WIP: introduce separate database schemas #102
@ -26,13 +26,13 @@ public class RbacIdentityViewGenerator {
|
|||||||
plPgSql.writeLn(
|
plPgSql.writeLn(
|
||||||
switch (rbacDef.getIdentityViewSqlQuery().part) {
|
switch (rbacDef.getIdentityViewSqlQuery().part) {
|
||||||
case SQL_PROJECTION -> """
|
case SQL_PROJECTION -> """
|
||||||
call generateRbacIdentityViewFromProjection('${rawTableName}',
|
call rbac.generateRbacIdentityViewFromProjection('${rawTableName}',
|
||||||
$idName$
|
$idName$
|
||||||
${identityViewSqlPart}
|
${identityViewSqlPart}
|
||||||
$idName$);
|
$idName$);
|
||||||
""";
|
""";
|
||||||
case SQL_QUERY -> """
|
case SQL_QUERY -> """
|
||||||
call generateRbacIdentityViewFromQuery('${rawTableName}',
|
call rbac.generateRbacIdentityViewFromQuery('${rawTableName}',
|
||||||
$idName$
|
$idName$
|
||||||
${identityViewSqlPart}
|
${identityViewSqlPart}
|
||||||
$idName$);
|
$idName$);
|
||||||
|
@ -17,7 +17,7 @@ public class RbacObjectGenerator {
|
|||||||
-- ============================================================================
|
-- ============================================================================
|
||||||
--changeset ${liquibaseTagPrefix}-rbac-OBJECT:1 endDelimiter:--//
|
--changeset ${liquibaseTagPrefix}-rbac-OBJECT:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
call generateRelatedRbacObject('${rawTableName}');
|
call rbac.generateRelatedRbacObject('${rawTableName}');
|
||||||
--//
|
--//
|
||||||
|
|
||||||
""",
|
""",
|
||||||
|
@ -21,7 +21,7 @@ public class RbacRestrictedViewGenerator {
|
|||||||
-- ============================================================================
|
-- ============================================================================
|
||||||
--changeset ${liquibaseTagPrefix}-rbac-RESTRICTED-VIEW:1 endDelimiter:--//
|
--changeset ${liquibaseTagPrefix}-rbac-RESTRICTED-VIEW:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
call generateRbacRestrictedView('${rawTableName}',
|
call rbac.generateRbacRestrictedView('${rawTableName}',
|
||||||
$orderBy$
|
$orderBy$
|
||||||
${orderBy}
|
${orderBy}
|
||||||
$orderBy$,
|
$orderBy$,
|
||||||
|
@ -19,7 +19,7 @@ public class RbacRoleDescriptorsGenerator {
|
|||||||
-- ============================================================================
|
-- ============================================================================
|
||||||
--changeset ${liquibaseTagPrefix}-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--//
|
--changeset ${liquibaseTagPrefix}-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
call generateRbacRoleDescriptors('${simpleEntityVarName}', '${rawTableName}');
|
call rbac.generateRbacRoleDescriptors('${simpleEntityVarName}', '${rawTableName}');
|
||||||
--//
|
--//
|
||||||
|
|
||||||
""",
|
""",
|
||||||
|
@ -389,7 +389,7 @@ class RolesGrantsAndPermissionsGenerator {
|
|||||||
}
|
}
|
||||||
|
|
||||||
plPgSql.writeLn();
|
plPgSql.writeLn();
|
||||||
plPgSql.writeLn("perform createRoleWithGrants(");
|
plPgSql.writeLn("perform rbac.defineRoleWithGrants(");
|
||||||
plPgSql.indented(() -> {
|
plPgSql.indented(() -> {
|
||||||
plPgSql.writeLn("${simpleVarName)${roleSuffix}(NEW),"
|
plPgSql.writeLn("${simpleVarName)${roleSuffix}(NEW),"
|
||||||
.replace("${simpleVarName)", simpleEntityVarName)
|
.replace("${simpleVarName)", simpleEntityVarName)
|
||||||
|
@ -3,11 +3,10 @@
|
|||||||
|
|
||||||
-- =================================================================
|
-- =================================================================
|
||||||
-- CREATE ROLE
|
-- CREATE ROLE
|
||||||
--changeset rbac-role-builder-create-role:1 endDelimiter:--//
|
--changeset rbac-role-builder-define-role:1 endDelimiter:--//
|
||||||
-- -----------------------------------------------------------------
|
-- -----------------------------------------------------------------
|
||||||
|
|
||||||
-- TODO: rename to defineRoleWithGrants because it does not complain if the role already exists
|
create or replace function rbac.defineRoleWithGrants(
|
||||||
create or replace function createRoleWithGrants(
|
|
||||||
roleDescriptor RbacRoleDescriptor,
|
roleDescriptor RbacRoleDescriptor,
|
||||||
permissions RbacOp[] = array[]::RbacOp[],
|
permissions RbacOp[] = array[]::RbacOp[],
|
||||||
incomingSuperRoles RbacRoleDescriptor[] = array[]::RbacRoleDescriptor[],
|
incomingSuperRoles RbacRoleDescriptor[] = array[]::RbacRoleDescriptor[],
|
||||||
|
@ -5,7 +5,7 @@
|
|||||||
--changeset rbac-generators-RELATED-OBJECT:1 endDelimiter:--//
|
--changeset rbac-generators-RELATED-OBJECT:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
|
|
||||||
create or replace procedure generateRelatedRbacObject(targetTable varchar)
|
create or replace procedure rbac.generateRelatedRbacObject(targetTable varchar)
|
||||||
language plpgsql as $$
|
language plpgsql as $$
|
||||||
declare
|
declare
|
||||||
createInsertTriggerSQL text;
|
createInsertTriggerSQL text;
|
||||||
@ -35,7 +35,7 @@ end; $$;
|
|||||||
--changeset rbac-generators-ROLE-DESCRIPTORS:1 endDelimiter:--//
|
--changeset rbac-generators-ROLE-DESCRIPTORS:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
|
|
||||||
create procedure generateRbacRoleDescriptors(prefix text, targetTable text)
|
create procedure rbac.generateRbacRoleDescriptors(prefix text, targetTable text)
|
||||||
language plpgsql as $$
|
language plpgsql as $$
|
||||||
declare
|
declare
|
||||||
sql text;
|
sql text;
|
||||||
@ -100,7 +100,7 @@ end; $$;
|
|||||||
--changeset rbac-generators-IDENTITY-VIEW:1 endDelimiter:--//
|
--changeset rbac-generators-IDENTITY-VIEW:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
|
|
||||||
create or replace procedure generateRbacIdentityViewFromQuery(targetTable text, sqlQuery text)
|
create or replace procedure rbac.generateRbacIdentityViewFromQuery(targetTable text, sqlQuery text)
|
||||||
language plpgsql as $$
|
language plpgsql as $$
|
||||||
declare
|
declare
|
||||||
sql text;
|
sql text;
|
||||||
@ -140,7 +140,7 @@ begin
|
|||||||
execute sql;
|
execute sql;
|
||||||
end; $$;
|
end; $$;
|
||||||
|
|
||||||
create or replace procedure generateRbacIdentityViewFromProjection(targetTable text, sqlProjection text)
|
create or replace procedure rbac.generateRbacIdentityViewFromProjection(targetTable text, sqlProjection text)
|
||||||
language plpgsql as $$
|
language plpgsql as $$
|
||||||
declare
|
declare
|
||||||
sqlQuery text;
|
sqlQuery text;
|
||||||
@ -151,7 +151,7 @@ begin
|
|||||||
select target.uuid, cleanIdentifier(%2$s) as idName
|
select target.uuid, cleanIdentifier(%2$s) as idName
|
||||||
from %1$s as target;
|
from %1$s as target;
|
||||||
$sql$, targetTable, sqlProjection);
|
$sql$, targetTable, sqlProjection);
|
||||||
call generateRbacIdentityViewFromQuery(targetTable, sqlQuery);
|
call rbac.generateRbacIdentityViewFromQuery(targetTable, sqlQuery);
|
||||||
end; $$;
|
end; $$;
|
||||||
--//
|
--//
|
||||||
|
|
||||||
@ -160,7 +160,7 @@ end; $$;
|
|||||||
--changeset rbac-generators-RESTRICTED-VIEW:1 endDelimiter:--//
|
--changeset rbac-generators-RESTRICTED-VIEW:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
|
|
||||||
create or replace procedure generateRbacRestrictedView(targetTable text, orderBy text, columnUpdates text = null, columnNames text = '*')
|
create or replace procedure rbac.generateRbacRestrictedView(targetTable text, orderBy text, columnUpdates text = null, columnNames text = '*')
|
||||||
language plpgsql as $$
|
language plpgsql as $$
|
||||||
declare
|
declare
|
||||||
sql text;
|
sql text;
|
||||||
|
@ -5,14 +5,14 @@
|
|||||||
-- ============================================================================
|
-- ============================================================================
|
||||||
--changeset test-customer-rbac-OBJECT:1 endDelimiter:--//
|
--changeset test-customer-rbac-OBJECT:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
call generateRelatedRbacObject('test_customer');
|
call rbac.generateRelatedRbacObject('test_customer');
|
||||||
--//
|
--//
|
||||||
|
|
||||||
|
|
||||||
-- ============================================================================
|
-- ============================================================================
|
||||||
--changeset test-customer-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--//
|
--changeset test-customer-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
call generateRbacRoleDescriptors('testCustomer', 'test_customer');
|
call rbac.generateRbacRoleDescriptors('testCustomer', 'test_customer');
|
||||||
--//
|
--//
|
||||||
|
|
||||||
|
|
||||||
@ -34,20 +34,20 @@ declare
|
|||||||
begin
|
begin
|
||||||
call rbac.enterTriggerForObjectUuid(NEW.uuid);
|
call rbac.enterTriggerForObjectUuid(NEW.uuid);
|
||||||
|
|
||||||
perform createRoleWithGrants(
|
perform rbac.defineRoleWithGrants(
|
||||||
testCustomerOWNER(NEW),
|
testCustomerOWNER(NEW),
|
||||||
permissions => array['DELETE'],
|
permissions => array['DELETE'],
|
||||||
incomingSuperRoles => array[globalADMIN(unassumed())],
|
incomingSuperRoles => array[globalADMIN(unassumed())],
|
||||||
subjectUuids => array[rbac.currentSubjectUuid()]
|
subjectUuids => array[rbac.currentSubjectUuid()]
|
||||||
);
|
);
|
||||||
|
|
||||||
perform createRoleWithGrants(
|
perform rbac.defineRoleWithGrants(
|
||||||
testCustomerADMIN(NEW),
|
testCustomerADMIN(NEW),
|
||||||
permissions => array['UPDATE'],
|
permissions => array['UPDATE'],
|
||||||
incomingSuperRoles => array[testCustomerOWNER(NEW)]
|
incomingSuperRoles => array[testCustomerOWNER(NEW)]
|
||||||
);
|
);
|
||||||
|
|
||||||
perform createRoleWithGrants(
|
perform rbac.defineRoleWithGrants(
|
||||||
testCustomerTENANT(NEW),
|
testCustomerTENANT(NEW),
|
||||||
permissions => array['SELECT'],
|
permissions => array['SELECT'],
|
||||||
incomingSuperRoles => array[testCustomerADMIN(NEW)]
|
incomingSuperRoles => array[testCustomerADMIN(NEW)]
|
||||||
@ -157,7 +157,7 @@ create trigger test_customer_insert_permission_check_tg
|
|||||||
--changeset test-customer-rbac-IDENTITY-VIEW:1 endDelimiter:--//
|
--changeset test-customer-rbac-IDENTITY-VIEW:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
|
|
||||||
call generateRbacIdentityViewFromProjection('test_customer',
|
call rbac.generateRbacIdentityViewFromProjection('test_customer',
|
||||||
$idName$
|
$idName$
|
||||||
prefix
|
prefix
|
||||||
$idName$);
|
$idName$);
|
||||||
@ -167,7 +167,7 @@ call generateRbacIdentityViewFromProjection('test_customer',
|
|||||||
-- ============================================================================
|
-- ============================================================================
|
||||||
--changeset test-customer-rbac-RESTRICTED-VIEW:1 endDelimiter:--//
|
--changeset test-customer-rbac-RESTRICTED-VIEW:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
call generateRbacRestrictedView('test_customer',
|
call rbac.generateRbacRestrictedView('test_customer',
|
||||||
$orderBy$
|
$orderBy$
|
||||||
reference
|
reference
|
||||||
$orderBy$,
|
$orderBy$,
|
||||||
|
@ -5,14 +5,14 @@
|
|||||||
-- ============================================================================
|
-- ============================================================================
|
||||||
--changeset test-package-rbac-OBJECT:1 endDelimiter:--//
|
--changeset test-package-rbac-OBJECT:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
call generateRelatedRbacObject('test_package');
|
call rbac.generateRelatedRbacObject('test_package');
|
||||||
--//
|
--//
|
||||||
|
|
||||||
|
|
||||||
-- ============================================================================
|
-- ============================================================================
|
||||||
--changeset test-package-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--//
|
--changeset test-package-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
call generateRbacRoleDescriptors('testPackage', 'test_package');
|
call rbac.generateRbacRoleDescriptors('testPackage', 'test_package');
|
||||||
--//
|
--//
|
||||||
|
|
||||||
|
|
||||||
@ -39,18 +39,18 @@ begin
|
|||||||
assert newCustomer.uuid is not null, format('newCustomer must not be null for NEW.customerUuid = %s', NEW.customerUuid);
|
assert newCustomer.uuid is not null, format('newCustomer must not be null for NEW.customerUuid = %s', NEW.customerUuid);
|
||||||
|
|
||||||
|
|
||||||
perform createRoleWithGrants(
|
perform rbac.defineRoleWithGrants(
|
||||||
testPackageOWNER(NEW),
|
testPackageOWNER(NEW),
|
||||||
permissions => array['DELETE', 'UPDATE'],
|
permissions => array['DELETE', 'UPDATE'],
|
||||||
incomingSuperRoles => array[testCustomerADMIN(newCustomer)]
|
incomingSuperRoles => array[testCustomerADMIN(newCustomer)]
|
||||||
);
|
);
|
||||||
|
|
||||||
perform createRoleWithGrants(
|
perform rbac.defineRoleWithGrants(
|
||||||
testPackageADMIN(NEW),
|
testPackageADMIN(NEW),
|
||||||
incomingSuperRoles => array[testPackageOWNER(NEW)]
|
incomingSuperRoles => array[testPackageOWNER(NEW)]
|
||||||
);
|
);
|
||||||
|
|
||||||
perform createRoleWithGrants(
|
perform rbac.defineRoleWithGrants(
|
||||||
testPackageTENANT(NEW),
|
testPackageTENANT(NEW),
|
||||||
permissions => array['SELECT'],
|
permissions => array['SELECT'],
|
||||||
incomingSuperRoles => array[testPackageADMIN(NEW)],
|
incomingSuperRoles => array[testPackageADMIN(NEW)],
|
||||||
@ -222,7 +222,7 @@ create trigger test_package_insert_permission_check_tg
|
|||||||
--changeset test-package-rbac-IDENTITY-VIEW:1 endDelimiter:--//
|
--changeset test-package-rbac-IDENTITY-VIEW:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
|
|
||||||
call generateRbacIdentityViewFromProjection('test_package',
|
call rbac.generateRbacIdentityViewFromProjection('test_package',
|
||||||
$idName$
|
$idName$
|
||||||
name
|
name
|
||||||
$idName$);
|
$idName$);
|
||||||
@ -232,7 +232,7 @@ call generateRbacIdentityViewFromProjection('test_package',
|
|||||||
-- ============================================================================
|
-- ============================================================================
|
||||||
--changeset test-package-rbac-RESTRICTED-VIEW:1 endDelimiter:--//
|
--changeset test-package-rbac-RESTRICTED-VIEW:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
call generateRbacRestrictedView('test_package',
|
call rbac.generateRbacRestrictedView('test_package',
|
||||||
$orderBy$
|
$orderBy$
|
||||||
name
|
name
|
||||||
$orderBy$,
|
$orderBy$,
|
||||||
|
@ -5,14 +5,14 @@
|
|||||||
-- ============================================================================
|
-- ============================================================================
|
||||||
--changeset test-domain-rbac-OBJECT:1 endDelimiter:--//
|
--changeset test-domain-rbac-OBJECT:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
call generateRelatedRbacObject('test_domain');
|
call rbac.generateRelatedRbacObject('test_domain');
|
||||||
--//
|
--//
|
||||||
|
|
||||||
|
|
||||||
-- ============================================================================
|
-- ============================================================================
|
||||||
--changeset test-domain-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--//
|
--changeset test-domain-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
call generateRbacRoleDescriptors('testDomain', 'test_domain');
|
call rbac.generateRbacRoleDescriptors('testDomain', 'test_domain');
|
||||||
--//
|
--//
|
||||||
|
|
||||||
|
|
||||||
@ -39,14 +39,14 @@ begin
|
|||||||
assert newPackage.uuid is not null, format('newPackage must not be null for NEW.packageUuid = %s', NEW.packageUuid);
|
assert newPackage.uuid is not null, format('newPackage must not be null for NEW.packageUuid = %s', NEW.packageUuid);
|
||||||
|
|
||||||
|
|
||||||
perform createRoleWithGrants(
|
perform rbac.defineRoleWithGrants(
|
||||||
testDomainOWNER(NEW),
|
testDomainOWNER(NEW),
|
||||||
permissions => array['DELETE', 'UPDATE'],
|
permissions => array['DELETE', 'UPDATE'],
|
||||||
incomingSuperRoles => array[testPackageADMIN(newPackage)],
|
incomingSuperRoles => array[testPackageADMIN(newPackage)],
|
||||||
outgoingSubRoles => array[testPackageTENANT(newPackage)]
|
outgoingSubRoles => array[testPackageTENANT(newPackage)]
|
||||||
);
|
);
|
||||||
|
|
||||||
perform createRoleWithGrants(
|
perform rbac.defineRoleWithGrants(
|
||||||
testDomainADMIN(NEW),
|
testDomainADMIN(NEW),
|
||||||
permissions => array['SELECT'],
|
permissions => array['SELECT'],
|
||||||
incomingSuperRoles => array[testDomainOWNER(NEW)],
|
incomingSuperRoles => array[testDomainOWNER(NEW)],
|
||||||
@ -221,7 +221,7 @@ create trigger test_domain_insert_permission_check_tg
|
|||||||
--changeset test-domain-rbac-IDENTITY-VIEW:1 endDelimiter:--//
|
--changeset test-domain-rbac-IDENTITY-VIEW:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
|
|
||||||
call generateRbacIdentityViewFromProjection('test_domain',
|
call rbac.generateRbacIdentityViewFromProjection('test_domain',
|
||||||
$idName$
|
$idName$
|
||||||
name
|
name
|
||||||
$idName$);
|
$idName$);
|
||||||
@ -231,7 +231,7 @@ call generateRbacIdentityViewFromProjection('test_domain',
|
|||||||
-- ============================================================================
|
-- ============================================================================
|
||||||
--changeset test-domain-rbac-RESTRICTED-VIEW:1 endDelimiter:--//
|
--changeset test-domain-rbac-RESTRICTED-VIEW:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
call generateRbacRestrictedView('test_domain',
|
call rbac.generateRbacRestrictedView('test_domain',
|
||||||
$orderBy$
|
$orderBy$
|
||||||
name
|
name
|
||||||
$orderBy$,
|
$orderBy$,
|
||||||
|
@ -5,14 +5,14 @@
|
|||||||
-- ============================================================================
|
-- ============================================================================
|
||||||
--changeset hs-office-contact-rbac-OBJECT:1 endDelimiter:--//
|
--changeset hs-office-contact-rbac-OBJECT:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
call generateRelatedRbacObject('hs_office_contact');
|
call rbac.generateRelatedRbacObject('hs_office_contact');
|
||||||
--//
|
--//
|
||||||
|
|
||||||
|
|
||||||
-- ============================================================================
|
-- ============================================================================
|
||||||
--changeset hs-office-contact-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--//
|
--changeset hs-office-contact-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
call generateRbacRoleDescriptors('hsOfficeContact', 'hs_office_contact');
|
call rbac.generateRbacRoleDescriptors('hsOfficeContact', 'hs_office_contact');
|
||||||
--//
|
--//
|
||||||
|
|
||||||
|
|
||||||
@ -34,20 +34,20 @@ declare
|
|||||||
begin
|
begin
|
||||||
call rbac.enterTriggerForObjectUuid(NEW.uuid);
|
call rbac.enterTriggerForObjectUuid(NEW.uuid);
|
||||||
|
|
||||||
perform createRoleWithGrants(
|
perform rbac.defineRoleWithGrants(
|
||||||
hsOfficeContactOWNER(NEW),
|
hsOfficeContactOWNER(NEW),
|
||||||
permissions => array['DELETE'],
|
permissions => array['DELETE'],
|
||||||
incomingSuperRoles => array[globalADMIN()],
|
incomingSuperRoles => array[globalADMIN()],
|
||||||
subjectUuids => array[rbac.currentSubjectUuid()]
|
subjectUuids => array[rbac.currentSubjectUuid()]
|
||||||
);
|
);
|
||||||
|
|
||||||
perform createRoleWithGrants(
|
perform rbac.defineRoleWithGrants(
|
||||||
hsOfficeContactADMIN(NEW),
|
hsOfficeContactADMIN(NEW),
|
||||||
permissions => array['UPDATE'],
|
permissions => array['UPDATE'],
|
||||||
incomingSuperRoles => array[hsOfficeContactOWNER(NEW)]
|
incomingSuperRoles => array[hsOfficeContactOWNER(NEW)]
|
||||||
);
|
);
|
||||||
|
|
||||||
perform createRoleWithGrants(
|
perform rbac.defineRoleWithGrants(
|
||||||
hsOfficeContactREFERRER(NEW),
|
hsOfficeContactREFERRER(NEW),
|
||||||
permissions => array['SELECT'],
|
permissions => array['SELECT'],
|
||||||
incomingSuperRoles => array[hsOfficeContactADMIN(NEW)]
|
incomingSuperRoles => array[hsOfficeContactADMIN(NEW)]
|
||||||
@ -80,7 +80,7 @@ execute procedure insertTriggerForHsOfficeContact_tf();
|
|||||||
--changeset hs-office-contact-rbac-IDENTITY-VIEW:1 endDelimiter:--//
|
--changeset hs-office-contact-rbac-IDENTITY-VIEW:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
|
|
||||||
call generateRbacIdentityViewFromProjection('hs_office_contact',
|
call rbac.generateRbacIdentityViewFromProjection('hs_office_contact',
|
||||||
$idName$
|
$idName$
|
||||||
caption
|
caption
|
||||||
$idName$);
|
$idName$);
|
||||||
@ -90,7 +90,7 @@ call generateRbacIdentityViewFromProjection('hs_office_contact',
|
|||||||
-- ============================================================================
|
-- ============================================================================
|
||||||
--changeset hs-office-contact-rbac-RESTRICTED-VIEW:1 endDelimiter:--//
|
--changeset hs-office-contact-rbac-RESTRICTED-VIEW:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
call generateRbacRestrictedView('hs_office_contact',
|
call rbac.generateRbacRestrictedView('hs_office_contact',
|
||||||
$orderBy$
|
$orderBy$
|
||||||
caption
|
caption
|
||||||
$orderBy$,
|
$orderBy$,
|
||||||
|
@ -5,14 +5,14 @@
|
|||||||
-- ============================================================================
|
-- ============================================================================
|
||||||
--changeset hs-office-person-rbac-OBJECT:1 endDelimiter:--//
|
--changeset hs-office-person-rbac-OBJECT:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
call generateRelatedRbacObject('hs_office_person');
|
call rbac.generateRelatedRbacObject('hs_office_person');
|
||||||
--//
|
--//
|
||||||
|
|
||||||
|
|
||||||
-- ============================================================================
|
-- ============================================================================
|
||||||
--changeset hs-office-person-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--//
|
--changeset hs-office-person-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
call generateRbacRoleDescriptors('hsOfficePerson', 'hs_office_person');
|
call rbac.generateRbacRoleDescriptors('hsOfficePerson', 'hs_office_person');
|
||||||
--//
|
--//
|
||||||
|
|
||||||
|
|
||||||
@ -34,20 +34,20 @@ declare
|
|||||||
begin
|
begin
|
||||||
call rbac.enterTriggerForObjectUuid(NEW.uuid);
|
call rbac.enterTriggerForObjectUuid(NEW.uuid);
|
||||||
|
|
||||||
perform createRoleWithGrants(
|
perform rbac.defineRoleWithGrants(
|
||||||
hsOfficePersonOWNER(NEW),
|
hsOfficePersonOWNER(NEW),
|
||||||
permissions => array['DELETE'],
|
permissions => array['DELETE'],
|
||||||
incomingSuperRoles => array[globalADMIN()],
|
incomingSuperRoles => array[globalADMIN()],
|
||||||
subjectUuids => array[rbac.currentSubjectUuid()]
|
subjectUuids => array[rbac.currentSubjectUuid()]
|
||||||
);
|
);
|
||||||
|
|
||||||
perform createRoleWithGrants(
|
perform rbac.defineRoleWithGrants(
|
||||||
hsOfficePersonADMIN(NEW),
|
hsOfficePersonADMIN(NEW),
|
||||||
permissions => array['UPDATE'],
|
permissions => array['UPDATE'],
|
||||||
incomingSuperRoles => array[hsOfficePersonOWNER(NEW)]
|
incomingSuperRoles => array[hsOfficePersonOWNER(NEW)]
|
||||||
);
|
);
|
||||||
|
|
||||||
perform createRoleWithGrants(
|
perform rbac.defineRoleWithGrants(
|
||||||
hsOfficePersonREFERRER(NEW),
|
hsOfficePersonREFERRER(NEW),
|
||||||
permissions => array['SELECT'],
|
permissions => array['SELECT'],
|
||||||
incomingSuperRoles => array[hsOfficePersonADMIN(NEW)]
|
incomingSuperRoles => array[hsOfficePersonADMIN(NEW)]
|
||||||
@ -80,7 +80,7 @@ execute procedure insertTriggerForHsOfficePerson_tf();
|
|||||||
--changeset hs-office-person-rbac-IDENTITY-VIEW:1 endDelimiter:--//
|
--changeset hs-office-person-rbac-IDENTITY-VIEW:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
|
|
||||||
call generateRbacIdentityViewFromProjection('hs_office_person',
|
call rbac.generateRbacIdentityViewFromProjection('hs_office_person',
|
||||||
$idName$
|
$idName$
|
||||||
concat(tradeName, familyName, givenName)
|
concat(tradeName, familyName, givenName)
|
||||||
$idName$);
|
$idName$);
|
||||||
@ -90,7 +90,7 @@ call generateRbacIdentityViewFromProjection('hs_office_person',
|
|||||||
-- ============================================================================
|
-- ============================================================================
|
||||||
--changeset hs-office-person-rbac-RESTRICTED-VIEW:1 endDelimiter:--//
|
--changeset hs-office-person-rbac-RESTRICTED-VIEW:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
call generateRbacRestrictedView('hs_office_person',
|
call rbac.generateRbacRestrictedView('hs_office_person',
|
||||||
$orderBy$
|
$orderBy$
|
||||||
concat(tradeName, familyName, givenName)
|
concat(tradeName, familyName, givenName)
|
||||||
$orderBy$,
|
$orderBy$,
|
||||||
|
@ -5,14 +5,14 @@
|
|||||||
-- ============================================================================
|
-- ============================================================================
|
||||||
--changeset hs-office-relation-rbac-OBJECT:1 endDelimiter:--//
|
--changeset hs-office-relation-rbac-OBJECT:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
call generateRelatedRbacObject('hs_office_relation');
|
call rbac.generateRelatedRbacObject('hs_office_relation');
|
||||||
--//
|
--//
|
||||||
|
|
||||||
|
|
||||||
-- ============================================================================
|
-- ============================================================================
|
||||||
--changeset hs-office-relation-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--//
|
--changeset hs-office-relation-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
call generateRbacRoleDescriptors('hsOfficeRelation', 'hs_office_relation');
|
call rbac.generateRbacRoleDescriptors('hsOfficeRelation', 'hs_office_relation');
|
||||||
--//
|
--//
|
||||||
|
|
||||||
|
|
||||||
@ -47,25 +47,25 @@ begin
|
|||||||
assert newContact.uuid is not null, format('newContact must not be null for NEW.contactUuid = %s', NEW.contactUuid);
|
assert newContact.uuid is not null, format('newContact must not be null for NEW.contactUuid = %s', NEW.contactUuid);
|
||||||
|
|
||||||
|
|
||||||
perform createRoleWithGrants(
|
perform rbac.defineRoleWithGrants(
|
||||||
hsOfficeRelationOWNER(NEW),
|
hsOfficeRelationOWNER(NEW),
|
||||||
permissions => array['DELETE'],
|
permissions => array['DELETE'],
|
||||||
incomingSuperRoles => array[globalADMIN()],
|
incomingSuperRoles => array[globalADMIN()],
|
||||||
subjectUuids => array[rbac.currentSubjectUuid()]
|
subjectUuids => array[rbac.currentSubjectUuid()]
|
||||||
);
|
);
|
||||||
|
|
||||||
perform createRoleWithGrants(
|
perform rbac.defineRoleWithGrants(
|
||||||
hsOfficeRelationADMIN(NEW),
|
hsOfficeRelationADMIN(NEW),
|
||||||
permissions => array['UPDATE'],
|
permissions => array['UPDATE'],
|
||||||
incomingSuperRoles => array[hsOfficeRelationOWNER(NEW)]
|
incomingSuperRoles => array[hsOfficeRelationOWNER(NEW)]
|
||||||
);
|
);
|
||||||
|
|
||||||
perform createRoleWithGrants(
|
perform rbac.defineRoleWithGrants(
|
||||||
hsOfficeRelationAGENT(NEW),
|
hsOfficeRelationAGENT(NEW),
|
||||||
incomingSuperRoles => array[hsOfficeRelationADMIN(NEW)]
|
incomingSuperRoles => array[hsOfficeRelationADMIN(NEW)]
|
||||||
);
|
);
|
||||||
|
|
||||||
perform createRoleWithGrants(
|
perform rbac.defineRoleWithGrants(
|
||||||
hsOfficeRelationTENANT(NEW),
|
hsOfficeRelationTENANT(NEW),
|
||||||
permissions => array['SELECT'],
|
permissions => array['SELECT'],
|
||||||
incomingSuperRoles => array[
|
incomingSuperRoles => array[
|
||||||
@ -231,7 +231,7 @@ create trigger hs_office_relation_insert_permission_check_tg
|
|||||||
--changeset hs-office-relation-rbac-IDENTITY-VIEW:1 endDelimiter:--//
|
--changeset hs-office-relation-rbac-IDENTITY-VIEW:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
|
|
||||||
call generateRbacIdentityViewFromProjection('hs_office_relation',
|
call rbac.generateRbacIdentityViewFromProjection('hs_office_relation',
|
||||||
$idName$
|
$idName$
|
||||||
(select idName from hs_office_person_iv p where p.uuid = anchorUuid)
|
(select idName from hs_office_person_iv p where p.uuid = anchorUuid)
|
||||||
|| '-with-' || target.type || '-'
|
|| '-with-' || target.type || '-'
|
||||||
@ -243,7 +243,7 @@ call generateRbacIdentityViewFromProjection('hs_office_relation',
|
|||||||
-- ============================================================================
|
-- ============================================================================
|
||||||
--changeset hs-office-relation-rbac-RESTRICTED-VIEW:1 endDelimiter:--//
|
--changeset hs-office-relation-rbac-RESTRICTED-VIEW:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
call generateRbacRestrictedView('hs_office_relation',
|
call rbac.generateRbacRestrictedView('hs_office_relation',
|
||||||
$orderBy$
|
$orderBy$
|
||||||
(select idName from hs_office_person_iv p where p.uuid = target.holderUuid)
|
(select idName from hs_office_person_iv p where p.uuid = target.holderUuid)
|
||||||
$orderBy$,
|
$orderBy$,
|
||||||
|
@ -5,14 +5,14 @@
|
|||||||
-- ============================================================================
|
-- ============================================================================
|
||||||
--changeset hs-office-partner-rbac-OBJECT:1 endDelimiter:--//
|
--changeset hs-office-partner-rbac-OBJECT:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
call generateRelatedRbacObject('hs_office_partner');
|
call rbac.generateRelatedRbacObject('hs_office_partner');
|
||||||
--//
|
--//
|
||||||
|
|
||||||
|
|
||||||
-- ============================================================================
|
-- ============================================================================
|
||||||
--changeset hs-office-partner-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--//
|
--changeset hs-office-partner-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
call generateRbacRoleDescriptors('hsOfficePartner', 'hs_office_partner');
|
call rbac.generateRbacRoleDescriptors('hsOfficePartner', 'hs_office_partner');
|
||||||
--//
|
--//
|
||||||
|
|
||||||
|
|
||||||
@ -234,7 +234,7 @@ create trigger hs_office_partner_insert_permission_check_tg
|
|||||||
--changeset hs-office-partner-rbac-IDENTITY-VIEW:1 endDelimiter:--//
|
--changeset hs-office-partner-rbac-IDENTITY-VIEW:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
|
|
||||||
call generateRbacIdentityViewFromProjection('hs_office_partner',
|
call rbac.generateRbacIdentityViewFromProjection('hs_office_partner',
|
||||||
$idName$
|
$idName$
|
||||||
'P-' || partnerNumber
|
'P-' || partnerNumber
|
||||||
$idName$);
|
$idName$);
|
||||||
@ -244,7 +244,7 @@ call generateRbacIdentityViewFromProjection('hs_office_partner',
|
|||||||
-- ============================================================================
|
-- ============================================================================
|
||||||
--changeset hs-office-partner-rbac-RESTRICTED-VIEW:1 endDelimiter:--//
|
--changeset hs-office-partner-rbac-RESTRICTED-VIEW:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
call generateRbacRestrictedView('hs_office_partner',
|
call rbac.generateRbacRestrictedView('hs_office_partner',
|
||||||
$orderBy$
|
$orderBy$
|
||||||
'P-' || partnerNumber
|
'P-' || partnerNumber
|
||||||
$orderBy$,
|
$orderBy$,
|
||||||
|
@ -5,14 +5,14 @@
|
|||||||
-- ============================================================================
|
-- ============================================================================
|
||||||
--changeset hs-office-partner-details-rbac-OBJECT:1 endDelimiter:--//
|
--changeset hs-office-partner-details-rbac-OBJECT:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
call generateRelatedRbacObject('hs_office_partner_details');
|
call rbac.generateRelatedRbacObject('hs_office_partner_details');
|
||||||
--//
|
--//
|
||||||
|
|
||||||
|
|
||||||
-- ============================================================================
|
-- ============================================================================
|
||||||
--changeset hs-office-partner-details-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--//
|
--changeset hs-office-partner-details-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
call generateRbacRoleDescriptors('hsOfficePartnerDetails', 'hs_office_partner_details');
|
call rbac.generateRbacRoleDescriptors('hsOfficePartnerDetails', 'hs_office_partner_details');
|
||||||
--//
|
--//
|
||||||
|
|
||||||
|
|
||||||
@ -138,7 +138,7 @@ create trigger hs_office_partner_details_insert_permission_check_tg
|
|||||||
--changeset hs-office-partner-details-rbac-IDENTITY-VIEW:1 endDelimiter:--//
|
--changeset hs-office-partner-details-rbac-IDENTITY-VIEW:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
|
|
||||||
call generateRbacIdentityViewFromQuery('hs_office_partner_details',
|
call rbac.generateRbacIdentityViewFromQuery('hs_office_partner_details',
|
||||||
$idName$
|
$idName$
|
||||||
SELECT partnerDetails.uuid as uuid, partner_iv.idName as idName
|
SELECT partnerDetails.uuid as uuid, partner_iv.idName as idName
|
||||||
FROM hs_office_partner_details AS partnerDetails
|
FROM hs_office_partner_details AS partnerDetails
|
||||||
@ -151,7 +151,7 @@ call generateRbacIdentityViewFromQuery('hs_office_partner_details',
|
|||||||
-- ============================================================================
|
-- ============================================================================
|
||||||
--changeset hs-office-partner-details-rbac-RESTRICTED-VIEW:1 endDelimiter:--//
|
--changeset hs-office-partner-details-rbac-RESTRICTED-VIEW:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
call generateRbacRestrictedView('hs_office_partner_details',
|
call rbac.generateRbacRestrictedView('hs_office_partner_details',
|
||||||
$orderBy$
|
$orderBy$
|
||||||
uuid
|
uuid
|
||||||
$orderBy$,
|
$orderBy$,
|
||||||
|
@ -5,14 +5,14 @@
|
|||||||
-- ============================================================================
|
-- ============================================================================
|
||||||
--changeset hs-office-bankaccount-rbac-OBJECT:1 endDelimiter:--//
|
--changeset hs-office-bankaccount-rbac-OBJECT:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
call generateRelatedRbacObject('hs_office_bankaccount');
|
call rbac.generateRelatedRbacObject('hs_office_bankaccount');
|
||||||
--//
|
--//
|
||||||
|
|
||||||
|
|
||||||
-- ============================================================================
|
-- ============================================================================
|
||||||
--changeset hs-office-bankaccount-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--//
|
--changeset hs-office-bankaccount-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
call generateRbacRoleDescriptors('hsOfficeBankAccount', 'hs_office_bankaccount');
|
call rbac.generateRbacRoleDescriptors('hsOfficeBankAccount', 'hs_office_bankaccount');
|
||||||
--//
|
--//
|
||||||
|
|
||||||
|
|
||||||
@ -34,20 +34,20 @@ declare
|
|||||||
begin
|
begin
|
||||||
call rbac.enterTriggerForObjectUuid(NEW.uuid);
|
call rbac.enterTriggerForObjectUuid(NEW.uuid);
|
||||||
|
|
||||||
perform createRoleWithGrants(
|
perform rbac.defineRoleWithGrants(
|
||||||
hsOfficeBankAccountOWNER(NEW),
|
hsOfficeBankAccountOWNER(NEW),
|
||||||
permissions => array['DELETE'],
|
permissions => array['DELETE'],
|
||||||
incomingSuperRoles => array[globalADMIN()],
|
incomingSuperRoles => array[globalADMIN()],
|
||||||
subjectUuids => array[rbac.currentSubjectUuid()]
|
subjectUuids => array[rbac.currentSubjectUuid()]
|
||||||
);
|
);
|
||||||
|
|
||||||
perform createRoleWithGrants(
|
perform rbac.defineRoleWithGrants(
|
||||||
hsOfficeBankAccountADMIN(NEW),
|
hsOfficeBankAccountADMIN(NEW),
|
||||||
permissions => array['UPDATE'],
|
permissions => array['UPDATE'],
|
||||||
incomingSuperRoles => array[hsOfficeBankAccountOWNER(NEW)]
|
incomingSuperRoles => array[hsOfficeBankAccountOWNER(NEW)]
|
||||||
);
|
);
|
||||||
|
|
||||||
perform createRoleWithGrants(
|
perform rbac.defineRoleWithGrants(
|
||||||
hsOfficeBankAccountREFERRER(NEW),
|
hsOfficeBankAccountREFERRER(NEW),
|
||||||
permissions => array['SELECT'],
|
permissions => array['SELECT'],
|
||||||
incomingSuperRoles => array[hsOfficeBankAccountADMIN(NEW)]
|
incomingSuperRoles => array[hsOfficeBankAccountADMIN(NEW)]
|
||||||
@ -80,7 +80,7 @@ execute procedure insertTriggerForHsOfficeBankAccount_tf();
|
|||||||
--changeset hs-office-bankaccount-rbac-IDENTITY-VIEW:1 endDelimiter:--//
|
--changeset hs-office-bankaccount-rbac-IDENTITY-VIEW:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
|
|
||||||
call generateRbacIdentityViewFromProjection('hs_office_bankaccount',
|
call rbac.generateRbacIdentityViewFromProjection('hs_office_bankaccount',
|
||||||
$idName$
|
$idName$
|
||||||
iban
|
iban
|
||||||
$idName$);
|
$idName$);
|
||||||
@ -90,7 +90,7 @@ call generateRbacIdentityViewFromProjection('hs_office_bankaccount',
|
|||||||
-- ============================================================================
|
-- ============================================================================
|
||||||
--changeset hs-office-bankaccount-rbac-RESTRICTED-VIEW:1 endDelimiter:--//
|
--changeset hs-office-bankaccount-rbac-RESTRICTED-VIEW:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
call generateRbacRestrictedView('hs_office_bankaccount',
|
call rbac.generateRbacRestrictedView('hs_office_bankaccount',
|
||||||
$orderBy$
|
$orderBy$
|
||||||
iban
|
iban
|
||||||
$orderBy$,
|
$orderBy$,
|
||||||
|
@ -5,14 +5,14 @@
|
|||||||
-- ============================================================================
|
-- ============================================================================
|
||||||
--changeset hs-office-debitor-rbac-OBJECT:1 endDelimiter:--//
|
--changeset hs-office-debitor-rbac-OBJECT:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
call generateRelatedRbacObject('hs_office_debitor');
|
call rbac.generateRelatedRbacObject('hs_office_debitor');
|
||||||
--//
|
--//
|
||||||
|
|
||||||
|
|
||||||
-- ============================================================================
|
-- ============================================================================
|
||||||
--changeset hs-office-debitor-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--//
|
--changeset hs-office-debitor-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
call generateRbacRoleDescriptors('hsOfficeDebitor', 'hs_office_debitor');
|
call rbac.generateRbacRoleDescriptors('hsOfficeDebitor', 'hs_office_debitor');
|
||||||
--//
|
--//
|
||||||
|
|
||||||
|
|
||||||
@ -207,7 +207,7 @@ create trigger hs_office_debitor_insert_permission_check_tg
|
|||||||
--changeset hs-office-debitor-rbac-IDENTITY-VIEW:1 endDelimiter:--//
|
--changeset hs-office-debitor-rbac-IDENTITY-VIEW:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
|
|
||||||
call generateRbacIdentityViewFromQuery('hs_office_debitor',
|
call rbac.generateRbacIdentityViewFromQuery('hs_office_debitor',
|
||||||
$idName$
|
$idName$
|
||||||
SELECT debitor.uuid AS uuid,
|
SELECT debitor.uuid AS uuid,
|
||||||
'D-' || (SELECT partner.partnerNumber
|
'D-' || (SELECT partner.partnerNumber
|
||||||
@ -226,7 +226,7 @@ call generateRbacIdentityViewFromQuery('hs_office_debitor',
|
|||||||
-- ============================================================================
|
-- ============================================================================
|
||||||
--changeset hs-office-debitor-rbac-RESTRICTED-VIEW:1 endDelimiter:--//
|
--changeset hs-office-debitor-rbac-RESTRICTED-VIEW:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
call generateRbacRestrictedView('hs_office_debitor',
|
call rbac.generateRbacRestrictedView('hs_office_debitor',
|
||||||
$orderBy$
|
$orderBy$
|
||||||
defaultPrefix
|
defaultPrefix
|
||||||
$orderBy$,
|
$orderBy$,
|
||||||
|
@ -5,14 +5,14 @@
|
|||||||
-- ============================================================================
|
-- ============================================================================
|
||||||
--changeset hs-office-sepamandate-rbac-OBJECT:1 endDelimiter:--//
|
--changeset hs-office-sepamandate-rbac-OBJECT:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
call generateRelatedRbacObject('hs_office_sepamandate');
|
call rbac.generateRelatedRbacObject('hs_office_sepamandate');
|
||||||
--//
|
--//
|
||||||
|
|
||||||
|
|
||||||
-- ============================================================================
|
-- ============================================================================
|
||||||
--changeset hs-office-sepamandate-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--//
|
--changeset hs-office-sepamandate-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
call generateRbacRoleDescriptors('hsOfficeSepaMandate', 'hs_office_sepamandate');
|
call rbac.generateRbacRoleDescriptors('hsOfficeSepaMandate', 'hs_office_sepamandate');
|
||||||
--//
|
--//
|
||||||
|
|
||||||
|
|
||||||
@ -47,20 +47,20 @@ begin
|
|||||||
assert newDebitorRel.uuid is not null, format('newDebitorRel must not be null for NEW.debitorUuid = %s', NEW.debitorUuid);
|
assert newDebitorRel.uuid is not null, format('newDebitorRel must not be null for NEW.debitorUuid = %s', NEW.debitorUuid);
|
||||||
|
|
||||||
|
|
||||||
perform createRoleWithGrants(
|
perform rbac.defineRoleWithGrants(
|
||||||
hsOfficeSepaMandateOWNER(NEW),
|
hsOfficeSepaMandateOWNER(NEW),
|
||||||
permissions => array['DELETE'],
|
permissions => array['DELETE'],
|
||||||
incomingSuperRoles => array[globalADMIN()],
|
incomingSuperRoles => array[globalADMIN()],
|
||||||
subjectUuids => array[rbac.currentSubjectUuid()]
|
subjectUuids => array[rbac.currentSubjectUuid()]
|
||||||
);
|
);
|
||||||
|
|
||||||
perform createRoleWithGrants(
|
perform rbac.defineRoleWithGrants(
|
||||||
hsOfficeSepaMandateADMIN(NEW),
|
hsOfficeSepaMandateADMIN(NEW),
|
||||||
permissions => array['UPDATE'],
|
permissions => array['UPDATE'],
|
||||||
incomingSuperRoles => array[hsOfficeSepaMandateOWNER(NEW)]
|
incomingSuperRoles => array[hsOfficeSepaMandateOWNER(NEW)]
|
||||||
);
|
);
|
||||||
|
|
||||||
perform createRoleWithGrants(
|
perform rbac.defineRoleWithGrants(
|
||||||
hsOfficeSepaMandateAGENT(NEW),
|
hsOfficeSepaMandateAGENT(NEW),
|
||||||
incomingSuperRoles => array[hsOfficeSepaMandateADMIN(NEW)],
|
incomingSuperRoles => array[hsOfficeSepaMandateADMIN(NEW)],
|
||||||
outgoingSubRoles => array[
|
outgoingSubRoles => array[
|
||||||
@ -68,7 +68,7 @@ begin
|
|||||||
hsOfficeRelationAGENT(newDebitorRel)]
|
hsOfficeRelationAGENT(newDebitorRel)]
|
||||||
);
|
);
|
||||||
|
|
||||||
perform createRoleWithGrants(
|
perform rbac.defineRoleWithGrants(
|
||||||
hsOfficeSepaMandateREFERRER(NEW),
|
hsOfficeSepaMandateREFERRER(NEW),
|
||||||
permissions => array['SELECT'],
|
permissions => array['SELECT'],
|
||||||
incomingSuperRoles => array[
|
incomingSuperRoles => array[
|
||||||
@ -188,7 +188,7 @@ create trigger hs_office_sepamandate_insert_permission_check_tg
|
|||||||
--changeset hs-office-sepamandate-rbac-IDENTITY-VIEW:1 endDelimiter:--//
|
--changeset hs-office-sepamandate-rbac-IDENTITY-VIEW:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
|
|
||||||
call generateRbacIdentityViewFromQuery('hs_office_sepamandate',
|
call rbac.generateRbacIdentityViewFromQuery('hs_office_sepamandate',
|
||||||
$idName$
|
$idName$
|
||||||
select sm.uuid as uuid, ba.iban || '-' || sm.validity as idName
|
select sm.uuid as uuid, ba.iban || '-' || sm.validity as idName
|
||||||
from hs_office_sepamandate sm
|
from hs_office_sepamandate sm
|
||||||
@ -200,7 +200,7 @@ call generateRbacIdentityViewFromQuery('hs_office_sepamandate',
|
|||||||
-- ============================================================================
|
-- ============================================================================
|
||||||
--changeset hs-office-sepamandate-rbac-RESTRICTED-VIEW:1 endDelimiter:--//
|
--changeset hs-office-sepamandate-rbac-RESTRICTED-VIEW:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
call generateRbacRestrictedView('hs_office_sepamandate',
|
call rbac.generateRbacRestrictedView('hs_office_sepamandate',
|
||||||
$orderBy$
|
$orderBy$
|
||||||
validity
|
validity
|
||||||
$orderBy$,
|
$orderBy$,
|
||||||
|
@ -5,14 +5,14 @@
|
|||||||
-- ============================================================================
|
-- ============================================================================
|
||||||
--changeset hs-office-membership-rbac-OBJECT:1 endDelimiter:--//
|
--changeset hs-office-membership-rbac-OBJECT:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
call generateRelatedRbacObject('hs_office_membership');
|
call rbac.generateRelatedRbacObject('hs_office_membership');
|
||||||
--//
|
--//
|
||||||
|
|
||||||
|
|
||||||
-- ============================================================================
|
-- ============================================================================
|
||||||
--changeset hs-office-membership-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--//
|
--changeset hs-office-membership-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
call generateRbacRoleDescriptors('hsOfficeMembership', 'hs_office_membership');
|
call rbac.generateRbacRoleDescriptors('hsOfficeMembership', 'hs_office_membership');
|
||||||
--//
|
--//
|
||||||
|
|
||||||
|
|
||||||
@ -43,12 +43,12 @@ begin
|
|||||||
assert newPartnerRel.uuid is not null, format('newPartnerRel must not be null for NEW.partnerUuid = %s', NEW.partnerUuid);
|
assert newPartnerRel.uuid is not null, format('newPartnerRel must not be null for NEW.partnerUuid = %s', NEW.partnerUuid);
|
||||||
|
|
||||||
|
|
||||||
perform createRoleWithGrants(
|
perform rbac.defineRoleWithGrants(
|
||||||
hsOfficeMembershipOWNER(NEW),
|
hsOfficeMembershipOWNER(NEW),
|
||||||
subjectUuids => array[rbac.currentSubjectUuid()]
|
subjectUuids => array[rbac.currentSubjectUuid()]
|
||||||
);
|
);
|
||||||
|
|
||||||
perform createRoleWithGrants(
|
perform rbac.defineRoleWithGrants(
|
||||||
hsOfficeMembershipADMIN(NEW),
|
hsOfficeMembershipADMIN(NEW),
|
||||||
permissions => array['DELETE', 'UPDATE'],
|
permissions => array['DELETE', 'UPDATE'],
|
||||||
incomingSuperRoles => array[
|
incomingSuperRoles => array[
|
||||||
@ -56,7 +56,7 @@ begin
|
|||||||
hsOfficeRelationADMIN(newPartnerRel)]
|
hsOfficeRelationADMIN(newPartnerRel)]
|
||||||
);
|
);
|
||||||
|
|
||||||
perform createRoleWithGrants(
|
perform rbac.defineRoleWithGrants(
|
||||||
hsOfficeMembershipAGENT(NEW),
|
hsOfficeMembershipAGENT(NEW),
|
||||||
permissions => array['SELECT'],
|
permissions => array['SELECT'],
|
||||||
incomingSuperRoles => array[
|
incomingSuperRoles => array[
|
||||||
@ -169,7 +169,7 @@ create trigger hs_office_membership_insert_permission_check_tg
|
|||||||
--changeset hs-office-membership-rbac-IDENTITY-VIEW:1 endDelimiter:--//
|
--changeset hs-office-membership-rbac-IDENTITY-VIEW:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
|
|
||||||
call generateRbacIdentityViewFromQuery('hs_office_membership',
|
call rbac.generateRbacIdentityViewFromQuery('hs_office_membership',
|
||||||
$idName$
|
$idName$
|
||||||
SELECT m.uuid AS uuid,
|
SELECT m.uuid AS uuid,
|
||||||
'M-' || p.partnerNumber || m.memberNumberSuffix as idName
|
'M-' || p.partnerNumber || m.memberNumberSuffix as idName
|
||||||
@ -182,7 +182,7 @@ call generateRbacIdentityViewFromQuery('hs_office_membership',
|
|||||||
-- ============================================================================
|
-- ============================================================================
|
||||||
--changeset hs-office-membership-rbac-RESTRICTED-VIEW:1 endDelimiter:--//
|
--changeset hs-office-membership-rbac-RESTRICTED-VIEW:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
call generateRbacRestrictedView('hs_office_membership',
|
call rbac.generateRbacRestrictedView('hs_office_membership',
|
||||||
$orderBy$
|
$orderBy$
|
||||||
validity
|
validity
|
||||||
$orderBy$,
|
$orderBy$,
|
||||||
|
@ -5,14 +5,14 @@
|
|||||||
-- ============================================================================
|
-- ============================================================================
|
||||||
--changeset hs-office-coopsharestransaction-rbac-OBJECT:1 endDelimiter:--//
|
--changeset hs-office-coopsharestransaction-rbac-OBJECT:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
call generateRelatedRbacObject('hs_office_coopsharestransaction');
|
call rbac.generateRelatedRbacObject('hs_office_coopsharestransaction');
|
||||||
--//
|
--//
|
||||||
|
|
||||||
|
|
||||||
-- ============================================================================
|
-- ============================================================================
|
||||||
--changeset hs-office-coopsharestransaction-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--//
|
--changeset hs-office-coopsharestransaction-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
call generateRbacRoleDescriptors('hsOfficeCoopSharesTransaction', 'hs_office_coopsharestransaction');
|
call rbac.generateRbacRoleDescriptors('hsOfficeCoopSharesTransaction', 'hs_office_coopsharestransaction');
|
||||||
--//
|
--//
|
||||||
|
|
||||||
|
|
||||||
@ -145,7 +145,7 @@ create trigger hs_office_coopsharestransaction_insert_permission_check_tg
|
|||||||
--changeset hs-office-coopsharestransaction-rbac-IDENTITY-VIEW:1 endDelimiter:--//
|
--changeset hs-office-coopsharestransaction-rbac-IDENTITY-VIEW:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
|
|
||||||
call generateRbacIdentityViewFromProjection('hs_office_coopsharestransaction',
|
call rbac.generateRbacIdentityViewFromProjection('hs_office_coopsharestransaction',
|
||||||
$idName$
|
$idName$
|
||||||
reference
|
reference
|
||||||
$idName$);
|
$idName$);
|
||||||
@ -155,7 +155,7 @@ call generateRbacIdentityViewFromProjection('hs_office_coopsharestransaction',
|
|||||||
-- ============================================================================
|
-- ============================================================================
|
||||||
--changeset hs-office-coopsharestransaction-rbac-RESTRICTED-VIEW:1 endDelimiter:--//
|
--changeset hs-office-coopsharestransaction-rbac-RESTRICTED-VIEW:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
call generateRbacRestrictedView('hs_office_coopsharestransaction',
|
call rbac.generateRbacRestrictedView('hs_office_coopsharestransaction',
|
||||||
$orderBy$
|
$orderBy$
|
||||||
reference
|
reference
|
||||||
$orderBy$,
|
$orderBy$,
|
||||||
|
@ -5,14 +5,14 @@
|
|||||||
-- ============================================================================
|
-- ============================================================================
|
||||||
--changeset hs-office-coopassetstransaction-rbac-OBJECT:1 endDelimiter:--//
|
--changeset hs-office-coopassetstransaction-rbac-OBJECT:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
call generateRelatedRbacObject('hs_office_coopassetstransaction');
|
call rbac.generateRelatedRbacObject('hs_office_coopassetstransaction');
|
||||||
--//
|
--//
|
||||||
|
|
||||||
|
|
||||||
-- ============================================================================
|
-- ============================================================================
|
||||||
--changeset hs-office-coopassetstransaction-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--//
|
--changeset hs-office-coopassetstransaction-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
call generateRbacRoleDescriptors('hsOfficeCoopAssetsTransaction', 'hs_office_coopassetstransaction');
|
call rbac.generateRbacRoleDescriptors('hsOfficeCoopAssetsTransaction', 'hs_office_coopassetstransaction');
|
||||||
--//
|
--//
|
||||||
|
|
||||||
|
|
||||||
@ -145,7 +145,7 @@ create trigger hs_office_coopassetstransaction_insert_permission_check_tg
|
|||||||
--changeset hs-office-coopassetstransaction-rbac-IDENTITY-VIEW:1 endDelimiter:--//
|
--changeset hs-office-coopassetstransaction-rbac-IDENTITY-VIEW:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
|
|
||||||
call generateRbacIdentityViewFromProjection('hs_office_coopassetstransaction',
|
call rbac.generateRbacIdentityViewFromProjection('hs_office_coopassetstransaction',
|
||||||
$idName$
|
$idName$
|
||||||
reference
|
reference
|
||||||
$idName$);
|
$idName$);
|
||||||
@ -155,7 +155,7 @@ call generateRbacIdentityViewFromProjection('hs_office_coopassetstransaction',
|
|||||||
-- ============================================================================
|
-- ============================================================================
|
||||||
--changeset hs-office-coopassetstransaction-rbac-RESTRICTED-VIEW:1 endDelimiter:--//
|
--changeset hs-office-coopassetstransaction-rbac-RESTRICTED-VIEW:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
call generateRbacRestrictedView('hs_office_coopassetstransaction',
|
call rbac.generateRbacRestrictedView('hs_office_coopassetstransaction',
|
||||||
$orderBy$
|
$orderBy$
|
||||||
reference
|
reference
|
||||||
$orderBy$,
|
$orderBy$,
|
||||||
|
@ -5,14 +5,14 @@
|
|||||||
-- ============================================================================
|
-- ============================================================================
|
||||||
--changeset hs-booking-project-rbac-OBJECT:1 endDelimiter:--//
|
--changeset hs-booking-project-rbac-OBJECT:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
call generateRelatedRbacObject('hs_booking_project');
|
call rbac.generateRelatedRbacObject('hs_booking_project');
|
||||||
--//
|
--//
|
||||||
|
|
||||||
|
|
||||||
-- ============================================================================
|
-- ============================================================================
|
||||||
--changeset hs-booking-project-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--//
|
--changeset hs-booking-project-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
call generateRbacRoleDescriptors('hsBookingProject', 'hs_booking_project');
|
call rbac.generateRbacRoleDescriptors('hsBookingProject', 'hs_booking_project');
|
||||||
--//
|
--//
|
||||||
|
|
||||||
|
|
||||||
@ -47,23 +47,23 @@ begin
|
|||||||
assert newDebitorRel.uuid is not null, format('newDebitorRel must not be null for NEW.debitorUuid = %s', NEW.debitorUuid);
|
assert newDebitorRel.uuid is not null, format('newDebitorRel must not be null for NEW.debitorUuid = %s', NEW.debitorUuid);
|
||||||
|
|
||||||
|
|
||||||
perform createRoleWithGrants(
|
perform rbac.defineRoleWithGrants(
|
||||||
hsBookingProjectOWNER(NEW),
|
hsBookingProjectOWNER(NEW),
|
||||||
incomingSuperRoles => array[hsOfficeRelationAGENT(newDebitorRel, unassumed())]
|
incomingSuperRoles => array[hsOfficeRelationAGENT(newDebitorRel, unassumed())]
|
||||||
);
|
);
|
||||||
|
|
||||||
perform createRoleWithGrants(
|
perform rbac.defineRoleWithGrants(
|
||||||
hsBookingProjectADMIN(NEW),
|
hsBookingProjectADMIN(NEW),
|
||||||
permissions => array['UPDATE'],
|
permissions => array['UPDATE'],
|
||||||
incomingSuperRoles => array[hsBookingProjectOWNER(NEW)]
|
incomingSuperRoles => array[hsBookingProjectOWNER(NEW)]
|
||||||
);
|
);
|
||||||
|
|
||||||
perform createRoleWithGrants(
|
perform rbac.defineRoleWithGrants(
|
||||||
hsBookingProjectAGENT(NEW),
|
hsBookingProjectAGENT(NEW),
|
||||||
incomingSuperRoles => array[hsBookingProjectADMIN(NEW)]
|
incomingSuperRoles => array[hsBookingProjectADMIN(NEW)]
|
||||||
);
|
);
|
||||||
|
|
||||||
perform createRoleWithGrants(
|
perform rbac.defineRoleWithGrants(
|
||||||
hsBookingProjectTENANT(NEW),
|
hsBookingProjectTENANT(NEW),
|
||||||
permissions => array['SELECT'],
|
permissions => array['SELECT'],
|
||||||
incomingSuperRoles => array[hsBookingProjectAGENT(NEW)],
|
incomingSuperRoles => array[hsBookingProjectAGENT(NEW)],
|
||||||
@ -182,7 +182,7 @@ create trigger hs_booking_project_insert_permission_check_tg
|
|||||||
--changeset hs-booking-project-rbac-IDENTITY-VIEW:1 endDelimiter:--//
|
--changeset hs-booking-project-rbac-IDENTITY-VIEW:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
|
|
||||||
call generateRbacIdentityViewFromQuery('hs_booking_project',
|
call rbac.generateRbacIdentityViewFromQuery('hs_booking_project',
|
||||||
$idName$
|
$idName$
|
||||||
SELECT bookingProject.uuid as uuid, debitorIV.idName || '-' || cleanIdentifier(bookingProject.caption) as idName
|
SELECT bookingProject.uuid as uuid, debitorIV.idName || '-' || cleanIdentifier(bookingProject.caption) as idName
|
||||||
FROM hs_booking_project bookingProject
|
FROM hs_booking_project bookingProject
|
||||||
@ -194,7 +194,7 @@ call generateRbacIdentityViewFromQuery('hs_booking_project',
|
|||||||
-- ============================================================================
|
-- ============================================================================
|
||||||
--changeset hs-booking-project-rbac-RESTRICTED-VIEW:1 endDelimiter:--//
|
--changeset hs-booking-project-rbac-RESTRICTED-VIEW:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
call generateRbacRestrictedView('hs_booking_project',
|
call rbac.generateRbacRestrictedView('hs_booking_project',
|
||||||
$orderBy$
|
$orderBy$
|
||||||
caption
|
caption
|
||||||
$orderBy$,
|
$orderBy$,
|
||||||
|
@ -5,14 +5,14 @@
|
|||||||
-- ============================================================================
|
-- ============================================================================
|
||||||
--changeset hs-booking-item-rbac-OBJECT:1 endDelimiter:--//
|
--changeset hs-booking-item-rbac-OBJECT:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
call generateRelatedRbacObject('hs_booking_item');
|
call rbac.generateRelatedRbacObject('hs_booking_item');
|
||||||
--//
|
--//
|
||||||
|
|
||||||
|
|
||||||
-- ============================================================================
|
-- ============================================================================
|
||||||
--changeset hs-booking-item-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--//
|
--changeset hs-booking-item-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
call generateRbacRoleDescriptors('hsBookingItem', 'hs_booking_item');
|
call rbac.generateRbacRoleDescriptors('hsBookingItem', 'hs_booking_item');
|
||||||
--//
|
--//
|
||||||
|
|
||||||
|
|
||||||
@ -40,25 +40,25 @@ begin
|
|||||||
|
|
||||||
SELECT * FROM hs_booking_item WHERE uuid = NEW.parentItemUuid INTO newParentItem;
|
SELECT * FROM hs_booking_item WHERE uuid = NEW.parentItemUuid INTO newParentItem;
|
||||||
|
|
||||||
perform createRoleWithGrants(
|
perform rbac.defineRoleWithGrants(
|
||||||
hsBookingItemOWNER(NEW),
|
hsBookingItemOWNER(NEW),
|
||||||
incomingSuperRoles => array[
|
incomingSuperRoles => array[
|
||||||
hsBookingItemAGENT(newParentItem),
|
hsBookingItemAGENT(newParentItem),
|
||||||
hsBookingProjectAGENT(newProject)]
|
hsBookingProjectAGENT(newProject)]
|
||||||
);
|
);
|
||||||
|
|
||||||
perform createRoleWithGrants(
|
perform rbac.defineRoleWithGrants(
|
||||||
hsBookingItemADMIN(NEW),
|
hsBookingItemADMIN(NEW),
|
||||||
permissions => array['UPDATE'],
|
permissions => array['UPDATE'],
|
||||||
incomingSuperRoles => array[hsBookingItemOWNER(NEW)]
|
incomingSuperRoles => array[hsBookingItemOWNER(NEW)]
|
||||||
);
|
);
|
||||||
|
|
||||||
perform createRoleWithGrants(
|
perform rbac.defineRoleWithGrants(
|
||||||
hsBookingItemAGENT(NEW),
|
hsBookingItemAGENT(NEW),
|
||||||
incomingSuperRoles => array[hsBookingItemADMIN(NEW)]
|
incomingSuperRoles => array[hsBookingItemADMIN(NEW)]
|
||||||
);
|
);
|
||||||
|
|
||||||
perform createRoleWithGrants(
|
perform rbac.defineRoleWithGrants(
|
||||||
hsBookingItemTENANT(NEW),
|
hsBookingItemTENANT(NEW),
|
||||||
permissions => array['SELECT'],
|
permissions => array['SELECT'],
|
||||||
incomingSuperRoles => array[hsBookingItemAGENT(NEW)],
|
incomingSuperRoles => array[hsBookingItemAGENT(NEW)],
|
||||||
@ -253,7 +253,7 @@ create trigger hs_booking_item_insert_permission_check_tg
|
|||||||
--changeset hs-booking-item-rbac-IDENTITY-VIEW:1 endDelimiter:--//
|
--changeset hs-booking-item-rbac-IDENTITY-VIEW:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
|
|
||||||
call generateRbacIdentityViewFromProjection('hs_booking_item',
|
call rbac.generateRbacIdentityViewFromProjection('hs_booking_item',
|
||||||
$idName$
|
$idName$
|
||||||
caption
|
caption
|
||||||
$idName$);
|
$idName$);
|
||||||
@ -263,7 +263,7 @@ call generateRbacIdentityViewFromProjection('hs_booking_item',
|
|||||||
-- ============================================================================
|
-- ============================================================================
|
||||||
--changeset hs-booking-item-rbac-RESTRICTED-VIEW:1 endDelimiter:--//
|
--changeset hs-booking-item-rbac-RESTRICTED-VIEW:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
call generateRbacRestrictedView('hs_booking_item',
|
call rbac.generateRbacRestrictedView('hs_booking_item',
|
||||||
$orderBy$
|
$orderBy$
|
||||||
validity
|
validity
|
||||||
$orderBy$,
|
$orderBy$,
|
||||||
|
@ -5,14 +5,14 @@
|
|||||||
-- ============================================================================
|
-- ============================================================================
|
||||||
--changeset hs-booking-item-rbac-OBJECT:1 endDelimiter:--//
|
--changeset hs-booking-item-rbac-OBJECT:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
call generateRelatedRbacObject('hs_booking_item');
|
call rbac.generateRelatedRbacObject('hs_booking_item');
|
||||||
--//
|
--//
|
||||||
|
|
||||||
|
|
||||||
-- ============================================================================
|
-- ============================================================================
|
||||||
--changeset hs-booking-item-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--//
|
--changeset hs-booking-item-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
call generateRbacRoleDescriptors('hsBookingItem', 'hs_booking_item');
|
call rbac.generateRbacRoleDescriptors('hsBookingItem', 'hs_booking_item');
|
||||||
--//
|
--//
|
||||||
|
|
||||||
|
|
||||||
@ -40,25 +40,25 @@ begin
|
|||||||
|
|
||||||
SELECT * FROM hs_booking_item WHERE uuid = NEW.parentItemUuid INTO newParentItem;
|
SELECT * FROM hs_booking_item WHERE uuid = NEW.parentItemUuid INTO newParentItem;
|
||||||
|
|
||||||
perform createRoleWithGrants(
|
perform rbac.defineRoleWithGrants(
|
||||||
hsBookingItemOWNER(NEW),
|
hsBookingItemOWNER(NEW),
|
||||||
incomingSuperRoles => array[
|
incomingSuperRoles => array[
|
||||||
hsBookingItemAGENT(newParentItem),
|
hsBookingItemAGENT(newParentItem),
|
||||||
hsBookingProjectAGENT(newProject)]
|
hsBookingProjectAGENT(newProject)]
|
||||||
);
|
);
|
||||||
|
|
||||||
perform createRoleWithGrants(
|
perform rbac.defineRoleWithGrants(
|
||||||
hsBookingItemADMIN(NEW),
|
hsBookingItemADMIN(NEW),
|
||||||
permissions => array['UPDATE'],
|
permissions => array['UPDATE'],
|
||||||
incomingSuperRoles => array[hsBookingItemOWNER(NEW)]
|
incomingSuperRoles => array[hsBookingItemOWNER(NEW)]
|
||||||
);
|
);
|
||||||
|
|
||||||
perform createRoleWithGrants(
|
perform rbac.defineRoleWithGrants(
|
||||||
hsBookingItemAGENT(NEW),
|
hsBookingItemAGENT(NEW),
|
||||||
incomingSuperRoles => array[hsBookingItemADMIN(NEW)]
|
incomingSuperRoles => array[hsBookingItemADMIN(NEW)]
|
||||||
);
|
);
|
||||||
|
|
||||||
perform createRoleWithGrants(
|
perform rbac.defineRoleWithGrants(
|
||||||
hsBookingItemTENANT(NEW),
|
hsBookingItemTENANT(NEW),
|
||||||
permissions => array['SELECT'],
|
permissions => array['SELECT'],
|
||||||
incomingSuperRoles => array[hsBookingItemAGENT(NEW)],
|
incomingSuperRoles => array[hsBookingItemAGENT(NEW)],
|
||||||
@ -253,7 +253,7 @@ create trigger hs_booking_item_insert_permission_check_tg
|
|||||||
--changeset hs-booking-item-rbac-IDENTITY-VIEW:1 endDelimiter:--//
|
--changeset hs-booking-item-rbac-IDENTITY-VIEW:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
|
|
||||||
call generateRbacIdentityViewFromProjection('hs_booking_item',
|
call rbac.generateRbacIdentityViewFromProjection('hs_booking_item',
|
||||||
$idName$
|
$idName$
|
||||||
caption
|
caption
|
||||||
$idName$);
|
$idName$);
|
||||||
@ -263,7 +263,7 @@ call generateRbacIdentityViewFromProjection('hs_booking_item',
|
|||||||
-- ============================================================================
|
-- ============================================================================
|
||||||
--changeset hs-booking-item-rbac-RESTRICTED-VIEW:1 endDelimiter:--//
|
--changeset hs-booking-item-rbac-RESTRICTED-VIEW:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
call generateRbacRestrictedView('hs_booking_item',
|
call rbac.generateRbacRestrictedView('hs_booking_item',
|
||||||
$orderBy$
|
$orderBy$
|
||||||
validity
|
validity
|
||||||
$orderBy$,
|
$orderBy$,
|
||||||
|
@ -5,14 +5,14 @@
|
|||||||
-- ============================================================================
|
-- ============================================================================
|
||||||
--changeset hs-hosting-asset-rbac-OBJECT:1 endDelimiter:--//
|
--changeset hs-hosting-asset-rbac-OBJECT:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
call generateRelatedRbacObject('hs_hosting_asset');
|
call rbac.generateRelatedRbacObject('hs_hosting_asset');
|
||||||
--//
|
--//
|
||||||
|
|
||||||
|
|
||||||
-- ============================================================================
|
-- ============================================================================
|
||||||
--changeset hs-hosting-asset-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--//
|
--changeset hs-hosting-asset-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
call generateRbacRoleDescriptors('hsHostingAsset', 'hs_hosting_asset');
|
call rbac.generateRbacRoleDescriptors('hsHostingAsset', 'hs_hosting_asset');
|
||||||
--//
|
--//
|
||||||
|
|
||||||
|
|
||||||
@ -46,7 +46,7 @@ begin
|
|||||||
|
|
||||||
SELECT * FROM hs_hosting_asset WHERE uuid = NEW.parentAssetUuid INTO newParentAsset;
|
SELECT * FROM hs_hosting_asset WHERE uuid = NEW.parentAssetUuid INTO newParentAsset;
|
||||||
|
|
||||||
perform createRoleWithGrants(
|
perform rbac.defineRoleWithGrants(
|
||||||
hsHostingAssetOWNER(NEW),
|
hsHostingAssetOWNER(NEW),
|
||||||
permissions => array['DELETE'],
|
permissions => array['DELETE'],
|
||||||
incomingSuperRoles => array[
|
incomingSuperRoles => array[
|
||||||
@ -56,7 +56,7 @@ begin
|
|||||||
subjectUuids => array[rbac.currentSubjectUuid()]
|
subjectUuids => array[rbac.currentSubjectUuid()]
|
||||||
);
|
);
|
||||||
|
|
||||||
perform createRoleWithGrants(
|
perform rbac.defineRoleWithGrants(
|
||||||
hsHostingAssetADMIN(NEW),
|
hsHostingAssetADMIN(NEW),
|
||||||
permissions => array['UPDATE'],
|
permissions => array['UPDATE'],
|
||||||
incomingSuperRoles => array[
|
incomingSuperRoles => array[
|
||||||
@ -65,7 +65,7 @@ begin
|
|||||||
hsHostingAssetOWNER(NEW)]
|
hsHostingAssetOWNER(NEW)]
|
||||||
);
|
);
|
||||||
|
|
||||||
perform createRoleWithGrants(
|
perform rbac.defineRoleWithGrants(
|
||||||
hsHostingAssetAGENT(NEW),
|
hsHostingAssetAGENT(NEW),
|
||||||
incomingSuperRoles => array[
|
incomingSuperRoles => array[
|
||||||
hsHostingAssetADMIN(NEW),
|
hsHostingAssetADMIN(NEW),
|
||||||
@ -75,7 +75,7 @@ begin
|
|||||||
hsOfficeContactREFERRER(newAlarmContact)]
|
hsOfficeContactREFERRER(newAlarmContact)]
|
||||||
);
|
);
|
||||||
|
|
||||||
perform createRoleWithGrants(
|
perform rbac.defineRoleWithGrants(
|
||||||
hsHostingAssetTENANT(NEW),
|
hsHostingAssetTENANT(NEW),
|
||||||
permissions => array['SELECT'],
|
permissions => array['SELECT'],
|
||||||
incomingSuperRoles => array[
|
incomingSuperRoles => array[
|
||||||
@ -158,7 +158,7 @@ execute procedure updateTriggerForHsHostingAsset_tf();
|
|||||||
--changeset hs-hosting-asset-rbac-IDENTITY-VIEW:1 endDelimiter:--//
|
--changeset hs-hosting-asset-rbac-IDENTITY-VIEW:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
|
|
||||||
call generateRbacIdentityViewFromProjection('hs_hosting_asset',
|
call rbac.generateRbacIdentityViewFromProjection('hs_hosting_asset',
|
||||||
$idName$
|
$idName$
|
||||||
identifier
|
identifier
|
||||||
$idName$);
|
$idName$);
|
||||||
@ -168,7 +168,7 @@ call generateRbacIdentityViewFromProjection('hs_hosting_asset',
|
|||||||
-- ============================================================================
|
-- ============================================================================
|
||||||
--changeset hs-hosting-asset-rbac-RESTRICTED-VIEW:1 endDelimiter:--//
|
--changeset hs-hosting-asset-rbac-RESTRICTED-VIEW:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
call generateRbacRestrictedView('hs_hosting_asset',
|
call rbac.generateRbacRestrictedView('hs_hosting_asset',
|
||||||
$orderBy$
|
$orderBy$
|
||||||
identifier
|
identifier
|
||||||
$orderBy$,
|
$orderBy$,
|
||||||
|
Loading…
Reference in New Issue
Block a user