RBAC Diagram+PostgreSQL Generator #21
@ -20,14 +20,26 @@ public class RbacIdentityViewGenerator {
|
|||||||
-- ============================================================================
|
-- ============================================================================
|
||||||
--changeset ${liquibaseTagPrefix}-rbac-IDENTITY-VIEW:1 endDelimiter:--//
|
--changeset ${liquibaseTagPrefix}-rbac-IDENTITY-VIEW:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
call generateRbacIdentityView('${rawTableName}', $idName$
|
|
||||||
${identityViewSqlPart}
|
|
||||||
$idName$);
|
|
||||||
--//
|
|
||||||
|
|
||||||
""",
|
""",
|
||||||
with("liquibaseTagPrefix", liquibaseTagPrefix),
|
with("liquibaseTagPrefix", liquibaseTagPrefix));
|
||||||
with("identityViewSqlPart", rbacDef.getIdentityViewSqlQuery().sql), // TODO: other part types
|
|
||||||
with("rawTableName", rawTableName));
|
plPgSql.writeLn(
|
||||||
|
switch (rbacDef.getIdentityViewSqlQuery().part) {
|
||||||
|
case SQL_PROJECTION -> """
|
||||||
|
call generateRbacIdentityViewFromProjection('${rawTableName}', $idName$
|
||||||
|
${identityViewSqlPart}
|
||||||
|
$idName$);
|
||||||
|
""";
|
||||||
|
case SQL_QUERY -> """
|
||||||
|
call generateRbacIdentityViewFromProjection('${rawTableName}', $idName$
|
||||||
|
${identityViewSqlPart}
|
||||||
|
$idName$);
|
||||||
|
""";
|
||||||
|
default -> throw new IllegalStateException("illegal SQL part given");
|
||||||
|
},
|
||||||
|
with("identityViewSqlPart", rbacDef.getIdentityViewSqlQuery().sql),
|
||||||
|
with("rawTableName", rawTableName));
|
||||||
|
|
||||||
|
plPgSql.writeLn("--//");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -91,7 +91,7 @@ end; $$;
|
|||||||
--changeset rbac-generators-IDENTITY-VIEW:1 endDelimiter:--//
|
--changeset rbac-generators-IDENTITY-VIEW:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
|
|
||||||
create or replace procedure generateRbacIdentityView(targetTable text, idNameExpression text)
|
create or replace procedure generateRbacIdentityViewFromQuery(targetTable text, sqlQuery text)
|
||||||
language plpgsql as $$
|
language plpgsql as $$
|
||||||
declare
|
declare
|
||||||
sql text;
|
sql text;
|
||||||
@ -100,11 +100,9 @@ begin
|
|||||||
|
|
||||||
-- create a view to the target main table which maps an idName to the objectUuid
|
-- create a view to the target main table which maps an idName to the objectUuid
|
||||||
sql = format($sql$
|
sql = format($sql$
|
||||||
create or replace view %1$s_iv as
|
create or replace view %1$s_iv as %2$s;
|
||||||
select target.uuid, cleanIdentifier(%2$s) as idName
|
|
||||||
from %1$s as target;
|
|
||||||
grant all privileges on %1$s_iv to ${HSADMINNG_POSTGRES_RESTRICTED_USERNAME};
|
grant all privileges on %1$s_iv to ${HSADMINNG_POSTGRES_RESTRICTED_USERNAME};
|
||||||
$sql$, targetTable, idNameExpression);
|
$sql$, targetTable, sqlQuery);
|
||||||
execute sql;
|
execute sql;
|
||||||
|
|
||||||
-- creates a function which maps an idName to the objectUuid
|
-- creates a function which maps an idName to the objectUuid
|
||||||
@ -129,6 +127,20 @@ begin
|
|||||||
$sql$, targetTable);
|
$sql$, targetTable);
|
||||||
execute sql;
|
execute sql;
|
||||||
end; $$;
|
end; $$;
|
||||||
|
|
||||||
|
create or replace procedure generateRbacIdentityViewFromProjection(targetTable text, sqlProjection text)
|
||||||
|
language plpgsql as $$
|
||||||
|
declare
|
||||||
|
sqlQuery text;
|
||||||
|
begin
|
||||||
|
targettable := lower(targettable);
|
||||||
|
|
||||||
|
sqlQuery = format($sql$
|
||||||
|
select target.uuid, cleanIdentifier(%2$s) as idName
|
||||||
|
from %1$s as target;
|
||||||
|
$sql$, targetTable, sqlProjection);
|
||||||
|
call generateRbacIdentityViewFromQuery(targetTable, sqlQuery);
|
||||||
|
end; $$;
|
||||||
--//
|
--//
|
||||||
|
|
||||||
|
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
### rbac customer 2024-03-09T08:56:16.396142507
|
### rbac customer 2024-03-10T11:42:41.089596517
|
||||||
|
|
||||||
```mermaid
|
```mermaid
|
||||||
%%{init:{'flowchart':{'htmlLabels':false}}}%%
|
%%{init:{'flowchart':{'htmlLabels':false}}}%%
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
--liquibase formatted sql
|
--liquibase formatted sql
|
||||||
-- This code generated was by RbacViewPostgresGenerator at 2024-03-09T08:56:16.421821997.
|
-- This code generated was by RbacViewPostgresGenerator at 2024-03-10T11:42:41.121556631.
|
||||||
|
|
||||||
-- ============================================================================
|
-- ============================================================================
|
||||||
--changeset test-customer-rbac-OBJECT:1 endDelimiter:--//
|
--changeset test-customer-rbac-OBJECT:1 endDelimiter:--//
|
||||||
@ -102,12 +102,12 @@ create trigger test_customer_insert_permission_check_tg
|
|||||||
-- ============================================================================
|
-- ============================================================================
|
||||||
--changeset test-customer-rbac-IDENTITY-VIEW:1 endDelimiter:--//
|
--changeset test-customer-rbac-IDENTITY-VIEW:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
call generateRbacIdentityView('test_customer', $idName$
|
|
||||||
|
call generateRbacIdentityViewFromProjection('test_customer', $idName$
|
||||||
prefix
|
prefix
|
||||||
$idName$);
|
$idName$);
|
||||||
|
|
||||||
--//
|
--//
|
||||||
|
|
||||||
|
|
||||||
-- ============================================================================
|
-- ============================================================================
|
||||||
--changeset test-customer-rbac-RESTRICTED-VIEW:1 endDelimiter:--//
|
--changeset test-customer-rbac-RESTRICTED-VIEW:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
### rbac package 2024-03-09T08:56:16.449886471
|
### rbac package 2024-03-10T11:42:41.162678472
|
||||||
|
|
||||||
```mermaid
|
```mermaid
|
||||||
%%{init:{'flowchart':{'htmlLabels':false}}}%%
|
%%{init:{'flowchart':{'htmlLabels':false}}}%%
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
--liquibase formatted sql
|
--liquibase formatted sql
|
||||||
-- This code generated was by RbacViewPostgresGenerator at 2024-03-09T08:56:16.450322125.
|
-- This code generated was by RbacViewPostgresGenerator at 2024-03-10T11:42:41.163393064.
|
||||||
|
|
||||||
-- ============================================================================
|
-- ============================================================================
|
||||||
--changeset test-package-rbac-OBJECT:1 endDelimiter:--//
|
--changeset test-package-rbac-OBJECT:1 endDelimiter:--//
|
||||||
@ -205,12 +205,12 @@ create trigger test_package_insert_permission_check_tg
|
|||||||
-- ============================================================================
|
-- ============================================================================
|
||||||
--changeset test-package-rbac-IDENTITY-VIEW:1 endDelimiter:--//
|
--changeset test-package-rbac-IDENTITY-VIEW:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
call generateRbacIdentityView('test_package', $idName$
|
|
||||||
|
call generateRbacIdentityViewFromProjection('test_package', $idName$
|
||||||
name
|
name
|
||||||
$idName$);
|
$idName$);
|
||||||
|
|
||||||
--//
|
--//
|
||||||
|
|
||||||
|
|
||||||
-- ============================================================================
|
-- ============================================================================
|
||||||
--changeset test-package-rbac-RESTRICTED-VIEW:1 endDelimiter:--//
|
--changeset test-package-rbac-RESTRICTED-VIEW:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
--liquibase formatted sql
|
--liquibase formatted sql
|
||||||
-- This code generated was by RbacViewPostgresGenerator at 2024-03-09T08:56:16.469632602.
|
-- This code generated was by RbacViewPostgresGenerator at 2024-03-10T11:42:41.186902574.
|
||||||
|
|
||||||
-- ============================================================================
|
-- ============================================================================
|
||||||
--changeset test-domain-rbac-OBJECT:1 endDelimiter:--//
|
--changeset test-domain-rbac-OBJECT:1 endDelimiter:--//
|
||||||
@ -204,12 +204,12 @@ create trigger test_domain_insert_permission_check_tg
|
|||||||
-- ============================================================================
|
-- ============================================================================
|
||||||
--changeset test-domain-rbac-IDENTITY-VIEW:1 endDelimiter:--//
|
--changeset test-domain-rbac-IDENTITY-VIEW:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
call generateRbacIdentityView('test_domain', $idName$
|
|
||||||
|
call generateRbacIdentityViewFromProjection('test_domain', $idName$
|
||||||
name
|
name
|
||||||
$idName$);
|
$idName$);
|
||||||
|
|
||||||
--//
|
--//
|
||||||
|
|
||||||
|
|
||||||
-- ============================================================================
|
-- ============================================================================
|
||||||
--changeset test-domain-rbac-RESTRICTED-VIEW:1 endDelimiter:--//
|
--changeset test-domain-rbac-RESTRICTED-VIEW:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
|
@ -75,7 +75,7 @@ execute procedure createRbacRolesForHsOfficeContact();
|
|||||||
--changeset hs-office-contact-rbac-IDENTITY-VIEW:1 endDelimiter:--//
|
--changeset hs-office-contact-rbac-IDENTITY-VIEW:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
|
|
||||||
call generateRbacIdentityView('hs_office_contact', $idName$
|
call generateRbacIdentityViewFromProjection('hs_office_contact', $idName$
|
||||||
target.label
|
target.label
|
||||||
$idName$);
|
$idName$);
|
||||||
--//
|
--//
|
||||||
|
@ -73,7 +73,7 @@ execute procedure createRbacRolesForHsOfficePerson();
|
|||||||
-- ============================================================================
|
-- ============================================================================
|
||||||
--changeset hs-office-person-rbac-IDENTITY-VIEW:1 endDelimiter:--//
|
--changeset hs-office-person-rbac-IDENTITY-VIEW:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
call generateRbacIdentityView('hs_office_person', $idName$
|
call generateRbacIdentityViewFromProjection('hs_office_person', $idName$
|
||||||
concat(target.tradeName, target.familyName, target.givenName)
|
concat(target.tradeName, target.familyName, target.givenName)
|
||||||
$idName$);
|
$idName$);
|
||||||
--//
|
--//
|
||||||
|
@ -124,7 +124,7 @@ execute procedure hsOfficeRelationshipRbacRolesTrigger();
|
|||||||
-- ============================================================================
|
-- ============================================================================
|
||||||
--changeset hs-office-relationship-rbac-IDENTITY-VIEW:1 endDelimiter:--//
|
--changeset hs-office-relationship-rbac-IDENTITY-VIEW:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
call generateRbacIdentityView('hs_office_relationship', $idName$
|
call generateRbacIdentityViewFromProjection('hs_office_relationship', $idName$
|
||||||
(select idName from hs_office_person_iv p where p.uuid = target.relAnchorUuid)
|
(select idName from hs_office_person_iv p where p.uuid = target.relAnchorUuid)
|
||||||
|| '-with-' || target.relType || '-' ||
|
|| '-with-' || target.relType || '-' ||
|
||||||
(select idName from hs_office_person_iv p where p.uuid = target.relHolderUuid)
|
(select idName from hs_office_person_iv p where p.uuid = target.relHolderUuid)
|
||||||
|
@ -187,7 +187,7 @@ execute procedure hsOfficePartnerRbacRolesTrigger();
|
|||||||
-- ============================================================================
|
-- ============================================================================
|
||||||
--changeset hs-office-partner-rbac-IDENTITY-VIEW:1 endDelimiter:--//
|
--changeset hs-office-partner-rbac-IDENTITY-VIEW:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
call generateRbacIdentityView('hs_office_partner', $idName$
|
call generateRbacIdentityViewFromProjection('hs_office_partner', $idName$
|
||||||
partnerNumber || ':' ||
|
partnerNumber || ':' ||
|
||||||
(select idName from hs_office_person_iv p where p.uuid = target.personuuid)
|
(select idName from hs_office_person_iv p where p.uuid = target.personuuid)
|
||||||
|| '-' ||
|
|| '-' ||
|
||||||
|
@ -10,7 +10,7 @@ call generateRelatedRbacObject('hs_office_partner_details');
|
|||||||
-- ============================================================================
|
-- ============================================================================
|
||||||
--changeset hs-office-partner-details-rbac-IDENTITY-VIEW:1 endDelimiter:--//
|
--changeset hs-office-partner-details-rbac-IDENTITY-VIEW:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
call generateRbacIdentityView('hs_office_partner_details', $idName$
|
call generateRbacIdentityViewFromProjection('hs_office_partner_details', $idName$
|
||||||
(select idName || '-details' from hs_office_partner_iv partner_iv
|
(select idName || '-details' from hs_office_partner_iv partner_iv
|
||||||
join hs_office_partner partner on (partner_iv.uuid = partner.uuid)
|
join hs_office_partner partner on (partner_iv.uuid = partner.uuid)
|
||||||
where partner.detailsUuid = target.uuid)
|
where partner.detailsUuid = target.uuid)
|
||||||
|
@ -74,7 +74,7 @@ execute procedure createRbacRolesForHsOfficeBankAccount();
|
|||||||
--changeset hs-office-bankaccount-rbac-IDENTITY-VIEW:1 endDelimiter:--//
|
--changeset hs-office-bankaccount-rbac-IDENTITY-VIEW:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
|
|
||||||
call generateRbacIdentityView('hs_office_bankaccount', $idName$
|
call generateRbacIdentityViewFromProjection('hs_office_bankaccount', $idName$
|
||||||
target.holder
|
target.holder
|
||||||
$idName$);
|
$idName$);
|
||||||
--//
|
--//
|
||||||
|
@ -94,7 +94,7 @@ execute procedure hsOfficeSepaMandateRbacRolesTrigger();
|
|||||||
-- ============================================================================
|
-- ============================================================================
|
||||||
--changeset hs-office-sepamandate-rbac-IDENTITY-VIEW:1 endDelimiter:--//
|
--changeset hs-office-sepamandate-rbac-IDENTITY-VIEW:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
call generateRbacIdentityView('hs_office_sepamandate', idNameExpression => 'target.reference');
|
call generateRbacIdentityViewFromProjection('hs_office_sepamandate', 'target.reference');
|
||||||
--//
|
--//
|
||||||
|
|
||||||
|
|
||||||
|
@ -173,7 +173,7 @@ execute procedure hsOfficeDebitorRbacRolesTrigger();
|
|||||||
-- ============================================================================
|
-- ============================================================================
|
||||||
--changeset hs-office-debitor-rbac-IDENTITY-VIEW:1 endDelimiter:--//
|
--changeset hs-office-debitor-rbac-IDENTITY-VIEW:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
call generateRbacIdentityView('hs_office_debitor', $idName$
|
call generateRbacIdentityViewFromProjection('hs_office_debitor', $idName$
|
||||||
'#' ||
|
'#' ||
|
||||||
(select partnerNumber from hs_office_partner p where p.uuid = target.partnerUuid) ||
|
(select partnerNumber from hs_office_partner p where p.uuid = target.partnerUuid) ||
|
||||||
to_char(debitorNumberSuffix, 'fm00') ||
|
to_char(debitorNumberSuffix, 'fm00') ||
|
||||||
|
@ -93,7 +93,7 @@ execute procedure hsOfficeMembershipRbacRolesTrigger();
|
|||||||
-- ============================================================================
|
-- ============================================================================
|
||||||
--changeset hs-office-membership-rbac-IDENTITY-VIEW:1 endDelimiter:--//
|
--changeset hs-office-membership-rbac-IDENTITY-VIEW:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
call generateRbacIdentityView('hs_office_membership', idNameExpression => $idName$
|
call generateRbacIdentityViewFromProjection('hs_office_membership', $idName$
|
||||||
'#' ||
|
'#' ||
|
||||||
(select partnerNumber from hs_office_partner p where p.uuid = target.partnerUuid) ||
|
(select partnerNumber from hs_office_partner p where p.uuid = target.partnerUuid) ||
|
||||||
memberNumberSuffix ||
|
memberNumberSuffix ||
|
||||||
|
@ -68,8 +68,7 @@ execute procedure hsOfficeCoopSharesTransactionRbacRolesTrigger();
|
|||||||
-- ============================================================================
|
-- ============================================================================
|
||||||
--changeset hs-office-coopSharesTransaction-rbac-IDENTITY-VIEW:1 endDelimiter:--//
|
--changeset hs-office-coopSharesTransaction-rbac-IDENTITY-VIEW:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
call generateRbacIdentityView('hs_office_coopSharesTransaction',
|
call generateRbacIdentityViewFromProjection('hs_office_coopSharesTransaction', 'target.reference');
|
||||||
idNameExpression => 'target.reference');
|
|
||||||
--//
|
--//
|
||||||
|
|
||||||
|
|
||||||
|
@ -68,8 +68,7 @@ execute procedure hsOfficeCoopAssetsTransactionRbacRolesTrigger();
|
|||||||
-- ============================================================================
|
-- ============================================================================
|
||||||
--changeset hs-office-coopAssetsTransaction-rbac-IDENTITY-VIEW:1 endDelimiter:--//
|
--changeset hs-office-coopAssetsTransaction-rbac-IDENTITY-VIEW:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
call generateRbacIdentityView('hs_office_coopAssetsTransaction',
|
call generateRbacIdentityViewFromProjection('hs_office_coopAssetsTransaction', 'target.reference');
|
||||||
idNameExpression => 'target.reference');
|
|
||||||
--//
|
--//
|
||||||
|
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user