hostsharing/hs.hsadmin.ng
6
0
Fork 0
Code Pull Requests 2 Activity

introduce-separate-database-schema-hs-office-and-amend-generators #105

Merged
hsh-michaelhoennig merged 5 commits from introduce-separate-database-schema-hs-office-and-amend-generators into master 2024-09-18 10:28:21 +02:00
Conversation 0 Commits 5 Files Changed 91 +1015 -1002
91 changed files with 1015 additions and 1002 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
doc/rbac-performance-analysis.md
View File

@ -206,14 +206,14 @@ Limit (cost=6549.08..6549.35 rows=54 width=16)
```SQL
SELECT hore1_0.uuid,a1_0.uuid,a1_0.familyname,a1_0.givenname,a1_0.persontype,a1_0.salutation,a1_0.title,a1_0.tradename,a1_0.version,c1_0.uuid,c1_0.caption,c1_0.emailaddresses,c1_0.phonenumbers,c1_0.postaladdress,c1_0.version,h1_0.uuid,h1_0.familyname,h1_0.givenname,h1_0.persontype,h1_0.salutation,h1_0.title,h1_0.tradename,h1_0.version,hore1_0.mark,hore1_0.type,hore1_0.version
FROM hs_office_relation_rv hore1_0
LEFT JOIN hs_office_person_rv a1_0 ON a1_0.uuid=hore1_0.anchoruuid
LEFT JOIN hs_office_contact_rv c1_0 ON c1_0.uuid=hore1_0.contactuuid
LEFT JOIN hs_office_person_rv h1_0 ON h1_0.uuid=hore1_0.holderuuid
FROM hs_office.relation_rv hore1_0
LEFT JOIN hs_office.person_rv a1_0 ON a1_0.uuid=hore1_0.anchoruuid
LEFT JOIN hs_office.contact_rv c1_0 ON c1_0.uuid=hore1_0.contactuuid
LEFT JOIN hs_office.person_rv h1_0 ON h1_0.uuid=hore1_0.holderuuid
WHERE hore1_0.uuid=$1
```
That query on the `hs_office_relation_rv`-table joins the three references anchor-person, holder-person and contact.
That query on the `hs_office.relation_rv`-table joins the three references anchor-person, holder-person and contact.
### Total-Query-Time > Total-Import-Runtime
@ -270,16 +270,16 @@ At this point, the import took 21mins with these statistics:
| query | calls | total_m | mean_ms |
|-------|-------|---------|---------|
| select hore1_0.uuid,a1_0.uuid,a1_0.familyname,a1_0.givenname,a1_0.persontype,a1_0.salutation,a1_0.title,a1_0.tradename,a1_0.version,c1_0.uuid,c1_0.caption,c1_0.emailaddresses,c1_0.phonenumbers,c1_0.postaladdress, c1_0.version,h1_0.uuid,h1_0.familyname,h1_0.givenname,h1_0.persontype,h1_0.salutation,h1_0.title,h1_0.tradename,h1_0.version,hore1_0.mark,hore1_0.type,hore1_0.version from public.hs_office_relation_rv hore1_0 left join public.hs_office_person_rv a1_0 on a1_0.uuid=hore1_0.anchoruuid left join public.hs_office_contact_rv c1_0 on c1_0.uuid=hore1_0.contactuuid left join public.hs_office_person_rv h1_0 on h1_0.uuid=hore1_0.holderuuid where hore1_0.uuid=$1 | 517 | 11 | 1282 |
| select hope1_0.uuid,hope1_0.familyname,hope1_0.givenname,hope1_0.persontype,hope1_0.salutation,hope1_0.title,hope1_0.tradename,hope1_0.version from public.hs_office_person_rv hope1_0 where hope1_0.uuid=$1 | 973 | 4 | 254 |
| select hoce1_0.uuid,hoce1_0.caption,hoce1_0.emailaddresses,hoce1_0.phonenumbers,hoce1_0.postaladdress,hoce1_0.version from public.hs_office_contact_rv hoce1_0 where hoce1_0.uuid=$1 | 973 | 4 | 253 |
| select hore1_0.uuid,a1_0.uuid,a1_0.familyname,a1_0.givenname,a1_0.persontype,a1_0.salutation,a1_0.title,a1_0.tradename,a1_0.version,c1_0.uuid,c1_0.caption,c1_0.emailaddresses,c1_0.phonenumbers,c1_0.postaladdress, c1_0.version,h1_0.uuid,h1_0.familyname,h1_0.givenname,h1_0.persontype,h1_0.salutation,h1_0.title,h1_0.tradename,h1_0.version,hore1_0.mark,hore1_0.type,hore1_0.version from public.hs_office.relation_rv hore1_0 left join public.hs_office.person_rv a1_0 on a1_0.uuid=hore1_0.anchoruuid left join public.hs_office.contact_rv c1_0 on c1_0.uuid=hore1_0.contactuuid left join public.hs_office.person_rv h1_0 on h1_0.uuid=hore1_0.holderuuid where hore1_0.uuid=$1 | 517 | 11 | 1282 |
| select hope1_0.uuid,hope1_0.familyname,hope1_0.givenname,hope1_0.persontype,hope1_0.salutation,hope1_0.title,hope1_0.tradename,hope1_0.version from public.hs_office.person_rv hope1_0 where hope1_0.uuid=$1 | 973 | 4 | 254 |
| select hoce1_0.uuid,hoce1_0.caption,hoce1_0.emailaddresses,hoce1_0.phonenumbers,hoce1_0.postaladdress,hoce1_0.version from public.hs_office.contact_rv hoce1_0 where hoce1_0.uuid=$1 | 973 | 4 | 253 |
| call rbac.grantRoleToRole(roleUuid, superRoleUuid, superRoleDesc.assumed) | 31316 | 0 | 1 |
| call buildRbacSystemForHsHostingAsset(NEW) | 2258 | 0 | 7 |
| select * from rbac.isGranted(array[granteeId], grantedId) | 44613 | 0 | 0 |
| insert into public.hs_hosting_asset_rv (alarmcontactuuid,assignedtoassetuuid,bookingitemuuid,caption,config,identifier,parentassetuuid,type,version,uuid) values ($1,$2,$3,$4,$5,$6,$7,$8,$9,$10) | 2207 | 0 | 7 |
| insert into hs_hosting_asset (alarmcontactuuid, version, bookingitemuuid, type, parentassetuuid, assignedtoassetuuid, config, uuid, identifier, caption) values (new.alarmcontactuuid, new. version, new. bookingitemuuid, new. type, new. parentassetuuid, new. assignedtoassetuuid, new. config, new. uuid, new. identifier, new. caption) returning * | 2207 | 0 | 7 |
| insert into public.hs_office_relation_rv (anchoruuid,contactuuid,holderuuid,mark,type,version,uuid) values ($1,$2,$3,$4,$5,$6,$7) | 1261 | 0 | 9 |
| insert into hs_office_relation (uuid, version, anchoruuid, holderuuid, contactuuid, type, mark) values (new.uuid, new. version, new. anchoruuid, new. holderuuid, new. contactuuid, new. type, new. mark) returning * | 1261 | 0 | 9 |
| insert into public.hs_office.relation_rv (anchoruuid,contactuuid,holderuuid,mark,type,version,uuid) values ($1,$2,$3,$4,$5,$6,$7) | 1261 | 0 | 9 |
| insert into hs_office.relation (uuid, version, anchoruuid, holderuuid, contactuuid, type, mark) values (new.uuid, new. version, new. anchoruuid, new. holderuuid, new. contactuuid, new. type, new. mark) returning * | 1261 | 0 | 9 |
| call buildRbacSystemForHsOfficeRelation(NEW) | 1276 | 0 | 8 |
| with recursive grants as ( select descendantUuid, ascendantUuid from RbacGrants where descendantUuid = grantedId union all select ""grant"".descendantUuid, ""grant"".ascendantUuid from RbacGrants ""grant"" inner join grants recur on recur.ascendantUuid = ""grant"".descendantUuid ) select exists ( select $3 from grants where ascendantUuid = any(granteeIds) ) or grantedId = any(granteeIds) | 47540 | 0 | 0 |
| insert into RbacGrants (grantedByTriggerOf, ascendantuuid, descendantUuid, assumed) values (currentTriggerObjectUuid(), superRoleId, subRoleId, doAssume) on conflict do nothing" | 40472 | 0 | 0 |
@ -294,17 +294,17 @@ We changed these mappings from `EAGER` (default) to `LAZY` to `@ManyToOne(fetch
:::small
| query | calls | total (min) | mean (ms) |
|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------|-------------|----------|
| select hope1_0.uuid,hope1_0.familyname,hope1_0.givenname,hope1_0.persontype,hope1_0.salutation,hope1_0.title,hope1_0.tradename,hope1_0.version from public.hs_office_person_rv hope1_0 where hope1_0.uuid=$1 | 1015 | 4 | 238 |
| select hore1_0.uuid,hore1_0.anchoruuid,hore1_0.contactuuid,hore1_0.holderuuid,hore1_0.mark,hore1_0.type,hore1_0.version from public.hs_office_relation_rv hore1_0 where hore1_0.uuid=$1 | 517 | 4 | 439 |
| select hoce1_0.uuid,hoce1_0.caption,hoce1_0.emailaddresses,hoce1_0.phonenumbers,hoce1_0.postaladdress,hoce1_0.version from public.hs_office_contact_rv hoce1_0 where hoce1_0.uuid=$1 | 497 | 2 | 213 |
| select hope1_0.uuid,hope1_0.familyname,hope1_0.givenname,hope1_0.persontype,hope1_0.salutation,hope1_0.title,hope1_0.tradename,hope1_0.version from public.hs_office.person_rv hope1_0 where hope1_0.uuid=$1 | 1015 | 4 | 238 |
| select hore1_0.uuid,hore1_0.anchoruuid,hore1_0.contactuuid,hore1_0.holderuuid,hore1_0.mark,hore1_0.type,hore1_0.version from public.hs_office.relation_rv hore1_0 where hore1_0.uuid=$1 | 517 | 4 | 439 |
| select hoce1_0.uuid,hoce1_0.caption,hoce1_0.emailaddresses,hoce1_0.phonenumbers,hoce1_0.postaladdress,hoce1_0.version from public.hs_office.contact_rv hoce1_0 where hoce1_0.uuid=$1 | 497 | 2 | 213 |
| call rbac.grantRoleToRole(roleUuid, superRoleUuid, superRoleDesc.assumed) | 31316 | 0 | 1 |
| select * from rbac.isGranted(array[granteeId], grantedId) | 44613 | 0 | 0 |
| call buildRbacSystemForHsHostingAsset(NEW) | 2258 | 0 | 7 |
| insert into public.hs_hosting_asset_rv (alarmcontactuuid,assignedtoassetuuid,bookingitemuuid,caption,config,identifier,parentassetuuid,type,version,uuid) values ($1,$2,$3,$4,$5,$6,$7,$8,$9,$10) | 2207 | 0 | 7 |
| insert into hs_hosting_asset (alarmcontactuuid, version, bookingitemuuid, type, parentassetuuid, assignedtoassetuuid, config, uuid, identifier, caption) values (new.alarmcontactuuid, new. version, new. bookingitemuuid, new. type, new. parentassetuuid, new. assignedtoassetuuid, new. config, new. uuid, new. identifier, new. caption) returning * | 2207 | 0 | 7 |
| with recursive grants as ( select descendantUuid, ascendantUuid from RbacGrants where descendantUuid = grantedId union all select ""grant"".descendantUuid, ""grant"".ascendantUuid from RbacGrants ""grant"" inner join grants recur on recur.ascendantUuid = ""grant"".descendantUuid ) select exists ( select $3 from grants where ascendantUuid = any(granteeIds) ) or grantedId = any(granteeIds) | 47538 | 0 | 0 |
insert into public.hs_office_relation_rv (anchoruuid,contactuuid,holderuuid,mark,type,version,uuid) values ($1,$2,$3,$4,$5,$6,$7) | 1261 | 0 | 8 |
| insert into hs_office_relation (uuid, version, anchoruuid, holderuuid, contactuuid, type, mark) values (new.uuid, new. version, new. anchoruuid, new. holderuuid, new. contactuuid, new. type, new. mark) returning * | 1261 | 0 | 8 |
insert into public.hs_office.relation_rv (anchoruuid,contactuuid,holderuuid,mark,type,version,uuid) values ($1,$2,$3,$4,$5,$6,$7) | 1261 | 0 | 8 |
| insert into hs_office.relation (uuid, version, anchoruuid, holderuuid, contactuuid, type, mark) values (new.uuid, new. version, new. anchoruuid, new. holderuuid, new. contactuuid, new. type, new. mark) returning * | 1261 | 0 | 8 |
| call buildRbacSystemForHsOfficeRelation(NEW) | 1276 | 0 | 7 |
| insert into public.hs_booking_item_rv (caption,parentitemuuid,projectuuid,resources,type,validity,version,uuid) values ($1,$2,$3,$4,$5,$6,$7,$8) | 926 | 0 | 7 |
| insert into hs_booking_item (resources, version, projectuuid, type, parentitemuuid, validity, uuid, caption) values (new.resources, new. version, new. projectuuid, new. type, new. parentitemuuid, new. validity, new. uuid, new. caption) returning * | 926 | 0 | 7 |
@ -331,13 +331,13 @@ Now, the longest running queries are these:
| No.| calls | total_m | mean_ms | query |
|---:|---------|--------:|--------:|:-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| 1 | 13.093 | 4 | 21 | insert into hs_hosting_asset( uuid, type, bookingitemuuid, parentassetuuid, assignedtoassetuuid, alarmcontactuuid, identifier, caption, config, version) values ( $1, $2, $3, $4, $5, $6, $7, $8, cast($9 as jsonb), $10) |
| 2 | 517 | 4 | 502 | select hore1_0.uuid,hore1_0.anchoruuid,hore1_0.contactuuid,hore1_0.holderuuid,hore1_0.mark,hore1_0.type,hore1_0.version from public.hs_office_relation_rv hore1_0 where hore1_0.uuid=$1 |
| 2 | 517 | 4 | 502 | select hore1_0.uuid,hore1_0.anchoruuid,hore1_0.contactuuid,hore1_0.holderuuid,hore1_0.mark,hore1_0.type,hore1_0.version from public.hs_office.relation_rv hore1_0 where hore1_0.uuid=$1 |
| 3 | 13.144 | 4 | 21 | call buildRbacSystemForHsHostingAsset(NEW) |
| 4 | 96.632 | 3 | 2 | call rbac.grantRoleToRole(roleUuid, superRoleUuid, superRoleDesc.assumed) |
| 5 | 120.815 | 3 | 2 | select * from rbac.isGranted(array[granteeId], grantedId) |
| 6 | 123.740 | 3 | 2 | with recursive grants as ( select descendantUuid, ascendantUuid from RbacGrants where descendantUuid = grantedId union all select "grant".descendantUuid, "grant".ascendantUuid from RbacGrants "grant" inner join grants recur on recur.ascendantUuid = "grant".descendantUuid ) select exists ( select $3 from grants where ascendantUuid = any(granteeIds) ) or grantedId = any(granteeIds) |
| 7 | 497 | 2 | 259 | select hoce1_0.uuid,hoce1_0.caption,hoce1_0.emailaddresses,hoce1_0.phonenumbers,hoce1_0.postaladdress,hoce1_0.version from public.hs_office_contact_rv hoce1_0 where hoce1_0.uuid=$1 |
| 8 | 497 | 2 | 255 | select hope1_0.uuid,hope1_0.familyname,hope1_0.givenname,hope1_0.persontype,hope1_0.salutation,hope1_0.title,hope1_0.tradename,hope1_0.version from public.hs_office_person_rv hope1_0 where hope1_0.uuid=$1 |
| 7 | 497 | 2 | 259 | select hoce1_0.uuid,hoce1_0.caption,hoce1_0.emailaddresses,hoce1_0.phonenumbers,hoce1_0.postaladdress,hoce1_0.version from public.hs_office.contact_rv hoce1_0 where hoce1_0.uuid=$1 |
| 8 | 497 | 2 | 255 | select hope1_0.uuid,hope1_0.familyname,hope1_0.givenname,hope1_0.persontype,hope1_0.salutation,hope1_0.title,hope1_0.tradename,hope1_0.version from public.hs_office.person_rv hope1_0 where hope1_0.uuid=$1 |
| 9 | 13.144 | 1 | 8 | SELECT createRoleWithGrants( hsHostingAssetTENANT(NEW), permissions => array[$7], incomingSuperRoles => array[ hsHostingAssetAGENT(NEW), hsOfficeContactADMIN(newAlarmContact)], outgoingSubRoles => array[ hsBookingItemTENANT(newBookingItem), hsHostingAssetTENANT(newParentAsset)] ) |
| 10 | 13.144 | 1 | 5 | SELECT createRoleWithGrants( hsHostingAssetADMIN(NEW), permissions => array[$7], incomingSuperRoles => array[ hsBookingItemAGENT(newBookingItem), hsHostingAssetAGENT(newParentAsset), hsHostingAssetOWNER(NEW)] ) |
@ -345,7 +345,7 @@ That the `INSERT into hs_hosting_asset` (No. 1) takes up the most time, seems to
It seems that the trigger effects (eg. No. 3 and No. 4) are included in the measure for the causing INSERT, otherwise summing up the totals would exceed the actual total time of the whole import. And it was to be expected that building the RBAC rules for new business objects takes most of the time.
In production, the `SELECT ... FROM hs_office_relation_rv` (No. 2) with about 0.5 seconds could still be a problem. But once we apply the improvements from the hosting asset area also to the office area, this should not be a problem for the import anymore.
In production, the `SELECT ... FROM hs_office.relation_rv` (No. 2) with about 0.5 seconds could still be a problem. But once we apply the improvements from the hosting asset area also to the office area, this should not be a problem for the import anymore.
## Further Options To Explore

4
src/main/java/net/hostsharing/hsadminng/hs/booking/item/HsBookingItemRbacEntity.java
View File

@ -4,7 +4,7 @@ import lombok.Getter;
import lombok.NoArgsConstructor;
import lombok.Setter;
import lombok.experimental.SuperBuilder;
import net.hostsharing.hsadminng.hs.booking.project.HsBookingProject;
import net.hostsharing.hsadminng.hs.booking.project.HsBookingProjectRbacEntity;
import net.hostsharing.hsadminng.rbac.generator.RbacView;
import net.hostsharing.hsadminng.rbac.generator.RbacView.SQL;
@ -49,7 +49,7 @@ public class HsBookingItemRbacEntity extends HsBookingItem {
.toRole(GLOBAL, ADMIN).grantPermission(INSERT) // TODO.impl: Why is this necessary to insert test data?
.toRole(GLOBAL, ADMIN).grantPermission(DELETE)
.importEntityAlias("project", HsBookingProject.class, usingDefaultCase(),
.importEntityAlias("project", HsBookingProjectRbacEntity.class, usingDefaultCase(),
dependsOnColumn("projectUuid"),
directlyFetchedByDependsOnColumn(),
NULLABLE)

8
src/main/java/net/hostsharing/hsadminng/hs/booking/project/HsBookingProject.java
View File

@ -68,11 +68,11 @@ public abstract class HsBookingProject implements Stringifyable, BaseEntity<HsBo
}
public static RbacView rbac() {
return rbacViewFor("project", HsBookingProject.class)
return rbacViewFor("project", HsBookingProjectRbacEntity.class)
.withIdentityView(SQL.query("""
SELECT bookingProject.uuid as uuid, debitorIV.idName || '-' || base.cleanIdentifier(bookingProject.caption) as idName
FROM hs_booking_project bookingProject
JOIN hs_office_debitor_iv debitorIV ON debitorIV.uuid = bookingProject.debitorUuid
JOIN hs_office.debitor_iv debitorIV ON debitorIV.uuid = bookingProject.debitorUuid
"""))
.withRestrictedViewOrderBy(SQL.expression("caption"))
.withUpdatableColumns("version", "caption")
@ -86,8 +86,8 @@ public abstract class HsBookingProject implements Stringifyable, BaseEntity<HsBo
dependsOnColumn("debitorUuid"),
fetchedBySql("""
SELECT ${columns}
FROM hs_office_relation debitorRel
JOIN hs_office_debitor debitor ON debitor.debitorRelUuid = debitorRel.uuid
FROM hs_office.relation debitorRel
JOIN hs_office.debitor debitor ON debitor.debitorRelUuid = debitorRel.uuid
WHERE debitor.uuid = ${REF}.debitorUuid
"""),
NOT_NULL)

6
src/main/java/net/hostsharing/hsadminng/hs/booking/project/HsBookingProjectRbacEntity.java
View File

@ -44,7 +44,7 @@ public class HsBookingProjectRbacEntity extends HsBookingProject {
.withIdentityView(SQL.query("""
SELECT bookingProject.uuid as uuid, debitorIV.idName || '-' || base.cleanIdentifier(bookingProject.caption) as idName
FROM hs_booking_project bookingProject
JOIN hs_office_debitor_iv debitorIV ON debitorIV.uuid = bookingProject.debitorUuid
JOIN hs_office.debitor_iv debitorIV ON debitorIV.uuid = bookingProject.debitorUuid
"""))
.withRestrictedViewOrderBy(SQL.expression("caption"))
.withUpdatableColumns("version", "caption")
@ -58,8 +58,8 @@ public class HsBookingProjectRbacEntity extends HsBookingProject {
dependsOnColumn("debitorUuid"),
fetchedBySql("""
SELECT ${columns}
FROM hs_office_relation debitorRel
JOIN hs_office_debitor debitor ON debitor.debitorRelUuid = debitorRel.uuid
FROM hs_office.relation debitorRel
JOIN hs_office.debitor debitor ON debitor.debitorRelUuid = debitorRel.uuid
WHERE debitor.uuid = ${REF}.debitorUuid
"""),
NOT_NULL)

4
src/main/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAssetRbacEntity.java
View File

@ -4,7 +4,7 @@ import lombok.Getter;
import lombok.NoArgsConstructor;
import lombok.Setter;
import lombok.experimental.SuperBuilder;
import net.hostsharing.hsadminng.hs.booking.item.HsBookingItem;
import net.hostsharing.hsadminng.hs.booking.item.HsBookingItemRbacEntity;
import net.hostsharing.hsadminng.hs.office.contact.HsOfficeContactRbacEntity;
import net.hostsharing.hsadminng.rbac.generator.RbacView;
import net.hostsharing.hsadminng.rbac.generator.RbacView.SQL;
@ -47,7 +47,7 @@ public class HsHostingAssetRbacEntity extends HsHostingAsset {
.withUpdatableColumns("version", "caption", "config", "assignedToAssetUuid", "alarmContactUuid")
.toRole(GLOBAL, ADMIN).grantPermission(INSERT) // TODO.impl: Why is this necessary to insert test data?
.importEntityAlias("bookingItem", HsBookingItem.class, usingDefaultCase(),
.importEntityAlias("bookingItem", HsBookingItemRbacEntity.class, usingDefaultCase(),
dependsOnColumn("bookingItemUuid"),
directlyFetchedByDependsOnColumn(),
NULLABLE)

2
src/main/java/net/hostsharing/hsadminng/hs/office/bankaccount/HsOfficeBankAccountEntity.java
View File

@ -19,7 +19,7 @@ import static net.hostsharing.hsadminng.rbac.generator.RbacView.Role.*;
import static net.hostsharing.hsadminng.stringify.Stringify.stringify;
@Entity
@Table(name = "hs_office_bankaccount_rv")
@Table(schema = "hs_office", name = "bankaccount_rv")
@Getter
@Setter
@Builder

2
src/main/java/net/hostsharing/hsadminng/hs/office/contact/HsOfficeContactRbacEntity.java
View File

@ -16,7 +16,7 @@ import static net.hostsharing.hsadminng.rbac.generator.RbacView.Role.*;
import static net.hostsharing.hsadminng.rbac.generator.RbacView.rbacViewFor;
@Entity
@Table(name = "hs_office_contact_rv")
@Table(schema = "hs_office", name = "contact_rv")
@Getter
@Setter
@NoArgsConstructor

2
src/main/java/net/hostsharing/hsadminng/hs/office/contact/HsOfficeContactRealEntity.java
View File

@ -10,7 +10,7 @@ import jakarta.persistence.Entity;
import jakarta.persistence.Table;
@Entity
@Table(name = "hs_office_contact")
@Table(schema = "hs_office", name = "contact")
@Getter
@Setter
@NoArgsConstructor

2
src/main/java/net/hostsharing/hsadminng/hs/office/coopassets/HsOfficeCoopAssetsTransactionEntity.java
View File

@ -34,7 +34,7 @@ import static net.hostsharing.hsadminng.rbac.generator.RbacView.rbacViewFor;
import static net.hostsharing.hsadminng.stringify.Stringify.stringify;
@Entity
@Table(name = "hs_office_coopassetstransaction_rv")
@Table(schema = "hs_office", name = "coopassetstransaction_rv")
@Getter
@Setter
@Builder

2
src/main/java/net/hostsharing/hsadminng/hs/office/coopshares/HsOfficeCoopSharesTransactionEntity.java
View File

@ -32,7 +32,7 @@ import static net.hostsharing.hsadminng.rbac.generator.RbacView.rbacViewFor;
import static net.hostsharing.hsadminng.stringify.Stringify.stringify;
@Entity
@Table(name = "hs_office_coopsharestransaction_rv")
@Table(schema = "hs_office", name = "coopsharestransaction_rv")
@Getter
@Setter
@Builder

20
src/main/java/net/hostsharing/hsadminng/hs/office/debitor/HsOfficeDebitorEntity.java
View File

@ -54,7 +54,7 @@ import static net.hostsharing.hsadminng.rbac.generator.RbacView.rbacViewFor;
import static net.hostsharing.hsadminng.stringify.Stringify.stringify;
@Entity
@Table(name = "hs_office_debitor_rv")
@Table(schema = "hs_office", name = "debitor_rv")
@Getter
@Setter
@Builder(toBuilder = true)
@ -87,10 +87,10 @@ public class HsOfficeDebitorEntity implements BaseEntity<HsOfficeDebitorEntity>,
value = """
(
SELECT DISTINCT partner.uuid
FROM hs_office_partner_rv partner
JOIN hs_office_relation_rv dRel
FROM hs_office.partner_rv partner
JOIN hs_office.relation_rv dRel
ON dRel.uuid = debitorreluuid AND dRel.type = 'DEBITOR'
JOIN hs_office_relation_rv pRel
JOIN hs_office.relation_rv pRel
ON pRel.uuid = partner.partnerRelUuid AND pRel.type = 'PARTNER'
WHERE pRel.holderUuid = dRel.anchorUuid
)
@ -170,14 +170,14 @@ public class HsOfficeDebitorEntity implements BaseEntity<HsOfficeDebitorEntity>,
.withIdentityView(SQL.query("""
SELECT debitor.uuid AS uuid,
'D-' || (SELECT partner.partnerNumber
FROM hs_office_partner partner
JOIN hs_office_relation partnerRel
FROM hs_office.partner partner
JOIN hs_office.relation partnerRel
ON partnerRel.uuid = partner.partnerRelUUid AND partnerRel.type = 'PARTNER'
JOIN hs_office_relation debitorRel
JOIN hs_office.relation debitorRel
ON debitorRel.anchorUuid = partnerRel.holderUuid AND debitorRel.type = 'DEBITOR'
WHERE debitorRel.uuid = debitor.debitorRelUuid)
|| debitorNumberSuffix as idName
FROM hs_office_debitor AS debitor
FROM hs_office.debitor AS debitor
"""))
.withRestrictedViewOrderBy(SQL.projection("defaultPrefix"))
.withUpdatableColumns(
@ -209,8 +209,8 @@ public class HsOfficeDebitorEntity implements BaseEntity<HsOfficeDebitorEntity>,
dependsOnColumn("debitorRelUuid"),
fetchedBySql("""
SELECT ${columns}
FROM hs_office_relation AS partnerRel
JOIN hs_office_relation AS debitorRel
FROM hs_office.relation AS partnerRel
JOIN hs_office.relation AS debitorRel
ON debitorRel.type = 'DEBITOR' AND debitorRel.anchorUuid = partnerRel.holderUuid
WHERE partnerRel.type = 'PARTNER'
AND ${REF}.debitorRelUuid = debitorRel.uuid

10
src/main/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipEntity.java
View File

@ -56,7 +56,7 @@ import static net.hostsharing.hsadminng.rbac.generator.RbacView.rbacViewFor;
import static net.hostsharing.hsadminng.stringify.Stringify.stringify;
@Entity
@Table(name = "hs_office_membership_rv")
@Table(schema = "hs_office", name = "membership_rv")
@Getter
@Setter
@Builder
@ -160,8 +160,8 @@ public class HsOfficeMembershipEntity implements BaseEntity<HsOfficeMembershipEn
.withIdentityView(SQL.query("""
SELECT m.uuid AS uuid,
'M-' || p.partnerNumber || m.memberNumberSuffix as idName
FROM hs_office_membership AS m
JOIN hs_office_partner AS p ON p.uuid = m.partnerUuid
FROM hs_office.membership AS m
JOIN hs_office.partner AS p ON p.uuid = m.partnerUuid
"""))
.withRestrictedViewOrderBy(SQL.projection("validity"))
.withUpdatableColumns("validity", "membershipFeeBillable", "status")
@ -170,8 +170,8 @@ public class HsOfficeMembershipEntity implements BaseEntity<HsOfficeMembershipEn
dependsOnColumn("partnerUuid"),
fetchedBySql("""
SELECT ${columns}
FROM hs_office_partner AS partner
JOIN hs_office_relation AS partnerRel ON partnerRel.uuid = partner.partnerRelUuid
FROM hs_office.partner AS partner
JOIN hs_office.relation AS partnerRel ON partnerRel.uuid = partner.partnerRelUuid
WHERE partner.uuid = ${REF}.partnerUuid
"""),
NOT_NULL)

8
src/main/java/net/hostsharing/hsadminng/hs/office/partner/HsOfficePartnerDetailsEntity.java
View File

@ -20,7 +20,7 @@ import static net.hostsharing.hsadminng.rbac.generator.RbacView.rbacViewFor;
import static net.hostsharing.hsadminng.stringify.Stringify.stringify;
@Entity
@Table(name = "hs_office_partner_details_rv")
@Table(schema = "hs_office", name = "partner_details_rv")
@Getter
@Setter
@Builder
@ -71,9 +71,9 @@ public class HsOfficePartnerDetailsEntity implements BaseEntity<HsOfficePartnerD
return rbacViewFor("partnerDetails", HsOfficePartnerDetailsEntity.class)
.withIdentityView(SQL.query("""
SELECT partnerDetails.uuid as uuid, partner_iv.idName as idName
FROM hs_office_partner_details AS partnerDetails
JOIN hs_office_partner partner ON partner.detailsUuid = partnerDetails.uuid
JOIN hs_office_partner_iv partner_iv ON partner_iv.uuid = partner.uuid
FROM hs_office.partner_details AS partnerDetails
JOIN hs_office.partner partner ON partner.detailsUuid = partnerDetails.uuid
JOIN hs_office.partner_iv partner_iv ON partner_iv.uuid = partner.uuid
"""))
.withRestrictedViewOrderBy(SQL.expression("uuid"))
.withUpdatableColumns(

2
src/main/java/net/hostsharing/hsadminng/hs/office/partner/HsOfficePartnerEntity.java
View File

@ -36,7 +36,7 @@ import static java.util.Optional.ofNullable;
import static net.hostsharing.hsadminng.stringify.Stringify.stringify;
@Entity
@Table(name = "hs_office_partner_rv")
@Table(schema = "hs_office", name = "partner_rv")
@Getter
@Setter
@Builder

2
src/main/java/net/hostsharing/hsadminng/hs/office/person/HsOfficePersonEntity.java
View File

@ -22,7 +22,7 @@ import static net.hostsharing.hsadminng.rbac.generator.RbacView.rbacViewFor;
import static net.hostsharing.hsadminng.stringify.Stringify.stringify;
@Entity
@Table(name = "hs_office_person_rv")
@Table(schema = "hs_office", name = "person_rv")
@Getter
@Setter
@Builder

8
src/main/java/net/hostsharing/hsadminng/hs/office/relation/HsOfficeRelationRbacEntity.java
View File

@ -34,7 +34,7 @@ import static net.hostsharing.hsadminng.rbac.generator.RbacView.SQL.directlyFetc
import static net.hostsharing.hsadminng.rbac.generator.RbacView.rbacViewFor;
@Entity
@Table(name = "hs_office_relation_rv")
@Table(schema = "hs_office", name = "relation_rv")
@NoArgsConstructor
@Getter
@Setter
@ -45,12 +45,12 @@ public class HsOfficeRelationRbacEntity extends HsOfficeRelation {
public static RbacView rbac() {
return rbacViewFor("relation", HsOfficeRelationRbacEntity.class)
.withIdentityView(SQL.projection("""
(select idName from hs_office_person_iv p where p.uuid = anchorUuid)
(select idName from hs_office.person_iv p where p.uuid = anchorUuid)
|| '-with-' || target.type || '-'
|| (select idName from hs_office_person_iv p where p.uuid = holderUuid)
|| (select idName from hs_office.person_iv p where p.uuid = holderUuid)
"""))
.withRestrictedViewOrderBy(SQL.expression(
"(select idName from hs_office_person_iv p where p.uuid = target.holderUuid)"))
"(select idName from hs_office.person_iv p where p.uuid = target.holderUuid)"))
.withUpdatableColumns("contactUuid")
.importEntityAlias("anchorPerson", HsOfficePersonEntity.class, usingDefaultCase(),
dependsOnColumn("anchorUuid"),

4
src/main/java/net/hostsharing/hsadminng/hs/office/relation/HsOfficeRelationRbacRepository.java
View File

@ -17,13 +17,13 @@ public interface HsOfficeRelationRbacRepository extends Repository<HsOfficeRelat
}
@Query(value = """
SELECT p.* FROM hs_office_relation_rv AS p
SELECT p.* FROM hs_office.relation_rv AS p
WHERE p.anchorUuid = :personUuid OR p.holderUuid = :personUuid
""", nativeQuery = true)
List<HsOfficeRelationRbacEntity> findRelationRelatedToPersonUuid(@NotNull UUID personUuid);
@Query(value = """
SELECT p.* FROM hs_office_relation_rv AS p
SELECT p.* FROM hs_office.relation_rv AS p
WHERE (:relationType IS NULL OR p.type = cast(:relationType AS HsOfficeRelationType))
AND ( p.anchorUuid = :personUuid OR p.holderUuid = :personUuid)
""", nativeQuery = true)

2
src/main/java/net/hostsharing/hsadminng/hs/office/relation/HsOfficeRelationRealEntity.java
View File

@ -11,7 +11,7 @@ import jakarta.persistence.Table;
@Entity
@Table(name = "hs_office_relation")
@Table(schema = "hs_office", name = "relation")
@NoArgsConstructor
@Getter
@Setter

4
src/main/java/net/hostsharing/hsadminng/hs/office/relation/HsOfficeRelationRealRepository.java
View File

@ -17,13 +17,13 @@ public interface HsOfficeRelationRealRepository extends Repository<HsOfficeRelat
}
@Query(value = """
SELECT p.* FROM hs_office_relation AS p
SELECT p.* FROM hs_office.relation AS p
WHERE p.anchorUuid = :personUuid OR p.holderUuid = :personUuid
""", nativeQuery = true)
List<HsOfficeRelationRealEntity> findRelationRelatedToPersonUuid(@NotNull UUID personUuid);
@Query(value = """
SELECT p.* FROM hs_office_relation AS p
SELECT p.* FROM hs_office.relation AS p
WHERE (:relationType IS NULL OR p.type = cast(:relationType AS HsOfficeRelationType))
AND ( p.anchorUuid = :personUuid OR p.holderUuid = :personUuid)
""", nativeQuery = true)

10
src/main/java/net/hostsharing/hsadminng/hs/office/sepamandate/HsOfficeSepaMandateEntity.java
View File

@ -33,7 +33,7 @@ import static net.hostsharing.hsadminng.rbac.generator.RbacView.rbacViewFor;
import static net.hostsharing.hsadminng.stringify.Stringify.stringify;
@Entity
@Table(name = "hs_office_sepamandate_rv")
@Table(schema = "hs_office", name = "sepamandate_rv")
@Getter
@Setter
@Builder
@ -104,8 +104,8 @@ public class HsOfficeSepaMandateEntity implements Stringifyable, BaseEntity<HsOf
return rbacViewFor("sepaMandate", HsOfficeSepaMandateEntity.class)
.withIdentityView(query("""
select sm.uuid as uuid, ba.iban || '-' || sm.validity as idName
from hs_office_sepamandate sm
join hs_office_bankaccount ba on ba.uuid = sm.bankAccountUuid
from hs_office.sepamandate sm
join hs_office.bankaccount ba on ba.uuid = sm.bankAccountUuid
"""))
.withRestrictedViewOrderBy(expression("validity"))
.withUpdatableColumns("reference", "agreement", "validity")
@ -114,8 +114,8 @@ public class HsOfficeSepaMandateEntity implements Stringifyable, BaseEntity<HsOf
dependsOnColumn("debitorUuid"),
fetchedBySql("""
SELECT ${columns}
FROM hs_office_relation debitorRel
JOIN hs_office_debitor debitor ON debitor.debitorRelUuid = debitorRel.uuid
FROM hs_office.relation debitorRel
JOIN hs_office.debitor debitor ON debitor.debitorRelUuid = debitorRel.uuid
WHERE debitor.uuid = ${REF}.debitorUuid
"""),
NOT_NULL)

4
src/main/java/net/hostsharing/hsadminng/rbac/generator/InsertTriggerGenerator.java
View File

@ -213,7 +213,7 @@ public class InsertTriggerGenerator {
if (g.getSuperRoleDef().isGlobal(GUEST)) {
plPgSql.writeLn(
"""
-- check INSERT INSERT permission for rbac.global anyone
-- check INSERT permission for rbac.global anyone
if ${caseCondition}true then
return NEW;
end if;
@ -222,7 +222,7 @@ public class InsertTriggerGenerator {
} else if (g.getSuperRoleDef().isGlobal(ADMIN)) {
plPgSql.writeLn(
"""
-- check INSERT INSERT if rbac.global ADMIN
-- check INSERT permission if rbac.global ADMIN
if ${caseCondition}rbac.isGlobalAdmin() then
return NEW;
end if;

12
src/main/java/net/hostsharing/hsadminng/rbac/generator/RbacView.java
View File

@ -12,7 +12,6 @@ import jakarta.persistence.Version;
import jakarta.validation.constraints.NotNull;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.lang.reflect.Modifier;
import java.nio.file.Path;
import java.util.*;
import java.util.function.Consumer;
@ -983,10 +982,10 @@ public class RbacView {
String getRawTableShortName() {
// TODO.impl: some combined function and trigger names are too long
// maybe we should shorten the table name e.g. hs_office_coopsharestransaction -> hsof.coopsharetx
// maybe we should shorten the table name e.g. hs_office.coopsharestransaction -> hsof.coopsharetx
// this is just a workaround:
return getRawTableName()
.replace("hs_office_", "hsof_")
.replace("hs_office.", "hsof.")
.replace("hs_booking_", "hsbk_")
.replace("hs_hosting_", "hsho_")
.replace("coopsharestransaction", "coopsharetx")
@ -1274,13 +1273,14 @@ public class RbacView {
public static Set<Class<? extends BaseEntity>> findRbacEntityClasses(String packageName) {
final var reflections = new Reflections(packageName, TypeAnnotationsScanner.class);
return reflections.getTypesAnnotatedWith(Entity.class).stream()
.filter(c -> stream(c.getInterfaces()).anyMatch(i -> i== BaseEntity.class))
final Set<Class<? extends BaseEntity>> rbacEntityClasses = reflections.getTypesAnnotatedWith(Entity.class).stream()
.filter(BaseEntity.class::isAssignableFrom)
.filter(c -> stream(c.getDeclaredMethods())
.anyMatch(m -> m.getName().equals("rbac") && Modifier.isStatic(m.getModifiers()))
.anyMatch(m -> m.getName().equals("rbac") && isStatic(m.getModifiers()))
)
.map(RbacView::castToSubclassOfBaseEntity)
.collect(Collectors.toSet());
return rbacEntityClasses;
}
@SuppressWarnings("unchecked")

73
src/main/java/net/hostsharing/hsadminng/rbac/generator/RolesGrantsAndPermissionsGenerator.java
View File

@ -29,7 +29,7 @@ class RolesGrantsAndPermissionsGenerator {
private final String liquibaseTagPrefix;
private final String simpleEntityName;
private final String simpleEntityVarName;
private final String rawTableName;
private final String qualifiedRawTableName;
RolesGrantsAndPermissionsGenerator(final RbacView rbacDef, final String liquibaseTagPrefix) {
this.rbacDef = rbacDef;
@ -40,7 +40,7 @@ class RolesGrantsAndPermissionsGenerator {
simpleEntityVarName = rbacDef.getRootEntityAlias().simpleName();
simpleEntityName = capitalize(simpleEntityVarName);
rawTableName = rbacDef.getRootEntityAlias().getRawTableNameWithSchema();
qualifiedRawTableName = rbacDef.getRootEntityAlias().getRawTableNameWithSchema();
}
void generateTo(final StringWriter plPgSql) {
@ -66,13 +66,12 @@ class RolesGrantsAndPermissionsGenerator {
Creates the roles, grants and permission for the AFTER INSERT TRIGGER.
*/
create or replace procedure buildRbacSystemFor${simpleEntityName}(
NEW ${rawTableName}
create or replace procedure ${rawTableQualifiedName}_build_rbac_system(
NEW ${rawTableQualifiedName}
)
language plpgsql as $$
"""
.replace("${simpleEntityName}", simpleEntityName)
.replace("${rawTableName}", rawTableName));
.replace("${rawTableQualifiedName}", qualifiedRawTableName));
plPgSql.writeLn("declare");
plPgSql.indented(() -> {
@ -106,21 +105,21 @@ class RolesGrantsAndPermissionsGenerator {
Called from the AFTER UPDATE TRIGGER to re-wire the grants.
*/
create or replace procedure updateRbacRulesFor${simpleEntityName}(
OLD ${rawTableName},
NEW ${rawTableName}
create or replace procedure ${rawTableQualifiedName}_update_rbac_system(
OLD ${rawTableQualifiedName},
NEW ${rawTableQualifiedName}
)
language plpgsql as $$
begin
if ${updateConditions} then
delete from rbac.grants g where g.grantedbytriggerof = OLD.uuid;
call buildRbacSystemFor${simpleEntityName}(NEW);
call ${rawTableQualifiedName}_build_rbac_system(NEW);
end if;
end; $$;
""",
with("simpleEntityName", simpleEntityName),
with("rawTableName", rawTableName),
with("rawTableQualifiedName", qualifiedRawTableName),
with("updateConditions", updateConditions));
}
@ -130,16 +129,15 @@ class RolesGrantsAndPermissionsGenerator {
Called from the AFTER UPDATE TRIGGER to re-wire the grants.
*/
create or replace procedure updateRbacRulesFor${simpleEntityName}(
OLD ${rawTableName},
NEW ${rawTableName}
create or replace procedure ${rawTableQualifiedName}_update_rbac_system(
OLD ${rawTableQualifiedName},
NEW ${rawTableQualifiedName}
)
language plpgsql as $$
declare
"""
.replace("${simpleEntityName}", simpleEntityName)
.replace("${rawTableName}", rawTableName));
""",
with("rawTableQualifiedName", qualifiedRawTableName));
plPgSql.chopEmptyLines();
plPgSql.indented(() -> {
@ -514,25 +512,25 @@ class RolesGrantsAndPermissionsGenerator {
plPgSql.writeLn("""
/*
AFTER INSERT TRIGGER to create the role+grant structure for a new ${rawTableName} row.
AFTER INSERT TRIGGER to create the role+grant structure for a new ${rawTableQualifiedName} row.
*/
create or replace function insertTriggerFor${simpleEntityName}_tf()
create or replace function ${rawTableQualifiedName}_build_rbac_system_after_insert_tf()
returns trigger
language plpgsql
strict as $$
begin
call buildRbacSystemFor${simpleEntityName}(NEW);
call ${rawTableQualifiedName}_build_rbac_system(NEW);
return NEW;
end; $$;
create trigger insertTriggerFor${simpleEntityName}_tg
after insert on ${rawTableName}
create trigger build_rbac_system_after_insert_tg
after insert on ${rawTableQualifiedName}
for each row
execute procedure insertTriggerFor${simpleEntityName}_tf();
execute procedure ${rawTableQualifiedName}_build_rbac_system_after_insert_tf();
"""
.replace("${simpleEntityName}", simpleEntityName)
.replace("${rawTableName}", rawTableName)
.replace("${schemaPrefix}", schemaPrefix(qualifiedRawTableName))
.replace("${rawTableQualifiedName}", qualifiedRawTableName)
);
generateFooter(plPgSql);
@ -549,30 +547,35 @@ class RolesGrantsAndPermissionsGenerator {
plPgSql.writeLn("""
/*
AFTER INSERT TRIGGER to re-wire the grant structure for a new ${rawTableName} row.
AFTER UPDATE TRIGGER to re-wire the grant structure for a new ${rawTableQualifiedName} row.
*/
create or replace function updateTriggerFor${simpleEntityName}_tf()
create or replace function ${rawTableQualifiedName}_update_rbac_system_after_update_tf()
returns trigger
language plpgsql
strict as $$
begin
call updateRbacRulesFor${simpleEntityName}(OLD, NEW);
call ${rawTableQualifiedName}_update_rbac_system(OLD, NEW);
return NEW;
end; $$;
create trigger updateTriggerFor${simpleEntityName}_tg
after update on ${rawTableName}
create trigger update_rbac_system_after_update_tg
after update on ${rawTableQualifiedName}
for each row
execute procedure updateTriggerFor${simpleEntityName}_tf();
execute procedure ${rawTableQualifiedName}_update_rbac_system_after_update_tf();
"""
.replace("${simpleEntityName}", simpleEntityName)
.replace("${rawTableName}", rawTableName)
.replace("${rawTableQualifiedName}", qualifiedRawTableName)
);
generateFooter(plPgSql);
}
private String schemaPrefix(final String qualifiedIdentifier) {
return qualifiedIdentifier.contains(".")
? qualifiedIdentifier.split("\\.")[0] + "."
: "";
}
private static void generateFooter(final StringWriter plPgSql) {
plPgSql.writeLn("--//");
plPgSql.writeLn();

2
src/main/resources/db/changelog/1-rbac/1050-rbac-base.sql
View File

@ -384,7 +384,7 @@ create index on rbac.permission (objectUuid, op);
create index on rbac.permission (opTableName, op);
ALTER TABLE rbac.permission
ADD CONSTRAINT RbacPermission_uc UNIQUE NULLS NOT DISTINCT (objectUuid, op, opTableName);
ADD CONSTRAINT unique_including_null_values UNIQUE NULLS NOT DISTINCT (objectUuid, op, opTableName);
call base.create_journal('rbac.permission');

12
src/main/resources/db/changelog/2-rbactest/201-rbactest-customer/2013-rbactest-customer-rbac.sql
View File

@ -24,7 +24,7 @@ call rbac.generateRbacRoleDescriptors('testCustomer', 'rbactest.customer');
Creates the roles, grants and permission for the AFTER INSERT TRIGGER.
*/
create or replace procedure buildRbacSystemForTestCustomer(
create or replace procedure rbactest.customer_build_rbac_system(
NEW rbactest.customer
)
language plpgsql as $$
@ -60,19 +60,19 @@ end; $$;
AFTER INSERT TRIGGER to create the role+grant structure for a new rbactest.customer row.
*/
create or replace function insertTriggerForTestCustomer_tf()
create or replace function rbactest.customer_build_rbac_system_after_insert_tf()
returns trigger
language plpgsql
strict as $$
begin
call buildRbacSystemForTestCustomer(NEW);
call rbactest.customer_build_rbac_system(NEW);
return NEW;
end; $$;
create trigger insertTriggerForTestCustomer_tg
create trigger build_rbac_system_after_insert_tg
after insert on rbactest.customer
for each row
execute procedure insertTriggerForTestCustomer_tf();
execute procedure rbactest.customer_build_rbac_system_after_insert_tf();
--//
@ -137,7 +137,7 @@ create or replace function rbactest.customer_insert_permission_check_tf()
declare
superObjectUuid uuid;
begin
-- check INSERT INSERT if rbac.global ADMIN
-- check INSERT permission if rbac.global ADMIN
if rbac.isGlobalAdmin() then
return NEW;
end if;

22
src/main/resources/db/changelog/2-rbactest/202-rbactest-package/2023-rbactest-package-rbac.sql
View File

@ -24,7 +24,7 @@ call rbac.generateRbacRoleDescriptors('testPackage', 'rbactest.package');
Creates the roles, grants and permission for the AFTER INSERT TRIGGER.
*/
create or replace procedure buildRbacSystemForTestPackage(
create or replace procedure rbactest.package_build_rbac_system(
NEW rbactest.package
)
language plpgsql as $$
@ -64,19 +64,19 @@ end; $$;
AFTER INSERT TRIGGER to create the role+grant structure for a new rbactest.package row.
*/
create or replace function insertTriggerForTestPackage_tf()
create or replace function rbactest.package_build_rbac_system_after_insert_tf()
returns trigger
language plpgsql
strict as $$
begin
call buildRbacSystemForTestPackage(NEW);
call rbactest.package_build_rbac_system(NEW);
return NEW;
end; $$;
create trigger insertTriggerForTestPackage_tg
create trigger build_rbac_system_after_insert_tg
after insert on rbactest.package
for each row
execute procedure insertTriggerForTestPackage_tf();
execute procedure rbactest.package_build_rbac_system_after_insert_tf();
--//
@ -88,7 +88,7 @@ execute procedure insertTriggerForTestPackage_tf();
Called from the AFTER UPDATE TRIGGER to re-wire the grants.
*/
create or replace procedure updateRbacRulesForTestPackage(
create or replace procedure rbactest.package_update_rbac_system(
OLD rbactest.package,
NEW rbactest.package
)
@ -122,22 +122,22 @@ begin
end; $$;
/*
AFTER INSERT TRIGGER to re-wire the grant structure for a new rbactest.package row.
AFTER UPDATE TRIGGER to re-wire the grant structure for a new rbactest.package row.
*/
create or replace function updateTriggerForTestPackage_tf()
create or replace function rbactest.package_update_rbac_system_after_update_tf()
returns trigger
language plpgsql
strict as $$
begin
call updateRbacRulesForTestPackage(OLD, NEW);
call rbactest.package_update_rbac_system(OLD, NEW);
return NEW;
end; $$;
create trigger updateTriggerForTestPackage_tg
create trigger update_rbac_system_after_update_tg
after update on rbactest.package
for each row
execute procedure updateTriggerForTestPackage_tf();
execute procedure rbactest.package_update_rbac_system_after_update_tf();
--//

22
src/main/resources/db/changelog/2-rbactest/203-rbactest-domain/2033-rbactest-domain-rbac.sql
View File

@ -24,7 +24,7 @@ call rbac.generateRbacRoleDescriptors('testDomain', 'rbactest.domain');
Creates the roles, grants and permission for the AFTER INSERT TRIGGER.
*/
create or replace procedure buildRbacSystemForTestDomain(
create or replace procedure rbactest.domain_build_rbac_system(
NEW rbactest.domain
)
language plpgsql as $$
@ -60,19 +60,19 @@ end; $$;
AFTER INSERT TRIGGER to create the role+grant structure for a new rbactest.domain row.
*/
create or replace function insertTriggerForTestDomain_tf()
create or replace function rbactest.domain_build_rbac_system_after_insert_tf()
returns trigger
language plpgsql
strict as $$
begin
call buildRbacSystemForTestDomain(NEW);
call rbactest.domain_build_rbac_system(NEW);
return NEW;
end; $$;
create trigger insertTriggerForTestDomain_tg
create trigger build_rbac_system_after_insert_tg
after insert on rbactest.domain
for each row
execute procedure insertTriggerForTestDomain_tf();
execute procedure rbactest.domain_build_rbac_system_after_insert_tf();
--//
@ -84,7 +84,7 @@ execute procedure insertTriggerForTestDomain_tf();
Called from the AFTER UPDATE TRIGGER to re-wire the grants.
*/
create or replace procedure updateRbacRulesForTestDomain(
create or replace procedure rbactest.domain_update_rbac_system(
OLD rbactest.domain,
NEW rbactest.domain
)
@ -121,22 +121,22 @@ begin
end; $$;
/*
AFTER INSERT TRIGGER to re-wire the grant structure for a new rbactest.domain row.
AFTER UPDATE TRIGGER to re-wire the grant structure for a new rbactest.domain row.
*/
create or replace function updateTriggerForTestDomain_tf()
create or replace function rbactest.domain_update_rbac_system_after_update_tf()
returns trigger
language plpgsql
strict as $$
begin
call updateRbacRulesForTestDomain(OLD, NEW);
call rbactest.domain_update_rbac_system(OLD, NEW);
return NEW;
end; $$;
create trigger updateTriggerForTestDomain_tg
create trigger update_rbac_system_after_update_tg
after update on rbactest.domain
for each row
execute procedure updateTriggerForTestDomain_tf();
execute procedure rbactest.domain_update_rbac_system_after_update_tf();
--//

8
src/main/resources/db/changelog/5-hs-office/500-hs-office-schema.sql Normal file
View File

@ -0,0 +1,8 @@
--liquibase formatted sql
-- ============================================================================
--changeset michael.hoennig:hs-office-SCHEMA endDelimiter:--//
-- ----------------------------------------------------------------------------
CREATE SCHEMA hs_office;
--//

4
src/main/resources/db/changelog/5-hs-office/501-contact/5010-hs-office-contact.sql
View File

@ -4,7 +4,7 @@
--changeset michael.hoennig:hs-office-contact-MAIN-TABLE endDelimiter:--//
-- ----------------------------------------------------------------------------
create table if not exists hs_office_contact
create table if not exists hs_office.contact
(
uuid uuid unique references rbac.object (uuid) initially deferred,
version int not null default 0,
@ -20,5 +20,5 @@ create table if not exists hs_office_contact
--changeset michael.hoennig:hs-office-contact-MAIN-TABLE-JOURNAL endDelimiter:--//
-- ----------------------------------------------------------------------------
call base.create_journal('hs_office_contact');
call base.create_journal('hs_office.contact');
--//

36
src/main/resources/db/changelog/5-hs-office/501-contact/5013-hs-office-contact-rbac.sql
View File

@ -3,29 +3,29 @@
-- ============================================================================
--changeset michael.hoennig:hs-office-contact-rbac-OBJECT endDelimiter:--//
--changeset RbacObjectGenerator:hs-office-contact-rbac-OBJECT endDelimiter:--//
-- ----------------------------------------------------------------------------
call rbac.generateRelatedRbacObject('hs_office_contact');
call rbac.generateRelatedRbacObject('hs_office.contact');
--//
-- ============================================================================
--changeset michael.hoennig:hs-office-contact-rbac-ROLE-DESCRIPTORS endDelimiter:--//
--changeset RbacRoleDescriptorsGenerator:hs-office-contact-rbac-ROLE-DESCRIPTORS endDelimiter:--//
-- ----------------------------------------------------------------------------
call rbac.generateRbacRoleDescriptors('hsOfficeContact', 'hs_office_contact');
call rbac.generateRbacRoleDescriptors('hsOfficeContact', 'hs_office.contact');
--//
-- ============================================================================
--changeset michael.hoennig:hs-office-contact-rbac-insert-trigger endDelimiter:--//
--changeset RolesGrantsAndPermissionsGenerator:hs-office-contact-rbac-insert-trigger endDelimiter:--//
-- ----------------------------------------------------------------------------
/*
Creates the roles, grants and permission for the AFTER INSERT TRIGGER.
*/
create or replace procedure buildRbacSystemForHsOfficeContact(
NEW hs_office_contact
create or replace procedure hs_office.contact_build_rbac_system(
NEW hs_office.contact
)
language plpgsql as $$
@ -37,7 +37,7 @@ begin
perform rbac.defineRoleWithGrants(
hsOfficeContactOWNER(NEW),
permissions => array['DELETE'],
incomingSuperRoles => array[rbac.globalAdmin()],
incomingSuperRoles => array[rbac.globalADMIN()],
subjectUuids => array[rbac.currentSubjectUuid()]
);
@ -57,30 +57,30 @@ begin
end; $$;
/*
AFTER INSERT TRIGGER to create the role+grant structure for a new hs_office_contact row.
AFTER INSERT TRIGGER to create the role+grant structure for a new hs_office.contact row.
*/
create or replace function insertTriggerForHsOfficeContact_tf()
create or replace function hs_office.contact_build_rbac_system_after_insert_tf()
returns trigger
language plpgsql
strict as $$
begin
call buildRbacSystemForHsOfficeContact(NEW);
call hs_office.contact_build_rbac_system(NEW);
return NEW;
end; $$;
create trigger insertTriggerForHsOfficeContact_tg
after insert on hs_office_contact
create trigger build_rbac_system_after_insert_tg
after insert on hs_office.contact
for each row
execute procedure insertTriggerForHsOfficeContact_tf();
execute procedure hs_office.contact_build_rbac_system_after_insert_tf();
--//
-- ============================================================================
--changeset michael.hoennig:hs-office-contact-rbac-IDENTITY-VIEW endDelimiter:--//
--changeset RbacIdentityViewGenerator:hs-office-contact-rbac-IDENTITY-VIEW endDelimiter:--//
-- ----------------------------------------------------------------------------
call rbac.generateRbacIdentityViewFromProjection('hs_office_contact',
call rbac.generateRbacIdentityViewFromProjection('hs_office.contact',
$idName$
caption
$idName$);
@ -88,9 +88,9 @@ call rbac.generateRbacIdentityViewFromProjection('hs_office_contact',
-- ============================================================================
--changeset michael.hoennig:hs-office-contact-rbac-RESTRICTED-VIEW endDelimiter:--//
--changeset RbacRestrictedViewGenerator:hs-office-contact-rbac-RESTRICTED-VIEW endDelimiter:--//
-- ----------------------------------------------------------------------------
call rbac.generateRbacRestrictedView('hs_office_contact',
call rbac.generateRbacRestrictedView('hs_office.contact',
$orderBy$
caption
$orderBy$,

26
src/main/resources/db/changelog/5-hs-office/501-contact/5016-hs-office-contact-migration.sql
View File

@ -7,9 +7,9 @@
--changeset michael.hoennig:hs-office-contact-MIGRATION-mapping endDelimiter:--//
-- ----------------------------------------------------------------------------
CREATE TABLE hs_office_contact_legacy_id
CREATE TABLE hs_office.contact_legacy_id
(
uuid uuid NOT NULL REFERENCES hs_office_contact(uuid),
uuid uuid NOT NULL REFERENCES hs_office.contact(uuid),
contact_id integer NOT NULL
);
--//
@ -19,10 +19,10 @@ CREATE TABLE hs_office_contact_legacy_id
--changeset michael.hoennig:hs-office-contact-MIGRATION-sequence endDelimiter:--//
-- ----------------------------------------------------------------------------
CREATE SEQUENCE IF NOT EXISTS hs_office_contact_legacy_id_seq
CREATE SEQUENCE IF NOT EXISTS hs_office.contact_legacy_id_seq
AS integer
START 1000000000
OWNED BY hs_office_contact_legacy_id.contact_id;
OWNED BY hs_office.contact_legacy_id.contact_id;
--//
@ -30,9 +30,9 @@ CREATE SEQUENCE IF NOT EXISTS hs_office_contact_legacy_id_seq
--changeset michael.hoennig:hs-office-contact-MIGRATION-default endDelimiter:--//
-- ----------------------------------------------------------------------------
ALTER TABLE hs_office_contact_legacy_id
ALTER TABLE hs_office.contact_legacy_id
ALTER COLUMN contact_id
SET DEFAULT nextVal('hs_office_contact_legacy_id_seq');
SET DEFAULT nextVal('hs_office.contact_legacy_id_seq');
--/
@ -41,8 +41,8 @@ ALTER TABLE hs_office_contact_legacy_id
-- ----------------------------------------------------------------------------
CALL base.defineContext('schema-migration');
INSERT INTO hs_office_contact_legacy_id(uuid, contact_id)
SELECT uuid, nextVal('hs_office_contact_legacy_id_seq') FROM hs_office_contact;
INSERT INTO hs_office.contact_legacy_id(uuid, contact_id)
SELECT uuid, nextVal('hs_office.contact_legacy_id_seq') FROM hs_office.contact;
--/
@ -58,14 +58,14 @@ begin
raise exception 'invalid usage of trigger';
end if;
INSERT INTO hs_office_contact_legacy_id VALUES
(NEW.uuid, nextVal('hs_office_contact_legacy_id_seq'));
INSERT INTO hs_office.contact_legacy_id VALUES
(NEW.uuid, nextVal('hs_office.contact_legacy_id_seq'));
return NEW;
end; $$;
create trigger createContactLegacyIdMapping
after insert on hs_office_contact
after insert on hs_office.contact
for each row
execute procedure insertContactLegacyIdMapping();
--/
@ -83,14 +83,14 @@ begin
raise exception 'invalid usage of trigger';
end if;
DELETE FROM hs_office_contact_legacy_id
DELETE FROM hs_office.contact_legacy_id
WHERE uuid = OLD.uuid;
return OLD;
end; $$;
create trigger removeContactLegacyIdMapping
before delete on hs_office_contact
before delete on hs_office.contact
for each row
execute procedure deleteContactLegacyIdMapping();
--/

2
src/main/resources/db/changelog/5-hs-office/501-contact/5018-hs-office-contact-test-data.sql
View File

@ -23,7 +23,7 @@ begin
raise notice 'creating test contact: %', contCaption;
insert
into hs_office_contact (caption, postaladdress, emailaddresses, phonenumbers)
into hs_office.contact (caption, postaladdress, emailaddresses, phonenumbers)
values (
contCaption,
postalAddr,

4
src/main/resources/db/changelog/5-hs-office/502-person/5020-hs-office-person.sql
View File

@ -14,7 +14,7 @@ CREATE TYPE HsOfficePersonType AS ENUM (
CREATE CAST (character varying as HsOfficePersonType) WITH INOUT AS IMPLICIT;
create table if not exists hs_office_person
create table if not exists hs_office.person
(
uuid uuid unique references rbac.object (uuid) initially deferred,
version int not null default 0,
@ -31,5 +31,5 @@ create table if not exists hs_office_person
--changeset michael.hoennig:hs-office-person-MAIN-TABLE-JOURNAL endDelimiter:--//
-- ----------------------------------------------------------------------------
call base.create_journal('hs_office_person');
call base.create_journal('hs_office.person');
--//

24
src/main/resources/db/changelog/5-hs-office/502-person/5023-hs-office-person-rbac.sql
View File

@ -5,14 +5,14 @@
-- ============================================================================
--changeset RbacObjectGenerator:hs-office-person-rbac-OBJECT endDelimiter:--//
-- ----------------------------------------------------------------------------
call rbac.generateRelatedRbacObject('hs_office_person');
call rbac.generateRelatedRbacObject('hs_office.person');
--//
-- ============================================================================
--changeset RbacRoleDescriptorsGenerator:hs-office-person-rbac-ROLE-DESCRIPTORS endDelimiter:--//
-- ----------------------------------------------------------------------------
call rbac.generateRbacRoleDescriptors('hsOfficePerson', 'hs_office_person');
call rbac.generateRbacRoleDescriptors('hsOfficePerson', 'hs_office.person');
--//
@ -24,8 +24,8 @@ call rbac.generateRbacRoleDescriptors('hsOfficePerson', 'hs_office_person');
Creates the roles, grants and permission for the AFTER INSERT TRIGGER.
*/
create or replace procedure buildRbacSystemForHsOfficePerson(
NEW hs_office_person
create or replace procedure hs_office.person_build_rbac_system(
NEW hs_office.person
)
language plpgsql as $$
@ -57,22 +57,22 @@ begin
end; $$;
/*
AFTER INSERT TRIGGER to create the role+grant structure for a new hs_office_person row.
AFTER INSERT TRIGGER to create the role+grant structure for a new hs_office.person row.
*/
create or replace function insertTriggerForHsOfficePerson_tf()
create or replace function hs_office.person_build_rbac_system_after_insert_tf()
returns trigger
language plpgsql
strict as $$
begin
call buildRbacSystemForHsOfficePerson(NEW);
call hs_office.person_build_rbac_system(NEW);
return NEW;
end; $$;
create trigger insertTriggerForHsOfficePerson_tg
after insert on hs_office_person
create trigger build_rbac_system_after_insert_tg
after insert on hs_office.person
for each row
execute procedure insertTriggerForHsOfficePerson_tf();
execute procedure hs_office.person_build_rbac_system_after_insert_tf();
--//
@ -80,7 +80,7 @@ execute procedure insertTriggerForHsOfficePerson_tf();
--changeset RbacIdentityViewGenerator:hs-office-person-rbac-IDENTITY-VIEW endDelimiter:--//
-- ----------------------------------------------------------------------------
call rbac.generateRbacIdentityViewFromProjection('hs_office_person',
call rbac.generateRbacIdentityViewFromProjection('hs_office.person',
$idName$
concat(tradeName, familyName, givenName)
$idName$);
@ -90,7 +90,7 @@ call rbac.generateRbacIdentityViewFromProjection('hs_office_person',
-- ============================================================================
--changeset RbacRestrictedViewGenerator:hs-office-person-rbac-RESTRICTED-VIEW endDelimiter:--//
-- ----------------------------------------------------------------------------
call rbac.generateRbacRestrictedView('hs_office_person',
call rbac.generateRbacRestrictedView('hs_office.person',
$orderBy$
concat(tradeName, familyName, givenName)
$orderBy$,

2
src/main/resources/db/changelog/5-hs-office/502-person/5028-hs-office-person-test-data.sql
View File

@ -27,7 +27,7 @@ begin
raise notice 'creating test person: % by %', fullName, emailAddr;
insert
into hs_office_person (persontype, tradename, givenname, familyname)
into hs_office.person (persontype, tradename, givenname, familyname)
values (newPersonType, newTradeName, newGivenName, newFamilyName);
end; $$;
--//

10
src/main/resources/db/changelog/5-hs-office/503-relation/5030-hs-office-relation.sql
View File

@ -16,13 +16,13 @@ CREATE TYPE HsOfficeRelationType AS ENUM (
CREATE CAST (character varying as HsOfficeRelationType) WITH INOUT AS IMPLICIT;
create table if not exists hs_office_relation
create table if not exists hs_office.relation
(
uuid uuid unique references rbac.object (uuid) initially deferred, -- on delete cascade
version int not null default 0,
anchorUuid uuid not null references hs_office_person(uuid),
holderUuid uuid not null references hs_office_person(uuid),
contactUuid uuid references hs_office_contact(uuid),
anchorUuid uuid not null references hs_office.person(uuid),
holderUuid uuid not null references hs_office.person(uuid),
contactUuid uuid references hs_office.contact(uuid),
type HsOfficeRelationType not null,
mark varchar(24)
);
@ -33,5 +33,5 @@ create table if not exists hs_office_relation
--changeset michael.hoennig:hs-office-relation-MAIN-TABLE-JOURNAL endDelimiter:--//
-- ----------------------------------------------------------------------------
call base.create_journal('hs_office_relation');
call base.create_journal('hs_office.relation');
--//

120
src/main/resources/db/changelog/5-hs-office/503-relation/5033-hs-office-relation-rbac.sql
View File

@ -3,54 +3,54 @@
-- ============================================================================
--changeset michael.hoennig:hs-office-relation-rbac-OBJECT endDelimiter:--//
--changeset RbacObjectGenerator:hs-office-relation-rbac-OBJECT endDelimiter:--//
-- ----------------------------------------------------------------------------
call rbac.generateRelatedRbacObject('hs_office_relation');
call rbac.generateRelatedRbacObject('hs_office.relation');
--//
-- ============================================================================
--changeset michael.hoennig:hs-office-relation-rbac-ROLE-DESCRIPTORS endDelimiter:--//
--changeset RbacRoleDescriptorsGenerator:hs-office-relation-rbac-ROLE-DESCRIPTORS endDelimiter:--//
-- ----------------------------------------------------------------------------
call rbac.generateRbacRoleDescriptors('hsOfficeRelation', 'hs_office_relation');
call rbac.generateRbacRoleDescriptors('hsOfficeRelation', 'hs_office.relation');
--//
-- ============================================================================
--changeset michael.hoennig:hs-office-relation-rbac-insert-trigger endDelimiter:--//
--changeset RolesGrantsAndPermissionsGenerator:hs-office-relation-rbac-insert-trigger endDelimiter:--//
-- ----------------------------------------------------------------------------
/*
Creates the roles, grants and permission for the AFTER INSERT TRIGGER.
*/
create or replace procedure buildRbacSystemForHsOfficeRelation(
NEW hs_office_relation
create or replace procedure hs_office.relation_build_rbac_system(
NEW hs_office.relation
)
language plpgsql as $$
declare
newHolderPerson hs_office_person;
newAnchorPerson hs_office_person;
newContact hs_office_contact;
newHolderPerson hs_office.person;
newAnchorPerson hs_office.person;
newContact hs_office.contact;
begin
call rbac.enterTriggerForObjectUuid(NEW.uuid);
SELECT * FROM hs_office_person WHERE uuid = NEW.holderUuid INTO newHolderPerson;
SELECT * FROM hs_office.person WHERE uuid = NEW.holderUuid INTO newHolderPerson;
assert newHolderPerson.uuid is not null, format('newHolderPerson must not be null for NEW.holderUuid = %s', NEW.holderUuid);
SELECT * FROM hs_office_person WHERE uuid = NEW.anchorUuid INTO newAnchorPerson;
SELECT * FROM hs_office.person WHERE uuid = NEW.anchorUuid INTO newAnchorPerson;
assert newAnchorPerson.uuid is not null, format('newAnchorPerson must not be null for NEW.anchorUuid = %s', NEW.anchorUuid);
SELECT * FROM hs_office_contact WHERE uuid = NEW.contactUuid INTO newContact;
SELECT * FROM hs_office.contact WHERE uuid = NEW.contactUuid INTO newContact;
assert newContact.uuid is not null, format('newContact must not be null for NEW.contactUuid = %s', NEW.contactUuid);
perform rbac.defineRoleWithGrants(
hsOfficeRelationOWNER(NEW),
permissions => array['DELETE'],
incomingSuperRoles => array[rbac.globalAdmin()],
incomingSuperRoles => array[rbac.globalADMIN()],
subjectUuids => array[rbac.currentSubjectUuid()]
);
@ -90,162 +90,162 @@ begin
end; $$;
/*
AFTER INSERT TRIGGER to create the role+grant structure for a new hs_office_relation row.
AFTER INSERT TRIGGER to create the role+grant structure for a new hs_office.relation row.
*/
create or replace function insertTriggerForHsOfficeRelation_tf()
create or replace function hs_office.relation_build_rbac_system_after_insert_tf()
returns trigger
language plpgsql
strict as $$
begin
call buildRbacSystemForHsOfficeRelation(NEW);
call hs_office.relation_build_rbac_system(NEW);
return NEW;
end; $$;
create trigger insertTriggerForHsOfficeRelation_tg
after insert on hs_office_relation
create trigger build_rbac_system_after_insert_tg
after insert on hs_office.relation
for each row
execute procedure insertTriggerForHsOfficeRelation_tf();
execute procedure hs_office.relation_build_rbac_system_after_insert_tf();
--//
-- ============================================================================
--changeset michael.hoennig:hs-office-relation-rbac-update-trigger endDelimiter:--//
--changeset RolesGrantsAndPermissionsGenerator:hs-office-relation-rbac-update-trigger endDelimiter:--//
-- ----------------------------------------------------------------------------
/*
Called from the AFTER UPDATE TRIGGER to re-wire the grants.
*/
create or replace procedure updateRbacRulesForHsOfficeRelation(
OLD hs_office_relation,
NEW hs_office_relation
create or replace procedure hs_office.relation_update_rbac_system(
OLD hs_office.relation,
NEW hs_office.relation
)
language plpgsql as $$
begin
if NEW.contactUuid is distinct from OLD.contactUuid then
delete from rbac.grants g where g.grantedbytriggerof = OLD.uuid;
call buildRbacSystemForHsOfficeRelation(NEW);
call hs_office.relation_build_rbac_system(NEW);
end if;
end; $$;
/*
AFTER INSERT TRIGGER to re-wire the grant structure for a new hs_office_relation row.
AFTER UPDATE TRIGGER to re-wire the grant structure for a new hs_office.relation row.
*/
create or replace function updateTriggerForHsOfficeRelation_tf()
create or replace function hs_office.relation_update_rbac_system_after_update_tf()
returns trigger
language plpgsql
strict as $$
begin
call updateRbacRulesForHsOfficeRelation(OLD, NEW);
call hs_office.relation_update_rbac_system(OLD, NEW);
return NEW;
end; $$;
create trigger updateTriggerForHsOfficeRelation_tg
after update on hs_office_relation
create trigger update_rbac_system_after_update_tg
after update on hs_office.relation
for each row
execute procedure updateTriggerForHsOfficeRelation_tf();
execute procedure hs_office.relation_update_rbac_system_after_update_tf();
--//
-- ============================================================================
--changeset michael.hoennig:hs-office-relation-rbac-GRANTING-INSERT-PERMISSION endDelimiter:--//
--changeset InsertTriggerGenerator:hs-office-relation-rbac-GRANTING-INSERT-PERMISSION endDelimiter:--//
-- ----------------------------------------------------------------------------
-- granting INSERT permission to hs_office_person ----------------------------
-- granting INSERT permission to hs_office.person ----------------------------
/*
Grants INSERT INTO hs_office_relation permissions to specified role of pre-existing hs_office_person rows.
Grants INSERT INTO hs_office.relation permissions to specified role of pre-existing hs_office.person rows.
*/
do language plpgsql $$
declare
row hs_office_person;
row hs_office.person;
begin
call base.defineContext('create INSERT INTO hs_office_relation permissions for pre-exising hs_office_person rows');
call base.defineContext('create INSERT INTO hs_office.relation permissions for pre-exising hs_office.person rows');
FOR row IN SELECT * FROM hs_office_person
FOR row IN SELECT * FROM hs_office.person
-- unconditional for all rows in that table
LOOP
call rbac.grantPermissionToRole(
rbac.createPermission(row.uuid, 'INSERT', 'hs_office_relation'),
rbac.createPermission(row.uuid, 'INSERT', 'hs_office.relation'),
hsOfficePersonADMIN(row));
END LOOP;
end;
$$;
/**
Grants hs_office_relation INSERT permission to specified role of new hs_office_person rows.
Grants hs_office.relation INSERT permission to specified role of new person rows.
*/
create or replace function new_hs_office_relation_grants_insert_to_hs_office_person_tf()
create or replace function hs_office.new_relation_grants_insert_to_person_tf()
returns trigger
language plpgsql
strict as $$
begin
-- unconditional for all rows in that table
call rbac.grantPermissionToRole(
rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office_relation'),
rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office.relation'),
hsOfficePersonADMIN(NEW));
-- end.
return NEW;
end; $$;
-- z_... is to put it at the end of after insert triggers, to make sure the roles exist
create trigger z_new_hs_office_relation_grants_insert_to_hs_office_person_tg
after insert on hs_office_person
create trigger z_new_relation_grants_after_insert_tg
after insert on hs_office.person
for each row
execute procedure new_hs_office_relation_grants_insert_to_hs_office_person_tf();
execute procedure hs_office.new_relation_grants_insert_to_person_tf();
-- ============================================================================
--changeset michael.hoennig:hs_office_relation-rbac-CHECKING-INSERT-PERMISSION endDelimiter:--//
--changeset InsertTriggerGenerator:hs-office-relation-rbac-CHECKING-INSERT-PERMISSION endDelimiter:--//
-- ----------------------------------------------------------------------------
/**
Checks if the user respectively the assumed roles are allowed to insert a row to hs_office_relation.
Checks if the user respectively the assumed roles are allowed to insert a row to hs_office.relation.
*/
create or replace function hs_office_relation_insert_permission_check_tf()
create or replace function hs_office.relation_insert_permission_check_tf()
returns trigger
language plpgsql as $$
declare
superObjectUuid uuid;
begin
-- check INSERT permission via direct foreign key: NEW.anchorUuid
if rbac.hasInsertPermission(NEW.anchorUuid, 'hs_office_relation') then
if rbac.hasInsertPermission(NEW.anchorUuid, 'hs_office.relation') then
return NEW;
end if;
raise exception '[403] insert into hs_office_relation not allowed for current subjects % (%)',
base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
raise exception '[403] insert into hs_office.relation values(%) not allowed for current subjects % (%)',
NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
end; $$;
create trigger hs_office_relation_insert_permission_check_tg
before insert on hs_office_relation
create trigger relation_insert_permission_check_tg
before insert on hs_office.relation
for each row
execute procedure hs_office_relation_insert_permission_check_tf();
execute procedure hs_office.relation_insert_permission_check_tf();
--//
-- ============================================================================
--changeset michael.hoennig:hs-office-relation-rbac-IDENTITY-VIEW endDelimiter:--//
--changeset RbacIdentityViewGenerator:hs-office-relation-rbac-IDENTITY-VIEW endDelimiter:--//
-- ----------------------------------------------------------------------------
call rbac.generateRbacIdentityViewFromProjection('hs_office_relation',
call rbac.generateRbacIdentityViewFromProjection('hs_office.relation',
$idName$
(select idName from hs_office_person_iv p where p.uuid = anchorUuid)
(select idName from hs_office.person_iv p where p.uuid = anchorUuid)
|| '-with-' || target.type || '-'
|| (select idName from hs_office_person_iv p where p.uuid = holderUuid)
|| (select idName from hs_office.person_iv p where p.uuid = holderUuid)
$idName$);
--//
-- ============================================================================
--changeset michael.hoennig:hs-office-relation-rbac-RESTRICTED-VIEW endDelimiter:--//
--changeset RbacRestrictedViewGenerator:hs-office-relation-rbac-RESTRICTED-VIEW endDelimiter:--//
-- ----------------------------------------------------------------------------
call rbac.generateRbacRestrictedView('hs_office_relation',
call rbac.generateRbacRestrictedView('hs_office.relation',
$orderBy$
(select idName from hs_office_person_iv p where p.uuid = target.holderUuid)
(select idName from hs_office.person_iv p where p.uuid = target.holderUuid)
$orderBy$,
$updates$
contactUuid = new.contactUuid

22
src/main/resources/db/changelog/5-hs-office/503-relation/5038-hs-office-relation-test-data.sql
View File

@ -17,16 +17,16 @@ create or replace procedure createHsOfficeRelationTestData(
language plpgsql as $$
declare
idName varchar;
anchorPerson hs_office_person;
holderPerson hs_office_person;
contact hs_office_contact;
anchorPerson hs_office.person;
holderPerson hs_office.person;
contact hs_office.contact;
begin
idName := base.cleanIdentifier( anchorPersonName || '-' || holderPersonName);
select p.*
into anchorPerson
from hs_office_person p
from hs_office.person p
where p.tradeName = anchorPersonName or p.familyName = anchorPersonName;
if anchorPerson is null then
raise exception 'anchorPerson "%" not found', anchorPersonName;
@ -34,13 +34,13 @@ begin
select p.*
into holderPerson
from hs_office_person p
from hs_office.person p
where p.tradeName = holderPersonName or p.familyName = holderPersonName;
if holderPerson is null then
raise exception 'holderPerson "%" not found', holderPersonName;
end if;
select c.* into contact from hs_office_contact c where c.caption = contactCaption;
select c.* into contact from hs_office.contact c where c.caption = contactCaption;
if contact is null then
raise exception 'contact "%" not found', contactCaption;
end if;
@ -50,7 +50,7 @@ begin
raise notice '- using holder person (%): %', holderPerson.uuid, holderPerson;
raise notice '- using contact (%): %', contact.uuid, contact;
insert
into hs_office_relation (uuid, anchoruuid, holderuuid, type, mark, contactUuid)
into hs_office.relation (uuid, anchoruuid, holderuuid, type, mark, contactUuid)
values (uuid_generate_v4(), anchorPerson.uuid, holderPerson.uuid, relationType, mark, contact.uuid);
end; $$;
--//
@ -64,13 +64,13 @@ create or replace procedure createHsOfficeRelationTestData(
)
language plpgsql as $$
declare
person hs_office_person;
contact hs_office_contact;
person hs_office.person;
contact hs_office.contact;
begin
for t in startCount..endCount
loop
select p.* from hs_office_person p where tradeName = base.intToVarChar(t, 4) into person;
select c.* from hs_office_contact c where c.caption = base.intToVarChar(t, 4) || '#' || t into contact;
select p.* from hs_office.person p where tradeName = base.intToVarChar(t, 4) into person;
select c.* from hs_office.contact c where c.caption = base.intToVarChar(t, 4) || '#' || t into contact;
call createHsOfficeRelationTestData(person.uuid, contact.uuid, 'REPRESENTATIVE');
commit;

24
src/main/resources/db/changelog/5-hs-office/504-partner/5040-hs-office-partner.sql
View File

@ -5,7 +5,7 @@
--changeset michael.hoennig:hs-office-partner-DETAILS-TABLE endDelimiter:--//
-- ----------------------------------------------------------------------------
create table hs_office_partner_details
create table hs_office.partner_details
(
uuid uuid unique references rbac.object (uuid) initially deferred,
version int not null default 0,
@ -23,20 +23,20 @@ create table hs_office_partner_details
--changeset michael.hoennig:hs-office-partner-DETAILS-TABLE-JOURNAL endDelimiter:--//
-- ----------------------------------------------------------------------------
call base.create_journal('hs_office_partner_details');
call base.create_journal('hs_office.partner_details');
--//
-- ============================================================================
--changeset michael.hoennig:hs-office-partner-MAIN-TABLE endDelimiter:--//
-- ----------------------------------------------------------------------------
create table hs_office_partner
create table hs_office.partner
(
uuid uuid unique references rbac.object (uuid) initially deferred,
version int not null default 0,
partnerNumber numeric(5) unique not null,
partnerRelUuid uuid not null references hs_office_relation(uuid), -- deleted in after delete trigger
detailsUuid uuid not null references hs_office_partner_details(uuid) -- deleted in after delete trigger
partnerRelUuid uuid not null references hs_office.relation(uuid), -- deleted in after delete trigger
detailsUuid uuid not null references hs_office.partner_details(uuid) -- deleted in after delete trigger
);
--//
@ -48,20 +48,20 @@ create table hs_office_partner
/**
Trigger function to delete related details of a partner to delete.
*/
create or replace function deleteHsOfficeDependentsOnPartnerDelete()
create or replace function hs_office.partner_delete_dependents_tf()
returns trigger
language PLPGSQL
as $$
declare
counter integer;
begin
DELETE FROM hs_office_partner_details d WHERE d.uuid = OLD.detailsUuid;
DELETE FROM hs_office.partner_details d WHERE d.uuid = OLD.detailsUuid;
GET DIAGNOSTICS counter = ROW_COUNT;
if counter = 0 then
raise exception 'partner details % could not be deleted', OLD.detailsUuid;
end if;
DELETE FROM hs_office_relation r WHERE r.uuid = OLD.partnerRelUuid;
DELETE FROM hs_office.relation r WHERE r.uuid = OLD.partnerRelUuid;
GET DIAGNOSTICS counter = ROW_COUNT;
if counter = 0 then
raise exception 'partner relation % could not be deleted', OLD.partnerRelUuid;
@ -73,15 +73,15 @@ end; $$;
/**
Triggers deletion of related rows of a partner to delete.
*/
create trigger hs_office_partner_delete_dependents_trigger
create trigger delete_dependents_tg
after delete
on hs_office_partner
on hs_office.partner
for each row
execute procedure deleteHsOfficeDependentsOnPartnerDelete();
execute procedure hs_office.partner_delete_dependents_tf();
-- ============================================================================
--changeset michael.hoennig:hs-office-partner-MAIN-TABLE-JOURNAL endDelimiter:--//
-- ----------------------------------------------------------------------------
call base.create_journal('hs_office_partner');
call base.create_journal('hs_office.partner');
--//

96
src/main/resources/db/changelog/5-hs-office/504-partner/5043-hs-office-partner-rbac.sql
View File

@ -5,14 +5,14 @@
-- ============================================================================
--changeset RbacObjectGenerator:hs-office-partner-rbac-OBJECT endDelimiter:--//
-- ----------------------------------------------------------------------------
call rbac.generateRelatedRbacObject('hs_office_partner');
call rbac.generateRelatedRbacObject('hs_office.partner');
--//
-- ============================================================================
--changeset RbacRoleDescriptorsGenerator:hs-office-partner-rbac-ROLE-DESCRIPTORS endDelimiter:--//
-- ----------------------------------------------------------------------------
call rbac.generateRbacRoleDescriptors('hsOfficePartner', 'hs_office_partner');
call rbac.generateRbacRoleDescriptors('hsOfficePartner', 'hs_office.partner');
--//
@ -24,22 +24,22 @@ call rbac.generateRbacRoleDescriptors('hsOfficePartner', 'hs_office_partner');
Creates the roles, grants and permission for the AFTER INSERT TRIGGER.
*/
create or replace procedure buildRbacSystemForHsOfficePartner(
NEW hs_office_partner
create or replace procedure hs_office.partner_build_rbac_system(
NEW hs_office.partner
)
language plpgsql as $$
declare
newPartnerRel hs_office_relation;
newPartnerDetails hs_office_partner_details;
newPartnerRel hs_office.relation;
newPartnerDetails hs_office.partner_details;
begin
call rbac.enterTriggerForObjectUuid(NEW.uuid);
SELECT * FROM hs_office_relation WHERE uuid = NEW.partnerRelUuid INTO newPartnerRel;
SELECT * FROM hs_office.relation WHERE uuid = NEW.partnerRelUuid INTO newPartnerRel;
assert newPartnerRel.uuid is not null, format('newPartnerRel must not be null for NEW.partnerRelUuid = %s', NEW.partnerRelUuid);
SELECT * FROM hs_office_partner_details WHERE uuid = NEW.detailsUuid INTO newPartnerDetails;
SELECT * FROM hs_office.partner_details WHERE uuid = NEW.detailsUuid INTO newPartnerDetails;
assert newPartnerDetails.uuid is not null, format('newPartnerDetails must not be null for NEW.detailsUuid = %s', NEW.detailsUuid);
call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'DELETE'), hsOfficeRelationOWNER(newPartnerRel));
@ -53,22 +53,22 @@ begin
end; $$;
/*
AFTER INSERT TRIGGER to create the role+grant structure for a new hs_office_partner row.
AFTER INSERT TRIGGER to create the role+grant structure for a new hs_office.partner row.
*/
create or replace function insertTriggerForHsOfficePartner_tf()
create or replace function hs_office.partner_build_rbac_system_after_insert_tf()
returns trigger
language plpgsql
strict as $$
begin
call buildRbacSystemForHsOfficePartner(NEW);
call hs_office.partner_build_rbac_system(NEW);
return NEW;
end; $$;
create trigger insertTriggerForHsOfficePartner_tg
after insert on hs_office_partner
create trigger build_rbac_system_after_insert_tg
after insert on hs_office.partner
for each row
execute procedure insertTriggerForHsOfficePartner_tf();
execute procedure hs_office.partner_build_rbac_system_after_insert_tf();
--//
@ -80,31 +80,31 @@ execute procedure insertTriggerForHsOfficePartner_tf();
Called from the AFTER UPDATE TRIGGER to re-wire the grants.
*/
create or replace procedure updateRbacRulesForHsOfficePartner(
OLD hs_office_partner,
NEW hs_office_partner
create or replace procedure hs_office.partner_update_rbac_system(
OLD hs_office.partner,
NEW hs_office.partner
)
language plpgsql as $$
declare
oldPartnerRel hs_office_relation;
newPartnerRel hs_office_relation;
oldPartnerDetails hs_office_partner_details;
newPartnerDetails hs_office_partner_details;
oldPartnerRel hs_office.relation;
newPartnerRel hs_office.relation;
oldPartnerDetails hs_office.partner_details;
newPartnerDetails hs_office.partner_details;
begin
call rbac.enterTriggerForObjectUuid(NEW.uuid);
SELECT * FROM hs_office_relation WHERE uuid = OLD.partnerRelUuid INTO oldPartnerRel;
SELECT * FROM hs_office.relation WHERE uuid = OLD.partnerRelUuid INTO oldPartnerRel;
assert oldPartnerRel.uuid is not null, format('oldPartnerRel must not be null for OLD.partnerRelUuid = %s', OLD.partnerRelUuid);
SELECT * FROM hs_office_relation WHERE uuid = NEW.partnerRelUuid INTO newPartnerRel;
SELECT * FROM hs_office.relation WHERE uuid = NEW.partnerRelUuid INTO newPartnerRel;
assert newPartnerRel.uuid is not null, format('newPartnerRel must not be null for NEW.partnerRelUuid = %s', NEW.partnerRelUuid);
SELECT * FROM hs_office_partner_details WHERE uuid = OLD.detailsUuid INTO oldPartnerDetails;
SELECT * FROM hs_office.partner_details WHERE uuid = OLD.detailsUuid INTO oldPartnerDetails;
assert oldPartnerDetails.uuid is not null, format('oldPartnerDetails must not be null for OLD.detailsUuid = %s', OLD.detailsUuid);
SELECT * FROM hs_office_partner_details WHERE uuid = NEW.detailsUuid INTO newPartnerDetails;
SELECT * FROM hs_office.partner_details WHERE uuid = NEW.detailsUuid INTO newPartnerDetails;
assert newPartnerDetails.uuid is not null, format('newPartnerDetails must not be null for NEW.detailsUuid = %s', NEW.detailsUuid);
@ -134,22 +134,22 @@ begin
end; $$;
/*
AFTER INSERT TRIGGER to re-wire the grant structure for a new hs_office_partner row.
AFTER UPDATE TRIGGER to re-wire the grant structure for a new hs_office.partner row.
*/
create or replace function updateTriggerForHsOfficePartner_tf()
create or replace function hs_office.partner_update_rbac_system_after_update_tf()
returns trigger
language plpgsql
strict as $$
begin
call updateRbacRulesForHsOfficePartner(OLD, NEW);
call hs_office.partner_update_rbac_system(OLD, NEW);
return NEW;
end; $$;
create trigger updateTriggerForHsOfficePartner_tg
after update on hs_office_partner
create trigger update_rbac_system_after_update_tg
after update on hs_office.partner
for each row
execute procedure updateTriggerForHsOfficePartner_tf();
execute procedure hs_office.partner_update_rbac_system_after_update_tf();
--//
@ -160,45 +160,45 @@ execute procedure updateTriggerForHsOfficePartner_tf();
-- granting INSERT permission to rbac.global ----------------------------
/*
Grants INSERT INTO hs_office_partner permissions to specified role of pre-existing rbac.global rows.
Grants INSERT INTO hs_office.partner permissions to specified role of pre-existing rbac.global rows.
*/
do language plpgsql $$
declare
row rbac.global;
begin
call base.defineContext('create INSERT INTO hs_office_partner permissions for pre-exising rbac.global rows');
call base.defineContext('create INSERT INTO hs_office.partner permissions for pre-exising rbac.global rows');
FOR row IN SELECT * FROM rbac.global
-- unconditional for all rows in that table
LOOP
call rbac.grantPermissionToRole(
rbac.createPermission(row.uuid, 'INSERT', 'hs_office_partner'),
rbac.createPermission(row.uuid, 'INSERT', 'hs_office.partner'),
rbac.globalADMIN());
END LOOP;
end;
$$;
/**
Grants hs_office_partner INSERT permission to specified role of new global rows.
Grants hs_office.partner INSERT permission to specified role of new global rows.
*/
create or replace function new_hsof_partner_grants_insert_to_global_tf()
create or replace function hs_office.new_partner_grants_insert_to_global_tf()
returns trigger
language plpgsql
strict as $$
begin
-- unconditional for all rows in that table
call rbac.grantPermissionToRole(
rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office_partner'),
rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office.partner'),
rbac.globalADMIN());
-- end.
return NEW;
end; $$;
-- z_... is to put it at the end of after insert triggers, to make sure the roles exist
create trigger z_new_hs_office_partner_grants_after_insert_tg
create trigger z_new_partner_grants_after_insert_tg
after insert on rbac.global
for each row
execute procedure new_hsof_partner_grants_insert_to_global_tf();
execute procedure hs_office.new_partner_grants_insert_to_global_tf();
-- ============================================================================
@ -206,27 +206,27 @@ execute procedure new_hsof_partner_grants_insert_to_global_tf();
-- ----------------------------------------------------------------------------
/**
Checks if the user respectively the assumed roles are allowed to insert a row to hs_office_partner.
Checks if the user respectively the assumed roles are allowed to insert a row to hs_office.partner.
*/
create or replace function hs_office_partner_insert_permission_check_tf()
create or replace function hs_office.partner_insert_permission_check_tf()
returns trigger
language plpgsql as $$
declare
superObjectUuid uuid;
begin
-- check INSERT INSERT if rbac.global ADMIN
-- check INSERT permission if rbac.global ADMIN
if rbac.isGlobalAdmin() then
return NEW;
end if;
raise exception '[403] insert into hs_office_partner values(%) not allowed for current subjects % (%)',
raise exception '[403] insert into hs_office.partner values(%) not allowed for current subjects % (%)',
NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
end; $$;
create trigger hs_office_partner_insert_permission_check_tg
before insert on hs_office_partner
create trigger partner_insert_permission_check_tg
before insert on hs_office.partner
for each row
execute procedure hs_office_partner_insert_permission_check_tf();
execute procedure hs_office.partner_insert_permission_check_tf();
--//
@ -234,7 +234,7 @@ create trigger hs_office_partner_insert_permission_check_tg
--changeset RbacIdentityViewGenerator:hs-office-partner-rbac-IDENTITY-VIEW endDelimiter:--//
-- ----------------------------------------------------------------------------
call rbac.generateRbacIdentityViewFromProjection('hs_office_partner',
call rbac.generateRbacIdentityViewFromProjection('hs_office.partner',
$idName$
'P-' || partnerNumber
$idName$);
@ -244,7 +244,7 @@ call rbac.generateRbacIdentityViewFromProjection('hs_office_partner',
-- ============================================================================
--changeset RbacRestrictedViewGenerator:hs-office-partner-rbac-RESTRICTED-VIEW endDelimiter:--//
-- ----------------------------------------------------------------------------
call rbac.generateRbacRestrictedView('hs_office_partner',
call rbac.generateRbacRestrictedView('hs_office.partner',
$orderBy$
'P-' || partnerNumber
$orderBy$,

60
src/main/resources/db/changelog/5-hs-office/504-partner/5044-hs-office-partner-details-rbac.sql
View File

@ -5,14 +5,14 @@
-- ============================================================================
--changeset RbacObjectGenerator:hs-office-partner-details-rbac-OBJECT endDelimiter:--//
-- ----------------------------------------------------------------------------
call rbac.generateRelatedRbacObject('hs_office_partner_details');
call rbac.generateRelatedRbacObject('hs_office.partner_details');
--//
-- ============================================================================
--changeset RbacRoleDescriptorsGenerator:hs-office-partner-details-rbac-ROLE-DESCRIPTORS endDelimiter:--//
-- ----------------------------------------------------------------------------
call rbac.generateRbacRoleDescriptors('hsOfficePartnerDetails', 'hs_office_partner_details');
call rbac.generateRbacRoleDescriptors('hsOfficePartnerDetails', 'hs_office.partner_details');
--//
@ -24,8 +24,8 @@ call rbac.generateRbacRoleDescriptors('hsOfficePartnerDetails', 'hs_office_partn
Creates the roles, grants and permission for the AFTER INSERT TRIGGER.
*/
create or replace procedure buildRbacSystemForHsOfficePartnerDetails(
NEW hs_office_partner_details
create or replace procedure hs_office.partner_details_build_rbac_system(
NEW hs_office.partner_details
)
language plpgsql as $$
@ -38,22 +38,22 @@ begin
end; $$;
/*
AFTER INSERT TRIGGER to create the role+grant structure for a new hs_office_partner_details row.
AFTER INSERT TRIGGER to create the role+grant structure for a new hs_office.partner_details row.
*/
create or replace function insertTriggerForHsOfficePartnerDetails_tf()
create or replace function hs_office.partner_details_build_rbac_system_after_insert_tf()
returns trigger
language plpgsql
strict as $$
begin
call buildRbacSystemForHsOfficePartnerDetails(NEW);
call hs_office.partner_details_build_rbac_system(NEW);
return NEW;
end; $$;
create trigger insertTriggerForHsOfficePartnerDetails_tg
after insert on hs_office_partner_details
create trigger build_rbac_system_after_insert_tg
after insert on hs_office.partner_details
for each row
execute procedure insertTriggerForHsOfficePartnerDetails_tf();
execute procedure hs_office.partner_details_build_rbac_system_after_insert_tf();
--//
@ -64,45 +64,45 @@ execute procedure insertTriggerForHsOfficePartnerDetails_tf();
-- granting INSERT permission to rbac.global ----------------------------
/*
Grants INSERT INTO hs_office_partner_details permissions to specified role of pre-existing rbac.global rows.
Grants INSERT INTO hs_office.partner_details permissions to specified role of pre-existing rbac.global rows.
*/
do language plpgsql $$
declare
row rbac.global;
begin
call base.defineContext('create INSERT INTO hs_office_partner_details permissions for pre-exising rbac.global rows');
call base.defineContext('create INSERT INTO hs_office.partner_details permissions for pre-exising rbac.global rows');
FOR row IN SELECT * FROM rbac.global
-- unconditional for all rows in that table
LOOP
call rbac.grantPermissionToRole(
rbac.createPermission(row.uuid, 'INSERT', 'hs_office_partner_details'),
rbac.createPermission(row.uuid, 'INSERT', 'hs_office.partner_details'),
rbac.globalADMIN());
END LOOP;
end;
$$;
/**
Grants hs_office_partner_details INSERT permission to specified role of new global rows.
Grants hs_office.partner_details INSERT permission to specified role of new global rows.
*/
create or replace function new_hsof_partner_details_grants_insert_to_global_tf()
create or replace function hs_office.new_partner_details_grants_insert_to_global_tf()
returns trigger
language plpgsql
strict as $$
begin
-- unconditional for all rows in that table
call rbac.grantPermissionToRole(
rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office_partner_details'),
rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office.partner_details'),
rbac.globalADMIN());
-- end.
return NEW;
end; $$;
-- z_... is to put it at the end of after insert triggers, to make sure the roles exist
create trigger z_new_hs_office_partner_details_grants_after_insert_tg
create trigger z_new_partner_details_grants_after_insert_tg
after insert on rbac.global
for each row
execute procedure new_hsof_partner_details_grants_insert_to_global_tf();
execute procedure hs_office.new_partner_details_grants_insert_to_global_tf();
-- ============================================================================
@ -110,27 +110,27 @@ execute procedure new_hsof_partner_details_grants_insert_to_global_tf();
-- ----------------------------------------------------------------------------
/**
Checks if the user respectively the assumed roles are allowed to insert a row to hs_office_partner_details.
Checks if the user respectively the assumed roles are allowed to insert a row to hs_office.partner_details.
*/
create or replace function hs_office_partner_details_insert_permission_check_tf()
create or replace function hs_office.partner_details_insert_permission_check_tf()
returns trigger
language plpgsql as $$
declare
superObjectUuid uuid;
begin
-- check INSERT INSERT if rbac.global ADMIN
-- check INSERT permission if rbac.global ADMIN
if rbac.isGlobalAdmin() then
return NEW;
end if;
raise exception '[403] insert into hs_office_partner_details values(%) not allowed for current subjects % (%)',
raise exception '[403] insert into hs_office.partner_details values(%) not allowed for current subjects % (%)',
NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
end; $$;
create trigger hs_office_partner_details_insert_permission_check_tg
before insert on hs_office_partner_details
create trigger partner_details_insert_permission_check_tg
before insert on hs_office.partner_details
for each row
execute procedure hs_office_partner_details_insert_permission_check_tf();
execute procedure hs_office.partner_details_insert_permission_check_tf();
--//
@ -138,12 +138,12 @@ create trigger hs_office_partner_details_insert_permission_check_tg
--changeset RbacIdentityViewGenerator:hs-office-partner-details-rbac-IDENTITY-VIEW endDelimiter:--//
-- ----------------------------------------------------------------------------
call rbac.generateRbacIdentityViewFromQuery('hs_office_partner_details',
call rbac.generateRbacIdentityViewFromQuery('hs_office.partner_details',
$idName$
SELECT partnerDetails.uuid as uuid, partner_iv.idName as idName
FROM hs_office_partner_details AS partnerDetails
JOIN hs_office_partner partner ON partner.detailsUuid = partnerDetails.uuid
JOIN hs_office_partner_iv partner_iv ON partner_iv.uuid = partner.uuid
FROM hs_office.partner_details AS partnerDetails
JOIN hs_office.partner partner ON partner.detailsUuid = partnerDetails.uuid
JOIN hs_office.partner_iv partner_iv ON partner_iv.uuid = partner.uuid
$idName$);
--//
@ -151,7 +151,7 @@ call rbac.generateRbacIdentityViewFromQuery('hs_office_partner_details',
-- ============================================================================
--changeset RbacRestrictedViewGenerator:hs-office-partner-details-rbac-RESTRICTED-VIEW endDelimiter:--//
-- ----------------------------------------------------------------------------
call rbac.generateRbacRestrictedView('hs_office_partner_details',
call rbac.generateRbacRestrictedView('hs_office.partner_details',
$orderBy$
uuid
$orderBy$,

26
src/main/resources/db/changelog/5-hs-office/504-partner/5046-hs-office-partner-migration.sql
View File

@ -7,9 +7,9 @@
--changeset michael.hoennig:hs-office-partner-MIGRATION-mapping endDelimiter:--//
-- ----------------------------------------------------------------------------
CREATE TABLE hs_office_partner_legacy_id
CREATE TABLE hs_office.partner_legacy_id
(
uuid uuid NOT NULL REFERENCES hs_office_partner(uuid),
uuid uuid NOT NULL REFERENCES hs_office.partner(uuid),
bp_id integer NOT NULL
);
--//
@ -19,10 +19,10 @@ CREATE TABLE hs_office_partner_legacy_id
--changeset michael.hoennig:hs-office-partner-MIGRATION-sequence endDelimiter:--//
-- ----------------------------------------------------------------------------
CREATE SEQUENCE IF NOT EXISTS hs_office_partner_legacy_id_seq
CREATE SEQUENCE IF NOT EXISTS hs_office.partner_legacy_id_seq
AS integer
START 1000000000
OWNED BY hs_office_partner_legacy_id.bp_id;
OWNED BY hs_office.partner_legacy_id.bp_id;
--//
@ -30,9 +30,9 @@ CREATE SEQUENCE IF NOT EXISTS hs_office_partner_legacy_id_seq
--changeset michael.hoennig:hs-office-partner-MIGRATION-default endDelimiter:--//
-- ----------------------------------------------------------------------------
ALTER TABLE hs_office_partner_legacy_id
ALTER TABLE hs_office.partner_legacy_id
ALTER COLUMN bp_id
SET DEFAULT nextVal('hs_office_partner_legacy_id_seq');
SET DEFAULT nextVal('hs_office.partner_legacy_id_seq');
--/
-- ============================================================================
@ -40,8 +40,8 @@ ALTER TABLE hs_office_partner_legacy_id
-- ----------------------------------------------------------------------------
CALL base.defineContext('schema-migration');
INSERT INTO hs_office_partner_legacy_id(uuid, bp_id)
SELECT uuid, nextVal('hs_office_partner_legacy_id_seq') FROM hs_office_partner;
INSERT INTO hs_office.partner_legacy_id(uuid, bp_id)
SELECT uuid, nextVal('hs_office.partner_legacy_id_seq') FROM hs_office.partner;
--/
@ -57,14 +57,14 @@ begin
raise exception 'invalid usage of trigger';
end if;
INSERT INTO hs_office_partner_legacy_id VALUES
(NEW.uuid, nextVal('hs_office_partner_legacy_id_seq'));
INSERT INTO hs_office.partner_legacy_id VALUES
(NEW.uuid, nextVal('hs_office.partner_legacy_id_seq'));
return NEW;
end; $$;
create trigger createPartnerLegacyIdMapping
after insert on hs_office_partner
after insert on hs_office.partner
for each row
execute procedure insertPartnerLegacyIdMapping();
--/
@ -82,14 +82,14 @@ begin
raise exception 'invalid usage of trigger';
end if;
DELETE FROM hs_office_partner_legacy_id
DELETE FROM hs_office.partner_legacy_id
WHERE uuid = OLD.uuid;
return OLD;
end; $$;
create trigger removePartnerLegacyIdMapping
before delete on hs_office_partner
before delete on hs_office.partner
for each row
execute procedure deletePartnerLegacyIdMapping();
--/

18
src/main/resources/db/changelog/5-hs-office/504-partner/5048-hs-office-partner-test-data.sql
View File

@ -16,25 +16,25 @@ create or replace procedure createHsOfficePartnerTestData(
language plpgsql as $$
declare
idName varchar;
mandantPerson hs_office_person;
partnerRel hs_office_relation;
relatedPerson hs_office_person;
mandantPerson hs_office.person;
partnerRel hs_office.relation;
relatedPerson hs_office.person;
relatedDetailsUuid uuid;
begin
idName := base.cleanIdentifier( partnerPersonName|| '-' || contactCaption);
select p.* from hs_office_person p
select p.* from hs_office.person p
where p.tradeName = mandantTradeName
into mandantPerson;
if mandantPerson is null then
raise exception 'mandant "%" not found', mandantTradeName;
end if;
select p.* from hs_office_person p
select p.* from hs_office.person p
where p.tradeName = partnerPersonName or p.familyName = partnerPersonName
into relatedPerson;
select r.* from hs_office_relation r
select r.* from hs_office.relation r
where r.type = 'PARTNER'
and r.anchoruuid = mandantPerson.uuid and r.holderuuid = relatedPerson.uuid
into partnerRel;
@ -48,18 +48,18 @@ begin
if relatedPerson.persontype = 'NP' then
insert
into hs_office_partner_details (uuid, birthName, birthday, birthPlace)
into hs_office.partner_details (uuid, birthName, birthday, birthPlace)
values (uuid_generate_v4(), 'Meyer', '1987-10-31', 'Hamburg')
returning uuid into relatedDetailsUuid;
else
insert
into hs_office_partner_details (uuid, registrationOffice, registrationNumber)
into hs_office.partner_details (uuid, registrationOffice, registrationNumber)
values (uuid_generate_v4(), 'Hamburg', 'RegNo123456789')
returning uuid into relatedDetailsUuid;
end if;
insert
into hs_office_partner (uuid, partnerNumber, partnerRelUuid, detailsUuid)
into hs_office.partner (uuid, partnerNumber, partnerRelUuid, detailsUuid)
values (uuid_generate_v4(), newPartnerNumber, partnerRel.uuid, relatedDetailsUuid);
end; $$;
--//

4
src/main/resources/db/changelog/5-hs-office/505-bankaccount/5050-hs-office-bankaccount.sql
View File

@ -3,7 +3,7 @@
--changeset michael.hoennig:hs-office-bankaccount-MAIN-TABLE endDelimiter:--//
-- ----------------------------------------------------------------------------
create table hs_office_bankaccount
create table hs_office.bankaccount
(
uuid uuid unique references rbac.object (uuid) initially deferred,
version int not null default 0,
@ -18,5 +18,5 @@ create table hs_office_bankaccount
--changeset michael.hoennig:hs-office-bankaccount-MAIN-TABLE-JOURNAL endDelimiter:--//
-- ----------------------------------------------------------------------------
call base.create_journal('hs_office_bankaccount');
call base.create_journal('hs_office.bankaccount');
--//

24
src/main/resources/db/changelog/5-hs-office/505-bankaccount/5053-hs-office-bankaccount-rbac.sql
View File

@ -5,14 +5,14 @@
-- ============================================================================
--changeset RbacObjectGenerator:hs-office-bankaccount-rbac-OBJECT endDelimiter:--//
-- ----------------------------------------------------------------------------
call rbac.generateRelatedRbacObject('hs_office_bankaccount');
call rbac.generateRelatedRbacObject('hs_office.bankaccount');
--//
-- ============================================================================
--changeset RbacRoleDescriptorsGenerator:hs-office-bankaccount-rbac-ROLE-DESCRIPTORS endDelimiter:--//
-- ----------------------------------------------------------------------------
call rbac.generateRbacRoleDescriptors('hsOfficeBankAccount', 'hs_office_bankaccount');
call rbac.generateRbacRoleDescriptors('hsOfficeBankAccount', 'hs_office.bankaccount');
--//
@ -24,8 +24,8 @@ call rbac.generateRbacRoleDescriptors('hsOfficeBankAccount', 'hs_office_bankacco
Creates the roles, grants and permission for the AFTER INSERT TRIGGER.
*/
create or replace procedure buildRbacSystemForHsOfficeBankAccount(
NEW hs_office_bankaccount
create or replace procedure hs_office.bankaccount_build_rbac_system(
NEW hs_office.bankaccount
)
language plpgsql as $$
@ -57,22 +57,22 @@ begin
end; $$;
/*
AFTER INSERT TRIGGER to create the role+grant structure for a new hs_office_bankaccount row.
AFTER INSERT TRIGGER to create the role+grant structure for a new hs_office.bankaccount row.
*/
create or replace function insertTriggerForHsOfficeBankAccount_tf()
create or replace function hs_office.bankaccount_build_rbac_system_after_insert_tf()
returns trigger
language plpgsql
strict as $$
begin
call buildRbacSystemForHsOfficeBankAccount(NEW);
call hs_office.bankaccount_build_rbac_system(NEW);
return NEW;
end; $$;
create trigger insertTriggerForHsOfficeBankAccount_tg
after insert on hs_office_bankaccount
create trigger build_rbac_system_after_insert_tg
after insert on hs_office.bankaccount
for each row
execute procedure insertTriggerForHsOfficeBankAccount_tf();
execute procedure hs_office.bankaccount_build_rbac_system_after_insert_tf();
--//
@ -80,7 +80,7 @@ execute procedure insertTriggerForHsOfficeBankAccount_tf();
--changeset RbacIdentityViewGenerator:hs-office-bankaccount-rbac-IDENTITY-VIEW endDelimiter:--//
-- ----------------------------------------------------------------------------
call rbac.generateRbacIdentityViewFromProjection('hs_office_bankaccount',
call rbac.generateRbacIdentityViewFromProjection('hs_office.bankaccount',
$idName$
iban
$idName$);
@ -90,7 +90,7 @@ call rbac.generateRbacIdentityViewFromProjection('hs_office_bankaccount',
-- ============================================================================
--changeset RbacRestrictedViewGenerator:hs-office-bankaccount-rbac-RESTRICTED-VIEW endDelimiter:--//
-- ----------------------------------------------------------------------------
call rbac.generateRbacRestrictedView('hs_office_bankaccount',
call rbac.generateRbacRestrictedView('hs_office.bankaccount',
$orderBy$
iban
$orderBy$,

2
src/main/resources/db/changelog/5-hs-office/505-bankaccount/5058-hs-office-bankaccount-test-data.sql
View File

@ -19,7 +19,7 @@ begin
raise notice 'creating test bankaccount: %', givenHolder;
insert
into hs_office_bankaccount(uuid, holder, iban, bic)
into hs_office.bankaccount(uuid, holder, iban, bic)
values (uuid_generate_v4(), givenHolder, givenIBAN, givenBIC);
end; $$;
--//

20
src/main/resources/db/changelog/5-hs-office/506-debitor/5060-hs-office-debitor.sql
View File

@ -4,18 +4,18 @@
--changeset michael.hoennig:hs-office-debitor-MAIN-TABLE endDelimiter:--//
-- ----------------------------------------------------------------------------
create table hs_office_debitor
create table hs_office.debitor
(
uuid uuid unique references rbac.object (uuid) initially deferred,
version int not null default 0,
debitorNumberSuffix char(2) not null check (debitorNumberSuffix::text ~ '^[0-9][0-9]$'),
debitorRelUuid uuid not null references hs_office_relation(uuid),
debitorRelUuid uuid not null references hs_office.relation(uuid),
billable boolean not null default true,
vatId varchar(24),
vatCountryCode varchar(2),
vatBusiness boolean not null,
vatReverseCharge boolean not null,
refundBankAccountUuid uuid references hs_office_bankaccount(uuid),
refundBankAccountUuid uuid references hs_office.bankaccount(uuid),
defaultPrefix char(3) not null unique
constraint check_default_prefix check (
defaultPrefix::text ~ '^([a-z]{3}|al0|bh1|c4s|f3k|k8i|l3d|mh1|o13|p2m|s80|t4w)$'
@ -29,16 +29,16 @@ create table hs_office_debitor
-- ----------------------------------------------------------------------------
/**
Trigger function to delete related rows of a debitor to delete.
Trigger function to delete related relations of a debitor to delete.
*/
create or replace function deleteHsOfficeDependentsOnDebitorDelete()
create or replace function hs_office.debitor_delete_dependents_tf()
returns trigger
language PLPGSQL
as $$
declare
counter integer;
begin
DELETE FROM hs_office_relation r WHERE r.uuid = OLD.debitorRelUuid;
DELETE FROM hs_office.relation r WHERE r.uuid = OLD.debitorRelUuid;
GET DIAGNOSTICS counter = ROW_COUNT;
if counter = 0 then
raise exception 'debitor relation % could not be deleted', OLD.debitorRelUuid;
@ -50,16 +50,16 @@ end; $$;
/**
Triggers deletion of related details of a debitor to delete.
*/
create trigger hs_office_debitor_delete_dependents_trigger
create trigger debitor_delete_dependents_tg
after delete
on hs_office_debitor
on hs_office.debitor
for each row
execute procedure deleteHsOfficeDependentsOnDebitorDelete();
execute procedure hs_office.debitor_delete_dependents_tf();
-- ============================================================================
--changeset michael.hoennig:hs-office-debitor-MAIN-TABLE-JOURNAL endDelimiter:--//
-- ----------------------------------------------------------------------------
call base.create_journal('hs_office_debitor');
call base.create_journal('hs_office.debitor');
--//

96
src/main/resources/db/changelog/5-hs-office/506-debitor/5063-hs-office-debitor-rbac.sql
View File

@ -5,14 +5,14 @@
-- ============================================================================
--changeset RbacObjectGenerator:hs-office-debitor-rbac-OBJECT endDelimiter:--//
-- ----------------------------------------------------------------------------
call rbac.generateRelatedRbacObject('hs_office_debitor');
call rbac.generateRelatedRbacObject('hs_office.debitor');
--//
-- ============================================================================
--changeset RbacRoleDescriptorsGenerator:hs-office-debitor-rbac-ROLE-DESCRIPTORS endDelimiter:--//
-- ----------------------------------------------------------------------------
call rbac.generateRbacRoleDescriptors('hsOfficeDebitor', 'hs_office_debitor');
call rbac.generateRbacRoleDescriptors('hsOfficeDebitor', 'hs_office.debitor');
--//
@ -24,32 +24,32 @@ call rbac.generateRbacRoleDescriptors('hsOfficeDebitor', 'hs_office_debitor');
Creates the roles, grants and permission for the AFTER INSERT TRIGGER.
*/
create or replace procedure buildRbacSystemForHsOfficeDebitor(
NEW hs_office_debitor
create or replace procedure hs_office.debitor_build_rbac_system(
NEW hs_office.debitor
)
language plpgsql as $$
declare
newPartnerRel hs_office_relation;
newDebitorRel hs_office_relation;
newRefundBankAccount hs_office_bankaccount;
newPartnerRel hs_office.relation;
newDebitorRel hs_office.relation;
newRefundBankAccount hs_office.bankaccount;
begin
call rbac.enterTriggerForObjectUuid(NEW.uuid);
SELECT partnerRel.*
FROM hs_office_relation AS partnerRel
JOIN hs_office_relation AS debitorRel
FROM hs_office.relation AS partnerRel
JOIN hs_office.relation AS debitorRel
ON debitorRel.type = 'DEBITOR' AND debitorRel.anchorUuid = partnerRel.holderUuid
WHERE partnerRel.type = 'PARTNER'
AND NEW.debitorRelUuid = debitorRel.uuid
INTO newPartnerRel;
assert newPartnerRel.uuid is not null, format('newPartnerRel must not be null for NEW.debitorRelUuid = %s', NEW.debitorRelUuid);
SELECT * FROM hs_office_relation WHERE uuid = NEW.debitorRelUuid INTO newDebitorRel;
SELECT * FROM hs_office.relation WHERE uuid = NEW.debitorRelUuid INTO newDebitorRel;
assert newDebitorRel.uuid is not null, format('newDebitorRel must not be null for NEW.debitorRelUuid = %s', NEW.debitorRelUuid);
SELECT * FROM hs_office_bankaccount WHERE uuid = NEW.refundBankAccountUuid INTO newRefundBankAccount;
SELECT * FROM hs_office.bankaccount WHERE uuid = NEW.refundBankAccountUuid INTO newRefundBankAccount;
call rbac.grantRoleToRole(hsOfficeBankAccountREFERRER(newRefundBankAccount), hsOfficeRelationAGENT(newDebitorRel));
call rbac.grantRoleToRole(hsOfficeRelationADMIN(newDebitorRel), hsOfficeRelationADMIN(newPartnerRel));
@ -65,22 +65,22 @@ begin
end; $$;
/*
AFTER INSERT TRIGGER to create the role+grant structure for a new hs_office_debitor row.
AFTER INSERT TRIGGER to create the role+grant structure for a new hs_office.debitor row.
*/
create or replace function insertTriggerForHsOfficeDebitor_tf()
create or replace function hs_office.debitor_build_rbac_system_after_insert_tf()
returns trigger
language plpgsql
strict as $$
begin
call buildRbacSystemForHsOfficeDebitor(NEW);
call hs_office.debitor_build_rbac_system(NEW);
return NEW;
end; $$;
create trigger insertTriggerForHsOfficeDebitor_tg
after insert on hs_office_debitor
create trigger build_rbac_system_after_insert_tg
after insert on hs_office.debitor
for each row
execute procedure insertTriggerForHsOfficeDebitor_tf();
execute procedure hs_office.debitor_build_rbac_system_after_insert_tf();
--//
@ -92,9 +92,9 @@ execute procedure insertTriggerForHsOfficeDebitor_tf();
Called from the AFTER UPDATE TRIGGER to re-wire the grants.
*/
create or replace procedure updateRbacRulesForHsOfficeDebitor(
OLD hs_office_debitor,
NEW hs_office_debitor
create or replace procedure hs_office.debitor_update_rbac_system(
OLD hs_office.debitor,
NEW hs_office.debitor
)
language plpgsql as $$
begin
@ -102,27 +102,27 @@ begin
if NEW.debitorRelUuid is distinct from OLD.debitorRelUuid
or NEW.refundBankAccountUuid is distinct from OLD.refundBankAccountUuid then
delete from rbac.grants g where g.grantedbytriggerof = OLD.uuid;
call buildRbacSystemForHsOfficeDebitor(NEW);
call hs_office.debitor_build_rbac_system(NEW);
end if;
end; $$;
/*
AFTER INSERT TRIGGER to re-wire the grant structure for a new hs_office_debitor row.
AFTER UPDATE TRIGGER to re-wire the grant structure for a new hs_office.debitor row.
*/
create or replace function updateTriggerForHsOfficeDebitor_tf()
create or replace function hs_office.debitor_update_rbac_system_after_update_tf()
returns trigger
language plpgsql
strict as $$
begin
call updateRbacRulesForHsOfficeDebitor(OLD, NEW);
call hs_office.debitor_update_rbac_system(OLD, NEW);
return NEW;
end; $$;
create trigger updateTriggerForHsOfficeDebitor_tg
after update on hs_office_debitor
create trigger update_rbac_system_after_update_tg
after update on hs_office.debitor
for each row
execute procedure updateTriggerForHsOfficeDebitor_tf();
execute procedure hs_office.debitor_update_rbac_system_after_update_tf();
--//
@ -133,45 +133,45 @@ execute procedure updateTriggerForHsOfficeDebitor_tf();
-- granting INSERT permission to rbac.global ----------------------------
/*
Grants INSERT INTO hs_office_debitor permissions to specified role of pre-existing rbac.global rows.
Grants INSERT INTO hs_office.debitor permissions to specified role of pre-existing rbac.global rows.
*/
do language plpgsql $$
declare
row rbac.global;
begin
call base.defineContext('create INSERT INTO hs_office_debitor permissions for pre-exising rbac.global rows');
call base.defineContext('create INSERT INTO hs_office.debitor permissions for pre-exising rbac.global rows');
FOR row IN SELECT * FROM rbac.global
-- unconditional for all rows in that table
LOOP
call rbac.grantPermissionToRole(
rbac.createPermission(row.uuid, 'INSERT', 'hs_office_debitor'),
rbac.createPermission(row.uuid, 'INSERT', 'hs_office.debitor'),
rbac.globalADMIN());
END LOOP;
end;
$$;
/**
Grants hs_office_debitor INSERT permission to specified role of new global rows.
Grants hs_office.debitor INSERT permission to specified role of new global rows.
*/
create or replace function new_hsof_debitor_grants_insert_to_global_tf()
create or replace function hs_office.new_debitor_grants_insert_to_global_tf()
returns trigger
language plpgsql
strict as $$
begin
-- unconditional for all rows in that table
call rbac.grantPermissionToRole(
rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office_debitor'),
rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office.debitor'),
rbac.globalADMIN());
-- end.
return NEW;
end; $$;
-- z_... is to put it at the end of after insert triggers, to make sure the roles exist
create trigger z_new_hs_office_debitor_grants_after_insert_tg
create trigger z_new_debitor_grants_after_insert_tg
after insert on rbac.global
for each row
execute procedure new_hsof_debitor_grants_insert_to_global_tf();
execute procedure hs_office.new_debitor_grants_insert_to_global_tf();
-- ============================================================================
@ -179,27 +179,27 @@ execute procedure new_hsof_debitor_grants_insert_to_global_tf();
-- ----------------------------------------------------------------------------
/**
Checks if the user respectively the assumed roles are allowed to insert a row to hs_office_debitor.
Checks if the user respectively the assumed roles are allowed to insert a row to hs_office.debitor.
*/
create or replace function hs_office_debitor_insert_permission_check_tf()
create or replace function hs_office.debitor_insert_permission_check_tf()
returns trigger
language plpgsql as $$
declare
superObjectUuid uuid;
begin
-- check INSERT INSERT if rbac.global ADMIN
-- check INSERT permission if rbac.global ADMIN
if rbac.isGlobalAdmin() then
return NEW;
end if;
raise exception '[403] insert into hs_office_debitor values(%) not allowed for current subjects % (%)',
raise exception '[403] insert into hs_office.debitor values(%) not allowed for current subjects % (%)',
NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
end; $$;
create trigger hs_office_debitor_insert_permission_check_tg
before insert on hs_office_debitor
create trigger debitor_insert_permission_check_tg
before insert on hs_office.debitor
for each row
execute procedure hs_office_debitor_insert_permission_check_tf();
execute procedure hs_office.debitor_insert_permission_check_tf();
--//
@ -207,18 +207,18 @@ create trigger hs_office_debitor_insert_permission_check_tg
--changeset RbacIdentityViewGenerator:hs-office-debitor-rbac-IDENTITY-VIEW endDelimiter:--//
-- ----------------------------------------------------------------------------
call rbac.generateRbacIdentityViewFromQuery('hs_office_debitor',
call rbac.generateRbacIdentityViewFromQuery('hs_office.debitor',
$idName$
SELECT debitor.uuid AS uuid,
'D-' || (SELECT partner.partnerNumber
FROM hs_office_partner partner
JOIN hs_office_relation partnerRel
FROM hs_office.partner partner
JOIN hs_office.relation partnerRel
ON partnerRel.uuid = partner.partnerRelUUid AND partnerRel.type = 'PARTNER'
JOIN hs_office_relation debitorRel
JOIN hs_office.relation debitorRel
ON debitorRel.anchorUuid = partnerRel.holderUuid AND debitorRel.type = 'DEBITOR'
WHERE debitorRel.uuid = debitor.debitorRelUuid)
|| debitorNumberSuffix as idName
FROM hs_office_debitor AS debitor
FROM hs_office.debitor AS debitor
$idName$);
--//
@ -226,7 +226,7 @@ call rbac.generateRbacIdentityViewFromQuery('hs_office_debitor',
-- ============================================================================
--changeset RbacRestrictedViewGenerator:hs-office-debitor-rbac-RESTRICTED-VIEW endDelimiter:--//
-- ----------------------------------------------------------------------------
call rbac.generateRbacRestrictedView('hs_office_debitor',
call rbac.generateRbacRestrictedView('hs_office.debitor',
$orderBy$
defaultPrefix
$orderBy$,

8
src/main/resources/db/changelog/5-hs-office/506-debitor/5068-hs-office-debitor-test-data.sql
View File

@ -24,21 +24,21 @@ begin
select debitorRel.uuid
into relatedDebitorRelUuid
from hs_office_relation debitorRel
join hs_office_person person on person.uuid = debitorRel.holderUuid
from hs_office.relation debitorRel
join hs_office.person person on person.uuid = debitorRel.holderUuid
and (person.tradeName = forPartnerPersonName or person.familyName = forPartnerPersonName)
where debitorRel.type = 'DEBITOR';
select b.uuid
into relatedBankAccountUuid
from hs_office_bankaccount b
from hs_office.bankaccount b
where b.holder = forPartnerPersonName;
raise notice 'creating test debitor: % (#%)', idName, withDebitorNumberSuffix;
-- raise exception 'creating test debitor: (uuid=%, debitorRelUuid=%, debitornumbersuffix=%, billable=%, vatbusiness=%, vatreversecharge=%, refundbankaccountuuid=%, defaultprefix=%)',
-- uuid_generate_v4(), relatedDebitorRelUuid, withDebitorNumberSuffix, true, true, false, relatedBankAccountUuid, withDefaultPrefix;
insert
into hs_office_debitor (uuid, debitorRelUuid, debitornumbersuffix, billable, vatbusiness, vatreversecharge, refundbankaccountuuid, defaultprefix)
into hs_office.debitor (uuid, debitorRelUuid, debitornumbersuffix, billable, vatbusiness, vatreversecharge, refundbankaccountuuid, defaultprefix)
values (uuid_generate_v4(), relatedDebitorRelUuid, withDebitorNumberSuffix, true, true, false, relatedBankAccountUuid, withDefaultPrefix);
end; $$;
--//

8
src/main/resources/db/changelog/5-hs-office/507-sepamandate/5070-hs-office-sepamandate.sql
View File

@ -4,12 +4,12 @@
--changeset michael.hoennig:hs-office-sepamandate-MAIN-TABLE endDelimiter:--//
-- ----------------------------------------------------------------------------
create table if not exists hs_office_sepamandate
create table if not exists hs_office.sepamandate
(
uuid uuid unique references rbac.object (uuid) initially deferred,
version int not null default 0,
debitorUuid uuid not null references hs_office_debitor(uuid),
bankAccountUuid uuid not null references hs_office_bankaccount(uuid),
debitorUuid uuid not null references hs_office.debitor(uuid),
bankAccountUuid uuid not null references hs_office.bankaccount(uuid),
reference varchar(96) not null,
agreement date not null,
validity daterange not null
@ -21,5 +21,5 @@ create table if not exists hs_office_sepamandate
--changeset michael.hoennig:hs-office-sepamandate-MAIN-TABLE-JOURNAL endDelimiter:--//
-- ----------------------------------------------------------------------------
call base.create_journal('hs_office_sepamandate');
call base.create_journal('hs_office.sepamandate');
--//

82
src/main/resources/db/changelog/5-hs-office/507-sepamandate/5073-hs-office-sepamandate-rbac.sql
View File

@ -5,14 +5,14 @@
-- ============================================================================
--changeset RbacObjectGenerator:hs-office-sepamandate-rbac-OBJECT endDelimiter:--//
-- ----------------------------------------------------------------------------
call rbac.generateRelatedRbacObject('hs_office_sepamandate');
call rbac.generateRelatedRbacObject('hs_office.sepamandate');
--//
-- ============================================================================
--changeset RbacRoleDescriptorsGenerator:hs-office-sepamandate-rbac-ROLE-DESCRIPTORS endDelimiter:--//
-- ----------------------------------------------------------------------------
call rbac.generateRbacRoleDescriptors('hsOfficeSepaMandate', 'hs_office_sepamandate');
call rbac.generateRbacRoleDescriptors('hsOfficeSepaMandate', 'hs_office.sepamandate');
--//
@ -24,24 +24,24 @@ call rbac.generateRbacRoleDescriptors('hsOfficeSepaMandate', 'hs_office_sepamand
Creates the roles, grants and permission for the AFTER INSERT TRIGGER.
*/
create or replace procedure buildRbacSystemForHsOfficeSepaMandate(
NEW hs_office_sepamandate
create or replace procedure hs_office.sepamandate_build_rbac_system(
NEW hs_office.sepamandate
)
language plpgsql as $$
declare
newBankAccount hs_office_bankaccount;
newDebitorRel hs_office_relation;
newBankAccount hs_office.bankaccount;
newDebitorRel hs_office.relation;
begin
call rbac.enterTriggerForObjectUuid(NEW.uuid);
SELECT * FROM hs_office_bankaccount WHERE uuid = NEW.bankAccountUuid INTO newBankAccount;
SELECT * FROM hs_office.bankaccount WHERE uuid = NEW.bankAccountUuid INTO newBankAccount;
assert newBankAccount.uuid is not null, format('newBankAccount must not be null for NEW.bankAccountUuid = %s', NEW.bankAccountUuid);
SELECT debitorRel.*
FROM hs_office_relation debitorRel
JOIN hs_office_debitor debitor ON debitor.debitorRelUuid = debitorRel.uuid
FROM hs_office.relation debitorRel
JOIN hs_office.debitor debitor ON debitor.debitorRelUuid = debitorRel.uuid
WHERE debitor.uuid = NEW.debitorUuid
INTO newDebitorRel;
assert newDebitorRel.uuid is not null, format('newDebitorRel must not be null for NEW.debitorUuid = %s', NEW.debitorUuid);
@ -82,22 +82,22 @@ begin
end; $$;
/*
AFTER INSERT TRIGGER to create the role+grant structure for a new hs_office_sepamandate row.
AFTER INSERT TRIGGER to create the role+grant structure for a new hs_office.sepamandate row.
*/
create or replace function insertTriggerForHsOfficeSepaMandate_tf()
create or replace function hs_office.sepamandate_build_rbac_system_after_insert_tf()
returns trigger
language plpgsql
strict as $$
begin
call buildRbacSystemForHsOfficeSepaMandate(NEW);
call hs_office.sepamandate_build_rbac_system(NEW);
return NEW;
end; $$;
create trigger insertTriggerForHsOfficeSepaMandate_tg
after insert on hs_office_sepamandate
create trigger build_rbac_system_after_insert_tg
after insert on hs_office.sepamandate
for each row
execute procedure insertTriggerForHsOfficeSepaMandate_tf();
execute procedure hs_office.sepamandate_build_rbac_system_after_insert_tf();
--//
@ -105,48 +105,48 @@ execute procedure insertTriggerForHsOfficeSepaMandate_tf();
--changeset InsertTriggerGenerator:hs-office-sepamandate-rbac-GRANTING-INSERT-PERMISSION endDelimiter:--//
-- ----------------------------------------------------------------------------
-- granting INSERT permission to hs_office_relation ----------------------------
-- granting INSERT permission to hs_office.relation ----------------------------
/*
Grants INSERT INTO hs_office_sepamandate permissions to specified role of pre-existing hs_office_relation rows.
Grants INSERT INTO hs_office.sepamandate permissions to specified role of pre-existing hs_office.relation rows.
*/
do language plpgsql $$
declare
row hs_office_relation;
row hs_office.relation;
begin
call base.defineContext('create INSERT INTO hs_office_sepamandate permissions for pre-exising hs_office_relation rows');
call base.defineContext('create INSERT INTO hs_office.sepamandate permissions for pre-exising hs_office.relation rows');
FOR row IN SELECT * FROM hs_office_relation
FOR row IN SELECT * FROM hs_office.relation
WHERE type = 'DEBITOR'
LOOP
call rbac.grantPermissionToRole(
rbac.createPermission(row.uuid, 'INSERT', 'hs_office_sepamandate'),
rbac.createPermission(row.uuid, 'INSERT', 'hs_office.sepamandate'),
hsOfficeRelationADMIN(row));
END LOOP;
end;
$$;
/**
Grants hs_office_sepamandate INSERT permission to specified role of new hs_office_relation rows.
Grants hs_office.sepamandate INSERT permission to specified role of new relation rows.
*/
create or replace function new_hsof_sepamandate_grants_insert_to_hsof_relation_tf()
create or replace function hs_office.new_sepamandate_grants_insert_to_relation_tf()
returns trigger
language plpgsql
strict as $$
begin
if NEW.type = 'DEBITOR' then
call rbac.grantPermissionToRole(
rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office_sepamandate'),
rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office.sepamandate'),
hsOfficeRelationADMIN(NEW));
end if;
return NEW;
end; $$;
-- z_... is to put it at the end of after insert triggers, to make sure the roles exist
create trigger z_new_hs_office_sepamandate_grants_after_insert_tg
after insert on hs_office_relation
create trigger z_new_sepamandate_grants_after_insert_tg
after insert on hs_office.relation
for each row
execute procedure new_hsof_sepamandate_grants_insert_to_hsof_relation_tf();
execute procedure hs_office.new_sepamandate_grants_insert_to_relation_tf();
-- ============================================================================
@ -154,9 +154,9 @@ execute procedure new_hsof_sepamandate_grants_insert_to_hsof_relation_tf();
-- ----------------------------------------------------------------------------
/**
Checks if the user respectively the assumed roles are allowed to insert a row to hs_office_sepamandate.
Checks if the user respectively the assumed roles are allowed to insert a row to hs_office.sepamandate.
*/
create or replace function hs_office_sepamandate_insert_permission_check_tf()
create or replace function hs_office.sepamandate_insert_permission_check_tf()
returns trigger
language plpgsql as $$
declare
@ -164,23 +164,23 @@ declare
begin
-- check INSERT permission via indirect foreign key: NEW.debitorUuid
superObjectUuid := (SELECT debitorRel.uuid
FROM hs_office_relation debitorRel
JOIN hs_office_debitor debitor ON debitor.debitorRelUuid = debitorRel.uuid
FROM hs_office.relation debitorRel
JOIN hs_office.debitor debitor ON debitor.debitorRelUuid = debitorRel.uuid
WHERE debitor.uuid = NEW.debitorUuid
);
assert superObjectUuid is not null, 'object uuid fetched depending on hs_office_sepamandate.debitorUuid must not be null, also check fetchSql in RBAC DSL';
if rbac.hasInsertPermission(superObjectUuid, 'hs_office_sepamandate') then
assert superObjectUuid is not null, 'object uuid fetched depending on hs_office.sepamandate.debitorUuid must not be null, also check fetchSql in RBAC DSL';
if rbac.hasInsertPermission(superObjectUuid, 'hs_office.sepamandate') then
return NEW;
end if;
raise exception '[403] insert into hs_office_sepamandate values(%) not allowed for current subjects % (%)',
raise exception '[403] insert into hs_office.sepamandate values(%) not allowed for current subjects % (%)',
NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
end; $$;
create trigger hs_office_sepamandate_insert_permission_check_tg
before insert on hs_office_sepamandate
create trigger sepamandate_insert_permission_check_tg
before insert on hs_office.sepamandate
for each row
execute procedure hs_office_sepamandate_insert_permission_check_tf();
execute procedure hs_office.sepamandate_insert_permission_check_tf();
--//
@ -188,11 +188,11 @@ create trigger hs_office_sepamandate_insert_permission_check_tg
--changeset RbacIdentityViewGenerator:hs-office-sepamandate-rbac-IDENTITY-VIEW endDelimiter:--//
-- ----------------------------------------------------------------------------
call rbac.generateRbacIdentityViewFromQuery('hs_office_sepamandate',
call rbac.generateRbacIdentityViewFromQuery('hs_office.sepamandate',
$idName$
select sm.uuid as uuid, ba.iban || '-' || sm.validity as idName
from hs_office_sepamandate sm
join hs_office_bankaccount ba on ba.uuid = sm.bankAccountUuid
from hs_office.sepamandate sm
join hs_office.bankaccount ba on ba.uuid = sm.bankAccountUuid
$idName$);
--//
@ -200,7 +200,7 @@ call rbac.generateRbacIdentityViewFromQuery('hs_office_sepamandate',
-- ============================================================================
--changeset RbacRestrictedViewGenerator:hs-office-sepamandate-rbac-RESTRICTED-VIEW endDelimiter:--//
-- ----------------------------------------------------------------------------
call rbac.generateRbacRestrictedView('hs_office_sepamandate',
call rbac.generateRbacRestrictedView('hs_office.sepamandate',
$orderBy$
validity
$orderBy$,

26
src/main/resources/db/changelog/5-hs-office/507-sepamandate/5076-hs-office-sepamandate-migration.sql
View File

@ -7,9 +7,9 @@
--changeset michael.hoennig:hs-office-sepamandate-MIGRATION-mapping endDelimiter:--//
-- ----------------------------------------------------------------------------
CREATE TABLE hs_office_sepamandate_legacy_id
CREATE TABLE hs_office.sepamandate_legacy_id
(
uuid uuid NOT NULL REFERENCES hs_office_sepamandate(uuid),
uuid uuid NOT NULL REFERENCES hs_office.sepamandate(uuid),
sepa_mandate_id integer NOT NULL
);
--//
@ -19,10 +19,10 @@ CREATE TABLE hs_office_sepamandate_legacy_id
--changeset michael.hoennig:hs-office-sepamandate-MIGRATION-sequence endDelimiter:--//
-- ----------------------------------------------------------------------------
CREATE SEQUENCE IF NOT EXISTS hs_office_sepamandate_legacy_id_seq
CREATE SEQUENCE IF NOT EXISTS hs_office.sepamandate_legacy_id_seq
AS integer
START 1000000000
OWNED BY hs_office_sepamandate_legacy_id.sepa_mandate_id;
OWNED BY hs_office.sepamandate_legacy_id.sepa_mandate_id;
--//
@ -30,9 +30,9 @@ CREATE SEQUENCE IF NOT EXISTS hs_office_sepamandate_legacy_id_seq
--changeset michael.hoennig:hs-office-sepamandate-MIGRATION-default endDelimiter:--//
-- ----------------------------------------------------------------------------
ALTER TABLE hs_office_sepamandate_legacy_id
ALTER TABLE hs_office.sepamandate_legacy_id
ALTER COLUMN sepa_mandate_id
SET DEFAULT nextVal('hs_office_sepamandate_legacy_id_seq');
SET DEFAULT nextVal('hs_office.sepamandate_legacy_id_seq');
--/
@ -42,8 +42,8 @@ ALTER TABLE hs_office_sepamandate_legacy_id
-- ----------------------------------------------------------------------------
CALL base.defineContext('schema-migration');
INSERT INTO hs_office_sepamandate_legacy_id(uuid, sepa_mandate_id)
SELECT uuid, nextVal('hs_office_sepamandate_legacy_id_seq') FROM hs_office_sepamandate;
INSERT INTO hs_office.sepamandate_legacy_id(uuid, sepa_mandate_id)
SELECT uuid, nextVal('hs_office.sepamandate_legacy_id_seq') FROM hs_office.sepamandate;
--/
@ -59,14 +59,14 @@ begin
raise exception 'invalid usage of trigger';
end if;
INSERT INTO hs_office_sepamandate_legacy_id VALUES
(NEW.uuid, nextVal('hs_office_sepamandate_legacy_id_seq'));
INSERT INTO hs_office.sepamandate_legacy_id VALUES
(NEW.uuid, nextVal('hs_office.sepamandate_legacy_id_seq'));
return NEW;
end; $$;
create trigger createSepaMandateLegacyIdMapping
after insert on hs_office_sepamandate
after insert on hs_office.sepamandate
for each row
execute procedure insertSepaMandateLegacyIdMapping();
--/
@ -84,14 +84,14 @@ begin
raise exception 'invalid usage of trigger';
end if;
DELETE FROM hs_office_sepamandate_legacy_id
DELETE FROM hs_office.sepamandate_legacy_id
WHERE uuid = OLD.uuid;
return OLD;
end; $$;
create trigger removeSepaMandateLegacyIdMapping
before delete on hs_office_sepamandate
before delete on hs_office.sepamandate
for each row
execute procedure deleteSepaMandateLegacyIdMapping();
--/

16
src/main/resources/db/changelog/5-hs-office/507-sepamandate/5078-hs-office-sepamandate-test-data.sql
View File

@ -15,23 +15,23 @@ create or replace procedure createHsOfficeSepaMandateTestData(
withReference varchar)
language plpgsql as $$
declare
relatedDebitor hs_office_debitor;
relatedBankAccount hs_office_bankAccount;
relatedDebitor hs_office.debitor;
relatedBankAccount hs_office.bankAccount;
begin
select debitor.* into relatedDebitor
from hs_office_debitor debitor
join hs_office_relation debitorRel on debitorRel.uuid = debitor.debitorRelUuid
join hs_office_relation partnerRel on partnerRel.holderUuid = debitorRel.anchorUuid
join hs_office_partner partner on partner.partnerRelUuid = partnerRel.uuid
from hs_office.debitor debitor
join hs_office.relation debitorRel on debitorRel.uuid = debitor.debitorRelUuid
join hs_office.relation partnerRel on partnerRel.holderUuid = debitorRel.anchorUuid
join hs_office.partner partner on partner.partnerRelUuid = partnerRel.uuid
where partner.partnerNumber = forPartnerNumber and debitor.debitorNumberSuffix = forDebitorSuffix;
select b.* into relatedBankAccount
from hs_office_bankAccount b where b.iban = forIban;
from hs_office.bankAccount b where b.iban = forIban;
raise notice 'creating test SEPA-mandate: %', forPartnerNumber::text || forDebitorSuffix::text;
raise notice '- using debitor (%): %', relatedDebitor.uuid, relatedDebitor;
raise notice '- using bankAccount (%): %', relatedBankAccount.uuid, relatedBankAccount;
insert
into hs_office_sepamandate (uuid, debitoruuid, bankAccountuuid, reference, agreement, validity)
into hs_office.sepamandate (uuid, debitoruuid, bankAccountuuid, reference, agreement, validity)
values (uuid_generate_v4(), relatedDebitor.uuid, relatedBankAccount.uuid, withReference, '20220930', daterange('20221001' , '20261231', '[]'));
end; $$;
--//

6
src/main/resources/db/changelog/5-hs-office/510-membership/5100-hs-office-membership.sql
View File

@ -17,11 +17,11 @@ CREATE TYPE HsOfficeMembershipStatus AS ENUM (
CREATE CAST (character varying as HsOfficeMembershipStatus) WITH INOUT AS IMPLICIT;
create table if not exists hs_office_membership
create table if not exists hs_office.membership
(
uuid uuid unique references rbac.object (uuid) initially deferred,
version int not null default 0,
partnerUuid uuid not null references hs_office_partner(uuid),
partnerUuid uuid not null references hs_office.partner(uuid),
memberNumberSuffix char(2) not null check (memberNumberSuffix::text ~ '^[0-9][0-9]$'),
validity daterange not null,
status HsOfficeMembershipStatus not null default 'ACTIVE',
@ -36,5 +36,5 @@ create table if not exists hs_office_membership
--changeset michael.hoennig:hs-office-membership-MAIN-TABLE-JOURNAL endDelimiter:--//
-- ----------------------------------------------------------------------------
call base.create_journal('hs_office_membership');
call base.create_journal('hs_office.membership');
--//

64
src/main/resources/db/changelog/5-hs-office/510-membership/5103-hs-office-membership-rbac.sql
View File

@ -5,14 +5,14 @@
-- ============================================================================
--changeset RbacObjectGenerator:hs-office-membership-rbac-OBJECT endDelimiter:--//
-- ----------------------------------------------------------------------------
call rbac.generateRelatedRbacObject('hs_office_membership');
call rbac.generateRelatedRbacObject('hs_office.membership');
--//
-- ============================================================================
--changeset RbacRoleDescriptorsGenerator:hs-office-membership-rbac-ROLE-DESCRIPTORS endDelimiter:--//
-- ----------------------------------------------------------------------------
call rbac.generateRbacRoleDescriptors('hsOfficeMembership', 'hs_office_membership');
call rbac.generateRbacRoleDescriptors('hsOfficeMembership', 'hs_office.membership');
--//
@ -24,20 +24,20 @@ call rbac.generateRbacRoleDescriptors('hsOfficeMembership', 'hs_office_membershi
Creates the roles, grants and permission for the AFTER INSERT TRIGGER.
*/
create or replace procedure buildRbacSystemForHsOfficeMembership(
NEW hs_office_membership
create or replace procedure hs_office.membership_build_rbac_system(
NEW hs_office.membership
)
language plpgsql as $$
declare
newPartnerRel hs_office_relation;
newPartnerRel hs_office.relation;
begin
call rbac.enterTriggerForObjectUuid(NEW.uuid);
SELECT partnerRel.*
FROM hs_office_partner AS partner
JOIN hs_office_relation AS partnerRel ON partnerRel.uuid = partner.partnerRelUuid
FROM hs_office.partner AS partner
JOIN hs_office.relation AS partnerRel ON partnerRel.uuid = partner.partnerRelUuid
WHERE partner.uuid = NEW.partnerUuid
INTO newPartnerRel;
assert newPartnerRel.uuid is not null, format('newPartnerRel must not be null for NEW.partnerUuid = %s', NEW.partnerUuid);
@ -69,22 +69,22 @@ begin
end; $$;
/*
AFTER INSERT TRIGGER to create the role+grant structure for a new hs_office_membership row.
AFTER INSERT TRIGGER to create the role+grant structure for a new hs_office.membership row.
*/
create or replace function insertTriggerForHsOfficeMembership_tf()
create or replace function hs_office.membership_build_rbac_system_after_insert_tf()
returns trigger
language plpgsql
strict as $$
begin
call buildRbacSystemForHsOfficeMembership(NEW);
call hs_office.membership_build_rbac_system(NEW);
return NEW;
end; $$;
create trigger insertTriggerForHsOfficeMembership_tg
after insert on hs_office_membership
create trigger build_rbac_system_after_insert_tg
after insert on hs_office.membership
for each row
execute procedure insertTriggerForHsOfficeMembership_tf();
execute procedure hs_office.membership_build_rbac_system_after_insert_tf();
--//
@ -95,45 +95,45 @@ execute procedure insertTriggerForHsOfficeMembership_tf();
-- granting INSERT permission to rbac.global ----------------------------
/*
Grants INSERT INTO hs_office_membership permissions to specified role of pre-existing rbac.global rows.
Grants INSERT INTO hs_office.membership permissions to specified role of pre-existing rbac.global rows.
*/
do language plpgsql $$
declare
row rbac.global;
begin
call base.defineContext('create INSERT INTO hs_office_membership permissions for pre-exising rbac.global rows');
call base.defineContext('create INSERT INTO hs_office.membership permissions for pre-exising rbac.global rows');
FOR row IN SELECT * FROM rbac.global
-- unconditional for all rows in that table
LOOP
call rbac.grantPermissionToRole(
rbac.createPermission(row.uuid, 'INSERT', 'hs_office_membership'),
rbac.createPermission(row.uuid, 'INSERT', 'hs_office.membership'),
rbac.globalADMIN());
END LOOP;
end;
$$;
/**
Grants hs_office_membership INSERT permission to specified role of new global rows.
Grants hs_office.membership INSERT permission to specified role of new global rows.
*/
create or replace function new_hsof_membership_grants_insert_to_global_tf()
create or replace function hs_office.new_membership_grants_insert_to_global_tf()
returns trigger
language plpgsql
strict as $$
begin
-- unconditional for all rows in that table
call rbac.grantPermissionToRole(
rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office_membership'),
rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office.membership'),
rbac.globalADMIN());
-- end.
return NEW;
end; $$;
-- z_... is to put it at the end of after insert triggers, to make sure the roles exist
create trigger z_new_hs_office_membership_grants_after_insert_tg
create trigger z_new_membership_grants_after_insert_tg
after insert on rbac.global
for each row
execute procedure new_hsof_membership_grants_insert_to_global_tf();
execute procedure hs_office.new_membership_grants_insert_to_global_tf();
-- ============================================================================
@ -141,27 +141,27 @@ execute procedure new_hsof_membership_grants_insert_to_global_tf();
-- ----------------------------------------------------------------------------
/**
Checks if the user respectively the assumed roles are allowed to insert a row to hs_office_membership.
Checks if the user respectively the assumed roles are allowed to insert a row to hs_office.membership.
*/
create or replace function hs_office_membership_insert_permission_check_tf()
create or replace function hs_office.membership_insert_permission_check_tf()
returns trigger
language plpgsql as $$
declare
superObjectUuid uuid;
begin
-- check INSERT INSERT if rbac.global ADMIN
-- check INSERT permission if rbac.global ADMIN
if rbac.isGlobalAdmin() then
return NEW;
end if;
raise exception '[403] insert into hs_office_membership values(%) not allowed for current subjects % (%)',
raise exception '[403] insert into hs_office.membership values(%) not allowed for current subjects % (%)',
NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
end; $$;
create trigger hs_office_membership_insert_permission_check_tg
before insert on hs_office_membership
create trigger membership_insert_permission_check_tg
before insert on hs_office.membership
for each row
execute procedure hs_office_membership_insert_permission_check_tf();
execute procedure hs_office.membership_insert_permission_check_tf();
--//
@ -169,12 +169,12 @@ create trigger hs_office_membership_insert_permission_check_tg
--changeset RbacIdentityViewGenerator:hs-office-membership-rbac-IDENTITY-VIEW endDelimiter:--//
-- ----------------------------------------------------------------------------
call rbac.generateRbacIdentityViewFromQuery('hs_office_membership',
call rbac.generateRbacIdentityViewFromQuery('hs_office.membership',
$idName$
SELECT m.uuid AS uuid,
'M-' || p.partnerNumber || m.memberNumberSuffix as idName
FROM hs_office_membership AS m
JOIN hs_office_partner AS p ON p.uuid = m.partnerUuid
FROM hs_office.membership AS m
JOIN hs_office.partner AS p ON p.uuid = m.partnerUuid
$idName$);
--//
@ -182,7 +182,7 @@ call rbac.generateRbacIdentityViewFromQuery('hs_office_membership',
-- ============================================================================
--changeset RbacRestrictedViewGenerator:hs-office-membership-rbac-RESTRICTED-VIEW endDelimiter:--//
-- ----------------------------------------------------------------------------
call rbac.generateRbacRestrictedView('hs_office_membership',
call rbac.generateRbacRestrictedView('hs_office.membership',
$orderBy$
validity
$orderBy$,

6
src/main/resources/db/changelog/5-hs-office/510-membership/5108-hs-office-membership-test-data.sql
View File

@ -13,15 +13,15 @@ create or replace procedure createHsOfficeMembershipTestData(
newMemberNumberSuffix char(2) )
language plpgsql as $$
declare
relatedPartner hs_office_partner;
relatedPartner hs_office.partner;
begin
select partner.* from hs_office_partner partner
select partner.* from hs_office.partner partner
where partner.partnerNumber = forPartnerNumber into relatedPartner;
raise notice 'creating test Membership: M-% %', forPartnerNumber, newMemberNumberSuffix;
raise notice '- using partner (%): %', relatedPartner.uuid, relatedPartner;
insert
into hs_office_membership (uuid, partneruuid, memberNumberSuffix, validity, status)
into hs_office.membership (uuid, partneruuid, memberNumberSuffix, validity, status)
values (uuid_generate_v4(), relatedPartner.uuid, newMemberNumberSuffix, daterange('20221001' , null, '[]'), 'ACTIVE');
end; $$;
--//

18
src/main/resources/db/changelog/5-hs-office/511-coopshares/5110-hs-office-coopshares.sql
View File

@ -8,16 +8,16 @@ CREATE TYPE HsOfficeCoopSharesTransactionType AS ENUM ('ADJUSTMENT', 'SUBSCRIPTI
CREATE CAST (character varying as HsOfficeCoopSharesTransactionType) WITH INOUT AS IMPLICIT;
create table if not exists hs_office_coopsharestransaction
create table if not exists hs_office.coopsharestransaction
(
uuid uuid unique references rbac.object (uuid) initially deferred,
version int not null default 0,
membershipUuid uuid not null references hs_office_membership(uuid),
membershipUuid uuid not null references hs_office.membership(uuid),
transactionType HsOfficeCoopSharesTransactionType not null,
valueDate date not null,
shareCount integer not null,
reference varchar(48) not null,
adjustedShareTxUuid uuid unique REFERENCES hs_office_coopsharestransaction(uuid) DEFERRABLE INITIALLY DEFERRED,
adjustedShareTxUuid uuid unique REFERENCES hs_office.coopsharestransaction(uuid) DEFERRABLE INITIALLY DEFERRED,
comment varchar(512)
);
--//
@ -26,8 +26,8 @@ create table if not exists hs_office_coopsharestransaction
--changeset michael.hoennig:hs-office-coopshares-BUSINESS-RULES endDelimiter:--//
-- ----------------------------------------------------------------------------
alter table hs_office_coopsharestransaction
add constraint hs_office_coopsharestransaction_reverse_entry_missing
alter table hs_office.coopsharestransaction
add constraint reverse_entry_missing
check ( transactionType = 'ADJUSTMENT' and adjustedShareTxUuid is not null
or transactionType <> 'ADJUSTMENT' and adjustedShareTxUuid is null);
--//
@ -44,7 +44,7 @@ declare
totalShareCount integer;
begin
select sum(cst.shareCount)
from hs_office_coopsharestransaction cst
from hs_office.coopsharestransaction cst
where cst.membershipUuid = forMembershipUuid
into currentShareCount;
totalShareCount := currentShareCount + newShareCount;
@ -54,8 +54,8 @@ begin
return true;
end; $$;
alter table hs_office_coopsharestransaction
add constraint hs_office_coopshares_positive
alter table hs_office.coopsharestransaction
add constraint check_positive_total_shares_count
check ( checkSharesByMembershipUuid(membershipUuid, shareCount) );
--//
@ -64,5 +64,5 @@ alter table hs_office_coopsharestransaction
--changeset michael.hoennig:hs-office-coopshares-MAIN-TABLE-JOURNAL endDelimiter:--//
-- ----------------------------------------------------------------------------
call base.create_journal('hs_office_coopsharestransaction');
call base.create_journal('hs_office.coopsharestransaction');
--//

66
src/main/resources/db/changelog/5-hs-office/511-coopshares/5113-hs-office-coopshares-rbac.sql
View File

@ -5,14 +5,14 @@
-- ============================================================================
--changeset RbacObjectGenerator:hs-office-coopsharestransaction-rbac-OBJECT endDelimiter:--//
-- ----------------------------------------------------------------------------
call rbac.generateRelatedRbacObject('hs_office_coopsharestransaction');
call rbac.generateRelatedRbacObject('hs_office.coopsharestransaction');
--//
-- ============================================================================
--changeset RbacRoleDescriptorsGenerator:hs-office-coopsharestransaction-rbac-ROLE-DESCRIPTORS endDelimiter:--//
-- ----------------------------------------------------------------------------
call rbac.generateRbacRoleDescriptors('hsOfficeCoopSharesTransaction', 'hs_office_coopsharestransaction');
call rbac.generateRbacRoleDescriptors('hsOfficeCoopSharesTransaction', 'hs_office.coopsharestransaction');
--//
@ -24,18 +24,18 @@ call rbac.generateRbacRoleDescriptors('hsOfficeCoopSharesTransaction', 'hs_offic
Creates the roles, grants and permission for the AFTER INSERT TRIGGER.
*/
create or replace procedure buildRbacSystemForHsOfficeCoopSharesTransaction(
NEW hs_office_coopsharestransaction
create or replace procedure hs_office.coopsharestransaction_build_rbac_system(
NEW hs_office.coopsharestransaction
)
language plpgsql as $$
declare
newMembership hs_office_membership;
newMembership hs_office.membership;
begin
call rbac.enterTriggerForObjectUuid(NEW.uuid);
SELECT * FROM hs_office_membership WHERE uuid = NEW.membershipUuid INTO newMembership;
SELECT * FROM hs_office.membership WHERE uuid = NEW.membershipUuid INTO newMembership;
assert newMembership.uuid is not null, format('newMembership must not be null for NEW.membershipUuid = %s', NEW.membershipUuid);
call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'SELECT'), hsOfficeMembershipAGENT(newMembership));
@ -45,22 +45,22 @@ begin
end; $$;
/*
AFTER INSERT TRIGGER to create the role+grant structure for a new hs_office_coopsharestransaction row.
AFTER INSERT TRIGGER to create the role+grant structure for a new hs_office.coopsharestransaction row.
*/
create or replace function insertTriggerForHsOfficeCoopSharesTransaction_tf()
create or replace function hs_office.coopsharestransaction_build_rbac_system_after_insert_tf()
returns trigger
language plpgsql
strict as $$
begin
call buildRbacSystemForHsOfficeCoopSharesTransaction(NEW);
call hs_office.coopsharestransaction_build_rbac_system(NEW);
return NEW;
end; $$;
create trigger insertTriggerForHsOfficeCoopSharesTransaction_tg
after insert on hs_office_coopsharestransaction
create trigger build_rbac_system_after_insert_tg
after insert on hs_office.coopsharestransaction
for each row
execute procedure insertTriggerForHsOfficeCoopSharesTransaction_tf();
execute procedure hs_office.coopsharestransaction_build_rbac_system_after_insert_tf();
--//
@ -68,48 +68,48 @@ execute procedure insertTriggerForHsOfficeCoopSharesTransaction_tf();
--changeset InsertTriggerGenerator:hs-office-coopsharestransaction-rbac-GRANTING-INSERT-PERMISSION endDelimiter:--//
-- ----------------------------------------------------------------------------
-- granting INSERT permission to hs_office_membership ----------------------------
-- granting INSERT permission to hs_office.membership ----------------------------
/*
Grants INSERT INTO hs_office_coopsharestransaction permissions to specified role of pre-existing hs_office_membership rows.
Grants INSERT INTO hs_office.coopsharestransaction permissions to specified role of pre-existing hs_office.membership rows.
*/
do language plpgsql $$
declare
row hs_office_membership;
row hs_office.membership;
begin
call base.defineContext('create INSERT INTO hs_office_coopsharestransaction permissions for pre-exising hs_office_membership rows');
call base.defineContext('create INSERT INTO hs_office.coopsharestransaction permissions for pre-exising hs_office.membership rows');
FOR row IN SELECT * FROM hs_office_membership
FOR row IN SELECT * FROM hs_office.membership
-- unconditional for all rows in that table
LOOP
call rbac.grantPermissionToRole(
rbac.createPermission(row.uuid, 'INSERT', 'hs_office_coopsharestransaction'),
rbac.createPermission(row.uuid, 'INSERT', 'hs_office.coopsharestransaction'),
hsOfficeMembershipADMIN(row));
END LOOP;
end;
$$;
/**
Grants hs_office_coopsharestransaction INSERT permission to specified role of new hs_office_membership rows.
Grants hs_office.coopsharestransaction INSERT permission to specified role of new membership rows.
*/
create or replace function new_hsof_coopsharetx_grants_insert_to_hsof_membership_tf()
create or replace function hs_office.new_coopsharetx_grants_insert_to_membership_tf()
returns trigger
language plpgsql
strict as $$
begin
-- unconditional for all rows in that table
call rbac.grantPermissionToRole(
rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office_coopsharestransaction'),
rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office.coopsharestransaction'),
hsOfficeMembershipADMIN(NEW));
-- end.
return NEW;
end; $$;
-- z_... is to put it at the end of after insert triggers, to make sure the roles exist
create trigger z_new_hs_office_coopsharestransaction_grants_after_insert_tg
after insert on hs_office_membership
create trigger z_new_coopsharestransaction_grants_after_insert_tg
after insert on hs_office.membership
for each row
execute procedure new_hsof_coopsharetx_grants_insert_to_hsof_membership_tf();
execute procedure hs_office.new_coopsharetx_grants_insert_to_membership_tf();
-- ============================================================================
@ -117,27 +117,27 @@ execute procedure new_hsof_coopsharetx_grants_insert_to_hsof_membership_tf();
-- ----------------------------------------------------------------------------
/**
Checks if the user respectively the assumed roles are allowed to insert a row to hs_office_coopsharestransaction.
Checks if the user respectively the assumed roles are allowed to insert a row to hs_office.coopsharestransaction.
*/
create or replace function hs_office_coopsharestransaction_insert_permission_check_tf()
create or replace function hs_office.coopsharestransaction_insert_permission_check_tf()
returns trigger
language plpgsql as $$
declare
superObjectUuid uuid;
begin
-- check INSERT permission via direct foreign key: NEW.membershipUuid
if rbac.hasInsertPermission(NEW.membershipUuid, 'hs_office_coopsharestransaction') then
if rbac.hasInsertPermission(NEW.membershipUuid, 'hs_office.coopsharestransaction') then
return NEW;
end if;
raise exception '[403] insert into hs_office_coopsharestransaction values(%) not allowed for current subjects % (%)',
raise exception '[403] insert into hs_office.coopsharestransaction values(%) not allowed for current subjects % (%)',
NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
end; $$;
create trigger hs_office_coopsharestransaction_insert_permission_check_tg
before insert on hs_office_coopsharestransaction
create trigger coopsharestransaction_insert_permission_check_tg
before insert on hs_office.coopsharestransaction
for each row
execute procedure hs_office_coopsharestransaction_insert_permission_check_tf();
execute procedure hs_office.coopsharestransaction_insert_permission_check_tf();
--//
@ -145,7 +145,7 @@ create trigger hs_office_coopsharestransaction_insert_permission_check_tg
--changeset RbacIdentityViewGenerator:hs-office-coopsharestransaction-rbac-IDENTITY-VIEW endDelimiter:--//
-- ----------------------------------------------------------------------------
call rbac.generateRbacIdentityViewFromProjection('hs_office_coopsharestransaction',
call rbac.generateRbacIdentityViewFromProjection('hs_office.coopsharestransaction',
$idName$
reference
$idName$);
@ -155,7 +155,7 @@ call rbac.generateRbacIdentityViewFromProjection('hs_office_coopsharestransactio
-- ============================================================================
--changeset RbacRestrictedViewGenerator:hs-office-coopsharestransaction-rbac-RESTRICTED-VIEW endDelimiter:--//
-- ----------------------------------------------------------------------------
call rbac.generateRbacRestrictedView('hs_office_coopsharestransaction',
call rbac.generateRbacRestrictedView('hs_office.coopsharestransaction',
$orderBy$
reference
$orderBy$,

26
src/main/resources/db/changelog/5-hs-office/511-coopshares/5116-hs-office-coopshares-migration.sql
View File

@ -7,9 +7,9 @@
--changeset michael.hoennig:hs-office-coopshares-MIGRATION-mapping endDelimiter:--//
-- ----------------------------------------------------------------------------
CREATE TABLE hs_office_coopsharestransaction_legacy_id
CREATE TABLE hs_office.coopsharestransaction_legacy_id
(
uuid uuid NOT NULL REFERENCES hs_office_coopsharestransaction(uuid),
uuid uuid NOT NULL REFERENCES hs_office.coopsharestransaction(uuid),
member_share_id integer NOT NULL
);
--//
@ -19,10 +19,10 @@ CREATE TABLE hs_office_coopsharestransaction_legacy_id
--changeset michael.hoennig:hs-office-coopshares-MIGRATION-sequence endDelimiter:--//
-- ----------------------------------------------------------------------------
CREATE SEQUENCE IF NOT EXISTS hs_office_coopsharestransaction_legacy_id_seq
CREATE SEQUENCE IF NOT EXISTS hs_office.coopsharestransaction_legacy_id_seq
AS integer
START 1000000000
OWNED BY hs_office_coopsharestransaction_legacy_id.member_share_id;
OWNED BY hs_office.coopsharestransaction_legacy_id.member_share_id;
--//
@ -30,9 +30,9 @@ CREATE SEQUENCE IF NOT EXISTS hs_office_coopsharestransaction_legacy_id_seq
--changeset michael.hoennig:hs-office-coopshares-MIGRATION-default endDelimiter:--//
-- ----------------------------------------------------------------------------
ALTER TABLE hs_office_coopsharestransaction_legacy_id
ALTER TABLE hs_office.coopsharestransaction_legacy_id
ALTER COLUMN member_share_id
SET DEFAULT nextVal('hs_office_coopsharestransaction_legacy_id_seq');
SET DEFAULT nextVal('hs_office.coopsharestransaction_legacy_id_seq');
--/
@ -41,8 +41,8 @@ ALTER TABLE hs_office_coopsharestransaction_legacy_id
-- ----------------------------------------------------------------------------
CALL base.defineContext('schema-migration');
INSERT INTO hs_office_coopsharestransaction_legacy_id(uuid, member_share_id)
SELECT uuid, nextVal('hs_office_coopsharestransaction_legacy_id_seq') FROM hs_office_coopsharestransaction;
INSERT INTO hs_office.coopsharestransaction_legacy_id(uuid, member_share_id)
SELECT uuid, nextVal('hs_office.coopsharestransaction_legacy_id_seq') FROM hs_office.coopsharestransaction;
--/
@ -58,14 +58,14 @@ begin
raise exception 'invalid usage of trigger';
end if;
INSERT INTO hs_office_coopsharestransaction_legacy_id VALUES
(NEW.uuid, nextVal('hs_office_coopsharestransaction_legacy_id_seq'));
INSERT INTO hs_office.coopsharestransaction_legacy_id VALUES
(NEW.uuid, nextVal('hs_office.coopsharestransaction_legacy_id_seq'));
return NEW;
end; $$;
create trigger createCoopSharesLegacyIdMapping
after insert on hs_office_coopsharestransaction
after insert on hs_office.coopsharestransaction
for each row
execute procedure insertCoopSharesLegacyIdMapping();
--/
@ -83,14 +83,14 @@ begin
raise exception 'invalid usage of trigger';
end if;
DELETE FROM hs_office_coopsharestransaction_legacy_id
DELETE FROM hs_office.coopsharestransaction_legacy_id
WHERE uuid = OLD.uuid;
return OLD;
end; $$;
create trigger removeCoopSharesLegacyIdMapping
before delete on hs_office_coopsharestransaction
before delete on hs_office.coopsharestransaction
for each row
execute procedure deleteCoopSharesLegacyIdMapping();
--/

8
src/main/resources/db/changelog/5-hs-office/511-coopshares/5118-hs-office-coopshares-test-data.sql
View File

@ -14,12 +14,12 @@ create or replace procedure createHsOfficeCoopSharesTransactionTestData(
)
language plpgsql as $$
declare
membership hs_office_membership;
membership hs_office.membership;
subscriptionEntryUuid uuid;
begin
select m.uuid
from hs_office_membership m
join hs_office_partner p on p.uuid = m.partneruuid
from hs_office.membership m
join hs_office.partner p on p.uuid = m.partneruuid
where p.partnerNumber = givenPartnerNumber
and m.memberNumberSuffix = givenMemberNumberSuffix
into membership;
@ -27,7 +27,7 @@ begin
raise notice 'creating test coopSharesTransaction: %', givenPartnerNumber::text || givenMemberNumberSuffix;
subscriptionEntryUuid := uuid_generate_v4();
insert
into hs_office_coopsharestransaction(uuid, membershipuuid, transactiontype, valuedate, sharecount, reference, comment, adjustedShareTxUuid)
into hs_office.coopsharestransaction(uuid, membershipuuid, transactiontype, valuedate, sharecount, reference, comment, adjustedShareTxUuid)
values
(uuid_generate_v4(), membership.uuid, 'SUBSCRIPTION', '2010-03-15', 4, 'ref '||givenPartnerNumber::text || givenMemberNumberSuffix||'-1', 'initial subscription', null),
(uuid_generate_v4(), membership.uuid, 'CANCELLATION', '2021-09-01', -2, 'ref '||givenPartnerNumber::text || givenMemberNumberSuffix||'-2', 'cancelling some', null),

18
src/main/resources/db/changelog/5-hs-office/512-coopassets/5120-hs-office-coopassets.sql
View File

@ -15,16 +15,16 @@ CREATE TYPE HsOfficeCoopAssetsTransactionType AS ENUM ('ADJUSTMENT',
CREATE CAST (character varying as HsOfficeCoopAssetsTransactionType) WITH INOUT AS IMPLICIT;
create table if not exists hs_office_coopassetstransaction
create table if not exists hs_office.coopassetstransaction
(
uuid uuid unique references rbac.object (uuid) initially deferred,
version int not null default 0,
membershipUuid uuid not null references hs_office_membership(uuid),
membershipUuid uuid not null references hs_office.membership(uuid),
transactionType HsOfficeCoopAssetsTransactionType not null,
valueDate date not null,
assetValue money not null,
reference varchar(48) not null,
adjustedAssetTxUuid uuid unique REFERENCES hs_office_coopassetstransaction(uuid) DEFERRABLE INITIALLY DEFERRED,
adjustedAssetTxUuid uuid unique REFERENCES hs_office.coopassetstransaction(uuid) DEFERRABLE INITIALLY DEFERRED,
comment varchar(512)
);
--//
@ -34,8 +34,8 @@ create table if not exists hs_office_coopassetstransaction
--changeset michael.hoennig:hs-office-coopassets-BUSINESS-RULES endDelimiter:--//
-- ----------------------------------------------------------------------------
alter table hs_office_coopassetstransaction
add constraint hs_office_coopassetstransaction_reverse_entry_missing
alter table hs_office.coopassetstransaction
add constraint reverse_entry_missing
check ( transactionType = 'ADJUSTMENT' and adjustedAssetTxUuid is not null
or transactionType <> 'ADJUSTMENT' and adjustedAssetTxUuid is null);
--//
@ -52,7 +52,7 @@ declare
totalAssetValue money;
begin
select sum(cat.assetValue)
from hs_office_coopassetstransaction cat
from hs_office.coopassetstransaction cat
where cat.membershipUuid = forMembershipUuid
into currentAssetValue;
totalAssetValue := currentAssetValue + newAssetValue;
@ -62,8 +62,8 @@ begin
return true;
end; $$;
alter table hs_office_coopassetstransaction
add constraint hs_office_coopassets_positive
alter table hs_office.coopassetstransaction
add constraint check_positive_total
check ( checkAssetsByMembershipUuid(membershipUuid, assetValue) );
--//
@ -72,5 +72,5 @@ alter table hs_office_coopassetstransaction
--changeset michael.hoennig:hs-office-coopassets-MAIN-TABLE-JOURNAL endDelimiter:--//
-- ----------------------------------------------------------------------------
call base.create_journal('hs_office_coopassetstransaction');
call base.create_journal('hs_office.coopassetstransaction');
--//

66
src/main/resources/db/changelog/5-hs-office/512-coopassets/5123-hs-office-coopassets-rbac.sql
View File

@ -5,14 +5,14 @@
-- ============================================================================
--changeset RbacObjectGenerator:hs-office-coopassetstransaction-rbac-OBJECT endDelimiter:--//
-- ----------------------------------------------------------------------------
call rbac.generateRelatedRbacObject('hs_office_coopassetstransaction');
call rbac.generateRelatedRbacObject('hs_office.coopassetstransaction');
--//
-- ============================================================================
--changeset RbacRoleDescriptorsGenerator:hs-office-coopassetstransaction-rbac-ROLE-DESCRIPTORS endDelimiter:--//
-- ----------------------------------------------------------------------------
call rbac.generateRbacRoleDescriptors('hsOfficeCoopAssetsTransaction', 'hs_office_coopassetstransaction');
call rbac.generateRbacRoleDescriptors('hsOfficeCoopAssetsTransaction', 'hs_office.coopassetstransaction');
--//
@ -24,18 +24,18 @@ call rbac.generateRbacRoleDescriptors('hsOfficeCoopAssetsTransaction', 'hs_offic
Creates the roles, grants and permission for the AFTER INSERT TRIGGER.
*/
create or replace procedure buildRbacSystemForHsOfficeCoopAssetsTransaction(
NEW hs_office_coopassetstransaction
create or replace procedure hs_office.coopassetstransaction_build_rbac_system(
NEW hs_office.coopassetstransaction
)
language plpgsql as $$
declare
newMembership hs_office_membership;
newMembership hs_office.membership;
begin
call rbac.enterTriggerForObjectUuid(NEW.uuid);
SELECT * FROM hs_office_membership WHERE uuid = NEW.membershipUuid INTO newMembership;
SELECT * FROM hs_office.membership WHERE uuid = NEW.membershipUuid INTO newMembership;
assert newMembership.uuid is not null, format('newMembership must not be null for NEW.membershipUuid = %s', NEW.membershipUuid);
call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'SELECT'), hsOfficeMembershipAGENT(newMembership));
@ -45,22 +45,22 @@ begin
end; $$;
/*
AFTER INSERT TRIGGER to create the role+grant structure for a new hs_office_coopassetstransaction row.
AFTER INSERT TRIGGER to create the role+grant structure for a new hs_office.coopassetstransaction row.
*/
create or replace function insertTriggerForHsOfficeCoopAssetsTransaction_tf()
create or replace function hs_office.coopassetstransaction_build_rbac_system_after_insert_tf()
returns trigger
language plpgsql
strict as $$
begin
call buildRbacSystemForHsOfficeCoopAssetsTransaction(NEW);
call hs_office.coopassetstransaction_build_rbac_system(NEW);
return NEW;
end; $$;
create trigger insertTriggerForHsOfficeCoopAssetsTransaction_tg
after insert on hs_office_coopassetstransaction
create trigger build_rbac_system_after_insert_tg
after insert on hs_office.coopassetstransaction
for each row
execute procedure insertTriggerForHsOfficeCoopAssetsTransaction_tf();
execute procedure hs_office.coopassetstransaction_build_rbac_system_after_insert_tf();
--//
@ -68,48 +68,48 @@ execute procedure insertTriggerForHsOfficeCoopAssetsTransaction_tf();
--changeset InsertTriggerGenerator:hs-office-coopassetstransaction-rbac-GRANTING-INSERT-PERMISSION endDelimiter:--//
-- ----------------------------------------------------------------------------
-- granting INSERT permission to hs_office_membership ----------------------------
-- granting INSERT permission to hs_office.membership ----------------------------
/*
Grants INSERT INTO hs_office_coopassetstransaction permissions to specified role of pre-existing hs_office_membership rows.
Grants INSERT INTO hs_office.coopassetstransaction permissions to specified role of pre-existing hs_office.membership rows.
*/
do language plpgsql $$
declare
row hs_office_membership;
row hs_office.membership;
begin
call base.defineContext('create INSERT INTO hs_office_coopassetstransaction permissions for pre-exising hs_office_membership rows');
call base.defineContext('create INSERT INTO hs_office.coopassetstransaction permissions for pre-exising hs_office.membership rows');
FOR row IN SELECT * FROM hs_office_membership
FOR row IN SELECT * FROM hs_office.membership
-- unconditional for all rows in that table
LOOP
call rbac.grantPermissionToRole(
rbac.createPermission(row.uuid, 'INSERT', 'hs_office_coopassetstransaction'),
rbac.createPermission(row.uuid, 'INSERT', 'hs_office.coopassetstransaction'),
hsOfficeMembershipADMIN(row));
END LOOP;
end;
$$;
/**
Grants hs_office_coopassetstransaction INSERT permission to specified role of new hs_office_membership rows.
Grants hs_office.coopassetstransaction INSERT permission to specified role of new membership rows.
*/
create or replace function new_hsof_coopassettx_grants_insert_to_hsof_membership_tf()
create or replace function hs_office.new_coopassettx_grants_insert_to_membership_tf()
returns trigger
language plpgsql
strict as $$
begin
-- unconditional for all rows in that table
call rbac.grantPermissionToRole(
rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office_coopassetstransaction'),
rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office.coopassetstransaction'),
hsOfficeMembershipADMIN(NEW));
-- end.
return NEW;
end; $$;
-- z_... is to put it at the end of after insert triggers, to make sure the roles exist
create trigger z_new_hs_office_coopassetstransaction_grants_after_insert_tg
after insert on hs_office_membership
create trigger z_new_coopassetstransaction_grants_after_insert_tg
after insert on hs_office.membership
for each row
execute procedure new_hsof_coopassettx_grants_insert_to_hsof_membership_tf();
execute procedure hs_office.new_coopassettx_grants_insert_to_membership_tf();
-- ============================================================================
@ -117,27 +117,27 @@ execute procedure new_hsof_coopassettx_grants_insert_to_hsof_membership_tf();
-- ----------------------------------------------------------------------------
/**
Checks if the user respectively the assumed roles are allowed to insert a row to hs_office_coopassetstransaction.
Checks if the user respectively the assumed roles are allowed to insert a row to hs_office.coopassetstransaction.
*/
create or replace function hs_office_coopassetstransaction_insert_permission_check_tf()
create or replace function hs_office.coopassetstransaction_insert_permission_check_tf()
returns trigger
language plpgsql as $$
declare
superObjectUuid uuid;
begin
-- check INSERT permission via direct foreign key: NEW.membershipUuid
if rbac.hasInsertPermission(NEW.membershipUuid, 'hs_office_coopassetstransaction') then
if rbac.hasInsertPermission(NEW.membershipUuid, 'hs_office.coopassetstransaction') then
return NEW;
end if;
raise exception '[403] insert into hs_office_coopassetstransaction values(%) not allowed for current subjects % (%)',
raise exception '[403] insert into hs_office.coopassetstransaction values(%) not allowed for current subjects % (%)',
NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
end; $$;
create trigger hs_office_coopassetstransaction_insert_permission_check_tg
before insert on hs_office_coopassetstransaction
create trigger coopassetstransaction_insert_permission_check_tg
before insert on hs_office.coopassetstransaction
for each row
execute procedure hs_office_coopassetstransaction_insert_permission_check_tf();
execute procedure hs_office.coopassetstransaction_insert_permission_check_tf();
--//
@ -145,7 +145,7 @@ create trigger hs_office_coopassetstransaction_insert_permission_check_tg
--changeset RbacIdentityViewGenerator:hs-office-coopassetstransaction-rbac-IDENTITY-VIEW endDelimiter:--//
-- ----------------------------------------------------------------------------
call rbac.generateRbacIdentityViewFromProjection('hs_office_coopassetstransaction',
call rbac.generateRbacIdentityViewFromProjection('hs_office.coopassetstransaction',
$idName$
reference
$idName$);
@ -155,7 +155,7 @@ call rbac.generateRbacIdentityViewFromProjection('hs_office_coopassetstransactio
-- ============================================================================
--changeset RbacRestrictedViewGenerator:hs-office-coopassetstransaction-rbac-RESTRICTED-VIEW endDelimiter:--//
-- ----------------------------------------------------------------------------
call rbac.generateRbacRestrictedView('hs_office_coopassetstransaction',
call rbac.generateRbacRestrictedView('hs_office.coopassetstransaction',
$orderBy$
reference
$orderBy$,

26
src/main/resources/db/changelog/5-hs-office/512-coopassets/5126-hs-office-coopassets-migration.sql
View File

@ -7,9 +7,9 @@
--changeset michael.hoennig:hs-office-coopassets-MIGRATION-mapping endDelimiter:--//
-- ----------------------------------------------------------------------------
CREATE TABLE hs_office_coopassetstransaction_legacy_id
CREATE TABLE hs_office.coopassetstransaction_legacy_id
(
uuid uuid NOT NULL REFERENCES hs_office_coopassetstransaction(uuid),
uuid uuid NOT NULL REFERENCES hs_office.coopassetstransaction(uuid),
member_asset_id integer NOT NULL
);
--//
@ -19,10 +19,10 @@ CREATE TABLE hs_office_coopassetstransaction_legacy_id
--changeset michael.hoennig:hs-office-coopassets-MIGRATION-sequence endDelimiter:--//
-- ----------------------------------------------------------------------------
CREATE SEQUENCE IF NOT EXISTS hs_office_coopassetstransaction_legacy_id_seq
CREATE SEQUENCE IF NOT EXISTS hs_office.coopassetstransaction_legacy_id_seq
AS integer
START 1000000000
OWNED BY hs_office_coopassetstransaction_legacy_id.member_asset_id;
OWNED BY hs_office.coopassetstransaction_legacy_id.member_asset_id;
--//
@ -30,9 +30,9 @@ CREATE SEQUENCE IF NOT EXISTS hs_office_coopassetstransaction_legacy_id_seq
--changeset michael.hoennig:hs-office-coopassets-MIGRATION-default endDelimiter:--//
-- ----------------------------------------------------------------------------
ALTER TABLE hs_office_coopassetstransaction_legacy_id
ALTER TABLE hs_office.coopassetstransaction_legacy_id
ALTER COLUMN member_asset_id
SET DEFAULT nextVal('hs_office_coopassetstransaction_legacy_id_seq');
SET DEFAULT nextVal('hs_office.coopassetstransaction_legacy_id_seq');
--/
@ -41,8 +41,8 @@ ALTER TABLE hs_office_coopassetstransaction_legacy_id
-- ----------------------------------------------------------------------------
CALL base.defineContext('schema-migration');
INSERT INTO hs_office_coopassetstransaction_legacy_id(uuid, member_asset_id)
SELECT uuid, nextVal('hs_office_coopassetstransaction_legacy_id_seq') FROM hs_office_coopassetstransaction;
INSERT INTO hs_office.coopassetstransaction_legacy_id(uuid, member_asset_id)
SELECT uuid, nextVal('hs_office.coopassetstransaction_legacy_id_seq') FROM hs_office.coopassetstransaction;
--/
@ -58,14 +58,14 @@ begin
raise exception 'invalid usage of trigger';
end if;
INSERT INTO hs_office_coopassetstransaction_legacy_id VALUES
(NEW.uuid, nextVal('hs_office_coopassetstransaction_legacy_id_seq'));
INSERT INTO hs_office.coopassetstransaction_legacy_id VALUES
(NEW.uuid, nextVal('hs_office.coopassetstransaction_legacy_id_seq'));
return NEW;
end; $$;
create trigger createCoopAssetsLegacyIdMapping
after insert on hs_office_coopassetstransaction
after insert on hs_office.coopassetstransaction
for each row
execute procedure insertCoopAssetsLegacyIdMapping();
--/
@ -83,14 +83,14 @@ begin
raise exception 'invalid usage of trigger';
end if;
DELETE FROM hs_office_coopassetstransaction_legacy_id
DELETE FROM hs_office.coopassetstransaction_legacy_id
WHERE uuid = OLD.uuid;
return OLD;
end; $$;
create trigger removeCoopAssetsLegacyIdMapping
before delete on hs_office_coopassetstransaction
before delete on hs_office.coopassetstransaction
for each row
execute procedure deleteCoopAssetsLegacyIdMapping();
--/

8
src/main/resources/db/changelog/5-hs-office/512-coopassets/5128-hs-office-coopassets-test-data.sql
View File

@ -14,12 +14,12 @@ create or replace procedure createHsOfficeCoopAssetsTransactionTestData(
)
language plpgsql as $$
declare
membership hs_office_membership;
membership hs_office.membership;
lossEntryUuid uuid;
begin
select m.uuid
from hs_office_membership m
join hs_office_partner p on p.uuid = m.partneruuid
from hs_office.membership m
join hs_office.partner p on p.uuid = m.partneruuid
where p.partnerNumber = givenPartnerNumber
and m.memberNumberSuffix = givenMemberNumberSuffix
into membership;
@ -27,7 +27,7 @@ begin
raise notice 'creating test coopAssetsTransaction: %', givenPartnerNumber || givenMemberNumberSuffix;
lossEntryUuid := uuid_generate_v4();
insert
into hs_office_coopassetstransaction(uuid, membershipuuid, transactiontype, valuedate, assetvalue, reference, comment, adjustedAssetTxUuid)
into hs_office.coopassetstransaction(uuid, membershipuuid, transactiontype, valuedate, assetvalue, reference, comment, adjustedAssetTxUuid)
values
(uuid_generate_v4(), membership.uuid, 'DEPOSIT', '2010-03-15', 320.00, 'ref '||givenPartnerNumber || givenMemberNumberSuffix||'-1', 'initial deposit', null),
(uuid_generate_v4(), membership.uuid, 'DISBURSAL', '2021-09-01', -128.00, 'ref '||givenPartnerNumber || givenMemberNumberSuffix||'-2', 'partial disbursal', null),

8
src/main/resources/db/changelog/6-hs-booking/610-booking-debitor/6100-hs-booking-debitor.sql
View File

@ -9,9 +9,9 @@ create view hs_booking_debitor_xv as
debitor.version,
(partner.partnerNumber::varchar || debitor.debitorNumberSuffix)::numeric as debitorNumber,
debitor.defaultPrefix
from hs_office_debitor debitor
from hs_office.debitor debitor
-- RBAC for debitor is sufficient, for faster access we are bypassing RBAC for the join tables
join hs_office_relation debitorRel on debitor.debitorReluUid=debitorRel.uuid
join hs_office_relation partnerRel on partnerRel.holderUuid=debitorRel.anchorUuid
join hs_office_partner partner on partner.partnerReluUid=partnerRel.uuid;
join hs_office.relation debitorRel on debitor.debitorReluUid=debitorRel.uuid
join hs_office.relation partnerRel on partnerRel.holderUuid=debitorRel.anchorUuid
join hs_office.partner partner on partner.partnerReluUid=partnerRel.uuid;
--//

2
src/main/resources/db/changelog/6-hs-booking/620-booking-project/6200-hs-booking-project.sql
View File

@ -8,7 +8,7 @@ create table if not exists hs_booking_project
(
uuid uuid unique references rbac.object (uuid),
version int not null default 0,
debitorUuid uuid not null references hs_office_debitor(uuid),
debitorUuid uuid not null references hs_office.debitor(uuid),
caption varchar(80) not null
);
--//

60
src/main/resources/db/changelog/6-hs-booking/620-booking-project/6203-hs-booking-project-rbac.sql
View File

@ -3,45 +3,45 @@
-- ============================================================================
--changeset michael.hoennig:hs-booking-project-rbac-OBJECT endDelimiter:--//
--changeset RbacObjectGenerator:hs-booking-project-rbac-OBJECT endDelimiter:--//
-- ----------------------------------------------------------------------------
call rbac.generateRelatedRbacObject('hs_booking_project');
--//
-- ============================================================================
--changeset michael.hoennig:hs-booking-project-rbac-ROLE-DESCRIPTORS endDelimiter:--//
--changeset RbacRoleDescriptorsGenerator:hs-booking-project-rbac-ROLE-DESCRIPTORS endDelimiter:--//
-- ----------------------------------------------------------------------------
call rbac.generateRbacRoleDescriptors('hsBookingProject', 'hs_booking_project');
--//
-- ============================================================================
--changeset michael.hoennig:hs-booking-project-rbac-insert-trigger endDelimiter:--//
--changeset RolesGrantsAndPermissionsGenerator:hs-booking-project-rbac-insert-trigger endDelimiter:--//
-- ----------------------------------------------------------------------------
/*
Creates the roles, grants and permission for the AFTER INSERT TRIGGER.
*/
create or replace procedure buildRbacSystemForHsBookingProject(
create or replace procedure hs_booking_project_build_rbac_system(
NEW hs_booking_project
)
language plpgsql as $$
declare
newDebitor hs_office_debitor;
newDebitorRel hs_office_relation;
newDebitor hs_office.debitor;
newDebitorRel hs_office.relation;
begin
call rbac.enterTriggerForObjectUuid(NEW.uuid);
SELECT * FROM hs_office_debitor WHERE uuid = NEW.debitorUuid INTO newDebitor;
SELECT * FROM hs_office.debitor WHERE uuid = NEW.debitorUuid INTO newDebitor;
assert newDebitor.uuid is not null, format('newDebitor must not be null for NEW.debitorUuid = %s', NEW.debitorUuid);
SELECT debitorRel.*
FROM hs_office_relation debitorRel
JOIN hs_office_debitor debitor ON debitor.debitorRelUuid = debitorRel.uuid
FROM hs_office.relation debitorRel
JOIN hs_office.debitor debitor ON debitor.debitorRelUuid = debitorRel.uuid
WHERE debitor.uuid = NEW.debitorUuid
INTO newDebitorRel;
assert newDebitorRel.uuid is not null, format('newDebitorRel must not be null for NEW.debitorUuid = %s', NEW.debitorUuid);
@ -79,38 +79,38 @@ end; $$;
AFTER INSERT TRIGGER to create the role+grant structure for a new hs_booking_project row.
*/
create or replace function insertTriggerForHsBookingProject_tf()
create or replace function hs_booking_project_build_rbac_system_after_insert_tf()
returns trigger
language plpgsql
strict as $$
begin
call buildRbacSystemForHsBookingProject(NEW);
call hs_booking_project_build_rbac_system(NEW);
return NEW;
end; $$;
create trigger insertTriggerForHsBookingProject_tg
create trigger build_rbac_system_after_insert_tg
after insert on hs_booking_project
for each row
execute procedure insertTriggerForHsBookingProject_tf();
execute procedure hs_booking_project_build_rbac_system_after_insert_tf();
--//
-- ============================================================================
--changeset michael.hoennig:hs-booking-project-rbac-GRANTING-INSERT-PERMISSION endDelimiter:--//
--changeset InsertTriggerGenerator:hs-booking-project-rbac-GRANTING-INSERT-PERMISSION endDelimiter:--//
-- ----------------------------------------------------------------------------
-- granting INSERT permission to hs_office_relation ----------------------------
-- granting INSERT permission to hs_office.relation ----------------------------
/*
Grants INSERT INTO hs_booking_project permissions to specified role of pre-existing hs_office_relation rows.
Grants INSERT INTO hs_booking_project permissions to specified role of pre-existing hs_office.relation rows.
*/
do language plpgsql $$
declare
row hs_office_relation;
row hs_office.relation;
begin
call base.defineContext('create INSERT INTO hs_booking_project permissions for pre-exising hs_office_relation rows');
call base.defineContext('create INSERT INTO hs_booking_project permissions for pre-exising hs_office.relation rows');
FOR row IN SELECT * FROM hs_office_relation
FOR row IN SELECT * FROM hs_office.relation
WHERE type = 'DEBITOR'
LOOP
call rbac.grantPermissionToRole(
@ -121,9 +121,9 @@ do language plpgsql $$
$$;
/**
Grants hs_booking_project INSERT permission to specified role of new hs_office_relation rows.
Grants hs_booking_project INSERT permission to specified role of new relation rows.
*/
create or replace function new_hs_booking_project_grants_insert_to_hs_office_relation_tf()
create or replace function new_hsbk_project_grants_insert_to_relation_tf()
returns trigger
language plpgsql
strict as $$
@ -137,14 +137,14 @@ begin
end; $$;
-- z_... is to put it at the end of after insert triggers, to make sure the roles exist
create trigger z_new_hs_booking_project_grants_insert_to_hs_office_relation_tg
after insert on hs_office_relation
create trigger z_new_hs_booking_project_grants_after_insert_tg
after insert on hs_office.relation
for each row
execute procedure new_hs_booking_project_grants_insert_to_hs_office_relation_tf();
execute procedure new_hsbk_project_grants_insert_to_relation_tf();
-- ============================================================================
--changeset michael.hoennig:hs_booking_project-rbac-CHECKING-INSERT-PERMISSION endDelimiter:--//
--changeset InsertTriggerGenerator:hs-booking-project-rbac-CHECKING-INSERT-PERMISSION endDelimiter:--//
-- ----------------------------------------------------------------------------
/**
@ -158,8 +158,8 @@ declare
begin
-- check INSERT permission via indirect foreign key: NEW.debitorUuid
superObjectUuid := (SELECT debitorRel.uuid
FROM hs_office_relation debitorRel
JOIN hs_office_debitor debitor ON debitor.debitorRelUuid = debitorRel.uuid
FROM hs_office.relation debitorRel
JOIN hs_office.debitor debitor ON debitor.debitorRelUuid = debitorRel.uuid
WHERE debitor.uuid = NEW.debitorUuid
);
assert superObjectUuid is not null, 'object uuid fetched depending on hs_booking_project.debitorUuid must not be null, also check fetchSql in RBAC DSL';
@ -179,20 +179,20 @@ create trigger hs_booking_project_insert_permission_check_tg
-- ============================================================================
--changeset michael.hoennig:hs-booking-project-rbac-IDENTITY-VIEW endDelimiter:--//
--changeset RbacIdentityViewGenerator:hs-booking-project-rbac-IDENTITY-VIEW endDelimiter:--//
-- ----------------------------------------------------------------------------
call rbac.generateRbacIdentityViewFromQuery('hs_booking_project',
$idName$
SELECT bookingProject.uuid as uuid, debitorIV.idName || '-' || base.cleanIdentifier(bookingProject.caption) as idName
FROM hs_booking_project bookingProject
JOIN hs_office_debitor_iv debitorIV ON debitorIV.uuid = bookingProject.debitorUuid
JOIN hs_office.debitor_iv debitorIV ON debitorIV.uuid = bookingProject.debitorUuid
$idName$);
--//
-- ============================================================================
--changeset michael.hoennig:hs-booking-project-rbac-RESTRICTED-VIEW endDelimiter:--//
--changeset RbacRestrictedViewGenerator:hs-booking-project-rbac-RESTRICTED-VIEW endDelimiter:--//
-- ----------------------------------------------------------------------------
call rbac.generateRbacRestrictedView('hs_booking_project',
$orderBy$

10
src/main/resources/db/changelog/6-hs-booking/620-booking-project/6208-hs-booking-project-test-data.sql
View File

@ -14,14 +14,14 @@ create or replace procedure createHsBookingProjectTransactionTestData(
)
language plpgsql as $$
declare
relatedDebitor hs_office_debitor;
relatedDebitor hs_office.debitor;
begin
select debitor.* into relatedDebitor
from hs_office_debitor debitor
join hs_office_relation debitorRel on debitorRel.uuid = debitor.debitorRelUuid
join hs_office_relation partnerRel on partnerRel.holderUuid = debitorRel.anchorUuid
join hs_office_partner partner on partner.partnerRelUuid = partnerRel.uuid
from hs_office.debitor debitor
join hs_office.relation debitorRel on debitorRel.uuid = debitor.debitorRelUuid
join hs_office.relation partnerRel on partnerRel.holderUuid = debitorRel.anchorUuid
join hs_office.partner partner on partner.partnerRelUuid = partnerRel.uuid
where partner.partnerNumber = givenPartnerNumber and debitor.debitorNumberSuffix = givenDebitorSuffix;
raise notice 'creating test booking-project: %', givenDebitorSuffix::text;

56
src/main/resources/db/changelog/6-hs-booking/630-booking-item/6303-hs-booking-item-rbac.sql
View File

@ -3,28 +3,28 @@
-- ============================================================================
--changeset michael.hoennig:hs-booking-item-rbac-OBJECT endDelimiter:--//
--changeset RbacObjectGenerator:hs-booking-item-rbac-OBJECT endDelimiter:--//
-- ----------------------------------------------------------------------------
call rbac.generateRelatedRbacObject('hs_booking_item');
--//
-- ============================================================================
--changeset michael.hoennig:hs-booking-item-rbac-ROLE-DESCRIPTORS endDelimiter:--//
--changeset RbacRoleDescriptorsGenerator:hs-booking-item-rbac-ROLE-DESCRIPTORS endDelimiter:--//
-- ----------------------------------------------------------------------------
call rbac.generateRbacRoleDescriptors('hsBookingItem', 'hs_booking_item');
--//
-- ============================================================================
--changeset michael.hoennig:hs-booking-item-rbac-insert-trigger endDelimiter:--//
--changeset RolesGrantsAndPermissionsGenerator:hs-booking-item-rbac-insert-trigger endDelimiter:--//
-- ----------------------------------------------------------------------------
/*
Creates the roles, grants and permission for the AFTER INSERT TRIGGER.
*/
create or replace procedure buildRbacSystemForHsBookingItem(
create or replace procedure hs_booking_item_build_rbac_system(
NEW hs_booking_item
)
language plpgsql as $$
@ -78,34 +78,34 @@ end; $$;
AFTER INSERT TRIGGER to create the role+grant structure for a new hs_booking_item row.
*/
create or replace function insertTriggerForHsBookingItem_tf()
create or replace function hs_booking_item_build_rbac_system_after_insert_tf()
returns trigger
language plpgsql
strict as $$
begin
call buildRbacSystemForHsBookingItem(NEW);
call hs_booking_item_build_rbac_system(NEW);
return NEW;
end; $$;
create trigger insertTriggerForHsBookingItem_tg
create trigger build_rbac_system_after_insert_tg
after insert on hs_booking_item
for each row
execute procedure insertTriggerForHsBookingItem_tf();
execute procedure hs_booking_item_build_rbac_system_after_insert_tf();
--//
-- ============================================================================
--changeset michael.hoennig:hs-booking-item-rbac-GRANTING-INSERT-PERMISSION endDelimiter:--//
--changeset InsertTriggerGenerator:hs-booking-item-rbac-GRANTING-INSERT-PERMISSION endDelimiter:--//
-- ----------------------------------------------------------------------------
-- granting INSERT permission to global ----------------------------
-- granting INSERT permission to rbac.global ----------------------------
/*
Grants INSERT INTO hs_booking_item permissions to specified role of pre-existing global rows.
Grants INSERT INTO hs_booking_item permissions to specified role of pre-existing rbac.global rows.
*/
do language plpgsql $$
declare
row rbac.global%ROWTYPE;
row rbac.global;
begin
call base.defineContext('create INSERT INTO hs_booking_item permissions for pre-exising rbac.global rows');
@ -114,15 +114,15 @@ do language plpgsql $$
LOOP
call rbac.grantPermissionToRole(
rbac.createPermission(row.uuid, 'INSERT', 'hs_booking_item'),
rbac.globalAdmin());
rbac.globalADMIN());
END LOOP;
end;
$$;
/**
Grants hs_booking_item INSERT permission to specified role of new rbac.global rows.
Grants hs_booking_item INSERT permission to specified role of new global rows.
*/
create or replace function new_hs_booking_item_grants_insert_to_global_tf()
create or replace function new_hsbk_item_grants_insert_to_global_tf()
returns trigger
language plpgsql
strict as $$
@ -130,16 +130,16 @@ begin
-- unconditional for all rows in that table
call rbac.grantPermissionToRole(
rbac.createPermission(NEW.uuid, 'INSERT', 'hs_booking_item'),
rbac.globalAdmin());
rbac.globalADMIN());
-- end.
return NEW;
end; $$;
-- z_... is to put it at the end of after insert triggers, to make sure the roles exist
create trigger z_new_hs_booking_item_grants_insert_to_global_tg
create trigger z_new_hs_booking_item_grants_after_insert_tg
after insert on rbac.global
for each row
execute procedure new_hs_booking_item_grants_insert_to_global_tf();
execute procedure new_hsbk_item_grants_insert_to_global_tf();
-- granting INSERT permission to hs_booking_project ----------------------------
@ -165,7 +165,7 @@ $$;
/**
Grants hs_booking_item INSERT permission to specified role of new hs_booking_project rows.
*/
create or replace function new_hs_booking_item_grants_insert_to_hs_booking_project_tf()
create or replace function new_hsbk_item_grants_insert_to_hsbk_project_tf()
returns trigger
language plpgsql
strict as $$
@ -179,10 +179,10 @@ begin
end; $$;
-- z_... is to put it at the end of after insert triggers, to make sure the roles exist
create trigger z_new_hs_booking_item_grants_insert_to_hs_booking_project_tg
create trigger z_new_hs_booking_item_grants_after_insert_tg
after insert on hs_booking_project
for each row
execute procedure new_hs_booking_item_grants_insert_to_hs_booking_project_tf();
execute procedure new_hsbk_item_grants_insert_to_hsbk_project_tf();
-- granting INSERT permission to hs_booking_item ----------------------------
@ -192,7 +192,7 @@ execute procedure new_hs_booking_item_grants_insert_to_hs_booking_project_tf();
/**
Grants hs_booking_item INSERT permission to specified role of new hs_booking_item rows.
*/
create or replace function new_hs_booking_item_grants_insert_to_hs_booking_item_tf()
create or replace function new_hsbk_item_grants_insert_to_hsbk_item_tf()
returns trigger
language plpgsql
strict as $$
@ -206,14 +206,14 @@ begin
end; $$;
-- z_... is to put it at the end of after insert triggers, to make sure the roles exist
create trigger z_new_hs_booking_item_grants_insert_to_hs_booking_item_tg
create trigger z_new_hs_booking_item_grants_after_insert_tg
after insert on hs_booking_item
for each row
execute procedure new_hs_booking_item_grants_insert_to_hs_booking_item_tf();
execute procedure new_hsbk_item_grants_insert_to_hsbk_item_tf();
-- ============================================================================
--changeset michael.hoennig:hs_booking_item-rbac-CHECKING-INSERT-PERMISSION endDelimiter:--//
--changeset InsertTriggerGenerator:hs-booking-item-rbac-CHECKING-INSERT-PERMISSION endDelimiter:--//
-- ----------------------------------------------------------------------------
/**
@ -225,7 +225,7 @@ create or replace function hs_booking_item_insert_permission_check_tf()
declare
superObjectUuid uuid;
begin
-- check INSERT INSERT if rbac.Global ADMIN
-- check INSERT permission if rbac.global ADMIN
if rbac.isGlobalAdmin() then
return NEW;
end if;
@ -250,7 +250,7 @@ create trigger hs_booking_item_insert_permission_check_tg
-- ============================================================================
--changeset michael.hoennig:hs-booking-item-rbac-IDENTITY-VIEW endDelimiter:--//
--changeset RbacIdentityViewGenerator:hs-booking-item-rbac-IDENTITY-VIEW endDelimiter:--//
-- ----------------------------------------------------------------------------
call rbac.generateRbacIdentityViewFromProjection('hs_booking_item',
@ -261,7 +261,7 @@ call rbac.generateRbacIdentityViewFromProjection('hs_booking_item',
-- ============================================================================
--changeset michael.hoennig:hs-booking-item-rbac-RESTRICTED-VIEW endDelimiter:--//
--changeset RbacRestrictedViewGenerator:hs-booking-item-rbac-RESTRICTED-VIEW endDelimiter:--//
-- ----------------------------------------------------------------------------
call rbac.generateRbacRestrictedView('hs_booking_item',
$orderBy$

2
src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7010-hs-hosting-asset.sql
View File

@ -39,7 +39,7 @@ create table if not exists hs_hosting_asset
identifier varchar(80) not null,
caption varchar(80),
config jsonb not null,
alarmContactUuid uuid null references hs_office_contact(uuid) initially deferred,
alarmContactUuid uuid null references hs_office.contact(uuid) initially deferred,
constraint chk_hs_hosting_asset_has_booking_item_or_parent_asset
check (bookingItemUuid is not null or parentAssetUuid is not null or type in ('DOMAIN_SETUP', 'IPV4_NUMBER', 'IPV6_NUMBER'))

44
src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7013-hs-hosting-asset-rbac.sql
View File

@ -3,28 +3,28 @@
-- ============================================================================
--changeset michael.hoennig:hs-hosting-asset-rbac-OBJECT endDelimiter:--//
--changeset RbacObjectGenerator:hs-hosting-asset-rbac-OBJECT endDelimiter:--//
-- ----------------------------------------------------------------------------
call rbac.generateRelatedRbacObject('hs_hosting_asset');
--//
-- ============================================================================
--changeset michael.hoennig:hs-hosting-asset-rbac-ROLE-DESCRIPTORS endDelimiter:--//
--changeset RbacRoleDescriptorsGenerator:hs-hosting-asset-rbac-ROLE-DESCRIPTORS endDelimiter:--//
-- ----------------------------------------------------------------------------
call rbac.generateRbacRoleDescriptors('hsHostingAsset', 'hs_hosting_asset');
--//
-- ============================================================================
--changeset michael.hoennig:hs-hosting-asset-rbac-insert-trigger endDelimiter:--//
--changeset RolesGrantsAndPermissionsGenerator:hs-hosting-asset-rbac-insert-trigger endDelimiter:--//
-- ----------------------------------------------------------------------------
/*
Creates the roles, grants and permission for the AFTER INSERT TRIGGER.
*/
create or replace procedure buildRbacSystemForHsHostingAsset(
create or replace procedure hs_hosting_asset_build_rbac_system(
NEW hs_hosting_asset
)
language plpgsql as $$
@ -32,7 +32,7 @@ create or replace procedure buildRbacSystemForHsHostingAsset(
declare
newBookingItem hs_booking_item;
newAssignedToAsset hs_hosting_asset;
newAlarmContact hs_office_contact;
newAlarmContact hs_office.contact;
newParentAsset hs_hosting_asset;
begin
@ -42,7 +42,7 @@ begin
SELECT * FROM hs_hosting_asset WHERE uuid = NEW.assignedToAssetUuid INTO newAssignedToAsset;
SELECT * FROM hs_office_contact WHERE uuid = NEW.alarmContactUuid INTO newAlarmContact;
SELECT * FROM hs_office.contact WHERE uuid = NEW.alarmContactUuid INTO newAlarmContact;
SELECT * FROM hs_hosting_asset WHERE uuid = NEW.parentAssetUuid INTO newParentAsset;
@ -50,9 +50,9 @@ begin
hsHostingAssetOWNER(NEW),
permissions => array['DELETE'],
incomingSuperRoles => array[
rbac.globalADMIN(rbac.unassumed()),
hsBookingItemADMIN(newBookingItem),
hsHostingAssetADMIN(newParentAsset)],
hsHostingAssetADMIN(newParentAsset),
rbac.globalADMIN(rbac.unassumed())],
subjectUuids => array[rbac.currentSubjectUuid()]
);
@ -96,31 +96,31 @@ end; $$;
AFTER INSERT TRIGGER to create the role+grant structure for a new hs_hosting_asset row.
*/
create or replace function insertTriggerForHsHostingAsset_tf()
create or replace function hs_hosting_asset_build_rbac_system_after_insert_tf()
returns trigger
language plpgsql
strict as $$
begin
call buildRbacSystemForHsHostingAsset(NEW);
call hs_hosting_asset_build_rbac_system(NEW);
return NEW;
end; $$;
create trigger insertTriggerForHsHostingAsset_tg
create trigger build_rbac_system_after_insert_tg
after insert on hs_hosting_asset
for each row
execute procedure insertTriggerForHsHostingAsset_tf();
execute procedure hs_hosting_asset_build_rbac_system_after_insert_tf();
--//
-- ============================================================================
--changeset michael.hoennig:hs-hosting-asset-rbac-update-trigger endDelimiter:--//
--changeset RolesGrantsAndPermissionsGenerator:hs-hosting-asset-rbac-update-trigger endDelimiter:--//
-- ----------------------------------------------------------------------------
/*
Called from the AFTER UPDATE TRIGGER to re-wire the grants.
*/
create or replace procedure updateRbacRulesForHsHostingAsset(
create or replace procedure hs_hosting_asset_update_rbac_system(
OLD hs_hosting_asset,
NEW hs_hosting_asset
)
@ -130,32 +130,32 @@ begin
if NEW.assignedToAssetUuid is distinct from OLD.assignedToAssetUuid
or NEW.alarmContactUuid is distinct from OLD.alarmContactUuid then
delete from rbac.grants g where g.grantedbytriggerof = OLD.uuid;
call buildRbacSystemForHsHostingAsset(NEW);
call hs_hosting_asset_build_rbac_system(NEW);
end if;
end; $$;
/*
AFTER INSERT TRIGGER to re-wire the grant structure for a new hs_hosting_asset row.
AFTER UPDATE TRIGGER to re-wire the grant structure for a new hs_hosting_asset row.
*/
create or replace function updateTriggerForHsHostingAsset_tf()
create or replace function hs_hosting_asset_update_rbac_system_after_update_tf()
returns trigger
language plpgsql
strict as $$
begin
call updateRbacRulesForHsHostingAsset(OLD, NEW);
call hs_hosting_asset_update_rbac_system(OLD, NEW);
return NEW;
end; $$;
create trigger updateTriggerForHsHostingAsset_tg
create trigger update_rbac_system_after_update_tg
after update on hs_hosting_asset
for each row
execute procedure updateTriggerForHsHostingAsset_tf();
execute procedure hs_hosting_asset_update_rbac_system_after_update_tf();
--//
-- ============================================================================
--changeset michael.hoennig:hs-hosting-asset-rbac-IDENTITY-VIEW endDelimiter:--//
--changeset RbacIdentityViewGenerator:hs-hosting-asset-rbac-IDENTITY-VIEW endDelimiter:--//
-- ----------------------------------------------------------------------------
call rbac.generateRbacIdentityViewFromProjection('hs_hosting_asset',
@ -166,7 +166,7 @@ call rbac.generateRbacIdentityViewFromProjection('hs_hosting_asset',
-- ============================================================================
--changeset michael.hoennig:hs-hosting-asset-rbac-RESTRICTED-VIEW endDelimiter:--//
--changeset RbacRestrictedViewGenerator:hs-hosting-asset-rbac-RESTRICTED-VIEW endDelimiter:--//
-- ----------------------------------------------------------------------------
call rbac.generateRbacRestrictedView('hs_hosting_asset',
$orderBy$

4
src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7018-hs-hosting-asset-test-data.sql
View File

@ -12,7 +12,7 @@ create or replace procedure createHsHostingAssetTestData(givenProjectCaption var
language plpgsql as $$
declare
relatedProject hs_booking_project;
relatedDebitor hs_office_debitor;
relatedDebitor hs_office.debitor;
privateCloudBI hs_booking_item;
managedServerBI hs_booking_item;
cloudServerBI hs_booking_item;
@ -38,7 +38,7 @@ begin
assert relatedProject.uuid is not null, 'relatedProject for "' || givenProjectCaption || '" must not be null';
select debitor.* into relatedDebitor
from hs_office_debitor debitor
from hs_office.debitor debitor
where debitor.uuid = relatedProject.debitorUuid;
assert relatedDebitor.uuid is not null, 'relatedDebitor for "' || givenProjectCaption || '" must not be null';

2
src/main/resources/db/changelog/db.changelog-master.yaml
View File

@ -69,6 +69,8 @@ databaseChangeLog:
file: db/changelog/2-rbactest/203-rbactest-domain/2033-rbactest-domain-rbac.sql
- include:
file: db/changelog/2-rbactest/203-rbactest-domain/2038-rbactest-domain-test-data.sql
- include:
file: db/changelog/5-hs-office/500-hs-office-schema.sql
- include:
file: db/changelog/5-hs-office/501-contact/5010-hs-office-contact.sql
- include:

4
src/test/java/net/hostsharing/hsadminng/hs/booking/project/HsBookingProjectRepositoryIntegrationTest.java
View File

@ -135,7 +135,7 @@ class HsBookingProjectRepositoryIntegrationTest extends ContextBasedTestWithClea
context("superuser-alex@hostsharing.net");
final var initialRoleNames = distinctRoleNamesOf(rawRoleRepo.findAll());
final var initialGrantNames = distinctGrantDisplaysOf(rawGrantRepo.findAll()).stream()
.map(s -> s.replace("hs_office_", ""))
.map(s -> s.replace("hs_office.", ""))
.toList();
// when
@ -157,7 +157,7 @@ class HsBookingProjectRepositoryIntegrationTest extends ContextBasedTestWithClea
"hs_booking_project#D-1000111-somenewbookingproject:OWNER",
"hs_booking_project#D-1000111-somenewbookingproject:TENANT"));
assertThat(distinctGrantDisplaysOf(rawGrantRepo.findAll()))
.map(s -> s.replace("hs_office_", ""))
.map(s -> s.replace("hs_office.", ""))
.containsExactlyInAnyOrder(fromFormatted(
initialGrantNames,

14
src/test/java/net/hostsharing/hsadminng/hs/migration/BaseOfficeDataImport.java
View File

@ -112,7 +112,7 @@ public abstract class BaseOfficeDataImport extends CsvDataImport {
@Order(1)
void verifyInitialDatabase() {
// SQL DELETE for thousands of records takes too long, so we make sure, we only start with initial or test data
final var contactCount = (Integer) em.createNativeQuery("select count(*) from hs_office_contact", Integer.class)
final var contactCount = (Integer) em.createNativeQuery("select count(*) from hs_office.contact", Integer.class)
.getSingleResult();
assertThat(contactCount).isLessThan(20);
}
@ -614,7 +614,7 @@ public abstract class BaseOfficeDataImport extends CsvDataImport {
jpaAttempt.transacted(() -> {
context(rbacSuperuser);
contacts.forEach(this::persist);
updateLegacyIds(contacts, "hs_office_contact_legacy_id", "contact_id");
updateLegacyIds(contacts, "hs_office.contact_legacy_id", "contact_id");
}).assertSuccessful();
jpaAttempt.transacted(() -> {
@ -640,7 +640,7 @@ public abstract class BaseOfficeDataImport extends CsvDataImport {
partner.setPartnerRel(em.merge(partner.getPartnerRel()));
em.persist(partner);
});
updateLegacyIds(partners, "hs_office_partner_legacy_id", "bp_id");
updateLegacyIds(partners, "hs_office.partner_legacy_id", "bp_id");
}).assertSuccessful();
jpaAttempt.transacted(() -> {
@ -664,20 +664,20 @@ public abstract class BaseOfficeDataImport extends CsvDataImport {
jpaAttempt.transacted(() -> {
context(rbacSuperuser);
sepaMandates.forEach(this::persist);
updateLegacyIds(sepaMandates, "hs_office_sepamandate_legacy_id", "sepa_mandate_id");
updateLegacyIds(sepaMandates, "hs_office.sepamandate_legacy_id", "sepa_mandate_id");
}).assertSuccessful();
jpaAttempt.transacted(() -> {
context(rbacSuperuser);
coopShares.forEach(this::persist);
updateLegacyIds(coopShares, "hs_office_coopsharestransaction_legacy_id", "member_share_id");
updateLegacyIds(coopShares, "hs_office.coopsharestransaction_legacy_id", "member_share_id");
}).assertSuccessful();
jpaAttempt.transacted(() -> {
context(rbacSuperuser);
coopAssets.forEach(this::persist);
updateLegacyIds(coopAssets, "hs_office_coopassetstransaction_legacy_id", "member_asset_id");
updateLegacyIds(coopAssets, "hs_office.coopassetstransaction_legacy_id", "member_asset_id");
}).assertSuccessful();
}
@ -685,7 +685,7 @@ public abstract class BaseOfficeDataImport extends CsvDataImport {
@Test
@Order(9190)
void verifyMembershipsActuallyPersisted() {
final var biCount = (Integer) em.createNativeQuery("select count(*) from hs_office_membership", Integer.class)
final var biCount = (Integer) em.createNativeQuery("select count(*) from hs_office.membership", Integer.class)
.getSingleResult();
assertThat(biCount).isGreaterThan(isImportingControlledTestData() ? 5 : 300);
}

38
src/test/java/net/hostsharing/hsadminng/hs/migration/CsvDataImport.java
View File

@ -254,34 +254,34 @@ public class CsvDataImport extends ContextBasedTest {
em.createNativeQuery("delete from hs_booking_item_ex where true").executeUpdate();
em.createNativeQuery("delete from hs_booking_project where true").executeUpdate();
em.createNativeQuery("delete from hs_booking_project_ex where true").executeUpdate();
em.createNativeQuery("delete from hs_office_coopassetstransaction where true").executeUpdate();
em.createNativeQuery("delete from hs_office_coopassetstransaction_legacy_id where true").executeUpdate();
em.createNativeQuery("delete from hs_office_coopsharestransaction where true").executeUpdate();
em.createNativeQuery("delete from hs_office_coopsharestransaction_legacy_id where true").executeUpdate();
em.createNativeQuery("delete from hs_office_membership where true").executeUpdate();
em.createNativeQuery("delete from hs_office_sepamandate where true").executeUpdate();
em.createNativeQuery("delete from hs_office_sepamandate_legacy_id where true").executeUpdate();
em.createNativeQuery("delete from hs_office_debitor where true").executeUpdate();
em.createNativeQuery("delete from hs_office_bankaccount where true").executeUpdate();
em.createNativeQuery("delete from hs_office_partner where true").executeUpdate();
em.createNativeQuery("delete from hs_office_partner_details where true").executeUpdate();
em.createNativeQuery("delete from hs_office_relation where true").executeUpdate();
em.createNativeQuery("delete from hs_office_contact where true").executeUpdate();
em.createNativeQuery("delete from hs_office_person where true").executeUpdate();
em.createNativeQuery("delete from hs_office.coopassetstransaction where true").executeUpdate();
em.createNativeQuery("delete from hs_office.coopassetstransaction_legacy_id where true").executeUpdate();
em.createNativeQuery("delete from hs_office.coopsharestransaction where true").executeUpdate();
em.createNativeQuery("delete from hs_office.coopsharestransaction_legacy_id where true").executeUpdate();
em.createNativeQuery("delete from hs_office.membership where true").executeUpdate();
em.createNativeQuery("delete from hs_office.sepamandate where true").executeUpdate();
em.createNativeQuery("delete from hs_office.sepamandate_legacy_id where true").executeUpdate();
em.createNativeQuery("delete from hs_office.debitor where true").executeUpdate();
em.createNativeQuery("delete from hs_office.bankaccount where true").executeUpdate();
em.createNativeQuery("delete from hs_office.partner where true").executeUpdate();
em.createNativeQuery("delete from hs_office.partner_details where true").executeUpdate();
em.createNativeQuery("delete from hs_office.relation where true").executeUpdate();
em.createNativeQuery("delete from hs_office.contact where true").executeUpdate();
em.createNativeQuery("delete from hs_office.person where true").executeUpdate();
}).assertSuccessful();
}
protected void resetHsOfficeSequences() {
jpaAttempt.transacted(() -> {
context(rbacSuperuser);
em.createNativeQuery("alter sequence hs_office_contact_legacy_id_seq restart with 1000000000;").executeUpdate();
em.createNativeQuery("alter sequence hs_office_coopassetstransaction_legacy_id_seq restart with 1000000000;")
em.createNativeQuery("alter sequence hs_office.contact_legacy_id_seq restart with 1000000000;").executeUpdate();
em.createNativeQuery("alter sequence hs_office.coopassetstransaction_legacy_id_seq restart with 1000000000;")
.executeUpdate();
em.createNativeQuery("alter sequence public.hs_office_coopsharestransaction_legacy_id_seq restart with 1000000000;")
em.createNativeQuery("alter sequence public.hs_office.coopsharestransaction_legacy_id_seq restart with 1000000000;")
.executeUpdate();
em.createNativeQuery("alter sequence public.hs_office_partner_legacy_id_seq restart with 1000000000;")
em.createNativeQuery("alter sequence public.hs_office.partner_legacy_id_seq restart with 1000000000;")
.executeUpdate();
em.createNativeQuery("alter sequence public.hs_office_sepamandate_legacy_id_seq restart with 1000000000;")
em.createNativeQuery("alter sequence public.hs_office.sepamandate_legacy_id_seq restart with 1000000000;")
.executeUpdate();
});
}

28
src/test/java/net/hostsharing/hsadminng/hs/office/bankaccount/HsOfficeBankAccountRepositoryIntegrationTest.java
View File

@ -102,21 +102,21 @@ class HsOfficeBankAccountRepositoryIntegrationTest extends ContextBasedTestWithC
final var roles = rawRoleRepo.findAll();
assertThat(distinctRoleNamesOf(roles)).containsExactlyInAnyOrder(Array.from(
initialRoleNames,
"hs_office_bankaccount#DE25500105176934832579:OWNER",
"hs_office_bankaccount#DE25500105176934832579:ADMIN",
"hs_office_bankaccount#DE25500105176934832579:REFERRER"
"hs_office.bankaccount#DE25500105176934832579:OWNER",
"hs_office.bankaccount#DE25500105176934832579:ADMIN",
"hs_office.bankaccount#DE25500105176934832579:REFERRER"
));
assertThat(distinctGrantDisplaysOf(rawGrantRepo.findAll())).containsExactlyInAnyOrder(Array.fromFormatted(
initialGrantNames,
"{ grant perm:hs_office_bankaccount#DE25500105176934832579:DELETE to role:hs_office_bankaccount#DE25500105176934832579:OWNER by system and assume }",
"{ grant role:hs_office_bankaccount#DE25500105176934832579:OWNER to role:rbac.global#global:ADMIN by system and assume }",
"{ grant role:hs_office_bankaccount#DE25500105176934832579:OWNER to user:selfregistered-user-drew@hostsharing.org by hs_office_bankaccount#DE25500105176934832579:OWNER and assume }",
"{ grant perm:hs_office.bankaccount#DE25500105176934832579:DELETE to role:hs_office.bankaccount#DE25500105176934832579:OWNER by system and assume }",
"{ grant role:hs_office.bankaccount#DE25500105176934832579:OWNER to role:rbac.global#global:ADMIN by system and assume }",
"{ grant role:hs_office.bankaccount#DE25500105176934832579:OWNER to user:selfregistered-user-drew@hostsharing.org by hs_office.bankaccount#DE25500105176934832579:OWNER and assume }",
"{ grant role:hs_office_bankaccount#DE25500105176934832579:ADMIN to role:hs_office_bankaccount#DE25500105176934832579:OWNER by system and assume }",
"{ grant perm:hs_office_bankaccount#DE25500105176934832579:UPDATE to role:hs_office_bankaccount#DE25500105176934832579:ADMIN by system and assume }",
"{ grant role:hs_office.bankaccount#DE25500105176934832579:ADMIN to role:hs_office.bankaccount#DE25500105176934832579:OWNER by system and assume }",
"{ grant perm:hs_office.bankaccount#DE25500105176934832579:UPDATE to role:hs_office.bankaccount#DE25500105176934832579:ADMIN by system and assume }",
"{ grant perm:hs_office_bankaccount#DE25500105176934832579:SELECT to role:hs_office_bankaccount#DE25500105176934832579:REFERRER by system and assume }",
"{ grant role:hs_office_bankaccount#DE25500105176934832579:REFERRER to role:hs_office_bankaccount#DE25500105176934832579:ADMIN by system and assume }",
"{ grant perm:hs_office.bankaccount#DE25500105176934832579:SELECT to role:hs_office.bankaccount#DE25500105176934832579:REFERRER by system and assume }",
"{ grant role:hs_office.bankaccount#DE25500105176934832579:REFERRER to role:hs_office.bankaccount#DE25500105176934832579:ADMIN by system and assume }",
null
));
}
@ -273,7 +273,7 @@ class HsOfficeBankAccountRepositoryIntegrationTest extends ContextBasedTestWithC
final var query = em.createNativeQuery("""
select currentTask, targetTable, targetOp, targetdelta->>'iban'
from base.tx_journal_v
where targettable = 'hs_office_bankaccount';
where targettable = 'hs_office.bankaccount';
""");
// when
@ -281,9 +281,9 @@ class HsOfficeBankAccountRepositoryIntegrationTest extends ContextBasedTestWithC
// then
assertThat(customerLogEntries).map(Arrays::toString).contains(
"[creating bankaccount test-data, hs_office_bankaccount, INSERT, DE02120300000000202051]",
"[creating bankaccount test-data, hs_office_bankaccount, INSERT, DE02500105170137075030]",
"[creating bankaccount test-data, hs_office_bankaccount, INSERT, DE02100500000054540402]");
"[creating bankaccount test-data, hs_office.bankaccount, INSERT, DE02120300000000202051]",
"[creating bankaccount test-data, hs_office.bankaccount, INSERT, DE02500105170137075030]",
"[creating bankaccount test-data, hs_office.bankaccount, INSERT, DE02100500000054540402]");
}
private HsOfficeBankAccountEntity givenSomeTemporaryBankAccount(final String createdByUser) {

30
src/test/java/net/hostsharing/hsadminng/hs/office/contact/HsOfficeContactRbacRepositoryIntegrationTest.java
View File

@ -103,20 +103,20 @@ class HsOfficeContactRbacRepositoryIntegrationTest extends ContextBasedTestWithC
final var roles = rawRoleRepo.findAll();
assertThat(distinctRoleNamesOf(roles)).containsExactlyInAnyOrder(Array.from(
initialRoleNames,
"hs_office_contact#anothernewcontact:OWNER",
"hs_office_contact#anothernewcontact:ADMIN",
"hs_office_contact#anothernewcontact:REFERRER"
"hs_office.contact#anothernewcontact:OWNER",
"hs_office.contact#anothernewcontact:ADMIN",
"hs_office.contact#anothernewcontact:REFERRER"
));
assertThat(distinctGrantDisplaysOf(rawGrantRepo.findAll())).containsExactlyInAnyOrder(Array.fromFormatted(
initialGrantNames,
"{ grant role:hs_office_contact#anothernewcontact:OWNER to role:rbac.global#global:ADMIN by system and assume }",
"{ grant perm:hs_office_contact#anothernewcontact:UPDATE to role:hs_office_contact#anothernewcontact:ADMIN by system and assume }",
"{ grant role:hs_office_contact#anothernewcontact:OWNER to user:selfregistered-user-drew@hostsharing.org by hs_office_contact#anothernewcontact:OWNER and assume }",
"{ grant perm:hs_office_contact#anothernewcontact:DELETE to role:hs_office_contact#anothernewcontact:OWNER by system and assume }",
"{ grant role:hs_office_contact#anothernewcontact:ADMIN to role:hs_office_contact#anothernewcontact:OWNER by system and assume }",
"{ grant role:hs_office.contact#anothernewcontact:OWNER to role:rbac.global#global:ADMIN by system and assume }",
"{ grant perm:hs_office.contact#anothernewcontact:UPDATE to role:hs_office.contact#anothernewcontact:ADMIN by system and assume }",
"{ grant role:hs_office.contact#anothernewcontact:OWNER to user:selfregistered-user-drew@hostsharing.org by hs_office.contact#anothernewcontact:OWNER and assume }",
"{ grant perm:hs_office.contact#anothernewcontact:DELETE to role:hs_office.contact#anothernewcontact:OWNER by system and assume }",
"{ grant role:hs_office.contact#anothernewcontact:ADMIN to role:hs_office.contact#anothernewcontact:OWNER by system and assume }",
"{ grant perm:hs_office_contact#anothernewcontact:SELECT to role:hs_office_contact#anothernewcontact:REFERRER by system and assume }",
"{ grant role:hs_office_contact#anothernewcontact:REFERRER to role:hs_office_contact#anothernewcontact:ADMIN by system and assume }"
"{ grant perm:hs_office.contact#anothernewcontact:SELECT to role:hs_office.contact#anothernewcontact:REFERRER by system and assume }",
"{ grant role:hs_office.contact#anothernewcontact:REFERRER to role:hs_office.contact#anothernewcontact:ADMIN by system and assume }"
));
}
@ -258,17 +258,17 @@ class HsOfficeContactRbacRepositoryIntegrationTest extends ContextBasedTestWithC
final var query = em.createNativeQuery("""
select currentTask, targetTable, targetOp, targetdelta->>'caption'
from base.tx_journal_v
where targettable = 'hs_office_contact';
""");
where targettable = 'hs_office.contact';
""");
// when
@SuppressWarnings("unchecked") final List<Object[]> customerLogEntries = query.getResultList();
// then
assertThat(customerLogEntries).map(Arrays::toString).contains(
"[creating contact test-data, hs_office_contact, INSERT, first contact]",
"[creating contact test-data, hs_office_contact, INSERT, second contact]",
"[creating contact test-data, hs_office_contact, INSERT, third contact]");
"[creating contact test-data, hs_office.contact, INSERT, first contact]",
"[creating contact test-data, hs_office.contact, INSERT, second contact]",
"[creating contact test-data, hs_office.contact, INSERT, third contact]");
}
private HsOfficeContactRbacEntity givenSomeTemporaryContact(

4
src/test/java/net/hostsharing/hsadminng/hs/office/coopassets/HsOfficeCoopAssetsTransactionControllerAcceptanceTest.java
View File

@ -391,9 +391,9 @@ class HsOfficeCoopAssetsTransactionControllerAcceptanceTest extends ContextBased
void cleanup() {
jpaAttempt.transacted(() -> {
context.define("superuser-alex@hostsharing.net", null);
// HsOfficeCoopAssetsTransactionEntity respectively hs_office_coopassetstransaction_rv
// HsOfficeCoopAssetsTransactionEntity respectively hs_office.coopassetstransaction_rv
// cannot be deleted at all, but the underlying table record can be deleted.
em.createNativeQuery("delete from hs_office_coopassetstransaction where reference like 'temp %'")
em.createNativeQuery("delete from hs_office.coopassetstransaction where reference like 'temp %'")
.executeUpdate();
}).assertSuccessful();
}

32
src/test/java/net/hostsharing/hsadminng/hs/office/coopassets/HsOfficeCoopAssetsTransactionRepositoryIntegrationTest.java
View File

@ -89,7 +89,7 @@ class HsOfficeCoopAssetsTransactionRepositoryIntegrationTest extends ContextBase
context("superuser-alex@hostsharing.net");
final var initialRoleNames = distinctRoleNamesOf(rawRoleRepo.findAll());
final var initialGrantNames = distinctGrantDisplaysOf(rawGrantRepo.findAll()).stream()
.map(s -> s.replace("hs_office_", ""))
.map(s -> s.replace("hs_office.", ""))
.toList();
// when
@ -109,7 +109,7 @@ class HsOfficeCoopAssetsTransactionRepositoryIntegrationTest extends ContextBase
final var all = rawRoleRepo.findAll();
assertThat(distinctRoleNamesOf(all)).containsExactlyInAnyOrder(Array.from(initialRoleNames)); // no new roles created
assertThat(distinctGrantDisplaysOf(rawGrantRepo.findAll()))
.map(s -> s.replace("hs_office_", ""))
.map(s -> s.replace("hs_office.", ""))
.containsExactlyInAnyOrder(Array.fromFormatted(
initialGrantNames,
"{ grant perm:coopassetstransaction#temprefB:SELECT to role:membership#M-1000101:AGENT by system and assume }",
@ -198,7 +198,7 @@ class HsOfficeCoopAssetsTransactionRepositoryIntegrationTest extends ContextBase
@Test
public void partnerPersonAdmin_canViewRelatedCoopAssetsTransactions() {
// given:
context("superuser-alex@hostsharing.net", "hs_office_person#FirstGmbH:ADMIN");
context("superuser-alex@hostsharing.net", "hs_office.person#FirstGmbH:ADMIN");
// when:
final var result = coopAssetsTransactionRepo.findCoopAssetsTransactionByOptionalMembershipUuidAndDateRange(
@ -222,7 +222,7 @@ class HsOfficeCoopAssetsTransactionRepositoryIntegrationTest extends ContextBase
final var query = em.createNativeQuery("""
select currentTask, targetTable, targetOp, targetdelta->>'reference'
from base.tx_journal_v
where targettable = 'hs_office_coopassetstransaction';
where targettable = 'hs_office.coopassetstransaction';
""");
// when
@ -230,18 +230,18 @@ class HsOfficeCoopAssetsTransactionRepositoryIntegrationTest extends ContextBase
// then
assertThat(customerLogEntries).map(Arrays::toString).contains(
"[creating coopAssetsTransaction test-data, hs_office_coopassetstransaction, INSERT, ref 1000101-1]",
"[creating coopAssetsTransaction test-data, hs_office_coopassetstransaction, INSERT, ref 1000101-2]",
"[creating coopAssetsTransaction test-data, hs_office_coopassetstransaction, INSERT, ref 1000101-3]",
"[creating coopAssetsTransaction test-data, hs_office_coopassetstransaction, INSERT, ref 1000101-3]",
"[creating coopAssetsTransaction test-data, hs_office_coopassetstransaction, INSERT, ref 1000202-1]",
"[creating coopAssetsTransaction test-data, hs_office_coopassetstransaction, INSERT, ref 1000202-2]",
"[creating coopAssetsTransaction test-data, hs_office_coopassetstransaction, INSERT, ref 1000202-3]",
"[creating coopAssetsTransaction test-data, hs_office_coopassetstransaction, INSERT, ref 1000202-3]",
"[creating coopAssetsTransaction test-data, hs_office_coopassetstransaction, INSERT, ref 1000303-1]",
"[creating coopAssetsTransaction test-data, hs_office_coopassetstransaction, INSERT, ref 1000303-2]",
"[creating coopAssetsTransaction test-data, hs_office_coopassetstransaction, INSERT, ref 1000303-3]",
"[creating coopAssetsTransaction test-data, hs_office_coopassetstransaction, INSERT, ref 1000303-3]");
"[creating coopAssetsTransaction test-data, hs_office.coopassetstransaction, INSERT, ref 1000101-1]",
"[creating coopAssetsTransaction test-data, hs_office.coopassetstransaction, INSERT, ref 1000101-2]",
"[creating coopAssetsTransaction test-data, hs_office.coopassetstransaction, INSERT, ref 1000101-3]",
"[creating coopAssetsTransaction test-data, hs_office.coopassetstransaction, INSERT, ref 1000101-3]",
"[creating coopAssetsTransaction test-data, hs_office.coopassetstransaction, INSERT, ref 1000202-1]",
"[creating coopAssetsTransaction test-data, hs_office.coopassetstransaction, INSERT, ref 1000202-2]",
"[creating coopAssetsTransaction test-data, hs_office.coopassetstransaction, INSERT, ref 1000202-3]",
"[creating coopAssetsTransaction test-data, hs_office.coopassetstransaction, INSERT, ref 1000202-3]",
"[creating coopAssetsTransaction test-data, hs_office.coopassetstransaction, INSERT, ref 1000303-1]",
"[creating coopAssetsTransaction test-data, hs_office.coopassetstransaction, INSERT, ref 1000303-2]",
"[creating coopAssetsTransaction test-data, hs_office.coopassetstransaction, INSERT, ref 1000303-3]",
"[creating coopAssetsTransaction test-data, hs_office.coopassetstransaction, INSERT, ref 1000303-3]");
}
@BeforeEach

4
src/test/java/net/hostsharing/hsadminng/hs/office/coopshares/HsOfficeCoopSharesTransactionControllerAcceptanceTest.java
View File

@ -55,9 +55,9 @@ class HsOfficeCoopSharesTransactionControllerAcceptanceTest extends ContextBased
void cleanup() {
jpaAttempt.transacted(() -> {
context.define("superuser-alex@hostsharing.net", null);
// HsOfficeCoopSharesTransactionEntity respectively hs_office_coopsharestransaction_rv
// HsOfficeCoopSharesTransactionEntity respectively hs_office.coopsharestransaction_rv
// cannot be deleted at all, but the underlying table record can be deleted.
em.createNativeQuery("delete from hs_office_coopsharestransaction where reference like 'temp %'").executeUpdate();
em.createNativeQuery("delete from hs_office.coopsharestransaction where reference like 'temp %'").executeUpdate();
}).assertSuccessful();
}

32
src/test/java/net/hostsharing/hsadminng/hs/office/coopshares/HsOfficeCoopSharesTransactionRepositoryIntegrationTest.java
View File

@ -88,7 +88,7 @@ class HsOfficeCoopSharesTransactionRepositoryIntegrationTest extends ContextBase
context("superuser-alex@hostsharing.net");
final var initialRoleNames = distinctRoleNamesOf(rawRoleRepo.findAll());
final var initialGrantNames = distinctGrantDisplaysOf(rawGrantRepo.findAll()).stream()
.map(s -> s.replace("hs_office_", ""))
.map(s -> s.replace("hs_office.", ""))
.toList();
// when
@ -108,7 +108,7 @@ class HsOfficeCoopSharesTransactionRepositoryIntegrationTest extends ContextBase
final var all = rawRoleRepo.findAll();
assertThat(distinctRoleNamesOf(all)).containsExactlyInAnyOrder(Array.from(initialRoleNames)); // no new roles created
assertThat(distinctGrantDisplaysOf(rawGrantRepo.findAll()))
.map(s -> s.replace("hs_office_", ""))
.map(s -> s.replace("hs_office.", ""))
.containsExactlyInAnyOrder(Array.fromFormatted(
initialGrantNames,
"{ grant perm:coopsharestransaction#temprefB:SELECT to role:membership#M-1000101:AGENT by system and assume }",
@ -197,7 +197,7 @@ class HsOfficeCoopSharesTransactionRepositoryIntegrationTest extends ContextBase
@Test
public void normalUser_canViewOnlyRelatedCoopSharesTransactions() {
// given:
context("superuser-alex@hostsharing.net", "hs_office_membership#M-1000101:ADMIN");
context("superuser-alex@hostsharing.net", "hs_office.membership#M-1000101:ADMIN");
// when:
final var result = coopSharesTransactionRepo.findCoopSharesTransactionByOptionalMembershipUuidAndDateRange(
@ -221,7 +221,7 @@ class HsOfficeCoopSharesTransactionRepositoryIntegrationTest extends ContextBase
final var query = em.createNativeQuery("""
select currentTask, targetTable, targetOp, targetdelta->>'reference'
from base.tx_journal_v
where targettable = 'hs_office_coopsharestransaction';
where targettable = 'hs_office.coopsharestransaction';
""");
// when
@ -229,18 +229,18 @@ class HsOfficeCoopSharesTransactionRepositoryIntegrationTest extends ContextBase
// then
assertThat(customerLogEntries).map(Arrays::toString).contains(
"[creating coopSharesTransaction test-data, hs_office_coopsharestransaction, INSERT, ref 1000101-1]",
"[creating coopSharesTransaction test-data, hs_office_coopsharestransaction, INSERT, ref 1000101-2]",
"[creating coopSharesTransaction test-data, hs_office_coopsharestransaction, INSERT, ref 1000101-3]",
"[creating coopSharesTransaction test-data, hs_office_coopsharestransaction, INSERT, ref 1000101-4]",
"[creating coopSharesTransaction test-data, hs_office_coopsharestransaction, INSERT, ref 1000202-1]",
"[creating coopSharesTransaction test-data, hs_office_coopsharestransaction, INSERT, ref 1000202-2]",
"[creating coopSharesTransaction test-data, hs_office_coopsharestransaction, INSERT, ref 1000202-3]",
"[creating coopSharesTransaction test-data, hs_office_coopsharestransaction, INSERT, ref 1000202-4]",
"[creating coopSharesTransaction test-data, hs_office_coopsharestransaction, INSERT, ref 1000303-1]",
"[creating coopSharesTransaction test-data, hs_office_coopsharestransaction, INSERT, ref 1000303-2]",
"[creating coopSharesTransaction test-data, hs_office_coopsharestransaction, INSERT, ref 1000303-3]",
"[creating coopSharesTransaction test-data, hs_office_coopsharestransaction, INSERT, ref 1000303-4]");
"[creating coopSharesTransaction test-data, hs_office.coopsharestransaction, INSERT, ref 1000101-1]",
"[creating coopSharesTransaction test-data, hs_office.coopsharestransaction, INSERT, ref 1000101-2]",
"[creating coopSharesTransaction test-data, hs_office.coopsharestransaction, INSERT, ref 1000101-3]",
"[creating coopSharesTransaction test-data, hs_office.coopsharestransaction, INSERT, ref 1000101-4]",
"[creating coopSharesTransaction test-data, hs_office.coopsharestransaction, INSERT, ref 1000202-1]",
"[creating coopSharesTransaction test-data, hs_office.coopsharestransaction, INSERT, ref 1000202-2]",
"[creating coopSharesTransaction test-data, hs_office.coopsharestransaction, INSERT, ref 1000202-3]",
"[creating coopSharesTransaction test-data, hs_office.coopsharestransaction, INSERT, ref 1000202-4]",
"[creating coopSharesTransaction test-data, hs_office.coopsharestransaction, INSERT, ref 1000303-1]",
"[creating coopSharesTransaction test-data, hs_office.coopsharestransaction, INSERT, ref 1000303-2]",
"[creating coopSharesTransaction test-data, hs_office.coopsharestransaction, INSERT, ref 1000303-3]",
"[creating coopSharesTransaction test-data, hs_office.coopsharestransaction, INSERT, ref 1000303-4]");
}
@BeforeEach

4
src/test/java/net/hostsharing/hsadminng/hs/office/debitor/HsOfficeDebitorControllerAcceptanceTest.java
View File

@ -638,7 +638,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu
RestAssured // @formatter:off
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
.header("assumed-roles", "hs_office_contact#fourthcontact:ADMIN")
.header("assumed-roles", "hs_office.contact#fourthcontact:ADMIN")
.contentType(ContentType.JSON)
.body("""
{
@ -651,7 +651,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu
.then().log().all().assertThat()
.statusCode(403)
.body("message", containsString("ERROR: [403] Subject"))
.body("message", containsString("is not allowed to update hs_office_debitor uuid "));
.body("message", containsString("is not allowed to update hs_office.debitor uuid "));
}
}

66
src/test/java/net/hostsharing/hsadminng/hs/office/debitor/HsOfficeDebitorRepositoryIntegrationTest.java
View File

@ -141,7 +141,7 @@ class HsOfficeDebitorRepositoryIntegrationTest extends ContextBasedTestWithClean
// then
result.assertExceptionWithRootCauseMessage(org.hibernate.exception.ConstraintViolationException.class,
"ERROR: new row for relation \"hs_office_debitor\" violates check constraint \"check_default_prefix\"");
"ERROR: new row for relation \"debitor\" violates check constraint \"check_default_prefix\"");
}
@Test
@ -151,7 +151,7 @@ class HsOfficeDebitorRepositoryIntegrationTest extends ContextBasedTestWithClean
final var initialRoleNames = distinctRoleNamesOf(rawRoleRepo.findAll());
final var initialGrantNames = distinctGrantDisplaysOf(rawGrantRepo.findAll()).stream()
// some search+replace to make the output fit into the screen width
.map(s -> s.replace("hs_office_", ""))
.map(s -> s.replace("hs_office.", ""))
.toList();
// when
@ -176,12 +176,12 @@ class HsOfficeDebitorRepositoryIntegrationTest extends ContextBasedTestWithClean
// then
assertThat(distinctRoleNamesOf(rawRoleRepo.findAll())).containsExactlyInAnyOrder(Array.from(
initialRoleNames,
"hs_office_relation#FirstGmbH-with-DEBITOR-FourtheG:OWNER",
"hs_office_relation#FirstGmbH-with-DEBITOR-FourtheG:ADMIN",
"hs_office_relation#FirstGmbH-with-DEBITOR-FourtheG:AGENT",
"hs_office_relation#FirstGmbH-with-DEBITOR-FourtheG:TENANT"));
"hs_office.relation#FirstGmbH-with-DEBITOR-FourtheG:OWNER",
"hs_office.relation#FirstGmbH-with-DEBITOR-FourtheG:ADMIN",
"hs_office.relation#FirstGmbH-with-DEBITOR-FourtheG:AGENT",
"hs_office.relation#FirstGmbH-with-DEBITOR-FourtheG:TENANT"));
assertThat(distinctGrantDisplaysOf(rawGrantRepo.findAll()))
.map(s -> s.replace("hs_office_", ""))
.map(s -> s.replace("hs_office.", ""))
.containsExactlyInAnyOrder(Array.fromFormatted(
initialGrantNames,
"{ grant perm:relation#FirstGmbH-with-DEBITOR-FourtheG:INSERT>sepamandate to role:relation#FirstGmbH-with-DEBITOR-FourtheG:ADMIN by system and assume }",
@ -247,9 +247,9 @@ class HsOfficeDebitorRepositoryIntegrationTest extends ContextBasedTestWithClean
@ParameterizedTest
@Disabled // TODO: reactivate once partner.person + partner.contact are removed
@ValueSource(strings = {
"hs_office_partner#10001:FirstGmbH-firstcontact:ADMIN",
"hs_office_person#FirstGmbH:ADMIN",
"hs_office_contact#firstcontact:ADMIN",
"hs_office.partner#10001:FirstGmbH-firstcontact:ADMIN",
"hs_office.person#FirstGmbH:ADMIN",
"hs_office.contact#firstcontact:ADMIN",
})
public void relatedPersonAdmin_canViewRelatedDebitors(final String assumedRole) {
// given:
@ -321,7 +321,7 @@ class HsOfficeDebitorRepositoryIntegrationTest extends ContextBasedTestWithClean
assertThatDebitorIsVisibleForUserWithRole(
givenDebitor,
"hs_office_relation#FourtheG-with-DEBITOR-FourtheG:ADMIN", true);
"hs_office.relation#FourtheG-with-DEBITOR-FourtheG:ADMIN", true);
final var givenNewPartnerPerson = one(personRepo.findPersonByOptionalNameLike("First"));
final var givenNewBillingPerson = one(personRepo.findPersonByOptionalNameLike("Firby"));
final var givenNewContact = one(contactrealRepo.findContactByOptionalCaptionLike("sixth contact"));
@ -354,26 +354,26 @@ class HsOfficeDebitorRepositoryIntegrationTest extends ContextBasedTestWithClean
// ... partner role was reassigned:
assertThatDebitorIsNotVisibleForUserWithRole(
result.returnedValue(),
"hs_office_relation#FourtheG-with-DEBITOR-FourtheG:ADMIN");
"hs_office.relation#FourtheG-with-DEBITOR-FourtheG:ADMIN");
assertThatDebitorIsVisibleForUserWithRole(
result.returnedValue(),
"hs_office_relation#FirstGmbH-with-DEBITOR-FirbySusan:AGENT", true);
"hs_office.relation#FirstGmbH-with-DEBITOR-FirbySusan:AGENT", true);
// ... contact role was reassigned:
assertThatDebitorIsNotVisibleForUserWithRole(
result.returnedValue(),
"hs_office_contact#fifthcontact:ADMIN");
"hs_office.contact#fifthcontact:ADMIN");
assertThatDebitorIsVisibleForUserWithRole(
result.returnedValue(),
"hs_office_contact#sixthcontact:ADMIN", false);
"hs_office.contact#sixthcontact:ADMIN", false);
// ... bank-account role was reassigned:
assertThatDebitorIsNotVisibleForUserWithRole(
result.returnedValue(),
"hs_office_bankaccount#DE02200505501015871393:ADMIN");
"hs_office.bankaccount#DE02200505501015871393:ADMIN");
assertThatDebitorIsVisibleForUserWithRole(
result.returnedValue(),
"hs_office_bankaccount#DE02120300000000202051:ADMIN", true);
"hs_office.bankaccount#DE02120300000000202051:ADMIN", true);
}
@Test
@ -383,7 +383,7 @@ class HsOfficeDebitorRepositoryIntegrationTest extends ContextBasedTestWithClean
final var givenDebitor = givenSomeTemporaryDebitor("Fourth", "fifth contact", null, "fig");
assertThatDebitorIsVisibleForUserWithRole(
givenDebitor,
"hs_office_relation#FourtheG-with-DEBITOR-FourtheG:ADMIN", true);
"hs_office.relation#FourtheG-with-DEBITOR-FourtheG:ADMIN", true);
assertThatDebitorActuallyInDatabase(givenDebitor, true);
final var givenNewBankAccount = one(bankAccountRepo.findByOptionalHolderLike("first"));
@ -403,7 +403,7 @@ class HsOfficeDebitorRepositoryIntegrationTest extends ContextBasedTestWithClean
// ... bank-account role was assigned:
assertThatDebitorIsVisibleForUserWithRole(
result.returnedValue(),
"hs_office_bankaccount#DE02120300000000202051:ADMIN", true);
"hs_office.bankaccount#DE02120300000000202051:ADMIN", true);
}
@Test
@ -413,7 +413,7 @@ class HsOfficeDebitorRepositoryIntegrationTest extends ContextBasedTestWithClean
final var givenDebitor = givenSomeTemporaryDebitor("Fourth", "fifth contact", "Fourth", "fih");
assertThatDebitorIsVisibleForUserWithRole(
givenDebitor,
"hs_office_relation#HostsharingeG-with-PARTNER-FourtheG:AGENT", true);
"hs_office.relation#HostsharingeG-with-PARTNER-FourtheG:AGENT", true);
assertThatDebitorActuallyInDatabase(givenDebitor, true);
// when
@ -432,7 +432,7 @@ class HsOfficeDebitorRepositoryIntegrationTest extends ContextBasedTestWithClean
// ... bank-account role was removed from previous bank-account admin:
assertThatDebitorIsNotVisibleForUserWithRole(
result.returnedValue(),
"hs_office_bankaccount#DE02200505501015871393:ADMIN");
"hs_office.bankaccount#DE02200505501015871393:ADMIN");
}
@Test
@ -442,19 +442,19 @@ class HsOfficeDebitorRepositoryIntegrationTest extends ContextBasedTestWithClean
final var givenDebitor = givenSomeTemporaryDebitor("Fourth", "eighth", "Fourth", "eig");
assertThatDebitorIsVisibleForUserWithRole(
givenDebitor,
"hs_office_relation#HostsharingeG-with-PARTNER-FourtheG:AGENT", true);
"hs_office.relation#HostsharingeG-with-PARTNER-FourtheG:AGENT", true);
assertThatDebitorActuallyInDatabase(givenDebitor, true);
// when
final var result = jpaAttempt.transacted(() -> {
context("superuser-alex@hostsharing.net", "hs_office_relation#HostsharingeG-with-PARTNER-FourtheG:AGENT");
context("superuser-alex@hostsharing.net", "hs_office.relation#HostsharingeG-with-PARTNER-FourtheG:AGENT");
givenDebitor.setVatId("NEW-VAT-ID");
return toCleanup(debitorRepo.save(givenDebitor));
});
// then
result.assertExceptionWithRootCauseMessage(JpaSystemException.class,
"[403] Subject ", " is not allowed to update hs_office_debitor uuid");
"[403] Subject ", " is not allowed to update hs_office.debitor uuid");
}
@Test
@ -463,11 +463,11 @@ class HsOfficeDebitorRepositoryIntegrationTest extends ContextBasedTestWithClean
context("superuser-alex@hostsharing.net");
final var givenDebitor = givenSomeTemporaryDebitor("Fourth", "ninth", "Fourth", "nin");
assertThatDebitorActuallyInDatabase(givenDebitor, true);
assertThatDebitorIsVisibleForUserWithRole(givenDebitor, "hs_office_contact#ninthcontact:ADMIN", false);
assertThatDebitorIsVisibleForUserWithRole(givenDebitor, "hs_office.contact#ninthcontact:ADMIN", false);
// when
final var result = jpaAttempt.transacted(() -> {
context("superuser-alex@hostsharing.net", "hs_office_contact#ninthcontact:ADMIN");
context("superuser-alex@hostsharing.net", "hs_office.contact#ninthcontact:ADMIN");
givenDebitor.setVatId("NEW-VAT-ID");
final HsOfficeDebitorEntity entity = debitorRepo.save(givenDebitor);
return toCleanup(entity.load());
@ -477,7 +477,7 @@ class HsOfficeDebitorRepositoryIntegrationTest extends ContextBasedTestWithClean
result.assertExceptionWithRootCauseMessage(
JpaSystemException.class,
"ERROR: [403]",
"is not allowed to update hs_office_debitor uuid");
"is not allowed to update hs_office.debitor uuid");
}
private void assertThatDebitorActuallyInDatabase(final HsOfficeDebitorEntity saved, final boolean withPartner) {
@ -547,7 +547,7 @@ class HsOfficeDebitorRepositoryIntegrationTest extends ContextBasedTestWithClean
// when
final var result = jpaAttempt.transacted(() -> {
context("superuser-alex@hostsharing.net", "hs_office_relation#FourtheG-with-DEBITOR-FourtheG:ADMIN");
context("superuser-alex@hostsharing.net", "hs_office.relation#FourtheG-with-DEBITOR-FourtheG:ADMIN");
assertThat(debitorRepo.findByUuid(givenDebitor.getUuid())).isPresent();
debitorRepo.deleteByUuid(givenDebitor.getUuid());
@ -556,7 +556,7 @@ class HsOfficeDebitorRepositoryIntegrationTest extends ContextBasedTestWithClean
// then
result.assertExceptionWithRootCauseMessage(
JpaSystemException.class,
"[403] Subject ", " not allowed to delete hs_office_debitor");
"[403] Subject ", " not allowed to delete hs_office.debitor");
assertThat(jpaAttempt.transacted(() -> {
context("superuser-alex@hostsharing.net");
return debitorRepo.findByUuid(givenDebitor.getUuid());
@ -591,7 +591,7 @@ class HsOfficeDebitorRepositoryIntegrationTest extends ContextBasedTestWithClean
final var query = em.createNativeQuery("""
select currentTask, targetTable, targetOp, targetdelta->>'defaultprefix'
from base.tx_journal_v
where targettable = 'hs_office_debitor';
where targettable = 'hs_office.debitor';
""");
// when
@ -599,9 +599,9 @@ class HsOfficeDebitorRepositoryIntegrationTest extends ContextBasedTestWithClean
// then
assertThat(customerLogEntries).map(Arrays::toString).contains(
"[creating debitor test-data, hs_office_debitor, INSERT, fir]",
"[creating debitor test-data, hs_office_debitor, INSERT, sec]",
"[creating debitor test-data, hs_office_debitor, INSERT, thi]");
"[creating debitor test-data, hs_office.debitor, INSERT, fir]",
"[creating debitor test-data, hs_office.debitor, INSERT, sec]",
"[creating debitor test-data, hs_office.debitor, INSERT, thi]");
}
private HsOfficeDebitorEntity givenSomeTemporaryDebitor(

6
src/test/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipControllerAcceptanceTest.java
View File

@ -263,7 +263,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle
RestAssured // @formatter:off
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
.header("assumed-roles", "hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG:AGENT")
.header("assumed-roles", "hs_office.relation#HostsharingeG-with-PARTNER-ThirdOHG:AGENT")
.port(port)
.when()
.get("http://localhost/api/hs/office/memberships/" + givenMembershipUuid)
@ -331,7 +331,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle
void partnerRelAdmin_canPatchValidityOfRelatedMembership() {
// given
final var givenPartnerAdmin = "hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH:ADMIN";
final var givenPartnerAdmin = "hs_office.relation#HostsharingeG-with-PARTNER-FirstGmbH:ADMIN";
context.define("superuser-alex@hostsharing.net", givenPartnerAdmin);
final var givenMembership = givenSomeTemporaryMembershipBessler("First");
@ -392,7 +392,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle
RestAssured // @formatter:off
.given()
.header("current-subject", "superuser-alex@hostsharing.net")
.header("assumed-roles", "hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH:AGENT")
.header("assumed-roles", "hs_office.relation#HostsharingeG-with-PARTNER-FirstGmbH:AGENT")
.port(port)
.when()
.delete("http://localhost/api/hs/office/memberships/" + givenMembership.getUuid())

28
src/test/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipRepositoryIntegrationTest.java
View File

@ -91,7 +91,7 @@ class HsOfficeMembershipRepositoryIntegrationTest extends ContextBasedTestWithCl
context("superuser-alex@hostsharing.net");
final var initialRoleNames = distinctRoleNamesOf(rawRoleRepo.findAll());
final var initialGrantNames = distinctGrantDisplaysOf(rawGrantRepo.findAll()).stream()
.map(s -> s.replace("hs_office_", ""))
.map(s -> s.replace("hs_office.", ""))
.toList();
// when
@ -110,11 +110,11 @@ class HsOfficeMembershipRepositoryIntegrationTest extends ContextBasedTestWithCl
final var all = rawRoleRepo.findAll();
assertThat(distinctRoleNamesOf(all)).containsExactlyInAnyOrder(Array.from(
initialRoleNames,
"hs_office_membership#M-1000117:OWNER",
"hs_office_membership#M-1000117:ADMIN",
"hs_office_membership#M-1000117:AGENT"));
"hs_office.membership#M-1000117:OWNER",
"hs_office.membership#M-1000117:ADMIN",
"hs_office.membership#M-1000117:AGENT"));
assertThat(distinctGrantDisplaysOf(rawGrantRepo.findAll()))
.map(s -> s.replace("hs_office_", ""))
.map(s -> s.replace("hs_office.", ""))
.containsExactlyInAnyOrder(Array.fromFormatted(
initialGrantNames,
// insert
@ -230,13 +230,13 @@ class HsOfficeMembershipRepositoryIntegrationTest extends ContextBasedTestWithCl
assertThatMembershipExistsAndIsAccessibleToCurrentContext(givenMembership);
assertThatMembershipIsVisibleForRole(
givenMembership,
"hs_office_membership#M-1000113:AGENT");
"hs_office.membership#M-1000113:AGENT");
final var newValidityEnd = LocalDate.now();
// when
final var result = jpaAttempt.transacted(() -> {
// TODO: we should test with debitor- and partner-admin as well
context("superuser-alex@hostsharing.net", "hs_office_membership#M-1000113:AGENT");
context("superuser-alex@hostsharing.net", "hs_office.membership#M-1000113:AGENT");
givenMembership.setValidity(
Range.closedOpen(givenMembership.getValidity().lower(), newValidityEnd));
return membershipRepo.save(givenMembership);
@ -244,7 +244,7 @@ class HsOfficeMembershipRepositoryIntegrationTest extends ContextBasedTestWithCl
// then
result.assertExceptionWithRootCauseMessage(JpaSystemException.class,
"[403] Subject ", " is not allowed to update hs_office_membership uuid");
"[403] Subject ", " is not allowed to update hs_office.membership uuid");
}
private void assertThatMembershipExistsAndIsAccessibleToCurrentContext(final HsOfficeMembershipEntity saved) {
@ -294,7 +294,7 @@ class HsOfficeMembershipRepositoryIntegrationTest extends ContextBasedTestWithCl
// when
final var result = jpaAttempt.transacted(() -> {
context("superuser-alex@hostsharing.net", "hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH:AGENT");
context("superuser-alex@hostsharing.net", "hs_office.relation#HostsharingeG-with-PARTNER-FirstGmbH:AGENT");
assertThat(membershipRepo.findByUuid(givenMembership.getUuid())).isPresent();
membershipRepo.deleteByUuid(givenMembership.getUuid());
@ -303,7 +303,7 @@ class HsOfficeMembershipRepositoryIntegrationTest extends ContextBasedTestWithCl
// then
result.assertExceptionWithRootCauseMessage(
JpaSystemException.class,
"[403] Subject ", " not allowed to delete hs_office_membership");
"[403] Subject ", " not allowed to delete hs_office.membership");
assertThat(jpaAttempt.transacted(() -> {
context("superuser-alex@hostsharing.net");
return membershipRepo.findByUuid(givenMembership.getUuid());
@ -338,7 +338,7 @@ class HsOfficeMembershipRepositoryIntegrationTest extends ContextBasedTestWithCl
final var query = em.createNativeQuery("""
select currentTask, targetTable, targetOp, targetdelta->>'membernumbersuffix'
from base.tx_journal_v
where targettable = 'hs_office_membership';
where targettable = 'hs_office.membership';
""");
// when
@ -346,9 +346,9 @@ class HsOfficeMembershipRepositoryIntegrationTest extends ContextBasedTestWithCl
// then
assertThat(customerLogEntries).map(Arrays::toString).contains(
"[creating Membership test-data, hs_office_membership, INSERT, 01]",
"[creating Membership test-data, hs_office_membership, INSERT, 02]",
"[creating Membership test-data, hs_office_membership, INSERT, 03]");
"[creating Membership test-data, hs_office.membership, INSERT, 01]",
"[creating Membership test-data, hs_office.membership, INSERT, 02]",
"[creating Membership test-data, hs_office.membership, INSERT, 03]");
}
private HsOfficeMembershipEntity givenSomeTemporaryMembership(final String partnerTradeName, final String memberNumberSuffix) {

44
src/test/java/net/hostsharing/hsadminng/hs/office/partner/HsOfficePartnerRepositoryIntegrationTest.java
View File

@ -103,7 +103,7 @@ class HsOfficePartnerRepositoryIntegrationTest extends ContextBasedTestWithClean
final var initialGrantNames = distinctGrantDisplaysOf(rawGrantRepo.findAll()).stream()
.map(s -> s.replace("ErbenBesslerMelBessler", "EBess"))
.map(s -> s.replace("fourthcontact", "4th"))
.map(s -> s.replace("hs_office_", ""))
.map(s -> s.replace("hs_office.", ""))
.toList();
// when
@ -131,14 +131,14 @@ class HsOfficePartnerRepositoryIntegrationTest extends ContextBasedTestWithClean
// then
assertThat(distinctRoleNamesOf(rawRoleRepo.findAll())).containsExactlyInAnyOrder(from(
initialRoleNames,
"hs_office_relation#HostsharingeG-with-PARTNER-ErbenBesslerMelBessler:OWNER",
"hs_office_relation#HostsharingeG-with-PARTNER-ErbenBesslerMelBessler:ADMIN",
"hs_office_relation#HostsharingeG-with-PARTNER-ErbenBesslerMelBessler:AGENT",
"hs_office_relation#HostsharingeG-with-PARTNER-ErbenBesslerMelBessler:TENANT"));
"hs_office.relation#HostsharingeG-with-PARTNER-ErbenBesslerMelBessler:OWNER",
"hs_office.relation#HostsharingeG-with-PARTNER-ErbenBesslerMelBessler:ADMIN",
"hs_office.relation#HostsharingeG-with-PARTNER-ErbenBesslerMelBessler:AGENT",
"hs_office.relation#HostsharingeG-with-PARTNER-ErbenBesslerMelBessler:TENANT"));
assertThat(distinctGrantDisplaysOf(rawGrantRepo.findAll()))
.map(s -> s.replace("ErbenBesslerMelBessler", "EBess"))
.map(s -> s.replace("fourthcontact", "4th"))
.map(s -> s.replace("hs_office_", ""))
.map(s -> s.replace("hs_office.", ""))
.containsExactlyInAnyOrder(distinct(from(
initialGrantNames,
@ -263,7 +263,7 @@ class HsOfficePartnerRepositoryIntegrationTest extends ContextBasedTestWithClean
final var givenPartner = givenSomeTemporaryHostsharingPartner(20036, "Erben Bessler", "fifth contact");
assertThatPartnerIsVisibleForUserWithRole(
givenPartner,
"hs_office_person#ErbenBesslerMelBessler:ADMIN");
"hs_office.person#ErbenBesslerMelBessler:ADMIN");
assertThatPartnerActuallyInDatabase(givenPartner);
// when
@ -281,10 +281,10 @@ class HsOfficePartnerRepositoryIntegrationTest extends ContextBasedTestWithClean
"rbac.global#global:ADMIN");
assertThatPartnerIsVisibleForUserWithRole(
givenPartner,
"hs_office_person#ThirdOHG:ADMIN");
"hs_office.person#ThirdOHG:ADMIN");
assertThatPartnerIsNotVisibleForUserWithRole(
givenPartner,
"hs_office_person#ErbenBesslerMelBessler:ADMIN");
"hs_office.person#ErbenBesslerMelBessler:ADMIN");
}
@Test
@ -294,13 +294,13 @@ class HsOfficePartnerRepositoryIntegrationTest extends ContextBasedTestWithClean
final var givenPartner = givenSomeTemporaryHostsharingPartner(20037, "Erben Bessler", "ninth");
assertThatPartnerIsVisibleForUserWithRole(
givenPartner,
"hs_office_person#ErbenBesslerMelBessler:ADMIN");
"hs_office.person#ErbenBesslerMelBessler:ADMIN");
assertThatPartnerActuallyInDatabase(givenPartner);
// when
final var result = jpaAttempt.transacted(() -> {
context("superuser-alex@hostsharing.net",
"hs_office_person#ErbenBesslerMelBessler:ADMIN");
"hs_office.person#ErbenBesslerMelBessler:ADMIN");
givenPartner.getDetails().setBirthName("new birthname");
return partnerRepo.save(givenPartner);
});
@ -316,21 +316,21 @@ class HsOfficePartnerRepositoryIntegrationTest extends ContextBasedTestWithClean
final var givenPartner = givenSomeTemporaryHostsharingPartner(20037, "Erben Bessler", "ninth");
assertThatPartnerIsVisibleForUserWithRole(
givenPartner,
"hs_office_person#ErbenBesslerMelBessler:ADMIN");
"hs_office.person#ErbenBesslerMelBessler:ADMIN");
assertThatPartnerActuallyInDatabase(givenPartner);
// when
final var result = jpaAttempt.transacted(() -> {
context("superuser-alex@hostsharing.net",
"hs_office_relation#HostsharingeG-with-PARTNER-ErbenBesslerMelBessler:TENANT");
"hs_office.relation#HostsharingeG-with-PARTNER-ErbenBesslerMelBessler:TENANT");
givenPartner.getDetails().setBirthName("new birthname");
return partnerRepo.save(givenPartner);
});
// then
result.assertExceptionWithRootCauseMessage(JpaSystemException.class,
"ERROR: [403] insert into hs_office_partner_details ",
" not allowed for current subjects {hs_office_relation#HostsharingeG-with-PARTNER-ErbenBesslerMelBessler:TENANT}");
"ERROR: [403] insert into hs_office.partner_details ",
" not allowed for current subjects {hs_office.relation#HostsharingeG-with-PARTNER-ErbenBesslerMelBessler:TENANT}");
}
private void assertThatPartnerActuallyInDatabase(final HsOfficePartnerEntity saved) {
@ -398,7 +398,7 @@ class HsOfficePartnerRepositoryIntegrationTest extends ContextBasedTestWithClean
// then
result.assertExceptionWithRootCauseMessage(
JpaSystemException.class,
"[403] Subject ", " not allowed to delete hs_office_partner");
"[403] Subject ", " not allowed to delete hs_office.partner");
assertThat(jpaAttempt.transacted(() -> {
context("superuser-alex@hostsharing.net");
return partnerRepo.findByUuid(givenPartner.getUuid());
@ -435,7 +435,7 @@ class HsOfficePartnerRepositoryIntegrationTest extends ContextBasedTestWithClean
final var query = em.createNativeQuery("""
select currentTask, targetTable, targetOp, targetdelta->>'partnernumber'
from base.tx_journal_v
where targettable = 'hs_office_partner';
where targettable = 'hs_office.partner';
""");
// when
@ -443,11 +443,11 @@ class HsOfficePartnerRepositoryIntegrationTest extends ContextBasedTestWithClean
// then
assertThat(customerLogEntries).map(Arrays::toString).contains(
"[creating partner test-data , hs_office_partner, INSERT, 10001]",
"[creating partner test-data , hs_office_partner, INSERT, 10002]",
"[creating partner test-data , hs_office_partner, INSERT, 10003]",
"[creating partner test-data , hs_office_partner, INSERT, 10004]",
"[creating partner test-data , hs_office_partner, INSERT, 10010]");
"[creating partner test-data , hs_office.partner, INSERT, 10001]",
"[creating partner test-data , hs_office.partner, INSERT, 10002]",
"[creating partner test-data , hs_office.partner, INSERT, 10003]",
"[creating partner test-data , hs_office.partner, INSERT, 10004]",
"[creating partner test-data , hs_office.partner, INSERT, 10010]");
}
private HsOfficePartnerEntity givenSomeTemporaryHostsharingPartner(

32
src/test/java/net/hostsharing/hsadminng/hs/office/person/HsOfficePersonRepositoryIntegrationTest.java
View File

@ -102,23 +102,23 @@ class HsOfficePersonRepositoryIntegrationTest extends ContextBasedTestWithCleanu
assertThat(distinctRoleNamesOf(rawRoleRepo.findAll())).containsExactlyInAnyOrder(
Array.from(
initialRoleNames,
"hs_office_person#anothernewperson:OWNER",
"hs_office_person#anothernewperson:ADMIN",
"hs_office_person#anothernewperson:REFERRER"
"hs_office.person#anothernewperson:OWNER",
"hs_office.person#anothernewperson:ADMIN",
"hs_office.person#anothernewperson:REFERRER"
));
assertThat(distinctGrantDisplaysOf(rawGrantRepo.findAll())).containsExactlyInAnyOrder(
Array.fromFormatted(
initialGrantNames,
"{ grant perm:hs_office_person#anothernewperson:INSERT>hs_office_relation to role:hs_office_person#anothernewperson:ADMIN by system and assume }",
"{ grant perm:hs_office.person#anothernewperson:INSERT>hs_office.relation to role:hs_office.person#anothernewperson:ADMIN by system and assume }",
"{ grant role:hs_office_person#anothernewperson:OWNER to user:selfregistered-user-drew@hostsharing.org by hs_office_person#anothernewperson:OWNER and assume }",
"{ grant role:hs_office_person#anothernewperson:OWNER to role:rbac.global#global:ADMIN by system and assume }",
"{ grant perm:hs_office_person#anothernewperson:UPDATE to role:hs_office_person#anothernewperson:ADMIN by system and assume }",
"{ grant perm:hs_office_person#anothernewperson:DELETE to role:hs_office_person#anothernewperson:OWNER by system and assume }",
"{ grant role:hs_office_person#anothernewperson:ADMIN to role:hs_office_person#anothernewperson:OWNER by system and assume }",
"{ grant role:hs_office.person#anothernewperson:OWNER to user:selfregistered-user-drew@hostsharing.org by hs_office.person#anothernewperson:OWNER and assume }",
"{ grant role:hs_office.person#anothernewperson:OWNER to role:rbac.global#global:ADMIN by system and assume }",
"{ grant perm:hs_office.person#anothernewperson:UPDATE to role:hs_office.person#anothernewperson:ADMIN by system and assume }",
"{ grant perm:hs_office.person#anothernewperson:DELETE to role:hs_office.person#anothernewperson:OWNER by system and assume }",
"{ grant role:hs_office.person#anothernewperson:ADMIN to role:hs_office.person#anothernewperson:OWNER by system and assume }",
"{ grant perm:hs_office_person#anothernewperson:SELECT to role:hs_office_person#anothernewperson:REFERRER by system and assume }",
"{ grant role:hs_office_person#anothernewperson:REFERRER to role:hs_office_person#anothernewperson:ADMIN by system and assume }"
"{ grant perm:hs_office.person#anothernewperson:SELECT to role:hs_office.person#anothernewperson:REFERRER by system and assume }",
"{ grant role:hs_office.person#anothernewperson:REFERRER to role:hs_office.person#anothernewperson:ADMIN by system and assume }"
));
}
@ -262,7 +262,7 @@ class HsOfficePersonRepositoryIntegrationTest extends ContextBasedTestWithCleanu
final var query = em.createNativeQuery("""
select currentTask, targetTable, targetOp, targetdelta->>'tradename', targetdelta->>'lastname'
from base.tx_journal_v
where targettable = 'hs_office_person';
where targettable = 'hs_office.person';
""");
// when
@ -270,10 +270,10 @@ class HsOfficePersonRepositoryIntegrationTest extends ContextBasedTestWithCleanu
// then
assertThat(customerLogEntries).map(Arrays::toString).contains(
"[creating person test-data, hs_office_person, INSERT, Hostsharing eG, null]",
"[creating person test-data, hs_office_person, INSERT, First GmbH, null]",
"[creating person test-data, hs_office_person, INSERT, Second e.K., null]",
"[creating person test-data, hs_office_person, INSERT, Third OHG, null]");
"[creating person test-data, hs_office.person, INSERT, Hostsharing eG, null]",
"[creating person test-data, hs_office.person, INSERT, First GmbH, null]",
"[creating person test-data, hs_office.person, INSERT, Second e.K., null]",
"[creating person test-data, hs_office.person, INSERT, Third OHG, null]");
}
private HsOfficePersonEntity givenSomeTemporaryPerson(

62
src/test/java/net/hostsharing/hsadminng/hs/office/relation/HsOfficeRelationRepositoryIntegrationTest.java
View File

@ -125,33 +125,33 @@ class HsOfficeRelationRepositoryIntegrationTest extends ContextBasedTestWithClea
// then
assertThat(distinctRoleNamesOf(rawRoleRepo.findAll())).containsExactlyInAnyOrder(Array.from(
initialRoleNames,
"hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:OWNER",
"hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:ADMIN",
"hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:AGENT",
"hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:TENANT"));
"hs_office.relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:OWNER",
"hs_office.relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:ADMIN",
"hs_office.relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:AGENT",
"hs_office.relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:TENANT"));
assertThat(distinctGrantDisplaysOf(rawGrantRepo.findAll())).containsExactlyInAnyOrder(Array.fromFormatted(
initialGrantNames,
"{ grant perm:hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:DELETE to role:hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:OWNER by system and assume }",
"{ grant role:hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:OWNER to role:rbac.global#global:ADMIN by system and assume }",
"{ grant role:hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:OWNER to user:superuser-alex@hostsharing.net by hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:OWNER and assume }",
"{ grant perm:hs_office.relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:DELETE to role:hs_office.relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:OWNER by system and assume }",
"{ grant role:hs_office.relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:OWNER to role:rbac.global#global:ADMIN by system and assume }",
"{ grant role:hs_office.relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:OWNER to user:superuser-alex@hostsharing.net by hs_office.relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:OWNER and assume }",
"{ grant perm:hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:UPDATE to role:hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:ADMIN by system and assume }",
"{ grant role:hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:ADMIN to role:hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:OWNER by system and assume }",
"{ grant role:hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:OWNER to role:hs_office_person#BesslerBert:ADMIN by system and assume }",
"{ grant role:hs_office_person#ErbenBesslerMelBessler:OWNER to role:hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:ADMIN by system and assume }",
"{ grant perm:hs_office.relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:UPDATE to role:hs_office.relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:ADMIN by system and assume }",
"{ grant role:hs_office.relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:ADMIN to role:hs_office.relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:OWNER by system and assume }",
"{ grant role:hs_office.relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:OWNER to role:hs_office.person#BesslerBert:ADMIN by system and assume }",
"{ grant role:hs_office.person#ErbenBesslerMelBessler:OWNER to role:hs_office.relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:ADMIN by system and assume }",
"{ grant role:hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:AGENT to role:hs_office_person#ErbenBesslerMelBessler:ADMIN by system and assume }",
"{ grant role:hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:AGENT to role:hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:ADMIN by system and assume }",
"{ grant role:hs_office.relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:AGENT to role:hs_office.person#ErbenBesslerMelBessler:ADMIN by system and assume }",
"{ grant role:hs_office.relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:AGENT to role:hs_office.relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:ADMIN by system and assume }",
"{ grant perm:hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:SELECT to role:hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:TENANT by system and assume }",
"{ grant role:hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:TENANT to role:hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:AGENT by system and assume }",
"{ grant role:hs_office_person#BesslerBert:REFERRER to role:hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:TENANT by system and assume }",
"{ grant role:hs_office_person#ErbenBesslerMelBessler:REFERRER to role:hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:TENANT by system and assume }",
"{ grant role:hs_office_contact#fourthcontact:REFERRER to role:hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:TENANT by system and assume }",
"{ grant perm:hs_office.relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:SELECT to role:hs_office.relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:TENANT by system and assume }",
"{ grant role:hs_office.relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:TENANT to role:hs_office.relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:AGENT by system and assume }",
"{ grant role:hs_office.person#BesslerBert:REFERRER to role:hs_office.relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:TENANT by system and assume }",
"{ grant role:hs_office.person#ErbenBesslerMelBessler:REFERRER to role:hs_office.relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:TENANT by system and assume }",
"{ grant role:hs_office.contact#fourthcontact:REFERRER to role:hs_office.relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:TENANT by system and assume }",
// REPRESENTATIVE holder person -> (represented) anchor person
"{ grant role:hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:TENANT to role:hs_office_contact#fourthcontact:ADMIN by system and assume }",
"{ grant role:hs_office.relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:TENANT to role:hs_office.contact#fourthcontact:ADMIN by system and assume }",
null)
);
}
@ -217,7 +217,7 @@ class HsOfficeRelationRepositoryIntegrationTest extends ContextBasedTestWithClea
assertThatRelationActuallyInDatabase(givenRelation);
assertThatRelationIsVisibleForUserWithRole(
givenRelation,
"hs_office_person#ErbenBesslerMelBessler:ADMIN");
"hs_office.person#ErbenBesslerMelBessler:ADMIN");
context("superuser-alex@hostsharing.net");
final var givenContact = contactrealRepo.findContactByOptionalCaptionLike("sixth contact").stream().findFirst().orElseThrow();
@ -236,11 +236,11 @@ class HsOfficeRelationRepositoryIntegrationTest extends ContextBasedTestWithClea
"rbac.global#global:ADMIN");
assertThatRelationIsVisibleForUserWithRole(
result.returnedValue(),
"hs_office_contact#sixthcontact:ADMIN");
"hs_office.contact#sixthcontact:ADMIN");
assertThatRelationIsNotVisibleForUserWithRole(
result.returnedValue(),
"hs_office_contact#fifthcontact:ADMIN");
"hs_office.contact#fifthcontact:ADMIN");
relationRbacRepo.deleteByUuid(givenRelation.getUuid());
}
@ -253,19 +253,19 @@ class HsOfficeRelationRepositoryIntegrationTest extends ContextBasedTestWithClea
"Anita", "eighth");
assertThatRelationIsVisibleForUserWithRole(
givenRelation,
"hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerAnita:AGENT");
"hs_office.relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerAnita:AGENT");
assertThatRelationActuallyInDatabase(givenRelation);
// when
final var result = jpaAttempt.transacted(() -> {
context("superuser-alex@hostsharing.net", "hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerAnita:AGENT");
context("superuser-alex@hostsharing.net", "hs_office.relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerAnita:AGENT");
givenRelation.setContact(null);
return relationRbacRepo.save(givenRelation);
});
// then
result.assertExceptionWithRootCauseMessage(JpaSystemException.class,
"[403] Subject ", " is not allowed to update hs_office_relation uuid");
"[403] Subject ", " is not allowed to update hs_office.relation uuid");
}
@Test
@ -276,19 +276,19 @@ class HsOfficeRelationRepositoryIntegrationTest extends ContextBasedTestWithClea
"Anita", "ninth");
assertThatRelationIsVisibleForUserWithRole(
givenRelation,
"hs_office_contact#ninthcontact:ADMIN");
"hs_office.contact#ninthcontact:ADMIN");
assertThatRelationActuallyInDatabase(givenRelation);
// when
final var result = jpaAttempt.transacted(() -> {
context("superuser-alex@hostsharing.net", "hs_office_contact#ninthcontact:ADMIN");
context("superuser-alex@hostsharing.net", "hs_office.contact#ninthcontact:ADMIN");
givenRelation.setContact(null); // TODO
return relationRbacRepo.save(givenRelation);
});
// then
result.assertExceptionWithRootCauseMessage(JpaSystemException.class,
"[403] Subject ", " is not allowed to update hs_office_relation uuid");
"[403] Subject ", " is not allowed to update hs_office.relation uuid");
}
private void assertThatRelationActuallyInDatabase(final HsOfficeRelation saved) {
@ -360,7 +360,7 @@ class HsOfficeRelationRepositoryIntegrationTest extends ContextBasedTestWithClea
// then
result.assertExceptionWithRootCauseMessage(
JpaSystemException.class,
"[403] Subject ", " not allowed to delete hs_office_relation");
"[403] Subject ", " not allowed to delete hs_office.relation");
assertThat(jpaAttempt.transacted(() -> {
context("superuser-alex@hostsharing.net");
return relationRbacRepo.findByUuid(givenRelation.getUuid());
@ -396,7 +396,7 @@ class HsOfficeRelationRepositoryIntegrationTest extends ContextBasedTestWithClea
final var query = em.createNativeQuery("""
select currentTask, targetTable, targetOp, targetdelta->>'mark'
from base.tx_journal_v
where targettable = 'hs_office_relation';
where targettable = 'hs_office.relation';
""");
// when
@ -404,7 +404,7 @@ class HsOfficeRelationRepositoryIntegrationTest extends ContextBasedTestWithClea
// then
assertThat(customerLogEntries).map(Arrays::toString).contains(
"[creating relation test-data, hs_office_relation, INSERT, members-announce]");
"[creating relation test-data, hs_office.relation, INSERT, members-announce]");
}
private HsOfficeRelationRbacEntity givenSomeTemporaryRelationBessler(final String holderPerson, final String contact) {

30
src/test/java/net/hostsharing/hsadminng/hs/office/sepamandate/HsOfficeSepaMandateRepositoryIntegrationTest.java
View File

@ -95,7 +95,7 @@ class HsOfficeSepaMandateRepositoryIntegrationTest extends ContextBasedTestWithC
context("superuser-alex@hostsharing.net");
final var initialRoleNames = distinctRoleNamesOf(rawRoleRepo.findAll());
final var initialGrantNames = distinctGrantDisplaysOf(rawGrantRepo.findAll()).stream()
.map(s -> s.replace("hs_office_", ""))
.map(s -> s.replace("hs_office.", ""))
.toList();
// when
@ -117,12 +117,12 @@ class HsOfficeSepaMandateRepositoryIntegrationTest extends ContextBasedTestWithC
final var all = rawRoleRepo.findAll();
assertThat(distinctRoleNamesOf(all)).containsExactlyInAnyOrder(Array.from(
initialRoleNames,
"hs_office_sepamandate#DE02600501010002034304-[2020-01-01,2023-01-01):ADMIN",
"hs_office_sepamandate#DE02600501010002034304-[2020-01-01,2023-01-01):AGENT",
"hs_office_sepamandate#DE02600501010002034304-[2020-01-01,2023-01-01):OWNER",
"hs_office_sepamandate#DE02600501010002034304-[2020-01-01,2023-01-01):REFERRER"));
"hs_office.sepamandate#DE02600501010002034304-[2020-01-01,2023-01-01):ADMIN",
"hs_office.sepamandate#DE02600501010002034304-[2020-01-01,2023-01-01):AGENT",
"hs_office.sepamandate#DE02600501010002034304-[2020-01-01,2023-01-01):OWNER",
"hs_office.sepamandate#DE02600501010002034304-[2020-01-01,2023-01-01):REFERRER"));
assertThat(distinctGrantDisplaysOf(rawGrantRepo.findAll()))
.map(s -> s.replace("hs_office_", ""))
.map(s -> s.replace("hs_office.", ""))
.containsExactlyInAnyOrder(fromFormatted(
initialGrantNames,
@ -233,7 +233,7 @@ class HsOfficeSepaMandateRepositoryIntegrationTest extends ContextBasedTestWithC
final var givenSepaMandate = givenSomeTemporarySepaMandate("DE02600501010002034304");
assertThatSepaMandateIsVisibleForUserWithRole(
givenSepaMandate,
"hs_office_bankaccount#DE02600501010002034304:ADMIN");
"hs_office.bankaccount#DE02600501010002034304:ADMIN");
// when
final var result = jpaAttempt.transacted(() -> {
@ -262,13 +262,13 @@ class HsOfficeSepaMandateRepositoryIntegrationTest extends ContextBasedTestWithC
final var givenSepaMandate = givenSomeTemporarySepaMandate("DE02300606010002474689");
assertThatSepaMandateIsVisibleForUserWithRole(
givenSepaMandate,
"hs_office_bankaccount#DE02300606010002474689:ADMIN");
"hs_office.bankaccount#DE02300606010002474689:ADMIN");
assertThatSepaMandateActuallyInDatabase(givenSepaMandate);
final var newValidityEnd = LocalDate.now();
// when
final var result = jpaAttempt.transacted(() -> {
context("superuser-alex@hostsharing.net", "hs_office_bankaccount#DE02300606010002474689:ADMIN");
context("superuser-alex@hostsharing.net", "hs_office.bankaccount#DE02300606010002474689:ADMIN");
givenSepaMandate.setValidity(Range.closedOpen(
givenSepaMandate.getValidity().lower(), newValidityEnd));
@ -277,7 +277,7 @@ class HsOfficeSepaMandateRepositoryIntegrationTest extends ContextBasedTestWithC
// then
result.assertExceptionWithRootCauseMessage(JpaSystemException.class,
"[403] Subject ", " is not allowed to update hs_office_sepamandate uuid");
"[403] Subject ", " is not allowed to update hs_office.sepamandate uuid");
}
private void assertThatSepaMandateActuallyInDatabase(final HsOfficeSepaMandateEntity saved) {
@ -346,7 +346,7 @@ class HsOfficeSepaMandateRepositoryIntegrationTest extends ContextBasedTestWithC
// then
result.assertExceptionWithRootCauseMessage(
JpaSystemException.class,
"[403] Subject ", " not allowed to delete hs_office_sepamandate");
"[403] Subject ", " not allowed to delete hs_office.sepamandate");
assertThat(jpaAttempt.transacted(() -> {
context("superuser-alex@hostsharing.net");
return sepaMandateRepo.findByUuid(givenSepaMandate.getUuid());
@ -381,7 +381,7 @@ class HsOfficeSepaMandateRepositoryIntegrationTest extends ContextBasedTestWithC
final var query = em.createNativeQuery("""
select currentTask, targetTable, targetOp, targetdelta->>'reference'
from base.tx_journal_v
where targettable = 'hs_office_sepamandate';
where targettable = 'hs_office.sepamandate';
""");
// when
@ -389,9 +389,9 @@ class HsOfficeSepaMandateRepositoryIntegrationTest extends ContextBasedTestWithC
// then
assertThat(customerLogEntries).map(Arrays::toString).contains(
"[creating SEPA-mandate test-data, hs_office_sepamandate, INSERT, ref-10001-11]",
"[creating SEPA-mandate test-data, hs_office_sepamandate, INSERT, ref-10002-12]",
"[creating SEPA-mandate test-data, hs_office_sepamandate, INSERT, ref-10003-13]");
"[creating SEPA-mandate test-data, hs_office.sepamandate, INSERT, ref-10001-11]",
"[creating SEPA-mandate test-data, hs_office.sepamandate, INSERT, ref-10002-12]",
"[creating SEPA-mandate test-data, hs_office.sepamandate, INSERT, ref-10003-13]");
}
private HsOfficeSepaMandateEntity givenSomeTemporarySepaMandate(final String iban) {

4
src/test/java/net/hostsharing/hsadminng/rbac/grant/RbacGrantsDiagramServiceIntegrationTest.java
View File

@ -90,12 +90,12 @@ class RbacGrantsDiagramServiceIntegrationTest extends ContextBasedTestWithCleanu
@Test
@Disabled // enable to generate from a real database
void print() throws IOException {
//context("superuser-alex@hostsharing.net", "hs_office_person#FirbySusan:ADMIN");
//context("superuser-alex@hostsharing.net", "hs_office.person#FirbySusan:ADMIN");
context("superuser-alex@hostsharing.net");
//final var graph = grantsMermaidService.allGrantsTocurrentSubject(EnumSet.of(Include.NON_TEST_ENTITIES, Include.PERMISSIONS));
final var targetObject = (UUID) em.createNativeQuery("SELECT uuid FROM hs_office_coopassetstransaction WHERE reference='ref 1000101-1'").getSingleResult();
final var targetObject = (UUID) em.createNativeQuery("SELECT uuid FROM hs_office.coopassetstransaction WHERE reference='ref 1000101-1'").getSingleResult();
final var graph = grantsMermaidService.allGrantsFrom(targetObject, "view", EnumSet.of(Include.USERS));
RbacGrantsDiagramService.writeToFile(join(";", context.fetchAssumedRoles()), graph, "doc/all-grants.md");