WIP: introduce separate database schemas #102

Closed
hsh-michaelhoennig wants to merge 57 commits from introduce-separate-database-schemas into master
2 changed files with 12 additions and 12 deletions
Showing only changes of commit fd11f5903a - Show all commits

View File

@ -144,7 +144,7 @@ grant all privileges on rbacrole_rv to ${HSADMINNG_POSTGRES_RESTRICTED_USERNAME}
/** /**
Instead of insert trigger function for RbacGrants_RV. Instead of insert trigger function for RbacGrants_RV.
*/ */
create or replace function insertRbacGrant() create or replace function rbac.insert_grant_tf()
returns trigger returns trigger
language plpgsql as $$ language plpgsql as $$
declare declare
@ -161,11 +161,11 @@ end; $$;
/* /*
Creates an instead of insert trigger for the RbacGrants_rv view. Creates an instead of insert trigger for the RbacGrants_rv view.
*/ */
create trigger insertRbacGrant_Trigger create trigger insert_grant_tg
instead of insert instead of insert
on RbacGrants_rv on RbacGrants_rv
for each row for each row
execute function insertRbacGrant(); execute function rbac.insert_grant_tf();
--/ --/
@ -178,7 +178,7 @@ execute function insertRbacGrant();
Checks if the current subject or assumed role have the permission to revoke the grant. Checks if the current subject or assumed role have the permission to revoke the grant.
*/ */
create or replace function deleteRbacGrant() create or replace function rbac.delete_grant_tf()
returns trigger returns trigger
language plpgsql as $$ language plpgsql as $$
begin begin
@ -189,11 +189,11 @@ end; $$;
/* /*
Creates an instead of delete trigger for the RbacGrants_rv view. Creates an instead of delete trigger for the RbacGrants_rv view.
*/ */
create trigger deleteRbacGrant_Trigger create trigger delete_grant_tg
instead of delete instead of delete
on RbacGrants_rv on RbacGrants_rv
for each row for each row
execute function deleteRbacGrant(); execute function rbac.delete_grant_tf();
--/ --/

View File

@ -304,28 +304,28 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest {
// given // given
final var givenArbitraryUser = createRBacUser(); final var givenArbitraryUser = createRBacUser();
final var givenRoleToGrant = "test_package#xxx00:ADMIN"; final var givenRoleToGrant = "test_package#xxx00:ADMIN";
final var givencurrentSubjectAsPackageAdmin = new Subject("pac-admin-xxx00@xxx.example.com", givenRoleToGrant); final var givenCurrentSubjectAsPackageAdmin = new Subject("pac-admin-xxx00@xxx.example.com", givenRoleToGrant);
final var givenOwnPackageAdminRole = getRbacRoleByName("test_package#xxx00:ADMIN"); final var givenOwnPackageAdminRole = getRbacRoleByName("test_package#xxx00:ADMIN");
// and given an existing grant // and given an existing grant
assumeCreated(givencurrentSubjectAsPackageAdmin assumeCreated(givenCurrentSubjectAsPackageAdmin
.grantsRole(givenOwnPackageAdminRole).assumed() .grantsRole(givenOwnPackageAdminRole).assumed()
.toUser(givenArbitraryUser)); .toUser(givenArbitraryUser));
assumeGrantExists( assumeGrantExists(
givencurrentSubjectAsPackageAdmin, givenCurrentSubjectAsPackageAdmin,
"{ grant role:%s to user:%s by role:%s and assume }".formatted( "{ grant role:%s to user:%s by role:%s and assume }".formatted(
givenOwnPackageAdminRole.getRoleName(), givenOwnPackageAdminRole.getRoleName(),
givenArbitraryUser.getName(), givenArbitraryUser.getName(),
givencurrentSubjectAsPackageAdmin.assumedRole)); givenCurrentSubjectAsPackageAdmin.assumedRole));
// when // when
final var revokeResponse = givencurrentSubjectAsPackageAdmin final var revokeResponse = givenCurrentSubjectAsPackageAdmin
.revokesRole(givenOwnPackageAdminRole) .revokesRole(givenOwnPackageAdminRole)
.fromUser(givenArbitraryUser); .fromUser(givenArbitraryUser);
// then // then
revokeResponse.assertThat().statusCode(204); revokeResponse.assertThat().statusCode(204);
assertThat(findAllGrantsOf(givencurrentSubjectAsPackageAdmin)) assertThat(findAllGrantsOf(givenCurrentSubjectAsPackageAdmin))
.extracting(RbacGrantEntity::getGranteeUserName) .extracting(RbacGrantEntity::getGranteeUserName)
.doesNotContain(givenArbitraryUser.getName()); .doesNotContain(givenArbitraryUser.getName());
} }