hostsharing/hs.hsadmin.ng
1
0
Fork 0
Code Activity

migrate hosting-assets into external db (#158)

Browse Source 
Co-authored-by: Michael Hoennig <michael@hoennig.de>
Reviewed-on: https://dev.hostsharing.net/hostsharing/hs.hsadmin.ng/pulls/158
Reviewed-by: Marc Sandlus <marc.sandlus@hostsharing.net>
This commit is contained in:
Michael Hoennig
2025-02-17 09:40:58 +01:00
parent ddd96654ef
commit a0635960a5
11 changed files with 545 additions and 496 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
src/main/resources/db/changelog/1-rbac/1055-rbac-views.sql
View File

@@ -22,13 +22,12 @@ select (objectTable || '#' || objectIdName || ':' || roleType) as roleIdName, *
--//
-- ============================================================================
--changeset michael.hoennig:rbac-views-ROLE-RESTRICTED-VIEW endDelimiter:--//
--changeset michael.hoennig:rbac-views-ROLE-RESTRICTED-VIEW runOnChange:true validCheckSum:ANY endDelimiter:--//
-- ----------------------------------------------------------------------------
/*
Creates a view to the role table with row-level limitation
based on the grants of the current user or assumed roles.
*/
drop view if exists rbac.role_rv;
create or replace view rbac.role_rv as
select *
-- @formatter:off
@@ -106,7 +105,7 @@ create or replace view rbac.grant_ev as
-- ============================================================================
--changeset michael.hoennig:rbac-views-GRANT-RESTRICTED-VIEW endDelimiter:--//
--changeset michael.hoennig:rbac-views-GRANT-RESTRICTED-VIEW runOnChange:true validCheckSum:ANY endDelimiter:--//
-- ----------------------------------------------------------------------------
/*
Creates a view to the grants table with row-level limitation
@@ -222,13 +221,12 @@ select distinct *
-- ============================================================================
--changeset michael.hoennig:rbac-views-USER-RESTRICTED-VIEW endDelimiter:--//
--changeset michael.hoennig:rbac-views-USER-RESTRICTED-VIEW runOnChange:true validCheckSum:ANY endDelimiter:--//
-- ----------------------------------------------------------------------------
/*
Creates a view to the users table with row-level limitation
based on the grants of the current user or assumed roles.
*/
drop view if exists rbac.subject_rv;
create or replace view rbac.subject_rv as
select distinct *
-- @formatter:off
@@ -316,14 +314,13 @@ execute function rbac.delete_subject_tf();
--/
-- ============================================================================
--changeset michael.hoennig:rbac-views-OWN-GRANTED-PERMISSIONS-VIEW endDelimiter:--//
--changeset michael.hoennig:rbac-views-OWN-GRANTED-PERMISSIONS-VIEW runOnChange:true validCheckSum:ANY endDelimiter:--//
-- ----------------------------------------------------------------------------
/*
Creates a view to all permissions granted to the current user or
based on the grants of the current user or assumed roles.
*/
-- @formatter:off
drop view if exists rbac.own_granted_permissions_rv;
create or replace view rbac.own_granted_permissions_rv as
select r.uuid as roleuuid, p.uuid as permissionUuid,
(r.objecttable || ':' || r.objectidname || ':' || r.roletype) as roleName, p.op,

4
src/main/resources/db/changelog/1-rbac/1058-rbac-generators.sql
View File

@@ -111,7 +111,7 @@ end; $$;
-- ============================================================================
--changeset michael.hoennig:rbac-generators-IDENTITY-VIEW endDelimiter:--//
--changeset michael.hoennig:rbac-generators-IDENTITY-VIEW runOnChange:true validCheckSum:ANY endDelimiter:--//
-- ----------------------------------------------------------------------------
create or replace procedure rbac.generateRbacIdentityViewFromQuery(targetTable text, sqlQuery text)
@@ -171,7 +171,7 @@ end; $$;
-- ============================================================================
--changeset michael.hoennig:rbac-generators-RESTRICTED-VIEW endDelimiter:--//
--changeset michael.hoennig:rbac-generators-RESTRICTED-VIEW runOnChange:true validCheckSum:ANY endDelimiter:--//
-- ----------------------------------------------------------------------------
create or replace procedure rbac.generateRbacRestrictedView(targetTable text, orderBy text, columnUpdates text = null, columnNames text = '*')

9
src/main/resources/db/changelog/1-rbac/1080-rbac-global.sql
View File

@@ -1,7 +1,7 @@
--liquibase formatted sql
-- ============================================================================
--changeset michael.hoennig:rbac-global-OBJECT endDelimiter:--//
--changeset michael.hoennig:rbac-global-OBJECT runOnChange:true validCheckSum:ANY endDelimiter:--//
-- ----------------------------------------------------------------------------
/*
The purpose of this table is provide root business objects
@@ -11,12 +11,12 @@
In production databases, there is only a single row in this table,
in test stages, there can be one row for each test data realm.
*/
create table rbac.global
create table if not exists rbac.global
(
uuid uuid primary key references rbac.object (uuid) on delete cascade,
name varchar(63) unique
);
create unique index Global_Singleton on rbac.global ((0));
create unique index if not exists Global_Singleton on rbac.global ((0));
grant select on rbac.global to ${HSADMINNG_POSTGRES_RESTRICTED_USERNAME};
--//
@@ -75,13 +75,12 @@ $$;
-- ============================================================================
--changeset michael.hoennig:rbac-global-IDENTITY-VIEW endDelimiter:--//
--changeset michael.hoennig:rbac-global-IDENTITY-VIEW runOnChange:true validCheckSum:ANY endDelimiter:--//
-- ----------------------------------------------------------------------------
/*
Creates a view to the rbac.global object table which maps the identifying name to the objectUuid.
*/
drop view if exists rbac.global_iv;
create or replace view rbac.global_iv as
select target.uuid, target.name as idName
from rbac.global as target;