uniform idnames #28
@ -27,7 +27,6 @@ import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.RbacUserReference.
|
||||
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.ADMIN;
|
||||
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.AGENT;
|
||||
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.OWNER;
|
||||
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.REFERRER;
|
||||
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.TENANT;
|
||||
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.SQL.fetchedBySql;
|
||||
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.rbacViewFor;
|
||||
|
@ -42,7 +42,7 @@ subgraph membership["`**membership**`"]
|
||||
|
||||
role:membership:OWNER[[membership:OWNER]]
|
||||
role:membership:ADMIN[[membership:ADMIN]]
|
||||
role:membership:REFERRER[[membership:REFERRER]]
|
||||
role:membership:AGENT[[membership:AGENT]]
|
||||
end
|
||||
|
||||
subgraph membership:permissions[ ]
|
||||
@ -105,16 +105,16 @@ role:partnerRel.contact:ADMIN -.-> role:partnerRel:TENANT
|
||||
role:partnerRel:TENANT -.-> role:partnerRel.anchorPerson:REFERRER
|
||||
role:partnerRel:TENANT -.-> role:partnerRel.holderPerson:REFERRER
|
||||
role:partnerRel:TENANT -.-> role:partnerRel.contact:REFERRER
|
||||
role:partnerRel:ADMIN ==> role:membership:OWNER
|
||||
role:membership:OWNER ==> role:membership:ADMIN
|
||||
role:partnerRel:AGENT ==> role:membership:ADMIN
|
||||
role:membership:ADMIN ==> role:membership:REFERRER
|
||||
role:membership:REFERRER ==> role:partnerRel:TENANT
|
||||
role:partnerRel:ADMIN ==> role:membership:ADMIN
|
||||
role:membership:ADMIN ==> role:membership:AGENT
|
||||
role:partnerRel:AGENT ==> role:membership:AGENT
|
||||
role:membership:AGENT ==> role:partnerRel:TENANT
|
||||
|
||||
%% granting permissions to roles
|
||||
role:global:ADMIN ==> perm:membership:INSERT
|
||||
role:membership:OWNER ==> perm:membership:DELETE
|
||||
role:membership:ADMIN ==> perm:membership:DELETE
|
||||
role:membership:ADMIN ==> perm:membership:UPDATE
|
||||
role:membership:REFERRER ==> perm:membership:SELECT
|
||||
role:membership:AGENT ==> perm:membership:SELECT
|
||||
|
||||
```
|
||||
|
@ -45,23 +45,23 @@ begin
|
||||
|
||||
perform createRoleWithGrants(
|
||||
hsOfficeMembershipOWNER(NEW),
|
||||
permissions => array['DELETE'],
|
||||
incomingSuperRoles => array[hsOfficeRelationADMIN(newPartnerRel)],
|
||||
userUuids => array[currentUserUuid()]
|
||||
);
|
||||
|
||||
perform createRoleWithGrants(
|
||||
hsOfficeMembershipADMIN(NEW),
|
||||
permissions => array['UPDATE'],
|
||||
permissions => array['DELETE', 'UPDATE'],
|
||||
incomingSuperRoles => array[
|
||||
hsOfficeMembershipOWNER(NEW),
|
||||
hsOfficeRelationAGENT(newPartnerRel)]
|
||||
hsOfficeRelationADMIN(newPartnerRel)]
|
||||
);
|
||||
|
||||
perform createRoleWithGrants(
|
||||
hsOfficeMembershipREFERRER(NEW),
|
||||
hsOfficeMembershipAGENT(NEW),
|
||||
permissions => array['SELECT'],
|
||||
incomingSuperRoles => array[hsOfficeMembershipADMIN(NEW)],
|
||||
incomingSuperRoles => array[
|
||||
hsOfficeMembershipADMIN(NEW),
|
||||
hsOfficeRelationAGENT(newPartnerRel)],
|
||||
outgoingSubRoles => array[hsOfficeRelationTENANT(newPartnerRel)]
|
||||
);
|
||||
|
||||
|
@ -13,9 +13,9 @@ subgraph membership.partnerRel.holderPerson["`**membership.partnerRel.holderPers
|
||||
subgraph membership.partnerRel.holderPerson:roles[ ]
|
||||
style membership.partnerRel.holderPerson:roles fill:#99bcdb,stroke:white
|
||||
|
||||
role:membership.partnerRel.holderPerson:owner[[membership.partnerRel.holderPerson:owner]]
|
||||
role:membership.partnerRel.holderPerson:admin[[membership.partnerRel.holderPerson:admin]]
|
||||
role:membership.partnerRel.holderPerson:referrer[[membership.partnerRel.holderPerson:referrer]]
|
||||
role:membership.partnerRel.holderPerson:OWNER[[membership.partnerRel.holderPerson:OWNER]]
|
||||
role:membership.partnerRel.holderPerson:ADMIN[[membership.partnerRel.holderPerson:ADMIN]]
|
||||
role:membership.partnerRel.holderPerson:REFERRER[[membership.partnerRel.holderPerson:REFERRER]]
|
||||
end
|
||||
end
|
||||
|
||||
@ -26,9 +26,9 @@ subgraph membership.partnerRel.anchorPerson["`**membership.partnerRel.anchorPers
|
||||
subgraph membership.partnerRel.anchorPerson:roles[ ]
|
||||
style membership.partnerRel.anchorPerson:roles fill:#99bcdb,stroke:white
|
||||
|
||||
role:membership.partnerRel.anchorPerson:owner[[membership.partnerRel.anchorPerson:owner]]
|
||||
role:membership.partnerRel.anchorPerson:admin[[membership.partnerRel.anchorPerson:admin]]
|
||||
role:membership.partnerRel.anchorPerson:referrer[[membership.partnerRel.anchorPerson:referrer]]
|
||||
role:membership.partnerRel.anchorPerson:OWNER[[membership.partnerRel.anchorPerson:OWNER]]
|
||||
role:membership.partnerRel.anchorPerson:ADMIN[[membership.partnerRel.anchorPerson:ADMIN]]
|
||||
role:membership.partnerRel.anchorPerson:REFERRER[[membership.partnerRel.anchorPerson:REFERRER]]
|
||||
end
|
||||
end
|
||||
|
||||
@ -49,103 +49,12 @@ subgraph membership["`**membership**`"]
|
||||
direction TB
|
||||
style membership fill:#99bcdb,stroke:#274d6e,stroke-width:8px
|
||||
|
||||
subgraph membership.partnerRel.holderPerson["`**membership.partnerRel.holderPerson**`"]
|
||||
direction TB
|
||||
style membership.partnerRel.holderPerson fill:#99bcdb,stroke:#274d6e,stroke-width:8px
|
||||
|
||||
subgraph membership.partnerRel.holderPerson:roles[ ]
|
||||
style membership.partnerRel.holderPerson:roles fill:#99bcdb,stroke:white
|
||||
|
||||
role:membership.partnerRel.holderPerson:owner[[membership.partnerRel.holderPerson:owner]]
|
||||
role:membership.partnerRel.holderPerson:admin[[membership.partnerRel.holderPerson:admin]]
|
||||
role:membership.partnerRel.holderPerson:referrer[[membership.partnerRel.holderPerson:referrer]]
|
||||
end
|
||||
end
|
||||
|
||||
subgraph membership.partnerRel.anchorPerson["`**membership.partnerRel.anchorPerson**`"]
|
||||
direction TB
|
||||
style membership.partnerRel.anchorPerson fill:#99bcdb,stroke:#274d6e,stroke-width:8px
|
||||
|
||||
subgraph membership.partnerRel.anchorPerson:roles[ ]
|
||||
style membership.partnerRel.anchorPerson:roles fill:#99bcdb,stroke:white
|
||||
|
||||
role:membership.partnerRel.anchorPerson:owner[[membership.partnerRel.anchorPerson:owner]]
|
||||
role:membership.partnerRel.anchorPerson:admin[[membership.partnerRel.anchorPerson:admin]]
|
||||
role:membership.partnerRel.anchorPerson:referrer[[membership.partnerRel.anchorPerson:referrer]]
|
||||
end
|
||||
end
|
||||
|
||||
subgraph membership.partnerRel["`**membership.partnerRel**`"]
|
||||
direction TB
|
||||
style membership.partnerRel fill:#99bcdb,stroke:#274d6e,stroke-width:8px
|
||||
subgraph membership.partnerRel.holderPerson["`**membership.partnerRel.holderPerson**`"]
|
||||
direction TB
|
||||
style membership.partnerRel.holderPerson fill:#99bcdb,stroke:#274d6e,stroke-width:8px
|
||||
|
||||
subgraph membership.partnerRel.holderPerson:roles[ ]
|
||||
style membership.partnerRel.holderPerson:roles fill:#99bcdb,stroke:white
|
||||
|
||||
role:membership.partnerRel.holderPerson:owner[[membership.partnerRel.holderPerson:owner]]
|
||||
role:membership.partnerRel.holderPerson:admin[[membership.partnerRel.holderPerson:admin]]
|
||||
role:membership.partnerRel.holderPerson:referrer[[membership.partnerRel.holderPerson:referrer]]
|
||||
end
|
||||
end
|
||||
|
||||
subgraph membership.partnerRel.anchorPerson["`**membership.partnerRel.anchorPerson**`"]
|
||||
direction TB
|
||||
style membership.partnerRel.anchorPerson fill:#99bcdb,stroke:#274d6e,stroke-width:8px
|
||||
|
||||
subgraph membership.partnerRel.anchorPerson:roles[ ]
|
||||
style membership.partnerRel.anchorPerson:roles fill:#99bcdb,stroke:white
|
||||
|
||||
role:membership.partnerRel.anchorPerson:owner[[membership.partnerRel.anchorPerson:owner]]
|
||||
role:membership.partnerRel.anchorPerson:admin[[membership.partnerRel.anchorPerson:admin]]
|
||||
role:membership.partnerRel.anchorPerson:referrer[[membership.partnerRel.anchorPerson:referrer]]
|
||||
end
|
||||
end
|
||||
|
||||
subgraph membership.partnerRel.contact["`**membership.partnerRel.contact**`"]
|
||||
direction TB
|
||||
style membership.partnerRel.contact fill:#99bcdb,stroke:#274d6e,stroke-width:8px
|
||||
|
||||
subgraph membership.partnerRel.contact:roles[ ]
|
||||
style membership.partnerRel.contact:roles fill:#99bcdb,stroke:white
|
||||
|
||||
role:membership.partnerRel.contact:owner[[membership.partnerRel.contact:owner]]
|
||||
role:membership.partnerRel.contact:admin[[membership.partnerRel.contact:admin]]
|
||||
role:membership.partnerRel.contact:referrer[[membership.partnerRel.contact:referrer]]
|
||||
end
|
||||
end
|
||||
|
||||
subgraph membership.partnerRel:roles[ ]
|
||||
style membership.partnerRel:roles fill:#99bcdb,stroke:white
|
||||
|
||||
role:membership.partnerRel:owner[[membership.partnerRel:owner]]
|
||||
role:membership.partnerRel:admin[[membership.partnerRel:admin]]
|
||||
role:membership.partnerRel:agent[[membership.partnerRel:agent]]
|
||||
role:membership.partnerRel:tenant[[membership.partnerRel:tenant]]
|
||||
end
|
||||
end
|
||||
|
||||
subgraph membership.partnerRel.contact["`**membership.partnerRel.contact**`"]
|
||||
direction TB
|
||||
style membership.partnerRel.contact fill:#99bcdb,stroke:#274d6e,stroke-width:8px
|
||||
|
||||
subgraph membership.partnerRel.contact:roles[ ]
|
||||
style membership.partnerRel.contact:roles fill:#99bcdb,stroke:white
|
||||
|
||||
role:membership.partnerRel.contact:owner[[membership.partnerRel.contact:owner]]
|
||||
role:membership.partnerRel.contact:admin[[membership.partnerRel.contact:admin]]
|
||||
role:membership.partnerRel.contact:referrer[[membership.partnerRel.contact:referrer]]
|
||||
end
|
||||
end
|
||||
|
||||
subgraph membership:roles[ ]
|
||||
style membership:roles fill:#99bcdb,stroke:white
|
||||
|
||||
role:membership:owner[[membership:owner]]
|
||||
role:membership:admin[[membership:admin]]
|
||||
role:membership:referrer[[membership:referrer]]
|
||||
role:membership:OWNER[[membership:OWNER]]
|
||||
role:membership:ADMIN[[membership:ADMIN]]
|
||||
role:membership:AGENT[[membership:AGENT]]
|
||||
end
|
||||
end
|
||||
|
||||
@ -153,52 +62,13 @@ subgraph membership.partnerRel["`**membership.partnerRel**`"]
|
||||
direction TB
|
||||
style membership.partnerRel fill:#99bcdb,stroke:#274d6e,stroke-width:8px
|
||||
|
||||
subgraph membership.partnerRel.holderPerson["`**membership.partnerRel.holderPerson**`"]
|
||||
direction TB
|
||||
style membership.partnerRel.holderPerson fill:#99bcdb,stroke:#274d6e,stroke-width:8px
|
||||
|
||||
subgraph membership.partnerRel.holderPerson:roles[ ]
|
||||
style membership.partnerRel.holderPerson:roles fill:#99bcdb,stroke:white
|
||||
|
||||
role:membership.partnerRel.holderPerson:owner[[membership.partnerRel.holderPerson:owner]]
|
||||
role:membership.partnerRel.holderPerson:admin[[membership.partnerRel.holderPerson:admin]]
|
||||
role:membership.partnerRel.holderPerson:referrer[[membership.partnerRel.holderPerson:referrer]]
|
||||
end
|
||||
end
|
||||
|
||||
subgraph membership.partnerRel.anchorPerson["`**membership.partnerRel.anchorPerson**`"]
|
||||
direction TB
|
||||
style membership.partnerRel.anchorPerson fill:#99bcdb,stroke:#274d6e,stroke-width:8px
|
||||
|
||||
subgraph membership.partnerRel.anchorPerson:roles[ ]
|
||||
style membership.partnerRel.anchorPerson:roles fill:#99bcdb,stroke:white
|
||||
|
||||
role:membership.partnerRel.anchorPerson:owner[[membership.partnerRel.anchorPerson:owner]]
|
||||
role:membership.partnerRel.anchorPerson:admin[[membership.partnerRel.anchorPerson:admin]]
|
||||
role:membership.partnerRel.anchorPerson:referrer[[membership.partnerRel.anchorPerson:referrer]]
|
||||
end
|
||||
end
|
||||
|
||||
subgraph membership.partnerRel.contact["`**membership.partnerRel.contact**`"]
|
||||
direction TB
|
||||
style membership.partnerRel.contact fill:#99bcdb,stroke:#274d6e,stroke-width:8px
|
||||
|
||||
subgraph membership.partnerRel.contact:roles[ ]
|
||||
style membership.partnerRel.contact:roles fill:#99bcdb,stroke:white
|
||||
|
||||
role:membership.partnerRel.contact:owner[[membership.partnerRel.contact:owner]]
|
||||
role:membership.partnerRel.contact:admin[[membership.partnerRel.contact:admin]]
|
||||
role:membership.partnerRel.contact:referrer[[membership.partnerRel.contact:referrer]]
|
||||
end
|
||||
end
|
||||
|
||||
subgraph membership.partnerRel:roles[ ]
|
||||
style membership.partnerRel:roles fill:#99bcdb,stroke:white
|
||||
|
||||
role:membership.partnerRel:owner[[membership.partnerRel:owner]]
|
||||
role:membership.partnerRel:admin[[membership.partnerRel:admin]]
|
||||
role:membership.partnerRel:agent[[membership.partnerRel:agent]]
|
||||
role:membership.partnerRel:tenant[[membership.partnerRel:tenant]]
|
||||
role:membership.partnerRel:OWNER[[membership.partnerRel:OWNER]]
|
||||
role:membership.partnerRel:ADMIN[[membership.partnerRel:ADMIN]]
|
||||
role:membership.partnerRel:AGENT[[membership.partnerRel:AGENT]]
|
||||
role:membership.partnerRel:TENANT[[membership.partnerRel:TENANT]]
|
||||
end
|
||||
end
|
||||
|
||||
@ -209,42 +79,42 @@ subgraph membership.partnerRel.contact["`**membership.partnerRel.contact**`"]
|
||||
subgraph membership.partnerRel.contact:roles[ ]
|
||||
style membership.partnerRel.contact:roles fill:#99bcdb,stroke:white
|
||||
|
||||
role:membership.partnerRel.contact:owner[[membership.partnerRel.contact:owner]]
|
||||
role:membership.partnerRel.contact:admin[[membership.partnerRel.contact:admin]]
|
||||
role:membership.partnerRel.contact:referrer[[membership.partnerRel.contact:referrer]]
|
||||
role:membership.partnerRel.contact:OWNER[[membership.partnerRel.contact:OWNER]]
|
||||
role:membership.partnerRel.contact:ADMIN[[membership.partnerRel.contact:ADMIN]]
|
||||
role:membership.partnerRel.contact:REFERRER[[membership.partnerRel.contact:REFERRER]]
|
||||
end
|
||||
end
|
||||
|
||||
%% granting roles to roles
|
||||
role:global:admin -.-> role:membership.partnerRel.anchorPerson:owner
|
||||
role:membership.partnerRel.anchorPerson:owner -.-> role:membership.partnerRel.anchorPerson:admin
|
||||
role:membership.partnerRel.anchorPerson:admin -.-> role:membership.partnerRel.anchorPerson:referrer
|
||||
role:global:admin -.-> role:membership.partnerRel.holderPerson:owner
|
||||
role:membership.partnerRel.holderPerson:owner -.-> role:membership.partnerRel.holderPerson:admin
|
||||
role:membership.partnerRel.holderPerson:admin -.-> role:membership.partnerRel.holderPerson:referrer
|
||||
role:global:admin -.-> role:membership.partnerRel.contact:owner
|
||||
role:membership.partnerRel.contact:owner -.-> role:membership.partnerRel.contact:admin
|
||||
role:membership.partnerRel.contact:admin -.-> role:membership.partnerRel.contact:referrer
|
||||
role:global:admin -.-> role:membership.partnerRel:owner
|
||||
role:membership.partnerRel:owner -.-> role:membership.partnerRel:admin
|
||||
role:membership.partnerRel.anchorPerson:admin -.-> role:membership.partnerRel:admin
|
||||
role:membership.partnerRel:admin -.-> role:membership.partnerRel:agent
|
||||
role:membership.partnerRel.holderPerson:admin -.-> role:membership.partnerRel:agent
|
||||
role:membership.partnerRel:agent -.-> role:membership.partnerRel:tenant
|
||||
role:membership.partnerRel.holderPerson:admin -.-> role:membership.partnerRel:tenant
|
||||
role:membership.partnerRel.contact:admin -.-> role:membership.partnerRel:tenant
|
||||
role:membership.partnerRel:tenant -.-> role:membership.partnerRel.anchorPerson:referrer
|
||||
role:membership.partnerRel:tenant -.-> role:membership.partnerRel.holderPerson:referrer
|
||||
role:membership.partnerRel:tenant -.-> role:membership.partnerRel.contact:referrer
|
||||
role:membership.partnerRel:admin -.-> role:membership:owner
|
||||
role:membership:owner -.-> role:membership:admin
|
||||
role:membership.partnerRel:agent -.-> role:membership:admin
|
||||
role:membership:admin -.-> role:membership:referrer
|
||||
role:membership:referrer -.-> role:membership.partnerRel:tenant
|
||||
role:global:ADMIN -.-> role:membership.partnerRel.anchorPerson:OWNER
|
||||
role:membership.partnerRel.anchorPerson:OWNER -.-> role:membership.partnerRel.anchorPerson:ADMIN
|
||||
role:membership.partnerRel.anchorPerson:ADMIN -.-> role:membership.partnerRel.anchorPerson:REFERRER
|
||||
role:global:ADMIN -.-> role:membership.partnerRel.holderPerson:OWNER
|
||||
role:membership.partnerRel.holderPerson:OWNER -.-> role:membership.partnerRel.holderPerson:ADMIN
|
||||
role:membership.partnerRel.holderPerson:ADMIN -.-> role:membership.partnerRel.holderPerson:REFERRER
|
||||
role:global:ADMIN -.-> role:membership.partnerRel.contact:OWNER
|
||||
role:membership.partnerRel.contact:OWNER -.-> role:membership.partnerRel.contact:ADMIN
|
||||
role:membership.partnerRel.contact:ADMIN -.-> role:membership.partnerRel.contact:REFERRER
|
||||
role:global:ADMIN -.-> role:membership.partnerRel:OWNER
|
||||
role:membership.partnerRel:OWNER -.-> role:membership.partnerRel:ADMIN
|
||||
role:membership.partnerRel.anchorPerson:ADMIN -.-> role:membership.partnerRel:ADMIN
|
||||
role:membership.partnerRel:ADMIN -.-> role:membership.partnerRel:AGENT
|
||||
role:membership.partnerRel.holderPerson:ADMIN -.-> role:membership.partnerRel:AGENT
|
||||
role:membership.partnerRel:AGENT -.-> role:membership.partnerRel:TENANT
|
||||
role:membership.partnerRel.holderPerson:ADMIN -.-> role:membership.partnerRel:TENANT
|
||||
role:membership.partnerRel.contact:ADMIN -.-> role:membership.partnerRel:TENANT
|
||||
role:membership.partnerRel:TENANT -.-> role:membership.partnerRel.anchorPerson:REFERRER
|
||||
role:membership.partnerRel:TENANT -.-> role:membership.partnerRel.holderPerson:REFERRER
|
||||
role:membership.partnerRel:TENANT -.-> role:membership.partnerRel.contact:REFERRER
|
||||
role:membership:OWNER -.-> role:membership:ADMIN
|
||||
role:membership.partnerRel:ADMIN -.-> role:membership:ADMIN
|
||||
role:membership:ADMIN -.-> role:membership:AGENT
|
||||
role:membership.partnerRel:AGENT -.-> role:membership:AGENT
|
||||
role:membership:AGENT -.-> role:membership.partnerRel:TENANT
|
||||
|
||||
%% granting permissions to roles
|
||||
role:membership:admin ==> perm:coopSharesTransaction:INSERT
|
||||
role:membership:admin ==> perm:coopSharesTransaction:UPDATE
|
||||
role:membership:admin ==> perm:coopSharesTransaction:SELECT
|
||||
role:membership:ADMIN ==> perm:coopSharesTransaction:INSERT
|
||||
role:membership:ADMIN ==> perm:coopSharesTransaction:UPDATE
|
||||
role:membership:AGENT ==> perm:coopSharesTransaction:SELECT
|
||||
|
||||
```
|
||||
|
@ -38,8 +38,8 @@ begin
|
||||
SELECT * FROM hs_office_membership WHERE uuid = NEW.membershipUuid INTO newMembership;
|
||||
assert newMembership.uuid is not null, format('newMembership must not be null for NEW.membershipUuid = %s', NEW.membershipUuid);
|
||||
|
||||
call grantPermissionToRole(createPermission(NEW.uuid, 'SELECT'), hsOfficeMembershipAdmin(newMembership));
|
||||
call grantPermissionToRole(createPermission(NEW.uuid, 'UPDATE'), hsOfficeMembershipAdmin(newMembership));
|
||||
call grantPermissionToRole(createPermission(NEW.uuid, 'SELECT'), hsOfficeMembershipAGENT(newMembership));
|
||||
call grantPermissionToRole(createPermission(NEW.uuid, 'UPDATE'), hsOfficeMembershipADMIN(newMembership));
|
||||
|
||||
call leaveTriggerForObjectUuid(NEW.uuid);
|
||||
end; $$;
|
||||
@ -81,7 +81,7 @@ do language plpgsql $$
|
||||
LOOP
|
||||
call grantPermissionToRole(
|
||||
createPermission(row.uuid, 'INSERT', 'hs_office_coopsharestransaction'),
|
||||
hsOfficeMembershipAdmin(row));
|
||||
hsOfficeMembershipADMIN(row));
|
||||
END LOOP;
|
||||
END;
|
||||
$$;
|
||||
@ -96,7 +96,7 @@ create or replace function hs_office_coopsharestransaction_hs_office_membership_
|
||||
begin
|
||||
call grantPermissionToRole(
|
||||
createPermission(NEW.uuid, 'INSERT', 'hs_office_coopsharestransaction'),
|
||||
hsOfficeMembershipAdmin(NEW));
|
||||
hsOfficeMembershipADMIN(NEW));
|
||||
return NEW;
|
||||
end; $$;
|
||||
|
||||
|
@ -13,9 +13,9 @@ subgraph membership.partnerRel.holderPerson["`**membership.partnerRel.holderPers
|
||||
subgraph membership.partnerRel.holderPerson:roles[ ]
|
||||
style membership.partnerRel.holderPerson:roles fill:#99bcdb,stroke:white
|
||||
|
||||
role:membership.partnerRel.holderPerson:owner[[membership.partnerRel.holderPerson:owner]]
|
||||
role:membership.partnerRel.holderPerson:admin[[membership.partnerRel.holderPerson:admin]]
|
||||
role:membership.partnerRel.holderPerson:referrer[[membership.partnerRel.holderPerson:referrer]]
|
||||
role:membership.partnerRel.holderPerson:OWNER[[membership.partnerRel.holderPerson:OWNER]]
|
||||
role:membership.partnerRel.holderPerson:ADMIN[[membership.partnerRel.holderPerson:ADMIN]]
|
||||
role:membership.partnerRel.holderPerson:REFERRER[[membership.partnerRel.holderPerson:REFERRER]]
|
||||
end
|
||||
end
|
||||
|
||||
@ -26,9 +26,9 @@ subgraph membership.partnerRel.anchorPerson["`**membership.partnerRel.anchorPers
|
||||
subgraph membership.partnerRel.anchorPerson:roles[ ]
|
||||
style membership.partnerRel.anchorPerson:roles fill:#99bcdb,stroke:white
|
||||
|
||||
role:membership.partnerRel.anchorPerson:owner[[membership.partnerRel.anchorPerson:owner]]
|
||||
role:membership.partnerRel.anchorPerson:admin[[membership.partnerRel.anchorPerson:admin]]
|
||||
role:membership.partnerRel.anchorPerson:referrer[[membership.partnerRel.anchorPerson:referrer]]
|
||||
role:membership.partnerRel.anchorPerson:OWNER[[membership.partnerRel.anchorPerson:OWNER]]
|
||||
role:membership.partnerRel.anchorPerson:ADMIN[[membership.partnerRel.anchorPerson:ADMIN]]
|
||||
role:membership.partnerRel.anchorPerson:REFERRER[[membership.partnerRel.anchorPerson:REFERRER]]
|
||||
end
|
||||
end
|
||||
|
||||
@ -49,103 +49,12 @@ subgraph membership["`**membership**`"]
|
||||
direction TB
|
||||
style membership fill:#99bcdb,stroke:#274d6e,stroke-width:8px
|
||||
|
||||
subgraph membership.partnerRel.holderPerson["`**membership.partnerRel.holderPerson**`"]
|
||||
direction TB
|
||||
style membership.partnerRel.holderPerson fill:#99bcdb,stroke:#274d6e,stroke-width:8px
|
||||
|
||||
subgraph membership.partnerRel.holderPerson:roles[ ]
|
||||
style membership.partnerRel.holderPerson:roles fill:#99bcdb,stroke:white
|
||||
|
||||
role:membership.partnerRel.holderPerson:owner[[membership.partnerRel.holderPerson:owner]]
|
||||
role:membership.partnerRel.holderPerson:admin[[membership.partnerRel.holderPerson:admin]]
|
||||
role:membership.partnerRel.holderPerson:referrer[[membership.partnerRel.holderPerson:referrer]]
|
||||
end
|
||||
end
|
||||
|
||||
subgraph membership.partnerRel.anchorPerson["`**membership.partnerRel.anchorPerson**`"]
|
||||
direction TB
|
||||
style membership.partnerRel.anchorPerson fill:#99bcdb,stroke:#274d6e,stroke-width:8px
|
||||
|
||||
subgraph membership.partnerRel.anchorPerson:roles[ ]
|
||||
style membership.partnerRel.anchorPerson:roles fill:#99bcdb,stroke:white
|
||||
|
||||
role:membership.partnerRel.anchorPerson:owner[[membership.partnerRel.anchorPerson:owner]]
|
||||
role:membership.partnerRel.anchorPerson:admin[[membership.partnerRel.anchorPerson:admin]]
|
||||
role:membership.partnerRel.anchorPerson:referrer[[membership.partnerRel.anchorPerson:referrer]]
|
||||
end
|
||||
end
|
||||
|
||||
subgraph membership.partnerRel["`**membership.partnerRel**`"]
|
||||
direction TB
|
||||
style membership.partnerRel fill:#99bcdb,stroke:#274d6e,stroke-width:8px
|
||||
subgraph membership.partnerRel.holderPerson["`**membership.partnerRel.holderPerson**`"]
|
||||
direction TB
|
||||
style membership.partnerRel.holderPerson fill:#99bcdb,stroke:#274d6e,stroke-width:8px
|
||||
|
||||
subgraph membership.partnerRel.holderPerson:roles[ ]
|
||||
style membership.partnerRel.holderPerson:roles fill:#99bcdb,stroke:white
|
||||
|
||||
role:membership.partnerRel.holderPerson:owner[[membership.partnerRel.holderPerson:owner]]
|
||||
role:membership.partnerRel.holderPerson:admin[[membership.partnerRel.holderPerson:admin]]
|
||||
role:membership.partnerRel.holderPerson:referrer[[membership.partnerRel.holderPerson:referrer]]
|
||||
end
|
||||
end
|
||||
|
||||
subgraph membership.partnerRel.anchorPerson["`**membership.partnerRel.anchorPerson**`"]
|
||||
direction TB
|
||||
style membership.partnerRel.anchorPerson fill:#99bcdb,stroke:#274d6e,stroke-width:8px
|
||||
|
||||
subgraph membership.partnerRel.anchorPerson:roles[ ]
|
||||
style membership.partnerRel.anchorPerson:roles fill:#99bcdb,stroke:white
|
||||
|
||||
role:membership.partnerRel.anchorPerson:owner[[membership.partnerRel.anchorPerson:owner]]
|
||||
role:membership.partnerRel.anchorPerson:admin[[membership.partnerRel.anchorPerson:admin]]
|
||||
role:membership.partnerRel.anchorPerson:referrer[[membership.partnerRel.anchorPerson:referrer]]
|
||||
end
|
||||
end
|
||||
|
||||
subgraph membership.partnerRel.contact["`**membership.partnerRel.contact**`"]
|
||||
direction TB
|
||||
style membership.partnerRel.contact fill:#99bcdb,stroke:#274d6e,stroke-width:8px
|
||||
|
||||
subgraph membership.partnerRel.contact:roles[ ]
|
||||
style membership.partnerRel.contact:roles fill:#99bcdb,stroke:white
|
||||
|
||||
role:membership.partnerRel.contact:owner[[membership.partnerRel.contact:owner]]
|
||||
role:membership.partnerRel.contact:admin[[membership.partnerRel.contact:admin]]
|
||||
role:membership.partnerRel.contact:referrer[[membership.partnerRel.contact:referrer]]
|
||||
end
|
||||
end
|
||||
|
||||
subgraph membership.partnerRel:roles[ ]
|
||||
style membership.partnerRel:roles fill:#99bcdb,stroke:white
|
||||
|
||||
role:membership.partnerRel:owner[[membership.partnerRel:owner]]
|
||||
role:membership.partnerRel:admin[[membership.partnerRel:admin]]
|
||||
role:membership.partnerRel:agent[[membership.partnerRel:agent]]
|
||||
role:membership.partnerRel:tenant[[membership.partnerRel:tenant]]
|
||||
end
|
||||
end
|
||||
|
||||
subgraph membership.partnerRel.contact["`**membership.partnerRel.contact**`"]
|
||||
direction TB
|
||||
style membership.partnerRel.contact fill:#99bcdb,stroke:#274d6e,stroke-width:8px
|
||||
|
||||
subgraph membership.partnerRel.contact:roles[ ]
|
||||
style membership.partnerRel.contact:roles fill:#99bcdb,stroke:white
|
||||
|
||||
role:membership.partnerRel.contact:owner[[membership.partnerRel.contact:owner]]
|
||||
role:membership.partnerRel.contact:admin[[membership.partnerRel.contact:admin]]
|
||||
role:membership.partnerRel.contact:referrer[[membership.partnerRel.contact:referrer]]
|
||||
end
|
||||
end
|
||||
|
||||
subgraph membership:roles[ ]
|
||||
style membership:roles fill:#99bcdb,stroke:white
|
||||
|
||||
role:membership:owner[[membership:owner]]
|
||||
role:membership:admin[[membership:admin]]
|
||||
role:membership:referrer[[membership:referrer]]
|
||||
role:membership:OWNER[[membership:OWNER]]
|
||||
role:membership:ADMIN[[membership:ADMIN]]
|
||||
role:membership:AGENT[[membership:AGENT]]
|
||||
end
|
||||
end
|
||||
|
||||
@ -153,52 +62,13 @@ subgraph membership.partnerRel["`**membership.partnerRel**`"]
|
||||
direction TB
|
||||
style membership.partnerRel fill:#99bcdb,stroke:#274d6e,stroke-width:8px
|
||||
|
||||
subgraph membership.partnerRel.holderPerson["`**membership.partnerRel.holderPerson**`"]
|
||||
direction TB
|
||||
style membership.partnerRel.holderPerson fill:#99bcdb,stroke:#274d6e,stroke-width:8px
|
||||
|
||||
subgraph membership.partnerRel.holderPerson:roles[ ]
|
||||
style membership.partnerRel.holderPerson:roles fill:#99bcdb,stroke:white
|
||||
|
||||
role:membership.partnerRel.holderPerson:owner[[membership.partnerRel.holderPerson:owner]]
|
||||
role:membership.partnerRel.holderPerson:admin[[membership.partnerRel.holderPerson:admin]]
|
||||
role:membership.partnerRel.holderPerson:referrer[[membership.partnerRel.holderPerson:referrer]]
|
||||
end
|
||||
end
|
||||
|
||||
subgraph membership.partnerRel.anchorPerson["`**membership.partnerRel.anchorPerson**`"]
|
||||
direction TB
|
||||
style membership.partnerRel.anchorPerson fill:#99bcdb,stroke:#274d6e,stroke-width:8px
|
||||
|
||||
subgraph membership.partnerRel.anchorPerson:roles[ ]
|
||||
style membership.partnerRel.anchorPerson:roles fill:#99bcdb,stroke:white
|
||||
|
||||
role:membership.partnerRel.anchorPerson:owner[[membership.partnerRel.anchorPerson:owner]]
|
||||
role:membership.partnerRel.anchorPerson:admin[[membership.partnerRel.anchorPerson:admin]]
|
||||
role:membership.partnerRel.anchorPerson:referrer[[membership.partnerRel.anchorPerson:referrer]]
|
||||
end
|
||||
end
|
||||
|
||||
subgraph membership.partnerRel.contact["`**membership.partnerRel.contact**`"]
|
||||
direction TB
|
||||
style membership.partnerRel.contact fill:#99bcdb,stroke:#274d6e,stroke-width:8px
|
||||
|
||||
subgraph membership.partnerRel.contact:roles[ ]
|
||||
style membership.partnerRel.contact:roles fill:#99bcdb,stroke:white
|
||||
|
||||
role:membership.partnerRel.contact:owner[[membership.partnerRel.contact:owner]]
|
||||
role:membership.partnerRel.contact:admin[[membership.partnerRel.contact:admin]]
|
||||
role:membership.partnerRel.contact:referrer[[membership.partnerRel.contact:referrer]]
|
||||
end
|
||||
end
|
||||
|
||||
subgraph membership.partnerRel:roles[ ]
|
||||
style membership.partnerRel:roles fill:#99bcdb,stroke:white
|
||||
|
||||
role:membership.partnerRel:owner[[membership.partnerRel:owner]]
|
||||
role:membership.partnerRel:admin[[membership.partnerRel:admin]]
|
||||
role:membership.partnerRel:agent[[membership.partnerRel:agent]]
|
||||
role:membership.partnerRel:tenant[[membership.partnerRel:tenant]]
|
||||
role:membership.partnerRel:OWNER[[membership.partnerRel:OWNER]]
|
||||
role:membership.partnerRel:ADMIN[[membership.partnerRel:ADMIN]]
|
||||
role:membership.partnerRel:AGENT[[membership.partnerRel:AGENT]]
|
||||
role:membership.partnerRel:TENANT[[membership.partnerRel:TENANT]]
|
||||
end
|
||||
end
|
||||
|
||||
@ -209,42 +79,42 @@ subgraph membership.partnerRel.contact["`**membership.partnerRel.contact**`"]
|
||||
subgraph membership.partnerRel.contact:roles[ ]
|
||||
style membership.partnerRel.contact:roles fill:#99bcdb,stroke:white
|
||||
|
||||
role:membership.partnerRel.contact:owner[[membership.partnerRel.contact:owner]]
|
||||
role:membership.partnerRel.contact:admin[[membership.partnerRel.contact:admin]]
|
||||
role:membership.partnerRel.contact:referrer[[membership.partnerRel.contact:referrer]]
|
||||
role:membership.partnerRel.contact:OWNER[[membership.partnerRel.contact:OWNER]]
|
||||
role:membership.partnerRel.contact:ADMIN[[membership.partnerRel.contact:ADMIN]]
|
||||
role:membership.partnerRel.contact:REFERRER[[membership.partnerRel.contact:REFERRER]]
|
||||
end
|
||||
end
|
||||
|
||||
%% granting roles to roles
|
||||
role:global:admin -.-> role:membership.partnerRel.anchorPerson:owner
|
||||
role:membership.partnerRel.anchorPerson:owner -.-> role:membership.partnerRel.anchorPerson:admin
|
||||
role:membership.partnerRel.anchorPerson:admin -.-> role:membership.partnerRel.anchorPerson:referrer
|
||||
role:global:admin -.-> role:membership.partnerRel.holderPerson:owner
|
||||
role:membership.partnerRel.holderPerson:owner -.-> role:membership.partnerRel.holderPerson:admin
|
||||
role:membership.partnerRel.holderPerson:admin -.-> role:membership.partnerRel.holderPerson:referrer
|
||||
role:global:admin -.-> role:membership.partnerRel.contact:owner
|
||||
role:membership.partnerRel.contact:owner -.-> role:membership.partnerRel.contact:admin
|
||||
role:membership.partnerRel.contact:admin -.-> role:membership.partnerRel.contact:referrer
|
||||
role:global:admin -.-> role:membership.partnerRel:owner
|
||||
role:membership.partnerRel:owner -.-> role:membership.partnerRel:admin
|
||||
role:membership.partnerRel.anchorPerson:admin -.-> role:membership.partnerRel:admin
|
||||
role:membership.partnerRel:admin -.-> role:membership.partnerRel:agent
|
||||
role:membership.partnerRel.holderPerson:admin -.-> role:membership.partnerRel:agent
|
||||
role:membership.partnerRel:agent -.-> role:membership.partnerRel:tenant
|
||||
role:membership.partnerRel.holderPerson:admin -.-> role:membership.partnerRel:tenant
|
||||
role:membership.partnerRel.contact:admin -.-> role:membership.partnerRel:tenant
|
||||
role:membership.partnerRel:tenant -.-> role:membership.partnerRel.anchorPerson:referrer
|
||||
role:membership.partnerRel:tenant -.-> role:membership.partnerRel.holderPerson:referrer
|
||||
role:membership.partnerRel:tenant -.-> role:membership.partnerRel.contact:referrer
|
||||
role:membership.partnerRel:admin -.-> role:membership:owner
|
||||
role:membership:owner -.-> role:membership:admin
|
||||
role:membership.partnerRel:agent -.-> role:membership:admin
|
||||
role:membership:admin -.-> role:membership:referrer
|
||||
role:membership:referrer -.-> role:membership.partnerRel:tenant
|
||||
role:global:ADMIN -.-> role:membership.partnerRel.anchorPerson:OWNER
|
||||
role:membership.partnerRel.anchorPerson:OWNER -.-> role:membership.partnerRel.anchorPerson:ADMIN
|
||||
role:membership.partnerRel.anchorPerson:ADMIN -.-> role:membership.partnerRel.anchorPerson:REFERRER
|
||||
role:global:ADMIN -.-> role:membership.partnerRel.holderPerson:OWNER
|
||||
role:membership.partnerRel.holderPerson:OWNER -.-> role:membership.partnerRel.holderPerson:ADMIN
|
||||
role:membership.partnerRel.holderPerson:ADMIN -.-> role:membership.partnerRel.holderPerson:REFERRER
|
||||
role:global:ADMIN -.-> role:membership.partnerRel.contact:OWNER
|
||||
role:membership.partnerRel.contact:OWNER -.-> role:membership.partnerRel.contact:ADMIN
|
||||
role:membership.partnerRel.contact:ADMIN -.-> role:membership.partnerRel.contact:REFERRER
|
||||
role:global:ADMIN -.-> role:membership.partnerRel:OWNER
|
||||
role:membership.partnerRel:OWNER -.-> role:membership.partnerRel:ADMIN
|
||||
role:membership.partnerRel.anchorPerson:ADMIN -.-> role:membership.partnerRel:ADMIN
|
||||
role:membership.partnerRel:ADMIN -.-> role:membership.partnerRel:AGENT
|
||||
role:membership.partnerRel.holderPerson:ADMIN -.-> role:membership.partnerRel:AGENT
|
||||
role:membership.partnerRel:AGENT -.-> role:membership.partnerRel:TENANT
|
||||
role:membership.partnerRel.holderPerson:ADMIN -.-> role:membership.partnerRel:TENANT
|
||||
role:membership.partnerRel.contact:ADMIN -.-> role:membership.partnerRel:TENANT
|
||||
role:membership.partnerRel:TENANT -.-> role:membership.partnerRel.anchorPerson:REFERRER
|
||||
role:membership.partnerRel:TENANT -.-> role:membership.partnerRel.holderPerson:REFERRER
|
||||
role:membership.partnerRel:TENANT -.-> role:membership.partnerRel.contact:REFERRER
|
||||
role:membership:OWNER -.-> role:membership:ADMIN
|
||||
role:membership.partnerRel:ADMIN -.-> role:membership:ADMIN
|
||||
role:membership:ADMIN -.-> role:membership:AGENT
|
||||
role:membership.partnerRel:AGENT -.-> role:membership:AGENT
|
||||
role:membership:AGENT -.-> role:membership.partnerRel:TENANT
|
||||
|
||||
%% granting permissions to roles
|
||||
role:membership:admin ==> perm:coopAssetsTransaction:INSERT
|
||||
role:membership:admin ==> perm:coopAssetsTransaction:UPDATE
|
||||
role:membership:admin ==> perm:coopAssetsTransaction:SELECT
|
||||
role:membership:ADMIN ==> perm:coopAssetsTransaction:INSERT
|
||||
role:membership:ADMIN ==> perm:coopAssetsTransaction:UPDATE
|
||||
role:membership:AGENT ==> perm:coopAssetsTransaction:SELECT
|
||||
|
||||
```
|
||||
|
@ -38,8 +38,8 @@ begin
|
||||
SELECT * FROM hs_office_membership WHERE uuid = NEW.membershipUuid INTO newMembership;
|
||||
assert newMembership.uuid is not null, format('newMembership must not be null for NEW.membershipUuid = %s', NEW.membershipUuid);
|
||||
|
||||
call grantPermissionToRole(createPermission(NEW.uuid, 'SELECT'), hsOfficeMembershipAdmin(newMembership));
|
||||
call grantPermissionToRole(createPermission(NEW.uuid, 'UPDATE'), hsOfficeMembershipAdmin(newMembership));
|
||||
call grantPermissionToRole(createPermission(NEW.uuid, 'SELECT'), hsOfficeMembershipAGENT(newMembership));
|
||||
call grantPermissionToRole(createPermission(NEW.uuid, 'UPDATE'), hsOfficeMembershipADMIN(newMembership));
|
||||
|
||||
call leaveTriggerForObjectUuid(NEW.uuid);
|
||||
end; $$;
|
||||
@ -81,7 +81,7 @@ do language plpgsql $$
|
||||
LOOP
|
||||
call grantPermissionToRole(
|
||||
createPermission(row.uuid, 'INSERT', 'hs_office_coopassetstransaction'),
|
||||
hsOfficeMembershipAdmin(row));
|
||||
hsOfficeMembershipADMIN(row));
|
||||
END LOOP;
|
||||
END;
|
||||
$$;
|
||||
@ -96,7 +96,7 @@ create or replace function hs_office_coopassetstransaction_hs_office_membership_
|
||||
begin
|
||||
call grantPermissionToRole(
|
||||
createPermission(NEW.uuid, 'INSERT', 'hs_office_coopassetstransaction'),
|
||||
hsOfficeMembershipAdmin(NEW));
|
||||
hsOfficeMembershipADMIN(NEW));
|
||||
return NEW;
|
||||
end; $$;
|
||||
|
||||
|
@ -338,15 +338,15 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle
|
||||
void partnerRelAdmin_canPatchValidityOfRelatedMembership() {
|
||||
|
||||
// given
|
||||
final var givenPartnerAgent = "hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH.ADMIN";
|
||||
context.define("superuser-alex@hostsharing.net", givenPartnerAgent);
|
||||
final var givenPartnerAdmin = "hs_office_relation#HostsharingeG-with-PARTNER-FirstGmbH:ADMIN";
|
||||
context.define("superuser-alex@hostsharing.net", givenPartnerAdmin);
|
||||
final var givenMembership = givenSomeTemporaryMembershipBessler("First");
|
||||
|
||||
// when
|
||||
RestAssured // @formatter:off
|
||||
.given()
|
||||
.header("current-user", "superuser-alex@hostsharing.net")
|
||||
.header("assumed-roles", givenPartnerAgent)
|
||||
.header("assumed-roles", givenPartnerAdmin)
|
||||
.contentType(ContentType.JSON)
|
||||
.body("""
|
||||
{
|
||||
|
Loading…
Reference in New Issue
Block a user