cleanup-todos (#31)

Co-authored-by: Michael Hoennig <michael@hoennig.de> Reviewed-on: https://dev.hostsharing.net/hostsharing/hs.hsadmin.ng/pulls/31 Reviewed-by: Timotheus Pokorra <timotheus.pokorra@hostsharing.net>
2024-04-02 13:14:46 +02:00
parent 277369a960
commit ad04faa21d
32 changed files with 108 additions and 150 deletions
--- a/src/main/resources/api-definition/rbac/rbac-role-schemas.yaml
+++ b/src/main/resources/api-definition/rbac/rbac-role-schemas.yaml
@ -23,7 +23,7 @@ components:
                        - ADMIN
                        - AGENT
                        - TENANT
-                        - GUEST
                        - REFERRER
+                        - GUEST
                roleName:
                    type: string
--- a/src/main/resources/db/changelog/0-basis/010-context.sql
+++ b/src/main/resources/db/changelog/0-basis/010-context.sql
@ -10,10 +10,10 @@
    This function will be overwritten by later changesets.
 */
 create procedure contextDefined(
-    currentTask varchar,
-    currentRequest varchar,
-    currentUser varchar,
-    assumedRoles varchar
+    currentTask varchar(127),
+    currentRequest text,
+    currentUser varchar(63),
+    assumedRoles varchar(1023)
 )
    language plpgsql as $$
 begin
--- a/src/main/resources/db/changelog/1-rbac/1054-rbac-context.sql
+++ b/src/main/resources/db/changelog/1-rbac/1054-rbac-context.sql
@ -85,10 +85,10 @@ end; $$;
    This function will be overwritten by later changesets.
 */
 create or replace procedure contextDefined(
-    currentTask varchar,
-    currentRequest varchar,
-    currentUser varchar,
-    assumedRoles varchar
+    currentTask varchar(127),
+    currentRequest text,
+    currentUser varchar(63),
+    assumedRoles varchar(1023)
 )
    language plpgsql as $$
 declare
--- a/src/main/resources/db/changelog/1-rbac/1057-rbac-role-builder.sql
+++ b/src/main/resources/db/changelog/1-rbac/1057-rbac-role-builder.sql
@ -1,18 +1,5 @@
 --liquibase formatted sql

-- ============================================================================
-- PERMISSIONS
--changeset rbac-role-builder-to-uuids:1 endDelimiter:--//
-- ----------------------------------------------------------------------------
-
-create or replace function toPermissionUuids(forObjectUuid uuid, permitOps RbacOp[])
-    returns uuid[]
-    language plpgsql
-    strict as $$
-begin
-    return createPermissions(forObjectUuid, permitOps);
-end; $$;
-

 -- =================================================================
 -- CREATE ROLE
@ -32,6 +19,8 @@ create or replace function createRoleWithGrants(
    language plpgsql as $$
 declare
    roleUuid                uuid;
+    permission              RbacOp;
+    permissionUuid          uuid;
    subRoleDesc             RbacRoleDescriptor;
    superRoleDesc           RbacRoleDescriptor;
    subRoleUuid             uuid;
@ -41,9 +30,11 @@ declare
 begin
    roleUuid := createRole(roleDescriptor);

-    if cardinality(permissions) > 0 then
-        call grantPermissionsToRole(roleUuid, toPermissionUuids(roleDescriptor.objectuuid, permissions));
-    end if;
+    foreach permission in array permissions
+        loop
+            permissionUuid := createPermission(roleDescriptor.objectuuid, permission);
+            call grantPermissionToRole(permissionUuid, roleUuid);
+        end loop;

    foreach superRoleDesc in array array_remove(incomingSuperRoles, null)
        loop
@ -60,7 +51,7 @@ begin
    if cardinality(userUuids) > 0 then
        -- direct grants to users need a grantedByRole which can revoke the grant
        if grantedByRole is null then
-            userGrantsByRoleUuid := roleUuid; -- TODO: or do we want to require an explicit userGrantsByRoleUuid?
+            userGrantsByRoleUuid := roleUuid; -- TODO.spec: or do we want to require an explicit userGrantsByRoleUuid?
        else
            userGrantsByRoleUuid := getRoleId(grantedByRole);
        end if;