RBAC generator with conditional grants used for REPRESENTATIVE-Relation #33
@ -102,16 +102,16 @@ public class HsOfficePartnerEntity implements Stringifyable, RbacObject {
|
|||||||
usingDefaultCase(),
|
usingDefaultCase(),
|
||||||
directlyFetchedByDependsOnColumn(),
|
directlyFetchedByDependsOnColumn(),
|
||||||
dependsOnColumn("partnerRelUuid"))
|
dependsOnColumn("partnerRelUuid"))
|
||||||
.createPermission(DELETE).grantedTo("partnerRel", ADMIN)
|
.createPermission(DELETE).grantedTo("partnerRel", OWNER)
|
||||||
.createPermission(UPDATE).grantedTo("partnerRel", AGENT)
|
.createPermission(UPDATE).grantedTo("partnerRel", ADMIN)
|
||||||
.createPermission(SELECT).grantedTo("partnerRel", TENANT)
|
.createPermission(SELECT).grantedTo("partnerRel", TENANT)
|
||||||
|
|
||||||
.importSubEntityAlias("partnerDetails", HsOfficePartnerDetailsEntity.class,
|
.importSubEntityAlias("partnerDetails", HsOfficePartnerDetailsEntity.class,
|
||||||
directlyFetchedByDependsOnColumn(),
|
directlyFetchedByDependsOnColumn(),
|
||||||
dependsOnColumn("detailsUuid"))
|
dependsOnColumn("detailsUuid"))
|
||||||
.createPermission("partnerDetails", DELETE).grantedTo("partnerRel", ADMIN)
|
.createPermission("partnerDetails", DELETE).grantedTo("partnerRel", OWNER)
|
||||||
.createPermission("partnerDetails", UPDATE).grantedTo("partnerRel", AGENT)
|
.createPermission("partnerDetails", UPDATE).grantedTo("partnerRel", AGENT)
|
||||||
.createPermission("partnerDetails", SELECT).grantedTo("partnerRel", AGENT);
|
.createPermission("partnerDetails", SELECT).grantedTo("partnerRel", AGENT); // not TENANT!
|
||||||
}
|
}
|
||||||
|
|
||||||
public static void main(String[] args) throws IOException {
|
public static void main(String[] args) throws IOException {
|
||||||
|
@ -119,7 +119,6 @@ public class HsOfficeRelationEntity implements RbacObject, Stringifyable {
|
|||||||
with.incomingSuperRole("anchorPerson", ADMIN);
|
with.incomingSuperRole("anchorPerson", ADMIN);
|
||||||
})
|
})
|
||||||
.createSubRole(TENANT, (with) -> {
|
.createSubRole(TENANT, (with) -> {
|
||||||
with.incomingSuperRole("holderPerson", ADMIN);
|
|
||||||
with.incomingSuperRole("contact", ADMIN);
|
with.incomingSuperRole("contact", ADMIN);
|
||||||
with.outgoingSubRole("anchorPerson", REFERRER);
|
with.outgoingSubRole("anchorPerson", REFERRER);
|
||||||
with.outgoingSubRole("holderPerson", REFERRER);
|
with.outgoingSubRole("holderPerson", REFERRER);
|
||||||
@ -132,17 +131,20 @@ public class HsOfficeRelationEntity implements RbacObject, Stringifyable {
|
|||||||
then.createRole(OWNER, (with) -> {
|
then.createRole(OWNER, (with) -> {
|
||||||
with.owningUser(CREATOR);
|
with.owningUser(CREATOR);
|
||||||
with.incomingSuperRole(GLOBAL, ADMIN);
|
with.incomingSuperRole(GLOBAL, ADMIN);
|
||||||
|
with.incomingSuperRole("anchorPerson", ADMIN);
|
||||||
with.permission(DELETE);
|
with.permission(DELETE);
|
||||||
})
|
})
|
||||||
.createSubRole(ADMIN, (with) -> {
|
.createSubRole(ADMIN, (with) -> {
|
||||||
with.incomingSuperRole("anchorPerson", ADMIN);
|
|
||||||
with.permission(UPDATE);
|
with.permission(UPDATE);
|
||||||
})
|
})
|
||||||
.createSubRole(AGENT, (with) -> {
|
.createSubRole(AGENT, (with) -> {
|
||||||
|
// TODO.spec: we need relation:PROXY, to allow changing the relation contact.
|
||||||
|
// the alternative would be to move this to the relation:ADMIN role,
|
||||||
|
// but then the partner holder person could update the partner relation itself,
|
||||||
|
// see partner entity.
|
||||||
with.incomingSuperRole("holderPerson", ADMIN);
|
with.incomingSuperRole("holderPerson", ADMIN);
|
||||||
})
|
})
|
||||||
.createSubRole(TENANT, (with) -> {
|
.createSubRole(TENANT, (with) -> {
|
||||||
with.incomingSuperRole("holderPerson", ADMIN);
|
|
||||||
with.incomingSuperRole("contact", ADMIN);
|
with.incomingSuperRole("contact", ADMIN);
|
||||||
with.outgoingSubRole("anchorPerson", REFERRER);
|
with.outgoingSubRole("anchorPerson", REFERRER);
|
||||||
with.outgoingSubRole("holderPerson", REFERRER);
|
with.outgoingSubRole("holderPerson", REFERRER);
|
||||||
|
@ -393,8 +393,8 @@ public class RbacView {
|
|||||||
new RbacRoleDefinition(findEntityAlias(mapper.map(roleDef.entityAlias.aliasName)), roleDef.role);
|
new RbacRoleDefinition(findEntityAlias(mapper.map(roleDef.entityAlias.aliasName)), roleDef.role);
|
||||||
});
|
});
|
||||||
importedRbacView.getGrantDefs().forEach(grantDef -> {
|
importedRbacView.getGrantDefs().forEach(grantDef -> {
|
||||||
if ( grantDef.matchesCase(forCase) &&
|
if ( grantDef.grantType() == RbacGrantDefinition.GrantType.ROLE_TO_ROLE &&
|
||||||
grantDef.grantType() == RbacGrantDefinition.GrantType.ROLE_TO_ROLE) {
|
grantDef.matchesCase(forCase) ) {
|
||||||
final var importedGrantDef = findOrCreateGrantDef(
|
final var importedGrantDef = findOrCreateGrantDef(
|
||||||
findRbacRole(
|
findRbacRole(
|
||||||
mapper.map(grantDef.getSubRoleDef().entityAlias.aliasName),
|
mapper.map(grantDef.getSubRoleDef().entityAlias.aliasName),
|
||||||
@ -484,14 +484,13 @@ public class RbacView {
|
|||||||
public void generateWithBaseFileName(final String baseFileName) {
|
public void generateWithBaseFileName(final String baseFileName) {
|
||||||
if (allCases.size() > 1) {
|
if (allCases.size() > 1) {
|
||||||
allCases.forEach(caseDef -> {
|
allCases.forEach(caseDef -> {
|
||||||
if ( caseDef.isDefaultCase() ) { // FIXME remove the condition
|
|
||||||
final var fileName = baseFileName + (caseDef.isDefaultCase() ? "" : "-" + caseDef.val) + ".md";
|
final var fileName = baseFileName + (caseDef.isDefaultCase() ? "" : "-" + caseDef.val) + ".md";
|
||||||
new RbacViewMermaidFlowchartGenerator(this, caseDef)
|
new RbacViewMermaidFlowchartGenerator(this, caseDef)
|
||||||
.generateToMarkdownFile(Path.of(OUTPUT_BASEDIR, fileName));
|
.generateToMarkdownFile(Path.of(OUTPUT_BASEDIR, fileName));
|
||||||
}
|
|
||||||
});
|
});
|
||||||
}
|
} else {
|
||||||
new RbacViewMermaidFlowchartGenerator(this).generateToMarkdownFile(Path.of(OUTPUT_BASEDIR, baseFileName + ".md"));
|
new RbacViewMermaidFlowchartGenerator(this).generateToMarkdownFile(Path.of(OUTPUT_BASEDIR, baseFileName + ".md"));
|
||||||
|
}
|
||||||
new RbacViewPostgresGenerator(this).generateToChangeLog(Path.of(OUTPUT_BASEDIR, baseFileName + ".sql"));
|
new RbacViewPostgresGenerator(this).generateToChangeLog(Path.of(OUTPUT_BASEDIR, baseFileName + ".sql"));
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -541,7 +540,9 @@ public class RbacView {
|
|||||||
case ROLE_TO_ROLE -> superRoleDef + arrow + subRoleDef;
|
case ROLE_TO_ROLE -> superRoleDef + arrow + subRoleDef;
|
||||||
case PERM_TO_ROLE -> superRoleDef + arrow + permDef;
|
case PERM_TO_ROLE -> superRoleDef + arrow + permDef;
|
||||||
};
|
};
|
||||||
final var condition = isConditional() ? (" " +forCases.stream().map(CaseDef::toString).collect(Collectors.joining("||"))) : "";
|
final var condition = isConditional()
|
||||||
|
? (" (" +forCases.stream().map(CaseDef::toString).collect(Collectors.joining("||")) + ")")
|
||||||
|
: "";
|
||||||
return grant + condition;
|
return grant + condition;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -595,14 +596,19 @@ public class RbacView {
|
|||||||
return forCases != null && !forCases.isEmpty() && forCases.size()<allCases.size();
|
return forCases != null && !forCases.isEmpty() && forCases.size()<allCases.size();
|
||||||
}
|
}
|
||||||
|
|
||||||
boolean matchesCase(final ColumnValue value) {
|
boolean matchesCase(final ColumnValue requestedCase) {
|
||||||
return forCases == null || forCases.contains(value.value);
|
if (forCases == null) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
final var noCasesDefined = forCases.isEmpty();
|
||||||
|
final var generateForAllCases = requestedCase == null;
|
||||||
|
final boolean isGrantedForRequestedCase = forCases.stream().anyMatch(c -> c.isCase(requestedCase));
|
||||||
|
return noCasesDefined || generateForAllCases || isGrantedForRequestedCase;
|
||||||
}
|
}
|
||||||
|
|
||||||
boolean matchesCase(final CaseDef requestedCase) {
|
boolean matchesCase(final CaseDef requestedCase) {
|
||||||
final var noCasesDefined = forCases.isEmpty();
|
final var noCasesDefined = forCases.isEmpty();
|
||||||
final var generateForAllCases = requestedCase == null;
|
final var generateForAllCases = requestedCase == null;
|
||||||
final var isGrantedOnlyForDefaultCase = forCases.size() == 1 && forCases.iterator().next() == null; // FIXME: needed?
|
|
||||||
final boolean isGrantedForRequestedCase = forCases.contains(requestedCase);
|
final boolean isGrantedForRequestedCase = forCases.contains(requestedCase);
|
||||||
return noCasesDefined || generateForAllCases || isGrantedForRequestedCase;
|
return noCasesDefined || generateForAllCases || isGrantedForRequestedCase;
|
||||||
}
|
}
|
||||||
@ -1171,6 +1177,10 @@ public class RbacView {
|
|||||||
? "inOtherCases"
|
? "inOtherCases"
|
||||||
: "inCaseOf:" + val;
|
: "inCaseOf:" + val;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public boolean isCase(final ColumnValue requestedCase) {
|
||||||
|
return Objects.equals(requestedCase.value, this.val);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
private static void generateRbacView(final Class<? extends RbacObject> c) {
|
private static void generateRbacView(final Class<? extends RbacObject> c) {
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
package net.hostsharing.hsadminng.rbac.rbacdef;
|
package net.hostsharing.hsadminng.rbac.rbacdef;
|
||||||
|
|
||||||
import lombok.SneakyThrows;
|
import lombok.SneakyThrows;
|
||||||
import net.hostsharing.hsadminng.rbac.rbacdef.ConditionGenerator.CaseDef;
|
import net.hostsharing.hsadminng.rbac.rbacdef.RbacView.CaseDef;
|
||||||
import org.apache.commons.lang3.StringUtils;
|
import org.apache.commons.lang3.StringUtils;
|
||||||
|
|
||||||
import java.nio.file.*;
|
import java.nio.file.*;
|
||||||
@ -107,7 +107,7 @@ public class RbacViewMermaidFlowchartGenerator {
|
|||||||
private void renderGrants(final RbacView.RbacGrantDefinition.GrantType grantType, final String comment) {
|
private void renderGrants(final RbacView.RbacGrantDefinition.GrantType grantType, final String comment) {
|
||||||
final var grantsOfRequestedType = rbacDef.getGrantDefs().stream()
|
final var grantsOfRequestedType = rbacDef.getGrantDefs().stream()
|
||||||
.filter(g -> g.grantType() == grantType)
|
.filter(g -> g.grantType() == grantType)
|
||||||
.filter(g -> g.matchesCase(forCase))
|
.filter(this::isToBeRenderedInThisGraph)
|
||||||
.toList();
|
.toList();
|
||||||
if ( !grantsOfRequestedType.isEmpty()) {
|
if ( !grantsOfRequestedType.isEmpty()) {
|
||||||
flowchart.ensureSingleEmptyLine();
|
flowchart.ensureSingleEmptyLine();
|
||||||
@ -116,10 +116,19 @@ public class RbacViewMermaidFlowchartGenerator {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private boolean isToBeRenderedInThisGraph(final RbacView.RbacGrantDefinition g) {
|
||||||
|
if ( g.grantType() != ROLE_TO_ROLE )
|
||||||
|
return true;
|
||||||
|
if ( forCase == null && !g.isConditional() )
|
||||||
|
return true;
|
||||||
|
final var isToBeRenderedInThisGraph = g.getForCases() == null || g.getForCases().contains(forCase);
|
||||||
|
return isToBeRenderedInThisGraph;
|
||||||
|
}
|
||||||
|
|
||||||
private String grantDef(final RbacView.RbacGrantDefinition grant) {
|
private String grantDef(final RbacView.RbacGrantDefinition grant) {
|
||||||
final var arrow = (grant.isToCreate() ? " ==>" : " -.->")
|
final var arrow = (grant.isToCreate() ? " ==>" : " -.->")
|
||||||
+ (grant.isAssumed() ? " " : "|XX| ");
|
+ (grant.isAssumed() ? " " : "|XX| ");
|
||||||
return switch (grant.grantType()) {
|
final var grantDef = switch (grant.grantType()) {
|
||||||
case ROLE_TO_USER ->
|
case ROLE_TO_USER ->
|
||||||
// TODO: other user types not implemented yet
|
// TODO: other user types not implemented yet
|
||||||
"user:creator" + arrow + roleId(grant.getSubRoleDef());
|
"user:creator" + arrow + roleId(grant.getSubRoleDef());
|
||||||
@ -127,6 +136,7 @@ public class RbacViewMermaidFlowchartGenerator {
|
|||||||
roleId(grant.getSuperRoleDef()) + arrow + roleId(grant.getSubRoleDef());
|
roleId(grant.getSuperRoleDef()) + arrow + roleId(grant.getSubRoleDef());
|
||||||
case PERM_TO_ROLE -> roleId(grant.getSuperRoleDef()) + arrow + permId(grant.getPermDef());
|
case PERM_TO_ROLE -> roleId(grant.getSuperRoleDef()) + arrow + permId(grant.getPermDef());
|
||||||
};
|
};
|
||||||
|
return grantDef;
|
||||||
}
|
}
|
||||||
|
|
||||||
private String permDef(final RbacView.RbacPermissionDefinition perm) {
|
private String permDef(final RbacView.RbacPermissionDefinition perm) {
|
||||||
|
@ -1,91 +0,0 @@
|
|||||||
### rbac relation
|
|
||||||
|
|
||||||
This code generated was by RbacViewMermaidFlowchartGenerator, do not amend manually.
|
|
||||||
|
|
||||||
```mermaid
|
|
||||||
%%{init:{'flowchart':{'htmlLabels':false}}}%%
|
|
||||||
flowchart TB
|
|
||||||
|
|
||||||
subgraph holderPerson["`**holderPerson**`"]
|
|
||||||
direction TB
|
|
||||||
style holderPerson fill:#99bcdb,stroke:#274d6e,stroke-width:8px
|
|
||||||
|
|
||||||
subgraph holderPerson:roles[ ]
|
|
||||||
style holderPerson:roles fill:#99bcdb,stroke:white
|
|
||||||
|
|
||||||
role:holderPerson:OWNER[[holderPerson:OWNER]]
|
|
||||||
role:holderPerson:ADMIN[[holderPerson:ADMIN]]
|
|
||||||
role:holderPerson:REFERRER[[holderPerson:REFERRER]]
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
subgraph anchorPerson["`**anchorPerson**`"]
|
|
||||||
direction TB
|
|
||||||
style anchorPerson fill:#99bcdb,stroke:#274d6e,stroke-width:8px
|
|
||||||
|
|
||||||
subgraph anchorPerson:roles[ ]
|
|
||||||
style anchorPerson:roles fill:#99bcdb,stroke:white
|
|
||||||
|
|
||||||
role:anchorPerson:OWNER[[anchorPerson:OWNER]]
|
|
||||||
role:anchorPerson:ADMIN[[anchorPerson:ADMIN]]
|
|
||||||
role:anchorPerson:REFERRER[[anchorPerson:REFERRER]]
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
subgraph contact["`**contact**`"]
|
|
||||||
direction TB
|
|
||||||
style contact fill:#99bcdb,stroke:#274d6e,stroke-width:8px
|
|
||||||
|
|
||||||
subgraph contact:roles[ ]
|
|
||||||
style contact:roles fill:#99bcdb,stroke:white
|
|
||||||
|
|
||||||
role:contact:OWNER[[contact:OWNER]]
|
|
||||||
role:contact:ADMIN[[contact:ADMIN]]
|
|
||||||
role:contact:REFERRER[[contact:REFERRER]]
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
subgraph relation["`**relation**`"]
|
|
||||||
direction TB
|
|
||||||
style relation fill:#dd4901,stroke:#274d6e,stroke-width:8px
|
|
||||||
|
|
||||||
subgraph relation:roles[ ]
|
|
||||||
style relation:roles fill:#dd4901,stroke:white
|
|
||||||
|
|
||||||
role:relation:OWNER[[relation:OWNER]]
|
|
||||||
role:relation:ADMIN[[relation:ADMIN]]
|
|
||||||
role:relation:AGENT[[relation:AGENT]]
|
|
||||||
role:relation:TENANT[[relation:TENANT]]
|
|
||||||
end
|
|
||||||
|
|
||||||
subgraph relation:permissions[ ]
|
|
||||||
style relation:permissions fill:#dd4901,stroke:white
|
|
||||||
|
|
||||||
perm:relation:DELETE{{relation:DELETE}}
|
|
||||||
perm:relation:UPDATE{{relation:UPDATE}}
|
|
||||||
perm:relation:SELECT{{relation:SELECT}}
|
|
||||||
perm:relation:INSERT{{relation:INSERT}}
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
%% granting roles to users
|
|
||||||
user:creator ==> role:relation:OWNER
|
|
||||||
|
|
||||||
%% granting roles to roles
|
|
||||||
role:global:ADMIN -.-> role:anchorPerson:OWNER
|
|
||||||
role:anchorPerson:OWNER -.-> role:anchorPerson:ADMIN
|
|
||||||
role:anchorPerson:ADMIN -.-> role:anchorPerson:REFERRER
|
|
||||||
role:global:ADMIN -.-> role:holderPerson:OWNER
|
|
||||||
role:holderPerson:OWNER -.-> role:holderPerson:ADMIN
|
|
||||||
role:holderPerson:ADMIN -.-> role:holderPerson:REFERRER
|
|
||||||
role:global:ADMIN -.-> role:contact:OWNER
|
|
||||||
role:contact:OWNER -.-> role:contact:ADMIN
|
|
||||||
role:contact:ADMIN -.-> role:contact:REFERRER
|
|
||||||
|
|
||||||
%% granting permissions to roles
|
|
||||||
role:relation:OWNER ==> perm:relation:DELETE
|
|
||||||
role:relation:ADMIN ==> perm:relation:UPDATE
|
|
||||||
role:relation:TENANT ==> perm:relation:SELECT
|
|
||||||
role:anchorPerson:ADMIN ==> perm:relation:INSERT
|
|
||||||
|
|
||||||
```
|
|
@ -88,7 +88,6 @@ role:relation:ADMIN ==> role:anchorPerson:OWNER
|
|||||||
role:relation:ADMIN ==> role:relation:AGENT
|
role:relation:ADMIN ==> role:relation:AGENT
|
||||||
role:anchorPerson:ADMIN ==> role:relation:AGENT
|
role:anchorPerson:ADMIN ==> role:relation:AGENT
|
||||||
role:relation:AGENT ==> role:relation:TENANT
|
role:relation:AGENT ==> role:relation:TENANT
|
||||||
role:holderPerson:ADMIN ==> role:relation:TENANT
|
|
||||||
role:contact:ADMIN ==> role:relation:TENANT
|
role:contact:ADMIN ==> role:relation:TENANT
|
||||||
role:relation:TENANT ==> role:anchorPerson:REFERRER
|
role:relation:TENANT ==> role:anchorPerson:REFERRER
|
||||||
role:relation:TENANT ==> role:holderPerson:REFERRER
|
role:relation:TENANT ==> role:holderPerson:REFERRER
|
||||||
|
@ -82,18 +82,14 @@ role:global:ADMIN -.-> role:contact:OWNER
|
|||||||
role:contact:OWNER -.-> role:contact:ADMIN
|
role:contact:OWNER -.-> role:contact:ADMIN
|
||||||
role:contact:ADMIN -.-> role:contact:REFERRER
|
role:contact:ADMIN -.-> role:contact:REFERRER
|
||||||
role:global:ADMIN ==> role:relation:OWNER
|
role:global:ADMIN ==> role:relation:OWNER
|
||||||
role:holderPerson:ADMIN ==> role:relation:OWNER
|
|
||||||
role:relation:OWNER ==> role:relation:ADMIN
|
role:relation:OWNER ==> role:relation:ADMIN
|
||||||
role:relation:ADMIN ==> role:anchorPerson:OWNER
|
|
||||||
role:relation:ADMIN ==> role:relation:AGENT
|
role:relation:ADMIN ==> role:relation:AGENT
|
||||||
role:anchorPerson:ADMIN ==> role:relation:AGENT
|
|
||||||
role:relation:AGENT ==> role:relation:TENANT
|
role:relation:AGENT ==> role:relation:TENANT
|
||||||
role:holderPerson:ADMIN ==> role:relation:TENANT
|
|
||||||
role:contact:ADMIN ==> role:relation:TENANT
|
role:contact:ADMIN ==> role:relation:TENANT
|
||||||
role:relation:TENANT ==> role:anchorPerson:REFERRER
|
role:relation:TENANT ==> role:anchorPerson:REFERRER
|
||||||
role:relation:TENANT ==> role:holderPerson:REFERRER
|
role:relation:TENANT ==> role:holderPerson:REFERRER
|
||||||
role:relation:TENANT ==> role:contact:REFERRER
|
role:relation:TENANT ==> role:contact:REFERRER
|
||||||
role:anchorPerson:ADMIN ==> role:relation:ADMIN
|
role:anchorPerson:ADMIN ==> role:relation:OWNER
|
||||||
role:holderPerson:ADMIN ==> role:relation:AGENT
|
role:holderPerson:ADMIN ==> role:relation:AGENT
|
||||||
|
|
||||||
%% granting permissions to roles
|
%% granting permissions to roles
|
||||||
|
@ -70,7 +70,6 @@ begin
|
|||||||
permissions => array['SELECT'],
|
permissions => array['SELECT'],
|
||||||
incomingSuperRoles => array[
|
incomingSuperRoles => array[
|
||||||
hsOfficeContactADMIN(newContact),
|
hsOfficeContactADMIN(newContact),
|
||||||
hsOfficePersonADMIN(newHolderPerson),
|
|
||||||
hsOfficeRelationAGENT(NEW)],
|
hsOfficeRelationAGENT(NEW)],
|
||||||
outgoingSubRoles => array[
|
outgoingSubRoles => array[
|
||||||
hsOfficeContactREFERRER(newContact),
|
hsOfficeContactREFERRER(newContact),
|
||||||
@ -83,8 +82,8 @@ begin
|
|||||||
call grantRoleToRole(hsOfficeRelationAGENT(NEW), hsOfficePersonADMIN(newAnchorPerson));
|
call grantRoleToRole(hsOfficeRelationAGENT(NEW), hsOfficePersonADMIN(newAnchorPerson));
|
||||||
call grantRoleToRole(hsOfficeRelationOWNER(NEW), hsOfficePersonADMIN(newHolderPerson));
|
call grantRoleToRole(hsOfficeRelationOWNER(NEW), hsOfficePersonADMIN(newHolderPerson));
|
||||||
ELSE
|
ELSE
|
||||||
call grantRoleToRole(hsOfficeRelationADMIN(NEW), hsOfficePersonADMIN(newAnchorPerson));
|
|
||||||
call grantRoleToRole(hsOfficeRelationAGENT(NEW), hsOfficePersonADMIN(newHolderPerson));
|
call grantRoleToRole(hsOfficeRelationAGENT(NEW), hsOfficePersonADMIN(newHolderPerson));
|
||||||
|
call grantRoleToRole(hsOfficeRelationOWNER(NEW), hsOfficePersonADMIN(newAnchorPerson));
|
||||||
END IF;
|
END IF;
|
||||||
|
|
||||||
call leaveTriggerForObjectUuid(NEW.uuid);
|
call leaveTriggerForObjectUuid(NEW.uuid);
|
||||||
|
@ -98,22 +98,21 @@ role:partnerRel.contact:OWNER -.-> role:partnerRel.contact:ADMIN
|
|||||||
role:partnerRel.contact:ADMIN -.-> role:partnerRel.contact:REFERRER
|
role:partnerRel.contact:ADMIN -.-> role:partnerRel.contact:REFERRER
|
||||||
role:global:ADMIN -.-> role:partnerRel:OWNER
|
role:global:ADMIN -.-> role:partnerRel:OWNER
|
||||||
role:partnerRel:OWNER -.-> role:partnerRel:ADMIN
|
role:partnerRel:OWNER -.-> role:partnerRel:ADMIN
|
||||||
role:partnerRel.anchorPerson:ADMIN -.-> role:partnerRel:ADMIN
|
|
||||||
role:partnerRel:ADMIN -.-> role:partnerRel:AGENT
|
role:partnerRel:ADMIN -.-> role:partnerRel:AGENT
|
||||||
role:partnerRel.holderPerson:ADMIN -.-> role:partnerRel:AGENT
|
|
||||||
role:partnerRel:AGENT -.-> role:partnerRel:TENANT
|
role:partnerRel:AGENT -.-> role:partnerRel:TENANT
|
||||||
role:partnerRel.holderPerson:ADMIN -.-> role:partnerRel:TENANT
|
|
||||||
role:partnerRel.contact:ADMIN -.-> role:partnerRel:TENANT
|
role:partnerRel.contact:ADMIN -.-> role:partnerRel:TENANT
|
||||||
role:partnerRel:TENANT -.-> role:partnerRel.anchorPerson:REFERRER
|
role:partnerRel:TENANT -.-> role:partnerRel.anchorPerson:REFERRER
|
||||||
role:partnerRel:TENANT -.-> role:partnerRel.holderPerson:REFERRER
|
role:partnerRel:TENANT -.-> role:partnerRel.holderPerson:REFERRER
|
||||||
role:partnerRel:TENANT -.-> role:partnerRel.contact:REFERRER
|
role:partnerRel:TENANT -.-> role:partnerRel.contact:REFERRER
|
||||||
|
role:partnerRel.anchorPerson:ADMIN -.-> role:partnerRel:OWNER
|
||||||
|
role:partnerRel.holderPerson:ADMIN -.-> role:partnerRel:AGENT
|
||||||
|
|
||||||
%% granting permissions to roles
|
%% granting permissions to roles
|
||||||
role:global:ADMIN ==> perm:partner:INSERT
|
role:global:ADMIN ==> perm:partner:INSERT
|
||||||
role:partnerRel:ADMIN ==> perm:partner:DELETE
|
role:partnerRel:OWNER ==> perm:partner:DELETE
|
||||||
role:partnerRel:AGENT ==> perm:partner:UPDATE
|
role:partnerRel:ADMIN ==> perm:partner:UPDATE
|
||||||
role:partnerRel:TENANT ==> perm:partner:SELECT
|
role:partnerRel:TENANT ==> perm:partner:SELECT
|
||||||
role:partnerRel:ADMIN ==> perm:partnerDetails:DELETE
|
role:partnerRel:OWNER ==> perm:partnerDetails:DELETE
|
||||||
role:partnerRel:AGENT ==> perm:partnerDetails:UPDATE
|
role:partnerRel:AGENT ==> perm:partnerDetails:UPDATE
|
||||||
role:partnerRel:AGENT ==> perm:partnerDetails:SELECT
|
role:partnerRel:AGENT ==> perm:partnerDetails:SELECT
|
||||||
|
|
||||||
|
@ -42,10 +42,10 @@ begin
|
|||||||
SELECT * FROM hs_office_partner_details WHERE uuid = NEW.detailsUuid INTO newPartnerDetails;
|
SELECT * FROM hs_office_partner_details WHERE uuid = NEW.detailsUuid INTO newPartnerDetails;
|
||||||
assert newPartnerDetails.uuid is not null, format('newPartnerDetails must not be null for NEW.detailsUuid = %s', NEW.detailsUuid);
|
assert newPartnerDetails.uuid is not null, format('newPartnerDetails must not be null for NEW.detailsUuid = %s', NEW.detailsUuid);
|
||||||
|
|
||||||
call grantPermissionToRole(createPermission(NEW.uuid, 'DELETE'), hsOfficeRelationADMIN(newPartnerRel));
|
call grantPermissionToRole(createPermission(NEW.uuid, 'DELETE'), hsOfficeRelationOWNER(newPartnerRel));
|
||||||
call grantPermissionToRole(createPermission(NEW.uuid, 'SELECT'), hsOfficeRelationTENANT(newPartnerRel));
|
call grantPermissionToRole(createPermission(NEW.uuid, 'SELECT'), hsOfficeRelationTENANT(newPartnerRel));
|
||||||
call grantPermissionToRole(createPermission(NEW.uuid, 'UPDATE'), hsOfficeRelationAGENT(newPartnerRel));
|
call grantPermissionToRole(createPermission(NEW.uuid, 'UPDATE'), hsOfficeRelationADMIN(newPartnerRel));
|
||||||
call grantPermissionToRole(createPermission(newPartnerDetails.uuid, 'DELETE'), hsOfficeRelationADMIN(newPartnerRel));
|
call grantPermissionToRole(createPermission(newPartnerDetails.uuid, 'DELETE'), hsOfficeRelationOWNER(newPartnerRel));
|
||||||
call grantPermissionToRole(createPermission(newPartnerDetails.uuid, 'SELECT'), hsOfficeRelationAGENT(newPartnerRel));
|
call grantPermissionToRole(createPermission(newPartnerDetails.uuid, 'SELECT'), hsOfficeRelationAGENT(newPartnerRel));
|
||||||
call grantPermissionToRole(createPermission(newPartnerDetails.uuid, 'UPDATE'), hsOfficeRelationAGENT(newPartnerRel));
|
call grantPermissionToRole(createPermission(newPartnerDetails.uuid, 'UPDATE'), hsOfficeRelationAGENT(newPartnerRel));
|
||||||
|
|
||||||
@ -110,17 +110,17 @@ begin
|
|||||||
|
|
||||||
if NEW.partnerRelUuid <> OLD.partnerRelUuid then
|
if NEW.partnerRelUuid <> OLD.partnerRelUuid then
|
||||||
|
|
||||||
call revokePermissionFromRole(getPermissionId(OLD.uuid, 'DELETE'), hsOfficeRelationADMIN(oldPartnerRel));
|
call revokePermissionFromRole(getPermissionId(OLD.uuid, 'DELETE'), hsOfficeRelationOWNER(oldPartnerRel));
|
||||||
call grantPermissionToRole(createPermission(NEW.uuid, 'DELETE'), hsOfficeRelationADMIN(newPartnerRel));
|
call grantPermissionToRole(createPermission(NEW.uuid, 'DELETE'), hsOfficeRelationOWNER(newPartnerRel));
|
||||||
|
|
||||||
call revokePermissionFromRole(getPermissionId(OLD.uuid, 'UPDATE'), hsOfficeRelationAGENT(oldPartnerRel));
|
call revokePermissionFromRole(getPermissionId(OLD.uuid, 'UPDATE'), hsOfficeRelationADMIN(oldPartnerRel));
|
||||||
call grantPermissionToRole(createPermission(NEW.uuid, 'UPDATE'), hsOfficeRelationAGENT(newPartnerRel));
|
call grantPermissionToRole(createPermission(NEW.uuid, 'UPDATE'), hsOfficeRelationADMIN(newPartnerRel));
|
||||||
|
|
||||||
call revokePermissionFromRole(getPermissionId(OLD.uuid, 'SELECT'), hsOfficeRelationTENANT(oldPartnerRel));
|
call revokePermissionFromRole(getPermissionId(OLD.uuid, 'SELECT'), hsOfficeRelationTENANT(oldPartnerRel));
|
||||||
call grantPermissionToRole(createPermission(NEW.uuid, 'SELECT'), hsOfficeRelationTENANT(newPartnerRel));
|
call grantPermissionToRole(createPermission(NEW.uuid, 'SELECT'), hsOfficeRelationTENANT(newPartnerRel));
|
||||||
|
|
||||||
call revokePermissionFromRole(getPermissionId(oldPartnerDetails.uuid, 'DELETE'), hsOfficeRelationADMIN(oldPartnerRel));
|
call revokePermissionFromRole(getPermissionId(oldPartnerDetails.uuid, 'DELETE'), hsOfficeRelationOWNER(oldPartnerRel));
|
||||||
call grantPermissionToRole(createPermission(newPartnerDetails.uuid, 'DELETE'), hsOfficeRelationADMIN(newPartnerRel));
|
call grantPermissionToRole(createPermission(newPartnerDetails.uuid, 'DELETE'), hsOfficeRelationOWNER(newPartnerRel));
|
||||||
|
|
||||||
call revokePermissionFromRole(getPermissionId(oldPartnerDetails.uuid, 'UPDATE'), hsOfficeRelationAGENT(oldPartnerRel));
|
call revokePermissionFromRole(getPermissionId(oldPartnerDetails.uuid, 'UPDATE'), hsOfficeRelationAGENT(oldPartnerRel));
|
||||||
call grantPermissionToRole(createPermission(newPartnerDetails.uuid, 'UPDATE'), hsOfficeRelationAGENT(newPartnerRel));
|
call grantPermissionToRole(createPermission(newPartnerDetails.uuid, 'UPDATE'), hsOfficeRelationAGENT(newPartnerRel));
|
||||||
|
@ -149,17 +149,6 @@ role:debitorRel.holderPerson:ADMIN -.-> role:debitorRel.holderPerson:REFERRER
|
|||||||
role:global:ADMIN -.-> role:debitorRel.contact:OWNER
|
role:global:ADMIN -.-> role:debitorRel.contact:OWNER
|
||||||
role:debitorRel.contact:OWNER -.-> role:debitorRel.contact:ADMIN
|
role:debitorRel.contact:OWNER -.-> role:debitorRel.contact:ADMIN
|
||||||
role:debitorRel.contact:ADMIN -.-> role:debitorRel.contact:REFERRER
|
role:debitorRel.contact:ADMIN -.-> role:debitorRel.contact:REFERRER
|
||||||
role:global:ADMIN -.-> role:debitorRel:OWNER
|
|
||||||
role:debitorRel:OWNER -.-> role:debitorRel:ADMIN
|
|
||||||
role:debitorRel.anchorPerson:ADMIN -.-> role:debitorRel:ADMIN
|
|
||||||
role:debitorRel:ADMIN -.-> role:debitorRel:AGENT
|
|
||||||
role:debitorRel.holderPerson:ADMIN -.-> role:debitorRel:AGENT
|
|
||||||
role:debitorRel:AGENT -.-> role:debitorRel:TENANT
|
|
||||||
role:debitorRel.holderPerson:ADMIN -.-> role:debitorRel:TENANT
|
|
||||||
role:debitorRel.contact:ADMIN -.-> role:debitorRel:TENANT
|
|
||||||
role:debitorRel:TENANT -.-> role:debitorRel.anchorPerson:REFERRER
|
|
||||||
role:debitorRel:TENANT -.-> role:debitorRel.holderPerson:REFERRER
|
|
||||||
role:debitorRel:TENANT -.-> role:debitorRel.contact:REFERRER
|
|
||||||
role:global:ADMIN -.-> role:refundBankAccount:OWNER
|
role:global:ADMIN -.-> role:refundBankAccount:OWNER
|
||||||
role:refundBankAccount:OWNER -.-> role:refundBankAccount:ADMIN
|
role:refundBankAccount:OWNER -.-> role:refundBankAccount:ADMIN
|
||||||
role:refundBankAccount:ADMIN -.-> role:refundBankAccount:REFERRER
|
role:refundBankAccount:ADMIN -.-> role:refundBankAccount:REFERRER
|
||||||
@ -176,15 +165,14 @@ role:partnerRel.contact:OWNER -.-> role:partnerRel.contact:ADMIN
|
|||||||
role:partnerRel.contact:ADMIN -.-> role:partnerRel.contact:REFERRER
|
role:partnerRel.contact:ADMIN -.-> role:partnerRel.contact:REFERRER
|
||||||
role:global:ADMIN -.-> role:partnerRel:OWNER
|
role:global:ADMIN -.-> role:partnerRel:OWNER
|
||||||
role:partnerRel:OWNER -.-> role:partnerRel:ADMIN
|
role:partnerRel:OWNER -.-> role:partnerRel:ADMIN
|
||||||
role:partnerRel.anchorPerson:ADMIN -.-> role:partnerRel:ADMIN
|
|
||||||
role:partnerRel:ADMIN -.-> role:partnerRel:AGENT
|
role:partnerRel:ADMIN -.-> role:partnerRel:AGENT
|
||||||
role:partnerRel.holderPerson:ADMIN -.-> role:partnerRel:AGENT
|
|
||||||
role:partnerRel:AGENT -.-> role:partnerRel:TENANT
|
role:partnerRel:AGENT -.-> role:partnerRel:TENANT
|
||||||
role:partnerRel.holderPerson:ADMIN -.-> role:partnerRel:TENANT
|
|
||||||
role:partnerRel.contact:ADMIN -.-> role:partnerRel:TENANT
|
role:partnerRel.contact:ADMIN -.-> role:partnerRel:TENANT
|
||||||
role:partnerRel:TENANT -.-> role:partnerRel.anchorPerson:REFERRER
|
role:partnerRel:TENANT -.-> role:partnerRel.anchorPerson:REFERRER
|
||||||
role:partnerRel:TENANT -.-> role:partnerRel.holderPerson:REFERRER
|
role:partnerRel:TENANT -.-> role:partnerRel.holderPerson:REFERRER
|
||||||
role:partnerRel:TENANT -.-> role:partnerRel.contact:REFERRER
|
role:partnerRel:TENANT -.-> role:partnerRel.contact:REFERRER
|
||||||
|
role:partnerRel.anchorPerson:ADMIN -.-> role:partnerRel:OWNER
|
||||||
|
role:partnerRel.holderPerson:ADMIN -.-> role:partnerRel:AGENT
|
||||||
role:partnerRel:ADMIN ==> role:debitorRel:ADMIN
|
role:partnerRel:ADMIN ==> role:debitorRel:ADMIN
|
||||||
role:partnerRel:AGENT ==> role:debitorRel:AGENT
|
role:partnerRel:AGENT ==> role:debitorRel:AGENT
|
||||||
role:debitorRel:AGENT ==> role:partnerRel:TENANT
|
role:debitorRel:AGENT ==> role:partnerRel:TENANT
|
||||||
|
@ -110,15 +110,14 @@ role:debitorRel.contact:OWNER -.-> role:debitorRel.contact:ADMIN
|
|||||||
role:debitorRel.contact:ADMIN -.-> role:debitorRel.contact:REFERRER
|
role:debitorRel.contact:ADMIN -.-> role:debitorRel.contact:REFERRER
|
||||||
role:global:ADMIN -.-> role:debitorRel:OWNER
|
role:global:ADMIN -.-> role:debitorRel:OWNER
|
||||||
role:debitorRel:OWNER -.-> role:debitorRel:ADMIN
|
role:debitorRel:OWNER -.-> role:debitorRel:ADMIN
|
||||||
role:debitorRel.anchorPerson:ADMIN -.-> role:debitorRel:ADMIN
|
|
||||||
role:debitorRel:ADMIN -.-> role:debitorRel:AGENT
|
role:debitorRel:ADMIN -.-> role:debitorRel:AGENT
|
||||||
role:debitorRel.holderPerson:ADMIN -.-> role:debitorRel:AGENT
|
|
||||||
role:debitorRel:AGENT -.-> role:debitorRel:TENANT
|
role:debitorRel:AGENT -.-> role:debitorRel:TENANT
|
||||||
role:debitorRel.holderPerson:ADMIN -.-> role:debitorRel:TENANT
|
|
||||||
role:debitorRel.contact:ADMIN -.-> role:debitorRel:TENANT
|
role:debitorRel.contact:ADMIN -.-> role:debitorRel:TENANT
|
||||||
role:debitorRel:TENANT -.-> role:debitorRel.anchorPerson:REFERRER
|
role:debitorRel:TENANT -.-> role:debitorRel.anchorPerson:REFERRER
|
||||||
role:debitorRel:TENANT -.-> role:debitorRel.holderPerson:REFERRER
|
role:debitorRel:TENANT -.-> role:debitorRel.holderPerson:REFERRER
|
||||||
role:debitorRel:TENANT -.-> role:debitorRel.contact:REFERRER
|
role:debitorRel:TENANT -.-> role:debitorRel.contact:REFERRER
|
||||||
|
role:debitorRel.anchorPerson:ADMIN -.-> role:debitorRel:OWNER
|
||||||
|
role:debitorRel.holderPerson:ADMIN -.-> role:debitorRel:AGENT
|
||||||
role:global:ADMIN -.-> role:bankAccount:OWNER
|
role:global:ADMIN -.-> role:bankAccount:OWNER
|
||||||
role:bankAccount:OWNER -.-> role:bankAccount:ADMIN
|
role:bankAccount:OWNER -.-> role:bankAccount:ADMIN
|
||||||
role:bankAccount:ADMIN -.-> role:bankAccount:REFERRER
|
role:bankAccount:ADMIN -.-> role:bankAccount:REFERRER
|
||||||
|
@ -96,15 +96,14 @@ role:partnerRel.contact:OWNER -.-> role:partnerRel.contact:ADMIN
|
|||||||
role:partnerRel.contact:ADMIN -.-> role:partnerRel.contact:REFERRER
|
role:partnerRel.contact:ADMIN -.-> role:partnerRel.contact:REFERRER
|
||||||
role:global:ADMIN -.-> role:partnerRel:OWNER
|
role:global:ADMIN -.-> role:partnerRel:OWNER
|
||||||
role:partnerRel:OWNER -.-> role:partnerRel:ADMIN
|
role:partnerRel:OWNER -.-> role:partnerRel:ADMIN
|
||||||
role:partnerRel.anchorPerson:ADMIN -.-> role:partnerRel:ADMIN
|
|
||||||
role:partnerRel:ADMIN -.-> role:partnerRel:AGENT
|
role:partnerRel:ADMIN -.-> role:partnerRel:AGENT
|
||||||
role:partnerRel.holderPerson:ADMIN -.-> role:partnerRel:AGENT
|
|
||||||
role:partnerRel:AGENT -.-> role:partnerRel:TENANT
|
role:partnerRel:AGENT -.-> role:partnerRel:TENANT
|
||||||
role:partnerRel.holderPerson:ADMIN -.-> role:partnerRel:TENANT
|
|
||||||
role:partnerRel.contact:ADMIN -.-> role:partnerRel:TENANT
|
role:partnerRel.contact:ADMIN -.-> role:partnerRel:TENANT
|
||||||
role:partnerRel:TENANT -.-> role:partnerRel.anchorPerson:REFERRER
|
role:partnerRel:TENANT -.-> role:partnerRel.anchorPerson:REFERRER
|
||||||
role:partnerRel:TENANT -.-> role:partnerRel.holderPerson:REFERRER
|
role:partnerRel:TENANT -.-> role:partnerRel.holderPerson:REFERRER
|
||||||
role:partnerRel:TENANT -.-> role:partnerRel.contact:REFERRER
|
role:partnerRel:TENANT -.-> role:partnerRel.contact:REFERRER
|
||||||
|
role:partnerRel.anchorPerson:ADMIN -.-> role:partnerRel:OWNER
|
||||||
|
role:partnerRel.holderPerson:ADMIN -.-> role:partnerRel:AGENT
|
||||||
role:membership:OWNER ==> role:membership:ADMIN
|
role:membership:OWNER ==> role:membership:ADMIN
|
||||||
role:partnerRel:ADMIN ==> role:membership:ADMIN
|
role:partnerRel:ADMIN ==> role:membership:ADMIN
|
||||||
role:membership:ADMIN ==> role:membership:AGENT
|
role:membership:ADMIN ==> role:membership:AGENT
|
||||||
|
@ -97,15 +97,14 @@ role:membership.partnerRel.contact:OWNER -.-> role:membership.partnerRel.contact
|
|||||||
role:membership.partnerRel.contact:ADMIN -.-> role:membership.partnerRel.contact:REFERRER
|
role:membership.partnerRel.contact:ADMIN -.-> role:membership.partnerRel.contact:REFERRER
|
||||||
role:global:ADMIN -.-> role:membership.partnerRel:OWNER
|
role:global:ADMIN -.-> role:membership.partnerRel:OWNER
|
||||||
role:membership.partnerRel:OWNER -.-> role:membership.partnerRel:ADMIN
|
role:membership.partnerRel:OWNER -.-> role:membership.partnerRel:ADMIN
|
||||||
role:membership.partnerRel.anchorPerson:ADMIN -.-> role:membership.partnerRel:ADMIN
|
|
||||||
role:membership.partnerRel:ADMIN -.-> role:membership.partnerRel:AGENT
|
role:membership.partnerRel:ADMIN -.-> role:membership.partnerRel:AGENT
|
||||||
role:membership.partnerRel.holderPerson:ADMIN -.-> role:membership.partnerRel:AGENT
|
|
||||||
role:membership.partnerRel:AGENT -.-> role:membership.partnerRel:TENANT
|
role:membership.partnerRel:AGENT -.-> role:membership.partnerRel:TENANT
|
||||||
role:membership.partnerRel.holderPerson:ADMIN -.-> role:membership.partnerRel:TENANT
|
|
||||||
role:membership.partnerRel.contact:ADMIN -.-> role:membership.partnerRel:TENANT
|
role:membership.partnerRel.contact:ADMIN -.-> role:membership.partnerRel:TENANT
|
||||||
role:membership.partnerRel:TENANT -.-> role:membership.partnerRel.anchorPerson:REFERRER
|
role:membership.partnerRel:TENANT -.-> role:membership.partnerRel.anchorPerson:REFERRER
|
||||||
role:membership.partnerRel:TENANT -.-> role:membership.partnerRel.holderPerson:REFERRER
|
role:membership.partnerRel:TENANT -.-> role:membership.partnerRel.holderPerson:REFERRER
|
||||||
role:membership.partnerRel:TENANT -.-> role:membership.partnerRel.contact:REFERRER
|
role:membership.partnerRel:TENANT -.-> role:membership.partnerRel.contact:REFERRER
|
||||||
|
role:membership.partnerRel.anchorPerson:ADMIN -.-> role:membership.partnerRel:OWNER
|
||||||
|
role:membership.partnerRel.holderPerson:ADMIN -.-> role:membership.partnerRel:AGENT
|
||||||
role:membership:OWNER -.-> role:membership:ADMIN
|
role:membership:OWNER -.-> role:membership:ADMIN
|
||||||
role:membership.partnerRel:ADMIN -.-> role:membership:ADMIN
|
role:membership.partnerRel:ADMIN -.-> role:membership:ADMIN
|
||||||
role:membership:ADMIN -.-> role:membership:AGENT
|
role:membership:ADMIN -.-> role:membership:AGENT
|
||||||
|
@ -97,15 +97,14 @@ role:membership.partnerRel.contact:OWNER -.-> role:membership.partnerRel.contact
|
|||||||
role:membership.partnerRel.contact:ADMIN -.-> role:membership.partnerRel.contact:REFERRER
|
role:membership.partnerRel.contact:ADMIN -.-> role:membership.partnerRel.contact:REFERRER
|
||||||
role:global:ADMIN -.-> role:membership.partnerRel:OWNER
|
role:global:ADMIN -.-> role:membership.partnerRel:OWNER
|
||||||
role:membership.partnerRel:OWNER -.-> role:membership.partnerRel:ADMIN
|
role:membership.partnerRel:OWNER -.-> role:membership.partnerRel:ADMIN
|
||||||
role:membership.partnerRel.anchorPerson:ADMIN -.-> role:membership.partnerRel:ADMIN
|
|
||||||
role:membership.partnerRel:ADMIN -.-> role:membership.partnerRel:AGENT
|
role:membership.partnerRel:ADMIN -.-> role:membership.partnerRel:AGENT
|
||||||
role:membership.partnerRel.holderPerson:ADMIN -.-> role:membership.partnerRel:AGENT
|
|
||||||
role:membership.partnerRel:AGENT -.-> role:membership.partnerRel:TENANT
|
role:membership.partnerRel:AGENT -.-> role:membership.partnerRel:TENANT
|
||||||
role:membership.partnerRel.holderPerson:ADMIN -.-> role:membership.partnerRel:TENANT
|
|
||||||
role:membership.partnerRel.contact:ADMIN -.-> role:membership.partnerRel:TENANT
|
role:membership.partnerRel.contact:ADMIN -.-> role:membership.partnerRel:TENANT
|
||||||
role:membership.partnerRel:TENANT -.-> role:membership.partnerRel.anchorPerson:REFERRER
|
role:membership.partnerRel:TENANT -.-> role:membership.partnerRel.anchorPerson:REFERRER
|
||||||
role:membership.partnerRel:TENANT -.-> role:membership.partnerRel.holderPerson:REFERRER
|
role:membership.partnerRel:TENANT -.-> role:membership.partnerRel.holderPerson:REFERRER
|
||||||
role:membership.partnerRel:TENANT -.-> role:membership.partnerRel.contact:REFERRER
|
role:membership.partnerRel:TENANT -.-> role:membership.partnerRel.contact:REFERRER
|
||||||
|
role:membership.partnerRel.anchorPerson:ADMIN -.-> role:membership.partnerRel:OWNER
|
||||||
|
role:membership.partnerRel.holderPerson:ADMIN -.-> role:membership.partnerRel:AGENT
|
||||||
role:membership:OWNER -.-> role:membership:ADMIN
|
role:membership:OWNER -.-> role:membership:ADMIN
|
||||||
role:membership.partnerRel:ADMIN -.-> role:membership:ADMIN
|
role:membership.partnerRel:ADMIN -.-> role:membership:ADMIN
|
||||||
role:membership:ADMIN -.-> role:membership:AGENT
|
role:membership:ADMIN -.-> role:membership:AGENT
|
||||||
|
Loading…
Reference in New Issue
Block a user