introduce-separate-database-schemas-hs-booking-and-hosting #106

Merged
hsh-michaelhoennig merged 14 commits from introduce-separate-database-schemas-hs-booking-and-hosting into master 2024-09-23 10:52:39 +02:00
21 changed files with 170 additions and 171 deletions
Showing only changes of commit 632bf7d29b - Show all commits

View File

@ -338,8 +338,8 @@ Now, the longest running queries are these:
| 6 | 123.740 | 3 | 2 | with recursive grants as ( select descendantUuid, ascendantUuid from RbacGrants where descendantUuid = grantedId union all select "grant".descendantUuid, "grant".ascendantUuid from RbacGrants "grant" inner join grants recur on recur.ascendantUuid = "grant".descendantUuid ) select exists ( select $3 from grants where ascendantUuid = any(granteeIds) ) or grantedId = any(granteeIds) | | 6 | 123.740 | 3 | 2 | with recursive grants as ( select descendantUuid, ascendantUuid from RbacGrants where descendantUuid = grantedId union all select "grant".descendantUuid, "grant".ascendantUuid from RbacGrants "grant" inner join grants recur on recur.ascendantUuid = "grant".descendantUuid ) select exists ( select $3 from grants where ascendantUuid = any(granteeIds) ) or grantedId = any(granteeIds) |
| 7 | 497 | 2 | 259 | select hoce1_0.uuid,hoce1_0.caption,hoce1_0.emailaddresses,hoce1_0.phonenumbers,hoce1_0.postaladdress,hoce1_0.version from public.hs_office.contact_rv hoce1_0 where hoce1_0.uuid=$1 | | 7 | 497 | 2 | 259 | select hoce1_0.uuid,hoce1_0.caption,hoce1_0.emailaddresses,hoce1_0.phonenumbers,hoce1_0.postaladdress,hoce1_0.version from public.hs_office.contact_rv hoce1_0 where hoce1_0.uuid=$1 |
| 8 | 497 | 2 | 255 | select hope1_0.uuid,hope1_0.familyname,hope1_0.givenname,hope1_0.persontype,hope1_0.salutation,hope1_0.title,hope1_0.tradename,hope1_0.version from public.hs_office.person_rv hope1_0 where hope1_0.uuid=$1 | | 8 | 497 | 2 | 255 | select hope1_0.uuid,hope1_0.familyname,hope1_0.givenname,hope1_0.persontype,hope1_0.salutation,hope1_0.title,hope1_0.tradename,hope1_0.version from public.hs_office.person_rv hope1_0 where hope1_0.uuid=$1 |
| 9 | 13.144 | 1 | 8 | SELECT createRoleWithGrants( hsHostingAssetTENANT(NEW), permissions => array[$7], incomingSuperRoles => array[ hsHostingAssetAGENT(NEW), hsOfficeContactADMIN(newAlarmContact)], outgoingSubRoles => array[ hsBookingItemTENANT(newBookingItem), hsHostingAssetTENANT(newParentAsset)] ) | | 9 | 13.144 | 1 | 8 | SELECT createRoleWithGrants( hs_hosting.asset_TENANT(NEW), permissions => array[$7], incomingSuperRoles => array[ hs_hosting.asset_AGENT(NEW), hs_office.contact_ADMIN(newAlarmContact)], outgoingSubRoles => array[ hs_booking.item_TENANT(newBookingItem), hs_hosting.asset_TENANT(newParentAsset)] ) |
| 10 | 13.144 | 1 | 5 | SELECT createRoleWithGrants( hsHostingAssetADMIN(NEW), permissions => array[$7], incomingSuperRoles => array[ hsBookingItemAGENT(newBookingItem), hsHostingAssetAGENT(newParentAsset), hsHostingAssetOWNER(NEW)] ) | | 10 | 13.144 | 1 | 5 | SELECT createRoleWithGrants( hs_hosting.asset_ADMIN(NEW), permissions => array[$7], incomingSuperRoles => array[ hs_booking.item_AGENT(newBookingItem), hs_hosting.asset_AGENT(newParentAsset), hs_hosting.asset_OWNER(NEW)] ) |
That the `INSERT into hs_hosting.asset` (No. 1) takes up the most time, seems to be normal, and 21ms for each call is also fine. That the `INSERT into hs_hosting.asset` (No. 1) takes up the most time, seems to be normal, and 21ms for each call is also fine.

View File

@ -105,7 +105,6 @@ begin
end; $f$; end; $f$;
$sql$, targetTable); $sql$, targetTable);
raise exception 'generated-SQL: %', sql;
execute sql; execute sql;
end; $$; end; $$;
--// --//

View File

@ -35,22 +35,22 @@ begin
call rbac.enterTriggerForObjectUuid(NEW.uuid); call rbac.enterTriggerForObjectUuid(NEW.uuid);
perform rbac.defineRoleWithGrants( perform rbac.defineRoleWithGrants(
testCustomerOWNER(NEW), rbactest.customer_OWNER(NEW),
permissions => array['DELETE'], permissions => array['DELETE'],
incomingSuperRoles => array[rbac.globalADMIN(rbac.unassumed())], incomingSuperRoles => array[rbac.globalADMIN(rbac.unassumed())],
subjectUuids => array[rbac.currentSubjectUuid()] subjectUuids => array[rbac.currentSubjectUuid()]
); );
perform rbac.defineRoleWithGrants( perform rbac.defineRoleWithGrants(
testCustomerADMIN(NEW), rbactest.customer_ADMIN(NEW),
permissions => array['UPDATE'], permissions => array['UPDATE'],
incomingSuperRoles => array[testCustomerOWNER(NEW)] incomingSuperRoles => array[rbactest.customer_OWNER(NEW)]
); );
perform rbac.defineRoleWithGrants( perform rbac.defineRoleWithGrants(
testCustomerTENANT(NEW), rbactest.customer_TENANT(NEW),
permissions => array['SELECT'], permissions => array['SELECT'],
incomingSuperRoles => array[testCustomerADMIN(NEW)] incomingSuperRoles => array[rbactest.customer_ADMIN(NEW)]
); );
call rbac.leaveTriggerForObjectUuid(NEW.uuid); call rbac.leaveTriggerForObjectUuid(NEW.uuid);

View File

@ -41,8 +41,8 @@ begin
select * into newCust select * into newCust
from rbactest.customer where reference=custReference; from rbactest.customer where reference=custReference;
call rbac.grantRoleToSubject( call rbac.grantRoleToSubject(
rbac.getRoleId(testCustomerOwner(newCust)), rbac.getRoleId(rbactest.customer_OWNER(newCust)),
rbac.getRoleId(testCustomerAdmin(newCust)), rbac.getRoleId(rbactest.customer_ADMIN(newCust)),
custAdminUuid, custAdminUuid,
true); true);
end; $$; end; $$;

View File

@ -40,21 +40,21 @@ begin
perform rbac.defineRoleWithGrants( perform rbac.defineRoleWithGrants(
testPackageOWNER(NEW), rbactest.package_OWNER(NEW),
permissions => array['DELETE', 'UPDATE'], permissions => array['DELETE', 'UPDATE'],
incomingSuperRoles => array[testCustomerADMIN(newCustomer)] incomingSuperRoles => array[rbactest.customer_ADMIN(newCustomer)]
); );
perform rbac.defineRoleWithGrants( perform rbac.defineRoleWithGrants(
testPackageADMIN(NEW), rbactest.package_ADMIN(NEW),
incomingSuperRoles => array[testPackageOWNER(NEW)] incomingSuperRoles => array[rbactest.package_OWNER(NEW)]
); );
perform rbac.defineRoleWithGrants( perform rbac.defineRoleWithGrants(
testPackageTENANT(NEW), rbactest.package_TENANT(NEW),
permissions => array['SELECT'], permissions => array['SELECT'],
incomingSuperRoles => array[testPackageADMIN(NEW)], incomingSuperRoles => array[rbactest.package_ADMIN(NEW)],
outgoingSubRoles => array[testCustomerTENANT(newCustomer)] outgoingSubRoles => array[rbactest.customer_TENANT(newCustomer)]
); );
call rbac.leaveTriggerForObjectUuid(NEW.uuid); call rbac.leaveTriggerForObjectUuid(NEW.uuid);
@ -110,11 +110,11 @@ begin
if NEW.customerUuid <> OLD.customerUuid then if NEW.customerUuid <> OLD.customerUuid then
call rbac.revokeRoleFromRole(testPackageOWNER(OLD), testCustomerADMIN(oldCustomer)); call rbac.revokeRoleFromRole(rbactest.package_OWNER(OLD), rbactest.customer_ADMIN(oldCustomer));
call rbac.grantRoleToRole(testPackageOWNER(NEW), testCustomerADMIN(newCustomer)); call rbac.grantRoleToRole(rbactest.package_OWNER(NEW), rbactest.customer_ADMIN(newCustomer));
call rbac.revokeRoleFromRole(testCustomerTENANT(oldCustomer), testPackageTENANT(OLD)); call rbac.revokeRoleFromRole(rbactest.customer_TENANT(oldCustomer), rbactest.package_TENANT(OLD));
call rbac.grantRoleToRole(testCustomerTENANT(newCustomer), testPackageTENANT(NEW)); call rbac.grantRoleToRole(rbactest.customer_TENANT(newCustomer), rbactest.package_TENANT(NEW));
end if; end if;
@ -161,7 +161,7 @@ do language plpgsql $$
LOOP LOOP
call rbac.grantPermissionToRole( call rbac.grantPermissionToRole(
rbac.createPermission(row.uuid, 'INSERT', 'rbactest.package'), rbac.createPermission(row.uuid, 'INSERT', 'rbactest.package'),
testCustomerADMIN(row)); rbactest.customer_ADMIN(row));
END LOOP; END LOOP;
end; end;
$$; $$;
@ -177,7 +177,7 @@ begin
-- unconditional for all rows in that table -- unconditional for all rows in that table
call rbac.grantPermissionToRole( call rbac.grantPermissionToRole(
rbac.createPermission(NEW.uuid, 'INSERT', 'rbactest.package'), rbac.createPermission(NEW.uuid, 'INSERT', 'rbactest.package'),
testCustomerADMIN(NEW)); rbactest.customer_ADMIN(NEW));
-- end. -- end.
return NEW; return NEW;
end; $$; end; $$;

View File

@ -30,8 +30,8 @@ begin
returning * into pac; returning * into pac;
call rbac.grantRoleToSubject( call rbac.grantRoleToSubject(
rbac.getRoleId(testCustomerAdmin(cust)), rbac.getRoleId(rbactest.customer_ADMIN(cust)),
rbac.findRoleId(testPackageAdmin(pac)), rbac.findRoleId(rbactest.package_ADMIN(pac)),
rbac.create_subject('pac-admin-' || pacName || '@' || cust.prefix || '.example.com'), rbac.create_subject('pac-admin-' || pacName || '@' || cust.prefix || '.example.com'),
true); true);

View File

@ -40,17 +40,17 @@ begin
perform rbac.defineRoleWithGrants( perform rbac.defineRoleWithGrants(
testDomainOWNER(NEW), rbactest.domain_OWNER(NEW),
permissions => array['DELETE', 'UPDATE'], permissions => array['DELETE', 'UPDATE'],
incomingSuperRoles => array[testPackageADMIN(newPackage)], incomingSuperRoles => array[rbactest.package_ADMIN(newPackage)],
outgoingSubRoles => array[testPackageTENANT(newPackage)] outgoingSubRoles => array[rbactest.package_TENANT(newPackage)]
); );
perform rbac.defineRoleWithGrants( perform rbac.defineRoleWithGrants(
testDomainADMIN(NEW), rbactest.domain_ADMIN(NEW),
permissions => array['SELECT'], permissions => array['SELECT'],
incomingSuperRoles => array[testDomainOWNER(NEW)], incomingSuperRoles => array[rbactest.domain_OWNER(NEW)],
outgoingSubRoles => array[testPackageTENANT(newPackage)] outgoingSubRoles => array[rbactest.package_TENANT(newPackage)]
); );
call rbac.leaveTriggerForObjectUuid(NEW.uuid); call rbac.leaveTriggerForObjectUuid(NEW.uuid);
@ -106,14 +106,14 @@ begin
if NEW.packageUuid <> OLD.packageUuid then if NEW.packageUuid <> OLD.packageUuid then
call rbac.revokeRoleFromRole(testDomainOWNER(OLD), testPackageADMIN(oldPackage)); call rbac.revokeRoleFromRole(rbactest.domain_OWNER(OLD), rbactest.package_ADMIN(oldPackage));
call rbac.grantRoleToRole(testDomainOWNER(NEW), testPackageADMIN(newPackage)); call rbac.grantRoleToRole(rbactest.domain_OWNER(NEW), rbactest.package_ADMIN(newPackage));
call rbac.revokeRoleFromRole(testPackageTENANT(oldPackage), testDomainOWNER(OLD)); call rbac.revokeRoleFromRole(rbactest.package_TENANT(oldPackage), rbactest.domain_OWNER(OLD));
call rbac.grantRoleToRole(testPackageTENANT(newPackage), testDomainOWNER(NEW)); call rbac.grantRoleToRole(rbactest.package_TENANT(newPackage), rbactest.domain_OWNER(NEW));
call rbac.revokeRoleFromRole(testPackageTENANT(oldPackage), testDomainADMIN(OLD)); call rbac.revokeRoleFromRole(rbactest.package_TENANT(oldPackage), rbactest.domain_ADMIN(OLD));
call rbac.grantRoleToRole(testPackageTENANT(newPackage), testDomainADMIN(NEW)); call rbac.grantRoleToRole(rbactest.package_TENANT(newPackage), rbactest.domain_ADMIN(NEW));
end if; end if;
@ -160,7 +160,7 @@ do language plpgsql $$
LOOP LOOP
call rbac.grantPermissionToRole( call rbac.grantPermissionToRole(
rbac.createPermission(row.uuid, 'INSERT', 'rbactest.domain'), rbac.createPermission(row.uuid, 'INSERT', 'rbactest.domain'),
testPackageADMIN(row)); rbactest.package_ADMIN(row));
END LOOP; END LOOP;
end; end;
$$; $$;
@ -176,7 +176,7 @@ begin
-- unconditional for all rows in that table -- unconditional for all rows in that table
call rbac.grantPermissionToRole( call rbac.grantPermissionToRole(
rbac.createPermission(NEW.uuid, 'INSERT', 'rbactest.domain'), rbac.createPermission(NEW.uuid, 'INSERT', 'rbactest.domain'),
testPackageADMIN(NEW)); rbactest.package_ADMIN(NEW));
-- end. -- end.
return NEW; return NEW;
end; $$; end; $$;

View File

@ -35,22 +35,22 @@ begin
call rbac.enterTriggerForObjectUuid(NEW.uuid); call rbac.enterTriggerForObjectUuid(NEW.uuid);
perform rbac.defineRoleWithGrants( perform rbac.defineRoleWithGrants(
hsOfficeContactOWNER(NEW), hs_office.contact_OWNER(NEW),
permissions => array['DELETE'], permissions => array['DELETE'],
incomingSuperRoles => array[rbac.globalADMIN()], incomingSuperRoles => array[rbac.globalADMIN()],
subjectUuids => array[rbac.currentSubjectUuid()] subjectUuids => array[rbac.currentSubjectUuid()]
); );
perform rbac.defineRoleWithGrants( perform rbac.defineRoleWithGrants(
hsOfficeContactADMIN(NEW), hs_office.contact_ADMIN(NEW),
permissions => array['UPDATE'], permissions => array['UPDATE'],
incomingSuperRoles => array[hsOfficeContactOWNER(NEW)] incomingSuperRoles => array[hs_office.contact_OWNER(NEW)]
); );
perform rbac.defineRoleWithGrants( perform rbac.defineRoleWithGrants(
hsOfficeContactREFERRER(NEW), hs_office.contact_REFERRER(NEW),
permissions => array['SELECT'], permissions => array['SELECT'],
incomingSuperRoles => array[hsOfficeContactADMIN(NEW)] incomingSuperRoles => array[hs_office.contact_ADMIN(NEW)]
); );
call rbac.leaveTriggerForObjectUuid(NEW.uuid); call rbac.leaveTriggerForObjectUuid(NEW.uuid);

View File

@ -35,22 +35,22 @@ begin
call rbac.enterTriggerForObjectUuid(NEW.uuid); call rbac.enterTriggerForObjectUuid(NEW.uuid);
perform rbac.defineRoleWithGrants( perform rbac.defineRoleWithGrants(
hsOfficePersonOWNER(NEW), hs_office.person_OWNER(NEW),
permissions => array['DELETE'], permissions => array['DELETE'],
incomingSuperRoles => array[rbac.globalADMIN()], incomingSuperRoles => array[rbac.globalADMIN()],
subjectUuids => array[rbac.currentSubjectUuid()] subjectUuids => array[rbac.currentSubjectUuid()]
); );
perform rbac.defineRoleWithGrants( perform rbac.defineRoleWithGrants(
hsOfficePersonADMIN(NEW), hs_office.person_ADMIN(NEW),
permissions => array['UPDATE'], permissions => array['UPDATE'],
incomingSuperRoles => array[hsOfficePersonOWNER(NEW)] incomingSuperRoles => array[hs_office.person_OWNER(NEW)]
); );
perform rbac.defineRoleWithGrants( perform rbac.defineRoleWithGrants(
hsOfficePersonREFERRER(NEW), hs_office.person_REFERRER(NEW),
permissions => array['SELECT'], permissions => array['SELECT'],
incomingSuperRoles => array[hsOfficePersonADMIN(NEW)] incomingSuperRoles => array[hs_office.person_ADMIN(NEW)]
); );
call rbac.leaveTriggerForObjectUuid(NEW.uuid); call rbac.leaveTriggerForObjectUuid(NEW.uuid);

View File

@ -48,42 +48,42 @@ begin
perform rbac.defineRoleWithGrants( perform rbac.defineRoleWithGrants(
hsOfficeRelationOWNER(NEW), hs_office.relation_OWNER(NEW),
permissions => array['DELETE'], permissions => array['DELETE'],
incomingSuperRoles => array[rbac.globalADMIN()], incomingSuperRoles => array[rbac.globalADMIN()],
subjectUuids => array[rbac.currentSubjectUuid()] subjectUuids => array[rbac.currentSubjectUuid()]
); );
perform rbac.defineRoleWithGrants( perform rbac.defineRoleWithGrants(
hsOfficeRelationADMIN(NEW), hs_office.relation_ADMIN(NEW),
permissions => array['UPDATE'], permissions => array['UPDATE'],
incomingSuperRoles => array[hsOfficeRelationOWNER(NEW)] incomingSuperRoles => array[hs_office.relation_OWNER(NEW)]
); );
perform rbac.defineRoleWithGrants( perform rbac.defineRoleWithGrants(
hsOfficeRelationAGENT(NEW), hs_office.relation_AGENT(NEW),
incomingSuperRoles => array[hsOfficeRelationADMIN(NEW)] incomingSuperRoles => array[hs_office.relation_ADMIN(NEW)]
); );
perform rbac.defineRoleWithGrants( perform rbac.defineRoleWithGrants(
hsOfficeRelationTENANT(NEW), hs_office.relation_TENANT(NEW),
permissions => array['SELECT'], permissions => array['SELECT'],
incomingSuperRoles => array[ incomingSuperRoles => array[
hsOfficeContactADMIN(newContact), hs_office.contact_ADMIN(newContact),
hsOfficeRelationAGENT(NEW)], hs_office.relation_AGENT(NEW)],
outgoingSubRoles => array[ outgoingSubRoles => array[
hsOfficeContactREFERRER(newContact), hs_office.contact_REFERRER(newContact),
hsOfficePersonREFERRER(newAnchorPerson), hs_office.person_REFERRER(newAnchorPerson),
hsOfficePersonREFERRER(newHolderPerson)] hs_office.person_REFERRER(newHolderPerson)]
); );
IF NEW.type = 'REPRESENTATIVE' THEN IF NEW.type = 'REPRESENTATIVE' THEN
call rbac.grantRoleToRole(hsOfficePersonOWNER(newAnchorPerson), hsOfficeRelationADMIN(NEW)); call rbac.grantRoleToRole(hs_office.person_OWNER(newAnchorPerson), hs_office.relation_ADMIN(NEW));
call rbac.grantRoleToRole(hsOfficeRelationAGENT(NEW), hsOfficePersonADMIN(newAnchorPerson)); call rbac.grantRoleToRole(hs_office.relation_AGENT(NEW), hs_office.person_ADMIN(newAnchorPerson));
call rbac.grantRoleToRole(hsOfficeRelationOWNER(NEW), hsOfficePersonADMIN(newHolderPerson)); call rbac.grantRoleToRole(hs_office.relation_OWNER(NEW), hs_office.person_ADMIN(newHolderPerson));
ELSE ELSE
call rbac.grantRoleToRole(hsOfficeRelationAGENT(NEW), hsOfficePersonADMIN(newHolderPerson)); call rbac.grantRoleToRole(hs_office.relation_AGENT(NEW), hs_office.person_ADMIN(newHolderPerson));
call rbac.grantRoleToRole(hsOfficeRelationOWNER(NEW), hsOfficePersonADMIN(newAnchorPerson)); call rbac.grantRoleToRole(hs_office.relation_OWNER(NEW), hs_office.person_ADMIN(newAnchorPerson));
END IF; END IF;
call rbac.leaveTriggerForObjectUuid(NEW.uuid); call rbac.leaveTriggerForObjectUuid(NEW.uuid);
@ -170,7 +170,7 @@ do language plpgsql $$
LOOP LOOP
call rbac.grantPermissionToRole( call rbac.grantPermissionToRole(
rbac.createPermission(row.uuid, 'INSERT', 'hs_office.relation'), rbac.createPermission(row.uuid, 'INSERT', 'hs_office.relation'),
hsOfficePersonADMIN(row)); hs_office.person_ADMIN(row));
END LOOP; END LOOP;
end; end;
$$; $$;
@ -186,7 +186,7 @@ begin
-- unconditional for all rows in that table -- unconditional for all rows in that table
call rbac.grantPermissionToRole( call rbac.grantPermissionToRole(
rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office.relation'), rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office.relation'),
hsOfficePersonADMIN(NEW)); hs_office.person_ADMIN(NEW));
-- end. -- end.
return NEW; return NEW;
end; $$; end; $$;

View File

@ -42,12 +42,12 @@ begin
SELECT * FROM hs_office.partner_details WHERE uuid = NEW.detailsUuid INTO newPartnerDetails; SELECT * FROM hs_office.partner_details WHERE uuid = NEW.detailsUuid INTO newPartnerDetails;
assert newPartnerDetails.uuid is not null, format('newPartnerDetails must not be null for NEW.detailsUuid = %s', NEW.detailsUuid); assert newPartnerDetails.uuid is not null, format('newPartnerDetails must not be null for NEW.detailsUuid = %s', NEW.detailsUuid);
call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'DELETE'), hsOfficeRelationOWNER(newPartnerRel)); call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'DELETE'), hs_office.relation_OWNER(newPartnerRel));
call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'SELECT'), hsOfficeRelationTENANT(newPartnerRel)); call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'SELECT'), hs_office.relation_TENANT(newPartnerRel));
call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'UPDATE'), hsOfficeRelationADMIN(newPartnerRel)); call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'UPDATE'), hs_office.relation_ADMIN(newPartnerRel));
call rbac.grantPermissionToRole(rbac.createPermission(newPartnerDetails.uuid, 'DELETE'), hsOfficeRelationOWNER(newPartnerRel)); call rbac.grantPermissionToRole(rbac.createPermission(newPartnerDetails.uuid, 'DELETE'), hs_office.relation_OWNER(newPartnerRel));
call rbac.grantPermissionToRole(rbac.createPermission(newPartnerDetails.uuid, 'SELECT'), hsOfficeRelationAGENT(newPartnerRel)); call rbac.grantPermissionToRole(rbac.createPermission(newPartnerDetails.uuid, 'SELECT'), hs_office.relation_AGENT(newPartnerRel));
call rbac.grantPermissionToRole(rbac.createPermission(newPartnerDetails.uuid, 'UPDATE'), hsOfficeRelationAGENT(newPartnerRel)); call rbac.grantPermissionToRole(rbac.createPermission(newPartnerDetails.uuid, 'UPDATE'), hs_office.relation_AGENT(newPartnerRel));
call rbac.leaveTriggerForObjectUuid(NEW.uuid); call rbac.leaveTriggerForObjectUuid(NEW.uuid);
end; $$; end; $$;
@ -110,23 +110,23 @@ begin
if NEW.partnerRelUuid <> OLD.partnerRelUuid then if NEW.partnerRelUuid <> OLD.partnerRelUuid then
call rbac.revokePermissionFromRole(rbac.getPermissionId(OLD.uuid, 'DELETE'), hsOfficeRelationOWNER(oldPartnerRel)); call rbac.revokePermissionFromRole(rbac.getPermissionId(OLD.uuid, 'DELETE'), hs_office.relation_OWNER(oldPartnerRel));
call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'DELETE'), hsOfficeRelationOWNER(newPartnerRel)); call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'DELETE'), hs_office.relation_OWNER(newPartnerRel));
call rbac.revokePermissionFromRole(rbac.getPermissionId(OLD.uuid, 'UPDATE'), hsOfficeRelationADMIN(oldPartnerRel)); call rbac.revokePermissionFromRole(rbac.getPermissionId(OLD.uuid, 'UPDATE'), hs_office.relation_ADMIN(oldPartnerRel));
call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'UPDATE'), hsOfficeRelationADMIN(newPartnerRel)); call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'UPDATE'), hs_office.relation_ADMIN(newPartnerRel));
call rbac.revokePermissionFromRole(rbac.getPermissionId(OLD.uuid, 'SELECT'), hsOfficeRelationTENANT(oldPartnerRel)); call rbac.revokePermissionFromRole(rbac.getPermissionId(OLD.uuid, 'SELECT'), hs_office.relation_TENANT(oldPartnerRel));
call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'SELECT'), hsOfficeRelationTENANT(newPartnerRel)); call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'SELECT'), hs_office.relation_TENANT(newPartnerRel));
call rbac.revokePermissionFromRole(rbac.getPermissionId(oldPartnerDetails.uuid, 'DELETE'), hsOfficeRelationOWNER(oldPartnerRel)); call rbac.revokePermissionFromRole(rbac.getPermissionId(oldPartnerDetails.uuid, 'DELETE'), hs_office.relation_OWNER(oldPartnerRel));
call rbac.grantPermissionToRole(rbac.createPermission(newPartnerDetails.uuid, 'DELETE'), hsOfficeRelationOWNER(newPartnerRel)); call rbac.grantPermissionToRole(rbac.createPermission(newPartnerDetails.uuid, 'DELETE'), hs_office.relation_OWNER(newPartnerRel));
call rbac.revokePermissionFromRole(rbac.getPermissionId(oldPartnerDetails.uuid, 'UPDATE'), hsOfficeRelationAGENT(oldPartnerRel)); call rbac.revokePermissionFromRole(rbac.getPermissionId(oldPartnerDetails.uuid, 'UPDATE'), hs_office.relation_AGENT(oldPartnerRel));
call rbac.grantPermissionToRole(rbac.createPermission(newPartnerDetails.uuid, 'UPDATE'), hsOfficeRelationAGENT(newPartnerRel)); call rbac.grantPermissionToRole(rbac.createPermission(newPartnerDetails.uuid, 'UPDATE'), hs_office.relation_AGENT(newPartnerRel));
call rbac.revokePermissionFromRole(rbac.getPermissionId(oldPartnerDetails.uuid, 'SELECT'), hsOfficeRelationAGENT(oldPartnerRel)); call rbac.revokePermissionFromRole(rbac.getPermissionId(oldPartnerDetails.uuid, 'SELECT'), hs_office.relation_AGENT(oldPartnerRel));
call rbac.grantPermissionToRole(rbac.createPermission(newPartnerDetails.uuid, 'SELECT'), hsOfficeRelationAGENT(newPartnerRel)); call rbac.grantPermissionToRole(rbac.createPermission(newPartnerDetails.uuid, 'SELECT'), hs_office.relation_AGENT(newPartnerRel));
end if; end if;

View File

@ -35,22 +35,22 @@ begin
call rbac.enterTriggerForObjectUuid(NEW.uuid); call rbac.enterTriggerForObjectUuid(NEW.uuid);
perform rbac.defineRoleWithGrants( perform rbac.defineRoleWithGrants(
hsOfficeBankAccountOWNER(NEW), hs_office.bankaccount_OWNER(NEW),
permissions => array['DELETE'], permissions => array['DELETE'],
incomingSuperRoles => array[rbac.globalADMIN()], incomingSuperRoles => array[rbac.globalADMIN()],
subjectUuids => array[rbac.currentSubjectUuid()] subjectUuids => array[rbac.currentSubjectUuid()]
); );
perform rbac.defineRoleWithGrants( perform rbac.defineRoleWithGrants(
hsOfficeBankAccountADMIN(NEW), hs_office.bankaccount_ADMIN(NEW),
permissions => array['UPDATE'], permissions => array['UPDATE'],
incomingSuperRoles => array[hsOfficeBankAccountOWNER(NEW)] incomingSuperRoles => array[hs_office.bankaccount_OWNER(NEW)]
); );
perform rbac.defineRoleWithGrants( perform rbac.defineRoleWithGrants(
hsOfficeBankAccountREFERRER(NEW), hs_office.bankaccount_REFERRER(NEW),
permissions => array['SELECT'], permissions => array['SELECT'],
incomingSuperRoles => array[hsOfficeBankAccountADMIN(NEW)] incomingSuperRoles => array[hs_office.bankaccount_ADMIN(NEW)]
); );
call rbac.leaveTriggerForObjectUuid(NEW.uuid); call rbac.leaveTriggerForObjectUuid(NEW.uuid);

View File

@ -51,15 +51,15 @@ begin
SELECT * FROM hs_office.bankaccount WHERE uuid = NEW.refundBankAccountUuid INTO newRefundBankAccount; SELECT * FROM hs_office.bankaccount WHERE uuid = NEW.refundBankAccountUuid INTO newRefundBankAccount;
call rbac.grantRoleToRole(hsOfficeBankAccountREFERRER(newRefundBankAccount), hsOfficeRelationAGENT(newDebitorRel)); call rbac.grantRoleToRole(hs_office.bankaccount_REFERRER(newRefundBankAccount), hs_office.relation_AGENT(newDebitorRel));
call rbac.grantRoleToRole(hsOfficeRelationADMIN(newDebitorRel), hsOfficeRelationADMIN(newPartnerRel)); call rbac.grantRoleToRole(hs_office.relation_ADMIN(newDebitorRel), hs_office.relation_ADMIN(newPartnerRel));
call rbac.grantRoleToRole(hsOfficeRelationAGENT(newDebitorRel), hsOfficeBankAccountADMIN(newRefundBankAccount)); call rbac.grantRoleToRole(hs_office.relation_AGENT(newDebitorRel), hs_office.bankaccount_ADMIN(newRefundBankAccount));
call rbac.grantRoleToRole(hsOfficeRelationAGENT(newDebitorRel), hsOfficeRelationAGENT(newPartnerRel)); call rbac.grantRoleToRole(hs_office.relation_AGENT(newDebitorRel), hs_office.relation_AGENT(newPartnerRel));
call rbac.grantRoleToRole(hsOfficeRelationTENANT(newPartnerRel), hsOfficeRelationAGENT(newDebitorRel)); call rbac.grantRoleToRole(hs_office.relation_TENANT(newPartnerRel), hs_office.relation_AGENT(newDebitorRel));
call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'DELETE'), hsOfficeRelationOWNER(newDebitorRel)); call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'DELETE'), hs_office.relation_OWNER(newDebitorRel));
call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'SELECT'), hsOfficeRelationTENANT(newDebitorRel)); call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'SELECT'), hs_office.relation_TENANT(newDebitorRel));
call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'UPDATE'), hsOfficeRelationADMIN(newDebitorRel)); call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'UPDATE'), hs_office.relation_ADMIN(newDebitorRel));
call rbac.leaveTriggerForObjectUuid(NEW.uuid); call rbac.leaveTriggerForObjectUuid(NEW.uuid);
end; $$; end; $$;

View File

@ -48,34 +48,34 @@ begin
perform rbac.defineRoleWithGrants( perform rbac.defineRoleWithGrants(
hsOfficeSepaMandateOWNER(NEW), hs_office.sepamandate_OWNER(NEW),
permissions => array['DELETE'], permissions => array['DELETE'],
incomingSuperRoles => array[rbac.globalADMIN()], incomingSuperRoles => array[rbac.globalADMIN()],
subjectUuids => array[rbac.currentSubjectUuid()] subjectUuids => array[rbac.currentSubjectUuid()]
); );
perform rbac.defineRoleWithGrants( perform rbac.defineRoleWithGrants(
hsOfficeSepaMandateADMIN(NEW), hs_office.sepamandate_ADMIN(NEW),
permissions => array['UPDATE'], permissions => array['UPDATE'],
incomingSuperRoles => array[hsOfficeSepaMandateOWNER(NEW)] incomingSuperRoles => array[hs_office.sepamandate_OWNER(NEW)]
); );
perform rbac.defineRoleWithGrants( perform rbac.defineRoleWithGrants(
hsOfficeSepaMandateAGENT(NEW), hs_office.sepamandate_AGENT(NEW),
incomingSuperRoles => array[hsOfficeSepaMandateADMIN(NEW)], incomingSuperRoles => array[hs_office.sepamandate_ADMIN(NEW)],
outgoingSubRoles => array[ outgoingSubRoles => array[
hsOfficeBankAccountREFERRER(newBankAccount), hs_office.bankaccount_REFERRER(newBankAccount),
hsOfficeRelationAGENT(newDebitorRel)] hs_office.relation_AGENT(newDebitorRel)]
); );
perform rbac.defineRoleWithGrants( perform rbac.defineRoleWithGrants(
hsOfficeSepaMandateREFERRER(NEW), hs_office.sepamandate_REFERRER(NEW),
permissions => array['SELECT'], permissions => array['SELECT'],
incomingSuperRoles => array[ incomingSuperRoles => array[
hsOfficeBankAccountADMIN(newBankAccount), hs_office.bankaccount_ADMIN(newBankAccount),
hsOfficeRelationAGENT(newDebitorRel), hs_office.relation_AGENT(newDebitorRel),
hsOfficeSepaMandateAGENT(NEW)], hs_office.sepamandate_AGENT(NEW)],
outgoingSubRoles => array[hsOfficeRelationTENANT(newDebitorRel)] outgoingSubRoles => array[hs_office.relation_TENANT(newDebitorRel)]
); );
call rbac.leaveTriggerForObjectUuid(NEW.uuid); call rbac.leaveTriggerForObjectUuid(NEW.uuid);
@ -121,7 +121,7 @@ do language plpgsql $$
LOOP LOOP
call rbac.grantPermissionToRole( call rbac.grantPermissionToRole(
rbac.createPermission(row.uuid, 'INSERT', 'hs_office.sepamandate'), rbac.createPermission(row.uuid, 'INSERT', 'hs_office.sepamandate'),
hsOfficeRelationADMIN(row)); hs_office.relation_ADMIN(row));
END LOOP; END LOOP;
end; end;
$$; $$;
@ -137,7 +137,7 @@ begin
if NEW.type = 'DEBITOR' then if NEW.type = 'DEBITOR' then
call rbac.grantPermissionToRole( call rbac.grantPermissionToRole(
rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office.sepamandate'), rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office.sepamandate'),
hsOfficeRelationADMIN(NEW)); hs_office.relation_ADMIN(NEW));
end if; end if;
return NEW; return NEW;
end; $$; end; $$;

View File

@ -44,25 +44,25 @@ begin
perform rbac.defineRoleWithGrants( perform rbac.defineRoleWithGrants(
hsOfficeMembershipOWNER(NEW), hs_office.membership_OWNER(NEW),
subjectUuids => array[rbac.currentSubjectUuid()] subjectUuids => array[rbac.currentSubjectUuid()]
); );
perform rbac.defineRoleWithGrants( perform rbac.defineRoleWithGrants(
hsOfficeMembershipADMIN(NEW), hs_office.membership_ADMIN(NEW),
permissions => array['DELETE', 'UPDATE'], permissions => array['DELETE', 'UPDATE'],
incomingSuperRoles => array[ incomingSuperRoles => array[
hsOfficeMembershipOWNER(NEW), hs_office.membership_OWNER(NEW),
hsOfficeRelationADMIN(newPartnerRel)] hs_office.relation_ADMIN(newPartnerRel)]
); );
perform rbac.defineRoleWithGrants( perform rbac.defineRoleWithGrants(
hsOfficeMembershipAGENT(NEW), hs_office.membership_AGENT(NEW),
permissions => array['SELECT'], permissions => array['SELECT'],
incomingSuperRoles => array[ incomingSuperRoles => array[
hsOfficeMembershipADMIN(NEW), hs_office.membership_ADMIN(NEW),
hsOfficeRelationAGENT(newPartnerRel)], hs_office.relation_AGENT(newPartnerRel)],
outgoingSubRoles => array[hsOfficeRelationTENANT(newPartnerRel)] outgoingSubRoles => array[hs_office.relation_TENANT(newPartnerRel)]
); );
call rbac.leaveTriggerForObjectUuid(NEW.uuid); call rbac.leaveTriggerForObjectUuid(NEW.uuid);

View File

@ -38,8 +38,8 @@ begin
SELECT * FROM hs_office.membership WHERE uuid = NEW.membershipUuid INTO newMembership; SELECT * FROM hs_office.membership WHERE uuid = NEW.membershipUuid INTO newMembership;
assert newMembership.uuid is not null, format('newMembership must not be null for NEW.membershipUuid = %s', NEW.membershipUuid); assert newMembership.uuid is not null, format('newMembership must not be null for NEW.membershipUuid = %s', NEW.membershipUuid);
call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'SELECT'), hsOfficeMembershipAGENT(newMembership)); call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'SELECT'), hs_office.membership_AGENT(newMembership));
call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'UPDATE'), hsOfficeMembershipADMIN(newMembership)); call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'UPDATE'), hs_office.membership_ADMIN(newMembership));
call rbac.leaveTriggerForObjectUuid(NEW.uuid); call rbac.leaveTriggerForObjectUuid(NEW.uuid);
end; $$; end; $$;
@ -84,7 +84,7 @@ do language plpgsql $$
LOOP LOOP
call rbac.grantPermissionToRole( call rbac.grantPermissionToRole(
rbac.createPermission(row.uuid, 'INSERT', 'hs_office.coopsharestransaction'), rbac.createPermission(row.uuid, 'INSERT', 'hs_office.coopsharestransaction'),
hsOfficeMembershipADMIN(row)); hs_office.membership_ADMIN(row));
END LOOP; END LOOP;
end; end;
$$; $$;
@ -100,7 +100,7 @@ begin
-- unconditional for all rows in that table -- unconditional for all rows in that table
call rbac.grantPermissionToRole( call rbac.grantPermissionToRole(
rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office.coopsharestransaction'), rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office.coopsharestransaction'),
hsOfficeMembershipADMIN(NEW)); hs_office.membership_ADMIN(NEW));
-- end. -- end.
return NEW; return NEW;
end; $$; end; $$;

View File

@ -38,8 +38,8 @@ begin
SELECT * FROM hs_office.membership WHERE uuid = NEW.membershipUuid INTO newMembership; SELECT * FROM hs_office.membership WHERE uuid = NEW.membershipUuid INTO newMembership;
assert newMembership.uuid is not null, format('newMembership must not be null for NEW.membershipUuid = %s', NEW.membershipUuid); assert newMembership.uuid is not null, format('newMembership must not be null for NEW.membershipUuid = %s', NEW.membershipUuid);
call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'SELECT'), hsOfficeMembershipAGENT(newMembership)); call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'SELECT'), hs_office.membership_AGENT(newMembership));
call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'UPDATE'), hsOfficeMembershipADMIN(newMembership)); call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'UPDATE'), hs_office.membership_ADMIN(newMembership));
call rbac.leaveTriggerForObjectUuid(NEW.uuid); call rbac.leaveTriggerForObjectUuid(NEW.uuid);
end; $$; end; $$;
@ -84,7 +84,7 @@ do language plpgsql $$
LOOP LOOP
call rbac.grantPermissionToRole( call rbac.grantPermissionToRole(
rbac.createPermission(row.uuid, 'INSERT', 'hs_office.coopassetstransaction'), rbac.createPermission(row.uuid, 'INSERT', 'hs_office.coopassetstransaction'),
hsOfficeMembershipADMIN(row)); hs_office.membership_ADMIN(row));
END LOOP; END LOOP;
end; end;
$$; $$;
@ -100,7 +100,7 @@ begin
-- unconditional for all rows in that table -- unconditional for all rows in that table
call rbac.grantPermissionToRole( call rbac.grantPermissionToRole(
rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office.coopassetstransaction'), rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office.coopassetstransaction'),
hsOfficeMembershipADMIN(NEW)); hs_office.membership_ADMIN(NEW));
-- end. -- end.
return NEW; return NEW;
end; $$; end; $$;

View File

@ -48,26 +48,26 @@ begin
perform rbac.defineRoleWithGrants( perform rbac.defineRoleWithGrants(
hsBookingProjectOWNER(NEW), hs_booking.project_OWNER(NEW),
incomingSuperRoles => array[hsOfficeRelationAGENT(newDebitorRel, rbac.unassumed())] incomingSuperRoles => array[hs_office.relation_AGENT(newDebitorRel, rbac.unassumed())]
); );
perform rbac.defineRoleWithGrants( perform rbac.defineRoleWithGrants(
hsBookingProjectADMIN(NEW), hs_booking.project_ADMIN(NEW),
permissions => array['UPDATE'], permissions => array['UPDATE'],
incomingSuperRoles => array[hsBookingProjectOWNER(NEW)] incomingSuperRoles => array[hs_booking.project_OWNER(NEW)]
); );
perform rbac.defineRoleWithGrants( perform rbac.defineRoleWithGrants(
hsBookingProjectAGENT(NEW), hs_booking.project_AGENT(NEW),
incomingSuperRoles => array[hsBookingProjectADMIN(NEW)] incomingSuperRoles => array[hs_booking.project_ADMIN(NEW)]
); );
perform rbac.defineRoleWithGrants( perform rbac.defineRoleWithGrants(
hsBookingProjectTENANT(NEW), hs_booking.project_TENANT(NEW),
permissions => array['SELECT'], permissions => array['SELECT'],
incomingSuperRoles => array[hsBookingProjectAGENT(NEW)], incomingSuperRoles => array[hs_booking.project_AGENT(NEW)],
outgoingSubRoles => array[hsOfficeRelationTENANT(newDebitorRel)] outgoingSubRoles => array[hs_office.relation_TENANT(newDebitorRel)]
); );
call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'DELETE'), rbac.globalAdmin()); call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'DELETE'), rbac.globalAdmin());
@ -115,7 +115,7 @@ do language plpgsql $$
LOOP LOOP
call rbac.grantPermissionToRole( call rbac.grantPermissionToRole(
rbac.createPermission(row.uuid, 'INSERT', 'hs_booking.project'), rbac.createPermission(row.uuid, 'INSERT', 'hs_booking.project'),
hsOfficeRelationADMIN(row)); hs_office.relation_ADMIN(row));
END LOOP; END LOOP;
end; end;
$$; $$;
@ -131,7 +131,7 @@ begin
if NEW.type = 'DEBITOR' then if NEW.type = 'DEBITOR' then
call rbac.grantPermissionToRole( call rbac.grantPermissionToRole(
rbac.createPermission(NEW.uuid, 'INSERT', 'hs_booking.project'), rbac.createPermission(NEW.uuid, 'INSERT', 'hs_booking.project'),
hsOfficeRelationADMIN(NEW)); hs_office.relation_ADMIN(NEW));
end if; end if;
return NEW; return NEW;
end; $$; end; $$;

View File

@ -41,30 +41,30 @@ begin
SELECT * FROM hs_booking.item WHERE uuid = NEW.parentItemUuid INTO newParentItem; SELECT * FROM hs_booking.item WHERE uuid = NEW.parentItemUuid INTO newParentItem;
perform rbac.defineRoleWithGrants( perform rbac.defineRoleWithGrants(
hsBookingItemOWNER(NEW), hs_booking.item_OWNER(NEW),
incomingSuperRoles => array[ incomingSuperRoles => array[
hsBookingItemAGENT(newParentItem), hs_booking.item_AGENT(newParentItem),
hsBookingProjectAGENT(newProject)] hs_booking.project_AGENT(newProject)]
); );
perform rbac.defineRoleWithGrants( perform rbac.defineRoleWithGrants(
hsBookingItemADMIN(NEW), hs_booking.item_ADMIN(NEW),
permissions => array['UPDATE'], permissions => array['UPDATE'],
incomingSuperRoles => array[hsBookingItemOWNER(NEW)] incomingSuperRoles => array[hs_booking.item_OWNER(NEW)]
); );
perform rbac.defineRoleWithGrants( perform rbac.defineRoleWithGrants(
hsBookingItemAGENT(NEW), hs_booking.item_AGENT(NEW),
incomingSuperRoles => array[hsBookingItemADMIN(NEW)] incomingSuperRoles => array[hs_booking.item_ADMIN(NEW)]
); );
perform rbac.defineRoleWithGrants( perform rbac.defineRoleWithGrants(
hsBookingItemTENANT(NEW), hs_booking.item_TENANT(NEW),
permissions => array['SELECT'], permissions => array['SELECT'],
incomingSuperRoles => array[hsBookingItemAGENT(NEW)], incomingSuperRoles => array[hs_booking.item_AGENT(NEW)],
outgoingSubRoles => array[ outgoingSubRoles => array[
hsBookingItemTENANT(newParentItem), hs_booking.item_TENANT(newParentItem),
hsBookingProjectTENANT(newProject)] hs_booking.project_TENANT(newProject)]
); );
@ -157,7 +157,7 @@ do language plpgsql $$
LOOP LOOP
call rbac.grantPermissionToRole( call rbac.grantPermissionToRole(
rbac.createPermission(row.uuid, 'INSERT', 'hs_booking.item'), rbac.createPermission(row.uuid, 'INSERT', 'hs_booking.item'),
hsBookingProjectADMIN(row)); hs_booking.project_ADMIN(row));
END LOOP; END LOOP;
end; end;
$$; $$;
@ -173,7 +173,7 @@ begin
-- unconditional for all rows in that table -- unconditional for all rows in that table
call rbac.grantPermissionToRole( call rbac.grantPermissionToRole(
rbac.createPermission(NEW.uuid, 'INSERT', 'hs_booking.item'), rbac.createPermission(NEW.uuid, 'INSERT', 'hs_booking.item'),
hsBookingProjectADMIN(NEW)); hs_booking.project_ADMIN(NEW));
-- end. -- end.
return NEW; return NEW;
end; $$; end; $$;
@ -200,7 +200,7 @@ begin
-- unconditional for all rows in that table -- unconditional for all rows in that table
call rbac.grantPermissionToRole( call rbac.grantPermissionToRole(
rbac.createPermission(NEW.uuid, 'INSERT', 'hs_booking.item'), rbac.createPermission(NEW.uuid, 'INSERT', 'hs_booking.item'),
hsBookingItemADMIN(NEW)); hs_booking.item_ADMIN(NEW));
-- end. -- end.
return NEW; return NEW;
end; $$; end; $$;

View File

@ -47,43 +47,43 @@ begin
SELECT * FROM hs_hosting.asset WHERE uuid = NEW.parentAssetUuid INTO newParentAsset; SELECT * FROM hs_hosting.asset WHERE uuid = NEW.parentAssetUuid INTO newParentAsset;
perform rbac.defineRoleWithGrants( perform rbac.defineRoleWithGrants(
hsHostingAssetOWNER(NEW), hs_hosting.asset_OWNER(NEW),
permissions => array['DELETE'], permissions => array['DELETE'],
incomingSuperRoles => array[ incomingSuperRoles => array[
hsBookingItemADMIN(newBookingItem), hs_booking.item_ADMIN(newBookingItem),
hsHostingAssetADMIN(newParentAsset), hs_hosting.asset_ADMIN(newParentAsset),
rbac.globalADMIN(rbac.unassumed())], rbac.globalADMIN(rbac.unassumed())],
subjectUuids => array[rbac.currentSubjectUuid()] subjectUuids => array[rbac.currentSubjectUuid()]
); );
perform rbac.defineRoleWithGrants( perform rbac.defineRoleWithGrants(
hsHostingAssetADMIN(NEW), hs_hosting.asset_ADMIN(NEW),
permissions => array['UPDATE'], permissions => array['UPDATE'],
incomingSuperRoles => array[ incomingSuperRoles => array[
hsBookingItemAGENT(newBookingItem), hs_booking.item_AGENT(newBookingItem),
hsHostingAssetAGENT(newParentAsset), hs_hosting.asset_AGENT(newParentAsset),
hsHostingAssetOWNER(NEW)] hs_hosting.asset_OWNER(NEW)]
); );
perform rbac.defineRoleWithGrants( perform rbac.defineRoleWithGrants(
hsHostingAssetAGENT(NEW), hs_hosting.asset_AGENT(NEW),
incomingSuperRoles => array[ incomingSuperRoles => array[
hsHostingAssetADMIN(NEW), hs_hosting.asset_ADMIN(NEW),
hsHostingAssetAGENT(newAssignedToAsset)], hs_hosting.asset_AGENT(newAssignedToAsset)],
outgoingSubRoles => array[ outgoingSubRoles => array[
hsHostingAssetTENANT(newAssignedToAsset), hs_hosting.asset_TENANT(newAssignedToAsset),
hsOfficeContactREFERRER(newAlarmContact)] hs_office.contact_REFERRER(newAlarmContact)]
); );
perform rbac.defineRoleWithGrants( perform rbac.defineRoleWithGrants(
hsHostingAssetTENANT(NEW), hs_hosting.asset_TENANT(NEW),
permissions => array['SELECT'], permissions => array['SELECT'],
incomingSuperRoles => array[ incomingSuperRoles => array[
hsHostingAssetAGENT(NEW), hs_hosting.asset_AGENT(NEW),
hsOfficeContactADMIN(newAlarmContact)], hs_office.contact_ADMIN(newAlarmContact)],
outgoingSubRoles => array[ outgoingSubRoles => array[
hsBookingItemTENANT(newBookingItem), hs_booking.item_TENANT(newBookingItem),
hsHostingAssetTENANT(newParentAsset)] hs_hosting.asset_TENANT(newParentAsset)]
); );
IF NEW.type = 'DOMAIN_SETUP' THEN IF NEW.type = 'DOMAIN_SETUP' THEN

View File

@ -7,7 +7,7 @@ spring:
url-tc: jdbc:tc:postgresql:15.5-bookworm:///spring_boot_testcontainers url-tc: jdbc:tc:postgresql:15.5-bookworm:///spring_boot_testcontainers
url-tcx: jdbc:tc:postgresql:15.5-bookworm:///spring_boot_testcontainers?TC_REUSABLE=true&TC_DAEMON=true url-tcx: jdbc:tc:postgresql:15.5-bookworm:///spring_boot_testcontainers?TC_REUSABLE=true&TC_DAEMON=true
url-local: jdbc:postgresql://localhost:5432/postgres url-local: jdbc:postgresql://localhost:5432/postgres
url: ${spring.datasource.url-local} url: ${spring.datasource.url-tc}
username: postgres username: postgres
password: password password: password