hostsharing/hs.hsadmin.ng
1
0
Fork 0
Code Activity

rename currentUserId->currentUserUuid + currentSubjectIds->currentSubjectsUuids

Browse Source
This commit is contained in:
Michael Hoennig
2022-08-30 09:18:52 +02:00
parent 1c45443da6
commit 8045b66324
11 changed files with 35 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
doc/adr/2022-07-18.row-level-security-mechanism.md
View File

@ -74,7 +74,7 @@ For restricted DB-users, which are used by the backend, access to rows is filter
FOR SELECT
TO restricted
USING (
isPermissionGrantedToSubject(findPermissionId('customer', id, 'view'), currentUserId())
isPermissionGrantedToSubject(findPermissionId('customer', id, 'view'), currentUserUuid())
);
SET SESSION AUTHORIZATION restricted;
@ -101,7 +101,7 @@ We are bound to PostgreSQL, including integration tests and testing the RBAC sys
CREATE OR REPLACE RULE "_RETURN" AS
ON SELECT TO cust_view
DO INSTEAD
SELECT * FROM customer WHERE isPermissionGrantedToSubject(findPermissionId('customer', id, 'view'), currentUserId());
SELECT * FROM customer WHERE isPermissionGrantedToSubject(findPermissionId('customer', id, 'view'), currentUserUuid());
SET SESSION AUTHORIZATION restricted;
SET hsadminng.currentUser TO 'alex@example.com';
@ -130,7 +130,7 @@ We do not access the tables directly from the backend, but via views which join
CREATE OR REPLACE VIEW cust_view AS
SELECT c.id, c.reference, c.prefix
FROM customer AS c
JOIN queryAllPermissionsOfSubjectId(currentUserId()) AS p
JOIN queryAllPermissionsOfSubjectId(currentUserUuid()) AS p
ON p.tableName='customer' AND p.rowId=c.id AND p.op='view';
GRANT ALL PRIVILEGES ON cust_view TO restricted;