assuming-long-roleidnames + object-uuid-based-rolenames (#139)
Co-authored-by: Michael Hoennig <michael@hoennig.de> Reviewed-on: https://dev.hostsharing.net/hostsharing/hs.hsadmin.ng/pulls/139 Reviewed-by: Timotheus Pokorra <timotheus.pokorra@hostsharing.net>
This commit is contained in:
Michael Hoennig
@@ -13,7 +13,7 @@ create procedure base.contextDefined(
|
||||
currentTask varchar(127),
|
||||
currentRequest text,
|
||||
currentSubject varchar(63),
|
||||
assumedRoles varchar(1023)
|
||||
assumedRoles varchar(4096)
|
||||
)
|
||||
language plpgsql as $$
|
||||
begin
|
||||
@@ -26,7 +26,7 @@ create or replace procedure base.defineContext(
|
||||
currentTask varchar(127),
|
||||
currentRequest text = null,
|
||||
currentSubject varchar(63) = null,
|
||||
assumedRoles varchar(1023) = null
|
||||
assumedRoles text = null
|
||||
)
|
||||
language plpgsql as $$
|
||||
begin
|
||||
@@ -43,7 +43,7 @@ begin
|
||||
execute format('set local hsadminng.currentSubject to %L', currentSubject);
|
||||
|
||||
assumedRoles := coalesce(assumedRoles, '');
|
||||
assert length(assumedRoles) <= 1023, FORMAT('assumedRoles must not be longer than 1023 characters: "%s"', assumedRoles);
|
||||
assert length(assumedRoles) <= 4096, FORMAT('assumedRoles must not be longer than 4096 characters: "%s"', assumedRoles);
|
||||
execute format('set local hsadminng.assumedRoles to %L', assumedRoles);
|
||||
|
||||
call base.contextDefined(currentTask, currentRequest, currentSubject, assumedRoles);
|
||||
|
||||
@@ -251,9 +251,14 @@ begin
|
||||
execute sql into uuid;
|
||||
exception
|
||||
when others then
|
||||
raise exception 'function %_uuid_by_id_name(...) not found, add identity view support for table %', objectTable, objectTable;
|
||||
raise exception 'function %_uuid_by_id_name(''%'') failed: %, SQLSTATE: %. If it could not be found, add identity view support to %\nSQL:%',
|
||||
objectTable, objectIdName, SQLERRM, SQLSTATE, objectTable, sql;
|
||||
end;
|
||||
return uuid;
|
||||
if uuid is null then
|
||||
raise exception 'SQL returned null: %', sql;
|
||||
else
|
||||
return uuid;
|
||||
end if;
|
||||
end ; $$;
|
||||
|
||||
create or replace function rbac.findIdNameByObjectUuid(objectTable varchar, objectUuid uuid)
|
||||
@@ -270,7 +275,8 @@ begin
|
||||
execute sql into idName;
|
||||
exception
|
||||
when others then
|
||||
raise exception 'function %_id_name_by_uuid(...) not found, add identity view support for table %', objectTable, objectTable;
|
||||
raise exception 'function %_id_name_by_uuid(''%'') failed: %, SQLSTATE: %. If it could not be found, add identity view support to %',
|
||||
objectTable, objectUuid, SQLERRM, SQLSTATE, objectTable;
|
||||
end;
|
||||
return idName;
|
||||
end ; $$;
|
||||
|
||||
@@ -23,7 +23,7 @@ begin
|
||||
return currentSubjectUuid;
|
||||
end; $$;
|
||||
|
||||
create or replace function rbac.determinecurrentsubjectorassumedrolesuuids(currentSubjectOrAssumedRolesUuids uuid, assumedRoles varchar)
|
||||
create or replace function rbac.determinecurrentsubjectorassumedrolesuuids(currentSubjectOrAssumedRolesUuids uuid, assumedRoles text)
|
||||
returns uuid[]
|
||||
stable -- leakproof
|
||||
language plpgsql as $$
|
||||
@@ -31,7 +31,7 @@ declare
|
||||
roleName text;
|
||||
roleNameParts text;
|
||||
objectTableToAssume varchar(63);
|
||||
objectNameToAssume varchar(63);
|
||||
objectNameToAssume varchar(1024); -- e.g. for relation: 2*(96+48+48)+length('-with-REPRESENTATIVE-') = 405
|
||||
objectUuidToAssume uuid;
|
||||
roleTypeToAssume rbac.RoleType;
|
||||
roleIdsToAssume uuid[];
|
||||
@@ -55,7 +55,12 @@ begin
|
||||
objectNameToAssume = split_part(roleNameParts, '#', 2);
|
||||
roleTypeToAssume = split_part(roleNameParts, '#', 3);
|
||||
|
||||
objectUuidToAssume = rbac.findObjectUuidByIdName(objectTableToAssume, objectNameToAssume);
|
||||
begin
|
||||
objectUuidToAssume = objectNameToAssume::uuid;
|
||||
exception when invalid_text_representation then
|
||||
objectUuidToAssume = rbac.findObjectUuidByIdName(objectTableToAssume, objectNameToAssume);
|
||||
end;
|
||||
|
||||
if objectUuidToAssume is null then
|
||||
raise exception '[401] object % cannot be found in table % (from roleNameParts=%)', objectNameToAssume, objectTableToAssume, roleNameParts;
|
||||
end if;
|
||||
@@ -88,7 +93,7 @@ create or replace procedure base.contextDefined(
|
||||
currentTask varchar(127),
|
||||
currentRequest text,
|
||||
currentSubject varchar(63),
|
||||
assumedRoles varchar(1023)
|
||||
assumedRoles varchar(4096)
|
||||
)
|
||||
language plpgsql as $$
|
||||
declare
|
||||
@@ -104,7 +109,7 @@ begin
|
||||
|
||||
execute format('set local hsadminng.assumedRoles to %L', assumedRoles);
|
||||
execute format('set local hsadminng.currentSubjectOrAssumedRolesUuids to %L',
|
||||
(select array_to_string(rbac.determinecurrentsubjectorassumedrolesuuids(currentSubjectUuid, assumedRoles), ';')));
|
||||
(select array_to_string(rbac.determineCurrentSubjectOrAssumedRolesUuids(currentSubjectUuid, assumedRoles), ';')));
|
||||
|
||||
raise notice 'Context defined as: %, %, %, [%]', currentTask, currentRequest, currentSubject, assumedRoles;
|
||||
end; $$;
|
||||
|
||||
@@ -45,7 +45,8 @@ do language plpgsql $$
|
||||
call hs_office.person_create_test_data('NP', null, 'Smith', 'Peter');
|
||||
call hs_office.person_create_test_data('NP', null, 'Tucker', 'Jack');
|
||||
call hs_office.person_create_test_data('NP', null, 'Fouler', 'Ellie');
|
||||
call hs_office.person_create_test_data('LP', 'Second e.K.', 'Smith', 'Peter');
|
||||
-- the next tradeName is deliberately 63 chars in length, the max length for that field, also to test long rbac-role names
|
||||
call hs_office.person_create_test_data('LP', 'Peter Smith - The Second Hand and Thrift Stores-n-Shipping e.K.', 'Smith', 'Peter');
|
||||
call hs_office.person_create_test_data('IF', 'Third OHG');
|
||||
call hs_office.person_create_test_data('LP', 'Fourth eG');
|
||||
call hs_office.person_create_test_data('UF', 'Erben Bessler', 'Mel', 'Bessler');
|
||||
|
||||
@@ -91,9 +91,9 @@ do language plpgsql $$
|
||||
call hs_office.relation_create_test_data('Firby', 'REPRESENTATIVE', 'First GmbH', 'first contact');
|
||||
call hs_office.relation_create_test_data('First GmbH', 'DEBITOR', 'First GmbH', 'first contact');
|
||||
|
||||
call hs_office.relation_create_test_data('Second e.K.', 'PARTNER', 'Hostsharing eG', 'second contact');
|
||||
call hs_office.relation_create_test_data('Smith', 'REPRESENTATIVE', 'Second e.K.', 'second contact');
|
||||
call hs_office.relation_create_test_data('Second e.K.', 'DEBITOR', 'Second e.K.', 'second contact');
|
||||
call hs_office.relation_create_test_data('Peter Smith - The Second Hand and Thrift Stores-n-Shipping e.K.', 'PARTNER', 'Hostsharing eG', 'second contact');
|
||||
call hs_office.relation_create_test_data('Smith', 'REPRESENTATIVE', 'Peter Smith - The Second Hand and Thrift Stores-n-Shipping e.K.', 'second contact');
|
||||
call hs_office.relation_create_test_data('Peter Smith - The Second Hand and Thrift Stores-n-Shipping e.K.', 'DEBITOR', 'Peter Smith - The Second Hand and Thrift Stores-n-Shipping e.K.', 'second contact');
|
||||
|
||||
call hs_office.relation_create_test_data('Third OHG', 'PARTNER', 'Hostsharing eG', 'third contact');
|
||||
call hs_office.relation_create_test_data('Tucker', 'REPRESENTATIVE', 'Third OHG', 'third contact');
|
||||
|
||||
@@ -74,7 +74,7 @@ do language plpgsql $$
|
||||
call base.defineContext('creating partner test-data ', null, 'superuser-alex@hostsharing.net', 'rbac.global#global:ADMIN');
|
||||
|
||||
call hs_office.partner_create_test_data('Hostsharing eG', 10001, 'First GmbH', 'first contact');
|
||||
call hs_office.partner_create_test_data('Hostsharing eG', 10002, 'Second e.K.', 'second contact');
|
||||
call hs_office.partner_create_test_data('Hostsharing eG', 10002, 'Peter Smith - The Second Hand and Thrift Stores-n-Shipping e.K.', 'second contact');
|
||||
call hs_office.partner_create_test_data('Hostsharing eG', 10003, 'Third OHG', 'third contact');
|
||||
call hs_office.partner_create_test_data('Hostsharing eG', 10004, 'Fourth eG', 'fourth contact');
|
||||
call hs_office.partner_create_test_data('Hostsharing eG', 10010, 'Smith', 'fifth contact');
|
||||
|
||||
@@ -13,7 +13,7 @@ create or replace procedure hs_office.bankaccount_create_test_data(givenHolder v
|
||||
declare
|
||||
emailAddr varchar;
|
||||
begin
|
||||
emailAddr = 'bankaccount-admin@' || base.cleanIdentifier(givenHolder) || '.example.com';
|
||||
emailAddr = 'bankaccount-admin@' || TRIM(SUBSTRING(base.cleanIdentifier(givenHolder) FOR 32)) || '.example.com';
|
||||
perform rbac.create_subject(emailAddr);
|
||||
call base.defineContext('creating bankaccount test-data', null, emailAddr);
|
||||
|
||||
@@ -36,7 +36,7 @@ do language plpgsql $$
|
||||
-- IBANs+BICs taken from https://ibanvalidieren.de/beispiele.html
|
||||
call hs_office.bankaccount_create_test_data('First GmbH', 'DE02120300000000202051', 'BYLADEM1001');
|
||||
call hs_office.bankaccount_create_test_data('Peter Smith', 'DE02500105170137075030', 'INGDDEFF');
|
||||
call hs_office.bankaccount_create_test_data('Second e.K.', 'DE02100500000054540402', 'BELADEBE');
|
||||
call hs_office.bankaccount_create_test_data('Peter Smith - The Second Hand and Thrift Stores-n-Shipping e.K.', 'DE02100500000054540402', 'BELADEBE');
|
||||
call hs_office.bankaccount_create_test_data('Third OHG', 'DE02300209000106531065', 'CMCIDEDD');
|
||||
call hs_office.bankaccount_create_test_data('Fourth eG', 'DE02200505501015871393', 'HASPDEHH');
|
||||
call hs_office.bankaccount_create_test_data('Mel Bessler', 'DE02100100100006820101', 'PBNKDEFF');
|
||||
|
||||
@@ -53,7 +53,7 @@ do language plpgsql $$
|
||||
call base.defineContext('creating debitor test-data', null, 'superuser-alex@hostsharing.net', 'rbac.global#global:ADMIN');
|
||||
|
||||
call hs_office.debitor_create_test_data(11, 'First GmbH', 'first contact', 'fir');
|
||||
call hs_office.debitor_create_test_data(12, 'Second e.K.', 'second contact', 'sec');
|
||||
call hs_office.debitor_create_test_data(12, 'Peter Smith - The Second Hand and Thrift Stores-n-Shipping e.K.', 'second contact', 'sec');
|
||||
call hs_office.debitor_create_test_data(13, 'Third OHG', 'third contact', 'thi');
|
||||
end;
|
||||
$$;
|
||||
|
||||
Reference in New Issue
Block a user