fix RbacGrantsDiagramService to support multiple INSERT permissions
This commit is contained in:
parent
c85d47c237
commit
c8eb5f86d4
@ -30,7 +30,7 @@ public class RbacGrantsDiagramService {
|
|||||||
try (BufferedWriter writer = new BufferedWriter(new FileWriter(fileName))) {
|
try (BufferedWriter writer = new BufferedWriter(new FileWriter(fileName))) {
|
||||||
writer.write("""
|
writer.write("""
|
||||||
### all grants to %s
|
### all grants to %s
|
||||||
|
|
||||||
```mermaid
|
```mermaid
|
||||||
%s
|
%s
|
||||||
```
|
```
|
||||||
@ -49,8 +49,18 @@ public class RbacGrantsDiagramService {
|
|||||||
NON_TEST_ENTITIES;
|
NON_TEST_ENTITIES;
|
||||||
|
|
||||||
public static final EnumSet<Include> ALL = EnumSet.allOf(Include.class);
|
public static final EnumSet<Include> ALL = EnumSet.allOf(Include.class);
|
||||||
public static final EnumSet<Include> ALL_TEST_ENTITY_RELATED = EnumSet.of(USERS, DETAILS, NOT_ASSUMED, TEST_ENTITIES, PERMISSIONS);
|
public static final EnumSet<Include> ALL_TEST_ENTITY_RELATED = EnumSet.of(
|
||||||
public static final EnumSet<Include> ALL_NON_TEST_ENTITY_RELATED = EnumSet.of(USERS, DETAILS, NOT_ASSUMED, NON_TEST_ENTITIES, PERMISSIONS);
|
USERS,
|
||||||
|
DETAILS,
|
||||||
|
NOT_ASSUMED,
|
||||||
|
TEST_ENTITIES,
|
||||||
|
PERMISSIONS);
|
||||||
|
public static final EnumSet<Include> ALL_NON_TEST_ENTITY_RELATED = EnumSet.of(
|
||||||
|
USERS,
|
||||||
|
DETAILS,
|
||||||
|
NOT_ASSUMED,
|
||||||
|
NON_TEST_ENTITIES,
|
||||||
|
PERMISSIONS);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Autowired
|
@Autowired
|
||||||
@ -66,9 +76,9 @@ public class RbacGrantsDiagramService {
|
|||||||
|
|
||||||
public String allGrantsTocurrentSubject(final EnumSet<Include> includes) {
|
public String allGrantsTocurrentSubject(final EnumSet<Include> includes) {
|
||||||
final var graph = new LimitedHashSet<RawRbacGrantEntity>();
|
final var graph = new LimitedHashSet<RawRbacGrantEntity>();
|
||||||
for ( UUID subjectUuid: context.fetchCurrentSubjectOrAssumedRolesUuids() ) {
|
for (UUID subjectUuid : context.fetchCurrentSubjectOrAssumedRolesUuids()) {
|
||||||
traverseGrantsTo(graph, subjectUuid, includes);
|
traverseGrantsTo(graph, subjectUuid, includes);
|
||||||
}
|
}
|
||||||
return toMermaidFlowchart(graph, includes);
|
return toMermaidFlowchart(graph, includes);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -78,7 +88,7 @@ public class RbacGrantsDiagramService {
|
|||||||
if (!includes.contains(PERMISSIONS) && g.getDescendantIdName().startsWith("perm:")) {
|
if (!includes.contains(PERMISSIONS) && g.getDescendantIdName().startsWith("perm:")) {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
if ( !g.getDescendantIdName().startsWith("role:rbac.global")) {
|
if (!g.getDescendantIdName().startsWith("role:rbac.global")) {
|
||||||
if (!includes.contains(TEST_ENTITIES) && g.getDescendantIdName().contains(":rbactest.")) {
|
if (!includes.contains(TEST_ENTITIES) && g.getDescendantIdName().contains(":rbactest.")) {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
@ -96,12 +106,15 @@ public class RbacGrantsDiagramService {
|
|||||||
public String allGrantsFrom(final UUID targetObject, final String op, final EnumSet<Include> includes) {
|
public String allGrantsFrom(final UUID targetObject, final String op, final EnumSet<Include> includes) {
|
||||||
final var graph = new LimitedHashSet<RawRbacGrantEntity>();
|
final var graph = new LimitedHashSet<RawRbacGrantEntity>();
|
||||||
|
|
||||||
@SuppressWarnings("unchecked")
|
@SuppressWarnings("unchecked") // List -> List<List<UUID>>
|
||||||
final var refUuids = (List<UUID>) em.createNativeQuery("SELECT uuid FROM rbac.permission WHERE objectuuid=:targetObject AND op=:op", List.class)
|
final var refUuidLists = (List<List<UUID>>) em.createNativeQuery(
|
||||||
|
"select uuid from rbac.permission where objectUuid=:targetObject and op=:op",
|
||||||
|
List.class)
|
||||||
.setParameter("targetObject", targetObject)
|
.setParameter("targetObject", targetObject)
|
||||||
.setParameter("op", op)
|
.setParameter("op", op)
|
||||||
.getResultList();
|
.getResultList();
|
||||||
refUuids.forEach(refUuid -> traverseGrantsFrom(graph, refUuid, includes));
|
refUuidLists.stream().flatMap(Collection::stream)
|
||||||
|
.forEach(refUuid -> traverseGrantsFrom(graph, refUuid, includes));
|
||||||
return toMermaidFlowchart(graph, includes);
|
return toMermaidFlowchart(graph, includes);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -127,20 +140,20 @@ public class RbacGrantsDiagramService {
|
|||||||
final var entities =
|
final var entities =
|
||||||
includes.contains(DETAILS)
|
includes.contains(DETAILS)
|
||||||
? graph.stream()
|
? graph.stream()
|
||||||
.flatMap(g -> Stream.of(
|
.flatMap(g -> Stream.of(
|
||||||
new Node(g.getAscendantIdName(), g.getAscendingUuid()),
|
new Node(g.getAscendantIdName(), g.getAscendingUuid()),
|
||||||
new Node(g.getDescendantIdName(), g.getDescendantUuid()))
|
new Node(g.getDescendantIdName(), g.getDescendantUuid()))
|
||||||
)
|
)
|
||||||
.collect(groupingBy(RbacGrantsDiagramService::renderEntityIdName))
|
.collect(groupingBy(RbacGrantsDiagramService::renderEntityIdName))
|
||||||
.entrySet().stream()
|
.entrySet().stream()
|
||||||
.map(entity -> "subgraph " + cleanId(entity.getKey()) + renderSubgraph(entity.getKey()) + "\n\n "
|
.map(entity -> "subgraph " + cleanId(entity.getKey()) + renderSubgraph(entity.getKey()) + "\n\n "
|
||||||
+ entity.getValue().stream()
|
+ entity.getValue().stream()
|
||||||
.map(n -> renderNode(n.idName(), n.uuid()).replace("\n", "\n "))
|
.map(n -> renderNode(n.idName(), n.uuid()).replace("\n", "\n "))
|
||||||
.sorted()
|
.sorted()
|
||||||
.distinct()
|
.distinct()
|
||||||
.collect(joining("\n\n ")))
|
.collect(joining("\n\n ")))
|
||||||
.collect(joining("\n\nend\n\n"))
|
.collect(joining("\n\nend\n\n"))
|
||||||
+ "\n\nend\n\n"
|
+ "\n\nend\n\n"
|
||||||
: "";
|
: "";
|
||||||
|
|
||||||
final var grants = graph.stream()
|
final var grants = graph.stream()
|
||||||
@ -195,7 +208,7 @@ public class RbacGrantsDiagramService {
|
|||||||
final var refType = refType(idName);
|
final var refType = refType(idName);
|
||||||
|
|
||||||
if (refType.equals("user")) {
|
if (refType.equals("user")) {
|
||||||
final var displayName = idName.substring(refType.length()+1);
|
final var displayName = idName.substring(refType.length() + 1);
|
||||||
return "(" + displayName + "\nref:" + uuid + ")";
|
return "(" + displayName + "\nref:" + uuid + ")";
|
||||||
}
|
}
|
||||||
if (refType.equals("role")) {
|
if (refType.equals("role")) {
|
||||||
@ -217,15 +230,20 @@ public class RbacGrantsDiagramService {
|
|||||||
@NotNull
|
@NotNull
|
||||||
private static String cleanId(final String idName) {
|
private static String cleanId(final String idName) {
|
||||||
return idName.replaceAll("@.*", "")
|
return idName.replaceAll("@.*", "")
|
||||||
.replace("[", "").replace("]", "").replace("(", "").replace(")", "").replace(",", "").replace(">", ":").replace("|", "_");
|
.replace("[", "")
|
||||||
|
.replace("]", "")
|
||||||
|
.replace("(", "")
|
||||||
|
.replace(")", "")
|
||||||
|
.replace(",", "")
|
||||||
|
.replace(">", ":")
|
||||||
|
.replace("|", "_");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
static class LimitedHashSet<T> extends HashSet<T> {
|
static class LimitedHashSet<T> extends HashSet<T> {
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public boolean add(final T t) {
|
public boolean add(final T t) {
|
||||||
if (size() < GRANT_LIMIT ) {
|
if (size() < GRANT_LIMIT) {
|
||||||
return super.add(t);
|
return super.add(t);
|
||||||
} else {
|
} else {
|
||||||
return false;
|
return false;
|
||||||
|
Loading…
x
Reference in New Issue
Block a user