fix RbacGrantsDiagramService to support multiple INSERT permissions

2025-01-15 09:07:31 +01:00 · 2025-01-15 09:07:31 +01:00 · c8eb5f86d4
commit c8eb5f86d4
parent c85d47c237
1 changed files with 45 additions and 27 deletions
--- a/src/main/java/net/hostsharing/hsadminng/rbac/grant/RbacGrantsDiagramService.java
+++ b/src/main/java/net/hostsharing/hsadminng/rbac/grant/RbacGrantsDiagramService.java
@ -49,8 +49,18 @@ public class RbacGrantsDiagramService {
        NON_TEST_ENTITIES;

        public static final EnumSet<Include> ALL = EnumSet.allOf(Include.class);
-        public static final EnumSet<Include> ALL_TEST_ENTITY_RELATED = EnumSet.of(USERS, DETAILS, NOT_ASSUMED, TEST_ENTITIES, PERMISSIONS);
-        public static final EnumSet<Include> ALL_NON_TEST_ENTITY_RELATED = EnumSet.of(USERS, DETAILS, NOT_ASSUMED, NON_TEST_ENTITIES, PERMISSIONS);
+        public static final EnumSet<Include> ALL_TEST_ENTITY_RELATED = EnumSet.of(
+                USERS,
+                DETAILS,
+                NOT_ASSUMED,
+                TEST_ENTITIES,
+                PERMISSIONS);
+        public static final EnumSet<Include> ALL_NON_TEST_ENTITY_RELATED = EnumSet.of(
+                USERS,
+                DETAILS,
+                NOT_ASSUMED,
+                NON_TEST_ENTITIES,
+                PERMISSIONS);
    }

    @Autowired
@ -66,7 +76,7 @@ public class RbacGrantsDiagramService {

    public String allGrantsTocurrentSubject(final EnumSet<Include> includes) {
        final var graph = new LimitedHashSet<RawRbacGrantEntity>();
-        for ( UUID subjectUuid: context.fetchCurrentSubjectOrAssumedRolesUuids() ) {
+        for (UUID subjectUuid : context.fetchCurrentSubjectOrAssumedRolesUuids()) {
            traverseGrantsTo(graph, subjectUuid, includes);
        }
        return toMermaidFlowchart(graph, includes);
@ -78,7 +88,7 @@ public class RbacGrantsDiagramService {
            if (!includes.contains(PERMISSIONS) && g.getDescendantIdName().startsWith("perm:")) {
                return;
            }
-            if ( !g.getDescendantIdName().startsWith("role:rbac.global")) {
+            if (!g.getDescendantIdName().startsWith("role:rbac.global")) {
                if (!includes.contains(TEST_ENTITIES) && g.getDescendantIdName().contains(":rbactest.")) {
                    return;
                }
@ -96,12 +106,15 @@ public class RbacGrantsDiagramService {
    public String allGrantsFrom(final UUID targetObject, final String op, final EnumSet<Include> includes) {
        final var graph = new LimitedHashSet<RawRbacGrantEntity>();

-        @SuppressWarnings("unchecked")
-        final var refUuids = (List<UUID>) em.createNativeQuery("SELECT uuid FROM rbac.permission WHERE objectuuid=:targetObject AND op=:op", List.class)
+        @SuppressWarnings("unchecked") // List -> List<List<UUID>>
+        final var refUuidLists = (List<List<UUID>>) em.createNativeQuery(
+                        "select uuid from rbac.permission where objectUuid=:targetObject and op=:op",
+                        List.class)
                .setParameter("targetObject", targetObject)
                .setParameter("op", op)
                .getResultList();
-        refUuids.forEach(refUuid -> traverseGrantsFrom(graph, refUuid, includes));
+        refUuidLists.stream().flatMap(Collection::stream)
+                .forEach(refUuid -> traverseGrantsFrom(graph, refUuid, includes));
        return toMermaidFlowchart(graph, includes);
    }

@ -195,7 +208,7 @@ public class RbacGrantsDiagramService {
        final var refType = refType(idName);

        if (refType.equals("user")) {
-            final var displayName = idName.substring(refType.length()+1);
+            final var displayName = idName.substring(refType.length() + 1);
            return "(" + displayName + "\nref:" + uuid + ")";
        }
        if (refType.equals("role")) {
@ -217,15 +230,20 @@ public class RbacGrantsDiagramService {
    @NotNull
    private static String cleanId(final String idName) {
        return idName.replaceAll("@.*", "")
-                .replace("[", "").replace("]", "").replace("(", "").replace(")", "").replace(",", "").replace(">", ":").replace("|", "_");
+                .replace("[", "")
+                .replace("]", "")
+                .replace("(", "")
+                .replace(")", "")
+                .replace(",", "")
+                .replace(">", ":")
+                .replace("|", "_");
    }

-
    static class LimitedHashSet<T> extends HashSet<T> {

        @Override
        public boolean add(final T t) {
-            if (size() < GRANT_LIMIT ) {
+            if (size() < GRANT_LIMIT) {
                return super.add(t);
            } else {
                return false;