introduce separate database-schemas base+rbac (#103)

Co-authored-by: Michael Hoennig <michael@hoennig.de>
Co-authored-by: Michael Hönnig <michael@hoennig.de>
Reviewed-on: https://dev.hostsharing.net/hostsharing/hs.hsadmin.ng/pulls/103
Reviewed-by: Marc Sandlus <marc.sandlus@hostsharing.net>

src/main/resources/db/changelog/5-hs-office/505-bankaccount/5050-hs-office-bankaccount.sql

@@ -1,11 +1,11 @@
 
 -- ============================================================================
---changeset hs-office-bankaccount-MAIN-TABLE:1 endDelimiter:--//
+--changeset michael.hoennig:hs-office-bankaccount-MAIN-TABLE endDelimiter:--//
 -- ----------------------------------------------------------------------------
 
 create table hs_office_bankaccount
 (
-    uuid                uuid unique references RbacObject (uuid) initially deferred,
+    uuid                uuid unique references rbac.object (uuid) initially deferred,
     version             int not null default 0,
     holder              varchar(64) not null,
     iban                varchar(34) not null,
@@ -15,8 +15,8 @@ create table hs_office_bankaccount
 
 
 -- ============================================================================
---changeset hs-office-bankaccount-MAIN-TABLE-JOURNAL:1 endDelimiter:--//
+--changeset michael.hoennig:hs-office-bankaccount-MAIN-TABLE-JOURNAL endDelimiter:--//
 -- ----------------------------------------------------------------------------
 
-call create_journal('hs_office_bankaccount');
+call base.create_journal('hs_office_bankaccount');
 --//

src/main/resources/db/changelog/5-hs-office/505-bankaccount/5053-hs-office-bankaccount-rbac.md

@@ -32,12 +32,12 @@ end
 user:creator ==> role:bankAccount:OWNER
 
 %% granting roles to roles
-role:global:ADMIN ==> role:bankAccount:OWNER
+role:rbac.global:ADMIN ==> role:bankAccount:OWNER
 role:bankAccount:OWNER ==> role:bankAccount:ADMIN
 role:bankAccount:ADMIN ==> role:bankAccount:REFERRER
 
 %% granting permissions to roles
-role:global:GUEST ==> perm:bankAccount:INSERT
+role:rbac.global:GUEST ==> perm:bankAccount:INSERT
 role:bankAccount:OWNER ==> perm:bankAccount:DELETE
 role:bankAccount:ADMIN ==> perm:bankAccount:UPDATE
 role:bankAccount:REFERRER ==> perm:bankAccount:SELECT

src/main/resources/db/changelog/5-hs-office/505-bankaccount/5053-hs-office-bankaccount-rbac.sql

@@ -3,21 +3,21 @@
 
 
 -- ============================================================================
---changeset hs-office-bankaccount-rbac-OBJECT:1 endDelimiter:--//
+--changeset RbacObjectGenerator:hs-office-bankaccount-rbac-OBJECT endDelimiter:--//
 -- ----------------------------------------------------------------------------
-call generateRelatedRbacObject('hs_office_bankaccount');
+call rbac.generateRelatedRbacObject('hs_office_bankaccount');
 --//
 
 
 -- ============================================================================
---changeset hs-office-bankaccount-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--//
+--changeset RbacRoleDescriptorsGenerator:hs-office-bankaccount-rbac-ROLE-DESCRIPTORS endDelimiter:--//
 -- ----------------------------------------------------------------------------
-call generateRbacRoleDescriptors('hsOfficeBankAccount', 'hs_office_bankaccount');
+call rbac.generateRbacRoleDescriptors('hsOfficeBankAccount', 'hs_office_bankaccount');
 --//
 
 
 -- ============================================================================
---changeset hs-office-bankaccount-rbac-insert-trigger:1 endDelimiter:--//
+--changeset RolesGrantsAndPermissionsGenerator:hs-office-bankaccount-rbac-insert-trigger endDelimiter:--//
 -- ----------------------------------------------------------------------------
 
 /*
@@ -32,28 +32,28 @@ create or replace procedure buildRbacSystemForHsOfficeBankAccount(
 declare
 
 begin
-    call enterTriggerForObjectUuid(NEW.uuid);
+    call rbac.enterTriggerForObjectUuid(NEW.uuid);
 
-    perform createRoleWithGrants(
+    perform rbac.defineRoleWithGrants(
         hsOfficeBankAccountOWNER(NEW),
             permissions => array['DELETE'],
-            incomingSuperRoles => array[globalADMIN()],
-            userUuids => array[currentUserUuid()]
+            incomingSuperRoles => array[rbac.globalADMIN()],
+            subjectUuids => array[rbac.currentSubjectUuid()]
     );
 
-    perform createRoleWithGrants(
+    perform rbac.defineRoleWithGrants(
         hsOfficeBankAccountADMIN(NEW),
             permissions => array['UPDATE'],
             incomingSuperRoles => array[hsOfficeBankAccountOWNER(NEW)]
     );
 
-    perform createRoleWithGrants(
+    perform rbac.defineRoleWithGrants(
         hsOfficeBankAccountREFERRER(NEW),
             permissions => array['SELECT'],
             incomingSuperRoles => array[hsOfficeBankAccountADMIN(NEW)]
     );
 
-    call leaveTriggerForObjectUuid(NEW.uuid);
+    call rbac.leaveTriggerForObjectUuid(NEW.uuid);
 end; $$;
 
 /*
@@ -77,10 +77,10 @@ execute procedure insertTriggerForHsOfficeBankAccount_tf();
 
 
 -- ============================================================================
---changeset hs-office-bankaccount-rbac-IDENTITY-VIEW:1 endDelimiter:--//
+--changeset RbacIdentityViewGenerator:hs-office-bankaccount-rbac-IDENTITY-VIEW endDelimiter:--//
 -- ----------------------------------------------------------------------------
 
-call generateRbacIdentityViewFromProjection('hs_office_bankaccount',
+call rbac.generateRbacIdentityViewFromProjection('hs_office_bankaccount',
     $idName$
         iban
     $idName$);
@@ -88,9 +88,9 @@ call generateRbacIdentityViewFromProjection('hs_office_bankaccount',
 
 
 -- ============================================================================
---changeset hs-office-bankaccount-rbac-RESTRICTED-VIEW:1 endDelimiter:--//
+--changeset RbacRestrictedViewGenerator:hs-office-bankaccount-rbac-RESTRICTED-VIEW endDelimiter:--//
 -- ----------------------------------------------------------------------------
-call generateRbacRestrictedView('hs_office_bankaccount',
+call rbac.generateRbacRestrictedView('hs_office_bankaccount',
     $orderBy$
         iban
     $orderBy$,

src/main/resources/db/changelog/5-hs-office/505-bankaccount/5058-hs-office-bankaccount-test-data.sql

@@ -2,7 +2,7 @@
 
 
 -- ============================================================================
---changeset hs-office-bankaccount-TEST-DATA-GENERATOR:1 endDelimiter:--//
+--changeset michael.hoennig:hs-office-bankaccount-TEST-DATA-GENERATOR endDelimiter:--//
 -- ----------------------------------------------------------------------------
 
 /*
@@ -13,9 +13,9 @@ create or replace procedure createHsOfficeBankAccountTestData(givenHolder varcha
 declare
     emailAddr varchar;
 begin
-    emailAddr = 'bankaccount-admin@' || cleanIdentifier(givenHolder) || '.example.com';
-    perform createRbacUser(emailAddr);
-    call defineContext('creating bankaccount test-data', null, emailAddr);
+    emailAddr = 'bankaccount-admin@' || base.cleanIdentifier(givenHolder) || '.example.com';
+    perform rbac.create_subject(emailAddr);
+    call base.defineContext('creating bankaccount test-data', null, emailAddr);
 
     raise notice 'creating test bankaccount: %', givenHolder;
     insert
@@ -26,12 +26,12 @@ end; $$;
 
 
 -- ============================================================================
---changeset hs-office-bankaccount-TEST-DATA-GENERATION:1 –context=dev,tc endDelimiter:--//
+--changeset michael.hoennig:hs-office-bankaccount-TEST-DATA-GENERATION –context=dev,tc endDelimiter:--//
 -- ----------------------------------------------------------------------------
 
 do language plpgsql $$
     begin
-        call defineContext('creating bankaccount test-data');
+        call base.defineContext('creating bankaccount test-data');
 
         -- IBANs+BICs taken from https://ibanvalidieren.de/beispiele.html
         call createHsOfficeBankAccountTestData('First GmbH', 'DE02120300000000202051', 'BYLADEM1001');