HostingAsset-Hierarchie spec in enum HsHostingAssetType and generates PlantUML (#72)

Co-authored-by: Michael Hoennig <michael@hoennig.de> Reviewed-on: https://dev.hostsharing.net/hostsharing/hs.hsadmin.ng/pulls/72 Reviewed-by: Timotheus Pokorra <timotheus.pokorra@hostsharing.net>
2024-07-09 14:32:14 +02:00
parent f6d66d5712
commit afb6771ed7
31 changed files with 1076 additions and 233 deletions
--- a/src/main/resources/db/changelog/0-basis/010-context.sql
+++ b/src/main/resources/db/changelog/0-basis/010-context.sql
@ -149,7 +149,7 @@ create or replace function cleanIdentifier(rawIdentifier varchar)
 declare
    cleanIdentifier varchar;
 begin
-    cleanIdentifier := regexp_replace(rawIdentifier, '[^A-Za-z0-9\-._]+', '', 'g');
+    cleanIdentifier := regexp_replace(rawIdentifier, '[^A-Za-z0-9\-._|]+', '', 'g');
    return cleanIdentifier;
 end; $$;

--- a/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7013-hs-hosting-asset-rbac.md
+++ b/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7013-hs-hosting-asset-rbac.md
@ -36,9 +36,9 @@ subgraph asset["`**asset**`"]
        style asset:permissions fill:#dd4901,stroke:white

        perm:asset:INSERT{{asset:INSERT}}
-        perm:asset:SELECT{{asset:SELECT}}
        perm:asset:DELETE{{asset:DELETE}}
        perm:asset:UPDATE{{asset:UPDATE}}
+        perm:asset:SELECT{{asset:SELECT}}
    end
 end

@ -80,6 +80,9 @@ subgraph parentAsset["`**parentAsset**`"]
    end
 end

+%% granting roles to users
+user:creator ==> role:asset:OWNER
+
 %% granting roles to roles
 role:bookingItem:OWNER -.-> role:bookingItem:ADMIN
 role:bookingItem:ADMIN -.-> role:bookingItem:AGENT
@ -87,6 +90,7 @@ role:bookingItem:AGENT -.-> role:bookingItem:TENANT
 role:global:ADMIN -.-> role:alarmContact:OWNER
 role:alarmContact:OWNER -.-> role:alarmContact:ADMIN
 role:alarmContact:ADMIN -.-> role:alarmContact:REFERRER
+role:global:ADMIN ==>|XX| role:asset:OWNER
 role:bookingItem:ADMIN ==> role:asset:OWNER
 role:parentAsset:ADMIN ==> role:asset:OWNER
 role:asset:OWNER ==> role:asset:ADMIN
@ -104,7 +108,6 @@ role:alarmContact:ADMIN ==> role:asset:TENANT
 role:global:ADMIN ==> perm:asset:INSERT
 role:parentAsset:ADMIN ==> perm:asset:INSERT
 role:global:GUEST ==> perm:asset:INSERT
-role:global:ADMIN ==> perm:asset:SELECT
 role:asset:OWNER ==> perm:asset:DELETE
 role:asset:ADMIN ==> perm:asset:UPDATE
 role:asset:TENANT ==> perm:asset:SELECT
--- a/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7013-hs-hosting-asset-rbac.sql
+++ b/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7013-hs-hosting-asset-rbac.sql
@ -50,8 +50,10 @@ begin
        hsHostingAssetOWNER(NEW),
            permissions => array['DELETE'],
            incomingSuperRoles => array[
+            	globalADMIN(unassumed()),
            	hsBookingItemADMIN(newBookingItem),
-            	hsHostingAssetADMIN(newParentAsset)]
+            	hsHostingAssetADMIN(newParentAsset)],
+            userUuids => array[currentUserUuid()]
    );

    perform createRoleWithGrants(
@ -85,10 +87,6 @@ begin
    IF NEW.type = 'DOMAIN_SETUP' THEN
    END IF;

-
-
-    call grantPermissionToRole(createPermission(NEW.uuid, 'SELECT'), globalAdmin());
-
    call leaveTriggerForObjectUuid(NEW.uuid);
 end; $$;

--- a/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7018-hs-hosting-asset-test-data.sql
+++ b/src/main/resources/db/changelog/7-hs-hosting/701-hosting-asset/7018-hs-hosting-asset-test-data.sql
@ -71,15 +71,15 @@ begin
    defaultPrefix := relatedDebitor.defaultPrefix;

    insert into hs_hosting_asset
-           (uuid,                bookingitemuuid,                        type,                parentAssetUuid,     assignedToAssetUuid,   identifier,                      caption,                     config)
-    values (managedServerUuid,   relatedManagedServerBookingItem.uuid,   'MANAGED_SERVER',    null,                null,                  'vm10' || debitorNumberSuffix,   'some ManagedServer',        '{ "monit_max_cpu_usage": 90, "monit_max_ram_usage": 80, "monit_max_ssd_usage": 70 }'::jsonb),
-           (uuid_generate_v4(),  relatedCloudServerBookingItem.uuid,     'CLOUD_SERVER',      null,                null,                  'vm20' || debitorNumberSuffix,   'another CloudServer',       '{}'::jsonb),
-           (managedWebspaceUuid, relatedManagedWebspaceBookingItem.uuid, 'MANAGED_WEBSPACE',  managedServerUuid,   null,                  defaultPrefix || '01',           'some Webspace',             '{}'::jsonb),
-           (uuid_generate_v4(),  null,                                   'EMAIL_ALIAS',       managedWebspaceUuid, null,                  defaultPrefix || '01-web',       'some E-Mail-Alias',         '{ "target": [ "office@example.org", "archive@example.com" ] }'::jsonb),
-           (webUnixUserUuid,     null,                                   'UNIX_USER',         managedWebspaceUuid, null,                  defaultPrefix || '01-web',       'some UnixUser for Website', '{ "SSD-soft-quota": "128", "SSD-hard-quota": "256", "HDD-soft-quota": "512", "HDD-hard-quota": "1024"}'::jsonb),
-           (domainSetupUuid,     null,                                   'DOMAIN_SETUP',      null,                null,                  defaultPrefix || '.example.org', 'some Domain-Setup',         '{}'::jsonb),
-           (uuid_generate_v4(),  null,                                   'DOMAIN_DNS_SETUP',  domainSetupUuid,     null,                  defaultPrefix || '.example.org', 'some Domain-DNS-Setup',     '{}'::jsonb),
-           (uuid_generate_v4(),  null,                                   'DOMAIN_HTTP_SETUP', domainSetupUuid,     webUnixUserUuid,       defaultPrefix || '.example.org', 'some Domain-HTTP-Setup',    '{ "option-htdocsfallback": true, "use-fcgiphpbin": "/usr/lib/cgi-bin/php", "validsubdomainnames": "*"}'::jsonb);
+           (uuid,                bookingitemuuid,                        type,                parentAssetUuid,     assignedToAssetUuid,   identifier,                           caption,                     config)
+    values (managedServerUuid,   relatedManagedServerBookingItem.uuid,   'MANAGED_SERVER',    null,                null,                  'vm10' || debitorNumberSuffix,        'some ManagedServer',        '{ "monit_max_cpu_usage": 90, "monit_max_ram_usage": 80, "monit_max_ssd_usage": 70 }'::jsonb),
+           (uuid_generate_v4(),  relatedCloudServerBookingItem.uuid,     'CLOUD_SERVER',      null,                null,                  'vm20' || debitorNumberSuffix,        'another CloudServer',       '{}'::jsonb),
+           (managedWebspaceUuid, relatedManagedWebspaceBookingItem.uuid, 'MANAGED_WEBSPACE',  managedServerUuid,   null,                  defaultPrefix || '01',                'some Webspace',             '{}'::jsonb),
+           (uuid_generate_v4(),  null,                                   'EMAIL_ALIAS',       managedWebspaceUuid, null,                  defaultPrefix || '01-web',            'some E-Mail-Alias',         '{ "target": [ "office@example.org", "archive@example.com" ] }'::jsonb),
+           (webUnixUserUuid,     null,                                   'UNIX_USER',         managedWebspaceUuid, null,                  defaultPrefix || '01-web',            'some UnixUser for Website', '{ "SSD-soft-quota": "128", "SSD-hard-quota": "256", "HDD-soft-quota": "512", "HDD-hard-quota": "1024"}'::jsonb),
+           (domainSetupUuid,     null,                                   'DOMAIN_SETUP',      null,                null,                  defaultPrefix || '.example.org',      'some Domain-Setup',         '{}'::jsonb),
+           (uuid_generate_v4(),  null,                                   'DOMAIN_DNS_SETUP',  domainSetupUuid,     null,                  defaultPrefix || '.example.org|DNS',  'some Domain-DNS-Setup',     '{}'::jsonb),
+           (uuid_generate_v4(),  null,                                   'DOMAIN_HTTP_SETUP', domainSetupUuid,     webUnixUserUuid,       defaultPrefix || '.example.org|HTTP', 'some Domain-HTTP-Setup',    '{ "option-htdocsfallback": true, "use-fcgiphpbin": "/usr/lib/cgi-bin/php", "validsubdomainnames": "*"}'::jsonb);
 end; $$;
 --//