2024-04-29 11:43:49 +02:00
9 changed files with 10 additions and 10 deletions
--- a/src/main/resources/db/changelog/1-rbac/1050-rbac-base.sql
+++ b/src/main/resources/db/changelog/1-rbac/1050-rbac-base.sql
@ -569,14 +569,14 @@ select exists(
           );
 $$;

-create or replace function hasInsertPermission(objectUuid uuid, forOp RbacOp, tableName text )
+create or replace function hasInsertPermission(objectUuid uuid, tableName text )
    returns BOOL
    stable -- leakproof
    language plpgsql as $$
 declare
    permissionUuid uuid;
 begin
-    permissionUuid = findPermissionId(objectUuid, forOp, tableName);
+    permissionUuid = findPermissionId(objectUuid, 'INSERT'::RbacOp, tableName);
    return permissionUuid is not null;
 end;
 $$;
--- a/src/main/resources/db/changelog/2-test/202-test-package/2023-test-package-rbac.sql
+++ b/src/main/resources/db/changelog/2-test/202-test-package/2023-test-package-rbac.sql
@ -200,7 +200,7 @@ end; $$;
 create trigger test_package_insert_permission_check_tg
    before insert on test_package
    for each row
-    when ( not hasInsertPermission(NEW.customerUuid, 'INSERT', 'test_package') )
+    when ( not hasInsertPermission(NEW.customerUuid, 'test_package') )
        execute procedure test_package_insert_permission_missing_tf();
 --//

--- a/src/main/resources/db/changelog/2-test/203-test-domain/2033-test-domain-rbac.sql
+++ b/src/main/resources/db/changelog/2-test/203-test-domain/2033-test-domain-rbac.sql
@ -199,7 +199,7 @@ end; $$;
 create trigger test_domain_insert_permission_check_tg
    before insert on test_domain
    for each row
-    when ( not hasInsertPermission(NEW.packageUuid, 'INSERT', 'test_domain') )
+    when ( not hasInsertPermission(NEW.packageUuid, 'test_domain') )
        execute procedure test_domain_insert_permission_missing_tf();
 --//

--- a/src/main/resources/db/changelog/5-hs-office/503-relation/5033-hs-office-relation-rbac.sql
+++ b/src/main/resources/db/changelog/5-hs-office/503-relation/5033-hs-office-relation-rbac.sql
@ -209,7 +209,7 @@ end; $$;
 create trigger hs_office_relation_insert_permission_check_tg
    before insert on hs_office_relation
    for each row
-    when ( not hasInsertPermission(NEW.anchorUuid, 'INSERT', 'hs_office_relation') )
+    when ( not hasInsertPermission(NEW.anchorUuid, 'hs_office_relation') )
        execute procedure hs_office_relation_insert_permission_missing_tf();
 --//

--- a/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5073-hs-office-sepamandate-rbac.sql
+++ b/src/main/resources/db/changelog/5-hs-office/507-sepamandate/5073-hs-office-sepamandate-rbac.sql
@ -168,7 +168,7 @@ begin
        );
        assert superRoleObjectUuid is not null, 'superRoleObjectUuid must not be null';

-        if ( not hasInsertPermission(superRoleObjectUuid, 'INSERT', 'hs_office_sepamandate') ) then
+        if ( not hasInsertPermission(superRoleObjectUuid, 'hs_office_sepamandate') ) then
            raise exception
                '[403] insert into hs_office_sepamandate not allowed for current subjects % (%)',
                currentSubjects(), currentSubjectsUuids();
--- a/src/main/resources/db/changelog/5-hs-office/511-coopshares/5113-hs-office-coopshares-rbac.sql
+++ b/src/main/resources/db/changelog/5-hs-office/511-coopshares/5113-hs-office-coopshares-rbac.sql
@ -123,7 +123,7 @@ end; $$;
 create trigger hs_office_coopsharestransaction_insert_permission_check_tg
    before insert on hs_office_coopsharestransaction
    for each row
-    when ( not hasInsertPermission(NEW.membershipUuid, 'INSERT', 'hs_office_coopsharestransaction') )
+    when ( not hasInsertPermission(NEW.membershipUuid, 'hs_office_coopsharestransaction') )
        execute procedure hs_office_coopsharestransaction_insert_permission_missing_tf();
 --//

--- a/src/main/resources/db/changelog/5-hs-office/512-coopassets/5123-hs-office-coopassets-rbac.sql
+++ b/src/main/resources/db/changelog/5-hs-office/512-coopassets/5123-hs-office-coopassets-rbac.sql
@ -123,7 +123,7 @@ end; $$;
 create trigger hs_office_coopassetstransaction_insert_permission_check_tg
    before insert on hs_office_coopassetstransaction
    for each row
-    when ( not hasInsertPermission(NEW.membershipUuid, 'INSERT', 'hs_office_coopassetstransaction') )
+    when ( not hasInsertPermission(NEW.membershipUuid, 'hs_office_coopassetstransaction') )
        execute procedure hs_office_coopassetstransaction_insert_permission_missing_tf();
 --//

--- a/src/main/resources/db/changelog/6-hs-booking/601-booking-item/6013-hs-booking-item-rbac.sql
+++ b/src/main/resources/db/changelog/6-hs-booking/601-booking-item/6013-hs-booking-item-rbac.sql
@ -164,7 +164,7 @@ begin
        );
        assert superRoleObjectUuid is not null, 'superRoleObjectUuid must not be null';

-        if ( not hasInsertPermission(superRoleObjectUuid, 'INSERT', 'hs_booking_item') ) then
+        if ( not hasInsertPermission(superRoleObjectUuid, 'hs_booking_item') ) then
            raise exception
                '[403] insert into hs_booking_item not allowed for current subjects % (%)',
                currentSubjects(), currentSubjectsUuids();
--- a/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7013-hs-hosting-asset-rbac.sql
+++ b/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7013-hs-hosting-asset-rbac.sql
@ -203,7 +203,7 @@ create trigger hs_hosting_asset_insert_permission_check_tg
    for each row
    when ( not (

-        hasInsertPermission(NEW.bookingItemUuid, 'INSERT', 'hs_hosting_asset') or
+        hasInsertPermission(NEW.bookingItemUuid, 'hs_hosting_asset') or
        NEW.type = 'MANAGED_SERVER' and hasInsertPermission(NEW.parentAssetUuid, 'INSERT', 'hs_hosting_asset')        ) )
        execute procedure hs_hosting_asset_insert_permission_missing_tf();
 --//