fix booking item identity view and some other minor issues

2024-04-19 10:06:57 +02:00
parent 5b18681e96
commit d8b1d18952
9 changed files with 54 additions and 37 deletions
--- a/src/main/resources/api-definition/hs-booking/hs-booking-item-schemas.yaml
+++ b/src/main/resources/api-definition/hs-booking/hs-booking-item-schemas.yaml
@ -48,7 +48,7 @@ components:
                caption:
                    type: string
                    minLength: 3
-                    maxLength:
+                    maxLength: 80
                    nullable: false
                validFrom:
                    type: string
@ -75,11 +75,6 @@ components:
        ManagedServerBookingResources:
            type: object
            properties:
-                caption:
-                    type: string
-                    minLength: 3
-                    maxLength:
-                    nullable: false
                CPU:
                    type: integer
                    minimum: 1
--- a/src/main/resources/db/changelog/6-hs-booking/601-booking-item/6013-hs-booking-item-rbac.md
+++ b/src/main/resources/db/changelog/6-hs-booking/601-booking-item/6013-hs-booking-item-rbac.md
@ -95,6 +95,7 @@ subgraph bookingItem["`**bookingItem**`"]

        role:bookingItem:OWNER[[bookingItem:OWNER]]
        role:bookingItem:ADMIN[[bookingItem:ADMIN]]
+        role:bookingItem:AGENT[[bookingItem:AGENT]]
        role:bookingItem:TENANT[[bookingItem:TENANT]]
    end

@ -273,13 +274,15 @@ role:debitorRel.anchorPerson:ADMIN -.-> role:debitorRel:OWNER
 role:debitorRel.holderPerson:ADMIN -.-> role:debitorRel:AGENT
 role:debitorRel:AGENT ==> role:bookingItem:OWNER
 role:bookingItem:OWNER ==> role:bookingItem:ADMIN
-role:bookingItem:ADMIN ==> role:bookingItem:TENANT
+role:debitorRel:AGENT ==> role:bookingItem:ADMIN
+role:bookingItem:ADMIN ==> role:bookingItem:AGENT
+role:bookingItem:AGENT ==> role:bookingItem:TENANT
 role:bookingItem:TENANT ==> role:debitorRel:TENANT

 %% granting permissions to roles
 role:debitorRel:ADMIN ==> perm:bookingItem:INSERT
 role:global:ADMIN ==> perm:bookingItem:DELETE
-role:bookingItem:OWNER ==> perm:bookingItem:UPDATE
+role:bookingItem:ADMIN ==> perm:bookingItem:UPDATE
 role:bookingItem:TENANT ==> perm:bookingItem:SELECT

 ```
--- a/src/main/resources/db/changelog/6-hs-booking/601-booking-item/6013-hs-booking-item-rbac.sql
+++ b/src/main/resources/db/changelog/6-hs-booking/601-booking-item/6013-hs-booking-item-rbac.sql
@ -49,19 +49,26 @@ begin

    perform createRoleWithGrants(
        hsBookingItemOWNER(NEW),
-            permissions => array['UPDATE'],
            incomingSuperRoles => array[hsOfficeRelationAGENT(newDebitorRel)]
    );

    perform createRoleWithGrants(
        hsBookingItemADMIN(NEW),
-            incomingSuperRoles => array[hsBookingItemOWNER(NEW)]
+            permissions => array['UPDATE'],
+            incomingSuperRoles => array[
+            	hsBookingItemOWNER(NEW),
+            	hsOfficeRelationAGENT(newDebitorRel)]
+    );
+
+    perform createRoleWithGrants(
+        hsBookingItemAGENT(NEW),
+            incomingSuperRoles => array[hsBookingItemADMIN(NEW)]
    );

    perform createRoleWithGrants(
        hsBookingItemTENANT(NEW),
            permissions => array['SELECT'],
-            incomingSuperRoles => array[hsBookingItemADMIN(NEW)],
+            incomingSuperRoles => array[hsBookingItemAGENT(NEW)],
            outgoingSubRoles => array[hsOfficeRelationTENANT(newDebitorRel)]
    );

@ -177,9 +184,9 @@ create trigger hs_booking_item_insert_permission_check_tg

    call generateRbacIdentityViewFromQuery('hs_booking_item',
        $idName$
-            SELECT i.uuid as uuid, d.idName || ':' || i.caption as idName
-            FROM hs_booking_item i
-            JOIN hs_office_debitor_iv d ON d.uuid = i.debitorUuid
+            SELECT bookingItem.uuid as uuid, debitorIV.idName || '-' || cleanIdentifier(bookingItem.caption) as idName
+            FROM hs_booking_item bookingItem
+            JOIN hs_office_debitor_iv debitorIV ON debitorIV.uuid = bookingItem.debitorUuid
        $idName$);
 --//

@ -192,6 +199,7 @@ call generateRbacRestrictedView('hs_booking_item',
    $orderBy$,
    $updates$
        version = new.version,
+        caption = new.caption,
        validity = new.validity,
        resources = new.resources
    $updates$);
--- a/src/main/resources/db/changelog/6-hs-booking/601-booking-item/6018-hs-booking-item-test-data.sql
+++ b/src/main/resources/db/changelog/6-hs-booking/601-booking-item/6018-hs-booking-item-test-data.sql
@ -34,7 +34,7 @@ begin
        into hs_booking_item (uuid, debitoruuid, caption, validity, resources)
        values (uuid_generate_v4(), relatedDebitor.uuid, 'some ManagedServer', daterange('20221001', null, '[]'), '{ "CPU": 2, "SDD": 512, "extra": 42 }'::jsonb),
               (uuid_generate_v4(), relatedDebitor.uuid, 'some CloudServer', daterange('20230115', '20240415', '[)'), '{ "CPU": 2, "HDD": 1024, "extra": 42 }'::jsonb),
-               (uuid_generate_v4(), relatedDebitor.uuid, 'some Whatever', daterange('20240401', null, '[]'), '{ "CPU": 1, "SDD": 512, "HDD": 2048, "extra": 42 }'::jsonb);
+               (uuid_generate_v4(), relatedDebitor.uuid, 'some PrivateCloud', daterange('20240401', null, '[]'), '{ "CPU": 10, "SDD": 10240, "HDD": 10240, "extra": 42 }'::jsonb);
 end; $$;
 --//