hostsharing/hs.hsadmin.ng
6
0
Fork 0
Code Pull Requests 2 Activity

introduce-separate-database-schema-hs-office-and-amend-generators #105

Merged
hsh-michaelhoennig merged 5 commits from introduce-separate-database-schema-hs-office-and-amend-generators into master 2024-09-18 10:28:21 +02:00
Conversation 0 Commits 5 Files Changed 91 +1015 -1002
91 changed files with 1015 additions and 1002 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
doc/rbac-performance-analysis.md
View File

@ -206,14 +206,14 @@ Limit (cost=6549.08..6549.35 rows=54 width=16)
```SQL ```SQL
SELECT hore1_0.uuid,a1_0.uuid,a1_0.familyname,a1_0.givenname,a1_0.persontype,a1_0.salutation,a1_0.title,a1_0.tradename,a1_0.version,c1_0.uuid,c1_0.caption,c1_0.emailaddresses,c1_0.phonenumbers,c1_0.postaladdress,c1_0.version,h1_0.uuid,h1_0.familyname,h1_0.givenname,h1_0.persontype,h1_0.salutation,h1_0.title,h1_0.tradename,h1_0.version,hore1_0.mark,hore1_0.type,hore1_0.version SELECT hore1_0.uuid,a1_0.uuid,a1_0.familyname,a1_0.givenname,a1_0.persontype,a1_0.salutation,a1_0.title,a1_0.tradename,a1_0.version,c1_0.uuid,c1_0.caption,c1_0.emailaddresses,c1_0.phonenumbers,c1_0.postaladdress,c1_0.version,h1_0.uuid,h1_0.familyname,h1_0.givenname,h1_0.persontype,h1_0.salutation,h1_0.title,h1_0.tradename,h1_0.version,hore1_0.mark,hore1_0.type,hore1_0.version
FROM hs_office_relation_rv hore1_0 FROM hs_office.relation_rv hore1_0
LEFT JOIN hs_office_person_rv a1_0 ON a1_0.uuid=hore1_0.anchoruuid LEFT JOIN hs_office.person_rv a1_0 ON a1_0.uuid=hore1_0.anchoruuid
LEFT JOIN hs_office_contact_rv c1_0 ON c1_0.uuid=hore1_0.contactuuid LEFT JOIN hs_office.contact_rv c1_0 ON c1_0.uuid=hore1_0.contactuuid
LEFT JOIN hs_office_person_rv h1_0 ON h1_0.uuid=hore1_0.holderuuid LEFT JOIN hs_office.person_rv h1_0 ON h1_0.uuid=hore1_0.holderuuid
WHERE hore1_0.uuid=$1 WHERE hore1_0.uuid=$1
``` ```
That query on the `hs_office_relation_rv`-table joins the three references anchor-person, holder-person and contact. That query on the `hs_office.relation_rv`-table joins the three references anchor-person, holder-person and contact.
### Total-Query-Time > Total-Import-Runtime ### Total-Query-Time > Total-Import-Runtime
@ -270,16 +270,16 @@ At this point, the import took 21mins with these statistics:
| query | calls | total_m | mean_ms | | query | calls | total_m | mean_ms |
|-------|-------|---------|---------| |-------|-------|---------|---------|
| select hore1_0.uuid,a1_0.uuid,a1_0.familyname,a1_0.givenname,a1_0.persontype,a1_0.salutation,a1_0.title,a1_0.tradename,a1_0.version,c1_0.uuid,c1_0.caption,c1_0.emailaddresses,c1_0.phonenumbers,c1_0.postaladdress, c1_0.version,h1_0.uuid,h1_0.familyname,h1_0.givenname,h1_0.persontype,h1_0.salutation,h1_0.title,h1_0.tradename,h1_0.version,hore1_0.mark,hore1_0.type,hore1_0.version from public.hs_office_relation_rv hore1_0 left join public.hs_office_person_rv a1_0 on a1_0.uuid=hore1_0.anchoruuid left join public.hs_office_contact_rv c1_0 on c1_0.uuid=hore1_0.contactuuid left join public.hs_office_person_rv h1_0 on h1_0.uuid=hore1_0.holderuuid where hore1_0.uuid=$1 | 517 | 11 | 1282 | | select hore1_0.uuid,a1_0.uuid,a1_0.familyname,a1_0.givenname,a1_0.persontype,a1_0.salutation,a1_0.title,a1_0.tradename,a1_0.version,c1_0.uuid,c1_0.caption,c1_0.emailaddresses,c1_0.phonenumbers,c1_0.postaladdress, c1_0.version,h1_0.uuid,h1_0.familyname,h1_0.givenname,h1_0.persontype,h1_0.salutation,h1_0.title,h1_0.tradename,h1_0.version,hore1_0.mark,hore1_0.type,hore1_0.version from public.hs_office.relation_rv hore1_0 left join public.hs_office.person_rv a1_0 on a1_0.uuid=hore1_0.anchoruuid left join public.hs_office.contact_rv c1_0 on c1_0.uuid=hore1_0.contactuuid left join public.hs_office.person_rv h1_0 on h1_0.uuid=hore1_0.holderuuid where hore1_0.uuid=$1 | 517 | 11 | 1282 |
| select hope1_0.uuid,hope1_0.familyname,hope1_0.givenname,hope1_0.persontype,hope1_0.salutation,hope1_0.title,hope1_0.tradename,hope1_0.version from public.hs_office_person_rv hope1_0 where hope1_0.uuid=$1 | 973 | 4 | 254 | | select hope1_0.uuid,hope1_0.familyname,hope1_0.givenname,hope1_0.persontype,hope1_0.salutation,hope1_0.title,hope1_0.tradename,hope1_0.version from public.hs_office.person_rv hope1_0 where hope1_0.uuid=$1 | 973 | 4 | 254 |
| select hoce1_0.uuid,hoce1_0.caption,hoce1_0.emailaddresses,hoce1_0.phonenumbers,hoce1_0.postaladdress,hoce1_0.version from public.hs_office_contact_rv hoce1_0 where hoce1_0.uuid=$1 | 973 | 4 | 253 | | select hoce1_0.uuid,hoce1_0.caption,hoce1_0.emailaddresses,hoce1_0.phonenumbers,hoce1_0.postaladdress,hoce1_0.version from public.hs_office.contact_rv hoce1_0 where hoce1_0.uuid=$1 | 973 | 4 | 253 |
| call rbac.grantRoleToRole(roleUuid, superRoleUuid, superRoleDesc.assumed) | 31316 | 0 | 1 | | call rbac.grantRoleToRole(roleUuid, superRoleUuid, superRoleDesc.assumed) | 31316 | 0 | 1 |
| call buildRbacSystemForHsHostingAsset(NEW) | 2258 | 0 | 7 | | call buildRbacSystemForHsHostingAsset(NEW) | 2258 | 0 | 7 |
| select * from rbac.isGranted(array[granteeId], grantedId) | 44613 | 0 | 0 | | select * from rbac.isGranted(array[granteeId], grantedId) | 44613 | 0 | 0 |
| insert into public.hs_hosting_asset_rv (alarmcontactuuid,assignedtoassetuuid,bookingitemuuid,caption,config,identifier,parentassetuuid,type,version,uuid) values ($1,$2,$3,$4,$5,$6,$7,$8,$9,$10) | 2207 | 0 | 7 | | insert into public.hs_hosting_asset_rv (alarmcontactuuid,assignedtoassetuuid,bookingitemuuid,caption,config,identifier,parentassetuuid,type,version,uuid) values ($1,$2,$3,$4,$5,$6,$7,$8,$9,$10) | 2207 | 0 | 7 |
| insert into hs_hosting_asset (alarmcontactuuid, version, bookingitemuuid, type, parentassetuuid, assignedtoassetuuid, config, uuid, identifier, caption) values (new.alarmcontactuuid, new. version, new. bookingitemuuid, new. type, new. parentassetuuid, new. assignedtoassetuuid, new. config, new. uuid, new. identifier, new. caption) returning * | 2207 | 0 | 7 | | insert into hs_hosting_asset (alarmcontactuuid, version, bookingitemuuid, type, parentassetuuid, assignedtoassetuuid, config, uuid, identifier, caption) values (new.alarmcontactuuid, new. version, new. bookingitemuuid, new. type, new. parentassetuuid, new. assignedtoassetuuid, new. config, new. uuid, new. identifier, new. caption) returning * | 2207 | 0 | 7 |
| insert into public.hs_office_relation_rv (anchoruuid,contactuuid,holderuuid,mark,type,version,uuid) values ($1,$2,$3,$4,$5,$6,$7) | 1261 | 0 | 9 | | insert into public.hs_office.relation_rv (anchoruuid,contactuuid,holderuuid,mark,type,version,uuid) values ($1,$2,$3,$4,$5,$6,$7) | 1261 | 0 | 9 |
| insert into hs_office_relation (uuid, version, anchoruuid, holderuuid, contactuuid, type, mark) values (new.uuid, new. version, new. anchoruuid, new. holderuuid, new. contactuuid, new. type, new. mark) returning * | 1261 | 0 | 9 | | insert into hs_office.relation (uuid, version, anchoruuid, holderuuid, contactuuid, type, mark) values (new.uuid, new. version, new. anchoruuid, new. holderuuid, new. contactuuid, new. type, new. mark) returning * | 1261 | 0 | 9 |
| call buildRbacSystemForHsOfficeRelation(NEW) | 1276 | 0 | 8 | | call buildRbacSystemForHsOfficeRelation(NEW) | 1276 | 0 | 8 |
| with recursive grants as ( select descendantUuid, ascendantUuid from RbacGrants where descendantUuid = grantedId union all select ""grant"".descendantUuid, ""grant"".ascendantUuid from RbacGrants ""grant"" inner join grants recur on recur.ascendantUuid = ""grant"".descendantUuid ) select exists ( select $3 from grants where ascendantUuid = any(granteeIds) ) or grantedId = any(granteeIds) | 47540 | 0 | 0 | | with recursive grants as ( select descendantUuid, ascendantUuid from RbacGrants where descendantUuid = grantedId union all select ""grant"".descendantUuid, ""grant"".ascendantUuid from RbacGrants ""grant"" inner join grants recur on recur.ascendantUuid = ""grant"".descendantUuid ) select exists ( select $3 from grants where ascendantUuid = any(granteeIds) ) or grantedId = any(granteeIds) | 47540 | 0 | 0 |
| insert into RbacGrants (grantedByTriggerOf, ascendantuuid, descendantUuid, assumed) values (currentTriggerObjectUuid(), superRoleId, subRoleId, doAssume) on conflict do nothing" | 40472 | 0 | 0 | | insert into RbacGrants (grantedByTriggerOf, ascendantuuid, descendantUuid, assumed) values (currentTriggerObjectUuid(), superRoleId, subRoleId, doAssume) on conflict do nothing" | 40472 | 0 | 0 |
@ -294,17 +294,17 @@ We changed these mappings from `EAGER` (default) to `LAZY` to `@ManyToOne(fetch
:::small :::small
| query | calls | total (min) | mean (ms) | | query | calls | total (min) | mean (ms) |
|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------|-------------|----------| |-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------|-------------|----------|
| select hope1_0.uuid,hope1_0.familyname,hope1_0.givenname,hope1_0.persontype,hope1_0.salutation,hope1_0.title,hope1_0.tradename,hope1_0.version from public.hs_office_person_rv hope1_0 where hope1_0.uuid=$1 | 1015 | 4 | 238 | | select hope1_0.uuid,hope1_0.familyname,hope1_0.givenname,hope1_0.persontype,hope1_0.salutation,hope1_0.title,hope1_0.tradename,hope1_0.version from public.hs_office.person_rv hope1_0 where hope1_0.uuid=$1 | 1015 | 4 | 238 |
| select hore1_0.uuid,hore1_0.anchoruuid,hore1_0.contactuuid,hore1_0.holderuuid,hore1_0.mark,hore1_0.type,hore1_0.version from public.hs_office_relation_rv hore1_0 where hore1_0.uuid=$1 | 517 | 4 | 439 | | select hore1_0.uuid,hore1_0.anchoruuid,hore1_0.contactuuid,hore1_0.holderuuid,hore1_0.mark,hore1_0.type,hore1_0.version from public.hs_office.relation_rv hore1_0 where hore1_0.uuid=$1 | 517 | 4 | 439 |
| select hoce1_0.uuid,hoce1_0.caption,hoce1_0.emailaddresses,hoce1_0.phonenumbers,hoce1_0.postaladdress,hoce1_0.version from public.hs_office_contact_rv hoce1_0 where hoce1_0.uuid=$1 | 497 | 2 | 213 | | select hoce1_0.uuid,hoce1_0.caption,hoce1_0.emailaddresses,hoce1_0.phonenumbers,hoce1_0.postaladdress,hoce1_0.version from public.hs_office.contact_rv hoce1_0 where hoce1_0.uuid=$1 | 497 | 2 | 213 |
| call rbac.grantRoleToRole(roleUuid, superRoleUuid, superRoleDesc.assumed) | 31316 | 0 | 1 | | call rbac.grantRoleToRole(roleUuid, superRoleUuid, superRoleDesc.assumed) | 31316 | 0 | 1 |
| select * from rbac.isGranted(array[granteeId], grantedId) | 44613 | 0 | 0 | | select * from rbac.isGranted(array[granteeId], grantedId) | 44613 | 0 | 0 |
| call buildRbacSystemForHsHostingAsset(NEW) | 2258 | 0 | 7 | | call buildRbacSystemForHsHostingAsset(NEW) | 2258 | 0 | 7 |
| insert into public.hs_hosting_asset_rv (alarmcontactuuid,assignedtoassetuuid,bookingitemuuid,caption,config,identifier,parentassetuuid,type,version,uuid) values ($1,$2,$3,$4,$5,$6,$7,$8,$9,$10) | 2207 | 0 | 7 | | insert into public.hs_hosting_asset_rv (alarmcontactuuid,assignedtoassetuuid,bookingitemuuid,caption,config,identifier,parentassetuuid,type,version,uuid) values ($1,$2,$3,$4,$5,$6,$7,$8,$9,$10) | 2207 | 0 | 7 |
| insert into hs_hosting_asset (alarmcontactuuid, version, bookingitemuuid, type, parentassetuuid, assignedtoassetuuid, config, uuid, identifier, caption) values (new.alarmcontactuuid, new. version, new. bookingitemuuid, new. type, new. parentassetuuid, new. assignedtoassetuuid, new. config, new. uuid, new. identifier, new. caption) returning * | 2207 | 0 | 7 | | insert into hs_hosting_asset (alarmcontactuuid, version, bookingitemuuid, type, parentassetuuid, assignedtoassetuuid, config, uuid, identifier, caption) values (new.alarmcontactuuid, new. version, new. bookingitemuuid, new. type, new. parentassetuuid, new. assignedtoassetuuid, new. config, new. uuid, new. identifier, new. caption) returning * | 2207 | 0 | 7 |
| with recursive grants as ( select descendantUuid, ascendantUuid from RbacGrants where descendantUuid = grantedId union all select ""grant"".descendantUuid, ""grant"".ascendantUuid from RbacGrants ""grant"" inner join grants recur on recur.ascendantUuid = ""grant"".descendantUuid ) select exists ( select $3 from grants where ascendantUuid = any(granteeIds) ) or grantedId = any(granteeIds) | 47538 | 0 | 0 | | with recursive grants as ( select descendantUuid, ascendantUuid from RbacGrants where descendantUuid = grantedId union all select ""grant"".descendantUuid, ""grant"".ascendantUuid from RbacGrants ""grant"" inner join grants recur on recur.ascendantUuid = ""grant"".descendantUuid ) select exists ( select $3 from grants where ascendantUuid = any(granteeIds) ) or grantedId = any(granteeIds) | 47538 | 0 | 0 |
insert into public.hs_office_relation_rv (anchoruuid,contactuuid,holderuuid,mark,type,version,uuid) values ($1,$2,$3,$4,$5,$6,$7) | 1261 | 0 | 8 | insert into public.hs_office.relation_rv (anchoruuid,contactuuid,holderuuid,mark,type,version,uuid) values ($1,$2,$3,$4,$5,$6,$7) | 1261 | 0 | 8 |
| insert into hs_office_relation (uuid, version, anchoruuid, holderuuid, contactuuid, type, mark) values (new.uuid, new. version, new. anchoruuid, new. holderuuid, new. contactuuid, new. type, new. mark) returning * | 1261 | 0 | 8 | | insert into hs_office.relation (uuid, version, anchoruuid, holderuuid, contactuuid, type, mark) values (new.uuid, new. version, new. anchoruuid, new. holderuuid, new. contactuuid, new. type, new. mark) returning * | 1261 | 0 | 8 |
| call buildRbacSystemForHsOfficeRelation(NEW) | 1276 | 0 | 7 | | call buildRbacSystemForHsOfficeRelation(NEW) | 1276 | 0 | 7 |
| insert into public.hs_booking_item_rv (caption,parentitemuuid,projectuuid,resources,type,validity,version,uuid) values ($1,$2,$3,$4,$5,$6,$7,$8) | 926 | 0 | 7 | | insert into public.hs_booking_item_rv (caption,parentitemuuid,projectuuid,resources,type,validity,version,uuid) values ($1,$2,$3,$4,$5,$6,$7,$8) | 926 | 0 | 7 |
| insert into hs_booking_item (resources, version, projectuuid, type, parentitemuuid, validity, uuid, caption) values (new.resources, new. version, new. projectuuid, new. type, new. parentitemuuid, new. validity, new. uuid, new. caption) returning * | 926 | 0 | 7 | | insert into hs_booking_item (resources, version, projectuuid, type, parentitemuuid, validity, uuid, caption) values (new.resources, new. version, new. projectuuid, new. type, new. parentitemuuid, new. validity, new. uuid, new. caption) returning * | 926 | 0 | 7 |
@ -331,13 +331,13 @@ Now, the longest running queries are these:
| No.| calls | total_m | mean_ms | query | | No.| calls | total_m | mean_ms | query |
|---:|---------|--------:|--------:|:-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| |---:|---------|--------:|--------:|:-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| 1 | 13.093 | 4 | 21 | insert into hs_hosting_asset( uuid, type, bookingitemuuid, parentassetuuid, assignedtoassetuuid, alarmcontactuuid, identifier, caption, config, version) values ( $1, $2, $3, $4, $5, $6, $7, $8, cast($9 as jsonb), $10) | | 1 | 13.093 | 4 | 21 | insert into hs_hosting_asset( uuid, type, bookingitemuuid, parentassetuuid, assignedtoassetuuid, alarmcontactuuid, identifier, caption, config, version) values ( $1, $2, $3, $4, $5, $6, $7, $8, cast($9 as jsonb), $10) |
| 2 | 517 | 4 | 502 | select hore1_0.uuid,hore1_0.anchoruuid,hore1_0.contactuuid,hore1_0.holderuuid,hore1_0.mark,hore1_0.type,hore1_0.version from public.hs_office_relation_rv hore1_0 where hore1_0.uuid=$1 | | 2 | 517 | 4 | 502 | select hore1_0.uuid,hore1_0.anchoruuid,hore1_0.contactuuid,hore1_0.holderuuid,hore1_0.mark,hore1_0.type,hore1_0.version from public.hs_office.relation_rv hore1_0 where hore1_0.uuid=$1 |
| 3 | 13.144 | 4 | 21 | call buildRbacSystemForHsHostingAsset(NEW) | | 3 | 13.144 | 4 | 21 | call buildRbacSystemForHsHostingAsset(NEW) |
| 4 | 96.632 | 3 | 2 | call rbac.grantRoleToRole(roleUuid, superRoleUuid, superRoleDesc.assumed) | | 4 | 96.632 | 3 | 2 | call rbac.grantRoleToRole(roleUuid, superRoleUuid, superRoleDesc.assumed) |
| 5 | 120.815 | 3 | 2 | select * from rbac.isGranted(array[granteeId], grantedId) | | 5 | 120.815 | 3 | 2 | select * from rbac.isGranted(array[granteeId], grantedId) |
| 6 | 123.740 | 3 | 2 | with recursive grants as ( select descendantUuid, ascendantUuid from RbacGrants where descendantUuid = grantedId union all select "grant".descendantUuid, "grant".ascendantUuid from RbacGrants "grant" inner join grants recur on recur.ascendantUuid = "grant".descendantUuid ) select exists ( select $3 from grants where ascendantUuid = any(granteeIds) ) or grantedId = any(granteeIds) | | 6 | 123.740 | 3 | 2 | with recursive grants as ( select descendantUuid, ascendantUuid from RbacGrants where descendantUuid = grantedId union all select "grant".descendantUuid, "grant".ascendantUuid from RbacGrants "grant" inner join grants recur on recur.ascendantUuid = "grant".descendantUuid ) select exists ( select $3 from grants where ascendantUuid = any(granteeIds) ) or grantedId = any(granteeIds) |
| 7 | 497 | 2 | 259 | select hoce1_0.uuid,hoce1_0.caption,hoce1_0.emailaddresses,hoce1_0.phonenumbers,hoce1_0.postaladdress,hoce1_0.version from public.hs_office_contact_rv hoce1_0 where hoce1_0.uuid=$1 | | 7 | 497 | 2 | 259 | select hoce1_0.uuid,hoce1_0.caption,hoce1_0.emailaddresses,hoce1_0.phonenumbers,hoce1_0.postaladdress,hoce1_0.version from public.hs_office.contact_rv hoce1_0 where hoce1_0.uuid=$1 |
| 8 | 497 | 2 | 255 | select hope1_0.uuid,hope1_0.familyname,hope1_0.givenname,hope1_0.persontype,hope1_0.salutation,hope1_0.title,hope1_0.tradename,hope1_0.version from public.hs_office_person_rv hope1_0 where hope1_0.uuid=$1 | | 8 | 497 | 2 | 255 | select hope1_0.uuid,hope1_0.familyname,hope1_0.givenname,hope1_0.persontype,hope1_0.salutation,hope1_0.title,hope1_0.tradename,hope1_0.version from public.hs_office.person_rv hope1_0 where hope1_0.uuid=$1 |
| 9 | 13.144 | 1 | 8 | SELECT createRoleWithGrants( hsHostingAssetTENANT(NEW), permissions => array[$7], incomingSuperRoles => array[ hsHostingAssetAGENT(NEW), hsOfficeContactADMIN(newAlarmContact)], outgoingSubRoles => array[ hsBookingItemTENANT(newBookingItem), hsHostingAssetTENANT(newParentAsset)] ) | | 9 | 13.144 | 1 | 8 | SELECT createRoleWithGrants( hsHostingAssetTENANT(NEW), permissions => array[$7], incomingSuperRoles => array[ hsHostingAssetAGENT(NEW), hsOfficeContactADMIN(newAlarmContact)], outgoingSubRoles => array[ hsBookingItemTENANT(newBookingItem), hsHostingAssetTENANT(newParentAsset)] ) |
| 10 | 13.144 | 1 | 5 | SELECT createRoleWithGrants( hsHostingAssetADMIN(NEW), permissions => array[$7], incomingSuperRoles => array[ hsBookingItemAGENT(newBookingItem), hsHostingAssetAGENT(newParentAsset), hsHostingAssetOWNER(NEW)] ) | | 10 | 13.144 | 1 | 5 | SELECT createRoleWithGrants( hsHostingAssetADMIN(NEW), permissions => array[$7], incomingSuperRoles => array[ hsBookingItemAGENT(newBookingItem), hsHostingAssetAGENT(newParentAsset), hsHostingAssetOWNER(NEW)] ) |
@ -345,7 +345,7 @@ That the `INSERT into hs_hosting_asset` (No. 1) takes up the most time, seems to
It seems that the trigger effects (eg. No. 3 and No. 4) are included in the measure for the causing INSERT, otherwise summing up the totals would exceed the actual total time of the whole import. And it was to be expected that building the RBAC rules for new business objects takes most of the time. It seems that the trigger effects (eg. No. 3 and No. 4) are included in the measure for the causing INSERT, otherwise summing up the totals would exceed the actual total time of the whole import. And it was to be expected that building the RBAC rules for new business objects takes most of the time.
In production, the `SELECT ... FROM hs_office_relation_rv` (No. 2) with about 0.5 seconds could still be a problem. But once we apply the improvements from the hosting asset area also to the office area, this should not be a problem for the import anymore. In production, the `SELECT ... FROM hs_office.relation_rv` (No. 2) with about 0.5 seconds could still be a problem. But once we apply the improvements from the hosting asset area also to the office area, this should not be a problem for the import anymore.
## Further Options To Explore ## Further Options To Explore

4
src/main/java/net/hostsharing/hsadminng/hs/booking/item/HsBookingItemRbacEntity.java
View File

@ -4,7 +4,7 @@ import lombok.Getter;
import lombok.NoArgsConstructor; import lombok.NoArgsConstructor;
import lombok.Setter; import lombok.Setter;
import lombok.experimental.SuperBuilder; import lombok.experimental.SuperBuilder;
import net.hostsharing.hsadminng.hs.booking.project.HsBookingProject; import net.hostsharing.hsadminng.hs.booking.project.HsBookingProjectRbacEntity;
import net.hostsharing.hsadminng.rbac.generator.RbacView; import net.hostsharing.hsadminng.rbac.generator.RbacView;
import net.hostsharing.hsadminng.rbac.generator.RbacView.SQL; import net.hostsharing.hsadminng.rbac.generator.RbacView.SQL;
@ -49,7 +49,7 @@ public class HsBookingItemRbacEntity extends HsBookingItem {
.toRole(GLOBAL, ADMIN).grantPermission(INSERT) // TODO.impl: Why is this necessary to insert test data? .toRole(GLOBAL, ADMIN).grantPermission(INSERT) // TODO.impl: Why is this necessary to insert test data?
.toRole(GLOBAL, ADMIN).grantPermission(DELETE) .toRole(GLOBAL, ADMIN).grantPermission(DELETE)
.importEntityAlias("project", HsBookingProject.class, usingDefaultCase(), .importEntityAlias("project", HsBookingProjectRbacEntity.class, usingDefaultCase(),
dependsOnColumn("projectUuid"), dependsOnColumn("projectUuid"),
directlyFetchedByDependsOnColumn(), directlyFetchedByDependsOnColumn(),
NULLABLE) NULLABLE)

8
src/main/java/net/hostsharing/hsadminng/hs/booking/project/HsBookingProject.java
View File

@ -68,11 +68,11 @@ public abstract class HsBookingProject implements Stringifyable, BaseEntity<HsBo
} }
public static RbacView rbac() { public static RbacView rbac() {
return rbacViewFor("project", HsBookingProject.class) return rbacViewFor("project", HsBookingProjectRbacEntity.class)
.withIdentityView(SQL.query(""" .withIdentityView(SQL.query("""
SELECT bookingProject.uuid as uuid, debitorIV.idName || '-' || base.cleanIdentifier(bookingProject.caption) as idName SELECT bookingProject.uuid as uuid, debitorIV.idName || '-' || base.cleanIdentifier(bookingProject.caption) as idName
FROM hs_booking_project bookingProject FROM hs_booking_project bookingProject
JOIN hs_office_debitor_iv debitorIV ON debitorIV.uuid = bookingProject.debitorUuid JOIN hs_office.debitor_iv debitorIV ON debitorIV.uuid = bookingProject.debitorUuid
""")) """))
.withRestrictedViewOrderBy(SQL.expression("caption")) .withRestrictedViewOrderBy(SQL.expression("caption"))
.withUpdatableColumns("version", "caption") .withUpdatableColumns("version", "caption")
@ -86,8 +86,8 @@ public abstract class HsBookingProject implements Stringifyable, BaseEntity<HsBo
dependsOnColumn("debitorUuid"), dependsOnColumn("debitorUuid"),
fetchedBySql(""" fetchedBySql("""
SELECT ${columns} SELECT ${columns}
FROM hs_office_relation debitorRel FROM hs_office.relation debitorRel
JOIN hs_office_debitor debitor ON debitor.debitorRelUuid = debitorRel.uuid JOIN hs_office.debitor debitor ON debitor.debitorRelUuid = debitorRel.uuid
WHERE debitor.uuid = ${REF}.debitorUuid WHERE debitor.uuid = ${REF}.debitorUuid
"""), """),
NOT_NULL) NOT_NULL)

6
src/main/java/net/hostsharing/hsadminng/hs/booking/project/HsBookingProjectRbacEntity.java
View File

@ -44,7 +44,7 @@ public class HsBookingProjectRbacEntity extends HsBookingProject {
.withIdentityView(SQL.query(""" .withIdentityView(SQL.query("""
SELECT bookingProject.uuid as uuid, debitorIV.idName || '-' || base.cleanIdentifier(bookingProject.caption) as idName SELECT bookingProject.uuid as uuid, debitorIV.idName || '-' || base.cleanIdentifier(bookingProject.caption) as idName
FROM hs_booking_project bookingProject FROM hs_booking_project bookingProject
JOIN hs_office_debitor_iv debitorIV ON debitorIV.uuid = bookingProject.debitorUuid JOIN hs_office.debitor_iv debitorIV ON debitorIV.uuid = bookingProject.debitorUuid
""")) """))
.withRestrictedViewOrderBy(SQL.expression("caption")) .withRestrictedViewOrderBy(SQL.expression("caption"))
.withUpdatableColumns("version", "caption") .withUpdatableColumns("version", "caption")
@ -58,8 +58,8 @@ public class HsBookingProjectRbacEntity extends HsBookingProject {
dependsOnColumn("debitorUuid"), dependsOnColumn("debitorUuid"),
fetchedBySql(""" fetchedBySql("""
SELECT ${columns} SELECT ${columns}
FROM hs_office_relation debitorRel FROM hs_office.relation debitorRel
JOIN hs_office_debitor debitor ON debitor.debitorRelUuid = debitorRel.uuid JOIN hs_office.debitor debitor ON debitor.debitorRelUuid = debitorRel.uuid
WHERE debitor.uuid = ${REF}.debitorUuid WHERE debitor.uuid = ${REF}.debitorUuid
"""), """),
NOT_NULL) NOT_NULL)

4
src/main/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAssetRbacEntity.java
View File

@ -4,7 +4,7 @@ import lombok.Getter;
import lombok.NoArgsConstructor; import lombok.NoArgsConstructor;
import lombok.Setter; import lombok.Setter;
import lombok.experimental.SuperBuilder; import lombok.experimental.SuperBuilder;
import net.hostsharing.hsadminng.hs.booking.item.HsBookingItem; import net.hostsharing.hsadminng.hs.booking.item.HsBookingItemRbacEntity;
import net.hostsharing.hsadminng.hs.office.contact.HsOfficeContactRbacEntity; import net.hostsharing.hsadminng.hs.office.contact.HsOfficeContactRbacEntity;
import net.hostsharing.hsadminng.rbac.generator.RbacView; import net.hostsharing.hsadminng.rbac.generator.RbacView;
import net.hostsharing.hsadminng.rbac.generator.RbacView.SQL; import net.hostsharing.hsadminng.rbac.generator.RbacView.SQL;
@ -47,7 +47,7 @@ public class HsHostingAssetRbacEntity extends HsHostingAsset {
.withUpdatableColumns("version", "caption", "config", "assignedToAssetUuid", "alarmContactUuid") .withUpdatableColumns("version", "caption", "config", "assignedToAssetUuid", "alarmContactUuid")
.toRole(GLOBAL, ADMIN).grantPermission(INSERT) // TODO.impl: Why is this necessary to insert test data? .toRole(GLOBAL, ADMIN).grantPermission(INSERT) // TODO.impl: Why is this necessary to insert test data?
.importEntityAlias("bookingItem", HsBookingItem.class, usingDefaultCase(), .importEntityAlias("bookingItem", HsBookingItemRbacEntity.class, usingDefaultCase(),
dependsOnColumn("bookingItemUuid"), dependsOnColumn("bookingItemUuid"),
directlyFetchedByDependsOnColumn(), directlyFetchedByDependsOnColumn(),
NULLABLE) NULLABLE)

2
src/main/java/net/hostsharing/hsadminng/hs/office/bankaccount/HsOfficeBankAccountEntity.java
View File

@ -19,7 +19,7 @@ import static net.hostsharing.hsadminng.rbac.generator.RbacView.Role.*;
import static net.hostsharing.hsadminng.stringify.Stringify.stringify; import static net.hostsharing.hsadminng.stringify.Stringify.stringify;
@Entity @Entity
@Table(name = "hs_office_bankaccount_rv") @Table(schema = "hs_office", name = "bankaccount_rv")
@Getter @Getter
@Setter @Setter
@Builder @Builder

2
src/main/java/net/hostsharing/hsadminng/hs/office/contact/HsOfficeContactRbacEntity.java
View File

@ -16,7 +16,7 @@ import static net.hostsharing.hsadminng.rbac.generator.RbacView.Role.*;
import static net.hostsharing.hsadminng.rbac.generator.RbacView.rbacViewFor; import static net.hostsharing.hsadminng.rbac.generator.RbacView.rbacViewFor;
@Entity @Entity
@Table(name = "hs_office_contact_rv") @Table(schema = "hs_office", name = "contact_rv")
@Getter @Getter
@Setter @Setter
@NoArgsConstructor @NoArgsConstructor

2
src/main/java/net/hostsharing/hsadminng/hs/office/contact/HsOfficeContactRealEntity.java
View File

@ -10,7 +10,7 @@ import jakarta.persistence.Entity;
import jakarta.persistence.Table; import jakarta.persistence.Table;
@Entity @Entity
@Table(name = "hs_office_contact") @Table(schema = "hs_office", name = "contact")
@Getter @Getter
@Setter @Setter
@NoArgsConstructor @NoArgsConstructor

2
src/main/java/net/hostsharing/hsadminng/hs/office/coopassets/HsOfficeCoopAssetsTransactionEntity.java
View File

@ -34,7 +34,7 @@ import static net.hostsharing.hsadminng.rbac.generator.RbacView.rbacViewFor;
import static net.hostsharing.hsadminng.stringify.Stringify.stringify; import static net.hostsharing.hsadminng.stringify.Stringify.stringify;
@Entity @Entity
@Table(name = "hs_office_coopassetstransaction_rv") @Table(schema = "hs_office", name = "coopassetstransaction_rv")
@Getter @Getter
@Setter @Setter
@Builder @Builder

2
src/main/java/net/hostsharing/hsadminng/hs/office/coopshares/HsOfficeCoopSharesTransactionEntity.java
View File

@ -32,7 +32,7 @@ import static net.hostsharing.hsadminng.rbac.generator.RbacView.rbacViewFor;
import static net.hostsharing.hsadminng.stringify.Stringify.stringify; import static net.hostsharing.hsadminng.stringify.Stringify.stringify;
@Entity @Entity
@Table(name = "hs_office_coopsharestransaction_rv") @Table(schema = "hs_office", name = "coopsharestransaction_rv")
@Getter @Getter
@Setter @Setter
@Builder @Builder

20
src/main/java/net/hostsharing/hsadminng/hs/office/debitor/HsOfficeDebitorEntity.java
View File

@ -54,7 +54,7 @@ import static net.hostsharing.hsadminng.rbac.generator.RbacView.rbacViewFor;
import static net.hostsharing.hsadminng.stringify.Stringify.stringify; import static net.hostsharing.hsadminng.stringify.Stringify.stringify;
@Entity @Entity
@Table(name = "hs_office_debitor_rv") @Table(schema = "hs_office", name = "debitor_rv")
@Getter @Getter
@Setter @Setter
@Builder(toBuilder = true) @Builder(toBuilder = true)
@ -87,10 +87,10 @@ public class HsOfficeDebitorEntity implements BaseEntity<HsOfficeDebitorEntity>,
value = """ value = """
( (
SELECT DISTINCT partner.uuid SELECT DISTINCT partner.uuid
FROM hs_office_partner_rv partner FROM hs_office.partner_rv partner
JOIN hs_office_relation_rv dRel JOIN hs_office.relation_rv dRel
ON dRel.uuid = debitorreluuid AND dRel.type = 'DEBITOR' ON dRel.uuid = debitorreluuid AND dRel.type = 'DEBITOR'
JOIN hs_office_relation_rv pRel JOIN hs_office.relation_rv pRel
ON pRel.uuid = partner.partnerRelUuid AND pRel.type = 'PARTNER' ON pRel.uuid = partner.partnerRelUuid AND pRel.type = 'PARTNER'
WHERE pRel.holderUuid = dRel.anchorUuid WHERE pRel.holderUuid = dRel.anchorUuid
) )
@ -170,14 +170,14 @@ public class HsOfficeDebitorEntity implements BaseEntity<HsOfficeDebitorEntity>,
.withIdentityView(SQL.query(""" .withIdentityView(SQL.query("""
SELECT debitor.uuid AS uuid, SELECT debitor.uuid AS uuid,
'D-' || (SELECT partner.partnerNumber 'D-' || (SELECT partner.partnerNumber
FROM hs_office_partner partner FROM hs_office.partner partner
JOIN hs_office_relation partnerRel JOIN hs_office.relation partnerRel
ON partnerRel.uuid = partner.partnerRelUUid AND partnerRel.type = 'PARTNER' ON partnerRel.uuid = partner.partnerRelUUid AND partnerRel.type = 'PARTNER'
JOIN hs_office_relation debitorRel JOIN hs_office.relation debitorRel
ON debitorRel.anchorUuid = partnerRel.holderUuid AND debitorRel.type = 'DEBITOR' ON debitorRel.anchorUuid = partnerRel.holderUuid AND debitorRel.type = 'DEBITOR'
WHERE debitorRel.uuid = debitor.debitorRelUuid) WHERE debitorRel.uuid = debitor.debitorRelUuid)
|| debitorNumberSuffix as idName || debitorNumberSuffix as idName
FROM hs_office_debitor AS debitor FROM hs_office.debitor AS debitor
""")) """))
.withRestrictedViewOrderBy(SQL.projection("defaultPrefix")) .withRestrictedViewOrderBy(SQL.projection("defaultPrefix"))
.withUpdatableColumns( .withUpdatableColumns(
@ -209,8 +209,8 @@ public class HsOfficeDebitorEntity implements BaseEntity<HsOfficeDebitorEntity>,
dependsOnColumn("debitorRelUuid"), dependsOnColumn("debitorRelUuid"),
fetchedBySql(""" fetchedBySql("""
SELECT ${columns} SELECT ${columns}
FROM hs_office_relation AS partnerRel FROM hs_office.relation AS partnerRel
JOIN hs_office_relation AS debitorRel JOIN hs_office.relation AS debitorRel
ON debitorRel.type = 'DEBITOR' AND debitorRel.anchorUuid = partnerRel.holderUuid ON debitorRel.type = 'DEBITOR' AND debitorRel.anchorUuid = partnerRel.holderUuid
WHERE partnerRel.type = 'PARTNER' WHERE partnerRel.type = 'PARTNER'
AND ${REF}.debitorRelUuid = debitorRel.uuid AND ${REF}.debitorRelUuid = debitorRel.uuid

10
src/main/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipEntity.java
View File

@ -56,7 +56,7 @@ import static net.hostsharing.hsadminng.rbac.generator.RbacView.rbacViewFor;
import static net.hostsharing.hsadminng.stringify.Stringify.stringify; import static net.hostsharing.hsadminng.stringify.Stringify.stringify;
@Entity @Entity
@Table(name = "hs_office_membership_rv") @Table(schema = "hs_office", name = "membership_rv")
@Getter @Getter
@Setter @Setter
@Builder @Builder
@ -160,8 +160,8 @@ public class HsOfficeMembershipEntity implements BaseEntity<HsOfficeMembershipEn
.withIdentityView(SQL.query(""" .withIdentityView(SQL.query("""
SELECT m.uuid AS uuid, SELECT m.uuid AS uuid,
'M-' || p.partnerNumber || m.memberNumberSuffix as idName 'M-' || p.partnerNumber || m.memberNumberSuffix as idName
FROM hs_office_membership AS m FROM hs_office.membership AS m
JOIN hs_office_partner AS p ON p.uuid = m.partnerUuid JOIN hs_office.partner AS p ON p.uuid = m.partnerUuid
""")) """))
.withRestrictedViewOrderBy(SQL.projection("validity")) .withRestrictedViewOrderBy(SQL.projection("validity"))
.withUpdatableColumns("validity", "membershipFeeBillable", "status") .withUpdatableColumns("validity", "membershipFeeBillable", "status")
@ -170,8 +170,8 @@ public class HsOfficeMembershipEntity implements BaseEntity<HsOfficeMembershipEn
dependsOnColumn("partnerUuid"), dependsOnColumn("partnerUuid"),
fetchedBySql(""" fetchedBySql("""
SELECT ${columns} SELECT ${columns}
FROM hs_office_partner AS partner FROM hs_office.partner AS partner
JOIN hs_office_relation AS partnerRel ON partnerRel.uuid = partner.partnerRelUuid JOIN hs_office.relation AS partnerRel ON partnerRel.uuid = partner.partnerRelUuid
WHERE partner.uuid = ${REF}.partnerUuid WHERE partner.uuid = ${REF}.partnerUuid
"""), """),
NOT_NULL) NOT_NULL)

8
src/main/java/net/hostsharing/hsadminng/hs/office/partner/HsOfficePartnerDetailsEntity.java
View File

@ -20,7 +20,7 @@ import static net.hostsharing.hsadminng.rbac.generator.RbacView.rbacViewFor;
import static net.hostsharing.hsadminng.stringify.Stringify.stringify; import static net.hostsharing.hsadminng.stringify.Stringify.stringify;
@Entity @Entity
@Table(name = "hs_office_partner_details_rv") @Table(schema = "hs_office", name = "partner_details_rv")
@Getter @Getter
@Setter @Setter
@Builder @Builder
@ -71,9 +71,9 @@ public class HsOfficePartnerDetailsEntity implements BaseEntity<HsOfficePartnerD
return rbacViewFor("partnerDetails", HsOfficePartnerDetailsEntity.class) return rbacViewFor("partnerDetails", HsOfficePartnerDetailsEntity.class)
.withIdentityView(SQL.query(""" .withIdentityView(SQL.query("""
SELECT partnerDetails.uuid as uuid, partner_iv.idName as idName SELECT partnerDetails.uuid as uuid, partner_iv.idName as idName
FROM hs_office_partner_details AS partnerDetails FROM hs_office.partner_details AS partnerDetails
JOIN hs_office_partner partner ON partner.detailsUuid = partnerDetails.uuid JOIN hs_office.partner partner ON partner.detailsUuid = partnerDetails.uuid
JOIN hs_office_partner_iv partner_iv ON partner_iv.uuid = partner.uuid JOIN hs_office.partner_iv partner_iv ON partner_iv.uuid = partner.uuid
""")) """))
.withRestrictedViewOrderBy(SQL.expression("uuid")) .withRestrictedViewOrderBy(SQL.expression("uuid"))
.withUpdatableColumns( .withUpdatableColumns(

2
src/main/java/net/hostsharing/hsadminng/hs/office/partner/HsOfficePartnerEntity.java
View File

@ -36,7 +36,7 @@ import static java.util.Optional.ofNullable;
import static net.hostsharing.hsadminng.stringify.Stringify.stringify; import static net.hostsharing.hsadminng.stringify.Stringify.stringify;
@Entity @Entity
@Table(name = "hs_office_partner_rv") @Table(schema = "hs_office", name = "partner_rv")
@Getter @Getter
@Setter @Setter
@Builder @Builder

2
src/main/java/net/hostsharing/hsadminng/hs/office/person/HsOfficePersonEntity.java
View File

@ -22,7 +22,7 @@ import static net.hostsharing.hsadminng.rbac.generator.RbacView.rbacViewFor;
import static net.hostsharing.hsadminng.stringify.Stringify.stringify; import static net.hostsharing.hsadminng.stringify.Stringify.stringify;
@Entity @Entity
@Table(name = "hs_office_person_rv") @Table(schema = "hs_office", name = "person_rv")
@Getter @Getter
@Setter @Setter
@Builder @Builder

8
src/main/java/net/hostsharing/hsadminng/hs/office/relation/HsOfficeRelationRbacEntity.java
View File

@ -34,7 +34,7 @@ import static net.hostsharing.hsadminng.rbac.generator.RbacView.SQL.directlyFetc
import static net.hostsharing.hsadminng.rbac.generator.RbacView.rbacViewFor; import static net.hostsharing.hsadminng.rbac.generator.RbacView.rbacViewFor;
@Entity @Entity
@Table(name = "hs_office_relation_rv") @Table(schema = "hs_office", name = "relation_rv")
@NoArgsConstructor @NoArgsConstructor
@Getter @Getter
@Setter @Setter
@ -45,12 +45,12 @@ public class HsOfficeRelationRbacEntity extends HsOfficeRelation {
public static RbacView rbac() { public static RbacView rbac() {
return rbacViewFor("relation", HsOfficeRelationRbacEntity.class) return rbacViewFor("relation", HsOfficeRelationRbacEntity.class)
.withIdentityView(SQL.projection(""" .withIdentityView(SQL.projection("""
(select idName from hs_office_person_iv p where p.uuid = anchorUuid) (select idName from hs_office.person_iv p where p.uuid = anchorUuid)
|| '-with-' || target.type || '-' || '-with-' || target.type || '-'
|| (select idName from hs_office_person_iv p where p.uuid = holderUuid) || (select idName from hs_office.person_iv p where p.uuid = holderUuid)
""")) """))
.withRestrictedViewOrderBy(SQL.expression( .withRestrictedViewOrderBy(SQL.expression(
"(select idName from hs_office_person_iv p where p.uuid = target.holderUuid)")) "(select idName from hs_office.person_iv p where p.uuid = target.holderUuid)"))
.withUpdatableColumns("contactUuid") .withUpdatableColumns("contactUuid")
.importEntityAlias("anchorPerson", HsOfficePersonEntity.class, usingDefaultCase(), .importEntityAlias("anchorPerson", HsOfficePersonEntity.class, usingDefaultCase(),
dependsOnColumn("anchorUuid"), dependsOnColumn("anchorUuid"),

4
src/main/java/net/hostsharing/hsadminng/hs/office/relation/HsOfficeRelationRbacRepository.java
View File

@ -17,13 +17,13 @@ public interface HsOfficeRelationRbacRepository extends Repository<HsOfficeRelat
} }
@Query(value = """ @Query(value = """
SELECT p.* FROM hs_office_relation_rv AS p SELECT p.* FROM hs_office.relation_rv AS p
WHERE p.anchorUuid = :personUuid OR p.holderUuid = :personUuid WHERE p.anchorUuid = :personUuid OR p.holderUuid = :personUuid
""", nativeQuery = true) """, nativeQuery = true)
List<HsOfficeRelationRbacEntity> findRelationRelatedToPersonUuid(@NotNull UUID personUuid); List<HsOfficeRelationRbacEntity> findRelationRelatedToPersonUuid(@NotNull UUID personUuid);
@Query(value = """ @Query(value = """
SELECT p.* FROM hs_office_relation_rv AS p SELECT p.* FROM hs_office.relation_rv AS p
WHERE (:relationType IS NULL OR p.type = cast(:relationType AS HsOfficeRelationType)) WHERE (:relationType IS NULL OR p.type = cast(:relationType AS HsOfficeRelationType))
AND ( p.anchorUuid = :personUuid OR p.holderUuid = :personUuid) AND ( p.anchorUuid = :personUuid OR p.holderUuid = :personUuid)
""", nativeQuery = true) """, nativeQuery = true)

2
src/main/java/net/hostsharing/hsadminng/hs/office/relation/HsOfficeRelationRealEntity.java
View File

@ -11,7 +11,7 @@ import jakarta.persistence.Table;
@Entity @Entity
@Table(name = "hs_office_relation") @Table(schema = "hs_office", name = "relation")
@NoArgsConstructor @NoArgsConstructor
@Getter @Getter
@Setter @Setter

4
src/main/java/net/hostsharing/hsadminng/hs/office/relation/HsOfficeRelationRealRepository.java
View File

@ -17,13 +17,13 @@ public interface HsOfficeRelationRealRepository extends Repository<HsOfficeRelat
} }
@Query(value = """ @Query(value = """
SELECT p.* FROM hs_office_relation AS p SELECT p.* FROM hs_office.relation AS p
WHERE p.anchorUuid = :personUuid OR p.holderUuid = :personUuid WHERE p.anchorUuid = :personUuid OR p.holderUuid = :personUuid
""", nativeQuery = true) """, nativeQuery = true)
List<HsOfficeRelationRealEntity> findRelationRelatedToPersonUuid(@NotNull UUID personUuid); List<HsOfficeRelationRealEntity> findRelationRelatedToPersonUuid(@NotNull UUID personUuid);
@Query(value = """ @Query(value = """
SELECT p.* FROM hs_office_relation AS p SELECT p.* FROM hs_office.relation AS p
WHERE (:relationType IS NULL OR p.type = cast(:relationType AS HsOfficeRelationType)) WHERE (:relationType IS NULL OR p.type = cast(:relationType AS HsOfficeRelationType))
AND ( p.anchorUuid = :personUuid OR p.holderUuid = :personUuid) AND ( p.anchorUuid = :personUuid OR p.holderUuid = :personUuid)
""", nativeQuery = true) """, nativeQuery = true)

10
src/main/java/net/hostsharing/hsadminng/hs/office/sepamandate/HsOfficeSepaMandateEntity.java
View File

@ -33,7 +33,7 @@ import static net.hostsharing.hsadminng.rbac.generator.RbacView.rbacViewFor;
import static net.hostsharing.hsadminng.stringify.Stringify.stringify; import static net.hostsharing.hsadminng.stringify.Stringify.stringify;
@Entity @Entity
@Table(name = "hs_office_sepamandate_rv") @Table(schema = "hs_office", name = "sepamandate_rv")
@Getter @Getter
@Setter @Setter
@Builder @Builder
@ -104,8 +104,8 @@ public class HsOfficeSepaMandateEntity implements Stringifyable, BaseEntity<HsOf
return rbacViewFor("sepaMandate", HsOfficeSepaMandateEntity.class) return rbacViewFor("sepaMandate", HsOfficeSepaMandateEntity.class)
.withIdentityView(query(""" .withIdentityView(query("""
select sm.uuid as uuid, ba.iban || '-' || sm.validity as idName select sm.uuid as uuid, ba.iban || '-' || sm.validity as idName
from hs_office_sepamandate sm from hs_office.sepamandate sm
join hs_office_bankaccount ba on ba.uuid = sm.bankAccountUuid join hs_office.bankaccount ba on ba.uuid = sm.bankAccountUuid
""")) """))
.withRestrictedViewOrderBy(expression("validity")) .withRestrictedViewOrderBy(expression("validity"))
.withUpdatableColumns("reference", "agreement", "validity") .withUpdatableColumns("reference", "agreement", "validity")
@ -114,8 +114,8 @@ public class HsOfficeSepaMandateEntity implements Stringifyable, BaseEntity<HsOf
dependsOnColumn("debitorUuid"), dependsOnColumn("debitorUuid"),
fetchedBySql(""" fetchedBySql("""
SELECT ${columns} SELECT ${columns}
FROM hs_office_relation debitorRel FROM hs_office.relation debitorRel
JOIN hs_office_debitor debitor ON debitor.debitorRelUuid = debitorRel.uuid JOIN hs_office.debitor debitor ON debitor.debitorRelUuid = debitorRel.uuid
WHERE debitor.uuid = ${REF}.debitorUuid WHERE debitor.uuid = ${REF}.debitorUuid
"""), """),
NOT_NULL) NOT_NULL)

4
src/main/java/net/hostsharing/hsadminng/rbac/generator/InsertTriggerGenerator.java
View File

@ -213,7 +213,7 @@ public class InsertTriggerGenerator {
if (g.getSuperRoleDef().isGlobal(GUEST)) { if (g.getSuperRoleDef().isGlobal(GUEST)) {
plPgSql.writeLn( plPgSql.writeLn(
""" """
-- check INSERT INSERT permission for rbac.global anyone -- check INSERT permission for rbac.global anyone
if ${caseCondition}true then if ${caseCondition}true then
return NEW; return NEW;
end if; end if;
@ -222,7 +222,7 @@ public class InsertTriggerGenerator {
} else if (g.getSuperRoleDef().isGlobal(ADMIN)) { } else if (g.getSuperRoleDef().isGlobal(ADMIN)) {
plPgSql.writeLn( plPgSql.writeLn(
""" """
-- check INSERT INSERT if rbac.global ADMIN -- check INSERT permission if rbac.global ADMIN
if ${caseCondition}rbac.isGlobalAdmin() then if ${caseCondition}rbac.isGlobalAdmin() then
return NEW; return NEW;
end if; end if;

12
src/main/java/net/hostsharing/hsadminng/rbac/generator/RbacView.java
View File

@ -12,7 +12,6 @@ import jakarta.persistence.Version;
import jakarta.validation.constraints.NotNull; import jakarta.validation.constraints.NotNull;
import java.lang.reflect.InvocationTargetException; import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method; import java.lang.reflect.Method;
import java.lang.reflect.Modifier;
import java.nio.file.Path; import java.nio.file.Path;
import java.util.*; import java.util.*;
import java.util.function.Consumer; import java.util.function.Consumer;
@ -983,10 +982,10 @@ public class RbacView {
String getRawTableShortName() { String getRawTableShortName() {
// TODO.impl: some combined function and trigger names are too long // TODO.impl: some combined function and trigger names are too long
// maybe we should shorten the table name e.g. hs_office_coopsharestransaction -> hsof.coopsharetx // maybe we should shorten the table name e.g. hs_office.coopsharestransaction -> hsof.coopsharetx
// this is just a workaround: // this is just a workaround:
return getRawTableName() return getRawTableName()
.replace("hs_office_", "hsof_") .replace("hs_office.", "hsof.")
.replace("hs_booking_", "hsbk_") .replace("hs_booking_", "hsbk_")
.replace("hs_hosting_", "hsho_") .replace("hs_hosting_", "hsho_")
.replace("coopsharestransaction", "coopsharetx") .replace("coopsharestransaction", "coopsharetx")
@ -1274,13 +1273,14 @@ public class RbacView {
public static Set<Class<? extends BaseEntity>> findRbacEntityClasses(String packageName) { public static Set<Class<? extends BaseEntity>> findRbacEntityClasses(String packageName) {
final var reflections = new Reflections(packageName, TypeAnnotationsScanner.class); final var reflections = new Reflections(packageName, TypeAnnotationsScanner.class);
return reflections.getTypesAnnotatedWith(Entity.class).stream() final Set<Class<? extends BaseEntity>> rbacEntityClasses = reflections.getTypesAnnotatedWith(Entity.class).stream()
.filter(c -> stream(c.getInterfaces()).anyMatch(i -> i== BaseEntity.class)) .filter(BaseEntity.class::isAssignableFrom)
.filter(c -> stream(c.getDeclaredMethods()) .filter(c -> stream(c.getDeclaredMethods())
.anyMatch(m -> m.getName().equals("rbac") && Modifier.isStatic(m.getModifiers())) .anyMatch(m -> m.getName().equals("rbac") && isStatic(m.getModifiers()))
) )
.map(RbacView::castToSubclassOfBaseEntity) .map(RbacView::castToSubclassOfBaseEntity)
.collect(Collectors.toSet()); .collect(Collectors.toSet());
return rbacEntityClasses;
} }
@SuppressWarnings("unchecked") @SuppressWarnings("unchecked")

73
src/main/java/net/hostsharing/hsadminng/rbac/generator/RolesGrantsAndPermissionsGenerator.java
View File

@ -29,7 +29,7 @@ class RolesGrantsAndPermissionsGenerator {
private final String liquibaseTagPrefix; private final String liquibaseTagPrefix;
private final String simpleEntityName; private final String simpleEntityName;
private final String simpleEntityVarName; private final String simpleEntityVarName;
private final String rawTableName; private final String qualifiedRawTableName;
RolesGrantsAndPermissionsGenerator(final RbacView rbacDef, final String liquibaseTagPrefix) { RolesGrantsAndPermissionsGenerator(final RbacView rbacDef, final String liquibaseTagPrefix) {
this.rbacDef = rbacDef; this.rbacDef = rbacDef;
@ -40,7 +40,7 @@ class RolesGrantsAndPermissionsGenerator {
simpleEntityVarName = rbacDef.getRootEntityAlias().simpleName(); simpleEntityVarName = rbacDef.getRootEntityAlias().simpleName();
simpleEntityName = capitalize(simpleEntityVarName); simpleEntityName = capitalize(simpleEntityVarName);
rawTableName = rbacDef.getRootEntityAlias().getRawTableNameWithSchema(); qualifiedRawTableName = rbacDef.getRootEntityAlias().getRawTableNameWithSchema();
} }
void generateTo(final StringWriter plPgSql) { void generateTo(final StringWriter plPgSql) {
@ -66,13 +66,12 @@ class RolesGrantsAndPermissionsGenerator {
Creates the roles, grants and permission for the AFTER INSERT TRIGGER. Creates the roles, grants and permission for the AFTER INSERT TRIGGER.
*/ */
create or replace procedure buildRbacSystemFor${simpleEntityName}( create or replace procedure ${rawTableQualifiedName}_build_rbac_system(
NEW ${rawTableName} NEW ${rawTableQualifiedName}
) )
language plpgsql as $$ language plpgsql as $$
""" """
.replace("${simpleEntityName}", simpleEntityName) .replace("${rawTableQualifiedName}", qualifiedRawTableName));
.replace("${rawTableName}", rawTableName));
plPgSql.writeLn("declare"); plPgSql.writeLn("declare");
plPgSql.indented(() -> { plPgSql.indented(() -> {
@ -106,21 +105,21 @@ class RolesGrantsAndPermissionsGenerator {
Called from the AFTER UPDATE TRIGGER to re-wire the grants. Called from the AFTER UPDATE TRIGGER to re-wire the grants.
*/ */
create or replace procedure updateRbacRulesFor${simpleEntityName}( create or replace procedure ${rawTableQualifiedName}_update_rbac_system(
OLD ${rawTableName}, OLD ${rawTableQualifiedName},
NEW ${rawTableName} NEW ${rawTableQualifiedName}
) )
language plpgsql as $$ language plpgsql as $$
begin begin
if ${updateConditions} then if ${updateConditions} then
delete from rbac.grants g where g.grantedbytriggerof = OLD.uuid; delete from rbac.grants g where g.grantedbytriggerof = OLD.uuid;
call buildRbacSystemFor${simpleEntityName}(NEW); call ${rawTableQualifiedName}_build_rbac_system(NEW);
end if; end if;
end; $$; end; $$;
""", """,
with("simpleEntityName", simpleEntityName), with("simpleEntityName", simpleEntityName),
with("rawTableName", rawTableName), with("rawTableQualifiedName", qualifiedRawTableName),
with("updateConditions", updateConditions)); with("updateConditions", updateConditions));
} }
@ -130,16 +129,15 @@ class RolesGrantsAndPermissionsGenerator {
Called from the AFTER UPDATE TRIGGER to re-wire the grants. Called from the AFTER UPDATE TRIGGER to re-wire the grants.
*/ */
create or replace procedure updateRbacRulesFor${simpleEntityName}( create or replace procedure ${rawTableQualifiedName}_update_rbac_system(
OLD ${rawTableName}, OLD ${rawTableQualifiedName},
NEW ${rawTableName} NEW ${rawTableQualifiedName}
) )
language plpgsql as $$ language plpgsql as $$
declare declare
""" """,
.replace("${simpleEntityName}", simpleEntityName) with("rawTableQualifiedName", qualifiedRawTableName));
.replace("${rawTableName}", rawTableName));
plPgSql.chopEmptyLines(); plPgSql.chopEmptyLines();
plPgSql.indented(() -> { plPgSql.indented(() -> {
@ -514,25 +512,25 @@ class RolesGrantsAndPermissionsGenerator {
plPgSql.writeLn(""" plPgSql.writeLn("""
/* /*
AFTER INSERT TRIGGER to create the role+grant structure for a new ${rawTableName} row. AFTER INSERT TRIGGER to create the role+grant structure for a new ${rawTableQualifiedName} row.
*/ */
create or replace function insertTriggerFor${simpleEntityName}_tf() create or replace function ${rawTableQualifiedName}_build_rbac_system_after_insert_tf()
returns trigger returns trigger
language plpgsql language plpgsql
strict as $$ strict as $$
begin begin
call buildRbacSystemFor${simpleEntityName}(NEW); call ${rawTableQualifiedName}_build_rbac_system(NEW);
return NEW; return NEW;
end; $$; end; $$;
create trigger insertTriggerFor${simpleEntityName}_tg create trigger build_rbac_system_after_insert_tg
after insert on ${rawTableName} after insert on ${rawTableQualifiedName}
for each row for each row
execute procedure insertTriggerFor${simpleEntityName}_tf(); execute procedure ${rawTableQualifiedName}_build_rbac_system_after_insert_tf();
""" """
.replace("${simpleEntityName}", simpleEntityName) .replace("${schemaPrefix}", schemaPrefix(qualifiedRawTableName))
.replace("${rawTableName}", rawTableName) .replace("${rawTableQualifiedName}", qualifiedRawTableName)
); );
generateFooter(plPgSql); generateFooter(plPgSql);
@ -549,30 +547,35 @@ class RolesGrantsAndPermissionsGenerator {
plPgSql.writeLn(""" plPgSql.writeLn("""
/* /*
AFTER INSERT TRIGGER to re-wire the grant structure for a new ${rawTableName} row. AFTER UPDATE TRIGGER to re-wire the grant structure for a new ${rawTableQualifiedName} row.
*/ */
create or replace function updateTriggerFor${simpleEntityName}_tf() create or replace function ${rawTableQualifiedName}_update_rbac_system_after_update_tf()
returns trigger returns trigger
language plpgsql language plpgsql
strict as $$ strict as $$
begin begin
call updateRbacRulesFor${simpleEntityName}(OLD, NEW); call ${rawTableQualifiedName}_update_rbac_system(OLD, NEW);
return NEW; return NEW;
end; $$; end; $$;
create trigger updateTriggerFor${simpleEntityName}_tg create trigger update_rbac_system_after_update_tg
after update on ${rawTableName} after update on ${rawTableQualifiedName}
for each row for each row
execute procedure updateTriggerFor${simpleEntityName}_tf(); execute procedure ${rawTableQualifiedName}_update_rbac_system_after_update_tf();
""" """
.replace("${simpleEntityName}", simpleEntityName) .replace("${rawTableQualifiedName}", qualifiedRawTableName)
.replace("${rawTableName}", rawTableName)
); );
generateFooter(plPgSql); generateFooter(plPgSql);
} }
private String schemaPrefix(final String qualifiedIdentifier) {
return qualifiedIdentifier.contains(".")
? qualifiedIdentifier.split("\\.")[0] + "."
: "";
}
private static void generateFooter(final StringWriter plPgSql) { private static void generateFooter(final StringWriter plPgSql) {
plPgSql.writeLn("--//"); plPgSql.writeLn("--//");
plPgSql.writeLn(); plPgSql.writeLn();

2
src/main/resources/db/changelog/1-rbac/1050-rbac-base.sql
View File

@ -384,7 +384,7 @@ create index on rbac.permission (objectUuid, op);
create index on rbac.permission (opTableName, op); create index on rbac.permission (opTableName, op);
ALTER TABLE rbac.permission ALTER TABLE rbac.permission
ADD CONSTRAINT RbacPermission_uc UNIQUE NULLS NOT DISTINCT (objectUuid, op, opTableName); ADD CONSTRAINT unique_including_null_values UNIQUE NULLS NOT DISTINCT (objectUuid, op, opTableName);
call base.create_journal('rbac.permission'); call base.create_journal('rbac.permission');

12
src/main/resources/db/changelog/2-rbactest/201-rbactest-customer/2013-rbactest-customer-rbac.sql
View File

@ -24,7 +24,7 @@ call rbac.generateRbacRoleDescriptors('testCustomer', 'rbactest.customer');
Creates the roles, grants and permission for the AFTER INSERT TRIGGER. Creates the roles, grants and permission for the AFTER INSERT TRIGGER.
*/ */
create or replace procedure buildRbacSystemForTestCustomer( create or replace procedure rbactest.customer_build_rbac_system(
NEW rbactest.customer NEW rbactest.customer
) )
language plpgsql as $$ language plpgsql as $$
@ -60,19 +60,19 @@ end; $$;
AFTER INSERT TRIGGER to create the role+grant structure for a new rbactest.customer row. AFTER INSERT TRIGGER to create the role+grant structure for a new rbactest.customer row.
*/ */
create or replace function insertTriggerForTestCustomer_tf() create or replace function rbactest.customer_build_rbac_system_after_insert_tf()
returns trigger returns trigger
language plpgsql language plpgsql
strict as $$ strict as $$
begin begin
call buildRbacSystemForTestCustomer(NEW); call rbactest.customer_build_rbac_system(NEW);
return NEW; return NEW;
end; $$; end; $$;
create trigger insertTriggerForTestCustomer_tg create trigger build_rbac_system_after_insert_tg
after insert on rbactest.customer after insert on rbactest.customer
for each row for each row
execute procedure insertTriggerForTestCustomer_tf(); execute procedure rbactest.customer_build_rbac_system_after_insert_tf();
--// --//
@ -137,7 +137,7 @@ create or replace function rbactest.customer_insert_permission_check_tf()
declare declare
superObjectUuid uuid; superObjectUuid uuid;
begin begin
-- check INSERT INSERT if rbac.global ADMIN -- check INSERT permission if rbac.global ADMIN
if rbac.isGlobalAdmin() then if rbac.isGlobalAdmin() then
return NEW; return NEW;
end if; end if;

22
src/main/resources/db/changelog/2-rbactest/202-rbactest-package/2023-rbactest-package-rbac.sql
View File

@ -24,7 +24,7 @@ call rbac.generateRbacRoleDescriptors('testPackage', 'rbactest.package');
Creates the roles, grants and permission for the AFTER INSERT TRIGGER. Creates the roles, grants and permission for the AFTER INSERT TRIGGER.
*/ */
create or replace procedure buildRbacSystemForTestPackage( create or replace procedure rbactest.package_build_rbac_system(
NEW rbactest.package NEW rbactest.package
) )
language plpgsql as $$ language plpgsql as $$
@ -64,19 +64,19 @@ end; $$;
AFTER INSERT TRIGGER to create the role+grant structure for a new rbactest.package row. AFTER INSERT TRIGGER to create the role+grant structure for a new rbactest.package row.
*/ */
create or replace function insertTriggerForTestPackage_tf() create or replace function rbactest.package_build_rbac_system_after_insert_tf()
returns trigger returns trigger
language plpgsql language plpgsql
strict as $$ strict as $$
begin begin
call buildRbacSystemForTestPackage(NEW); call rbactest.package_build_rbac_system(NEW);
return NEW; return NEW;
end; $$; end; $$;
create trigger insertTriggerForTestPackage_tg create trigger build_rbac_system_after_insert_tg
after insert on rbactest.package after insert on rbactest.package
for each row for each row
execute procedure insertTriggerForTestPackage_tf(); execute procedure rbactest.package_build_rbac_system_after_insert_tf();
--// --//
@ -88,7 +88,7 @@ execute procedure insertTriggerForTestPackage_tf();
Called from the AFTER UPDATE TRIGGER to re-wire the grants. Called from the AFTER UPDATE TRIGGER to re-wire the grants.
*/ */
create or replace procedure updateRbacRulesForTestPackage( create or replace procedure rbactest.package_update_rbac_system(
OLD rbactest.package, OLD rbactest.package,
NEW rbactest.package NEW rbactest.package
) )
@ -122,22 +122,22 @@ begin
end; $$; end; $$;
/* /*
AFTER INSERT TRIGGER to re-wire the grant structure for a new rbactest.package row. AFTER UPDATE TRIGGER to re-wire the grant structure for a new rbactest.package row.
*/ */
create or replace function updateTriggerForTestPackage_tf() create or replace function rbactest.package_update_rbac_system_after_update_tf()
returns trigger returns trigger
language plpgsql language plpgsql
strict as $$ strict as $$
begin begin
call updateRbacRulesForTestPackage(OLD, NEW); call rbactest.package_update_rbac_system(OLD, NEW);
return NEW; return NEW;
end; $$; end; $$;
create trigger updateTriggerForTestPackage_tg create trigger update_rbac_system_after_update_tg
after update on rbactest.package after update on rbactest.package
for each row for each row
execute procedure updateTriggerForTestPackage_tf(); execute procedure rbactest.package_update_rbac_system_after_update_tf();
--// --//

22
src/main/resources/db/changelog/2-rbactest/203-rbactest-domain/2033-rbactest-domain-rbac.sql
View File

@ -24,7 +24,7 @@ call rbac.generateRbacRoleDescriptors('testDomain', 'rbactest.domain');
Creates the roles, grants and permission for the AFTER INSERT TRIGGER. Creates the roles, grants and permission for the AFTER INSERT TRIGGER.
*/ */
create or replace procedure buildRbacSystemForTestDomain( create or replace procedure rbactest.domain_build_rbac_system(
NEW rbactest.domain NEW rbactest.domain
) )
language plpgsql as $$ language plpgsql as $$
@ -60,19 +60,19 @@ end; $$;
AFTER INSERT TRIGGER to create the role+grant structure for a new rbactest.domain row. AFTER INSERT TRIGGER to create the role+grant structure for a new rbactest.domain row.
*/ */
create or replace function insertTriggerForTestDomain_tf() create or replace function rbactest.domain_build_rbac_system_after_insert_tf()
returns trigger returns trigger
language plpgsql language plpgsql
strict as $$ strict as $$
begin begin
call buildRbacSystemForTestDomain(NEW); call rbactest.domain_build_rbac_system(NEW);
return NEW; return NEW;
end; $$; end; $$;
create trigger insertTriggerForTestDomain_tg create trigger build_rbac_system_after_insert_tg
after insert on rbactest.domain after insert on rbactest.domain
for each row for each row
execute procedure insertTriggerForTestDomain_tf(); execute procedure rbactest.domain_build_rbac_system_after_insert_tf();
--// --//
@ -84,7 +84,7 @@ execute procedure insertTriggerForTestDomain_tf();
Called from the AFTER UPDATE TRIGGER to re-wire the grants. Called from the AFTER UPDATE TRIGGER to re-wire the grants.
*/ */
create or replace procedure updateRbacRulesForTestDomain( create or replace procedure rbactest.domain_update_rbac_system(
OLD rbactest.domain, OLD rbactest.domain,
NEW rbactest.domain NEW rbactest.domain
) )
@ -121,22 +121,22 @@ begin
end; $$; end; $$;
/* /*
AFTER INSERT TRIGGER to re-wire the grant structure for a new rbactest.domain row. AFTER UPDATE TRIGGER to re-wire the grant structure for a new rbactest.domain row.
*/ */
create or replace function updateTriggerForTestDomain_tf() create or replace function rbactest.domain_update_rbac_system_after_update_tf()
returns trigger returns trigger
language plpgsql language plpgsql
strict as $$ strict as $$
begin begin
call updateRbacRulesForTestDomain(OLD, NEW); call rbactest.domain_update_rbac_system(OLD, NEW);
return NEW; return NEW;
end; $$; end; $$;
create trigger updateTriggerForTestDomain_tg create trigger update_rbac_system_after_update_tg
after update on rbactest.domain after update on rbactest.domain
for each row for each row
execute procedure updateTriggerForTestDomain_tf(); execute procedure rbactest.domain_update_rbac_system_after_update_tf();
--// --//

8
src/main/resources/db/changelog/5-hs-office/500-hs-office-schema.sql Normal file
View File

@ -0,0 +1,8 @@
--liquibase formatted sql
-- ============================================================================
--changeset michael.hoennig:hs-office-SCHEMA endDelimiter:--//
-- ----------------------------------------------------------------------------
CREATE SCHEMA hs_office;
--//

4
src/main/resources/db/changelog/5-hs-office/501-contact/5010-hs-office-contact.sql
View File

@ -4,7 +4,7 @@
--changeset michael.hoennig:hs-office-contact-MAIN-TABLE endDelimiter:--// --changeset michael.hoennig:hs-office-contact-MAIN-TABLE endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
create table if not exists hs_office_contact create table if not exists hs_office.contact
( (
uuid uuid unique references rbac.object (uuid) initially deferred, uuid uuid unique references rbac.object (uuid) initially deferred,
version int not null default 0, version int not null default 0,
@ -20,5 +20,5 @@ create table if not exists hs_office_contact
--changeset michael.hoennig:hs-office-contact-MAIN-TABLE-JOURNAL endDelimiter:--// --changeset michael.hoennig:hs-office-contact-MAIN-TABLE-JOURNAL endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call base.create_journal('hs_office_contact'); call base.create_journal('hs_office.contact');
--// --//

36
src/main/resources/db/changelog/5-hs-office/501-contact/5013-hs-office-contact-rbac.sql
View File

@ -3,29 +3,29 @@
-- ============================================================================ -- ============================================================================
--changeset michael.hoennig:hs-office-contact-rbac-OBJECT endDelimiter:--// --changeset RbacObjectGenerator:hs-office-contact-rbac-OBJECT endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call rbac.generateRelatedRbacObject('hs_office_contact'); call rbac.generateRelatedRbacObject('hs_office.contact');
--// --//
-- ============================================================================ -- ============================================================================
--changeset michael.hoennig:hs-office-contact-rbac-ROLE-DESCRIPTORS endDelimiter:--// --changeset RbacRoleDescriptorsGenerator:hs-office-contact-rbac-ROLE-DESCRIPTORS endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call rbac.generateRbacRoleDescriptors('hsOfficeContact', 'hs_office_contact'); call rbac.generateRbacRoleDescriptors('hsOfficeContact', 'hs_office.contact');
--// --//
-- ============================================================================ -- ============================================================================
--changeset michael.hoennig:hs-office-contact-rbac-insert-trigger endDelimiter:--// --changeset RolesGrantsAndPermissionsGenerator:hs-office-contact-rbac-insert-trigger endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
/* /*
Creates the roles, grants and permission for the AFTER INSERT TRIGGER. Creates the roles, grants and permission for the AFTER INSERT TRIGGER.
*/ */
create or replace procedure buildRbacSystemForHsOfficeContact( create or replace procedure hs_office.contact_build_rbac_system(
NEW hs_office_contact NEW hs_office.contact
) )
language plpgsql as $$ language plpgsql as $$
@ -37,7 +37,7 @@ begin
perform rbac.defineRoleWithGrants( perform rbac.defineRoleWithGrants(
hsOfficeContactOWNER(NEW), hsOfficeContactOWNER(NEW),
permissions => array['DELETE'], permissions => array['DELETE'],
incomingSuperRoles => array[rbac.globalAdmin()], incomingSuperRoles => array[rbac.globalADMIN()],
subjectUuids => array[rbac.currentSubjectUuid()] subjectUuids => array[rbac.currentSubjectUuid()]
); );
@ -57,30 +57,30 @@ begin
end; $$; end; $$;
/* /*
AFTER INSERT TRIGGER to create the role+grant structure for a new hs_office_contact row. AFTER INSERT TRIGGER to create the role+grant structure for a new hs_office.contact row.
*/ */
create or replace function insertTriggerForHsOfficeContact_tf() create or replace function hs_office.contact_build_rbac_system_after_insert_tf()
returns trigger returns trigger
language plpgsql language plpgsql
strict as $$ strict as $$
begin begin
call buildRbacSystemForHsOfficeContact(NEW); call hs_office.contact_build_rbac_system(NEW);
return NEW; return NEW;
end; $$; end; $$;
create trigger insertTriggerForHsOfficeContact_tg create trigger build_rbac_system_after_insert_tg
after insert on hs_office_contact after insert on hs_office.contact
for each row for each row
execute procedure insertTriggerForHsOfficeContact_tf(); execute procedure hs_office.contact_build_rbac_system_after_insert_tf();
--// --//
-- ============================================================================ -- ============================================================================
--changeset michael.hoennig:hs-office-contact-rbac-IDENTITY-VIEW endDelimiter:--// --changeset RbacIdentityViewGenerator:hs-office-contact-rbac-IDENTITY-VIEW endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call rbac.generateRbacIdentityViewFromProjection('hs_office_contact', call rbac.generateRbacIdentityViewFromProjection('hs_office.contact',
$idName$ $idName$
caption caption
$idName$); $idName$);
@ -88,9 +88,9 @@ call rbac.generateRbacIdentityViewFromProjection('hs_office_contact',
-- ============================================================================ -- ============================================================================
--changeset michael.hoennig:hs-office-contact-rbac-RESTRICTED-VIEW endDelimiter:--// --changeset RbacRestrictedViewGenerator:hs-office-contact-rbac-RESTRICTED-VIEW endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call rbac.generateRbacRestrictedView('hs_office_contact', call rbac.generateRbacRestrictedView('hs_office.contact',
$orderBy$ $orderBy$
caption caption
$orderBy$, $orderBy$,

26
src/main/resources/db/changelog/5-hs-office/501-contact/5016-hs-office-contact-migration.sql
View File

@ -7,9 +7,9 @@
--changeset michael.hoennig:hs-office-contact-MIGRATION-mapping endDelimiter:--// --changeset michael.hoennig:hs-office-contact-MIGRATION-mapping endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
CREATE TABLE hs_office_contact_legacy_id CREATE TABLE hs_office.contact_legacy_id
( (
uuid uuid NOT NULL REFERENCES hs_office_contact(uuid), uuid uuid NOT NULL REFERENCES hs_office.contact(uuid),
contact_id integer NOT NULL contact_id integer NOT NULL
); );
--// --//
@ -19,10 +19,10 @@ CREATE TABLE hs_office_contact_legacy_id
--changeset michael.hoennig:hs-office-contact-MIGRATION-sequence endDelimiter:--// --changeset michael.hoennig:hs-office-contact-MIGRATION-sequence endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
CREATE SEQUENCE IF NOT EXISTS hs_office_contact_legacy_id_seq CREATE SEQUENCE IF NOT EXISTS hs_office.contact_legacy_id_seq
AS integer AS integer
START 1000000000 START 1000000000
OWNED BY hs_office_contact_legacy_id.contact_id; OWNED BY hs_office.contact_legacy_id.contact_id;
--// --//
@ -30,9 +30,9 @@ CREATE SEQUENCE IF NOT EXISTS hs_office_contact_legacy_id_seq
--changeset michael.hoennig:hs-office-contact-MIGRATION-default endDelimiter:--// --changeset michael.hoennig:hs-office-contact-MIGRATION-default endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
ALTER TABLE hs_office_contact_legacy_id ALTER TABLE hs_office.contact_legacy_id
ALTER COLUMN contact_id ALTER COLUMN contact_id
SET DEFAULT nextVal('hs_office_contact_legacy_id_seq'); SET DEFAULT nextVal('hs_office.contact_legacy_id_seq');
--/ --/
@ -41,8 +41,8 @@ ALTER TABLE hs_office_contact_legacy_id
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
CALL base.defineContext('schema-migration'); CALL base.defineContext('schema-migration');
INSERT INTO hs_office_contact_legacy_id(uuid, contact_id) INSERT INTO hs_office.contact_legacy_id(uuid, contact_id)
SELECT uuid, nextVal('hs_office_contact_legacy_id_seq') FROM hs_office_contact; SELECT uuid, nextVal('hs_office.contact_legacy_id_seq') FROM hs_office.contact;
--/ --/
@ -58,14 +58,14 @@ begin
raise exception 'invalid usage of trigger'; raise exception 'invalid usage of trigger';
end if; end if;
INSERT INTO hs_office_contact_legacy_id VALUES INSERT INTO hs_office.contact_legacy_id VALUES
(NEW.uuid, nextVal('hs_office_contact_legacy_id_seq')); (NEW.uuid, nextVal('hs_office.contact_legacy_id_seq'));
return NEW; return NEW;
end; $$; end; $$;
create trigger createContactLegacyIdMapping create trigger createContactLegacyIdMapping
after insert on hs_office_contact after insert on hs_office.contact
for each row for each row
execute procedure insertContactLegacyIdMapping(); execute procedure insertContactLegacyIdMapping();
--/ --/
@ -83,14 +83,14 @@ begin
raise exception 'invalid usage of trigger'; raise exception 'invalid usage of trigger';
end if; end if;
DELETE FROM hs_office_contact_legacy_id DELETE FROM hs_office.contact_legacy_id
WHERE uuid = OLD.uuid; WHERE uuid = OLD.uuid;
return OLD; return OLD;
end; $$; end; $$;
create trigger removeContactLegacyIdMapping create trigger removeContactLegacyIdMapping
before delete on hs_office_contact before delete on hs_office.contact
for each row for each row
execute procedure deleteContactLegacyIdMapping(); execute procedure deleteContactLegacyIdMapping();
--/ --/

2
src/main/resources/db/changelog/5-hs-office/501-contact/5018-hs-office-contact-test-data.sql
View File

@ -23,7 +23,7 @@ begin
raise notice 'creating test contact: %', contCaption; raise notice 'creating test contact: %', contCaption;
insert insert
into hs_office_contact (caption, postaladdress, emailaddresses, phonenumbers) into hs_office.contact (caption, postaladdress, emailaddresses, phonenumbers)
values ( values (
contCaption, contCaption,
postalAddr, postalAddr,

4
src/main/resources/db/changelog/5-hs-office/502-person/5020-hs-office-person.sql
View File

@ -14,7 +14,7 @@ CREATE TYPE HsOfficePersonType AS ENUM (
CREATE CAST (character varying as HsOfficePersonType) WITH INOUT AS IMPLICIT; CREATE CAST (character varying as HsOfficePersonType) WITH INOUT AS IMPLICIT;
create table if not exists hs_office_person create table if not exists hs_office.person
( (
uuid uuid unique references rbac.object (uuid) initially deferred, uuid uuid unique references rbac.object (uuid) initially deferred,
version int not null default 0, version int not null default 0,
@ -31,5 +31,5 @@ create table if not exists hs_office_person
--changeset michael.hoennig:hs-office-person-MAIN-TABLE-JOURNAL endDelimiter:--// --changeset michael.hoennig:hs-office-person-MAIN-TABLE-JOURNAL endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call base.create_journal('hs_office_person'); call base.create_journal('hs_office.person');
--// --//

24
src/main/resources/db/changelog/5-hs-office/502-person/5023-hs-office-person-rbac.sql
View File

@ -5,14 +5,14 @@
-- ============================================================================ -- ============================================================================
--changeset RbacObjectGenerator:hs-office-person-rbac-OBJECT endDelimiter:--// --changeset RbacObjectGenerator:hs-office-person-rbac-OBJECT endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call rbac.generateRelatedRbacObject('hs_office_person'); call rbac.generateRelatedRbacObject('hs_office.person');
--// --//
-- ============================================================================ -- ============================================================================
--changeset RbacRoleDescriptorsGenerator:hs-office-person-rbac-ROLE-DESCRIPTORS endDelimiter:--// --changeset RbacRoleDescriptorsGenerator:hs-office-person-rbac-ROLE-DESCRIPTORS endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call rbac.generateRbacRoleDescriptors('hsOfficePerson', 'hs_office_person'); call rbac.generateRbacRoleDescriptors('hsOfficePerson', 'hs_office.person');
--// --//
@ -24,8 +24,8 @@ call rbac.generateRbacRoleDescriptors('hsOfficePerson', 'hs_office_person');
Creates the roles, grants and permission for the AFTER INSERT TRIGGER. Creates the roles, grants and permission for the AFTER INSERT TRIGGER.
*/ */
create or replace procedure buildRbacSystemForHsOfficePerson( create or replace procedure hs_office.person_build_rbac_system(
NEW hs_office_person NEW hs_office.person
) )
language plpgsql as $$ language plpgsql as $$
@ -57,22 +57,22 @@ begin
end; $$; end; $$;
/* /*
AFTER INSERT TRIGGER to create the role+grant structure for a new hs_office_person row. AFTER INSERT TRIGGER to create the role+grant structure for a new hs_office.person row.
*/ */
create or replace function insertTriggerForHsOfficePerson_tf() create or replace function hs_office.person_build_rbac_system_after_insert_tf()
returns trigger returns trigger
language plpgsql language plpgsql
strict as $$ strict as $$
begin begin
call buildRbacSystemForHsOfficePerson(NEW); call hs_office.person_build_rbac_system(NEW);
return NEW; return NEW;
end; $$; end; $$;
create trigger insertTriggerForHsOfficePerson_tg create trigger build_rbac_system_after_insert_tg
after insert on hs_office_person after insert on hs_office.person
for each row for each row
execute procedure insertTriggerForHsOfficePerson_tf(); execute procedure hs_office.person_build_rbac_system_after_insert_tf();
--// --//
@ -80,7 +80,7 @@ execute procedure insertTriggerForHsOfficePerson_tf();
--changeset RbacIdentityViewGenerator:hs-office-person-rbac-IDENTITY-VIEW endDelimiter:--// --changeset RbacIdentityViewGenerator:hs-office-person-rbac-IDENTITY-VIEW endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call rbac.generateRbacIdentityViewFromProjection('hs_office_person', call rbac.generateRbacIdentityViewFromProjection('hs_office.person',
$idName$ $idName$
concat(tradeName, familyName, givenName) concat(tradeName, familyName, givenName)
$idName$); $idName$);
@ -90,7 +90,7 @@ call rbac.generateRbacIdentityViewFromProjection('hs_office_person',
-- ============================================================================ -- ============================================================================
--changeset RbacRestrictedViewGenerator:hs-office-person-rbac-RESTRICTED-VIEW endDelimiter:--// --changeset RbacRestrictedViewGenerator:hs-office-person-rbac-RESTRICTED-VIEW endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call rbac.generateRbacRestrictedView('hs_office_person', call rbac.generateRbacRestrictedView('hs_office.person',
$orderBy$ $orderBy$
concat(tradeName, familyName, givenName) concat(tradeName, familyName, givenName)
$orderBy$, $orderBy$,

2
src/main/resources/db/changelog/5-hs-office/502-person/5028-hs-office-person-test-data.sql
View File

@ -27,7 +27,7 @@ begin
raise notice 'creating test person: % by %', fullName, emailAddr; raise notice 'creating test person: % by %', fullName, emailAddr;
insert insert
into hs_office_person (persontype, tradename, givenname, familyname) into hs_office.person (persontype, tradename, givenname, familyname)
values (newPersonType, newTradeName, newGivenName, newFamilyName); values (newPersonType, newTradeName, newGivenName, newFamilyName);
end; $$; end; $$;
--// --//

10
src/main/resources/db/changelog/5-hs-office/503-relation/5030-hs-office-relation.sql
View File

@ -16,13 +16,13 @@ CREATE TYPE HsOfficeRelationType AS ENUM (
CREATE CAST (character varying as HsOfficeRelationType) WITH INOUT AS IMPLICIT; CREATE CAST (character varying as HsOfficeRelationType) WITH INOUT AS IMPLICIT;
create table if not exists hs_office_relation create table if not exists hs_office.relation
( (
uuid uuid unique references rbac.object (uuid) initially deferred, -- on delete cascade uuid uuid unique references rbac.object (uuid) initially deferred, -- on delete cascade
version int not null default 0, version int not null default 0,
anchorUuid uuid not null references hs_office_person(uuid), anchorUuid uuid not null references hs_office.person(uuid),
holderUuid uuid not null references hs_office_person(uuid), holderUuid uuid not null references hs_office.person(uuid),
contactUuid uuid references hs_office_contact(uuid), contactUuid uuid references hs_office.contact(uuid),
type HsOfficeRelationType not null, type HsOfficeRelationType not null,
mark varchar(24) mark varchar(24)
); );
@ -33,5 +33,5 @@ create table if not exists hs_office_relation
--changeset michael.hoennig:hs-office-relation-MAIN-TABLE-JOURNAL endDelimiter:--// --changeset michael.hoennig:hs-office-relation-MAIN-TABLE-JOURNAL endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call base.create_journal('hs_office_relation'); call base.create_journal('hs_office.relation');
--// --//

120
src/main/resources/db/changelog/5-hs-office/503-relation/5033-hs-office-relation-rbac.sql
View File

@ -3,54 +3,54 @@
-- ============================================================================ -- ============================================================================
--changeset michael.hoennig:hs-office-relation-rbac-OBJECT endDelimiter:--// --changeset RbacObjectGenerator:hs-office-relation-rbac-OBJECT endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call rbac.generateRelatedRbacObject('hs_office_relation'); call rbac.generateRelatedRbacObject('hs_office.relation');
--// --//
-- ============================================================================ -- ============================================================================
--changeset michael.hoennig:hs-office-relation-rbac-ROLE-DESCRIPTORS endDelimiter:--// --changeset RbacRoleDescriptorsGenerator:hs-office-relation-rbac-ROLE-DESCRIPTORS endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call rbac.generateRbacRoleDescriptors('hsOfficeRelation', 'hs_office_relation'); call rbac.generateRbacRoleDescriptors('hsOfficeRelation', 'hs_office.relation');
--// --//
-- ============================================================================ -- ============================================================================
--changeset michael.hoennig:hs-office-relation-rbac-insert-trigger endDelimiter:--// --changeset RolesGrantsAndPermissionsGenerator:hs-office-relation-rbac-insert-trigger endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
/* /*
Creates the roles, grants and permission for the AFTER INSERT TRIGGER. Creates the roles, grants and permission for the AFTER INSERT TRIGGER.
*/ */
create or replace procedure buildRbacSystemForHsOfficeRelation( create or replace procedure hs_office.relation_build_rbac_system(
NEW hs_office_relation NEW hs_office.relation
) )
language plpgsql as $$ language plpgsql as $$
declare declare
newHolderPerson hs_office_person; newHolderPerson hs_office.person;
newAnchorPerson hs_office_person; newAnchorPerson hs_office.person;
newContact hs_office_contact; newContact hs_office.contact;
begin begin
call rbac.enterTriggerForObjectUuid(NEW.uuid); call rbac.enterTriggerForObjectUuid(NEW.uuid);
SELECT * FROM hs_office_person WHERE uuid = NEW.holderUuid INTO newHolderPerson; SELECT * FROM hs_office.person WHERE uuid = NEW.holderUuid INTO newHolderPerson;
assert newHolderPerson.uuid is not null, format('newHolderPerson must not be null for NEW.holderUuid = %s', NEW.holderUuid); assert newHolderPerson.uuid is not null, format('newHolderPerson must not be null for NEW.holderUuid = %s', NEW.holderUuid);
SELECT * FROM hs_office_person WHERE uuid = NEW.anchorUuid INTO newAnchorPerson; SELECT * FROM hs_office.person WHERE uuid = NEW.anchorUuid INTO newAnchorPerson;
assert newAnchorPerson.uuid is not null, format('newAnchorPerson must not be null for NEW.anchorUuid = %s', NEW.anchorUuid); assert newAnchorPerson.uuid is not null, format('newAnchorPerson must not be null for NEW.anchorUuid = %s', NEW.anchorUuid);
SELECT * FROM hs_office_contact WHERE uuid = NEW.contactUuid INTO newContact; SELECT * FROM hs_office.contact WHERE uuid = NEW.contactUuid INTO newContact;
assert newContact.uuid is not null, format('newContact must not be null for NEW.contactUuid = %s', NEW.contactUuid); assert newContact.uuid is not null, format('newContact must not be null for NEW.contactUuid = %s', NEW.contactUuid);
perform rbac.defineRoleWithGrants( perform rbac.defineRoleWithGrants(
hsOfficeRelationOWNER(NEW), hsOfficeRelationOWNER(NEW),
permissions => array['DELETE'], permissions => array['DELETE'],
incomingSuperRoles => array[rbac.globalAdmin()], incomingSuperRoles => array[rbac.globalADMIN()],
subjectUuids => array[rbac.currentSubjectUuid()] subjectUuids => array[rbac.currentSubjectUuid()]
); );
@ -90,162 +90,162 @@ begin
end; $$; end; $$;
/* /*
AFTER INSERT TRIGGER to create the role+grant structure for a new hs_office_relation row. AFTER INSERT TRIGGER to create the role+grant structure for a new hs_office.relation row.
*/ */
create or replace function insertTriggerForHsOfficeRelation_tf() create or replace function hs_office.relation_build_rbac_system_after_insert_tf()
returns trigger returns trigger
language plpgsql language plpgsql
strict as $$ strict as $$
begin begin
call buildRbacSystemForHsOfficeRelation(NEW); call hs_office.relation_build_rbac_system(NEW);
return NEW; return NEW;
end; $$; end; $$;
create trigger insertTriggerForHsOfficeRelation_tg create trigger build_rbac_system_after_insert_tg
after insert on hs_office_relation after insert on hs_office.relation
for each row for each row
execute procedure insertTriggerForHsOfficeRelation_tf(); execute procedure hs_office.relation_build_rbac_system_after_insert_tf();
--// --//
-- ============================================================================ -- ============================================================================
--changeset michael.hoennig:hs-office-relation-rbac-update-trigger endDelimiter:--// --changeset RolesGrantsAndPermissionsGenerator:hs-office-relation-rbac-update-trigger endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
/* /*
Called from the AFTER UPDATE TRIGGER to re-wire the grants. Called from the AFTER UPDATE TRIGGER to re-wire the grants.
*/ */
create or replace procedure updateRbacRulesForHsOfficeRelation( create or replace procedure hs_office.relation_update_rbac_system(
OLD hs_office_relation, OLD hs_office.relation,
NEW hs_office_relation NEW hs_office.relation
) )
language plpgsql as $$ language plpgsql as $$
begin begin
if NEW.contactUuid is distinct from OLD.contactUuid then if NEW.contactUuid is distinct from OLD.contactUuid then
delete from rbac.grants g where g.grantedbytriggerof = OLD.uuid; delete from rbac.grants g where g.grantedbytriggerof = OLD.uuid;
call buildRbacSystemForHsOfficeRelation(NEW); call hs_office.relation_build_rbac_system(NEW);
end if; end if;
end; $$; end; $$;
/* /*
AFTER INSERT TRIGGER to re-wire the grant structure for a new hs_office_relation row. AFTER UPDATE TRIGGER to re-wire the grant structure for a new hs_office.relation row.
*/ */
create or replace function updateTriggerForHsOfficeRelation_tf() create or replace function hs_office.relation_update_rbac_system_after_update_tf()
returns trigger returns trigger
language plpgsql language plpgsql
strict as $$ strict as $$
begin begin
call updateRbacRulesForHsOfficeRelation(OLD, NEW); call hs_office.relation_update_rbac_system(OLD, NEW);
return NEW; return NEW;
end; $$; end; $$;
create trigger updateTriggerForHsOfficeRelation_tg create trigger update_rbac_system_after_update_tg
after update on hs_office_relation after update on hs_office.relation
for each row for each row
execute procedure updateTriggerForHsOfficeRelation_tf(); execute procedure hs_office.relation_update_rbac_system_after_update_tf();
--// --//
-- ============================================================================ -- ============================================================================
--changeset michael.hoennig:hs-office-relation-rbac-GRANTING-INSERT-PERMISSION endDelimiter:--// --changeset InsertTriggerGenerator:hs-office-relation-rbac-GRANTING-INSERT-PERMISSION endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
-- granting INSERT permission to hs_office_person ---------------------------- -- granting INSERT permission to hs_office.person ----------------------------
/* /*
Grants INSERT INTO hs_office_relation permissions to specified role of pre-existing hs_office_person rows. Grants INSERT INTO hs_office.relation permissions to specified role of pre-existing hs_office.person rows.
*/ */
do language plpgsql $$ do language plpgsql $$
declare declare
row hs_office_person; row hs_office.person;
begin begin
call base.defineContext('create INSERT INTO hs_office_relation permissions for pre-exising hs_office_person rows'); call base.defineContext('create INSERT INTO hs_office.relation permissions for pre-exising hs_office.person rows');
FOR row IN SELECT * FROM hs_office_person FOR row IN SELECT * FROM hs_office.person
-- unconditional for all rows in that table -- unconditional for all rows in that table
LOOP LOOP
call rbac.grantPermissionToRole( call rbac.grantPermissionToRole(
rbac.createPermission(row.uuid, 'INSERT', 'hs_office_relation'), rbac.createPermission(row.uuid, 'INSERT', 'hs_office.relation'),
hsOfficePersonADMIN(row)); hsOfficePersonADMIN(row));
END LOOP; END LOOP;
end; end;
$$; $$;
/** /**
Grants hs_office_relation INSERT permission to specified role of new hs_office_person rows. Grants hs_office.relation INSERT permission to specified role of new person rows.
*/ */
create or replace function new_hs_office_relation_grants_insert_to_hs_office_person_tf() create or replace function hs_office.new_relation_grants_insert_to_person_tf()
returns trigger returns trigger
language plpgsql language plpgsql
strict as $$ strict as $$
begin begin
-- unconditional for all rows in that table -- unconditional for all rows in that table
call rbac.grantPermissionToRole( call rbac.grantPermissionToRole(
rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office_relation'), rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office.relation'),
hsOfficePersonADMIN(NEW)); hsOfficePersonADMIN(NEW));
-- end. -- end.
return NEW; return NEW;
end; $$; end; $$;
-- z_... is to put it at the end of after insert triggers, to make sure the roles exist -- z_... is to put it at the end of after insert triggers, to make sure the roles exist
create trigger z_new_hs_office_relation_grants_insert_to_hs_office_person_tg create trigger z_new_relation_grants_after_insert_tg
after insert on hs_office_person after insert on hs_office.person
for each row for each row
execute procedure new_hs_office_relation_grants_insert_to_hs_office_person_tf(); execute procedure hs_office.new_relation_grants_insert_to_person_tf();
-- ============================================================================ -- ============================================================================
--changeset michael.hoennig:hs_office_relation-rbac-CHECKING-INSERT-PERMISSION endDelimiter:--// --changeset InsertTriggerGenerator:hs-office-relation-rbac-CHECKING-INSERT-PERMISSION endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
/** /**
Checks if the user respectively the assumed roles are allowed to insert a row to hs_office_relation. Checks if the user respectively the assumed roles are allowed to insert a row to hs_office.relation.
*/ */
create or replace function hs_office_relation_insert_permission_check_tf() create or replace function hs_office.relation_insert_permission_check_tf()
returns trigger returns trigger
language plpgsql as $$ language plpgsql as $$
declare declare
superObjectUuid uuid; superObjectUuid uuid;
begin begin
-- check INSERT permission via direct foreign key: NEW.anchorUuid -- check INSERT permission via direct foreign key: NEW.anchorUuid
if rbac.hasInsertPermission(NEW.anchorUuid, 'hs_office_relation') then if rbac.hasInsertPermission(NEW.anchorUuid, 'hs_office.relation') then
return NEW; return NEW;
end if; end if;
raise exception '[403] insert into hs_office_relation not allowed for current subjects % (%)', raise exception '[403] insert into hs_office.relation values(%) not allowed for current subjects % (%)',
base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
end; $$; end; $$;
create trigger hs_office_relation_insert_permission_check_tg create trigger relation_insert_permission_check_tg
before insert on hs_office_relation before insert on hs_office.relation
for each row for each row
execute procedure hs_office_relation_insert_permission_check_tf(); execute procedure hs_office.relation_insert_permission_check_tf();
--// --//
-- ============================================================================ -- ============================================================================
--changeset michael.hoennig:hs-office-relation-rbac-IDENTITY-VIEW endDelimiter:--// --changeset RbacIdentityViewGenerator:hs-office-relation-rbac-IDENTITY-VIEW endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call rbac.generateRbacIdentityViewFromProjection('hs_office_relation', call rbac.generateRbacIdentityViewFromProjection('hs_office.relation',
$idName$ $idName$
(select idName from hs_office_person_iv p where p.uuid = anchorUuid) (select idName from hs_office.person_iv p where p.uuid = anchorUuid)
|| '-with-' || target.type || '-' || '-with-' || target.type || '-'
|| (select idName from hs_office_person_iv p where p.uuid = holderUuid) || (select idName from hs_office.person_iv p where p.uuid = holderUuid)
$idName$); $idName$);
--// --//
-- ============================================================================ -- ============================================================================
--changeset michael.hoennig:hs-office-relation-rbac-RESTRICTED-VIEW endDelimiter:--// --changeset RbacRestrictedViewGenerator:hs-office-relation-rbac-RESTRICTED-VIEW endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call rbac.generateRbacRestrictedView('hs_office_relation', call rbac.generateRbacRestrictedView('hs_office.relation',
$orderBy$ $orderBy$
(select idName from hs_office_person_iv p where p.uuid = target.holderUuid) (select idName from hs_office.person_iv p where p.uuid = target.holderUuid)
$orderBy$, $orderBy$,
$updates$ $updates$
contactUuid = new.contactUuid contactUuid = new.contactUuid

22
src/main/resources/db/changelog/5-hs-office/503-relation/5038-hs-office-relation-test-data.sql
View File

@ -17,16 +17,16 @@ create or replace procedure createHsOfficeRelationTestData(
language plpgsql as $$ language plpgsql as $$
declare declare
idName varchar; idName varchar;
anchorPerson hs_office_person; anchorPerson hs_office.person;
holderPerson hs_office_person; holderPerson hs_office.person;
contact hs_office_contact; contact hs_office.contact;
begin begin
idName := base.cleanIdentifier( anchorPersonName || '-' || holderPersonName); idName := base.cleanIdentifier( anchorPersonName || '-' || holderPersonName);
select p.* select p.*
into anchorPerson into anchorPerson
from hs_office_person p from hs_office.person p
where p.tradeName = anchorPersonName or p.familyName = anchorPersonName; where p.tradeName = anchorPersonName or p.familyName = anchorPersonName;
if anchorPerson is null then if anchorPerson is null then
raise exception 'anchorPerson "%" not found', anchorPersonName; raise exception 'anchorPerson "%" not found', anchorPersonName;
@ -34,13 +34,13 @@ begin
select p.* select p.*
into holderPerson into holderPerson
from hs_office_person p from hs_office.person p
where p.tradeName = holderPersonName or p.familyName = holderPersonName; where p.tradeName = holderPersonName or p.familyName = holderPersonName;
if holderPerson is null then if holderPerson is null then
raise exception 'holderPerson "%" not found', holderPersonName; raise exception 'holderPerson "%" not found', holderPersonName;
end if; end if;
select c.* into contact from hs_office_contact c where c.caption = contactCaption; select c.* into contact from hs_office.contact c where c.caption = contactCaption;
if contact is null then if contact is null then
raise exception 'contact "%" not found', contactCaption; raise exception 'contact "%" not found', contactCaption;
end if; end if;
@ -50,7 +50,7 @@ begin
raise notice '- using holder person (%): %', holderPerson.uuid, holderPerson; raise notice '- using holder person (%): %', holderPerson.uuid, holderPerson;
raise notice '- using contact (%): %', contact.uuid, contact; raise notice '- using contact (%): %', contact.uuid, contact;
insert insert
into hs_office_relation (uuid, anchoruuid, holderuuid, type, mark, contactUuid) into hs_office.relation (uuid, anchoruuid, holderuuid, type, mark, contactUuid)
values (uuid_generate_v4(), anchorPerson.uuid, holderPerson.uuid, relationType, mark, contact.uuid); values (uuid_generate_v4(), anchorPerson.uuid, holderPerson.uuid, relationType, mark, contact.uuid);
end; $$; end; $$;
--// --//
@ -64,13 +64,13 @@ create or replace procedure createHsOfficeRelationTestData(
) )
language plpgsql as $$ language plpgsql as $$
declare declare
person hs_office_person; person hs_office.person;
contact hs_office_contact; contact hs_office.contact;
begin begin
for t in startCount..endCount for t in startCount..endCount
loop loop
select p.* from hs_office_person p where tradeName = base.intToVarChar(t, 4) into person; select p.* from hs_office.person p where tradeName = base.intToVarChar(t, 4) into person;
select c.* from hs_office_contact c where c.caption = base.intToVarChar(t, 4) || '#' || t into contact; select c.* from hs_office.contact c where c.caption = base.intToVarChar(t, 4) || '#' || t into contact;
call createHsOfficeRelationTestData(person.uuid, contact.uuid, 'REPRESENTATIVE'); call createHsOfficeRelationTestData(person.uuid, contact.uuid, 'REPRESENTATIVE');
commit; commit;

24
src/main/resources/db/changelog/5-hs-office/504-partner/5040-hs-office-partner.sql
View File

@ -5,7 +5,7 @@
--changeset michael.hoennig:hs-office-partner-DETAILS-TABLE endDelimiter:--// --changeset michael.hoennig:hs-office-partner-DETAILS-TABLE endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
create table hs_office_partner_details create table hs_office.partner_details
( (
uuid uuid unique references rbac.object (uuid) initially deferred, uuid uuid unique references rbac.object (uuid) initially deferred,
version int not null default 0, version int not null default 0,
@ -23,20 +23,20 @@ create table hs_office_partner_details
--changeset michael.hoennig:hs-office-partner-DETAILS-TABLE-JOURNAL endDelimiter:--// --changeset michael.hoennig:hs-office-partner-DETAILS-TABLE-JOURNAL endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call base.create_journal('hs_office_partner_details'); call base.create_journal('hs_office.partner_details');
--// --//
-- ============================================================================ -- ============================================================================
--changeset michael.hoennig:hs-office-partner-MAIN-TABLE endDelimiter:--// --changeset michael.hoennig:hs-office-partner-MAIN-TABLE endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
create table hs_office_partner create table hs_office.partner
( (
uuid uuid unique references rbac.object (uuid) initially deferred, uuid uuid unique references rbac.object (uuid) initially deferred,
version int not null default 0, version int not null default 0,
partnerNumber numeric(5) unique not null, partnerNumber numeric(5) unique not null,
partnerRelUuid uuid not null references hs_office_relation(uuid), -- deleted in after delete trigger partnerRelUuid uuid not null references hs_office.relation(uuid), -- deleted in after delete trigger
detailsUuid uuid not null references hs_office_partner_details(uuid) -- deleted in after delete trigger detailsUuid uuid not null references hs_office.partner_details(uuid) -- deleted in after delete trigger
); );
--// --//
@ -48,20 +48,20 @@ create table hs_office_partner
/** /**
Trigger function to delete related details of a partner to delete. Trigger function to delete related details of a partner to delete.
*/ */
create or replace function deleteHsOfficeDependentsOnPartnerDelete() create or replace function hs_office.partner_delete_dependents_tf()
returns trigger returns trigger
language PLPGSQL language PLPGSQL
as $$ as $$
declare declare
counter integer; counter integer;
begin begin
DELETE FROM hs_office_partner_details d WHERE d.uuid = OLD.detailsUuid; DELETE FROM hs_office.partner_details d WHERE d.uuid = OLD.detailsUuid;
GET DIAGNOSTICS counter = ROW_COUNT; GET DIAGNOSTICS counter = ROW_COUNT;
if counter = 0 then if counter = 0 then
raise exception 'partner details % could not be deleted', OLD.detailsUuid; raise exception 'partner details % could not be deleted', OLD.detailsUuid;
end if; end if;
DELETE FROM hs_office_relation r WHERE r.uuid = OLD.partnerRelUuid; DELETE FROM hs_office.relation r WHERE r.uuid = OLD.partnerRelUuid;
GET DIAGNOSTICS counter = ROW_COUNT; GET DIAGNOSTICS counter = ROW_COUNT;
if counter = 0 then if counter = 0 then
raise exception 'partner relation % could not be deleted', OLD.partnerRelUuid; raise exception 'partner relation % could not be deleted', OLD.partnerRelUuid;
@ -73,15 +73,15 @@ end; $$;
/** /**
Triggers deletion of related rows of a partner to delete. Triggers deletion of related rows of a partner to delete.
*/ */
create trigger hs_office_partner_delete_dependents_trigger create trigger delete_dependents_tg
after delete after delete
on hs_office_partner on hs_office.partner
for each row for each row
execute procedure deleteHsOfficeDependentsOnPartnerDelete(); execute procedure hs_office.partner_delete_dependents_tf();
-- ============================================================================ -- ============================================================================
--changeset michael.hoennig:hs-office-partner-MAIN-TABLE-JOURNAL endDelimiter:--// --changeset michael.hoennig:hs-office-partner-MAIN-TABLE-JOURNAL endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call base.create_journal('hs_office_partner'); call base.create_journal('hs_office.partner');
--// --//

96
src/main/resources/db/changelog/5-hs-office/504-partner/5043-hs-office-partner-rbac.sql
View File

@ -5,14 +5,14 @@
-- ============================================================================ -- ============================================================================
--changeset RbacObjectGenerator:hs-office-partner-rbac-OBJECT endDelimiter:--// --changeset RbacObjectGenerator:hs-office-partner-rbac-OBJECT endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call rbac.generateRelatedRbacObject('hs_office_partner'); call rbac.generateRelatedRbacObject('hs_office.partner');
--// --//
-- ============================================================================ -- ============================================================================
--changeset RbacRoleDescriptorsGenerator:hs-office-partner-rbac-ROLE-DESCRIPTORS endDelimiter:--// --changeset RbacRoleDescriptorsGenerator:hs-office-partner-rbac-ROLE-DESCRIPTORS endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call rbac.generateRbacRoleDescriptors('hsOfficePartner', 'hs_office_partner'); call rbac.generateRbacRoleDescriptors('hsOfficePartner', 'hs_office.partner');
--// --//
@ -24,22 +24,22 @@ call rbac.generateRbacRoleDescriptors('hsOfficePartner', 'hs_office_partner');
Creates the roles, grants and permission for the AFTER INSERT TRIGGER. Creates the roles, grants and permission for the AFTER INSERT TRIGGER.
*/ */
create or replace procedure buildRbacSystemForHsOfficePartner( create or replace procedure hs_office.partner_build_rbac_system(
NEW hs_office_partner NEW hs_office.partner
) )
language plpgsql as $$ language plpgsql as $$
declare declare
newPartnerRel hs_office_relation; newPartnerRel hs_office.relation;
newPartnerDetails hs_office_partner_details; newPartnerDetails hs_office.partner_details;
begin begin
call rbac.enterTriggerForObjectUuid(NEW.uuid); call rbac.enterTriggerForObjectUuid(NEW.uuid);
SELECT * FROM hs_office_relation WHERE uuid = NEW.partnerRelUuid INTO newPartnerRel; SELECT * FROM hs_office.relation WHERE uuid = NEW.partnerRelUuid INTO newPartnerRel;
assert newPartnerRel.uuid is not null, format('newPartnerRel must not be null for NEW.partnerRelUuid = %s', NEW.partnerRelUuid); assert newPartnerRel.uuid is not null, format('newPartnerRel must not be null for NEW.partnerRelUuid = %s', NEW.partnerRelUuid);
SELECT * FROM hs_office_partner_details WHERE uuid = NEW.detailsUuid INTO newPartnerDetails; SELECT * FROM hs_office.partner_details WHERE uuid = NEW.detailsUuid INTO newPartnerDetails;
assert newPartnerDetails.uuid is not null, format('newPartnerDetails must not be null for NEW.detailsUuid = %s', NEW.detailsUuid); assert newPartnerDetails.uuid is not null, format('newPartnerDetails must not be null for NEW.detailsUuid = %s', NEW.detailsUuid);
call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'DELETE'), hsOfficeRelationOWNER(newPartnerRel)); call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'DELETE'), hsOfficeRelationOWNER(newPartnerRel));
@ -53,22 +53,22 @@ begin
end; $$; end; $$;
/* /*
AFTER INSERT TRIGGER to create the role+grant structure for a new hs_office_partner row. AFTER INSERT TRIGGER to create the role+grant structure for a new hs_office.partner row.
*/ */
create or replace function insertTriggerForHsOfficePartner_tf() create or replace function hs_office.partner_build_rbac_system_after_insert_tf()
returns trigger returns trigger
language plpgsql language plpgsql
strict as $$ strict as $$
begin begin
call buildRbacSystemForHsOfficePartner(NEW); call hs_office.partner_build_rbac_system(NEW);
return NEW; return NEW;
end; $$; end; $$;
create trigger insertTriggerForHsOfficePartner_tg create trigger build_rbac_system_after_insert_tg
after insert on hs_office_partner after insert on hs_office.partner
for each row for each row
execute procedure insertTriggerForHsOfficePartner_tf(); execute procedure hs_office.partner_build_rbac_system_after_insert_tf();
--// --//
@ -80,31 +80,31 @@ execute procedure insertTriggerForHsOfficePartner_tf();
Called from the AFTER UPDATE TRIGGER to re-wire the grants. Called from the AFTER UPDATE TRIGGER to re-wire the grants.
*/ */
create or replace procedure updateRbacRulesForHsOfficePartner( create or replace procedure hs_office.partner_update_rbac_system(
OLD hs_office_partner, OLD hs_office.partner,
NEW hs_office_partner NEW hs_office.partner
) )
language plpgsql as $$ language plpgsql as $$
declare declare
oldPartnerRel hs_office_relation; oldPartnerRel hs_office.relation;
newPartnerRel hs_office_relation; newPartnerRel hs_office.relation;
oldPartnerDetails hs_office_partner_details; oldPartnerDetails hs_office.partner_details;
newPartnerDetails hs_office_partner_details; newPartnerDetails hs_office.partner_details;
begin begin
call rbac.enterTriggerForObjectUuid(NEW.uuid); call rbac.enterTriggerForObjectUuid(NEW.uuid);
SELECT * FROM hs_office_relation WHERE uuid = OLD.partnerRelUuid INTO oldPartnerRel; SELECT * FROM hs_office.relation WHERE uuid = OLD.partnerRelUuid INTO oldPartnerRel;
assert oldPartnerRel.uuid is not null, format('oldPartnerRel must not be null for OLD.partnerRelUuid = %s', OLD.partnerRelUuid); assert oldPartnerRel.uuid is not null, format('oldPartnerRel must not be null for OLD.partnerRelUuid = %s', OLD.partnerRelUuid);
SELECT * FROM hs_office_relation WHERE uuid = NEW.partnerRelUuid INTO newPartnerRel; SELECT * FROM hs_office.relation WHERE uuid = NEW.partnerRelUuid INTO newPartnerRel;
assert newPartnerRel.uuid is not null, format('newPartnerRel must not be null for NEW.partnerRelUuid = %s', NEW.partnerRelUuid); assert newPartnerRel.uuid is not null, format('newPartnerRel must not be null for NEW.partnerRelUuid = %s', NEW.partnerRelUuid);
SELECT * FROM hs_office_partner_details WHERE uuid = OLD.detailsUuid INTO oldPartnerDetails; SELECT * FROM hs_office.partner_details WHERE uuid = OLD.detailsUuid INTO oldPartnerDetails;
assert oldPartnerDetails.uuid is not null, format('oldPartnerDetails must not be null for OLD.detailsUuid = %s', OLD.detailsUuid); assert oldPartnerDetails.uuid is not null, format('oldPartnerDetails must not be null for OLD.detailsUuid = %s', OLD.detailsUuid);
SELECT * FROM hs_office_partner_details WHERE uuid = NEW.detailsUuid INTO newPartnerDetails; SELECT * FROM hs_office.partner_details WHERE uuid = NEW.detailsUuid INTO newPartnerDetails;
assert newPartnerDetails.uuid is not null, format('newPartnerDetails must not be null for NEW.detailsUuid = %s', NEW.detailsUuid); assert newPartnerDetails.uuid is not null, format('newPartnerDetails must not be null for NEW.detailsUuid = %s', NEW.detailsUuid);
@ -134,22 +134,22 @@ begin
end; $$; end; $$;
/* /*
AFTER INSERT TRIGGER to re-wire the grant structure for a new hs_office_partner row. AFTER UPDATE TRIGGER to re-wire the grant structure for a new hs_office.partner row.
*/ */
create or replace function updateTriggerForHsOfficePartner_tf() create or replace function hs_office.partner_update_rbac_system_after_update_tf()
returns trigger returns trigger
language plpgsql language plpgsql
strict as $$ strict as $$
begin begin
call updateRbacRulesForHsOfficePartner(OLD, NEW); call hs_office.partner_update_rbac_system(OLD, NEW);
return NEW; return NEW;
end; $$; end; $$;
create trigger updateTriggerForHsOfficePartner_tg create trigger update_rbac_system_after_update_tg
after update on hs_office_partner after update on hs_office.partner
for each row for each row
execute procedure updateTriggerForHsOfficePartner_tf(); execute procedure hs_office.partner_update_rbac_system_after_update_tf();
--// --//
@ -160,45 +160,45 @@ execute procedure updateTriggerForHsOfficePartner_tf();
-- granting INSERT permission to rbac.global ---------------------------- -- granting INSERT permission to rbac.global ----------------------------
/* /*
Grants INSERT INTO hs_office_partner permissions to specified role of pre-existing rbac.global rows. Grants INSERT INTO hs_office.partner permissions to specified role of pre-existing rbac.global rows.
*/ */
do language plpgsql $$ do language plpgsql $$
declare declare
row rbac.global; row rbac.global;
begin begin
call base.defineContext('create INSERT INTO hs_office_partner permissions for pre-exising rbac.global rows'); call base.defineContext('create INSERT INTO hs_office.partner permissions for pre-exising rbac.global rows');
FOR row IN SELECT * FROM rbac.global FOR row IN SELECT * FROM rbac.global
-- unconditional for all rows in that table -- unconditional for all rows in that table
LOOP LOOP
call rbac.grantPermissionToRole( call rbac.grantPermissionToRole(
rbac.createPermission(row.uuid, 'INSERT', 'hs_office_partner'), rbac.createPermission(row.uuid, 'INSERT', 'hs_office.partner'),
rbac.globalADMIN()); rbac.globalADMIN());
END LOOP; END LOOP;
end; end;
$$; $$;
/** /**
Grants hs_office_partner INSERT permission to specified role of new global rows. Grants hs_office.partner INSERT permission to specified role of new global rows.
*/ */
create or replace function new_hsof_partner_grants_insert_to_global_tf() create or replace function hs_office.new_partner_grants_insert_to_global_tf()
returns trigger returns trigger
language plpgsql language plpgsql
strict as $$ strict as $$
begin begin
-- unconditional for all rows in that table -- unconditional for all rows in that table
call rbac.grantPermissionToRole( call rbac.grantPermissionToRole(
rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office_partner'), rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office.partner'),
rbac.globalADMIN()); rbac.globalADMIN());
-- end. -- end.
return NEW; return NEW;
end; $$; end; $$;
-- z_... is to put it at the end of after insert triggers, to make sure the roles exist -- z_... is to put it at the end of after insert triggers, to make sure the roles exist
create trigger z_new_hs_office_partner_grants_after_insert_tg create trigger z_new_partner_grants_after_insert_tg
after insert on rbac.global after insert on rbac.global
for each row for each row
execute procedure new_hsof_partner_grants_insert_to_global_tf(); execute procedure hs_office.new_partner_grants_insert_to_global_tf();
-- ============================================================================ -- ============================================================================
@ -206,27 +206,27 @@ execute procedure new_hsof_partner_grants_insert_to_global_tf();
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
/** /**
Checks if the user respectively the assumed roles are allowed to insert a row to hs_office_partner. Checks if the user respectively the assumed roles are allowed to insert a row to hs_office.partner.
*/ */
create or replace function hs_office_partner_insert_permission_check_tf() create or replace function hs_office.partner_insert_permission_check_tf()
returns trigger returns trigger
language plpgsql as $$ language plpgsql as $$
declare declare
superObjectUuid uuid; superObjectUuid uuid;
begin begin
-- check INSERT INSERT if rbac.global ADMIN -- check INSERT permission if rbac.global ADMIN
if rbac.isGlobalAdmin() then if rbac.isGlobalAdmin() then
return NEW; return NEW;
end if; end if;
raise exception '[403] insert into hs_office_partner values(%) not allowed for current subjects % (%)', raise exception '[403] insert into hs_office.partner values(%) not allowed for current subjects % (%)',
NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
end; $$; end; $$;
create trigger hs_office_partner_insert_permission_check_tg create trigger partner_insert_permission_check_tg
before insert on hs_office_partner before insert on hs_office.partner
for each row for each row
execute procedure hs_office_partner_insert_permission_check_tf(); execute procedure hs_office.partner_insert_permission_check_tf();
--// --//
@ -234,7 +234,7 @@ create trigger hs_office_partner_insert_permission_check_tg
--changeset RbacIdentityViewGenerator:hs-office-partner-rbac-IDENTITY-VIEW endDelimiter:--// --changeset RbacIdentityViewGenerator:hs-office-partner-rbac-IDENTITY-VIEW endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call rbac.generateRbacIdentityViewFromProjection('hs_office_partner', call rbac.generateRbacIdentityViewFromProjection('hs_office.partner',
$idName$ $idName$
'P-' || partnerNumber 'P-' || partnerNumber
$idName$); $idName$);
@ -244,7 +244,7 @@ call rbac.generateRbacIdentityViewFromProjection('hs_office_partner',
-- ============================================================================ -- ============================================================================
--changeset RbacRestrictedViewGenerator:hs-office-partner-rbac-RESTRICTED-VIEW endDelimiter:--// --changeset RbacRestrictedViewGenerator:hs-office-partner-rbac-RESTRICTED-VIEW endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call rbac.generateRbacRestrictedView('hs_office_partner', call rbac.generateRbacRestrictedView('hs_office.partner',
$orderBy$ $orderBy$
'P-' || partnerNumber 'P-' || partnerNumber
$orderBy$, $orderBy$,

60
src/main/resources/db/changelog/5-hs-office/504-partner/5044-hs-office-partner-details-rbac.sql
View File

@ -5,14 +5,14 @@
-- ============================================================================ -- ============================================================================
--changeset RbacObjectGenerator:hs-office-partner-details-rbac-OBJECT endDelimiter:--// --changeset RbacObjectGenerator:hs-office-partner-details-rbac-OBJECT endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call rbac.generateRelatedRbacObject('hs_office_partner_details'); call rbac.generateRelatedRbacObject('hs_office.partner_details');
--// --//
-- ============================================================================ -- ============================================================================
--changeset RbacRoleDescriptorsGenerator:hs-office-partner-details-rbac-ROLE-DESCRIPTORS endDelimiter:--// --changeset RbacRoleDescriptorsGenerator:hs-office-partner-details-rbac-ROLE-DESCRIPTORS endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call rbac.generateRbacRoleDescriptors('hsOfficePartnerDetails', 'hs_office_partner_details'); call rbac.generateRbacRoleDescriptors('hsOfficePartnerDetails', 'hs_office.partner_details');
--// --//
@ -24,8 +24,8 @@ call rbac.generateRbacRoleDescriptors('hsOfficePartnerDetails', 'hs_office_partn
Creates the roles, grants and permission for the AFTER INSERT TRIGGER. Creates the roles, grants and permission for the AFTER INSERT TRIGGER.
*/ */
create or replace procedure buildRbacSystemForHsOfficePartnerDetails( create or replace procedure hs_office.partner_details_build_rbac_system(
NEW hs_office_partner_details NEW hs_office.partner_details
) )
language plpgsql as $$ language plpgsql as $$
@ -38,22 +38,22 @@ begin
end; $$; end; $$;
/* /*
AFTER INSERT TRIGGER to create the role+grant structure for a new hs_office_partner_details row. AFTER INSERT TRIGGER to create the role+grant structure for a new hs_office.partner_details row.
*/ */
create or replace function insertTriggerForHsOfficePartnerDetails_tf() create or replace function hs_office.partner_details_build_rbac_system_after_insert_tf()
returns trigger returns trigger
language plpgsql language plpgsql
strict as $$ strict as $$
begin begin
call buildRbacSystemForHsOfficePartnerDetails(NEW); call hs_office.partner_details_build_rbac_system(NEW);
return NEW; return NEW;
end; $$; end; $$;
create trigger insertTriggerForHsOfficePartnerDetails_tg create trigger build_rbac_system_after_insert_tg
after insert on hs_office_partner_details after insert on hs_office.partner_details
for each row for each row
execute procedure insertTriggerForHsOfficePartnerDetails_tf(); execute procedure hs_office.partner_details_build_rbac_system_after_insert_tf();
--// --//
@ -64,45 +64,45 @@ execute procedure insertTriggerForHsOfficePartnerDetails_tf();
-- granting INSERT permission to rbac.global ---------------------------- -- granting INSERT permission to rbac.global ----------------------------
/* /*
Grants INSERT INTO hs_office_partner_details permissions to specified role of pre-existing rbac.global rows. Grants INSERT INTO hs_office.partner_details permissions to specified role of pre-existing rbac.global rows.
*/ */
do language plpgsql $$ do language plpgsql $$
declare declare
row rbac.global; row rbac.global;
begin begin
call base.defineContext('create INSERT INTO hs_office_partner_details permissions for pre-exising rbac.global rows'); call base.defineContext('create INSERT INTO hs_office.partner_details permissions for pre-exising rbac.global rows');
FOR row IN SELECT * FROM rbac.global FOR row IN SELECT * FROM rbac.global
-- unconditional for all rows in that table -- unconditional for all rows in that table
LOOP LOOP
call rbac.grantPermissionToRole( call rbac.grantPermissionToRole(
rbac.createPermission(row.uuid, 'INSERT', 'hs_office_partner_details'), rbac.createPermission(row.uuid, 'INSERT', 'hs_office.partner_details'),
rbac.globalADMIN()); rbac.globalADMIN());
END LOOP; END LOOP;
end; end;
$$; $$;
/** /**
Grants hs_office_partner_details INSERT permission to specified role of new global rows. Grants hs_office.partner_details INSERT permission to specified role of new global rows.
*/ */
create or replace function new_hsof_partner_details_grants_insert_to_global_tf() create or replace function hs_office.new_partner_details_grants_insert_to_global_tf()
returns trigger returns trigger
language plpgsql language plpgsql
strict as $$ strict as $$
begin begin
-- unconditional for all rows in that table -- unconditional for all rows in that table
call rbac.grantPermissionToRole( call rbac.grantPermissionToRole(
rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office_partner_details'), rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office.partner_details'),
rbac.globalADMIN()); rbac.globalADMIN());
-- end. -- end.
return NEW; return NEW;
end; $$; end; $$;
-- z_... is to put it at the end of after insert triggers, to make sure the roles exist -- z_... is to put it at the end of after insert triggers, to make sure the roles exist
create trigger z_new_hs_office_partner_details_grants_after_insert_tg create trigger z_new_partner_details_grants_after_insert_tg
after insert on rbac.global after insert on rbac.global
for each row for each row
execute procedure new_hsof_partner_details_grants_insert_to_global_tf(); execute procedure hs_office.new_partner_details_grants_insert_to_global_tf();
-- ============================================================================ -- ============================================================================
@ -110,27 +110,27 @@ execute procedure new_hsof_partner_details_grants_insert_to_global_tf();
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
/** /**
Checks if the user respectively the assumed roles are allowed to insert a row to hs_office_partner_details. Checks if the user respectively the assumed roles are allowed to insert a row to hs_office.partner_details.
*/ */
create or replace function hs_office_partner_details_insert_permission_check_tf() create or replace function hs_office.partner_details_insert_permission_check_tf()
returns trigger returns trigger
language plpgsql as $$ language plpgsql as $$
declare declare
superObjectUuid uuid; superObjectUuid uuid;
begin begin
-- check INSERT INSERT if rbac.global ADMIN -- check INSERT permission if rbac.global ADMIN
if rbac.isGlobalAdmin() then if rbac.isGlobalAdmin() then
return NEW; return NEW;
end if; end if;
raise exception '[403] insert into hs_office_partner_details values(%) not allowed for current subjects % (%)', raise exception '[403] insert into hs_office.partner_details values(%) not allowed for current subjects % (%)',
NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
end; $$; end; $$;
create trigger hs_office_partner_details_insert_permission_check_tg create trigger partner_details_insert_permission_check_tg
before insert on hs_office_partner_details before insert on hs_office.partner_details
for each row for each row
execute procedure hs_office_partner_details_insert_permission_check_tf(); execute procedure hs_office.partner_details_insert_permission_check_tf();
--// --//
@ -138,12 +138,12 @@ create trigger hs_office_partner_details_insert_permission_check_tg
--changeset RbacIdentityViewGenerator:hs-office-partner-details-rbac-IDENTITY-VIEW endDelimiter:--// --changeset RbacIdentityViewGenerator:hs-office-partner-details-rbac-IDENTITY-VIEW endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call rbac.generateRbacIdentityViewFromQuery('hs_office_partner_details', call rbac.generateRbacIdentityViewFromQuery('hs_office.partner_details',
$idName$ $idName$
SELECT partnerDetails.uuid as uuid, partner_iv.idName as idName SELECT partnerDetails.uuid as uuid, partner_iv.idName as idName
FROM hs_office_partner_details AS partnerDetails FROM hs_office.partner_details AS partnerDetails
JOIN hs_office_partner partner ON partner.detailsUuid = partnerDetails.uuid JOIN hs_office.partner partner ON partner.detailsUuid = partnerDetails.uuid
JOIN hs_office_partner_iv partner_iv ON partner_iv.uuid = partner.uuid JOIN hs_office.partner_iv partner_iv ON partner_iv.uuid = partner.uuid
$idName$); $idName$);
--// --//
@ -151,7 +151,7 @@ call rbac.generateRbacIdentityViewFromQuery('hs_office_partner_details',
-- ============================================================================ -- ============================================================================
--changeset RbacRestrictedViewGenerator:hs-office-partner-details-rbac-RESTRICTED-VIEW endDelimiter:--// --changeset RbacRestrictedViewGenerator:hs-office-partner-details-rbac-RESTRICTED-VIEW endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call rbac.generateRbacRestrictedView('hs_office_partner_details', call rbac.generateRbacRestrictedView('hs_office.partner_details',
$orderBy$ $orderBy$
uuid uuid
$orderBy$, $orderBy$,

26
src/main/resources/db/changelog/5-hs-office/504-partner/5046-hs-office-partner-migration.sql
View File

@ -7,9 +7,9 @@
--changeset michael.hoennig:hs-office-partner-MIGRATION-mapping endDelimiter:--// --changeset michael.hoennig:hs-office-partner-MIGRATION-mapping endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
CREATE TABLE hs_office_partner_legacy_id CREATE TABLE hs_office.partner_legacy_id
( (
uuid uuid NOT NULL REFERENCES hs_office_partner(uuid), uuid uuid NOT NULL REFERENCES hs_office.partner(uuid),
bp_id integer NOT NULL bp_id integer NOT NULL
); );
--// --//
@ -19,10 +19,10 @@ CREATE TABLE hs_office_partner_legacy_id
--changeset michael.hoennig:hs-office-partner-MIGRATION-sequence endDelimiter:--// --changeset michael.hoennig:hs-office-partner-MIGRATION-sequence endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
CREATE SEQUENCE IF NOT EXISTS hs_office_partner_legacy_id_seq CREATE SEQUENCE IF NOT EXISTS hs_office.partner_legacy_id_seq
AS integer AS integer
START 1000000000 START 1000000000
OWNED BY hs_office_partner_legacy_id.bp_id; OWNED BY hs_office.partner_legacy_id.bp_id;
--// --//
@ -30,9 +30,9 @@ CREATE SEQUENCE IF NOT EXISTS hs_office_partner_legacy_id_seq
--changeset michael.hoennig:hs-office-partner-MIGRATION-default endDelimiter:--// --changeset michael.hoennig:hs-office-partner-MIGRATION-default endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
ALTER TABLE hs_office_partner_legacy_id ALTER TABLE hs_office.partner_legacy_id
ALTER COLUMN bp_id ALTER COLUMN bp_id
SET DEFAULT nextVal('hs_office_partner_legacy_id_seq'); SET DEFAULT nextVal('hs_office.partner_legacy_id_seq');
--/ --/
-- ============================================================================ -- ============================================================================
@ -40,8 +40,8 @@ ALTER TABLE hs_office_partner_legacy_id
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
CALL base.defineContext('schema-migration'); CALL base.defineContext('schema-migration');
INSERT INTO hs_office_partner_legacy_id(uuid, bp_id) INSERT INTO hs_office.partner_legacy_id(uuid, bp_id)
SELECT uuid, nextVal('hs_office_partner_legacy_id_seq') FROM hs_office_partner; SELECT uuid, nextVal('hs_office.partner_legacy_id_seq') FROM hs_office.partner;
--/ --/
@ -57,14 +57,14 @@ begin
raise exception 'invalid usage of trigger'; raise exception 'invalid usage of trigger';
end if; end if;
INSERT INTO hs_office_partner_legacy_id VALUES INSERT INTO hs_office.partner_legacy_id VALUES
(NEW.uuid, nextVal('hs_office_partner_legacy_id_seq')); (NEW.uuid, nextVal('hs_office.partner_legacy_id_seq'));
return NEW; return NEW;
end; $$; end; $$;
create trigger createPartnerLegacyIdMapping create trigger createPartnerLegacyIdMapping
after insert on hs_office_partner after insert on hs_office.partner
for each row for each row
execute procedure insertPartnerLegacyIdMapping(); execute procedure insertPartnerLegacyIdMapping();
--/ --/
@ -82,14 +82,14 @@ begin
raise exception 'invalid usage of trigger'; raise exception 'invalid usage of trigger';
end if; end if;
DELETE FROM hs_office_partner_legacy_id DELETE FROM hs_office.partner_legacy_id
WHERE uuid = OLD.uuid; WHERE uuid = OLD.uuid;
return OLD; return OLD;
end; $$; end; $$;
create trigger removePartnerLegacyIdMapping create trigger removePartnerLegacyIdMapping
before delete on hs_office_partner before delete on hs_office.partner
for each row for each row
execute procedure deletePartnerLegacyIdMapping(); execute procedure deletePartnerLegacyIdMapping();
--/ --/

18
src/main/resources/db/changelog/5-hs-office/504-partner/5048-hs-office-partner-test-data.sql
View File

@ -16,25 +16,25 @@ create or replace procedure createHsOfficePartnerTestData(
language plpgsql as $$ language plpgsql as $$
declare declare
idName varchar; idName varchar;
mandantPerson hs_office_person; mandantPerson hs_office.person;
partnerRel hs_office_relation; partnerRel hs_office.relation;
relatedPerson hs_office_person; relatedPerson hs_office.person;
relatedDetailsUuid uuid; relatedDetailsUuid uuid;
begin begin
idName := base.cleanIdentifier( partnerPersonName|| '-' || contactCaption); idName := base.cleanIdentifier( partnerPersonName|| '-' || contactCaption);
select p.* from hs_office_person p select p.* from hs_office.person p
where p.tradeName = mandantTradeName where p.tradeName = mandantTradeName
into mandantPerson; into mandantPerson;
if mandantPerson is null then if mandantPerson is null then
raise exception 'mandant "%" not found', mandantTradeName; raise exception 'mandant "%" not found', mandantTradeName;
end if; end if;
select p.* from hs_office_person p select p.* from hs_office.person p
where p.tradeName = partnerPersonName or p.familyName = partnerPersonName where p.tradeName = partnerPersonName or p.familyName = partnerPersonName
into relatedPerson; into relatedPerson;
select r.* from hs_office_relation r select r.* from hs_office.relation r
where r.type = 'PARTNER' where r.type = 'PARTNER'
and r.anchoruuid = mandantPerson.uuid and r.holderuuid = relatedPerson.uuid and r.anchoruuid = mandantPerson.uuid and r.holderuuid = relatedPerson.uuid
into partnerRel; into partnerRel;
@ -48,18 +48,18 @@ begin
if relatedPerson.persontype = 'NP' then if relatedPerson.persontype = 'NP' then
insert insert
into hs_office_partner_details (uuid, birthName, birthday, birthPlace) into hs_office.partner_details (uuid, birthName, birthday, birthPlace)
values (uuid_generate_v4(), 'Meyer', '1987-10-31', 'Hamburg') values (uuid_generate_v4(), 'Meyer', '1987-10-31', 'Hamburg')
returning uuid into relatedDetailsUuid; returning uuid into relatedDetailsUuid;
else else
insert insert
into hs_office_partner_details (uuid, registrationOffice, registrationNumber) into hs_office.partner_details (uuid, registrationOffice, registrationNumber)
values (uuid_generate_v4(), 'Hamburg', 'RegNo123456789') values (uuid_generate_v4(), 'Hamburg', 'RegNo123456789')
returning uuid into relatedDetailsUuid; returning uuid into relatedDetailsUuid;
end if; end if;
insert insert
into hs_office_partner (uuid, partnerNumber, partnerRelUuid, detailsUuid) into hs_office.partner (uuid, partnerNumber, partnerRelUuid, detailsUuid)
values (uuid_generate_v4(), newPartnerNumber, partnerRel.uuid, relatedDetailsUuid); values (uuid_generate_v4(), newPartnerNumber, partnerRel.uuid, relatedDetailsUuid);
end; $$; end; $$;
--// --//

4
src/main/resources/db/changelog/5-hs-office/505-bankaccount/5050-hs-office-bankaccount.sql
View File

@ -3,7 +3,7 @@
--changeset michael.hoennig:hs-office-bankaccount-MAIN-TABLE endDelimiter:--// --changeset michael.hoennig:hs-office-bankaccount-MAIN-TABLE endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
create table hs_office_bankaccount create table hs_office.bankaccount
( (
uuid uuid unique references rbac.object (uuid) initially deferred, uuid uuid unique references rbac.object (uuid) initially deferred,
version int not null default 0, version int not null default 0,
@ -18,5 +18,5 @@ create table hs_office_bankaccount
--changeset michael.hoennig:hs-office-bankaccount-MAIN-TABLE-JOURNAL endDelimiter:--// --changeset michael.hoennig:hs-office-bankaccount-MAIN-TABLE-JOURNAL endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call base.create_journal('hs_office_bankaccount'); call base.create_journal('hs_office.bankaccount');
--// --//

24
src/main/resources/db/changelog/5-hs-office/505-bankaccount/5053-hs-office-bankaccount-rbac.sql
View File

@ -5,14 +5,14 @@
-- ============================================================================ -- ============================================================================
--changeset RbacObjectGenerator:hs-office-bankaccount-rbac-OBJECT endDelimiter:--// --changeset RbacObjectGenerator:hs-office-bankaccount-rbac-OBJECT endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call rbac.generateRelatedRbacObject('hs_office_bankaccount'); call rbac.generateRelatedRbacObject('hs_office.bankaccount');
--// --//
-- ============================================================================ -- ============================================================================
--changeset RbacRoleDescriptorsGenerator:hs-office-bankaccount-rbac-ROLE-DESCRIPTORS endDelimiter:--// --changeset RbacRoleDescriptorsGenerator:hs-office-bankaccount-rbac-ROLE-DESCRIPTORS endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call rbac.generateRbacRoleDescriptors('hsOfficeBankAccount', 'hs_office_bankaccount'); call rbac.generateRbacRoleDescriptors('hsOfficeBankAccount', 'hs_office.bankaccount');
--// --//
@ -24,8 +24,8 @@ call rbac.generateRbacRoleDescriptors('hsOfficeBankAccount', 'hs_office_bankacco
Creates the roles, grants and permission for the AFTER INSERT TRIGGER. Creates the roles, grants and permission for the AFTER INSERT TRIGGER.
*/ */
create or replace procedure buildRbacSystemForHsOfficeBankAccount( create or replace procedure hs_office.bankaccount_build_rbac_system(
NEW hs_office_bankaccount NEW hs_office.bankaccount
) )
language plpgsql as $$ language plpgsql as $$
@ -57,22 +57,22 @@ begin
end; $$; end; $$;
/* /*
AFTER INSERT TRIGGER to create the role+grant structure for a new hs_office_bankaccount row. AFTER INSERT TRIGGER to create the role+grant structure for a new hs_office.bankaccount row.
*/ */
create or replace function insertTriggerForHsOfficeBankAccount_tf() create or replace function hs_office.bankaccount_build_rbac_system_after_insert_tf()
returns trigger returns trigger
language plpgsql language plpgsql
strict as $$ strict as $$
begin begin
call buildRbacSystemForHsOfficeBankAccount(NEW); call hs_office.bankaccount_build_rbac_system(NEW);
return NEW; return NEW;
end; $$; end; $$;
create trigger insertTriggerForHsOfficeBankAccount_tg create trigger build_rbac_system_after_insert_tg
after insert on hs_office_bankaccount after insert on hs_office.bankaccount
for each row for each row
execute procedure insertTriggerForHsOfficeBankAccount_tf(); execute procedure hs_office.bankaccount_build_rbac_system_after_insert_tf();
--// --//
@ -80,7 +80,7 @@ execute procedure insertTriggerForHsOfficeBankAccount_tf();
--changeset RbacIdentityViewGenerator:hs-office-bankaccount-rbac-IDENTITY-VIEW endDelimiter:--// --changeset RbacIdentityViewGenerator:hs-office-bankaccount-rbac-IDENTITY-VIEW endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call rbac.generateRbacIdentityViewFromProjection('hs_office_bankaccount', call rbac.generateRbacIdentityViewFromProjection('hs_office.bankaccount',
$idName$ $idName$
iban iban
$idName$); $idName$);
@ -90,7 +90,7 @@ call rbac.generateRbacIdentityViewFromProjection('hs_office_bankaccount',
-- ============================================================================ -- ============================================================================
--changeset RbacRestrictedViewGenerator:hs-office-bankaccount-rbac-RESTRICTED-VIEW endDelimiter:--// --changeset RbacRestrictedViewGenerator:hs-office-bankaccount-rbac-RESTRICTED-VIEW endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call rbac.generateRbacRestrictedView('hs_office_bankaccount', call rbac.generateRbacRestrictedView('hs_office.bankaccount',
$orderBy$ $orderBy$
iban iban
$orderBy$, $orderBy$,

2
src/main/resources/db/changelog/5-hs-office/505-bankaccount/5058-hs-office-bankaccount-test-data.sql
View File

@ -19,7 +19,7 @@ begin
raise notice 'creating test bankaccount: %', givenHolder; raise notice 'creating test bankaccount: %', givenHolder;
insert insert
into hs_office_bankaccount(uuid, holder, iban, bic) into hs_office.bankaccount(uuid, holder, iban, bic)
values (uuid_generate_v4(), givenHolder, givenIBAN, givenBIC); values (uuid_generate_v4(), givenHolder, givenIBAN, givenBIC);
end; $$; end; $$;
--// --//

20
src/main/resources/db/changelog/5-hs-office/506-debitor/5060-hs-office-debitor.sql
View File

@ -4,18 +4,18 @@
--changeset michael.hoennig:hs-office-debitor-MAIN-TABLE endDelimiter:--// --changeset michael.hoennig:hs-office-debitor-MAIN-TABLE endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
create table hs_office_debitor create table hs_office.debitor
( (
uuid uuid unique references rbac.object (uuid) initially deferred, uuid uuid unique references rbac.object (uuid) initially deferred,
version int not null default 0, version int not null default 0,
debitorNumberSuffix char(2) not null check (debitorNumberSuffix::text ~ '^[0-9][0-9]$'), debitorNumberSuffix char(2) not null check (debitorNumberSuffix::text ~ '^[0-9][0-9]$'),
debitorRelUuid uuid not null references hs_office_relation(uuid), debitorRelUuid uuid not null references hs_office.relation(uuid),
billable boolean not null default true, billable boolean not null default true,
vatId varchar(24), vatId varchar(24),
vatCountryCode varchar(2), vatCountryCode varchar(2),
vatBusiness boolean not null, vatBusiness boolean not null,
vatReverseCharge boolean not null, vatReverseCharge boolean not null,
refundBankAccountUuid uuid references hs_office_bankaccount(uuid), refundBankAccountUuid uuid references hs_office.bankaccount(uuid),
defaultPrefix char(3) not null unique defaultPrefix char(3) not null unique
constraint check_default_prefix check ( constraint check_default_prefix check (
defaultPrefix::text ~ '^([a-z]{3}|al0|bh1|c4s|f3k|k8i|l3d|mh1|o13|p2m|s80|t4w)$' defaultPrefix::text ~ '^([a-z]{3}|al0|bh1|c4s|f3k|k8i|l3d|mh1|o13|p2m|s80|t4w)$'
@ -29,16 +29,16 @@ create table hs_office_debitor
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
/** /**
Trigger function to delete related rows of a debitor to delete. Trigger function to delete related relations of a debitor to delete.
*/ */
create or replace function deleteHsOfficeDependentsOnDebitorDelete() create or replace function hs_office.debitor_delete_dependents_tf()
returns trigger returns trigger
language PLPGSQL language PLPGSQL
as $$ as $$
declare declare
counter integer; counter integer;
begin begin
DELETE FROM hs_office_relation r WHERE r.uuid = OLD.debitorRelUuid; DELETE FROM hs_office.relation r WHERE r.uuid = OLD.debitorRelUuid;
GET DIAGNOSTICS counter = ROW_COUNT; GET DIAGNOSTICS counter = ROW_COUNT;
if counter = 0 then if counter = 0 then
raise exception 'debitor relation % could not be deleted', OLD.debitorRelUuid; raise exception 'debitor relation % could not be deleted', OLD.debitorRelUuid;
@ -50,16 +50,16 @@ end; $$;
/** /**
Triggers deletion of related details of a debitor to delete. Triggers deletion of related details of a debitor to delete.
*/ */
create trigger hs_office_debitor_delete_dependents_trigger create trigger debitor_delete_dependents_tg
after delete after delete
on hs_office_debitor on hs_office.debitor
for each row for each row
execute procedure deleteHsOfficeDependentsOnDebitorDelete(); execute procedure hs_office.debitor_delete_dependents_tf();
-- ============================================================================ -- ============================================================================
--changeset michael.hoennig:hs-office-debitor-MAIN-TABLE-JOURNAL endDelimiter:--// --changeset michael.hoennig:hs-office-debitor-MAIN-TABLE-JOURNAL endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call base.create_journal('hs_office_debitor'); call base.create_journal('hs_office.debitor');
--// --//

96
src/main/resources/db/changelog/5-hs-office/506-debitor/5063-hs-office-debitor-rbac.sql
View File

@ -5,14 +5,14 @@
-- ============================================================================ -- ============================================================================
--changeset RbacObjectGenerator:hs-office-debitor-rbac-OBJECT endDelimiter:--// --changeset RbacObjectGenerator:hs-office-debitor-rbac-OBJECT endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call rbac.generateRelatedRbacObject('hs_office_debitor'); call rbac.generateRelatedRbacObject('hs_office.debitor');
--// --//
-- ============================================================================ -- ============================================================================
--changeset RbacRoleDescriptorsGenerator:hs-office-debitor-rbac-ROLE-DESCRIPTORS endDelimiter:--// --changeset RbacRoleDescriptorsGenerator:hs-office-debitor-rbac-ROLE-DESCRIPTORS endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call rbac.generateRbacRoleDescriptors('hsOfficeDebitor', 'hs_office_debitor'); call rbac.generateRbacRoleDescriptors('hsOfficeDebitor', 'hs_office.debitor');
--// --//
@ -24,32 +24,32 @@ call rbac.generateRbacRoleDescriptors('hsOfficeDebitor', 'hs_office_debitor');
Creates the roles, grants and permission for the AFTER INSERT TRIGGER. Creates the roles, grants and permission for the AFTER INSERT TRIGGER.
*/ */
create or replace procedure buildRbacSystemForHsOfficeDebitor( create or replace procedure hs_office.debitor_build_rbac_system(
NEW hs_office_debitor NEW hs_office.debitor
) )
language plpgsql as $$ language plpgsql as $$
declare declare
newPartnerRel hs_office_relation; newPartnerRel hs_office.relation;
newDebitorRel hs_office_relation; newDebitorRel hs_office.relation;
newRefundBankAccount hs_office_bankaccount; newRefundBankAccount hs_office.bankaccount;
begin begin
call rbac.enterTriggerForObjectUuid(NEW.uuid); call rbac.enterTriggerForObjectUuid(NEW.uuid);
SELECT partnerRel.* SELECT partnerRel.*
FROM hs_office_relation AS partnerRel FROM hs_office.relation AS partnerRel
JOIN hs_office_relation AS debitorRel JOIN hs_office.relation AS debitorRel
ON debitorRel.type = 'DEBITOR' AND debitorRel.anchorUuid = partnerRel.holderUuid ON debitorRel.type = 'DEBITOR' AND debitorRel.anchorUuid = partnerRel.holderUuid
WHERE partnerRel.type = 'PARTNER' WHERE partnerRel.type = 'PARTNER'
AND NEW.debitorRelUuid = debitorRel.uuid AND NEW.debitorRelUuid = debitorRel.uuid
INTO newPartnerRel; INTO newPartnerRel;
assert newPartnerRel.uuid is not null, format('newPartnerRel must not be null for NEW.debitorRelUuid = %s', NEW.debitorRelUuid); assert newPartnerRel.uuid is not null, format('newPartnerRel must not be null for NEW.debitorRelUuid = %s', NEW.debitorRelUuid);
SELECT * FROM hs_office_relation WHERE uuid = NEW.debitorRelUuid INTO newDebitorRel; SELECT * FROM hs_office.relation WHERE uuid = NEW.debitorRelUuid INTO newDebitorRel;
assert newDebitorRel.uuid is not null, format('newDebitorRel must not be null for NEW.debitorRelUuid = %s', NEW.debitorRelUuid); assert newDebitorRel.uuid is not null, format('newDebitorRel must not be null for NEW.debitorRelUuid = %s', NEW.debitorRelUuid);
SELECT * FROM hs_office_bankaccount WHERE uuid = NEW.refundBankAccountUuid INTO newRefundBankAccount; SELECT * FROM hs_office.bankaccount WHERE uuid = NEW.refundBankAccountUuid INTO newRefundBankAccount;
call rbac.grantRoleToRole(hsOfficeBankAccountREFERRER(newRefundBankAccount), hsOfficeRelationAGENT(newDebitorRel)); call rbac.grantRoleToRole(hsOfficeBankAccountREFERRER(newRefundBankAccount), hsOfficeRelationAGENT(newDebitorRel));
call rbac.grantRoleToRole(hsOfficeRelationADMIN(newDebitorRel), hsOfficeRelationADMIN(newPartnerRel)); call rbac.grantRoleToRole(hsOfficeRelationADMIN(newDebitorRel), hsOfficeRelationADMIN(newPartnerRel));
@ -65,22 +65,22 @@ begin
end; $$; end; $$;
/* /*
AFTER INSERT TRIGGER to create the role+grant structure for a new hs_office_debitor row. AFTER INSERT TRIGGER to create the role+grant structure for a new hs_office.debitor row.
*/ */
create or replace function insertTriggerForHsOfficeDebitor_tf() create or replace function hs_office.debitor_build_rbac_system_after_insert_tf()
returns trigger returns trigger
language plpgsql language plpgsql
strict as $$ strict as $$
begin begin
call buildRbacSystemForHsOfficeDebitor(NEW); call hs_office.debitor_build_rbac_system(NEW);
return NEW; return NEW;
end; $$; end; $$;
create trigger insertTriggerForHsOfficeDebitor_tg create trigger build_rbac_system_after_insert_tg
after insert on hs_office_debitor after insert on hs_office.debitor
for each row for each row
execute procedure insertTriggerForHsOfficeDebitor_tf(); execute procedure hs_office.debitor_build_rbac_system_after_insert_tf();
--// --//
@ -92,9 +92,9 @@ execute procedure insertTriggerForHsOfficeDebitor_tf();
Called from the AFTER UPDATE TRIGGER to re-wire the grants. Called from the AFTER UPDATE TRIGGER to re-wire the grants.
*/ */
create or replace procedure updateRbacRulesForHsOfficeDebitor( create or replace procedure hs_office.debitor_update_rbac_system(
OLD hs_office_debitor, OLD hs_office.debitor,
NEW hs_office_debitor NEW hs_office.debitor
) )
language plpgsql as $$ language plpgsql as $$
begin begin
@ -102,27 +102,27 @@ begin
if NEW.debitorRelUuid is distinct from OLD.debitorRelUuid if NEW.debitorRelUuid is distinct from OLD.debitorRelUuid
or NEW.refundBankAccountUuid is distinct from OLD.refundBankAccountUuid then or NEW.refundBankAccountUuid is distinct from OLD.refundBankAccountUuid then
delete from rbac.grants g where g.grantedbytriggerof = OLD.uuid; delete from rbac.grants g where g.grantedbytriggerof = OLD.uuid;
call buildRbacSystemForHsOfficeDebitor(NEW); call hs_office.debitor_build_rbac_system(NEW);
end if; end if;
end; $$; end; $$;
/* /*
AFTER INSERT TRIGGER to re-wire the grant structure for a new hs_office_debitor row. AFTER UPDATE TRIGGER to re-wire the grant structure for a new hs_office.debitor row.
*/ */
create or replace function updateTriggerForHsOfficeDebitor_tf() create or replace function hs_office.debitor_update_rbac_system_after_update_tf()
returns trigger returns trigger
language plpgsql language plpgsql
strict as $$ strict as $$
begin begin
call updateRbacRulesForHsOfficeDebitor(OLD, NEW); call hs_office.debitor_update_rbac_system(OLD, NEW);
return NEW; return NEW;
end; $$; end; $$;
create trigger updateTriggerForHsOfficeDebitor_tg create trigger update_rbac_system_after_update_tg
after update on hs_office_debitor after update on hs_office.debitor
for each row for each row
execute procedure updateTriggerForHsOfficeDebitor_tf(); execute procedure hs_office.debitor_update_rbac_system_after_update_tf();
--// --//
@ -133,45 +133,45 @@ execute procedure updateTriggerForHsOfficeDebitor_tf();
-- granting INSERT permission to rbac.global ---------------------------- -- granting INSERT permission to rbac.global ----------------------------
/* /*
Grants INSERT INTO hs_office_debitor permissions to specified role of pre-existing rbac.global rows. Grants INSERT INTO hs_office.debitor permissions to specified role of pre-existing rbac.global rows.
*/ */
do language plpgsql $$ do language plpgsql $$
declare declare
row rbac.global; row rbac.global;
begin begin
call base.defineContext('create INSERT INTO hs_office_debitor permissions for pre-exising rbac.global rows'); call base.defineContext('create INSERT INTO hs_office.debitor permissions for pre-exising rbac.global rows');
FOR row IN SELECT * FROM rbac.global FOR row IN SELECT * FROM rbac.global
-- unconditional for all rows in that table -- unconditional for all rows in that table
LOOP LOOP
call rbac.grantPermissionToRole( call rbac.grantPermissionToRole(
rbac.createPermission(row.uuid, 'INSERT', 'hs_office_debitor'), rbac.createPermission(row.uuid, 'INSERT', 'hs_office.debitor'),
rbac.globalADMIN()); rbac.globalADMIN());
END LOOP; END LOOP;
end; end;
$$; $$;
/** /**
Grants hs_office_debitor INSERT permission to specified role of new global rows. Grants hs_office.debitor INSERT permission to specified role of new global rows.
*/ */
create or replace function new_hsof_debitor_grants_insert_to_global_tf() create or replace function hs_office.new_debitor_grants_insert_to_global_tf()
returns trigger returns trigger
language plpgsql language plpgsql
strict as $$ strict as $$
begin begin
-- unconditional for all rows in that table -- unconditional for all rows in that table
call rbac.grantPermissionToRole( call rbac.grantPermissionToRole(
rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office_debitor'), rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office.debitor'),
rbac.globalADMIN()); rbac.globalADMIN());
-- end. -- end.
return NEW; return NEW;
end; $$; end; $$;
-- z_... is to put it at the end of after insert triggers, to make sure the roles exist -- z_... is to put it at the end of after insert triggers, to make sure the roles exist
create trigger z_new_hs_office_debitor_grants_after_insert_tg create trigger z_new_debitor_grants_after_insert_tg
after insert on rbac.global after insert on rbac.global
for each row for each row
execute procedure new_hsof_debitor_grants_insert_to_global_tf(); execute procedure hs_office.new_debitor_grants_insert_to_global_tf();
-- ============================================================================ -- ============================================================================
@ -179,27 +179,27 @@ execute procedure new_hsof_debitor_grants_insert_to_global_tf();
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
/** /**
Checks if the user respectively the assumed roles are allowed to insert a row to hs_office_debitor. Checks if the user respectively the assumed roles are allowed to insert a row to hs_office.debitor.
*/ */
create or replace function hs_office_debitor_insert_permission_check_tf() create or replace function hs_office.debitor_insert_permission_check_tf()
returns trigger returns trigger
language plpgsql as $$ language plpgsql as $$
declare declare
superObjectUuid uuid; superObjectUuid uuid;
begin begin
-- check INSERT INSERT if rbac.global ADMIN -- check INSERT permission if rbac.global ADMIN
if rbac.isGlobalAdmin() then if rbac.isGlobalAdmin() then
return NEW; return NEW;
end if; end if;
raise exception '[403] insert into hs_office_debitor values(%) not allowed for current subjects % (%)', raise exception '[403] insert into hs_office.debitor values(%) not allowed for current subjects % (%)',
NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
end; $$; end; $$;
create trigger hs_office_debitor_insert_permission_check_tg create trigger debitor_insert_permission_check_tg
before insert on hs_office_debitor before insert on hs_office.debitor
for each row for each row
execute procedure hs_office_debitor_insert_permission_check_tf(); execute procedure hs_office.debitor_insert_permission_check_tf();
--// --//
@ -207,18 +207,18 @@ create trigger hs_office_debitor_insert_permission_check_tg
--changeset RbacIdentityViewGenerator:hs-office-debitor-rbac-IDENTITY-VIEW endDelimiter:--// --changeset RbacIdentityViewGenerator:hs-office-debitor-rbac-IDENTITY-VIEW endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call rbac.generateRbacIdentityViewFromQuery('hs_office_debitor', call rbac.generateRbacIdentityViewFromQuery('hs_office.debitor',
$idName$ $idName$
SELECT debitor.uuid AS uuid, SELECT debitor.uuid AS uuid,
'D-' || (SELECT partner.partnerNumber 'D-' || (SELECT partner.partnerNumber
FROM hs_office_partner partner FROM hs_office.partner partner
JOIN hs_office_relation partnerRel JOIN hs_office.relation partnerRel
ON partnerRel.uuid = partner.partnerRelUUid AND partnerRel.type = 'PARTNER' ON partnerRel.uuid = partner.partnerRelUUid AND partnerRel.type = 'PARTNER'
JOIN hs_office_relation debitorRel JOIN hs_office.relation debitorRel
ON debitorRel.anchorUuid = partnerRel.holderUuid AND debitorRel.type = 'DEBITOR' ON debitorRel.anchorUuid = partnerRel.holderUuid AND debitorRel.type = 'DEBITOR'
WHERE debitorRel.uuid = debitor.debitorRelUuid) WHERE debitorRel.uuid = debitor.debitorRelUuid)
|| debitorNumberSuffix as idName || debitorNumberSuffix as idName
FROM hs_office_debitor AS debitor FROM hs_office.debitor AS debitor
$idName$); $idName$);
--// --//
@ -226,7 +226,7 @@ call rbac.generateRbacIdentityViewFromQuery('hs_office_debitor',
-- ============================================================================ -- ============================================================================
--changeset RbacRestrictedViewGenerator:hs-office-debitor-rbac-RESTRICTED-VIEW endDelimiter:--// --changeset RbacRestrictedViewGenerator:hs-office-debitor-rbac-RESTRICTED-VIEW endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call rbac.generateRbacRestrictedView('hs_office_debitor', call rbac.generateRbacRestrictedView('hs_office.debitor',
$orderBy$ $orderBy$
defaultPrefix defaultPrefix
$orderBy$, $orderBy$,

8
src/main/resources/db/changelog/5-hs-office/506-debitor/5068-hs-office-debitor-test-data.sql
View File

@ -24,21 +24,21 @@ begin
select debitorRel.uuid select debitorRel.uuid
into relatedDebitorRelUuid into relatedDebitorRelUuid
from hs_office_relation debitorRel from hs_office.relation debitorRel
join hs_office_person person on person.uuid = debitorRel.holderUuid join hs_office.person person on person.uuid = debitorRel.holderUuid
and (person.tradeName = forPartnerPersonName or person.familyName = forPartnerPersonName) and (person.tradeName = forPartnerPersonName or person.familyName = forPartnerPersonName)
where debitorRel.type = 'DEBITOR'; where debitorRel.type = 'DEBITOR';
select b.uuid select b.uuid
into relatedBankAccountUuid into relatedBankAccountUuid
from hs_office_bankaccount b from hs_office.bankaccount b
where b.holder = forPartnerPersonName; where b.holder = forPartnerPersonName;
raise notice 'creating test debitor: % (#%)', idName, withDebitorNumberSuffix; raise notice 'creating test debitor: % (#%)', idName, withDebitorNumberSuffix;
-- raise exception 'creating test debitor: (uuid=%, debitorRelUuid=%, debitornumbersuffix=%, billable=%, vatbusiness=%, vatreversecharge=%, refundbankaccountuuid=%, defaultprefix=%)', -- raise exception 'creating test debitor: (uuid=%, debitorRelUuid=%, debitornumbersuffix=%, billable=%, vatbusiness=%, vatreversecharge=%, refundbankaccountuuid=%, defaultprefix=%)',
-- uuid_generate_v4(), relatedDebitorRelUuid, withDebitorNumberSuffix, true, true, false, relatedBankAccountUuid, withDefaultPrefix; -- uuid_generate_v4(), relatedDebitorRelUuid, withDebitorNumberSuffix, true, true, false, relatedBankAccountUuid, withDefaultPrefix;
insert insert
into hs_office_debitor (uuid, debitorRelUuid, debitornumbersuffix, billable, vatbusiness, vatreversecharge, refundbankaccountuuid, defaultprefix) into hs_office.debitor (uuid, debitorRelUuid, debitornumbersuffix, billable, vatbusiness, vatreversecharge, refundbankaccountuuid, defaultprefix)
values (uuid_generate_v4(), relatedDebitorRelUuid, withDebitorNumberSuffix, true, true, false, relatedBankAccountUuid, withDefaultPrefix); values (uuid_generate_v4(), relatedDebitorRelUuid, withDebitorNumberSuffix, true, true, false, relatedBankAccountUuid, withDefaultPrefix);
end; $$; end; $$;
--// --//

8
src/main/resources/db/changelog/5-hs-office/507-sepamandate/5070-hs-office-sepamandate.sql
View File

@ -4,12 +4,12 @@
--changeset michael.hoennig:hs-office-sepamandate-MAIN-TABLE endDelimiter:--// --changeset michael.hoennig:hs-office-sepamandate-MAIN-TABLE endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
create table if not exists hs_office_sepamandate create table if not exists hs_office.sepamandate
( (
uuid uuid unique references rbac.object (uuid) initially deferred, uuid uuid unique references rbac.object (uuid) initially deferred,
version int not null default 0, version int not null default 0,
debitorUuid uuid not null references hs_office_debitor(uuid), debitorUuid uuid not null references hs_office.debitor(uuid),
bankAccountUuid uuid not null references hs_office_bankaccount(uuid), bankAccountUuid uuid not null references hs_office.bankaccount(uuid),
reference varchar(96) not null, reference varchar(96) not null,
agreement date not null, agreement date not null,
validity daterange not null validity daterange not null
@ -21,5 +21,5 @@ create table if not exists hs_office_sepamandate
--changeset michael.hoennig:hs-office-sepamandate-MAIN-TABLE-JOURNAL endDelimiter:--// --changeset michael.hoennig:hs-office-sepamandate-MAIN-TABLE-JOURNAL endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call base.create_journal('hs_office_sepamandate'); call base.create_journal('hs_office.sepamandate');
--// --//

82
src/main/resources/db/changelog/5-hs-office/507-sepamandate/5073-hs-office-sepamandate-rbac.sql
View File

@ -5,14 +5,14 @@
-- ============================================================================ -- ============================================================================
--changeset RbacObjectGenerator:hs-office-sepamandate-rbac-OBJECT endDelimiter:--// --changeset RbacObjectGenerator:hs-office-sepamandate-rbac-OBJECT endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call rbac.generateRelatedRbacObject('hs_office_sepamandate'); call rbac.generateRelatedRbacObject('hs_office.sepamandate');
--// --//
-- ============================================================================ -- ============================================================================
--changeset RbacRoleDescriptorsGenerator:hs-office-sepamandate-rbac-ROLE-DESCRIPTORS endDelimiter:--// --changeset RbacRoleDescriptorsGenerator:hs-office-sepamandate-rbac-ROLE-DESCRIPTORS endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call rbac.generateRbacRoleDescriptors('hsOfficeSepaMandate', 'hs_office_sepamandate'); call rbac.generateRbacRoleDescriptors('hsOfficeSepaMandate', 'hs_office.sepamandate');
--// --//
@ -24,24 +24,24 @@ call rbac.generateRbacRoleDescriptors('hsOfficeSepaMandate', 'hs_office_sepamand
Creates the roles, grants and permission for the AFTER INSERT TRIGGER. Creates the roles, grants and permission for the AFTER INSERT TRIGGER.
*/ */
create or replace procedure buildRbacSystemForHsOfficeSepaMandate( create or replace procedure hs_office.sepamandate_build_rbac_system(
NEW hs_office_sepamandate NEW hs_office.sepamandate
) )
language plpgsql as $$ language plpgsql as $$
declare declare
newBankAccount hs_office_bankaccount; newBankAccount hs_office.bankaccount;
newDebitorRel hs_office_relation; newDebitorRel hs_office.relation;
begin begin
call rbac.enterTriggerForObjectUuid(NEW.uuid); call rbac.enterTriggerForObjectUuid(NEW.uuid);
SELECT * FROM hs_office_bankaccount WHERE uuid = NEW.bankAccountUuid INTO newBankAccount; SELECT * FROM hs_office.bankaccount WHERE uuid = NEW.bankAccountUuid INTO newBankAccount;
assert newBankAccount.uuid is not null, format('newBankAccount must not be null for NEW.bankAccountUuid = %s', NEW.bankAccountUuid); assert newBankAccount.uuid is not null, format('newBankAccount must not be null for NEW.bankAccountUuid = %s', NEW.bankAccountUuid);
SELECT debitorRel.* SELECT debitorRel.*
FROM hs_office_relation debitorRel FROM hs_office.relation debitorRel
JOIN hs_office_debitor debitor ON debitor.debitorRelUuid = debitorRel.uuid JOIN hs_office.debitor debitor ON debitor.debitorRelUuid = debitorRel.uuid
WHERE debitor.uuid = NEW.debitorUuid WHERE debitor.uuid = NEW.debitorUuid
INTO newDebitorRel; INTO newDebitorRel;
assert newDebitorRel.uuid is not null, format('newDebitorRel must not be null for NEW.debitorUuid = %s', NEW.debitorUuid); assert newDebitorRel.uuid is not null, format('newDebitorRel must not be null for NEW.debitorUuid = %s', NEW.debitorUuid);
@ -82,22 +82,22 @@ begin
end; $$; end; $$;
/* /*
AFTER INSERT TRIGGER to create the role+grant structure for a new hs_office_sepamandate row. AFTER INSERT TRIGGER to create the role+grant structure for a new hs_office.sepamandate row.
*/ */
create or replace function insertTriggerForHsOfficeSepaMandate_tf() create or replace function hs_office.sepamandate_build_rbac_system_after_insert_tf()
returns trigger returns trigger
language plpgsql language plpgsql
strict as $$ strict as $$
begin begin
call buildRbacSystemForHsOfficeSepaMandate(NEW); call hs_office.sepamandate_build_rbac_system(NEW);
return NEW; return NEW;
end; $$; end; $$;
create trigger insertTriggerForHsOfficeSepaMandate_tg create trigger build_rbac_system_after_insert_tg
after insert on hs_office_sepamandate after insert on hs_office.sepamandate
for each row for each row
execute procedure insertTriggerForHsOfficeSepaMandate_tf(); execute procedure hs_office.sepamandate_build_rbac_system_after_insert_tf();
--// --//
@ -105,48 +105,48 @@ execute procedure insertTriggerForHsOfficeSepaMandate_tf();
--changeset InsertTriggerGenerator:hs-office-sepamandate-rbac-GRANTING-INSERT-PERMISSION endDelimiter:--// --changeset InsertTriggerGenerator:hs-office-sepamandate-rbac-GRANTING-INSERT-PERMISSION endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
-- granting INSERT permission to hs_office_relation ---------------------------- -- granting INSERT permission to hs_office.relation ----------------------------
/* /*
Grants INSERT INTO hs_office_sepamandate permissions to specified role of pre-existing hs_office_relation rows. Grants INSERT INTO hs_office.sepamandate permissions to specified role of pre-existing hs_office.relation rows.
*/ */
do language plpgsql $$ do language plpgsql $$
declare declare
row hs_office_relation; row hs_office.relation;
begin begin
call base.defineContext('create INSERT INTO hs_office_sepamandate permissions for pre-exising hs_office_relation rows'); call base.defineContext('create INSERT INTO hs_office.sepamandate permissions for pre-exising hs_office.relation rows');
FOR row IN SELECT * FROM hs_office_relation FOR row IN SELECT * FROM hs_office.relation
WHERE type = 'DEBITOR' WHERE type = 'DEBITOR'
LOOP LOOP
call rbac.grantPermissionToRole( call rbac.grantPermissionToRole(
rbac.createPermission(row.uuid, 'INSERT', 'hs_office_sepamandate'), rbac.createPermission(row.uuid, 'INSERT', 'hs_office.sepamandate'),
hsOfficeRelationADMIN(row)); hsOfficeRelationADMIN(row));
END LOOP; END LOOP;
end; end;
$$; $$;
/** /**
Grants hs_office_sepamandate INSERT permission to specified role of new hs_office_relation rows. Grants hs_office.sepamandate INSERT permission to specified role of new relation rows.
*/ */
create or replace function new_hsof_sepamandate_grants_insert_to_hsof_relation_tf() create or replace function hs_office.new_sepamandate_grants_insert_to_relation_tf()
returns trigger returns trigger
language plpgsql language plpgsql
strict as $$ strict as $$
begin begin
if NEW.type = 'DEBITOR' then if NEW.type = 'DEBITOR' then
call rbac.grantPermissionToRole( call rbac.grantPermissionToRole(
rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office_sepamandate'), rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office.sepamandate'),
hsOfficeRelationADMIN(NEW)); hsOfficeRelationADMIN(NEW));
end if; end if;
return NEW; return NEW;
end; $$; end; $$;
-- z_... is to put it at the end of after insert triggers, to make sure the roles exist -- z_... is to put it at the end of after insert triggers, to make sure the roles exist
create trigger z_new_hs_office_sepamandate_grants_after_insert_tg create trigger z_new_sepamandate_grants_after_insert_tg
after insert on hs_office_relation after insert on hs_office.relation
for each row for each row
execute procedure new_hsof_sepamandate_grants_insert_to_hsof_relation_tf(); execute procedure hs_office.new_sepamandate_grants_insert_to_relation_tf();
-- ============================================================================ -- ============================================================================
@ -154,9 +154,9 @@ execute procedure new_hsof_sepamandate_grants_insert_to_hsof_relation_tf();
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
/** /**
Checks if the user respectively the assumed roles are allowed to insert a row to hs_office_sepamandate. Checks if the user respectively the assumed roles are allowed to insert a row to hs_office.sepamandate.
*/ */
create or replace function hs_office_sepamandate_insert_permission_check_tf() create or replace function hs_office.sepamandate_insert_permission_check_tf()
returns trigger returns trigger
language plpgsql as $$ language plpgsql as $$
declare declare
@ -164,23 +164,23 @@ declare
begin begin
-- check INSERT permission via indirect foreign key: NEW.debitorUuid -- check INSERT permission via indirect foreign key: NEW.debitorUuid
superObjectUuid := (SELECT debitorRel.uuid superObjectUuid := (SELECT debitorRel.uuid
FROM hs_office_relation debitorRel FROM hs_office.relation debitorRel
JOIN hs_office_debitor debitor ON debitor.debitorRelUuid = debitorRel.uuid JOIN hs_office.debitor debitor ON debitor.debitorRelUuid = debitorRel.uuid
WHERE debitor.uuid = NEW.debitorUuid WHERE debitor.uuid = NEW.debitorUuid
); );
assert superObjectUuid is not null, 'object uuid fetched depending on hs_office_sepamandate.debitorUuid must not be null, also check fetchSql in RBAC DSL'; assert superObjectUuid is not null, 'object uuid fetched depending on hs_office.sepamandate.debitorUuid must not be null, also check fetchSql in RBAC DSL';
if rbac.hasInsertPermission(superObjectUuid, 'hs_office_sepamandate') then if rbac.hasInsertPermission(superObjectUuid, 'hs_office.sepamandate') then
return NEW; return NEW;
end if; end if;
raise exception '[403] insert into hs_office_sepamandate values(%) not allowed for current subjects % (%)', raise exception '[403] insert into hs_office.sepamandate values(%) not allowed for current subjects % (%)',
NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
end; $$; end; $$;
create trigger hs_office_sepamandate_insert_permission_check_tg create trigger sepamandate_insert_permission_check_tg
before insert on hs_office_sepamandate before insert on hs_office.sepamandate
for each row for each row
execute procedure hs_office_sepamandate_insert_permission_check_tf(); execute procedure hs_office.sepamandate_insert_permission_check_tf();
--// --//
@ -188,11 +188,11 @@ create trigger hs_office_sepamandate_insert_permission_check_tg
--changeset RbacIdentityViewGenerator:hs-office-sepamandate-rbac-IDENTITY-VIEW endDelimiter:--// --changeset RbacIdentityViewGenerator:hs-office-sepamandate-rbac-IDENTITY-VIEW endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call rbac.generateRbacIdentityViewFromQuery('hs_office_sepamandate', call rbac.generateRbacIdentityViewFromQuery('hs_office.sepamandate',
$idName$ $idName$
select sm.uuid as uuid, ba.iban || '-' || sm.validity as idName select sm.uuid as uuid, ba.iban || '-' || sm.validity as idName
from hs_office_sepamandate sm from hs_office.sepamandate sm
join hs_office_bankaccount ba on ba.uuid = sm.bankAccountUuid join hs_office.bankaccount ba on ba.uuid = sm.bankAccountUuid
$idName$); $idName$);
--// --//
@ -200,7 +200,7 @@ call rbac.generateRbacIdentityViewFromQuery('hs_office_sepamandate',
-- ============================================================================ -- ============================================================================
--changeset RbacRestrictedViewGenerator:hs-office-sepamandate-rbac-RESTRICTED-VIEW endDelimiter:--// --changeset RbacRestrictedViewGenerator:hs-office-sepamandate-rbac-RESTRICTED-VIEW endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call rbac.generateRbacRestrictedView('hs_office_sepamandate', call rbac.generateRbacRestrictedView('hs_office.sepamandate',
$orderBy$ $orderBy$
validity validity
$orderBy$, $orderBy$,

26
src/main/resources/db/changelog/5-hs-office/507-sepamandate/5076-hs-office-sepamandate-migration.sql
View File

@ -7,9 +7,9 @@
--changeset michael.hoennig:hs-office-sepamandate-MIGRATION-mapping endDelimiter:--// --changeset michael.hoennig:hs-office-sepamandate-MIGRATION-mapping endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
CREATE TABLE hs_office_sepamandate_legacy_id CREATE TABLE hs_office.sepamandate_legacy_id
( (
uuid uuid NOT NULL REFERENCES hs_office_sepamandate(uuid), uuid uuid NOT NULL REFERENCES hs_office.sepamandate(uuid),
sepa_mandate_id integer NOT NULL sepa_mandate_id integer NOT NULL
); );
--// --//
@ -19,10 +19,10 @@ CREATE TABLE hs_office_sepamandate_legacy_id
--changeset michael.hoennig:hs-office-sepamandate-MIGRATION-sequence endDelimiter:--// --changeset michael.hoennig:hs-office-sepamandate-MIGRATION-sequence endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
CREATE SEQUENCE IF NOT EXISTS hs_office_sepamandate_legacy_id_seq CREATE SEQUENCE IF NOT EXISTS hs_office.sepamandate_legacy_id_seq
AS integer AS integer
START 1000000000 START 1000000000
OWNED BY hs_office_sepamandate_legacy_id.sepa_mandate_id; OWNED BY hs_office.sepamandate_legacy_id.sepa_mandate_id;
--// --//
@ -30,9 +30,9 @@ CREATE SEQUENCE IF NOT EXISTS hs_office_sepamandate_legacy_id_seq
--changeset michael.hoennig:hs-office-sepamandate-MIGRATION-default endDelimiter:--// --changeset michael.hoennig:hs-office-sepamandate-MIGRATION-default endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
ALTER TABLE hs_office_sepamandate_legacy_id ALTER TABLE hs_office.sepamandate_legacy_id
ALTER COLUMN sepa_mandate_id ALTER COLUMN sepa_mandate_id
SET DEFAULT nextVal('hs_office_sepamandate_legacy_id_seq'); SET DEFAULT nextVal('hs_office.sepamandate_legacy_id_seq');
--/ --/
@ -42,8 +42,8 @@ ALTER TABLE hs_office_sepamandate_legacy_id
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
CALL base.defineContext('schema-migration'); CALL base.defineContext('schema-migration');
INSERT INTO hs_office_sepamandate_legacy_id(uuid, sepa_mandate_id) INSERT INTO hs_office.sepamandate_legacy_id(uuid, sepa_mandate_id)
SELECT uuid, nextVal('hs_office_sepamandate_legacy_id_seq') FROM hs_office_sepamandate; SELECT uuid, nextVal('hs_office.sepamandate_legacy_id_seq') FROM hs_office.sepamandate;
--/ --/
@ -59,14 +59,14 @@ begin
raise exception 'invalid usage of trigger'; raise exception 'invalid usage of trigger';
end if; end if;
INSERT INTO hs_office_sepamandate_legacy_id VALUES INSERT INTO hs_office.sepamandate_legacy_id VALUES
(NEW.uuid, nextVal('hs_office_sepamandate_legacy_id_seq')); (NEW.uuid, nextVal('hs_office.sepamandate_legacy_id_seq'));
return NEW; return NEW;
end; $$; end; $$;
create trigger createSepaMandateLegacyIdMapping create trigger createSepaMandateLegacyIdMapping
after insert on hs_office_sepamandate after insert on hs_office.sepamandate
for each row for each row
execute procedure insertSepaMandateLegacyIdMapping(); execute procedure insertSepaMandateLegacyIdMapping();
--/ --/
@ -84,14 +84,14 @@ begin
raise exception 'invalid usage of trigger'; raise exception 'invalid usage of trigger';
end if; end if;
DELETE FROM hs_office_sepamandate_legacy_id DELETE FROM hs_office.sepamandate_legacy_id
WHERE uuid = OLD.uuid; WHERE uuid = OLD.uuid;
return OLD; return OLD;
end; $$; end; $$;
create trigger removeSepaMandateLegacyIdMapping create trigger removeSepaMandateLegacyIdMapping
before delete on hs_office_sepamandate before delete on hs_office.sepamandate
for each row for each row
execute procedure deleteSepaMandateLegacyIdMapping(); execute procedure deleteSepaMandateLegacyIdMapping();
--/ --/

16
src/main/resources/db/changelog/5-hs-office/507-sepamandate/5078-hs-office-sepamandate-test-data.sql
View File

@ -15,23 +15,23 @@ create or replace procedure createHsOfficeSepaMandateTestData(
withReference varchar) withReference varchar)
language plpgsql as $$ language plpgsql as $$
declare declare
relatedDebitor hs_office_debitor; relatedDebitor hs_office.debitor;
relatedBankAccount hs_office_bankAccount; relatedBankAccount hs_office.bankAccount;
begin begin
select debitor.* into relatedDebitor select debitor.* into relatedDebitor
from hs_office_debitor debitor from hs_office.debitor debitor
join hs_office_relation debitorRel on debitorRel.uuid = debitor.debitorRelUuid join hs_office.relation debitorRel on debitorRel.uuid = debitor.debitorRelUuid
join hs_office_relation partnerRel on partnerRel.holderUuid = debitorRel.anchorUuid join hs_office.relation partnerRel on partnerRel.holderUuid = debitorRel.anchorUuid
join hs_office_partner partner on partner.partnerRelUuid = partnerRel.uuid join hs_office.partner partner on partner.partnerRelUuid = partnerRel.uuid
where partner.partnerNumber = forPartnerNumber and debitor.debitorNumberSuffix = forDebitorSuffix; where partner.partnerNumber = forPartnerNumber and debitor.debitorNumberSuffix = forDebitorSuffix;
select b.* into relatedBankAccount select b.* into relatedBankAccount
from hs_office_bankAccount b where b.iban = forIban; from hs_office.bankAccount b where b.iban = forIban;
raise notice 'creating test SEPA-mandate: %', forPartnerNumber::text || forDebitorSuffix::text; raise notice 'creating test SEPA-mandate: %', forPartnerNumber::text || forDebitorSuffix::text;
raise notice '- using debitor (%): %', relatedDebitor.uuid, relatedDebitor; raise notice '- using debitor (%): %', relatedDebitor.uuid, relatedDebitor;
raise notice '- using bankAccount (%): %', relatedBankAccount.uuid, relatedBankAccount; raise notice '- using bankAccount (%): %', relatedBankAccount.uuid, relatedBankAccount;
insert insert
into hs_office_sepamandate (uuid, debitoruuid, bankAccountuuid, reference, agreement, validity) into hs_office.sepamandate (uuid, debitoruuid, bankAccountuuid, reference, agreement, validity)
values (uuid_generate_v4(), relatedDebitor.uuid, relatedBankAccount.uuid, withReference, '20220930', daterange('20221001' , '20261231', '[]')); values (uuid_generate_v4(), relatedDebitor.uuid, relatedBankAccount.uuid, withReference, '20220930', daterange('20221001' , '20261231', '[]'));
end; $$; end; $$;
--// --//

6
src/main/resources/db/changelog/5-hs-office/510-membership/5100-hs-office-membership.sql
View File

@ -17,11 +17,11 @@ CREATE TYPE HsOfficeMembershipStatus AS ENUM (
CREATE CAST (character varying as HsOfficeMembershipStatus) WITH INOUT AS IMPLICIT; CREATE CAST (character varying as HsOfficeMembershipStatus) WITH INOUT AS IMPLICIT;
create table if not exists hs_office_membership create table if not exists hs_office.membership
( (
uuid uuid unique references rbac.object (uuid) initially deferred, uuid uuid unique references rbac.object (uuid) initially deferred,
version int not null default 0, version int not null default 0,
partnerUuid uuid not null references hs_office_partner(uuid), partnerUuid uuid not null references hs_office.partner(uuid),
memberNumberSuffix char(2) not null check (memberNumberSuffix::text ~ '^[0-9][0-9]$'), memberNumberSuffix char(2) not null check (memberNumberSuffix::text ~ '^[0-9][0-9]$'),
validity daterange not null, validity daterange not null,
status HsOfficeMembershipStatus not null default 'ACTIVE', status HsOfficeMembershipStatus not null default 'ACTIVE',
@ -36,5 +36,5 @@ create table if not exists hs_office_membership
--changeset michael.hoennig:hs-office-membership-MAIN-TABLE-JOURNAL endDelimiter:--// --changeset michael.hoennig:hs-office-membership-MAIN-TABLE-JOURNAL endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call base.create_journal('hs_office_membership'); call base.create_journal('hs_office.membership');
--// --//

64
src/main/resources/db/changelog/5-hs-office/510-membership/5103-hs-office-membership-rbac.sql
View File

@ -5,14 +5,14 @@
-- ============================================================================ -- ============================================================================
--changeset RbacObjectGenerator:hs-office-membership-rbac-OBJECT endDelimiter:--// --changeset RbacObjectGenerator:hs-office-membership-rbac-OBJECT endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call rbac.generateRelatedRbacObject('hs_office_membership'); call rbac.generateRelatedRbacObject('hs_office.membership');
--// --//
-- ============================================================================ -- ============================================================================
--changeset RbacRoleDescriptorsGenerator:hs-office-membership-rbac-ROLE-DESCRIPTORS endDelimiter:--// --changeset RbacRoleDescriptorsGenerator:hs-office-membership-rbac-ROLE-DESCRIPTORS endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call rbac.generateRbacRoleDescriptors('hsOfficeMembership', 'hs_office_membership'); call rbac.generateRbacRoleDescriptors('hsOfficeMembership', 'hs_office.membership');
--// --//
@ -24,20 +24,20 @@ call rbac.generateRbacRoleDescriptors('hsOfficeMembership', 'hs_office_membershi
Creates the roles, grants and permission for the AFTER INSERT TRIGGER. Creates the roles, grants and permission for the AFTER INSERT TRIGGER.
*/ */
create or replace procedure buildRbacSystemForHsOfficeMembership( create or replace procedure hs_office.membership_build_rbac_system(
NEW hs_office_membership NEW hs_office.membership
) )
language plpgsql as $$ language plpgsql as $$
declare declare
newPartnerRel hs_office_relation; newPartnerRel hs_office.relation;
begin begin
call rbac.enterTriggerForObjectUuid(NEW.uuid); call rbac.enterTriggerForObjectUuid(NEW.uuid);
SELECT partnerRel.* SELECT partnerRel.*
FROM hs_office_partner AS partner FROM hs_office.partner AS partner
JOIN hs_office_relation AS partnerRel ON partnerRel.uuid = partner.partnerRelUuid JOIN hs_office.relation AS partnerRel ON partnerRel.uuid = partner.partnerRelUuid
WHERE partner.uuid = NEW.partnerUuid WHERE partner.uuid = NEW.partnerUuid
INTO newPartnerRel; INTO newPartnerRel;
assert newPartnerRel.uuid is not null, format('newPartnerRel must not be null for NEW.partnerUuid = %s', NEW.partnerUuid); assert newPartnerRel.uuid is not null, format('newPartnerRel must not be null for NEW.partnerUuid = %s', NEW.partnerUuid);
@ -69,22 +69,22 @@ begin
end; $$; end; $$;
/* /*
AFTER INSERT TRIGGER to create the role+grant structure for a new hs_office_membership row. AFTER INSERT TRIGGER to create the role+grant structure for a new hs_office.membership row.
*/ */
create or replace function insertTriggerForHsOfficeMembership_tf() create or replace function hs_office.membership_build_rbac_system_after_insert_tf()
returns trigger returns trigger
language plpgsql language plpgsql
strict as $$ strict as $$
begin begin
call buildRbacSystemForHsOfficeMembership(NEW); call hs_office.membership_build_rbac_system(NEW);
return NEW; return NEW;
end; $$; end; $$;
create trigger insertTriggerForHsOfficeMembership_tg create trigger build_rbac_system_after_insert_tg
after insert on hs_office_membership after insert on hs_office.membership
for each row for each row
execute procedure insertTriggerForHsOfficeMembership_tf(); execute procedure hs_office.membership_build_rbac_system_after_insert_tf();
--// --//
@ -95,45 +95,45 @@ execute procedure insertTriggerForHsOfficeMembership_tf();
-- granting INSERT permission to rbac.global ---------------------------- -- granting INSERT permission to rbac.global ----------------------------
/* /*
Grants INSERT INTO hs_office_membership permissions to specified role of pre-existing rbac.global rows. Grants INSERT INTO hs_office.membership permissions to specified role of pre-existing rbac.global rows.
*/ */
do language plpgsql $$ do language plpgsql $$
declare declare
row rbac.global; row rbac.global;
begin begin
call base.defineContext('create INSERT INTO hs_office_membership permissions for pre-exising rbac.global rows'); call base.defineContext('create INSERT INTO hs_office.membership permissions for pre-exising rbac.global rows');
FOR row IN SELECT * FROM rbac.global FOR row IN SELECT * FROM rbac.global
-- unconditional for all rows in that table -- unconditional for all rows in that table
LOOP LOOP
call rbac.grantPermissionToRole( call rbac.grantPermissionToRole(
rbac.createPermission(row.uuid, 'INSERT', 'hs_office_membership'), rbac.createPermission(row.uuid, 'INSERT', 'hs_office.membership'),
rbac.globalADMIN()); rbac.globalADMIN());
END LOOP; END LOOP;
end; end;
$$; $$;
/** /**
Grants hs_office_membership INSERT permission to specified role of new global rows. Grants hs_office.membership INSERT permission to specified role of new global rows.
*/ */
create or replace function new_hsof_membership_grants_insert_to_global_tf() create or replace function hs_office.new_membership_grants_insert_to_global_tf()
returns trigger returns trigger
language plpgsql language plpgsql
strict as $$ strict as $$
begin begin
-- unconditional for all rows in that table -- unconditional for all rows in that table
call rbac.grantPermissionToRole( call rbac.grantPermissionToRole(
rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office_membership'), rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office.membership'),
rbac.globalADMIN()); rbac.globalADMIN());
-- end. -- end.
return NEW; return NEW;
end; $$; end; $$;
-- z_... is to put it at the end of after insert triggers, to make sure the roles exist -- z_... is to put it at the end of after insert triggers, to make sure the roles exist
create trigger z_new_hs_office_membership_grants_after_insert_tg create trigger z_new_membership_grants_after_insert_tg
after insert on rbac.global after insert on rbac.global
for each row for each row
execute procedure new_hsof_membership_grants_insert_to_global_tf(); execute procedure hs_office.new_membership_grants_insert_to_global_tf();
-- ============================================================================ -- ============================================================================
@ -141,27 +141,27 @@ execute procedure new_hsof_membership_grants_insert_to_global_tf();
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
/** /**
Checks if the user respectively the assumed roles are allowed to insert a row to hs_office_membership. Checks if the user respectively the assumed roles are allowed to insert a row to hs_office.membership.
*/ */
create or replace function hs_office_membership_insert_permission_check_tf() create or replace function hs_office.membership_insert_permission_check_tf()
returns trigger returns trigger
language plpgsql as $$ language plpgsql as $$
declare declare
superObjectUuid uuid; superObjectUuid uuid;
begin begin
-- check INSERT INSERT if rbac.global ADMIN -- check INSERT permission if rbac.global ADMIN
if rbac.isGlobalAdmin() then if rbac.isGlobalAdmin() then
return NEW; return NEW;
end if; end if;
raise exception '[403] insert into hs_office_membership values(%) not allowed for current subjects % (%)', raise exception '[403] insert into hs_office.membership values(%) not allowed for current subjects % (%)',
NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
end; $$; end; $$;
create trigger hs_office_membership_insert_permission_check_tg create trigger membership_insert_permission_check_tg
before insert on hs_office_membership before insert on hs_office.membership
for each row for each row
execute procedure hs_office_membership_insert_permission_check_tf(); execute procedure hs_office.membership_insert_permission_check_tf();
--// --//
@ -169,12 +169,12 @@ create trigger hs_office_membership_insert_permission_check_tg
--changeset RbacIdentityViewGenerator:hs-office-membership-rbac-IDENTITY-VIEW endDelimiter:--// --changeset RbacIdentityViewGenerator:hs-office-membership-rbac-IDENTITY-VIEW endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call rbac.generateRbacIdentityViewFromQuery('hs_office_membership', call rbac.generateRbacIdentityViewFromQuery('hs_office.membership',
$idName$ $idName$
SELECT m.uuid AS uuid, SELECT m.uuid AS uuid,
'M-' || p.partnerNumber || m.memberNumberSuffix as idName 'M-' || p.partnerNumber || m.memberNumberSuffix as idName
FROM hs_office_membership AS m FROM hs_office.membership AS m
JOIN hs_office_partner AS p ON p.uuid = m.partnerUuid JOIN hs_office.partner AS p ON p.uuid = m.partnerUuid
$idName$); $idName$);
--// --//
@ -182,7 +182,7 @@ call rbac.generateRbacIdentityViewFromQuery('hs_office_membership',
-- ============================================================================ -- ============================================================================
--changeset RbacRestrictedViewGenerator:hs-office-membership-rbac-RESTRICTED-VIEW endDelimiter:--// --changeset RbacRestrictedViewGenerator:hs-office-membership-rbac-RESTRICTED-VIEW endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call rbac.generateRbacRestrictedView('hs_office_membership', call rbac.generateRbacRestrictedView('hs_office.membership',
$orderBy$ $orderBy$
validity validity
$orderBy$, $orderBy$,

6
src/main/resources/db/changelog/5-hs-office/510-membership/5108-hs-office-membership-test-data.sql
View File

@ -13,15 +13,15 @@ create or replace procedure createHsOfficeMembershipTestData(
newMemberNumberSuffix char(2) ) newMemberNumberSuffix char(2) )
language plpgsql as $$ language plpgsql as $$
declare declare
relatedPartner hs_office_partner; relatedPartner hs_office.partner;
begin begin
select partner.* from hs_office_partner partner select partner.* from hs_office.partner partner
where partner.partnerNumber = forPartnerNumber into relatedPartner; where partner.partnerNumber = forPartnerNumber into relatedPartner;
raise notice 'creating test Membership: M-% %', forPartnerNumber, newMemberNumberSuffix; raise notice 'creating test Membership: M-% %', forPartnerNumber, newMemberNumberSuffix;
raise notice '- using partner (%): %', relatedPartner.uuid, relatedPartner; raise notice '- using partner (%): %', relatedPartner.uuid, relatedPartner;
insert insert
into hs_office_membership (uuid, partneruuid, memberNumberSuffix, validity, status) into hs_office.membership (uuid, partneruuid, memberNumberSuffix, validity, status)
values (uuid_generate_v4(), relatedPartner.uuid, newMemberNumberSuffix, daterange('20221001' , null, '[]'), 'ACTIVE'); values (uuid_generate_v4(), relatedPartner.uuid, newMemberNumberSuffix, daterange('20221001' , null, '[]'), 'ACTIVE');
end; $$; end; $$;
--// --//

18
src/main/resources/db/changelog/5-hs-office/511-coopshares/5110-hs-office-coopshares.sql
View File

@ -8,16 +8,16 @@ CREATE TYPE HsOfficeCoopSharesTransactionType AS ENUM ('ADJUSTMENT', 'SUBSCRIPTI
CREATE CAST (character varying as HsOfficeCoopSharesTransactionType) WITH INOUT AS IMPLICIT; CREATE CAST (character varying as HsOfficeCoopSharesTransactionType) WITH INOUT AS IMPLICIT;
create table if not exists hs_office_coopsharestransaction create table if not exists hs_office.coopsharestransaction
( (
uuid uuid unique references rbac.object (uuid) initially deferred, uuid uuid unique references rbac.object (uuid) initially deferred,
version int not null default 0, version int not null default 0,
membershipUuid uuid not null references hs_office_membership(uuid), membershipUuid uuid not null references hs_office.membership(uuid),
transactionType HsOfficeCoopSharesTransactionType not null, transactionType HsOfficeCoopSharesTransactionType not null,
valueDate date not null, valueDate date not null,
shareCount integer not null, shareCount integer not null,
reference varchar(48) not null, reference varchar(48) not null,
adjustedShareTxUuid uuid unique REFERENCES hs_office_coopsharestransaction(uuid) DEFERRABLE INITIALLY DEFERRED, adjustedShareTxUuid uuid unique REFERENCES hs_office.coopsharestransaction(uuid) DEFERRABLE INITIALLY DEFERRED,
comment varchar(512) comment varchar(512)
); );
--// --//
@ -26,8 +26,8 @@ create table if not exists hs_office_coopsharestransaction
--changeset michael.hoennig:hs-office-coopshares-BUSINESS-RULES endDelimiter:--// --changeset michael.hoennig:hs-office-coopshares-BUSINESS-RULES endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
alter table hs_office_coopsharestransaction alter table hs_office.coopsharestransaction
add constraint hs_office_coopsharestransaction_reverse_entry_missing add constraint reverse_entry_missing
check ( transactionType = 'ADJUSTMENT' and adjustedShareTxUuid is not null check ( transactionType = 'ADJUSTMENT' and adjustedShareTxUuid is not null
or transactionType <> 'ADJUSTMENT' and adjustedShareTxUuid is null); or transactionType <> 'ADJUSTMENT' and adjustedShareTxUuid is null);
--// --//
@ -44,7 +44,7 @@ declare
totalShareCount integer; totalShareCount integer;
begin begin
select sum(cst.shareCount) select sum(cst.shareCount)
from hs_office_coopsharestransaction cst from hs_office.coopsharestransaction cst
where cst.membershipUuid = forMembershipUuid where cst.membershipUuid = forMembershipUuid
into currentShareCount; into currentShareCount;
totalShareCount := currentShareCount + newShareCount; totalShareCount := currentShareCount + newShareCount;
@ -54,8 +54,8 @@ begin
return true; return true;
end; $$; end; $$;
alter table hs_office_coopsharestransaction alter table hs_office.coopsharestransaction
add constraint hs_office_coopshares_positive add constraint check_positive_total_shares_count
check ( checkSharesByMembershipUuid(membershipUuid, shareCount) ); check ( checkSharesByMembershipUuid(membershipUuid, shareCount) );
--// --//
@ -64,5 +64,5 @@ alter table hs_office_coopsharestransaction
--changeset michael.hoennig:hs-office-coopshares-MAIN-TABLE-JOURNAL endDelimiter:--// --changeset michael.hoennig:hs-office-coopshares-MAIN-TABLE-JOURNAL endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call base.create_journal('hs_office_coopsharestransaction'); call base.create_journal('hs_office.coopsharestransaction');
--// --//

66
src/main/resources/db/changelog/5-hs-office/511-coopshares/5113-hs-office-coopshares-rbac.sql
View File

@ -5,14 +5,14 @@
-- ============================================================================ -- ============================================================================
--changeset RbacObjectGenerator:hs-office-coopsharestransaction-rbac-OBJECT endDelimiter:--// --changeset RbacObjectGenerator:hs-office-coopsharestransaction-rbac-OBJECT endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call rbac.generateRelatedRbacObject('hs_office_coopsharestransaction'); call rbac.generateRelatedRbacObject('hs_office.coopsharestransaction');
--// --//
-- ============================================================================ -- ============================================================================
--changeset RbacRoleDescriptorsGenerator:hs-office-coopsharestransaction-rbac-ROLE-DESCRIPTORS endDelimiter:--// --changeset RbacRoleDescriptorsGenerator:hs-office-coopsharestransaction-rbac-ROLE-DESCRIPTORS endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call rbac.generateRbacRoleDescriptors('hsOfficeCoopSharesTransaction', 'hs_office_coopsharestransaction'); call rbac.generateRbacRoleDescriptors('hsOfficeCoopSharesTransaction', 'hs_office.coopsharestransaction');
--// --//
@ -24,18 +24,18 @@ call rbac.generateRbacRoleDescriptors('hsOfficeCoopSharesTransaction', 'hs_offic
Creates the roles, grants and permission for the AFTER INSERT TRIGGER. Creates the roles, grants and permission for the AFTER INSERT TRIGGER.
*/ */
create or replace procedure buildRbacSystemForHsOfficeCoopSharesTransaction( create or replace procedure hs_office.coopsharestransaction_build_rbac_system(
NEW hs_office_coopsharestransaction NEW hs_office.coopsharestransaction
) )
language plpgsql as $$ language plpgsql as $$
declare declare
newMembership hs_office_membership; newMembership hs_office.membership;
begin begin
call rbac.enterTriggerForObjectUuid(NEW.uuid); call rbac.enterTriggerForObjectUuid(NEW.uuid);
SELECT * FROM hs_office_membership WHERE uuid = NEW.membershipUuid INTO newMembership; SELECT * FROM hs_office.membership WHERE uuid = NEW.membershipUuid INTO newMembership;
assert newMembership.uuid is not null, format('newMembership must not be null for NEW.membershipUuid = %s', NEW.membershipUuid); assert newMembership.uuid is not null, format('newMembership must not be null for NEW.membershipUuid = %s', NEW.membershipUuid);
call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'SELECT'), hsOfficeMembershipAGENT(newMembership)); call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'SELECT'), hsOfficeMembershipAGENT(newMembership));
@ -45,22 +45,22 @@ begin
end; $$; end; $$;
/* /*
AFTER INSERT TRIGGER to create the role+grant structure for a new hs_office_coopsharestransaction row. AFTER INSERT TRIGGER to create the role+grant structure for a new hs_office.coopsharestransaction row.
*/ */
create or replace function insertTriggerForHsOfficeCoopSharesTransaction_tf() create or replace function hs_office.coopsharestransaction_build_rbac_system_after_insert_tf()
returns trigger returns trigger
language plpgsql language plpgsql
strict as $$ strict as $$
begin begin
call buildRbacSystemForHsOfficeCoopSharesTransaction(NEW); call hs_office.coopsharestransaction_build_rbac_system(NEW);
return NEW; return NEW;
end; $$; end; $$;
create trigger insertTriggerForHsOfficeCoopSharesTransaction_tg create trigger build_rbac_system_after_insert_tg
after insert on hs_office_coopsharestransaction after insert on hs_office.coopsharestransaction
for each row for each row
execute procedure insertTriggerForHsOfficeCoopSharesTransaction_tf(); execute procedure hs_office.coopsharestransaction_build_rbac_system_after_insert_tf();
--// --//
@ -68,48 +68,48 @@ execute procedure insertTriggerForHsOfficeCoopSharesTransaction_tf();
--changeset InsertTriggerGenerator:hs-office-coopsharestransaction-rbac-GRANTING-INSERT-PERMISSION endDelimiter:--// --changeset InsertTriggerGenerator:hs-office-coopsharestransaction-rbac-GRANTING-INSERT-PERMISSION endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
-- granting INSERT permission to hs_office_membership ---------------------------- -- granting INSERT permission to hs_office.membership ----------------------------
/* /*
Grants INSERT INTO hs_office_coopsharestransaction permissions to specified role of pre-existing hs_office_membership rows. Grants INSERT INTO hs_office.coopsharestransaction permissions to specified role of pre-existing hs_office.membership rows.
*/ */
do language plpgsql $$ do language plpgsql $$
declare declare
row hs_office_membership; row hs_office.membership;
begin begin
call base.defineContext('create INSERT INTO hs_office_coopsharestransaction permissions for pre-exising hs_office_membership rows'); call base.defineContext('create INSERT INTO hs_office.coopsharestransaction permissions for pre-exising hs_office.membership rows');
FOR row IN SELECT * FROM hs_office_membership FOR row IN SELECT * FROM hs_office.membership
-- unconditional for all rows in that table -- unconditional for all rows in that table
LOOP LOOP
call rbac.grantPermissionToRole( call rbac.grantPermissionToRole(
rbac.createPermission(row.uuid, 'INSERT', 'hs_office_coopsharestransaction'), rbac.createPermission(row.uuid, 'INSERT', 'hs_office.coopsharestransaction'),
hsOfficeMembershipADMIN(row)); hsOfficeMembershipADMIN(row));
END LOOP; END LOOP;
end; end;
$$; $$;
/** /**
Grants hs_office_coopsharestransaction INSERT permission to specified role of new hs_office_membership rows. Grants hs_office.coopsharestransaction INSERT permission to specified role of new membership rows.
*/ */
create or replace function new_hsof_coopsharetx_grants_insert_to_hsof_membership_tf() create or replace function hs_office.new_coopsharetx_grants_insert_to_membership_tf()
returns trigger returns trigger
language plpgsql language plpgsql
strict as $$ strict as $$
begin begin
-- unconditional for all rows in that table -- unconditional for all rows in that table
call rbac.grantPermissionToRole( call rbac.grantPermissionToRole(
rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office_coopsharestransaction'), rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office.coopsharestransaction'),
hsOfficeMembershipADMIN(NEW)); hsOfficeMembershipADMIN(NEW));
-- end. -- end.
return NEW; return NEW;
end; $$; end; $$;
-- z_... is to put it at the end of after insert triggers, to make sure the roles exist -- z_... is to put it at the end of after insert triggers, to make sure the roles exist
create trigger z_new_hs_office_coopsharestransaction_grants_after_insert_tg create trigger z_new_coopsharestransaction_grants_after_insert_tg
after insert on hs_office_membership after insert on hs_office.membership
for each row for each row
execute procedure new_hsof_coopsharetx_grants_insert_to_hsof_membership_tf(); execute procedure hs_office.new_coopsharetx_grants_insert_to_membership_tf();
-- ============================================================================ -- ============================================================================
@ -117,27 +117,27 @@ execute procedure new_hsof_coopsharetx_grants_insert_to_hsof_membership_tf();
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
/** /**
Checks if the user respectively the assumed roles are allowed to insert a row to hs_office_coopsharestransaction. Checks if the user respectively the assumed roles are allowed to insert a row to hs_office.coopsharestransaction.
*/ */
create or replace function hs_office_coopsharestransaction_insert_permission_check_tf() create or replace function hs_office.coopsharestransaction_insert_permission_check_tf()
returns trigger returns trigger
language plpgsql as $$ language plpgsql as $$
declare declare
superObjectUuid uuid; superObjectUuid uuid;
begin begin
-- check INSERT permission via direct foreign key: NEW.membershipUuid -- check INSERT permission via direct foreign key: NEW.membershipUuid
if rbac.hasInsertPermission(NEW.membershipUuid, 'hs_office_coopsharestransaction') then if rbac.hasInsertPermission(NEW.membershipUuid, 'hs_office.coopsharestransaction') then
return NEW; return NEW;
end if; end if;
raise exception '[403] insert into hs_office_coopsharestransaction values(%) not allowed for current subjects % (%)', raise exception '[403] insert into hs_office.coopsharestransaction values(%) not allowed for current subjects % (%)',
NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
end; $$; end; $$;
create trigger hs_office_coopsharestransaction_insert_permission_check_tg create trigger coopsharestransaction_insert_permission_check_tg
before insert on hs_office_coopsharestransaction before insert on hs_office.coopsharestransaction
for each row for each row
execute procedure hs_office_coopsharestransaction_insert_permission_check_tf(); execute procedure hs_office.coopsharestransaction_insert_permission_check_tf();
--// --//
@ -145,7 +145,7 @@ create trigger hs_office_coopsharestransaction_insert_permission_check_tg
--changeset RbacIdentityViewGenerator:hs-office-coopsharestransaction-rbac-IDENTITY-VIEW endDelimiter:--// --changeset RbacIdentityViewGenerator:hs-office-coopsharestransaction-rbac-IDENTITY-VIEW endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call rbac.generateRbacIdentityViewFromProjection('hs_office_coopsharestransaction', call rbac.generateRbacIdentityViewFromProjection('hs_office.coopsharestransaction',
$idName$ $idName$
reference reference
$idName$); $idName$);
@ -155,7 +155,7 @@ call rbac.generateRbacIdentityViewFromProjection('hs_office_coopsharestransactio
-- ============================================================================ -- ============================================================================
--changeset RbacRestrictedViewGenerator:hs-office-coopsharestransaction-rbac-RESTRICTED-VIEW endDelimiter:--// --changeset RbacRestrictedViewGenerator:hs-office-coopsharestransaction-rbac-RESTRICTED-VIEW endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call rbac.generateRbacRestrictedView('hs_office_coopsharestransaction', call rbac.generateRbacRestrictedView('hs_office.coopsharestransaction',
$orderBy$ $orderBy$
reference reference
$orderBy$, $orderBy$,

26
src/main/resources/db/changelog/5-hs-office/511-coopshares/5116-hs-office-coopshares-migration.sql
View File

@ -7,9 +7,9 @@
--changeset michael.hoennig:hs-office-coopshares-MIGRATION-mapping endDelimiter:--// --changeset michael.hoennig:hs-office-coopshares-MIGRATION-mapping endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
CREATE TABLE hs_office_coopsharestransaction_legacy_id CREATE TABLE hs_office.coopsharestransaction_legacy_id
( (
uuid uuid NOT NULL REFERENCES hs_office_coopsharestransaction(uuid), uuid uuid NOT NULL REFERENCES hs_office.coopsharestransaction(uuid),
member_share_id integer NOT NULL member_share_id integer NOT NULL
); );
--// --//
@ -19,10 +19,10 @@ CREATE TABLE hs_office_coopsharestransaction_legacy_id
--changeset michael.hoennig:hs-office-coopshares-MIGRATION-sequence endDelimiter:--// --changeset michael.hoennig:hs-office-coopshares-MIGRATION-sequence endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
CREATE SEQUENCE IF NOT EXISTS hs_office_coopsharestransaction_legacy_id_seq CREATE SEQUENCE IF NOT EXISTS hs_office.coopsharestransaction_legacy_id_seq
AS integer AS integer
START 1000000000 START 1000000000
OWNED BY hs_office_coopsharestransaction_legacy_id.member_share_id; OWNED BY hs_office.coopsharestransaction_legacy_id.member_share_id;
--// --//
@ -30,9 +30,9 @@ CREATE SEQUENCE IF NOT EXISTS hs_office_coopsharestransaction_legacy_id_seq
--changeset michael.hoennig:hs-office-coopshares-MIGRATION-default endDelimiter:--// --changeset michael.hoennig:hs-office-coopshares-MIGRATION-default endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
ALTER TABLE hs_office_coopsharestransaction_legacy_id ALTER TABLE hs_office.coopsharestransaction_legacy_id
ALTER COLUMN member_share_id ALTER COLUMN member_share_id
SET DEFAULT nextVal('hs_office_coopsharestransaction_legacy_id_seq'); SET DEFAULT nextVal('hs_office.coopsharestransaction_legacy_id_seq');
--/ --/
@ -41,8 +41,8 @@ ALTER TABLE hs_office_coopsharestransaction_legacy_id
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
CALL base.defineContext('schema-migration'); CALL base.defineContext('schema-migration');
INSERT INTO hs_office_coopsharestransaction_legacy_id(uuid, member_share_id) INSERT INTO hs_office.coopsharestransaction_legacy_id(uuid, member_share_id)
SELECT uuid, nextVal('hs_office_coopsharestransaction_legacy_id_seq') FROM hs_office_coopsharestransaction; SELECT uuid, nextVal('hs_office.coopsharestransaction_legacy_id_seq') FROM hs_office.coopsharestransaction;
--/ --/
@ -58,14 +58,14 @@ begin
raise exception 'invalid usage of trigger'; raise exception 'invalid usage of trigger';
end if; end if;
INSERT INTO hs_office_coopsharestransaction_legacy_id VALUES INSERT INTO hs_office.coopsharestransaction_legacy_id VALUES
(NEW.uuid, nextVal('hs_office_coopsharestransaction_legacy_id_seq')); (NEW.uuid, nextVal('hs_office.coopsharestransaction_legacy_id_seq'));
return NEW; return NEW;
end; $$; end; $$;
create trigger createCoopSharesLegacyIdMapping create trigger createCoopSharesLegacyIdMapping
after insert on hs_office_coopsharestransaction after insert on hs_office.coopsharestransaction
for each row for each row
execute procedure insertCoopSharesLegacyIdMapping(); execute procedure insertCoopSharesLegacyIdMapping();
--/ --/
@ -83,14 +83,14 @@ begin
raise exception 'invalid usage of trigger'; raise exception 'invalid usage of trigger';
end if; end if;
DELETE FROM hs_office_coopsharestransaction_legacy_id DELETE FROM hs_office.coopsharestransaction_legacy_id
WHERE uuid = OLD.uuid; WHERE uuid = OLD.uuid;
return OLD; return OLD;
end; $$; end; $$;
create trigger removeCoopSharesLegacyIdMapping create trigger removeCoopSharesLegacyIdMapping
before delete on hs_office_coopsharestransaction before delete on hs_office.coopsharestransaction
for each row for each row
execute procedure deleteCoopSharesLegacyIdMapping(); execute procedure deleteCoopSharesLegacyIdMapping();
--/ --/

8
src/main/resources/db/changelog/5-hs-office/511-coopshares/5118-hs-office-coopshares-test-data.sql
View File

@ -14,12 +14,12 @@ create or replace procedure createHsOfficeCoopSharesTransactionTestData(
) )
language plpgsql as $$ language plpgsql as $$
declare declare
membership hs_office_membership; membership hs_office.membership;
subscriptionEntryUuid uuid; subscriptionEntryUuid uuid;
begin begin
select m.uuid select m.uuid
from hs_office_membership m from hs_office.membership m
join hs_office_partner p on p.uuid = m.partneruuid join hs_office.partner p on p.uuid = m.partneruuid
where p.partnerNumber = givenPartnerNumber where p.partnerNumber = givenPartnerNumber
and m.memberNumberSuffix = givenMemberNumberSuffix and m.memberNumberSuffix = givenMemberNumberSuffix
into membership; into membership;
@ -27,7 +27,7 @@ begin
raise notice 'creating test coopSharesTransaction: %', givenPartnerNumber::text || givenMemberNumberSuffix; raise notice 'creating test coopSharesTransaction: %', givenPartnerNumber::text || givenMemberNumberSuffix;
subscriptionEntryUuid := uuid_generate_v4(); subscriptionEntryUuid := uuid_generate_v4();
insert insert
into hs_office_coopsharestransaction(uuid, membershipuuid, transactiontype, valuedate, sharecount, reference, comment, adjustedShareTxUuid) into hs_office.coopsharestransaction(uuid, membershipuuid, transactiontype, valuedate, sharecount, reference, comment, adjustedShareTxUuid)
values values
(uuid_generate_v4(), membership.uuid, 'SUBSCRIPTION', '2010-03-15', 4, 'ref '||givenPartnerNumber::text || givenMemberNumberSuffix||'-1', 'initial subscription', null), (uuid_generate_v4(), membership.uuid, 'SUBSCRIPTION', '2010-03-15', 4, 'ref '||givenPartnerNumber::text || givenMemberNumberSuffix||'-1', 'initial subscription', null),
(uuid_generate_v4(), membership.uuid, 'CANCELLATION', '2021-09-01', -2, 'ref '||givenPartnerNumber::text || givenMemberNumberSuffix||'-2', 'cancelling some', null), (uuid_generate_v4(), membership.uuid, 'CANCELLATION', '2021-09-01', -2, 'ref '||givenPartnerNumber::text || givenMemberNumberSuffix||'-2', 'cancelling some', null),

18
src/main/resources/db/changelog/5-hs-office/512-coopassets/5120-hs-office-coopassets.sql
View File

@ -15,16 +15,16 @@ CREATE TYPE HsOfficeCoopAssetsTransactionType AS ENUM ('ADJUSTMENT',
CREATE CAST (character varying as HsOfficeCoopAssetsTransactionType) WITH INOUT AS IMPLICIT; CREATE CAST (character varying as HsOfficeCoopAssetsTransactionType) WITH INOUT AS IMPLICIT;
create table if not exists hs_office_coopassetstransaction create table if not exists hs_office.coopassetstransaction
( (
uuid uuid unique references rbac.object (uuid) initially deferred, uuid uuid unique references rbac.object (uuid) initially deferred,
version int not null default 0, version int not null default 0,
membershipUuid uuid not null references hs_office_membership(uuid), membershipUuid uuid not null references hs_office.membership(uuid),
transactionType HsOfficeCoopAssetsTransactionType not null, transactionType HsOfficeCoopAssetsTransactionType not null,
valueDate date not null, valueDate date not null,
assetValue money not null, assetValue money not null,
reference varchar(48) not null, reference varchar(48) not null,
adjustedAssetTxUuid uuid unique REFERENCES hs_office_coopassetstransaction(uuid) DEFERRABLE INITIALLY DEFERRED, adjustedAssetTxUuid uuid unique REFERENCES hs_office.coopassetstransaction(uuid) DEFERRABLE INITIALLY DEFERRED,
comment varchar(512) comment varchar(512)
); );
--// --//
@ -34,8 +34,8 @@ create table if not exists hs_office_coopassetstransaction
--changeset michael.hoennig:hs-office-coopassets-BUSINESS-RULES endDelimiter:--// --changeset michael.hoennig:hs-office-coopassets-BUSINESS-RULES endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
alter table hs_office_coopassetstransaction alter table hs_office.coopassetstransaction
add constraint hs_office_coopassetstransaction_reverse_entry_missing add constraint reverse_entry_missing
check ( transactionType = 'ADJUSTMENT' and adjustedAssetTxUuid is not null check ( transactionType = 'ADJUSTMENT' and adjustedAssetTxUuid is not null
or transactionType <> 'ADJUSTMENT' and adjustedAssetTxUuid is null); or transactionType <> 'ADJUSTMENT' and adjustedAssetTxUuid is null);
--// --//
@ -52,7 +52,7 @@ declare
totalAssetValue money; totalAssetValue money;
begin begin
select sum(cat.assetValue) select sum(cat.assetValue)
from hs_office_coopassetstransaction cat from hs_office.coopassetstransaction cat
where cat.membershipUuid = forMembershipUuid where cat.membershipUuid = forMembershipUuid
into currentAssetValue; into currentAssetValue;
totalAssetValue := currentAssetValue + newAssetValue; totalAssetValue := currentAssetValue + newAssetValue;
@ -62,8 +62,8 @@ begin
return true; return true;
end; $$; end; $$;
alter table hs_office_coopassetstransaction alter table hs_office.coopassetstransaction
add constraint hs_office_coopassets_positive add constraint check_positive_total
check ( checkAssetsByMembershipUuid(membershipUuid, assetValue) ); check ( checkAssetsByMembershipUuid(membershipUuid, assetValue) );
--// --//
@ -72,5 +72,5 @@ alter table hs_office_coopassetstransaction
--changeset michael.hoennig:hs-office-coopassets-MAIN-TABLE-JOURNAL endDelimiter:--// --changeset michael.hoennig:hs-office-coopassets-MAIN-TABLE-JOURNAL endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call base.create_journal('hs_office_coopassetstransaction'); call base.create_journal('hs_office.coopassetstransaction');
--// --//

66
src/main/resources/db/changelog/5-hs-office/512-coopassets/5123-hs-office-coopassets-rbac.sql
View File

@ -5,14 +5,14 @@
-- ============================================================================ -- ============================================================================
--changeset RbacObjectGenerator:hs-office-coopassetstransaction-rbac-OBJECT endDelimiter:--// --changeset RbacObjectGenerator:hs-office-coopassetstransaction-rbac-OBJECT endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call rbac.generateRelatedRbacObject('hs_office_coopassetstransaction'); call rbac.generateRelatedRbacObject('hs_office.coopassetstransaction');
--// --//
-- ============================================================================ -- ============================================================================
--changeset RbacRoleDescriptorsGenerator:hs-office-coopassetstransaction-rbac-ROLE-DESCRIPTORS endDelimiter:--// --changeset RbacRoleDescriptorsGenerator:hs-office-coopassetstransaction-rbac-ROLE-DESCRIPTORS endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call rbac.generateRbacRoleDescriptors('hsOfficeCoopAssetsTransaction', 'hs_office_coopassetstransaction'); call rbac.generateRbacRoleDescriptors('hsOfficeCoopAssetsTransaction', 'hs_office.coopassetstransaction');
--// --//
@ -24,18 +24,18 @@ call rbac.generateRbacRoleDescriptors('hsOfficeCoopAssetsTransaction', 'hs_offic
Creates the roles, grants and permission for the AFTER INSERT TRIGGER. Creates the roles, grants and permission for the AFTER INSERT TRIGGER.
*/ */
create or replace procedure buildRbacSystemForHsOfficeCoopAssetsTransaction( create or replace procedure hs_office.coopassetstransaction_build_rbac_system(
NEW hs_office_coopassetstransaction NEW hs_office.coopassetstransaction
) )
language plpgsql as $$ language plpgsql as $$
declare declare
newMembership hs_office_membership; newMembership hs_office.membership;
begin begin
call rbac.enterTriggerForObjectUuid(NEW.uuid); call rbac.enterTriggerForObjectUuid(NEW.uuid);
SELECT * FROM hs_office_membership WHERE uuid = NEW.membershipUuid INTO newMembership; SELECT * FROM hs_office.membership WHERE uuid = NEW.membershipUuid INTO newMembership;
assert newMembership.uuid is not null, format('newMembership must not be null for NEW.membershipUuid = %s', NEW.membershipUuid); assert newMembership.uuid is not null, format('newMembership must not be null for NEW.membershipUuid = %s', NEW.membershipUuid);
call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'SELECT'), hsOfficeMembershipAGENT(newMembership)); call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'SELECT'), hsOfficeMembershipAGENT(newMembership));
@ -45,22 +45,22 @@ begin
end; $$; end; $$;
/* /*
AFTER INSERT TRIGGER to create the role+grant structure for a new hs_office_coopassetstransaction row. AFTER INSERT TRIGGER to create the role+grant structure for a new hs_office.coopassetstransaction row.
*/ */
create or replace function insertTriggerForHsOfficeCoopAssetsTransaction_tf() create or replace function hs_office.coopassetstransaction_build_rbac_system_after_insert_tf()
returns trigger returns trigger
language plpgsql language plpgsql
strict as $$ strict as $$
begin begin
call buildRbacSystemForHsOfficeCoopAssetsTransaction(NEW); call hs_office.coopassetstransaction_build_rbac_system(NEW);
return NEW; return NEW;
end; $$; end; $$;
create trigger insertTriggerForHsOfficeCoopAssetsTransaction_tg create trigger build_rbac_system_after_insert_tg
after insert on hs_office_coopassetstransaction after insert on hs_office.coopassetstransaction
for each row for each row
execute procedure insertTriggerForHsOfficeCoopAssetsTransaction_tf(); execute procedure hs_office.coopassetstransaction_build_rbac_system_after_insert_tf();
--// --//
@ -68,48 +68,48 @@ execute procedure insertTriggerForHsOfficeCoopAssetsTransaction_tf();
--changeset InsertTriggerGenerator:hs-office-coopassetstransaction-rbac-GRANTING-INSERT-PERMISSION endDelimiter:--// --changeset InsertTriggerGenerator:hs-office-coopassetstransaction-rbac-GRANTING-INSERT-PERMISSION endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
-- granting INSERT permission to hs_office_membership ---------------------------- -- granting INSERT permission to hs_office.membership ----------------------------
/* /*
Grants INSERT INTO hs_office_coopassetstransaction permissions to specified role of pre-existing hs_office_membership rows. Grants INSERT INTO hs_office.coopassetstransaction permissions to specified role of pre-existing hs_office.membership rows.
*/ */
do language plpgsql $$ do language plpgsql $$
declare declare
row hs_office_membership; row hs_office.membership;
begin begin
call base.defineContext('create INSERT INTO hs_office_coopassetstransaction permissions for pre-exising hs_office_membership rows'); call base.defineContext('create INSERT INTO hs_office.coopassetstransaction permissions for pre-exising hs_office.membership rows');
FOR row IN SELECT * FROM hs_office_membership FOR row IN SELECT * FROM hs_office.membership
-- unconditional for all rows in that table -- unconditional for all rows in that table
LOOP LOOP
call rbac.grantPermissionToRole( call rbac.grantPermissionToRole(
rbac.createPermission(row.uuid, 'INSERT', 'hs_office_coopassetstransaction'), rbac.createPermission(row.uuid, 'INSERT', 'hs_office.coopassetstransaction'),
hsOfficeMembershipADMIN(row)); hsOfficeMembershipADMIN(row));
END LOOP; END LOOP;
end; end;
$$; $$;
/** /**
Grants hs_office_coopassetstransaction INSERT permission to specified role of new hs_office_membership rows. Grants hs_office.coopassetstransaction INSERT permission to specified role of new membership rows.
*/ */
create or replace function new_hsof_coopassettx_grants_insert_to_hsof_membership_tf() create or replace function hs_office.new_coopassettx_grants_insert_to_membership_tf()
returns trigger returns trigger
language plpgsql language plpgsql
strict as $$ strict as $$
begin begin
-- unconditional for all rows in that table -- unconditional for all rows in that table
call rbac.grantPermissionToRole( call rbac.grantPermissionToRole(
rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office_coopassetstransaction'), rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office.coopassetstransaction'),
hsOfficeMembershipADMIN(NEW)); hsOfficeMembershipADMIN(NEW));
-- end. -- end.
return NEW; return NEW;
end; $$; end; $$;
-- z_... is to put it at the end of after insert triggers, to make sure the roles exist -- z_... is to put it at the end of after insert triggers, to make sure the roles exist
create trigger z_new_hs_office_coopassetstransaction_grants_after_insert_tg create trigger z_new_coopassetstransaction_grants_after_insert_tg
after insert on hs_office_membership after insert on hs_office.membership
for each row for each row
execute procedure new_hsof_coopassettx_grants_insert_to_hsof_membership_tf(); execute procedure hs_office.new_coopassettx_grants_insert_to_membership_tf();
-- ============================================================================ -- ============================================================================
@ -117,27 +117,27 @@ execute procedure new_hsof_coopassettx_grants_insert_to_hsof_membership_tf();
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
/** /**
Checks if the user respectively the assumed roles are allowed to insert a row to hs_office_coopassetstransaction. Checks if the user respectively the assumed roles are allowed to insert a row to hs_office.coopassetstransaction.
*/ */
create or replace function hs_office_coopassetstransaction_insert_permission_check_tf() create or replace function hs_office.coopassetstransaction_insert_permission_check_tf()
returns trigger returns trigger
language plpgsql as $$ language plpgsql as $$
declare declare
superObjectUuid uuid; superObjectUuid uuid;
begin begin
-- check INSERT permission via direct foreign key: NEW.membershipUuid -- check INSERT permission via direct foreign key: NEW.membershipUuid
if rbac.hasInsertPermission(NEW.membershipUuid, 'hs_office_coopassetstransaction') then if rbac.hasInsertPermission(NEW.membershipUuid, 'hs_office.coopassetstransaction') then
return NEW; return NEW;
end if; end if;
raise exception '[403] insert into hs_office_coopassetstransaction values(%) not allowed for current subjects % (%)', raise exception '[403] insert into hs_office.coopassetstransaction values(%) not allowed for current subjects % (%)',
NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
end; $$; end; $$;
create trigger hs_office_coopassetstransaction_insert_permission_check_tg create trigger coopassetstransaction_insert_permission_check_tg
before insert on hs_office_coopassetstransaction before insert on hs_office.coopassetstransaction
for each row for each row
execute procedure hs_office_coopassetstransaction_insert_permission_check_tf(); execute procedure hs_office.coopassetstransaction_insert_permission_check_tf();
--// --//
@ -145,7 +145,7 @@ create trigger hs_office_coopassetstransaction_insert_permission_check_tg
--changeset RbacIdentityViewGenerator:hs-office-coopassetstransaction-rbac-IDENTITY-VIEW endDelimiter:--// --changeset RbacIdentityViewGenerator:hs-office-coopassetstransaction-rbac-IDENTITY-VIEW endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call rbac.generateRbacIdentityViewFromProjection('hs_office_coopassetstransaction', call rbac.generateRbacIdentityViewFromProjection('hs_office.coopassetstransaction',
$idName$ $idName$
reference reference
$idName$); $idName$);
@ -155,7 +155,7 @@ call rbac.generateRbacIdentityViewFromProjection('hs_office_coopassetstransactio
-- ============================================================================ -- ============================================================================
--changeset RbacRestrictedViewGenerator:hs-office-coopassetstransaction-rbac-RESTRICTED-VIEW endDelimiter:--// --changeset RbacRestrictedViewGenerator:hs-office-coopassetstransaction-rbac-RESTRICTED-VIEW endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call rbac.generateRbacRestrictedView('hs_office_coopassetstransaction', call rbac.generateRbacRestrictedView('hs_office.coopassetstransaction',
$orderBy$ $orderBy$
reference reference
$orderBy$, $orderBy$,

26
src/main/resources/db/changelog/5-hs-office/512-coopassets/5126-hs-office-coopassets-migration.sql
View File

@ -7,9 +7,9 @@
--changeset michael.hoennig:hs-office-coopassets-MIGRATION-mapping endDelimiter:--// --changeset michael.hoennig:hs-office-coopassets-MIGRATION-mapping endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
CREATE TABLE hs_office_coopassetstransaction_legacy_id CREATE TABLE hs_office.coopassetstransaction_legacy_id
( (
uuid uuid NOT NULL REFERENCES hs_office_coopassetstransaction(uuid), uuid uuid NOT NULL REFERENCES hs_office.coopassetstransaction(uuid),
member_asset_id integer NOT NULL member_asset_id integer NOT NULL
); );
--// --//
@ -19,10 +19,10 @@ CREATE TABLE hs_office_coopassetstransaction_legacy_id
--changeset michael.hoennig:hs-office-coopassets-MIGRATION-sequence endDelimiter:--// --changeset michael.hoennig:hs-office-coopassets-MIGRATION-sequence endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
CREATE SEQUENCE IF NOT EXISTS hs_office_coopassetstransaction_legacy_id_seq CREATE SEQUENCE IF NOT EXISTS hs_office.coopassetstransaction_legacy_id_seq
AS integer AS integer
START 1000000000 START 1000000000
OWNED BY hs_office_coopassetstransaction_legacy_id.member_asset_id; OWNED BY hs_office.coopassetstransaction_legacy_id.member_asset_id;
--// --//
@ -30,9 +30,9 @@ CREATE SEQUENCE IF NOT EXISTS hs_office_coopassetstransaction_legacy_id_seq
--changeset michael.hoennig:hs-office-coopassets-MIGRATION-default endDelimiter:--// --changeset michael.hoennig:hs-office-coopassets-MIGRATION-default endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
ALTER TABLE hs_office_coopassetstransaction_legacy_id ALTER TABLE hs_office.coopassetstransaction_legacy_id
ALTER COLUMN member_asset_id ALTER COLUMN member_asset_id
SET DEFAULT nextVal('hs_office_coopassetstransaction_legacy_id_seq'); SET DEFAULT nextVal('hs_office.coopassetstransaction_legacy_id_seq');
--/ --/
@ -41,8 +41,8 @@ ALTER TABLE hs_office_coopassetstransaction_legacy_id
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
CALL base.defineContext('schema-migration'); CALL base.defineContext('schema-migration');
INSERT INTO hs_office_coopassetstransaction_legacy_id(uuid, member_asset_id) INSERT INTO hs_office.coopassetstransaction_legacy_id(uuid, member_asset_id)
SELECT uuid, nextVal('hs_office_coopassetstransaction_legacy_id_seq') FROM hs_office_coopassetstransaction; SELECT uuid, nextVal('hs_office.coopassetstransaction_legacy_id_seq') FROM hs_office.coopassetstransaction;
--/ --/
@ -58,14 +58,14 @@ begin
raise exception 'invalid usage of trigger'; raise exception 'invalid usage of trigger';
end if; end if;
INSERT INTO hs_office_coopassetstransaction_legacy_id VALUES INSERT INTO hs_office.coopassetstransaction_legacy_id VALUES
(NEW.uuid, nextVal('hs_office_coopassetstransaction_legacy_id_seq')); (NEW.uuid, nextVal('hs_office.coopassetstransaction_legacy_id_seq'));
return NEW; return NEW;
end; $$; end; $$;
create trigger createCoopAssetsLegacyIdMapping create trigger createCoopAssetsLegacyIdMapping
after insert on hs_office_coopassetstransaction after insert on hs_office.coopassetstransaction
for each row for each row
execute procedure insertCoopAssetsLegacyIdMapping(); execute procedure insertCoopAssetsLegacyIdMapping();
--/ --/
@ -83,14 +83,14 @@ begin
raise exception 'invalid usage of trigger'; raise exception 'invalid usage of trigger';
end if; end if;
DELETE FROM hs_office_coopassetstransaction_legacy_id DELETE FROM hs_office.coopassetstransaction_legacy_id
WHERE uuid = OLD.uuid; WHERE uuid = OLD.uuid;
return OLD; return OLD;
end; $$; end; $$;
create trigger removeCoopAssetsLegacyIdMapping create trigger removeCoopAssetsLegacyIdMapping
before delete on hs_office_coopassetstransaction before delete on hs_office.coopassetstransaction
for each row for each row
execute procedure deleteCoopAssetsLegacyIdMapping(); execute procedure deleteCoopAssetsLegacyIdMapping();
--/ --/

8
src/main/resources/db/changelog/5-hs-office/512-coopassets/5128-hs-office-coopassets-test-data.sql
View File

@ -14,12 +14,12 @@ create or replace procedure createHsOfficeCoopAssetsTransactionTestData(
) )
language plpgsql as $$ language plpgsql as $$
declare declare
membership hs_office_membership; membership hs_office.membership;
lossEntryUuid uuid; lossEntryUuid uuid;
begin begin
select m.uuid select m.uuid
from hs_office_membership m from hs_office.membership m
join hs_office_partner p on p.uuid = m.partneruuid join hs_office.partner p on p.uuid = m.partneruuid
where p.partnerNumber = givenPartnerNumber where p.partnerNumber = givenPartnerNumber
and m.memberNumberSuffix = givenMemberNumberSuffix and m.memberNumberSuffix = givenMemberNumberSuffix
into membership; into membership;
@ -27,7 +27,7 @@ begin
raise notice 'creating test coopAssetsTransaction: %', givenPartnerNumber || givenMemberNumberSuffix; raise notice 'creating test coopAssetsTransaction: %', givenPartnerNumber || givenMemberNumberSuffix;
lossEntryUuid := uuid_generate_v4(); lossEntryUuid := uuid_generate_v4();
insert insert
into hs_office_coopassetstransaction(uuid, membershipuuid, transactiontype, valuedate, assetvalue, reference, comment, adjustedAssetTxUuid) into hs_office.coopassetstransaction(uuid, membershipuuid, transactiontype, valuedate, assetvalue, reference, comment, adjustedAssetTxUuid)
values values
(uuid_generate_v4(), membership.uuid, 'DEPOSIT', '2010-03-15', 320.00, 'ref '||givenPartnerNumber || givenMemberNumberSuffix||'-1', 'initial deposit', null), (uuid_generate_v4(), membership.uuid, 'DEPOSIT', '2010-03-15', 320.00, 'ref '||givenPartnerNumber || givenMemberNumberSuffix||'-1', 'initial deposit', null),
(uuid_generate_v4(), membership.uuid, 'DISBURSAL', '2021-09-01', -128.00, 'ref '||givenPartnerNumber || givenMemberNumberSuffix||'-2', 'partial disbursal', null), (uuid_generate_v4(), membership.uuid, 'DISBURSAL', '2021-09-01', -128.00, 'ref '||givenPartnerNumber || givenMemberNumberSuffix||'-2', 'partial disbursal', null),

8
src/main/resources/db/changelog/6-hs-booking/610-booking-debitor/6100-hs-booking-debitor.sql
View File

@ -9,9 +9,9 @@ create view hs_booking_debitor_xv as
debitor.version, debitor.version,
(partner.partnerNumber::varchar || debitor.debitorNumberSuffix)::numeric as debitorNumber, (partner.partnerNumber::varchar || debitor.debitorNumberSuffix)::numeric as debitorNumber,
debitor.defaultPrefix debitor.defaultPrefix
from hs_office_debitor debitor from hs_office.debitor debitor
-- RBAC for debitor is sufficient, for faster access we are bypassing RBAC for the join tables -- RBAC for debitor is sufficient, for faster access we are bypassing RBAC for the join tables
join hs_office_relation debitorRel on debitor.debitorReluUid=debitorRel.uuid join hs_office.relation debitorRel on debitor.debitorReluUid=debitorRel.uuid
join hs_office_relation partnerRel on partnerRel.holderUuid=debitorRel.anchorUuid join hs_office.relation partnerRel on partnerRel.holderUuid=debitorRel.anchorUuid
join hs_office_partner partner on partner.partnerReluUid=partnerRel.uuid; join hs_office.partner partner on partner.partnerReluUid=partnerRel.uuid;
--// --//

2
src/main/resources/db/changelog/6-hs-booking/620-booking-project/6200-hs-booking-project.sql
View File

@ -8,7 +8,7 @@ create table if not exists hs_booking_project
( (
uuid uuid unique references rbac.object (uuid), uuid uuid unique references rbac.object (uuid),
version int not null default 0, version int not null default 0,
debitorUuid uuid not null references hs_office_debitor(uuid), debitorUuid uuid not null references hs_office.debitor(uuid),
caption varchar(80) not null caption varchar(80) not null
); );
--// --//

60
src/main/resources/db/changelog/6-hs-booking/620-booking-project/6203-hs-booking-project-rbac.sql
View File

@ -3,45 +3,45 @@
-- ============================================================================ -- ============================================================================
--changeset michael.hoennig:hs-booking-project-rbac-OBJECT endDelimiter:--// --changeset RbacObjectGenerator:hs-booking-project-rbac-OBJECT endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call rbac.generateRelatedRbacObject('hs_booking_project'); call rbac.generateRelatedRbacObject('hs_booking_project');
--// --//
-- ============================================================================ -- ============================================================================
--changeset michael.hoennig:hs-booking-project-rbac-ROLE-DESCRIPTORS endDelimiter:--// --changeset RbacRoleDescriptorsGenerator:hs-booking-project-rbac-ROLE-DESCRIPTORS endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call rbac.generateRbacRoleDescriptors('hsBookingProject', 'hs_booking_project'); call rbac.generateRbacRoleDescriptors('hsBookingProject', 'hs_booking_project');
--// --//
-- ============================================================================ -- ============================================================================
--changeset michael.hoennig:hs-booking-project-rbac-insert-trigger endDelimiter:--// --changeset RolesGrantsAndPermissionsGenerator:hs-booking-project-rbac-insert-trigger endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
/* /*
Creates the roles, grants and permission for the AFTER INSERT TRIGGER. Creates the roles, grants and permission for the AFTER INSERT TRIGGER.
*/ */
create or replace procedure buildRbacSystemForHsBookingProject( create or replace procedure hs_booking_project_build_rbac_system(
NEW hs_booking_project NEW hs_booking_project
) )
language plpgsql as $$ language plpgsql as $$
declare declare
newDebitor hs_office_debitor; newDebitor hs_office.debitor;
newDebitorRel hs_office_relation; newDebitorRel hs_office.relation;
begin begin
call rbac.enterTriggerForObjectUuid(NEW.uuid); call rbac.enterTriggerForObjectUuid(NEW.uuid);
SELECT * FROM hs_office_debitor WHERE uuid = NEW.debitorUuid INTO newDebitor; SELECT * FROM hs_office.debitor WHERE uuid = NEW.debitorUuid INTO newDebitor;
assert newDebitor.uuid is not null, format('newDebitor must not be null for NEW.debitorUuid = %s', NEW.debitorUuid); assert newDebitor.uuid is not null, format('newDebitor must not be null for NEW.debitorUuid = %s', NEW.debitorUuid);
SELECT debitorRel.* SELECT debitorRel.*
FROM hs_office_relation debitorRel FROM hs_office.relation debitorRel
JOIN hs_office_debitor debitor ON debitor.debitorRelUuid = debitorRel.uuid JOIN hs_office.debitor debitor ON debitor.debitorRelUuid = debitorRel.uuid
WHERE debitor.uuid = NEW.debitorUuid WHERE debitor.uuid = NEW.debitorUuid
INTO newDebitorRel; INTO newDebitorRel;
assert newDebitorRel.uuid is not null, format('newDebitorRel must not be null for NEW.debitorUuid = %s', NEW.debitorUuid); assert newDebitorRel.uuid is not null, format('newDebitorRel must not be null for NEW.debitorUuid = %s', NEW.debitorUuid);
@ -79,38 +79,38 @@ end; $$;
AFTER INSERT TRIGGER to create the role+grant structure for a new hs_booking_project row. AFTER INSERT TRIGGER to create the role+grant structure for a new hs_booking_project row.
*/ */
create or replace function insertTriggerForHsBookingProject_tf() create or replace function hs_booking_project_build_rbac_system_after_insert_tf()
returns trigger returns trigger
language plpgsql language plpgsql
strict as $$ strict as $$
begin begin
call buildRbacSystemForHsBookingProject(NEW); call hs_booking_project_build_rbac_system(NEW);
return NEW; return NEW;
end; $$; end; $$;
create trigger insertTriggerForHsBookingProject_tg create trigger build_rbac_system_after_insert_tg
after insert on hs_booking_project after insert on hs_booking_project
for each row for each row
execute procedure insertTriggerForHsBookingProject_tf(); execute procedure hs_booking_project_build_rbac_system_after_insert_tf();
--// --//
-- ============================================================================ -- ============================================================================
--changeset michael.hoennig:hs-booking-project-rbac-GRANTING-INSERT-PERMISSION endDelimiter:--// --changeset InsertTriggerGenerator:hs-booking-project-rbac-GRANTING-INSERT-PERMISSION endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
-- granting INSERT permission to hs_office_relation ---------------------------- -- granting INSERT permission to hs_office.relation ----------------------------
/* /*
Grants INSERT INTO hs_booking_project permissions to specified role of pre-existing hs_office_relation rows. Grants INSERT INTO hs_booking_project permissions to specified role of pre-existing hs_office.relation rows.
*/ */
do language plpgsql $$ do language plpgsql $$
declare declare
row hs_office_relation; row hs_office.relation;
begin begin
call base.defineContext('create INSERT INTO hs_booking_project permissions for pre-exising hs_office_relation rows'); call base.defineContext('create INSERT INTO hs_booking_project permissions for pre-exising hs_office.relation rows');
FOR row IN SELECT * FROM hs_office_relation FOR row IN SELECT * FROM hs_office.relation
WHERE type = 'DEBITOR' WHERE type = 'DEBITOR'
LOOP LOOP
call rbac.grantPermissionToRole( call rbac.grantPermissionToRole(
@ -121,9 +121,9 @@ do language plpgsql $$
$$; $$;
/** /**
Grants hs_booking_project INSERT permission to specified role of new hs_office_relation rows. Grants hs_booking_project INSERT permission to specified role of new relation rows.
*/ */
create or replace function new_hs_booking_project_grants_insert_to_hs_office_relation_tf() create or replace function new_hsbk_project_grants_insert_to_relation_tf()
returns trigger returns trigger
language plpgsql language plpgsql
strict as $$ strict as $$
@ -137,14 +137,14 @@ begin
end; $$; end; $$;
-- z_... is to put it at the end of after insert triggers, to make sure the roles exist -- z_... is to put it at the end of after insert triggers, to make sure the roles exist
create trigger z_new_hs_booking_project_grants_insert_to_hs_office_relation_tg create trigger z_new_hs_booking_project_grants_after_insert_tg
after insert on hs_office_relation after insert on hs_office.relation
for each row for each row
execute procedure new_hs_booking_project_grants_insert_to_hs_office_relation_tf(); execute procedure new_hsbk_project_grants_insert_to_relation_tf();
-- ============================================================================ -- ============================================================================
--changeset michael.hoennig:hs_booking_project-rbac-CHECKING-INSERT-PERMISSION endDelimiter:--// --changeset InsertTriggerGenerator:hs-booking-project-rbac-CHECKING-INSERT-PERMISSION endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
/** /**
@ -158,8 +158,8 @@ declare
begin begin
-- check INSERT permission via indirect foreign key: NEW.debitorUuid -- check INSERT permission via indirect foreign key: NEW.debitorUuid
superObjectUuid := (SELECT debitorRel.uuid superObjectUuid := (SELECT debitorRel.uuid
FROM hs_office_relation debitorRel FROM hs_office.relation debitorRel
JOIN hs_office_debitor debitor ON debitor.debitorRelUuid = debitorRel.uuid JOIN hs_office.debitor debitor ON debitor.debitorRelUuid = debitorRel.uuid
WHERE debitor.uuid = NEW.debitorUuid WHERE debitor.uuid = NEW.debitorUuid
); );
assert superObjectUuid is not null, 'object uuid fetched depending on hs_booking_project.debitorUuid must not be null, also check fetchSql in RBAC DSL'; assert superObjectUuid is not null, 'object uuid fetched depending on hs_booking_project.debitorUuid must not be null, also check fetchSql in RBAC DSL';
@ -179,20 +179,20 @@ create trigger hs_booking_project_insert_permission_check_tg
-- ============================================================================ -- ============================================================================
--changeset michael.hoennig:hs-booking-project-rbac-IDENTITY-VIEW endDelimiter:--// --changeset RbacIdentityViewGenerator:hs-booking-project-rbac-IDENTITY-VIEW endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call rbac.generateRbacIdentityViewFromQuery('hs_booking_project', call rbac.generateRbacIdentityViewFromQuery('hs_booking_project',
$idName$ $idName$
SELECT bookingProject.uuid as uuid, debitorIV.idName || '-' || base.cleanIdentifier(bookingProject.caption) as idName SELECT bookingProject.uuid as uuid, debitorIV.idName || '-' || base.cleanIdentifier(bookingProject.caption) as idName
FROM hs_booking_project bookingProject FROM hs_booking_project bookingProject
JOIN hs_office_debitor_iv debitorIV ON debitorIV.uuid = bookingProject.debitorUuid JOIN hs_office.debitor_iv debitorIV ON debitorIV.uuid = bookingProject.debitorUuid
$idName$); $idName$);
--// --//
-- ============================================================================ -- ============================================================================
--changeset michael.hoennig:hs-booking-project-rbac-RESTRICTED-VIEW endDelimiter:--// --changeset RbacRestrictedViewGenerator:hs-booking-project-rbac-RESTRICTED-VIEW endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call rbac.generateRbacRestrictedView('hs_booking_project', call rbac.generateRbacRestrictedView('hs_booking_project',
$orderBy$ $orderBy$

10
src/main/resources/db/changelog/6-hs-booking/620-booking-project/6208-hs-booking-project-test-data.sql
View File

@ -14,14 +14,14 @@ create or replace procedure createHsBookingProjectTransactionTestData(
) )
language plpgsql as $$ language plpgsql as $$
declare declare
relatedDebitor hs_office_debitor; relatedDebitor hs_office.debitor;
begin begin
select debitor.* into relatedDebitor select debitor.* into relatedDebitor
from hs_office_debitor debitor from hs_office.debitor debitor
join hs_office_relation debitorRel on debitorRel.uuid = debitor.debitorRelUuid join hs_office.relation debitorRel on debitorRel.uuid = debitor.debitorRelUuid
join hs_office_relation partnerRel on partnerRel.holderUuid = debitorRel.anchorUuid join hs_office.relation partnerRel on partnerRel.holderUuid = debitorRel.anchorUuid
join hs_office_partner partner on partner.partnerRelUuid = partnerRel.uuid join hs_office.partner partner on partner.partnerRelUuid = partnerRel.uuid
where partner.partnerNumber = givenPartnerNumber and debitor.debitorNumberSuffix = givenDebitorSuffix; where partner.partnerNumber = givenPartnerNumber and debitor.debitorNumberSuffix = givenDebitorSuffix;
raise notice 'creating test booking-project: %', givenDebitorSuffix::text; raise notice 'creating test booking-project: %', givenDebitorSuffix::text;

56
src/main/resources/db/changelog/6-hs-booking/630-booking-item/6303-hs-booking-item-rbac.sql
View File

@ -3,28 +3,28 @@
-- ============================================================================ -- ============================================================================
--changeset michael.hoennig:hs-booking-item-rbac-OBJECT endDelimiter:--// --changeset RbacObjectGenerator:hs-booking-item-rbac-OBJECT endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call rbac.generateRelatedRbacObject('hs_booking_item'); call rbac.generateRelatedRbacObject('hs_booking_item');
--// --//
-- ============================================================================ -- ============================================================================
--changeset michael.hoennig:hs-booking-item-rbac-ROLE-DESCRIPTORS endDelimiter:--// --changeset RbacRoleDescriptorsGenerator:hs-booking-item-rbac-ROLE-DESCRIPTORS endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call rbac.generateRbacRoleDescriptors('hsBookingItem', 'hs_booking_item'); call rbac.generateRbacRoleDescriptors('hsBookingItem', 'hs_booking_item');
--// --//
-- ============================================================================ -- ============================================================================
--changeset michael.hoennig:hs-booking-item-rbac-insert-trigger endDelimiter:--// --changeset RolesGrantsAndPermissionsGenerator:hs-booking-item-rbac-insert-trigger endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
/* /*
Creates the roles, grants and permission for the AFTER INSERT TRIGGER. Creates the roles, grants and permission for the AFTER INSERT TRIGGER.
*/ */
create or replace procedure buildRbacSystemForHsBookingItem( create or replace procedure hs_booking_item_build_rbac_system(
NEW hs_booking_item NEW hs_booking_item
) )
language plpgsql as $$ language plpgsql as $$
@ -78,34 +78,34 @@ end; $$;
AFTER INSERT TRIGGER to create the role+grant structure for a new hs_booking_item row. AFTER INSERT TRIGGER to create the role+grant structure for a new hs_booking_item row.
*/ */
create or replace function insertTriggerForHsBookingItem_tf() create or replace function hs_booking_item_build_rbac_system_after_insert_tf()
returns trigger returns trigger
language plpgsql language plpgsql
strict as $$ strict as $$
begin begin
call buildRbacSystemForHsBookingItem(NEW); call hs_booking_item_build_rbac_system(NEW);
return NEW; return NEW;
end; $$; end; $$;
create trigger insertTriggerForHsBookingItem_tg create trigger build_rbac_system_after_insert_tg
after insert on hs_booking_item after insert on hs_booking_item
for each row for each row
execute procedure insertTriggerForHsBookingItem_tf(); execute procedure hs_booking_item_build_rbac_system_after_insert_tf();
--// --//
-- ============================================================================ -- ============================================================================
--changeset michael.hoennig:hs-booking-item-rbac-GRANTING-INSERT-PERMISSION endDelimiter:--// --changeset InsertTriggerGenerator:hs-booking-item-rbac-GRANTING-INSERT-PERMISSION endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
-- granting INSERT permission to global ---------------------------- -- granting INSERT permission to rbac.global ----------------------------
/* /*
Grants INSERT INTO hs_booking_item permissions to specified role of pre-existing global rows. Grants INSERT INTO hs_booking_item permissions to specified role of pre-existing rbac.global rows.
*/ */
do language plpgsql $$ do language plpgsql $$
declare declare
row rbac.global%ROWTYPE; row rbac.global;
begin begin
call base.defineContext('create INSERT INTO hs_booking_item permissions for pre-exising rbac.global rows'); call base.defineContext('create INSERT INTO hs_booking_item permissions for pre-exising rbac.global rows');
@ -114,15 +114,15 @@ do language plpgsql $$
LOOP LOOP
call rbac.grantPermissionToRole( call rbac.grantPermissionToRole(
rbac.createPermission(row.uuid, 'INSERT', 'hs_booking_item'), rbac.createPermission(row.uuid, 'INSERT', 'hs_booking_item'),
rbac.globalAdmin()); rbac.globalADMIN());
END LOOP; END LOOP;
end; end;
$$; $$;
/** /**
Grants hs_booking_item INSERT permission to specified role of new rbac.global rows. Grants hs_booking_item INSERT permission to specified role of new global rows.
*/ */
create or replace function new_hs_booking_item_grants_insert_to_global_tf() create or replace function new_hsbk_item_grants_insert_to_global_tf()
returns trigger returns trigger
language plpgsql language plpgsql
strict as $$ strict as $$
@ -130,16 +130,16 @@ begin
-- unconditional for all rows in that table -- unconditional for all rows in that table
call rbac.grantPermissionToRole( call rbac.grantPermissionToRole(
rbac.createPermission(NEW.uuid, 'INSERT', 'hs_booking_item'), rbac.createPermission(NEW.uuid, 'INSERT', 'hs_booking_item'),
rbac.globalAdmin()); rbac.globalADMIN());
-- end. -- end.
return NEW; return NEW;
end; $$; end; $$;
-- z_... is to put it at the end of after insert triggers, to make sure the roles exist -- z_... is to put it at the end of after insert triggers, to make sure the roles exist
create trigger z_new_hs_booking_item_grants_insert_to_global_tg create trigger z_new_hs_booking_item_grants_after_insert_tg
after insert on rbac.global after insert on rbac.global
for each row for each row
execute procedure new_hs_booking_item_grants_insert_to_global_tf(); execute procedure new_hsbk_item_grants_insert_to_global_tf();
-- granting INSERT permission to hs_booking_project ---------------------------- -- granting INSERT permission to hs_booking_project ----------------------------
@ -165,7 +165,7 @@ $$;
/** /**
Grants hs_booking_item INSERT permission to specified role of new hs_booking_project rows. Grants hs_booking_item INSERT permission to specified role of new hs_booking_project rows.
*/ */
create or replace function new_hs_booking_item_grants_insert_to_hs_booking_project_tf() create or replace function new_hsbk_item_grants_insert_to_hsbk_project_tf()
returns trigger returns trigger
language plpgsql language plpgsql
strict as $$ strict as $$
@ -179,10 +179,10 @@ begin
end; $$; end; $$;
-- z_... is to put it at the end of after insert triggers, to make sure the roles exist -- z_... is to put it at the end of after insert triggers, to make sure the roles exist
create trigger z_new_hs_booking_item_grants_insert_to_hs_booking_project_tg create trigger z_new_hs_booking_item_grants_after_insert_tg
after insert on hs_booking_project after insert on hs_booking_project
for each row for each row
execute procedure new_hs_booking_item_grants_insert_to_hs_booking_project_tf(); execute procedure new_hsbk_item_grants_insert_to_hsbk_project_tf();
-- granting INSERT permission to hs_booking_item ---------------------------- -- granting INSERT permission to hs_booking_item ----------------------------
@ -192,7 +192,7 @@ execute procedure new_hs_booking_item_grants_insert_to_hs_booking_project_tf();
/** /**
Grants hs_booking_item INSERT permission to specified role of new hs_booking_item rows. Grants hs_booking_item INSERT permission to specified role of new hs_booking_item rows.
*/ */
create or replace function new_hs_booking_item_grants_insert_to_hs_booking_item_tf() create or replace function new_hsbk_item_grants_insert_to_hsbk_item_tf()
returns trigger returns trigger
language plpgsql language plpgsql
strict as $$ strict as $$
@ -206,14 +206,14 @@ begin
end; $$; end; $$;
-- z_... is to put it at the end of after insert triggers, to make sure the roles exist -- z_... is to put it at the end of after insert triggers, to make sure the roles exist
create trigger z_new_hs_booking_item_grants_insert_to_hs_booking_item_tg create trigger z_new_hs_booking_item_grants_after_insert_tg
after insert on hs_booking_item after insert on hs_booking_item
for each row for each row
execute procedure new_hs_booking_item_grants_insert_to_hs_booking_item_tf(); execute procedure new_hsbk_item_grants_insert_to_hsbk_item_tf();
-- ============================================================================ -- ============================================================================
--changeset michael.hoennig:hs_booking_item-rbac-CHECKING-INSERT-PERMISSION endDelimiter:--// --changeset InsertTriggerGenerator:hs-booking-item-rbac-CHECKING-INSERT-PERMISSION endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
/** /**
@ -225,7 +225,7 @@ create or replace function hs_booking_item_insert_permission_check_tf()
declare declare
superObjectUuid uuid; superObjectUuid uuid;
begin begin
-- check INSERT INSERT if rbac.Global ADMIN -- check INSERT permission if rbac.global ADMIN
if rbac.isGlobalAdmin() then if rbac.isGlobalAdmin() then
return NEW; return NEW;
end if; end if;
@ -250,7 +250,7 @@ create trigger hs_booking_item_insert_permission_check_tg
-- ============================================================================ -- ============================================================================
--changeset michael.hoennig:hs-booking-item-rbac-IDENTITY-VIEW endDelimiter:--// --changeset RbacIdentityViewGenerator:hs-booking-item-rbac-IDENTITY-VIEW endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call rbac.generateRbacIdentityViewFromProjection('hs_booking_item', call rbac.generateRbacIdentityViewFromProjection('hs_booking_item',
@ -261,7 +261,7 @@ call rbac.generateRbacIdentityViewFromProjection('hs_booking_item',
-- ============================================================================ -- ============================================================================
--changeset michael.hoennig:hs-booking-item-rbac-RESTRICTED-VIEW endDelimiter:--// --changeset RbacRestrictedViewGenerator:hs-booking-item-rbac-RESTRICTED-VIEW endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call rbac.generateRbacRestrictedView('hs_booking_item', call rbac.generateRbacRestrictedView('hs_booking_item',
$orderBy$ $orderBy$

2
src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7010-hs-hosting-asset.sql
View File

@ -39,7 +39,7 @@ create table if not exists hs_hosting_asset
identifier varchar(80) not null, identifier varchar(80) not null,
caption varchar(80), caption varchar(80),
config jsonb not null, config jsonb not null,
alarmContactUuid uuid null references hs_office_contact(uuid) initially deferred, alarmContactUuid uuid null references hs_office.contact(uuid) initially deferred,
constraint chk_hs_hosting_asset_has_booking_item_or_parent_asset constraint chk_hs_hosting_asset_has_booking_item_or_parent_asset
check (bookingItemUuid is not null or parentAssetUuid is not null or type in ('DOMAIN_SETUP', 'IPV4_NUMBER', 'IPV6_NUMBER')) check (bookingItemUuid is not null or parentAssetUuid is not null or type in ('DOMAIN_SETUP', 'IPV4_NUMBER', 'IPV6_NUMBER'))

44
src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7013-hs-hosting-asset-rbac.sql
View File

@ -3,28 +3,28 @@
-- ============================================================================ -- ============================================================================
--changeset michael.hoennig:hs-hosting-asset-rbac-OBJECT endDelimiter:--// --changeset RbacObjectGenerator:hs-hosting-asset-rbac-OBJECT endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call rbac.generateRelatedRbacObject('hs_hosting_asset'); call rbac.generateRelatedRbacObject('hs_hosting_asset');
--// --//
-- ============================================================================ -- ============================================================================
--changeset michael.hoennig:hs-hosting-asset-rbac-ROLE-DESCRIPTORS endDelimiter:--// --changeset RbacRoleDescriptorsGenerator:hs-hosting-asset-rbac-ROLE-DESCRIPTORS endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call rbac.generateRbacRoleDescriptors('hsHostingAsset', 'hs_hosting_asset'); call rbac.generateRbacRoleDescriptors('hsHostingAsset', 'hs_hosting_asset');
--// --//
-- ============================================================================ -- ============================================================================
--changeset michael.hoennig:hs-hosting-asset-rbac-insert-trigger endDelimiter:--// --changeset RolesGrantsAndPermissionsGenerator:hs-hosting-asset-rbac-insert-trigger endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
/* /*
Creates the roles, grants and permission for the AFTER INSERT TRIGGER. Creates the roles, grants and permission for the AFTER INSERT TRIGGER.
*/ */
create or replace procedure buildRbacSystemForHsHostingAsset( create or replace procedure hs_hosting_asset_build_rbac_system(
NEW hs_hosting_asset NEW hs_hosting_asset
) )
language plpgsql as $$ language plpgsql as $$
@ -32,7 +32,7 @@ create or replace procedure buildRbacSystemForHsHostingAsset(
declare declare
newBookingItem hs_booking_item; newBookingItem hs_booking_item;
newAssignedToAsset hs_hosting_asset; newAssignedToAsset hs_hosting_asset;
newAlarmContact hs_office_contact; newAlarmContact hs_office.contact;
newParentAsset hs_hosting_asset; newParentAsset hs_hosting_asset;
begin begin
@ -42,7 +42,7 @@ begin
SELECT * FROM hs_hosting_asset WHERE uuid = NEW.assignedToAssetUuid INTO newAssignedToAsset; SELECT * FROM hs_hosting_asset WHERE uuid = NEW.assignedToAssetUuid INTO newAssignedToAsset;
SELECT * FROM hs_office_contact WHERE uuid = NEW.alarmContactUuid INTO newAlarmContact; SELECT * FROM hs_office.contact WHERE uuid = NEW.alarmContactUuid INTO newAlarmContact;
SELECT * FROM hs_hosting_asset WHERE uuid = NEW.parentAssetUuid INTO newParentAsset; SELECT * FROM hs_hosting_asset WHERE uuid = NEW.parentAssetUuid INTO newParentAsset;
@ -50,9 +50,9 @@ begin
hsHostingAssetOWNER(NEW), hsHostingAssetOWNER(NEW),
permissions => array['DELETE'], permissions => array['DELETE'],
incomingSuperRoles => array[ incomingSuperRoles => array[
rbac.globalADMIN(rbac.unassumed()),
hsBookingItemADMIN(newBookingItem), hsBookingItemADMIN(newBookingItem),
hsHostingAssetADMIN(newParentAsset)], hsHostingAssetADMIN(newParentAsset),
rbac.globalADMIN(rbac.unassumed())],
subjectUuids => array[rbac.currentSubjectUuid()] subjectUuids => array[rbac.currentSubjectUuid()]
); );
@ -96,31 +96,31 @@ end; $$;
AFTER INSERT TRIGGER to create the role+grant structure for a new hs_hosting_asset row. AFTER INSERT TRIGGER to create the role+grant structure for a new hs_hosting_asset row.
*/ */
create or replace function insertTriggerForHsHostingAsset_tf() create or replace function hs_hosting_asset_build_rbac_system_after_insert_tf()
returns trigger returns trigger
language plpgsql language plpgsql
strict as $$ strict as $$
begin begin
call buildRbacSystemForHsHostingAsset(NEW); call hs_hosting_asset_build_rbac_system(NEW);
return NEW; return NEW;
end; $$; end; $$;
create trigger insertTriggerForHsHostingAsset_tg create trigger build_rbac_system_after_insert_tg
after insert on hs_hosting_asset after insert on hs_hosting_asset
for each row for each row
execute procedure insertTriggerForHsHostingAsset_tf(); execute procedure hs_hosting_asset_build_rbac_system_after_insert_tf();
--// --//
-- ============================================================================ -- ============================================================================
--changeset michael.hoennig:hs-hosting-asset-rbac-update-trigger endDelimiter:--// --changeset RolesGrantsAndPermissionsGenerator:hs-hosting-asset-rbac-update-trigger endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
/* /*
Called from the AFTER UPDATE TRIGGER to re-wire the grants. Called from the AFTER UPDATE TRIGGER to re-wire the grants.
*/ */
create or replace procedure updateRbacRulesForHsHostingAsset( create or replace procedure hs_hosting_asset_update_rbac_system(
OLD hs_hosting_asset, OLD hs_hosting_asset,
NEW hs_hosting_asset NEW hs_hosting_asset
) )
@ -130,32 +130,32 @@ begin
if NEW.assignedToAssetUuid is distinct from OLD.assignedToAssetUuid if NEW.assignedToAssetUuid is distinct from OLD.assignedToAssetUuid
or NEW.alarmContactUuid is distinct from OLD.alarmContactUuid then or NEW.alarmContactUuid is distinct from OLD.alarmContactUuid then
delete from rbac.grants g where g.grantedbytriggerof = OLD.uuid; delete from rbac.grants g where g.grantedbytriggerof = OLD.uuid;
call buildRbacSystemForHsHostingAsset(NEW); call hs_hosting_asset_build_rbac_system(NEW);
end if; end if;
end; $$; end; $$;
/* /*
AFTER INSERT TRIGGER to re-wire the grant structure for a new hs_hosting_asset row. AFTER UPDATE TRIGGER to re-wire the grant structure for a new hs_hosting_asset row.
*/ */
create or replace function updateTriggerForHsHostingAsset_tf() create or replace function hs_hosting_asset_update_rbac_system_after_update_tf()
returns trigger returns trigger
language plpgsql language plpgsql
strict as $$ strict as $$
begin begin
call updateRbacRulesForHsHostingAsset(OLD, NEW); call hs_hosting_asset_update_rbac_system(OLD, NEW);
return NEW; return NEW;
end; $$; end; $$;
create trigger updateTriggerForHsHostingAsset_tg create trigger update_rbac_system_after_update_tg
after update on hs_hosting_asset after update on hs_hosting_asset
for each row for each row
execute procedure updateTriggerForHsHostingAsset_tf(); execute procedure hs_hosting_asset_update_rbac_system_after_update_tf();
--// --//
-- ============================================================================ -- ============================================================================
--changeset michael.hoennig:hs-hosting-asset-rbac-IDENTITY-VIEW endDelimiter:--// --changeset RbacIdentityViewGenerator:hs-hosting-asset-rbac-IDENTITY-VIEW endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call rbac.generateRbacIdentityViewFromProjection('hs_hosting_asset', call rbac.generateRbacIdentityViewFromProjection('hs_hosting_asset',
@ -166,7 +166,7 @@ call rbac.generateRbacIdentityViewFromProjection('hs_hosting_asset',
-- ============================================================================ -- ============================================================================
--changeset michael.hoennig:hs-hosting-asset-rbac-RESTRICTED-VIEW endDelimiter:--// --changeset RbacRestrictedViewGenerator:hs-hosting-asset-rbac-RESTRICTED-VIEW endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call rbac.generateRbacRestrictedView('hs_hosting_asset', call rbac.generateRbacRestrictedView('hs_hosting_asset',
$orderBy$ $orderBy$

4
src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7018-hs-hosting-asset-test-data.sql
View File

@ -12,7 +12,7 @@ create or replace procedure createHsHostingAssetTestData(givenProjectCaption var
language plpgsql as $$ language plpgsql as $$
declare declare
relatedProject hs_booking_project; relatedProject hs_booking_project;
relatedDebitor hs_office_debitor; relatedDebitor hs_office.debitor;
privateCloudBI hs_booking_item; privateCloudBI hs_booking_item;
managedServerBI hs_booking_item; managedServerBI hs_booking_item;
cloudServerBI hs_booking_item; cloudServerBI hs_booking_item;
@ -38,7 +38,7 @@ begin
assert relatedProject.uuid is not null, 'relatedProject for "' || givenProjectCaption || '" must not be null'; assert relatedProject.uuid is not null, 'relatedProject for "' || givenProjectCaption || '" must not be null';
select debitor.* into relatedDebitor select debitor.* into relatedDebitor
from hs_office_debitor debitor from hs_office.debitor debitor
where debitor.uuid = relatedProject.debitorUuid; where debitor.uuid = relatedProject.debitorUuid;
assert relatedDebitor.uuid is not null, 'relatedDebitor for "' || givenProjectCaption || '" must not be null'; assert relatedDebitor.uuid is not null, 'relatedDebitor for "' || givenProjectCaption || '" must not be null';

2
src/main/resources/db/changelog/db.changelog-master.yaml
View File

@ -69,6 +69,8 @@ databaseChangeLog:
file: db/changelog/2-rbactest/203-rbactest-domain/2033-rbactest-domain-rbac.sql file: db/changelog/2-rbactest/203-rbactest-domain/2033-rbactest-domain-rbac.sql
- include: - include:
file: db/changelog/2-rbactest/203-rbactest-domain/2038-rbactest-domain-test-data.sql file: db/changelog/2-rbactest/203-rbactest-domain/2038-rbactest-domain-test-data.sql
- include:
file: db/changelog/5-hs-office/500-hs-office-schema.sql
- include: - include:
file: db/changelog/5-hs-office/501-contact/5010-hs-office-contact.sql file: db/changelog/5-hs-office/501-contact/5010-hs-office-contact.sql
- include: - include:

4
src/test/java/net/hostsharing/hsadminng/hs/booking/project/HsBookingProjectRepositoryIntegrationTest.java
View File

@ -135,7 +135,7 @@ class HsBookingProjectRepositoryIntegrationTest extends ContextBasedTestWithClea
context("superuser-alex@hostsharing.net"); context("superuser-alex@hostsharing.net");
final var initialRoleNames = distinctRoleNamesOf(rawRoleRepo.findAll()); final var initialRoleNames = distinctRoleNamesOf(rawRoleRepo.findAll());
final var initialGrantNames = distinctGrantDisplaysOf(rawGrantRepo.findAll()).stream() final var initialGrantNames = distinctGrantDisplaysOf(rawGrantRepo.findAll()).stream()
.map(s -> s.replace("hs_office_", "")) .map(s -> s.replace("hs_office.", ""))
.toList(); .toList();
// when // when
@ -157,7 +157,7 @@ class HsBookingProjectRepositoryIntegrationTest extends ContextBasedTestWithClea
"hs_booking_project#D-1000111-somenewbookingproject:OWNER", "hs_booking_project#D-1000111-somenewbookingproject:OWNER",
"hs_booking_project#D-1000111-somenewbookingproject:TENANT")); "hs_booking_project#D-1000111-somenewbookingproject:TENANT"));
assertThat(distinctGrantDisplaysOf(rawGrantRepo.findAll())) assertThat(distinctGrantDisplaysOf(rawGrantRepo.findAll()))
.map(s -> s.replace("hs_office_", "")) .map(s -> s.replace("hs_office.", ""))
.containsExactlyInAnyOrder(fromFormatted( .containsExactlyInAnyOrder(fromFormatted(
initialGrantNames, initialGrantNames,

14
src/test/java/net/hostsharing/hsadminng/hs/migration/BaseOfficeDataImport.java
View File

@ -112,7 +112,7 @@ public abstract class BaseOfficeDataImport extends CsvDataImport {
@Order(1) @Order(1)
void verifyInitialDatabase() { void verifyInitialDatabase() {
// SQL DELETE for thousands of records takes too long, so we make sure, we only start with initial or test data // SQL DELETE for thousands of records takes too long, so we make sure, we only start with initial or test data
final var contactCount = (Integer) em.createNativeQuery("select count(*) from hs_office_contact", Integer.class) final var contactCount = (Integer) em.createNativeQuery("select count(*) from hs_office.contact", Integer.class)
.getSingleResult(); .getSingleResult();
assertThat(contactCount).isLessThan(20); assertThat(contactCount).isLessThan(20);
} }
@ -614,7 +614,7 @@ public abstract class BaseOfficeDataImport extends CsvDataImport {
jpaAttempt.transacted(() -> { jpaAttempt.transacted(() -> {
context(rbacSuperuser); context(rbacSuperuser);
contacts.forEach(this::persist); contacts.forEach(this::persist);
updateLegacyIds(contacts, "hs_office_contact_legacy_id", "contact_id"); updateLegacyIds(contacts, "hs_office.contact_legacy_id", "contact_id");
}).assertSuccessful(); }).assertSuccessful();
jpaAttempt.transacted(() -> { jpaAttempt.transacted(() -> {
@ -640,7 +640,7 @@ public abstract class BaseOfficeDataImport extends CsvDataImport {
partner.setPartnerRel(em.merge(partner.getPartnerRel())); partner.setPartnerRel(em.merge(partner.getPartnerRel()));
em.persist(partner); em.persist(partner);
}); });
updateLegacyIds(partners, "hs_office_partner_legacy_id", "bp_id"); updateLegacyIds(partners, "hs_office.partner_legacy_id", "bp_id");
}).assertSuccessful(); }).assertSuccessful();
jpaAttempt.transacted(() -> { jpaAttempt.transacted(() -> {
@ -664,20 +664,20 @@ public abstract class BaseOfficeDataImport extends CsvDataImport {
jpaAttempt.transacted(() -> { jpaAttempt.transacted(() -> {
context(rbacSuperuser); context(rbacSuperuser);
sepaMandates.forEach(this::persist); sepaMandates.forEach(this::persist);
updateLegacyIds(sepaMandates, "hs_office_sepamandate_legacy_id", "sepa_mandate_id"); updateLegacyIds(sepaMandates, "hs_office.sepamandate_legacy_id", "sepa_mandate_id");
}).assertSuccessful(); }).assertSuccessful();
jpaAttempt.transacted(() -> { jpaAttempt.transacted(() -> {
context(rbacSuperuser); context(rbacSuperuser);
coopShares.forEach(this::persist); coopShares.forEach(this::persist);
updateLegacyIds(coopShares, "hs_office_coopsharestransaction_legacy_id", "member_share_id"); updateLegacyIds(coopShares, "hs_office.coopsharestransaction_legacy_id", "member_share_id");
}).assertSuccessful(); }).assertSuccessful();
jpaAttempt.transacted(() -> { jpaAttempt.transacted(() -> {
context(rbacSuperuser); context(rbacSuperuser);
coopAssets.forEach(this::persist); coopAssets.forEach(this::persist);
updateLegacyIds(coopAssets, "hs_office_coopassetstransaction_legacy_id", "member_asset_id"); updateLegacyIds(coopAssets, "hs_office.coopassetstransaction_legacy_id", "member_asset_id");
}).assertSuccessful(); }).assertSuccessful();
} }
@ -685,7 +685,7 @@ public abstract class BaseOfficeDataImport extends CsvDataImport {
@Test @Test
@Order(9190) @Order(9190)
void verifyMembershipsActuallyPersisted() { void verifyMembershipsActuallyPersisted() {
final var biCount = (Integer) em.createNativeQuery("select count(*) from hs_office_membership", Integer.class) final var biCount = (Integer) em.createNativeQuery("select count(*) from hs_office.membership", Integer.class)
.getSingleResult(); .getSingleResult();
assertThat(biCount).isGreaterThan(isImportingControlledTestData() ? 5 : 300); assertThat(biCount).isGreaterThan(isImportingControlledTestData() ? 5 : 300);
} }

38
src/test/java/net/hostsharing/hsadminng/hs/migration/CsvDataImport.java
View File

@ -254,34 +254,34 @@ public class CsvDataImport extends ContextBasedTest {
em.createNativeQuery("delete from hs_booking_item_ex where true").executeUpdate(); em.createNativeQuery("delete from hs_booking_item_ex where true").executeUpdate();
em.createNativeQuery("delete from hs_booking_project where true").executeUpdate(); em.createNativeQuery("delete from hs_booking_project where true").executeUpdate();
em.createNativeQuery("delete from hs_booking_project_ex where true").executeUpdate(); em.createNativeQuery("delete from hs_booking_project_ex where true").executeUpdate();
em.createNativeQuery("delete from hs_office_coopassetstransaction where true").executeUpdate(); em.createNativeQuery("delete from hs_office.coopassetstransaction where true").executeUpdate();
em.createNativeQuery("delete from hs_office_coopassetstransaction_legacy_id where true").executeUpdate(); em.createNativeQuery("delete from hs_office.coopassetstransaction_legacy_id where true").executeUpdate();
em.createNativeQuery("delete from hs_office_coopsharestransaction where true").executeUpdate(); em.createNativeQuery("delete from hs_office.coopsharestransaction where true").executeUpdate();
em.createNativeQuery("delete from hs_office_coopsharestransaction_legacy_id where true").executeUpdate(); em.createNativeQuery("delete from hs_office.coopsharestransaction_legacy_id where true").executeUpdate();
em.createNativeQuery("delete from hs_office_membership where true").executeUpdate(); em.createNativeQuery("delete from hs_office.membership where true").executeUpdate();
em.createNativeQuery("delete from hs_office_sepamandate where true").executeUpdate(); em.createNativeQuery("delete from hs_office.sepamandate where true").executeUpdate();
em.createNativeQuery("delete from hs_office_sepamandate_legacy_id where true").executeUpdate(); em.createNativeQuery("delete from hs_office.sepamandate_legacy_id where true").executeUpdate();
em.createNativeQuery("delete from hs_office_debitor where true").executeUpdate(); em.createNativeQuery("delete from hs_office.debitor where true").executeUpdate();
em.createNativeQuery("delete from hs_office_bankaccount where true").executeUpdate(); em.createNativeQuery("delete from hs_office.bankaccount where true").executeUpdate();
em.createNativeQuery("delete from hs_office_partner where true").executeUpdate(); em.createNativeQuery("delete from hs_office.partner where true").executeUpdate();
em.createNativeQuery("delete from hs_office_partner_details where true").executeUpdate(); em.createNativeQuery("delete from hs_office.partner_details where true").executeUpdate();
em.createNativeQuery("delete from hs_office_relation where true").executeUpdate(); em.createNativeQuery("delete from hs_office.relation where true").executeUpdate();
em.createNativeQuery("delete from hs_office_contact where true").executeUpdate(); em.createNativeQuery("delete from hs_office.contact where true").executeUpdate();
em.createNativeQuery("delete from hs_office_person where true").executeUpdate(); em.createNativeQuery("delete from hs_office.person where true").executeUpdate();
}).assertSuccessful(); }).assertSuccessful();
} }
protected void resetHsOfficeSequences() { protected void resetHsOfficeSequences() {
jpaAttempt.transacted(() -> { jpaAttempt.transacted(() -> {
context(rbacSuperuser); context(rbacSuperuser);
em.createNativeQuery("alter sequence hs_office_contact_legacy_id_seq restart with 1000000000;").executeUpdate(); em.createNativeQuery("alter sequence hs_office.contact_legacy_id_seq restart with 1000000000;").executeUpdate();
em.createNativeQuery("alter sequence hs_office_coopassetstransaction_legacy_id_seq restart with 1000000000;") em.createNativeQuery("alter sequence hs_office.coopassetstransaction_legacy_id_seq restart with 1000000000;")
.executeUpdate(); .executeUpdate();
em.createNativeQuery("alter sequence public.hs_office_coopsharestransaction_legacy_id_seq restart with 1000000000;") em.createNativeQuery("alter sequence public.hs_office.coopsharestransaction_legacy_id_seq restart with 1000000000;")
.executeUpdate(); .executeUpdate();
em.createNativeQuery("alter sequence public.hs_office_partner_legacy_id_seq restart with 1000000000;") em.createNativeQuery("alter sequence public.hs_office.partner_legacy_id_seq restart with 1000000000;")
.executeUpdate(); .executeUpdate();
em.createNativeQuery("alter sequence public.hs_office_sepamandate_legacy_id_seq restart with 1000000000;") em.createNativeQuery("alter sequence public.hs_office.sepamandate_legacy_id_seq restart with 1000000000;")
.executeUpdate(); .executeUpdate();
}); });
} }

28
src/test/java/net/hostsharing/hsadminng/hs/office/bankaccount/HsOfficeBankAccountRepositoryIntegrationTest.java
View File

@ -102,21 +102,21 @@ class HsOfficeBankAccountRepositoryIntegrationTest extends ContextBasedTestWithC
final var roles = rawRoleRepo.findAll(); final var roles = rawRoleRepo.findAll();
assertThat(distinctRoleNamesOf(roles)).containsExactlyInAnyOrder(Array.from( assertThat(distinctRoleNamesOf(roles)).containsExactlyInAnyOrder(Array.from(
initialRoleNames, initialRoleNames,
"hs_office_bankaccount#DE25500105176934832579:OWNER", "hs_office.bankaccount#DE25500105176934832579:OWNER",
"hs_office_bankaccount#DE25500105176934832579:ADMIN", "hs_office.bankaccount#DE25500105176934832579:ADMIN",
"hs_office_bankaccount#DE25500105176934832579:REFERRER" "hs_office.bankaccount#DE25500105176934832579:REFERRER"
)); ));
assertThat(distinctGrantDisplaysOf(rawGrantRepo.findAll())).containsExactlyInAnyOrder(Array.fromFormatted( assertThat(distinctGrantDisplaysOf(rawGrantRepo.findAll())).containsExactlyInAnyOrder(Array.fromFormatted(
initialGrantNames, initialGrantNames,
"{ grant perm:hs_office_bankaccount#DE25500105176934832579:DELETE to role:hs_office_bankaccount#DE25500105176934832579:OWNER by system and assume }", "{ grant perm:hs_office.bankaccount#DE25500105176934832579:DELETE to role:hs_office.bankaccount#DE25500105176934832579:OWNER by system and assume }",
"{ grant role:hs_office_bankaccount#DE25500105176934832579:OWNER to role:rbac.global#global:ADMIN by system and assume }", "{ grant role:hs_office.bankaccount#DE25500105176934832579:OWNER to role:rbac.global#global:ADMIN by system and assume }",
"{ grant role:hs_office_bankaccount#DE25500105176934832579:OWNER to user:selfregistered-user-drew@hostsharing.org by hs_office_bankaccount#DE25500105176934832579:OWNER and assume }", "{ grant role:hs_office.bankaccount#DE25500105176934832579:OWNER to user:selfregistered-user-drew@hostsharing.org by hs_office.bankaccount#DE25500105176934832579:OWNER and assume }",
"{ grant role:hs_office_bankaccount#DE25500105176934832579:ADMIN to role:hs_office_bankaccount#DE25500105176934832579:OWNER by system and assume }", "{ grant role:hs_office.bankaccount#DE25500105176934832579:ADMIN to role:hs_office.bankaccount#DE25500105176934832579:OWNER by system and assume }",
"{ grant perm:hs_office_bankaccount#DE25500105176934832579:UPDATE to role:hs_office_bankaccount#DE25500105176934832579:ADMIN by system and assume }", "{ grant perm:hs_office.bankaccount#DE25500105176934832579:UPDATE to role:hs_office.bankaccount#DE25500105176934832579:ADMIN by system and assume }",
"{ grant perm:hs_office_bankaccount#DE25500105176934832579:SELECT to role:hs_office_bankaccount#DE25500105176934832579:REFERRER by system and assume }", "{ grant perm:hs_office.bankaccount#DE25500105176934832579:SELECT to role:hs_office.bankaccount#DE25500105176934832579:REFERRER by system and assume }",
"{ grant role:hs_office_bankaccount#DE25500105176934832579:REFERRER to role:hs_office_bankaccount#DE25500105176934832579:ADMIN by system and assume }", "{ grant role:hs_office.bankaccount#DE25500105176934832579:REFERRER to role:hs_office.bankaccount#DE25500105176934832579:ADMIN by system and assume }",
null null
)); ));
} }
@ -273,7 +273,7 @@ class HsOfficeBankAccountRepositoryIntegrationTest extends ContextBasedTestWithC
final var query = em.createNativeQuery(""" final var query = em.createNativeQuery("""
select currentTask, targetTable, targetOp, targetdelta->>'iban' select currentTask, targetTable, targetOp, targetdelta->>'iban'
from base.tx_journal_v from base.tx_journal_v
where targettable = 'hs_office_bankaccount'; where targettable = 'hs_office.bankaccount';
"""); """);
// when // when
@ -281,9 +281,9 @@ class HsOfficeBankAccountRepositoryIntegrationTest extends ContextBasedTestWithC
// then // then
assertThat(customerLogEntries).map(Arrays::toString).contains( assertThat(customerLogEntries).map(Arrays::toString).contains(
"[creating bankaccount test-data, hs_office_bankaccount, INSERT, DE02120300000000202051]", "[creating bankaccount test-data, hs_office.bankaccount, INSERT, DE02120300000000202051]",
"[creating bankaccount test-data, hs_office_bankaccount, INSERT, DE02500105170137075030]", "[creating bankaccount test-data, hs_office.bankaccount, INSERT, DE02500105170137075030]",
"[creating bankaccount test-data, hs_office_bankaccount, INSERT, DE02100500000054540402]"); "[creating bankaccount test-data, hs_office.bankaccount, INSERT, DE02100500000054540402]");
} }
private HsOfficeBankAccountEntity givenSomeTemporaryBankAccount(final String createdByUser) { private HsOfficeBankAccountEntity givenSomeTemporaryBankAccount(final String createdByUser) {

30
src/test/java/net/hostsharing/hsadminng/hs/office/contact/HsOfficeContactRbacRepositoryIntegrationTest.java
View File

@ -103,20 +103,20 @@ class HsOfficeContactRbacRepositoryIntegrationTest extends ContextBasedTestWithC
final var roles = rawRoleRepo.findAll(); final var roles = rawRoleRepo.findAll();
assertThat(distinctRoleNamesOf(roles)).containsExactlyInAnyOrder(Array.from( assertThat(distinctRoleNamesOf(roles)).containsExactlyInAnyOrder(Array.from(
initialRoleNames, initialRoleNames,
"hs_office_contact#anothernewcontact:OWNER", "hs_office.contact#anothernewcontact:OWNER",
"hs_office_contact#anothernewcontact:ADMIN", "hs_office.contact#anothernewcontact:ADMIN",
"hs_office_contact#anothernewcontact:REFERRER" "hs_office.contact#anothernewcontact:REFERRER"
)); ));
assertThat(distinctGrantDisplaysOf(rawGrantRepo.findAll())).containsExactlyInAnyOrder(Array.fromFormatted( assertThat(distinctGrantDisplaysOf(rawGrantRepo.findAll())).containsExactlyInAnyOrder(Array.fromFormatted(
initialGrantNames, initialGrantNames,
"{ grant role:hs_office_contact#anothernewcontact:OWNER to role:rbac.global#global:ADMIN by system and assume }", "{ grant role:hs_office.contact#anothernewcontact:OWNER to role:rbac.global#global:ADMIN by system and assume }",
"{ grant perm:hs_office_contact#anothernewcontact:UPDATE to role:hs_office_contact#anothernewcontact:ADMIN by system and assume }", "{ grant perm:hs_office.contact#anothernewcontact:UPDATE to role:hs_office.contact#anothernewcontact:ADMIN by system and assume }",
"{ grant role:hs_office_contact#anothernewcontact:OWNER to user:selfregistered-user-drew@hostsharing.org by hs_office_contact#anothernewcontact:OWNER and assume }", "{ grant role:hs_office.contact#anothernewcontact:OWNER to user:selfregistered-user-drew@hostsharing.org by hs_office.contact#anothernewcontact:OWNER and assume }",
"{ grant perm:hs_office_contact#anothernewcontact:DELETE to role:hs_office_contact#anothernewcontact:OWNER by system and assume }", "{ grant perm:hs_office.contact#anothernewcontact:DELETE to role:hs_office.contact#anothernewcontact:OWNER by system and assume }",
"{ grant role:hs_office_contact#anothernewcontact:ADMIN to role:hs_office_contact#anothernewcontact:OWNER by system and assume }", "{ grant role:hs_office.contact#anothernewcontact:ADMIN to role:hs_office.contact#anothernewcontact:OWNER by system and assume }",
"{ grant perm:hs_office_contact#anothernewcontact:SELECT to role:hs_office_contact#anothernewcontact:REFERRER by system and assume }", "{ grant perm:hs_office.contact#anothernewcontact:SELECT to role:hs_office.contact#anothernewcontact:REFERRER by system and assume }",
"{ grant role:hs_office_contact#anothernewcontact:REFERRER to role:hs_office_contact#anothernewcontact:ADMIN by system and assume }" "{ grant role:hs_office.contact#anothernewcontact:REFERRER to role:hs_office.contact#anothernewcontact:ADMIN by system and assume }"
)); ));
} }
@ -258,17 +258,17 @@ class HsOfficeContactRbacRepositoryIntegrationTest extends ContextBasedTestWithC
final var query = em.createNativeQuery(""" final var query = em.createNativeQuery("""
select currentTask, targetTable, targetOp, targetdelta->>'caption' select currentTask, targetTable, targetOp, targetdelta->>'caption'
from base.tx_journal_v from base.tx_journal_v
where targettable = 'hs_office_contact'; where targettable = 'hs_office.contact';
"""); """);
// when // when
@SuppressWarnings("unchecked") final List<Object[]> customerLogEntries = query.getResultList(); @SuppressWarnings("unchecked") final List<Object[]> customerLogEntries = query.getResultList();
// then // then
assertThat(customerLogEntries).map(Arrays::toString).contains( assertThat(customerLogEntries).map(Arrays::toString).contains(
"[creating contact test-data, hs_office_contact, INSERT, first contact]", "[creating contact test-data, hs_office.contact, INSERT, first contact]",
"[creating contact test-data, hs_office_contact, INSERT, second contact]", "[creating contact test-data, hs_office.contact, INSERT, second contact]",
"[creating contact test-data, hs_office_contact, INSERT, third contact]"); "[creating contact test-data, hs_office.contact, INSERT, third contact]");
} }
private HsOfficeContactRbacEntity givenSomeTemporaryContact( private HsOfficeContactRbacEntity givenSomeTemporaryContact(

4
src/test/java/net/hostsharing/hsadminng/hs/office/coopassets/HsOfficeCoopAssetsTransactionControllerAcceptanceTest.java
View File

@ -391,9 +391,9 @@ class HsOfficeCoopAssetsTransactionControllerAcceptanceTest extends ContextBased
void cleanup() { void cleanup() {
jpaAttempt.transacted(() -> { jpaAttempt.transacted(() -> {
context.define("superuser-alex@hostsharing.net", null); context.define("superuser-alex@hostsharing.net", null);
// HsOfficeCoopAssetsTransactionEntity respectively hs_office_coopassetstransaction_rv // HsOfficeCoopAssetsTransactionEntity respectively hs_office.coopassetstransaction_rv
// cannot be deleted at all, but the underlying table record can be deleted. // cannot be deleted at all, but the underlying table record can be deleted.
em.createNativeQuery("delete from hs_office_coopassetstransaction where reference like 'temp %'") em.createNativeQuery("delete from hs_office.coopassetstransaction where reference like 'temp %'")
.executeUpdate(); .executeUpdate();
}).assertSuccessful(); }).assertSuccessful();
} }

32
src/test/java/net/hostsharing/hsadminng/hs/office/coopassets/HsOfficeCoopAssetsTransactionRepositoryIntegrationTest.java
View File

@ -89,7 +89,7 @@ class HsOfficeCoopAssetsTransactionRepositoryIntegrationTest extends ContextBase
context("superuser-alex@hostsharing.net"); context("superuser-alex@hostsharing.net");
final var initialRoleNames = distinctRoleNamesOf(rawRoleRepo.findAll()); final var initialRoleNames = distinctRoleNamesOf(rawRoleRepo.findAll());
final var initialGrantNames = distinctGrantDisplaysOf(rawGrantRepo.findAll()).stream() final var initialGrantNames = distinctGrantDisplaysOf(rawGrantRepo.findAll()).stream()
.map(s -> s.replace("hs_office_", "")) .map(s -> s.replace("hs_office.", ""))
.toList(); .toList();
// when // when
@ -109,7 +109,7 @@ class HsOfficeCoopAssetsTransactionRepositoryIntegrationTest extends ContextBase
final var all = rawRoleRepo.findAll(); final var all = rawRoleRepo.findAll();
assertThat(distinctRoleNamesOf(all)).containsExactlyInAnyOrder(Array.from(initialRoleNames)); // no new roles created assertThat(distinctRoleNamesOf(all)).containsExactlyInAnyOrder(Array.from(initialRoleNames)); // no new roles created
assertThat(distinctGrantDisplaysOf(rawGrantRepo.findAll())) assertThat(distinctGrantDisplaysOf(rawGrantRepo.findAll()))
.map(s -> s.replace("hs_office_", "")) .map(s -> s.replace("hs_office.", ""))
.containsExactlyInAnyOrder(Array.fromFormatted( .containsExactlyInAnyOrder(Array.fromFormatted(
initialGrantNames, initialGrantNames,
"{ grant perm:coopassetstransaction#temprefB:SELECT to role:membership#M-1000101:AGENT by system and assume }", "{ grant perm:coopassetstransaction#temprefB:SELECT to role:membership#M-1000101:AGENT by system and assume }",
@ -198,7 +198,7 @@ class HsOfficeCoopAssetsTransactionRepositoryIntegrationTest extends ContextBase
@Test @Test
public void partnerPersonAdmin_canViewRelatedCoopAssetsTransactions() { public void partnerPersonAdmin_canViewRelatedCoopAssetsTransactions() {
// given: // given:
context("superuser-alex@hostsharing.net", "hs_office_person#FirstGmbH:ADMIN"); context("superuser-alex@hostsharing.net", "hs_office.person#FirstGmbH:ADMIN");
// when: // when:
final var result = coopAssetsTransactionRepo.findCoopAssetsTransactionByOptionalMembershipUuidAndDateRange( final var result = coopAssetsTransactionRepo.findCoopAssetsTransactionByOptionalMembershipUuidAndDateRange(
@ -222,7 +222,7 @@ class HsOfficeCoopAssetsTransactionRepositoryIntegrationTest extends ContextBase
final var query = em.createNativeQuery(""" final var query = em.createNativeQuery("""
select currentTask, targetTable, targetOp, targetdelta->>'reference' select currentTask, targetTable, targetOp, targetdelta->>'reference'
from base.tx_journal_v from base.tx_journal_v
where targettable = 'hs_office_coopassetstransaction'; where targettable = 'hs_office.coopassetstransaction';
"""); """);
// when // when
@ -230,18 +230,18 @@ class HsOfficeCoopAssetsTransactionRepositoryIntegrationTest extends ContextBase
// then // then
assertThat(customerLogEntries).map(Arrays::toString).contains( assertThat(customerLogEntries).map(Arrays::toString).contains(
"[creating coopAssetsTransaction test-data, hs_office_coopassetstransaction, INSERT, ref 1000101-1]", "[creating coopAssetsTransaction test-data, hs_office.coopassetstransaction, INSERT, ref 1000101-1]",
"[creating coopAssetsTransaction test-data, hs_office_coopassetstransaction, INSERT, ref 1000101-2]", "[creating coopAssetsTransaction test-data, hs_office.coopassetstransaction, INSERT, ref 1000101-2]",
"[creating coopAssetsTransaction test-data, hs_office_coopassetstransaction, INSERT, ref 1000101-3]", "[creating coopAssetsTransaction test-data, hs_office.coopassetstransaction, INSERT, ref 1000101-3]",
"[creating coopAssetsTransaction test-data, hs_office_coopassetstransaction, INSERT, ref 1000101-3]", "[creating coopAssetsTransaction test-data, hs_office.coopassetstransaction, INSERT, ref 1000101-3]",
"[creating coopAssetsTransaction test-data, hs_office_coopassetstransaction, INSERT, ref 1000202-1]", "[creating coopAssetsTransaction test-data, hs_office.coopassetstransaction, INSERT, ref 1000202-1]",
"[creating coopAssetsTransaction test-data, hs_office_coopassetstransaction, INSERT, ref 1000202-2]", "[creating coopAssetsTransaction test-data, hs_office.coopassetstransaction, INSERT, ref 1000202-2]",
"[creating coopAssetsTransaction test-data, hs_office_coopassetstransaction, INSERT, ref 1000202-3]", "[creating coopAssetsTransaction test-data, hs_office.coopassetstransaction, INSERT, ref 1000202-3]",
"[creating coopAssetsTransaction test-data, hs_office_coopassetstransaction, INSERT, ref 1000202-3]", "[creating coopAssetsTransaction test-data, hs_office.coopassetstransaction, INSERT, ref 1000202-3]",
"[creating coopAssetsTransaction test-data, hs_office_coopassetstransaction, INSERT, ref 1000303-1]", "[creating coopAssetsTransaction test-data, hs_office.coopassetstransaction, INSERT, ref 1000303-1]",
"[creating coopAssetsTransaction test-data, hs_office_coopassetstransaction, INSERT, ref 1000303-2]", "[creating coopAssetsTransaction test-data, hs_office.coopassetstransaction, INSERT, ref 1000303-2]",
"[creating coopAssetsTransaction test-data, hs_office_coopassetstransaction, INSERT, ref 1000303-3]", "[creating coopAssetsTransaction test-data, hs_office.coopassetstransaction, INSERT, ref 1000303-3]",
"[creating coopAssetsTransaction test-data, hs_office_coopassetstransaction, INSERT, ref 1000303-3]"); "[creating coopAssetsTransaction test-data, hs_office.coopassetstransaction, INSERT, ref 1000303-3]");
} }
@BeforeEach @BeforeEach

4
src/test/java/net/hostsharing/hsadminng/hs/office/coopshares/HsOfficeCoopSharesTransactionControllerAcceptanceTest.java
View File

@ -55,9 +55,9 @@ class HsOfficeCoopSharesTransactionControllerAcceptanceTest extends ContextBased
void cleanup() { void cleanup() {
jpaAttempt.transacted(() -> { jpaAttempt.transacted(() -> {
context.define("superuser-alex@hostsharing.net", null); context.define("superuser-alex@hostsharing.net", null);
// HsOfficeCoopSharesTransactionEntity respectively hs_office_coopsharestransaction_rv // HsOfficeCoopSharesTransactionEntity respectively hs_office.coopsharestransaction_rv
// cannot be deleted at all, but the underlying table record can be deleted. // cannot be deleted at all, but the underlying table record can be deleted.
em.createNativeQuery("delete from hs_office_coopsharestransaction where reference like 'temp %'").executeUpdate(); em.createNativeQuery("delete from hs_office.coopsharestransaction where reference like 'temp %'").executeUpdate();
}).assertSuccessful(); }).assertSuccessful();
} }

32
src/test/java/net/hostsharing/hsadminng/hs/office/coopshares/HsOfficeCoopSharesTransactionRepositoryIntegrationTest.java
View File

@ -88,7 +88,7 @@ class HsOfficeCoopSharesTransactionRepositoryIntegrationTest extends ContextBase
context("superuser-alex@hostsharing.net"); context("superuser-alex@hostsharing.net");
final var initialRoleNames = distinctRoleNamesOf(rawRoleRepo.findAll()); final var initialRoleNames = distinctRoleNamesOf(rawRoleRepo.findAll());
final var initialGrantNames = distinctGrantDisplaysOf(rawGrantRepo.findAll()).stream() final var initialGrantNames = distinctGrantDisplaysOf(rawGrantRepo.findAll()).stream()
.map(s -> s.replace("hs_office_", "")) .map(s -> s.replace("hs_office.", ""))
.toList(); .toList();
// when // when
@ -108,7 +108,7 @@ class HsOfficeCoopSharesTransactionRepositoryIntegrationTest extends ContextBase
final var all = rawRoleRepo.findAll(); final var all = rawRoleRepo.findAll();
assertThat(distinctRoleNamesOf(all)).containsExactlyInAnyOrder(Array.from(initialRoleNames)); // no new roles created assertThat(distinctRoleNamesOf(all)).containsExactlyInAnyOrder(Array.from(initialRoleNames)); // no new roles created
assertThat(distinctGrantDisplaysOf(rawGrantRepo.findAll())) assertThat(distinctGrantDisplaysOf(rawGrantRepo.findAll()))
.map(s -> s.replace("hs_office_", "")) .map(s -> s.replace("hs_office.", ""))
.containsExactlyInAnyOrder(Array.fromFormatted( .containsExactlyInAnyOrder(Array.fromFormatted(
initialGrantNames, initialGrantNames,
"{ grant perm:coopsharestransaction#temprefB:SELECT to role:membership#M-1000101:AGENT by system and assume }", "{ grant perm:coopsharestransaction#temprefB:SELECT to role:membership#M-1000101:AGENT by system and assume }",
@ -197,7 +197,7 @@ class HsOfficeCoopSharesTransactionRepositoryIntegrationTest extends ContextBase
@Test @Test
public void normalUser_canViewOnlyRelatedCoopSharesTransactions() { public void normalUser_canViewOnlyRelatedCoopSharesTransactions() {
// given: // given:
context("superuser-alex@hostsharing.net", "hs_office_membership#M-1000101:ADMIN"); context("superuser-alex@hostsharing.net", "hs_office.membership#M-1000101:ADMIN");
// when: // when:
final var result = coopSharesTransactionRepo.findCoopSharesTransactionByOptionalMembershipUuidAndDateRange( final var result = coopSharesTransactionRepo.findCoopSharesTransactionByOptionalMembershipUuidAndDateRange(
@ -221,7 +221,7 @@ class HsOfficeCoopSharesTransactionRepositoryIntegrationTest extends ContextBase
final var query = em.createNativeQuery(""" final var query = em.createNativeQuery("""
select currentTask, targetTable, targetOp, targetdelta->>'reference' select currentTask, targetTable, targetOp, targetdelta->>'reference'
from base.tx_journal_v from base.tx_journal_v
where targettable = 'hs_office_coopsharestransaction'; where targettable = 'hs_office.coopsharestransaction';
"""); """);
// when // when
@ -229,18 +229,18 @@ class HsOfficeCoopSharesTransactionRepositoryIntegrationTest extends ContextBase
// then // then
assertThat(customerLogEntries).map(Arrays::toString).contains( assertThat(customerLogEntries).map(Arrays::toString).contains(
"[creating coopSharesTransaction test-data, hs_office_coopsharestransaction, INSERT, ref 1000101-1]", "[creating coopSharesTransaction test-data, hs_office.coopsharestransaction, INSERT, ref 1000101-1]",
"[creating coopSharesTransaction test-data, hs_office_coopsharestransaction, INSERT, ref 1000101-2]", "[creating coopSharesTransaction test-data, hs_office.coopsharestransaction, INSERT, ref 1000101-2]",
"[creating coopSharesTransaction test-data, hs_office_coopsharestransaction, INSERT, ref 1000101-3]", "[creating coopSharesTransaction test-data, hs_office.coopsharestransaction, INSERT, ref 1000101-3]",
"[creating coopSharesTransaction test-data, hs_office_coopsharestransaction, INSERT, ref 1000101-4]", "[creating coopSharesTransaction test-data, hs_office.coopsharestransaction, INSERT, ref 1000101-4]",
"[creating coopSharesTransaction test-data, hs_office_coopsharestransaction, INSERT, ref 1000202-1]", "[creating coopSharesTransaction test-data, hs_office.coopsharestransaction, INSERT, ref 1000202-1]",
"[creating coopSharesTransaction test-data, hs_office_coopsharestransaction, INSERT, ref 1000202-2]", "[creating coopSharesTransaction test-data, hs_office.coopsharestransaction, INSERT, ref 1000202-2]",
"[creating coopSharesTransaction test-data, hs_office_coopsharestransaction, INSERT, ref 1000202-3]", "[creating coopSharesTransaction test-data, hs_office.coopsharestransaction, INSERT, ref 1000202-3]",
"[creating coopSharesTransaction test-data, hs_office_coopsharestransaction, INSERT, ref 1000202-4]", "[creating coopSharesTransaction test-data, hs_office.coopsharestransaction, INSERT, ref 1000202-4]",
"[creating coopSharesTransaction test-data, hs_office_coopsharestransaction, INSERT, ref 1000303-1]", "[creating coopSharesTransaction test-data, hs_office.coopsharestransaction, INSERT, ref 1000303-1]",
"[creating coopSharesTransaction test-data, hs_office_coopsharestransaction, INSERT, ref 1000303-2]", "[creating coopSharesTransaction test-data, hs_office.coopsharestransaction, INSERT, ref 1000303-2]",
"[creating coopSharesTransaction test-data, hs_office_coopsharestransaction, INSERT, ref 1000303-3]", "[creating coopSharesTransaction test-data, hs_office.coopsharestransaction, INSERT, ref 1000303-3]",
"[creating coopSharesTransaction test-data, hs_office_coopsharestransaction, INSERT, ref 1000303-4]"); "[creating coopSharesTransaction test-data, hs_office.coopsharestransaction, INSERT, ref 1000303-4]");
} }
@BeforeEach @BeforeEach

4
src/test/java/net/hostsharing/hsadminng/hs/office/debitor/HsOfficeDebitorControllerAcceptanceTest.java
View File

@ -638,7 +638,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu
RestAssured // @formatter:off RestAssured // @formatter:off
.given() .given()
.header("current-subject", "superuser-alex@hostsharing.net") .header("current-subject", "superuser-alex@hostsharing.net")
.header("assumed-roles", "hs_office_contact#fourthcontact:ADMIN") .header("assumed-roles", "hs_office.contact#fourthcontact:ADMIN")
.contentType(ContentType.JSON) .contentType(ContentType.JSON)
.body(""" .body("""
{ {
@ -651,7 +651,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu
.then().log().all().assertThat() .then().log().all().assertThat()
.statusCode(403) .statusCode(403)
.body("message", containsString("ERROR: [403] Subject")) .body("message", containsString("ERROR: [403] Subject"))
.body("message", containsString("is not allowed to update hs_office_debitor uuid ")); .body("message", containsString("is not allowed to update hs_office.debitor uuid "));
} }
} }

66
src/test/java/net/hostsharing/hsadminng/hs/office/debitor/HsOfficeDebitorRepositoryIntegrationTest.java
View File

@ -141,7 +141,7 @@ class HsOfficeDebitorRepositoryIntegrationTest extends ContextBasedTestWithClean
// then // then
result.assertExceptionWithRootCauseMessage(org.hibernate.exception.ConstraintViolationException.class, result.assertExceptionWithRootCauseMessage(org.hibernate.exception.ConstraintViolationException.class,
"ERROR: new row for relation \"hs_office_debitor\" violates check constraint \"check_default_prefix\""); "ERROR: new row for relation \"debitor\" violates check constraint \"check_default_prefix\"");
} }
@Test @Test
@ -151,7 +151,7 @@ class HsOfficeDebitorRepositoryIntegrationTest extends ContextBasedTestWithClean
final var initialRoleNames = distinctRoleNamesOf(rawRoleRepo.findAll()); final var initialRoleNames = distinctRoleNamesOf(rawRoleRepo.findAll());
final var initialGrantNames = distinctGrantDisplaysOf(rawGrantRepo.findAll()).stream() final var initialGrantNames = distinctGrantDisplaysOf(rawGrantRepo.findAll()).stream()
// some search+replace to make the output fit into the screen width // some search+replace to make the output fit into the screen width
.map(s -> s.replace("hs_office_", "")) .map(s -> s.replace("hs_office.", ""))
.toList(); .toList();
// when // when
@ -176,12 +176,12 @@ class HsOfficeDebitorRepositoryIntegrationTest extends ContextBasedTestWithClean
// then // then
assertThat(distinctRoleNamesOf(rawRoleRepo.findAll())).containsExactlyInAnyOrder(Array.from( assertThat(distinctRoleNamesOf(rawRoleRepo.findAll())).containsExactlyInAnyOrder(Array.from(
initialRoleNames, initialRoleNames,
"hs_office_relation#FirstGmbH-with-DEBITOR-FourtheG:OWNER", "hs_office.relation#FirstGmbH-with-DEBITOR-FourtheG:OWNER",
"hs_office_relation#FirstGmbH-with-DEBITOR-FourtheG:ADMIN", "hs_office.relation#FirstGmbH-with-DEBITOR-FourtheG:ADMIN",
"hs_office_relation#FirstGmbH-with-DEBITOR-FourtheG:AGENT", "hs_office.relation#FirstGmbH-with-DEBITOR-FourtheG:AGENT",
"hs_office_relation#FirstGmbH-with-DEBITOR-FourtheG:TENANT")); "hs_office.relation#FirstGmbH-with-DEBITOR-FourtheG:TENANT"));
assertThat(distinctGrantDisplaysOf(rawGrantRepo.findAll())) assertThat(distinctGrantDisplaysOf(rawGrantRepo.findAll()))
.map(s -> s.replace("hs_office_", "")) .map(s -> s.replace("hs_office.", ""))
.containsExactlyInAnyOrder(Array.fromFormatted( .containsExactlyInAnyOrder(Array.fromFormatted(
initialGrantNames, initialGrantNames,
"{ grant perm:relation#FirstGmbH-with-DEBITOR-FourtheG:INSERT>sepamandate to role:relation#FirstGmbH-with-DEBITOR-FourtheG:ADMIN by system and assume }", "{ grant perm:relation#FirstGmbH-with-DEBITOR-FourtheG:INSERT>sepamandate to role:relation#FirstGmbH-with-DEBITOR-FourtheG:ADMIN by system and assume }",
@ -247,9 +247,9 @@ class HsOfficeDebitorRepositoryIntegrationTest extends ContextBasedTestWithClean
@ParameterizedTest @ParameterizedTest
@Disabled // TODO: reactivate once partner.person + partner.contact are removed @Disabled // TODO: reactivate once partner.person + partner.contact are removed
@ValueSource(strings = { @ValueSource(strings = {
"hs_office_partner#10001:FirstGmbH-firstcontact:ADMIN", "hs_office.partner#10001:FirstGmbH-firstcontact:ADMIN",
"hs_office_person#FirstGmbH:ADMIN", "hs_office.person#FirstGmbH:ADMIN",
"hs_office_contact#firstcontact:ADMIN", "hs_office.contact#firstcontact:ADMIN",
}) })
public void relatedPersonAdmin_canViewRelatedDebitors(final String assumedRole) { public void relatedPersonAdmin_canViewRelatedDebitors(final String assumedRole) {
// given: // given:
@ -321,7 +321,7 @@ class HsOfficeDebitorRepositoryIntegrationTest extends ContextBasedTestWithClean
assertThatDebitorIsVisibleForUserWithRole( assertThatDebitorIsVisibleForUserWithRole(
givenDebitor, givenDebitor,
"hs_office_relation#FourtheG-with-DEBITOR-FourtheG:ADMIN", true); "hs_office.relation#FourtheG-with-DEBITOR-FourtheG:ADMIN", true);
final var givenNewPartnerPerson = one(personRepo.findPersonByOptionalNameLike("First")); final var givenNewPartnerPerson = one(personRepo.findPersonByOptionalNameLike("First"));
final var givenNewBillingPerson = one(personRepo.findPersonByOptionalNameLike("Firby")); final var givenNewBillingPerson = one(personRepo.findPersonByOptionalNameLike("Firby"));
final var givenNewContact = one(contactrealRepo.findContactByOptionalCaptionLike("sixth contact")); final var givenNewContact = one(contactrealRepo.findContactByOptionalCaptionLike("sixth contact"));
@ -354,26 +354,26 @@ class HsOfficeDebitorRepositoryIntegrationTest extends ContextBasedTestWithClean
// ... partner role was reassigned: // ... partner role was reassigned:
assertThatDebitorIsNotVisibleForUserWithRole( assertThatDebitorIsNotVisibleForUserWithRole(
result.returnedValue(), result.returnedValue(),
"hs_office_relation#FourtheG-with-DEBITOR-FourtheG:ADMIN"); "hs_office.relation#FourtheG-with-DEBITOR-FourtheG:ADMIN");
assertThatDebitorIsVisibleForUserWithRole( assertThatDebitorIsVisibleForUserWithRole(
result.returnedValue(), result.returnedValue(),
"hs_office_relation#FirstGmbH-with-DEBITOR-FirbySusan:AGENT", true); "hs_office.relation#FirstGmbH-with-DEBITOR-FirbySusan:AGENT", true);
// ... contact role was reassigned: // ... contact role was reassigned:
assertThatDebitorIsNotVisibleForUserWithRole( assertThatDebitorIsNotVisibleForUserWithRole(
result.returnedValue(), result.returnedValue(),
"hs_office_contact#fifthcontact:ADMIN"); "hs_office.contact#fifthcontact:ADMIN");
assertThatDebitorIsVisibleForUserWithRole( assertThatDebitorIsVisibleForUserWithRole(
result.returnedValue(), result.returnedValue(),
"hs_office_contact#sixthcontact:ADMIN", false); "hs_office.contact#sixthcontact:ADMIN", false);
// ... bank-account role was reassigned: // ... bank-account role was reassigned:
assertThatDebitorIsNotVisibleForUserWithRole( assertThatDebitorIsNotVisibleForUserWithRole(
result.returnedValue(), result.returnedValue(),
"hs_office_bankaccount#DE02200505501015871393:ADMIN"); "hs_office.bankaccount#DE02200505501015871393:ADMIN");
assertThatDebitorIsVisibleForUserWithRole( assertThatDebitorIsVisibleForUserWithRole(
result.returnedValue(), result.returnedValue(),
"hs_office_bankaccount#DE02120300000000202051:ADMIN", true); "hs_office.bankaccount#DE02120300000000202051:ADMIN", true);
} }
@Test @Test
@ -383,7 +383,7 @@ class HsOfficeDebitorRepositoryIntegrationTest extends ContextBasedTestWithClean
final var givenDebitor = givenSomeTemporaryDebitor("Fourth", "fifth contact", null, "fig"); final var givenDebitor = givenSomeTemporaryDebitor("Fourth", "fifth contact", null, "fig");
assertThatDebitorIsVisibleForUserWithRole( assertThatDebitorIsVisibleForUserWithRole(
givenDebitor, givenDebitor,
"hs_office_relation#FourtheG-with-DEBITOR-FourtheG:ADMIN", true); "hs_office.relation#FourtheG-with-DEBITOR-FourtheG:ADMIN", true);
assertThatDebitorActuallyInDatabase(givenDebitor, true); assertThatDebitorActuallyInDatabase(givenDebitor, true);
final var givenNewBankAccount = one(bankAccountRepo.findByOptionalHolderLike("first")); final var givenNewBankAccount = one(bankAccountRepo.findByOptionalHolderLike("first"));
@ -403,7 +403,7 @@ class HsOfficeDebitorRepositoryIntegrationTest extends ContextBasedTestWithClean
// ... bank-account role was assigned: // ... bank-account role was assigned:
assertThatDebitorIsVisibleForUserWithRole( assertThatDebitorIsVisibleForUserWithRole(
result.returnedValue(), result.returnedValue(),
"hs_office_bankaccount#DE02120300000000202051:ADMIN", true); "hs_office.bankaccount#DE02120300000000202051:ADMIN", true);
} }
@Test @Test
@ -413,7 +413,7 @@ class HsOfficeDebitorRepositoryIntegrationTest extends ContextBasedTestWithClean
final var givenDebitor = givenSomeTemporaryDebitor("Fourth", "fifth contact", "Fourth", "fih"); final var givenDebitor = givenSomeTemporaryDebitor("Fourth", "fifth contact", "Fourth", "fih");
assertThatDebitorIsVisibleForUserWithRole( assertThatDebitorIsVisibleForUserWithRole(
givenDebitor, givenDebitor,
"hs_office_relation#HostsharingeG-with-PARTNER-FourtheG:AGENT", true); "hs_office.relation#HostsharingeG-with-PARTNER-FourtheG:AGENT", true);
assertThatDebitorActuallyInDatabase(givenDebitor, true); assertThatDebitorActuallyInDatabase(givenDebitor, true);
// when // when
@ -432,7 +432,7 @@ class HsOfficeDebitorRepositoryIntegrationTest extends ContextBasedTestWithClean
// ... bank-account role was removed from previous bank-account admin: // ... bank-account role was removed from previous bank-account admin:
assertThatDebitorIsNotVisibleForUserWithRole( assertThatDebitorIsNotVisibleForUserWithRole(
result.returnedValue(), result.returnedValue(),
"hs_office_bankaccount#DE02200505501015871393:ADMIN"); "hs_office.bankaccount#DE02200505501015871393:ADMIN");
} }
@Test @Test
@ -442,19 +442,19 @@ class HsOfficeDebitorRepositoryIntegrationTest extends ContextBasedTestWithClean
final var givenDebitor = givenSomeTemporaryDebitor("Fourth", "eighth", "Fourth", "eig"); final var givenDebitor = givenSomeTemporaryDebitor("Fourth", "eighth", "Fourth", "eig");
assertThatDebitorIsVisibleForUserWithRole( assertThatDebitorIsVisibleForUserWithRole(
givenDebitor, givenDebitor,
"hs_office_relation#HostsharingeG-with-PARTNER-FourtheG:AGENT", true); "hs_office.relation#HostsharingeG-with-PARTNER-FourtheG:AGENT", true);
assertThatDebitorActuallyInDatabase(givenDebitor, true); assertThatDebitorActuallyInDatabase(givenDebitor, true);
// when // when
final var result = jpaAttempt.transacted(() -> { final var result = jpaAttempt.transacted(() -> {
context("superuser-alex@hostsharing.net", "hs_office_relation#HostsharingeG-with-PARTNER-FourtheG:AGENT"); context("superuser-alex@hostsharing.net", "hs_office.relation#HostsharingeG-with-PARTNER-FourtheG:AGENT");
givenDebitor.setVatId("NEW-VAT-ID"); givenDebitor.setVatId("NEW-VAT-ID");
return toCleanup(debitorRepo.save(givenDebitor)); return toCleanup(debitorRepo.save(givenDebitor));
}); });
// then // then
result.assertExceptionWithRootCauseMessage(JpaSystemException.class, result.assertExceptionWithRootCauseMessage(JpaSystemException.class,
"[403] Subject ", " is not allowed to update hs_office_debitor uuid"); "[403] Subject ", " is not allowed to update hs_office.debitor uuid");
} }
@Test @Test
@ -463,11 +463,11 @@ class HsOfficeDebitorRepositoryIntegrationTest extends ContextBasedTestWithClean
context("superuser-alex@hostsharing.net"); context("superuser-alex@hostsharing.net");
final var givenDebitor = givenSomeTemporaryDebitor("Fourth", "ninth", "Fourth", "nin"); final var givenDebitor = givenSomeTemporaryDebitor("Fourth", "ninth", "Fourth", "nin");
assertThatDebitorActuallyInDatabase(givenDebitor, true); assertThatDebitorActuallyInDatabase(givenDebitor, true);
assertThatDebitorIsVisibleForUserWithRole(givenDebitor, "hs_office_contact#ninthcontact:ADMIN", false); assertThatDebitorIsVisibleForUserWithRole(givenDebitor, "hs_office.contact#ninthcontact:ADMIN", false);
// when // when
final var result = jpaAttempt.transacted(() -> { final var result = jpaAttempt.transacted(() -> {
context("superuser-alex@hostsharing.net", "hs_office_contact#ninthcontact:ADMIN"); context("superuser-alex@hostsharing.net", "hs_office.contact#ninthcontact:ADMIN");
givenDebitor.setVatId("NEW-VAT-ID"); givenDebitor.setVatId("NEW-VAT-ID");
final HsOfficeDebitorEntity entity = debitorRepo.save(givenDebitor); final HsOfficeDebitorEntity entity = debitorRepo.save(givenDebitor);
return toCleanup(entity.load()); return toCleanup(entity.load());
@ -477,7 +477,7 @@ class HsOfficeDebitorRepositoryIntegrationTest extends ContextBasedTestWithClean
result.assertExceptionWithRootCauseMessage( result.assertExceptionWithRootCauseMessage(
JpaSystemException.class, JpaSystemException.class,
"ERROR: [403]", "ERROR: [403]",
"is not allowed to update hs_office_debitor uuid"); "is not allowed to update hs_office.debitor uuid");
} }
private void assertThatDebitorActuallyInDatabase(final HsOfficeDebitorEntity saved, final boolean withPartner) { private void assertThatDebitorActuallyInDatabase(final HsOfficeDebitorEntity saved, final boolean withPartner) {
@ -547,7 +547,7 @@ class HsOfficeDebitorRepositoryIntegrationTest extends ContextBasedTestWithClean
// when // when
final var result = jpaAttempt.transacted(() -> { final var result = jpaAttempt.transacted(() -> {
context("superuser-alex@hostsharing.net", "hs_office_relation#FourtheG-with-DEBITOR-FourtheG:ADMIN"); context("superuser-alex@hostsharing.net", "hs_office.relation#FourtheG-with-DEBITOR-FourtheG:ADMIN");
assertThat(debitorRepo.findByUuid(givenDebitor.getUuid())).isPresent(); assertThat(debitorRepo.findByUuid(givenDebitor.getUuid())).isPresent();
debitorRepo.deleteByUuid(givenDebitor.getUuid()); debitorRepo.deleteByUuid(givenDebitor.getUuid());
@ -556,7 +556,7 @@ class HsOfficeDebitorRepositoryIntegrationTest extends ContextBasedTestWithClean
// then // then
result.assertExceptionWithRootCauseMessage( result.assertExceptionWithRootCauseMessage(
JpaSystemException.class, JpaSystemException.class,
"[403] Subject ", " not allowed to delete hs_office_debitor"); "[403] Subject ", " not allowed to delete hs_office.debitor");
assertThat(jpaAttempt.transacted(() -> { assertThat(jpaAttempt.transacted(() -> {
context("superuser-alex@hostsharing.net"); context("superuser-alex@hostsharing.net");
return debitorRepo.findByUuid(givenDebitor.getUuid()); return debitorRepo.findByUuid(givenDebitor.getUuid());
@ -591,7 +591,7 @@ class HsOfficeDebitorRepositoryIntegrationTest extends ContextBasedTestWithClean
final var query = em.createNativeQuery(""" final var query = em.createNativeQuery("""
select currentTask, targetTable, targetOp, targetdelta->>'defaultprefix' select currentTask, targetTable, targetOp, targetdelta->>'defaultprefix'
from base.tx_journal_v from base.tx_journal_v
where targettable = 'hs_office_debitor'; where targettable = 'hs_office.debitor';
"""); """);
// when // when
@ -599,9 +599,9 @@ class HsOfficeDebitorRepositoryIntegrationTest extends ContextBasedTestWithClean
// then // then
assertThat(customerLogEntries).map(Arrays::toString).contains( assertThat(customerLogEntries).map(Arrays::toString).contains(
"[creating debitor test-data, hs_office_debitor, INSERT, fir]", "[creating debitor test-data, hs_office.debitor, INSERT, fir]",
"[creating debitor test-data, hs_office_debitor, INSERT, sec]", "[creating debitor test-data, hs_office.debitor, INSERT, sec]",
"[creating debitor test-data, hs_office_debitor, INSERT, thi]"); "[creating debitor test-data, hs_office.debitor, INSERT, thi]");
} }
private HsOfficeDebitorEntity givenSomeTemporaryDebitor( private HsOfficeDebitorEntity givenSomeTemporaryDebitor(

6
src/test/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipControllerAcceptanceTest.java
View File

@ -263,7 +263,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle
RestAssured // @formatter:off RestAssured // @formatter:off
.given() .given()
.header("current-subject", "superuser-alex@hostsharing.net") .header("current-subject", "superuser-alex@hostsharing.net")
.header("assumed-roles", "hs_office_relation#HostsharingeG-with-PARTNER-ThirdOHG:AGENT") .header("assumed-roles", "hs_office.relation#HostsharingeG-with-PARTNER-ThirdOHG:AGENT")
.port(port) .port(port)
.when() .when()
.get("http://localhost/api/hs/office/memberships/" + givenMembershipUuid) .get("http://localhost/api/hs/office/memberships/" + givenMembershipUuid)
@ -331,7 +331,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle
void partnerRelAdmin_canPatchValidityOfRelatedMembership() { void partnerRelAdmin_canPatchValidityOfRelatedMembership() {
// given // given
final var givenPartnerAdmin = "hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH:ADMIN"; final var givenPartnerAdmin = "hs_office.relation#HostsharingeG-with-PARTNER-FirstGmbH:ADMIN";
context.define("superuser-alex@hostsharing.net", givenPartnerAdmin); context.define("superuser-alex@hostsharing.net", givenPartnerAdmin);
final var givenMembership = givenSomeTemporaryMembershipBessler("First"); final var givenMembership = givenSomeTemporaryMembershipBessler("First");
@ -392,7 +392,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle
RestAssured // @formatter:off RestAssured // @formatter:off
.given() .given()
.header("current-subject", "superuser-alex@hostsharing.net") .header("current-subject", "superuser-alex@hostsharing.net")
.header("assumed-roles", "hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH:AGENT") .header("assumed-roles", "hs_office.relation#HostsharingeG-with-PARTNER-FirstGmbH:AGENT")
.port(port) .port(port)
.when() .when()
.delete("http://localhost/api/hs/office/memberships/" + givenMembership.getUuid()) .delete("http://localhost/api/hs/office/memberships/" + givenMembership.getUuid())

28
src/test/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipRepositoryIntegrationTest.java
View File

@ -91,7 +91,7 @@ class HsOfficeMembershipRepositoryIntegrationTest extends ContextBasedTestWithCl
context("superuser-alex@hostsharing.net"); context("superuser-alex@hostsharing.net");
final var initialRoleNames = distinctRoleNamesOf(rawRoleRepo.findAll()); final var initialRoleNames = distinctRoleNamesOf(rawRoleRepo.findAll());
final var initialGrantNames = distinctGrantDisplaysOf(rawGrantRepo.findAll()).stream() final var initialGrantNames = distinctGrantDisplaysOf(rawGrantRepo.findAll()).stream()
.map(s -> s.replace("hs_office_", "")) .map(s -> s.replace("hs_office.", ""))
.toList(); .toList();
// when // when
@ -110,11 +110,11 @@ class HsOfficeMembershipRepositoryIntegrationTest extends ContextBasedTestWithCl
final var all = rawRoleRepo.findAll(); final var all = rawRoleRepo.findAll();
assertThat(distinctRoleNamesOf(all)).containsExactlyInAnyOrder(Array.from( assertThat(distinctRoleNamesOf(all)).containsExactlyInAnyOrder(Array.from(
initialRoleNames, initialRoleNames,
"hs_office_membership#M-1000117:OWNER", "hs_office.membership#M-1000117:OWNER",
"hs_office_membership#M-1000117:ADMIN", "hs_office.membership#M-1000117:ADMIN",
"hs_office_membership#M-1000117:AGENT")); "hs_office.membership#M-1000117:AGENT"));
assertThat(distinctGrantDisplaysOf(rawGrantRepo.findAll())) assertThat(distinctGrantDisplaysOf(rawGrantRepo.findAll()))
.map(s -> s.replace("hs_office_", "")) .map(s -> s.replace("hs_office.", ""))
.containsExactlyInAnyOrder(Array.fromFormatted( .containsExactlyInAnyOrder(Array.fromFormatted(
initialGrantNames, initialGrantNames,
// insert // insert
@ -230,13 +230,13 @@ class HsOfficeMembershipRepositoryIntegrationTest extends ContextBasedTestWithCl
assertThatMembershipExistsAndIsAccessibleToCurrentContext(givenMembership); assertThatMembershipExistsAndIsAccessibleToCurrentContext(givenMembership);
assertThatMembershipIsVisibleForRole( assertThatMembershipIsVisibleForRole(
givenMembership, givenMembership,
"hs_office_membership#M-1000113:AGENT"); "hs_office.membership#M-1000113:AGENT");
final var newValidityEnd = LocalDate.now(); final var newValidityEnd = LocalDate.now();
// when // when
final var result = jpaAttempt.transacted(() -> { final var result = jpaAttempt.transacted(() -> {
// TODO: we should test with debitor- and partner-admin as well // TODO: we should test with debitor- and partner-admin as well
context("superuser-alex@hostsharing.net", "hs_office_membership#M-1000113:AGENT"); context("superuser-alex@hostsharing.net", "hs_office.membership#M-1000113:AGENT");
givenMembership.setValidity( givenMembership.setValidity(
Range.closedOpen(givenMembership.getValidity().lower(), newValidityEnd)); Range.closedOpen(givenMembership.getValidity().lower(), newValidityEnd));
return membershipRepo.save(givenMembership); return membershipRepo.save(givenMembership);
@ -244,7 +244,7 @@ class HsOfficeMembershipRepositoryIntegrationTest extends ContextBasedTestWithCl
// then // then
result.assertExceptionWithRootCauseMessage(JpaSystemException.class, result.assertExceptionWithRootCauseMessage(JpaSystemException.class,
"[403] Subject ", " is not allowed to update hs_office_membership uuid"); "[403] Subject ", " is not allowed to update hs_office.membership uuid");
} }
private void assertThatMembershipExistsAndIsAccessibleToCurrentContext(final HsOfficeMembershipEntity saved) { private void assertThatMembershipExistsAndIsAccessibleToCurrentContext(final HsOfficeMembershipEntity saved) {
@ -294,7 +294,7 @@ class HsOfficeMembershipRepositoryIntegrationTest extends ContextBasedTestWithCl
// when // when
final var result = jpaAttempt.transacted(() -> { final var result = jpaAttempt.transacted(() -> {
context("superuser-alex@hostsharing.net", "hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH:AGENT"); context("superuser-alex@hostsharing.net", "hs_office.relation#HostsharingeG-with-PARTNER-FirstGmbH:AGENT");
assertThat(membershipRepo.findByUuid(givenMembership.getUuid())).isPresent(); assertThat(membershipRepo.findByUuid(givenMembership.getUuid())).isPresent();
membershipRepo.deleteByUuid(givenMembership.getUuid()); membershipRepo.deleteByUuid(givenMembership.getUuid());
@ -303,7 +303,7 @@ class HsOfficeMembershipRepositoryIntegrationTest extends ContextBasedTestWithCl
// then // then
result.assertExceptionWithRootCauseMessage( result.assertExceptionWithRootCauseMessage(
JpaSystemException.class, JpaSystemException.class,
"[403] Subject ", " not allowed to delete hs_office_membership"); "[403] Subject ", " not allowed to delete hs_office.membership");
assertThat(jpaAttempt.transacted(() -> { assertThat(jpaAttempt.transacted(() -> {
context("superuser-alex@hostsharing.net"); context("superuser-alex@hostsharing.net");
return membershipRepo.findByUuid(givenMembership.getUuid()); return membershipRepo.findByUuid(givenMembership.getUuid());
@ -338,7 +338,7 @@ class HsOfficeMembershipRepositoryIntegrationTest extends ContextBasedTestWithCl
final var query = em.createNativeQuery(""" final var query = em.createNativeQuery("""
select currentTask, targetTable, targetOp, targetdelta->>'membernumbersuffix' select currentTask, targetTable, targetOp, targetdelta->>'membernumbersuffix'
from base.tx_journal_v from base.tx_journal_v
where targettable = 'hs_office_membership'; where targettable = 'hs_office.membership';
"""); """);
// when // when
@ -346,9 +346,9 @@ class HsOfficeMembershipRepositoryIntegrationTest extends ContextBasedTestWithCl
// then // then
assertThat(customerLogEntries).map(Arrays::toString).contains( assertThat(customerLogEntries).map(Arrays::toString).contains(
"[creating Membership test-data, hs_office_membership, INSERT, 01]", "[creating Membership test-data, hs_office.membership, INSERT, 01]",
"[creating Membership test-data, hs_office_membership, INSERT, 02]", "[creating Membership test-data, hs_office.membership, INSERT, 02]",
"[creating Membership test-data, hs_office_membership, INSERT, 03]"); "[creating Membership test-data, hs_office.membership, INSERT, 03]");
} }
private HsOfficeMembershipEntity givenSomeTemporaryMembership(final String partnerTradeName, final String memberNumberSuffix) { private HsOfficeMembershipEntity givenSomeTemporaryMembership(final String partnerTradeName, final String memberNumberSuffix) {

44
src/test/java/net/hostsharing/hsadminng/hs/office/partner/HsOfficePartnerRepositoryIntegrationTest.java
View File

@ -103,7 +103,7 @@ class HsOfficePartnerRepositoryIntegrationTest extends ContextBasedTestWithClean
final var initialGrantNames = distinctGrantDisplaysOf(rawGrantRepo.findAll()).stream() final var initialGrantNames = distinctGrantDisplaysOf(rawGrantRepo.findAll()).stream()
.map(s -> s.replace("ErbenBesslerMelBessler", "EBess")) .map(s -> s.replace("ErbenBesslerMelBessler", "EBess"))
.map(s -> s.replace("fourthcontact", "4th")) .map(s -> s.replace("fourthcontact", "4th"))
.map(s -> s.replace("hs_office_", "")) .map(s -> s.replace("hs_office.", ""))
.toList(); .toList();
// when // when
@ -131,14 +131,14 @@ class HsOfficePartnerRepositoryIntegrationTest extends ContextBasedTestWithClean
// then // then
assertThat(distinctRoleNamesOf(rawRoleRepo.findAll())).containsExactlyInAnyOrder(from( assertThat(distinctRoleNamesOf(rawRoleRepo.findAll())).containsExactlyInAnyOrder(from(
initialRoleNames, initialRoleNames,
"hs_office_relation#HostsharingeG-with-PARTNER-ErbenBesslerMelBessler:OWNER", "hs_office.relation#HostsharingeG-with-PARTNER-ErbenBesslerMelBessler:OWNER",
"hs_office_relation#HostsharingeG-with-PARTNER-ErbenBesslerMelBessler:ADMIN", "hs_office.relation#HostsharingeG-with-PARTNER-ErbenBesslerMelBessler:ADMIN",
"hs_office_relation#HostsharingeG-with-PARTNER-ErbenBesslerMelBessler:AGENT", "hs_office.relation#HostsharingeG-with-PARTNER-ErbenBesslerMelBessler:AGENT",
"hs_office_relation#HostsharingeG-with-PARTNER-ErbenBesslerMelBessler:TENANT")); "hs_office.relation#HostsharingeG-with-PARTNER-ErbenBesslerMelBessler:TENANT"));
assertThat(distinctGrantDisplaysOf(rawGrantRepo.findAll())) assertThat(distinctGrantDisplaysOf(rawGrantRepo.findAll()))
.map(s -> s.replace("ErbenBesslerMelBessler", "EBess")) .map(s -> s.replace("ErbenBesslerMelBessler", "EBess"))
.map(s -> s.replace("fourthcontact", "4th")) .map(s -> s.replace("fourthcontact", "4th"))
.map(s -> s.replace("hs_office_", "")) .map(s -> s.replace("hs_office.", ""))
.containsExactlyInAnyOrder(distinct(from( .containsExactlyInAnyOrder(distinct(from(
initialGrantNames, initialGrantNames,
@ -263,7 +263,7 @@ class HsOfficePartnerRepositoryIntegrationTest extends ContextBasedTestWithClean
final var givenPartner = givenSomeTemporaryHostsharingPartner(20036, "Erben Bessler", "fifth contact"); final var givenPartner = givenSomeTemporaryHostsharingPartner(20036, "Erben Bessler", "fifth contact");
assertThatPartnerIsVisibleForUserWithRole( assertThatPartnerIsVisibleForUserWithRole(
givenPartner, givenPartner,
"hs_office_person#ErbenBesslerMelBessler:ADMIN"); "hs_office.person#ErbenBesslerMelBessler:ADMIN");
assertThatPartnerActuallyInDatabase(givenPartner); assertThatPartnerActuallyInDatabase(givenPartner);
// when // when
@ -281,10 +281,10 @@ class HsOfficePartnerRepositoryIntegrationTest extends ContextBasedTestWithClean
"rbac.global#global:ADMIN"); "rbac.global#global:ADMIN");
assertThatPartnerIsVisibleForUserWithRole( assertThatPartnerIsVisibleForUserWithRole(
givenPartner, givenPartner,
"hs_office_person#ThirdOHG:ADMIN"); "hs_office.person#ThirdOHG:ADMIN");
assertThatPartnerIsNotVisibleForUserWithRole( assertThatPartnerIsNotVisibleForUserWithRole(
givenPartner, givenPartner,
"hs_office_person#ErbenBesslerMelBessler:ADMIN"); "hs_office.person#ErbenBesslerMelBessler:ADMIN");
} }
@Test @Test
@ -294,13 +294,13 @@ class HsOfficePartnerRepositoryIntegrationTest extends ContextBasedTestWithClean
final var givenPartner = givenSomeTemporaryHostsharingPartner(20037, "Erben Bessler", "ninth"); final var givenPartner = givenSomeTemporaryHostsharingPartner(20037, "Erben Bessler", "ninth");
assertThatPartnerIsVisibleForUserWithRole( assertThatPartnerIsVisibleForUserWithRole(
givenPartner, givenPartner,
"hs_office_person#ErbenBesslerMelBessler:ADMIN"); "hs_office.person#ErbenBesslerMelBessler:ADMIN");
assertThatPartnerActuallyInDatabase(givenPartner); assertThatPartnerActuallyInDatabase(givenPartner);
// when // when
final var result = jpaAttempt.transacted(() -> { final var result = jpaAttempt.transacted(() -> {
context("superuser-alex@hostsharing.net", context("superuser-alex@hostsharing.net",
"hs_office_person#ErbenBesslerMelBessler:ADMIN"); "hs_office.person#ErbenBesslerMelBessler:ADMIN");
givenPartner.getDetails().setBirthName("new birthname"); givenPartner.getDetails().setBirthName("new birthname");
return partnerRepo.save(givenPartner); return partnerRepo.save(givenPartner);
}); });
@ -316,21 +316,21 @@ class HsOfficePartnerRepositoryIntegrationTest extends ContextBasedTestWithClean
final var givenPartner = givenSomeTemporaryHostsharingPartner(20037, "Erben Bessler", "ninth"); final var givenPartner = givenSomeTemporaryHostsharingPartner(20037, "Erben Bessler", "ninth");
assertThatPartnerIsVisibleForUserWithRole( assertThatPartnerIsVisibleForUserWithRole(
givenPartner, givenPartner,
"hs_office_person#ErbenBesslerMelBessler:ADMIN"); "hs_office.person#ErbenBesslerMelBessler:ADMIN");
assertThatPartnerActuallyInDatabase(givenPartner); assertThatPartnerActuallyInDatabase(givenPartner);
// when // when
final var result = jpaAttempt.transacted(() -> { final var result = jpaAttempt.transacted(() -> {
context("superuser-alex@hostsharing.net", context("superuser-alex@hostsharing.net",
"hs_office_relation#HostsharingeG-with-PARTNER-ErbenBesslerMelBessler:TENANT"); "hs_office.relation#HostsharingeG-with-PARTNER-ErbenBesslerMelBessler:TENANT");
givenPartner.getDetails().setBirthName("new birthname"); givenPartner.getDetails().setBirthName("new birthname");
return partnerRepo.save(givenPartner); return partnerRepo.save(givenPartner);
}); });
// then // then
result.assertExceptionWithRootCauseMessage(JpaSystemException.class, result.assertExceptionWithRootCauseMessage(JpaSystemException.class,
"ERROR: [403] insert into hs_office_partner_details ", "ERROR: [403] insert into hs_office.partner_details ",
" not allowed for current subjects {hs_office_relation#HostsharingeG-with-PARTNER-ErbenBesslerMelBessler:TENANT}"); " not allowed for current subjects {hs_office.relation#HostsharingeG-with-PARTNER-ErbenBesslerMelBessler:TENANT}");
} }
private void assertThatPartnerActuallyInDatabase(final HsOfficePartnerEntity saved) { private void assertThatPartnerActuallyInDatabase(final HsOfficePartnerEntity saved) {
@ -398,7 +398,7 @@ class HsOfficePartnerRepositoryIntegrationTest extends ContextBasedTestWithClean
// then // then
result.assertExceptionWithRootCauseMessage( result.assertExceptionWithRootCauseMessage(
JpaSystemException.class, JpaSystemException.class,
"[403] Subject ", " not allowed to delete hs_office_partner"); "[403] Subject ", " not allowed to delete hs_office.partner");
assertThat(jpaAttempt.transacted(() -> { assertThat(jpaAttempt.transacted(() -> {
context("superuser-alex@hostsharing.net"); context("superuser-alex@hostsharing.net");
return partnerRepo.findByUuid(givenPartner.getUuid()); return partnerRepo.findByUuid(givenPartner.getUuid());
@ -435,7 +435,7 @@ class HsOfficePartnerRepositoryIntegrationTest extends ContextBasedTestWithClean
final var query = em.createNativeQuery(""" final var query = em.createNativeQuery("""
select currentTask, targetTable, targetOp, targetdelta->>'partnernumber' select currentTask, targetTable, targetOp, targetdelta->>'partnernumber'
from base.tx_journal_v from base.tx_journal_v
where targettable = 'hs_office_partner'; where targettable = 'hs_office.partner';
"""); """);
// when // when
@ -443,11 +443,11 @@ class HsOfficePartnerRepositoryIntegrationTest extends ContextBasedTestWithClean
// then // then
assertThat(customerLogEntries).map(Arrays::toString).contains( assertThat(customerLogEntries).map(Arrays::toString).contains(
"[creating partner test-data , hs_office_partner, INSERT, 10001]", "[creating partner test-data , hs_office.partner, INSERT, 10001]",
"[creating partner test-data , hs_office_partner, INSERT, 10002]", "[creating partner test-data , hs_office.partner, INSERT, 10002]",
"[creating partner test-data , hs_office_partner, INSERT, 10003]", "[creating partner test-data , hs_office.partner, INSERT, 10003]",
"[creating partner test-data , hs_office_partner, INSERT, 10004]", "[creating partner test-data , hs_office.partner, INSERT, 10004]",
"[creating partner test-data , hs_office_partner, INSERT, 10010]"); "[creating partner test-data , hs_office.partner, INSERT, 10010]");
} }
private HsOfficePartnerEntity givenSomeTemporaryHostsharingPartner( private HsOfficePartnerEntity givenSomeTemporaryHostsharingPartner(

32
src/test/java/net/hostsharing/hsadminng/hs/office/person/HsOfficePersonRepositoryIntegrationTest.java
View File

@ -102,23 +102,23 @@ class HsOfficePersonRepositoryIntegrationTest extends ContextBasedTestWithCleanu
assertThat(distinctRoleNamesOf(rawRoleRepo.findAll())).containsExactlyInAnyOrder( assertThat(distinctRoleNamesOf(rawRoleRepo.findAll())).containsExactlyInAnyOrder(
Array.from( Array.from(
initialRoleNames, initialRoleNames,
"hs_office_person#anothernewperson:OWNER", "hs_office.person#anothernewperson:OWNER",
"hs_office_person#anothernewperson:ADMIN", "hs_office.person#anothernewperson:ADMIN",
"hs_office_person#anothernewperson:REFERRER" "hs_office.person#anothernewperson:REFERRER"
)); ));
assertThat(distinctGrantDisplaysOf(rawGrantRepo.findAll())).containsExactlyInAnyOrder( assertThat(distinctGrantDisplaysOf(rawGrantRepo.findAll())).containsExactlyInAnyOrder(
Array.fromFormatted( Array.fromFormatted(
initialGrantNames, initialGrantNames,
"{ grant perm:hs_office_person#anothernewperson:INSERT>hs_office_relation to role:hs_office_person#anothernewperson:ADMIN by system and assume }", "{ grant perm:hs_office.person#anothernewperson:INSERT>hs_office.relation to role:hs_office.person#anothernewperson:ADMIN by system and assume }",
"{ grant role:hs_office_person#anothernewperson:OWNER to user:selfregistered-user-drew@hostsharing.org by hs_office_person#anothernewperson:OWNER and assume }", "{ grant role:hs_office.person#anothernewperson:OWNER to user:selfregistered-user-drew@hostsharing.org by hs_office.person#anothernewperson:OWNER and assume }",
"{ grant role:hs_office_person#anothernewperson:OWNER to role:rbac.global#global:ADMIN by system and assume }", "{ grant role:hs_office.person#anothernewperson:OWNER to role:rbac.global#global:ADMIN by system and assume }",
"{ grant perm:hs_office_person#anothernewperson:UPDATE to role:hs_office_person#anothernewperson:ADMIN by system and assume }", "{ grant perm:hs_office.person#anothernewperson:UPDATE to role:hs_office.person#anothernewperson:ADMIN by system and assume }",
"{ grant perm:hs_office_person#anothernewperson:DELETE to role:hs_office_person#anothernewperson:OWNER by system and assume }", "{ grant perm:hs_office.person#anothernewperson:DELETE to role:hs_office.person#anothernewperson:OWNER by system and assume }",
"{ grant role:hs_office_person#anothernewperson:ADMIN to role:hs_office_person#anothernewperson:OWNER by system and assume }", "{ grant role:hs_office.person#anothernewperson:ADMIN to role:hs_office.person#anothernewperson:OWNER by system and assume }",
"{ grant perm:hs_office_person#anothernewperson:SELECT to role:hs_office_person#anothernewperson:REFERRER by system and assume }", "{ grant perm:hs_office.person#anothernewperson:SELECT to role:hs_office.person#anothernewperson:REFERRER by system and assume }",
"{ grant role:hs_office_person#anothernewperson:REFERRER to role:hs_office_person#anothernewperson:ADMIN by system and assume }" "{ grant role:hs_office.person#anothernewperson:REFERRER to role:hs_office.person#anothernewperson:ADMIN by system and assume }"
)); ));
} }
@ -262,7 +262,7 @@ class HsOfficePersonRepositoryIntegrationTest extends ContextBasedTestWithCleanu
final var query = em.createNativeQuery(""" final var query = em.createNativeQuery("""
select currentTask, targetTable, targetOp, targetdelta->>'tradename', targetdelta->>'lastname' select currentTask, targetTable, targetOp, targetdelta->>'tradename', targetdelta->>'lastname'
from base.tx_journal_v from base.tx_journal_v
where targettable = 'hs_office_person'; where targettable = 'hs_office.person';
"""); """);
// when // when
@ -270,10 +270,10 @@ class HsOfficePersonRepositoryIntegrationTest extends ContextBasedTestWithCleanu
// then // then
assertThat(customerLogEntries).map(Arrays::toString).contains( assertThat(customerLogEntries).map(Arrays::toString).contains(
"[creating person test-data, hs_office_person, INSERT, Hostsharing eG, null]", "[creating person test-data, hs_office.person, INSERT, Hostsharing eG, null]",
"[creating person test-data, hs_office_person, INSERT, First GmbH, null]", "[creating person test-data, hs_office.person, INSERT, First GmbH, null]",
"[creating person test-data, hs_office_person, INSERT, Second e.K., null]", "[creating person test-data, hs_office.person, INSERT, Second e.K., null]",
"[creating person test-data, hs_office_person, INSERT, Third OHG, null]"); "[creating person test-data, hs_office.person, INSERT, Third OHG, null]");
} }
private HsOfficePersonEntity givenSomeTemporaryPerson( private HsOfficePersonEntity givenSomeTemporaryPerson(

62
src/test/java/net/hostsharing/hsadminng/hs/office/relation/HsOfficeRelationRepositoryIntegrationTest.java
View File

@ -125,33 +125,33 @@ class HsOfficeRelationRepositoryIntegrationTest extends ContextBasedTestWithClea
// then // then
assertThat(distinctRoleNamesOf(rawRoleRepo.findAll())).containsExactlyInAnyOrder(Array.from( assertThat(distinctRoleNamesOf(rawRoleRepo.findAll())).containsExactlyInAnyOrder(Array.from(
initialRoleNames, initialRoleNames,
"hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:OWNER", "hs_office.relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:OWNER",
"hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:ADMIN", "hs_office.relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:ADMIN",
"hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:AGENT", "hs_office.relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:AGENT",
"hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:TENANT")); "hs_office.relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:TENANT"));
assertThat(distinctGrantDisplaysOf(rawGrantRepo.findAll())).containsExactlyInAnyOrder(Array.fromFormatted( assertThat(distinctGrantDisplaysOf(rawGrantRepo.findAll())).containsExactlyInAnyOrder(Array.fromFormatted(
initialGrantNames, initialGrantNames,
"{ grant perm:hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:DELETE to role:hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:OWNER by system and assume }", "{ grant perm:hs_office.relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:DELETE to role:hs_office.relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:OWNER by system and assume }",
"{ grant role:hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:OWNER to role:rbac.global#global:ADMIN by system and assume }", "{ grant role:hs_office.relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:OWNER to role:rbac.global#global:ADMIN by system and assume }",
"{ grant role:hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:OWNER to user:superuser-alex@hostsharing.net by hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:OWNER and assume }", "{ grant role:hs_office.relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:OWNER to user:superuser-alex@hostsharing.net by hs_office.relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:OWNER and assume }",
"{ grant perm:hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:UPDATE to role:hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:ADMIN by system and assume }", "{ grant perm:hs_office.relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:UPDATE to role:hs_office.relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:ADMIN by system and assume }",
"{ grant role:hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:ADMIN to role:hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:OWNER by system and assume }", "{ grant role:hs_office.relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:ADMIN to role:hs_office.relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:OWNER by system and assume }",
"{ grant role:hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:OWNER to role:hs_office_person#BesslerBert:ADMIN by system and assume }", "{ grant role:hs_office.relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:OWNER to role:hs_office.person#BesslerBert:ADMIN by system and assume }",
"{ grant role:hs_office_person#ErbenBesslerMelBessler:OWNER to role:hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:ADMIN by system and assume }", "{ grant role:hs_office.person#ErbenBesslerMelBessler:OWNER to role:hs_office.relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:ADMIN by system and assume }",
"{ grant role:hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:AGENT to role:hs_office_person#ErbenBesslerMelBessler:ADMIN by system and assume }", "{ grant role:hs_office.relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:AGENT to role:hs_office.person#ErbenBesslerMelBessler:ADMIN by system and assume }",
"{ grant role:hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:AGENT to role:hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:ADMIN by system and assume }", "{ grant role:hs_office.relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:AGENT to role:hs_office.relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:ADMIN by system and assume }",
"{ grant perm:hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:SELECT to role:hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:TENANT by system and assume }", "{ grant perm:hs_office.relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:SELECT to role:hs_office.relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:TENANT by system and assume }",
"{ grant role:hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:TENANT to role:hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:AGENT by system and assume }", "{ grant role:hs_office.relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:TENANT to role:hs_office.relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:AGENT by system and assume }",
"{ grant role:hs_office_person#BesslerBert:REFERRER to role:hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:TENANT by system and assume }", "{ grant role:hs_office.person#BesslerBert:REFERRER to role:hs_office.relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:TENANT by system and assume }",
"{ grant role:hs_office_person#ErbenBesslerMelBessler:REFERRER to role:hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:TENANT by system and assume }", "{ grant role:hs_office.person#ErbenBesslerMelBessler:REFERRER to role:hs_office.relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:TENANT by system and assume }",
"{ grant role:hs_office_contact#fourthcontact:REFERRER to role:hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:TENANT by system and assume }", "{ grant role:hs_office.contact#fourthcontact:REFERRER to role:hs_office.relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:TENANT by system and assume }",
// REPRESENTATIVE holder person -> (represented) anchor person // REPRESENTATIVE holder person -> (represented) anchor person
"{ grant role:hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:TENANT to role:hs_office_contact#fourthcontact:ADMIN by system and assume }", "{ grant role:hs_office.relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerBert:TENANT to role:hs_office.contact#fourthcontact:ADMIN by system and assume }",
null) null)
); );
} }
@ -217,7 +217,7 @@ class HsOfficeRelationRepositoryIntegrationTest extends ContextBasedTestWithClea
assertThatRelationActuallyInDatabase(givenRelation); assertThatRelationActuallyInDatabase(givenRelation);
assertThatRelationIsVisibleForUserWithRole( assertThatRelationIsVisibleForUserWithRole(
givenRelation, givenRelation,
"hs_office_person#ErbenBesslerMelBessler:ADMIN"); "hs_office.person#ErbenBesslerMelBessler:ADMIN");
context("superuser-alex@hostsharing.net"); context("superuser-alex@hostsharing.net");
final var givenContact = contactrealRepo.findContactByOptionalCaptionLike("sixth contact").stream().findFirst().orElseThrow(); final var givenContact = contactrealRepo.findContactByOptionalCaptionLike("sixth contact").stream().findFirst().orElseThrow();
@ -236,11 +236,11 @@ class HsOfficeRelationRepositoryIntegrationTest extends ContextBasedTestWithClea
"rbac.global#global:ADMIN"); "rbac.global#global:ADMIN");
assertThatRelationIsVisibleForUserWithRole( assertThatRelationIsVisibleForUserWithRole(
result.returnedValue(), result.returnedValue(),
"hs_office_contact#sixthcontact:ADMIN"); "hs_office.contact#sixthcontact:ADMIN");
assertThatRelationIsNotVisibleForUserWithRole( assertThatRelationIsNotVisibleForUserWithRole(
result.returnedValue(), result.returnedValue(),
"hs_office_contact#fifthcontact:ADMIN"); "hs_office.contact#fifthcontact:ADMIN");
relationRbacRepo.deleteByUuid(givenRelation.getUuid()); relationRbacRepo.deleteByUuid(givenRelation.getUuid());
} }
@ -253,19 +253,19 @@ class HsOfficeRelationRepositoryIntegrationTest extends ContextBasedTestWithClea
"Anita", "eighth"); "Anita", "eighth");
assertThatRelationIsVisibleForUserWithRole( assertThatRelationIsVisibleForUserWithRole(
givenRelation, givenRelation,
"hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerAnita:AGENT"); "hs_office.relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerAnita:AGENT");
assertThatRelationActuallyInDatabase(givenRelation); assertThatRelationActuallyInDatabase(givenRelation);
// when // when
final var result = jpaAttempt.transacted(() -> { final var result = jpaAttempt.transacted(() -> {
context("superuser-alex@hostsharing.net", "hs_office_relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerAnita:AGENT"); context("superuser-alex@hostsharing.net", "hs_office.relation#ErbenBesslerMelBessler-with-REPRESENTATIVE-BesslerAnita:AGENT");
givenRelation.setContact(null); givenRelation.setContact(null);
return relationRbacRepo.save(givenRelation); return relationRbacRepo.save(givenRelation);
}); });
// then // then
result.assertExceptionWithRootCauseMessage(JpaSystemException.class, result.assertExceptionWithRootCauseMessage(JpaSystemException.class,
"[403] Subject ", " is not allowed to update hs_office_relation uuid"); "[403] Subject ", " is not allowed to update hs_office.relation uuid");
} }
@Test @Test
@ -276,19 +276,19 @@ class HsOfficeRelationRepositoryIntegrationTest extends ContextBasedTestWithClea
"Anita", "ninth"); "Anita", "ninth");
assertThatRelationIsVisibleForUserWithRole( assertThatRelationIsVisibleForUserWithRole(
givenRelation, givenRelation,
"hs_office_contact#ninthcontact:ADMIN"); "hs_office.contact#ninthcontact:ADMIN");
assertThatRelationActuallyInDatabase(givenRelation); assertThatRelationActuallyInDatabase(givenRelation);
// when // when
final var result = jpaAttempt.transacted(() -> { final var result = jpaAttempt.transacted(() -> {
context("superuser-alex@hostsharing.net", "hs_office_contact#ninthcontact:ADMIN"); context("superuser-alex@hostsharing.net", "hs_office.contact#ninthcontact:ADMIN");
givenRelation.setContact(null); // TODO givenRelation.setContact(null); // TODO
return relationRbacRepo.save(givenRelation); return relationRbacRepo.save(givenRelation);
}); });
// then // then
result.assertExceptionWithRootCauseMessage(JpaSystemException.class, result.assertExceptionWithRootCauseMessage(JpaSystemException.class,
"[403] Subject ", " is not allowed to update hs_office_relation uuid"); "[403] Subject ", " is not allowed to update hs_office.relation uuid");
} }
private void assertThatRelationActuallyInDatabase(final HsOfficeRelation saved) { private void assertThatRelationActuallyInDatabase(final HsOfficeRelation saved) {
@ -360,7 +360,7 @@ class HsOfficeRelationRepositoryIntegrationTest extends ContextBasedTestWithClea
// then // then
result.assertExceptionWithRootCauseMessage( result.assertExceptionWithRootCauseMessage(
JpaSystemException.class, JpaSystemException.class,
"[403] Subject ", " not allowed to delete hs_office_relation"); "[403] Subject ", " not allowed to delete hs_office.relation");
assertThat(jpaAttempt.transacted(() -> { assertThat(jpaAttempt.transacted(() -> {
context("superuser-alex@hostsharing.net"); context("superuser-alex@hostsharing.net");
return relationRbacRepo.findByUuid(givenRelation.getUuid()); return relationRbacRepo.findByUuid(givenRelation.getUuid());
@ -396,7 +396,7 @@ class HsOfficeRelationRepositoryIntegrationTest extends ContextBasedTestWithClea
final var query = em.createNativeQuery(""" final var query = em.createNativeQuery("""
select currentTask, targetTable, targetOp, targetdelta->>'mark' select currentTask, targetTable, targetOp, targetdelta->>'mark'
from base.tx_journal_v from base.tx_journal_v
where targettable = 'hs_office_relation'; where targettable = 'hs_office.relation';
"""); """);
// when // when
@ -404,7 +404,7 @@ class HsOfficeRelationRepositoryIntegrationTest extends ContextBasedTestWithClea
// then // then
assertThat(customerLogEntries).map(Arrays::toString).contains( assertThat(customerLogEntries).map(Arrays::toString).contains(
"[creating relation test-data, hs_office_relation, INSERT, members-announce]"); "[creating relation test-data, hs_office.relation, INSERT, members-announce]");
} }
private HsOfficeRelationRbacEntity givenSomeTemporaryRelationBessler(final String holderPerson, final String contact) { private HsOfficeRelationRbacEntity givenSomeTemporaryRelationBessler(final String holderPerson, final String contact) {

30
src/test/java/net/hostsharing/hsadminng/hs/office/sepamandate/HsOfficeSepaMandateRepositoryIntegrationTest.java
View File

@ -95,7 +95,7 @@ class HsOfficeSepaMandateRepositoryIntegrationTest extends ContextBasedTestWithC
context("superuser-alex@hostsharing.net"); context("superuser-alex@hostsharing.net");
final var initialRoleNames = distinctRoleNamesOf(rawRoleRepo.findAll()); final var initialRoleNames = distinctRoleNamesOf(rawRoleRepo.findAll());
final var initialGrantNames = distinctGrantDisplaysOf(rawGrantRepo.findAll()).stream() final var initialGrantNames = distinctGrantDisplaysOf(rawGrantRepo.findAll()).stream()
.map(s -> s.replace("hs_office_", "")) .map(s -> s.replace("hs_office.", ""))
.toList(); .toList();
// when // when
@ -117,12 +117,12 @@ class HsOfficeSepaMandateRepositoryIntegrationTest extends ContextBasedTestWithC
final var all = rawRoleRepo.findAll(); final var all = rawRoleRepo.findAll();
assertThat(distinctRoleNamesOf(all)).containsExactlyInAnyOrder(Array.from( assertThat(distinctRoleNamesOf(all)).containsExactlyInAnyOrder(Array.from(
initialRoleNames, initialRoleNames,
"hs_office_sepamandate#DE02600501010002034304-[2020-01-01,2023-01-01):ADMIN", "hs_office.sepamandate#DE02600501010002034304-[2020-01-01,2023-01-01):ADMIN",
"hs_office_sepamandate#DE02600501010002034304-[2020-01-01,2023-01-01):AGENT", "hs_office.sepamandate#DE02600501010002034304-[2020-01-01,2023-01-01):AGENT",
"hs_office_sepamandate#DE02600501010002034304-[2020-01-01,2023-01-01):OWNER", "hs_office.sepamandate#DE02600501010002034304-[2020-01-01,2023-01-01):OWNER",
"hs_office_sepamandate#DE02600501010002034304-[2020-01-01,2023-01-01):REFERRER")); "hs_office.sepamandate#DE02600501010002034304-[2020-01-01,2023-01-01):REFERRER"));
assertThat(distinctGrantDisplaysOf(rawGrantRepo.findAll())) assertThat(distinctGrantDisplaysOf(rawGrantRepo.findAll()))
.map(s -> s.replace("hs_office_", "")) .map(s -> s.replace("hs_office.", ""))
.containsExactlyInAnyOrder(fromFormatted( .containsExactlyInAnyOrder(fromFormatted(
initialGrantNames, initialGrantNames,
@ -233,7 +233,7 @@ class HsOfficeSepaMandateRepositoryIntegrationTest extends ContextBasedTestWithC
final var givenSepaMandate = givenSomeTemporarySepaMandate("DE02600501010002034304"); final var givenSepaMandate = givenSomeTemporarySepaMandate("DE02600501010002034304");
assertThatSepaMandateIsVisibleForUserWithRole( assertThatSepaMandateIsVisibleForUserWithRole(
givenSepaMandate, givenSepaMandate,
"hs_office_bankaccount#DE02600501010002034304:ADMIN"); "hs_office.bankaccount#DE02600501010002034304:ADMIN");
// when // when
final var result = jpaAttempt.transacted(() -> { final var result = jpaAttempt.transacted(() -> {
@ -262,13 +262,13 @@ class HsOfficeSepaMandateRepositoryIntegrationTest extends ContextBasedTestWithC
final var givenSepaMandate = givenSomeTemporarySepaMandate("DE02300606010002474689"); final var givenSepaMandate = givenSomeTemporarySepaMandate("DE02300606010002474689");
assertThatSepaMandateIsVisibleForUserWithRole( assertThatSepaMandateIsVisibleForUserWithRole(
givenSepaMandate, givenSepaMandate,
"hs_office_bankaccount#DE02300606010002474689:ADMIN"); "hs_office.bankaccount#DE02300606010002474689:ADMIN");
assertThatSepaMandateActuallyInDatabase(givenSepaMandate); assertThatSepaMandateActuallyInDatabase(givenSepaMandate);
final var newValidityEnd = LocalDate.now(); final var newValidityEnd = LocalDate.now();
// when // when
final var result = jpaAttempt.transacted(() -> { final var result = jpaAttempt.transacted(() -> {
context("superuser-alex@hostsharing.net", "hs_office_bankaccount#DE02300606010002474689:ADMIN"); context("superuser-alex@hostsharing.net", "hs_office.bankaccount#DE02300606010002474689:ADMIN");
givenSepaMandate.setValidity(Range.closedOpen( givenSepaMandate.setValidity(Range.closedOpen(
givenSepaMandate.getValidity().lower(), newValidityEnd)); givenSepaMandate.getValidity().lower(), newValidityEnd));
@ -277,7 +277,7 @@ class HsOfficeSepaMandateRepositoryIntegrationTest extends ContextBasedTestWithC
// then // then
result.assertExceptionWithRootCauseMessage(JpaSystemException.class, result.assertExceptionWithRootCauseMessage(JpaSystemException.class,
"[403] Subject ", " is not allowed to update hs_office_sepamandate uuid"); "[403] Subject ", " is not allowed to update hs_office.sepamandate uuid");
} }
private void assertThatSepaMandateActuallyInDatabase(final HsOfficeSepaMandateEntity saved) { private void assertThatSepaMandateActuallyInDatabase(final HsOfficeSepaMandateEntity saved) {
@ -346,7 +346,7 @@ class HsOfficeSepaMandateRepositoryIntegrationTest extends ContextBasedTestWithC
// then // then
result.assertExceptionWithRootCauseMessage( result.assertExceptionWithRootCauseMessage(
JpaSystemException.class, JpaSystemException.class,
"[403] Subject ", " not allowed to delete hs_office_sepamandate"); "[403] Subject ", " not allowed to delete hs_office.sepamandate");
assertThat(jpaAttempt.transacted(() -> { assertThat(jpaAttempt.transacted(() -> {
context("superuser-alex@hostsharing.net"); context("superuser-alex@hostsharing.net");
return sepaMandateRepo.findByUuid(givenSepaMandate.getUuid()); return sepaMandateRepo.findByUuid(givenSepaMandate.getUuid());
@ -381,7 +381,7 @@ class HsOfficeSepaMandateRepositoryIntegrationTest extends ContextBasedTestWithC
final var query = em.createNativeQuery(""" final var query = em.createNativeQuery("""
select currentTask, targetTable, targetOp, targetdelta->>'reference' select currentTask, targetTable, targetOp, targetdelta->>'reference'
from base.tx_journal_v from base.tx_journal_v
where targettable = 'hs_office_sepamandate'; where targettable = 'hs_office.sepamandate';
"""); """);
// when // when
@ -389,9 +389,9 @@ class HsOfficeSepaMandateRepositoryIntegrationTest extends ContextBasedTestWithC
// then // then
assertThat(customerLogEntries).map(Arrays::toString).contains( assertThat(customerLogEntries).map(Arrays::toString).contains(
"[creating SEPA-mandate test-data, hs_office_sepamandate, INSERT, ref-10001-11]", "[creating SEPA-mandate test-data, hs_office.sepamandate, INSERT, ref-10001-11]",
"[creating SEPA-mandate test-data, hs_office_sepamandate, INSERT, ref-10002-12]", "[creating SEPA-mandate test-data, hs_office.sepamandate, INSERT, ref-10002-12]",
"[creating SEPA-mandate test-data, hs_office_sepamandate, INSERT, ref-10003-13]"); "[creating SEPA-mandate test-data, hs_office.sepamandate, INSERT, ref-10003-13]");
} }
private HsOfficeSepaMandateEntity givenSomeTemporarySepaMandate(final String iban) { private HsOfficeSepaMandateEntity givenSomeTemporarySepaMandate(final String iban) {

4
src/test/java/net/hostsharing/hsadminng/rbac/grant/RbacGrantsDiagramServiceIntegrationTest.java
View File

@ -90,12 +90,12 @@ class RbacGrantsDiagramServiceIntegrationTest extends ContextBasedTestWithCleanu
@Test @Test
@Disabled // enable to generate from a real database @Disabled // enable to generate from a real database
void print() throws IOException { void print() throws IOException {
//context("superuser-alex@hostsharing.net", "hs_office_person#FirbySusan:ADMIN"); //context("superuser-alex@hostsharing.net", "hs_office.person#FirbySusan:ADMIN");
context("superuser-alex@hostsharing.net"); context("superuser-alex@hostsharing.net");
//final var graph = grantsMermaidService.allGrantsTocurrentSubject(EnumSet.of(Include.NON_TEST_ENTITIES, Include.PERMISSIONS)); //final var graph = grantsMermaidService.allGrantsTocurrentSubject(EnumSet.of(Include.NON_TEST_ENTITIES, Include.PERMISSIONS));
final var targetObject = (UUID) em.createNativeQuery("SELECT uuid FROM hs_office_coopassetstransaction WHERE reference='ref 1000101-1'").getSingleResult(); final var targetObject = (UUID) em.createNativeQuery("SELECT uuid FROM hs_office.coopassetstransaction WHERE reference='ref 1000101-1'").getSingleResult();
final var graph = grantsMermaidService.allGrantsFrom(targetObject, "view", EnumSet.of(Include.USERS)); final var graph = grantsMermaidService.allGrantsFrom(targetObject, "view", EnumSet.of(Include.USERS));
RbacGrantsDiagramService.writeToFile(join(";", context.fetchAssumedRoles()), graph, "doc/all-grants.md"); RbacGrantsDiagramService.writeToFile(join(";", context.fetchAssumedRoles()), graph, "doc/all-grants.md");