allow-multiple-insert-permission-grants #49

Merged
hsh-michaelhoennig merged 15 commits from allow-multiple-insert-permission-grants into master 2024-04-29 11:43:49 +02:00
9 changed files with 10 additions and 10 deletions
Showing only changes of commit 21bb9dad19 - Show all commits

View File

@ -569,14 +569,14 @@ select exists(
);
$$;
create or replace function hasInsertPermission(objectUuid uuid, forOp RbacOp, tableName text )
create or replace function hasInsertPermission(objectUuid uuid, tableName text )
returns BOOL
stable -- leakproof
language plpgsql as $$
declare
permissionUuid uuid;
begin
permissionUuid = findPermissionId(objectUuid, forOp, tableName);
permissionUuid = findPermissionId(objectUuid, 'INSERT'::RbacOp, tableName);
return permissionUuid is not null;
end;
$$;

View File

@ -200,7 +200,7 @@ end; $$;
create trigger test_package_insert_permission_check_tg
before insert on test_package
for each row
when ( not hasInsertPermission(NEW.customerUuid, 'INSERT', 'test_package') )
when ( not hasInsertPermission(NEW.customerUuid, 'test_package') )
execute procedure test_package_insert_permission_missing_tf();
--//

View File

@ -199,7 +199,7 @@ end; $$;
create trigger test_domain_insert_permission_check_tg
before insert on test_domain
for each row
when ( not hasInsertPermission(NEW.packageUuid, 'INSERT', 'test_domain') )
when ( not hasInsertPermission(NEW.packageUuid, 'test_domain') )
execute procedure test_domain_insert_permission_missing_tf();
--//

View File

@ -209,7 +209,7 @@ end; $$;
create trigger hs_office_relation_insert_permission_check_tg
before insert on hs_office_relation
for each row
when ( not hasInsertPermission(NEW.anchorUuid, 'INSERT', 'hs_office_relation') )
when ( not hasInsertPermission(NEW.anchorUuid, 'hs_office_relation') )
execute procedure hs_office_relation_insert_permission_missing_tf();
--//

View File

@ -168,7 +168,7 @@ begin
);
assert superRoleObjectUuid is not null, 'superRoleObjectUuid must not be null';
if ( not hasInsertPermission(superRoleObjectUuid, 'INSERT', 'hs_office_sepamandate') ) then
if ( not hasInsertPermission(superRoleObjectUuid, 'hs_office_sepamandate') ) then
raise exception
'[403] insert into hs_office_sepamandate not allowed for current subjects % (%)',
currentSubjects(), currentSubjectsUuids();

View File

@ -123,7 +123,7 @@ end; $$;
create trigger hs_office_coopsharestransaction_insert_permission_check_tg
before insert on hs_office_coopsharestransaction
for each row
when ( not hasInsertPermission(NEW.membershipUuid, 'INSERT', 'hs_office_coopsharestransaction') )
when ( not hasInsertPermission(NEW.membershipUuid, 'hs_office_coopsharestransaction') )
execute procedure hs_office_coopsharestransaction_insert_permission_missing_tf();
--//

View File

@ -123,7 +123,7 @@ end; $$;
create trigger hs_office_coopassetstransaction_insert_permission_check_tg
before insert on hs_office_coopassetstransaction
for each row
when ( not hasInsertPermission(NEW.membershipUuid, 'INSERT', 'hs_office_coopassetstransaction') )
when ( not hasInsertPermission(NEW.membershipUuid, 'hs_office_coopassetstransaction') )
execute procedure hs_office_coopassetstransaction_insert_permission_missing_tf();
--//

View File

@ -164,7 +164,7 @@ begin
);
assert superRoleObjectUuid is not null, 'superRoleObjectUuid must not be null';
if ( not hasInsertPermission(superRoleObjectUuid, 'INSERT', 'hs_booking_item') ) then
if ( not hasInsertPermission(superRoleObjectUuid, 'hs_booking_item') ) then
raise exception
'[403] insert into hs_booking_item not allowed for current subjects % (%)',
currentSubjects(), currentSubjectsUuids();

View File

@ -203,7 +203,7 @@ create trigger hs_hosting_asset_insert_permission_check_tg
for each row
when ( not (
hasInsertPermission(NEW.bookingItemUuid, 'INSERT', 'hs_hosting_asset') or
hasInsertPermission(NEW.bookingItemUuid, 'hs_hosting_asset') or
NEW.type = 'MANAGED_SERVER' and hasInsertPermission(NEW.parentAssetUuid, 'INSERT', 'hs_hosting_asset') ) )
execute procedure hs_hosting_asset_insert_permission_missing_tf();
--//