add hs-office-membership entity+repo + fix rbac

2022-10-17 19:42:14 +02:00
parent 28bdd9220d
commit e6f9484f99
10 changed files with 662 additions and 10 deletions
--- a/src/main/resources/db/changelog/300-hs-office-membership.sql
+++ b/src/main/resources/db/changelog/300-hs-office-membership.sql
@ -15,7 +15,7 @@ create table if not exists hs_office_membership
    mainDebitorUuid         uuid not null references hs_office_debitor(uuid),
    memberNumber            numeric(5) not null,
    validity                daterange not null,
-    reasonForTermination    HsOfficeReasonForTermination not null
+    reasonForTermination    HsOfficeReasonForTermination not null default 'NONE'
 );
 --//

--- a/src/main/resources/db/changelog/303-hs-office-membership-rbac.md
+++ b/src/main/resources/db/changelog/303-hs-office-membership-rbac.md
@ -51,11 +51,13 @@ subgraph hsOfficeMembership
       role:hsOfficeDebitor.admin --> role:hsOfficeMembership.agent
   %% outgoing
       role:hsOfficeMembership.agent --> role:hsOfficePartner.tenant
-       role:hsOfficeMembership.admin --> role:hsOfficeDebitor.tenant
+       role:hsOfficeMembership.agent --> role:hsOfficeDebitor.tenant
  
   role:hsOfficeMembership.tenant[membership.tenant]
   %% incoming
       role:hsOfficeMembership.agent --> role:hsOfficeMembership.tenant
+       role:hsOfficePartner.agent --> role:hsOfficeMembership.tenant
+       role:hsOfficeDebitor.agent --> role:hsOfficeMembership.tenant
   %% outgoing   
       role:hsOfficeMembership.tenant --> role:hsOfficePartner.guest
       role:hsOfficeMembership.tenant --> role:hsOfficeDebitor.guest
@ -65,6 +67,8 @@ subgraph hsOfficeMembership
       role:hsOfficeMembership.guest -->  perm:hsOfficeMembership.view{{membership.view}}
   %% incoming
       role:hsOfficeMembership.tenant --> role:hsOfficeMembership.guest
+       role:hsOfficePartner.tenant --> role:hsOfficeMembership.guest
+       role:hsOfficeDebitor.tenant --> role:hsOfficeMembership.guest
 end


--- a/src/main/resources/db/changelog/303-hs-office-membership-rbac.sql
+++ b/src/main/resources/db/changelog/303-hs-office-membership-rbac.sql
@ -47,26 +47,25 @@ begin
        perform createRoleWithGrants(
                hsOfficeMembershipAdmin(NEW),
                permissions => array['edit'],
-                incomingSuperRoles => array[hsOfficeMembershipOwner(NEW)],
-                outgoingSubRoles => array[hsOfficeDebitorTenant(newHsOfficeDebitor)]
+                incomingSuperRoles => array[hsOfficeMembershipOwner(NEW)]
            );

        perform createRoleWithGrants(
                hsOfficeMembershipAgent(NEW),
                incomingSuperRoles => array[hsOfficeMembershipAdmin(NEW), hsOfficePartnerAdmin(newHsOfficePartner), hsOfficeDebitorAdmin(newHsOfficeDebitor)],
-                outgoingSubRoles => array[hsOfficePartnerTenant(newHsOfficePartner)]
+                outgoingSubRoles => array[hsOfficePartnerTenant(newHsOfficePartner), hsOfficeDebitorTenant(newHsOfficeDebitor)]
            );

        perform createRoleWithGrants(
                hsOfficeMembershipTenant(NEW),
-                incomingSuperRoles => array[hsOfficeMembershipAgent(NEW)],
+                incomingSuperRoles => array[hsOfficeMembershipAgent(NEW), hsOfficePartnerAgent(newHsOfficePartner), hsOfficeDebitorAgent(newHsOfficeDebitor)],
                outgoingSubRoles => array[hsOfficePartnerGuest(newHsOfficePartner), hsOfficeDebitorGuest(newHsOfficeDebitor)]
            );

        perform createRoleWithGrants(
                hsOfficeMembershipGuest(NEW),
                permissions => array['view'],
-                incomingSuperRoles => array[hsOfficeMembershipTenant(NEW)]
+                incomingSuperRoles => array[hsOfficeMembershipTenant(NEW), hsOfficePartnerTenant(newHsOfficePartner), hsOfficeDebitorTenant(newHsOfficeDebitor)]
            );

        -- === END of code generated from Mermaid flowchart. ===
--- a/src/main/resources/db/changelog/308-hs-office-membership-test-data.sql
+++ b/src/main/resources/db/changelog/308-hs-office-membership-test-data.sql
@ -18,7 +18,7 @@ declare
    newMemberNumber numeric;
 begin
    idName := cleanIdentifier( forPartnerTradeName || '#' || forMainDebitorNumber);
-    currentTask := 'creating SEPA-mandate test-data ' || idName;
+    currentTask := 'creating Membership test-data ' || idName;
    call defineContext(currentTask, null, 'superuser-alex@hostsharing.net', 'global#global.admin');
    execute format('set local hsadminng.currentTask to %L', currentTask);

@ -28,7 +28,7 @@ begin
    select d.* from hs_office_debitor d where d.debitorNumber = forMainDebitorNumber into relatedDebitor;
    select coalesce(max(memberNumber)+1, 10001) from hs_office_membership into newMemberNumber;

-    raise notice 'creating test SEPA-mandate: %', idName;
+    raise notice 'creating test Membership: %', idName;
    raise notice '- using partner (%): %', relatedPartner.uuid, relatedPartner;
    raise notice '- using debitor (%): %', relatedDebitor.uuid, relatedDebitor;
    insert