hostsharing/hs.hsadmin.ng
1
0
Fork 0
Code Activity

improve Contact/Partner/Contact Repository integration tests with Raw...Repos

Browse Source
This commit is contained in:
Michael Hoennig
2022-09-12 16:27:17 +02:00
parent 3eec8a4138
commit ac5f19e399
16 changed files with 210 additions and 109 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
src/main/resources/db/changelog/050-rbac-base.sql
View File

@ -205,6 +205,7 @@ $$;
create or replace procedure deleteRole(roleUUid uuid)
language plpgsql as $$
begin
--raise exception '% deleting role uuid %', currentsubjectsuuids(), roleUUid;
delete from RbacRole where uuid = roleUUid;
end;
$$;
@ -266,6 +267,38 @@ begin
end;
$$;
-- ============================================================================
--changeset hs-admin-person-rbac-ROLES-REMOVAL:1 endDelimiter:--//
-- ----------------------------------------------------------------------------
/*
RbacRole BEFORE DELETE TRIGGER function which deletes all related roles.
*/
create or replace function deleteRbacGrantsForRbacRole()
returns trigger
language plpgsql
strict as $$
begin
if TG_OP = 'DELETE' then
delete from RbacGrants g where old.uuid in (g.grantedbyroleuuid, g.ascendantuuid, g.descendantuuid);
else
raise exception 'invalid usage of TRIGGER BEFORE DELETE';
end if;
return old;
end; $$;
/*
Installs the RbacRole BEFORE DELETE TRIGGER.
*/
create trigger deleteRbacGrantsForRbacRole_Trigger
before delete
on RbacRole
for each row
execute procedure deleteRbacGrantsForRbacRole();
--//
-- ============================================================================
--changeset rbac-base-PERMISSION:1 endDelimiter:--//
-- ----------------------------------------------------------------------------
@ -363,9 +396,9 @@ $$;
create table RbacGrants
(
uuid uuid primary key default uuid_generate_v4(),
grantedByRoleUuid uuid references RbacRole (uuid) on delete cascade,
ascendantUuid uuid references RbacReference (uuid) on delete cascade not null,
descendantUuid uuid references RbacReference (uuid) on delete cascade not null,
grantedByRoleUuid uuid references RbacRole (uuid),
ascendantUuid uuid references RbacReference (uuid),
descendantUuid uuid references RbacReference (uuid),
assumed boolean not null default true, -- auto assumed (true) vs. needs assumeRoles (false)
unique (ascendantUuid, descendantUuid)
);

4
src/main/resources/db/changelog/055-rbac-views.sql
View File

@ -168,6 +168,8 @@ execute function insertRbacGrant();
/**
Instead of delete trigger function for RbacGrants_RV.
Checks if the current subject (user / assumed role) has the permission to revoke the grant.
*/
create or replace function deleteRbacGrant()
returns trigger
@ -283,6 +285,8 @@ execute function insertRbacUser();
/**
Instead of delete trigger function for RbacUser_RV.
Checks if the current subject (user / assumed role) has the permission to delete the user.
*/
create or replace function deleteRbacUser()
returns trigger

2
src/main/resources/db/changelog/200-hs-admin-contact.sql
View File

@ -6,7 +6,7 @@
create table if not exists hs_admin_contact
(
uuid uuid unique references RbacObject (uuid),
uuid uuid unique references RbacObject (uuid) on delete cascade,
label varchar(96) not null,
postalAddress text,
emailAddresses text, -- TODO.feat: change to json

2
src/main/resources/db/changelog/203-hs-admin-contact-rbac.sql
View File

@ -224,6 +224,8 @@ execute function insertHsAdminContact();
/**
Instead of delete trigger function for hs_admin_contact_rv.
Checks if the current subject (user / assumed role) has the permission to delete the row.
*/
create or replace function deleteHsAdminContact()
returns trigger

2
src/main/resources/db/changelog/210-hs-admin-person.sql
View File

@ -10,7 +10,7 @@ CREATE CAST (character varying as HsAdminPersonType) WITH INOUT AS IMPLICIT;
create table if not exists hs_admin_person
(
uuid uuid unique references RbacObject (uuid),
uuid uuid unique references RbacObject (uuid) on delete cascade,
personType HsAdminPersonType not null,
tradeName varchar(96),
givenName varchar(48),

29
src/main/resources/db/changelog/213-hs-admin-person-rbac.sql
View File

@ -66,12 +66,12 @@ begin
-- the owner role with full access for the creator assigned to the current user
ownerRole := createRole(
hsAdminPersonOwner(NEW),
grantingPermissions(forObjectUuid => NEW.uuid, permitOps => array ['*']),
beneathRole(globalAdmin()),
withoutSubRoles(),
withUser(currentUser()), -- TODO.spec: Who is owner of a new person?
grantedByRole(globalAdmin())
hsAdminPersonOwner(NEW),
grantingPermissions(forObjectUuid => NEW.uuid, permitOps => array ['*']),
beneathRole(globalAdmin()),
withoutSubRoles(),
withUser(currentUser()), -- TODO.spec: Who is owner of a new person?
grantedByRole(globalAdmin())
);
-- the tenant role for those related users who can view the data
@ -83,9 +83,9 @@ begin
-- the tenant role for those related users who can view the data
perform createRole(
hsAdminPersonTenant(NEW),
grantingPermissions(forObjectUuid => NEW.uuid, permitOps => array ['view']),
beneathRole(adminRole)
hsAdminPersonTenant(NEW),
grantingPermissions(forObjectUuid => NEW.uuid, permitOps => array ['view']),
beneathRole(adminRole)
);
return NEW;
@ -107,6 +107,8 @@ execute procedure createRbacRolesForHsAdminPerson();
--changeset hs-admin-person-rbac-ROLES-REMOVAL:1 endDelimiter:--//
-- ----------------------------------------------------------------------------
-- TODO: can we replace all these delete triggers by a delete trigger on RbacObject?
/*
Deletes the roles and their assignments of a deleted person for the BEFORE DELETE TRIGGER.
*/
@ -117,6 +119,7 @@ create or replace function deleteRbacRulesForHsAdminPerson()
begin
if TG_OP = 'DELETE' then
call deleteRole(findRoleId(hsAdminPersonOwner(OLD)));
call deleteRole(findRoleId(hsAdminPersonAdmin(OLD)));
call deleteRole(findRoleId(hsAdminPersonTenant(OLD)));
else
raise exception 'invalid usage of TRIGGER BEFORE DELETE';
@ -224,6 +227,8 @@ execute function insertHsAdminPerson();
/**
Instead of delete trigger function for hs_admin_person_rv.
Checks if the current subject (user / assumed role) has the permission to delete the row.
*/
create or replace function deleteHsAdminPerson()
returns trigger
@ -255,9 +260,9 @@ execute function deleteHsAdminPerson();
*/
do language plpgsql $$
declare
addCustomerPermissions uuid[];
globalObjectUuid uuid;
globalAdminRoleUuid uuid ;
addCustomerPermissions uuid[];
globalObjectUuid uuid;
globalAdminRoleUuid uuid ;
begin
call defineContext('granting global new-person permission to global admin role', null, null, null);

2
src/main/resources/db/changelog/218-hs-admin-person-test-data.sql
View File

@ -63,7 +63,7 @@ do language plpgsql $$
call createHsAdminPersonTestData('NATURAL', null, 'Peter', 'Smith');
call createHsAdminPersonTestData('LEGAL', 'Rockshop e.K.', 'Sandra', 'Miller');
call createHsAdminPersonTestData('SOLE_REPRESENTATION', 'Ostfriesische Kuhhandel OHG');
call createHsAdminPersonTestData('JOINT_REPRESENTATION', 'Erbengemeinschaft Bessler', 'Mel', 'Bessler');
call createHsAdminPersonTestData('JOINT_REPRESENTATION', 'Erben Bessler', 'Mel', 'Bessler');
end;
$$;
--//

2
src/main/resources/db/changelog/220-hs-admin-partner.sql
View File

@ -6,7 +6,7 @@
create table if not exists hs_admin_partner
(
uuid uuid unique references RbacObject (uuid),
uuid uuid unique references RbacObject (uuid) on delete cascade,
personUuid uuid not null references hs_admin_person(uuid),
contactUuid uuid not null references hs_admin_contact(uuid),
registrationOffice varchar(96),

2
src/main/resources/db/changelog/223-hs-admin-partner-rbac.sql
View File

@ -234,6 +234,8 @@ execute function insertHsAdminPartner();
/**
Instead of delete trigger function for hs_admin_partner_rv.
Checks if the current subject (user / assumed role) has the permission to delete the row.
*/
create or replace function deleteHsAdminPartner()
returns trigger