optionally limit account-context to natural persons (#187)

Co-authored-by: Michael Hoennig <michael@hoennig.de>
Reviewed-on: https://dev.hostsharing.net/hostsharing/hs.hsadmin.ng/pulls/187
Reviewed-by: Marc Sandlus <marc.sandlus@hostsharing.net>

src/main/resources/api-definition/accounts/context-schemas.yaml

@@ -15,6 +15,8 @@ components:
                 qualifier:
                     type: string
                     maxLength: 80
+                onlyForNaturalPersons:
+                    type: boolean
             required:
                 - uuid
                 - type

src/main/resources/db/changelog/9-hs-global/950-accounts/9510-hs-accounts.sql

@@ -32,11 +32,13 @@ create table hs_accounts.credentials
 
 create table hs_accounts.context
 (
-    uuid            uuid PRIMARY KEY,
-    version         int not null default 0,
+    uuid                        uuid PRIMARY KEY,
+    version                     int not null default 0,
 
-    type            varchar(16),
-    qualifier       varchar(80),
+    type                        varchar(16),
+    qualifier                   varchar(80),
+
+    only_for_natural_persons    boolean default false,
 
     unique (type, qualifier)
 );

src/main/resources/db/changelog/9-hs-global/950-accounts/9519-hs-accounts-test-data.sql

@@ -26,15 +26,17 @@ begin
     personFranUuid = (SELECT uuid FROM hs_office.person WHERE givenName='Fran');
 
     -- Add test contexts
-    INSERT INTO hs_accounts.context (uuid, type, qualifier) VALUES
-        ('11111111-1111-1111-1111-111111111111', 'HSADMIN', 'prod')
+    INSERT INTO hs_accounts.context (uuid, type, qualifier, only_for_natural_persons) VALUES
+        ('11111111-1111-1111-1111-111111111111', 'HSADMIN', 'prod', true)
         RETURNING * INTO context_HSADMIN_prod;
-    INSERT INTO hs_accounts.context (uuid, type, qualifier) VALUES
-        ('22222222-2222-2222-2222-222222222222', 'SSH', 'internal')
+    INSERT INTO hs_accounts.context (uuid, type, qualifier, only_for_natural_persons) VALUES
+        ('22222222-2222-2222-2222-222222222222', 'SSH', 'internal', true)
            RETURNING * INTO context_SSH_internal;
-    INSERT INTO hs_accounts.context (uuid, type, qualifier) VALUES
-        ('33333333-3333-3333-3333-333333333333', 'MATRIX', 'internal')
+    INSERT INTO hs_accounts.context (uuid, type, qualifier, only_for_natural_persons) VALUES
+        ('33333333-3333-3333-3333-333333333333', 'MATRIX', 'internal', true)
            RETURNING * INTO context_MATRIX_internal;
+    INSERT INTO hs_accounts.context (uuid, type, qualifier, only_for_natural_persons) VALUES
+        ('44444444-4444-4444-4444-444444444444', 'MASTODON', 'external', false);
 
 -- grant general access to public credential contexts
 -- TODO_impl: RBAC rules for _rv do not yet work properly