experimental RbacView: API for a potential Mermaid + pl/pgSQL generator
This commit is contained in:
parent
496cdf295b
commit
491516e516
@ -3,7 +3,10 @@ package net.hostsharing.hsadminng.hs.office.bankaccount;
|
|||||||
import lombok.*;
|
import lombok.*;
|
||||||
import lombok.experimental.FieldNameConstants;
|
import lombok.experimental.FieldNameConstants;
|
||||||
import net.hostsharing.hsadminng.errors.DisplayName;
|
import net.hostsharing.hsadminng.errors.DisplayName;
|
||||||
|
import net.hostsharing.hsadminng.hs.office.debitor.HsOfficeDebitorEntity;
|
||||||
|
import net.hostsharing.hsadminng.hs.office.relationship.HsOfficeRelationshipEntity;
|
||||||
import net.hostsharing.hsadminng.persistence.HasUuid;
|
import net.hostsharing.hsadminng.persistence.HasUuid;
|
||||||
|
import net.hostsharing.hsadminng.rbac.rbacdef.RbacView;
|
||||||
import net.hostsharing.hsadminng.stringify.Stringify;
|
import net.hostsharing.hsadminng.stringify.Stringify;
|
||||||
import net.hostsharing.hsadminng.stringify.Stringifyable;
|
import net.hostsharing.hsadminng.stringify.Stringifyable;
|
||||||
|
|
||||||
@ -13,6 +16,10 @@ import jakarta.persistence.Id;
|
|||||||
import jakarta.persistence.Table;
|
import jakarta.persistence.Table;
|
||||||
import java.util.UUID;
|
import java.util.UUID;
|
||||||
|
|
||||||
|
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.GLOBAL;
|
||||||
|
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.*;
|
||||||
|
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.*;
|
||||||
|
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.rbacViewFor;
|
||||||
import static net.hostsharing.hsadminng.stringify.Stringify.stringify;
|
import static net.hostsharing.hsadminng.stringify.Stringify.stringify;
|
||||||
|
|
||||||
@Entity
|
@Entity
|
||||||
@ -50,4 +57,85 @@ public class HsOfficeBankAccountEntity implements HasUuid, Stringifyable {
|
|||||||
public String toShortString() {
|
public String toShortString() {
|
||||||
return holder;
|
return holder;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public static RbacView<HsOfficeBankAccountEntity> hsOfficeBankAccount() {
|
||||||
|
// @formatter:off
|
||||||
|
return rbacViewFor(HsOfficeBankAccountEntity.class)
|
||||||
|
.alias("bankAccount")
|
||||||
|
.withIdentityViewSqlQuery("target.iban || ':' || target.holder")
|
||||||
|
.withUpdatableColumns("holder", "iban", "bic")
|
||||||
|
.createRole(OWNER)
|
||||||
|
.withCurrentUserAsOwner()
|
||||||
|
.withPermission(ALL)
|
||||||
|
.withIncomingSuperRole(GLOBAL, ADMIN)
|
||||||
|
.createSubRole(ADMIN)
|
||||||
|
.withPermission(UPDATE)
|
||||||
|
.createSubRole(REFERRER)
|
||||||
|
.withPermission(READ)
|
||||||
|
.pop();
|
||||||
|
// @formatter:on
|
||||||
|
}
|
||||||
|
|
||||||
|
public static RbacView<HsOfficeDebitorEntity> hsOfficeDebitor() {
|
||||||
|
// @formatter:off
|
||||||
|
return rbacViewFor(HsOfficeDebitorEntity.class)
|
||||||
|
.alias("debitor")
|
||||||
|
.withIdentityViewSqlQuery("""
|
||||||
|
SELECT debitor.uuid,
|
||||||
|
'D-' || (SELECT partner.partnerNumber
|
||||||
|
FROM hs_office_partner partner
|
||||||
|
JOIN hs_office_relationship partnerRel
|
||||||
|
ON partnerRel.uuid = partner.partnerRoleUUid AND partnerRel.relType = 'PARTNER'
|
||||||
|
JOIN hs_office_relationship debitorRel
|
||||||
|
ON debitorRel.relAnchorUuid = partnerRel.relHolderUuid AND partnerRel.relType = 'ACCOUNTING'
|
||||||
|
WHERE debitorRel.uuid = debitor.debitorRelUuid)
|
||||||
|
|| to_char(debitorNumberSuffix, 'fm00')
|
||||||
|
from hs_office_debitor as debitor;
|
||||||
|
""")
|
||||||
|
.withUpdatableColumns(
|
||||||
|
"debitorRel",
|
||||||
|
"billable",
|
||||||
|
"billingContactUuid",
|
||||||
|
"refundBankAccountUuid",
|
||||||
|
"vatId",
|
||||||
|
"vatCountryCode",
|
||||||
|
"vatBusiness",
|
||||||
|
"vatreversecharge",
|
||||||
|
"defaultPrefix" /* TODO: do we want that updatable? */ )
|
||||||
|
.createPermission(extraPermission("new-debitor")).grantedTo("global", ADMIN).pop()
|
||||||
|
|
||||||
|
.defineEntityAlias("debitorRel", HsOfficeRelationshipEntity.class, """
|
||||||
|
SELECT *
|
||||||
|
FROM hs_office_relationship AS r
|
||||||
|
WHERE r.relType = 'ACCOUNTING' AND r.relHolderUuid = ${REF}.debitorRelUuid;
|
||||||
|
""", "debitorRelUuid")
|
||||||
|
.createPermission(ALL).grantedTo("hsOfficeRelationship:DEBITOR", OWNER).pop()
|
||||||
|
.createPermission(UPDATE).grantedTo("hsOfficeRelationship:DEBITOR", ADMIN).pop()
|
||||||
|
.createPermission(READ).grantedTo("hsOfficeRelationship:DEBITOR", TENANT).pop()
|
||||||
|
|
||||||
|
.defineEntityAlias("bankAccount", HsOfficeBankAccountEntity.class, """
|
||||||
|
SELECT *
|
||||||
|
FROM hs_office_relationship AS r
|
||||||
|
WHERE r.relType = 'ACCOUNTING' AND r.relHolderUuid = ${REF}.debitorRelUuid;
|
||||||
|
""", "bankAccountUuid")
|
||||||
|
.toRole("hsOfficeBankAccount", ADMIN).grantRole("debitorRel", AGENT)
|
||||||
|
.toRole("debitorRel", AGENT).grantRole("hsOfficeBankAccount", REFERRER)
|
||||||
|
|
||||||
|
.defineEntityAlias("partnerRel", HsOfficeRelationshipEntity.class, """
|
||||||
|
SELECT *
|
||||||
|
FROM hs_office_relationship AS partnerRel
|
||||||
|
WHERE ${debitorRel}.relAnchorUuid = partnerRel.relHolderUuid;
|
||||||
|
""", "debitorRelUuid")
|
||||||
|
.toRole("partnerRel", ADMIN).grantRole("debitorRel", ADMIN)
|
||||||
|
.toRole("debitorRel", ADMIN).grantRole("partnerRel", AGENT)
|
||||||
|
.toRole("partnerRel", AGENT).grantRole("debitorRel", AGENT)
|
||||||
|
.toRole("debitorRel", AGENT).grantRole("partnerRel", TENANT)
|
||||||
|
.declareEntityAliases("partnerPerson", "operationalPerson")
|
||||||
|
.forExampleRole("partnerPerson", ADMIN).wouldBeGrantedTo("partnerRel", ADMIN)
|
||||||
|
.forExampleRole("operationalPerson", ADMIN).wouldBeGrantedTo("partnerRel", ADMIN)
|
||||||
|
.forExampleRole("partnerRel", TENANT).wouldBeGrantedTo("partnerPerson", REFERRER);
|
||||||
|
|
||||||
|
|
||||||
|
// @formatter:on
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
@ -0,0 +1,147 @@
|
|||||||
|
package net.hostsharing.hsadminng.rbac.rbacdef;
|
||||||
|
|
||||||
|
import net.hostsharing.hsadminng.hs.office.relationship.HsOfficeRelationshipEntity;
|
||||||
|
import net.hostsharing.hsadminng.persistence.HasUuid;
|
||||||
|
|
||||||
|
public class RbacView<E extends HasUuid> {
|
||||||
|
|
||||||
|
public static final String GLOBAL = "global";
|
||||||
|
|
||||||
|
public static <E extends HasUuid> RbacView<E> rbacViewFor(final Class<E> entityClass) {
|
||||||
|
return new RbacView<>(entityClass);
|
||||||
|
}
|
||||||
|
|
||||||
|
RbacView(final Class<E> entityClass) {
|
||||||
|
|
||||||
|
}
|
||||||
|
public RbacView<E> alias(final String bankAccount) {
|
||||||
|
return this;
|
||||||
|
}
|
||||||
|
|
||||||
|
public RbacView<E> withUpdatableColumns(final String... columnNames) {
|
||||||
|
return this;
|
||||||
|
}
|
||||||
|
|
||||||
|
public RbacView<E> withIdentityViewSqlQuery(final String sqlExpression) {
|
||||||
|
return this;
|
||||||
|
}
|
||||||
|
|
||||||
|
public RbacRoleDefinition<E> createRole(final Role role) {
|
||||||
|
return new RbacRoleDefinition<>(role);
|
||||||
|
}
|
||||||
|
|
||||||
|
public RbacPermissionDefinition<E> createPermission(final Permission permission) {
|
||||||
|
return new RbacPermissionDefinition<>(permission);
|
||||||
|
}
|
||||||
|
|
||||||
|
public <EC extends HasUuid> RbacView<E> declareEntityAliases(final String... aliases) {
|
||||||
|
return this;
|
||||||
|
}
|
||||||
|
|
||||||
|
public <EC extends HasUuid> RbacView<E> defineEntityAlias(
|
||||||
|
final String alias, final Class<EC> entityClass, final String fetchSql, final String dependsOnColum) {
|
||||||
|
return this;
|
||||||
|
}
|
||||||
|
|
||||||
|
public RbacRole toRole(final String hsOfficeBankAccount, final Role role) {
|
||||||
|
return new RbacRole(hsOfficeBankAccount, role);
|
||||||
|
}
|
||||||
|
|
||||||
|
public RbacExampleRole forExampleRole(final String entityAlias, final Role role) {
|
||||||
|
return new RbacExampleRole(entityAlias, role);
|
||||||
|
}
|
||||||
|
|
||||||
|
public class RbacRole {
|
||||||
|
|
||||||
|
public RbacRole(final String entityAlias, final Role role) {
|
||||||
|
}
|
||||||
|
|
||||||
|
public RbacView<E> grantRole(final String entityAlias, final Role role) {
|
||||||
|
return RbacView.this;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
public class RbacExampleRole {
|
||||||
|
|
||||||
|
public RbacExampleRole(final String entityAlias, final Role role) {
|
||||||
|
}
|
||||||
|
|
||||||
|
public RbacView<E> wouldBeGrantedTo(final String entityAlias, final Role role) {
|
||||||
|
return RbacView.this;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
public class RbacPermissionDefinition<EC> {
|
||||||
|
|
||||||
|
public RbacPermissionDefinition(final Permission permission) {
|
||||||
|
}
|
||||||
|
|
||||||
|
public RbacView<E> pop() {
|
||||||
|
return RbacView.this;
|
||||||
|
}
|
||||||
|
|
||||||
|
public RbacPermissionDefinition<EC> withIncomingSuperRole(
|
||||||
|
final Class<HsOfficeRelationshipEntity> hsOfficeRelationshipEntityClass,
|
||||||
|
final Role owner) {
|
||||||
|
return this;
|
||||||
|
}
|
||||||
|
|
||||||
|
public RbacPermissionDefinition<EC> grantedTo(final String entityAlias, final Role owner) {
|
||||||
|
return this;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
public class RbacRoleDefinition<EC> {
|
||||||
|
|
||||||
|
public RbacRoleDefinition(final Role role) {
|
||||||
|
}
|
||||||
|
|
||||||
|
public RbacRoleDefinition<EC> withCurrentUserAsOwner() {
|
||||||
|
return this;
|
||||||
|
}
|
||||||
|
|
||||||
|
public RbacRoleDefinition<EC> withPermission(final Permission permission) {
|
||||||
|
return this;
|
||||||
|
}
|
||||||
|
|
||||||
|
public RbacRoleDefinition<EC> withIncomingSuperRole(final String tableName, final Role role) {
|
||||||
|
return this;
|
||||||
|
}
|
||||||
|
|
||||||
|
public RbacRoleDefinition<EC> createSubRole(final Role role) {
|
||||||
|
return this;
|
||||||
|
}
|
||||||
|
|
||||||
|
public RbacView<E> pop() {
|
||||||
|
return RbacView.this;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
public static class Role {
|
||||||
|
public static final Role OWNER = new Role("owner");
|
||||||
|
public static final Role ADMIN = new Role("admin");
|
||||||
|
public static final Role AGENT = new Role("agent");
|
||||||
|
public static final Role TENANT = new Role("tenant");
|
||||||
|
public static final Role REFERRER = new Role("referrer");
|
||||||
|
|
||||||
|
public Role(final String roleName) {
|
||||||
|
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
public static class Permission {
|
||||||
|
public static final Permission ALL = new Permission("*");
|
||||||
|
public static final Permission UPDATE = new Permission("edit");
|
||||||
|
public static final Permission READ = new Permission("view");
|
||||||
|
|
||||||
|
public static Permission extraPermission(final String permission) {
|
||||||
|
return new Permission(permission);
|
||||||
|
}
|
||||||
|
|
||||||
|
final String permission;
|
||||||
|
|
||||||
|
private Permission(final String permission) {
|
||||||
|
this.permission = permission;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
Loading…
Reference in New Issue
Block a user