hostsharing/hs.hsadmin.ng
6
0
Fork 0
Code Pull Requests 2 Activity

introduce-separate-database-schemas-hs-booking-and-hosting #106

Merged
hsh-michaelhoennig merged 14 commits from introduce-separate-database-schemas-hs-booking-and-hosting into master 2024-09-23 10:52:39 +02:00
Conversation 0 Commits 14 Files Changed 101 +1072 -1071
101 changed files with 1072 additions and 1071 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
doc/rbac-performance-analysis.md
View File

@ -199,7 +199,7 @@ Limit (cost=6549.08..6549.35 rows=54 width=16)
Group Key: grants.descendantuuid Group Key: grants.descendantuuid
-> CTE Scan on grants (cost=0.00..22.06 rows=1103 width=16) -> CTE Scan on grants (cost=0.00..22.06 rows=1103 width=16)
-> Index Only Scan using rbacobject_objecttable_uuid_key on rbacobject obj (cost=0.28..0.31 rows=1 width=16) -> Index Only Scan using rbacobject_objecttable_uuid_key on rbacobject obj (cost=0.28..0.31 rows=1 width=16)
Index Cond: ((objecttable = 'hs_hosting_asset'::text) AND (uuid = perm.objectuuid)) Index Cond: ((objecttable = 'hs_hosting.asset'::text) AND (uuid = perm.objectuuid))
``` ```
### Office-Relation-Query ### Office-Relation-Query
@ -276,15 +276,15 @@ At this point, the import took 21mins with these statistics:
| call rbac.grantRoleToRole(roleUuid, superRoleUuid, superRoleDesc.assumed) | 31316 | 0 | 1 | | call rbac.grantRoleToRole(roleUuid, superRoleUuid, superRoleDesc.assumed) | 31316 | 0 | 1 |
| call buildRbacSystemForHsHostingAsset(NEW) | 2258 | 0 | 7 | | call buildRbacSystemForHsHostingAsset(NEW) | 2258 | 0 | 7 |
| select * from rbac.isGranted(array[granteeId], grantedId) | 44613 | 0 | 0 | | select * from rbac.isGranted(array[granteeId], grantedId) | 44613 | 0 | 0 |
| insert into public.hs_hosting_asset_rv (alarmcontactuuid,assignedtoassetuuid,bookingitemuuid,caption,config,identifier,parentassetuuid,type,version,uuid) values ($1,$2,$3,$4,$5,$6,$7,$8,$9,$10) | 2207 | 0 | 7 | | insert into public.hs_hosting.asset_rv (alarmcontactuuid,assignedtoassetuuid,bookingitemuuid,caption,config,identifier,parentassetuuid,type,version,uuid) values ($1,$2,$3,$4,$5,$6,$7,$8,$9,$10) | 2207 | 0 | 7 |
| insert into hs_hosting_asset (alarmcontactuuid, version, bookingitemuuid, type, parentassetuuid, assignedtoassetuuid, config, uuid, identifier, caption) values (new.alarmcontactuuid, new. version, new. bookingitemuuid, new. type, new. parentassetuuid, new. assignedtoassetuuid, new. config, new. uuid, new. identifier, new. caption) returning * | 2207 | 0 | 7 | | insert into hs_hosting.asset (alarmcontactuuid, version, bookingitemuuid, type, parentassetuuid, assignedtoassetuuid, config, uuid, identifier, caption) values (new.alarmcontactuuid, new. version, new. bookingitemuuid, new. type, new. parentassetuuid, new. assignedtoassetuuid, new. config, new. uuid, new. identifier, new. caption) returning * | 2207 | 0 | 7 |
| insert into public.hs_office.relation_rv (anchoruuid,contactuuid,holderuuid,mark,type,version,uuid) values ($1,$2,$3,$4,$5,$6,$7) | 1261 | 0 | 9 | | insert into public.hs_office.relation_rv (anchoruuid,contactuuid,holderuuid,mark,type,version,uuid) values ($1,$2,$3,$4,$5,$6,$7) | 1261 | 0 | 9 |
| insert into hs_office.relation (uuid, version, anchoruuid, holderuuid, contactuuid, type, mark) values (new.uuid, new. version, new. anchoruuid, new. holderuuid, new. contactuuid, new. type, new. mark) returning * | 1261 | 0 | 9 | | insert into hs_office.relation (uuid, version, anchoruuid, holderuuid, contactuuid, type, mark) values (new.uuid, new. version, new. anchoruuid, new. holderuuid, new. contactuuid, new. type, new. mark) returning * | 1261 | 0 | 9 |
| call buildRbacSystemForHsOfficeRelation(NEW) | 1276 | 0 | 8 | | call buildRbacSystemForHsOfficeRelation(NEW) | 1276 | 0 | 8 |
| with recursive grants as ( select descendantUuid, ascendantUuid from RbacGrants where descendantUuid = grantedId union all select ""grant"".descendantUuid, ""grant"".ascendantUuid from RbacGrants ""grant"" inner join grants recur on recur.ascendantUuid = ""grant"".descendantUuid ) select exists ( select $3 from grants where ascendantUuid = any(granteeIds) ) or grantedId = any(granteeIds) | 47540 | 0 | 0 | | with recursive grants as ( select descendantUuid, ascendantUuid from RbacGrants where descendantUuid = grantedId union all select ""grant"".descendantUuid, ""grant"".ascendantUuid from RbacGrants ""grant"" inner join grants recur on recur.ascendantUuid = ""grant"".descendantUuid ) select exists ( select $3 from grants where ascendantUuid = any(granteeIds) ) or grantedId = any(granteeIds) | 47540 | 0 | 0 |
| insert into RbacGrants (grantedByTriggerOf, ascendantuuid, descendantUuid, assumed) values (currentTriggerObjectUuid(), superRoleId, subRoleId, doAssume) on conflict do nothing" | 40472 | 0 | 0 | | insert into RbacGrants (grantedByTriggerOf, ascendantuuid, descendantUuid, assumed) values (currentTriggerObjectUuid(), superRoleId, subRoleId, doAssume) on conflict do nothing" | 40472 | 0 | 0 |
| insert into public.hs_booking_item_rv (caption,parentitemuuid,projectuuid,resources,type,validity,version,uuid) values ($1,$2,$3,$4,$5,$6,$7,$8) | 926 | 0 | 7 | | insert into public.hs_booking.item_rv (caption,parentitemuuid,projectuuid,resources,type,validity,version,uuid) values ($1,$2,$3,$4,$5,$6,$7,$8) | 926 | 0 | 7 |
| insert into hs_booking_item (resources, version, projectuuid, type, parentitemuuid, validity, uuid, caption) values (new.resources, new. version, new. projectuuid, new. type, new. parentitemuuid, new. validity, new. uuid, new. caption) returning * | 926 | 0 | 7 | | insert into hs_booking.item (resources, version, projectuuid, type, parentitemuuid, validity, uuid, caption) values (new.resources, new. version, new. projectuuid, new. type, new. parentitemuuid, new. validity, new. uuid, new. caption) returning * | 926 | 0 | 7 |
The slowest query now was fetching Relations joined with Contact, Anchor-Person and Holder-Person, for all tables using the restricted (RBAC) views (_rv). The slowest query now was fetching Relations joined with Contact, Anchor-Person and Holder-Person, for all tables using the restricted (RBAC) views (_rv).
@ -300,14 +300,14 @@ We changed these mappings from `EAGER` (default) to `LAZY` to `@ManyToOne(fetch
| call rbac.grantRoleToRole(roleUuid, superRoleUuid, superRoleDesc.assumed) | 31316 | 0 | 1 | | call rbac.grantRoleToRole(roleUuid, superRoleUuid, superRoleDesc.assumed) | 31316 | 0 | 1 |
| select * from rbac.isGranted(array[granteeId], grantedId) | 44613 | 0 | 0 | | select * from rbac.isGranted(array[granteeId], grantedId) | 44613 | 0 | 0 |
| call buildRbacSystemForHsHostingAsset(NEW) | 2258 | 0 | 7 | | call buildRbacSystemForHsHostingAsset(NEW) | 2258 | 0 | 7 |
| insert into public.hs_hosting_asset_rv (alarmcontactuuid,assignedtoassetuuid,bookingitemuuid,caption,config,identifier,parentassetuuid,type,version,uuid) values ($1,$2,$3,$4,$5,$6,$7,$8,$9,$10) | 2207 | 0 | 7 | | insert into public.hs_hosting.asset_rv (alarmcontactuuid,assignedtoassetuuid,bookingitemuuid,caption,config,identifier,parentassetuuid,type,version,uuid) values ($1,$2,$3,$4,$5,$6,$7,$8,$9,$10) | 2207 | 0 | 7 |
| insert into hs_hosting_asset (alarmcontactuuid, version, bookingitemuuid, type, parentassetuuid, assignedtoassetuuid, config, uuid, identifier, caption) values (new.alarmcontactuuid, new. version, new. bookingitemuuid, new. type, new. parentassetuuid, new. assignedtoassetuuid, new. config, new. uuid, new. identifier, new. caption) returning * | 2207 | 0 | 7 | | insert into hs_hosting.asset (alarmcontactuuid, version, bookingitemuuid, type, parentassetuuid, assignedtoassetuuid, config, uuid, identifier, caption) values (new.alarmcontactuuid, new. version, new. bookingitemuuid, new. type, new. parentassetuuid, new. assignedtoassetuuid, new. config, new. uuid, new. identifier, new. caption) returning * | 2207 | 0 | 7 |
| with recursive grants as ( select descendantUuid, ascendantUuid from RbacGrants where descendantUuid = grantedId union all select ""grant"".descendantUuid, ""grant"".ascendantUuid from RbacGrants ""grant"" inner join grants recur on recur.ascendantUuid = ""grant"".descendantUuid ) select exists ( select $3 from grants where ascendantUuid = any(granteeIds) ) or grantedId = any(granteeIds) | 47538 | 0 | 0 | | with recursive grants as ( select descendantUuid, ascendantUuid from RbacGrants where descendantUuid = grantedId union all select ""grant"".descendantUuid, ""grant"".ascendantUuid from RbacGrants ""grant"" inner join grants recur on recur.ascendantUuid = ""grant"".descendantUuid ) select exists ( select $3 from grants where ascendantUuid = any(granteeIds) ) or grantedId = any(granteeIds) | 47538 | 0 | 0 |
insert into public.hs_office.relation_rv (anchoruuid,contactuuid,holderuuid,mark,type,version,uuid) values ($1,$2,$3,$4,$5,$6,$7) | 1261 | 0 | 8 | insert into public.hs_office.relation_rv (anchoruuid,contactuuid,holderuuid,mark,type,version,uuid) values ($1,$2,$3,$4,$5,$6,$7) | 1261 | 0 | 8 |
| insert into hs_office.relation (uuid, version, anchoruuid, holderuuid, contactuuid, type, mark) values (new.uuid, new. version, new. anchoruuid, new. holderuuid, new. contactuuid, new. type, new. mark) returning * | 1261 | 0 | 8 | | insert into hs_office.relation (uuid, version, anchoruuid, holderuuid, contactuuid, type, mark) values (new.uuid, new. version, new. anchoruuid, new. holderuuid, new. contactuuid, new. type, new. mark) returning * | 1261 | 0 | 8 |
| call buildRbacSystemForHsOfficeRelation(NEW) | 1276 | 0 | 7 | | call buildRbacSystemForHsOfficeRelation(NEW) | 1276 | 0 | 7 |
| insert into public.hs_booking_item_rv (caption,parentitemuuid,projectuuid,resources,type,validity,version,uuid) values ($1,$2,$3,$4,$5,$6,$7,$8) | 926 | 0 | 7 | | insert into public.hs_booking.item_rv (caption,parentitemuuid,projectuuid,resources,type,validity,version,uuid) values ($1,$2,$3,$4,$5,$6,$7,$8) | 926 | 0 | 7 |
| insert into hs_booking_item (resources, version, projectuuid, type, parentitemuuid, validity, uuid, caption) values (new.resources, new. version, new. projectuuid, new. type, new. parentitemuuid, new. validity, new. uuid, new. caption) returning * | 926 | 0 | 7 | | insert into hs_booking.item (resources, version, projectuuid, type, parentitemuuid, validity, uuid, caption) values (new.resources, new. version, new. projectuuid, new. type, new. parentitemuuid, new. validity, new. uuid, new. caption) returning * | 926 | 0 | 7 |
insert into RbacGrants (grantedByTriggerOf, ascendantuuid, descendantUuid, assumed) values (currentTriggerObjectUuid(), superRoleId, subRoleId, doAssume) on conflict do nothing | 40472 | 0 | 0 | insert into RbacGrants (grantedByTriggerOf, ascendantuuid, descendantUuid, assumed) values (currentTriggerObjectUuid(), superRoleId, subRoleId, doAssume) on conflict do nothing | 40472 | 0 | 0 |
Now, finally, the total runtime of the import was down to 12 minutes. This is repeatable, where originally, the import took about 25mins in most cases and just rarely - and for unknown reasons - 10min. Now, finally, the total runtime of the import was down to 12 minutes. This is repeatable, where originally, the import took about 25mins in most cases and just rarely - and for unknown reasons - 10min.
@ -318,7 +318,7 @@ But once UnixUser and EmailAlias assets got added to the import, the total time
This was not acceptable, especially not, considering that domains, email-addresses and database-assets are almost 10 times that number and thus the import would go up to over 1100min which is 20 hours. This was not acceptable, especially not, considering that domains, email-addresses and database-assets are almost 10 times that number and thus the import would go up to over 1100min which is 20 hours.
In a first step, a `HsHostingAssetRawEntity` was created, mapped to the raw table (hs_hosting_asset) not to the RBAC-view (hs_hosting_asset_rv). Unfortunately we did not keep measurements, but that was only part of the problem anyway. In a first step, a `HsHostingAssetRawEntity` was created, mapped to the raw table (hs_hosting.asset) not to the RBAC-view (hs_hosting.asset_rv). Unfortunately we did not keep measurements, but that was only part of the problem anyway.
The main problem was, that there is something strange with persisting (`EntityManager.persist`) for EmailAlias assets. Where importing UnixUsers was mostly slow due to RBAC SELECT-permission checks, persisting EmailAliases suddenly created about a million (in numbers 1.000.000) SQL UPDATE statements after the INSERT, all with the same data, just increased version number (used for optimistic locking). We were not able to figure out why this happened. The main problem was, that there is something strange with persisting (`EntityManager.persist`) for EmailAlias assets. Where importing UnixUsers was mostly slow due to RBAC SELECT-permission checks, persisting EmailAliases suddenly created about a million (in numbers 1.000.000) SQL UPDATE statements after the INSERT, all with the same data, just increased version number (used for optimistic locking). We were not able to figure out why this happened.
@ -330,7 +330,7 @@ Now, the longest running queries are these:
| No.| calls | total_m | mean_ms | query | | No.| calls | total_m | mean_ms | query |
|---:|---------|--------:|--------:|:-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| |---:|---------|--------:|--------:|:-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| 1 | 13.093 | 4 | 21 | insert into hs_hosting_asset( uuid, type, bookingitemuuid, parentassetuuid, assignedtoassetuuid, alarmcontactuuid, identifier, caption, config, version) values ( $1, $2, $3, $4, $5, $6, $7, $8, cast($9 as jsonb), $10) | | 1 | 13.093 | 4 | 21 | insert into hs_hosting.asset( uuid, type, bookingitemuuid, parentassetuuid, assignedtoassetuuid, alarmcontactuuid, identifier, caption, config, version) values ( $1, $2, $3, $4, $5, $6, $7, $8, cast($9 as jsonb), $10) |
| 2 | 517 | 4 | 502 | select hore1_0.uuid,hore1_0.anchoruuid,hore1_0.contactuuid,hore1_0.holderuuid,hore1_0.mark,hore1_0.type,hore1_0.version from public.hs_office.relation_rv hore1_0 where hore1_0.uuid=$1 | | 2 | 517 | 4 | 502 | select hore1_0.uuid,hore1_0.anchoruuid,hore1_0.contactuuid,hore1_0.holderuuid,hore1_0.mark,hore1_0.type,hore1_0.version from public.hs_office.relation_rv hore1_0 where hore1_0.uuid=$1 |
| 3 | 13.144 | 4 | 21 | call buildRbacSystemForHsHostingAsset(NEW) | | 3 | 13.144 | 4 | 21 | call buildRbacSystemForHsHostingAsset(NEW) |
| 4 | 96.632 | 3 | 2 | call rbac.grantRoleToRole(roleUuid, superRoleUuid, superRoleDesc.assumed) | | 4 | 96.632 | 3 | 2 | call rbac.grantRoleToRole(roleUuid, superRoleUuid, superRoleDesc.assumed) |
@ -338,10 +338,10 @@ Now, the longest running queries are these:
| 6 | 123.740 | 3 | 2 | with recursive grants as ( select descendantUuid, ascendantUuid from RbacGrants where descendantUuid = grantedId union all select "grant".descendantUuid, "grant".ascendantUuid from RbacGrants "grant" inner join grants recur on recur.ascendantUuid = "grant".descendantUuid ) select exists ( select $3 from grants where ascendantUuid = any(granteeIds) ) or grantedId = any(granteeIds) | | 6 | 123.740 | 3 | 2 | with recursive grants as ( select descendantUuid, ascendantUuid from RbacGrants where descendantUuid = grantedId union all select "grant".descendantUuid, "grant".ascendantUuid from RbacGrants "grant" inner join grants recur on recur.ascendantUuid = "grant".descendantUuid ) select exists ( select $3 from grants where ascendantUuid = any(granteeIds) ) or grantedId = any(granteeIds) |
| 7 | 497 | 2 | 259 | select hoce1_0.uuid,hoce1_0.caption,hoce1_0.emailaddresses,hoce1_0.phonenumbers,hoce1_0.postaladdress,hoce1_0.version from public.hs_office.contact_rv hoce1_0 where hoce1_0.uuid=$1 | | 7 | 497 | 2 | 259 | select hoce1_0.uuid,hoce1_0.caption,hoce1_0.emailaddresses,hoce1_0.phonenumbers,hoce1_0.postaladdress,hoce1_0.version from public.hs_office.contact_rv hoce1_0 where hoce1_0.uuid=$1 |
| 8 | 497 | 2 | 255 | select hope1_0.uuid,hope1_0.familyname,hope1_0.givenname,hope1_0.persontype,hope1_0.salutation,hope1_0.title,hope1_0.tradename,hope1_0.version from public.hs_office.person_rv hope1_0 where hope1_0.uuid=$1 | | 8 | 497 | 2 | 255 | select hope1_0.uuid,hope1_0.familyname,hope1_0.givenname,hope1_0.persontype,hope1_0.salutation,hope1_0.title,hope1_0.tradename,hope1_0.version from public.hs_office.person_rv hope1_0 where hope1_0.uuid=$1 |
| 9 | 13.144 | 1 | 8 | SELECT createRoleWithGrants( hsHostingAssetTENANT(NEW), permissions => array[$7], incomingSuperRoles => array[ hsHostingAssetAGENT(NEW), hsOfficeContactADMIN(newAlarmContact)], outgoingSubRoles => array[ hsBookingItemTENANT(newBookingItem), hsHostingAssetTENANT(newParentAsset)] ) | | 9 | 13.144 | 1 | 8 | SELECT createRoleWithGrants( hs_hosting.asset_TENANT(NEW), permissions => array[$7], incomingSuperRoles => array[ hs_hosting.asset_AGENT(NEW), hs_office.contact_ADMIN(newAlarmContact)], outgoingSubRoles => array[ hs_booking.item_TENANT(newBookingItem), hs_hosting.asset_TENANT(newParentAsset)] ) |
| 10 | 13.144 | 1 | 5 | SELECT createRoleWithGrants( hsHostingAssetADMIN(NEW), permissions => array[$7], incomingSuperRoles => array[ hsBookingItemAGENT(newBookingItem), hsHostingAssetAGENT(newParentAsset), hsHostingAssetOWNER(NEW)] ) | | 10 | 13.144 | 1 | 5 | SELECT createRoleWithGrants( hs_hosting.asset_ADMIN(NEW), permissions => array[$7], incomingSuperRoles => array[ hs_booking.item_AGENT(newBookingItem), hs_hosting.asset_AGENT(newParentAsset), hs_hosting.asset_OWNER(NEW)] ) |
That the `INSERT into hs_hosting_asset` (No. 1) takes up the most time, seems to be normal, and 21ms for each call is also fine. That the `INSERT into hs_hosting.asset` (No. 1) takes up the most time, seems to be normal, and 21ms for each call is also fine.
It seems that the trigger effects (eg. No. 3 and No. 4) are included in the measure for the causing INSERT, otherwise summing up the totals would exceed the actual total time of the whole import. And it was to be expected that building the RBAC rules for new business objects takes most of the time. It seems that the trigger effects (eg. No. 3 and No. 4) are included in the measure for the causing INSERT, otherwise summing up the totals would exceed the actual total time of the whole import. And it was to be expected that building the RBAC rules for new business objects takes most of the time.
@ -408,12 +408,12 @@ We found some solution approaches:
This optimization idea came from Michael Hierweck and was promising. This optimization idea came from Michael Hierweck and was promising.
The idea is to reduce the size of the result of the recursive CTE query and maybe even speed up that query itself. The idea is to reduce the size of the result of the recursive CTE query and maybe even speed up that query itself.
To evaluate this, I added a type column to the `rbacObject` table, initially as an enum hsHostingAssetType. Then I entered the type there for all rows from hs_hosting_asset. This means that 83,886 of 92,545 rows in `rbacobject` have a type set, leaving 8,659 without. To evaluate this, I added a type column to the `rbacObject` table, initially as an enum hsHostingAssetType. Then I entered the type there for all rows from hs_hosting.asset. This means that 83,886 of 92,545 rows in `rbacobject` have a type set, leaving 8,659 without.
If we do this for other types (we currently have 1,271 relations and 927 booking items), it gets more complicated because they are different enum types. As varchar(16), we could lose performance again due to the higher storage space requirements. If we do this for other types (we currently have 1,271 relations and 927 booking items), it gets more complicated because they are different enum types. As varchar(16), we could lose performance again due to the higher storage space requirements.
But the performance gained is not particularly high anyway. But the performance gained is not particularly high anyway.
See the average seconds per recursive CTE select as role 'hs_hosting_asset:<DEBITOR>defaultproject:ADMIN', See the average seconds per recursive CTE select as role 'hs_hosting.asset:<DEBITOR>defaultproject:ADMIN',
joined with business query for all `'EMAIL_ADDRESSES'`: joined with business query for all `'EMAIL_ADDRESSES'`:
| | D-1000000-hsh | D-1000300-mih | | | D-1000000-hsh | D-1000300-mih |

22
sql/historization.sql
View File

@ -6,21 +6,21 @@
rollback; rollback;
begin transaction; begin transaction;
call defineContext('historization testing', null, 'superuser-alex@hostsharing.net', call defineContext('historization testing', null, 'superuser-alex@hostsharing.net',
-- 'hs_booking_project#D-1000000-hshdefaultproject:ADMIN'); -- prod+test -- 'hs_booking.project#D-1000000-hshdefaultproject:ADMIN'); -- prod+test
'hs_booking_project#D-1000313-D-1000313defaultproject:ADMIN'); -- prod+test 'hs_booking.project#D-1000313-D-1000313defaultproject:ADMIN'); -- prod+test
-- 'hs_booking_project#D-1000300-mihdefaultproject:ADMIN'); -- prod -- 'hs_booking.project#D-1000300-mihdefaultproject:ADMIN'); -- prod
-- 'hs_booking_project#D-1000300-mimdefaultproject:ADMIN'); -- test -- 'hs_booking.project#D-1000300-mimdefaultproject:ADMIN'); -- test
-- update hs_hosting_asset set caption='lug00 b' where identifier = 'lug00' and type = 'MANAGED_WEBSPACE'; -- prod -- update hs_hosting.asset set caption='lug00 b' where identifier = 'lug00' and type = 'MANAGED_WEBSPACE'; -- prod
-- update hs_hosting_asset set caption='hsh00 A ' || now()::text where identifier = 'hsh00' and type = 'MANAGED_WEBSPACE'; -- test -- update hs_hosting.asset set caption='hsh00 A ' || now()::text where identifier = 'hsh00' and type = 'MANAGED_WEBSPACE'; -- test
-- update hs_hosting_asset set caption='hsh00 B ' || now()::text where identifier = 'hsh00' and type = 'MANAGED_WEBSPACE'; -- test -- update hs_hosting.asset set caption='hsh00 B ' || now()::text where identifier = 'hsh00' and type = 'MANAGED_WEBSPACE'; -- test
-- insert into hs_hosting_asset -- insert into hs_hosting.asset
-- (uuid, bookingitemuuid, type, parentassetuuid, assignedtoassetuuid, identifier, caption, config, alarmcontactuuid) -- (uuid, bookingitemuuid, type, parentassetuuid, assignedtoassetuuid, identifier, caption, config, alarmcontactuuid)
-- values -- values
-- (uuid_generate_v4(), null, 'EMAIL_ADDRESS', 'bbda5895-0569-4e20-bb4c-34f3a38f3f63'::uuid, null, -- (uuid_generate_v4(), null, 'EMAIL_ADDRESS', 'bbda5895-0569-4e20-bb4c-34f3a38f3f63'::uuid, null,
-- 'new@thi.example.org', 'some new E-Mail-Address', '{}'::jsonb, null); -- 'new@thi.example.org', 'some new E-Mail-Address', '{}'::jsonb, null);
delete from hs_hosting_asset where uuid='5aea68d2-3b55-464f-8362-b05c76c5a681'::uuid; delete from hs_hosting.asset where uuid='5aea68d2-3b55-464f-8362-b05c76c5a681'::uuid;
commit; commit;
-- single version at point in time -- single version at point in time
@ -29,11 +29,11 @@ set hsadminng.tx_history_txid to '';
set hsadminng.tx_history_timestamp to '2024-08-29 12:42'; set hsadminng.tx_history_timestamp to '2024-08-29 12:42';
-- all versions -- all versions
select base.tx_history_txid(), txc.txtimestamp, txc.currentSubject, txc.currentTask, haex.* select base.tx_history_txid(), txc.txtimestamp, txc.currentSubject, txc.currentTask, haex.*
from hs_hosting_asset_ex haex from hs_hosting.asset_ex haex
join base.tx_context txc on haex.txid=txc.txid join base.tx_context txc on haex.txid=txc.txid
where haex.identifier = 'test@thi.example.org'; where haex.identifier = 'test@thi.example.org';
select uuid, version, type, identifier, caption from hs_hosting_asset_hv p where identifier = 'test@thi.example.org'; select uuid, version, type, identifier, caption from hs_hosting.asset_hv p where identifier = 'test@thi.example.org';
select pg_current_xact_id(); select pg_current_xact_id();

50
sql/recursive-cte-experiments-for-accessible-uuids.sql
View File

@ -6,10 +6,10 @@ select * from hs_statistics_v;
-- This is the extracted recursive CTE query to determine the visible object UUIDs of a single table -- This is the extracted recursive CTE query to determine the visible object UUIDs of a single table
-- (and optionally the hosting-asset-type) as a separate VIEW. -- (and optionally the hosting-asset-type) as a separate VIEW.
-- In the generated code this is part of the hs_hosting_asset_rv VIEW. -- In the generated code this is part of the hs_hosting.asset_rv VIEW.
drop view if exists hs_hosting_asset_example_gv; drop view if exists hs_hosting.asset_example_gv;
create view hs_hosting_asset_example_gv as create view hs_hosting.asset_example_gv as
with recursive with recursive
recursive_grants as ( recursive_grants as (
select distinct rbacgrants.descendantuuid, select distinct rbacgrants.descendantuuid,
@ -40,7 +40,7 @@ select distinct perm.objectuuid
join rbacpermission perm on recursive_grants.descendantuuid = perm.uuid join rbacpermission perm on recursive_grants.descendantuuid = perm.uuid
join rbacobject obj on obj.uuid = perm.objectuuid join rbacobject obj on obj.uuid = perm.objectuuid
join count_check cc on cc.valid join count_check cc on cc.valid
where obj.objecttable::text = 'hs_hosting_asset'::text where obj.objecttable::text = 'hs_hosting.asset'::text
-- with/without this type condition -- with/without this type condition
-- and obj.type = 'EMAIL_ADDRESS'::hshostingassettype -- and obj.type = 'EMAIL_ADDRESS'::hshostingassettype
and obj.type = 'EMAIL_ADDRESS'::hshostingassettype and obj.type = 'EMAIL_ADDRESS'::hshostingassettype
@ -53,10 +53,10 @@ select distinct perm.objectuuid
rollback transaction; rollback transaction;
begin transaction; begin transaction;
CALL defineContext('performance testing', null, 'superuser-alex@hostsharing.net', CALL defineContext('performance testing', null, 'superuser-alex@hostsharing.net',
'hs_booking_project#D-1000000-hshdefaultproject:ADMIN'); 'hs_booking.project#D-1000000-hshdefaultproject:ADMIN');
-- 'hs_booking_project#D-1000300-mihdefaultproject:ADMIN'); -- 'hs_booking.project#D-1000300-mihdefaultproject:ADMIN');
SET TRANSACTION READ ONLY; SET TRANSACTION READ ONLY;
EXPLAIN ANALYZE select * from hs_hosting_asset_example_gv; EXPLAIN ANALYZE select * from hs_hosting.asset_example_gv;
end transaction ; end transaction ;
-- ======================================================== -- ========================================================
@ -64,15 +64,15 @@ end transaction ;
-- An example for a restricted view (_rv) similar to the one generated by our RBAC system, -- An example for a restricted view (_rv) similar to the one generated by our RBAC system,
-- but using the above separate VIEW to determine the visible objects. -- but using the above separate VIEW to determine the visible objects.
drop view if exists hs_hosting_asset_example_rv; drop view if exists hs_hosting.asset_example_rv;
create view hs_hosting_asset_example_rv as create view hs_hosting.asset_example_rv as
with accessible_hs_hosting_asset_uuids as ( with accessible_hs_hosting.asset_uuids as (
select * from hs_hosting_asset_example_gv select * from hs_hosting.asset_example_gv
) )
select target.* select target.*
from hs_hosting_asset target from hs_hosting.asset target
where (target.uuid in (select accessible_hs_hosting_asset_uuids.objectuuid where (target.uuid in (select accessible_hs_hosting.asset_uuids.objectuuid
from accessible_hs_hosting_asset_uuids)); from accessible_hs_hosting.asset_uuids));
-- ------------------------------------------------------------------------------- -- -------------------------------------------------------------------------------
@ -89,8 +89,8 @@ BEGIN
start_time := clock_timestamp(); start_time := clock_timestamp();
CALL defineContext('performance testing', null, 'superuser-alex@hostsharing.net', CALL defineContext('performance testing', null, 'superuser-alex@hostsharing.net',
'hs_booking_project#D-1000000-hshdefaultproject:ADMIN'); 'hs_booking.project#D-1000000-hshdefaultproject:ADMIN');
-- 'hs_booking_project#D-1000300-mihdefaultproject:ADMIN'); -- 'hs_booking.project#D-1000300-mihdefaultproject:ADMIN');
SET TRANSACTION READ ONLY; SET TRANSACTION READ ONLY;
FOR i IN 0..25 LOOP FOR i IN 0..25 LOOP
@ -99,7 +99,7 @@ BEGIN
-- An example for a business query based on the view: -- An example for a business query based on the view:
select type, uuid, identifier, caption select type, uuid, identifier, caption
from hs_hosting_asset_example_rv from hs_hosting.asset_example_rv
where type = 'EMAIL_ADDRESS' where type = 'EMAIL_ADDRESS'
and identifier like letter || '%' and identifier like letter || '%'
-- end of the business query example. -- end of the business query example.
@ -115,7 +115,7 @@ BEGIN
END; END;
$$; $$;
-- average seconds per recursive CTE select as role 'hs_hosting_asset:<DEBITOR>defaultproject:ADMIN' -- average seconds per recursive CTE select as role 'hs_hosting.asset:<DEBITOR>defaultproject:ADMIN'
-- joined with business query for all 'EMAIL_ADDRESSES': -- joined with business query for all 'EMAIL_ADDRESSES':
-- D-1000000-hsh D-1000300-mih -- D-1000000-hsh D-1000300-mih
-- - without type comparison in rbacobject: ~3.30 - ~3.49 ~0.23 -- - without type comparison in rbacobject: ~3.30 - ~3.49 ~0.23
@ -128,15 +128,15 @@ $$;
rollback transaction; rollback transaction;
begin transaction; begin transaction;
CALL defineContext('performance testing', null, 'superuser-alex@hostsharing.net', CALL defineContext('performance testing', null, 'superuser-alex@hostsharing.net',
'hs_booking_project#D-1000000-hshdefaultproject:ADMIN'); 'hs_booking.project#D-1000000-hshdefaultproject:ADMIN');
-- 'hs_booking_project#D-1000300-mihdefaultproject:ADMIN'); -- 'hs_booking.project#D-1000300-mihdefaultproject:ADMIN');
SET TRANSACTION READ ONLY; SET TRANSACTION READ ONLY;
EXPLAIN SELECT * from ( EXPLAIN SELECT * from (
-- An example for a business query based on the view: -- An example for a business query based on the view:
select type, uuid, identifier, caption select type, uuid, identifier, caption
from hs_hosting_asset_example_rv from hs_hosting.asset_example_rv
where type = 'EMAIL_ADDRESS' where type = 'EMAIL_ADDRESS'
-- and identifier like 'b%' -- and identifier like 'b%'
-- end of the business query example. -- end of the business query example.
@ -151,17 +151,17 @@ end transaction;
alter table rbacobject alter table rbacobject
-- just for performance testing, we would need a joined enum or a varchar(16) which would make it slow -- just for performance testing, we would need a joined enum or a varchar(16) which would make it slow
add column type hshostingassettype; add column type hs_hosting.AssetType;
-- and fill the type column with hs_hosting_asset types: -- and fill the type column with hs_hosting.asset types:
rollback transaction; rollback transaction;
begin transaction; begin transaction;
call defineContext('setting rbacobject.type from hs_hosting_asset.type', null, 'superuser-alex@hostsharing.net'); call defineContext('setting rbacobject.type from hs_hosting.asset.type', null, 'superuser-alex@hostsharing.net');
UPDATE rbacobject UPDATE rbacobject
SET type = hs.type SET type = hs.type
FROM hs_hosting_asset hs FROM hs_hosting.asset hs
WHERE rbacobject.uuid = hs.uuid; WHERE rbacobject.uuid = hs.uuid;
end transaction; end transaction;

2
src/main/java/net/hostsharing/hsadminng/hs/booking/debitor/HsBookingDebitorEntity.java
View File

@ -18,7 +18,7 @@ import static net.hostsharing.hsadminng.stringify.Stringify.stringify;
// a partial HsOfficeDebitorEntity to reduce the number of SQL queries to load the entity // a partial HsOfficeDebitorEntity to reduce the number of SQL queries to load the entity
@Entity @Entity
@Table(name = "hs_booking_debitor_xv") @Table(schema = "hs_booking", name = "debitor_xv")
@Getter @Getter
@Builder @Builder
@NoArgsConstructor @NoArgsConstructor

2
src/main/java/net/hostsharing/hsadminng/hs/booking/item/HsBookingItemRbacEntity.java
View File

@ -31,7 +31,7 @@ import static net.hostsharing.hsadminng.rbac.generator.RbacView.SQL.directlyFetc
import static net.hostsharing.hsadminng.rbac.generator.RbacView.rbacViewFor; import static net.hostsharing.hsadminng.rbac.generator.RbacView.rbacViewFor;
@Entity @Entity
@Table(name = "hs_booking_item_rv") @Table(schema = "hs_booking", name = "item_rv")
@SuperBuilder(toBuilder = true) @SuperBuilder(toBuilder = true)
@Getter @Getter
@Setter @Setter

2
src/main/java/net/hostsharing/hsadminng/hs/booking/item/HsBookingItemRealEntity.java
View File

@ -13,7 +13,7 @@ import jakarta.persistence.Table;
@Entity @Entity
@Table(name = "hs_booking_item") @Table(schema = "hs_booking", name = "item")
@SuperBuilder(toBuilder = true) @SuperBuilder(toBuilder = true)
@Getter @Getter
@Setter @Setter

2
src/main/java/net/hostsharing/hsadminng/hs/booking/project/HsBookingProject.java
View File

@ -71,7 +71,7 @@ public abstract class HsBookingProject implements Stringifyable, BaseEntity<HsBo
return rbacViewFor("project", HsBookingProjectRbacEntity.class) return rbacViewFor("project", HsBookingProjectRbacEntity.class)
.withIdentityView(SQL.query(""" .withIdentityView(SQL.query("""
SELECT bookingProject.uuid as uuid, debitorIV.idName || '-' || base.cleanIdentifier(bookingProject.caption) as idName SELECT bookingProject.uuid as uuid, debitorIV.idName || '-' || base.cleanIdentifier(bookingProject.caption) as idName
FROM hs_booking_project bookingProject FROM hs_booking.project bookingProject
JOIN hs_office.debitor_iv debitorIV ON debitorIV.uuid = bookingProject.debitorUuid JOIN hs_office.debitor_iv debitorIV ON debitorIV.uuid = bookingProject.debitorUuid
""")) """))
.withRestrictedViewOrderBy(SQL.expression("caption")) .withRestrictedViewOrderBy(SQL.expression("caption"))

4
src/main/java/net/hostsharing/hsadminng/hs/booking/project/HsBookingProjectRbacEntity.java
View File

@ -32,7 +32,7 @@ import static net.hostsharing.hsadminng.rbac.generator.RbacView.SQL.fetchedBySql
import static net.hostsharing.hsadminng.rbac.generator.RbacView.rbacViewFor; import static net.hostsharing.hsadminng.rbac.generator.RbacView.rbacViewFor;
@Entity @Entity
@Table(name = "hs_booking_project_rv") @Table(schema = "hs_booking", name = "project_rv")
@SuperBuilder(toBuilder = true) @SuperBuilder(toBuilder = true)
@Getter @Getter
@Setter @Setter
@ -43,7 +43,7 @@ public class HsBookingProjectRbacEntity extends HsBookingProject {
return rbacViewFor("project", HsBookingProjectRbacEntity.class) return rbacViewFor("project", HsBookingProjectRbacEntity.class)
.withIdentityView(SQL.query(""" .withIdentityView(SQL.query("""
SELECT bookingProject.uuid as uuid, debitorIV.idName || '-' || base.cleanIdentifier(bookingProject.caption) as idName SELECT bookingProject.uuid as uuid, debitorIV.idName || '-' || base.cleanIdentifier(bookingProject.caption) as idName
FROM hs_booking_project bookingProject FROM hs_booking.project bookingProject
JOIN hs_office.debitor_iv debitorIV ON debitorIV.uuid = bookingProject.debitorUuid JOIN hs_office.debitor_iv debitorIV ON debitorIV.uuid = bookingProject.debitorUuid
""")) """))
.withRestrictedViewOrderBy(SQL.expression("caption")) .withRestrictedViewOrderBy(SQL.expression("caption"))

2
src/main/java/net/hostsharing/hsadminng/hs/booking/project/HsBookingProjectRealEntity.java
View File

@ -10,7 +10,7 @@ import jakarta.persistence.Table;
@Entity @Entity
@Table(name = "hs_booking_project") @Table(schema = "hs_booking", name = "project")
@SuperBuilder(toBuilder = true) @SuperBuilder(toBuilder = true)
@Getter @Getter
@Setter @Setter

2
src/main/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAssetRbacEntity.java
View File

@ -33,7 +33,7 @@ import static net.hostsharing.hsadminng.rbac.generator.RbacView.SQL.directlyFetc
import static net.hostsharing.hsadminng.rbac.generator.RbacView.rbacViewFor; import static net.hostsharing.hsadminng.rbac.generator.RbacView.rbacViewFor;
@Entity @Entity
@Table(name = "hs_hosting_asset_rv") @Table(schema = "hs_hosting", name = "asset_rv")
@SuperBuilder(toBuilder = true) @SuperBuilder(toBuilder = true)
@Getter @Getter
@Setter @Setter

8
src/main/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAssetRbacRepository.java
View File

@ -25,15 +25,15 @@ public interface HsHostingAssetRbacRepository extends HsHostingAssetRepository<H
ha.parentassetuuid, ha.parentassetuuid,
ha.type, ha.type,
ha.version ha.version
from hs_hosting_asset_rv ha from hs_hosting.asset_rv ha
left join hs_booking_item bi on bi.uuid = ha.bookingitemuuid left join hs_booking.item bi on bi.uuid = ha.bookingitemuuid
left join hs_hosting_asset pha on pha.uuid = ha.parentassetuuid left join hs_hosting.asset pha on pha.uuid = ha.parentassetuuid
where (:projectUuid is null or bi.projectuuid=:projectUuid) where (:projectUuid is null or bi.projectuuid=:projectUuid)
and (:parentAssetUuid is null or pha.uuid=:parentAssetUuid) and (:parentAssetUuid is null or pha.uuid=:parentAssetUuid)
and (:type is null or :type=cast(ha.type as text)) and (:type is null or :type=cast(ha.type as text))
""", nativeQuery = true) """, nativeQuery = true)
// The JPQL query did not generate "left join" but just "join". // The JPQL query did not generate "left join" but just "join".
// I also optimized the query by not using the _rv for hs_booking_item and hs_hosting_asset, only for hs_hosting_asset_rv. // I also optimized the query by not using the _rv for hs_booking.item and hs_hosting.asset, only for hs_hosting.asset_rv.
List<HsHostingAssetRbacEntity> findAllByCriteriaImpl(UUID projectUuid, UUID parentAssetUuid, String type); List<HsHostingAssetRbacEntity> findAllByCriteriaImpl(UUID projectUuid, UUID parentAssetUuid, String type);
default List<HsHostingAssetRbacEntity> findAllByCriteria(final UUID projectUuid, final UUID parentAssetUuid, final HsHostingAssetType type) { default List<HsHostingAssetRbacEntity> findAllByCriteria(final UUID projectUuid, final UUID parentAssetUuid, final HsHostingAssetType type) {
return findAllByCriteriaImpl(projectUuid, parentAssetUuid, HsHostingAssetType.asString(type)); return findAllByCriteriaImpl(projectUuid, parentAssetUuid, HsHostingAssetType.asString(type));

2
src/main/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAssetRealEntity.java
View File

@ -9,7 +9,7 @@ import jakarta.persistence.Entity;
import jakarta.persistence.Table; import jakarta.persistence.Table;
@Entity @Entity
@Table(name = "hs_hosting_asset") @Table(schema = "hs_hosting", name = "asset")
@SuperBuilder(builderMethodName = "genericBuilder", toBuilder = true) @SuperBuilder(builderMethodName = "genericBuilder", toBuilder = true)
@Getter @Getter
@Setter @Setter

8
src/main/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAssetRealRepository.java
View File

@ -24,15 +24,15 @@ public interface HsHostingAssetRealRepository extends HsHostingAssetRepository<H
ha.parentassetuuid, ha.parentassetuuid,
ha.type, ha.type,
ha.version ha.version
from hs_hosting_asset_rv ha from hs_hosting.asset_rv ha
left join hs_booking_item bi on bi.uuid = ha.bookingitemuuid left join hs_booking.item bi on bi.uuid = ha.bookingitemuuid
left join hs_hosting_asset pha on pha.uuid = ha.parentassetuuid left join hs_hosting.asset pha on pha.uuid = ha.parentassetuuid
where (:projectUuid is null or bi.projectuuid=:projectUuid) where (:projectUuid is null or bi.projectuuid=:projectUuid)
and (:parentAssetUuid is null or pha.uuid=:parentAssetUuid) and (:parentAssetUuid is null or pha.uuid=:parentAssetUuid)
and (:type is null or :type=cast(ha.type as text)) and (:type is null or :type=cast(ha.type as text))
""", nativeQuery = true) """, nativeQuery = true)
// The JPQL query did not generate "left join" but just "join". // The JPQL query did not generate "left join" but just "join".
// I also optimized the query by not using the _rv for hs_booking_item and hs_hosting_asset, only for hs_hosting_asset_rv. // I also optimized the query by not using the _rv for hs_booking.item and hs_hosting.asset, only for hs_hosting.asset_rv.
List<HsHostingAssetRealEntity> findAllByCriteriaImpl(UUID projectUuid, UUID parentAssetUuid, String type); List<HsHostingAssetRealEntity> findAllByCriteriaImpl(UUID projectUuid, UUID parentAssetUuid, String type);
default List<HsHostingAssetRealEntity> findAllByCriteria(final UUID projectUuid, final UUID parentAssetUuid, final HsHostingAssetType type) { default List<HsHostingAssetRealEntity> findAllByCriteria(final UUID projectUuid, final UUID parentAssetUuid, final HsHostingAssetType type) {
return findAllByCriteriaImpl(projectUuid, parentAssetUuid, HsHostingAssetType.asString(type)); return findAllByCriteriaImpl(projectUuid, parentAssetUuid, HsHostingAssetType.asString(type));

2
src/main/java/net/hostsharing/hsadminng/hs/hosting/asset/validators/HsUnixUserHostingAssetValidator.java
View File

@ -53,7 +53,7 @@ class HsUnixUserHostingAssetValidator extends HostingAssetEntityValidator {
} }
private static Integer computeUserId(final EntityManager em, final PropertiesProvider propertiesProvider) { private static Integer computeUserId(final EntityManager em, final PropertiesProvider propertiesProvider) {
final Object result = em.createNativeQuery("SELECT nextval('hs_hosting_asset_unixuser_system_id_seq')", Integer.class) final Object result = em.createNativeQuery("SELECT nextval('hs_hosting.asset_unixuser_system_id_seq')", Integer.class)
.getSingleResult(); .getSingleResult();
return (Integer) result; return (Integer) result;
} }

2
src/main/java/net/hostsharing/hsadminng/hs/office/coopassets/HsOfficeCoopAssetsTransactionEntity.java
View File

@ -34,7 +34,7 @@ import static net.hostsharing.hsadminng.rbac.generator.RbacView.rbacViewFor;
import static net.hostsharing.hsadminng.stringify.Stringify.stringify; import static net.hostsharing.hsadminng.stringify.Stringify.stringify;
@Entity @Entity
@Table(schema = "hs_office", name = "coopassetstransaction_rv") @Table(schema = "hs_office", name = "coopassettx_rv")
@Getter @Getter
@Setter @Setter
@Builder @Builder

2
src/main/java/net/hostsharing/hsadminng/hs/office/coopshares/HsOfficeCoopSharesTransactionEntity.java
View File

@ -32,7 +32,7 @@ import static net.hostsharing.hsadminng.rbac.generator.RbacView.rbacViewFor;
import static net.hostsharing.hsadminng.stringify.Stringify.stringify; import static net.hostsharing.hsadminng.stringify.Stringify.stringify;
@Entity @Entity
@Table(schema = "hs_office", name = "coopsharestransaction_rv") @Table(schema = "hs_office", name = "coopsharetx_rv")
@Getter @Getter
@Setter @Setter
@Builder @Builder

2
src/main/java/net/hostsharing/hsadminng/hs/office/relation/HsOfficeRelationRbacRepository.java
View File

@ -24,7 +24,7 @@ public interface HsOfficeRelationRbacRepository extends Repository<HsOfficeRelat
@Query(value = """ @Query(value = """
SELECT p.* FROM hs_office.relation_rv AS p SELECT p.* FROM hs_office.relation_rv AS p
WHERE (:relationType IS NULL OR p.type = cast(:relationType AS HsOfficeRelationType)) WHERE (:relationType IS NULL OR p.type = cast(:relationType AS hs_office.RelationType))
AND ( p.anchorUuid = :personUuid OR p.holderUuid = :personUuid) AND ( p.anchorUuid = :personUuid OR p.holderUuid = :personUuid)
""", nativeQuery = true) """, nativeQuery = true)
List<HsOfficeRelationRbacEntity> findRelationRelatedToPersonUuidAndRelationTypeString(@NotNull UUID personUuid, String relationType); List<HsOfficeRelationRbacEntity> findRelationRelatedToPersonUuidAndRelationTypeString(@NotNull UUID personUuid, String relationType);

2
src/main/java/net/hostsharing/hsadminng/hs/office/relation/HsOfficeRelationRealRepository.java
View File

@ -24,7 +24,7 @@ public interface HsOfficeRelationRealRepository extends Repository<HsOfficeRelat
@Query(value = """ @Query(value = """
SELECT p.* FROM hs_office.relation AS p SELECT p.* FROM hs_office.relation AS p
WHERE (:relationType IS NULL OR p.type = cast(:relationType AS HsOfficeRelationType)) WHERE (:relationType IS NULL OR p.type = cast(:relationType AS hs_office.RelationType))
AND ( p.anchorUuid = :personUuid OR p.holderUuid = :personUuid) AND ( p.anchorUuid = :personUuid OR p.holderUuid = :personUuid)
""", nativeQuery = true) """, nativeQuery = true)
List<HsOfficeRelationRealEntity> findRelationRelatedToPersonUuidAndRelationTypeString(@NotNull UUID personUuid, String relationType); List<HsOfficeRelationRealEntity> findRelationRelatedToPersonUuidAndRelationTypeString(@NotNull UUID personUuid, String relationType);

12
src/main/java/net/hostsharing/hsadminng/rbac/generator/InsertTriggerGenerator.java
View File

@ -89,7 +89,7 @@ public class InsertTriggerGenerator {
with("superRoleRef", toRoleDescriptor(g.getSuperRoleDef(), "row"))); with("superRoleRef", toRoleDescriptor(g.getSuperRoleDef(), "row")));
} else { } else {
plPgSql.writeLn(""" plPgSql.writeLn("""
-- Granting INSERT INTO hs_hosting_asset permissions to specified role of pre-existing hs_hosting_asset rows slipped, -- Granting INSERT INTO hs_hosting.asset permissions to specified role of pre-existing hs_hosting.asset rows slipped,
-- because there cannot yet be any pre-existing rows in the same table yet. -- because there cannot yet be any pre-existing rows in the same table yet.
""", """,
with("rawSuperTable", g.getSuperRoleDef().getEntityAlias().getRawTableNameWithSchema()), with("rawSuperTable", g.getSuperRoleDef().getEntityAlias().getRawTableNameWithSchema()),
@ -100,7 +100,7 @@ public class InsertTriggerGenerator {
/** /**
Grants ${rawSubTable} INSERT permission to specified role of new ${rawSuperTable} rows. Grants ${rawSubTable} INSERT permission to specified role of new ${rawSuperTable} rows.
*/ */
create or replace function ${rawSubTableSchemaPrefix}new_${rawSubTableShortName}_grants_insert_to_${rawSuperTableShortName}_tf() create or replace function ${rawSubTableSchemaPrefix}${rawSubTableShortName}_grants_insert_to_${rawSuperTableShortName}_tf()
returns trigger returns trigger
language plpgsql language plpgsql
strict as $$ strict as $$
@ -113,11 +113,11 @@ public class InsertTriggerGenerator {
return NEW; return NEW;
end; $$; end; $$;
-- z_... is to put it at the end of after insert triggers, to make sure the roles exist -- ..._z_... is to put it at the end of after insert triggers, to make sure the roles exist
create trigger z_new_${rawSubTableName}_grants_after_insert_tg create trigger ${rawSubTableName}_z_grants_after_insert_tg
after insert on ${rawSuperTableWithSchema} after insert on ${rawSuperTableWithSchema}
for each row for each row
execute procedure ${rawSubTableSchemaPrefix}new_${rawSubTableShortName}_grants_insert_to_${rawSuperTableShortName}_tf(); execute procedure ${rawSubTableSchemaPrefix}${rawSubTableShortName}_grants_insert_to_${rawSuperTableShortName}_tf();
""", """,
with("ifConditionThen", g.getSuperRoleDef().getEntityAlias().isCaseDependent() with("ifConditionThen", g.getSuperRoleDef().getEntityAlias().isCaseDependent()
// TODO.impl: .type needs to be dynamically generated // TODO.impl: .type needs to be dynamically generated
@ -325,7 +325,7 @@ public class InsertTriggerGenerator {
private String toRoleDescriptor(final RbacView.RbacRoleDefinition roleDef, final String ref) { private String toRoleDescriptor(final RbacView.RbacRoleDefinition roleDef, final String ref) {
final var functionName = toVar(roleDef); final var functionName = roleDef.descriptorFunctionName();
if (roleDef.getEntityAlias().isGlobal()) { if (roleDef.getEntityAlias().isGlobal()) {
return functionName + "()"; return functionName + "()";
} }

3
src/main/java/net/hostsharing/hsadminng/rbac/generator/RbacRoleDescriptorsGenerator.java
View File

@ -19,12 +19,11 @@ public class RbacRoleDescriptorsGenerator {
-- ============================================================================ -- ============================================================================
--changeset RbacRoleDescriptorsGenerator:${liquibaseTagPrefix}-rbac-ROLE-DESCRIPTORS endDelimiter:--// --changeset RbacRoleDescriptorsGenerator:${liquibaseTagPrefix}-rbac-ROLE-DESCRIPTORS endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call rbac.generateRbacRoleDescriptors('${simpleEntityVarName}', '${rawTableName}'); call rbac.generateRbacRoleDescriptors('${rawTableName}');
--// --//
""", """,
with("liquibaseTagPrefix", liquibaseTagPrefix), with("liquibaseTagPrefix", liquibaseTagPrefix),
with("simpleEntityVarName", simpleEntityVarName),
with("rawTableName", rawTableName)); with("rawTableName", rawTableName));
} }
} }

13
src/main/java/net/hostsharing/hsadminng/rbac/generator/RbacView.java
View File

@ -29,6 +29,7 @@ import static net.hostsharing.hsadminng.rbac.generator.RbacView.RbacGrantDefinit
import static net.hostsharing.hsadminng.rbac.generator.RbacView.RbacSubjectReference.UserRole.CREATOR; import static net.hostsharing.hsadminng.rbac.generator.RbacView.RbacSubjectReference.UserRole.CREATOR;
import static net.hostsharing.hsadminng.rbac.generator.RbacView.SQL.Part.AUTO_FETCH; import static net.hostsharing.hsadminng.rbac.generator.RbacView.SQL.Part.AUTO_FETCH;
import static org.apache.commons.collections4.SetUtils.hashSet; import static org.apache.commons.collections4.SetUtils.hashSet;
import static org.apache.commons.lang3.StringUtils.capitalize;
import static org.apache.commons.lang3.StringUtils.uncapitalize; import static org.apache.commons.lang3.StringUtils.uncapitalize;
@Getter @Getter
@ -830,6 +831,10 @@ public class RbacView {
public boolean isGlobal(final Role role) { public boolean isGlobal(final Role role) {
return entityAlias.isGlobal() && this.role == role; return entityAlias.isGlobal() && this.role == role;
} }
public String descriptorFunctionName() {
return entityAlias.getRawTableNameWithSchema() + "_" + capitalize(role.name());
}
} }
public RbacSubjectReference findUserRef(final RbacSubjectReference.UserRole userRole) { public RbacSubjectReference findUserRef(final RbacSubjectReference.UserRole userRole) {
@ -982,14 +987,12 @@ public class RbacView {
String getRawTableShortName() { String getRawTableShortName() {
// TODO.impl: some combined function and trigger names are too long // TODO.impl: some combined function and trigger names are too long
// maybe we should shorten the table name e.g. hs_office.coopsharestransaction -> hsof.coopsharetx // maybe we should shorten the table name e.g. hs_office.coopsharetx -> hsof.coopsharetx
// this is just a workaround: // this is just a workaround:
return getRawTableName() return getRawTableName()
.replace("hs_office.", "hsof.") .replace("hs_office.", "hsof.")
.replace("hs_booking_", "hsbk_") .replace("hs_booking.", "hsbk_")
.replace("hs_hosting_", "hsho_") .replace("hs_hosting.", "hsho_");
.replace("coopsharestransaction", "coopsharetx")
.replace("coopassetstransaction", "coopassettx");
} }
String dependsOnColumName() { String dependsOnColumName() {

16
src/main/java/net/hostsharing/hsadminng/rbac/generator/RolesGrantsAndPermissionsGenerator.java
View File

@ -20,7 +20,6 @@ import static net.hostsharing.hsadminng.rbac.generator.RbacView.RbacGrantDefinit
import static net.hostsharing.hsadminng.rbac.generator.RbacView.Role.*; import static net.hostsharing.hsadminng.rbac.generator.RbacView.Role.*;
import static net.hostsharing.hsadminng.rbac.generator.StringWriter.with; import static net.hostsharing.hsadminng.rbac.generator.StringWriter.with;
import static org.apache.commons.lang3.StringUtils.capitalize; import static org.apache.commons.lang3.StringUtils.capitalize;
import static org.apache.commons.lang3.StringUtils.uncapitalize;
class RolesGrantsAndPermissionsGenerator { class RolesGrantsAndPermissionsGenerator {
@ -362,11 +361,10 @@ class RolesGrantsAndPermissionsGenerator {
System.out.println("null"); System.out.println("null");
} }
if (roleDef.getEntityAlias().isGlobal()) { if (roleDef.getEntityAlias().isGlobal()) {
return "rbac.globalAdmin()"; return "rbac.global_ADMIN()";
} }
final String entityRefVar = entityRefVar(rootRefVar, roleDef.getEntityAlias()); final String entityRefVar = entityRefVar(rootRefVar, roleDef.getEntityAlias());
return roleDef.getEntityAlias().simpleName() + capitalize(roleDef.getRole().name()) return roleDef.descriptorFunctionName() + "(" + entityRefVar + ")";
+ "(" + entityRefVar + ")";
} }
private String entityRefVar( private String entityRefVar(
@ -389,8 +387,8 @@ class RolesGrantsAndPermissionsGenerator {
plPgSql.writeLn(); plPgSql.writeLn();
plPgSql.writeLn("perform rbac.defineRoleWithGrants("); plPgSql.writeLn("perform rbac.defineRoleWithGrants(");
plPgSql.indented(() -> { plPgSql.indented(() -> {
plPgSql.writeLn("${simpleVarName)${roleSuffix}(NEW)," plPgSql.writeLn("${qualifiedRawTableName)_${roleSuffix}(NEW),"
.replace("${simpleVarName)", simpleEntityVarName) .replace("${qualifiedRawTableName)", qualifiedRawTableName)
.replace("${roleSuffix}", capitalize(role.name()))); .replace("${roleSuffix}", capitalize(role.name())));
generatePermissionsForRole(plPgSql, role); generatePermissionsForRole(plPgSql, role);
@ -593,16 +591,12 @@ class RolesGrantsAndPermissionsGenerator {
final RbacView.RbacRoleDefinition roleDef, final RbacView.RbacRoleDefinition roleDef,
final boolean assumed) { final boolean assumed) {
final var assumedArg = assumed ? "" : ", rbac.unassumed()"; final var assumedArg = assumed ? "" : ", rbac.unassumed()";
return toRoleRef(roleDef) + return roleDef.descriptorFunctionName() +
(roleDef.getEntityAlias().isGlobal() ? ( assumed ? "()" : "(rbac.unassumed())") (roleDef.getEntityAlias().isGlobal() ? ( assumed ? "()" : "(rbac.unassumed())")
: rbacDef.isRootEntityAlias(roleDef.getEntityAlias()) ? ("(" + triggerRef.name() + ")") : rbacDef.isRootEntityAlias(roleDef.getEntityAlias()) ? ("(" + triggerRef.name() + ")")
: "(" + toTriggerReference(triggerRef, roleDef.getEntityAlias()) + assumedArg + ")"); : "(" + toTriggerReference(triggerRef, roleDef.getEntityAlias()) + assumedArg + ")");
} }
private static String toRoleRef(final RbacView.RbacRoleDefinition roleDef) {
return uncapitalize(roleDef.getEntityAlias().simpleName()) + capitalize(roleDef.getRole().name());
}
private static String toTriggerReference( private static String toTriggerReference(
final PostgresTriggerReference triggerRef, final PostgresTriggerReference triggerRef,
final RbacView.EntityAlias entityAlias) { final RbacView.EntityAlias entityAlias) {

39
src/main/resources/db/changelog/0-base/010-context.sql
View File

@ -168,45 +168,6 @@ begin
return cleanIdentifier; return cleanIdentifier;
end; $$; end; $$;
create or replace function base.findObjectUuidByIdName(objectTable varchar, objectIdName varchar)
returns uuid
returns null on null input
language plpgsql as $$
declare
sql varchar;
uuid uuid;
begin
objectTable := base.pureIdentifier(objectTable);
objectIdName := base.pureIdentifier(objectIdName);
sql := format('select * from %sUuidByIdName(%L);', objectTable, objectIdName);
begin
execute sql into uuid;
exception
when others then
raise exception 'function %UuidByIdName(...) not found, add identity view support for table %', objectTable, objectTable;
end;
return uuid;
end ; $$;
create or replace function base.findIdNameByObjectUuid(objectTable varchar, objectUuid uuid)
returns varchar
returns null on null input
language plpgsql as $$
declare
sql varchar;
idName varchar;
begin
objectTable := base.pureIdentifier(objectTable);
sql := format('select * from %sIdNameByUuid(%L::uuid);', objectTable, objectUuid);
begin
execute sql into idName;
exception
when others then
raise exception 'function %IdNameByUuid(...) not found, add identity view support for table %', objectTable, objectTable;
end;
return idName;
end ; $$;
create or replace function base.currentSubjects() create or replace function base.currentSubjects()
returns varchar(1023)[] returns varchar(1023)[]
stable -- leakproof stable -- leakproof

3
src/main/resources/db/changelog/0-base/011-table-schema-and-name.sql
View File

@ -9,6 +9,9 @@ create or replace function base.combine_table_schema_and_name(tableSchema name,
returns text returns text
language plpgsql as $$ language plpgsql as $$
begin begin
assert LEFT(tableSchema, 1) <> '"', 'tableSchema must not start with "';
assert LEFT(tableName, 1) <> '"', 'tableName must not start with "';
if tableSchema is null or tableSchema = 'public' or tableSchema = '' then if tableSchema is null or tableSchema = 'public' or tableSchema = '' then
return tableName::text; return tableName::text;
else else

15
src/main/resources/db/changelog/0-base/030-historization.sql
View File

@ -63,7 +63,6 @@ begin
if (currentSubject is null or currentSubject = '') then if (currentSubject is null or currentSubject = '') then
raise exception 'hsadminng.currentSubject must be defined, please use "SET LOCAL ...;"'; raise exception 'hsadminng.currentSubject must be defined, please use "SET LOCAL ...;"';
end if; end if;
raise notice 'currentSubject: %', currentSubject;
-- determine task -- determine task
currentTask = current_setting('hsadminng.currentTask'); currentTask = current_setting('hsadminng.currentTask');
@ -81,8 +80,9 @@ begin
"alive" := false; "alive" := false;
end if; end if;
sql := format('INSERT INTO %3$I_ex VALUES (DEFAULT, pg_current_xact_id(), %1$L, %2$L, $1.*)', sql := format('INSERT INTO %3$s_ex VALUES (DEFAULT, pg_current_xact_id(), %1$L, %2$L, $1.*)',
TG_OP, alive, base.combine_table_schema_and_name(tg_table_schema, tg_table_name)::name); TG_OP, alive, base.combine_table_schema_and_name(tg_table_schema, tg_table_name)::name);
-- raise exception 'generated-SQL: %', sql;
execute sql using "row"; execute sql using "row";
return "row"; return "row";
@ -117,12 +117,12 @@ begin
' EXCLUDING CONSTRAINTS' || ' EXCLUDING CONSTRAINTS' ||
' EXCLUDING STATISTICS' || ' EXCLUDING STATISTICS' ||
')'; ')';
raise notice 'sql: %', createHistTableSql; -- raise notice 'sql: %', createHistTableSql;
execute createHistTableSql; execute createHistTableSql;
-- create the historical view -- create the historical view
viewName = quote_ident(format('%s_hv', baseTable)); viewName = baseTable || '_hv';
exVersionsTable = quote_ident(format('%s_ex', baseTable)); exVersionsTable = baseTable || '_ex';
baseCols = (select string_agg(quote_ident(column_name), ', ') baseCols = (select string_agg(quote_ident(column_name), ', ')
from information_schema.columns from information_schema.columns
where table_schema = 'public' where table_schema = 'public'
@ -146,15 +146,14 @@ begin
' )' || ' )' ||
')', ')',
viewName, baseCols, exVersionsTable viewName, baseCols, exVersionsTable
); );
raise notice 'sql: %', createViewSQL; -- raise notice 'generated-sql: %', createViewSQL;
execute createViewSQL; execute createViewSQL;
-- "-9-" to put the trigger execution after any alphabetically lesser tx-triggers -- "-9-" to put the trigger execution after any alphabetically lesser tx-triggers
createTriggerSQL = 'CREATE TRIGGER tx_9_historicize_tg' || createTriggerSQL = 'CREATE TRIGGER tx_9_historicize_tg' ||
' AFTER INSERT OR DELETE OR UPDATE ON ' || baseTable || ' AFTER INSERT OR DELETE OR UPDATE ON ' || baseTable ||
' FOR EACH ROW EXECUTE PROCEDURE base.tx_historicize_tf()'; ' FOR EACH ROW EXECUTE PROCEDURE base.tx_historicize_tf()';
raise notice 'sql: %', createTriggerSQL;
execute createTriggerSQL; execute createTriggerSQL;
end; $$; end; $$;

46
src/main/resources/db/changelog/1-rbac/1050-rbac-base.sql
View File

@ -233,6 +233,50 @@ $$;
--// --//
-- ============================================================================
--changeset michael.hoennig:rbac-base-IDNAME-FUNCTIONS endDelimiter:--//
-- ----------------------------------------------------------------------------
create or replace function rbac.findObjectUuidByIdName(objectTable varchar, objectIdName varchar)
returns uuid
returns null on null input
language plpgsql as $$
declare
sql varchar;
uuid uuid;
begin
objectTable := base.pureIdentifier(objectTable);
objectIdName := base.pureIdentifier(objectIdName);
sql := format('select * from %s_uuid_by_id_name(%L);', objectTable, objectIdName);
begin
execute sql into uuid;
exception
when others then
raise exception 'function %_uuid_by_id_name(...) not found, add identity view support for table %', objectTable, objectTable;
end;
return uuid;
end ; $$;
create or replace function rbac.findIdNameByObjectUuid(objectTable varchar, objectUuid uuid)
returns varchar
returns null on null input
language plpgsql as $$
declare
sql varchar;
idName varchar;
begin
objectTable := base.pureIdentifier(objectTable);
sql := format('select * from %s_id_name_by_uuid(%L::uuid);', objectTable, objectUuid);
begin
execute sql into idName;
exception
when others then
raise exception 'function %_id_name_by_uuid(...) not found, add identity view support for table %', objectTable, objectTable;
end;
return idName;
end ; $$;
--//
-- ============================================================================ -- ============================================================================
--changeset michael.hoennig:rbac-base-ROLE-FUNCTIONS endDelimiter:--// --changeset michael.hoennig:rbac-base-ROLE-FUNCTIONS endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
@ -262,7 +306,7 @@ begin
objectTableFromRoleIdName = split_part(roleParts, '#', 1); objectTableFromRoleIdName = split_part(roleParts, '#', 1);
objectNameFromRoleIdName = split_part(roleParts, '#', 2); objectNameFromRoleIdName = split_part(roleParts, '#', 2);
roleTypeFromRoleIdName = split_part(roleParts, '#', 3); roleTypeFromRoleIdName = split_part(roleParts, '#', 3);
objectUuidOfRole = base.findObjectUuidByIdName(objectTableFromRoleIdName, objectNameFromRoleIdName); objectUuidOfRole = rbac.findObjectUuidByIdName(objectTableFromRoleIdName, objectNameFromRoleIdName);
select uuid select uuid
from rbac.role from rbac.role

2
src/main/resources/db/changelog/1-rbac/1054-rbac-context.sql
View File

@ -55,7 +55,7 @@ begin
objectNameToAssume = split_part(roleNameParts, '#', 2); objectNameToAssume = split_part(roleNameParts, '#', 2);
roleTypeToAssume = split_part(roleNameParts, '#', 3); roleTypeToAssume = split_part(roleNameParts, '#', 3);
objectUuidToAssume = base.findObjectUuidByIdName(objectTableToAssume, objectNameToAssume); objectUuidToAssume = rbac.findObjectUuidByIdName(objectTableToAssume, objectNameToAssume);
if objectUuidToAssume is null then if objectUuidToAssume is null then
raise exception '[401] object % cannot be found in table % (from roleNameParts=%)', objectNameToAssume, objectTableToAssume, roleNameParts; raise exception '[401] object % cannot be found in table % (from roleNameParts=%)', objectNameToAssume, objectTableToAssume, roleNameParts;
end if; end if;

22
src/main/resources/db/changelog/1-rbac/1055-rbac-views.sql
View File

@ -13,7 +13,7 @@ select (objectTable || '#' || objectIdName || ':' || roleType) as roleIdName, *
-- @formatter:off -- @formatter:off
from ( from (
select r.*, select r.*,
o.objectTable, base.findIdNameByObjectUuid(o.objectTable, o.uuid) as objectIdName o.objectTable, rbac.findIdNameByObjectUuid(o.objectTable, o.uuid) as objectIdName
from rbac.role as r from rbac.role as r
join rbac.object as o on o.uuid = r.objectuuid join rbac.object as o on o.uuid = r.objectuuid
) as unordered ) as unordered
@ -34,7 +34,7 @@ select *
-- @formatter:off -- @formatter:off
from ( from (
select r.*, o.objectTable, select r.*, o.objectTable,
base.findIdNameByObjectUuid(o.objectTable, o.uuid) as objectIdName rbac.findIdNameByObjectUuid(o.objectTable, o.uuid) as objectIdName
from rbac.role as r from rbac.role as r
join rbac.object as o on o.uuid = r.objectuuid join rbac.object as o on o.uuid = r.objectuuid
where rbac.isGranted(rbac.currentSubjectOrAssumedRolesUuids(), r.uuid) where rbac.isGranted(rbac.currentSubjectOrAssumedRolesUuids(), r.uuid)
@ -57,7 +57,7 @@ create or replace view rbac.grants_ev as
-- @formatter:off -- @formatter:off
select x.grantUuid as uuid, select x.grantUuid as uuid,
x.grantedByTriggerOf as grantedByTriggerOf, x.grantedByTriggerOf as grantedByTriggerOf,
go.objectTable || '#' || base.findIdNameByObjectUuid(go.objectTable, go.uuid) || ':' || r.roletype as grantedByRoleIdName, go.objectTable || '#' || rbac.findIdNameByObjectUuid(go.objectTable, go.uuid) || ':' || r.roletype as grantedByRoleIdName,
x.ascendingIdName as ascendantIdName, x.ascendingIdName as ascendantIdName,
x.descendingIdName as descendantIdName, x.descendingIdName as descendantIdName,
x.grantedByRoleUuid, x.grantedByRoleUuid,
@ -72,15 +72,15 @@ create or replace view rbac.grants_ev as
coalesce( coalesce(
'user:' || au.name, 'user:' || au.name,
'role:' || aro.objectTable || '#' || base.findIdNameByObjectUuid(aro.objectTable, aro.uuid) || ':' || ar.roletype 'role:' || aro.objectTable || '#' || rbac.findIdNameByObjectUuid(aro.objectTable, aro.uuid) || ':' || ar.roletype
) as ascendingIdName, ) as ascendingIdName,
aro.objectTable, aro.uuid, aro.objectTable, aro.uuid,
( case ( case
when dro is not null when dro is not null
then ('role:' || dro.objectTable || '#' || base.findIdNameByObjectUuid(dro.objectTable, dro.uuid) || ':' || dr.roletype) then ('role:' || dro.objectTable || '#' || rbac.findIdNameByObjectUuid(dro.objectTable, dro.uuid) || ':' || dr.roletype)
when dp.op = 'INSERT' when dp.op = 'INSERT'
then 'perm:' || dpo.objecttable || '#' || base.findIdNameByObjectUuid(dpo.objectTable, dpo.uuid) || ':' || dp.op || '>' || dp.opTableName then 'perm:' || dpo.objecttable || '#' || rbac.findIdNameByObjectUuid(dpo.objectTable, dpo.uuid) || ':' || dp.op || '>' || dp.opTableName
else 'perm:' || dpo.objecttable || '#' || base.findIdNameByObjectUuid(dpo.objectTable, dpo.uuid) || ':' || dp.op else 'perm:' || dpo.objecttable || '#' || rbac.findIdNameByObjectUuid(dpo.objectTable, dpo.uuid) || ':' || dp.op
end end
) as descendingIdName, ) as descendingIdName,
dro.objectTable, dro.uuid, dro.objectTable, dro.uuid,
@ -114,14 +114,14 @@ create or replace view rbac.grants_ev as
*/ */
create or replace view rbac.grants_rv as create or replace view rbac.grants_rv as
-- @formatter:off -- @formatter:off
select o.objectTable || '#' || base.findIdNameByObjectUuid(o.objectTable, o.uuid) || ':' || r.roletype as grantedByRoleIdName, select o.objectTable || '#' || rbac.findIdNameByObjectUuid(o.objectTable, o.uuid) || ':' || r.roletype as grantedByRoleIdName,
g.objectTable || '#' || g.objectIdName || ':' || g.roletype as grantedRoleIdName, g.userName, g.assumed, g.objectTable || '#' || g.objectIdName || ':' || g.roletype as grantedRoleIdName, g.userName, g.assumed,
g.grantedByRoleUuid, g.descendantUuid as grantedRoleUuid, g.ascendantUuid as subjectUuid, g.grantedByRoleUuid, g.descendantUuid as grantedRoleUuid, g.ascendantUuid as subjectUuid,
g.objectTable, g.objectUuid, g.objectIdName, g.roleType as grantedRoleType g.objectTable, g.objectUuid, g.objectIdName, g.roleType as grantedRoleType
from ( from (
select g.grantedbyroleuuid, g.ascendantuuid, g.descendantuuid, g.assumed, select g.grantedbyroleuuid, g.ascendantuuid, g.descendantuuid, g.assumed,
u.name as userName, o.objecttable, r.objectuuid, r.roletype, u.name as userName, o.objecttable, r.objectuuid, r.roletype,
base.findIdNameByObjectUuid(o.objectTable, o.uuid) as objectIdName rbac.findIdNameByObjectUuid(o.objectTable, o.uuid) as objectIdName
from rbac.grants as g from rbac.grants as g
join rbac.role as r on r.uuid = g.descendantUuid join rbac.role as r on r.uuid = g.descendantUuid
join rbac.object o on o.uuid = r.objectuuid join rbac.object o on o.uuid = r.objectuuid
@ -363,10 +363,10 @@ begin
xp.permissionObjectTable, xp.permissionObjectIdName, xp.permissionObjectUuid xp.permissionObjectTable, xp.permissionObjectIdName, xp.permissionObjectUuid
from (select from (select
r.uuid as roleUuid, r.roletype, ro.objectTable as roleObjectTable, r.uuid as roleUuid, r.roletype, ro.objectTable as roleObjectTable,
base.findIdNameByObjectUuid(ro.objectTable, ro.uuid) as roleObjectIdName, rbac.findIdNameByObjectUuid(ro.objectTable, ro.uuid) as roleObjectIdName,
p.uuid as permissionUuid, p.op, p.opTableName, p.uuid as permissionUuid, p.op, p.opTableName,
po.objecttable as permissionObjectTable, po.objecttable as permissionObjectTable,
base.findIdNameByObjectUuid(po.objectTable, po.uuid) as permissionObjectIdName, rbac.findIdNameByObjectUuid(po.objectTable, po.uuid) as permissionObjectIdName,
po.uuid as permissionObjectUuid po.uuid as permissionObjectUuid
from rbac.queryPermissionsGrantedToSubjectId( targetSubjectUuid) as p from rbac.queryPermissionsGrantedToSubjectId( targetSubjectUuid) as p
join rbac.grants as g on g.descendantUuid = p.uuid join rbac.grants as g on g.descendantUuid = p.uuid

32
src/main/resources/db/changelog/1-rbac/1058-rbac-generators.sql
View File

@ -49,62 +49,62 @@ $$;
--changeset michael.hoennig:rbac-generators-ROLE-DESCRIPTORS endDelimiter:--// --changeset michael.hoennig:rbac-generators-ROLE-DESCRIPTORS endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
create procedure rbac.generateRbacRoleDescriptors(prefix text, targetTable text) create procedure rbac.generateRbacRoleDescriptors(targetTable text)
language plpgsql as $$ language plpgsql as $$
declare declare
sql text; sql text;
begin begin
sql = format($sql$ sql = format($sql$
create or replace function %1$sOwner(entity %2$s, assumed boolean = true) create or replace function %1$s_OWNER(entity %1$s, assumed boolean = true)
returns rbac.RoleDescriptor returns rbac.RoleDescriptor
language plpgsql language plpgsql
strict as $f$ strict as $f$
begin begin
return rbac.roleDescriptorOf('%2$s', entity.uuid, 'OWNER', assumed); return rbac.roleDescriptorOf('%1$s', entity.uuid, 'OWNER', assumed);
end; $f$; end; $f$;
create or replace function %1$sAdmin(entity %2$s, assumed boolean = true) create or replace function %1$s_ADMIN(entity %1$s, assumed boolean = true)
returns rbac.RoleDescriptor returns rbac.RoleDescriptor
language plpgsql language plpgsql
strict as $f$ strict as $f$
begin begin
return rbac.roleDescriptorOf('%2$s', entity.uuid, 'ADMIN', assumed); return rbac.roleDescriptorOf('%1$s', entity.uuid, 'ADMIN', assumed);
end; $f$; end; $f$;
create or replace function %1$sAgent(entity %2$s, assumed boolean = true) create or replace function %1$s_AGENT(entity %1$s, assumed boolean = true)
returns rbac.RoleDescriptor returns rbac.RoleDescriptor
language plpgsql language plpgsql
strict as $f$ strict as $f$
begin begin
return rbac.roleDescriptorOf('%2$s', entity.uuid, 'AGENT', assumed); return rbac.roleDescriptorOf('%1$s', entity.uuid, 'AGENT', assumed);
end; $f$; end; $f$;
create or replace function %1$sTenant(entity %2$s, assumed boolean = true) create or replace function %1$s_TENANT(entity %1$s, assumed boolean = true)
returns rbac.RoleDescriptor returns rbac.RoleDescriptor
language plpgsql language plpgsql
strict as $f$ strict as $f$
begin begin
return rbac.roleDescriptorOf('%2$s', entity.uuid, 'TENANT', assumed); return rbac.roleDescriptorOf('%1$s', entity.uuid, 'TENANT', assumed);
end; $f$; end; $f$;
-- TODO: remove guest role -- TODO: remove guest role
create or replace function %1$sGuest(entity %2$s, assumed boolean = true) create or replace function %1$s_GUEST(entity %1$s, assumed boolean = true)
returns rbac.RoleDescriptor returns rbac.RoleDescriptor
language plpgsql language plpgsql
strict as $f$ strict as $f$
begin begin
return rbac.roleDescriptorOf('%2$s', entity.uuid, 'GUEST', assumed); return rbac.roleDescriptorOf('%1$s', entity.uuid, 'GUEST', assumed);
end; $f$; end; $f$;
create or replace function %1$sReferrer(entity %2$s) create or replace function %1$s_REFERRER(entity %1$s)
returns rbac.RoleDescriptor returns rbac.RoleDescriptor
language plpgsql language plpgsql
strict as $f$ strict as $f$
begin begin
return rbac.roleDescriptorOf('%2$s', entity.uuid, 'REFERRER'); return rbac.roleDescriptorOf('%1$s', entity.uuid, 'REFERRER');
end; $f$; end; $f$;
$sql$, prefix, targetTable); $sql$, targetTable);
execute sql; execute sql;
end; $$; end; $$;
--// --//
@ -130,7 +130,7 @@ begin
-- creates a function which maps an idName to the objectUuid -- creates a function which maps an idName to the objectUuid
sql = format($sql$ sql = format($sql$
create or replace function %1$sUuidByIdName(givenIdName varchar) create or replace function %1$s_uuid_by_id_name(givenIdName varchar)
returns uuid returns uuid
language plpgsql as $f$ language plpgsql as $f$
declare declare
@ -144,7 +144,7 @@ begin
-- creates a function which maps an objectUuid to the related idName -- creates a function which maps an objectUuid to the related idName
sql = format($sql$ sql = format($sql$
create or replace function %1$sIdNameByUuid(givenUuid uuid) create or replace function %1$s_id_name_by_uuid(givenUuid uuid)
returns varchar returns varchar
language sql language sql
strict as $f$ strict as $f$

16
src/main/resources/db/changelog/1-rbac/1080-rbac-global.sql
View File

@ -30,7 +30,7 @@ create or replace function rbac.isGlobalAdmin()
returns boolean returns boolean
language plpgsql as $$ language plpgsql as $$
begin begin
return rbac.isGranted(rbac.currentSubjectOrAssumedRolesUuids(), rbac.findRoleId(rbac.globalAdmin())); return rbac.isGranted(rbac.currentSubjectOrAssumedRolesUuids(), rbac.findRoleId(rbac.global_ADMIN()));
end; $$; end; $$;
--// --//
@ -66,21 +66,21 @@ grant all privileges on rbac.global_iv to ${HSADMINNG_POSTGRES_RESTRICTED_USERNA
/* /*
Returns the objectUuid for a given identifying name (in this case the idName). Returns the objectUuid for a given identifying name (in this case the idName).
*/ */
create or replace function rbac.globalUuidByIdName(idName varchar) create or replace function rbac.global_uuid_by_id_name(idName varchar)
returns uuid returns uuid
language sql language sql
strict as $$ strict as $$
select uuid from rbac.global_iv iv where iv.idName = globalUuidByIdName.idName; select uuid from rbac.global_iv iv where iv.idName = global_uuid_by_id_name.idName;
$$; $$;
/* /*
Returns the identifying name for a given objectUuid (in this case the idName). Returns the identifying name for a given objectUuid (in this case the idName).
*/ */
create or replace function rbac.globalIdNameByUuid(uuid uuid) create or replace function rbac.global_id_name_by_uuid(uuid uuid)
returns varchar returns varchar
language sql language sql
strict as $$ strict as $$
select idName from rbac.global_iv iv where iv.uuid = globalIdNameByUuid.uuid; select idName from rbac.global_iv iv where iv.uuid = global_id_name_by_uuid.uuid;
$$; $$;
--// --//
@ -109,7 +109,7 @@ commit;
/* /*
A rbac.Global administrator role. A rbac.Global administrator role.
*/ */
create or replace function rbac.globalAdmin(assumed boolean = true) create or replace function rbac.global_ADMIN(assumed boolean = true)
returns rbac.RoleDescriptor returns rbac.RoleDescriptor
returns null on null input returns null on null input
stable -- leakproof stable -- leakproof
@ -119,7 +119,7 @@ $$;
begin transaction; begin transaction;
call base.defineContext('creating role:rbac.global#global:ADMIN', null, null, null); call base.defineContext('creating role:rbac.global#global:ADMIN', null, null, null);
select rbac.createRole(rbac.globalAdmin()); select rbac.createRole(rbac.global_ADMIN());
commit; commit;
--// --//
@ -157,7 +157,7 @@ do language plpgsql $$
begin begin
call base.defineContext('creating fake test-realm admin users', null, null, null); call base.defineContext('creating fake test-realm admin users', null, null, null);
admins = rbac.findRoleId(rbac.globalAdmin()); admins = rbac.findRoleId(rbac.global_ADMIN());
call rbac.grantRoleToSubjectUnchecked(admins, admins, rbac.create_subject('superuser-alex@hostsharing.net')); call rbac.grantRoleToSubjectUnchecked(admins, admins, rbac.create_subject('superuser-alex@hostsharing.net'));
call rbac.grantRoleToSubjectUnchecked(admins, admins, rbac.create_subject('superuser-fran@hostsharing.net')); call rbac.grantRoleToSubjectUnchecked(admins, admins, rbac.create_subject('superuser-fran@hostsharing.net'));
perform rbac.create_subject('selfregistered-user-drew@hostsharing.org'); perform rbac.create_subject('selfregistered-user-drew@hostsharing.org');

26
src/main/resources/db/changelog/2-rbactest/201-rbactest-customer/2013-rbactest-customer-rbac.sql
View File

@ -12,7 +12,7 @@ call rbac.generateRelatedRbacObject('rbactest.customer');
-- ============================================================================ -- ============================================================================
--changeset RbacRoleDescriptorsGenerator:rbactest-customer-rbac-ROLE-DESCRIPTORS endDelimiter:--// --changeset RbacRoleDescriptorsGenerator:rbactest-customer-rbac-ROLE-DESCRIPTORS endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call rbac.generateRbacRoleDescriptors('testCustomer', 'rbactest.customer'); call rbac.generateRbacRoleDescriptors('rbactest.customer');
--// --//
@ -35,22 +35,22 @@ begin
call rbac.enterTriggerForObjectUuid(NEW.uuid); call rbac.enterTriggerForObjectUuid(NEW.uuid);
perform rbac.defineRoleWithGrants( perform rbac.defineRoleWithGrants(
testCustomerOWNER(NEW), rbactest.customer_OWNER(NEW),
permissions => array['DELETE'], permissions => array['DELETE'],
incomingSuperRoles => array[rbac.globalADMIN(rbac.unassumed())], incomingSuperRoles => array[rbac.global_ADMIN(rbac.unassumed())],
subjectUuids => array[rbac.currentSubjectUuid()] subjectUuids => array[rbac.currentSubjectUuid()]
); );
perform rbac.defineRoleWithGrants( perform rbac.defineRoleWithGrants(
testCustomerADMIN(NEW), rbactest.customer_ADMIN(NEW),
permissions => array['UPDATE'], permissions => array['UPDATE'],
incomingSuperRoles => array[testCustomerOWNER(NEW)] incomingSuperRoles => array[rbactest.customer_OWNER(NEW)]
); );
perform rbac.defineRoleWithGrants( perform rbac.defineRoleWithGrants(
testCustomerTENANT(NEW), rbactest.customer_TENANT(NEW),
permissions => array['SELECT'], permissions => array['SELECT'],
incomingSuperRoles => array[testCustomerADMIN(NEW)] incomingSuperRoles => array[rbactest.customer_ADMIN(NEW)]
); );
call rbac.leaveTriggerForObjectUuid(NEW.uuid); call rbac.leaveTriggerForObjectUuid(NEW.uuid);
@ -96,7 +96,7 @@ do language plpgsql $$
LOOP LOOP
call rbac.grantPermissionToRole( call rbac.grantPermissionToRole(
rbac.createPermission(row.uuid, 'INSERT', 'rbactest.customer'), rbac.createPermission(row.uuid, 'INSERT', 'rbactest.customer'),
rbac.globalADMIN()); rbac.global_ADMIN());
END LOOP; END LOOP;
end; end;
$$; $$;
@ -104,7 +104,7 @@ $$;
/** /**
Grants rbactest.customer INSERT permission to specified role of new global rows. Grants rbactest.customer INSERT permission to specified role of new global rows.
*/ */
create or replace function rbactest.new_customer_grants_insert_to_global_tf() create or replace function rbactest.customer_grants_insert_to_global_tf()
returns trigger returns trigger
language plpgsql language plpgsql
strict as $$ strict as $$
@ -112,16 +112,16 @@ begin
-- unconditional for all rows in that table -- unconditional for all rows in that table
call rbac.grantPermissionToRole( call rbac.grantPermissionToRole(
rbac.createPermission(NEW.uuid, 'INSERT', 'rbactest.customer'), rbac.createPermission(NEW.uuid, 'INSERT', 'rbactest.customer'),
rbac.globalADMIN()); rbac.global_ADMIN());
-- end. -- end.
return NEW; return NEW;
end; $$; end; $$;
-- z_... is to put it at the end of after insert triggers, to make sure the roles exist -- ..._z_... is to put it at the end of after insert triggers, to make sure the roles exist
create trigger z_new_customer_grants_after_insert_tg create trigger customer_z_grants_after_insert_tg
after insert on rbac.global after insert on rbac.global
for each row for each row
execute procedure rbactest.new_customer_grants_insert_to_global_tf(); execute procedure rbactest.customer_grants_insert_to_global_tf();
-- ============================================================================ -- ============================================================================

18
src/main/resources/db/changelog/2-rbactest/201-rbactest-customer/2018-rbactest-customer-test-data.sql
View File

@ -7,7 +7,7 @@
/* /*
Generates a customer reference number for a given test data counter. Generates a customer reference number for a given test data counter.
*/ */
create or replace function testCustomerReference(customerCount integer) create or replace function rbactest.customer_create_test_data(customerCount integer)
returns integer returns integer
returns null on null input returns null on null input
language plpgsql as $$ language plpgsql as $$
@ -19,7 +19,7 @@ end; $$;
/* /*
Creates a single customer test record with dist. Creates a single customer test record with dist.
*/ */
create or replace procedure createTestCustomerTestData( create or replace procedure rbactest.customer_create_test_data(
custReference integer, custReference integer,
custPrefix varchar custPrefix varchar
) )
@ -41,8 +41,8 @@ begin
select * into newCust select * into newCust
from rbactest.customer where reference=custReference; from rbactest.customer where reference=custReference;
call rbac.grantRoleToSubject( call rbac.grantRoleToSubject(
rbac.getRoleId(testCustomerOwner(newCust)), rbac.getRoleId(rbactest.customer_OWNER(newCust)),
rbac.getRoleId(testCustomerAdmin(newCust)), rbac.getRoleId(rbactest.customer_ADMIN(newCust)),
custAdminUuid, custAdminUuid,
true); true);
end; $$; end; $$;
@ -51,7 +51,7 @@ end; $$;
/* /*
Creates a range of test customers for mass data generation. Creates a range of test customers for mass data generation.
*/ */
create or replace procedure createTestCustomerTestData( create or replace procedure rbactest.customer_create_test_data(
startCount integer, -- count of auto generated rows before the run startCount integer, -- count of auto generated rows before the run
endCount integer -- count of auto generated rows after the run endCount integer -- count of auto generated rows after the run
) )
@ -59,7 +59,7 @@ create or replace procedure createTestCustomerTestData(
begin begin
for t in startCount..endCount for t in startCount..endCount
loop loop
call createTestCustomerTestData(testCustomerReference(t), base.intToVarChar(t, 3)); call rbactest.customer_create_test_data(rbactest.testCustomerReference(t), base.intToVarChar(t, 3));
commit; commit;
end loop; end loop;
end; $$; end; $$;
@ -74,9 +74,9 @@ do language plpgsql $$
begin begin
call base.defineContext('creating RBAC test customer', null, 'superuser-alex@hostsharing.net', 'rbac.global#global:ADMIN'); call base.defineContext('creating RBAC test customer', null, 'superuser-alex@hostsharing.net', 'rbac.global#global:ADMIN');
call createTestCustomerTestData(99901, 'xxx'); call rbactest.customer_create_test_data(99901, 'xxx');
call createTestCustomerTestData(99902, 'yyy'); call rbactest.customer_create_test_data(99902, 'yyy');
call createTestCustomerTestData(99903, 'zzz'); call rbactest.customer_create_test_data(99903, 'zzz');
end; end;
$$; $$;
--// --//

36
src/main/resources/db/changelog/2-rbactest/202-rbactest-package/2023-rbactest-package-rbac.sql
View File

@ -12,7 +12,7 @@ call rbac.generateRelatedRbacObject('rbactest.package');
-- ============================================================================ -- ============================================================================
--changeset RbacRoleDescriptorsGenerator:rbactest-package-rbac-ROLE-DESCRIPTORS endDelimiter:--// --changeset RbacRoleDescriptorsGenerator:rbactest-package-rbac-ROLE-DESCRIPTORS endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call rbac.generateRbacRoleDescriptors('testPackage', 'rbactest.package'); call rbac.generateRbacRoleDescriptors('rbactest.package');
--// --//
@ -40,21 +40,21 @@ begin
perform rbac.defineRoleWithGrants( perform rbac.defineRoleWithGrants(
testPackageOWNER(NEW), rbactest.package_OWNER(NEW),
permissions => array['DELETE', 'UPDATE'], permissions => array['DELETE', 'UPDATE'],
incomingSuperRoles => array[testCustomerADMIN(newCustomer)] incomingSuperRoles => array[rbactest.customer_ADMIN(newCustomer)]
); );
perform rbac.defineRoleWithGrants( perform rbac.defineRoleWithGrants(
testPackageADMIN(NEW), rbactest.package_ADMIN(NEW),
incomingSuperRoles => array[testPackageOWNER(NEW)] incomingSuperRoles => array[rbactest.package_OWNER(NEW)]
); );
perform rbac.defineRoleWithGrants( perform rbac.defineRoleWithGrants(
testPackageTENANT(NEW), rbactest.package_TENANT(NEW),
permissions => array['SELECT'], permissions => array['SELECT'],
incomingSuperRoles => array[testPackageADMIN(NEW)], incomingSuperRoles => array[rbactest.package_ADMIN(NEW)],
outgoingSubRoles => array[testCustomerTENANT(newCustomer)] outgoingSubRoles => array[rbactest.customer_TENANT(newCustomer)]
); );
call rbac.leaveTriggerForObjectUuid(NEW.uuid); call rbac.leaveTriggerForObjectUuid(NEW.uuid);
@ -110,11 +110,11 @@ begin
if NEW.customerUuid <> OLD.customerUuid then if NEW.customerUuid <> OLD.customerUuid then
call rbac.revokeRoleFromRole(testPackageOWNER(OLD), testCustomerADMIN(oldCustomer)); call rbac.revokeRoleFromRole(rbactest.package_OWNER(OLD), rbactest.customer_ADMIN(oldCustomer));
call rbac.grantRoleToRole(testPackageOWNER(NEW), testCustomerADMIN(newCustomer)); call rbac.grantRoleToRole(rbactest.package_OWNER(NEW), rbactest.customer_ADMIN(newCustomer));
call rbac.revokeRoleFromRole(testCustomerTENANT(oldCustomer), testPackageTENANT(OLD)); call rbac.revokeRoleFromRole(rbactest.customer_TENANT(oldCustomer), rbactest.package_TENANT(OLD));
call rbac.grantRoleToRole(testCustomerTENANT(newCustomer), testPackageTENANT(NEW)); call rbac.grantRoleToRole(rbactest.customer_TENANT(newCustomer), rbactest.package_TENANT(NEW));
end if; end if;
@ -161,7 +161,7 @@ do language plpgsql $$
LOOP LOOP
call rbac.grantPermissionToRole( call rbac.grantPermissionToRole(
rbac.createPermission(row.uuid, 'INSERT', 'rbactest.package'), rbac.createPermission(row.uuid, 'INSERT', 'rbactest.package'),
testCustomerADMIN(row)); rbactest.customer_ADMIN(row));
END LOOP; END LOOP;
end; end;
$$; $$;
@ -169,7 +169,7 @@ $$;
/** /**
Grants rbactest.package INSERT permission to specified role of new customer rows. Grants rbactest.package INSERT permission to specified role of new customer rows.
*/ */
create or replace function rbactest.new_package_grants_insert_to_customer_tf() create or replace function rbactest.package_grants_insert_to_customer_tf()
returns trigger returns trigger
language plpgsql language plpgsql
strict as $$ strict as $$
@ -177,16 +177,16 @@ begin
-- unconditional for all rows in that table -- unconditional for all rows in that table
call rbac.grantPermissionToRole( call rbac.grantPermissionToRole(
rbac.createPermission(NEW.uuid, 'INSERT', 'rbactest.package'), rbac.createPermission(NEW.uuid, 'INSERT', 'rbactest.package'),
testCustomerADMIN(NEW)); rbactest.customer_ADMIN(NEW));
-- end. -- end.
return NEW; return NEW;
end; $$; end; $$;
-- z_... is to put it at the end of after insert triggers, to make sure the roles exist -- ..._z_... is to put it at the end of after insert triggers, to make sure the roles exist
create trigger z_new_package_grants_after_insert_tg create trigger package_z_grants_after_insert_tg
after insert on rbactest.customer after insert on rbactest.customer
for each row for each row
execute procedure rbactest.new_package_grants_insert_to_customer_tf(); execute procedure rbactest.package_grants_insert_to_customer_tf();
-- ============================================================================ -- ============================================================================

16
src/main/resources/db/changelog/2-rbactest/202-rbactest-package/2028-rbactest-package-test-data.sql
View File

@ -6,7 +6,7 @@
/* /*
Creates the given number of test packages for the given customer. Creates the given number of test packages for the given customer.
*/ */
create or replace procedure createPackageTestData(customerPrefix varchar, pacCount int) create or replace procedure rbactest.package_create_test_data(customerPrefix varchar, pacCount int)
language plpgsql as $$ language plpgsql as $$
declare declare
cust rbactest.customer; cust rbactest.customer;
@ -30,8 +30,8 @@ begin
returning * into pac; returning * into pac;
call rbac.grantRoleToSubject( call rbac.grantRoleToSubject(
rbac.getRoleId(testCustomerAdmin(cust)), rbac.getRoleId(rbactest.customer_ADMIN(cust)),
rbac.findRoleId(testPackageAdmin(pac)), rbac.findRoleId(rbactest.package_ADMIN(pac)),
rbac.create_subject('pac-admin-' || pacName || '@' || cust.prefix || '.example.com'), rbac.create_subject('pac-admin-' || pacName || '@' || cust.prefix || '.example.com'),
true); true);
@ -41,7 +41,7 @@ end; $$;
/* /*
Creates a range of test packages for mass data generation. Creates a range of test packages for mass data generation.
*/ */
create or replace procedure createPackageTestData() create or replace procedure rbactest.package_create_test_data()
language plpgsql as $$ language plpgsql as $$
declare declare
cust rbactest.customer; cust rbactest.customer;
@ -49,7 +49,7 @@ begin
for cust in (select * from rbactest.customer) for cust in (select * from rbactest.customer)
loop loop
continue when cust.reference >= 90000; -- reserved for functional testing continue when cust.reference >= 90000; -- reserved for functional testing
call createPackageTestData(cust.prefix, 3); call rbactest.package_create_test_data(cust.prefix, 3);
end loop; end loop;
commit; commit;
@ -64,9 +64,9 @@ $$;
do language plpgsql $$ do language plpgsql $$
begin begin
call createPackageTestData('xxx', 3); call rbactest.package_create_test_data('xxx', 3);
call createPackageTestData('yyy', 3); call rbactest.package_create_test_data('yyy', 3);
call createPackageTestData('zzz', 3); call rbactest.package_create_test_data('zzz', 3);
end; end;
$$; $$;
--// --//

38
src/main/resources/db/changelog/2-rbactest/203-rbactest-domain/2033-rbactest-domain-rbac.sql
View File

@ -12,7 +12,7 @@ call rbac.generateRelatedRbacObject('rbactest.domain');
-- ============================================================================ -- ============================================================================
--changeset RbacRoleDescriptorsGenerator:rbactest-domain-rbac-ROLE-DESCRIPTORS endDelimiter:--// --changeset RbacRoleDescriptorsGenerator:rbactest-domain-rbac-ROLE-DESCRIPTORS endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call rbac.generateRbacRoleDescriptors('testDomain', 'rbactest.domain'); call rbac.generateRbacRoleDescriptors('rbactest.domain');
--// --//
@ -40,17 +40,17 @@ begin
perform rbac.defineRoleWithGrants( perform rbac.defineRoleWithGrants(
testDomainOWNER(NEW), rbactest.domain_OWNER(NEW),
permissions => array['DELETE', 'UPDATE'], permissions => array['DELETE', 'UPDATE'],
incomingSuperRoles => array[testPackageADMIN(newPackage)], incomingSuperRoles => array[rbactest.package_ADMIN(newPackage)],
outgoingSubRoles => array[testPackageTENANT(newPackage)] outgoingSubRoles => array[rbactest.package_TENANT(newPackage)]
); );
perform rbac.defineRoleWithGrants( perform rbac.defineRoleWithGrants(
testDomainADMIN(NEW), rbactest.domain_ADMIN(NEW),
permissions => array['SELECT'], permissions => array['SELECT'],
incomingSuperRoles => array[testDomainOWNER(NEW)], incomingSuperRoles => array[rbactest.domain_OWNER(NEW)],
outgoingSubRoles => array[testPackageTENANT(newPackage)] outgoingSubRoles => array[rbactest.package_TENANT(newPackage)]
); );
call rbac.leaveTriggerForObjectUuid(NEW.uuid); call rbac.leaveTriggerForObjectUuid(NEW.uuid);
@ -106,14 +106,14 @@ begin
if NEW.packageUuid <> OLD.packageUuid then if NEW.packageUuid <> OLD.packageUuid then
call rbac.revokeRoleFromRole(testDomainOWNER(OLD), testPackageADMIN(oldPackage)); call rbac.revokeRoleFromRole(rbactest.domain_OWNER(OLD), rbactest.package_ADMIN(oldPackage));
call rbac.grantRoleToRole(testDomainOWNER(NEW), testPackageADMIN(newPackage)); call rbac.grantRoleToRole(rbactest.domain_OWNER(NEW), rbactest.package_ADMIN(newPackage));
call rbac.revokeRoleFromRole(testPackageTENANT(oldPackage), testDomainOWNER(OLD)); call rbac.revokeRoleFromRole(rbactest.package_TENANT(oldPackage), rbactest.domain_OWNER(OLD));
call rbac.grantRoleToRole(testPackageTENANT(newPackage), testDomainOWNER(NEW)); call rbac.grantRoleToRole(rbactest.package_TENANT(newPackage), rbactest.domain_OWNER(NEW));
call rbac.revokeRoleFromRole(testPackageTENANT(oldPackage), testDomainADMIN(OLD)); call rbac.revokeRoleFromRole(rbactest.package_TENANT(oldPackage), rbactest.domain_ADMIN(OLD));
call rbac.grantRoleToRole(testPackageTENANT(newPackage), testDomainADMIN(NEW)); call rbac.grantRoleToRole(rbactest.package_TENANT(newPackage), rbactest.domain_ADMIN(NEW));
end if; end if;
@ -160,7 +160,7 @@ do language plpgsql $$
LOOP LOOP
call rbac.grantPermissionToRole( call rbac.grantPermissionToRole(
rbac.createPermission(row.uuid, 'INSERT', 'rbactest.domain'), rbac.createPermission(row.uuid, 'INSERT', 'rbactest.domain'),
testPackageADMIN(row)); rbactest.package_ADMIN(row));
END LOOP; END LOOP;
end; end;
$$; $$;
@ -168,7 +168,7 @@ $$;
/** /**
Grants rbactest.domain INSERT permission to specified role of new package rows. Grants rbactest.domain INSERT permission to specified role of new package rows.
*/ */
create or replace function rbactest.new_domain_grants_insert_to_package_tf() create or replace function rbactest.domain_grants_insert_to_package_tf()
returns trigger returns trigger
language plpgsql language plpgsql
strict as $$ strict as $$
@ -176,16 +176,16 @@ begin
-- unconditional for all rows in that table -- unconditional for all rows in that table
call rbac.grantPermissionToRole( call rbac.grantPermissionToRole(
rbac.createPermission(NEW.uuid, 'INSERT', 'rbactest.domain'), rbac.createPermission(NEW.uuid, 'INSERT', 'rbactest.domain'),
testPackageADMIN(NEW)); rbactest.package_ADMIN(NEW));
-- end. -- end.
return NEW; return NEW;
end; $$; end; $$;
-- z_... is to put it at the end of after insert triggers, to make sure the roles exist -- ..._z_... is to put it at the end of after insert triggers, to make sure the roles exist
create trigger z_new_domain_grants_after_insert_tg create trigger domain_z_grants_after_insert_tg
after insert on rbactest.package after insert on rbactest.package
for each row for each row
execute procedure rbactest.new_domain_grants_insert_to_package_tf(); execute procedure rbactest.domain_grants_insert_to_package_tf();
-- ============================================================================ -- ============================================================================

26
src/main/resources/db/changelog/2-rbactest/203-rbactest-domain/2038-rbactest-domain-test-data.sql
View File

@ -6,7 +6,7 @@
/* /*
Creates the given count of test unix users for a single package. Creates the given count of test unix users for a single package.
*/ */
create or replace procedure createdomainTestData( packageName varchar, domainCount int ) create or replace procedure rbactest.domain_create_test_data( packageName varchar, domainCount int )
language plpgsql as $$ language plpgsql as $$
declare declare
pac record; pac record;
@ -32,12 +32,10 @@ end; $$;
/* /*
Creates a range of unix users for mass data generation. Creates a range of unix users for mass data generation.
*/ */
create or replace procedure createdomainTestData( domainPerPackage integer ) create or replace procedure rbactest.domain_create_test_data( domainPerPackage integer )
language plpgsql as $$ language plpgsql as $$
declare declare
pac record; pac record;
pacAdmin varchar;
currentTask varchar;
begin begin
for pac in for pac in
(select p.uuid, p.name (select p.uuid, p.name
@ -45,7 +43,7 @@ begin
join rbactest.customer c on p.customeruuid = c.uuid join rbactest.customer c on p.customeruuid = c.uuid
where c.reference < 90000) -- reserved for functional testing where c.reference < 90000) -- reserved for functional testing
loop loop
call createdomainTestData(pac.name, 2); call rbactest.domain_create_test_data(pac.name, 2);
commit; commit;
end loop; end loop;
@ -59,17 +57,17 @@ end; $$;
do language plpgsql $$ do language plpgsql $$
begin begin
call createdomainTestData('xxx00', 2); call rbactest.domain_create_test_data('xxx00', 2);
call createdomainTestData('xxx01', 2); call rbactest.domain_create_test_data('xxx01', 2);
call createdomainTestData('xxx02', 2); call rbactest.domain_create_test_data('xxx02', 2);
call createdomainTestData('yyy00', 2); call rbactest.domain_create_test_data('yyy00', 2);
call createdomainTestData('yyy01', 2); call rbactest.domain_create_test_data('yyy01', 2);
call createdomainTestData('yyy02', 2); call rbactest.domain_create_test_data('yyy02', 2);
call createdomainTestData('zzz00', 2); call rbactest.domain_create_test_data('zzz00', 2);
call createdomainTestData('zzz01', 2); call rbactest.domain_create_test_data('zzz01', 2);
call createdomainTestData('zzz02', 2); call rbactest.domain_create_test_data('zzz02', 2);
end; end;
$$; $$;
--// --//

14
src/main/resources/db/changelog/5-hs-office/501-contact/5013-hs-office-contact-rbac.sql
View File

@ -12,7 +12,7 @@ call rbac.generateRelatedRbacObject('hs_office.contact');
-- ============================================================================ -- ============================================================================
--changeset RbacRoleDescriptorsGenerator:hs-office-contact-rbac-ROLE-DESCRIPTORS endDelimiter:--// --changeset RbacRoleDescriptorsGenerator:hs-office-contact-rbac-ROLE-DESCRIPTORS endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call rbac.generateRbacRoleDescriptors('hsOfficeContact', 'hs_office.contact'); call rbac.generateRbacRoleDescriptors('hs_office.contact');
--// --//
@ -35,22 +35,22 @@ begin
call rbac.enterTriggerForObjectUuid(NEW.uuid); call rbac.enterTriggerForObjectUuid(NEW.uuid);
perform rbac.defineRoleWithGrants( perform rbac.defineRoleWithGrants(
hsOfficeContactOWNER(NEW), hs_office.contact_OWNER(NEW),
permissions => array['DELETE'], permissions => array['DELETE'],
incomingSuperRoles => array[rbac.globalADMIN()], incomingSuperRoles => array[rbac.global_ADMIN()],
subjectUuids => array[rbac.currentSubjectUuid()] subjectUuids => array[rbac.currentSubjectUuid()]
); );
perform rbac.defineRoleWithGrants( perform rbac.defineRoleWithGrants(
hsOfficeContactADMIN(NEW), hs_office.contact_ADMIN(NEW),
permissions => array['UPDATE'], permissions => array['UPDATE'],
incomingSuperRoles => array[hsOfficeContactOWNER(NEW)] incomingSuperRoles => array[hs_office.contact_OWNER(NEW)]
); );
perform rbac.defineRoleWithGrants( perform rbac.defineRoleWithGrants(
hsOfficeContactREFERRER(NEW), hs_office.contact_REFERRER(NEW),
permissions => array['SELECT'], permissions => array['SELECT'],
incomingSuperRoles => array[hsOfficeContactADMIN(NEW)] incomingSuperRoles => array[hs_office.contact_ADMIN(NEW)]
); );
call rbac.leaveTriggerForObjectUuid(NEW.uuid); call rbac.leaveTriggerForObjectUuid(NEW.uuid);

12
src/main/resources/db/changelog/5-hs-office/501-contact/5016-hs-office-contact-migration.sql
View File

@ -49,7 +49,7 @@ INSERT INTO hs_office.contact_legacy_id(uuid, contact_id)
-- ============================================================================ -- ============================================================================
--changeset michael.hoennig:hs-office-contact-MIGRATION-insert-trigger endDelimiter:--// --changeset michael.hoennig:hs-office-contact-MIGRATION-insert-trigger endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
create or replace function insertContactLegacyIdMapping() create or replace function hs_office.contact_insert_legacy_id_mapping_tf()
returns trigger returns trigger
language plpgsql language plpgsql
strict as $$ strict as $$
@ -64,17 +64,17 @@ begin
return NEW; return NEW;
end; $$; end; $$;
create trigger createContactLegacyIdMapping create trigger insert_legacy_id_mapping_tg
after insert on hs_office.contact after insert on hs_office.contact
for each row for each row
execute procedure insertContactLegacyIdMapping(); execute procedure hs_office.contact_insert_legacy_id_mapping_tf();
--/ --/
-- ============================================================================ -- ============================================================================
--changeset michael.hoennig:hs-office-contact-MIGRATION-delete-trigger endDelimiter:--// --changeset michael.hoennig:hs-office-contact-MIGRATION-delete-trigger endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
create or replace function deleteContactLegacyIdMapping() create or replace function hs_office.contact_delete_legacy_id_mapping_tf()
returns trigger returns trigger
language plpgsql language plpgsql
strict as $$ strict as $$
@ -89,8 +89,8 @@ begin
return OLD; return OLD;
end; $$; end; $$;
create trigger removeContactLegacyIdMapping create trigger delete_legacy_id_mapping_tf
before delete on hs_office.contact before delete on hs_office.contact
for each row for each row
execute procedure deleteContactLegacyIdMapping(); execute procedure hs_office.contact_delete_legacy_id_mapping_tf();
--/ --/

30
src/main/resources/db/changelog/5-hs-office/501-contact/5018-hs-office-contact-test-data.sql
View File

@ -8,7 +8,7 @@
/* /*
Creates a single contact test record. Creates a single contact test record.
*/ */
create or replace procedure createHsOfficeContactTestData(contCaption varchar) create or replace procedure hs_office.contact_create_test_data(contCaption varchar)
language plpgsql as $$ language plpgsql as $$
declare declare
postalAddr varchar; postalAddr varchar;
@ -36,7 +36,7 @@ end; $$;
/* /*
Creates a range of test contact for mass data generation. Creates a range of test contact for mass data generation.
*/ */
create or replace procedure createHsOfficeContactTestData( create or replace procedure hs_office.contact_create_test_data(
startCount integer, -- count of auto generated rows before the run startCount integer, -- count of auto generated rows before the run
endCount integer -- count of auto generated rows after the run endCount integer -- count of auto generated rows after the run
) )
@ -44,7 +44,7 @@ create or replace procedure createHsOfficeContactTestData(
begin begin
for t in startCount..endCount for t in startCount..endCount
loop loop
call createHsOfficeContactTestData(base.intToVarChar(t, 4) || '#' || t); call hs_office.contact_create_test_data(base.intToVarChar(t, 4) || '#' || t);
commit; commit;
end loop; end loop;
end; $$; end; $$;
@ -58,18 +58,18 @@ end; $$;
do language plpgsql $$ do language plpgsql $$
begin begin
-- TODO: use better names -- TODO: use better names
call createHsOfficeContactTestData('first contact'); call hs_office.contact_create_test_data('first contact');
call createHsOfficeContactTestData('second contact'); call hs_office.contact_create_test_data('second contact');
call createHsOfficeContactTestData('third contact'); call hs_office.contact_create_test_data('third contact');
call createHsOfficeContactTestData('fourth contact'); call hs_office.contact_create_test_data('fourth contact');
call createHsOfficeContactTestData('fifth contact'); call hs_office.contact_create_test_data('fifth contact');
call createHsOfficeContactTestData('sixth contact'); call hs_office.contact_create_test_data('sixth contact');
call createHsOfficeContactTestData('seventh contact'); call hs_office.contact_create_test_data('seventh contact');
call createHsOfficeContactTestData('eighth contact'); call hs_office.contact_create_test_data('eighth contact');
call createHsOfficeContactTestData('ninth contact'); call hs_office.contact_create_test_data('ninth contact');
call createHsOfficeContactTestData('tenth contact'); call hs_office.contact_create_test_data('tenth contact');
call createHsOfficeContactTestData('eleventh contact'); call hs_office.contact_create_test_data('eleventh contact');
call createHsOfficeContactTestData('twelfth contact'); call hs_office.contact_create_test_data('twelfth contact');
end; end;
$$; $$;
--// --//

6
src/main/resources/db/changelog/5-hs-office/502-person/5020-hs-office-person.sql
View File

@ -4,7 +4,7 @@
--changeset michael.hoennig:hs-office-person-MAIN-TABLE endDelimiter:--// --changeset michael.hoennig:hs-office-person-MAIN-TABLE endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
CREATE TYPE HsOfficePersonType AS ENUM ( CREATE TYPE hs_office.PersonType AS ENUM (
'??', -- unknown '??', -- unknown
'NP', -- natural person 'NP', -- natural person
'LP', -- legal person 'LP', -- legal person
@ -12,13 +12,13 @@ CREATE TYPE HsOfficePersonType AS ENUM (
'UF', -- unincorporated firm 'UF', -- unincorporated firm
'PI'); -- public institution 'PI'); -- public institution
CREATE CAST (character varying as HsOfficePersonType) WITH INOUT AS IMPLICIT; CREATE CAST (character varying as hs_office.PersonType) WITH INOUT AS IMPLICIT;
create table if not exists hs_office.person create table if not exists hs_office.person
( (
uuid uuid unique references rbac.object (uuid) initially deferred, uuid uuid unique references rbac.object (uuid) initially deferred,
version int not null default 0, version int not null default 0,
personType HsOfficePersonType not null, personType hs_office.PersonType not null,
tradeName varchar(96), tradeName varchar(96),
salutation varchar(30), salutation varchar(30),
title varchar(20), title varchar(20),

14
src/main/resources/db/changelog/5-hs-office/502-person/5023-hs-office-person-rbac.sql
View File

@ -12,7 +12,7 @@ call rbac.generateRelatedRbacObject('hs_office.person');
-- ============================================================================ -- ============================================================================
--changeset RbacRoleDescriptorsGenerator:hs-office-person-rbac-ROLE-DESCRIPTORS endDelimiter:--// --changeset RbacRoleDescriptorsGenerator:hs-office-person-rbac-ROLE-DESCRIPTORS endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call rbac.generateRbacRoleDescriptors('hsOfficePerson', 'hs_office.person'); call rbac.generateRbacRoleDescriptors('hs_office.person');
--// --//
@ -35,22 +35,22 @@ begin
call rbac.enterTriggerForObjectUuid(NEW.uuid); call rbac.enterTriggerForObjectUuid(NEW.uuid);
perform rbac.defineRoleWithGrants( perform rbac.defineRoleWithGrants(
hsOfficePersonOWNER(NEW), hs_office.person_OWNER(NEW),
permissions => array['DELETE'], permissions => array['DELETE'],
incomingSuperRoles => array[rbac.globalADMIN()], incomingSuperRoles => array[rbac.global_ADMIN()],
subjectUuids => array[rbac.currentSubjectUuid()] subjectUuids => array[rbac.currentSubjectUuid()]
); );
perform rbac.defineRoleWithGrants( perform rbac.defineRoleWithGrants(
hsOfficePersonADMIN(NEW), hs_office.person_ADMIN(NEW),
permissions => array['UPDATE'], permissions => array['UPDATE'],
incomingSuperRoles => array[hsOfficePersonOWNER(NEW)] incomingSuperRoles => array[hs_office.person_OWNER(NEW)]
); );
perform rbac.defineRoleWithGrants( perform rbac.defineRoleWithGrants(
hsOfficePersonREFERRER(NEW), hs_office.person_REFERRER(NEW),
permissions => array['SELECT'], permissions => array['SELECT'],
incomingSuperRoles => array[hsOfficePersonADMIN(NEW)] incomingSuperRoles => array[hs_office.person_ADMIN(NEW)]
); );
call rbac.leaveTriggerForObjectUuid(NEW.uuid); call rbac.leaveTriggerForObjectUuid(NEW.uuid);

47
src/main/resources/db/changelog/5-hs-office/502-person/5028-hs-office-person-test-data.sql
View File

@ -8,8 +8,8 @@
/* /*
Creates a single person test record. Creates a single person test record.
*/ */
create or replace procedure createHsOfficePersonTestData( create or replace procedure hs_office.person_create_test_data(
newPersonType HsOfficePersonType, newPersonType hs_office.PersonType,
newTradeName varchar, newTradeName varchar,
newFamilyName varchar = null, newFamilyName varchar = null,
newGivenName varchar = null newGivenName varchar = null
@ -32,23 +32,6 @@ begin
end; $$; end; $$;
--// --//
/*
Creates a range of test persons for mass data generation.
*/
create or replace procedure createTestPersonTestData(
startCount integer, -- count of auto generated rows before the run
endCount integer -- count of auto generated rows after the run
)
language plpgsql as $$
begin
for t in startCount..endCount
loop
call createHsOfficePersonTestData('LP', base.intToVarChar(t, 4));
commit;
end loop;
end; $$;
--//
-- ============================================================================ -- ============================================================================
--changeset michael.hoennig:hs-office-person-TEST-DATA-GENERATION context=dev,tc endDelimiter:--// --changeset michael.hoennig:hs-office-person-TEST-DATA-GENERATION context=dev,tc endDelimiter:--//
@ -56,19 +39,19 @@ end; $$;
do language plpgsql $$ do language plpgsql $$
begin begin
call createHsOfficePersonTestData('LP', 'Hostsharing eG'); call hs_office.person_create_test_data('LP', 'Hostsharing eG');
call createHsOfficePersonTestData('LP', 'First GmbH'); call hs_office.person_create_test_data('LP', 'First GmbH');
call createHsOfficePersonTestData('NP', null, 'Firby', 'Susan'); call hs_office.person_create_test_data('NP', null, 'Firby', 'Susan');
call createHsOfficePersonTestData('NP', null, 'Smith', 'Peter'); call hs_office.person_create_test_data('NP', null, 'Smith', 'Peter');
call createHsOfficePersonTestData('NP', null, 'Tucker', 'Jack'); call hs_office.person_create_test_data('NP', null, 'Tucker', 'Jack');
call createHsOfficePersonTestData('NP', null, 'Fouler', 'Ellie'); call hs_office.person_create_test_data('NP', null, 'Fouler', 'Ellie');
call createHsOfficePersonTestData('LP', 'Second e.K.', 'Smith', 'Peter'); call hs_office.person_create_test_data('LP', 'Second e.K.', 'Smith', 'Peter');
call createHsOfficePersonTestData('IF', 'Third OHG'); call hs_office.person_create_test_data('IF', 'Third OHG');
call createHsOfficePersonTestData('LP', 'Fourth eG'); call hs_office.person_create_test_data('LP', 'Fourth eG');
call createHsOfficePersonTestData('UF', 'Erben Bessler', 'Mel', 'Bessler'); call hs_office.person_create_test_data('UF', 'Erben Bessler', 'Mel', 'Bessler');
call createHsOfficePersonTestData('NP', null, 'Bessler', 'Anita'); call hs_office.person_create_test_data('NP', null, 'Bessler', 'Anita');
call createHsOfficePersonTestData('NP', null, 'Bessler', 'Bert'); call hs_office.person_create_test_data('NP', null, 'Bessler', 'Bert');
call createHsOfficePersonTestData('NP', null, 'Winkler', 'Paul'); call hs_office.person_create_test_data('NP', null, 'Winkler', 'Paul');
end; end;
$$; $$;
--// --//

6
src/main/resources/db/changelog/5-hs-office/503-relation/5030-hs-office-relation.sql
View File

@ -4,7 +4,7 @@
--changeset michael.hoennig:hs-office-relation-MAIN-TABLE endDelimiter:--// --changeset michael.hoennig:hs-office-relation-MAIN-TABLE endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
CREATE TYPE HsOfficeRelationType AS ENUM ( CREATE TYPE hs_office.RelationType AS ENUM (
'UNKNOWN', 'UNKNOWN',
'PARTNER', 'PARTNER',
'EX_PARTNER', 'EX_PARTNER',
@ -14,7 +14,7 @@ CREATE TYPE HsOfficeRelationType AS ENUM (
'OPERATIONS', 'OPERATIONS',
'SUBSCRIBER'); 'SUBSCRIBER');
CREATE CAST (character varying as HsOfficeRelationType) WITH INOUT AS IMPLICIT; CREATE CAST (character varying as hs_office.RelationType) WITH INOUT AS IMPLICIT;
create table if not exists hs_office.relation create table if not exists hs_office.relation
( (
@ -23,7 +23,7 @@ create table if not exists hs_office.relation
anchorUuid uuid not null references hs_office.person(uuid), anchorUuid uuid not null references hs_office.person(uuid),
holderUuid uuid not null references hs_office.person(uuid), holderUuid uuid not null references hs_office.person(uuid),
contactUuid uuid references hs_office.contact(uuid), contactUuid uuid references hs_office.contact(uuid),
type HsOfficeRelationType not null, type hs_office.RelationType not null,
mark varchar(24) mark varchar(24)
); );
--// --//

48
src/main/resources/db/changelog/5-hs-office/503-relation/5033-hs-office-relation-rbac.sql
View File

@ -12,7 +12,7 @@ call rbac.generateRelatedRbacObject('hs_office.relation');
-- ============================================================================ -- ============================================================================
--changeset RbacRoleDescriptorsGenerator:hs-office-relation-rbac-ROLE-DESCRIPTORS endDelimiter:--// --changeset RbacRoleDescriptorsGenerator:hs-office-relation-rbac-ROLE-DESCRIPTORS endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call rbac.generateRbacRoleDescriptors('hsOfficeRelation', 'hs_office.relation'); call rbac.generateRbacRoleDescriptors('hs_office.relation');
--// --//
@ -48,42 +48,42 @@ begin
perform rbac.defineRoleWithGrants( perform rbac.defineRoleWithGrants(
hsOfficeRelationOWNER(NEW), hs_office.relation_OWNER(NEW),
permissions => array['DELETE'], permissions => array['DELETE'],
incomingSuperRoles => array[rbac.globalADMIN()], incomingSuperRoles => array[rbac.global_ADMIN()],
subjectUuids => array[rbac.currentSubjectUuid()] subjectUuids => array[rbac.currentSubjectUuid()]
); );
perform rbac.defineRoleWithGrants( perform rbac.defineRoleWithGrants(
hsOfficeRelationADMIN(NEW), hs_office.relation_ADMIN(NEW),
permissions => array['UPDATE'], permissions => array['UPDATE'],
incomingSuperRoles => array[hsOfficeRelationOWNER(NEW)] incomingSuperRoles => array[hs_office.relation_OWNER(NEW)]
); );
perform rbac.defineRoleWithGrants( perform rbac.defineRoleWithGrants(
hsOfficeRelationAGENT(NEW), hs_office.relation_AGENT(NEW),
incomingSuperRoles => array[hsOfficeRelationADMIN(NEW)] incomingSuperRoles => array[hs_office.relation_ADMIN(NEW)]
); );
perform rbac.defineRoleWithGrants( perform rbac.defineRoleWithGrants(
hsOfficeRelationTENANT(NEW), hs_office.relation_TENANT(NEW),
permissions => array['SELECT'], permissions => array['SELECT'],
incomingSuperRoles => array[ incomingSuperRoles => array[
hsOfficeContactADMIN(newContact), hs_office.contact_ADMIN(newContact),
hsOfficeRelationAGENT(NEW)], hs_office.relation_AGENT(NEW)],
outgoingSubRoles => array[ outgoingSubRoles => array[
hsOfficeContactREFERRER(newContact), hs_office.contact_REFERRER(newContact),
hsOfficePersonREFERRER(newAnchorPerson), hs_office.person_REFERRER(newAnchorPerson),
hsOfficePersonREFERRER(newHolderPerson)] hs_office.person_REFERRER(newHolderPerson)]
); );
IF NEW.type = 'REPRESENTATIVE' THEN IF NEW.type = 'REPRESENTATIVE' THEN
call rbac.grantRoleToRole(hsOfficePersonOWNER(newAnchorPerson), hsOfficeRelationADMIN(NEW)); call rbac.grantRoleToRole(hs_office.person_OWNER(newAnchorPerson), hs_office.relation_ADMIN(NEW));
call rbac.grantRoleToRole(hsOfficeRelationAGENT(NEW), hsOfficePersonADMIN(newAnchorPerson)); call rbac.grantRoleToRole(hs_office.relation_AGENT(NEW), hs_office.person_ADMIN(newAnchorPerson));
call rbac.grantRoleToRole(hsOfficeRelationOWNER(NEW), hsOfficePersonADMIN(newHolderPerson)); call rbac.grantRoleToRole(hs_office.relation_OWNER(NEW), hs_office.person_ADMIN(newHolderPerson));
ELSE ELSE
call rbac.grantRoleToRole(hsOfficeRelationAGENT(NEW), hsOfficePersonADMIN(newHolderPerson)); call rbac.grantRoleToRole(hs_office.relation_AGENT(NEW), hs_office.person_ADMIN(newHolderPerson));
call rbac.grantRoleToRole(hsOfficeRelationOWNER(NEW), hsOfficePersonADMIN(newAnchorPerson)); call rbac.grantRoleToRole(hs_office.relation_OWNER(NEW), hs_office.person_ADMIN(newAnchorPerson));
END IF; END IF;
call rbac.leaveTriggerForObjectUuid(NEW.uuid); call rbac.leaveTriggerForObjectUuid(NEW.uuid);
@ -170,7 +170,7 @@ do language plpgsql $$
LOOP LOOP
call rbac.grantPermissionToRole( call rbac.grantPermissionToRole(
rbac.createPermission(row.uuid, 'INSERT', 'hs_office.relation'), rbac.createPermission(row.uuid, 'INSERT', 'hs_office.relation'),
hsOfficePersonADMIN(row)); hs_office.person_ADMIN(row));
END LOOP; END LOOP;
end; end;
$$; $$;
@ -178,7 +178,7 @@ $$;
/** /**
Grants hs_office.relation INSERT permission to specified role of new person rows. Grants hs_office.relation INSERT permission to specified role of new person rows.
*/ */
create or replace function hs_office.new_relation_grants_insert_to_person_tf() create or replace function hs_office.relation_grants_insert_to_person_tf()
returns trigger returns trigger
language plpgsql language plpgsql
strict as $$ strict as $$
@ -186,16 +186,16 @@ begin
-- unconditional for all rows in that table -- unconditional for all rows in that table
call rbac.grantPermissionToRole( call rbac.grantPermissionToRole(
rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office.relation'), rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office.relation'),
hsOfficePersonADMIN(NEW)); hs_office.person_ADMIN(NEW));
-- end. -- end.
return NEW; return NEW;
end; $$; end; $$;
-- z_... is to put it at the end of after insert triggers, to make sure the roles exist -- ..._z_... is to put it at the end of after insert triggers, to make sure the roles exist
create trigger z_new_relation_grants_after_insert_tg create trigger relation_z_grants_after_insert_tg
after insert on hs_office.person after insert on hs_office.person
for each row for each row
execute procedure hs_office.new_relation_grants_insert_to_person_tf(); execute procedure hs_office.relation_grants_insert_to_person_tf();
-- ============================================================================ -- ============================================================================

38
src/main/resources/db/changelog/5-hs-office/503-relation/5038-hs-office-relation-test-data.sql
View File

@ -8,9 +8,9 @@
/* /*
Creates a single relation test record. Creates a single relation test record.
*/ */
create or replace procedure createHsOfficeRelationTestData( create or replace procedure hs_office.relation_create_test_data(
holderPersonName varchar, holderPersonName varchar,
relationType HsOfficeRelationType, relationType hs_office.RelationType,
anchorPersonName varchar, anchorPersonName varchar,
contactCaption varchar, contactCaption varchar,
mark varchar default null) mark varchar default null)
@ -58,7 +58,7 @@ end; $$;
/* /*
Creates a range of test relation for mass data generation. Creates a range of test relation for mass data generation.
*/ */
create or replace procedure createHsOfficeRelationTestData( create or replace procedure hs_office.relation_create_test_data(
startCount integer, -- count of auto generated rows before the run startCount integer, -- count of auto generated rows before the run
endCount integer -- count of auto generated rows after the run endCount integer -- count of auto generated rows after the run
) )
@ -72,7 +72,7 @@ begin
select p.* from hs_office.person p where tradeName = base.intToVarChar(t, 4) into person; select p.* from hs_office.person p where tradeName = base.intToVarChar(t, 4) into person;
select c.* from hs_office.contact c where c.caption = base.intToVarChar(t, 4) || '#' || t into contact; select c.* from hs_office.contact c where c.caption = base.intToVarChar(t, 4) || '#' || t into contact;
call createHsOfficeRelationTestData(person.uuid, contact.uuid, 'REPRESENTATIVE'); call hs_office.relation_create_test_data(person.uuid, contact.uuid, 'REPRESENTATIVE');
commit; commit;
end loop; end loop;
end; $$; end; $$;
@ -87,25 +87,25 @@ do language plpgsql $$
begin begin
call base.defineContext('creating relation test-data', null, 'superuser-alex@hostsharing.net', 'rbac.global#global:ADMIN'); call base.defineContext('creating relation test-data', null, 'superuser-alex@hostsharing.net', 'rbac.global#global:ADMIN');
call createHsOfficeRelationTestData('First GmbH', 'PARTNER', 'Hostsharing eG', 'first contact'); call hs_office.relation_create_test_data('First GmbH', 'PARTNER', 'Hostsharing eG', 'first contact');
call createHsOfficeRelationTestData('Firby', 'REPRESENTATIVE', 'First GmbH', 'first contact'); call hs_office.relation_create_test_data('Firby', 'REPRESENTATIVE', 'First GmbH', 'first contact');
call createHsOfficeRelationTestData('First GmbH', 'DEBITOR', 'First GmbH', 'first contact'); call hs_office.relation_create_test_data('First GmbH', 'DEBITOR', 'First GmbH', 'first contact');
call createHsOfficeRelationTestData('Second e.K.', 'PARTNER', 'Hostsharing eG', 'second contact'); call hs_office.relation_create_test_data('Second e.K.', 'PARTNER', 'Hostsharing eG', 'second contact');
call createHsOfficeRelationTestData('Smith', 'REPRESENTATIVE', 'Second e.K.', 'second contact'); call hs_office.relation_create_test_data('Smith', 'REPRESENTATIVE', 'Second e.K.', 'second contact');
call createHsOfficeRelationTestData('Second e.K.', 'DEBITOR', 'Second e.K.', 'second contact'); call hs_office.relation_create_test_data('Second e.K.', 'DEBITOR', 'Second e.K.', 'second contact');
call createHsOfficeRelationTestData('Third OHG', 'PARTNER', 'Hostsharing eG', 'third contact'); call hs_office.relation_create_test_data('Third OHG', 'PARTNER', 'Hostsharing eG', 'third contact');
call createHsOfficeRelationTestData('Tucker', 'REPRESENTATIVE', 'Third OHG', 'third contact'); call hs_office.relation_create_test_data('Tucker', 'REPRESENTATIVE', 'Third OHG', 'third contact');
call createHsOfficeRelationTestData('Third OHG', 'DEBITOR', 'Third OHG', 'third contact'); call hs_office.relation_create_test_data('Third OHG', 'DEBITOR', 'Third OHG', 'third contact');
call createHsOfficeRelationTestData('Fourth eG', 'PARTNER', 'Hostsharing eG', 'fourth contact'); call hs_office.relation_create_test_data('Fourth eG', 'PARTNER', 'Hostsharing eG', 'fourth contact');
call createHsOfficeRelationTestData('Fouler', 'REPRESENTATIVE', 'Third OHG', 'third contact'); call hs_office.relation_create_test_data('Fouler', 'REPRESENTATIVE', 'Third OHG', 'third contact');
call createHsOfficeRelationTestData('Third OHG', 'DEBITOR', 'Third OHG', 'third contact'); call hs_office.relation_create_test_data('Third OHG', 'DEBITOR', 'Third OHG', 'third contact');
call createHsOfficeRelationTestData('Smith', 'PARTNER', 'Hostsharing eG', 'sixth contact'); call hs_office.relation_create_test_data('Smith', 'PARTNER', 'Hostsharing eG', 'sixth contact');
call createHsOfficeRelationTestData('Smith', 'DEBITOR', 'Smith', 'third contact'); call hs_office.relation_create_test_data('Smith', 'DEBITOR', 'Smith', 'third contact');
call createHsOfficeRelationTestData('Smith', 'SUBSCRIBER', 'Third OHG', 'third contact', 'members-announce'); call hs_office.relation_create_test_data('Smith', 'SUBSCRIBER', 'Third OHG', 'third contact', 'members-announce');
end; end;
$$; $$;
--// --//

50
src/main/resources/db/changelog/5-hs-office/504-partner/5043-hs-office-partner-rbac.sql
View File

@ -12,7 +12,7 @@ call rbac.generateRelatedRbacObject('hs_office.partner');
-- ============================================================================ -- ============================================================================
--changeset RbacRoleDescriptorsGenerator:hs-office-partner-rbac-ROLE-DESCRIPTORS endDelimiter:--// --changeset RbacRoleDescriptorsGenerator:hs-office-partner-rbac-ROLE-DESCRIPTORS endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call rbac.generateRbacRoleDescriptors('hsOfficePartner', 'hs_office.partner'); call rbac.generateRbacRoleDescriptors('hs_office.partner');
--// --//
@ -42,12 +42,12 @@ begin
SELECT * FROM hs_office.partner_details WHERE uuid = NEW.detailsUuid INTO newPartnerDetails; SELECT * FROM hs_office.partner_details WHERE uuid = NEW.detailsUuid INTO newPartnerDetails;
assert newPartnerDetails.uuid is not null, format('newPartnerDetails must not be null for NEW.detailsUuid = %s', NEW.detailsUuid); assert newPartnerDetails.uuid is not null, format('newPartnerDetails must not be null for NEW.detailsUuid = %s', NEW.detailsUuid);
call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'DELETE'), hsOfficeRelationOWNER(newPartnerRel)); call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'DELETE'), hs_office.relation_OWNER(newPartnerRel));
call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'SELECT'), hsOfficeRelationTENANT(newPartnerRel)); call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'SELECT'), hs_office.relation_TENANT(newPartnerRel));
call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'UPDATE'), hsOfficeRelationADMIN(newPartnerRel)); call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'UPDATE'), hs_office.relation_ADMIN(newPartnerRel));
call rbac.grantPermissionToRole(rbac.createPermission(newPartnerDetails.uuid, 'DELETE'), hsOfficeRelationOWNER(newPartnerRel)); call rbac.grantPermissionToRole(rbac.createPermission(newPartnerDetails.uuid, 'DELETE'), hs_office.relation_OWNER(newPartnerRel));
call rbac.grantPermissionToRole(rbac.createPermission(newPartnerDetails.uuid, 'SELECT'), hsOfficeRelationAGENT(newPartnerRel)); call rbac.grantPermissionToRole(rbac.createPermission(newPartnerDetails.uuid, 'SELECT'), hs_office.relation_AGENT(newPartnerRel));
call rbac.grantPermissionToRole(rbac.createPermission(newPartnerDetails.uuid, 'UPDATE'), hsOfficeRelationAGENT(newPartnerRel)); call rbac.grantPermissionToRole(rbac.createPermission(newPartnerDetails.uuid, 'UPDATE'), hs_office.relation_AGENT(newPartnerRel));
call rbac.leaveTriggerForObjectUuid(NEW.uuid); call rbac.leaveTriggerForObjectUuid(NEW.uuid);
end; $$; end; $$;
@ -110,23 +110,23 @@ begin
if NEW.partnerRelUuid <> OLD.partnerRelUuid then if NEW.partnerRelUuid <> OLD.partnerRelUuid then
call rbac.revokePermissionFromRole(rbac.getPermissionId(OLD.uuid, 'DELETE'), hsOfficeRelationOWNER(oldPartnerRel)); call rbac.revokePermissionFromRole(rbac.getPermissionId(OLD.uuid, 'DELETE'), hs_office.relation_OWNER(oldPartnerRel));
call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'DELETE'), hsOfficeRelationOWNER(newPartnerRel)); call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'DELETE'), hs_office.relation_OWNER(newPartnerRel));
call rbac.revokePermissionFromRole(rbac.getPermissionId(OLD.uuid, 'UPDATE'), hsOfficeRelationADMIN(oldPartnerRel)); call rbac.revokePermissionFromRole(rbac.getPermissionId(OLD.uuid, 'UPDATE'), hs_office.relation_ADMIN(oldPartnerRel));
call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'UPDATE'), hsOfficeRelationADMIN(newPartnerRel)); call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'UPDATE'), hs_office.relation_ADMIN(newPartnerRel));
call rbac.revokePermissionFromRole(rbac.getPermissionId(OLD.uuid, 'SELECT'), hsOfficeRelationTENANT(oldPartnerRel)); call rbac.revokePermissionFromRole(rbac.getPermissionId(OLD.uuid, 'SELECT'), hs_office.relation_TENANT(oldPartnerRel));
call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'SELECT'), hsOfficeRelationTENANT(newPartnerRel)); call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'SELECT'), hs_office.relation_TENANT(newPartnerRel));
call rbac.revokePermissionFromRole(rbac.getPermissionId(oldPartnerDetails.uuid, 'DELETE'), hsOfficeRelationOWNER(oldPartnerRel)); call rbac.revokePermissionFromRole(rbac.getPermissionId(oldPartnerDetails.uuid, 'DELETE'), hs_office.relation_OWNER(oldPartnerRel));
call rbac.grantPermissionToRole(rbac.createPermission(newPartnerDetails.uuid, 'DELETE'), hsOfficeRelationOWNER(newPartnerRel)); call rbac.grantPermissionToRole(rbac.createPermission(newPartnerDetails.uuid, 'DELETE'), hs_office.relation_OWNER(newPartnerRel));
call rbac.revokePermissionFromRole(rbac.getPermissionId(oldPartnerDetails.uuid, 'UPDATE'), hsOfficeRelationAGENT(oldPartnerRel)); call rbac.revokePermissionFromRole(rbac.getPermissionId(oldPartnerDetails.uuid, 'UPDATE'), hs_office.relation_AGENT(oldPartnerRel));
call rbac.grantPermissionToRole(rbac.createPermission(newPartnerDetails.uuid, 'UPDATE'), hsOfficeRelationAGENT(newPartnerRel)); call rbac.grantPermissionToRole(rbac.createPermission(newPartnerDetails.uuid, 'UPDATE'), hs_office.relation_AGENT(newPartnerRel));
call rbac.revokePermissionFromRole(rbac.getPermissionId(oldPartnerDetails.uuid, 'SELECT'), hsOfficeRelationAGENT(oldPartnerRel)); call rbac.revokePermissionFromRole(rbac.getPermissionId(oldPartnerDetails.uuid, 'SELECT'), hs_office.relation_AGENT(oldPartnerRel));
call rbac.grantPermissionToRole(rbac.createPermission(newPartnerDetails.uuid, 'SELECT'), hsOfficeRelationAGENT(newPartnerRel)); call rbac.grantPermissionToRole(rbac.createPermission(newPartnerDetails.uuid, 'SELECT'), hs_office.relation_AGENT(newPartnerRel));
end if; end if;
@ -173,7 +173,7 @@ do language plpgsql $$
LOOP LOOP
call rbac.grantPermissionToRole( call rbac.grantPermissionToRole(
rbac.createPermission(row.uuid, 'INSERT', 'hs_office.partner'), rbac.createPermission(row.uuid, 'INSERT', 'hs_office.partner'),
rbac.globalADMIN()); rbac.global_ADMIN());
END LOOP; END LOOP;
end; end;
$$; $$;
@ -181,7 +181,7 @@ $$;
/** /**
Grants hs_office.partner INSERT permission to specified role of new global rows. Grants hs_office.partner INSERT permission to specified role of new global rows.
*/ */
create or replace function hs_office.new_partner_grants_insert_to_global_tf() create or replace function hs_office.partner_grants_insert_to_global_tf()
returns trigger returns trigger
language plpgsql language plpgsql
strict as $$ strict as $$
@ -189,16 +189,16 @@ begin
-- unconditional for all rows in that table -- unconditional for all rows in that table
call rbac.grantPermissionToRole( call rbac.grantPermissionToRole(
rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office.partner'), rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office.partner'),
rbac.globalADMIN()); rbac.global_ADMIN());
-- end. -- end.
return NEW; return NEW;
end; $$; end; $$;
-- z_... is to put it at the end of after insert triggers, to make sure the roles exist -- ..._z_... is to put it at the end of after insert triggers, to make sure the roles exist
create trigger z_new_partner_grants_after_insert_tg create trigger partner_z_grants_after_insert_tg
after insert on rbac.global after insert on rbac.global
for each row for each row
execute procedure hs_office.new_partner_grants_insert_to_global_tf(); execute procedure hs_office.partner_grants_insert_to_global_tf();
-- ============================================================================ -- ============================================================================

14
src/main/resources/db/changelog/5-hs-office/504-partner/5044-hs-office-partner-details-rbac.sql
View File

@ -12,7 +12,7 @@ call rbac.generateRelatedRbacObject('hs_office.partner_details');
-- ============================================================================ -- ============================================================================
--changeset RbacRoleDescriptorsGenerator:hs-office-partner-details-rbac-ROLE-DESCRIPTORS endDelimiter:--// --changeset RbacRoleDescriptorsGenerator:hs-office-partner-details-rbac-ROLE-DESCRIPTORS endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call rbac.generateRbacRoleDescriptors('hsOfficePartnerDetails', 'hs_office.partner_details'); call rbac.generateRbacRoleDescriptors('hs_office.partner_details');
--// --//
@ -77,7 +77,7 @@ do language plpgsql $$
LOOP LOOP
call rbac.grantPermissionToRole( call rbac.grantPermissionToRole(
rbac.createPermission(row.uuid, 'INSERT', 'hs_office.partner_details'), rbac.createPermission(row.uuid, 'INSERT', 'hs_office.partner_details'),
rbac.globalADMIN()); rbac.global_ADMIN());
END LOOP; END LOOP;
end; end;
$$; $$;
@ -85,7 +85,7 @@ $$;
/** /**
Grants hs_office.partner_details INSERT permission to specified role of new global rows. Grants hs_office.partner_details INSERT permission to specified role of new global rows.
*/ */
create or replace function hs_office.new_partner_details_grants_insert_to_global_tf() create or replace function hs_office.partner_details_grants_insert_to_global_tf()
returns trigger returns trigger
language plpgsql language plpgsql
strict as $$ strict as $$
@ -93,16 +93,16 @@ begin
-- unconditional for all rows in that table -- unconditional for all rows in that table
call rbac.grantPermissionToRole( call rbac.grantPermissionToRole(
rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office.partner_details'), rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office.partner_details'),
rbac.globalADMIN()); rbac.global_ADMIN());
-- end. -- end.
return NEW; return NEW;
end; $$; end; $$;
-- z_... is to put it at the end of after insert triggers, to make sure the roles exist -- ..._z_... is to put it at the end of after insert triggers, to make sure the roles exist
create trigger z_new_partner_details_grants_after_insert_tg create trigger partner_details_z_grants_after_insert_tg
after insert on rbac.global after insert on rbac.global
for each row for each row
execute procedure hs_office.new_partner_details_grants_insert_to_global_tf(); execute procedure hs_office.partner_details_grants_insert_to_global_tf();
-- ============================================================================ -- ============================================================================

12
src/main/resources/db/changelog/5-hs-office/504-partner/5046-hs-office-partner-migration.sql
View File

@ -48,7 +48,7 @@ INSERT INTO hs_office.partner_legacy_id(uuid, bp_id)
-- ============================================================================ -- ============================================================================
--changeset michael.hoennig:hs-office-partner-MIGRATION-insert-trigger endDelimiter:--// --changeset michael.hoennig:hs-office-partner-MIGRATION-insert-trigger endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
create or replace function insertPartnerLegacyIdMapping() create or replace function hs_office.partner_insert_legacy_id_mapping_tf()
returns trigger returns trigger
language plpgsql language plpgsql
strict as $$ strict as $$
@ -63,17 +63,17 @@ begin
return NEW; return NEW;
end; $$; end; $$;
create trigger createPartnerLegacyIdMapping create trigger insert_legacy_id_mapping_tf
after insert on hs_office.partner after insert on hs_office.partner
for each row for each row
execute procedure insertPartnerLegacyIdMapping(); execute procedure hs_office.partner_insert_legacy_id_mapping_tf();
--/ --/
-- ============================================================================ -- ============================================================================
--changeset michael.hoennig:hs-office-partner-MIGRATION-delete-trigger endDelimiter:--// --changeset michael.hoennig:hs-office-partner-MIGRATION-delete-trigger endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
create or replace function deletePartnerLegacyIdMapping() create or replace function hs_office.partner_delete_legacy_id_mapping_tf()
returns trigger returns trigger
language plpgsql language plpgsql
strict as $$ strict as $$
@ -88,8 +88,8 @@ begin
return OLD; return OLD;
end; $$; end; $$;
create trigger removePartnerLegacyIdMapping create trigger delete_legacy_id_mapping_tg
before delete on hs_office.partner before delete on hs_office.partner
for each row for each row
execute procedure deletePartnerLegacyIdMapping(); execute procedure hs_office.partner_delete_legacy_id_mapping_tf();
--/ --/

12
src/main/resources/db/changelog/5-hs-office/504-partner/5048-hs-office-partner-test-data.sql
View File

@ -8,7 +8,7 @@
/* /*
Creates a single partner test record. Creates a single partner test record.
*/ */
create or replace procedure createHsOfficePartnerTestData( create or replace procedure hs_office.partner_create_test_data(
mandantTradeName varchar, mandantTradeName varchar,
newPartnerNumber numeric(5), newPartnerNumber numeric(5),
partnerPersonName varchar, partnerPersonName varchar,
@ -73,11 +73,11 @@ do language plpgsql $$
begin begin
call base.defineContext('creating partner test-data ', null, 'superuser-alex@hostsharing.net', 'rbac.global#global:ADMIN'); call base.defineContext('creating partner test-data ', null, 'superuser-alex@hostsharing.net', 'rbac.global#global:ADMIN');
call createHsOfficePartnerTestData('Hostsharing eG', 10001, 'First GmbH', 'first contact'); call hs_office.partner_create_test_data('Hostsharing eG', 10001, 'First GmbH', 'first contact');
call createHsOfficePartnerTestData('Hostsharing eG', 10002, 'Second e.K.', 'second contact'); call hs_office.partner_create_test_data('Hostsharing eG', 10002, 'Second e.K.', 'second contact');
call createHsOfficePartnerTestData('Hostsharing eG', 10003, 'Third OHG', 'third contact'); call hs_office.partner_create_test_data('Hostsharing eG', 10003, 'Third OHG', 'third contact');
call createHsOfficePartnerTestData('Hostsharing eG', 10004, 'Fourth eG', 'fourth contact'); call hs_office.partner_create_test_data('Hostsharing eG', 10004, 'Fourth eG', 'fourth contact');
call createHsOfficePartnerTestData('Hostsharing eG', 10010, 'Smith', 'fifth contact'); call hs_office.partner_create_test_data('Hostsharing eG', 10010, 'Smith', 'fifth contact');
end; end;
$$; $$;
--// --//

14
src/main/resources/db/changelog/5-hs-office/505-bankaccount/5053-hs-office-bankaccount-rbac.sql
View File

@ -12,7 +12,7 @@ call rbac.generateRelatedRbacObject('hs_office.bankaccount');
-- ============================================================================ -- ============================================================================
--changeset RbacRoleDescriptorsGenerator:hs-office-bankaccount-rbac-ROLE-DESCRIPTORS endDelimiter:--// --changeset RbacRoleDescriptorsGenerator:hs-office-bankaccount-rbac-ROLE-DESCRIPTORS endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call rbac.generateRbacRoleDescriptors('hsOfficeBankAccount', 'hs_office.bankaccount'); call rbac.generateRbacRoleDescriptors('hs_office.bankaccount');
--// --//
@ -35,22 +35,22 @@ begin
call rbac.enterTriggerForObjectUuid(NEW.uuid); call rbac.enterTriggerForObjectUuid(NEW.uuid);
perform rbac.defineRoleWithGrants( perform rbac.defineRoleWithGrants(
hsOfficeBankAccountOWNER(NEW), hs_office.bankaccount_OWNER(NEW),
permissions => array['DELETE'], permissions => array['DELETE'],
incomingSuperRoles => array[rbac.globalADMIN()], incomingSuperRoles => array[rbac.global_ADMIN()],
subjectUuids => array[rbac.currentSubjectUuid()] subjectUuids => array[rbac.currentSubjectUuid()]
); );
perform rbac.defineRoleWithGrants( perform rbac.defineRoleWithGrants(
hsOfficeBankAccountADMIN(NEW), hs_office.bankaccount_ADMIN(NEW),
permissions => array['UPDATE'], permissions => array['UPDATE'],
incomingSuperRoles => array[hsOfficeBankAccountOWNER(NEW)] incomingSuperRoles => array[hs_office.bankaccount_OWNER(NEW)]
); );
perform rbac.defineRoleWithGrants( perform rbac.defineRoleWithGrants(
hsOfficeBankAccountREFERRER(NEW), hs_office.bankaccount_REFERRER(NEW),
permissions => array['SELECT'], permissions => array['SELECT'],
incomingSuperRoles => array[hsOfficeBankAccountADMIN(NEW)] incomingSuperRoles => array[hs_office.bankaccount_ADMIN(NEW)]
); );
call rbac.leaveTriggerForObjectUuid(NEW.uuid); call rbac.leaveTriggerForObjectUuid(NEW.uuid);

18
src/main/resources/db/changelog/5-hs-office/505-bankaccount/5058-hs-office-bankaccount-test-data.sql
View File

@ -8,7 +8,7 @@
/* /*
Creates a single bankaccount test record. Creates a single bankaccount test record.
*/ */
create or replace procedure createHsOfficeBankAccountTestData(givenHolder varchar, givenIBAN varchar, givenBIC varchar) create or replace procedure hs_office.bankaccount_create_test_data(givenHolder varchar, givenIBAN varchar, givenBIC varchar)
language plpgsql as $$ language plpgsql as $$
declare declare
emailAddr varchar; emailAddr varchar;
@ -34,13 +34,13 @@ do language plpgsql $$
call base.defineContext('creating bankaccount test-data'); call base.defineContext('creating bankaccount test-data');
-- IBANs+BICs taken from https://ibanvalidieren.de/beispiele.html -- IBANs+BICs taken from https://ibanvalidieren.de/beispiele.html
call createHsOfficeBankAccountTestData('First GmbH', 'DE02120300000000202051', 'BYLADEM1001'); call hs_office.bankaccount_create_test_data('First GmbH', 'DE02120300000000202051', 'BYLADEM1001');
call createHsOfficeBankAccountTestData('Peter Smith', 'DE02500105170137075030', 'INGDDEFF'); call hs_office.bankaccount_create_test_data('Peter Smith', 'DE02500105170137075030', 'INGDDEFF');
call createHsOfficeBankAccountTestData('Second e.K.', 'DE02100500000054540402', 'BELADEBE'); call hs_office.bankaccount_create_test_data('Second e.K.', 'DE02100500000054540402', 'BELADEBE');
call createHsOfficeBankAccountTestData('Third OHG', 'DE02300209000106531065', 'CMCIDEDD'); call hs_office.bankaccount_create_test_data('Third OHG', 'DE02300209000106531065', 'CMCIDEDD');
call createHsOfficeBankAccountTestData('Fourth eG', 'DE02200505501015871393', 'HASPDEHH'); call hs_office.bankaccount_create_test_data('Fourth eG', 'DE02200505501015871393', 'HASPDEHH');
call createHsOfficeBankAccountTestData('Mel Bessler', 'DE02100100100006820101', 'PBNKDEFF'); call hs_office.bankaccount_create_test_data('Mel Bessler', 'DE02100100100006820101', 'PBNKDEFF');
call createHsOfficeBankAccountTestData('Anita Bessler', 'DE02300606010002474689', 'DAAEDEDD'); call hs_office.bankaccount_create_test_data('Anita Bessler', 'DE02300606010002474689', 'DAAEDEDD');
call createHsOfficeBankAccountTestData('Paul Winkler', 'DE02600501010002034304', 'SOLADEST600'); call hs_office.bankaccount_create_test_data('Paul Winkler', 'DE02600501010002034304', 'SOLADEST600');
end; end;
$$; $$;

30
src/main/resources/db/changelog/5-hs-office/506-debitor/5063-hs-office-debitor-rbac.sql
View File

@ -12,7 +12,7 @@ call rbac.generateRelatedRbacObject('hs_office.debitor');
-- ============================================================================ -- ============================================================================
--changeset RbacRoleDescriptorsGenerator:hs-office-debitor-rbac-ROLE-DESCRIPTORS endDelimiter:--// --changeset RbacRoleDescriptorsGenerator:hs-office-debitor-rbac-ROLE-DESCRIPTORS endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call rbac.generateRbacRoleDescriptors('hsOfficeDebitor', 'hs_office.debitor'); call rbac.generateRbacRoleDescriptors('hs_office.debitor');
--// --//
@ -51,15 +51,15 @@ begin
SELECT * FROM hs_office.bankaccount WHERE uuid = NEW.refundBankAccountUuid INTO newRefundBankAccount; SELECT * FROM hs_office.bankaccount WHERE uuid = NEW.refundBankAccountUuid INTO newRefundBankAccount;
call rbac.grantRoleToRole(hsOfficeBankAccountREFERRER(newRefundBankAccount), hsOfficeRelationAGENT(newDebitorRel)); call rbac.grantRoleToRole(hs_office.bankaccount_REFERRER(newRefundBankAccount), hs_office.relation_AGENT(newDebitorRel));
call rbac.grantRoleToRole(hsOfficeRelationADMIN(newDebitorRel), hsOfficeRelationADMIN(newPartnerRel)); call rbac.grantRoleToRole(hs_office.relation_ADMIN(newDebitorRel), hs_office.relation_ADMIN(newPartnerRel));
call rbac.grantRoleToRole(hsOfficeRelationAGENT(newDebitorRel), hsOfficeBankAccountADMIN(newRefundBankAccount)); call rbac.grantRoleToRole(hs_office.relation_AGENT(newDebitorRel), hs_office.bankaccount_ADMIN(newRefundBankAccount));
call rbac.grantRoleToRole(hsOfficeRelationAGENT(newDebitorRel), hsOfficeRelationAGENT(newPartnerRel)); call rbac.grantRoleToRole(hs_office.relation_AGENT(newDebitorRel), hs_office.relation_AGENT(newPartnerRel));
call rbac.grantRoleToRole(hsOfficeRelationTENANT(newPartnerRel), hsOfficeRelationAGENT(newDebitorRel)); call rbac.grantRoleToRole(hs_office.relation_TENANT(newPartnerRel), hs_office.relation_AGENT(newDebitorRel));
call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'DELETE'), hsOfficeRelationOWNER(newDebitorRel)); call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'DELETE'), hs_office.relation_OWNER(newDebitorRel));
call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'SELECT'), hsOfficeRelationTENANT(newDebitorRel)); call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'SELECT'), hs_office.relation_TENANT(newDebitorRel));
call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'UPDATE'), hsOfficeRelationADMIN(newDebitorRel)); call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'UPDATE'), hs_office.relation_ADMIN(newDebitorRel));
call rbac.leaveTriggerForObjectUuid(NEW.uuid); call rbac.leaveTriggerForObjectUuid(NEW.uuid);
end; $$; end; $$;
@ -146,7 +146,7 @@ do language plpgsql $$
LOOP LOOP
call rbac.grantPermissionToRole( call rbac.grantPermissionToRole(
rbac.createPermission(row.uuid, 'INSERT', 'hs_office.debitor'), rbac.createPermission(row.uuid, 'INSERT', 'hs_office.debitor'),
rbac.globalADMIN()); rbac.global_ADMIN());
END LOOP; END LOOP;
end; end;
$$; $$;
@ -154,7 +154,7 @@ $$;
/** /**
Grants hs_office.debitor INSERT permission to specified role of new global rows. Grants hs_office.debitor INSERT permission to specified role of new global rows.
*/ */
create or replace function hs_office.new_debitor_grants_insert_to_global_tf() create or replace function hs_office.debitor_grants_insert_to_global_tf()
returns trigger returns trigger
language plpgsql language plpgsql
strict as $$ strict as $$
@ -162,16 +162,16 @@ begin
-- unconditional for all rows in that table -- unconditional for all rows in that table
call rbac.grantPermissionToRole( call rbac.grantPermissionToRole(
rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office.debitor'), rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office.debitor'),
rbac.globalADMIN()); rbac.global_ADMIN());
-- end. -- end.
return NEW; return NEW;
end; $$; end; $$;
-- z_... is to put it at the end of after insert triggers, to make sure the roles exist -- ..._z_... is to put it at the end of after insert triggers, to make sure the roles exist
create trigger z_new_debitor_grants_after_insert_tg create trigger debitor_z_grants_after_insert_tg
after insert on rbac.global after insert on rbac.global
for each row for each row
execute procedure hs_office.new_debitor_grants_insert_to_global_tf(); execute procedure hs_office.debitor_grants_insert_to_global_tf();
-- ============================================================================ -- ============================================================================

8
src/main/resources/db/changelog/5-hs-office/506-debitor/5068-hs-office-debitor-test-data.sql
View File

@ -8,7 +8,7 @@
/* /*
Creates a single debitor test record. Creates a single debitor test record.
*/ */
create or replace procedure createHsOfficeDebitorTestData( create or replace procedure hs_office.debitor_create_test_data(
withDebitorNumberSuffix numeric(5), withDebitorNumberSuffix numeric(5),
forPartnerPersonName varchar, forPartnerPersonName varchar,
forBillingContactCaption varchar, forBillingContactCaption varchar,
@ -52,9 +52,9 @@ do language plpgsql $$
begin begin
call base.defineContext('creating debitor test-data', null, 'superuser-alex@hostsharing.net', 'rbac.global#global:ADMIN'); call base.defineContext('creating debitor test-data', null, 'superuser-alex@hostsharing.net', 'rbac.global#global:ADMIN');
call createHsOfficeDebitorTestData(11, 'First GmbH', 'first contact', 'fir'); call hs_office.debitor_create_test_data(11, 'First GmbH', 'first contact', 'fir');
call createHsOfficeDebitorTestData(12, 'Second e.K.', 'second contact', 'sec'); call hs_office.debitor_create_test_data(12, 'Second e.K.', 'second contact', 'sec');
call createHsOfficeDebitorTestData(13, 'Third OHG', 'third contact', 'thi'); call hs_office.debitor_create_test_data(13, 'Third OHG', 'third contact', 'thi');
end; end;
$$; $$;
--// --//

40
src/main/resources/db/changelog/5-hs-office/507-sepamandate/5073-hs-office-sepamandate-rbac.sql
View File

@ -12,7 +12,7 @@ call rbac.generateRelatedRbacObject('hs_office.sepamandate');
-- ============================================================================ -- ============================================================================
--changeset RbacRoleDescriptorsGenerator:hs-office-sepamandate-rbac-ROLE-DESCRIPTORS endDelimiter:--// --changeset RbacRoleDescriptorsGenerator:hs-office-sepamandate-rbac-ROLE-DESCRIPTORS endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call rbac.generateRbacRoleDescriptors('hsOfficeSepaMandate', 'hs_office.sepamandate'); call rbac.generateRbacRoleDescriptors('hs_office.sepamandate');
--// --//
@ -48,34 +48,34 @@ begin
perform rbac.defineRoleWithGrants( perform rbac.defineRoleWithGrants(
hsOfficeSepaMandateOWNER(NEW), hs_office.sepamandate_OWNER(NEW),
permissions => array['DELETE'], permissions => array['DELETE'],
incomingSuperRoles => array[rbac.globalADMIN()], incomingSuperRoles => array[rbac.global_ADMIN()],
subjectUuids => array[rbac.currentSubjectUuid()] subjectUuids => array[rbac.currentSubjectUuid()]
); );
perform rbac.defineRoleWithGrants( perform rbac.defineRoleWithGrants(
hsOfficeSepaMandateADMIN(NEW), hs_office.sepamandate_ADMIN(NEW),
permissions => array['UPDATE'], permissions => array['UPDATE'],
incomingSuperRoles => array[hsOfficeSepaMandateOWNER(NEW)] incomingSuperRoles => array[hs_office.sepamandate_OWNER(NEW)]
); );
perform rbac.defineRoleWithGrants( perform rbac.defineRoleWithGrants(
hsOfficeSepaMandateAGENT(NEW), hs_office.sepamandate_AGENT(NEW),
incomingSuperRoles => array[hsOfficeSepaMandateADMIN(NEW)], incomingSuperRoles => array[hs_office.sepamandate_ADMIN(NEW)],
outgoingSubRoles => array[ outgoingSubRoles => array[
hsOfficeBankAccountREFERRER(newBankAccount), hs_office.bankaccount_REFERRER(newBankAccount),
hsOfficeRelationAGENT(newDebitorRel)] hs_office.relation_AGENT(newDebitorRel)]
); );
perform rbac.defineRoleWithGrants( perform rbac.defineRoleWithGrants(
hsOfficeSepaMandateREFERRER(NEW), hs_office.sepamandate_REFERRER(NEW),
permissions => array['SELECT'], permissions => array['SELECT'],
incomingSuperRoles => array[ incomingSuperRoles => array[
hsOfficeBankAccountADMIN(newBankAccount), hs_office.bankaccount_ADMIN(newBankAccount),
hsOfficeRelationAGENT(newDebitorRel), hs_office.relation_AGENT(newDebitorRel),
hsOfficeSepaMandateAGENT(NEW)], hs_office.sepamandate_AGENT(NEW)],
outgoingSubRoles => array[hsOfficeRelationTENANT(newDebitorRel)] outgoingSubRoles => array[hs_office.relation_TENANT(newDebitorRel)]
); );
call rbac.leaveTriggerForObjectUuid(NEW.uuid); call rbac.leaveTriggerForObjectUuid(NEW.uuid);
@ -121,7 +121,7 @@ do language plpgsql $$
LOOP LOOP
call rbac.grantPermissionToRole( call rbac.grantPermissionToRole(
rbac.createPermission(row.uuid, 'INSERT', 'hs_office.sepamandate'), rbac.createPermission(row.uuid, 'INSERT', 'hs_office.sepamandate'),
hsOfficeRelationADMIN(row)); hs_office.relation_ADMIN(row));
END LOOP; END LOOP;
end; end;
$$; $$;
@ -129,7 +129,7 @@ $$;
/** /**
Grants hs_office.sepamandate INSERT permission to specified role of new relation rows. Grants hs_office.sepamandate INSERT permission to specified role of new relation rows.
*/ */
create or replace function hs_office.new_sepamandate_grants_insert_to_relation_tf() create or replace function hs_office.sepamandate_grants_insert_to_relation_tf()
returns trigger returns trigger
language plpgsql language plpgsql
strict as $$ strict as $$
@ -137,16 +137,16 @@ begin
if NEW.type = 'DEBITOR' then if NEW.type = 'DEBITOR' then
call rbac.grantPermissionToRole( call rbac.grantPermissionToRole(
rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office.sepamandate'), rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office.sepamandate'),
hsOfficeRelationADMIN(NEW)); hs_office.relation_ADMIN(NEW));
end if; end if;
return NEW; return NEW;
end; $$; end; $$;
-- z_... is to put it at the end of after insert triggers, to make sure the roles exist -- ..._z_... is to put it at the end of after insert triggers, to make sure the roles exist
create trigger z_new_sepamandate_grants_after_insert_tg create trigger sepamandate_z_grants_after_insert_tg
after insert on hs_office.relation after insert on hs_office.relation
for each row for each row
execute procedure hs_office.new_sepamandate_grants_insert_to_relation_tf(); execute procedure hs_office.sepamandate_grants_insert_to_relation_tf();
-- ============================================================================ -- ============================================================================

12
src/main/resources/db/changelog/5-hs-office/507-sepamandate/5076-hs-office-sepamandate-migration.sql
View File

@ -50,7 +50,7 @@ INSERT INTO hs_office.sepamandate_legacy_id(uuid, sepa_mandate_id)
-- ============================================================================ -- ============================================================================
--changeset michael.hoennig:hs-office-sepamandate-MIGRATION-insert-trigger endDelimiter:--// --changeset michael.hoennig:hs-office-sepamandate-MIGRATION-insert-trigger endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
create or replace function insertSepaMandateLegacyIdMapping() create or replace function hs_office.sepamandate_insert_legacy_id_mapping_tf()
returns trigger returns trigger
language plpgsql language plpgsql
strict as $$ strict as $$
@ -65,17 +65,17 @@ begin
return NEW; return NEW;
end; $$; end; $$;
create trigger createSepaMandateLegacyIdMapping create trigger insert_legacy_id_mapping_tg
after insert on hs_office.sepamandate after insert on hs_office.sepamandate
for each row for each row
execute procedure insertSepaMandateLegacyIdMapping(); execute procedure hs_office.sepamandate_insert_legacy_id_mapping_tf();
--/ --/
-- ============================================================================ -- ============================================================================
--changeset michael.hoennig:hs-office-sepamandate-MIGRATION-delete-trigger endDelimiter:--// --changeset michael.hoennig:hs-office-sepamandate-MIGRATION-delete-trigger endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
create or replace function deleteSepaMandateLegacyIdMapping() create or replace function hs_office.sepamandate_delete_legacy_id_mapping_tf()
returns trigger returns trigger
language plpgsql language plpgsql
strict as $$ strict as $$
@ -90,8 +90,8 @@ begin
return OLD; return OLD;
end; $$; end; $$;
create trigger removeSepaMandateLegacyIdMapping create trigger delete_legacy_id_mapping_tf
before delete on hs_office.sepamandate before delete on hs_office.sepamandate
for each row for each row
execute procedure deleteSepaMandateLegacyIdMapping(); execute procedure hs_office.sepamandate_delete_legacy_id_mapping_tf();
--/ --/

8
src/main/resources/db/changelog/5-hs-office/507-sepamandate/5078-hs-office-sepamandate-test-data.sql
View File

@ -8,7 +8,7 @@
/* /*
Creates a single sepaMandate test record. Creates a single sepaMandate test record.
*/ */
create or replace procedure createHsOfficeSepaMandateTestData( create or replace procedure hs_office.sepamandate_create_test_data(
forPartnerNumber numeric(5), forPartnerNumber numeric(5),
forDebitorSuffix char(2), forDebitorSuffix char(2),
forIban varchar, forIban varchar,
@ -45,9 +45,9 @@ do language plpgsql $$
begin begin
call base.defineContext('creating SEPA-mandate test-data', null, 'superuser-alex@hostsharing.net', 'rbac.global#global:ADMIN'); call base.defineContext('creating SEPA-mandate test-data', null, 'superuser-alex@hostsharing.net', 'rbac.global#global:ADMIN');
call createHsOfficeSepaMandateTestData(10001, '11', 'DE02120300000000202051', 'ref-10001-11'); call hs_office.sepamandate_create_test_data(10001, '11', 'DE02120300000000202051', 'ref-10001-11');
call createHsOfficeSepaMandateTestData(10002, '12', 'DE02100500000054540402', 'ref-10002-12'); call hs_office.sepamandate_create_test_data(10002, '12', 'DE02100500000054540402', 'ref-10002-12');
call createHsOfficeSepaMandateTestData(10003, '13', 'DE02300209000106531065', 'ref-10003-13'); call hs_office.sepamandate_create_test_data(10003, '13', 'DE02300209000106531065', 'ref-10003-13');
end; end;
$$; $$;
--// --//

6
src/main/resources/db/changelog/5-hs-office/510-membership/5100-hs-office-membership.sql
View File

@ -4,7 +4,7 @@
--changeset michael.hoennig:hs-office-membership-MAIN-TABLE endDelimiter:--// --changeset michael.hoennig:hs-office-membership-MAIN-TABLE endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
CREATE TYPE HsOfficeMembershipStatus AS ENUM ( CREATE TYPE hs_office.HsOfficeMembershipStatus AS ENUM (
'INVALID', 'INVALID',
'ACTIVE', 'ACTIVE',
'CANCELLED', 'CANCELLED',
@ -15,7 +15,7 @@ CREATE TYPE HsOfficeMembershipStatus AS ENUM (
'UNKNOWN' 'UNKNOWN'
); );
CREATE CAST (character varying as HsOfficeMembershipStatus) WITH INOUT AS IMPLICIT; CREATE CAST (character varying as hs_office.HsOfficeMembershipStatus) WITH INOUT AS IMPLICIT;
create table if not exists hs_office.membership create table if not exists hs_office.membership
( (
@ -24,7 +24,7 @@ create table if not exists hs_office.membership
partnerUuid uuid not null references hs_office.partner(uuid), partnerUuid uuid not null references hs_office.partner(uuid),
memberNumberSuffix char(2) not null check (memberNumberSuffix::text ~ '^[0-9][0-9]$'), memberNumberSuffix char(2) not null check (memberNumberSuffix::text ~ '^[0-9][0-9]$'),
validity daterange not null, validity daterange not null,
status HsOfficeMembershipStatus not null default 'ACTIVE', status hs_office.HsOfficeMembershipStatus not null default 'ACTIVE',
membershipFeeBillable boolean not null default true, membershipFeeBillable boolean not null default true,
UNIQUE(partnerUuid, memberNumberSuffix) UNIQUE(partnerUuid, memberNumberSuffix)

30
src/main/resources/db/changelog/5-hs-office/510-membership/5103-hs-office-membership-rbac.sql
View File

@ -12,7 +12,7 @@ call rbac.generateRelatedRbacObject('hs_office.membership');
-- ============================================================================ -- ============================================================================
--changeset RbacRoleDescriptorsGenerator:hs-office-membership-rbac-ROLE-DESCRIPTORS endDelimiter:--// --changeset RbacRoleDescriptorsGenerator:hs-office-membership-rbac-ROLE-DESCRIPTORS endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call rbac.generateRbacRoleDescriptors('hsOfficeMembership', 'hs_office.membership'); call rbac.generateRbacRoleDescriptors('hs_office.membership');
--// --//
@ -44,25 +44,25 @@ begin
perform rbac.defineRoleWithGrants( perform rbac.defineRoleWithGrants(
hsOfficeMembershipOWNER(NEW), hs_office.membership_OWNER(NEW),
subjectUuids => array[rbac.currentSubjectUuid()] subjectUuids => array[rbac.currentSubjectUuid()]
); );
perform rbac.defineRoleWithGrants( perform rbac.defineRoleWithGrants(
hsOfficeMembershipADMIN(NEW), hs_office.membership_ADMIN(NEW),
permissions => array['DELETE', 'UPDATE'], permissions => array['DELETE', 'UPDATE'],
incomingSuperRoles => array[ incomingSuperRoles => array[
hsOfficeMembershipOWNER(NEW), hs_office.membership_OWNER(NEW),
hsOfficeRelationADMIN(newPartnerRel)] hs_office.relation_ADMIN(newPartnerRel)]
); );
perform rbac.defineRoleWithGrants( perform rbac.defineRoleWithGrants(
hsOfficeMembershipAGENT(NEW), hs_office.membership_AGENT(NEW),
permissions => array['SELECT'], permissions => array['SELECT'],
incomingSuperRoles => array[ incomingSuperRoles => array[
hsOfficeMembershipADMIN(NEW), hs_office.membership_ADMIN(NEW),
hsOfficeRelationAGENT(newPartnerRel)], hs_office.relation_AGENT(newPartnerRel)],
outgoingSubRoles => array[hsOfficeRelationTENANT(newPartnerRel)] outgoingSubRoles => array[hs_office.relation_TENANT(newPartnerRel)]
); );
call rbac.leaveTriggerForObjectUuid(NEW.uuid); call rbac.leaveTriggerForObjectUuid(NEW.uuid);
@ -108,7 +108,7 @@ do language plpgsql $$
LOOP LOOP
call rbac.grantPermissionToRole( call rbac.grantPermissionToRole(
rbac.createPermission(row.uuid, 'INSERT', 'hs_office.membership'), rbac.createPermission(row.uuid, 'INSERT', 'hs_office.membership'),
rbac.globalADMIN()); rbac.global_ADMIN());
END LOOP; END LOOP;
end; end;
$$; $$;
@ -116,7 +116,7 @@ $$;
/** /**
Grants hs_office.membership INSERT permission to specified role of new global rows. Grants hs_office.membership INSERT permission to specified role of new global rows.
*/ */
create or replace function hs_office.new_membership_grants_insert_to_global_tf() create or replace function hs_office.membership_grants_insert_to_global_tf()
returns trigger returns trigger
language plpgsql language plpgsql
strict as $$ strict as $$
@ -124,16 +124,16 @@ begin
-- unconditional for all rows in that table -- unconditional for all rows in that table
call rbac.grantPermissionToRole( call rbac.grantPermissionToRole(
rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office.membership'), rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office.membership'),
rbac.globalADMIN()); rbac.global_ADMIN());
-- end. -- end.
return NEW; return NEW;
end; $$; end; $$;
-- z_... is to put it at the end of after insert triggers, to make sure the roles exist -- ..._z_... is to put it at the end of after insert triggers, to make sure the roles exist
create trigger z_new_membership_grants_after_insert_tg create trigger membership_z_grants_after_insert_tg
after insert on rbac.global after insert on rbac.global
for each row for each row
execute procedure hs_office.new_membership_grants_insert_to_global_tf(); execute procedure hs_office.membership_grants_insert_to_global_tf();
-- ============================================================================ -- ============================================================================

8
src/main/resources/db/changelog/5-hs-office/510-membership/5108-hs-office-membership-test-data.sql
View File

@ -8,7 +8,7 @@
/* /*
Creates a single membership test record. Creates a single membership test record.
*/ */
create or replace procedure createHsOfficeMembershipTestData( create or replace procedure hs_office.membership_create_test_data(
forPartnerNumber numeric(5), forPartnerNumber numeric(5),
newMemberNumberSuffix char(2) ) newMemberNumberSuffix char(2) )
language plpgsql as $$ language plpgsql as $$
@ -35,9 +35,9 @@ do language plpgsql $$
begin begin
call base.defineContext('creating Membership test-data', null, 'superuser-alex@hostsharing.net', 'rbac.global#global:ADMIN'); call base.defineContext('creating Membership test-data', null, 'superuser-alex@hostsharing.net', 'rbac.global#global:ADMIN');
call createHsOfficeMembershipTestData(10001, '01'); call hs_office.membership_create_test_data(10001, '01');
call createHsOfficeMembershipTestData(10002, '02'); call hs_office.membership_create_test_data(10002, '02');
call createHsOfficeMembershipTestData(10003, '03'); call hs_office.membership_create_test_data(10003, '03');
end; end;
$$; $$;
--// --//

22
src/main/resources/db/changelog/5-hs-office/511-coopshares/5110-hs-office-coopshares.sql
View File

@ -4,20 +4,20 @@
--changeset michael.hoennig:hs-office-coopshares-MAIN-TABLE endDelimiter:--// --changeset michael.hoennig:hs-office-coopshares-MAIN-TABLE endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
CREATE TYPE HsOfficeCoopSharesTransactionType AS ENUM ('ADJUSTMENT', 'SUBSCRIPTION', 'CANCELLATION'); CREATE TYPE hs_office.CoopSharesTransactionType AS ENUM ('ADJUSTMENT', 'SUBSCRIPTION', 'CANCELLATION');
CREATE CAST (character varying as HsOfficeCoopSharesTransactionType) WITH INOUT AS IMPLICIT; CREATE CAST (character varying as hs_office.CoopSharesTransactionType) WITH INOUT AS IMPLICIT;
create table if not exists hs_office.coopsharestransaction create table if not exists hs_office.coopsharetx
( (
uuid uuid unique references rbac.object (uuid) initially deferred, uuid uuid unique references rbac.object (uuid) initially deferred,
version int not null default 0, version int not null default 0,
membershipUuid uuid not null references hs_office.membership(uuid), membershipUuid uuid not null references hs_office.membership(uuid),
transactionType HsOfficeCoopSharesTransactionType not null, transactionType hs_office.CoopSharesTransactionType not null,
valueDate date not null, valueDate date not null,
shareCount integer not null, shareCount integer not null,
reference varchar(48) not null, reference varchar(48) not null,
adjustedShareTxUuid uuid unique REFERENCES hs_office.coopsharestransaction(uuid) DEFERRABLE INITIALLY DEFERRED, adjustedShareTxUuid uuid unique REFERENCES hs_office.coopsharetx(uuid) DEFERRABLE INITIALLY DEFERRED,
comment varchar(512) comment varchar(512)
); );
--// --//
@ -26,7 +26,7 @@ create table if not exists hs_office.coopsharestransaction
--changeset michael.hoennig:hs-office-coopshares-BUSINESS-RULES endDelimiter:--// --changeset michael.hoennig:hs-office-coopshares-BUSINESS-RULES endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
alter table hs_office.coopsharestransaction alter table hs_office.coopsharetx
add constraint reverse_entry_missing add constraint reverse_entry_missing
check ( transactionType = 'ADJUSTMENT' and adjustedShareTxUuid is not null check ( transactionType = 'ADJUSTMENT' and adjustedShareTxUuid is not null
or transactionType <> 'ADJUSTMENT' and adjustedShareTxUuid is null); or transactionType <> 'ADJUSTMENT' and adjustedShareTxUuid is null);
@ -36,7 +36,7 @@ alter table hs_office.coopsharestransaction
--changeset michael.hoennig:hs-office-coopshares-SHARE-COUNT-CONSTRAINT endDelimiter:--// --changeset michael.hoennig:hs-office-coopshares-SHARE-COUNT-CONSTRAINT endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
create or replace function checkSharesByMembershipUuid(forMembershipUuid UUID, newShareCount integer) create or replace function hs_office.coopsharestx_check_positive_total(forMembershipUuid UUID, newShareCount integer)
returns boolean returns boolean
language plpgsql as $$ language plpgsql as $$
declare declare
@ -44,7 +44,7 @@ declare
totalShareCount integer; totalShareCount integer;
begin begin
select sum(cst.shareCount) select sum(cst.shareCount)
from hs_office.coopsharestransaction cst from hs_office.coopsharetx cst
where cst.membershipUuid = forMembershipUuid where cst.membershipUuid = forMembershipUuid
into currentShareCount; into currentShareCount;
totalShareCount := currentShareCount + newShareCount; totalShareCount := currentShareCount + newShareCount;
@ -54,9 +54,9 @@ begin
return true; return true;
end; $$; end; $$;
alter table hs_office.coopsharestransaction alter table hs_office.coopsharetx
add constraint check_positive_total_shares_count add constraint check_positive_total_shares_count
check ( checkSharesByMembershipUuid(membershipUuid, shareCount) ); check ( hs_office.coopsharestx_check_positive_total(membershipUuid, shareCount) );
--// --//
@ -64,5 +64,5 @@ alter table hs_office.coopsharestransaction
--changeset michael.hoennig:hs-office-coopshares-MAIN-TABLE-JOURNAL endDelimiter:--// --changeset michael.hoennig:hs-office-coopshares-MAIN-TABLE-JOURNAL endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call base.create_journal('hs_office.coopsharestransaction'); call base.create_journal('hs_office.coopsharetx');
--// --//

76
src/main/resources/db/changelog/5-hs-office/511-coopshares/5113-hs-office-coopshares-rbac.sql
View File

@ -3,29 +3,29 @@
-- ============================================================================ -- ============================================================================
--changeset RbacObjectGenerator:hs-office-coopsharestransaction-rbac-OBJECT endDelimiter:--// --changeset RbacObjectGenerator:hs-office-coopsharetx-rbac-OBJECT endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call rbac.generateRelatedRbacObject('hs_office.coopsharestransaction'); call rbac.generateRelatedRbacObject('hs_office.coopsharetx');
--// --//
-- ============================================================================ -- ============================================================================
--changeset RbacRoleDescriptorsGenerator:hs-office-coopsharestransaction-rbac-ROLE-DESCRIPTORS endDelimiter:--// --changeset RbacRoleDescriptorsGenerator:hs-office-coopsharetx-rbac-ROLE-DESCRIPTORS endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call rbac.generateRbacRoleDescriptors('hsOfficeCoopSharesTransaction', 'hs_office.coopsharestransaction'); call rbac.generateRbacRoleDescriptors('hs_office.coopsharetx');
--// --//
-- ============================================================================ -- ============================================================================
--changeset RolesGrantsAndPermissionsGenerator:hs-office-coopsharestransaction-rbac-insert-trigger endDelimiter:--// --changeset RolesGrantsAndPermissionsGenerator:hs-office-coopsharetx-rbac-insert-trigger endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
/* /*
Creates the roles, grants and permission for the AFTER INSERT TRIGGER. Creates the roles, grants and permission for the AFTER INSERT TRIGGER.
*/ */
create or replace procedure hs_office.coopsharestransaction_build_rbac_system( create or replace procedure hs_office.coopsharetx_build_rbac_system(
NEW hs_office.coopsharestransaction NEW hs_office.coopsharetx
) )
language plpgsql as $$ language plpgsql as $$
@ -38,114 +38,114 @@ begin
SELECT * FROM hs_office.membership WHERE uuid = NEW.membershipUuid INTO newMembership; SELECT * FROM hs_office.membership WHERE uuid = NEW.membershipUuid INTO newMembership;
assert newMembership.uuid is not null, format('newMembership must not be null for NEW.membershipUuid = %s', NEW.membershipUuid); assert newMembership.uuid is not null, format('newMembership must not be null for NEW.membershipUuid = %s', NEW.membershipUuid);
call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'SELECT'), hsOfficeMembershipAGENT(newMembership)); call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'SELECT'), hs_office.membership_AGENT(newMembership));
call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'UPDATE'), hsOfficeMembershipADMIN(newMembership)); call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'UPDATE'), hs_office.membership_ADMIN(newMembership));
call rbac.leaveTriggerForObjectUuid(NEW.uuid); call rbac.leaveTriggerForObjectUuid(NEW.uuid);
end; $$; end; $$;
/* /*
AFTER INSERT TRIGGER to create the role+grant structure for a new hs_office.coopsharestransaction row. AFTER INSERT TRIGGER to create the role+grant structure for a new hs_office.coopsharetx row.
*/ */
create or replace function hs_office.coopsharestransaction_build_rbac_system_after_insert_tf() create or replace function hs_office.coopsharetx_build_rbac_system_after_insert_tf()
returns trigger returns trigger
language plpgsql language plpgsql
strict as $$ strict as $$
begin begin
call hs_office.coopsharestransaction_build_rbac_system(NEW); call hs_office.coopsharetx_build_rbac_system(NEW);
return NEW; return NEW;
end; $$; end; $$;
create trigger build_rbac_system_after_insert_tg create trigger build_rbac_system_after_insert_tg
after insert on hs_office.coopsharestransaction after insert on hs_office.coopsharetx
for each row for each row
execute procedure hs_office.coopsharestransaction_build_rbac_system_after_insert_tf(); execute procedure hs_office.coopsharetx_build_rbac_system_after_insert_tf();
--// --//
-- ============================================================================ -- ============================================================================
--changeset InsertTriggerGenerator:hs-office-coopsharestransaction-rbac-GRANTING-INSERT-PERMISSION endDelimiter:--// --changeset InsertTriggerGenerator:hs-office-coopsharetx-rbac-GRANTING-INSERT-PERMISSION endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
-- granting INSERT permission to hs_office.membership ---------------------------- -- granting INSERT permission to hs_office.membership ----------------------------
/* /*
Grants INSERT INTO hs_office.coopsharestransaction permissions to specified role of pre-existing hs_office.membership rows. Grants INSERT INTO hs_office.coopsharetx permissions to specified role of pre-existing hs_office.membership rows.
*/ */
do language plpgsql $$ do language plpgsql $$
declare declare
row hs_office.membership; row hs_office.membership;
begin begin
call base.defineContext('create INSERT INTO hs_office.coopsharestransaction permissions for pre-exising hs_office.membership rows'); call base.defineContext('create INSERT INTO hs_office.coopsharetx permissions for pre-exising hs_office.membership rows');
FOR row IN SELECT * FROM hs_office.membership FOR row IN SELECT * FROM hs_office.membership
-- unconditional for all rows in that table -- unconditional for all rows in that table
LOOP LOOP
call rbac.grantPermissionToRole( call rbac.grantPermissionToRole(
rbac.createPermission(row.uuid, 'INSERT', 'hs_office.coopsharestransaction'), rbac.createPermission(row.uuid, 'INSERT', 'hs_office.coopsharetx'),
hsOfficeMembershipADMIN(row)); hs_office.membership_ADMIN(row));
END LOOP; END LOOP;
end; end;
$$; $$;
/** /**
Grants hs_office.coopsharestransaction INSERT permission to specified role of new membership rows. Grants hs_office.coopsharetx INSERT permission to specified role of new membership rows.
*/ */
create or replace function hs_office.new_coopsharetx_grants_insert_to_membership_tf() create or replace function hs_office.coopsharetx_grants_insert_to_membership_tf()
returns trigger returns trigger
language plpgsql language plpgsql
strict as $$ strict as $$
begin begin
-- unconditional for all rows in that table -- unconditional for all rows in that table
call rbac.grantPermissionToRole( call rbac.grantPermissionToRole(
rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office.coopsharestransaction'), rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office.coopsharetx'),
hsOfficeMembershipADMIN(NEW)); hs_office.membership_ADMIN(NEW));
-- end. -- end.
return NEW; return NEW;
end; $$; end; $$;
-- z_... is to put it at the end of after insert triggers, to make sure the roles exist -- ..._z_... is to put it at the end of after insert triggers, to make sure the roles exist
create trigger z_new_coopsharestransaction_grants_after_insert_tg create trigger coopsharetx_z_grants_after_insert_tg
after insert on hs_office.membership after insert on hs_office.membership
for each row for each row
execute procedure hs_office.new_coopsharetx_grants_insert_to_membership_tf(); execute procedure hs_office.coopsharetx_grants_insert_to_membership_tf();
-- ============================================================================ -- ============================================================================
--changeset InsertTriggerGenerator:hs-office-coopsharestransaction-rbac-CHECKING-INSERT-PERMISSION endDelimiter:--// --changeset InsertTriggerGenerator:hs-office-coopsharetx-rbac-CHECKING-INSERT-PERMISSION endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
/** /**
Checks if the user respectively the assumed roles are allowed to insert a row to hs_office.coopsharestransaction. Checks if the user respectively the assumed roles are allowed to insert a row to hs_office.coopsharetx.
*/ */
create or replace function hs_office.coopsharestransaction_insert_permission_check_tf() create or replace function hs_office.coopsharetx_insert_permission_check_tf()
returns trigger returns trigger
language plpgsql as $$ language plpgsql as $$
declare declare
superObjectUuid uuid; superObjectUuid uuid;
begin begin
-- check INSERT permission via direct foreign key: NEW.membershipUuid -- check INSERT permission via direct foreign key: NEW.membershipUuid
if rbac.hasInsertPermission(NEW.membershipUuid, 'hs_office.coopsharestransaction') then if rbac.hasInsertPermission(NEW.membershipUuid, 'hs_office.coopsharetx') then
return NEW; return NEW;
end if; end if;
raise exception '[403] insert into hs_office.coopsharestransaction values(%) not allowed for current subjects % (%)', raise exception '[403] insert into hs_office.coopsharetx values(%) not allowed for current subjects % (%)',
NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
end; $$; end; $$;
create trigger coopsharestransaction_insert_permission_check_tg create trigger coopsharetx_insert_permission_check_tg
before insert on hs_office.coopsharestransaction before insert on hs_office.coopsharetx
for each row for each row
execute procedure hs_office.coopsharestransaction_insert_permission_check_tf(); execute procedure hs_office.coopsharetx_insert_permission_check_tf();
--// --//
-- ============================================================================ -- ============================================================================
--changeset RbacIdentityViewGenerator:hs-office-coopsharestransaction-rbac-IDENTITY-VIEW endDelimiter:--// --changeset RbacIdentityViewGenerator:hs-office-coopsharetx-rbac-IDENTITY-VIEW endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call rbac.generateRbacIdentityViewFromProjection('hs_office.coopsharestransaction', call rbac.generateRbacIdentityViewFromProjection('hs_office.coopsharetx',
$idName$ $idName$
reference reference
$idName$); $idName$);
@ -153,9 +153,9 @@ call rbac.generateRbacIdentityViewFromProjection('hs_office.coopsharestransactio
-- ============================================================================ -- ============================================================================
--changeset RbacRestrictedViewGenerator:hs-office-coopsharestransaction-rbac-RESTRICTED-VIEW endDelimiter:--// --changeset RbacRestrictedViewGenerator:hs-office-coopsharetx-rbac-RESTRICTED-VIEW endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call rbac.generateRbacRestrictedView('hs_office.coopsharestransaction', call rbac.generateRbacRestrictedView('hs_office.coopsharetx',
$orderBy$ $orderBy$
reference reference
$orderBy$, $orderBy$,

20
src/main/resources/db/changelog/5-hs-office/511-coopshares/5116-hs-office-coopshares-migration.sql
View File

@ -9,7 +9,7 @@
CREATE TABLE hs_office.coopsharestransaction_legacy_id CREATE TABLE hs_office.coopsharestransaction_legacy_id
( (
uuid uuid NOT NULL REFERENCES hs_office.coopsharestransaction(uuid), uuid uuid NOT NULL REFERENCES hs_office.coopsharetx(uuid),
member_share_id integer NOT NULL member_share_id integer NOT NULL
); );
--// --//
@ -42,14 +42,14 @@ ALTER TABLE hs_office.coopsharestransaction_legacy_id
CALL base.defineContext('schema-migration'); CALL base.defineContext('schema-migration');
INSERT INTO hs_office.coopsharestransaction_legacy_id(uuid, member_share_id) INSERT INTO hs_office.coopsharestransaction_legacy_id(uuid, member_share_id)
SELECT uuid, nextVal('hs_office.coopsharestransaction_legacy_id_seq') FROM hs_office.coopsharestransaction; SELECT uuid, nextVal('hs_office.coopsharestransaction_legacy_id_seq') FROM hs_office.coopsharetx;
--/ --/
-- ============================================================================ -- ============================================================================
--changeset michael.hoennig:hs-office-coopShares-MIGRATION-insert-trigger endDelimiter:--// --changeset michael.hoennig:hs-office-coopShares-MIGRATION-insert-trigger endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
create or replace function insertCoopSharesLegacyIdMapping() create or replace function hs_office.coopsharetx_insert_legacy_id_mapping_tf()
returns trigger returns trigger
language plpgsql language plpgsql
strict as $$ strict as $$
@ -64,17 +64,17 @@ begin
return NEW; return NEW;
end; $$; end; $$;
create trigger createCoopSharesLegacyIdMapping create trigger insert_legacy_id_mapping_tg
after insert on hs_office.coopsharestransaction after insert on hs_office.coopsharetx
for each row for each row
execute procedure insertCoopSharesLegacyIdMapping(); execute procedure hs_office.coopsharetx_insert_legacy_id_mapping_tf();
--/ --/
-- ============================================================================ -- ============================================================================
--changeset michael.hoennig:hs-office-coopShares-MIGRATION-delete-trigger endDelimiter:--// --changeset michael.hoennig:hs-office-coopShares-MIGRATION-delete-trigger endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
create or replace function deleteCoopSharesLegacyIdMapping() create or replace function hs_office.coopsharetx_delete_legacy_id_mapping_tf()
returns trigger returns trigger
language plpgsql language plpgsql
strict as $$ strict as $$
@ -89,8 +89,8 @@ begin
return OLD; return OLD;
end; $$; end; $$;
create trigger removeCoopSharesLegacyIdMapping create trigger delete_legacy_id_mapping_tg
before delete on hs_office.coopsharestransaction before delete on hs_office.coopsharetx
for each row for each row
execute procedure deleteCoopSharesLegacyIdMapping(); execute procedure hs_office.coopsharetx_delete_legacy_id_mapping_tf();
--/ --/

10
src/main/resources/db/changelog/5-hs-office/511-coopshares/5118-hs-office-coopshares-test-data.sql
View File

@ -8,7 +8,7 @@
/* /*
Creates a single coopSharesTransaction test record. Creates a single coopSharesTransaction test record.
*/ */
create or replace procedure createHsOfficeCoopSharesTransactionTestData( create or replace procedure hs_office.coopsharetx_create_test_data(
givenPartnerNumber numeric, givenPartnerNumber numeric,
givenMemberNumberSuffix char(2) givenMemberNumberSuffix char(2)
) )
@ -27,7 +27,7 @@ begin
raise notice 'creating test coopSharesTransaction: %', givenPartnerNumber::text || givenMemberNumberSuffix; raise notice 'creating test coopSharesTransaction: %', givenPartnerNumber::text || givenMemberNumberSuffix;
subscriptionEntryUuid := uuid_generate_v4(); subscriptionEntryUuid := uuid_generate_v4();
insert insert
into hs_office.coopsharestransaction(uuid, membershipuuid, transactiontype, valuedate, sharecount, reference, comment, adjustedShareTxUuid) into hs_office.coopsharetx(uuid, membershipuuid, transactiontype, valuedate, sharecount, reference, comment, adjustedShareTxUuid)
values values
(uuid_generate_v4(), membership.uuid, 'SUBSCRIPTION', '2010-03-15', 4, 'ref '||givenPartnerNumber::text || givenMemberNumberSuffix||'-1', 'initial subscription', null), (uuid_generate_v4(), membership.uuid, 'SUBSCRIPTION', '2010-03-15', 4, 'ref '||givenPartnerNumber::text || givenMemberNumberSuffix||'-1', 'initial subscription', null),
(uuid_generate_v4(), membership.uuid, 'CANCELLATION', '2021-09-01', -2, 'ref '||givenPartnerNumber::text || givenMemberNumberSuffix||'-2', 'cancelling some', null), (uuid_generate_v4(), membership.uuid, 'CANCELLATION', '2021-09-01', -2, 'ref '||givenPartnerNumber::text || givenMemberNumberSuffix||'-2', 'cancelling some', null),
@ -46,8 +46,8 @@ do language plpgsql $$
call base.defineContext('creating coopSharesTransaction test-data'); call base.defineContext('creating coopSharesTransaction test-data');
SET CONSTRAINTS ALL DEFERRED; SET CONSTRAINTS ALL DEFERRED;
call createHsOfficeCoopSharesTransactionTestData(10001, '01'); call hs_office.coopsharetx_create_test_data(10001, '01');
call createHsOfficeCoopSharesTransactionTestData(10002, '02'); call hs_office.coopsharetx_create_test_data(10002, '02');
call createHsOfficeCoopSharesTransactionTestData(10003, '03'); call hs_office.coopsharetx_create_test_data(10003, '03');
end; end;
$$; $$;

22
src/main/resources/db/changelog/5-hs-office/512-coopassets/5120-hs-office-coopassets.sql
View File

@ -4,7 +4,7 @@
--changeset michael.hoennig:hs-office-coopassets-MAIN-TABLE endDelimiter:--// --changeset michael.hoennig:hs-office-coopassets-MAIN-TABLE endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
CREATE TYPE HsOfficeCoopAssetsTransactionType AS ENUM ('ADJUSTMENT', CREATE TYPE hs_office.CoopAssetsTransactionType AS ENUM ('ADJUSTMENT',
'DEPOSIT', 'DEPOSIT',
'DISBURSAL', 'DISBURSAL',
'TRANSFER', 'TRANSFER',
@ -13,18 +13,18 @@ CREATE TYPE HsOfficeCoopAssetsTransactionType AS ENUM ('ADJUSTMENT',
'LOSS', 'LOSS',
'LIMITATION'); 'LIMITATION');
CREATE CAST (character varying as HsOfficeCoopAssetsTransactionType) WITH INOUT AS IMPLICIT; CREATE CAST (character varying as hs_office.CoopAssetsTransactionType) WITH INOUT AS IMPLICIT;
create table if not exists hs_office.coopassetstransaction create table if not exists hs_office.coopassettx
( (
uuid uuid unique references rbac.object (uuid) initially deferred, uuid uuid unique references rbac.object (uuid) initially deferred,
version int not null default 0, version int not null default 0,
membershipUuid uuid not null references hs_office.membership(uuid), membershipUuid uuid not null references hs_office.membership(uuid),
transactionType HsOfficeCoopAssetsTransactionType not null, transactionType hs_office.CoopAssetsTransactionType not null,
valueDate date not null, valueDate date not null,
assetValue money not null, assetValue money not null,
reference varchar(48) not null, reference varchar(48) not null,
adjustedAssetTxUuid uuid unique REFERENCES hs_office.coopassetstransaction(uuid) DEFERRABLE INITIALLY DEFERRED, adjustedAssetTxUuid uuid unique REFERENCES hs_office.coopassettx(uuid) DEFERRABLE INITIALLY DEFERRED,
comment varchar(512) comment varchar(512)
); );
--// --//
@ -34,7 +34,7 @@ create table if not exists hs_office.coopassetstransaction
--changeset michael.hoennig:hs-office-coopassets-BUSINESS-RULES endDelimiter:--// --changeset michael.hoennig:hs-office-coopassets-BUSINESS-RULES endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
alter table hs_office.coopassetstransaction alter table hs_office.coopassettx
add constraint reverse_entry_missing add constraint reverse_entry_missing
check ( transactionType = 'ADJUSTMENT' and adjustedAssetTxUuid is not null check ( transactionType = 'ADJUSTMENT' and adjustedAssetTxUuid is not null
or transactionType <> 'ADJUSTMENT' and adjustedAssetTxUuid is null); or transactionType <> 'ADJUSTMENT' and adjustedAssetTxUuid is null);
@ -44,7 +44,7 @@ alter table hs_office.coopassetstransaction
--changeset michael.hoennig:hs-office-coopassets-ASSET-VALUE-CONSTRAINT endDelimiter:--// --changeset michael.hoennig:hs-office-coopassets-ASSET-VALUE-CONSTRAINT endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
create or replace function checkAssetsByMembershipUuid(forMembershipUuid UUID, newAssetValue money) create or replace function hs_office.coopassetstx_check_positive_total(forMembershipUuid UUID, newAssetValue money)
returns boolean returns boolean
language plpgsql as $$ language plpgsql as $$
declare declare
@ -52,7 +52,7 @@ declare
totalAssetValue money; totalAssetValue money;
begin begin
select sum(cat.assetValue) select sum(cat.assetValue)
from hs_office.coopassetstransaction cat from hs_office.coopassettx cat
where cat.membershipUuid = forMembershipUuid where cat.membershipUuid = forMembershipUuid
into currentAssetValue; into currentAssetValue;
totalAssetValue := currentAssetValue + newAssetValue; totalAssetValue := currentAssetValue + newAssetValue;
@ -62,9 +62,9 @@ begin
return true; return true;
end; $$; end; $$;
alter table hs_office.coopassetstransaction alter table hs_office.coopassettx
add constraint check_positive_total add constraint check_positive_total
check ( checkAssetsByMembershipUuid(membershipUuid, assetValue) ); check ( hs_office.coopassetstx_check_positive_total(membershipUuid, assetValue) );
--// --//
@ -72,5 +72,5 @@ alter table hs_office.coopassetstransaction
--changeset michael.hoennig:hs-office-coopassets-MAIN-TABLE-JOURNAL endDelimiter:--// --changeset michael.hoennig:hs-office-coopassets-MAIN-TABLE-JOURNAL endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call base.create_journal('hs_office.coopassetstransaction'); call base.create_journal('hs_office.coopassettx');
--// --//

76
src/main/resources/db/changelog/5-hs-office/512-coopassets/5123-hs-office-coopassets-rbac.sql
View File

@ -3,29 +3,29 @@
-- ============================================================================ -- ============================================================================
--changeset RbacObjectGenerator:hs-office-coopassetstransaction-rbac-OBJECT endDelimiter:--// --changeset RbacObjectGenerator:hs-office-coopassettx-rbac-OBJECT endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call rbac.generateRelatedRbacObject('hs_office.coopassetstransaction'); call rbac.generateRelatedRbacObject('hs_office.coopassettx');
--// --//
-- ============================================================================ -- ============================================================================
--changeset RbacRoleDescriptorsGenerator:hs-office-coopassetstransaction-rbac-ROLE-DESCRIPTORS endDelimiter:--// --changeset RbacRoleDescriptorsGenerator:hs-office-coopassettx-rbac-ROLE-DESCRIPTORS endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call rbac.generateRbacRoleDescriptors('hsOfficeCoopAssetsTransaction', 'hs_office.coopassetstransaction'); call rbac.generateRbacRoleDescriptors('hs_office.coopassettx');
--// --//
-- ============================================================================ -- ============================================================================
--changeset RolesGrantsAndPermissionsGenerator:hs-office-coopassetstransaction-rbac-insert-trigger endDelimiter:--// --changeset RolesGrantsAndPermissionsGenerator:hs-office-coopassettx-rbac-insert-trigger endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
/* /*
Creates the roles, grants and permission for the AFTER INSERT TRIGGER. Creates the roles, grants and permission for the AFTER INSERT TRIGGER.
*/ */
create or replace procedure hs_office.coopassetstransaction_build_rbac_system( create or replace procedure hs_office.coopassettx_build_rbac_system(
NEW hs_office.coopassetstransaction NEW hs_office.coopassettx
) )
language plpgsql as $$ language plpgsql as $$
@ -38,114 +38,114 @@ begin
SELECT * FROM hs_office.membership WHERE uuid = NEW.membershipUuid INTO newMembership; SELECT * FROM hs_office.membership WHERE uuid = NEW.membershipUuid INTO newMembership;
assert newMembership.uuid is not null, format('newMembership must not be null for NEW.membershipUuid = %s', NEW.membershipUuid); assert newMembership.uuid is not null, format('newMembership must not be null for NEW.membershipUuid = %s', NEW.membershipUuid);
call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'SELECT'), hsOfficeMembershipAGENT(newMembership)); call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'SELECT'), hs_office.membership_AGENT(newMembership));
call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'UPDATE'), hsOfficeMembershipADMIN(newMembership)); call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'UPDATE'), hs_office.membership_ADMIN(newMembership));
call rbac.leaveTriggerForObjectUuid(NEW.uuid); call rbac.leaveTriggerForObjectUuid(NEW.uuid);
end; $$; end; $$;
/* /*
AFTER INSERT TRIGGER to create the role+grant structure for a new hs_office.coopassetstransaction row. AFTER INSERT TRIGGER to create the role+grant structure for a new hs_office.coopassettx row.
*/ */
create or replace function hs_office.coopassetstransaction_build_rbac_system_after_insert_tf() create or replace function hs_office.coopassettx_build_rbac_system_after_insert_tf()
returns trigger returns trigger
language plpgsql language plpgsql
strict as $$ strict as $$
begin begin
call hs_office.coopassetstransaction_build_rbac_system(NEW); call hs_office.coopassettx_build_rbac_system(NEW);
return NEW; return NEW;
end; $$; end; $$;
create trigger build_rbac_system_after_insert_tg create trigger build_rbac_system_after_insert_tg
after insert on hs_office.coopassetstransaction after insert on hs_office.coopassettx
for each row for each row
execute procedure hs_office.coopassetstransaction_build_rbac_system_after_insert_tf(); execute procedure hs_office.coopassettx_build_rbac_system_after_insert_tf();
--// --//
-- ============================================================================ -- ============================================================================
--changeset InsertTriggerGenerator:hs-office-coopassetstransaction-rbac-GRANTING-INSERT-PERMISSION endDelimiter:--// --changeset InsertTriggerGenerator:hs-office-coopassettx-rbac-GRANTING-INSERT-PERMISSION endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
-- granting INSERT permission to hs_office.membership ---------------------------- -- granting INSERT permission to hs_office.membership ----------------------------
/* /*
Grants INSERT INTO hs_office.coopassetstransaction permissions to specified role of pre-existing hs_office.membership rows. Grants INSERT INTO hs_office.coopassettx permissions to specified role of pre-existing hs_office.membership rows.
*/ */
do language plpgsql $$ do language plpgsql $$
declare declare
row hs_office.membership; row hs_office.membership;
begin begin
call base.defineContext('create INSERT INTO hs_office.coopassetstransaction permissions for pre-exising hs_office.membership rows'); call base.defineContext('create INSERT INTO hs_office.coopassettx permissions for pre-exising hs_office.membership rows');
FOR row IN SELECT * FROM hs_office.membership FOR row IN SELECT * FROM hs_office.membership
-- unconditional for all rows in that table -- unconditional for all rows in that table
LOOP LOOP
call rbac.grantPermissionToRole( call rbac.grantPermissionToRole(
rbac.createPermission(row.uuid, 'INSERT', 'hs_office.coopassetstransaction'), rbac.createPermission(row.uuid, 'INSERT', 'hs_office.coopassettx'),
hsOfficeMembershipADMIN(row)); hs_office.membership_ADMIN(row));
END LOOP; END LOOP;
end; end;
$$; $$;
/** /**
Grants hs_office.coopassetstransaction INSERT permission to specified role of new membership rows. Grants hs_office.coopassettx INSERT permission to specified role of new membership rows.
*/ */
create or replace function hs_office.new_coopassettx_grants_insert_to_membership_tf() create or replace function hs_office.coopassettx_grants_insert_to_membership_tf()
returns trigger returns trigger
language plpgsql language plpgsql
strict as $$ strict as $$
begin begin
-- unconditional for all rows in that table -- unconditional for all rows in that table
call rbac.grantPermissionToRole( call rbac.grantPermissionToRole(
rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office.coopassetstransaction'), rbac.createPermission(NEW.uuid, 'INSERT', 'hs_office.coopassettx'),
hsOfficeMembershipADMIN(NEW)); hs_office.membership_ADMIN(NEW));
-- end. -- end.
return NEW; return NEW;
end; $$; end; $$;
-- z_... is to put it at the end of after insert triggers, to make sure the roles exist -- ..._z_... is to put it at the end of after insert triggers, to make sure the roles exist
create trigger z_new_coopassetstransaction_grants_after_insert_tg create trigger coopassettx_z_grants_after_insert_tg
after insert on hs_office.membership after insert on hs_office.membership
for each row for each row
execute procedure hs_office.new_coopassettx_grants_insert_to_membership_tf(); execute procedure hs_office.coopassettx_grants_insert_to_membership_tf();
-- ============================================================================ -- ============================================================================
--changeset InsertTriggerGenerator:hs-office-coopassetstransaction-rbac-CHECKING-INSERT-PERMISSION endDelimiter:--// --changeset InsertTriggerGenerator:hs-office-coopassettx-rbac-CHECKING-INSERT-PERMISSION endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
/** /**
Checks if the user respectively the assumed roles are allowed to insert a row to hs_office.coopassetstransaction. Checks if the user respectively the assumed roles are allowed to insert a row to hs_office.coopassettx.
*/ */
create or replace function hs_office.coopassetstransaction_insert_permission_check_tf() create or replace function hs_office.coopassettx_insert_permission_check_tf()
returns trigger returns trigger
language plpgsql as $$ language plpgsql as $$
declare declare
superObjectUuid uuid; superObjectUuid uuid;
begin begin
-- check INSERT permission via direct foreign key: NEW.membershipUuid -- check INSERT permission via direct foreign key: NEW.membershipUuid
if rbac.hasInsertPermission(NEW.membershipUuid, 'hs_office.coopassetstransaction') then if rbac.hasInsertPermission(NEW.membershipUuid, 'hs_office.coopassettx') then
return NEW; return NEW;
end if; end if;
raise exception '[403] insert into hs_office.coopassetstransaction values(%) not allowed for current subjects % (%)', raise exception '[403] insert into hs_office.coopassettx values(%) not allowed for current subjects % (%)',
NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
end; $$; end; $$;
create trigger coopassetstransaction_insert_permission_check_tg create trigger coopassettx_insert_permission_check_tg
before insert on hs_office.coopassetstransaction before insert on hs_office.coopassettx
for each row for each row
execute procedure hs_office.coopassetstransaction_insert_permission_check_tf(); execute procedure hs_office.coopassettx_insert_permission_check_tf();
--// --//
-- ============================================================================ -- ============================================================================
--changeset RbacIdentityViewGenerator:hs-office-coopassetstransaction-rbac-IDENTITY-VIEW endDelimiter:--// --changeset RbacIdentityViewGenerator:hs-office-coopassettx-rbac-IDENTITY-VIEW endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call rbac.generateRbacIdentityViewFromProjection('hs_office.coopassetstransaction', call rbac.generateRbacIdentityViewFromProjection('hs_office.coopassettx',
$idName$ $idName$
reference reference
$idName$); $idName$);
@ -153,9 +153,9 @@ call rbac.generateRbacIdentityViewFromProjection('hs_office.coopassetstransactio
-- ============================================================================ -- ============================================================================
--changeset RbacRestrictedViewGenerator:hs-office-coopassetstransaction-rbac-RESTRICTED-VIEW endDelimiter:--// --changeset RbacRestrictedViewGenerator:hs-office-coopassettx-rbac-RESTRICTED-VIEW endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call rbac.generateRbacRestrictedView('hs_office.coopassetstransaction', call rbac.generateRbacRestrictedView('hs_office.coopassettx',
$orderBy$ $orderBy$
reference reference
$orderBy$, $orderBy$,

38
src/main/resources/db/changelog/5-hs-office/512-coopassets/5126-hs-office-coopassets-migration.sql
View File

@ -7,9 +7,9 @@
--changeset michael.hoennig:hs-office-coopassets-MIGRATION-mapping endDelimiter:--// --changeset michael.hoennig:hs-office-coopassets-MIGRATION-mapping endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
CREATE TABLE hs_office.coopassetstransaction_legacy_id CREATE TABLE hs_office.coopassettx_legacy_id
( (
uuid uuid NOT NULL REFERENCES hs_office.coopassetstransaction(uuid), uuid uuid NOT NULL REFERENCES hs_office.coopassettx(uuid),
member_asset_id integer NOT NULL member_asset_id integer NOT NULL
); );
--// --//
@ -19,10 +19,10 @@ CREATE TABLE hs_office.coopassetstransaction_legacy_id
--changeset michael.hoennig:hs-office-coopassets-MIGRATION-sequence endDelimiter:--// --changeset michael.hoennig:hs-office-coopassets-MIGRATION-sequence endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
CREATE SEQUENCE IF NOT EXISTS hs_office.coopassetstransaction_legacy_id_seq CREATE SEQUENCE IF NOT EXISTS hs_office.coopassettx_legacy_id_seq
AS integer AS integer
START 1000000000 START 1000000000
OWNED BY hs_office.coopassetstransaction_legacy_id.member_asset_id; OWNED BY hs_office.coopassettx_legacy_id.member_asset_id;
--// --//
@ -30,9 +30,9 @@ CREATE SEQUENCE IF NOT EXISTS hs_office.coopassetstransaction_legacy_id_seq
--changeset michael.hoennig:hs-office-coopassets-MIGRATION-default endDelimiter:--// --changeset michael.hoennig:hs-office-coopassets-MIGRATION-default endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
ALTER TABLE hs_office.coopassetstransaction_legacy_id ALTER TABLE hs_office.coopassettx_legacy_id
ALTER COLUMN member_asset_id ALTER COLUMN member_asset_id
SET DEFAULT nextVal('hs_office.coopassetstransaction_legacy_id_seq'); SET DEFAULT nextVal('hs_office.coopassettx_legacy_id_seq');
--/ --/
@ -41,15 +41,15 @@ ALTER TABLE hs_office.coopassetstransaction_legacy_id
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
CALL base.defineContext('schema-migration'); CALL base.defineContext('schema-migration');
INSERT INTO hs_office.coopassetstransaction_legacy_id(uuid, member_asset_id) INSERT INTO hs_office.coopassettx_legacy_id(uuid, member_asset_id)
SELECT uuid, nextVal('hs_office.coopassetstransaction_legacy_id_seq') FROM hs_office.coopassetstransaction; SELECT uuid, nextVal('hs_office.coopassettx_legacy_id_seq') FROM hs_office.coopassettx;
--/ --/
-- ============================================================================ -- ============================================================================
--changeset michael.hoennig:hs-office-coopAssets-MIGRATION-insert-trigger endDelimiter:--// --changeset michael.hoennig:hs-office-coopAssets-MIGRATION-insert-trigger endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
create or replace function insertCoopAssetsLegacyIdMapping() create or replace function hs_office.coopassettx_insert_legacy_id_mapping_tf()
returns trigger returns trigger
language plpgsql language plpgsql
strict as $$ strict as $$
@ -58,23 +58,23 @@ begin
raise exception 'invalid usage of trigger'; raise exception 'invalid usage of trigger';
end if; end if;
INSERT INTO hs_office.coopassetstransaction_legacy_id VALUES INSERT INTO hs_office.coopassettx_legacy_id VALUES
(NEW.uuid, nextVal('hs_office.coopassetstransaction_legacy_id_seq')); (NEW.uuid, nextVal('hs_office.coopassettx_legacy_id_seq'));
return NEW; return NEW;
end; $$; end; $$;
create trigger createCoopAssetsLegacyIdMapping create trigger insert_legacy_id_mapping_tg
after insert on hs_office.coopassetstransaction after insert on hs_office.coopassettx
for each row for each row
execute procedure insertCoopAssetsLegacyIdMapping(); execute procedure hs_office.coopassettx_insert_legacy_id_mapping_tf();
--/ --/
-- ============================================================================ -- ============================================================================
--changeset michael.hoennig:hs-office-coopAssets-MIGRATION-delete-trigger endDelimiter:--// --changeset michael.hoennig:hs-office-coopAssets-MIGRATION-delete-trigger endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
create or replace function deleteCoopAssetsLegacyIdMapping() create or replace function hs_office.coopassettx_delete_legacy_id_mapping_tf()
returns trigger returns trigger
language plpgsql language plpgsql
strict as $$ strict as $$
@ -83,14 +83,14 @@ begin
raise exception 'invalid usage of trigger'; raise exception 'invalid usage of trigger';
end if; end if;
DELETE FROM hs_office.coopassetstransaction_legacy_id DELETE FROM hs_office.coopassettx_legacy_id
WHERE uuid = OLD.uuid; WHERE uuid = OLD.uuid;
return OLD; return OLD;
end; $$; end; $$;
create trigger removeCoopAssetsLegacyIdMapping create trigger delete_legacy_id_mapping_tg
before delete on hs_office.coopassetstransaction before delete on hs_office.coopassettx
for each row for each row
execute procedure deleteCoopAssetsLegacyIdMapping(); execute procedure hs_office.coopassettx_delete_legacy_id_mapping_tf();
--/ --/

10
src/main/resources/db/changelog/5-hs-office/512-coopassets/5128-hs-office-coopassets-test-data.sql
View File

@ -8,7 +8,7 @@
/* /*
Creates a single coopAssetsTransaction test record. Creates a single coopAssetsTransaction test record.
*/ */
create or replace procedure createHsOfficeCoopAssetsTransactionTestData( create or replace procedure hs_office.coopassettx_create_test_data(
givenPartnerNumber numeric, givenPartnerNumber numeric,
givenMemberNumberSuffix char(2) givenMemberNumberSuffix char(2)
) )
@ -27,7 +27,7 @@ begin
raise notice 'creating test coopAssetsTransaction: %', givenPartnerNumber || givenMemberNumberSuffix; raise notice 'creating test coopAssetsTransaction: %', givenPartnerNumber || givenMemberNumberSuffix;
lossEntryUuid := uuid_generate_v4(); lossEntryUuid := uuid_generate_v4();
insert insert
into hs_office.coopassetstransaction(uuid, membershipuuid, transactiontype, valuedate, assetvalue, reference, comment, adjustedAssetTxUuid) into hs_office.coopassettx(uuid, membershipuuid, transactiontype, valuedate, assetvalue, reference, comment, adjustedAssetTxUuid)
values values
(uuid_generate_v4(), membership.uuid, 'DEPOSIT', '2010-03-15', 320.00, 'ref '||givenPartnerNumber || givenMemberNumberSuffix||'-1', 'initial deposit', null), (uuid_generate_v4(), membership.uuid, 'DEPOSIT', '2010-03-15', 320.00, 'ref '||givenPartnerNumber || givenMemberNumberSuffix||'-1', 'initial deposit', null),
(uuid_generate_v4(), membership.uuid, 'DISBURSAL', '2021-09-01', -128.00, 'ref '||givenPartnerNumber || givenMemberNumberSuffix||'-2', 'partial disbursal', null), (uuid_generate_v4(), membership.uuid, 'DISBURSAL', '2021-09-01', -128.00, 'ref '||givenPartnerNumber || givenMemberNumberSuffix||'-2', 'partial disbursal', null),
@ -46,8 +46,8 @@ do language plpgsql $$
call base.defineContext('creating coopAssetsTransaction test-data'); call base.defineContext('creating coopAssetsTransaction test-data');
SET CONSTRAINTS ALL DEFERRED; SET CONSTRAINTS ALL DEFERRED;
call createHsOfficeCoopAssetsTransactionTestData(10001, '01'); call hs_office.coopassettx_create_test_data(10001, '01');
call createHsOfficeCoopAssetsTransactionTestData(10002, '02'); call hs_office.coopassettx_create_test_data(10002, '02');
call createHsOfficeCoopAssetsTransactionTestData(10003, '03'); call hs_office.coopassettx_create_test_data(10003, '03');
end; end;
$$; $$;

8
src/main/resources/db/changelog/6-hs-booking/600-hs-booking-schema.sql Normal file
View File

@ -0,0 +1,8 @@
--liquibase formatted sql
-- ============================================================================
--changeset michael.hoennig:hs-booking-SCHEMA endDelimiter:--//
-- ----------------------------------------------------------------------------
CREATE SCHEMA hs_booking;
--//

2
src/main/resources/db/changelog/6-hs-booking/610-booking-debitor/6100-hs-booking-debitor.sql
View File

@ -4,7 +4,7 @@
--changeset michael.hoennig:hs-booking-debitor-RESTRICTED-VIEW endDelimiter:--// --changeset michael.hoennig:hs-booking-debitor-RESTRICTED-VIEW endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
create view hs_booking_debitor_xv as create view hs_booking.debitor_xv as
select debitor.uuid, select debitor.uuid,
debitor.version, debitor.version,
(partner.partnerNumber::varchar || debitor.debitorNumberSuffix)::numeric as debitorNumber, (partner.partnerNumber::varchar || debitor.debitorNumberSuffix)::numeric as debitorNumber,

6
src/main/resources/db/changelog/6-hs-booking/620-booking-project/6200-hs-booking-project.sql
View File

@ -4,7 +4,7 @@
--changeset michael.hoennig:booking-project-MAIN-TABLE endDelimiter:--// --changeset michael.hoennig:booking-project-MAIN-TABLE endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
create table if not exists hs_booking_project create table if not exists hs_booking.project
( (
uuid uuid unique references rbac.object (uuid), uuid uuid unique references rbac.object (uuid),
version int not null default 0, version int not null default 0,
@ -18,12 +18,12 @@ create table if not exists hs_booking_project
--changeset michael.hoennig:hs-booking-project-MAIN-TABLE-JOURNAL endDelimiter:--// --changeset michael.hoennig:hs-booking-project-MAIN-TABLE-JOURNAL endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call base.create_journal('hs_booking_project'); call base.create_journal('hs_booking.project');
--// --//
-- ============================================================================ -- ============================================================================
--changeset michael.hoennig:hs-booking-project-MAIN-TABLE-HISTORIZATION endDelimiter:--// --changeset michael.hoennig:hs-booking-project-MAIN-TABLE-HISTORIZATION endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call base.tx_create_historicization('hs_booking_project'); call base.tx_create_historicization('hs_booking.project');
--// --//

82
src/main/resources/db/changelog/6-hs-booking/620-booking-project/6203-hs-booking-project-rbac.sql
View File

@ -5,14 +5,14 @@
-- ============================================================================ -- ============================================================================
--changeset RbacObjectGenerator:hs-booking-project-rbac-OBJECT endDelimiter:--// --changeset RbacObjectGenerator:hs-booking-project-rbac-OBJECT endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call rbac.generateRelatedRbacObject('hs_booking_project'); call rbac.generateRelatedRbacObject('hs_booking.project');
--// --//
-- ============================================================================ -- ============================================================================
--changeset RbacRoleDescriptorsGenerator:hs-booking-project-rbac-ROLE-DESCRIPTORS endDelimiter:--// --changeset RbacRoleDescriptorsGenerator:hs-booking-project-rbac-ROLE-DESCRIPTORS endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call rbac.generateRbacRoleDescriptors('hsBookingProject', 'hs_booking_project'); call rbac.generateRbacRoleDescriptors('hs_booking.project');
--// --//
@ -24,8 +24,8 @@ call rbac.generateRbacRoleDescriptors('hsBookingProject', 'hs_booking_project');
Creates the roles, grants and permission for the AFTER INSERT TRIGGER. Creates the roles, grants and permission for the AFTER INSERT TRIGGER.
*/ */
create or replace procedure hs_booking_project_build_rbac_system( create or replace procedure hs_booking.project_build_rbac_system(
NEW hs_booking_project NEW hs_booking.project
) )
language plpgsql as $$ language plpgsql as $$
@ -48,50 +48,50 @@ begin
perform rbac.defineRoleWithGrants( perform rbac.defineRoleWithGrants(
hsBookingProjectOWNER(NEW), hs_booking.project_OWNER(NEW),
incomingSuperRoles => array[hsOfficeRelationAGENT(newDebitorRel, rbac.unassumed())] incomingSuperRoles => array[hs_office.relation_AGENT(newDebitorRel, rbac.unassumed())]
); );
perform rbac.defineRoleWithGrants( perform rbac.defineRoleWithGrants(
hsBookingProjectADMIN(NEW), hs_booking.project_ADMIN(NEW),
permissions => array['UPDATE'], permissions => array['UPDATE'],
incomingSuperRoles => array[hsBookingProjectOWNER(NEW)] incomingSuperRoles => array[hs_booking.project_OWNER(NEW)]
); );
perform rbac.defineRoleWithGrants( perform rbac.defineRoleWithGrants(
hsBookingProjectAGENT(NEW), hs_booking.project_AGENT(NEW),
incomingSuperRoles => array[hsBookingProjectADMIN(NEW)] incomingSuperRoles => array[hs_booking.project_ADMIN(NEW)]
); );
perform rbac.defineRoleWithGrants( perform rbac.defineRoleWithGrants(
hsBookingProjectTENANT(NEW), hs_booking.project_TENANT(NEW),
permissions => array['SELECT'], permissions => array['SELECT'],
incomingSuperRoles => array[hsBookingProjectAGENT(NEW)], incomingSuperRoles => array[hs_booking.project_AGENT(NEW)],
outgoingSubRoles => array[hsOfficeRelationTENANT(newDebitorRel)] outgoingSubRoles => array[hs_office.relation_TENANT(newDebitorRel)]
); );
call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'DELETE'), rbac.globalAdmin()); call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'DELETE'), rbac.global_ADMIN());
call rbac.leaveTriggerForObjectUuid(NEW.uuid); call rbac.leaveTriggerForObjectUuid(NEW.uuid);
end; $$; end; $$;
/* /*
AFTER INSERT TRIGGER to create the role+grant structure for a new hs_booking_project row. AFTER INSERT TRIGGER to create the role+grant structure for a new hs_booking.project row.
*/ */
create or replace function hs_booking_project_build_rbac_system_after_insert_tf() create or replace function hs_booking.project_build_rbac_system_after_insert_tf()
returns trigger returns trigger
language plpgsql language plpgsql
strict as $$ strict as $$
begin begin
call hs_booking_project_build_rbac_system(NEW); call hs_booking.project_build_rbac_system(NEW);
return NEW; return NEW;
end; $$; end; $$;
create trigger build_rbac_system_after_insert_tg create trigger build_rbac_system_after_insert_tg
after insert on hs_booking_project after insert on hs_booking.project
for each row for each row
execute procedure hs_booking_project_build_rbac_system_after_insert_tf(); execute procedure hs_booking.project_build_rbac_system_after_insert_tf();
--// --//
@ -102,45 +102,45 @@ execute procedure hs_booking_project_build_rbac_system_after_insert_tf();
-- granting INSERT permission to hs_office.relation ---------------------------- -- granting INSERT permission to hs_office.relation ----------------------------
/* /*
Grants INSERT INTO hs_booking_project permissions to specified role of pre-existing hs_office.relation rows. Grants INSERT INTO hs_booking.project permissions to specified role of pre-existing hs_office.relation rows.
*/ */
do language plpgsql $$ do language plpgsql $$
declare declare
row hs_office.relation; row hs_office.relation;
begin begin
call base.defineContext('create INSERT INTO hs_booking_project permissions for pre-exising hs_office.relation rows'); call base.defineContext('create INSERT INTO hs_booking.project permissions for pre-exising hs_office.relation rows');
FOR row IN SELECT * FROM hs_office.relation FOR row IN SELECT * FROM hs_office.relation
WHERE type = 'DEBITOR' WHERE type = 'DEBITOR'
LOOP LOOP
call rbac.grantPermissionToRole( call rbac.grantPermissionToRole(
rbac.createPermission(row.uuid, 'INSERT', 'hs_booking_project'), rbac.createPermission(row.uuid, 'INSERT', 'hs_booking.project'),
hsOfficeRelationADMIN(row)); hs_office.relation_ADMIN(row));
END LOOP; END LOOP;
end; end;
$$; $$;
/** /**
Grants hs_booking_project INSERT permission to specified role of new relation rows. Grants hs_booking.project INSERT permission to specified role of new relation rows.
*/ */
create or replace function new_hsbk_project_grants_insert_to_relation_tf() create or replace function hs_booking.project_grants_insert_to_relation_tf()
returns trigger returns trigger
language plpgsql language plpgsql
strict as $$ strict as $$
begin begin
if NEW.type = 'DEBITOR' then if NEW.type = 'DEBITOR' then
call rbac.grantPermissionToRole( call rbac.grantPermissionToRole(
rbac.createPermission(NEW.uuid, 'INSERT', 'hs_booking_project'), rbac.createPermission(NEW.uuid, 'INSERT', 'hs_booking.project'),
hsOfficeRelationADMIN(NEW)); hs_office.relation_ADMIN(NEW));
end if; end if;
return NEW; return NEW;
end; $$; end; $$;
-- z_... is to put it at the end of after insert triggers, to make sure the roles exist -- ..._z_... is to put it at the end of after insert triggers, to make sure the roles exist
create trigger z_new_hs_booking_project_grants_after_insert_tg create trigger project_z_grants_after_insert_tg
after insert on hs_office.relation after insert on hs_office.relation
for each row for each row
execute procedure new_hsbk_project_grants_insert_to_relation_tf(); execute procedure hs_booking.project_grants_insert_to_relation_tf();
-- ============================================================================ -- ============================================================================
@ -148,9 +148,9 @@ execute procedure new_hsbk_project_grants_insert_to_relation_tf();
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
/** /**
Checks if the user respectively the assumed roles are allowed to insert a row to hs_booking_project. Checks if the user respectively the assumed roles are allowed to insert a row to hs_booking.project.
*/ */
create or replace function hs_booking_project_insert_permission_check_tf() create or replace function hs_booking.project_insert_permission_check_tf()
returns trigger returns trigger
language plpgsql as $$ language plpgsql as $$
declare declare
@ -162,19 +162,19 @@ begin
JOIN hs_office.debitor debitor ON debitor.debitorRelUuid = debitorRel.uuid JOIN hs_office.debitor debitor ON debitor.debitorRelUuid = debitorRel.uuid
WHERE debitor.uuid = NEW.debitorUuid WHERE debitor.uuid = NEW.debitorUuid
); );
assert superObjectUuid is not null, 'object uuid fetched depending on hs_booking_project.debitorUuid must not be null, also check fetchSql in RBAC DSL'; assert superObjectUuid is not null, 'object uuid fetched depending on hs_booking.project.debitorUuid must not be null, also check fetchSql in RBAC DSL';
if rbac.hasInsertPermission(superObjectUuid, 'hs_booking_project') then if rbac.hasInsertPermission(superObjectUuid, 'hs_booking.project') then
return NEW; return NEW;
end if; end if;
raise exception '[403] insert into hs_booking_project values(%) not allowed for current subjects % (%)', raise exception '[403] insert into hs_booking.project values(%) not allowed for current subjects % (%)',
NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
end; $$; end; $$;
create trigger hs_booking_project_insert_permission_check_tg create trigger project_insert_permission_check_tg
before insert on hs_booking_project before insert on hs_booking.project
for each row for each row
execute procedure hs_booking_project_insert_permission_check_tf(); execute procedure hs_booking.project_insert_permission_check_tf();
--// --//
@ -182,10 +182,10 @@ create trigger hs_booking_project_insert_permission_check_tg
--changeset RbacIdentityViewGenerator:hs-booking-project-rbac-IDENTITY-VIEW endDelimiter:--// --changeset RbacIdentityViewGenerator:hs-booking-project-rbac-IDENTITY-VIEW endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call rbac.generateRbacIdentityViewFromQuery('hs_booking_project', call rbac.generateRbacIdentityViewFromQuery('hs_booking.project',
$idName$ $idName$
SELECT bookingProject.uuid as uuid, debitorIV.idName || '-' || base.cleanIdentifier(bookingProject.caption) as idName SELECT bookingProject.uuid as uuid, debitorIV.idName || '-' || base.cleanIdentifier(bookingProject.caption) as idName
FROM hs_booking_project bookingProject FROM hs_booking.project bookingProject
JOIN hs_office.debitor_iv debitorIV ON debitorIV.uuid = bookingProject.debitorUuid JOIN hs_office.debitor_iv debitorIV ON debitorIV.uuid = bookingProject.debitorUuid
$idName$); $idName$);
--// --//
@ -194,7 +194,7 @@ call rbac.generateRbacIdentityViewFromQuery('hs_booking_project',
-- ============================================================================ -- ============================================================================
--changeset RbacRestrictedViewGenerator:hs-booking-project-rbac-RESTRICTED-VIEW endDelimiter:--// --changeset RbacRestrictedViewGenerator:hs-booking-project-rbac-RESTRICTED-VIEW endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call rbac.generateRbacRestrictedView('hs_booking_project', call rbac.generateRbacRestrictedView('hs_booking.project',
$orderBy$ $orderBy$
caption caption
$orderBy$, $orderBy$,

12
src/main/resources/db/changelog/6-hs-booking/620-booking-project/6208-hs-booking-project-test-data.sql
View File

@ -6,9 +6,9 @@
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
/* /*
Creates a single hs_booking_project test record. Creates a single hs_booking.project test record.
*/ */
create or replace procedure createHsBookingProjectTransactionTestData( create or replace procedure hs_booking.project_create_test_data(
givenPartnerNumber numeric, givenPartnerNumber numeric,
givenDebitorSuffix char(2) givenDebitorSuffix char(2)
) )
@ -27,7 +27,7 @@ begin
raise notice 'creating test booking-project: %', givenDebitorSuffix::text; raise notice 'creating test booking-project: %', givenDebitorSuffix::text;
raise notice '- using debitor (%): %', relatedDebitor.uuid, relatedDebitor; raise notice '- using debitor (%): %', relatedDebitor.uuid, relatedDebitor;
insert insert
into hs_booking_project (uuid, debitoruuid, caption) into hs_booking.project (uuid, debitoruuid, caption)
values (uuid_generate_v4(), relatedDebitor.uuid, 'D-' || givenPartnerNumber::text || givenDebitorSuffix || ' default project'); values (uuid_generate_v4(), relatedDebitor.uuid, 'D-' || givenPartnerNumber::text || givenDebitorSuffix || ' default project');
end; $$; end; $$;
--// --//
@ -41,9 +41,9 @@ do language plpgsql $$
begin begin
call base.defineContext('creating booking-project test-data', null, 'superuser-alex@hostsharing.net', 'rbac.global#global:ADMIN'); call base.defineContext('creating booking-project test-data', null, 'superuser-alex@hostsharing.net', 'rbac.global#global:ADMIN');
call createHsBookingProjectTransactionTestData(10001, '11'); call hs_booking.project_create_test_data(10001, '11');
call createHsBookingProjectTransactionTestData(10002, '12'); call hs_booking.project_create_test_data(10002, '12');
call createHsBookingProjectTransactionTestData(10003, '13'); call hs_booking.project_create_test_data(10003, '13');
end; end;
$$; $$;
--// --//

18
src/main/resources/db/changelog/6-hs-booking/630-booking-item/6300-hs-booking-item.sql
View File

@ -4,7 +4,7 @@
--changeset michael.hoennig:booking-item-MAIN-TABLE endDelimiter:--// --changeset michael.hoennig:booking-item-MAIN-TABLE endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
create type HsBookingItemType as enum ( create type hs_booking.ItemType as enum (
'PRIVATE_CLOUD', 'PRIVATE_CLOUD',
'CLOUD_SERVER', 'CLOUD_SERVER',
'MANAGED_SERVER', 'MANAGED_SERVER',
@ -12,20 +12,20 @@ create type HsBookingItemType as enum (
'DOMAIN_SETUP' 'DOMAIN_SETUP'
); );
CREATE CAST (character varying as HsBookingItemType) WITH INOUT AS IMPLICIT; CREATE CAST (character varying as hs_booking.ItemType) WITH INOUT AS IMPLICIT;
create table if not exists hs_booking_item create table if not exists hs_booking.item
( (
uuid uuid unique references rbac.object (uuid), uuid uuid unique references rbac.object (uuid),
version int not null default 0, version int not null default 0,
projectUuid uuid null references hs_booking_project(uuid), projectUuid uuid null references hs_booking.project(uuid),
type HsBookingItemType not null, type hs_booking.ItemType not null,
parentItemUuid uuid null references hs_booking_item(uuid) initially deferred, parentItemUuid uuid null references hs_booking.item(uuid) initially deferred,
validity daterange not null, validity daterange not null,
caption varchar(80) not null, caption varchar(80) not null,
resources jsonb not null, resources jsonb not null,
constraint chk_hs_booking_item_has_project_or_parent_asset constraint booking_item_has_project_or_parent_asset
check (projectUuid is not null or parentItemUuid is not null) check (projectUuid is not null or parentItemUuid is not null)
); );
--// --//
@ -35,13 +35,13 @@ create table if not exists hs_booking_item
--changeset michael.hoennig:hs-booking-item-MAIN-TABLE-JOURNAL endDelimiter:--// --changeset michael.hoennig:hs-booking-item-MAIN-TABLE-JOURNAL endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call base.create_journal('hs_booking_item'); call base.create_journal('hs_booking.item');
--// --//
-- ============================================================================ -- ============================================================================
--changeset michael.hoennig:hs-booking-item-MAIN-TABLE-HISTORIZATION endDelimiter:--// --changeset michael.hoennig:hs-booking-item-MAIN-TABLE-HISTORIZATION endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call base.tx_create_historicization('hs_booking_item'); call base.tx_create_historicization('hs_booking.item');
--// --//

142
src/main/resources/db/changelog/6-hs-booking/630-booking-item/6303-hs-booking-item-rbac.sql
View File

@ -5,14 +5,14 @@
-- ============================================================================ -- ============================================================================
--changeset RbacObjectGenerator:hs-booking-item-rbac-OBJECT endDelimiter:--// --changeset RbacObjectGenerator:hs-booking-item-rbac-OBJECT endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call rbac.generateRelatedRbacObject('hs_booking_item'); call rbac.generateRelatedRbacObject('hs_booking.item');
--// --//
-- ============================================================================ -- ============================================================================
--changeset RbacRoleDescriptorsGenerator:hs-booking-item-rbac-ROLE-DESCRIPTORS endDelimiter:--// --changeset RbacRoleDescriptorsGenerator:hs-booking-item-rbac-ROLE-DESCRIPTORS endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call rbac.generateRbacRoleDescriptors('hsBookingItem', 'hs_booking_item'); call rbac.generateRbacRoleDescriptors('hs_booking.item');
--// --//
@ -24,73 +24,73 @@ call rbac.generateRbacRoleDescriptors('hsBookingItem', 'hs_booking_item');
Creates the roles, grants and permission for the AFTER INSERT TRIGGER. Creates the roles, grants and permission for the AFTER INSERT TRIGGER.
*/ */
create or replace procedure hs_booking_item_build_rbac_system( create or replace procedure hs_booking.item_build_rbac_system(
NEW hs_booking_item NEW hs_booking.item
) )
language plpgsql as $$ language plpgsql as $$
declare declare
newProject hs_booking_project; newProject hs_booking.project;
newParentItem hs_booking_item; newParentItem hs_booking.item;
begin begin
call rbac.enterTriggerForObjectUuid(NEW.uuid); call rbac.enterTriggerForObjectUuid(NEW.uuid);
SELECT * FROM hs_booking_project WHERE uuid = NEW.projectUuid INTO newProject; SELECT * FROM hs_booking.project WHERE uuid = NEW.projectUuid INTO newProject;
SELECT * FROM hs_booking_item WHERE uuid = NEW.parentItemUuid INTO newParentItem; SELECT * FROM hs_booking.item WHERE uuid = NEW.parentItemUuid INTO newParentItem;
perform rbac.defineRoleWithGrants( perform rbac.defineRoleWithGrants(
hsBookingItemOWNER(NEW), hs_booking.item_OWNER(NEW),
incomingSuperRoles => array[ incomingSuperRoles => array[
hsBookingItemAGENT(newParentItem), hs_booking.item_AGENT(newParentItem),
hsBookingProjectAGENT(newProject)] hs_booking.project_AGENT(newProject)]
); );
perform rbac.defineRoleWithGrants( perform rbac.defineRoleWithGrants(
hsBookingItemADMIN(NEW), hs_booking.item_ADMIN(NEW),
permissions => array['UPDATE'], permissions => array['UPDATE'],
incomingSuperRoles => array[hsBookingItemOWNER(NEW)] incomingSuperRoles => array[hs_booking.item_OWNER(NEW)]
); );
perform rbac.defineRoleWithGrants( perform rbac.defineRoleWithGrants(
hsBookingItemAGENT(NEW), hs_booking.item_AGENT(NEW),
incomingSuperRoles => array[hsBookingItemADMIN(NEW)] incomingSuperRoles => array[hs_booking.item_ADMIN(NEW)]
); );
perform rbac.defineRoleWithGrants( perform rbac.defineRoleWithGrants(
hsBookingItemTENANT(NEW), hs_booking.item_TENANT(NEW),
permissions => array['SELECT'], permissions => array['SELECT'],
incomingSuperRoles => array[hsBookingItemAGENT(NEW)], incomingSuperRoles => array[hs_booking.item_AGENT(NEW)],
outgoingSubRoles => array[ outgoingSubRoles => array[
hsBookingItemTENANT(newParentItem), hs_booking.item_TENANT(newParentItem),
hsBookingProjectTENANT(newProject)] hs_booking.project_TENANT(newProject)]
); );
call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'DELETE'), rbac.globalAdmin()); call rbac.grantPermissionToRole(rbac.createPermission(NEW.uuid, 'DELETE'), rbac.global_ADMIN());
call rbac.leaveTriggerForObjectUuid(NEW.uuid); call rbac.leaveTriggerForObjectUuid(NEW.uuid);
end; $$; end; $$;
/* /*
AFTER INSERT TRIGGER to create the role+grant structure for a new hs_booking_item row. AFTER INSERT TRIGGER to create the role+grant structure for a new hs_booking.item row.
*/ */
create or replace function hs_booking_item_build_rbac_system_after_insert_tf() create or replace function hs_booking.item_build_rbac_system_after_insert_tf()
returns trigger returns trigger
language plpgsql language plpgsql
strict as $$ strict as $$
begin begin
call hs_booking_item_build_rbac_system(NEW); call hs_booking.item_build_rbac_system(NEW);
return NEW; return NEW;
end; $$; end; $$;
create trigger build_rbac_system_after_insert_tg create trigger build_rbac_system_after_insert_tg
after insert on hs_booking_item after insert on hs_booking.item
for each row for each row
execute procedure hs_booking_item_build_rbac_system_after_insert_tf(); execute procedure hs_booking.item_build_rbac_system_after_insert_tf();
--// --//
@ -101,115 +101,115 @@ execute procedure hs_booking_item_build_rbac_system_after_insert_tf();
-- granting INSERT permission to rbac.global ---------------------------- -- granting INSERT permission to rbac.global ----------------------------
/* /*
Grants INSERT INTO hs_booking_item permissions to specified role of pre-existing rbac.global rows. Grants INSERT INTO hs_booking.item permissions to specified role of pre-existing rbac.global rows.
*/ */
do language plpgsql $$ do language plpgsql $$
declare declare
row rbac.global; row rbac.global;
begin begin
call base.defineContext('create INSERT INTO hs_booking_item permissions for pre-exising rbac.global rows'); call base.defineContext('create INSERT INTO hs_booking.item permissions for pre-exising rbac.global rows');
FOR row IN SELECT * FROM rbac.global FOR row IN SELECT * FROM rbac.global
-- unconditional for all rows in that table -- unconditional for all rows in that table
LOOP LOOP
call rbac.grantPermissionToRole( call rbac.grantPermissionToRole(
rbac.createPermission(row.uuid, 'INSERT', 'hs_booking_item'), rbac.createPermission(row.uuid, 'INSERT', 'hs_booking.item'),
rbac.globalADMIN()); rbac.global_ADMIN());
END LOOP; END LOOP;
end; end;
$$; $$;
/** /**
Grants hs_booking_item INSERT permission to specified role of new global rows. Grants hs_booking.item INSERT permission to specified role of new global rows.
*/ */
create or replace function new_hsbk_item_grants_insert_to_global_tf() create or replace function hs_booking.item_grants_insert_to_global_tf()
returns trigger returns trigger
language plpgsql language plpgsql
strict as $$ strict as $$
begin begin
-- unconditional for all rows in that table -- unconditional for all rows in that table
call rbac.grantPermissionToRole( call rbac.grantPermissionToRole(
rbac.createPermission(NEW.uuid, 'INSERT', 'hs_booking_item'), rbac.createPermission(NEW.uuid, 'INSERT', 'hs_booking.item'),
rbac.globalADMIN()); rbac.global_ADMIN());
-- end. -- end.
return NEW; return NEW;
end; $$; end; $$;
-- z_... is to put it at the end of after insert triggers, to make sure the roles exist -- ..._z_... is to put it at the end of after insert triggers, to make sure the roles exist
create trigger z_new_hs_booking_item_grants_after_insert_tg create trigger item_z_grants_after_insert_tg
after insert on rbac.global after insert on rbac.global
for each row for each row
execute procedure new_hsbk_item_grants_insert_to_global_tf(); execute procedure hs_booking.item_grants_insert_to_global_tf();
-- granting INSERT permission to hs_booking_project ---------------------------- -- granting INSERT permission to hs_booking.project ----------------------------
/* /*
Grants INSERT INTO hs_booking_item permissions to specified role of pre-existing hs_booking_project rows. Grants INSERT INTO hs_booking.item permissions to specified role of pre-existing hs_booking.project rows.
*/ */
do language plpgsql $$ do language plpgsql $$
declare declare
row hs_booking_project; row hs_booking.project;
begin begin
call base.defineContext('create INSERT INTO hs_booking_item permissions for pre-exising hs_booking_project rows'); call base.defineContext('create INSERT INTO hs_booking.item permissions for pre-exising hs_booking.project rows');
FOR row IN SELECT * FROM hs_booking_project FOR row IN SELECT * FROM hs_booking.project
-- unconditional for all rows in that table -- unconditional for all rows in that table
LOOP LOOP
call rbac.grantPermissionToRole( call rbac.grantPermissionToRole(
rbac.createPermission(row.uuid, 'INSERT', 'hs_booking_item'), rbac.createPermission(row.uuid, 'INSERT', 'hs_booking.item'),
hsBookingProjectADMIN(row)); hs_booking.project_ADMIN(row));
END LOOP; END LOOP;
end; end;
$$; $$;
/** /**
Grants hs_booking_item INSERT permission to specified role of new hs_booking_project rows. Grants hs_booking.item INSERT permission to specified role of new project rows.
*/ */
create or replace function new_hsbk_item_grants_insert_to_hsbk_project_tf() create or replace function hs_booking.item_grants_insert_to_project_tf()
returns trigger returns trigger
language plpgsql language plpgsql
strict as $$ strict as $$
begin begin
-- unconditional for all rows in that table -- unconditional for all rows in that table
call rbac.grantPermissionToRole( call rbac.grantPermissionToRole(
rbac.createPermission(NEW.uuid, 'INSERT', 'hs_booking_item'), rbac.createPermission(NEW.uuid, 'INSERT', 'hs_booking.item'),
hsBookingProjectADMIN(NEW)); hs_booking.project_ADMIN(NEW));
-- end. -- end.
return NEW; return NEW;
end; $$; end; $$;
-- z_... is to put it at the end of after insert triggers, to make sure the roles exist -- ..._z_... is to put it at the end of after insert triggers, to make sure the roles exist
create trigger z_new_hs_booking_item_grants_after_insert_tg create trigger item_z_grants_after_insert_tg
after insert on hs_booking_project after insert on hs_booking.project
for each row for each row
execute procedure new_hsbk_item_grants_insert_to_hsbk_project_tf(); execute procedure hs_booking.item_grants_insert_to_project_tf();
-- granting INSERT permission to hs_booking_item ---------------------------- -- granting INSERT permission to hs_booking.item ----------------------------
-- Granting INSERT INTO hs_hosting_asset permissions to specified role of pre-existing hs_hosting_asset rows slipped, -- Granting INSERT INTO hs_hosting.asset permissions to specified role of pre-existing hs_hosting.asset rows slipped,
-- because there cannot yet be any pre-existing rows in the same table yet. -- because there cannot yet be any pre-existing rows in the same table yet.
/** /**
Grants hs_booking_item INSERT permission to specified role of new hs_booking_item rows. Grants hs_booking.item INSERT permission to specified role of new item rows.
*/ */
create or replace function new_hsbk_item_grants_insert_to_hsbk_item_tf() create or replace function hs_booking.item_grants_insert_to_item_tf()
returns trigger returns trigger
language plpgsql language plpgsql
strict as $$ strict as $$
begin begin
-- unconditional for all rows in that table -- unconditional for all rows in that table
call rbac.grantPermissionToRole( call rbac.grantPermissionToRole(
rbac.createPermission(NEW.uuid, 'INSERT', 'hs_booking_item'), rbac.createPermission(NEW.uuid, 'INSERT', 'hs_booking.item'),
hsBookingItemADMIN(NEW)); hs_booking.item_ADMIN(NEW));
-- end. -- end.
return NEW; return NEW;
end; $$; end; $$;
-- z_... is to put it at the end of after insert triggers, to make sure the roles exist -- ..._z_... is to put it at the end of after insert triggers, to make sure the roles exist
create trigger z_new_hs_booking_item_grants_after_insert_tg create trigger item_z_grants_after_insert_tg
after insert on hs_booking_item after insert on hs_booking.item
for each row for each row
execute procedure new_hsbk_item_grants_insert_to_hsbk_item_tf(); execute procedure hs_booking.item_grants_insert_to_item_tf();
-- ============================================================================ -- ============================================================================
@ -217,9 +217,9 @@ execute procedure new_hsbk_item_grants_insert_to_hsbk_item_tf();
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
/** /**
Checks if the user respectively the assumed roles are allowed to insert a row to hs_booking_item. Checks if the user respectively the assumed roles are allowed to insert a row to hs_booking.item.
*/ */
create or replace function hs_booking_item_insert_permission_check_tf() create or replace function hs_booking.item_insert_permission_check_tf()
returns trigger returns trigger
language plpgsql as $$ language plpgsql as $$
declare declare
@ -230,22 +230,22 @@ begin
return NEW; return NEW;
end if; end if;
-- check INSERT permission via direct foreign key: NEW.projectUuid -- check INSERT permission via direct foreign key: NEW.projectUuid
if rbac.hasInsertPermission(NEW.projectUuid, 'hs_booking_item') then if rbac.hasInsertPermission(NEW.projectUuid, 'hs_booking.item') then
return NEW; return NEW;
end if; end if;
-- check INSERT permission via direct foreign key: NEW.parentItemUuid -- check INSERT permission via direct foreign key: NEW.parentItemUuid
if rbac.hasInsertPermission(NEW.parentItemUuid, 'hs_booking_item') then if rbac.hasInsertPermission(NEW.parentItemUuid, 'hs_booking.item') then
return NEW; return NEW;
end if; end if;
raise exception '[403] insert into hs_booking_item values(%) not allowed for current subjects % (%)', raise exception '[403] insert into hs_booking.item values(%) not allowed for current subjects % (%)',
NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids(); NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
end; $$; end; $$;
create trigger hs_booking_item_insert_permission_check_tg create trigger item_insert_permission_check_tg
before insert on hs_booking_item before insert on hs_booking.item
for each row for each row
execute procedure hs_booking_item_insert_permission_check_tf(); execute procedure hs_booking.item_insert_permission_check_tf();
--// --//
@ -253,7 +253,7 @@ create trigger hs_booking_item_insert_permission_check_tg
--changeset RbacIdentityViewGenerator:hs-booking-item-rbac-IDENTITY-VIEW endDelimiter:--// --changeset RbacIdentityViewGenerator:hs-booking-item-rbac-IDENTITY-VIEW endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call rbac.generateRbacIdentityViewFromProjection('hs_booking_item', call rbac.generateRbacIdentityViewFromProjection('hs_booking.item',
$idName$ $idName$
caption caption
$idName$); $idName$);
@ -263,7 +263,7 @@ call rbac.generateRbacIdentityViewFromProjection('hs_booking_item',
-- ============================================================================ -- ============================================================================
--changeset RbacRestrictedViewGenerator:hs-booking-item-rbac-RESTRICTED-VIEW endDelimiter:--// --changeset RbacRestrictedViewGenerator:hs-booking-item-rbac-RESTRICTED-VIEW endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call rbac.generateRbacRestrictedView('hs_booking_item', call rbac.generateRbacRestrictedView('hs_booking.item',
$orderBy$ $orderBy$
validity validity
$orderBy$, $orderBy$,

16
src/main/resources/db/changelog/6-hs-booking/630-booking-item/6308-hs-booking-item-test-data.sql
View File

@ -6,20 +6,20 @@
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
/* /*
Creates a single hs_booking_item test record. Creates a single hs_booking.item test record.
*/ */
create or replace procedure createHsBookingItemTransactionTestData( create or replace procedure hs_booking.item_create_test_data(
givenPartnerNumber numeric, givenPartnerNumber numeric,
givenDebitorSuffix char(2) givenDebitorSuffix char(2)
) )
language plpgsql as $$ language plpgsql as $$
declare declare
relatedProject hs_booking_project; relatedProject hs_booking.project;
privateCloudUuid uuid; privateCloudUuid uuid;
managedServerUuid uuid; managedServerUuid uuid;
begin begin
select project.* into relatedProject select project.* into relatedProject
from hs_booking_project project from hs_booking.project project
where project.caption = 'D-' || givenPartnerNumber || givenDebitorSuffix || ' default project'; where project.caption = 'D-' || givenPartnerNumber || givenDebitorSuffix || ' default project';
raise notice 'creating test booking-item: %', givenPartnerNumber::text || givenDebitorSuffix::text; raise notice 'creating test booking-item: %', givenPartnerNumber::text || givenDebitorSuffix::text;
@ -27,7 +27,7 @@ begin
privateCloudUuid := uuid_generate_v4(); privateCloudUuid := uuid_generate_v4();
managedServerUuid := uuid_generate_v4(); managedServerUuid := uuid_generate_v4();
insert insert
into hs_booking_item (uuid, projectuuid, type, parentitemuuid, caption, validity, resources) into hs_booking.item (uuid, projectuuid, type, parentitemuuid, caption, validity, resources)
values (privateCloudUuid, relatedProject.uuid, 'PRIVATE_CLOUD', null, 'some PrivateCloud', daterange('20240401', null, '[]'), '{ "CPU": 10, "RAM": 32, "SSD": 4000, "HDD": 10000, "Traffic": 2000 }'::jsonb), values (privateCloudUuid, relatedProject.uuid, 'PRIVATE_CLOUD', null, 'some PrivateCloud', daterange('20240401', null, '[]'), '{ "CPU": 10, "RAM": 32, "SSD": 4000, "HDD": 10000, "Traffic": 2000 }'::jsonb),
(uuid_generate_v4(), null, 'MANAGED_SERVER', privateCloudUuid, 'some ManagedServer', daterange('20230115', '20240415', '[)'), '{ "CPU": 2, "RAM": 4, "SSD": 500, "Traffic": 500 }'::jsonb), (uuid_generate_v4(), null, 'MANAGED_SERVER', privateCloudUuid, 'some ManagedServer', daterange('20230115', '20240415', '[)'), '{ "CPU": 2, "RAM": 4, "SSD": 500, "Traffic": 500 }'::jsonb),
(uuid_generate_v4(), null, 'CLOUD_SERVER', privateCloudUuid, 'test CloudServer', daterange('20230115', '20240415', '[)'), '{ "CPU": 2, "RAM": 4, "SSD": 750, "Traffic": 500 }'::jsonb), (uuid_generate_v4(), null, 'CLOUD_SERVER', privateCloudUuid, 'test CloudServer', daterange('20230115', '20240415', '[)'), '{ "CPU": 2, "RAM": 4, "SSD": 750, "Traffic": 500 }'::jsonb),
@ -49,9 +49,9 @@ do language plpgsql $$
begin begin
call base.defineContext('creating booking-item test-data', null, 'superuser-alex@hostsharing.net', 'rbac.global#global:ADMIN'); call base.defineContext('creating booking-item test-data', null, 'superuser-alex@hostsharing.net', 'rbac.global#global:ADMIN');
call createHsBookingItemTransactionTestData(10001, '11'); call hs_booking.item_create_test_data(10001, '11');
call createHsBookingItemTransactionTestData(10002, '12'); call hs_booking.item_create_test_data(10002, '12');
call createHsBookingItemTransactionTestData(10003, '13'); call hs_booking.item_create_test_data(10003, '13');
end; end;
$$; $$;
--// --//

8
src/main/resources/db/changelog/7-hs-hosting/700-hs-hosting-schema.sql Normal file
View File

@ -0,0 +1,8 @@
--liquibase formatted sql
-- ============================================================================
--changeset michael.hoennig:hs-hosting-SCHEMA endDelimiter:--//
-- ----------------------------------------------------------------------------
CREATE SCHEMA hs_hosting;
--//

50
src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7010-hs-hosting-asset.sql
View File

@ -4,7 +4,7 @@
--changeset michael.hoennig:hosting-asset-MAIN-TABLE endDelimiter:--// --changeset michael.hoennig:hosting-asset-MAIN-TABLE endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
create type HsHostingAssetType as enum ( create type hs_hosting.AssetType as enum (
'CLOUD_SERVER', 'CLOUD_SERVER',
'MANAGED_SERVER', 'MANAGED_SERVER',
'MANAGED_WEBSPACE', 'MANAGED_WEBSPACE',
@ -26,22 +26,22 @@ create type HsHostingAssetType as enum (
'IPV6_NUMBER' 'IPV6_NUMBER'
); );
CREATE CAST (character varying as HsHostingAssetType) WITH INOUT AS IMPLICIT; CREATE CAST (character varying as hs_hosting.AssetType) WITH INOUT AS IMPLICIT;
create table if not exists hs_hosting_asset create table if not exists hs_hosting.asset
( (
uuid uuid unique references rbac.object (uuid), uuid uuid unique references rbac.object (uuid),
version int not null default 0, version int not null default 0,
bookingItemUuid uuid null references hs_booking_item(uuid), bookingItemUuid uuid null references hs_booking.item(uuid),
type HsHostingAssetType not null, type hs_hosting.AssetType not null,
parentAssetUuid uuid null references hs_hosting_asset(uuid) initially deferred, parentAssetUuid uuid null references hs_hosting.asset(uuid) initially deferred,
assignedToAssetUuid uuid null references hs_hosting_asset(uuid) initially deferred, assignedToAssetUuid uuid null references hs_hosting.asset(uuid) initially deferred,
identifier varchar(80) not null, identifier varchar(80) not null,
caption varchar(80), caption varchar(80),
config jsonb not null, config jsonb not null,
alarmContactUuid uuid null references hs_office.contact(uuid) initially deferred, alarmContactUuid uuid null references hs_office.contact(uuid) initially deferred,
constraint chk_hs_hosting_asset_has_booking_item_or_parent_asset constraint hosting_asset_has_booking_item_or_parent_asset
check (bookingItemUuid is not null or parentAssetUuid is not null or type in ('DOMAIN_SETUP', 'IPV4_NUMBER', 'IPV6_NUMBER')) check (bookingItemUuid is not null or parentAssetUuid is not null or type in ('DOMAIN_SETUP', 'IPV4_NUMBER', 'IPV6_NUMBER'))
); );
--// --//
@ -54,16 +54,16 @@ create table if not exists hs_hosting_asset
-- TODO.impl: this could be generated from HsHostingAssetType -- TODO.impl: this could be generated from HsHostingAssetType
-- also including a check for assignedToAssetUuud -- also including a check for assignedToAssetUuud
create or replace function hs_hosting_asset_type_hierarchy_check_tf() create or replace function hs_hosting.asset_type_hierarchy_check_tf()
returns trigger returns trigger
language plpgsql as $$ language plpgsql as $$
declare declare
actualParentType HsHostingAssetType; actualParentType hs_hosting.AssetType;
expectedParentType HsHostingAssetType; expectedParentType hs_hosting.AssetType;
begin begin
if NEW.parentAssetUuid is not null then if NEW.parentAssetUuid is not null then
actualParentType := (select type actualParentType := (select type
from hs_hosting_asset from hs_hosting.asset
where NEW.parentAssetUuid = uuid); where NEW.parentAssetUuid = uuid);
end if; end if;
@ -104,10 +104,10 @@ begin
return NEW; return NEW;
end; $$; end; $$;
create trigger hs_hosting_asset_type_hierarchy_check_tg create trigger hosting_asset_type_hierarchy_check_tg
before insert on hs_hosting_asset before insert on hs_hosting.asset
for each row for each row
execute procedure hs_hosting_asset_type_hierarchy_check_tf(); execute procedure hs_hosting.asset_type_hierarchy_check_tf();
--// --//
@ -116,7 +116,7 @@ create trigger hs_hosting_asset_type_hierarchy_check_tg
--changeset michael.hoennig:hosting-asset-system-sequences endDelimiter:--// --changeset michael.hoennig:hosting-asset-system-sequences endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
CREATE SEQUENCE IF NOT EXISTS hs_hosting_asset_unixuser_system_id_seq CREATE SEQUENCE IF NOT EXISTS hs_hosting.asset_unixuser_system_id_seq
AS integer AS integer
MINVALUE 1000000 MINVALUE 1000000
MAXVALUE 9999999 MAXVALUE 9999999
@ -130,15 +130,15 @@ CREATE SEQUENCE IF NOT EXISTS hs_hosting_asset_unixuser_system_id_seq
--changeset michael.hoennig:hosting-asset-BOOKING-ITEM-HIERARCHY-CHECK endDelimiter:--// --changeset michael.hoennig:hosting-asset-BOOKING-ITEM-HIERARCHY-CHECK endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
create or replace function hs_hosting_asset_booking_item_hierarchy_check_tf() create or replace function hs_hosting.asset_booking_item_hierarchy_check_tf()
returns trigger returns trigger
language plpgsql as $$ language plpgsql as $$
declare declare
actualBookingItemType HsBookingItemType; actualBookingItemType hs_booking.ItemType;
expectedBookingItemType HsBookingItemType; expectedBookingItemType hs_booking.ItemType;
begin begin
actualBookingItemType := (select type actualBookingItemType := (select type
from hs_booking_item from hs_booking.item
where NEW.bookingItemUuid = uuid); where NEW.bookingItemUuid = uuid);
if NEW.type = 'CLOUD_SERVER' then if NEW.type = 'CLOUD_SERVER' then
@ -156,24 +156,24 @@ begin
return NEW; return NEW;
end; $$; end; $$;
create trigger hs_hosting_asset_booking_item_hierarchy_check_tg create trigger hosting_asset_booking_item_hierarchy_check_tg
before insert on hs_hosting_asset before insert on hs_hosting.asset
for each row for each row
execute procedure hs_hosting_asset_booking_item_hierarchy_check_tf(); execute procedure hs_hosting.asset_booking_item_hierarchy_check_tf();
--// --//
-- ============================================================================ -- ============================================================================
--changeset michael.hoennig:hs-hosting-asset-MAIN-TABLE-JOURNAL endDelimiter:--// --changeset michael.hoennig:hs-hosting-asset-MAIN-TABLE-JOURNAL endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call base.create_journal('hs_hosting_asset'); call base.create_journal('hs_hosting.asset');
--// --//
-- ============================================================================ -- ============================================================================
--changeset michael.hoennig:hs-hosting-asset-MAIN-TABLE-HISTORIZATION endDelimiter:--// --changeset michael.hoennig:hs-hosting-asset-MAIN-TABLE-HISTORIZATION endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call base.tx_create_historicization('hs_hosting_asset'); call base.tx_create_historicization('hs_hosting.asset');
--// --//

88
src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7013-hs-hosting-asset-rbac.sql
View File

@ -5,14 +5,14 @@
-- ============================================================================ -- ============================================================================
--changeset RbacObjectGenerator:hs-hosting-asset-rbac-OBJECT endDelimiter:--// --changeset RbacObjectGenerator:hs-hosting-asset-rbac-OBJECT endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call rbac.generateRelatedRbacObject('hs_hosting_asset'); call rbac.generateRelatedRbacObject('hs_hosting.asset');
--// --//
-- ============================================================================ -- ============================================================================
--changeset RbacRoleDescriptorsGenerator:hs-hosting-asset-rbac-ROLE-DESCRIPTORS endDelimiter:--// --changeset RbacRoleDescriptorsGenerator:hs-hosting-asset-rbac-ROLE-DESCRIPTORS endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call rbac.generateRbacRoleDescriptors('hsHostingAsset', 'hs_hosting_asset'); call rbac.generateRbacRoleDescriptors('hs_hosting.asset');
--// --//
@ -24,66 +24,66 @@ call rbac.generateRbacRoleDescriptors('hsHostingAsset', 'hs_hosting_asset');
Creates the roles, grants and permission for the AFTER INSERT TRIGGER. Creates the roles, grants and permission for the AFTER INSERT TRIGGER.
*/ */
create or replace procedure hs_hosting_asset_build_rbac_system( create or replace procedure hs_hosting.asset_build_rbac_system(
NEW hs_hosting_asset NEW hs_hosting.asset
) )
language plpgsql as $$ language plpgsql as $$
declare declare
newBookingItem hs_booking_item; newBookingItem hs_booking.item;
newAssignedToAsset hs_hosting_asset; newAssignedToAsset hs_hosting.asset;
newAlarmContact hs_office.contact; newAlarmContact hs_office.contact;
newParentAsset hs_hosting_asset; newParentAsset hs_hosting.asset;
begin begin
call rbac.enterTriggerForObjectUuid(NEW.uuid); call rbac.enterTriggerForObjectUuid(NEW.uuid);
SELECT * FROM hs_booking_item WHERE uuid = NEW.bookingItemUuid INTO newBookingItem; SELECT * FROM hs_booking.item WHERE uuid = NEW.bookingItemUuid INTO newBookingItem;
SELECT * FROM hs_hosting_asset WHERE uuid = NEW.assignedToAssetUuid INTO newAssignedToAsset; SELECT * FROM hs_hosting.asset WHERE uuid = NEW.assignedToAssetUuid INTO newAssignedToAsset;
SELECT * FROM hs_office.contact WHERE uuid = NEW.alarmContactUuid INTO newAlarmContact; SELECT * FROM hs_office.contact WHERE uuid = NEW.alarmContactUuid INTO newAlarmContact;
SELECT * FROM hs_hosting_asset WHERE uuid = NEW.parentAssetUuid INTO newParentAsset; SELECT * FROM hs_hosting.asset WHERE uuid = NEW.parentAssetUuid INTO newParentAsset;
perform rbac.defineRoleWithGrants( perform rbac.defineRoleWithGrants(
hsHostingAssetOWNER(NEW), hs_hosting.asset_OWNER(NEW),
permissions => array['DELETE'], permissions => array['DELETE'],
incomingSuperRoles => array[ incomingSuperRoles => array[
hsBookingItemADMIN(newBookingItem), hs_booking.item_ADMIN(newBookingItem),
hsHostingAssetADMIN(newParentAsset), hs_hosting.asset_ADMIN(newParentAsset),
rbac.globalADMIN(rbac.unassumed())], rbac.global_ADMIN(rbac.unassumed())],
subjectUuids => array[rbac.currentSubjectUuid()] subjectUuids => array[rbac.currentSubjectUuid()]
); );
perform rbac.defineRoleWithGrants( perform rbac.defineRoleWithGrants(
hsHostingAssetADMIN(NEW), hs_hosting.asset_ADMIN(NEW),
permissions => array['UPDATE'], permissions => array['UPDATE'],
incomingSuperRoles => array[ incomingSuperRoles => array[
hsBookingItemAGENT(newBookingItem), hs_booking.item_AGENT(newBookingItem),
hsHostingAssetAGENT(newParentAsset), hs_hosting.asset_AGENT(newParentAsset),
hsHostingAssetOWNER(NEW)] hs_hosting.asset_OWNER(NEW)]
); );
perform rbac.defineRoleWithGrants( perform rbac.defineRoleWithGrants(
hsHostingAssetAGENT(NEW), hs_hosting.asset_AGENT(NEW),
incomingSuperRoles => array[ incomingSuperRoles => array[
hsHostingAssetADMIN(NEW), hs_hosting.asset_ADMIN(NEW),
hsHostingAssetAGENT(newAssignedToAsset)], hs_hosting.asset_AGENT(newAssignedToAsset)],
outgoingSubRoles => array[ outgoingSubRoles => array[
hsHostingAssetTENANT(newAssignedToAsset), hs_hosting.asset_TENANT(newAssignedToAsset),
hsOfficeContactREFERRER(newAlarmContact)] hs_office.contact_REFERRER(newAlarmContact)]
); );
perform rbac.defineRoleWithGrants( perform rbac.defineRoleWithGrants(
hsHostingAssetTENANT(NEW), hs_hosting.asset_TENANT(NEW),
permissions => array['SELECT'], permissions => array['SELECT'],
incomingSuperRoles => array[ incomingSuperRoles => array[
hsHostingAssetAGENT(NEW), hs_hosting.asset_AGENT(NEW),
hsOfficeContactADMIN(newAlarmContact)], hs_office.contact_ADMIN(newAlarmContact)],
outgoingSubRoles => array[ outgoingSubRoles => array[
hsBookingItemTENANT(newBookingItem), hs_booking.item_TENANT(newBookingItem),
hsHostingAssetTENANT(newParentAsset)] hs_hosting.asset_TENANT(newParentAsset)]
); );
IF NEW.type = 'DOMAIN_SETUP' THEN IF NEW.type = 'DOMAIN_SETUP' THEN
@ -93,22 +93,22 @@ begin
end; $$; end; $$;
/* /*
AFTER INSERT TRIGGER to create the role+grant structure for a new hs_hosting_asset row. AFTER INSERT TRIGGER to create the role+grant structure for a new hs_hosting.asset row.
*/ */
create or replace function hs_hosting_asset_build_rbac_system_after_insert_tf() create or replace function hs_hosting.asset_build_rbac_system_after_insert_tf()
returns trigger returns trigger
language plpgsql language plpgsql
strict as $$ strict as $$
begin begin
call hs_hosting_asset_build_rbac_system(NEW); call hs_hosting.asset_build_rbac_system(NEW);
return NEW; return NEW;
end; $$; end; $$;
create trigger build_rbac_system_after_insert_tg create trigger build_rbac_system_after_insert_tg
after insert on hs_hosting_asset after insert on hs_hosting.asset
for each row for each row
execute procedure hs_hosting_asset_build_rbac_system_after_insert_tf(); execute procedure hs_hosting.asset_build_rbac_system_after_insert_tf();
--// --//
@ -120,9 +120,9 @@ execute procedure hs_hosting_asset_build_rbac_system_after_insert_tf();
Called from the AFTER UPDATE TRIGGER to re-wire the grants. Called from the AFTER UPDATE TRIGGER to re-wire the grants.
*/ */
create or replace procedure hs_hosting_asset_update_rbac_system( create or replace procedure hs_hosting.asset_update_rbac_system(
OLD hs_hosting_asset, OLD hs_hosting.asset,
NEW hs_hosting_asset NEW hs_hosting.asset
) )
language plpgsql as $$ language plpgsql as $$
begin begin
@ -130,27 +130,27 @@ begin
if NEW.assignedToAssetUuid is distinct from OLD.assignedToAssetUuid if NEW.assignedToAssetUuid is distinct from OLD.assignedToAssetUuid
or NEW.alarmContactUuid is distinct from OLD.alarmContactUuid then or NEW.alarmContactUuid is distinct from OLD.alarmContactUuid then
delete from rbac.grants g where g.grantedbytriggerof = OLD.uuid; delete from rbac.grants g where g.grantedbytriggerof = OLD.uuid;
call hs_hosting_asset_build_rbac_system(NEW); call hs_hosting.asset_build_rbac_system(NEW);
end if; end if;
end; $$; end; $$;
/* /*
AFTER UPDATE TRIGGER to re-wire the grant structure for a new hs_hosting_asset row. AFTER UPDATE TRIGGER to re-wire the grant structure for a new hs_hosting.asset row.
*/ */
create or replace function hs_hosting_asset_update_rbac_system_after_update_tf() create or replace function hs_hosting.asset_update_rbac_system_after_update_tf()
returns trigger returns trigger
language plpgsql language plpgsql
strict as $$ strict as $$
begin begin
call hs_hosting_asset_update_rbac_system(OLD, NEW); call hs_hosting.asset_update_rbac_system(OLD, NEW);
return NEW; return NEW;
end; $$; end; $$;
create trigger update_rbac_system_after_update_tg create trigger update_rbac_system_after_update_tg
after update on hs_hosting_asset after update on hs_hosting.asset
for each row for each row
execute procedure hs_hosting_asset_update_rbac_system_after_update_tf(); execute procedure hs_hosting.asset_update_rbac_system_after_update_tf();
--// --//
@ -158,7 +158,7 @@ execute procedure hs_hosting_asset_update_rbac_system_after_update_tf();
--changeset RbacIdentityViewGenerator:hs-hosting-asset-rbac-IDENTITY-VIEW endDelimiter:--// --changeset RbacIdentityViewGenerator:hs-hosting-asset-rbac-IDENTITY-VIEW endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call rbac.generateRbacIdentityViewFromProjection('hs_hosting_asset', call rbac.generateRbacIdentityViewFromProjection('hs_hosting.asset',
$idName$ $idName$
identifier identifier
$idName$); $idName$);
@ -168,7 +168,7 @@ call rbac.generateRbacIdentityViewFromProjection('hs_hosting_asset',
-- ============================================================================ -- ============================================================================
--changeset RbacRestrictedViewGenerator:hs-hosting-asset-rbac-RESTRICTED-VIEW endDelimiter:--// --changeset RbacRestrictedViewGenerator:hs-hosting-asset-rbac-RESTRICTED-VIEW endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call rbac.generateRbacRestrictedView('hs_hosting_asset', call rbac.generateRbacRestrictedView('hs_hosting.asset',
$orderBy$ $orderBy$
identifier identifier
$orderBy$, $orderBy$,

38
src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7016-hs-hosting-asset-migration.sql
View File

@ -7,9 +7,9 @@
--changeset hs-hosting-asset-MIGRATION-mapping:1 endDelimiter:--// --changeset hs-hosting-asset-MIGRATION-mapping:1 endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
CREATE TABLE hs_hosting_asset_legacy_id CREATE TABLE hs_hosting.asset_legacy_id
( (
uuid uuid NOT NULL REFERENCES hs_hosting_asset(uuid), uuid uuid NOT NULL REFERENCES hs_hosting.asset(uuid),
legacy_id integer NOT NULL legacy_id integer NOT NULL
); );
--// --//
@ -19,10 +19,10 @@ CREATE TABLE hs_hosting_asset_legacy_id
--changeset hs-hosting-asset-MIGRATION-sequence:1 endDelimiter:--// --changeset hs-hosting-asset-MIGRATION-sequence:1 endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
CREATE SEQUENCE IF NOT EXISTS hs_hosting_asset_legacy_id_seq CREATE SEQUENCE IF NOT EXISTS hs_hosting.asset_legacy_id_seq
AS integer AS integer
START 1000000000 START 1000000000
OWNED BY hs_hosting_asset_legacy_id.legacy_id; OWNED BY hs_hosting.asset_legacy_id.legacy_id;
--// --//
@ -30,9 +30,9 @@ CREATE SEQUENCE IF NOT EXISTS hs_hosting_asset_legacy_id_seq
--changeset hs-hosting-asset-MIGRATION-default:1 endDelimiter:--// --changeset hs-hosting-asset-MIGRATION-default:1 endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
ALTER TABLE hs_hosting_asset_legacy_id ALTER TABLE hs_hosting.asset_legacy_id
ALTER COLUMN legacy_id ALTER COLUMN legacy_id
SET DEFAULT nextVal('hs_hosting_asset_legacy_id_seq'); SET DEFAULT nextVal('hs_hosting.asset_legacy_id_seq');
--/ --/
@ -41,15 +41,15 @@ ALTER TABLE hs_hosting_asset_legacy_id
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
CALL base.defineContext('schema-migration'); CALL base.defineContext('schema-migration');
INSERT INTO hs_hosting_asset_legacy_id(uuid, legacy_id) INSERT INTO hs_hosting.asset_legacy_id(uuid, legacy_id)
SELECT uuid, nextVal('hs_hosting_asset_legacy_id_seq') FROM hs_hosting_asset; SELECT uuid, nextVal('hs_hosting.asset_legacy_id_seq') FROM hs_hosting.asset;
--/ --/
-- ============================================================================ -- ============================================================================
--changeset hs-hosting-asset-MIGRATION-insert-trigger:1 endDelimiter:--// --changeset hs-hosting-asset-MIGRATION-insert-trigger:1 endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
create or replace function insertassetLegacyIdMapping() create or replace function hs_hosting.asset_insert_legacy_id_mapping_tf()
returns trigger returns trigger
language plpgsql language plpgsql
strict as $$ strict as $$
@ -58,23 +58,23 @@ begin
raise exception 'invalid usage of trigger'; raise exception 'invalid usage of trigger';
end if; end if;
INSERT INTO hs_hosting_asset_legacy_id VALUES INSERT INTO hs_hosting.asset_legacy_id VALUES
(NEW.uuid, nextVal('hs_hosting_asset_legacy_id_seq')); (NEW.uuid, nextVal('hs_hosting.asset_legacy_id_seq'));
return NEW; return NEW;
end; $$; end; $$;
create trigger createassetLegacyIdMapping create trigger insert_legacy_id_mapping_tg
after insert on hs_hosting_asset after insert on hs_hosting.asset
for each row for each row
execute procedure insertassetLegacyIdMapping(); execute procedure hs_hosting.asset_insert_legacy_id_mapping_tf();
--/ --/
-- ============================================================================ -- ============================================================================
--changeset hs-hosting-asset-MIGRATION-delete-trigger:1 endDelimiter:--// --changeset hs-hosting-asset-MIGRATION-delete-trigger:1 endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
create or replace function deleteassetLegacyIdMapping_tf() create or replace function hs_hosting.asset_delete_legacy_id_mapping_tf()
returns trigger returns trigger
language plpgsql language plpgsql
strict as $$ strict as $$
@ -83,14 +83,14 @@ begin
raise exception 'invalid usage of trigger'; raise exception 'invalid usage of trigger';
end if; end if;
DELETE FROM hs_hosting_asset_legacy_id DELETE FROM hs_hosting.asset_legacy_id
WHERE uuid = OLD.uuid; WHERE uuid = OLD.uuid;
return OLD; return OLD;
end; $$; end; $$;
create trigger deleteassetLegacyIdMapping_tg create trigger delete_legacy_id_mapping_tg
before delete on hs_hosting_asset before delete on hs_hosting.asset
for each row for each row
execute procedure deleteassetLegacyIdMapping_tf(); execute procedure hs_hosting.asset_delete_legacy_id_mapping_tf();
--/ --/

36
src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7018-hs-hosting-asset-test-data.sql
View File

@ -6,23 +6,23 @@
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
/* /*
Creates a single hs_hosting_asset test record. Creates a single hs_hosting.asset test record.
*/ */
create or replace procedure createHsHostingAssetTestData(givenProjectCaption varchar) create or replace procedure hs_hosting.asset_create_test_data(givenProjectCaption varchar)
language plpgsql as $$ language plpgsql as $$
declare declare
relatedProject hs_booking_project; relatedProject hs_booking.project;
relatedDebitor hs_office.debitor; relatedDebitor hs_office.debitor;
privateCloudBI hs_booking_item; privateCloudBI hs_booking.item;
managedServerBI hs_booking_item; managedServerBI hs_booking.item;
cloudServerBI hs_booking_item; cloudServerBI hs_booking.item;
managedWebspaceBI hs_booking_item; managedWebspaceBI hs_booking.item;
debitorNumberSuffix varchar; debitorNumberSuffix varchar;
defaultPrefix varchar; defaultPrefix varchar;
managedServerUuid uuid; managedServerUuid uuid;
managedWebspaceUuid uuid; managedWebspaceUuid uuid;
webUnixSubjectUuid uuid; webUnixSubjectUuid uuid;
mboxUnixSubjectUuid uuid; mboxUnixSubjectUuid uuid;
domainSetupUuid uuid; domainSetupUuid uuid;
domainMBoxSetupUuid uuid; domainMBoxSetupUuid uuid;
mariaDbInstanceUuid uuid; mariaDbInstanceUuid uuid;
@ -33,7 +33,7 @@ begin
call base.defineContext('creating hosting-asset test-data', null, 'superuser-alex@hostsharing.net', 'rbac.global#global:ADMIN'); call base.defineContext('creating hosting-asset test-data', null, 'superuser-alex@hostsharing.net', 'rbac.global#global:ADMIN');
select project.* into relatedProject select project.* into relatedProject
from hs_booking_project project from hs_booking.project project
where project.caption = givenProjectCaption; where project.caption = givenProjectCaption;
assert relatedProject.uuid is not null, 'relatedProject for "' || givenProjectCaption || '" must not be null'; assert relatedProject.uuid is not null, 'relatedProject for "' || givenProjectCaption || '" must not be null';
@ -43,25 +43,25 @@ begin
assert relatedDebitor.uuid is not null, 'relatedDebitor for "' || givenProjectCaption || '" must not be null'; assert relatedDebitor.uuid is not null, 'relatedDebitor for "' || givenProjectCaption || '" must not be null';
select item.* into privateCloudBI select item.* into privateCloudBI
from hs_booking_item item from hs_booking.item item
where item.projectUuid = relatedProject.uuid where item.projectUuid = relatedProject.uuid
and item.type = 'PRIVATE_CLOUD'; and item.type = 'PRIVATE_CLOUD';
assert privateCloudBI.uuid is not null, 'relatedPrivateCloudBookingItem for "' || givenProjectCaption|| '" must not be null'; assert privateCloudBI.uuid is not null, 'relatedPrivateCloudBookingItem for "' || givenProjectCaption|| '" must not be null';
select item.* into managedServerBI select item.* into managedServerBI
from hs_booking_item item from hs_booking.item item
where item.projectUuid = relatedProject.uuid where item.projectUuid = relatedProject.uuid
and item.type = 'MANAGED_SERVER'; and item.type = 'MANAGED_SERVER';
assert managedServerBI.uuid is not null, 'relatedManagedServerBookingItem for "' || givenProjectCaption|| '" must not be null'; assert managedServerBI.uuid is not null, 'relatedManagedServerBookingItem for "' || givenProjectCaption|| '" must not be null';
select item.* into cloudServerBI select item.* into cloudServerBI
from hs_booking_item item from hs_booking.item item
where item.parentItemuuid = privateCloudBI.uuid where item.parentItemuuid = privateCloudBI.uuid
and item.type = 'CLOUD_SERVER'; and item.type = 'CLOUD_SERVER';
assert cloudServerBI.uuid is not null, 'relatedCloudServerBookingItem for "' || givenProjectCaption|| '" must not be null'; assert cloudServerBI.uuid is not null, 'relatedCloudServerBookingItem for "' || givenProjectCaption|| '" must not be null';
select item.* into managedWebspaceBI select item.* into managedWebspaceBI
from hs_booking_item item from hs_booking.item item
where item.projectUuid = relatedProject.uuid where item.projectUuid = relatedProject.uuid
and item.type = 'MANAGED_WEBSPACE'; and item.type = 'MANAGED_WEBSPACE';
assert managedWebspaceBI.uuid is not null, 'relatedManagedWebspaceBookingItem for "' || givenProjectCaption|| '" must not be null'; assert managedWebspaceBI.uuid is not null, 'relatedManagedWebspaceBookingItem for "' || givenProjectCaption|| '" must not be null';
@ -79,7 +79,7 @@ begin
debitorNumberSuffix := relatedDebitor.debitorNumberSuffix; debitorNumberSuffix := relatedDebitor.debitorNumberSuffix;
defaultPrefix := relatedDebitor.defaultPrefix; defaultPrefix := relatedDebitor.defaultPrefix;
insert into hs_hosting_asset insert into hs_hosting.asset
(uuid, bookingitemuuid, type, parentAssetUuid, assignedToAssetUuid, identifier, caption, config) (uuid, bookingitemuuid, type, parentAssetUuid, assignedToAssetUuid, identifier, caption, config)
values values
(managedServerUuid, managedServerBI.uuid, 'MANAGED_SERVER', null, null, 'vm10' || debitorNumberSuffix, 'some ManagedServer', '{ "monit_max_cpu_usage": 90, "monit_max_ram_usage": 80, "monit_max_ssd_usage": 70 }'::jsonb), (managedServerUuid, managedServerBI.uuid, 'MANAGED_SERVER', null, null, 'vm10' || debitorNumberSuffix, 'some ManagedServer', '{ "monit_max_cpu_usage": 90, "monit_max_ram_usage": 80, "monit_max_ssd_usage": 70 }'::jsonb),
@ -112,9 +112,9 @@ do language plpgsql $$
begin begin
call base.defineContext('creating hosting-asset test-data', null, 'superuser-alex@hostsharing.net', 'rbac.global#global:ADMIN'); call base.defineContext('creating hosting-asset test-data', null, 'superuser-alex@hostsharing.net', 'rbac.global#global:ADMIN');
call createHsHostingAssetTestData('D-1000111 default project'); call hs_hosting.asset_create_test_data('D-1000111 default project');
call createHsHostingAssetTestData('D-1000212 default project'); call hs_hosting.asset_create_test_data('D-1000212 default project');
call createHsHostingAssetTestData('D-1000313 default project'); call hs_hosting.asset_create_test_data('D-1000313 default project');
end; end;
$$; $$;
--// --//

8
src/main/resources/db/changelog/9-hs-global/9000-statistics.sql
View File

@ -12,12 +12,12 @@ select *
from rbac.object from rbac.object
group by objecttable group by objecttable
union all union all
select to_char(count(*)::int, '9 999 999 999'), 'objects', 'hs_hosting_asset', type::text select to_char(count(*)::int, '9 999 999 999'), 'objects', 'hs_hosting.asset', type::text
from hs_hosting_asset from hs_hosting.asset
group by type group by type
union all union all
select to_char(count(*)::int, '9 999 999 999'), 'objects', 'hs_booking_item', type::text select to_char(count(*)::int, '9 999 999 999'), 'objects', 'hs_booking.item', type::text
from hs_booking_item from hs_booking.item
group by type group by type
) as totals order by replace(count, ' ', '')::int desc; ) as totals order by replace(count, ' ', '')::int desc;
--// --//

4
src/main/resources/db/changelog/db.changelog-master.yaml
View File

@ -143,6 +143,8 @@ databaseChangeLog:
file: db/changelog/5-hs-office/512-coopassets/5126-hs-office-coopassets-migration.sql file: db/changelog/5-hs-office/512-coopassets/5126-hs-office-coopassets-migration.sql
- include: - include:
file: db/changelog/5-hs-office/512-coopassets/5128-hs-office-coopassets-test-data.sql file: db/changelog/5-hs-office/512-coopassets/5128-hs-office-coopassets-test-data.sql
- include:
file: db/changelog/6-hs-booking/600-hs-booking-schema.sql
- include: - include:
file: db/changelog/6-hs-booking/610-booking-debitor/6100-hs-booking-debitor.sql file: db/changelog/6-hs-booking/610-booking-debitor/6100-hs-booking-debitor.sql
- include: - include:
@ -157,6 +159,8 @@ databaseChangeLog:
file: db/changelog/6-hs-booking/630-booking-item/6303-hs-booking-item-rbac.sql file: db/changelog/6-hs-booking/630-booking-item/6303-hs-booking-item-rbac.sql
- include: - include:
file: db/changelog/6-hs-booking/630-booking-item/6308-hs-booking-item-test-data.sql file: db/changelog/6-hs-booking/630-booking-item/6308-hs-booking-item-test-data.sql
- include:
file: db/changelog/7-hs-hosting/700-hs-hosting-schema.sql
- include: - include:
file: db/changelog/7-hs-hosting/701-hosting-asset/7010-hs-hosting-asset.sql file: db/changelog/7-hs-hosting/701-hosting-asset/7010-hs-hosting-asset.sql
- include: - include:

4
src/test/java/net/hostsharing/hsadminng/hs/booking/item/HsBookingItemControllerAcceptanceTest.java
View File

@ -251,7 +251,7 @@ class HsBookingItemControllerAcceptanceTest extends ContextBasedTestWithCleanup
RestAssured // @formatter:off RestAssured // @formatter:off
.given() .given()
.header("current-subject", "superuser-alex@hostsharing.net") .header("current-subject", "superuser-alex@hostsharing.net")
.header("assumed-roles", "hs_booking_project#D-1000313-D-1000313defaultproject:ADMIN") .header("assumed-roles", "hs_booking.project#D-1000313-D-1000313defaultproject:ADMIN")
.port(port) .port(port)
.when() .when()
.get("http://localhost/api/hs/booking/items/" + givenBookingItem.getUuid()) .get("http://localhost/api/hs/booking/items/" + givenBookingItem.getUuid())
@ -295,7 +295,7 @@ class HsBookingItemControllerAcceptanceTest extends ContextBasedTestWithCleanup
RestAssured // @formatter:off RestAssured // @formatter:off
.given() .given()
.header("current-subject", "superuser-alex@hostsharing.net") .header("current-subject", "superuser-alex@hostsharing.net")
.header("assumed-roles", "hs_booking_project#D-1000111-D-1000111defaultproject:AGENT") .header("assumed-roles", "hs_booking.project#D-1000111-D-1000111defaultproject:AGENT")
.contentType(ContentType.JSON) .contentType(ContentType.JSON)
.body(""" .body("""
{ {

60
src/test/java/net/hostsharing/hsadminng/hs/booking/item/HsBookingItemRepositoryIntegrationTest.java
View File

@ -70,7 +70,7 @@ class HsBookingItemRepositoryIntegrationTest extends ContextBasedTestWithCleanup
final var query = em.createNativeQuery(""" final var query = em.createNativeQuery("""
select currentTask, targetTable, targetOp, targetdelta->>'caption' select currentTask, targetTable, targetOp, targetdelta->>'caption'
from base.tx_journal_v from base.tx_journal_v
where targettable = 'hs_booking_item'; where targettable = 'hs_booking.item';
"""); """);
// when // when
@ -78,13 +78,13 @@ class HsBookingItemRepositoryIntegrationTest extends ContextBasedTestWithCleanup
// then // then
assertThat(customerLogEntries).map(Arrays::toString).contains( assertThat(customerLogEntries).map(Arrays::toString).contains(
"[creating booking-item test-data, hs_booking_item, INSERT, prod CloudServer]", "[creating booking-item test-data, hs_booking.item, INSERT, prod CloudServer]",
"[creating booking-item test-data, hs_booking_item, INSERT, separate ManagedServer]", "[creating booking-item test-data, hs_booking.item, INSERT, separate ManagedServer]",
"[creating booking-item test-data, hs_booking_item, INSERT, separate ManagedWebspace]", "[creating booking-item test-data, hs_booking.item, INSERT, separate ManagedWebspace]",
"[creating booking-item test-data, hs_booking_item, INSERT, some ManagedServer]", "[creating booking-item test-data, hs_booking.item, INSERT, some ManagedServer]",
"[creating booking-item test-data, hs_booking_item, INSERT, some ManagedWebspace]", "[creating booking-item test-data, hs_booking.item, INSERT, some ManagedWebspace]",
"[creating booking-item test-data, hs_booking_item, INSERT, some PrivateCloud]", "[creating booking-item test-data, hs_booking.item, INSERT, some PrivateCloud]",
"[creating booking-item test-data, hs_booking_item, INSERT, test CloudServer]"); "[creating booking-item test-data, hs_booking.item, INSERT, test CloudServer]");
} }
@Test @Test
@ -92,7 +92,7 @@ class HsBookingItemRepositoryIntegrationTest extends ContextBasedTestWithCleanup
// given // given
final String nativeQuerySql = """ final String nativeQuerySql = """
select count(*) select count(*)
from hs_booking_item_hv ha; from hs_booking.item_hv ha;
"""; """;
// when // when
@ -101,7 +101,7 @@ class HsBookingItemRepositoryIntegrationTest extends ContextBasedTestWithCleanup
@SuppressWarnings("unchecked") final var countBefore = (Integer) query.getSingleResult(); @SuppressWarnings("unchecked") final var countBefore = (Integer) query.getSingleResult();
// then // then
assertThat(countBefore).as("hs_booking_item should not contain rows for a timestamp in the past").isEqualTo(0); assertThat(countBefore).as("hs_booking.item should not contain rows for a timestamp in the past").isEqualTo(0);
// and when // and when
historicalContext(Timestamp.from(ZonedDateTime.now().plusHours(1).toInstant())); historicalContext(Timestamp.from(ZonedDateTime.now().plusHours(1).toInstant()));
@ -109,7 +109,7 @@ class HsBookingItemRepositoryIntegrationTest extends ContextBasedTestWithCleanup
@SuppressWarnings("unchecked") final var countAfter = (Integer) query.getSingleResult(); @SuppressWarnings("unchecked") final var countAfter = (Integer) query.getSingleResult();
// then // then
assertThat(countAfter).as("hs_booking_item should contain rows for a timestamp in the future").isGreaterThan(1); assertThat(countAfter).as("hs_booking.item should contain rows for a timestamp in the future").isGreaterThan(1);
} }
@Nested @Nested
@ -167,32 +167,32 @@ class HsBookingItemRepositoryIntegrationTest extends ContextBasedTestWithCleanup
final var all = rawRoleRepo.findAll(); final var all = rawRoleRepo.findAll();
assertThat(distinctRoleNamesOf(all)).containsExactlyInAnyOrder(Array.from( assertThat(distinctRoleNamesOf(all)).containsExactlyInAnyOrder(Array.from(
initialRoleNames, initialRoleNames,
"hs_booking_item#somenewbookingitem:ADMIN", "hs_booking.item#somenewbookingitem:ADMIN",
"hs_booking_item#somenewbookingitem:AGENT", "hs_booking.item#somenewbookingitem:AGENT",
"hs_booking_item#somenewbookingitem:OWNER", "hs_booking.item#somenewbookingitem:OWNER",
"hs_booking_item#somenewbookingitem:TENANT")); "hs_booking.item#somenewbookingitem:TENANT"));
assertThat(distinctGrantDisplaysOf(rawGrantRepo.findAll())) assertThat(distinctGrantDisplaysOf(rawGrantRepo.findAll()))
.containsExactlyInAnyOrder(fromFormatted( .containsExactlyInAnyOrder(fromFormatted(
initialGrantNames, initialGrantNames,
// rbac.global-admin // rbac.global-admin
"{ grant perm:hs_booking_item#somenewbookingitem:INSERT>hs_booking_item to role:hs_booking_item#somenewbookingitem:ADMIN by system and assume }", "{ grant perm:hs_booking.item#somenewbookingitem:INSERT>hs_booking.item to role:hs_booking.item#somenewbookingitem:ADMIN by system and assume }",
"{ grant perm:hs_booking_item#somenewbookingitem:DELETE to role:rbac.global#global:ADMIN by system and assume }", "{ grant perm:hs_booking.item#somenewbookingitem:DELETE to role:rbac.global#global:ADMIN by system and assume }",
// owner // owner
"{ grant role:hs_booking_item#somenewbookingitem:OWNER to role:hs_booking_project#D-1000111-D-1000111defaultproject:AGENT by system and assume }", "{ grant role:hs_booking.item#somenewbookingitem:OWNER to role:hs_booking.project#D-1000111-D-1000111defaultproject:AGENT by system and assume }",
// admin // admin
"{ grant perm:hs_booking_item#somenewbookingitem:UPDATE to role:hs_booking_item#somenewbookingitem:ADMIN by system and assume }", "{ grant perm:hs_booking.item#somenewbookingitem:UPDATE to role:hs_booking.item#somenewbookingitem:ADMIN by system and assume }",
"{ grant role:hs_booking_item#somenewbookingitem:ADMIN to role:hs_booking_item#somenewbookingitem:OWNER by system and assume }", "{ grant role:hs_booking.item#somenewbookingitem:ADMIN to role:hs_booking.item#somenewbookingitem:OWNER by system and assume }",
// agent // agent
"{ grant role:hs_booking_item#somenewbookingitem:AGENT to role:hs_booking_item#somenewbookingitem:ADMIN by system and assume }", "{ grant role:hs_booking.item#somenewbookingitem:AGENT to role:hs_booking.item#somenewbookingitem:ADMIN by system and assume }",
// tenant // tenant
"{ grant role:hs_booking_item#somenewbookingitem:TENANT to role:hs_booking_item#somenewbookingitem:AGENT by system and assume }", "{ grant role:hs_booking.item#somenewbookingitem:TENANT to role:hs_booking.item#somenewbookingitem:AGENT by system and assume }",
"{ grant perm:hs_booking_item#somenewbookingitem:SELECT to role:hs_booking_item#somenewbookingitem:TENANT by system and assume }", "{ grant perm:hs_booking.item#somenewbookingitem:SELECT to role:hs_booking.item#somenewbookingitem:TENANT by system and assume }",
"{ grant role:hs_booking_project#D-1000111-D-1000111defaultproject:TENANT to role:hs_booking_item#somenewbookingitem:TENANT by system and assume }", "{ grant role:hs_booking.project#D-1000111-D-1000111defaultproject:TENANT to role:hs_booking.item#somenewbookingitem:TENANT by system and assume }",
null)); null));
} }
@ -230,7 +230,7 @@ class HsBookingItemRepositoryIntegrationTest extends ContextBasedTestWithCleanup
// given: // given:
context("person-FirbySusan@example.com"); context("person-FirbySusan@example.com");
final var debitor = debitorRepo.findDebitorByDebitorNumber(1000111); final var debitor = debitorRepo.findDebitorByDebitorNumber(1000111);
context("person-FirbySusan@example.com", "hs_booking_project#D-1000111-D-1000111defaultproject:OWNER"); context("person-FirbySusan@example.com", "hs_booking.project#D-1000111-D-1000111defaultproject:OWNER");
final var projectUuid = debitor.stream() final var projectUuid = debitor.stream()
.map(d -> realProjectRepo.findAllByDebitorUuid(d.getUuid())) .map(d -> realProjectRepo.findAllByDebitorUuid(d.getUuid()))
.flatMap(List::stream) .flatMap(List::stream)
@ -258,7 +258,7 @@ class HsBookingItemRepositoryIntegrationTest extends ContextBasedTestWithCleanup
// when // when
final var result = jpaAttempt.transacted(() -> { final var result = jpaAttempt.transacted(() -> {
context("superuser-alex@hostsharing.net", "hs_booking_project#D-1000111-D-1000111defaultproject:AGENT"); context("superuser-alex@hostsharing.net", "hs_booking.project#D-1000111-D-1000111defaultproject:AGENT");
final var foundBookingItem = em.find(HsBookingItemRbacEntity.class, givenBookingItemUuid); final var foundBookingItem = em.find(HsBookingItemRbacEntity.class, givenBookingItemUuid);
foundBookingItem.getResources().put("CPU", 2); foundBookingItem.getResources().put("CPU", 2);
foundBookingItem.getResources().remove("SSD-storage"); foundBookingItem.getResources().remove("SSD-storage");
@ -311,12 +311,12 @@ class HsBookingItemRepositoryIntegrationTest extends ContextBasedTestWithCleanup
@Test @Test
public void nonGlobalAdmin_canNotDeleteTheirRelatedBookingItem() { public void nonGlobalAdmin_canNotDeleteTheirRelatedBookingItem() {
// given // given
context("superuser-alex@hostsharing.net", "hs_booking_project#D-1000111-D-1000111defaultproject:AGENT"); context("superuser-alex@hostsharing.net", "hs_booking.project#D-1000111-D-1000111defaultproject:AGENT");
final var givenBookingItem = givenSomeTemporaryBookingItem("D-1000111 default project"); final var givenBookingItem = givenSomeTemporaryBookingItem("D-1000111 default project");
// when // when
final var result = jpaAttempt.transacted(() -> { final var result = jpaAttempt.transacted(() -> {
context("person-FirbySusan@example.com", "hs_booking_project#D-1000111-D-1000111defaultproject:AGENT"); context("person-FirbySusan@example.com", "hs_booking.project#D-1000111-D-1000111defaultproject:AGENT");
assertThat(rbacBookingItemRepo.findByUuid(givenBookingItem.getUuid())).isPresent(); assertThat(rbacBookingItemRepo.findByUuid(givenBookingItem.getUuid())).isPresent();
rbacBookingItemRepo.deleteByUuid(givenBookingItem.getUuid()); rbacBookingItemRepo.deleteByUuid(givenBookingItem.getUuid());
@ -325,7 +325,7 @@ class HsBookingItemRepositoryIntegrationTest extends ContextBasedTestWithCleanup
// then // then
result.assertExceptionWithRootCauseMessage( result.assertExceptionWithRootCauseMessage(
JpaSystemException.class, JpaSystemException.class,
"[403] Subject ", " is not allowed to delete hs_booking_item"); "[403] Subject ", " is not allowed to delete hs_booking.item");
assertThat(jpaAttempt.transacted(() -> { assertThat(jpaAttempt.transacted(() -> {
context("superuser-alex@hostsharing.net"); context("superuser-alex@hostsharing.net");
return rbacBookingItemRepo.findByUuid(givenBookingItem.getUuid()); return rbacBookingItemRepo.findByUuid(givenBookingItem.getUuid());
@ -335,7 +335,7 @@ class HsBookingItemRepositoryIntegrationTest extends ContextBasedTestWithCleanup
@Test @Test
public void deletingABookingItemAlsoDeletesRelatedRolesAndGrants() { public void deletingABookingItemAlsoDeletesRelatedRolesAndGrants() {
// given // given
context("superuser-alex@hostsharing.net", "hs_booking_project#D-1000111-D-1000111defaultproject:AGENT"); context("superuser-alex@hostsharing.net", "hs_booking.project#D-1000111-D-1000111defaultproject:AGENT");
final var initialRoleNames = Array.from(distinctRoleNamesOf(rawRoleRepo.findAll())); final var initialRoleNames = Array.from(distinctRoleNamesOf(rawRoleRepo.findAll()));
final var initialGrantNames = Array.from(distinctGrantDisplaysOf(rawGrantRepo.findAll())); final var initialGrantNames = Array.from(distinctGrantDisplaysOf(rawGrantRepo.findAll()));
final var givenBookingItem = givenSomeTemporaryBookingItem("D-1000111 default project"); final var givenBookingItem = givenSomeTemporaryBookingItem("D-1000111 default project");

2
src/test/java/net/hostsharing/hsadminng/hs/booking/project/HsBookingProjectControllerAcceptanceTest.java
View File

@ -168,7 +168,7 @@ class HsBookingProjectControllerAcceptanceTest extends ContextBasedTestWithClean
RestAssured // @formatter:off RestAssured // @formatter:off
.given() .given()
.header("current-subject", "person-TuckerJack@example.com") .header("current-subject", "person-TuckerJack@example.com")
.header("assumed-roles", "hs_booking_project#D-1000313-D-1000313defaultproject:AGENT") .header("assumed-roles", "hs_booking.project#D-1000313-D-1000313defaultproject:AGENT")
.port(port) .port(port)
.when() .when()
.get("http://localhost/api/hs/booking/projects/" + givenBookingProjectUuid) .get("http://localhost/api/hs/booking/projects/" + givenBookingProjectUuid)

48
src/test/java/net/hostsharing/hsadminng/hs/booking/project/HsBookingProjectRepositoryIntegrationTest.java
View File

@ -65,7 +65,7 @@ class HsBookingProjectRepositoryIntegrationTest extends ContextBasedTestWithClea
final var query = em.createNativeQuery(""" final var query = em.createNativeQuery("""
select currentTask, targetTable, targetOp, targetdelta->>'caption' select currentTask, targetTable, targetOp, targetdelta->>'caption'
from base.tx_journal_v from base.tx_journal_v
where targettable = 'hs_booking_project'; where targettable = 'hs_booking.project';
"""); """);
// when // when
@ -73,9 +73,9 @@ class HsBookingProjectRepositoryIntegrationTest extends ContextBasedTestWithClea
// then // then
assertThat(customerLogEntries).map(Arrays::toString).contains( assertThat(customerLogEntries).map(Arrays::toString).contains(
"[creating booking-project test-data, hs_booking_project, INSERT, D-1000111 default project]", "[creating booking-project test-data, hs_booking.project, INSERT, D-1000111 default project]",
"[creating booking-project test-data, hs_booking_project, INSERT, D-1000212 default project]", "[creating booking-project test-data, hs_booking.project, INSERT, D-1000212 default project]",
"[creating booking-project test-data, hs_booking_project, INSERT, D-1000313 default project]"); "[creating booking-project test-data, hs_booking.project, INSERT, D-1000313 default project]");
} }
@Test @Test
@ -83,7 +83,7 @@ class HsBookingProjectRepositoryIntegrationTest extends ContextBasedTestWithClea
// given // given
final String nativeQuerySql = """ final String nativeQuerySql = """
select count(*) select count(*)
from hs_booking_project_hv ha; from hs_booking.project_hv ha;
"""; """;
// when // when
@ -92,7 +92,7 @@ class HsBookingProjectRepositoryIntegrationTest extends ContextBasedTestWithClea
@SuppressWarnings("unchecked") final var countBefore = (Integer) query.getSingleResult(); @SuppressWarnings("unchecked") final var countBefore = (Integer) query.getSingleResult();
// then // then
assertThat(countBefore).as("hs_booking_project_hv should not contain rows for a timestamp in the past").isEqualTo(0); assertThat(countBefore).as("hs_booking.project_hv should not contain rows for a timestamp in the past").isEqualTo(0);
// and when // and when
historicalContext(Timestamp.from(ZonedDateTime.now().plusHours(1).toInstant())); historicalContext(Timestamp.from(ZonedDateTime.now().plusHours(1).toInstant()));
@ -100,7 +100,7 @@ class HsBookingProjectRepositoryIntegrationTest extends ContextBasedTestWithClea
@SuppressWarnings("unchecked") final var countAfter = (Integer) query.getSingleResult(); @SuppressWarnings("unchecked") final var countAfter = (Integer) query.getSingleResult();
// then // then
assertThat(countAfter).as("hs_booking_project_hv should contain rows for a timestamp in the future").isGreaterThan(1); assertThat(countAfter).as("hs_booking.project_hv should contain rows for a timestamp in the future").isGreaterThan(1);
} }
@Nested @Nested
@ -152,33 +152,33 @@ class HsBookingProjectRepositoryIntegrationTest extends ContextBasedTestWithClea
final var all = rawRoleRepo.findAll(); final var all = rawRoleRepo.findAll();
assertThat(distinctRoleNamesOf(all)).containsExactlyInAnyOrder(Array.from( assertThat(distinctRoleNamesOf(all)).containsExactlyInAnyOrder(Array.from(
initialRoleNames, initialRoleNames,
"hs_booking_project#D-1000111-somenewbookingproject:ADMIN", "hs_booking.project#D-1000111-somenewbookingproject:ADMIN",
"hs_booking_project#D-1000111-somenewbookingproject:AGENT", "hs_booking.project#D-1000111-somenewbookingproject:AGENT",
"hs_booking_project#D-1000111-somenewbookingproject:OWNER", "hs_booking.project#D-1000111-somenewbookingproject:OWNER",
"hs_booking_project#D-1000111-somenewbookingproject:TENANT")); "hs_booking.project#D-1000111-somenewbookingproject:TENANT"));
assertThat(distinctGrantDisplaysOf(rawGrantRepo.findAll())) assertThat(distinctGrantDisplaysOf(rawGrantRepo.findAll()))
.map(s -> s.replace("hs_office.", "")) .map(s -> s.replace("hs_office.", ""))
.containsExactlyInAnyOrder(fromFormatted( .containsExactlyInAnyOrder(fromFormatted(
initialGrantNames, initialGrantNames,
// rbacgGlobal-admin // rbacgGlobal-admin
"{ grant perm:hs_booking_project#D-1000111-somenewbookingproject:DELETE to role:rbac.global#global:ADMIN by system and assume }", "{ grant perm:hs_booking.project#D-1000111-somenewbookingproject:DELETE to role:rbac.global#global:ADMIN by system and assume }",
// owner // owner
"{ grant role:hs_booking_project#D-1000111-somenewbookingproject:ADMIN to role:hs_booking_project#D-1000111-somenewbookingproject:OWNER by system and assume }", "{ grant role:hs_booking.project#D-1000111-somenewbookingproject:ADMIN to role:hs_booking.project#D-1000111-somenewbookingproject:OWNER by system and assume }",
// admin // admin
"{ grant role:hs_booking_project#D-1000111-somenewbookingproject:AGENT to role:hs_booking_project#D-1000111-somenewbookingproject:ADMIN by system and assume }", "{ grant role:hs_booking.project#D-1000111-somenewbookingproject:AGENT to role:hs_booking.project#D-1000111-somenewbookingproject:ADMIN by system and assume }",
"{ grant perm:hs_booking_project#D-1000111-somenewbookingproject:UPDATE to role:hs_booking_project#D-1000111-somenewbookingproject:ADMIN by system and assume }", "{ grant perm:hs_booking.project#D-1000111-somenewbookingproject:UPDATE to role:hs_booking.project#D-1000111-somenewbookingproject:ADMIN by system and assume }",
"{ grant perm:hs_booking_project#D-1000111-somenewbookingproject:INSERT>hs_booking_item to role:hs_booking_project#D-1000111-somenewbookingproject:ADMIN by system and assume }", "{ grant perm:hs_booking.project#D-1000111-somenewbookingproject:INSERT>hs_booking.item to role:hs_booking.project#D-1000111-somenewbookingproject:ADMIN by system and assume }",
// agent // agent
"{ grant role:hs_booking_project#D-1000111-somenewbookingproject:OWNER to role:relation#FirstGmbH-with-DEBITOR-FirstGmbH:AGENT by system }", "{ grant role:hs_booking.project#D-1000111-somenewbookingproject:OWNER to role:relation#FirstGmbH-with-DEBITOR-FirstGmbH:AGENT by system }",
"{ grant role:hs_booking_project#D-1000111-somenewbookingproject:TENANT to role:hs_booking_project#D-1000111-somenewbookingproject:AGENT by system and assume }", "{ grant role:hs_booking.project#D-1000111-somenewbookingproject:TENANT to role:hs_booking.project#D-1000111-somenewbookingproject:AGENT by system and assume }",
// tenant // tenant
"{ grant role:relation#FirstGmbH-with-DEBITOR-FirstGmbH:TENANT to role:hs_booking_project#D-1000111-somenewbookingproject:TENANT by system and assume }", "{ grant role:relation#FirstGmbH-with-DEBITOR-FirstGmbH:TENANT to role:hs_booking.project#D-1000111-somenewbookingproject:TENANT by system and assume }",
"{ grant perm:hs_booking_project#D-1000111-somenewbookingproject:SELECT to role:hs_booking_project#D-1000111-somenewbookingproject:TENANT by system and assume }", "{ grant perm:hs_booking.project#D-1000111-somenewbookingproject:SELECT to role:hs_booking.project#D-1000111-somenewbookingproject:TENANT by system and assume }",
null)); null));
} }
@ -214,7 +214,7 @@ class HsBookingProjectRepositoryIntegrationTest extends ContextBasedTestWithClea
public void packetAgent_canViewOnlyRelatedBookingProjects(final TestCase testCase) { public void packetAgent_canViewOnlyRelatedBookingProjects(final TestCase testCase) {
// given: // given:
context("person-FirbySusan@example.com", "hs_booking_project#D-1000111-D-1000111defaultproject:AGENT"); context("person-FirbySusan@example.com", "hs_booking.project#D-1000111-D-1000111defaultproject:AGENT");
final var debitorUuid = debitorRepo.findByDebitorNumber(1000111).stream() final var debitorUuid = debitorRepo.findByDebitorNumber(1000111).stream()
.findAny().orElseThrow().getUuid(); .findAny().orElseThrow().getUuid();
@ -238,7 +238,7 @@ class HsBookingProjectRepositoryIntegrationTest extends ContextBasedTestWithClea
// when // when
final var result = jpaAttempt.transacted(() -> { final var result = jpaAttempt.transacted(() -> {
context("superuser-alex@hostsharing.net", "hs_booking_project#D-1000111-sometempproject:ADMIN"); context("superuser-alex@hostsharing.net", "hs_booking.project#D-1000111-sometempproject:ADMIN");
final var foundBookingProject = em.find(HsBookingProjectRbacEntity.class, givenBookingProjectUuid); final var foundBookingProject = em.find(HsBookingProjectRbacEntity.class, givenBookingProjectUuid);
foundBookingProject.setCaption("updated caption"); foundBookingProject.setCaption("updated caption");
return toCleanup(repoUnderTest(testCase).save(foundBookingProject)); return toCleanup(repoUnderTest(testCase).save(foundBookingProject));
@ -290,7 +290,7 @@ class HsBookingProjectRepositoryIntegrationTest extends ContextBasedTestWithClea
// when // when
final var result = jpaAttempt.transacted(() -> { final var result = jpaAttempt.transacted(() -> {
context("person-FirbySusan@example.com", "hs_booking_project#D-1000111-sometempproject:AGENT"); context("person-FirbySusan@example.com", "hs_booking.project#D-1000111-sometempproject:AGENT");
assertThat(rbacProjectRepo.findByUuid(givenBookingProject.getUuid())).isPresent(); assertThat(rbacProjectRepo.findByUuid(givenBookingProject.getUuid())).isPresent();
repoUnderTest(TestCase.RBAC).deleteByUuid(givenBookingProject.getUuid()); repoUnderTest(TestCase.RBAC).deleteByUuid(givenBookingProject.getUuid());
@ -299,7 +299,7 @@ class HsBookingProjectRepositoryIntegrationTest extends ContextBasedTestWithClea
// then // then
result.assertExceptionWithRootCauseMessage( result.assertExceptionWithRootCauseMessage(
JpaSystemException.class, JpaSystemException.class,
"[403] Subject ", " is not allowed to delete hs_booking_project"); "[403] Subject ", " is not allowed to delete hs_booking.project");
assertThat(jpaAttempt.transacted(() -> { assertThat(jpaAttempt.transacted(() -> {
context("superuser-alex@hostsharing.net"); context("superuser-alex@hostsharing.net");
return rbacProjectRepo.findByUuid(givenBookingProject.getUuid()); return rbacProjectRepo.findByUuid(givenBookingProject.getUuid());

8
src/test/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAssetControllerAcceptanceTest.java
View File

@ -114,7 +114,7 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup
RestAssured // @formatter:off RestAssured // @formatter:off
.given() .given()
.header("current-subject", "superuser-alex@hostsharing.net") .header("current-subject", "superuser-alex@hostsharing.net")
.header("assumed-roles", "hs_hosting_asset#fir01:AGENT") .header("assumed-roles", "hs_hosting.asset#fir01:AGENT")
.port(port) .port(port)
.when() .when()
. get("http://localhost/api/hs/hosting/assets?type=" + EMAIL_ALIAS) . get("http://localhost/api/hs/hosting/assets?type=" + EMAIL_ALIAS)
@ -218,7 +218,7 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup
final var location = RestAssured // @formatter:off final var location = RestAssured // @formatter:off
.given() .given()
.header("current-subject", "superuser-alex@hostsharing.net") .header("current-subject", "superuser-alex@hostsharing.net")
.header("assumed-roles", "hs_hosting_asset#vm1011:ADMIN") .header("assumed-roles", "hs_hosting.asset#vm1011:ADMIN")
.contentType(ContentType.JSON) .contentType(ContentType.JSON)
.body(""" .body("""
{ {
@ -454,7 +454,7 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup
RestAssured // @formatter:off RestAssured // @formatter:off
.given() .given()
.header("current-subject", "person-TuckerJack@example.com") .header("current-subject", "person-TuckerJack@example.com")
.header("assumed-roles", "hs_booking_project#D-1000313-D-1000313defaultproject:AGENT") .header("assumed-roles", "hs_booking.project#D-1000313-D-1000313defaultproject:AGENT")
.port(port) .port(port)
.when() .when()
.get("http://localhost/api/hs/hosting/assets/" + givenAssetUuid) .get("http://localhost/api/hs/hosting/assets/" + givenAssetUuid)
@ -574,7 +574,7 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup
RestAssured // @formatter:off RestAssured // @formatter:off
.given() .given()
.header("current-subject", "superuser-alex@hostsharing.net") .header("current-subject", "superuser-alex@hostsharing.net")
//.header("assumed-roles", "hs_hosting_asset#vm2001:ADMIN") //.header("assumed-roles", "hs_hosting.asset#vm2001:ADMIN")
.contentType(ContentType.JSON) .contentType(ContentType.JSON)
.body(""" .body("""
{ {

98
src/test/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAssetRepositoryIntegrationTest.java
View File

@ -78,7 +78,7 @@ class HsHostingAssetRepositoryIntegrationTest extends ContextBasedTestWithCleanu
final var query = em.createNativeQuery(""" final var query = em.createNativeQuery("""
select currentTask, targetTable, targetOp, targetdelta->>'caption' select currentTask, targetTable, targetOp, targetdelta->>'caption'
from base.tx_journal_v from base.tx_journal_v
where targettable = 'hs_hosting_asset'; where targettable = 'hs_hosting.asset';
"""); """);
// when // when
@ -86,24 +86,24 @@ class HsHostingAssetRepositoryIntegrationTest extends ContextBasedTestWithCleanu
// then // then
assertThat(customerLogEntries).map(Arrays::toString).contains( assertThat(customerLogEntries).map(Arrays::toString).contains(
"[creating hosting-asset test-data, hs_hosting_asset, INSERT, another CloudServer]", "[creating hosting-asset test-data, hs_hosting.asset, INSERT, another CloudServer]",
"[creating hosting-asset test-data, hs_hosting_asset, INSERT, some Domain-DNS-Setup]", "[creating hosting-asset test-data, hs_hosting.asset, INSERT, some Domain-DNS-Setup]",
"[creating hosting-asset test-data, hs_hosting_asset, INSERT, some Domain-HTTP-Setup]", "[creating hosting-asset test-data, hs_hosting.asset, INSERT, some Domain-HTTP-Setup]",
"[creating hosting-asset test-data, hs_hosting_asset, INSERT, some Domain-MBOX-Setup]", "[creating hosting-asset test-data, hs_hosting.asset, INSERT, some Domain-MBOX-Setup]",
"[creating hosting-asset test-data, hs_hosting_asset, INSERT, some Domain-SMTP-Setup]", "[creating hosting-asset test-data, hs_hosting.asset, INSERT, some Domain-SMTP-Setup]",
"[creating hosting-asset test-data, hs_hosting_asset, INSERT, some Domain-Setup]", "[creating hosting-asset test-data, hs_hosting.asset, INSERT, some Domain-Setup]",
"[creating hosting-asset test-data, hs_hosting_asset, INSERT, some E-Mail-Address]", "[creating hosting-asset test-data, hs_hosting.asset, INSERT, some E-Mail-Address]",
"[creating hosting-asset test-data, hs_hosting_asset, INSERT, some E-Mail-Alias]", "[creating hosting-asset test-data, hs_hosting.asset, INSERT, some E-Mail-Alias]",
"[creating hosting-asset test-data, hs_hosting_asset, INSERT, some ManagedServer]", "[creating hosting-asset test-data, hs_hosting.asset, INSERT, some ManagedServer]",
"[creating hosting-asset test-data, hs_hosting_asset, INSERT, some UnixUser for E-Mail]", "[creating hosting-asset test-data, hs_hosting.asset, INSERT, some UnixUser for E-Mail]",
"[creating hosting-asset test-data, hs_hosting_asset, INSERT, some UnixUser for Website]", "[creating hosting-asset test-data, hs_hosting.asset, INSERT, some UnixUser for Website]",
"[creating hosting-asset test-data, hs_hosting_asset, INSERT, some Webspace]", "[creating hosting-asset test-data, hs_hosting.asset, INSERT, some Webspace]",
"[creating hosting-asset test-data, hs_hosting_asset, INSERT, some default MariaDB instance]", "[creating hosting-asset test-data, hs_hosting.asset, INSERT, some default MariaDB instance]",
"[creating hosting-asset test-data, hs_hosting_asset, INSERT, some default MariaDB user]", "[creating hosting-asset test-data, hs_hosting.asset, INSERT, some default MariaDB user]",
"[creating hosting-asset test-data, hs_hosting_asset, INSERT, some default MariaDB database]", "[creating hosting-asset test-data, hs_hosting.asset, INSERT, some default MariaDB database]",
"[creating hosting-asset test-data, hs_hosting_asset, INSERT, some default Postgresql instance]", "[creating hosting-asset test-data, hs_hosting.asset, INSERT, some default Postgresql instance]",
"[creating hosting-asset test-data, hs_hosting_asset, INSERT, some default Postgresql user]", "[creating hosting-asset test-data, hs_hosting.asset, INSERT, some default Postgresql user]",
"[creating hosting-asset test-data, hs_hosting_asset, INSERT, some default Postgresql database]" "[creating hosting-asset test-data, hs_hosting.asset, INSERT, some default Postgresql database]"
); );
} }
@ -112,7 +112,7 @@ class HsHostingAssetRepositoryIntegrationTest extends ContextBasedTestWithCleanu
// given // given
final String nativeQuerySql = """ final String nativeQuerySql = """
select count(*) select count(*)
from hs_hosting_asset_hv ha; from hs_hosting.asset_hv ha;
"""; """;
// when // when
@ -121,7 +121,7 @@ class HsHostingAssetRepositoryIntegrationTest extends ContextBasedTestWithCleanu
@SuppressWarnings("unchecked") final var countBefore = (Integer) query.getSingleResult(); @SuppressWarnings("unchecked") final var countBefore = (Integer) query.getSingleResult();
// then // then
assertThat(countBefore).as("hs_hosting_asset_hv should not contain rows for a timestamp in the past").isEqualTo(0); assertThat(countBefore).as("hs_hosting.asset_hv should not contain rows for a timestamp in the past").isEqualTo(0);
// and when // and when
historicalContext(Timestamp.from(ZonedDateTime.now().plusHours(1).toInstant())); historicalContext(Timestamp.from(ZonedDateTime.now().plusHours(1).toInstant()));
@ -129,7 +129,7 @@ class HsHostingAssetRepositoryIntegrationTest extends ContextBasedTestWithCleanu
@SuppressWarnings("unchecked") final var countAfter = (Integer) query.getSingleResult(); @SuppressWarnings("unchecked") final var countAfter = (Integer) query.getSingleResult();
// then // then
assertThat(countAfter).as("hs_hosting_asset_hv should contain rows for a timestamp in the future").isGreaterThan(1); assertThat(countAfter).as("hs_hosting.asset_hv should contain rows for a timestamp in the future").isGreaterThan(1);
} }
@Nested @Nested
@ -167,7 +167,7 @@ class HsHostingAssetRepositoryIntegrationTest extends ContextBasedTestWithCleanu
public void createsAndGrantsRoles() { public void createsAndGrantsRoles() {
// given // given
// TODO.test: remove context(...) once all entities have real entities // TODO.test: remove context(...) once all entities have real entities
context("superuser-alex@hostsharing.net", "hs_booking_project#D-1000111-D-1000111defaultproject:AGENT"); context("superuser-alex@hostsharing.net", "hs_booking.project#D-1000111-D-1000111defaultproject:AGENT");
final var givenManagedServer = givenHostingAsset("D-1000111 default project", MANAGED_SERVER); final var givenManagedServer = givenHostingAsset("D-1000111 default project", MANAGED_SERVER);
final var newWebspaceBookingItem = newBookingItem(givenManagedServer.getBookingItem(), HsBookingItemType.MANAGED_WEBSPACE, "fir01"); final var newWebspaceBookingItem = newBookingItem(givenManagedServer.getBookingItem(), HsBookingItemType.MANAGED_WEBSPACE, "fir01");
em.flush(); em.flush();
@ -175,7 +175,7 @@ class HsHostingAssetRepositoryIntegrationTest extends ContextBasedTestWithCleanu
final var initialGrantNames = distinctGrantDisplaysOf(rawGrantRepo.findAll()); final var initialGrantNames = distinctGrantDisplaysOf(rawGrantRepo.findAll());
// when // when
context("superuser-alex@hostsharing.net", "hs_booking_project#D-1000111-D-1000111defaultproject:AGENT"); context("superuser-alex@hostsharing.net", "hs_booking.project#D-1000111-D-1000111defaultproject:AGENT");
final var result = attempt(em, () -> { final var result = attempt(em, () -> {
final var newAsset = HsHostingAssetRbacEntity.builder() final var newAsset = HsHostingAssetRbacEntity.builder()
.bookingItem(newWebspaceBookingItem) .bookingItem(newWebspaceBookingItem)
@ -192,37 +192,37 @@ class HsHostingAssetRepositoryIntegrationTest extends ContextBasedTestWithCleanu
final var all = rawRoleRepo.findAll(); final var all = rawRoleRepo.findAll();
assertThat(distinctRoleNamesOf(all)).containsExactlyInAnyOrder(Array.from( assertThat(distinctRoleNamesOf(all)).containsExactlyInAnyOrder(Array.from(
initialRoleNames, initialRoleNames,
"hs_hosting_asset#fir00:ADMIN", "hs_hosting.asset#fir00:ADMIN",
"hs_hosting_asset#fir00:AGENT", "hs_hosting.asset#fir00:AGENT",
"hs_hosting_asset#fir00:OWNER", "hs_hosting.asset#fir00:OWNER",
"hs_hosting_asset#fir00:TENANT")); "hs_hosting.asset#fir00:TENANT"));
assertThat(distinctGrantDisplaysOf(rawGrantRepo.findAll())) assertThat(distinctGrantDisplaysOf(rawGrantRepo.findAll()))
.containsExactlyInAnyOrder(fromFormatted( .containsExactlyInAnyOrder(fromFormatted(
initialGrantNames, initialGrantNames,
// rbac.global-admin // rbac.global-admin
"{ grant role:hs_hosting_asset#fir00:OWNER to role:rbac.global#global:ADMIN by system }", // workaround "{ grant role:hs_hosting.asset#fir00:OWNER to role:rbac.global#global:ADMIN by system }", // workaround
// owner // owner
"{ grant role:hs_hosting_asset#fir00:OWNER to user:superuser-alex@hostsharing.net by hs_hosting_asset#fir00:OWNER and assume }", "{ grant role:hs_hosting.asset#fir00:OWNER to user:superuser-alex@hostsharing.net by hs_hosting.asset#fir00:OWNER and assume }",
"{ grant role:hs_hosting_asset#fir00:OWNER to role:hs_booking_item#fir01:ADMIN by system and assume }", "{ grant role:hs_hosting.asset#fir00:OWNER to role:hs_booking.item#fir01:ADMIN by system and assume }",
"{ grant role:hs_hosting_asset#fir00:OWNER to role:hs_hosting_asset#vm1011:ADMIN by system and assume }", "{ grant role:hs_hosting.asset#fir00:OWNER to role:hs_hosting.asset#vm1011:ADMIN by system and assume }",
"{ grant perm:hs_hosting_asset#fir00:DELETE to role:hs_hosting_asset#fir00:OWNER by system and assume }", "{ grant perm:hs_hosting.asset#fir00:DELETE to role:hs_hosting.asset#fir00:OWNER by system and assume }",
// admin // admin
"{ grant role:hs_hosting_asset#fir00:ADMIN to role:hs_hosting_asset#fir00:OWNER by system and assume }", "{ grant role:hs_hosting.asset#fir00:ADMIN to role:hs_hosting.asset#fir00:OWNER by system and assume }",
"{ grant role:hs_hosting_asset#fir00:ADMIN to role:hs_booking_item#fir01:AGENT by system and assume }", "{ grant role:hs_hosting.asset#fir00:ADMIN to role:hs_booking.item#fir01:AGENT by system and assume }",
"{ grant perm:hs_hosting_asset#fir00:UPDATE to role:hs_hosting_asset#fir00:ADMIN by system and assume }", "{ grant perm:hs_hosting.asset#fir00:UPDATE to role:hs_hosting.asset#fir00:ADMIN by system and assume }",
// agent // agent
"{ grant role:hs_hosting_asset#fir00:ADMIN to role:hs_hosting_asset#vm1011:AGENT by system and assume }", "{ grant role:hs_hosting.asset#fir00:ADMIN to role:hs_hosting.asset#vm1011:AGENT by system and assume }",
"{ grant role:hs_hosting_asset#fir00:AGENT to role:hs_hosting_asset#fir00:ADMIN by system and assume }", "{ grant role:hs_hosting.asset#fir00:AGENT to role:hs_hosting.asset#fir00:ADMIN by system and assume }",
// tenant // tenant
"{ grant role:hs_booking_item#fir01:TENANT to role:hs_hosting_asset#fir00:TENANT by system and assume }", "{ grant role:hs_booking.item#fir01:TENANT to role:hs_hosting.asset#fir00:TENANT by system and assume }",
"{ grant role:hs_hosting_asset#fir00:TENANT to role:hs_hosting_asset#fir00:AGENT by system and assume }", "{ grant role:hs_hosting.asset#fir00:TENANT to role:hs_hosting.asset#fir00:AGENT by system and assume }",
"{ grant role:hs_hosting_asset#vm1011:TENANT to role:hs_hosting_asset#fir00:TENANT by system and assume }", "{ grant role:hs_hosting.asset#vm1011:TENANT to role:hs_hosting.asset#fir00:TENANT by system and assume }",
"{ grant perm:hs_hosting_asset#fir00:SELECT to role:hs_hosting_asset#fir00:TENANT by system and assume }", "{ grant perm:hs_hosting.asset#fir00:SELECT to role:hs_hosting.asset#fir00:TENANT by system and assume }",
null)); null));
} }
@ -251,7 +251,7 @@ class HsHostingAssetRepositoryIntegrationTest extends ContextBasedTestWithCleanu
assertThatAssetIsPersisted(result.returnedValue()); assertThatAssetIsPersisted(result.returnedValue());
// ... a rbac.global admin can see the new domain setup as well if the domain OWNER role is assumed // ... a rbac.global admin can see the new domain setup as well if the domain OWNER role is assumed
context("superuser-alex@hostsharing.net", "hs_hosting_asset#example.net:OWNER"); // only works with the assumed role context("superuser-alex@hostsharing.net", "hs_hosting.asset#example.net:OWNER"); // only works with the assumed role
assertThatAssetIsPersisted(result.returnedValue()); assertThatAssetIsPersisted(result.returnedValue());
} }
@ -287,7 +287,7 @@ class HsHostingAssetRepositoryIntegrationTest extends ContextBasedTestWithCleanu
@Test @Test
public void normalUser_canViewOnlyRelatedAssets() { public void normalUser_canViewOnlyRelatedAssets() {
// given: // given:
context("person-FirbySusan@example.com", "hs_booking_project#D-1000111-D-1000111defaultproject:AGENT"); context("person-FirbySusan@example.com", "hs_booking.project#D-1000111-D-1000111defaultproject:AGENT");
final var projectUuid = projectRepo.findByCaption("D-1000111 default project").stream() final var projectUuid = projectRepo.findByCaption("D-1000111 default project").stream()
.findAny().orElseThrow().getUuid(); .findAny().orElseThrow().getUuid();
@ -309,7 +309,7 @@ class HsHostingAssetRepositoryIntegrationTest extends ContextBasedTestWithCleanu
.findAny().orElseThrow().getUuid(); .findAny().orElseThrow().getUuid();
// when // when
context("superuser-alex@hostsharing.net", "hs_hosting_asset#vm1012:AGENT"); context("superuser-alex@hostsharing.net", "hs_hosting.asset#vm1012:AGENT");
final var result = rbacAssetRepo.findAllByCriteria(null, parentAssetUuid, null); final var result = rbacAssetRepo.findAllByCriteria(null, parentAssetUuid, null);
// then // then
@ -326,7 +326,7 @@ class HsHostingAssetRepositoryIntegrationTest extends ContextBasedTestWithCleanu
context("superuser-alex@hostsharing.net"); context("superuser-alex@hostsharing.net");
// when // when
context("superuser-alex@hostsharing.net", "hs_hosting_asset#sec01:AGENT"); context("superuser-alex@hostsharing.net", "hs_hosting.asset#sec01:AGENT");
final var result = rbacAssetRepo.findAllByCriteria(null, null, EMAIL_ADDRESS); final var result = rbacAssetRepo.findAllByCriteria(null, null, EMAIL_ADDRESS);
// then // then
@ -397,7 +397,7 @@ class HsHostingAssetRepositoryIntegrationTest extends ContextBasedTestWithCleanu
// when // when
final var result = jpaAttempt.transacted(() -> { final var result = jpaAttempt.transacted(() -> {
context("person-FirbySusan@example.com", "hs_booking_project#D-1000111-D-1000111defaultproject:AGENT"); context("person-FirbySusan@example.com", "hs_booking.project#D-1000111-D-1000111defaultproject:AGENT");
assertThat(rbacAssetRepo.findByUuid(givenAsset.getUuid())).isPresent(); assertThat(rbacAssetRepo.findByUuid(givenAsset.getUuid())).isPresent();
rbacAssetRepo.deleteByUuid(givenAsset.getUuid()); rbacAssetRepo.deleteByUuid(givenAsset.getUuid());
@ -417,7 +417,7 @@ class HsHostingAssetRepositoryIntegrationTest extends ContextBasedTestWithCleanu
// when // when
final var result = jpaAttempt.transacted(() -> { final var result = jpaAttempt.transacted(() -> {
context("person-FirbySusan@example.com", "hs_hosting_asset#vm1000:ADMIN"); context("person-FirbySusan@example.com", "hs_hosting.asset#vm1000:ADMIN");
assertThat(rbacAssetRepo.findByUuid(givenAsset.getUuid())).isPresent(); assertThat(rbacAssetRepo.findByUuid(givenAsset.getUuid())).isPresent();
rbacAssetRepo.deleteByUuid(givenAsset.getUuid()); rbacAssetRepo.deleteByUuid(givenAsset.getUuid());
@ -426,7 +426,7 @@ class HsHostingAssetRepositoryIntegrationTest extends ContextBasedTestWithCleanu
// then // then
result.assertExceptionWithRootCauseMessage( result.assertExceptionWithRootCauseMessage(
JpaSystemException.class, JpaSystemException.class,
"[403] Subject ", " is not allowed to delete hs_hosting_asset"); "[403] Subject ", " is not allowed to delete hs_hosting.asset");
assertThat(jpaAttempt.transacted(() -> { assertThat(jpaAttempt.transacted(() -> {
return realAssetRepo.findByUuid(givenAsset.getUuid()); return realAssetRepo.findByUuid(givenAsset.getUuid());
}).assertSuccessful().returnedValue()).isPresent(); // still there }).assertSuccessful().returnedValue()).isPresent(); // still there

2
src/test/java/net/hostsharing/hsadminng/hs/hosting/asset/validators/HsUnixUserHostingAssetValidatorUnitTest.java
View File

@ -68,7 +68,7 @@ class HsUnixUserHostingAssetValidatorUnitTest {
void initMocks() { void initMocks() {
final var nativeQueryMock = mock(Query.class); final var nativeQueryMock = mock(Query.class);
lenient().when(nativeQueryMock.getSingleResult()).thenReturn(12345678); lenient().when(nativeQueryMock.getSingleResult()).thenReturn(12345678);
lenient().when(em.createNativeQuery("SELECT nextval('hs_hosting_asset_unixuser_system_id_seq')", Integer.class)) lenient().when(em.createNativeQuery("SELECT nextval('hs_hosting.asset_unixuser_system_id_seq')", Integer.class))
.thenReturn(nativeQueryMock); .thenReturn(nativeQueryMock);
} }

2
src/test/java/net/hostsharing/hsadminng/hs/migration/BaseOfficeDataImport.java
View File

@ -677,7 +677,7 @@ public abstract class BaseOfficeDataImport extends CsvDataImport {
jpaAttempt.transacted(() -> { jpaAttempt.transacted(() -> {
context(rbacSuperuser); context(rbacSuperuser);
coopAssets.forEach(this::persist); coopAssets.forEach(this::persist);
updateLegacyIds(coopAssets, "hs_office.coopassetstransaction_legacy_id", "member_asset_id"); updateLegacyIds(coopAssets, "hs_office.coopassettx_legacy_id", "member_asset_id");
}).assertSuccessful(); }).assertSuccessful();
} }

22
src/test/java/net/hostsharing/hsadminng/hs/migration/CsvDataImport.java
View File

@ -187,7 +187,7 @@ public class CsvDataImport extends ContextBasedTest {
} }
final var query = em.createNativeQuery(""" final var query = em.createNativeQuery("""
insert into hs_hosting_asset( insert into hs_hosting.asset(
uuid, uuid,
type, type,
bookingitemuuid, bookingitemuuid,
@ -248,15 +248,15 @@ public class CsvDataImport extends ContextBasedTest {
jpaAttempt.transacted(() -> { jpaAttempt.transacted(() -> {
context(rbacSuperuser); context(rbacSuperuser);
// TODO.perf: could we instead skip creating test-data based on an env var? // TODO.perf: could we instead skip creating test-data based on an env var?
em.createNativeQuery("delete from hs_hosting_asset where true").executeUpdate(); em.createNativeQuery("delete from hs_hosting.asset where true").executeUpdate();
em.createNativeQuery("delete from hs_hosting_asset_ex where true").executeUpdate(); em.createNativeQuery("delete from hs_hosting.asset_ex where true").executeUpdate();
em.createNativeQuery("delete from hs_booking_item where true").executeUpdate(); em.createNativeQuery("delete from hs_booking.item where true").executeUpdate();
em.createNativeQuery("delete from hs_booking_item_ex where true").executeUpdate(); em.createNativeQuery("delete from hs_booking.item_ex where true").executeUpdate();
em.createNativeQuery("delete from hs_booking_project where true").executeUpdate(); em.createNativeQuery("delete from hs_booking.project where true").executeUpdate();
em.createNativeQuery("delete from hs_booking_project_ex where true").executeUpdate(); em.createNativeQuery("delete from hs_booking.project_ex where true").executeUpdate();
em.createNativeQuery("delete from hs_office.coopassetstransaction where true").executeUpdate(); em.createNativeQuery("delete from hs_office.coopassettx where true").executeUpdate();
em.createNativeQuery("delete from hs_office.coopassetstransaction_legacy_id where true").executeUpdate(); em.createNativeQuery("delete from hs_office.coopassettx_legacy_id where true").executeUpdate();
em.createNativeQuery("delete from hs_office.coopsharestransaction where true").executeUpdate(); em.createNativeQuery("delete from hs_office.coopsharetx where true").executeUpdate();
em.createNativeQuery("delete from hs_office.coopsharestransaction_legacy_id where true").executeUpdate(); em.createNativeQuery("delete from hs_office.coopsharestransaction_legacy_id where true").executeUpdate();
em.createNativeQuery("delete from hs_office.membership where true").executeUpdate(); em.createNativeQuery("delete from hs_office.membership where true").executeUpdate();
em.createNativeQuery("delete from hs_office.sepamandate where true").executeUpdate(); em.createNativeQuery("delete from hs_office.sepamandate where true").executeUpdate();
@ -275,7 +275,7 @@ public class CsvDataImport extends ContextBasedTest {
jpaAttempt.transacted(() -> { jpaAttempt.transacted(() -> {
context(rbacSuperuser); context(rbacSuperuser);
em.createNativeQuery("alter sequence hs_office.contact_legacy_id_seq restart with 1000000000;").executeUpdate(); em.createNativeQuery("alter sequence hs_office.contact_legacy_id_seq restart with 1000000000;").executeUpdate();
em.createNativeQuery("alter sequence hs_office.coopassetstransaction_legacy_id_seq restart with 1000000000;") em.createNativeQuery("alter sequence hs_office.coopassettx_legacy_id_seq restart with 1000000000;")
.executeUpdate(); .executeUpdate();
em.createNativeQuery("alter sequence public.hs_office.coopsharestransaction_legacy_id_seq restart with 1000000000;") em.createNativeQuery("alter sequence public.hs_office.coopsharestransaction_legacy_id_seq restart with 1000000000;")
.executeUpdate(); .executeUpdate();

20
src/test/java/net/hostsharing/hsadminng/hs/migration/ImportHostingAssets.java
View File

@ -913,7 +913,7 @@ public class ImportHostingAssets extends BaseOfficeDataImport {
@Test @Test
@Order(19910) @Order(19910)
void verifyBookingItemsAreActuallyPersisted() { void verifyBookingItemsAreActuallyPersisted() {
final var biCount = (Integer) em.createNativeQuery("select count(*) from hs_booking_item", Integer.class) final var biCount = (Integer) em.createNativeQuery("select count(*) from hs_booking.item", Integer.class)
.getSingleResult(); .getSingleResult();
assertThat(biCount).isGreaterThan(isImportingControlledTestData() ? 5 : 500); assertThat(biCount).isGreaterThan(isImportingControlledTestData() ? 5 : 500);
} }
@ -921,7 +921,7 @@ public class ImportHostingAssets extends BaseOfficeDataImport {
@Test @Test
@Order(19920) @Order(19920)
void verifyHostingAssetsAreActuallyPersisted() { void verifyHostingAssetsAreActuallyPersisted() {
final var haCount = (Integer) em.createNativeQuery("select count(*) from hs_hosting_asset", Integer.class) final var haCount = (Integer) em.createNativeQuery("select count(*) from hs_hosting.asset", Integer.class)
.getSingleResult(); .getSingleResult();
assertThat(haCount).isGreaterThan(isImportingControlledTestData() ? 40 : 15000); assertThat(haCount).isGreaterThan(isImportingControlledTestData() ? 40 : 15000);
@ -1068,8 +1068,8 @@ public class ImportHostingAssets extends BaseOfficeDataImport {
assumeThatWeAreImportingControlledTestData(); assumeThatWeAreImportingControlledTestData();
final var haCount = jpaAttempt.transacted(() -> { final var haCount = jpaAttempt.transacted(() -> {
context(rbacSuperuser, "hs_booking_project#D-1000300-mimdefaultproject:AGENT"); context(rbacSuperuser, "hs_booking.project#D-1000300-mimdefaultproject:AGENT");
return (Integer) em.createNativeQuery("select count(*) from hs_hosting_asset_rv where type='EMAIL_ADDRESS'", Integer.class) return (Integer) em.createNativeQuery("select count(*) from hs_hosting.asset_rv where type='EMAIL_ADDRESS'", Integer.class)
.getSingleResult(); .getSingleResult();
}).assertSuccessful().returnedValue(); }).assertSuccessful().returnedValue();
assertThat(haCount).isEqualTo(68); assertThat(haCount).isEqualTo(68);
@ -1136,7 +1136,7 @@ public class ImportHostingAssets extends BaseOfficeDataImport {
jpaAttempt.transacted(() -> { jpaAttempt.transacted(() -> {
context(rbacSuperuser); context(rbacSuperuser);
updateLegacyIds(assets, "hs_hosting_asset_legacy_id", "legacy_id"); updateLegacyIds(assets, "hs_hosting.asset_legacy_id", "legacy_id");
}).assertSuccessful(); }).assertSuccessful();
} }
@ -1145,7 +1145,7 @@ public class ImportHostingAssets extends BaseOfficeDataImport {
final int expectedCountInTestDataCount, final int expectedCountInTestDataCount,
final int minCountExpectedInProdData) { final int minCountExpectedInProdData) {
final var q = em.createNativeQuery( final var q = em.createNativeQuery(
"select count(*) from hs_hosting_asset where type = cast(:type as HsHostingAssetType)", "select count(*) from hs_hosting.asset where type = cast(:type as hs_hosting.AssetType)",
Integer.class); Integer.class);
q.setParameter("type", assetType.name()); q.setParameter("type", assetType.name());
final var count = (Integer) q.getSingleResult(); final var count = (Integer) q.getSingleResult();
@ -1895,8 +1895,8 @@ public class ImportHostingAssets extends BaseOfficeDataImport {
//noinspection unchecked //noinspection unchecked
return ((List<List<?>>) em.createNativeQuery( return ((List<List<?>>) em.createNativeQuery(
""" """
SELECT li.* FROM hs_hosting_asset_legacy_id li SELECT li.* FROM hs_hosting.asset_legacy_id li
JOIN hs_hosting_asset ha ON ha.uuid=li.uuid JOIN hs_hosting.asset ha ON ha.uuid=li.uuid
WHERE CAST(ha.type AS text)=:type WHERE CAST(ha.type AS text)=:type
ORDER BY legacy_id ORDER BY legacy_id
""", """,
@ -1910,8 +1910,8 @@ public class ImportHostingAssets extends BaseOfficeDataImport {
//noinspection unchecked //noinspection unchecked
return ((List<List<?>>) em.createNativeQuery( return ((List<List<?>>) em.createNativeQuery(
""" """
SELECT ha.uuid, ha.type, ha.identifier FROM hs_hosting_asset ha SELECT ha.uuid, ha.type, ha.identifier FROM hs_hosting.asset ha
JOIN hs_hosting_asset_legacy_id li ON li.uuid=ha.uuid JOIN hs_hosting.asset_legacy_id li ON li.uuid=ha.uuid
WHERE li.legacy_id is null AND CAST(ha.type AS text)=:type WHERE li.legacy_id is null AND CAST(ha.type AS text)=:type
ORDER BY li.legacy_id ORDER BY li.legacy_id
""", """,

4
src/test/java/net/hostsharing/hsadminng/hs/office/coopassets/HsOfficeCoopAssetsTransactionControllerAcceptanceTest.java
View File

@ -391,9 +391,9 @@ class HsOfficeCoopAssetsTransactionControllerAcceptanceTest extends ContextBased
void cleanup() { void cleanup() {
jpaAttempt.transacted(() -> { jpaAttempt.transacted(() -> {
context.define("superuser-alex@hostsharing.net", null); context.define("superuser-alex@hostsharing.net", null);
// HsOfficeCoopAssetsTransactionEntity respectively hs_office.coopassetstransaction_rv // HsOfficeCoopAssetsTransactionEntity respectively hs_office.coopassettx_rv
// cannot be deleted at all, but the underlying table record can be deleted. // cannot be deleted at all, but the underlying table record can be deleted.
em.createNativeQuery("delete from hs_office.coopassetstransaction where reference like 'temp %'") em.createNativeQuery("delete from hs_office.coopassettx where reference like 'temp %'")
.executeUpdate(); .executeUpdate();
}).assertSuccessful(); }).assertSuccessful();
} }

30
src/test/java/net/hostsharing/hsadminng/hs/office/coopassets/HsOfficeCoopAssetsTransactionRepositoryIntegrationTest.java
View File

@ -112,8 +112,8 @@ class HsOfficeCoopAssetsTransactionRepositoryIntegrationTest extends ContextBase
.map(s -> s.replace("hs_office.", "")) .map(s -> s.replace("hs_office.", ""))
.containsExactlyInAnyOrder(Array.fromFormatted( .containsExactlyInAnyOrder(Array.fromFormatted(
initialGrantNames, initialGrantNames,
"{ grant perm:coopassetstransaction#temprefB:SELECT to role:membership#M-1000101:AGENT by system and assume }", "{ grant perm:coopassettx#temprefB:SELECT to role:membership#M-1000101:AGENT by system and assume }",
"{ grant perm:coopassetstransaction#temprefB:UPDATE to role:membership#M-1000101:ADMIN by system and assume }", "{ grant perm:coopassettx#temprefB:UPDATE to role:membership#M-1000101:ADMIN by system and assume }",
null)); null));
} }
@ -222,7 +222,7 @@ class HsOfficeCoopAssetsTransactionRepositoryIntegrationTest extends ContextBase
final var query = em.createNativeQuery(""" final var query = em.createNativeQuery("""
select currentTask, targetTable, targetOp, targetdelta->>'reference' select currentTask, targetTable, targetOp, targetdelta->>'reference'
from base.tx_journal_v from base.tx_journal_v
where targettable = 'hs_office.coopassetstransaction'; where targettable = 'hs_office.coopassettx';
"""); """);
// when // when
@ -230,18 +230,18 @@ class HsOfficeCoopAssetsTransactionRepositoryIntegrationTest extends ContextBase
// then // then
assertThat(customerLogEntries).map(Arrays::toString).contains( assertThat(customerLogEntries).map(Arrays::toString).contains(
"[creating coopAssetsTransaction test-data, hs_office.coopassetstransaction, INSERT, ref 1000101-1]", "[creating coopAssetsTransaction test-data, hs_office.coopassettx, INSERT, ref 1000101-1]",
"[creating coopAssetsTransaction test-data, hs_office.coopassetstransaction, INSERT, ref 1000101-2]", "[creating coopAssetsTransaction test-data, hs_office.coopassettx, INSERT, ref 1000101-2]",
"[creating coopAssetsTransaction test-data, hs_office.coopassetstransaction, INSERT, ref 1000101-3]", "[creating coopAssetsTransaction test-data, hs_office.coopassettx, INSERT, ref 1000101-3]",
"[creating coopAssetsTransaction test-data, hs_office.coopassetstransaction, INSERT, ref 1000101-3]", "[creating coopAssetsTransaction test-data, hs_office.coopassettx, INSERT, ref 1000101-3]",
"[creating coopAssetsTransaction test-data, hs_office.coopassetstransaction, INSERT, ref 1000202-1]", "[creating coopAssetsTransaction test-data, hs_office.coopassettx, INSERT, ref 1000202-1]",
"[creating coopAssetsTransaction test-data, hs_office.coopassetstransaction, INSERT, ref 1000202-2]", "[creating coopAssetsTransaction test-data, hs_office.coopassettx, INSERT, ref 1000202-2]",
"[creating coopAssetsTransaction test-data, hs_office.coopassetstransaction, INSERT, ref 1000202-3]", "[creating coopAssetsTransaction test-data, hs_office.coopassettx, INSERT, ref 1000202-3]",
"[creating coopAssetsTransaction test-data, hs_office.coopassetstransaction, INSERT, ref 1000202-3]", "[creating coopAssetsTransaction test-data, hs_office.coopassettx, INSERT, ref 1000202-3]",
"[creating coopAssetsTransaction test-data, hs_office.coopassetstransaction, INSERT, ref 1000303-1]", "[creating coopAssetsTransaction test-data, hs_office.coopassettx, INSERT, ref 1000303-1]",
"[creating coopAssetsTransaction test-data, hs_office.coopassetstransaction, INSERT, ref 1000303-2]", "[creating coopAssetsTransaction test-data, hs_office.coopassettx, INSERT, ref 1000303-2]",
"[creating coopAssetsTransaction test-data, hs_office.coopassetstransaction, INSERT, ref 1000303-3]", "[creating coopAssetsTransaction test-data, hs_office.coopassettx, INSERT, ref 1000303-3]",
"[creating coopAssetsTransaction test-data, hs_office.coopassetstransaction, INSERT, ref 1000303-3]"); "[creating coopAssetsTransaction test-data, hs_office.coopassettx, INSERT, ref 1000303-3]");
} }
@BeforeEach @BeforeEach

4
src/test/java/net/hostsharing/hsadminng/hs/office/coopshares/HsOfficeCoopSharesTransactionControllerAcceptanceTest.java
View File

@ -55,9 +55,9 @@ class HsOfficeCoopSharesTransactionControllerAcceptanceTest extends ContextBased
void cleanup() { void cleanup() {
jpaAttempt.transacted(() -> { jpaAttempt.transacted(() -> {
context.define("superuser-alex@hostsharing.net", null); context.define("superuser-alex@hostsharing.net", null);
// HsOfficeCoopSharesTransactionEntity respectively hs_office.coopsharestransaction_rv // HsOfficeCoopSharesTransactionEntity respectively hs_office.coopsharetx_rv
// cannot be deleted at all, but the underlying table record can be deleted. // cannot be deleted at all, but the underlying table record can be deleted.
em.createNativeQuery("delete from hs_office.coopsharestransaction where reference like 'temp %'").executeUpdate(); em.createNativeQuery("delete from hs_office.coopsharetx where reference like 'temp %'").executeUpdate();
}).assertSuccessful(); }).assertSuccessful();
} }

30
src/test/java/net/hostsharing/hsadminng/hs/office/coopshares/HsOfficeCoopSharesTransactionRepositoryIntegrationTest.java
View File

@ -111,8 +111,8 @@ class HsOfficeCoopSharesTransactionRepositoryIntegrationTest extends ContextBase
.map(s -> s.replace("hs_office.", "")) .map(s -> s.replace("hs_office.", ""))
.containsExactlyInAnyOrder(Array.fromFormatted( .containsExactlyInAnyOrder(Array.fromFormatted(
initialGrantNames, initialGrantNames,
"{ grant perm:coopsharestransaction#temprefB:SELECT to role:membership#M-1000101:AGENT by system and assume }", "{ grant perm:coopsharetx#temprefB:SELECT to role:membership#M-1000101:AGENT by system and assume }",
"{ grant perm:coopsharestransaction#temprefB:UPDATE to role:membership#M-1000101:ADMIN by system and assume }", "{ grant perm:coopsharetx#temprefB:UPDATE to role:membership#M-1000101:ADMIN by system and assume }",
null)); null));
} }
@ -221,7 +221,7 @@ class HsOfficeCoopSharesTransactionRepositoryIntegrationTest extends ContextBase
final var query = em.createNativeQuery(""" final var query = em.createNativeQuery("""
select currentTask, targetTable, targetOp, targetdelta->>'reference' select currentTask, targetTable, targetOp, targetdelta->>'reference'
from base.tx_journal_v from base.tx_journal_v
where targettable = 'hs_office.coopsharestransaction'; where targettable = 'hs_office.coopsharetx';
"""); """);
// when // when
@ -229,18 +229,18 @@ class HsOfficeCoopSharesTransactionRepositoryIntegrationTest extends ContextBase
// then // then
assertThat(customerLogEntries).map(Arrays::toString).contains( assertThat(customerLogEntries).map(Arrays::toString).contains(
"[creating coopSharesTransaction test-data, hs_office.coopsharestransaction, INSERT, ref 1000101-1]", "[creating coopSharesTransaction test-data, hs_office.coopsharetx, INSERT, ref 1000101-1]",
"[creating coopSharesTransaction test-data, hs_office.coopsharestransaction, INSERT, ref 1000101-2]", "[creating coopSharesTransaction test-data, hs_office.coopsharetx, INSERT, ref 1000101-2]",
"[creating coopSharesTransaction test-data, hs_office.coopsharestransaction, INSERT, ref 1000101-3]", "[creating coopSharesTransaction test-data, hs_office.coopsharetx, INSERT, ref 1000101-3]",
"[creating coopSharesTransaction test-data, hs_office.coopsharestransaction, INSERT, ref 1000101-4]", "[creating coopSharesTransaction test-data, hs_office.coopsharetx, INSERT, ref 1000101-4]",
"[creating coopSharesTransaction test-data, hs_office.coopsharestransaction, INSERT, ref 1000202-1]", "[creating coopSharesTransaction test-data, hs_office.coopsharetx, INSERT, ref 1000202-1]",
"[creating coopSharesTransaction test-data, hs_office.coopsharestransaction, INSERT, ref 1000202-2]", "[creating coopSharesTransaction test-data, hs_office.coopsharetx, INSERT, ref 1000202-2]",
"[creating coopSharesTransaction test-data, hs_office.coopsharestransaction, INSERT, ref 1000202-3]", "[creating coopSharesTransaction test-data, hs_office.coopsharetx, INSERT, ref 1000202-3]",
"[creating coopSharesTransaction test-data, hs_office.coopsharestransaction, INSERT, ref 1000202-4]", "[creating coopSharesTransaction test-data, hs_office.coopsharetx, INSERT, ref 1000202-4]",
"[creating coopSharesTransaction test-data, hs_office.coopsharestransaction, INSERT, ref 1000303-1]", "[creating coopSharesTransaction test-data, hs_office.coopsharetx, INSERT, ref 1000303-1]",
"[creating coopSharesTransaction test-data, hs_office.coopsharestransaction, INSERT, ref 1000303-2]", "[creating coopSharesTransaction test-data, hs_office.coopsharetx, INSERT, ref 1000303-2]",
"[creating coopSharesTransaction test-data, hs_office.coopsharestransaction, INSERT, ref 1000303-3]", "[creating coopSharesTransaction test-data, hs_office.coopsharetx, INSERT, ref 1000303-3]",
"[creating coopSharesTransaction test-data, hs_office.coopsharestransaction, INSERT, ref 1000303-4]"); "[creating coopSharesTransaction test-data, hs_office.coopsharetx, INSERT, ref 1000303-4]");
} }
@BeforeEach @BeforeEach

2
src/test/java/net/hostsharing/hsadminng/hs/office/debitor/HsOfficeDebitorRepositoryIntegrationTest.java
View File

@ -185,7 +185,7 @@ class HsOfficeDebitorRepositoryIntegrationTest extends ContextBasedTestWithClean
.containsExactlyInAnyOrder(Array.fromFormatted( .containsExactlyInAnyOrder(Array.fromFormatted(
initialGrantNames, initialGrantNames,
"{ grant perm:relation#FirstGmbH-with-DEBITOR-FourtheG:INSERT>sepamandate to role:relation#FirstGmbH-with-DEBITOR-FourtheG:ADMIN by system and assume }", "{ grant perm:relation#FirstGmbH-with-DEBITOR-FourtheG:INSERT>sepamandate to role:relation#FirstGmbH-with-DEBITOR-FourtheG:ADMIN by system and assume }",
"{ grant perm:relation#FirstGmbH-with-DEBITOR-FourtheG:INSERT>hs_booking_project to role:relation#FirstGmbH-with-DEBITOR-FourtheG:ADMIN by system and assume }", "{ grant perm:relation#FirstGmbH-with-DEBITOR-FourtheG:INSERT>hs_booking.project to role:relation#FirstGmbH-with-DEBITOR-FourtheG:ADMIN by system and assume }",
// owner // owner
"{ grant perm:debitor#D-1000122:DELETE to role:relation#FirstGmbH-with-DEBITOR-FourtheG:OWNER by system and assume }", "{ grant perm:debitor#D-1000122:DELETE to role:relation#FirstGmbH-with-DEBITOR-FourtheG:OWNER by system and assume }",

4
src/test/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipRepositoryIntegrationTest.java
View File

@ -118,8 +118,8 @@ class HsOfficeMembershipRepositoryIntegrationTest extends ContextBasedTestWithCl
.containsExactlyInAnyOrder(Array.fromFormatted( .containsExactlyInAnyOrder(Array.fromFormatted(
initialGrantNames, initialGrantNames,
// insert // insert
"{ grant perm:membership#M-1000117:INSERT>coopassetstransaction to role:membership#M-1000117:ADMIN by system and assume }", "{ grant perm:membership#M-1000117:INSERT>coopassettx to role:membership#M-1000117:ADMIN by system and assume }",
"{ grant perm:membership#M-1000117:INSERT>coopsharestransaction to role:membership#M-1000117:ADMIN by system and assume }", "{ grant perm:membership#M-1000117:INSERT>coopsharetx to role:membership#M-1000117:ADMIN by system and assume }",
// owner // owner
"{ grant perm:membership#M-1000117:DELETE to role:membership#M-1000117:ADMIN by system and assume }", "{ grant perm:membership#M-1000117:DELETE to role:membership#M-1000117:ADMIN by system and assume }",

3
src/test/java/net/hostsharing/hsadminng/hs/office/relation/HsOfficeRelationControllerAcceptanceTest.java
View File

@ -39,9 +39,6 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean
@Autowired @Autowired
Context context; Context context;
@Autowired
Context contextMock;
@Autowired @Autowired
HsOfficeRelationRealRepository relationrealRepo; HsOfficeRelationRealRepository relationrealRepo;

2
src/test/java/net/hostsharing/hsadminng/rbac/grant/RbacGrantsDiagramServiceIntegrationTest.java
View File

@ -95,7 +95,7 @@ class RbacGrantsDiagramServiceIntegrationTest extends ContextBasedTestWithCleanu
//final var graph = grantsMermaidService.allGrantsTocurrentSubject(EnumSet.of(Include.NON_TEST_ENTITIES, Include.PERMISSIONS)); //final var graph = grantsMermaidService.allGrantsTocurrentSubject(EnumSet.of(Include.NON_TEST_ENTITIES, Include.PERMISSIONS));
final var targetObject = (UUID) em.createNativeQuery("SELECT uuid FROM hs_office.coopassetstransaction WHERE reference='ref 1000101-1'").getSingleResult(); final var targetObject = (UUID) em.createNativeQuery("SELECT uuid FROM hs_office.coopassettx WHERE reference='ref 1000101-1'").getSingleResult();
final var graph = grantsMermaidService.allGrantsFrom(targetObject, "view", EnumSet.of(Include.USERS)); final var graph = grantsMermaidService.allGrantsFrom(targetObject, "view", EnumSet.of(Include.USERS));
RbacGrantsDiagramService.writeToFile(join(";", context.fetchAssumedRoles()), graph, "doc/all-grants.md"); RbacGrantsDiagramService.writeToFile(join(";", context.fetchAssumedRoles()), graph, "doc/all-grants.md");

Some files were not shown because too many files have changed in this diff Show More