experimental RbacView: API for a potential Mermaid + pl/pgSQL generator

This commit is contained in:
Michael Hoennig 2024-02-21 13:02:54 +01:00
parent 496cdf295b
commit 491516e516
2 changed files with 235 additions and 0 deletions

View File

@ -3,7 +3,10 @@ package net.hostsharing.hsadminng.hs.office.bankaccount;
import lombok.*; import lombok.*;
import lombok.experimental.FieldNameConstants; import lombok.experimental.FieldNameConstants;
import net.hostsharing.hsadminng.errors.DisplayName; import net.hostsharing.hsadminng.errors.DisplayName;
import net.hostsharing.hsadminng.hs.office.debitor.HsOfficeDebitorEntity;
import net.hostsharing.hsadminng.hs.office.relationship.HsOfficeRelationshipEntity;
import net.hostsharing.hsadminng.persistence.HasUuid; import net.hostsharing.hsadminng.persistence.HasUuid;
import net.hostsharing.hsadminng.rbac.rbacdef.RbacView;
import net.hostsharing.hsadminng.stringify.Stringify; import net.hostsharing.hsadminng.stringify.Stringify;
import net.hostsharing.hsadminng.stringify.Stringifyable; import net.hostsharing.hsadminng.stringify.Stringifyable;
@ -13,6 +16,10 @@ import jakarta.persistence.Id;
import jakarta.persistence.Table; import jakarta.persistence.Table;
import java.util.UUID; import java.util.UUID;
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.GLOBAL;
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.*;
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.*;
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.rbacViewFor;
import static net.hostsharing.hsadminng.stringify.Stringify.stringify; import static net.hostsharing.hsadminng.stringify.Stringify.stringify;
@Entity @Entity
@ -50,4 +57,85 @@ public class HsOfficeBankAccountEntity implements HasUuid, Stringifyable {
public String toShortString() { public String toShortString() {
return holder; return holder;
} }
public static RbacView<HsOfficeBankAccountEntity> hsOfficeBankAccount() {
// @formatter:off
return rbacViewFor(HsOfficeBankAccountEntity.class)
.alias("bankAccount")
.withIdentityViewSqlQuery("target.iban || ':' || target.holder")
.withUpdatableColumns("holder", "iban", "bic")
.createRole(OWNER)
.withCurrentUserAsOwner()
.withPermission(ALL)
.withIncomingSuperRole(GLOBAL, ADMIN)
.createSubRole(ADMIN)
.withPermission(UPDATE)
.createSubRole(REFERRER)
.withPermission(READ)
.pop();
// @formatter:on
}
public static RbacView<HsOfficeDebitorEntity> hsOfficeDebitor() {
// @formatter:off
return rbacViewFor(HsOfficeDebitorEntity.class)
.alias("debitor")
.withIdentityViewSqlQuery("""
SELECT debitor.uuid,
'D-' || (SELECT partner.partnerNumber
FROM hs_office_partner partner
JOIN hs_office_relationship partnerRel
ON partnerRel.uuid = partner.partnerRoleUUid AND partnerRel.relType = 'PARTNER'
JOIN hs_office_relationship debitorRel
ON debitorRel.relAnchorUuid = partnerRel.relHolderUuid AND partnerRel.relType = 'ACCOUNTING'
WHERE debitorRel.uuid = debitor.debitorRelUuid)
|| to_char(debitorNumberSuffix, 'fm00')
from hs_office_debitor as debitor;
""")
.withUpdatableColumns(
"debitorRel",
"billable",
"billingContactUuid",
"refundBankAccountUuid",
"vatId",
"vatCountryCode",
"vatBusiness",
"vatreversecharge",
"defaultPrefix" /* TODO: do we want that updatable? */ )
.createPermission(extraPermission("new-debitor")).grantedTo("global", ADMIN).pop()
.defineEntityAlias("debitorRel", HsOfficeRelationshipEntity.class, """
SELECT *
FROM hs_office_relationship AS r
WHERE r.relType = 'ACCOUNTING' AND r.relHolderUuid = ${REF}.debitorRelUuid;
""", "debitorRelUuid")
.createPermission(ALL).grantedTo("hsOfficeRelationship:DEBITOR", OWNER).pop()
.createPermission(UPDATE).grantedTo("hsOfficeRelationship:DEBITOR", ADMIN).pop()
.createPermission(READ).grantedTo("hsOfficeRelationship:DEBITOR", TENANT).pop()
.defineEntityAlias("bankAccount", HsOfficeBankAccountEntity.class, """
SELECT *
FROM hs_office_relationship AS r
WHERE r.relType = 'ACCOUNTING' AND r.relHolderUuid = ${REF}.debitorRelUuid;
""", "bankAccountUuid")
.toRole("hsOfficeBankAccount", ADMIN).grantRole("debitorRel", AGENT)
.toRole("debitorRel", AGENT).grantRole("hsOfficeBankAccount", REFERRER)
.defineEntityAlias("partnerRel", HsOfficeRelationshipEntity.class, """
SELECT *
FROM hs_office_relationship AS partnerRel
WHERE ${debitorRel}.relAnchorUuid = partnerRel.relHolderUuid;
""", "debitorRelUuid")
.toRole("partnerRel", ADMIN).grantRole("debitorRel", ADMIN)
.toRole("debitorRel", ADMIN).grantRole("partnerRel", AGENT)
.toRole("partnerRel", AGENT).grantRole("debitorRel", AGENT)
.toRole("debitorRel", AGENT).grantRole("partnerRel", TENANT)
.declareEntityAliases("partnerPerson", "operationalPerson")
.forExampleRole("partnerPerson", ADMIN).wouldBeGrantedTo("partnerRel", ADMIN)
.forExampleRole("operationalPerson", ADMIN).wouldBeGrantedTo("partnerRel", ADMIN)
.forExampleRole("partnerRel", TENANT).wouldBeGrantedTo("partnerPerson", REFERRER);
// @formatter:on
}
} }

View File

@ -0,0 +1,147 @@
package net.hostsharing.hsadminng.rbac.rbacdef;
import net.hostsharing.hsadminng.hs.office.relationship.HsOfficeRelationshipEntity;
import net.hostsharing.hsadminng.persistence.HasUuid;
public class RbacView<E extends HasUuid> {
public static final String GLOBAL = "global";
public static <E extends HasUuid> RbacView<E> rbacViewFor(final Class<E> entityClass) {
return new RbacView<>(entityClass);
}
RbacView(final Class<E> entityClass) {
}
public RbacView<E> alias(final String bankAccount) {
return this;
}
public RbacView<E> withUpdatableColumns(final String... columnNames) {
return this;
}
public RbacView<E> withIdentityViewSqlQuery(final String sqlExpression) {
return this;
}
public RbacRoleDefinition<E> createRole(final Role role) {
return new RbacRoleDefinition<>(role);
}
public RbacPermissionDefinition<E> createPermission(final Permission permission) {
return new RbacPermissionDefinition<>(permission);
}
public <EC extends HasUuid> RbacView<E> declareEntityAliases(final String... aliases) {
return this;
}
public <EC extends HasUuid> RbacView<E> defineEntityAlias(
final String alias, final Class<EC> entityClass, final String fetchSql, final String dependsOnColum) {
return this;
}
public RbacRole toRole(final String hsOfficeBankAccount, final Role role) {
return new RbacRole(hsOfficeBankAccount, role);
}
public RbacExampleRole forExampleRole(final String entityAlias, final Role role) {
return new RbacExampleRole(entityAlias, role);
}
public class RbacRole {
public RbacRole(final String entityAlias, final Role role) {
}
public RbacView<E> grantRole(final String entityAlias, final Role role) {
return RbacView.this;
}
}
public class RbacExampleRole {
public RbacExampleRole(final String entityAlias, final Role role) {
}
public RbacView<E> wouldBeGrantedTo(final String entityAlias, final Role role) {
return RbacView.this;
}
}
public class RbacPermissionDefinition<EC> {
public RbacPermissionDefinition(final Permission permission) {
}
public RbacView<E> pop() {
return RbacView.this;
}
public RbacPermissionDefinition<EC> withIncomingSuperRole(
final Class<HsOfficeRelationshipEntity> hsOfficeRelationshipEntityClass,
final Role owner) {
return this;
}
public RbacPermissionDefinition<EC> grantedTo(final String entityAlias, final Role owner) {
return this;
}
}
public class RbacRoleDefinition<EC> {
public RbacRoleDefinition(final Role role) {
}
public RbacRoleDefinition<EC> withCurrentUserAsOwner() {
return this;
}
public RbacRoleDefinition<EC> withPermission(final Permission permission) {
return this;
}
public RbacRoleDefinition<EC> withIncomingSuperRole(final String tableName, final Role role) {
return this;
}
public RbacRoleDefinition<EC> createSubRole(final Role role) {
return this;
}
public RbacView<E> pop() {
return RbacView.this;
}
}
public static class Role {
public static final Role OWNER = new Role("owner");
public static final Role ADMIN = new Role("admin");
public static final Role AGENT = new Role("agent");
public static final Role TENANT = new Role("tenant");
public static final Role REFERRER = new Role("referrer");
public Role(final String roleName) {
}
}
public static class Permission {
public static final Permission ALL = new Permission("*");
public static final Permission UPDATE = new Permission("edit");
public static final Permission READ = new Permission("view");
public static Permission extraPermission(final String permission) {
return new Permission(permission);
}
final String permission;
private Permission(final String permission) {
this.permission = permission;
}
}
}