hostsharing/hs.hsadmin.ng
1
0
Fork 0
Code Activity

introduce separate database schema-test and amend RBAC generators for schema-generation (#104)

Browse Source 
Co-authored-by: Michael Hoennig <michael@hoennig.de>
Reviewed-on: https://dev.hostsharing.net/hostsharing/hs.hsadmin.ng/pulls/104
Reviewed-by: Marc Sandlus <marc.sandlus@hostsharing.net>
This commit is contained in:
Michael Hoennig
2024-09-17 14:21:43 +02:00
parent 1eed0e9b21
commit 285e6fbeb5
57 changed files with 599 additions and 525 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
src/main/resources/db/changelog/0-base/007-table-columns.sql
View File

@@ -6,15 +6,31 @@
--changeset michael.hoennig:table-columns-function endDelimiter:--//
-- ----------------------------------------------------------------------------
create or replace function base.tableColumnNames( tableName text )
create or replace function base.tableColumnNames( ofTableName text )
returns text
stable
language 'plpgsql' as $$
declare columns text[];
declare
tableName text;
tableSchema text;
columns text[];
begin
tableSchema := CASE
WHEN position('.' in ofTableName) > 0 THEN split_part(ofTableName, '.', 1)
ELSE 'public'
END;
tableName := CASE
WHEN position('.' in ofTableName) > 0 THEN split_part(ofTableName, '.', 2)
ELSE ofTableName
END;
columns := (select array(select column_name::text
from information_schema.columns
where table_name = tableName));
from information_schema.columns
where table_name = tableName
and table_schema = tableSchema));
assert cardinality(columns) > 0, 'cannot determine columns of table ' || ofTableName ||
'("' || tableSchema || '"."' || tableName || '")';
return array_to_string(columns, ', ');
end; $$
--//

1
src/main/resources/db/changelog/0-base/010-context.sql
View File

@@ -127,6 +127,7 @@ begin
end; $$;
--//
-- ============================================================================
--changeset michael.hoennig:context-base.ASSUMED-ROLES endDelimiter:--//
-- ----------------------------------------------------------------------------

18
src/main/resources/db/changelog/0-base/011-table-schema-and-name.sql Normal file
View File

@@ -0,0 +1,18 @@
--liquibase formatted sql
-- ============================================================================
--changeset michael.hoennig:base-COMBINE-TABLE-SCHEMA-AND-NAME endDelimiter:--//
-- ----------------------------------------------------------------------------
create or replace function base.combine_table_schema_and_name(tableSchema name, tableName name)
returns text
language plpgsql as $$
begin
if tableSchema is null or tableSchema = 'public' or tableSchema = '' then
return tableName::text;
else
return tableSchema::text || '.' || tableName::text;
end if;
end; $$;
--//

0
src/main/resources/db/changelog/0-base/011-table-schema-and-name.sql Normal file
View File

16
src/main/resources/db/changelog/0-base/020-audit-log.sql
View File

@@ -77,9 +77,11 @@ create or replace function base.tx_journal_trigger()
declare
curTask text;
curTxId xid8;
tableSchemaAndName text;
begin
curTask := base.currentTask();
curTxId := pg_current_xact_id();
tableSchemaAndName := base.combine_table_schema_and_name(tg_table_schema, tg_table_name);
insert
into base.tx_context (txId, txTimestamp, currentSubject, assumedRoles, currentTask, currentRequest)
@@ -90,20 +92,20 @@ begin
case tg_op
when 'INSERT' then insert
into base.tx_journal
values (curTxId,
tg_table_name, new.uuid, tg_op::base.tx_operation,
values (curTxId, tableSchemaAndName,
new.uuid, tg_op::base.tx_operation,
to_jsonb(new));
when 'UPDATE' then insert
into base.tx_journal
values (curTxId,
tg_table_name, old.uuid, tg_op::base.tx_operation,
values (curTxId, tableSchemaAndName,
old.uuid, tg_op::base.tx_operation,
base.jsonb_changes_delta(to_jsonb(old), to_jsonb(new)));
when 'DELETE' then insert
into base.tx_journal
values (curTxId,
tg_table_name, old.uuid, 'DELETE'::base.tx_operation,
values (curTxId,tableSchemaAndName,
old.uuid, 'DELETE'::base.tx_operation,
null::jsonb);
else raise exception 'Trigger op % not supported for %.', tg_op, tg_table_name;
else raise exception 'Trigger op % not supported for %.', tg_op, tableSchemaAndName;
end case;
return null;
end; $$;

4
src/main/resources/db/changelog/0-base/030-historization.sql
View File

@@ -81,8 +81,8 @@ begin
"alive" := false;
end if;
sql := format('INSERT INTO %3$I_ex VALUES (DEFAULT, pg_current_xact_id(), %1$L, %2$L, $1.*)', TG_OP, alive, TG_TABLE_NAME);
raise notice 'sql: %', sql;
sql := format('INSERT INTO %3$I_ex VALUES (DEFAULT, pg_current_xact_id(), %1$L, %2$L, $1.*)',
TG_OP, alive, base.combine_table_schema_and_name(tg_table_schema, tg_table_name)::name);
execute sql using "row";
return "row";

8
src/main/resources/db/changelog/1-rbac/1050-rbac-base.sql
View File

@@ -3,9 +3,7 @@
-- ============================================================================
--changeset michael.hoennig:rbac-base-REFERENCE endDelimiter:--//
-- ----------------------------------------------------------------------------
/*
*/
create type rbac.ReferenceType as enum ('rbac.subject', 'rbac.role', 'rbac.permission');
create table rbac.reference
@@ -120,18 +118,20 @@ create or replace function rbac.insert_related_object()
strict as $$
declare
objectUuid uuid;
tableSchemaAndName text;
begin
tableSchemaAndName := base.combine_table_schema_and_name(TG_TABLE_SCHEMA, TG_TABLE_NAME);
if TG_OP = 'INSERT' then
if NEW.uuid is null then
insert
into rbac.object (objectTable)
values (TG_TABLE_NAME)
values (tableSchemaAndName)
returning uuid into objectUuid;
NEW.uuid = objectUuid;
else
insert
into rbac.object (uuid, objectTable)
values (NEW.uuid, TG_TABLE_NAME)
values (NEW.uuid, tableSchemaAndName)
returning uuid into objectUuid;
end if;
return NEW;

54
src/main/resources/db/changelog/1-rbac/1058-rbac-generators.sql
View File

@@ -8,26 +8,40 @@
create or replace procedure rbac.generateRelatedRbacObject(targetTable varchar)
language plpgsql as $$
declare
targetTableName text;
targetSchemaPrefix text;
createInsertTriggerSQL text;
createDeleteTriggerSQL text;
begin
if POSITION('.' IN targetTable) > 0 then
targetSchemaPrefix := SPLIT_PART(targetTable, '.', 1) || '.';
targetTableName := SPLIT_PART(targetTable, '.', 2);
else
targetSchemaPrefix := '';
targetTableName := targetTable;
end if;
if targetSchemaPrefix = '' and targetTableName = 'customer' then
raise exception 'missing targetShemaPrefix: %', targetTable;
end if;
createInsertTriggerSQL = format($sql$
create trigger createRbacObjectFor_%s_Trigger
before insert on %s
create trigger createRbacObjectFor_%s_insert_tg_1058_25
before insert on %s%s
for each row
execute procedure rbac.insert_related_object();
$sql$, targetTable, targetTable);
$sql$, targetTableName, targetSchemaPrefix, targetTableName);
execute createInsertTriggerSQL;
createDeleteTriggerSQL = format($sql$
create trigger delete_related_rbac_rules_for_%s_tg
after delete
on %s
create trigger createRbacObjectFor_%s_delete_tg_1058_35
after delete on %s%s
for each row
execute procedure rbac.delete_related_rbac_rules_tf();
$sql$, targetTable, targetTable);
$sql$, targetTableName, targetSchemaPrefix, targetTableName);
execute createDeleteTriggerSQL;
end; $$;
end;
$$;
--//
@@ -176,7 +190,7 @@ begin
*/
sql := format($sql$
create or replace view %1$s_rv as
with accessible_%1$s_uuids as (
with accessible_uuids as (
with recursive
recursive_grants as
(select distinct rbac.grants.descendantuuid,
@@ -209,7 +223,7 @@ begin
)
select target.*
from %1$s as target
where target.uuid in (select * from accessible_%1$s_uuids)
where target.uuid in (select * from accessible_uuids)
order by %2$s;
grant all privileges on %1$s_rv to ${HSADMINNG_POSTGRES_RESTRICTED_USERNAME};
@@ -219,9 +233,9 @@ begin
/**
Instead of insert trigger function for the restricted view.
*/
newColumns := 'new.' || replace(columnNames, ',', ', new.');
newColumns := 'new.' || replace(columnNames, ', ', ', new.');
sql := format($sql$
create or replace function %1$sInsert()
create function %1$s_instead_of_insert_tf()
returns trigger
language plpgsql as $f$
declare
@@ -240,11 +254,11 @@ begin
Creates an instead of insert trigger for the restricted view.
*/
sql := format($sql$
create trigger %1$sInsert_tg
create trigger instead_of_insert_tg
instead of insert
on %1$s_rv
for each row
execute function %1$sInsert();
execute function %1$s_instead_of_insert_tf();
$sql$, targetTable);
execute sql;
@@ -252,7 +266,7 @@ begin
Instead of delete trigger function for the restricted view.
*/
sql := format($sql$
create or replace function %1$sDelete()
create function %1$s_instead_of_delete_tf()
returns trigger
language plpgsql as $f$
begin
@@ -269,11 +283,11 @@ begin
Creates an instead of delete trigger for the restricted view.
*/
sql := format($sql$
create trigger %1$sDelete_tg
create trigger instead_of_delete_tg
instead of delete
on %1$s_rv
for each row
execute function %1$sDelete();
execute function %1$s_instead_of_delete_tf();
$sql$, targetTable);
execute sql;
@@ -283,7 +297,7 @@ begin
*/
if columnUpdates is not null then
sql := format($sql$
create or replace function %1$sUpdate()
create function %1$s_instead_of_update_tf()
returns trigger
language plpgsql as $f$
begin
@@ -302,11 +316,11 @@ begin
Creates an instead of delete trigger for the restricted view.
*/
sql = format($sql$
create trigger %1$sUpdate_tg
create trigger instead_of_update_tg
instead of update
on %1$s_rv
for each row
execute function %1$sUpdate();
execute function %1$s_instead_of_update_tf();
$sql$, targetTable);
execute sql;
end if;

8
src/main/resources/db/changelog/2-rbactest/200-rbactest-schema.sql Normal file
View File

@@ -0,0 +1,8 @@
--liquibase formatted sql
-- ============================================================================
--changeset michael.hoennig:rbactest-SCHEMA endDelimiter:--//
-- ----------------------------------------------------------------------------
CREATE SCHEMA rbactest; -- just 'test' does not work, databasechangelog gets emptied or deleted
--//

2
src/main/resources/db/changelog/2-test/201-test-customer/2010-test-customer.sql → src/main/resources/db/changelog/2-rbactest/201-rbactest-customer/2010-rbactest-customer.sql
View File

@@ -4,7 +4,7 @@
--changeset michael.hoennig:test-customer-MAIN-TABLE endDelimiter:--//
-- ----------------------------------------------------------------------------
create table if not exists test_customer
create table if not exists rbactest.customer
(
uuid uuid unique references rbac.object (uuid),
version int not null default 0,

0
src/main/resources/db/changelog/2-test/201-test-customer/2013-test-customer-rbac.md → src/main/resources/db/changelog/2-rbactest/201-rbactest-customer/2013-rbactest-customer-rbac.md
View File

56
src/main/resources/db/changelog/2-test/201-test-customer/2013-test-customer-rbac.sql → src/main/resources/db/changelog/2-rbactest/201-rbactest-customer/2013-rbactest-customer-rbac.sql
View File

@@ -3,21 +3,21 @@
-- ============================================================================
--changeset RbacObjectGenerator:test-customer-rbac-OBJECT endDelimiter:--//
--changeset RbacObjectGenerator:rbactest-customer-rbac-OBJECT endDelimiter:--//
-- ----------------------------------------------------------------------------
call rbac.generateRelatedRbacObject('test_customer');
call rbac.generateRelatedRbacObject('rbactest.customer');
--//
-- ============================================================================
--changeset RbacRoleDescriptorsGenerator:test-customer-rbac-ROLE-DESCRIPTORS endDelimiter:--//
--changeset RbacRoleDescriptorsGenerator:rbactest-customer-rbac-ROLE-DESCRIPTORS endDelimiter:--//
-- ----------------------------------------------------------------------------
call rbac.generateRbacRoleDescriptors('testCustomer', 'test_customer');
call rbac.generateRbacRoleDescriptors('testCustomer', 'rbactest.customer');
--//
-- ============================================================================
--changeset RolesGrantsAndPermissionsGenerator:test-customer-rbac-insert-trigger endDelimiter:--//
--changeset RolesGrantsAndPermissionsGenerator:rbactest-customer-rbac-insert-trigger endDelimiter:--//
-- ----------------------------------------------------------------------------
/*
@@ -25,7 +25,7 @@ call rbac.generateRbacRoleDescriptors('testCustomer', 'test_customer');
*/
create or replace procedure buildRbacSystemForTestCustomer(
NEW test_customer
NEW rbactest.customer
)
language plpgsql as $$
@@ -57,7 +57,7 @@ begin
end; $$;
/*
AFTER INSERT TRIGGER to create the role+grant structure for a new test_customer row.
AFTER INSERT TRIGGER to create the role+grant structure for a new rbactest.customer row.
*/
create or replace function insertTriggerForTestCustomer_tf()
@@ -70,68 +70,68 @@ begin
end; $$;
create trigger insertTriggerForTestCustomer_tg
after insert on test_customer
after insert on rbactest.customer
for each row
execute procedure insertTriggerForTestCustomer_tf();
--//
-- ============================================================================
--changeset InsertTriggerGenerator:test-customer-rbac-GRANTING-INSERT-PERMISSION endDelimiter:--//
--changeset InsertTriggerGenerator:rbactest-customer-rbac-GRANTING-INSERT-PERMISSION endDelimiter:--//
-- ----------------------------------------------------------------------------
-- granting INSERT permission to rbac.global ----------------------------
/*
Grants INSERT INTO test_customer permissions to specified role of pre-existing rbac.global rows.
Grants INSERT INTO rbactest.customer permissions to specified role of pre-existing rbac.global rows.
*/
do language plpgsql $$
declare
row rbac.global;
begin
call base.defineContext('create INSERT INTO test_customer permissions for pre-exising rbac.global rows');
call base.defineContext('create INSERT INTO rbactest.customer permissions for pre-exising rbac.global rows');
FOR row IN SELECT * FROM rbac.global
-- unconditional for all rows in that table
LOOP
call rbac.grantPermissionToRole(
rbac.createPermission(row.uuid, 'INSERT', 'test_customer'),
rbac.createPermission(row.uuid, 'INSERT', 'rbactest.customer'),
rbac.globalADMIN());
END LOOP;
end;
$$;
/**
Grants test_customer INSERT permission to specified role of new global rows.
Grants rbactest.customer INSERT permission to specified role of new global rows.
*/
create or replace function rbac.new_test_customer_grants_insert_to_global_tf()
create or replace function rbactest.new_customer_grants_insert_to_global_tf()
returns trigger
language plpgsql
strict as $$
begin
-- unconditional for all rows in that table
call rbac.grantPermissionToRole(
rbac.createPermission(NEW.uuid, 'INSERT', 'test_customer'),
rbac.createPermission(NEW.uuid, 'INSERT', 'rbactest.customer'),
rbac.globalADMIN());
-- end.
return NEW;
end; $$;
-- z_... is to put it at the end of after insert triggers, to make sure the roles exist
create trigger z_new_test_customer_grants_after_insert_tg
create trigger z_new_customer_grants_after_insert_tg
after insert on rbac.global
for each row
execute procedure rbac.new_test_customer_grants_insert_to_global_tf();
execute procedure rbactest.new_customer_grants_insert_to_global_tf();
-- ============================================================================
--changeset InsertTriggerGenerator:test_customer-rbac-CHECKING-INSERT-PERMISSION endDelimiter:--//
--changeset InsertTriggerGenerator:rbactest-customer-rbac-CHECKING-INSERT-PERMISSION endDelimiter:--//
-- ----------------------------------------------------------------------------
/**
Checks if the user respectively the assumed roles are allowed to insert a row to test_customer.
Checks if the user respectively the assumed roles are allowed to insert a row to rbactest.customer.
*/
create or replace function test_customer_insert_permission_check_tf()
create or replace function rbactest.customer_insert_permission_check_tf()
returns trigger
language plpgsql as $$
declare
@@ -142,22 +142,22 @@ begin
return NEW;
end if;
raise exception '[403] insert into test_customer values(%) not allowed for current subjects % (%)',
raise exception '[403] insert into rbactest.customer values(%) not allowed for current subjects % (%)',
NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
end; $$;
create trigger test_customer_insert_permission_check_tg
before insert on test_customer
create trigger customer_insert_permission_check_tg
before insert on rbactest.customer
for each row
execute procedure test_customer_insert_permission_check_tf();
execute procedure rbactest.customer_insert_permission_check_tf();
--//
-- ============================================================================
--changeset RbacIdentityViewGenerator:test-customer-rbac-IDENTITY-VIEW endDelimiter:--//
--changeset RbacIdentityViewGenerator:rbactest-customer-rbac-IDENTITY-VIEW endDelimiter:--//
-- ----------------------------------------------------------------------------
call rbac.generateRbacIdentityViewFromProjection('test_customer',
call rbac.generateRbacIdentityViewFromProjection('rbactest.customer',
$idName$
prefix
$idName$);
@@ -165,9 +165,9 @@ call rbac.generateRbacIdentityViewFromProjection('test_customer',
-- ============================================================================
--changeset RbacRestrictedViewGenerator:test-customer-rbac-RESTRICTED-VIEW endDelimiter:--//
--changeset RbacRestrictedViewGenerator:rbactest-customer-rbac-RESTRICTED-VIEW endDelimiter:--//
-- ----------------------------------------------------------------------------
call rbac.generateRbacRestrictedView('test_customer',
call rbac.generateRbacRestrictedView('rbactest.customer',
$orderBy$
reference
$orderBy$,

6
src/main/resources/db/changelog/2-test/201-test-customer/2018-test-customer-test-data.sql → src/main/resources/db/changelog/2-rbactest/201-rbactest-customer/2018-rbactest-customer-test-data.sql
View File

@@ -28,18 +28,18 @@ declare
custRowId uuid;
custAdminName varchar;
custAdminUuid uuid;
newCust test_customer;
newCust rbactest.customer;
begin
custRowId = uuid_generate_v4();
custAdminName = 'customer-admin@' || custPrefix || '.example.com';
custAdminUuid = rbac.create_subject(custAdminName);
insert
into test_customer (reference, prefix, adminUserName)
into rbactest.customer (reference, prefix, adminUserName)
values (custReference, custPrefix, custAdminName);
select * into newCust
from test_customer where reference=custReference;
from rbactest.customer where reference=custReference;
call rbac.grantRoleToSubject(
rbac.getRoleId(testCustomerOwner(newCust)),
rbac.getRoleId(testCustomerAdmin(newCust)),

4
src/main/resources/db/changelog/2-test/202-test-package/2020-test-package.sql → src/main/resources/db/changelog/2-rbactest/202-rbactest-package/2020-rbactest-package.sql
View File

@@ -4,11 +4,11 @@
--changeset michael.hoennig:test-package-MAIN-TABLE endDelimiter:--//
-- ----------------------------------------------------------------------------
create table if not exists test_package
create table if not exists rbactest.package
(
uuid uuid unique references rbac.object (uuid),
version int not null default 0,
customerUuid uuid references test_customer (uuid),
customerUuid uuid references rbactest.customer (uuid),
name varchar(5),
description varchar(96)
);

0
src/main/resources/db/changelog/2-test/202-test-package/2023-test-package-rbac.md → src/main/resources/db/changelog/2-rbactest/202-rbactest-package/2023-rbactest-package-rbac.md
View File

88
src/main/resources/db/changelog/2-test/202-test-package/2023-test-package-rbac.sql → src/main/resources/db/changelog/2-rbactest/202-rbactest-package/2023-rbactest-package-rbac.sql
View File

@@ -3,21 +3,21 @@
-- ============================================================================
--changeset RbacObjectGenerator:test-package-rbac-OBJECT endDelimiter:--//
--changeset RbacObjectGenerator:rbactest-package-rbac-OBJECT endDelimiter:--//
-- ----------------------------------------------------------------------------
call rbac.generateRelatedRbacObject('test_package');
call rbac.generateRelatedRbacObject('rbactest.package');
--//
-- ============================================================================
--changeset RbacRoleDescriptorsGenerator:test-package-rbac-ROLE-DESCRIPTORS endDelimiter:--//
--changeset RbacRoleDescriptorsGenerator:rbactest-package-rbac-ROLE-DESCRIPTORS endDelimiter:--//
-- ----------------------------------------------------------------------------
call rbac.generateRbacRoleDescriptors('testPackage', 'test_package');
call rbac.generateRbacRoleDescriptors('testPackage', 'rbactest.package');
--//
-- ============================================================================
--changeset RolesGrantsAndPermissionsGenerator:test-package-rbac-insert-trigger endDelimiter:--//
--changeset RolesGrantsAndPermissionsGenerator:rbactest-package-rbac-insert-trigger endDelimiter:--//
-- ----------------------------------------------------------------------------
/*
@@ -25,17 +25,17 @@ call rbac.generateRbacRoleDescriptors('testPackage', 'test_package');
*/
create or replace procedure buildRbacSystemForTestPackage(
NEW test_package
NEW rbactest.package
)
language plpgsql as $$
declare
newCustomer test_customer;
newCustomer rbactest.customer;
begin
call rbac.enterTriggerForObjectUuid(NEW.uuid);
SELECT * FROM test_customer WHERE uuid = NEW.customerUuid INTO newCustomer;
SELECT * FROM rbactest.customer WHERE uuid = NEW.customerUuid INTO newCustomer;
assert newCustomer.uuid is not null, format('newCustomer must not be null for NEW.customerUuid = %s', NEW.customerUuid);
@@ -61,7 +61,7 @@ begin
end; $$;
/*
AFTER INSERT TRIGGER to create the role+grant structure for a new test_package row.
AFTER INSERT TRIGGER to create the role+grant structure for a new rbactest.package row.
*/
create or replace function insertTriggerForTestPackage_tf()
@@ -74,14 +74,14 @@ begin
end; $$;
create trigger insertTriggerForTestPackage_tg
after insert on test_package
after insert on rbactest.package
for each row
execute procedure insertTriggerForTestPackage_tf();
--//
-- ============================================================================
--changeset RolesGrantsAndPermissionsGenerator:test-package-rbac-update-trigger endDelimiter:--//
--changeset RolesGrantsAndPermissionsGenerator:rbactest-package-rbac-update-trigger endDelimiter:--//
-- ----------------------------------------------------------------------------
/*
@@ -89,22 +89,22 @@ execute procedure insertTriggerForTestPackage_tf();
*/
create or replace procedure updateRbacRulesForTestPackage(
OLD test_package,
NEW test_package
OLD rbactest.package,
NEW rbactest.package
)
language plpgsql as $$
declare
oldCustomer test_customer;
newCustomer test_customer;
oldCustomer rbactest.customer;
newCustomer rbactest.customer;
begin
call rbac.enterTriggerForObjectUuid(NEW.uuid);
SELECT * FROM test_customer WHERE uuid = OLD.customerUuid INTO oldCustomer;
SELECT * FROM rbactest.customer WHERE uuid = OLD.customerUuid INTO oldCustomer;
assert oldCustomer.uuid is not null, format('oldCustomer must not be null for OLD.customerUuid = %s', OLD.customerUuid);
SELECT * FROM test_customer WHERE uuid = NEW.customerUuid INTO newCustomer;
SELECT * FROM rbactest.customer WHERE uuid = NEW.customerUuid INTO newCustomer;
assert newCustomer.uuid is not null, format('newCustomer must not be null for NEW.customerUuid = %s', NEW.customerUuid);
@@ -122,7 +122,7 @@ begin
end; $$;
/*
AFTER INSERT TRIGGER to re-wire the grant structure for a new test_package row.
AFTER INSERT TRIGGER to re-wire the grant structure for a new rbactest.package row.
*/
create or replace function updateTriggerForTestPackage_tf()
@@ -135,94 +135,94 @@ begin
end; $$;
create trigger updateTriggerForTestPackage_tg
after update on test_package
after update on rbactest.package
for each row
execute procedure updateTriggerForTestPackage_tf();
--//
-- ============================================================================
--changeset InsertTriggerGenerator:test-package-rbac-GRANTING-INSERT-PERMISSION endDelimiter:--//
--changeset InsertTriggerGenerator:rbactest-package-rbac-GRANTING-INSERT-PERMISSION endDelimiter:--//
-- ----------------------------------------------------------------------------
-- granting INSERT permission to test_customer ----------------------------
-- granting INSERT permission to rbactest.customer ----------------------------
/*
Grants INSERT INTO test_package permissions to specified role of pre-existing test_customer rows.
Grants INSERT INTO rbactest.package permissions to specified role of pre-existing rbactest.customer rows.
*/
do language plpgsql $$
declare
row test_customer;
row rbactest.customer;
begin
call base.defineContext('create INSERT INTO test_package permissions for pre-exising test_customer rows');
call base.defineContext('create INSERT INTO rbactest.package permissions for pre-exising rbactest.customer rows');
FOR row IN SELECT * FROM test_customer
FOR row IN SELECT * FROM rbactest.customer
-- unconditional for all rows in that table
LOOP
call rbac.grantPermissionToRole(
rbac.createPermission(row.uuid, 'INSERT', 'test_package'),
rbac.createPermission(row.uuid, 'INSERT', 'rbactest.package'),
testCustomerADMIN(row));
END LOOP;
end;
$$;
/**
Grants test_package INSERT permission to specified role of new test_customer rows.
Grants rbactest.package INSERT permission to specified role of new customer rows.
*/
create or replace function new_test_package_grants_insert_to_test_customer_tf()
create or replace function rbactest.new_package_grants_insert_to_customer_tf()
returns trigger
language plpgsql
strict as $$
begin
-- unconditional for all rows in that table
call rbac.grantPermissionToRole(
rbac.createPermission(NEW.uuid, 'INSERT', 'test_package'),
rbac.createPermission(NEW.uuid, 'INSERT', 'rbactest.package'),
testCustomerADMIN(NEW));
-- end.
return NEW;
end; $$;
-- z_... is to put it at the end of after insert triggers, to make sure the roles exist
create trigger z_new_test_package_grants_after_insert_tg
after insert on test_customer
create trigger z_new_package_grants_after_insert_tg
after insert on rbactest.customer
for each row
execute procedure new_test_package_grants_insert_to_test_customer_tf();
execute procedure rbactest.new_package_grants_insert_to_customer_tf();
-- ============================================================================
--changeset InsertTriggerGenerator:test_package-rbac-CHECKING-INSERT-PERMISSION endDelimiter:--//
--changeset InsertTriggerGenerator:rbactest-package-rbac-CHECKING-INSERT-PERMISSION endDelimiter:--//
-- ----------------------------------------------------------------------------
/**
Checks if the user respectively the assumed roles are allowed to insert a row to test_package.
Checks if the user respectively the assumed roles are allowed to insert a row to rbactest.package.
*/
create or replace function test_package_insert_permission_check_tf()
create or replace function rbactest.package_insert_permission_check_tf()
returns trigger
language plpgsql as $$
declare
superObjectUuid uuid;
begin
-- check INSERT permission via direct foreign key: NEW.customerUuid
if rbac.hasInsertPermission(NEW.customerUuid, 'test_package') then
if rbac.hasInsertPermission(NEW.customerUuid, 'rbactest.package') then
return NEW;
end if;
raise exception '[403] insert into test_package values(%) not allowed for current subjects % (%)',
raise exception '[403] insert into rbactest.package values(%) not allowed for current subjects % (%)',
NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
end; $$;
create trigger test_package_insert_permission_check_tg
before insert on test_package
create trigger package_insert_permission_check_tg
before insert on rbactest.package
for each row
execute procedure test_package_insert_permission_check_tf();
execute procedure rbactest.package_insert_permission_check_tf();
--//
-- ============================================================================
--changeset RbacIdentityViewGenerator:test-package-rbac-IDENTITY-VIEW endDelimiter:--//
--changeset RbacIdentityViewGenerator:rbactest-package-rbac-IDENTITY-VIEW endDelimiter:--//
-- ----------------------------------------------------------------------------
call rbac.generateRbacIdentityViewFromProjection('test_package',
call rbac.generateRbacIdentityViewFromProjection('rbactest.package',
$idName$
name
$idName$);
@@ -230,9 +230,9 @@ call rbac.generateRbacIdentityViewFromProjection('test_package',
-- ============================================================================
--changeset RbacRestrictedViewGenerator:test-package-rbac-RESTRICTED-VIEW endDelimiter:--//
--changeset RbacRestrictedViewGenerator:rbactest-package-rbac-RESTRICTED-VIEW endDelimiter:--//
-- ----------------------------------------------------------------------------
call rbac.generateRbacRestrictedView('test_package',
call rbac.generateRbacRestrictedView('rbactest.package',
$orderBy$
name
$orderBy$,

14
src/main/resources/db/changelog/2-test/202-test-package/2028-test-package-test-data.sql → src/main/resources/db/changelog/2-rbactest/202-rbactest-package/2028-rbactest-package-test-data.sql
View File

@@ -9,23 +9,23 @@
create or replace procedure createPackageTestData(customerPrefix varchar, pacCount int)
language plpgsql as $$
declare
cust test_customer;
cust rbactest.customer;
custAdminUser varchar;
custAdminRole varchar;
pacName varchar;
pac test_package;
pac rbactest.package;
begin
select * from test_customer where test_customer.prefix = customerPrefix into cust;
select * from rbactest.customer where rbactest.customer.prefix = customerPrefix into cust;
for t in 0..(pacCount-1)
loop
pacName = cust.prefix || to_char(t, 'fm00');
custAdminUser = 'customer-admin@' || cust.prefix || '.example.com';
custAdminRole = 'test_customer#' || cust.prefix || ':ADMIN';
custAdminRole = 'rbactest.customer#' || cust.prefix || ':ADMIN';
call base.defineContext('creating RBAC test package', null, 'superuser-fran@hostsharing.net', custAdminRole);
insert
into test_package (customerUuid, name, description)
into rbactest.package (customerUuid, name, description)
values (cust.uuid, pacName, 'Here you can add your own description of package ' || pacName || '.')
returning * into pac;
@@ -44,9 +44,9 @@ end; $$;
create or replace procedure createPackageTestData()
language plpgsql as $$
declare
cust test_customer;
cust rbactest.customer;
begin
for cust in (select * from test_customer)
for cust in (select * from rbactest.customer)
loop
continue when cust.reference >= 90000; -- reserved for functional testing
call createPackageTestData(cust.prefix, 3);

4
src/main/resources/db/changelog/2-test/203-test-domain/2030-test-domain.sql → src/main/resources/db/changelog/2-rbactest/203-rbactest-domain/2030-rbactest-domain.sql
View File

@@ -4,10 +4,10 @@
--changeset michael.hoennig:test-domain-MAIN-TABLE endDelimiter:--//
-- ----------------------------------------------------------------------------
create table if not exists test_domain
create table if not exists rbactest.domain
(
uuid uuid unique references rbac.object (uuid),
packageUuid uuid references test_package (uuid),
packageUuid uuid references rbactest.package (uuid),
name character varying(253),
description character varying(96)
);

0
src/main/resources/db/changelog/2-test/203-test-domain/2033-test-domain-rbac.md → src/main/resources/db/changelog/2-rbactest/203-rbactest-domain/2033-rbactest-domain-rbac.md
View File

88
src/main/resources/db/changelog/2-test/203-test-domain/2033-test-domain-rbac.sql → src/main/resources/db/changelog/2-rbactest/203-rbactest-domain/2033-rbactest-domain-rbac.sql
View File

@@ -3,21 +3,21 @@
-- ============================================================================
--changeset RbacObjectGenerator:test-domain-rbac-OBJECT endDelimiter:--//
--changeset RbacObjectGenerator:rbactest-domain-rbac-OBJECT endDelimiter:--//
-- ----------------------------------------------------------------------------
call rbac.generateRelatedRbacObject('test_domain');
call rbac.generateRelatedRbacObject('rbactest.domain');
--//
-- ============================================================================
--changeset RbacRoleDescriptorsGenerator:test-domain-rbac-ROLE-DESCRIPTORS endDelimiter:--//
--changeset RbacRoleDescriptorsGenerator:rbactest-domain-rbac-ROLE-DESCRIPTORS endDelimiter:--//
-- ----------------------------------------------------------------------------
call rbac.generateRbacRoleDescriptors('testDomain', 'test_domain');
call rbac.generateRbacRoleDescriptors('testDomain', 'rbactest.domain');
--//
-- ============================================================================
--changeset RolesGrantsAndPermissionsGenerator:test-domain-rbac-insert-trigger endDelimiter:--//
--changeset RolesGrantsAndPermissionsGenerator:rbactest-domain-rbac-insert-trigger endDelimiter:--//
-- ----------------------------------------------------------------------------
/*
@@ -25,17 +25,17 @@ call rbac.generateRbacRoleDescriptors('testDomain', 'test_domain');
*/
create or replace procedure buildRbacSystemForTestDomain(
NEW test_domain
NEW rbactest.domain
)
language plpgsql as $$
declare
newPackage test_package;
newPackage rbactest.package;
begin
call rbac.enterTriggerForObjectUuid(NEW.uuid);
SELECT * FROM test_package WHERE uuid = NEW.packageUuid INTO newPackage;
SELECT * FROM rbactest.package WHERE uuid = NEW.packageUuid INTO newPackage;
assert newPackage.uuid is not null, format('newPackage must not be null for NEW.packageUuid = %s', NEW.packageUuid);
@@ -57,7 +57,7 @@ begin
end; $$;
/*
AFTER INSERT TRIGGER to create the role+grant structure for a new test_domain row.
AFTER INSERT TRIGGER to create the role+grant structure for a new rbactest.domain row.
*/
create or replace function insertTriggerForTestDomain_tf()
@@ -70,14 +70,14 @@ begin
end; $$;
create trigger insertTriggerForTestDomain_tg
after insert on test_domain
after insert on rbactest.domain
for each row
execute procedure insertTriggerForTestDomain_tf();
--//
-- ============================================================================
--changeset RolesGrantsAndPermissionsGenerator:test-domain-rbac-update-trigger endDelimiter:--//
--changeset RolesGrantsAndPermissionsGenerator:rbactest-domain-rbac-update-trigger endDelimiter:--//
-- ----------------------------------------------------------------------------
/*
@@ -85,22 +85,22 @@ execute procedure insertTriggerForTestDomain_tf();
*/
create or replace procedure updateRbacRulesForTestDomain(
OLD test_domain,
NEW test_domain
OLD rbactest.domain,
NEW rbactest.domain
)
language plpgsql as $$
declare
oldPackage test_package;
newPackage test_package;
oldPackage rbactest.package;
newPackage rbactest.package;
begin
call rbac.enterTriggerForObjectUuid(NEW.uuid);
SELECT * FROM test_package WHERE uuid = OLD.packageUuid INTO oldPackage;
SELECT * FROM rbactest.package WHERE uuid = OLD.packageUuid INTO oldPackage;
assert oldPackage.uuid is not null, format('oldPackage must not be null for OLD.packageUuid = %s', OLD.packageUuid);
SELECT * FROM test_package WHERE uuid = NEW.packageUuid INTO newPackage;
SELECT * FROM rbactest.package WHERE uuid = NEW.packageUuid INTO newPackage;
assert newPackage.uuid is not null, format('newPackage must not be null for NEW.packageUuid = %s', NEW.packageUuid);
@@ -121,7 +121,7 @@ begin
end; $$;
/*
AFTER INSERT TRIGGER to re-wire the grant structure for a new test_domain row.
AFTER INSERT TRIGGER to re-wire the grant structure for a new rbactest.domain row.
*/
create or replace function updateTriggerForTestDomain_tf()
@@ -134,94 +134,94 @@ begin
end; $$;
create trigger updateTriggerForTestDomain_tg
after update on test_domain
after update on rbactest.domain
for each row
execute procedure updateTriggerForTestDomain_tf();
--//
-- ============================================================================
--changeset InsertTriggerGenerator:test-domain-rbac-GRANTING-INSERT-PERMISSION endDelimiter:--//
--changeset InsertTriggerGenerator:rbactest-domain-rbac-GRANTING-INSERT-PERMISSION endDelimiter:--//
-- ----------------------------------------------------------------------------
-- granting INSERT permission to test_package ----------------------------
-- granting INSERT permission to rbactest.package ----------------------------
/*
Grants INSERT INTO test_domain permissions to specified role of pre-existing test_package rows.
Grants INSERT INTO rbactest.domain permissions to specified role of pre-existing rbactest.package rows.
*/
do language plpgsql $$
declare
row test_package;
row rbactest.package;
begin
call base.defineContext('create INSERT INTO test_domain permissions for pre-exising test_package rows');
call base.defineContext('create INSERT INTO rbactest.domain permissions for pre-exising rbactest.package rows');
FOR row IN SELECT * FROM test_package
FOR row IN SELECT * FROM rbactest.package
-- unconditional for all rows in that table
LOOP
call rbac.grantPermissionToRole(
rbac.createPermission(row.uuid, 'INSERT', 'test_domain'),
rbac.createPermission(row.uuid, 'INSERT', 'rbactest.domain'),
testPackageADMIN(row));
END LOOP;
end;
$$;
/**
Grants test_domain INSERT permission to specified role of new test_package rows.
Grants rbactest.domain INSERT permission to specified role of new package rows.
*/
create or replace function new_test_domain_grants_insert_to_test_package_tf()
create or replace function rbactest.new_domain_grants_insert_to_package_tf()
returns trigger
language plpgsql
strict as $$
begin
-- unconditional for all rows in that table
call rbac.grantPermissionToRole(
rbac.createPermission(NEW.uuid, 'INSERT', 'test_domain'),
rbac.createPermission(NEW.uuid, 'INSERT', 'rbactest.domain'),
testPackageADMIN(NEW));
-- end.
return NEW;
end; $$;
-- z_... is to put it at the end of after insert triggers, to make sure the roles exist
create trigger z_new_test_domain_grants_after_insert_tg
after insert on test_package
create trigger z_new_domain_grants_after_insert_tg
after insert on rbactest.package
for each row
execute procedure new_test_domain_grants_insert_to_test_package_tf();
execute procedure rbactest.new_domain_grants_insert_to_package_tf();
-- ============================================================================
--changeset InsertTriggerGenerator:test_domain-rbac-CHECKING-INSERT-PERMISSION endDelimiter:--//
--changeset InsertTriggerGenerator:rbactest-domain-rbac-CHECKING-INSERT-PERMISSION endDelimiter:--//
-- ----------------------------------------------------------------------------
/**
Checks if the user respectively the assumed roles are allowed to insert a row to test_domain.
Checks if the user respectively the assumed roles are allowed to insert a row to rbactest.domain.
*/
create or replace function test_domain_insert_permission_check_tf()
create or replace function rbactest.domain_insert_permission_check_tf()
returns trigger
language plpgsql as $$
declare
superObjectUuid uuid;
begin
-- check INSERT permission via direct foreign key: NEW.packageUuid
if rbac.hasInsertPermission(NEW.packageUuid, 'test_domain') then
if rbac.hasInsertPermission(NEW.packageUuid, 'rbactest.domain') then
return NEW;
end if;
raise exception '[403] insert into test_domain values(%) not allowed for current subjects % (%)',
raise exception '[403] insert into rbactest.domain values(%) not allowed for current subjects % (%)',
NEW, base.currentSubjects(), rbac.currentSubjectOrAssumedRolesUuids();
end; $$;
create trigger test_domain_insert_permission_check_tg
before insert on test_domain
create trigger domain_insert_permission_check_tg
before insert on rbactest.domain
for each row
execute procedure test_domain_insert_permission_check_tf();
execute procedure rbactest.domain_insert_permission_check_tf();
--//
-- ============================================================================
--changeset RbacIdentityViewGenerator:test-domain-rbac-IDENTITY-VIEW endDelimiter:--//
--changeset RbacIdentityViewGenerator:rbactest-domain-rbac-IDENTITY-VIEW endDelimiter:--//
-- ----------------------------------------------------------------------------
call rbac.generateRbacIdentityViewFromProjection('test_domain',
call rbac.generateRbacIdentityViewFromProjection('rbactest.domain',
$idName$
name
$idName$);
@@ -229,9 +229,9 @@ call rbac.generateRbacIdentityViewFromProjection('test_domain',
-- ============================================================================
--changeset RbacRestrictedViewGenerator:test-domain-rbac-RESTRICTED-VIEW endDelimiter:--//
--changeset RbacRestrictedViewGenerator:rbactest-domain-rbac-RESTRICTED-VIEW endDelimiter:--//
-- ----------------------------------------------------------------------------
call rbac.generateRbacRestrictedView('test_domain',
call rbac.generateRbacRestrictedView('rbactest.domain',
$orderBy$
name
$orderBy$,

10
src/main/resources/db/changelog/2-test/203-test-domain/2038-test-domain-test-data.sql → src/main/resources/db/changelog/2-rbactest/203-rbactest-domain/2038-rbactest-domain-test-data.sql
View File

@@ -13,8 +13,8 @@ declare
pacAdmin varchar;
begin
select p.uuid, p.name, c.prefix as custPrefix
from test_package p
join test_customer c on p.customeruuid = c.uuid
from rbactest.package p
join rbactest.customer c on p.customeruuid = c.uuid
where p.name = packageName
into pac;
@@ -24,7 +24,7 @@ begin
call base.defineContext('creating RBAC test domain', null, pacAdmin, null);
insert
into test_domain (name, packageUuid)
into rbactest.domain (name, packageUuid)
values (pac.name || '-' || base.intToVarChar(t, 4), pac.uuid);
end loop;
end; $$;
@@ -41,8 +41,8 @@ declare
begin
for pac in
(select p.uuid, p.name
from test_package p
join test_customer c on p.customeruuid = c.uuid
from rbactest.package p
join rbactest.customer c on p.customeruuid = c.uuid
where c.reference < 90000) -- reserved for functional testing
loop
call createdomainTestData(pac.name, 2);

6
src/main/resources/db/changelog/5-hs-office/504-partner/5043-hs-office-partner-rbac.sql
View File

@@ -181,7 +181,7 @@ $$;
/**
Grants hs_office_partner INSERT permission to specified role of new global rows.
*/
create or replace function rbac.new_hsof_partner_grants_insert_to_global_tf()
create or replace function new_hsof_partner_grants_insert_to_global_tf()
returns trigger
language plpgsql
strict as $$
@@ -198,11 +198,11 @@ end; $$;
create trigger z_new_hs_office_partner_grants_after_insert_tg
after insert on rbac.global
for each row
execute procedure rbac.new_hsof_partner_grants_insert_to_global_tf();
execute procedure new_hsof_partner_grants_insert_to_global_tf();
-- ============================================================================
--changeset InsertTriggerGenerator:hs_office_partner-rbac-CHECKING-INSERT-PERMISSION endDelimiter:--//
--changeset InsertTriggerGenerator:hs-office-partner-rbac-CHECKING-INSERT-PERMISSION endDelimiter:--//
-- ----------------------------------------------------------------------------
/**

6
src/main/resources/db/changelog/5-hs-office/504-partner/5044-hs-office-partner-details-rbac.sql
View File

@@ -85,7 +85,7 @@ $$;
/**
Grants hs_office_partner_details INSERT permission to specified role of new global rows.
*/
create or replace function rbac.new_hsof_partner_details_grants_insert_to_global_tf()
create or replace function new_hsof_partner_details_grants_insert_to_global_tf()
returns trigger
language plpgsql
strict as $$
@@ -102,11 +102,11 @@ end; $$;
create trigger z_new_hs_office_partner_details_grants_after_insert_tg
after insert on rbac.global
for each row
execute procedure rbac.new_hsof_partner_details_grants_insert_to_global_tf();
execute procedure new_hsof_partner_details_grants_insert_to_global_tf();
-- ============================================================================
--changeset InsertTriggerGenerator:hs_office_partner_details-rbac-CHECKING-INSERT-PERMISSION endDelimiter:--//
--changeset InsertTriggerGenerator:hs-office-partner-details-rbac-CHECKING-INSERT-PERMISSION endDelimiter:--//
-- ----------------------------------------------------------------------------
/**

6
src/main/resources/db/changelog/5-hs-office/506-debitor/5063-hs-office-debitor-rbac.sql
View File

@@ -154,7 +154,7 @@ $$;
/**
Grants hs_office_debitor INSERT permission to specified role of new global rows.
*/
create or replace function rbac.new_hsof_debitor_grants_insert_to_global_tf()
create or replace function new_hsof_debitor_grants_insert_to_global_tf()
returns trigger
language plpgsql
strict as $$
@@ -171,11 +171,11 @@ end; $$;
create trigger z_new_hs_office_debitor_grants_after_insert_tg
after insert on rbac.global
for each row
execute procedure rbac.new_hsof_debitor_grants_insert_to_global_tf();
execute procedure new_hsof_debitor_grants_insert_to_global_tf();
-- ============================================================================
--changeset InsertTriggerGenerator:hs_office_debitor-rbac-CHECKING-INSERT-PERMISSION endDelimiter:--//
--changeset InsertTriggerGenerator:hs-office-debitor-rbac-CHECKING-INSERT-PERMISSION endDelimiter:--//
-- ----------------------------------------------------------------------------
/**

2
src/main/resources/db/changelog/5-hs-office/507-sepamandate/5073-hs-office-sepamandate-rbac.sql
View File

@@ -150,7 +150,7 @@ execute procedure new_hsof_sepamandate_grants_insert_to_hsof_relation_tf();
-- ============================================================================
--changeset InsertTriggerGenerator:hs_office_sepamandate-rbac-CHECKING-INSERT-PERMISSION endDelimiter:--//
--changeset InsertTriggerGenerator:hs-office-sepamandate-rbac-CHECKING-INSERT-PERMISSION endDelimiter:--//
-- ----------------------------------------------------------------------------
/**

6
src/main/resources/db/changelog/5-hs-office/510-membership/5103-hs-office-membership-rbac.sql
View File

@@ -116,7 +116,7 @@ $$;
/**
Grants hs_office_membership INSERT permission to specified role of new global rows.
*/
create or replace function rbac.new_hsof_membership_grants_insert_to_global_tf()
create or replace function new_hsof_membership_grants_insert_to_global_tf()
returns trigger
language plpgsql
strict as $$
@@ -133,11 +133,11 @@ end; $$;
create trigger z_new_hs_office_membership_grants_after_insert_tg
after insert on rbac.global
for each row
execute procedure rbac.new_hsof_membership_grants_insert_to_global_tf();
execute procedure new_hsof_membership_grants_insert_to_global_tf();
-- ============================================================================
--changeset InsertTriggerGenerator:hs_office_membership-rbac-CHECKING-INSERT-PERMISSION endDelimiter:--//
--changeset InsertTriggerGenerator:hs-office-membership-rbac-CHECKING-INSERT-PERMISSION endDelimiter:--//
-- ----------------------------------------------------------------------------
/**

2
src/main/resources/db/changelog/5-hs-office/511-coopshares/5113-hs-office-coopshares-rbac.sql
View File

@@ -113,7 +113,7 @@ execute procedure new_hsof_coopsharetx_grants_insert_to_hsof_membership_tf();
-- ============================================================================
--changeset InsertTriggerGenerator:hs_office_coopsharestransaction-rbac-CHECKING-INSERT-PERMISSION endDelimiter:--//
--changeset InsertTriggerGenerator:hs-office-coopsharestransaction-rbac-CHECKING-INSERT-PERMISSION endDelimiter:--//
-- ----------------------------------------------------------------------------
/**

2
src/main/resources/db/changelog/5-hs-office/512-coopassets/5123-hs-office-coopassets-rbac.sql
View File

@@ -113,7 +113,7 @@ execute procedure new_hsof_coopassettx_grants_insert_to_hsof_membership_tf();
-- ============================================================================
--changeset InsertTriggerGenerator:hs_office_coopassetstransaction-rbac-CHECKING-INSERT-PERMISSION endDelimiter:--//
--changeset InsertTriggerGenerator:hs-office-coopassetstransaction-rbac-CHECKING-INSERT-PERMISSION endDelimiter:--//
-- ----------------------------------------------------------------------------
/**

22
src/main/resources/db/changelog/db.changelog-master.yaml
View File

@@ -21,6 +21,8 @@ databaseChangeLog:
file: db/changelog/0-base/009-check-environment.sql
- include:
file: db/changelog/0-base/010-context.sql
- include:
file: db/changelog/0-base/011-table-schema-and-name.sql
- include:
file: db/changelog/0-base/020-audit-log.sql
- include:
@@ -48,23 +50,25 @@ databaseChangeLog:
- include:
file: db/changelog/1-rbac/1080-rbac-global.sql
- include:
file: db/changelog/2-test/201-test-customer/2010-test-customer.sql
file: db/changelog/2-rbactest/200-rbactest-schema.sql
- include:
file: db/changelog/2-test/201-test-customer/2013-test-customer-rbac.sql
file: db/changelog/2-rbactest/201-rbactest-customer/2010-rbactest-customer.sql
- include:
file: db/changelog/2-test/201-test-customer/2018-test-customer-test-data.sql
file: db/changelog/2-rbactest/201-rbactest-customer/2013-rbactest-customer-rbac.sql
- include:
file: db/changelog/2-test/202-test-package/2020-test-package.sql
file: db/changelog/2-rbactest/201-rbactest-customer/2018-rbactest-customer-test-data.sql
- include:
file: db/changelog/2-test/202-test-package/2023-test-package-rbac.sql
file: db/changelog/2-rbactest/202-rbactest-package/2020-rbactest-package.sql
- include:
file: db/changelog/2-test/202-test-package/2028-test-package-test-data.sql
file: db/changelog/2-rbactest/202-rbactest-package/2023-rbactest-package-rbac.sql
- include:
file: db/changelog/2-test/203-test-domain/2030-test-domain.sql
file: db/changelog/2-rbactest/202-rbactest-package/2028-rbactest-package-test-data.sql
- include:
file: db/changelog/2-test/203-test-domain/2033-test-domain-rbac.sql
file: db/changelog/2-rbactest/203-rbactest-domain/2030-rbactest-domain.sql
- include:
file: db/changelog/2-test/203-test-domain/2038-test-domain-test-data.sql
file: db/changelog/2-rbactest/203-rbactest-domain/2033-rbactest-domain-rbac.sql
- include:
file: db/changelog/2-rbactest/203-rbactest-domain/2038-rbactest-domain-test-data.sql
- include:
file: db/changelog/5-hs-office/501-contact/5010-hs-office-contact.sql
- include: