RBAC Diagram+PostgreSQL Generator and view->SELECT etc. refactoring (#21)

Co-authored-by: Michael Hoennig <michael@hoennig.de>
Reviewed-on: https://dev.hostsharing.net/hostsharing/hs.hsadmin.ng/pulls/21
Reviewed-by: Timotheus Pokorra <timotheus.pokorra@hostsharing.net>

sql/rbac-tests.sql

@@ -25,7 +25,7 @@ FROM queryAllRbacUsersWithPermissionsFor(findEffectivePermissionId('customer',
 select *
 FROM queryAllRbacUsersWithPermissionsFor(findEffectivePermissionId('package',
                                                           (SELECT uuid FROM RbacObject WHERE objectTable = 'package' LIMIT 1),
-                                                          'delete'));
+                                                          'DELETE'));
 
 DO LANGUAGE plpgsql
 $$
@@ -34,12 +34,12 @@ $$
         result bool;
     BEGIN
         userId = findRbacUser('superuser-alex@hostsharing.net');
-        result = (SELECT * FROM isPermissionGrantedToSubject(findEffectivePermissionId('package', 94928, 'add-package'), userId));
+        result = (SELECT * FROM isPermissionGrantedToSubject(findPermissionId('package', 94928, 'add-package'), userId));
         IF (result) THEN
             RAISE EXCEPTION 'expected permission NOT to be granted, but it is';
         end if;
 
-        result = (SELECT * FROM isPermissionGrantedToSubject(findEffectivePermissionId('package', 94928, 'view'), userId));
+        result = (SELECT * FROM isPermissionGrantedToSubject(findPermissionId('package', 94928, 'SELECT'), userId));
         IF (NOT result) THEN
             RAISE EXCEPTION 'expected permission to be granted, but it is NOT';
         end if;

sql/rbac-view-option-experiments.sql

@@ -20,7 +20,7 @@ CREATE POLICY customer_policy ON customer
     TO restricted
     USING (
         -- id=1000
-        isPermissionGrantedToSubject(findEffectivePermissionId('test_customer', id, 'view'), currentUserUuid())
+        isPermissionGrantedToSubject(findEffectivePermissionId('test_customer', id, 'SELECT'), currentUserUuid())
     );
 
 SET SESSION AUTHORIZATION restricted;
@@ -35,7 +35,7 @@ SELECT * FROM customer;
 CREATE OR REPLACE RULE "_RETURN" AS
     ON SELECT TO cust_view
     DO INSTEAD
-    SELECT * FROM customer WHERE isPermissionGrantedToSubject(findEffectivePermissionId('test_customer', id, 'view'), currentUserUuid());
+    SELECT * FROM customer WHERE isPermissionGrantedToSubject(findEffectivePermissionId('test_customer', id, 'SELECT'), currentUserUuid());
 SELECT * from cust_view LIMIT 10;
 
 select queryAllPermissionsOfSubjectId(findRbacUser('superuser-alex@hostsharing.net'));
@@ -52,7 +52,7 @@ CREATE OR REPLACE RULE "_RETURN" AS
     DO INSTEAD
     SELECT c.uuid, c.reference, c.prefix FROM customer AS c
       JOIN queryAllPermissionsOfSubjectId(currentUserUuid()) AS p
-           ON p.objectTable='test_customer' AND p.objectUuid=c.uuid AND p.op in ('*', 'view');
+           ON p.objectTable='test_customer' AND p.objectUuid=c.uuid;
 GRANT ALL PRIVILEGES ON cust_view TO restricted;
 
 SET SESSION SESSION AUTHORIZATION restricted;
@@ -68,7 +68,7 @@ CREATE OR REPLACE VIEW cust_view AS
     SELECT c.uuid, c.reference, c.prefix
       FROM customer AS c
       JOIN queryAllPermissionsOfSubjectId(currentUserUuid()) AS p
-           ON p.objectUuid=c.uuid AND p.op in ('*', 'view');
+           ON p.objectUuid=c.uuid;
 GRANT ALL PRIVILEGES ON cust_view TO restricted;
 
 SET SESSION SESSION AUTHORIZATION restricted;
@@ -81,7 +81,7 @@ select rr.uuid, rr.type from RbacGrants g
     join RbacReference RR on g.ascendantUuid = RR.uuid
     where g.descendantUuid in (
         select uuid from queryAllPermissionsOfSubjectId(findRbacUser('alex@example.com'))
-            where objectTable='test_customer' and op in ('*', 'view'));
+            where objectTable='test_customer');
 
 call grantRoleToUser(findRoleId('test_customer#aaa.admin'), findRbacUser('aaaaouq@example.com'));