hostsharing/hs.hsadmin.ng
6
0
Fork 0
Code Pull Requests 2 Activity

add advanced scenario-tests for coop-assets #123

Merged
hsh-michaelhoennig merged 24 commits from feature/add-advanced-scenario-tests-for-coop-assets into master 2024-11-25 16:06:26 +01:00
Conversation 0 Commits 24 Files Changed 28 +1 -25
2 changed files with 1 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit 35d179cd95 - Show all commits

2
src/main/resources/db/changelog/1-rbac/1058-rbac-generators.sql
View File

@ -223,7 +223,7 @@ begin
) )
select target.* select target.*
from %1$s as target from %1$s as target
where rbac.hasGlobalAdminRole() or target.uuid in (select * from accessible_uuids) where target.uuid in (select * from accessible_uuids)
order by %2$s; order by %2$s;
grant all privileges on %1$s_rv to ${HSADMINNG_POSTGRES_RESTRICTED_USERNAME}; grant all privileges on %1$s_rv to ${HSADMINNG_POSTGRES_RESTRICTED_USERNAME};

24
src/main/resources/db/changelog/1-rbac/1080-rbac-global.sql
View File

@ -35,30 +35,6 @@ end; $$;
--// --//
-- ============================================================================
--changeset michael.hoennig:rbac-global-HAS-GLOBAL-ADMIN-ROLE endDelimiter:--//
-- ----------------------------------------------------------------------------
/*
Returns true if the current user is a global admin and has no assumed role.
*/
create or replace function rbac.hasGlobalAdminRole()
returns boolean
stable -- leakproof
language plpgsql as $$
declare
currentSubjectOrAssumedRolesUuids text;
begin
begin
currentSubjectOrAssumedRolesUuids := current_setting('hsadminng.currentSubjectOrAssumedRolesUuids');
exception
when others then
currentSubjectOrAssumedRolesUuids := null;
end;
return currentSubjectOrAssumedRolesUuids is null or length(currentSubjectOrAssumedRolesUuids) = 0;
end; $$;
--//
-- ============================================================================ -- ============================================================================
--changeset michael.hoennig:rbac-global-HAS-GLOBAL-PERMISSION endDelimiter:--// --changeset michael.hoennig:rbac-global-HAS-GLOBAL-PERMISSION endDelimiter:--//
-- ------------------------------------------------------------------ -- ------------------------------------------------------------------