improved RBAC generators #26
@ -149,14 +149,13 @@ public class RbacViewMermaidFlowchartGenerator {
|
|||||||
"""
|
"""
|
||||||
### rbac %{entityAlias}
|
### rbac %{entityAlias}
|
||||||
|
|
||||||
This code generated was by RbacViewMermaidFlowchartGenerator at %{timestamp}.
|
This code generated was by RbacViewMermaidFlowchartGenerator, do not amend manually.
|
||||||
|
|
||||||
```mermaid
|
```mermaid
|
||||||
%{flowchart}
|
%{flowchart}
|
||||||
```
|
```
|
||||||
"""
|
"""
|
||||||
.replace("%{entityAlias}", rbacDef.getRootEntityAlias().aliasName())
|
.replace("%{entityAlias}", rbacDef.getRootEntityAlias().aliasName())
|
||||||
.replace("%{timestamp}", LocalDateTime.now().toString())
|
|
||||||
.replace("%{flowchart}", flowchart.toString()),
|
.replace("%{flowchart}", flowchart.toString()),
|
||||||
StandardOpenOption.CREATE, StandardOpenOption.TRUNCATE_EXISTING);
|
StandardOpenOption.CREATE, StandardOpenOption.TRUNCATE_EXISTING);
|
||||||
System.out.println("Markdown-File: " + path.toAbsolutePath());
|
System.out.println("Markdown-File: " + path.toAbsolutePath());
|
||||||
|
@ -21,10 +21,9 @@ public class RbacViewPostgresGenerator {
|
|||||||
liqibaseTagPrefix = rbacDef.getRootEntityAlias().getRawTableName().replace("_", "-");
|
liqibaseTagPrefix = rbacDef.getRootEntityAlias().getRawTableName().replace("_", "-");
|
||||||
plPgSql.writeLn("""
|
plPgSql.writeLn("""
|
||||||
--liquibase formatted sql
|
--liquibase formatted sql
|
||||||
-- This code generated was by ${generator} at ${timestamp}.
|
-- This code generated was by ${generator}, do not amend manually.
|
||||||
""",
|
""",
|
||||||
with("generator", getClass().getSimpleName()),
|
with("generator", getClass().getSimpleName()),
|
||||||
with("timestamp", LocalDateTime.now().toString()),
|
|
||||||
with("ref", NEW.name()));
|
with("ref", NEW.name()));
|
||||||
|
|
||||||
new RbacObjectGenerator(rbacDef, liqibaseTagPrefix).generateTo(plPgSql);
|
new RbacObjectGenerator(rbacDef, liqibaseTagPrefix).generateTo(plPgSql);
|
||||||
|
@ -41,8 +41,7 @@ public class TestCustomerEntity implements HasUuid {
|
|||||||
.withIdentityView(SQL.projection("prefix"))
|
.withIdentityView(SQL.projection("prefix"))
|
||||||
.withRestrictedViewOrderBy(SQL.expression("reference"))
|
.withRestrictedViewOrderBy(SQL.expression("reference"))
|
||||||
.withUpdatableColumns("reference", "prefix", "adminUserName")
|
.withUpdatableColumns("reference", "prefix", "adminUserName")
|
||||||
// TODO: do we want explicit specification of parent-independent insert permissions?
|
.toRole("global", ADMIN).grantPermission(INSERT)
|
||||||
// .toRole("global", ADMIN).grantPermission("customer", INSERT)
|
|
||||||
|
|
||||||
.createRole(OWNER, (with) -> {
|
.createRole(OWNER, (with) -> {
|
||||||
with.owningUser(CREATOR).unassumed();
|
with.owningUser(CREATOR).unassumed();
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
### rbac customer
|
### rbac customer
|
||||||
|
|
||||||
This code generated was by RbacViewMermaidFlowchartGenerator at 2024-03-22T14:44:19.425403022.
|
This code generated was by RbacViewMermaidFlowchartGenerator, do not amend manually.
|
||||||
|
|
||||||
```mermaid
|
```mermaid
|
||||||
%%{init:{'flowchart':{'htmlLabels':false}}}%%
|
%%{init:{'flowchart':{'htmlLabels':false}}}%%
|
||||||
@ -21,6 +21,7 @@ subgraph customer["`**customer**`"]
|
|||||||
subgraph customer:permissions[ ]
|
subgraph customer:permissions[ ]
|
||||||
style customer:permissions fill:#dd4901,stroke:white
|
style customer:permissions fill:#dd4901,stroke:white
|
||||||
|
|
||||||
|
perm:customer:INSERT{{customer:INSERT}}
|
||||||
perm:customer:DELETE{{customer:DELETE}}
|
perm:customer:DELETE{{customer:DELETE}}
|
||||||
perm:customer:UPDATE{{customer:UPDATE}}
|
perm:customer:UPDATE{{customer:UPDATE}}
|
||||||
perm:customer:SELECT{{customer:SELECT}}
|
perm:customer:SELECT{{customer:SELECT}}
|
||||||
@ -36,6 +37,7 @@ role:customer:owner ==> role:customer:admin
|
|||||||
role:customer:admin ==> role:customer:tenant
|
role:customer:admin ==> role:customer:tenant
|
||||||
|
|
||||||
%% granting permissions to roles
|
%% granting permissions to roles
|
||||||
|
role:global:admin ==> perm:customer:INSERT
|
||||||
role:customer:owner ==> perm:customer:DELETE
|
role:customer:owner ==> perm:customer:DELETE
|
||||||
role:customer:admin ==> perm:customer:UPDATE
|
role:customer:admin ==> perm:customer:UPDATE
|
||||||
role:customer:tenant ==> perm:customer:SELECT
|
role:customer:tenant ==> perm:customer:SELECT
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
--liquibase formatted sql
|
--liquibase formatted sql
|
||||||
-- This code generated was by RbacViewPostgresGenerator at 2024-03-22T14:44:19.441879428.
|
-- This code generated was by RbacViewPostgresGenerator, do not amend manually.
|
||||||
|
|
||||||
|
|
||||||
-- ============================================================================
|
-- ============================================================================
|
||||||
@ -80,6 +80,46 @@ execute procedure insertTriggerForTestCustomer_tf();
|
|||||||
--changeset test-customer-rbac-INSERT:1 endDelimiter:--//
|
--changeset test-customer-rbac-INSERT:1 endDelimiter:--//
|
||||||
-- ----------------------------------------------------------------------------
|
-- ----------------------------------------------------------------------------
|
||||||
|
|
||||||
|
/*
|
||||||
|
Creates INSERT INTO test_customer permissions for the related global rows.
|
||||||
|
*/
|
||||||
|
do language plpgsql $$
|
||||||
|
declare
|
||||||
|
row global;
|
||||||
|
permissionUuid uuid;
|
||||||
|
roleUuid uuid;
|
||||||
|
begin
|
||||||
|
call defineContext('create INSERT INTO test_customer permissions for the related global rows');
|
||||||
|
|
||||||
|
FOR row IN SELECT * FROM global
|
||||||
|
LOOP
|
||||||
|
roleUuid := findRoleId(globalAdmin());
|
||||||
|
permissionUuid := createPermission(row.uuid, 'INSERT', 'test_customer');
|
||||||
|
call grantPermissionToRole(permissionUuid, roleUuid);
|
||||||
|
END LOOP;
|
||||||
|
END;
|
||||||
|
$$;
|
||||||
|
|
||||||
|
/**
|
||||||
|
Adds test_customer INSERT permission to specified role of new global rows.
|
||||||
|
*/
|
||||||
|
create or replace function test_customer_global_insert_tf()
|
||||||
|
returns trigger
|
||||||
|
language plpgsql
|
||||||
|
strict as $$
|
||||||
|
begin
|
||||||
|
call grantPermissionToRole(
|
||||||
|
createPermission(NEW.uuid, 'INSERT', 'test_customer'),
|
||||||
|
globalAdmin());
|
||||||
|
return NEW;
|
||||||
|
end; $$;
|
||||||
|
|
||||||
|
-- z_... is to put it at the end of after insert triggers, to make sure the roles exist
|
||||||
|
create trigger z_test_customer_global_insert_tg
|
||||||
|
after insert on global
|
||||||
|
for each row
|
||||||
|
execute procedure test_customer_global_insert_tf();
|
||||||
|
|
||||||
/**
|
/**
|
||||||
Checks if the user or assumed roles are allowed to insert a row to test_customer,
|
Checks if the user or assumed roles are allowed to insert a row to test_customer,
|
||||||
where only global-admin has that permission.
|
where only global-admin has that permission.
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
### rbac package
|
### rbac package
|
||||||
|
|
||||||
This code generated was by RbacViewMermaidFlowchartGenerator at 2024-03-22T14:44:19.484173294.
|
This code generated was by RbacViewMermaidFlowchartGenerator, do not amend manually.
|
||||||
|
|
||||||
```mermaid
|
```mermaid
|
||||||
%%{init:{'flowchart':{'htmlLabels':false}}}%%
|
%%{init:{'flowchart':{'htmlLabels':false}}}%%
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
--liquibase formatted sql
|
--liquibase formatted sql
|
||||||
-- This code generated was by RbacViewPostgresGenerator at 2024-03-22T14:44:19.484728385.
|
-- This code generated was by RbacViewPostgresGenerator, do not amend manually.
|
||||||
|
|
||||||
|
|
||||||
-- ============================================================================
|
-- ============================================================================
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
### rbac domain
|
### rbac domain
|
||||||
|
|
||||||
This code generated was by RbacViewMermaidFlowchartGenerator at 2024-03-22T14:44:19.510830235.
|
This code generated was by RbacViewMermaidFlowchartGenerator, do not amend manually.
|
||||||
|
|
||||||
```mermaid
|
```mermaid
|
||||||
%%{init:{'flowchart':{'htmlLabels':false}}}%%
|
%%{init:{'flowchart':{'htmlLabels':false}}}%%
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
--liquibase formatted sql
|
--liquibase formatted sql
|
||||||
-- This code generated was by RbacViewPostgresGenerator at 2024-03-22T14:44:19.511320177.
|
-- This code generated was by RbacViewPostgresGenerator, do not amend manually.
|
||||||
|
|
||||||
|
|
||||||
-- ============================================================================
|
-- ============================================================================
|
||||||
|
@ -29,6 +29,7 @@ class TestCustomerEntityUnitTest {
|
|||||||
subgraph customer:permissions[ ]
|
subgraph customer:permissions[ ]
|
||||||
style customer:permissions fill:#dd4901,stroke:white
|
style customer:permissions fill:#dd4901,stroke:white
|
||||||
|
|
||||||
|
perm:customer:INSERT{{customer:INSERT}}
|
||||||
perm:customer:DELETE{{customer:DELETE}}
|
perm:customer:DELETE{{customer:DELETE}}
|
||||||
perm:customer:UPDATE{{customer:UPDATE}}
|
perm:customer:UPDATE{{customer:UPDATE}}
|
||||||
perm:customer:SELECT{{customer:SELECT}}
|
perm:customer:SELECT{{customer:SELECT}}
|
||||||
@ -44,6 +45,7 @@ class TestCustomerEntityUnitTest {
|
|||||||
role:customer:admin ==> role:customer:tenant
|
role:customer:admin ==> role:customer:tenant
|
||||||
|
|
||||||
%% granting permissions to roles
|
%% granting permissions to roles
|
||||||
|
role:global:admin ==> perm:customer:INSERT
|
||||||
role:customer:owner ==> perm:customer:DELETE
|
role:customer:owner ==> perm:customer:DELETE
|
||||||
role:customer:admin ==> perm:customer:UPDATE
|
role:customer:admin ==> perm:customer:UPDATE
|
||||||
role:customer:tenant ==> perm:customer:SELECT
|
role:customer:tenant ==> perm:customer:SELECT
|
||||||
|
Loading…
Reference in New Issue
Block a user