hs-office-coopassets, no get API endpoints yet

2022-10-21 17:12:55 +02:00
parent 5ada0dae35
commit a39cf73cf0
18 changed files with 1314 additions and 1 deletions
--- a/src/main/resources/db/changelog/320-hs-office-coopassets.sql
+++ b/src/main/resources/db/changelog/320-hs-office-coopassets.sql
@ -0,0 +1,62 @@
+--liquibase formatted sql
+
+-- ============================================================================
+--changeset hs-office-coopassets-MAIN-TABLE:1 endDelimiter:--//
+-- ----------------------------------------------------------------------------
+
+CREATE TYPE HsOfficeCoopAssetsTransactionType AS ENUM ('ADJUSTMENT',
+                                                       'DEPOSIT',
+                                                       'DISBURSAL',
+                                                       'TRANSFER',
+                                                       'ADOPTION',
+                                                       'CLEARING',
+                                                       'LOSS');
+
+CREATE CAST (character varying as HsOfficeCoopAssetsTransactionType) WITH INOUT AS IMPLICIT;
+
+create table if not exists hs_office_coopassetstransaction
+(
+    uuid            uuid unique references RbacObject (uuid) initially deferred,
+    membershipUuid  uuid not null references hs_office_membership(uuid),
+    transactionType HsOfficeCoopAssetsTransactionType not null,
+    valueDate       date not null,
+    assetValue      money,
+    reference       varchar(48),
+    comment         varchar(512)
+);
+--//
+
+-- ============================================================================
+--changeset hs-office-coopassets-ASSET-VALUE-CONSTRAINT:1 endDelimiter:--//
+-- ----------------------------------------------------------------------------
+
+create or replace function checkAssetsByMembershipUuid(forMembershipUuid UUID, newAssetValue money)
+returns boolean
+language plpgsql as $$
+declare
+    currentAssetValue money;
+    totalAssetValue money;
+begin
+    select sum(cat.assetValue)
+    from hs_office_coopassetstransaction cat
+    where cat.membershipUuid = forMembershipUuid
+    into currentAssetValue;
+    totalAssetValue := currentAssetValue + newAssetValue;
+    if totalAssetValue::numeric < 0 then
+        raise exception '[400] coop assets transaction would result in a negative balance of assets';
+    end if;
+    return true;
+end; $$;
+
+alter table hs_office_coopassetstransaction
+    add constraint hs_office_coopassets_positive
+        check ( checkAssetsByMembershipUuid(membershipUuid, assetValue) );
+
+--//
+
+-- ============================================================================
+--changeset hs-office-coopassets-MAIN-TABLE-JOURNAL:1 endDelimiter:--//
+-- ----------------------------------------------------------------------------
+
+call create_journal('hs_office_coopassetstransaction');
+--//
--- a/src/main/resources/db/changelog/323-hs-office-coopassets-rbac.md
+++ b/src/main/resources/db/changelog/323-hs-office-coopassets-rbac.md
@ -0,0 +1,29 @@
+### hs_office_coopAssetsTransaction RBAC
+
+```mermaid
+flowchart TB
+
+subgraph hsOfficeMembership
+    direction TB
+    style hsOfficeMembership fill:#eee
+    
+    role:hsOfficeMembership.owner[membership.admin]    
+    --> role:hsOfficeMembership.admin[membership.admin]    
+    --> role:hsOfficeMembership.agent[membership.agent]    
+    --> role:hsOfficeMembership.tenant[membership.tenant]    
+    --> role:hsOfficeMembership.guest[membership.guest]   
+    
+    role:hsOfficePartner.agent --> role:hsOfficeMembership.agent
+end
+
+subgraph hsOfficeCoopAssetsTransaction
+                    
+       role:hsOfficeMembership.admin
+       --> perm:hsOfficeCoopAssetsTransaction.create{{coopAssetsTx.create}}
+                    
+       role:hsOfficeMembership.agent
+        --> perm:hsOfficeCoopAssetsTransaction.view{{coopAssetsTx.view}}
+end
+
+
+```
--- a/src/main/resources/db/changelog/323-hs-office-coopassets-rbac.sql
+++ b/src/main/resources/db/changelog/323-hs-office-coopassets-rbac.sql
@ -0,0 +1,124 @@
+--liquibase formatted sql
+
+-- ============================================================================
+--changeset hs-office-coopAssetsTransaction-rbac-OBJECT:1 endDelimiter:--//
+-- ----------------------------------------------------------------------------
+call generateRelatedRbacObject('hs_office_coopAssetsTransaction');
+--//
+
+
+-- ============================================================================
+--changeset hs-office-coopAssetsTransaction-rbac-ROLE-DESCRIPTORS:1 endDelimiter:--//
+-- ----------------------------------------------------------------------------
+call generateRbacRoleDescriptors('hsOfficeCoopAssetsTransaction', 'hs_office_coopAssetsTransaction');
+--//
+
+
+-- ============================================================================
+--changeset hs-office-coopAssetsTransaction-rbac-ROLES-CREATION:1 endDelimiter:--//
+-- ----------------------------------------------------------------------------
+
+/*
+    Creates and updates the permissions for coopAssetsTransaction entities.
+ */
+
+create or replace function hsOfficeCoopAssetsTransactionRbacRolesTrigger()
+    returns trigger
+    language plpgsql
+    strict as $$
+declare
+    newHsOfficeMembership      hs_office_membership;
+begin
+
+    select * from hs_office_membership as p where p.uuid = NEW.membershipUuid into newHsOfficeMembership;
+
+    if TG_OP = 'INSERT' then
+
+        -- Each coopAssetsTransaction entity belong exactly to one membership entity
+        -- and it makes little sense just to delegate coopAssetsTransaction roles.
+        -- Therefore, we do not create coopAssetsTransaction roles at all,
+        -- but instead just assign extra permissions to existing membership-roles.
+
+        -- coopassetstransactions cannot be edited nor deleted, just created+viewed
+        call grantPermissionsToRole(
+                getRoleId(hsOfficeMembershipTenant(newHsOfficeMembership), 'fail'),
+                createPermissions(NEW.uuid, array ['view'])
+            );
+
+    else
+        raise exception 'invalid usage of TRIGGER';
+    end if;
+
+    return NEW;
+end; $$;
+
+/*
+    An AFTER INSERT TRIGGER which creates the role structure for a new customer.
+ */
+create trigger createRbacRolesForHsOfficeCoopAssetsTransaction_Trigger
+    after insert
+    on hs_office_coopAssetsTransaction
+    for each row
+execute procedure hsOfficeCoopAssetsTransactionRbacRolesTrigger();
+--//
+
+
+-- ============================================================================
+--changeset hs-office-coopAssetsTransaction-rbac-IDENTITY-VIEW:1 endDelimiter:--//
+-- ----------------------------------------------------------------------------
+call generateRbacIdentityView('hs_office_coopAssetsTransaction',
+    idNameExpression => 'target.reference');
+--//
+
+
+-- ============================================================================
+--changeset hs-office-coopAssetsTransaction-rbac-RESTRICTED-VIEW:1 endDelimiter:--//
+-- ----------------------------------------------------------------------------
+call generateRbacRestrictedView('hs_office_coopAssetsTransaction', orderby => 'target.reference');
+--//
+
+
+-- ============================================================================
+--changeset hs-office-coopAssetsTransaction-rbac-NEW-CoopAssetsTransaction:1 endDelimiter:--//
+-- ----------------------------------------------------------------------------
+/*
+    Creates a global permission for new-coopAssetsTransaction and assigns it to the hostsharing admins role.
+ */
+do language plpgsql $$
+    declare
+        addCustomerPermissions uuid[];
+        globalObjectUuid       uuid;
+        globalAdminRoleUuid    uuid ;
+    begin
+        call defineContext('granting global new-coopAssetsTransaction permission to global admin role', null, null, null);
+
+        globalAdminRoleUuid := findRoleId(globalAdmin());
+        globalObjectUuid := (select uuid from global);
+        addCustomerPermissions := createPermissions(globalObjectUuid, array ['new-coopassetstransaction']);
+        call grantPermissionsToRole(globalAdminRoleUuid, addCustomerPermissions);
+    end;
+$$;
+
+/**
+    Used by the trigger to prevent the add-customer to current user respectively assumed roles.
+ */
+create or replace function addHsOfficeCoopAssetsTransactionNotAllowedForCurrentSubjects()
+    returns trigger
+    language PLPGSQL
+as $$
+begin
+    raise exception '[403] new-coopassetstransaction not permitted for %',
+        array_to_string(currentSubjects(), ';', 'null');
+end; $$;
+
+/**
+    Checks if the user or assumed roles are allowed to create a new customer.
+ */
+create trigger hs_office_coopAssetsTransaction_insert_trigger
+    before insert
+    on hs_office_coopAssetsTransaction
+    for each row
+    when ( not hasAssumedRole() )
+execute procedure addHsOfficeCoopAssetsTransactionNotAllowedForCurrentSubjects();
+--//
+
--- a/src/main/resources/db/changelog/328-hs-office-coopassets-test-data.sql
+++ b/src/main/resources/db/changelog/328-hs-office-coopassets-test-data.sql
@ -0,0 +1,44 @@
+--liquibase formatted sql
+
+
+-- ============================================================================
+--changeset hs-office-coopAssetsTransaction-TEST-DATA-GENERATOR:1 endDelimiter:--//
+-- ----------------------------------------------------------------------------
+
+/*
+    Creates a single coopAssetsTransaction test record.
+ */
+create or replace procedure createHsOfficeCoopAssetsTransactionTestData(givenMembershipNumber numeric)
+    language plpgsql as $$
+declare
+    currentTask     varchar;
+    membership      hs_office_membership;
+begin
+    currentTask = 'creating coopAssetsTransaction test-data ' || givenMembershipNumber;
+    execute format('set local hsadminng.currentTask to %L', currentTask);
+
+    call defineContext(currentTask);
+    select m.uuid from hs_office_membership m where m.memberNumber = givenMembershipNumber into membership;
+
+    raise notice 'creating test coopAssetsTransaction: %', givenMembershipNumber;
+    insert
+        into hs_office_coopassetstransaction(uuid, membershipuuid, transactiontype, valuedate, assetvalue, reference, comment)
+        values
+            (uuid_generate_v4(), membership.uuid, 'DEPOSIT', '2010-03-15', 320.00, 'ref '||givenMembershipNumber||'-1', 'initial deposit'),
+            (uuid_generate_v4(), membership.uuid, 'DISBURSAL', '2021-09-01', -128.00, 'ref '||givenMembershipNumber||'-2', 'partial disbursal'),
+            (uuid_generate_v4(), membership.uuid, 'ADJUSTMENT', '2022-10-20', 128.00, 'ref '||givenMembershipNumber||'-3', 'some adjustment');
+end; $$;
+--//
+
+
+-- ============================================================================
+--changeset hs-office-coopAssetsTransaction-TEST-DATA-GENERATION:1 –context=dev,tc endDelimiter:--//
+-- ----------------------------------------------------------------------------
+
+do language plpgsql $$
+    begin
+        call createHsOfficeCoopAssetsTransactionTestData(10001);
+        call createHsOfficeCoopAssetsTransactionTestData(10002);
+        call createHsOfficeCoopAssetsTransactionTestData(10003);
+    end;
+$$;
--- a/src/main/resources/db/changelog/db.changelog-master.yaml
+++ b/src/main/resources/db/changelog/db.changelog-master.yaml
@ -105,3 +105,9 @@ databaseChangeLog:
        file: db/changelog/313-hs-office-coopshares-rbac.sql
    - include:
        file: db/changelog/318-hs-office-coopshares-test-data.sql
+    - include:
+          file: db/changelog/320-hs-office-coopassets.sql
+    - include:
+          file: db/changelog/323-hs-office-coopassets-rbac.sql
+    - include:
+          file: db/changelog/328-hs-office-coopassets-test-data.sql