RBAC Diagram+PostgreSQL Generator #21

Merged
hsh-michaelhoennig merged 54 commits from experimental-rbacview-generator into master 2024-03-11 12:30:44 +01:00
18 changed files with 62 additions and 40 deletions
Showing only changes of commit 8b78265e51 - Show all commits

View File

@ -20,14 +20,26 @@ public class RbacIdentityViewGenerator {
-- ============================================================================ -- ============================================================================
--changeset ${liquibaseTagPrefix}-rbac-IDENTITY-VIEW:1 endDelimiter:--// --changeset ${liquibaseTagPrefix}-rbac-IDENTITY-VIEW:1 endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call generateRbacIdentityView('${rawTableName}', $idName$
${identityViewSqlPart}
$idName$);
--//
""", """,
with("liquibaseTagPrefix", liquibaseTagPrefix), with("liquibaseTagPrefix", liquibaseTagPrefix));
with("identityViewSqlPart", rbacDef.getIdentityViewSqlQuery().sql), // TODO: other part types
with("rawTableName", rawTableName)); plPgSql.writeLn(
switch (rbacDef.getIdentityViewSqlQuery().part) {
case SQL_PROJECTION -> """
call generateRbacIdentityViewFromProjection('${rawTableName}', $idName$
${identityViewSqlPart}
$idName$);
""";
case SQL_QUERY -> """
call generateRbacIdentityViewFromProjection('${rawTableName}', $idName$
${identityViewSqlPart}
$idName$);
""";
default -> throw new IllegalStateException("illegal SQL part given");
},
with("identityViewSqlPart", rbacDef.getIdentityViewSqlQuery().sql),
with("rawTableName", rawTableName));
plPgSql.writeLn("--//");
} }
} }

View File

@ -91,7 +91,7 @@ end; $$;
--changeset rbac-generators-IDENTITY-VIEW:1 endDelimiter:--// --changeset rbac-generators-IDENTITY-VIEW:1 endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
create or replace procedure generateRbacIdentityView(targetTable text, idNameExpression text) create or replace procedure generateRbacIdentityViewFromQuery(targetTable text, sqlQuery text)
language plpgsql as $$ language plpgsql as $$
declare declare
sql text; sql text;
@ -100,11 +100,9 @@ begin
-- create a view to the target main table which maps an idName to the objectUuid -- create a view to the target main table which maps an idName to the objectUuid
sql = format($sql$ sql = format($sql$
create or replace view %1$s_iv as create or replace view %1$s_iv as %2$s;
select target.uuid, cleanIdentifier(%2$s) as idName
from %1$s as target;
grant all privileges on %1$s_iv to ${HSADMINNG_POSTGRES_RESTRICTED_USERNAME}; grant all privileges on %1$s_iv to ${HSADMINNG_POSTGRES_RESTRICTED_USERNAME};
$sql$, targetTable, idNameExpression); $sql$, targetTable, sqlQuery);
execute sql; execute sql;
-- creates a function which maps an idName to the objectUuid -- creates a function which maps an idName to the objectUuid
@ -129,6 +127,20 @@ begin
$sql$, targetTable); $sql$, targetTable);
execute sql; execute sql;
end; $$; end; $$;
create or replace procedure generateRbacIdentityViewFromProjection(targetTable text, sqlProjection text)
language plpgsql as $$
declare
sqlQuery text;
begin
targettable := lower(targettable);
sqlQuery = format($sql$
select target.uuid, cleanIdentifier(%2$s) as idName
from %1$s as target;
$sql$, targetTable, sqlProjection);
call generateRbacIdentityViewFromQuery(targetTable, sqlQuery);
end; $$;
--// --//

View File

@ -1,4 +1,4 @@
### rbac customer 2024-03-09T08:56:16.396142507 ### rbac customer 2024-03-10T11:42:41.089596517
```mermaid ```mermaid
%%{init:{'flowchart':{'htmlLabels':false}}}%% %%{init:{'flowchart':{'htmlLabels':false}}}%%

View File

@ -1,5 +1,5 @@
--liquibase formatted sql --liquibase formatted sql
-- This code generated was by RbacViewPostgresGenerator at 2024-03-09T08:56:16.421821997. -- This code generated was by RbacViewPostgresGenerator at 2024-03-10T11:42:41.121556631.
-- ============================================================================ -- ============================================================================
--changeset test-customer-rbac-OBJECT:1 endDelimiter:--// --changeset test-customer-rbac-OBJECT:1 endDelimiter:--//
@ -102,12 +102,12 @@ create trigger test_customer_insert_permission_check_tg
-- ============================================================================ -- ============================================================================
--changeset test-customer-rbac-IDENTITY-VIEW:1 endDelimiter:--// --changeset test-customer-rbac-IDENTITY-VIEW:1 endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call generateRbacIdentityView('test_customer', $idName$
call generateRbacIdentityViewFromProjection('test_customer', $idName$
prefix prefix
$idName$); $idName$);
--// --//
-- ============================================================================ -- ============================================================================
--changeset test-customer-rbac-RESTRICTED-VIEW:1 endDelimiter:--// --changeset test-customer-rbac-RESTRICTED-VIEW:1 endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------

View File

@ -1,4 +1,4 @@
### rbac package 2024-03-09T08:56:16.449886471 ### rbac package 2024-03-10T11:42:41.162678472
```mermaid ```mermaid
%%{init:{'flowchart':{'htmlLabels':false}}}%% %%{init:{'flowchart':{'htmlLabels':false}}}%%

View File

@ -1,5 +1,5 @@
--liquibase formatted sql --liquibase formatted sql
-- This code generated was by RbacViewPostgresGenerator at 2024-03-09T08:56:16.450322125. -- This code generated was by RbacViewPostgresGenerator at 2024-03-10T11:42:41.163393064.
-- ============================================================================ -- ============================================================================
--changeset test-package-rbac-OBJECT:1 endDelimiter:--// --changeset test-package-rbac-OBJECT:1 endDelimiter:--//
@ -205,12 +205,12 @@ create trigger test_package_insert_permission_check_tg
-- ============================================================================ -- ============================================================================
--changeset test-package-rbac-IDENTITY-VIEW:1 endDelimiter:--// --changeset test-package-rbac-IDENTITY-VIEW:1 endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call generateRbacIdentityView('test_package', $idName$
call generateRbacIdentityViewFromProjection('test_package', $idName$
name name
$idName$); $idName$);
--// --//
-- ============================================================================ -- ============================================================================
--changeset test-package-rbac-RESTRICTED-VIEW:1 endDelimiter:--// --changeset test-package-rbac-RESTRICTED-VIEW:1 endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------

View File

@ -1,5 +1,5 @@
--liquibase formatted sql --liquibase formatted sql
-- This code generated was by RbacViewPostgresGenerator at 2024-03-09T08:56:16.469632602. -- This code generated was by RbacViewPostgresGenerator at 2024-03-10T11:42:41.186902574.
-- ============================================================================ -- ============================================================================
--changeset test-domain-rbac-OBJECT:1 endDelimiter:--// --changeset test-domain-rbac-OBJECT:1 endDelimiter:--//
@ -204,12 +204,12 @@ create trigger test_domain_insert_permission_check_tg
-- ============================================================================ -- ============================================================================
--changeset test-domain-rbac-IDENTITY-VIEW:1 endDelimiter:--// --changeset test-domain-rbac-IDENTITY-VIEW:1 endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call generateRbacIdentityView('test_domain', $idName$
call generateRbacIdentityViewFromProjection('test_domain', $idName$
name name
$idName$); $idName$);
--// --//
-- ============================================================================ -- ============================================================================
--changeset test-domain-rbac-RESTRICTED-VIEW:1 endDelimiter:--// --changeset test-domain-rbac-RESTRICTED-VIEW:1 endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------

View File

@ -75,7 +75,7 @@ execute procedure createRbacRolesForHsOfficeContact();
--changeset hs-office-contact-rbac-IDENTITY-VIEW:1 endDelimiter:--// --changeset hs-office-contact-rbac-IDENTITY-VIEW:1 endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call generateRbacIdentityView('hs_office_contact', $idName$ call generateRbacIdentityViewFromProjection('hs_office_contact', $idName$
target.label target.label
$idName$); $idName$);
--// --//

View File

@ -73,7 +73,7 @@ execute procedure createRbacRolesForHsOfficePerson();
-- ============================================================================ -- ============================================================================
--changeset hs-office-person-rbac-IDENTITY-VIEW:1 endDelimiter:--// --changeset hs-office-person-rbac-IDENTITY-VIEW:1 endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call generateRbacIdentityView('hs_office_person', $idName$ call generateRbacIdentityViewFromProjection('hs_office_person', $idName$
concat(target.tradeName, target.familyName, target.givenName) concat(target.tradeName, target.familyName, target.givenName)
$idName$); $idName$);
--// --//

View File

@ -124,7 +124,7 @@ execute procedure hsOfficeRelationshipRbacRolesTrigger();
-- ============================================================================ -- ============================================================================
--changeset hs-office-relationship-rbac-IDENTITY-VIEW:1 endDelimiter:--// --changeset hs-office-relationship-rbac-IDENTITY-VIEW:1 endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call generateRbacIdentityView('hs_office_relationship', $idName$ call generateRbacIdentityViewFromProjection('hs_office_relationship', $idName$
(select idName from hs_office_person_iv p where p.uuid = target.relAnchorUuid) (select idName from hs_office_person_iv p where p.uuid = target.relAnchorUuid)
|| '-with-' || target.relType || '-' || || '-with-' || target.relType || '-' ||
(select idName from hs_office_person_iv p where p.uuid = target.relHolderUuid) (select idName from hs_office_person_iv p where p.uuid = target.relHolderUuid)

View File

@ -187,7 +187,7 @@ execute procedure hsOfficePartnerRbacRolesTrigger();
-- ============================================================================ -- ============================================================================
--changeset hs-office-partner-rbac-IDENTITY-VIEW:1 endDelimiter:--// --changeset hs-office-partner-rbac-IDENTITY-VIEW:1 endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call generateRbacIdentityView('hs_office_partner', $idName$ call generateRbacIdentityViewFromProjection('hs_office_partner', $idName$
partnerNumber || ':' || partnerNumber || ':' ||
(select idName from hs_office_person_iv p where p.uuid = target.personuuid) (select idName from hs_office_person_iv p where p.uuid = target.personuuid)
|| '-' || || '-' ||

View File

@ -10,7 +10,7 @@ call generateRelatedRbacObject('hs_office_partner_details');
-- ============================================================================ -- ============================================================================
--changeset hs-office-partner-details-rbac-IDENTITY-VIEW:1 endDelimiter:--// --changeset hs-office-partner-details-rbac-IDENTITY-VIEW:1 endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call generateRbacIdentityView('hs_office_partner_details', $idName$ call generateRbacIdentityViewFromProjection('hs_office_partner_details', $idName$
(select idName || '-details' from hs_office_partner_iv partner_iv (select idName || '-details' from hs_office_partner_iv partner_iv
join hs_office_partner partner on (partner_iv.uuid = partner.uuid) join hs_office_partner partner on (partner_iv.uuid = partner.uuid)
where partner.detailsUuid = target.uuid) where partner.detailsUuid = target.uuid)

View File

@ -74,7 +74,7 @@ execute procedure createRbacRolesForHsOfficeBankAccount();
--changeset hs-office-bankaccount-rbac-IDENTITY-VIEW:1 endDelimiter:--// --changeset hs-office-bankaccount-rbac-IDENTITY-VIEW:1 endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call generateRbacIdentityView('hs_office_bankaccount', $idName$ call generateRbacIdentityViewFromProjection('hs_office_bankaccount', $idName$
target.holder target.holder
$idName$); $idName$);
--// --//

View File

@ -94,7 +94,7 @@ execute procedure hsOfficeSepaMandateRbacRolesTrigger();
-- ============================================================================ -- ============================================================================
--changeset hs-office-sepamandate-rbac-IDENTITY-VIEW:1 endDelimiter:--// --changeset hs-office-sepamandate-rbac-IDENTITY-VIEW:1 endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call generateRbacIdentityView('hs_office_sepamandate', idNameExpression => 'target.reference'); call generateRbacIdentityViewFromProjection('hs_office_sepamandate', 'target.reference');
--// --//

View File

@ -173,7 +173,7 @@ execute procedure hsOfficeDebitorRbacRolesTrigger();
-- ============================================================================ -- ============================================================================
--changeset hs-office-debitor-rbac-IDENTITY-VIEW:1 endDelimiter:--// --changeset hs-office-debitor-rbac-IDENTITY-VIEW:1 endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call generateRbacIdentityView('hs_office_debitor', $idName$ call generateRbacIdentityViewFromProjection('hs_office_debitor', $idName$
'#' || '#' ||
(select partnerNumber from hs_office_partner p where p.uuid = target.partnerUuid) || (select partnerNumber from hs_office_partner p where p.uuid = target.partnerUuid) ||
to_char(debitorNumberSuffix, 'fm00') || to_char(debitorNumberSuffix, 'fm00') ||

View File

@ -93,7 +93,7 @@ execute procedure hsOfficeMembershipRbacRolesTrigger();
-- ============================================================================ -- ============================================================================
--changeset hs-office-membership-rbac-IDENTITY-VIEW:1 endDelimiter:--// --changeset hs-office-membership-rbac-IDENTITY-VIEW:1 endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call generateRbacIdentityView('hs_office_membership', idNameExpression => $idName$ call generateRbacIdentityViewFromProjection('hs_office_membership', $idName$
'#' || '#' ||
(select partnerNumber from hs_office_partner p where p.uuid = target.partnerUuid) || (select partnerNumber from hs_office_partner p where p.uuid = target.partnerUuid) ||
memberNumberSuffix || memberNumberSuffix ||

View File

@ -68,8 +68,7 @@ execute procedure hsOfficeCoopSharesTransactionRbacRolesTrigger();
-- ============================================================================ -- ============================================================================
--changeset hs-office-coopSharesTransaction-rbac-IDENTITY-VIEW:1 endDelimiter:--// --changeset hs-office-coopSharesTransaction-rbac-IDENTITY-VIEW:1 endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call generateRbacIdentityView('hs_office_coopSharesTransaction', call generateRbacIdentityViewFromProjection('hs_office_coopSharesTransaction', 'target.reference');
idNameExpression => 'target.reference');
--// --//

View File

@ -68,8 +68,7 @@ execute procedure hsOfficeCoopAssetsTransactionRbacRolesTrigger();
-- ============================================================================ -- ============================================================================
--changeset hs-office-coopAssetsTransaction-rbac-IDENTITY-VIEW:1 endDelimiter:--// --changeset hs-office-coopAssetsTransaction-rbac-IDENTITY-VIEW:1 endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
call generateRbacIdentityView('hs_office_coopAssetsTransaction', call generateRbacIdentityViewFromProjection('hs_office_coopAssetsTransaction', 'target.reference');
idNameExpression => 'target.reference');
--// --//