WIP: introduce separate database schemas #102

Closed
hsh-michaelhoennig wants to merge 57 commits from introduce-separate-database-schemas into master
16 changed files with 19 additions and 19 deletions
Showing only changes of commit d7643f0f25 - Show all commits

View File

@ -255,7 +255,7 @@ public class InsertTriggerGenerator {
plPgSql.writeLn(); plPgSql.writeLn();
plPgSql.writeLn(""" plPgSql.writeLn("""
raise exception '[403] insert into ${rawSubTable} values(%) not allowed for current subjects % (%)', raise exception '[403] insert into ${rawSubTable} values(%) not allowed for current subjects % (%)',
NEW, rbac.currentSubjects(), currentSubjectOrAssumedRolesUuids(); NEW, base.currentSubjects(), currentSubjectOrAssumedRolesUuids();
end; $$; end; $$;
create trigger ${rawSubTable}_insert_permission_check_tg create trigger ${rawSubTable}_insert_permission_check_tg

View File

@ -51,7 +51,7 @@ begin
if NOT rbac.isGranted(rbac.currentSubjectOrAssumedRolesUuids(), grantedByRoleUuid) then if NOT rbac.isGranted(rbac.currentSubjectOrAssumedRolesUuids(), grantedByRoleUuid) then
select roleIdName from rbac.role_ev where uuid=grantedByRoleUuid into grantedByRoleIdName; select roleIdName from rbac.role_ev where uuid=grantedByRoleUuid into grantedByRoleIdName;
raise exception '[403] Access to granted-by-role % (%) forbidden for % (%)', raise exception '[403] Access to granted-by-role % (%) forbidden for % (%)',
grantedByRoleIdName, grantedByRoleUuid, rbac.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); grantedByRoleIdName, grantedByRoleUuid, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
end if; end if;
if NOT rbac.isGranted(grantedByRoleUuid, grantedRoleUuid) then if NOT rbac.isGranted(grantedByRoleUuid, grantedRoleUuid) then
select roleIdName from rbac.role_ev where uuid=grantedByRoleUuid into grantedByRoleIdName; select roleIdName from rbac.role_ev where uuid=grantedByRoleUuid into grantedByRoleIdName;
@ -82,16 +82,16 @@ begin
perform rbac.assertReferenceType('subjectUuid (ascendant)', subjectUuid, 'rbac.subject'); perform rbac.assertReferenceType('subjectUuid (ascendant)', subjectUuid, 'rbac.subject');
if NOT rbac.isGranted(rbac.currentSubjectOrAssumedRolesUuids(), grantedByRoleUuid) then if NOT rbac.isGranted(rbac.currentSubjectOrAssumedRolesUuids(), grantedByRoleUuid) then
raise exception '[403] Revoking role created by % is forbidden for %.', grantedByRoleUuid, rbac.currentSubjects(); raise exception '[403] Revoking role created by % is forbidden for %.', grantedByRoleUuid, base.currentSubjects();
end if; end if;
if NOT rbac.isGranted(grantedByRoleUuid, grantedRoleUuid) then if NOT rbac.isGranted(grantedByRoleUuid, grantedRoleUuid) then
raise exception '[403] Revoking role % is forbidden for %.', grantedRoleUuid, rbac.currentSubjects(); raise exception '[403] Revoking role % is forbidden for %.', grantedRoleUuid, base.currentSubjects();
end if; end if;
--raise exception 'rbac.isGranted(%, %)', rbac.currentSubjectOrAssumedRolesUuids(), grantedByRoleUuid; --raise exception 'rbac.isGranted(%, %)', rbac.currentSubjectOrAssumedRolesUuids(), grantedByRoleUuid;
if NOT rbac.isGranted(rbac.currentSubjectOrAssumedRolesUuids(), grantedByRoleUuid) then if NOT rbac.isGranted(rbac.currentSubjectOrAssumedRolesUuids(), grantedByRoleUuid) then
raise exception '[403] Revoking role granted by % is forbidden for %.', grantedByRoleUuid, rbac.currentSubjects(); raise exception '[403] Revoking role granted by % is forbidden for %.', grantedByRoleUuid, base.currentSubjects();
end if; end if;
if NOT rbac.isGranted(subjectUuid, grantedRoleUuid) then if NOT rbac.isGranted(subjectUuid, grantedRoleUuid) then

View File

@ -143,7 +143,7 @@ begin
end if; end if;
raise exception '[403] insert into test_customer values(%) not allowed for current subjects % (%)', raise exception '[403] insert into test_customer values(%) not allowed for current subjects % (%)',
NEW, rbac.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
end; $$; end; $$;
create trigger test_customer_insert_permission_check_tg create trigger test_customer_insert_permission_check_tg

View File

@ -208,7 +208,7 @@ begin
end if; end if;
raise exception '[403] insert into test_package values(%) not allowed for current subjects % (%)', raise exception '[403] insert into test_package values(%) not allowed for current subjects % (%)',
NEW, rbac.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
end; $$; end; $$;
create trigger test_package_insert_permission_check_tg create trigger test_package_insert_permission_check_tg

View File

@ -207,7 +207,7 @@ begin
end if; end if;
raise exception '[403] insert into test_domain values(%) not allowed for current subjects % (%)', raise exception '[403] insert into test_domain values(%) not allowed for current subjects % (%)',
NEW, rbac.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
end; $$; end; $$;
create trigger test_domain_insert_permission_check_tg create trigger test_domain_insert_permission_check_tg

View File

@ -217,7 +217,7 @@ begin
end if; end if;
raise exception '[403] insert into hs_office_relation not allowed for current subjects % (%)', raise exception '[403] insert into hs_office_relation not allowed for current subjects % (%)',
rbac.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
end; $$; end; $$;
create trigger hs_office_relation_insert_permission_check_tg create trigger hs_office_relation_insert_permission_check_tg

View File

@ -220,7 +220,7 @@ begin
end if; end if;
raise exception '[403] insert into hs_office_partner values(%) not allowed for current subjects % (%)', raise exception '[403] insert into hs_office_partner values(%) not allowed for current subjects % (%)',
NEW, rbac.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
end; $$; end; $$;
create trigger hs_office_partner_insert_permission_check_tg create trigger hs_office_partner_insert_permission_check_tg

View File

@ -124,7 +124,7 @@ begin
end if; end if;
raise exception '[403] insert into hs_office_partner_details values(%) not allowed for current subjects % (%)', raise exception '[403] insert into hs_office_partner_details values(%) not allowed for current subjects % (%)',
NEW, rbac.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
end; $$; end; $$;
create trigger hs_office_partner_details_insert_permission_check_tg create trigger hs_office_partner_details_insert_permission_check_tg

View File

@ -193,7 +193,7 @@ begin
end if; end if;
raise exception '[403] insert into hs_office_debitor values(%) not allowed for current subjects % (%)', raise exception '[403] insert into hs_office_debitor values(%) not allowed for current subjects % (%)',
NEW, rbac.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
end; $$; end; $$;
create trigger hs_office_debitor_insert_permission_check_tg create trigger hs_office_debitor_insert_permission_check_tg

View File

@ -174,7 +174,7 @@ begin
end if; end if;
raise exception '[403] insert into hs_office_sepamandate values(%) not allowed for current subjects % (%)', raise exception '[403] insert into hs_office_sepamandate values(%) not allowed for current subjects % (%)',
NEW, rbac.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
end; $$; end; $$;
create trigger hs_office_sepamandate_insert_permission_check_tg create trigger hs_office_sepamandate_insert_permission_check_tg

View File

@ -155,7 +155,7 @@ begin
end if; end if;
raise exception '[403] insert into hs_office_membership values(%) not allowed for current subjects % (%)', raise exception '[403] insert into hs_office_membership values(%) not allowed for current subjects % (%)',
NEW, rbac.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
end; $$; end; $$;
create trigger hs_office_membership_insert_permission_check_tg create trigger hs_office_membership_insert_permission_check_tg

View File

@ -131,7 +131,7 @@ begin
end if; end if;
raise exception '[403] insert into hs_office_coopsharestransaction values(%) not allowed for current subjects % (%)', raise exception '[403] insert into hs_office_coopsharestransaction values(%) not allowed for current subjects % (%)',
NEW, rbac.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
end; $$; end; $$;
create trigger hs_office_coopsharestransaction_insert_permission_check_tg create trigger hs_office_coopsharestransaction_insert_permission_check_tg

View File

@ -131,7 +131,7 @@ begin
end if; end if;
raise exception '[403] insert into hs_office_coopassetstransaction values(%) not allowed for current subjects % (%)', raise exception '[403] insert into hs_office_coopassetstransaction values(%) not allowed for current subjects % (%)',
NEW, rbac.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
end; $$; end; $$;
create trigger hs_office_coopassetstransaction_insert_permission_check_tg create trigger hs_office_coopassetstransaction_insert_permission_check_tg

View File

@ -168,7 +168,7 @@ begin
end if; end if;
raise exception '[403] insert into hs_booking_project values(%) not allowed for current subjects % (%)', raise exception '[403] insert into hs_booking_project values(%) not allowed for current subjects % (%)',
NEW, rbac.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
end; $$; end; $$;
create trigger hs_booking_project_insert_permission_check_tg create trigger hs_booking_project_insert_permission_check_tg

View File

@ -239,7 +239,7 @@ begin
end if; end if;
raise exception '[403] insert into hs_booking_item values(%) not allowed for current subjects % (%)', raise exception '[403] insert into hs_booking_item values(%) not allowed for current subjects % (%)',
NEW, rbac.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
end; $$; end; $$;
create trigger hs_booking_item_insert_permission_check_tg create trigger hs_booking_item_insert_permission_check_tg

View File

@ -239,7 +239,7 @@ begin
end if; end if;
raise exception '[403] insert into hs_booking_item values(%) not allowed for current subjects % (%)', raise exception '[403] insert into hs_booking_item values(%) not allowed for current subjects % (%)',
NEW, rbac.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
end; $$; end; $$;
create trigger hs_booking_item_insert_permission_check_tg create trigger hs_booking_item_insert_permission_check_tg