From 2cae17a0455e02a24f4d31f559d77c3c2184957b Mon Sep 17 00:00:00 2001
From: Michael Hoennig <michael@hoennig.de>
Date: Fri, 16 Sep 2022 16:14:39 +0200
Subject: [PATCH] introduces generateRbacIdentityView to generate identity
views
---
.../db/changelog/058-rbac-generators.sql | 43 +++++++++++++++++++
.../db/changelog/113-test-customer-rbac.sql | 34 ++-------------
.../db/changelog/123-test-package-rbac.sql | 35 ++-------------
.../db/changelog/133-test-domain-rbac.sql | 35 ++-------------
.../changelog/203-hs-office-contact-rbac.sql | 32 ++------------
.../changelog/213-hs-office-person-rbac.sql | 33 ++------------
.../changelog/223-hs-office-partner-rbac.sql | 41 +++---------------
7 files changed, 63 insertions(+), 190 deletions(-)
diff --git a/src/main/resources/db/changelog/058-rbac-generators.sql b/src/main/resources/db/changelog/058-rbac-generators.sql
index fa23989a..f15cac68 100644
--- a/src/main/resources/db/changelog/058-rbac-generators.sql
+++ b/src/main/resources/db/changelog/058-rbac-generators.sql
@@ -70,3 +70,46 @@ begin
execute sql;
end; $$;
--//
+
+
+-- ============================================================================
+--changeset rbac-generators-IDENTITY-VIEW:1 endDelimiter:--//
+-- ----------------------------------------------------------------------------
+
+create or replace procedure generateRbacIdentityView(targetTable text, idNameExpression text)
+ language plpgsql as $$
+declare
+ sql text;
+begin
+ -- create a view to the target main table which maps an idName to the objectUuid
+ sql = format($sql$
+ create or replace view %1$s_iv as
+ select target.uuid, cleanIdentifier(%2$s) as idName
+ from %1$s as target;
+ grant all privileges on %1$s_iv to restricted;
+ $sql$, targetTable, idNameExpression);
+ execute sql;
+
+ -- creates a function which maps an idName to the objectUuid
+ sql = format($sql$
+ create or replace function %1$sUuidByIdName(givenIdName varchar)
+ returns uuid
+ language sql
+ strict as $f$
+ select uuid from %1$s_iv iv where iv.idName = givenIdName;
+ $f$;
+ $sql$, targetTable);
+ execute sql;
+
+ -- creates a function which maps an objectUuid to the related idName
+ sql = format($sql$
+ create or replace function %1$sIdNameByUuid(givenUuid uuid)
+ returns varchar
+ language sql
+ strict as $f$
+ select idName from %1$s_iv iv where iv.uuid = givenUuid;
+ $f$;
+ $sql$, targetTable);
+ execute sql;
+end; $$;
+--//
diff --git a/src/main/resources/db/changelog/113-test-customer-rbac.sql b/src/main/resources/db/changelog/113-test-customer-rbac.sql
index 380894d7..fb4b1dff 100644
--- a/src/main/resources/db/changelog/113-test-customer-rbac.sql
+++ b/src/main/resources/db/changelog/113-test-customer-rbac.sql
@@ -78,37 +78,9 @@ execute procedure createRbacRolesForTestCustomer();
-- ============================================================================
--changeset test-customer-rbac-IDENTITY-VIEW:1 endDelimiter:--//
-- ----------------------------------------------------------------------------
-
-/*
- Creates a view to the customer main table which maps the identifying name
- (in this case, the prefix) to the objectUuid.
- */
-drop view if exists test_customer_iv;
-create or replace view test_customer_iv as
-select target.uuid, target.prefix as idName
- from test_customer as target;
--- TODO.spec: Is it ok that everybody has access to this information?
-grant all privileges on test_customer_iv to restricted;
-
-/*
- Returns the objectUuid for a given identifying name (in this case the prefix).
- */
-create or replace function test_customerUuidByIdName(idName varchar)
- returns uuid
- language sql
- strict as $$
-select uuid from test_customer_iv iv where iv.idName = test_customerUuidByIdName.idName;
-$$;
-
-/*
- Returns the identifying name for a given objectUuid (in this case the prefix).
- */
-create or replace function test_customerIdNameByUuid(uuid uuid)
- returns varchar
- language sql
- strict as $$
-select idName from test_customer_iv iv where iv.uuid = test_customerIdNameByUuid.uuid;
-$$;
+call generateRbacIdentityView('test_customer', $idName$
+ target.prefix
+ $idName$);
--//
diff --git a/src/main/resources/db/changelog/123-test-package-rbac.sql b/src/main/resources/db/changelog/123-test-package-rbac.sql
index 585fb6e4..473a185d 100644
--- a/src/main/resources/db/changelog/123-test-package-rbac.sql
+++ b/src/main/resources/db/changelog/123-test-package-rbac.sql
@@ -76,38 +76,9 @@ execute procedure createRbacRolesForTestPackage();
-- ============================================================================
--changeset test-package-rbac-IDENTITY-VIEW:1 endDelimiter:--//
-- ----------------------------------------------------------------------------
-
-/*
- Creates a view to the package main table which maps the identifying name
- (in this case, actually the column `name`) to the objectUuid.
- */
-drop view if exists test_package_iv;
-create or replace view test_package_iv as
-select distinct target.uuid, target.name as idName
- from test_package as target;
--- TODO: Is it ok that everybody has access to this information?
-grant all privileges on test_package_iv to restricted;
-
-/*
- Returns the objectUuid for a given identifying name (in this case, actually the column `name`).
- */
-create or replace function test_packageUuidByIdName(idName varchar)
- returns uuid
- language sql
- strict as $$
-select uuid from test_package_iv iv where iv.idName = test_packageUuidByIdName.idName;
-$$;
-
-/*
- Returns the identifying name for a given objectUuid (in this case the name).
- */
-create or replace function test_packageIdNameByUuid(uuid uuid)
- returns varchar
- stable leakproof
- language sql
- strict as $$
-select idName from test_package_iv iv where iv.uuid = test_packageIdNameByUuid.uuid;
-$$;
+call generateRbacIdentityView('test_package', $idName$
+ target.name
+ $idName$);
--//
diff --git a/src/main/resources/db/changelog/133-test-domain-rbac.sql b/src/main/resources/db/changelog/133-test-domain-rbac.sql
index 5d7158b4..0774ef05 100644
--- a/src/main/resources/db/changelog/133-test-domain-rbac.sql
+++ b/src/main/resources/db/changelog/133-test-domain-rbac.sql
@@ -93,38 +93,9 @@ execute procedure createRbacRulesForTestDomain();
-- ============================================================================
--changeset test-domain-rbac-IDENTITY-VIEW:1 endDelimiter:--//
-- ----------------------------------------------------------------------------
-
-/*
- Creates a view to the domain main table which maps the identifying name
- (in this case, actually the column `name`) to the objectUuid.
- */
-drop view if exists test_domain_iv;
-create or replace view test_domain_iv as
-select distinct target.uuid, target.name as idName
- from test_domain as target;
--- TODO.spec: Is it ok that everybody has access to this information?
-grant all privileges on test_domain_iv to restricted;
-
-/*
- Returns the objectUuid for a given identifying name (in this case, actually the column `name`).
- */
-create or replace function test_domainUuidByIdName(idName varchar)
- returns uuid
- language sql
- strict as $$
-select uuid from test_domain_iv iv where iv.idName = test_domainUuidByIdName.idName;
-$$;
-
-/*
- Returns the identifying name for a given objectUuid (in this case the name).
- */
-create or replace function test_domainIdNameByUuid(uuid uuid)
- returns varchar
- stable leakproof
- language sql
- strict as $$
-select idName from test_domain_iv iv where iv.uuid = test_domainIdNameByUuid.uuid;
-$$;
+call generateRbacIdentityView('test_domain', $idName$
+ target.name
+ $idName$);
--//
diff --git a/src/main/resources/db/changelog/203-hs-office-contact-rbac.sql b/src/main/resources/db/changelog/203-hs-office-contact-rbac.sql
index f2f4516c..0502b2ba 100644
--- a/src/main/resources/db/changelog/203-hs-office-contact-rbac.sql
+++ b/src/main/resources/db/changelog/203-hs-office-contact-rbac.sql
@@ -77,35 +77,9 @@ execute procedure createRbacRolesForHsOfficeContact();
--changeset hs-office-contact-rbac-IDENTITY-VIEW:1 endDelimiter:--//
-- ----------------------------------------------------------------------------
-/*
- Creates a view to the contact main table which maps the identifying name
- (in this case, the prefix) to the objectUuid.
- */
-create or replace view hs_office_contact_iv as
-select target.uuid, cleanIdentifier(target.label) as idName
- from hs_office_contact as target;
--- TODO.spec: Is it ok that everybody has access to this information?
-grant all privileges on hs_office_contact_iv to restricted;
-
-/*
- Returns the objectUuid for a given identifying name (in this case the prefix).
- */
-create or replace function hs_office_contactUuidByIdName(idName varchar)
- returns uuid
- language sql
- strict as $$
-select uuid from hs_office_contact_iv iv where iv.idName = hs_office_contactUuidByIdName.idName;
-$$;
-
-/*
- Returns the identifying name for a given objectUuid (in this case the label).
- */
-create or replace function hs_office_contactIdNameByUuid(uuid uuid)
- returns varchar
- language sql
- strict as $$
-select idName from hs_office_contact_iv iv where iv.uuid = hs_office_contactIdNameByUuid.uuid;
-$$;
+call generateRbacIdentityView('hs_office_contact', $idName$
+ target.label
+ $idName$);
--//
diff --git a/src/main/resources/db/changelog/213-hs-office-person-rbac.sql b/src/main/resources/db/changelog/213-hs-office-person-rbac.sql
index c7ab28ea..a9fbe4a0 100644
--- a/src/main/resources/db/changelog/213-hs-office-person-rbac.sql
+++ b/src/main/resources/db/changelog/213-hs-office-person-rbac.sql
@@ -76,36 +76,9 @@ execute procedure createRbacRolesForHsOfficePerson();
-- ============================================================================
--changeset hs-office-person-rbac-IDENTITY-VIEW:1 endDelimiter:--//
-- ----------------------------------------------------------------------------
-
-/*
- Creates a view to the person main table which maps the identifying name
- (in this case, the prefix) to the objectUuid.
- */
-create or replace view hs_office_person_iv as
-select target.uuid, cleanIdentifier(concat(target.tradeName, target.familyName, target.givenName)) as idName
- from hs_office_person as target;
--- TODO.spec: Is it ok that everybody has access to this information?
-grant all privileges on hs_office_person_iv to restricted;
-
-/*
- Returns the objectUuid for a given identifying name (in this case the prefix).
- */
-create or replace function hs_office_personUuidByIdName(idName varchar)
- returns uuid
- language sql
- strict as $$
-select uuid from hs_office_person_iv iv where iv.idName = hs_office_personUuidByIdName.idName;
-$$;
-
-/*
- Returns the identifying name for a given objectUuid (in this case the label).
- */
-create or replace function hs_office_personIdNameByUuid(uuid uuid)
- returns varchar
- language sql
- strict as $$
-select idName from hs_office_person_iv iv where iv.uuid = hs_office_personIdNameByUuid.uuid;
-$$;
+call generateRbacIdentityView('hs_office_person', $idName$
+ concat(target.tradeName, target.familyName, target.givenName)
+ $idName$);
--//
diff --git a/src/main/resources/db/changelog/223-hs-office-partner-rbac.sql b/src/main/resources/db/changelog/223-hs-office-partner-rbac.sql
index f89965d9..cc108f7a 100644
--- a/src/main/resources/db/changelog/223-hs-office-partner-rbac.sql
+++ b/src/main/resources/db/changelog/223-hs-office-partner-rbac.sql
@@ -116,42 +116,11 @@ execute procedure hsOfficePartnerRbacRolesTrigger();
-- ============================================================================
--changeset hs-office-partner-rbac-IDENTITY-VIEW:1 endDelimiter:--//
-- ----------------------------------------------------------------------------
-
-/*
- Creates a view to the partner main table which maps the identifying name
- (in this case, the prefix) to the objectUuid.
- */
-create or replace view hs_office_partner_iv as
-select target.uuid,
- cleanIdentifier(
- (select idName from hs_office_person_iv p where p.uuid = target.personuuid)
- || '-' ||
- (select idName from hs_office_contact_iv c where c.uuid = target.contactuuid)
- )
- as idName
- from hs_office_partner as target;
--- TODO.spec: Is it ok that everybody has access to this information?
-grant all privileges on hs_office_partner_iv to restricted;
-
-/*
- Returns the objectUuid for a given identifying name (in this case the prefix).
- */
-create or replace function hs_office_partnerUuidByIdName(idName varchar)
- returns uuid
- language sql
- strict as $$
-select uuid from hs_office_partner_iv iv where iv.idName = hs_office_partnerUuidByIdName.idName;
-$$;
-
-/*
- Returns the identifying name for a given objectUuid (in this case the label).
- */
-create or replace function hs_office_partnerIdNameByUuid(uuid uuid)
- returns varchar
- language sql
- strict as $$
-select idName from hs_office_partner_iv iv where iv.uuid = hs_office_partnerIdNameByUuid.uuid;
-$$;
+call generateRbacIdentityView('hs_office_partner', $idName$
+ (select idName from hs_office_person_iv p where p.uuid = target.personuuid)
+ || '-' ||
+ (select idName from hs_office_contact_iv c where c.uuid = target.contactuuid)
+ $idName$);
--//