introduce separate database-schemas base+rbac #103
@ -20,7 +20,7 @@ begin
|
||||
return currentSubjectOrAssumedRolesUuids[1];
|
||||
end; $$;
|
||||
|
||||
create or replace procedure rbac.grantRoleToUserUnchecked(grantedByRoleUuid uuid, grantedRoleUuid uuid, subjectUuid uuid, doAssume boolean = true)
|
||||
create or replace procedure rbac.grantRoleToSubjectUnchecked(grantedByRoleUuid uuid, grantedRoleUuid uuid, subjectUuid uuid, doAssume boolean = true)
|
||||
language plpgsql as $$
|
||||
begin
|
||||
perform rbac.assertReferenceType('grantingRoleUuid', grantedByRoleUuid, 'rbac.role');
|
||||
|
@ -57,7 +57,7 @@ begin
|
||||
end if;
|
||||
foreach subjectUuid in array subjectUuids
|
||||
loop
|
||||
call rbac.grantRoleToUserUnchecked(userGrantsByRoleUuid, roleUuid, subjectUuid);
|
||||
call rbac.grantRoleToSubjectUnchecked(userGrantsByRoleUuid, roleUuid, subjectUuid);
|
||||
end loop;
|
||||
end if;
|
||||
|
||||
|
@ -158,8 +158,8 @@ do language plpgsql $$
|
||||
call base.defineContext('creating fake test-realm admin users', null, null, null);
|
||||
|
||||
admins = rbac.findRoleId(rbac.globalAdmin());
|
||||
call rbac.grantRoleToUserUnchecked(admins, admins, rbac.create_subject('superuser-alex@hostsharing.net'));
|
||||
call rbac.grantRoleToUserUnchecked(admins, admins, rbac.create_subject('superuser-fran@hostsharing.net'));
|
||||
call rbac.grantRoleToSubjectUnchecked(admins, admins, rbac.create_subject('superuser-alex@hostsharing.net'));
|
||||
hsh-michaelhoennig marked this conversation as resolved
Outdated
|
||||
call rbac.grantRoleToSubjectUnchecked(admins, admins, rbac.create_subject('superuser-fran@hostsharing.net'));
|
||||
perform rbac.create_subject('selfregistered-user-drew@hostsharing.org');
|
||||
perform rbac.create_subject('selfregistered-test-user@hostsharing.org');
|
||||
end;
|
||||
|
Loading…
Reference in New Issue
Block a user
müsste das nicht grantRoleToSubjectUnchecked heißen