WIP: introduce separate database schemas #102
@ -165,13 +165,13 @@ end; $$;
|
|||||||
|
|
||||||
*/
|
*/
|
||||||
|
|
||||||
create type RbacRoleType as enum ('OWNER', 'ADMIN', 'AGENT', 'TENANT', 'GUEST', 'REFERRER');
|
create type rbac.RoleType as enum ('OWNER', 'ADMIN', 'AGENT', 'TENANT', 'GUEST', 'REFERRER');
|
||||||
|
|
||||||
create table rbac.role
|
create table rbac.role
|
||||||
(
|
(
|
||||||
uuid uuid primary key references rbac.reference (uuid) on delete cascade initially deferred, -- initially deferred
|
uuid uuid primary key references rbac.reference (uuid) on delete cascade initially deferred, -- initially deferred
|
||||||
objectUuid uuid not null references rbac.object (uuid) initially deferred,
|
objectUuid uuid not null references rbac.object (uuid) initially deferred,
|
||||||
roleType RbacRoleType not null,
|
roleType rbac.RoleType not null,
|
||||||
unique (objectUuid, roleType)
|
unique (objectUuid, roleType)
|
||||||
);
|
);
|
||||||
|
|
||||||
@ -181,7 +181,7 @@ create type RbacRoleDescriptor as
|
|||||||
(
|
(
|
||||||
objectTable varchar(63), -- for human readability and easier debugging
|
objectTable varchar(63), -- for human readability and easier debugging
|
||||||
objectUuid uuid,
|
objectUuid uuid,
|
||||||
roleType RbacRoleType,
|
roleType rbac.RoleType,
|
||||||
assumed boolean
|
assumed boolean
|
||||||
);
|
);
|
||||||
|
|
||||||
@ -201,13 +201,13 @@ $$;
|
|||||||
|
|
||||||
|
|
||||||
create or replace function roleDescriptor(
|
create or replace function roleDescriptor(
|
||||||
objectTable varchar(63), objectUuid uuid, roleType RbacRoleType,
|
objectTable varchar(63), objectUuid uuid, roleType rbac.RoleType,
|
||||||
assumed boolean = true) -- just for DSL readability, belongs actually to the grant
|
assumed boolean = true) -- just for DSL readability, belongs actually to the grant
|
||||||
returns RbacRoleDescriptor
|
returns RbacRoleDescriptor
|
||||||
returns null on null input
|
returns null on null input
|
||||||
stable -- leakproof
|
stable -- leakproof
|
||||||
language sql as $$
|
language sql as $$
|
||||||
select objectTable, objectUuid, roleType::RbacRoleType, assumed;
|
select objectTable, objectUuid, roleType::rbac.RoleType, assumed;
|
||||||
$$;
|
$$;
|
||||||
|
|
||||||
create or replace function createRole(roleDescriptor RbacRoleDescriptor)
|
create or replace function createRole(roleDescriptor RbacRoleDescriptor)
|
||||||
@ -243,7 +243,7 @@ create or replace function findRoleId(roleIdName varchar)
|
|||||||
language plpgsql as $$
|
language plpgsql as $$
|
||||||
declare
|
declare
|
||||||
roleParts text;
|
roleParts text;
|
||||||
roleTypeFromRoleIdName RbacRoleType;
|
roleTypeFromRoleIdName rbac.RoleType;
|
||||||
objectNameFromRoleIdName text;
|
objectNameFromRoleIdName text;
|
||||||
objectTableFromRoleIdName text;
|
objectTableFromRoleIdName text;
|
||||||
objectUuidOfRole uuid;
|
objectUuidOfRole uuid;
|
||||||
|
@ -33,7 +33,7 @@ declare
|
|||||||
objectTableToAssume varchar(63);
|
objectTableToAssume varchar(63);
|
||||||
objectNameToAssume varchar(63);
|
objectNameToAssume varchar(63);
|
||||||
objectUuidToAssume uuid;
|
objectUuidToAssume uuid;
|
||||||
roleTypeToAssume RbacRoleType;
|
roleTypeToAssume rbac.RoleType;
|
||||||
roleIdsToAssume uuid[];
|
roleIdsToAssume uuid[];
|
||||||
roleUuidToAssume uuid;
|
roleUuidToAssume uuid;
|
||||||
begin
|
begin
|
||||||
|
@ -114,7 +114,7 @@ create or replace function globalAdmin(assumed boolean = true)
|
|||||||
returns null on null input
|
returns null on null input
|
||||||
stable -- leakproof
|
stable -- leakproof
|
||||||
language sql as $$
|
language sql as $$
|
||||||
select 'rbac.global', (select uuid from rbac.object where objectTable = 'rbac.global'), 'ADMIN'::RbacRoleType, assumed;
|
select 'rbac.global', (select uuid from rbac.object where objectTable = 'rbac.global'), 'ADMIN'::rbac.RoleType, assumed;
|
||||||
$$;
|
$$;
|
||||||
|
|
||||||
begin transaction;
|
begin transaction;
|
||||||
@ -135,7 +135,7 @@ create or replace function globalGuest(assumed boolean = true)
|
|||||||
returns null on null input
|
returns null on null input
|
||||||
stable -- leakproof
|
stable -- leakproof
|
||||||
language sql as $$
|
language sql as $$
|
||||||
select 'rbac.global', (select uuid from rbac.object where objectTable = 'rbac.global'), 'GUEST'::RbacRoleType, assumed;
|
select 'rbac.global', (select uuid from rbac.object where objectTable = 'rbac.global'), 'GUEST'::rbac.RoleType, assumed;
|
||||||
$$;
|
$$;
|
||||||
|
|
||||||
begin transaction;
|
begin transaction;
|
||||||
|
Loading…
Reference in New Issue
Block a user