hostsharing/hs.hsadmin.ng
6
0
Fork 0
Code Pull Requests 2 Activity

rbac-optimization #80

Merged
hsh-michaelhoennig merged 14 commits from rbac-optimization into master 2024-07-27 10:18:08 +02:00
Conversation 0 Commits 14 Files Changed 43 +32 -10
2 changed files with 32 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit ac956d3b05 - Show all commits

32
src/main/resources/db/changelog/1-rbac/1058-rbac-generators.sql
View File

@ -175,15 +175,37 @@ begin
Creates a restricted view based on the 'SELECT' permission of the current subject. Creates a restricted view based on the 'SELECT' permission of the current subject.
*/ */
sql := format($sql$ sql := format($sql$
set session session authorization default; create or replace view %1$s_rv as
create view %1$s_rv as with accessible_%1$s_uuids as (
with accessibleObjects as (
select queryAccessibleObjectUuidsOfSubjectIds('SELECT', '%1$s', currentSubjectsUuids()) with recursive grants as (
select descendantUuid, ascendantUuid, 1 as level
from RbacGrants
where assumed
and ascendantUuid = any (currentSubjectsuUids())
union all
select g.descendantUuid, g.ascendantUuid, level + 1 as level
from RbacGrants g
inner join grants on grants.descendantUuid = g.ascendantUuid
where g.assumed
),
granted as (
select distinct descendantUuid
from grants
)
select distinct perm.objectUuid as objectUuid
from granted
join RbacPermission perm on granted.descendantUuid = perm.uuid
join RbacObject obj on obj.uuid = perm.objectUuid
where perm.op = 'SELECT'
and obj.objectTable = '%1$s'
limit 8001
) )
select target.* select target.*
from %1$s as target from %1$s as target
where target.uuid in (select * from accessibleObjects) where target.uuid in (select * from accessible_%1$s_uuids)
order by %2$s; order by %2$s;
grant all privileges on %1$s_rv to ${HSADMINNG_POSTGRES_RESTRICTED_USERNAME}; grant all privileges on %1$s_rv to ${HSADMINNG_POSTGRES_RESTRICTED_USERNAME};
$sql$, targetTable, orderBy); $sql$, targetTable, orderBy);
execute sql; execute sql;