src/main/java/net/hostsharing/hsadminng/hs/office/person/HsOfficePersonEntity.java

@@ -67,6 +67,7 @@ public class HsOfficePersonEntity implements HasUuid, Stringifyable {
                     JOIN hs_office_relationship partnerRel
                         ON partnerRel.uuid = partner.partnerRoleUuid AND partnerRel.relType = 'PARTNER'
                     WHERE partnerRel.relHolderUuid = personUuid
+                    LIMIT 1
                 ) -- uuid would be ambiguous with outer uuid
                 """)
     private HsOfficePartnerEntity optionalPartner;

src/main/resources/db/changelog/233-hs-office-partner-rbac.md

@@ -1,6 +1,6 @@
 ### rbac partner
 
-This code generated was by RbacViewMermaidFlowchartGenerator at  2024-03-13T15:28:17.873062752.
+This code generated was by RbacViewMermaidFlowchartGenerator at  2024-03-16T12:04:46.219584452.
 
 ```mermaid
 %%{init:{'flowchart':{'htmlLabels':false}}}%%

src/main/resources/db/changelog/233-hs-office-partner-rbac.sql

@@ -1,5 +1,5 @@
 --liquibase formatted sql
--- This code generated was by RbacViewPostgresGenerator at 2024-03-13T15:28:17.881206014.
+-- This code generated was by RbacViewPostgresGenerator at 2024-03-16T12:04:46.225548817.
 
 
 -- ============================================================================
@@ -105,11 +105,12 @@ create or replace function hs_office_partner_global_insert_tf()
     strict as $$
 begin
     call grantPermissionToRole(
-            globalAdmin(),
-            createPermission(NEW.uuid, 'INSERT', 'hs_office_partner'));
+            createPermission(NEW.uuid, 'INSERT', 'hs_office_partner'),
+            globalAdmin());
     return NEW;
 end; $$;
 
+-- z_... is to put it at the end of after insert triggers, to make sure the roles exist
 create trigger z_hs_office_partner_global_insert_tg
     after insert on global
     for each row

src/main/resources/db/changelog/234-hs-office-partner-details-rbac.md

@@ -1,6 +1,6 @@
 ### rbac partnerDetails
 
-This code generated was by RbacViewMermaidFlowchartGenerator at  2024-03-13T15:35:19.438833295.
+This code generated was by RbacViewMermaidFlowchartGenerator at  2024-03-16T12:04:37.309540020.
 
 ```mermaid
 %%{init:{'flowchart':{'htmlLabels':false}}}%%

src/main/resources/db/changelog/234-hs-office-partner-details-rbac.sql

@@ -1,5 +1,5 @@
 --liquibase formatted sql
--- This code generated was by RbacViewPostgresGenerator at 2024-03-13T15:35:19.446996853.
+-- This code generated was by RbacViewPostgresGenerator at 2024-03-16T12:04:37.319601283.
 
 
 -- ============================================================================
@@ -90,11 +90,12 @@ create or replace function hs_office_partner_details_global_insert_tf()
     strict as $$
 begin
     call grantPermissionToRole(
-            globalAdmin(),
-            createPermission(NEW.uuid, 'INSERT', 'hs_office_partner_details'));
+            createPermission(NEW.uuid, 'INSERT', 'hs_office_partner_details'),
+            globalAdmin());
     return NEW;
 end; $$;
 
+-- z_... is to put it at the end of after insert triggers, to make sure the roles exist
 create trigger z_hs_office_partner_details_global_insert_tg
     after insert on global
     for each row

src/test/java/net/hostsharing/hsadminng/hs/office/coopassets/HsOfficeCoopAssetsTransactionRepositoryIntegrationTest.java

@@ -114,7 +114,7 @@ class HsOfficeCoopAssetsTransactionRepositoryIntegrationTest extends ContextBase
                     .map(s -> s.replace("hs_office_", ""))
                     .containsExactlyInAnyOrder(Array.fromFormatted(
                             initialGrantNames,
-                            "{ grant perm SELECT on coopassetstransaction#temprefB to role membership#1000101:....tenant by system and assume }",
+                            "{ grant perm SELECT on coopassetstransaction#temprefB to role membership#M-1000101.referrer by system and assume }",
                             null));
         }
 
@@ -195,10 +195,7 @@ class HsOfficeCoopAssetsTransactionRepositoryIntegrationTest extends ContextBase
         @Test
         public void representative_canViewRelatedCoopAssetsTransactions() {
             // given:
-            // TODO: once the debitor-relationship roles and grants are implemented, this should work:
-            // context("superuser-alex@hostsharing.net", "hs_office_person#FirbySusan.admin");
-            // for now we can only use the debitor admin, which would be a Hostsharing admin, though:
-            context("superuser-alex@hostsharing.net", "hs_office_debitor#1000111:FirstGmbH-firstcontact.admin");
+            context("superuser-alex@hostsharing.net", "hs_office_person#FirbySusan.admin");
 
             // when:
             final var result = coopAssetsTransactionRepo.findCoopAssetsTransactionByOptionalMembershipUuidAndDateRange(
@@ -209,10 +206,9 @@ class HsOfficeCoopAssetsTransactionRepositoryIntegrationTest extends ContextBase
             // then:
             exactlyTheseCoopAssetsTransactionsAreReturned(
                     result,
-                    // TODO: fix M-null to M-1000101 once the debitor+memberhip grants are amended to partner relationship
-                    "CoopAssetsTransaction(M-null: 2010-03-15, DEPOSIT, 320.00, ref 1000101-1, initial deposit)",
-                    "CoopAssetsTransaction(M-null: 2021-09-01, DISBURSAL, -128.00, ref 1000101-2, partial disbursal)",
-                    "CoopAssetsTransaction(M-null: 2022-10-20, ADJUSTMENT, 128.00, ref 1000101-3, some adjustment)");
+                    "CoopAssetsTransaction(M-1000101: 2010-03-15, DEPOSIT, 320.00, ref 1000101-1, initial deposit)",
+                    "CoopAssetsTransaction(M-1000101: 2021-09-01, DISBURSAL, -128.00, ref 1000101-2, partial disbursal)",
+                    "CoopAssetsTransaction(M-1000101: 2022-10-20, ADJUSTMENT, 128.00, ref 1000101-3, some adjustment)");
         }
     }
 

src/test/java/net/hostsharing/hsadminng/hs/office/debitor/HsOfficeDebitorRepositoryIntegrationTest.java

@@ -286,7 +286,8 @@ class HsOfficeDebitorRepositoryIntegrationTest extends ContextBasedTestWithClean
             final var result = debitorRepo.findDebitorByDebitorNumber(1000313);
 
             // then
-            exactlyTheseDebitorsAreReturned(result, "debitor(D-1000313: P-10003, thi)");
+            exactlyTheseDebitorsAreReturned(result,
+                    "debitor(D-1000313: rel(relAnchor='IF Third OHG', relType='ACCOUNTING', relHolder='IF Third OHG'), thi)");
         }
     }
 
@@ -442,12 +443,12 @@ class HsOfficeDebitorRepositoryIntegrationTest extends ContextBasedTestWithClean
             final var givenDebitor = givenSomeTemporaryDebitor("Fourth", "eighth", "Fourth", "eig");
             assertThatDebitorIsVisibleForUserWithRole(
                     givenDebitor,
-                    "hs_office_partner#10004:FourtheG-fourthcontact.admin");
+                    "hs_office_relationship#HostsharingeG-with-PARTNER-FourtheG.admin");
             assertThatDebitorActuallyInDatabase(givenDebitor);
 
             // when
             final var result = jpaAttempt.transacted(() -> {
-                context("superuser-alex@hostsharing.net", "hs_office_partner#10004:FourtheG-fourthcontact.admin");
+                context("superuser-alex@hostsharing.net", "hs_office_relationship#HostsharingeG-with-PARTNER-FourtheG.admin");
                 givenDebitor.setVatId("NEW-VAT-ID");
                 return toCleanup(debitorRepo.save(givenDebitor));
             });
@@ -536,7 +537,7 @@ class HsOfficeDebitorRepositoryIntegrationTest extends ContextBasedTestWithClean
 
             // when
             final var result = jpaAttempt.transacted(() -> {
-                context("superuser-alex@hostsharing.net", "hs_office_debitor#D-1000420.agent");
+                context("superuser-alex@hostsharing.net", "hs_office_relationship#FourtheG-with-ACCOUNTING-FourtheG.admin");
                 assertThat(debitorRepo.findByUuid(givenDebitor.getUuid())).isPresent();
 
                 debitorRepo.deleteByUuid(givenDebitor.getUuid());