WIP: introduce separate database schemas #102
@ -255,7 +255,7 @@ public class InsertTriggerGenerator {
|
|||||||
plPgSql.writeLn();
|
plPgSql.writeLn();
|
||||||
plPgSql.writeLn("""
|
plPgSql.writeLn("""
|
||||||
raise exception '[403] insert into ${rawSubTable} values(%) not allowed for current subjects % (%)',
|
raise exception '[403] insert into ${rawSubTable} values(%) not allowed for current subjects % (%)',
|
||||||
NEW, rbac.currentSubjects(), currentSubjectOrAssumedRolesUuids();
|
NEW, base.currentSubjects(), currentSubjectOrAssumedRolesUuids();
|
||||||
end; $$;
|
end; $$;
|
||||||
|
|
||||||
create trigger ${rawSubTable}_insert_permission_check_tg
|
create trigger ${rawSubTable}_insert_permission_check_tg
|
||||||
|
@ -51,7 +51,7 @@ begin
|
|||||||
if NOT rbac.isGranted(rbac.currentSubjectOrAssumedRolesUuids(), grantedByRoleUuid) then
|
if NOT rbac.isGranted(rbac.currentSubjectOrAssumedRolesUuids(), grantedByRoleUuid) then
|
||||||
select roleIdName from rbac.role_ev where uuid=grantedByRoleUuid into grantedByRoleIdName;
|
select roleIdName from rbac.role_ev where uuid=grantedByRoleUuid into grantedByRoleIdName;
|
||||||
raise exception '[403] Access to granted-by-role % (%) forbidden for % (%)',
|
raise exception '[403] Access to granted-by-role % (%) forbidden for % (%)',
|
||||||
grantedByRoleIdName, grantedByRoleUuid, rbac.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
|
grantedByRoleIdName, grantedByRoleUuid, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
|
||||||
end if;
|
end if;
|
||||||
if NOT rbac.isGranted(grantedByRoleUuid, grantedRoleUuid) then
|
if NOT rbac.isGranted(grantedByRoleUuid, grantedRoleUuid) then
|
||||||
select roleIdName from rbac.role_ev where uuid=grantedByRoleUuid into grantedByRoleIdName;
|
select roleIdName from rbac.role_ev where uuid=grantedByRoleUuid into grantedByRoleIdName;
|
||||||
@ -82,16 +82,16 @@ begin
|
|||||||
perform rbac.assertReferenceType('subjectUuid (ascendant)', subjectUuid, 'rbac.subject');
|
perform rbac.assertReferenceType('subjectUuid (ascendant)', subjectUuid, 'rbac.subject');
|
||||||
|
|
||||||
if NOT rbac.isGranted(rbac.currentSubjectOrAssumedRolesUuids(), grantedByRoleUuid) then
|
if NOT rbac.isGranted(rbac.currentSubjectOrAssumedRolesUuids(), grantedByRoleUuid) then
|
||||||
raise exception '[403] Revoking role created by % is forbidden for %.', grantedByRoleUuid, rbac.currentSubjects();
|
raise exception '[403] Revoking role created by % is forbidden for %.', grantedByRoleUuid, base.currentSubjects();
|
||||||
end if;
|
end if;
|
||||||
|
|
||||||
if NOT rbac.isGranted(grantedByRoleUuid, grantedRoleUuid) then
|
if NOT rbac.isGranted(grantedByRoleUuid, grantedRoleUuid) then
|
||||||
raise exception '[403] Revoking role % is forbidden for %.', grantedRoleUuid, rbac.currentSubjects();
|
raise exception '[403] Revoking role % is forbidden for %.', grantedRoleUuid, base.currentSubjects();
|
||||||
end if;
|
end if;
|
||||||
|
|
||||||
--raise exception 'rbac.isGranted(%, %)', rbac.currentSubjectOrAssumedRolesUuids(), grantedByRoleUuid;
|
--raise exception 'rbac.isGranted(%, %)', rbac.currentSubjectOrAssumedRolesUuids(), grantedByRoleUuid;
|
||||||
if NOT rbac.isGranted(rbac.currentSubjectOrAssumedRolesUuids(), grantedByRoleUuid) then
|
if NOT rbac.isGranted(rbac.currentSubjectOrAssumedRolesUuids(), grantedByRoleUuid) then
|
||||||
raise exception '[403] Revoking role granted by % is forbidden for %.', grantedByRoleUuid, rbac.currentSubjects();
|
raise exception '[403] Revoking role granted by % is forbidden for %.', grantedByRoleUuid, base.currentSubjects();
|
||||||
end if;
|
end if;
|
||||||
|
|
||||||
if NOT rbac.isGranted(subjectUuid, grantedRoleUuid) then
|
if NOT rbac.isGranted(subjectUuid, grantedRoleUuid) then
|
||||||
|
@ -143,7 +143,7 @@ begin
|
|||||||
end if;
|
end if;
|
||||||
|
|
||||||
raise exception '[403] insert into test_customer values(%) not allowed for current subjects % (%)',
|
raise exception '[403] insert into test_customer values(%) not allowed for current subjects % (%)',
|
||||||
NEW, rbac.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
|
NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
|
||||||
end; $$;
|
end; $$;
|
||||||
|
|
||||||
create trigger test_customer_insert_permission_check_tg
|
create trigger test_customer_insert_permission_check_tg
|
||||||
|
@ -208,7 +208,7 @@ begin
|
|||||||
end if;
|
end if;
|
||||||
|
|
||||||
raise exception '[403] insert into test_package values(%) not allowed for current subjects % (%)',
|
raise exception '[403] insert into test_package values(%) not allowed for current subjects % (%)',
|
||||||
NEW, rbac.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
|
NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
|
||||||
end; $$;
|
end; $$;
|
||||||
|
|
||||||
create trigger test_package_insert_permission_check_tg
|
create trigger test_package_insert_permission_check_tg
|
||||||
|
@ -207,7 +207,7 @@ begin
|
|||||||
end if;
|
end if;
|
||||||
|
|
||||||
raise exception '[403] insert into test_domain values(%) not allowed for current subjects % (%)',
|
raise exception '[403] insert into test_domain values(%) not allowed for current subjects % (%)',
|
||||||
NEW, rbac.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
|
NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
|
||||||
end; $$;
|
end; $$;
|
||||||
|
|
||||||
create trigger test_domain_insert_permission_check_tg
|
create trigger test_domain_insert_permission_check_tg
|
||||||
|
@ -217,7 +217,7 @@ begin
|
|||||||
end if;
|
end if;
|
||||||
|
|
||||||
raise exception '[403] insert into hs_office_relation not allowed for current subjects % (%)',
|
raise exception '[403] insert into hs_office_relation not allowed for current subjects % (%)',
|
||||||
rbac.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
|
base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
|
||||||
end; $$;
|
end; $$;
|
||||||
|
|
||||||
create trigger hs_office_relation_insert_permission_check_tg
|
create trigger hs_office_relation_insert_permission_check_tg
|
||||||
|
@ -220,7 +220,7 @@ begin
|
|||||||
end if;
|
end if;
|
||||||
|
|
||||||
raise exception '[403] insert into hs_office_partner values(%) not allowed for current subjects % (%)',
|
raise exception '[403] insert into hs_office_partner values(%) not allowed for current subjects % (%)',
|
||||||
NEW, rbac.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
|
NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
|
||||||
end; $$;
|
end; $$;
|
||||||
|
|
||||||
create trigger hs_office_partner_insert_permission_check_tg
|
create trigger hs_office_partner_insert_permission_check_tg
|
||||||
|
@ -124,7 +124,7 @@ begin
|
|||||||
end if;
|
end if;
|
||||||
|
|
||||||
raise exception '[403] insert into hs_office_partner_details values(%) not allowed for current subjects % (%)',
|
raise exception '[403] insert into hs_office_partner_details values(%) not allowed for current subjects % (%)',
|
||||||
NEW, rbac.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
|
NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
|
||||||
end; $$;
|
end; $$;
|
||||||
|
|
||||||
create trigger hs_office_partner_details_insert_permission_check_tg
|
create trigger hs_office_partner_details_insert_permission_check_tg
|
||||||
|
@ -193,7 +193,7 @@ begin
|
|||||||
end if;
|
end if;
|
||||||
|
|
||||||
raise exception '[403] insert into hs_office_debitor values(%) not allowed for current subjects % (%)',
|
raise exception '[403] insert into hs_office_debitor values(%) not allowed for current subjects % (%)',
|
||||||
NEW, rbac.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
|
NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
|
||||||
end; $$;
|
end; $$;
|
||||||
|
|
||||||
create trigger hs_office_debitor_insert_permission_check_tg
|
create trigger hs_office_debitor_insert_permission_check_tg
|
||||||
|
@ -174,7 +174,7 @@ begin
|
|||||||
end if;
|
end if;
|
||||||
|
|
||||||
raise exception '[403] insert into hs_office_sepamandate values(%) not allowed for current subjects % (%)',
|
raise exception '[403] insert into hs_office_sepamandate values(%) not allowed for current subjects % (%)',
|
||||||
NEW, rbac.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
|
NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
|
||||||
end; $$;
|
end; $$;
|
||||||
|
|
||||||
create trigger hs_office_sepamandate_insert_permission_check_tg
|
create trigger hs_office_sepamandate_insert_permission_check_tg
|
||||||
|
@ -155,7 +155,7 @@ begin
|
|||||||
end if;
|
end if;
|
||||||
|
|
||||||
raise exception '[403] insert into hs_office_membership values(%) not allowed for current subjects % (%)',
|
raise exception '[403] insert into hs_office_membership values(%) not allowed for current subjects % (%)',
|
||||||
NEW, rbac.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
|
NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
|
||||||
end; $$;
|
end; $$;
|
||||||
|
|
||||||
create trigger hs_office_membership_insert_permission_check_tg
|
create trigger hs_office_membership_insert_permission_check_tg
|
||||||
|
@ -131,7 +131,7 @@ begin
|
|||||||
end if;
|
end if;
|
||||||
|
|
||||||
raise exception '[403] insert into hs_office_coopsharestransaction values(%) not allowed for current subjects % (%)',
|
raise exception '[403] insert into hs_office_coopsharestransaction values(%) not allowed for current subjects % (%)',
|
||||||
NEW, rbac.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
|
NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
|
||||||
end; $$;
|
end; $$;
|
||||||
|
|
||||||
create trigger hs_office_coopsharestransaction_insert_permission_check_tg
|
create trigger hs_office_coopsharestransaction_insert_permission_check_tg
|
||||||
|
@ -131,7 +131,7 @@ begin
|
|||||||
end if;
|
end if;
|
||||||
|
|
||||||
raise exception '[403] insert into hs_office_coopassetstransaction values(%) not allowed for current subjects % (%)',
|
raise exception '[403] insert into hs_office_coopassetstransaction values(%) not allowed for current subjects % (%)',
|
||||||
NEW, rbac.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
|
NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
|
||||||
end; $$;
|
end; $$;
|
||||||
|
|
||||||
create trigger hs_office_coopassetstransaction_insert_permission_check_tg
|
create trigger hs_office_coopassetstransaction_insert_permission_check_tg
|
||||||
|
@ -168,7 +168,7 @@ begin
|
|||||||
end if;
|
end if;
|
||||||
|
|
||||||
raise exception '[403] insert into hs_booking_project values(%) not allowed for current subjects % (%)',
|
raise exception '[403] insert into hs_booking_project values(%) not allowed for current subjects % (%)',
|
||||||
NEW, rbac.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
|
NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
|
||||||
end; $$;
|
end; $$;
|
||||||
|
|
||||||
create trigger hs_booking_project_insert_permission_check_tg
|
create trigger hs_booking_project_insert_permission_check_tg
|
||||||
|
@ -239,7 +239,7 @@ begin
|
|||||||
end if;
|
end if;
|
||||||
|
|
||||||
raise exception '[403] insert into hs_booking_item values(%) not allowed for current subjects % (%)',
|
raise exception '[403] insert into hs_booking_item values(%) not allowed for current subjects % (%)',
|
||||||
NEW, rbac.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
|
NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
|
||||||
end; $$;
|
end; $$;
|
||||||
|
|
||||||
create trigger hs_booking_item_insert_permission_check_tg
|
create trigger hs_booking_item_insert_permission_check_tg
|
||||||
|
@ -239,7 +239,7 @@ begin
|
|||||||
end if;
|
end if;
|
||||||
|
|
||||||
raise exception '[403] insert into hs_booking_item values(%) not allowed for current subjects % (%)',
|
raise exception '[403] insert into hs_booking_item values(%) not allowed for current subjects % (%)',
|
||||||
NEW, rbac.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
|
NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
|
||||||
end; $$;
|
end; $$;
|
||||||
|
|
||||||
create trigger hs_booking_item_insert_permission_check_tg
|
create trigger hs_booking_item_insert_permission_check_tg
|
||||||
|
Loading…
Reference in New Issue
Block a user