experimental RbacView: API for a potential Mermaid + pl/pgSQL generator
This commit is contained in:
parent
496cdf295b
commit
491516e516
@ -3,7 +3,10 @@ package net.hostsharing.hsadminng.hs.office.bankaccount;
|
||||
import lombok.*;
|
||||
import lombok.experimental.FieldNameConstants;
|
||||
import net.hostsharing.hsadminng.errors.DisplayName;
|
||||
import net.hostsharing.hsadminng.hs.office.debitor.HsOfficeDebitorEntity;
|
||||
import net.hostsharing.hsadminng.hs.office.relationship.HsOfficeRelationshipEntity;
|
||||
import net.hostsharing.hsadminng.persistence.HasUuid;
|
||||
import net.hostsharing.hsadminng.rbac.rbacdef.RbacView;
|
||||
import net.hostsharing.hsadminng.stringify.Stringify;
|
||||
import net.hostsharing.hsadminng.stringify.Stringifyable;
|
||||
|
||||
@ -13,6 +16,10 @@ import jakarta.persistence.Id;
|
||||
import jakarta.persistence.Table;
|
||||
import java.util.UUID;
|
||||
|
||||
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.GLOBAL;
|
||||
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.*;
|
||||
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.*;
|
||||
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.rbacViewFor;
|
||||
import static net.hostsharing.hsadminng.stringify.Stringify.stringify;
|
||||
|
||||
@Entity
|
||||
@ -50,4 +57,85 @@ public class HsOfficeBankAccountEntity implements HasUuid, Stringifyable {
|
||||
public String toShortString() {
|
||||
return holder;
|
||||
}
|
||||
|
||||
public static RbacView<HsOfficeBankAccountEntity> hsOfficeBankAccount() {
|
||||
// @formatter:off
|
||||
return rbacViewFor(HsOfficeBankAccountEntity.class)
|
||||
.alias("bankAccount")
|
||||
.withIdentityViewSqlQuery("target.iban || ':' || target.holder")
|
||||
.withUpdatableColumns("holder", "iban", "bic")
|
||||
.createRole(OWNER)
|
||||
.withCurrentUserAsOwner()
|
||||
.withPermission(ALL)
|
||||
.withIncomingSuperRole(GLOBAL, ADMIN)
|
||||
.createSubRole(ADMIN)
|
||||
.withPermission(UPDATE)
|
||||
.createSubRole(REFERRER)
|
||||
.withPermission(READ)
|
||||
.pop();
|
||||
// @formatter:on
|
||||
}
|
||||
|
||||
public static RbacView<HsOfficeDebitorEntity> hsOfficeDebitor() {
|
||||
// @formatter:off
|
||||
return rbacViewFor(HsOfficeDebitorEntity.class)
|
||||
.alias("debitor")
|
||||
.withIdentityViewSqlQuery("""
|
||||
SELECT debitor.uuid,
|
||||
'D-' || (SELECT partner.partnerNumber
|
||||
FROM hs_office_partner partner
|
||||
JOIN hs_office_relationship partnerRel
|
||||
ON partnerRel.uuid = partner.partnerRoleUUid AND partnerRel.relType = 'PARTNER'
|
||||
JOIN hs_office_relationship debitorRel
|
||||
ON debitorRel.relAnchorUuid = partnerRel.relHolderUuid AND partnerRel.relType = 'ACCOUNTING'
|
||||
WHERE debitorRel.uuid = debitor.debitorRelUuid)
|
||||
|| to_char(debitorNumberSuffix, 'fm00')
|
||||
from hs_office_debitor as debitor;
|
||||
""")
|
||||
.withUpdatableColumns(
|
||||
"debitorRel",
|
||||
"billable",
|
||||
"billingContactUuid",
|
||||
"refundBankAccountUuid",
|
||||
"vatId",
|
||||
"vatCountryCode",
|
||||
"vatBusiness",
|
||||
"vatreversecharge",
|
||||
"defaultPrefix" /* TODO: do we want that updatable? */ )
|
||||
.createPermission(extraPermission("new-debitor")).grantedTo("global", ADMIN).pop()
|
||||
|
||||
.defineEntityAlias("debitorRel", HsOfficeRelationshipEntity.class, """
|
||||
SELECT *
|
||||
FROM hs_office_relationship AS r
|
||||
WHERE r.relType = 'ACCOUNTING' AND r.relHolderUuid = ${REF}.debitorRelUuid;
|
||||
""", "debitorRelUuid")
|
||||
.createPermission(ALL).grantedTo("hsOfficeRelationship:DEBITOR", OWNER).pop()
|
||||
.createPermission(UPDATE).grantedTo("hsOfficeRelationship:DEBITOR", ADMIN).pop()
|
||||
.createPermission(READ).grantedTo("hsOfficeRelationship:DEBITOR", TENANT).pop()
|
||||
|
||||
.defineEntityAlias("bankAccount", HsOfficeBankAccountEntity.class, """
|
||||
SELECT *
|
||||
FROM hs_office_relationship AS r
|
||||
WHERE r.relType = 'ACCOUNTING' AND r.relHolderUuid = ${REF}.debitorRelUuid;
|
||||
""", "bankAccountUuid")
|
||||
.toRole("hsOfficeBankAccount", ADMIN).grantRole("debitorRel", AGENT)
|
||||
.toRole("debitorRel", AGENT).grantRole("hsOfficeBankAccount", REFERRER)
|
||||
|
||||
.defineEntityAlias("partnerRel", HsOfficeRelationshipEntity.class, """
|
||||
SELECT *
|
||||
FROM hs_office_relationship AS partnerRel
|
||||
WHERE ${debitorRel}.relAnchorUuid = partnerRel.relHolderUuid;
|
||||
""", "debitorRelUuid")
|
||||
.toRole("partnerRel", ADMIN).grantRole("debitorRel", ADMIN)
|
||||
.toRole("debitorRel", ADMIN).grantRole("partnerRel", AGENT)
|
||||
.toRole("partnerRel", AGENT).grantRole("debitorRel", AGENT)
|
||||
.toRole("debitorRel", AGENT).grantRole("partnerRel", TENANT)
|
||||
.declareEntityAliases("partnerPerson", "operationalPerson")
|
||||
.forExampleRole("partnerPerson", ADMIN).wouldBeGrantedTo("partnerRel", ADMIN)
|
||||
.forExampleRole("operationalPerson", ADMIN).wouldBeGrantedTo("partnerRel", ADMIN)
|
||||
.forExampleRole("partnerRel", TENANT).wouldBeGrantedTo("partnerPerson", REFERRER);
|
||||
|
||||
|
||||
// @formatter:on
|
||||
}
|
||||
}
|
||||
|
@ -0,0 +1,147 @@
|
||||
package net.hostsharing.hsadminng.rbac.rbacdef;
|
||||
|
||||
import net.hostsharing.hsadminng.hs.office.relationship.HsOfficeRelationshipEntity;
|
||||
import net.hostsharing.hsadminng.persistence.HasUuid;
|
||||
|
||||
public class RbacView<E extends HasUuid> {
|
||||
|
||||
public static final String GLOBAL = "global";
|
||||
|
||||
public static <E extends HasUuid> RbacView<E> rbacViewFor(final Class<E> entityClass) {
|
||||
return new RbacView<>(entityClass);
|
||||
}
|
||||
|
||||
RbacView(final Class<E> entityClass) {
|
||||
|
||||
}
|
||||
public RbacView<E> alias(final String bankAccount) {
|
||||
return this;
|
||||
}
|
||||
|
||||
public RbacView<E> withUpdatableColumns(final String... columnNames) {
|
||||
return this;
|
||||
}
|
||||
|
||||
public RbacView<E> withIdentityViewSqlQuery(final String sqlExpression) {
|
||||
return this;
|
||||
}
|
||||
|
||||
public RbacRoleDefinition<E> createRole(final Role role) {
|
||||
return new RbacRoleDefinition<>(role);
|
||||
}
|
||||
|
||||
public RbacPermissionDefinition<E> createPermission(final Permission permission) {
|
||||
return new RbacPermissionDefinition<>(permission);
|
||||
}
|
||||
|
||||
public <EC extends HasUuid> RbacView<E> declareEntityAliases(final String... aliases) {
|
||||
return this;
|
||||
}
|
||||
|
||||
public <EC extends HasUuid> RbacView<E> defineEntityAlias(
|
||||
final String alias, final Class<EC> entityClass, final String fetchSql, final String dependsOnColum) {
|
||||
return this;
|
||||
}
|
||||
|
||||
public RbacRole toRole(final String hsOfficeBankAccount, final Role role) {
|
||||
return new RbacRole(hsOfficeBankAccount, role);
|
||||
}
|
||||
|
||||
public RbacExampleRole forExampleRole(final String entityAlias, final Role role) {
|
||||
return new RbacExampleRole(entityAlias, role);
|
||||
}
|
||||
|
||||
public class RbacRole {
|
||||
|
||||
public RbacRole(final String entityAlias, final Role role) {
|
||||
}
|
||||
|
||||
public RbacView<E> grantRole(final String entityAlias, final Role role) {
|
||||
return RbacView.this;
|
||||
}
|
||||
}
|
||||
|
||||
public class RbacExampleRole {
|
||||
|
||||
public RbacExampleRole(final String entityAlias, final Role role) {
|
||||
}
|
||||
|
||||
public RbacView<E> wouldBeGrantedTo(final String entityAlias, final Role role) {
|
||||
return RbacView.this;
|
||||
}
|
||||
}
|
||||
|
||||
public class RbacPermissionDefinition<EC> {
|
||||
|
||||
public RbacPermissionDefinition(final Permission permission) {
|
||||
}
|
||||
|
||||
public RbacView<E> pop() {
|
||||
return RbacView.this;
|
||||
}
|
||||
|
||||
public RbacPermissionDefinition<EC> withIncomingSuperRole(
|
||||
final Class<HsOfficeRelationshipEntity> hsOfficeRelationshipEntityClass,
|
||||
final Role owner) {
|
||||
return this;
|
||||
}
|
||||
|
||||
public RbacPermissionDefinition<EC> grantedTo(final String entityAlias, final Role owner) {
|
||||
return this;
|
||||
}
|
||||
}
|
||||
|
||||
public class RbacRoleDefinition<EC> {
|
||||
|
||||
public RbacRoleDefinition(final Role role) {
|
||||
}
|
||||
|
||||
public RbacRoleDefinition<EC> withCurrentUserAsOwner() {
|
||||
return this;
|
||||
}
|
||||
|
||||
public RbacRoleDefinition<EC> withPermission(final Permission permission) {
|
||||
return this;
|
||||
}
|
||||
|
||||
public RbacRoleDefinition<EC> withIncomingSuperRole(final String tableName, final Role role) {
|
||||
return this;
|
||||
}
|
||||
|
||||
public RbacRoleDefinition<EC> createSubRole(final Role role) {
|
||||
return this;
|
||||
}
|
||||
|
||||
public RbacView<E> pop() {
|
||||
return RbacView.this;
|
||||
}
|
||||
}
|
||||
|
||||
public static class Role {
|
||||
public static final Role OWNER = new Role("owner");
|
||||
public static final Role ADMIN = new Role("admin");
|
||||
public static final Role AGENT = new Role("agent");
|
||||
public static final Role TENANT = new Role("tenant");
|
||||
public static final Role REFERRER = new Role("referrer");
|
||||
|
||||
public Role(final String roleName) {
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
public static class Permission {
|
||||
public static final Permission ALL = new Permission("*");
|
||||
public static final Permission UPDATE = new Permission("edit");
|
||||
public static final Permission READ = new Permission("view");
|
||||
|
||||
public static Permission extraPermission(final String permission) {
|
||||
return new Permission(permission);
|
||||
}
|
||||
|
||||
final String permission;
|
||||
|
||||
private Permission(final String permission) {
|
||||
this.permission = permission;
|
||||
}
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue
Block a user