allow-multiple-insert-permission-grants #49
@ -164,6 +164,19 @@ public class InsertTriggerGenerator {
|
||||
}
|
||||
|
||||
private void generateInsertPermissionChecks(final StringWriter plPgSql) {
|
||||
generateInsertPermissionsCheckHeader(plPgSql);
|
||||
|
||||
plPgSql.indented(1, () -> {
|
||||
getInsertGrants().forEach(g -> {
|
||||
generateInsertPermissionChecksForSingleGrant(plPgSql, g);
|
||||
});
|
||||
plPgSql.chopTail(" or\n");
|
||||
});
|
||||
|
||||
generateInsertPermissionsChecksFooter(plPgSql);
|
||||
}
|
||||
|
||||
private void generateInsertPermissionsCheckHeader(final StringWriter plPgSql) {
|
||||
plPgSql.writeLn("""
|
||||
-- ============================================================================
|
||||
--changeset ${rawSubTable}-rbac-CHECKING-INSERT-PERMISSION:1 endDelimiter:--//
|
||||
@ -181,9 +194,9 @@ public class InsertTriggerGenerator {
|
||||
""",
|
||||
with("rawSubTable", rbacDef.getRootEntityAlias().getRawTableName()));
|
||||
plPgSql.chopEmptyLines();
|
||||
}
|
||||
|
||||
plPgSql.indented(1, () -> {
|
||||
getInsertGrants().forEach(g -> {
|
||||
private void generateInsertPermissionChecksForSingleGrant(final StringWriter plPgSql, final RbacView.RbacGrantDefinition g) {
|
||||
final RbacView.EntityAlias superRoleEntityAlias = g.getSuperRoleDef().getEntityAlias();
|
||||
|
||||
final var caseCondition = g.isConditional()
|
||||
@ -236,11 +249,10 @@ public class InsertTriggerGenerator {
|
||||
with("columns", g.getSuperRoleDef().getEntityAlias().aliasName() + ".uuid"),
|
||||
with("ref", NEW.name()));
|
||||
}
|
||||
});
|
||||
plPgSql.chopTail(" or\n");
|
||||
});
|
||||
plPgSql.writeLn();
|
||||
}
|
||||
|
||||
private void generateInsertPermissionsChecksFooter(final StringWriter plPgSql) {
|
||||
plPgSql.writeLn();
|
||||
plPgSql.writeLn("""
|
||||
raise exception '[403] insert into ${rawSubTable} not allowed for current subjects % (%)',
|
||||
currentSubjects(), currentSubjectsUuids();
|
||||
|
Loading…
Reference in New Issue
Block a user