RBAC generator with conditional grants used for REPRESENTATIVE-Relation #33
@ -15,9 +15,9 @@ import jakarta.persistence.Column;
|
|||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.util.UUID;
|
import java.util.UUID;
|
||||||
|
|
||||||
import static net.hostsharing.hsadminng.rbac.rbacdef.ConditionGenerator.CaseDef.inCaseOf;
|
|
||||||
import static net.hostsharing.hsadminng.rbac.rbacdef.ConditionGenerator.CaseDef.inOtherCases;
|
|
||||||
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.*;
|
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.*;
|
||||||
|
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.CaseDef.inCaseOf;
|
||||||
|
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.CaseDef.inOtherCases;
|
||||||
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Column.dependsOnColumn;
|
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Column.dependsOnColumn;
|
||||||
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Nullable.NOT_NULL;
|
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Nullable.NOT_NULL;
|
||||||
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.*;
|
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.*;
|
||||||
@ -127,7 +127,7 @@ public class HsOfficeRelationEntity implements RbacObject, Stringifyable {
|
|||||||
with.permission(SELECT);
|
with.permission(SELECT);
|
||||||
});
|
});
|
||||||
}),
|
}),
|
||||||
inCaseOf("DEBITOR", then -> {}),
|
// inCaseOf("DEBITOR", then -> {}), TODO.spec: needs to be defined
|
||||||
inOtherCases(then -> {
|
inOtherCases(then -> {
|
||||||
then.createRole(OWNER, (with) -> {
|
then.createRole(OWNER, (with) -> {
|
||||||
with.owningUser(CREATOR);
|
with.owningUser(CREATOR);
|
||||||
|
@ -1,75 +0,0 @@
|
|||||||
package net.hostsharing.hsadminng.rbac.rbacdef;
|
|
||||||
|
|
||||||
import java.util.Objects;
|
|
||||||
import java.util.Set;
|
|
||||||
import java.util.function.Consumer;
|
|
||||||
import java.util.stream.Collectors;
|
|
||||||
|
|
||||||
import static java.lang.String.join;
|
|
||||||
import static java.util.Optional.ofNullable;
|
|
||||||
|
|
||||||
public class ConditionGenerator {
|
|
||||||
|
|
||||||
private final String discriminatorColumName;
|
|
||||||
private final Set<CaseDef> allCases;
|
|
||||||
|
|
||||||
public ConditionGenerator(final String discriminatorColumName, final Set<CaseDef> allCases) {
|
|
||||||
this.discriminatorColumName = discriminatorColumName;
|
|
||||||
this.allCases = allCases;
|
|
||||||
}
|
|
||||||
|
|
||||||
public String generatePlPgSql(final Set<CaseDef> forCases) {
|
|
||||||
if (forCases.size() == 1) {
|
|
||||||
if (forCases.iterator().next().isDefaultCase()) {
|
|
||||||
final var nonDefaultCases = allCases.stream().filter(c -> !c.isDefaultCase()).map(c -> c.val).toList();
|
|
||||||
if (nonDefaultCases.size() > 1) {
|
|
||||||
return discriminatorColumName + " not in ('" + join("', '", nonDefaultCases) + "')";
|
|
||||||
}
|
|
||||||
return discriminatorColumName + " <> '" + nonDefaultCases.getFirst() + "'";
|
|
||||||
}
|
|
||||||
return discriminatorColumName + " = '" + forCases.iterator().next().val + "'";
|
|
||||||
}
|
|
||||||
return discriminatorColumName + " in ('" + forCases.stream().map(c -> c.val).collect(Collectors.joining("', '")) + "')";
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
public static class CaseDef {
|
|
||||||
|
|
||||||
final String val;
|
|
||||||
final Consumer<RbacView> def;
|
|
||||||
|
|
||||||
private CaseDef(final String discriminatorColumnValue, final Consumer<RbacView> def) {
|
|
||||||
this.val = discriminatorColumnValue;
|
|
||||||
this.def = def;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
public static CaseDef inCaseOf(final String discriminatorColumnValue, final Consumer<RbacView> def) {
|
|
||||||
return new CaseDef(discriminatorColumnValue, def);
|
|
||||||
}
|
|
||||||
|
|
||||||
public static CaseDef inOtherCases(final Consumer<RbacView> def) {
|
|
||||||
return new CaseDef(null, def);
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public int hashCode() {
|
|
||||||
return ofNullable(val).map(String::hashCode).orElse(0);
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public boolean equals(final Object other) {
|
|
||||||
if (this == other)
|
|
||||||
return true;
|
|
||||||
if (other == null || getClass() != other.getClass())
|
|
||||||
return false;
|
|
||||||
final CaseDef caseDef = (CaseDef) other;
|
|
||||||
return Objects.equals(val, caseDef.val);
|
|
||||||
}
|
|
||||||
|
|
||||||
boolean isDefaultCase() {
|
|
||||||
return val == null;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
@ -13,7 +13,6 @@ import net.hostsharing.hsadminng.hs.office.partner.HsOfficePartnerEntity;
|
|||||||
import net.hostsharing.hsadminng.hs.office.person.HsOfficePersonEntity;
|
import net.hostsharing.hsadminng.hs.office.person.HsOfficePersonEntity;
|
||||||
import net.hostsharing.hsadminng.hs.office.relation.HsOfficeRelationEntity;
|
import net.hostsharing.hsadminng.hs.office.relation.HsOfficeRelationEntity;
|
||||||
import net.hostsharing.hsadminng.hs.office.sepamandate.HsOfficeSepaMandateEntity;
|
import net.hostsharing.hsadminng.hs.office.sepamandate.HsOfficeSepaMandateEntity;
|
||||||
import net.hostsharing.hsadminng.rbac.rbacdef.ConditionGenerator.CaseDef;
|
|
||||||
import net.hostsharing.hsadminng.rbac.rbacobject.RbacObject;
|
import net.hostsharing.hsadminng.rbac.rbacobject.RbacObject;
|
||||||
import net.hostsharing.hsadminng.test.cust.TestCustomerEntity;
|
import net.hostsharing.hsadminng.test.cust.TestCustomerEntity;
|
||||||
import net.hostsharing.hsadminng.test.dom.TestDomainEntity;
|
import net.hostsharing.hsadminng.test.dom.TestDomainEntity;
|
||||||
@ -27,6 +26,7 @@ import java.lang.reflect.Method;
|
|||||||
import java.nio.file.Path;
|
import java.nio.file.Path;
|
||||||
import java.util.*;
|
import java.util.*;
|
||||||
import java.util.function.Consumer;
|
import java.util.function.Consumer;
|
||||||
|
import java.util.stream.Collectors;
|
||||||
import java.util.stream.Stream;
|
import java.util.stream.Stream;
|
||||||
|
|
||||||
import static java.lang.reflect.Modifier.isStatic;
|
import static java.lang.reflect.Modifier.isStatic;
|
||||||
@ -483,9 +483,12 @@ public class RbacView {
|
|||||||
|
|
||||||
public void generateWithBaseFileName(final String baseFileName) {
|
public void generateWithBaseFileName(final String baseFileName) {
|
||||||
if (allCases.size() > 1) {
|
if (allCases.size() > 1) {
|
||||||
allCases.forEach(c -> {
|
allCases.forEach(caseDef -> {
|
||||||
final var fileName = baseFileName + (c.isDefaultCase() ? "" : "-" + c.val) + ".md";
|
if ( caseDef.isDefaultCase() ) { // FIXME remove the condition
|
||||||
new RbacViewMermaidFlowchartGenerator(this, c).generateToMarkdownFile(Path.of(OUTPUT_BASEDIR, fileName));
|
final var fileName = baseFileName + (caseDef.isDefaultCase() ? "" : "-" + caseDef.val) + ".md";
|
||||||
|
new RbacViewMermaidFlowchartGenerator(this, caseDef)
|
||||||
|
.generateToMarkdownFile(Path.of(OUTPUT_BASEDIR, fileName));
|
||||||
|
}
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
new RbacViewMermaidFlowchartGenerator(this).generateToMarkdownFile(Path.of(OUTPUT_BASEDIR, baseFileName + ".md"));
|
new RbacViewMermaidFlowchartGenerator(this).generateToMarkdownFile(Path.of(OUTPUT_BASEDIR, baseFileName + ".md"));
|
||||||
@ -532,14 +535,14 @@ public class RbacView {
|
|||||||
|
|
||||||
@Override
|
@Override
|
||||||
public String toString() {
|
public String toString() {
|
||||||
final var arrow = isConditional()
|
final var arrow = isAssumed() ? " --> " : " -- // --> ";
|
||||||
? (isAssumed() ? " -- ?? --> " : " -- ?//? --> ")
|
final var grant = switch (grantType()) {
|
||||||
: (isAssumed() ? " --> " : " -- // --> ");
|
|
||||||
return switch (grantType()) {
|
|
||||||
case ROLE_TO_USER -> userDef.toString() + arrow + subRoleDef.toString();
|
case ROLE_TO_USER -> userDef.toString() + arrow + subRoleDef.toString();
|
||||||
case ROLE_TO_ROLE -> superRoleDef + arrow + subRoleDef;
|
case ROLE_TO_ROLE -> superRoleDef + arrow + subRoleDef;
|
||||||
case PERM_TO_ROLE -> superRoleDef + arrow + permDef;
|
case PERM_TO_ROLE -> superRoleDef + arrow + permDef;
|
||||||
};
|
};
|
||||||
|
final var condition = isConditional() ? (" " +forCases.stream().map(CaseDef::toString).collect(Collectors.joining("||"))) : "";
|
||||||
|
return grant + condition;
|
||||||
}
|
}
|
||||||
|
|
||||||
RbacGrantDefinition(final RbacRoleDefinition subRoleDef, final RbacRoleDefinition superRoleDef, final CaseDef forCase) {
|
RbacGrantDefinition(final RbacRoleDefinition subRoleDef, final RbacRoleDefinition superRoleDef, final CaseDef forCase) {
|
||||||
@ -547,7 +550,7 @@ public class RbacView {
|
|||||||
this.subRoleDef = subRoleDef;
|
this.subRoleDef = subRoleDef;
|
||||||
this.superRoleDef = superRoleDef;
|
this.superRoleDef = superRoleDef;
|
||||||
this.permDef = null;
|
this.permDef = null;
|
||||||
this.forCases = hashSet(forCase);
|
this.forCases = forCase != null ? hashSet(forCase) : null;
|
||||||
register(this);
|
register(this);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -589,20 +592,19 @@ public class RbacView {
|
|||||||
}
|
}
|
||||||
|
|
||||||
boolean isConditional() {
|
boolean isConditional() {
|
||||||
return !forCases.isEmpty() && forCases.size()<allCases.size();
|
return forCases != null && !forCases.isEmpty() && forCases.size()<allCases.size();
|
||||||
}
|
|
||||||
|
|
||||||
String generateCondition() {
|
|
||||||
return new ConditionGenerator(discriminatorColumName, allCases).generatePlPgSql(forCases);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
boolean matchesCase(final ColumnValue value) {
|
boolean matchesCase(final ColumnValue value) {
|
||||||
return forCases.isEmpty() || forCases.contains(value.value);
|
return forCases == null || forCases.contains(value.value);
|
||||||
}
|
}
|
||||||
|
|
||||||
boolean matchesCase(final CaseDef forCase) {
|
boolean matchesCase(final CaseDef requestedCase) {
|
||||||
return forCases.isEmpty() || forCase == null || (forCases.size() == 1 && forCases.iterator().next() == null)
|
final var noCasesDefined = forCases.isEmpty();
|
||||||
|| forCases.contains(forCase);
|
final var generateForAllCases = requestedCase == null;
|
||||||
|
final var isGrantedOnlyForDefaultCase = forCases.size() == 1 && forCases.iterator().next() == null; // FIXME: needed?
|
||||||
|
final boolean isGrantedForRequestedCase = forCases.contains(requestedCase);
|
||||||
|
return noCasesDefined || generateForAllCases || isGrantedForRequestedCase;
|
||||||
}
|
}
|
||||||
|
|
||||||
boolean isToCreate() {
|
boolean isToCreate() {
|
||||||
@ -862,11 +864,12 @@ public class RbacView {
|
|||||||
private RbacGrantDefinition findOrCreateGrantDef(
|
private RbacGrantDefinition findOrCreateGrantDef(
|
||||||
final RbacRoleDefinition subRoleDefinition,
|
final RbacRoleDefinition subRoleDefinition,
|
||||||
final RbacRoleDefinition superRoleDefinition) {
|
final RbacRoleDefinition superRoleDefinition) {
|
||||||
return grantDefs.stream()
|
final var distinctGrantDef = grantDefs.stream()
|
||||||
.filter(g -> g.subRoleDef == subRoleDefinition && g.superRoleDef == superRoleDefinition)
|
.filter(g -> g.subRoleDef == subRoleDefinition && g.superRoleDef == superRoleDefinition)
|
||||||
.findFirst()
|
.findFirst()
|
||||||
.map(g -> g.forCase(processingCase))
|
.map(g -> g.forCase(processingCase))
|
||||||
.orElseGet(() -> new RbacGrantDefinition(subRoleDefinition, superRoleDefinition, processingCase));
|
.orElseGet(() -> new RbacGrantDefinition(subRoleDefinition, superRoleDefinition, processingCase));
|
||||||
|
return distinctGrantDef;
|
||||||
}
|
}
|
||||||
|
|
||||||
record EntityAlias(String aliasName, Class<? extends RbacObject> entityClass, SQL fetchSql, Column dependsOnColum, boolean isSubEntity, Nullable nullable) {
|
record EntityAlias(String aliasName, Class<? extends RbacObject> entityClass, SQL fetchSql, Column dependsOnColum, boolean isSubEntity, Nullable nullable) {
|
||||||
@ -1124,6 +1127,52 @@ public class RbacView {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public static class CaseDef {
|
||||||
|
|
||||||
|
final String val;
|
||||||
|
final Consumer<RbacView> def;
|
||||||
|
|
||||||
|
private CaseDef(final String discriminatorColumnValue, final Consumer<RbacView> def) {
|
||||||
|
this.val = discriminatorColumnValue;
|
||||||
|
this.def = def;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
public static CaseDef inCaseOf(final String discriminatorColumnValue, final Consumer<RbacView> def) {
|
||||||
|
return new CaseDef(discriminatorColumnValue, def);
|
||||||
|
}
|
||||||
|
|
||||||
|
public static CaseDef inOtherCases(final Consumer<RbacView> def) {
|
||||||
|
return new CaseDef(null, def);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public int hashCode() {
|
||||||
|
return ofNullable(val).map(String::hashCode).orElse(0);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public boolean equals(final Object other) {
|
||||||
|
if (this == other)
|
||||||
|
return true;
|
||||||
|
if (other == null || getClass() != other.getClass())
|
||||||
|
return false;
|
||||||
|
final CaseDef caseDef = (CaseDef) other;
|
||||||
|
return Objects.equals(val, caseDef.val);
|
||||||
|
}
|
||||||
|
|
||||||
|
boolean isDefaultCase() {
|
||||||
|
return val == null;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public String toString() {
|
||||||
|
return isDefaultCase()
|
||||||
|
? "inOtherCases"
|
||||||
|
: "inCaseOf:" + val;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
private static void generateRbacView(final Class<? extends RbacObject> c) {
|
private static void generateRbacView(final Class<? extends RbacObject> c) {
|
||||||
final Method mainMethod = stream(c.getMethods()).filter(
|
final Method mainMethod = stream(c.getMethods()).filter(
|
||||||
m -> isStatic(m.getModifiers()) && m.getName().equals("main")
|
m -> isStatic(m.getModifiers()) && m.getName().equals("main")
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
package net.hostsharing.hsadminng.rbac.rbacdef;
|
package net.hostsharing.hsadminng.rbac.rbacdef;
|
||||||
|
|
||||||
import net.hostsharing.hsadminng.rbac.rbacdef.ConditionGenerator.CaseDef;
|
import net.hostsharing.hsadminng.rbac.rbacdef.RbacView.CaseDef;
|
||||||
import net.hostsharing.hsadminng.rbac.rbacdef.RbacView.RbacGrantDefinition;
|
import net.hostsharing.hsadminng.rbac.rbacdef.RbacView.RbacGrantDefinition;
|
||||||
import net.hostsharing.hsadminng.rbac.rbacdef.RbacView.RbacPermissionDefinition;
|
import net.hostsharing.hsadminng.rbac.rbacdef.RbacView.RbacPermissionDefinition;
|
||||||
|
|
||||||
@ -198,7 +198,7 @@ class RolesGrantsAndPermissionsGenerator {
|
|||||||
final var ifOrElsIf = new AtomicReference<>("IF ");
|
final var ifOrElsIf = new AtomicReference<>("IF ");
|
||||||
rbacDef.getAllCases().forEach(caseDef -> {
|
rbacDef.getAllCases().forEach(caseDef -> {
|
||||||
if (caseDef.val != null) {
|
if (caseDef.val != null) {
|
||||||
plPgSql.writeLn(ifOrElsIf + rbacDef.getDiscriminatorColumName() + " = '" + caseDef.val + "' THEN");
|
plPgSql.writeLn(ifOrElsIf + "NEW." + rbacDef.getDiscriminatorColumName() + " = '" + caseDef.val + "' THEN");
|
||||||
} else {
|
} else {
|
||||||
plPgSql.writeLn("ELSE");
|
plPgSql.writeLn("ELSE");
|
||||||
}
|
}
|
||||||
@ -401,11 +401,8 @@ class RolesGrantsAndPermissionsGenerator {
|
|||||||
.replace("${roleSuffix}", capitalize(role.name())));
|
.replace("${roleSuffix}", capitalize(role.name())));
|
||||||
|
|
||||||
generatePermissionsForRole(plPgSql, role);
|
generatePermissionsForRole(plPgSql, role);
|
||||||
|
|
||||||
generateIncomingSuperRolesForRole(plPgSql, role);
|
generateIncomingSuperRolesForRole(plPgSql, role);
|
||||||
|
|
||||||
generateOutgoingSubRolesForRole(plPgSql, role);
|
generateOutgoingSubRolesForRole(plPgSql, role);
|
||||||
|
|
||||||
generateUserGrantsForRole(plPgSql, role);
|
generateUserGrantsForRole(plPgSql, role);
|
||||||
|
|
||||||
plPgSql.chopTail(",\n");
|
plPgSql.chopTail(",\n");
|
||||||
|
@ -50,49 +50,41 @@ begin
|
|||||||
perform createRoleWithGrants(
|
perform createRoleWithGrants(
|
||||||
hsOfficeRelationOWNER(NEW),
|
hsOfficeRelationOWNER(NEW),
|
||||||
permissions => array['DELETE'],
|
permissions => array['DELETE'],
|
||||||
|
incomingSuperRoles => array[globalADMIN()],
|
||||||
userUuids => array[currentUserUuid()]
|
userUuids => array[currentUserUuid()]
|
||||||
);
|
);
|
||||||
|
|
||||||
perform createRoleWithGrants(
|
perform createRoleWithGrants(
|
||||||
hsOfficeRelationADMIN(NEW),
|
hsOfficeRelationADMIN(NEW),
|
||||||
permissions => array['UPDATE']
|
permissions => array['UPDATE'],
|
||||||
|
incomingSuperRoles => array[hsOfficeRelationOWNER(NEW)]
|
||||||
);
|
);
|
||||||
|
|
||||||
perform createRoleWithGrants(
|
perform createRoleWithGrants(
|
||||||
hsOfficeRelationAGENT(NEW)
|
hsOfficeRelationAGENT(NEW),
|
||||||
|
incomingSuperRoles => array[hsOfficeRelationADMIN(NEW)]
|
||||||
);
|
);
|
||||||
|
|
||||||
perform createRoleWithGrants(
|
perform createRoleWithGrants(
|
||||||
hsOfficeRelationTENANT(NEW),
|
hsOfficeRelationTENANT(NEW),
|
||||||
permissions => array['SELECT']
|
permissions => array['SELECT'],
|
||||||
|
incomingSuperRoles => array[
|
||||||
|
hsOfficeContactADMIN(newContact),
|
||||||
|
hsOfficePersonADMIN(newHolderPerson),
|
||||||
|
hsOfficeRelationAGENT(NEW)],
|
||||||
|
outgoingSubRoles => array[
|
||||||
|
hsOfficeContactREFERRER(newContact),
|
||||||
|
hsOfficePersonREFERRER(newAnchorPerson),
|
||||||
|
hsOfficePersonREFERRER(newHolderPerson)]
|
||||||
);
|
);
|
||||||
|
|
||||||
IF type = 'REPRESENTATIVE' THEN
|
IF NEW.type = 'REPRESENTATIVE' THEN
|
||||||
call grantRoleToRole(hsOfficeContactREFERRER(newContact), hsOfficeRelationTENANT(NEW));
|
|
||||||
call grantRoleToRole(hsOfficePersonOWNER(newAnchorPerson), hsOfficeRelationADMIN(NEW));
|
call grantRoleToRole(hsOfficePersonOWNER(newAnchorPerson), hsOfficeRelationADMIN(NEW));
|
||||||
call grantRoleToRole(hsOfficePersonREFERRER(newAnchorPerson), hsOfficeRelationTENANT(NEW));
|
|
||||||
call grantRoleToRole(hsOfficePersonREFERRER(newHolderPerson), hsOfficeRelationTENANT(NEW));
|
|
||||||
call grantRoleToRole(hsOfficeRelationADMIN(NEW), hsOfficeRelationOWNER(NEW));
|
|
||||||
call grantRoleToRole(hsOfficeRelationAGENT(NEW), hsOfficePersonADMIN(newAnchorPerson));
|
call grantRoleToRole(hsOfficeRelationAGENT(NEW), hsOfficePersonADMIN(newAnchorPerson));
|
||||||
call grantRoleToRole(hsOfficeRelationAGENT(NEW), hsOfficeRelationADMIN(NEW));
|
|
||||||
call grantRoleToRole(hsOfficeRelationOWNER(NEW), globalAdmin());
|
|
||||||
call grantRoleToRole(hsOfficeRelationOWNER(NEW), hsOfficePersonADMIN(newHolderPerson));
|
call grantRoleToRole(hsOfficeRelationOWNER(NEW), hsOfficePersonADMIN(newHolderPerson));
|
||||||
call grantRoleToRole(hsOfficeRelationTENANT(NEW), hsOfficeContactADMIN(newContact));
|
|
||||||
call grantRoleToRole(hsOfficeRelationTENANT(NEW), hsOfficePersonADMIN(newHolderPerson));
|
|
||||||
call grantRoleToRole(hsOfficeRelationTENANT(NEW), hsOfficeRelationAGENT(NEW));
|
|
||||||
ELSIF type = 'DEBITOR' THEN
|
|
||||||
ELSE
|
ELSE
|
||||||
call grantRoleToRole(hsOfficeContactREFERRER(newContact), hsOfficeRelationTENANT(NEW));
|
|
||||||
call grantRoleToRole(hsOfficePersonREFERRER(newAnchorPerson), hsOfficeRelationTENANT(NEW));
|
|
||||||
call grantRoleToRole(hsOfficePersonREFERRER(newHolderPerson), hsOfficeRelationTENANT(NEW));
|
|
||||||
call grantRoleToRole(hsOfficeRelationADMIN(NEW), hsOfficePersonADMIN(newAnchorPerson));
|
call grantRoleToRole(hsOfficeRelationADMIN(NEW), hsOfficePersonADMIN(newAnchorPerson));
|
||||||
call grantRoleToRole(hsOfficeRelationADMIN(NEW), hsOfficeRelationOWNER(NEW));
|
|
||||||
call grantRoleToRole(hsOfficeRelationAGENT(NEW), hsOfficePersonADMIN(newHolderPerson));
|
call grantRoleToRole(hsOfficeRelationAGENT(NEW), hsOfficePersonADMIN(newHolderPerson));
|
||||||
call grantRoleToRole(hsOfficeRelationAGENT(NEW), hsOfficeRelationADMIN(NEW));
|
|
||||||
call grantRoleToRole(hsOfficeRelationOWNER(NEW), globalAdmin());
|
|
||||||
call grantRoleToRole(hsOfficeRelationTENANT(NEW), hsOfficeContactADMIN(newContact));
|
|
||||||
call grantRoleToRole(hsOfficeRelationTENANT(NEW), hsOfficePersonADMIN(newHolderPerson));
|
|
||||||
call grantRoleToRole(hsOfficeRelationTENANT(NEW), hsOfficeRelationAGENT(NEW));
|
|
||||||
END IF;
|
END IF;
|
||||||
|
|
||||||
call leaveTriggerForObjectUuid(NEW.uuid);
|
call leaveTriggerForObjectUuid(NEW.uuid);
|
||||||
|
@ -1,46 +0,0 @@
|
|||||||
package net.hostsharing.hsadminng.rbac.rbacdef;
|
|
||||||
|
|
||||||
import net.hostsharing.hsadminng.rbac.rbacdef.ConditionGenerator.CaseDef;
|
|
||||||
import org.junit.jupiter.api.Test;
|
|
||||||
|
|
||||||
import java.util.function.Consumer;
|
|
||||||
|
|
||||||
import static net.hostsharing.hsadminng.rbac.rbacdef.ConditionGenerator.CaseDef.inCaseOf;
|
|
||||||
import static net.hostsharing.hsadminng.rbac.rbacdef.ConditionGenerator.CaseDef.inOtherCases;
|
|
||||||
import static org.apache.commons.collections4.SetUtils.hashSet;
|
|
||||||
import static org.assertj.core.api.Assertions.assertThat;
|
|
||||||
|
|
||||||
class ConditionGeneratorUnitTest {
|
|
||||||
|
|
||||||
static final Consumer<RbacView> CONSUMER_FAKE = null;
|
|
||||||
static final CaseDef CASE_A = inCaseOf("A", CONSUMER_FAKE);
|
|
||||||
static final CaseDef CASE_B = inCaseOf("B", CONSUMER_FAKE);
|
|
||||||
static final CaseDef DEFAULT_CASE = inOtherCases(CONSUMER_FAKE);
|
|
||||||
|
|
||||||
static final ConditionGenerator GENERATOR_WITH_A_B_AND_DEFAULT =
|
|
||||||
new ConditionGenerator("someCol", hashSet(CASE_A, CASE_B, DEFAULT_CASE));
|
|
||||||
|
|
||||||
@Test
|
|
||||||
void onlyCase_A_from_A_B_and_DEFAULT() {
|
|
||||||
assertThat(GENERATOR_WITH_A_B_AND_DEFAULT.generatePlPgSql(hashSet(CASE_A)))
|
|
||||||
.isEqualTo("someCol = 'A'");
|
|
||||||
}
|
|
||||||
|
|
||||||
@Test
|
|
||||||
void case_A_and_B_from_A_B_and_DEFAULT() {
|
|
||||||
assertThat(GENERATOR_WITH_A_B_AND_DEFAULT.generatePlPgSql(hashSet(CASE_A, CASE_B)))
|
|
||||||
.isEqualTo("someCol in ('A', 'B')");
|
|
||||||
}
|
|
||||||
|
|
||||||
@Test
|
|
||||||
void case_DEFAULT_from_A_B_and_DEFAULT() {
|
|
||||||
assertThat(GENERATOR_WITH_A_B_AND_DEFAULT.generatePlPgSql(hashSet(DEFAULT_CASE)))
|
|
||||||
.isEqualTo("someCol not in ('A', 'B')");
|
|
||||||
}
|
|
||||||
|
|
||||||
@Test
|
|
||||||
void case_A_and_DEFAULT_from_A_B_and_DEFAULT() {
|
|
||||||
assertThat(GENERATOR_WITH_A_B_AND_DEFAULT.generatePlPgSql(hashSet(CASE_A, DEFAULT_CASE)))
|
|
||||||
.isEqualTo("someCol <> 'B'");
|
|
||||||
}
|
|
||||||
}
|
|
Loading…
Reference in New Issue
Block a user