introduce separate database-schemas base+rbac #103
@ -255,7 +255,7 @@ public class InsertTriggerGenerator {
|
||||
plPgSql.writeLn();
|
||||
plPgSql.writeLn("""
|
||||
raise exception '[403] insert into ${rawSubTable} values(%) not allowed for current subjects % (%)',
|
||||
NEW, rbac.currentSubjects(), currentSubjectOrAssumedRolesUuids();
|
||||
NEW, base.currentSubjects(), currentSubjectOrAssumedRolesUuids();
|
||||
end; $$;
|
||||
|
||||
create trigger ${rawSubTable}_insert_permission_check_tg
|
||||
|
||||
@ -51,7 +51,7 @@ begin
|
||||
if NOT rbac.isGranted(rbac.currentSubjectOrAssumedRolesUuids(), grantedByRoleUuid) then
|
||||
select roleIdName from rbac.role_ev where uuid=grantedByRoleUuid into grantedByRoleIdName;
|
||||
raise exception '[403] Access to granted-by-role % (%) forbidden for % (%)',
|
||||
grantedByRoleIdName, grantedByRoleUuid, rbac.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
|
||||
grantedByRoleIdName, grantedByRoleUuid, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
|
||||
end if;
|
||||
if NOT rbac.isGranted(grantedByRoleUuid, grantedRoleUuid) then
|
||||
select roleIdName from rbac.role_ev where uuid=grantedByRoleUuid into grantedByRoleIdName;
|
||||
@ -82,16 +82,16 @@ begin
|
||||
perform rbac.assertReferenceType('subjectUuid (ascendant)', subjectUuid, 'rbac.subject');
|
||||
|
||||
if NOT rbac.isGranted(rbac.currentSubjectOrAssumedRolesUuids(), grantedByRoleUuid) then
|
||||
raise exception '[403] Revoking role created by % is forbidden for %.', grantedByRoleUuid, rbac.currentSubjects();
|
||||
raise exception '[403] Revoking role created by % is forbidden for %.', grantedByRoleUuid, base.currentSubjects();
|
||||
end if;
|
||||
|
||||
if NOT rbac.isGranted(grantedByRoleUuid, grantedRoleUuid) then
|
||||
raise exception '[403] Revoking role % is forbidden for %.', grantedRoleUuid, rbac.currentSubjects();
|
||||
raise exception '[403] Revoking role % is forbidden for %.', grantedRoleUuid, base.currentSubjects();
|
||||
end if;
|
||||
|
||||
--raise exception 'rbac.isGranted(%, %)', rbac.currentSubjectOrAssumedRolesUuids(), grantedByRoleUuid;
|
||||
if NOT rbac.isGranted(rbac.currentSubjectOrAssumedRolesUuids(), grantedByRoleUuid) then
|
||||
raise exception '[403] Revoking role granted by % is forbidden for %.', grantedByRoleUuid, rbac.currentSubjects();
|
||||
raise exception '[403] Revoking role granted by % is forbidden for %.', grantedByRoleUuid, base.currentSubjects();
|
||||
end if;
|
||||
|
||||
if NOT rbac.isGranted(subjectUuid, grantedRoleUuid) then
|
||||
|
||||
@ -143,7 +143,7 @@ begin
|
||||
end if;
|
||||
|
||||
raise exception '[403] insert into test_customer values(%) not allowed for current subjects % (%)',
|
||||
NEW, rbac.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
|
||||
NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
|
||||
end; $$;
|
||||
|
||||
create trigger test_customer_insert_permission_check_tg
|
||||
|
||||
@ -208,7 +208,7 @@ begin
|
||||
end if;
|
||||
|
||||
raise exception '[403] insert into test_package values(%) not allowed for current subjects % (%)',
|
||||
NEW, rbac.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
|
||||
NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
|
||||
end; $$;
|
||||
|
||||
create trigger test_package_insert_permission_check_tg
|
||||
|
||||
@ -207,7 +207,7 @@ begin
|
||||
end if;
|
||||
|
||||
raise exception '[403] insert into test_domain values(%) not allowed for current subjects % (%)',
|
||||
NEW, rbac.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
|
||||
NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
|
||||
end; $$;
|
||||
|
||||
create trigger test_domain_insert_permission_check_tg
|
||||
|
||||
@ -217,7 +217,7 @@ begin
|
||||
end if;
|
||||
|
||||
raise exception '[403] insert into hs_office_relation not allowed for current subjects % (%)',
|
||||
rbac.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
|
||||
base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
|
||||
end; $$;
|
||||
|
||||
create trigger hs_office_relation_insert_permission_check_tg
|
||||
|
||||
@ -220,7 +220,7 @@ begin
|
||||
end if;
|
||||
|
||||
raise exception '[403] insert into hs_office_partner values(%) not allowed for current subjects % (%)',
|
||||
NEW, rbac.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
|
||||
NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
|
||||
end; $$;
|
||||
|
||||
create trigger hs_office_partner_insert_permission_check_tg
|
||||
|
||||
@ -124,7 +124,7 @@ begin
|
||||
end if;
|
||||
|
||||
raise exception '[403] insert into hs_office_partner_details values(%) not allowed for current subjects % (%)',
|
||||
NEW, rbac.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
|
||||
NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
|
||||
end; $$;
|
||||
|
||||
create trigger hs_office_partner_details_insert_permission_check_tg
|
||||
|
||||
@ -193,7 +193,7 @@ begin
|
||||
end if;
|
||||
|
||||
raise exception '[403] insert into hs_office_debitor values(%) not allowed for current subjects % (%)',
|
||||
NEW, rbac.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
|
||||
NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
|
||||
end; $$;
|
||||
|
||||
create trigger hs_office_debitor_insert_permission_check_tg
|
||||
|
||||
@ -174,7 +174,7 @@ begin
|
||||
end if;
|
||||
|
||||
raise exception '[403] insert into hs_office_sepamandate values(%) not allowed for current subjects % (%)',
|
||||
NEW, rbac.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
|
||||
NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
|
||||
end; $$;
|
||||
|
||||
create trigger hs_office_sepamandate_insert_permission_check_tg
|
||||
|
||||
@ -155,7 +155,7 @@ begin
|
||||
end if;
|
||||
|
||||
raise exception '[403] insert into hs_office_membership values(%) not allowed for current subjects % (%)',
|
||||
NEW, rbac.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
|
||||
NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
|
||||
end; $$;
|
||||
|
||||
create trigger hs_office_membership_insert_permission_check_tg
|
||||
|
||||
@ -131,7 +131,7 @@ begin
|
||||
end if;
|
||||
|
||||
raise exception '[403] insert into hs_office_coopsharestransaction values(%) not allowed for current subjects % (%)',
|
||||
NEW, rbac.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
|
||||
NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
|
||||
end; $$;
|
||||
|
||||
create trigger hs_office_coopsharestransaction_insert_permission_check_tg
|
||||
|
||||
@ -131,7 +131,7 @@ begin
|
||||
end if;
|
||||
|
||||
raise exception '[403] insert into hs_office_coopassetstransaction values(%) not allowed for current subjects % (%)',
|
||||
NEW, rbac.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
|
||||
NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
|
||||
end; $$;
|
||||
|
||||
create trigger hs_office_coopassetstransaction_insert_permission_check_tg
|
||||
|
||||
@ -168,7 +168,7 @@ begin
|
||||
end if;
|
||||
|
||||
raise exception '[403] insert into hs_booking_project values(%) not allowed for current subjects % (%)',
|
||||
NEW, rbac.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
|
||||
NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
|
||||
end; $$;
|
||||
|
||||
create trigger hs_booking_project_insert_permission_check_tg
|
||||
|
||||
@ -239,7 +239,7 @@ begin
|
||||
end if;
|
||||
|
||||
raise exception '[403] insert into hs_booking_item values(%) not allowed for current subjects % (%)',
|
||||
NEW, rbac.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
|
||||
NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
|
||||
end; $$;
|
||||
|
||||
create trigger hs_booking_item_insert_permission_check_tg
|
||||
|
||||
@ -239,7 +239,7 @@ begin
|
||||
end if;
|
||||
|
||||
raise exception '[403] insert into hs_booking_item values(%) not allowed for current subjects % (%)',
|
||||
NEW, rbac.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
|
||||
NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
|
||||
end; $$;
|
||||
|
||||
create trigger hs_booking_item_insert_permission_check_tg
|
||||
|
||||
Loading…
Reference in New Issue
Block a user