allow-multiple-insert-permission-grants #49

Merged
hsh-michaelhoennig merged 15 commits from allow-multiple-insert-permission-grants into master 2024-04-29 11:43:49 +02:00
Showing only changes of commit ed59b877ce - Show all commits

View File

@ -93,7 +93,7 @@ execute procedure insertTriggerForHsHostingAsset_tf();
--changeset hs-hosting-asset-rbac-GRANTING-INSERT-PERMISSION:1 endDelimiter:--// --changeset hs-hosting-asset-rbac-GRANTING-INSERT-PERMISSION:1 endDelimiter:--//
-- ---------------------------------------------------------------------------- -- ----------------------------------------------------------------------------
-- granting INSERT permission to hs_hosting_asset ---------------------------- -- granting INSERT permission to hs_booking_item ----------------------------
/* /*
Grants INSERT INTO hs_hosting_asset permissions to specified role of pre-existing hs_booking_item rows. Grants INSERT INTO hs_hosting_asset permissions to specified role of pre-existing hs_booking_item rows.
@ -141,21 +141,7 @@ execute procedure new_hs_hosting_asset_grants_insert_to_hs_booking_item_tf();
/* /*
Grants INSERT INTO hs_hosting_asset permissions to specified role of pre-existing hs_hosting_asset rows. Grants INSERT INTO hs_hosting_asset permissions to specified role of pre-existing hs_hosting_asset rows.
*/ */
do language plpgsql $$ -- Skipped, because there cannot yet be any pre-existing hs_hosting_asset rows.
declare
preExistingRow hs_hosting_asset;
begin
call defineContext('create INSERT INTO hs_hosting_asset permissions for pre-exising hs_hosting_asset rows');
FOR preExistingRow IN SELECT * FROM hs_hosting_asset
WHERE preExistingRow.type = 'MANAGED_SERVER'
LOOP
call grantPermissionToRole(
createPermission(preExistingRow.uuid, 'INSERT', 'hs_hosting_asset'),
hsBookingItemAGENT(preExistingRow));
END LOOP;
end;
$$;
/** /**
Grants hs_hosting_asset INSERT permission to specified role of new hs_hosting_asset rows. Grants hs_hosting_asset INSERT permission to specified role of new hs_hosting_asset rows.
@ -202,11 +188,10 @@ create trigger hs_hosting_asset_insert_permission_check_tg
before insert on hs_hosting_asset before insert on hs_hosting_asset
for each row for each row
when ( not ( when ( not (
hasInsertPermission(NEW.bookingItemUuid, 'hs_hosting_asset') or
hasInsertPermission(NEW.bookingItemUuid, 'hs_hosting_asset') or NEW.type = 'MANAGED_WEBSPACE' and hasInsertPermission(NEW.parentAssetUuid, 'INSERT', 'hs_hosting_asset') ) )
NEW.type = 'MANAGED_SERVER' and hasInsertPermission(NEW.parentAssetUuid, 'INSERT', 'hs_hosting_asset') ) )
execute procedure hs_hosting_asset_insert_permission_missing_tf(); execute procedure hs_hosting_asset_insert_permission_missing_tf();
--//
--// --//
-- ============================================================================ -- ============================================================================