introduce separate database-schemas base+rbac #103
@ -24,13 +24,13 @@ delete from hs_hosting_asset where uuid='5aea68d2-3b55-464f-8362-b05c76c5a681'::
|
|||||||
commit;
|
commit;
|
||||||
|
|
||||||
-- single version at point in time
|
-- single version at point in time
|
||||||
-- set hsadminng.tx_history_txid to (select max(txid) from basis.tx_context where txtimestamp<='2024-08-27 12:13:13.450821');
|
-- set hsadminng.tx_history_txid to (select max(txid) from base.tx_context where txtimestamp<='2024-08-27 12:13:13.450821');
|
||||||
set hsadminng.tx_history_txid to '';
|
set hsadminng.tx_history_txid to '';
|
||||||
set hsadminng.tx_history_timestamp to '2024-08-29 12:42';
|
set hsadminng.tx_history_timestamp to '2024-08-29 12:42';
|
||||||
-- all versions
|
-- all versions
|
||||||
select tx_history_txid(), txc.txtimestamp, txc.currentSubject, txc.currentTask, haex.*
|
select tx_history_txid(), txc.txtimestamp, txc.currentSubject, txc.currentTask, haex.*
|
||||||
from hs_hosting_asset_ex haex
|
from hs_hosting_asset_ex haex
|
||||||
join basis.tx_context txc on haex.txid=txc.txid
|
join base.tx_context txc on haex.txid=txc.txid
|
||||||
where haex.identifier = 'test@thi.example.org';
|
where haex.identifier = 'test@thi.example.org';
|
||||||
|
|
||||||
select uuid, version, type, identifier, caption from hs_hosting_asset_hv p where identifier = 'test@thi.example.org';
|
select uuid, version, type, identifier, caption from hs_hosting_asset_hv p where identifier = 'test@thi.example.org';
|
||||||
|
@ -54,7 +54,7 @@ public class Context {
|
|||||||
final String currentSubject,
|
final String currentSubject,
|
||||||
final String assumedRoles) {
|
final String assumedRoles) {
|
||||||
final var query = em.createNativeQuery("""
|
final var query = em.createNativeQuery("""
|
||||||
call basis.defineContext(
|
call base.defineContext(
|
||||||
cast(:currentTask as varchar(127)),
|
cast(:currentTask as varchar(127)),
|
||||||
cast(:currentRequest as text),
|
cast(:currentRequest as text),
|
||||||
cast(:currentSubject as varchar(63)),
|
cast(:currentSubject as varchar(63)),
|
||||||
@ -72,7 +72,7 @@ public class Context {
|
|||||||
}
|
}
|
||||||
|
|
||||||
public String fetchCurrentSubject() {
|
public String fetchCurrentSubject() {
|
||||||
return String.valueOf(em.createNativeQuery("select basis.currentSubject()").getSingleResult());
|
return String.valueOf(em.createNativeQuery("select base.currentSubject()").getSingleResult());
|
||||||
}
|
}
|
||||||
|
|
||||||
public UUID fetchCurrentSubjectUuid() {
|
public UUID fetchCurrentSubjectUuid() {
|
||||||
@ -80,7 +80,7 @@ public class Context {
|
|||||||
}
|
}
|
||||||
|
|
||||||
public String[] fetchAssumedRoles() {
|
public String[] fetchAssumedRoles() {
|
||||||
return (String[]) em.createNativeQuery("select basis.assumedRoles() as roles", String[].class).getSingleResult();
|
return (String[]) em.createNativeQuery("select base.assumedRoles() as roles", String[].class).getSingleResult();
|
||||||
}
|
}
|
||||||
|
|
||||||
public UUID[] fetchCurrentSubjectOrAssumedRolesUuids() {
|
public UUID[] fetchCurrentSubjectOrAssumedRolesUuids() {
|
||||||
|
@ -67,7 +67,7 @@ public class InsertTriggerGenerator {
|
|||||||
declare
|
declare
|
||||||
row ${rawSuperTable};
|
row ${rawSuperTable};
|
||||||
begin
|
begin
|
||||||
call basis.defineContext('create INSERT INTO ${rawSubTable} permissions for pre-exising ${rawSuperTable} rows');
|
call base.defineContext('create INSERT INTO ${rawSubTable} permissions for pre-exising ${rawSuperTable} rows');
|
||||||
|
|
||||||
FOR row IN SELECT * FROM ${rawSuperTable}
|
FOR row IN SELECT * FROM ${rawSuperTable}
|
||||||
${whenCondition}
|
${whenCondition}
|
||||||
|
@ -2,7 +2,7 @@
|
|||||||
|
|
||||||
|
|
||||||
-- ============================================================================
|
-- ============================================================================
|
||||||
--changeset basis-SCHEMA:1 endDelimiter:--//
|
--changeset base-SCHEMA:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
CREATE SCHEMA basis;
|
CREATE SCHEMA base;
|
||||||
--//
|
--//
|
@ -8,7 +8,7 @@
|
|||||||
Returns the row count from the result of the previous query.
|
Returns the row count from the result of the previous query.
|
||||||
Other than the native statement it's usable in an expression.
|
Other than the native statement it's usable in an expression.
|
||||||
*/
|
*/
|
||||||
create or replace function basis.lastRowCount()
|
create or replace function base.lastRowCount()
|
||||||
returns bigint
|
returns bigint
|
||||||
language plpgsql as $$
|
language plpgsql as $$
|
||||||
declare
|
declare
|
@ -8,10 +8,10 @@
|
|||||||
Returns a textual representation of an integer number to be used as generated test data.
|
Returns a textual representation of an integer number to be used as generated test data.
|
||||||
|
|
||||||
Examples :
|
Examples :
|
||||||
basis.intToVarChar(0, 3) => 'aaa'
|
base.intToVarChar(0, 3) => 'aaa'
|
||||||
basis.intToVarChar(1, 3) => 'aab'
|
base.intToVarChar(1, 3) => 'aab'
|
||||||
*/
|
*/
|
||||||
create or replace function basis.intToVarChar(i integer, len integer)
|
create or replace function base.intToVarChar(i integer, len integer)
|
||||||
returns varchar
|
returns varchar
|
||||||
language plpgsql as $$
|
language plpgsql as $$
|
||||||
declare
|
declare
|
||||||
@ -19,7 +19,7 @@ declare
|
|||||||
begin
|
begin
|
||||||
select chr(ascii('a') + i % 26) into partial;
|
select chr(ascii('a') + i % 26) into partial;
|
||||||
if len > 1 then
|
if len > 1 then
|
||||||
return basis.intToVarChar(i / 26, len - 1) || partial;
|
return base.intToVarChar(i / 26, len - 1) || partial;
|
||||||
else
|
else
|
||||||
return partial;
|
return partial;
|
||||||
end if;
|
end if;
|
@ -10,9 +10,9 @@
|
|||||||
to be used for test data generation.
|
to be used for test data generation.
|
||||||
|
|
||||||
Example:
|
Example:
|
||||||
basis.randomInRange(0, 4) might return any of 0, 1, 2, 3, 4
|
base.randomInRange(0, 4) might return any of 0, 1, 2, 3, 4
|
||||||
*/
|
*/
|
||||||
create or replace function basis.randomInRange(min integer, max integer)
|
create or replace function base.randomInRange(min integer, max integer)
|
||||||
returns integer
|
returns integer
|
||||||
returns null on null input
|
returns null on null input
|
||||||
language 'plpgsql' as $$
|
language 'plpgsql' as $$
|
@ -9,7 +9,7 @@
|
|||||||
This is a kind of right sided json diff.
|
This is a kind of right sided json diff.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
create or replace function basis.jsonb_changes_delta(oldJson jsonb, newJson jsonb)
|
create or replace function base.jsonb_changes_delta(oldJson jsonb, newJson jsonb)
|
||||||
returns jsonb
|
returns jsonb
|
||||||
called on null input
|
called on null input
|
||||||
language plpgsql as $$
|
language plpgsql as $$
|
||||||
@ -31,7 +31,7 @@ begin
|
|||||||
if jsonb_typeof(newJson -> (oldJsonElement.key)) = 'object' then
|
if jsonb_typeof(newJson -> (oldJsonElement.key)) = 'object' then
|
||||||
diffJson = diffJson ||
|
diffJson = diffJson ||
|
||||||
jsonb_build_object(oldJsonElement.key,
|
jsonb_build_object(oldJsonElement.key,
|
||||||
basis.jsonb_changes_delta(oldJsonElement.value, newJson -> (oldJsonElement.key)));
|
base.jsonb_changes_delta(oldJsonElement.value, newJson -> (oldJsonElement.key)));
|
||||||
end if;
|
end if;
|
||||||
else
|
else
|
||||||
diffJson = diffJson || jsonb_build_object(oldJsonElement.key, null);
|
diffJson = diffJson || jsonb_build_object(oldJsonElement.key, null);
|
||||||
@ -49,30 +49,30 @@ do language plpgsql $$
|
|||||||
actual text;
|
actual text;
|
||||||
begin
|
begin
|
||||||
|
|
||||||
select basis.jsonb_changes_delta(null::jsonb, null::jsonb) into actual;
|
select base.jsonb_changes_delta(null::jsonb, null::jsonb) into actual;
|
||||||
if actual is not null then
|
if actual is not null then
|
||||||
raise exception 'jsonb_diff #1 failed:% expected: %,% actually: %', E'\n', expected, E'\n', actual;
|
raise exception 'jsonb_diff #1 failed:% expected: %,% actually: %', E'\n', expected, E'\n', actual;
|
||||||
end if;
|
end if;
|
||||||
|
|
||||||
select basis.jsonb_changes_delta(null::jsonb, '{"a": "new"}'::jsonb) into actual;
|
select base.jsonb_changes_delta(null::jsonb, '{"a": "new"}'::jsonb) into actual;
|
||||||
expected := '{"a": "new"}'::jsonb;
|
expected := '{"a": "new"}'::jsonb;
|
||||||
if actual <> expected then
|
if actual <> expected then
|
||||||
raise exception 'jsonb_diff #2 failed:% expected: %,% actual: %', E'\n', expected, E'\n', actual;
|
raise exception 'jsonb_diff #2 failed:% expected: %,% actual: %', E'\n', expected, E'\n', actual;
|
||||||
end if;
|
end if;
|
||||||
|
|
||||||
select basis.jsonb_changes_delta('{"a": "old"}'::jsonb, '{"a": "new"}'::jsonb) into actual;
|
select base.jsonb_changes_delta('{"a": "old"}'::jsonb, '{"a": "new"}'::jsonb) into actual;
|
||||||
expected := '{"a": "new"}'::jsonb;
|
expected := '{"a": "new"}'::jsonb;
|
||||||
if actual <> expected then
|
if actual <> expected then
|
||||||
raise exception 'jsonb_diff #3 failed:% expected: %,% actual: %', E'\n', expected, E'\n', actual;
|
raise exception 'jsonb_diff #3 failed:% expected: %,% actual: %', E'\n', expected, E'\n', actual;
|
||||||
end if;
|
end if;
|
||||||
|
|
||||||
select basis.jsonb_changes_delta('{"a": "old"}'::jsonb, '{"a": "old"}'::jsonb) into actual;
|
select base.jsonb_changes_delta('{"a": "old"}'::jsonb, '{"a": "old"}'::jsonb) into actual;
|
||||||
expected := '{}'::jsonb;
|
expected := '{}'::jsonb;
|
||||||
if actual <> expected then
|
if actual <> expected then
|
||||||
raise exception 'jsonb_diff #4 failed:% expected: %,% actual: %', E'\n', expected, E'\n', actual;
|
raise exception 'jsonb_diff #4 failed:% expected: %,% actual: %', E'\n', expected, E'\n', actual;
|
||||||
end if;
|
end if;
|
||||||
|
|
||||||
select basis.jsonb_changes_delta(
|
select base.jsonb_changes_delta(
|
||||||
$json${
|
$json${
|
||||||
"a": "same",
|
"a": "same",
|
||||||
"b": "old",
|
"b": "old",
|
@ -6,7 +6,7 @@
|
|||||||
--changeset numeric-hash-functions:1 endDelimiter:--//
|
--changeset numeric-hash-functions:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
|
|
||||||
create function basis.bigIntHash(text) returns bigint as $$
|
create function base.bigIntHash(text) returns bigint as $$
|
||||||
select ('x'||substr(md5($1),1,16))::bit(64)::bigint;
|
select ('x'||substr(md5($1),1,16))::bit(64)::bigint;
|
||||||
$$ language sql;
|
$$ language sql;
|
||||||
--//
|
--//
|
@ -6,7 +6,7 @@
|
|||||||
--changeset table-columns-function:1 endDelimiter:--//
|
--changeset table-columns-function:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
|
|
||||||
create or replace function basis.tableColumnNames( tableName text )
|
create or replace function base.tableColumnNames( tableName text )
|
||||||
returns text
|
returns text
|
||||||
stable
|
stable
|
||||||
language 'plpgsql' as $$
|
language 'plpgsql' as $$
|
@ -6,7 +6,7 @@
|
|||||||
/*
|
/*
|
||||||
Like `RAISE EXCEPTION` ... just as an expression instead of a statement.
|
Like `RAISE EXCEPTION` ... just as an expression instead of a statement.
|
||||||
*/
|
*/
|
||||||
create or replace function basis.raiseException(msg text)
|
create or replace function base.raiseException(msg text)
|
||||||
returns varchar
|
returns varchar
|
||||||
language plpgsql as $$
|
language plpgsql as $$
|
||||||
begin
|
begin
|
||||||
@ -21,7 +21,7 @@ end; $$;
|
|||||||
/*
|
/*
|
||||||
Like `ASSERT` but as an expression instead of a statement.
|
Like `ASSERT` but as an expression instead of a statement.
|
||||||
*/
|
*/
|
||||||
create or replace function basis.assertTrue(expectedTrue boolean, msg text)
|
create or replace function base.assertTrue(expectedTrue boolean, msg text)
|
||||||
returns boolean
|
returns boolean
|
||||||
language plpgsql as $$
|
language plpgsql as $$
|
||||||
begin
|
begin
|
@ -9,7 +9,7 @@
|
|||||||
Callback which is called after the context has been (re-) defined.
|
Callback which is called after the context has been (re-) defined.
|
||||||
This function will be overwritten by later changesets.
|
This function will be overwritten by later changesets.
|
||||||
*/
|
*/
|
||||||
create procedure basis.contextDefined(
|
create procedure base.contextDefined(
|
||||||
currentTask varchar(127),
|
currentTask varchar(127),
|
||||||
currentRequest text,
|
currentRequest text,
|
||||||
currentSubject varchar(63),
|
currentSubject varchar(63),
|
||||||
@ -22,7 +22,7 @@ end; $$;
|
|||||||
/*
|
/*
|
||||||
Defines the transaction context.
|
Defines the transaction context.
|
||||||
*/
|
*/
|
||||||
create or replace procedure basis.defineContext(
|
create or replace procedure base.defineContext(
|
||||||
currentTask varchar(127),
|
currentTask varchar(127),
|
||||||
currentRequest text = null,
|
currentRequest text = null,
|
||||||
currentSubject varchar(63) = null,
|
currentSubject varchar(63) = null,
|
||||||
@ -46,7 +46,7 @@ begin
|
|||||||
assert length(assumedRoles) <= 1023, FORMAT('assumedRoles must not be longer than 1023 characters: "%s"', assumedRoles);
|
assert length(assumedRoles) <= 1023, FORMAT('assumedRoles must not be longer than 1023 characters: "%s"', assumedRoles);
|
||||||
execute format('set local hsadminng.assumedRoles to %L', assumedRoles);
|
execute format('set local hsadminng.assumedRoles to %L', assumedRoles);
|
||||||
|
|
||||||
call basis.contextDefined(currentTask, currentRequest, currentSubject, assumedRoles);
|
call base.contextDefined(currentTask, currentRequest, currentSubject, assumedRoles);
|
||||||
end; $$;
|
end; $$;
|
||||||
--//
|
--//
|
||||||
|
|
||||||
@ -58,7 +58,7 @@ end; $$;
|
|||||||
Returns the current task as set by `hsadminng.currentTask`.
|
Returns the current task as set by `hsadminng.currentTask`.
|
||||||
Raises exception if not set.
|
Raises exception if not set.
|
||||||
*/
|
*/
|
||||||
create or replace function basis.currentTask()
|
create or replace function base.currentTask()
|
||||||
returns varchar(127)
|
returns varchar(127)
|
||||||
stable -- leakproof
|
stable -- leakproof
|
||||||
language plpgsql as $$
|
language plpgsql as $$
|
||||||
@ -72,7 +72,7 @@ begin
|
|||||||
currentTask := null;
|
currentTask := null;
|
||||||
end;
|
end;
|
||||||
if (currentTask is null or currentTask = '') then
|
if (currentTask is null or currentTask = '') then
|
||||||
raise exception '[401] currentTask must be defined, please call `basis.defineContext(...)`';
|
raise exception '[401] currentTask must be defined, please call `base.defineContext(...)`';
|
||||||
end if;
|
end if;
|
||||||
return currentTask;
|
return currentTask;
|
||||||
end; $$;
|
end; $$;
|
||||||
@ -83,10 +83,10 @@ end; $$;
|
|||||||
--changeset context-CURRENT-REQUEST:1 endDelimiter:--//
|
--changeset context-CURRENT-REQUEST:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
/*
|
/*
|
||||||
Returns the current http request as set via `basis.defineContext(...)`.
|
Returns the current http request as set via `base.defineContext(...)`.
|
||||||
Raises exception if not set.
|
Raises exception if not set.
|
||||||
*/
|
*/
|
||||||
create or replace function basis.currentRequest()
|
create or replace function base.currentRequest()
|
||||||
returns text
|
returns text
|
||||||
stable -- leakproof
|
stable -- leakproof
|
||||||
language plpgsql as $$
|
language plpgsql as $$
|
||||||
@ -108,9 +108,9 @@ end; $$;
|
|||||||
--changeset context-current-subject:1 endDelimiter:--//
|
--changeset context-current-subject:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
/*
|
/*
|
||||||
Returns the current user as defined by `basis.defineContext(...)`.
|
Returns the current user as defined by `base.defineContext(...)`.
|
||||||
*/
|
*/
|
||||||
create or replace function basis.currentSubject() -- FIXME: move to schema rbac?
|
create or replace function base.currentSubject() -- FIXME: move to schema rbac?
|
||||||
returns varchar(63)
|
returns varchar(63)
|
||||||
stable -- leakproof
|
stable -- leakproof
|
||||||
language plpgsql as $$
|
language plpgsql as $$
|
||||||
@ -134,7 +134,7 @@ end; $$;
|
|||||||
Returns assumed role names as set in `hsadminng.assumedRoles`
|
Returns assumed role names as set in `hsadminng.assumedRoles`
|
||||||
or empty array, if not set.
|
or empty array, if not set.
|
||||||
*/
|
*/
|
||||||
create or replace function basis.assumedRoles()
|
create or replace function base.assumedRoles()
|
||||||
returns varchar(1023)[]
|
returns varchar(1023)[]
|
||||||
stable -- leakproof
|
stable -- leakproof
|
||||||
language plpgsql as $$
|
language plpgsql as $$
|
||||||
@ -213,11 +213,11 @@ create or replace function currentSubjects()
|
|||||||
declare
|
declare
|
||||||
assumedRoles varchar(1023)[];
|
assumedRoles varchar(1023)[];
|
||||||
begin
|
begin
|
||||||
assumedRoles := basis.assumedRoles();
|
assumedRoles := base.assumedRoles();
|
||||||
if array_length(assumedRoles, 1) > 0 then
|
if array_length(assumedRoles, 1) > 0 then
|
||||||
return assumedRoles;
|
return assumedRoles;
|
||||||
else
|
else
|
||||||
return array [basis.currentSubject()]::varchar(1023)[];
|
return array [base.currentSubject()]::varchar(1023)[];
|
||||||
end if;
|
end if;
|
||||||
end; $$;
|
end; $$;
|
||||||
|
|
||||||
@ -226,7 +226,7 @@ create or replace function hasAssumedRole()
|
|||||||
stable -- leakproof
|
stable -- leakproof
|
||||||
language plpgsql as $$
|
language plpgsql as $$
|
||||||
begin
|
begin
|
||||||
return array_length(basis.assumedRoles(), 1) > 0;
|
return array_length(base.assumedRoles(), 1) > 0;
|
||||||
end; $$;
|
end; $$;
|
||||||
--//
|
--//
|
||||||
|
|
@ -21,7 +21,7 @@ do $$
|
|||||||
/*
|
/*
|
||||||
A table storing transactions with context data.
|
A table storing transactions with context data.
|
||||||
*/
|
*/
|
||||||
create table basis.tx_context
|
create table base.tx_context
|
||||||
(
|
(
|
||||||
txId xid8 primary key not null,
|
txId xid8 primary key not null,
|
||||||
txTimestamp timestamp not null,
|
txTimestamp timestamp not null,
|
||||||
@ -31,7 +31,7 @@ create table basis.tx_context
|
|||||||
currentRequest text not null
|
currentRequest text not null
|
||||||
);
|
);
|
||||||
|
|
||||||
create index on basis.tx_context using brin (txTimestamp);
|
create index on base.tx_context using brin (txTimestamp);
|
||||||
--//
|
--//
|
||||||
|
|
||||||
-- ============================================================================
|
-- ============================================================================
|
||||||
@ -40,28 +40,28 @@ create index on basis.tx_context using brin (txTimestamp);
|
|||||||
/*
|
/*
|
||||||
A table storing the transaction audit journal for all target tables it's configured for.
|
A table storing the transaction audit journal for all target tables it's configured for.
|
||||||
*/
|
*/
|
||||||
create table basis.tx_journal
|
create table base.tx_journal
|
||||||
(
|
(
|
||||||
txId xid8 not null references basis.tx_context (txId),
|
txId xid8 not null references base.tx_context (txId),
|
||||||
targetTable text not null,
|
targetTable text not null,
|
||||||
targetUuid uuid not null, -- Assumes that all audited tables have a uuid column.
|
targetUuid uuid not null, -- Assumes that all audited tables have a uuid column.
|
||||||
targetOp operation not null,
|
targetOp operation not null,
|
||||||
targetDelta jsonb
|
targetDelta jsonb
|
||||||
);
|
);
|
||||||
|
|
||||||
create index on basis.tx_journal (targetTable, targetUuid);
|
create index on base.tx_journal (targetTable, targetUuid);
|
||||||
--//
|
--//
|
||||||
|
|
||||||
-- ============================================================================
|
-- ============================================================================
|
||||||
--changeset audit-TX-JOURNAL-VIEW:1 endDelimiter:--//
|
--changeset audit-TX-JOURNAL-VIEW:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
/*
|
/*
|
||||||
A view combining basis.tx_journal with basis.tx_context.
|
A view combining base.tx_journal with base.tx_context.
|
||||||
*/
|
*/
|
||||||
create view basis.tx_journal_v as
|
create view base.tx_journal_v as
|
||||||
select txc.*, txj.targettable, txj.targetop, txj.targetuuid, txj.targetdelta
|
select txc.*, txj.targettable, txj.targetop, txj.targetuuid, txj.targetdelta
|
||||||
from basis.tx_journal txj
|
from base.tx_journal txj
|
||||||
left join basis.tx_context txc using (txId)
|
left join base.tx_context txc using (txId)
|
||||||
order by txc.txtimestamp;
|
order by txc.txtimestamp;
|
||||||
--//
|
--//
|
||||||
|
|
||||||
@ -71,35 +71,35 @@ select txc.*, txj.targettable, txj.targetop, txj.targetuuid, txj.targetdelta
|
|||||||
/*
|
/*
|
||||||
Trigger function for transaction audit journal.
|
Trigger function for transaction audit journal.
|
||||||
*/
|
*/
|
||||||
create or replace function basis.tx_journal_trigger()
|
create or replace function base.tx_journal_trigger()
|
||||||
returns trigger
|
returns trigger
|
||||||
language plpgsql as $$
|
language plpgsql as $$
|
||||||
declare
|
declare
|
||||||
curTask text;
|
curTask text;
|
||||||
curTxId xid8;
|
curTxId xid8;
|
||||||
begin
|
begin
|
||||||
curTask := basis.currentTask();
|
curTask := base.currentTask();
|
||||||
curTxId := pg_current_xact_id();
|
curTxId := pg_current_xact_id();
|
||||||
|
|
||||||
insert
|
insert
|
||||||
into basis.tx_context (txId, txTimestamp, currentSubject, assumedRoles, currentTask, currentRequest)
|
into base.tx_context (txId, txTimestamp, currentSubject, assumedRoles, currentTask, currentRequest)
|
||||||
values ( curTxId, now(),
|
values ( curTxId, now(),
|
||||||
basis.currentSubject(), basis.assumedRoles(), curTask, basis.currentRequest())
|
base.currentSubject(), base.assumedRoles(), curTask, base.currentRequest())
|
||||||
on conflict do nothing;
|
on conflict do nothing;
|
||||||
|
|
||||||
case tg_op
|
case tg_op
|
||||||
when 'INSERT' then insert
|
when 'INSERT' then insert
|
||||||
into basis.tx_journal
|
into base.tx_journal
|
||||||
values (curTxId,
|
values (curTxId,
|
||||||
tg_table_name, new.uuid, tg_op::operation,
|
tg_table_name, new.uuid, tg_op::operation,
|
||||||
to_jsonb(new));
|
to_jsonb(new));
|
||||||
when 'UPDATE' then insert
|
when 'UPDATE' then insert
|
||||||
into basis.tx_journal
|
into base.tx_journal
|
||||||
values (curTxId,
|
values (curTxId,
|
||||||
tg_table_name, old.uuid, tg_op::operation,
|
tg_table_name, old.uuid, tg_op::operation,
|
||||||
basis.jsonb_changes_delta(to_jsonb(old), to_jsonb(new)));
|
base.jsonb_changes_delta(to_jsonb(old), to_jsonb(new)));
|
||||||
when 'DELETE' then insert
|
when 'DELETE' then insert
|
||||||
into basis.tx_journal
|
into base.tx_journal
|
||||||
values (curTxId,
|
values (curTxId,
|
||||||
tg_table_name, old.uuid, 'DELETE'::operation,
|
tg_table_name, old.uuid, 'DELETE'::operation,
|
||||||
null::jsonb);
|
null::jsonb);
|
||||||
@ -116,7 +116,7 @@ end; $$;
|
|||||||
Trigger function for transaction audit journal.
|
Trigger function for transaction audit journal.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
create or replace procedure basis.create_journal(targetTable varchar)
|
create or replace procedure base.create_journal(targetTable varchar)
|
||||||
language plpgsql as $$
|
language plpgsql as $$
|
||||||
declare
|
declare
|
||||||
createTriggerSQL varchar;
|
createTriggerSQL varchar;
|
||||||
@ -126,7 +126,7 @@ begin
|
|||||||
-- "-0-" to put the trigger execution before any alphabetically greater tx-triggers
|
-- "-0-" to put the trigger execution before any alphabetically greater tx-triggers
|
||||||
createTriggerSQL = 'CREATE TRIGGER tx_0_journal_tg' ||
|
createTriggerSQL = 'CREATE TRIGGER tx_0_journal_tg' ||
|
||||||
' AFTER INSERT OR UPDATE OR DELETE ON ' || targetTable ||
|
' AFTER INSERT OR UPDATE OR DELETE ON ' || targetTable ||
|
||||||
' FOR EACH ROW EXECUTE PROCEDURE basis.tx_journal_trigger()';
|
' FOR EACH ROW EXECUTE PROCEDURE base.tx_journal_trigger()';
|
||||||
execute createTriggerSQL;
|
execute createTriggerSQL;
|
||||||
end; $$;
|
end; $$;
|
||||||
--//
|
--//
|
@ -3,7 +3,7 @@
|
|||||||
-- ============================================================================
|
-- ============================================================================
|
||||||
--changeset hs-global-historization-tx-history-txid:1 endDelimiter:--//
|
--changeset hs-global-historization-tx-history-txid:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
create or replace function basis.tx_history_txid()
|
create or replace function base.tx_history_txid()
|
||||||
returns xid8 stable
|
returns xid8 stable
|
||||||
language plpgsql as $$
|
language plpgsql as $$
|
||||||
declare
|
declare
|
||||||
@ -23,11 +23,11 @@ begin
|
|||||||
historicalTxIdSetting, historicalTimestampSetting;
|
historicalTxIdSetting, historicalTimestampSetting;
|
||||||
end if;
|
end if;
|
||||||
-- just for debugging / making sure the function is only called once per query
|
-- just for debugging / making sure the function is only called once per query
|
||||||
-- raise notice 'basis.tx_history_txid() called with: (%, %)', historicalTxIdSetting, historicalTimestampSetting;
|
-- raise notice 'base.tx_history_txid() called with: (%, %)', historicalTxIdSetting, historicalTimestampSetting;
|
||||||
|
|
||||||
if historicalTxIdSetting is null or historicalTxIdSetting = '' then
|
if historicalTxIdSetting is null or historicalTxIdSetting = '' then
|
||||||
select historicalTimestampSetting::timestamp into historicalTimestamp;
|
select historicalTimestampSetting::timestamp into historicalTimestamp;
|
||||||
select max(txc.txid) from basis.tx_context txc where txc.txtimestamp <= historicalTimestamp into historicalTxId;
|
select max(txc.txid) from base.tx_context txc where txc.txtimestamp <= historicalTimestamp into historicalTxId;
|
||||||
else
|
else
|
||||||
historicalTxId = historicalTxIdSetting::xid8;
|
historicalTxId = historicalTxIdSetting::xid8;
|
||||||
end if;
|
end if;
|
||||||
@ -40,7 +40,7 @@ end; $$;
|
|||||||
--changeset hs-global-historization-tx-historicize-tf:1 endDelimiter:--//
|
--changeset hs-global-historization-tx-historicize-tf:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
|
|
||||||
create type basis.tx_operation as enum ('INSERT', 'UPDATE', 'DELETE', 'TRUNCATE');
|
create type base.tx_operation as enum ('INSERT', 'UPDATE', 'DELETE', 'TRUNCATE');
|
||||||
|
|
||||||
create or replace function tx_historicize_tf()
|
create or replace function tx_historicize_tf()
|
||||||
returns trigger
|
returns trigger
|
||||||
@ -95,7 +95,7 @@ end; $$;
|
|||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
|
|
||||||
|
|
||||||
create or replace procedure basis.tx_create_historicization(baseTable varchar)
|
create or replace procedure base.tx_create_historicization(baseTable varchar)
|
||||||
language plpgsql as $$
|
language plpgsql as $$
|
||||||
declare
|
declare
|
||||||
createHistTableSql varchar;
|
createHistTableSql varchar;
|
||||||
@ -110,8 +110,8 @@ begin
|
|||||||
createHistTableSql = '' ||
|
createHistTableSql = '' ||
|
||||||
'CREATE TABLE ' || baseTable || '_ex (' ||
|
'CREATE TABLE ' || baseTable || '_ex (' ||
|
||||||
' version_id serial PRIMARY KEY,' ||
|
' version_id serial PRIMARY KEY,' ||
|
||||||
' txid xid8 NOT NULL REFERENCES basis.tx_context(txid),' ||
|
' txid xid8 NOT NULL REFERENCES base.tx_context(txid),' ||
|
||||||
' trigger_op basis.tx_operation NOT NULL,' ||
|
' trigger_op base.tx_operation NOT NULL,' ||
|
||||||
' alive boolean not null,' ||
|
' alive boolean not null,' ||
|
||||||
' LIKE ' || baseTable ||
|
' LIKE ' || baseTable ||
|
||||||
' EXCLUDING CONSTRAINTS' ||
|
' EXCLUDING CONSTRAINTS' ||
|
||||||
@ -131,8 +131,8 @@ begin
|
|||||||
createViewSQL = format(
|
createViewSQL = format(
|
||||||
'CREATE OR REPLACE VIEW %1$s AS' ||
|
'CREATE OR REPLACE VIEW %1$s AS' ||
|
||||||
'(' ||
|
'(' ||
|
||||||
-- make sure the function is only called once, not for every matching row in basis.tx_context
|
-- make sure the function is only called once, not for every matching row in base.tx_context
|
||||||
' WITH txh AS (SELECT basis.tx_history_txid() AS txid) ' ||
|
' WITH txh AS (SELECT base.tx_history_txid() AS txid) ' ||
|
||||||
' SELECT %2$s' ||
|
' SELECT %2$s' ||
|
||||||
' FROM %3$s' ||
|
' FROM %3$s' ||
|
||||||
' WHERE alive = TRUE' ||
|
' WHERE alive = TRUE' ||
|
||||||
@ -140,7 +140,7 @@ begin
|
|||||||
' (' ||
|
' (' ||
|
||||||
' SELECT max(ex.version_id) AS history_id' ||
|
' SELECT max(ex.version_id) AS history_id' ||
|
||||||
' FROM %3$s AS ex' ||
|
' FROM %3$s AS ex' ||
|
||||||
' JOIN basis.tx_context as txc ON ex.txid = txc.txid' ||
|
' JOIN base.tx_context as txc ON ex.txid = txc.txid' ||
|
||||||
' WHERE txc.txid <= (SELECT txid FROM txh)' ||
|
' WHERE txc.txid <= (SELECT txid FROM txh)' ||
|
||||||
' GROUP BY uuid' ||
|
' GROUP BY uuid' ||
|
||||||
' )' ||
|
' )' ||
|
@ -44,7 +44,7 @@ create table rbac.subject
|
|||||||
name varchar(63) not null unique
|
name varchar(63) not null unique
|
||||||
);
|
);
|
||||||
|
|
||||||
call basis.create_journal('rbac.subject');
|
call base.create_journal('rbac.subject');
|
||||||
|
|
||||||
create or replace function rbac.create_subject(subjectName varchar)
|
create or replace function rbac.create_subject(subjectName varchar)
|
||||||
returns uuid
|
returns uuid
|
||||||
@ -102,7 +102,7 @@ create table rbac.object
|
|||||||
unique (objectTable, uuid)
|
unique (objectTable, uuid)
|
||||||
);
|
);
|
||||||
|
|
||||||
call basis.create_journal('rbac.object');
|
call base.create_journal('rbac.object');
|
||||||
|
|
||||||
--//
|
--//
|
||||||
|
|
||||||
@ -174,7 +174,7 @@ create table RbacRole
|
|||||||
unique (objectUuid, roleType)
|
unique (objectUuid, roleType)
|
||||||
);
|
);
|
||||||
|
|
||||||
call basis.create_journal('RbacRole');
|
call base.create_journal('RbacRole');
|
||||||
|
|
||||||
create type RbacRoleDescriptor as
|
create type RbacRoleDescriptor as
|
||||||
(
|
(
|
||||||
@ -379,7 +379,7 @@ create index on RbacPermission (opTableName, op);
|
|||||||
ALTER TABLE RbacPermission
|
ALTER TABLE RbacPermission
|
||||||
ADD CONSTRAINT RbacPermission_uc UNIQUE NULLS NOT DISTINCT (objectUuid, op, opTableName);
|
ADD CONSTRAINT RbacPermission_uc UNIQUE NULLS NOT DISTINCT (objectUuid, op, opTableName);
|
||||||
|
|
||||||
call basis.create_journal('RbacPermission');
|
call base.create_journal('RbacPermission');
|
||||||
|
|
||||||
create or replace function createPermission(forObjectUuid uuid, forOp RbacOp, forOpTableName text = null)
|
create or replace function createPermission(forObjectUuid uuid, forOp RbacOp, forOpTableName text = null)
|
||||||
returns uuid
|
returns uuid
|
||||||
@ -497,7 +497,7 @@ create table RbacGrants
|
|||||||
create index on RbacGrants (ascendantUuid);
|
create index on RbacGrants (ascendantUuid);
|
||||||
create index on RbacGrants (descendantUuid);
|
create index on RbacGrants (descendantUuid);
|
||||||
|
|
||||||
call basis.create_journal('RbacGrants');
|
call base.create_journal('RbacGrants');
|
||||||
create or replace function findGrantees(grantedId uuid)
|
create or replace function findGrantees(grantedId uuid)
|
||||||
returns setof rbac.reference
|
returns setof rbac.reference
|
||||||
returns null on null input
|
returns null on null input
|
||||||
@ -741,7 +741,7 @@ begin
|
|||||||
AND obj.objectTable = forObjectTable
|
AND obj.objectTable = forObjectTable
|
||||||
LIMIT maxObjects+1;
|
LIMIT maxObjects+1;
|
||||||
|
|
||||||
foundRows = basis.lastRowCount();
|
foundRows = base.lastRowCount();
|
||||||
if foundRows > maxObjects then
|
if foundRows > maxObjects then
|
||||||
raise exception '[400] Too many accessible objects, limit is %, found %.', maxObjects, foundRows
|
raise exception '[400] Too many accessible objects, limit is %, found %.', maxObjects, foundRows
|
||||||
using
|
using
|
||||||
|
@ -12,8 +12,8 @@ declare
|
|||||||
currentSubjectOrAssumedRolesUuids uuid[];
|
currentSubjectOrAssumedRolesUuids uuid[];
|
||||||
begin
|
begin
|
||||||
-- exactly one role must be assumed, not none not more than one
|
-- exactly one role must be assumed, not none not more than one
|
||||||
if cardinality(basis.assumedRoles()) <> 1 then
|
if cardinality(base.assumedRoles()) <> 1 then
|
||||||
raise exception '[400] Granting roles to user is only possible if exactly one role is assumed, given: %', basis.assumedRoles();
|
raise exception '[400] Granting roles to user is only possible if exactly one role is assumed, given: %', base.assumedRoles();
|
||||||
end if;
|
end if;
|
||||||
|
|
||||||
currentSubjectOrAssumedRolesUuids := rbac.currentSubjectOrAssumedRolesUuids();
|
currentSubjectOrAssumedRolesUuids := rbac.currentSubjectOrAssumedRolesUuids();
|
||||||
|
@ -18,7 +18,7 @@ begin
|
|||||||
|
|
||||||
select uuid from rbac.subject where name = currentSubject into currentSubjectUuid;
|
select uuid from rbac.subject where name = currentSubject into currentSubjectUuid;
|
||||||
if currentSubjectUuid is null then
|
if currentSubjectUuid is null then
|
||||||
raise exception '[401] subject % given in `basis.defineContext(...)` does not exist', currentSubject;
|
raise exception '[401] subject % given in `base.defineContext(...)` does not exist', currentSubject;
|
||||||
end if;
|
end if;
|
||||||
return currentSubjectUuid;
|
return currentSubjectUuid;
|
||||||
end; $$;
|
end; $$;
|
||||||
@ -66,10 +66,10 @@ begin
|
|||||||
and r.roleType = roleTypeToAssume
|
and r.roleType = roleTypeToAssume
|
||||||
into roleUuidToAssume;
|
into roleUuidToAssume;
|
||||||
if roleUuidToAssume is null then
|
if roleUuidToAssume is null then
|
||||||
raise exception '[403] role % does not exist or is not accessible for subject %', roleName, basis.currentSubject();
|
raise exception '[403] role % does not exist or is not accessible for subject %', roleName, base.currentSubject();
|
||||||
end if;
|
end if;
|
||||||
if not isGranted(currentSubjectOrAssumedRolesUuids, roleUuidToAssume) then
|
if not isGranted(currentSubjectOrAssumedRolesUuids, roleUuidToAssume) then
|
||||||
raise exception '[403] subject % has no permission to assume role %', basis.currentSubject(), roleName;
|
raise exception '[403] subject % has no permission to assume role %', base.currentSubject(), roleName;
|
||||||
end if;
|
end if;
|
||||||
roleIdsToAssume := roleIdsToAssume || roleUuidToAssume;
|
roleIdsToAssume := roleIdsToAssume || roleUuidToAssume;
|
||||||
end loop;
|
end loop;
|
||||||
@ -84,7 +84,7 @@ end; $$;
|
|||||||
Callback which is called after the context has been (re-) defined.
|
Callback which is called after the context has been (re-) defined.
|
||||||
This function will be overwritten by later changesets.
|
This function will be overwritten by later changesets.
|
||||||
*/
|
*/
|
||||||
create or replace procedure basis.contextDefined(
|
create or replace procedure base.contextDefined(
|
||||||
currentTask varchar(127),
|
currentTask varchar(127),
|
||||||
currentRequest text,
|
currentRequest text,
|
||||||
currentSubject varchar(63),
|
currentSubject varchar(63),
|
||||||
@ -114,7 +114,7 @@ end; $$;
|
|||||||
--changeset rbac-context-current-subject-ID:1 endDelimiter:--//
|
--changeset rbac-context-current-subject-ID:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
/*
|
/*
|
||||||
Returns the uuid of the current subject as set via `basis.defineContext(...)`.
|
Returns the uuid of the current subject as set via `base.defineContext(...)`.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
create or replace function rbac.currentSubjectUuid()
|
create or replace function rbac.currentSubjectUuid()
|
||||||
@ -132,11 +132,11 @@ begin
|
|||||||
currentSubjectUuid := null;
|
currentSubjectUuid := null;
|
||||||
end;
|
end;
|
||||||
if (currentSubjectUuid is null or currentSubjectUuid = '') then
|
if (currentSubjectUuid is null or currentSubjectUuid = '') then
|
||||||
currentSubjectName := basis.currentSubject();
|
currentSubjectName := base.currentSubject();
|
||||||
if (length(currentSubjectName) > 0) then
|
if (length(currentSubjectName) > 0) then
|
||||||
raise exception '[401] currentSubjectUuid cannot be determined, unknown subject name "%"', currentSubjectName;
|
raise exception '[401] currentSubjectUuid cannot be determined, unknown subject name "%"', currentSubjectName;
|
||||||
else
|
else
|
||||||
raise exception '[401] currentSubjectUuid cannot be determined, please call `basis.defineContext(...)` first;"';
|
raise exception '[401] currentSubjectUuid cannot be determined, please call `base.defineContext(...)` first;"';
|
||||||
end if;
|
end if;
|
||||||
end if;
|
end if;
|
||||||
return currentSubjectUuid::uuid;
|
return currentSubjectUuid::uuid;
|
||||||
@ -147,8 +147,8 @@ end; $$;
|
|||||||
--changeset rbac-context-CURRENT-SUBJECT-UUIDS:1 endDelimiter:--//
|
--changeset rbac-context-CURRENT-SUBJECT-UUIDS:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
/*
|
/*
|
||||||
Returns the uuid of the current subject as set via `basis.defineContext(...)`,
|
Returns the uuid of the current subject as set via `base.defineContext(...)`,
|
||||||
or, if any, the uuids of all assumed roles as set via `basis.defineContext(...)`
|
or, if any, the uuids of all assumed roles as set via `base.defineContext(...)`
|
||||||
or empty array, if context is not defined.
|
or empty array, if context is not defined.
|
||||||
*/
|
*/
|
||||||
create or replace function rbac.currentSubjectOrAssumedRolesUuids()
|
create or replace function rbac.currentSubjectOrAssumedRolesUuids()
|
||||||
@ -166,11 +166,11 @@ begin
|
|||||||
currentSubjectOrAssumedRolesUuids := null;
|
currentSubjectOrAssumedRolesUuids := null;
|
||||||
end;
|
end;
|
||||||
if (currentSubjectOrAssumedRolesUuids is null or length(currentSubjectOrAssumedRolesUuids) = 0 ) then
|
if (currentSubjectOrAssumedRolesUuids is null or length(currentSubjectOrAssumedRolesUuids) = 0 ) then
|
||||||
currentSubjectName := basis.currentSubject();
|
currentSubjectName := base.currentSubject();
|
||||||
if (length(currentSubjectName) > 0) then
|
if (length(currentSubjectName) > 0) then
|
||||||
raise exception '[401] currentSubjectOrAssumedRolesUuids (%) cannot be determined, unknown subject name "%"', currentSubjectOrAssumedRolesUuids, currentSubjectName;
|
raise exception '[401] currentSubjectOrAssumedRolesUuids (%) cannot be determined, unknown subject name "%"', currentSubjectOrAssumedRolesUuids, currentSubjectName;
|
||||||
else
|
else
|
||||||
raise exception '[401] currentSubjectOrAssumedRolesUuids cannot be determined, please call `basis.defineContext(...)` with a valid subject;"';
|
raise exception '[401] currentSubjectOrAssumedRolesUuids cannot be determined, please call `base.defineContext(...)` with a valid subject;"';
|
||||||
end if;
|
end if;
|
||||||
end if;
|
end if;
|
||||||
return string_to_array(currentSubjectOrAssumedRolesUuids, ';');
|
return string_to_array(currentSubjectOrAssumedRolesUuids, ';');
|
||||||
|
@ -241,7 +241,7 @@ create or replace view rbac.subject_rv as
|
|||||||
union
|
union
|
||||||
select users.*
|
select users.*
|
||||||
from rbac.subject as users
|
from rbac.subject as users
|
||||||
where cardinality(basis.assumedRoles()) = 0 and
|
where cardinality(base.assumedRoles()) = 0 and
|
||||||
(rbac.currentSubjectUuid() = users.uuid or hasGlobalRoleGranted(rbac.currentSubjectUuid()))
|
(rbac.currentSubjectUuid() = users.uuid or hasGlobalRoleGranted(rbac.currentSubjectUuid()))
|
||||||
|
|
||||||
) as unordered
|
) as unordered
|
||||||
@ -303,7 +303,7 @@ begin
|
|||||||
delete from rbac.subject where uuid = old.uuid;
|
delete from rbac.subject where uuid = old.uuid;
|
||||||
return old;
|
return old;
|
||||||
end if;
|
end if;
|
||||||
raise exception '[403] User % not allowed to delete user uuid %', basis.currentSubject(), old.uuid;
|
raise exception '[403] User % not allowed to delete user uuid %', base.currentSubject(), old.uuid;
|
||||||
end; $$;
|
end; $$;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@ -354,7 +354,7 @@ begin
|
|||||||
currentSubjectUuid := rbac.currentSubjectUuid();
|
currentSubjectUuid := rbac.currentSubjectUuid();
|
||||||
|
|
||||||
if hasGlobalRoleGranted(targetSubjectUuid) and not hasGlobalRoleGranted(currentSubjectUuid) then
|
if hasGlobalRoleGranted(targetSubjectUuid) and not hasGlobalRoleGranted(currentSubjectUuid) then
|
||||||
raise exception '[403] permissions of user "%" are not accessible to user "%"', targetSubjectUuid, basis.currentSubject();
|
raise exception '[403] permissions of user "%" are not accessible to user "%"', targetSubjectUuid, base.currentSubject();
|
||||||
end if;
|
end if;
|
||||||
|
|
||||||
return query select
|
return query select
|
||||||
|
@ -168,7 +168,7 @@ declare
|
|||||||
begin
|
begin
|
||||||
targetTable := lower(targetTable);
|
targetTable := lower(targetTable);
|
||||||
if columnNames = '*' then
|
if columnNames = '*' then
|
||||||
columnNames := basis.tableColumnNames(targetTable);
|
columnNames := base.tableColumnNames(targetTable);
|
||||||
end if;
|
end if;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@ -190,14 +190,14 @@ begin
|
|||||||
select distinct g.descendantuuid,
|
select distinct g.descendantuuid,
|
||||||
g.ascendantuuid,
|
g.ascendantuuid,
|
||||||
grants.level + 1 as level,
|
grants.level + 1 as level,
|
||||||
basis.assertTrue(grants.level < 22, 'too many grant-levels: ' || grants.level)
|
base.assertTrue(grants.level < 22, 'too many grant-levels: ' || grants.level)
|
||||||
from rbacgrants g
|
from rbacgrants g
|
||||||
join recursive_grants grants on grants.descendantuuid = g.ascendantuuid
|
join recursive_grants grants on grants.descendantuuid = g.ascendantuuid
|
||||||
where g.assumed),
|
where g.assumed),
|
||||||
grant_count AS (
|
grant_count AS (
|
||||||
SELECT COUNT(*) AS grant_count FROM recursive_grants
|
SELECT COUNT(*) AS grant_count FROM recursive_grants
|
||||||
),
|
),
|
||||||
count_check as (select basis.assertTrue((select count(*) as grant_count from recursive_grants) < 400000,
|
count_check as (select base.assertTrue((select count(*) as grant_count from recursive_grants) < 400000,
|
||||||
'too many grants for current subjects: ' || (select count(*) as grant_count from recursive_grants))
|
'too many grants for current subjects: ' || (select count(*) as grant_count from recursive_grants))
|
||||||
as valid)
|
as valid)
|
||||||
select distinct perm.objectuuid
|
select distinct perm.objectuuid
|
||||||
|
@ -94,7 +94,7 @@ $$;
|
|||||||
A single row to be referenced as a rbac.Global object.
|
A single row to be referenced as a rbac.Global object.
|
||||||
*/
|
*/
|
||||||
begin transaction;
|
begin transaction;
|
||||||
call basis.defineContext('initializing table "rbac.global"', null, null, null);
|
call base.defineContext('initializing table "rbac.global"', null, null, null);
|
||||||
insert
|
insert
|
||||||
into rbac.object (objecttable) values ('rbac.global');
|
into rbac.object (objecttable) values ('rbac.global');
|
||||||
insert
|
insert
|
||||||
@ -118,7 +118,7 @@ select 'rbac.global', (select uuid from rbac.object where objectTable = 'rbac.gl
|
|||||||
$$;
|
$$;
|
||||||
|
|
||||||
begin transaction;
|
begin transaction;
|
||||||
call basis.defineContext('creating role:rbac.global#global:ADMIN', null, null, null);
|
call base.defineContext('creating role:rbac.global#global:ADMIN', null, null, null);
|
||||||
select createRole(globalAdmin());
|
select createRole(globalAdmin());
|
||||||
commit;
|
commit;
|
||||||
--//
|
--//
|
||||||
@ -139,7 +139,7 @@ select 'rbac.global', (select uuid from rbac.object where objectTable = 'rbac.gl
|
|||||||
$$;
|
$$;
|
||||||
|
|
||||||
begin transaction;
|
begin transaction;
|
||||||
call basis.defineContext('creating role:rbac.global#global:guest', null, null, null);
|
call base.defineContext('creating role:rbac.global#global:guest', null, null, null);
|
||||||
select createRole(globalGuest());
|
select createRole(globalGuest());
|
||||||
commit;
|
commit;
|
||||||
--//
|
--//
|
||||||
@ -155,7 +155,7 @@ do language plpgsql $$
|
|||||||
declare
|
declare
|
||||||
admins uuid ;
|
admins uuid ;
|
||||||
begin
|
begin
|
||||||
call basis.defineContext('creating fake test-realm admin users', null, null, null);
|
call base.defineContext('creating fake test-realm admin users', null, null, null);
|
||||||
|
|
||||||
admins = findRoleId(globalAdmin());
|
admins = findRoleId(globalAdmin());
|
||||||
call rbac.grantRoleToUserUnchecked(admins, admins, rbac.create_subject('superuser-alex@hostsharing.net'));
|
call rbac.grantRoleToUserUnchecked(admins, admins, rbac.create_subject('superuser-alex@hostsharing.net'));
|
||||||
hsh-michaelhoennig marked this conversation as resolved
Outdated
|
|||||||
@ -179,13 +179,13 @@ do language plpgsql $$
|
|||||||
declare
|
declare
|
||||||
userName varchar;
|
userName varchar;
|
||||||
begin
|
begin
|
||||||
call basis.defineContext('testing currentSubjectUuid', null, 'superuser-fran@hostsharing.net', null);
|
call base.defineContext('testing currentSubjectUuid', null, 'superuser-fran@hostsharing.net', null);
|
||||||
select userName from rbac.subject where uuid = rbac.currentSubjectUuid() into userName;
|
select userName from rbac.subject where uuid = rbac.currentSubjectUuid() into userName;
|
||||||
if userName <> 'superuser-fran@hostsharing.net' then
|
if userName <> 'superuser-fran@hostsharing.net' then
|
||||||
raise exception 'setting or fetching initial currentSubject failed, got: %', userName;
|
raise exception 'setting or fetching initial currentSubject failed, got: %', userName;
|
||||||
end if;
|
end if;
|
||||||
|
|
||||||
call basis.defineContext('testing currentSubjectUuid', null, 'superuser-alex@hostsharing.net', null);
|
call base.defineContext('testing currentSubjectUuid', null, 'superuser-alex@hostsharing.net', null);
|
||||||
select userName from rbac.subject where uuid = rbac.currentSubjectUuid() into userName;
|
select userName from rbac.subject where uuid = rbac.currentSubjectUuid() into userName;
|
||||||
if userName = 'superuser-alex@hostsharing.net' then
|
if userName = 'superuser-alex@hostsharing.net' then
|
||||||
raise exception 'currentSubject should not change in one transaction, but did change, got: %', userName;
|
raise exception 'currentSubject should not change in one transaction, but did change, got: %', userName;
|
||||||
|
@ -89,7 +89,7 @@ do language plpgsql $$
|
|||||||
declare
|
declare
|
||||||
row rbac.global%ROWTYPE;
|
row rbac.global%ROWTYPE;
|
||||||
begin
|
begin
|
||||||
call basis.defineContext('create INSERT INTO test_customer permissions for pre-exising rbac.global rows');
|
call base.defineContext('create INSERT INTO test_customer permissions for pre-exising rbac.global rows');
|
||||||
|
|
||||||
FOR row IN SELECT * FROM rbac.global
|
FOR row IN SELECT * FROM rbac.global
|
||||||
-- unconditional for all rows in that table
|
-- unconditional for all rows in that table
|
||||||
|
@ -59,7 +59,7 @@ create or replace procedure createTestCustomerTestData(
|
|||||||
begin
|
begin
|
||||||
for t in startCount..endCount
|
for t in startCount..endCount
|
||||||
loop
|
loop
|
||||||
call createTestCustomerTestData(testCustomerReference(t), basis.intToVarChar(t, 3));
|
call createTestCustomerTestData(testCustomerReference(t), base.intToVarChar(t, 3));
|
||||||
commit;
|
commit;
|
||||||
end loop;
|
end loop;
|
||||||
end; $$;
|
end; $$;
|
||||||
@ -72,7 +72,7 @@ end; $$;
|
|||||||
|
|
||||||
do language plpgsql $$
|
do language plpgsql $$
|
||||||
begin
|
begin
|
||||||
call basis.defineContext('creating RBAC test customer', null, 'superuser-alex@hostsharing.net', 'rbac.global#global:ADMIN');
|
call base.defineContext('creating RBAC test customer', null, 'superuser-alex@hostsharing.net', 'rbac.global#global:ADMIN');
|
||||||
|
|
||||||
call createTestCustomerTestData(99901, 'xxx');
|
call createTestCustomerTestData(99901, 'xxx');
|
||||||
call createTestCustomerTestData(99902, 'yyy');
|
call createTestCustomerTestData(99902, 'yyy');
|
||||||
|
@ -154,7 +154,7 @@ do language plpgsql $$
|
|||||||
declare
|
declare
|
||||||
row test_customer;
|
row test_customer;
|
||||||
begin
|
begin
|
||||||
call basis.defineContext('create INSERT INTO test_package permissions for pre-exising test_customer rows');
|
call base.defineContext('create INSERT INTO test_package permissions for pre-exising test_customer rows');
|
||||||
|
|
||||||
FOR row IN SELECT * FROM test_customer
|
FOR row IN SELECT * FROM test_customer
|
||||||
-- unconditional for all rows in that table
|
-- unconditional for all rows in that table
|
||||||
|
@ -22,7 +22,7 @@ begin
|
|||||||
pacName = cust.prefix || to_char(t, 'fm00');
|
pacName = cust.prefix || to_char(t, 'fm00');
|
||||||
custAdminUser = 'customer-admin@' || cust.prefix || '.example.com';
|
custAdminUser = 'customer-admin@' || cust.prefix || '.example.com';
|
||||||
custAdminRole = 'test_customer#' || cust.prefix || ':ADMIN';
|
custAdminRole = 'test_customer#' || cust.prefix || ':ADMIN';
|
||||||
call basis.defineContext('creating RBAC test package', null, 'superuser-fran@hostsharing.net', custAdminRole);
|
call base.defineContext('creating RBAC test package', null, 'superuser-fran@hostsharing.net', custAdminRole);
|
||||||
|
|
||||||
insert
|
insert
|
||||||
into test_package (customerUuid, name, description)
|
into test_package (customerUuid, name, description)
|
||||||
|
@ -153,7 +153,7 @@ do language plpgsql $$
|
|||||||
declare
|
declare
|
||||||
row test_package;
|
row test_package;
|
||||||
begin
|
begin
|
||||||
call basis.defineContext('create INSERT INTO test_domain permissions for pre-exising test_package rows');
|
call base.defineContext('create INSERT INTO test_domain permissions for pre-exising test_package rows');
|
||||||
|
|
||||||
FOR row IN SELECT * FROM test_package
|
FOR row IN SELECT * FROM test_package
|
||||||
-- unconditional for all rows in that table
|
-- unconditional for all rows in that table
|
||||||
|
@ -21,11 +21,11 @@ begin
|
|||||||
for t in 0..(domainCount-1)
|
for t in 0..(domainCount-1)
|
||||||
loop
|
loop
|
||||||
pacAdmin = 'pac-admin-' || pac.name || '@' || pac.custPrefix || '.example.com';
|
pacAdmin = 'pac-admin-' || pac.name || '@' || pac.custPrefix || '.example.com';
|
||||||
call basis.defineContext('creating RBAC test domain', null, pacAdmin, null);
|
call base.defineContext('creating RBAC test domain', null, pacAdmin, null);
|
||||||
|
|
||||||
insert
|
insert
|
||||||
into test_domain (name, packageUuid)
|
into test_domain (name, packageUuid)
|
||||||
values (pac.name || '-' || basis.intToVarChar(t, 4), pac.uuid);
|
values (pac.name || '-' || base.intToVarChar(t, 4), pac.uuid);
|
||||||
end loop;
|
end loop;
|
||||||
end; $$;
|
end; $$;
|
||||||
|
|
||||||
|
@ -20,5 +20,5 @@ create table if not exists hs_office_contact
|
|||||||
--changeset hs-office-contact-MAIN-TABLE-JOURNAL:1 endDelimiter:--//
|
--changeset hs-office-contact-MAIN-TABLE-JOURNAL:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
|
|
||||||
call basis.create_journal('hs_office_contact');
|
call base.create_journal('hs_office_contact');
|
||||||
--//
|
--//
|
||||||
|
@ -40,7 +40,7 @@ ALTER TABLE hs_office_contact_legacy_id
|
|||||||
--changeset hs-office-contact-MIGRATION-insert:1 endDelimiter:--//
|
--changeset hs-office-contact-MIGRATION-insert:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
|
|
||||||
CALL basis.defineContext('schema-migration');
|
CALL base.defineContext('schema-migration');
|
||||||
INSERT INTO hs_office_contact_legacy_id(uuid, contact_id)
|
INSERT INTO hs_office_contact_legacy_id(uuid, contact_id)
|
||||||
SELECT uuid, nextVal('hs_office_contact_legacy_id_seq') FROM hs_office_contact;
|
SELECT uuid, nextVal('hs_office_contact_legacy_id_seq') FROM hs_office_contact;
|
||||||
--/
|
--/
|
||||||
|
@ -15,9 +15,9 @@ declare
|
|||||||
emailAddr varchar;
|
emailAddr varchar;
|
||||||
begin
|
begin
|
||||||
emailAddr = 'contact-admin@' || cleanIdentifier(contCaption) || '.example.com';
|
emailAddr = 'contact-admin@' || cleanIdentifier(contCaption) || '.example.com';
|
||||||
call basis.defineContext('creating contact test-data');
|
call base.defineContext('creating contact test-data');
|
||||||
perform rbac.create_subject(emailAddr);
|
perform rbac.create_subject(emailAddr);
|
||||||
call basis.defineContext('creating contact test-data', null, emailAddr);
|
call base.defineContext('creating contact test-data', null, emailAddr);
|
||||||
|
|
||||||
postalAddr := E'Vorname Nachname\nStraße Hnr\nPLZ Stadt';
|
postalAddr := E'Vorname Nachname\nStraße Hnr\nPLZ Stadt';
|
||||||
|
|
||||||
@ -44,7 +44,7 @@ create or replace procedure createHsOfficeContactTestData(
|
|||||||
begin
|
begin
|
||||||
for t in startCount..endCount
|
for t in startCount..endCount
|
||||||
loop
|
loop
|
||||||
call createHsOfficeContactTestData(basis.intToVarChar(t, 4) || '#' || t);
|
call createHsOfficeContactTestData(base.intToVarChar(t, 4) || '#' || t);
|
||||||
commit;
|
commit;
|
||||||
end loop;
|
end loop;
|
||||||
end; $$;
|
end; $$;
|
||||||
|
@ -31,5 +31,5 @@ create table if not exists hs_office_person
|
|||||||
--changeset hs-office-person-MAIN-TABLE-JOURNAL:1 endDelimiter:--//
|
--changeset hs-office-person-MAIN-TABLE-JOURNAL:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
|
|
||||||
call basis.create_journal('hs_office_person');
|
call base.create_journal('hs_office_person');
|
||||||
--//
|
--//
|
||||||
|
@ -21,9 +21,9 @@ declare
|
|||||||
begin
|
begin
|
||||||
fullName := concat_ws(', ', newTradeName, newFamilyName, newGivenName);
|
fullName := concat_ws(', ', newTradeName, newFamilyName, newGivenName);
|
||||||
emailAddr = 'person-' || left(cleanIdentifier(fullName), 32) || '@example.com';
|
emailAddr = 'person-' || left(cleanIdentifier(fullName), 32) || '@example.com';
|
||||||
call basis.defineContext('creating person test-data');
|
call base.defineContext('creating person test-data');
|
||||||
perform rbac.create_subject(emailAddr);
|
perform rbac.create_subject(emailAddr);
|
||||||
call basis.defineContext('creating person test-data', null, emailAddr);
|
call base.defineContext('creating person test-data', null, emailAddr);
|
||||||
|
|
||||||
raise notice 'creating test person: % by %', fullName, emailAddr;
|
raise notice 'creating test person: % by %', fullName, emailAddr;
|
||||||
insert
|
insert
|
||||||
@ -43,7 +43,7 @@ create or replace procedure createTestPersonTestData(
|
|||||||
begin
|
begin
|
||||||
for t in startCount..endCount
|
for t in startCount..endCount
|
||||||
loop
|
loop
|
||||||
call createHsOfficePersonTestData('LP', basis.intToVarChar(t, 4));
|
call createHsOfficePersonTestData('LP', base.intToVarChar(t, 4));
|
||||||
commit;
|
commit;
|
||||||
end loop;
|
end loop;
|
||||||
end; $$;
|
end; $$;
|
||||||
|
@ -33,5 +33,5 @@ create table if not exists hs_office_relation
|
|||||||
--changeset hs-office-relation-MAIN-TABLE-JOURNAL:1 endDelimiter:--//
|
--changeset hs-office-relation-MAIN-TABLE-JOURNAL:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
|
|
||||||
call basis.create_journal('hs_office_relation');
|
call base.create_journal('hs_office_relation');
|
||||||
--//
|
--//
|
||||||
|
@ -163,7 +163,7 @@ do language plpgsql $$
|
|||||||
declare
|
declare
|
||||||
row hs_office_person;
|
row hs_office_person;
|
||||||
begin
|
begin
|
||||||
call basis.defineContext('create INSERT INTO hs_office_relation permissions for pre-exising hs_office_person rows');
|
call base.defineContext('create INSERT INTO hs_office_relation permissions for pre-exising hs_office_person rows');
|
||||||
|
|
||||||
FOR row IN SELECT * FROM hs_office_person
|
FOR row IN SELECT * FROM hs_office_person
|
||||||
-- unconditional for all rows in that table
|
-- unconditional for all rows in that table
|
||||||
|
@ -69,8 +69,8 @@ declare
|
|||||||
begin
|
begin
|
||||||
for t in startCount..endCount
|
for t in startCount..endCount
|
||||||
loop
|
loop
|
||||||
select p.* from hs_office_person p where tradeName = basis.intToVarChar(t, 4) into person;
|
select p.* from hs_office_person p where tradeName = base.intToVarChar(t, 4) into person;
|
||||||
select c.* from hs_office_contact c where c.caption = basis.intToVarChar(t, 4) || '#' || t into contact;
|
select c.* from hs_office_contact c where c.caption = base.intToVarChar(t, 4) || '#' || t into contact;
|
||||||
|
|
||||||
call createHsOfficeRelationTestData(person.uuid, contact.uuid, 'REPRESENTATIVE');
|
call createHsOfficeRelationTestData(person.uuid, contact.uuid, 'REPRESENTATIVE');
|
||||||
commit;
|
commit;
|
||||||
@ -85,7 +85,7 @@ end; $$;
|
|||||||
|
|
||||||
do language plpgsql $$
|
do language plpgsql $$
|
||||||
begin
|
begin
|
||||||
call basis.defineContext('creating relation test-data', null, 'superuser-alex@hostsharing.net', 'rbac.global#global:ADMIN');
|
call base.defineContext('creating relation test-data', null, 'superuser-alex@hostsharing.net', 'rbac.global#global:ADMIN');
|
||||||
|
|
||||||
call createHsOfficeRelationTestData('First GmbH', 'PARTNER', 'Hostsharing eG', 'first contact');
|
call createHsOfficeRelationTestData('First GmbH', 'PARTNER', 'Hostsharing eG', 'first contact');
|
||||||
call createHsOfficeRelationTestData('Firby', 'REPRESENTATIVE', 'First GmbH', 'first contact');
|
call createHsOfficeRelationTestData('Firby', 'REPRESENTATIVE', 'First GmbH', 'first contact');
|
||||||
|
@ -23,7 +23,7 @@ create table hs_office_partner_details
|
|||||||
--changeset hs-office-partner-DETAILS-TABLE-JOURNAL:1 endDelimiter:--//
|
--changeset hs-office-partner-DETAILS-TABLE-JOURNAL:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
|
|
||||||
call basis.create_journal('hs_office_partner_details');
|
call base.create_journal('hs_office_partner_details');
|
||||||
--//
|
--//
|
||||||
|
|
||||||
-- ============================================================================
|
-- ============================================================================
|
||||||
@ -83,5 +83,5 @@ create trigger hs_office_partner_delete_dependents_trigger
|
|||||||
--changeset hs-office-partner-MAIN-TABLE-JOURNAL:1 endDelimiter:--//
|
--changeset hs-office-partner-MAIN-TABLE-JOURNAL:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
|
|
||||||
call basis.create_journal('hs_office_partner');
|
call base.create_journal('hs_office_partner');
|
||||||
--//
|
--//
|
||||||
|
@ -166,7 +166,7 @@ do language plpgsql $$
|
|||||||
declare
|
declare
|
||||||
row rbac.global%ROWTYPE;
|
row rbac.global%ROWTYPE;
|
||||||
begin
|
begin
|
||||||
call basis.defineContext('create INSERT INTO hs_office_partner permissions for pre-exising rbac.Global rows');
|
call base.defineContext('create INSERT INTO hs_office_partner permissions for pre-exising rbac.Global rows');
|
||||||
|
|
||||||
FOR row IN SELECT * FROM rbac.global
|
FOR row IN SELECT * FROM rbac.global
|
||||||
-- unconditional for all rows in that table
|
-- unconditional for all rows in that table
|
||||||
|
@ -70,7 +70,7 @@ do language plpgsql $$
|
|||||||
declare
|
declare
|
||||||
row rbac.global;
|
row rbac.global;
|
||||||
begin
|
begin
|
||||||
call basis.defineContext('create INSERT INTO hs_office_partner_details permissions for pre-exising global rows');
|
call base.defineContext('create INSERT INTO hs_office_partner_details permissions for pre-exising global rows');
|
||||||
|
|
||||||
FOR row IN SELECT * FROM rbac.global
|
FOR row IN SELECT * FROM rbac.global
|
||||||
-- unconditional for all rows in that table
|
-- unconditional for all rows in that table
|
||||||
|
@ -39,7 +39,7 @@ ALTER TABLE hs_office_partner_legacy_id
|
|||||||
--changeset hs-office-partner-MIGRATION-insert:1 endDelimiter:--//
|
--changeset hs-office-partner-MIGRATION-insert:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
|
|
||||||
CALL basis.defineContext('schema-migration');
|
CALL base.defineContext('schema-migration');
|
||||||
INSERT INTO hs_office_partner_legacy_id(uuid, bp_id)
|
INSERT INTO hs_office_partner_legacy_id(uuid, bp_id)
|
||||||
SELECT uuid, nextVal('hs_office_partner_legacy_id_seq') FROM hs_office_partner;
|
SELECT uuid, nextVal('hs_office_partner_legacy_id_seq') FROM hs_office_partner;
|
||||||
--/
|
--/
|
||||||
|
@ -71,7 +71,7 @@ end; $$;
|
|||||||
|
|
||||||
do language plpgsql $$
|
do language plpgsql $$
|
||||||
begin
|
begin
|
||||||
call basis.defineContext('creating partner test-data ', null, 'superuser-alex@hostsharing.net', 'rbac.global#global:ADMIN');
|
call base.defineContext('creating partner test-data ', null, 'superuser-alex@hostsharing.net', 'rbac.global#global:ADMIN');
|
||||||
|
|
||||||
call createHsOfficePartnerTestData('Hostsharing eG', 10001, 'First GmbH', 'first contact');
|
call createHsOfficePartnerTestData('Hostsharing eG', 10001, 'First GmbH', 'first contact');
|
||||||
call createHsOfficePartnerTestData('Hostsharing eG', 10002, 'Second e.K.', 'second contact');
|
call createHsOfficePartnerTestData('Hostsharing eG', 10002, 'Second e.K.', 'second contact');
|
||||||
|
@ -18,5 +18,5 @@ create table hs_office_bankaccount
|
|||||||
--changeset hs-office-bankaccount-MAIN-TABLE-JOURNAL:1 endDelimiter:--//
|
--changeset hs-office-bankaccount-MAIN-TABLE-JOURNAL:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
|
|
||||||
call basis.create_journal('hs_office_bankaccount');
|
call base.create_journal('hs_office_bankaccount');
|
||||||
--//
|
--//
|
||||||
|
@ -15,7 +15,7 @@ declare
|
|||||||
begin
|
begin
|
||||||
emailAddr = 'bankaccount-admin@' || cleanIdentifier(givenHolder) || '.example.com';
|
emailAddr = 'bankaccount-admin@' || cleanIdentifier(givenHolder) || '.example.com';
|
||||||
perform rbac.create_subject(emailAddr);
|
perform rbac.create_subject(emailAddr);
|
||||||
call basis.defineContext('creating bankaccount test-data', null, emailAddr);
|
call base.defineContext('creating bankaccount test-data', null, emailAddr);
|
||||||
|
|
||||||
raise notice 'creating test bankaccount: %', givenHolder;
|
raise notice 'creating test bankaccount: %', givenHolder;
|
||||||
insert
|
insert
|
||||||
@ -31,7 +31,7 @@ end; $$;
|
|||||||
|
|
||||||
do language plpgsql $$
|
do language plpgsql $$
|
||||||
begin
|
begin
|
||||||
call basis.defineContext('creating bankaccount test-data');
|
call base.defineContext('creating bankaccount test-data');
|
||||||
|
|
||||||
-- IBANs+BICs taken from https://ibanvalidieren.de/beispiele.html
|
-- IBANs+BICs taken from https://ibanvalidieren.de/beispiele.html
|
||||||
call createHsOfficeBankAccountTestData('First GmbH', 'DE02120300000000202051', 'BYLADEM1001');
|
call createHsOfficeBankAccountTestData('First GmbH', 'DE02120300000000202051', 'BYLADEM1001');
|
||||||
|
@ -61,5 +61,5 @@ execute procedure deleteHsOfficeDependentsOnDebitorDelete();
|
|||||||
--changeset hs-office-debitor-MAIN-TABLE-JOURNAL:1 endDelimiter:--//
|
--changeset hs-office-debitor-MAIN-TABLE-JOURNAL:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
|
|
||||||
call basis.create_journal('hs_office_debitor');
|
call base.create_journal('hs_office_debitor');
|
||||||
--//
|
--//
|
||||||
|
@ -139,7 +139,7 @@ do language plpgsql $$
|
|||||||
declare
|
declare
|
||||||
row rbac.global%ROWTYPE;
|
row rbac.global%ROWTYPE;
|
||||||
begin
|
begin
|
||||||
call basis.defineContext('create INSERT INTO hs_office_debitor permissions for pre-exising rbac.Global rows');
|
call base.defineContext('create INSERT INTO hs_office_debitor permissions for pre-exising rbac.Global rows');
|
||||||
|
|
||||||
FOR row IN SELECT * FROM rbac.global
|
FOR row IN SELECT * FROM rbac.global
|
||||||
-- unconditional for all rows in that table
|
-- unconditional for all rows in that table
|
||||||
|
@ -50,7 +50,7 @@ end; $$;
|
|||||||
|
|
||||||
do language plpgsql $$
|
do language plpgsql $$
|
||||||
begin
|
begin
|
||||||
call basis.defineContext('creating debitor test-data', null, 'superuser-alex@hostsharing.net', 'rbac.global#global:ADMIN');
|
call base.defineContext('creating debitor test-data', null, 'superuser-alex@hostsharing.net', 'rbac.global#global:ADMIN');
|
||||||
|
|
||||||
call createHsOfficeDebitorTestData(11, 'First GmbH', 'first contact', 'fir');
|
call createHsOfficeDebitorTestData(11, 'First GmbH', 'first contact', 'fir');
|
||||||
call createHsOfficeDebitorTestData(12, 'Second e.K.', 'second contact', 'sec');
|
call createHsOfficeDebitorTestData(12, 'Second e.K.', 'second contact', 'sec');
|
||||||
|
@ -21,5 +21,5 @@ create table if not exists hs_office_sepamandate
|
|||||||
--changeset hs-office-sepamandate-MAIN-TABLE-JOURNAL:1 endDelimiter:--//
|
--changeset hs-office-sepamandate-MAIN-TABLE-JOURNAL:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
|
|
||||||
call basis.create_journal('hs_office_sepamandate');
|
call base.create_journal('hs_office_sepamandate');
|
||||||
--//
|
--//
|
||||||
|
@ -114,7 +114,7 @@ do language plpgsql $$
|
|||||||
declare
|
declare
|
||||||
row hs_office_relation;
|
row hs_office_relation;
|
||||||
begin
|
begin
|
||||||
call basis.defineContext('create INSERT INTO hs_office_sepamandate permissions for pre-exising hs_office_relation rows');
|
call base.defineContext('create INSERT INTO hs_office_sepamandate permissions for pre-exising hs_office_relation rows');
|
||||||
|
|
||||||
FOR row IN SELECT * FROM hs_office_relation
|
FOR row IN SELECT * FROM hs_office_relation
|
||||||
WHERE type = 'DEBITOR'
|
WHERE type = 'DEBITOR'
|
||||||
|
@ -41,7 +41,7 @@ ALTER TABLE hs_office_sepamandate_legacy_id
|
|||||||
--changeset hs-office-sepamandate-MIGRATION-insert:1 endDelimiter:--//
|
--changeset hs-office-sepamandate-MIGRATION-insert:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
|
|
||||||
CALL basis.defineContext('schema-migration');
|
CALL base.defineContext('schema-migration');
|
||||||
INSERT INTO hs_office_sepamandate_legacy_id(uuid, sepa_mandate_id)
|
INSERT INTO hs_office_sepamandate_legacy_id(uuid, sepa_mandate_id)
|
||||||
SELECT uuid, nextVal('hs_office_sepamandate_legacy_id_seq') FROM hs_office_sepamandate;
|
SELECT uuid, nextVal('hs_office_sepamandate_legacy_id_seq') FROM hs_office_sepamandate;
|
||||||
--/
|
--/
|
||||||
|
@ -43,7 +43,7 @@ end; $$;
|
|||||||
|
|
||||||
do language plpgsql $$
|
do language plpgsql $$
|
||||||
begin
|
begin
|
||||||
call basis.defineContext('creating SEPA-mandate test-data', null, 'superuser-alex@hostsharing.net', 'rbac.global#global:ADMIN');
|
call base.defineContext('creating SEPA-mandate test-data', null, 'superuser-alex@hostsharing.net', 'rbac.global#global:ADMIN');
|
||||||
|
|
||||||
call createHsOfficeSepaMandateTestData(10001, '11', 'DE02120300000000202051', 'ref-10001-11');
|
call createHsOfficeSepaMandateTestData(10001, '11', 'DE02120300000000202051', 'ref-10001-11');
|
||||||
call createHsOfficeSepaMandateTestData(10002, '12', 'DE02100500000054540402', 'ref-10002-12');
|
call createHsOfficeSepaMandateTestData(10002, '12', 'DE02100500000054540402', 'ref-10002-12');
|
||||||
|
@ -36,5 +36,5 @@ create table if not exists hs_office_membership
|
|||||||
--changeset hs-office-membership-MAIN-TABLE-JOURNAL:1 endDelimiter:--//
|
--changeset hs-office-membership-MAIN-TABLE-JOURNAL:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
|
|
||||||
call basis.create_journal('hs_office_membership');
|
call base.create_journal('hs_office_membership');
|
||||||
--//
|
--//
|
||||||
|
@ -101,7 +101,7 @@ do language plpgsql $$
|
|||||||
declare
|
declare
|
||||||
row rbac.global%ROWTYPE;
|
row rbac.global%ROWTYPE;
|
||||||
begin
|
begin
|
||||||
call basis.defineContext('create INSERT INTO hs_office_membership permissions for pre-exising rbac.Global rows');
|
call base.defineContext('create INSERT INTO hs_office_membership permissions for pre-exising rbac.Global rows');
|
||||||
|
|
||||||
FOR row IN SELECT * FROM rbac.global
|
FOR row IN SELECT * FROM rbac.global
|
||||||
-- unconditional for all rows in that table
|
-- unconditional for all rows in that table
|
||||||
|
@ -33,7 +33,7 @@ end; $$;
|
|||||||
|
|
||||||
do language plpgsql $$
|
do language plpgsql $$
|
||||||
begin
|
begin
|
||||||
call basis.defineContext('creating Membership test-data', null, 'superuser-alex@hostsharing.net', 'rbac.global#global:ADMIN');
|
call base.defineContext('creating Membership test-data', null, 'superuser-alex@hostsharing.net', 'rbac.global#global:ADMIN');
|
||||||
|
|
||||||
call createHsOfficeMembershipTestData(10001, '01');
|
call createHsOfficeMembershipTestData(10001, '01');
|
||||||
call createHsOfficeMembershipTestData(10002, '02');
|
call createHsOfficeMembershipTestData(10002, '02');
|
||||||
|
@ -64,5 +64,5 @@ alter table hs_office_coopsharestransaction
|
|||||||
--changeset hs-office-coopshares-MAIN-TABLE-JOURNAL:1 endDelimiter:--//
|
--changeset hs-office-coopshares-MAIN-TABLE-JOURNAL:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
|
|
||||||
call basis.create_journal('hs_office_coopsharestransaction');
|
call base.create_journal('hs_office_coopsharestransaction');
|
||||||
--//
|
--//
|
||||||
|
@ -77,7 +77,7 @@ do language plpgsql $$
|
|||||||
declare
|
declare
|
||||||
row hs_office_membership;
|
row hs_office_membership;
|
||||||
begin
|
begin
|
||||||
call basis.defineContext('create INSERT INTO hs_office_coopsharestransaction permissions for pre-exising hs_office_membership rows');
|
call base.defineContext('create INSERT INTO hs_office_coopsharestransaction permissions for pre-exising hs_office_membership rows');
|
||||||
|
|
||||||
FOR row IN SELECT * FROM hs_office_membership
|
FOR row IN SELECT * FROM hs_office_membership
|
||||||
-- unconditional for all rows in that table
|
-- unconditional for all rows in that table
|
||||||
|
@ -40,7 +40,7 @@ ALTER TABLE hs_office_coopsharestransaction_legacy_id
|
|||||||
--changeset hs-office-coopshares-MIGRATION-insert:1 endDelimiter:--//
|
--changeset hs-office-coopshares-MIGRATION-insert:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
|
|
||||||
CALL basis.defineContext('schema-migration');
|
CALL base.defineContext('schema-migration');
|
||||||
INSERT INTO hs_office_coopsharestransaction_legacy_id(uuid, member_share_id)
|
INSERT INTO hs_office_coopsharestransaction_legacy_id(uuid, member_share_id)
|
||||||
SELECT uuid, nextVal('hs_office_coopsharestransaction_legacy_id_seq') FROM hs_office_coopsharestransaction;
|
SELECT uuid, nextVal('hs_office_coopsharestransaction_legacy_id_seq') FROM hs_office_coopsharestransaction;
|
||||||
--/
|
--/
|
||||||
|
@ -43,7 +43,7 @@ end; $$;
|
|||||||
|
|
||||||
do language plpgsql $$
|
do language plpgsql $$
|
||||||
begin
|
begin
|
||||||
call basis.defineContext('creating coopSharesTransaction test-data');
|
call base.defineContext('creating coopSharesTransaction test-data');
|
||||||
SET CONSTRAINTS ALL DEFERRED;
|
SET CONSTRAINTS ALL DEFERRED;
|
||||||
|
|
||||||
call createHsOfficeCoopSharesTransactionTestData(10001, '01');
|
call createHsOfficeCoopSharesTransactionTestData(10001, '01');
|
||||||
|
@ -72,5 +72,5 @@ alter table hs_office_coopassetstransaction
|
|||||||
--changeset hs-office-coopassets-MAIN-TABLE-JOURNAL:1 endDelimiter:--//
|
--changeset hs-office-coopassets-MAIN-TABLE-JOURNAL:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
|
|
||||||
call basis.create_journal('hs_office_coopassetstransaction');
|
call base.create_journal('hs_office_coopassetstransaction');
|
||||||
--//
|
--//
|
||||||
|
@ -77,7 +77,7 @@ do language plpgsql $$
|
|||||||
declare
|
declare
|
||||||
row hs_office_membership;
|
row hs_office_membership;
|
||||||
begin
|
begin
|
||||||
call basis.defineContext('create INSERT INTO hs_office_coopassetstransaction permissions for pre-exising hs_office_membership rows');
|
call base.defineContext('create INSERT INTO hs_office_coopassetstransaction permissions for pre-exising hs_office_membership rows');
|
||||||
|
|
||||||
FOR row IN SELECT * FROM hs_office_membership
|
FOR row IN SELECT * FROM hs_office_membership
|
||||||
-- unconditional for all rows in that table
|
-- unconditional for all rows in that table
|
||||||
|
@ -40,7 +40,7 @@ ALTER TABLE hs_office_coopassetstransaction_legacy_id
|
|||||||
--changeset hs-office-coopassets-MIGRATION-insert:1 endDelimiter:--//
|
--changeset hs-office-coopassets-MIGRATION-insert:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
|
|
||||||
CALL basis.defineContext('schema-migration');
|
CALL base.defineContext('schema-migration');
|
||||||
INSERT INTO hs_office_coopassetstransaction_legacy_id(uuid, member_asset_id)
|
INSERT INTO hs_office_coopassetstransaction_legacy_id(uuid, member_asset_id)
|
||||||
SELECT uuid, nextVal('hs_office_coopassetstransaction_legacy_id_seq') FROM hs_office_coopassetstransaction;
|
SELECT uuid, nextVal('hs_office_coopassetstransaction_legacy_id_seq') FROM hs_office_coopassetstransaction;
|
||||||
--/
|
--/
|
||||||
|
@ -43,7 +43,7 @@ end; $$;
|
|||||||
|
|
||||||
do language plpgsql $$
|
do language plpgsql $$
|
||||||
begin
|
begin
|
||||||
call basis.defineContext('creating coopAssetsTransaction test-data');
|
call base.defineContext('creating coopAssetsTransaction test-data');
|
||||||
SET CONSTRAINTS ALL DEFERRED;
|
SET CONSTRAINTS ALL DEFERRED;
|
||||||
|
|
||||||
call createHsOfficeCoopAssetsTransactionTestData(10001, '01');
|
call createHsOfficeCoopAssetsTransactionTestData(10001, '01');
|
||||||
|
@ -18,12 +18,12 @@ create table if not exists hs_booking_project
|
|||||||
--changeset hs-booking-project-MAIN-TABLE-JOURNAL:1 endDelimiter:--//
|
--changeset hs-booking-project-MAIN-TABLE-JOURNAL:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
|
|
||||||
call basis.create_journal('hs_booking_project');
|
call base.create_journal('hs_booking_project');
|
||||||
--//
|
--//
|
||||||
|
|
||||||
|
|
||||||
-- ============================================================================
|
-- ============================================================================
|
||||||
--changeset hs-booking-project-MAIN-TABLE-HISTORIZATION:1 endDelimiter:--//
|
--changeset hs-booking-project-MAIN-TABLE-HISTORIZATION:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
call basis.tx_create_historicization('hs_booking_project');
|
call base.tx_create_historicization('hs_booking_project');
|
||||||
--//
|
--//
|
||||||
|
@ -108,7 +108,7 @@ do language plpgsql $$
|
|||||||
declare
|
declare
|
||||||
row hs_office_relation;
|
row hs_office_relation;
|
||||||
begin
|
begin
|
||||||
call basis.defineContext('create INSERT INTO hs_booking_project permissions for pre-exising hs_office_relation rows');
|
call base.defineContext('create INSERT INTO hs_booking_project permissions for pre-exising hs_office_relation rows');
|
||||||
|
|
||||||
FOR row IN SELECT * FROM hs_office_relation
|
FOR row IN SELECT * FROM hs_office_relation
|
||||||
WHERE type = 'DEBITOR'
|
WHERE type = 'DEBITOR'
|
||||||
|
@ -39,7 +39,7 @@ end; $$;
|
|||||||
|
|
||||||
do language plpgsql $$
|
do language plpgsql $$
|
||||||
begin
|
begin
|
||||||
call basis.defineContext('creating booking-project test-data', null, 'superuser-alex@hostsharing.net', 'rbac.global#global:ADMIN');
|
call base.defineContext('creating booking-project test-data', null, 'superuser-alex@hostsharing.net', 'rbac.global#global:ADMIN');
|
||||||
|
|
||||||
call createHsBookingProjectTransactionTestData(10001, '11');
|
call createHsBookingProjectTransactionTestData(10001, '11');
|
||||||
call createHsBookingProjectTransactionTestData(10002, '12');
|
call createHsBookingProjectTransactionTestData(10002, '12');
|
||||||
|
@ -35,13 +35,13 @@ create table if not exists hs_booking_item
|
|||||||
--changeset hs-booking-item-MAIN-TABLE-JOURNAL:1 endDelimiter:--//
|
--changeset hs-booking-item-MAIN-TABLE-JOURNAL:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
|
|
||||||
call basis.create_journal('hs_booking_item');
|
call base.create_journal('hs_booking_item');
|
||||||
--//
|
--//
|
||||||
|
|
||||||
|
|
||||||
-- ============================================================================
|
-- ============================================================================
|
||||||
--changeset hs-booking-item-MAIN-TABLE-HISTORIZATION:1 endDelimiter:--//
|
--changeset hs-booking-item-MAIN-TABLE-HISTORIZATION:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
call basis.tx_create_historicization('hs_booking_item');
|
call base.tx_create_historicization('hs_booking_item');
|
||||||
--//
|
--//
|
||||||
|
|
||||||
|
@ -107,7 +107,7 @@ do language plpgsql $$
|
|||||||
declare
|
declare
|
||||||
row rbac.global%ROWTYPE;
|
row rbac.global%ROWTYPE;
|
||||||
begin
|
begin
|
||||||
call basis.defineContext('create INSERT INTO hs_booking_item permissions for pre-exising rbac.global rows');
|
call base.defineContext('create INSERT INTO hs_booking_item permissions for pre-exising rbac.global rows');
|
||||||
|
|
||||||
FOR row IN SELECT * FROM rbac.global
|
FOR row IN SELECT * FROM rbac.global
|
||||||
-- unconditional for all rows in that table
|
-- unconditional for all rows in that table
|
||||||
@ -150,7 +150,7 @@ do language plpgsql $$
|
|||||||
declare
|
declare
|
||||||
row hs_booking_project;
|
row hs_booking_project;
|
||||||
begin
|
begin
|
||||||
call basis.defineContext('create INSERT INTO hs_booking_item permissions for pre-exising hs_booking_project rows');
|
call base.defineContext('create INSERT INTO hs_booking_item permissions for pre-exising hs_booking_project rows');
|
||||||
|
|
||||||
FOR row IN SELECT * FROM hs_booking_project
|
FOR row IN SELECT * FROM hs_booking_project
|
||||||
-- unconditional for all rows in that table
|
-- unconditional for all rows in that table
|
||||||
|
@ -47,7 +47,7 @@ do language plpgsql $$
|
|||||||
declare
|
declare
|
||||||
currentTask text;
|
currentTask text;
|
||||||
begin
|
begin
|
||||||
call basis.defineContext('creating booking-item test-data', null, 'superuser-alex@hostsharing.net', 'rbac.global#global:ADMIN');
|
call base.defineContext('creating booking-item test-data', null, 'superuser-alex@hostsharing.net', 'rbac.global#global:ADMIN');
|
||||||
|
|
||||||
call createHsBookingItemTransactionTestData(10001, '11');
|
call createHsBookingItemTransactionTestData(10001, '11');
|
||||||
call createHsBookingItemTransactionTestData(10002, '12');
|
call createHsBookingItemTransactionTestData(10002, '12');
|
||||||
|
@ -107,7 +107,7 @@ do language plpgsql $$
|
|||||||
declare
|
declare
|
||||||
row rbac.global%ROWTYPE;
|
row rbac.global%ROWTYPE;
|
||||||
begin
|
begin
|
||||||
call basis.defineContext('create INSERT INTO hs_booking_item permissions for pre-exising rbac.global rows');
|
call base.defineContext('create INSERT INTO hs_booking_item permissions for pre-exising rbac.global rows');
|
||||||
|
|
||||||
FOR row IN SELECT * FROM rbac.global
|
FOR row IN SELECT * FROM rbac.global
|
||||||
-- unconditional for all rows in that table
|
-- unconditional for all rows in that table
|
||||||
@ -150,7 +150,7 @@ do language plpgsql $$
|
|||||||
declare
|
declare
|
||||||
row hs_booking_project;
|
row hs_booking_project;
|
||||||
begin
|
begin
|
||||||
call basis.defineContext('create INSERT INTO hs_booking_item permissions for pre-exising hs_booking_project rows');
|
call base.defineContext('create INSERT INTO hs_booking_item permissions for pre-exising hs_booking_project rows');
|
||||||
|
|
||||||
FOR row IN SELECT * FROM hs_booking_project
|
FOR row IN SELECT * FROM hs_booking_project
|
||||||
-- unconditional for all rows in that table
|
-- unconditional for all rows in that table
|
||||||
|
@ -91,7 +91,7 @@ begin
|
|||||||
when 'IPV4_NUMBER' then null
|
when 'IPV4_NUMBER' then null
|
||||||
when 'IPV6_NUMBER' then null
|
when 'IPV6_NUMBER' then null
|
||||||
|
|
||||||
else basis.raiseException(format('[400] unknown asset type %s', NEW.type::text))
|
else base.raiseException(format('[400] unknown asset type %s', NEW.type::text))
|
||||||
end);
|
end);
|
||||||
|
|
||||||
if expectedParentType is not null and actualParentType is null then
|
if expectedParentType is not null and actualParentType is null then
|
||||||
@ -166,14 +166,14 @@ execute procedure hs_hosting_asset_booking_item_hierarchy_check_tf();
|
|||||||
-- ============================================================================
|
-- ============================================================================
|
||||||
--changeset hs-hosting-asset-MAIN-TABLE-JOURNAL:1 endDelimiter:--//
|
--changeset hs-hosting-asset-MAIN-TABLE-JOURNAL:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
call basis.create_journal('hs_hosting_asset');
|
call base.create_journal('hs_hosting_asset');
|
||||||
--//
|
--//
|
||||||
|
|
||||||
|
|
||||||
-- ============================================================================
|
-- ============================================================================
|
||||||
--changeset hs-hosting-asset-MAIN-TABLE-HISTORIZATION:1 endDelimiter:--//
|
--changeset hs-hosting-asset-MAIN-TABLE-HISTORIZATION:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
call basis.tx_create_historicization('hs_hosting_asset');
|
call base.tx_create_historicization('hs_hosting_asset');
|
||||||
--//
|
--//
|
||||||
|
|
||||||
|
|
||||||
|
@ -30,7 +30,7 @@ declare
|
|||||||
pgSqlInstanceUuid uuid;
|
pgSqlInstanceUuid uuid;
|
||||||
PgSqlSubjectUuid uuid;
|
PgSqlSubjectUuid uuid;
|
||||||
begin
|
begin
|
||||||
call basis.defineContext('creating hosting-asset test-data', null, 'superuser-alex@hostsharing.net', 'rbac.global#global:ADMIN');
|
call base.defineContext('creating hosting-asset test-data', null, 'superuser-alex@hostsharing.net', 'rbac.global#global:ADMIN');
|
||||||
|
|
||||||
select project.* into relatedProject
|
select project.* into relatedProject
|
||||||
from hs_booking_project project
|
from hs_booking_project project
|
||||||
@ -110,7 +110,7 @@ end; $$;
|
|||||||
|
|
||||||
do language plpgsql $$
|
do language plpgsql $$
|
||||||
begin
|
begin
|
||||||
call basis.defineContext('creating hosting-asset test-data', null, 'superuser-alex@hostsharing.net', 'rbac.global#global:ADMIN');
|
call base.defineContext('creating hosting-asset test-data', null, 'superuser-alex@hostsharing.net', 'rbac.global#global:ADMIN');
|
||||||
|
|
||||||
call createHsHostingAssetTestData('D-1000111 default project');
|
call createHsHostingAssetTestData('D-1000111 default project');
|
||||||
call createHsHostingAssetTestData('D-1000212 default project');
|
call createHsHostingAssetTestData('D-1000212 default project');
|
||||||
|
@ -1,32 +1,32 @@
|
|||||||
databaseChangeLog:
|
databaseChangeLog:
|
||||||
- include:
|
- include:
|
||||||
file: db/changelog/0-basis/000-basis-schema.sql
|
file: db/changelog/0-base/000-base-schema.sql
|
||||||
- include:
|
- include:
|
||||||
file: db/changelog/0-basis/001-last-row-count.sql
|
file: db/changelog/0-base/001-last-row-count.sql
|
||||||
- include:
|
- include:
|
||||||
file: db/changelog/0-basis/002-int-to-var.sql
|
file: db/changelog/0-base/002-int-to-var.sql
|
||||||
- include:
|
- include:
|
||||||
file: db/changelog/0-basis/003-random-in-range.sql
|
file: db/changelog/0-base/003-random-in-range.sql
|
||||||
- include:
|
- include:
|
||||||
file: db/changelog/0-basis/004-jsonb-changes-delta.sql
|
file: db/changelog/0-base/004-jsonb-changes-delta.sql
|
||||||
- include:
|
- include:
|
||||||
file: db/changelog/0-basis/005-uuid-ossp-extension.sql
|
file: db/changelog/0-base/005-uuid-ossp-extension.sql
|
||||||
- include:
|
- include:
|
||||||
file: db/changelog/0-basis/006-numeric-hash-functions.sql
|
file: db/changelog/0-base/006-numeric-hash-functions.sql
|
||||||
- include:
|
- include:
|
||||||
file: db/changelog/0-basis/007-table-columns.sql
|
file: db/changelog/0-base/007-table-columns.sql
|
||||||
- include:
|
- include:
|
||||||
file: db/changelog/0-basis/008-raise-functions.sql
|
file: db/changelog/0-base/008-raise-functions.sql
|
||||||
- include:
|
- include:
|
||||||
file: db/changelog/0-basis/009-check-environment.sql
|
file: db/changelog/0-base/009-check-environment.sql
|
||||||
- include:
|
- include:
|
||||||
file: db/changelog/0-basis/010-context.sql
|
file: db/changelog/0-base/010-context.sql
|
||||||
- include:
|
- include:
|
||||||
file: db/changelog/0-basis/020-audit-log.sql
|
file: db/changelog/0-base/020-audit-log.sql
|
||||||
- include:
|
- include:
|
||||||
file: db/changelog/0-basis/030-historization.sql
|
file: db/changelog/0-base/030-historization.sql
|
||||||
- include:
|
- include:
|
||||||
file: db/changelog/0-basis/090-log-slow-queries-extensions.sql
|
file: db/changelog/0-base/090-log-slow-queries-extensions.sql
|
||||||
- include:
|
- include:
|
||||||
file: db/changelog/1-rbac/1000-rbac-schema.sql
|
file: db/changelog/1-rbac/1000-rbac-schema.sql
|
||||||
- include:
|
- include:
|
||||||
|
@ -69,7 +69,7 @@ class HsBookingItemRepositoryIntegrationTest extends ContextBasedTestWithCleanup
|
|||||||
// given
|
// given
|
||||||
final var query = em.createNativeQuery("""
|
final var query = em.createNativeQuery("""
|
||||||
select currentTask, targetTable, targetOp, targetdelta->>'caption'
|
select currentTask, targetTable, targetOp, targetdelta->>'caption'
|
||||||
from basis.tx_journal_v
|
from base.tx_journal_v
|
||||||
where targettable = 'hs_booking_item';
|
where targettable = 'hs_booking_item';
|
||||||
""");
|
""");
|
||||||
|
|
||||||
|
@ -64,7 +64,7 @@ class HsBookingProjectRepositoryIntegrationTest extends ContextBasedTestWithClea
|
|||||||
// given
|
// given
|
||||||
final var query = em.createNativeQuery("""
|
final var query = em.createNativeQuery("""
|
||||||
select currentTask, targetTable, targetOp, targetdelta->>'caption'
|
select currentTask, targetTable, targetOp, targetdelta->>'caption'
|
||||||
from basis.tx_journal_v
|
from base.tx_journal_v
|
||||||
where targettable = 'hs_booking_project';
|
where targettable = 'hs_booking_project';
|
||||||
""");
|
""");
|
||||||
|
|
||||||
|
@ -77,7 +77,7 @@ class HsHostingAssetRepositoryIntegrationTest extends ContextBasedTestWithCleanu
|
|||||||
// given
|
// given
|
||||||
final var query = em.createNativeQuery("""
|
final var query = em.createNativeQuery("""
|
||||||
select currentTask, targetTable, targetOp, targetdelta->>'caption'
|
select currentTask, targetTable, targetOp, targetdelta->>'caption'
|
||||||
from basis.tx_journal_v
|
from base.tx_journal_v
|
||||||
where targettable = 'hs_hosting_asset';
|
where targettable = 'hs_hosting_asset';
|
||||||
""");
|
""");
|
||||||
|
|
||||||
|
@ -299,8 +299,8 @@ public class CsvDataImport extends ContextBasedTest {
|
|||||||
jpaAttempt.transacted(() -> {
|
jpaAttempt.transacted(() -> {
|
||||||
context(rbacSuperuser);
|
context(rbacSuperuser);
|
||||||
em.createNativeQuery("delete from rbac.subject_rv where name not like 'superuser-%'").executeUpdate();
|
em.createNativeQuery("delete from rbac.subject_rv where name not like 'superuser-%'").executeUpdate();
|
||||||
em.createNativeQuery("delete from basis.tx_journal where true").executeUpdate();
|
em.createNativeQuery("delete from base.tx_journal where true").executeUpdate();
|
||||||
em.createNativeQuery("delete from basis.tx_context where true").executeUpdate();
|
em.createNativeQuery("delete from base.tx_context where true").executeUpdate();
|
||||||
}).assertSuccessful();
|
}).assertSuccessful();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -272,7 +272,7 @@ class HsOfficeBankAccountRepositoryIntegrationTest extends ContextBasedTestWithC
|
|||||||
// given
|
// given
|
||||||
final var query = em.createNativeQuery("""
|
final var query = em.createNativeQuery("""
|
||||||
select currentTask, targetTable, targetOp, targetdelta->>'iban'
|
select currentTask, targetTable, targetOp, targetdelta->>'iban'
|
||||||
from basis.tx_journal_v
|
from base.tx_journal_v
|
||||||
where targettable = 'hs_office_bankaccount';
|
where targettable = 'hs_office_bankaccount';
|
||||||
""");
|
""");
|
||||||
|
|
||||||
|
@ -257,7 +257,7 @@ class HsOfficeContactRbacRepositoryIntegrationTest extends ContextBasedTestWithC
|
|||||||
// given
|
// given
|
||||||
final var query = em.createNativeQuery("""
|
final var query = em.createNativeQuery("""
|
||||||
select currentTask, targetTable, targetOp, targetdelta->>'caption'
|
select currentTask, targetTable, targetOp, targetdelta->>'caption'
|
||||||
from basis.tx_journal_v
|
from base.tx_journal_v
|
||||||
where targettable = 'hs_office_contact';
|
where targettable = 'hs_office_contact';
|
||||||
""");
|
""");
|
||||||
|
|
||||||
|
@ -221,7 +221,7 @@ class HsOfficeCoopAssetsTransactionRepositoryIntegrationTest extends ContextBase
|
|||||||
// given
|
// given
|
||||||
final var query = em.createNativeQuery("""
|
final var query = em.createNativeQuery("""
|
||||||
select currentTask, targetTable, targetOp, targetdelta->>'reference'
|
select currentTask, targetTable, targetOp, targetdelta->>'reference'
|
||||||
from basis.tx_journal_v
|
from base.tx_journal_v
|
||||||
where targettable = 'hs_office_coopassetstransaction';
|
where targettable = 'hs_office_coopassetstransaction';
|
||||||
""");
|
""");
|
||||||
|
|
||||||
|
@ -220,7 +220,7 @@ class HsOfficeCoopSharesTransactionRepositoryIntegrationTest extends ContextBase
|
|||||||
// given
|
// given
|
||||||
final var query = em.createNativeQuery("""
|
final var query = em.createNativeQuery("""
|
||||||
select currentTask, targetTable, targetOp, targetdelta->>'reference'
|
select currentTask, targetTable, targetOp, targetdelta->>'reference'
|
||||||
from basis.tx_journal_v
|
from base.tx_journal_v
|
||||||
where targettable = 'hs_office_coopsharestransaction';
|
where targettable = 'hs_office_coopsharestransaction';
|
||||||
""");
|
""");
|
||||||
|
|
||||||
|
@ -590,7 +590,7 @@ class HsOfficeDebitorRepositoryIntegrationTest extends ContextBasedTestWithClean
|
|||||||
// given
|
// given
|
||||||
final var query = em.createNativeQuery("""
|
final var query = em.createNativeQuery("""
|
||||||
select currentTask, targetTable, targetOp, targetdelta->>'defaultprefix'
|
select currentTask, targetTable, targetOp, targetdelta->>'defaultprefix'
|
||||||
from basis.tx_journal_v
|
from base.tx_journal_v
|
||||||
where targettable = 'hs_office_debitor';
|
where targettable = 'hs_office_debitor';
|
||||||
""");
|
""");
|
||||||
|
|
||||||
|
@ -337,7 +337,7 @@ class HsOfficeMembershipRepositoryIntegrationTest extends ContextBasedTestWithCl
|
|||||||
// given
|
// given
|
||||||
final var query = em.createNativeQuery("""
|
final var query = em.createNativeQuery("""
|
||||||
select currentTask, targetTable, targetOp, targetdelta->>'membernumbersuffix'
|
select currentTask, targetTable, targetOp, targetdelta->>'membernumbersuffix'
|
||||||
from basis.tx_journal_v
|
from base.tx_journal_v
|
||||||
where targettable = 'hs_office_membership';
|
where targettable = 'hs_office_membership';
|
||||||
""");
|
""");
|
||||||
|
|
||||||
|
@ -434,7 +434,7 @@ class HsOfficePartnerRepositoryIntegrationTest extends ContextBasedTestWithClean
|
|||||||
// given
|
// given
|
||||||
final var query = em.createNativeQuery("""
|
final var query = em.createNativeQuery("""
|
||||||
select currentTask, targetTable, targetOp, targetdelta->>'partnernumber'
|
select currentTask, targetTable, targetOp, targetdelta->>'partnernumber'
|
||||||
from basis.tx_journal_v
|
from base.tx_journal_v
|
||||||
where targettable = 'hs_office_partner';
|
where targettable = 'hs_office_partner';
|
||||||
""");
|
""");
|
||||||
|
|
||||||
|
@ -261,7 +261,7 @@ class HsOfficePersonRepositoryIntegrationTest extends ContextBasedTestWithCleanu
|
|||||||
// given
|
// given
|
||||||
final var query = em.createNativeQuery("""
|
final var query = em.createNativeQuery("""
|
||||||
select currentTask, targetTable, targetOp, targetdelta->>'tradename', targetdelta->>'lastname'
|
select currentTask, targetTable, targetOp, targetdelta->>'tradename', targetdelta->>'lastname'
|
||||||
from basis.tx_journal_v
|
from base.tx_journal_v
|
||||||
where targettable = 'hs_office_person';
|
where targettable = 'hs_office_person';
|
||||||
""");
|
""");
|
||||||
|
|
||||||
|
@ -395,7 +395,7 @@ class HsOfficeRelationRepositoryIntegrationTest extends ContextBasedTestWithClea
|
|||||||
// given
|
// given
|
||||||
final var query = em.createNativeQuery("""
|
final var query = em.createNativeQuery("""
|
||||||
select currentTask, targetTable, targetOp, targetdelta->>'mark'
|
select currentTask, targetTable, targetOp, targetdelta->>'mark'
|
||||||
from basis.tx_journal_v
|
from base.tx_journal_v
|
||||||
where targettable = 'hs_office_relation';
|
where targettable = 'hs_office_relation';
|
||||||
""");
|
""");
|
||||||
|
|
||||||
|
@ -380,7 +380,7 @@ class HsOfficeSepaMandateRepositoryIntegrationTest extends ContextBasedTestWithC
|
|||||||
// given
|
// given
|
||||||
final var query = em.createNativeQuery("""
|
final var query = em.createNativeQuery("""
|
||||||
select currentTask, targetTable, targetOp, targetdelta->>'reference'
|
select currentTask, targetTable, targetOp, targetdelta->>'reference'
|
||||||
from basis.tx_journal_v
|
from base.tx_journal_v
|
||||||
where targettable = 'hs_office_sepamandate';
|
where targettable = 'hs_office_sepamandate';
|
||||||
""");
|
""");
|
||||||
|
|
||||||
|
@ -81,7 +81,7 @@ class ContextIntegrationTests {
|
|||||||
// then
|
// then
|
||||||
result.assertExceptionWithRootCauseMessage(
|
result.assertExceptionWithRootCauseMessage(
|
||||||
jakarta.persistence.PersistenceException.class,
|
jakarta.persistence.PersistenceException.class,
|
||||||
"[401] subject unknown@example.org given in `basis.defineContext(...)` does not exist");
|
"[401] subject unknown@example.org given in `base.defineContext(...)` does not exist");
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
|
@ -28,7 +28,7 @@ import static org.mockito.Mockito.verify;
|
|||||||
class ContextUnitTest {
|
class ContextUnitTest {
|
||||||
|
|
||||||
private static final String DEFINE_CONTEXT_QUERY_STRING = """
|
private static final String DEFINE_CONTEXT_QUERY_STRING = """
|
||||||
call basis.defineContext(
|
call base.defineContext(
|
||||||
cast(:currentTask as varchar(127)),
|
cast(:currentTask as varchar(127)),
|
||||||
cast(:currentRequest as text),
|
cast(:currentRequest as text),
|
||||||
cast(:currentSubject as varchar(63)),
|
cast(:currentSubject as varchar(63)),
|
||||||
|
@ -146,7 +146,7 @@ class RbacRoleRepositoryIntegrationTest {
|
|||||||
|
|
||||||
result.assertExceptionWithRootCauseMessage(
|
result.assertExceptionWithRootCauseMessage(
|
||||||
JpaSystemException.class,
|
JpaSystemException.class,
|
||||||
"[401] currentSubjectOrAssumedRolesUuids cannot be determined, please call `basis.defineContext(...)` with a valid subject");
|
"[401] currentSubjectOrAssumedRolesUuids cannot be determined, please call `base.defineContext(...)` with a valid subject");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user
müsste das nicht grantRoleToSubjectUnchecked heißen