner_details'); --// @@ -138,7 +138,7 @@ create trigger hs_office_partner_details_insert_permission_check_tg --changeset hs-office-partner-details-rbac-IDENTITY-VIEW:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -call generateRbacIdentityViewFromQuery('hs_office_partner_details', +call rbac.generateRbacIdentityViewFromQuery('hs_office_partner_details', $idName$ SELECT partnerDetails.uuid as uuid, partner_iv.idName as idName FROM hs_office_partner_details AS partnerDetails @@ -151,7 +151,7 @@ call generateRbacIdentityViewFromQuery('hs_office_partner_details', -- ============================================================================ --changeset hs-office-partner-details-rbac-RESTRICTED-VIEW:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -call generateRbacRestrictedView('hs_office_partner_details', +call rbac.generateRbacRestrictedView('hs_office_partner_details', $orderBy$ uuid $orderBy$, diff --git a/src/main/resources/db/changelog/5-hs-office/505-bankaccount/5053-hs-office-bankaccount-rbac.sql b/src/main/resources/db/changelog/5-hs-office/505-bankaccount/5053-hs-office-bankaccount-rbac.sql index e42c81f6..6fc3470b 100644 --- a/src/main/resources/db/changelog/5-hs-office/505-bankaccount/5053-hs-office-bankaccount-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/505-bankaccount/5053-hs-office-bankaccount-rbac.sql @@ -5,14 +5,14 @@ -- ============================================================================ --changeset hs-office-bankaccount-rbac-OBJECT:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -call generateRelatedRbacObject('hs_office_bankaccount'); +call rbac.generateRelatedRbacObject('hs_office_bankaccount'); --// -- ============================================================================ --changeset hs-office-bankaccount-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -call generateRbacRoleDescriptors('hsOfficeBankAccount', 'hs_office_bankaccount'); +call rbac.generateRbacRoleDescriptors('hsOfficeBankAccount', 'hs_office_bankaccount'); --// @@ -34,20 +34,20 @@ declare begin call rbac.enterTriggerForObjectUuid(NEW.uuid); - perform createRoleWithGrants( + perform rbac.defineRoleWithGrants( hsOfficeBankAccountOWNER(NEW), permissions => array['DELETE'], incomingSuperRoles => array[globalADMIN()], subjectUuids => array[rbac.currentSubjectUuid()] ); - perform createRoleWithGrants( + perform rbac.defineRoleWithGrants( hsOfficeBankAccountADMIN(NEW), permissions => array['UPDATE'], incomingSuperRoles => array[hsOfficeBankAccountOWNER(NEW)] ); - perform createRoleWithGrants( + perform rbac.defineRoleWithGrants( hsOfficeBankAccountREFERRER(NEW), permissions => array['SELECT'], incomingSuperRoles => array[hsOfficeBankAccountADMIN(NEW)] @@ -80,7 +80,7 @@ execute procedure insertTriggerForHsOfficeBankAccount_tf(); --changeset hs-office-bankaccount-rbac-IDENTITY-VIEW:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -call generateRbacIdentityViewFromProjection('hs_office_bankaccount', +call rbac.generateRbacIdentityViewFromProjection('hs_office_bankaccount', $idName$ iban $idName$); @@ -90,7 +90,7 @@ call generateRbacIdentityViewFromProjection('hs_office_bankaccount', -- ============================================================================ --changeset hs-office-bankaccount-rbac-RESTRICTED-VIEW:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -call generateRbacRestrictedView('hs_office_bankaccount', +call rbac.generateRbacRestrictedView('hs_office_bankaccount', $orderBy$ iban $orderBy$, diff --git a/src/main/resources/db/changelog/5-hs-office/506-debitor/5063-hs-office-debitor-rbac.sql b/src/main/resources/db/changelog/5-hs-office/506-debitor/5063-hs-office-debitor-rbac.sql index c08f6cc4..d53a08ef 100644 --- a/src/main/resources/db/changelog/5-hs-office/506-debitor/5063-hs-office-debitor-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/506-debitor/5063-hs-office-debitor-rbac.sql @@ -5,14 +5,14 @@ -- ============================================================================ --changeset hs-office-debitor-rbac-OBJECT:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -call generateRelatedRbacObject('hs_office_debitor'); +call rbac.generateRelatedRbacObject('hs_office_debitor'); --// -- ============================================================================ --changeset hs-office-debitor-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -call generateRbacRoleDescriptors('hsOfficeDebitor', 'hs_office_debitor'); +call rbac.generateRbacRoleDescriptors('hsOfficeDebitor', 'hs_office_debitor'); --// @@ -207,7 +207,7 @@ create trigger hs_office_debitor_insert_permission_check_tg --changeset hs-office-debitor-rbac-IDENTITY-VIEW:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -call generateRbacIdentityViewFromQuery('hs_office_debitor', +call rbac.generateRbacIdentityViewFromQuery('hs_office_debitor', $idName$ SELECT debitor.uuid AS uuid, 'D-' || (SELECT partner.partnerNumber @@ -226,7 +226,7 @@ call generateRbacIdentityViewFromQuery('hs_office_debitor', -- ============================================================================ --changeset hs-office-debitor-rbac-RESTRICTED-VIEW:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -call generateRbacRestrictedView('hs_office_debitor', +call rbac.generateRbacRestrictedView('hs_office_debitor', $orderBy$ defaultPrefix $orderBy$, diff --git a/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5073-hs-office-sepamandate-rbac.sql b/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5073-hs-office-sepamandate-rbac.sql index 93efcc63..bdb97bbc 100644 --- a/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5073-hs-office-sepamandate-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5073-hs-office-sepamandate-rbac.sql @@ -5,14 +5,14 @@ -- ============================================================================ --changeset hs-office-sepamandate-rbac-OBJECT:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -call generateRelatedRbacObject('hs_office_sepamandate'); +call rbac.generateRelatedRbacObject('hs_office_sepamandate'); --// -- ============================================================================ --changeset hs-office-sepamandate-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -call generateRbacRoleDescriptors('hsOfficeSepaMandate', 'hs_office_sepamandate'); +call rbac.generateRbacRoleDescriptors('hsOfficeSepaMandate', 'hs_office_sepamandate'); --// @@ -47,20 +47,20 @@ begin assert newDebitorRel.uuid is not null, format('newDebitorRel must not be null for NEW.debitorUuid = %s', NEW.debitorUuid); - perform createRoleWithGrants( + perform rbac.defineRoleWithGrants( hsOfficeSepaMandateOWNER(NEW), permissions => array['DELETE'], incomingSuperRoles => array[globalADMIN()], subjectUuids => array[rbac.currentSubjectUuid()] ); - perform createRoleWithGrants( + perform rbac.defineRoleWithGrants( hsOfficeSepaMandateADMIN(NEW), permissions => array['UPDATE'], incomingSuperRoles => array[hsOfficeSepaMandateOWNER(NEW)] ); - perform createRoleWithGrants( + perform rbac.defineRoleWithGrants( hsOfficeSepaMandateAGENT(NEW), incomingSuperRoles => array[hsOfficeSepaMandateADMIN(NEW)], outgoingSubRoles => array[ @@ -68,7 +68,7 @@ begin hsOfficeRelationAGENT(newDebitorRel)] ); - perform createRoleWithGrants( + perform rbac.defineRoleWithGrants( hsOfficeSepaMandateREFERRER(NEW), permissions => array['SELECT'], incomingSuperRoles => array[ @@ -188,7 +188,7 @@ create trigger hs_office_sepamandate_insert_permission_check_tg --changeset hs-office-sepamandate-rbac-IDENTITY-VIEW:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -call generateRbacIdentityViewFromQuery('hs_office_sepamandate', +call rbac.generateRbacIdentityViewFromQuery('hs_office_sepamandate', $idName$ select sm.uuid as uuid, ba.iban || '-' || sm.validity as idName from hs_office_sepamandate sm @@ -200,7 +200,7 @@ call generateRbacIdentityViewFromQuery('hs_office_sepamandate', -- ============================================================================ --changeset hs-office-sepamandate-rbac-RESTRICTED-VIEW:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -call generateRbacRestrictedView('hs_office_sepamandate', +call rbac.generateRbacRestrictedView('hs_office_sepamandate', $orderBy$ validity $orderBy$, diff --git a/src/main/resources/db/changelog/5-hs-office/510-membership/5103-hs-office-membership-rbac.sql b/src/main/resources/db/changelog/5-hs-office/510-membership/5103-hs-office-membership-rbac.sql index 8d5744e2..d60f8eef 100644 --- a/src/main/resources/db/changelog/5-hs-office/510-membership/5103-hs-office-membership-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/510-membership/5103-hs-office-membership-rbac.sql @@ -5,14 +5,14 @@ -- ============================================================================ --changeset hs-office-membership-rbac-OBJECT:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -call generateRelatedRbacObject('hs_office_membership'); +call rbac.generateRelatedRbacObject('hs_office_membership'); --// -- ============================================================================ --changeset hs-office-membership-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -call generateRbacRoleDescriptors('hsOfficeMembership', 'hs_office_membership'); +call rbac.generateRbacRoleDescriptors('hsOfficeMembership', 'hs_office_membership'); --// @@ -43,12 +43,12 @@ begin assert newPartnerRel.uuid is not null, format('newPartnerRel must not be null for NEW.partnerUuid = %s', NEW.partnerUuid); - perform createRoleWithGrants( + perform rbac.defineRoleWithGrants( hsOfficeMembershipOWNER(NEW), subjectUuids => array[rbac.currentSubjectUuid()] ); - perform createRoleWithGrants( + perform rbac.defineRoleWithGrants( hsOfficeMembershipADMIN(NEW), permissions => array['DELETE', 'UPDATE'], incomingSuperRoles => array[ @@ -56,7 +56,7 @@ begin hsOfficeRelationADMIN(newPartnerRel)] ); - perform createRoleWithGrants( + perform rbac.defineRoleWithGrants( hsOfficeMembershipAGENT(NEW), permissions => array['SELECT'], incomingSuperRoles => array[ @@ -169,7 +169,7 @@ create trigger hs_office_membership_insert_permission_check_tg --changeset hs-office-membership-rbac-IDENTITY-VIEW:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -call generateRbacIdentityViewFromQuery('hs_office_membership', +call rbac.generateRbacIdentityViewFromQuery('hs_office_membership', $idName$ SELECT m.uuid AS uuid, 'M-' || p.partnerNumber || m.memberNumberSuffix as idName @@ -182,7 +182,7 @@ call generateRbacIdentityViewFromQuery('hs_office_membership', -- ============================================================================ --changeset hs-office-membership-rbac-RESTRICTED-VIEW:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -call generateRbacRestrictedView('hs_office_membership', +call rbac.generateRbacRestrictedView('hs_office_membership', $orderBy$ validity $orderBy$, diff --git a/src/main/resources/db/changelog/5-hs-office/511-coopshares/5113-hs-office-coopshares-rbac.sql b/src/main/resources/db/changelog/5-hs-office/511-coopshares/5113-hs-office-coopshares-rbac.sql index b7692428..c265e78b 100644 --- a/src/main/resources/db/changelog/5-hs-office/511-coopshares/5113-hs-office-coopshares-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/511-coopshares/5113-hs-office-coopshares-rbac.sql @@ -5,14 +5,14 @@ -- ============================================================================ --changeset hs-office-coopsharestransaction-rbac-OBJECT:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -call generateRelatedRbacObject('hs_office_coopsharestransaction'); +call rbac.generateRelatedRbacObject('hs_office_coopsharestransaction'); --// -- ============================================================================ --changeset hs-office-coopsharestransaction-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -call generateRbacRoleDescriptors('hsOfficeCoopSharesTransaction', 'hs_office_coopsharestransaction'); +call rbac.generateRbacRoleDescriptors('hsOfficeCoopSharesTransaction', 'hs_office_coopsharestransaction'); --// @@ -145,7 +145,7 @@ create trigger hs_office_coopsharestransaction_insert_permission_check_tg --changeset hs-office-coopsharestransaction-rbac-IDENTITY-VIEW:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -call generateRbacIdentityViewFromProjection('hs_office_coopsharestransaction', +call rbac.generateRbacIdentityViewFromProjection('hs_office_coopsharestransaction', $idName$ reference $idName$); @@ -155,7 +155,7 @@ call generateRbacIdentityViewFromProjection('hs_office_coopsharestransaction', -- ============================================================================ --changeset hs-office-coopsharestransaction-rbac-RESTRICTED-VIEW:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -call generateRbacRestrictedView('hs_office_coopsharestransaction', +call rbac.generateRbacRestrictedView('hs_office_coopsharestransaction', $orderBy$ reference $orderBy$, diff --git a/src/main/resources/db/changelog/5-hs-office/512-coopassets/5123-hs-office-coopassets-rbac.sql b/src/main/resources/db/changelog/5-hs-office/512-coopassets/5123-hs-office-coopassets-rbac.sql index 15af871b..549207bc 100644 --- a/src/main/resources/db/changelog/5-hs-office/512-coopassets/5123-hs-office-coopassets-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/512-coopassets/5123-hs-office-coopassets-rbac.sql @@ -5,14 +5,14 @@ -- ============================================================================ --changeset hs-office-coopassetstransaction-rbac-OBJECT:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -call generateRelatedRbacObject('hs_office_coopassetstransaction'); +call rbac.generateRelatedRbacObject('hs_office_coopassetstransaction'); --// -- ============================================================================ --changeset hs-office-coopassetstransaction-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -call generateRbacRoleDescriptors('hsOfficeCoopAssetsTransaction', 'hs_office_coopassetstransaction'); +call rbac.generateRbacRoleDescriptors('hsOfficeCoopAssetsTransaction', 'hs_office_coopassetstransaction'); --// @@ -145,7 +145,7 @@ create trigger hs_office_coopassetstransaction_insert_permission_check_tg --changeset hs-office-coopassetstransaction-rbac-IDENTITY-VIEW:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -call generateRbacIdentityViewFromProjection('hs_office_coopassetstransaction', +call rbac.generateRbacIdentityViewFromProjection('hs_office_coopassetstransaction', $idName$ reference $idName$); @@ -155,7 +155,7 @@ call generateRbacIdentityViewFromProjection('hs_office_coopassetstransaction', -- ============================================================================ --changeset hs-office-coopassetstransaction-rbac-RESTRICTED-VIEW:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -call generateRbacRestrictedView('hs_office_coopassetstransaction', +call rbac.generateRbacRestrictedView('hs_office_coopassetstransaction', $orderBy$ reference $orderBy$, diff --git a/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6203-hs-booking-project-rbac.sql b/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6203-hs-booking-project-rbac.sql index 9aca37a1..8e49475f 100644 --- a/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6203-hs-booking-project-rbac.sql +++ b/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6203-hs-booking-project-rbac.sql @@ -5,14 +5,14 @@ -- ============================================================================ --changeset hs-booking-project-rbac-OBJECT:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -call generateRelatedRbacObject('hs_booking_project'); +call rbac.generateRelatedRbacObject('hs_booking_project'); --// -- ============================================================================ --changeset hs-booking-project-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -call generateRbacRoleDescriptors('hsBookingProject', 'hs_booking_project'); +call rbac.generateRbacRoleDescriptors('hsBookingProject', 'hs_booking_project'); --// @@ -47,23 +47,23 @@ begin assert newDebitorRel.uuid is not null, format('newDebitorRel must not be null for NEW.debitorUuid = %s', NEW.debitorUuid); - perform createRoleWithGrants( + perform rbac.defineRoleWithGrants( hsBookingProjectOWNER(NEW), incomingSuperRoles => array[hsOfficeRelationAGENT(newDebitorRel, unassumed())] ); - perform createRoleWithGrants( + perform rbac.defineRoleWithGrants( hsBookingProjectADMIN(NEW), permissions => array['UPDATE'], incomingSuperRoles => array[hsBookingProjectOWNER(NEW)] ); - perform createRoleWithGrants( + perform rbac.defineRoleWithGrants( hsBookingProjectAGENT(NEW), incomingSuperRoles => array[hsBookingProjectADMIN(NEW)] ); - perform createRoleWithGrants( + perform rbac.defineRoleWithGrants( hsBookingProjectTENANT(NEW), permissions => array['SELECT'], incomingSuperRoles => array[hsBookingProjectAGENT(NEW)], @@ -182,7 +182,7 @@ create trigger hs_booking_project_insert_permission_check_tg --changeset hs-booking-project-rbac-IDENTITY-VIEW:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -call generateRbacIdentityViewFromQuery('hs_booking_project', +call rbac.generateRbacIdentityViewFromQuery('hs_booking_project', $idName$ SELECT bookingProject.uuid as uuid, debitorIV.idName || '-' || cleanIdentifier(bookingProject.caption) as idName FROM hs_booking_project bookingProject @@ -194,7 +194,7 @@ call generateRbacIdentityViewFromQuery('hs_booking_project', -- ============================================================================ --changeset hs-booking-project-rbac-RESTRICTED-VIEW:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -call generateRbacRestrictedView('hs_booking_project', +call rbac.generateRbacRestrictedView('hs_booking_project', $orderBy$ caption $orderBy$, diff --git a/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6203-hs-booking-item-rbac.sql b/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6203-hs-booking-item-rbac.sql index fee1d62a..bc47690a 100644 --- a/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6203-hs-booking-item-rbac.sql +++ b/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6203-hs-booking-item-rbac.sql @@ -5,14 +5,14 @@ -- ============================================================================ --changeset hs-booking-item-rbac-OBJECT:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -call generateRelatedRbacObject('hs_booking_item'); +call rbac.generateRelatedRbacObject('hs_booking_item'); --// -- ============================================================================ --changeset hs-booking-item-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -call generateRbacRoleDescriptors('hsBookingItem', 'hs_booking_item'); +call rbac.generateRbacRoleDescriptors('hsBookingItem', 'hs_booking_item'); --// @@ -40,25 +40,25 @@ begin SELECT * FROM hs_booking_item WHERE uuid = NEW.parentItemUuid INTO newParentItem; - perform createRoleWithGrants( + perform rbac.defineRoleWithGrants( hsBookingItemOWNER(NEW), incomingSuperRoles => array[ hsBookingItemAGENT(newParentItem), hsBookingProjectAGENT(newProject)] ); - perform createRoleWithGrants( + perform rbac.defineRoleWithGrants( hsBookingItemADMIN(NEW), permissions => array['UPDATE'], incomingSuperRoles => array[hsBookingItemOWNER(NEW)] ); - perform createRoleWithGrants( + perform rbac.defineRoleWithGrants( hsBookingItemAGENT(NEW), incomingSuperRoles => array[hsBookingItemADMIN(NEW)] ); - perform createRoleWithGrants( + perform rbac.defineRoleWithGrants( hsBookingItemTENANT(NEW), permissions => array['SELECT'], incomingSuperRoles => array[hsBookingItemAGENT(NEW)], @@ -253,7 +253,7 @@ create trigger hs_booking_item_insert_permission_check_tg --changeset hs-booking-item-rbac-IDENTITY-VIEW:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -call generateRbacIdentityViewFromProjection('hs_booking_item', +call rbac.generateRbacIdentityViewFromProjection('hs_booking_item', $idName$ caption $idName$); @@ -263,7 +263,7 @@ call generateRbacIdentityViewFromProjection('hs_booking_item', -- ============================================================================ --changeset hs-booking-item-rbac-RESTRICTED-VIEW:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -call generateRbacRestrictedView('hs_booking_item', +call rbac.generateRbacRestrictedView('hs_booking_item', $orderBy$ validity $orderBy$, diff --git a/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6303-hs-booking-item-rbac.sql b/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6303-hs-booking-item-rbac.sql index fee1d62a..bc47690a 100644 --- a/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6303-hs-booking-item-rbac.sql +++ b/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6303-hs-booking-item-rbac.sql @@ -5,14 +5,14 @@ -- ============================================================================ --changeset hs-booking-item-rbac-OBJECT:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -call generateRelatedRbacObject('hs_booking_item'); +call rbac.generateRelatedRbacObject('hs_booking_item'); --// -- ============================================================================ --changeset hs-booking-item-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -call generateRbacRoleDescriptors('hsBookingItem', 'hs_booking_item'); +call rbac.generateRbacRoleDescriptors('hsBookingItem', 'hs_booking_item'); --// @@ -40,25 +40,25 @@ begin SELECT * FROM hs_booking_item WHERE uuid = NEW.parentItemUuid INTO newParentItem; - perform createRoleWithGrants( + perform rbac.defineRoleWithGrants( hsBookingItemOWNER(NEW), incomingSuperRoles => array[ hsBookingItemAGENT(newParentItem), hsBookingProjectAGENT(newProject)] ); - perform createRoleWithGrants( + perform rbac.defineRoleWithGrants( hsBookingItemADMIN(NEW), permissions => array['UPDATE'], incomingSuperRoles => array[hsBookingItemOWNER(NEW)] ); - perform createRoleWithGrants( + perform rbac.defineRoleWithGrants( hsBookingItemAGENT(NEW), incomingSuperRoles => array[hsBookingItemADMIN(NEW)] ); - perform createRoleWithGrants( + perform rbac.defineRoleWithGrants( hsBookingItemTENANT(NEW), permissions => array['SELECT'], incomingSuperRoles => array[hsBookingItemAGENT(NEW)], @@ -253,7 +253,7 @@ create trigger hs_booking_item_insert_permission_check_tg --changeset hs-booking-item-rbac-IDENTITY-VIEW:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -call generateRbacIdentityViewFromProjection('hs_booking_item', +call rbac.generateRbacIdentityViewFromProjection('hs_booking_item', $idName$ caption $idName$); @@ -263,7 +263,7 @@ call generateRbacIdentityViewFromProjection('hs_booking_item', -- ============================================================================ --changeset hs-booking-item-rbac-RESTRICTED-VIEW:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -call generateRbacRestrictedView('hs_booking_item', +call rbac.generateRbacRestrictedView('hs_booking_item', $orderBy$ validity $orderBy$, diff --git a/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7013-hs-hosting-asset-rbac.sql b/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7013-hs-hosting-asset-rbac.sql index 7cc413fb..93135e0c 100644 --- a/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7013-hs-hosting-asset-rbac.sql +++ b/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7013-hs-hosting-asset-rbac.sql @@ -5,14 +5,14 @@ -- ============================================================================ --changeset hs-hosting-asset-rbac-OBJECT:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -call generateRelatedRbacObject('hs_hosting_asset'); +call rbac.generateRelatedRbacObject('hs_hosting_asset'); --// -- ============================================================================ --changeset hs-hosting-asset-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -call generateRbacRoleDescriptors('hsHostingAsset', 'hs_hosting_asset'); +call rbac.generateRbacRoleDescriptors('hsHostingAsset', 'hs_hosting_asset'); --// @@ -46,7 +46,7 @@ begin SELECT * FROM hs_hosting_asset WHERE uuid = NEW.parentAssetUuid INTO newParentAsset; - perform createRoleWithGrants( + perform rbac.defineRoleWithGrants( hsHostingAssetOWNER(NEW), permissions => array['DELETE'], incomingSuperRoles => array[ @@ -56,7 +56,7 @@ begin subjectUuids => array[rbac.currentSubjectUuid()] ); - perform createRoleWithGrants( + perform rbac.defineRoleWithGrants( hsHostingAssetADMIN(NEW), permissions => array['UPDATE'], incomingSuperRoles => array[ @@ -65,7 +65,7 @@ begin hsHostingAssetOWNER(NEW)] ); - perform createRoleWithGrants( + perform rbac.defineRoleWithGrants( hsHostingAssetAGENT(NEW), incomingSuperRoles => array[ hsHostingAssetADMIN(NEW), @@ -75,7 +75,7 @@ begin hsOfficeContactREFERRER(newAlarmContact)] ); - perform createRoleWithGrants( + perform rbac.defineRoleWithGrants( hsHostingAssetTENANT(NEW), permissions => array['SELECT'], incomingSuperRoles => array[ @@ -158,7 +158,7 @@ execute procedure updateTriggerForHsHostingAsset_tf(); --changeset hs-hosting-asset-rbac-IDENTITY-VIEW:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -call generateRbacIdentityViewFromProjection('hs_hosting_asset', +call rbac.generateRbacIdentityViewFromProjection('hs_hosting_asset', $idName$ identifier $idName$); @@ -168,7 +168,7 @@ call generateRbacIdentityViewFromProjection('hs_hosting_asset', -- ============================================================================ --changeset hs-hosting-asset-rbac-RESTRICTED-VIEW:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -call generateRbacRestrictedView('hs_hosting_asset', +call rbac.generateRbacRestrictedView('hs_hosting_asset', $orderBy$ identifier $orderBy$, -- 2.39.5 From a583be71bec5319330d0e36c0a18fcd59aa61658 Mon Sep 17 00:00:00 2001 From: Michael Hoennig Date: Fri, 13 Sep 2024 20:11:34 +0200 Subject: [PATCH 29/57] rbac.global --- .../booking/item/HsBookingItemRbacEntity.java | 2 +- .../hs/booking/project/HsBookingProject.java | 2 +- .../project/HsBookingProjectRbacEntity.java | 2 +- .../asset/HsHostingAssetRbacEntity.java | 2 +- .../rbac/rbacdef/InsertTriggerGenerator.java | 8 +-- .../hsadminng/rbac/rbacdef/RbacView.java | 12 ++-- .../rbacgrant/RbacGrantsDiagramService.java | 2 +- .../rbac/test/cust/TestCustomerEntity.java | 2 +- .../db/changelog/1-rbac/1050-rbac-base.sql | 2 +- .../db/changelog/1-rbac/1054-rbac-context.sql | 2 +- .../changelog/1-rbac/1059-rbac-statistics.sql | 2 +- .../db/changelog/1-rbac/1080-rbac-global.sql | 68 +++++++++---------- .../2013-test-customer-rbac.md | 4 +- .../2013-test-customer-rbac.sql | 18 ++--- .../2018-test-customer-test-data.sql | 2 +- .../2023-test-package-rbac.md | 2 +- .../203-test-domain/2033-test-domain-rbac.md | 2 +- .../5013-hs-office-contact-rbac.md | 4 +- .../502-person/5023-hs-office-person-rbac.md | 4 +- ...-hs-office-relation-rbac-REPRESENTATIVE.md | 8 +-- .../5033-hs-office-relation-rbac.md | 8 +-- .../5038-hs-office-relation-test-data.sql | 2 +- .../5043-hs-office-partner-rbac.md | 10 +-- .../5043-hs-office-partner-rbac.sql | 18 ++--- .../5044-hs-office-partner-details-rbac.md | 2 +- .../5044-hs-office-partner-details-rbac.sql | 28 ++++---- .../5048-hs-office-partner-test-data.sql | 2 +- .../5053-hs-office-bankaccount-rbac.md | 4 +- .../5063-hs-office-debitor-rbac.md | 20 +++--- .../5063-hs-office-debitor-rbac.sql | 18 ++--- .../5068-hs-office-debitor-test-data.sql | 2 +- .../5073-hs-office-sepamandate-rbac.md | 12 ++-- .../5078-hs-office-sepamandate-test-data.sql | 2 +- .../5103-hs-office-membership-rbac.md | 10 +-- .../5103-hs-office-membership-rbac.sql | 18 ++--- .../5108-hs-office-membership-test-data.sql | 2 +- .../5113-hs-office-coopshares-rbac.md | 8 +-- .../5123-hs-office-coopassets-rbac.md | 8 +-- .../6203-hs-booking-project-rbac.md | 4 +- .../6208-hs-booking-project-test-data.sql | 2 +- .../6203-hs-booking-item-rbac.md | 4 +- .../6203-hs-booking-item-rbac.sql | 14 ++-- .../6208-hs-booking-item-test-data.sql | 2 +- .../6303-hs-booking-item-rbac.md | 4 +- .../6303-hs-booking-item-rbac.sql | 14 ++-- .../7013-hs-hosting-asset-rbac.md | 8 +-- .../7018-hs-hosting-asset-test-data.sql | 4 +- .../changelog/9-hs-global/9000-statistics.sql | 2 +- .../db/changelog/db.changelog-master.yaml | 2 +- .../hsadminng/arch/ArchitectureTest.java | 2 +- ...sBookingItemRepositoryIntegrationTest.java | 4 +- ...okingProjectRepositoryIntegrationTest.java | 4 +- ...HostingAssetRepositoryIntegrationTest.java | 6 +- ...eBankAccountRepositoryIntegrationTest.java | 2 +- ...eContactRbacRepositoryIntegrationTest.java | 2 +- ...fficeDebitorRepositoryIntegrationTest.java | 8 +-- ...fficePartnerRepositoryIntegrationTest.java | 4 +- ...OfficePersonRepositoryIntegrationTest.java | 2 +- ...ficeRelationRepositoryIntegrationTest.java | 4 +- ...eSepaMandateRepositoryIntegrationTest.java | 2 +- .../RbacGrantControllerAcceptanceTest.java | 4 +- .../RbacRoleControllerAcceptanceTest.java | 2 +- .../rbacrole/RbacRoleControllerRestTest.java | 2 +- .../RbacRoleRepositoryIntegrationTest.java | 6 +- .../hsadminng/rbac/rbacrole/TestRbacRole.java | 2 +- .../RbacSubjectRepositoryIntegrationTest.java | 2 +- .../test/cust/TestCustomerEntityUnitTest.java | 12 ++-- .../test/pac/TestPackageEntityUnitTest.java | 2 +- .../TestPackageRepositoryIntegrationTest.java | 4 +- 69 files changed, 230 insertions(+), 230 deletions(-) diff --git a/src/main/java/net/hostsharing/hsadminng/hs/booking/item/HsBookingItemRbacEntity.java b/src/main/java/net/hostsharing/hsadminng/hs/booking/item/HsBookingItemRbacEntity.java index 5bd7b15d..1b3fc598 100644 --- a/src/main/java/net/hostsharing/hsadminng/hs/booking/item/HsBookingItemRbacEntity.java +++ b/src/main/java/net/hostsharing/hsadminng/hs/booking/item/HsBookingItemRbacEntity.java @@ -74,7 +74,7 @@ public class HsBookingItemRbacEntity extends HsBookingItem { with.permission(SELECT); }) - .limitDiagramTo("bookingItem", "project", "global"); + .limitDiagramTo("bookingItem", "project", "rbac.global"); } public static void main(String[] args) throws IOException { diff --git a/src/main/java/net/hostsharing/hsadminng/hs/booking/project/HsBookingProject.java b/src/main/java/net/hostsharing/hsadminng/hs/booking/project/HsBookingProject.java index 6c109ef5..3197503d 100644 --- a/src/main/java/net/hostsharing/hsadminng/hs/booking/project/HsBookingProject.java +++ b/src/main/java/net/hostsharing/hsadminng/hs/booking/project/HsBookingProject.java @@ -105,7 +105,7 @@ public abstract class HsBookingProject implements Stringifyable, BaseEntity { .withIdentityView(SQL.projection("prefix")) .withRestrictedViewOrderBy(SQL.expression("reference")) .withUpdatableColumns("reference", "prefix", "adminUserName") - .toRole("global", ADMIN).grantPermission(INSERT) + .toRole("rbac.global", ADMIN).grantPermission(INSERT) .createRole(OWNER, (with) -> { with.owningUser(CREATOR).unassumed(); diff --git a/src/main/resources/db/changelog/1-rbac/1050-rbac-base.sql b/src/main/resources/db/changelog/1-rbac/1050-rbac-base.sql index 7c73ec7b..de1b5112 100644 --- a/src/main/resources/db/changelog/1-rbac/1050-rbac-base.sql +++ b/src/main/resources/db/changelog/1-rbac/1050-rbac-base.sql @@ -584,7 +584,7 @@ select exists( join RbacRole as r on r.uuid = g.descendantuuid join rbac.object as o on o.uuid = r.objectuuid where g.ascendantuuid = forAscendantUuid - and o.objecttable = 'global' + and o.objecttable = 'rbac.global' ); $$; diff --git a/src/main/resources/db/changelog/1-rbac/1054-rbac-context.sql b/src/main/resources/db/changelog/1-rbac/1054-rbac-context.sql index 2380c84d..8e870636 100644 --- a/src/main/resources/db/changelog/1-rbac/1054-rbac-context.sql +++ b/src/main/resources/db/changelog/1-rbac/1054-rbac-context.sql @@ -57,7 +57,7 @@ begin objectUuidToAssume = findObjectUuidByIdName(objectTableToAssume, objectNameToAssume); if objectUuidToAssume is null then - raise exception '[401] object % cannot be found in table %', objectNameToAssume, objectTableToAssume; + raise exception '[401] object % cannot be found in table % (from roleNameParts=%)', objectNameToAssume, objectTableToAssume, roleNameParts; end if; select uuid diff --git a/src/main/resources/db/changelog/1-rbac/1059-rbac-statistics.sql b/src/main/resources/db/changelog/1-rbac/1059-rbac-statistics.sql index 4cb5ff19..2f11a5ca 100644 --- a/src/main/resources/db/changelog/1-rbac/1059-rbac-statistics.sql +++ b/src/main/resources/db/changelog/1-rbac/1059-rbac-statistics.sql @@ -5,7 +5,7 @@ /* Creates a view which presents some statistics about the RBAC tables. */ -create view RbacStatisticsView as +create view rbac.statistics_v as select no, to_char("count", '9 999 999 999') as "count", "table" from (select 1 as no, count(*) as "count", 'login users' as "table" from rbac.subject diff --git a/src/main/resources/db/changelog/1-rbac/1080-rbac-global.sql b/src/main/resources/db/changelog/1-rbac/1080-rbac-global.sql index d0c0f444..e9f5a6d2 100644 --- a/src/main/resources/db/changelog/1-rbac/1080-rbac-global.sql +++ b/src/main/resources/db/changelog/1-rbac/1080-rbac-global.sql @@ -1,7 +1,7 @@ --liquibase formatted sql -- ============================================================================ ---changeset rbac-global-GLOBAL-OBJECT:1 endDelimiter:--// +--changeset rbac-global-OBJECT:1 endDelimiter:--// -- ---------------------------------------------------------------------------- /* The purpose of this table is provide root business objects @@ -11,14 +11,14 @@ In production databases, there is only a single row in this table, in test stages, there can be one row for each test data realm. */ -create table Global +create table rbac.global ( uuid uuid primary key references rbac.object (uuid) on delete cascade, name varchar(63) unique ); -create unique index Global_Singleton on Global ((0)); +create unique index Global_Singleton on rbac.global ((0)); -grant select on global to ${HSADMINNG_POSTGRES_RESTRICTED_USERNAME}; +grant select on rbac.global to ${HSADMINNG_POSTGRES_RESTRICTED_USERNAME}; --// @@ -26,7 +26,7 @@ grant select on global to ${HSADMINNG_POSTGRES_RESTRICTED_USERNAME}; --changeset rbac-global-IS-GLOBAL-ADMIN:1 endDelimiter:--// -- ------------------------------------------------------------------ -create or replace function isGlobalAdmin() +create or replace function rbac.isGlobalAdmin() returns boolean language plpgsql as $$ begin @@ -36,117 +36,117 @@ end; $$; -- ============================================================================ ---changeset rbac-global-HAS-GLOBAL-PERMISSION:1 endDelimiter:--// +--changeset rbac-global-HAS-global-PERMISSION:1 endDelimiter:--// -- ------------------------------------------------------------------ -create or replace function hasGlobalPermission(op RbacOp) +create or replace function rbac.hasGlobalPermission(op RbacOp) returns boolean language sql as $$ -- TODO.perf: this could to be optimized -select (select uuid from global) in - (select queryAccessibleObjectUuidsOfSubjectIds(op, 'global', rbac.currentSubjectOrAssumedRolesUuids())); +select (select uuid from rbac.global) in + (select queryAccessibleObjectUuidsOfSubjectIds(op, 'rbac.global', rbac.currentSubjectOrAssumedRolesUuids())); $$; --// -- ============================================================================ ---changeset rbac-global-GLOBAL-IDENTITY-VIEW:1 endDelimiter:--// +--changeset rbac-global-IDENTITY-VIEW:1 endDelimiter:--// -- ---------------------------------------------------------------------------- /* - Creates a view to the global object table which maps the identifying name to the objectUuid. + Creates a view to the rbac.global object table which maps the identifying name to the objectUuid. */ -drop view if exists global_iv; -create or replace view global_iv as +drop view if exists rbac.global_iv; +create or replace view rbac.global_iv as select target.uuid, target.name as idName - from global as target; -grant all privileges on global_iv to ${HSADMINNG_POSTGRES_RESTRICTED_USERNAME}; + from rbac.global as target; +grant all privileges on rbac.global_iv to ${HSADMINNG_POSTGRES_RESTRICTED_USERNAME}; /* Returns the objectUuid for a given identifying name (in this case the idName). */ -create or replace function globalUuidByIdName(idName varchar) +create or replace function rbac.globalUuidByIdName(idName varchar) returns uuid language sql strict as $$ -select uuid from global_iv iv where iv.idName = globalUuidByIdName.idName; +select uuid from rbac.global_iv iv where iv.idName = globalUuidByIdName.idName; $$; /* Returns the identifying name for a given objectUuid (in this case the idName). */ -create or replace function globalIdNameByUuid(uuid uuid) +create or replace function rbac.globalIdNameByUuid(uuid uuid) returns varchar language sql strict as $$ -select idName from global_iv iv where iv.uuid = globalIdNameByUuid.uuid; +select idName from rbac.global_iv iv where iv.uuid = globalIdNameByUuid.uuid; $$; --// --liquibase formatted sql -- ============================================================================ ---changeset rbac-global-PSEUDO-OBJECT:1 endDelimiter:--// +--changeset rbac-rbac.Global-PSEUDO-OBJECT:1 endDelimiter:--// -- ---------------------------------------------------------------------------- /** - A single row to be referenced as a global object. + A single row to be referenced as a rbac.Global object. */ begin transaction; -call basis.defineContext('initializing table "global"', null, null, null); +call basis.defineContext('initializing table "rbac.global"', null, null, null); insert - into rbac.object (objecttable) values ('global'); + into rbac.object (objecttable) values ('rbac.global'); insert - into Global (uuid, name) values ((select uuid from rbac.object where objectTable = 'global'), 'global'); + into rbac.global (uuid, name) values ((select uuid from rbac.object where objectTable = 'rbac.global'), 'global'); commit; --// -- ============================================================================ ---changeset rbac-global-ADMIN-ROLE:1 endDelimiter:--// +--changeset rbac-rbac.Global-ADMIN-ROLE:1 endDelimiter:--// -- ---------------------------------------------------------------------------- /* - A global administrator role. + A rbac.Global administrator role. */ create or replace function globalAdmin(assumed boolean = true) returns RbacRoleDescriptor returns null on null input stable -- leakproof language sql as $$ -select 'global', (select uuid from rbac.object where objectTable = 'global'), 'ADMIN'::RbacRoleType, assumed; +select 'rbac.global', (select uuid from rbac.object where objectTable = 'rbac.global'), 'ADMIN'::RbacRoleType, assumed; $$; begin transaction; - call basis.defineContext('creating role:global#global:ADMIN', null, null, null); + call basis.defineContext('creating role:rbac.global#global:ADMIN', null, null, null); select createRole(globalAdmin()); commit; --// -- ============================================================================ ---changeset rbac-global-GUEST-ROLE:1 endDelimiter:--// +--changeset rbac-rbac.Global-GUEST-ROLE:1 endDelimiter:--// -- ---------------------------------------------------------------------------- /* - A global guest role. + A rbac.Global guest role. */ create or replace function globalGuest(assumed boolean = true) returns RbacRoleDescriptor returns null on null input stable -- leakproof language sql as $$ -select 'global', (select uuid from rbac.object where objectTable = 'global'), 'GUEST'::RbacRoleType, assumed; +select 'rbac.global', (select uuid from rbac.object where objectTable = 'rbac.global'), 'GUEST'::RbacRoleType, assumed; $$; begin transaction; - call basis.defineContext('creating role:global#global:guest', null, null, null); + call basis.defineContext('creating role:rbac.global#global:guest', null, null, null); select createRole(globalGuest()); commit; --// -- ============================================================================ ---changeset rbac-global-ADMIN-USERS:1 context:dev,tc endDelimiter:--// +--changeset rbac-GLOBAL-ADMIN-USERS:1 context:dev,tc endDelimiter:--// -- ---------------------------------------------------------------------------- /* Create two users and assign both to the administrators role. @@ -168,7 +168,7 @@ $$; -- ============================================================================ ---changeset rbac-global-TEST:1 context:dev,tc runAlways:true endDelimiter:--// +--changeset rbac-GLOBAL-TEST:1 context:dev,tc runAlways:true endDelimiter:--// -- ---------------------------------------------------------------------------- /* diff --git a/src/main/resources/db/changelog/2-test/201-test-customer/2013-test-customer-rbac.md b/src/main/resources/db/changelog/2-test/201-test-customer/2013-test-customer-rbac.md index 19e67a38..b1c4ab5a 100644 --- a/src/main/resources/db/changelog/2-test/201-test-customer/2013-test-customer-rbac.md +++ b/src/main/resources/db/changelog/2-test/201-test-customer/2013-test-customer-rbac.md @@ -32,12 +32,12 @@ end user:creator ==>|XX| role:customer:OWNER %% granting roles to roles -role:global:ADMIN ==>|XX| role:customer:OWNER +role:rbac.global:ADMIN ==>|XX| role:customer:OWNER role:customer:OWNER ==> role:customer:ADMIN role:customer:ADMIN ==> role:customer:TENANT %% granting permissions to roles -role:global:ADMIN ==> perm:customer:INSERT +role:rbac.global:ADMIN ==> perm:customer:INSERT role:customer:OWNER ==> perm:customer:DELETE role:customer:ADMIN ==> perm:customer:UPDATE role:customer:TENANT ==> perm:customer:SELECT diff --git a/src/main/resources/db/changelog/2-test/201-test-customer/2013-test-customer-rbac.sql b/src/main/resources/db/changelog/2-test/201-test-customer/2013-test-customer-rbac.sql index 6117c1e6..4bcd7ef8 100644 --- a/src/main/resources/db/changelog/2-test/201-test-customer/2013-test-customer-rbac.sql +++ b/src/main/resources/db/changelog/2-test/201-test-customer/2013-test-customer-rbac.sql @@ -80,18 +80,18 @@ execute procedure insertTriggerForTestCustomer_tf(); --changeset test-customer-rbac-GRANTING-INSERT-PERMISSION:1 endDelimiter:--// -- ---------------------------------------------------------------------------- --- granting INSERT permission to global ---------------------------- +-- granting INSERT permission to rbac.global ---------------------------- /* - Grants INSERT INTO test_customer permissions to specified role of pre-existing global rows. + Grants INSERT INTO test_customer permissions to specified role of pre-existing rbac.global rows. */ do language plpgsql $$ declare - row global; + row rbac.global%ROWTYPE; begin - call basis.defineContext('create INSERT INTO test_customer permissions for pre-exising global rows'); + call basis.defineContext('create INSERT INTO test_customer permissions for pre-exising rbac.global rows'); - FOR row IN SELECT * FROM global + FOR row IN SELECT * FROM rbac.global -- unconditional for all rows in that table LOOP call grantPermissionToRole( @@ -102,7 +102,7 @@ do language plpgsql $$ $$; /** - Grants test_customer INSERT permission to specified role of new global rows. + Grants test_customer INSERT permission to specified role of new rbac.global rows. */ create or replace function new_test_customer_grants_insert_to_global_tf() returns trigger @@ -119,7 +119,7 @@ end; $$; -- z_... is to put it at the end of after insert triggers, to make sure the roles exist create trigger z_new_test_customer_grants_insert_to_global_tg - after insert on global + after insert on rbac.global for each row execute procedure new_test_customer_grants_insert_to_global_tf(); @@ -137,8 +137,8 @@ create or replace function test_customer_insert_permission_check_tf() declare superObjectUuid uuid; begin - -- check INSERT INSERT if global ADMIN - if isGlobalAdmin() then + -- check INSERT INSERT if rbac.global ADMIN + if rbac.isGlobalAdmin() then return NEW; end if; diff --git a/src/main/resources/db/changelog/2-test/201-test-customer/2018-test-customer-test-data.sql b/src/main/resources/db/changelog/2-test/201-test-customer/2018-test-customer-test-data.sql index 7fd294f0..70e0a993 100644 --- a/src/main/resources/db/changelog/2-test/201-test-customer/2018-test-customer-test-data.sql +++ b/src/main/resources/db/changelog/2-test/201-test-customer/2018-test-customer-test-data.sql @@ -72,7 +72,7 @@ end; $$; do language plpgsql $$ begin - call basis.defineContext('creating RBAC test customer', null, 'superuser-alex@hostsharing.net', 'global#global:ADMIN'); + call basis.defineContext('creating RBAC test customer', null, 'superuser-alex@hostsharing.net', 'rbac.global#global:ADMIN'); call createTestCustomerTestData(99901, 'xxx'); call createTestCustomerTestData(99902, 'yyy'); diff --git a/src/main/resources/db/changelog/2-test/202-test-package/2023-test-package-rbac.md b/src/main/resources/db/changelog/2-test/202-test-package/2023-test-package-rbac.md index af3a5f84..4114d6b3 100644 --- a/src/main/resources/db/changelog/2-test/202-test-package/2023-test-package-rbac.md +++ b/src/main/resources/db/changelog/2-test/202-test-package/2023-test-package-rbac.md @@ -42,7 +42,7 @@ subgraph package["`**package**`"] end %% granting roles to roles -role:global:ADMIN -.->|XX| role:customer:OWNER +role:rbac.global:ADMIN -.->|XX| role:customer:OWNER role:customer:OWNER -.-> role:customer:ADMIN role:customer:ADMIN -.-> role:customer:TENANT role:customer:ADMIN ==> role:package:OWNER diff --git a/src/main/resources/db/changelog/2-test/203-test-domain/2033-test-domain-rbac.md b/src/main/resources/db/changelog/2-test/203-test-domain/2033-test-domain-rbac.md index 72693972..a9716182 100644 --- a/src/main/resources/db/changelog/2-test/203-test-domain/2033-test-domain-rbac.md +++ b/src/main/resources/db/changelog/2-test/203-test-domain/2033-test-domain-rbac.md @@ -54,7 +54,7 @@ subgraph package.customer["`**package.customer**`"] end %% granting roles to roles -role:global:ADMIN -.->|XX| role:package.customer:OWNER +role:rbac.global:ADMIN -.->|XX| role:package.customer:OWNER role:package.customer:OWNER -.-> role:package.customer:ADMIN role:package.customer:ADMIN -.-> role:package.customer:TENANT role:package.customer:ADMIN -.-> role:package:OWNER diff --git a/src/main/resources/db/changelog/5-hs-office/501-contact/5013-hs-office-contact-rbac.md b/src/main/resources/db/changelog/5-hs-office/501-contact/5013-hs-office-contact-rbac.md index fe736072..b91848c6 100644 --- a/src/main/resources/db/changelog/5-hs-office/501-contact/5013-hs-office-contact-rbac.md +++ b/src/main/resources/db/changelog/5-hs-office/501-contact/5013-hs-office-contact-rbac.md @@ -32,7 +32,7 @@ end user:creator ==> role:contact:OWNER %% granting roles to roles -role:global:ADMIN ==> role:contact:OWNER +role:rbac.global:ADMIN ==> role:contact:OWNER role:contact:OWNER ==> role:contact:ADMIN role:contact:ADMIN ==> role:contact:REFERRER @@ -40,6 +40,6 @@ role:contact:ADMIN ==> role:contact:REFERRER role:contact:OWNER ==> perm:contact:DELETE role:contact:ADMIN ==> perm:contact:UPDATE role:contact:REFERRER ==> perm:contact:SELECT -role:global:GUEST ==> perm:contact:INSERT +role:rbac.global:GUEST ==> perm:contact:INSERT ``` diff --git a/src/main/resources/db/changelog/5-hs-office/502-person/5023-hs-office-person-rbac.md b/src/main/resources/db/changelog/5-hs-office/502-person/5023-hs-office-person-rbac.md index d0eebfdd..4ace6eed 100644 --- a/src/main/resources/db/changelog/5-hs-office/502-person/5023-hs-office-person-rbac.md +++ b/src/main/resources/db/changelog/5-hs-office/502-person/5023-hs-office-person-rbac.md @@ -32,12 +32,12 @@ end user:creator ==> role:person:OWNER %% granting roles to roles -role:global:ADMIN ==> role:person:OWNER +role:rbac.global:ADMIN ==> role:person:OWNER role:person:OWNER ==> role:person:ADMIN role:person:ADMIN ==> role:person:REFERRER %% granting permissions to roles -role:global:GUEST ==> perm:person:INSERT +role:rbac.global:GUEST ==> perm:person:INSERT role:person:OWNER ==> perm:person:DELETE role:person:ADMIN ==> perm:person:UPDATE role:person:REFERRER ==> perm:person:SELECT diff --git a/src/main/resources/db/changelog/5-hs-office/503-relation/5033-hs-office-relation-rbac-REPRESENTATIVE.md b/src/main/resources/db/changelog/5-hs-office/503-relation/5033-hs-office-relation-rbac-REPRESENTATIVE.md index 0d944401..743aa7bf 100644 --- a/src/main/resources/db/changelog/5-hs-office/503-relation/5033-hs-office-relation-rbac-REPRESENTATIVE.md +++ b/src/main/resources/db/changelog/5-hs-office/503-relation/5033-hs-office-relation-rbac-REPRESENTATIVE.md @@ -72,16 +72,16 @@ end user:creator ==> role:relation:OWNER %% granting roles to roles -role:global:ADMIN -.-> role:anchorPerson:OWNER +role:rbac.global:ADMIN -.-> role:anchorPerson:OWNER role:anchorPerson:OWNER -.-> role:anchorPerson:ADMIN role:anchorPerson:ADMIN -.-> role:anchorPerson:REFERRER -role:global:ADMIN -.-> role:holderPerson:OWNER +role:rbac.global:ADMIN -.-> role:holderPerson:OWNER role:holderPerson:OWNER -.-> role:holderPerson:ADMIN role:holderPerson:ADMIN -.-> role:holderPerson:REFERRER -role:global:ADMIN -.-> role:contact:OWNER +role:rbac.global:ADMIN -.-> role:contact:OWNER role:contact:OWNER -.-> role:contact:ADMIN role:contact:ADMIN -.-> role:contact:REFERRER -role:global:ADMIN ==> role:relation:OWNER +role:rbac.global:ADMIN ==> role:relation:OWNER role:holderPerson:ADMIN ==> role:relation:OWNER role:relation:OWNER ==> role:relation:ADMIN role:relation:ADMIN ==> role:anchorPerson:OWNER diff --git a/src/main/resources/db/changelog/5-hs-office/503-relation/5033-hs-office-relation-rbac.md b/src/main/resources/db/changelog/5-hs-office/503-relation/5033-hs-office-relation-rbac.md index 47d4d220..ccd95235 100644 --- a/src/main/resources/db/changelog/5-hs-office/503-relation/5033-hs-office-relation-rbac.md +++ b/src/main/resources/db/changelog/5-hs-office/503-relation/5033-hs-office-relation-rbac.md @@ -72,16 +72,16 @@ end user:creator ==> role:relation:OWNER %% granting roles to roles -role:global:ADMIN -.-> role:anchorPerson:OWNER +role:rbac.global:ADMIN -.-> role:anchorPerson:OWNER role:anchorPerson:OWNER -.-> role:anchorPerson:ADMIN role:anchorPerson:ADMIN -.-> role:anchorPerson:REFERRER -role:global:ADMIN -.-> role:holderPerson:OWNER +role:rbac.global:ADMIN -.-> role:holderPerson:OWNER role:holderPerson:OWNER -.-> role:holderPerson:ADMIN role:holderPerson:ADMIN -.-> role:holderPerson:REFERRER -role:global:ADMIN -.-> role:contact:OWNER +role:rbac.global:ADMIN -.-> role:contact:OWNER role:contact:OWNER -.-> role:contact:ADMIN role:contact:ADMIN -.-> role:contact:REFERRER -role:global:ADMIN ==> role:relation:OWNER +role:rbac.global:ADMIN ==> role:relation:OWNER role:relation:OWNER ==> role:relation:ADMIN role:relation:ADMIN ==> role:relation:AGENT role:relation:AGENT ==> role:relation:TENANT diff --git a/src/main/resources/db/changelog/5-hs-office/503-relation/5038-hs-office-relation-test-data.sql b/src/main/resources/db/changelog/5-hs-office/503-relation/5038-hs-office-relation-test-data.sql index 56ee5791..9f4ef1c1 100644 --- a/src/main/resources/db/changelog/5-hs-office/503-relation/5038-hs-office-relation-test-data.sql +++ b/src/main/resources/db/changelog/5-hs-office/503-relation/5038-hs-office-relation-test-data.sql @@ -85,7 +85,7 @@ end; $$; do language plpgsql $$ begin - call basis.defineContext('creating relation test-data', null, 'superuser-alex@hostsharing.net', 'global#global:ADMIN'); + call basis.defineContext('creating relation test-data', null, 'superuser-alex@hostsharing.net', 'rbac.global#global:ADMIN'); call createHsOfficeRelationTestData('First GmbH', 'PARTNER', 'Hostsharing eG', 'first contact'); call createHsOfficeRelationTestData('Firby', 'REPRESENTATIVE', 'First GmbH', 'first contact'); diff --git a/src/main/resources/db/changelog/5-hs-office/504-partner/5043-hs-office-partner-rbac.md b/src/main/resources/db/changelog/5-hs-office/504-partner/5043-hs-office-partner-rbac.md index ecbe29de..162d81bf 100644 --- a/src/main/resources/db/changelog/5-hs-office/504-partner/5043-hs-office-partner-rbac.md +++ b/src/main/resources/db/changelog/5-hs-office/504-partner/5043-hs-office-partner-rbac.md @@ -87,16 +87,16 @@ subgraph partnerRel.holderPerson["`**partnerRel.holderPerson**`"] end %% granting roles to roles -role:global:ADMIN -.-> role:partnerRel.anchorPerson:OWNER +role:rbac.global:ADMIN -.-> role:partnerRel.anchorPerson:OWNER role:partnerRel.anchorPerson:OWNER -.-> role:partnerRel.anchorPerson:ADMIN role:partnerRel.anchorPerson:ADMIN -.-> role:partnerRel.anchorPerson:REFERRER -role:global:ADMIN -.-> role:partnerRel.holderPerson:OWNER +role:rbac.global:ADMIN -.-> role:partnerRel.holderPerson:OWNER role:partnerRel.holderPerson:OWNER -.-> role:partnerRel.holderPerson:ADMIN role:partnerRel.holderPerson:ADMIN -.-> role:partnerRel.holderPerson:REFERRER -role:global:ADMIN -.-> role:partnerRel.contact:OWNER +role:rbac.global:ADMIN -.-> role:partnerRel.contact:OWNER role:partnerRel.contact:OWNER -.-> role:partnerRel.contact:ADMIN role:partnerRel.contact:ADMIN -.-> role:partnerRel.contact:REFERRER -role:global:ADMIN -.-> role:partnerRel:OWNER +role:rbac.global:ADMIN -.-> role:partnerRel:OWNER role:partnerRel:OWNER -.-> role:partnerRel:ADMIN role:partnerRel:ADMIN -.-> role:partnerRel:AGENT role:partnerRel:AGENT -.-> role:partnerRel:TENANT @@ -108,7 +108,7 @@ role:partnerRel.anchorPerson:ADMIN -.-> role:partnerRel:OWNER role:partnerRel.holderPerson:ADMIN -.-> role:partnerRel:AGENT %% granting permissions to roles -role:global:ADMIN ==> perm:partner:INSERT +role:rbac.global:ADMIN ==> perm:partner:INSERT role:partnerRel:OWNER ==> perm:partner:DELETE role:partnerRel:ADMIN ==> perm:partner:UPDATE role:partnerRel:TENANT ==> perm:partner:SELECT diff --git a/src/main/resources/db/changelog/5-hs-office/504-partner/5043-hs-office-partner-rbac.sql b/src/main/resources/db/changelog/5-hs-office/504-partner/5043-hs-office-partner-rbac.sql index debae10b..8428f536 100644 --- a/src/main/resources/db/changelog/5-hs-office/504-partner/5043-hs-office-partner-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/504-partner/5043-hs-office-partner-rbac.sql @@ -157,18 +157,18 @@ execute procedure updateTriggerForHsOfficePartner_tf(); --changeset hs-office-partner-rbac-GRANTING-INSERT-PERMISSION:1 endDelimiter:--// -- ---------------------------------------------------------------------------- --- granting INSERT permission to global ---------------------------- +-- granting INSERT permission to rbac.global ---------------------------- /* - Grants INSERT INTO hs_office_partner permissions to specified role of pre-existing global rows. + Grants INSERT INTO hs_office_partner permissions to specified role of pre-existing rbac.global rows. */ do language plpgsql $$ declare - row global; + row rbac.global%ROWTYPE; begin - call basis.defineContext('create INSERT INTO hs_office_partner permissions for pre-exising global rows'); + call basis.defineContext('create INSERT INTO hs_office_partner permissions for pre-exising rbac.Global rows'); - FOR row IN SELECT * FROM global + FOR row IN SELECT * FROM rbac.global -- unconditional for all rows in that table LOOP call grantPermissionToRole( @@ -179,7 +179,7 @@ do language plpgsql $$ $$; /** - Grants hs_office_partner INSERT permission to specified role of new global rows. + Grants hs_office_partner INSERT permission to specified role of new rbac.global rows. */ create or replace function new_hs_office_partner_grants_insert_to_global_tf() returns trigger @@ -196,7 +196,7 @@ end; $$; -- z_... is to put it at the end of after insert triggers, to make sure the roles exist create trigger z_new_hs_office_partner_grants_insert_to_global_tg - after insert on global + after insert on rbac.global for each row execute procedure new_hs_office_partner_grants_insert_to_global_tf(); @@ -214,8 +214,8 @@ create or replace function hs_office_partner_insert_permission_check_tf() declare superObjectUuid uuid; begin - -- check INSERT INSERT if global ADMIN - if isGlobalAdmin() then + -- check INSERT INSERT if rbac.global ADMIN + if rbac.isGlobalAdmin() then return NEW; end if; diff --git a/src/main/resources/db/changelog/5-hs-office/504-partner/5044-hs-office-partner-details-rbac.md b/src/main/resources/db/changelog/5-hs-office/504-partner/5044-hs-office-partner-details-rbac.md index 347896bb..e79f14f4 100644 --- a/src/main/resources/db/changelog/5-hs-office/504-partner/5044-hs-office-partner-details-rbac.md +++ b/src/main/resources/db/changelog/5-hs-office/504-partner/5044-hs-office-partner-details-rbac.md @@ -18,6 +18,6 @@ subgraph partnerDetails["`**partnerDetails**`"] end %% granting permissions to roles -role:global:ADMIN ==> perm:partnerDetails:INSERT +role:rbac.global:ADMIN ==> perm:partnerDetails:INSERT ``` diff --git a/src/main/resources/db/changelog/5-hs-office/504-partner/5044-hs-office-partner-details-rbac.sql b/src/main/resources/db/changelog/5-hs-office/504-partner/5044-hs-office-partner-details-rbac.sql index 93d6de7f..a3e74102 100644 --- a/src/main/resources/db/changelog/5-hs-office/504-partner/5044-hs-office-partner-details-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/504-partner/5044-hs-office-partner-details-rbac.sql @@ -61,25 +61,25 @@ execute procedure insertTriggerForHsOfficePartnerDetails_tf(); --changeset hs-office-partner-details-rbac-GRANTING-INSERT-PERMISSION:1 endDelimiter:--// -- ---------------------------------------------------------------------------- --- granting INSERT permission to global ---------------------------- +-- granting INSERT permission to rbac.global ---------------------------- /* - Grants INSERT INTO hs_office_partner_details permissions to specified role of pre-existing global rows. + Grants INSERT INTO hs_office_partner_details permissions to specified role of pre-existing rbac.global rows. */ do language plpgsql $$ - declare - row global; - begin - call basis.defineContext('create INSERT INTO hs_office_partner_details permissions for pre-exising global rows'); +declare + row rbac.global; +begin + call basis.defineContext('create INSERT INTO hs_office_partner_details permissions for pre-exising global rows'); - FOR row IN SELECT * FROM global - -- unconditional for all rows in that table - LOOP + FOR row IN SELECT * FROM rbac.global + -- unconditional for all rows in that table + LOOP call grantPermissionToRole( createPermission(row.uuid, 'INSERT', 'hs_office_partner_details'), globalADMIN()); - END LOOP; - end; + END LOOP; +end; $$; /** @@ -100,7 +100,7 @@ end; $$; -- z_... is to put it at the end of after insert triggers, to make sure the roles exist create trigger z_new_hs_office_partner_details_grants_insert_to_global_tg - after insert on global + after insert on rbac.global for each row execute procedure new_hs_office_partner_details_grants_insert_to_global_tf(); @@ -118,8 +118,8 @@ create or replace function hs_office_partner_details_insert_permission_check_tf( declare superObjectUuid uuid; begin - -- check INSERT INSERT if global ADMIN - if isGlobalAdmin() then + -- check INSERT INSERT if rbac.Global ADMIN + if rbac.isGlobalAdmin() then return NEW; end if; diff --git a/src/main/resources/db/changelog/5-hs-office/504-partner/5048-hs-office-partner-test-data.sql b/src/main/resources/db/changelog/5-hs-office/504-partner/5048-hs-office-partner-test-data.sql index ae932604..acc3a899 100644 --- a/src/main/resources/db/changelog/5-hs-office/504-partner/5048-hs-office-partner-test-data.sql +++ b/src/main/resources/db/changelog/5-hs-office/504-partner/5048-hs-office-partner-test-data.sql @@ -71,7 +71,7 @@ end; $$; do language plpgsql $$ begin - call basis.defineContext('creating partner test-data ', null, 'superuser-alex@hostsharing.net', 'global#global:ADMIN'); + call basis.defineContext('creating partner test-data ', null, 'superuser-alex@hostsharing.net', 'rbac.global#global:ADMIN'); call createHsOfficePartnerTestData('Hostsharing eG', 10001, 'First GmbH', 'first contact'); call createHsOfficePartnerTestData('Hostsharing eG', 10002, 'Second e.K.', 'second contact'); diff --git a/src/main/resources/db/changelog/5-hs-office/505-bankaccount/5053-hs-office-bankaccount-rbac.md b/src/main/resources/db/changelog/5-hs-office/505-bankaccount/5053-hs-office-bankaccount-rbac.md index 4558815c..7a2b3af9 100644 --- a/src/main/resources/db/changelog/5-hs-office/505-bankaccount/5053-hs-office-bankaccount-rbac.md +++ b/src/main/resources/db/changelog/5-hs-office/505-bankaccount/5053-hs-office-bankaccount-rbac.md @@ -32,12 +32,12 @@ end user:creator ==> role:bankAccount:OWNER %% granting roles to roles -role:global:ADMIN ==> role:bankAccount:OWNER +role:rbac.global:ADMIN ==> role:bankAccount:OWNER role:bankAccount:OWNER ==> role:bankAccount:ADMIN role:bankAccount:ADMIN ==> role:bankAccount:REFERRER %% granting permissions to roles -role:global:GUEST ==> perm:bankAccount:INSERT +role:rbac.global:GUEST ==> perm:bankAccount:INSERT role:bankAccount:OWNER ==> perm:bankAccount:DELETE role:bankAccount:ADMIN ==> perm:bankAccount:UPDATE role:bankAccount:REFERRER ==> perm:bankAccount:SELECT diff --git a/src/main/resources/db/changelog/5-hs-office/506-debitor/5063-hs-office-debitor-rbac.md b/src/main/resources/db/changelog/5-hs-office/506-debitor/5063-hs-office-debitor-rbac.md index ef8bc404..7caebefa 100644 --- a/src/main/resources/db/changelog/5-hs-office/506-debitor/5063-hs-office-debitor-rbac.md +++ b/src/main/resources/db/changelog/5-hs-office/506-debitor/5063-hs-office-debitor-rbac.md @@ -140,16 +140,16 @@ subgraph refundBankAccount["`**refundBankAccount**`"] end %% granting roles to roles -role:global:ADMIN -.-> role:debitorRel.anchorPerson:OWNER +role:rbac.global:ADMIN -.-> role:debitorRel.anchorPerson:OWNER role:debitorRel.anchorPerson:OWNER -.-> role:debitorRel.anchorPerson:ADMIN role:debitorRel.anchorPerson:ADMIN -.-> role:debitorRel.anchorPerson:REFERRER -role:global:ADMIN -.-> role:debitorRel.holderPerson:OWNER +role:rbac.global:ADMIN -.-> role:debitorRel.holderPerson:OWNER role:debitorRel.holderPerson:OWNER -.-> role:debitorRel.holderPerson:ADMIN role:debitorRel.holderPerson:ADMIN -.-> role:debitorRel.holderPerson:REFERRER -role:global:ADMIN -.-> role:debitorRel.contact:OWNER +role:rbac.global:ADMIN -.-> role:debitorRel.contact:OWNER role:debitorRel.contact:OWNER -.-> role:debitorRel.contact:ADMIN role:debitorRel.contact:ADMIN -.-> role:debitorRel.contact:REFERRER -role:global:ADMIN -.-> role:debitorRel:OWNER +role:rbac.global:ADMIN -.-> role:debitorRel:OWNER role:debitorRel:OWNER -.-> role:debitorRel:ADMIN role:debitorRel:ADMIN -.-> role:debitorRel:AGENT role:debitorRel:AGENT -.-> role:debitorRel:TENANT @@ -159,21 +159,21 @@ role:debitorRel:TENANT -.-> role:debitorRel.holderPerson:REFERRER role:debitorRel:TENANT -.-> role:debitorRel.contact:REFERRER role:debitorRel.anchorPerson:ADMIN -.-> role:debitorRel:OWNER role:debitorRel.holderPerson:ADMIN -.-> role:debitorRel:AGENT -role:global:ADMIN -.-> role:refundBankAccount:OWNER +role:rbac.global:ADMIN -.-> role:refundBankAccount:OWNER role:refundBankAccount:OWNER -.-> role:refundBankAccount:ADMIN role:refundBankAccount:ADMIN -.-> role:refundBankAccount:REFERRER role:refundBankAccount:ADMIN ==> role:debitorRel:AGENT role:debitorRel:AGENT ==> role:refundBankAccount:REFERRER -role:global:ADMIN -.-> role:partnerRel.anchorPerson:OWNER +role:rbac.global:ADMIN -.-> role:partnerRel.anchorPerson:OWNER role:partnerRel.anchorPerson:OWNER -.-> role:partnerRel.anchorPerson:ADMIN role:partnerRel.anchorPerson:ADMIN -.-> role:partnerRel.anchorPerson:REFERRER -role:global:ADMIN -.-> role:partnerRel.holderPerson:OWNER +role:rbac.global:ADMIN -.-> role:partnerRel.holderPerson:OWNER role:partnerRel.holderPerson:OWNER -.-> role:partnerRel.holderPerson:ADMIN role:partnerRel.holderPerson:ADMIN -.-> role:partnerRel.holderPerson:REFERRER -role:global:ADMIN -.-> role:partnerRel.contact:OWNER +role:rbac.global:ADMIN -.-> role:partnerRel.contact:OWNER role:partnerRel.contact:OWNER -.-> role:partnerRel.contact:ADMIN role:partnerRel.contact:ADMIN -.-> role:partnerRel.contact:REFERRER -role:global:ADMIN -.-> role:partnerRel:OWNER +role:rbac.global:ADMIN -.-> role:partnerRel:OWNER role:partnerRel:OWNER -.-> role:partnerRel:ADMIN role:partnerRel:ADMIN -.-> role:partnerRel:AGENT role:partnerRel:AGENT -.-> role:partnerRel:TENANT @@ -188,7 +188,7 @@ role:partnerRel:AGENT ==> role:debitorRel:AGENT role:debitorRel:AGENT ==> role:partnerRel:TENANT %% granting permissions to roles -role:global:ADMIN ==> perm:debitor:INSERT +role:rbac.global:ADMIN ==> perm:debitor:INSERT role:debitorRel:OWNER ==> perm:debitor:DELETE role:debitorRel:ADMIN ==> perm:debitor:UPDATE role:debitorRel:TENANT ==> perm:debitor:SELECT diff --git a/src/main/resources/db/changelog/5-hs-office/506-debitor/5063-hs-office-debitor-rbac.sql b/src/main/resources/db/changelog/5-hs-office/506-debitor/5063-hs-office-debitor-rbac.sql index d53a08ef..62d3ba8b 100644 --- a/src/main/resources/db/changelog/5-hs-office/506-debitor/5063-hs-office-debitor-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/506-debitor/5063-hs-office-debitor-rbac.sql @@ -130,18 +130,18 @@ execute procedure updateTriggerForHsOfficeDebitor_tf(); --changeset hs-office-debitor-rbac-GRANTING-INSERT-PERMISSION:1 endDelimiter:--// -- ---------------------------------------------------------------------------- --- granting INSERT permission to global ---------------------------- +-- granting INSERT permission to rbac.Global ---------------------------- /* - Grants INSERT INTO hs_office_debitor permissions to specified role of pre-existing global rows. + Grants INSERT INTO hs_office_debitor permissions to specified role of pre-existing rbac.global rows. */ do language plpgsql $$ declare - row global; + row rbac.global%ROWTYPE; begin - call basis.defineContext('create INSERT INTO hs_office_debitor permissions for pre-exising global rows'); + call basis.defineContext('create INSERT INTO hs_office_debitor permissions for pre-exising rbac.Global rows'); - FOR row IN SELECT * FROM global + FOR row IN SELECT * FROM rbac.global -- unconditional for all rows in that table LOOP call grantPermissionToRole( @@ -152,7 +152,7 @@ do language plpgsql $$ $$; /** - Grants hs_office_debitor INSERT permission to specified role of new global rows. + Grants hs_office_debitor INSERT permission to specified role of new rbac.global rows. */ create or replace function new_hs_office_debitor_grants_insert_to_global_tf() returns trigger @@ -169,7 +169,7 @@ end; $$; -- z_... is to put it at the end of after insert triggers, to make sure the roles exist create trigger z_new_hs_office_debitor_grants_insert_to_global_tg - after insert on global + after insert on rbac.global for each row execute procedure new_hs_office_debitor_grants_insert_to_global_tf(); @@ -187,8 +187,8 @@ create or replace function hs_office_debitor_insert_permission_check_tf() declare superObjectUuid uuid; begin - -- check INSERT INSERT if global ADMIN - if isGlobalAdmin() then + -- check INSERT INSERT if rbac.global ADMIN + if rbac.isGlobalAdmin() then return NEW; end if; diff --git a/src/main/resources/db/changelog/5-hs-office/506-debitor/5068-hs-office-debitor-test-data.sql b/src/main/resources/db/changelog/5-hs-office/506-debitor/5068-hs-office-debitor-test-data.sql index 399c9e70..cb4ce02e 100644 --- a/src/main/resources/db/changelog/5-hs-office/506-debitor/5068-hs-office-debitor-test-data.sql +++ b/src/main/resources/db/changelog/5-hs-office/506-debitor/5068-hs-office-debitor-test-data.sql @@ -50,7 +50,7 @@ end; $$; do language plpgsql $$ begin - call basis.defineContext('creating debitor test-data', null, 'superuser-alex@hostsharing.net', 'global#global:ADMIN'); + call basis.defineContext('creating debitor test-data', null, 'superuser-alex@hostsharing.net', 'rbac.global#global:ADMIN'); call createHsOfficeDebitorTestData(11, 'First GmbH', 'first contact', 'fir'); call createHsOfficeDebitorTestData(12, 'Second e.K.', 'second contact', 'sec'); diff --git a/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5073-hs-office-sepamandate-rbac.md b/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5073-hs-office-sepamandate-rbac.md index d6b47c0e..a2a89591 100644 --- a/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5073-hs-office-sepamandate-rbac.md +++ b/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5073-hs-office-sepamandate-rbac.md @@ -99,16 +99,16 @@ end user:creator ==> role:sepaMandate:OWNER %% granting roles to roles -role:global:ADMIN -.-> role:debitorRel.anchorPerson:OWNER +role:rbac.global:ADMIN -.-> role:debitorRel.anchorPerson:OWNER role:debitorRel.anchorPerson:OWNER -.-> role:debitorRel.anchorPerson:ADMIN role:debitorRel.anchorPerson:ADMIN -.-> role:debitorRel.anchorPerson:REFERRER -role:global:ADMIN -.-> role:debitorRel.holderPerson:OWNER +role:rbac.global:ADMIN -.-> role:debitorRel.holderPerson:OWNER role:debitorRel.holderPerson:OWNER -.-> role:debitorRel.holderPerson:ADMIN role:debitorRel.holderPerson:ADMIN -.-> role:debitorRel.holderPerson:REFERRER -role:global:ADMIN -.-> role:debitorRel.contact:OWNER +role:rbac.global:ADMIN -.-> role:debitorRel.contact:OWNER role:debitorRel.contact:OWNER -.-> role:debitorRel.contact:ADMIN role:debitorRel.contact:ADMIN -.-> role:debitorRel.contact:REFERRER -role:global:ADMIN -.-> role:debitorRel:OWNER +role:rbac.global:ADMIN -.-> role:debitorRel:OWNER role:debitorRel:OWNER -.-> role:debitorRel:ADMIN role:debitorRel:ADMIN -.-> role:debitorRel:AGENT role:debitorRel:AGENT -.-> role:debitorRel:TENANT @@ -118,10 +118,10 @@ role:debitorRel:TENANT -.-> role:debitorRel.holderPerson:REFERRER role:debitorRel:TENANT -.-> role:debitorRel.contact:REFERRER role:debitorRel.anchorPerson:ADMIN -.-> role:debitorRel:OWNER role:debitorRel.holderPerson:ADMIN -.-> role:debitorRel:AGENT -role:global:ADMIN -.-> role:bankAccount:OWNER +role:rbac.global:ADMIN -.-> role:bankAccount:OWNER role:bankAccount:OWNER -.-> role:bankAccount:ADMIN role:bankAccount:ADMIN -.-> role:bankAccount:REFERRER -role:global:ADMIN ==> role:sepaMandate:OWNER +role:rbac.global:ADMIN ==> role:sepaMandate:OWNER role:sepaMandate:OWNER ==> role:sepaMandate:ADMIN role:sepaMandate:ADMIN ==> role:sepaMandate:AGENT role:sepaMandate:AGENT ==> role:bankAccount:REFERRER diff --git a/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5078-hs-office-sepamandate-test-data.sql b/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5078-hs-office-sepamandate-test-data.sql index 071ad1b8..49f30655 100644 --- a/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5078-hs-office-sepamandate-test-data.sql +++ b/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5078-hs-office-sepamandate-test-data.sql @@ -43,7 +43,7 @@ end; $$; do language plpgsql $$ begin - call basis.defineContext('creating SEPA-mandate test-data', null, 'superuser-alex@hostsharing.net', 'global#global:ADMIN'); + call basis.defineContext('creating SEPA-mandate test-data', null, 'superuser-alex@hostsharing.net', 'rbac.global#global:ADMIN'); call createHsOfficeSepaMandateTestData(10001, '11', 'DE02120300000000202051', 'ref-10001-11'); call createHsOfficeSepaMandateTestData(10002, '12', 'DE02100500000054540402', 'ref-10002-12'); diff --git a/src/main/resources/db/changelog/5-hs-office/510-membership/5103-hs-office-membership-rbac.md b/src/main/resources/db/changelog/5-hs-office/510-membership/5103-hs-office-membership-rbac.md index 083e244e..2b7b2739 100644 --- a/src/main/resources/db/changelog/5-hs-office/510-membership/5103-hs-office-membership-rbac.md +++ b/src/main/resources/db/changelog/5-hs-office/510-membership/5103-hs-office-membership-rbac.md @@ -85,16 +85,16 @@ end user:creator ==> role:membership:OWNER %% granting roles to roles -role:global:ADMIN -.-> role:partnerRel.anchorPerson:OWNER +role:rbac.global:ADMIN -.-> role:partnerRel.anchorPerson:OWNER role:partnerRel.anchorPerson:OWNER -.-> role:partnerRel.anchorPerson:ADMIN role:partnerRel.anchorPerson:ADMIN -.-> role:partnerRel.anchorPerson:REFERRER -role:global:ADMIN -.-> role:partnerRel.holderPerson:OWNER +role:rbac.global:ADMIN -.-> role:partnerRel.holderPerson:OWNER role:partnerRel.holderPerson:OWNER -.-> role:partnerRel.holderPerson:ADMIN role:partnerRel.holderPerson:ADMIN -.-> role:partnerRel.holderPerson:REFERRER -role:global:ADMIN -.-> role:partnerRel.contact:OWNER +role:rbac.global:ADMIN -.-> role:partnerRel.contact:OWNER role:partnerRel.contact:OWNER -.-> role:partnerRel.contact:ADMIN role:partnerRel.contact:ADMIN -.-> role:partnerRel.contact:REFERRER -role:global:ADMIN -.-> role:partnerRel:OWNER +role:rbac.global:ADMIN -.-> role:partnerRel:OWNER role:partnerRel:OWNER -.-> role:partnerRel:ADMIN role:partnerRel:ADMIN -.-> role:partnerRel:AGENT role:partnerRel:AGENT -.-> role:partnerRel:TENANT @@ -111,7 +111,7 @@ role:partnerRel:AGENT ==> role:membership:AGENT role:membership:AGENT ==> role:partnerRel:TENANT %% granting permissions to roles -role:global:ADMIN ==> perm:membership:INSERT +role:rbac.global:ADMIN ==> perm:membership:INSERT role:membership:ADMIN ==> perm:membership:DELETE role:membership:ADMIN ==> perm:membership:UPDATE role:membership:AGENT ==> perm:membership:SELECT diff --git a/src/main/resources/db/changelog/5-hs-office/510-membership/5103-hs-office-membership-rbac.sql b/src/main/resources/db/changelog/5-hs-office/510-membership/5103-hs-office-membership-rbac.sql index d60f8eef..5994d929 100644 --- a/src/main/resources/db/changelog/5-hs-office/510-membership/5103-hs-office-membership-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/510-membership/5103-hs-office-membership-rbac.sql @@ -92,18 +92,18 @@ execute procedure insertTriggerForHsOfficeMembership_tf(); --changeset hs-office-membership-rbac-GRANTING-INSERT-PERMISSION:1 endDelimiter:--// -- ---------------------------------------------------------------------------- --- granting INSERT permission to global ---------------------------- +-- granting INSERT permission to rbac.global ---------------------------- /* - Grants INSERT INTO hs_office_membership permissions to specified role of pre-existing global rows. + Grants INSERT INTO hs_office_membership permissions to specified role of pre-existing rbac.global rows. */ do language plpgsql $$ declare - row global; + row rbac.global%ROWTYPE; begin - call basis.defineContext('create INSERT INTO hs_office_membership permissions for pre-exising global rows'); + call basis.defineContext('create INSERT INTO hs_office_membership permissions for pre-exising rbac.Global rows'); - FOR row IN SELECT * FROM global + FOR row IN SELECT * FROM rbac.global -- unconditional for all rows in that table LOOP call grantPermissionToRole( @@ -114,7 +114,7 @@ do language plpgsql $$ $$; /** - Grants hs_office_membership INSERT permission to specified role of new global rows. + Grants hs_office_membership INSERT permission to specified role of new rbac.Global rows. */ create or replace function new_hs_office_membership_grants_insert_to_global_tf() returns trigger @@ -131,7 +131,7 @@ end; $$; -- z_... is to put it at the end of after insert triggers, to make sure the roles exist create trigger z_new_hs_office_membership_grants_insert_to_global_tg - after insert on global + after insert on rbac.global for each row execute procedure new_hs_office_membership_grants_insert_to_global_tf(); @@ -149,8 +149,8 @@ create or replace function hs_office_membership_insert_permission_check_tf() declare superObjectUuid uuid; begin - -- check INSERT INSERT if global ADMIN - if isGlobalAdmin() then + -- check INSERT INSERT if rbac.Global ADMIN + if rbac.isGlobalAdmin() then return NEW; end if; diff --git a/src/main/resources/db/changelog/5-hs-office/510-membership/5108-hs-office-membership-test-data.sql b/src/main/resources/db/changelog/5-hs-office/510-membership/5108-hs-office-membership-test-data.sql index 36195fdb..805fb4b9 100644 --- a/src/main/resources/db/changelog/5-hs-office/510-membership/5108-hs-office-membership-test-data.sql +++ b/src/main/resources/db/changelog/5-hs-office/510-membership/5108-hs-office-membership-test-data.sql @@ -33,7 +33,7 @@ end; $$; do language plpgsql $$ begin - call basis.defineContext('creating Membership test-data', null, 'superuser-alex@hostsharing.net', 'global#global:ADMIN'); + call basis.defineContext('creating Membership test-data', null, 'superuser-alex@hostsharing.net', 'rbac.global#global:ADMIN'); call createHsOfficeMembershipTestData(10001, '01'); call createHsOfficeMembershipTestData(10002, '02'); diff --git a/src/main/resources/db/changelog/5-hs-office/511-coopshares/5113-hs-office-coopshares-rbac.md b/src/main/resources/db/changelog/5-hs-office/511-coopshares/5113-hs-office-coopshares-rbac.md index 23103840..aac10ba1 100644 --- a/src/main/resources/db/changelog/5-hs-office/511-coopshares/5113-hs-office-coopshares-rbac.md +++ b/src/main/resources/db/changelog/5-hs-office/511-coopshares/5113-hs-office-coopshares-rbac.md @@ -86,16 +86,16 @@ subgraph membership.partnerRel.holderPerson["`**membership.partnerRel.holderPers end %% granting roles to roles -role:global:ADMIN -.-> role:membership.partnerRel.anchorPerson:OWNER +role:rbac.global:ADMIN -.-> role:membership.partnerRel.anchorPerson:OWNER role:membership.partnerRel.anchorPerson:OWNER -.-> role:membership.partnerRel.anchorPerson:ADMIN role:membership.partnerRel.anchorPerson:ADMIN -.-> role:membership.partnerRel.anchorPerson:REFERRER -role:global:ADMIN -.-> role:membership.partnerRel.holderPerson:OWNER +role:rbac.global:ADMIN -.-> role:membership.partnerRel.holderPerson:OWNER role:membership.partnerRel.holderPerson:OWNER -.-> role:membership.partnerRel.holderPerson:ADMIN role:membership.partnerRel.holderPerson:ADMIN -.-> role:membership.partnerRel.holderPerson:REFERRER -role:global:ADMIN -.-> role:membership.partnerRel.contact:OWNER +role:rbac.global:ADMIN -.-> role:membership.partnerRel.contact:OWNER role:membership.partnerRel.contact:OWNER -.-> role:membership.partnerRel.contact:ADMIN role:membership.partnerRel.contact:ADMIN -.-> role:membership.partnerRel.contact:REFERRER -role:global:ADMIN -.-> role:membership.partnerRel:OWNER +role:rbac.global:ADMIN -.-> role:membership.partnerRel:OWNER role:membership.partnerRel:OWNER -.-> role:membership.partnerRel:ADMIN role:membership.partnerRel:ADMIN -.-> role:membership.partnerRel:AGENT role:membership.partnerRel:AGENT -.-> role:membership.partnerRel:TENANT diff --git a/src/main/resources/db/changelog/5-hs-office/512-coopassets/5123-hs-office-coopassets-rbac.md b/src/main/resources/db/changelog/5-hs-office/512-coopassets/5123-hs-office-coopassets-rbac.md index de30185b..dba2011f 100644 --- a/src/main/resources/db/changelog/5-hs-office/512-coopassets/5123-hs-office-coopassets-rbac.md +++ b/src/main/resources/db/changelog/5-hs-office/512-coopassets/5123-hs-office-coopassets-rbac.md @@ -86,16 +86,16 @@ subgraph membership.partnerRel.holderPerson["`**membership.partnerRel.holderPers end %% granting roles to roles -role:global:ADMIN -.-> role:membership.partnerRel.anchorPerson:OWNER +role:rbac.global:ADMIN -.-> role:membership.partnerRel.anchorPerson:OWNER role:membership.partnerRel.anchorPerson:OWNER -.-> role:membership.partnerRel.anchorPerson:ADMIN role:membership.partnerRel.anchorPerson:ADMIN -.-> role:membership.partnerRel.anchorPerson:REFERRER -role:global:ADMIN -.-> role:membership.partnerRel.holderPerson:OWNER +role:rbac.global:ADMIN -.-> role:membership.partnerRel.holderPerson:OWNER role:membership.partnerRel.holderPerson:OWNER -.-> role:membership.partnerRel.holderPerson:ADMIN role:membership.partnerRel.holderPerson:ADMIN -.-> role:membership.partnerRel.holderPerson:REFERRER -role:global:ADMIN -.-> role:membership.partnerRel.contact:OWNER +role:rbac.global:ADMIN -.-> role:membership.partnerRel.contact:OWNER role:membership.partnerRel.contact:OWNER -.-> role:membership.partnerRel.contact:ADMIN role:membership.partnerRel.contact:ADMIN -.-> role:membership.partnerRel.contact:REFERRER -role:global:ADMIN -.-> role:membership.partnerRel:OWNER +role:rbac.global:ADMIN -.-> role:membership.partnerRel:OWNER role:membership.partnerRel:OWNER -.-> role:membership.partnerRel:ADMIN role:membership.partnerRel:ADMIN -.-> role:membership.partnerRel:AGENT role:membership.partnerRel:AGENT -.-> role:membership.partnerRel:TENANT diff --git a/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6203-hs-booking-project-rbac.md b/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6203-hs-booking-project-rbac.md index 7fb81cd7..3f4204f3 100644 --- a/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6203-hs-booking-project-rbac.md +++ b/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6203-hs-booking-project-rbac.md @@ -44,7 +44,7 @@ subgraph project["`**project**`"] end %% granting roles to roles -role:global:ADMIN -.-> role:debitorRel:OWNER +role:rbac.global:ADMIN -.-> role:debitorRel:OWNER role:debitorRel:OWNER -.-> role:debitorRel:ADMIN role:debitorRel:ADMIN -.-> role:debitorRel:AGENT role:debitorRel:AGENT -.-> role:debitorRel:TENANT @@ -56,7 +56,7 @@ role:project:TENANT ==> role:debitorRel:TENANT %% granting permissions to roles role:debitorRel:ADMIN ==> perm:project:INSERT -role:global:ADMIN ==> perm:project:DELETE +role:rbac.global:ADMIN ==> perm:project:DELETE role:project:ADMIN ==> perm:project:UPDATE role:project:TENANT ==> perm:project:SELECT diff --git a/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6208-hs-booking-project-test-data.sql b/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6208-hs-booking-project-test-data.sql index 459f4cee..d9f2653d 100644 --- a/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6208-hs-booking-project-test-data.sql +++ b/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6208-hs-booking-project-test-data.sql @@ -39,7 +39,7 @@ end; $$; do language plpgsql $$ begin - call basis.defineContext('creating booking-project test-data', null, 'superuser-alex@hostsharing.net', 'global#global:ADMIN'); + call basis.defineContext('creating booking-project test-data', null, 'superuser-alex@hostsharing.net', 'rbac.global#global:ADMIN'); call createHsBookingProjectTransactionTestData(10001, '11'); call createHsBookingProjectTransactionTestData(10002, '12'); diff --git a/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6203-hs-booking-item-rbac.md b/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6203-hs-booking-item-rbac.md index 4775616f..4c19e05f 100644 --- a/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6203-hs-booking-item-rbac.md +++ b/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6203-hs-booking-item-rbac.md @@ -54,8 +54,8 @@ role:bookingItem:AGENT ==> role:bookingItem:TENANT role:bookingItem:TENANT ==> role:project:TENANT %% granting permissions to roles -role:global:ADMIN ==> perm:bookingItem:INSERT -role:global:ADMIN ==> perm:bookingItem:DELETE +role:rbac.global:ADMIN ==> perm:bookingItem:INSERT +role:rbac.global:ADMIN ==> perm:bookingItem:DELETE role:project:ADMIN ==> perm:bookingItem:INSERT role:bookingItem:ADMIN ==> perm:bookingItem:UPDATE role:bookingItem:TENANT ==> perm:bookingItem:SELECT diff --git a/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6203-hs-booking-item-rbac.sql b/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6203-hs-booking-item-rbac.sql index bc47690a..55467ff8 100644 --- a/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6203-hs-booking-item-rbac.sql +++ b/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6203-hs-booking-item-rbac.sql @@ -105,11 +105,11 @@ execute procedure insertTriggerForHsBookingItem_tf(); */ do language plpgsql $$ declare - row global; + row rbac.global%ROWTYPE; begin - call basis.defineContext('create INSERT INTO hs_booking_item permissions for pre-exising global rows'); + call basis.defineContext('create INSERT INTO hs_booking_item permissions for pre-exising rbac.global rows'); - FOR row IN SELECT * FROM global + FOR row IN SELECT * FROM rbac.global -- unconditional for all rows in that table LOOP call grantPermissionToRole( @@ -120,7 +120,7 @@ do language plpgsql $$ $$; /** - Grants hs_booking_item INSERT permission to specified role of new global rows. + Grants hs_booking_item INSERT permission to specified role of new rbac.global rows. */ create or replace function new_hs_booking_item_grants_insert_to_global_tf() returns trigger @@ -137,7 +137,7 @@ end; $$; -- z_... is to put it at the end of after insert triggers, to make sure the roles exist create trigger z_new_hs_booking_item_grants_insert_to_global_tg - after insert on global + after insert on rbac.global for each row execute procedure new_hs_booking_item_grants_insert_to_global_tf(); @@ -225,8 +225,8 @@ create or replace function hs_booking_item_insert_permission_check_tf() declare superObjectUuid uuid; begin - -- check INSERT INSERT if global ADMIN - if isGlobalAdmin() then + -- check INSERT INSERT if rbac.Global ADMIN + if rbac.isGlobalAdmin() then return NEW; end if; -- check INSERT permission via direct foreign key: NEW.projectUuid diff --git a/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6208-hs-booking-item-test-data.sql b/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6208-hs-booking-item-test-data.sql index aa610cf8..67522d9b 100644 --- a/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6208-hs-booking-item-test-data.sql +++ b/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6208-hs-booking-item-test-data.sql @@ -47,7 +47,7 @@ do language plpgsql $$ declare currentTask text; begin - call basis.defineContext('creating booking-item test-data', null, 'superuser-alex@hostsharing.net', 'global#global:ADMIN'); + call basis.defineContext('creating booking-item test-data', null, 'superuser-alex@hostsharing.net', 'rbac.global#global:ADMIN'); call createHsBookingItemTransactionTestData(10001, '11'); call createHsBookingItemTransactionTestData(10002, '12'); diff --git a/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6303-hs-booking-item-rbac.md b/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6303-hs-booking-item-rbac.md index 4775616f..4c19e05f 100644 --- a/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6303-hs-booking-item-rbac.md +++ b/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6303-hs-booking-item-rbac.md @@ -54,8 +54,8 @@ role:bookingItem:AGENT ==> role:bookingItem:TENANT role:bookingItem:TENANT ==> role:project:TENANT %% granting permissions to roles -role:global:ADMIN ==> perm:bookingItem:INSERT -role:global:ADMIN ==> perm:bookingItem:DELETE +role:rbac.global:ADMIN ==> perm:bookingItem:INSERT +role:rbac.global:ADMIN ==> perm:bookingItem:DELETE role:project:ADMIN ==> perm:bookingItem:INSERT role:bookingItem:ADMIN ==> perm:bookingItem:UPDATE role:bookingItem:TENANT ==> perm:bookingItem:SELECT diff --git a/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6303-hs-booking-item-rbac.sql b/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6303-hs-booking-item-rbac.sql index bc47690a..55467ff8 100644 --- a/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6303-hs-booking-item-rbac.sql +++ b/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6303-hs-booking-item-rbac.sql @@ -105,11 +105,11 @@ execute procedure insertTriggerForHsBookingItem_tf(); */ do language plpgsql $$ declare - row global; + row rbac.global%ROWTYPE; begin - call basis.defineContext('create INSERT INTO hs_booking_item permissions for pre-exising global rows'); + call basis.defineContext('create INSERT INTO hs_booking_item permissions for pre-exising rbac.global rows'); - FOR row IN SELECT * FROM global + FOR row IN SELECT * FROM rbac.global -- unconditional for all rows in that table LOOP call grantPermissionToRole( @@ -120,7 +120,7 @@ do language plpgsql $$ $$; /** - Grants hs_booking_item INSERT permission to specified role of new global rows. + Grants hs_booking_item INSERT permission to specified role of new rbac.global rows. */ create or replace function new_hs_booking_item_grants_insert_to_global_tf() returns trigger @@ -137,7 +137,7 @@ end; $$; -- z_... is to put it at the end of after insert triggers, to make sure the roles exist create trigger z_new_hs_booking_item_grants_insert_to_global_tg - after insert on global + after insert on rbac.global for each row execute procedure new_hs_booking_item_grants_insert_to_global_tf(); @@ -225,8 +225,8 @@ create or replace function hs_booking_item_insert_permission_check_tf() declare superObjectUuid uuid; begin - -- check INSERT INSERT if global ADMIN - if isGlobalAdmin() then + -- check INSERT INSERT if rbac.Global ADMIN + if rbac.isGlobalAdmin() then return NEW; end if; -- check INSERT permission via direct foreign key: NEW.projectUuid diff --git a/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7013-hs-hosting-asset-rbac.md b/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7013-hs-hosting-asset-rbac.md index d06f9f9a..b5ece0c6 100644 --- a/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7013-hs-hosting-asset-rbac.md +++ b/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7013-hs-hosting-asset-rbac.md @@ -88,10 +88,10 @@ user:creator ==> role:asset:OWNER role:bookingItem:OWNER -.-> role:bookingItem:ADMIN role:bookingItem:ADMIN -.-> role:bookingItem:AGENT role:bookingItem:AGENT -.-> role:bookingItem:TENANT -role:global:ADMIN -.-> role:alarmContact:OWNER +role:rbac.global:ADMIN -.-> role:alarmContact:OWNER role:alarmContact:OWNER -.-> role:alarmContact:ADMIN role:alarmContact:ADMIN -.-> role:alarmContact:REFERRER -role:global:ADMIN ==>|XX| role:asset:OWNER +role:rbac.global:ADMIN ==>|XX| role:asset:OWNER role:bookingItem:ADMIN ==> role:asset:OWNER role:parentAsset:ADMIN ==> role:asset:OWNER role:asset:OWNER ==> role:asset:ADMIN @@ -107,9 +107,9 @@ role:asset:TENANT ==> role:parentAsset:TENANT role:alarmContact:ADMIN ==> role:asset:TENANT %% granting permissions to roles -role:global:ADMIN ==> perm:asset:INSERT +role:rbac.global:ADMIN ==> perm:asset:INSERT role:parentAsset:ADMIN ==> perm:asset:INSERT -role:global:GUEST ==> perm:asset:INSERT +role:rbac.global:GUEST ==> perm:asset:INSERT role:asset:OWNER ==> perm:asset:DELETE role:asset:ADMIN ==> perm:asset:UPDATE role:asset:TENANT ==> perm:asset:SELECT diff --git a/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7018-hs-hosting-asset-test-data.sql b/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7018-hs-hosting-asset-test-data.sql index 91610a8b..b24e01a3 100644 --- a/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7018-hs-hosting-asset-test-data.sql +++ b/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7018-hs-hosting-asset-test-data.sql @@ -30,7 +30,7 @@ declare pgSqlInstanceUuid uuid; PgSqlSubjectUuid uuid; begin - call basis.defineContext('creating hosting-asset test-data', null, 'superuser-alex@hostsharing.net', 'global#global:ADMIN'); + call basis.defineContext('creating hosting-asset test-data', null, 'superuser-alex@hostsharing.net', 'rbac.global#global:ADMIN'); select project.* into relatedProject from hs_booking_project project @@ -110,7 +110,7 @@ end; $$; do language plpgsql $$ begin - call basis.defineContext('creating hosting-asset test-data', null, 'superuser-alex@hostsharing.net', 'global#global:ADMIN'); + call basis.defineContext('creating hosting-asset test-data', null, 'superuser-alex@hostsharing.net', 'rbac.global#global:ADMIN'); call createHsHostingAssetTestData('D-1000111 default project'); call createHsHostingAssetTestData('D-1000212 default project'); diff --git a/src/main/resources/db/changelog/9-hs-global/9000-statistics.sql b/src/main/resources/db/changelog/9-hs-global/9000-statistics.sql index 7265d2cc..4386fcb9 100644 --- a/src/main/resources/db/changelog/9-hs-global/9000-statistics.sql +++ b/src/main/resources/db/changelog/9-hs-global/9000-statistics.sql @@ -6,7 +6,7 @@ CREATE VIEW hs_statistics_view AS select * from (select count, "table" as "rbac-table", '' as "hs-table", '' as "type" - from rbacstatisticsview + from rbac.statistics_v union all select to_char(count(*)::int, '9 999 999 999') as "count", 'objects' as "rbac-table", objecttable as "hs-table", '' as "type" from rbac.object diff --git a/src/main/resources/db/changelog/db.changelog-master.yaml b/src/main/resources/db/changelog/db.changelog-master.yaml index 51fa853b..bdd6d3c5 100644 --- a/src/main/resources/db/changelog/db.changelog-master.yaml +++ b/src/main/resources/db/changelog/db.changelog-master.yaml @@ -158,4 +158,4 @@ databaseChangeLog: - include: file: db/changelog/7-hs-hosting/701-hosting-asset/7018-hs-hosting-asset-test-data.sql - include: - file: db/changelog/9-hs-global/9000-statistics.sql + file: db/changelog/9-hs-global/9000-statistics.sql diff --git a/src/test/java/net/hostsharing/hsadminng/arch/ArchitectureTest.java b/src/test/java/net/hostsharing/hsadminng/arch/ArchitectureTest.java index ee19f534..3d31a30b 100644 --- a/src/test/java/net/hostsharing/hsadminng/arch/ArchitectureTest.java +++ b/src/test/java/net/hostsharing/hsadminng/arch/ArchitectureTest.java @@ -68,7 +68,7 @@ public class ArchitectureTest { "..mapper", "..ping", "..rbac", - "..rbac.rbacSubject", + "..rbac.subject", "..rbac.rbacgrant", "..rbac.rbacrole", "..rbac.rbacobject", diff --git a/src/test/java/net/hostsharing/hsadminng/hs/booking/item/HsBookingItemRepositoryIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/hs/booking/item/HsBookingItemRepositoryIntegrationTest.java index 40292ce3..cda131b2 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/booking/item/HsBookingItemRepositoryIntegrationTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/booking/item/HsBookingItemRepositoryIntegrationTest.java @@ -175,9 +175,9 @@ class HsBookingItemRepositoryIntegrationTest extends ContextBasedTestWithCleanup .containsExactlyInAnyOrder(fromFormatted( initialGrantNames, - // global-admin + // rbac.global-admin "{ grant perm:hs_booking_item#somenewbookingitem:INSERT>hs_booking_item to role:hs_booking_item#somenewbookingitem:ADMIN by system and assume }", - "{ grant perm:hs_booking_item#somenewbookingitem:DELETE to role:global#global:ADMIN by system and assume }", + "{ grant perm:hs_booking_item#somenewbookingitem:DELETE to role:rbac.global#global:ADMIN by system and assume }", // owner "{ grant role:hs_booking_item#somenewbookingitem:OWNER to role:hs_booking_project#D-1000111-D-1000111defaultproject:AGENT by system and assume }", diff --git a/src/test/java/net/hostsharing/hsadminng/hs/booking/project/HsBookingProjectRepositoryIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/hs/booking/project/HsBookingProjectRepositoryIntegrationTest.java index 6fc7c555..ccab7074 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/booking/project/HsBookingProjectRepositoryIntegrationTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/booking/project/HsBookingProjectRepositoryIntegrationTest.java @@ -161,8 +161,8 @@ class HsBookingProjectRepositoryIntegrationTest extends ContextBasedTestWithClea .containsExactlyInAnyOrder(fromFormatted( initialGrantNames, - // global-admin - "{ grant perm:hs_booking_project#D-1000111-somenewbookingproject:DELETE to role:global#global:ADMIN by system and assume }", + // rbacgGlobal-admin + "{ grant perm:hs_booking_project#D-1000111-somenewbookingproject:DELETE to role:rbac.global#global:ADMIN by system and assume }", // owner "{ grant role:hs_booking_project#D-1000111-somenewbookingproject:ADMIN to role:hs_booking_project#D-1000111-somenewbookingproject:OWNER by system and assume }", diff --git a/src/test/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAssetRepositoryIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAssetRepositoryIntegrationTest.java index c2469a30..f54ee4cb 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAssetRepositoryIntegrationTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAssetRepositoryIntegrationTest.java @@ -200,8 +200,8 @@ class HsHostingAssetRepositoryIntegrationTest extends ContextBasedTestWithCleanu .containsExactlyInAnyOrder(fromFormatted( initialGrantNames, - // global-admin - "{ grant role:hs_hosting_asset#fir00:OWNER to role:global#global:ADMIN by system }", // workaround + // rbac.global-admin + "{ grant role:hs_hosting_asset#fir00:OWNER to role:rbac.global#global:ADMIN by system }", // workaround // owner "{ grant role:hs_hosting_asset#fir00:OWNER to user:superuser-alex@hostsharing.net by hs_hosting_asset#fir00:OWNER and assume }", @@ -250,7 +250,7 @@ class HsHostingAssetRepositoryIntegrationTest extends ContextBasedTestWithCleanu context("person-SmithPeter@example.com"); assertThatAssetIsPersisted(result.returnedValue()); - // ... a global admin can see the new domain setup as well if the domain OWNER role is assumed + // ... a rbac.global admin can see the new domain setup as well if the domain OWNER role is assumed context("superuser-alex@hostsharing.net", "hs_hosting_asset#example.net:OWNER"); // only works with the assumed role assertThatAssetIsPersisted(result.returnedValue()); } diff --git a/src/test/java/net/hostsharing/hsadminng/hs/office/bankaccount/HsOfficeBankAccountRepositoryIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/hs/office/bankaccount/HsOfficeBankAccountRepositoryIntegrationTest.java index b7baaa95..c5882f7c 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/office/bankaccount/HsOfficeBankAccountRepositoryIntegrationTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/office/bankaccount/HsOfficeBankAccountRepositoryIntegrationTest.java @@ -109,7 +109,7 @@ class HsOfficeBankAccountRepositoryIntegrationTest extends ContextBasedTestWithC assertThat(distinctGrantDisplaysOf(rawGrantRepo.findAll())).containsExactlyInAnyOrder(Array.fromFormatted( initialGrantNames, "{ grant perm:hs_office_bankaccount#DE25500105176934832579:DELETE to role:hs_office_bankaccount#DE25500105176934832579:OWNER by system and assume }", - "{ grant role:hs_office_bankaccount#DE25500105176934832579:OWNER to role:global#global:ADMIN by system and assume }", + "{ grant role:hs_office_bankaccount#DE25500105176934832579:OWNER to role:rbac.global#global:ADMIN by system and assume }", "{ grant role:hs_office_bankaccount#DE25500105176934832579:OWNER to user:selfregistered-user-drew@hostsharing.org by hs_office_bankaccount#DE25500105176934832579:OWNER and assume }", "{ grant role:hs_office_bankaccount#DE25500105176934832579:ADMIN to role:hs_office_bankaccount#DE25500105176934832579:OWNER by system and assume }", diff --git a/src/test/java/net/hostsharing/hsadminng/hs/office/contact/HsOfficeContactRbacRepositoryIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/hs/office/contact/HsOfficeContactRbacRepositoryIntegrationTest.java index dbaccbbd..9fc25607 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/office/contact/HsOfficeContactRbacRepositoryIntegrationTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/office/contact/HsOfficeContactRbacRepositoryIntegrationTest.java @@ -109,7 +109,7 @@ class HsOfficeContactRbacRepositoryIntegrationTest extends ContextBasedTestWithC )); assertThat(distinctGrantDisplaysOf(rawGrantRepo.findAll())).containsExactlyInAnyOrder(Array.fromFormatted( initialGrantNames, - "{ grant role:hs_office_contact#anothernewcontact:OWNER to role:global#global:ADMIN by system and assume }", + "{ grant role:hs_office_contact#anothernewcontact:OWNER to role:rbac.global#global:ADMIN by system and assume }", "{ grant perm:hs_office_contact#anothernewcontact:UPDATE to role:hs_office_contact#anothernewcontact:ADMIN by system and assume }", "{ grant role:hs_office_contact#anothernewcontact:OWNER to user:selfregistered-user-drew@hostsharing.org by hs_office_contact#anothernewcontact:OWNER and assume }", "{ grant perm:hs_office_contact#anothernewcontact:DELETE to role:hs_office_contact#anothernewcontact:OWNER by system and assume }", diff --git a/src/test/java/net/hostsharing/hsadminng/hs/office/debitor/HsOfficeDebitorRepositoryIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/hs/office/debitor/HsOfficeDebitorRepositoryIntegrationTest.java index ac29eb5e..50eb7164 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/office/debitor/HsOfficeDebitorRepositoryIntegrationTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/office/debitor/HsOfficeDebitorRepositoryIntegrationTest.java @@ -190,7 +190,7 @@ class HsOfficeDebitorRepositoryIntegrationTest extends ContextBasedTestWithClean // owner "{ grant perm:debitor#D-1000122:DELETE to role:relation#FirstGmbH-with-DEBITOR-FourtheG:OWNER by system and assume }", "{ grant perm:relation#FirstGmbH-with-DEBITOR-FourtheG:DELETE to role:relation#FirstGmbH-with-DEBITOR-FourtheG:OWNER by system and assume }", - "{ grant role:relation#FirstGmbH-with-DEBITOR-FourtheG:OWNER to role:global#global:ADMIN by system and assume }", + "{ grant role:relation#FirstGmbH-with-DEBITOR-FourtheG:OWNER to role:rbac.global#global:ADMIN by system and assume }", "{ grant role:relation#FirstGmbH-with-DEBITOR-FourtheG:OWNER to role:person#FirstGmbH:ADMIN by system and assume }", "{ grant role:relation#FirstGmbH-with-DEBITOR-FourtheG:OWNER to user:superuser-alex@hostsharing.net by relation#FirstGmbH-with-DEBITOR-FourtheG:OWNER and assume }", @@ -349,7 +349,7 @@ class HsOfficeDebitorRepositoryIntegrationTest extends ContextBasedTestWithClean // then result.assertSuccessful(); - assertThatDebitorIsVisibleForUserWithRole(result.returnedValue(), "global#global:ADMIN", true); + assertThatDebitorIsVisibleForUserWithRole(result.returnedValue(), "rbac.global#global:ADMIN", true); // ... partner role was reassigned: assertThatDebitorIsNotVisibleForUserWithRole( @@ -398,7 +398,7 @@ class HsOfficeDebitorRepositoryIntegrationTest extends ContextBasedTestWithClean result.assertSuccessful(); assertThatDebitorIsVisibleForUserWithRole( result.returnedValue(), - "global#global:ADMIN", true); + "rbac.global#global:ADMIN", true); // ... bank-account role was assigned: assertThatDebitorIsVisibleForUserWithRole( @@ -427,7 +427,7 @@ class HsOfficeDebitorRepositoryIntegrationTest extends ContextBasedTestWithClean result.assertSuccessful(); assertThatDebitorIsVisibleForUserWithRole( result.returnedValue(), - "global#global:ADMIN", true); + "rbac.global#global:ADMIN", true); // ... bank-account role was removed from previous bank-account admin: assertThatDebitorIsNotVisibleForUserWithRole( diff --git a/src/test/java/net/hostsharing/hsadminng/hs/office/partner/HsOfficePartnerRepositoryIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/hs/office/partner/HsOfficePartnerRepositoryIntegrationTest.java index 055a835c..f9db0bfa 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/office/partner/HsOfficePartnerRepositoryIntegrationTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/office/partner/HsOfficePartnerRepositoryIntegrationTest.java @@ -158,7 +158,7 @@ class HsOfficePartnerRepositoryIntegrationTest extends ContextBasedTestWithClean "{ grant perm:relation#HostsharingeG-with-PARTNER-EBess:SELECT to role:relation#HostsharingeG-with-PARTNER-EBess:TENANT by system and assume }", // relation owner - "{ grant role:relation#HostsharingeG-with-PARTNER-EBess:OWNER to role:global#global:ADMIN by system and assume }", + "{ grant role:relation#HostsharingeG-with-PARTNER-EBess:OWNER to role:rbac.global#global:ADMIN by system and assume }", "{ grant role:relation#HostsharingeG-with-PARTNER-EBess:OWNER to user:superuser-alex@hostsharing.net by relation#HostsharingeG-with-PARTNER-EBess:OWNER and assume }", // relation admin @@ -278,7 +278,7 @@ class HsOfficePartnerRepositoryIntegrationTest extends ContextBasedTestWithClean assertThatPartnerIsVisibleForUserWithRole( givenPartner, - "global#global:ADMIN"); + "rbac.global#global:ADMIN"); assertThatPartnerIsVisibleForUserWithRole( givenPartner, "hs_office_person#ThirdOHG:ADMIN"); diff --git a/src/test/java/net/hostsharing/hsadminng/hs/office/person/HsOfficePersonRepositoryIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/hs/office/person/HsOfficePersonRepositoryIntegrationTest.java index 5445ff29..571fe256 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/office/person/HsOfficePersonRepositoryIntegrationTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/office/person/HsOfficePersonRepositoryIntegrationTest.java @@ -112,7 +112,7 @@ class HsOfficePersonRepositoryIntegrationTest extends ContextBasedTestWithCleanu "{ grant perm:hs_office_person#anothernewperson:INSERT>hs_office_relation to role:hs_office_person#anothernewperson:ADMIN by system and assume }", "{ grant role:hs_office_person#anothernewperson:OWNER to user:selfregistered-user-drew@hostsharing.org by hs_office_person#anothernewperson:OWNER and assume }", - "{ grant role:hs_office_person#anothernewperson:OWNER to role:global#global:ADMIN by system and assume }", + "{ grant role:hs_office_person#anothernewperson:OWNER to role:rbac.global#global:ADMIN by system and assume }", "{ grant perm:hs_office_person#anothernewperson:UPDATE to role:hs_office_person#anothernewperson:ADMIN by system and assume }", "{ grant perm:hs_office_person#anothernewperson:DELETE to role:hs_office_person#anothernewperson:OWNER by system and assume }", "{ grant role:hs_office_person#anothernewperson:ADMIN to role:hs_office_person#anothernewperson:OWNER by system and assume }", diff --git a/src/test/java/net/hostsharing/hsadminng/hs/office/relation/HsOfficeRelationRepositoryIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/hs/office/relation/HsOfficeRelationRepositoryIntegrationTest.java index 3092fb54..ac97db26 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/office/relation/HsOfficeRelationRepositoryIntegrationTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/office/relation/HsOfficeRelationRepositoryIntegrationTest.java @@ -133,7 +133,7 @@ class HsOfficeRelationRepositoryIntegrationTest extends ContextBasedTestWithClea initialGrantNames, "{ grant perm:hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:DELETE to role:hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:OWNER by system and assume }", - "{ grant role:hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:OWNER to role:global#global:ADMIN by system and assume }", + "{ grant role:hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:OWNER to role:rbac.global#global:ADMIN by system and assume }", "{ grant role:hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:OWNER to user:superuser-alex@hostsharing.net by hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:OWNER and assume }", "{ grant perm:hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:UPDATE to role:hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:ADMIN by system and assume }", @@ -233,7 +233,7 @@ class HsOfficeRelationRepositoryIntegrationTest extends ContextBasedTestWithClea assertThat(result.returnedValue().getContact().getCaption()).isEqualTo("sixth contact"); assertThatRelationIsVisibleForUserWithRole( result.returnedValue(), - "global#global:ADMIN"); + "rbac.global#global:ADMIN"); assertThatRelationIsVisibleForUserWithRole( result.returnedValue(), "hs_office_contact#sixthcontact:ADMIN"); diff --git a/src/test/java/net/hostsharing/hsadminng/hs/office/sepamandate/HsOfficeSepaMandateRepositoryIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/hs/office/sepamandate/HsOfficeSepaMandateRepositoryIntegrationTest.java index 8f7d7260..c41d1764 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/office/sepamandate/HsOfficeSepaMandateRepositoryIntegrationTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/office/sepamandate/HsOfficeSepaMandateRepositoryIntegrationTest.java @@ -128,7 +128,7 @@ class HsOfficeSepaMandateRepositoryIntegrationTest extends ContextBasedTestWithC // owner "{ grant perm:sepamandate#DE02600501010002034304-[2020-01-01,2023-01-01):DELETE to role:sepamandate#DE02600501010002034304-[2020-01-01,2023-01-01):OWNER by system and assume }", - "{ grant role:sepamandate#DE02600501010002034304-[2020-01-01,2023-01-01):OWNER to role:global#global:ADMIN by system and assume }", + "{ grant role:sepamandate#DE02600501010002034304-[2020-01-01,2023-01-01):OWNER to role:rbac.global#global:ADMIN by system and assume }", "{ grant role:sepamandate#DE02600501010002034304-[2020-01-01,2023-01-01):OWNER to user:superuser-alex@hostsharing.net by sepamandate#DE02600501010002034304-[2020-01-01,2023-01-01):OWNER and assume }", // admin diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantControllerAcceptanceTest.java b/src/test/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantControllerAcceptanceTest.java index fca0ab74..4a91a3bb 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantControllerAcceptanceTest.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantControllerAcceptanceTest.java @@ -86,8 +86,8 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest { )) .body("", hasItem( allOf( - hasEntry("grantedByRoleIdName", "global#global:ADMIN"), - hasEntry("grantedRoleIdName", "global#global:ADMIN"), + hasEntry("grantedByRoleIdName", "rbac.global#global:ADMIN"), + hasEntry("grantedRoleIdName", "rbac.global#global:ADMIN"), hasEntry("granteeSubjectName", "superuser-fran@hostsharing.net") ) )) diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleControllerAcceptanceTest.java b/src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleControllerAcceptanceTest.java index 5492d6d1..29c525a0 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleControllerAcceptanceTest.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleControllerAcceptanceTest.java @@ -46,7 +46,7 @@ class RbacRoleControllerAcceptanceTest { .body("", hasItem(hasEntry("roleName", "test_customer#xxx:OWNER"))) .body("", hasItem(hasEntry("roleName", "test_customer#xxx:TENANT"))) // ... - .body("", hasItem(hasEntry("roleName", "global#global:ADMIN"))) + .body("", hasItem(hasEntry("roleName", "rbac.global#global:ADMIN"))) .body("", hasItem(hasEntry("roleName", "test_customer#yyy:ADMIN"))) .body("", hasItem(hasEntry("roleName", "test_package#yyy00:ADMIN"))) .body("", hasItem(hasEntry("roleName", "test_domain#yyy00-aaaa:OWNER"))) diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleControllerRestTest.java b/src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleControllerRestTest.java index 2686ade7..7aedb65f 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleControllerRestTest.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleControllerRestTest.java @@ -73,7 +73,7 @@ class RbacRoleControllerRestTest { // then .andExpect(status().isOk()) .andExpect(jsonPath("$", hasSize(3))) - .andExpect(jsonPath("$[0].roleName", is("global#global:ADMIN"))) + .andExpect(jsonPath("$[0].roleName", is("rbac.global#global:ADMIN"))) .andExpect(jsonPath("$[1].roleName", is("test_customer#xxx:OWNER"))) .andExpect(jsonPath("$[2].roleName", is("test_customer#xxx:ADMIN"))) .andExpect(jsonPath("$[2].uuid", is(customerXxxAdmin.getUuid().toString()))) diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleRepositoryIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleRepositoryIntegrationTest.java index 71182cd1..b7e3b3d9 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleRepositoryIntegrationTest.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleRepositoryIntegrationTest.java @@ -39,7 +39,7 @@ class RbacRoleRepositoryIntegrationTest { private static final String[] ALL_TEST_DATA_ROLES = Array.of( // @formatter:off - "global#global:ADMIN", + "rbac.global#global:ADMIN", "test_customer#xxx:ADMIN", "test_customer#xxx:OWNER", "test_customer#xxx:TENANT", "test_package#xxx00:ADMIN", "test_package#xxx00:OWNER", "test_package#xxx00:TENANT", "test_package#xxx01:ADMIN", "test_package#xxx01:OWNER", "test_package#xxx01:TENANT", @@ -70,7 +70,7 @@ class RbacRoleRepositoryIntegrationTest { @Test public void globalAdmin_withAssumedglobalAdminRole_canViewAllRbacRoles() { given: - context.define("superuser-alex@hostsharing.net", "global#global:ADMIN"); + context.define("superuser-alex@hostsharing.net", "rbac.global#global:ADMIN"); // when final var result = rbacRoleRepository.findAll(); @@ -110,7 +110,7 @@ class RbacRoleRepositoryIntegrationTest { noneOfTheseRbacRolesIsReturned( result, // @formatter:off - "global#global:ADMIN", + "rbac.global#global:ADMIN", "test_customer#xxx:OWNER", "test_package#yyy00:ADMIN", "test_package#yyy00:OWNER", diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/TestRbacRole.java b/src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/TestRbacRole.java index 73e30a1b..69b353b5 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/TestRbacRole.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/TestRbacRole.java @@ -4,7 +4,7 @@ import static java.util.UUID.randomUUID; public class TestRbacRole { - public static final RbacRoleEntity hostmasterRole = rbacRole("global", "global", RbacRoleType.ADMIN); + public static final RbacRoleEntity hostmasterRole = rbacRole("rbac.global", "global", RbacRoleType.ADMIN); static final RbacRoleEntity customerXxxOwner = rbacRole("test_customer", "xxx", RbacRoleType.OWNER); static final RbacRoleEntity customerXxxAdmin = rbacRole("test_customer", "xxx", RbacRoleType.ADMIN); diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/subject/RbacSubjectRepositoryIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/rbac/subject/RbacSubjectRepositoryIntegrationTest.java index 841acfdf..d6e50c46 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/subject/RbacSubjectRepositoryIntegrationTest.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/subject/RbacSubjectRepositoryIntegrationTest.java @@ -116,7 +116,7 @@ class RbacSubjectRepositoryIntegrationTest extends ContextBasedTest { @Test public void globalAdmin_withAssumedglobalAdminRole_canViewAllRbacSubjects() { given: - context("superuser-alex@hostsharing.net", "global#global:ADMIN"); + context("superuser-alex@hostsharing.net", "rbac.global#global:ADMIN"); // when final var result = rbacSubjectRepository.findByOptionalNameLike(null); diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/test/cust/TestCustomerEntityUnitTest.java b/src/test/java/net/hostsharing/hsadminng/rbac/test/cust/TestCustomerEntityUnitTest.java index e7107909..c0ceb9c3 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/test/cust/TestCustomerEntityUnitTest.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/test/cust/TestCustomerEntityUnitTest.java @@ -13,19 +13,19 @@ class TestCustomerEntityUnitTest { assertThat(rbacFlowchart).isEqualTo(""" %%{init:{'flowchart':{'htmlLabels':false}}}%% flowchart TB - + subgraph customer["`**customer**`"] direction TB style customer fill:#dd4901,stroke:#274d6e,stroke-width:8px - + subgraph customer:roles[ ] style customer:roles fill:#dd4901,stroke:white - + role:customer:OWNER[[customer:OWNER]] role:customer:ADMIN[[customer:ADMIN]] role:customer:TENANT[[customer:TENANT]] end - + subgraph customer:permissions[ ] style customer:permissions fill:#dd4901,stroke:white @@ -40,12 +40,12 @@ class TestCustomerEntityUnitTest { user:creator ==>|XX| role:customer:OWNER %% granting roles to roles - role:global:ADMIN ==>|XX| role:customer:OWNER + role:rbac.global:ADMIN ==>|XX| role:customer:OWNER role:customer:OWNER ==> role:customer:ADMIN role:customer:ADMIN ==> role:customer:TENANT %% granting permissions to roles - role:global:ADMIN ==> perm:customer:INSERT + role:rbac.global:ADMIN ==> perm:customer:INSERT role:customer:OWNER ==> perm:customer:DELETE role:customer:ADMIN ==> perm:customer:UPDATE role:customer:TENANT ==> perm:customer:SELECT diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/test/pac/TestPackageEntityUnitTest.java b/src/test/java/net/hostsharing/hsadminng/rbac/test/pac/TestPackageEntityUnitTest.java index 824bb1bb..35d36c54 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/test/pac/TestPackageEntityUnitTest.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/test/pac/TestPackageEntityUnitTest.java @@ -50,7 +50,7 @@ class TestPackageEntityUnitTest { end %% granting roles to roles - role:global:ADMIN -.->|XX| role:customer:OWNER + role:rbac.global:ADMIN -.->|XX| role:customer:OWNER role:customer:OWNER -.-> role:customer:ADMIN role:customer:ADMIN -.-> role:customer:TENANT role:customer:ADMIN ==> role:package:OWNER diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/test/pac/TestPackageRepositoryIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/rbac/test/pac/TestPackageRepositoryIntegrationTest.java index a8fd8a50..e4f0e6fb 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/test/pac/TestPackageRepositoryIntegrationTest.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/test/pac/TestPackageRepositoryIntegrationTest.java @@ -40,7 +40,7 @@ class TestPackageRepositoryIntegrationTest extends ContextBasedTest { @Test public void globalAdmin_withoutAssumedRole_canNotViewAnyPackages_becauseThoseGrantsAreNotAssumed() { // given - // alex is not just global-admin but lso the creating user, thus we use fran + // alex is not just rbac.global-admin but lso the creating user, thus we use fran context.define("superuser-fran@hostsharing.net"); // when @@ -53,7 +53,7 @@ class TestPackageRepositoryIntegrationTest extends ContextBasedTest { @Test public void globalAdmin_withAssumedglobalAdminRole__canNotViewAnyPackages_becauseThoseGrantsAreNotAssumed() { given: - context.define("superuser-alex@hostsharing.net", "global#global:ADMIN"); + context.define("superuser-alex@hostsharing.net", "rbac.global#global:ADMIN"); // when final var result = testPackageRepository.findAllByOptionalNameLike(null); -- 2.39.5 From f0c15f066e295b5c09ea70aebba1f0e1dab057d0 Mon Sep 17 00:00:00 2001 From: Michael Hoennig Date: Fri, 13 Sep 2024 20:21:12 +0200 Subject: [PATCH 30/57] schema basis -> base --- sql/historization.sql | 4 +- .../hsadminng/context/Context.java | 6 +-- .../rbac/rbacdef/InsertTriggerGenerator.java | 2 +- .../000-base-schema.sql} | 4 +- .../001-last-row-count.sql | 2 +- .../{0-basis => 0-base}/002-int-to-var.sql | 8 ++-- .../003-random-in-range.sql | 4 +- .../004-jsonb-changes-delta.sql | 14 +++---- .../005-uuid-ossp-extension.sql | 0 .../006-numeric-hash-functions.sql | 2 +- .../{0-basis => 0-base}/007-table-columns.sql | 2 +- .../008-raise-functions.sql | 4 +- .../009-check-environment.sql | 0 .../{0-basis => 0-base}/010-context.sql | 26 ++++++------- .../{0-basis => 0-base}/020-audit-log.sql | 38 +++++++++---------- .../{0-basis => 0-base}/030-historization.sql | 20 +++++----- .../090-log-slow-queries-extensions.sql | 0 .../db/changelog/1-rbac/1050-rbac-base.sql | 12 +++--- .../1-rbac/1051-rbac-subject-grant.sql | 4 +- .../db/changelog/1-rbac/1054-rbac-context.sql | 22 +++++------ .../db/changelog/1-rbac/1055-rbac-views.sql | 6 +-- .../changelog/1-rbac/1058-rbac-generators.sql | 6 +-- .../db/changelog/1-rbac/1080-rbac-global.sql | 12 +++--- .../2013-test-customer-rbac.sql | 2 +- .../2018-test-customer-test-data.sql | 4 +- .../2023-test-package-rbac.sql | 2 +- .../2028-test-package-test-data.sql | 2 +- .../203-test-domain/2033-test-domain-rbac.sql | 2 +- .../2038-test-domain-test-data.sql | 4 +- .../501-contact/5010-hs-office-contact.sql | 2 +- .../5016-hs-office-contact-migration.sql | 2 +- .../5018-hs-office-contact-test-data.sql | 6 +-- .../502-person/5020-hs-office-person.sql | 2 +- .../5028-hs-office-person-test-data.sql | 6 +-- .../503-relation/5030-hs-office-relation.sql | 2 +- .../5033-hs-office-relation-rbac.sql | 2 +- .../5038-hs-office-relation-test-data.sql | 6 +-- .../504-partner/5040-hs-office-partner.sql | 4 +- .../5043-hs-office-partner-rbac.sql | 2 +- .../5044-hs-office-partner-details-rbac.sql | 2 +- .../5046-hs-office-partner-migration.sql | 2 +- .../5048-hs-office-partner-test-data.sql | 2 +- .../5050-hs-office-bankaccount.sql | 2 +- .../5058-hs-office-bankaccount-test-data.sql | 4 +- .../506-debitor/5060-hs-office-debitor.sql | 2 +- .../5063-hs-office-debitor-rbac.sql | 2 +- .../5068-hs-office-debitor-test-data.sql | 2 +- .../5070-hs-office-sepamandate.sql | 2 +- .../5073-hs-office-sepamandate-rbac.sql | 2 +- .../5076-hs-office-sepamandate-migration.sql | 2 +- .../5078-hs-office-sepamandate-test-data.sql | 2 +- .../5100-hs-office-membership.sql | 2 +- .../5103-hs-office-membership-rbac.sql | 2 +- .../5108-hs-office-membership-test-data.sql | 2 +- .../5110-hs-office-coopshares.sql | 2 +- .../5113-hs-office-coopshares-rbac.sql | 2 +- .../5116-hs-office-coopshares-migration.sql | 2 +- .../5118-hs-office-coopshares-test-data.sql | 2 +- .../5120-hs-office-coopassets.sql | 2 +- .../5123-hs-office-coopassets-rbac.sql | 2 +- .../5126-hs-office-coopassets-migration.sql | 2 +- .../5128-hs-office-coopassets-test-data.sql | 2 +- .../6200-hs-booking-project.sql | 4 +- .../6203-hs-booking-project-rbac.sql | 2 +- .../6208-hs-booking-project-test-data.sql | 2 +- .../630-booking-item/6200-hs-booking-item.sql | 4 +- .../6203-hs-booking-item-rbac.sql | 4 +- .../6208-hs-booking-item-test-data.sql | 2 +- .../6303-hs-booking-item-rbac.sql | 4 +- .../7010-hs-hosting-asset.sql | 6 +-- .../7018-hs-hosting-asset-test-data.sql | 4 +- .../db/changelog/db.changelog-master.yaml | 28 +++++++------- ...sBookingItemRepositoryIntegrationTest.java | 2 +- ...okingProjectRepositoryIntegrationTest.java | 2 +- ...HostingAssetRepositoryIntegrationTest.java | 2 +- .../hsadminng/hs/migration/CsvDataImport.java | 4 +- ...eBankAccountRepositoryIntegrationTest.java | 2 +- ...eContactRbacRepositoryIntegrationTest.java | 2 +- ...sTransactionRepositoryIntegrationTest.java | 2 +- ...sTransactionRepositoryIntegrationTest.java | 2 +- ...fficeDebitorRepositoryIntegrationTest.java | 2 +- ...ceMembershipRepositoryIntegrationTest.java | 2 +- ...fficePartnerRepositoryIntegrationTest.java | 2 +- ...OfficePersonRepositoryIntegrationTest.java | 2 +- ...ficeRelationRepositoryIntegrationTest.java | 2 +- ...eSepaMandateRepositoryIntegrationTest.java | 2 +- .../rbac/context/ContextIntegrationTests.java | 2 +- .../rbac/context/ContextUnitTest.java | 2 +- .../RbacRoleRepositoryIntegrationTest.java | 2 +- 89 files changed, 196 insertions(+), 196 deletions(-) rename src/main/resources/db/changelog/{0-basis/000-basis-schema.sql => 0-base/000-base-schema.sql} (74%) rename src/main/resources/db/changelog/{0-basis => 0-base}/001-last-row-count.sql (92%) rename src/main/resources/db/changelog/{0-basis => 0-base}/002-int-to-var.sql (72%) rename src/main/resources/db/changelog/{0-basis => 0-base}/003-random-in-range.sql (79%) rename src/main/resources/db/changelog/{0-basis => 0-base}/004-jsonb-changes-delta.sql (86%) rename src/main/resources/db/changelog/{0-basis => 0-base}/005-uuid-ossp-extension.sql (100%) rename src/main/resources/db/changelog/{0-basis => 0-base}/006-numeric-hash-functions.sql (85%) rename src/main/resources/db/changelog/{0-basis => 0-base}/007-table-columns.sql (89%) rename src/main/resources/db/changelog/{0-basis => 0-base}/008-raise-functions.sql (86%) rename src/main/resources/db/changelog/{0-basis => 0-base}/009-check-environment.sql (100%) rename src/main/resources/db/changelog/{0-basis => 0-base}/010-context.sql (89%) rename src/main/resources/db/changelog/{0-basis => 0-base}/020-audit-log.sql (78%) rename src/main/resources/db/changelog/{0-basis => 0-base}/030-historization.sql (87%) rename src/main/resources/db/changelog/{0-basis => 0-base}/090-log-slow-queries-extensions.sql (100%) diff --git a/sql/historization.sql b/sql/historization.sql index 89dfbe62..474f05ca 100644 --- a/sql/historization.sql +++ b/sql/historization.sql @@ -24,13 +24,13 @@ delete from hs_hosting_asset where uuid='5aea68d2-3b55-464f-8362-b05c76c5a681':: commit; -- single version at point in time --- set hsadminng.tx_history_txid to (select max(txid) from basis.tx_context where txtimestamp<='2024-08-27 12:13:13.450821'); +-- set hsadminng.tx_history_txid to (select max(txid) from base.tx_context where txtimestamp<='2024-08-27 12:13:13.450821'); set hsadminng.tx_history_txid to ''; set hsadminng.tx_history_timestamp to '2024-08-29 12:42'; -- all versions select tx_history_txid(), txc.txtimestamp, txc.currentSubject, txc.currentTask, haex.* from hs_hosting_asset_ex haex - join basis.tx_context txc on haex.txid=txc.txid + join base.tx_context txc on haex.txid=txc.txid where haex.identifier = 'test@thi.example.org'; select uuid, version, type, identifier, caption from hs_hosting_asset_hv p where identifier = 'test@thi.example.org'; diff --git a/src/main/java/net/hostsharing/hsadminng/context/Context.java b/src/main/java/net/hostsharing/hsadminng/context/Context.java index cf2cf4c4..6ceed023 100644 --- a/src/main/java/net/hostsharing/hsadminng/context/Context.java +++ b/src/main/java/net/hostsharing/hsadminng/context/Context.java @@ -54,7 +54,7 @@ public class Context { final String currentSubject, final String assumedRoles) { final var query = em.createNativeQuery(""" - call basis.defineContext( + call base.defineContext( cast(:currentTask as varchar(127)), cast(:currentRequest as text), cast(:currentSubject as varchar(63)), @@ -72,7 +72,7 @@ public class Context { } public String fetchCurrentSubject() { - return String.valueOf(em.createNativeQuery("select basis.currentSubject()").getSingleResult()); + return String.valueOf(em.createNativeQuery("select base.currentSubject()").getSingleResult()); } public UUID fetchCurrentSubjectUuid() { @@ -80,7 +80,7 @@ public class Context { } public String[] fetchAssumedRoles() { - return (String[]) em.createNativeQuery("select basis.assumedRoles() as roles", String[].class).getSingleResult(); + return (String[]) em.createNativeQuery("select base.assumedRoles() as roles", String[].class).getSingleResult(); } public UUID[] fetchCurrentSubjectOrAssumedRolesUuids() { diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/InsertTriggerGenerator.java b/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/InsertTriggerGenerator.java index f57248e1..4c58194a 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/InsertTriggerGenerator.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/InsertTriggerGenerator.java @@ -67,7 +67,7 @@ public class InsertTriggerGenerator { declare row ${rawSuperTable}; begin - call basis.defineContext('create INSERT INTO ${rawSubTable} permissions for pre-exising ${rawSuperTable} rows'); + call base.defineContext('create INSERT INTO ${rawSubTable} permissions for pre-exising ${rawSuperTable} rows'); FOR row IN SELECT * FROM ${rawSuperTable} ${whenCondition} diff --git a/src/main/resources/db/changelog/0-basis/000-basis-schema.sql b/src/main/resources/db/changelog/0-base/000-base-schema.sql similarity index 74% rename from src/main/resources/db/changelog/0-basis/000-basis-schema.sql rename to src/main/resources/db/changelog/0-base/000-base-schema.sql index a20d690f..0f66f74c 100644 --- a/src/main/resources/db/changelog/0-basis/000-basis-schema.sql +++ b/src/main/resources/db/changelog/0-base/000-base-schema.sql @@ -2,7 +2,7 @@ -- ============================================================================ ---changeset basis-SCHEMA:1 endDelimiter:--// +--changeset base-SCHEMA:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -CREATE SCHEMA basis; +CREATE SCHEMA base; --// diff --git a/src/main/resources/db/changelog/0-basis/001-last-row-count.sql b/src/main/resources/db/changelog/0-base/001-last-row-count.sql similarity index 92% rename from src/main/resources/db/changelog/0-basis/001-last-row-count.sql rename to src/main/resources/db/changelog/0-base/001-last-row-count.sql index b545009c..4079ca65 100644 --- a/src/main/resources/db/changelog/0-basis/001-last-row-count.sql +++ b/src/main/resources/db/changelog/0-base/001-last-row-count.sql @@ -8,7 +8,7 @@ Returns the row count from the result of the previous query. Other than the native statement it's usable in an expression. */ -create or replace function basis.lastRowCount() +create or replace function base.lastRowCount() returns bigint language plpgsql as $$ declare diff --git a/src/main/resources/db/changelog/0-basis/002-int-to-var.sql b/src/main/resources/db/changelog/0-base/002-int-to-var.sql similarity index 72% rename from src/main/resources/db/changelog/0-basis/002-int-to-var.sql rename to src/main/resources/db/changelog/0-base/002-int-to-var.sql index 245f767f..55d6ea15 100644 --- a/src/main/resources/db/changelog/0-basis/002-int-to-var.sql +++ b/src/main/resources/db/changelog/0-base/002-int-to-var.sql @@ -8,10 +8,10 @@ Returns a textual representation of an integer number to be used as generated test data. Examples : - basis.intToVarChar(0, 3) => 'aaa' - basis.intToVarChar(1, 3) => 'aab' + base.intToVarChar(0, 3) => 'aaa' + base.intToVarChar(1, 3) => 'aab' */ -create or replace function basis.intToVarChar(i integer, len integer) +create or replace function base.intToVarChar(i integer, len integer) returns varchar language plpgsql as $$ declare @@ -19,7 +19,7 @@ declare begin select chr(ascii('a') + i % 26) into partial; if len > 1 then - return basis.intToVarChar(i / 26, len - 1) || partial; + return base.intToVarChar(i / 26, len - 1) || partial; else return partial; end if; diff --git a/src/main/resources/db/changelog/0-basis/003-random-in-range.sql b/src/main/resources/db/changelog/0-base/003-random-in-range.sql similarity index 79% rename from src/main/resources/db/changelog/0-basis/003-random-in-range.sql rename to src/main/resources/db/changelog/0-base/003-random-in-range.sql index bff3b2c2..c697a945 100644 --- a/src/main/resources/db/changelog/0-basis/003-random-in-range.sql +++ b/src/main/resources/db/changelog/0-base/003-random-in-range.sql @@ -10,9 +10,9 @@ to be used for test data generation. Example: - basis.randomInRange(0, 4) might return any of 0, 1, 2, 3, 4 + base.randomInRange(0, 4) might return any of 0, 1, 2, 3, 4 */ -create or replace function basis.randomInRange(min integer, max integer) +create or replace function base.randomInRange(min integer, max integer) returns integer returns null on null input language 'plpgsql' as $$ diff --git a/src/main/resources/db/changelog/0-basis/004-jsonb-changes-delta.sql b/src/main/resources/db/changelog/0-base/004-jsonb-changes-delta.sql similarity index 86% rename from src/main/resources/db/changelog/0-basis/004-jsonb-changes-delta.sql rename to src/main/resources/db/changelog/0-base/004-jsonb-changes-delta.sql index 61cfd6e3..35e399bc 100644 --- a/src/main/resources/db/changelog/0-basis/004-jsonb-changes-delta.sql +++ b/src/main/resources/db/changelog/0-base/004-jsonb-changes-delta.sql @@ -9,7 +9,7 @@ This is a kind of right sided json diff. */ -create or replace function basis.jsonb_changes_delta(oldJson jsonb, newJson jsonb) +create or replace function base.jsonb_changes_delta(oldJson jsonb, newJson jsonb) returns jsonb called on null input language plpgsql as $$ @@ -31,7 +31,7 @@ begin if jsonb_typeof(newJson -> (oldJsonElement.key)) = 'object' then diffJson = diffJson || jsonb_build_object(oldJsonElement.key, - basis.jsonb_changes_delta(oldJsonElement.value, newJson -> (oldJsonElement.key))); + base.jsonb_changes_delta(oldJsonElement.value, newJson -> (oldJsonElement.key))); end if; else diffJson = diffJson || jsonb_build_object(oldJsonElement.key, null); @@ -49,30 +49,30 @@ do language plpgsql $$ actual text; begin - select basis.jsonb_changes_delta(null::jsonb, null::jsonb) into actual; + select base.jsonb_changes_delta(null::jsonb, null::jsonb) into actual; if actual is not null then raise exception 'jsonb_diff #1 failed:% expected: %,% actually: %', E'\n', expected, E'\n', actual; end if; - select basis.jsonb_changes_delta(null::jsonb, '{"a": "new"}'::jsonb) into actual; + select base.jsonb_changes_delta(null::jsonb, '{"a": "new"}'::jsonb) into actual; expected := '{"a": "new"}'::jsonb; if actual <> expected then raise exception 'jsonb_diff #2 failed:% expected: %,% actual: %', E'\n', expected, E'\n', actual; end if; - select basis.jsonb_changes_delta('{"a": "old"}'::jsonb, '{"a": "new"}'::jsonb) into actual; + select base.jsonb_changes_delta('{"a": "old"}'::jsonb, '{"a": "new"}'::jsonb) into actual; expected := '{"a": "new"}'::jsonb; if actual <> expected then raise exception 'jsonb_diff #3 failed:% expected: %,% actual: %', E'\n', expected, E'\n', actual; end if; - select basis.jsonb_changes_delta('{"a": "old"}'::jsonb, '{"a": "old"}'::jsonb) into actual; + select base.jsonb_changes_delta('{"a": "old"}'::jsonb, '{"a": "old"}'::jsonb) into actual; expected := '{}'::jsonb; if actual <> expected then raise exception 'jsonb_diff #4 failed:% expected: %,% actual: %', E'\n', expected, E'\n', actual; end if; - select basis.jsonb_changes_delta( + select base.jsonb_changes_delta( $json${ "a": "same", "b": "old", diff --git a/src/main/resources/db/changelog/0-basis/005-uuid-ossp-extension.sql b/src/main/resources/db/changelog/0-base/005-uuid-ossp-extension.sql similarity index 100% rename from src/main/resources/db/changelog/0-basis/005-uuid-ossp-extension.sql rename to src/main/resources/db/changelog/0-base/005-uuid-ossp-extension.sql diff --git a/src/main/resources/db/changelog/0-basis/006-numeric-hash-functions.sql b/src/main/resources/db/changelog/0-base/006-numeric-hash-functions.sql similarity index 85% rename from src/main/resources/db/changelog/0-basis/006-numeric-hash-functions.sql rename to src/main/resources/db/changelog/0-base/006-numeric-hash-functions.sql index a2d83d23..624f815d 100644 --- a/src/main/resources/db/changelog/0-basis/006-numeric-hash-functions.sql +++ b/src/main/resources/db/changelog/0-base/006-numeric-hash-functions.sql @@ -6,7 +6,7 @@ --changeset numeric-hash-functions:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -create function basis.bigIntHash(text) returns bigint as $$ +create function base.bigIntHash(text) returns bigint as $$ select ('x'||substr(md5($1),1,16))::bit(64)::bigint; $$ language sql; --// diff --git a/src/main/resources/db/changelog/0-basis/007-table-columns.sql b/src/main/resources/db/changelog/0-base/007-table-columns.sql similarity index 89% rename from src/main/resources/db/changelog/0-basis/007-table-columns.sql rename to src/main/resources/db/changelog/0-base/007-table-columns.sql index d345b9f7..0bcf09e7 100644 --- a/src/main/resources/db/changelog/0-basis/007-table-columns.sql +++ b/src/main/resources/db/changelog/0-base/007-table-columns.sql @@ -6,7 +6,7 @@ --changeset table-columns-function:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -create or replace function basis.tableColumnNames( tableName text ) +create or replace function base.tableColumnNames( tableName text ) returns text stable language 'plpgsql' as $$ diff --git a/src/main/resources/db/changelog/0-basis/008-raise-functions.sql b/src/main/resources/db/changelog/0-base/008-raise-functions.sql similarity index 86% rename from src/main/resources/db/changelog/0-basis/008-raise-functions.sql rename to src/main/resources/db/changelog/0-base/008-raise-functions.sql index ddf3cbfb..1c6fc3a8 100644 --- a/src/main/resources/db/changelog/0-basis/008-raise-functions.sql +++ b/src/main/resources/db/changelog/0-base/008-raise-functions.sql @@ -6,7 +6,7 @@ /* Like `RAISE EXCEPTION` ... just as an expression instead of a statement. */ -create or replace function basis.raiseException(msg text) +create or replace function base.raiseException(msg text) returns varchar language plpgsql as $$ begin @@ -21,7 +21,7 @@ end; $$; /* Like `ASSERT` but as an expression instead of a statement. */ -create or replace function basis.assertTrue(expectedTrue boolean, msg text) +create or replace function base.assertTrue(expectedTrue boolean, msg text) returns boolean language plpgsql as $$ begin diff --git a/src/main/resources/db/changelog/0-basis/009-check-environment.sql b/src/main/resources/db/changelog/0-base/009-check-environment.sql similarity index 100% rename from src/main/resources/db/changelog/0-basis/009-check-environment.sql rename to src/main/resources/db/changelog/0-base/009-check-environment.sql diff --git a/src/main/resources/db/changelog/0-basis/010-context.sql b/src/main/resources/db/changelog/0-base/010-context.sql similarity index 89% rename from src/main/resources/db/changelog/0-basis/010-context.sql rename to src/main/resources/db/changelog/0-base/010-context.sql index d6e14ee6..dcd59a31 100644 --- a/src/main/resources/db/changelog/0-basis/010-context.sql +++ b/src/main/resources/db/changelog/0-base/010-context.sql @@ -9,7 +9,7 @@ Callback which is called after the context has been (re-) defined. This function will be overwritten by later changesets. */ -create procedure basis.contextDefined( +create procedure base.contextDefined( currentTask varchar(127), currentRequest text, currentSubject varchar(63), @@ -22,7 +22,7 @@ end; $$; /* Defines the transaction context. */ -create or replace procedure basis.defineContext( +create or replace procedure base.defineContext( currentTask varchar(127), currentRequest text = null, currentSubject varchar(63) = null, @@ -46,7 +46,7 @@ begin assert length(assumedRoles) <= 1023, FORMAT('assumedRoles must not be longer than 1023 characters: "%s"', assumedRoles); execute format('set local hsadminng.assumedRoles to %L', assumedRoles); - call basis.contextDefined(currentTask, currentRequest, currentSubject, assumedRoles); + call base.contextDefined(currentTask, currentRequest, currentSubject, assumedRoles); end; $$; --// @@ -58,7 +58,7 @@ end; $$; Returns the current task as set by `hsadminng.currentTask`. Raises exception if not set. */ -create or replace function basis.currentTask() +create or replace function base.currentTask() returns varchar(127) stable -- leakproof language plpgsql as $$ @@ -72,7 +72,7 @@ begin currentTask := null; end; if (currentTask is null or currentTask = '') then - raise exception '[401] currentTask must be defined, please call `basis.defineContext(...)`'; + raise exception '[401] currentTask must be defined, please call `base.defineContext(...)`'; end if; return currentTask; end; $$; @@ -83,10 +83,10 @@ end; $$; --changeset context-CURRENT-REQUEST:1 endDelimiter:--// -- ---------------------------------------------------------------------------- /* - Returns the current http request as set via `basis.defineContext(...)`. + Returns the current http request as set via `base.defineContext(...)`. Raises exception if not set. */ -create or replace function basis.currentRequest() +create or replace function base.currentRequest() returns text stable -- leakproof language plpgsql as $$ @@ -108,9 +108,9 @@ end; $$; --changeset context-current-subject:1 endDelimiter:--// -- ---------------------------------------------------------------------------- /* - Returns the current user as defined by `basis.defineContext(...)`. + Returns the current user as defined by `base.defineContext(...)`. */ -create or replace function basis.currentSubject() -- FIXME: move to schema rbac? +create or replace function base.currentSubject() -- FIXME: move to schema rbac? returns varchar(63) stable -- leakproof language plpgsql as $$ @@ -134,7 +134,7 @@ end; $$; Returns assumed role names as set in `hsadminng.assumedRoles` or empty array, if not set. */ -create or replace function basis.assumedRoles() +create or replace function base.assumedRoles() returns varchar(1023)[] stable -- leakproof language plpgsql as $$ @@ -213,11 +213,11 @@ create or replace function currentSubjects() declare assumedRoles varchar(1023)[]; begin - assumedRoles := basis.assumedRoles(); + assumedRoles := base.assumedRoles(); if array_length(assumedRoles, 1) > 0 then return assumedRoles; else - return array [basis.currentSubject()]::varchar(1023)[]; + return array [base.currentSubject()]::varchar(1023)[]; end if; end; $$; @@ -226,7 +226,7 @@ create or replace function hasAssumedRole() stable -- leakproof language plpgsql as $$ begin - return array_length(basis.assumedRoles(), 1) > 0; + return array_length(base.assumedRoles(), 1) > 0; end; $$; --// diff --git a/src/main/resources/db/changelog/0-basis/020-audit-log.sql b/src/main/resources/db/changelog/0-base/020-audit-log.sql similarity index 78% rename from src/main/resources/db/changelog/0-basis/020-audit-log.sql rename to src/main/resources/db/changelog/0-base/020-audit-log.sql index 7ac3f790..b9ae83ec 100644 --- a/src/main/resources/db/changelog/0-basis/020-audit-log.sql +++ b/src/main/resources/db/changelog/0-base/020-audit-log.sql @@ -21,7 +21,7 @@ do $$ /* A table storing transactions with context data. */ -create table basis.tx_context +create table base.tx_context ( txId xid8 primary key not null, txTimestamp timestamp not null, @@ -31,7 +31,7 @@ create table basis.tx_context currentRequest text not null ); -create index on basis.tx_context using brin (txTimestamp); +create index on base.tx_context using brin (txTimestamp); --// -- ============================================================================ @@ -40,28 +40,28 @@ create index on basis.tx_context using brin (txTimestamp); /* A table storing the transaction audit journal for all target tables it's configured for. */ -create table basis.tx_journal +create table base.tx_journal ( - txId xid8 not null references basis.tx_context (txId), + txId xid8 not null references base.tx_context (txId), targetTable text not null, targetUuid uuid not null, -- Assumes that all audited tables have a uuid column. targetOp operation not null, targetDelta jsonb ); -create index on basis.tx_journal (targetTable, targetUuid); +create index on base.tx_journal (targetTable, targetUuid); --// -- ============================================================================ --changeset audit-TX-JOURNAL-VIEW:1 endDelimiter:--// -- ---------------------------------------------------------------------------- /* - A view combining basis.tx_journal with basis.tx_context. + A view combining base.tx_journal with base.tx_context. */ -create view basis.tx_journal_v as +create view base.tx_journal_v as select txc.*, txj.targettable, txj.targetop, txj.targetuuid, txj.targetdelta - from basis.tx_journal txj - left join basis.tx_context txc using (txId) + from base.tx_journal txj + left join base.tx_context txc using (txId) order by txc.txtimestamp; --// @@ -71,35 +71,35 @@ select txc.*, txj.targettable, txj.targetop, txj.targetuuid, txj.targetdelta /* Trigger function for transaction audit journal. */ -create or replace function basis.tx_journal_trigger() +create or replace function base.tx_journal_trigger() returns trigger language plpgsql as $$ declare curTask text; curTxId xid8; begin - curTask := basis.currentTask(); + curTask := base.currentTask(); curTxId := pg_current_xact_id(); insert - into basis.tx_context (txId, txTimestamp, currentSubject, assumedRoles, currentTask, currentRequest) + into base.tx_context (txId, txTimestamp, currentSubject, assumedRoles, currentTask, currentRequest) values ( curTxId, now(), - basis.currentSubject(), basis.assumedRoles(), curTask, basis.currentRequest()) + base.currentSubject(), base.assumedRoles(), curTask, base.currentRequest()) on conflict do nothing; case tg_op when 'INSERT' then insert - into basis.tx_journal + into base.tx_journal values (curTxId, tg_table_name, new.uuid, tg_op::operation, to_jsonb(new)); when 'UPDATE' then insert - into basis.tx_journal + into base.tx_journal values (curTxId, tg_table_name, old.uuid, tg_op::operation, - basis.jsonb_changes_delta(to_jsonb(old), to_jsonb(new))); + base.jsonb_changes_delta(to_jsonb(old), to_jsonb(new))); when 'DELETE' then insert - into basis.tx_journal + into base.tx_journal values (curTxId, tg_table_name, old.uuid, 'DELETE'::operation, null::jsonb); @@ -116,7 +116,7 @@ end; $$; Trigger function for transaction audit journal. */ -create or replace procedure basis.create_journal(targetTable varchar) +create or replace procedure base.create_journal(targetTable varchar) language plpgsql as $$ declare createTriggerSQL varchar; @@ -126,7 +126,7 @@ begin -- "-0-" to put the trigger execution before any alphabetically greater tx-triggers createTriggerSQL = 'CREATE TRIGGER tx_0_journal_tg' || ' AFTER INSERT OR UPDATE OR DELETE ON ' || targetTable || - ' FOR EACH ROW EXECUTE PROCEDURE basis.tx_journal_trigger()'; + ' FOR EACH ROW EXECUTE PROCEDURE base.tx_journal_trigger()'; execute createTriggerSQL; end; $$; --// diff --git a/src/main/resources/db/changelog/0-basis/030-historization.sql b/src/main/resources/db/changelog/0-base/030-historization.sql similarity index 87% rename from src/main/resources/db/changelog/0-basis/030-historization.sql rename to src/main/resources/db/changelog/0-base/030-historization.sql index cc200acc..756814b0 100644 --- a/src/main/resources/db/changelog/0-basis/030-historization.sql +++ b/src/main/resources/db/changelog/0-base/030-historization.sql @@ -3,7 +3,7 @@ -- ============================================================================ --changeset hs-global-historization-tx-history-txid:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -create or replace function basis.tx_history_txid() +create or replace function base.tx_history_txid() returns xid8 stable language plpgsql as $$ declare @@ -23,11 +23,11 @@ begin historicalTxIdSetting, historicalTimestampSetting; end if; -- just for debugging / making sure the function is only called once per query - -- raise notice 'basis.tx_history_txid() called with: (%, %)', historicalTxIdSetting, historicalTimestampSetting; + -- raise notice 'base.tx_history_txid() called with: (%, %)', historicalTxIdSetting, historicalTimestampSetting; if historicalTxIdSetting is null or historicalTxIdSetting = '' then select historicalTimestampSetting::timestamp into historicalTimestamp; - select max(txc.txid) from basis.tx_context txc where txc.txtimestamp <= historicalTimestamp into historicalTxId; + select max(txc.txid) from base.tx_context txc where txc.txtimestamp <= historicalTimestamp into historicalTxId; else historicalTxId = historicalTxIdSetting::xid8; end if; @@ -40,7 +40,7 @@ end; $$; --changeset hs-global-historization-tx-historicize-tf:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -create type basis.tx_operation as enum ('INSERT', 'UPDATE', 'DELETE', 'TRUNCATE'); +create type base.tx_operation as enum ('INSERT', 'UPDATE', 'DELETE', 'TRUNCATE'); create or replace function tx_historicize_tf() returns trigger @@ -95,7 +95,7 @@ end; $$; -- ---------------------------------------------------------------------------- -create or replace procedure basis.tx_create_historicization(baseTable varchar) +create or replace procedure base.tx_create_historicization(baseTable varchar) language plpgsql as $$ declare createHistTableSql varchar; @@ -110,8 +110,8 @@ begin createHistTableSql = '' || 'CREATE TABLE ' || baseTable || '_ex (' || ' version_id serial PRIMARY KEY,' || - ' txid xid8 NOT NULL REFERENCES basis.tx_context(txid),' || - ' trigger_op basis.tx_operation NOT NULL,' || + ' txid xid8 NOT NULL REFERENCES base.tx_context(txid),' || + ' trigger_op base.tx_operation NOT NULL,' || ' alive boolean not null,' || ' LIKE ' || baseTable || ' EXCLUDING CONSTRAINTS' || @@ -131,8 +131,8 @@ begin createViewSQL = format( 'CREATE OR REPLACE VIEW %1$s AS' || '(' || - -- make sure the function is only called once, not for every matching row in basis.tx_context - ' WITH txh AS (SELECT basis.tx_history_txid() AS txid) ' || + -- make sure the function is only called once, not for every matching row in base.tx_context + ' WITH txh AS (SELECT base.tx_history_txid() AS txid) ' || ' SELECT %2$s' || ' FROM %3$s' || ' WHERE alive = TRUE' || @@ -140,7 +140,7 @@ begin ' (' || ' SELECT max(ex.version_id) AS history_id' || ' FROM %3$s AS ex' || - ' JOIN basis.tx_context as txc ON ex.txid = txc.txid' || + ' JOIN base.tx_context as txc ON ex.txid = txc.txid' || ' WHERE txc.txid <= (SELECT txid FROM txh)' || ' GROUP BY uuid' || ' )' || diff --git a/src/main/resources/db/changelog/0-basis/090-log-slow-queries-extensions.sql b/src/main/resources/db/changelog/0-base/090-log-slow-queries-extensions.sql similarity index 100% rename from src/main/resources/db/changelog/0-basis/090-log-slow-queries-extensions.sql rename to src/main/resources/db/changelog/0-base/090-log-slow-queries-extensions.sql diff --git a/src/main/resources/db/changelog/1-rbac/1050-rbac-base.sql b/src/main/resources/db/changelog/1-rbac/1050-rbac-base.sql index de1b5112..232ceb0d 100644 --- a/src/main/resources/db/changelog/1-rbac/1050-rbac-base.sql +++ b/src/main/resources/db/changelog/1-rbac/1050-rbac-base.sql @@ -44,7 +44,7 @@ create table rbac.subject name varchar(63) not null unique ); -call basis.create_journal('rbac.subject'); +call base.create_journal('rbac.subject'); create or replace function rbac.create_subject(subjectName varchar) returns uuid @@ -102,7 +102,7 @@ create table rbac.object unique (objectTable, uuid) ); -call basis.create_journal('rbac.object'); +call base.create_journal('rbac.object'); --// @@ -174,7 +174,7 @@ create table RbacRole unique (objectUuid, roleType) ); -call basis.create_journal('RbacRole'); +call base.create_journal('RbacRole'); create type RbacRoleDescriptor as ( @@ -379,7 +379,7 @@ create index on RbacPermission (opTableName, op); ALTER TABLE RbacPermission ADD CONSTRAINT RbacPermission_uc UNIQUE NULLS NOT DISTINCT (objectUuid, op, opTableName); -call basis.create_journal('RbacPermission'); +call base.create_journal('RbacPermission'); create or replace function createPermission(forObjectUuid uuid, forOp RbacOp, forOpTableName text = null) returns uuid @@ -497,7 +497,7 @@ create table RbacGrants create index on RbacGrants (ascendantUuid); create index on RbacGrants (descendantUuid); -call basis.create_journal('RbacGrants'); +call base.create_journal('RbacGrants'); create or replace function findGrantees(grantedId uuid) returns setof rbac.reference returns null on null input @@ -741,7 +741,7 @@ begin AND obj.objectTable = forObjectTable LIMIT maxObjects+1; - foundRows = basis.lastRowCount(); + foundRows = base.lastRowCount(); if foundRows > maxObjects then raise exception '[400] Too many accessible objects, limit is %, found %.', maxObjects, foundRows using diff --git a/src/main/resources/db/changelog/1-rbac/1051-rbac-subject-grant.sql b/src/main/resources/db/changelog/1-rbac/1051-rbac-subject-grant.sql index 52ab4f21..b0b56c49 100644 --- a/src/main/resources/db/changelog/1-rbac/1051-rbac-subject-grant.sql +++ b/src/main/resources/db/changelog/1-rbac/1051-rbac-subject-grant.sql @@ -12,8 +12,8 @@ declare currentSubjectOrAssumedRolesUuids uuid[]; begin -- exactly one role must be assumed, not none not more than one - if cardinality(basis.assumedRoles()) <> 1 then - raise exception '[400] Granting roles to user is only possible if exactly one role is assumed, given: %', basis.assumedRoles(); + if cardinality(base.assumedRoles()) <> 1 then + raise exception '[400] Granting roles to user is only possible if exactly one role is assumed, given: %', base.assumedRoles(); end if; currentSubjectOrAssumedRolesUuids := rbac.currentSubjectOrAssumedRolesUuids(); diff --git a/src/main/resources/db/changelog/1-rbac/1054-rbac-context.sql b/src/main/resources/db/changelog/1-rbac/1054-rbac-context.sql index 8e870636..10db7e0f 100644 --- a/src/main/resources/db/changelog/1-rbac/1054-rbac-context.sql +++ b/src/main/resources/db/changelog/1-rbac/1054-rbac-context.sql @@ -18,7 +18,7 @@ begin select uuid from rbac.subject where name = currentSubject into currentSubjectUuid; if currentSubjectUuid is null then - raise exception '[401] subject % given in `basis.defineContext(...)` does not exist', currentSubject; + raise exception '[401] subject % given in `base.defineContext(...)` does not exist', currentSubject; end if; return currentSubjectUuid; end; $$; @@ -66,10 +66,10 @@ begin and r.roleType = roleTypeToAssume into roleUuidToAssume; if roleUuidToAssume is null then - raise exception '[403] role % does not exist or is not accessible for subject %', roleName, basis.currentSubject(); + raise exception '[403] role % does not exist or is not accessible for subject %', roleName, base.currentSubject(); end if; if not isGranted(currentSubjectOrAssumedRolesUuids, roleUuidToAssume) then - raise exception '[403] subject % has no permission to assume role %', basis.currentSubject(), roleName; + raise exception '[403] subject % has no permission to assume role %', base.currentSubject(), roleName; end if; roleIdsToAssume := roleIdsToAssume || roleUuidToAssume; end loop; @@ -84,7 +84,7 @@ end; $$; Callback which is called after the context has been (re-) defined. This function will be overwritten by later changesets. */ -create or replace procedure basis.contextDefined( +create or replace procedure base.contextDefined( currentTask varchar(127), currentRequest text, currentSubject varchar(63), @@ -114,7 +114,7 @@ end; $$; --changeset rbac-context-current-subject-ID:1 endDelimiter:--// -- ---------------------------------------------------------------------------- /* - Returns the uuid of the current subject as set via `basis.defineContext(...)`. + Returns the uuid of the current subject as set via `base.defineContext(...)`. */ create or replace function rbac.currentSubjectUuid() @@ -132,11 +132,11 @@ begin currentSubjectUuid := null; end; if (currentSubjectUuid is null or currentSubjectUuid = '') then - currentSubjectName := basis.currentSubject(); + currentSubjectName := base.currentSubject(); if (length(currentSubjectName) > 0) then raise exception '[401] currentSubjectUuid cannot be determined, unknown subject name "%"', currentSubjectName; else - raise exception '[401] currentSubjectUuid cannot be determined, please call `basis.defineContext(...)` first;"'; + raise exception '[401] currentSubjectUuid cannot be determined, please call `base.defineContext(...)` first;"'; end if; end if; return currentSubjectUuid::uuid; @@ -147,8 +147,8 @@ end; $$; --changeset rbac-context-CURRENT-SUBJECT-UUIDS:1 endDelimiter:--// -- ---------------------------------------------------------------------------- /* - Returns the uuid of the current subject as set via `basis.defineContext(...)`, - or, if any, the uuids of all assumed roles as set via `basis.defineContext(...)` + Returns the uuid of the current subject as set via `base.defineContext(...)`, + or, if any, the uuids of all assumed roles as set via `base.defineContext(...)` or empty array, if context is not defined. */ create or replace function rbac.currentSubjectOrAssumedRolesUuids() @@ -166,11 +166,11 @@ begin currentSubjectOrAssumedRolesUuids := null; end; if (currentSubjectOrAssumedRolesUuids is null or length(currentSubjectOrAssumedRolesUuids) = 0 ) then - currentSubjectName := basis.currentSubject(); + currentSubjectName := base.currentSubject(); if (length(currentSubjectName) > 0) then raise exception '[401] currentSubjectOrAssumedRolesUuids (%) cannot be determined, unknown subject name "%"', currentSubjectOrAssumedRolesUuids, currentSubjectName; else - raise exception '[401] currentSubjectOrAssumedRolesUuids cannot be determined, please call `basis.defineContext(...)` with a valid subject;"'; + raise exception '[401] currentSubjectOrAssumedRolesUuids cannot be determined, please call `base.defineContext(...)` with a valid subject;"'; end if; end if; return string_to_array(currentSubjectOrAssumedRolesUuids, ';'); diff --git a/src/main/resources/db/changelog/1-rbac/1055-rbac-views.sql b/src/main/resources/db/changelog/1-rbac/1055-rbac-views.sql index 974bf7e8..51d6c9e7 100644 --- a/src/main/resources/db/changelog/1-rbac/1055-rbac-views.sql +++ b/src/main/resources/db/changelog/1-rbac/1055-rbac-views.sql @@ -241,7 +241,7 @@ create or replace view rbac.subject_rv as union select users.* from rbac.subject as users - where cardinality(basis.assumedRoles()) = 0 and + where cardinality(base.assumedRoles()) = 0 and (rbac.currentSubjectUuid() = users.uuid or hasGlobalRoleGranted(rbac.currentSubjectUuid())) ) as unordered @@ -303,7 +303,7 @@ begin delete from rbac.subject where uuid = old.uuid; return old; end if; - raise exception '[403] User % not allowed to delete user uuid %', basis.currentSubject(), old.uuid; + raise exception '[403] User % not allowed to delete user uuid %', base.currentSubject(), old.uuid; end; $$; /* @@ -354,7 +354,7 @@ begin currentSubjectUuid := rbac.currentSubjectUuid(); if hasGlobalRoleGranted(targetSubjectUuid) and not hasGlobalRoleGranted(currentSubjectUuid) then - raise exception '[403] permissions of user "%" are not accessible to user "%"', targetSubjectUuid, basis.currentSubject(); + raise exception '[403] permissions of user "%" are not accessible to user "%"', targetSubjectUuid, base.currentSubject(); end if; return query select diff --git a/src/main/resources/db/changelog/1-rbac/1058-rbac-generators.sql b/src/main/resources/db/changelog/1-rbac/1058-rbac-generators.sql index 6062539f..a8fdfe1e 100644 --- a/src/main/resources/db/changelog/1-rbac/1058-rbac-generators.sql +++ b/src/main/resources/db/changelog/1-rbac/1058-rbac-generators.sql @@ -168,7 +168,7 @@ declare begin targetTable := lower(targetTable); if columnNames = '*' then - columnNames := basis.tableColumnNames(targetTable); + columnNames := base.tableColumnNames(targetTable); end if; /* @@ -190,14 +190,14 @@ begin select distinct g.descendantuuid, g.ascendantuuid, grants.level + 1 as level, - basis.assertTrue(grants.level < 22, 'too many grant-levels: ' || grants.level) + base.assertTrue(grants.level < 22, 'too many grant-levels: ' || grants.level) from rbacgrants g join recursive_grants grants on grants.descendantuuid = g.ascendantuuid where g.assumed), grant_count AS ( SELECT COUNT(*) AS grant_count FROM recursive_grants ), - count_check as (select basis.assertTrue((select count(*) as grant_count from recursive_grants) < 400000, + count_check as (select base.assertTrue((select count(*) as grant_count from recursive_grants) < 400000, 'too many grants for current subjects: ' || (select count(*) as grant_count from recursive_grants)) as valid) select distinct perm.objectuuid diff --git a/src/main/resources/db/changelog/1-rbac/1080-rbac-global.sql b/src/main/resources/db/changelog/1-rbac/1080-rbac-global.sql index e9f5a6d2..50fd2404 100644 --- a/src/main/resources/db/changelog/1-rbac/1080-rbac-global.sql +++ b/src/main/resources/db/changelog/1-rbac/1080-rbac-global.sql @@ -94,7 +94,7 @@ $$; A single row to be referenced as a rbac.Global object. */ begin transaction; -call basis.defineContext('initializing table "rbac.global"', null, null, null); +call base.defineContext('initializing table "rbac.global"', null, null, null); insert into rbac.object (objecttable) values ('rbac.global'); insert @@ -118,7 +118,7 @@ select 'rbac.global', (select uuid from rbac.object where objectTable = 'rbac.gl $$; begin transaction; - call basis.defineContext('creating role:rbac.global#global:ADMIN', null, null, null); + call base.defineContext('creating role:rbac.global#global:ADMIN', null, null, null); select createRole(globalAdmin()); commit; --// @@ -139,7 +139,7 @@ select 'rbac.global', (select uuid from rbac.object where objectTable = 'rbac.gl $$; begin transaction; - call basis.defineContext('creating role:rbac.global#global:guest', null, null, null); + call base.defineContext('creating role:rbac.global#global:guest', null, null, null); select createRole(globalGuest()); commit; --// @@ -155,7 +155,7 @@ do language plpgsql $$ declare admins uuid ; begin - call basis.defineContext('creating fake test-realm admin users', null, null, null); + call base.defineContext('creating fake test-realm admin users', null, null, null); admins = findRoleId(globalAdmin()); call rbac.grantRoleToUserUnchecked(admins, admins, rbac.create_subject('superuser-alex@hostsharing.net')); @@ -179,13 +179,13 @@ do language plpgsql $$ declare userName varchar; begin - call basis.defineContext('testing currentSubjectUuid', null, 'superuser-fran@hostsharing.net', null); + call base.defineContext('testing currentSubjectUuid', null, 'superuser-fran@hostsharing.net', null); select userName from rbac.subject where uuid = rbac.currentSubjectUuid() into userName; if userName <> 'superuser-fran@hostsharing.net' then raise exception 'setting or fetching initial currentSubject failed, got: %', userName; end if; - call basis.defineContext('testing currentSubjectUuid', null, 'superuser-alex@hostsharing.net', null); + call base.defineContext('testing currentSubjectUuid', null, 'superuser-alex@hostsharing.net', null); select userName from rbac.subject where uuid = rbac.currentSubjectUuid() into userName; if userName = 'superuser-alex@hostsharing.net' then raise exception 'currentSubject should not change in one transaction, but did change, got: %', userName; diff --git a/src/main/resources/db/changelog/2-test/201-test-customer/2013-test-customer-rbac.sql b/src/main/resources/db/changelog/2-test/201-test-customer/2013-test-customer-rbac.sql index 4bcd7ef8..df106732 100644 --- a/src/main/resources/db/changelog/2-test/201-test-customer/2013-test-customer-rbac.sql +++ b/src/main/resources/db/changelog/2-test/201-test-customer/2013-test-customer-rbac.sql @@ -89,7 +89,7 @@ do language plpgsql $$ declare row rbac.global%ROWTYPE; begin - call basis.defineContext('create INSERT INTO test_customer permissions for pre-exising rbac.global rows'); + call base.defineContext('create INSERT INTO test_customer permissions for pre-exising rbac.global rows'); FOR row IN SELECT * FROM rbac.global -- unconditional for all rows in that table diff --git a/src/main/resources/db/changelog/2-test/201-test-customer/2018-test-customer-test-data.sql b/src/main/resources/db/changelog/2-test/201-test-customer/2018-test-customer-test-data.sql index 70e0a993..e5a53dab 100644 --- a/src/main/resources/db/changelog/2-test/201-test-customer/2018-test-customer-test-data.sql +++ b/src/main/resources/db/changelog/2-test/201-test-customer/2018-test-customer-test-data.sql @@ -59,7 +59,7 @@ create or replace procedure createTestCustomerTestData( begin for t in startCount..endCount loop - call createTestCustomerTestData(testCustomerReference(t), basis.intToVarChar(t, 3)); + call createTestCustomerTestData(testCustomerReference(t), base.intToVarChar(t, 3)); commit; end loop; end; $$; @@ -72,7 +72,7 @@ end; $$; do language plpgsql $$ begin - call basis.defineContext('creating RBAC test customer', null, 'superuser-alex@hostsharing.net', 'rbac.global#global:ADMIN'); + call base.defineContext('creating RBAC test customer', null, 'superuser-alex@hostsharing.net', 'rbac.global#global:ADMIN'); call createTestCustomerTestData(99901, 'xxx'); call createTestCustomerTestData(99902, 'yyy'); diff --git a/src/main/resources/db/changelog/2-test/202-test-package/2023-test-package-rbac.sql b/src/main/resources/db/changelog/2-test/202-test-package/2023-test-package-rbac.sql index ef795245..6f421963 100644 --- a/src/main/resources/db/changelog/2-test/202-test-package/2023-test-package-rbac.sql +++ b/src/main/resources/db/changelog/2-test/202-test-package/2023-test-package-rbac.sql @@ -154,7 +154,7 @@ do language plpgsql $$ declare row test_customer; begin - call basis.defineContext('create INSERT INTO test_package permissions for pre-exising test_customer rows'); + call base.defineContext('create INSERT INTO test_package permissions for pre-exising test_customer rows'); FOR row IN SELECT * FROM test_customer -- unconditional for all rows in that table diff --git a/src/main/resources/db/changelog/2-test/202-test-package/2028-test-package-test-data.sql b/src/main/resources/db/changelog/2-test/202-test-package/2028-test-package-test-data.sql index 8a5283f3..1faf52a6 100644 --- a/src/main/resources/db/changelog/2-test/202-test-package/2028-test-package-test-data.sql +++ b/src/main/resources/db/changelog/2-test/202-test-package/2028-test-package-test-data.sql @@ -22,7 +22,7 @@ begin pacName = cust.prefix || to_char(t, 'fm00'); custAdminUser = 'customer-admin@' || cust.prefix || '.example.com'; custAdminRole = 'test_customer#' || cust.prefix || ':ADMIN'; - call basis.defineContext('creating RBAC test package', null, 'superuser-fran@hostsharing.net', custAdminRole); + call base.defineContext('creating RBAC test package', null, 'superuser-fran@hostsharing.net', custAdminRole); insert into test_package (customerUuid, name, description) diff --git a/src/main/resources/db/changelog/2-test/203-test-domain/2033-test-domain-rbac.sql b/src/main/resources/db/changelog/2-test/203-test-domain/2033-test-domain-rbac.sql index f14cefb2..98e76047 100644 --- a/src/main/resources/db/changelog/2-test/203-test-domain/2033-test-domain-rbac.sql +++ b/src/main/resources/db/changelog/2-test/203-test-domain/2033-test-domain-rbac.sql @@ -153,7 +153,7 @@ do language plpgsql $$ declare row test_package; begin - call basis.defineContext('create INSERT INTO test_domain permissions for pre-exising test_package rows'); + call base.defineContext('create INSERT INTO test_domain permissions for pre-exising test_package rows'); FOR row IN SELECT * FROM test_package -- unconditional for all rows in that table diff --git a/src/main/resources/db/changelog/2-test/203-test-domain/2038-test-domain-test-data.sql b/src/main/resources/db/changelog/2-test/203-test-domain/2038-test-domain-test-data.sql index f1a1cb79..814be277 100644 --- a/src/main/resources/db/changelog/2-test/203-test-domain/2038-test-domain-test-data.sql +++ b/src/main/resources/db/changelog/2-test/203-test-domain/2038-test-domain-test-data.sql @@ -21,11 +21,11 @@ begin for t in 0..(domainCount-1) loop pacAdmin = 'pac-admin-' || pac.name || '@' || pac.custPrefix || '.example.com'; - call basis.defineContext('creating RBAC test domain', null, pacAdmin, null); + call base.defineContext('creating RBAC test domain', null, pacAdmin, null); insert into test_domain (name, packageUuid) - values (pac.name || '-' || basis.intToVarChar(t, 4), pac.uuid); + values (pac.name || '-' || base.intToVarChar(t, 4), pac.uuid); end loop; end; $$; diff --git a/src/main/resources/db/changelog/5-hs-office/501-contact/5010-hs-office-contact.sql b/src/main/resources/db/changelog/5-hs-office/501-contact/5010-hs-office-contact.sql index d1694eb6..3103743d 100644 --- a/src/main/resources/db/changelog/5-hs-office/501-contact/5010-hs-office-contact.sql +++ b/src/main/resources/db/changelog/5-hs-office/501-contact/5010-hs-office-contact.sql @@ -20,5 +20,5 @@ create table if not exists hs_office_contact --changeset hs-office-contact-MAIN-TABLE-JOURNAL:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -call basis.create_journal('hs_office_contact'); +call base.create_journal('hs_office_contact'); --// diff --git a/src/main/resources/db/changelog/5-hs-office/501-contact/5016-hs-office-contact-migration.sql b/src/main/resources/db/changelog/5-hs-office/501-contact/5016-hs-office-contact-migration.sql index bc7921db..6f13a642 100644 --- a/src/main/resources/db/changelog/5-hs-office/501-contact/5016-hs-office-contact-migration.sql +++ b/src/main/resources/db/changelog/5-hs-office/501-contact/5016-hs-office-contact-migration.sql @@ -40,7 +40,7 @@ ALTER TABLE hs_office_contact_legacy_id --changeset hs-office-contact-MIGRATION-insert:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -CALL basis.defineContext('schema-migration'); +CALL base.defineContext('schema-migration'); INSERT INTO hs_office_contact_legacy_id(uuid, contact_id) SELECT uuid, nextVal('hs_office_contact_legacy_id_seq') FROM hs_office_contact; --/ diff --git a/src/main/resources/db/changelog/5-hs-office/501-contact/5018-hs-office-contact-test-data.sql b/src/main/resources/db/changelog/5-hs-office/501-contact/5018-hs-office-contact-test-data.sql index cb431d26..26b9df14 100644 --- a/src/main/resources/db/changelog/5-hs-office/501-contact/5018-hs-office-contact-test-data.sql +++ b/src/main/resources/db/changelog/5-hs-office/501-contact/5018-hs-office-contact-test-data.sql @@ -15,9 +15,9 @@ declare emailAddr varchar; begin emailAddr = 'contact-admin@' || cleanIdentifier(contCaption) || '.example.com'; - call basis.defineContext('creating contact test-data'); + call base.defineContext('creating contact test-data'); perform rbac.create_subject(emailAddr); - call basis.defineContext('creating contact test-data', null, emailAddr); + call base.defineContext('creating contact test-data', null, emailAddr); postalAddr := E'Vorname Nachname\nStraße Hnr\nPLZ Stadt'; @@ -44,7 +44,7 @@ create or replace procedure createHsOfficeContactTestData( begin for t in startCount..endCount loop - call createHsOfficeContactTestData(basis.intToVarChar(t, 4) || '#' || t); + call createHsOfficeContactTestData(base.intToVarChar(t, 4) || '#' || t); commit; end loop; end; $$; diff --git a/src/main/resources/db/changelog/5-hs-office/502-person/5020-hs-office-person.sql b/src/main/resources/db/changelog/5-hs-office/502-person/5020-hs-office-person.sql index f73696c0..d520d92b 100644 --- a/src/main/resources/db/changelog/5-hs-office/502-person/5020-hs-office-person.sql +++ b/src/main/resources/db/changelog/5-hs-office/502-person/5020-hs-office-person.sql @@ -31,5 +31,5 @@ create table if not exists hs_office_person --changeset hs-office-person-MAIN-TABLE-JOURNAL:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -call basis.create_journal('hs_office_person'); +call base.create_journal('hs_office_person'); --// diff --git a/src/main/resources/db/changelog/5-hs-office/502-person/5028-hs-office-person-test-data.sql b/src/main/resources/db/changelog/5-hs-office/502-person/5028-hs-office-person-test-data.sql index f04b2d5c..37832ae3 100644 --- a/src/main/resources/db/changelog/5-hs-office/502-person/5028-hs-office-person-test-data.sql +++ b/src/main/resources/db/changelog/5-hs-office/502-person/5028-hs-office-person-test-data.sql @@ -21,9 +21,9 @@ declare begin fullName := concat_ws(', ', newTradeName, newFamilyName, newGivenName); emailAddr = 'person-' || left(cleanIdentifier(fullName), 32) || '@example.com'; - call basis.defineContext('creating person test-data'); + call base.defineContext('creating person test-data'); perform rbac.create_subject(emailAddr); - call basis.defineContext('creating person test-data', null, emailAddr); + call base.defineContext('creating person test-data', null, emailAddr); raise notice 'creating test person: % by %', fullName, emailAddr; insert @@ -43,7 +43,7 @@ create or replace procedure createTestPersonTestData( begin for t in startCount..endCount loop - call createHsOfficePersonTestData('LP', basis.intToVarChar(t, 4)); + call createHsOfficePersonTestData('LP', base.intToVarChar(t, 4)); commit; end loop; end; $$; diff --git a/src/main/resources/db/changelog/5-hs-office/503-relation/5030-hs-office-relation.sql b/src/main/resources/db/changelog/5-hs-office/503-relation/5030-hs-office-relation.sql index ee02668d..8a466ba9 100644 --- a/src/main/resources/db/changelog/5-hs-office/503-relation/5030-hs-office-relation.sql +++ b/src/main/resources/db/changelog/5-hs-office/503-relation/5030-hs-office-relation.sql @@ -33,5 +33,5 @@ create table if not exists hs_office_relation --changeset hs-office-relation-MAIN-TABLE-JOURNAL:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -call basis.create_journal('hs_office_relation'); +call base.create_journal('hs_office_relation'); --// diff --git a/src/main/resources/db/changelog/5-hs-office/503-relation/5033-hs-office-relation-rbac.sql b/src/main/resources/db/changelog/5-hs-office/503-relation/5033-hs-office-relation-rbac.sql index 4bc8e89d..84e19105 100644 --- a/src/main/resources/db/changelog/5-hs-office/503-relation/5033-hs-office-relation-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/503-relation/5033-hs-office-relation-rbac.sql @@ -163,7 +163,7 @@ do language plpgsql $$ declare row hs_office_person; begin - call basis.defineContext('create INSERT INTO hs_office_relation permissions for pre-exising hs_office_person rows'); + call base.defineContext('create INSERT INTO hs_office_relation permissions for pre-exising hs_office_person rows'); FOR row IN SELECT * FROM hs_office_person -- unconditional for all rows in that table diff --git a/src/main/resources/db/changelog/5-hs-office/503-relation/5038-hs-office-relation-test-data.sql b/src/main/resources/db/changelog/5-hs-office/503-relation/5038-hs-office-relation-test-data.sql index 9f4ef1c1..59b01e08 100644 --- a/src/main/resources/db/changelog/5-hs-office/503-relation/5038-hs-office-relation-test-data.sql +++ b/src/main/resources/db/changelog/5-hs-office/503-relation/5038-hs-office-relation-test-data.sql @@ -69,8 +69,8 @@ declare begin for t in startCount..endCount loop - select p.* from hs_office_person p where tradeName = basis.intToVarChar(t, 4) into person; - select c.* from hs_office_contact c where c.caption = basis.intToVarChar(t, 4) || '#' || t into contact; + select p.* from hs_office_person p where tradeName = base.intToVarChar(t, 4) into person; + select c.* from hs_office_contact c where c.caption = base.intToVarChar(t, 4) || '#' || t into contact; call createHsOfficeRelationTestData(person.uuid, contact.uuid, 'REPRESENTATIVE'); commit; @@ -85,7 +85,7 @@ end; $$; do language plpgsql $$ begin - call basis.defineContext('creating relation test-data', null, 'superuser-alex@hostsharing.net', 'rbac.global#global:ADMIN'); + call base.defineContext('creating relation test-data', null, 'superuser-alex@hostsharing.net', 'rbac.global#global:ADMIN'); call createHsOfficeRelationTestData('First GmbH', 'PARTNER', 'Hostsharing eG', 'first contact'); call createHsOfficeRelationTestData('Firby', 'REPRESENTATIVE', 'First GmbH', 'first contact'); diff --git a/src/main/resources/db/changelog/5-hs-office/504-partner/5040-hs-office-partner.sql b/src/main/resources/db/changelog/5-hs-office/504-partner/5040-hs-office-partner.sql index 8dc99bf3..705d8ad9 100644 --- a/src/main/resources/db/changelog/5-hs-office/504-partner/5040-hs-office-partner.sql +++ b/src/main/resources/db/changelog/5-hs-office/504-partner/5040-hs-office-partner.sql @@ -23,7 +23,7 @@ create table hs_office_partner_details --changeset hs-office-partner-DETAILS-TABLE-JOURNAL:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -call basis.create_journal('hs_office_partner_details'); +call base.create_journal('hs_office_partner_details'); --// -- ============================================================================ @@ -83,5 +83,5 @@ create trigger hs_office_partner_delete_dependents_trigger --changeset hs-office-partner-MAIN-TABLE-JOURNAL:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -call basis.create_journal('hs_office_partner'); +call base.create_journal('hs_office_partner'); --// diff --git a/src/main/resources/db/changelog/5-hs-office/504-partner/5043-hs-office-partner-rbac.sql b/src/main/resources/db/changelog/5-hs-office/504-partner/5043-hs-office-partner-rbac.sql index 8428f536..f9e62eeb 100644 --- a/src/main/resources/db/changelog/5-hs-office/504-partner/5043-hs-office-partner-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/504-partner/5043-hs-office-partner-rbac.sql @@ -166,7 +166,7 @@ do language plpgsql $$ declare row rbac.global%ROWTYPE; begin - call basis.defineContext('create INSERT INTO hs_office_partner permissions for pre-exising rbac.Global rows'); + call base.defineContext('create INSERT INTO hs_office_partner permissions for pre-exising rbac.Global rows'); FOR row IN SELECT * FROM rbac.global -- unconditional for all rows in that table diff --git a/src/main/resources/db/changelog/5-hs-office/504-partner/5044-hs-office-partner-details-rbac.sql b/src/main/resources/db/changelog/5-hs-office/504-partner/5044-hs-office-partner-details-rbac.sql index a3e74102..9a3dfbe1 100644 --- a/src/main/resources/db/changelog/5-hs-office/504-partner/5044-hs-office-partner-details-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/504-partner/5044-hs-office-partner-details-rbac.sql @@ -70,7 +70,7 @@ do language plpgsql $$ declare row rbac.global; begin - call basis.defineContext('create INSERT INTO hs_office_partner_details permissions for pre-exising global rows'); + call base.defineContext('create INSERT INTO hs_office_partner_details permissions for pre-exising global rows'); FOR row IN SELECT * FROM rbac.global -- unconditional for all rows in that table diff --git a/src/main/resources/db/changelog/5-hs-office/504-partner/5046-hs-office-partner-migration.sql b/src/main/resources/db/changelog/5-hs-office/504-partner/5046-hs-office-partner-migration.sql index a07d4c72..fa35db16 100644 --- a/src/main/resources/db/changelog/5-hs-office/504-partner/5046-hs-office-partner-migration.sql +++ b/src/main/resources/db/changelog/5-hs-office/504-partner/5046-hs-office-partner-migration.sql @@ -39,7 +39,7 @@ ALTER TABLE hs_office_partner_legacy_id --changeset hs-office-partner-MIGRATION-insert:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -CALL basis.defineContext('schema-migration'); +CALL base.defineContext('schema-migration'); INSERT INTO hs_office_partner_legacy_id(uuid, bp_id) SELECT uuid, nextVal('hs_office_partner_legacy_id_seq') FROM hs_office_partner; --/ diff --git a/src/main/resources/db/changelog/5-hs-office/504-partner/5048-hs-office-partner-test-data.sql b/src/main/resources/db/changelog/5-hs-office/504-partner/5048-hs-office-partner-test-data.sql index acc3a899..a0361614 100644 --- a/src/main/resources/db/changelog/5-hs-office/504-partner/5048-hs-office-partner-test-data.sql +++ b/src/main/resources/db/changelog/5-hs-office/504-partner/5048-hs-office-partner-test-data.sql @@ -71,7 +71,7 @@ end; $$; do language plpgsql $$ begin - call basis.defineContext('creating partner test-data ', null, 'superuser-alex@hostsharing.net', 'rbac.global#global:ADMIN'); + call base.defineContext('creating partner test-data ', null, 'superuser-alex@hostsharing.net', 'rbac.global#global:ADMIN'); call createHsOfficePartnerTestData('Hostsharing eG', 10001, 'First GmbH', 'first contact'); call createHsOfficePartnerTestData('Hostsharing eG', 10002, 'Second e.K.', 'second contact'); diff --git a/src/main/resources/db/changelog/5-hs-office/505-bankaccount/5050-hs-office-bankaccount.sql b/src/main/resources/db/changelog/5-hs-office/505-bankaccount/5050-hs-office-bankaccount.sql index a1c577c6..578b3af5 100644 --- a/src/main/resources/db/changelog/5-hs-office/505-bankaccount/5050-hs-office-bankaccount.sql +++ b/src/main/resources/db/changelog/5-hs-office/505-bankaccount/5050-hs-office-bankaccount.sql @@ -18,5 +18,5 @@ create table hs_office_bankaccount --changeset hs-office-bankaccount-MAIN-TABLE-JOURNAL:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -call basis.create_journal('hs_office_bankaccount'); +call base.create_journal('hs_office_bankaccount'); --// diff --git a/src/main/resources/db/changelog/5-hs-office/505-bankaccount/5058-hs-office-bankaccount-test-data.sql b/src/main/resources/db/changelog/5-hs-office/505-bankaccount/5058-hs-office-bankaccount-test-data.sql index 20891c37..90523b43 100644 --- a/src/main/resources/db/changelog/5-hs-office/505-bankaccount/5058-hs-office-bankaccount-test-data.sql +++ b/src/main/resources/db/changelog/5-hs-office/505-bankaccount/5058-hs-office-bankaccount-test-data.sql @@ -15,7 +15,7 @@ declare begin emailAddr = 'bankaccount-admin@' || cleanIdentifier(givenHolder) || '.example.com'; perform rbac.create_subject(emailAddr); - call basis.defineContext('creating bankaccount test-data', null, emailAddr); + call base.defineContext('creating bankaccount test-data', null, emailAddr); raise notice 'creating test bankaccount: %', givenHolder; insert @@ -31,7 +31,7 @@ end; $$; do language plpgsql $$ begin - call basis.defineContext('creating bankaccount test-data'); + call base.defineContext('creating bankaccount test-data'); -- IBANs+BICs taken from https://ibanvalidieren.de/beispiele.html call createHsOfficeBankAccountTestData('First GmbH', 'DE02120300000000202051', 'BYLADEM1001'); diff --git a/src/main/resources/db/changelog/5-hs-office/506-debitor/5060-hs-office-debitor.sql b/src/main/resources/db/changelog/5-hs-office/506-debitor/5060-hs-office-debitor.sql index 6d680d49..d8b55040 100644 --- a/src/main/resources/db/changelog/5-hs-office/506-debitor/5060-hs-office-debitor.sql +++ b/src/main/resources/db/changelog/5-hs-office/506-debitor/5060-hs-office-debitor.sql @@ -61,5 +61,5 @@ execute procedure deleteHsOfficeDependentsOnDebitorDelete(); --changeset hs-office-debitor-MAIN-TABLE-JOURNAL:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -call basis.create_journal('hs_office_debitor'); +call base.create_journal('hs_office_debitor'); --// diff --git a/src/main/resources/db/changelog/5-hs-office/506-debitor/5063-hs-office-debitor-rbac.sql b/src/main/resources/db/changelog/5-hs-office/506-debitor/5063-hs-office-debitor-rbac.sql index 62d3ba8b..b0a392da 100644 --- a/src/main/resources/db/changelog/5-hs-office/506-debitor/5063-hs-office-debitor-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/506-debitor/5063-hs-office-debitor-rbac.sql @@ -139,7 +139,7 @@ do language plpgsql $$ declare row rbac.global%ROWTYPE; begin - call basis.defineContext('create INSERT INTO hs_office_debitor permissions for pre-exising rbac.Global rows'); + call base.defineContext('create INSERT INTO hs_office_debitor permissions for pre-exising rbac.Global rows'); FOR row IN SELECT * FROM rbac.global -- unconditional for all rows in that table diff --git a/src/main/resources/db/changelog/5-hs-office/506-debitor/5068-hs-office-debitor-test-data.sql b/src/main/resources/db/changelog/5-hs-office/506-debitor/5068-hs-office-debitor-test-data.sql index cb4ce02e..8986a34e 100644 --- a/src/main/resources/db/changelog/5-hs-office/506-debitor/5068-hs-office-debitor-test-data.sql +++ b/src/main/resources/db/changelog/5-hs-office/506-debitor/5068-hs-office-debitor-test-data.sql @@ -50,7 +50,7 @@ end; $$; do language plpgsql $$ begin - call basis.defineContext('creating debitor test-data', null, 'superuser-alex@hostsharing.net', 'rbac.global#global:ADMIN'); + call base.defineContext('creating debitor test-data', null, 'superuser-alex@hostsharing.net', 'rbac.global#global:ADMIN'); call createHsOfficeDebitorTestData(11, 'First GmbH', 'first contact', 'fir'); call createHsOfficeDebitorTestData(12, 'Second e.K.', 'second contact', 'sec'); diff --git a/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5070-hs-office-sepamandate.sql b/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5070-hs-office-sepamandate.sql index 35aad65a..98936f35 100644 --- a/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5070-hs-office-sepamandate.sql +++ b/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5070-hs-office-sepamandate.sql @@ -21,5 +21,5 @@ create table if not exists hs_office_sepamandate --changeset hs-office-sepamandate-MAIN-TABLE-JOURNAL:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -call basis.create_journal('hs_office_sepamandate'); +call base.create_journal('hs_office_sepamandate'); --// diff --git a/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5073-hs-office-sepamandate-rbac.sql b/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5073-hs-office-sepamandate-rbac.sql index bdb97bbc..40b6224e 100644 --- a/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5073-hs-office-sepamandate-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5073-hs-office-sepamandate-rbac.sql @@ -114,7 +114,7 @@ do language plpgsql $$ declare row hs_office_relation; begin - call basis.defineContext('create INSERT INTO hs_office_sepamandate permissions for pre-exising hs_office_relation rows'); + call base.defineContext('create INSERT INTO hs_office_sepamandate permissions for pre-exising hs_office_relation rows'); FOR row IN SELECT * FROM hs_office_relation WHERE type = 'DEBITOR' diff --git a/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5076-hs-office-sepamandate-migration.sql b/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5076-hs-office-sepamandate-migration.sql index f53e340d..a831b28e 100644 --- a/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5076-hs-office-sepamandate-migration.sql +++ b/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5076-hs-office-sepamandate-migration.sql @@ -41,7 +41,7 @@ ALTER TABLE hs_office_sepamandate_legacy_id --changeset hs-office-sepamandate-MIGRATION-insert:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -CALL basis.defineContext('schema-migration'); +CALL base.defineContext('schema-migration'); INSERT INTO hs_office_sepamandate_legacy_id(uuid, sepa_mandate_id) SELECT uuid, nextVal('hs_office_sepamandate_legacy_id_seq') FROM hs_office_sepamandate; --/ diff --git a/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5078-hs-office-sepamandate-test-data.sql b/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5078-hs-office-sepamandate-test-data.sql index 49f30655..d71139bb 100644 --- a/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5078-hs-office-sepamandate-test-data.sql +++ b/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5078-hs-office-sepamandate-test-data.sql @@ -43,7 +43,7 @@ end; $$; do language plpgsql $$ begin - call basis.defineContext('creating SEPA-mandate test-data', null, 'superuser-alex@hostsharing.net', 'rbac.global#global:ADMIN'); + call base.defineContext('creating SEPA-mandate test-data', null, 'superuser-alex@hostsharing.net', 'rbac.global#global:ADMIN'); call createHsOfficeSepaMandateTestData(10001, '11', 'DE02120300000000202051', 'ref-10001-11'); call createHsOfficeSepaMandateTestData(10002, '12', 'DE02100500000054540402', 'ref-10002-12'); diff --git a/src/main/resources/db/changelog/5-hs-office/510-membership/5100-hs-office-membership.sql b/src/main/resources/db/changelog/5-hs-office/510-membership/5100-hs-office-membership.sql index 26d1a0d2..7f2f14d8 100644 --- a/src/main/resources/db/changelog/5-hs-office/510-membership/5100-hs-office-membership.sql +++ b/src/main/resources/db/changelog/5-hs-office/510-membership/5100-hs-office-membership.sql @@ -36,5 +36,5 @@ create table if not exists hs_office_membership --changeset hs-office-membership-MAIN-TABLE-JOURNAL:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -call basis.create_journal('hs_office_membership'); +call base.create_journal('hs_office_membership'); --// diff --git a/src/main/resources/db/changelog/5-hs-office/510-membership/5103-hs-office-membership-rbac.sql b/src/main/resources/db/changelog/5-hs-office/510-membership/5103-hs-office-membership-rbac.sql index 5994d929..0218f68c 100644 --- a/src/main/resources/db/changelog/5-hs-office/510-membership/5103-hs-office-membership-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/510-membership/5103-hs-office-membership-rbac.sql @@ -101,7 +101,7 @@ do language plpgsql $$ declare row rbac.global%ROWTYPE; begin - call basis.defineContext('create INSERT INTO hs_office_membership permissions for pre-exising rbac.Global rows'); + call base.defineContext('create INSERT INTO hs_office_membership permissions for pre-exising rbac.Global rows'); FOR row IN SELECT * FROM rbac.global -- unconditional for all rows in that table diff --git a/src/main/resources/db/changelog/5-hs-office/510-membership/5108-hs-office-membership-test-data.sql b/src/main/resources/db/changelog/5-hs-office/510-membership/5108-hs-office-membership-test-data.sql index 805fb4b9..9ada85be 100644 --- a/src/main/resources/db/changelog/5-hs-office/510-membership/5108-hs-office-membership-test-data.sql +++ b/src/main/resources/db/changelog/5-hs-office/510-membership/5108-hs-office-membership-test-data.sql @@ -33,7 +33,7 @@ end; $$; do language plpgsql $$ begin - call basis.defineContext('creating Membership test-data', null, 'superuser-alex@hostsharing.net', 'rbac.global#global:ADMIN'); + call base.defineContext('creating Membership test-data', null, 'superuser-alex@hostsharing.net', 'rbac.global#global:ADMIN'); call createHsOfficeMembershipTestData(10001, '01'); call createHsOfficeMembershipTestData(10002, '02'); diff --git a/src/main/resources/db/changelog/5-hs-office/511-coopshares/5110-hs-office-coopshares.sql b/src/main/resources/db/changelog/5-hs-office/511-coopshares/5110-hs-office-coopshares.sql index 1cb9dd72..2dd3320b 100644 --- a/src/main/resources/db/changelog/5-hs-office/511-coopshares/5110-hs-office-coopshares.sql +++ b/src/main/resources/db/changelog/5-hs-office/511-coopshares/5110-hs-office-coopshares.sql @@ -64,5 +64,5 @@ alter table hs_office_coopsharestransaction --changeset hs-office-coopshares-MAIN-TABLE-JOURNAL:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -call basis.create_journal('hs_office_coopsharestransaction'); +call base.create_journal('hs_office_coopsharestransaction'); --// diff --git a/src/main/resources/db/changelog/5-hs-office/511-coopshares/5113-hs-office-coopshares-rbac.sql b/src/main/resources/db/changelog/5-hs-office/511-coopshares/5113-hs-office-coopshares-rbac.sql index c265e78b..f8d72a7f 100644 --- a/src/main/resources/db/changelog/5-hs-office/511-coopshares/5113-hs-office-coopshares-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/511-coopshares/5113-hs-office-coopshares-rbac.sql @@ -77,7 +77,7 @@ do language plpgsql $$ declare row hs_office_membership; begin - call basis.defineContext('create INSERT INTO hs_office_coopsharestransaction permissions for pre-exising hs_office_membership rows'); + call base.defineContext('create INSERT INTO hs_office_coopsharestransaction permissions for pre-exising hs_office_membership rows'); FOR row IN SELECT * FROM hs_office_membership -- unconditional for all rows in that table diff --git a/src/main/resources/db/changelog/5-hs-office/511-coopshares/5116-hs-office-coopshares-migration.sql b/src/main/resources/db/changelog/5-hs-office/511-coopshares/5116-hs-office-coopshares-migration.sql index e7dec7c1..134c5ab7 100644 --- a/src/main/resources/db/changelog/5-hs-office/511-coopshares/5116-hs-office-coopshares-migration.sql +++ b/src/main/resources/db/changelog/5-hs-office/511-coopshares/5116-hs-office-coopshares-migration.sql @@ -40,7 +40,7 @@ ALTER TABLE hs_office_coopsharestransaction_legacy_id --changeset hs-office-coopshares-MIGRATION-insert:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -CALL basis.defineContext('schema-migration'); +CALL base.defineContext('schema-migration'); INSERT INTO hs_office_coopsharestransaction_legacy_id(uuid, member_share_id) SELECT uuid, nextVal('hs_office_coopsharestransaction_legacy_id_seq') FROM hs_office_coopsharestransaction; --/ diff --git a/src/main/resources/db/changelog/5-hs-office/511-coopshares/5118-hs-office-coopshares-test-data.sql b/src/main/resources/db/changelog/5-hs-office/511-coopshares/5118-hs-office-coopshares-test-data.sql index 594300d2..d2c10dd1 100644 --- a/src/main/resources/db/changelog/5-hs-office/511-coopshares/5118-hs-office-coopshares-test-data.sql +++ b/src/main/resources/db/changelog/5-hs-office/511-coopshares/5118-hs-office-coopshares-test-data.sql @@ -43,7 +43,7 @@ end; $$; do language plpgsql $$ begin - call basis.defineContext('creating coopSharesTransaction test-data'); + call base.defineContext('creating coopSharesTransaction test-data'); SET CONSTRAINTS ALL DEFERRED; call createHsOfficeCoopSharesTransactionTestData(10001, '01'); diff --git a/src/main/resources/db/changelog/5-hs-office/512-coopassets/5120-hs-office-coopassets.sql b/src/main/resources/db/changelog/5-hs-office/512-coopassets/5120-hs-office-coopassets.sql index 65adf724..298327e9 100644 --- a/src/main/resources/db/changelog/5-hs-office/512-coopassets/5120-hs-office-coopassets.sql +++ b/src/main/resources/db/changelog/5-hs-office/512-coopassets/5120-hs-office-coopassets.sql @@ -72,5 +72,5 @@ alter table hs_office_coopassetstransaction --changeset hs-office-coopassets-MAIN-TABLE-JOURNAL:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -call basis.create_journal('hs_office_coopassetstransaction'); +call base.create_journal('hs_office_coopassetstransaction'); --// diff --git a/src/main/resources/db/changelog/5-hs-office/512-coopassets/5123-hs-office-coopassets-rbac.sql b/src/main/resources/db/changelog/5-hs-office/512-coopassets/5123-hs-office-coopassets-rbac.sql index 549207bc..2be9891c 100644 --- a/src/main/resources/db/changelog/5-hs-office/512-coopassets/5123-hs-office-coopassets-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/512-coopassets/5123-hs-office-coopassets-rbac.sql @@ -77,7 +77,7 @@ do language plpgsql $$ declare row hs_office_membership; begin - call basis.defineContext('create INSERT INTO hs_office_coopassetstransaction permissions for pre-exising hs_office_membership rows'); + call base.defineContext('create INSERT INTO hs_office_coopassetstransaction permissions for pre-exising hs_office_membership rows'); FOR row IN SELECT * FROM hs_office_membership -- unconditional for all rows in that table diff --git a/src/main/resources/db/changelog/5-hs-office/512-coopassets/5126-hs-office-coopassets-migration.sql b/src/main/resources/db/changelog/5-hs-office/512-coopassets/5126-hs-office-coopassets-migration.sql index 47bbfbb7..1d2073f5 100644 --- a/src/main/resources/db/changelog/5-hs-office/512-coopassets/5126-hs-office-coopassets-migration.sql +++ b/src/main/resources/db/changelog/5-hs-office/512-coopassets/5126-hs-office-coopassets-migration.sql @@ -40,7 +40,7 @@ ALTER TABLE hs_office_coopassetstransaction_legacy_id --changeset hs-office-coopassets-MIGRATION-insert:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -CALL basis.defineContext('schema-migration'); +CALL base.defineContext('schema-migration'); INSERT INTO hs_office_coopassetstransaction_legacy_id(uuid, member_asset_id) SELECT uuid, nextVal('hs_office_coopassetstransaction_legacy_id_seq') FROM hs_office_coopassetstransaction; --/ diff --git a/src/main/resources/db/changelog/5-hs-office/512-coopassets/5128-hs-office-coopassets-test-data.sql b/src/main/resources/db/changelog/5-hs-office/512-coopassets/5128-hs-office-coopassets-test-data.sql index ff22f705..4b6c8e4e 100644 --- a/src/main/resources/db/changelog/5-hs-office/512-coopassets/5128-hs-office-coopassets-test-data.sql +++ b/src/main/resources/db/changelog/5-hs-office/512-coopassets/5128-hs-office-coopassets-test-data.sql @@ -43,7 +43,7 @@ end; $$; do language plpgsql $$ begin - call basis.defineContext('creating coopAssetsTransaction test-data'); + call base.defineContext('creating coopAssetsTransaction test-data'); SET CONSTRAINTS ALL DEFERRED; call createHsOfficeCoopAssetsTransactionTestData(10001, '01'); diff --git a/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6200-hs-booking-project.sql b/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6200-hs-booking-project.sql index d8471d71..08e0bcc3 100644 --- a/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6200-hs-booking-project.sql +++ b/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6200-hs-booking-project.sql @@ -18,12 +18,12 @@ create table if not exists hs_booking_project --changeset hs-booking-project-MAIN-TABLE-JOURNAL:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -call basis.create_journal('hs_booking_project'); +call base.create_journal('hs_booking_project'); --// -- ============================================================================ --changeset hs-booking-project-MAIN-TABLE-HISTORIZATION:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -call basis.tx_create_historicization('hs_booking_project'); +call base.tx_create_historicization('hs_booking_project'); --// diff --git a/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6203-hs-booking-project-rbac.sql b/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6203-hs-booking-project-rbac.sql index 8e49475f..600cff4d 100644 --- a/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6203-hs-booking-project-rbac.sql +++ b/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6203-hs-booking-project-rbac.sql @@ -108,7 +108,7 @@ do language plpgsql $$ declare row hs_office_relation; begin - call basis.defineContext('create INSERT INTO hs_booking_project permissions for pre-exising hs_office_relation rows'); + call base.defineContext('create INSERT INTO hs_booking_project permissions for pre-exising hs_office_relation rows'); FOR row IN SELECT * FROM hs_office_relation WHERE type = 'DEBITOR' diff --git a/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6208-hs-booking-project-test-data.sql b/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6208-hs-booking-project-test-data.sql index d9f2653d..61331933 100644 --- a/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6208-hs-booking-project-test-data.sql +++ b/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6208-hs-booking-project-test-data.sql @@ -39,7 +39,7 @@ end; $$; do language plpgsql $$ begin - call basis.defineContext('creating booking-project test-data', null, 'superuser-alex@hostsharing.net', 'rbac.global#global:ADMIN'); + call base.defineContext('creating booking-project test-data', null, 'superuser-alex@hostsharing.net', 'rbac.global#global:ADMIN'); call createHsBookingProjectTransactionTestData(10001, '11'); call createHsBookingProjectTransactionTestData(10002, '12'); diff --git a/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6200-hs-booking-item.sql b/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6200-hs-booking-item.sql index 215a5eb1..33ce2f5e 100644 --- a/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6200-hs-booking-item.sql +++ b/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6200-hs-booking-item.sql @@ -35,13 +35,13 @@ create table if not exists hs_booking_item --changeset hs-booking-item-MAIN-TABLE-JOURNAL:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -call basis.create_journal('hs_booking_item'); +call base.create_journal('hs_booking_item'); --// -- ============================================================================ --changeset hs-booking-item-MAIN-TABLE-HISTORIZATION:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -call basis.tx_create_historicization('hs_booking_item'); +call base.tx_create_historicization('hs_booking_item'); --// diff --git a/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6203-hs-booking-item-rbac.sql b/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6203-hs-booking-item-rbac.sql index 55467ff8..2accb407 100644 --- a/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6203-hs-booking-item-rbac.sql +++ b/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6203-hs-booking-item-rbac.sql @@ -107,7 +107,7 @@ do language plpgsql $$ declare row rbac.global%ROWTYPE; begin - call basis.defineContext('create INSERT INTO hs_booking_item permissions for pre-exising rbac.global rows'); + call base.defineContext('create INSERT INTO hs_booking_item permissions for pre-exising rbac.global rows'); FOR row IN SELECT * FROM rbac.global -- unconditional for all rows in that table @@ -150,7 +150,7 @@ do language plpgsql $$ declare row hs_booking_project; begin - call basis.defineContext('create INSERT INTO hs_booking_item permissions for pre-exising hs_booking_project rows'); + call base.defineContext('create INSERT INTO hs_booking_item permissions for pre-exising hs_booking_project rows'); FOR row IN SELECT * FROM hs_booking_project -- unconditional for all rows in that table diff --git a/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6208-hs-booking-item-test-data.sql b/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6208-hs-booking-item-test-data.sql index 67522d9b..5a4f6ecd 100644 --- a/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6208-hs-booking-item-test-data.sql +++ b/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6208-hs-booking-item-test-data.sql @@ -47,7 +47,7 @@ do language plpgsql $$ declare currentTask text; begin - call basis.defineContext('creating booking-item test-data', null, 'superuser-alex@hostsharing.net', 'rbac.global#global:ADMIN'); + call base.defineContext('creating booking-item test-data', null, 'superuser-alex@hostsharing.net', 'rbac.global#global:ADMIN'); call createHsBookingItemTransactionTestData(10001, '11'); call createHsBookingItemTransactionTestData(10002, '12'); diff --git a/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6303-hs-booking-item-rbac.sql b/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6303-hs-booking-item-rbac.sql index 55467ff8..2accb407 100644 --- a/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6303-hs-booking-item-rbac.sql +++ b/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6303-hs-booking-item-rbac.sql @@ -107,7 +107,7 @@ do language plpgsql $$ declare row rbac.global%ROWTYPE; begin - call basis.defineContext('create INSERT INTO hs_booking_item permissions for pre-exising rbac.global rows'); + call base.defineContext('create INSERT INTO hs_booking_item permissions for pre-exising rbac.global rows'); FOR row IN SELECT * FROM rbac.global -- unconditional for all rows in that table @@ -150,7 +150,7 @@ do language plpgsql $$ declare row hs_booking_project; begin - call basis.defineContext('create INSERT INTO hs_booking_item permissions for pre-exising hs_booking_project rows'); + call base.defineContext('create INSERT INTO hs_booking_item permissions for pre-exising hs_booking_project rows'); FOR row IN SELECT * FROM hs_booking_project -- unconditional for all rows in that table diff --git a/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7010-hs-hosting-asset.sql b/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7010-hs-hosting-asset.sql index 5c1bd781..b7e84250 100644 --- a/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7010-hs-hosting-asset.sql +++ b/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7010-hs-hosting-asset.sql @@ -91,7 +91,7 @@ begin when 'IPV4_NUMBER' then null when 'IPV6_NUMBER' then null - else basis.raiseException(format('[400] unknown asset type %s', NEW.type::text)) + else base.raiseException(format('[400] unknown asset type %s', NEW.type::text)) end); if expectedParentType is not null and actualParentType is null then @@ -166,14 +166,14 @@ execute procedure hs_hosting_asset_booking_item_hierarchy_check_tf(); -- ============================================================================ --changeset hs-hosting-asset-MAIN-TABLE-JOURNAL:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -call basis.create_journal('hs_hosting_asset'); +call base.create_journal('hs_hosting_asset'); --// -- ============================================================================ --changeset hs-hosting-asset-MAIN-TABLE-HISTORIZATION:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -call basis.tx_create_historicization('hs_hosting_asset'); +call base.tx_create_historicization('hs_hosting_asset'); --// diff --git a/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7018-hs-hosting-asset-test-data.sql b/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7018-hs-hosting-asset-test-data.sql index b24e01a3..72061ec0 100644 --- a/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7018-hs-hosting-asset-test-data.sql +++ b/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7018-hs-hosting-asset-test-data.sql @@ -30,7 +30,7 @@ declare pgSqlInstanceUuid uuid; PgSqlSubjectUuid uuid; begin - call basis.defineContext('creating hosting-asset test-data', null, 'superuser-alex@hostsharing.net', 'rbac.global#global:ADMIN'); + call base.defineContext('creating hosting-asset test-data', null, 'superuser-alex@hostsharing.net', 'rbac.global#global:ADMIN'); select project.* into relatedProject from hs_booking_project project @@ -110,7 +110,7 @@ end; $$; do language plpgsql $$ begin - call basis.defineContext('creating hosting-asset test-data', null, 'superuser-alex@hostsharing.net', 'rbac.global#global:ADMIN'); + call base.defineContext('creating hosting-asset test-data', null, 'superuser-alex@hostsharing.net', 'rbac.global#global:ADMIN'); call createHsHostingAssetTestData('D-1000111 default project'); call createHsHostingAssetTestData('D-1000212 default project'); diff --git a/src/main/resources/db/changelog/db.changelog-master.yaml b/src/main/resources/db/changelog/db.changelog-master.yaml index bdd6d3c5..022ad363 100644 --- a/src/main/resources/db/changelog/db.changelog-master.yaml +++ b/src/main/resources/db/changelog/db.changelog-master.yaml @@ -1,32 +1,32 @@ databaseChangeLog: - include: - file: db/changelog/0-basis/000-basis-schema.sql + file: db/changelog/0-base/000-base-schema.sql - include: - file: db/changelog/0-basis/001-last-row-count.sql + file: db/changelog/0-base/001-last-row-count.sql - include: - file: db/changelog/0-basis/002-int-to-var.sql + file: db/changelog/0-base/002-int-to-var.sql - include: - file: db/changelog/0-basis/003-random-in-range.sql + file: db/changelog/0-base/003-random-in-range.sql - include: - file: db/changelog/0-basis/004-jsonb-changes-delta.sql + file: db/changelog/0-base/004-jsonb-changes-delta.sql - include: - file: db/changelog/0-basis/005-uuid-ossp-extension.sql + file: db/changelog/0-base/005-uuid-ossp-extension.sql - include: - file: db/changelog/0-basis/006-numeric-hash-functions.sql + file: db/changelog/0-base/006-numeric-hash-functions.sql - include: - file: db/changelog/0-basis/007-table-columns.sql + file: db/changelog/0-base/007-table-columns.sql - include: - file: db/changelog/0-basis/008-raise-functions.sql + file: db/changelog/0-base/008-raise-functions.sql - include: - file: db/changelog/0-basis/009-check-environment.sql + file: db/changelog/0-base/009-check-environment.sql - include: - file: db/changelog/0-basis/010-context.sql + file: db/changelog/0-base/010-context.sql - include: - file: db/changelog/0-basis/020-audit-log.sql + file: db/changelog/0-base/020-audit-log.sql - include: - file: db/changelog/0-basis/030-historization.sql + file: db/changelog/0-base/030-historization.sql - include: - file: db/changelog/0-basis/090-log-slow-queries-extensions.sql + file: db/changelog/0-base/090-log-slow-queries-extensions.sql - include: file: db/changelog/1-rbac/1000-rbac-schema.sql - include: diff --git a/src/test/java/net/hostsharing/hsadminng/hs/booking/item/HsBookingItemRepositoryIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/hs/booking/item/HsBookingItemRepositoryIntegrationTest.java index cda131b2..d78e8ed2 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/booking/item/HsBookingItemRepositoryIntegrationTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/booking/item/HsBookingItemRepositoryIntegrationTest.java @@ -69,7 +69,7 @@ class HsBookingItemRepositoryIntegrationTest extends ContextBasedTestWithCleanup // given final var query = em.createNativeQuery(""" select currentTask, targetTable, targetOp, targetdelta->>'caption' - from basis.tx_journal_v + from base.tx_journal_v where targettable = 'hs_booking_item'; """); diff --git a/src/test/java/net/hostsharing/hsadminng/hs/booking/project/HsBookingProjectRepositoryIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/hs/booking/project/HsBookingProjectRepositoryIntegrationTest.java index ccab7074..15cc441a 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/booking/project/HsBookingProjectRepositoryIntegrationTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/booking/project/HsBookingProjectRepositoryIntegrationTest.java @@ -64,7 +64,7 @@ class HsBookingProjectRepositoryIntegrationTest extends ContextBasedTestWithClea // given final var query = em.createNativeQuery(""" select currentTask, targetTable, targetOp, targetdelta->>'caption' - from basis.tx_journal_v + from base.tx_journal_v where targettable = 'hs_booking_project'; """); diff --git a/src/test/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAssetRepositoryIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAssetRepositoryIntegrationTest.java index f54ee4cb..33dbdeaf 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAssetRepositoryIntegrationTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAssetRepositoryIntegrationTest.java @@ -77,7 +77,7 @@ class HsHostingAssetRepositoryIntegrationTest extends ContextBasedTestWithCleanu // given final var query = em.createNativeQuery(""" select currentTask, targetTable, targetOp, targetdelta->>'caption' - from basis.tx_journal_v + from base.tx_journal_v where targettable = 'hs_hosting_asset'; """); diff --git a/src/test/java/net/hostsharing/hsadminng/hs/migration/CsvDataImport.java b/src/test/java/net/hostsharing/hsadminng/hs/migration/CsvDataImport.java index 60bb12dd..fc7dac32 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/migration/CsvDataImport.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/migration/CsvDataImport.java @@ -299,8 +299,8 @@ public class CsvDataImport extends ContextBasedTest { jpaAttempt.transacted(() -> { context(rbacSuperuser); em.createNativeQuery("delete from rbac.subject_rv where name not like 'superuser-%'").executeUpdate(); - em.createNativeQuery("delete from basis.tx_journal where true").executeUpdate(); - em.createNativeQuery("delete from basis.tx_context where true").executeUpdate(); + em.createNativeQuery("delete from base.tx_journal where true").executeUpdate(); + em.createNativeQuery("delete from base.tx_context where true").executeUpdate(); }).assertSuccessful(); } diff --git a/src/test/java/net/hostsharing/hsadminng/hs/office/bankaccount/HsOfficeBankAccountRepositoryIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/hs/office/bankaccount/HsOfficeBankAccountRepositoryIntegrationTest.java index c5882f7c..ef3fbd84 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/office/bankaccount/HsOfficeBankAccountRepositoryIntegrationTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/office/bankaccount/HsOfficeBankAccountRepositoryIntegrationTest.java @@ -272,7 +272,7 @@ class HsOfficeBankAccountRepositoryIntegrationTest extends ContextBasedTestWithC // given final var query = em.createNativeQuery(""" select currentTask, targetTable, targetOp, targetdelta->>'iban' - from basis.tx_journal_v + from base.tx_journal_v where targettable = 'hs_office_bankaccount'; """); diff --git a/src/test/java/net/hostsharing/hsadminng/hs/office/contact/HsOfficeContactRbacRepositoryIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/hs/office/contact/HsOfficeContactRbacRepositoryIntegrationTest.java index 9fc25607..2892c14d 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/office/contact/HsOfficeContactRbacRepositoryIntegrationTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/office/contact/HsOfficeContactRbacRepositoryIntegrationTest.java @@ -257,7 +257,7 @@ class HsOfficeContactRbacRepositoryIntegrationTest extends ContextBasedTestWithC // given final var query = em.createNativeQuery(""" select currentTask, targetTable, targetOp, targetdelta->>'caption' - from basis.tx_journal_v + from base.tx_journal_v where targettable = 'hs_office_contact'; """); diff --git a/src/test/java/net/hostsharing/hsadminng/hs/office/coopassets/HsOfficeCoopAssetsTransactionRepositoryIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/hs/office/coopassets/HsOfficeCoopAssetsTransactionRepositoryIntegrationTest.java index 87c4da19..b1f07d52 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/office/coopassets/HsOfficeCoopAssetsTransactionRepositoryIntegrationTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/office/coopassets/HsOfficeCoopAssetsTransactionRepositoryIntegrationTest.java @@ -221,7 +221,7 @@ class HsOfficeCoopAssetsTransactionRepositoryIntegrationTest extends ContextBase // given final var query = em.createNativeQuery(""" select currentTask, targetTable, targetOp, targetdelta->>'reference' - from basis.tx_journal_v + from base.tx_journal_v where targettable = 'hs_office_coopassetstransaction'; """); diff --git a/src/test/java/net/hostsharing/hsadminng/hs/office/coopshares/HsOfficeCoopSharesTransactionRepositoryIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/hs/office/coopshares/HsOfficeCoopSharesTransactionRepositoryIntegrationTest.java index d9b420f9..9bc45e68 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/office/coopshares/HsOfficeCoopSharesTransactionRepositoryIntegrationTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/office/coopshares/HsOfficeCoopSharesTransactionRepositoryIntegrationTest.java @@ -220,7 +220,7 @@ class HsOfficeCoopSharesTransactionRepositoryIntegrationTest extends ContextBase // given final var query = em.createNativeQuery(""" select currentTask, targetTable, targetOp, targetdelta->>'reference' - from basis.tx_journal_v + from base.tx_journal_v where targettable = 'hs_office_coopsharestransaction'; """); diff --git a/src/test/java/net/hostsharing/hsadminng/hs/office/debitor/HsOfficeDebitorRepositoryIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/hs/office/debitor/HsOfficeDebitorRepositoryIntegrationTest.java index 50eb7164..48d7e915 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/office/debitor/HsOfficeDebitorRepositoryIntegrationTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/office/debitor/HsOfficeDebitorRepositoryIntegrationTest.java @@ -590,7 +590,7 @@ class HsOfficeDebitorRepositoryIntegrationTest extends ContextBasedTestWithClean // given final var query = em.createNativeQuery(""" select currentTask, targetTable, targetOp, targetdelta->>'defaultprefix' - from basis.tx_journal_v + from base.tx_journal_v where targettable = 'hs_office_debitor'; """); diff --git a/src/test/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipRepositoryIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipRepositoryIntegrationTest.java index f4acbf9f..c6180dbe 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipRepositoryIntegrationTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipRepositoryIntegrationTest.java @@ -337,7 +337,7 @@ class HsOfficeMembershipRepositoryIntegrationTest extends ContextBasedTestWithCl // given final var query = em.createNativeQuery(""" select currentTask, targetTable, targetOp, targetdelta->>'membernumbersuffix' - from basis.tx_journal_v + from base.tx_journal_v where targettable = 'hs_office_membership'; """); diff --git a/src/test/java/net/hostsharing/hsadminng/hs/office/partner/HsOfficePartnerRepositoryIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/hs/office/partner/HsOfficePartnerRepositoryIntegrationTest.java index f9db0bfa..077159db 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/office/partner/HsOfficePartnerRepositoryIntegrationTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/office/partner/HsOfficePartnerRepositoryIntegrationTest.java @@ -434,7 +434,7 @@ class HsOfficePartnerRepositoryIntegrationTest extends ContextBasedTestWithClean // given final var query = em.createNativeQuery(""" select currentTask, targetTable, targetOp, targetdelta->>'partnernumber' - from basis.tx_journal_v + from base.tx_journal_v where targettable = 'hs_office_partner'; """); diff --git a/src/test/java/net/hostsharing/hsadminng/hs/office/person/HsOfficePersonRepositoryIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/hs/office/person/HsOfficePersonRepositoryIntegrationTest.java index 571fe256..31d81d78 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/office/person/HsOfficePersonRepositoryIntegrationTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/office/person/HsOfficePersonRepositoryIntegrationTest.java @@ -261,7 +261,7 @@ class HsOfficePersonRepositoryIntegrationTest extends ContextBasedTestWithCleanu // given final var query = em.createNativeQuery(""" select currentTask, targetTable, targetOp, targetdelta->>'tradename', targetdelta->>'lastname' - from basis.tx_journal_v + from base.tx_journal_v where targettable = 'hs_office_person'; """); diff --git a/src/test/java/net/hostsharing/hsadminng/hs/office/relation/HsOfficeRelationRepositoryIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/hs/office/relation/HsOfficeRelationRepositoryIntegrationTest.java index ac97db26..a6e7e4cc 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/office/relation/HsOfficeRelationRepositoryIntegrationTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/office/relation/HsOfficeRelationRepositoryIntegrationTest.java @@ -395,7 +395,7 @@ class HsOfficeRelationRepositoryIntegrationTest extends ContextBasedTestWithClea // given final var query = em.createNativeQuery(""" select currentTask, targetTable, targetOp, targetdelta->>'mark' - from basis.tx_journal_v + from base.tx_journal_v where targettable = 'hs_office_relation'; """); diff --git a/src/test/java/net/hostsharing/hsadminng/hs/office/sepamandate/HsOfficeSepaMandateRepositoryIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/hs/office/sepamandate/HsOfficeSepaMandateRepositoryIntegrationTest.java index c41d1764..87688fd1 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/office/sepamandate/HsOfficeSepaMandateRepositoryIntegrationTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/office/sepamandate/HsOfficeSepaMandateRepositoryIntegrationTest.java @@ -380,7 +380,7 @@ class HsOfficeSepaMandateRepositoryIntegrationTest extends ContextBasedTestWithC // given final var query = em.createNativeQuery(""" select currentTask, targetTable, targetOp, targetdelta->>'reference' - from basis.tx_journal_v + from base.tx_journal_v where targettable = 'hs_office_sepamandate'; """); diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/context/ContextIntegrationTests.java b/src/test/java/net/hostsharing/hsadminng/rbac/context/ContextIntegrationTests.java index 1bace68c..1b3fded5 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/context/ContextIntegrationTests.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/context/ContextIntegrationTests.java @@ -81,7 +81,7 @@ class ContextIntegrationTests { // then result.assertExceptionWithRootCauseMessage( jakarta.persistence.PersistenceException.class, - "[401] subject unknown@example.org given in `basis.defineContext(...)` does not exist"); + "[401] subject unknown@example.org given in `base.defineContext(...)` does not exist"); } @Test diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/context/ContextUnitTest.java b/src/test/java/net/hostsharing/hsadminng/rbac/context/ContextUnitTest.java index 1a9f9140..6a6d690f 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/context/ContextUnitTest.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/context/ContextUnitTest.java @@ -28,7 +28,7 @@ import static org.mockito.Mockito.verify; class ContextUnitTest { private static final String DEFINE_CONTEXT_QUERY_STRING = """ - call basis.defineContext( + call base.defineContext( cast(:currentTask as varchar(127)), cast(:currentRequest as text), cast(:currentSubject as varchar(63)), diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleRepositoryIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleRepositoryIntegrationTest.java index b7e3b3d9..6b8ce2d8 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleRepositoryIntegrationTest.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleRepositoryIntegrationTest.java @@ -146,7 +146,7 @@ class RbacRoleRepositoryIntegrationTest { result.assertExceptionWithRootCauseMessage( JpaSystemException.class, - "[401] currentSubjectOrAssumedRolesUuids cannot be determined, please call `basis.defineContext(...)` with a valid subject"); + "[401] currentSubjectOrAssumedRolesUuids cannot be determined, please call `base.defineContext(...)` with a valid subject"); } } -- 2.39.5 From 365a228d44322a4cda136475a87c6303cf16483c Mon Sep 17 00:00:00 2001 From: Michael Hoennig Date: Fri, 13 Sep 2024 20:31:41 +0200 Subject: [PATCH 31/57] rbac.grants --- .../RolesGrantsAndPermissionsGenerator.java | 2 +- .../db/changelog/1-rbac/1050-rbac-base.sql | 50 +++++++++---------- .../1-rbac/1051-rbac-subject-grant.sql | 12 ++--- .../db/changelog/1-rbac/1055-rbac-views.sql | 12 ++--- .../changelog/1-rbac/1058-rbac-generators.sql | 12 ++--- .../changelog/1-rbac/1059-rbac-statistics.sql | 2 +- .../5033-hs-office-relation-rbac.sql | 2 +- .../5063-hs-office-debitor-rbac.sql | 2 +- .../7013-hs-hosting-asset-rbac.sql | 2 +- 9 files changed, 48 insertions(+), 48 deletions(-) diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RolesGrantsAndPermissionsGenerator.java b/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RolesGrantsAndPermissionsGenerator.java index d28f3193..727e5d62 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RolesGrantsAndPermissionsGenerator.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RolesGrantsAndPermissionsGenerator.java @@ -114,7 +114,7 @@ class RolesGrantsAndPermissionsGenerator { begin if ${updateConditions} then - delete from rbacgrants g where g.grantedbytriggerof = OLD.uuid; + delete from rbac.grants g where g.grantedbytriggerof = OLD.uuid; call buildRbacSystemFor${simpleEntityName}(NEW); end if; end; $$; diff --git a/src/main/resources/db/changelog/1-rbac/1050-rbac-base.sql b/src/main/resources/db/changelog/1-rbac/1050-rbac-base.sql index 232ceb0d..41ac20b3 100644 --- a/src/main/resources/db/changelog/1-rbac/1050-rbac-base.sql +++ b/src/main/resources/db/changelog/1-rbac/1050-rbac-base.sql @@ -300,7 +300,7 @@ create or replace function deleteRbacGrantsOfRbacRole() strict as $$ begin if TG_OP = 'DELETE' then - delete from RbacGrants g where old.uuid in (g.grantedbyroleuuid, g.ascendantuuid, g.descendantuuid); + delete from rbac.grants g where old.uuid in (g.grantedbyroleuuid, g.ascendantuuid, g.descendantuuid); else raise exception 'invalid usage of TRIGGER BEFORE DELETE'; end if; @@ -484,7 +484,7 @@ $$; /* Table to store grants / role- or permission assignments to subjects or roles. */ -create table RbacGrants +create table rbac.grants ( uuid uuid primary key default uuid_generate_v4(), grantedByTriggerOf uuid references rbac.object (uuid) on delete cascade initially deferred , @@ -494,26 +494,26 @@ create table RbacGrants assumed boolean not null default true, -- auto assumed (true) vs. needs assumeRoles (false) unique (ascendantUuid, descendantUuid), constraint rbacGrant_createdBy check ( grantedByRoleUuid is null or grantedByTriggerOf is null) ); -create index on RbacGrants (ascendantUuid); -create index on RbacGrants (descendantUuid); +create index on rbac.grants (ascendantUuid); +create index on rbac.grants (descendantUuid); -call base.create_journal('RbacGrants'); +call base.create_journal('rbac.grants'); create or replace function findGrantees(grantedId uuid) returns setof rbac.reference returns null on null input language sql as $$ with recursive grants as ( select descendantUuid, ascendantUuid - from RbacGrants + from rbac.grants where descendantUuid = grantedId union all select g.descendantUuid, g.ascendantUuid - from RbacGrants g + from rbac.grants g inner join grants on grants.ascendantUuid = g.descendantUuid ) select ref.* from grants - join rbac.reference ref on ref.uuid = grants.ascendantUuid; + join rbac.reference ref on ref.uuid = grants.ascendantUuid; $$; create or replace function isGranted(granteeIds uuid[], grantedId uuid) @@ -522,11 +522,11 @@ create or replace function isGranted(granteeIds uuid[], grantedId uuid) language sql as $$ with recursive grants as ( select descendantUuid, ascendantUuid - from RbacGrants + from rbac.grants where descendantUuid = grantedId union all select "grant".descendantUuid, "grant".ascendantUuid - from RbacGrants "grant" + from rbac.grants "grant" inner join grants recur on recur.ascendantUuid = "grant".descendantUuid ) select exists ( @@ -548,11 +548,11 @@ create or replace function isPermissionGrantedToSubject(permissionId uuid, subje language sql as $$ with recursive grants as ( select descendantUuid, ascendantUuid - from RbacGrants + from rbac.grants where descendantUuid = permissionId union all select g.descendantUuid, g.ascendantUuid - from RbacGrants g + from rbac.grants g inner join grants on grants.ascendantUuid = g.descendantUuid ) select exists( @@ -580,7 +580,7 @@ create or replace function hasGlobalRoleGranted(forAscendantUuid uuid) language sql as $$ select exists( select r.uuid - from RbacGrants as g + from rbac.grants as g join RbacRole as r on r.uuid = g.descendantuuid join rbac.object as o on o.uuid = r.objectuuid where g.ascendantuuid = forAscendantUuid @@ -595,7 +595,7 @@ begin perform rbac.assertReferenceType('permissionId (descendant)', permissionUuid, 'RbacPermission'); insert - into RbacGrants (grantedByTriggerOf, ascendantUuid, descendantUuid, assumed) + into rbac.grants (grantedByTriggerOf, ascendantUuid, descendantUuid, assumed) values (rbac.currentTriggerObjectUuid(), roleUuid, permissionUuid, true) on conflict do nothing; -- allow granting multiple times end; @@ -619,7 +619,7 @@ begin end if; insert - into RbacGrants (grantedByTriggerOf, ascendantuuid, descendantUuid, assumed) + into rbac.grants (grantedByTriggerOf, ascendantuuid, descendantUuid, assumed) values (rbac.currentTriggerObjectUuid(), superRoleId, subRoleId, doAssume) on conflict do nothing; -- allow granting multiple times end; $$; @@ -647,7 +647,7 @@ begin end if; insert - into RbacGrants (grantedByTriggerOf, ascendantuuid, descendantUuid, assumed) + into rbac.grants (grantedByTriggerOf, ascendantuuid, descendantUuid, assumed) values (rbac.currentTriggerObjectUuid(), superRoleId, subRoleId, doAssume) on conflict do nothing; -- allow granting multiple times end; $$; @@ -665,7 +665,7 @@ begin perform rbac.assertReferenceType('subRoleId (descendant)', subRoleId, 'RbacRole'); if (isGranted(superRoleId, subRoleId)) then - delete from RbacGrants where ascendantUuid = superRoleId and descendantUuid = subRoleId; + delete from rbac.grants where ascendantUuid = superRoleId and descendantUuid = subRoleId; else raise exception 'cannot revoke role % (%) from % (%) because it is not granted', subRole, subRoleId, superRole, superRoleId; @@ -686,10 +686,10 @@ begin perform rbac.assertReferenceType('permission (descendant)', permissionId, 'RbacPermission'); if (isGranted(superRoleId, permissionId)) then - delete from RbacGrants where ascendantUuid = superRoleId and descendantUuid = permissionId; + delete from rbac.grants where ascendantUuid = superRoleId and descendantUuid = permissionId; else select p.op, o.objectTable, o.uuid - from rbacGrants g + from rbac.grants g join rbacPermission p on p.uuid=g.descendantUuid join rbac.object o on o.uuid=p.objectUuid where g.uuid=permissionId @@ -720,12 +720,12 @@ begin return query WITH RECURSIVE grants AS ( SELECT descendantUuid, ascendantUuid, 1 AS level - FROM RbacGrants + FROM rbac.grants WHERE assumed AND ascendantUuid = any(subjectIds) UNION ALL SELECT g.descendantUuid, g.ascendantUuid, grants.level + 1 AS level - FROM RbacGrants g + FROM rbac.grants g INNER JOIN grants ON grants.descendantUuid = g.ascendantUuid WHERE g.assumed ), @@ -764,11 +764,11 @@ create or replace function queryPermissionsGrantedToSubjectId(subjectId uuid) language sql as $$ with recursive grants as ( select descendantUuid, ascendantUuid - from RbacGrants + from rbac.grants where ascendantUuid = subjectId union all select g.descendantUuid, g.ascendantUuid - from RbacGrants g + from rbac.grants g inner join grants on grants.descendantUuid = g.ascendantUuid ) select perm.* @@ -798,11 +798,11 @@ select * -- @formatter:off with recursive grants as ( select descendantUuid, ascendantUuid - from RbacGrants + from rbac.grants where descendantUuid = objectId union all select "grant".descendantUuid, "grant".ascendantUuid - from RbacGrants "grant" + from rbac.grants "grant" inner join grants recur on recur.ascendantUuid = "grant".descendantUuid ) -- @formatter:on diff --git a/src/main/resources/db/changelog/1-rbac/1051-rbac-subject-grant.sql b/src/main/resources/db/changelog/1-rbac/1051-rbac-subject-grant.sql index b0b56c49..c44d21e4 100644 --- a/src/main/resources/db/changelog/1-rbac/1051-rbac-subject-grant.sql +++ b/src/main/resources/db/changelog/1-rbac/1051-rbac-subject-grant.sql @@ -28,7 +28,7 @@ begin perform rbac.assertReferenceType('subjectUuid (ascendant)', subjectUuid, 'rbac.subject'); insert - into RbacGrants (grantedByRoleUuid, ascendantUuid, descendantUuid, assumed) + into rbac.grants (grantedByRoleUuid, ascendantUuid, descendantUuid, assumed) values (grantedByRoleUuid, subjectUuid, grantedRoleUuid, doAssume) -- TODO: check if grantedByRoleUuid+doAssume are the same, otherwise raise exception? on conflict do nothing; -- allow granting multiple times @@ -61,7 +61,7 @@ begin end if; insert - into RbacGrants (grantedByRoleUuid, ascendantUuid, descendantUuid, assumed) + into rbac.grants (grantedByRoleUuid, ascendantUuid, descendantUuid, assumed) values (grantedByRoleUuid, subjectUuid, grantedRoleUuid, doAssume); -- TODO.impl: What should happen on multiple grants? What if options (doAssume) are not the same? -- Most powerful or latest grant wins? What about managed? @@ -104,8 +104,8 @@ create or replace procedure rbac.revokeRoleFromSubject(grantedByRoleUuid uuid, g begin call rbac.checkRevokeRoleFromSubjectPreconditions(grantedByRoleUuid, grantedRoleUuid, subjectUuid); - raise INFO 'delete from RbacGrants where ascendantUuid = % and descendantUuid = %', subjectUuid, grantedRoleUuid; - delete from RbacGrants as g + raise INFO 'delete from rbac.grants where ascendantUuid = % and descendantUuid = %', subjectUuid, grantedRoleUuid; + delete from rbac.grants as g where g.ascendantUuid = subjectUuid and g.descendantUuid = grantedRoleUuid and g.grantedByRoleUuid = revokeRoleFromSubject.grantedByRoleUuid; end; $$; @@ -118,8 +118,8 @@ end; $$; create or replace procedure rbac.revokePermissionFromRole(permissionUuid uuid, superRoleUuid uuid) language plpgsql as $$ begin - raise INFO 'delete from RbacGrants where ascendantUuid = % and descendantUuid = %', superRoleUuid, permissionUuid; - delete from RbacGrants as g + raise INFO 'delete from rbac.grants where ascendantUuid = % and descendantUuid = %', superRoleUuid, permissionUuid; + delete from rbac.grants as g where g.ascendantUuid = superRoleUuid and g.descendantUuid = permissionUuid; end; $$; --// diff --git a/src/main/resources/db/changelog/1-rbac/1055-rbac-views.sql b/src/main/resources/db/changelog/1-rbac/1055-rbac-views.sql index 51d6c9e7..d549bb42 100644 --- a/src/main/resources/db/changelog/1-rbac/1055-rbac-views.sql +++ b/src/main/resources/db/changelog/1-rbac/1055-rbac-views.sql @@ -85,7 +85,7 @@ create or replace view rbacgrants_ev as ) as descendingIdName, dro.objectTable, dro.uuid, dp.op, dp.optablename - from rbacgrants as g + from rbac.grants as g left outer join rbacrole as ar on ar.uuid = g.ascendantUuid left outer join rbac.object as aro on aro.uuid = ar.objectuuid @@ -123,7 +123,7 @@ select o.objectTable || '#' || findIdNameByObjectUuid(o.objectTable, o.uuid) || select g.grantedbyroleuuid, g.ascendantuuid, g.descendantuuid, g.assumed, u.name as userName, o.objecttable, r.objectuuid, r.roletype, findIdNameByObjectUuid(o.objectTable, o.uuid) as objectIdName - from rbacgrants as g + from rbac.grants as g join rbacrole as r on r.uuid = g.descendantUuid join rbac.object o on o.uuid = r.objectuuid left outer join rbac.subject u on u.uuid = g.ascendantuuid @@ -211,7 +211,7 @@ select distinct * from ( select usersInRolesOfcurrentSubject.* from rbac.subject as usersInRolesOfcurrentSubject - join RbacGrants as g on g.ascendantuuid = usersInRolesOfcurrentSubject.uuid + join rbac.grants as g on g.ascendantuuid = usersInRolesOfcurrentSubject.uuid join rbacrole_ev as r on r.uuid = g.descendantuuid union select users.* @@ -236,7 +236,7 @@ create or replace view rbac.subject_rv as from ( select usersInRolesOfcurrentSubject.* from rbac.subject as usersInRolesOfcurrentSubject - join RbacGrants as g on g.ascendantuuid = usersInRolesOfcurrentSubject.uuid + join rbac.grants as g on g.ascendantuuid = usersInRolesOfcurrentSubject.uuid join rbacrole_rv as r on r.uuid = g.descendantuuid union select users.* @@ -330,7 +330,7 @@ select r.uuid as roleuuid, p.uuid as permissionUuid, (r.objecttable || ':' || r.objectidname || ':' || r.roletype) as roleName, p.op, o.objecttable, r.objectidname, o.uuid as objectuuid from rbacrole_rv r - join rbacgrants g on g.ascendantuuid = r.uuid + join rbac.grants g on g.ascendantuuid = r.uuid join rbacpermission p on p.uuid = g.descendantuuid join rbac.object o on o.uuid = p.objectuuid; grant all privileges on rbac.own_granted_permissions_rv to ${HSADMINNG_POSTGRES_RESTRICTED_USERNAME}; @@ -370,7 +370,7 @@ begin findIdNameByObjectUuid(po.objectTable, po.uuid) as permissionObjectIdName, po.uuid as permissionObjectUuid from queryPermissionsGrantedToSubjectId( targetSubjectUuid) as p - join rbacgrants as g on g.descendantUuid = p.uuid + join rbac.grants as g on g.descendantUuid = p.uuid join rbac.object as po on po.uuid = p.objectUuid join rbacrole_rv as r on r.uuid = g.ascendantUuid join rbac.object as ro on ro.uuid = r.objectUuid diff --git a/src/main/resources/db/changelog/1-rbac/1058-rbac-generators.sql b/src/main/resources/db/changelog/1-rbac/1058-rbac-generators.sql index a8fdfe1e..e0dcf75e 100644 --- a/src/main/resources/db/changelog/1-rbac/1058-rbac-generators.sql +++ b/src/main/resources/db/changelog/1-rbac/1058-rbac-generators.sql @@ -179,19 +179,19 @@ begin with accessible_%1$s_uuids as ( with recursive recursive_grants as - (select distinct rbacgrants.descendantuuid, - rbacgrants.ascendantuuid, + (select distinct rbac.grants.descendantuuid, + rbac.grants.ascendantuuid, 1 as level, true - from rbacgrants - where rbacgrants.assumed - and (rbacgrants.ascendantuuid = any (rbac.currentSubjectOrAssumedRolesUuids())) + from rbac.grants + where rbac.grants.assumed + and (rbac.grants.ascendantuuid = any (rbac.currentSubjectOrAssumedRolesUuids())) union all select distinct g.descendantuuid, g.ascendantuuid, grants.level + 1 as level, base.assertTrue(grants.level < 22, 'too many grant-levels: ' || grants.level) - from rbacgrants g + from rbac.grants g join recursive_grants grants on grants.descendantuuid = g.ascendantuuid where g.assumed), grant_count AS ( diff --git a/src/main/resources/db/changelog/1-rbac/1059-rbac-statistics.sql b/src/main/resources/db/changelog/1-rbac/1059-rbac-statistics.sql index 2f11a5ca..e503ae01 100644 --- a/src/main/resources/db/changelog/1-rbac/1059-rbac-statistics.sql +++ b/src/main/resources/db/changelog/1-rbac/1059-rbac-statistics.sql @@ -20,7 +20,7 @@ select no, to_char("count", '9 999 999 999') as "count", "table" from rbac.reference union select 5 as no, count(*) as "count", 'grants' as "table" - from RbacGrants + from rbac.grants union select 6 as no, count(*) as "count", 'objects' as "table" from rbac.object) as totals diff --git a/src/main/resources/db/changelog/5-hs-office/503-relation/5033-hs-office-relation-rbac.sql b/src/main/resources/db/changelog/5-hs-office/503-relation/5033-hs-office-relation-rbac.sql index 84e19105..b0769dec 100644 --- a/src/main/resources/db/changelog/5-hs-office/503-relation/5033-hs-office-relation-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/503-relation/5033-hs-office-relation-rbac.sql @@ -125,7 +125,7 @@ create or replace procedure updateRbacRulesForHsOfficeRelation( begin if NEW.contactUuid is distinct from OLD.contactUuid then - delete from rbacgrants g where g.grantedbytriggerof = OLD.uuid; + delete from rbac.grants g where g.grantedbytriggerof = OLD.uuid; call buildRbacSystemForHsOfficeRelation(NEW); end if; end; $$; diff --git a/src/main/resources/db/changelog/5-hs-office/506-debitor/5063-hs-office-debitor-rbac.sql b/src/main/resources/db/changelog/5-hs-office/506-debitor/5063-hs-office-debitor-rbac.sql index b0a392da..58175132 100644 --- a/src/main/resources/db/changelog/5-hs-office/506-debitor/5063-hs-office-debitor-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/506-debitor/5063-hs-office-debitor-rbac.sql @@ -101,7 +101,7 @@ begin if NEW.debitorRelUuid is distinct from OLD.debitorRelUuid or NEW.refundBankAccountUuid is distinct from OLD.refundBankAccountUuid then - delete from rbacgrants g where g.grantedbytriggerof = OLD.uuid; + delete from rbac.grants g where g.grantedbytriggerof = OLD.uuid; call buildRbacSystemForHsOfficeDebitor(NEW); end if; end; $$; diff --git a/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7013-hs-hosting-asset-rbac.sql b/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7013-hs-hosting-asset-rbac.sql index 93135e0c..72357dff 100644 --- a/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7013-hs-hosting-asset-rbac.sql +++ b/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7013-hs-hosting-asset-rbac.sql @@ -129,7 +129,7 @@ begin if NEW.assignedToAssetUuid is distinct from OLD.assignedToAssetUuid or NEW.alarmContactUuid is distinct from OLD.alarmContactUuid then - delete from rbacgrants g where g.grantedbytriggerof = OLD.uuid; + delete from rbac.grants g where g.grantedbytriggerof = OLD.uuid; call buildRbacSystemForHsHostingAsset(NEW); end if; end; $$; -- 2.39.5 From 357c0914115be41fbea7fd59f6bd89b9d04e3753 Mon Sep 17 00:00:00 2001 From: Michael Hoennig Date: Fri, 13 Sep 2024 20:33:32 +0200 Subject: [PATCH 32/57] rbac.permission --- .../rbacgrant/RbacGrantsDiagramService.java | 2 +- .../db/changelog/1-rbac/1050-rbac-base.sql | 40 +++++++++---------- .../db/changelog/1-rbac/1055-rbac-views.sql | 4 +- .../changelog/1-rbac/1058-rbac-generators.sql | 2 +- .../changelog/1-rbac/1059-rbac-statistics.sql | 2 +- 5 files changed, 25 insertions(+), 25 deletions(-) diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantsDiagramService.java b/src/main/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantsDiagramService.java index a76de163..d95cd252 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantsDiagramService.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantsDiagramService.java @@ -94,7 +94,7 @@ public class RbacGrantsDiagramService { } public String allGrantsFrom(final UUID targetObject, final String op, final EnumSet includes) { - final var refUuid = (UUID) em.createNativeQuery("SELECT uuid FROM rbacpermission WHERE objectuuid=:targetObject AND op=:op") + final var refUuid = (UUID) em.createNativeQuery("SELECT uuid FROM rbac.permission WHERE objectuuid=:targetObject AND op=:op") .setParameter("targetObject", targetObject) .setParameter("op", op) .getSingleResult(); diff --git a/src/main/resources/db/changelog/1-rbac/1050-rbac-base.sql b/src/main/resources/db/changelog/1-rbac/1050-rbac-base.sql index 41ac20b3..6ddd9d8e 100644 --- a/src/main/resources/db/changelog/1-rbac/1050-rbac-base.sql +++ b/src/main/resources/db/changelog/1-rbac/1050-rbac-base.sql @@ -6,7 +6,7 @@ /* */ -create type rbac.referenceType as enum ('rbac.subject', 'RbacRole', 'RbacPermission'); +create type rbac.referenceType as enum ('rbac.subject', 'RbacRole', 'rbac.permission'); create table rbac.reference ( @@ -331,7 +331,7 @@ create or replace function deleteRbacRolesOfRbacObject() strict as $$ begin if TG_OP = 'DELETE' then - delete from RbacPermission p where p.objectuuid = old.uuid; + delete from rbac.permission p where p.objectuuid = old.uuid; delete from RbacRole r where r.objectUuid = old.uuid; else raise exception 'invalid usage of TRIGGER BEFORE DELETE'; @@ -365,7 +365,7 @@ create domain RbacOp as varchar(6) or VALUE = 'ASSUME' ); -create table RbacPermission +create table rbac.permission ( uuid uuid primary key references rbac.reference (uuid) on delete cascade, objectUuid uuid not null references rbac.object, @@ -373,13 +373,13 @@ create table RbacPermission opTableName varchar(60) ); -- TODO.perf: check if these indexes are really useful -create index on RbacPermission (objectUuid, op); -create index on RbacPermission (opTableName, op); +create index on rbac.permission (objectUuid, op); +create index on rbac.permission (opTableName, op); -ALTER TABLE RbacPermission +ALTER TABLE rbac.permission ADD CONSTRAINT RbacPermission_uc UNIQUE NULLS NOT DISTINCT (objectUuid, op, opTableName); -call base.create_journal('RbacPermission'); +call base.create_journal('rbac.permission'); create or replace function createPermission(forObjectUuid uuid, forOp RbacOp, forOpTableName text = null) returns uuid @@ -398,19 +398,19 @@ begin end if; permissionUuid := ( - select uuid from RbacPermission + select uuid from rbac.permission where objectUuid = forObjectUuid and op = forOp and opTableName is not distinct from forOpTableName); if (permissionUuid is null) then insert into rbac.reference ("type") - values ('RbacPermission') + values ('rbac.permission') returning uuid into permissionUuid; begin - insert into RbacPermission (uuid, objectUuid, op, opTableName) + insert into rbac.permission (uuid, objectUuid, op, opTableName) values (permissionUuid, forObjectUuid, forOp, forOpTableName); exception when others then - raise exception 'insert into RbacPermission (uuid, objectUuid, op, opTableName) + raise exception 'insert into rbac.permission (uuid, objectUuid, op, opTableName) values (%, %, %, %);', permissionUuid, forObjectUuid, forOp, forOpTableName; end; end if; @@ -423,7 +423,7 @@ create or replace function findEffectivePermissionId(forObjectUuid uuid, forOp R stable -- leakproof language sql as $$ select uuid - from RbacPermission p + from rbac.permission p where p.objectUuid = forObjectUuid and (forOp = 'SELECT' or p.op = forOp) -- all other RbacOp include 'SELECT' and p.opTableName = forOpTableName @@ -435,7 +435,7 @@ create or replace function findPermissionId(forObjectUuid uuid, forOp RbacOp, fo stable -- leakproof language sql as $$ select uuid - from RbacPermission p + from rbac.permission p where p.objectUuid = forObjectUuid and p.op = forOp and p.opTableName = forOpTableName @@ -449,7 +449,7 @@ declare permissionUuid uuid; begin select uuid into permissionUuid - from RbacPermission p + from rbac.permission p where p.objectUuid = forObjectUuid and p.op = forOp and forOpTableName is null or p.opTableName = forOpTableName; @@ -592,7 +592,7 @@ create or replace procedure grantPermissionToRole(permissionUuid uuid, roleUuid language plpgsql as $$ begin perform rbac.assertReferenceType('roleId (ascendant)', roleUuid, 'RbacRole'); - perform rbac.assertReferenceType('permissionId (descendant)', permissionUuid, 'RbacPermission'); + perform rbac.assertReferenceType('permissionId (descendant)', permissionUuid, 'rbac.permission'); insert into rbac.grants (grantedByTriggerOf, ascendantUuid, descendantUuid, assumed) @@ -683,14 +683,14 @@ begin superRoleId := findRoleId(superRole); perform rbac.assertReferenceType('superRoleId (ascendant)', superRoleId, 'RbacRole'); - perform rbac.assertReferenceType('permission (descendant)', permissionId, 'RbacPermission'); + perform rbac.assertReferenceType('permission (descendant)', permissionId, 'rbac.permission'); if (isGranted(superRoleId, permissionId)) then delete from rbac.grants where ascendantUuid = superRoleId and descendantUuid = permissionId; else select p.op, o.objectTable, o.uuid from rbac.grants g - join rbacPermission p on p.uuid=g.descendantUuid + join rbac.permission p on p.uuid=g.descendantUuid join rbac.object o on o.uuid=p.objectUuid where g.uuid=permissionId into permissionOp, objectTable, objectUuid; @@ -735,7 +735,7 @@ begin ) SELECT DISTINCT perm.objectUuid FROM granted - JOIN RbacPermission perm ON granted.descendantUuid = perm.uuid + JOIN rbac.permission perm ON granted.descendantUuid = perm.uuid JOIN rbac.object obj ON obj.uuid = perm.objectUuid WHERE (requiredOp = 'SELECT' OR perm.op = requiredOp) AND obj.objectTable = forObjectTable @@ -759,7 +759,7 @@ $$; Returns all permissions accessible to the given subject UUID (subject or role). */ create or replace function queryPermissionsGrantedToSubjectId(subjectId uuid) - returns setof RbacPermission + returns setof rbac.permission strict language sql as $$ with recursive grants as ( @@ -772,7 +772,7 @@ with recursive grants as ( inner join grants on grants.descendantUuid = g.ascendantUuid ) select perm.* - from RbacPermission perm + from rbac.permission perm where perm.uuid in ( select descendantUuid from grants diff --git a/src/main/resources/db/changelog/1-rbac/1055-rbac-views.sql b/src/main/resources/db/changelog/1-rbac/1055-rbac-views.sql index d549bb42..94e1616c 100644 --- a/src/main/resources/db/changelog/1-rbac/1055-rbac-views.sql +++ b/src/main/resources/db/changelog/1-rbac/1055-rbac-views.sql @@ -93,7 +93,7 @@ create or replace view rbacgrants_ev as left outer join rbacrole as dr on dr.uuid = g.descendantUuid left outer join rbac.object as dro on dro.uuid = dr.objectuuid - left outer join rbacpermission dp on dp.uuid = g.descendantUuid + left outer join rbac.permission dp on dp.uuid = g.descendantUuid left outer join rbac.object as dpo on dpo.uuid = dp.objectUuid ) as x left outer join rbacrole as r on r.uuid = grantedByRoleUuid @@ -331,7 +331,7 @@ select r.uuid as roleuuid, p.uuid as permissionUuid, o.objecttable, r.objectidname, o.uuid as objectuuid from rbacrole_rv r join rbac.grants g on g.ascendantuuid = r.uuid - join rbacpermission p on p.uuid = g.descendantuuid + join rbac.permission p on p.uuid = g.descendantuuid join rbac.object o on o.uuid = p.objectuuid; grant all privileges on rbac.own_granted_permissions_rv to ${HSADMINNG_POSTGRES_RESTRICTED_USERNAME}; -- @formatter:om diff --git a/src/main/resources/db/changelog/1-rbac/1058-rbac-generators.sql b/src/main/resources/db/changelog/1-rbac/1058-rbac-generators.sql index e0dcf75e..05941d1b 100644 --- a/src/main/resources/db/changelog/1-rbac/1058-rbac-generators.sql +++ b/src/main/resources/db/changelog/1-rbac/1058-rbac-generators.sql @@ -202,7 +202,7 @@ begin as valid) select distinct perm.objectuuid from recursive_grants - join rbacpermission perm on recursive_grants.descendantuuid = perm.uuid + join rbac.permission perm on recursive_grants.descendantuuid = perm.uuid join rbac.object obj on obj.uuid = perm.objectuuid join count_check cc on cc.valid where obj.objectTable = '%1$s' -- 'SELECT' permission is included in all other permissions diff --git a/src/main/resources/db/changelog/1-rbac/1059-rbac-statistics.sql b/src/main/resources/db/changelog/1-rbac/1059-rbac-statistics.sql index e503ae01..7367e1f0 100644 --- a/src/main/resources/db/changelog/1-rbac/1059-rbac-statistics.sql +++ b/src/main/resources/db/changelog/1-rbac/1059-rbac-statistics.sql @@ -14,7 +14,7 @@ select no, to_char("count", '9 999 999 999') as "count", "table" from RbacRole union select 3 as no, count(*) as "count", 'permissions' as "table" - from RbacPermission + from rbac.permission union select 4 as no, count(*) as "count", 'references' as "table" from rbac.reference -- 2.39.5 From d1c8c30d8b6a40545d73bed405cf263e01dbc151 Mon Sep 17 00:00:00 2001 From: Michael Hoennig Date: Fri, 13 Sep 2024 20:46:54 +0200 Subject: [PATCH 33/57] rbac.role --- .../rbac/rbacrole/RbacRoleEntity.java | 2 +- .../db/changelog/1-rbac/1050-rbac-base.sql | 64 +++++++++---------- .../1-rbac/1051-rbac-subject-grant.sql | 18 +++--- .../db/changelog/1-rbac/1054-rbac-context.sql | 2 +- .../db/changelog/1-rbac/1055-rbac-views.sql | 34 +++++----- .../changelog/1-rbac/1059-rbac-statistics.sql | 2 +- .../rbac/rbacrole/RawRbacRoleEntity.java | 2 +- .../test/ContextBasedTestWithCleanup.java | 2 +- 8 files changed, 63 insertions(+), 63 deletions(-) diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleEntity.java b/src/main/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleEntity.java index fa21785a..25fe16de 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleEntity.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleEntity.java @@ -8,7 +8,7 @@ import jakarta.persistence.*; import java.util.UUID; @Entity -@Table(name = "rbacrole_rv") +@Table(schema = "rbac", name = "role_rv") @Getter @Setter @ToString diff --git a/src/main/resources/db/changelog/1-rbac/1050-rbac-base.sql b/src/main/resources/db/changelog/1-rbac/1050-rbac-base.sql index 6ddd9d8e..c4ca5906 100644 --- a/src/main/resources/db/changelog/1-rbac/1050-rbac-base.sql +++ b/src/main/resources/db/changelog/1-rbac/1050-rbac-base.sql @@ -6,7 +6,7 @@ /* */ -create type rbac.referenceType as enum ('rbac.subject', 'RbacRole', 'rbac.permission'); +create type rbac.referenceType as enum ('rbac.subject', 'rbac.role', 'rbac.permission'); create table rbac.reference ( @@ -166,7 +166,7 @@ end; $$; create type RbacRoleType as enum ('OWNER', 'ADMIN', 'AGENT', 'TENANT', 'GUEST', 'REFERRER'); -create table RbacRole +create table rbac.role ( uuid uuid primary key references rbac.reference (uuid) on delete cascade initially deferred, -- initially deferred objectUuid uuid not null references rbac.object (uuid) initially deferred, @@ -174,7 +174,7 @@ create table RbacRole unique (objectUuid, roleType) ); -call base.create_journal('RbacRole'); +call base.create_journal('rbac.role'); create type RbacRoleDescriptor as ( @@ -218,10 +218,10 @@ declare begin insert into rbac.reference (type) - values ('RbacRole') + values ('rbac.role') returning uuid into referenceId; insert - into RbacRole (uuid, objectUuid, roleType) + into rbac.role (uuid, objectUuid, roleType) values (referenceId, roleDescriptor.objectUuid, roleDescriptor.roleType); return referenceId; end; @@ -232,7 +232,7 @@ create or replace procedure deleteRole(roleUUid uuid) language plpgsql as $$ begin --raise exception '% deleting role uuid %', rbac.currentSubjectOrAssumedRolesUuids(), roleUUid; - delete from RbacRole where uuid = roleUUid; + delete from rbac.role where uuid = roleUUid; end; $$; @@ -256,7 +256,7 @@ begin objectUuidOfRole = findObjectUuidByIdName(objectTableFromRoleIdName, objectNameFromRoleIdName); select uuid - from RbacRole + from rbac.role where objectUuid = objectUuidOfRole and roleType = roleTypeFromRoleIdName into roleUuid; @@ -267,7 +267,7 @@ create or replace function findRoleId(roleDescriptor RbacRoleDescriptor) returns uuid returns null on null input language sql as $$ -select uuid from RbacRole where objectUuid = roleDescriptor.objectUuid and roleType = roleDescriptor.roleType; +select uuid from rbac.role where objectUuid = roleDescriptor.objectUuid and roleType = roleDescriptor.roleType; $$; create or replace function getRoleId(roleDescriptor RbacRoleDescriptor) @@ -280,7 +280,7 @@ begin roleUuid := findRoleId(roleDescriptor); if (roleUuid is null) then - raise exception 'RbacRole "%#%.%" not found', roleDescriptor.objectTable, roleDescriptor.objectUuid, roleDescriptor.roleType; + raise exception 'rbac.role "%#%.%" not found', roleDescriptor.objectTable, roleDescriptor.objectUuid, roleDescriptor.roleType; end if; return roleUuid; end; @@ -292,9 +292,9 @@ $$; -- ---------------------------------------------------------------------------- /* - RbacRole BEFORE DELETE TRIGGER function which deletes all related roles. + rbac.role BEFORE DELETE TRIGGER function which deletes all related roles. */ -create or replace function deleteRbacGrantsOfRbacRole() +create or replace function rbac.delete_grants_of_role_tf() returns trigger language plpgsql strict as $$ @@ -308,13 +308,13 @@ begin end; $$; /* - Installs the RbacRole BEFORE DELETE TRIGGER. + Installs the rbac.role BEFORE DELETE TRIGGER. */ -create trigger deleteRbacGrantsOfRbacRole_Trigger +create trigger delete_grants_of_role_tg before delete - on RbacRole + on rbac.role for each row -execute procedure deleteRbacGrantsOfRbacRole(); +execute procedure rbac.delete_grants_of_role_tf(); --// @@ -325,14 +325,14 @@ execute procedure deleteRbacGrantsOfRbacRole(); /* rbac.object BEFORE DELETE TRIGGER function which deletes all related roles. */ -create or replace function deleteRbacRolesOfRbacObject() +create or replace function rbac.delete_roles_of_object_tf() returns trigger language plpgsql strict as $$ begin if TG_OP = 'DELETE' then delete from rbac.permission p where p.objectuuid = old.uuid; - delete from RbacRole r where r.objectUuid = old.uuid; + delete from rbac.role r where r.objectUuid = old.uuid; else raise exception 'invalid usage of TRIGGER BEFORE DELETE'; end if; @@ -340,13 +340,13 @@ begin end; $$; /* - Installs the RbacRole BEFORE DELETE TRIGGER. + Installs the rbac.role BEFORE DELETE TRIGGER. */ -create trigger deleteRbacRolesOfRbacObject_Trigger +create trigger delete_roles_of_object_tg before delete on rbac.object for each row - execute procedure deleteRbacRolesOfRbacObject(); + execute procedure rbac.delete_roles_of_object_tf(); --// @@ -470,8 +470,8 @@ declare subRoleIdName text; superRoleIdName text; begin - select roleIdName from rbacRole_ev where uuid=subRoleId into subRoleIdName; - select roleIdName from rbacRole_ev where uuid=superRoleId into superRoleIdName; + select roleIdName from rbac.role_ev where uuid=subRoleId into subRoleIdName; + select roleIdName from rbac.role_ev where uuid=superRoleId into superRoleIdName; raise exception '[400] Duplicate role grant detected: role % (%) already granted to % (%)', subRoleId, subRoleIdName, superRoleId, superRoleIdName; end; $$; @@ -488,7 +488,7 @@ create table rbac.grants ( uuid uuid primary key default uuid_generate_v4(), grantedByTriggerOf uuid references rbac.object (uuid) on delete cascade initially deferred , - grantedByRoleUuid uuid references RbacRole (uuid), + grantedByRoleUuid uuid references rbac.role (uuid), ascendantUuid uuid references rbac.reference (uuid), descendantUuid uuid references rbac.reference (uuid), assumed boolean not null default true, -- auto assumed (true) vs. needs assumeRoles (false) @@ -581,7 +581,7 @@ create or replace function hasGlobalRoleGranted(forAscendantUuid uuid) select exists( select r.uuid from rbac.grants as g - join RbacRole as r on r.uuid = g.descendantuuid + join rbac.role as r on r.uuid = g.descendantuuid join rbac.object as o on o.uuid = r.objectuuid where g.ascendantuuid = forAscendantUuid and o.objecttable = 'rbac.global' @@ -591,7 +591,7 @@ $$; create or replace procedure grantPermissionToRole(permissionUuid uuid, roleUuid uuid) language plpgsql as $$ begin - perform rbac.assertReferenceType('roleId (ascendant)', roleUuid, 'RbacRole'); + perform rbac.assertReferenceType('roleId (ascendant)', roleUuid, 'rbac.role'); perform rbac.assertReferenceType('permissionId (descendant)', permissionUuid, 'rbac.permission'); insert @@ -611,8 +611,8 @@ $$; create or replace procedure grantRoleToRole(subRoleId uuid, superRoleId uuid, doAssume bool = true) language plpgsql as $$ begin - perform rbac.assertReferenceType('superRoleId (ascendant)', superRoleId, 'RbacRole'); - perform rbac.assertReferenceType('subRoleId (descendant)', subRoleId, 'RbacRole'); + perform rbac.assertReferenceType('superRoleId (ascendant)', superRoleId, 'rbac.role'); + perform rbac.assertReferenceType('subRoleId (descendant)', subRoleId, 'rbac.role'); if isGranted(subRoleId, superRoleId) then call raiseDuplicateRoleGrantException(subRoleId, superRoleId); @@ -639,8 +639,8 @@ begin superRoleId := findRoleId(superRole); subRoleId := findRoleId(subRole); - perform rbac.assertReferenceType('superRoleId (ascendant)', superRoleId, 'RbacRole'); - perform rbac.assertReferenceType('subRoleId (descendant)', subRoleId, 'RbacRole'); + perform rbac.assertReferenceType('superRoleId (ascendant)', superRoleId, 'rbac.role'); + perform rbac.assertReferenceType('subRoleId (descendant)', subRoleId, 'rbac.role'); if isGranted(subRoleId, superRoleId) then call raiseDuplicateRoleGrantException(subRoleId, superRoleId); @@ -661,8 +661,8 @@ begin superRoleId := findRoleId(superRole); subRoleId := findRoleId(subRole); - perform rbac.assertReferenceType('superRoleId (ascendant)', superRoleId, 'RbacRole'); - perform rbac.assertReferenceType('subRoleId (descendant)', subRoleId, 'RbacRole'); + perform rbac.assertReferenceType('superRoleId (ascendant)', superRoleId, 'rbac.role'); + perform rbac.assertReferenceType('subRoleId (descendant)', subRoleId, 'rbac.role'); if (isGranted(superRoleId, subRoleId)) then delete from rbac.grants where ascendantUuid = superRoleId and descendantUuid = subRoleId; @@ -682,7 +682,7 @@ declare begin superRoleId := findRoleId(superRole); - perform rbac.assertReferenceType('superRoleId (ascendant)', superRoleId, 'RbacRole'); + perform rbac.assertReferenceType('superRoleId (ascendant)', superRoleId, 'rbac.role'); perform rbac.assertReferenceType('permission (descendant)', permissionId, 'rbac.permission'); if (isGranted(superRoleId, permissionId)) then diff --git a/src/main/resources/db/changelog/1-rbac/1051-rbac-subject-grant.sql b/src/main/resources/db/changelog/1-rbac/1051-rbac-subject-grant.sql index c44d21e4..10442bef 100644 --- a/src/main/resources/db/changelog/1-rbac/1051-rbac-subject-grant.sql +++ b/src/main/resources/db/changelog/1-rbac/1051-rbac-subject-grant.sql @@ -23,8 +23,8 @@ end; $$; create or replace procedure rbac.grantRoleToUserUnchecked(grantedByRoleUuid uuid, grantedRoleUuid uuid, subjectUuid uuid, doAssume boolean = true) language plpgsql as $$ begin - perform rbac.assertReferenceType('grantingRoleUuid', grantedByRoleUuid, 'RbacRole'); - perform rbac.assertReferenceType('roleId (descendant)', grantedRoleUuid, 'RbacRole'); + perform rbac.assertReferenceType('grantingRoleUuid', grantedByRoleUuid, 'rbac.role'); + perform rbac.assertReferenceType('roleId (descendant)', grantedRoleUuid, 'rbac.role'); perform rbac.assertReferenceType('subjectUuid (ascendant)', subjectUuid, 'rbac.subject'); insert @@ -40,8 +40,8 @@ declare grantedByRoleIdName text; grantedRoleIdName text; begin - perform rbac.assertReferenceType('grantingRoleUuid', grantedByRoleUuid, 'RbacRole'); - perform rbac.assertReferenceType('grantedRoleUuid (descendant)', grantedRoleUuid, 'RbacRole'); + perform rbac.assertReferenceType('grantingRoleUuid', grantedByRoleUuid, 'rbac.role'); + perform rbac.assertReferenceType('grantedRoleUuid (descendant)', grantedRoleUuid, 'rbac.role'); perform rbac.assertReferenceType('subjectUuid (ascendant)', subjectUuid, 'rbac.subject'); assert grantedByRoleUuid is not null, 'grantedByRoleUuid must not be null'; @@ -49,13 +49,13 @@ begin assert subjectUuid is not null, 'subjectUuid must not be null'; if NOT isGranted(rbac.currentSubjectOrAssumedRolesUuids(), grantedByRoleUuid) then - select roleIdName from rbacRole_ev where uuid=grantedByRoleUuid into grantedByRoleIdName; + select roleIdName from rbac.role_ev where uuid=grantedByRoleUuid into grantedByRoleIdName; raise exception '[403] Access to granted-by-role % (%) forbidden for % (%)', grantedByRoleIdName, grantedByRoleUuid, currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); end if; if NOT isGranted(grantedByRoleUuid, grantedRoleUuid) then - select roleIdName from rbacRole_ev where uuid=grantedByRoleUuid into grantedByRoleIdName; - select roleIdName from rbacRole_ev where uuid=grantedRoleUuid into grantedRoleIdName; + select roleIdName from rbac.role_ev where uuid=grantedByRoleUuid into grantedByRoleIdName; + select roleIdName from rbac.role_ev where uuid=grantedRoleUuid into grantedRoleIdName; raise exception '[403] Access to granted role % (%) forbidden for % (%)', grantedRoleIdName, grantedRoleUuid, grantedByRoleIdName, grantedByRoleUuid; end if; @@ -77,8 +77,8 @@ end; $$; create or replace procedure rbac.checkRevokeRoleFromSubjectPreconditions(grantedByRoleUuid uuid, grantedRoleUuid uuid, subjectUuid uuid) language plpgsql as $$ begin - perform rbac.assertReferenceType('grantedByRoleUuid', grantedByRoleUuid, 'RbacRole'); - perform rbac.assertReferenceType('grantedRoleUuid (descendant)', grantedRoleUuid, 'RbacRole'); + perform rbac.assertReferenceType('grantedByRoleUuid', grantedByRoleUuid, 'rbac.role'); + perform rbac.assertReferenceType('grantedRoleUuid (descendant)', grantedRoleUuid, 'rbac.role'); perform rbac.assertReferenceType('subjectUuid (ascendant)', subjectUuid, 'rbac.subject'); if NOT isGranted(rbac.currentSubjectOrAssumedRolesUuids(), grantedByRoleUuid) then diff --git a/src/main/resources/db/changelog/1-rbac/1054-rbac-context.sql b/src/main/resources/db/changelog/1-rbac/1054-rbac-context.sql index 10db7e0f..32399b3c 100644 --- a/src/main/resources/db/changelog/1-rbac/1054-rbac-context.sql +++ b/src/main/resources/db/changelog/1-rbac/1054-rbac-context.sql @@ -61,7 +61,7 @@ begin end if; select uuid - from RbacRole r + from rbac.role r where r.objectUuid = objectUuidToAssume and r.roleType = roleTypeToAssume into roleUuidToAssume; diff --git a/src/main/resources/db/changelog/1-rbac/1055-rbac-views.sql b/src/main/resources/db/changelog/1-rbac/1055-rbac-views.sql index 94e1616c..130bf547 100644 --- a/src/main/resources/db/changelog/1-rbac/1055-rbac-views.sql +++ b/src/main/resources/db/changelog/1-rbac/1055-rbac-views.sql @@ -7,14 +7,14 @@ Creates a view to the role table with additional columns for easier human readability. */ -drop view if exists rbacrole_ev; -create or replace view rbacrole_ev as +drop view if exists rbac.role_ev; +create or replace view rbac.role_ev as select (objectTable || '#' || objectIdName || ':' || roleType) as roleIdName, * -- @formatter:off from ( select r.*, o.objectTable, findIdNameByObjectUuid(o.objectTable, o.uuid) as objectIdName - from rbacrole as r + from rbac.role as r join rbac.object as o on o.uuid = r.objectuuid ) as unordered -- @formatter:on @@ -28,20 +28,20 @@ select (objectTable || '#' || objectIdName || ':' || roleType) as roleIdName, * Creates a view to the role table with row-level limitation based on the grants of the current user or assumed roles. */ -drop view if exists rbacrole_rv; -create or replace view rbacrole_rv as +drop view if exists rbac.role_rv; +create or replace view rbac.role_rv as select * -- @formatter:off from ( select r.*, o.objectTable, findIdNameByObjectUuid(o.objectTable, o.uuid) as objectIdName - from rbacrole as r + from rbac.role as r join rbac.object as o on o.uuid = r.objectuuid where isGranted(rbac.currentSubjectOrAssumedRolesUuids(), r.uuid) ) as unordered -- @formatter:on order by objectTable || '#' || objectIdName || ':' || roleType; -grant all privileges on rbacrole_rv to ${HSADMINNG_POSTGRES_RESTRICTED_USERNAME}; +grant all privileges on rbac.role_rv to ${HSADMINNG_POSTGRES_RESTRICTED_USERNAME}; --// @@ -87,16 +87,16 @@ create or replace view rbacgrants_ev as dp.op, dp.optablename from rbac.grants as g - left outer join rbacrole as ar on ar.uuid = g.ascendantUuid + left outer join rbac.role as ar on ar.uuid = g.ascendantUuid left outer join rbac.object as aro on aro.uuid = ar.objectuuid left outer join rbac.subject as au on au.uuid = g.ascendantUuid - left outer join rbacrole as dr on dr.uuid = g.descendantUuid + left outer join rbac.role as dr on dr.uuid = g.descendantUuid left outer join rbac.object as dro on dro.uuid = dr.objectuuid left outer join rbac.permission dp on dp.uuid = g.descendantUuid left outer join rbac.object as dpo on dpo.uuid = dp.objectUuid ) as x - left outer join rbacrole as r on r.uuid = grantedByRoleUuid + left outer join rbac.role as r on r.uuid = grantedByRoleUuid left outer join rbac.subject u on u.uuid = x.ascendantuuid left outer join rbac.object go on go.uuid = r.objectuuid @@ -124,16 +124,16 @@ select o.objectTable || '#' || findIdNameByObjectUuid(o.objectTable, o.uuid) || u.name as userName, o.objecttable, r.objectuuid, r.roletype, findIdNameByObjectUuid(o.objectTable, o.uuid) as objectIdName from rbac.grants as g - join rbacrole as r on r.uuid = g.descendantUuid + join rbac.role as r on r.uuid = g.descendantUuid join rbac.object o on o.uuid = r.objectuuid left outer join rbac.subject u on u.uuid = g.ascendantuuid where isGranted(rbac.currentSubjectOrAssumedRolesUuids(), r.uuid) ) as g - join RbacRole as r on r.uuid = grantedByRoleUuid + join rbac.role as r on r.uuid = grantedByRoleUuid join rbac.object as o on o.uuid = r.objectUuid order by grantedRoleIdName; -- @formatter:on -grant all privileges on rbacrole_rv to ${HSADMINNG_POSTGRES_RESTRICTED_USERNAME}; +grant all privileges on rbac.role_rv to ${HSADMINNG_POSTGRES_RESTRICTED_USERNAME}; --// @@ -212,7 +212,7 @@ select distinct * select usersInRolesOfcurrentSubject.* from rbac.subject as usersInRolesOfcurrentSubject join rbac.grants as g on g.ascendantuuid = usersInRolesOfcurrentSubject.uuid - join rbacrole_ev as r on r.uuid = g.descendantuuid + join rbac.role_ev as r on r.uuid = g.descendantuuid union select users.* from rbac.subject as users @@ -237,7 +237,7 @@ create or replace view rbac.subject_rv as select usersInRolesOfcurrentSubject.* from rbac.subject as usersInRolesOfcurrentSubject join rbac.grants as g on g.ascendantuuid = usersInRolesOfcurrentSubject.uuid - join rbacrole_rv as r on r.uuid = g.descendantuuid + join rbac.role_rv as r on r.uuid = g.descendantuuid union select users.* from rbac.subject as users @@ -329,7 +329,7 @@ create or replace view rbac.own_granted_permissions_rv as select r.uuid as roleuuid, p.uuid as permissionUuid, (r.objecttable || ':' || r.objectidname || ':' || r.roletype) as roleName, p.op, o.objecttable, r.objectidname, o.uuid as objectuuid - from rbacrole_rv r + from rbac.role_rv r join rbac.grants g on g.ascendantuuid = r.uuid join rbac.permission p on p.uuid = g.descendantuuid join rbac.object o on o.uuid = p.objectuuid; @@ -372,7 +372,7 @@ begin from queryPermissionsGrantedToSubjectId( targetSubjectUuid) as p join rbac.grants as g on g.descendantUuid = p.uuid join rbac.object as po on po.uuid = p.objectUuid - join rbacrole_rv as r on r.uuid = g.ascendantUuid + join rbac.role_rv as r on r.uuid = g.ascendantUuid join rbac.object as ro on ro.uuid = r.objectUuid where isGranted(targetSubjectUuid, r.uuid) ) xp; diff --git a/src/main/resources/db/changelog/1-rbac/1059-rbac-statistics.sql b/src/main/resources/db/changelog/1-rbac/1059-rbac-statistics.sql index 7367e1f0..19670fb9 100644 --- a/src/main/resources/db/changelog/1-rbac/1059-rbac-statistics.sql +++ b/src/main/resources/db/changelog/1-rbac/1059-rbac-statistics.sql @@ -11,7 +11,7 @@ select no, to_char("count", '9 999 999 999') as "count", "table" from rbac.subject union select 2 as no, count(*) as "count", 'roles' as "table" - from RbacRole + from rbac.role union select 3 as no, count(*) as "count", 'permissions' as "table" from rbac.permission diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RawRbacRoleEntity.java b/src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RawRbacRoleEntity.java index e80f8ce6..8b800146 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RawRbacRoleEntity.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RawRbacRoleEntity.java @@ -10,7 +10,7 @@ import java.util.List; import java.util.UUID; @Entity -@Table(name = "rbacrole_ev") +@Table(schema = "rbac", name = "role_ev") @Getter @Setter @ToString diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/test/ContextBasedTestWithCleanup.java b/src/test/java/net/hostsharing/hsadminng/rbac/test/ContextBasedTestWithCleanup.java index e386bd4a..5ace3a33 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/test/ContextBasedTestWithCleanup.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/test/ContextBasedTestWithCleanup.java @@ -305,7 +305,7 @@ public abstract class ContextBasedTestWithCleanup extends ContextBasedTest { protected String[] roleNames(final String sqlLikeExpression) { final var pattern = Pattern.compile(sqlLikeExpression); //noinspection unchecked - final List rows = (List) em.createNativeQuery("select * from rbacrole_ev where roleidname like 'hs_booking_project#%'") + final List rows = (List) em.createNativeQuery("select * from rbac.role_ev where roleidname like 'hs_booking_project#%'") .getResultList(); return rows.stream() .map(row -> (row[0]).toString()) -- 2.39.5 From 88a8d1ed840dc32f3b472bc08cc86e9c230f9f7c Mon Sep 17 00:00:00 2001 From: Michael Hoennig Date: Fri, 13 Sep 2024 20:52:48 +0200 Subject: [PATCH 34/57] rbac.delete_related_rbac_rules_tf --- src/main/resources/db/changelog/1-rbac/1050-rbac-base.sql | 3 ++- .../resources/db/changelog/1-rbac/1058-rbac-generators.sql | 4 ++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/src/main/resources/db/changelog/1-rbac/1050-rbac-base.sql b/src/main/resources/db/changelog/1-rbac/1050-rbac-base.sql index c4ca5906..8579dab5 100644 --- a/src/main/resources/db/changelog/1-rbac/1050-rbac-base.sql +++ b/src/main/resources/db/changelog/1-rbac/1050-rbac-base.sql @@ -142,8 +142,9 @@ end; $$; /* Deletes related rbac.object for use in the BEFORE DELETE TRIGGERs on the business objects. + Through cascades all related rbac roles and grants are going to be deleted as well. */ -create or replace function deleteRelatedRbacObject() +create or replace function rbac.delete_related_rbac_rules_tf() returns trigger language plpgsql strict as $$ diff --git a/src/main/resources/db/changelog/1-rbac/1058-rbac-generators.sql b/src/main/resources/db/changelog/1-rbac/1058-rbac-generators.sql index 05941d1b..25c3d9a7 100644 --- a/src/main/resources/db/changelog/1-rbac/1058-rbac-generators.sql +++ b/src/main/resources/db/changelog/1-rbac/1058-rbac-generators.sql @@ -20,11 +20,11 @@ begin execute createInsertTriggerSQL; createDeleteTriggerSQL = format($sql$ - create trigger deleteRbacRulesFor_%s_Trigger + create trigger delete_related_rbac_rules_for_%s_tg after delete on %s for each row - execute procedure deleteRelatedRbacObject(); + execute procedure rbac.delete_related_rbac_rules_tf(); $sql$, targetTable, targetTable); execute createDeleteTriggerSQL; end; $$; -- 2.39.5 From de570c3dd425125ed6f9c0f98664d47db4967295 Mon Sep 17 00:00:00 2001 From: Michael Hoennig Date: Fri, 13 Sep 2024 20:59:17 +0200 Subject: [PATCH 35/57] rbac.RoleType --- .../resources/db/changelog/1-rbac/1050-rbac-base.sql | 12 ++++++------ .../db/changelog/1-rbac/1054-rbac-context.sql | 2 +- .../db/changelog/1-rbac/1080-rbac-global.sql | 4 ++-- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/src/main/resources/db/changelog/1-rbac/1050-rbac-base.sql b/src/main/resources/db/changelog/1-rbac/1050-rbac-base.sql index 8579dab5..c98f3710 100644 --- a/src/main/resources/db/changelog/1-rbac/1050-rbac-base.sql +++ b/src/main/resources/db/changelog/1-rbac/1050-rbac-base.sql @@ -165,13 +165,13 @@ end; $$; */ -create type RbacRoleType as enum ('OWNER', 'ADMIN', 'AGENT', 'TENANT', 'GUEST', 'REFERRER'); +create type rbac.RoleType as enum ('OWNER', 'ADMIN', 'AGENT', 'TENANT', 'GUEST', 'REFERRER'); create table rbac.role ( uuid uuid primary key references rbac.reference (uuid) on delete cascade initially deferred, -- initially deferred objectUuid uuid not null references rbac.object (uuid) initially deferred, - roleType RbacRoleType not null, + roleType rbac.RoleType not null, unique (objectUuid, roleType) ); @@ -181,7 +181,7 @@ create type RbacRoleDescriptor as ( objectTable varchar(63), -- for human readability and easier debugging objectUuid uuid, - roleType RbacRoleType, + roleType rbac.RoleType, assumed boolean ); @@ -201,13 +201,13 @@ $$; create or replace function roleDescriptor( - objectTable varchar(63), objectUuid uuid, roleType RbacRoleType, + objectTable varchar(63), objectUuid uuid, roleType rbac.RoleType, assumed boolean = true) -- just for DSL readability, belongs actually to the grant returns RbacRoleDescriptor returns null on null input stable -- leakproof language sql as $$ - select objectTable, objectUuid, roleType::RbacRoleType, assumed; + select objectTable, objectUuid, roleType::rbac.RoleType, assumed; $$; create or replace function createRole(roleDescriptor RbacRoleDescriptor) @@ -243,7 +243,7 @@ create or replace function findRoleId(roleIdName varchar) language plpgsql as $$ declare roleParts text; - roleTypeFromRoleIdName RbacRoleType; + roleTypeFromRoleIdName rbac.RoleType; objectNameFromRoleIdName text; objectTableFromRoleIdName text; objectUuidOfRole uuid; diff --git a/src/main/resources/db/changelog/1-rbac/1054-rbac-context.sql b/src/main/resources/db/changelog/1-rbac/1054-rbac-context.sql index 32399b3c..812ce902 100644 --- a/src/main/resources/db/changelog/1-rbac/1054-rbac-context.sql +++ b/src/main/resources/db/changelog/1-rbac/1054-rbac-context.sql @@ -33,7 +33,7 @@ declare objectTableToAssume varchar(63); objectNameToAssume varchar(63); objectUuidToAssume uuid; - roleTypeToAssume RbacRoleType; + roleTypeToAssume rbac.RoleType; roleIdsToAssume uuid[]; roleUuidToAssume uuid; begin diff --git a/src/main/resources/db/changelog/1-rbac/1080-rbac-global.sql b/src/main/resources/db/changelog/1-rbac/1080-rbac-global.sql index 50fd2404..f12f0a4a 100644 --- a/src/main/resources/db/changelog/1-rbac/1080-rbac-global.sql +++ b/src/main/resources/db/changelog/1-rbac/1080-rbac-global.sql @@ -114,7 +114,7 @@ create or replace function globalAdmin(assumed boolean = true) returns null on null input stable -- leakproof language sql as $$ -select 'rbac.global', (select uuid from rbac.object where objectTable = 'rbac.global'), 'ADMIN'::RbacRoleType, assumed; +select 'rbac.global', (select uuid from rbac.object where objectTable = 'rbac.global'), 'ADMIN'::rbac.RoleType, assumed; $$; begin transaction; @@ -135,7 +135,7 @@ create or replace function globalGuest(assumed boolean = true) returns null on null input stable -- leakproof language sql as $$ -select 'rbac.global', (select uuid from rbac.object where objectTable = 'rbac.global'), 'GUEST'::RbacRoleType, assumed; +select 'rbac.global', (select uuid from rbac.object where objectTable = 'rbac.global'), 'GUEST'::rbac.RoleType, assumed; $$; begin transaction; -- 2.39.5 From dfcf22658cddddc1481819f178fbc8730db214bf Mon Sep 17 00:00:00 2001 From: Michael Hoennig Date: Sat, 14 Sep 2024 06:06:54 +0200 Subject: [PATCH 36/57] rbac.RoleDescriptor, rbac.assumed(), rbac.unassumed() --- .../db/changelog/0-base/010-context.sql | 2 +- .../db/changelog/1-rbac/1050-rbac-base.sql | 35 +++++++++---------- .../db/changelog/1-rbac/1055-rbac-views.sql | 2 +- .../1-rbac/1057-rbac-role-builder.sql | 12 +++---- .../changelog/1-rbac/1058-rbac-generators.sql | 12 +++---- .../db/changelog/1-rbac/1080-rbac-global.sql | 6 ++-- .../2013-test-customer-rbac.sql | 2 +- .../6203-hs-booking-project-rbac.sql | 2 +- .../7013-hs-hosting-asset-rbac.sql | 2 +- 9 files changed, 36 insertions(+), 39 deletions(-) diff --git a/src/main/resources/db/changelog/0-base/010-context.sql b/src/main/resources/db/changelog/0-base/010-context.sql index dcd59a31..543fb0f3 100644 --- a/src/main/resources/db/changelog/0-base/010-context.sql +++ b/src/main/resources/db/changelog/0-base/010-context.sql @@ -128,7 +128,7 @@ end; $$; --// -- ============================================================================ ---changeset context-ASSUMED-ROLES:1 endDelimiter:--// +--changeset context-base.ASSUMED-ROLES:1 endDelimiter:--// -- ---------------------------------------------------------------------------- /* Returns assumed role names as set in `hsadminng.assumedRoles` diff --git a/src/main/resources/db/changelog/1-rbac/1050-rbac-base.sql b/src/main/resources/db/changelog/1-rbac/1050-rbac-base.sql index c98f3710..4e47f302 100644 --- a/src/main/resources/db/changelog/1-rbac/1050-rbac-base.sql +++ b/src/main/resources/db/changelog/1-rbac/1050-rbac-base.sql @@ -6,19 +6,19 @@ /* */ -create type rbac.referenceType as enum ('rbac.subject', 'rbac.role', 'rbac.permission'); +create type rbac.ReferenceType as enum ('rbac.subject', 'rbac.role', 'rbac.permission'); create table rbac.reference ( uuid uuid unique default uuid_generate_v4(), - type rbac.referenceType not null + type rbac.ReferenceType not null ); -create or replace function rbac.assertReferenceType(argument varchar, referenceId uuid, expectedType rbac.referenceType) - returns rbac.referenceType +create or replace function rbac.assertReferenceType(argument varchar, referenceId uuid, expectedType rbac.ReferenceType) + returns rbac.ReferenceType language plpgsql as $$ declare - actualType rbac.referenceType; + actualType rbac.ReferenceType; begin if referenceId is null then raise exception '% must be a % and not null', argument, expectedType; @@ -161,9 +161,6 @@ end; $$; -- ============================================================================ --changeset rbac-base-ROLE:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -/* - - */ create type rbac.RoleType as enum ('OWNER', 'ADMIN', 'AGENT', 'TENANT', 'GUEST', 'REFERRER'); @@ -177,7 +174,7 @@ create table rbac.role call base.create_journal('rbac.role'); -create type RbacRoleDescriptor as +create type rbac.RoleDescriptor as ( objectTable varchar(63), -- for human readability and easier debugging objectUuid uuid, @@ -185,14 +182,14 @@ create type RbacRoleDescriptor as assumed boolean ); -create or replace function assumed() +create or replace function rbac.assumed() returns boolean stable -- leakproof language sql as $$ select true; $$; -create or replace function unassumed() +create or replace function rbac.unassumed() returns boolean stable -- leakproof language sql as $$ @@ -203,14 +200,14 @@ $$; create or replace function roleDescriptor( objectTable varchar(63), objectUuid uuid, roleType rbac.RoleType, assumed boolean = true) -- just for DSL readability, belongs actually to the grant - returns RbacRoleDescriptor + returns rbac.RoleDescriptor returns null on null input stable -- leakproof language sql as $$ select objectTable, objectUuid, roleType::rbac.RoleType, assumed; $$; -create or replace function createRole(roleDescriptor RbacRoleDescriptor) +create or replace function createRole(roleDescriptor rbac.RoleDescriptor) returns uuid returns null on null input language plpgsql as $$ @@ -264,14 +261,14 @@ begin return roleUuid; end; $$; -create or replace function findRoleId(roleDescriptor RbacRoleDescriptor) +create or replace function findRoleId(roleDescriptor rbac.RoleDescriptor) returns uuid returns null on null input language sql as $$ select uuid from rbac.role where objectUuid = roleDescriptor.objectUuid and roleType = roleDescriptor.roleType; $$; -create or replace function getRoleId(roleDescriptor RbacRoleDescriptor) +create or replace function getRoleId(roleDescriptor rbac.RoleDescriptor) returns uuid language plpgsql as $$ declare @@ -602,7 +599,7 @@ begin end; $$; -create or replace procedure grantPermissionToRole(permissionUuid uuid, roleDesc RbacRoleDescriptor) +create or replace procedure grantPermissionToRole(permissionUuid uuid, roleDesc rbac.RoleDescriptor) language plpgsql as $$ begin call grantPermissionToRole(permissionUuid, findRoleId(roleDesc)); @@ -626,7 +623,7 @@ begin end; $$; -create or replace procedure grantRoleToRole(subRole RbacRoleDescriptor, superRole RbacRoleDescriptor, doAssume bool = true) +create or replace procedure grantRoleToRole(subRole rbac.RoleDescriptor, superRole rbac.RoleDescriptor, doAssume bool = true) language plpgsql as $$ declare superRoleId uuid; @@ -653,7 +650,7 @@ begin on conflict do nothing; -- allow granting multiple times end; $$; -create or replace procedure revokeRoleFromRole(subRole RbacRoleDescriptor, superRole RbacRoleDescriptor) +create or replace procedure revokeRoleFromRole(subRole rbac.RoleDescriptor, superRole rbac.RoleDescriptor) language plpgsql as $$ declare superRoleId uuid; @@ -673,7 +670,7 @@ begin end if; end; $$; -create or replace procedure rbac.revokePermissionFromRole(permissionId UUID, superRole RbacRoleDescriptor) +create or replace procedure rbac.revokePermissionFromRole(permissionId UUID, superRole rbac.RoleDescriptor) language plpgsql as $$ declare superRoleId uuid; diff --git a/src/main/resources/db/changelog/1-rbac/1055-rbac-views.sql b/src/main/resources/db/changelog/1-rbac/1055-rbac-views.sql index 130bf547..610040f8 100644 --- a/src/main/resources/db/changelog/1-rbac/1055-rbac-views.sql +++ b/src/main/resources/db/changelog/1-rbac/1055-rbac-views.sql @@ -114,7 +114,7 @@ create or replace view rbacgrants_ev as */ drop view if exists rbacgrants_rv; create or replace view rbacgrants_rv as - -- @formatter:off +-- @formatter:off select o.objectTable || '#' || findIdNameByObjectUuid(o.objectTable, o.uuid) || ':' || r.roletype as grantedByRoleIdName, g.objectTable || '#' || g.objectIdName || ':' || g.roletype as grantedRoleIdName, g.userName, g.assumed, g.grantedByRoleUuid, g.descendantUuid as grantedRoleUuid, g.ascendantUuid as subjectUuid, diff --git a/src/main/resources/db/changelog/1-rbac/1057-rbac-role-builder.sql b/src/main/resources/db/changelog/1-rbac/1057-rbac-role-builder.sql index 84ab8cf7..7adf4adc 100644 --- a/src/main/resources/db/changelog/1-rbac/1057-rbac-role-builder.sql +++ b/src/main/resources/db/changelog/1-rbac/1057-rbac-role-builder.sql @@ -7,12 +7,12 @@ -- ----------------------------------------------------------------- create or replace function rbac.defineRoleWithGrants( - roleDescriptor RbacRoleDescriptor, + roleDescriptor rbac.RoleDescriptor, permissions RbacOp[] = array[]::RbacOp[], - incomingSuperRoles RbacRoleDescriptor[] = array[]::RbacRoleDescriptor[], - outgoingSubRoles RbacRoleDescriptor[] = array[]::RbacRoleDescriptor[], + incomingSuperRoles rbac.RoleDescriptor[] = array[]::rbac.RoleDescriptor[], + outgoingSubRoles rbac.RoleDescriptor[] = array[]::rbac.RoleDescriptor[], subjectUuids uuid[] = array[]::uuid[], - grantedByRole RbacRoleDescriptor = null + grantedByRole rbac.RoleDescriptor = null ) returns uuid called on null input @@ -21,8 +21,8 @@ declare roleUuid uuid; permission RbacOp; permissionUuid uuid; - subRoleDesc RbacRoleDescriptor; - superRoleDesc RbacRoleDescriptor; + subRoleDesc rbac.RoleDescriptor; + superRoleDesc rbac.RoleDescriptor; subRoleUuid uuid; superRoleUuid uuid; subjectUuid uuid; diff --git a/src/main/resources/db/changelog/1-rbac/1058-rbac-generators.sql b/src/main/resources/db/changelog/1-rbac/1058-rbac-generators.sql index 25c3d9a7..d1f19dae 100644 --- a/src/main/resources/db/changelog/1-rbac/1058-rbac-generators.sql +++ b/src/main/resources/db/changelog/1-rbac/1058-rbac-generators.sql @@ -42,7 +42,7 @@ declare begin sql = format($sql$ create or replace function %1$sOwner(entity %2$s, assumed boolean = true) - returns RbacRoleDescriptor + returns rbac.RoleDescriptor language plpgsql strict as $f$ begin @@ -50,7 +50,7 @@ begin end; $f$; create or replace function %1$sAdmin(entity %2$s, assumed boolean = true) - returns RbacRoleDescriptor + returns rbac.RoleDescriptor language plpgsql strict as $f$ begin @@ -58,7 +58,7 @@ begin end; $f$; create or replace function %1$sAgent(entity %2$s, assumed boolean = true) - returns RbacRoleDescriptor + returns rbac.RoleDescriptor language plpgsql strict as $f$ begin @@ -66,7 +66,7 @@ begin end; $f$; create or replace function %1$sTenant(entity %2$s, assumed boolean = true) - returns RbacRoleDescriptor + returns rbac.RoleDescriptor language plpgsql strict as $f$ begin @@ -75,7 +75,7 @@ begin -- TODO: remove guest role create or replace function %1$sGuest(entity %2$s, assumed boolean = true) - returns RbacRoleDescriptor + returns rbac.RoleDescriptor language plpgsql strict as $f$ begin @@ -83,7 +83,7 @@ begin end; $f$; create or replace function %1$sReferrer(entity %2$s) - returns RbacRoleDescriptor + returns rbac.RoleDescriptor language plpgsql strict as $f$ begin diff --git a/src/main/resources/db/changelog/1-rbac/1080-rbac-global.sql b/src/main/resources/db/changelog/1-rbac/1080-rbac-global.sql index f12f0a4a..ada5f5dc 100644 --- a/src/main/resources/db/changelog/1-rbac/1080-rbac-global.sql +++ b/src/main/resources/db/changelog/1-rbac/1080-rbac-global.sql @@ -110,7 +110,7 @@ commit; A rbac.Global administrator role. */ create or replace function globalAdmin(assumed boolean = true) - returns RbacRoleDescriptor + returns rbac.RoleDescriptor returns null on null input stable -- leakproof language sql as $$ @@ -131,7 +131,7 @@ commit; A rbac.Global guest role. */ create or replace function globalGuest(assumed boolean = true) - returns RbacRoleDescriptor + returns rbac.RoleDescriptor returns null on null input stable -- leakproof language sql as $$ @@ -149,7 +149,7 @@ commit; --changeset rbac-GLOBAL-ADMIN-USERS:1 context:dev,tc endDelimiter:--// -- ---------------------------------------------------------------------------- /* - Create two users and assign both to the administrators role. + Create two users and assign both to the administrators' role. */ do language plpgsql $$ declare diff --git a/src/main/resources/db/changelog/2-test/201-test-customer/2013-test-customer-rbac.sql b/src/main/resources/db/changelog/2-test/201-test-customer/2013-test-customer-rbac.sql index df106732..21aec61a 100644 --- a/src/main/resources/db/changelog/2-test/201-test-customer/2013-test-customer-rbac.sql +++ b/src/main/resources/db/changelog/2-test/201-test-customer/2013-test-customer-rbac.sql @@ -37,7 +37,7 @@ begin perform rbac.defineRoleWithGrants( testCustomerOWNER(NEW), permissions => array['DELETE'], - incomingSuperRoles => array[globalADMIN(unassumed())], + incomingSuperRoles => array[globalADMIN(rbac.unassumed())], subjectUuids => array[rbac.currentSubjectUuid()] ); diff --git a/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6203-hs-booking-project-rbac.sql b/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6203-hs-booking-project-rbac.sql index 600cff4d..ff6a9054 100644 --- a/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6203-hs-booking-project-rbac.sql +++ b/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6203-hs-booking-project-rbac.sql @@ -49,7 +49,7 @@ begin perform rbac.defineRoleWithGrants( hsBookingProjectOWNER(NEW), - incomingSuperRoles => array[hsOfficeRelationAGENT(newDebitorRel, unassumed())] + incomingSuperRoles => array[hsOfficeRelationAGENT(newDebitorRel, rbac.unassumed())] ); perform rbac.defineRoleWithGrants( diff --git a/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7013-hs-hosting-asset-rbac.sql b/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7013-hs-hosting-asset-rbac.sql index 72357dff..a699bdc1 100644 --- a/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7013-hs-hosting-asset-rbac.sql +++ b/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7013-hs-hosting-asset-rbac.sql @@ -50,7 +50,7 @@ begin hsHostingAssetOWNER(NEW), permissions => array['DELETE'], incomingSuperRoles => array[ - globalADMIN(unassumed()), + globalADMIN(rbac.unassumed()), hsBookingItemADMIN(newBookingItem), hsHostingAssetADMIN(newParentAsset)], subjectUuids => array[rbac.currentSubjectUuid()] -- 2.39.5 From a9b9a321f7099dabe15cc0ed12557ca8053b4501 Mon Sep 17 00:00:00 2001 From: Michael Hoennig Date: Sat, 14 Sep 2024 07:07:54 +0200 Subject: [PATCH 37/57] rbac.RbacOp, rbac.RoleDescriptor, rbac.roleDescriptorOf and functions --- doc/rbac.md | 2 +- .../db/changelog/1-rbac/1050-rbac-base.sql | 65 +++++++++++-------- .../db/changelog/1-rbac/1055-rbac-views.sql | 8 +-- .../1-rbac/1057-rbac-role-builder.sql | 14 ++-- .../changelog/1-rbac/1058-rbac-generators.sql | 12 ++-- .../db/changelog/1-rbac/1080-rbac-global.sql | 22 +++---- .../2013-test-customer-rbac.sql | 4 +- .../2018-test-customer-test-data.sql | 4 +- .../2023-test-package-rbac.sql | 4 +- .../2028-test-package-test-data.sql | 4 +- .../203-test-domain/2033-test-domain-rbac.sql | 4 +- .../5033-hs-office-relation-rbac.sql | 4 +- .../5043-hs-office-partner-rbac.sql | 28 ++++---- .../5044-hs-office-partner-details-rbac.sql | 4 +- .../5063-hs-office-debitor-rbac.sql | 10 +-- .../5073-hs-office-sepamandate-rbac.sql | 4 +- .../5103-hs-office-membership-rbac.sql | 4 +- .../5113-hs-office-coopshares-rbac.sql | 8 +-- .../5123-hs-office-coopassets-rbac.sql | 8 +-- .../6203-hs-booking-project-rbac.sql | 6 +- .../6203-hs-booking-item-rbac.sql | 12 ++-- .../6303-hs-booking-item-rbac.sql | 12 ++-- 22 files changed, 126 insertions(+), 117 deletions(-) diff --git a/doc/rbac.md b/doc/rbac.md index f859e2e1..d98669ba 100644 --- a/doc/rbac.md +++ b/doc/rbac.md @@ -606,7 +606,7 @@ We have tested two variants of the query for the restricted view, both utilizing a PostgreSQL function like this: FUNCTION queryAccessibleObjectUuidsOfSubjectIds( - requiredOp RbacOp, + requiredOp rbac.RbacOp, forObjectTable varchar, subjectIds uuid[], maxObjects integer = 16000) diff --git a/src/main/resources/db/changelog/1-rbac/1050-rbac-base.sql b/src/main/resources/db/changelog/1-rbac/1050-rbac-base.sql index 4e47f302..3e894841 100644 --- a/src/main/resources/db/changelog/1-rbac/1050-rbac-base.sql +++ b/src/main/resources/db/changelog/1-rbac/1050-rbac-base.sql @@ -156,6 +156,7 @@ begin end if; return old; end; $$; +--// -- ============================================================================ @@ -166,13 +167,19 @@ create type rbac.RoleType as enum ('OWNER', 'ADMIN', 'AGENT', 'TENANT', 'GUEST', create table rbac.role ( - uuid uuid primary key references rbac.reference (uuid) on delete cascade initially deferred, -- initially deferred + uuid uuid primary key references rbac.reference (uuid) on delete cascade initially deferred, -- initially deferred objectUuid uuid not null references rbac.object (uuid) initially deferred, roleType rbac.RoleType not null, unique (objectUuid, roleType) ); call base.create_journal('rbac.role'); +--// + + +-- ============================================================================ +--changeset rbac-base-ROLE-DESCRIPTOR:1 endDelimiter:--// +-- ---------------------------------------------------------------------------- create type rbac.RoleDescriptor as ( @@ -196,8 +203,7 @@ create or replace function rbac.unassumed() select false; $$; - -create or replace function roleDescriptor( +create or replace function rbac.roleDescriptorOf( objectTable varchar(63), objectUuid uuid, roleType rbac.RoleType, assumed boolean = true) -- just for DSL readability, belongs actually to the grant returns rbac.RoleDescriptor @@ -207,7 +213,7 @@ create or replace function roleDescriptor( select objectTable, objectUuid, roleType::rbac.RoleType, assumed; $$; -create or replace function createRole(roleDescriptor rbac.RoleDescriptor) +create or replace function rbac.createRole(roleDescriptor rbac.RoleDescriptor) returns uuid returns null on null input language plpgsql as $$ @@ -224,9 +230,14 @@ begin return referenceId; end; $$; +--// -create or replace procedure deleteRole(roleUUid uuid) +-- ============================================================================ +--changeset rbac-base-ROLE-FUNCTIONS:1 endDelimiter:--// +-- ---------------------------------------------------------------------------- + +create or replace procedure rbac.deleteRole(roleUUid uuid) language plpgsql as $$ begin --raise exception '% deleting role uuid %', rbac.currentSubjectOrAssumedRolesUuids(), roleUUid; @@ -234,7 +245,7 @@ begin end; $$; -create or replace function findRoleId(roleIdName varchar) +create or replace function rbac.findRoleId(roleIdName varchar) returns uuid returns null on null input language plpgsql as $$ @@ -246,7 +257,7 @@ declare objectUuidOfRole uuid; roleUuid uuid; begin - -- TODO.refa: extract function toRbacRoleDescriptor(roleIdName varchar) + find other occurrences + -- TODO.refa: extract function rbac.toRoleDescriptor(roleIdName varchar) + find other occurrences roleParts = overlay(roleIdName placing '#' from length(roleIdName) + 1 - strpos(reverse(roleIdName), ':')); objectTableFromRoleIdName = split_part(roleParts, '#', 1); objectNameFromRoleIdName = split_part(roleParts, '#', 2); @@ -261,14 +272,14 @@ begin return roleUuid; end; $$; -create or replace function findRoleId(roleDescriptor rbac.RoleDescriptor) +create or replace function rbac.findRoleId(roleDescriptor rbac.RoleDescriptor) returns uuid returns null on null input language sql as $$ select uuid from rbac.role where objectUuid = roleDescriptor.objectUuid and roleType = roleDescriptor.roleType; $$; -create or replace function getRoleId(roleDescriptor rbac.RoleDescriptor) +create or replace function rbac.getRoleId(roleDescriptor rbac.RoleDescriptor) returns uuid language plpgsql as $$ declare @@ -276,13 +287,14 @@ declare begin assert roleDescriptor is not null, 'roleDescriptor must not be null'; - roleUuid := findRoleId(roleDescriptor); + roleUuid := rbac.findRoleId(roleDescriptor); if (roleUuid is null) then raise exception 'rbac.role "%#%.%" not found', roleDescriptor.objectTable, roleDescriptor.objectUuid, roleDescriptor.roleType; end if; return roleUuid; end; $$; +--// -- ============================================================================ @@ -351,10 +363,7 @@ create trigger delete_roles_of_object_tg -- ============================================================================ --changeset rbac-base-PERMISSION:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -/* - - */ -create domain RbacOp as varchar(6) +create domain rbac.RbacOp as varchar(6) check ( VALUE = 'DELETE' or VALUE = 'UPDATE' @@ -367,7 +376,7 @@ create table rbac.permission ( uuid uuid primary key references rbac.reference (uuid) on delete cascade, objectUuid uuid not null references rbac.object, - op RbacOp not null, + op rbac.RbacOp not null, opTableName varchar(60) ); -- TODO.perf: check if these indexes are really useful @@ -379,7 +388,7 @@ ALTER TABLE rbac.permission call base.create_journal('rbac.permission'); -create or replace function createPermission(forObjectUuid uuid, forOp RbacOp, forOpTableName text = null) +create or replace function rbac.createPermission(forObjectUuid uuid, forOp rbac.RbacOp, forOpTableName text = null) returns uuid language plpgsql as $$ declare @@ -415,7 +424,7 @@ begin return permissionUuid; end; $$; -create or replace function findEffectivePermissionId(forObjectUuid uuid, forOp RbacOp, forOpTableName text = null) +create or replace function findEffectivePermissionId(forObjectUuid uuid, forOp rbac.RbacOp, forOpTableName text = null) returns uuid returns null on null input stable -- leakproof @@ -423,11 +432,11 @@ create or replace function findEffectivePermissionId(forObjectUuid uuid, forOp R select uuid from rbac.permission p where p.objectUuid = forObjectUuid - and (forOp = 'SELECT' or p.op = forOp) -- all other RbacOp include 'SELECT' + and (forOp = 'SELECT' or p.op = forOp) -- all other rbac.RbacOp include 'SELECT' and p.opTableName = forOpTableName $$; -create or replace function findPermissionId(forObjectUuid uuid, forOp RbacOp, forOpTableName text = null) +create or replace function findPermissionId(forObjectUuid uuid, forOp rbac.RbacOp, forOpTableName text = null) returns uuid returns null on null input stable -- leakproof @@ -439,7 +448,7 @@ select uuid and p.opTableName = forOpTableName $$; -create or replace function getPermissionId(forObjectUuid uuid, forOp RbacOp, forOpTableName text = null) +create or replace function getPermissionId(forObjectUuid uuid, forOp rbac.RbacOp, forOpTableName text = null) returns uuid stable -- leakproof language plpgsql as $$ @@ -567,7 +576,7 @@ create or replace function hasInsertPermission(objectUuid uuid, tableName text ) declare permissionUuid uuid; begin - permissionUuid = findPermissionId(objectUuid, 'INSERT'::RbacOp, tableName); + permissionUuid = findPermissionId(objectUuid, 'INSERT'::rbac.RbacOp, tableName); return permissionUuid is not null; end; $$; @@ -602,7 +611,7 @@ $$; create or replace procedure grantPermissionToRole(permissionUuid uuid, roleDesc rbac.RoleDescriptor) language plpgsql as $$ begin - call grantPermissionToRole(permissionUuid, findRoleId(roleDesc)); + call grantPermissionToRole(permissionUuid, rbac.findRoleId(roleDesc)); end; $$; @@ -634,8 +643,8 @@ begin return; end if; - superRoleId := findRoleId(superRole); - subRoleId := findRoleId(subRole); + superRoleId := rbac.findRoleId(superRole); + subRoleId := rbac.findRoleId(subRole); perform rbac.assertReferenceType('superRoleId (ascendant)', superRoleId, 'rbac.role'); perform rbac.assertReferenceType('subRoleId (descendant)', subRoleId, 'rbac.role'); @@ -656,8 +665,8 @@ declare superRoleId uuid; subRoleId uuid; begin - superRoleId := findRoleId(superRole); - subRoleId := findRoleId(subRole); + superRoleId := rbac.findRoleId(superRole); + subRoleId := rbac.findRoleId(subRole); perform rbac.assertReferenceType('superRoleId (ascendant)', superRoleId, 'rbac.role'); perform rbac.assertReferenceType('subRoleId (descendant)', subRoleId, 'rbac.role'); @@ -678,7 +687,7 @@ declare objectTable text; objectUuid uuid; begin - superRoleId := findRoleId(superRole); + superRoleId := rbac.findRoleId(superRole); perform rbac.assertReferenceType('superRoleId (ascendant)', superRoleId, 'rbac.role'); perform rbac.assertReferenceType('permission (descendant)', permissionId, 'rbac.permission'); @@ -705,7 +714,7 @@ end; $$; */ create or replace function queryAccessibleObjectUuidsOfSubjectIds( - requiredOp RbacOp, + requiredOp rbac.RbacOp, forObjectTable varchar, subjectIds uuid[], maxObjects integer = 8000) diff --git a/src/main/resources/db/changelog/1-rbac/1055-rbac-views.sql b/src/main/resources/db/changelog/1-rbac/1055-rbac-views.sql index 610040f8..7243b3b2 100644 --- a/src/main/resources/db/changelog/1-rbac/1055-rbac-views.sql +++ b/src/main/resources/db/changelog/1-rbac/1055-rbac-views.sql @@ -344,7 +344,7 @@ grant all privileges on rbac.own_granted_permissions_rv to ${HSADMINNG_POSTGRES_ which are also visible to the current user or assumed roles. */ create or replace function rbac.grantedPermissionsRaw(targetSubjectUuid uuid) - returns table(roleUuid uuid, roleName text, permissionUuid uuid, op RbacOp, opTableName varchar(60), objectTable varchar(60), objectIdName varchar, objectUuid uuid) + returns table(roleUuid uuid, roleName text, permissionUuid uuid, op rbac.RbacOp, opTableName varchar(60), objectTable varchar(60), objectIdName varchar, objectUuid uuid) returns null on null input language plpgsql as $$ declare @@ -380,13 +380,13 @@ begin end; $$; create or replace function rbac.grantedPermissions(targetSubjectUuid uuid) - returns table(roleUuid uuid, roleName text, permissionUuid uuid, op RbacOp, opTableName varchar(60), objectTable varchar(60), objectIdName varchar, objectUuid uuid) + returns table(roleUuid uuid, roleName text, permissionUuid uuid, op rbac.RbacOp, opTableName varchar(60), objectTable varchar(60), objectIdName varchar, objectUuid uuid) returns null on null input language sql as $$ select * from rbac.grantedPermissionsRaw(targetSubjectUuid) union all - select roleUuid, roleName, permissionUuid, 'SELECT'::RbacOp, opTableName, objectTable, objectIdName, objectUuid + select roleUuid, roleName, permissionUuid, 'SELECT'::rbac.RbacOp, opTableName, objectTable, objectIdName, objectUuid from rbac.grantedPermissionsRaw(targetSubjectUuid) - where op <> 'SELECT'::RbacOp; + where op <> 'SELECT'::rbac.RbacOp; $$; --// diff --git a/src/main/resources/db/changelog/1-rbac/1057-rbac-role-builder.sql b/src/main/resources/db/changelog/1-rbac/1057-rbac-role-builder.sql index 7adf4adc..7316e376 100644 --- a/src/main/resources/db/changelog/1-rbac/1057-rbac-role-builder.sql +++ b/src/main/resources/db/changelog/1-rbac/1057-rbac-role-builder.sql @@ -8,7 +8,7 @@ create or replace function rbac.defineRoleWithGrants( roleDescriptor rbac.RoleDescriptor, - permissions RbacOp[] = array[]::RbacOp[], + permissions rbac.RbacOp[] = array[]::rbac.RbacOp[], incomingSuperRoles rbac.RoleDescriptor[] = array[]::rbac.RoleDescriptor[], outgoingSubRoles rbac.RoleDescriptor[] = array[]::rbac.RoleDescriptor[], subjectUuids uuid[] = array[]::uuid[], @@ -19,7 +19,7 @@ create or replace function rbac.defineRoleWithGrants( language plpgsql as $$ declare roleUuid uuid; - permission RbacOp; + permission rbac.RbacOp; permissionUuid uuid; subRoleDesc rbac.RoleDescriptor; superRoleDesc rbac.RoleDescriptor; @@ -28,23 +28,23 @@ declare subjectUuid uuid; userGrantsByRoleUuid uuid; begin - roleUuid := coalesce(findRoleId(roleDescriptor), createRole(roleDescriptor)); + roleUuid := coalesce(rbac.findRoleId(roleDescriptor), rbac.createRole(roleDescriptor)); foreach permission in array permissions loop - permissionUuid := createPermission(roleDescriptor.objectuuid, permission); + permissionUuid := rbac.createPermission(roleDescriptor.objectuuid, permission); call grantPermissionToRole(permissionUuid, roleUuid); end loop; foreach superRoleDesc in array array_remove(incomingSuperRoles, null) loop - superRoleUuid := getRoleId(superRoleDesc); + superRoleUuid := rbac.getRoleId(superRoleDesc); call grantRoleToRole(roleUuid, superRoleUuid, superRoleDesc.assumed); end loop; foreach subRoleDesc in array array_remove(outgoingSubRoles, null) loop - subRoleUuid := getRoleId(subRoleDesc); + subRoleUuid := rbac.getRoleId(subRoleDesc); call grantRoleToRole(subRoleUuid, roleUuid, subRoleDesc.assumed); end loop; @@ -53,7 +53,7 @@ begin if grantedByRole is null then userGrantsByRoleUuid := roleUuid; -- TODO.impl: or do we want to require an explicit userGrantsByRoleUuid? else - userGrantsByRoleUuid := getRoleId(grantedByRole); + userGrantsByRoleUuid := rbac.getRoleId(grantedByRole); end if; foreach subjectUuid in array subjectUuids loop diff --git a/src/main/resources/db/changelog/1-rbac/1058-rbac-generators.sql b/src/main/resources/db/changelog/1-rbac/1058-rbac-generators.sql index d1f19dae..5f2c7122 100644 --- a/src/main/resources/db/changelog/1-rbac/1058-rbac-generators.sql +++ b/src/main/resources/db/changelog/1-rbac/1058-rbac-generators.sql @@ -46,7 +46,7 @@ begin language plpgsql strict as $f$ begin - return roleDescriptor('%2$s', entity.uuid, 'OWNER', assumed); + return rbac.roleDescriptorOf('%2$s', entity.uuid, 'OWNER', assumed); end; $f$; create or replace function %1$sAdmin(entity %2$s, assumed boolean = true) @@ -54,7 +54,7 @@ begin language plpgsql strict as $f$ begin - return roleDescriptor('%2$s', entity.uuid, 'ADMIN', assumed); + return rbac.roleDescriptorOf('%2$s', entity.uuid, 'ADMIN', assumed); end; $f$; create or replace function %1$sAgent(entity %2$s, assumed boolean = true) @@ -62,7 +62,7 @@ begin language plpgsql strict as $f$ begin - return roleDescriptor('%2$s', entity.uuid, 'AGENT', assumed); + return rbac.roleDescriptorOf('%2$s', entity.uuid, 'AGENT', assumed); end; $f$; create or replace function %1$sTenant(entity %2$s, assumed boolean = true) @@ -70,7 +70,7 @@ begin language plpgsql strict as $f$ begin - return roleDescriptor('%2$s', entity.uuid, 'TENANT', assumed); + return rbac.roleDescriptorOf('%2$s', entity.uuid, 'TENANT', assumed); end; $f$; -- TODO: remove guest role @@ -79,7 +79,7 @@ begin language plpgsql strict as $f$ begin - return roleDescriptor('%2$s', entity.uuid, 'GUEST', assumed); + return rbac.roleDescriptorOf('%2$s', entity.uuid, 'GUEST', assumed); end; $f$; create or replace function %1$sReferrer(entity %2$s) @@ -87,7 +87,7 @@ begin language plpgsql strict as $f$ begin - return roleDescriptor('%2$s', entity.uuid, 'REFERRER'); + return rbac.roleDescriptorOf('%2$s', entity.uuid, 'REFERRER'); end; $f$; $sql$, prefix, targetTable); diff --git a/src/main/resources/db/changelog/1-rbac/1080-rbac-global.sql b/src/main/resources/db/changelog/1-rbac/1080-rbac-global.sql index ada5f5dc..8accfb53 100644 --- a/src/main/resources/db/changelog/1-rbac/1080-rbac-global.sql +++ b/src/main/resources/db/changelog/1-rbac/1080-rbac-global.sql @@ -30,16 +30,16 @@ create or replace function rbac.isGlobalAdmin() returns boolean language plpgsql as $$ begin - return isGranted(rbac.currentSubjectOrAssumedRolesUuids(), findRoleId(globalAdmin())); + return isGranted(rbac.currentSubjectOrAssumedRolesUuids(), rbac.findRoleId(globalAdmin())); end; $$; --// -- ============================================================================ ---changeset rbac-global-HAS-global-PERMISSION:1 endDelimiter:--// +--changeset rbac-global-HAS-GLOBAL-PERMISSION:1 endDelimiter:--// -- ------------------------------------------------------------------ -create or replace function rbac.hasGlobalPermission(op RbacOp) +create or replace function rbac.hasGlobalPermission(op rbac.RbacOp) returns boolean language sql as $$ @@ -87,7 +87,7 @@ $$; --liquibase formatted sql -- ============================================================================ ---changeset rbac-rbac.Global-PSEUDO-OBJECT:1 endDelimiter:--// +--changeset rbac-global-PSEUDO-OBJECT:1 endDelimiter:--// -- ---------------------------------------------------------------------------- /** @@ -104,7 +104,7 @@ commit; -- ============================================================================ ---changeset rbac-rbac.Global-ADMIN-ROLE:1 endDelimiter:--// +--changeset rbac-global-ADMIN-ROLE:1 endDelimiter:--// -- ---------------------------------------------------------------------------- /* A rbac.Global administrator role. @@ -119,13 +119,13 @@ $$; begin transaction; call base.defineContext('creating role:rbac.global#global:ADMIN', null, null, null); - select createRole(globalAdmin()); + select rbac.createRole(globalAdmin()); commit; --// -- ============================================================================ ---changeset rbac-rbac.Global-GUEST-ROLE:1 endDelimiter:--// +--changeset rbac-global-GUEST-ROLE:1 endDelimiter:--// -- ---------------------------------------------------------------------------- /* A rbac.Global guest role. @@ -140,13 +140,13 @@ $$; begin transaction; call base.defineContext('creating role:rbac.global#global:guest', null, null, null); - select createRole(globalGuest()); + select rbac.createRole(globalGuest()); commit; --// -- ============================================================================ ---changeset rbac-GLOBAL-ADMIN-USERS:1 context:dev,tc endDelimiter:--// +--changeset rbac-global-ADMIN-USERS:1 context:dev,tc endDelimiter:--// -- ---------------------------------------------------------------------------- /* Create two users and assign both to the administrators' role. @@ -157,7 +157,7 @@ do language plpgsql $$ begin call base.defineContext('creating fake test-realm admin users', null, null, null); - admins = findRoleId(globalAdmin()); + admins = rbac.findRoleId(globalAdmin()); call rbac.grantRoleToUserUnchecked(admins, admins, rbac.create_subject('superuser-alex@hostsharing.net')); call rbac.grantRoleToUserUnchecked(admins, admins, rbac.create_subject('superuser-fran@hostsharing.net')); perform rbac.create_subject('selfregistered-user-drew@hostsharing.org'); @@ -168,7 +168,7 @@ $$; -- ============================================================================ ---changeset rbac-GLOBAL-TEST:1 context:dev,tc runAlways:true endDelimiter:--// +--changeset rbac-global-TEST:1 context:dev,tc runAlways:true endDelimiter:--// -- ---------------------------------------------------------------------------- /* diff --git a/src/main/resources/db/changelog/2-test/201-test-customer/2013-test-customer-rbac.sql b/src/main/resources/db/changelog/2-test/201-test-customer/2013-test-customer-rbac.sql index 21aec61a..f6844048 100644 --- a/src/main/resources/db/changelog/2-test/201-test-customer/2013-test-customer-rbac.sql +++ b/src/main/resources/db/changelog/2-test/201-test-customer/2013-test-customer-rbac.sql @@ -95,7 +95,7 @@ do language plpgsql $$ -- unconditional for all rows in that table LOOP call grantPermissionToRole( - createPermission(row.uuid, 'INSERT', 'test_customer'), + rbac.createPermission(row.uuid, 'INSERT', 'test_customer'), globalADMIN()); END LOOP; end; @@ -111,7 +111,7 @@ create or replace function new_test_customer_grants_insert_to_global_tf() begin -- unconditional for all rows in that table call grantPermissionToRole( - createPermission(NEW.uuid, 'INSERT', 'test_customer'), + rbac.createPermission(NEW.uuid, 'INSERT', 'test_customer'), globalADMIN()); -- end. return NEW; diff --git a/src/main/resources/db/changelog/2-test/201-test-customer/2018-test-customer-test-data.sql b/src/main/resources/db/changelog/2-test/201-test-customer/2018-test-customer-test-data.sql index e5a53dab..b1139e53 100644 --- a/src/main/resources/db/changelog/2-test/201-test-customer/2018-test-customer-test-data.sql +++ b/src/main/resources/db/changelog/2-test/201-test-customer/2018-test-customer-test-data.sql @@ -41,8 +41,8 @@ begin select * into newCust from test_customer where reference=custReference; call rbac.grantRoleToSubject( - getRoleId(testCustomerOwner(newCust)), - getRoleId(testCustomerAdmin(newCust)), + rbac.getRoleId(testCustomerOwner(newCust)), + rbac.getRoleId(testCustomerAdmin(newCust)), custAdminUuid, true); end; $$; diff --git a/src/main/resources/db/changelog/2-test/202-test-package/2023-test-package-rbac.sql b/src/main/resources/db/changelog/2-test/202-test-package/2023-test-package-rbac.sql index 6f421963..26e3384d 100644 --- a/src/main/resources/db/changelog/2-test/202-test-package/2023-test-package-rbac.sql +++ b/src/main/resources/db/changelog/2-test/202-test-package/2023-test-package-rbac.sql @@ -160,7 +160,7 @@ do language plpgsql $$ -- unconditional for all rows in that table LOOP call grantPermissionToRole( - createPermission(row.uuid, 'INSERT', 'test_package'), + rbac.createPermission(row.uuid, 'INSERT', 'test_package'), testCustomerADMIN(row)); END LOOP; end; @@ -176,7 +176,7 @@ create or replace function new_test_package_grants_insert_to_test_customer_tf() begin -- unconditional for all rows in that table call grantPermissionToRole( - createPermission(NEW.uuid, 'INSERT', 'test_package'), + rbac.createPermission(NEW.uuid, 'INSERT', 'test_package'), testCustomerADMIN(NEW)); -- end. return NEW; diff --git a/src/main/resources/db/changelog/2-test/202-test-package/2028-test-package-test-data.sql b/src/main/resources/db/changelog/2-test/202-test-package/2028-test-package-test-data.sql index 1faf52a6..84da3839 100644 --- a/src/main/resources/db/changelog/2-test/202-test-package/2028-test-package-test-data.sql +++ b/src/main/resources/db/changelog/2-test/202-test-package/2028-test-package-test-data.sql @@ -30,8 +30,8 @@ begin returning * into pac; call rbac.grantRoleToSubject( - getRoleId(testCustomerAdmin(cust)), - findRoleId(testPackageAdmin(pac)), + rbac.getRoleId(testCustomerAdmin(cust)), + rbac.findRoleId(testPackageAdmin(pac)), rbac.create_subject('pac-admin-' || pacName || '@' || cust.prefix || '.example.com'), true); diff --git a/src/main/resources/db/changelog/2-test/203-test-domain/2033-test-domain-rbac.sql b/src/main/resources/db/changelog/2-test/203-test-domain/2033-test-domain-rbac.sql index 98e76047..e07e64d8 100644 --- a/src/main/resources/db/changelog/2-test/203-test-domain/2033-test-domain-rbac.sql +++ b/src/main/resources/db/changelog/2-test/203-test-domain/2033-test-domain-rbac.sql @@ -159,7 +159,7 @@ do language plpgsql $$ -- unconditional for all rows in that table LOOP call grantPermissionToRole( - createPermission(row.uuid, 'INSERT', 'test_domain'), + rbac.createPermission(row.uuid, 'INSERT', 'test_domain'), testPackageADMIN(row)); END LOOP; end; @@ -175,7 +175,7 @@ create or replace function new_test_domain_grants_insert_to_test_package_tf() begin -- unconditional for all rows in that table call grantPermissionToRole( - createPermission(NEW.uuid, 'INSERT', 'test_domain'), + rbac.createPermission(NEW.uuid, 'INSERT', 'test_domain'), testPackageADMIN(NEW)); -- end. return NEW; diff --git a/src/main/resources/db/changelog/5-hs-office/503-relation/5033-hs-office-relation-rbac.sql b/src/main/resources/db/changelog/5-hs-office/503-relation/5033-hs-office-relation-rbac.sql index b0769dec..52ee285e 100644 --- a/src/main/resources/db/changelog/5-hs-office/503-relation/5033-hs-office-relation-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/503-relation/5033-hs-office-relation-rbac.sql @@ -169,7 +169,7 @@ do language plpgsql $$ -- unconditional for all rows in that table LOOP call grantPermissionToRole( - createPermission(row.uuid, 'INSERT', 'hs_office_relation'), + rbac.createPermission(row.uuid, 'INSERT', 'hs_office_relation'), hsOfficePersonADMIN(row)); END LOOP; end; @@ -185,7 +185,7 @@ create or replace function new_hs_office_relation_grants_insert_to_hs_office_per begin -- unconditional for all rows in that table call grantPermissionToRole( - createPermission(NEW.uuid, 'INSERT', 'hs_office_relation'), + rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office_relation'), hsOfficePersonADMIN(NEW)); -- end. return NEW; diff --git a/src/main/resources/db/changelog/5-hs-office/504-partner/5043-hs-office-partner-rbac.sql b/src/main/resources/db/changelog/5-hs-office/504-partner/5043-hs-office-partner-rbac.sql index f9e62eeb..50a66a9a 100644 --- a/src/main/resources/db/changelog/5-hs-office/504-partner/5043-hs-office-partner-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/504-partner/5043-hs-office-partner-rbac.sql @@ -42,12 +42,12 @@ begin SELECT * FROM hs_office_partner_details WHERE uuid = NEW.detailsUuid INTO newPartnerDetails; assert newPartnerDetails.uuid is not null, format('newPartnerDetails must not be null for NEW.detailsUuid = %s', NEW.detailsUuid); - call grantPermissionToRole(createPermission(NEW.uuid, 'DELETE'), hsOfficeRelationOWNER(newPartnerRel)); - call grantPermissionToRole(createPermission(NEW.uuid, 'SELECT'), hsOfficeRelationTENANT(newPartnerRel)); - call grantPermissionToRole(createPermission(NEW.uuid, 'UPDATE'), hsOfficeRelationADMIN(newPartnerRel)); - call grantPermissionToRole(createPermission(newPartnerDetails.uuid, 'DELETE'), hsOfficeRelationOWNER(newPartnerRel)); - call grantPermissionToRole(createPermission(newPartnerDetails.uuid, 'SELECT'), hsOfficeRelationAGENT(newPartnerRel)); - call grantPermissionToRole(createPermission(newPartnerDetails.uuid, 'UPDATE'), hsOfficeRelationAGENT(newPartnerRel)); + call grantPermissionToRole(rbac.createPermission(NEW.uuid, 'DELETE'), hsOfficeRelationOWNER(newPartnerRel)); + call grantPermissionToRole(rbac.createPermission(NEW.uuid, 'SELECT'), hsOfficeRelationTENANT(newPartnerRel)); + call grantPermissionToRole(rbac.createPermission(NEW.uuid, 'UPDATE'), hsOfficeRelationADMIN(newPartnerRel)); + call grantPermissionToRole(rbac.createPermission(newPartnerDetails.uuid, 'DELETE'), hsOfficeRelationOWNER(newPartnerRel)); + call grantPermissionToRole(rbac.createPermission(newPartnerDetails.uuid, 'SELECT'), hsOfficeRelationAGENT(newPartnerRel)); + call grantPermissionToRole(rbac.createPermission(newPartnerDetails.uuid, 'UPDATE'), hsOfficeRelationAGENT(newPartnerRel)); call rbac.leaveTriggerForObjectUuid(NEW.uuid); end; $$; @@ -111,22 +111,22 @@ begin if NEW.partnerRelUuid <> OLD.partnerRelUuid then call rbac.revokePermissionFromRole(getPermissionId(OLD.uuid, 'DELETE'), hsOfficeRelationOWNER(oldPartnerRel)); - call grantPermissionToRole(createPermission(NEW.uuid, 'DELETE'), hsOfficeRelationOWNER(newPartnerRel)); + call grantPermissionToRole(rbac.createPermission(NEW.uuid, 'DELETE'), hsOfficeRelationOWNER(newPartnerRel)); call rbac.revokePermissionFromRole(getPermissionId(OLD.uuid, 'UPDATE'), hsOfficeRelationADMIN(oldPartnerRel)); - call grantPermissionToRole(createPermission(NEW.uuid, 'UPDATE'), hsOfficeRelationADMIN(newPartnerRel)); + call grantPermissionToRole(rbac.createPermission(NEW.uuid, 'UPDATE'), hsOfficeRelationADMIN(newPartnerRel)); call rbac.revokePermissionFromRole(getPermissionId(OLD.uuid, 'SELECT'), hsOfficeRelationTENANT(oldPartnerRel)); - call grantPermissionToRole(createPermission(NEW.uuid, 'SELECT'), hsOfficeRelationTENANT(newPartnerRel)); + call grantPermissionToRole(rbac.createPermission(NEW.uuid, 'SELECT'), hsOfficeRelationTENANT(newPartnerRel)); call rbac.revokePermissionFromRole(getPermissionId(oldPartnerDetails.uuid, 'DELETE'), hsOfficeRelationOWNER(oldPartnerRel)); - call grantPermissionToRole(createPermission(newPartnerDetails.uuid, 'DELETE'), hsOfficeRelationOWNER(newPartnerRel)); + call grantPermissionToRole(rbac.createPermission(newPartnerDetails.uuid, 'DELETE'), hsOfficeRelationOWNER(newPartnerRel)); call rbac.revokePermissionFromRole(getPermissionId(oldPartnerDetails.uuid, 'UPDATE'), hsOfficeRelationAGENT(oldPartnerRel)); - call grantPermissionToRole(createPermission(newPartnerDetails.uuid, 'UPDATE'), hsOfficeRelationAGENT(newPartnerRel)); + call grantPermissionToRole(rbac.createPermission(newPartnerDetails.uuid, 'UPDATE'), hsOfficeRelationAGENT(newPartnerRel)); call rbac.revokePermissionFromRole(getPermissionId(oldPartnerDetails.uuid, 'SELECT'), hsOfficeRelationAGENT(oldPartnerRel)); - call grantPermissionToRole(createPermission(newPartnerDetails.uuid, 'SELECT'), hsOfficeRelationAGENT(newPartnerRel)); + call grantPermissionToRole(rbac.createPermission(newPartnerDetails.uuid, 'SELECT'), hsOfficeRelationAGENT(newPartnerRel)); end if; @@ -172,7 +172,7 @@ do language plpgsql $$ -- unconditional for all rows in that table LOOP call grantPermissionToRole( - createPermission(row.uuid, 'INSERT', 'hs_office_partner'), + rbac.createPermission(row.uuid, 'INSERT', 'hs_office_partner'), globalADMIN()); END LOOP; end; @@ -188,7 +188,7 @@ create or replace function new_hs_office_partner_grants_insert_to_global_tf() begin -- unconditional for all rows in that table call grantPermissionToRole( - createPermission(NEW.uuid, 'INSERT', 'hs_office_partner'), + rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office_partner'), globalADMIN()); -- end. return NEW; diff --git a/src/main/resources/db/changelog/5-hs-office/504-partner/5044-hs-office-partner-details-rbac.sql b/src/main/resources/db/changelog/5-hs-office/504-partner/5044-hs-office-partner-details-rbac.sql index 9a3dfbe1..b53a2e2f 100644 --- a/src/main/resources/db/changelog/5-hs-office/504-partner/5044-hs-office-partner-details-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/504-partner/5044-hs-office-partner-details-rbac.sql @@ -76,7 +76,7 @@ begin -- unconditional for all rows in that table LOOP call grantPermissionToRole( - createPermission(row.uuid, 'INSERT', 'hs_office_partner_details'), + rbac.createPermission(row.uuid, 'INSERT', 'hs_office_partner_details'), globalADMIN()); END LOOP; end; @@ -92,7 +92,7 @@ create or replace function new_hs_office_partner_details_grants_insert_to_global begin -- unconditional for all rows in that table call grantPermissionToRole( - createPermission(NEW.uuid, 'INSERT', 'hs_office_partner_details'), + rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office_partner_details'), globalADMIN()); -- end. return NEW; diff --git a/src/main/resources/db/changelog/5-hs-office/506-debitor/5063-hs-office-debitor-rbac.sql b/src/main/resources/db/changelog/5-hs-office/506-debitor/5063-hs-office-debitor-rbac.sql index 58175132..a2ca4c80 100644 --- a/src/main/resources/db/changelog/5-hs-office/506-debitor/5063-hs-office-debitor-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/506-debitor/5063-hs-office-debitor-rbac.sql @@ -57,9 +57,9 @@ begin call grantRoleToRole(hsOfficeRelationAGENT(newDebitorRel), hsOfficeRelationAGENT(newPartnerRel)); call grantRoleToRole(hsOfficeRelationTENANT(newPartnerRel), hsOfficeRelationAGENT(newDebitorRel)); - call grantPermissionToRole(createPermission(NEW.uuid, 'DELETE'), hsOfficeRelationOWNER(newDebitorRel)); - call grantPermissionToRole(createPermission(NEW.uuid, 'SELECT'), hsOfficeRelationTENANT(newDebitorRel)); - call grantPermissionToRole(createPermission(NEW.uuid, 'UPDATE'), hsOfficeRelationADMIN(newDebitorRel)); + call grantPermissionToRole(rbac.createPermission(NEW.uuid, 'DELETE'), hsOfficeRelationOWNER(newDebitorRel)); + call grantPermissionToRole(rbac.createPermission(NEW.uuid, 'SELECT'), hsOfficeRelationTENANT(newDebitorRel)); + call grantPermissionToRole(rbac.createPermission(NEW.uuid, 'UPDATE'), hsOfficeRelationADMIN(newDebitorRel)); call rbac.leaveTriggerForObjectUuid(NEW.uuid); end; $$; @@ -145,7 +145,7 @@ do language plpgsql $$ -- unconditional for all rows in that table LOOP call grantPermissionToRole( - createPermission(row.uuid, 'INSERT', 'hs_office_debitor'), + rbac.createPermission(row.uuid, 'INSERT', 'hs_office_debitor'), globalADMIN()); END LOOP; end; @@ -161,7 +161,7 @@ create or replace function new_hs_office_debitor_grants_insert_to_global_tf() begin -- unconditional for all rows in that table call grantPermissionToRole( - createPermission(NEW.uuid, 'INSERT', 'hs_office_debitor'), + rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office_debitor'), globalADMIN()); -- end. return NEW; diff --git a/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5073-hs-office-sepamandate-rbac.sql b/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5073-hs-office-sepamandate-rbac.sql index 40b6224e..c5f91a9c 100644 --- a/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5073-hs-office-sepamandate-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5073-hs-office-sepamandate-rbac.sql @@ -120,7 +120,7 @@ do language plpgsql $$ WHERE type = 'DEBITOR' LOOP call grantPermissionToRole( - createPermission(row.uuid, 'INSERT', 'hs_office_sepamandate'), + rbac.createPermission(row.uuid, 'INSERT', 'hs_office_sepamandate'), hsOfficeRelationADMIN(row)); END LOOP; end; @@ -136,7 +136,7 @@ create or replace function new_hs_office_sepamandate_grants_insert_to_hs_office_ begin if NEW.type = 'DEBITOR' then call grantPermissionToRole( - createPermission(NEW.uuid, 'INSERT', 'hs_office_sepamandate'), + rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office_sepamandate'), hsOfficeRelationADMIN(NEW)); end if; return NEW; diff --git a/src/main/resources/db/changelog/5-hs-office/510-membership/5103-hs-office-membership-rbac.sql b/src/main/resources/db/changelog/5-hs-office/510-membership/5103-hs-office-membership-rbac.sql index 0218f68c..2d42a51d 100644 --- a/src/main/resources/db/changelog/5-hs-office/510-membership/5103-hs-office-membership-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/510-membership/5103-hs-office-membership-rbac.sql @@ -107,7 +107,7 @@ do language plpgsql $$ -- unconditional for all rows in that table LOOP call grantPermissionToRole( - createPermission(row.uuid, 'INSERT', 'hs_office_membership'), + rbac.createPermission(row.uuid, 'INSERT', 'hs_office_membership'), globalADMIN()); END LOOP; end; @@ -123,7 +123,7 @@ create or replace function new_hs_office_membership_grants_insert_to_global_tf() begin -- unconditional for all rows in that table call grantPermissionToRole( - createPermission(NEW.uuid, 'INSERT', 'hs_office_membership'), + rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office_membership'), globalADMIN()); -- end. return NEW; diff --git a/src/main/resources/db/changelog/5-hs-office/511-coopshares/5113-hs-office-coopshares-rbac.sql b/src/main/resources/db/changelog/5-hs-office/511-coopshares/5113-hs-office-coopshares-rbac.sql index f8d72a7f..96f22285 100644 --- a/src/main/resources/db/changelog/5-hs-office/511-coopshares/5113-hs-office-coopshares-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/511-coopshares/5113-hs-office-coopshares-rbac.sql @@ -38,8 +38,8 @@ begin SELECT * FROM hs_office_membership WHERE uuid = NEW.membershipUuid INTO newMembership; assert newMembership.uuid is not null, format('newMembership must not be null for NEW.membershipUuid = %s', NEW.membershipUuid); - call grantPermissionToRole(createPermission(NEW.uuid, 'SELECT'), hsOfficeMembershipAGENT(newMembership)); - call grantPermissionToRole(createPermission(NEW.uuid, 'UPDATE'), hsOfficeMembershipADMIN(newMembership)); + call grantPermissionToRole(rbac.createPermission(NEW.uuid, 'SELECT'), hsOfficeMembershipAGENT(newMembership)); + call grantPermissionToRole(rbac.createPermission(NEW.uuid, 'UPDATE'), hsOfficeMembershipADMIN(newMembership)); call rbac.leaveTriggerForObjectUuid(NEW.uuid); end; $$; @@ -83,7 +83,7 @@ do language plpgsql $$ -- unconditional for all rows in that table LOOP call grantPermissionToRole( - createPermission(row.uuid, 'INSERT', 'hs_office_coopsharestransaction'), + rbac.createPermission(row.uuid, 'INSERT', 'hs_office_coopsharestransaction'), hsOfficeMembershipADMIN(row)); END LOOP; end; @@ -99,7 +99,7 @@ create or replace function new_hs_office_coopsharestransaction_grants_insert_to_ begin -- unconditional for all rows in that table call grantPermissionToRole( - createPermission(NEW.uuid, 'INSERT', 'hs_office_coopsharestransaction'), + rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office_coopsharestransaction'), hsOfficeMembershipADMIN(NEW)); -- end. return NEW; diff --git a/src/main/resources/db/changelog/5-hs-office/512-coopassets/5123-hs-office-coopassets-rbac.sql b/src/main/resources/db/changelog/5-hs-office/512-coopassets/5123-hs-office-coopassets-rbac.sql index 2be9891c..c289af2d 100644 --- a/src/main/resources/db/changelog/5-hs-office/512-coopassets/5123-hs-office-coopassets-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/512-coopassets/5123-hs-office-coopassets-rbac.sql @@ -38,8 +38,8 @@ begin SELECT * FROM hs_office_membership WHERE uuid = NEW.membershipUuid INTO newMembership; assert newMembership.uuid is not null, format('newMembership must not be null for NEW.membershipUuid = %s', NEW.membershipUuid); - call grantPermissionToRole(createPermission(NEW.uuid, 'SELECT'), hsOfficeMembershipAGENT(newMembership)); - call grantPermissionToRole(createPermission(NEW.uuid, 'UPDATE'), hsOfficeMembershipADMIN(newMembership)); + call grantPermissionToRole(rbac.createPermission(NEW.uuid, 'SELECT'), hsOfficeMembershipAGENT(newMembership)); + call grantPermissionToRole(rbac.createPermission(NEW.uuid, 'UPDATE'), hsOfficeMembershipADMIN(newMembership)); call rbac.leaveTriggerForObjectUuid(NEW.uuid); end; $$; @@ -83,7 +83,7 @@ do language plpgsql $$ -- unconditional for all rows in that table LOOP call grantPermissionToRole( - createPermission(row.uuid, 'INSERT', 'hs_office_coopassetstransaction'), + rbac.createPermission(row.uuid, 'INSERT', 'hs_office_coopassetstransaction'), hsOfficeMembershipADMIN(row)); END LOOP; end; @@ -99,7 +99,7 @@ create or replace function new_hs_office_coopassetstransaction_grants_insert_to_ begin -- unconditional for all rows in that table call grantPermissionToRole( - createPermission(NEW.uuid, 'INSERT', 'hs_office_coopassetstransaction'), + rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office_coopassetstransaction'), hsOfficeMembershipADMIN(NEW)); -- end. return NEW; diff --git a/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6203-hs-booking-project-rbac.sql b/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6203-hs-booking-project-rbac.sql index ff6a9054..c4cd9175 100644 --- a/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6203-hs-booking-project-rbac.sql +++ b/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6203-hs-booking-project-rbac.sql @@ -70,7 +70,7 @@ begin outgoingSubRoles => array[hsOfficeRelationTENANT(newDebitorRel)] ); - call grantPermissionToRole(createPermission(NEW.uuid, 'DELETE'), globalAdmin()); + call grantPermissionToRole(rbac.createPermission(NEW.uuid, 'DELETE'), globalAdmin()); call rbac.leaveTriggerForObjectUuid(NEW.uuid); end; $$; @@ -114,7 +114,7 @@ do language plpgsql $$ WHERE type = 'DEBITOR' LOOP call grantPermissionToRole( - createPermission(row.uuid, 'INSERT', 'hs_booking_project'), + rbac.createPermission(row.uuid, 'INSERT', 'hs_booking_project'), hsOfficeRelationADMIN(row)); END LOOP; end; @@ -130,7 +130,7 @@ create or replace function new_hs_booking_project_grants_insert_to_hs_office_rel begin if NEW.type = 'DEBITOR' then call grantPermissionToRole( - createPermission(NEW.uuid, 'INSERT', 'hs_booking_project'), + rbac.createPermission(NEW.uuid, 'INSERT', 'hs_booking_project'), hsOfficeRelationADMIN(NEW)); end if; return NEW; diff --git a/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6203-hs-booking-item-rbac.sql b/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6203-hs-booking-item-rbac.sql index 2accb407..0ae4bcfa 100644 --- a/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6203-hs-booking-item-rbac.sql +++ b/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6203-hs-booking-item-rbac.sql @@ -69,7 +69,7 @@ begin - call grantPermissionToRole(createPermission(NEW.uuid, 'DELETE'), globalAdmin()); + call grantPermissionToRole(rbac.createPermission(NEW.uuid, 'DELETE'), globalAdmin()); call rbac.leaveTriggerForObjectUuid(NEW.uuid); end; $$; @@ -113,7 +113,7 @@ do language plpgsql $$ -- unconditional for all rows in that table LOOP call grantPermissionToRole( - createPermission(row.uuid, 'INSERT', 'hs_booking_item'), + rbac.createPermission(row.uuid, 'INSERT', 'hs_booking_item'), globalADMIN()); END LOOP; end; @@ -129,7 +129,7 @@ create or replace function new_hs_booking_item_grants_insert_to_global_tf() begin -- unconditional for all rows in that table call grantPermissionToRole( - createPermission(NEW.uuid, 'INSERT', 'hs_booking_item'), + rbac.createPermission(NEW.uuid, 'INSERT', 'hs_booking_item'), globalADMIN()); -- end. return NEW; @@ -156,7 +156,7 @@ do language plpgsql $$ -- unconditional for all rows in that table LOOP call grantPermissionToRole( - createPermission(row.uuid, 'INSERT', 'hs_booking_item'), + rbac.createPermission(row.uuid, 'INSERT', 'hs_booking_item'), hsBookingProjectADMIN(row)); END LOOP; end; @@ -172,7 +172,7 @@ create or replace function new_hs_booking_item_grants_insert_to_hs_booking_proje begin -- unconditional for all rows in that table call grantPermissionToRole( - createPermission(NEW.uuid, 'INSERT', 'hs_booking_item'), + rbac.createPermission(NEW.uuid, 'INSERT', 'hs_booking_item'), hsBookingProjectADMIN(NEW)); -- end. return NEW; @@ -199,7 +199,7 @@ create or replace function new_hs_booking_item_grants_insert_to_hs_booking_item_ begin -- unconditional for all rows in that table call grantPermissionToRole( - createPermission(NEW.uuid, 'INSERT', 'hs_booking_item'), + rbac.createPermission(NEW.uuid, 'INSERT', 'hs_booking_item'), hsBookingItemADMIN(NEW)); -- end. return NEW; diff --git a/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6303-hs-booking-item-rbac.sql b/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6303-hs-booking-item-rbac.sql index 2accb407..0ae4bcfa 100644 --- a/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6303-hs-booking-item-rbac.sql +++ b/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6303-hs-booking-item-rbac.sql @@ -69,7 +69,7 @@ begin - call grantPermissionToRole(createPermission(NEW.uuid, 'DELETE'), globalAdmin()); + call grantPermissionToRole(rbac.createPermission(NEW.uuid, 'DELETE'), globalAdmin()); call rbac.leaveTriggerForObjectUuid(NEW.uuid); end; $$; @@ -113,7 +113,7 @@ do language plpgsql $$ -- unconditional for all rows in that table LOOP call grantPermissionToRole( - createPermission(row.uuid, 'INSERT', 'hs_booking_item'), + rbac.createPermission(row.uuid, 'INSERT', 'hs_booking_item'), globalADMIN()); END LOOP; end; @@ -129,7 +129,7 @@ create or replace function new_hs_booking_item_grants_insert_to_global_tf() begin -- unconditional for all rows in that table call grantPermissionToRole( - createPermission(NEW.uuid, 'INSERT', 'hs_booking_item'), + rbac.createPermission(NEW.uuid, 'INSERT', 'hs_booking_item'), globalADMIN()); -- end. return NEW; @@ -156,7 +156,7 @@ do language plpgsql $$ -- unconditional for all rows in that table LOOP call grantPermissionToRole( - createPermission(row.uuid, 'INSERT', 'hs_booking_item'), + rbac.createPermission(row.uuid, 'INSERT', 'hs_booking_item'), hsBookingProjectADMIN(row)); END LOOP; end; @@ -172,7 +172,7 @@ create or replace function new_hs_booking_item_grants_insert_to_hs_booking_proje begin -- unconditional for all rows in that table call grantPermissionToRole( - createPermission(NEW.uuid, 'INSERT', 'hs_booking_item'), + rbac.createPermission(NEW.uuid, 'INSERT', 'hs_booking_item'), hsBookingProjectADMIN(NEW)); -- end. return NEW; @@ -199,7 +199,7 @@ create or replace function new_hs_booking_item_grants_insert_to_hs_booking_item_ begin -- unconditional for all rows in that table call grantPermissionToRole( - createPermission(NEW.uuid, 'INSERT', 'hs_booking_item'), + rbac.createPermission(NEW.uuid, 'INSERT', 'hs_booking_item'), hsBookingItemADMIN(NEW)); -- end. return NEW; -- 2.39.5 From bf510e1ab20910f61be69065e4aad5b46f7a0efa Mon Sep 17 00:00:00 2001 From: Michael Hoennig Date: Sat, 14 Sep 2024 07:25:18 +0200 Subject: [PATCH 38/57] rbac.globalAdmin(), rbac.globalGuest() --- .../rbacdef/RolesGrantsAndPermissionsGenerator.java | 2 +- .../db/changelog/1-rbac/1080-rbac-global.sql | 12 ++++++------ .../201-test-customer/2013-test-customer-rbac.sql | 6 +++--- .../501-contact/5013-hs-office-contact-rbac.sql | 2 +- .../502-person/5023-hs-office-person-rbac.sql | 2 +- .../503-relation/5033-hs-office-relation-rbac.sql | 2 +- .../504-partner/5043-hs-office-partner-rbac.sql | 4 ++-- .../5044-hs-office-partner-details-rbac.sql | 4 ++-- .../5053-hs-office-bankaccount-rbac.sql | 2 +- .../506-debitor/5063-hs-office-debitor-rbac.sql | 4 ++-- .../5073-hs-office-sepamandate-rbac.sql | 2 +- .../5103-hs-office-membership-rbac.sql | 4 ++-- .../6203-hs-booking-project-rbac.sql | 2 +- .../630-booking-item/6203-hs-booking-item-rbac.sql | 6 +++--- .../630-booking-item/6303-hs-booking-item-rbac.sql | 6 +++--- .../701-hosting-asset/7013-hs-hosting-asset-rbac.sql | 2 +- 16 files changed, 31 insertions(+), 31 deletions(-) diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RolesGrantsAndPermissionsGenerator.java b/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RolesGrantsAndPermissionsGenerator.java index 727e5d62..069fa266 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RolesGrantsAndPermissionsGenerator.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RolesGrantsAndPermissionsGenerator.java @@ -364,7 +364,7 @@ class RolesGrantsAndPermissionsGenerator { System.out.println("null"); } if (roleDef.getEntityAlias().isGlobal()) { - return "globalAdmin()"; + return "rbac.globalAdmin()"; } final String entityRefVar = entityRefVar(rootRefVar, roleDef.getEntityAlias()); return roleDef.getEntityAlias().simpleName() + capitalize(roleDef.getRole().name()) diff --git a/src/main/resources/db/changelog/1-rbac/1080-rbac-global.sql b/src/main/resources/db/changelog/1-rbac/1080-rbac-global.sql index 8accfb53..9ffb4c52 100644 --- a/src/main/resources/db/changelog/1-rbac/1080-rbac-global.sql +++ b/src/main/resources/db/changelog/1-rbac/1080-rbac-global.sql @@ -30,7 +30,7 @@ create or replace function rbac.isGlobalAdmin() returns boolean language plpgsql as $$ begin - return isGranted(rbac.currentSubjectOrAssumedRolesUuids(), rbac.findRoleId(globalAdmin())); + return isGranted(rbac.currentSubjectOrAssumedRolesUuids(), rbac.findRoleId(rbac.globalAdmin())); end; $$; --// @@ -109,7 +109,7 @@ commit; /* A rbac.Global administrator role. */ -create or replace function globalAdmin(assumed boolean = true) +create or replace function rbac.globalAdmin(assumed boolean = true) returns rbac.RoleDescriptor returns null on null input stable -- leakproof @@ -119,7 +119,7 @@ $$; begin transaction; call base.defineContext('creating role:rbac.global#global:ADMIN', null, null, null); - select rbac.createRole(globalAdmin()); + select rbac.createRole(rbac.globalAdmin()); commit; --// @@ -130,7 +130,7 @@ commit; /* A rbac.Global guest role. */ -create or replace function globalGuest(assumed boolean = true) +create or replace function rbac.globalglobalGuest(assumed boolean = true) returns rbac.RoleDescriptor returns null on null input stable -- leakproof @@ -140,7 +140,7 @@ $$; begin transaction; call base.defineContext('creating role:rbac.global#global:guest', null, null, null); - select rbac.createRole(globalGuest()); + select rbac.createRole(rbac.globalglobalGuest()); commit; --// @@ -157,7 +157,7 @@ do language plpgsql $$ begin call base.defineContext('creating fake test-realm admin users', null, null, null); - admins = rbac.findRoleId(globalAdmin()); + admins = rbac.findRoleId(rbac.globalAdmin()); call rbac.grantRoleToUserUnchecked(admins, admins, rbac.create_subject('superuser-alex@hostsharing.net')); call rbac.grantRoleToUserUnchecked(admins, admins, rbac.create_subject('superuser-fran@hostsharing.net')); perform rbac.create_subject('selfregistered-user-drew@hostsharing.org'); diff --git a/src/main/resources/db/changelog/2-test/201-test-customer/2013-test-customer-rbac.sql b/src/main/resources/db/changelog/2-test/201-test-customer/2013-test-customer-rbac.sql index f6844048..03524d3a 100644 --- a/src/main/resources/db/changelog/2-test/201-test-customer/2013-test-customer-rbac.sql +++ b/src/main/resources/db/changelog/2-test/201-test-customer/2013-test-customer-rbac.sql @@ -37,7 +37,7 @@ begin perform rbac.defineRoleWithGrants( testCustomerOWNER(NEW), permissions => array['DELETE'], - incomingSuperRoles => array[globalADMIN(rbac.unassumed())], + incomingSuperRoles => array[rbac.globalADMIN(rbac.unassumed())], subjectUuids => array[rbac.currentSubjectUuid()] ); @@ -96,7 +96,7 @@ do language plpgsql $$ LOOP call grantPermissionToRole( rbac.createPermission(row.uuid, 'INSERT', 'test_customer'), - globalADMIN()); + rbac.globalAdmin()); END LOOP; end; $$; @@ -112,7 +112,7 @@ begin -- unconditional for all rows in that table call grantPermissionToRole( rbac.createPermission(NEW.uuid, 'INSERT', 'test_customer'), - globalADMIN()); + rbac.globalAdmin()); -- end. return NEW; end; $$; diff --git a/src/main/resources/db/changelog/5-hs-office/501-contact/5013-hs-office-contact-rbac.sql b/src/main/resources/db/changelog/5-hs-office/501-contact/5013-hs-office-contact-rbac.sql index f7f76b06..316128dc 100644 --- a/src/main/resources/db/changelog/5-hs-office/501-contact/5013-hs-office-contact-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/501-contact/5013-hs-office-contact-rbac.sql @@ -37,7 +37,7 @@ begin perform rbac.defineRoleWithGrants( hsOfficeContactOWNER(NEW), permissions => array['DELETE'], - incomingSuperRoles => array[globalADMIN()], + incomingSuperRoles => array[rbac.globalAdmin()], subjectUuids => array[rbac.currentSubjectUuid()] ); diff --git a/src/main/resources/db/changelog/5-hs-office/502-person/5023-hs-office-person-rbac.sql b/src/main/resources/db/changelog/5-hs-office/502-person/5023-hs-office-person-rbac.sql index d22a195f..16b624cb 100644 --- a/src/main/resources/db/changelog/5-hs-office/502-person/5023-hs-office-person-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/502-person/5023-hs-office-person-rbac.sql @@ -37,7 +37,7 @@ begin perform rbac.defineRoleWithGrants( hsOfficePersonOWNER(NEW), permissions => array['DELETE'], - incomingSuperRoles => array[globalADMIN()], + incomingSuperRoles => array[rbac.globalAdmin()], subjectUuids => array[rbac.currentSubjectUuid()] ); diff --git a/src/main/resources/db/changelog/5-hs-office/503-relation/5033-hs-office-relation-rbac.sql b/src/main/resources/db/changelog/5-hs-office/503-relation/5033-hs-office-relation-rbac.sql index 52ee285e..ddc7c92e 100644 --- a/src/main/resources/db/changelog/5-hs-office/503-relation/5033-hs-office-relation-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/503-relation/5033-hs-office-relation-rbac.sql @@ -50,7 +50,7 @@ begin perform rbac.defineRoleWithGrants( hsOfficeRelationOWNER(NEW), permissions => array['DELETE'], - incomingSuperRoles => array[globalADMIN()], + incomingSuperRoles => array[rbac.globalAdmin()], subjectUuids => array[rbac.currentSubjectUuid()] ); diff --git a/src/main/resources/db/changelog/5-hs-office/504-partner/5043-hs-office-partner-rbac.sql b/src/main/resources/db/changelog/5-hs-office/504-partner/5043-hs-office-partner-rbac.sql index 50a66a9a..81518c74 100644 --- a/src/main/resources/db/changelog/5-hs-office/504-partner/5043-hs-office-partner-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/504-partner/5043-hs-office-partner-rbac.sql @@ -173,7 +173,7 @@ do language plpgsql $$ LOOP call grantPermissionToRole( rbac.createPermission(row.uuid, 'INSERT', 'hs_office_partner'), - globalADMIN()); + rbac.globalAdmin()); END LOOP; end; $$; @@ -189,7 +189,7 @@ begin -- unconditional for all rows in that table call grantPermissionToRole( rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office_partner'), - globalADMIN()); + rbac.globalAdmin()); -- end. return NEW; end; $$; diff --git a/src/main/resources/db/changelog/5-hs-office/504-partner/5044-hs-office-partner-details-rbac.sql b/src/main/resources/db/changelog/5-hs-office/504-partner/5044-hs-office-partner-details-rbac.sql index b53a2e2f..44b25603 100644 --- a/src/main/resources/db/changelog/5-hs-office/504-partner/5044-hs-office-partner-details-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/504-partner/5044-hs-office-partner-details-rbac.sql @@ -77,7 +77,7 @@ begin LOOP call grantPermissionToRole( rbac.createPermission(row.uuid, 'INSERT', 'hs_office_partner_details'), - globalADMIN()); + rbac.globalAdmin()); END LOOP; end; $$; @@ -93,7 +93,7 @@ begin -- unconditional for all rows in that table call grantPermissionToRole( rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office_partner_details'), - globalADMIN()); + rbac.globalAdmin()); -- end. return NEW; end; $$; diff --git a/src/main/resources/db/changelog/5-hs-office/505-bankaccount/5053-hs-office-bankaccount-rbac.sql b/src/main/resources/db/changelog/5-hs-office/505-bankaccount/5053-hs-office-bankaccount-rbac.sql index 6fc3470b..5a11bc81 100644 --- a/src/main/resources/db/changelog/5-hs-office/505-bankaccount/5053-hs-office-bankaccount-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/505-bankaccount/5053-hs-office-bankaccount-rbac.sql @@ -37,7 +37,7 @@ begin perform rbac.defineRoleWithGrants( hsOfficeBankAccountOWNER(NEW), permissions => array['DELETE'], - incomingSuperRoles => array[globalADMIN()], + incomingSuperRoles => array[rbac.globalAdmin()], subjectUuids => array[rbac.currentSubjectUuid()] ); diff --git a/src/main/resources/db/changelog/5-hs-office/506-debitor/5063-hs-office-debitor-rbac.sql b/src/main/resources/db/changelog/5-hs-office/506-debitor/5063-hs-office-debitor-rbac.sql index a2ca4c80..5b7dcf8b 100644 --- a/src/main/resources/db/changelog/5-hs-office/506-debitor/5063-hs-office-debitor-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/506-debitor/5063-hs-office-debitor-rbac.sql @@ -146,7 +146,7 @@ do language plpgsql $$ LOOP call grantPermissionToRole( rbac.createPermission(row.uuid, 'INSERT', 'hs_office_debitor'), - globalADMIN()); + rbac.globalAdmin()); END LOOP; end; $$; @@ -162,7 +162,7 @@ begin -- unconditional for all rows in that table call grantPermissionToRole( rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office_debitor'), - globalADMIN()); + rbac.globalAdmin()); -- end. return NEW; end; $$; diff --git a/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5073-hs-office-sepamandate-rbac.sql b/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5073-hs-office-sepamandate-rbac.sql index c5f91a9c..afb90114 100644 --- a/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5073-hs-office-sepamandate-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5073-hs-office-sepamandate-rbac.sql @@ -50,7 +50,7 @@ begin perform rbac.defineRoleWithGrants( hsOfficeSepaMandateOWNER(NEW), permissions => array['DELETE'], - incomingSuperRoles => array[globalADMIN()], + incomingSuperRoles => array[rbac.globalAdmin()], subjectUuids => array[rbac.currentSubjectUuid()] ); diff --git a/src/main/resources/db/changelog/5-hs-office/510-membership/5103-hs-office-membership-rbac.sql b/src/main/resources/db/changelog/5-hs-office/510-membership/5103-hs-office-membership-rbac.sql index 2d42a51d..8730876a 100644 --- a/src/main/resources/db/changelog/5-hs-office/510-membership/5103-hs-office-membership-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/510-membership/5103-hs-office-membership-rbac.sql @@ -108,7 +108,7 @@ do language plpgsql $$ LOOP call grantPermissionToRole( rbac.createPermission(row.uuid, 'INSERT', 'hs_office_membership'), - globalADMIN()); + rbac.globalAdmin()); END LOOP; end; $$; @@ -124,7 +124,7 @@ begin -- unconditional for all rows in that table call grantPermissionToRole( rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office_membership'), - globalADMIN()); + rbac.globalAdmin()); -- end. return NEW; end; $$; diff --git a/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6203-hs-booking-project-rbac.sql b/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6203-hs-booking-project-rbac.sql index c4cd9175..62686ce4 100644 --- a/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6203-hs-booking-project-rbac.sql +++ b/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6203-hs-booking-project-rbac.sql @@ -70,7 +70,7 @@ begin outgoingSubRoles => array[hsOfficeRelationTENANT(newDebitorRel)] ); - call grantPermissionToRole(rbac.createPermission(NEW.uuid, 'DELETE'), globalAdmin()); + call grantPermissionToRole(rbac.createPermission(NEW.uuid, 'DELETE'), rbac.globalAdmin()); call rbac.leaveTriggerForObjectUuid(NEW.uuid); end; $$; diff --git a/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6203-hs-booking-item-rbac.sql b/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6203-hs-booking-item-rbac.sql index 0ae4bcfa..fa3ed829 100644 --- a/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6203-hs-booking-item-rbac.sql +++ b/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6203-hs-booking-item-rbac.sql @@ -69,7 +69,7 @@ begin - call grantPermissionToRole(rbac.createPermission(NEW.uuid, 'DELETE'), globalAdmin()); + call grantPermissionToRole(rbac.createPermission(NEW.uuid, 'DELETE'), rbac.globalAdmin()); call rbac.leaveTriggerForObjectUuid(NEW.uuid); end; $$; @@ -114,7 +114,7 @@ do language plpgsql $$ LOOP call grantPermissionToRole( rbac.createPermission(row.uuid, 'INSERT', 'hs_booking_item'), - globalADMIN()); + rbac.globalAdmin()); END LOOP; end; $$; @@ -130,7 +130,7 @@ begin -- unconditional for all rows in that table call grantPermissionToRole( rbac.createPermission(NEW.uuid, 'INSERT', 'hs_booking_item'), - globalADMIN()); + rbac.globalAdmin()); -- end. return NEW; end; $$; diff --git a/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6303-hs-booking-item-rbac.sql b/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6303-hs-booking-item-rbac.sql index 0ae4bcfa..fa3ed829 100644 --- a/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6303-hs-booking-item-rbac.sql +++ b/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6303-hs-booking-item-rbac.sql @@ -69,7 +69,7 @@ begin - call grantPermissionToRole(rbac.createPermission(NEW.uuid, 'DELETE'), globalAdmin()); + call grantPermissionToRole(rbac.createPermission(NEW.uuid, 'DELETE'), rbac.globalAdmin()); call rbac.leaveTriggerForObjectUuid(NEW.uuid); end; $$; @@ -114,7 +114,7 @@ do language plpgsql $$ LOOP call grantPermissionToRole( rbac.createPermission(row.uuid, 'INSERT', 'hs_booking_item'), - globalADMIN()); + rbac.globalAdmin()); END LOOP; end; $$; @@ -130,7 +130,7 @@ begin -- unconditional for all rows in that table call grantPermissionToRole( rbac.createPermission(NEW.uuid, 'INSERT', 'hs_booking_item'), - globalADMIN()); + rbac.globalAdmin()); -- end. return NEW; end; $$; diff --git a/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7013-hs-hosting-asset-rbac.sql b/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7013-hs-hosting-asset-rbac.sql index a699bdc1..6d37d828 100644 --- a/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7013-hs-hosting-asset-rbac.sql +++ b/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7013-hs-hosting-asset-rbac.sql @@ -50,7 +50,7 @@ begin hsHostingAssetOWNER(NEW), permissions => array['DELETE'], incomingSuperRoles => array[ - globalADMIN(rbac.unassumed()), + rbac.globalADMIN(rbac.unassumed()), hsBookingItemADMIN(newBookingItem), hsHostingAssetADMIN(newParentAsset)], subjectUuids => array[rbac.currentSubjectUuid()] -- 2.39.5 From 0f5334d65f82befd3889438ebcd1cf78936669b7 Mon Sep 17 00:00:00 2001 From: Michael Hoennig Date: Sat, 14 Sep 2024 10:34:11 +0200 Subject: [PATCH 39/57] most remaining from base+rbac --- ...2022-07-18.row-level-security-mechanism.md | 4 +- doc/rbac-performance-analysis.md | 14 ++--- doc/rbac.md | 6 +- sql/rbac-tests.sql | 16 ++--- sql/rbac-view-option-experiments.sql | 4 +- .../hs/booking/project/HsBookingProject.java | 2 +- .../project/HsBookingProjectRbacEntity.java | 2 +- .../rbac/rbacdef/InsertTriggerGenerator.java | 10 ++-- .../RolesGrantsAndPermissionsGenerator.java | 10 ++-- .../db/changelog/0-base/010-context.sql | 20 +++---- .../db/changelog/0-base/020-audit-log.sql | 18 +++--- .../db/changelog/0-base/030-historization.sql | 6 +- .../db/changelog/1-rbac/1050-rbac-base.sql | 58 +++++++++---------- .../1-rbac/1051-rbac-subject-grant.sql | 22 +++---- .../db/changelog/1-rbac/1054-rbac-context.sql | 12 ++-- .../db/changelog/1-rbac/1055-rbac-views.sql | 40 ++++++------- .../1-rbac/1057-rbac-role-builder.sql | 6 +- .../changelog/1-rbac/1058-rbac-generators.sql | 6 +- .../db/changelog/1-rbac/1080-rbac-global.sql | 4 +- .../2013-test-customer-rbac.sql | 6 +- .../2023-test-package-rbac.sql | 16 ++--- .../203-test-domain/2033-test-domain-rbac.sql | 20 +++---- .../5018-hs-office-contact-test-data.sql | 2 +- .../5028-hs-office-person-test-data.sql | 2 +- .../5033-hs-office-relation-rbac.sql | 18 +++--- .../5038-hs-office-relation-test-data.sql | 2 +- .../5043-hs-office-partner-rbac.sql | 42 +++++++------- .../5044-hs-office-partner-details-rbac.sql | 6 +- .../5048-hs-office-partner-test-data.sql | 2 +- .../5058-hs-office-bankaccount-test-data.sql | 2 +- .../5063-hs-office-debitor-rbac.sql | 22 +++---- .../5068-hs-office-debitor-test-data.sql | 2 +- .../5073-hs-office-sepamandate-rbac.sql | 8 +-- .../5103-hs-office-membership-rbac.sql | 6 +- .../5113-hs-office-coopshares-rbac.sql | 12 ++-- .../5123-hs-office-coopassets-rbac.sql | 12 ++-- .../6203-hs-booking-project-rbac.sql | 12 ++-- .../6203-hs-booking-item-rbac.sql | 18 +++--- .../6303-hs-booking-item-rbac.sql | 18 +++--- 39 files changed, 244 insertions(+), 244 deletions(-) diff --git a/doc/adr/2022-07-18.row-level-security-mechanism.md b/doc/adr/2022-07-18.row-level-security-mechanism.md index e59c7f8a..aa3b17dc 100644 --- a/doc/adr/2022-07-18.row-level-security-mechanism.md +++ b/doc/adr/2022-07-18.row-level-security-mechanism.md @@ -74,7 +74,7 @@ For restricted DB-users, which are used by the backend, access to rows is filter FOR SELECT TO restricted USING ( - isPermissionGrantedToSubject(findEffectivePermissionId('customer', id, 'view'), currentSubjectUuid()) + rbac.isPermissionGrantedToSubject(rbac.findEffectivePermissionId('customer', id, 'view'), currentSubjectUuid()) ); SET SESSION AUTHORIZATION restricted; @@ -101,7 +101,7 @@ We are bound to PostgreSQL, including integration tests and testing the RBAC sys CREATE OR REPLACE RULE "_RETURN" AS ON SELECT TO cust_view DO INSTEAD - SELECT * FROM customer WHERE isPermissionGrantedToSubject(findEffectivePermissionId('customer', id, 'view'), currentSubjectUuid()); + SELECT * FROM customer WHERE rbac.isPermissionGrantedToSubject(rbac.findEffectivePermissionId('customer', id, 'view'), currentSubjectUuid()); SET SESSION AUTHORIZATION restricted; SET hsadminng.currentSubject TO 'alex@example.com'; diff --git a/doc/rbac-performance-analysis.md b/doc/rbac-performance-analysis.md index 10ec6593..6cfcdf47 100644 --- a/doc/rbac-performance-analysis.md +++ b/doc/rbac-performance-analysis.md @@ -239,7 +239,7 @@ This did not improve the performance. We were suspicious about the sequential scan over all `rbacpermission` rows which was done by PostgreSQL to execute a HashJoin strategy. Turning off that strategy by ```SQL -ALTER FUNCTION queryAccessibleObjectUuidsOfSubjectIds SET enable_hashjoin = off; +ALTER FUNCTION rbac.queryAccessibleObjectUuidsOfSubjectIds SET enable_hashjoin = off; ``` did not improve the performance though. The HashJoin was actually still applied, but no full table scan anymore: @@ -273,9 +273,9 @@ At this point, the import took 21mins with these statistics: | select hore1_0.uuid,a1_0.uuid,a1_0.familyname,a1_0.givenname,a1_0.persontype,a1_0.salutation,a1_0.title,a1_0.tradename,a1_0.version,c1_0.uuid,c1_0.caption,c1_0.emailaddresses,c1_0.phonenumbers,c1_0.postaladdress, c1_0.version,h1_0.uuid,h1_0.familyname,h1_0.givenname,h1_0.persontype,h1_0.salutation,h1_0.title,h1_0.tradename,h1_0.version,hore1_0.mark,hore1_0.type,hore1_0.version from public.hs_office_relation_rv hore1_0 left join public.hs_office_person_rv a1_0 on a1_0.uuid=hore1_0.anchoruuid left join public.hs_office_contact_rv c1_0 on c1_0.uuid=hore1_0.contactuuid left join public.hs_office_person_rv h1_0 on h1_0.uuid=hore1_0.holderuuid where hore1_0.uuid=$1 | 517 | 11 | 1282 | | select hope1_0.uuid,hope1_0.familyname,hope1_0.givenname,hope1_0.persontype,hope1_0.salutation,hope1_0.title,hope1_0.tradename,hope1_0.version from public.hs_office_person_rv hope1_0 where hope1_0.uuid=$1 | 973 | 4 | 254 | | select hoce1_0.uuid,hoce1_0.caption,hoce1_0.emailaddresses,hoce1_0.phonenumbers,hoce1_0.postaladdress,hoce1_0.version from public.hs_office_contact_rv hoce1_0 where hoce1_0.uuid=$1 | 973 | 4 | 253 | -| call grantRoleToRole(roleUuid, superRoleUuid, superRoleDesc.assumed) | 31316 | 0 | 1 | +| call rbac.grantRoleToRole(roleUuid, superRoleUuid, superRoleDesc.assumed) | 31316 | 0 | 1 | | call buildRbacSystemForHsHostingAsset(NEW) | 2258 | 0 | 7 | -| select * from isGranted(array[granteeId], grantedId) | 44613 | 0 | 0 | +| select * from rbac.isGranted(array[granteeId], grantedId) | 44613 | 0 | 0 | | insert into public.hs_hosting_asset_rv (alarmcontactuuid,assignedtoassetuuid,bookingitemuuid,caption,config,identifier,parentassetuuid,type,version,uuid) values ($1,$2,$3,$4,$5,$6,$7,$8,$9,$10) | 2207 | 0 | 7 | | insert into hs_hosting_asset (alarmcontactuuid, version, bookingitemuuid, type, parentassetuuid, assignedtoassetuuid, config, uuid, identifier, caption) values (new.alarmcontactuuid, new. version, new. bookingitemuuid, new. type, new. parentassetuuid, new. assignedtoassetuuid, new. config, new. uuid, new. identifier, new. caption) returning * | 2207 | 0 | 7 | | insert into public.hs_office_relation_rv (anchoruuid,contactuuid,holderuuid,mark,type,version,uuid) values ($1,$2,$3,$4,$5,$6,$7) | 1261 | 0 | 9 | @@ -297,8 +297,8 @@ We changed these mappings from `EAGER` (default) to `LAZY` to `@ManyToOne(fetch | select hope1_0.uuid,hope1_0.familyname,hope1_0.givenname,hope1_0.persontype,hope1_0.salutation,hope1_0.title,hope1_0.tradename,hope1_0.version from public.hs_office_person_rv hope1_0 where hope1_0.uuid=$1 | 1015 | 4 | 238 | | select hore1_0.uuid,hore1_0.anchoruuid,hore1_0.contactuuid,hore1_0.holderuuid,hore1_0.mark,hore1_0.type,hore1_0.version from public.hs_office_relation_rv hore1_0 where hore1_0.uuid=$1 | 517 | 4 | 439 | | select hoce1_0.uuid,hoce1_0.caption,hoce1_0.emailaddresses,hoce1_0.phonenumbers,hoce1_0.postaladdress,hoce1_0.version from public.hs_office_contact_rv hoce1_0 where hoce1_0.uuid=$1 | 497 | 2 | 213 | -| call grantRoleToRole(roleUuid, superRoleUuid, superRoleDesc.assumed) | 31316 | 0 | 1 | -| select * from isGranted(array[granteeId], grantedId) | 44613 | 0 | 0 | +| call rbac.grantRoleToRole(roleUuid, superRoleUuid, superRoleDesc.assumed) | 31316 | 0 | 1 | +| select * from rbac.isGranted(array[granteeId], grantedId) | 44613 | 0 | 0 | | call buildRbacSystemForHsHostingAsset(NEW) | 2258 | 0 | 7 | | insert into public.hs_hosting_asset_rv (alarmcontactuuid,assignedtoassetuuid,bookingitemuuid,caption,config,identifier,parentassetuuid,type,version,uuid) values ($1,$2,$3,$4,$5,$6,$7,$8,$9,$10) | 2207 | 0 | 7 | | insert into hs_hosting_asset (alarmcontactuuid, version, bookingitemuuid, type, parentassetuuid, assignedtoassetuuid, config, uuid, identifier, caption) values (new.alarmcontactuuid, new. version, new. bookingitemuuid, new. type, new. parentassetuuid, new. assignedtoassetuuid, new. config, new. uuid, new. identifier, new. caption) returning * | 2207 | 0 | 7 | @@ -333,8 +333,8 @@ Now, the longest running queries are these: | 1 | 13.093 | 4 | 21 | insert into hs_hosting_asset( uuid, type, bookingitemuuid, parentassetuuid, assignedtoassetuuid, alarmcontactuuid, identifier, caption, config, version) values ( $1, $2, $3, $4, $5, $6, $7, $8, cast($9 as jsonb), $10) | | 2 | 517 | 4 | 502 | select hore1_0.uuid,hore1_0.anchoruuid,hore1_0.contactuuid,hore1_0.holderuuid,hore1_0.mark,hore1_0.type,hore1_0.version from public.hs_office_relation_rv hore1_0 where hore1_0.uuid=$1 | | 3 | 13.144 | 4 | 21 | call buildRbacSystemForHsHostingAsset(NEW) | -| 4 | 96.632 | 3 | 2 | call grantRoleToRole(roleUuid, superRoleUuid, superRoleDesc.assumed) | -| 5 | 120.815 | 3 | 2 | select * from isGranted(array[granteeId], grantedId) | +| 4 | 96.632 | 3 | 2 | call rbac.grantRoleToRole(roleUuid, superRoleUuid, superRoleDesc.assumed) | +| 5 | 120.815 | 3 | 2 | select * from rbac.isGranted(array[granteeId], grantedId) | | 6 | 123.740 | 3 | 2 | with recursive grants as ( select descendantUuid, ascendantUuid from RbacGrants where descendantUuid = grantedId union all select "grant".descendantUuid, "grant".ascendantUuid from RbacGrants "grant" inner join grants recur on recur.ascendantUuid = "grant".descendantUuid ) select exists ( select $3 from grants where ascendantUuid = any(granteeIds) ) or grantedId = any(granteeIds) | | 7 | 497 | 2 | 259 | select hoce1_0.uuid,hoce1_0.caption,hoce1_0.emailaddresses,hoce1_0.phonenumbers,hoce1_0.postaladdress,hoce1_0.version from public.hs_office_contact_rv hoce1_0 where hoce1_0.uuid=$1 | | 8 | 497 | 2 | 255 | select hope1_0.uuid,hope1_0.familyname,hope1_0.givenname,hope1_0.persontype,hope1_0.salutation,hope1_0.title,hope1_0.tradename,hope1_0.version from public.hs_office_person_rv hope1_0 where hope1_0.uuid=$1 | diff --git a/doc/rbac.md b/doc/rbac.md index d98669ba..325e2841 100644 --- a/doc/rbac.md +++ b/doc/rbac.md @@ -605,7 +605,7 @@ Find the SQL script here: `28-hs-tests.sql`. We have tested two variants of the query for the restricted view, both utilizing a PostgreSQL function like this: - FUNCTION queryAccessibleObjectUuidsOfSubjectIds( + FUNCTION rbac.queryAccessibleObjectUuidsOfSubjectIds( requiredOp rbac.RbacOp, forObjectTable varchar, subjectIds uuid[], @@ -623,7 +623,7 @@ Let's have a look at the two view queries: FROM customer AS target WHERE target.uuid IN ( SELECT uuid - FROM queryAccessibleObjectUuidsOfSubjectIds( + FROM rbac.queryAccessibleObjectUuidsOfSubjectIds( 'SELECT, 'customer', currentSubjectOrAssumedRolesUuids())); This view should be automatically updatable. @@ -641,7 +641,7 @@ Looks like the query optimizer needed some statistics to find the best path. CREATE OR REPLACE VIEW customer_rv AS SELECT DISTINCT target.* FROM customer AS target - JOIN queryAccessibleObjectUuidsOfSubjectIds( + JOIN rbac.queryAccessibleObjectUuidsOfSubjectIds( 'SELECT, 'customer', currentSubjectOrAssumedRolesUuids()) AS allowedObjId ON target.uuid = allowedObjId; diff --git a/sql/rbac-tests.sql b/sql/rbac-tests.sql index e04b2177..06ab6f13 100644 --- a/sql/rbac-tests.sql +++ b/sql/rbac-tests.sql @@ -3,10 +3,10 @@ -- -------------------------------------------------------- -select isGranted(findRoleId('administrators'), findRoleId('test_package#aaa00:OWNER')); -select isGranted(findRoleId('test_package#aaa00:OWNER'), findRoleId('administrators')); --- call grantRoleToRole(findRoleId('test_package#aaa00:OWNER'), findRoleId('administrators')); --- call grantRoleToRole(findRoleId('administrators'), findRoleId('test_package#aaa00:OWNER')); +select rbac.isGranted(findRoleId('administrators'), findRoleId('test_package#aaa00:OWNER')); +select rbac.isGranted(findRoleId('test_package#aaa00:OWNER'), findRoleId('administrators')); +-- call rbac.grantRoleToRole(findRoleId('test_package#aaa00:OWNER'), findRoleId('administrators')); +-- call rbac.grantRoleToRole(findRoleId('administrators'), findRoleId('test_package#aaa00:OWNER')); select count(*) FROM queryAllPermissionsOfSubjectIdForObjectUuids(findRbacSubject('superuser-fran@hostsharing.net'), @@ -19,11 +19,11 @@ select * FROM queryAllPermissionsOfSubjectId(findRbacSubject('rosa@example.com')); select * -FROM queryAllRbacSubjectsWithPermissionsFor(findEffectivePermissionId('customer', +FROM rbac.queryAllRbacSubjectsWithPermissionsFor(rbac.findEffectivePermissionId('customer', (SELECT uuid FROM RbacObject WHERE objectTable = 'customer' LIMIT 1), 'add-package')); select * -FROM queryAllRbacSubjectsWithPermissionsFor(findEffectivePermissionId('package', +FROM rbac.queryAllRbacSubjectsWithPermissionsFor(rbac.findEffectivePermissionId('package', (SELECT uuid FROM RbacObject WHERE objectTable = 'package' LIMIT 1), 'DELETE')); @@ -34,12 +34,12 @@ $$ result bool; BEGIN userId = findRbacSubject('superuser-alex@hostsharing.net'); - result = (SELECT * FROM isPermissionGrantedToSubject(findPermissionId('package', 94928, 'add-package'), userId)); + result = (SELECT * FROM rbac.isPermissionGrantedToSubject(rbac.findPermissionId('package', 94928, 'add-package'), userId)); IF (result) THEN RAISE EXCEPTION 'expected permission NOT to be granted, but it is'; end if; - result = (SELECT * FROM isPermissionGrantedToSubject(findPermissionId('package', 94928, 'SELECT'), userId)); + result = (SELECT * FROM rbac.isPermissionGrantedToSubject(rbac.findPermissionId('package', 94928, 'SELECT'), userId)); IF (NOT result) THEN RAISE EXCEPTION 'expected permission to be granted, but it is NOT'; end if; diff --git a/sql/rbac-view-option-experiments.sql b/sql/rbac-view-option-experiments.sql index be38d3a4..6a7373c9 100644 --- a/sql/rbac-view-option-experiments.sql +++ b/sql/rbac-view-option-experiments.sql @@ -20,7 +20,7 @@ CREATE POLICY customer_policy ON customer TO restricted USING ( -- id=1000 - isPermissionGrantedToSubject(findEffectivePermissionId('test_customer', id, 'SELECT'), rbac.currentSubjectUuid()) + rbac.isPermissionGrantedToSubject(rbac.findEffectivePermissionId('test_customer', id, 'SELECT'), rbac.currentSubjectUuid()) ); SET SESSION AUTHORIZATION restricted; @@ -35,7 +35,7 @@ SELECT * FROM customer; CREATE OR REPLACE RULE "_RETURN" AS ON SELECT TO cust_view DO INSTEAD - SELECT * FROM customer WHERE isPermissionGrantedToSubject(findEffectivePermissionId('test_customer', id, 'SELECT'), rbac.currentSubjectUuid()); + SELECT * FROM customer WHERE rbac.isPermissionGrantedToSubject(rbac.findEffectivePermissionId('test_customer', id, 'SELECT'), rbac.currentSubjectUuid()); SELECT * from cust_view LIMIT 10; select queryAllPermissionsOfSubjectId(findRbacSubject('superuser-alex@hostsharing.net')); diff --git a/src/main/java/net/hostsharing/hsadminng/hs/booking/project/HsBookingProject.java b/src/main/java/net/hostsharing/hsadminng/hs/booking/project/HsBookingProject.java index 3197503d..6ca163a3 100644 --- a/src/main/java/net/hostsharing/hsadminng/hs/booking/project/HsBookingProject.java +++ b/src/main/java/net/hostsharing/hsadminng/hs/booking/project/HsBookingProject.java @@ -69,7 +69,7 @@ public abstract class HsBookingProject implements Stringifyable, BaseEntity throw new IllegalArgumentException("unexpected grant"); - case ROLE_TO_ROLE -> "call revokeRoleFromRole(${subRoleRef}, ${superRoleRef});" + case ROLE_TO_ROLE -> "call rbac.revokeRoleFromRole(${subRoleRef}, ${superRoleRef});" .replace("${subRoleRef}", roleRef(OLD, grantDef.getSubRoleDef())) .replace("${superRoleRef}", roleRef(OLD, grantDef.getSuperRoleDef())); case PERM_TO_ROLE -> "call rbac.revokePermissionFromRole(${permRef}, ${superRoleRef});" @@ -321,13 +321,13 @@ class RolesGrantsAndPermissionsGenerator { private String generateGrant(RbacGrantDefinition grantDef) { final var grantSql = switch (grantDef.grantType()) { case ROLE_TO_USER -> throw new IllegalArgumentException("unexpected grant"); - case ROLE_TO_ROLE -> "call grantRoleToRole(${subRoleRef}, ${superRoleRef}${assumed});" + case ROLE_TO_ROLE -> "call rbac.grantRoleToRole(${subRoleRef}, ${superRoleRef}${assumed});" .replace("${assumed}", grantDef.isAssumed() ? "" : ", unassumed()") .replace("${subRoleRef}", roleRef(NEW, grantDef.getSubRoleDef())) .replace("${superRoleRef}", roleRef(NEW, grantDef.getSuperRoleDef())); case PERM_TO_ROLE -> grantDef.getPermDef().getPermission() == INSERT ? "" - : "call grantPermissionToRole(${permRef}, ${superRoleRef});" + : "call rbac.grantPermissionToRole(${permRef}, ${superRoleRef});" .replace("${permRef}", createPerm(NEW, grantDef.getPermDef())) .replace("${superRoleRef}", roleRef(NEW, grantDef.getSuperRoleDef())); }; @@ -335,11 +335,11 @@ class RolesGrantsAndPermissionsGenerator { } private String findPerm(final PostgresTriggerReference ref, final RbacPermissionDefinition permDef) { - return permRef("findPermissionId", ref, permDef); + return permRef("rbac.findPermissionId", ref, permDef); } private String getPerm(final PostgresTriggerReference ref, final RbacPermissionDefinition permDef) { - return permRef("getPermissionId", ref, permDef); + return permRef("rbac.getPermissionId", ref, permDef); } private String createPerm(final PostgresTriggerReference ref, final RbacPermissionDefinition permDef) { diff --git a/src/main/resources/db/changelog/0-base/010-context.sql b/src/main/resources/db/changelog/0-base/010-context.sql index 543fb0f3..791381ac 100644 --- a/src/main/resources/db/changelog/0-base/010-context.sql +++ b/src/main/resources/db/changelog/0-base/010-context.sql @@ -142,7 +142,7 @@ begin return string_to_array(current_setting('hsadminng.assumedRoles', true), ';'); end; $$; -create or replace function cleanIdentifier(rawIdentifier varchar) +create or replace function base.cleanIdentifier(rawIdentifier varchar) returns varchar returns null on null input language plpgsql as $$ @@ -153,21 +153,21 @@ begin return cleanIdentifier; end; $$; -create or replace function pureIdentifier(rawIdentifier varchar) +create or replace function base.pureIdentifier(rawIdentifier varchar) returns varchar returns null on null input language plpgsql as $$ declare cleanIdentifier varchar; begin - cleanIdentifier := cleanIdentifier(rawIdentifier); + cleanIdentifier := base.cleanIdentifier(rawIdentifier); if cleanIdentifier != rawIdentifier then raise exception 'identifier "%" contains invalid characters, maybe use "%"', rawIdentifier, cleanIdentifier; end if; return cleanIdentifier; end; $$; -create or replace function findObjectUuidByIdName(objectTable varchar, objectIdName varchar) +create or replace function base.findObjectUuidByIdName(objectTable varchar, objectIdName varchar) returns uuid returns null on null input language plpgsql as $$ @@ -175,8 +175,8 @@ declare sql varchar; uuid uuid; begin - objectTable := pureIdentifier(objectTable); - objectIdName := pureIdentifier(objectIdName); + objectTable := base.pureIdentifier(objectTable); + objectIdName := base.pureIdentifier(objectIdName); sql := format('select * from %sUuidByIdName(%L);', objectTable, objectIdName); begin execute sql into uuid; @@ -187,7 +187,7 @@ begin return uuid; end ; $$; -create or replace function findIdNameByObjectUuid(objectTable varchar, objectUuid uuid) +create or replace function base.findIdNameByObjectUuid(objectTable varchar, objectUuid uuid) returns varchar returns null on null input language plpgsql as $$ @@ -195,7 +195,7 @@ declare sql varchar; idName varchar; begin - objectTable := pureIdentifier(objectTable); + objectTable := base.pureIdentifier(objectTable); sql := format('select * from %sIdNameByUuid(%L::uuid);', objectTable, objectUuid); begin execute sql into idName; @@ -206,7 +206,7 @@ begin return idName; end ; $$; -create or replace function currentSubjects() +create or replace function base.currentSubjects() returns varchar(1023)[] stable -- leakproof language plpgsql as $$ @@ -221,7 +221,7 @@ begin end if; end; $$; -create or replace function hasAssumedRole() +create or replace function base.hasAssumedRole() returns boolean stable -- leakproof language plpgsql as $$ diff --git a/src/main/resources/db/changelog/0-base/020-audit-log.sql b/src/main/resources/db/changelog/0-base/020-audit-log.sql index b9ae83ec..131660c6 100644 --- a/src/main/resources/db/changelog/0-base/020-audit-log.sql +++ b/src/main/resources/db/changelog/0-base/020-audit-log.sql @@ -8,8 +8,8 @@ */ do $$ begin - if not exists(select 1 from pg_type where typname = 'operation') then - create type "operation" as enum ('INSERT', 'UPDATE', 'DELETE', 'TRUNCATE'); + if not exists(select 1 from pg_type where typname = 'base.tx_operation') then + create type base.tx_operation as enum ('INSERT', 'UPDATE', 'DELETE', 'TRUNCATE'); end if; --more types here... end $$; @@ -42,10 +42,10 @@ create index on base.tx_context using brin (txTimestamp); */ create table base.tx_journal ( - txId xid8 not null references base.tx_context (txId), - targetTable text not null, - targetUuid uuid not null, -- Assumes that all audited tables have a uuid column. - targetOp operation not null, + txId xid8 not null references base.tx_context (txId), + targetTable text not null, + targetUuid uuid not null, -- Assumes that all audited tables have a uuid column. + targetOp base.tx_operation not null, targetDelta jsonb ); @@ -91,17 +91,17 @@ begin when 'INSERT' then insert into base.tx_journal values (curTxId, - tg_table_name, new.uuid, tg_op::operation, + tg_table_name, new.uuid, tg_op::base.tx_operation, to_jsonb(new)); when 'UPDATE' then insert into base.tx_journal values (curTxId, - tg_table_name, old.uuid, tg_op::operation, + tg_table_name, old.uuid, tg_op::base.tx_operation, base.jsonb_changes_delta(to_jsonb(old), to_jsonb(new))); when 'DELETE' then insert into base.tx_journal values (curTxId, - tg_table_name, old.uuid, 'DELETE'::operation, + tg_table_name, old.uuid, 'DELETE'::base.tx_operation, null::jsonb); else raise exception 'Trigger op % not supported for %.', tg_op, tg_table_name; end case; diff --git a/src/main/resources/db/changelog/0-base/030-historization.sql b/src/main/resources/db/changelog/0-base/030-historization.sql index 756814b0..6866c15b 100644 --- a/src/main/resources/db/changelog/0-base/030-historization.sql +++ b/src/main/resources/db/changelog/0-base/030-historization.sql @@ -40,9 +40,9 @@ end; $$; --changeset hs-global-historization-tx-historicize-tf:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -create type base.tx_operation as enum ('INSERT', 'UPDATE', 'DELETE', 'TRUNCATE'); +-- create type base.tx_operation as enum ('INSERT', 'UPDATE', 'DELETE', 'TRUNCATE'); -create or replace function tx_historicize_tf() +create or replace function base.tx_historicize_tf() returns trigger language plpgsql strict as $$ @@ -153,7 +153,7 @@ begin -- "-9-" to put the trigger execution after any alphabetically lesser tx-triggers createTriggerSQL = 'CREATE TRIGGER tx_9_historicize_tg' || ' AFTER INSERT OR DELETE OR UPDATE ON ' || baseTable || - ' FOR EACH ROW EXECUTE PROCEDURE tx_historicize_tf()'; + ' FOR EACH ROW EXECUTE PROCEDURE base.tx_historicize_tf()'; raise notice 'sql: %', createTriggerSQL; execute createTriggerSQL; diff --git a/src/main/resources/db/changelog/1-rbac/1050-rbac-base.sql b/src/main/resources/db/changelog/1-rbac/1050-rbac-base.sql index 3e894841..6ecca849 100644 --- a/src/main/resources/db/changelog/1-rbac/1050-rbac-base.sql +++ b/src/main/resources/db/changelog/1-rbac/1050-rbac-base.sql @@ -262,7 +262,7 @@ begin objectTableFromRoleIdName = split_part(roleParts, '#', 1); objectNameFromRoleIdName = split_part(roleParts, '#', 2); roleTypeFromRoleIdName = split_part(roleParts, '#', 3); - objectUuidOfRole = findObjectUuidByIdName(objectTableFromRoleIdName, objectNameFromRoleIdName); + objectUuidOfRole = base.findObjectUuidByIdName(objectTableFromRoleIdName, objectNameFromRoleIdName); select uuid from rbac.role @@ -424,7 +424,7 @@ begin return permissionUuid; end; $$; -create or replace function findEffectivePermissionId(forObjectUuid uuid, forOp rbac.RbacOp, forOpTableName text = null) +create or replace function rbac.findEffectivePermissionId(forObjectUuid uuid, forOp rbac.RbacOp, forOpTableName text = null) returns uuid returns null on null input stable -- leakproof @@ -436,7 +436,7 @@ select uuid and p.opTableName = forOpTableName $$; -create or replace function findPermissionId(forObjectUuid uuid, forOp rbac.RbacOp, forOpTableName text = null) +create or replace function rbac.findPermissionId(forObjectUuid uuid, forOp rbac.RbacOp, forOpTableName text = null) returns uuid returns null on null input stable -- leakproof @@ -448,7 +448,7 @@ select uuid and p.opTableName = forOpTableName $$; -create or replace function getPermissionId(forObjectUuid uuid, forOp rbac.RbacOp, forOpTableName text = null) +create or replace function rbac.getPermissionId(forObjectUuid uuid, forOp rbac.RbacOp, forOpTableName text = null) returns uuid stable -- leakproof language plpgsql as $$ @@ -471,7 +471,7 @@ end; $$; --changeset rbac-base-duplicate-role-grant-exception:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -create or replace procedure raiseDuplicateRoleGrantException(subRoleId uuid, superRoleId uuid) +create or replace procedure rbac.raiseDuplicateRoleGrantException(subRoleId uuid, superRoleId uuid) language plpgsql as $$ declare subRoleIdName text; @@ -505,7 +505,7 @@ create index on rbac.grants (ascendantUuid); create index on rbac.grants (descendantUuid); call base.create_journal('rbac.grants'); -create or replace function findGrantees(grantedId uuid) +create or replace function rbac.findGrantees(grantedId uuid) returns setof rbac.reference returns null on null input language sql as $$ @@ -523,7 +523,7 @@ select ref.* join rbac.reference ref on ref.uuid = grants.ascendantUuid; $$; -create or replace function isGranted(granteeIds uuid[], grantedId uuid) +create or replace function rbac.isGranted(granteeIds uuid[], grantedId uuid) returns bool returns null on null input language sql as $$ @@ -543,13 +543,13 @@ select exists ( ) or grantedId = any(granteeIds); $$; -create or replace function isGranted(granteeId uuid, grantedId uuid) +create or replace function rbac.isGranted(granteeId uuid, grantedId uuid) returns bool returns null on null input language sql as $$ -select * from isGranted(array[granteeId], grantedId); +select * from rbac.isGranted(array[granteeId], grantedId); $$; -create or replace function isPermissionGrantedToSubject(permissionId uuid, subjectId uuid) +create or replace function rbac.isPermissionGrantedToSubject(permissionId uuid, subjectId uuid) returns BOOL stable -- leakproof language sql as $$ @@ -569,19 +569,19 @@ select exists( ); $$; -create or replace function hasInsertPermission(objectUuid uuid, tableName text ) +create or replace function rbac.hasInsertPermission(objectUuid uuid, tableName text ) returns BOOL stable -- leakproof language plpgsql as $$ declare permissionUuid uuid; begin - permissionUuid = findPermissionId(objectUuid, 'INSERT'::rbac.RbacOp, tableName); + permissionUuid = rbac.findPermissionId(objectUuid, 'INSERT'::rbac.RbacOp, tableName); return permissionUuid is not null; end; $$; -create or replace function hasGlobalRoleGranted(forAscendantUuid uuid) +create or replace function rbac.hasGlobalRoleGranted(forAscendantUuid uuid) returns bool stable -- leakproof language sql as $$ @@ -595,7 +595,7 @@ select exists( ); $$; -create or replace procedure grantPermissionToRole(permissionUuid uuid, roleUuid uuid) +create or replace procedure rbac.grantPermissionToRole(permissionUuid uuid, roleUuid uuid) language plpgsql as $$ begin perform rbac.assertReferenceType('roleId (ascendant)', roleUuid, 'rbac.role'); @@ -608,21 +608,21 @@ begin end; $$; -create or replace procedure grantPermissionToRole(permissionUuid uuid, roleDesc rbac.RoleDescriptor) +create or replace procedure rbac.grantPermissionToRole(permissionUuid uuid, roleDesc rbac.RoleDescriptor) language plpgsql as $$ begin - call grantPermissionToRole(permissionUuid, rbac.findRoleId(roleDesc)); + call rbac.grantPermissionToRole(permissionUuid, rbac.findRoleId(roleDesc)); end; $$; -create or replace procedure grantRoleToRole(subRoleId uuid, superRoleId uuid, doAssume bool = true) +create or replace procedure rbac.grantRoleToRole(subRoleId uuid, superRoleId uuid, doAssume bool = true) language plpgsql as $$ begin perform rbac.assertReferenceType('superRoleId (ascendant)', superRoleId, 'rbac.role'); perform rbac.assertReferenceType('subRoleId (descendant)', subRoleId, 'rbac.role'); - if isGranted(subRoleId, superRoleId) then - call raiseDuplicateRoleGrantException(subRoleId, superRoleId); + if rbac.isGranted(subRoleId, superRoleId) then + call rbac.raiseDuplicateRoleGrantException(subRoleId, superRoleId); end if; insert @@ -632,13 +632,13 @@ begin end; $$; -create or replace procedure grantRoleToRole(subRole rbac.RoleDescriptor, superRole rbac.RoleDescriptor, doAssume bool = true) +create or replace procedure rbac.grantRoleToRole(subRole rbac.RoleDescriptor, superRole rbac.RoleDescriptor, doAssume bool = true) language plpgsql as $$ declare superRoleId uuid; subRoleId uuid; begin - -- TODO.refa: maybe separate method grantRoleToRoleIfNotNull(...) for NULLABLE references + -- TODO.refa: maybe separate method rbac.grantRoleToRoleIfNotNull(...) for NULLABLE references if superRole.objectUuid is null or subRole.objectuuid is null then return; end if; @@ -649,8 +649,8 @@ begin perform rbac.assertReferenceType('superRoleId (ascendant)', superRoleId, 'rbac.role'); perform rbac.assertReferenceType('subRoleId (descendant)', subRoleId, 'rbac.role'); - if isGranted(subRoleId, superRoleId) then - call raiseDuplicateRoleGrantException(subRoleId, superRoleId); + if rbac.isGranted(subRoleId, superRoleId) then + call rbac.raiseDuplicateRoleGrantException(subRoleId, superRoleId); end if; insert @@ -659,7 +659,7 @@ begin on conflict do nothing; -- allow granting multiple times end; $$; -create or replace procedure revokeRoleFromRole(subRole rbac.RoleDescriptor, superRole rbac.RoleDescriptor) +create or replace procedure rbac.revokeRoleFromRole(subRole rbac.RoleDescriptor, superRole rbac.RoleDescriptor) language plpgsql as $$ declare superRoleId uuid; @@ -671,7 +671,7 @@ begin perform rbac.assertReferenceType('superRoleId (ascendant)', superRoleId, 'rbac.role'); perform rbac.assertReferenceType('subRoleId (descendant)', subRoleId, 'rbac.role'); - if (isGranted(superRoleId, subRoleId)) then + if (rbac.isGranted(superRoleId, subRoleId)) then delete from rbac.grants where ascendantUuid = superRoleId and descendantUuid = subRoleId; else raise exception 'cannot revoke role % (%) from % (%) because it is not granted', @@ -692,7 +692,7 @@ begin perform rbac.assertReferenceType('superRoleId (ascendant)', superRoleId, 'rbac.role'); perform rbac.assertReferenceType('permission (descendant)', permissionId, 'rbac.permission'); - if (isGranted(superRoleId, permissionId)) then + if (rbac.isGranted(superRoleId, permissionId)) then delete from rbac.grants where ascendantUuid = superRoleId and descendantUuid = permissionId; else select p.op, o.objectTable, o.uuid @@ -713,7 +713,7 @@ end; $$; /* */ -create or replace function queryAccessibleObjectUuidsOfSubjectIds( +create or replace function rbac.queryAccessibleObjectUuidsOfSubjectIds( requiredOp rbac.RbacOp, forObjectTable varchar, subjectIds uuid[], @@ -765,7 +765,7 @@ $$; /* Returns all permissions accessible to the given subject UUID (subject or role). */ -create or replace function queryPermissionsGrantedToSubjectId(subjectId uuid) +create or replace function rbac.queryPermissionsGrantedToSubjectId(subjectId uuid) returns setof rbac.permission strict language sql as $$ @@ -795,7 +795,7 @@ $$; Returns all subject UUIDs which have any permission for the given object UUID. */ -create or replace function queryAllRbacSubjectsWithPermissionsFor(objectId uuid) +create or replace function rbac.queryAllRbacSubjectsWithPermissionsFor(objectId uuid) returns setof rbac.subject returns null on null input language sql as $$ diff --git a/src/main/resources/db/changelog/1-rbac/1051-rbac-subject-grant.sql b/src/main/resources/db/changelog/1-rbac/1051-rbac-subject-grant.sql index 10442bef..cb348008 100644 --- a/src/main/resources/db/changelog/1-rbac/1051-rbac-subject-grant.sql +++ b/src/main/resources/db/changelog/1-rbac/1051-rbac-subject-grant.sql @@ -48,12 +48,12 @@ begin assert grantedRoleUuid is not null, 'grantedRoleUuid must not be null'; assert subjectUuid is not null, 'subjectUuid must not be null'; - if NOT isGranted(rbac.currentSubjectOrAssumedRolesUuids(), grantedByRoleUuid) then + if NOT rbac.isGranted(rbac.currentSubjectOrAssumedRolesUuids(), grantedByRoleUuid) then select roleIdName from rbac.role_ev where uuid=grantedByRoleUuid into grantedByRoleIdName; raise exception '[403] Access to granted-by-role % (%) forbidden for % (%)', - grantedByRoleIdName, grantedByRoleUuid, currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); + grantedByRoleIdName, grantedByRoleUuid, rbac.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); end if; - if NOT isGranted(grantedByRoleUuid, grantedRoleUuid) then + if NOT rbac.isGranted(grantedByRoleUuid, grantedRoleUuid) then select roleIdName from rbac.role_ev where uuid=grantedByRoleUuid into grantedByRoleIdName; select roleIdName from rbac.role_ev where uuid=grantedRoleUuid into grantedRoleIdName; raise exception '[403] Access to granted role % (%) forbidden for % (%)', @@ -81,20 +81,20 @@ begin perform rbac.assertReferenceType('grantedRoleUuid (descendant)', grantedRoleUuid, 'rbac.role'); perform rbac.assertReferenceType('subjectUuid (ascendant)', subjectUuid, 'rbac.subject'); - if NOT isGranted(rbac.currentSubjectOrAssumedRolesUuids(), grantedByRoleUuid) then - raise exception '[403] Revoking role created by % is forbidden for %.', grantedByRoleUuid, currentSubjects(); + if NOT rbac.isGranted(rbac.currentSubjectOrAssumedRolesUuids(), grantedByRoleUuid) then + raise exception '[403] Revoking role created by % is forbidden for %.', grantedByRoleUuid, rbac.currentSubjects(); end if; - if NOT isGranted(grantedByRoleUuid, grantedRoleUuid) then - raise exception '[403] Revoking role % is forbidden for %.', grantedRoleUuid, currentSubjects(); + if NOT rbac.isGranted(grantedByRoleUuid, grantedRoleUuid) then + raise exception '[403] Revoking role % is forbidden for %.', grantedRoleUuid, rbac.currentSubjects(); end if; - --raise exception 'isGranted(%, %)', rbac.currentSubjectOrAssumedRolesUuids(), grantedByRoleUuid; - if NOT isGranted(rbac.currentSubjectOrAssumedRolesUuids(), grantedByRoleUuid) then - raise exception '[403] Revoking role granted by % is forbidden for %.', grantedByRoleUuid, currentSubjects(); + --raise exception 'rbac.isGranted(%, %)', rbac.currentSubjectOrAssumedRolesUuids(), grantedByRoleUuid; + if NOT rbac.isGranted(rbac.currentSubjectOrAssumedRolesUuids(), grantedByRoleUuid) then + raise exception '[403] Revoking role granted by % is forbidden for %.', grantedByRoleUuid, rbac.currentSubjects(); end if; - if NOT isGranted(subjectUuid, grantedRoleUuid) then + if NOT rbac.isGranted(subjectUuid, grantedRoleUuid) then raise exception '[404] No such grant found granted by % for subject % to role %.', grantedByRoleUuid, subjectUuid, grantedRoleUuid; end if; end; $$; diff --git a/src/main/resources/db/changelog/1-rbac/1054-rbac-context.sql b/src/main/resources/db/changelog/1-rbac/1054-rbac-context.sql index 812ce902..fc9141eb 100644 --- a/src/main/resources/db/changelog/1-rbac/1054-rbac-context.sql +++ b/src/main/resources/db/changelog/1-rbac/1054-rbac-context.sql @@ -5,7 +5,7 @@ --changeset rbac-context-DETERMINE:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -create or replace function determineCurrentSubjectUuid(currentSubject varchar) +create or replace function rbac.determineCurrentSubjectUuid(currentSubject varchar) returns uuid stable -- leakproof language plpgsql as $$ @@ -23,7 +23,7 @@ begin return currentSubjectUuid; end; $$; -create or replace function determineCurrentSubjectOrAssumedRolesUuids(currentSubjectOrAssumedRolesUuids uuid, assumedRoles varchar) +create or replace function rbac.determinecurrentsubjectorassumedrolesuuids(currentSubjectOrAssumedRolesUuids uuid, assumedRoles varchar) returns uuid[] stable -- leakproof language plpgsql as $$ @@ -55,7 +55,7 @@ begin objectNameToAssume = split_part(roleNameParts, '#', 2); roleTypeToAssume = split_part(roleNameParts, '#', 3); - objectUuidToAssume = findObjectUuidByIdName(objectTableToAssume, objectNameToAssume); + objectUuidToAssume = base.findObjectUuidByIdName(objectTableToAssume, objectNameToAssume); if objectUuidToAssume is null then raise exception '[401] object % cannot be found in table % (from roleNameParts=%)', objectNameToAssume, objectTableToAssume, roleNameParts; end if; @@ -68,7 +68,7 @@ begin if roleUuidToAssume is null then raise exception '[403] role % does not exist or is not accessible for subject %', roleName, base.currentSubject(); end if; - if not isGranted(currentSubjectOrAssumedRolesUuids, roleUuidToAssume) then + if not rbac.isGranted(currentSubjectOrAssumedRolesUuids, roleUuidToAssume) then raise exception '[403] subject % has no permission to assume role %', base.currentSubject(), roleName; end if; roleIdsToAssume := roleIdsToAssume || roleUuidToAssume; @@ -99,12 +99,12 @@ begin execute format('set local hsadminng.currentRequest to %L', currentRequest); execute format('set local hsadminng.currentSubject to %L', currentSubject); - select determineCurrentSubjectUuid(currentSubject) into currentSubjectUuid; + select rbac.determineCurrentSubjectUuid(currentSubject) into currentSubjectUuid; execute format('set local hsadminng.currentSubjectUuid to %L', coalesce(currentSubjectUuid::text, '')); execute format('set local hsadminng.assumedRoles to %L', assumedRoles); execute format('set local hsadminng.currentSubjectOrAssumedRolesUuids to %L', - (select array_to_string(determineCurrentSubjectOrAssumedRolesUuids(currentSubjectUuid, assumedRoles), ';'))); + (select array_to_string(rbac.determinecurrentsubjectorassumedrolesuuids(currentSubjectUuid, assumedRoles), ';'))); raise notice 'Context defined as: %, %, %, [%]', currentTask, currentRequest, currentSubject, assumedRoles; end; $$; diff --git a/src/main/resources/db/changelog/1-rbac/1055-rbac-views.sql b/src/main/resources/db/changelog/1-rbac/1055-rbac-views.sql index 7243b3b2..4138d3e2 100644 --- a/src/main/resources/db/changelog/1-rbac/1055-rbac-views.sql +++ b/src/main/resources/db/changelog/1-rbac/1055-rbac-views.sql @@ -13,7 +13,7 @@ select (objectTable || '#' || objectIdName || ':' || roleType) as roleIdName, * -- @formatter:off from ( select r.*, - o.objectTable, findIdNameByObjectUuid(o.objectTable, o.uuid) as objectIdName + o.objectTable, base.findIdNameByObjectUuid(o.objectTable, o.uuid) as objectIdName from rbac.role as r join rbac.object as o on o.uuid = r.objectuuid ) as unordered @@ -34,10 +34,10 @@ select * -- @formatter:off from ( select r.*, o.objectTable, - findIdNameByObjectUuid(o.objectTable, o.uuid) as objectIdName + base.findIdNameByObjectUuid(o.objectTable, o.uuid) as objectIdName from rbac.role as r join rbac.object as o on o.uuid = r.objectuuid - where isGranted(rbac.currentSubjectOrAssumedRolesUuids(), r.uuid) + where rbac.isGranted(rbac.currentSubjectOrAssumedRolesUuids(), r.uuid) ) as unordered -- @formatter:on order by objectTable || '#' || objectIdName || ':' || roleType; @@ -57,7 +57,7 @@ create or replace view rbacgrants_ev as -- @formatter:off select x.grantUuid as uuid, x.grantedByTriggerOf as grantedByTriggerOf, - go.objectTable || '#' || findIdNameByObjectUuid(go.objectTable, go.uuid) || ':' || r.roletype as grantedByRoleIdName, + go.objectTable || '#' || base.findIdNameByObjectUuid(go.objectTable, go.uuid) || ':' || r.roletype as grantedByRoleIdName, x.ascendingIdName as ascendantIdName, x.descendingIdName as descendantIdName, x.grantedByRoleUuid, @@ -72,15 +72,15 @@ create or replace view rbacgrants_ev as coalesce( 'user:' || au.name, - 'role:' || aro.objectTable || '#' || findIdNameByObjectUuid(aro.objectTable, aro.uuid) || ':' || ar.roletype + 'role:' || aro.objectTable || '#' || base.findIdNameByObjectUuid(aro.objectTable, aro.uuid) || ':' || ar.roletype ) as ascendingIdName, aro.objectTable, aro.uuid, ( case when dro is not null - then ('role:' || dro.objectTable || '#' || findIdNameByObjectUuid(dro.objectTable, dro.uuid) || ':' || dr.roletype) + then ('role:' || dro.objectTable || '#' || base.findIdNameByObjectUuid(dro.objectTable, dro.uuid) || ':' || dr.roletype) when dp.op = 'INSERT' - then 'perm:' || dpo.objecttable || '#' || findIdNameByObjectUuid(dpo.objectTable, dpo.uuid) || ':' || dp.op || '>' || dp.opTableName - else 'perm:' || dpo.objecttable || '#' || findIdNameByObjectUuid(dpo.objectTable, dpo.uuid) || ':' || dp.op + then 'perm:' || dpo.objecttable || '#' || base.findIdNameByObjectUuid(dpo.objectTable, dpo.uuid) || ':' || dp.op || '>' || dp.opTableName + else 'perm:' || dpo.objecttable || '#' || base.findIdNameByObjectUuid(dpo.objectTable, dpo.uuid) || ':' || dp.op end ) as descendingIdName, dro.objectTable, dro.uuid, @@ -115,19 +115,19 @@ create or replace view rbacgrants_ev as drop view if exists rbacgrants_rv; create or replace view rbacgrants_rv as -- @formatter:off -select o.objectTable || '#' || findIdNameByObjectUuid(o.objectTable, o.uuid) || ':' || r.roletype as grantedByRoleIdName, +select o.objectTable || '#' || base.findIdNameByObjectUuid(o.objectTable, o.uuid) || ':' || r.roletype as grantedByRoleIdName, g.objectTable || '#' || g.objectIdName || ':' || g.roletype as grantedRoleIdName, g.userName, g.assumed, g.grantedByRoleUuid, g.descendantUuid as grantedRoleUuid, g.ascendantUuid as subjectUuid, g.objectTable, g.objectUuid, g.objectIdName, g.roleType as grantedRoleType from ( select g.grantedbyroleuuid, g.ascendantuuid, g.descendantuuid, g.assumed, u.name as userName, o.objecttable, r.objectuuid, r.roletype, - findIdNameByObjectUuid(o.objectTable, o.uuid) as objectIdName + base.findIdNameByObjectUuid(o.objectTable, o.uuid) as objectIdName from rbac.grants as g join rbac.role as r on r.uuid = g.descendantUuid join rbac.object o on o.uuid = r.objectuuid left outer join rbac.subject u on u.uuid = g.ascendantuuid - where isGranted(rbac.currentSubjectOrAssumedRolesUuids(), r.uuid) + where rbac.isGranted(rbac.currentSubjectOrAssumedRolesUuids(), r.uuid) ) as g join rbac.role as r on r.uuid = grantedByRoleUuid join rbac.object as o on o.uuid = r.objectUuid @@ -242,7 +242,7 @@ create or replace view rbac.subject_rv as select users.* from rbac.subject as users where cardinality(base.assumedRoles()) = 0 and - (rbac.currentSubjectUuid() = users.uuid or hasGlobalRoleGranted(rbac.currentSubjectUuid())) + (rbac.currentSubjectUuid() = users.uuid or rbac.hasGlobalRoleGranted(rbac.currentSubjectUuid())) ) as unordered -- @formatter:on @@ -295,11 +295,11 @@ execute function rbac.insert_subject_tf(); Checks if the current subject (user / assumed role) has the permission to delete the user. */ -create or replace function delete_subject_tf() +create or replace function rbac.delete_subject_tf() returns trigger language plpgsql as $$ begin - if rbac.currentSubjectUuid() = old.uuid or hasGlobalRoleGranted(rbac.currentSubjectUuid()) then + if rbac.currentSubjectUuid() = old.uuid or rbac.hasGlobalRoleGranted(rbac.currentSubjectUuid()) then delete from rbac.subject where uuid = old.uuid; return old; end if; @@ -313,7 +313,7 @@ create trigger delete_subject_tg instead of delete on rbac.subject_rv for each row -execute function delete_subject_tf(); +execute function rbac.delete_subject_tf(); --/ -- ============================================================================ @@ -353,7 +353,7 @@ begin -- @formatter:off currentSubjectUuid := rbac.currentSubjectUuid(); - if hasGlobalRoleGranted(targetSubjectUuid) and not hasGlobalRoleGranted(currentSubjectUuid) then + if rbac.hasGlobalRoleGranted(targetSubjectUuid) and not rbac.hasGlobalRoleGranted(currentSubjectUuid) then raise exception '[403] permissions of user "%" are not accessible to user "%"', targetSubjectUuid, base.currentSubject(); end if; @@ -364,17 +364,17 @@ begin xp.permissionObjectTable, xp.permissionObjectIdName, xp.permissionObjectUuid from (select r.uuid as roleUuid, r.roletype, ro.objectTable as roleObjectTable, - findIdNameByObjectUuid(ro.objectTable, ro.uuid) as roleObjectIdName, + base.findIdNameByObjectUuid(ro.objectTable, ro.uuid) as roleObjectIdName, p.uuid as permissionUuid, p.op, p.opTableName, po.objecttable as permissionObjectTable, - findIdNameByObjectUuid(po.objectTable, po.uuid) as permissionObjectIdName, + base.findIdNameByObjectUuid(po.objectTable, po.uuid) as permissionObjectIdName, po.uuid as permissionObjectUuid - from queryPermissionsGrantedToSubjectId( targetSubjectUuid) as p + from rbac.queryPermissionsGrantedToSubjectId( targetSubjectUuid) as p join rbac.grants as g on g.descendantUuid = p.uuid join rbac.object as po on po.uuid = p.objectUuid join rbac.role_rv as r on r.uuid = g.ascendantUuid join rbac.object as ro on ro.uuid = r.objectUuid - where isGranted(targetSubjectUuid, r.uuid) + where rbac.isGranted(targetSubjectUuid, r.uuid) ) xp; -- @formatter:on end; $$; diff --git a/src/main/resources/db/changelog/1-rbac/1057-rbac-role-builder.sql b/src/main/resources/db/changelog/1-rbac/1057-rbac-role-builder.sql index 7316e376..bb4cbd8e 100644 --- a/src/main/resources/db/changelog/1-rbac/1057-rbac-role-builder.sql +++ b/src/main/resources/db/changelog/1-rbac/1057-rbac-role-builder.sql @@ -33,19 +33,19 @@ begin foreach permission in array permissions loop permissionUuid := rbac.createPermission(roleDescriptor.objectuuid, permission); - call grantPermissionToRole(permissionUuid, roleUuid); + call rbac.grantPermissionToRole(permissionUuid, roleUuid); end loop; foreach superRoleDesc in array array_remove(incomingSuperRoles, null) loop superRoleUuid := rbac.getRoleId(superRoleDesc); - call grantRoleToRole(roleUuid, superRoleUuid, superRoleDesc.assumed); + call rbac.grantRoleToRole(roleUuid, superRoleUuid, superRoleDesc.assumed); end loop; foreach subRoleDesc in array array_remove(outgoingSubRoles, null) loop subRoleUuid := rbac.getRoleId(subRoleDesc); - call grantRoleToRole(subRoleUuid, roleUuid, subRoleDesc.assumed); + call rbac.grantRoleToRole(subRoleUuid, roleUuid, subRoleDesc.assumed); end loop; if cardinality(subjectUuids) > 0 then diff --git a/src/main/resources/db/changelog/1-rbac/1058-rbac-generators.sql b/src/main/resources/db/changelog/1-rbac/1058-rbac-generators.sql index 5f2c7122..728ee0bd 100644 --- a/src/main/resources/db/changelog/1-rbac/1058-rbac-generators.sql +++ b/src/main/resources/db/changelog/1-rbac/1058-rbac-generators.sql @@ -148,7 +148,7 @@ begin targettable := lower(targettable); sqlQuery = format($sql$ - select target.uuid, cleanIdentifier(%2$s) as idName + select target.uuid, base.cleanIdentifier(%2$s) as idName from %1$s as target; $sql$, targetTable, sqlProjection); call rbac.generateRbacIdentityViewFromQuery(targetTable, sqlQuery); @@ -256,7 +256,7 @@ begin returns trigger language plpgsql as $f$ begin - if old.uuid in (select queryAccessibleObjectUuidsOfSubjectIds('DELETE', '%1$s', rbac.currentSubjectOrAssumedRolesUuids())) then + if old.uuid in (select rbac.queryAccessibleObjectUuidsOfSubjectIds('DELETE', '%1$s', rbac.currentSubjectOrAssumedRolesUuids())) then delete from %1$s p where p.uuid = old.uuid; return old; end if; @@ -287,7 +287,7 @@ begin returns trigger language plpgsql as $f$ begin - if old.uuid in (select queryAccessibleObjectUuidsOfSubjectIds('UPDATE', '%1$s', rbac.currentSubjectOrAssumedRolesUuids())) then + if old.uuid in (select rbac.queryAccessibleObjectUuidsOfSubjectIds('UPDATE', '%1$s', rbac.currentSubjectOrAssumedRolesUuids())) then update %1$s set %2$s where uuid = old.uuid; diff --git a/src/main/resources/db/changelog/1-rbac/1080-rbac-global.sql b/src/main/resources/db/changelog/1-rbac/1080-rbac-global.sql index 9ffb4c52..9c6c1b36 100644 --- a/src/main/resources/db/changelog/1-rbac/1080-rbac-global.sql +++ b/src/main/resources/db/changelog/1-rbac/1080-rbac-global.sql @@ -30,7 +30,7 @@ create or replace function rbac.isGlobalAdmin() returns boolean language plpgsql as $$ begin - return isGranted(rbac.currentSubjectOrAssumedRolesUuids(), rbac.findRoleId(rbac.globalAdmin())); + return rbac.isGranted(rbac.currentSubjectOrAssumedRolesUuids(), rbac.findRoleId(rbac.globalAdmin())); end; $$; --// @@ -45,7 +45,7 @@ create or replace function rbac.hasGlobalPermission(op rbac.RbacOp) $$ -- TODO.perf: this could to be optimized select (select uuid from rbac.global) in - (select queryAccessibleObjectUuidsOfSubjectIds(op, 'rbac.global', rbac.currentSubjectOrAssumedRolesUuids())); + (select rbac.queryAccessibleObjectUuidsOfSubjectIds(op, 'rbac.global', rbac.currentSubjectOrAssumedRolesUuids())); $$; --// diff --git a/src/main/resources/db/changelog/2-test/201-test-customer/2013-test-customer-rbac.sql b/src/main/resources/db/changelog/2-test/201-test-customer/2013-test-customer-rbac.sql index 03524d3a..ef52b1ee 100644 --- a/src/main/resources/db/changelog/2-test/201-test-customer/2013-test-customer-rbac.sql +++ b/src/main/resources/db/changelog/2-test/201-test-customer/2013-test-customer-rbac.sql @@ -94,7 +94,7 @@ do language plpgsql $$ FOR row IN SELECT * FROM rbac.global -- unconditional for all rows in that table LOOP - call grantPermissionToRole( + call rbac.grantPermissionToRole( rbac.createPermission(row.uuid, 'INSERT', 'test_customer'), rbac.globalAdmin()); END LOOP; @@ -110,7 +110,7 @@ create or replace function new_test_customer_grants_insert_to_global_tf() strict as $$ begin -- unconditional for all rows in that table - call grantPermissionToRole( + call rbac.grantPermissionToRole( rbac.createPermission(NEW.uuid, 'INSERT', 'test_customer'), rbac.globalAdmin()); -- end. @@ -143,7 +143,7 @@ begin end if; raise exception '[403] insert into test_customer values(%) not allowed for current subjects % (%)', - NEW, currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); + NEW, rbac.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); end; $$; create trigger test_customer_insert_permission_check_tg diff --git a/src/main/resources/db/changelog/2-test/202-test-package/2023-test-package-rbac.sql b/src/main/resources/db/changelog/2-test/202-test-package/2023-test-package-rbac.sql index 26e3384d..3dcfec24 100644 --- a/src/main/resources/db/changelog/2-test/202-test-package/2023-test-package-rbac.sql +++ b/src/main/resources/db/changelog/2-test/202-test-package/2023-test-package-rbac.sql @@ -110,11 +110,11 @@ begin if NEW.customerUuid <> OLD.customerUuid then - call revokeRoleFromRole(testPackageOWNER(OLD), testCustomerADMIN(oldCustomer)); - call grantRoleToRole(testPackageOWNER(NEW), testCustomerADMIN(newCustomer)); + call rbac.revokeRoleFromRole(testPackageOWNER(OLD), testCustomerADMIN(oldCustomer)); + call rbac.grantRoleToRole(testPackageOWNER(NEW), testCustomerADMIN(newCustomer)); - call revokeRoleFromRole(testCustomerTENANT(oldCustomer), testPackageTENANT(OLD)); - call grantRoleToRole(testCustomerTENANT(newCustomer), testPackageTENANT(NEW)); + call rbac.revokeRoleFromRole(testCustomerTENANT(oldCustomer), testPackageTENANT(OLD)); + call rbac.grantRoleToRole(testCustomerTENANT(newCustomer), testPackageTENANT(NEW)); end if; @@ -159,7 +159,7 @@ do language plpgsql $$ FOR row IN SELECT * FROM test_customer -- unconditional for all rows in that table LOOP - call grantPermissionToRole( + call rbac.grantPermissionToRole( rbac.createPermission(row.uuid, 'INSERT', 'test_package'), testCustomerADMIN(row)); END LOOP; @@ -175,7 +175,7 @@ create or replace function new_test_package_grants_insert_to_test_customer_tf() strict as $$ begin -- unconditional for all rows in that table - call grantPermissionToRole( + call rbac.grantPermissionToRole( rbac.createPermission(NEW.uuid, 'INSERT', 'test_package'), testCustomerADMIN(NEW)); -- end. @@ -203,12 +203,12 @@ declare superObjectUuid uuid; begin -- check INSERT permission via direct foreign key: NEW.customerUuid - if hasInsertPermission(NEW.customerUuid, 'test_package') then + if rbac.hasInsertPermission(NEW.customerUuid, 'test_package') then return NEW; end if; raise exception '[403] insert into test_package values(%) not allowed for current subjects % (%)', - NEW, currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); + NEW, rbac.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); end; $$; create trigger test_package_insert_permission_check_tg diff --git a/src/main/resources/db/changelog/2-test/203-test-domain/2033-test-domain-rbac.sql b/src/main/resources/db/changelog/2-test/203-test-domain/2033-test-domain-rbac.sql index e07e64d8..38129b2b 100644 --- a/src/main/resources/db/changelog/2-test/203-test-domain/2033-test-domain-rbac.sql +++ b/src/main/resources/db/changelog/2-test/203-test-domain/2033-test-domain-rbac.sql @@ -106,14 +106,14 @@ begin if NEW.packageUuid <> OLD.packageUuid then - call revokeRoleFromRole(testDomainOWNER(OLD), testPackageADMIN(oldPackage)); - call grantRoleToRole(testDomainOWNER(NEW), testPackageADMIN(newPackage)); + call rbac.revokeRoleFromRole(testDomainOWNER(OLD), testPackageADMIN(oldPackage)); + call rbac.grantRoleToRole(testDomainOWNER(NEW), testPackageADMIN(newPackage)); - call revokeRoleFromRole(testPackageTENANT(oldPackage), testDomainOWNER(OLD)); - call grantRoleToRole(testPackageTENANT(newPackage), testDomainOWNER(NEW)); + call rbac.revokeRoleFromRole(testPackageTENANT(oldPackage), testDomainOWNER(OLD)); + call rbac.grantRoleToRole(testPackageTENANT(newPackage), testDomainOWNER(NEW)); - call revokeRoleFromRole(testPackageTENANT(oldPackage), testDomainADMIN(OLD)); - call grantRoleToRole(testPackageTENANT(newPackage), testDomainADMIN(NEW)); + call rbac.revokeRoleFromRole(testPackageTENANT(oldPackage), testDomainADMIN(OLD)); + call rbac.grantRoleToRole(testPackageTENANT(newPackage), testDomainADMIN(NEW)); end if; @@ -158,7 +158,7 @@ do language plpgsql $$ FOR row IN SELECT * FROM test_package -- unconditional for all rows in that table LOOP - call grantPermissionToRole( + call rbac.grantPermissionToRole( rbac.createPermission(row.uuid, 'INSERT', 'test_domain'), testPackageADMIN(row)); END LOOP; @@ -174,7 +174,7 @@ create or replace function new_test_domain_grants_insert_to_test_package_tf() strict as $$ begin -- unconditional for all rows in that table - call grantPermissionToRole( + call rbac.grantPermissionToRole( rbac.createPermission(NEW.uuid, 'INSERT', 'test_domain'), testPackageADMIN(NEW)); -- end. @@ -202,12 +202,12 @@ declare superObjectUuid uuid; begin -- check INSERT permission via direct foreign key: NEW.packageUuid - if hasInsertPermission(NEW.packageUuid, 'test_domain') then + if rbac.hasInsertPermission(NEW.packageUuid, 'test_domain') then return NEW; end if; raise exception '[403] insert into test_domain values(%) not allowed for current subjects % (%)', - NEW, currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); + NEW, rbac.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); end; $$; create trigger test_domain_insert_permission_check_tg diff --git a/src/main/resources/db/changelog/5-hs-office/501-contact/5018-hs-office-contact-test-data.sql b/src/main/resources/db/changelog/5-hs-office/501-contact/5018-hs-office-contact-test-data.sql index 26b9df14..39de7791 100644 --- a/src/main/resources/db/changelog/5-hs-office/501-contact/5018-hs-office-contact-test-data.sql +++ b/src/main/resources/db/changelog/5-hs-office/501-contact/5018-hs-office-contact-test-data.sql @@ -14,7 +14,7 @@ declare postalAddr varchar; emailAddr varchar; begin - emailAddr = 'contact-admin@' || cleanIdentifier(contCaption) || '.example.com'; + emailAddr = 'contact-admin@' || base.cleanIdentifier(contCaption) || '.example.com'; call base.defineContext('creating contact test-data'); perform rbac.create_subject(emailAddr); call base.defineContext('creating contact test-data', null, emailAddr); diff --git a/src/main/resources/db/changelog/5-hs-office/502-person/5028-hs-office-person-test-data.sql b/src/main/resources/db/changelog/5-hs-office/502-person/5028-hs-office-person-test-data.sql index 37832ae3..c0a06062 100644 --- a/src/main/resources/db/changelog/5-hs-office/502-person/5028-hs-office-person-test-data.sql +++ b/src/main/resources/db/changelog/5-hs-office/502-person/5028-hs-office-person-test-data.sql @@ -20,7 +20,7 @@ declare emailAddr varchar; begin fullName := concat_ws(', ', newTradeName, newFamilyName, newGivenName); - emailAddr = 'person-' || left(cleanIdentifier(fullName), 32) || '@example.com'; + emailAddr = 'person-' || left(base.cleanIdentifier(fullName), 32) || '@example.com'; call base.defineContext('creating person test-data'); perform rbac.create_subject(emailAddr); call base.defineContext('creating person test-data', null, emailAddr); diff --git a/src/main/resources/db/changelog/5-hs-office/503-relation/5033-hs-office-relation-rbac.sql b/src/main/resources/db/changelog/5-hs-office/503-relation/5033-hs-office-relation-rbac.sql index ddc7c92e..15488f65 100644 --- a/src/main/resources/db/changelog/5-hs-office/503-relation/5033-hs-office-relation-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/503-relation/5033-hs-office-relation-rbac.sql @@ -78,12 +78,12 @@ begin ); IF NEW.type = 'REPRESENTATIVE' THEN - call grantRoleToRole(hsOfficePersonOWNER(newAnchorPerson), hsOfficeRelationADMIN(NEW)); - call grantRoleToRole(hsOfficeRelationAGENT(NEW), hsOfficePersonADMIN(newAnchorPerson)); - call grantRoleToRole(hsOfficeRelationOWNER(NEW), hsOfficePersonADMIN(newHolderPerson)); + call rbac.grantRoleToRole(hsOfficePersonOWNER(newAnchorPerson), hsOfficeRelationADMIN(NEW)); + call rbac.grantRoleToRole(hsOfficeRelationAGENT(NEW), hsOfficePersonADMIN(newAnchorPerson)); + call rbac.grantRoleToRole(hsOfficeRelationOWNER(NEW), hsOfficePersonADMIN(newHolderPerson)); ELSE - call grantRoleToRole(hsOfficeRelationAGENT(NEW), hsOfficePersonADMIN(newHolderPerson)); - call grantRoleToRole(hsOfficeRelationOWNER(NEW), hsOfficePersonADMIN(newAnchorPerson)); + call rbac.grantRoleToRole(hsOfficeRelationAGENT(NEW), hsOfficePersonADMIN(newHolderPerson)); + call rbac.grantRoleToRole(hsOfficeRelationOWNER(NEW), hsOfficePersonADMIN(newAnchorPerson)); END IF; call rbac.leaveTriggerForObjectUuid(NEW.uuid); @@ -168,7 +168,7 @@ do language plpgsql $$ FOR row IN SELECT * FROM hs_office_person -- unconditional for all rows in that table LOOP - call grantPermissionToRole( + call rbac.grantPermissionToRole( rbac.createPermission(row.uuid, 'INSERT', 'hs_office_relation'), hsOfficePersonADMIN(row)); END LOOP; @@ -184,7 +184,7 @@ create or replace function new_hs_office_relation_grants_insert_to_hs_office_per strict as $$ begin -- unconditional for all rows in that table - call grantPermissionToRole( + call rbac.grantPermissionToRole( rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office_relation'), hsOfficePersonADMIN(NEW)); -- end. @@ -212,12 +212,12 @@ declare superObjectUuid uuid; begin -- check INSERT permission via direct foreign key: NEW.anchorUuid - if hasInsertPermission(NEW.anchorUuid, 'hs_office_relation') then + if rbac.hasInsertPermission(NEW.anchorUuid, 'hs_office_relation') then return NEW; end if; raise exception '[403] insert into hs_office_relation not allowed for current subjects % (%)', - currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); + rbac.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); end; $$; create trigger hs_office_relation_insert_permission_check_tg diff --git a/src/main/resources/db/changelog/5-hs-office/503-relation/5038-hs-office-relation-test-data.sql b/src/main/resources/db/changelog/5-hs-office/503-relation/5038-hs-office-relation-test-data.sql index 59b01e08..6c9161f5 100644 --- a/src/main/resources/db/changelog/5-hs-office/503-relation/5038-hs-office-relation-test-data.sql +++ b/src/main/resources/db/changelog/5-hs-office/503-relation/5038-hs-office-relation-test-data.sql @@ -22,7 +22,7 @@ declare contact hs_office_contact; begin - idName := cleanIdentifier( anchorPersonName || '-' || holderPersonName); + idName := base.cleanIdentifier( anchorPersonName || '-' || holderPersonName); select p.* into anchorPerson diff --git a/src/main/resources/db/changelog/5-hs-office/504-partner/5043-hs-office-partner-rbac.sql b/src/main/resources/db/changelog/5-hs-office/504-partner/5043-hs-office-partner-rbac.sql index 81518c74..e1fb56f8 100644 --- a/src/main/resources/db/changelog/5-hs-office/504-partner/5043-hs-office-partner-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/504-partner/5043-hs-office-partner-rbac.sql @@ -42,12 +42,12 @@ begin SELECT * FROM hs_office_partner_details WHERE uuid = NEW.detailsUuid INTO newPartnerDetails; assert newPartnerDetails.uuid is not null, format('newPartnerDetails must not be null for NEW.detailsUuid = %s', NEW.detailsUuid); - call grantPermissionToRole(rbac.createPermission(NEW.uuid, 'DELETE'), hsOfficeRelationOWNER(newPartnerRel)); - call grantPermissionToRole(rbac.createPermission(NEW.uuid, 'SELECT'), hsOfficeRelationTENANT(newPartnerRel)); - call grantPermissionToRole(rbac.createPermission(NEW.uuid, 'UPDATE'), hsOfficeRelationADMIN(newPartnerRel)); - call grantPermissionToRole(rbac.createPermission(newPartnerDetails.uuid, 'DELETE'), hsOfficeRelationOWNER(newPartnerRel)); - call grantPermissionToRole(rbac.createPermission(newPartnerDetails.uuid, 'SELECT'), hsOfficeRelationAGENT(newPartnerRel)); - call grantPermissionToRole(rbac.createPermission(newPartnerDetails.uuid, 'UPDATE'), hsOfficeRelationAGENT(newPartnerRel)); + call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'DELETE'), hsOfficeRelationOWNER(newPartnerRel)); + call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'SELECT'), hsOfficeRelationTENANT(newPartnerRel)); + call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'UPDATE'), hsOfficeRelationADMIN(newPartnerRel)); + call rbac.grantPermissionToRole(rbac.createPermission(newPartnerDetails.uuid, 'DELETE'), hsOfficeRelationOWNER(newPartnerRel)); + call rbac.grantPermissionToRole(rbac.createPermission(newPartnerDetails.uuid, 'SELECT'), hsOfficeRelationAGENT(newPartnerRel)); + call rbac.grantPermissionToRole(rbac.createPermission(newPartnerDetails.uuid, 'UPDATE'), hsOfficeRelationAGENT(newPartnerRel)); call rbac.leaveTriggerForObjectUuid(NEW.uuid); end; $$; @@ -110,23 +110,23 @@ begin if NEW.partnerRelUuid <> OLD.partnerRelUuid then - call rbac.revokePermissionFromRole(getPermissionId(OLD.uuid, 'DELETE'), hsOfficeRelationOWNER(oldPartnerRel)); - call grantPermissionToRole(rbac.createPermission(NEW.uuid, 'DELETE'), hsOfficeRelationOWNER(newPartnerRel)); + call rbac.revokePermissionFromRole(rbac.getPermissionId(OLD.uuid, 'DELETE'), hsOfficeRelationOWNER(oldPartnerRel)); + call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'DELETE'), hsOfficeRelationOWNER(newPartnerRel)); - call rbac.revokePermissionFromRole(getPermissionId(OLD.uuid, 'UPDATE'), hsOfficeRelationADMIN(oldPartnerRel)); - call grantPermissionToRole(rbac.createPermission(NEW.uuid, 'UPDATE'), hsOfficeRelationADMIN(newPartnerRel)); + call rbac.revokePermissionFromRole(rbac.getPermissionId(OLD.uuid, 'UPDATE'), hsOfficeRelationADMIN(oldPartnerRel)); + call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'UPDATE'), hsOfficeRelationADMIN(newPartnerRel)); - call rbac.revokePermissionFromRole(getPermissionId(OLD.uuid, 'SELECT'), hsOfficeRelationTENANT(oldPartnerRel)); - call grantPermissionToRole(rbac.createPermission(NEW.uuid, 'SELECT'), hsOfficeRelationTENANT(newPartnerRel)); + call rbac.revokePermissionFromRole(rbac.getPermissionId(OLD.uuid, 'SELECT'), hsOfficeRelationTENANT(oldPartnerRel)); + call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'SELECT'), hsOfficeRelationTENANT(newPartnerRel)); - call rbac.revokePermissionFromRole(getPermissionId(oldPartnerDetails.uuid, 'DELETE'), hsOfficeRelationOWNER(oldPartnerRel)); - call grantPermissionToRole(rbac.createPermission(newPartnerDetails.uuid, 'DELETE'), hsOfficeRelationOWNER(newPartnerRel)); + call rbac.revokePermissionFromRole(rbac.getPermissionId(oldPartnerDetails.uuid, 'DELETE'), hsOfficeRelationOWNER(oldPartnerRel)); + call rbac.grantPermissionToRole(rbac.createPermission(newPartnerDetails.uuid, 'DELETE'), hsOfficeRelationOWNER(newPartnerRel)); - call rbac.revokePermissionFromRole(getPermissionId(oldPartnerDetails.uuid, 'UPDATE'), hsOfficeRelationAGENT(oldPartnerRel)); - call grantPermissionToRole(rbac.createPermission(newPartnerDetails.uuid, 'UPDATE'), hsOfficeRelationAGENT(newPartnerRel)); + call rbac.revokePermissionFromRole(rbac.getPermissionId(oldPartnerDetails.uuid, 'UPDATE'), hsOfficeRelationAGENT(oldPartnerRel)); + call rbac.grantPermissionToRole(rbac.createPermission(newPartnerDetails.uuid, 'UPDATE'), hsOfficeRelationAGENT(newPartnerRel)); - call rbac.revokePermissionFromRole(getPermissionId(oldPartnerDetails.uuid, 'SELECT'), hsOfficeRelationAGENT(oldPartnerRel)); - call grantPermissionToRole(rbac.createPermission(newPartnerDetails.uuid, 'SELECT'), hsOfficeRelationAGENT(newPartnerRel)); + call rbac.revokePermissionFromRole(rbac.getPermissionId(oldPartnerDetails.uuid, 'SELECT'), hsOfficeRelationAGENT(oldPartnerRel)); + call rbac.grantPermissionToRole(rbac.createPermission(newPartnerDetails.uuid, 'SELECT'), hsOfficeRelationAGENT(newPartnerRel)); end if; @@ -171,7 +171,7 @@ do language plpgsql $$ FOR row IN SELECT * FROM rbac.global -- unconditional for all rows in that table LOOP - call grantPermissionToRole( + call rbac.grantPermissionToRole( rbac.createPermission(row.uuid, 'INSERT', 'hs_office_partner'), rbac.globalAdmin()); END LOOP; @@ -187,7 +187,7 @@ create or replace function new_hs_office_partner_grants_insert_to_global_tf() strict as $$ begin -- unconditional for all rows in that table - call grantPermissionToRole( + call rbac.grantPermissionToRole( rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office_partner'), rbac.globalAdmin()); -- end. @@ -220,7 +220,7 @@ begin end if; raise exception '[403] insert into hs_office_partner values(%) not allowed for current subjects % (%)', - NEW, currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); + NEW, rbac.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); end; $$; create trigger hs_office_partner_insert_permission_check_tg diff --git a/src/main/resources/db/changelog/5-hs-office/504-partner/5044-hs-office-partner-details-rbac.sql b/src/main/resources/db/changelog/5-hs-office/504-partner/5044-hs-office-partner-details-rbac.sql index 44b25603..56cdbfa6 100644 --- a/src/main/resources/db/changelog/5-hs-office/504-partner/5044-hs-office-partner-details-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/504-partner/5044-hs-office-partner-details-rbac.sql @@ -75,7 +75,7 @@ begin FOR row IN SELECT * FROM rbac.global -- unconditional for all rows in that table LOOP - call grantPermissionToRole( + call rbac.grantPermissionToRole( rbac.createPermission(row.uuid, 'INSERT', 'hs_office_partner_details'), rbac.globalAdmin()); END LOOP; @@ -91,7 +91,7 @@ create or replace function new_hs_office_partner_details_grants_insert_to_global strict as $$ begin -- unconditional for all rows in that table - call grantPermissionToRole( + call rbac.grantPermissionToRole( rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office_partner_details'), rbac.globalAdmin()); -- end. @@ -124,7 +124,7 @@ begin end if; raise exception '[403] insert into hs_office_partner_details values(%) not allowed for current subjects % (%)', - NEW, currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); + NEW, rbac.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); end; $$; create trigger hs_office_partner_details_insert_permission_check_tg diff --git a/src/main/resources/db/changelog/5-hs-office/504-partner/5048-hs-office-partner-test-data.sql b/src/main/resources/db/changelog/5-hs-office/504-partner/5048-hs-office-partner-test-data.sql index a0361614..00484bd0 100644 --- a/src/main/resources/db/changelog/5-hs-office/504-partner/5048-hs-office-partner-test-data.sql +++ b/src/main/resources/db/changelog/5-hs-office/504-partner/5048-hs-office-partner-test-data.sql @@ -21,7 +21,7 @@ declare relatedPerson hs_office_person; relatedDetailsUuid uuid; begin - idName := cleanIdentifier( partnerPersonName|| '-' || contactCaption); + idName := base.cleanIdentifier( partnerPersonName|| '-' || contactCaption); select p.* from hs_office_person p where p.tradeName = mandantTradeName diff --git a/src/main/resources/db/changelog/5-hs-office/505-bankaccount/5058-hs-office-bankaccount-test-data.sql b/src/main/resources/db/changelog/5-hs-office/505-bankaccount/5058-hs-office-bankaccount-test-data.sql index 90523b43..c9d355b1 100644 --- a/src/main/resources/db/changelog/5-hs-office/505-bankaccount/5058-hs-office-bankaccount-test-data.sql +++ b/src/main/resources/db/changelog/5-hs-office/505-bankaccount/5058-hs-office-bankaccount-test-data.sql @@ -13,7 +13,7 @@ create or replace procedure createHsOfficeBankAccountTestData(givenHolder varcha declare emailAddr varchar; begin - emailAddr = 'bankaccount-admin@' || cleanIdentifier(givenHolder) || '.example.com'; + emailAddr = 'bankaccount-admin@' || base.cleanIdentifier(givenHolder) || '.example.com'; perform rbac.create_subject(emailAddr); call base.defineContext('creating bankaccount test-data', null, emailAddr); diff --git a/src/main/resources/db/changelog/5-hs-office/506-debitor/5063-hs-office-debitor-rbac.sql b/src/main/resources/db/changelog/5-hs-office/506-debitor/5063-hs-office-debitor-rbac.sql index 5b7dcf8b..0e7a68f8 100644 --- a/src/main/resources/db/changelog/5-hs-office/506-debitor/5063-hs-office-debitor-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/506-debitor/5063-hs-office-debitor-rbac.sql @@ -51,15 +51,15 @@ begin SELECT * FROM hs_office_bankaccount WHERE uuid = NEW.refundBankAccountUuid INTO newRefundBankAccount; - call grantRoleToRole(hsOfficeBankAccountREFERRER(newRefundBankAccount), hsOfficeRelationAGENT(newDebitorRel)); - call grantRoleToRole(hsOfficeRelationADMIN(newDebitorRel), hsOfficeRelationADMIN(newPartnerRel)); - call grantRoleToRole(hsOfficeRelationAGENT(newDebitorRel), hsOfficeBankAccountADMIN(newRefundBankAccount)); - call grantRoleToRole(hsOfficeRelationAGENT(newDebitorRel), hsOfficeRelationAGENT(newPartnerRel)); - call grantRoleToRole(hsOfficeRelationTENANT(newPartnerRel), hsOfficeRelationAGENT(newDebitorRel)); + call rbac.grantRoleToRole(hsOfficeBankAccountREFERRER(newRefundBankAccount), hsOfficeRelationAGENT(newDebitorRel)); + call rbac.grantRoleToRole(hsOfficeRelationADMIN(newDebitorRel), hsOfficeRelationADMIN(newPartnerRel)); + call rbac.grantRoleToRole(hsOfficeRelationAGENT(newDebitorRel), hsOfficeBankAccountADMIN(newRefundBankAccount)); + call rbac.grantRoleToRole(hsOfficeRelationAGENT(newDebitorRel), hsOfficeRelationAGENT(newPartnerRel)); + call rbac.grantRoleToRole(hsOfficeRelationTENANT(newPartnerRel), hsOfficeRelationAGENT(newDebitorRel)); - call grantPermissionToRole(rbac.createPermission(NEW.uuid, 'DELETE'), hsOfficeRelationOWNER(newDebitorRel)); - call grantPermissionToRole(rbac.createPermission(NEW.uuid, 'SELECT'), hsOfficeRelationTENANT(newDebitorRel)); - call grantPermissionToRole(rbac.createPermission(NEW.uuid, 'UPDATE'), hsOfficeRelationADMIN(newDebitorRel)); + call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'DELETE'), hsOfficeRelationOWNER(newDebitorRel)); + call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'SELECT'), hsOfficeRelationTENANT(newDebitorRel)); + call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'UPDATE'), hsOfficeRelationADMIN(newDebitorRel)); call rbac.leaveTriggerForObjectUuid(NEW.uuid); end; $$; @@ -144,7 +144,7 @@ do language plpgsql $$ FOR row IN SELECT * FROM rbac.global -- unconditional for all rows in that table LOOP - call grantPermissionToRole( + call rbac.grantPermissionToRole( rbac.createPermission(row.uuid, 'INSERT', 'hs_office_debitor'), rbac.globalAdmin()); END LOOP; @@ -160,7 +160,7 @@ create or replace function new_hs_office_debitor_grants_insert_to_global_tf() strict as $$ begin -- unconditional for all rows in that table - call grantPermissionToRole( + call rbac.grantPermissionToRole( rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office_debitor'), rbac.globalAdmin()); -- end. @@ -193,7 +193,7 @@ begin end if; raise exception '[403] insert into hs_office_debitor values(%) not allowed for current subjects % (%)', - NEW, currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); + NEW, rbac.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); end; $$; create trigger hs_office_debitor_insert_permission_check_tg diff --git a/src/main/resources/db/changelog/5-hs-office/506-debitor/5068-hs-office-debitor-test-data.sql b/src/main/resources/db/changelog/5-hs-office/506-debitor/5068-hs-office-debitor-test-data.sql index 8986a34e..6fe21720 100644 --- a/src/main/resources/db/changelog/5-hs-office/506-debitor/5068-hs-office-debitor-test-data.sql +++ b/src/main/resources/db/changelog/5-hs-office/506-debitor/5068-hs-office-debitor-test-data.sql @@ -20,7 +20,7 @@ declare relatedDebitorRelUuid uuid; relatedBankAccountUuid uuid; begin - idName := cleanIdentifier( forPartnerPersonName|| '-' || forBillingContactCaption); + idName := base.cleanIdentifier( forPartnerPersonName|| '-' || forBillingContactCaption); select debitorRel.uuid into relatedDebitorRelUuid diff --git a/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5073-hs-office-sepamandate-rbac.sql b/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5073-hs-office-sepamandate-rbac.sql index afb90114..d795efe3 100644 --- a/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5073-hs-office-sepamandate-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5073-hs-office-sepamandate-rbac.sql @@ -119,7 +119,7 @@ do language plpgsql $$ FOR row IN SELECT * FROM hs_office_relation WHERE type = 'DEBITOR' LOOP - call grantPermissionToRole( + call rbac.grantPermissionToRole( rbac.createPermission(row.uuid, 'INSERT', 'hs_office_sepamandate'), hsOfficeRelationADMIN(row)); END LOOP; @@ -135,7 +135,7 @@ create or replace function new_hs_office_sepamandate_grants_insert_to_hs_office_ strict as $$ begin if NEW.type = 'DEBITOR' then - call grantPermissionToRole( + call rbac.grantPermissionToRole( rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office_sepamandate'), hsOfficeRelationADMIN(NEW)); end if; @@ -169,12 +169,12 @@ begin WHERE debitor.uuid = NEW.debitorUuid ); assert superObjectUuid is not null, 'object uuid fetched depending on hs_office_sepamandate.debitorUuid must not be null, also check fetchSql in RBAC DSL'; - if hasInsertPermission(superObjectUuid, 'hs_office_sepamandate') then + if rbac.hasInsertPermission(superObjectUuid, 'hs_office_sepamandate') then return NEW; end if; raise exception '[403] insert into hs_office_sepamandate values(%) not allowed for current subjects % (%)', - NEW, currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); + NEW, rbac.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); end; $$; create trigger hs_office_sepamandate_insert_permission_check_tg diff --git a/src/main/resources/db/changelog/5-hs-office/510-membership/5103-hs-office-membership-rbac.sql b/src/main/resources/db/changelog/5-hs-office/510-membership/5103-hs-office-membership-rbac.sql index 8730876a..986c4bfd 100644 --- a/src/main/resources/db/changelog/5-hs-office/510-membership/5103-hs-office-membership-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/510-membership/5103-hs-office-membership-rbac.sql @@ -106,7 +106,7 @@ do language plpgsql $$ FOR row IN SELECT * FROM rbac.global -- unconditional for all rows in that table LOOP - call grantPermissionToRole( + call rbac.grantPermissionToRole( rbac.createPermission(row.uuid, 'INSERT', 'hs_office_membership'), rbac.globalAdmin()); END LOOP; @@ -122,7 +122,7 @@ create or replace function new_hs_office_membership_grants_insert_to_global_tf() strict as $$ begin -- unconditional for all rows in that table - call grantPermissionToRole( + call rbac.grantPermissionToRole( rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office_membership'), rbac.globalAdmin()); -- end. @@ -155,7 +155,7 @@ begin end if; raise exception '[403] insert into hs_office_membership values(%) not allowed for current subjects % (%)', - NEW, currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); + NEW, rbac.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); end; $$; create trigger hs_office_membership_insert_permission_check_tg diff --git a/src/main/resources/db/changelog/5-hs-office/511-coopshares/5113-hs-office-coopshares-rbac.sql b/src/main/resources/db/changelog/5-hs-office/511-coopshares/5113-hs-office-coopshares-rbac.sql index 96f22285..95671db2 100644 --- a/src/main/resources/db/changelog/5-hs-office/511-coopshares/5113-hs-office-coopshares-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/511-coopshares/5113-hs-office-coopshares-rbac.sql @@ -38,8 +38,8 @@ begin SELECT * FROM hs_office_membership WHERE uuid = NEW.membershipUuid INTO newMembership; assert newMembership.uuid is not null, format('newMembership must not be null for NEW.membershipUuid = %s', NEW.membershipUuid); - call grantPermissionToRole(rbac.createPermission(NEW.uuid, 'SELECT'), hsOfficeMembershipAGENT(newMembership)); - call grantPermissionToRole(rbac.createPermission(NEW.uuid, 'UPDATE'), hsOfficeMembershipADMIN(newMembership)); + call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'SELECT'), hsOfficeMembershipAGENT(newMembership)); + call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'UPDATE'), hsOfficeMembershipADMIN(newMembership)); call rbac.leaveTriggerForObjectUuid(NEW.uuid); end; $$; @@ -82,7 +82,7 @@ do language plpgsql $$ FOR row IN SELECT * FROM hs_office_membership -- unconditional for all rows in that table LOOP - call grantPermissionToRole( + call rbac.grantPermissionToRole( rbac.createPermission(row.uuid, 'INSERT', 'hs_office_coopsharestransaction'), hsOfficeMembershipADMIN(row)); END LOOP; @@ -98,7 +98,7 @@ create or replace function new_hs_office_coopsharestransaction_grants_insert_to_ strict as $$ begin -- unconditional for all rows in that table - call grantPermissionToRole( + call rbac.grantPermissionToRole( rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office_coopsharestransaction'), hsOfficeMembershipADMIN(NEW)); -- end. @@ -126,12 +126,12 @@ declare superObjectUuid uuid; begin -- check INSERT permission via direct foreign key: NEW.membershipUuid - if hasInsertPermission(NEW.membershipUuid, 'hs_office_coopsharestransaction') then + if rbac.hasInsertPermission(NEW.membershipUuid, 'hs_office_coopsharestransaction') then return NEW; end if; raise exception '[403] insert into hs_office_coopsharestransaction values(%) not allowed for current subjects % (%)', - NEW, currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); + NEW, rbac.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); end; $$; create trigger hs_office_coopsharestransaction_insert_permission_check_tg diff --git a/src/main/resources/db/changelog/5-hs-office/512-coopassets/5123-hs-office-coopassets-rbac.sql b/src/main/resources/db/changelog/5-hs-office/512-coopassets/5123-hs-office-coopassets-rbac.sql index c289af2d..3f16e717 100644 --- a/src/main/resources/db/changelog/5-hs-office/512-coopassets/5123-hs-office-coopassets-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/512-coopassets/5123-hs-office-coopassets-rbac.sql @@ -38,8 +38,8 @@ begin SELECT * FROM hs_office_membership WHERE uuid = NEW.membershipUuid INTO newMembership; assert newMembership.uuid is not null, format('newMembership must not be null for NEW.membershipUuid = %s', NEW.membershipUuid); - call grantPermissionToRole(rbac.createPermission(NEW.uuid, 'SELECT'), hsOfficeMembershipAGENT(newMembership)); - call grantPermissionToRole(rbac.createPermission(NEW.uuid, 'UPDATE'), hsOfficeMembershipADMIN(newMembership)); + call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'SELECT'), hsOfficeMembershipAGENT(newMembership)); + call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'UPDATE'), hsOfficeMembershipADMIN(newMembership)); call rbac.leaveTriggerForObjectUuid(NEW.uuid); end; $$; @@ -82,7 +82,7 @@ do language plpgsql $$ FOR row IN SELECT * FROM hs_office_membership -- unconditional for all rows in that table LOOP - call grantPermissionToRole( + call rbac.grantPermissionToRole( rbac.createPermission(row.uuid, 'INSERT', 'hs_office_coopassetstransaction'), hsOfficeMembershipADMIN(row)); END LOOP; @@ -98,7 +98,7 @@ create or replace function new_hs_office_coopassetstransaction_grants_insert_to_ strict as $$ begin -- unconditional for all rows in that table - call grantPermissionToRole( + call rbac.grantPermissionToRole( rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office_coopassetstransaction'), hsOfficeMembershipADMIN(NEW)); -- end. @@ -126,12 +126,12 @@ declare superObjectUuid uuid; begin -- check INSERT permission via direct foreign key: NEW.membershipUuid - if hasInsertPermission(NEW.membershipUuid, 'hs_office_coopassetstransaction') then + if rbac.hasInsertPermission(NEW.membershipUuid, 'hs_office_coopassetstransaction') then return NEW; end if; raise exception '[403] insert into hs_office_coopassetstransaction values(%) not allowed for current subjects % (%)', - NEW, currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); + NEW, rbac.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); end; $$; create trigger hs_office_coopassetstransaction_insert_permission_check_tg diff --git a/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6203-hs-booking-project-rbac.sql b/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6203-hs-booking-project-rbac.sql index 62686ce4..99009a3c 100644 --- a/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6203-hs-booking-project-rbac.sql +++ b/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6203-hs-booking-project-rbac.sql @@ -70,7 +70,7 @@ begin outgoingSubRoles => array[hsOfficeRelationTENANT(newDebitorRel)] ); - call grantPermissionToRole(rbac.createPermission(NEW.uuid, 'DELETE'), rbac.globalAdmin()); + call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'DELETE'), rbac.globalAdmin()); call rbac.leaveTriggerForObjectUuid(NEW.uuid); end; $$; @@ -113,7 +113,7 @@ do language plpgsql $$ FOR row IN SELECT * FROM hs_office_relation WHERE type = 'DEBITOR' LOOP - call grantPermissionToRole( + call rbac.grantPermissionToRole( rbac.createPermission(row.uuid, 'INSERT', 'hs_booking_project'), hsOfficeRelationADMIN(row)); END LOOP; @@ -129,7 +129,7 @@ create or replace function new_hs_booking_project_grants_insert_to_hs_office_rel strict as $$ begin if NEW.type = 'DEBITOR' then - call grantPermissionToRole( + call rbac.grantPermissionToRole( rbac.createPermission(NEW.uuid, 'INSERT', 'hs_booking_project'), hsOfficeRelationADMIN(NEW)); end if; @@ -163,12 +163,12 @@ begin WHERE debitor.uuid = NEW.debitorUuid ); assert superObjectUuid is not null, 'object uuid fetched depending on hs_booking_project.debitorUuid must not be null, also check fetchSql in RBAC DSL'; - if hasInsertPermission(superObjectUuid, 'hs_booking_project') then + if rbac.hasInsertPermission(superObjectUuid, 'hs_booking_project') then return NEW; end if; raise exception '[403] insert into hs_booking_project values(%) not allowed for current subjects % (%)', - NEW, currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); + NEW, rbac.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); end; $$; create trigger hs_booking_project_insert_permission_check_tg @@ -184,7 +184,7 @@ create trigger hs_booking_project_insert_permission_check_tg call rbac.generateRbacIdentityViewFromQuery('hs_booking_project', $idName$ - SELECT bookingProject.uuid as uuid, debitorIV.idName || '-' || cleanIdentifier(bookingProject.caption) as idName + SELECT bookingProject.uuid as uuid, debitorIV.idName || '-' || base.cleanIdentifier(bookingProject.caption) as idName FROM hs_booking_project bookingProject JOIN hs_office_debitor_iv debitorIV ON debitorIV.uuid = bookingProject.debitorUuid $idName$); diff --git a/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6203-hs-booking-item-rbac.sql b/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6203-hs-booking-item-rbac.sql index fa3ed829..573f1a68 100644 --- a/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6203-hs-booking-item-rbac.sql +++ b/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6203-hs-booking-item-rbac.sql @@ -69,7 +69,7 @@ begin - call grantPermissionToRole(rbac.createPermission(NEW.uuid, 'DELETE'), rbac.globalAdmin()); + call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'DELETE'), rbac.globalAdmin()); call rbac.leaveTriggerForObjectUuid(NEW.uuid); end; $$; @@ -112,7 +112,7 @@ do language plpgsql $$ FOR row IN SELECT * FROM rbac.global -- unconditional for all rows in that table LOOP - call grantPermissionToRole( + call rbac.grantPermissionToRole( rbac.createPermission(row.uuid, 'INSERT', 'hs_booking_item'), rbac.globalAdmin()); END LOOP; @@ -128,7 +128,7 @@ create or replace function new_hs_booking_item_grants_insert_to_global_tf() strict as $$ begin -- unconditional for all rows in that table - call grantPermissionToRole( + call rbac.grantPermissionToRole( rbac.createPermission(NEW.uuid, 'INSERT', 'hs_booking_item'), rbac.globalAdmin()); -- end. @@ -155,7 +155,7 @@ do language plpgsql $$ FOR row IN SELECT * FROM hs_booking_project -- unconditional for all rows in that table LOOP - call grantPermissionToRole( + call rbac.grantPermissionToRole( rbac.createPermission(row.uuid, 'INSERT', 'hs_booking_item'), hsBookingProjectADMIN(row)); END LOOP; @@ -171,7 +171,7 @@ create or replace function new_hs_booking_item_grants_insert_to_hs_booking_proje strict as $$ begin -- unconditional for all rows in that table - call grantPermissionToRole( + call rbac.grantPermissionToRole( rbac.createPermission(NEW.uuid, 'INSERT', 'hs_booking_item'), hsBookingProjectADMIN(NEW)); -- end. @@ -198,7 +198,7 @@ create or replace function new_hs_booking_item_grants_insert_to_hs_booking_item_ strict as $$ begin -- unconditional for all rows in that table - call grantPermissionToRole( + call rbac.grantPermissionToRole( rbac.createPermission(NEW.uuid, 'INSERT', 'hs_booking_item'), hsBookingItemADMIN(NEW)); -- end. @@ -230,16 +230,16 @@ begin return NEW; end if; -- check INSERT permission via direct foreign key: NEW.projectUuid - if hasInsertPermission(NEW.projectUuid, 'hs_booking_item') then + if rbac.hasInsertPermission(NEW.projectUuid, 'hs_booking_item') then return NEW; end if; -- check INSERT permission via direct foreign key: NEW.parentItemUuid - if hasInsertPermission(NEW.parentItemUuid, 'hs_booking_item') then + if rbac.hasInsertPermission(NEW.parentItemUuid, 'hs_booking_item') then return NEW; end if; raise exception '[403] insert into hs_booking_item values(%) not allowed for current subjects % (%)', - NEW, currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); + NEW, rbac.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); end; $$; create trigger hs_booking_item_insert_permission_check_tg diff --git a/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6303-hs-booking-item-rbac.sql b/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6303-hs-booking-item-rbac.sql index fa3ed829..573f1a68 100644 --- a/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6303-hs-booking-item-rbac.sql +++ b/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6303-hs-booking-item-rbac.sql @@ -69,7 +69,7 @@ begin - call grantPermissionToRole(rbac.createPermission(NEW.uuid, 'DELETE'), rbac.globalAdmin()); + call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'DELETE'), rbac.globalAdmin()); call rbac.leaveTriggerForObjectUuid(NEW.uuid); end; $$; @@ -112,7 +112,7 @@ do language plpgsql $$ FOR row IN SELECT * FROM rbac.global -- unconditional for all rows in that table LOOP - call grantPermissionToRole( + call rbac.grantPermissionToRole( rbac.createPermission(row.uuid, 'INSERT', 'hs_booking_item'), rbac.globalAdmin()); END LOOP; @@ -128,7 +128,7 @@ create or replace function new_hs_booking_item_grants_insert_to_global_tf() strict as $$ begin -- unconditional for all rows in that table - call grantPermissionToRole( + call rbac.grantPermissionToRole( rbac.createPermission(NEW.uuid, 'INSERT', 'hs_booking_item'), rbac.globalAdmin()); -- end. @@ -155,7 +155,7 @@ do language plpgsql $$ FOR row IN SELECT * FROM hs_booking_project -- unconditional for all rows in that table LOOP - call grantPermissionToRole( + call rbac.grantPermissionToRole( rbac.createPermission(row.uuid, 'INSERT', 'hs_booking_item'), hsBookingProjectADMIN(row)); END LOOP; @@ -171,7 +171,7 @@ create or replace function new_hs_booking_item_grants_insert_to_hs_booking_proje strict as $$ begin -- unconditional for all rows in that table - call grantPermissionToRole( + call rbac.grantPermissionToRole( rbac.createPermission(NEW.uuid, 'INSERT', 'hs_booking_item'), hsBookingProjectADMIN(NEW)); -- end. @@ -198,7 +198,7 @@ create or replace function new_hs_booking_item_grants_insert_to_hs_booking_item_ strict as $$ begin -- unconditional for all rows in that table - call grantPermissionToRole( + call rbac.grantPermissionToRole( rbac.createPermission(NEW.uuid, 'INSERT', 'hs_booking_item'), hsBookingItemADMIN(NEW)); -- end. @@ -230,16 +230,16 @@ begin return NEW; end if; -- check INSERT permission via direct foreign key: NEW.projectUuid - if hasInsertPermission(NEW.projectUuid, 'hs_booking_item') then + if rbac.hasInsertPermission(NEW.projectUuid, 'hs_booking_item') then return NEW; end if; -- check INSERT permission via direct foreign key: NEW.parentItemUuid - if hasInsertPermission(NEW.parentItemUuid, 'hs_booking_item') then + if rbac.hasInsertPermission(NEW.parentItemUuid, 'hs_booking_item') then return NEW; end if; raise exception '[403] insert into hs_booking_item values(%) not allowed for current subjects % (%)', - NEW, currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); + NEW, rbac.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); end; $$; create trigger hs_booking_item_insert_permission_check_tg -- 2.39.5 From d7643f0f25f9cf97b500cac3c94cb96477765bd6 Mon Sep 17 00:00:00 2001 From: Michael Hoennig Date: Sat, 14 Sep 2024 10:58:57 +0200 Subject: [PATCH 40/57] fix rbac.currentSubjects() -> base.currentSubjects() --- .../hsadminng/rbac/rbacdef/InsertTriggerGenerator.java | 2 +- .../db/changelog/1-rbac/1051-rbac-subject-grant.sql | 8 ++++---- .../2-test/201-test-customer/2013-test-customer-rbac.sql | 2 +- .../2-test/202-test-package/2023-test-package-rbac.sql | 2 +- .../2-test/203-test-domain/2033-test-domain-rbac.sql | 2 +- .../503-relation/5033-hs-office-relation-rbac.sql | 2 +- .../504-partner/5043-hs-office-partner-rbac.sql | 2 +- .../504-partner/5044-hs-office-partner-details-rbac.sql | 2 +- .../506-debitor/5063-hs-office-debitor-rbac.sql | 2 +- .../507-sepamandate/5073-hs-office-sepamandate-rbac.sql | 2 +- .../510-membership/5103-hs-office-membership-rbac.sql | 2 +- .../511-coopshares/5113-hs-office-coopshares-rbac.sql | 2 +- .../512-coopassets/5123-hs-office-coopassets-rbac.sql | 2 +- .../620-booking-project/6203-hs-booking-project-rbac.sql | 2 +- .../630-booking-item/6203-hs-booking-item-rbac.sql | 2 +- .../630-booking-item/6303-hs-booking-item-rbac.sql | 2 +- 16 files changed, 19 insertions(+), 19 deletions(-) diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/InsertTriggerGenerator.java b/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/InsertTriggerGenerator.java index 06855099..454a4394 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/InsertTriggerGenerator.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/InsertTriggerGenerator.java @@ -255,7 +255,7 @@ public class InsertTriggerGenerator { plPgSql.writeLn(); plPgSql.writeLn(""" raise exception '[403] insert into ${rawSubTable} values(%) not allowed for current subjects % (%)', - NEW, rbac.currentSubjects(), currentSubjectOrAssumedRolesUuids(); + NEW, base.currentSubjects(), currentSubjectOrAssumedRolesUuids(); end; $$; create trigger ${rawSubTable}_insert_permission_check_tg diff --git a/src/main/resources/db/changelog/1-rbac/1051-rbac-subject-grant.sql b/src/main/resources/db/changelog/1-rbac/1051-rbac-subject-grant.sql index cb348008..fb3a50f5 100644 --- a/src/main/resources/db/changelog/1-rbac/1051-rbac-subject-grant.sql +++ b/src/main/resources/db/changelog/1-rbac/1051-rbac-subject-grant.sql @@ -51,7 +51,7 @@ begin if NOT rbac.isGranted(rbac.currentSubjectOrAssumedRolesUuids(), grantedByRoleUuid) then select roleIdName from rbac.role_ev where uuid=grantedByRoleUuid into grantedByRoleIdName; raise exception '[403] Access to granted-by-role % (%) forbidden for % (%)', - grantedByRoleIdName, grantedByRoleUuid, rbac.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); + grantedByRoleIdName, grantedByRoleUuid, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); end if; if NOT rbac.isGranted(grantedByRoleUuid, grantedRoleUuid) then select roleIdName from rbac.role_ev where uuid=grantedByRoleUuid into grantedByRoleIdName; @@ -82,16 +82,16 @@ begin perform rbac.assertReferenceType('subjectUuid (ascendant)', subjectUuid, 'rbac.subject'); if NOT rbac.isGranted(rbac.currentSubjectOrAssumedRolesUuids(), grantedByRoleUuid) then - raise exception '[403] Revoking role created by % is forbidden for %.', grantedByRoleUuid, rbac.currentSubjects(); + raise exception '[403] Revoking role created by % is forbidden for %.', grantedByRoleUuid, base.currentSubjects(); end if; if NOT rbac.isGranted(grantedByRoleUuid, grantedRoleUuid) then - raise exception '[403] Revoking role % is forbidden for %.', grantedRoleUuid, rbac.currentSubjects(); + raise exception '[403] Revoking role % is forbidden for %.', grantedRoleUuid, base.currentSubjects(); end if; --raise exception 'rbac.isGranted(%, %)', rbac.currentSubjectOrAssumedRolesUuids(), grantedByRoleUuid; if NOT rbac.isGranted(rbac.currentSubjectOrAssumedRolesUuids(), grantedByRoleUuid) then - raise exception '[403] Revoking role granted by % is forbidden for %.', grantedByRoleUuid, rbac.currentSubjects(); + raise exception '[403] Revoking role granted by % is forbidden for %.', grantedByRoleUuid, base.currentSubjects(); end if; if NOT rbac.isGranted(subjectUuid, grantedRoleUuid) then diff --git a/src/main/resources/db/changelog/2-test/201-test-customer/2013-test-customer-rbac.sql b/src/main/resources/db/changelog/2-test/201-test-customer/2013-test-customer-rbac.sql index ef52b1ee..acd8994c 100644 --- a/src/main/resources/db/changelog/2-test/201-test-customer/2013-test-customer-rbac.sql +++ b/src/main/resources/db/changelog/2-test/201-test-customer/2013-test-customer-rbac.sql @@ -143,7 +143,7 @@ begin end if; raise exception '[403] insert into test_customer values(%) not allowed for current subjects % (%)', - NEW, rbac.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); + NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); end; $$; create trigger test_customer_insert_permission_check_tg diff --git a/src/main/resources/db/changelog/2-test/202-test-package/2023-test-package-rbac.sql b/src/main/resources/db/changelog/2-test/202-test-package/2023-test-package-rbac.sql index 3dcfec24..20f98256 100644 --- a/src/main/resources/db/changelog/2-test/202-test-package/2023-test-package-rbac.sql +++ b/src/main/resources/db/changelog/2-test/202-test-package/2023-test-package-rbac.sql @@ -208,7 +208,7 @@ begin end if; raise exception '[403] insert into test_package values(%) not allowed for current subjects % (%)', - NEW, rbac.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); + NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); end; $$; create trigger test_package_insert_permission_check_tg diff --git a/src/main/resources/db/changelog/2-test/203-test-domain/2033-test-domain-rbac.sql b/src/main/resources/db/changelog/2-test/203-test-domain/2033-test-domain-rbac.sql index 38129b2b..561ea5a7 100644 --- a/src/main/resources/db/changelog/2-test/203-test-domain/2033-test-domain-rbac.sql +++ b/src/main/resources/db/changelog/2-test/203-test-domain/2033-test-domain-rbac.sql @@ -207,7 +207,7 @@ begin end if; raise exception '[403] insert into test_domain values(%) not allowed for current subjects % (%)', - NEW, rbac.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); + NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); end; $$; create trigger test_domain_insert_permission_check_tg diff --git a/src/main/resources/db/changelog/5-hs-office/503-relation/5033-hs-office-relation-rbac.sql b/src/main/resources/db/changelog/5-hs-office/503-relation/5033-hs-office-relation-rbac.sql index 15488f65..a2c75f1a 100644 --- a/src/main/resources/db/changelog/5-hs-office/503-relation/5033-hs-office-relation-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/503-relation/5033-hs-office-relation-rbac.sql @@ -217,7 +217,7 @@ begin end if; raise exception '[403] insert into hs_office_relation not allowed for current subjects % (%)', - rbac.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); + base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); end; $$; create trigger hs_office_relation_insert_permission_check_tg diff --git a/src/main/resources/db/changelog/5-hs-office/504-partner/5043-hs-office-partner-rbac.sql b/src/main/resources/db/changelog/5-hs-office/504-partner/5043-hs-office-partner-rbac.sql index e1fb56f8..1cd6335a 100644 --- a/src/main/resources/db/changelog/5-hs-office/504-partner/5043-hs-office-partner-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/504-partner/5043-hs-office-partner-rbac.sql @@ -220,7 +220,7 @@ begin end if; raise exception '[403] insert into hs_office_partner values(%) not allowed for current subjects % (%)', - NEW, rbac.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); + NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); end; $$; create trigger hs_office_partner_insert_permission_check_tg diff --git a/src/main/resources/db/changelog/5-hs-office/504-partner/5044-hs-office-partner-details-rbac.sql b/src/main/resources/db/changelog/5-hs-office/504-partner/5044-hs-office-partner-details-rbac.sql index 56cdbfa6..26b4e243 100644 --- a/src/main/resources/db/changelog/5-hs-office/504-partner/5044-hs-office-partner-details-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/504-partner/5044-hs-office-partner-details-rbac.sql @@ -124,7 +124,7 @@ begin end if; raise exception '[403] insert into hs_office_partner_details values(%) not allowed for current subjects % (%)', - NEW, rbac.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); + NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); end; $$; create trigger hs_office_partner_details_insert_permission_check_tg diff --git a/src/main/resources/db/changelog/5-hs-office/506-debitor/5063-hs-office-debitor-rbac.sql b/src/main/resources/db/changelog/5-hs-office/506-debitor/5063-hs-office-debitor-rbac.sql index 0e7a68f8..4f000bb0 100644 --- a/src/main/resources/db/changelog/5-hs-office/506-debitor/5063-hs-office-debitor-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/506-debitor/5063-hs-office-debitor-rbac.sql @@ -193,7 +193,7 @@ begin end if; raise exception '[403] insert into hs_office_debitor values(%) not allowed for current subjects % (%)', - NEW, rbac.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); + NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); end; $$; create trigger hs_office_debitor_insert_permission_check_tg diff --git a/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5073-hs-office-sepamandate-rbac.sql b/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5073-hs-office-sepamandate-rbac.sql index d795efe3..ff1d7343 100644 --- a/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5073-hs-office-sepamandate-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5073-hs-office-sepamandate-rbac.sql @@ -174,7 +174,7 @@ begin end if; raise exception '[403] insert into hs_office_sepamandate values(%) not allowed for current subjects % (%)', - NEW, rbac.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); + NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); end; $$; create trigger hs_office_sepamandate_insert_permission_check_tg diff --git a/src/main/resources/db/changelog/5-hs-office/510-membership/5103-hs-office-membership-rbac.sql b/src/main/resources/db/changelog/5-hs-office/510-membership/5103-hs-office-membership-rbac.sql index 986c4bfd..a3ca38ba 100644 --- a/src/main/resources/db/changelog/5-hs-office/510-membership/5103-hs-office-membership-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/510-membership/5103-hs-office-membership-rbac.sql @@ -155,7 +155,7 @@ begin end if; raise exception '[403] insert into hs_office_membership values(%) not allowed for current subjects % (%)', - NEW, rbac.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); + NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); end; $$; create trigger hs_office_membership_insert_permission_check_tg diff --git a/src/main/resources/db/changelog/5-hs-office/511-coopshares/5113-hs-office-coopshares-rbac.sql b/src/main/resources/db/changelog/5-hs-office/511-coopshares/5113-hs-office-coopshares-rbac.sql index 95671db2..e0a9bd0c 100644 --- a/src/main/resources/db/changelog/5-hs-office/511-coopshares/5113-hs-office-coopshares-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/511-coopshares/5113-hs-office-coopshares-rbac.sql @@ -131,7 +131,7 @@ begin end if; raise exception '[403] insert into hs_office_coopsharestransaction values(%) not allowed for current subjects % (%)', - NEW, rbac.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); + NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); end; $$; create trigger hs_office_coopsharestransaction_insert_permission_check_tg diff --git a/src/main/resources/db/changelog/5-hs-office/512-coopassets/5123-hs-office-coopassets-rbac.sql b/src/main/resources/db/changelog/5-hs-office/512-coopassets/5123-hs-office-coopassets-rbac.sql index 3f16e717..a0351650 100644 --- a/src/main/resources/db/changelog/5-hs-office/512-coopassets/5123-hs-office-coopassets-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/512-coopassets/5123-hs-office-coopassets-rbac.sql @@ -131,7 +131,7 @@ begin end if; raise exception '[403] insert into hs_office_coopassetstransaction values(%) not allowed for current subjects % (%)', - NEW, rbac.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); + NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); end; $$; create trigger hs_office_coopassetstransaction_insert_permission_check_tg diff --git a/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6203-hs-booking-project-rbac.sql b/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6203-hs-booking-project-rbac.sql index 99009a3c..f4bd88c1 100644 --- a/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6203-hs-booking-project-rbac.sql +++ b/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6203-hs-booking-project-rbac.sql @@ -168,7 +168,7 @@ begin end if; raise exception '[403] insert into hs_booking_project values(%) not allowed for current subjects % (%)', - NEW, rbac.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); + NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); end; $$; create trigger hs_booking_project_insert_permission_check_tg diff --git a/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6203-hs-booking-item-rbac.sql b/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6203-hs-booking-item-rbac.sql index 573f1a68..a53ebe84 100644 --- a/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6203-hs-booking-item-rbac.sql +++ b/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6203-hs-booking-item-rbac.sql @@ -239,7 +239,7 @@ begin end if; raise exception '[403] insert into hs_booking_item values(%) not allowed for current subjects % (%)', - NEW, rbac.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); + NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); end; $$; create trigger hs_booking_item_insert_permission_check_tg diff --git a/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6303-hs-booking-item-rbac.sql b/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6303-hs-booking-item-rbac.sql index 573f1a68..a53ebe84 100644 --- a/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6303-hs-booking-item-rbac.sql +++ b/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6303-hs-booking-item-rbac.sql @@ -239,7 +239,7 @@ begin end if; raise exception '[403] insert into hs_booking_item values(%) not allowed for current subjects % (%)', - NEW, rbac.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); + NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); end; $$; create trigger hs_booking_item_insert_permission_check_tg -- 2.39.5 From 920cd9eead14014e94c961859ef8be3ea839706b Mon Sep 17 00:00:00 2001 From: Michael Hoennig Date: Sat, 14 Sep 2024 11:10:16 +0200 Subject: [PATCH 41/57] hs_statistics_v --- sql/recursive-cte-experiments-for-accessible-uuids.sql | 2 +- src/main/resources/db/changelog/9-hs-global/9000-statistics.sql | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/sql/recursive-cte-experiments-for-accessible-uuids.sql b/sql/recursive-cte-experiments-for-accessible-uuids.sql index 669a6f24..84fa6e79 100644 --- a/sql/recursive-cte-experiments-for-accessible-uuids.sql +++ b/sql/recursive-cte-experiments-for-accessible-uuids.sql @@ -1,6 +1,6 @@ -- just a permanent playground to explore optimization of the central recursive CTE query for RBAC -select * from hs_statistics_view; +select * from hs_statistics_v; -- ======================================================== diff --git a/src/main/resources/db/changelog/9-hs-global/9000-statistics.sql b/src/main/resources/db/changelog/9-hs-global/9000-statistics.sql index 4386fcb9..30faa0d2 100644 --- a/src/main/resources/db/changelog/9-hs-global/9000-statistics.sql +++ b/src/main/resources/db/changelog/9-hs-global/9000-statistics.sql @@ -3,7 +3,7 @@ -- ============================================================================ --changeset hs-global-object-statistics:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -CREATE VIEW hs_statistics_view AS +CREATE VIEW hs_statistics_v AS select * from (select count, "table" as "rbac-table", '' as "hs-table", '' as "type" from rbac.statistics_v -- 2.39.5 From d522b1cb42b4758f282806172d37215e51456115 Mon Sep 17 00:00:00 2001 From: Michael Hoennig Date: Sat, 14 Sep 2024 11:15:17 +0200 Subject: [PATCH 42/57] rbac.grants_rv + rbac.grants_ev --- .../rbac/rbacgrant/RawRbacGrantEntity.java | 2 +- .../rbac/rbacgrant/RbacGrantEntity.java | 2 +- .../db/changelog/1-rbac/1055-rbac-views.sql | 23 +++++++++---------- 3 files changed, 13 insertions(+), 14 deletions(-) diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/rbacgrant/RawRbacGrantEntity.java b/src/main/java/net/hostsharing/hsadminng/rbac/rbacgrant/RawRbacGrantEntity.java index f7b3cdf4..78077725 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/rbacgrant/RawRbacGrantEntity.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/rbacgrant/RawRbacGrantEntity.java @@ -12,7 +12,7 @@ import java.util.List; import java.util.UUID; @Entity -@Table(name = "rbacgrants_ev") +@Table(schema = "rbac", name = "grants_ev") @Getter @Setter @Builder diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantEntity.java b/src/main/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantEntity.java index bb422f62..9a481301 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantEntity.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantEntity.java @@ -8,7 +8,7 @@ import jakarta.persistence.*; import java.util.UUID; @Entity -@Table(name = "rbacgrants_rv") +@Table(schema = "rbac", name = "grants_rv") @IdClass(RbacGrantId.class) @Getter @Setter diff --git a/src/main/resources/db/changelog/1-rbac/1055-rbac-views.sql b/src/main/resources/db/changelog/1-rbac/1055-rbac-views.sql index 4138d3e2..028592c2 100644 --- a/src/main/resources/db/changelog/1-rbac/1055-rbac-views.sql +++ b/src/main/resources/db/changelog/1-rbac/1055-rbac-views.sql @@ -52,8 +52,8 @@ grant all privileges on rbac.role_rv to ${HSADMINNG_POSTGRES_RESTRICTED_USERNAME Creates a view to the grants table with additional columns for easier human readability. */ -drop view if exists rbacgrants_ev; -create or replace view rbacgrants_ev as +drop view if exists rbac.grants_ev; +create or replace view rbac.grants_ev as -- @formatter:off select x.grantUuid as uuid, x.grantedByTriggerOf as grantedByTriggerOf, @@ -112,8 +112,7 @@ create or replace view rbacgrants_ev as Creates a view to the grants table with row-level limitation based on the direct grants of the current user. */ -drop view if exists rbacgrants_rv; -create or replace view rbacgrants_rv as +create or replace view rbac.grants_rv as -- @formatter:off select o.objectTable || '#' || base.findIdNameByObjectUuid(o.objectTable, o.uuid) || ':' || r.roletype as grantedByRoleIdName, g.objectTable || '#' || g.objectIdName || ':' || g.roletype as grantedRoleIdName, g.userName, g.assumed, @@ -142,28 +141,28 @@ grant all privileges on rbac.role_rv to ${HSADMINNG_POSTGRES_RESTRICTED_USERNAME -- ---------------------------------------------------------------------------- /** - Instead of insert trigger function for RbacGrants_RV. + Instead of insert trigger function for rbac.grants_rv. */ create or replace function rbac.insert_grant_tf() returns trigger language plpgsql as $$ declare - newGrant RbacGrants_RV; + newGrant rbac.grants_rv; begin call rbac.grantRoleToSubject(rbac.assumedRoleUuid(), new.grantedRoleUuid, new.subjectUuid, new.assumed); select grv.* - from RbacGrants_RV grv + from rbac.grants_rv grv where grv.subjectUuid=new.subjectUuid and grv.grantedRoleUuid=new.grantedRoleUuid into newGrant; return newGrant; end; $$; /* - Creates an instead of insert trigger for the RbacGrants_rv view. + Creates an instead of insert trigger for the rbac.grants_rv view. */ create trigger insert_grant_tg instead of insert - on RbacGrants_rv + on rbac.grants_rv for each row execute function rbac.insert_grant_tf(); --/ @@ -174,7 +173,7 @@ execute function rbac.insert_grant_tf(); -- ---------------------------------------------------------------------------- /** - Instead of delete trigger function for RbacGrants_RV. + Instead of delete trigger function for rbac.grants_rv. Checks if the current subject or assumed role have the permission to revoke the grant. */ @@ -187,11 +186,11 @@ begin end; $$; /* - Creates an instead of delete trigger for the RbacGrants_rv view. + Creates an instead of delete trigger for the rbac.grants_rv view. */ create trigger delete_grant_tg instead of delete - on RbacGrants_rv + on rbac.grants_rv for each row execute function rbac.delete_grant_tf(); --/ -- 2.39.5 From 2612d3eb8c8fafaa5863ee9a5816d5ee0c655e95 Mon Sep 17 00:00:00 2001 From: Michael Hoennig Date: Sat, 14 Sep 2024 13:19:41 +0200 Subject: [PATCH 43/57] amend rbac generators and re-generate --- .../booking/item/HsBookingItemRbacEntity.java | 5 ++- .../hs/booking/project/HsBookingProject.java | 3 +- .../project/HsBookingProjectRbacEntity.java | 3 +- .../HsOfficeBankAccountEntity.java | 2 +- .../office/debitor/HsOfficeDebitorEntity.java | 3 +- .../membership/HsOfficeMembershipEntity.java | 3 +- .../partner/HsOfficePartnerDetailsEntity.java | 3 +- .../office/partner/HsOfficePartnerEntity.java | 3 +- .../office/person/HsOfficePersonEntity.java | 2 +- .../rbac/rbacdef/InsertTriggerGenerator.java | 44 ++++++++++--------- .../rbacdef/RbacIdentityViewGenerator.java | 2 +- .../rbac/rbacdef/RbacObjectGenerator.java | 2 +- .../rbacdef/RbacRestrictedViewGenerator.java | 2 +- .../rbacdef/RbacRoleDescriptorsGenerator.java | 2 +- .../hsadminng/rbac/rbacdef/RbacView.java | 32 ++++++++++++-- .../rbacdef/RbacViewPostgresGenerator.java | 2 +- .../RolesGrantsAndPermissionsGenerator.java | 18 ++++---- .../2013-test-customer-rbac.sql | 14 +++--- .../2023-test-package-rbac.sql | 2 +- .../203-test-domain/2033-test-domain-rbac.sql | 2 +- .../502-person/5023-hs-office-person-rbac.sql | 2 +- .../5043-hs-office-partner-rbac.sql | 16 +++---- .../5044-hs-office-partner-details-rbac.sql | 30 ++++++------- .../5053-hs-office-bankaccount-rbac.sql | 2 +- .../5063-hs-office-debitor-rbac.sql | 18 ++++---- .../5073-hs-office-sepamandate-rbac.sql | 8 ++-- .../5103-hs-office-membership-rbac.sql | 18 ++++---- .../5113-hs-office-coopshares-rbac.sql | 6 +-- .../5123-hs-office-coopassets-rbac.sql | 6 +-- 29 files changed, 146 insertions(+), 109 deletions(-) diff --git a/src/main/java/net/hostsharing/hsadminng/hs/booking/item/HsBookingItemRbacEntity.java b/src/main/java/net/hostsharing/hsadminng/hs/booking/item/HsBookingItemRbacEntity.java index 1b3fc598..e7e3ecc6 100644 --- a/src/main/java/net/hostsharing/hsadminng/hs/booking/item/HsBookingItemRbacEntity.java +++ b/src/main/java/net/hostsharing/hsadminng/hs/booking/item/HsBookingItemRbacEntity.java @@ -17,6 +17,7 @@ import java.io.IOException; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Column.dependsOnColumn; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.ColumnValue.usingDefaultCase; +import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.GLOBAL; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Nullable.NULLABLE; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.DELETE; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.INSERT; @@ -45,8 +46,8 @@ public class HsBookingItemRbacEntity extends HsBookingItem { .withIdentityView(SQL.projection("caption")) .withRestrictedViewOrderBy(SQL.expression("validity")) .withUpdatableColumns("version", "caption", "validity", "resources") - .toRole("global", ADMIN).grantPermission(INSERT) // TODO.impl: Why is this necessary to insert test data? - .toRole("global", ADMIN).grantPermission(DELETE) + .toRole(GLOBAL, ADMIN).grantPermission(INSERT) // TODO.impl: Why is this necessary to insert test data? + .toRole(GLOBAL, ADMIN).grantPermission(DELETE) .importEntityAlias("project", HsBookingProject.class, usingDefaultCase(), dependsOnColumn("projectUuid"), diff --git a/src/main/java/net/hostsharing/hsadminng/hs/booking/project/HsBookingProject.java b/src/main/java/net/hostsharing/hsadminng/hs/booking/project/HsBookingProject.java index 6ca163a3..efda0135 100644 --- a/src/main/java/net/hostsharing/hsadminng/hs/booking/project/HsBookingProject.java +++ b/src/main/java/net/hostsharing/hsadminng/hs/booking/project/HsBookingProject.java @@ -20,6 +20,7 @@ import static net.hostsharing.hsadminng.hs.office.relation.HsOfficeRelationType. import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Column.dependsOnColumn; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.ColumnValue.usingCase; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.ColumnValue.usingDefaultCase; +import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.GLOBAL; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Nullable.NOT_NULL; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.*; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.*; @@ -91,7 +92,7 @@ public abstract class HsBookingProject implements Stringifyable, BaseEntity { with.incomingSuperRole("debitorRel", AGENT).unassumed(); diff --git a/src/main/java/net/hostsharing/hsadminng/hs/booking/project/HsBookingProjectRbacEntity.java b/src/main/java/net/hostsharing/hsadminng/hs/booking/project/HsBookingProjectRbacEntity.java index 5295dfaf..bf955d22 100644 --- a/src/main/java/net/hostsharing/hsadminng/hs/booking/project/HsBookingProjectRbacEntity.java +++ b/src/main/java/net/hostsharing/hsadminng/hs/booking/project/HsBookingProjectRbacEntity.java @@ -17,6 +17,7 @@ import static net.hostsharing.hsadminng.hs.office.relation.HsOfficeRelationType. import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Column.dependsOnColumn; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.ColumnValue.usingCase; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.ColumnValue.usingDefaultCase; +import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.GLOBAL; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Nullable.NOT_NULL; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.DELETE; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.INSERT; @@ -63,7 +64,7 @@ public class HsBookingProjectRbacEntity extends HsBookingProject { """), NOT_NULL) .toRole("debitorRel", ADMIN).grantPermission(INSERT) - .toRole("global", ADMIN).grantPermission(DELETE) + .toRole(GLOBAL, ADMIN).grantPermission(DELETE) .createRole(OWNER, (with) -> { with.incomingSuperRole("debitorRel", AGENT).unassumed(); diff --git a/src/main/java/net/hostsharing/hsadminng/hs/office/bankaccount/HsOfficeBankAccountEntity.java b/src/main/java/net/hostsharing/hsadminng/hs/office/bankaccount/HsOfficeBankAccountEntity.java index e58361b7..093795f2 100644 --- a/src/main/java/net/hostsharing/hsadminng/hs/office/bankaccount/HsOfficeBankAccountEntity.java +++ b/src/main/java/net/hostsharing/hsadminng/hs/office/bankaccount/HsOfficeBankAccountEntity.java @@ -62,7 +62,7 @@ public class HsOfficeBankAccountEntity implements BaseEntity { with.owningUser(CREATOR); diff --git a/src/main/java/net/hostsharing/hsadminng/hs/office/debitor/HsOfficeDebitorEntity.java b/src/main/java/net/hostsharing/hsadminng/hs/office/debitor/HsOfficeDebitorEntity.java index 192f3f2e..82e5473f 100644 --- a/src/main/java/net/hostsharing/hsadminng/hs/office/debitor/HsOfficeDebitorEntity.java +++ b/src/main/java/net/hostsharing/hsadminng/hs/office/debitor/HsOfficeDebitorEntity.java @@ -43,6 +43,7 @@ import static net.hostsharing.hsadminng.hs.office.relation.HsOfficeRelationType. import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Column.dependsOnColumn; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.ColumnValue.usingCase; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.ColumnValue.usingDefaultCase; +import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.GLOBAL; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Nullable.NOT_NULL; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Nullable.NULLABLE; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.*; @@ -188,7 +189,7 @@ public class HsOfficeDebitorEntity implements BaseEntity, "vatBusiness", "vatReverseCharge", "defaultPrefix") - .toRole("global", ADMIN).grantPermission(INSERT) + .toRole(GLOBAL, ADMIN).grantPermission(INSERT) .importRootEntityAliasProxy("debitorRel", HsOfficeRelationRbacEntity.class, usingCase(DEBITOR), directlyFetchedByDependsOnColumn(), diff --git a/src/main/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipEntity.java b/src/main/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipEntity.java index 447d92ba..e5e99803 100644 --- a/src/main/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipEntity.java +++ b/src/main/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipEntity.java @@ -40,6 +40,7 @@ import static net.hostsharing.hsadminng.mapper.PostgresDateRange.toPostgresDateR import static net.hostsharing.hsadminng.mapper.PostgresDateRange.upperInclusiveFromPostgresDateRange; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Column.dependsOnColumn; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.ColumnValue.usingDefaultCase; +import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.GLOBAL; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Nullable.NOT_NULL; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.DELETE; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.INSERT; @@ -174,7 +175,7 @@ public class HsOfficeMembershipEntity implements BaseEntity { with.owningUser(CREATOR); diff --git a/src/main/java/net/hostsharing/hsadminng/hs/office/partner/HsOfficePartnerDetailsEntity.java b/src/main/java/net/hostsharing/hsadminng/hs/office/partner/HsOfficePartnerDetailsEntity.java index 1ef8cb8f..85ce126a 100644 --- a/src/main/java/net/hostsharing/hsadminng/hs/office/partner/HsOfficePartnerDetailsEntity.java +++ b/src/main/java/net/hostsharing/hsadminng/hs/office/partner/HsOfficePartnerDetailsEntity.java @@ -13,6 +13,7 @@ import java.io.IOException; import java.time.LocalDate; import java.util.UUID; +import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.GLOBAL; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.*; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.*; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.rbacViewFor; @@ -82,7 +83,7 @@ public class HsOfficePartnerDetailsEntity implements BaseEntity, S return rbacViewFor("person", HsOfficePersonEntity.class) .withIdentityView(SQL.projection("concat(tradeName, familyName, givenName)")) .withUpdatableColumns("personType", "title", "salutation", "tradeName", "givenName", "familyName") - .toRole("global", GUEST).grantPermission(INSERT) + .toRole(GLOBAL, GUEST).grantPermission(INSERT) .createRole(OWNER, (with) -> { with.permission(DELETE); diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/InsertTriggerGenerator.java b/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/InsertTriggerGenerator.java index 454a4394..2d6ca831 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/InsertTriggerGenerator.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/InsertTriggerGenerator.java @@ -55,7 +55,7 @@ public class InsertTriggerGenerator { plPgSql.writeLn(""" -- granting INSERT permission to ${rawSubTable} ---------------------------- """, - with("rawSubTable", g.getSuperRoleDef().getEntityAlias().getRawTableName())); + with("rawSubTable", g.getSuperRoleDef().getEntityAlias().getRawTableNameWithSchema())); if (isGrantToADifferentTable(g)) { plPgSql.writeLn( @@ -73,7 +73,7 @@ public class InsertTriggerGenerator { ${whenCondition} LOOP call rbac.grantPermissionToRole( - createPermission(row.uuid, 'INSERT', '${rawSubTable}'), + rbac.createPermission(row.uuid, 'INSERT', '${rawSubTable}'), ${superRoleRef}); END LOOP; end; @@ -84,40 +84,40 @@ public class InsertTriggerGenerator { ? "WHERE type = '${value}'" .replace("${value}", g.getSuperRoleDef().getEntityAlias().usingCase().value) : "-- unconditional for all rows in that table"), - with("rawSuperTable", g.getSuperRoleDef().getEntityAlias().getRawTableName()), - with("rawSubTable", g.getPermDef().getEntityAlias().getRawTableName()), + with("rawSuperTable", g.getSuperRoleDef().getEntityAlias().getRawTableNameWithSchema()), + with("rawSubTable", g.getPermDef().getEntityAlias().getRawTableNameWithSchema()), with("superRoleRef", toRoleDescriptor(g.getSuperRoleDef(), "row"))); } else { plPgSql.writeLn(""" -- Granting INSERT INTO hs_hosting_asset permissions to specified role of pre-existing hs_hosting_asset rows slipped, -- because there cannot yet be any pre-existing rows in the same table yet. """, - with("rawSuperTable", g.getSuperRoleDef().getEntityAlias().getRawTableName()), - with("rawSubTable", g.getPermDef().getEntityAlias().getRawTableName())); + with("rawSuperTable", g.getSuperRoleDef().getEntityAlias().getRawTableNameWithSchema()), + with("rawSubTable", g.getPermDef().getEntityAlias().getRawTableNameWithSchema())); } plPgSql.writeLn(""" /** Grants ${rawSubTable} INSERT permission to specified role of new ${rawSuperTable} rows. */ - create or replace function new_${rawSubTable}_grants_insert_to_${rawSuperTable}_tf() + create or replace function ${rawSuperTableSchemaName}new_${rawSubTableShortName}_grants_insert_to_${rawSuperTableShortName}_tf() returns trigger language plpgsql strict as $$ begin ${ifConditionThen} call rbac.grantPermissionToRole( - createPermission(NEW.uuid, 'INSERT', '${rawSubTable}'), + rbac.createPermission(NEW.uuid, 'INSERT', '${rawSubTable}'), ${superRoleRef}); ${ifConditionEnd} return NEW; end; $$; - + -- z_... is to put it at the end of after insert triggers, to make sure the roles exist - create trigger z_new_${rawSubTable}_grants_insert_to_${rawSuperTable}_tg - after insert on ${rawSuperTable} + create trigger z_new_${rawSubTable}_grants_after_insert_tg + after insert on ${rawSuperTableWithSchema} for each row - execute procedure new_${rawSubTable}_grants_insert_to_${rawSuperTable}_tf(); + execute procedure ${rawSuperTableSchemaName}new_${rawSubTableShortName}_grants_insert_to_${rawSuperTableShortName}_tf(); """, with("ifConditionThen", g.getSuperRoleDef().getEntityAlias().isCaseDependent() // TODO.impl: .type needs to be dynamically generated @@ -127,8 +127,12 @@ public class InsertTriggerGenerator { ? "end if;" : "-- end."), with("superRoleRef", toRoleDescriptor(g.getSuperRoleDef(), NEW.name())), + with("rawSuperTableWithSchema", g.getSuperRoleDef().getEntityAlias().getRawTableNameWithSchema()), + with("rawSuperTableShortName", g.getSuperRoleDef().getEntityAlias().getRawTableShortName()), with("rawSuperTable", g.getSuperRoleDef().getEntityAlias().getRawTableName()), - with("rawSubTable", g.getPermDef().getEntityAlias().getRawTableName())); + with("rawSuperTableSchemaName", g.getSuperRoleDef().getEntityAlias().getRawTableSchemaPrefix()), + with("rawSubTable", g.getPermDef().getEntityAlias().getRawTableNameWithSchema()), + with("rawSubTableShortName", g.getPermDef().getEntityAlias().getRawTableShortName())); }); } @@ -158,7 +162,7 @@ public class InsertTriggerGenerator { for each row execute procedure ${rawSubTable}_insert_permission_missing_tf(); """, - with("rawSubTable", rbacDef.getRootEntityAlias().getRawTableName())); + with("rawSubTable", rbacDef.getRootEntityAlias().getRawTableNameWithSchema())); plPgSql.writeLn("--//"); } @@ -192,7 +196,7 @@ public class InsertTriggerGenerator { superObjectUuid uuid; begin """, - with("rawSubTable", rbacDef.getRootEntityAlias().getRawTableName())); + with("rawSubTable", rbacDef.getRootEntityAlias().getRawTableNameWithSchema())); plPgSql.chopEmptyLines(); } @@ -231,7 +235,7 @@ public class InsertTriggerGenerator { """, with("caseCondition", caseCondition), with("refColumn", superRoleEntityAlias.dependsOnColumName()), - with("rawSubTable", rbacDef.getRootEntityAlias().getRawTableName())); + with("rawSubTable", rbacDef.getRootEntityAlias().getRawTableNameWithSchema())); } else { plPgSql.writeLn( """ @@ -243,7 +247,7 @@ public class InsertTriggerGenerator { end if; """, with("caseCondition", caseCondition), - with("rawSubTable", rbacDef.getRootEntityAlias().getRawTableName()), + with("rawSubTable", rbacDef.getRootEntityAlias().getRawTableNameWithSchema()), with("refColumn", superRoleEntityAlias.dependsOnColumName()), with("fetchSql", g.getSuperRoleDef().getEntityAlias().fetchSql().sql), with("columns", g.getSuperRoleDef().getEntityAlias().aliasName() + ".uuid"), @@ -255,7 +259,7 @@ public class InsertTriggerGenerator { plPgSql.writeLn(); plPgSql.writeLn(""" raise exception '[403] insert into ${rawSubTable} values(%) not allowed for current subjects % (%)', - NEW, base.currentSubjects(), currentSubjectOrAssumedRolesUuids(); + NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); end; $$; create trigger ${rawSubTable}_insert_permission_check_tg @@ -264,7 +268,7 @@ public class InsertTriggerGenerator { execute procedure ${rawSubTable}_insert_permission_check_tf(); --// """, - with("rawSubTable", rbacDef.getRootEntityAlias().getRawTableName())); + with("rawSubTable", rbacDef.getRootEntityAlias().getRawTableNameWithSchema())); } private String toStringList(final Set cases) { @@ -272,7 +276,7 @@ public class InsertTriggerGenerator { } private boolean isGrantToADifferentTable(final RbacView.RbacGrantDefinition g) { - return !rbacDef.getRootEntityAlias().getRawTableName().equals(g.getSuperRoleDef().getEntityAlias().getRawTableName()); + return !rbacDef.getRootEntityAlias().getRawTableNameWithSchema().equals(g.getSuperRoleDef().getEntityAlias().getRawTableNameWithSchema()); } private Stream getInsertGrants() { diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RbacIdentityViewGenerator.java b/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RbacIdentityViewGenerator.java index f7c4d20d..613a5e94 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RbacIdentityViewGenerator.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RbacIdentityViewGenerator.java @@ -12,7 +12,7 @@ public class RbacIdentityViewGenerator { this.rbacDef = rbacDef; this.liquibaseTagPrefix = liquibaseTagPrefix; this.simpleEntityVarName = rbacDef.getRootEntityAlias().simpleName(); - this.rawTableName = rbacDef.getRootEntityAlias().getRawTableName(); + this.rawTableName = rbacDef.getRootEntityAlias().getRawTableNameWithSchema(); } void generateTo(final StringWriter plPgSql) { diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RbacObjectGenerator.java b/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RbacObjectGenerator.java index 45c5cfbe..e685f1df 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RbacObjectGenerator.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RbacObjectGenerator.java @@ -9,7 +9,7 @@ public class RbacObjectGenerator { public RbacObjectGenerator(final RbacView rbacDef, final String liquibaseTagPrefix) { this.liquibaseTagPrefix = liquibaseTagPrefix; - this.rawTableName = rbacDef.getRootEntityAlias().getRawTableName(); + this.rawTableName = rbacDef.getRootEntityAlias().getRawTableNameWithSchema(); } void generateTo(final StringWriter plPgSql) { diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RbacRestrictedViewGenerator.java b/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RbacRestrictedViewGenerator.java index b66c8e19..156dc685 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RbacRestrictedViewGenerator.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RbacRestrictedViewGenerator.java @@ -13,7 +13,7 @@ public class RbacRestrictedViewGenerator { public RbacRestrictedViewGenerator(final RbacView rbacDef, final String liquibaseTagPrefix) { this.rbacDef = rbacDef; this.liquibaseTagPrefix = liquibaseTagPrefix; - this.rawTableName = rbacDef.getRootEntityAlias().getRawTableName(); + this.rawTableName = rbacDef.getRootEntityAlias().getRawTableNameWithSchema(); } void generateTo(final StringWriter plPgSql) { diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RbacRoleDescriptorsGenerator.java b/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RbacRoleDescriptorsGenerator.java index 894a5e6e..23c1bbd7 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RbacRoleDescriptorsGenerator.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RbacRoleDescriptorsGenerator.java @@ -11,7 +11,7 @@ public class RbacRoleDescriptorsGenerator { public RbacRoleDescriptorsGenerator(final RbacView rbacDef, final String liquibaseTagPrefix) { this.liquibaseTagPrefix = liquibaseTagPrefix; this.simpleEntityVarName = rbacDef.getRootEntityAlias().simpleName(); - this.rawTableName = rbacDef.getRootEntityAlias().getRawTableName(); + this.rawTableName = rbacDef.getRootEntityAlias().getRawTableNameWithSchema(); } void generateTo(final StringWriter plPgSql) { diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RbacView.java b/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RbacView.java index 03f7d4cb..de787301 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RbacView.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RbacView.java @@ -548,7 +548,7 @@ public class RbacView { } public RbacView grantPermission(final Permission perm) { - final var forTable = rootEntityAlias.getRawTableName(); + final var forTable = rootEntityAlias.getRawTableNameWithSchema(); findOrCreateGrantDef(findRbacPerm(rootEntityAlias, perm, forTable), superRoleDef).toCreate(); return RbacView.this; } @@ -937,7 +937,7 @@ public class RbacView { return switch (fetchSql.part) { case SQL_QUERY -> fetchSql; case AUTO_FETCH -> - SQL.query("SELECT * FROM " + getRawTableName() + " WHERE uuid = ${ref}." + dependsOnColum.column); + SQL.query("SELECT * FROM " + getRawTableNameWithSchema() + " WHERE uuid = ${ref}." + dependsOnColum.column); default -> throw new IllegalStateException("unexpected SQL definition: " + fetchSql); }; } @@ -960,13 +960,39 @@ public class RbacView { : uncapitalize(withoutEntitySuffix(entityClass.getSimpleName())); } - String getRawTableName() { + String getRawTableNameWithSchema() { if ( aliasName.equals("rbac.global")) { return "rbac.global"; // TODO: maybe we should introduce a GlobalEntity class? } return withoutRvSuffix(entityClass.getAnnotation(Table.class).name()); } + String getRawTableSchemaPrefix() { + final var rawTableNameWithSchema = getRawTableNameWithSchema(); + final var parts = rawTableNameWithSchema.split("\\."); + final var rawTableSchemaPrefix = parts.length > 1 ? parts[0] + "." : ""; + return rawTableSchemaPrefix; + } + + String getRawTableName() { + final var rawTableNameWithSchema = getRawTableNameWithSchema(); + final var parts = rawTableNameWithSchema.split("\\."); + final var rawTableName = parts.length > 1 ? parts[1] : rawTableNameWithSchema; + return rawTableName; + } + + String getRawTableShortName() { + // TODO.impl: some combined function and trigger names are too long + // maybe we should shorten the table name e.g. hs_office_coopsharestransaction -> hsof.coopsharetx + // this is just a workaround: + return getRawTableName() + .replace("hs_office_", "hsof_") + .replace("hs_booking_", "hsbk_") + .replace("hs_hosting_", "hsho_") + .replace("coopsharestransaction", "coopsharetx") + .replace("coopassetstransaction", "coopassettx"); + } + String dependsOnColumName() { if (dependsOnColum == null) { throw new IllegalStateException( diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RbacViewPostgresGenerator.java b/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RbacViewPostgresGenerator.java index 5a3b2be8..cf80c443 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RbacViewPostgresGenerator.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RbacViewPostgresGenerator.java @@ -17,7 +17,7 @@ public class RbacViewPostgresGenerator { public RbacViewPostgresGenerator(final RbacView forRbacDef) { rbacDef = forRbacDef; - liqibaseTagPrefix = rbacDef.getRootEntityAlias().getRawTableName().replace("_", "-"); + liqibaseTagPrefix = rbacDef.getRootEntityAlias().getRawTableNameWithSchema().replace("_", "-"); plPgSql.writeLn(""" --liquibase formatted sql -- This code generated was by ${generator}, do not amend manually. diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RolesGrantsAndPermissionsGenerator.java b/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RolesGrantsAndPermissionsGenerator.java index 7c1faccf..865e9a3b 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RolesGrantsAndPermissionsGenerator.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RolesGrantsAndPermissionsGenerator.java @@ -40,7 +40,7 @@ class RolesGrantsAndPermissionsGenerator { simpleEntityVarName = rbacDef.getRootEntityAlias().simpleName(); simpleEntityName = capitalize(simpleEntityVarName); - rawTableName = rbacDef.getRootEntityAlias().getRawTableName(); + rawTableName = rbacDef.getRootEntityAlias().getRawTableNameWithSchema(); } void generateTo(final StringWriter plPgSql) { @@ -77,7 +77,7 @@ class RolesGrantsAndPermissionsGenerator { plPgSql.writeLn("declare"); plPgSql.indented(() -> { referencedEntityAliases() - .forEach((ea) -> plPgSql.writeLn(entityRefVar(NEW, ea) + " " + ea.getRawTableName() + ";")); + .forEach((ea) -> plPgSql.writeLn(entityRefVar(NEW, ea) + " " + ea.getRawTableNameWithSchema() + ";")); }); plPgSql.writeLn(); @@ -145,8 +145,8 @@ class RolesGrantsAndPermissionsGenerator { plPgSql.indented(() -> { referencedEntityAliases() .forEach((ea) -> { - plPgSql.writeLn(entityRefVar(OLD, ea) + " " + ea.getRawTableName() + ";"); - plPgSql.writeLn(entityRefVar(NEW, ea) + " " + ea.getRawTableName() + ";"); + plPgSql.writeLn(entityRefVar(OLD, ea) + " " + ea.getRawTableNameWithSchema() + ";"); + plPgSql.writeLn(entityRefVar(NEW, ea) + " " + ea.getRawTableNameWithSchema() + ";"); }); }); @@ -322,7 +322,7 @@ class RolesGrantsAndPermissionsGenerator { final var grantSql = switch (grantDef.grantType()) { case ROLE_TO_USER -> throw new IllegalArgumentException("unexpected grant"); case ROLE_TO_ROLE -> "call rbac.grantRoleToRole(${subRoleRef}, ${superRoleRef}${assumed});" - .replace("${assumed}", grantDef.isAssumed() ? "" : ", unassumed()") + .replace("${assumed}", grantDef.isAssumed() ? "" : ", rbac.unassumed()") .replace("${subRoleRef}", roleRef(NEW, grantDef.getSubRoleDef())) .replace("${superRoleRef}", roleRef(NEW, grantDef.getSuperRoleDef())); case PERM_TO_ROLE -> @@ -343,7 +343,7 @@ class RolesGrantsAndPermissionsGenerator { } private String createPerm(final PostgresTriggerReference ref, final RbacPermissionDefinition permDef) { - return permRef("createPermission", ref, permDef); + return permRef("rbac.createPermission", ref, permDef); } private String permRef(final String functionName, final PostgresTriggerReference ref, final RbacPermissionDefinition permDef) { @@ -580,7 +580,7 @@ class RolesGrantsAndPermissionsGenerator { private String toPlPgSqlReference(final RbacView.RbacSubjectReference userRef) { return switch (userRef.role) { - case CREATOR -> "currentSubjectUuid()"; + case CREATOR -> "rbac.currentSubjectUuid()"; default -> throw new IllegalArgumentException("unknown user role: " + userRef); }; } @@ -589,9 +589,9 @@ class RolesGrantsAndPermissionsGenerator { final PostgresTriggerReference triggerRef, final RbacView.RbacRoleDefinition roleDef, final boolean assumed) { - final var assumedArg = assumed ? "" : ", unassumed()"; + final var assumedArg = assumed ? "" : ", rbac.unassumed()"; return toRoleRef(roleDef) + - (roleDef.getEntityAlias().isGlobal() ? ( assumed ? "()" : "(unassumed())") + (roleDef.getEntityAlias().isGlobal() ? ( assumed ? "()" : "(rbac.unassumed())") : rbacDef.isRootEntityAlias(roleDef.getEntityAlias()) ? ("(" + triggerRef.name() + ")") : "(" + toTriggerReference(triggerRef, roleDef.getEntityAlias()) + assumedArg + ")"); } diff --git a/src/main/resources/db/changelog/2-test/201-test-customer/2013-test-customer-rbac.sql b/src/main/resources/db/changelog/2-test/201-test-customer/2013-test-customer-rbac.sql index acd8994c..37b4ea9e 100644 --- a/src/main/resources/db/changelog/2-test/201-test-customer/2013-test-customer-rbac.sql +++ b/src/main/resources/db/changelog/2-test/201-test-customer/2013-test-customer-rbac.sql @@ -87,7 +87,7 @@ execute procedure insertTriggerForTestCustomer_tf(); */ do language plpgsql $$ declare - row rbac.global%ROWTYPE; + row rbac.global; begin call base.defineContext('create INSERT INTO test_customer permissions for pre-exising rbac.global rows'); @@ -96,15 +96,15 @@ do language plpgsql $$ LOOP call rbac.grantPermissionToRole( rbac.createPermission(row.uuid, 'INSERT', 'test_customer'), - rbac.globalAdmin()); + rbac.globalADMIN()); END LOOP; end; $$; /** - Grants test_customer INSERT permission to specified role of new rbac.global rows. + Grants test_customer INSERT permission to specified role of new global rows. */ -create or replace function new_test_customer_grants_insert_to_global_tf() +create or replace function rbac.new_test_customer_grants_insert_to_global_tf() returns trigger language plpgsql strict as $$ @@ -112,16 +112,16 @@ begin -- unconditional for all rows in that table call rbac.grantPermissionToRole( rbac.createPermission(NEW.uuid, 'INSERT', 'test_customer'), - rbac.globalAdmin()); + rbac.globalADMIN()); -- end. return NEW; end; $$; -- z_... is to put it at the end of after insert triggers, to make sure the roles exist -create trigger z_new_test_customer_grants_insert_to_global_tg +create trigger z_new_test_customer_grants_after_insert_tg after insert on rbac.global for each row -execute procedure new_test_customer_grants_insert_to_global_tf(); +execute procedure rbac.new_test_customer_grants_insert_to_global_tf(); -- ============================================================================ diff --git a/src/main/resources/db/changelog/2-test/202-test-package/2023-test-package-rbac.sql b/src/main/resources/db/changelog/2-test/202-test-package/2023-test-package-rbac.sql index 20f98256..f857d51a 100644 --- a/src/main/resources/db/changelog/2-test/202-test-package/2023-test-package-rbac.sql +++ b/src/main/resources/db/changelog/2-test/202-test-package/2023-test-package-rbac.sql @@ -183,7 +183,7 @@ begin end; $$; -- z_... is to put it at the end of after insert triggers, to make sure the roles exist -create trigger z_new_test_package_grants_insert_to_test_customer_tg +create trigger z_new_test_package_grants_after_insert_tg after insert on test_customer for each row execute procedure new_test_package_grants_insert_to_test_customer_tf(); diff --git a/src/main/resources/db/changelog/2-test/203-test-domain/2033-test-domain-rbac.sql b/src/main/resources/db/changelog/2-test/203-test-domain/2033-test-domain-rbac.sql index 561ea5a7..a09dc12a 100644 --- a/src/main/resources/db/changelog/2-test/203-test-domain/2033-test-domain-rbac.sql +++ b/src/main/resources/db/changelog/2-test/203-test-domain/2033-test-domain-rbac.sql @@ -182,7 +182,7 @@ begin end; $$; -- z_... is to put it at the end of after insert triggers, to make sure the roles exist -create trigger z_new_test_domain_grants_insert_to_test_package_tg +create trigger z_new_test_domain_grants_after_insert_tg after insert on test_package for each row execute procedure new_test_domain_grants_insert_to_test_package_tf(); diff --git a/src/main/resources/db/changelog/5-hs-office/502-person/5023-hs-office-person-rbac.sql b/src/main/resources/db/changelog/5-hs-office/502-person/5023-hs-office-person-rbac.sql index 16b624cb..48e3c280 100644 --- a/src/main/resources/db/changelog/5-hs-office/502-person/5023-hs-office-person-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/502-person/5023-hs-office-person-rbac.sql @@ -37,7 +37,7 @@ begin perform rbac.defineRoleWithGrants( hsOfficePersonOWNER(NEW), permissions => array['DELETE'], - incomingSuperRoles => array[rbac.globalAdmin()], + incomingSuperRoles => array[rbac.globalADMIN()], subjectUuids => array[rbac.currentSubjectUuid()] ); diff --git a/src/main/resources/db/changelog/5-hs-office/504-partner/5043-hs-office-partner-rbac.sql b/src/main/resources/db/changelog/5-hs-office/504-partner/5043-hs-office-partner-rbac.sql index 1cd6335a..183be0b2 100644 --- a/src/main/resources/db/changelog/5-hs-office/504-partner/5043-hs-office-partner-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/504-partner/5043-hs-office-partner-rbac.sql @@ -164,24 +164,24 @@ execute procedure updateTriggerForHsOfficePartner_tf(); */ do language plpgsql $$ declare - row rbac.global%ROWTYPE; + row rbac.global; begin - call base.defineContext('create INSERT INTO hs_office_partner permissions for pre-exising rbac.Global rows'); + call base.defineContext('create INSERT INTO hs_office_partner permissions for pre-exising rbac.global rows'); FOR row IN SELECT * FROM rbac.global -- unconditional for all rows in that table LOOP call rbac.grantPermissionToRole( rbac.createPermission(row.uuid, 'INSERT', 'hs_office_partner'), - rbac.globalAdmin()); + rbac.globalADMIN()); END LOOP; end; $$; /** - Grants hs_office_partner INSERT permission to specified role of new rbac.global rows. + Grants hs_office_partner INSERT permission to specified role of new global rows. */ -create or replace function new_hs_office_partner_grants_insert_to_global_tf() +create or replace function rbac.new_hsof_partner_grants_insert_to_global_tf() returns trigger language plpgsql strict as $$ @@ -189,16 +189,16 @@ begin -- unconditional for all rows in that table call rbac.grantPermissionToRole( rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office_partner'), - rbac.globalAdmin()); + rbac.globalADMIN()); -- end. return NEW; end; $$; -- z_... is to put it at the end of after insert triggers, to make sure the roles exist -create trigger z_new_hs_office_partner_grants_insert_to_global_tg +create trigger z_new_hs_office_partner_grants_after_insert_tg after insert on rbac.global for each row -execute procedure new_hs_office_partner_grants_insert_to_global_tf(); +execute procedure rbac.new_hsof_partner_grants_insert_to_global_tf(); -- ============================================================================ diff --git a/src/main/resources/db/changelog/5-hs-office/504-partner/5044-hs-office-partner-details-rbac.sql b/src/main/resources/db/changelog/5-hs-office/504-partner/5044-hs-office-partner-details-rbac.sql index 26b4e243..79386023 100644 --- a/src/main/resources/db/changelog/5-hs-office/504-partner/5044-hs-office-partner-details-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/504-partner/5044-hs-office-partner-details-rbac.sql @@ -67,25 +67,25 @@ execute procedure insertTriggerForHsOfficePartnerDetails_tf(); Grants INSERT INTO hs_office_partner_details permissions to specified role of pre-existing rbac.global rows. */ do language plpgsql $$ -declare - row rbac.global; -begin - call base.defineContext('create INSERT INTO hs_office_partner_details permissions for pre-exising global rows'); + declare + row rbac.global; + begin + call base.defineContext('create INSERT INTO hs_office_partner_details permissions for pre-exising rbac.global rows'); - FOR row IN SELECT * FROM rbac.global - -- unconditional for all rows in that table - LOOP + FOR row IN SELECT * FROM rbac.global + -- unconditional for all rows in that table + LOOP call rbac.grantPermissionToRole( rbac.createPermission(row.uuid, 'INSERT', 'hs_office_partner_details'), - rbac.globalAdmin()); - END LOOP; -end; + rbac.globalADMIN()); + END LOOP; + end; $$; /** Grants hs_office_partner_details INSERT permission to specified role of new global rows. */ -create or replace function new_hs_office_partner_details_grants_insert_to_global_tf() +create or replace function rbac.new_hsof_partner_details_grants_insert_to_global_tf() returns trigger language plpgsql strict as $$ @@ -93,16 +93,16 @@ begin -- unconditional for all rows in that table call rbac.grantPermissionToRole( rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office_partner_details'), - rbac.globalAdmin()); + rbac.globalADMIN()); -- end. return NEW; end; $$; -- z_... is to put it at the end of after insert triggers, to make sure the roles exist -create trigger z_new_hs_office_partner_details_grants_insert_to_global_tg +create trigger z_new_hs_office_partner_details_grants_after_insert_tg after insert on rbac.global for each row -execute procedure new_hs_office_partner_details_grants_insert_to_global_tf(); +execute procedure rbac.new_hsof_partner_details_grants_insert_to_global_tf(); -- ============================================================================ @@ -118,7 +118,7 @@ create or replace function hs_office_partner_details_insert_permission_check_tf( declare superObjectUuid uuid; begin - -- check INSERT INSERT if rbac.Global ADMIN + -- check INSERT INSERT if rbac.global ADMIN if rbac.isGlobalAdmin() then return NEW; end if; diff --git a/src/main/resources/db/changelog/5-hs-office/505-bankaccount/5053-hs-office-bankaccount-rbac.sql b/src/main/resources/db/changelog/5-hs-office/505-bankaccount/5053-hs-office-bankaccount-rbac.sql index 5a11bc81..77d4edfa 100644 --- a/src/main/resources/db/changelog/5-hs-office/505-bankaccount/5053-hs-office-bankaccount-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/505-bankaccount/5053-hs-office-bankaccount-rbac.sql @@ -37,7 +37,7 @@ begin perform rbac.defineRoleWithGrants( hsOfficeBankAccountOWNER(NEW), permissions => array['DELETE'], - incomingSuperRoles => array[rbac.globalAdmin()], + incomingSuperRoles => array[rbac.globalADMIN()], subjectUuids => array[rbac.currentSubjectUuid()] ); diff --git a/src/main/resources/db/changelog/5-hs-office/506-debitor/5063-hs-office-debitor-rbac.sql b/src/main/resources/db/changelog/5-hs-office/506-debitor/5063-hs-office-debitor-rbac.sql index 4f000bb0..027e56d4 100644 --- a/src/main/resources/db/changelog/5-hs-office/506-debitor/5063-hs-office-debitor-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/506-debitor/5063-hs-office-debitor-rbac.sql @@ -130,31 +130,31 @@ execute procedure updateTriggerForHsOfficeDebitor_tf(); --changeset hs-office-debitor-rbac-GRANTING-INSERT-PERMISSION:1 endDelimiter:--// -- ---------------------------------------------------------------------------- --- granting INSERT permission to rbac.Global ---------------------------- +-- granting INSERT permission to rbac.global ---------------------------- /* Grants INSERT INTO hs_office_debitor permissions to specified role of pre-existing rbac.global rows. */ do language plpgsql $$ declare - row rbac.global%ROWTYPE; + row rbac.global; begin - call base.defineContext('create INSERT INTO hs_office_debitor permissions for pre-exising rbac.Global rows'); + call base.defineContext('create INSERT INTO hs_office_debitor permissions for pre-exising rbac.global rows'); FOR row IN SELECT * FROM rbac.global -- unconditional for all rows in that table LOOP call rbac.grantPermissionToRole( rbac.createPermission(row.uuid, 'INSERT', 'hs_office_debitor'), - rbac.globalAdmin()); + rbac.globalADMIN()); END LOOP; end; $$; /** - Grants hs_office_debitor INSERT permission to specified role of new rbac.global rows. + Grants hs_office_debitor INSERT permission to specified role of new global rows. */ -create or replace function new_hs_office_debitor_grants_insert_to_global_tf() +create or replace function rbac.new_hsof_debitor_grants_insert_to_global_tf() returns trigger language plpgsql strict as $$ @@ -162,16 +162,16 @@ begin -- unconditional for all rows in that table call rbac.grantPermissionToRole( rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office_debitor'), - rbac.globalAdmin()); + rbac.globalADMIN()); -- end. return NEW; end; $$; -- z_... is to put it at the end of after insert triggers, to make sure the roles exist -create trigger z_new_hs_office_debitor_grants_insert_to_global_tg +create trigger z_new_hs_office_debitor_grants_after_insert_tg after insert on rbac.global for each row -execute procedure new_hs_office_debitor_grants_insert_to_global_tf(); +execute procedure rbac.new_hsof_debitor_grants_insert_to_global_tf(); -- ============================================================================ diff --git a/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5073-hs-office-sepamandate-rbac.sql b/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5073-hs-office-sepamandate-rbac.sql index ff1d7343..2048bafe 100644 --- a/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5073-hs-office-sepamandate-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5073-hs-office-sepamandate-rbac.sql @@ -50,7 +50,7 @@ begin perform rbac.defineRoleWithGrants( hsOfficeSepaMandateOWNER(NEW), permissions => array['DELETE'], - incomingSuperRoles => array[rbac.globalAdmin()], + incomingSuperRoles => array[rbac.globalADMIN()], subjectUuids => array[rbac.currentSubjectUuid()] ); @@ -129,7 +129,7 @@ $$; /** Grants hs_office_sepamandate INSERT permission to specified role of new hs_office_relation rows. */ -create or replace function new_hs_office_sepamandate_grants_insert_to_hs_office_relation_tf() +create or replace function new_hsof_sepamandate_grants_insert_to_hsof_relation_tf() returns trigger language plpgsql strict as $$ @@ -143,10 +143,10 @@ begin end; $$; -- z_... is to put it at the end of after insert triggers, to make sure the roles exist -create trigger z_new_hs_office_sepamandate_grants_insert_to_hs_office_relation_tg +create trigger z_new_hs_office_sepamandate_grants_after_insert_tg after insert on hs_office_relation for each row -execute procedure new_hs_office_sepamandate_grants_insert_to_hs_office_relation_tf(); +execute procedure new_hsof_sepamandate_grants_insert_to_hsof_relation_tf(); -- ============================================================================ diff --git a/src/main/resources/db/changelog/5-hs-office/510-membership/5103-hs-office-membership-rbac.sql b/src/main/resources/db/changelog/5-hs-office/510-membership/5103-hs-office-membership-rbac.sql index a3ca38ba..66a55a28 100644 --- a/src/main/resources/db/changelog/5-hs-office/510-membership/5103-hs-office-membership-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/510-membership/5103-hs-office-membership-rbac.sql @@ -99,24 +99,24 @@ execute procedure insertTriggerForHsOfficeMembership_tf(); */ do language plpgsql $$ declare - row rbac.global%ROWTYPE; + row rbac.global; begin - call base.defineContext('create INSERT INTO hs_office_membership permissions for pre-exising rbac.Global rows'); + call base.defineContext('create INSERT INTO hs_office_membership permissions for pre-exising rbac.global rows'); FOR row IN SELECT * FROM rbac.global -- unconditional for all rows in that table LOOP call rbac.grantPermissionToRole( rbac.createPermission(row.uuid, 'INSERT', 'hs_office_membership'), - rbac.globalAdmin()); + rbac.globalADMIN()); END LOOP; end; $$; /** - Grants hs_office_membership INSERT permission to specified role of new rbac.Global rows. + Grants hs_office_membership INSERT permission to specified role of new global rows. */ -create or replace function new_hs_office_membership_grants_insert_to_global_tf() +create or replace function rbac.new_hsof_membership_grants_insert_to_global_tf() returns trigger language plpgsql strict as $$ @@ -124,16 +124,16 @@ begin -- unconditional for all rows in that table call rbac.grantPermissionToRole( rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office_membership'), - rbac.globalAdmin()); + rbac.globalADMIN()); -- end. return NEW; end; $$; -- z_... is to put it at the end of after insert triggers, to make sure the roles exist -create trigger z_new_hs_office_membership_grants_insert_to_global_tg +create trigger z_new_hs_office_membership_grants_after_insert_tg after insert on rbac.global for each row -execute procedure new_hs_office_membership_grants_insert_to_global_tf(); +execute procedure rbac.new_hsof_membership_grants_insert_to_global_tf(); -- ============================================================================ @@ -149,7 +149,7 @@ create or replace function hs_office_membership_insert_permission_check_tf() declare superObjectUuid uuid; begin - -- check INSERT INSERT if rbac.Global ADMIN + -- check INSERT INSERT if rbac.global ADMIN if rbac.isGlobalAdmin() then return NEW; end if; diff --git a/src/main/resources/db/changelog/5-hs-office/511-coopshares/5113-hs-office-coopshares-rbac.sql b/src/main/resources/db/changelog/5-hs-office/511-coopshares/5113-hs-office-coopshares-rbac.sql index e0a9bd0c..6a10ff93 100644 --- a/src/main/resources/db/changelog/5-hs-office/511-coopshares/5113-hs-office-coopshares-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/511-coopshares/5113-hs-office-coopshares-rbac.sql @@ -92,7 +92,7 @@ $$; /** Grants hs_office_coopsharestransaction INSERT permission to specified role of new hs_office_membership rows. */ -create or replace function new_hs_office_coopsharestransaction_grants_insert_to_hs_office_membership_tf() +create or replace function new_hsof_coopsharetx_grants_insert_to_hsof_membership_tf() returns trigger language plpgsql strict as $$ @@ -106,10 +106,10 @@ begin end; $$; -- z_... is to put it at the end of after insert triggers, to make sure the roles exist -create trigger z_new_hs_office_coopsharestransaction_grants_insert_to_hs_office_membership_tg +create trigger z_new_hs_office_coopsharestransaction_grants_after_insert_tg after insert on hs_office_membership for each row -execute procedure new_hs_office_coopsharestransaction_grants_insert_to_hs_office_membership_tf(); +execute procedure new_hsof_coopsharetx_grants_insert_to_hsof_membership_tf(); -- ============================================================================ diff --git a/src/main/resources/db/changelog/5-hs-office/512-coopassets/5123-hs-office-coopassets-rbac.sql b/src/main/resources/db/changelog/5-hs-office/512-coopassets/5123-hs-office-coopassets-rbac.sql index a0351650..f77d8303 100644 --- a/src/main/resources/db/changelog/5-hs-office/512-coopassets/5123-hs-office-coopassets-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/512-coopassets/5123-hs-office-coopassets-rbac.sql @@ -92,7 +92,7 @@ $$; /** Grants hs_office_coopassetstransaction INSERT permission to specified role of new hs_office_membership rows. */ -create or replace function new_hs_office_coopassetstransaction_grants_insert_to_hs_office_membership_tf() +create or replace function new_hsof_coopassettx_grants_insert_to_hsof_membership_tf() returns trigger language plpgsql strict as $$ @@ -106,10 +106,10 @@ begin end; $$; -- z_... is to put it at the end of after insert triggers, to make sure the roles exist -create trigger z_new_hs_office_coopassetstransaction_grants_insert_to_hs_office_membership_tg +create trigger z_new_hs_office_coopassetstransaction_grants_after_insert_tg after insert on hs_office_membership for each row -execute procedure new_hs_office_coopassetstransaction_grants_insert_to_hs_office_membership_tf(); +execute procedure new_hsof_coopassettx_grants_insert_to_hsof_membership_tf(); -- ============================================================================ -- 2.39.5 From 57b4992a16d05fe5dcb1bb2f0426d16a286a4330 Mon Sep 17 00:00:00 2001 From: Michael Hoennig Date: Sat, 14 Sep 2024 13:36:24 +0200 Subject: [PATCH 44/57] rename rbac directories --- .../hs/booking/item/HsBookingItem.java | 2 +- .../booking/item/HsBookingItemRbacEntity.java | 32 +++++++-------- .../hs/booking/project/HsBookingProject.java | 26 ++++++------ .../project/HsBookingProjectRbacEntity.java | 36 ++++++++--------- .../hs/hosting/asset/HsHostingAsset.java | 2 +- .../asset/HsHostingAssetRbacEntity.java | 40 +++++++++---------- .../HsOfficeBankAccountEntity.java | 12 +++--- .../hs/office/contact/HsOfficeContact.java | 2 +- .../contact/HsOfficeContactRbacEntity.java | 14 +++---- .../HsOfficeCoopAssetsTransactionEntity.java | 24 +++++------ .../HsOfficeCoopSharesTransactionEntity.java | 26 ++++++------ .../debitor/HsOfficeDebitorController.java | 2 +- .../office/debitor/HsOfficeDebitorEntity.java | 28 ++++++------- .../membership/HsOfficeMembershipEntity.java | 36 ++++++++--------- .../partner/HsOfficePartnerController.java | 2 +- .../partner/HsOfficePartnerDetailsEntity.java | 14 +++---- .../office/partner/HsOfficePartnerEntity.java | 22 +++++----- .../office/person/HsOfficePersonEntity.java | 16 ++++---- .../hs/office/relation/HsOfficeRelation.java | 2 +- .../relation/HsOfficeRelationRbacEntity.java | 40 +++++++++---------- .../HsOfficeSepaMandateEntity.java | 24 +++++------ .../InsertTriggerGenerator.java | 14 +++---- .../PostgresTriggerReference.java | 2 +- .../RbacIdentityViewGenerator.java | 4 +- .../RbacObjectGenerator.java | 4 +- .../RbacRestrictedViewGenerator.java | 6 +-- .../RbacRoleDescriptorsGenerator.java | 4 +- .../rbac/{rbacdef => generator}/RbacView.java | 16 ++++---- .../RbacViewMermaidFlowchartGenerator.java | 6 +-- .../RbacViewPostgresGenerator.java | 6 +-- .../RolesGrantsAndPermissionsGenerator.java | 20 +++++----- .../{rbacdef => generator}/StringWriter.java | 2 +- .../{rbacdef => generator}/package-info.java | 2 +- .../RawRbacGrantEntity.java | 2 +- .../RawRbacGrantRepository.java | 2 +- .../RbacGrantController.java | 2 +- .../{rbacgrant => grant}/RbacGrantEntity.java | 4 +- .../{rbacgrant => grant}/RbacGrantId.java | 2 +- .../RbacGrantRepository.java | 2 +- .../RbacGrantsDiagramService.java | 4 +- .../{rbacobject => object}/BaseEntity.java | 2 +- .../RbacRoleController.java | 2 +- .../{rbacrole => role}/RbacRoleEntity.java | 2 +- .../RbacRoleRepository.java | 2 +- .../rbac/{rbacrole => role}/RbacRoleType.java | 2 +- .../rbac/test/cust/TestCustomerEntity.java | 16 ++++---- .../rbac/test/dom/TestDomainEntity.java | 20 +++++----- .../rbac/test/pac/TestPackageEntity.java | 20 +++++----- .../hsadminng/arch/ArchitectureTest.java | 2 +- ...sBookingItemRepositoryIntegrationTest.java | 8 ++-- ...okingProjectRepositoryIntegrationTest.java | 8 ++-- ...HostingAssetRepositoryIntegrationTest.java | 8 ++-- .../hs/migration/BaseOfficeDataImport.java | 2 +- .../hsadminng/hs/migration/CsvDataImport.java | 2 +- ...eBankAccountRepositoryIntegrationTest.java | 8 ++-- ...eContactRbacRepositoryIntegrationTest.java | 8 ++-- ...sTransactionRepositoryIntegrationTest.java | 8 ++-- ...sTransactionRepositoryIntegrationTest.java | 8 ++-- ...fficeDebitorRepositoryIntegrationTest.java | 10 ++--- ...ceMembershipRepositoryIntegrationTest.java | 8 ++-- ...fficePartnerRepositoryIntegrationTest.java | 12 +++--- ...OfficePersonRepositoryIntegrationTest.java | 8 ++-- ...ficeRelationRepositoryIntegrationTest.java | 8 ++-- ...eSepaMandateRepositoryIntegrationTest.java | 8 ++-- .../rbac/context/ContextBasedTest.java | 2 +- .../RbacGrantControllerAcceptanceTest.java | 6 +-- .../RbacGrantEntityUnitTest.java | 4 +- .../RbacGrantRepositoryIntegrationTest.java | 4 +- ...acGrantsDiagramServiceIntegrationTest.java | 4 +- .../RawRbacObjectEntity.java | 2 +- .../RawRbacObjectRepository.java | 2 +- .../{rbacrole => role}/RawRbacRoleEntity.java | 2 +- .../RawRbacRoleRepository.java | 2 +- .../RbacRoleControllerAcceptanceTest.java | 2 +- .../RbacRoleControllerRestTest.java | 4 +- .../RbacRoleRepositoryIntegrationTest.java | 2 +- .../rbac/{rbacrole => role}/TestRbacRole.java | 2 +- .../test/ContextBasedTestWithCleanup.java | 12 +++--- .../hsadminng/rbac/test/EntityList.java | 2 +- .../rbac/test/PatchUnitTestBase.java | 2 +- .../test/cust/TestCustomerEntityUnitTest.java | 2 +- .../test/pac/TestPackageEntityUnitTest.java | 2 +- 82 files changed, 373 insertions(+), 373 deletions(-) rename src/main/java/net/hostsharing/hsadminng/rbac/{rbacdef => generator}/InsertTriggerGenerator.java (96%) rename src/main/java/net/hostsharing/hsadminng/rbac/{rbacdef => generator}/PostgresTriggerReference.java (52%) rename src/main/java/net/hostsharing/hsadminng/rbac/{rbacdef => generator}/RbacIdentityViewGenerator.java (93%) rename src/main/java/net/hostsharing/hsadminng/rbac/{rbacdef => generator}/RbacObjectGenerator.java (88%) rename src/main/java/net/hostsharing/hsadminng/rbac/{rbacdef => generator}/RbacRestrictedViewGenerator.java (88%) rename src/main/java/net/hostsharing/hsadminng/rbac/{rbacdef => generator}/RbacRoleDescriptorsGenerator.java (90%) rename src/main/java/net/hostsharing/hsadminng/rbac/{rbacdef => generator}/RbacView.java (98%) rename src/main/java/net/hostsharing/hsadminng/rbac/{rbacdef => generator}/RbacViewMermaidFlowchartGenerator.java (97%) rename src/main/java/net/hostsharing/hsadminng/rbac/{rbacdef => generator}/RbacViewPostgresGenerator.java (89%) rename src/main/java/net/hostsharing/hsadminng/rbac/{rbacdef => generator}/RolesGrantsAndPermissionsGenerator.java (97%) rename src/main/java/net/hostsharing/hsadminng/rbac/{rbacdef => generator}/StringWriter.java (98%) rename src/main/java/net/hostsharing/hsadminng/rbac/{rbacdef => generator}/package-info.java (81%) rename src/main/java/net/hostsharing/hsadminng/rbac/{rbacgrant => grant}/RawRbacGrantEntity.java (97%) rename src/main/java/net/hostsharing/hsadminng/rbac/{rbacgrant => grant}/RawRbacGrantRepository.java (88%) rename src/main/java/net/hostsharing/hsadminng/rbac/{rbacgrant => grant}/RbacGrantController.java (98%) rename src/main/java/net/hostsharing/hsadminng/rbac/{rbacgrant => grant}/RbacGrantEntity.java (94%) rename src/main/java/net/hostsharing/hsadminng/rbac/{rbacgrant => grant}/RbacGrantId.java (88%) rename src/main/java/net/hostsharing/hsadminng/rbac/{rbacgrant => grant}/RbacGrantRepository.java (95%) rename src/main/java/net/hostsharing/hsadminng/rbac/{rbacgrant => grant}/RbacGrantsDiagramService.java (98%) rename src/main/java/net/hostsharing/hsadminng/rbac/{rbacobject => object}/BaseEntity.java (88%) rename src/main/java/net/hostsharing/hsadminng/rbac/{rbacrole => role}/RbacRoleController.java (95%) rename src/main/java/net/hostsharing/hsadminng/rbac/{rbacrole => role}/RbacRoleEntity.java (94%) rename src/main/java/net/hostsharing/hsadminng/rbac/{rbacrole => role}/RbacRoleRepository.java (91%) rename src/main/java/net/hostsharing/hsadminng/rbac/{rbacrole => role}/RbacRoleType.java (61%) rename src/test/java/net/hostsharing/hsadminng/rbac/{rbacgrant => grant}/RbacGrantControllerAcceptanceTest.java (99%) rename src/test/java/net/hostsharing/hsadminng/rbac/{rbacgrant => grant}/RbacGrantEntityUnitTest.java (94%) rename src/test/java/net/hostsharing/hsadminng/rbac/{rbacgrant => grant}/RbacGrantRepositoryIntegrationTest.java (99%) rename src/test/java/net/hostsharing/hsadminng/rbac/{rbacgrant => grant}/RbacGrantsDiagramServiceIntegrationTest.java (96%) rename src/test/java/net/hostsharing/hsadminng/rbac/{rbacrole => role}/RawRbacObjectEntity.java (93%) rename src/test/java/net/hostsharing/hsadminng/rbac/{rbacrole => role}/RawRbacObjectRepository.java (82%) rename src/test/java/net/hostsharing/hsadminng/rbac/{rbacrole => role}/RawRbacRoleEntity.java (95%) rename src/test/java/net/hostsharing/hsadminng/rbac/{rbacrole => role}/RawRbacRoleRepository.java (82%) rename src/test/java/net/hostsharing/hsadminng/rbac/{rbacrole => role}/RbacRoleControllerAcceptanceTest.java (98%) rename src/test/java/net/hostsharing/hsadminng/rbac/{rbacrole => role}/RbacRoleControllerRestTest.java (96%) rename src/test/java/net/hostsharing/hsadminng/rbac/{rbacrole => role}/RbacRoleRepositoryIntegrationTest.java (99%) rename src/test/java/net/hostsharing/hsadminng/rbac/{rbacrole => role}/TestRbacRole.java (93%) diff --git a/src/main/java/net/hostsharing/hsadminng/hs/booking/item/HsBookingItem.java b/src/main/java/net/hostsharing/hsadminng/hs/booking/item/HsBookingItem.java index 215f7d94..7b7e2174 100644 --- a/src/main/java/net/hostsharing/hsadminng/hs/booking/item/HsBookingItem.java +++ b/src/main/java/net/hostsharing/hsadminng/hs/booking/item/HsBookingItem.java @@ -14,7 +14,7 @@ import net.hostsharing.hsadminng.hs.booking.project.HsBookingProject; import net.hostsharing.hsadminng.hs.booking.project.HsBookingProjectRealEntity; import net.hostsharing.hsadminng.hs.validation.PropertiesProvider; import net.hostsharing.hsadminng.mapper.PatchableMapWrapper; -import net.hostsharing.hsadminng.rbac.rbacobject.BaseEntity; +import net.hostsharing.hsadminng.rbac.object.BaseEntity; import net.hostsharing.hsadminng.stringify.Stringify; import net.hostsharing.hsadminng.stringify.Stringifyable; import org.hibernate.annotations.Type; diff --git a/src/main/java/net/hostsharing/hsadminng/hs/booking/item/HsBookingItemRbacEntity.java b/src/main/java/net/hostsharing/hsadminng/hs/booking/item/HsBookingItemRbacEntity.java index e7e3ecc6..b4f40cb2 100644 --- a/src/main/java/net/hostsharing/hsadminng/hs/booking/item/HsBookingItemRbacEntity.java +++ b/src/main/java/net/hostsharing/hsadminng/hs/booking/item/HsBookingItemRbacEntity.java @@ -5,8 +5,8 @@ import lombok.NoArgsConstructor; import lombok.Setter; import lombok.experimental.SuperBuilder; import net.hostsharing.hsadminng.hs.booking.project.HsBookingProject; -import net.hostsharing.hsadminng.rbac.rbacdef.RbacView; -import net.hostsharing.hsadminng.rbac.rbacdef.RbacView.SQL; +import net.hostsharing.hsadminng.rbac.generator.RbacView; +import net.hostsharing.hsadminng.rbac.generator.RbacView.SQL; import jakarta.persistence.AttributeOverride; import jakarta.persistence.AttributeOverrides; @@ -15,20 +15,20 @@ import jakarta.persistence.Entity; import jakarta.persistence.Table; import java.io.IOException; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Column.dependsOnColumn; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.ColumnValue.usingDefaultCase; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.GLOBAL; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Nullable.NULLABLE; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.DELETE; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.INSERT; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.SELECT; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.UPDATE; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.ADMIN; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.AGENT; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.OWNER; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.TENANT; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.SQL.directlyFetchedByDependsOnColumn; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.rbacViewFor; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.Column.dependsOnColumn; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.ColumnValue.usingDefaultCase; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.GLOBAL; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.Nullable.NULLABLE; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.Permission.DELETE; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.Permission.INSERT; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.Permission.SELECT; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.Permission.UPDATE; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.Role.ADMIN; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.Role.AGENT; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.Role.OWNER; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.Role.TENANT; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.SQL.directlyFetchedByDependsOnColumn; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.rbacViewFor; @Entity @Table(name = "hs_booking_item_rv") diff --git a/src/main/java/net/hostsharing/hsadminng/hs/booking/project/HsBookingProject.java b/src/main/java/net/hostsharing/hsadminng/hs/booking/project/HsBookingProject.java index efda0135..935051fe 100644 --- a/src/main/java/net/hostsharing/hsadminng/hs/booking/project/HsBookingProject.java +++ b/src/main/java/net/hostsharing/hsadminng/hs/booking/project/HsBookingProject.java @@ -5,9 +5,9 @@ import lombok.experimental.SuperBuilder; import net.hostsharing.hsadminng.hs.booking.debitor.HsBookingDebitorEntity; import net.hostsharing.hsadminng.hs.office.debitor.HsOfficeDebitorEntity; import net.hostsharing.hsadminng.hs.office.relation.HsOfficeRelationRbacEntity; -import net.hostsharing.hsadminng.rbac.rbacdef.RbacView; -import net.hostsharing.hsadminng.rbac.rbacdef.RbacView.SQL; -import net.hostsharing.hsadminng.rbac.rbacobject.BaseEntity; +import net.hostsharing.hsadminng.rbac.generator.RbacView; +import net.hostsharing.hsadminng.rbac.generator.RbacView.SQL; +import net.hostsharing.hsadminng.rbac.object.BaseEntity; import net.hostsharing.hsadminng.stringify.Stringify; import net.hostsharing.hsadminng.stringify.Stringifyable; @@ -17,16 +17,16 @@ import java.util.UUID; import static java.util.Optional.ofNullable; import static net.hostsharing.hsadminng.hs.office.relation.HsOfficeRelationType.DEBITOR; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Column.dependsOnColumn; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.ColumnValue.usingCase; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.ColumnValue.usingDefaultCase; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.GLOBAL; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Nullable.NOT_NULL; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.*; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.*; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.SQL.directlyFetchedByDependsOnColumn; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.SQL.fetchedBySql; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.rbacViewFor; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.Column.dependsOnColumn; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.ColumnValue.usingCase; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.ColumnValue.usingDefaultCase; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.GLOBAL; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.Nullable.NOT_NULL; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.Permission.*; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.Role.*; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.SQL.directlyFetchedByDependsOnColumn; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.SQL.fetchedBySql; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.rbacViewFor; import static net.hostsharing.hsadminng.stringify.Stringify.stringify; @MappedSuperclass diff --git a/src/main/java/net/hostsharing/hsadminng/hs/booking/project/HsBookingProjectRbacEntity.java b/src/main/java/net/hostsharing/hsadminng/hs/booking/project/HsBookingProjectRbacEntity.java index bf955d22..e1fed9aa 100644 --- a/src/main/java/net/hostsharing/hsadminng/hs/booking/project/HsBookingProjectRbacEntity.java +++ b/src/main/java/net/hostsharing/hsadminng/hs/booking/project/HsBookingProjectRbacEntity.java @@ -6,30 +6,30 @@ import lombok.Setter; import lombok.experimental.SuperBuilder; import net.hostsharing.hsadminng.hs.office.debitor.HsOfficeDebitorEntity; import net.hostsharing.hsadminng.hs.office.relation.HsOfficeRelationRbacEntity; -import net.hostsharing.hsadminng.rbac.rbacdef.RbacView; -import net.hostsharing.hsadminng.rbac.rbacdef.RbacView.SQL; +import net.hostsharing.hsadminng.rbac.generator.RbacView; +import net.hostsharing.hsadminng.rbac.generator.RbacView.SQL; import jakarta.persistence.Entity; import jakarta.persistence.Table; import java.io.IOException; import static net.hostsharing.hsadminng.hs.office.relation.HsOfficeRelationType.DEBITOR; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Column.dependsOnColumn; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.ColumnValue.usingCase; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.ColumnValue.usingDefaultCase; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.GLOBAL; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Nullable.NOT_NULL; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.DELETE; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.INSERT; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.SELECT; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.UPDATE; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.ADMIN; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.AGENT; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.OWNER; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.TENANT; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.SQL.directlyFetchedByDependsOnColumn; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.SQL.fetchedBySql; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.rbacViewFor; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.Column.dependsOnColumn; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.ColumnValue.usingCase; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.ColumnValue.usingDefaultCase; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.GLOBAL; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.Nullable.NOT_NULL; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.Permission.DELETE; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.Permission.INSERT; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.Permission.SELECT; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.Permission.UPDATE; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.Role.ADMIN; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.Role.AGENT; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.Role.OWNER; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.Role.TENANT; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.SQL.directlyFetchedByDependsOnColumn; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.SQL.fetchedBySql; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.rbacViewFor; @Entity @Table(name = "hs_booking_project_rv") diff --git a/src/main/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAsset.java b/src/main/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAsset.java index 52e884e1..4510655c 100644 --- a/src/main/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAsset.java +++ b/src/main/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAsset.java @@ -14,7 +14,7 @@ import net.hostsharing.hsadminng.hs.booking.project.HsBookingProject; import net.hostsharing.hsadminng.hs.office.contact.HsOfficeContactRealEntity; import net.hostsharing.hsadminng.hs.validation.PropertiesProvider; import net.hostsharing.hsadminng.mapper.PatchableMapWrapper; -import net.hostsharing.hsadminng.rbac.rbacobject.BaseEntity; +import net.hostsharing.hsadminng.rbac.object.BaseEntity; import net.hostsharing.hsadminng.stringify.Stringify; import net.hostsharing.hsadminng.stringify.Stringifyable; import org.hibernate.annotations.Type; diff --git a/src/main/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAssetRbacEntity.java b/src/main/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAssetRbacEntity.java index 42b8be71..da011cdf 100644 --- a/src/main/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAssetRbacEntity.java +++ b/src/main/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAssetRbacEntity.java @@ -6,31 +6,31 @@ import lombok.Setter; import lombok.experimental.SuperBuilder; import net.hostsharing.hsadminng.hs.booking.item.HsBookingItem; import net.hostsharing.hsadminng.hs.office.contact.HsOfficeContactRbacEntity; -import net.hostsharing.hsadminng.rbac.rbacdef.RbacView; -import net.hostsharing.hsadminng.rbac.rbacdef.RbacView.SQL; +import net.hostsharing.hsadminng.rbac.generator.RbacView; +import net.hostsharing.hsadminng.rbac.generator.RbacView.SQL; import jakarta.persistence.Entity; import jakarta.persistence.Table; import java.io.IOException; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.CaseDef.inCaseOf; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Column.dependsOnColumn; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.ColumnValue.usingDefaultCase; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.GLOBAL; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Nullable.NULLABLE; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.DELETE; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.INSERT; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.SELECT; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.UPDATE; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.RbacSubjectReference.UserRole.CREATOR; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.ADMIN; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.AGENT; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.GUEST; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.OWNER; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.REFERRER; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.TENANT; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.SQL.directlyFetchedByDependsOnColumn; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.rbacViewFor; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.CaseDef.inCaseOf; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.Column.dependsOnColumn; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.ColumnValue.usingDefaultCase; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.GLOBAL; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.Nullable.NULLABLE; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.Permission.DELETE; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.Permission.INSERT; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.Permission.SELECT; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.Permission.UPDATE; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.RbacSubjectReference.UserRole.CREATOR; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.Role.ADMIN; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.Role.AGENT; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.Role.GUEST; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.Role.OWNER; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.Role.REFERRER; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.Role.TENANT; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.SQL.directlyFetchedByDependsOnColumn; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.rbacViewFor; @Entity @Table(name = "hs_hosting_asset_rv") diff --git a/src/main/java/net/hostsharing/hsadminng/hs/office/bankaccount/HsOfficeBankAccountEntity.java b/src/main/java/net/hostsharing/hsadminng/hs/office/bankaccount/HsOfficeBankAccountEntity.java index 093795f2..06026420 100644 --- a/src/main/java/net/hostsharing/hsadminng/hs/office/bankaccount/HsOfficeBankAccountEntity.java +++ b/src/main/java/net/hostsharing/hsadminng/hs/office/bankaccount/HsOfficeBankAccountEntity.java @@ -3,8 +3,8 @@ package net.hostsharing.hsadminng.hs.office.bankaccount; import lombok.*; import lombok.experimental.FieldNameConstants; import net.hostsharing.hsadminng.errors.DisplayAs; -import net.hostsharing.hsadminng.rbac.rbacobject.BaseEntity; -import net.hostsharing.hsadminng.rbac.rbacdef.RbacView; +import net.hostsharing.hsadminng.rbac.object.BaseEntity; +import net.hostsharing.hsadminng.rbac.generator.RbacView; import net.hostsharing.hsadminng.stringify.Stringify; import net.hostsharing.hsadminng.stringify.Stringifyable; @@ -12,10 +12,10 @@ import jakarta.persistence.*; import java.io.IOException; import java.util.UUID; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.*; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.*; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.RbacSubjectReference.UserRole.CREATOR; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.*; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.*; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.Permission.*; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.RbacSubjectReference.UserRole.CREATOR; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.Role.*; import static net.hostsharing.hsadminng.stringify.Stringify.stringify; @Entity diff --git a/src/main/java/net/hostsharing/hsadminng/hs/office/contact/HsOfficeContact.java b/src/main/java/net/hostsharing/hsadminng/hs/office/contact/HsOfficeContact.java index 9450e331..196e2d40 100644 --- a/src/main/java/net/hostsharing/hsadminng/hs/office/contact/HsOfficeContact.java +++ b/src/main/java/net/hostsharing/hsadminng/hs/office/contact/HsOfficeContact.java @@ -11,7 +11,7 @@ import lombok.experimental.FieldNameConstants; import lombok.experimental.SuperBuilder; import net.hostsharing.hsadminng.errors.DisplayAs; import net.hostsharing.hsadminng.mapper.PatchableMapWrapper; -import net.hostsharing.hsadminng.rbac.rbacobject.BaseEntity; +import net.hostsharing.hsadminng.rbac.object.BaseEntity; import net.hostsharing.hsadminng.stringify.Stringify; import net.hostsharing.hsadminng.stringify.Stringifyable; import org.hibernate.annotations.GenericGenerator; diff --git a/src/main/java/net/hostsharing/hsadminng/hs/office/contact/HsOfficeContactRbacEntity.java b/src/main/java/net/hostsharing/hsadminng/hs/office/contact/HsOfficeContactRbacEntity.java index 0716f1e7..39b51d0d 100644 --- a/src/main/java/net/hostsharing/hsadminng/hs/office/contact/HsOfficeContactRbacEntity.java +++ b/src/main/java/net/hostsharing/hsadminng/hs/office/contact/HsOfficeContactRbacEntity.java @@ -3,17 +3,17 @@ package net.hostsharing.hsadminng.hs.office.contact; import lombok.*; import lombok.experimental.SuperBuilder; import net.hostsharing.hsadminng.errors.DisplayAs; -import net.hostsharing.hsadminng.rbac.rbacdef.RbacView; -import net.hostsharing.hsadminng.rbac.rbacdef.RbacView.SQL; +import net.hostsharing.hsadminng.rbac.generator.RbacView; +import net.hostsharing.hsadminng.rbac.generator.RbacView.SQL; import jakarta.persistence.*; import java.io.IOException; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.GLOBAL; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.*; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.RbacSubjectReference.UserRole.CREATOR; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.*; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.rbacViewFor; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.GLOBAL; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.Permission.*; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.RbacSubjectReference.UserRole.CREATOR; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.Role.*; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.rbacViewFor; @Entity @Table(name = "hs_office_contact_rv") diff --git a/src/main/java/net/hostsharing/hsadminng/hs/office/coopassets/HsOfficeCoopAssetsTransactionEntity.java b/src/main/java/net/hostsharing/hsadminng/hs/office/coopassets/HsOfficeCoopAssetsTransactionEntity.java index 49487cd8..aecafaba 100644 --- a/src/main/java/net/hostsharing/hsadminng/hs/office/coopassets/HsOfficeCoopAssetsTransactionEntity.java +++ b/src/main/java/net/hostsharing/hsadminng/hs/office/coopassets/HsOfficeCoopAssetsTransactionEntity.java @@ -8,8 +8,8 @@ import lombok.NoArgsConstructor; import lombok.Setter; import net.hostsharing.hsadminng.errors.DisplayAs; import net.hostsharing.hsadminng.hs.office.membership.HsOfficeMembershipEntity; -import net.hostsharing.hsadminng.rbac.rbacobject.BaseEntity; -import net.hostsharing.hsadminng.rbac.rbacdef.RbacView; +import net.hostsharing.hsadminng.rbac.object.BaseEntity; +import net.hostsharing.hsadminng.rbac.generator.RbacView; import net.hostsharing.hsadminng.stringify.Stringify; import net.hostsharing.hsadminng.stringify.Stringifyable; import org.hibernate.annotations.GenericGenerator; @@ -21,16 +21,16 @@ import java.time.LocalDate; import java.util.UUID; import static java.util.Optional.ofNullable; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Column.dependsOnColumn; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.ColumnValue.usingDefaultCase; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Nullable.NOT_NULL; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.INSERT; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.SELECT; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.UPDATE; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.ADMIN; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.AGENT; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.SQL.directlyFetchedByDependsOnColumn; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.rbacViewFor; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.Column.dependsOnColumn; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.ColumnValue.usingDefaultCase; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.Nullable.NOT_NULL; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.Permission.INSERT; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.Permission.SELECT; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.Permission.UPDATE; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.Role.ADMIN; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.Role.AGENT; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.SQL.directlyFetchedByDependsOnColumn; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.rbacViewFor; import static net.hostsharing.hsadminng.stringify.Stringify.stringify; @Entity diff --git a/src/main/java/net/hostsharing/hsadminng/hs/office/coopshares/HsOfficeCoopSharesTransactionEntity.java b/src/main/java/net/hostsharing/hsadminng/hs/office/coopshares/HsOfficeCoopSharesTransactionEntity.java index aa650bd5..2d96af52 100644 --- a/src/main/java/net/hostsharing/hsadminng/hs/office/coopshares/HsOfficeCoopSharesTransactionEntity.java +++ b/src/main/java/net/hostsharing/hsadminng/hs/office/coopshares/HsOfficeCoopSharesTransactionEntity.java @@ -7,9 +7,9 @@ import lombok.NoArgsConstructor; import lombok.Setter; import net.hostsharing.hsadminng.errors.DisplayAs; import net.hostsharing.hsadminng.hs.office.membership.HsOfficeMembershipEntity; -import net.hostsharing.hsadminng.rbac.rbacdef.RbacView; -import net.hostsharing.hsadminng.rbac.rbacobject.BaseEntity; -import net.hostsharing.hsadminng.rbac.rbacdef.RbacView.SQL; +import net.hostsharing.hsadminng.rbac.generator.RbacView; +import net.hostsharing.hsadminng.rbac.object.BaseEntity; +import net.hostsharing.hsadminng.rbac.generator.RbacView.SQL; import net.hostsharing.hsadminng.stringify.Stringify; import net.hostsharing.hsadminng.stringify.Stringifyable; @@ -19,16 +19,16 @@ import java.time.LocalDate; import java.util.UUID; import static java.util.Optional.ofNullable; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Column.dependsOnColumn; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.ColumnValue.usingDefaultCase; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Nullable.NOT_NULL; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.INSERT; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.SELECT; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.UPDATE; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.ADMIN; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.AGENT; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.SQL.directlyFetchedByDependsOnColumn; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.rbacViewFor; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.Column.dependsOnColumn; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.ColumnValue.usingDefaultCase; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.Nullable.NOT_NULL; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.Permission.INSERT; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.Permission.SELECT; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.Permission.UPDATE; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.Role.ADMIN; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.Role.AGENT; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.SQL.directlyFetchedByDependsOnColumn; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.rbacViewFor; import static net.hostsharing.hsadminng.stringify.Stringify.stringify; @Entity diff --git a/src/main/java/net/hostsharing/hsadminng/hs/office/debitor/HsOfficeDebitorController.java b/src/main/java/net/hostsharing/hsadminng/hs/office/debitor/HsOfficeDebitorController.java index 17ab0e70..fd8412c8 100644 --- a/src/main/java/net/hostsharing/hsadminng/hs/office/debitor/HsOfficeDebitorController.java +++ b/src/main/java/net/hostsharing/hsadminng/hs/office/debitor/HsOfficeDebitorController.java @@ -8,7 +8,7 @@ import net.hostsharing.hsadminng.hs.office.generated.api.v1.model.HsOfficeDebito import net.hostsharing.hsadminng.hs.office.relation.HsOfficeRelationRealEntity; import net.hostsharing.hsadminng.hs.office.relation.HsOfficeRelationRealRepository; import net.hostsharing.hsadminng.mapper.Mapper; -import net.hostsharing.hsadminng.rbac.rbacobject.BaseEntity; +import net.hostsharing.hsadminng.rbac.object.BaseEntity; import org.apache.commons.lang3.Validate; import org.hibernate.Hibernate; import org.springframework.beans.factory.annotation.Autowired; diff --git a/src/main/java/net/hostsharing/hsadminng/hs/office/debitor/HsOfficeDebitorEntity.java b/src/main/java/net/hostsharing/hsadminng/hs/office/debitor/HsOfficeDebitorEntity.java index 82e5473f..e0d9493e 100644 --- a/src/main/java/net/hostsharing/hsadminng/hs/office/debitor/HsOfficeDebitorEntity.java +++ b/src/main/java/net/hostsharing/hsadminng/hs/office/debitor/HsOfficeDebitorEntity.java @@ -11,9 +11,9 @@ import net.hostsharing.hsadminng.hs.office.partner.HsOfficePartnerEntity; import net.hostsharing.hsadminng.hs.office.relation.HsOfficeRelation; import net.hostsharing.hsadminng.hs.office.relation.HsOfficeRelationRealEntity; import net.hostsharing.hsadminng.hs.office.relation.HsOfficeRelationRbacEntity; -import net.hostsharing.hsadminng.rbac.rbacobject.BaseEntity; -import net.hostsharing.hsadminng.rbac.rbacdef.RbacView; -import net.hostsharing.hsadminng.rbac.rbacdef.RbacView.SQL; +import net.hostsharing.hsadminng.rbac.object.BaseEntity; +import net.hostsharing.hsadminng.rbac.generator.RbacView; +import net.hostsharing.hsadminng.rbac.generator.RbacView.SQL; import net.hostsharing.hsadminng.stringify.Stringify; import net.hostsharing.hsadminng.stringify.Stringifyable; import org.hibernate.annotations.GenericGenerator; @@ -40,17 +40,17 @@ import static jakarta.persistence.CascadeType.PERSIST; import static jakarta.persistence.CascadeType.REFRESH; import static java.util.Optional.ofNullable; import static net.hostsharing.hsadminng.hs.office.relation.HsOfficeRelationType.DEBITOR; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Column.dependsOnColumn; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.ColumnValue.usingCase; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.ColumnValue.usingDefaultCase; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.GLOBAL; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Nullable.NOT_NULL; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Nullable.NULLABLE; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.*; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.*; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.SQL.directlyFetchedByDependsOnColumn; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.SQL.fetchedBySql; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.rbacViewFor; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.Column.dependsOnColumn; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.ColumnValue.usingCase; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.ColumnValue.usingDefaultCase; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.GLOBAL; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.Nullable.NOT_NULL; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.Nullable.NULLABLE; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.Permission.*; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.Role.*; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.SQL.directlyFetchedByDependsOnColumn; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.SQL.fetchedBySql; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.rbacViewFor; import static net.hostsharing.hsadminng.stringify.Stringify.stringify; @Entity diff --git a/src/main/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipEntity.java b/src/main/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipEntity.java index e5e99803..dae389f8 100644 --- a/src/main/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipEntity.java +++ b/src/main/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipEntity.java @@ -9,10 +9,10 @@ import lombok.NoArgsConstructor; import lombok.Setter; import net.hostsharing.hsadminng.errors.DisplayAs; import net.hostsharing.hsadminng.hs.office.relation.HsOfficeRelationRbacEntity; -import net.hostsharing.hsadminng.rbac.rbacobject.BaseEntity; +import net.hostsharing.hsadminng.rbac.object.BaseEntity; import net.hostsharing.hsadminng.hs.office.partner.HsOfficePartnerEntity; -import net.hostsharing.hsadminng.rbac.rbacdef.RbacView; -import net.hostsharing.hsadminng.rbac.rbacdef.RbacView.SQL; +import net.hostsharing.hsadminng.rbac.generator.RbacView; +import net.hostsharing.hsadminng.rbac.generator.RbacView.SQL; import net.hostsharing.hsadminng.stringify.Stringify; import net.hostsharing.hsadminng.stringify.Stringifyable; import org.hibernate.annotations.Type; @@ -38,21 +38,21 @@ import static io.hypersistence.utils.hibernate.type.range.Range.emptyRange; import static net.hostsharing.hsadminng.mapper.PostgresDateRange.lowerInclusiveFromPostgresDateRange; import static net.hostsharing.hsadminng.mapper.PostgresDateRange.toPostgresDateRange; import static net.hostsharing.hsadminng.mapper.PostgresDateRange.upperInclusiveFromPostgresDateRange; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Column.dependsOnColumn; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.ColumnValue.usingDefaultCase; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.GLOBAL; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Nullable.NOT_NULL; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.DELETE; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.INSERT; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.SELECT; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.UPDATE; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.RbacSubjectReference.UserRole.CREATOR; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.ADMIN; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.AGENT; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.OWNER; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.TENANT; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.SQL.fetchedBySql; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.rbacViewFor; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.Column.dependsOnColumn; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.ColumnValue.usingDefaultCase; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.GLOBAL; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.Nullable.NOT_NULL; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.Permission.DELETE; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.Permission.INSERT; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.Permission.SELECT; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.Permission.UPDATE; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.RbacSubjectReference.UserRole.CREATOR; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.Role.ADMIN; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.Role.AGENT; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.Role.OWNER; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.Role.TENANT; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.SQL.fetchedBySql; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.rbacViewFor; import static net.hostsharing.hsadminng.stringify.Stringify.stringify; @Entity diff --git a/src/main/java/net/hostsharing/hsadminng/hs/office/partner/HsOfficePartnerController.java b/src/main/java/net/hostsharing/hsadminng/hs/office/partner/HsOfficePartnerController.java index e4da02b8..b4b8bd75 100644 --- a/src/main/java/net/hostsharing/hsadminng/hs/office/partner/HsOfficePartnerController.java +++ b/src/main/java/net/hostsharing/hsadminng/hs/office/partner/HsOfficePartnerController.java @@ -13,7 +13,7 @@ import net.hostsharing.hsadminng.hs.office.relation.HsOfficeRelationRealEntity; import net.hostsharing.hsadminng.hs.office.relation.HsOfficeRelationRealRepository; import net.hostsharing.hsadminng.hs.office.relation.HsOfficeRelationType; import net.hostsharing.hsadminng.mapper.Mapper; -import net.hostsharing.hsadminng.rbac.rbacobject.BaseEntity; +import net.hostsharing.hsadminng.rbac.object.BaseEntity; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; diff --git a/src/main/java/net/hostsharing/hsadminng/hs/office/partner/HsOfficePartnerDetailsEntity.java b/src/main/java/net/hostsharing/hsadminng/hs/office/partner/HsOfficePartnerDetailsEntity.java index 85ce126a..0da0323d 100644 --- a/src/main/java/net/hostsharing/hsadminng/hs/office/partner/HsOfficePartnerDetailsEntity.java +++ b/src/main/java/net/hostsharing/hsadminng/hs/office/partner/HsOfficePartnerDetailsEntity.java @@ -2,9 +2,9 @@ package net.hostsharing.hsadminng.hs.office.partner; import lombok.*; import net.hostsharing.hsadminng.errors.DisplayAs; -import net.hostsharing.hsadminng.rbac.rbacobject.BaseEntity; -import net.hostsharing.hsadminng.rbac.rbacdef.RbacView; -import net.hostsharing.hsadminng.rbac.rbacdef.RbacView.SQL; +import net.hostsharing.hsadminng.rbac.object.BaseEntity; +import net.hostsharing.hsadminng.rbac.generator.RbacView; +import net.hostsharing.hsadminng.rbac.generator.RbacView.SQL; import net.hostsharing.hsadminng.stringify.Stringify; import net.hostsharing.hsadminng.stringify.Stringifyable; @@ -13,10 +13,10 @@ import java.io.IOException; import java.time.LocalDate; import java.util.UUID; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.GLOBAL; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.*; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.*; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.rbacViewFor; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.GLOBAL; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.Permission.*; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.Role.*; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.rbacViewFor; import static net.hostsharing.hsadminng.stringify.Stringify.stringify; @Entity diff --git a/src/main/java/net/hostsharing/hsadminng/hs/office/partner/HsOfficePartnerEntity.java b/src/main/java/net/hostsharing/hsadminng/hs/office/partner/HsOfficePartnerEntity.java index 67c4d2bb..41aeb2c9 100644 --- a/src/main/java/net/hostsharing/hsadminng/hs/office/partner/HsOfficePartnerEntity.java +++ b/src/main/java/net/hostsharing/hsadminng/hs/office/partner/HsOfficePartnerEntity.java @@ -10,10 +10,10 @@ import net.hostsharing.hsadminng.hs.office.contact.HsOfficeContact; import net.hostsharing.hsadminng.hs.office.person.HsOfficePersonEntity; import net.hostsharing.hsadminng.hs.office.relation.HsOfficeRelationRealEntity; import net.hostsharing.hsadminng.hs.office.relation.HsOfficeRelationRbacEntity; -import net.hostsharing.hsadminng.rbac.rbacobject.BaseEntity; +import net.hostsharing.hsadminng.rbac.object.BaseEntity; import net.hostsharing.hsadminng.hs.office.relation.HsOfficeRelation; -import net.hostsharing.hsadminng.rbac.rbacdef.RbacView; -import net.hostsharing.hsadminng.rbac.rbacdef.RbacView.SQL; +import net.hostsharing.hsadminng.rbac.generator.RbacView; +import net.hostsharing.hsadminng.rbac.generator.RbacView.SQL; import net.hostsharing.hsadminng.stringify.Stringify; import net.hostsharing.hsadminng.stringify.Stringifyable; import org.hibernate.annotations.NotFound; @@ -24,14 +24,14 @@ import java.io.IOException; import java.util.UUID; import static jakarta.persistence.CascadeType.*; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Column.dependsOnColumn; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.ColumnValue.usingDefaultCase; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.GLOBAL; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.*; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.SELECT; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.*; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.SQL.directlyFetchedByDependsOnColumn; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.rbacViewFor; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.Column.dependsOnColumn; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.ColumnValue.usingDefaultCase; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.GLOBAL; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.Permission.*; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.Permission.SELECT; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.Role.*; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.SQL.directlyFetchedByDependsOnColumn; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.rbacViewFor; import static java.util.Optional.ofNullable; import static net.hostsharing.hsadminng.stringify.Stringify.stringify; diff --git a/src/main/java/net/hostsharing/hsadminng/hs/office/person/HsOfficePersonEntity.java b/src/main/java/net/hostsharing/hsadminng/hs/office/person/HsOfficePersonEntity.java index 19ed9550..9f50d56e 100644 --- a/src/main/java/net/hostsharing/hsadminng/hs/office/person/HsOfficePersonEntity.java +++ b/src/main/java/net/hostsharing/hsadminng/hs/office/person/HsOfficePersonEntity.java @@ -3,9 +3,9 @@ package net.hostsharing.hsadminng.hs.office.person; import lombok.*; import lombok.experimental.FieldNameConstants; import net.hostsharing.hsadminng.errors.DisplayAs; -import net.hostsharing.hsadminng.rbac.rbacobject.BaseEntity; -import net.hostsharing.hsadminng.rbac.rbacdef.RbacView; -import net.hostsharing.hsadminng.rbac.rbacdef.RbacView.SQL; +import net.hostsharing.hsadminng.rbac.object.BaseEntity; +import net.hostsharing.hsadminng.rbac.generator.RbacView; +import net.hostsharing.hsadminng.rbac.generator.RbacView.SQL; import net.hostsharing.hsadminng.stringify.Stringify; import net.hostsharing.hsadminng.stringify.Stringifyable; import org.apache.commons.lang3.StringUtils; @@ -14,11 +14,11 @@ import jakarta.persistence.*; import java.io.IOException; import java.util.UUID; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.GLOBAL; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.*; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.RbacSubjectReference.UserRole.CREATOR; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.*; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.rbacViewFor; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.GLOBAL; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.Permission.*; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.RbacSubjectReference.UserRole.CREATOR; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.Role.*; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.rbacViewFor; import static net.hostsharing.hsadminng.stringify.Stringify.stringify; @Entity diff --git a/src/main/java/net/hostsharing/hsadminng/hs/office/relation/HsOfficeRelation.java b/src/main/java/net/hostsharing/hsadminng/hs/office/relation/HsOfficeRelation.java index c0f13f56..66e954a4 100644 --- a/src/main/java/net/hostsharing/hsadminng/hs/office/relation/HsOfficeRelation.java +++ b/src/main/java/net/hostsharing/hsadminng/hs/office/relation/HsOfficeRelation.java @@ -5,7 +5,7 @@ import lombok.experimental.FieldNameConstants; import lombok.experimental.SuperBuilder; import net.hostsharing.hsadminng.hs.office.contact.HsOfficeContactRealEntity; import net.hostsharing.hsadminng.hs.office.person.HsOfficePersonEntity; -import net.hostsharing.hsadminng.rbac.rbacobject.BaseEntity; +import net.hostsharing.hsadminng.rbac.object.BaseEntity; import net.hostsharing.hsadminng.stringify.Stringify; import net.hostsharing.hsadminng.stringify.Stringifyable; diff --git a/src/main/java/net/hostsharing/hsadminng/hs/office/relation/HsOfficeRelationRbacEntity.java b/src/main/java/net/hostsharing/hsadminng/hs/office/relation/HsOfficeRelationRbacEntity.java index bd4274aa..f47fc105 100644 --- a/src/main/java/net/hostsharing/hsadminng/hs/office/relation/HsOfficeRelationRbacEntity.java +++ b/src/main/java/net/hostsharing/hsadminng/hs/office/relation/HsOfficeRelationRbacEntity.java @@ -7,31 +7,31 @@ import lombok.experimental.SuperBuilder; import net.hostsharing.hsadminng.errors.DisplayAs; import net.hostsharing.hsadminng.hs.office.contact.HsOfficeContactRbacEntity; import net.hostsharing.hsadminng.hs.office.person.HsOfficePersonEntity; -import net.hostsharing.hsadminng.rbac.rbacdef.RbacView; -import net.hostsharing.hsadminng.rbac.rbacdef.RbacView.SQL; +import net.hostsharing.hsadminng.rbac.generator.RbacView; +import net.hostsharing.hsadminng.rbac.generator.RbacView.SQL; import jakarta.persistence.Entity; import jakarta.persistence.Table; import java.io.IOException; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.CaseDef.inCaseOf; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.CaseDef.inOtherCases; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Column.dependsOnColumn; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.ColumnValue.usingDefaultCase; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.GLOBAL; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Nullable.NOT_NULL; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.DELETE; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.INSERT; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.SELECT; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.UPDATE; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.RbacSubjectReference.UserRole.CREATOR; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.ADMIN; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.AGENT; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.OWNER; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.REFERRER; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.TENANT; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.SQL.directlyFetchedByDependsOnColumn; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.rbacViewFor; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.CaseDef.inCaseOf; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.CaseDef.inOtherCases; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.Column.dependsOnColumn; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.ColumnValue.usingDefaultCase; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.GLOBAL; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.Nullable.NOT_NULL; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.Permission.DELETE; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.Permission.INSERT; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.Permission.SELECT; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.Permission.UPDATE; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.RbacSubjectReference.UserRole.CREATOR; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.Role.ADMIN; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.Role.AGENT; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.Role.OWNER; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.Role.REFERRER; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.Role.TENANT; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.SQL.directlyFetchedByDependsOnColumn; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.rbacViewFor; @Entity @Table(name = "hs_office_relation_rv") diff --git a/src/main/java/net/hostsharing/hsadminng/hs/office/sepamandate/HsOfficeSepaMandateEntity.java b/src/main/java/net/hostsharing/hsadminng/hs/office/sepamandate/HsOfficeSepaMandateEntity.java index 27f5b221..e984ce3b 100644 --- a/src/main/java/net/hostsharing/hsadminng/hs/office/sepamandate/HsOfficeSepaMandateEntity.java +++ b/src/main/java/net/hostsharing/hsadminng/hs/office/sepamandate/HsOfficeSepaMandateEntity.java @@ -7,8 +7,8 @@ import net.hostsharing.hsadminng.errors.DisplayAs; import net.hostsharing.hsadminng.hs.office.bankaccount.HsOfficeBankAccountEntity; import net.hostsharing.hsadminng.hs.office.debitor.HsOfficeDebitorEntity; import net.hostsharing.hsadminng.hs.office.relation.HsOfficeRelationRbacEntity; -import net.hostsharing.hsadminng.rbac.rbacobject.BaseEntity; -import net.hostsharing.hsadminng.rbac.rbacdef.RbacView; +import net.hostsharing.hsadminng.rbac.object.BaseEntity; +import net.hostsharing.hsadminng.rbac.generator.RbacView; import net.hostsharing.hsadminng.stringify.Stringify; import net.hostsharing.hsadminng.stringify.Stringifyable; import org.hibernate.annotations.Type; @@ -20,16 +20,16 @@ import java.util.UUID; import static net.hostsharing.hsadminng.hs.office.relation.HsOfficeRelationType.DEBITOR; import static net.hostsharing.hsadminng.mapper.PostgresDateRange.*; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Column.dependsOnColumn; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.ColumnValue.usingCase; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.ColumnValue.usingDefaultCase; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.GLOBAL; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Nullable.NOT_NULL; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.*; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.RbacSubjectReference.UserRole.CREATOR; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.*; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.SQL.*; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.rbacViewFor; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.Column.dependsOnColumn; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.ColumnValue.usingCase; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.ColumnValue.usingDefaultCase; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.GLOBAL; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.Nullable.NOT_NULL; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.Permission.*; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.RbacSubjectReference.UserRole.CREATOR; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.Role.*; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.SQL.*; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.rbacViewFor; import static net.hostsharing.hsadminng.stringify.Stringify.stringify; @Entity diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/InsertTriggerGenerator.java b/src/main/java/net/hostsharing/hsadminng/rbac/generator/InsertTriggerGenerator.java similarity index 96% rename from src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/InsertTriggerGenerator.java rename to src/main/java/net/hostsharing/hsadminng/rbac/generator/InsertTriggerGenerator.java index 2d6ca831..939812c1 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/InsertTriggerGenerator.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/generator/InsertTriggerGenerator.java @@ -1,4 +1,4 @@ -package net.hostsharing.hsadminng.rbac.rbacdef; +package net.hostsharing.hsadminng.rbac.generator; import java.util.Optional; import java.util.Set; @@ -6,12 +6,12 @@ import java.util.function.BinaryOperator; import java.util.stream.Stream; import static java.util.stream.Collectors.joining; -import static net.hostsharing.hsadminng.rbac.rbacdef.PostgresTriggerReference.NEW; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.INSERT; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.RbacGrantDefinition.GrantType.PERM_TO_ROLE; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.ADMIN; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.GUEST; -import static net.hostsharing.hsadminng.rbac.rbacdef.StringWriter.with; +import static net.hostsharing.hsadminng.rbac.generator.PostgresTriggerReference.NEW; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.Permission.INSERT; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.RbacGrantDefinition.GrantType.PERM_TO_ROLE; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.Role.ADMIN; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.Role.GUEST; +import static net.hostsharing.hsadminng.rbac.generator.StringWriter.with; import static org.apache.commons.lang3.StringUtils.capitalize; import static org.apache.commons.lang3.StringUtils.uncapitalize; diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/PostgresTriggerReference.java b/src/main/java/net/hostsharing/hsadminng/rbac/generator/PostgresTriggerReference.java similarity index 52% rename from src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/PostgresTriggerReference.java rename to src/main/java/net/hostsharing/hsadminng/rbac/generator/PostgresTriggerReference.java index 4fb5cb61..f987eecd 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/PostgresTriggerReference.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/generator/PostgresTriggerReference.java @@ -1,4 +1,4 @@ -package net.hostsharing.hsadminng.rbac.rbacdef; +package net.hostsharing.hsadminng.rbac.generator; public enum PostgresTriggerReference { NEW, OLD diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RbacIdentityViewGenerator.java b/src/main/java/net/hostsharing/hsadminng/rbac/generator/RbacIdentityViewGenerator.java similarity index 93% rename from src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RbacIdentityViewGenerator.java rename to src/main/java/net/hostsharing/hsadminng/rbac/generator/RbacIdentityViewGenerator.java index 613a5e94..ad47b4ae 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RbacIdentityViewGenerator.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/generator/RbacIdentityViewGenerator.java @@ -1,6 +1,6 @@ -package net.hostsharing.hsadminng.rbac.rbacdef; +package net.hostsharing.hsadminng.rbac.generator; -import static net.hostsharing.hsadminng.rbac.rbacdef.StringWriter.with; +import static net.hostsharing.hsadminng.rbac.generator.StringWriter.with; public class RbacIdentityViewGenerator { private final RbacView rbacDef; diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RbacObjectGenerator.java b/src/main/java/net/hostsharing/hsadminng/rbac/generator/RbacObjectGenerator.java similarity index 88% rename from src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RbacObjectGenerator.java rename to src/main/java/net/hostsharing/hsadminng/rbac/generator/RbacObjectGenerator.java index e685f1df..d6ef5e91 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RbacObjectGenerator.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/generator/RbacObjectGenerator.java @@ -1,6 +1,6 @@ -package net.hostsharing.hsadminng.rbac.rbacdef; +package net.hostsharing.hsadminng.rbac.generator; -import static net.hostsharing.hsadminng.rbac.rbacdef.StringWriter.with; +import static net.hostsharing.hsadminng.rbac.generator.StringWriter.with; public class RbacObjectGenerator { diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RbacRestrictedViewGenerator.java b/src/main/java/net/hostsharing/hsadminng/rbac/generator/RbacRestrictedViewGenerator.java similarity index 88% rename from src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RbacRestrictedViewGenerator.java rename to src/main/java/net/hostsharing/hsadminng/rbac/generator/RbacRestrictedViewGenerator.java index 156dc685..79388811 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RbacRestrictedViewGenerator.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/generator/RbacRestrictedViewGenerator.java @@ -1,9 +1,9 @@ -package net.hostsharing.hsadminng.rbac.rbacdef; +package net.hostsharing.hsadminng.rbac.generator; import static java.util.stream.Collectors.joining; -import static net.hostsharing.hsadminng.rbac.rbacdef.StringWriter.indented; -import static net.hostsharing.hsadminng.rbac.rbacdef.StringWriter.with; +import static net.hostsharing.hsadminng.rbac.generator.StringWriter.indented; +import static net.hostsharing.hsadminng.rbac.generator.StringWriter.with; public class RbacRestrictedViewGenerator { private final RbacView rbacDef; diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RbacRoleDescriptorsGenerator.java b/src/main/java/net/hostsharing/hsadminng/rbac/generator/RbacRoleDescriptorsGenerator.java similarity index 90% rename from src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RbacRoleDescriptorsGenerator.java rename to src/main/java/net/hostsharing/hsadminng/rbac/generator/RbacRoleDescriptorsGenerator.java index 23c1bbd7..102efeac 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RbacRoleDescriptorsGenerator.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/generator/RbacRoleDescriptorsGenerator.java @@ -1,6 +1,6 @@ -package net.hostsharing.hsadminng.rbac.rbacdef; +package net.hostsharing.hsadminng.rbac.generator; -import static net.hostsharing.hsadminng.rbac.rbacdef.StringWriter.with; +import static net.hostsharing.hsadminng.rbac.generator.StringWriter.with; public class RbacRoleDescriptorsGenerator { diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RbacView.java b/src/main/java/net/hostsharing/hsadminng/rbac/generator/RbacView.java similarity index 98% rename from src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RbacView.java rename to src/main/java/net/hostsharing/hsadminng/rbac/generator/RbacView.java index de787301..634d4c33 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RbacView.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/generator/RbacView.java @@ -1,8 +1,8 @@ -package net.hostsharing.hsadminng.rbac.rbacdef; +package net.hostsharing.hsadminng.rbac.generator; import lombok.EqualsAndHashCode; import lombok.Getter; -import net.hostsharing.hsadminng.rbac.rbacobject.BaseEntity; +import net.hostsharing.hsadminng.rbac.object.BaseEntity; import org.reflections.Reflections; import org.reflections.scanners.TypeAnnotationsScanner; @@ -23,12 +23,12 @@ import static java.util.Arrays.asList; import static java.util.Arrays.stream; import static java.util.Collections.max; import static java.util.Optional.ofNullable; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.ColumnValue.usingDefaultCase; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Nullable.NOT_NULL; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.RbacGrantDefinition.GrantType.PERM_TO_ROLE; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.RbacGrantDefinition.GrantType.ROLE_TO_ROLE; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.RbacSubjectReference.UserRole.CREATOR; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.SQL.Part.AUTO_FETCH; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.ColumnValue.usingDefaultCase; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.Nullable.NOT_NULL; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.RbacGrantDefinition.GrantType.PERM_TO_ROLE; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.RbacGrantDefinition.GrantType.ROLE_TO_ROLE; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.RbacSubjectReference.UserRole.CREATOR; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.SQL.Part.AUTO_FETCH; import static org.apache.commons.collections4.SetUtils.hashSet; import static org.apache.commons.lang3.StringUtils.uncapitalize; diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RbacViewMermaidFlowchartGenerator.java b/src/main/java/net/hostsharing/hsadminng/rbac/generator/RbacViewMermaidFlowchartGenerator.java similarity index 97% rename from src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RbacViewMermaidFlowchartGenerator.java rename to src/main/java/net/hostsharing/hsadminng/rbac/generator/RbacViewMermaidFlowchartGenerator.java index a820ad6a..6a457310 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RbacViewMermaidFlowchartGenerator.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/generator/RbacViewMermaidFlowchartGenerator.java @@ -1,7 +1,7 @@ -package net.hostsharing.hsadminng.rbac.rbacdef; +package net.hostsharing.hsadminng.rbac.generator; import lombok.SneakyThrows; -import net.hostsharing.hsadminng.rbac.rbacdef.RbacView.CaseDef; +import net.hostsharing.hsadminng.rbac.generator.RbacView.CaseDef; import org.apache.commons.lang3.StringUtils; import java.nio.file.*; @@ -12,7 +12,7 @@ import java.util.stream.Stream; import static java.util.Comparator.comparing; import static java.util.stream.Collectors.joining; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.RbacGrantDefinition.GrantType.*; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.RbacGrantDefinition.GrantType.*; public class RbacViewMermaidFlowchartGenerator { diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RbacViewPostgresGenerator.java b/src/main/java/net/hostsharing/hsadminng/rbac/generator/RbacViewPostgresGenerator.java similarity index 89% rename from src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RbacViewPostgresGenerator.java rename to src/main/java/net/hostsharing/hsadminng/rbac/generator/RbacViewPostgresGenerator.java index cf80c443..b4c6dfb4 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RbacViewPostgresGenerator.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/generator/RbacViewPostgresGenerator.java @@ -1,4 +1,4 @@ -package net.hostsharing.hsadminng.rbac.rbacdef; +package net.hostsharing.hsadminng.rbac.generator; import lombok.SneakyThrows; @@ -6,8 +6,8 @@ import java.nio.file.Files; import java.nio.file.Path; import java.nio.file.StandardOpenOption; -import static net.hostsharing.hsadminng.rbac.rbacdef.PostgresTriggerReference.NEW; -import static net.hostsharing.hsadminng.rbac.rbacdef.StringWriter.with; +import static net.hostsharing.hsadminng.rbac.generator.PostgresTriggerReference.NEW; +import static net.hostsharing.hsadminng.rbac.generator.StringWriter.with; public class RbacViewPostgresGenerator { diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RolesGrantsAndPermissionsGenerator.java b/src/main/java/net/hostsharing/hsadminng/rbac/generator/RolesGrantsAndPermissionsGenerator.java similarity index 97% rename from src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RolesGrantsAndPermissionsGenerator.java rename to src/main/java/net/hostsharing/hsadminng/rbac/generator/RolesGrantsAndPermissionsGenerator.java index 865e9a3b..61f5c383 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RolesGrantsAndPermissionsGenerator.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/generator/RolesGrantsAndPermissionsGenerator.java @@ -1,8 +1,8 @@ -package net.hostsharing.hsadminng.rbac.rbacdef; +package net.hostsharing.hsadminng.rbac.generator; -import net.hostsharing.hsadminng.rbac.rbacdef.RbacView.CaseDef; -import net.hostsharing.hsadminng.rbac.rbacdef.RbacView.RbacGrantDefinition; -import net.hostsharing.hsadminng.rbac.rbacdef.RbacView.RbacPermissionDefinition; +import net.hostsharing.hsadminng.rbac.generator.RbacView.CaseDef; +import net.hostsharing.hsadminng.rbac.generator.RbacView.RbacGrantDefinition; +import net.hostsharing.hsadminng.rbac.generator.RbacView.RbacPermissionDefinition; import java.util.HashSet; import java.util.List; @@ -13,12 +13,12 @@ import java.util.stream.Stream; import static java.util.Optional.ofNullable; import static java.util.stream.Collectors.joining; import static java.util.stream.Collectors.toSet; -import static net.hostsharing.hsadminng.rbac.rbacdef.PostgresTriggerReference.NEW; -import static net.hostsharing.hsadminng.rbac.rbacdef.PostgresTriggerReference.OLD; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.INSERT; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.RbacGrantDefinition.GrantType.*; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.*; -import static net.hostsharing.hsadminng.rbac.rbacdef.StringWriter.with; +import static net.hostsharing.hsadminng.rbac.generator.PostgresTriggerReference.NEW; +import static net.hostsharing.hsadminng.rbac.generator.PostgresTriggerReference.OLD; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.Permission.INSERT; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.RbacGrantDefinition.GrantType.*; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.Role.*; +import static net.hostsharing.hsadminng.rbac.generator.StringWriter.with; import static org.apache.commons.lang3.StringUtils.capitalize; import static org.apache.commons.lang3.StringUtils.uncapitalize; diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/StringWriter.java b/src/main/java/net/hostsharing/hsadminng/rbac/generator/StringWriter.java similarity index 98% rename from src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/StringWriter.java rename to src/main/java/net/hostsharing/hsadminng/rbac/generator/StringWriter.java index d78e9a3b..346b8e4d 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/StringWriter.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/generator/StringWriter.java @@ -1,4 +1,4 @@ -package net.hostsharing.hsadminng.rbac.rbacdef; +package net.hostsharing.hsadminng.rbac.generator; import org.apache.commons.lang3.StringUtils; diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/package-info.java b/src/main/java/net/hostsharing/hsadminng/rbac/generator/package-info.java similarity index 81% rename from src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/package-info.java rename to src/main/java/net/hostsharing/hsadminng/rbac/generator/package-info.java index 2a193f2f..8f78c10c 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/package-info.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/generator/package-info.java @@ -1,4 +1,4 @@ -package net.hostsharing.hsadminng.rbac.rbacdef; +package net.hostsharing.hsadminng.rbac.generator; // TODO: The whole code in this package is more like a quick hack to solve an urgent problem. // It should be re-written in PostgreSQL pl/pgsql, diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/rbacgrant/RawRbacGrantEntity.java b/src/main/java/net/hostsharing/hsadminng/rbac/grant/RawRbacGrantEntity.java similarity index 97% rename from src/main/java/net/hostsharing/hsadminng/rbac/rbacgrant/RawRbacGrantEntity.java rename to src/main/java/net/hostsharing/hsadminng/rbac/grant/RawRbacGrantEntity.java index 78077725..f166bbe0 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/rbacgrant/RawRbacGrantEntity.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/grant/RawRbacGrantEntity.java @@ -1,4 +1,4 @@ -package net.hostsharing.hsadminng.rbac.rbacgrant; +package net.hostsharing.hsadminng.rbac.grant; import lombok.*; import org.springframework.data.annotation.Immutable; diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/rbacgrant/RawRbacGrantRepository.java b/src/main/java/net/hostsharing/hsadminng/rbac/grant/RawRbacGrantRepository.java similarity index 88% rename from src/main/java/net/hostsharing/hsadminng/rbac/rbacgrant/RawRbacGrantRepository.java rename to src/main/java/net/hostsharing/hsadminng/rbac/grant/RawRbacGrantRepository.java index 37828bdf..1d0ba3a1 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/rbacgrant/RawRbacGrantRepository.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/grant/RawRbacGrantRepository.java @@ -1,4 +1,4 @@ -package net.hostsharing.hsadminng.rbac.rbacgrant; +package net.hostsharing.hsadminng.rbac.grant; import org.springframework.data.repository.Repository; diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantController.java b/src/main/java/net/hostsharing/hsadminng/rbac/grant/RbacGrantController.java similarity index 98% rename from src/main/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantController.java rename to src/main/java/net/hostsharing/hsadminng/rbac/grant/RbacGrantController.java index fce1f33b..4ca538b9 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantController.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/grant/RbacGrantController.java @@ -1,4 +1,4 @@ -package net.hostsharing.hsadminng.rbac.rbacgrant; +package net.hostsharing.hsadminng.rbac.grant; import net.hostsharing.hsadminng.context.Context; import net.hostsharing.hsadminng.mapper.Mapper; diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantEntity.java b/src/main/java/net/hostsharing/hsadminng/rbac/grant/RbacGrantEntity.java similarity index 94% rename from src/main/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantEntity.java rename to src/main/java/net/hostsharing/hsadminng/rbac/grant/RbacGrantEntity.java index 9a481301..68152e59 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantEntity.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/grant/RbacGrantEntity.java @@ -1,7 +1,7 @@ -package net.hostsharing.hsadminng.rbac.rbacgrant; +package net.hostsharing.hsadminng.rbac.grant; import lombok.*; -import net.hostsharing.hsadminng.rbac.rbacrole.RbacRoleType; +import net.hostsharing.hsadminng.rbac.role.RbacRoleType; import org.springframework.data.annotation.Immutable; import jakarta.persistence.*; diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantId.java b/src/main/java/net/hostsharing/hsadminng/rbac/grant/RbacGrantId.java similarity index 88% rename from src/main/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantId.java rename to src/main/java/net/hostsharing/hsadminng/rbac/grant/RbacGrantId.java index a5e73a0c..86182c14 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantId.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/grant/RbacGrantId.java @@ -1,4 +1,4 @@ -package net.hostsharing.hsadminng.rbac.rbacgrant; +package net.hostsharing.hsadminng.rbac.grant; import lombok.AllArgsConstructor; import lombok.EqualsAndHashCode; diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantRepository.java b/src/main/java/net/hostsharing/hsadminng/rbac/grant/RbacGrantRepository.java similarity index 95% rename from src/main/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantRepository.java rename to src/main/java/net/hostsharing/hsadminng/rbac/grant/RbacGrantRepository.java index 87ffd3c2..9621e1f4 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantRepository.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/grant/RbacGrantRepository.java @@ -1,4 +1,4 @@ -package net.hostsharing.hsadminng.rbac.rbacgrant; +package net.hostsharing.hsadminng.rbac.grant; import org.springframework.data.jpa.repository.Modifying; import org.springframework.data.jpa.repository.Query; diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantsDiagramService.java b/src/main/java/net/hostsharing/hsadminng/rbac/grant/RbacGrantsDiagramService.java similarity index 98% rename from src/main/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantsDiagramService.java rename to src/main/java/net/hostsharing/hsadminng/rbac/grant/RbacGrantsDiagramService.java index d95cd252..05a343dc 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantsDiagramService.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/grant/RbacGrantsDiagramService.java @@ -1,4 +1,4 @@ -package net.hostsharing.hsadminng.rbac.rbacgrant; +package net.hostsharing.hsadminng.rbac.grant; import net.hostsharing.hsadminng.context.Context; import org.springframework.beans.factory.annotation.Autowired; @@ -16,7 +16,7 @@ import java.util.stream.Stream; import static java.util.stream.Collectors.groupingBy; import static java.util.stream.Collectors.joining; -import static net.hostsharing.hsadminng.rbac.rbacgrant.RbacGrantsDiagramService.Include.*; +import static net.hostsharing.hsadminng.rbac.grant.RbacGrantsDiagramService.Include.*; // TODO: cleanup - this code was 'hacked' to quickly fix a specific problem, needs refactoring @Service diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/rbacobject/BaseEntity.java b/src/main/java/net/hostsharing/hsadminng/rbac/object/BaseEntity.java similarity index 88% rename from src/main/java/net/hostsharing/hsadminng/rbac/rbacobject/BaseEntity.java rename to src/main/java/net/hostsharing/hsadminng/rbac/object/BaseEntity.java index d0e7605f..1d0211bb 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/rbacobject/BaseEntity.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/object/BaseEntity.java @@ -1,4 +1,4 @@ -package net.hostsharing.hsadminng.rbac.rbacobject; +package net.hostsharing.hsadminng.rbac.object; import org.hibernate.Hibernate; diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleController.java b/src/main/java/net/hostsharing/hsadminng/rbac/role/RbacRoleController.java similarity index 95% rename from src/main/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleController.java rename to src/main/java/net/hostsharing/hsadminng/rbac/role/RbacRoleController.java index 1a5d8108..5da97292 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleController.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/role/RbacRoleController.java @@ -1,4 +1,4 @@ -package net.hostsharing.hsadminng.rbac.rbacrole; +package net.hostsharing.hsadminng.rbac.role; import net.hostsharing.hsadminng.context.Context; import net.hostsharing.hsadminng.mapper.Mapper; diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleEntity.java b/src/main/java/net/hostsharing/hsadminng/rbac/role/RbacRoleEntity.java similarity index 94% rename from src/main/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleEntity.java rename to src/main/java/net/hostsharing/hsadminng/rbac/role/RbacRoleEntity.java index 25fe16de..b3c801be 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleEntity.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/role/RbacRoleEntity.java @@ -1,4 +1,4 @@ -package net.hostsharing.hsadminng.rbac.rbacrole; +package net.hostsharing.hsadminng.rbac.role; import lombok.*; import org.hibernate.annotations.Formula; diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleRepository.java b/src/main/java/net/hostsharing/hsadminng/rbac/role/RbacRoleRepository.java similarity index 91% rename from src/main/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleRepository.java rename to src/main/java/net/hostsharing/hsadminng/rbac/role/RbacRoleRepository.java index 94633d7c..50a2e8b4 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleRepository.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/role/RbacRoleRepository.java @@ -1,4 +1,4 @@ -package net.hostsharing.hsadminng.rbac.rbacrole; +package net.hostsharing.hsadminng.rbac.role; import org.springframework.data.repository.Repository; diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleType.java b/src/main/java/net/hostsharing/hsadminng/rbac/role/RbacRoleType.java similarity index 61% rename from src/main/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleType.java rename to src/main/java/net/hostsharing/hsadminng/rbac/role/RbacRoleType.java index e78e8836..3fad2ff4 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleType.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/role/RbacRoleType.java @@ -1,4 +1,4 @@ -package net.hostsharing.hsadminng.rbac.rbacrole; +package net.hostsharing.hsadminng.rbac.role; public enum RbacRoleType { OWNER, ADMIN, AGENT, TENANT, GUEST, REFERRER diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/test/cust/TestCustomerEntity.java b/src/main/java/net/hostsharing/hsadminng/rbac/test/cust/TestCustomerEntity.java index 4fa0ef4a..f60fd11d 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/test/cust/TestCustomerEntity.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/test/cust/TestCustomerEntity.java @@ -5,19 +5,19 @@ import lombok.Getter; import lombok.NoArgsConstructor; import lombok.Setter; import lombok.ToString; -import net.hostsharing.hsadminng.rbac.rbacobject.BaseEntity; -import net.hostsharing.hsadminng.rbac.rbacdef.RbacView; -import net.hostsharing.hsadminng.rbac.rbacdef.RbacView.SQL; +import net.hostsharing.hsadminng.rbac.object.BaseEntity; +import net.hostsharing.hsadminng.rbac.generator.RbacView; +import net.hostsharing.hsadminng.rbac.generator.RbacView.SQL; import jakarta.persistence.*; import java.io.IOException; import java.util.UUID; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.GLOBAL; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.*; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.RbacSubjectReference.UserRole.CREATOR; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.*; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.rbacViewFor; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.GLOBAL; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.Permission.*; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.RbacSubjectReference.UserRole.CREATOR; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.Role.*; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.rbacViewFor; @Entity @Table(name = "test_customer_rv") diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/test/dom/TestDomainEntity.java b/src/main/java/net/hostsharing/hsadminng/rbac/test/dom/TestDomainEntity.java index 5d1369ca..3af8bd66 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/test/dom/TestDomainEntity.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/test/dom/TestDomainEntity.java @@ -4,22 +4,22 @@ import lombok.AllArgsConstructor; import lombok.Getter; import lombok.NoArgsConstructor; import lombok.Setter; -import net.hostsharing.hsadminng.rbac.rbacobject.BaseEntity; -import net.hostsharing.hsadminng.rbac.rbacdef.RbacView; -import net.hostsharing.hsadminng.rbac.rbacdef.RbacView.SQL; +import net.hostsharing.hsadminng.rbac.object.BaseEntity; +import net.hostsharing.hsadminng.rbac.generator.RbacView; +import net.hostsharing.hsadminng.rbac.generator.RbacView.SQL; import net.hostsharing.hsadminng.rbac.test.pac.TestPackageEntity; import jakarta.persistence.*; import java.io.IOException; import java.util.UUID; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Column.dependsOnColumn; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.ColumnValue.usingDefaultCase; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Nullable.NOT_NULL; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.*; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.*; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.SQL.directlyFetchedByDependsOnColumn; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.rbacViewFor; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.Column.dependsOnColumn; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.ColumnValue.usingDefaultCase; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.Nullable.NOT_NULL; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.Permission.*; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.Role.*; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.SQL.directlyFetchedByDependsOnColumn; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.rbacViewFor; @Entity @Table(name = "test_domain_rv") diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/test/pac/TestPackageEntity.java b/src/main/java/net/hostsharing/hsadminng/rbac/test/pac/TestPackageEntity.java index 8f4541d5..19e58733 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/test/pac/TestPackageEntity.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/test/pac/TestPackageEntity.java @@ -4,22 +4,22 @@ import lombok.AllArgsConstructor; import lombok.Getter; import lombok.NoArgsConstructor; import lombok.Setter; -import net.hostsharing.hsadminng.rbac.rbacobject.BaseEntity; -import net.hostsharing.hsadminng.rbac.rbacdef.RbacView; -import net.hostsharing.hsadminng.rbac.rbacdef.RbacView.SQL; +import net.hostsharing.hsadminng.rbac.object.BaseEntity; +import net.hostsharing.hsadminng.rbac.generator.RbacView; +import net.hostsharing.hsadminng.rbac.generator.RbacView.SQL; import net.hostsharing.hsadminng.rbac.test.cust.TestCustomerEntity; import jakarta.persistence.*; import java.io.IOException; import java.util.UUID; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Column.dependsOnColumn; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.ColumnValue.usingDefaultCase; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Nullable.NOT_NULL; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.*; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.*; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.SQL.*; -import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.rbacViewFor; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.Column.dependsOnColumn; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.ColumnValue.usingDefaultCase; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.Nullable.NOT_NULL; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.Permission.*; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.Role.*; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.SQL.*; +import static net.hostsharing.hsadminng.rbac.generator.RbacView.rbacViewFor; @Entity @Table(name = "test_package_rv") diff --git a/src/test/java/net/hostsharing/hsadminng/arch/ArchitectureTest.java b/src/test/java/net/hostsharing/hsadminng/arch/ArchitectureTest.java index 3d31a30b..b54ffdb4 100644 --- a/src/test/java/net/hostsharing/hsadminng/arch/ArchitectureTest.java +++ b/src/test/java/net/hostsharing/hsadminng/arch/ArchitectureTest.java @@ -14,7 +14,7 @@ import net.hostsharing.hsadminng.HsadminNgApplication; import net.hostsharing.hsadminng.hs.booking.item.HsBookingItem; import net.hostsharing.hsadminng.hs.hosting.asset.HsHostingAssetRbacEntity; import net.hostsharing.hsadminng.rbac.context.ContextBasedTest; -import net.hostsharing.hsadminng.rbac.rbacgrant.RbacGrantsDiagramService; +import net.hostsharing.hsadminng.rbac.grant.RbacGrantsDiagramService; import org.springframework.data.repository.Repository; import org.springframework.web.bind.annotation.RestController; diff --git a/src/test/java/net/hostsharing/hsadminng/hs/booking/item/HsBookingItemRepositoryIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/hs/booking/item/HsBookingItemRepositoryIntegrationTest.java index d78e8ed2..bbdd7265 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/booking/item/HsBookingItemRepositoryIntegrationTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/booking/item/HsBookingItemRepositoryIntegrationTest.java @@ -4,8 +4,8 @@ import io.hypersistence.utils.hibernate.type.range.Range; import net.hostsharing.hsadminng.context.Context; import net.hostsharing.hsadminng.hs.booking.project.HsBookingProjectRealRepository; import net.hostsharing.hsadminng.hs.office.debitor.HsOfficeDebitorRepository; -import net.hostsharing.hsadminng.rbac.rbacgrant.RawRbacGrantRepository; -import net.hostsharing.hsadminng.rbac.rbacrole.RawRbacRoleRepository; +import net.hostsharing.hsadminng.rbac.grant.RawRbacGrantRepository; +import net.hostsharing.hsadminng.rbac.role.RawRbacRoleRepository; import net.hostsharing.hsadminng.mapper.Array; import net.hostsharing.hsadminng.rbac.test.ContextBasedTestWithCleanup; import net.hostsharing.hsadminng.rbac.test.JpaAttempt; @@ -30,8 +30,8 @@ import java.util.Map; import static java.util.Map.entry; import static net.hostsharing.hsadminng.hs.booking.item.HsBookingItemType.MANAGED_SERVER; import static net.hostsharing.hsadminng.hs.booking.item.HsBookingItemType.MANAGED_WEBSPACE; -import static net.hostsharing.hsadminng.rbac.rbacgrant.RawRbacGrantEntity.distinctGrantDisplaysOf; -import static net.hostsharing.hsadminng.rbac.rbacrole.RawRbacRoleEntity.distinctRoleNamesOf; +import static net.hostsharing.hsadminng.rbac.grant.RawRbacGrantEntity.distinctGrantDisplaysOf; +import static net.hostsharing.hsadminng.rbac.role.RawRbacRoleEntity.distinctRoleNamesOf; import static net.hostsharing.hsadminng.mapper.Array.fromFormatted; import static net.hostsharing.hsadminng.rbac.test.JpaAttempt.attempt; import static org.assertj.core.api.Assertions.assertThat; diff --git a/src/test/java/net/hostsharing/hsadminng/hs/booking/project/HsBookingProjectRepositoryIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/hs/booking/project/HsBookingProjectRepositoryIntegrationTest.java index 15cc441a..f4ada1b2 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/booking/project/HsBookingProjectRepositoryIntegrationTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/booking/project/HsBookingProjectRepositoryIntegrationTest.java @@ -2,8 +2,8 @@ package net.hostsharing.hsadminng.hs.booking.project; import net.hostsharing.hsadminng.context.Context; import net.hostsharing.hsadminng.hs.booking.debitor.HsBookingDebitorRepository; -import net.hostsharing.hsadminng.rbac.rbacgrant.RawRbacGrantRepository; -import net.hostsharing.hsadminng.rbac.rbacrole.RawRbacRoleRepository; +import net.hostsharing.hsadminng.rbac.grant.RawRbacGrantRepository; +import net.hostsharing.hsadminng.rbac.role.RawRbacRoleRepository; import net.hostsharing.hsadminng.mapper.Array; import net.hostsharing.hsadminng.rbac.test.ContextBasedTestWithCleanup; import net.hostsharing.hsadminng.rbac.test.JpaAttempt; @@ -25,8 +25,8 @@ import java.time.ZonedDateTime; import java.util.Arrays; import java.util.List; -import static net.hostsharing.hsadminng.rbac.rbacgrant.RawRbacGrantEntity.distinctGrantDisplaysOf; -import static net.hostsharing.hsadminng.rbac.rbacrole.RawRbacRoleEntity.distinctRoleNamesOf; +import static net.hostsharing.hsadminng.rbac.grant.RawRbacGrantEntity.distinctGrantDisplaysOf; +import static net.hostsharing.hsadminng.rbac.role.RawRbacRoleEntity.distinctRoleNamesOf; import static net.hostsharing.hsadminng.mapper.Array.fromFormatted; import static net.hostsharing.hsadminng.rbac.test.JpaAttempt.attempt; import static org.assertj.core.api.Assertions.assertThat; diff --git a/src/test/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAssetRepositoryIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAssetRepositoryIntegrationTest.java index 33dbdeaf..d408d241 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAssetRepositoryIntegrationTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAssetRepositoryIntegrationTest.java @@ -5,8 +5,8 @@ import net.hostsharing.hsadminng.hs.booking.item.HsBookingItemRealEntity; import net.hostsharing.hsadminng.hs.booking.item.HsBookingItemRealRepository; import net.hostsharing.hsadminng.hs.booking.item.HsBookingItemType; import net.hostsharing.hsadminng.hs.booking.project.HsBookingProjectRbacRepository; -import net.hostsharing.hsadminng.rbac.rbacgrant.RawRbacGrantRepository; -import net.hostsharing.hsadminng.rbac.rbacrole.RawRbacRoleRepository; +import net.hostsharing.hsadminng.rbac.grant.RawRbacGrantRepository; +import net.hostsharing.hsadminng.rbac.role.RawRbacRoleRepository; import net.hostsharing.hsadminng.mapper.Array; import net.hostsharing.hsadminng.rbac.test.ContextBasedTestWithCleanup; import net.hostsharing.hsadminng.rbac.test.JpaAttempt; @@ -35,8 +35,8 @@ import static net.hostsharing.hsadminng.hs.hosting.asset.HsHostingAssetType.DOMA import static net.hostsharing.hsadminng.hs.hosting.asset.HsHostingAssetType.EMAIL_ADDRESS; import static net.hostsharing.hsadminng.hs.hosting.asset.HsHostingAssetType.MANAGED_SERVER; import static net.hostsharing.hsadminng.hs.hosting.asset.HsHostingAssetType.MANAGED_WEBSPACE; -import static net.hostsharing.hsadminng.rbac.rbacgrant.RawRbacGrantEntity.distinctGrantDisplaysOf; -import static net.hostsharing.hsadminng.rbac.rbacrole.RawRbacRoleEntity.distinctRoleNamesOf; +import static net.hostsharing.hsadminng.rbac.grant.RawRbacGrantEntity.distinctGrantDisplaysOf; +import static net.hostsharing.hsadminng.rbac.role.RawRbacRoleEntity.distinctRoleNamesOf; import static net.hostsharing.hsadminng.mapper.Array.fromFormatted; import static net.hostsharing.hsadminng.rbac.test.JpaAttempt.attempt; import static org.assertj.core.api.Assertions.assertThat; diff --git a/src/test/java/net/hostsharing/hsadminng/hs/migration/BaseOfficeDataImport.java b/src/test/java/net/hostsharing/hsadminng/hs/migration/BaseOfficeDataImport.java index f00d57dd..62427802 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/migration/BaseOfficeDataImport.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/migration/BaseOfficeDataImport.java @@ -17,7 +17,7 @@ import net.hostsharing.hsadminng.hs.office.relation.HsOfficeRelation; import net.hostsharing.hsadminng.hs.office.relation.HsOfficeRelationRealEntity; import net.hostsharing.hsadminng.hs.office.relation.HsOfficeRelationType; import net.hostsharing.hsadminng.hs.office.sepamandate.HsOfficeSepaMandateEntity; -import net.hostsharing.hsadminng.rbac.rbacobject.BaseEntity; +import net.hostsharing.hsadminng.rbac.object.BaseEntity; import org.apache.commons.lang3.ArrayUtils; import org.apache.commons.lang3.StringUtils; import org.junit.jupiter.api.BeforeAll; diff --git a/src/test/java/net/hostsharing/hsadminng/hs/migration/CsvDataImport.java b/src/test/java/net/hostsharing/hsadminng/hs/migration/CsvDataImport.java index fc7dac32..4aaac7aa 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/migration/CsvDataImport.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/migration/CsvDataImport.java @@ -6,7 +6,7 @@ import com.opencsv.CSVReaderBuilder; import lombok.SneakyThrows; import net.hostsharing.hsadminng.hs.hosting.asset.HsHostingAsset; import net.hostsharing.hsadminng.rbac.context.ContextBasedTest; -import net.hostsharing.hsadminng.rbac.rbacobject.BaseEntity; +import net.hostsharing.hsadminng.rbac.object.BaseEntity; import net.hostsharing.hsadminng.rbac.test.JpaAttempt; import org.junit.jupiter.api.extension.BeforeEachCallback; import org.junit.jupiter.api.extension.ExtensionContext; diff --git a/src/test/java/net/hostsharing/hsadminng/hs/office/bankaccount/HsOfficeBankAccountRepositoryIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/hs/office/bankaccount/HsOfficeBankAccountRepositoryIntegrationTest.java index ef3fbd84..df853a61 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/office/bankaccount/HsOfficeBankAccountRepositoryIntegrationTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/office/bankaccount/HsOfficeBankAccountRepositoryIntegrationTest.java @@ -2,8 +2,8 @@ package net.hostsharing.hsadminng.hs.office.bankaccount; import net.hostsharing.hsadminng.context.Context; import net.hostsharing.hsadminng.rbac.test.ContextBasedTestWithCleanup; -import net.hostsharing.hsadminng.rbac.rbacgrant.RawRbacGrantRepository; -import net.hostsharing.hsadminng.rbac.rbacrole.RawRbacRoleRepository; +import net.hostsharing.hsadminng.rbac.grant.RawRbacGrantRepository; +import net.hostsharing.hsadminng.rbac.role.RawRbacRoleRepository; import net.hostsharing.hsadminng.mapper.Array; import net.hostsharing.hsadminng.rbac.test.JpaAttempt; import org.apache.commons.lang3.RandomStringUtils; @@ -22,8 +22,8 @@ import java.util.List; import java.util.function.Supplier; import static net.hostsharing.hsadminng.hs.office.bankaccount.TestHsOfficeBankAccount.hsOfficeBankAccount; -import static net.hostsharing.hsadminng.rbac.rbacgrant.RawRbacGrantEntity.distinctGrantDisplaysOf; -import static net.hostsharing.hsadminng.rbac.rbacrole.RawRbacRoleEntity.distinctRoleNamesOf; +import static net.hostsharing.hsadminng.rbac.grant.RawRbacGrantEntity.distinctGrantDisplaysOf; +import static net.hostsharing.hsadminng.rbac.role.RawRbacRoleEntity.distinctRoleNamesOf; import static net.hostsharing.hsadminng.rbac.test.JpaAttempt.attempt; import static org.assertj.core.api.Assertions.assertThat; diff --git a/src/test/java/net/hostsharing/hsadminng/hs/office/contact/HsOfficeContactRbacRepositoryIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/hs/office/contact/HsOfficeContactRbacRepositoryIntegrationTest.java index 2892c14d..e7759f4b 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/office/contact/HsOfficeContactRbacRepositoryIntegrationTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/office/contact/HsOfficeContactRbacRepositoryIntegrationTest.java @@ -2,8 +2,8 @@ package net.hostsharing.hsadminng.hs.office.contact; import net.hostsharing.hsadminng.context.Context; import net.hostsharing.hsadminng.rbac.test.ContextBasedTestWithCleanup; -import net.hostsharing.hsadminng.rbac.rbacgrant.RawRbacGrantRepository; -import net.hostsharing.hsadminng.rbac.rbacrole.RawRbacRoleRepository; +import net.hostsharing.hsadminng.rbac.grant.RawRbacGrantRepository; +import net.hostsharing.hsadminng.rbac.role.RawRbacRoleRepository; import net.hostsharing.hsadminng.mapper.Array; import net.hostsharing.hsadminng.rbac.test.JpaAttempt; import org.apache.commons.lang3.RandomStringUtils; @@ -22,8 +22,8 @@ import java.util.List; import java.util.function.Supplier; import static net.hostsharing.hsadminng.hs.office.contact.HsOfficeContactRbacTestEntity.hsOfficeContact; -import static net.hostsharing.hsadminng.rbac.rbacgrant.RawRbacGrantEntity.distinctGrantDisplaysOf; -import static net.hostsharing.hsadminng.rbac.rbacrole.RawRbacRoleEntity.distinctRoleNamesOf; +import static net.hostsharing.hsadminng.rbac.grant.RawRbacGrantEntity.distinctGrantDisplaysOf; +import static net.hostsharing.hsadminng.rbac.role.RawRbacRoleEntity.distinctRoleNamesOf; import static net.hostsharing.hsadminng.rbac.test.JpaAttempt.attempt; import static org.assertj.core.api.Assertions.assertThat; diff --git a/src/test/java/net/hostsharing/hsadminng/hs/office/coopassets/HsOfficeCoopAssetsTransactionRepositoryIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/hs/office/coopassets/HsOfficeCoopAssetsTransactionRepositoryIntegrationTest.java index b1f07d52..cf636cc6 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/office/coopassets/HsOfficeCoopAssetsTransactionRepositoryIntegrationTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/office/coopassets/HsOfficeCoopAssetsTransactionRepositoryIntegrationTest.java @@ -3,8 +3,8 @@ package net.hostsharing.hsadminng.hs.office.coopassets; import net.hostsharing.hsadminng.context.Context; import net.hostsharing.hsadminng.hs.office.membership.HsOfficeMembershipRepository; import net.hostsharing.hsadminng.rbac.test.ContextBasedTestWithCleanup; -import net.hostsharing.hsadminng.rbac.rbacgrant.RawRbacGrantRepository; -import net.hostsharing.hsadminng.rbac.rbacrole.RawRbacRoleRepository; +import net.hostsharing.hsadminng.rbac.grant.RawRbacGrantRepository; +import net.hostsharing.hsadminng.rbac.role.RawRbacRoleRepository; import net.hostsharing.hsadminng.mapper.Array; import net.hostsharing.hsadminng.rbac.test.JpaAttempt; import org.junit.jupiter.api.AfterEach; @@ -24,8 +24,8 @@ import java.time.LocalDate; import java.util.Arrays; import java.util.List; -import static net.hostsharing.hsadminng.rbac.rbacgrant.RawRbacGrantEntity.distinctGrantDisplaysOf; -import static net.hostsharing.hsadminng.rbac.rbacrole.RawRbacRoleEntity.distinctRoleNamesOf; +import static net.hostsharing.hsadminng.rbac.grant.RawRbacGrantEntity.distinctGrantDisplaysOf; +import static net.hostsharing.hsadminng.rbac.role.RawRbacRoleEntity.distinctRoleNamesOf; import static net.hostsharing.hsadminng.rbac.test.JpaAttempt.attempt; import static org.assertj.core.api.Assertions.assertThat; diff --git a/src/test/java/net/hostsharing/hsadminng/hs/office/coopshares/HsOfficeCoopSharesTransactionRepositoryIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/hs/office/coopshares/HsOfficeCoopSharesTransactionRepositoryIntegrationTest.java index 9bc45e68..af627350 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/office/coopshares/HsOfficeCoopSharesTransactionRepositoryIntegrationTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/office/coopshares/HsOfficeCoopSharesTransactionRepositoryIntegrationTest.java @@ -3,8 +3,8 @@ package net.hostsharing.hsadminng.hs.office.coopshares; import net.hostsharing.hsadminng.context.Context; import net.hostsharing.hsadminng.hs.office.membership.HsOfficeMembershipRepository; import net.hostsharing.hsadminng.rbac.test.ContextBasedTestWithCleanup; -import net.hostsharing.hsadminng.rbac.rbacgrant.RawRbacGrantRepository; -import net.hostsharing.hsadminng.rbac.rbacrole.RawRbacRoleRepository; +import net.hostsharing.hsadminng.rbac.grant.RawRbacGrantRepository; +import net.hostsharing.hsadminng.rbac.role.RawRbacRoleRepository; import net.hostsharing.hsadminng.mapper.Array; import net.hostsharing.hsadminng.rbac.test.JpaAttempt; import org.junit.jupiter.api.AfterEach; @@ -23,8 +23,8 @@ import java.time.LocalDate; import java.util.Arrays; import java.util.List; -import static net.hostsharing.hsadminng.rbac.rbacgrant.RawRbacGrantEntity.distinctGrantDisplaysOf; -import static net.hostsharing.hsadminng.rbac.rbacrole.RawRbacRoleEntity.distinctRoleNamesOf; +import static net.hostsharing.hsadminng.rbac.grant.RawRbacGrantEntity.distinctGrantDisplaysOf; +import static net.hostsharing.hsadminng.rbac.role.RawRbacRoleEntity.distinctRoleNamesOf; import static net.hostsharing.hsadminng.rbac.test.JpaAttempt.attempt; import static org.assertj.core.api.Assertions.assertThat; diff --git a/src/test/java/net/hostsharing/hsadminng/hs/office/debitor/HsOfficeDebitorRepositoryIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/hs/office/debitor/HsOfficeDebitorRepositoryIntegrationTest.java index 48d7e915..97f30b8a 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/office/debitor/HsOfficeDebitorRepositoryIntegrationTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/office/debitor/HsOfficeDebitorRepositoryIntegrationTest.java @@ -9,9 +9,9 @@ import net.hostsharing.hsadminng.hs.office.relation.HsOfficeRelation; import net.hostsharing.hsadminng.hs.office.relation.HsOfficeRelationRealEntity; import net.hostsharing.hsadminng.hs.office.relation.HsOfficeRelationType; import net.hostsharing.hsadminng.rbac.test.ContextBasedTestWithCleanup; -import net.hostsharing.hsadminng.rbac.rbacgrant.RawRbacGrantRepository; -import net.hostsharing.hsadminng.rbac.rbacgrant.RbacGrantsDiagramService; -import net.hostsharing.hsadminng.rbac.rbacrole.RawRbacRoleRepository; +import net.hostsharing.hsadminng.rbac.grant.RawRbacGrantRepository; +import net.hostsharing.hsadminng.rbac.grant.RbacGrantsDiagramService; +import net.hostsharing.hsadminng.rbac.role.RawRbacRoleRepository; import net.hostsharing.hsadminng.mapper.Array; import net.hostsharing.hsadminng.rbac.test.JpaAttempt; import org.hibernate.Hibernate; @@ -34,8 +34,8 @@ import java.util.Arrays; import java.util.List; import static net.hostsharing.hsadminng.rbac.test.EntityList.one; -import static net.hostsharing.hsadminng.rbac.rbacgrant.RawRbacGrantEntity.distinctGrantDisplaysOf; -import static net.hostsharing.hsadminng.rbac.rbacrole.RawRbacRoleEntity.distinctRoleNamesOf; +import static net.hostsharing.hsadminng.rbac.grant.RawRbacGrantEntity.distinctGrantDisplaysOf; +import static net.hostsharing.hsadminng.rbac.role.RawRbacRoleEntity.distinctRoleNamesOf; import static net.hostsharing.hsadminng.rbac.test.JpaAttempt.attempt; import static org.assertj.core.api.Assertions.assertThat; diff --git a/src/test/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipRepositoryIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipRepositoryIntegrationTest.java index c6180dbe..5916abc0 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipRepositoryIntegrationTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipRepositoryIntegrationTest.java @@ -5,8 +5,8 @@ import net.hostsharing.hsadminng.context.Context; import net.hostsharing.hsadminng.hs.office.debitor.HsOfficeDebitorRepository; import net.hostsharing.hsadminng.hs.office.partner.HsOfficePartnerRepository; import net.hostsharing.hsadminng.rbac.test.ContextBasedTestWithCleanup; -import net.hostsharing.hsadminng.rbac.rbacgrant.RawRbacGrantRepository; -import net.hostsharing.hsadminng.rbac.rbacrole.RawRbacRoleRepository; +import net.hostsharing.hsadminng.rbac.grant.RawRbacGrantRepository; +import net.hostsharing.hsadminng.rbac.role.RawRbacRoleRepository; import net.hostsharing.hsadminng.mapper.Array; import net.hostsharing.hsadminng.rbac.test.JpaAttempt; import org.junit.jupiter.api.Nested; @@ -24,8 +24,8 @@ import java.time.LocalDate; import java.util.Arrays; import java.util.List; -import static net.hostsharing.hsadminng.rbac.rbacgrant.RawRbacGrantEntity.distinctGrantDisplaysOf; -import static net.hostsharing.hsadminng.rbac.rbacrole.RawRbacRoleEntity.distinctRoleNamesOf; +import static net.hostsharing.hsadminng.rbac.grant.RawRbacGrantEntity.distinctGrantDisplaysOf; +import static net.hostsharing.hsadminng.rbac.role.RawRbacRoleEntity.distinctRoleNamesOf; import static net.hostsharing.hsadminng.rbac.test.JpaAttempt.attempt; import static org.assertj.core.api.Assertions.assertThat; diff --git a/src/test/java/net/hostsharing/hsadminng/hs/office/partner/HsOfficePartnerRepositoryIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/hs/office/partner/HsOfficePartnerRepositoryIntegrationTest.java index 077159db..f0ad1527 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/office/partner/HsOfficePartnerRepositoryIntegrationTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/office/partner/HsOfficePartnerRepositoryIntegrationTest.java @@ -7,9 +7,9 @@ import net.hostsharing.hsadminng.hs.office.relation.HsOfficeRelationRealEntity; import net.hostsharing.hsadminng.hs.office.relation.HsOfficeRelationRealRepository; import net.hostsharing.hsadminng.hs.office.relation.HsOfficeRelationType; import net.hostsharing.hsadminng.rbac.test.ContextBasedTestWithCleanup; -import net.hostsharing.hsadminng.rbac.rbacgrant.RawRbacGrantRepository; -import net.hostsharing.hsadminng.rbac.rbacrole.RawRbacObjectRepository; -import net.hostsharing.hsadminng.rbac.rbacrole.RawRbacRoleRepository; +import net.hostsharing.hsadminng.rbac.grant.RawRbacGrantRepository; +import net.hostsharing.hsadminng.rbac.role.RawRbacObjectRepository; +import net.hostsharing.hsadminng.rbac.role.RawRbacRoleRepository; import net.hostsharing.hsadminng.rbac.test.JpaAttempt; import org.junit.jupiter.api.AfterEach; import org.junit.jupiter.api.Nested; @@ -27,9 +27,9 @@ import java.util.Arrays; import java.util.List; import java.util.Objects; -import static net.hostsharing.hsadminng.rbac.rbacgrant.RawRbacGrantEntity.distinctGrantDisplaysOf; -import static net.hostsharing.hsadminng.rbac.rbacrole.RawRbacObjectEntity.objectDisplaysOf; -import static net.hostsharing.hsadminng.rbac.rbacrole.RawRbacRoleEntity.distinctRoleNamesOf; +import static net.hostsharing.hsadminng.rbac.grant.RawRbacGrantEntity.distinctGrantDisplaysOf; +import static net.hostsharing.hsadminng.rbac.role.RawRbacObjectEntity.objectDisplaysOf; +import static net.hostsharing.hsadminng.rbac.role.RawRbacRoleEntity.distinctRoleNamesOf; import static net.hostsharing.hsadminng.mapper.Array.from; import static net.hostsharing.hsadminng.rbac.test.JpaAttempt.attempt; import static org.assertj.core.api.Assertions.assertThat; diff --git a/src/test/java/net/hostsharing/hsadminng/hs/office/person/HsOfficePersonRepositoryIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/hs/office/person/HsOfficePersonRepositoryIntegrationTest.java index 31d81d78..43a9792f 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/office/person/HsOfficePersonRepositoryIntegrationTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/office/person/HsOfficePersonRepositoryIntegrationTest.java @@ -2,8 +2,8 @@ package net.hostsharing.hsadminng.hs.office.person; import net.hostsharing.hsadminng.context.Context; import net.hostsharing.hsadminng.rbac.test.ContextBasedTestWithCleanup; -import net.hostsharing.hsadminng.rbac.rbacgrant.RawRbacGrantRepository; -import net.hostsharing.hsadminng.rbac.rbacrole.RawRbacRoleRepository; +import net.hostsharing.hsadminng.rbac.grant.RawRbacGrantRepository; +import net.hostsharing.hsadminng.rbac.role.RawRbacRoleRepository; import net.hostsharing.hsadminng.mapper.Array; import net.hostsharing.hsadminng.rbac.test.JpaAttempt; import org.apache.commons.lang3.RandomStringUtils; @@ -22,8 +22,8 @@ import java.util.List; import java.util.function.Supplier; import static net.hostsharing.hsadminng.hs.office.person.TestHsOfficePerson.hsOfficePerson; -import static net.hostsharing.hsadminng.rbac.rbacgrant.RawRbacGrantEntity.distinctGrantDisplaysOf; -import static net.hostsharing.hsadminng.rbac.rbacrole.RawRbacRoleEntity.distinctRoleNamesOf; +import static net.hostsharing.hsadminng.rbac.grant.RawRbacGrantEntity.distinctGrantDisplaysOf; +import static net.hostsharing.hsadminng.rbac.role.RawRbacRoleEntity.distinctRoleNamesOf; import static net.hostsharing.hsadminng.rbac.test.JpaAttempt.attempt; import static org.assertj.core.api.Assertions.assertThat; diff --git a/src/test/java/net/hostsharing/hsadminng/hs/office/relation/HsOfficeRelationRepositoryIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/hs/office/relation/HsOfficeRelationRepositoryIntegrationTest.java index a6e7e4cc..e285e8c3 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/office/relation/HsOfficeRelationRepositoryIntegrationTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/office/relation/HsOfficeRelationRepositoryIntegrationTest.java @@ -4,8 +4,8 @@ import net.hostsharing.hsadminng.context.Context; import net.hostsharing.hsadminng.hs.office.contact.HsOfficeContactRealRepository; import net.hostsharing.hsadminng.hs.office.person.HsOfficePersonRepository; import net.hostsharing.hsadminng.rbac.test.ContextBasedTestWithCleanup; -import net.hostsharing.hsadminng.rbac.rbacgrant.RawRbacGrantRepository; -import net.hostsharing.hsadminng.rbac.rbacrole.RawRbacRoleRepository; +import net.hostsharing.hsadminng.rbac.grant.RawRbacGrantRepository; +import net.hostsharing.hsadminng.rbac.role.RawRbacRoleRepository; import net.hostsharing.hsadminng.mapper.Array; import net.hostsharing.hsadminng.rbac.test.JpaAttempt; import org.junit.jupiter.api.Nested; @@ -24,8 +24,8 @@ import java.util.List; import static net.hostsharing.hsadminng.hs.office.person.HsOfficePersonType.NATURAL_PERSON; import static net.hostsharing.hsadminng.hs.office.person.HsOfficePersonType.UNINCORPORATED_FIRM; -import static net.hostsharing.hsadminng.rbac.rbacgrant.RawRbacGrantEntity.distinctGrantDisplaysOf; -import static net.hostsharing.hsadminng.rbac.rbacrole.RawRbacRoleEntity.distinctRoleNamesOf; +import static net.hostsharing.hsadminng.rbac.grant.RawRbacGrantEntity.distinctGrantDisplaysOf; +import static net.hostsharing.hsadminng.rbac.role.RawRbacRoleEntity.distinctRoleNamesOf; import static net.hostsharing.hsadminng.rbac.test.JpaAttempt.attempt; import static org.assertj.core.api.Assertions.assertThat; diff --git a/src/test/java/net/hostsharing/hsadminng/hs/office/sepamandate/HsOfficeSepaMandateRepositoryIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/hs/office/sepamandate/HsOfficeSepaMandateRepositoryIntegrationTest.java index 87688fd1..ff5ea172 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/office/sepamandate/HsOfficeSepaMandateRepositoryIntegrationTest.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/office/sepamandate/HsOfficeSepaMandateRepositoryIntegrationTest.java @@ -5,8 +5,8 @@ import net.hostsharing.hsadminng.context.Context; import net.hostsharing.hsadminng.hs.office.bankaccount.HsOfficeBankAccountRepository; import net.hostsharing.hsadminng.hs.office.debitor.HsOfficeDebitorRepository; import net.hostsharing.hsadminng.rbac.test.ContextBasedTestWithCleanup; -import net.hostsharing.hsadminng.rbac.rbacgrant.RawRbacGrantRepository; -import net.hostsharing.hsadminng.rbac.rbacrole.RawRbacRoleRepository; +import net.hostsharing.hsadminng.rbac.grant.RawRbacGrantRepository; +import net.hostsharing.hsadminng.rbac.role.RawRbacRoleRepository; import net.hostsharing.hsadminng.mapper.Array; import net.hostsharing.hsadminng.rbac.test.JpaAttempt; import org.junit.jupiter.api.Nested; @@ -24,8 +24,8 @@ import java.time.LocalDate; import java.util.Arrays; import java.util.List; -import static net.hostsharing.hsadminng.rbac.rbacgrant.RawRbacGrantEntity.distinctGrantDisplaysOf; -import static net.hostsharing.hsadminng.rbac.rbacrole.RawRbacRoleEntity.distinctRoleNamesOf; +import static net.hostsharing.hsadminng.rbac.grant.RawRbacGrantEntity.distinctGrantDisplaysOf; +import static net.hostsharing.hsadminng.rbac.role.RawRbacRoleEntity.distinctRoleNamesOf; import static net.hostsharing.hsadminng.mapper.Array.fromFormatted; import static net.hostsharing.hsadminng.rbac.test.JpaAttempt.attempt; import static org.assertj.core.api.Assertions.assertThat; diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/context/ContextBasedTest.java b/src/test/java/net/hostsharing/hsadminng/rbac/context/ContextBasedTest.java index 69a6fae1..455be002 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/context/ContextBasedTest.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/context/ContextBasedTest.java @@ -1,7 +1,7 @@ package net.hostsharing.hsadminng.rbac.context; import net.hostsharing.hsadminng.context.Context; -import net.hostsharing.hsadminng.rbac.rbacgrant.RbacGrantsDiagramService; +import net.hostsharing.hsadminng.rbac.grant.RbacGrantsDiagramService; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.TestInfo; import org.springframework.beans.factory.annotation.Autowired; diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantControllerAcceptanceTest.java b/src/test/java/net/hostsharing/hsadminng/rbac/grant/RbacGrantControllerAcceptanceTest.java similarity index 99% rename from src/test/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantControllerAcceptanceTest.java rename to src/test/java/net/hostsharing/hsadminng/rbac/grant/RbacGrantControllerAcceptanceTest.java index 4a91a3bb..16a08fdc 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantControllerAcceptanceTest.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/grant/RbacGrantControllerAcceptanceTest.java @@ -1,12 +1,12 @@ -package net.hostsharing.hsadminng.rbac.rbacgrant; +package net.hostsharing.hsadminng.rbac.grant; import io.restassured.RestAssured; import io.restassured.http.ContentType; import io.restassured.response.ValidatableResponse; import net.hostsharing.hsadminng.HsadminNgApplication; import net.hostsharing.hsadminng.rbac.context.ContextBasedTest; -import net.hostsharing.hsadminng.rbac.rbacrole.RbacRoleEntity; -import net.hostsharing.hsadminng.rbac.rbacrole.RbacRoleRepository; +import net.hostsharing.hsadminng.rbac.role.RbacRoleEntity; +import net.hostsharing.hsadminng.rbac.role.RbacRoleRepository; import net.hostsharing.hsadminng.rbac.subject.RbacSubjectEntity; import net.hostsharing.hsadminng.rbac.subject.RbacSubjectRepository; import net.hostsharing.hsadminng.rbac.test.JpaAttempt; diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantEntityUnitTest.java b/src/test/java/net/hostsharing/hsadminng/rbac/grant/RbacGrantEntityUnitTest.java similarity index 94% rename from src/test/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantEntityUnitTest.java rename to src/test/java/net/hostsharing/hsadminng/rbac/grant/RbacGrantEntityUnitTest.java index c024ccba..78b80553 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantEntityUnitTest.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/grant/RbacGrantEntityUnitTest.java @@ -1,6 +1,6 @@ -package net.hostsharing.hsadminng.rbac.rbacgrant; +package net.hostsharing.hsadminng.rbac.grant; -import net.hostsharing.hsadminng.rbac.rbacrole.RbacRoleType; +import net.hostsharing.hsadminng.rbac.role.RbacRoleType; import org.junit.jupiter.api.Test; import java.util.UUID; diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantRepositoryIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/rbac/grant/RbacGrantRepositoryIntegrationTest.java similarity index 99% rename from src/test/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantRepositoryIntegrationTest.java rename to src/test/java/net/hostsharing/hsadminng/rbac/grant/RbacGrantRepositoryIntegrationTest.java index 7b5e42f2..e9c29afe 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantRepositoryIntegrationTest.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/grant/RbacGrantRepositoryIntegrationTest.java @@ -1,8 +1,8 @@ -package net.hostsharing.hsadminng.rbac.rbacgrant; +package net.hostsharing.hsadminng.rbac.grant; import net.hostsharing.hsadminng.context.Context; import net.hostsharing.hsadminng.rbac.context.ContextBasedTest; -import net.hostsharing.hsadminng.rbac.rbacrole.RbacRoleRepository; +import net.hostsharing.hsadminng.rbac.role.RbacRoleRepository; import net.hostsharing.hsadminng.rbac.subject.RbacSubjectEntity; import net.hostsharing.hsadminng.rbac.subject.RbacSubjectRepository; import net.hostsharing.hsadminng.rbac.test.JpaAttempt; diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantsDiagramServiceIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/rbac/grant/RbacGrantsDiagramServiceIntegrationTest.java similarity index 96% rename from src/test/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantsDiagramServiceIntegrationTest.java rename to src/test/java/net/hostsharing/hsadminng/rbac/grant/RbacGrantsDiagramServiceIntegrationTest.java index 7c7dccee..46dd8333 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/rbacgrant/RbacGrantsDiagramServiceIntegrationTest.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/grant/RbacGrantsDiagramServiceIntegrationTest.java @@ -1,8 +1,8 @@ -package net.hostsharing.hsadminng.rbac.rbacgrant; +package net.hostsharing.hsadminng.rbac.grant; import net.hostsharing.hsadminng.context.Context; import net.hostsharing.hsadminng.rbac.test.ContextBasedTestWithCleanup; -import net.hostsharing.hsadminng.rbac.rbacgrant.RbacGrantsDiagramService.Include; +import net.hostsharing.hsadminng.rbac.grant.RbacGrantsDiagramService.Include; import net.hostsharing.hsadminng.rbac.test.JpaAttempt; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Disabled; diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RawRbacObjectEntity.java b/src/test/java/net/hostsharing/hsadminng/rbac/role/RawRbacObjectEntity.java similarity index 93% rename from src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RawRbacObjectEntity.java rename to src/test/java/net/hostsharing/hsadminng/rbac/role/RawRbacObjectEntity.java index dedda7c2..084a1752 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RawRbacObjectEntity.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/role/RawRbacObjectEntity.java @@ -1,4 +1,4 @@ -package net.hostsharing.hsadminng.rbac.rbacrole; +package net.hostsharing.hsadminng.rbac.role; import lombok.*; import org.jetbrains.annotations.NotNull; diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RawRbacObjectRepository.java b/src/test/java/net/hostsharing/hsadminng/rbac/role/RawRbacObjectRepository.java similarity index 82% rename from src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RawRbacObjectRepository.java rename to src/test/java/net/hostsharing/hsadminng/rbac/role/RawRbacObjectRepository.java index ab645316..bda22795 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RawRbacObjectRepository.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/role/RawRbacObjectRepository.java @@ -1,4 +1,4 @@ -package net.hostsharing.hsadminng.rbac.rbacrole; +package net.hostsharing.hsadminng.rbac.role; import org.springframework.data.repository.Repository; diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RawRbacRoleEntity.java b/src/test/java/net/hostsharing/hsadminng/rbac/role/RawRbacRoleEntity.java similarity index 95% rename from src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RawRbacRoleEntity.java rename to src/test/java/net/hostsharing/hsadminng/rbac/role/RawRbacRoleEntity.java index 8b800146..ab957e1f 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RawRbacRoleEntity.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/role/RawRbacRoleEntity.java @@ -1,4 +1,4 @@ -package net.hostsharing.hsadminng.rbac.rbacrole; +package net.hostsharing.hsadminng.rbac.role; import lombok.*; import org.hibernate.annotations.Formula; diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RawRbacRoleRepository.java b/src/test/java/net/hostsharing/hsadminng/rbac/role/RawRbacRoleRepository.java similarity index 82% rename from src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RawRbacRoleRepository.java rename to src/test/java/net/hostsharing/hsadminng/rbac/role/RawRbacRoleRepository.java index c86f88a7..029e1360 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RawRbacRoleRepository.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/role/RawRbacRoleRepository.java @@ -1,4 +1,4 @@ -package net.hostsharing.hsadminng.rbac.rbacrole; +package net.hostsharing.hsadminng.rbac.role; import org.springframework.data.repository.Repository; diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleControllerAcceptanceTest.java b/src/test/java/net/hostsharing/hsadminng/rbac/role/RbacRoleControllerAcceptanceTest.java similarity index 98% rename from src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleControllerAcceptanceTest.java rename to src/test/java/net/hostsharing/hsadminng/rbac/role/RbacRoleControllerAcceptanceTest.java index 29c525a0..d9e2b248 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleControllerAcceptanceTest.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/role/RbacRoleControllerAcceptanceTest.java @@ -1,4 +1,4 @@ -package net.hostsharing.hsadminng.rbac.rbacrole; +package net.hostsharing.hsadminng.rbac.role; import io.restassured.RestAssured; import net.hostsharing.hsadminng.HsadminNgApplication; diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleControllerRestTest.java b/src/test/java/net/hostsharing/hsadminng/rbac/role/RbacRoleControllerRestTest.java similarity index 96% rename from src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleControllerRestTest.java rename to src/test/java/net/hostsharing/hsadminng/rbac/role/RbacRoleControllerRestTest.java index 7aedb65f..1eb41370 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleControllerRestTest.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/role/RbacRoleControllerRestTest.java @@ -1,4 +1,4 @@ -package net.hostsharing.hsadminng.rbac.rbacrole; +package net.hostsharing.hsadminng.rbac.role; import net.hostsharing.hsadminng.context.Context; import net.hostsharing.hsadminng.mapper.Mapper; @@ -21,7 +21,7 @@ import jakarta.persistence.SynchronizationType; import java.util.Map; import static java.util.Arrays.asList; -import static net.hostsharing.hsadminng.rbac.rbacrole.TestRbacRole.*; +import static net.hostsharing.hsadminng.rbac.role.TestRbacRole.*; import static org.hamcrest.Matchers.hasSize; import static org.hamcrest.Matchers.is; import static org.mockito.ArgumentMatchers.any; diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleRepositoryIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/rbac/role/RbacRoleRepositoryIntegrationTest.java similarity index 99% rename from src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleRepositoryIntegrationTest.java rename to src/test/java/net/hostsharing/hsadminng/rbac/role/RbacRoleRepositoryIntegrationTest.java index 6b8ce2d8..d8b0cb80 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/RbacRoleRepositoryIntegrationTest.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/role/RbacRoleRepositoryIntegrationTest.java @@ -1,4 +1,4 @@ -package net.hostsharing.hsadminng.rbac.rbacrole; +package net.hostsharing.hsadminng.rbac.role; import net.hostsharing.hsadminng.context.Context; import net.hostsharing.hsadminng.mapper.Array; diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/TestRbacRole.java b/src/test/java/net/hostsharing/hsadminng/rbac/role/TestRbacRole.java similarity index 93% rename from src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/TestRbacRole.java rename to src/test/java/net/hostsharing/hsadminng/rbac/role/TestRbacRole.java index 69b353b5..8a8214cf 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/rbacrole/TestRbacRole.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/role/TestRbacRole.java @@ -1,4 +1,4 @@ -package net.hostsharing.hsadminng.rbac.rbacrole; +package net.hostsharing.hsadminng.rbac.role; import static java.util.UUID.randomUUID; diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/test/ContextBasedTestWithCleanup.java b/src/test/java/net/hostsharing/hsadminng/rbac/test/ContextBasedTestWithCleanup.java index 5ace3a33..d0a5b861 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/test/ContextBasedTestWithCleanup.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/test/ContextBasedTestWithCleanup.java @@ -1,12 +1,12 @@ package net.hostsharing.hsadminng.rbac.test; import net.hostsharing.hsadminng.rbac.context.ContextBasedTest; -import net.hostsharing.hsadminng.rbac.rbacobject.BaseEntity; -import net.hostsharing.hsadminng.rbac.rbacgrant.RbacGrantEntity; -import net.hostsharing.hsadminng.rbac.rbacgrant.RbacGrantRepository; -import net.hostsharing.hsadminng.rbac.rbacgrant.RbacGrantsDiagramService; -import net.hostsharing.hsadminng.rbac.rbacrole.RbacRoleEntity; -import net.hostsharing.hsadminng.rbac.rbacrole.RbacRoleRepository; +import net.hostsharing.hsadminng.rbac.object.BaseEntity; +import net.hostsharing.hsadminng.rbac.grant.RbacGrantEntity; +import net.hostsharing.hsadminng.rbac.grant.RbacGrantRepository; +import net.hostsharing.hsadminng.rbac.grant.RbacGrantsDiagramService; +import net.hostsharing.hsadminng.rbac.role.RbacRoleEntity; +import net.hostsharing.hsadminng.rbac.role.RbacRoleRepository; import org.apache.commons.collections4.SetUtils; import org.jetbrains.annotations.NotNull; import org.junit.jupiter.api.AfterEach; diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/test/EntityList.java b/src/test/java/net/hostsharing/hsadminng/rbac/test/EntityList.java index 42469ea7..09e982b9 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/test/EntityList.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/test/EntityList.java @@ -1,6 +1,6 @@ package net.hostsharing.hsadminng.rbac.test; -import net.hostsharing.hsadminng.rbac.rbacobject.BaseEntity; +import net.hostsharing.hsadminng.rbac.object.BaseEntity; import java.util.List; diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/test/PatchUnitTestBase.java b/src/test/java/net/hostsharing/hsadminng/rbac/test/PatchUnitTestBase.java index 97fa53ec..67880dec 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/test/PatchUnitTestBase.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/test/PatchUnitTestBase.java @@ -1,6 +1,6 @@ package net.hostsharing.hsadminng.rbac.test; -import net.hostsharing.hsadminng.rbac.rbacobject.BaseEntity; +import net.hostsharing.hsadminng.rbac.object.BaseEntity; import net.hostsharing.hsadminng.mapper.EntityPatcher; import org.junit.jupiter.api.Named; import org.junit.jupiter.api.Test; diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/test/cust/TestCustomerEntityUnitTest.java b/src/test/java/net/hostsharing/hsadminng/rbac/test/cust/TestCustomerEntityUnitTest.java index c0ceb9c3..2a214146 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/test/cust/TestCustomerEntityUnitTest.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/test/cust/TestCustomerEntityUnitTest.java @@ -1,6 +1,6 @@ package net.hostsharing.hsadminng.rbac.test.cust; -import net.hostsharing.hsadminng.rbac.rbacdef.RbacViewMermaidFlowchartGenerator; +import net.hostsharing.hsadminng.rbac.generator.RbacViewMermaidFlowchartGenerator; import org.junit.jupiter.api.Test; import static org.assertj.core.api.Assertions.assertThat; diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/test/pac/TestPackageEntityUnitTest.java b/src/test/java/net/hostsharing/hsadminng/rbac/test/pac/TestPackageEntityUnitTest.java index 35d36c54..f91c0d5d 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/test/pac/TestPackageEntityUnitTest.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/test/pac/TestPackageEntityUnitTest.java @@ -1,6 +1,6 @@ package net.hostsharing.hsadminng.rbac.test.pac; -import net.hostsharing.hsadminng.rbac.rbacdef.RbacViewMermaidFlowchartGenerator; +import net.hostsharing.hsadminng.rbac.generator.RbacViewMermaidFlowchartGenerator; import org.junit.jupiter.api.Test; import static org.assertj.core.api.Assertions.assertThat; -- 2.39.5 From 42ef44d03421d2bbe8ac53e569d56a121e00aa26 Mon Sep 17 00:00:00 2001 From: Michael Hoennig Date: Sat, 14 Sep 2024 13:41:18 +0200 Subject: [PATCH 45/57] remove fixme --- src/main/resources/db/changelog/0-base/010-context.sql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/resources/db/changelog/0-base/010-context.sql b/src/main/resources/db/changelog/0-base/010-context.sql index 791381ac..446f6955 100644 --- a/src/main/resources/db/changelog/0-base/010-context.sql +++ b/src/main/resources/db/changelog/0-base/010-context.sql @@ -110,7 +110,7 @@ end; $$; /* Returns the current user as defined by `base.defineContext(...)`. */ -create or replace function base.currentSubject() -- FIXME: move to schema rbac? +create or replace function base.currentSubject() returns varchar(63) stable -- leakproof language plpgsql as $$ -- 2.39.5 From 79a81692dbcc3a5e12010304aaa894d308e6f29b Mon Sep 17 00:00:00 2001 From: Michael Hoennig Date: Sun, 15 Sep 2024 17:34:46 +0200 Subject: [PATCH 46/57] introduce test schema --- README.md | 2 +- sql/rbac-tests.sql | 22 +-- sql/rbac-view-option-experiments.sql | 30 +-- .../generator/InsertTriggerGenerator.java | 19 +- .../rbac/generator/RbacObjectGenerator.java | 2 +- .../hsadminng/rbac/generator/RbacView.java | 30 +-- .../RolesGrantsAndPermissionsGenerator.java | 4 +- .../rbac/generator/StringWriter.java | 6 +- .../rbac/test/cust/TestCustomerEntity.java | 2 +- .../rbac/test/dom/TestDomainEntity.java | 2 +- .../rbac/test/pac/TestPackageEntity.java | 2 +- .../db/changelog/0-base/000-base-schema.sql | 2 +- .../db/changelog/0-base/007-table-columns.sql | 27 ++- .../0-base/011-table-schema-and-name.sql | 18 ++ .../db/changelog/0-base/020-audit-log.sql | 16 +- .../db/changelog/0-base/030-historization.sql | 4 +- .../db/changelog/1-rbac/1000-rbac-schema.sql | 2 +- .../db/changelog/1-rbac/1050-rbac-base.sql | 8 +- .../changelog/1-rbac/1058-rbac-generators.sql | 42 +++-- .../db/changelog/2-test/200-test-schema.sql | 8 + .../201-test-customer/2010-test-customer.sql | 4 +- .../2013-test-customer-rbac.sql | 56 +++--- .../2018-test-customer-test-data.sql | 6 +- .../202-test-package/2020-test-package.sql | 4 +- .../2023-test-package-rbac.sql | 88 ++++----- .../2028-test-package-test-data.sql | 14 +- .../203-test-domain/2030-test-domain.sql | 4 +- .../203-test-domain/2033-test-domain-rbac.sql | 88 ++++----- .../2038-test-domain-test-data.sql | 10 +- .../db/changelog/db.changelog-master.yaml | 4 + .../hsadminng/hs/migration/CsvDataImport.java | 6 +- .../rbac/context/ContextIntegrationTests.java | 12 +- .../RbacGrantControllerAcceptanceTest.java | 70 +++---- .../RbacGrantRepositoryIntegrationTest.java | 54 +++--- ...acGrantsDiagramServiceIntegrationTest.java | 30 +-- .../RbacRoleControllerAcceptanceTest.java | 52 +++--- .../rbac/role/RbacRoleControllerRestTest.java | 8 +- .../RbacRoleRepositoryIntegrationTest.java | 78 ++++---- .../hsadminng/rbac/role/TestRbacRole.java | 4 +- .../RbacSubjectControllerAcceptanceTest.java | 18 +- .../RbacSubjectRepositoryIntegrationTest.java | 174 +++++++++--------- .../TestCustomerControllerAcceptanceTest.java | 12 +- ...TestCustomerRepositoryIntegrationTest.java | 12 +- .../TestPackageControllerAcceptanceTest.java | 14 +- .../TestPackageRepositoryIntegrationTest.java | 8 +- 45 files changed, 576 insertions(+), 502 deletions(-) create mode 100644 src/main/resources/db/changelog/0-base/011-table-schema-and-name.sql create mode 100644 src/main/resources/db/changelog/2-test/200-test-schema.sql diff --git a/README.md b/README.md index 9cca4fc4..060b523f 100644 --- a/README.md +++ b/README.md @@ -82,7 +82,7 @@ If you have at least Docker and the Java JDK installed in appropriate versions a # the following command should return a JSON array with just all packages visible for the admin of the customer yyy: curl \ - -H 'current-subject: superuser-alex@hostsharing.net' -H 'assumed-roles: test_customer#yyy:ADMIN' \ + -H 'current-subject: superuser-alex@hostsharing.net' -H 'assumed-roles: test.customer#yyy:ADMIN' \ http://localhost:8080/api/test/packages # add a new customer diff --git a/sql/rbac-tests.sql b/sql/rbac-tests.sql index 06ab6f13..bde34d61 100644 --- a/sql/rbac-tests.sql +++ b/sql/rbac-tests.sql @@ -3,28 +3,28 @@ -- -------------------------------------------------------- -select rbac.isGranted(findRoleId('administrators'), findRoleId('test_package#aaa00:OWNER')); -select rbac.isGranted(findRoleId('test_package#aaa00:OWNER'), findRoleId('administrators')); --- call rbac.grantRoleToRole(findRoleId('test_package#aaa00:OWNER'), findRoleId('administrators')); --- call rbac.grantRoleToRole(findRoleId('administrators'), findRoleId('test_package#aaa00:OWNER')); +select rbac.isGranted(rbac.findRoleId('administrators'), rbac.findRoleId('test.package#aaa00:OWNER')); +select rbac.isGranted(rbac.findRoleId('test.package#aaa00:OWNER'), rbac.findRoleId('administrators')); +-- call rbac.grantRoleToRole(findRoleId('test.package#aaa00:OWNER'), findRoleId('administrators')); +-- call rbac.grantRoleToRole(findRoleId('administrators'), findRoleId('test.package#aaa00:OWNER')); select count(*) -FROM queryAllPermissionsOfSubjectIdForObjectUuids(findRbacSubject('superuser-fran@hostsharing.net'), - ARRAY(select uuid from customer where reference < 1100000)); +FROM rbac.queryAllPermissionsOfSubjectIdForObjectUuids(rbac.findRbacSubject('superuser-fran@hostsharing.net'), + ARRAY(select uuid from test.customer where reference < 1100000)); select count(*) -FROM queryAllPermissionsOfSubjectId(findRbacSubject('superuser-fran@hostsharing.net')); +FROM rbac.queryAllPermissionsOfSubjectId(findRbacSubject('superuser-fran@hostsharing.net')); select * -FROM queryAllPermissionsOfSubjectId(findRbacSubject('alex@example.com')); +FROM rbac.queryAllPermissionsOfSubjectId(findRbacSubject('alex@example.com')); select * -FROM queryAllPermissionsOfSubjectId(findRbacSubject('rosa@example.com')); +FROM rbac.queryAllPermissionsOfSubjectId(findRbacSubject('rosa@example.com')); select * FROM rbac.queryAllRbacSubjectsWithPermissionsFor(rbac.findEffectivePermissionId('customer', - (SELECT uuid FROM RbacObject WHERE objectTable = 'customer' LIMIT 1), + (SELECT uuid FROM rbac.RbacObject WHERE objectTable = 'customer' LIMIT 1), 'add-package')); select * FROM rbac.queryAllRbacSubjectsWithPermissionsFor(rbac.findEffectivePermissionId('package', - (SELECT uuid FROM RbacObject WHERE objectTable = 'package' LIMIT 1), + (SELECT uuid FROM rbac.RbacObject WHERE objectTable = 'package' LIMIT 1), 'DELETE')); DO LANGUAGE plpgsql diff --git a/sql/rbac-view-option-experiments.sql b/sql/rbac-view-option-experiments.sql index 6a7373c9..75668d76 100644 --- a/sql/rbac-view-option-experiments.sql +++ b/sql/rbac-view-option-experiments.sql @@ -20,7 +20,7 @@ CREATE POLICY customer_policy ON customer TO restricted USING ( -- id=1000 - rbac.isPermissionGrantedToSubject(rbac.findEffectivePermissionId('test_customer', id, 'SELECT'), rbac.currentSubjectUuid()) + rbac.isPermissionGrantedToSubject(rbac.findEffectivePermissionId('test.customer', id, 'SELECT'), rbac.currentSubjectUuid()) ); SET SESSION AUTHORIZATION restricted; @@ -31,28 +31,28 @@ SELECT * from customer; SET SESSION SESSION AUTHORIZATION DEFAULT; DROP VIEW cust_view; CREATE VIEW cust_view AS -SELECT * FROM customer; +SELECT * FROM test.customer; CREATE OR REPLACE RULE "_RETURN" AS ON SELECT TO cust_view DO INSTEAD - SELECT * FROM customer WHERE rbac.isPermissionGrantedToSubject(rbac.findEffectivePermissionId('test_customer', id, 'SELECT'), rbac.currentSubjectUuid()); + SELECT * FROM test.customer WHERE rbac.isPermissionGrantedToSubject(rbac.findEffectivePermissionId('test.customer', id, 'SELECT'), rbac.currentSubjectUuid()); SELECT * from cust_view LIMIT 10; -select queryAllPermissionsOfSubjectId(findRbacSubject('superuser-alex@hostsharing.net')); +select rbac.queryAllPermissionsOfSubjectId(findRbacSubject('superuser-alex@hostsharing.net')); -- access control via view-rule with join to recursive permissions - really fast (38ms for 1 million rows) SET SESSION SESSION AUTHORIZATION DEFAULT; -ALTER TABLE customer ENABLE ROW LEVEL SECURITY; +ALTER TABLE test.customer ENABLE ROW LEVEL SECURITY; DROP VIEW IF EXISTS cust_view; CREATE OR REPLACE VIEW cust_view AS SELECT * -FROM customer; +FROM test.customer; CREATE OR REPLACE RULE "_RETURN" AS ON SELECT TO cust_view DO INSTEAD - SELECT c.uuid, c.reference, c.prefix FROM customer AS c - JOIN queryAllPermissionsOfSubjectId(rbac.currentSubjectUuid()) AS p - ON p.objectTable='test_customer' AND p.objectUuid=c.uuid; + SELECT c.uuid, c.reference, c.prefix FROM test.customer AS c + JOIN rbac.queryAllPermissionsOfSubjectId(rbac.currentSubjectUuid()) AS p + ON p.objectTable='test.customer' AND p.objectUuid=c.uuid; GRANT ALL PRIVILEGES ON cust_view TO restricted; SET SESSION SESSION AUTHORIZATION restricted; @@ -77,13 +77,13 @@ SET hsadminng.currentSubject TO 'superuser-alex@hostsharing.net'; -- SET hsadminng.currentSubject TO 'aaaaouq@example.com'; SELECT * from cust_view where reference=1144150; -select rr.uuid, rr.type from RbacGrants g - join RbacReference RR on g.ascendantUuid = RR.uuid +select rr.uuid, rr.type from rbac.RbacGrants g + join rbac.RbacReference RR on g.ascendantUuid = RR.uuid where g.descendantUuid in ( - select uuid from queryAllPermissionsOfSubjectId(findRbacSubject('alex@example.com')) - where objectTable='test_customer'); + select uuid from rbac.queryAllPermissionsOfSubjectId(findRbacSubject('alex@example.com')) + where objectTable='test.customer'); -call grantRoleToUser(findRoleId('test_customer#aaa:ADMIN'), findRbacSubject('aaaaouq@example.com')); +call rbac.grantRoleToUser(rbac.findRoleId('test.customer#aaa:ADMIN'), rbac.findRbacSubject('aaaaouq@example.com')); -select queryAllPermissionsOfSubjectId(findRbacSubject('aaaaouq@example.com')); +select rbac.queryAllPermissionsOfSubjectId(findRbacSubject('aaaaouq@example.com')); diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/generator/InsertTriggerGenerator.java b/src/main/java/net/hostsharing/hsadminng/rbac/generator/InsertTriggerGenerator.java index 939812c1..0a070b74 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/generator/InsertTriggerGenerator.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/generator/InsertTriggerGenerator.java @@ -114,7 +114,7 @@ public class InsertTriggerGenerator { end; $$; -- z_... is to put it at the end of after insert triggers, to make sure the roles exist - create trigger z_new_${rawSubTable}_grants_after_insert_tg + create trigger z_new_${rawSubTableName}_grants_after_insert_tg after insert on ${rawSuperTableWithSchema} for each row execute procedure ${rawSuperTableSchemaName}new_${rawSubTableShortName}_grants_insert_to_${rawSuperTableShortName}_tf(); @@ -132,6 +132,7 @@ public class InsertTriggerGenerator { with("rawSuperTable", g.getSuperRoleDef().getEntityAlias().getRawTableName()), with("rawSuperTableSchemaName", g.getSuperRoleDef().getEntityAlias().getRawTableSchemaPrefix()), with("rawSubTable", g.getPermDef().getEntityAlias().getRawTableNameWithSchema()), + with("rawSubTableName", g.getPermDef().getEntityAlias().getRawTableName()), with("rawSubTableShortName", g.getPermDef().getEntityAlias().getRawTableShortName())); }); @@ -154,15 +155,16 @@ public class InsertTriggerGenerator { returns trigger language plpgsql as $$ begin - raise exception '[403] insert into ${rawSubTable} values(%) not allowed regardless of current subject, no insert permissions granted at all', NEW; + raise exception '[403] insert into ${rawSubTableWithSchema} values(%) not allowed regardless of current subject, no insert permissions granted at all', NEW; end; $$; create trigger ${rawSubTable}_insert_permission_check_tg before insert on ${rawSubTable} for each row - execute procedure ${rawSubTable}_insert_permission_missing_tf(); + execute procedure ${rawSubTableWithSchema}_insert_permission_missing_tf(); """, - with("rawSubTable", rbacDef.getRootEntityAlias().getRawTableNameWithSchema())); + with("rawSubTableWithSchema", rbacDef.getRootEntityAlias().getRawTableNameWithSchema()), + with("rawSubTable", rbacDef.getRootEntityAlias().getRawTableName())); plPgSql.writeLn("--//"); } @@ -258,17 +260,18 @@ public class InsertTriggerGenerator { private void generateInsertPermissionsChecksFooter(final StringWriter plPgSql) { plPgSql.writeLn(); plPgSql.writeLn(""" - raise exception '[403] insert into ${rawSubTable} values(%) not allowed for current subjects % (%)', + raise exception '[403] insert into ${rawSubTableWithSchema} values(%) not allowed for current subjects % (%)', NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); end; $$; create trigger ${rawSubTable}_insert_permission_check_tg - before insert on ${rawSubTable} + before insert on ${rawSubTableWithSchema} for each row - execute procedure ${rawSubTable}_insert_permission_check_tf(); + execute procedure ${rawSubTableWithSchema}_insert_permission_check_tf(); --// """, - with("rawSubTable", rbacDef.getRootEntityAlias().getRawTableNameWithSchema())); + with("rawSubTableWithSchema", rbacDef.getRootEntityAlias().getRawTableNameWithSchema()), + with("rawSubTable", rbacDef.getRootEntityAlias().getRawTableName())); } private String toStringList(final Set cases) { diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/generator/RbacObjectGenerator.java b/src/main/java/net/hostsharing/hsadminng/rbac/generator/RbacObjectGenerator.java index d6ef5e91..a83a46fd 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/generator/RbacObjectGenerator.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/generator/RbacObjectGenerator.java @@ -19,7 +19,7 @@ public class RbacObjectGenerator { -- ---------------------------------------------------------------------------- call rbac.generateRelatedRbacObject('${rawTableName}'); --// - + """, with("liquibaseTagPrefix", liquibaseTagPrefix), with("rawTableName", rawTableName)); diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/generator/RbacView.java b/src/main/java/net/hostsharing/hsadminng/rbac/generator/RbacView.java index 634d4c33..fb834679 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/generator/RbacView.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/generator/RbacView.java @@ -90,11 +90,11 @@ public class RbacView { * @param * a JPA entity class extending RbacObject */ - public static RbacView rbacViewFor(final String alias, final Class entityClass) { + public static > RbacView rbacViewFor(final String alias, final Class entityClass) { return new RbacView(alias, entityClass); } - RbacView(final String alias, final Class entityClass) { + RbacView(final String alias, final Class> entityClass) { rootEntityAlias = new EntityAlias(alias, entityClass); entityAliases.put(alias, rootEntityAlias); new RbacSubjectReference(CREATOR); @@ -121,7 +121,7 @@ public class RbacView { *

An identity view is a view which maps an objectUuid to an idName. * The idName should be a human-readable representation of the row, but as short as possible. * The idName must only consist of letters (A-Z, a-z), digits (0-9), dash (-), dot (.) and unserscore '_'. - * It's used to create the object-specific-role-names like test_customer#abc:ADMIN - here 'abc' is the idName. + * It's used to create the object-specific-role-names like test.customer#abc:ADMIN - here 'abc' is the idName. * The idName not necessarily unique in a table, but it should be avoided. *

* @@ -287,9 +287,9 @@ public class RbacView { * @param * a JPA entity class extending RbacObject */ - public RbacView importRootEntityAliasProxy( + public > RbacView importRootEntityAliasProxy( final String aliasName, - final Class entityClass, + final Class> entityClass, final ColumnValue forCase, final SQL fetchSql, final Column dependsOnColum) { @@ -313,7 +313,7 @@ public class RbacView { * a JPA entity class extending RbacObject */ public RbacView importSubEntityAlias( - final String aliasName, final Class entityClass, + final String aliasName, final Class> entityClass, final SQL fetchSql, final Column dependsOnColum) { importEntityAliasImpl(aliasName, entityClass, usingDefaultCase(), fetchSql, dependsOnColum, true, NOT_NULL); return this; @@ -350,14 +350,14 @@ public class RbacView { * a JPA entity class extending RbacObject */ public RbacView importEntityAlias( - final String aliasName, final Class entityClass, final ColumnValue usingCase, + final String aliasName, final Class> entityClass, final ColumnValue usingCase, final Column dependsOnColum, final SQL fetchSql, final Nullable nullable) { importEntityAliasImpl(aliasName, entityClass, usingCase, fetchSql, dependsOnColum, false, nullable); return this; } private EntityAlias importEntityAliasImpl( - final String aliasName, final Class entityClass, final ColumnValue usingCase, + final String aliasName, final Class> entityClass, final ColumnValue usingCase, final SQL fetchSql, final Column dependsOnColum, boolean asSubEntity, final Nullable nullable) { final var entityAlias = ofNullable(entityAliases.get(aliasName)) @@ -911,13 +911,13 @@ public class RbacView { return distinctGrantDef; } - record EntityAlias(String aliasName, Class entityClass, ColumnValue usingCase, SQL fetchSql, Column dependsOnColum, boolean isSubEntity, Nullable nullable) { + record EntityAlias(String aliasName, Class> entityClass, ColumnValue usingCase, SQL fetchSql, Column dependsOnColum, boolean isSubEntity, Nullable nullable) { public EntityAlias(final String aliasName) { this(aliasName, null, null, null, null, false, null); } - public EntityAlias(final String aliasName, final Class entityClass) { + public EntityAlias(final String aliasName, final Class> entityClass) { this(aliasName, entityClass, null, null, null, false, null); } @@ -964,7 +964,7 @@ public class RbacView { if ( aliasName.equals("rbac.global")) { return "rbac.global"; // TODO: maybe we should introduce a GlobalEntity class? } - return withoutRvSuffix(entityClass.getAnnotation(Table.class).name()); + return qualifiedRealTableName(entityClass); } String getRawTableSchemaPrefix() { @@ -1010,8 +1010,12 @@ public class RbacView { } } - public static String withoutRvSuffix(final String tableName) { - return tableName.substring(0, tableName.length() - "_rv".length()); + public static String qualifiedRealTableName(final Class> entityClass) { + final var tableAnnotation = entityClass.getAnnotation(Table.class); + final var schema = tableAnnotation.schema(); + final var tableName = tableAnnotation.name(); + final var realTableName = tableName.substring(0, tableName.length() - "_rv".length()); + return (schema.isEmpty() ? "" : (schema + ".")) + realTableName; } public enum Role { diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/generator/RolesGrantsAndPermissionsGenerator.java b/src/main/java/net/hostsharing/hsadminng/rbac/generator/RolesGrantsAndPermissionsGenerator.java index 61f5c383..663bae28 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/generator/RolesGrantsAndPermissionsGenerator.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/generator/RolesGrantsAndPermissionsGenerator.java @@ -516,7 +516,7 @@ class RolesGrantsAndPermissionsGenerator { /* AFTER INSERT TRIGGER to create the role+grant structure for a new ${rawTableName} row. */ - + create or replace function insertTriggerFor${simpleEntityName}_tf() returns trigger language plpgsql @@ -525,7 +525,7 @@ class RolesGrantsAndPermissionsGenerator { call buildRbacSystemFor${simpleEntityName}(NEW); return NEW; end; $$; - + create trigger insertTriggerFor${simpleEntityName}_tg after insert on ${rawTableName} for each row diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/generator/StringWriter.java b/src/main/java/net/hostsharing/hsadminng/rbac/generator/StringWriter.java index 346b8e4d..2b4c980e 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/generator/StringWriter.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/generator/StringWriter.java @@ -19,9 +19,11 @@ public class StringWriter { writeLn(); } - void writeLn(final String text, final VarDef... varDefs) { - string.append( indented( new VarReplacer(varDefs).apply(text) )); + String writeLn(final String text, final VarDef... varDefs) { + final var insertText = indented(new VarReplacer(varDefs).apply(text)); + string.append(insertText); writeLn(); + return insertText; } void writeLn() { diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/test/cust/TestCustomerEntity.java b/src/main/java/net/hostsharing/hsadminng/rbac/test/cust/TestCustomerEntity.java index f60fd11d..2943eaf2 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/test/cust/TestCustomerEntity.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/test/cust/TestCustomerEntity.java @@ -20,7 +20,7 @@ import static net.hostsharing.hsadminng.rbac.generator.RbacView.Role.*; import static net.hostsharing.hsadminng.rbac.generator.RbacView.rbacViewFor; @Entity -@Table(name = "test_customer_rv") +@Table(schema = "test", name = "customer_rv") @Getter @Setter @NoArgsConstructor diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/test/dom/TestDomainEntity.java b/src/main/java/net/hostsharing/hsadminng/rbac/test/dom/TestDomainEntity.java index 3af8bd66..15cd06f7 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/test/dom/TestDomainEntity.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/test/dom/TestDomainEntity.java @@ -22,7 +22,7 @@ import static net.hostsharing.hsadminng.rbac.generator.RbacView.SQL.directlyFetc import static net.hostsharing.hsadminng.rbac.generator.RbacView.rbacViewFor; @Entity -@Table(name = "test_domain_rv") +@Table(schema = "test", name = "domain_rv") @Getter @Setter @NoArgsConstructor diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/test/pac/TestPackageEntity.java b/src/main/java/net/hostsharing/hsadminng/rbac/test/pac/TestPackageEntity.java index 19e58733..5bef9680 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/test/pac/TestPackageEntity.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/test/pac/TestPackageEntity.java @@ -22,7 +22,7 @@ import static net.hostsharing.hsadminng.rbac.generator.RbacView.SQL.*; import static net.hostsharing.hsadminng.rbac.generator.RbacView.rbacViewFor; @Entity -@Table(name = "test_package_rv") +@Table(schema = "test", name = "package_rv") @Getter @Setter @NoArgsConstructor diff --git a/src/main/resources/db/changelog/0-base/000-base-schema.sql b/src/main/resources/db/changelog/0-base/000-base-schema.sql index 0f66f74c..6a50e2f0 100644 --- a/src/main/resources/db/changelog/0-base/000-base-schema.sql +++ b/src/main/resources/db/changelog/0-base/000-base-schema.sql @@ -4,5 +4,5 @@ -- ============================================================================ --changeset base-SCHEMA:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -CREATE SCHEMA base; +CREATE SCHEMA IF NOT EXISTS base; --// diff --git a/src/main/resources/db/changelog/0-base/007-table-columns.sql b/src/main/resources/db/changelog/0-base/007-table-columns.sql index 0bcf09e7..575169a1 100644 --- a/src/main/resources/db/changelog/0-base/007-table-columns.sql +++ b/src/main/resources/db/changelog/0-base/007-table-columns.sql @@ -6,15 +6,34 @@ --changeset table-columns-function:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -create or replace function base.tableColumnNames( tableName text ) +create or replace function base.tableColumnNames( ofTableName text ) returns text stable language 'plpgsql' as $$ -declare columns text[]; +declare + ofTableName text default 'test.customer'; + tableName text; + tableSchema text; + columns text[]; + columnNames text; begin + tableSchema := CASE + WHEN position('.' in ofTableName) > 0 THEN split_part(ofTableName, '.', 1) + END; + assert tableSchema = 'test', 'schema <> test'; + + tableName := CASE + WHEN position('.' in ofTableName) > 0 THEN split_part(ofTableName, '.', 2) + ELSE ofTableName + END; + assert tableName = 'customer', 'name <> customer'; + columns := (select array(select column_name::text - from information_schema.columns - where table_name = tableName)); + from information_schema.columns + where table_name = tableName + and table_schema is not distinct from tableSchema)); + assert cardinality(columns) > 0, 'cannot determine columns of table ' || ofTableName || + '("' || tableSchema || '"."' || tableName || '")'; return array_to_string(columns, ', '); end; $$ --// diff --git a/src/main/resources/db/changelog/0-base/011-table-schema-and-name.sql b/src/main/resources/db/changelog/0-base/011-table-schema-and-name.sql new file mode 100644 index 00000000..aff2d62f --- /dev/null +++ b/src/main/resources/db/changelog/0-base/011-table-schema-and-name.sql @@ -0,0 +1,18 @@ +--liquibase formatted sql + + +-- ============================================================================ +--changeset base-COMBINE-TABLE-SCHEMA-AND-NAME:1 endDelimiter:--// +-- ---------------------------------------------------------------------------- + +create or replace function base.combine_table_schema_and_name(tableSchema name, tableName name) + returns text + language plpgsql as $$ +begin + if tableSchema is null or tableSchema = 'public' or tableSchema = '' then + return tableName::text; + else + return tableSchema::text || '.' || tableName::text; + end if; +end; $$; +--// diff --git a/src/main/resources/db/changelog/0-base/020-audit-log.sql b/src/main/resources/db/changelog/0-base/020-audit-log.sql index 131660c6..5be793e3 100644 --- a/src/main/resources/db/changelog/0-base/020-audit-log.sql +++ b/src/main/resources/db/changelog/0-base/020-audit-log.sql @@ -77,9 +77,11 @@ create or replace function base.tx_journal_trigger() declare curTask text; curTxId xid8; + tableSchemaAndName text; begin curTask := base.currentTask(); curTxId := pg_current_xact_id(); + tableSchemaAndName := base.combine_table_schema_and_name(tg_table_schema, tg_table_name); insert into base.tx_context (txId, txTimestamp, currentSubject, assumedRoles, currentTask, currentRequest) @@ -90,20 +92,20 @@ begin case tg_op when 'INSERT' then insert into base.tx_journal - values (curTxId, - tg_table_name, new.uuid, tg_op::base.tx_operation, + values (curTxId, tableSchemaAndName, + new.uuid, tg_op::base.tx_operation, to_jsonb(new)); when 'UPDATE' then insert into base.tx_journal - values (curTxId, - tg_table_name, old.uuid, tg_op::base.tx_operation, + values (curTxId, tableSchemaAndName, + old.uuid, tg_op::base.tx_operation, base.jsonb_changes_delta(to_jsonb(old), to_jsonb(new))); when 'DELETE' then insert into base.tx_journal - values (curTxId, - tg_table_name, old.uuid, 'DELETE'::base.tx_operation, + values (curTxId,tableSchemaAndName, + old.uuid, 'DELETE'::base.tx_operation, null::jsonb); - else raise exception 'Trigger op % not supported for %.', tg_op, tg_table_name; + else raise exception 'Trigger op % not supported for %.', tg_op, tableSchemaAndName; end case; return null; end; $$; diff --git a/src/main/resources/db/changelog/0-base/030-historization.sql b/src/main/resources/db/changelog/0-base/030-historization.sql index 6866c15b..b6781fc9 100644 --- a/src/main/resources/db/changelog/0-base/030-historization.sql +++ b/src/main/resources/db/changelog/0-base/030-historization.sql @@ -81,8 +81,8 @@ begin "alive" := false; end if; - sql := format('INSERT INTO %3$I_ex VALUES (DEFAULT, pg_current_xact_id(), %1$L, %2$L, $1.*)', TG_OP, alive, TG_TABLE_NAME); - raise notice 'sql: %', sql; + sql := format('INSERT INTO %3$I_ex VALUES (DEFAULT, pg_current_xact_id(), %1$L, %2$L, $1.*)', + TG_OP, alive, base.combine_table_schema_and_name(tg_table_schema, tg_table_name)::name); execute sql using "row"; return "row"; diff --git a/src/main/resources/db/changelog/1-rbac/1000-rbac-schema.sql b/src/main/resources/db/changelog/1-rbac/1000-rbac-schema.sql index 14f3ba93..35662a3e 100644 --- a/src/main/resources/db/changelog/1-rbac/1000-rbac-schema.sql +++ b/src/main/resources/db/changelog/1-rbac/1000-rbac-schema.sql @@ -4,5 +4,5 @@ -- ============================================================================ --changeset rbac-SCHEMA:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -CREATE SCHEMA rbac; +CREATE SCHEMA IF NOT EXISTS rbac; --// diff --git a/src/main/resources/db/changelog/1-rbac/1050-rbac-base.sql b/src/main/resources/db/changelog/1-rbac/1050-rbac-base.sql index 6ecca849..c1345e0c 100644 --- a/src/main/resources/db/changelog/1-rbac/1050-rbac-base.sql +++ b/src/main/resources/db/changelog/1-rbac/1050-rbac-base.sql @@ -3,9 +3,7 @@ -- ============================================================================ --changeset rbac-base-REFERENCE:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -/* - */ create type rbac.ReferenceType as enum ('rbac.subject', 'rbac.role', 'rbac.permission'); create table rbac.reference @@ -120,18 +118,20 @@ create or replace function rbac.insert_related_object() strict as $$ declare objectUuid uuid; + tableSchemaAndName text; begin + tableSchemaAndName := base.combine_table_schema_and_name(TG_TABLE_SCHEMA, TG_TABLE_NAME); if TG_OP = 'INSERT' then if NEW.uuid is null then insert into rbac.object (objectTable) - values (TG_TABLE_NAME) + values (tableSchemaAndName) returning uuid into objectUuid; NEW.uuid = objectUuid; else insert into rbac.object (uuid, objectTable) - values (NEW.uuid, TG_TABLE_NAME) + values (NEW.uuid, tableSchemaAndName) returning uuid into objectUuid; end if; return NEW; diff --git a/src/main/resources/db/changelog/1-rbac/1058-rbac-generators.sql b/src/main/resources/db/changelog/1-rbac/1058-rbac-generators.sql index 728ee0bd..852bfac6 100644 --- a/src/main/resources/db/changelog/1-rbac/1058-rbac-generators.sql +++ b/src/main/resources/db/changelog/1-rbac/1058-rbac-generators.sql @@ -8,26 +8,40 @@ create or replace procedure rbac.generateRelatedRbacObject(targetTable varchar) language plpgsql as $$ declare + targetTableName text; + targetSchemaPrefix text; createInsertTriggerSQL text; createDeleteTriggerSQL text; begin + if POSITION('.' IN targetTable) > 0 then + targetSchemaPrefix := SPLIT_PART(targetTable, '.', 1) || '.'; + targetTableName := SPLIT_PART(targetTable, '.', 2); + else + targetSchemaPrefix := ''; + targetTableName := targetTable; + end if; + + if targetSchemaPrefix = '' and targetTableName = 'customer' then + raise exception 'missing targetShemaPrefix: %', targetTable; + end if; + createInsertTriggerSQL = format($sql$ - create trigger createRbacObjectFor_%s_Trigger - before insert on %s + create trigger createRbacObjectFor_%s_insert_tg_1058_25 + before insert on %s%s for each row execute procedure rbac.insert_related_object(); - $sql$, targetTable, targetTable); + $sql$, targetTableName, targetSchemaPrefix, targetTableName); execute createInsertTriggerSQL; createDeleteTriggerSQL = format($sql$ - create trigger delete_related_rbac_rules_for_%s_tg - after delete - on %s + create trigger createRbacObjectFor_%s_delete_tg_1058_35 + after delete on %s%s for each row execute procedure rbac.delete_related_rbac_rules_tf(); - $sql$, targetTable, targetTable); + $sql$, targetTableName, targetSchemaPrefix, targetTableName); execute createDeleteTriggerSQL; -end; $$; +end; +$$; --// @@ -176,7 +190,7 @@ begin */ sql := format($sql$ create or replace view %1$s_rv as - with accessible_%1$s_uuids as ( + with accessible_uuids as ( with recursive recursive_grants as (select distinct rbac.grants.descendantuuid, @@ -209,7 +223,7 @@ begin ) select target.* from %1$s as target - where target.uuid in (select * from accessible_%1$s_uuids) + where target.uuid in (select * from accessible_uuids) order by %2$s; grant all privileges on %1$s_rv to ${HSADMINNG_POSTGRES_RESTRICTED_USERNAME}; @@ -219,7 +233,7 @@ begin /** Instead of insert trigger function for the restricted view. */ - newColumns := 'new.' || replace(columnNames, ',', ', new.'); + newColumns := 'new.' || replace(columnNames, ', ', ', new.'); sql := format($sql$ create or replace function %1$sInsert() returns trigger @@ -240,7 +254,7 @@ begin Creates an instead of insert trigger for the restricted view. */ sql := format($sql$ - create trigger %1$sInsert_tg + create trigger instead_of_insert_tg instead of insert on %1$s_rv for each row @@ -269,7 +283,7 @@ begin Creates an instead of delete trigger for the restricted view. */ sql := format($sql$ - create trigger %1$sDelete_tg + create trigger instead_of_delete_tg instead of delete on %1$s_rv for each row @@ -302,7 +316,7 @@ begin Creates an instead of delete trigger for the restricted view. */ sql = format($sql$ - create trigger %1$sUpdate_tg + create trigger instead_of_update_tg instead of update on %1$s_rv for each row diff --git a/src/main/resources/db/changelog/2-test/200-test-schema.sql b/src/main/resources/db/changelog/2-test/200-test-schema.sql new file mode 100644 index 00000000..cd083d72 --- /dev/null +++ b/src/main/resources/db/changelog/2-test/200-test-schema.sql @@ -0,0 +1,8 @@ +--liquibase formatted sql + + +-- ============================================================================ +--changeset test-SCHEMA:1 endDelimiter:--// +-- ---------------------------------------------------------------------------- +CREATE SCHEMA IF NOT EXISTS test; +--// diff --git a/src/main/resources/db/changelog/2-test/201-test-customer/2010-test-customer.sql b/src/main/resources/db/changelog/2-test/201-test-customer/2010-test-customer.sql index f956cb1d..9a91e939 100644 --- a/src/main/resources/db/changelog/2-test/201-test-customer/2010-test-customer.sql +++ b/src/main/resources/db/changelog/2-test/201-test-customer/2010-test-customer.sql @@ -4,10 +4,10 @@ --changeset test-customer-MAIN-TABLE:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -create table if not exists test_customer +create table if not exists test.customer ( uuid uuid unique references rbac.object (uuid), - version int not null default 0, + version int not null default 0, reference int not null unique check (reference between 10000 and 99999), prefix character(3) unique, adminUserName varchar(63) diff --git a/src/main/resources/db/changelog/2-test/201-test-customer/2013-test-customer-rbac.sql b/src/main/resources/db/changelog/2-test/201-test-customer/2013-test-customer-rbac.sql index 37b4ea9e..a657b35d 100644 --- a/src/main/resources/db/changelog/2-test/201-test-customer/2013-test-customer-rbac.sql +++ b/src/main/resources/db/changelog/2-test/201-test-customer/2013-test-customer-rbac.sql @@ -3,21 +3,21 @@ -- ============================================================================ ---changeset test-customer-rbac-OBJECT:1 endDelimiter:--// +--changeset test.customer-rbac-OBJECT:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -call rbac.generateRelatedRbacObject('test_customer'); +call rbac.generateRelatedRbacObject('test.customer'); --// -- ============================================================================ ---changeset test-customer-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--// +--changeset test.customer-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -call rbac.generateRbacRoleDescriptors('testCustomer', 'test_customer'); +call rbac.generateRbacRoleDescriptors('testCustomer', 'test.customer'); --// -- ============================================================================ ---changeset test-customer-rbac-insert-trigger:1 endDelimiter:--// +--changeset test.customer-rbac-insert-trigger:1 endDelimiter:--// -- ---------------------------------------------------------------------------- /* @@ -25,7 +25,7 @@ call rbac.generateRbacRoleDescriptors('testCustomer', 'test_customer'); */ create or replace procedure buildRbacSystemForTestCustomer( - NEW test_customer + NEW test.customer ) language plpgsql as $$ @@ -57,7 +57,7 @@ begin end; $$; /* - AFTER INSERT TRIGGER to create the role+grant structure for a new test_customer row. + AFTER INSERT TRIGGER to create the role+grant structure for a new test.customer row. */ create or replace function insertTriggerForTestCustomer_tf() @@ -70,68 +70,68 @@ begin end; $$; create trigger insertTriggerForTestCustomer_tg - after insert on test_customer + after insert on test.customer for each row execute procedure insertTriggerForTestCustomer_tf(); --// -- ============================================================================ ---changeset test-customer-rbac-GRANTING-INSERT-PERMISSION:1 endDelimiter:--// +--changeset test.customer-rbac-GRANTING-INSERT-PERMISSION:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -- granting INSERT permission to rbac.global ---------------------------- /* - Grants INSERT INTO test_customer permissions to specified role of pre-existing rbac.global rows. + Grants INSERT INTO test.customer permissions to specified role of pre-existing rbac.global rows. */ do language plpgsql $$ declare row rbac.global; begin - call base.defineContext('create INSERT INTO test_customer permissions for pre-exising rbac.global rows'); + call base.defineContext('create INSERT INTO test.customer permissions for pre-exising rbac.global rows'); FOR row IN SELECT * FROM rbac.global -- unconditional for all rows in that table LOOP call rbac.grantPermissionToRole( - rbac.createPermission(row.uuid, 'INSERT', 'test_customer'), + rbac.createPermission(row.uuid, 'INSERT', 'test.customer'), rbac.globalADMIN()); END LOOP; end; $$; /** - Grants test_customer INSERT permission to specified role of new global rows. + Grants test.customer INSERT permission to specified role of new global rows. */ -create or replace function rbac.new_test_customer_grants_insert_to_global_tf() +create or replace function rbac.new_customer_grants_insert_to_global_tf() returns trigger language plpgsql strict as $$ begin -- unconditional for all rows in that table call rbac.grantPermissionToRole( - rbac.createPermission(NEW.uuid, 'INSERT', 'test_customer'), + rbac.createPermission(NEW.uuid, 'INSERT', 'test.customer'), rbac.globalADMIN()); -- end. return NEW; end; $$; -- z_... is to put it at the end of after insert triggers, to make sure the roles exist -create trigger z_new_test_customer_grants_after_insert_tg +create trigger z_new_customer_grants_after_insert_tg after insert on rbac.global for each row -execute procedure rbac.new_test_customer_grants_insert_to_global_tf(); +execute procedure rbac.new_customer_grants_insert_to_global_tf(); -- ============================================================================ ---changeset test_customer-rbac-CHECKING-INSERT-PERMISSION:1 endDelimiter:--// +--changeset test.customer-rbac-CHECKING-INSERT-PERMISSION:1 endDelimiter:--// -- ---------------------------------------------------------------------------- /** - Checks if the user respectively the assumed roles are allowed to insert a row to test_customer. + Checks if the user respectively the assumed roles are allowed to insert a row to test.customer. */ -create or replace function test_customer_insert_permission_check_tf() +create or replace function test.customer_insert_permission_check_tf() returns trigger language plpgsql as $$ declare @@ -142,22 +142,22 @@ begin return NEW; end if; - raise exception '[403] insert into test_customer values(%) not allowed for current subjects % (%)', + raise exception '[403] insert into test.customer values(%) not allowed for current subjects % (%)', NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); end; $$; -create trigger test_customer_insert_permission_check_tg - before insert on test_customer +create trigger customer_insert_permission_check_tg + before insert on test.customer for each row - execute procedure test_customer_insert_permission_check_tf(); + execute procedure test.customer_insert_permission_check_tf(); --// -- ============================================================================ ---changeset test-customer-rbac-IDENTITY-VIEW:1 endDelimiter:--// +--changeset test.customer-rbac-IDENTITY-VIEW:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -call rbac.generateRbacIdentityViewFromProjection('test_customer', +call rbac.generateRbacIdentityViewFromProjection('test.customer', $idName$ prefix $idName$); @@ -165,9 +165,9 @@ call rbac.generateRbacIdentityViewFromProjection('test_customer', -- ============================================================================ ---changeset test-customer-rbac-RESTRICTED-VIEW:1 endDelimiter:--// +--changeset test.customer-rbac-RESTRICTED-VIEW:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -call rbac.generateRbacRestrictedView('test_customer', +call rbac.generateRbacRestrictedView('test.customer', $orderBy$ reference $orderBy$, diff --git a/src/main/resources/db/changelog/2-test/201-test-customer/2018-test-customer-test-data.sql b/src/main/resources/db/changelog/2-test/201-test-customer/2018-test-customer-test-data.sql index b1139e53..427eea88 100644 --- a/src/main/resources/db/changelog/2-test/201-test-customer/2018-test-customer-test-data.sql +++ b/src/main/resources/db/changelog/2-test/201-test-customer/2018-test-customer-test-data.sql @@ -28,18 +28,18 @@ declare custRowId uuid; custAdminName varchar; custAdminUuid uuid; - newCust test_customer; + newCust test.customer; begin custRowId = uuid_generate_v4(); custAdminName = 'customer-admin@' || custPrefix || '.example.com'; custAdminUuid = rbac.create_subject(custAdminName); insert - into test_customer (reference, prefix, adminUserName) + into test.customer (reference, prefix, adminUserName) values (custReference, custPrefix, custAdminName); select * into newCust - from test_customer where reference=custReference; + from test.customer where reference=custReference; call rbac.grantRoleToSubject( rbac.getRoleId(testCustomerOwner(newCust)), rbac.getRoleId(testCustomerAdmin(newCust)), diff --git a/src/main/resources/db/changelog/2-test/202-test-package/2020-test-package.sql b/src/main/resources/db/changelog/2-test/202-test-package/2020-test-package.sql index 794f558f..c12ead61 100644 --- a/src/main/resources/db/changelog/2-test/202-test-package/2020-test-package.sql +++ b/src/main/resources/db/changelog/2-test/202-test-package/2020-test-package.sql @@ -4,11 +4,11 @@ --changeset test-package-MAIN-TABLE:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -create table if not exists test_package +create table if not exists test.package ( uuid uuid unique references rbac.object (uuid), version int not null default 0, - customerUuid uuid references test_customer (uuid), + customerUuid uuid references test.customer (uuid), name varchar(5), description varchar(96) ); diff --git a/src/main/resources/db/changelog/2-test/202-test-package/2023-test-package-rbac.sql b/src/main/resources/db/changelog/2-test/202-test-package/2023-test-package-rbac.sql index f857d51a..46c0e9c4 100644 --- a/src/main/resources/db/changelog/2-test/202-test-package/2023-test-package-rbac.sql +++ b/src/main/resources/db/changelog/2-test/202-test-package/2023-test-package-rbac.sql @@ -3,21 +3,21 @@ -- ============================================================================ ---changeset test-package-rbac-OBJECT:1 endDelimiter:--// +--changeset test.package-rbac-OBJECT:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -call rbac.generateRelatedRbacObject('test_package'); +call rbac.generateRelatedRbacObject('test.package'); --// -- ============================================================================ ---changeset test-package-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--// +--changeset test.package-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -call rbac.generateRbacRoleDescriptors('testPackage', 'test_package'); +call rbac.generateRbacRoleDescriptors('testPackage', 'test.package'); --// -- ============================================================================ ---changeset test-package-rbac-insert-trigger:1 endDelimiter:--// +--changeset test.package-rbac-insert-trigger:1 endDelimiter:--// -- ---------------------------------------------------------------------------- /* @@ -25,17 +25,17 @@ call rbac.generateRbacRoleDescriptors('testPackage', 'test_package'); */ create or replace procedure buildRbacSystemForTestPackage( - NEW test_package + NEW test.package ) language plpgsql as $$ declare - newCustomer test_customer; + newCustomer test.customer; begin call rbac.enterTriggerForObjectUuid(NEW.uuid); - SELECT * FROM test_customer WHERE uuid = NEW.customerUuid INTO newCustomer; + SELECT * FROM test.customer WHERE uuid = NEW.customerUuid INTO newCustomer; assert newCustomer.uuid is not null, format('newCustomer must not be null for NEW.customerUuid = %s', NEW.customerUuid); @@ -61,7 +61,7 @@ begin end; $$; /* - AFTER INSERT TRIGGER to create the role+grant structure for a new test_package row. + AFTER INSERT TRIGGER to create the role+grant structure for a new test.package row. */ create or replace function insertTriggerForTestPackage_tf() @@ -74,14 +74,14 @@ begin end; $$; create trigger insertTriggerForTestPackage_tg - after insert on test_package + after insert on test.package for each row execute procedure insertTriggerForTestPackage_tf(); --// -- ============================================================================ ---changeset test-package-rbac-update-trigger:1 endDelimiter:--// +--changeset test.package-rbac-update-trigger:1 endDelimiter:--// -- ---------------------------------------------------------------------------- /* @@ -89,22 +89,22 @@ execute procedure insertTriggerForTestPackage_tf(); */ create or replace procedure updateRbacRulesForTestPackage( - OLD test_package, - NEW test_package + OLD test.package, + NEW test.package ) language plpgsql as $$ declare - oldCustomer test_customer; - newCustomer test_customer; + oldCustomer test.customer; + newCustomer test.customer; begin call rbac.enterTriggerForObjectUuid(NEW.uuid); - SELECT * FROM test_customer WHERE uuid = OLD.customerUuid INTO oldCustomer; + SELECT * FROM test.customer WHERE uuid = OLD.customerUuid INTO oldCustomer; assert oldCustomer.uuid is not null, format('oldCustomer must not be null for OLD.customerUuid = %s', OLD.customerUuid); - SELECT * FROM test_customer WHERE uuid = NEW.customerUuid INTO newCustomer; + SELECT * FROM test.customer WHERE uuid = NEW.customerUuid INTO newCustomer; assert newCustomer.uuid is not null, format('newCustomer must not be null for NEW.customerUuid = %s', NEW.customerUuid); @@ -122,7 +122,7 @@ begin end; $$; /* - AFTER INSERT TRIGGER to re-wire the grant structure for a new test_package row. + AFTER INSERT TRIGGER to re-wire the grant structure for a new test.package row. */ create or replace function updateTriggerForTestPackage_tf() @@ -135,94 +135,94 @@ begin end; $$; create trigger updateTriggerForTestPackage_tg - after update on test_package + after update on test.package for each row execute procedure updateTriggerForTestPackage_tf(); --// -- ============================================================================ ---changeset test-package-rbac-GRANTING-INSERT-PERMISSION:1 endDelimiter:--// +--changeset test.package-rbac-GRANTING-INSERT-PERMISSION:1 endDelimiter:--// -- ---------------------------------------------------------------------------- --- granting INSERT permission to test_customer ---------------------------- +-- granting INSERT permission to test.customer ---------------------------- /* - Grants INSERT INTO test_package permissions to specified role of pre-existing test_customer rows. + Grants INSERT INTO test.package permissions to specified role of pre-existing test.customer rows. */ do language plpgsql $$ declare - row test_customer; + row test.customer; begin - call base.defineContext('create INSERT INTO test_package permissions for pre-exising test_customer rows'); + call base.defineContext('create INSERT INTO test.package permissions for pre-exising test.customer rows'); - FOR row IN SELECT * FROM test_customer + FOR row IN SELECT * FROM test.customer -- unconditional for all rows in that table LOOP call rbac.grantPermissionToRole( - rbac.createPermission(row.uuid, 'INSERT', 'test_package'), + rbac.createPermission(row.uuid, 'INSERT', 'test.package'), testCustomerADMIN(row)); END LOOP; end; $$; /** - Grants test_package INSERT permission to specified role of new test_customer rows. + Grants test.package INSERT permission to specified role of new customer rows. */ -create or replace function new_test_package_grants_insert_to_test_customer_tf() +create or replace function test.new_package_grants_insert_to_customer_tf() returns trigger language plpgsql strict as $$ begin -- unconditional for all rows in that table call rbac.grantPermissionToRole( - rbac.createPermission(NEW.uuid, 'INSERT', 'test_package'), + rbac.createPermission(NEW.uuid, 'INSERT', 'test.package'), testCustomerADMIN(NEW)); -- end. return NEW; end; $$; -- z_... is to put it at the end of after insert triggers, to make sure the roles exist -create trigger z_new_test_package_grants_after_insert_tg - after insert on test_customer +create trigger z_new_package_grants_after_insert_tg + after insert on test.customer for each row -execute procedure new_test_package_grants_insert_to_test_customer_tf(); +execute procedure test.new_package_grants_insert_to_customer_tf(); -- ============================================================================ ---changeset test_package-rbac-CHECKING-INSERT-PERMISSION:1 endDelimiter:--// +--changeset test.package-rbac-CHECKING-INSERT-PERMISSION:1 endDelimiter:--// -- ---------------------------------------------------------------------------- /** - Checks if the user respectively the assumed roles are allowed to insert a row to test_package. + Checks if the user respectively the assumed roles are allowed to insert a row to test.package. */ -create or replace function test_package_insert_permission_check_tf() +create or replace function test.package_insert_permission_check_tf() returns trigger language plpgsql as $$ declare superObjectUuid uuid; begin -- check INSERT permission via direct foreign key: NEW.customerUuid - if rbac.hasInsertPermission(NEW.customerUuid, 'test_package') then + if rbac.hasInsertPermission(NEW.customerUuid, 'test.package') then return NEW; end if; - raise exception '[403] insert into test_package values(%) not allowed for current subjects % (%)', + raise exception '[403] insert into test.package values(%) not allowed for current subjects % (%)', NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); end; $$; -create trigger test_package_insert_permission_check_tg - before insert on test_package +create trigger package_insert_permission_check_tg + before insert on test.package for each row - execute procedure test_package_insert_permission_check_tf(); + execute procedure test.package_insert_permission_check_tf(); --// -- ============================================================================ ---changeset test-package-rbac-IDENTITY-VIEW:1 endDelimiter:--// +--changeset test.package-rbac-IDENTITY-VIEW:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -call rbac.generateRbacIdentityViewFromProjection('test_package', +call rbac.generateRbacIdentityViewFromProjection('test.package', $idName$ name $idName$); @@ -230,9 +230,9 @@ call rbac.generateRbacIdentityViewFromProjection('test_package', -- ============================================================================ ---changeset test-package-rbac-RESTRICTED-VIEW:1 endDelimiter:--// +--changeset test.package-rbac-RESTRICTED-VIEW:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -call rbac.generateRbacRestrictedView('test_package', +call rbac.generateRbacRestrictedView('test.package', $orderBy$ name $orderBy$, diff --git a/src/main/resources/db/changelog/2-test/202-test-package/2028-test-package-test-data.sql b/src/main/resources/db/changelog/2-test/202-test-package/2028-test-package-test-data.sql index 84da3839..d7a03b43 100644 --- a/src/main/resources/db/changelog/2-test/202-test-package/2028-test-package-test-data.sql +++ b/src/main/resources/db/changelog/2-test/202-test-package/2028-test-package-test-data.sql @@ -9,23 +9,23 @@ create or replace procedure createPackageTestData(customerPrefix varchar, pacCount int) language plpgsql as $$ declare - cust test_customer; + cust test.customer; custAdminUser varchar; custAdminRole varchar; pacName varchar; - pac test_package; + pac test.package; begin - select * from test_customer where test_customer.prefix = customerPrefix into cust; + select * from test.customer where test.customer.prefix = customerPrefix into cust; for t in 0..(pacCount-1) loop pacName = cust.prefix || to_char(t, 'fm00'); custAdminUser = 'customer-admin@' || cust.prefix || '.example.com'; - custAdminRole = 'test_customer#' || cust.prefix || ':ADMIN'; + custAdminRole = 'test.customer#' || cust.prefix || ':ADMIN'; call base.defineContext('creating RBAC test package', null, 'superuser-fran@hostsharing.net', custAdminRole); insert - into test_package (customerUuid, name, description) + into test.package (customerUuid, name, description) values (cust.uuid, pacName, 'Here you can add your own description of package ' || pacName || '.') returning * into pac; @@ -44,9 +44,9 @@ end; $$; create or replace procedure createPackageTestData() language plpgsql as $$ declare - cust test_customer; + cust test.customer; begin - for cust in (select * from test_customer) + for cust in (select * from test.customer) loop continue when cust.reference >= 90000; -- reserved for functional testing call createPackageTestData(cust.prefix, 3); diff --git a/src/main/resources/db/changelog/2-test/203-test-domain/2030-test-domain.sql b/src/main/resources/db/changelog/2-test/203-test-domain/2030-test-domain.sql index c4318617..1280674f 100644 --- a/src/main/resources/db/changelog/2-test/203-test-domain/2030-test-domain.sql +++ b/src/main/resources/db/changelog/2-test/203-test-domain/2030-test-domain.sql @@ -4,10 +4,10 @@ --changeset test-domain-MAIN-TABLE:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -create table if not exists test_domain +create table if not exists test.domain ( uuid uuid unique references rbac.object (uuid), - packageUuid uuid references test_package (uuid), + packageUuid uuid references test.package (uuid), name character varying(253), description character varying(96) ); diff --git a/src/main/resources/db/changelog/2-test/203-test-domain/2033-test-domain-rbac.sql b/src/main/resources/db/changelog/2-test/203-test-domain/2033-test-domain-rbac.sql index a09dc12a..40064ad0 100644 --- a/src/main/resources/db/changelog/2-test/203-test-domain/2033-test-domain-rbac.sql +++ b/src/main/resources/db/changelog/2-test/203-test-domain/2033-test-domain-rbac.sql @@ -3,21 +3,21 @@ -- ============================================================================ ---changeset test-domain-rbac-OBJECT:1 endDelimiter:--// +--changeset test.domain-rbac-OBJECT:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -call rbac.generateRelatedRbacObject('test_domain'); +call rbac.generateRelatedRbacObject('test.domain'); --// -- ============================================================================ ---changeset test-domain-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--// +--changeset test.domain-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -call rbac.generateRbacRoleDescriptors('testDomain', 'test_domain'); +call rbac.generateRbacRoleDescriptors('testDomain', 'test.domain'); --// -- ============================================================================ ---changeset test-domain-rbac-insert-trigger:1 endDelimiter:--// +--changeset test.domain-rbac-insert-trigger:1 endDelimiter:--// -- ---------------------------------------------------------------------------- /* @@ -25,17 +25,17 @@ call rbac.generateRbacRoleDescriptors('testDomain', 'test_domain'); */ create or replace procedure buildRbacSystemForTestDomain( - NEW test_domain + NEW test.domain ) language plpgsql as $$ declare - newPackage test_package; + newPackage test.package; begin call rbac.enterTriggerForObjectUuid(NEW.uuid); - SELECT * FROM test_package WHERE uuid = NEW.packageUuid INTO newPackage; + SELECT * FROM test.package WHERE uuid = NEW.packageUuid INTO newPackage; assert newPackage.uuid is not null, format('newPackage must not be null for NEW.packageUuid = %s', NEW.packageUuid); @@ -57,7 +57,7 @@ begin end; $$; /* - AFTER INSERT TRIGGER to create the role+grant structure for a new test_domain row. + AFTER INSERT TRIGGER to create the role+grant structure for a new test.domain row. */ create or replace function insertTriggerForTestDomain_tf() @@ -70,14 +70,14 @@ begin end; $$; create trigger insertTriggerForTestDomain_tg - after insert on test_domain + after insert on test.domain for each row execute procedure insertTriggerForTestDomain_tf(); --// -- ============================================================================ ---changeset test-domain-rbac-update-trigger:1 endDelimiter:--// +--changeset test.domain-rbac-update-trigger:1 endDelimiter:--// -- ---------------------------------------------------------------------------- /* @@ -85,22 +85,22 @@ execute procedure insertTriggerForTestDomain_tf(); */ create or replace procedure updateRbacRulesForTestDomain( - OLD test_domain, - NEW test_domain + OLD test.domain, + NEW test.domain ) language plpgsql as $$ declare - oldPackage test_package; - newPackage test_package; + oldPackage test.package; + newPackage test.package; begin call rbac.enterTriggerForObjectUuid(NEW.uuid); - SELECT * FROM test_package WHERE uuid = OLD.packageUuid INTO oldPackage; + SELECT * FROM test.package WHERE uuid = OLD.packageUuid INTO oldPackage; assert oldPackage.uuid is not null, format('oldPackage must not be null for OLD.packageUuid = %s', OLD.packageUuid); - SELECT * FROM test_package WHERE uuid = NEW.packageUuid INTO newPackage; + SELECT * FROM test.package WHERE uuid = NEW.packageUuid INTO newPackage; assert newPackage.uuid is not null, format('newPackage must not be null for NEW.packageUuid = %s', NEW.packageUuid); @@ -121,7 +121,7 @@ begin end; $$; /* - AFTER INSERT TRIGGER to re-wire the grant structure for a new test_domain row. + AFTER INSERT TRIGGER to re-wire the grant structure for a new test.domain row. */ create or replace function updateTriggerForTestDomain_tf() @@ -134,94 +134,94 @@ begin end; $$; create trigger updateTriggerForTestDomain_tg - after update on test_domain + after update on test.domain for each row execute procedure updateTriggerForTestDomain_tf(); --// -- ============================================================================ ---changeset test-domain-rbac-GRANTING-INSERT-PERMISSION:1 endDelimiter:--// +--changeset test.domain-rbac-GRANTING-INSERT-PERMISSION:1 endDelimiter:--// -- ---------------------------------------------------------------------------- --- granting INSERT permission to test_package ---------------------------- +-- granting INSERT permission to test.package ---------------------------- /* - Grants INSERT INTO test_domain permissions to specified role of pre-existing test_package rows. + Grants INSERT INTO test.domain permissions to specified role of pre-existing test.package rows. */ do language plpgsql $$ declare - row test_package; + row test.package; begin - call base.defineContext('create INSERT INTO test_domain permissions for pre-exising test_package rows'); + call base.defineContext('create INSERT INTO test.domain permissions for pre-exising test.package rows'); - FOR row IN SELECT * FROM test_package + FOR row IN SELECT * FROM test.package -- unconditional for all rows in that table LOOP call rbac.grantPermissionToRole( - rbac.createPermission(row.uuid, 'INSERT', 'test_domain'), + rbac.createPermission(row.uuid, 'INSERT', 'test.domain'), testPackageADMIN(row)); END LOOP; end; $$; /** - Grants test_domain INSERT permission to specified role of new test_package rows. + Grants test.domain INSERT permission to specified role of new package rows. */ -create or replace function new_test_domain_grants_insert_to_test_package_tf() +create or replace function test.new_domain_grants_insert_to_package_tf() returns trigger language plpgsql strict as $$ begin -- unconditional for all rows in that table call rbac.grantPermissionToRole( - rbac.createPermission(NEW.uuid, 'INSERT', 'test_domain'), + rbac.createPermission(NEW.uuid, 'INSERT', 'test.domain'), testPackageADMIN(NEW)); -- end. return NEW; end; $$; -- z_... is to put it at the end of after insert triggers, to make sure the roles exist -create trigger z_new_test_domain_grants_after_insert_tg - after insert on test_package +create trigger z_new_domain_grants_after_insert_tg + after insert on test.package for each row -execute procedure new_test_domain_grants_insert_to_test_package_tf(); +execute procedure test.new_domain_grants_insert_to_package_tf(); -- ============================================================================ ---changeset test_domain-rbac-CHECKING-INSERT-PERMISSION:1 endDelimiter:--// +--changeset test.domain-rbac-CHECKING-INSERT-PERMISSION:1 endDelimiter:--// -- ---------------------------------------------------------------------------- /** - Checks if the user respectively the assumed roles are allowed to insert a row to test_domain. + Checks if the user respectively the assumed roles are allowed to insert a row to test.domain. */ -create or replace function test_domain_insert_permission_check_tf() +create or replace function test.domain_insert_permission_check_tf() returns trigger language plpgsql as $$ declare superObjectUuid uuid; begin -- check INSERT permission via direct foreign key: NEW.packageUuid - if rbac.hasInsertPermission(NEW.packageUuid, 'test_domain') then + if rbac.hasInsertPermission(NEW.packageUuid, 'test.domain') then return NEW; end if; - raise exception '[403] insert into test_domain values(%) not allowed for current subjects % (%)', + raise exception '[403] insert into test.domain values(%) not allowed for current subjects % (%)', NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); end; $$; -create trigger test_domain_insert_permission_check_tg - before insert on test_domain +create trigger domain_insert_permission_check_tg + before insert on test.domain for each row - execute procedure test_domain_insert_permission_check_tf(); + execute procedure test.domain_insert_permission_check_tf(); --// -- ============================================================================ ---changeset test-domain-rbac-IDENTITY-VIEW:1 endDelimiter:--// +--changeset test.domain-rbac-IDENTITY-VIEW:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -call rbac.generateRbacIdentityViewFromProjection('test_domain', +call rbac.generateRbacIdentityViewFromProjection('test.domain', $idName$ name $idName$); @@ -229,9 +229,9 @@ call rbac.generateRbacIdentityViewFromProjection('test_domain', -- ============================================================================ ---changeset test-domain-rbac-RESTRICTED-VIEW:1 endDelimiter:--// +--changeset test.domain-rbac-RESTRICTED-VIEW:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -call rbac.generateRbacRestrictedView('test_domain', +call rbac.generateRbacRestrictedView('test.domain', $orderBy$ name $orderBy$, diff --git a/src/main/resources/db/changelog/2-test/203-test-domain/2038-test-domain-test-data.sql b/src/main/resources/db/changelog/2-test/203-test-domain/2038-test-domain-test-data.sql index 814be277..3a3f366f 100644 --- a/src/main/resources/db/changelog/2-test/203-test-domain/2038-test-domain-test-data.sql +++ b/src/main/resources/db/changelog/2-test/203-test-domain/2038-test-domain-test-data.sql @@ -13,8 +13,8 @@ declare pacAdmin varchar; begin select p.uuid, p.name, c.prefix as custPrefix - from test_package p - join test_customer c on p.customeruuid = c.uuid + from test.package p + join test.customer c on p.customeruuid = c.uuid where p.name = packageName into pac; @@ -24,7 +24,7 @@ begin call base.defineContext('creating RBAC test domain', null, pacAdmin, null); insert - into test_domain (name, packageUuid) + into test.domain (name, packageUuid) values (pac.name || '-' || base.intToVarChar(t, 4), pac.uuid); end loop; end; $$; @@ -41,8 +41,8 @@ declare begin for pac in (select p.uuid, p.name - from test_package p - join test_customer c on p.customeruuid = c.uuid + from test.package p + join test.customer c on p.customeruuid = c.uuid where c.reference < 90000) -- reserved for functional testing loop call createdomainTestData(pac.name, 2); diff --git a/src/main/resources/db/changelog/db.changelog-master.yaml b/src/main/resources/db/changelog/db.changelog-master.yaml index 022ad363..e950aa5f 100644 --- a/src/main/resources/db/changelog/db.changelog-master.yaml +++ b/src/main/resources/db/changelog/db.changelog-master.yaml @@ -21,6 +21,8 @@ databaseChangeLog: file: db/changelog/0-base/009-check-environment.sql - include: file: db/changelog/0-base/010-context.sql + - include: + file: db/changelog/0-base/011-table-schema-and-name.sql - include: file: db/changelog/0-base/020-audit-log.sql - include: @@ -47,6 +49,8 @@ databaseChangeLog: file: db/changelog/1-rbac/1059-rbac-statistics.sql - include: file: db/changelog/1-rbac/1080-rbac-global.sql + - include: + file: db/changelog/2-test/200-test-schema.sql - include: file: db/changelog/2-test/201-test-customer/2010-test-customer.sql - include: diff --git a/src/test/java/net/hostsharing/hsadminng/hs/migration/CsvDataImport.java b/src/test/java/net/hostsharing/hsadminng/hs/migration/CsvDataImport.java index 4aaac7aa..3323419c 100644 --- a/src/test/java/net/hostsharing/hsadminng/hs/migration/CsvDataImport.java +++ b/src/test/java/net/hostsharing/hsadminng/hs/migration/CsvDataImport.java @@ -289,9 +289,9 @@ public class CsvDataImport extends ContextBasedTest { protected void deleteFromTestTables() { jpaAttempt.transacted(() -> { context(rbacSuperuser); - em.createNativeQuery("delete from test_domain where true").executeUpdate(); - em.createNativeQuery("delete from test_package where true").executeUpdate(); - em.createNativeQuery("delete from test_customer where true").executeUpdate(); + em.createNativeQuery("delete from test.domain where true").executeUpdate(); + em.createNativeQuery("delete from test.package where true").executeUpdate(); + em.createNativeQuery("delete from test.customer where true").executeUpdate(); }).assertSuccessful(); } diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/context/ContextIntegrationTests.java b/src/test/java/net/hostsharing/hsadminng/rbac/context/ContextIntegrationTests.java index 1b3fded5..2d83df6b 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/context/ContextIntegrationTests.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/context/ContextIntegrationTests.java @@ -62,13 +62,13 @@ class ContextIntegrationTests { void defineWithoutcurrentSubjectButWithAssumedRoles() { // when final var result = jpaAttempt.transacted(() -> - context.define(null, "test_package#yyy00:ADMIN") + context.define(null, "test.package#yyy00:ADMIN") ); // then result.assertExceptionWithRootCauseMessage( jakarta.persistence.PersistenceException.class, - "ERROR: [403] undefined has no permission to assume role test_package#yyy00:ADMIN"); + "ERROR: [403] undefined has no permission to assume role test.package#yyy00:ADMIN"); } @Test @@ -88,7 +88,7 @@ class ContextIntegrationTests { @Transactional void defineWithcurrentSubjectAndAssumedRoles() { // given - context.define("superuser-alex@hostsharing.net", "test_customer#xxx:OWNER;test_customer#yyy:OWNER"); + context.define("superuser-alex@hostsharing.net", "test.customer#xxx:OWNER;test.customer#yyy:OWNER"); // when final var currentSubject = context.fetchCurrentSubject(); @@ -96,7 +96,7 @@ class ContextIntegrationTests { // then assertThat(context.fetchAssumedRoles()) - .isEqualTo(Array.of("test_customer#xxx:OWNER", "test_customer#yyy:OWNER")); + .isEqualTo(Array.of("test.customer#xxx:OWNER", "test.customer#yyy:OWNER")); assertThat(context.fetchCurrentSubjectOrAssumedRolesUuids()).hasSize(2); } @@ -104,12 +104,12 @@ class ContextIntegrationTests { public void defineContextWithcurrentSubjectAndAssumeInaccessibleRole() { // when final var result = jpaAttempt.transacted(() -> - context.define("customer-admin@xxx.example.com", "test_package#yyy00:ADMIN") + context.define("customer-admin@xxx.example.com", "test.package#yyy00:ADMIN") ); // then result.assertExceptionWithRootCauseMessage( jakarta.persistence.PersistenceException.class, - "ERROR: [403] subject customer-admin@xxx.example.com has no permission to assume role test_package#yyy00:ADMIN"); + "ERROR: [403] subject customer-admin@xxx.example.com has no permission to assume role test.package#yyy00:ADMIN"); } } diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/grant/RbacGrantControllerAcceptanceTest.java b/src/test/java/net/hostsharing/hsadminng/rbac/grant/RbacGrantControllerAcceptanceTest.java index 16a08fdc..b765b055 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/grant/RbacGrantControllerAcceptanceTest.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/grant/RbacGrantControllerAcceptanceTest.java @@ -71,16 +71,16 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest { .body("", hasItem( allOf( // TODO: should there be a grantedByRole or just a grantedByTrigger? - hasEntry("grantedByRoleIdName", "test_customer#xxx:OWNER"), - hasEntry("grantedRoleIdName", "test_customer#xxx:ADMIN"), + hasEntry("grantedByRoleIdName", "test.customer#xxx:OWNER"), + hasEntry("grantedRoleIdName", "test.customer#xxx:ADMIN"), hasEntry("granteeSubjectName", "customer-admin@xxx.example.com") ) )) .body("", hasItem( allOf( // TODO: should there be a grantedByRole or just a grantedByTrigger? - hasEntry("grantedByRoleIdName", "test_customer#yyy:OWNER"), - hasEntry("grantedRoleIdName", "test_customer#yyy:ADMIN"), + hasEntry("grantedByRoleIdName", "test.customer#yyy:OWNER"), + hasEntry("grantedRoleIdName", "test.customer#yyy:ADMIN"), hasEntry("granteeSubjectName", "customer-admin@yyy.example.com") ) )) @@ -93,15 +93,15 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest { )) .body("", hasItem( allOf( - hasEntry("grantedByRoleIdName", "test_customer#xxx:ADMIN"), - hasEntry("grantedRoleIdName", "test_package#xxx00:ADMIN"), + hasEntry("grantedByRoleIdName", "test.customer#xxx:ADMIN"), + hasEntry("grantedRoleIdName", "test.package#xxx00:ADMIN"), hasEntry("granteeSubjectName", "pac-admin-xxx00@xxx.example.com") ) )) .body("", hasItem( allOf( - hasEntry("grantedByRoleIdName", "test_customer#zzz:ADMIN"), - hasEntry("grantedRoleIdName", "test_package#zzz02:ADMIN"), + hasEntry("grantedByRoleIdName", "test.customer#zzz:ADMIN"), + hasEntry("grantedRoleIdName", "test.package#zzz02:ADMIN"), hasEntry("granteeSubjectName", "pac-admin-zzz02@zzz.example.com") ) )) @@ -114,7 +114,7 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest { RestAssured // @formatter:off .given() .header("current-subject", "superuser-alex@hostsharing.net") - .header("assumed-roles", "test_package#yyy00:ADMIN") + .header("assumed-roles", "test.package#yyy00:ADMIN") .port(port) .when() .get("http://localhost/api/rbac/grants") @@ -123,8 +123,8 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest { .contentType("application/json") .body("", hasItem( allOf( - hasEntry("grantedByRoleIdName", "test_customer#yyy:ADMIN"), - hasEntry("grantedRoleIdName", "test_package#yyy00:ADMIN"), + hasEntry("grantedByRoleIdName", "test.customer#yyy:ADMIN"), + hasEntry("grantedRoleIdName", "test.package#yyy00:ADMIN"), hasEntry("granteeSubjectName", "pac-admin-yyy00@yyy.example.com") ) )) @@ -145,13 +145,13 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest { .contentType("application/json") .body("", hasItem( allOf( - hasEntry("grantedByRoleIdName", "test_customer#yyy:ADMIN"), - hasEntry("grantedRoleIdName", "test_package#yyy00:ADMIN"), + hasEntry("grantedByRoleIdName", "test.customer#yyy:ADMIN"), + hasEntry("grantedRoleIdName", "test.package#yyy00:ADMIN"), hasEntry("granteeSubjectName", "pac-admin-yyy00@yyy.example.com") ) )) - .body("[0].grantedByRoleIdName", is("test_customer#yyy:ADMIN")) - .body("[0].grantedRoleIdName", is("test_package#yyy00:ADMIN")) + .body("[0].grantedByRoleIdName", is("test.customer#yyy:ADMIN")) + .body("[0].grantedRoleIdName", is("test.package#yyy00:ADMIN")) .body("[0].granteeSubjectName", is("pac-admin-yyy00@yyy.example.com")); // @formatter:on } @@ -165,7 +165,7 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest { // given final var givencurrentSubjectAsPackageAdmin = new Subject("customer-admin@xxx.example.com"); final var givenGranteeUser = findRbacSubjectByName("pac-admin-xxx00@xxx.example.com"); - final var givenGrantedRole = getRbacRoleByName("test_package#xxx00:ADMIN"); + final var givenGrantedRole = getRbacRoleByName("test.package#xxx00:ADMIN"); // when final var grant = givencurrentSubjectAsPackageAdmin.getGrantById() @@ -174,8 +174,8 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest { // then grant.assertThat() .statusCode(200) - .body("grantedByRoleIdName", is("test_customer#xxx:ADMIN")) - .body("grantedRoleIdName", is("test_package#xxx00:ADMIN")) + .body("grantedByRoleIdName", is("test.customer#xxx:ADMIN")) + .body("grantedRoleIdName", is("test.package#xxx00:ADMIN")) .body("granteeSubjectName", is("pac-admin-xxx00@xxx.example.com")); } @@ -184,7 +184,7 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest { // given final var givencurrentSubjectAsPackageAdmin = new Subject("pac-admin-xxx00@xxx.example.com"); final var givenGranteeUser = findRbacSubjectByName("pac-admin-xxx00@xxx.example.com"); - final var givenGrantedRole = getRbacRoleByName("test_package#xxx00:ADMIN"); + final var givenGrantedRole = getRbacRoleByName("test.package#xxx00:ADMIN"); // when final var grant = givencurrentSubjectAsPackageAdmin.getGrantById() @@ -193,8 +193,8 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest { // then grant.assertThat() .statusCode(200) - .body("grantedByRoleIdName", is("test_customer#xxx:ADMIN")) - .body("grantedRoleIdName", is("test_package#xxx00:ADMIN")) + .body("grantedByRoleIdName", is("test.customer#xxx:ADMIN")) + .body("grantedRoleIdName", is("test.package#xxx00:ADMIN")) .body("granteeSubjectName", is("pac-admin-xxx00@xxx.example.com")); } @@ -203,9 +203,9 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest { // given final var givencurrentSubjectAsPackageAdmin = new Subject( "pac-admin-xxx00@xxx.example.com", - "test_package#xxx00:ADMIN"); + "test.package#xxx00:ADMIN"); final var givenGranteeUser = findRbacSubjectByName("pac-admin-xxx00@xxx.example.com"); - final var givenGrantedRole = getRbacRoleByName("test_package#xxx00:ADMIN"); + final var givenGrantedRole = getRbacRoleByName("test.package#xxx00:ADMIN"); // when final var grant = givencurrentSubjectAsPackageAdmin.getGrantById() @@ -214,8 +214,8 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest { // then grant.assertThat() .statusCode(200) - .body("grantedByRoleIdName", is("test_customer#xxx:ADMIN")) - .body("grantedRoleIdName", is("test_package#xxx00:ADMIN")) + .body("grantedByRoleIdName", is("test.customer#xxx:ADMIN")) + .body("grantedRoleIdName", is("test.package#xxx00:ADMIN")) .body("granteeSubjectName", is("pac-admin-xxx00@xxx.example.com")); } @@ -225,9 +225,9 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest { // given final var givencurrentSubjectAsPackageAdmin = new Subject( "pac-admin-xxx00@xxx.example.com", - "test_package#xxx00:TENANT"); + "test.package#xxx00:TENANT"); final var givenGranteeUser = findRbacSubjectByName("pac-admin-xxx00@xxx.example.com"); - final var givenGrantedRole = getRbacRoleByName("test_package#xxx00:ADMIN"); + final var givenGrantedRole = getRbacRoleByName("test.package#xxx00:ADMIN"); final var grant = givencurrentSubjectAsPackageAdmin.getGrantById() .forGrantedRole(givenGrantedRole).toGranteeUser(givenGranteeUser); @@ -245,7 +245,7 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest { // given final var givenNewUser = createRbacSubject(); - final var givenRoleToGrant = "test_package#xxx00:ADMIN"; + final var givenRoleToGrant = "test.package#xxx00:ADMIN"; final var givencurrentSubjectAsPackageAdmin = new Subject("pac-admin-xxx00@xxx.example.com", givenRoleToGrant); final var givenOwnPackageAdminRole = getRbacRoleByName(givencurrentSubjectAsPackageAdmin.assumedRole); @@ -258,9 +258,9 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest { // then response.assertThat() .statusCode(201) - .body("grantedByRoleIdName", is("test_package#xxx00:ADMIN")) + .body("grantedByRoleIdName", is("test.package#xxx00:ADMIN")) .body("assumed", is(true)) - .body("grantedRoleIdName", is("test_package#xxx00:ADMIN")) + .body("grantedRoleIdName", is("test.package#xxx00:ADMIN")) .body("granteeSubjectName", is(givenNewUser.getName())); assertThat(findAllGrantsOf(givencurrentSubjectAsPackageAdmin)) .extracting(RbacGrantEntity::toDisplay) @@ -274,9 +274,9 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest { // given final var givenNewUser = createRbacSubject(); - final var givenRoleToGrant = "test_package#xxx00:ADMIN"; + final var givenRoleToGrant = "test.package#xxx00:ADMIN"; final var givencurrentSubjectAsPackageAdmin = new Subject("pac-admin-xxx00@xxx.example.com", givenRoleToGrant); - final var givenAlienPackageAdminRole = getRbacRoleByName("test_package#yyy00:ADMIN"); + final var givenAlienPackageAdminRole = getRbacRoleByName("test.package#yyy00:ADMIN"); // when final var result = givencurrentSubjectAsPackageAdmin @@ -287,7 +287,7 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest { result.assertThat() .statusCode(403) .body("message", containsString("Access to granted role")) - .body("message", containsString("forbidden for test_package#xxx00:ADMIN")); + .body("message", containsString("forbidden for test.package#xxx00:ADMIN")); assertThat(findAllGrantsOf(givencurrentSubjectAsPackageAdmin)) .extracting(RbacGrantEntity::getGranteeSubjectName) .doesNotContain(givenNewUser.getName()); @@ -303,9 +303,9 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest { // given final var givenArbitraryUser = createRbacSubject(); - final var givenRoleToGrant = "test_package#xxx00:ADMIN"; + final var givenRoleToGrant = "test.package#xxx00:ADMIN"; final var givenCurrentSubjectAsPackageAdmin = new Subject("pac-admin-xxx00@xxx.example.com", givenRoleToGrant); - final var givenOwnPackageAdminRole = getRbacRoleByName("test_package#xxx00:ADMIN"); + final var givenOwnPackageAdminRole = getRbacRoleByName("test.package#xxx00:ADMIN"); // and given an existing grant assumeCreated(givenCurrentSubjectAsPackageAdmin diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/grant/RbacGrantRepositoryIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/rbac/grant/RbacGrantRepositoryIntegrationTest.java index e9c29afe..fb13b8ea 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/grant/RbacGrantRepositoryIntegrationTest.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/grant/RbacGrantRepositoryIntegrationTest.java @@ -67,7 +67,7 @@ class RbacGrantRepositoryIntegrationTest extends ContextBasedTest { // then exactlyTheseRbacGrantsAreReturned( result, - "{ grant role:test_package#xxx00:ADMIN to user:pac-admin-xxx00@xxx.example.com by role:test_customer#xxx:ADMIN and assume }"); + "{ grant role:test.package#xxx00:ADMIN to user:pac-admin-xxx00@xxx.example.com by role:test.customer#xxx:ADMIN and assume }"); } @Test @@ -81,16 +81,16 @@ class RbacGrantRepositoryIntegrationTest extends ContextBasedTest { // then exactlyTheseRbacGrantsAreReturned( result, - "{ grant role:test_customer#xxx:ADMIN to user:customer-admin@xxx.example.com by role:test_customer#xxx:OWNER and assume }", - "{ grant role:test_package#xxx00:ADMIN to user:pac-admin-xxx00@xxx.example.com by role:test_customer#xxx:ADMIN and assume }", - "{ grant role:test_package#xxx01:ADMIN to user:pac-admin-xxx01@xxx.example.com by role:test_customer#xxx:ADMIN and assume }", - "{ grant role:test_package#xxx02:ADMIN to user:pac-admin-xxx02@xxx.example.com by role:test_customer#xxx:ADMIN and assume }"); + "{ grant role:test.customer#xxx:ADMIN to user:customer-admin@xxx.example.com by role:test.customer#xxx:OWNER and assume }", + "{ grant role:test.package#xxx00:ADMIN to user:pac-admin-xxx00@xxx.example.com by role:test.customer#xxx:ADMIN and assume }", + "{ grant role:test.package#xxx01:ADMIN to user:pac-admin-xxx01@xxx.example.com by role:test.customer#xxx:ADMIN and assume }", + "{ grant role:test.package#xxx02:ADMIN to user:pac-admin-xxx02@xxx.example.com by role:test.customer#xxx:ADMIN and assume }"); } @Test public void customerAdmin_withAssumedRole_canOnlyViewRbacGrantsVisibleByAssumedRole() { // given: - context("customer-admin@xxx.example.com", "test_package#xxx00:ADMIN"); + context("customer-admin@xxx.example.com", "test.package#xxx00:ADMIN"); // when final var result = rbacGrantRepository.findAll(); @@ -98,7 +98,7 @@ class RbacGrantRepositoryIntegrationTest extends ContextBasedTest { // then exactlyTheseRbacGrantsAreReturned( result, - "{ grant role:test_package#xxx00:ADMIN to user:pac-admin-xxx00@xxx.example.com by role:test_customer#xxx:ADMIN and assume }"); + "{ grant role:test.package#xxx00:ADMIN to user:pac-admin-xxx00@xxx.example.com by role:test.customer#xxx:ADMIN and assume }"); } } @@ -108,9 +108,9 @@ class RbacGrantRepositoryIntegrationTest extends ContextBasedTest { @Test public void customerAdmin_canGrantOwnPackageAdminRole_toArbitraryUser() { // given - context("customer-admin@xxx.example.com", "test_customer#xxx:ADMIN"); + context("customer-admin@xxx.example.com", "test.customer#xxx:ADMIN"); final var givenArbitrarySubjectUuid = rbacSubjectRepository.findByName("pac-admin-zzz00@zzz.example.com").getUuid(); - final var givenOwnPackageRoleUuid = rbacRoleRepository.findByRoleName("test_package#xxx00:ADMIN").getUuid(); + final var givenOwnPackageRoleUuid = rbacRoleRepository.findByRoleName("test.package#xxx00:ADMIN").getUuid(); // when final var grant = RbacGrantEntity.builder() @@ -126,7 +126,7 @@ class RbacGrantRepositoryIntegrationTest extends ContextBasedTest { assertThat(rbacGrantRepository.findAll()) .extracting(RbacGrantEntity::toDisplay) .contains( - "{ grant role:test_package#xxx00:ADMIN to user:pac-admin-zzz00@zzz.example.com by role:test_customer#xxx:ADMIN and assume }"); + "{ grant role:test.package#xxx00:ADMIN to user:pac-admin-zzz00@zzz.example.com by role:test.customer#xxx:ADMIN and assume }"); } @Test @@ -139,14 +139,14 @@ class RbacGrantRepositoryIntegrationTest extends ContextBasedTest { context("customer-admin@xxx.example.com", null); return new Given( createNewUser(), - rbacRoleRepository.findByRoleName("test_package#xxx00:OWNER").getUuid() + rbacRoleRepository.findByRoleName("test.package#xxx00:OWNER").getUuid() ); }).assumeSuccessful().returnedValue(); // when final var attempt = jpaAttempt.transacted(() -> { // now we try to use these uuids as a less privileged user - context("pac-admin-xxx00@xxx.example.com", "test_package#xxx00:ADMIN"); + context("pac-admin-xxx00@xxx.example.com", "test.package#xxx00:ADMIN"); final var grant = RbacGrantEntity.builder() .granteeSubjectUuid(given.arbitraryUser.getUuid()) .grantedRoleUuid(given.packageOwnerRoleUuid) @@ -158,8 +158,8 @@ class RbacGrantRepositoryIntegrationTest extends ContextBasedTest { // then attempt.assertExceptionWithRootCauseMessage( JpaSystemException.class, - "ERROR: [403] Access to granted role test_package#xxx00:OWNER", - "forbidden for test_package#xxx00:ADMIN"); + "ERROR: [403] Access to granted role test.package#xxx00:OWNER", + "forbidden for test.package#xxx00:ADMIN"); jpaAttempt.transacted(() -> { // finally, we use the new user to make sure, no roles were granted context(given.arbitraryUser.getName(), null); @@ -176,16 +176,16 @@ class RbacGrantRepositoryIntegrationTest extends ContextBasedTest { public void customerAdmin_canRevokeSelfGrantedPackageAdminRole() { // given final var grant = create(grant() - .byUser("customer-admin@xxx.example.com").withAssumedRole("test_customer#xxx:ADMIN") - .grantingRole("test_package#xxx00:ADMIN").toUser("pac-admin-zzz00@zzz.example.com")); + .byUser("customer-admin@xxx.example.com").withAssumedRole("test.customer#xxx:ADMIN") + .grantingRole("test.package#xxx00:ADMIN").toUser("pac-admin-zzz00@zzz.example.com")); // when - context("customer-admin@xxx.example.com", "test_customer#xxx:ADMIN"); + context("customer-admin@xxx.example.com", "test.customer#xxx:ADMIN"); final var revokeAttempt = attempt(em, () -> rbacGrantRepository.deleteByRbacGrantId(grant.getRbacGrantId())); // then - context("customer-admin@xxx.example.com", "test_customer#xxx:ADMIN"); + context("customer-admin@xxx.example.com", "test.customer#xxx:ADMIN"); assertThat(revokeAttempt.caughtExceptionsRootCause()).isNull(); assertThat(rbacGrantRepository.findAll()) .extracting(RbacGrantEntity::getGranteeSubjectName) @@ -197,17 +197,17 @@ class RbacGrantRepositoryIntegrationTest extends ContextBasedTest { // given final var newUser = createNewUserTransacted(); final var grant = create(grant() - .byUser("customer-admin@xxx.example.com").withAssumedRole("test_package#xxx00:ADMIN") - .grantingRole("test_package#xxx00:ADMIN").toUser(newUser.getName())); + .byUser("customer-admin@xxx.example.com").withAssumedRole("test.package#xxx00:ADMIN") + .grantingRole("test.package#xxx00:ADMIN").toUser(newUser.getName())); // when - context("pac-admin-xxx00@xxx.example.com", "test_package#xxx00:ADMIN"); + context("pac-admin-xxx00@xxx.example.com", "test.package#xxx00:ADMIN"); final var revokeAttempt = attempt(em, () -> rbacGrantRepository.deleteByRbacGrantId(grant.getRbacGrantId())); // then assertThat(revokeAttempt.caughtExceptionsRootCause()).isNull(); - context("customer-admin@xxx.example.com", "test_customer#xxx:ADMIN"); + context("customer-admin@xxx.example.com", "test.customer#xxx:ADMIN"); assertThat(rbacGrantRepository.findAll()) .extracting(RbacGrantEntity::getGranteeSubjectName) .doesNotContain("pac-admin-zzz00@zzz.example.com"); @@ -217,19 +217,19 @@ class RbacGrantRepositoryIntegrationTest extends ContextBasedTest { public void packageAdmin_canNotRevokeOwnPackageAdminRoleGrantedByOwnerRoleOfThatPackage() { // given final var grant = create(grant() - .byUser("customer-admin@xxx.example.com").withAssumedRole("test_package#xxx00:OWNER") - .grantingRole("test_package#xxx00:ADMIN").toUser("pac-admin-zzz00@zzz.example.com")); - final var grantedByRole = rbacRoleRepository.findByRoleName("test_package#xxx00:OWNER"); + .byUser("customer-admin@xxx.example.com").withAssumedRole("test.package#xxx00:OWNER") + .grantingRole("test.package#xxx00:ADMIN").toUser("pac-admin-zzz00@zzz.example.com")); + final var grantedByRole = rbacRoleRepository.findByRoleName("test.package#xxx00:OWNER"); // when - context("pac-admin-xxx00@xxx.example.com", "test_package#xxx00:ADMIN"); + context("pac-admin-xxx00@xxx.example.com", "test.package#xxx00:ADMIN"); final var revokeAttempt = attempt(em, () -> rbacGrantRepository.deleteByRbacGrantId(grant.getRbacGrantId())); // then revokeAttempt.assertExceptionWithRootCauseMessage( JpaSystemException.class, - "ERROR: [403] Revoking role created by %s is forbidden for {test_package#xxx00:ADMIN}.".formatted( + "ERROR: [403] Revoking role created by %s is forbidden for {test.package#xxx00:ADMIN}.".formatted( grantedByRole.getUuid() )); } diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/grant/RbacGrantsDiagramServiceIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/rbac/grant/RbacGrantsDiagramServiceIntegrationTest.java index 46dd8333..bde1823f 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/grant/RbacGrantsDiagramServiceIntegrationTest.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/grant/RbacGrantsDiagramServiceIntegrationTest.java @@ -54,36 +54,36 @@ class RbacGrantsDiagramServiceIntegrationTest extends ContextBasedTestWithCleanu @Test void allGrantsTocurrentSubject() { - context("superuser-alex@hostsharing.net", "test_domain#xxx00-aaaa:OWNER"); + context("superuser-alex@hostsharing.net", "test.domain#xxx00-aaaa:OWNER"); final var graph = grantsMermaidService.allGrantsTocurrentSubject(EnumSet.of(Include.TEST_ENTITIES)); assertThat(graph).isEqualTo(""" flowchart TB - role:test_domain#xxx00-aaaa:ADMIN --> role:test_package#xxx00:TENANT - role:test_domain#xxx00-aaaa:OWNER --> role:test_domain#xxx00-aaaa:ADMIN - role:test_domain#xxx00-aaaa:OWNER --> role:test_package#xxx00:TENANT - role:test_package#xxx00:TENANT --> role:test_customer#xxx:TENANT + role:test.domain#xxx00-aaaa:ADMIN --> role:test.package#xxx00:TENANT + role:test.domain#xxx00-aaaa:OWNER --> role:test.domain#xxx00-aaaa:ADMIN + role:test.domain#xxx00-aaaa:OWNER --> role:test.package#xxx00:TENANT + role:test.package#xxx00:TENANT --> role:test.customer#xxx:TENANT """.trim()); } @Test void allGrantsTocurrentSubjectIncludingPermissions() { - context("superuser-alex@hostsharing.net", "test_domain#xxx00-aaaa:OWNER"); + context("superuser-alex@hostsharing.net", "test.domain#xxx00-aaaa:OWNER"); final var graph = grantsMermaidService.allGrantsTocurrentSubject(EnumSet.of(Include.TEST_ENTITIES, Include.PERMISSIONS)); assertThat(graph).isEqualTo(""" flowchart TB - role:test_customer#xxx:TENANT --> perm:test_customer#xxx:SELECT - role:test_domain#xxx00-aaaa:ADMIN --> perm:test_domain#xxx00-aaaa:SELECT - role:test_domain#xxx00-aaaa:ADMIN --> role:test_package#xxx00:TENANT - role:test_domain#xxx00-aaaa:OWNER --> perm:test_domain#xxx00-aaaa:DELETE - role:test_domain#xxx00-aaaa:OWNER --> perm:test_domain#xxx00-aaaa:UPDATE - role:test_domain#xxx00-aaaa:OWNER --> role:test_domain#xxx00-aaaa:ADMIN - role:test_domain#xxx00-aaaa:OWNER --> role:test_package#xxx00:TENANT - role:test_package#xxx00:TENANT --> perm:test_package#xxx00:SELECT - role:test_package#xxx00:TENANT --> role:test_customer#xxx:TENANT + role:test.customer#xxx:TENANT --> perm:test.customer#xxx:SELECT + role:test.domain#xxx00-aaaa:ADMIN --> perm:test.domain#xxx00-aaaa:SELECT + role:test.domain#xxx00-aaaa:ADMIN --> role:test.package#xxx00:TENANT + role:test.domain#xxx00-aaaa:OWNER --> perm:test.domain#xxx00-aaaa:DELETE + role:test.domain#xxx00-aaaa:OWNER --> perm:test.domain#xxx00-aaaa:UPDATE + role:test.domain#xxx00-aaaa:OWNER --> role:test.domain#xxx00-aaaa:ADMIN + role:test.domain#xxx00-aaaa:OWNER --> role:test.package#xxx00:TENANT + role:test.package#xxx00:TENANT --> perm:test.package#xxx00:SELECT + role:test.package#xxx00:TENANT --> role:test.customer#xxx:TENANT """.trim()); } diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/role/RbacRoleControllerAcceptanceTest.java b/src/test/java/net/hostsharing/hsadminng/rbac/role/RbacRoleControllerAcceptanceTest.java index d9e2b248..7d71d3a0 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/role/RbacRoleControllerAcceptanceTest.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/role/RbacRoleControllerAcceptanceTest.java @@ -42,14 +42,14 @@ class RbacRoleControllerAcceptanceTest { .then().assertThat() .statusCode(200) .contentType("application/json") - .body("", hasItem(hasEntry("roleName", "test_customer#xxx:ADMIN"))) - .body("", hasItem(hasEntry("roleName", "test_customer#xxx:OWNER"))) - .body("", hasItem(hasEntry("roleName", "test_customer#xxx:TENANT"))) + .body("", hasItem(hasEntry("roleName", "test.customer#xxx:ADMIN"))) + .body("", hasItem(hasEntry("roleName", "test.customer#xxx:OWNER"))) + .body("", hasItem(hasEntry("roleName", "test.customer#xxx:TENANT"))) // ... .body("", hasItem(hasEntry("roleName", "rbac.global#global:ADMIN"))) - .body("", hasItem(hasEntry("roleName", "test_customer#yyy:ADMIN"))) - .body("", hasItem(hasEntry("roleName", "test_package#yyy00:ADMIN"))) - .body("", hasItem(hasEntry("roleName", "test_domain#yyy00-aaaa:OWNER"))) + .body("", hasItem(hasEntry("roleName", "test.customer#yyy:ADMIN"))) + .body("", hasItem(hasEntry("roleName", "test.package#yyy00:ADMIN"))) + .body("", hasItem(hasEntry("roleName", "test.domain#yyy00-aaaa:OWNER"))) .body( "size()", greaterThanOrEqualTo(73)); // increases with new test data // @formatter:on } @@ -61,7 +61,7 @@ class RbacRoleControllerAcceptanceTest { RestAssured .given() .header("current-subject", "superuser-alex@hostsharing.net") - .header("assumed-roles", "test_package#yyy00:ADMIN") + .header("assumed-roles", "test.package#yyy00:ADMIN") .port(port) .when() .get("http://localhost/api/rbac/roles") @@ -71,18 +71,18 @@ class RbacRoleControllerAcceptanceTest { .statusCode(200) .contentType("application/json") - .body("", hasItem(hasEntry("roleName", "test_customer#yyy:TENANT"))) - .body("", hasItem(hasEntry("roleName", "test_domain#yyy00-aaaa:OWNER"))) - .body("", hasItem(hasEntry("roleName", "test_domain#yyy00-aaaa:ADMIN"))) - .body("", hasItem(hasEntry("roleName", "test_domain#yyy00-aaab:OWNER"))) - .body("", hasItem(hasEntry("roleName", "test_domain#yyy00-aaab:ADMIN"))) - .body("", hasItem(hasEntry("roleName", "test_package#yyy00:ADMIN"))) - .body("", hasItem(hasEntry("roleName", "test_package#yyy00:TENANT"))) + .body("", hasItem(hasEntry("roleName", "test.customer#yyy:TENANT"))) + .body("", hasItem(hasEntry("roleName", "test.domain#yyy00-aaaa:OWNER"))) + .body("", hasItem(hasEntry("roleName", "test.domain#yyy00-aaaa:ADMIN"))) + .body("", hasItem(hasEntry("roleName", "test.domain#yyy00-aaab:OWNER"))) + .body("", hasItem(hasEntry("roleName", "test.domain#yyy00-aaab:ADMIN"))) + .body("", hasItem(hasEntry("roleName", "test.package#yyy00:ADMIN"))) + .body("", hasItem(hasEntry("roleName", "test.package#yyy00:TENANT"))) - .body("", not(hasItem(hasEntry("roleName", "test_customer#xxx:TENANT")))) - .body("", not(hasItem(hasEntry("roleName", "test_domain#xxx00-aaaa:ADMIN")))) - .body("", not(hasItem(hasEntry("roleName", "test_package#xxx00:ADMIN")))) - .body("", not(hasItem(hasEntry("roleName", "test_package#xxx00:TENANT")))) + .body("", not(hasItem(hasEntry("roleName", "test.customer#xxx:TENANT")))) + .body("", not(hasItem(hasEntry("roleName", "test.domain#xxx00-aaaa:ADMIN")))) + .body("", not(hasItem(hasEntry("roleName", "test.package#xxx00:ADMIN")))) + .body("", not(hasItem(hasEntry("roleName", "test.package#xxx00:TENANT")))) ; // @formatter:on } @@ -101,15 +101,15 @@ class RbacRoleControllerAcceptanceTest { .statusCode(200) .contentType("application/json") - .body("", hasItem(hasEntry("roleName", "test_customer#zzz:TENANT"))) - .body("", hasItem(hasEntry("roleName", "test_domain#zzz00-aaaa:ADMIN"))) - .body("", hasItem(hasEntry("roleName", "test_package#zzz00:ADMIN"))) - .body("", hasItem(hasEntry("roleName", "test_package#zzz00:TENANT"))) + .body("", hasItem(hasEntry("roleName", "test.customer#zzz:TENANT"))) + .body("", hasItem(hasEntry("roleName", "test.domain#zzz00-aaaa:ADMIN"))) + .body("", hasItem(hasEntry("roleName", "test.package#zzz00:ADMIN"))) + .body("", hasItem(hasEntry("roleName", "test.package#zzz00:TENANT"))) - .body("", not(hasItem(hasEntry("roleName", "test_customer#yyy:TENANT")))) - .body("", not(hasItem(hasEntry("roleName", "test_domain#yyy00-aaaa:ADMIN")))) - .body("", not(hasItem(hasEntry("roleName", "test_package#yyy00:ADMIN")))) - .body("", not(hasItem(hasEntry("roleName", "test_package#yyy00:TENANT")))); + .body("", not(hasItem(hasEntry("roleName", "test.customer#yyy:TENANT")))) + .body("", not(hasItem(hasEntry("roleName", "test.domain#yyy00-aaaa:ADMIN")))) + .body("", not(hasItem(hasEntry("roleName", "test.package#yyy00:ADMIN")))) + .body("", not(hasItem(hasEntry("roleName", "test.package#yyy00:TENANT")))); // @formatter:on } } diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/role/RbacRoleControllerRestTest.java b/src/test/java/net/hostsharing/hsadminng/rbac/role/RbacRoleControllerRestTest.java index 1eb41370..39333eff 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/role/RbacRoleControllerRestTest.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/role/RbacRoleControllerRestTest.java @@ -74,11 +74,11 @@ class RbacRoleControllerRestTest { .andExpect(status().isOk()) .andExpect(jsonPath("$", hasSize(3))) .andExpect(jsonPath("$[0].roleName", is("rbac.global#global:ADMIN"))) - .andExpect(jsonPath("$[1].roleName", is("test_customer#xxx:OWNER"))) - .andExpect(jsonPath("$[2].roleName", is("test_customer#xxx:ADMIN"))) + .andExpect(jsonPath("$[1].roleName", is("test.customer#xxx:OWNER"))) + .andExpect(jsonPath("$[2].roleName", is("test.customer#xxx:ADMIN"))) .andExpect(jsonPath("$[2].uuid", is(customerXxxAdmin.getUuid().toString()))) .andExpect(jsonPath("$[2].objectUuid", is(customerXxxAdmin.getObjectUuid().toString()))) - .andExpect(jsonPath("$[2].objectTable", is(customerXxxAdmin.getObjectTable().toString()))) - .andExpect(jsonPath("$[2].objectIdName", is(customerXxxAdmin.getObjectIdName().toString()))); + .andExpect(jsonPath("$[2].objectTable", is(customerXxxAdmin.getObjectTable()))) + .andExpect(jsonPath("$[2].objectIdName", is(customerXxxAdmin.getObjectIdName()))); } } diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/role/RbacRoleRepositoryIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/rbac/role/RbacRoleRepositoryIntegrationTest.java index d8b0cb80..105cc493 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/role/RbacRoleRepositoryIntegrationTest.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/role/RbacRoleRepositoryIntegrationTest.java @@ -40,18 +40,18 @@ class RbacRoleRepositoryIntegrationTest { private static final String[] ALL_TEST_DATA_ROLES = Array.of( // @formatter:off "rbac.global#global:ADMIN", - "test_customer#xxx:ADMIN", "test_customer#xxx:OWNER", "test_customer#xxx:TENANT", - "test_package#xxx00:ADMIN", "test_package#xxx00:OWNER", "test_package#xxx00:TENANT", - "test_package#xxx01:ADMIN", "test_package#xxx01:OWNER", "test_package#xxx01:TENANT", - "test_package#xxx02:ADMIN", "test_package#xxx02:OWNER", "test_package#xxx02:TENANT", - "test_customer#yyy:ADMIN", "test_customer#yyy:OWNER", "test_customer#yyy:TENANT", - "test_package#yyy00:ADMIN", "test_package#yyy00:OWNER", "test_package#yyy00:TENANT", - "test_package#yyy01:ADMIN", "test_package#yyy01:OWNER", "test_package#yyy01:TENANT", - "test_package#yyy02:ADMIN", "test_package#yyy02:OWNER", "test_package#yyy02:TENANT", - "test_customer#zzz:ADMIN", "test_customer#zzz:OWNER", "test_customer#zzz:TENANT", - "test_package#zzz00:ADMIN", "test_package#zzz00:OWNER", "test_package#zzz00:TENANT", - "test_package#zzz01:ADMIN", "test_package#zzz01:OWNER", "test_package#zzz01:TENANT", - "test_package#zzz02:ADMIN", "test_package#zzz02:OWNER", "test_package#zzz02:TENANT" + "test.customer#xxx:ADMIN", "test.customer#xxx:OWNER", "test.customer#xxx:TENANT", + "test.package#xxx00:ADMIN", "test.package#xxx00:OWNER", "test.package#xxx00:TENANT", + "test.package#xxx01:ADMIN", "test.package#xxx01:OWNER", "test.package#xxx01:TENANT", + "test.package#xxx02:ADMIN", "test.package#xxx02:OWNER", "test.package#xxx02:TENANT", + "test.customer#yyy:ADMIN", "test.customer#yyy:OWNER", "test.customer#yyy:TENANT", + "test.package#yyy00:ADMIN", "test.package#yyy00:OWNER", "test.package#yyy00:TENANT", + "test.package#yyy01:ADMIN", "test.package#yyy01:OWNER", "test.package#yyy01:TENANT", + "test.package#yyy02:ADMIN", "test.package#yyy02:OWNER", "test.package#yyy02:TENANT", + "test.customer#zzz:ADMIN", "test.customer#zzz:OWNER", "test.customer#zzz:TENANT", + "test.package#zzz00:ADMIN", "test.package#zzz00:OWNER", "test.package#zzz00:TENANT", + "test.package#zzz01:ADMIN", "test.package#zzz01:OWNER", "test.package#zzz01:TENANT", + "test.package#zzz02:ADMIN", "test.package#zzz02:OWNER", "test.package#zzz02:TENANT" // @formatter:on ); @@ -91,49 +91,49 @@ class RbacRoleRepositoryIntegrationTest { allTheseRbacRolesAreReturned( result, // @formatter:off - "test_customer#xxx:ADMIN", - "test_customer#xxx:TENANT", - "test_package#xxx00:ADMIN", - "test_package#xxx00:OWNER", - "test_package#xxx00:TENANT", - "test_package#xxx01:ADMIN", - "test_package#xxx01:OWNER", - "test_package#xxx01:TENANT", + "test.customer#xxx:ADMIN", + "test.customer#xxx:TENANT", + "test.package#xxx00:ADMIN", + "test.package#xxx00:OWNER", + "test.package#xxx00:TENANT", + "test.package#xxx01:ADMIN", + "test.package#xxx01:OWNER", + "test.package#xxx01:TENANT", // ... - "test_domain#xxx00-aaaa:ADMIN", - "test_domain#xxx00-aaaa:OWNER", + "test.domain#xxx00-aaaa:ADMIN", + "test.domain#xxx00-aaaa:OWNER", // .. - "test_domain#xxx01-aaab:ADMIN", - "test_domain#xxx01-aaab:OWNER" + "test.domain#xxx01-aaab:ADMIN", + "test.domain#xxx01-aaab:OWNER" // @formatter:on ); noneOfTheseRbacRolesIsReturned( result, // @formatter:off "rbac.global#global:ADMIN", - "test_customer#xxx:OWNER", - "test_package#yyy00:ADMIN", - "test_package#yyy00:OWNER", - "test_package#yyy00:TENANT" + "test.customer#xxx:OWNER", + "test.package#yyy00:ADMIN", + "test.package#yyy00:OWNER", + "test.package#yyy00:TENANT" // @formatter:on ); } @Test public void customerAdmin_withAssumedOwnedPackageAdminRole_canViewOnlyItsOwnRbacRole() { - context.define("customer-admin@xxx.example.com", "test_package#xxx00:ADMIN"); + context.define("customer-admin@xxx.example.com", "test.package#xxx00:ADMIN"); final var result = rbacRoleRepository.findAll(); exactlyTheseRbacRolesAreReturned( result, - "test_customer#xxx:TENANT", - "test_package#xxx00:ADMIN", - "test_package#xxx00:TENANT", - "test_domain#xxx00-aaaa:ADMIN", - "test_domain#xxx00-aaaa:OWNER", - "test_domain#xxx00-aaab:ADMIN", - "test_domain#xxx00-aaab:OWNER"); + "test.customer#xxx:TENANT", + "test.package#xxx00:ADMIN", + "test.package#xxx00:TENANT", + "test.domain#xxx00-aaaa:ADMIN", + "test.domain#xxx00-aaaa:OWNER", + "test.domain#xxx00-aaab:ADMIN", + "test.domain#xxx00-aaab:OWNER"); } @Test @@ -157,10 +157,10 @@ class RbacRoleRepositoryIntegrationTest { void customerAdmin_withoutAssumedRole_canFindItsOwnRolesByName() { context.define("customer-admin@xxx.example.com"); - final var result = rbacRoleRepository.findByRoleName("test_customer#xxx:ADMIN"); + final var result = rbacRoleRepository.findByRoleName("test.customer#xxx:ADMIN"); assertThat(result).isNotNull(); - assertThat(result.getObjectTable()).isEqualTo("test_customer"); + assertThat(result.getObjectTable()).isEqualTo("test.customer"); assertThat(result.getObjectIdName()).isEqualTo("xxx"); assertThat(result.getRoleType()).isEqualTo(RbacRoleType.ADMIN); } @@ -169,7 +169,7 @@ class RbacRoleRepositoryIntegrationTest { void customerAdmin_withoutAssumedRole_canNotFindAlienRolesByName() { context.define("customer-admin@xxx.example.com"); - final var result = rbacRoleRepository.findByRoleName("test_customer#bbb:ADMIN"); + final var result = rbacRoleRepository.findByRoleName("test.customer#bbb:ADMIN"); assertThat(result).isNull(); } diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/role/TestRbacRole.java b/src/test/java/net/hostsharing/hsadminng/rbac/role/TestRbacRole.java index 8a8214cf..089d4449 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/role/TestRbacRole.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/role/TestRbacRole.java @@ -5,8 +5,8 @@ import static java.util.UUID.randomUUID; public class TestRbacRole { public static final RbacRoleEntity hostmasterRole = rbacRole("rbac.global", "global", RbacRoleType.ADMIN); - static final RbacRoleEntity customerXxxOwner = rbacRole("test_customer", "xxx", RbacRoleType.OWNER); - static final RbacRoleEntity customerXxxAdmin = rbacRole("test_customer", "xxx", RbacRoleType.ADMIN); + static final RbacRoleEntity customerXxxOwner = rbacRole("test.customer", "xxx", RbacRoleType.OWNER); + static final RbacRoleEntity customerXxxAdmin = rbacRole("test.customer", "xxx", RbacRoleType.ADMIN); static public RbacRoleEntity rbacRole(final String objectTable, final String objectIdName, final RbacRoleType roleType) { return new RbacRoleEntity(randomUUID(), randomUUID(), objectTable, objectIdName, roleType, objectTable+'#'+objectIdName+':'+roleType); diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/subject/RbacSubjectControllerAcceptanceTest.java b/src/test/java/net/hostsharing/hsadminng/rbac/subject/RbacSubjectControllerAcceptanceTest.java index e62d39c4..6a86315b 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/subject/RbacSubjectControllerAcceptanceTest.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/subject/RbacSubjectControllerAcceptanceTest.java @@ -100,7 +100,7 @@ class RbacSubjectControllerAcceptanceTest { RestAssured .given() .header("current-subject", "superuser-alex@hostsharing.net") - .header("assumed-roles", "test_customer#yyy:ADMIN") + .header("assumed-roles", "test.customer#yyy:ADMIN") .port(port) .when() .get("http://localhost/api/rbac/subjects/" + givenUser.getUuid()) @@ -201,7 +201,7 @@ class RbacSubjectControllerAcceptanceTest { RestAssured .given() .header("current-subject", "superuser-alex@hostsharing.net") - .header("assumed-roles", "test_customer#yyy:ADMIN") + .header("assumed-roles", "test.customer#yyy:ADMIN") .port(port) .when() .get("http://localhost/api/rbac/subjects") @@ -275,12 +275,12 @@ class RbacSubjectControllerAcceptanceTest { .contentType("application/json") .body("", hasItem( allOf( - hasEntry("roleName", "test_customer#yyy:TENANT"), + hasEntry("roleName", "test.customer#yyy:TENANT"), hasEntry("op", "SELECT")) )) .body("", hasItem( allOf( - hasEntry("roleName", "test_domain#yyy00-aaaa:OWNER"), + hasEntry("roleName", "test.domain#yyy00-aaaa:OWNER"), hasEntry("op", "DELETE")) )) // actual content tested in integration test, so this is enough for here: @@ -296,7 +296,7 @@ class RbacSubjectControllerAcceptanceTest { RestAssured .given() .header("current-subject", "superuser-alex@hostsharing.net") - .header("assumed-roles", "test_customer#yyy:ADMIN") + .header("assumed-roles", "test.customer#yyy:ADMIN") .port(port) .when() .get("http://localhost/api/rbac/subjects/" + givenUser.getUuid() + "/permissions") @@ -305,12 +305,12 @@ class RbacSubjectControllerAcceptanceTest { .contentType("application/json") .body("", hasItem( allOf( - hasEntry("roleName", "test_customer#yyy:TENANT"), + hasEntry("roleName", "test.customer#yyy:TENANT"), hasEntry("op", "SELECT")) )) .body("", hasItem( allOf( - hasEntry("roleName", "test_domain#yyy00-aaaa:OWNER"), + hasEntry("roleName", "test.domain#yyy00-aaaa:OWNER"), hasEntry("op", "DELETE")) )) // actual content tested in integration test, so this is enough for here: @@ -334,12 +334,12 @@ class RbacSubjectControllerAcceptanceTest { .contentType("application/json") .body("", hasItem( allOf( - hasEntry("roleName", "test_customer#yyy:TENANT"), + hasEntry("roleName", "test.customer#yyy:TENANT"), hasEntry("op", "SELECT")) )) .body("", hasItem( allOf( - hasEntry("roleName", "test_domain#yyy00-aaaa:OWNER"), + hasEntry("roleName", "test.domain#yyy00-aaaa:OWNER"), hasEntry("op", "DELETE")) )) // actual content tested in integration test, so this is enough for here: diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/subject/RbacSubjectRepositoryIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/rbac/subject/RbacSubjectRepositoryIntegrationTest.java index d6e50c46..24b5a624 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/subject/RbacSubjectRepositoryIntegrationTest.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/subject/RbacSubjectRepositoryIntegrationTest.java @@ -128,7 +128,7 @@ class RbacSubjectRepositoryIntegrationTest extends ContextBasedTest { @Test public void globalAdmin_withAssumedCustomerAdminRole_canViewOnlyUsersHavingRolesInThatCustomersRealm() { given: - context("superuser-alex@hostsharing.net", "test_customer#xxx:ADMIN"); + context("superuser-alex@hostsharing.net", "test.customer#xxx:ADMIN"); // when final var result = rbacSubjectRepository.findByOptionalNameLike(null); @@ -159,7 +159,7 @@ class RbacSubjectRepositoryIntegrationTest extends ContextBasedTest { @Test public void customerAdmin_withAssumedOwnedPackageAdminRole_canViewOnlyUsersHavingRolesInThatPackage() { - context("customer-admin@xxx.example.com", "test_package#xxx00:ADMIN"); + context("customer-admin@xxx.example.com", "test.package#xxx00:ADMIN"); final var result = rbacSubjectRepository.findByOptionalNameLike(null); @@ -182,47 +182,47 @@ class RbacSubjectRepositoryIntegrationTest extends ContextBasedTest { private static final String[] ALL_USER_PERMISSIONS = Array.of( // @formatter:off - "test_customer#xxx:ADMIN -> test_customer#xxx: SELECT", - "test_customer#xxx:OWNER -> test_customer#xxx: DELETE", - "test_customer#xxx:TENANT -> test_customer#xxx: SELECT", - "test_customer#xxx:ADMIN -> test_customer#xxx: INSERT:test_package", - "test_package#xxx00:ADMIN -> test_package#xxx00: INSERT:test_domain", - "test_package#xxx00:ADMIN -> test_package#xxx00: INSERT:test_domain", - "test_package#xxx00:TENANT -> test_package#xxx00: SELECT", - "test_package#xxx01:ADMIN -> test_package#xxx01: INSERT:test_domain", - "test_package#xxx01:ADMIN -> test_package#xxx01: INSERT:test_domain", - "test_package#xxx01:TENANT -> test_package#xxx01: SELECT", - "test_package#xxx02:ADMIN -> test_package#xxx02: INSERT:test_domain", - "test_package#xxx02:ADMIN -> test_package#xxx02: INSERT:test_domain", - "test_package#xxx02:TENANT -> test_package#xxx02: SELECT", + "test.customer#xxx:ADMIN -> test.customer#xxx: SELECT", + "test.customer#xxx:OWNER -> test.customer#xxx: DELETE", + "test.customer#xxx:TENANT -> test.customer#xxx: SELECT", + "test.customer#xxx:ADMIN -> test.customer#xxx: INSERT:test.package", + "test.package#xxx00:ADMIN -> test.package#xxx00: INSERT:test.domain", + "test.package#xxx00:ADMIN -> test.package#xxx00: INSERT:test.domain", + "test.package#xxx00:TENANT -> test.package#xxx00: SELECT", + "test.package#xxx01:ADMIN -> test.package#xxx01: INSERT:test.domain", + "test.package#xxx01:ADMIN -> test.package#xxx01: INSERT:test.domain", + "test.package#xxx01:TENANT -> test.package#xxx01: SELECT", + "test.package#xxx02:ADMIN -> test.package#xxx02: INSERT:test.domain", + "test.package#xxx02:ADMIN -> test.package#xxx02: INSERT:test.domain", + "test.package#xxx02:TENANT -> test.package#xxx02: SELECT", - "test_customer#yyy:ADMIN -> test_customer#yyy: SELECT", - "test_customer#yyy:OWNER -> test_customer#yyy: DELETE", - "test_customer#yyy:TENANT -> test_customer#yyy: SELECT", - "test_customer#yyy:ADMIN -> test_customer#yyy: INSERT:test_package", - "test_package#yyy00:ADMIN -> test_package#yyy00: INSERT:test_domain", - "test_package#yyy00:ADMIN -> test_package#yyy00: INSERT:test_domain", - "test_package#yyy00:TENANT -> test_package#yyy00: SELECT", - "test_package#yyy01:ADMIN -> test_package#yyy01: INSERT:test_domain", - "test_package#yyy01:ADMIN -> test_package#yyy01: INSERT:test_domain", - "test_package#yyy01:TENANT -> test_package#yyy01: SELECT", - "test_package#yyy02:ADMIN -> test_package#yyy02: INSERT:test_domain", - "test_package#yyy02:ADMIN -> test_package#yyy02: INSERT:test_domain", - "test_package#yyy02:TENANT -> test_package#yyy02: SELECT", + "test.customer#yyy:ADMIN -> test.customer#yyy: SELECT", + "test.customer#yyy:OWNER -> test.customer#yyy: DELETE", + "test.customer#yyy:TENANT -> test.customer#yyy: SELECT", + "test.customer#yyy:ADMIN -> test.customer#yyy: INSERT:test.package", + "test.package#yyy00:ADMIN -> test.package#yyy00: INSERT:test.domain", + "test.package#yyy00:ADMIN -> test.package#yyy00: INSERT:test.domain", + "test.package#yyy00:TENANT -> test.package#yyy00: SELECT", + "test.package#yyy01:ADMIN -> test.package#yyy01: INSERT:test.domain", + "test.package#yyy01:ADMIN -> test.package#yyy01: INSERT:test.domain", + "test.package#yyy01:TENANT -> test.package#yyy01: SELECT", + "test.package#yyy02:ADMIN -> test.package#yyy02: INSERT:test.domain", + "test.package#yyy02:ADMIN -> test.package#yyy02: INSERT:test.domain", + "test.package#yyy02:TENANT -> test.package#yyy02: SELECT", - "test_customer#zzz:ADMIN -> test_customer#zzz: SELECT", - "test_customer#zzz:OWNER -> test_customer#zzz: DELETE", - "test_customer#zzz:TENANT -> test_customer#zzz: SELECT", - "test_customer#zzz:ADMIN -> test_customer#zzz: INSERT:test_package", - "test_package#zzz00:ADMIN -> test_package#zzz00: INSERT:test_domain", - "test_package#zzz00:ADMIN -> test_package#zzz00: INSERT:test_domain", - "test_package#zzz00:TENANT -> test_package#zzz00: SELECT", - "test_package#zzz01:ADMIN -> test_package#zzz01: INSERT:test_domain", - "test_package#zzz01:ADMIN -> test_package#zzz01: INSERT:test_domain", - "test_package#zzz01:TENANT -> test_package#zzz01: SELECT", - "test_package#zzz02:ADMIN -> test_package#zzz02: INSERT:test_domain", - "test_package#zzz02:ADMIN -> test_package#zzz02: INSERT:test_domain", - "test_package#zzz02:TENANT -> test_package#zzz02: SELECT" + "test.customer#zzz:ADMIN -> test.customer#zzz: SELECT", + "test.customer#zzz:OWNER -> test.customer#zzz: DELETE", + "test.customer#zzz:TENANT -> test.customer#zzz: SELECT", + "test.customer#zzz:ADMIN -> test.customer#zzz: INSERT:test.package", + "test.package#zzz00:ADMIN -> test.package#zzz00: INSERT:test.domain", + "test.package#zzz00:ADMIN -> test.package#zzz00: INSERT:test.domain", + "test.package#zzz00:TENANT -> test.package#zzz00: SELECT", + "test.package#zzz01:ADMIN -> test.package#zzz01: INSERT:test.domain", + "test.package#zzz01:ADMIN -> test.package#zzz01: INSERT:test.domain", + "test.package#zzz01:TENANT -> test.package#zzz01: SELECT", + "test.package#zzz02:ADMIN -> test.package#zzz02: INSERT:test.domain", + "test.package#zzz02:ADMIN -> test.package#zzz02: INSERT:test.domain", + "test.package#zzz02:TENANT -> test.package#zzz02: SELECT" // @formatter:on ); @@ -252,32 +252,32 @@ class RbacSubjectRepositoryIntegrationTest extends ContextBasedTest { allTheseRbacPermissionsAreReturned( result, // @formatter:off - "test_customer#xxx:ADMIN -> test_customer#xxx: INSERT:test_package", - "test_customer#xxx:ADMIN -> test_customer#xxx: SELECT", - "test_customer#xxx:TENANT -> test_customer#xxx: SELECT", + "test.customer#xxx:ADMIN -> test.customer#xxx: INSERT:test.package", + "test.customer#xxx:ADMIN -> test.customer#xxx: SELECT", + "test.customer#xxx:TENANT -> test.customer#xxx: SELECT", - "test_package#xxx00:ADMIN -> test_package#xxx00: INSERT:test_domain", - "test_package#xxx00:ADMIN -> test_package#xxx00: INSERT:test_domain", - "test_package#xxx00:TENANT -> test_package#xxx00: SELECT", - "test_domain#xxx00-aaaa:OWNER -> test_domain#xxx00-aaaa: DELETE", + "test.package#xxx00:ADMIN -> test.package#xxx00: INSERT:test.domain", + "test.package#xxx00:ADMIN -> test.package#xxx00: INSERT:test.domain", + "test.package#xxx00:TENANT -> test.package#xxx00: SELECT", + "test.domain#xxx00-aaaa:OWNER -> test.domain#xxx00-aaaa: DELETE", - "test_package#xxx01:ADMIN -> test_package#xxx01: INSERT:test_domain", - "test_package#xxx01:ADMIN -> test_package#xxx01: INSERT:test_domain", - "test_package#xxx01:TENANT -> test_package#xxx01: SELECT", - "test_domain#xxx01-aaaa:OWNER -> test_domain#xxx01-aaaa: DELETE", + "test.package#xxx01:ADMIN -> test.package#xxx01: INSERT:test.domain", + "test.package#xxx01:ADMIN -> test.package#xxx01: INSERT:test.domain", + "test.package#xxx01:TENANT -> test.package#xxx01: SELECT", + "test.domain#xxx01-aaaa:OWNER -> test.domain#xxx01-aaaa: DELETE", - "test_package#xxx02:ADMIN -> test_package#xxx02: INSERT:test_domain", - "test_package#xxx02:ADMIN -> test_package#xxx02: INSERT:test_domain", - "test_package#xxx02:TENANT -> test_package#xxx02: SELECT", - "test_domain#xxx02-aaaa:OWNER -> test_domain#xxx02-aaaa: DELETE" + "test.package#xxx02:ADMIN -> test.package#xxx02: INSERT:test.domain", + "test.package#xxx02:ADMIN -> test.package#xxx02: INSERT:test.domain", + "test.package#xxx02:TENANT -> test.package#xxx02: SELECT", + "test.domain#xxx02-aaaa:OWNER -> test.domain#xxx02-aaaa: DELETE" // @formatter:on ); noneOfTheseRbacPermissionsAreReturned( result, // @formatter:off - "test_customer#yyy:ADMIN -> test_customer#yyy: INSERT:test_package", - "test_customer#yyy:ADMIN -> test_customer#yyy: SELECT", - "test_customer#yyy:TENANT -> test_customer#yyy: SELECT" + "test.customer#yyy:ADMIN -> test.customer#yyy: INSERT:test.package", + "test.customer#yyy:ADMIN -> test.customer#yyy: SELECT", + "test.customer#yyy:TENANT -> test.customer#yyy: SELECT" // @formatter:on ); } @@ -312,26 +312,26 @@ class RbacSubjectRepositoryIntegrationTest extends ContextBasedTest { allTheseRbacPermissionsAreReturned( result, // @formatter:off - "test_customer#xxx:TENANT -> test_customer#xxx: SELECT", - // "test_customer#xxx:ADMIN -> test_customer#xxx: view" - Not permissions through the customer admin! - "test_package#xxx00:ADMIN -> test_package#xxx00: INSERT:test_domain", - "test_package#xxx00:ADMIN -> test_package#xxx00: INSERT:test_domain", - "test_package#xxx00:TENANT -> test_package#xxx00: SELECT", - "test_domain#xxx00-aaaa:OWNER -> test_domain#xxx00-aaaa: DELETE", - "test_domain#xxx00-aaab:OWNER -> test_domain#xxx00-aaab: DELETE" + "test.customer#xxx:TENANT -> test.customer#xxx: SELECT", + // "test.customer#xxx:ADMIN -> test.customer#xxx: view" - Not permissions through the customer admin! + "test.package#xxx00:ADMIN -> test.package#xxx00: INSERT:test.domain", + "test.package#xxx00:ADMIN -> test.package#xxx00: INSERT:test.domain", + "test.package#xxx00:TENANT -> test.package#xxx00: SELECT", + "test.domain#xxx00-aaaa:OWNER -> test.domain#xxx00-aaaa: DELETE", + "test.domain#xxx00-aaab:OWNER -> test.domain#xxx00-aaab: DELETE" // @formatter:on ); noneOfTheseRbacPermissionsAreReturned( result, // @formatter:off - "test_customer#yyy:ADMIN -> test_customer#yyy: INSERT:test_package", - "test_customer#yyy:ADMIN -> test_customer#yyy: SELECT", - "test_customer#yyy:TENANT -> test_customer#yyy: SELECT", - "test_package#yyy00:ADMIN -> test_package#yyy00: INSERT:test_domain", - "test_package#yyy00:ADMIN -> test_package#yyy00: INSERT:test_domain", - "test_package#yyy00:TENANT -> test_package#yyy00: SELECT", - "test_domain#yyy00-aaaa:OWNER -> test_domain#yyy00-aaaa: DELETE", - "test_domain#yyy00-aaab:OWNER -> test_domain#yyy00-aaab: DELETE" + "test.customer#yyy:ADMIN -> test.customer#yyy: INSERT:test.package", + "test.customer#yyy:ADMIN -> test.customer#yyy: SELECT", + "test.customer#yyy:TENANT -> test.customer#yyy: SELECT", + "test.package#yyy00:ADMIN -> test.package#yyy00: INSERT:test.domain", + "test.package#yyy00:ADMIN -> test.package#yyy00: INSERT:test.domain", + "test.package#yyy00:TENANT -> test.package#yyy00: SELECT", + "test.domain#yyy00-aaaa:OWNER -> test.domain#yyy00-aaaa: DELETE", + "test.domain#yyy00-aaab:OWNER -> test.domain#yyy00-aaab: DELETE" // @formatter:on ); } @@ -360,26 +360,26 @@ class RbacSubjectRepositoryIntegrationTest extends ContextBasedTest { allTheseRbacPermissionsAreReturned( result, // @formatter:off - "test_customer#xxx:TENANT -> test_customer#xxx: SELECT", - // "test_customer#xxx:ADMIN -> test_customer#xxx: view" - Not permissions through the customer admin! - "test_package#xxx00:ADMIN -> test_package#xxx00: INSERT:test_domain", - "test_package#xxx00:TENANT -> test_package#xxx00: SELECT" + "test.customer#xxx:TENANT -> test.customer#xxx: SELECT", + // "test.customer#xxx:ADMIN -> test.customer#xxx: view" - Not permissions through the customer admin! + "test.package#xxx00:ADMIN -> test.package#xxx00: INSERT:test.domain", + "test.package#xxx00:TENANT -> test.package#xxx00: SELECT" // @formatter:on ); noneOfTheseRbacPermissionsAreReturned( result, // @formatter:off // no customer admin permissions - "test_customer#xxx:ADMIN -> test_customer#xxx: add-package", + "test.customer#xxx:ADMIN -> test.customer#xxx: add-package", // no permissions on other customer's objects - "test_customer#yyy:ADMIN -> test_customer#yyy: add-package", - "test_customer#yyy:ADMIN -> test_customer#yyy: SELECT", - "test_customer#yyy:TENANT -> test_customer#yyy: SELECT", - "test_package#yyy00:ADMIN -> test_package#yyy00: INSERT:test_domain", - "test_package#yyy00:ADMIN -> test_package#yyy00: INSERT:test_domain", - "test_package#yyy00:TENANT -> test_package#yyy00: SELECT", - "test_domain#yyy00-aaaa:OWNER -> test_domain#yyy00-aaaa: DELETE", - "test_domain#yyy00-xxxb:OWNER -> test_domain#yyy00-xxxb: DELETE" + "test.customer#yyy:ADMIN -> test.customer#yyy: add-package", + "test.customer#yyy:ADMIN -> test.customer#yyy: SELECT", + "test.customer#yyy:TENANT -> test.customer#yyy: SELECT", + "test.package#yyy00:ADMIN -> test.package#yyy00: INSERT:test.domain", + "test.package#yyy00:ADMIN -> test.package#yyy00: INSERT:test.domain", + "test.package#yyy00:TENANT -> test.package#yyy00: SELECT", + "test.domain#yyy00-aaaa:OWNER -> test.domain#yyy00-aaaa: DELETE", + "test.domain#yyy00-xxxb:OWNER -> test.domain#yyy00-xxxb: DELETE" // @formatter:on ); } diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/test/cust/TestCustomerControllerAcceptanceTest.java b/src/test/java/net/hostsharing/hsadminng/rbac/test/cust/TestCustomerControllerAcceptanceTest.java index 89783f25..aa8f322a 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/test/cust/TestCustomerControllerAcceptanceTest.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/test/cust/TestCustomerControllerAcceptanceTest.java @@ -89,7 +89,7 @@ class TestCustomerControllerAcceptanceTest { RestAssured // @formatter:off .given() .header("current-subject", "superuser-alex@hostsharing.net") - .header("assumed-roles", "test_customer#yyy:ADMIN") + .header("assumed-roles", "test.customer#yyy:ADMIN") .port(port) .when() .get("http://localhost/api/test/customers") @@ -148,7 +148,7 @@ class TestCustomerControllerAcceptanceTest { // finally, the new customer can be viewed by its own admin final var newSubjectUuid = UUID.fromString( location.substring(location.lastIndexOf('/') + 1)); - context.define("superuser-fran@hostsharing.net", "test_customer#uuu:ADMIN"); + context.define("superuser-fran@hostsharing.net", "test.customer#uuu:ADMIN"); assertThat(testCustomerRepository.findByUuid(newSubjectUuid)) .hasValueSatisfying(c -> assertThat(c.getPrefix()).isEqualTo("uuu")); } @@ -159,7 +159,7 @@ class TestCustomerControllerAcceptanceTest { RestAssured // @formatter:off .given() .header("current-subject", "superuser-alex@hostsharing.net") - .header("assumed-roles", "test_customer#xxx:ADMIN") + .header("assumed-roles", "test.customer#xxx:ADMIN") .contentType(ContentType.JSON) .body(""" { @@ -175,8 +175,8 @@ class TestCustomerControllerAcceptanceTest { .statusCode(403) .contentType(ContentType.JSON) .statusCode(403) - .body("message", containsString("ERROR: [403] insert into test_customer ")) - .body("message", containsString(" not allowed for current subjects {test_customer#xxx:ADMIN}")); + .body("message", containsString("ERROR: [403] insert into test.customer ")) + .body("message", containsString(" not allowed for current subjects {test.customer#xxx:ADMIN}")); // @formatter:on // finally, the new customer was not created @@ -205,7 +205,7 @@ class TestCustomerControllerAcceptanceTest { .statusCode(403) .contentType(ContentType.JSON) .statusCode(403) - .body("message", containsString("ERROR: [403] insert into test_customer ")) + .body("message", containsString("ERROR: [403] insert into test.customer ")) .body("message", containsString(" not allowed for current subjects")); // @formatter:on diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/test/cust/TestCustomerRepositoryIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/rbac/test/cust/TestCustomerRepositoryIntegrationTest.java index 831a2976..982e3ca8 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/test/cust/TestCustomerRepositoryIntegrationTest.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/test/cust/TestCustomerRepositoryIntegrationTest.java @@ -54,7 +54,7 @@ class TestCustomerRepositoryIntegrationTest extends ContextBasedTest { @Test public void globalAdmin_withAssumedCustomerRole_cannotCreateNewCustomer() { // given - context("superuser-alex@hostsharing.net", "test_customer#xxx:ADMIN"); + context("superuser-alex@hostsharing.net", "test.customer#xxx:ADMIN"); // when final var result = attempt(em, () -> { @@ -66,8 +66,8 @@ class TestCustomerRepositoryIntegrationTest extends ContextBasedTest { // then result.assertExceptionWithRootCauseMessage( PersistenceException.class, - "ERROR: [403] insert into test_customer ", - "not allowed for current subjects {test_customer#xxx:ADMIN}"); + "ERROR: [403] insert into test.customer ", + "not allowed for current subjects {test.customer#xxx:ADMIN}"); } @Test @@ -85,7 +85,7 @@ class TestCustomerRepositoryIntegrationTest extends ContextBasedTest { // then result.assertExceptionWithRootCauseMessage( PersistenceException.class, - "ERROR: [403] insert into test_customer ", + "ERROR: [403] insert into test.customer ", " not allowed for current subjects {customer-admin@xxx.example.com}"); } @@ -114,7 +114,7 @@ class TestCustomerRepositoryIntegrationTest extends ContextBasedTest { @Test public void globalAdmin_withAssumedCustomerOwnerRole_canViewExactlyThatCustomer() { given: - context("superuser-alex@hostsharing.net", "test_customer#yyy:OWNER"); + context("superuser-alex@hostsharing.net", "test.customer#yyy:OWNER"); // when final var result = testCustomerRepository.findCustomerByOptionalPrefixLike(null); @@ -139,7 +139,7 @@ class TestCustomerRepositoryIntegrationTest extends ContextBasedTest { public void customerAdmin_withAssumedOwnedPackageAdminRole_canViewOnlyItsOwnCustomer() { context("customer-admin@xxx.example.com"); - context("customer-admin@xxx.example.com", "test_package#xxx00:ADMIN"); + context("customer-admin@xxx.example.com", "test.package#xxx00:ADMIN"); final var result = testCustomerRepository.findCustomerByOptionalPrefixLike(null); diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/test/pac/TestPackageControllerAcceptanceTest.java b/src/test/java/net/hostsharing/hsadminng/rbac/test/pac/TestPackageControllerAcceptanceTest.java index fd9ec9a0..92b5d7fd 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/test/pac/TestPackageControllerAcceptanceTest.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/test/pac/TestPackageControllerAcceptanceTest.java @@ -44,7 +44,7 @@ class TestPackageControllerAcceptanceTest { RestAssured .given() .header("current-subject", "superuser-alex@hostsharing.net") - .header("assumed-roles", "test_customer#xxx:ADMIN") + .header("assumed-roles", "test.customer#xxx:ADMIN") .port(port) .when() .get("http://localhost/api/test/packages") @@ -66,7 +66,7 @@ class TestPackageControllerAcceptanceTest { RestAssured .given() .header("current-subject", "superuser-alex@hostsharing.net") - .header("assumed-roles", "test_customer#xxx:ADMIN") + .header("assumed-roles", "test.customer#xxx:ADMIN") .port(port) .when() .get("http://localhost/api/test/packages?name=xxx01") @@ -95,7 +95,7 @@ class TestPackageControllerAcceptanceTest { RestAssured .given() .header("current-subject", "superuser-alex@hostsharing.net") - .header("assumed-roles", "test_customer#xxx:ADMIN") + .header("assumed-roles", "test.customer#xxx:ADMIN") .contentType(ContentType.JSON) .body(format(""" { @@ -126,7 +126,7 @@ class TestPackageControllerAcceptanceTest { RestAssured .given() .header("current-subject", "superuser-alex@hostsharing.net") - .header("assumed-roles", "test_customer#xxx:ADMIN") + .header("assumed-roles", "test.customer#xxx:ADMIN") .contentType(ContentType.JSON) .body(""" { @@ -156,7 +156,7 @@ class TestPackageControllerAcceptanceTest { RestAssured .given() .header("current-subject", "superuser-alex@hostsharing.net") - .header("assumed-roles", "test_customer#xxx:ADMIN") + .header("assumed-roles", "test.customer#xxx:ADMIN") .contentType(ContentType.JSON) .body("{}") .port(port) @@ -176,7 +176,7 @@ class TestPackageControllerAcceptanceTest { return UUID.fromString(RestAssured .given() .header("current-subject", "superuser-alex@hostsharing.net") - .header("assumed-roles", "test_customer#xxx:ADMIN") + .header("assumed-roles", "test.customer#xxx:ADMIN") .port(port) .when() .get("http://localhost/api/test/packages?name={packageName}", packageName) @@ -188,7 +188,7 @@ class TestPackageControllerAcceptanceTest { } String getDescriptionOfPackage(final String packageName) { - context.define("superuser-alex@hostsharing.net","test_customer#xxx:ADMIN"); + context.define("superuser-alex@hostsharing.net","test.customer#xxx:ADMIN"); return testPackageRepository.findAllByOptionalNameLike(packageName).get(0).getDescription(); } } diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/test/pac/TestPackageRepositoryIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/rbac/test/pac/TestPackageRepositoryIntegrationTest.java index e4f0e6fb..1fa6bdd7 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/test/pac/TestPackageRepositoryIntegrationTest.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/test/pac/TestPackageRepositoryIntegrationTest.java @@ -76,7 +76,7 @@ class TestPackageRepositoryIntegrationTest extends ContextBasedTest { @Test public void customerAdmin_withAssumedOwnedPackageAdminRole_canViewOnlyItsOwnPackages() { - context.define("customer-admin@xxx.example.com", "test_package#xxx00:ADMIN"); + context.define("customer-admin@xxx.example.com", "test.package#xxx00:ADMIN"); final var result = testPackageRepository.findAllByOptionalNameLike(null); @@ -90,17 +90,17 @@ class TestPackageRepositoryIntegrationTest extends ContextBasedTest { @Test public void supportsOptimisticLocking() { // given - globalAdminWithAssumedRole("test_package#xxx00:ADMIN"); + globalAdminWithAssumedRole("test.package#xxx00:ADMIN"); final var pac = testPackageRepository.findAllByOptionalNameLike("%").get(0); // when final var result1 = jpaAttempt.transacted(() -> { - globalAdminWithAssumedRole("test_package#xxx00:OWNER"); + globalAdminWithAssumedRole("test.package#xxx00:OWNER"); pac.setDescription("description set by thread 1"); testPackageRepository.save(pac); }); final var result2 = jpaAttempt.transacted(() -> { - globalAdminWithAssumedRole("test_package#xxx00:OWNER"); + globalAdminWithAssumedRole("test.package#xxx00:OWNER"); pac.setDescription("description set by thread 2"); testPackageRepository.save(pac); sleep(1500); -- 2.39.5 From 826773f22fd0b42295bd6dbb9ca0617e61ce4e28 Mon Sep 17 00:00:00 2001 From: Michael Hoennig Date: Sun, 15 Sep 2024 18:21:08 +0200 Subject: [PATCH 47/57] fix tf-names and tableColumnNames --- .../db/changelog/0-base/007-table-columns.sql | 9 +++------ .../db/changelog/1-rbac/1058-rbac-generators.sql | 12 ++++++------ 2 files changed, 9 insertions(+), 12 deletions(-) diff --git a/src/main/resources/db/changelog/0-base/007-table-columns.sql b/src/main/resources/db/changelog/0-base/007-table-columns.sql index 575169a1..3cc6ece5 100644 --- a/src/main/resources/db/changelog/0-base/007-table-columns.sql +++ b/src/main/resources/db/changelog/0-base/007-table-columns.sql @@ -11,27 +11,24 @@ create or replace function base.tableColumnNames( ofTableName text ) stable language 'plpgsql' as $$ declare - ofTableName text default 'test.customer'; tableName text; tableSchema text; columns text[]; - columnNames text; begin tableSchema := CASE WHEN position('.' in ofTableName) > 0 THEN split_part(ofTableName, '.', 1) - END; - assert tableSchema = 'test', 'schema <> test'; + ELSE 'public' + END; tableName := CASE WHEN position('.' in ofTableName) > 0 THEN split_part(ofTableName, '.', 2) ELSE ofTableName END; - assert tableName = 'customer', 'name <> customer'; columns := (select array(select column_name::text from information_schema.columns where table_name = tableName - and table_schema is not distinct from tableSchema)); + and table_schema = tableSchema)); assert cardinality(columns) > 0, 'cannot determine columns of table ' || ofTableName || '("' || tableSchema || '"."' || tableName || '")'; return array_to_string(columns, ', '); diff --git a/src/main/resources/db/changelog/1-rbac/1058-rbac-generators.sql b/src/main/resources/db/changelog/1-rbac/1058-rbac-generators.sql index 852bfac6..dc616862 100644 --- a/src/main/resources/db/changelog/1-rbac/1058-rbac-generators.sql +++ b/src/main/resources/db/changelog/1-rbac/1058-rbac-generators.sql @@ -235,7 +235,7 @@ begin */ newColumns := 'new.' || replace(columnNames, ', ', ', new.'); sql := format($sql$ - create or replace function %1$sInsert() + create function %1$s_instead_of_insert_tf() returns trigger language plpgsql as $f$ declare @@ -258,7 +258,7 @@ begin instead of insert on %1$s_rv for each row - execute function %1$sInsert(); + execute function %1$s_instead_of_insert_tf(); $sql$, targetTable); execute sql; @@ -266,7 +266,7 @@ begin Instead of delete trigger function for the restricted view. */ sql := format($sql$ - create or replace function %1$sDelete() + create function %1$s_instead_of_delete_tf() returns trigger language plpgsql as $f$ begin @@ -287,7 +287,7 @@ begin instead of delete on %1$s_rv for each row - execute function %1$sDelete(); + execute function %1$s_instead_of_delete_tf(); $sql$, targetTable); execute sql; @@ -297,7 +297,7 @@ begin */ if columnUpdates is not null then sql := format($sql$ - create or replace function %1$sUpdate() + create function %1$s_instead_of_update_tf() returns trigger language plpgsql as $f$ begin @@ -320,7 +320,7 @@ begin instead of update on %1$s_rv for each row - execute function %1$sUpdate(); + execute function %1$s_instead_of_update_tf(); $sql$, targetTable); execute sql; end if; -- 2.39.5 From f9f5c2111fc44dec01f55792f62691ed8896c1c3 Mon Sep 17 00:00:00 2001 From: Michael Hoennig Date: Sun, 15 Sep 2024 18:47:06 +0200 Subject: [PATCH 48/57] fix ArchitectureTest rbac sub-packages --- .../net/hostsharing/hsadminng/arch/ArchitectureTest.java | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/test/java/net/hostsharing/hsadminng/arch/ArchitectureTest.java b/src/test/java/net/hostsharing/hsadminng/arch/ArchitectureTest.java index b54ffdb4..2190d29f 100644 --- a/src/test/java/net/hostsharing/hsadminng/arch/ArchitectureTest.java +++ b/src/test/java/net/hostsharing/hsadminng/arch/ArchitectureTest.java @@ -68,11 +68,11 @@ public class ArchitectureTest { "..mapper", "..ping", "..rbac", + "..rbac.generator", "..rbac.subject", - "..rbac.rbacgrant", - "..rbac.rbacrole", - "..rbac.rbacobject", - "..rbac.rbacdef", + "..rbac.grant", + "..rbac.role", + "..rbac.object", "..stringify" // ATTENTION: Don't simply add packages here, also add arch rules for the new package! ); -- 2.39.5 From faca4196e4eb1c4ae50a713e7a5dca2330427bf4 Mon Sep 17 00:00:00 2001 From: Michael Hoennig Date: Sun, 15 Sep 2024 19:25:22 +0200 Subject: [PATCH 49/57] cleanup --- sql/historization.sql | 2 +- sql/rbac-tests.sql | 2 +- src/main/resources/db/changelog/0-base/000-base-schema.sql | 2 +- src/main/resources/db/changelog/0-base/010-context.sql | 1 + src/main/resources/db/changelog/1-rbac/1000-rbac-schema.sql | 2 +- src/main/resources/db/changelog/1-rbac/1080-rbac-global.sql | 2 +- src/main/resources/db/changelog/2-test/200-test-schema.sql | 2 +- 7 files changed, 7 insertions(+), 6 deletions(-) diff --git a/sql/historization.sql b/sql/historization.sql index 474f05ca..d854f394 100644 --- a/sql/historization.sql +++ b/sql/historization.sql @@ -28,7 +28,7 @@ commit; set hsadminng.tx_history_txid to ''; set hsadminng.tx_history_timestamp to '2024-08-29 12:42'; -- all versions -select tx_history_txid(), txc.txtimestamp, txc.currentSubject, txc.currentTask, haex.* +select base.tx_history_txid(), txc.txtimestamp, txc.currentSubject, txc.currentTask, haex.* from hs_hosting_asset_ex haex join base.tx_context txc on haex.txid=txc.txid where haex.identifier = 'test@thi.example.org'; diff --git a/sql/rbac-tests.sql b/sql/rbac-tests.sql index bde34d61..1a95add0 100644 --- a/sql/rbac-tests.sql +++ b/sql/rbac-tests.sql @@ -33,7 +33,7 @@ $$ userId uuid; result bool; BEGIN - userId = findRbacSubject('superuser-alex@hostsharing.net'); + userId = rbac.findRbacSubject('superuser-alex@hostsharing.net'); result = (SELECT * FROM rbac.isPermissionGrantedToSubject(rbac.findPermissionId('package', 94928, 'add-package'), userId)); IF (result) THEN RAISE EXCEPTION 'expected permission NOT to be granted, but it is'; diff --git a/src/main/resources/db/changelog/0-base/000-base-schema.sql b/src/main/resources/db/changelog/0-base/000-base-schema.sql index 6a50e2f0..0f66f74c 100644 --- a/src/main/resources/db/changelog/0-base/000-base-schema.sql +++ b/src/main/resources/db/changelog/0-base/000-base-schema.sql @@ -4,5 +4,5 @@ -- ============================================================================ --changeset base-SCHEMA:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -CREATE SCHEMA IF NOT EXISTS base; +CREATE SCHEMA base; --// diff --git a/src/main/resources/db/changelog/0-base/010-context.sql b/src/main/resources/db/changelog/0-base/010-context.sql index 446f6955..46e9a509 100644 --- a/src/main/resources/db/changelog/0-base/010-context.sql +++ b/src/main/resources/db/changelog/0-base/010-context.sql @@ -127,6 +127,7 @@ begin end; $$; --// + -- ============================================================================ --changeset context-base.ASSUMED-ROLES:1 endDelimiter:--// -- ---------------------------------------------------------------------------- diff --git a/src/main/resources/db/changelog/1-rbac/1000-rbac-schema.sql b/src/main/resources/db/changelog/1-rbac/1000-rbac-schema.sql index 35662a3e..14f3ba93 100644 --- a/src/main/resources/db/changelog/1-rbac/1000-rbac-schema.sql +++ b/src/main/resources/db/changelog/1-rbac/1000-rbac-schema.sql @@ -4,5 +4,5 @@ -- ============================================================================ --changeset rbac-SCHEMA:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -CREATE SCHEMA IF NOT EXISTS rbac; +CREATE SCHEMA rbac; --// diff --git a/src/main/resources/db/changelog/1-rbac/1080-rbac-global.sql b/src/main/resources/db/changelog/1-rbac/1080-rbac-global.sql index 9c6c1b36..bd5128b0 100644 --- a/src/main/resources/db/changelog/1-rbac/1080-rbac-global.sql +++ b/src/main/resources/db/changelog/1-rbac/1080-rbac-global.sql @@ -168,7 +168,7 @@ $$; -- ============================================================================ ---changeset rbac-global-TEST:1 context:dev,tc runAlways:true endDelimiter:--// +--changeset rbac-global-TEST:1 context:dev,tc endDelimiter:--// -- ---------------------------------------------------------------------------- /* diff --git a/src/main/resources/db/changelog/2-test/200-test-schema.sql b/src/main/resources/db/changelog/2-test/200-test-schema.sql index cd083d72..e1d476f5 100644 --- a/src/main/resources/db/changelog/2-test/200-test-schema.sql +++ b/src/main/resources/db/changelog/2-test/200-test-schema.sql @@ -4,5 +4,5 @@ -- ============================================================================ --changeset test-SCHEMA:1 endDelimiter:--// -- ---------------------------------------------------------------------------- -CREATE SCHEMA IF NOT EXISTS test; +CREATE SCHEMA test; --// -- 2.39.5 From 5c0d8e0f3e5ce18b13df08329ff92b390d2e061f Mon Sep 17 00:00:00 2001 From: Michael Hoennig Date: Sun, 15 Sep 2024 20:03:10 +0200 Subject: [PATCH 50/57] ContextBasedTest with @DirtiesContext --- .../hostsharing/hsadminng/rbac/context/ContextBasedTest.java | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/context/ContextBasedTest.java b/src/test/java/net/hostsharing/hsadminng/rbac/context/ContextBasedTest.java index 455be002..08a98807 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/context/ContextBasedTest.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/context/ContextBasedTest.java @@ -6,11 +6,13 @@ import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.TestInfo; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Import; +import org.springframework.test.annotation.DirtiesContext; import jakarta.persistence.EntityManager; import jakarta.persistence.PersistenceContext; import java.sql.Timestamp; +@DirtiesContext @Import(RbacGrantsDiagramService.class) public abstract class ContextBasedTest { -- 2.39.5 From c9f2f19f0b755df453ecf10cc1ca3443ddd69341 Mon Sep 17 00:00:00 2001 From: Michael Hoennig Date: Sun, 15 Sep 2024 20:48:31 +0200 Subject: [PATCH 51/57] jdbc:tc:postgresql:15.5-bookworm:///spring_boot_testcontainers?TC_DAEMON=true --- src/test/resources/application.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/test/resources/application.yml b/src/test/resources/application.yml index 7c3d2cff..36233267 100644 --- a/src/test/resources/application.yml +++ b/src/test/resources/application.yml @@ -4,7 +4,7 @@ spring: platform: postgres datasource: - url-tc: jdbc:tc:postgresql:15.5-bookworm:///spring_boot_testcontainers + url-tc: jdbc:tc:postgresql:15.5-bookworm:///spring_boot_testcontainers?TC_DAEMON=true url-local: jdbc:postgresql://localhost:5432/postgres url: ${spring.datasource.url-tc} username: postgres -- 2.39.5 From 476e66ebf7d0aca98ebd9d64e880265612fa83c5 Mon Sep 17 00:00:00 2001 From: Michael Hoennig Date: Mon, 16 Sep 2024 06:25:18 +0200 Subject: [PATCH 52/57] remove @DirtiesContext from ContextBasedTest --- .../hostsharing/hsadminng/rbac/context/ContextBasedTest.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/context/ContextBasedTest.java b/src/test/java/net/hostsharing/hsadminng/rbac/context/ContextBasedTest.java index 08a98807..bbbb9a63 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/context/ContextBasedTest.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/context/ContextBasedTest.java @@ -5,14 +5,14 @@ import net.hostsharing.hsadminng.rbac.grant.RbacGrantsDiagramService; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.TestInfo; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.boot.test.autoconfigure.jdbc.AutoConfigureTestDatabase; import org.springframework.context.annotation.Import; -import org.springframework.test.annotation.DirtiesContext; import jakarta.persistence.EntityManager; import jakarta.persistence.PersistenceContext; import java.sql.Timestamp; -@DirtiesContext +@AutoConfigureTestDatabase(replace = AutoConfigureTestDatabase.Replace.NONE) @Import(RbacGrantsDiagramService.class) public abstract class ContextBasedTest { -- 2.39.5 From 680f5d04d12556146ba0ed091e791fc654039fda Mon Sep 17 00:00:00 2001 From: Michael Hoennig Date: Mon, 16 Sep 2024 06:27:39 +0200 Subject: [PATCH 53/57] fix changeset id vs. author --- .../generator/InsertTriggerGenerator.java | 6 ++-- .../generator/RbacIdentityViewGenerator.java | 2 +- .../rbac/generator/RbacObjectGenerator.java | 2 +- .../RbacRestrictedViewGenerator.java | 2 +- .../RbacRoleDescriptorsGenerator.java | 2 +- .../RolesGrantsAndPermissionsGenerator.java | 2 +- .../db/changelog/0-base/000-base-schema.sql | 2 +- .../changelog/0-base/001-last-row-count.sql | 2 +- .../db/changelog/0-base/002-int-to-var.sql | 2 +- .../changelog/0-base/003-random-in-range.sql | 2 +- .../0-base/004-jsonb-changes-delta.sql | 2 +- .../0-base/005-uuid-ossp-extension.sql | 2 +- .../0-base/006-numeric-hash-functions.sql | 2 +- .../db/changelog/0-base/007-table-columns.sql | 2 +- .../changelog/0-base/008-raise-functions.sql | 4 +-- .../0-base/009-check-environment.sql | 2 +- .../db/changelog/0-base/010-context.sql | 10 +++--- .../0-base/011-table-schema-and-name.sql | 2 +- .../db/changelog/0-base/020-audit-log.sql | 12 +++---- .../db/changelog/0-base/030-historization.sql | 6 ++-- .../090-log-slow-queries-extensions.sql | 2 +- .../db/changelog/1-rbac/1000-rbac-schema.sql | 2 +- .../db/changelog/1-rbac/1050-rbac-base.sql | 32 +++++++++---------- .../1-rbac/1051-rbac-subject-grant.sql | 6 ++-- .../db/changelog/1-rbac/1054-rbac-context.sql | 8 ++--- .../db/changelog/1-rbac/1055-rbac-views.sql | 24 +++++++------- .../1-rbac/1056-rbac-trigger-context.sql | 6 ++-- .../1-rbac/1057-rbac-role-builder.sql | 2 +- .../changelog/1-rbac/1058-rbac-generators.sql | 8 ++--- .../changelog/1-rbac/1059-rbac-statistics.sql | 2 +- .../db/changelog/1-rbac/1080-rbac-global.sql | 18 +++++------ .../db/changelog/2-test/200-test-schema.sql | 2 +- .../201-test-customer/2010-test-customer.sql | 2 +- .../2013-test-customer-rbac.sql | 14 ++++---- .../2018-test-customer-test-data.sql | 4 +-- .../202-test-package/2020-test-package.sql | 2 +- .../2023-test-package-rbac.sql | 16 +++++----- .../2028-test-package-test-data.sql | 4 +-- .../203-test-domain/2030-test-domain.sql | 2 +- .../203-test-domain/2033-test-domain-rbac.sql | 16 +++++----- .../2038-test-domain-test-data.sql | 4 +-- .../501-contact/5010-hs-office-contact.sql | 4 +-- .../5013-hs-office-contact-rbac.sql | 10 +++--- .../5016-hs-office-contact-migration.sql | 12 +++---- .../5018-hs-office-contact-test-data.sql | 4 +-- .../502-person/5020-hs-office-person.sql | 4 +-- .../502-person/5023-hs-office-person-rbac.sql | 10 +++--- .../5028-hs-office-person-test-data.sql | 4 +-- .../503-relation/5030-hs-office-relation.sql | 4 +-- .../5033-hs-office-relation-rbac.sql | 16 +++++----- .../5038-hs-office-relation-test-data.sql | 4 +-- .../504-partner/5040-hs-office-partner.sql | 10 +++--- .../5043-hs-office-partner-rbac.sql | 16 +++++----- .../5044-hs-office-partner-details-rbac.sql | 14 ++++---- .../5046-hs-office-partner-migration.sql | 12 +++---- .../5048-hs-office-partner-test-data.sql | 4 +-- .../5050-hs-office-bankaccount.sql | 4 +-- .../5053-hs-office-bankaccount-rbac.sql | 10 +++--- .../5058-hs-office-bankaccount-test-data.sql | 4 +-- .../506-debitor/5060-hs-office-debitor.sql | 6 ++-- .../5063-hs-office-debitor-rbac.sql | 16 +++++----- .../5068-hs-office-debitor-test-data.sql | 4 +-- .../5070-hs-office-sepamandate.sql | 4 +-- .../5073-hs-office-sepamandate-rbac.sql | 14 ++++---- .../5076-hs-office-sepamandate-migration.sql | 12 +++---- .../5078-hs-office-sepamandate-test-data.sql | 4 +-- .../5100-hs-office-membership.sql | 4 +-- .../5103-hs-office-membership-rbac.sql | 14 ++++---- .../5108-hs-office-membership-test-data.sql | 4 +-- .../5110-hs-office-coopshares.sql | 8 ++--- .../5113-hs-office-coopshares-rbac.sql | 14 ++++---- .../5116-hs-office-coopshares-migration.sql | 12 +++---- .../5118-hs-office-coopshares-test-data.sql | 4 +-- .../5120-hs-office-coopassets.sql | 8 ++--- .../5123-hs-office-coopassets-rbac.sql | 14 ++++---- .../5126-hs-office-coopassets-migration.sql | 12 +++---- .../5128-hs-office-coopassets-test-data.sql | 4 +-- .../6100-hs-booking-debitor.sql | 2 +- .../6200-hs-booking-project.sql | 6 ++-- .../6203-hs-booking-project-rbac.sql | 14 ++++---- .../6208-hs-booking-project-test-data.sql | 4 +-- .../630-booking-item/6200-hs-booking-item.sql | 6 ++-- .../6203-hs-booking-item-rbac.sql | 14 ++++---- .../6208-hs-booking-item-test-data.sql | 4 +-- .../6303-hs-booking-item-rbac.sql | 14 ++++---- .../7010-hs-hosting-asset.sql | 12 +++---- .../7013-hs-hosting-asset-rbac.sql | 12 +++---- .../7018-hs-hosting-asset-test-data.sql | 4 +-- .../changelog/9-hs-global/9000-statistics.sql | 2 +- 89 files changed, 321 insertions(+), 321 deletions(-) diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/generator/InsertTriggerGenerator.java b/src/main/java/net/hostsharing/hsadminng/rbac/generator/InsertTriggerGenerator.java index 0a070b74..f49cc03a 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/generator/InsertTriggerGenerator.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/generator/InsertTriggerGenerator.java @@ -46,7 +46,7 @@ public class InsertTriggerGenerator { private void generateInsertPermissionGrants(final StringWriter plPgSql) { plPgSql.writeLn(""" -- ============================================================================ - --changeset ${liquibaseTagPrefix}-rbac-GRANTING-INSERT-PERMISSION:1 endDelimiter:--// + --changeset InsertTriggerGenerator:${liquibaseTagPrefix}-rbac-GRANTING-INSERT-PERMISSION endDelimiter:--// -- ---------------------------------------------------------------------------- """, with("liquibaseTagPrefix", liquibaseTagPrefix)); @@ -141,7 +141,7 @@ public class InsertTriggerGenerator { private void generateInsertPermissionTriggerAlwaysDisallow(final StringWriter plPgSql) { plPgSql.writeLn(""" -- ============================================================================ - --changeset ${liquibaseTagPrefix}-rbac-ALWAYS-DISALLOW-INSERT:1 endDelimiter:--// + --changeset InsertTriggerGenerator:${liquibaseTagPrefix}-rbac-ALWAYS-DISALLOW-INSERT endDelimiter:--// -- ---------------------------------------------------------------------------- """, with("liquibaseTagPrefix", liquibaseTagPrefix)); @@ -185,7 +185,7 @@ public class InsertTriggerGenerator { private void generateInsertPermissionsCheckHeader(final StringWriter plPgSql) { plPgSql.writeLn(""" -- ============================================================================ - --changeset ${rawSubTable}-rbac-CHECKING-INSERT-PERMISSION:1 endDelimiter:--// + --changeset InsertTriggerGenerator:${rawSubTable}-rbac-CHECKING-INSERT-PERMISSION endDelimiter:--// -- ---------------------------------------------------------------------------- /** diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/generator/RbacIdentityViewGenerator.java b/src/main/java/net/hostsharing/hsadminng/rbac/generator/RbacIdentityViewGenerator.java index ad47b4ae..473cc394 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/generator/RbacIdentityViewGenerator.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/generator/RbacIdentityViewGenerator.java @@ -18,7 +18,7 @@ public class RbacIdentityViewGenerator { void generateTo(final StringWriter plPgSql) { plPgSql.writeLn(""" -- ============================================================================ - --changeset ${liquibaseTagPrefix}-rbac-IDENTITY-VIEW:1 endDelimiter:--// + --changeset RbacIdentityViewGenerator:${liquibaseTagPrefix}-rbac-IDENTITY-VIEW endDelimiter:--// -- ---------------------------------------------------------------------------- """, with("liquibaseTagPrefix", liquibaseTagPrefix)); diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/generator/RbacObjectGenerator.java b/src/main/java/net/hostsharing/hsadminng/rbac/generator/RbacObjectGenerator.java index a83a46fd..f641ad99 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/generator/RbacObjectGenerator.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/generator/RbacObjectGenerator.java @@ -15,7 +15,7 @@ public class RbacObjectGenerator { void generateTo(final StringWriter plPgSql) { plPgSql.writeLn(""" -- ============================================================================ - --changeset ${liquibaseTagPrefix}-rbac-OBJECT:1 endDelimiter:--// + --changeset RbacObjectGenerator:${liquibaseTagPrefix}-rbac-OBJECT endDelimiter:--// -- ---------------------------------------------------------------------------- call rbac.generateRelatedRbacObject('${rawTableName}'); --// diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/generator/RbacRestrictedViewGenerator.java b/src/main/java/net/hostsharing/hsadminng/rbac/generator/RbacRestrictedViewGenerator.java index 79388811..f493d382 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/generator/RbacRestrictedViewGenerator.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/generator/RbacRestrictedViewGenerator.java @@ -19,7 +19,7 @@ public class RbacRestrictedViewGenerator { void generateTo(final StringWriter plPgSql) { plPgSql.writeLn(""" -- ============================================================================ - --changeset ${liquibaseTagPrefix}-rbac-RESTRICTED-VIEW:1 endDelimiter:--// + --changeset RbacRestrictedViewGenerator:${liquibaseTagPrefix}-rbac-RESTRICTED-VIEW endDelimiter:--// -- ---------------------------------------------------------------------------- call rbac.generateRbacRestrictedView('${rawTableName}', $orderBy$ diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/generator/RbacRoleDescriptorsGenerator.java b/src/main/java/net/hostsharing/hsadminng/rbac/generator/RbacRoleDescriptorsGenerator.java index 102efeac..7a6c31ae 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/generator/RbacRoleDescriptorsGenerator.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/generator/RbacRoleDescriptorsGenerator.java @@ -17,7 +17,7 @@ public class RbacRoleDescriptorsGenerator { void generateTo(final StringWriter plPgSql) { plPgSql.writeLn(""" -- ============================================================================ - --changeset ${liquibaseTagPrefix}-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--// + --changeset RbacRoleDescriptorGenerator:${liquibaseTagPrefix}-rbac-ROLE-DESCRIPTORS endDelimiter:--// -- ---------------------------------------------------------------------------- call rbac.generateRbacRoleDescriptors('${simpleEntityVarName}', '${rawTableName}'); --// diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/generator/RolesGrantsAndPermissionsGenerator.java b/src/main/java/net/hostsharing/hsadminng/rbac/generator/RolesGrantsAndPermissionsGenerator.java index 663bae28..d183b181 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/generator/RolesGrantsAndPermissionsGenerator.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/generator/RolesGrantsAndPermissionsGenerator.java @@ -53,7 +53,7 @@ class RolesGrantsAndPermissionsGenerator { private void generateHeader(final StringWriter plPgSql, final String triggerType) { plPgSql.writeLn(""" -- ============================================================================ - --changeset ${liquibaseTagPrefix}-rbac-${triggerType}-trigger:1 endDelimiter:--// + --changeset RolesGrantsAndPermissionsGenerator:${liquibaseTagPrefix}-rbac-${triggerType}-trigger endDelimiter:--// -- ---------------------------------------------------------------------------- """, with("liquibaseTagPrefix", liquibaseTagPrefix), diff --git a/src/main/resources/db/changelog/0-base/000-base-schema.sql b/src/main/resources/db/changelog/0-base/000-base-schema.sql index 0f66f74c..921be5fa 100644 --- a/src/main/resources/db/changelog/0-base/000-base-schema.sql +++ b/src/main/resources/db/changelog/0-base/000-base-schema.sql @@ -2,7 +2,7 @@ -- ============================================================================ ---changeset base-SCHEMA:1 endDelimiter:--// +--changeset michael.hoennig:base-SCHEMA endDelimiter:--// -- ---------------------------------------------------------------------------- CREATE SCHEMA base; --// diff --git a/src/main/resources/db/changelog/0-base/001-last-row-count.sql b/src/main/resources/db/changelog/0-base/001-last-row-count.sql index 4079ca65..1c76d02c 100644 --- a/src/main/resources/db/changelog/0-base/001-last-row-count.sql +++ b/src/main/resources/db/changelog/0-base/001-last-row-count.sql @@ -2,7 +2,7 @@ -- ============================================================================ -- LAST-ROW-COUNT ---changeset last-row-count:1 endDelimiter:--// +--changeset michael.hoennig:last-row-count endDelimiter:--// -- ---------------------------------------------------------------------------- /* Returns the row count from the result of the previous query. diff --git a/src/main/resources/db/changelog/0-base/002-int-to-var.sql b/src/main/resources/db/changelog/0-base/002-int-to-var.sql index 55d6ea15..fea9028f 100644 --- a/src/main/resources/db/changelog/0-base/002-int-to-var.sql +++ b/src/main/resources/db/changelog/0-base/002-int-to-var.sql @@ -2,7 +2,7 @@ -- ============================================================================ -- INT-TO-VAR ---changeset int-to-var:1 endDelimiter:--// +--changeset michael.hoennig:int-to-var endDelimiter:--// -- ---------------------------------------------------------------------------- /* Returns a textual representation of an integer number to be used as generated test data. diff --git a/src/main/resources/db/changelog/0-base/003-random-in-range.sql b/src/main/resources/db/changelog/0-base/003-random-in-range.sql index c697a945..7d102de8 100644 --- a/src/main/resources/db/changelog/0-base/003-random-in-range.sql +++ b/src/main/resources/db/changelog/0-base/003-random-in-range.sql @@ -3,7 +3,7 @@ -- ============================================================================ -- RANDOM-IN-RANGE ---changeset random-in-range:1 endDelimiter:--// +--changeset michael.hoennig:random-in-range endDelimiter:--// -- ---------------------------------------------------------------------------- /* Returns a random integer in the given range (both included), diff --git a/src/main/resources/db/changelog/0-base/004-jsonb-changes-delta.sql b/src/main/resources/db/changelog/0-base/004-jsonb-changes-delta.sql index 35e399bc..79acc2ca 100644 --- a/src/main/resources/db/changelog/0-base/004-jsonb-changes-delta.sql +++ b/src/main/resources/db/changelog/0-base/004-jsonb-changes-delta.sql @@ -2,7 +2,7 @@ -- ============================================================================ ---changeset JSONB-CHANGES-DELTA:1 endDelimiter:--// +--changeset michael.hoennig:JSONB-CHANGES-DELTA endDelimiter:--// -- ---------------------------------------------------------------------------- /* Recursively compares two jsonb values and returns what has changed. diff --git a/src/main/resources/db/changelog/0-base/005-uuid-ossp-extension.sql b/src/main/resources/db/changelog/0-base/005-uuid-ossp-extension.sql index f156af69..d3c32082 100644 --- a/src/main/resources/db/changelog/0-base/005-uuid-ossp-extension.sql +++ b/src/main/resources/db/changelog/0-base/005-uuid-ossp-extension.sql @@ -3,7 +3,7 @@ -- ============================================================================ -- UUID-OSSP-EXTENSION ---changeset uuid-ossp-extension:1 endDelimiter:--// +--changeset michael.hoennig:uuid-ossp-extension endDelimiter:--// -- ---------------------------------------------------------------------------- /* Makes improved uuid generation available. diff --git a/src/main/resources/db/changelog/0-base/006-numeric-hash-functions.sql b/src/main/resources/db/changelog/0-base/006-numeric-hash-functions.sql index 624f815d..5ad2395a 100644 --- a/src/main/resources/db/changelog/0-base/006-numeric-hash-functions.sql +++ b/src/main/resources/db/changelog/0-base/006-numeric-hash-functions.sql @@ -3,7 +3,7 @@ -- ============================================================================ -- NUMERIC-HASH-FUNCTIONS ---changeset numeric-hash-functions:1 endDelimiter:--// +--changeset michael.hoennig:numeric-hash-functions endDelimiter:--// -- ---------------------------------------------------------------------------- create function base.bigIntHash(text) returns bigint as $$ diff --git a/src/main/resources/db/changelog/0-base/007-table-columns.sql b/src/main/resources/db/changelog/0-base/007-table-columns.sql index 3cc6ece5..49017e5d 100644 --- a/src/main/resources/db/changelog/0-base/007-table-columns.sql +++ b/src/main/resources/db/changelog/0-base/007-table-columns.sql @@ -3,7 +3,7 @@ -- ============================================================================ -- TABLE-COLUMNS-FUNCTION ---changeset table-columns-function:1 endDelimiter:--// +--changeset michael.hoennig:table-columns-function endDelimiter:--// -- ---------------------------------------------------------------------------- create or replace function base.tableColumnNames( ofTableName text ) diff --git a/src/main/resources/db/changelog/0-base/008-raise-functions.sql b/src/main/resources/db/changelog/0-base/008-raise-functions.sql index 1c6fc3a8..97364f1d 100644 --- a/src/main/resources/db/changelog/0-base/008-raise-functions.sql +++ b/src/main/resources/db/changelog/0-base/008-raise-functions.sql @@ -1,7 +1,7 @@ --liquibase formatted sql -- ============================================================================ ---changeset RAISE-FUNCTIONS:1 endDelimiter:--// +--changeset michael.hoennig:RAISE-FUNCTIONS endDelimiter:--// -- ---------------------------------------------------------------------------- /* Like `RAISE EXCEPTION` ... just as an expression instead of a statement. @@ -16,7 +16,7 @@ end; $$; -- ============================================================================ ---changeset ASSERT-FUNCTIONS:1 endDelimiter:--// +--changeset michael.hoennig:ASSERT-FUNCTIONS endDelimiter:--// -- ---------------------------------------------------------------------------- /* Like `ASSERT` but as an expression instead of a statement. diff --git a/src/main/resources/db/changelog/0-base/009-check-environment.sql b/src/main/resources/db/changelog/0-base/009-check-environment.sql index 0bad2670..d4a2f867 100644 --- a/src/main/resources/db/changelog/0-base/009-check-environment.sql +++ b/src/main/resources/db/changelog/0-base/009-check-environment.sql @@ -3,7 +3,7 @@ -- ============================================================================ -- NUMERIC-HASH-FUNCTIONS ---changeset hash:1 endDelimiter:--// +--changeset michael.hoennig:hash endDelimiter:--// -- ---------------------------------------------------------------------------- do $$ diff --git a/src/main/resources/db/changelog/0-base/010-context.sql b/src/main/resources/db/changelog/0-base/010-context.sql index 46e9a509..6340850b 100644 --- a/src/main/resources/db/changelog/0-base/010-context.sql +++ b/src/main/resources/db/changelog/0-base/010-context.sql @@ -2,7 +2,7 @@ -- ============================================================================ ---changeset context-DEFINE:1 endDelimiter:--// +--changeset michael.hoennig:context-DEFINE endDelimiter:--// -- ---------------------------------------------------------------------------- /* @@ -52,7 +52,7 @@ end; $$; -- ============================================================================ ---changeset context-CURRENT-TASK:1 endDelimiter:--// +--changeset michael.hoennig:context-CURRENT-TASK endDelimiter:--// -- ---------------------------------------------------------------------------- /* Returns the current task as set by `hsadminng.currentTask`. @@ -80,7 +80,7 @@ end; $$; -- ============================================================================ ---changeset context-CURRENT-REQUEST:1 endDelimiter:--// +--changeset michael.hoennig:context-CURRENT-REQUEST endDelimiter:--// -- ---------------------------------------------------------------------------- /* Returns the current http request as set via `base.defineContext(...)`. @@ -105,7 +105,7 @@ end; $$; -- ============================================================================ ---changeset context-current-subject:1 endDelimiter:--// +--changeset michael.hoennig:context-current-subject endDelimiter:--// -- ---------------------------------------------------------------------------- /* Returns the current user as defined by `base.defineContext(...)`. @@ -129,7 +129,7 @@ end; $$; -- ============================================================================ ---changeset context-base.ASSUMED-ROLES:1 endDelimiter:--// +--changeset michael.hoennig:context-base.ASSUMED-ROLES endDelimiter:--// -- ---------------------------------------------------------------------------- /* Returns assumed role names as set in `hsadminng.assumedRoles` diff --git a/src/main/resources/db/changelog/0-base/011-table-schema-and-name.sql b/src/main/resources/db/changelog/0-base/011-table-schema-and-name.sql index aff2d62f..baf4a87d 100644 --- a/src/main/resources/db/changelog/0-base/011-table-schema-and-name.sql +++ b/src/main/resources/db/changelog/0-base/011-table-schema-and-name.sql @@ -2,7 +2,7 @@ -- ============================================================================ ---changeset base-COMBINE-TABLE-SCHEMA-AND-NAME:1 endDelimiter:--// +--changeset michael.hoennig:base-COMBINE-TABLE-SCHEMA-AND-NAME endDelimiter:--// -- ---------------------------------------------------------------------------- create or replace function base.combine_table_schema_and_name(tableSchema name, tableName name) diff --git a/src/main/resources/db/changelog/0-base/020-audit-log.sql b/src/main/resources/db/changelog/0-base/020-audit-log.sql index 5be793e3..569d8826 100644 --- a/src/main/resources/db/changelog/0-base/020-audit-log.sql +++ b/src/main/resources/db/changelog/0-base/020-audit-log.sql @@ -1,7 +1,7 @@ --liquibase formatted sql -- ============================================================================ ---changeset audit-OPERATION-TYPE:1 endDelimiter:--// +--changeset michael.hoennig:audit-OPERATION-TYPE endDelimiter:--// -- ---------------------------------------------------------------------------- /* A type representing a DML operation. @@ -16,7 +16,7 @@ do $$ --// -- ============================================================================ ---changeset audit-TX-CONTEXT-TABLE:1 endDelimiter:--// +--changeset michael.hoennig:audit-TX-CONTEXT-TABLE endDelimiter:--// -- ---------------------------------------------------------------------------- /* A table storing transactions with context data. @@ -35,7 +35,7 @@ create index on base.tx_context using brin (txTimestamp); --// -- ============================================================================ ---changeset audit-TX-JOURNAL-TABLE:1 endDelimiter:--// +--changeset michael.hoennig:audit-TX-JOURNAL-TABLE endDelimiter:--// -- ---------------------------------------------------------------------------- /* A table storing the transaction audit journal for all target tables it's configured for. @@ -53,7 +53,7 @@ create index on base.tx_journal (targetTable, targetUuid); --// -- ============================================================================ ---changeset audit-TX-JOURNAL-VIEW:1 endDelimiter:--// +--changeset michael.hoennig:audit-TX-JOURNAL-VIEW endDelimiter:--// -- ---------------------------------------------------------------------------- /* A view combining base.tx_journal with base.tx_context. @@ -66,7 +66,7 @@ select txc.*, txj.targettable, txj.targetop, txj.targetuuid, txj.targetdelta --// -- ============================================================================ ---changeset audit-TX-JOURNAL-TRIGGER:1 endDelimiter:--// +--changeset michael.hoennig:audit-TX-JOURNAL-TRIGGER endDelimiter:--// -- ---------------------------------------------------------------------------- /* Trigger function for transaction audit journal. @@ -112,7 +112,7 @@ end; $$; --// -- ============================================================================ ---changeset audit-CREATE-JOURNAL-LOG:1 endDelimiter:--// +--changeset michael.hoennig:audit-CREATE-JOURNAL-LOG endDelimiter:--// -- ---------------------------------------------------------------------------- /* Trigger function for transaction audit journal. diff --git a/src/main/resources/db/changelog/0-base/030-historization.sql b/src/main/resources/db/changelog/0-base/030-historization.sql index b6781fc9..e61671cc 100644 --- a/src/main/resources/db/changelog/0-base/030-historization.sql +++ b/src/main/resources/db/changelog/0-base/030-historization.sql @@ -1,7 +1,7 @@ --liquibase formatted sql -- ============================================================================ ---changeset hs-global-historization-tx-history-txid:1 endDelimiter:--// +--changeset michael.hoennig:hs-global-historization-tx-history-txid endDelimiter:--// -- ---------------------------------------------------------------------------- create or replace function base.tx_history_txid() returns xid8 stable @@ -37,7 +37,7 @@ end; $$; -- ============================================================================ ---changeset hs-global-historization-tx-historicize-tf:1 endDelimiter:--// +--changeset michael.hoennig:hs-global-historization-tx-historicize-tf endDelimiter:--// -- ---------------------------------------------------------------------------- -- create type base.tx_operation as enum ('INSERT', 'UPDATE', 'DELETE', 'TRUNCATE'); @@ -91,7 +91,7 @@ end; $$; -- ============================================================================ ---changeset hs-global-historization-tx-create-historicization:1 endDelimiter:--// +--changeset michael.hoennig:hs-global-historization-tx-create-historicization endDelimiter:--// -- ---------------------------------------------------------------------------- diff --git a/src/main/resources/db/changelog/0-base/090-log-slow-queries-extensions.sql b/src/main/resources/db/changelog/0-base/090-log-slow-queries-extensions.sql index 953004db..d4d89ac0 100644 --- a/src/main/resources/db/changelog/0-base/090-log-slow-queries-extensions.sql +++ b/src/main/resources/db/changelog/0-base/090-log-slow-queries-extensions.sql @@ -3,7 +3,7 @@ -- ============================================================================ -- PG-STAT-STATEMENTS-EXTENSION ---changeset pg-stat-statements-extension:1 context:pg_stat_statements endDelimiter:--// +--changeset michael.hoennig:pg-stat-statements-extension context:pg_stat_statements endDelimiter:--// -- ---------------------------------------------------------------------------- /* Makes improved uuid generation available. diff --git a/src/main/resources/db/changelog/1-rbac/1000-rbac-schema.sql b/src/main/resources/db/changelog/1-rbac/1000-rbac-schema.sql index 14f3ba93..a28b0935 100644 --- a/src/main/resources/db/changelog/1-rbac/1000-rbac-schema.sql +++ b/src/main/resources/db/changelog/1-rbac/1000-rbac-schema.sql @@ -2,7 +2,7 @@ -- ============================================================================ ---changeset rbac-SCHEMA:1 endDelimiter:--// +--changeset michael.hoennig:rbac-SCHEMA endDelimiter:--// -- ---------------------------------------------------------------------------- CREATE SCHEMA rbac; --// diff --git a/src/main/resources/db/changelog/1-rbac/1050-rbac-base.sql b/src/main/resources/db/changelog/1-rbac/1050-rbac-base.sql index c1345e0c..b2e73ca1 100644 --- a/src/main/resources/db/changelog/1-rbac/1050-rbac-base.sql +++ b/src/main/resources/db/changelog/1-rbac/1050-rbac-base.sql @@ -1,7 +1,7 @@ --liquibase formatted sql -- ============================================================================ ---changeset rbac-base-REFERENCE:1 endDelimiter:--// +--changeset michael.hoennig:rbac-base-REFERENCE endDelimiter:--// -- ---------------------------------------------------------------------------- create type rbac.ReferenceType as enum ('rbac.subject', 'rbac.role', 'rbac.permission'); @@ -31,7 +31,7 @@ end; $$; --// -- ============================================================================ ---changeset rbac-base-SUBJECT:1 endDelimiter:--// +--changeset michael.hoennig:rbac-base-SUBJECT endDelimiter:--// -- ---------------------------------------------------------------------------- /* @@ -87,7 +87,7 @@ $$; --// -- ============================================================================ ---changeset rbac-base-OBJECT:1 endDelimiter:--// +--changeset michael.hoennig:rbac-base-OBJECT endDelimiter:--// -- ---------------------------------------------------------------------------- /* @@ -106,7 +106,7 @@ call base.create_journal('rbac.object'); -- ============================================================================ ---changeset rbac-base-GENERATE-RELATED-OBJECT:1 endDelimiter:--// +--changeset michael.hoennig:rbac-base-GENERATE-RELATED-OBJECT endDelimiter:--// -- ---------------------------------------------------------------------------- /* @@ -160,7 +160,7 @@ end; $$; -- ============================================================================ ---changeset rbac-base-ROLE:1 endDelimiter:--// +--changeset michael.hoennig:rbac-base-ROLE endDelimiter:--// -- ---------------------------------------------------------------------------- create type rbac.RoleType as enum ('OWNER', 'ADMIN', 'AGENT', 'TENANT', 'GUEST', 'REFERRER'); @@ -178,7 +178,7 @@ call base.create_journal('rbac.role'); -- ============================================================================ ---changeset rbac-base-ROLE-DESCRIPTOR:1 endDelimiter:--// +--changeset michael.hoennig:rbac-base-ROLE-DESCRIPTOR endDelimiter:--// -- ---------------------------------------------------------------------------- create type rbac.RoleDescriptor as @@ -234,7 +234,7 @@ $$; -- ============================================================================ ---changeset rbac-base-ROLE-FUNCTIONS:1 endDelimiter:--// +--changeset michael.hoennig:rbac-base-ROLE-FUNCTIONS endDelimiter:--// -- ---------------------------------------------------------------------------- create or replace procedure rbac.deleteRole(roleUUid uuid) @@ -298,7 +298,7 @@ $$; -- ============================================================================ ---changeset rbac-base-BEFORE-DELETE-ROLE-TRIGGER:1 endDelimiter:--// +--changeset michael.hoennig:rbac-base-BEFORE-DELETE-ROLE-TRIGGER endDelimiter:--// -- ---------------------------------------------------------------------------- /* @@ -329,7 +329,7 @@ execute procedure rbac.delete_grants_of_role_tf(); -- ============================================================================ ---changeset rbac-base-BEFORE-DELETE-OBJECT-TRIGGER:1 endDelimiter:--// +--changeset michael.hoennig:rbac-base-BEFORE-DELETE-OBJECT-TRIGGER endDelimiter:--// -- ---------------------------------------------------------------------------- /* @@ -361,7 +361,7 @@ create trigger delete_roles_of_object_tg -- ============================================================================ ---changeset rbac-base-PERMISSION:1 endDelimiter:--// +--changeset michael.hoennig:rbac-base-PERMISSION endDelimiter:--// -- ---------------------------------------------------------------------------- create domain rbac.RbacOp as varchar(6) check ( @@ -468,7 +468,7 @@ end; $$; -- ============================================================================ ---changeset rbac-base-duplicate-role-grant-exception:1 endDelimiter:--// +--changeset michael.hoennig:rbac-base-duplicate-role-grant-exception endDelimiter:--// -- ---------------------------------------------------------------------------- create or replace procedure rbac.raiseDuplicateRoleGrantException(subRoleId uuid, superRoleId uuid) @@ -486,7 +486,7 @@ $$; -- ============================================================================ ---changeset rbac-base-GRANTS:1 endDelimiter:--// +--changeset michael.hoennig:rbac-base-GRANTS endDelimiter:--// -- ---------------------------------------------------------------------------- /* Table to store grants / role- or permission assignments to subjects or roles. @@ -708,7 +708,7 @@ begin end; $$; -- ============================================================================ ---changeset rbac-base-QUERY-ACCESSIBLE-OBJECT-UUIDS:1 runOnChange=true endDelimiter:--// +--changeset michael.hoennig:rbac-base-QUERY-ACCESSIBLE-OBJECT-UUIDS runOnChange=true endDelimiter:--// -- ---------------------------------------------------------------------------- /* @@ -760,7 +760,7 @@ $$; --// -- ============================================================================ ---changeset rbac-base-QUERY-GRANTED-PERMISSIONS:1 endDelimiter:--// +--changeset michael.hoennig:rbac-base-QUERY-GRANTED-PERMISSIONS endDelimiter:--// -- ---------------------------------------------------------------------------- /* Returns all permissions accessible to the given subject UUID (subject or role). @@ -789,7 +789,7 @@ $$; --// -- ============================================================================ ---changeset rbac-base-QUERY-SUBJECTS-WITH-PERMISSION-FOR-OBJECT:1 endDelimiter:--// +--changeset michael.hoennig:rbac-base-QUERY-SUBJECTS-WITH-PERMISSION-FOR-OBJECT endDelimiter:--// -- ---------------------------------------------------------------------------- /* Returns all subject UUIDs which have any permission for the given object UUID. @@ -820,7 +820,7 @@ $$; -- ============================================================================ ---changeset rbac-base-PGSQL-ROLES:1 context:dev,tc endDelimiter:--// +--changeset michael.hoennig:rbac-base-PGSQL-ROLES context:dev,tc endDelimiter:--// -- ---------------------------------------------------------------------------- do $$ diff --git a/src/main/resources/db/changelog/1-rbac/1051-rbac-subject-grant.sql b/src/main/resources/db/changelog/1-rbac/1051-rbac-subject-grant.sql index fb3a50f5..7db0db57 100644 --- a/src/main/resources/db/changelog/1-rbac/1051-rbac-subject-grant.sql +++ b/src/main/resources/db/changelog/1-rbac/1051-rbac-subject-grant.sql @@ -1,7 +1,7 @@ --liquibase formatted sql -- ============================================================================ ---changeset rbac-user-grant-GRANT-ROLE-TO-USER:1 endDelimiter:--// +--changeset michael.hoennig:rbac-user-grant-GRANT-ROLE-TO-USER endDelimiter:--// -- ---------------------------------------------------------------------------- create or replace function rbac.assumedRoleUuid() @@ -71,7 +71,7 @@ end; $$; -- ============================================================================ ---changeset rbac-user-grant-REVOKE-ROLE-FROM-USER:1 endDelimiter:--// +--changeset michael.hoennig:rbac-user-grant-REVOKE-ROLE-FROM-USER endDelimiter:--// -- ---------------------------------------------------------------------------- create or replace procedure rbac.checkRevokeRoleFromSubjectPreconditions(grantedByRoleUuid uuid, grantedRoleUuid uuid, subjectUuid uuid) @@ -112,7 +112,7 @@ end; $$; --// -- ============================================================================ ---changeset rbac-user-grant-REVOKE-PERMISSION-FROM-ROLE:1 endDelimiter:--// +--changeset michael.hoennig:rbac-user-grant-REVOKE-PERMISSION-FROM-ROLE endDelimiter:--// -- ---------------------------------------------------------------------------- create or replace procedure rbac.revokePermissionFromRole(permissionUuid uuid, superRoleUuid uuid) diff --git a/src/main/resources/db/changelog/1-rbac/1054-rbac-context.sql b/src/main/resources/db/changelog/1-rbac/1054-rbac-context.sql index fc9141eb..afede6ac 100644 --- a/src/main/resources/db/changelog/1-rbac/1054-rbac-context.sql +++ b/src/main/resources/db/changelog/1-rbac/1054-rbac-context.sql @@ -2,7 +2,7 @@ -- ============================================================================ ---changeset rbac-context-DETERMINE:1 endDelimiter:--// +--changeset michael.hoennig:rbac-context-DETERMINE endDelimiter:--// -- ---------------------------------------------------------------------------- create or replace function rbac.determineCurrentSubjectUuid(currentSubject varchar) @@ -78,7 +78,7 @@ begin end; $$; -- ============================================================================ ---changeset rbac-context-CONTEXT-DEFINED:1 endDelimiter:--// +--changeset michael.hoennig:rbac-context-CONTEXT-DEFINED endDelimiter:--// -- ---------------------------------------------------------------------------- /* Callback which is called after the context has been (re-) defined. @@ -111,7 +111,7 @@ end; $$; -- ============================================================================ ---changeset rbac-context-current-subject-ID:1 endDelimiter:--// +--changeset michael.hoennig:rbac-context-current-subject-ID endDelimiter:--// -- ---------------------------------------------------------------------------- /* Returns the uuid of the current subject as set via `base.defineContext(...)`. @@ -144,7 +144,7 @@ end; $$; --// -- ============================================================================ ---changeset rbac-context-CURRENT-SUBJECT-UUIDS:1 endDelimiter:--// +--changeset michael.hoennig:rbac-context-CURRENT-SUBJECT-UUIDS endDelimiter:--// -- ---------------------------------------------------------------------------- /* Returns the uuid of the current subject as set via `base.defineContext(...)`, diff --git a/src/main/resources/db/changelog/1-rbac/1055-rbac-views.sql b/src/main/resources/db/changelog/1-rbac/1055-rbac-views.sql index 028592c2..e1ea0c1e 100644 --- a/src/main/resources/db/changelog/1-rbac/1055-rbac-views.sql +++ b/src/main/resources/db/changelog/1-rbac/1055-rbac-views.sql @@ -1,7 +1,7 @@ --liquibase formatted sql -- ============================================================================ ---changeset rbac-views-ROLE-ENHANCED-VIEW:1 endDelimiter:--// +--changeset michael.hoennig:rbac-views-ROLE-ENHANCED-VIEW endDelimiter:--// -- ---------------------------------------------------------------------------- /* Creates a view to the role table with additional columns @@ -22,7 +22,7 @@ select (objectTable || '#' || objectIdName || ':' || roleType) as roleIdName, * --// -- ============================================================================ ---changeset rbac-views-ROLE-RESTRICTED-VIEW:1 endDelimiter:--// +--changeset michael.hoennig:rbac-views-ROLE-RESTRICTED-VIEW endDelimiter:--// -- ---------------------------------------------------------------------------- /* Creates a view to the role table with row-level limitation @@ -46,7 +46,7 @@ grant all privileges on rbac.role_rv to ${HSADMINNG_POSTGRES_RESTRICTED_USERNAME -- ============================================================================ ---changeset rbac-views-GRANT-ENHANCED-VIEW:1 endDelimiter:--// +--changeset michael.hoennig:rbac-views-GRANT-ENHANCED-VIEW endDelimiter:--// -- ---------------------------------------------------------------------------- /* Creates a view to the grants table with additional columns @@ -106,7 +106,7 @@ create or replace view rbac.grants_ev as -- ============================================================================ ---changeset rbac-views-GRANT-RESTRICTED-VIEW:1 endDelimiter:--// +--changeset michael.hoennig:rbac-views-GRANT-RESTRICTED-VIEW endDelimiter:--// -- ---------------------------------------------------------------------------- /* Creates a view to the grants table with row-level limitation @@ -137,7 +137,7 @@ grant all privileges on rbac.role_rv to ${HSADMINNG_POSTGRES_RESTRICTED_USERNAME -- ============================================================================ ---changeset rbac-views-GRANTS-RV-INSERT-TRIGGER:1 endDelimiter:--// +--changeset michael.hoennig:rbac-views-GRANTS-RV-INSERT-TRIGGER endDelimiter:--// -- ---------------------------------------------------------------------------- /** @@ -169,7 +169,7 @@ execute function rbac.insert_grant_tf(); -- ============================================================================ ---changeset rbac-views-GRANTS-RV-DELETE-TRIGGER:1 endDelimiter:--// +--changeset michael.hoennig:rbac-views-GRANTS-RV-DELETE-TRIGGER endDelimiter:--// -- ---------------------------------------------------------------------------- /** @@ -197,7 +197,7 @@ execute function rbac.delete_grant_tf(); -- ============================================================================ ---changeset rbac-views-USER-ENHANCED-VIEW:1 endDelimiter:--// +--changeset michael.hoennig:rbac-views-USER-ENHANCED-VIEW endDelimiter:--// -- ---------------------------------------------------------------------------- /* Creates a view to the users table with additional columns @@ -222,7 +222,7 @@ select distinct * -- ============================================================================ ---changeset rbac-views-USER-RESTRICTED-VIEW:1 endDelimiter:--// +--changeset michael.hoennig:rbac-views-USER-RESTRICTED-VIEW endDelimiter:--// -- ---------------------------------------------------------------------------- /* Creates a view to the users table with row-level limitation @@ -250,7 +250,7 @@ grant all privileges on rbac.subject_rv to ${HSADMINNG_POSTGRES_RESTRICTED_USERN --// -- ============================================================================ ---changeset rbac-views-USER-RV-INSERT-TRIGGER:1 endDelimiter:--// +--changeset michael.hoennig:rbac-views-USER-RV-INSERT-TRIGGER endDelimiter:--// -- ---------------------------------------------------------------------------- /** @@ -286,7 +286,7 @@ execute function rbac.insert_subject_tf(); --// -- ============================================================================ ---changeset rbac-views-USER-RV-DELETE-TRIGGER:1 endDelimiter:--// +--changeset michael.hoennig:rbac-views-USER-RV-DELETE-TRIGGER endDelimiter:--// -- ---------------------------------------------------------------------------- /** @@ -316,7 +316,7 @@ execute function rbac.delete_subject_tf(); --/ -- ============================================================================ ---changeset rbac-views-OWN-GRANTED-PERMISSIONS-VIEW:1 endDelimiter:--// +--changeset michael.hoennig:rbac-views-OWN-GRANTED-PERMISSIONS-VIEW endDelimiter:--// -- ---------------------------------------------------------------------------- /* Creates a view to all permissions granted to the current user or @@ -336,7 +336,7 @@ grant all privileges on rbac.own_granted_permissions_rv to ${HSADMINNG_POSTGRES_ -- @formatter:om -- ============================================================================ ---changeset rbac-views-GRANTED-PERMISSIONS:1 endDelimiter:--// +--changeset michael.hoennig:rbac-views-GRANTED-PERMISSIONS endDelimiter:--// -- ---------------------------------------------------------------------------- /* Returns all permissions granted to the given user, diff --git a/src/main/resources/db/changelog/1-rbac/1056-rbac-trigger-context.sql b/src/main/resources/db/changelog/1-rbac/1056-rbac-trigger-context.sql index 7e6f3d09..783992de 100644 --- a/src/main/resources/db/changelog/1-rbac/1056-rbac-trigger-context.sql +++ b/src/main/resources/db/changelog/1-rbac/1056-rbac-trigger-context.sql @@ -2,7 +2,7 @@ -- ============================================================================ ---changeset rbac-trigger-context-ENTER:1 endDelimiter:--// +--changeset michael.hoennig:rbac-trigger-context-ENTER endDelimiter:--// -- ---------------------------------------------------------------------------- create or replace procedure rbac.enterTriggerForObjectUuid(currentObjectUuid uuid) @@ -19,7 +19,7 @@ end; $$; -- ============================================================================ ---changeset rbac-trigger-context-CURRENT-ID:1 endDelimiter:--// +--changeset michael.hoennig:rbac-trigger-context-CURRENT-ID endDelimiter:--// -- ---------------------------------------------------------------------------- /* Returns the uuid of the object uuid whose trigger is currently executed as set via `rbac.enterTriggerForObjectUuid(...)`. @@ -44,7 +44,7 @@ end; $$; -- ============================================================================ ---changeset rbac-trigger-context-LEAVE:1 endDelimiter:--// +--changeset michael.hoennig:rbac-trigger-context-LEAVE endDelimiter:--// -- ---------------------------------------------------------------------------- create or replace procedure rbac.leaveTriggerForObjectUuid(currentObjectUuid uuid) diff --git a/src/main/resources/db/changelog/1-rbac/1057-rbac-role-builder.sql b/src/main/resources/db/changelog/1-rbac/1057-rbac-role-builder.sql index bb4cbd8e..c1736314 100644 --- a/src/main/resources/db/changelog/1-rbac/1057-rbac-role-builder.sql +++ b/src/main/resources/db/changelog/1-rbac/1057-rbac-role-builder.sql @@ -3,7 +3,7 @@ -- ================================================================= -- CREATE ROLE ---changeset rbac-role-builder-define-role:1 endDelimiter:--// +--changeset michael.hoennig:rbac-role-builder-define-role endDelimiter:--// -- ----------------------------------------------------------------- create or replace function rbac.defineRoleWithGrants( diff --git a/src/main/resources/db/changelog/1-rbac/1058-rbac-generators.sql b/src/main/resources/db/changelog/1-rbac/1058-rbac-generators.sql index dc616862..0c7b8b2e 100644 --- a/src/main/resources/db/changelog/1-rbac/1058-rbac-generators.sql +++ b/src/main/resources/db/changelog/1-rbac/1058-rbac-generators.sql @@ -2,7 +2,7 @@ -- ============================================================================ ---changeset rbac-generators-RELATED-OBJECT:1 endDelimiter:--// +--changeset michael.hoennig:rbac-generators-RELATED-OBJECT endDelimiter:--// -- ---------------------------------------------------------------------------- create or replace procedure rbac.generateRelatedRbacObject(targetTable varchar) @@ -46,7 +46,7 @@ $$; -- ============================================================================ ---changeset rbac-generators-ROLE-DESCRIPTORS:1 endDelimiter:--// +--changeset michael.hoennig:rbac-generators-ROLE-DESCRIPTORS endDelimiter:--// -- ---------------------------------------------------------------------------- create procedure rbac.generateRbacRoleDescriptors(prefix text, targetTable text) @@ -111,7 +111,7 @@ end; $$; -- ============================================================================ ---changeset rbac-generators-IDENTITY-VIEW:1 endDelimiter:--// +--changeset michael.hoennig:rbac-generators-IDENTITY-VIEW endDelimiter:--// -- ---------------------------------------------------------------------------- create or replace procedure rbac.generateRbacIdentityViewFromQuery(targetTable text, sqlQuery text) @@ -171,7 +171,7 @@ end; $$; -- ============================================================================ ---changeset rbac-generators-RESTRICTED-VIEW:1 endDelimiter:--// +--changeset michael.hoennig:rbac-generators-RESTRICTED-VIEW endDelimiter:--// -- ---------------------------------------------------------------------------- create or replace procedure rbac.generateRbacRestrictedView(targetTable text, orderBy text, columnUpdates text = null, columnNames text = '*') diff --git a/src/main/resources/db/changelog/1-rbac/1059-rbac-statistics.sql b/src/main/resources/db/changelog/1-rbac/1059-rbac-statistics.sql index 19670fb9..cb8e35bf 100644 --- a/src/main/resources/db/changelog/1-rbac/1059-rbac-statistics.sql +++ b/src/main/resources/db/changelog/1-rbac/1059-rbac-statistics.sql @@ -1,6 +1,6 @@ --liquibase formatted sql ---changeset rbac-statistics:1 endDelimiter:--// +--changeset michael.hoennig:rbac-statistics endDelimiter:--// /* Creates a view which presents some statistics about the RBAC tables. diff --git a/src/main/resources/db/changelog/1-rbac/1080-rbac-global.sql b/src/main/resources/db/changelog/1-rbac/1080-rbac-global.sql index bd5128b0..4f981dc9 100644 --- a/src/main/resources/db/changelog/1-rbac/1080-rbac-global.sql +++ b/src/main/resources/db/changelog/1-rbac/1080-rbac-global.sql @@ -1,7 +1,7 @@ --liquibase formatted sql -- ============================================================================ ---changeset rbac-global-OBJECT:1 endDelimiter:--// +--changeset michael.hoennig:rbac-global-OBJECT endDelimiter:--// -- ---------------------------------------------------------------------------- /* The purpose of this table is provide root business objects @@ -23,7 +23,7 @@ grant select on rbac.global to ${HSADMINNG_POSTGRES_RESTRICTED_USERNAME}; -- ============================================================================ ---changeset rbac-global-IS-GLOBAL-ADMIN:1 endDelimiter:--// +--changeset michael.hoennig:rbac-global-IS-GLOBAL-ADMIN endDelimiter:--// -- ------------------------------------------------------------------ create or replace function rbac.isGlobalAdmin() @@ -36,7 +36,7 @@ end; $$; -- ============================================================================ ---changeset rbac-global-HAS-GLOBAL-PERMISSION:1 endDelimiter:--// +--changeset michael.hoennig:rbac-global-HAS-GLOBAL-PERMISSION endDelimiter:--// -- ------------------------------------------------------------------ create or replace function rbac.hasGlobalPermission(op rbac.RbacOp) @@ -51,7 +51,7 @@ $$; -- ============================================================================ ---changeset rbac-global-IDENTITY-VIEW:1 endDelimiter:--// +--changeset michael.hoennig:rbac-global-IDENTITY-VIEW endDelimiter:--// -- ---------------------------------------------------------------------------- /* @@ -87,7 +87,7 @@ $$; --liquibase formatted sql -- ============================================================================ ---changeset rbac-global-PSEUDO-OBJECT:1 endDelimiter:--// +--changeset michael.hoennig:rbac-global-PSEUDO-OBJECT endDelimiter:--// -- ---------------------------------------------------------------------------- /** @@ -104,7 +104,7 @@ commit; -- ============================================================================ ---changeset rbac-global-ADMIN-ROLE:1 endDelimiter:--// +--changeset michael.hoennig:rbac-global-ADMIN-ROLE endDelimiter:--// -- ---------------------------------------------------------------------------- /* A rbac.Global administrator role. @@ -125,7 +125,7 @@ commit; -- ============================================================================ ---changeset rbac-global-GUEST-ROLE:1 endDelimiter:--// +--changeset michael.hoennig:rbac-global-GUEST-ROLE endDelimiter:--// -- ---------------------------------------------------------------------------- /* A rbac.Global guest role. @@ -146,7 +146,7 @@ commit; -- ============================================================================ ---changeset rbac-global-ADMIN-USERS:1 context:dev,tc endDelimiter:--// +--changeset michael.hoennig:rbac-global-ADMIN-USERS context:dev,tc endDelimiter:--// -- ---------------------------------------------------------------------------- /* Create two users and assign both to the administrators' role. @@ -168,7 +168,7 @@ $$; -- ============================================================================ ---changeset rbac-global-TEST:1 context:dev,tc endDelimiter:--// +--changeset michael.hoennig:rbac-global-TEST context:dev,tc endDelimiter:--// -- ---------------------------------------------------------------------------- /* diff --git a/src/main/resources/db/changelog/2-test/200-test-schema.sql b/src/main/resources/db/changelog/2-test/200-test-schema.sql index e1d476f5..35f0df54 100644 --- a/src/main/resources/db/changelog/2-test/200-test-schema.sql +++ b/src/main/resources/db/changelog/2-test/200-test-schema.sql @@ -2,7 +2,7 @@ -- ============================================================================ ---changeset test-SCHEMA:1 endDelimiter:--// +--changeset michael.hoennig:test-SCHEMA endDelimiter:--// -- ---------------------------------------------------------------------------- CREATE SCHEMA test; --// diff --git a/src/main/resources/db/changelog/2-test/201-test-customer/2010-test-customer.sql b/src/main/resources/db/changelog/2-test/201-test-customer/2010-test-customer.sql index 9a91e939..2d4714f1 100644 --- a/src/main/resources/db/changelog/2-test/201-test-customer/2010-test-customer.sql +++ b/src/main/resources/db/changelog/2-test/201-test-customer/2010-test-customer.sql @@ -1,7 +1,7 @@ --liquibase formatted sql -- ============================================================================ ---changeset test-customer-MAIN-TABLE:1 endDelimiter:--// +--changeset michael.hoennig:test-customer-MAIN-TABLE endDelimiter:--// -- ---------------------------------------------------------------------------- create table if not exists test.customer diff --git a/src/main/resources/db/changelog/2-test/201-test-customer/2013-test-customer-rbac.sql b/src/main/resources/db/changelog/2-test/201-test-customer/2013-test-customer-rbac.sql index a657b35d..45a04a23 100644 --- a/src/main/resources/db/changelog/2-test/201-test-customer/2013-test-customer-rbac.sql +++ b/src/main/resources/db/changelog/2-test/201-test-customer/2013-test-customer-rbac.sql @@ -3,21 +3,21 @@ -- ============================================================================ ---changeset test.customer-rbac-OBJECT:1 endDelimiter:--// +--changeset RbacObjectGenerator:test.customer-rbac-OBJECT endDelimiter:--// -- ---------------------------------------------------------------------------- call rbac.generateRelatedRbacObject('test.customer'); --// -- ============================================================================ ---changeset test.customer-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--// +--changeset RbacRoleDescriptorGenerator:test.customer-rbac-ROLE-DESCRIPTORS endDelimiter:--// -- ---------------------------------------------------------------------------- call rbac.generateRbacRoleDescriptors('testCustomer', 'test.customer'); --// -- ============================================================================ ---changeset test.customer-rbac-insert-trigger:1 endDelimiter:--// +--changeset RolesGrantsAndPermissionsGenerator:test.customer-rbac-insert-trigger endDelimiter:--// -- ---------------------------------------------------------------------------- /* @@ -77,7 +77,7 @@ execute procedure insertTriggerForTestCustomer_tf(); -- ============================================================================ ---changeset test.customer-rbac-GRANTING-INSERT-PERMISSION:1 endDelimiter:--// +--changeset InsertTriggerGenerator:test.customer-rbac-GRANTING-INSERT-PERMISSION endDelimiter:--// -- ---------------------------------------------------------------------------- -- granting INSERT permission to rbac.global ---------------------------- @@ -125,7 +125,7 @@ execute procedure rbac.new_customer_grants_insert_to_global_tf(); -- ============================================================================ ---changeset test.customer-rbac-CHECKING-INSERT-PERMISSION:1 endDelimiter:--// +--changeset InsertTriggerGenerator:test.customer-rbac-CHECKING-INSERT-PERMISSION endDelimiter:--// -- ---------------------------------------------------------------------------- /** @@ -154,7 +154,7 @@ create trigger customer_insert_permission_check_tg -- ============================================================================ ---changeset test.customer-rbac-IDENTITY-VIEW:1 endDelimiter:--// +--changeset RbacIdentityViewGenerator:test.customer-rbac-IDENTITY-VIEW endDelimiter:--// -- ---------------------------------------------------------------------------- call rbac.generateRbacIdentityViewFromProjection('test.customer', @@ -165,7 +165,7 @@ call rbac.generateRbacIdentityViewFromProjection('test.customer', -- ============================================================================ ---changeset test.customer-rbac-RESTRICTED-VIEW:1 endDelimiter:--// +--changeset RbacRestrictedViewGenerator:test.customer-rbac-RESTRICTED-VIEW endDelimiter:--// -- ---------------------------------------------------------------------------- call rbac.generateRbacRestrictedView('test.customer', $orderBy$ diff --git a/src/main/resources/db/changelog/2-test/201-test-customer/2018-test-customer-test-data.sql b/src/main/resources/db/changelog/2-test/201-test-customer/2018-test-customer-test-data.sql index 427eea88..7766f846 100644 --- a/src/main/resources/db/changelog/2-test/201-test-customer/2018-test-customer-test-data.sql +++ b/src/main/resources/db/changelog/2-test/201-test-customer/2018-test-customer-test-data.sql @@ -2,7 +2,7 @@ -- ============================================================================ ---changeset test-customer-TEST-DATA-GENERATOR:1 endDelimiter:--// +--changeset michael.hoennig:test-customer-TEST-DATA-GENERATOR endDelimiter:--// -- ---------------------------------------------------------------------------- /* Generates a customer reference number for a given test data counter. @@ -67,7 +67,7 @@ end; $$; -- ============================================================================ ---changeset test-customer-TEST-DATA-GENERATION:1 –context=dev,tc endDelimiter:--// +--changeset michael.hoennig:test-customer-TEST-DATA-GENERATION –context=dev,tc endDelimiter:--// -- ---------------------------------------------------------------------------- do language plpgsql $$ diff --git a/src/main/resources/db/changelog/2-test/202-test-package/2020-test-package.sql b/src/main/resources/db/changelog/2-test/202-test-package/2020-test-package.sql index c12ead61..d74ff086 100644 --- a/src/main/resources/db/changelog/2-test/202-test-package/2020-test-package.sql +++ b/src/main/resources/db/changelog/2-test/202-test-package/2020-test-package.sql @@ -1,7 +1,7 @@ --liquibase formatted sql -- ============================================================================ ---changeset test-package-MAIN-TABLE:1 endDelimiter:--// +--changeset michael.hoennig:test-package-MAIN-TABLE endDelimiter:--// -- ---------------------------------------------------------------------------- create table if not exists test.package diff --git a/src/main/resources/db/changelog/2-test/202-test-package/2023-test-package-rbac.sql b/src/main/resources/db/changelog/2-test/202-test-package/2023-test-package-rbac.sql index 46c0e9c4..6669c8eb 100644 --- a/src/main/resources/db/changelog/2-test/202-test-package/2023-test-package-rbac.sql +++ b/src/main/resources/db/changelog/2-test/202-test-package/2023-test-package-rbac.sql @@ -3,21 +3,21 @@ -- ============================================================================ ---changeset test.package-rbac-OBJECT:1 endDelimiter:--// +--changeset RbacObjectGenerator:test.package-rbac-OBJECT endDelimiter:--// -- ---------------------------------------------------------------------------- call rbac.generateRelatedRbacObject('test.package'); --// -- ============================================================================ ---changeset test.package-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--// +--changeset RbacRoleDescriptorGenerator:test.package-rbac-ROLE-DESCRIPTORS endDelimiter:--// -- ---------------------------------------------------------------------------- call rbac.generateRbacRoleDescriptors('testPackage', 'test.package'); --// -- ============================================================================ ---changeset test.package-rbac-insert-trigger:1 endDelimiter:--// +--changeset RolesGrantsAndPermissionsGenerator:test.package-rbac-insert-trigger endDelimiter:--// -- ---------------------------------------------------------------------------- /* @@ -81,7 +81,7 @@ execute procedure insertTriggerForTestPackage_tf(); -- ============================================================================ ---changeset test.package-rbac-update-trigger:1 endDelimiter:--// +--changeset RolesGrantsAndPermissionsGenerator:test.package-rbac-update-trigger endDelimiter:--// -- ---------------------------------------------------------------------------- /* @@ -142,7 +142,7 @@ execute procedure updateTriggerForTestPackage_tf(); -- ============================================================================ ---changeset test.package-rbac-GRANTING-INSERT-PERMISSION:1 endDelimiter:--// +--changeset InsertTriggerGenerator:test.package-rbac-GRANTING-INSERT-PERMISSION endDelimiter:--// -- ---------------------------------------------------------------------------- -- granting INSERT permission to test.customer ---------------------------- @@ -190,7 +190,7 @@ execute procedure test.new_package_grants_insert_to_customer_tf(); -- ============================================================================ ---changeset test.package-rbac-CHECKING-INSERT-PERMISSION:1 endDelimiter:--// +--changeset InsertTriggerGenerator:test.package-rbac-CHECKING-INSERT-PERMISSION endDelimiter:--// -- ---------------------------------------------------------------------------- /** @@ -219,7 +219,7 @@ create trigger package_insert_permission_check_tg -- ============================================================================ ---changeset test.package-rbac-IDENTITY-VIEW:1 endDelimiter:--// +--changeset RbacIdentityViewGenerator:test.package-rbac-IDENTITY-VIEW endDelimiter:--// -- ---------------------------------------------------------------------------- call rbac.generateRbacIdentityViewFromProjection('test.package', @@ -230,7 +230,7 @@ call rbac.generateRbacIdentityViewFromProjection('test.package', -- ============================================================================ ---changeset test.package-rbac-RESTRICTED-VIEW:1 endDelimiter:--// +--changeset RbacRestrictedViewGenerator:test.package-rbac-RESTRICTED-VIEW endDelimiter:--// -- ---------------------------------------------------------------------------- call rbac.generateRbacRestrictedView('test.package', $orderBy$ diff --git a/src/main/resources/db/changelog/2-test/202-test-package/2028-test-package-test-data.sql b/src/main/resources/db/changelog/2-test/202-test-package/2028-test-package-test-data.sql index d7a03b43..6ac15e1f 100644 --- a/src/main/resources/db/changelog/2-test/202-test-package/2028-test-package-test-data.sql +++ b/src/main/resources/db/changelog/2-test/202-test-package/2028-test-package-test-data.sql @@ -1,7 +1,7 @@ --liquibase formatted sql -- ============================================================================ ---changeset test-package-TEST-DATA-GENERATOR:1 endDelimiter:--// +--changeset michael.hoennig:test-package-TEST-DATA-GENERATOR endDelimiter:--// -- ---------------------------------------------------------------------------- /* Creates the given number of test packages for the given customer. @@ -59,7 +59,7 @@ $$; -- ============================================================================ ---changeset test-package-TEST-DATA-GENERATION:1 –context=dev,tc endDelimiter:--// +--changeset michael.hoennig:test-package-TEST-DATA-GENERATION –context=dev,tc endDelimiter:--// -- ---------------------------------------------------------------------------- do language plpgsql $$ diff --git a/src/main/resources/db/changelog/2-test/203-test-domain/2030-test-domain.sql b/src/main/resources/db/changelog/2-test/203-test-domain/2030-test-domain.sql index 1280674f..eb62f9c3 100644 --- a/src/main/resources/db/changelog/2-test/203-test-domain/2030-test-domain.sql +++ b/src/main/resources/db/changelog/2-test/203-test-domain/2030-test-domain.sql @@ -1,7 +1,7 @@ --liquibase formatted sql -- ============================================================================ ---changeset test-domain-MAIN-TABLE:1 endDelimiter:--// +--changeset michael.hoennig:test-domain-MAIN-TABLE endDelimiter:--// -- ---------------------------------------------------------------------------- create table if not exists test.domain diff --git a/src/main/resources/db/changelog/2-test/203-test-domain/2033-test-domain-rbac.sql b/src/main/resources/db/changelog/2-test/203-test-domain/2033-test-domain-rbac.sql index 40064ad0..7e15e0bc 100644 --- a/src/main/resources/db/changelog/2-test/203-test-domain/2033-test-domain-rbac.sql +++ b/src/main/resources/db/changelog/2-test/203-test-domain/2033-test-domain-rbac.sql @@ -3,21 +3,21 @@ -- ============================================================================ ---changeset test.domain-rbac-OBJECT:1 endDelimiter:--// +--changeset RbacObjectGenerator:test.domain-rbac-OBJECT endDelimiter:--// -- ---------------------------------------------------------------------------- call rbac.generateRelatedRbacObject('test.domain'); --// -- ============================================================================ ---changeset test.domain-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--// +--changeset RbacRoleDescriptorGenerator:test.domain-rbac-ROLE-DESCRIPTORS endDelimiter:--// -- ---------------------------------------------------------------------------- call rbac.generateRbacRoleDescriptors('testDomain', 'test.domain'); --// -- ============================================================================ ---changeset test.domain-rbac-insert-trigger:1 endDelimiter:--// +--changeset RolesGrantsAndPermissionsGenerator:test.domain-rbac-insert-trigger endDelimiter:--// -- ---------------------------------------------------------------------------- /* @@ -77,7 +77,7 @@ execute procedure insertTriggerForTestDomain_tf(); -- ============================================================================ ---changeset test.domain-rbac-update-trigger:1 endDelimiter:--// +--changeset RolesGrantsAndPermissionsGenerator:test.domain-rbac-update-trigger endDelimiter:--// -- ---------------------------------------------------------------------------- /* @@ -141,7 +141,7 @@ execute procedure updateTriggerForTestDomain_tf(); -- ============================================================================ ---changeset test.domain-rbac-GRANTING-INSERT-PERMISSION:1 endDelimiter:--// +--changeset InsertTriggerGenerator:test.domain-rbac-GRANTING-INSERT-PERMISSION endDelimiter:--// -- ---------------------------------------------------------------------------- -- granting INSERT permission to test.package ---------------------------- @@ -189,7 +189,7 @@ execute procedure test.new_domain_grants_insert_to_package_tf(); -- ============================================================================ ---changeset test.domain-rbac-CHECKING-INSERT-PERMISSION:1 endDelimiter:--// +--changeset InsertTriggerGenerator:test.domain-rbac-CHECKING-INSERT-PERMISSION endDelimiter:--// -- ---------------------------------------------------------------------------- /** @@ -218,7 +218,7 @@ create trigger domain_insert_permission_check_tg -- ============================================================================ ---changeset test.domain-rbac-IDENTITY-VIEW:1 endDelimiter:--// +--changeset RbacIdentityViewGenerator:test.domain-rbac-IDENTITY-VIEW endDelimiter:--// -- ---------------------------------------------------------------------------- call rbac.generateRbacIdentityViewFromProjection('test.domain', @@ -229,7 +229,7 @@ call rbac.generateRbacIdentityViewFromProjection('test.domain', -- ============================================================================ ---changeset test.domain-rbac-RESTRICTED-VIEW:1 endDelimiter:--// +--changeset RbacRestrictedViewGenerator:test.domain-rbac-RESTRICTED-VIEW endDelimiter:--// -- ---------------------------------------------------------------------------- call rbac.generateRbacRestrictedView('test.domain', $orderBy$ diff --git a/src/main/resources/db/changelog/2-test/203-test-domain/2038-test-domain-test-data.sql b/src/main/resources/db/changelog/2-test/203-test-domain/2038-test-domain-test-data.sql index 3a3f366f..8de17769 100644 --- a/src/main/resources/db/changelog/2-test/203-test-domain/2038-test-domain-test-data.sql +++ b/src/main/resources/db/changelog/2-test/203-test-domain/2038-test-domain-test-data.sql @@ -1,7 +1,7 @@ --liquibase formatted sql -- ============================================================================ ---changeset hs-domain-TEST-DATA-GENERATOR:1 endDelimiter:--// +--changeset michael.hoennig:hs-domain-TEST-DATA-GENERATOR endDelimiter:--// -- ---------------------------------------------------------------------------- /* Creates the given count of test unix users for a single package. @@ -54,7 +54,7 @@ end; $$; -- ============================================================================ ---changeset hs-domain-TEST-DATA-GENERATION:1 –context=dev,tc endDelimiter:--// +--changeset michael.hoennig:hs-domain-TEST-DATA-GENERATION –context=dev,tc endDelimiter:--// -- ---------------------------------------------------------------------------- do language plpgsql $$ diff --git a/src/main/resources/db/changelog/5-hs-office/501-contact/5010-hs-office-contact.sql b/src/main/resources/db/changelog/5-hs-office/501-contact/5010-hs-office-contact.sql index 3103743d..305d80d1 100644 --- a/src/main/resources/db/changelog/5-hs-office/501-contact/5010-hs-office-contact.sql +++ b/src/main/resources/db/changelog/5-hs-office/501-contact/5010-hs-office-contact.sql @@ -1,7 +1,7 @@ --liquibase formatted sql -- ============================================================================ ---changeset hs-office-contact-MAIN-TABLE:1 endDelimiter:--// +--changeset michael.hoennig:hs-office-contact-MAIN-TABLE endDelimiter:--// -- ---------------------------------------------------------------------------- create table if not exists hs_office_contact @@ -17,7 +17,7 @@ create table if not exists hs_office_contact -- ============================================================================ ---changeset hs-office-contact-MAIN-TABLE-JOURNAL:1 endDelimiter:--// +--changeset michael.hoennig:hs-office-contact-MAIN-TABLE-JOURNAL endDelimiter:--// -- ---------------------------------------------------------------------------- call base.create_journal('hs_office_contact'); diff --git a/src/main/resources/db/changelog/5-hs-office/501-contact/5013-hs-office-contact-rbac.sql b/src/main/resources/db/changelog/5-hs-office/501-contact/5013-hs-office-contact-rbac.sql index 316128dc..eb83c6e7 100644 --- a/src/main/resources/db/changelog/5-hs-office/501-contact/5013-hs-office-contact-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/501-contact/5013-hs-office-contact-rbac.sql @@ -3,21 +3,21 @@ -- ============================================================================ ---changeset hs-office-contact-rbac-OBJECT:1 endDelimiter:--// +--changeset michael.hoennig:hs-office-contact-rbac-OBJECT endDelimiter:--// -- ---------------------------------------------------------------------------- call rbac.generateRelatedRbacObject('hs_office_contact'); --// -- ============================================================================ ---changeset hs-office-contact-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--// +--changeset michael.hoennig:hs-office-contact-rbac-ROLE-DESCRIPTORS endDelimiter:--// -- ---------------------------------------------------------------------------- call rbac.generateRbacRoleDescriptors('hsOfficeContact', 'hs_office_contact'); --// -- ============================================================================ ---changeset hs-office-contact-rbac-insert-trigger:1 endDelimiter:--// +--changeset michael.hoennig:hs-office-contact-rbac-insert-trigger endDelimiter:--// -- ---------------------------------------------------------------------------- /* @@ -77,7 +77,7 @@ execute procedure insertTriggerForHsOfficeContact_tf(); -- ============================================================================ ---changeset hs-office-contact-rbac-IDENTITY-VIEW:1 endDelimiter:--// +--changeset michael.hoennig:hs-office-contact-rbac-IDENTITY-VIEW endDelimiter:--// -- ---------------------------------------------------------------------------- call rbac.generateRbacIdentityViewFromProjection('hs_office_contact', @@ -88,7 +88,7 @@ call rbac.generateRbacIdentityViewFromProjection('hs_office_contact', -- ============================================================================ ---changeset hs-office-contact-rbac-RESTRICTED-VIEW:1 endDelimiter:--// +--changeset michael.hoennig:hs-office-contact-rbac-RESTRICTED-VIEW endDelimiter:--// -- ---------------------------------------------------------------------------- call rbac.generateRbacRestrictedView('hs_office_contact', $orderBy$ diff --git a/src/main/resources/db/changelog/5-hs-office/501-contact/5016-hs-office-contact-migration.sql b/src/main/resources/db/changelog/5-hs-office/501-contact/5016-hs-office-contact-migration.sql index 6f13a642..fe0f1553 100644 --- a/src/main/resources/db/changelog/5-hs-office/501-contact/5016-hs-office-contact-migration.sql +++ b/src/main/resources/db/changelog/5-hs-office/501-contact/5016-hs-office-contact-migration.sql @@ -4,7 +4,7 @@ -- Once we don't need the external remote views anymore, create revert changesets. -- ============================================================================ ---changeset hs-office-contact-MIGRATION-mapping:1 endDelimiter:--// +--changeset michael.hoennig:hs-office-contact-MIGRATION-mapping endDelimiter:--// -- ---------------------------------------------------------------------------- CREATE TABLE hs_office_contact_legacy_id @@ -16,7 +16,7 @@ CREATE TABLE hs_office_contact_legacy_id -- ============================================================================ ---changeset hs-office-contact-MIGRATION-sequence:1 endDelimiter:--// +--changeset michael.hoennig:hs-office-contact-MIGRATION-sequence endDelimiter:--// -- ---------------------------------------------------------------------------- CREATE SEQUENCE IF NOT EXISTS hs_office_contact_legacy_id_seq @@ -27,7 +27,7 @@ CREATE SEQUENCE IF NOT EXISTS hs_office_contact_legacy_id_seq -- ============================================================================ ---changeset hs-office-contact-MIGRATION-default:1 endDelimiter:--// +--changeset michael.hoennig:hs-office-contact-MIGRATION-default endDelimiter:--// -- ---------------------------------------------------------------------------- ALTER TABLE hs_office_contact_legacy_id @@ -37,7 +37,7 @@ ALTER TABLE hs_office_contact_legacy_id --/ -- ============================================================================ ---changeset hs-office-contact-MIGRATION-insert:1 endDelimiter:--// +--changeset michael.hoennig:hs-office-contact-MIGRATION-insert endDelimiter:--// -- ---------------------------------------------------------------------------- CALL base.defineContext('schema-migration'); @@ -47,7 +47,7 @@ INSERT INTO hs_office_contact_legacy_id(uuid, contact_id) -- ============================================================================ ---changeset hs-office-contact-MIGRATION-insert-trigger:1 endDelimiter:--// +--changeset michael.hoennig:hs-office-contact-MIGRATION-insert-trigger endDelimiter:--// -- ---------------------------------------------------------------------------- create or replace function insertContactLegacyIdMapping() returns trigger @@ -72,7 +72,7 @@ create trigger createContactLegacyIdMapping -- ============================================================================ ---changeset hs-office-contact-MIGRATION-delete-trigger:1 endDelimiter:--// +--changeset michael.hoennig:hs-office-contact-MIGRATION-delete-trigger endDelimiter:--// -- ---------------------------------------------------------------------------- create or replace function deleteContactLegacyIdMapping() returns trigger diff --git a/src/main/resources/db/changelog/5-hs-office/501-contact/5018-hs-office-contact-test-data.sql b/src/main/resources/db/changelog/5-hs-office/501-contact/5018-hs-office-contact-test-data.sql index 39de7791..7e77c396 100644 --- a/src/main/resources/db/changelog/5-hs-office/501-contact/5018-hs-office-contact-test-data.sql +++ b/src/main/resources/db/changelog/5-hs-office/501-contact/5018-hs-office-contact-test-data.sql @@ -2,7 +2,7 @@ -- ============================================================================ ---changeset hs-office-contact-TEST-DATA-GENERATOR:1 endDelimiter:--// +--changeset michael.hoennig:hs-office-contact-TEST-DATA-GENERATOR endDelimiter:--// -- ---------------------------------------------------------------------------- /* @@ -52,7 +52,7 @@ end; $$; -- ============================================================================ ---changeset hs-office-contact-TEST-DATA-GENERATION:1 –context=dev,tc endDelimiter:--// +--changeset michael.hoennig:hs-office-contact-TEST-DATA-GENERATION –context=dev,tc endDelimiter:--// -- ---------------------------------------------------------------------------- do language plpgsql $$ diff --git a/src/main/resources/db/changelog/5-hs-office/502-person/5020-hs-office-person.sql b/src/main/resources/db/changelog/5-hs-office/502-person/5020-hs-office-person.sql index d520d92b..30fa1477 100644 --- a/src/main/resources/db/changelog/5-hs-office/502-person/5020-hs-office-person.sql +++ b/src/main/resources/db/changelog/5-hs-office/502-person/5020-hs-office-person.sql @@ -1,7 +1,7 @@ --liquibase formatted sql -- ============================================================================ ---changeset hs-office-person-MAIN-TABLE:1 endDelimiter:--// +--changeset michael.hoennig:hs-office-person-MAIN-TABLE endDelimiter:--// -- ---------------------------------------------------------------------------- CREATE TYPE HsOfficePersonType AS ENUM ( @@ -28,7 +28,7 @@ create table if not exists hs_office_person -- ============================================================================ ---changeset hs-office-person-MAIN-TABLE-JOURNAL:1 endDelimiter:--// +--changeset michael.hoennig:hs-office-person-MAIN-TABLE-JOURNAL endDelimiter:--// -- ---------------------------------------------------------------------------- call base.create_journal('hs_office_person'); diff --git a/src/main/resources/db/changelog/5-hs-office/502-person/5023-hs-office-person-rbac.sql b/src/main/resources/db/changelog/5-hs-office/502-person/5023-hs-office-person-rbac.sql index 48e3c280..105cdda1 100644 --- a/src/main/resources/db/changelog/5-hs-office/502-person/5023-hs-office-person-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/502-person/5023-hs-office-person-rbac.sql @@ -3,21 +3,21 @@ -- ============================================================================ ---changeset hs-office-person-rbac-OBJECT:1 endDelimiter:--// +--changeset RbacObjectGenerator:hs-office-person-rbac-OBJECT endDelimiter:--// -- ---------------------------------------------------------------------------- call rbac.generateRelatedRbacObject('hs_office_person'); --// -- ============================================================================ ---changeset hs-office-person-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--// +--changeset RbacRoleDescriptorGenerator:hs-office-person-rbac-ROLE-DESCRIPTORS endDelimiter:--// -- ---------------------------------------------------------------------------- call rbac.generateRbacRoleDescriptors('hsOfficePerson', 'hs_office_person'); --// -- ============================================================================ ---changeset hs-office-person-rbac-insert-trigger:1 endDelimiter:--// +--changeset RolesGrantsAndPermissionsGenerator:hs-office-person-rbac-insert-trigger endDelimiter:--// -- ---------------------------------------------------------------------------- /* @@ -77,7 +77,7 @@ execute procedure insertTriggerForHsOfficePerson_tf(); -- ============================================================================ ---changeset hs-office-person-rbac-IDENTITY-VIEW:1 endDelimiter:--// +--changeset RbacIdentityViewGenerator:hs-office-person-rbac-IDENTITY-VIEW endDelimiter:--// -- ---------------------------------------------------------------------------- call rbac.generateRbacIdentityViewFromProjection('hs_office_person', @@ -88,7 +88,7 @@ call rbac.generateRbacIdentityViewFromProjection('hs_office_person', -- ============================================================================ ---changeset hs-office-person-rbac-RESTRICTED-VIEW:1 endDelimiter:--// +--changeset RbacRestrictedViewGenerator:hs-office-person-rbac-RESTRICTED-VIEW endDelimiter:--// -- ---------------------------------------------------------------------------- call rbac.generateRbacRestrictedView('hs_office_person', $orderBy$ diff --git a/src/main/resources/db/changelog/5-hs-office/502-person/5028-hs-office-person-test-data.sql b/src/main/resources/db/changelog/5-hs-office/502-person/5028-hs-office-person-test-data.sql index c0a06062..c9b078e2 100644 --- a/src/main/resources/db/changelog/5-hs-office/502-person/5028-hs-office-person-test-data.sql +++ b/src/main/resources/db/changelog/5-hs-office/502-person/5028-hs-office-person-test-data.sql @@ -2,7 +2,7 @@ -- ============================================================================ ---changeset hs-office-person-TEST-DATA-GENERATOR:1 endDelimiter:--// +--changeset michael.hoennig:hs-office-person-TEST-DATA-GENERATOR endDelimiter:--// -- ---------------------------------------------------------------------------- /* @@ -51,7 +51,7 @@ end; $$; -- ============================================================================ ---changeset hs-office-person-TEST-DATA-GENERATION:1 –context=dev,tc endDelimiter:--// +--changeset michael.hoennig:hs-office-person-TEST-DATA-GENERATION –context=dev,tc endDelimiter:--// -- ---------------------------------------------------------------------------- do language plpgsql $$ diff --git a/src/main/resources/db/changelog/5-hs-office/503-relation/5030-hs-office-relation.sql b/src/main/resources/db/changelog/5-hs-office/503-relation/5030-hs-office-relation.sql index 8a466ba9..387bacd3 100644 --- a/src/main/resources/db/changelog/5-hs-office/503-relation/5030-hs-office-relation.sql +++ b/src/main/resources/db/changelog/5-hs-office/503-relation/5030-hs-office-relation.sql @@ -1,7 +1,7 @@ --liquibase formatted sql -- ============================================================================ ---changeset hs-office-relation-MAIN-TABLE:1 endDelimiter:--// +--changeset michael.hoennig:hs-office-relation-MAIN-TABLE endDelimiter:--// -- ---------------------------------------------------------------------------- CREATE TYPE HsOfficeRelationType AS ENUM ( @@ -30,7 +30,7 @@ create table if not exists hs_office_relation -- ============================================================================ ---changeset hs-office-relation-MAIN-TABLE-JOURNAL:1 endDelimiter:--// +--changeset michael.hoennig:hs-office-relation-MAIN-TABLE-JOURNAL endDelimiter:--// -- ---------------------------------------------------------------------------- call base.create_journal('hs_office_relation'); diff --git a/src/main/resources/db/changelog/5-hs-office/503-relation/5033-hs-office-relation-rbac.sql b/src/main/resources/db/changelog/5-hs-office/503-relation/5033-hs-office-relation-rbac.sql index a2c75f1a..d6f36ad5 100644 --- a/src/main/resources/db/changelog/5-hs-office/503-relation/5033-hs-office-relation-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/503-relation/5033-hs-office-relation-rbac.sql @@ -3,21 +3,21 @@ -- ============================================================================ ---changeset hs-office-relation-rbac-OBJECT:1 endDelimiter:--// +--changeset michael.hoennig:hs-office-relation-rbac-OBJECT endDelimiter:--// -- ---------------------------------------------------------------------------- call rbac.generateRelatedRbacObject('hs_office_relation'); --// -- ============================================================================ ---changeset hs-office-relation-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--// +--changeset michael.hoennig:hs-office-relation-rbac-ROLE-DESCRIPTORS endDelimiter:--// -- ---------------------------------------------------------------------------- call rbac.generateRbacRoleDescriptors('hsOfficeRelation', 'hs_office_relation'); --// -- ============================================================================ ---changeset hs-office-relation-rbac-insert-trigger:1 endDelimiter:--// +--changeset michael.hoennig:hs-office-relation-rbac-insert-trigger endDelimiter:--// -- ---------------------------------------------------------------------------- /* @@ -110,7 +110,7 @@ execute procedure insertTriggerForHsOfficeRelation_tf(); -- ============================================================================ ---changeset hs-office-relation-rbac-update-trigger:1 endDelimiter:--// +--changeset michael.hoennig:hs-office-relation-rbac-update-trigger endDelimiter:--// -- ---------------------------------------------------------------------------- /* @@ -151,7 +151,7 @@ execute procedure updateTriggerForHsOfficeRelation_tf(); -- ============================================================================ ---changeset hs-office-relation-rbac-GRANTING-INSERT-PERMISSION:1 endDelimiter:--// +--changeset michael.hoennig:hs-office-relation-rbac-GRANTING-INSERT-PERMISSION endDelimiter:--// -- ---------------------------------------------------------------------------- -- granting INSERT permission to hs_office_person ---------------------------- @@ -199,7 +199,7 @@ execute procedure new_hs_office_relation_grants_insert_to_hs_office_person_tf(); -- ============================================================================ ---changeset hs_office_relation-rbac-CHECKING-INSERT-PERMISSION:1 endDelimiter:--// +--changeset michael.hoennig:hs_office_relation-rbac-CHECKING-INSERT-PERMISSION endDelimiter:--// -- ---------------------------------------------------------------------------- /** @@ -228,7 +228,7 @@ create trigger hs_office_relation_insert_permission_check_tg -- ============================================================================ ---changeset hs-office-relation-rbac-IDENTITY-VIEW:1 endDelimiter:--// +--changeset michael.hoennig:hs-office-relation-rbac-IDENTITY-VIEW endDelimiter:--// -- ---------------------------------------------------------------------------- call rbac.generateRbacIdentityViewFromProjection('hs_office_relation', @@ -241,7 +241,7 @@ call rbac.generateRbacIdentityViewFromProjection('hs_office_relation', -- ============================================================================ ---changeset hs-office-relation-rbac-RESTRICTED-VIEW:1 endDelimiter:--// +--changeset michael.hoennig:hs-office-relation-rbac-RESTRICTED-VIEW endDelimiter:--// -- ---------------------------------------------------------------------------- call rbac.generateRbacRestrictedView('hs_office_relation', $orderBy$ diff --git a/src/main/resources/db/changelog/5-hs-office/503-relation/5038-hs-office-relation-test-data.sql b/src/main/resources/db/changelog/5-hs-office/503-relation/5038-hs-office-relation-test-data.sql index 6c9161f5..39c204a9 100644 --- a/src/main/resources/db/changelog/5-hs-office/503-relation/5038-hs-office-relation-test-data.sql +++ b/src/main/resources/db/changelog/5-hs-office/503-relation/5038-hs-office-relation-test-data.sql @@ -2,7 +2,7 @@ -- ============================================================================ ---changeset hs-office-relation-TEST-DATA-GENERATOR:1 endDelimiter:--// +--changeset michael.hoennig:hs-office-relation-TEST-DATA-GENERATOR endDelimiter:--// -- ---------------------------------------------------------------------------- /* @@ -80,7 +80,7 @@ end; $$; -- ============================================================================ ---changeset hs-office-relation-TEST-DATA-GENERATION:1 –context=dev,tc endDelimiter:--// +--changeset michael.hoennig:hs-office-relation-TEST-DATA-GENERATION –context=dev,tc endDelimiter:--// -- ---------------------------------------------------------------------------- do language plpgsql $$ diff --git a/src/main/resources/db/changelog/5-hs-office/504-partner/5040-hs-office-partner.sql b/src/main/resources/db/changelog/5-hs-office/504-partner/5040-hs-office-partner.sql index 705d8ad9..eae97773 100644 --- a/src/main/resources/db/changelog/5-hs-office/504-partner/5040-hs-office-partner.sql +++ b/src/main/resources/db/changelog/5-hs-office/504-partner/5040-hs-office-partner.sql @@ -2,7 +2,7 @@ -- ============================================================================ ---changeset hs-office-partner-DETAILS-TABLE:1 endDelimiter:--// +--changeset michael.hoennig:hs-office-partner-DETAILS-TABLE endDelimiter:--// -- ---------------------------------------------------------------------------- create table hs_office_partner_details @@ -20,14 +20,14 @@ create table hs_office_partner_details -- ============================================================================ ---changeset hs-office-partner-DETAILS-TABLE-JOURNAL:1 endDelimiter:--// +--changeset michael.hoennig:hs-office-partner-DETAILS-TABLE-JOURNAL endDelimiter:--// -- ---------------------------------------------------------------------------- call base.create_journal('hs_office_partner_details'); --// -- ============================================================================ ---changeset hs-office-partner-MAIN-TABLE:1 endDelimiter:--// +--changeset michael.hoennig:hs-office-partner-MAIN-TABLE endDelimiter:--// -- ---------------------------------------------------------------------------- create table hs_office_partner @@ -42,7 +42,7 @@ create table hs_office_partner -- ============================================================================ ---changeset hs-office-partner-DELETE-DEPENDENTS-TRIGGER:1 endDelimiter:--// +--changeset michael.hoennig:hs-office-partner-DELETE-DEPENDENTS-TRIGGER endDelimiter:--// -- ---------------------------------------------------------------------------- /** @@ -80,7 +80,7 @@ create trigger hs_office_partner_delete_dependents_trigger execute procedure deleteHsOfficeDependentsOnPartnerDelete(); -- ============================================================================ ---changeset hs-office-partner-MAIN-TABLE-JOURNAL:1 endDelimiter:--// +--changeset michael.hoennig:hs-office-partner-MAIN-TABLE-JOURNAL endDelimiter:--// -- ---------------------------------------------------------------------------- call base.create_journal('hs_office_partner'); diff --git a/src/main/resources/db/changelog/5-hs-office/504-partner/5043-hs-office-partner-rbac.sql b/src/main/resources/db/changelog/5-hs-office/504-partner/5043-hs-office-partner-rbac.sql index 183be0b2..46460b09 100644 --- a/src/main/resources/db/changelog/5-hs-office/504-partner/5043-hs-office-partner-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/504-partner/5043-hs-office-partner-rbac.sql @@ -3,21 +3,21 @@ -- ============================================================================ ---changeset hs-office-partner-rbac-OBJECT:1 endDelimiter:--// +--changeset RbacObjectGenerator:hs-office-partner-rbac-OBJECT endDelimiter:--// -- ---------------------------------------------------------------------------- call rbac.generateRelatedRbacObject('hs_office_partner'); --// -- ============================================================================ ---changeset hs-office-partner-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--// +--changeset RbacRoleDescriptorGenerator:hs-office-partner-rbac-ROLE-DESCRIPTORS endDelimiter:--// -- ---------------------------------------------------------------------------- call rbac.generateRbacRoleDescriptors('hsOfficePartner', 'hs_office_partner'); --// -- ============================================================================ ---changeset hs-office-partner-rbac-insert-trigger:1 endDelimiter:--// +--changeset RolesGrantsAndPermissionsGenerator:hs-office-partner-rbac-insert-trigger endDelimiter:--// -- ---------------------------------------------------------------------------- /* @@ -73,7 +73,7 @@ execute procedure insertTriggerForHsOfficePartner_tf(); -- ============================================================================ ---changeset hs-office-partner-rbac-update-trigger:1 endDelimiter:--// +--changeset RolesGrantsAndPermissionsGenerator:hs-office-partner-rbac-update-trigger endDelimiter:--// -- ---------------------------------------------------------------------------- /* @@ -154,7 +154,7 @@ execute procedure updateTriggerForHsOfficePartner_tf(); -- ============================================================================ ---changeset hs-office-partner-rbac-GRANTING-INSERT-PERMISSION:1 endDelimiter:--// +--changeset InsertTriggerGenerator:hs-office-partner-rbac-GRANTING-INSERT-PERMISSION endDelimiter:--// -- ---------------------------------------------------------------------------- -- granting INSERT permission to rbac.global ---------------------------- @@ -202,7 +202,7 @@ execute procedure rbac.new_hsof_partner_grants_insert_to_global_tf(); -- ============================================================================ ---changeset hs_office_partner-rbac-CHECKING-INSERT-PERMISSION:1 endDelimiter:--// +--changeset InsertTriggerGenerator:hs_office_partner-rbac-CHECKING-INSERT-PERMISSION endDelimiter:--// -- ---------------------------------------------------------------------------- /** @@ -231,7 +231,7 @@ create trigger hs_office_partner_insert_permission_check_tg -- ============================================================================ ---changeset hs-office-partner-rbac-IDENTITY-VIEW:1 endDelimiter:--// +--changeset RbacIdentityViewGenerator:hs-office-partner-rbac-IDENTITY-VIEW endDelimiter:--// -- ---------------------------------------------------------------------------- call rbac.generateRbacIdentityViewFromProjection('hs_office_partner', @@ -242,7 +242,7 @@ call rbac.generateRbacIdentityViewFromProjection('hs_office_partner', -- ============================================================================ ---changeset hs-office-partner-rbac-RESTRICTED-VIEW:1 endDelimiter:--// +--changeset RbacRestrictedViewGenerator:hs-office-partner-rbac-RESTRICTED-VIEW endDelimiter:--// -- ---------------------------------------------------------------------------- call rbac.generateRbacRestrictedView('hs_office_partner', $orderBy$ diff --git a/src/main/resources/db/changelog/5-hs-office/504-partner/5044-hs-office-partner-details-rbac.sql b/src/main/resources/db/changelog/5-hs-office/504-partner/5044-hs-office-partner-details-rbac.sql index 79386023..c593579c 100644 --- a/src/main/resources/db/changelog/5-hs-office/504-partner/5044-hs-office-partner-details-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/504-partner/5044-hs-office-partner-details-rbac.sql @@ -3,21 +3,21 @@ -- ============================================================================ ---changeset hs-office-partner-details-rbac-OBJECT:1 endDelimiter:--// +--changeset RbacObjectGenerator:hs-office-partner-details-rbac-OBJECT endDelimiter:--// -- ---------------------------------------------------------------------------- call rbac.generateRelatedRbacObject('hs_office_partner_details'); --// -- ============================================================================ ---changeset hs-office-partner-details-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--// +--changeset RbacRoleDescriptorGenerator:hs-office-partner-details-rbac-ROLE-DESCRIPTORS endDelimiter:--// -- ---------------------------------------------------------------------------- call rbac.generateRbacRoleDescriptors('hsOfficePartnerDetails', 'hs_office_partner_details'); --// -- ============================================================================ ---changeset hs-office-partner-details-rbac-insert-trigger:1 endDelimiter:--// +--changeset RolesGrantsAndPermissionsGenerator:hs-office-partner-details-rbac-insert-trigger endDelimiter:--// -- ---------------------------------------------------------------------------- /* @@ -58,7 +58,7 @@ execute procedure insertTriggerForHsOfficePartnerDetails_tf(); -- ============================================================================ ---changeset hs-office-partner-details-rbac-GRANTING-INSERT-PERMISSION:1 endDelimiter:--// +--changeset InsertTriggerGenerator:hs-office-partner-details-rbac-GRANTING-INSERT-PERMISSION endDelimiter:--// -- ---------------------------------------------------------------------------- -- granting INSERT permission to rbac.global ---------------------------- @@ -106,7 +106,7 @@ execute procedure rbac.new_hsof_partner_details_grants_insert_to_global_tf(); -- ============================================================================ ---changeset hs_office_partner_details-rbac-CHECKING-INSERT-PERMISSION:1 endDelimiter:--// +--changeset InsertTriggerGenerator:hs_office_partner_details-rbac-CHECKING-INSERT-PERMISSION endDelimiter:--// -- ---------------------------------------------------------------------------- /** @@ -135,7 +135,7 @@ create trigger hs_office_partner_details_insert_permission_check_tg -- ============================================================================ ---changeset hs-office-partner-details-rbac-IDENTITY-VIEW:1 endDelimiter:--// +--changeset RbacIdentityViewGenerator:hs-office-partner-details-rbac-IDENTITY-VIEW endDelimiter:--// -- ---------------------------------------------------------------------------- call rbac.generateRbacIdentityViewFromQuery('hs_office_partner_details', @@ -149,7 +149,7 @@ call rbac.generateRbacIdentityViewFromQuery('hs_office_partner_details', -- ============================================================================ ---changeset hs-office-partner-details-rbac-RESTRICTED-VIEW:1 endDelimiter:--// +--changeset RbacRestrictedViewGenerator:hs-office-partner-details-rbac-RESTRICTED-VIEW endDelimiter:--// -- ---------------------------------------------------------------------------- call rbac.generateRbacRestrictedView('hs_office_partner_details', $orderBy$ diff --git a/src/main/resources/db/changelog/5-hs-office/504-partner/5046-hs-office-partner-migration.sql b/src/main/resources/db/changelog/5-hs-office/504-partner/5046-hs-office-partner-migration.sql index fa35db16..9facdb93 100644 --- a/src/main/resources/db/changelog/5-hs-office/504-partner/5046-hs-office-partner-migration.sql +++ b/src/main/resources/db/changelog/5-hs-office/504-partner/5046-hs-office-partner-migration.sql @@ -4,7 +4,7 @@ -- Once we don't need the external remote views anymore, create revert changesets. -- ============================================================================ ---changeset hs-office-partner-MIGRATION-mapping:1 endDelimiter:--// +--changeset michael.hoennig:hs-office-partner-MIGRATION-mapping endDelimiter:--// -- ---------------------------------------------------------------------------- CREATE TABLE hs_office_partner_legacy_id @@ -16,7 +16,7 @@ CREATE TABLE hs_office_partner_legacy_id -- ============================================================================ ---changeset hs-office-partner-MIGRATION-sequence:1 endDelimiter:--// +--changeset michael.hoennig:hs-office-partner-MIGRATION-sequence endDelimiter:--// -- ---------------------------------------------------------------------------- CREATE SEQUENCE IF NOT EXISTS hs_office_partner_legacy_id_seq @@ -27,7 +27,7 @@ CREATE SEQUENCE IF NOT EXISTS hs_office_partner_legacy_id_seq -- ============================================================================ ---changeset hs-office-partner-MIGRATION-default:1 endDelimiter:--// +--changeset michael.hoennig:hs-office-partner-MIGRATION-default endDelimiter:--// -- ---------------------------------------------------------------------------- ALTER TABLE hs_office_partner_legacy_id @@ -36,7 +36,7 @@ ALTER TABLE hs_office_partner_legacy_id --/ -- ============================================================================ ---changeset hs-office-partner-MIGRATION-insert:1 endDelimiter:--// +--changeset michael.hoennig:hs-office-partner-MIGRATION-insert endDelimiter:--// -- ---------------------------------------------------------------------------- CALL base.defineContext('schema-migration'); @@ -46,7 +46,7 @@ INSERT INTO hs_office_partner_legacy_id(uuid, bp_id) -- ============================================================================ ---changeset hs-office-partner-MIGRATION-insert-trigger:1 endDelimiter:--// +--changeset michael.hoennig:hs-office-partner-MIGRATION-insert-trigger endDelimiter:--// -- ---------------------------------------------------------------------------- create or replace function insertPartnerLegacyIdMapping() returns trigger @@ -71,7 +71,7 @@ create trigger createPartnerLegacyIdMapping -- ============================================================================ ---changeset hs-office-partner-MIGRATION-delete-trigger:1 endDelimiter:--// +--changeset michael.hoennig:hs-office-partner-MIGRATION-delete-trigger endDelimiter:--// -- ---------------------------------------------------------------------------- create or replace function deletePartnerLegacyIdMapping() returns trigger diff --git a/src/main/resources/db/changelog/5-hs-office/504-partner/5048-hs-office-partner-test-data.sql b/src/main/resources/db/changelog/5-hs-office/504-partner/5048-hs-office-partner-test-data.sql index 00484bd0..c28192b3 100644 --- a/src/main/resources/db/changelog/5-hs-office/504-partner/5048-hs-office-partner-test-data.sql +++ b/src/main/resources/db/changelog/5-hs-office/504-partner/5048-hs-office-partner-test-data.sql @@ -2,7 +2,7 @@ -- ============================================================================ ---changeset hs-office-partner-TEST-DATA-GENERATOR:1 endDelimiter:--// +--changeset michael.hoennig:hs-office-partner-TEST-DATA-GENERATOR endDelimiter:--// -- ---------------------------------------------------------------------------- /* @@ -66,7 +66,7 @@ end; $$; -- ============================================================================ ---changeset hs-office-partner-TEST-DATA-GENERATION:1 –context=dev,tc endDelimiter:--// +--changeset michael.hoennig:hs-office-partner-TEST-DATA-GENERATION –context=dev,tc endDelimiter:--// -- ---------------------------------------------------------------------------- do language plpgsql $$ diff --git a/src/main/resources/db/changelog/5-hs-office/505-bankaccount/5050-hs-office-bankaccount.sql b/src/main/resources/db/changelog/5-hs-office/505-bankaccount/5050-hs-office-bankaccount.sql index 578b3af5..8b27cbe9 100644 --- a/src/main/resources/db/changelog/5-hs-office/505-bankaccount/5050-hs-office-bankaccount.sql +++ b/src/main/resources/db/changelog/5-hs-office/505-bankaccount/5050-hs-office-bankaccount.sql @@ -1,6 +1,6 @@ -- ============================================================================ ---changeset hs-office-bankaccount-MAIN-TABLE:1 endDelimiter:--// +--changeset michael.hoennig:hs-office-bankaccount-MAIN-TABLE endDelimiter:--// -- ---------------------------------------------------------------------------- create table hs_office_bankaccount @@ -15,7 +15,7 @@ create table hs_office_bankaccount -- ============================================================================ ---changeset hs-office-bankaccount-MAIN-TABLE-JOURNAL:1 endDelimiter:--// +--changeset michael.hoennig:hs-office-bankaccount-MAIN-TABLE-JOURNAL endDelimiter:--// -- ---------------------------------------------------------------------------- call base.create_journal('hs_office_bankaccount'); diff --git a/src/main/resources/db/changelog/5-hs-office/505-bankaccount/5053-hs-office-bankaccount-rbac.sql b/src/main/resources/db/changelog/5-hs-office/505-bankaccount/5053-hs-office-bankaccount-rbac.sql index 77d4edfa..437c14e7 100644 --- a/src/main/resources/db/changelog/5-hs-office/505-bankaccount/5053-hs-office-bankaccount-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/505-bankaccount/5053-hs-office-bankaccount-rbac.sql @@ -3,21 +3,21 @@ -- ============================================================================ ---changeset hs-office-bankaccount-rbac-OBJECT:1 endDelimiter:--// +--changeset RbacObjectGenerator:hs-office-bankaccount-rbac-OBJECT endDelimiter:--// -- ---------------------------------------------------------------------------- call rbac.generateRelatedRbacObject('hs_office_bankaccount'); --// -- ============================================================================ ---changeset hs-office-bankaccount-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--// +--changeset RbacRoleDescriptorGenerator:hs-office-bankaccount-rbac-ROLE-DESCRIPTORS endDelimiter:--// -- ---------------------------------------------------------------------------- call rbac.generateRbacRoleDescriptors('hsOfficeBankAccount', 'hs_office_bankaccount'); --// -- ============================================================================ ---changeset hs-office-bankaccount-rbac-insert-trigger:1 endDelimiter:--// +--changeset RolesGrantsAndPermissionsGenerator:hs-office-bankaccount-rbac-insert-trigger endDelimiter:--// -- ---------------------------------------------------------------------------- /* @@ -77,7 +77,7 @@ execute procedure insertTriggerForHsOfficeBankAccount_tf(); -- ============================================================================ ---changeset hs-office-bankaccount-rbac-IDENTITY-VIEW:1 endDelimiter:--// +--changeset RbacIdentityViewGenerator:hs-office-bankaccount-rbac-IDENTITY-VIEW endDelimiter:--// -- ---------------------------------------------------------------------------- call rbac.generateRbacIdentityViewFromProjection('hs_office_bankaccount', @@ -88,7 +88,7 @@ call rbac.generateRbacIdentityViewFromProjection('hs_office_bankaccount', -- ============================================================================ ---changeset hs-office-bankaccount-rbac-RESTRICTED-VIEW:1 endDelimiter:--// +--changeset RbacRestrictedViewGenerator:hs-office-bankaccount-rbac-RESTRICTED-VIEW endDelimiter:--// -- ---------------------------------------------------------------------------- call rbac.generateRbacRestrictedView('hs_office_bankaccount', $orderBy$ diff --git a/src/main/resources/db/changelog/5-hs-office/505-bankaccount/5058-hs-office-bankaccount-test-data.sql b/src/main/resources/db/changelog/5-hs-office/505-bankaccount/5058-hs-office-bankaccount-test-data.sql index c9d355b1..aa28bdf4 100644 --- a/src/main/resources/db/changelog/5-hs-office/505-bankaccount/5058-hs-office-bankaccount-test-data.sql +++ b/src/main/resources/db/changelog/5-hs-office/505-bankaccount/5058-hs-office-bankaccount-test-data.sql @@ -2,7 +2,7 @@ -- ============================================================================ ---changeset hs-office-bankaccount-TEST-DATA-GENERATOR:1 endDelimiter:--// +--changeset michael.hoennig:hs-office-bankaccount-TEST-DATA-GENERATOR endDelimiter:--// -- ---------------------------------------------------------------------------- /* @@ -26,7 +26,7 @@ end; $$; -- ============================================================================ ---changeset hs-office-bankaccount-TEST-DATA-GENERATION:1 –context=dev,tc endDelimiter:--// +--changeset michael.hoennig:hs-office-bankaccount-TEST-DATA-GENERATION –context=dev,tc endDelimiter:--// -- ---------------------------------------------------------------------------- do language plpgsql $$ diff --git a/src/main/resources/db/changelog/5-hs-office/506-debitor/5060-hs-office-debitor.sql b/src/main/resources/db/changelog/5-hs-office/506-debitor/5060-hs-office-debitor.sql index d8b55040..3ea372f7 100644 --- a/src/main/resources/db/changelog/5-hs-office/506-debitor/5060-hs-office-debitor.sql +++ b/src/main/resources/db/changelog/5-hs-office/506-debitor/5060-hs-office-debitor.sql @@ -1,7 +1,7 @@ --liquibase formatted sql -- ============================================================================ ---changeset hs-office-debitor-MAIN-TABLE:1 endDelimiter:--// +--changeset michael.hoennig:hs-office-debitor-MAIN-TABLE endDelimiter:--// -- ---------------------------------------------------------------------------- create table hs_office_debitor @@ -25,7 +25,7 @@ create table hs_office_debitor -- ============================================================================ ---changeset hs-office-debitor-DELETE-DEPENDENTS-TRIGGER:1 endDelimiter:--// +--changeset michael.hoennig:hs-office-debitor-DELETE-DEPENDENTS-TRIGGER endDelimiter:--// -- ---------------------------------------------------------------------------- /** @@ -58,7 +58,7 @@ execute procedure deleteHsOfficeDependentsOnDebitorDelete(); -- ============================================================================ ---changeset hs-office-debitor-MAIN-TABLE-JOURNAL:1 endDelimiter:--// +--changeset michael.hoennig:hs-office-debitor-MAIN-TABLE-JOURNAL endDelimiter:--// -- ---------------------------------------------------------------------------- call base.create_journal('hs_office_debitor'); diff --git a/src/main/resources/db/changelog/5-hs-office/506-debitor/5063-hs-office-debitor-rbac.sql b/src/main/resources/db/changelog/5-hs-office/506-debitor/5063-hs-office-debitor-rbac.sql index 027e56d4..be6915c0 100644 --- a/src/main/resources/db/changelog/5-hs-office/506-debitor/5063-hs-office-debitor-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/506-debitor/5063-hs-office-debitor-rbac.sql @@ -3,21 +3,21 @@ -- ============================================================================ ---changeset hs-office-debitor-rbac-OBJECT:1 endDelimiter:--// +--changeset RbacObjectGenerator:hs-office-debitor-rbac-OBJECT endDelimiter:--// -- ---------------------------------------------------------------------------- call rbac.generateRelatedRbacObject('hs_office_debitor'); --// -- ============================================================================ ---changeset hs-office-debitor-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--// +--changeset RbacRoleDescriptorGenerator:hs-office-debitor-rbac-ROLE-DESCRIPTORS endDelimiter:--// -- ---------------------------------------------------------------------------- call rbac.generateRbacRoleDescriptors('hsOfficeDebitor', 'hs_office_debitor'); --// -- ============================================================================ ---changeset hs-office-debitor-rbac-insert-trigger:1 endDelimiter:--// +--changeset RolesGrantsAndPermissionsGenerator:hs-office-debitor-rbac-insert-trigger endDelimiter:--// -- ---------------------------------------------------------------------------- /* @@ -85,7 +85,7 @@ execute procedure insertTriggerForHsOfficeDebitor_tf(); -- ============================================================================ ---changeset hs-office-debitor-rbac-update-trigger:1 endDelimiter:--// +--changeset RolesGrantsAndPermissionsGenerator:hs-office-debitor-rbac-update-trigger endDelimiter:--// -- ---------------------------------------------------------------------------- /* @@ -127,7 +127,7 @@ execute procedure updateTriggerForHsOfficeDebitor_tf(); -- ============================================================================ ---changeset hs-office-debitor-rbac-GRANTING-INSERT-PERMISSION:1 endDelimiter:--// +--changeset InsertTriggerGenerator:hs-office-debitor-rbac-GRANTING-INSERT-PERMISSION endDelimiter:--// -- ---------------------------------------------------------------------------- -- granting INSERT permission to rbac.global ---------------------------- @@ -175,7 +175,7 @@ execute procedure rbac.new_hsof_debitor_grants_insert_to_global_tf(); -- ============================================================================ ---changeset hs_office_debitor-rbac-CHECKING-INSERT-PERMISSION:1 endDelimiter:--// +--changeset InsertTriggerGenerator:hs_office_debitor-rbac-CHECKING-INSERT-PERMISSION endDelimiter:--// -- ---------------------------------------------------------------------------- /** @@ -204,7 +204,7 @@ create trigger hs_office_debitor_insert_permission_check_tg -- ============================================================================ ---changeset hs-office-debitor-rbac-IDENTITY-VIEW:1 endDelimiter:--// +--changeset RbacIdentityViewGenerator:hs-office-debitor-rbac-IDENTITY-VIEW endDelimiter:--// -- ---------------------------------------------------------------------------- call rbac.generateRbacIdentityViewFromQuery('hs_office_debitor', @@ -224,7 +224,7 @@ call rbac.generateRbacIdentityViewFromQuery('hs_office_debitor', -- ============================================================================ ---changeset hs-office-debitor-rbac-RESTRICTED-VIEW:1 endDelimiter:--// +--changeset RbacRestrictedViewGenerator:hs-office-debitor-rbac-RESTRICTED-VIEW endDelimiter:--// -- ---------------------------------------------------------------------------- call rbac.generateRbacRestrictedView('hs_office_debitor', $orderBy$ diff --git a/src/main/resources/db/changelog/5-hs-office/506-debitor/5068-hs-office-debitor-test-data.sql b/src/main/resources/db/changelog/5-hs-office/506-debitor/5068-hs-office-debitor-test-data.sql index 6fe21720..a648bace 100644 --- a/src/main/resources/db/changelog/5-hs-office/506-debitor/5068-hs-office-debitor-test-data.sql +++ b/src/main/resources/db/changelog/5-hs-office/506-debitor/5068-hs-office-debitor-test-data.sql @@ -2,7 +2,7 @@ -- ============================================================================ ---changeset hs-office-debitor-TEST-DATA-GENERATOR:1 endDelimiter:--// +--changeset michael.hoennig:hs-office-debitor-TEST-DATA-GENERATOR endDelimiter:--// -- ---------------------------------------------------------------------------- /* @@ -45,7 +45,7 @@ end; $$; -- ============================================================================ ---changeset hs-office-debitor-TEST-DATA-GENERATION:1 –context=dev,tc endDelimiter:--// +--changeset michael.hoennig:hs-office-debitor-TEST-DATA-GENERATION –context=dev,tc endDelimiter:--// -- ---------------------------------------------------------------------------- do language plpgsql $$ diff --git a/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5070-hs-office-sepamandate.sql b/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5070-hs-office-sepamandate.sql index 98936f35..16714cda 100644 --- a/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5070-hs-office-sepamandate.sql +++ b/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5070-hs-office-sepamandate.sql @@ -1,7 +1,7 @@ --liquibase formatted sql -- ============================================================================ ---changeset hs-office-sepamandate-MAIN-TABLE:1 endDelimiter:--// +--changeset michael.hoennig:hs-office-sepamandate-MAIN-TABLE endDelimiter:--// -- ---------------------------------------------------------------------------- create table if not exists hs_office_sepamandate @@ -18,7 +18,7 @@ create table if not exists hs_office_sepamandate -- ============================================================================ ---changeset hs-office-sepamandate-MAIN-TABLE-JOURNAL:1 endDelimiter:--// +--changeset michael.hoennig:hs-office-sepamandate-MAIN-TABLE-JOURNAL endDelimiter:--// -- ---------------------------------------------------------------------------- call base.create_journal('hs_office_sepamandate'); diff --git a/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5073-hs-office-sepamandate-rbac.sql b/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5073-hs-office-sepamandate-rbac.sql index 2048bafe..5261ae18 100644 --- a/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5073-hs-office-sepamandate-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5073-hs-office-sepamandate-rbac.sql @@ -3,21 +3,21 @@ -- ============================================================================ ---changeset hs-office-sepamandate-rbac-OBJECT:1 endDelimiter:--// +--changeset RbacObjectGenerator:hs-office-sepamandate-rbac-OBJECT endDelimiter:--// -- ---------------------------------------------------------------------------- call rbac.generateRelatedRbacObject('hs_office_sepamandate'); --// -- ============================================================================ ---changeset hs-office-sepamandate-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--// +--changeset RbacRoleDescriptorGenerator:hs-office-sepamandate-rbac-ROLE-DESCRIPTORS endDelimiter:--// -- ---------------------------------------------------------------------------- call rbac.generateRbacRoleDescriptors('hsOfficeSepaMandate', 'hs_office_sepamandate'); --// -- ============================================================================ ---changeset hs-office-sepamandate-rbac-insert-trigger:1 endDelimiter:--// +--changeset RolesGrantsAndPermissionsGenerator:hs-office-sepamandate-rbac-insert-trigger endDelimiter:--// -- ---------------------------------------------------------------------------- /* @@ -102,7 +102,7 @@ execute procedure insertTriggerForHsOfficeSepaMandate_tf(); -- ============================================================================ ---changeset hs-office-sepamandate-rbac-GRANTING-INSERT-PERMISSION:1 endDelimiter:--// +--changeset InsertTriggerGenerator:hs-office-sepamandate-rbac-GRANTING-INSERT-PERMISSION endDelimiter:--// -- ---------------------------------------------------------------------------- -- granting INSERT permission to hs_office_relation ---------------------------- @@ -150,7 +150,7 @@ execute procedure new_hsof_sepamandate_grants_insert_to_hsof_relation_tf(); -- ============================================================================ ---changeset hs_office_sepamandate-rbac-CHECKING-INSERT-PERMISSION:1 endDelimiter:--// +--changeset InsertTriggerGenerator:hs_office_sepamandate-rbac-CHECKING-INSERT-PERMISSION endDelimiter:--// -- ---------------------------------------------------------------------------- /** @@ -185,7 +185,7 @@ create trigger hs_office_sepamandate_insert_permission_check_tg -- ============================================================================ ---changeset hs-office-sepamandate-rbac-IDENTITY-VIEW:1 endDelimiter:--// +--changeset RbacIdentityViewGenerator:hs-office-sepamandate-rbac-IDENTITY-VIEW endDelimiter:--// -- ---------------------------------------------------------------------------- call rbac.generateRbacIdentityViewFromQuery('hs_office_sepamandate', @@ -198,7 +198,7 @@ call rbac.generateRbacIdentityViewFromQuery('hs_office_sepamandate', -- ============================================================================ ---changeset hs-office-sepamandate-rbac-RESTRICTED-VIEW:1 endDelimiter:--// +--changeset RbacRestrictedViewGenerator:hs-office-sepamandate-rbac-RESTRICTED-VIEW endDelimiter:--// -- ---------------------------------------------------------------------------- call rbac.generateRbacRestrictedView('hs_office_sepamandate', $orderBy$ diff --git a/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5076-hs-office-sepamandate-migration.sql b/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5076-hs-office-sepamandate-migration.sql index a831b28e..01e2298b 100644 --- a/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5076-hs-office-sepamandate-migration.sql +++ b/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5076-hs-office-sepamandate-migration.sql @@ -4,7 +4,7 @@ -- Once we don't need the external remote views anymore, create revert changesets. -- ============================================================================ ---changeset hs-office-sepamandate-MIGRATION-mapping:1 endDelimiter:--// +--changeset michael.hoennig:hs-office-sepamandate-MIGRATION-mapping endDelimiter:--// -- ---------------------------------------------------------------------------- CREATE TABLE hs_office_sepamandate_legacy_id @@ -16,7 +16,7 @@ CREATE TABLE hs_office_sepamandate_legacy_id -- ============================================================================ ---changeset hs-office-sepamandate-MIGRATION-sequence:1 endDelimiter:--// +--changeset michael.hoennig:hs-office-sepamandate-MIGRATION-sequence endDelimiter:--// -- ---------------------------------------------------------------------------- CREATE SEQUENCE IF NOT EXISTS hs_office_sepamandate_legacy_id_seq @@ -27,7 +27,7 @@ CREATE SEQUENCE IF NOT EXISTS hs_office_sepamandate_legacy_id_seq -- ============================================================================ ---changeset hs-office-sepamandate-MIGRATION-default:1 endDelimiter:--// +--changeset michael.hoennig:hs-office-sepamandate-MIGRATION-default endDelimiter:--// -- ---------------------------------------------------------------------------- ALTER TABLE hs_office_sepamandate_legacy_id @@ -38,7 +38,7 @@ ALTER TABLE hs_office_sepamandate_legacy_id -- ============================================================================ ---changeset hs-office-sepamandate-MIGRATION-insert:1 endDelimiter:--// +--changeset michael.hoennig:hs-office-sepamandate-MIGRATION-insert endDelimiter:--// -- ---------------------------------------------------------------------------- CALL base.defineContext('schema-migration'); @@ -48,7 +48,7 @@ INSERT INTO hs_office_sepamandate_legacy_id(uuid, sepa_mandate_id) -- ============================================================================ ---changeset hs-office-sepamandate-MIGRATION-insert-trigger:1 endDelimiter:--// +--changeset michael.hoennig:hs-office-sepamandate-MIGRATION-insert-trigger endDelimiter:--// -- ---------------------------------------------------------------------------- create or replace function insertSepaMandateLegacyIdMapping() returns trigger @@ -73,7 +73,7 @@ create trigger createSepaMandateLegacyIdMapping -- ============================================================================ ---changeset hs-office-sepamandate-MIGRATION-delete-trigger:1 endDelimiter:--// +--changeset michael.hoennig:hs-office-sepamandate-MIGRATION-delete-trigger endDelimiter:--// -- ---------------------------------------------------------------------------- create or replace function deleteSepaMandateLegacyIdMapping() returns trigger diff --git a/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5078-hs-office-sepamandate-test-data.sql b/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5078-hs-office-sepamandate-test-data.sql index d71139bb..c737be8f 100644 --- a/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5078-hs-office-sepamandate-test-data.sql +++ b/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5078-hs-office-sepamandate-test-data.sql @@ -2,7 +2,7 @@ -- ============================================================================ ---changeset hs-office-sepaMandate-TEST-DATA-GENERATOR:1 endDelimiter:--// +--changeset michael.hoennig:hs-office-sepaMandate-TEST-DATA-GENERATOR endDelimiter:--// -- ---------------------------------------------------------------------------- /* @@ -38,7 +38,7 @@ end; $$; -- ============================================================================ ---changeset hs-office-sepaMandate-TEST-DATA-GENERATION:1 –context=dev,tc endDelimiter:--// +--changeset michael.hoennig:hs-office-sepaMandate-TEST-DATA-GENERATION –context=dev,tc endDelimiter:--// -- ---------------------------------------------------------------------------- do language plpgsql $$ diff --git a/src/main/resources/db/changelog/5-hs-office/510-membership/5100-hs-office-membership.sql b/src/main/resources/db/changelog/5-hs-office/510-membership/5100-hs-office-membership.sql index 7f2f14d8..7fe4223e 100644 --- a/src/main/resources/db/changelog/5-hs-office/510-membership/5100-hs-office-membership.sql +++ b/src/main/resources/db/changelog/5-hs-office/510-membership/5100-hs-office-membership.sql @@ -1,7 +1,7 @@ --liquibase formatted sql -- ============================================================================ ---changeset hs-office-membership-MAIN-TABLE:1 endDelimiter:--// +--changeset michael.hoennig:hs-office-membership-MAIN-TABLE endDelimiter:--// -- ---------------------------------------------------------------------------- CREATE TYPE HsOfficeMembershipStatus AS ENUM ( @@ -33,7 +33,7 @@ create table if not exists hs_office_membership -- ============================================================================ ---changeset hs-office-membership-MAIN-TABLE-JOURNAL:1 endDelimiter:--// +--changeset michael.hoennig:hs-office-membership-MAIN-TABLE-JOURNAL endDelimiter:--// -- ---------------------------------------------------------------------------- call base.create_journal('hs_office_membership'); diff --git a/src/main/resources/db/changelog/5-hs-office/510-membership/5103-hs-office-membership-rbac.sql b/src/main/resources/db/changelog/5-hs-office/510-membership/5103-hs-office-membership-rbac.sql index 66a55a28..ed4ce26e 100644 --- a/src/main/resources/db/changelog/5-hs-office/510-membership/5103-hs-office-membership-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/510-membership/5103-hs-office-membership-rbac.sql @@ -3,21 +3,21 @@ -- ============================================================================ ---changeset hs-office-membership-rbac-OBJECT:1 endDelimiter:--// +--changeset RbacObjectGenerator:hs-office-membership-rbac-OBJECT endDelimiter:--// -- ---------------------------------------------------------------------------- call rbac.generateRelatedRbacObject('hs_office_membership'); --// -- ============================================================================ ---changeset hs-office-membership-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--// +--changeset RbacRoleDescriptorGenerator:hs-office-membership-rbac-ROLE-DESCRIPTORS endDelimiter:--// -- ---------------------------------------------------------------------------- call rbac.generateRbacRoleDescriptors('hsOfficeMembership', 'hs_office_membership'); --// -- ============================================================================ ---changeset hs-office-membership-rbac-insert-trigger:1 endDelimiter:--// +--changeset RolesGrantsAndPermissionsGenerator:hs-office-membership-rbac-insert-trigger endDelimiter:--// -- ---------------------------------------------------------------------------- /* @@ -89,7 +89,7 @@ execute procedure insertTriggerForHsOfficeMembership_tf(); -- ============================================================================ ---changeset hs-office-membership-rbac-GRANTING-INSERT-PERMISSION:1 endDelimiter:--// +--changeset InsertTriggerGenerator:hs-office-membership-rbac-GRANTING-INSERT-PERMISSION endDelimiter:--// -- ---------------------------------------------------------------------------- -- granting INSERT permission to rbac.global ---------------------------- @@ -137,7 +137,7 @@ execute procedure rbac.new_hsof_membership_grants_insert_to_global_tf(); -- ============================================================================ ---changeset hs_office_membership-rbac-CHECKING-INSERT-PERMISSION:1 endDelimiter:--// +--changeset InsertTriggerGenerator:hs_office_membership-rbac-CHECKING-INSERT-PERMISSION endDelimiter:--// -- ---------------------------------------------------------------------------- /** @@ -166,7 +166,7 @@ create trigger hs_office_membership_insert_permission_check_tg -- ============================================================================ ---changeset hs-office-membership-rbac-IDENTITY-VIEW:1 endDelimiter:--// +--changeset RbacIdentityViewGenerator:hs-office-membership-rbac-IDENTITY-VIEW endDelimiter:--// -- ---------------------------------------------------------------------------- call rbac.generateRbacIdentityViewFromQuery('hs_office_membership', @@ -180,7 +180,7 @@ call rbac.generateRbacIdentityViewFromQuery('hs_office_membership', -- ============================================================================ ---changeset hs-office-membership-rbac-RESTRICTED-VIEW:1 endDelimiter:--// +--changeset RbacRestrictedViewGenerator:hs-office-membership-rbac-RESTRICTED-VIEW endDelimiter:--// -- ---------------------------------------------------------------------------- call rbac.generateRbacRestrictedView('hs_office_membership', $orderBy$ diff --git a/src/main/resources/db/changelog/5-hs-office/510-membership/5108-hs-office-membership-test-data.sql b/src/main/resources/db/changelog/5-hs-office/510-membership/5108-hs-office-membership-test-data.sql index 9ada85be..bb25dc6f 100644 --- a/src/main/resources/db/changelog/5-hs-office/510-membership/5108-hs-office-membership-test-data.sql +++ b/src/main/resources/db/changelog/5-hs-office/510-membership/5108-hs-office-membership-test-data.sql @@ -2,7 +2,7 @@ -- ============================================================================ ---changeset hs-office-membership-TEST-DATA-GENERATOR:1 endDelimiter:--// +--changeset michael.hoennig:hs-office-membership-TEST-DATA-GENERATOR endDelimiter:--// -- ---------------------------------------------------------------------------- /* @@ -28,7 +28,7 @@ end; $$; -- ============================================================================ ---changeset hs-office-membership-TEST-DATA-GENERATION:1 –context=dev,tc endDelimiter:--// +--changeset michael.hoennig:hs-office-membership-TEST-DATA-GENERATION –context=dev,tc endDelimiter:--// -- ---------------------------------------------------------------------------- do language plpgsql $$ diff --git a/src/main/resources/db/changelog/5-hs-office/511-coopshares/5110-hs-office-coopshares.sql b/src/main/resources/db/changelog/5-hs-office/511-coopshares/5110-hs-office-coopshares.sql index 2dd3320b..119b4a2a 100644 --- a/src/main/resources/db/changelog/5-hs-office/511-coopshares/5110-hs-office-coopshares.sql +++ b/src/main/resources/db/changelog/5-hs-office/511-coopshares/5110-hs-office-coopshares.sql @@ -1,7 +1,7 @@ --liquibase formatted sql -- ============================================================================ ---changeset hs-office-coopshares-MAIN-TABLE:1 endDelimiter:--// +--changeset michael.hoennig:hs-office-coopshares-MAIN-TABLE endDelimiter:--// -- ---------------------------------------------------------------------------- CREATE TYPE HsOfficeCoopSharesTransactionType AS ENUM ('ADJUSTMENT', 'SUBSCRIPTION', 'CANCELLATION'); @@ -23,7 +23,7 @@ create table if not exists hs_office_coopsharestransaction --// -- ============================================================================ ---changeset hs-office-coopshares-BUSINESS-RULES:1 endDelimiter:--// +--changeset michael.hoennig:hs-office-coopshares-BUSINESS-RULES endDelimiter:--// -- ---------------------------------------------------------------------------- alter table hs_office_coopsharestransaction @@ -33,7 +33,7 @@ alter table hs_office_coopsharestransaction --// -- ============================================================================ ---changeset hs-office-coopshares-SHARE-COUNT-CONSTRAINT:1 endDelimiter:--// +--changeset michael.hoennig:hs-office-coopshares-SHARE-COUNT-CONSTRAINT endDelimiter:--// -- ---------------------------------------------------------------------------- create or replace function checkSharesByMembershipUuid(forMembershipUuid UUID, newShareCount integer) @@ -61,7 +61,7 @@ alter table hs_office_coopsharestransaction --// -- ============================================================================ ---changeset hs-office-coopshares-MAIN-TABLE-JOURNAL:1 endDelimiter:--// +--changeset michael.hoennig:hs-office-coopshares-MAIN-TABLE-JOURNAL endDelimiter:--// -- ---------------------------------------------------------------------------- call base.create_journal('hs_office_coopsharestransaction'); diff --git a/src/main/resources/db/changelog/5-hs-office/511-coopshares/5113-hs-office-coopshares-rbac.sql b/src/main/resources/db/changelog/5-hs-office/511-coopshares/5113-hs-office-coopshares-rbac.sql index 6a10ff93..6fe85554 100644 --- a/src/main/resources/db/changelog/5-hs-office/511-coopshares/5113-hs-office-coopshares-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/511-coopshares/5113-hs-office-coopshares-rbac.sql @@ -3,21 +3,21 @@ -- ============================================================================ ---changeset hs-office-coopsharestransaction-rbac-OBJECT:1 endDelimiter:--// +--changeset RbacObjectGenerator:hs-office-coopsharestransaction-rbac-OBJECT endDelimiter:--// -- ---------------------------------------------------------------------------- call rbac.generateRelatedRbacObject('hs_office_coopsharestransaction'); --// -- ============================================================================ ---changeset hs-office-coopsharestransaction-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--// +--changeset RbacRoleDescriptorGenerator:hs-office-coopsharestransaction-rbac-ROLE-DESCRIPTORS endDelimiter:--// -- ---------------------------------------------------------------------------- call rbac.generateRbacRoleDescriptors('hsOfficeCoopSharesTransaction', 'hs_office_coopsharestransaction'); --// -- ============================================================================ ---changeset hs-office-coopsharestransaction-rbac-insert-trigger:1 endDelimiter:--// +--changeset RolesGrantsAndPermissionsGenerator:hs-office-coopsharestransaction-rbac-insert-trigger endDelimiter:--// -- ---------------------------------------------------------------------------- /* @@ -65,7 +65,7 @@ execute procedure insertTriggerForHsOfficeCoopSharesTransaction_tf(); -- ============================================================================ ---changeset hs-office-coopsharestransaction-rbac-GRANTING-INSERT-PERMISSION:1 endDelimiter:--// +--changeset InsertTriggerGenerator:hs-office-coopsharestransaction-rbac-GRANTING-INSERT-PERMISSION endDelimiter:--// -- ---------------------------------------------------------------------------- -- granting INSERT permission to hs_office_membership ---------------------------- @@ -113,7 +113,7 @@ execute procedure new_hsof_coopsharetx_grants_insert_to_hsof_membership_tf(); -- ============================================================================ ---changeset hs_office_coopsharestransaction-rbac-CHECKING-INSERT-PERMISSION:1 endDelimiter:--// +--changeset InsertTriggerGenerator:hs_office_coopsharestransaction-rbac-CHECKING-INSERT-PERMISSION endDelimiter:--// -- ---------------------------------------------------------------------------- /** @@ -142,7 +142,7 @@ create trigger hs_office_coopsharestransaction_insert_permission_check_tg -- ============================================================================ ---changeset hs-office-coopsharestransaction-rbac-IDENTITY-VIEW:1 endDelimiter:--// +--changeset RbacIdentityViewGenerator:hs-office-coopsharestransaction-rbac-IDENTITY-VIEW endDelimiter:--// -- ---------------------------------------------------------------------------- call rbac.generateRbacIdentityViewFromProjection('hs_office_coopsharestransaction', @@ -153,7 +153,7 @@ call rbac.generateRbacIdentityViewFromProjection('hs_office_coopsharestransactio -- ============================================================================ ---changeset hs-office-coopsharestransaction-rbac-RESTRICTED-VIEW:1 endDelimiter:--// +--changeset RbacRestrictedViewGenerator:hs-office-coopsharestransaction-rbac-RESTRICTED-VIEW endDelimiter:--// -- ---------------------------------------------------------------------------- call rbac.generateRbacRestrictedView('hs_office_coopsharestransaction', $orderBy$ diff --git a/src/main/resources/db/changelog/5-hs-office/511-coopshares/5116-hs-office-coopshares-migration.sql b/src/main/resources/db/changelog/5-hs-office/511-coopshares/5116-hs-office-coopshares-migration.sql index 134c5ab7..bd690b3e 100644 --- a/src/main/resources/db/changelog/5-hs-office/511-coopshares/5116-hs-office-coopshares-migration.sql +++ b/src/main/resources/db/changelog/5-hs-office/511-coopshares/5116-hs-office-coopshares-migration.sql @@ -4,7 +4,7 @@ -- Once we don't need the external remote views anymore, create revert changesets. -- ============================================================================ ---changeset hs-office-coopshares-MIGRATION-mapping:1 endDelimiter:--// +--changeset michael.hoennig:hs-office-coopshares-MIGRATION-mapping endDelimiter:--// -- ---------------------------------------------------------------------------- CREATE TABLE hs_office_coopsharestransaction_legacy_id @@ -16,7 +16,7 @@ CREATE TABLE hs_office_coopsharestransaction_legacy_id -- ============================================================================ ---changeset hs-office-coopshares-MIGRATION-sequence:1 endDelimiter:--// +--changeset michael.hoennig:hs-office-coopshares-MIGRATION-sequence endDelimiter:--// -- ---------------------------------------------------------------------------- CREATE SEQUENCE IF NOT EXISTS hs_office_coopsharestransaction_legacy_id_seq @@ -27,7 +27,7 @@ CREATE SEQUENCE IF NOT EXISTS hs_office_coopsharestransaction_legacy_id_seq -- ============================================================================ ---changeset hs-office-coopshares-MIGRATION-default:1 endDelimiter:--// +--changeset michael.hoennig:hs-office-coopshares-MIGRATION-default endDelimiter:--// -- ---------------------------------------------------------------------------- ALTER TABLE hs_office_coopsharestransaction_legacy_id @@ -37,7 +37,7 @@ ALTER TABLE hs_office_coopsharestransaction_legacy_id --/ -- ============================================================================ ---changeset hs-office-coopshares-MIGRATION-insert:1 endDelimiter:--// +--changeset michael.hoennig:hs-office-coopshares-MIGRATION-insert endDelimiter:--// -- ---------------------------------------------------------------------------- CALL base.defineContext('schema-migration'); @@ -47,7 +47,7 @@ INSERT INTO hs_office_coopsharestransaction_legacy_id(uuid, member_share_id) -- ============================================================================ ---changeset hs-office-coopShares-MIGRATION-insert-trigger:1 endDelimiter:--// +--changeset michael.hoennig:hs-office-coopShares-MIGRATION-insert-trigger endDelimiter:--// -- ---------------------------------------------------------------------------- create or replace function insertCoopSharesLegacyIdMapping() returns trigger @@ -72,7 +72,7 @@ create trigger createCoopSharesLegacyIdMapping -- ============================================================================ ---changeset hs-office-coopShares-MIGRATION-delete-trigger:1 endDelimiter:--// +--changeset michael.hoennig:hs-office-coopShares-MIGRATION-delete-trigger endDelimiter:--// -- ---------------------------------------------------------------------------- create or replace function deleteCoopSharesLegacyIdMapping() returns trigger diff --git a/src/main/resources/db/changelog/5-hs-office/511-coopshares/5118-hs-office-coopshares-test-data.sql b/src/main/resources/db/changelog/5-hs-office/511-coopshares/5118-hs-office-coopshares-test-data.sql index d2c10dd1..c894b00f 100644 --- a/src/main/resources/db/changelog/5-hs-office/511-coopshares/5118-hs-office-coopshares-test-data.sql +++ b/src/main/resources/db/changelog/5-hs-office/511-coopshares/5118-hs-office-coopshares-test-data.sql @@ -2,7 +2,7 @@ -- ============================================================================ ---changeset hs-office-coopSharesTransaction-TEST-DATA-GENERATOR:1 endDelimiter:--// +--changeset michael.hoennig:hs-office-coopSharesTransaction-TEST-DATA-GENERATOR endDelimiter:--// -- ---------------------------------------------------------------------------- /* @@ -38,7 +38,7 @@ end; $$; -- ============================================================================ ---changeset hs-office-coopSharesTransaction-TEST-DATA-GENERATION:1 –context=dev,tc endDelimiter:--// +--changeset michael.hoennig:hs-office-coopSharesTransaction-TEST-DATA-GENERATION –context=dev,tc endDelimiter:--// -- ---------------------------------------------------------------------------- do language plpgsql $$ diff --git a/src/main/resources/db/changelog/5-hs-office/512-coopassets/5120-hs-office-coopassets.sql b/src/main/resources/db/changelog/5-hs-office/512-coopassets/5120-hs-office-coopassets.sql index 298327e9..fa3ddf51 100644 --- a/src/main/resources/db/changelog/5-hs-office/512-coopassets/5120-hs-office-coopassets.sql +++ b/src/main/resources/db/changelog/5-hs-office/512-coopassets/5120-hs-office-coopassets.sql @@ -1,7 +1,7 @@ --liquibase formatted sql -- ============================================================================ ---changeset hs-office-coopassets-MAIN-TABLE:1 endDelimiter:--// +--changeset michael.hoennig:hs-office-coopassets-MAIN-TABLE endDelimiter:--// -- ---------------------------------------------------------------------------- CREATE TYPE HsOfficeCoopAssetsTransactionType AS ENUM ('ADJUSTMENT', @@ -31,7 +31,7 @@ create table if not exists hs_office_coopassetstransaction -- ============================================================================ ---changeset hs-office-coopassets-BUSINESS-RULES:1 endDelimiter:--// +--changeset michael.hoennig:hs-office-coopassets-BUSINESS-RULES endDelimiter:--// -- ---------------------------------------------------------------------------- alter table hs_office_coopassetstransaction @@ -41,7 +41,7 @@ alter table hs_office_coopassetstransaction --// -- ============================================================================ ---changeset hs-office-coopassets-ASSET-VALUE-CONSTRAINT:1 endDelimiter:--// +--changeset michael.hoennig:hs-office-coopassets-ASSET-VALUE-CONSTRAINT endDelimiter:--// -- ---------------------------------------------------------------------------- create or replace function checkAssetsByMembershipUuid(forMembershipUuid UUID, newAssetValue money) @@ -69,7 +69,7 @@ alter table hs_office_coopassetstransaction -- ============================================================================ ---changeset hs-office-coopassets-MAIN-TABLE-JOURNAL:1 endDelimiter:--// +--changeset michael.hoennig:hs-office-coopassets-MAIN-TABLE-JOURNAL endDelimiter:--// -- ---------------------------------------------------------------------------- call base.create_journal('hs_office_coopassetstransaction'); diff --git a/src/main/resources/db/changelog/5-hs-office/512-coopassets/5123-hs-office-coopassets-rbac.sql b/src/main/resources/db/changelog/5-hs-office/512-coopassets/5123-hs-office-coopassets-rbac.sql index f77d8303..bff34499 100644 --- a/src/main/resources/db/changelog/5-hs-office/512-coopassets/5123-hs-office-coopassets-rbac.sql +++ b/src/main/resources/db/changelog/5-hs-office/512-coopassets/5123-hs-office-coopassets-rbac.sql @@ -3,21 +3,21 @@ -- ============================================================================ ---changeset hs-office-coopassetstransaction-rbac-OBJECT:1 endDelimiter:--// +--changeset RbacObjectGenerator:hs-office-coopassetstransaction-rbac-OBJECT endDelimiter:--// -- ---------------------------------------------------------------------------- call rbac.generateRelatedRbacObject('hs_office_coopassetstransaction'); --// -- ============================================================================ ---changeset hs-office-coopassetstransaction-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--// +--changeset RbacRoleDescriptorGenerator:hs-office-coopassetstransaction-rbac-ROLE-DESCRIPTORS endDelimiter:--// -- ---------------------------------------------------------------------------- call rbac.generateRbacRoleDescriptors('hsOfficeCoopAssetsTransaction', 'hs_office_coopassetstransaction'); --// -- ============================================================================ ---changeset hs-office-coopassetstransaction-rbac-insert-trigger:1 endDelimiter:--// +--changeset RolesGrantsAndPermissionsGenerator:hs-office-coopassetstransaction-rbac-insert-trigger endDelimiter:--// -- ---------------------------------------------------------------------------- /* @@ -65,7 +65,7 @@ execute procedure insertTriggerForHsOfficeCoopAssetsTransaction_tf(); -- ============================================================================ ---changeset hs-office-coopassetstransaction-rbac-GRANTING-INSERT-PERMISSION:1 endDelimiter:--// +--changeset InsertTriggerGenerator:hs-office-coopassetstransaction-rbac-GRANTING-INSERT-PERMISSION endDelimiter:--// -- ---------------------------------------------------------------------------- -- granting INSERT permission to hs_office_membership ---------------------------- @@ -113,7 +113,7 @@ execute procedure new_hsof_coopassettx_grants_insert_to_hsof_membership_tf(); -- ============================================================================ ---changeset hs_office_coopassetstransaction-rbac-CHECKING-INSERT-PERMISSION:1 endDelimiter:--// +--changeset InsertTriggerGenerator:hs_office_coopassetstransaction-rbac-CHECKING-INSERT-PERMISSION endDelimiter:--// -- ---------------------------------------------------------------------------- /** @@ -142,7 +142,7 @@ create trigger hs_office_coopassetstransaction_insert_permission_check_tg -- ============================================================================ ---changeset hs-office-coopassetstransaction-rbac-IDENTITY-VIEW:1 endDelimiter:--// +--changeset RbacIdentityViewGenerator:hs-office-coopassetstransaction-rbac-IDENTITY-VIEW endDelimiter:--// -- ---------------------------------------------------------------------------- call rbac.generateRbacIdentityViewFromProjection('hs_office_coopassetstransaction', @@ -153,7 +153,7 @@ call rbac.generateRbacIdentityViewFromProjection('hs_office_coopassetstransactio -- ============================================================================ ---changeset hs-office-coopassetstransaction-rbac-RESTRICTED-VIEW:1 endDelimiter:--// +--changeset RbacRestrictedViewGenerator:hs-office-coopassetstransaction-rbac-RESTRICTED-VIEW endDelimiter:--// -- ---------------------------------------------------------------------------- call rbac.generateRbacRestrictedView('hs_office_coopassetstransaction', $orderBy$ diff --git a/src/main/resources/db/changelog/5-hs-office/512-coopassets/5126-hs-office-coopassets-migration.sql b/src/main/resources/db/changelog/5-hs-office/512-coopassets/5126-hs-office-coopassets-migration.sql index 1d2073f5..f506e855 100644 --- a/src/main/resources/db/changelog/5-hs-office/512-coopassets/5126-hs-office-coopassets-migration.sql +++ b/src/main/resources/db/changelog/5-hs-office/512-coopassets/5126-hs-office-coopassets-migration.sql @@ -4,7 +4,7 @@ -- Once we don't need the external remote views anymore, create revert changesets. -- ============================================================================ ---changeset hs-office-coopassets-MIGRATION-mapping:1 endDelimiter:--// +--changeset michael.hoennig:hs-office-coopassets-MIGRATION-mapping endDelimiter:--// -- ---------------------------------------------------------------------------- CREATE TABLE hs_office_coopassetstransaction_legacy_id @@ -16,7 +16,7 @@ CREATE TABLE hs_office_coopassetstransaction_legacy_id -- ============================================================================ ---changeset hs-office-coopassets-MIGRATION-sequence:1 endDelimiter:--// +--changeset michael.hoennig:hs-office-coopassets-MIGRATION-sequence endDelimiter:--// -- ---------------------------------------------------------------------------- CREATE SEQUENCE IF NOT EXISTS hs_office_coopassetstransaction_legacy_id_seq @@ -27,7 +27,7 @@ CREATE SEQUENCE IF NOT EXISTS hs_office_coopassetstransaction_legacy_id_seq -- ============================================================================ ---changeset hs-office-coopassets-MIGRATION-default:1 endDelimiter:--// +--changeset michael.hoennig:hs-office-coopassets-MIGRATION-default endDelimiter:--// -- ---------------------------------------------------------------------------- ALTER TABLE hs_office_coopassetstransaction_legacy_id @@ -37,7 +37,7 @@ ALTER TABLE hs_office_coopassetstransaction_legacy_id -- ============================================================================ ---changeset hs-office-coopassets-MIGRATION-insert:1 endDelimiter:--// +--changeset michael.hoennig:hs-office-coopassets-MIGRATION-insert endDelimiter:--// -- ---------------------------------------------------------------------------- CALL base.defineContext('schema-migration'); @@ -47,7 +47,7 @@ INSERT INTO hs_office_coopassetstransaction_legacy_id(uuid, member_asset_id) -- ============================================================================ ---changeset hs-office-coopAssets-MIGRATION-insert-trigger:1 endDelimiter:--// +--changeset michael.hoennig:hs-office-coopAssets-MIGRATION-insert-trigger endDelimiter:--// -- ---------------------------------------------------------------------------- create or replace function insertCoopAssetsLegacyIdMapping() returns trigger @@ -72,7 +72,7 @@ create trigger createCoopAssetsLegacyIdMapping -- ============================================================================ ---changeset hs-office-coopAssets-MIGRATION-delete-trigger:1 endDelimiter:--// +--changeset michael.hoennig:hs-office-coopAssets-MIGRATION-delete-trigger endDelimiter:--// -- ---------------------------------------------------------------------------- create or replace function deleteCoopAssetsLegacyIdMapping() returns trigger diff --git a/src/main/resources/db/changelog/5-hs-office/512-coopassets/5128-hs-office-coopassets-test-data.sql b/src/main/resources/db/changelog/5-hs-office/512-coopassets/5128-hs-office-coopassets-test-data.sql index 4b6c8e4e..b2d9c27d 100644 --- a/src/main/resources/db/changelog/5-hs-office/512-coopassets/5128-hs-office-coopassets-test-data.sql +++ b/src/main/resources/db/changelog/5-hs-office/512-coopassets/5128-hs-office-coopassets-test-data.sql @@ -2,7 +2,7 @@ -- ============================================================================ ---changeset hs-office-coopAssetsTransaction-TEST-DATA-GENERATOR:1 endDelimiter:--// +--changeset michael.hoennig:hs-office-coopAssetsTransaction-TEST-DATA-GENERATOR endDelimiter:--// -- ---------------------------------------------------------------------------- /* @@ -38,7 +38,7 @@ end; $$; -- ============================================================================ ---changeset hs-office-coopAssetsTransaction-TEST-DATA-GENERATION:1 –context=dev,tc endDelimiter:--// +--changeset michael.hoennig:hs-office-coopAssetsTransaction-TEST-DATA-GENERATION –context=dev,tc endDelimiter:--// -- ---------------------------------------------------------------------------- do language plpgsql $$ diff --git a/src/main/resources/db/changelog/6-hs-booking/610-booking-debitor/6100-hs-booking-debitor.sql b/src/main/resources/db/changelog/6-hs-booking/610-booking-debitor/6100-hs-booking-debitor.sql index 72d9563f..a610023c 100644 --- a/src/main/resources/db/changelog/6-hs-booking/610-booking-debitor/6100-hs-booking-debitor.sql +++ b/src/main/resources/db/changelog/6-hs-booking/610-booking-debitor/6100-hs-booking-debitor.sql @@ -1,7 +1,7 @@ --liquibase formatted sql -- ============================================================================ ---changeset hs-booking-debitor-RESTRICTED-VIEW:1 endDelimiter:--// +--changeset michael.hoennig:hs-booking-debitor-RESTRICTED-VIEW endDelimiter:--// -- ---------------------------------------------------------------------------- create view hs_booking_debitor_xv as diff --git a/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6200-hs-booking-project.sql b/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6200-hs-booking-project.sql index 08e0bcc3..a0250fc4 100644 --- a/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6200-hs-booking-project.sql +++ b/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6200-hs-booking-project.sql @@ -1,7 +1,7 @@ --liquibase formatted sql -- ============================================================================ ---changeset booking-project-MAIN-TABLE:1 endDelimiter:--// +--changeset michael.hoennig:booking-project-MAIN-TABLE endDelimiter:--// -- ---------------------------------------------------------------------------- create table if not exists hs_booking_project @@ -15,7 +15,7 @@ create table if not exists hs_booking_project -- ============================================================================ ---changeset hs-booking-project-MAIN-TABLE-JOURNAL:1 endDelimiter:--// +--changeset michael.hoennig:hs-booking-project-MAIN-TABLE-JOURNAL endDelimiter:--// -- ---------------------------------------------------------------------------- call base.create_journal('hs_booking_project'); @@ -23,7 +23,7 @@ call base.create_journal('hs_booking_project'); -- ============================================================================ ---changeset hs-booking-project-MAIN-TABLE-HISTORIZATION:1 endDelimiter:--// +--changeset michael.hoennig:hs-booking-project-MAIN-TABLE-HISTORIZATION endDelimiter:--// -- ---------------------------------------------------------------------------- call base.tx_create_historicization('hs_booking_project'); --// diff --git a/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6203-hs-booking-project-rbac.sql b/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6203-hs-booking-project-rbac.sql index f4bd88c1..0f0098f7 100644 --- a/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6203-hs-booking-project-rbac.sql +++ b/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6203-hs-booking-project-rbac.sql @@ -3,21 +3,21 @@ -- ============================================================================ ---changeset hs-booking-project-rbac-OBJECT:1 endDelimiter:--// +--changeset michael.hoennig:hs-booking-project-rbac-OBJECT endDelimiter:--// -- ---------------------------------------------------------------------------- call rbac.generateRelatedRbacObject('hs_booking_project'); --// -- ============================================================================ ---changeset hs-booking-project-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--// +--changeset michael.hoennig:hs-booking-project-rbac-ROLE-DESCRIPTORS endDelimiter:--// -- ---------------------------------------------------------------------------- call rbac.generateRbacRoleDescriptors('hsBookingProject', 'hs_booking_project'); --// -- ============================================================================ ---changeset hs-booking-project-rbac-insert-trigger:1 endDelimiter:--// +--changeset michael.hoennig:hs-booking-project-rbac-insert-trigger endDelimiter:--// -- ---------------------------------------------------------------------------- /* @@ -96,7 +96,7 @@ execute procedure insertTriggerForHsBookingProject_tf(); -- ============================================================================ ---changeset hs-booking-project-rbac-GRANTING-INSERT-PERMISSION:1 endDelimiter:--// +--changeset michael.hoennig:hs-booking-project-rbac-GRANTING-INSERT-PERMISSION endDelimiter:--// -- ---------------------------------------------------------------------------- -- granting INSERT permission to hs_office_relation ---------------------------- @@ -144,7 +144,7 @@ execute procedure new_hs_booking_project_grants_insert_to_hs_office_relation_tf( -- ============================================================================ ---changeset hs_booking_project-rbac-CHECKING-INSERT-PERMISSION:1 endDelimiter:--// +--changeset michael.hoennig:hs_booking_project-rbac-CHECKING-INSERT-PERMISSION endDelimiter:--// -- ---------------------------------------------------------------------------- /** @@ -179,7 +179,7 @@ create trigger hs_booking_project_insert_permission_check_tg -- ============================================================================ ---changeset hs-booking-project-rbac-IDENTITY-VIEW:1 endDelimiter:--// +--changeset michael.hoennig:hs-booking-project-rbac-IDENTITY-VIEW endDelimiter:--// -- ---------------------------------------------------------------------------- call rbac.generateRbacIdentityViewFromQuery('hs_booking_project', @@ -192,7 +192,7 @@ call rbac.generateRbacIdentityViewFromQuery('hs_booking_project', -- ============================================================================ ---changeset hs-booking-project-rbac-RESTRICTED-VIEW:1 endDelimiter:--// +--changeset michael.hoennig:hs-booking-project-rbac-RESTRICTED-VIEW endDelimiter:--// -- ---------------------------------------------------------------------------- call rbac.generateRbacRestrictedView('hs_booking_project', $orderBy$ diff --git a/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6208-hs-booking-project-test-data.sql b/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6208-hs-booking-project-test-data.sql index 61331933..7275ce2c 100644 --- a/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6208-hs-booking-project-test-data.sql +++ b/src/main/resources/db/changelog/6-hs-booking/620-booking-project/6208-hs-booking-project-test-data.sql @@ -2,7 +2,7 @@ -- ============================================================================ ---changeset hs-booking-project-TEST-DATA-GENERATOR:1 endDelimiter:--// +--changeset michael.hoennig:hs-booking-project-TEST-DATA-GENERATOR endDelimiter:--// -- ---------------------------------------------------------------------------- /* @@ -34,7 +34,7 @@ end; $$; -- ============================================================================ ---changeset hs-booking-project-TEST-DATA-GENERATION:1 –context=dev,tc endDelimiter:--// +--changeset michael.hoennig:hs-booking-project-TEST-DATA-GENERATION –context=dev,tc endDelimiter:--// -- ---------------------------------------------------------------------------- do language plpgsql $$ diff --git a/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6200-hs-booking-item.sql b/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6200-hs-booking-item.sql index 33ce2f5e..cda9eece 100644 --- a/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6200-hs-booking-item.sql +++ b/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6200-hs-booking-item.sql @@ -1,7 +1,7 @@ --liquibase formatted sql -- ============================================================================ ---changeset booking-item-MAIN-TABLE:1 endDelimiter:--// +--changeset michael.hoennig:booking-item-MAIN-TABLE endDelimiter:--// -- ---------------------------------------------------------------------------- create type HsBookingItemType as enum ( @@ -32,7 +32,7 @@ create table if not exists hs_booking_item -- ============================================================================ ---changeset hs-booking-item-MAIN-TABLE-JOURNAL:1 endDelimiter:--// +--changeset michael.hoennig:hs-booking-item-MAIN-TABLE-JOURNAL endDelimiter:--// -- ---------------------------------------------------------------------------- call base.create_journal('hs_booking_item'); @@ -40,7 +40,7 @@ call base.create_journal('hs_booking_item'); -- ============================================================================ ---changeset hs-booking-item-MAIN-TABLE-HISTORIZATION:1 endDelimiter:--// +--changeset michael.hoennig:hs-booking-item-MAIN-TABLE-HISTORIZATION endDelimiter:--// -- ---------------------------------------------------------------------------- call base.tx_create_historicization('hs_booking_item'); --// diff --git a/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6203-hs-booking-item-rbac.sql b/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6203-hs-booking-item-rbac.sql index a53ebe84..dd0ea486 100644 --- a/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6203-hs-booking-item-rbac.sql +++ b/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6203-hs-booking-item-rbac.sql @@ -3,21 +3,21 @@ -- ============================================================================ ---changeset hs-booking-item-rbac-OBJECT:1 endDelimiter:--// +--changeset michael.hoennig:hs-booking-item-rbac-OBJECT endDelimiter:--// -- ---------------------------------------------------------------------------- call rbac.generateRelatedRbacObject('hs_booking_item'); --// -- ============================================================================ ---changeset hs-booking-item-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--// +--changeset michael.hoennig:hs-booking-item-rbac-ROLE-DESCRIPTORS endDelimiter:--// -- ---------------------------------------------------------------------------- call rbac.generateRbacRoleDescriptors('hsBookingItem', 'hs_booking_item'); --// -- ============================================================================ ---changeset hs-booking-item-rbac-insert-trigger:1 endDelimiter:--// +--changeset michael.hoennig:hs-booking-item-rbac-insert-trigger endDelimiter:--// -- ---------------------------------------------------------------------------- /* @@ -95,7 +95,7 @@ execute procedure insertTriggerForHsBookingItem_tf(); -- ============================================================================ ---changeset hs-booking-item-rbac-GRANTING-INSERT-PERMISSION:1 endDelimiter:--// +--changeset michael.hoennig:hs-booking-item-rbac-GRANTING-INSERT-PERMISSION endDelimiter:--// -- ---------------------------------------------------------------------------- -- granting INSERT permission to global ---------------------------- @@ -213,7 +213,7 @@ execute procedure new_hs_booking_item_grants_insert_to_hs_booking_item_tf(); -- ============================================================================ ---changeset hs_booking_item-rbac-CHECKING-INSERT-PERMISSION:1 endDelimiter:--// +--changeset michael.hoennig:hs_booking_item-rbac-CHECKING-INSERT-PERMISSION endDelimiter:--// -- ---------------------------------------------------------------------------- /** @@ -250,7 +250,7 @@ create trigger hs_booking_item_insert_permission_check_tg -- ============================================================================ ---changeset hs-booking-item-rbac-IDENTITY-VIEW:1 endDelimiter:--// +--changeset michael.hoennig:hs-booking-item-rbac-IDENTITY-VIEW endDelimiter:--// -- ---------------------------------------------------------------------------- call rbac.generateRbacIdentityViewFromProjection('hs_booking_item', @@ -261,7 +261,7 @@ call rbac.generateRbacIdentityViewFromProjection('hs_booking_item', -- ============================================================================ ---changeset hs-booking-item-rbac-RESTRICTED-VIEW:1 endDelimiter:--// +--changeset michael.hoennig:hs-booking-item-rbac-RESTRICTED-VIEW endDelimiter:--// -- ---------------------------------------------------------------------------- call rbac.generateRbacRestrictedView('hs_booking_item', $orderBy$ diff --git a/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6208-hs-booking-item-test-data.sql b/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6208-hs-booking-item-test-data.sql index 5a4f6ecd..d6f31b0f 100644 --- a/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6208-hs-booking-item-test-data.sql +++ b/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6208-hs-booking-item-test-data.sql @@ -2,7 +2,7 @@ -- ============================================================================ ---changeset hs-booking-item-TEST-DATA-GENERATOR:1 endDelimiter:--// +--changeset michael.hoennig:hs-booking-item-TEST-DATA-GENERATOR endDelimiter:--// -- ---------------------------------------------------------------------------- /* @@ -40,7 +40,7 @@ end; $$; -- ============================================================================ ---changeset hs-booking-item-TEST-DATA-GENERATION:1 –context=dev,tc endDelimiter:--// +--changeset michael.hoennig:hs-booking-item-TEST-DATA-GENERATION –context=dev,tc endDelimiter:--// -- ---------------------------------------------------------------------------- do language plpgsql $$ diff --git a/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6303-hs-booking-item-rbac.sql b/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6303-hs-booking-item-rbac.sql index a53ebe84..dd0ea486 100644 --- a/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6303-hs-booking-item-rbac.sql +++ b/src/main/resources/db/changelog/6-hs-booking/630-booking-item/6303-hs-booking-item-rbac.sql @@ -3,21 +3,21 @@ -- ============================================================================ ---changeset hs-booking-item-rbac-OBJECT:1 endDelimiter:--// +--changeset michael.hoennig:hs-booking-item-rbac-OBJECT endDelimiter:--// -- ---------------------------------------------------------------------------- call rbac.generateRelatedRbacObject('hs_booking_item'); --// -- ============================================================================ ---changeset hs-booking-item-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--// +--changeset michael.hoennig:hs-booking-item-rbac-ROLE-DESCRIPTORS endDelimiter:--// -- ---------------------------------------------------------------------------- call rbac.generateRbacRoleDescriptors('hsBookingItem', 'hs_booking_item'); --// -- ============================================================================ ---changeset hs-booking-item-rbac-insert-trigger:1 endDelimiter:--// +--changeset michael.hoennig:hs-booking-item-rbac-insert-trigger endDelimiter:--// -- ---------------------------------------------------------------------------- /* @@ -95,7 +95,7 @@ execute procedure insertTriggerForHsBookingItem_tf(); -- ============================================================================ ---changeset hs-booking-item-rbac-GRANTING-INSERT-PERMISSION:1 endDelimiter:--// +--changeset michael.hoennig:hs-booking-item-rbac-GRANTING-INSERT-PERMISSION endDelimiter:--// -- ---------------------------------------------------------------------------- -- granting INSERT permission to global ---------------------------- @@ -213,7 +213,7 @@ execute procedure new_hs_booking_item_grants_insert_to_hs_booking_item_tf(); -- ============================================================================ ---changeset hs_booking_item-rbac-CHECKING-INSERT-PERMISSION:1 endDelimiter:--// +--changeset michael.hoennig:hs_booking_item-rbac-CHECKING-INSERT-PERMISSION endDelimiter:--// -- ---------------------------------------------------------------------------- /** @@ -250,7 +250,7 @@ create trigger hs_booking_item_insert_permission_check_tg -- ============================================================================ ---changeset hs-booking-item-rbac-IDENTITY-VIEW:1 endDelimiter:--// +--changeset michael.hoennig:hs-booking-item-rbac-IDENTITY-VIEW endDelimiter:--// -- ---------------------------------------------------------------------------- call rbac.generateRbacIdentityViewFromProjection('hs_booking_item', @@ -261,7 +261,7 @@ call rbac.generateRbacIdentityViewFromProjection('hs_booking_item', -- ============================================================================ ---changeset hs-booking-item-rbac-RESTRICTED-VIEW:1 endDelimiter:--// +--changeset michael.hoennig:hs-booking-item-rbac-RESTRICTED-VIEW endDelimiter:--// -- ---------------------------------------------------------------------------- call rbac.generateRbacRestrictedView('hs_booking_item', $orderBy$ diff --git a/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7010-hs-hosting-asset.sql b/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7010-hs-hosting-asset.sql index b7e84250..0bec8667 100644 --- a/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7010-hs-hosting-asset.sql +++ b/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7010-hs-hosting-asset.sql @@ -1,7 +1,7 @@ --liquibase formatted sql -- ============================================================================ ---changeset hosting-asset-MAIN-TABLE:1 endDelimiter:--// +--changeset michael.hoennig:hosting-asset-MAIN-TABLE endDelimiter:--// -- ---------------------------------------------------------------------------- create type HsHostingAssetType as enum ( @@ -48,7 +48,7 @@ create table if not exists hs_hosting_asset -- ============================================================================ ---changeset hosting-asset-TYPE-HIERARCHY-CHECK:1 endDelimiter:--// +--changeset michael.hoennig:hosting-asset-TYPE-HIERARCHY-CHECK endDelimiter:--// -- ---------------------------------------------------------------------------- -- TODO.impl: this could be generated from HsHostingAssetType @@ -113,7 +113,7 @@ create trigger hs_hosting_asset_type_hierarchy_check_tg -- ============================================================================ ---changeset hosting-asset-system-sequences:1 endDelimiter:--// +--changeset michael.hoennig:hosting-asset-system-sequences endDelimiter:--// -- ---------------------------------------------------------------------------- CREATE SEQUENCE IF NOT EXISTS hs_hosting_asset_unixuser_system_id_seq @@ -127,7 +127,7 @@ CREATE SEQUENCE IF NOT EXISTS hs_hosting_asset_unixuser_system_id_seq -- ============================================================================ ---changeset hosting-asset-BOOKING-ITEM-HIERARCHY-CHECK:1 endDelimiter:--// +--changeset michael.hoennig:hosting-asset-BOOKING-ITEM-HIERARCHY-CHECK endDelimiter:--// -- ---------------------------------------------------------------------------- create or replace function hs_hosting_asset_booking_item_hierarchy_check_tf() @@ -164,14 +164,14 @@ execute procedure hs_hosting_asset_booking_item_hierarchy_check_tf(); -- ============================================================================ ---changeset hs-hosting-asset-MAIN-TABLE-JOURNAL:1 endDelimiter:--// +--changeset michael.hoennig:hs-hosting-asset-MAIN-TABLE-JOURNAL endDelimiter:--// -- ---------------------------------------------------------------------------- call base.create_journal('hs_hosting_asset'); --// -- ============================================================================ ---changeset hs-hosting-asset-MAIN-TABLE-HISTORIZATION:1 endDelimiter:--// +--changeset michael.hoennig:hs-hosting-asset-MAIN-TABLE-HISTORIZATION endDelimiter:--// -- ---------------------------------------------------------------------------- call base.tx_create_historicization('hs_hosting_asset'); --// diff --git a/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7013-hs-hosting-asset-rbac.sql b/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7013-hs-hosting-asset-rbac.sql index 6d37d828..3bfd9df8 100644 --- a/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7013-hs-hosting-asset-rbac.sql +++ b/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7013-hs-hosting-asset-rbac.sql @@ -3,21 +3,21 @@ -- ============================================================================ ---changeset hs-hosting-asset-rbac-OBJECT:1 endDelimiter:--// +--changeset michael.hoennig:hs-hosting-asset-rbac-OBJECT endDelimiter:--// -- ---------------------------------------------------------------------------- call rbac.generateRelatedRbacObject('hs_hosting_asset'); --// -- ============================================================================ ---changeset hs-hosting-asset-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--// +--changeset michael.hoennig:hs-hosting-asset-rbac-ROLE-DESCRIPTORS endDelimiter:--// -- ---------------------------------------------------------------------------- call rbac.generateRbacRoleDescriptors('hsHostingAsset', 'hs_hosting_asset'); --// -- ============================================================================ ---changeset hs-hosting-asset-rbac-insert-trigger:1 endDelimiter:--// +--changeset michael.hoennig:hs-hosting-asset-rbac-insert-trigger endDelimiter:--// -- ---------------------------------------------------------------------------- /* @@ -113,7 +113,7 @@ execute procedure insertTriggerForHsHostingAsset_tf(); -- ============================================================================ ---changeset hs-hosting-asset-rbac-update-trigger:1 endDelimiter:--// +--changeset michael.hoennig:hs-hosting-asset-rbac-update-trigger endDelimiter:--// -- ---------------------------------------------------------------------------- /* @@ -155,7 +155,7 @@ execute procedure updateTriggerForHsHostingAsset_tf(); -- ============================================================================ ---changeset hs-hosting-asset-rbac-IDENTITY-VIEW:1 endDelimiter:--// +--changeset michael.hoennig:hs-hosting-asset-rbac-IDENTITY-VIEW endDelimiter:--// -- ---------------------------------------------------------------------------- call rbac.generateRbacIdentityViewFromProjection('hs_hosting_asset', @@ -166,7 +166,7 @@ call rbac.generateRbacIdentityViewFromProjection('hs_hosting_asset', -- ============================================================================ ---changeset hs-hosting-asset-rbac-RESTRICTED-VIEW:1 endDelimiter:--// +--changeset michael.hoennig:hs-hosting-asset-rbac-RESTRICTED-VIEW endDelimiter:--// -- ---------------------------------------------------------------------------- call rbac.generateRbacRestrictedView('hs_hosting_asset', $orderBy$ diff --git a/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7018-hs-hosting-asset-test-data.sql b/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7018-hs-hosting-asset-test-data.sql index 72061ec0..711773ba 100644 --- a/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7018-hs-hosting-asset-test-data.sql +++ b/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7018-hs-hosting-asset-test-data.sql @@ -2,7 +2,7 @@ -- ============================================================================ ---changeset hs-hosting-asset-TEST-DATA-GENERATOR:1 endDelimiter:--// +--changeset michael.hoennig:hs-hosting-asset-TEST-DATA-GENERATOR endDelimiter:--// -- ---------------------------------------------------------------------------- /* @@ -105,7 +105,7 @@ end; $$; -- ============================================================================ ---changeset hs-hosting-asset-TEST-DATA-GENERATION:1 –context=dev,tc endDelimiter:--// +--changeset michael.hoennig:hs-hosting-asset-TEST-DATA-GENERATION –context=dev,tc endDelimiter:--// -- ---------------------------------------------------------------------------- do language plpgsql $$ diff --git a/src/main/resources/db/changelog/9-hs-global/9000-statistics.sql b/src/main/resources/db/changelog/9-hs-global/9000-statistics.sql index 30faa0d2..5668dc2f 100644 --- a/src/main/resources/db/changelog/9-hs-global/9000-statistics.sql +++ b/src/main/resources/db/changelog/9-hs-global/9000-statistics.sql @@ -1,7 +1,7 @@ --liquibase formatted sql -- ============================================================================ ---changeset hs-global-object-statistics:1 endDelimiter:--// +--changeset michael.hoennig:hs-global-object-statistics endDelimiter:--// -- ---------------------------------------------------------------------------- CREATE VIEW hs_statistics_v AS select * -- 2.39.5 From 94f5f1229e7c4d5264185e57a20026760582d58b Mon Sep 17 00:00:00 2001 From: Michael Hoennig Date: Mon, 16 Sep 2024 08:40:51 +0200 Subject: [PATCH 54/57] assert databasechangelog rowcount --- .../resources/db/changelog/0-base/000-base-schema.sql | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/src/main/resources/db/changelog/0-base/000-base-schema.sql b/src/main/resources/db/changelog/0-base/000-base-schema.sql index 921be5fa..5bff0950 100644 --- a/src/main/resources/db/changelog/0-base/000-base-schema.sql +++ b/src/main/resources/db/changelog/0-base/000-base-schema.sql @@ -4,5 +4,16 @@ -- ============================================================================ --changeset michael.hoennig:base-SCHEMA endDelimiter:--// -- ---------------------------------------------------------------------------- + +-- FIXME: remove this block +do $$ + declare + changesetCount int; + begin + changesetCount := (select count(*) from databasechangelog); + assert changesetCount = 0, 'total changesets executed: ' || changesetCount; + end; +$$; + CREATE SCHEMA base; --// -- 2.39.5 From 70c64912f02f0a2035b983e23a1fd560da9b1150 Mon Sep 17 00:00:00 2001 From: Michael Hoennig Date: Mon, 16 Sep 2024 09:24:06 +0200 Subject: [PATCH 55/57] split url-tc + url-tcx with ?TC_REUSABLE=true&TC_DAEMON=true --- src/test/resources/application.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/test/resources/application.yml b/src/test/resources/application.yml index 36233267..923c62e9 100644 --- a/src/test/resources/application.yml +++ b/src/test/resources/application.yml @@ -4,7 +4,8 @@ spring: platform: postgres datasource: - url-tc: jdbc:tc:postgresql:15.5-bookworm:///spring_boot_testcontainers?TC_DAEMON=true + url-tc: jdbc:tc:postgresql:15.5-bookworm:///spring_boot_testcontainers + url-tcx: jdbc:tc:postgresql:15.5-bookworm:///spring_boot_testcontainers?TC_REUSABLE=true&TC_DAEMON=true url-local: jdbc:postgresql://localhost:5432/postgres url: ${spring.datasource.url-tc} username: postgres -- 2.39.5 From a4f41fcc09db1e229e08daab1e9da1785034462a Mon Sep 17 00:00:00 2001 From: Michael Hoennig Date: Mon, 16 Sep 2024 09:45:58 +0200 Subject: [PATCH 56/57] remove @AutoConfigureTestDatabase --- .../hostsharing/hsadminng/rbac/context/ContextBasedTest.java | 2 -- 1 file changed, 2 deletions(-) diff --git a/src/test/java/net/hostsharing/hsadminng/rbac/context/ContextBasedTest.java b/src/test/java/net/hostsharing/hsadminng/rbac/context/ContextBasedTest.java index bbbb9a63..455be002 100644 --- a/src/test/java/net/hostsharing/hsadminng/rbac/context/ContextBasedTest.java +++ b/src/test/java/net/hostsharing/hsadminng/rbac/context/ContextBasedTest.java @@ -5,14 +5,12 @@ import net.hostsharing.hsadminng.rbac.grant.RbacGrantsDiagramService; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.TestInfo; import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.boot.test.autoconfigure.jdbc.AutoConfigureTestDatabase; import org.springframework.context.annotation.Import; import jakarta.persistence.EntityManager; import jakarta.persistence.PersistenceContext; import java.sql.Timestamp; -@AutoConfigureTestDatabase(replace = AutoConfigureTestDatabase.Replace.NONE) @Import(RbacGrantsDiagramService.class) public abstract class ContextBasedTest { -- 2.39.5 From c93228a857475e6d1aeaadd5faa9285f8ee060f3 Mon Sep 17 00:00:00 2001 From: Michael Hoennig Date: Mon, 16 Sep 2024 11:18:26 +0200 Subject: [PATCH 57/57] RbacRoleDescriptorGenerator -> RbacRoleDescriptorsGenerator --- .../hsadminng/rbac/generator/RbacRoleDescriptorsGenerator.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/java/net/hostsharing/hsadminng/rbac/generator/RbacRoleDescriptorsGenerator.java b/src/main/java/net/hostsharing/hsadminng/rbac/generator/RbacRoleDescriptorsGenerator.java index 7a6c31ae..098ebf81 100644 --- a/src/main/java/net/hostsharing/hsadminng/rbac/generator/RbacRoleDescriptorsGenerator.java +++ b/src/main/java/net/hostsharing/hsadminng/rbac/generator/RbacRoleDescriptorsGenerator.java @@ -17,7 +17,7 @@ public class RbacRoleDescriptorsGenerator { void generateTo(final StringWriter plPgSql) { plPgSql.writeLn(""" -- ============================================================================ - --changeset RbacRoleDescriptorGenerator:${liquibaseTagPrefix}-rbac-ROLE-DESCRIPTORS endDelimiter:--// + --changeset RbacRoleDescriptorsGenerator:${liquibaseTagPrefix}-rbac-ROLE-DESCRIPTORS endDelimiter:--// -- ---------------------------------------------------------------------------- call rbac.generateRbacRoleDescriptors('${simpleEntityVarName}', '${rawTableName}'); --// -- 2.39.5