structured-liquibase-files (#29)

Co-authored-by: Michael Hoennig <michael@hoennig.de>
Reviewed-on: https://dev.hostsharing.net/hostsharing/hs.hsadmin.ng/pulls/29
Reviewed-by: Timotheus Pokorra <timotheus.pokorra@hostsharing.net>

src/main/resources/db/changelog/5-hs-office/505-bankaccount/5050-hs-office-bankaccount.sql

@@ -0,0 +1,21 @@
+
+-- ============================================================================
+--changeset hs-office-bankaccount-MAIN-TABLE:1 endDelimiter:--//
+-- ----------------------------------------------------------------------------
+
+create table hs_office_bankaccount
+(
+    uuid                uuid unique references RbacObject (uuid) initially deferred,
+    holder              varchar(64) not null,
+    iban                varchar(34) not null,
+    bic                 varchar(11) not null
+);
+--//
+
+
+-- ============================================================================
+--changeset hs-office-bankaccount-MAIN-TABLE-JOURNAL:1 endDelimiter:--//
+-- ----------------------------------------------------------------------------
+
+call create_journal('hs_office_bankaccount');
+--//

src/main/resources/db/changelog/5-hs-office/505-bankaccount/5053-hs-office-bankaccount-rbac.md

@@ -0,0 +1,45 @@
+### rbac bankAccount
+
+This code generated was by RbacViewMermaidFlowchartGenerator, do not amend manually.
+
+```mermaid
+%%{init:{'flowchart':{'htmlLabels':false}}}%%
+flowchart TB
+
+subgraph bankAccount["`**bankAccount**`"]
+    direction TB
+    style bankAccount fill:#dd4901,stroke:#274d6e,stroke-width:8px
+
+    subgraph bankAccount:roles[ ]
+        style bankAccount:roles fill:#dd4901,stroke:white
+
+        role:bankAccount:OWNER[[bankAccount:OWNER]]
+        role:bankAccount:ADMIN[[bankAccount:ADMIN]]
+        role:bankAccount:REFERRER[[bankAccount:REFERRER]]
+    end
+
+    subgraph bankAccount:permissions[ ]
+        style bankAccount:permissions fill:#dd4901,stroke:white
+
+        perm:bankAccount:INSERT{{bankAccount:INSERT}}
+        perm:bankAccount:DELETE{{bankAccount:DELETE}}
+        perm:bankAccount:UPDATE{{bankAccount:UPDATE}}
+        perm:bankAccount:SELECT{{bankAccount:SELECT}}
+    end
+end
+
+%% granting roles to users
+user:creator ==> role:bankAccount:OWNER
+
+%% granting roles to roles
+role:global:ADMIN ==> role:bankAccount:OWNER
+role:bankAccount:OWNER ==> role:bankAccount:ADMIN
+role:bankAccount:ADMIN ==> role:bankAccount:REFERRER
+
+%% granting permissions to roles
+role:global:GUEST ==> perm:bankAccount:INSERT
+role:bankAccount:OWNER ==> perm:bankAccount:DELETE
+role:bankAccount:ADMIN ==> perm:bankAccount:UPDATE
+role:bankAccount:REFERRER ==> perm:bankAccount:SELECT
+
+```

src/main/resources/db/changelog/5-hs-office/505-bankaccount/5053-hs-office-bankaccount-rbac.sql

@@ -0,0 +1,145 @@
+--liquibase formatted sql
+-- This code generated was by RbacViewPostgresGenerator, do not amend manually.
+
+
+-- ============================================================================
+--changeset hs-office-bankaccount-rbac-OBJECT:1 endDelimiter:--//
+-- ----------------------------------------------------------------------------
+call generateRelatedRbacObject('hs_office_bankaccount');
+--//
+
+
+-- ============================================================================
+--changeset hs-office-bankaccount-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--//
+-- ----------------------------------------------------------------------------
+call generateRbacRoleDescriptors('hsOfficeBankAccount', 'hs_office_bankaccount');
+--//
+
+
+-- ============================================================================
+--changeset hs-office-bankaccount-rbac-insert-trigger:1 endDelimiter:--//
+-- ----------------------------------------------------------------------------
+
+/*
+    Creates the roles, grants and permission for the AFTER INSERT TRIGGER.
+ */
+
+create or replace procedure buildRbacSystemForHsOfficeBankAccount(
+    NEW hs_office_bankaccount
+)
+    language plpgsql as $$
+
+declare
+
+begin
+    call enterTriggerForObjectUuid(NEW.uuid);
+
+    perform createRoleWithGrants(
+        hsOfficeBankAccountOWNER(NEW),
+            permissions => array['DELETE'],
+            incomingSuperRoles => array[globalADMIN()],
+            userUuids => array[currentUserUuid()]
+    );
+
+    perform createRoleWithGrants(
+        hsOfficeBankAccountADMIN(NEW),
+            permissions => array['UPDATE'],
+            incomingSuperRoles => array[hsOfficeBankAccountOWNER(NEW)]
+    );
+
+    perform createRoleWithGrants(
+        hsOfficeBankAccountREFERRER(NEW),
+            permissions => array['SELECT'],
+            incomingSuperRoles => array[hsOfficeBankAccountADMIN(NEW)]
+    );
+
+    call leaveTriggerForObjectUuid(NEW.uuid);
+end; $$;
+
+/*
+    AFTER INSERT TRIGGER to create the role+grant structure for a new hs_office_bankaccount row.
+ */
+
+create or replace function insertTriggerForHsOfficeBankAccount_tf()
+    returns trigger
+    language plpgsql
+    strict as $$
+begin
+    call buildRbacSystemForHsOfficeBankAccount(NEW);
+    return NEW;
+end; $$;
+
+create trigger insertTriggerForHsOfficeBankAccount_tg
+    after insert on hs_office_bankaccount
+    for each row
+execute procedure insertTriggerForHsOfficeBankAccount_tf();
+--//
+
+
+-- ============================================================================
+--changeset hs-office-bankaccount-rbac-INSERT:1 endDelimiter:--//
+-- ----------------------------------------------------------------------------
+
+/*
+    Creates INSERT INTO hs_office_bankaccount permissions for the related global rows.
+ */
+do language plpgsql $$
+    declare
+        row global;
+    begin
+        call defineContext('create INSERT INTO hs_office_bankaccount permissions for the related global rows');
+
+        FOR row IN SELECT * FROM global
+            LOOP
+                call grantPermissionToRole(
+                    createPermission(row.uuid, 'INSERT', 'hs_office_bankaccount'),
+                    globalGUEST());
+            END LOOP;
+    END;
+$$;
+
+/**
+    Adds hs_office_bankaccount INSERT permission to specified role of new global rows.
+*/
+create or replace function hs_office_bankaccount_global_insert_tf()
+    returns trigger
+    language plpgsql
+    strict as $$
+begin
+    call grantPermissionToRole(
+            createPermission(NEW.uuid, 'INSERT', 'hs_office_bankaccount'),
+            globalGUEST());
+    return NEW;
+end; $$;
+
+-- z_... is to put it at the end of after insert triggers, to make sure the roles exist
+create trigger z_hs_office_bankaccount_global_insert_tg
+    after insert on global
+    for each row
+execute procedure hs_office_bankaccount_global_insert_tf();
+--//
+
+-- ============================================================================
+--changeset hs-office-bankaccount-rbac-IDENTITY-VIEW:1 endDelimiter:--//
+-- ----------------------------------------------------------------------------
+
+call generateRbacIdentityViewFromProjection('hs_office_bankaccount',
+    $idName$
+        iban
+    $idName$);
+--//
+
+-- ============================================================================
+--changeset hs-office-bankaccount-rbac-RESTRICTED-VIEW:1 endDelimiter:--//
+-- ----------------------------------------------------------------------------
+call generateRbacRestrictedView('hs_office_bankaccount',
+    $orderBy$
+        iban
+    $orderBy$,
+    $updates$
+        holder = new.holder,
+        iban = new.iban,
+        bic = new.bic
+    $updates$);
+--//
+

src/main/resources/db/changelog/5-hs-office/505-bankaccount/5058-hs-office-bankaccount-test-data.sql

@@ -0,0 +1,49 @@
+--liquibase formatted sql
+
+
+-- ============================================================================
+--changeset hs-office-bankaccount-TEST-DATA-GENERATOR:1 endDelimiter:--//
+-- ----------------------------------------------------------------------------
+
+/*
+    Creates a single bankaccount test record.
+ */
+create or replace procedure createHsOfficeBankAccountTestData(givenHolder varchar, givenIBAN varchar, givenBIC varchar)
+    language plpgsql as $$
+declare
+    currentTask   varchar;
+    emailAddr varchar;
+begin
+    currentTask = 'creating bankaccount test-data ' || givenHolder;
+    execute format('set local hsadminng.currentTask to %L', currentTask);
+
+    emailAddr = 'bankaccount-admin@' || cleanIdentifier(givenHolder) || '.example.com';
+    call defineContext(currentTask);
+    perform createRbacUser(emailAddr);
+    call defineContext(currentTask, null, emailAddr);
+
+    raise notice 'creating test bankaccount: %', givenHolder;
+    insert
+        into hs_office_bankaccount(uuid, holder, iban, bic)
+        values (uuid_generate_v4(), givenHolder, givenIBAN, givenBIC);
+end; $$;
+--//
+
+
+-- ============================================================================
+--changeset hs-office-bankaccount-TEST-DATA-GENERATION:1 –context=dev,tc endDelimiter:--//
+-- ----------------------------------------------------------------------------
+
+do language plpgsql $$
+    begin
+        -- IBANs+BICs taken from https://ibanvalidieren.de/beispiele.html
+        call createHsOfficeBankAccountTestData('First GmbH', 'DE02120300000000202051', 'BYLADEM1001');
+        call createHsOfficeBankAccountTestData('Peter Smith', 'DE02500105170137075030', 'INGDDEFF');
+        call createHsOfficeBankAccountTestData('Second e.K.', 'DE02100500000054540402', 'BELADEBE');
+        call createHsOfficeBankAccountTestData('Third OHG', 'DE02300209000106531065', 'CMCIDEDD');
+        call createHsOfficeBankAccountTestData('Fourth eG', 'DE02200505501015871393', 'HASPDEHH');
+        call createHsOfficeBankAccountTestData('Mel Bessler', 'DE02100100100006820101', 'PBNKDEFF');
+        call createHsOfficeBankAccountTestData('Anita Bessler', 'DE02300606010002474689', 'DAAEDEDD');
+        call createHsOfficeBankAccountTestData('Paul Winkler', 'DE02600501010002034304', 'SOLADEST600');
+    end;
+$$;