hostsharing/hs.hsadmin.ng
6
0
Fork 0
Code Pull Requests 2 Activity

allow-multiple-insert-permission-grants #49

Merged
hsh-michaelhoennig merged 15 commits from allow-multiple-insert-permission-grants into master 2024-04-29 11:43:49 +02:00
Conversation 0 Commits 15 Files Changed 45 +69 -57
1 changed files with 69 additions and 57 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit e2b90a7429 - Show all commits

24
src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/InsertTriggerGenerator.java
View File

@ -164,6 +164,19 @@ public class InsertTriggerGenerator {
} }
private void generateInsertPermissionChecks(final StringWriter plPgSql) { private void generateInsertPermissionChecks(final StringWriter plPgSql) {
generateInsertPermissionsCheckHeader(plPgSql);
plPgSql.indented(1, () -> {
getInsertGrants().forEach(g -> {
generateInsertPermissionChecksForSingleGrant(plPgSql, g);
});
plPgSql.chopTail(" or\n");
});
generateInsertPermissionsChecksFooter(plPgSql);
}
private void generateInsertPermissionsCheckHeader(final StringWriter plPgSql) {
plPgSql.writeLn(""" plPgSql.writeLn("""
-- ============================================================================ -- ============================================================================
--changeset ${rawSubTable}-rbac-CHECKING-INSERT-PERMISSION:1 endDelimiter:--// --changeset ${rawSubTable}-rbac-CHECKING-INSERT-PERMISSION:1 endDelimiter:--//
@ -181,9 +194,9 @@ public class InsertTriggerGenerator {
""", """,
with("rawSubTable", rbacDef.getRootEntityAlias().getRawTableName())); with("rawSubTable", rbacDef.getRootEntityAlias().getRawTableName()));
plPgSql.chopEmptyLines(); plPgSql.chopEmptyLines();
}
plPgSql.indented(1, () -> { private void generateInsertPermissionChecksForSingleGrant(final StringWriter plPgSql, final RbacView.RbacGrantDefinition g) {
getInsertGrants().forEach(g -> {
final RbacView.EntityAlias superRoleEntityAlias = g.getSuperRoleDef().getEntityAlias(); final RbacView.EntityAlias superRoleEntityAlias = g.getSuperRoleDef().getEntityAlias();
final var caseCondition = g.isConditional() final var caseCondition = g.isConditional()
@ -236,11 +249,10 @@ public class InsertTriggerGenerator {
with("columns", g.getSuperRoleDef().getEntityAlias().aliasName() + ".uuid"), with("columns", g.getSuperRoleDef().getEntityAlias().aliasName() + ".uuid"),
with("ref", NEW.name())); with("ref", NEW.name()));
} }
}); }
plPgSql.chopTail(" or\n");
});
plPgSql.writeLn();
private void generateInsertPermissionsChecksFooter(final StringWriter plPgSql) {
plPgSql.writeLn();
plPgSql.writeLn(""" plPgSql.writeLn("""
raise exception '[403] insert into ${rawSubTable} not allowed for current subjects % (%)', raise exception '[403] insert into ${rawSubTable} not allowed for current subjects % (%)',
currentSubjects(), currentSubjectsUuids(); currentSubjects(), currentSubjectsUuids();