allow-multiple-insert-permission-grants #49

Merged
hsh-michaelhoennig merged 15 commits from allow-multiple-insert-permission-grants into master 2024-04-29 11:43:49 +02:00
9 changed files with 10 additions and 10 deletions
Showing only changes of commit 21bb9dad19 - Show all commits

View File

@ -569,14 +569,14 @@ select exists(
); );
$$; $$;
create or replace function hasInsertPermission(objectUuid uuid, forOp RbacOp, tableName text ) create or replace function hasInsertPermission(objectUuid uuid, tableName text )
returns BOOL returns BOOL
stable -- leakproof stable -- leakproof
language plpgsql as $$ language plpgsql as $$
declare declare
permissionUuid uuid; permissionUuid uuid;
begin begin
permissionUuid = findPermissionId(objectUuid, forOp, tableName); permissionUuid = findPermissionId(objectUuid, 'INSERT'::RbacOp, tableName);
return permissionUuid is not null; return permissionUuid is not null;
end; end;
$$; $$;

View File

@ -200,7 +200,7 @@ end; $$;
create trigger test_package_insert_permission_check_tg create trigger test_package_insert_permission_check_tg
before insert on test_package before insert on test_package
for each row for each row
when ( not hasInsertPermission(NEW.customerUuid, 'INSERT', 'test_package') ) when ( not hasInsertPermission(NEW.customerUuid, 'test_package') )
execute procedure test_package_insert_permission_missing_tf(); execute procedure test_package_insert_permission_missing_tf();
--// --//

View File

@ -199,7 +199,7 @@ end; $$;
create trigger test_domain_insert_permission_check_tg create trigger test_domain_insert_permission_check_tg
before insert on test_domain before insert on test_domain
for each row for each row
when ( not hasInsertPermission(NEW.packageUuid, 'INSERT', 'test_domain') ) when ( not hasInsertPermission(NEW.packageUuid, 'test_domain') )
execute procedure test_domain_insert_permission_missing_tf(); execute procedure test_domain_insert_permission_missing_tf();
--// --//

View File

@ -209,7 +209,7 @@ end; $$;
create trigger hs_office_relation_insert_permission_check_tg create trigger hs_office_relation_insert_permission_check_tg
before insert on hs_office_relation before insert on hs_office_relation
for each row for each row
when ( not hasInsertPermission(NEW.anchorUuid, 'INSERT', 'hs_office_relation') ) when ( not hasInsertPermission(NEW.anchorUuid, 'hs_office_relation') )
execute procedure hs_office_relation_insert_permission_missing_tf(); execute procedure hs_office_relation_insert_permission_missing_tf();
--// --//

View File

@ -168,7 +168,7 @@ begin
); );
assert superRoleObjectUuid is not null, 'superRoleObjectUuid must not be null'; assert superRoleObjectUuid is not null, 'superRoleObjectUuid must not be null';
if ( not hasInsertPermission(superRoleObjectUuid, 'INSERT', 'hs_office_sepamandate') ) then if ( not hasInsertPermission(superRoleObjectUuid, 'hs_office_sepamandate') ) then
raise exception raise exception
'[403] insert into hs_office_sepamandate not allowed for current subjects % (%)', '[403] insert into hs_office_sepamandate not allowed for current subjects % (%)',
currentSubjects(), currentSubjectsUuids(); currentSubjects(), currentSubjectsUuids();

View File

@ -123,7 +123,7 @@ end; $$;
create trigger hs_office_coopsharestransaction_insert_permission_check_tg create trigger hs_office_coopsharestransaction_insert_permission_check_tg
before insert on hs_office_coopsharestransaction before insert on hs_office_coopsharestransaction
for each row for each row
when ( not hasInsertPermission(NEW.membershipUuid, 'INSERT', 'hs_office_coopsharestransaction') ) when ( not hasInsertPermission(NEW.membershipUuid, 'hs_office_coopsharestransaction') )
execute procedure hs_office_coopsharestransaction_insert_permission_missing_tf(); execute procedure hs_office_coopsharestransaction_insert_permission_missing_tf();
--// --//

View File

@ -123,7 +123,7 @@ end; $$;
create trigger hs_office_coopassetstransaction_insert_permission_check_tg create trigger hs_office_coopassetstransaction_insert_permission_check_tg
before insert on hs_office_coopassetstransaction before insert on hs_office_coopassetstransaction
for each row for each row
when ( not hasInsertPermission(NEW.membershipUuid, 'INSERT', 'hs_office_coopassetstransaction') ) when ( not hasInsertPermission(NEW.membershipUuid, 'hs_office_coopassetstransaction') )
execute procedure hs_office_coopassetstransaction_insert_permission_missing_tf(); execute procedure hs_office_coopassetstransaction_insert_permission_missing_tf();
--// --//

View File

@ -164,7 +164,7 @@ begin
); );
assert superRoleObjectUuid is not null, 'superRoleObjectUuid must not be null'; assert superRoleObjectUuid is not null, 'superRoleObjectUuid must not be null';
if ( not hasInsertPermission(superRoleObjectUuid, 'INSERT', 'hs_booking_item') ) then if ( not hasInsertPermission(superRoleObjectUuid, 'hs_booking_item') ) then
raise exception raise exception
'[403] insert into hs_booking_item not allowed for current subjects % (%)', '[403] insert into hs_booking_item not allowed for current subjects % (%)',
currentSubjects(), currentSubjectsUuids(); currentSubjects(), currentSubjectsUuids();

View File

@ -203,7 +203,7 @@ create trigger hs_hosting_asset_insert_permission_check_tg
for each row for each row
when ( not ( when ( not (
hasInsertPermission(NEW.bookingItemUuid, 'INSERT', 'hs_hosting_asset') or hasInsertPermission(NEW.bookingItemUuid, 'hs_hosting_asset') or
NEW.type = 'MANAGED_SERVER' and hasInsertPermission(NEW.parentAssetUuid, 'INSERT', 'hs_hosting_asset') ) ) NEW.type = 'MANAGED_SERVER' and hasInsertPermission(NEW.parentAssetUuid, 'INSERT', 'hs_hosting_asset') ) )
execute procedure hs_hosting_asset_insert_permission_missing_tf(); execute procedure hs_hosting_asset_insert_permission_missing_tf();
--// --//