1
0

rename hs-admin to hs-office regarding the module name

This commit is contained in:
Michael Hoennig
2022-09-13 13:27:52 +02:00
parent 7465b9df63
commit 4e90f53bf3
43 changed files with 540 additions and 544 deletions

@@ -1,10 +1,6 @@
package net.hostsharing.hsadminng;
import net.hostsharing.hsadminng.hs.admin.generated.api.v1.model.HsAdminPersonResource;
import net.hostsharing.hsadminng.hs.admin.person.HsAdminPersonEntity;
import org.modelmapper.Converter;
import org.modelmapper.ModelMapper;
import org.modelmapper.spi.MappingContext;
import java.util.List;
import java.util.function.BiConsumer;

@@ -1,8 +0,0 @@
package net.hostsharing.hsadminng.hs.admin.person;
public enum HsAdminPersonType {
NATURAL,
LEGAL,
SOLE_REPRESENTATION,
JOINT_REPRESENTATION
}

@@ -1,4 +1,4 @@
package net.hostsharing.hsadminng.hs.admin.contact;
package net.hostsharing.hsadminng.hs.office.contact;
import lombok.*;
@@ -9,13 +9,13 @@ import javax.persistence.Table;
import java.util.UUID;
@Entity
@Table(name = "hs_admin_contact_rv")
@Table(name = "hs_office_contact_rv")
@Getter
@Setter
@Builder
@NoArgsConstructor
@AllArgsConstructor
public class HsAdminContactEntity {
public class HsOfficeContactEntity {
private @Id UUID uuid;
private String label;

@@ -1,4 +1,4 @@
package net.hostsharing.hsadminng.hs.admin.contact;
package net.hostsharing.hsadminng.hs.office.contact;
import org.springframework.data.jpa.repository.Query;
import org.springframework.data.repository.Repository;
@@ -7,19 +7,19 @@ import java.util.List;
import java.util.Optional;
import java.util.UUID;
public interface HsAdminContactRepository extends Repository<HsAdminContactEntity, UUID> {
public interface HsOfficeContactRepository extends Repository<HsOfficeContactEntity, UUID> {
Optional<HsAdminContactEntity> findByUuid(UUID id);
Optional<HsOfficeContactEntity> findByUuid(UUID id);
@Query("""
SELECT c FROM HsAdminContactEntity c
SELECT c FROM HsOfficeContactEntity c
WHERE :label is null
OR c.label like concat(:label, '%')
""")
// TODO.feat: join tables missing
List<HsAdminContactEntity> findContactByOptionalLabelLike(String label);
List<HsOfficeContactEntity> findContactByOptionalLabelLike(String label);
HsAdminContactEntity save(final HsAdminContactEntity entity);
HsOfficeContactEntity save(final HsOfficeContactEntity entity);
void deleteByUuid(final UUID uuid);

@@ -1,14 +1,14 @@
package net.hostsharing.hsadminng.hs.admin.partner;
package net.hostsharing.hsadminng.hs.office.partner;
import net.hostsharing.hsadminng.Mapper;
import net.hostsharing.hsadminng.context.Context;
import net.hostsharing.hsadminng.hs.admin.contact.HsAdminContactEntity;
import net.hostsharing.hsadminng.hs.admin.generated.api.v1.api.HsAdminPartnersApi;
import net.hostsharing.hsadminng.hs.admin.generated.api.v1.model.HsAdminContactResource;
import net.hostsharing.hsadminng.hs.admin.generated.api.v1.model.HsAdminPartnerResource;
import net.hostsharing.hsadminng.hs.admin.generated.api.v1.model.HsAdminPartnerUpdateResource;
import net.hostsharing.hsadminng.hs.admin.generated.api.v1.model.HsAdminPersonResource;
import net.hostsharing.hsadminng.hs.admin.person.HsAdminPersonEntity;
import net.hostsharing.hsadminng.hs.office.contact.HsOfficeContactEntity;
import net.hostsharing.hsadminng.hs.office.generated.api.v1.api.HsOfficePartnersApi;
import net.hostsharing.hsadminng.hs.office.generated.api.v1.model.HsOfficeContactResource;
import net.hostsharing.hsadminng.hs.office.generated.api.v1.model.HsOfficePartnerResource;
import net.hostsharing.hsadminng.hs.office.generated.api.v1.model.HsOfficePartnerUpdateResource;
import net.hostsharing.hsadminng.hs.office.generated.api.v1.model.HsOfficePersonResource;
import net.hostsharing.hsadminng.hs.office.person.HsOfficePersonEntity;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.ResponseEntity;
import org.springframework.transaction.annotation.Transactional;
@@ -23,17 +23,17 @@ import static net.hostsharing.hsadminng.Mapper.map;
@RestController
public class HsAdminPartnerController implements HsAdminPartnersApi {
public class HsOfficePartnerController implements HsOfficePartnersApi {
@Autowired
private Context context;
@Autowired
private HsAdminPartnerRepository partnerRepo;
private HsOfficePartnerRepository partnerRepo;
@Override
@Transactional(readOnly = true)
public ResponseEntity<List<HsAdminPartnerResource>> listPartners(
public ResponseEntity<List<HsOfficePartnerResource>> listPartners(
final String currentUser,
final String assumedRoles,
final String name) {
@@ -42,46 +42,46 @@ public class HsAdminPartnerController implements HsAdminPartnersApi {
// TODO.feat: final var entities = partnerRepo.findPartnerByOptionalNameLike(name);
final var entities = List.of(
HsAdminPartnerEntity.builder()
HsOfficePartnerEntity.builder()
.uuid(UUID.randomUUID())
.person(HsAdminPersonEntity.builder()
.person(HsOfficePersonEntity.builder()
.tradeName("Ixx AG")
.build())
.contact(HsAdminContactEntity.builder()
.contact(HsOfficeContactEntity.builder()
.label("Ixx AG")
.build())
.build(),
HsAdminPartnerEntity.builder()
HsOfficePartnerEntity.builder()
.uuid(UUID.randomUUID())
.person(HsAdminPersonEntity.builder()
.person(HsOfficePersonEntity.builder()
.tradeName("Ypsilon GmbH")
.build())
.contact(HsAdminContactEntity.builder()
.contact(HsOfficeContactEntity.builder()
.label("Ypsilon GmbH")
.build())
.build(),
HsAdminPartnerEntity.builder()
HsOfficePartnerEntity.builder()
.uuid(UUID.randomUUID())
.person(HsAdminPersonEntity.builder()
.person(HsOfficePersonEntity.builder()
.tradeName("Zett OHG")
.build())
.contact(HsAdminContactEntity.builder()
.contact(HsOfficeContactEntity.builder()
.label("Zett OHG")
.build())
.build()
);
final var resources = Mapper.mapList(entities, HsAdminPartnerResource.class,
final var resources = Mapper.mapList(entities, HsOfficePartnerResource.class,
PARTNER_ENTITY_TO_RESOURCE_POSTMAPPER);
return ResponseEntity.ok(resources);
}
@Override
@Transactional
public ResponseEntity<HsAdminPartnerResource> addPartner(
public ResponseEntity<HsOfficePartnerResource> addPartner(
final String currentUser,
final String assumedRoles,
final HsAdminPartnerResource body) {
final HsOfficePartnerResource body) {
// TODO.feat: context.define(currentUser, assumedRoles);
@@ -89,21 +89,21 @@ public class HsAdminPartnerController implements HsAdminPartnersApi {
body.setUuid(UUID.randomUUID());
}
// TODO.feat: final var saved = partnerRepo.save(map(body, HsAdminPartnerEntity.class));
final var saved = map(body, HsAdminPartnerEntity.class, PARTNER_RESOURCE_TO_ENTITY_POSTMAPPER);
// TODO.feat: final var saved = partnerRepo.save(map(body, HsOfficePartnerEntity.class));
final var saved = map(body, HsOfficePartnerEntity.class, PARTNER_RESOURCE_TO_ENTITY_POSTMAPPER);
final var uri =
MvcUriComponentsBuilder.fromController(getClass())
.path("/api/hs/admin/partners/{id}")
.path("/api/hs/office/partners/{id}")
.buildAndExpand(body.getUuid())
.toUri();
final var mapped = map(saved, HsAdminPartnerResource.class,
final var mapped = map(saved, HsOfficePartnerResource.class,
PARTNER_ENTITY_TO_RESOURCE_POSTMAPPER);
return ResponseEntity.created(uri).body(mapped);
}
@Override
public ResponseEntity<HsAdminPartnerResource> getPartnerByUuid(
public ResponseEntity<HsOfficePartnerResource> getPartnerByUuid(
final String currentUser,
final String assumedRoles,
final UUID partnerUuid) {
@@ -113,19 +113,19 @@ public class HsAdminPartnerController implements HsAdminPartnersApi {
// TODO.feat: final var result = partnerRepo.findByUuid(partnerUuid);
final var result =
partnerUuid.equals(UUID.fromString("3fa85f64-5717-4562-b3fc-2c963f66afa6")) ? null :
HsAdminPartnerEntity.builder()
HsOfficePartnerEntity.builder()
.uuid(UUID.randomUUID())
.person(HsAdminPersonEntity.builder()
.person(HsOfficePersonEntity.builder()
.tradeName("Ixx AG")
.build())
.contact(HsAdminContactEntity.builder()
.contact(HsOfficeContactEntity.builder()
.label("Ixx AG")
.build())
.build();
if (result == null) {
return ResponseEntity.notFound().build();
}
return ResponseEntity.ok(map(result, HsAdminPartnerResource.class, PARTNER_ENTITY_TO_RESOURCE_POSTMAPPER));
return ResponseEntity.ok(map(result, HsOfficePartnerResource.class, PARTNER_ENTITY_TO_RESOURCE_POSTMAPPER));
}
@Override
@@ -134,22 +134,22 @@ public class HsAdminPartnerController implements HsAdminPartnersApi {
}
@Override
public ResponseEntity<HsAdminPartnerResource> updatePartner(
public ResponseEntity<HsOfficePartnerResource> updatePartner(
final String currentUser,
final String assumedRoles,
final UUID partnerUuid,
final HsAdminPartnerUpdateResource body) {
final HsOfficePartnerUpdateResource body) {
return null;
}
private final BiConsumer<HsAdminPartnerResource, HsAdminPartnerEntity> PARTNER_RESOURCE_TO_ENTITY_POSTMAPPER = (resource, entity) -> {
entity.setPerson(map(resource.getPerson(), HsAdminPersonEntity.class));
entity.setContact(map(resource.getContact(), HsAdminContactEntity.class));
private final BiConsumer<HsOfficePartnerResource, HsOfficePartnerEntity> PARTNER_RESOURCE_TO_ENTITY_POSTMAPPER = (resource, entity) -> {
entity.setPerson(map(resource.getPerson(), HsOfficePersonEntity.class));
entity.setContact(map(resource.getContact(), HsOfficeContactEntity.class));
};
private final BiConsumer<HsAdminPartnerEntity, HsAdminPartnerResource> PARTNER_ENTITY_TO_RESOURCE_POSTMAPPER = (entity, resource) -> {
resource.setPerson(map(entity.getPerson(), HsAdminPersonResource.class));
resource.setContact(map(entity.getContact(), HsAdminContactResource.class));
private final BiConsumer<HsOfficePartnerEntity, HsOfficePartnerResource> PARTNER_ENTITY_TO_RESOURCE_POSTMAPPER = (entity, resource) -> {
resource.setPerson(map(entity.getPerson(), HsOfficePersonResource.class));
resource.setContact(map(entity.getContact(), HsOfficeContactResource.class));
};
}

@@ -1,31 +1,31 @@
package net.hostsharing.hsadminng.hs.admin.partner;
package net.hostsharing.hsadminng.hs.office.partner;
import lombok.*;
import net.hostsharing.hsadminng.hs.admin.contact.HsAdminContactEntity;
import net.hostsharing.hsadminng.hs.admin.person.HsAdminPersonEntity;
import net.hostsharing.hsadminng.hs.office.contact.HsOfficeContactEntity;
import net.hostsharing.hsadminng.hs.office.person.HsOfficePersonEntity;
import javax.persistence.*;
import java.time.LocalDate;
import java.util.UUID;
@Entity
@Table(name = "hs_admin_partner_rv")
@Table(name = "hs_office_partner_rv")
@Getter
@Setter
@Builder
@NoArgsConstructor
@AllArgsConstructor
public class HsAdminPartnerEntity {
public class HsOfficePartnerEntity {
private @Id UUID uuid;
@ManyToOne
@JoinColumn(name = "personuuid")
private HsAdminPersonEntity person;
private HsOfficePersonEntity person;
@ManyToOne
@JoinColumn(name = "contactuuid")
private HsAdminContactEntity contact;
private HsOfficeContactEntity contact;
private @Column(name = "registrationoffice") String registrationOffice;
private @Column(name = "registrationnumber") String registrationNumber;

@@ -1,4 +1,4 @@
package net.hostsharing.hsadminng.hs.admin.partner;
package net.hostsharing.hsadminng.hs.office.partner;
import org.springframework.data.jpa.repository.Query;
import org.springframework.data.repository.Repository;
@@ -7,14 +7,14 @@ import java.util.List;
import java.util.Optional;
import java.util.UUID;
public interface HsAdminPartnerRepository extends Repository<HsAdminPartnerEntity, UUID> {
public interface HsOfficePartnerRepository extends Repository<HsOfficePartnerEntity, UUID> {
Optional<HsAdminPartnerEntity> findByUuid(UUID id);
Optional<HsOfficePartnerEntity> findByUuid(UUID id);
@Query("""
SELECT partner FROM HsAdminPartnerEntity partner
JOIN HsAdminContactEntity contact ON contact.uuid = partner.contact
JOIN HsAdminPersonEntity person ON person.uuid = partner.person
SELECT partner FROM HsOfficePartnerEntity partner
JOIN HsOfficeContactEntity contact ON contact.uuid = partner.contact
JOIN HsOfficePersonEntity person ON person.uuid = partner.person
WHERE :name is null
OR partner.birthName like concat(:name, '%')
OR contact.label like concat(:name, '%')
@@ -22,9 +22,9 @@ public interface HsAdminPartnerRepository extends Repository<HsAdminPartnerEntit
OR person.givenName like concat(:name, '%')
OR person.familyName like concat(:name, '%')
""")
List<HsAdminPartnerEntity> findPartnerByOptionalNameLike(String name);
List<HsOfficePartnerEntity> findPartnerByOptionalNameLike(String name);
HsAdminPartnerEntity save(final HsAdminPartnerEntity entity);
HsOfficePartnerEntity save(final HsOfficePartnerEntity entity);
long count();

@@ -1,4 +1,4 @@
package net.hostsharing.hsadminng.hs.admin.person;
package net.hostsharing.hsadminng.hs.office.person;
import com.vladmihalcea.hibernate.type.basic.PostgreSQLEnumType;
import lombok.*;
@@ -10,7 +10,7 @@ import javax.persistence.*;
import java.util.UUID;
@Entity
@Table(name = "hs_admin_person_rv")
@Table(name = "hs_office_person_rv")
@TypeDef(
name = "pgsql_enum",
typeClass = PostgreSQLEnumType.class
@@ -20,14 +20,14 @@ import java.util.UUID;
@Builder
@NoArgsConstructor
@AllArgsConstructor
public class HsAdminPersonEntity {
public class HsOfficePersonEntity {
private @Id UUID uuid;
@Column(name = "persontype")
@Enumerated(EnumType.STRING)
@Type( type = "pgsql_enum" )
private HsAdminPersonType personType;
private HsOfficePersonType personType;
@Column(name = "tradename")
private String tradeName;

@@ -1,4 +1,4 @@
package net.hostsharing.hsadminng.hs.admin.person;
package net.hostsharing.hsadminng.hs.office.person;
import org.springframework.data.jpa.repository.Query;
import org.springframework.data.repository.Repository;
@@ -7,20 +7,20 @@ import java.util.List;
import java.util.Optional;
import java.util.UUID;
public interface HsAdminPersonRepository extends Repository<HsAdminPersonEntity, UUID> {
public interface HsOfficePersonRepository extends Repository<HsOfficePersonEntity, UUID> {
Optional<HsAdminPersonEntity> findByUuid(UUID personUuid);
Optional<HsOfficePersonEntity> findByUuid(UUID personUuid);
@Query("""
SELECT p FROM HsAdminPersonEntity p
SELECT p FROM HsOfficePersonEntity p
WHERE :name is null
OR p.tradeName like concat(:name, '%')
OR p.givenName like concat(:name, '%')
OR p.familyName like concat(:name, '%')
""")
List<HsAdminPersonEntity> findPersonByOptionalNameLike(String name);
List<HsOfficePersonEntity> findPersonByOptionalNameLike(String name);
HsAdminPersonEntity save(final HsAdminPersonEntity entity);
HsOfficePersonEntity save(final HsOfficePersonEntity entity);
int deleteByUuid(final UUID personUuid);

@@ -0,0 +1,8 @@
package net.hostsharing.hsadminng.hs.office.person;
public enum HsOfficePersonType {
NATURAL,
LEGAL,
SOLE_REPRESENTATION,
JOINT_REPRESENTATION
}

@@ -1,7 +1,7 @@
openapi-processor-mapping: v2
options:
package-name: net.hostsharing.hsadminng.hs.admin.generated.api.v1
package-name: net.hostsharing.hsadminng.hs.office.generated.api.v1
model-name-suffix: Resource
map:
@@ -12,5 +12,5 @@ map:
- type: string:uuid => java.util.UUID
paths:
/api/hs/admin/partners/{packageUUID}:
/api/hs/office/partners/{packageUUID}:
null: org.openapitools.jackson.nullable.JsonNullable

@@ -3,7 +3,7 @@ components:
schemas:
HsAdminContactBase:
HsOfficeContactBase:
type: object
properties:
label:
@@ -15,14 +15,14 @@ components:
phoneNumbers:
type: string
HsAdminContact:
HsOfficeContact:
allOf:
- type: object
properties:
uuid:
type: string
format: uuid
- $ref: '#/components/schemas/HsAdminContactBase'
- $ref: '#/components/schemas/HsOfficeContactBase'
HsAdminContactUpdate:
$ref: '#/components/schemas/HsAdminContactBase'
HsOfficeContactUpdate:
$ref: '#/components/schemas/HsOfficeContactBase'

@@ -3,7 +3,7 @@ components:
schemas:
HsAdminPartnerBase:
HsOfficePartnerBase:
type: object
properties:
registrationOffice:
@@ -19,7 +19,7 @@ components:
type: string
format: date
HsAdminPartner:
HsOfficePartner:
allOf:
- type: object
properties:
@@ -27,12 +27,12 @@ components:
type: string
format: uuid
person:
$ref: './hs-admin-person-schemas.yaml#/components/schemas/HsAdminPerson'
$ref: './hs-office-person-schemas.yaml#/components/schemas/HsOfficePerson'
contact:
$ref: './hs-admin-contact-schemas.yaml#/components/schemas/HsAdminContact'
- $ref: '#/components/schemas/HsAdminPartnerBase'
$ref: './hs-office-contact-schemas.yaml#/components/schemas/HsOfficeContact'
- $ref: '#/components/schemas/HsOfficePartnerBase'
HsAdminPartnerUpdate:
HsOfficePartnerUpdate:
allOf:
- type: object
properties:
@@ -42,4 +42,4 @@ components:
contactUuid:
type: string
format: uuid
- $ref: '#/components/schemas/HsAdminPartnerBase'
- $ref: '#/components/schemas/HsOfficePartnerBase'

@@ -1,6 +1,6 @@
get:
tags:
- hs-admin-partners
- hs-office-partners
description: 'Fetch a single business partner by its uuid, if visible for the current subject.'
operationId: getPartnerByUuid
parameters:
@@ -18,7 +18,7 @@ get:
content:
'application/json':
schema:
$ref: './hs-admin-partner-schemas.yaml#/components/schemas/HsAdminPartner'
$ref: './hs-office-partner-schemas.yaml#/components/schemas/HsOfficePartner'
"401":
$ref: './error-responses.yaml#/components/responses/Unauthorized'
@@ -27,7 +27,7 @@ get:
patch:
tags:
- hs-admin-partners
- hs-office-partners
operationId: updatePartner
parameters:
- $ref: './auth.yaml#/components/parameters/currentUser'
@@ -42,14 +42,14 @@ patch:
content:
'application/json':
schema:
$ref: './hs-admin-partner-schemas.yaml#/components/schemas/HsAdminPartnerUpdate'
$ref: './hs-office-partner-schemas.yaml#/components/schemas/HsOfficePartnerUpdate'
responses:
"200":
description: OK
content:
'application/json':
schema:
$ref: './hs-admin-partner-schemas.yaml#/components/schemas/HsAdminPartner'
$ref: './hs-office-partner-schemas.yaml#/components/schemas/HsOfficePartner'
"401":
$ref: './error-responses.yaml#/components/responses/Unauthorized'
"403":
@@ -58,7 +58,7 @@ patch:
delete:
tags:
- hs-admin-partners
- hs-office-partners
operationId: deletePartnerByUuid
parameters:
- $ref: './auth.yaml#/components/parameters/currentUser'

@@ -2,7 +2,7 @@ get:
summary: Returns a list of (optionally filtered) business partners.
description: Returns the list of (optionally filtered) business partners which are visible to the current user or any of it's assumed roles.
tags:
- hs-admin-partners
- hs-office-partners
operationId: listPartners
parameters:
- $ref: './auth.yaml#/components/parameters/currentUser'
@@ -21,7 +21,7 @@ get:
schema:
type: array
items:
$ref: './hs-admin-partner-schemas.yaml#/components/schemas/HsAdminPartner'
$ref: './hs-office-partner-schemas.yaml#/components/schemas/HsOfficePartner'
"401":
$ref: './error-responses.yaml#/components/responses/Unauthorized'
"403":
@@ -30,7 +30,7 @@ get:
post:
summary: Adds a new business partner.
tags:
- hs-admin-partners
- hs-office-partners
operationId: addPartner
parameters:
- $ref: './auth.yaml#/components/parameters/currentUser'
@@ -39,7 +39,7 @@ post:
content:
'application/json':
schema:
$ref: './hs-admin-partner-schemas.yaml#/components/schemas/HsAdminPartner'
$ref: './hs-office-partner-schemas.yaml#/components/schemas/HsOfficePartner'
required: true
responses:
"201":
@@ -47,7 +47,7 @@ post:
content:
'application/json':
schema:
$ref: './hs-admin-partner-schemas.yaml#/components/schemas/HsAdminPartner'
$ref: './hs-office-partner-schemas.yaml#/components/schemas/HsOfficePartner'
"401":
$ref: './error-responses.yaml#/components/responses/Unauthorized'
"403":

@@ -3,7 +3,7 @@ components:
schemas:
HsAdminPersonBase:
HsOfficePersonBase:
type: object
properties:
personType:
@@ -20,14 +20,14 @@ components:
familyName:
type: string
HsAdminPerson:
HsOfficePerson:
allOf:
- type: object
properties:
uuid:
type: string
format: uuid
- $ref: '#/components/schemas/HsAdminPersonBase'
- $ref: '#/components/schemas/HsOfficePersonBase'
HsAdminPersonUpdate:
$ref: '#/components/schemas/HsAdminPersonBase'
HsOfficePersonUpdate:
$ref: '#/components/schemas/HsOfficePersonBase'

@@ -8,9 +8,9 @@ servers:
paths:
/api/hs/admin/partners:
$ref: "./hs-admin-partners.yaml"
/api/hs/office/partners:
$ref: "./hs-office-partners.yaml"
/api/hs/admin/partners/{partnerUUID}:
$ref: "./hs-admin-partners-with-uuid.yaml"
/api/hs/office/partners/{partnerUUID}:
$ref: "./hs-office-partners-with-uuid.yaml"

@@ -1,10 +1,10 @@
--liquibase formatted sql
-- ============================================================================
--changeset hs-admin-contact-MAIN-TABLE:1 endDelimiter:--//
--changeset hs-office-contact-MAIN-TABLE:1 endDelimiter:--//
-- ----------------------------------------------------------------------------
create table if not exists hs_admin_contact
create table if not exists hs_office_contact
(
uuid uuid unique references RbacObject (uuid) initially deferred,
label varchar(96) not null,

@@ -1,51 +1,51 @@
--liquibase formatted sql
-- ============================================================================
--changeset hs-admin-contact-rbac-OBJECT:1 endDelimiter:--//
--changeset hs-office-contact-rbac-OBJECT:1 endDelimiter:--//
-- ----------------------------------------------------------------------------
call generateRelatedRbacObject('hs_admin_contact');
call generateRelatedRbacObject('hs_office_contact');
--//
-- ============================================================================
--changeset hs-admin-contact-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--//
--changeset hs-office-contact-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--//
-- ----------------------------------------------------------------------------
create or replace function hsAdminContactOwner(contact hs_admin_contact)
create or replace function hsOfficeContactOwner(contact hs_office_contact)
returns RbacRoleDescriptor
language plpgsql
strict as $$
begin
return roleDescriptor('hs_admin_contact', contact.uuid, 'owner');
return roleDescriptor('hs_office_contact', contact.uuid, 'owner');
end; $$;
create or replace function hsAdminContactAdmin(contact hs_admin_contact)
create or replace function hsOfficeContactAdmin(contact hs_office_contact)
returns RbacRoleDescriptor
language plpgsql
strict as $$
begin
return roleDescriptor('hs_admin_contact', contact.uuid, 'admin');
return roleDescriptor('hs_office_contact', contact.uuid, 'admin');
end; $$;
create or replace function hsAdminContactTenant(contact hs_admin_contact)
create or replace function hsOfficeContactTenant(contact hs_office_contact)
returns RbacRoleDescriptor
language plpgsql
strict as $$
begin
return roleDescriptor('hs_admin_contact', contact.uuid, 'tenant');
return roleDescriptor('hs_office_contact', contact.uuid, 'tenant');
end; $$;
--//
-- ============================================================================
--changeset hs-admin-contact-rbac-ROLES-CREATION:1 endDelimiter:--//
--changeset hs-office-contact-rbac-ROLES-CREATION:1 endDelimiter:--//
-- ----------------------------------------------------------------------------
/*
Creates the roles and their assignments for a new contact for the AFTER INSERT TRIGGER.
*/
create or replace function createRbacRolesForHsAdminContact()
create or replace function createRbacRolesForhsOfficeContact()
returns trigger
language plpgsql
strict as $$
@@ -59,7 +59,7 @@ begin
-- the owner role with full access for the creator assigned to the current user
ownerRole := createRole(
hsAdminContactOwner(NEW),
hsOfficeContactOwner(NEW),
grantingPermissions(forObjectUuid => NEW.uuid, permitOps => array ['*']),
beneathRole(globalAdmin()),
withoutSubRoles(),
@@ -69,14 +69,14 @@ begin
-- the tenant role for those related users who can view the data
adminRole := createRole(
hsAdminContactAdmin(NEW),
hsOfficeContactAdmin(NEW),
grantingPermissions(forObjectUuid => NEW.uuid, permitOps => array ['edit']),
beneathRole(ownerRole)
);
-- the tenant role for those related users who can view the data
perform createRole(
hsAdminContactTenant(NEW),
hsOfficeContactTenant(NEW),
grantingPermissions(forObjectUuid => NEW.uuid, permitOps => array ['view']),
beneathRole(adminRole)
);
@@ -88,82 +88,82 @@ end; $$;
An AFTER INSERT TRIGGER which creates the role structure for a new customer.
*/
create trigger createRbacRolesForHsAdminContact_Trigger
create trigger createRbacRolesForhsOfficeContact_Trigger
after insert
on hs_admin_contact
on hs_office_contact
for each row
execute procedure createRbacRolesForHsAdminContact();
execute procedure createRbacRolesForhsOfficeContact();
--//
-- ============================================================================
--changeset hs-admin-contact-rbac-IDENTITY-VIEW:1 endDelimiter:--//
--changeset hs-office-contact-rbac-IDENTITY-VIEW:1 endDelimiter:--//
-- ----------------------------------------------------------------------------
/*
Creates a view to the contact main table which maps the identifying name
(in this case, the prefix) to the objectUuid.
*/
create or replace view hs_admin_contact_iv as
create or replace view hs_office_contact_iv as
select target.uuid, cleanIdentifier(target.label) as idName
from hs_admin_contact as target;
from hs_office_contact as target;
-- TODO.spec: Is it ok that everybody has access to this information?
grant all privileges on hs_admin_contact_iv to restricted;
grant all privileges on hs_office_contact_iv to restricted;
/*
Returns the objectUuid for a given identifying name (in this case the prefix).
*/
create or replace function hs_admin_contactUuidByIdName(idName varchar)
create or replace function hs_office_contactUuidByIdName(idName varchar)
returns uuid
language sql
strict as $$
select uuid from hs_admin_contact_iv iv where iv.idName = hs_admin_contactUuidByIdName.idName;
select uuid from hs_office_contact_iv iv where iv.idName = hs_office_contactUuidByIdName.idName;
$$;
/*
Returns the identifying name for a given objectUuid (in this case the label).
*/
create or replace function hs_admin_contactIdNameByUuid(uuid uuid)
create or replace function hs_office_contactIdNameByUuid(uuid uuid)
returns varchar
language sql
strict as $$
select idName from hs_admin_contact_iv iv where iv.uuid = hs_admin_contactIdNameByUuid.uuid;
select idName from hs_office_contact_iv iv where iv.uuid = hs_office_contactIdNameByUuid.uuid;
$$;
--//
-- ============================================================================
--changeset hs-admin-contact-rbac-RESTRICTED-VIEW:1 endDelimiter:--//
--changeset hs-office-contact-rbac-RESTRICTED-VIEW:1 endDelimiter:--//
-- ----------------------------------------------------------------------------
/*
Creates a view to the contact main table with row-level limitation
based on the 'view' permission of the current user or assumed roles.
*/
set session session authorization default;
drop view if exists hs_admin_contact_rv;
create or replace view hs_admin_contact_rv as
drop view if exists hs_office_contact_rv;
create or replace view hs_office_contact_rv as
select target.*
from hs_admin_contact as target
where target.uuid in (select queryAccessibleObjectUuidsOfSubjectIds('view', 'hs_admin_contact', currentSubjectsUuids()));
grant all privileges on hs_admin_contact_rv to restricted;
from hs_office_contact as target
where target.uuid in (select queryAccessibleObjectUuidsOfSubjectIds('view', 'hs_office_contact', currentSubjectsUuids()));
grant all privileges on hs_office_contact_rv to restricted;
--//
-- ============================================================================
--changeset hs-admin-contact-rbac-INSTEAD-OF-INSERT-TRIGGER:1 endDelimiter:--//
--changeset hs-office-contact-rbac-INSTEAD-OF-INSERT-TRIGGER:1 endDelimiter:--//
-- ----------------------------------------------------------------------------
/**
Instead of insert trigger function for hs_admin_contact_rv.
Instead of insert trigger function for hs_office_contact_rv.
*/
create or replace function insertHsAdminContact()
create or replace function inserthsOfficeContact()
returns trigger
language plpgsql as $$
declare
newUser hs_admin_contact;
newUser hs_office_contact;
begin
insert
into hs_admin_contact
into hs_office_contact
values (new.*)
returning * into newUser;
return newUser;
@@ -171,48 +171,48 @@ end;
$$;
/*
Creates an instead of insert trigger for the hs_admin_contact_rv view.
Creates an instead of insert trigger for the hs_office_contact_rv view.
*/
create trigger insertHsAdminContact_Trigger
create trigger inserthsOfficeContact_Trigger
instead of insert
on hs_admin_contact_rv
on hs_office_contact_rv
for each row
execute function insertHsAdminContact();
execute function inserthsOfficeContact();
--//
-- ============================================================================
--changeset hs-admin-contact-rbac-INSTEAD-OF-DELETE-TRIGGER:1 endDelimiter:--//
--changeset hs-office-contact-rbac-INSTEAD-OF-DELETE-TRIGGER:1 endDelimiter:--//
-- ----------------------------------------------------------------------------
/**
Instead of delete trigger function for hs_admin_contact_rv.
Instead of delete trigger function for hs_office_contact_rv.
Checks if the current subject (user / assumed role) has the permission to delete the row.
*/
create or replace function deleteHsAdminContact()
create or replace function deletehsOfficeContact()
returns trigger
language plpgsql as $$
begin
if hasGlobalRoleGranted(currentUserUuid()) or
old.uuid in (select queryAccessibleObjectUuidsOfSubjectIds('delete', 'hs_admin_contact', currentSubjectsUuids())) then
delete from hs_admin_contact c where c.uuid = old.uuid;
old.uuid in (select queryAccessibleObjectUuidsOfSubjectIds('delete', 'hs_office_contact', currentSubjectsUuids())) then
delete from hs_office_contact c where c.uuid = old.uuid;
return old;
end if;
raise exception '[403] User % not allowed to delete contact uuid %', currentUser(), old.uuid;
end; $$;
/*
Creates an instead of delete trigger for the hs_admin_contact_rv view.
Creates an instead of delete trigger for the hs_office_contact_rv view.
*/
create trigger deleteHsAdminContact_Trigger
create trigger deletehsOfficeContact_Trigger
instead of delete
on hs_admin_contact_rv
on hs_office_contact_rv
for each row
execute function deleteHsAdminContact();
execute function deletehsOfficeContact();
--/
-- ============================================================================
--changeset hs-admin-contact-rbac-NEW-CONTACT:1 endDelimiter:--//
--changeset hs-office-contact-rbac-NEW-CONTACT:1 endDelimiter:--//
-- ----------------------------------------------------------------------------
/*
Creates a global permission for new-contact and assigns it to the hostsharing admins role.
@@ -235,7 +235,7 @@ $$;
/**
Used by the trigger to prevent the add-customer to current user respectively assumed roles.
*/
create or replace function addHsAdminContactNotAllowedForCurrentSubjects()
create or replace function addHsOfficeContactNotAllowedForCurrentSubjects()
returns trigger
language PLPGSQL
as $$
@@ -247,12 +247,12 @@ end; $$;
/**
Checks if the user or assumed roles are allowed to create a new customer.
*/
create trigger hs_admin_contact_insert_trigger
create trigger hs_office_contact_insert_trigger
before insert
on hs_admin_contact
on hs_office_contact
for each row
-- TODO.spec: who is allowed to create new contacts
when ( not hasAssumedRole() )
execute procedure addHsAdminContactNotAllowedForCurrentSubjects();
execute procedure addHsOfficeContactNotAllowedForCurrentSubjects();
--//

@@ -2,13 +2,13 @@
-- ============================================================================
--changeset hs-admin-contact-TEST-DATA-GENERATOR:1 endDelimiter:--//
--changeset hs-office-contact-TEST-DATA-GENERATOR:1 endDelimiter:--//
-- ----------------------------------------------------------------------------
/*
Creates a single contact test record.
*/
create or replace procedure createHsAdminContactTestData(contLabel varchar)
create or replace procedure createHsOfficeContactTestData(contLabel varchar)
language plpgsql as $$
declare
currentTask varchar;
@@ -24,7 +24,7 @@ begin
raise notice 'creating test contact: %', contLabel;
insert
into hs_admin_contact (label, postaladdress, emailaddresses, phonenumbers)
into hs_office_contact (label, postaladdress, emailaddresses, phonenumbers)
values (contLabel, $address$
Vorname Nachname
Straße Hnr
@@ -36,7 +36,7 @@ end; $$;
/*
Creates a range of test contact for mass data generation.
*/
create or replace procedure createTestContactTestData(
create or replace procedure createHsOfficeContactTestData(
startCount integer, -- count of auto generated rows before the run
endCount integer -- count of auto generated rows after the run
)
@@ -44,7 +44,7 @@ create or replace procedure createTestContactTestData(
begin
for t in startCount..endCount
loop
call createHsAdminContactTestData(intToVarChar(t, 4) || '#' || t);
call createHsOfficeContactTestData(intToVarChar(t, 4) || '#' || t);
commit;
end loop;
end; $$;
@@ -52,15 +52,15 @@ end; $$;
-- ============================================================================
--changeset hs-admin-contact-TEST-DATA-GENERATION:1 context=dev,tc endDelimiter:--//
--changeset hs-office-contact-TEST-DATA-GENERATION:1 context=dev,tc endDelimiter:--//
-- ----------------------------------------------------------------------------
do language plpgsql $$
begin
call createHsAdminContactTestData('first contact');
call createHsAdminContactTestData('second contact');
call createHsAdminContactTestData('third contact');
call createHsAdminContactTestData('forth contact');
call createHsOfficeContactTestData('first contact');
call createHsOfficeContactTestData('second contact');
call createHsOfficeContactTestData('third contact');
call createHsOfficeContactTestData('forth contact');
end;
$$;
--//

@@ -1,17 +1,17 @@
--liquibase formatted sql
-- ============================================================================
--changeset hs-admin-person-MAIN-TABLE:1 endDelimiter:--//
--changeset hs-office-person-MAIN-TABLE:1 endDelimiter:--//
-- ----------------------------------------------------------------------------
CREATE TYPE HsAdminPersonType AS ENUM ('NATURAL', 'LEGAL', 'SOLE_REPRESENTATION', 'JOINT_REPRESENTATION');
CREATE TYPE HsOfficePersonType AS ENUM ('NATURAL', 'LEGAL', 'SOLE_REPRESENTATION', 'JOINT_REPRESENTATION');
CREATE CAST (character varying as HsAdminPersonType) WITH INOUT AS IMPLICIT;
CREATE CAST (character varying as HsOfficePersonType) WITH INOUT AS IMPLICIT;
create table if not exists hs_admin_person
create table if not exists hs_office_person
(
uuid uuid unique references RbacObject (uuid) initially deferred,
personType HsAdminPersonType not null,
personType HsOfficePersonType not null,
tradeName varchar(96),
givenName varchar(48),
familyName varchar(48)

@@ -2,51 +2,51 @@
-- ============================================================================
--changeset hs-admin-person-rbac-OBJECT:1 endDelimiter:--//
--changeset hs-office-person-rbac-OBJECT:1 endDelimiter:--//
-- ----------------------------------------------------------------------------
call generateRelatedRbacObject('hs_admin_person');
call generateRelatedRbacObject('hs_office_person');
--//
-- ============================================================================
--changeset hs-admin-person-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--//
--changeset hs-office-person-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--//
-- ----------------------------------------------------------------------------
create or replace function hsAdminPersonOwner(person hs_admin_person)
create or replace function hsOfficePersonOwner(person hs_office_person)
returns RbacRoleDescriptor
language plpgsql
strict as $$
begin
return roleDescriptor('hs_admin_person', person.uuid, 'owner');
return roleDescriptor('hs_office_person', person.uuid, 'owner');
end; $$;
create or replace function hsAdminPersonAdmin(person hs_admin_person)
create or replace function hsOfficePersonAdmin(person hs_office_person)
returns RbacRoleDescriptor
language plpgsql
strict as $$
begin
return roleDescriptor('hs_admin_person', person.uuid, 'admin');
return roleDescriptor('hs_office_person', person.uuid, 'admin');
end; $$;
create or replace function hsAdminPersonTenant(person hs_admin_person)
create or replace function hsOfficePersonTenant(person hs_office_person)
returns RbacRoleDescriptor
language plpgsql
strict as $$
begin
return roleDescriptor('hs_admin_person', person.uuid, 'tenant');
return roleDescriptor('hs_office_person', person.uuid, 'tenant');
end; $$;
--//
-- ============================================================================
--changeset hs-admin-person-rbac-ROLES-CREATION:1 endDelimiter:--//
--changeset hs-office-person-rbac-ROLES-CREATION:1 endDelimiter:--//
-- ----------------------------------------------------------------------------
/*
Creates the roles and their assignments for a new person for the AFTER INSERT TRIGGER.
*/
create or replace function createRbacRolesForHsAdminPerson()
create or replace function createRbacRolesForHsOfficePerson()
returns trigger
language plpgsql
strict as $$
@@ -60,7 +60,7 @@ begin
-- the owner role with full access for the creator assigned to the current user
ownerRole := createRole(
hsAdminPersonOwner(NEW),
hsOfficePersonOwner(NEW),
grantingPermissions(forObjectUuid => NEW.uuid, permitOps => array ['*']),
beneathRole(globalAdmin()),
withoutSubRoles(),
@@ -70,14 +70,14 @@ begin
-- the tenant role for those related users who can view the data
adminRole := createRole(
hsAdminPersonAdmin(NEW),
hsOfficePersonAdmin(NEW),
grantingPermissions(forObjectUuid => NEW.uuid, permitOps => array ['edit']),
beneathRole(ownerRole)
);
-- the tenant role for those related users who can view the data
perform createRole(
hsAdminPersonTenant(NEW),
hsOfficePersonTenant(NEW),
grantingPermissions(forObjectUuid => NEW.uuid, permitOps => array ['view']),
beneathRole(adminRole)
);
@@ -89,82 +89,82 @@ end; $$;
An AFTER INSERT TRIGGER which creates the role structure for a new customer.
*/
create trigger createRbacRolesForHsAdminPerson_Trigger
create trigger createRbacRolesForHsOfficePerson_Trigger
after insert
on hs_admin_person
on hs_office_person
for each row
execute procedure createRbacRolesForHsAdminPerson();
execute procedure createRbacRolesForHsOfficePerson();
--//
-- ============================================================================
--changeset hs-admin-person-rbac-IDENTITY-VIEW:1 endDelimiter:--//
--changeset hs-office-person-rbac-IDENTITY-VIEW:1 endDelimiter:--//
-- ----------------------------------------------------------------------------
/*
Creates a view to the person main table which maps the identifying name
(in this case, the prefix) to the objectUuid.
*/
create or replace view hs_admin_person_iv as
create or replace view hs_office_person_iv as
select target.uuid, cleanIdentifier(concat(target.tradeName, target.familyName, target.givenName)) as idName
from hs_admin_person as target;
from hs_office_person as target;
-- TODO.spec: Is it ok that everybody has access to this information?
grant all privileges on hs_admin_person_iv to restricted;
grant all privileges on hs_office_person_iv to restricted;
/*
Returns the objectUuid for a given identifying name (in this case the prefix).
*/
create or replace function hs_admin_personUuidByIdName(idName varchar)
create or replace function hsOfficePersonUuidByIdName(idName varchar)
returns uuid
language sql
strict as $$
select uuid from hs_admin_person_iv iv where iv.idName = hs_admin_personUuidByIdName.idName;
select uuid from hs_office_person_iv iv where iv.idName = hsOfficePersonUuidByIdName.idName;
$$;
/*
Returns the identifying name for a given objectUuid (in this case the label).
*/
create or replace function hs_admin_personIdNameByUuid(uuid uuid)
create or replace function hs_office_personIdNameByUuid(uuid uuid)
returns varchar
language sql
strict as $$
select idName from hs_admin_person_iv iv where iv.uuid = hs_admin_personIdNameByUuid.uuid;
select idName from hs_office_person_iv iv where iv.uuid = hs_office_personIdNameByUuid.uuid;
$$;
--//
-- ============================================================================
--changeset hs-admin-person-rbac-RESTRICTED-VIEW:1 endDelimiter:--//
--changeset hs-office-person-rbac-RESTRICTED-VIEW:1 endDelimiter:--//
-- ----------------------------------------------------------------------------
/*
Creates a view to the person main table with row-level limitation
based on the 'view' permission of the current user or assumed roles.
*/
set session session authorization default;
drop view if exists hs_admin_person_rv;
create or replace view hs_admin_person_rv as
drop view if exists hs_office_person_rv;
create or replace view hs_office_person_rv as
select target.*
from hs_admin_person as target
where target.uuid in (select queryAccessibleObjectUuidsOfSubjectIds('view', 'hs_admin_person', currentSubjectsUuids()));
grant all privileges on hs_admin_person_rv to restricted;
from hs_office_person as target
where target.uuid in (select queryAccessibleObjectUuidsOfSubjectIds('view', 'hs_office_person', currentSubjectsUuids()));
grant all privileges on hs_office_person_rv to restricted;
--//
-- ============================================================================
--changeset hs-admin-person-rbac-INSTEAD-OF-INSERT-TRIGGER:1 endDelimiter:--//
--changeset hs-office-person-rbac-INSTEAD-OF-INSERT-TRIGGER:1 endDelimiter:--//
-- ----------------------------------------------------------------------------
/**
Instead of insert trigger function for hs_admin_person_rv.
Instead of insert trigger function for hs_office_person_rv.
*/
create or replace function insertHsAdminPerson()
create or replace function insertHsOfficePerson()
returns trigger
language plpgsql as $$
declare
newUser hs_admin_person;
newUser hs_office_person;
begin
insert
into hs_admin_person
into hs_office_person
values (new.*)
returning * into newUser;
return newUser;
@@ -172,48 +172,48 @@ end;
$$;
/*
Creates an instead of insert trigger for the hs_admin_person_rv view.
Creates an instead of insert trigger for the hs_office_person_rv view.
*/
create trigger insertHsAdminPerson_Trigger
create trigger insertHsOfficePerson_Trigger
instead of insert
on hs_admin_person_rv
on hs_office_person_rv
for each row
execute function insertHsAdminPerson();
execute function insertHsOfficePerson();
--//
-- ============================================================================
--changeset hs-admin-person-rbac-INSTEAD-OF-DELETE-TRIGGER:1 endDelimiter:--//
--changeset hs-office-person-rbac-INSTEAD-OF-DELETE-TRIGGER:1 endDelimiter:--//
-- ----------------------------------------------------------------------------
/**
Instead of delete trigger function for hs_admin_person_rv.
Instead of delete trigger function for hs_office_person_rv.
Checks if the current subject (user / assumed role) has the permission to delete the row.
*/
create or replace function deleteHsAdminPerson()
create or replace function deleteHsOfficePerson()
returns trigger
language plpgsql as $$
begin
if hasGlobalRoleGranted(currentUserUuid()) or
old.uuid in (select queryAccessibleObjectUuidsOfSubjectIds('delete', 'hs_admin_person', currentSubjectsUuids())) then
delete from hs_admin_person c where c.uuid = old.uuid;
old.uuid in (select queryAccessibleObjectUuidsOfSubjectIds('delete', 'hs_office_person', currentSubjectsUuids())) then
delete from hs_office_person c where c.uuid = old.uuid;
return old;
end if;
raise exception '[403] User % not allowed to delete person uuid %', currentUser(), old.uuid;
end; $$;
/*
Creates an instead of delete trigger for the hs_admin_person_rv view.
Creates an instead of delete trigger for the hs_office_person_rv view.
*/
create trigger deleteHsAdminPerson_Trigger
create trigger deleteHsOfficePerson_Trigger
instead of delete
on hs_admin_person_rv
on hs_office_person_rv
for each row
execute function deleteHsAdminPerson();
execute function deleteHsOfficePerson();
--/
-- ============================================================================
--changeset hs-admin-person-rbac-NEW-PERSON:1 endDelimiter:--//
--changeset hs-office-person-rbac-NEW-PERSON:1 endDelimiter:--//
-- ----------------------------------------------------------------------------
/*
Creates a global permission for new-person and assigns it to the hostsharing admins role.
@@ -236,7 +236,7 @@ $$;
/**
Used by the trigger to prevent the add-customer to current user respectively assumed roles.
*/
create or replace function addHsAdminPersonNotAllowedForCurrentSubjects()
create or replace function addHsOfficePersonNotAllowedForCurrentSubjects()
returns trigger
language PLPGSQL
as $$
@@ -248,12 +248,12 @@ end; $$;
/**
Checks if the user or assumed roles are allowed to create a new customer.
*/
create trigger hs_admin_person_insert_trigger
create trigger hs_office_person_insert_trigger
before insert
on hs_admin_person
on hs_office_person
for each row
-- TODO.spec: who is allowed to create new persons
when ( not hasAssumedRole() )
execute procedure addHsAdminPersonNotAllowedForCurrentSubjects();
execute procedure addHsOfficePersonNotAllowedForCurrentSubjects();
--//

@@ -2,14 +2,14 @@
-- ============================================================================
--changeset hs-admin-person-TEST-DATA-GENERATOR:1 endDelimiter:--//
--changeset hs-office-person-TEST-DATA-GENERATOR:1 endDelimiter:--//
-- ----------------------------------------------------------------------------
/*
Creates a single person test record.
*/
create or replace procedure createHsAdminPersonTestData(
newPersonType HsAdminPersonType,
create or replace procedure createHsOfficePersonTestData(
newPersonType HsOfficePersonType,
newTradeName varchar,
newFamilyName varchar = null,
newGivenName varchar = null
@@ -30,7 +30,7 @@ begin
raise notice 'creating test person: %', fullName;
insert
into hs_admin_person (persontype, tradename, givenname, familyname)
into hs_office_person (persontype, tradename, givenname, familyname)
values (newPersonType, newTradeName, newGivenName, newFamilyName);
end; $$;
--//
@@ -46,7 +46,7 @@ create or replace procedure createTestPersonTestData(
begin
for t in startCount..endCount
loop
call createHsAdminPersonTestData('LEGAL', intToVarChar(t, 4));
call createHsOfficePersonTestData('LEGAL', intToVarChar(t, 4));
commit;
end loop;
end; $$;
@@ -54,16 +54,16 @@ end; $$;
-- ============================================================================
--changeset hs-admin-person-TEST-DATA-GENERATION:1 context=dev,tc endDelimiter:--//
--changeset hs-office-person-TEST-DATA-GENERATION:1 context=dev,tc endDelimiter:--//
-- ----------------------------------------------------------------------------
do language plpgsql $$
begin
call createHsAdminPersonTestData('LEGAL', 'First Impressions GmbH');
call createHsAdminPersonTestData('NATURAL', null, 'Peter', 'Smith');
call createHsAdminPersonTestData('LEGAL', 'Rockshop e.K.', 'Sandra', 'Miller');
call createHsAdminPersonTestData('SOLE_REPRESENTATION', 'Ostfriesische Kuhhandel OHG');
call createHsAdminPersonTestData('JOINT_REPRESENTATION', 'Erben Bessler', 'Mel', 'Bessler');
call createHsOfficePersonTestData('LEGAL', 'First Impressions GmbH');
call createHsOfficePersonTestData('NATURAL', null, 'Peter', 'Smith');
call createHsOfficePersonTestData('LEGAL', 'Rockshop e.K.', 'Sandra', 'Miller');
call createHsOfficePersonTestData('SOLE_REPRESENTATION', 'Ostfriesische Kuhhandel OHG');
call createHsOfficePersonTestData('JOINT_REPRESENTATION', 'Erben Bessler', 'Mel', 'Bessler');
end;
$$;
--//

@@ -1,14 +1,14 @@
--liquibase formatted sql
-- ============================================================================
--changeset hs-admin-partner-MAIN-TABLE:1 endDelimiter:--//
--changeset hs-office-partner-MAIN-TABLE:1 endDelimiter:--//
-- ----------------------------------------------------------------------------
create table if not exists hs_admin_partner
create table if not exists hs_office_partner
(
uuid uuid unique references RbacObject (uuid) initially deferred, -- on delete cascade
personUuid uuid not null references hs_admin_person(uuid),
contactUuid uuid not null references hs_admin_contact(uuid),
personUuid uuid not null references hs_office_person(uuid),
contactUuid uuid not null references hs_office_contact(uuid),
registrationOffice varchar(96),
registrationNumber varchar(96),
birthName varchar(96),

@@ -1,87 +1,87 @@
--liquibase formatted sql
-- ============================================================================
--changeset hs-admin-partner-rbac-OBJECT:1 endDelimiter:--//
--changeset hs-office-partner-rbac-OBJECT:1 endDelimiter:--//
-- ----------------------------------------------------------------------------
call generateRelatedRbacObject('hs_admin_partner');
call generateRelatedRbacObject('hs_office_partner');
--//
-- ============================================================================
--changeset hs-admin-partner-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--//
--changeset hs-office-partner-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--//
-- ----------------------------------------------------------------------------
create or replace function hsAdminPartnerOwner(partner hs_admin_partner)
create or replace function HsOfficePartnerOwner(partner hs_office_partner)
returns RbacRoleDescriptor
language plpgsql
strict as $$
begin
return roleDescriptor('hs_admin_partner', partner.uuid, 'owner');
return roleDescriptor('hs_office_partner', partner.uuid, 'owner');
end; $$;
create or replace function hsAdminPartnerAdmin(partner hs_admin_partner)
create or replace function HsOfficePartnerAdmin(partner hs_office_partner)
returns RbacRoleDescriptor
language plpgsql
strict as $$
begin
return roleDescriptor('hs_admin_partner', partner.uuid, 'admin');
return roleDescriptor('hs_office_partner', partner.uuid, 'admin');
end; $$;
create or replace function hsAdminPartnerTenant(partner hs_admin_partner)
create or replace function HsOfficePartnerTenant(partner hs_office_partner)
returns RbacRoleDescriptor
language plpgsql
strict as $$
begin
return roleDescriptor('hs_admin_partner', partner.uuid, 'tenant');
return roleDescriptor('hs_office_partner', partner.uuid, 'tenant');
end; $$;
--//
-- ============================================================================
--changeset hs-admin-partner-rbac-ROLES-CREATION:1 endDelimiter:--//
--changeset hs-office-partner-rbac-ROLES-CREATION:1 endDelimiter:--//
-- ----------------------------------------------------------------------------
/*
Creates the roles and their assignments for a new partner for the AFTER INSERT TRIGGER.
*/
create or replace function createRbacRolesForHsAdminPartner()
create or replace function createRbacRolesForHsOfficePartner()
returns trigger
language plpgsql
strict as $$
declare
ownerRole uuid;
adminRole uuid;
person hs_admin_person;
contact hs_admin_contact;
person hs_office_person;
contact hs_office_contact;
begin
if TG_OP <> 'INSERT' then
raise exception 'invalid usage of TRIGGER AFTER INSERT';
end if;
select * from hs_admin_person as p where p.uuid = NEW.personUuid into person;
select * from hs_admin_contact as c where c.uuid = NEW.contactUuid into contact;
select * from hs_office_person as p where p.uuid = NEW.personUuid into person;
select * from hs_office_contact as c where c.uuid = NEW.contactUuid into contact;
-- the owner role with full access for the global admins
ownerRole = createRole(
hsAdminPartnerOwner(NEW),
HsOfficePartnerOwner(NEW),
grantingPermissions(forObjectUuid => NEW.uuid, permitOps => array ['*']),
beneathRole(globalAdmin())
);
-- the admin role with full access for the global admins
adminRole = createRole(
hsAdminPartnerAdmin(NEW),
HsOfficePartnerAdmin(NEW),
grantingPermissions(forObjectUuid => NEW.uuid, permitOps => array ['edit']),
beneathRole(ownerRole)
);
-- the tenant role for those related users who can view the data
perform createRole(
hsAdminPartnerTenant(NEW),
HsOfficePartnerTenant(NEW),
grantingPermissions(forObjectUuid => NEW.uuid, permitOps => array ['view']),
beneathRoles(array[hsAdminPartnerAdmin(NEW), hsAdminPersonAdmin(person), hsAdminContactAdmin(contact)]),
withSubRoles(array[hsAdminPersonTenant(person), hsAdminContactTenant(contact)])
beneathRoles(array[HsOfficePartnerAdmin(NEW), hsOfficePersonAdmin(person), hsOfficeContactAdmin(contact)]),
withSubRoles(array[hsOfficePersonTenant(person), hsOfficeContactTenant(contact)])
);
return NEW;
@@ -91,88 +91,88 @@ end; $$;
An AFTER INSERT TRIGGER which creates the role structure for a new customer.
*/
create trigger createRbacRolesForHsAdminPartner_Trigger
create trigger createRbacRolesForHsOfficePartner_Trigger
after insert
on hs_admin_partner
on hs_office_partner
for each row
execute procedure createRbacRolesForHsAdminPartner();
execute procedure createRbacRolesForHsOfficePartner();
--//
-- ============================================================================
--changeset hs-admin-partner-rbac-IDENTITY-VIEW:1 endDelimiter:--//
--changeset hs-office-partner-rbac-IDENTITY-VIEW:1 endDelimiter:--//
-- ----------------------------------------------------------------------------
/*
Creates a view to the partner main table which maps the identifying name
(in this case, the prefix) to the objectUuid.
*/
create or replace view hs_admin_partner_iv as
create or replace view hs_office_partner_iv as
select target.uuid,
cleanIdentifier(
(select idName from hs_admin_person_iv p where p.uuid = target.personuuid)
(select idName from hs_office_person_iv p where p.uuid = target.personuuid)
|| '-' ||
(select idName from hs_admin_contact_iv c where c.uuid = target.contactuuid)
(select idName from hs_office_contact_iv c where c.uuid = target.contactuuid)
)
as idName
from hs_admin_partner as target;
from hs_office_partner as target;
-- TODO.spec: Is it ok that everybody has access to this information?
grant all privileges on hs_admin_partner_iv to restricted;
grant all privileges on hs_office_partner_iv to restricted;
/*
Returns the objectUuid for a given identifying name (in this case the prefix).
*/
create or replace function hs_admin_partnerUuidByIdName(idName varchar)
create or replace function hs_office_partnerUuidByIdName(idName varchar)
returns uuid
language sql
strict as $$
select uuid from hs_admin_partner_iv iv where iv.idName = hs_admin_partnerUuidByIdName.idName;
select uuid from hs_office_partner_iv iv where iv.idName = hs_office_partnerUuidByIdName.idName;
$$;
/*
Returns the identifying name for a given objectUuid (in this case the label).
*/
create or replace function hs_admin_partnerIdNameByUuid(uuid uuid)
create or replace function hs_office_partnerIdNameByUuid(uuid uuid)
returns varchar
language sql
strict as $$
select idName from hs_admin_partner_iv iv where iv.uuid = hs_admin_partnerIdNameByUuid.uuid;
select idName from hs_office_partner_iv iv where iv.uuid = hs_office_partnerIdNameByUuid.uuid;
$$;
--//
-- ============================================================================
--changeset hs-admin-partner-rbac-RESTRICTED-VIEW:1 endDelimiter:--//
--changeset hs-office-partner-rbac-RESTRICTED-VIEW:1 endDelimiter:--//
-- ----------------------------------------------------------------------------
/*
Creates a view to the partner main table with row-level limitation
based on the 'view' permission of the current user or assumed roles.
*/
set session session authorization default;
drop view if exists hs_admin_partner_rv;
create or replace view hs_admin_partner_rv as
drop view if exists hs_office_partner_rv;
create or replace view hs_office_partner_rv as
select target.*
from hs_admin_partner as target
where target.uuid in (select queryAccessibleObjectUuidsOfSubjectIds('view', 'hs_admin_partner', currentSubjectsUuids()));
grant all privileges on hs_admin_partner_rv to restricted;
from hs_office_partner as target
where target.uuid in (select queryAccessibleObjectUuidsOfSubjectIds('view', 'hs_office_partner', currentSubjectsUuids()));
grant all privileges on hs_office_partner_rv to restricted;
--//
-- ============================================================================
--changeset hs-admin-partner-rbac-INSTEAD-OF-INSERT-TRIGGER:1 endDelimiter:--//
--changeset hs-office-partner-rbac-INSTEAD-OF-INSERT-TRIGGER:1 endDelimiter:--//
-- ----------------------------------------------------------------------------
/**
Instead of insert trigger function for hs_admin_partner_rv.
Instead of insert trigger function for hs_office_partner_rv.
*/
create or replace function insertHsAdminPartner()
create or replace function insertHsOfficePartner()
returns trigger
language plpgsql as $$
declare
newUser hs_admin_partner;
newUser hs_office_partner;
begin
insert
into hs_admin_partner
into hs_office_partner
values (new.*)
returning * into newUser;
return newUser;
@@ -180,48 +180,48 @@ end;
$$;
/*
Creates an instead of insert trigger for the hs_admin_partner_rv view.
Creates an instead of insert trigger for the hs_office_partner_rv view.
*/
create trigger insertHsAdminPartner_Trigger
create trigger insertHsOfficePartner_Trigger
instead of insert
on hs_admin_partner_rv
on hs_office_partner_rv
for each row
execute function insertHsAdminPartner();
execute function insertHsOfficePartner();
--//
-- ============================================================================
--changeset hs-admin-partner-rbac-INSTEAD-OF-DELETE-TRIGGER:1 endDelimiter:--//
--changeset hs-office-partner-rbac-INSTEAD-OF-DELETE-TRIGGER:1 endDelimiter:--//
-- ----------------------------------------------------------------------------
/**
Instead of delete trigger function for hs_admin_partner_rv.
Instead of delete trigger function for hs_office_partner_rv.
Checks if the current subject (user / assumed role) has the permission to delete the row.
*/
create or replace function deleteHsAdminPartner()
create or replace function deleteHsOfficePartner()
returns trigger
language plpgsql as $$
begin
if hasGlobalRoleGranted(currentUserUuid()) or
old.uuid in (select queryAccessibleObjectUuidsOfSubjectIds('delete', 'hs_admin_partner', currentSubjectsUuids())) then
delete from hs_admin_partner c where c.uuid = old.uuid;
old.uuid in (select queryAccessibleObjectUuidsOfSubjectIds('delete', 'hs_office_partner', currentSubjectsUuids())) then
delete from hs_office_partner c where c.uuid = old.uuid;
return old;
end if;
raise exception '[403] User % not allowed to delete partner uuid %', currentUser(), old.uuid;
end; $$;
/*
Creates an instead of delete trigger for the hs_admin_partner_rv view.
Creates an instead of delete trigger for the hs_office_partner_rv view.
*/
create trigger deleteHsAdminPartner_Trigger
create trigger deleteHsOfficePartner_Trigger
instead of delete
on hs_admin_partner_rv
on hs_office_partner_rv
for each row
execute function deleteHsAdminPartner();
execute function deleteHsOfficePartner();
--/
-- ============================================================================
--changeset hs-admin-partner-rbac-NEW-CONTACT:1 endDelimiter:--//
--changeset hs-office-partner-rbac-NEW-CONTACT:1 endDelimiter:--//
-- ----------------------------------------------------------------------------
/*
Creates a global permission for new-partner and assigns it to the hostsharing admins role.
@@ -244,7 +244,7 @@ $$;
/**
Used by the trigger to prevent the add-customer to current user respectively assumed roles.
*/
create or replace function addHsAdminPartnerNotAllowedForCurrentSubjects()
create or replace function addHsOfficePartnerNotAllowedForCurrentSubjects()
returns trigger
language PLPGSQL
as $$
@@ -256,12 +256,12 @@ end; $$;
/**
Checks if the user or assumed roles are allowed to create a new customer.
*/
create trigger hs_admin_partner_insert_trigger
create trigger hs_office_partner_insert_trigger
before insert
on hs_admin_partner
on hs_office_partner
for each row
-- TODO.spec: who is allowed to create new partners
when ( not hasAssumedRole() )
execute procedure addHsAdminPartnerNotAllowedForCurrentSubjects();
execute procedure addHsOfficePartnerNotAllowedForCurrentSubjects();
--//

@@ -2,33 +2,33 @@
-- ============================================================================
--changeset hs-admin-partner-TEST-DATA-GENERATOR:1 endDelimiter:--//
--changeset hs-office-partner-TEST-DATA-GENERATOR:1 endDelimiter:--//
-- ----------------------------------------------------------------------------
/*
Creates a single partner test record.
*/
create or replace procedure createHsAdminPartnerTestData( personTradeName varchar, contactLabel varchar )
create or replace procedure createHsOfficePartnerTestData( personTradeName varchar, contactLabel varchar )
language plpgsql as $$
declare
currentTask varchar;
idName varchar;
relatedPerson hs_admin_person;
relatedContact hs_admin_contact;
relatedPerson hs_office_person;
relatedContact hs_office_contact;
begin
idName := cleanIdentifier( personTradeName|| '-' || contactLabel);
currentTask := 'creating RBAC test partner ' || idName;
call defineContext(currentTask, null, 'alex@hostsharing.net', 'global#global.admin');
execute format('set local hsadminng.currentTask to %L', currentTask);
select p.* from hs_admin_person p where p.tradeName = personTradeName into relatedPerson;
select c.* from hs_admin_contact c where c.label = contactLabel into relatedContact;
select p.* from hs_office_person p where p.tradeName = personTradeName into relatedPerson;
select c.* from hs_office_contact c where c.label = contactLabel into relatedContact;
raise notice 'creating test partner: %', idName;
raise notice '- using person (%): %', relatedPerson.uuid, relatedPerson;
raise notice '- using contact (%): %', relatedContact.uuid, relatedContact;
insert
into hs_admin_partner (uuid, personuuid, contactuuid)
into hs_office_partner (uuid, personuuid, contactuuid)
values (uuid_generate_v4(), relatedPerson.uuid, relatedContact.uuid);
end; $$;
--//
@@ -36,21 +36,21 @@ end; $$;
/*
Creates a range of test partner for mass data generation.
*/
create or replace procedure createTestContactTestData(
create or replace procedure createHsOfficePartnerTestData(
startCount integer, -- count of auto generated rows before the run
endCount integer -- count of auto generated rows after the run
)
language plpgsql as $$
declare
person hs_admin_person;
contact hs_admin_contact;
person hs_office_person;
contact hs_office_contact;
begin
for t in startCount..endCount
loop
select p.* from hs_admin_person p where tradeName = intToVarChar(t, 4) into person;
select c.* from hs_admin_contact c where c.label = intToVarChar(t, 4) || '#' || t into contact;
select p.* from hs_office_person p where tradeName = intToVarChar(t, 4) into person;
select c.* from hs_office_contact c where c.label = intToVarChar(t, 4) || '#' || t into contact;
call createHsAdminPartnerTestData(person.uuid, contact.uuid);
call createHsOfficePartnerTestData(person.uuid, contact.uuid);
commit;
end loop;
end; $$;
@@ -58,16 +58,16 @@ end; $$;
-- ============================================================================
--changeset hs-admin-partner-TEST-DATA-GENERATION:1 context=dev,tc endDelimiter:--//
--changeset hs-office-partner-TEST-DATA-GENERATION:1 context=dev,tc endDelimiter:--//
-- ----------------------------------------------------------------------------
do language plpgsql $$
begin
call createHsAdminPartnerTestData('First Impressions GmbH', 'first contact');
call createHsOfficePartnerTestData('First Impressions GmbH', 'first contact');
call createHsAdminPartnerTestData('Rockshop e.K.', 'second contact');
call createHsOfficePartnerTestData('Rockshop e.K.', 'second contact');
call createHsAdminPartnerTestData('Ostfriesische Kuhhandel OHG', 'third contact');
call createHsOfficePartnerTestData('Ostfriesische Kuhhandel OHG', 'third contact');
end;
$$;
--//

@@ -46,20 +46,20 @@ databaseChangeLog:
- include:
file: db/changelog/138-test-domain-test-data.sql
- include:
file: db/changelog/200-hs-admin-contact.sql
file: db/changelog/200-hs-office-contact.sql
- include:
file: db/changelog/203-hs-admin-contact-rbac.sql
file: db/changelog/203-hs-office-contact-rbac.sql
- include:
file: db/changelog/208-hs-admin-contact-test-data.sql
file: db/changelog/208-hs-office-contact-test-data.sql
- include:
file: db/changelog/210-hs-admin-person.sql
file: db/changelog/210-hs-office-person.sql
- include:
file: db/changelog/213-hs-admin-person-rbac.sql
file: db/changelog/213-hs-office-person-rbac.sql
- include:
file: db/changelog/218-hs-admin-person-test-data.sql
file: db/changelog/218-hs-office-person-test-data.sql
- include:
file: db/changelog/220-hs-admin-partner.sql
file: db/changelog/220-hs-office-partner.sql
- include:
file: db/changelog/223-hs-admin-partner-rbac.sql
file: db/changelog/223-hs-office-partner-rbac.sql
- include:
file: db/changelog/228-hs-admin-partner-test-data.sql
file: db/changelog/228-hs-office-partner-test-data.sql