allow-multiple-insert-permission-grants #49
@ -569,14 +569,14 @@ select exists(
|
|||||||
);
|
);
|
||||||
$$;
|
$$;
|
||||||
|
|
||||||
create or replace function hasInsertPermission(objectUuid uuid, forOp RbacOp, tableName text )
|
create or replace function hasInsertPermission(objectUuid uuid, tableName text )
|
||||||
returns BOOL
|
returns BOOL
|
||||||
stable -- leakproof
|
stable -- leakproof
|
||||||
language plpgsql as $$
|
language plpgsql as $$
|
||||||
declare
|
declare
|
||||||
permissionUuid uuid;
|
permissionUuid uuid;
|
||||||
begin
|
begin
|
||||||
permissionUuid = findPermissionId(objectUuid, forOp, tableName);
|
permissionUuid = findPermissionId(objectUuid, 'INSERT'::RbacOp, tableName);
|
||||||
return permissionUuid is not null;
|
return permissionUuid is not null;
|
||||||
end;
|
end;
|
||||||
$$;
|
$$;
|
||||||
|
@ -200,7 +200,7 @@ end; $$;
|
|||||||
create trigger test_package_insert_permission_check_tg
|
create trigger test_package_insert_permission_check_tg
|
||||||
before insert on test_package
|
before insert on test_package
|
||||||
for each row
|
for each row
|
||||||
when ( not hasInsertPermission(NEW.customerUuid, 'INSERT', 'test_package') )
|
when ( not hasInsertPermission(NEW.customerUuid, 'test_package') )
|
||||||
execute procedure test_package_insert_permission_missing_tf();
|
execute procedure test_package_insert_permission_missing_tf();
|
||||||
--//
|
--//
|
||||||
|
|
||||||
|
@ -199,7 +199,7 @@ end; $$;
|
|||||||
create trigger test_domain_insert_permission_check_tg
|
create trigger test_domain_insert_permission_check_tg
|
||||||
before insert on test_domain
|
before insert on test_domain
|
||||||
for each row
|
for each row
|
||||||
when ( not hasInsertPermission(NEW.packageUuid, 'INSERT', 'test_domain') )
|
when ( not hasInsertPermission(NEW.packageUuid, 'test_domain') )
|
||||||
execute procedure test_domain_insert_permission_missing_tf();
|
execute procedure test_domain_insert_permission_missing_tf();
|
||||||
--//
|
--//
|
||||||
|
|
||||||
|
@ -209,7 +209,7 @@ end; $$;
|
|||||||
create trigger hs_office_relation_insert_permission_check_tg
|
create trigger hs_office_relation_insert_permission_check_tg
|
||||||
before insert on hs_office_relation
|
before insert on hs_office_relation
|
||||||
for each row
|
for each row
|
||||||
when ( not hasInsertPermission(NEW.anchorUuid, 'INSERT', 'hs_office_relation') )
|
when ( not hasInsertPermission(NEW.anchorUuid, 'hs_office_relation') )
|
||||||
execute procedure hs_office_relation_insert_permission_missing_tf();
|
execute procedure hs_office_relation_insert_permission_missing_tf();
|
||||||
--//
|
--//
|
||||||
|
|
||||||
|
@ -168,7 +168,7 @@ begin
|
|||||||
);
|
);
|
||||||
assert superRoleObjectUuid is not null, 'superRoleObjectUuid must not be null';
|
assert superRoleObjectUuid is not null, 'superRoleObjectUuid must not be null';
|
||||||
|
|
||||||
if ( not hasInsertPermission(superRoleObjectUuid, 'INSERT', 'hs_office_sepamandate') ) then
|
if ( not hasInsertPermission(superRoleObjectUuid, 'hs_office_sepamandate') ) then
|
||||||
raise exception
|
raise exception
|
||||||
'[403] insert into hs_office_sepamandate not allowed for current subjects % (%)',
|
'[403] insert into hs_office_sepamandate not allowed for current subjects % (%)',
|
||||||
currentSubjects(), currentSubjectsUuids();
|
currentSubjects(), currentSubjectsUuids();
|
||||||
|
@ -123,7 +123,7 @@ end; $$;
|
|||||||
create trigger hs_office_coopsharestransaction_insert_permission_check_tg
|
create trigger hs_office_coopsharestransaction_insert_permission_check_tg
|
||||||
before insert on hs_office_coopsharestransaction
|
before insert on hs_office_coopsharestransaction
|
||||||
for each row
|
for each row
|
||||||
when ( not hasInsertPermission(NEW.membershipUuid, 'INSERT', 'hs_office_coopsharestransaction') )
|
when ( not hasInsertPermission(NEW.membershipUuid, 'hs_office_coopsharestransaction') )
|
||||||
execute procedure hs_office_coopsharestransaction_insert_permission_missing_tf();
|
execute procedure hs_office_coopsharestransaction_insert_permission_missing_tf();
|
||||||
--//
|
--//
|
||||||
|
|
||||||
|
@ -123,7 +123,7 @@ end; $$;
|
|||||||
create trigger hs_office_coopassetstransaction_insert_permission_check_tg
|
create trigger hs_office_coopassetstransaction_insert_permission_check_tg
|
||||||
before insert on hs_office_coopassetstransaction
|
before insert on hs_office_coopassetstransaction
|
||||||
for each row
|
for each row
|
||||||
when ( not hasInsertPermission(NEW.membershipUuid, 'INSERT', 'hs_office_coopassetstransaction') )
|
when ( not hasInsertPermission(NEW.membershipUuid, 'hs_office_coopassetstransaction') )
|
||||||
execute procedure hs_office_coopassetstransaction_insert_permission_missing_tf();
|
execute procedure hs_office_coopassetstransaction_insert_permission_missing_tf();
|
||||||
--//
|
--//
|
||||||
|
|
||||||
|
@ -164,7 +164,7 @@ begin
|
|||||||
);
|
);
|
||||||
assert superRoleObjectUuid is not null, 'superRoleObjectUuid must not be null';
|
assert superRoleObjectUuid is not null, 'superRoleObjectUuid must not be null';
|
||||||
|
|
||||||
if ( not hasInsertPermission(superRoleObjectUuid, 'INSERT', 'hs_booking_item') ) then
|
if ( not hasInsertPermission(superRoleObjectUuid, 'hs_booking_item') ) then
|
||||||
raise exception
|
raise exception
|
||||||
'[403] insert into hs_booking_item not allowed for current subjects % (%)',
|
'[403] insert into hs_booking_item not allowed for current subjects % (%)',
|
||||||
currentSubjects(), currentSubjectsUuids();
|
currentSubjects(), currentSubjectsUuids();
|
||||||
|
@ -203,7 +203,7 @@ create trigger hs_hosting_asset_insert_permission_check_tg
|
|||||||
for each row
|
for each row
|
||||||
when ( not (
|
when ( not (
|
||||||
|
|
||||||
hasInsertPermission(NEW.bookingItemUuid, 'INSERT', 'hs_hosting_asset') or
|
hasInsertPermission(NEW.bookingItemUuid, 'hs_hosting_asset') or
|
||||||
NEW.type = 'MANAGED_SERVER' and hasInsertPermission(NEW.parentAssetUuid, 'INSERT', 'hs_hosting_asset') ) )
|
NEW.type = 'MANAGED_SERVER' and hasInsertPermission(NEW.parentAssetUuid, 'INSERT', 'hs_hosting_asset') ) )
|
||||||
execute procedure hs_hosting_asset_insert_permission_missing_tf();
|
execute procedure hs_hosting_asset_insert_permission_missing_tf();
|
||||||
--//
|
--//
|
||||||
|
Loading…
Reference in New Issue
Block a user