2025-03-10 12:05:01 +01:00
3 changed files with 21 additions and 2 deletions
--- a/src/main/java/net/hostsharing/hsadminng/hs/office/relation/HsOfficeRelationRbacEntity.java
+++ b/src/main/java/net/hostsharing/hsadminng/hs/office/relation/HsOfficeRelationRbacEntity.java
@ -51,7 +51,7 @@ public class HsOfficeRelationRbacEntity extends HsOfficeRelation {
                        """))
                .withRestrictedViewOrderBy(SQL.expression(
                        "(select idName from hs_office.person_iv p where p.uuid = target.holderUuid)"))
-                .withUpdatableColumns("contactUuid")
+                .withUpdatableColumns("anchorUuid", "holderUuid", "contactUuid")
                .importEntityAlias("anchorPerson", HsOfficePersonRbacEntity.class, usingDefaultCase(),
                        dependsOnColumn("anchorUuid"),
                        directlyFetchedByDependsOnColumn(),
--- a/src/main/resources/db/changelog/5-hs-office/503-relation/5033-hs-office-relation-rbac.sql
+++ b/src/main/resources/db/changelog/5-hs-office/503-relation/5033-hs-office-relation-rbac.sql
@ -124,7 +124,9 @@ create or replace procedure hs_office.relation_update_rbac_system(
    language plpgsql as $$
 begin
-    if NEW.contactUuid is distinct from OLD.contactUuid then
+    if NEW.holderUuid is distinct from OLD.holderUuid
    or NEW.anchorUuid is distinct from OLD.anchorUuid
    or NEW.contactUuid is distinct from OLD.contactUuid then
        delete from rbac.grant g where g.grantedbytriggerof = OLD.uuid;
        call hs_office.relation_build_rbac_system(NEW);
    end if;
@ -248,6 +250,8 @@ call rbac.generateRbacRestrictedView('hs_office.relation',
        (select idName from hs_office.person_iv p where p.uuid = target.holderUuid)
    $orderBy$,
    $updates$
        anchorUuid = new.anchorUuid,
        holderUuid = new.holderUuid,
        contactUuid = new.contactUuid
    $updates$);
 --//
@ -305,3 +309,17 @@ END;
 $$;
 --//
 -- ============================================================================
 --changeset RbacRbacSystemRebuildGenerator:hs-office-relation-rbac-actually-rebuild runOnChange:true validCheckSum:ANY endDelimiter:--//
 -- ----------------------------------------------------------------------------
 begin transaction;
 call base.defineContext(
         're-creating RBAC for table hs_office.relation',
         null,
         'superuser-alex@hostsharing.net' -- FIXME: use env-var
  );
 call hs_office.relation_rebuild_rbac_system();
 commit;
 --//
--- a/src/test/java/net/hostsharing/hsadminng/hs/office/relation/HsOfficeRelationRepositoryIntegrationTest.java
+++ b/src/test/java/net/hostsharing/hsadminng/hs/office/relation/HsOfficeRelationRepositoryIntegrationTest.java
@ -28,6 +28,7 @@ import static net.hostsharing.hsadminng.hs.office.person.HsOfficePersonType.NATU
 import static net.hostsharing.hsadminng.hs.office.person.HsOfficePersonType.UNINCORPORATED_FIRM;
 import static net.hostsharing.hsadminng.rbac.grant.RawRbacGrantEntity.distinctGrantDisplaysOf;
 import static net.hostsharing.hsadminng.rbac.role.RawRbacRoleEntity.distinctRoleNamesOf;
 import static net.hostsharing.hsadminng.rbac.role.RbacRoleType.ADMIN;
 import static net.hostsharing.hsadminng.rbac.test.JpaAttempt.attempt;
 import static org.assertj.core.api.Assertions.assertThat;