add assigned-asset, add more hosting-asset test-data and introduce HsBookingDebitor+hs_booking_debitor_rv (#58)
Co-authored-by: Michael Hoennig <michael@hoennig.de> Reviewed-on: https://dev.hostsharing.net/hostsharing/hs.hsadmin.ng/pulls/58 Reviewed-by: Marc Sandlus <marc.sandlus@hostsharing.net>
This commit is contained in:
Michael Hoennig
@ -10,7 +10,9 @@ components:
|
||||
- MANAGED_SERVER
|
||||
- MANAGED_WEBSPACE
|
||||
- UNIX_USER
|
||||
- DOMAIN_SETUP
|
||||
- DOMAIN_DNS_SETUP
|
||||
- DOMAIN_HTTP_SETUP
|
||||
- DOMAIN_EMAIL_SETUP
|
||||
- EMAIL_ALIAS
|
||||
- EMAIL_ADDRESS
|
||||
- PGSQL_USER
|
||||
|
||||
@ -118,10 +118,13 @@ begin
|
||||
sql = format($sql$
|
||||
create or replace function %1$sUuidByIdName(givenIdName varchar)
|
||||
returns uuid
|
||||
language sql
|
||||
strict as $f$
|
||||
select uuid from %1$s_iv iv where iv.idName = givenIdName;
|
||||
$f$;
|
||||
language plpgsql as $f$
|
||||
declare
|
||||
singleMatch uuid;
|
||||
begin
|
||||
select uuid into strict singleMatch from %1$s_iv iv where iv.idName = givenIdName;
|
||||
return singleMatch;
|
||||
end; $f$;
|
||||
$sql$, targetTable);
|
||||
execute sql;
|
||||
|
||||
|
||||
@ -0,0 +1,17 @@
|
||||
--liquibase formatted sql
|
||||
|
||||
-- ============================================================================
|
||||
--changeset hs-booking-debitor-RESTRICTED-VIEW:1 endDelimiter:--//
|
||||
-- ----------------------------------------------------------------------------
|
||||
|
||||
create view hs_booking_debitor_rv as
|
||||
select debitor.uuid,
|
||||
debitor.version,
|
||||
(partner.partnerNumber::varchar || debitor.debitorNumberSuffix)::numeric as debitorNumber,
|
||||
debitor.defaultPrefix
|
||||
from hs_office_debitor_rv debitor
|
||||
-- RBAC for debitor is sufficient, for faster access we are bypassing RBAC for the join tables
|
||||
join hs_office_relation debitorRel on debitor.debitorReluUid=debitorRel.uuid
|
||||
join hs_office_relation partnerRel on partnerRel.holderUuid=debitorRel.anchorUuid
|
||||
join hs_office_partner partner on partner.partnerReluUid=partnerRel.uuid;
|
||||
--//
|
||||
@ -9,7 +9,9 @@ create type HsHostingAssetType as enum (
|
||||
'MANAGED_SERVER',
|
||||
'MANAGED_WEBSPACE',
|
||||
'UNIX_USER',
|
||||
'DOMAIN_SETUP',
|
||||
'DOMAIN_DNS_SETUP',
|
||||
'DOMAIN_HTTP_SETUP',
|
||||
'DOMAIN_EMAIL_SETUP',
|
||||
'EMAIL_ALIAS',
|
||||
'EMAIL_ADDRESS',
|
||||
'PGSQL_USER',
|
||||
@ -27,6 +29,7 @@ create table if not exists hs_hosting_asset
|
||||
bookingItemUuid uuid null references hs_booking_item(uuid),
|
||||
type HsHostingAssetType not null,
|
||||
parentAssetUuid uuid null references hs_hosting_asset(uuid) initially deferred,
|
||||
assignedToAssetUuid uuid null references hs_hosting_asset(uuid) initially deferred,
|
||||
identifier varchar(80) not null,
|
||||
caption varchar(80),
|
||||
config jsonb not null,
|
||||
@ -59,9 +62,11 @@ begin
|
||||
when 'MANAGED_SERVER' then null
|
||||
when 'MANAGED_WEBSPACE' then 'MANAGED_SERVER'
|
||||
when 'UNIX_USER' then 'MANAGED_WEBSPACE'
|
||||
when 'DOMAIN_SETUP' then 'UNIX_USER'
|
||||
when 'DOMAIN_DNS_SETUP' then 'MANAGED_WEBSPACE'
|
||||
when 'DOMAIN_HTTP_SETUP' then 'MANAGED_WEBSPACE'
|
||||
when 'DOMAIN_EMAIL_SETUP' then 'MANAGED_WEBSPACE'
|
||||
when 'EMAIL_ALIAS' then 'MANAGED_WEBSPACE'
|
||||
when 'EMAIL_ADDRESS' then 'DOMAIN_SETUP'
|
||||
when 'EMAIL_ADDRESS' then 'DOMAIN_EMAIL_SETUP'
|
||||
when 'PGSQL_USER' then 'MANAGED_WEBSPACE'
|
||||
when 'PGSQL_DATABASE' then 'MANAGED_WEBSPACE'
|
||||
when 'MARIADB_USER' then 'MANAGED_WEBSPACE'
|
||||
|
||||
@ -25,40 +25,30 @@ subgraph asset["`**asset**`"]
|
||||
perm:asset:INSERT{{asset:INSERT}}
|
||||
perm:asset:DELETE{{asset:DELETE}}
|
||||
perm:asset:UPDATE{{asset:UPDATE}}
|
||||
perm:asset:SELECT{{asset:SELECT}}
|
||||
end
|
||||
end
|
||||
|
||||
subgraph bookingItem["`**bookingItem**`"]
|
||||
subgraph assignedToAsset["`**assignedToAsset**`"]
|
||||
direction TB
|
||||
style bookingItem fill:#99bcdb,stroke:#274d6e,stroke-width:8px
|
||||
style assignedToAsset fill:#99bcdb,stroke:#274d6e,stroke-width:8px
|
||||
|
||||
subgraph bookingItem:roles[ ]
|
||||
style bookingItem:roles fill:#99bcdb,stroke:white
|
||||
subgraph assignedToAsset:roles[ ]
|
||||
style assignedToAsset:roles fill:#99bcdb,stroke:white
|
||||
|
||||
role:bookingItem:OWNER[[bookingItem:OWNER]]
|
||||
role:bookingItem:ADMIN[[bookingItem:ADMIN]]
|
||||
role:bookingItem:AGENT[[bookingItem:AGENT]]
|
||||
role:bookingItem:TENANT[[bookingItem:TENANT]]
|
||||
role:assignedToAsset:TENANT[[assignedToAsset:TENANT]]
|
||||
end
|
||||
end
|
||||
|
||||
%% granting roles to roles
|
||||
role:bookingItem:OWNER -.-> role:bookingItem:ADMIN
|
||||
role:bookingItem:ADMIN -.-> role:bookingItem:AGENT
|
||||
role:bookingItem:AGENT -.-> role:bookingItem:TENANT
|
||||
role:bookingItem:ADMIN ==> role:asset:OWNER
|
||||
role:asset:OWNER ==> role:asset:ADMIN
|
||||
role:bookingItem:AGENT ==> role:asset:ADMIN
|
||||
role:asset:ADMIN ==> role:asset:AGENT
|
||||
role:asset:AGENT ==> role:assignedToAsset:TENANT
|
||||
role:asset:AGENT ==> role:asset:TENANT
|
||||
role:asset:TENANT ==> role:bookingItem:TENANT
|
||||
role:assignedToAsset:TENANT ==> role:asset:TENANT
|
||||
|
||||
%% granting permissions to roles
|
||||
role:global:ADMIN ==> perm:asset:INSERT
|
||||
role:bookingItem:AGENT ==> perm:asset:INSERT
|
||||
role:asset:OWNER ==> perm:asset:DELETE
|
||||
role:asset:ADMIN ==> perm:asset:UPDATE
|
||||
role:asset:TENANT ==> perm:asset:SELECT
|
||||
|
||||
```
|
||||
|
||||
@ -31,6 +31,7 @@ create or replace procedure buildRbacSystemForHsHostingAsset(
|
||||
|
||||
declare
|
||||
newBookingItem hs_booking_item;
|
||||
newAssignedToAsset hs_hosting_asset;
|
||||
newParentAsset hs_hosting_asset;
|
||||
|
||||
begin
|
||||
@ -38,6 +39,8 @@ begin
|
||||
|
||||
SELECT * FROM hs_booking_item WHERE uuid = NEW.bookingItemUuid INTO newBookingItem;
|
||||
|
||||
SELECT * FROM hs_hosting_asset WHERE uuid = NEW.assignedToAssetUuid INTO newAssignedToAsset;
|
||||
|
||||
SELECT * FROM hs_hosting_asset WHERE uuid = NEW.parentAssetUuid INTO newParentAsset;
|
||||
|
||||
perform createRoleWithGrants(
|
||||
@ -59,13 +62,15 @@ begin
|
||||
|
||||
perform createRoleWithGrants(
|
||||
hsHostingAssetAGENT(NEW),
|
||||
incomingSuperRoles => array[hsHostingAssetADMIN(NEW)]
|
||||
incomingSuperRoles => array[hsHostingAssetADMIN(NEW)],
|
||||
outgoingSubRoles => array[hsHostingAssetTENANT(newAssignedToAsset)]
|
||||
);
|
||||
|
||||
perform createRoleWithGrants(
|
||||
hsHostingAssetTENANT(NEW),
|
||||
permissions => array['SELECT'],
|
||||
incomingSuperRoles => array[hsHostingAssetAGENT(NEW)],
|
||||
incomingSuperRoles => array[
|
||||
hsHostingAssetAGENT(NEW),
|
||||
hsHostingAssetTENANT(newAssignedToAsset)],
|
||||
outgoingSubRoles => array[
|
||||
hsBookingItemTENANT(newBookingItem),
|
||||
hsHostingAssetTENANT(newParentAsset)]
|
||||
@ -197,11 +202,11 @@ create or replace function new_hs_hosting_asset_grants_insert_to_hs_hosting_asse
|
||||
language plpgsql
|
||||
strict as $$
|
||||
begin
|
||||
if NEW.type = 'MANAGED_SERVER' then
|
||||
-- unconditional for all rows in that table
|
||||
call grantPermissionToRole(
|
||||
createPermission(NEW.uuid, 'INSERT', 'hs_hosting_asset'),
|
||||
hsHostingAssetADMIN(NEW));
|
||||
end if;
|
||||
-- end.
|
||||
return NEW;
|
||||
end; $$;
|
||||
|
||||
|
||||
@ -16,7 +16,11 @@ declare
|
||||
relatedDebitor hs_office_debitor;
|
||||
relatedPrivateCloudBookingItem hs_booking_item;
|
||||
relatedManagedServerBookingItem hs_booking_item;
|
||||
debitorNumberSuffix varchar;
|
||||
defaultPrefix varchar;
|
||||
managedServerUuid uuid;
|
||||
managedWebspaceUuid uuid;
|
||||
webUnixUserUuid uuid;
|
||||
begin
|
||||
currentTask := 'creating hosting-asset test-data ' || givenProjectCaption;
|
||||
call defineContext(currentTask, null, 'superuser-alex@hostsharing.net', 'global#global:ADMIN');
|
||||
@ -45,12 +49,18 @@ begin
|
||||
assert relatedManagedServerBookingItem.uuid is not null, 'relatedManagedServerBookingItem for "' || givenProjectCaption|| '" must not be null';
|
||||
|
||||
select uuid_generate_v4() into managedServerUuid;
|
||||
select uuid_generate_v4() into managedWebspaceUuid;
|
||||
select uuid_generate_v4() into webUnixUserUuid;
|
||||
debitorNumberSuffix := relatedDebitor.debitorNumberSuffix;
|
||||
defaultPrefix := relatedDebitor.defaultPrefix;
|
||||
|
||||
insert into hs_hosting_asset
|
||||
(uuid, bookingitemuuid, type, parentAssetUuid, identifier, caption, config)
|
||||
values (managedServerUuid, relatedPrivateCloudBookingItem.uuid, 'MANAGED_SERVER', null, 'vm10' || relatedDebitor.debitorNumberSuffix, 'some ManagedServer', '{ "CPU": 2, "SDD": 512, "extra": 42 }'::jsonb),
|
||||
(uuid_generate_v4(), relatedPrivateCloudBookingItem.uuid, 'CLOUD_SERVER', null, 'vm20' || relatedDebitor.debitorNumberSuffix, 'another CloudServer', '{ "CPU": 2, "HDD": 1024, "extra": 42 }'::jsonb),
|
||||
(uuid_generate_v4(), relatedManagedServerBookingItem.uuid, 'MANAGED_WEBSPACE', managedServerUuid, relatedDebitor.defaultPrefix || '01', 'some Webspace', '{ "RAM": 1, "SDD": 512, "HDD": 2048, "extra": 42 }'::jsonb);
|
||||
(uuid, bookingitemuuid, type, parentAssetUuid, assignedToAssetUuid, identifier, caption, config)
|
||||
values (managedServerUuid, relatedPrivateCloudBookingItem.uuid, 'MANAGED_SERVER', null, null, 'vm10' || debitorNumberSuffix, 'some ManagedServer', '{ "extra": 42 }'::jsonb),
|
||||
(uuid_generate_v4(), relatedPrivateCloudBookingItem.uuid, 'CLOUD_SERVER', null, null, 'vm20' || debitorNumberSuffix, 'another CloudServer', '{ "extra": 42 }'::jsonb),
|
||||
(managedWebspaceUuid, relatedManagedServerBookingItem.uuid, 'MANAGED_WEBSPACE', managedServerUuid, null, defaultPrefix || '01', 'some Webspace', '{ "extra": 42 }'::jsonb),
|
||||
(webUnixUserUuid, null, 'UNIX_USER', managedWebspaceUuid, null, defaultPrefix || '01-web', 'some UnixUser for Website', '{ "SSD-soft-quota": "128", "SSD-hard-quota": "256", "HDD-soft-quota": "512", "HDD-hard-quota": "1024", "extra": 42 }'::jsonb),
|
||||
(uuid_generate_v4(), null, 'DOMAIN_HTTP_SETUP', managedWebspaceUuid, webUnixUserUuid, defaultPrefix || '.example.org', 'some Domain-HTTP-Setup', '{ "option-htdocsfallback": true, "use-fcgiphpbin": "/usr/lib/cgi-bin/php", "validsubdomainnames": "*", "extra": 42 }'::jsonb);
|
||||
end; $$;
|
||||
--//
|
||||
|
||||
|
||||
@ -130,17 +130,19 @@ databaseChangeLog:
|
||||
- include:
|
||||
file: db/changelog/5-hs-office/512-coopassets/5128-hs-office-coopassets-test-data.sql
|
||||
- include:
|
||||
file: db/changelog/6-hs-booking/610-booking-project/6100-hs-booking-project.sql
|
||||
file: db/changelog/6-hs-booking/610-booking-debitor/6100-hs-booking-debitor.sql
|
||||
- include:
|
||||
file: db/changelog/6-hs-booking/610-booking-project/6103-hs-booking-project-rbac.sql
|
||||
file: db/changelog/6-hs-booking/620-booking-project/6200-hs-booking-project.sql
|
||||
- include:
|
||||
file: db/changelog/6-hs-booking/610-booking-project/6108-hs-booking-project-test-data.sql
|
||||
file: db/changelog/6-hs-booking/620-booking-project/6203-hs-booking-project-rbac.sql
|
||||
- include:
|
||||
file: db/changelog/6-hs-booking/620-booking-item/6200-hs-booking-item.sql
|
||||
file: db/changelog/6-hs-booking/620-booking-project/6208-hs-booking-project-test-data.sql
|
||||
- include:
|
||||
file: db/changelog/6-hs-booking/620-booking-item/6203-hs-booking-item-rbac.sql
|
||||
file: db/changelog/6-hs-booking/630-booking-item/6200-hs-booking-item.sql
|
||||
- include:
|
||||
file: db/changelog/6-hs-booking/620-booking-item/6208-hs-booking-item-test-data.sql
|
||||
file: db/changelog/6-hs-booking/630-booking-item/6203-hs-booking-item-rbac.sql
|
||||
- include:
|
||||
file: db/changelog/6-hs-booking/630-booking-item/6208-hs-booking-item-test-data.sql
|
||||
- include:
|
||||
file: db/changelog/7-hs-hosting/701-hosting-asset/7010-hs-hosting-asset.sql
|
||||
- include:
|
||||
|
||||
Reference in New Issue
Block a user