Compare commits
1 Commits
master
...
TP-202408-
Author | SHA1 | Date | |
---|---|---|---|
|
85eb53905f |
42
.aliases
42
.aliases
@ -8,20 +8,12 @@ gradleWrapper () {
|
||||
return 1
|
||||
fi
|
||||
|
||||
if command -v unbuffer >/dev/null 2>&1; then
|
||||
# if `unbuffer` is available in PATH, use it to print report file-URIs at the end
|
||||
TEMPFILE=$(mktemp /tmp/gw.XXXXXX)
|
||||
unbuffer ./gradlew "$@" | tee $TEMPFILE
|
||||
echo
|
||||
grep --color=never "Report:" $TEMPFILE
|
||||
rm $TEMPFILE
|
||||
else
|
||||
# if `unbuffer` is not in PATH, simply run gradle
|
||||
./gradlew "$@"
|
||||
echo "HINT: it's suggested to install 'unbuffer' to print report URIs at the end of a gradle run"
|
||||
fi
|
||||
|
||||
TEMPFILE=$(mktemp /tmp/gw.XXXXXX)
|
||||
unbuffer ./gradlew "$@" | tee $TEMPFILE
|
||||
|
||||
echo
|
||||
grep --color=never "Report:" $TEMPFILE
|
||||
rm $TEMPFILE
|
||||
}
|
||||
|
||||
postgresAutodoc () {
|
||||
@ -38,13 +30,13 @@ postgresAutodoc () {
|
||||
fi
|
||||
postgresql_autodoc -d postgres -f build/postgres-autodoc -h localhost -u postgres --password=password \
|
||||
-m '(rbacobject|hs).*' \
|
||||
-l /usr/share/postgresql-autodoc -t neato &&
|
||||
-l /usr/share/postgresql-autodoc -t neato &&
|
||||
dot -Tsvg build/postgres-autodoc.neato >build/postgres-autodoc-hs.svg && \
|
||||
echo "generated: $PWD/build/postgres-autodoc-hs.svg"
|
||||
|
||||
postgresql_autodoc -d postgres -f build/postgres-autodoc -h localhost -u postgres --password=password \
|
||||
-m '(global|rbac).*' \
|
||||
-l /usr/share/postgresql-autodoc -t neato &&
|
||||
-l /usr/share/postgresql-autodoc -t neato &&
|
||||
dot -Tsvg build/postgres-autodoc.neato >build/postgres-autodoc-rbac.svg && \
|
||||
echo "generated $PWD/build/postgres-autodoc-rbac.svg"
|
||||
}
|
||||
@ -90,21 +82,5 @@ alias pg-sql-restore='gunzip --stdout | docker exec -i hsadmin-ng-postgres psql
|
||||
alias fp='grep -r '@Accepts' src | sed -e 's/^.*@/@/g' | sort -u | wc -l'
|
||||
|
||||
alias gw-spotless='./gradlew spotlessApply -x pitest -x test -x :processResources'
|
||||
alias gw-test='. .aliases; ./gradlew test'
|
||||
alias gw-check='. .aliases; gw test check -x pitest'
|
||||
|
||||
alias cas-curl='bin/cas-curl'
|
||||
|
||||
# etc/docker-compose.yml limits CPUs+MEM and includes a PostgreSQL config for analysing slow queries
|
||||
alias gw-importOfficeData-in-docker-compose='
|
||||
docker-compose -f etc/docker-compose.yml down &&
|
||||
docker-compose -f etc/docker-compose.yml up -d && sleep 10 &&
|
||||
time gw-importHostingAssets'
|
||||
|
||||
if [ ! -f .environment ]; then
|
||||
cp .tc-environment .environment
|
||||
fi
|
||||
source .environment
|
||||
|
||||
alias scenario-reports-upload='./gradlew scenarioTests convertMarkdownToHtml && ssh hsh03-hsngdev@h50.hostsharing.net "rm -f doms/hsngdev.hs-example.de/htdocs-ssl/scenarios/office/*.html" && scp build/doc/scenarios/*.html hsh03-hsngdev@h50.hostsharing.net:doms/hsngdev.hs-example.de/htdocs-ssl/scenarios/office'
|
||||
alias scenario-reports-open='open https://hsngdev.hs-example.de/scenarios/office'
|
||||
alias gw-test='. .aliases; ./gradlew test importOfficeData'
|
||||
alias gw-check='. .aliases; gw test importOfficeData check -x pitest -x :dependencyCheckAnalyze'
|
||||
|
@ -1,37 +0,0 @@
|
||||
<component name="ProjectRunConfigurationManager">
|
||||
<configuration default="false" name="ImportHostingAssets into local" type="GradleRunConfiguration" factoryName="Gradle">
|
||||
<ExternalSystemSettings>
|
||||
<option name="env">
|
||||
<map>
|
||||
<entry key="HSADMINNG_POSTGRES_ADMIN_PASSWORD" value="password" />
|
||||
<entry key="HSADMINNG_POSTGRES_ADMIN_USERNAME" value="postgres" />
|
||||
<entry key="HSADMINNG_POSTGRES_JDBC_URL" value="jdbc:postgresql://localhost:5432/postgres" />
|
||||
<entry key="HSADMINNG_POSTGRES_RESTRICTED_USERNAME" value="restricted" />
|
||||
</map>
|
||||
</option>
|
||||
<option name="executionName" />
|
||||
<option name="externalProjectPath" value="$PROJECT_DIR$" />
|
||||
<option name="externalSystemIdString" value="GRADLE" />
|
||||
<option name="scriptParameters" value="" />
|
||||
<option name="taskDescriptions">
|
||||
<list />
|
||||
</option>
|
||||
<option name="taskNames">
|
||||
<list>
|
||||
<option value=":importHostingAssets" />
|
||||
<option value="--tests" />
|
||||
<option value=""net.hostsharing.hsadminng.hs.migration.ImportHostingAssets"" />
|
||||
</list>
|
||||
</option>
|
||||
<option name="vmOptions" />
|
||||
</ExternalSystemSettings>
|
||||
<ExternalSystemDebugServerProcess>false</ExternalSystemDebugServerProcess>
|
||||
<ExternalSystemReattachDebugProcess>true</ExternalSystemReattachDebugProcess>
|
||||
<EXTENSION ID="com.intellij.execution.ExternalSystemRunConfigurationJavaExtension">
|
||||
<extension name="coverage" sample_coverage="false" />
|
||||
</EXTENSION>
|
||||
<DebugAllEnabled>false</DebugAllEnabled>
|
||||
<RunAsTest>true</RunAsTest>
|
||||
<method v="2" />
|
||||
</configuration>
|
||||
</component>
|
@ -67,37 +67,4 @@
|
||||
<RunAsTest>true</RunAsTest>
|
||||
<method v="2" />
|
||||
</configuration>
|
||||
<configuration default="false" name="ImportOfficeData" type="GradleRunConfiguration" factoryName="Gradle">
|
||||
<ExternalSystemSettings>
|
||||
<option name="env">
|
||||
<map>
|
||||
<entry key="HSADMINNG_POSTGRES_ADMIN_USERNAME" value="admin" />
|
||||
<entry key="HSADMINNG_POSTGRES_RESTRICTED_USERNAME" value="restricted" />
|
||||
</map>
|
||||
</option>
|
||||
<option name="executionName" />
|
||||
<option name="externalProjectPath" value="$PROJECT_DIR$" />
|
||||
<option name="externalSystemIdString" value="GRADLE" />
|
||||
<option name="scriptParameters" value="" />
|
||||
<option name="taskDescriptions">
|
||||
<list />
|
||||
</option>
|
||||
<option name="taskNames">
|
||||
<list>
|
||||
<option value=":importOfficeData" />
|
||||
<option value="--tests" />
|
||||
<option value=""net.hostsharing.hsadminng.hs.migration.ImportOfficeData"" />
|
||||
</list>
|
||||
</option>
|
||||
<option name="vmOptions" />
|
||||
</ExternalSystemSettings>
|
||||
<ExternalSystemDebugServerProcess>false</ExternalSystemDebugServerProcess>
|
||||
<ExternalSystemReattachDebugProcess>true</ExternalSystemReattachDebugProcess>
|
||||
<EXTENSION ID="com.intellij.execution.ExternalSystemRunConfigurationJavaExtension">
|
||||
<extension name="coverage" sample_coverage="false" />
|
||||
</EXTENSION>
|
||||
<DebugAllEnabled>false</DebugAllEnabled>
|
||||
<RunAsTest>true</RunAsTest>
|
||||
<method v="2" />
|
||||
</configuration>
|
||||
</component>
|
@ -1,8 +1,6 @@
|
||||
unset HSADMINNG_POSTGRES_JDBC_URL # dynamically set, different for normal tests and imports
|
||||
export HSADMINNG_POSTGRES_JDBC_URL=jdbc:tc:postgresql:15.5-bookworm:///spring_boot_testcontainers
|
||||
export HSADMINNG_POSTGRES_ADMIN_USERNAME=admin
|
||||
export HSADMINNG_POSTGRES_ADMIN_PASSWORD=
|
||||
export HSADMINNG_POSTGRES_RESTRICTED_USERNAME=restricted
|
||||
export HSADMINNG_SUPERUSER=superuser-alex@hostsharing.net
|
||||
export HSADMINNG_MIGRATION_DATA_PATH=migration
|
||||
export LIQUIBASE_CONTEXT=
|
||||
export LANG=en_US.UTF-8
|
||||
export HSADMINNG_CORS_WEBUI='http://localhost:3000'
|
||||
|
@ -1,8 +0,0 @@
|
||||
unset HSADMINNG_POSTGRES_JDBC_URL
|
||||
unset HSADMINNG_POSTGRES_ADMIN_USERNAME
|
||||
unset HSADMINNG_POSTGRES_ADMIN_PASSWORD
|
||||
unset HSADMINNG_POSTGRES_RESTRICTED_USERNAME
|
||||
unset HSADMINNG_SUPERUSER
|
||||
unset HSADMINNG_MIGRATION_DATA_PATH
|
||||
unset LIQUIBASE_CONTEXT
|
||||
|
88
Jenkinsfile
vendored
88
Jenkinsfile
vendored
@ -1,88 +0,0 @@
|
||||
pipeline {
|
||||
agent {
|
||||
dockerfile {
|
||||
filename 'etc/jenkinsAgent.Dockerfile'
|
||||
// additionalBuildArgs ...
|
||||
args '--network=bridge --user root -v $PWD:$PWD \
|
||||
-v /var/run/docker.sock:/var/run/docker.sock --group-add 984 \
|
||||
--memory=6g --cpus=3'
|
||||
}
|
||||
}
|
||||
|
||||
environment {
|
||||
DOCKER_HOST = 'unix:///var/run/docker.sock'
|
||||
HSADMINNG_POSTGRES_ADMIN_USERNAME = 'admin'
|
||||
HSADMINNG_POSTGRES_RESTRICTED_USERNAME = 'restricted'
|
||||
HSADMINNG_MIGRATION_DATA_PATH = 'migration'
|
||||
}
|
||||
|
||||
triggers {
|
||||
pollSCM('H/1 * * * *')
|
||||
}
|
||||
|
||||
stages {
|
||||
stage('Checkout') {
|
||||
steps {
|
||||
checkout scm
|
||||
}
|
||||
}
|
||||
|
||||
stage ('Compile') {
|
||||
steps {
|
||||
sh './gradlew clean processSpring compileJava compileTestJava --no-daemon'
|
||||
}
|
||||
}
|
||||
|
||||
stage ('Tests') {
|
||||
parallel {
|
||||
stage('Unit-/Integration/Acceptance-Tests') {
|
||||
steps {
|
||||
sh './gradlew check --no-daemon -x pitest -x dependencyCheckAnalyze -x importOfficeData -x importHostingAssets'
|
||||
}
|
||||
}
|
||||
stage('Import-Tests') {
|
||||
steps {
|
||||
sh './gradlew importOfficeData importHostingAssets --no-daemon'
|
||||
}
|
||||
}
|
||||
stage ('Scenario-Tests') {
|
||||
steps {
|
||||
sh './gradlew scenarioTests --no-daemon'
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
stage ('Check') {
|
||||
steps {
|
||||
sh './gradlew check -x pitest -x dependencyCheckAnalyze --no-daemon'
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
post {
|
||||
always {
|
||||
// archive test results
|
||||
junit 'build/test-results/test/*.xml'
|
||||
|
||||
// archive the JaCoCo coverage report in XML and HTML format
|
||||
jacoco(
|
||||
execPattern: 'build/jacoco/*.exec',
|
||||
classPattern: 'build/classes/java/main',
|
||||
sourcePattern: 'src/main/java'
|
||||
)
|
||||
|
||||
// archive scenario-test reports in HTML format
|
||||
sh '''
|
||||
./gradlew convertMarkdownToHtml
|
||||
'''
|
||||
archiveArtifacts artifacts:
|
||||
'build/doc/scenarios/*.html, ' +
|
||||
'build/reports/dependency-license/dependencies-without-allowed-license.json',
|
||||
allowEmptyArchive: true
|
||||
|
||||
// cleanup workspace
|
||||
cleanWs()
|
||||
}
|
||||
}
|
||||
}
|
118
README.md
118
README.md
@ -60,48 +60,36 @@ If you have at least Docker and the Java JDK installed in appropriate versions a
|
||||
|
||||
cd your-hsadmin-ng-directory
|
||||
|
||||
source .aliases # creates some comfortable bash aliases, e.g. 'gw'='./gradlew'
|
||||
gw # initially downloads the configured Gradle version into the project
|
||||
source .aliases # creates some comfortable bash aliases, e.g. 'gw'='./gradlew'
|
||||
gw # initially downloads the configured Gradle version into the project
|
||||
|
||||
gw test # compiles and runs unit- and integration-tests - takes >10min even on a fast machine
|
||||
gw scenarioTests # compiles and scenario-tests - takes ~1min on a decent machine
|
||||
gw test # compiles and runs unit- and integration-tests
|
||||
|
||||
# if the container has not been built yet, run this:
|
||||
pg-sql-run # downloads + runs PostgreSQL in a Docker container on localhost:5432
|
||||
|
||||
# if the container has been built already and you want to keep the data, run this:
|
||||
pg-sql-run # downloads + runs PostgreSQL in a Docker container on localhost:5432
|
||||
# if the container has been built already, run this:
|
||||
pg-sql-start
|
||||
|
||||
Next, compile and run the application without CAS-authentication on `localhost:8080`:
|
||||
|
||||
export HSADMINNG_CAS_SERVER=
|
||||
gw bootRun
|
||||
|
||||
For using the REST-API with CAS-authentication, see `bin/cas-curl`.
|
||||
|
||||
Now we can access the REST API, e.g. using curl:
|
||||
gw bootRun # compiles and runs the application on localhost:8080
|
||||
|
||||
# the following command should reply with "pong":
|
||||
curl -f -s http://localhost:8080/api/ping
|
||||
curl http://localhost:8080/api/ping
|
||||
|
||||
# the following command should return a JSON array with just all customers:
|
||||
curl -f -s\
|
||||
-H 'current-subject: superuser-alex@hostsharing.net' \
|
||||
http://localhost:8080/api/test/customers \
|
||||
| jq # just if `jq` is installed, to prettyprint the output
|
||||
curl \
|
||||
-H 'current-user: superuser-alex@hostsharing.net' \
|
||||
http://localhost:8080/api/test/customers
|
||||
|
||||
# the following command should return a JSON array with just all packages visible for the admin of the customer yyy:
|
||||
curl -f -s\
|
||||
-H 'current-subject: superuser-alex@hostsharing.net' -H 'assumed-roles: rbactest.customer#yyy:ADMIN' \
|
||||
http://localhost:8080/api/test/packages \
|
||||
| jq
|
||||
curl \
|
||||
-H 'current-user: superuser-alex@hostsharing.net' -H 'assumed-roles: test_customer#yyy:ADMIN' \
|
||||
http://localhost:8080/api/test/packages
|
||||
|
||||
# add a new customer
|
||||
curl -f -s\
|
||||
-H 'current-subject: superuser-alex@hostsharing.net' -H "Content-Type: application/json" \
|
||||
curl \
|
||||
-H 'current-user: superuser-alex@hostsharing.net' -H "Content-Type: application/json" \
|
||||
-d '{ "prefix":"ttt", "reference":80001, "adminUserName":"admin@ttt.example.com" }' \
|
||||
-X POST http://localhost:8080/api/test/customers \
|
||||
| jq
|
||||
-X POST http://localhost:8080/api/test/customers
|
||||
|
||||
If you wonder who 'superuser-alex@hostsharing.net' and 'superuser-fran@hostsharing.net' are and where the data comes from:
|
||||
Mike and Sven are just example global admin accounts as part of the example data which is automatically inserted in Testcontainers and Development environments.
|
||||
@ -509,19 +497,9 @@ We'll see if this changes when the project progresses and more validations are a
|
||||
|
||||
### OWASP Security Vulnerability Check
|
||||
|
||||
An OWASP security vulnerability is configured, but you need an API key.
|
||||
Fetch it from https://nvd.nist.gov/developers/request-an-api-key.
|
||||
|
||||
Then add it to your `~/.gradle/gradle.properties` file:
|
||||
|
||||
```
|
||||
OWASP_API_KEY=........-....-....-....-............
|
||||
```
|
||||
|
||||
Now you can run the dependency vulnerability check:
|
||||
An OWASP security vulnerability is configured and can be utilized by running:
|
||||
|
||||
```shell
|
||||
gw dependencyCheckUpdate
|
||||
gw dependencyCheckAnalyze
|
||||
```
|
||||
|
||||
@ -572,51 +550,14 @@ Dependency versions can be automatically upgraded to the latest available versio
|
||||
gw useLatestVersions
|
||||
```
|
||||
|
||||
Afterward, `gw check` is automatically started.
|
||||
Afterwards, `gw check` is automatically started.
|
||||
Please only commit+push to master if the check run shows no errors.
|
||||
|
||||
More infos, e.g. on blacklists see on the [project's website](https://github.com/patrikerdes/gradle-use-latest-versions-plugin).
|
||||
|
||||
|
||||
## Biggest Flaws in our Architecture
|
||||
|
||||
### The RBAC System is too Complicated
|
||||
|
||||
Now, where we have a better experience with what we really need from the RBAC system, we have learned
|
||||
that and creates too many (grant- and role-) rows and too even tables which could be avoided completely.
|
||||
|
||||
The basic idea is always to always have a fixed set of ordered role-types which apply for all DB-tables under RBAC,
|
||||
e.g. OWNER>ADMIN>AGENT\[>PROXY?\]>TENENT>REFERRER.
|
||||
Grants between these for the same DB-row would be implicit by order comparison.
|
||||
This way we would get rid of all explicit grants within the same DB-row
|
||||
and would not need the `rbac.role` table anymore.
|
||||
We would also reduce the depth of the expensive recursive CTE-query.
|
||||
|
||||
This has to be explored further.
|
||||
For now, we just keep it in mind and
|
||||
|
||||
### The Mapper is Error-Prone
|
||||
|
||||
Where `org.modelmapper.ModelMapper` reduces bloat-code a lot and has some nice features about recursive data-structure mappings,
|
||||
it often causes strange errors which are hard to fix.
|
||||
E.g. the uuid of the target main object is often taken from an uuid of a sub-subject.
|
||||
(For now, use `StrictMapper` to avoid this, for the case it happens.)
|
||||
|
||||
|
||||
### Too Many Business-Rules Implemented in Controllers
|
||||
|
||||
Some REST-Controllers implement too much code for business-roles.
|
||||
This should be extracted to services.
|
||||
|
||||
|
||||
## How To ...
|
||||
|
||||
Besides the following *How Tos* you can also find several *How Tos* in the source code:
|
||||
|
||||
```sh
|
||||
grep -r HOWTO src
|
||||
```
|
||||
|
||||
### How to Configure .pgpass for the Default PostgreSQL Database?
|
||||
|
||||
To access the default database schema as used during development, add this line to your `.pgpass` file in your users home directory:
|
||||
@ -815,29 +756,6 @@ postgres-autodoc
|
||||
The output will list the generated files.
|
||||
|
||||
|
||||
### How to Add (Real) Admin Users
|
||||
|
||||
```sql
|
||||
DO $$
|
||||
DECLARE
|
||||
-- replace with your admin account names
|
||||
admin_users TEXT[] := ARRAY['admin-1', 'admin-2', 'admin-3'];
|
||||
admin TEXT;
|
||||
BEGIN
|
||||
-- run as superuser
|
||||
call base.defineContext('adding real admin users', null, null, null);
|
||||
|
||||
-- for all new admin accounts
|
||||
FOREACH admin IN ARRAY admin_users LOOP
|
||||
call rbac.grantRoleToSubjectUnchecked(
|
||||
rbac.findRoleId(rbac.global_ADMIN()), -- granted by role
|
||||
rbac.findRoleId(rbac.global_ADMIN()), -- role to grant
|
||||
rbac.create_subject(admin)); -- creates the new admin account
|
||||
END LOOP;
|
||||
END $$;
|
||||
```
|
||||
|
||||
|
||||
## Further Documentation
|
||||
|
||||
- the `doc` directory contains architecture concepts and a glossary
|
||||
|
165
bin/cas-curl
165
bin/cas-curl
@ -1,165 +0,0 @@
|
||||
#!/bin/bash
|
||||
|
||||
if [ "$#" -eq 0 ] || [ "$1" == "help" ] || [ "$1" == "--help" ] || [ "$1" == "-h" ]; then
|
||||
cat <<EOF
|
||||
curl-wrapper utilizing CAS-authentication for hsadmin-ng
|
||||
usage: $0 [--trace] <<command>> [parameters]
|
||||
|
||||
commands:
|
||||
EOF
|
||||
grep '") ''# ' $0
|
||||
exit
|
||||
fi
|
||||
|
||||
if [ "$1" == "--trace" ]; then
|
||||
function trace() {
|
||||
echo "$*" >&2
|
||||
}
|
||||
function doCurl() {
|
||||
set -x
|
||||
curl --fail-with-body --header "Authorization: $HSADMINNG_CAS_TICKET" "$@"
|
||||
set +x
|
||||
}
|
||||
shift
|
||||
else
|
||||
function trace() {
|
||||
: # noop
|
||||
}
|
||||
function doCurl() {
|
||||
curl --fail-with-body --header "Authorization: $HSADMINNG_CAS_TICKET" "$@"
|
||||
}
|
||||
fi
|
||||
|
||||
if [ -z "$HSADMINNG_CAS_LOGIN" ] || [ -z "$HSADMINNG_CAS_VALIDATE" ] || \
|
||||
[ -z "$HSADMINNG_CAS_SERVICE_ID" ]; then
|
||||
cat >&2 <<EOF
|
||||
ERROR: environment incomplete
|
||||
|
||||
please set the following environment variables:
|
||||
export HSADMINNG_CAS_LOGIN=https://login.hostsharing.net/cas/v1/tickets
|
||||
export HSADMINNG_CAS_VALIDATE=https://login.hostsharing.net/cas/proxyValidate
|
||||
export HSADMINNG_CAS_USERNAME=<<optionally, your username, or leave empty after '='>>
|
||||
export HSADMINNG_CAS_PASSWORD=<<optionally, your password, or leave empty after '='>>
|
||||
export HSADMINNG_CAS_SERVICE_ID=https://hsadminng.hostsharing.net:443/
|
||||
EOF
|
||||
exit 1
|
||||
fi
|
||||
|
||||
function casLogout() {
|
||||
rm -f ~/.cas-login-tgt
|
||||
}
|
||||
|
||||
function casLogin() {
|
||||
# ticket granting ticket exists and not expired?
|
||||
if find ~/.cas-login-tgt -type f -size +0c -mmin -60 2>/dev/null | grep -q .; then
|
||||
return
|
||||
fi
|
||||
|
||||
if [ -z "$HSADMINNG_CAS_USERNAME" ]; then
|
||||
read -e -p "Username: " HSADMINNG_CAS_USERNAME
|
||||
fi
|
||||
|
||||
if [ -z "$HSADMINNG_CAS_PASSWORD" ]; then
|
||||
read -s -e -p "Password: " HSADMINNG_CAS_PASSWORD
|
||||
fi
|
||||
|
||||
# Do NOT use doCurl here! We do neither want to print the password nor pass a CAS service ticket.
|
||||
trace "+ curl --fail-with-body -s -i -X POST \
|
||||
-H 'Content-Type: application/x-www-form-urlencoded' \
|
||||
-d \"username=$HSADMINNG_CAS_USERNAME&password=<<PASSWORD OMITTED>>\" \
|
||||
$HSADMINNG_CAS_LOGIN -o ~/.cas-login-tgt.response -D -"
|
||||
HSADMINNG_CAS_TGT=`curl --fail-with-body -s -i -X POST \
|
||||
-H 'Content-Type: application/x-www-form-urlencoded' \
|
||||
-d "username=$HSADMINNG_CAS_USERNAME&password=$HSADMINNG_CAS_PASSWORD" \
|
||||
$HSADMINNG_CAS_LOGIN -o ~/.cas-login-tgt.response -D - \
|
||||
| grep -i "^Location: " | sed -e 's/^Location: //' -e 's/\\r//'`
|
||||
if [ -z "$HSADMINNG_CAS_TGT" ]; then
|
||||
echo "ERROR: could not get ticket granting ticket" >&2
|
||||
cat ~/.cas-login-tgt.response >&2
|
||||
fi
|
||||
echo "$HSADMINNG_CAS_TGT" >~/.cas-login-tgt
|
||||
trace "$HSADMINNG_CAS_TGT"
|
||||
}
|
||||
|
||||
function casTicket() {
|
||||
HSADMINNG_CAS_TGT=$(<~/.cas-login-tgt)
|
||||
if [[ -z "$HSADMINNG_CAS_TGT" ]]; then
|
||||
echo "ERROR: cannot get CAS ticket granting ticket for $HSADMINNG_CAS_USERNAME" >&2
|
||||
exit 1
|
||||
fi
|
||||
trace "CAS-TGT: $HSADMINNG_CAS_TGT"
|
||||
|
||||
trace "fetching CAS service ticket"
|
||||
trace "curl -s -d \"service=$HSADMINNG_CAS_SERVICE_ID\" $HSADMINNG_CAS_TGT"
|
||||
HSADMINNG_CAS_TICKET=$(curl -s -d "service=$HSADMINNG_CAS_SERVICE_ID" $HSADMINNG_CAS_TGT)
|
||||
if [[ -z "$HSADMINNG_CAS_TICKET" ]]; then
|
||||
echo "ERROR: cannot get CAS service ticket" >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo $HSADMINNG_CAS_TICKET
|
||||
}
|
||||
|
||||
function casValidate() {
|
||||
HSADMINNG_CAS_TICKET=`casTicket`
|
||||
|
||||
trace "validating CAS-TICKET: $HSADMINNG_CAS_TICKET"
|
||||
# Do NOT use doCurl here! We do not pass a CAS service ticket.
|
||||
trace curl -i -s $HSADMINNG_CAS_VALIDATE?ticket=${HSADMINNG_CAS_TICKET}\&service=${HSADMINNG_CAS_SERVICE_ID}
|
||||
HSADMINNG_CAS_USER=`curl -i -s $HSADMINNG_CAS_VALIDATE?ticket=${HSADMINNG_CAS_TICKET}\&service=${HSADMINNG_CAS_SERVICE_ID} | grep -oPm1 "(?<=<cas:user>)[^<]+"`
|
||||
if [ -z "$HSADMINNG_CAS_USER" ]; then
|
||||
echo "validation failed" >&2
|
||||
exit 1
|
||||
fi
|
||||
echo "CAS-User: $HSADMINNG_CAS_USER"
|
||||
}
|
||||
|
||||
case "${1,,}" in
|
||||
"login") # reads username+password and fetches ticket granting ticket (bypasses HSADMINNG_CAS_USERNAME+HSADMINNG_CAS_PASSWORD)
|
||||
casLogout
|
||||
export HSADMINNG_CAS_USERNAME=
|
||||
export HSADMINNG_CAS_PASSWORD=
|
||||
casLogin
|
||||
;;
|
||||
"logout") # logout, deleting ticket granting ticket
|
||||
casLogout
|
||||
;;
|
||||
"validate") # validates ticket granting ticket and prints currently logged in user
|
||||
casValidate
|
||||
;;
|
||||
"get") # HTTP GET, add URL as parameter
|
||||
shift
|
||||
casLogin
|
||||
HSADMINNG_CAS_TICKET=`casTicket`
|
||||
doCurl "$*"
|
||||
;;
|
||||
"post") # HTTP POST, add curl options to specify the request body and the URL as last parameter
|
||||
shift
|
||||
casLogin
|
||||
HSADMINNG_CAS_TICKET=`casTicket`
|
||||
doCurl --header "Content-Type: application/json" -X POST "$@"
|
||||
;;
|
||||
"patch") # HTTP PATCH, add curl options to specify the request body and the URL as last parameter
|
||||
shift
|
||||
casLogin
|
||||
HSADMINNG_CAS_TICKET=`casTicket`
|
||||
doCurl --header "Content-Type: application/json" -X POST "$*"
|
||||
;;
|
||||
"delete") # HTTP DELETE, add curl options to specify the request body and the URL as last parameter
|
||||
shift
|
||||
casLogin
|
||||
HSADMINNG_CAS_TICKET=`casTicket`
|
||||
curl -X POST "$@"
|
||||
;;
|
||||
*)
|
||||
cat >&2 <<EOF
|
||||
unknown command: '$1'
|
||||
valid commands: help, login, logout, validate, get, post, patch, delete
|
||||
EOF
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
|
||||
|
||||
|
||||
|
@ -1,38 +0,0 @@
|
||||
#!/bin/bash
|
||||
# waits for commits on any branch on origin, checks it out and builds it
|
||||
|
||||
. .aliases
|
||||
|
||||
while true; do
|
||||
git fetch origin >/dev/null
|
||||
branch_with_new_commits=`git fetch origin >/dev/null; git for-each-ref --format='%(refname:short) %(upstream:track)' refs/heads | grep '\[behind' | cut -d' ' -f1 | head -n1`
|
||||
|
||||
if [ -n "$branch_with_new_commits" ]; then
|
||||
echo "checking out branch: $branch_with_new_commits"
|
||||
if git show-ref --quiet --heads "$branch_with_new_commits"; then
|
||||
echo "Branch $branch_with_new_commits already exists. Checking it out and pulling latest changes."
|
||||
git checkout "$branch_with_new_commits"
|
||||
git pull origin "$branch_with_new_commits"
|
||||
else
|
||||
echo "Creating and checking out new branch: $branch_with_new_commits"
|
||||
git checkout -b "$branch_with_new_commits" "origin/$branch_with_new_commits"
|
||||
fi
|
||||
|
||||
echo "building ..."
|
||||
./gradlew gw clean test check -x pitest
|
||||
fi
|
||||
|
||||
# wait 10s with a little animation
|
||||
echo -e -n "\r\033[K waiting for changes (/) ..."
|
||||
sleep 2
|
||||
echo -e -n "\r\033[K waiting for changes (-) ..."
|
||||
sleep 2
|
||||
echo -e -n "\r\033[K waiting for changes (\) ..."
|
||||
sleep 2
|
||||
echo -e -n "\r\033[K waiting for changes (|) ..."
|
||||
sleep 2
|
||||
echo -e -n "\r\033[K waiting for changes ( ) ... "
|
||||
sleep 2
|
||||
echo -e -n "\r\033[K checking for changes"
|
||||
done
|
||||
|
120
build.gradle
120
build.gradle
@ -1,10 +1,10 @@
|
||||
plugins {
|
||||
id 'java'
|
||||
id 'org.springframework.boot' version '3.3.4'
|
||||
id 'io.spring.dependency-management' version '1.1.6'
|
||||
id 'org.springframework.boot' version '3.2.4'
|
||||
id 'io.spring.dependency-management' version '1.1.4'
|
||||
id 'io.openapiprocessor.openapi-processor' version '2023.2'
|
||||
id 'com.github.jk1.dependency-license-report' version '2.9'
|
||||
id "org.owasp.dependencycheck" version "10.0.4"
|
||||
id 'com.github.jk1.dependency-license-report' version '2.6'
|
||||
id "org.owasp.dependencycheck" version "9.0.10"
|
||||
id "com.diffplug.spotless" version "6.25.0"
|
||||
id 'jacoco'
|
||||
id 'info.solidsoft.pitest' version '1.15.0'
|
||||
@ -58,22 +58,19 @@ dependencies {
|
||||
implementation 'org.springframework.boot:spring-boot-starter-jdbc'
|
||||
implementation 'org.springframework.boot:spring-boot-starter-web'
|
||||
implementation 'org.springframework.boot:spring-boot-starter-validation'
|
||||
implementation 'org.springframework.boot:spring-boot-starter-actuator'
|
||||
implementation 'org.springframework.boot:spring-boot-starter-security'
|
||||
implementation 'com.github.gavlyukovskiy:datasource-proxy-spring-boot-starter:1.9.2'
|
||||
implementation 'org.springdoc:springdoc-openapi:2.6.0'
|
||||
implementation 'org.postgresql:postgresql:42.7.4'
|
||||
implementation 'org.liquibase:liquibase-core:4.29.2'
|
||||
implementation 'io.hypersistence:hypersistence-utils-hibernate-63:3.8.3'
|
||||
implementation 'com.fasterxml.jackson.datatype:jackson-datatype-jsr310:2.18.0'
|
||||
implementation 'com.github.gavlyukovskiy:datasource-proxy-spring-boot-starter:1.9.1'
|
||||
implementation 'org.springdoc:springdoc-openapi:2.4.0'
|
||||
implementation 'org.postgresql:postgresql:42.7.3'
|
||||
implementation 'org.liquibase:liquibase-core:4.27.0'
|
||||
implementation 'io.hypersistence:hypersistence-utils-hibernate-63:3.7.3'
|
||||
implementation 'com.fasterxml.jackson.datatype:jackson-datatype-jsr310:2.17.0'
|
||||
implementation 'org.openapitools:jackson-databind-nullable:0.2.6'
|
||||
implementation 'org.apache.commons:commons-text:1.12.0'
|
||||
implementation 'net.java.dev.jna:jna:5.15.0'
|
||||
implementation 'org.modelmapper:modelmapper:3.2.1'
|
||||
implementation 'org.iban4j:iban4j:3.2.10-RELEASE'
|
||||
implementation 'org.springdoc:springdoc-openapi-starter-webmvc-ui:2.6.0'
|
||||
implementation 'org.webjars:swagger-ui:5.17.14'
|
||||
implementation 'org.reflections:reflections:0.10.2'
|
||||
implementation 'org.apache.commons:commons-text:1.11.0'
|
||||
implementation 'net.java.dev.jna:jna:5.8.0'
|
||||
implementation 'org.modelmapper:modelmapper:3.2.0'
|
||||
implementation 'org.iban4j:iban4j:3.2.7-RELEASE'
|
||||
implementation 'org.springdoc:springdoc-openapi-starter-webmvc-ui:2.4.0'
|
||||
implementation 'org.reflections:reflections:0.9.12'
|
||||
|
||||
compileOnly 'org.projectlombok:lombok'
|
||||
testCompileOnly 'org.projectlombok:lombok'
|
||||
@ -88,12 +85,11 @@ dependencies {
|
||||
testImplementation 'org.testcontainers:junit-jupiter'
|
||||
testImplementation 'org.junit.jupiter:junit-jupiter'
|
||||
testImplementation 'org.testcontainers:postgresql'
|
||||
testImplementation 'com.tngtech.archunit:archunit-junit5:1.3.0'
|
||||
testImplementation 'com.tngtech.archunit:archunit-junit5:1.2.1'
|
||||
testImplementation 'io.rest-assured:spring-mock-mvc'
|
||||
testImplementation 'org.hamcrest:hamcrest-core:3.0'
|
||||
testImplementation 'org.hamcrest:hamcrest-core:2.2'
|
||||
testImplementation 'org.pitest:pitest-junit5-plugin:1.2.1'
|
||||
testImplementation 'org.junit.jupiter:junit-jupiter-api'
|
||||
testImplementation 'org.wiremock:wiremock-standalone:3.10.0'
|
||||
}
|
||||
|
||||
dependencyManagement {
|
||||
@ -121,8 +117,8 @@ openapiProcessor {
|
||||
springRoot {
|
||||
processorName 'spring'
|
||||
processor 'io.openapiprocessor:openapi-processor-spring:2022.5'
|
||||
apiPath "$projectDir/src/main/resources/api-definition/api-definition.yaml"
|
||||
mapping "$projectDir/src/main/resources/api-definition/api-mappings.yaml"
|
||||
apiPath "$projectDir/src/main/resources/api-definition.yaml"
|
||||
mapping "$projectDir/src/main/resources/api-mappings.yaml"
|
||||
targetDir "$buildDir/generated/sources/openapi-javax"
|
||||
showWarnings true
|
||||
openApiNullable true
|
||||
@ -258,7 +254,7 @@ test {
|
||||
'net.hostsharing.hsadminng.**.generated.**',
|
||||
]
|
||||
useJUnitPlatform {
|
||||
excludeTags 'importOfficeData', 'importHostingData', 'scenarioTest'
|
||||
excludeTags 'import'
|
||||
}
|
||||
}
|
||||
jacocoTestReport {
|
||||
@ -280,7 +276,7 @@ jacocoTestCoverageVerification {
|
||||
violationRules {
|
||||
rule {
|
||||
limit {
|
||||
minimum = 0.80 // TODO.test: improve instruction coverage
|
||||
minimum = 0.92
|
||||
}
|
||||
}
|
||||
|
||||
@ -292,20 +288,15 @@ jacocoTestCoverageVerification {
|
||||
element = 'CLASS'
|
||||
excludes = [
|
||||
'net.hostsharing.hsadminng.**.generated.**',
|
||||
'net.hostsharing.hsadminng.rbac.test.dom.TestDomainEntity',
|
||||
'net.hostsharing.hsadminng.HsadminNgApplication',
|
||||
'net.hostsharing.hsadminng.ping.PingController',
|
||||
'net.hostsharing.hsadminng.rbac.generator.*',
|
||||
'net.hostsharing.hsadminng.rbac.grant.RbacGrantsDiagramService',
|
||||
'net.hostsharing.hsadminng.rbac.grant.RbacGrantsDiagramService.Node',
|
||||
'net.hostsharing.hsadminng.**.*Repository',
|
||||
'net.hostsharing.hsadminng.mapper.Mapper'
|
||||
]
|
||||
|
||||
limit {
|
||||
counter = 'LINE'
|
||||
value = 'COVEREDRATIO'
|
||||
minimum = 0.75 // TODO.test: improve line coverage
|
||||
minimum = 0.98
|
||||
}
|
||||
}
|
||||
rule {
|
||||
@ -319,7 +310,7 @@ jacocoTestCoverageVerification {
|
||||
limit {
|
||||
counter = 'BRANCH'
|
||||
value = 'COVEREDRATIO'
|
||||
minimum = 0.00 // TODO.test: improve branch coverage
|
||||
minimum = 1.00
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -347,30 +338,19 @@ tasks.register('importHostingAssets', Test) {
|
||||
mustRunAfter spotlessJava
|
||||
}
|
||||
|
||||
tasks.register('scenarioTests', Test) {
|
||||
useJUnitPlatform {
|
||||
includeTags 'scenarioTest'
|
||||
}
|
||||
|
||||
group 'verification'
|
||||
description 'run the import jobs as tests'
|
||||
|
||||
mustRunAfter spotlessJava
|
||||
}
|
||||
|
||||
// pitest mutation testing
|
||||
pitest {
|
||||
targetClasses = ['net.hostsharing.hsadminng.**']
|
||||
excludedClasses = [
|
||||
'net.hostsharing.hsadminng.config.**',
|
||||
// 'net.hostsharing.hsadminng.**.*Controller',
|
||||
'net.hostsharing.hsadminng.**.*Controller',
|
||||
'net.hostsharing.hsadminng.**.generated.**'
|
||||
]
|
||||
|
||||
targetTests = ['net.hostsharing.hsadminng.**.*UnitTest', 'net.hostsharing.hsadminng.**.*RestTest']
|
||||
excludedTestClasses = ['**AcceptanceTest*', '**IntegrationTest*']
|
||||
|
||||
pitestVersion = '1.17.0'
|
||||
pitestVersion = '1.15.3'
|
||||
junit5PluginVersion = '1.1.0'
|
||||
|
||||
threads = 4
|
||||
@ -405,51 +385,3 @@ tasks.named("dependencyUpdates").configure {
|
||||
isNonStable(it.candidate.version)
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
// Generate HTML from Markdown scenario-test-reports using Pandoc:
|
||||
tasks.register('convertMarkdownToHtml') {
|
||||
description = 'Generates HTML from Markdown scenario-test-reports using Pandoc.'
|
||||
group = 'Conversion'
|
||||
|
||||
// Define the template file and input directory
|
||||
def templateFile = file('doc/scenarios/.template.html')
|
||||
|
||||
// Task configuration and execution
|
||||
doFirst {
|
||||
// Check if pandoc is installed
|
||||
try {
|
||||
exec {
|
||||
commandLine 'pandoc', '--version'
|
||||
}
|
||||
} catch (Exception) {
|
||||
throw new GradleException("Pandoc is not installed or not found in the system path.")
|
||||
}
|
||||
|
||||
// Check if the template file exists
|
||||
if (!templateFile.exists()) {
|
||||
throw new GradleException("Template file 'doc/scenarios/.template.html' not found.")
|
||||
}
|
||||
}
|
||||
|
||||
doLast {
|
||||
// Gather all Markdown files in the current directory
|
||||
fileTree(dir: '.', include: 'build/doc/scenarios/*.md').each { file ->
|
||||
// Corrected way to create the output file path
|
||||
def outputFile = new File(file.parent, file.name.replaceAll(/\.md$/, '.html'))
|
||||
|
||||
// Execute pandoc for each markdown file
|
||||
exec {
|
||||
commandLine 'pandoc', file.absolutePath, '--template', templateFile.absolutePath, '-o', outputFile.absolutePath
|
||||
}
|
||||
|
||||
println "Converted ${file.name} to ${outputFile.name}"
|
||||
}
|
||||
}
|
||||
}
|
||||
convertMarkdownToHtml.dependsOn scenarioTests
|
||||
|
||||
// shortcut for compiling all files
|
||||
tasks.register('compile') {
|
||||
dependsOn 'compileJava', 'compileTestJava'
|
||||
}
|
||||
|
@ -14,9 +14,9 @@ The core problem here is, that in our RBAC system, determining the permissions o
|
||||
|
||||
### Technical Background
|
||||
|
||||
The session variable `hsadminng.currentSubject` contains the accessing (domain-level) user, which is unrelated to the PostgreSQL user).
|
||||
The session variable `hsadminng.currentUser` contains the accessing (domain-level) user, which is unrelated to the PostgreSQL user).
|
||||
|
||||
Given is a stored function `isPermissionGrantedToSubject` which detects if the accessing subject has a given permission (e.g. 'view').
|
||||
Given is a stored function `isPermissionGrantedToSubject` which detects if the accessing user has a given permission (e.g. 'view').
|
||||
|
||||
Given is also a stored function `queryAllPermissionsOfSubjectId` which returns the flattened view to all permissions assigned to the given accessing user.
|
||||
|
||||
@ -38,7 +38,7 @@ In this solution, the database ignores row level visibility and returns all rows
|
||||
|
||||
Very flexible access, programmatic, rules could be implemented.
|
||||
|
||||
The role-hierarchy and permissions for current subjects (e.g. logged-in users) could be cached in the backend.
|
||||
The role-hierarchy and permissions for currently logged-in users user could be cached in the backend.
|
||||
|
||||
The access logic can be tested in pure Java unit tests.
|
||||
|
||||
@ -74,11 +74,11 @@ For restricted DB-users, which are used by the backend, access to rows is filter
|
||||
FOR SELECT
|
||||
TO restricted
|
||||
USING (
|
||||
rbac.isPermissionGrantedToSubject(rbac.findEffectivePermissionId('customer', id, 'view'), currentSubjectUuid())
|
||||
isPermissionGrantedToSubject(findEffectivePermissionId('customer', id, 'view'), currentUserUuid())
|
||||
);
|
||||
|
||||
SET SESSION AUTHORIZATION restricted;
|
||||
SET hsadminng.currentSubject TO 'alex@example.com';
|
||||
SET hsadminng.currentUser TO 'alex@example.com';
|
||||
SELECT * from customer; -- will only return visible rows
|
||||
|
||||
#### Advantages
|
||||
@ -101,10 +101,10 @@ We are bound to PostgreSQL, including integration tests and testing the RBAC sys
|
||||
CREATE OR REPLACE RULE "_RETURN" AS
|
||||
ON SELECT TO cust_view
|
||||
DO INSTEAD
|
||||
SELECT * FROM customer WHERE rbac.isPermissionGrantedToSubject(rbac.findEffectivePermissionId('customer', id, 'view'), currentSubjectUuid());
|
||||
SELECT * FROM customer WHERE isPermissionGrantedToSubject(findEffectivePermissionId('customer', id, 'view'), currentUserUuid());
|
||||
|
||||
SET SESSION AUTHORIZATION restricted;
|
||||
SET hsadminng.currentSubject TO 'alex@example.com';
|
||||
SET hsadminng.currentUser TO 'alex@example.com';
|
||||
SELECT * from customer; -- will only return visible rows
|
||||
|
||||
#### Advantages
|
||||
@ -130,12 +130,12 @@ We do not access the tables directly from the backend, but via views which join
|
||||
CREATE OR REPLACE VIEW cust_view AS
|
||||
SELECT c.id, c.reference, c.prefix
|
||||
FROM customer AS c
|
||||
JOIN queryAllPermissionsOfSubjectId(currentSubjectUuid()) AS p
|
||||
JOIN queryAllPermissionsOfSubjectId(currentUserUuid()) AS p
|
||||
ON p.tableName='customer' AND p.rowId=c.id AND p.op='view';
|
||||
GRANT ALL PRIVILEGES ON cust_view TO restricted;
|
||||
|
||||
SET SESSION SESSION AUTHORIZATION restricted;
|
||||
SET hsadminng.currentSubject TO 'alex@example.com';
|
||||
SET hsadminng.currentUser TO 'alex@example.com';
|
||||
SELECT * from cust_view; -- will only return visible rows
|
||||
|
||||
Alternatively the JOIN could also be applied in a "ON SELECT DO INSTEAD"-RULE, if there is any advantage for later features.
|
||||
|
@ -1,119 +0,0 @@
|
||||
# Handling Automatic Creation of Hosting Assets for New Booking Items
|
||||
|
||||
**Status:**
|
||||
- [x] proposed by (Michael Hönnig)
|
||||
- [ ] accepted by (Participants)
|
||||
- [ ] rejected by (Participants)
|
||||
- [ ] superseded by (superseding ADR)
|
||||
|
||||
|
||||
## Context and Problem Statement
|
||||
|
||||
When a customer creates a new booking item (e.g., `MANAGED_WEBSPACE`), the system must automatically create the related hosting asset.
|
||||
This process can sometimes fail or require additional data from the user, e.g. installing a DNS verification key, or a hostmaster, e.g. the target server to use.
|
||||
|
||||
The challenge is how to handle this automatic creation process while dealing with missing data, asynchronicity and failures while ensuring system consistency and proper user notification.
|
||||
|
||||
|
||||
### Technical Background
|
||||
|
||||
The creation of hosting assets can occur synchronously (in simple cases) or asynchronously (when additional steps like manual verification are needed).
|
||||
For example, a `DOMAIN_SETUP` hosting asset may require DNS verification from the user, and until this is provided, the related domain cannot be fully set up.
|
||||
|
||||
Additionally, not all data needed for creating the hosting asset is stored in the booking item.
|
||||
It's part of the HTTP request and later stored in the hosting asset, but we also need to store it before the hosting asset can be created asynchronously.
|
||||
|
||||
Current system behavior involves returning HTTP 201 upon booking item creation, but the automatic hosting asset creation might fail due to missing information.
|
||||
The system needs to manage the creation process in a way that ensures valid hosting assets are created and informs the user of any actions required while still returning a 201 HTTP code, not an error code.
|
||||
|
||||
|
||||
## Considered Options
|
||||
|
||||
For storing the data needed for the hosting-asset creation:
|
||||
|
||||
* STORAGE-1: Store temporary asset data in the `BookingItemEntity`, e.g. a JSON column.
|
||||
And delete the value of that column, once the hosting assets got successfully created.
|
||||
* STORAGE-2: Create hosting assets immediately, even if invalid, but mark them as "inactive" until completed and fully validated.
|
||||
* STORAGE-3: Store the asset data in a kind of event- or job-queue, which get deleted once the hosting-asset got successfully created.
|
||||
|
||||
For the user-notification status:
|
||||
|
||||
* STATUS-1: Introduce a status field in the booking-items.
|
||||
* STATUS-2: Store the status in the event-/job-queue entries.
|
||||
|
||||
### STORAGE-1: Temporary Data Storage in `BookingItemEntity`
|
||||
|
||||
Store asset-related data (e.g., domain name) in a temporary column or JSON field in the `BookingItemEntity` until the hosting assets are successfully created.
|
||||
Once assets are created, the temporary data is deleted to avoid inconsistencies.
|
||||
|
||||
#### Advantages
|
||||
- Easy to implement.
|
||||
|
||||
#### Disadvantages
|
||||
- Needs either a separate map of properties in the booking-item.
|
||||
- Or, if stored as a JSON field in the booking-item-resources, these are misused.
|
||||
- Requires additional cleanup logic to remove stale data.
|
||||
|
||||
### STORAGE-2: Inactive Hosting Assets Until Validation
|
||||
|
||||
Create the hosting assets immediately upon booking item creation but mark them as "inactive" until all required information (e.g., verification code) is provided and validation is complete.
|
||||
|
||||
#### Advantages
|
||||
- Avoids temporary external data storage for the hosting-assets.
|
||||
|
||||
#### Disadvantages
|
||||
- Validation becomes more complex as some properties need to be validated, others not.
|
||||
And some properties even need special treatment for new entities, which then becomes vague.
|
||||
- Inactive assets have to be filtered from operational assets.
|
||||
- Potential risk of incomplete or inconsistent assets being created, which may require correction.
|
||||
- Difficult to write tests for all possible combinations of validations.
|
||||
|
||||
### STORAGE-3: Event-Based Approach
|
||||
|
||||
The hosting asset data required for creation us passed to the API and stored in a `BookingItemCreatedEvent`.
|
||||
If hosting asset creation cannot happen synchronously, the event is stored and processed asynchronously in batches, retrying failed asset creation as needed.
|
||||
|
||||
#### Advantages
|
||||
- Clean-data-structure (separation of concerns).
|
||||
- Clear separation between booking item creation and hosting asset creation.
|
||||
- Only valid assets in the database.
|
||||
- Can handle complex asynchronous processes (like waiting for external verification) in a clean and structured manner.
|
||||
- Easier to manage retries and failures in asset creation without complicating the booking item structure.
|
||||
|
||||
#### Disadvantages
|
||||
- At the Spring controller level, the whole JSON is already converted into Java objects,
|
||||
but for storing the asset data in the even, we need JSON again.
|
||||
This could is not just a performance-overhead but could also lead to inconsistencies.
|
||||
|
||||
### STATUS-1: Store hosting-asset-creation-status in the `BookingItemEntity`
|
||||
|
||||
A status field would be added to booking-items to track the creation state of related hosting assets.
|
||||
The users could check their booking-items for the status of the hosting-asset creation, error messages and further instructions.
|
||||
|
||||
#### Advantages
|
||||
- Easy to implement.
|
||||
|
||||
#### Disadvantages
|
||||
- Adds a field to the booking-item which is makes no sense anymore once the related hosting asset is created.
|
||||
|
||||
|
||||
### Status-2: Store hosting-asset-creation-status in the `BookingItemCreateEvent`
|
||||
|
||||
A status field would be added to the booking-item-created event and get updated with the latest messages any time we try to create the hosting-asset.
|
||||
|
||||
#### Advantages
|
||||
- Clean-data-structure (separation of concerns)
|
||||
|
||||
#### Disadvantages
|
||||
- Accessing the status requires querying the event queue.
|
||||
|
||||
|
||||
## Decision Outcome
|
||||
|
||||
**Chosen Option: STORAGE-3 with STATUS-2 (Event-Based Approach with `BookingItemCreatedEvent`)**
|
||||
|
||||
The event-based approach was selected as the best solution for handling automatic hosting asset creation. This option provides a clear separation between booking item creation and hosting asset creation, ensuring that no invalid or incomplete assets are created. The asynchronous nature of the event system allows for retries and external validation steps (such as user-entered verification codes) without disrupting the overall flow.
|
||||
|
||||
By using `BookingItemCreatedEvent` to store the hosting-asset data and the status,
|
||||
we don't need to misuse other data structures for temporary data
|
||||
and therefore hava a clean separation of concerns.
|
@ -1,124 +0,0 @@
|
||||
### hsadminNg fachliches Glossar
|
||||
|
||||
<!--
|
||||
Currently, this business glossary is only available in German because in many cases,
|
||||
the German terms are important for comprehensibility for those using this software.
|
||||
-->
|
||||
|
||||
Dieses ist eine Sammlung von Fachbegriffen, die in diesem Projekt benutzt werden.
|
||||
Ebenfalls aufgenommen sind technische Begriffe, die für Benutzer für das Verständnis der Schnittstellen nötig sind.
|
||||
|
||||
Falls etwas fehlt, bitte Bescheid geben.
|
||||
|
||||
|
||||
#### Partner
|
||||
|
||||
In diesem System ist ein _Partner_ grundsätzlich jeglicher Geschäftspartner der _Hostsharing eG_.
|
||||
Dies können grundsätzlich Kunden, siehe [Debitor](#Debitor), wie Lieferanten sein.
|
||||
Derzeit sind aber nur Debitoren implementiert.
|
||||
|
||||
Des Weiteren gibt es für jeden _Partner_ eine fünfstellige Partnernummer mit dem Prefix 'P-' (z.B. `P-123454`)
|
||||
sowie Zusatzinformationen (z.B. Registergerichtnummer oder Geburtsdatum), die zur genauen Identifikation benötigt werden.
|
||||
|
||||
Für einen _Partner_ kann es gleichzeitig mehrere [Debitoren](#Debitor)
|
||||
und zeitlich nacheinander mehrere [Mitgliedschaften](#Mitgliedschaft) geben.
|
||||
|
||||
Partner sind grundsätzlich als ist [Relation](#Relation) der Vertragsperson mit der Person _Hostsharing eG_ implementiert.
|
||||
|
||||
|
||||
### Debitor
|
||||
|
||||
Ein `Debitor` ist quasi ein Rechnungsempfänger für einen [Partner](#Partner).
|
||||
|
||||
Für einen _Partner_ kann es gleichzeitig mehrere [Debitoren](#Debitor) geben,
|
||||
z.B. für spezielle Projekte des Kunden oder verbundene Organisationen.
|
||||
|
||||
Des Weiteren gibt es für jeden _Partner_ eine fünfstellige Partnernummer mit dem Prefix 'P-' (z.B. `P-123454`)
|
||||
sowie Zusatzinformationen (z.B. Registergerichtsnummer oder Geburtsdatum), die zur genauen Identifikation benötigt werden.
|
||||
|
||||
Debitoren sind grundsätzlich als ist [Relation](#Relation) der Vertragsperson mit der Person des Vertragspartners implementiert.
|
||||
|
||||
|
||||
#### Relation
|
||||
|
||||
Eine _Relation_ ist eine typisierte und mit Kontaktdaten versehene Beziehung einer (_Holder_)-Person zu einer _Anchor_-Person.
|
||||
|
||||
Eine Relation ist eine Art Geschäftsrolle, wir haben hier aber keinen Begriff mit 'Rolle' verwendet,
|
||||
weil 'Role' (engl.) zu leicht mit der [RBAC-Rolle](#RBAC-Role) verwechselt werden könnte.
|
||||
|
||||
Die _Relation_ ist auch ein technisches Konzept und gehört nicht zur Domänensprache.
|
||||
Dieses Konzept ist jedoch für das Verständnis der ([API](#API)) notwendig.
|
||||
|
||||
|
||||
#### Ex-Partner
|
||||
|
||||
Ex-Partner bilden [Personen](#Person) ab, die vormals [Partner](#Partner) waren.
|
||||
Diese bleiben dadurch informationshalber im System verfügbar.
|
||||
|
||||
Implementiert ist der _Ex-Partner_ als eine besondere Form der [Relation](#Relation)
|
||||
der Person des Ex-Partner (_Holder_) zum neuen Partner (_Anchor_) dargestellt.
|
||||
Dieses kann zu einer Kettenbildung führen.
|
||||
|
||||
|
||||
#### Representative-Contact (ehemals _contractual_)
|
||||
|
||||
Ein _Representative_ ist eine natürliche Person, die für eine nicht-natürliche Person vertretungsberechtigt ist.
|
||||
|
||||
Implementiert ist der _Representative_ als eine besondere Form der [Relation](#Relation)
|
||||
der Person des Repräsentanten (_Holder_) zur repräsentierten Person (_Anchor_) dargestellt.
|
||||
|
||||
|
||||
### VIP-Contact
|
||||
|
||||
Ein _VIP-Contact_ ist eine natürliche Person, die für einen Geschäftspartner eine wichtige Funktion übernimmt,
|
||||
nicht aber deren offizieller Repräsentant ist.
|
||||
|
||||
Implementiert ist der _VIP-Contact_ als eine besondere Form der [Relation](#Relation)
|
||||
der Person des VIP-Contact (_Holder_) zur repräsentierten Person (_Anchor_) dargestellt.
|
||||
|
||||
|
||||
### Operations-Contact
|
||||
|
||||
Ein _Operations-_Contact_ ist_ eine natürliche Person, die für einen Geschäftspartner technischer Ansprechpartner ist.
|
||||
|
||||
Ein Seiteneffekt ist, dass diese Person im Ticketsystem Znuny direkt dem Geschäftspartner zugeordnet werden kann.
|
||||
|
||||
Im Legacy System waren das die Kontakte mit der Rolle `operation` und `silent`.
|
||||
|
||||
Implementiert ist der _Operations-Contact_ als eine besondere Form der [Relation](#Relation)
|
||||
der Person des _Operations-Contact_ (_Holder_) zur repräsentierten Person (_Anchor_) dargestellt.
|
||||
|
||||
|
||||
### OperationsAlert-Contact
|
||||
|
||||
Ein _OperationsAlert-_Contact_ ist_ eine natürliche Person, die für einen Geschäftspartner bei technischen Probleme kontaktiert werden soll.
|
||||
|
||||
Im Legacy System waren das die Kontakte mit der Rolle `operation`.
|
||||
|
||||
Implementiert ist der _OperationsAlert-Contact_ als eine besondere Form der [Relation](#Relation)
|
||||
der Person des _OperationsAlert-Contact_ (_Holder_) zur repräsentierten Person (_Anchor_) dargestellt.
|
||||
|
||||
|
||||
### Subscriber-Contact
|
||||
|
||||
Ein _Subscriber-_Contact_ ist_ eine natürliche Person, die für einen Geschäftspartner eine bestimmte Mailingliste abonniert.
|
||||
|
||||
Implementiert ist der _Subscriber-Contact_ als eine besondere Form der [Relation](#Relation)
|
||||
der Person des _Subscriber-Contact_ (_Holder_) zur repräsentierten Person (_Anchor_) dargestellt.
|
||||
Zusätzlich wird diese Relation mit dem Kurznamen der abonnierten Mailingliste markiert.
|
||||
|
||||
|
||||
#### Anchor / Relation-Anchor
|
||||
|
||||
siehe [Relation](#Relation)
|
||||
|
||||
|
||||
#### Holder / Relation-Holder
|
||||
|
||||
siehe [Relation](#Relation)
|
||||
|
||||
|
||||
#### API
|
||||
|
||||
Und API (Application-Programming-Interface) verstehen wir eine über HTTPS angesprochene programmatisch bedienbare Schnittstell
|
||||
zur Funktionalität des hsAdmin-NG-Systems.
|
@ -12,7 +12,6 @@ package Booking #feb28c {
|
||||
entity BI_CLOUD_SERVER
|
||||
entity BI_MANAGED_SERVER
|
||||
entity BI_MANAGED_WEBSPACE
|
||||
entity BI_DOMAIN_SETUP
|
||||
}
|
||||
|
||||
package Hosting #feb28c{
|
||||
@ -68,7 +67,6 @@ package Booking #feb28c {
|
||||
entity BI_CLOUD_SERVER
|
||||
entity BI_MANAGED_SERVER
|
||||
entity BI_MANAGED_WEBSPACE
|
||||
entity BI_DOMAIN_SETUP
|
||||
}
|
||||
|
||||
package Hosting #feb28c{
|
||||
@ -96,7 +94,6 @@ BI_MANAGED_WEBSPACE *--> BI_MANAGED_SERVER
|
||||
HA_MANAGED_WEBSPACE *==> BI_MANAGED_WEBSPACE
|
||||
HA_UNIX_USER *==> HA_MANAGED_WEBSPACE
|
||||
HA_EMAIL_ALIAS *==> HA_MANAGED_WEBSPACE
|
||||
HA_DOMAIN_SETUP *==> BI_DOMAIN_SETUP
|
||||
HA_DOMAIN_SETUP o..> HA_DOMAIN_SETUP
|
||||
HA_DOMAIN_DNS_SETUP *==> HA_DOMAIN_SETUP
|
||||
HA_DOMAIN_DNS_SETUP o--> HA_MANAGED_WEBSPACE
|
||||
@ -128,7 +125,6 @@ package Booking #feb28c {
|
||||
entity BI_CLOUD_SERVER
|
||||
entity BI_MANAGED_SERVER
|
||||
entity BI_MANAGED_WEBSPACE
|
||||
entity BI_DOMAIN_SETUP
|
||||
}
|
||||
|
||||
package Hosting #feb28c{
|
||||
@ -177,7 +173,6 @@ package Booking #feb28c {
|
||||
entity BI_CLOUD_SERVER
|
||||
entity BI_MANAGED_SERVER
|
||||
entity BI_MANAGED_WEBSPACE
|
||||
entity BI_DOMAIN_SETUP
|
||||
}
|
||||
|
||||
package Hosting #feb28c{
|
||||
|
@ -64,7 +64,7 @@ classDiagram
|
||||
}
|
||||
|
||||
class partner-MeierGmbH {
|
||||
+Numeric partnerNumber: P-12345
|
||||
+Numeric partnerNumber: 12345
|
||||
+Relation partnerRel
|
||||
}
|
||||
partner-MeierGmbH *-- rel-MeierGmbH
|
||||
|
@ -15,7 +15,7 @@ We could not find a pattern, why that was the case. The impression that it had t
|
||||
|
||||
## Preparation
|
||||
|
||||
### Configuring PostgreSQL
|
||||
### Configuring PostgreSQL
|
||||
|
||||
The pg_stat_statements PostgreSQL-Extension can be used to measure how long queries take and how often they are called.
|
||||
|
||||
@ -126,7 +126,7 @@ SELECT calls,
|
||||
query
|
||||
FROM statements
|
||||
WHERE calls > 100 AND shared_blks_hit > 0
|
||||
ORDER BY total_exec_time DESC
|
||||
ORDER BY total_exec_time_mins DESC
|
||||
LIMIT 16;
|
||||
```
|
||||
|
||||
@ -199,21 +199,21 @@ Limit (cost=6549.08..6549.35 rows=54 width=16)
|
||||
Group Key: grants.descendantuuid
|
||||
-> CTE Scan on grants (cost=0.00..22.06 rows=1103 width=16)
|
||||
-> Index Only Scan using rbacobject_objecttable_uuid_key on rbacobject obj (cost=0.28..0.31 rows=1 width=16)
|
||||
Index Cond: ((objecttable = 'hs_hosting.asset'::text) AND (uuid = perm.objectuuid))
|
||||
Index Cond: ((objecttable = 'hs_hosting_asset'::text) AND (uuid = perm.objectuuid))
|
||||
```
|
||||
|
||||
### Office-Relation-Query
|
||||
|
||||
```SQL
|
||||
SELECT hore1_0.uuid,a1_0.uuid,a1_0.familyname,a1_0.givenname,a1_0.persontype,a1_0.salutation,a1_0.title,a1_0.tradename,a1_0.version,c1_0.uuid,c1_0.caption,c1_0.emailaddresses,c1_0.phonenumbers,c1_0.postaladdress,c1_0.version,h1_0.uuid,h1_0.familyname,h1_0.givenname,h1_0.persontype,h1_0.salutation,h1_0.title,h1_0.tradename,h1_0.version,hore1_0.mark,hore1_0.type,hore1_0.version
|
||||
FROM hs_office.relation_rv hore1_0
|
||||
LEFT JOIN hs_office.person_rv a1_0 ON a1_0.uuid=hore1_0.anchoruuid
|
||||
LEFT JOIN hs_office.contact_rv c1_0 ON c1_0.uuid=hore1_0.contactuuid
|
||||
LEFT JOIN hs_office.person_rv h1_0 ON h1_0.uuid=hore1_0.holderuuid
|
||||
FROM hs_office_relation_rv hore1_0
|
||||
LEFT JOIN hs_office_person_rv a1_0 ON a1_0.uuid=hore1_0.anchoruuid
|
||||
LEFT JOIN hs_office_contact_rv c1_0 ON c1_0.uuid=hore1_0.contactuuid
|
||||
LEFT JOIN hs_office_person_rv h1_0 ON h1_0.uuid=hore1_0.holderuuid
|
||||
WHERE hore1_0.uuid=$1
|
||||
```
|
||||
|
||||
That query on the `hs_office.relation_rv`-table joins the three references anchor-person, holder-person and contact.
|
||||
That query on the `hs_office_relation_rv`-table joins the three references anchor-person, holder-person and contact.
|
||||
|
||||
|
||||
### Total-Query-Time > Total-Import-Runtime
|
||||
@ -239,7 +239,7 @@ This did not improve the performance.
|
||||
We were suspicious about the sequential scan over all `rbacpermission` rows which was done by PostgreSQL to execute a HashJoin strategy. Turning off that strategy by
|
||||
|
||||
```SQL
|
||||
ALTER FUNCTION rbac.queryAccessibleObjectUuidsOfSubjectIds SET enable_hashjoin = off;
|
||||
ALTER FUNCTION queryAccessibleObjectUuidsOfSubjectIds SET enable_hashjoin = off;
|
||||
```
|
||||
|
||||
did not improve the performance though. The HashJoin was actually still applied, but no full table scan anymore:
|
||||
@ -270,21 +270,21 @@ At this point, the import took 21mins with these statistics:
|
||||
|
||||
| query | calls | total_m | mean_ms |
|
||||
|-------|-------|---------|---------|
|
||||
| select hore1_0.uuid,a1_0.uuid,a1_0.familyname,a1_0.givenname,a1_0.persontype,a1_0.salutation,a1_0.title,a1_0.tradename,a1_0.version,c1_0.uuid,c1_0.caption,c1_0.emailaddresses,c1_0.phonenumbers,c1_0.postaladdress, c1_0.version,h1_0.uuid,h1_0.familyname,h1_0.givenname,h1_0.persontype,h1_0.salutation,h1_0.title,h1_0.tradename,h1_0.version,hore1_0.mark,hore1_0.type,hore1_0.version from public.hs_office.relation_rv hore1_0 left join public.hs_office.person_rv a1_0 on a1_0.uuid=hore1_0.anchoruuid left join public.hs_office.contact_rv c1_0 on c1_0.uuid=hore1_0.contactuuid left join public.hs_office.person_rv h1_0 on h1_0.uuid=hore1_0.holderuuid where hore1_0.uuid=$1 | 517 | 11 | 1282 |
|
||||
| select hope1_0.uuid,hope1_0.familyname,hope1_0.givenname,hope1_0.persontype,hope1_0.salutation,hope1_0.title,hope1_0.tradename,hope1_0.version from public.hs_office.person_rv hope1_0 where hope1_0.uuid=$1 | 973 | 4 | 254 |
|
||||
| select hoce1_0.uuid,hoce1_0.caption,hoce1_0.emailaddresses,hoce1_0.phonenumbers,hoce1_0.postaladdress,hoce1_0.version from public.hs_office.contact_rv hoce1_0 where hoce1_0.uuid=$1 | 973 | 4 | 253 |
|
||||
| call rbac.grantRoleToRole(roleUuid, superRoleUuid, superRoleDesc.assumed) | 31316 | 0 | 1 |
|
||||
| select hore1_0.uuid,a1_0.uuid,a1_0.familyname,a1_0.givenname,a1_0.persontype,a1_0.salutation,a1_0.title,a1_0.tradename,a1_0.version,c1_0.uuid,c1_0.caption,c1_0.emailaddresses,c1_0.phonenumbers,c1_0.postaladdress, c1_0.version,h1_0.uuid,h1_0.familyname,h1_0.givenname,h1_0.persontype,h1_0.salutation,h1_0.title,h1_0.tradename,h1_0.version,hore1_0.mark,hore1_0.type,hore1_0.version from public.hs_office_relation_rv hore1_0 left join public.hs_office_person_rv a1_0 on a1_0.uuid=hore1_0.anchoruuid left join public.hs_office_contact_rv c1_0 on c1_0.uuid=hore1_0.contactuuid left join public.hs_office_person_rv h1_0 on h1_0.uuid=hore1_0.holderuuid where hore1_0.uuid=$1 | 517 | 11 | 1282 |
|
||||
| select hope1_0.uuid,hope1_0.familyname,hope1_0.givenname,hope1_0.persontype,hope1_0.salutation,hope1_0.title,hope1_0.tradename,hope1_0.version from public.hs_office_person_rv hope1_0 where hope1_0.uuid=$1 | 973 | 4 | 254 |
|
||||
| select hoce1_0.uuid,hoce1_0.caption,hoce1_0.emailaddresses,hoce1_0.phonenumbers,hoce1_0.postaladdress,hoce1_0.version from public.hs_office_contact_rv hoce1_0 where hoce1_0.uuid=$1 | 973 | 4 | 253 |
|
||||
| call grantRoleToRole(roleUuid, superRoleUuid, superRoleDesc.assumed) | 31316 | 0 | 1 |
|
||||
| call buildRbacSystemForHsHostingAsset(NEW) | 2258 | 0 | 7 |
|
||||
| select * from rbac.isGranted(array[granteeId], grantedId) | 44613 | 0 | 0 |
|
||||
| insert into public.hs_hosting.asset_rv (alarmcontactuuid,assignedtoassetuuid,bookingitemuuid,caption,config,identifier,parentassetuuid,type,version,uuid) values ($1,$2,$3,$4,$5,$6,$7,$8,$9,$10) | 2207 | 0 | 7 |
|
||||
| insert into hs_hosting.asset (alarmcontactuuid, version, bookingitemuuid, type, parentassetuuid, assignedtoassetuuid, config, uuid, identifier, caption) values (new.alarmcontactuuid, new. version, new. bookingitemuuid, new. type, new. parentassetuuid, new. assignedtoassetuuid, new. config, new. uuid, new. identifier, new. caption) returning * | 2207 | 0 | 7 |
|
||||
| insert into public.hs_office.relation_rv (anchoruuid,contactuuid,holderuuid,mark,type,version,uuid) values ($1,$2,$3,$4,$5,$6,$7) | 1261 | 0 | 9 |
|
||||
| insert into hs_office.relation (uuid, version, anchoruuid, holderuuid, contactuuid, type, mark) values (new.uuid, new. version, new. anchoruuid, new. holderuuid, new. contactuuid, new. type, new. mark) returning * | 1261 | 0 | 9 |
|
||||
| select * from isGranted(array[granteeId], grantedId) | 44613 | 0 | 0 |
|
||||
| insert into public.hs_hosting_asset_rv (alarmcontactuuid,assignedtoassetuuid,bookingitemuuid,caption,config,identifier,parentassetuuid,type,version,uuid) values ($1,$2,$3,$4,$5,$6,$7,$8,$9,$10) | 2207 | 0 | 7 |
|
||||
| insert into hs_hosting_asset (alarmcontactuuid, version, bookingitemuuid, type, parentassetuuid, assignedtoassetuuid, config, uuid, identifier, caption) values (new.alarmcontactuuid, new. version, new. bookingitemuuid, new. type, new. parentassetuuid, new. assignedtoassetuuid, new. config, new. uuid, new. identifier, new. caption) returning * | 2207 | 0 | 7 |
|
||||
| insert into public.hs_office_relation_rv (anchoruuid,contactuuid,holderuuid,mark,type,version,uuid) values ($1,$2,$3,$4,$5,$6,$7) | 1261 | 0 | 9 |
|
||||
| insert into hs_office_relation (uuid, version, anchoruuid, holderuuid, contactuuid, type, mark) values (new.uuid, new. version, new. anchoruuid, new. holderuuid, new. contactuuid, new. type, new. mark) returning * | 1261 | 0 | 9 |
|
||||
| call buildRbacSystemForHsOfficeRelation(NEW) | 1276 | 0 | 8 |
|
||||
| with recursive grants as ( select descendantUuid, ascendantUuid from RbacGrants where descendantUuid = grantedId union all select ""grant"".descendantUuid, ""grant"".ascendantUuid from RbacGrants ""grant"" inner join grants recur on recur.ascendantUuid = ""grant"".descendantUuid ) select exists ( select $3 from grants where ascendantUuid = any(granteeIds) ) or grantedId = any(granteeIds) | 47540 | 0 | 0 |
|
||||
| insert into RbacGrants (grantedByTriggerOf, ascendantuuid, descendantUuid, assumed) values (currentTriggerObjectUuid(), superRoleId, subRoleId, doAssume) on conflict do nothing" | 40472 | 0 | 0 |
|
||||
| insert into public.hs_booking.item_rv (caption,parentitemuuid,projectuuid,resources,type,validity,version,uuid) values ($1,$2,$3,$4,$5,$6,$7,$8) | 926 | 0 | 7 |
|
||||
| insert into hs_booking.item (resources, version, projectuuid, type, parentitemuuid, validity, uuid, caption) values (new.resources, new. version, new. projectuuid, new. type, new. parentitemuuid, new. validity, new. uuid, new. caption) returning * | 926 | 0 | 7 |
|
||||
| insert into public.hs_booking_item_rv (caption,parentitemuuid,projectuuid,resources,type,validity,version,uuid) values ($1,$2,$3,$4,$5,$6,$7,$8) | 926 | 0 | 7 |
|
||||
| insert into hs_booking_item (resources, version, projectuuid, type, parentitemuuid, validity, uuid, caption) values (new.resources, new. version, new. projectuuid, new. type, new. parentitemuuid, new. validity, new. uuid, new. caption) returning * | 926 | 0 | 7 |
|
||||
|
||||
|
||||
The slowest query now was fetching Relations joined with Contact, Anchor-Person and Holder-Person, for all tables using the restricted (RBAC) views (_rv).
|
||||
@ -294,20 +294,20 @@ We changed these mappings from `EAGER` (default) to `LAZY` to `@ManyToOne(fetch
|
||||
:::small
|
||||
| query | calls | total (min) | mean (ms) |
|
||||
|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------|-------------|----------|
|
||||
| select hope1_0.uuid,hope1_0.familyname,hope1_0.givenname,hope1_0.persontype,hope1_0.salutation,hope1_0.title,hope1_0.tradename,hope1_0.version from public.hs_office.person_rv hope1_0 where hope1_0.uuid=$1 | 1015 | 4 | 238 |
|
||||
| select hore1_0.uuid,hore1_0.anchoruuid,hore1_0.contactuuid,hore1_0.holderuuid,hore1_0.mark,hore1_0.type,hore1_0.version from public.hs_office.relation_rv hore1_0 where hore1_0.uuid=$1 | 517 | 4 | 439 |
|
||||
| select hoce1_0.uuid,hoce1_0.caption,hoce1_0.emailaddresses,hoce1_0.phonenumbers,hoce1_0.postaladdress,hoce1_0.version from public.hs_office.contact_rv hoce1_0 where hoce1_0.uuid=$1 | 497 | 2 | 213 |
|
||||
| call rbac.grantRoleToRole(roleUuid, superRoleUuid, superRoleDesc.assumed) | 31316 | 0 | 1 |
|
||||
| select * from rbac.isGranted(array[granteeId], grantedId) | 44613 | 0 | 0 |
|
||||
| select hope1_0.uuid,hope1_0.familyname,hope1_0.givenname,hope1_0.persontype,hope1_0.salutation,hope1_0.title,hope1_0.tradename,hope1_0.version from public.hs_office_person_rv hope1_0 where hope1_0.uuid=$1 | 1015 | 4 | 238 |
|
||||
| select hore1_0.uuid,hore1_0.anchoruuid,hore1_0.contactuuid,hore1_0.holderuuid,hore1_0.mark,hore1_0.type,hore1_0.version from public.hs_office_relation_rv hore1_0 where hore1_0.uuid=$1 | 517 | 4 | 439 |
|
||||
| select hoce1_0.uuid,hoce1_0.caption,hoce1_0.emailaddresses,hoce1_0.phonenumbers,hoce1_0.postaladdress,hoce1_0.version from public.hs_office_contact_rv hoce1_0 where hoce1_0.uuid=$1 | 497 | 2 | 213 |
|
||||
| call grantRoleToRole(roleUuid, superRoleUuid, superRoleDesc.assumed) | 31316 | 0 | 1 |
|
||||
| select * from isGranted(array[granteeId], grantedId) | 44613 | 0 | 0 |
|
||||
| call buildRbacSystemForHsHostingAsset(NEW) | 2258 | 0 | 7 |
|
||||
| insert into public.hs_hosting.asset_rv (alarmcontactuuid,assignedtoassetuuid,bookingitemuuid,caption,config,identifier,parentassetuuid,type,version,uuid) values ($1,$2,$3,$4,$5,$6,$7,$8,$9,$10) | 2207 | 0 | 7 |
|
||||
| insert into hs_hosting.asset (alarmcontactuuid, version, bookingitemuuid, type, parentassetuuid, assignedtoassetuuid, config, uuid, identifier, caption) values (new.alarmcontactuuid, new. version, new. bookingitemuuid, new. type, new. parentassetuuid, new. assignedtoassetuuid, new. config, new. uuid, new. identifier, new. caption) returning * | 2207 | 0 | 7 |
|
||||
| insert into public.hs_hosting_asset_rv (alarmcontactuuid,assignedtoassetuuid,bookingitemuuid,caption,config,identifier,parentassetuuid,type,version,uuid) values ($1,$2,$3,$4,$5,$6,$7,$8,$9,$10) | 2207 | 0 | 7 |
|
||||
| insert into hs_hosting_asset (alarmcontactuuid, version, bookingitemuuid, type, parentassetuuid, assignedtoassetuuid, config, uuid, identifier, caption) values (new.alarmcontactuuid, new. version, new. bookingitemuuid, new. type, new. parentassetuuid, new. assignedtoassetuuid, new. config, new. uuid, new. identifier, new. caption) returning * | 2207 | 0 | 7 |
|
||||
| with recursive grants as ( select descendantUuid, ascendantUuid from RbacGrants where descendantUuid = grantedId union all select ""grant"".descendantUuid, ""grant"".ascendantUuid from RbacGrants ""grant"" inner join grants recur on recur.ascendantUuid = ""grant"".descendantUuid ) select exists ( select $3 from grants where ascendantUuid = any(granteeIds) ) or grantedId = any(granteeIds) | 47538 | 0 | 0 |
|
||||
insert into public.hs_office.relation_rv (anchoruuid,contactuuid,holderuuid,mark,type,version,uuid) values ($1,$2,$3,$4,$5,$6,$7) | 1261 | 0 | 8 |
|
||||
| insert into hs_office.relation (uuid, version, anchoruuid, holderuuid, contactuuid, type, mark) values (new.uuid, new. version, new. anchoruuid, new. holderuuid, new. contactuuid, new. type, new. mark) returning * | 1261 | 0 | 8 |
|
||||
insert into public.hs_office_relation_rv (anchoruuid,contactuuid,holderuuid,mark,type,version,uuid) values ($1,$2,$3,$4,$5,$6,$7) | 1261 | 0 | 8 |
|
||||
| insert into hs_office_relation (uuid, version, anchoruuid, holderuuid, contactuuid, type, mark) values (new.uuid, new. version, new. anchoruuid, new. holderuuid, new. contactuuid, new. type, new. mark) returning * | 1261 | 0 | 8 |
|
||||
| call buildRbacSystemForHsOfficeRelation(NEW) | 1276 | 0 | 7 |
|
||||
| insert into public.hs_booking.item_rv (caption,parentitemuuid,projectuuid,resources,type,validity,version,uuid) values ($1,$2,$3,$4,$5,$6,$7,$8) | 926 | 0 | 7 |
|
||||
| insert into hs_booking.item (resources, version, projectuuid, type, parentitemuuid, validity, uuid, caption) values (new.resources, new. version, new. projectuuid, new. type, new. parentitemuuid, new. validity, new. uuid, new. caption) returning * | 926 | 0 | 7 |
|
||||
| insert into public.hs_booking_item_rv (caption,parentitemuuid,projectuuid,resources,type,validity,version,uuid) values ($1,$2,$3,$4,$5,$6,$7,$8) | 926 | 0 | 7 |
|
||||
| insert into hs_booking_item (resources, version, projectuuid, type, parentitemuuid, validity, uuid, caption) values (new.resources, new. version, new. projectuuid, new. type, new. parentitemuuid, new. validity, new. uuid, new. caption) returning * | 926 | 0 | 7 |
|
||||
insert into RbacGrants (grantedByTriggerOf, ascendantuuid, descendantUuid, assumed) values (currentTriggerObjectUuid(), superRoleId, subRoleId, doAssume) on conflict do nothing | 40472 | 0 | 0 |
|
||||
|
||||
Now, finally, the total runtime of the import was down to 12 minutes. This is repeatable, where originally, the import took about 25mins in most cases and just rarely - and for unknown reasons - 10min.
|
||||
@ -318,7 +318,7 @@ But once UnixUser and EmailAlias assets got added to the import, the total time
|
||||
|
||||
This was not acceptable, especially not, considering that domains, email-addresses and database-assets are almost 10 times that number and thus the import would go up to over 1100min which is 20 hours.
|
||||
|
||||
In a first step, a `HsHostingAssetRawEntity` was created, mapped to the raw table (hs_hosting.asset) not to the RBAC-view (hs_hosting.asset_rv). Unfortunately we did not keep measurements, but that was only part of the problem anyway.
|
||||
In a first step, a `HsHostingAssetRawEntity` was created, mapped to the raw table (hs_hosting_asset) not to the RBAC-view (hs_hosting_asset_rv). Unfortunately we did not keep measurements, but that was only part of the problem anyway.
|
||||
|
||||
The main problem was, that there is something strange with persisting (`EntityManager.persist`) for EmailAlias assets. Where importing UnixUsers was mostly slow due to RBAC SELECT-permission checks, persisting EmailAliases suddenly created about a million (in numbers 1.000.000) SQL UPDATE statements after the INSERT, all with the same data, just increased version number (used for optimistic locking). We were not able to figure out why this happened.
|
||||
|
||||
@ -330,22 +330,22 @@ Now, the longest running queries are these:
|
||||
|
||||
| No.| calls | total_m | mean_ms | query |
|
||||
|---:|---------|--------:|--------:|:-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
|
||||
| 1 | 13.093 | 4 | 21 | insert into hs_hosting.asset( uuid, type, bookingitemuuid, parentassetuuid, assignedtoassetuuid, alarmcontactuuid, identifier, caption, config, version) values ( $1, $2, $3, $4, $5, $6, $7, $8, cast($9 as jsonb), $10) |
|
||||
| 2 | 517 | 4 | 502 | select hore1_0.uuid,hore1_0.anchoruuid,hore1_0.contactuuid,hore1_0.holderuuid,hore1_0.mark,hore1_0.type,hore1_0.version from public.hs_office.relation_rv hore1_0 where hore1_0.uuid=$1 |
|
||||
| 1 | 13.093 | 4 | 21 | insert into hs_hosting_asset( uuid, type, bookingitemuuid, parentassetuuid, assignedtoassetuuid, alarmcontactuuid, identifier, caption, config, version) values ( $1, $2, $3, $4, $5, $6, $7, $8, cast($9 as jsonb), $10) |
|
||||
| 2 | 517 | 4 | 502 | select hore1_0.uuid,hore1_0.anchoruuid,hore1_0.contactuuid,hore1_0.holderuuid,hore1_0.mark,hore1_0.type,hore1_0.version from public.hs_office_relation_rv hore1_0 where hore1_0.uuid=$1 |
|
||||
| 3 | 13.144 | 4 | 21 | call buildRbacSystemForHsHostingAsset(NEW) |
|
||||
| 4 | 96.632 | 3 | 2 | call rbac.grantRoleToRole(roleUuid, superRoleUuid, superRoleDesc.assumed) |
|
||||
| 5 | 120.815 | 3 | 2 | select * from rbac.isGranted(array[granteeId], grantedId) |
|
||||
| 4 | 96.632 | 3 | 2 | call grantRoleToRole(roleUuid, superRoleUuid, superRoleDesc.assumed) |
|
||||
| 5 | 120.815 | 3 | 2 | select * from isGranted(array[granteeId], grantedId) |
|
||||
| 6 | 123.740 | 3 | 2 | with recursive grants as ( select descendantUuid, ascendantUuid from RbacGrants where descendantUuid = grantedId union all select "grant".descendantUuid, "grant".ascendantUuid from RbacGrants "grant" inner join grants recur on recur.ascendantUuid = "grant".descendantUuid ) select exists ( select $3 from grants where ascendantUuid = any(granteeIds) ) or grantedId = any(granteeIds) |
|
||||
| 7 | 497 | 2 | 259 | select hoce1_0.uuid,hoce1_0.caption,hoce1_0.emailaddresses,hoce1_0.phonenumbers,hoce1_0.postaladdress,hoce1_0.version from public.hs_office.contact_rv hoce1_0 where hoce1_0.uuid=$1 |
|
||||
| 8 | 497 | 2 | 255 | select hope1_0.uuid,hope1_0.familyname,hope1_0.givenname,hope1_0.persontype,hope1_0.salutation,hope1_0.title,hope1_0.tradename,hope1_0.version from public.hs_office.person_rv hope1_0 where hope1_0.uuid=$1 |
|
||||
| 9 | 13.144 | 1 | 8 | SELECT createRoleWithGrants( hs_hosting.asset_TENANT(NEW), permissions => array[$7], incomingSuperRoles => array[ hs_hosting.asset_AGENT(NEW), hs_office.contact_ADMIN(newAlarmContact)], outgoingSubRoles => array[ hs_booking.item_TENANT(newBookingItem), hs_hosting.asset_TENANT(newParentAsset)] ) |
|
||||
| 10 | 13.144 | 1 | 5 | SELECT createRoleWithGrants( hs_hosting.asset_ADMIN(NEW), permissions => array[$7], incomingSuperRoles => array[ hs_booking.item_AGENT(newBookingItem), hs_hosting.asset_AGENT(newParentAsset), hs_hosting.asset_OWNER(NEW)] ) |
|
||||
| 7 | 497 | 2 | 259 | select hoce1_0.uuid,hoce1_0.caption,hoce1_0.emailaddresses,hoce1_0.phonenumbers,hoce1_0.postaladdress,hoce1_0.version from public.hs_office_contact_rv hoce1_0 where hoce1_0.uuid=$1 |
|
||||
| 8 | 497 | 2 | 255 | select hope1_0.uuid,hope1_0.familyname,hope1_0.givenname,hope1_0.persontype,hope1_0.salutation,hope1_0.title,hope1_0.tradename,hope1_0.version from public.hs_office_person_rv hope1_0 where hope1_0.uuid=$1 |
|
||||
| 9 | 13.144 | 1 | 8 | SELECT createRoleWithGrants( hsHostingAssetTENANT(NEW), permissions => array[$7], incomingSuperRoles => array[ hsHostingAssetAGENT(NEW), hsOfficeContactADMIN(newAlarmContact)], outgoingSubRoles => array[ hsBookingItemTENANT(newBookingItem), hsHostingAssetTENANT(newParentAsset)] ) |
|
||||
| 10 | 13.144 | 1 | 5 | SELECT createRoleWithGrants( hsHostingAssetADMIN(NEW), permissions => array[$7], incomingSuperRoles => array[ hsBookingItemAGENT(newBookingItem), hsHostingAssetAGENT(newParentAsset), hsHostingAssetOWNER(NEW)] ) |
|
||||
|
||||
That the `INSERT into hs_hosting.asset` (No. 1) takes up the most time, seems to be normal, and 21ms for each call is also fine.
|
||||
That the `INSERT into hs_hosting_asset` (No. 1) takes up the most time, seems to be normal, and 21ms for each call is also fine.
|
||||
|
||||
It seems that the trigger effects (eg. No. 3 and No. 4) are included in the measure for the causing INSERT, otherwise summing up the totals would exceed the actual total time of the whole import. And it was to be expected that building the RBAC rules for new business objects takes most of the time.
|
||||
|
||||
In production, the `SELECT ... FROM hs_office.relation_rv` (No. 2) with about 0.5 seconds could still be a problem. But once we apply the improvements from the hosting asset area also to the office area, this should not be a problem for the import anymore.
|
||||
In production, the `SELECT ... FROM hs_office_relation_rv` (No. 2) with about 0.5 seconds could still be a problem. But once we apply the improvements from the hosting asset area also to the office area, this should not be a problem for the import anymore.
|
||||
|
||||
|
||||
## Further Options To Explore
|
||||
@ -355,88 +355,6 @@ In production, the `SELECT ... FROM hs_office.relation_rv` (No. 2) with about 0.
|
||||
3. For the production code, we could use raw-entities for referenced entities, here usually RBAC SELECT permission is given anyway.
|
||||
|
||||
|
||||
## The Problematically Huge Join
|
||||
|
||||
The origin problem was the expensive RBAC check for many SELECT queries.
|
||||
This consists of two parts:
|
||||
|
||||
1. The recursive CTE query to determine which object's UUIDs are visible for the current subject.
|
||||
This query itself takes currently about 250ms thus is no problem by itself as long as we only need it once per request.
|
||||
2. Joining the result from 1. with the result if a business query.
|
||||
The performance of the business query itself is no problem, for the join see the following explanations.
|
||||
|
||||
Superusers can see all objects (currently already over 90.000)
|
||||
and even high level roles of customers with many hosting assets can see several thousand objects.
|
||||
This is the one side of that problematic join.
|
||||
|
||||
The other side of that problematic is the result of the business query.
|
||||
For example if a user wants to select all of their e-mail-addresses, that might easily half of the visible objects.
|
||||
|
||||
Thus, we would have a join of for example 5.000 x 2.500 rows, which is going to be slow.
|
||||
As there are currently about 84.000 objects are hosting assets and 33.000 e-mail-addresses in our system,
|
||||
for a superuser we would even run into an 84.0000 x 33.0000 join.
|
||||
|
||||
We found some solution approaches:
|
||||
|
||||
1. Getting rid of the `rbacrole` and `rbacpermission` table and only having implicit roles with implicit grants (OWNER->ADMIN->AGENT->TENENT->REFERRER) by comparison of ordered enum values and fixed permission assignments (e.g. OWENER->DELETE, ADMIN->UPDATE etc.). We could also get rid of the table `rbacreferece` if we enter users as business objects.
|
||||
|
||||
This should dramatically reduce the size of the table `rbackgrant` as well as the recusion levels.
|
||||
|
||||
But since we only apply this query once for each business query, that would only improve performance once we have way more objects in our system, but does not help our current problem.
|
||||
|
||||
It's quite some effort to implement even just a prototype, so we did not further explore this idea.
|
||||
|
||||
2. Adding the object type to the table `rbacObject` to reduce the size of the result of the recursive CTE query.
|
||||
|
||||
See chapter below.
|
||||
|
||||
3. Inverting the recursion of the CTE-query, combined with the type condition.
|
||||
|
||||
Instead of starting the recursion with `currentSubjectOrAssumedRolesUuids()`,
|
||||
we could start it with the target table name and row-type,
|
||||
then recurse down to the `currentSubjectOrAssumedRolesUuids()`.
|
||||
|
||||
In the end, we need the object UUIDs, though.
|
||||
But if we start with the join of `rbacObject` with `rbacPermission`,
|
||||
we need to forward the object UUIDs through the whole recursion.
|
||||
|
||||
This idea was not yet further explored.
|
||||
|
||||
|
||||
### Adding The Object Type To The Table `rbacObject`
|
||||
|
||||
This optimization idea came from Michael Hierweck and was promising.
|
||||
The idea is to reduce the size of the result of the recursive CTE query and maybe even speed up that query itself.
|
||||
|
||||
To evaluate this, I added a type column to the `rbacObject` table, initially as an enum hsHostingAssetType. Then I entered the type there for all rows from hs_hosting.asset. This means that 83,886 of 92,545 rows in `rbacobject` have a type set, leaving 8,659 without.
|
||||
|
||||
If we do this for other types (we currently have 1,271 relations and 927 booking items), it gets more complicated because they are different enum types. As varchar(16), we could lose performance again due to the higher storage space requirements.
|
||||
|
||||
But the performance gained is not particularly high anyway.
|
||||
See the average seconds per recursive CTE select as role 'hs_hosting.asset:<DEBITOR>defaultproject:ADMIN',
|
||||
joined with business query for all `'EMAIL_ADDRESSES'`:
|
||||
|
||||
| | D-1000000-hsh | D-1000300-mih |
|
||||
|-----------------------------------------------------|------------------|---------------|
|
||||
| currently (without type comparision in rbacobject): | ~3.30 - ~3.49 | ~0.23 |
|
||||
| optimized (with type comparision in rbacobject): | ~2.99 - ~3.08 | ~0.21 |
|
||||
|
||||
As you can see, the query is no problem at all for normal customers (in the example, yours truly). With Hostsharing (D-1000000-hsh) it is quite slow.
|
||||
|
||||
Luckily this experiment also shows that it's not a big problem, having all hosting assets in the same database table.
|
||||
|
||||
Implementing this approach would be a bit difficult anyway, because we would need to transfer the type query parameter into the definition of the restricted view. We have not even the slightest idea how this could be done.
|
||||
|
||||
See the related queries in [recursive-cte-experiments-for-accessible-uuids.sql](../sql/recursive-cte-experiments-for-accessible-uuids.sql). They might have changed independently since this document was written, but you can still check out the old version from git.
|
||||
|
||||
### Rearranging the Parts of the CTE-Query
|
||||
|
||||
I also moved the function call which determines into its own WITH-section, with no improvement.
|
||||
|
||||
Experimentally I moved the business condition into the CTE SELECT, also with no improvement.
|
||||
|
||||
Such rearrangements seem to be successfully done by the PostgreSQL query optimizer.
|
||||
|
||||
## Summary
|
||||
|
||||
### What we did Achieve?
|
||||
@ -445,19 +363,13 @@ In a first step, the total import runtime for office entities was reduced from a
|
||||
|
||||
In a second step, we reduced the import of booking- and hosting-assets from about 100min (not counting the required office entities) to 5min.
|
||||
|
||||
### What did not Help?
|
||||
|
||||
Rearranging the CTE query by extracting parts into WITH-clauses did not improve the performance.
|
||||
|
||||
Surprisingly little performance gain (<10% improvement) came from reducing the result of the CTE query by moving the hosting asset type into RBAC-system and using it in the inner SELECT query instead of in the outer SELECT query of the application side.
|
||||
|
||||
### What did Help?
|
||||
### What Helped?
|
||||
|
||||
Merging the recursive CTE query to determine the RBAC SELECT-permission, made it more clear which business-queries take the time.
|
||||
|
||||
Avoiding EAGER-loading where not necessary, reduced the total runtime of the import to about the half.
|
||||
|
||||
The major improvement came from using direct INSERT statements, which avoided some SELECT statements unnecessarily generated by the EntityManager and also completely bypassed the RBAC SELECT permission checks.
|
||||
The major improvement came from using direct INSERT statements, which then also bypassed the RBAC SELECT permission checks.
|
||||
|
||||
### What Still Has To Be Done?
|
||||
|
||||
|
56
doc/rbac.md
56
doc/rbac.md
@ -29,7 +29,7 @@ skinparam linetype ortho
|
||||
package RBAC {
|
||||
|
||||
' forward declarations
|
||||
entity RbacSubject
|
||||
entity RbacUser
|
||||
|
||||
together {
|
||||
|
||||
@ -37,8 +37,8 @@ package RBAC {
|
||||
entity RbacPermission
|
||||
|
||||
|
||||
RbacSubject -[hidden]> RbacRole
|
||||
RbacRole -[hidden]> RbacSubject
|
||||
RbacUser -[hidden]> RbacRole
|
||||
RbacRole -[hidden]> RbacUser
|
||||
}
|
||||
|
||||
together {
|
||||
@ -57,11 +57,11 @@ package RBAC {
|
||||
RbacGrant o-u-> RbacReference
|
||||
|
||||
enum RbacReferenceType {
|
||||
RbacSubject
|
||||
RbacUser
|
||||
RbacRole
|
||||
RbacPermission
|
||||
}
|
||||
RbacReferenceType ..> RbacSubject
|
||||
RbacReferenceType ..> RbacUser
|
||||
RbacReferenceType ..> RbacRole
|
||||
RbacReferenceType ..> RbacPermission
|
||||
|
||||
@ -71,12 +71,12 @@ package RBAC {
|
||||
type : RbacReferenceType
|
||||
}
|
||||
RbacReference o--> RbacReferenceType
|
||||
entity RbacSubject {
|
||||
entity RbacUser {
|
||||
*uuid : uuid <<generated>>
|
||||
--
|
||||
name : varchar
|
||||
}
|
||||
RbacSubject o-- RbacReference
|
||||
RbacUser o-- RbacReference
|
||||
|
||||
entity RbacRole {
|
||||
*uuid : uuid(RbacReference)
|
||||
@ -143,20 +143,20 @@ The primary key of the *RbacReference* and its referred object is always identic
|
||||
#### RbacReferenceType
|
||||
|
||||
The enum *RbacReferenceType* describes the type of reference.
|
||||
It's only needed to make it easier to find the referred object in *RbacSubject*, *RbacRole* or *RbacPermission*.
|
||||
It's only needed to make it easier to find the referred object in *RbacUser*, *RbacRole* or *RbacPermission*.
|
||||
|
||||
#### RbacSubject
|
||||
#### RbacUser
|
||||
|
||||
An *RbacSubject* is a type of RBAC-subject which references a login account outside this system, identified by a name (usually an email-address).
|
||||
An *RbacUser* is a type of RBAC-subject which references a login account outside this system, identified by a name (usually an email-address).
|
||||
|
||||
*RbacSubject*s can be assigned to multiple *RbacRole*s, through which they can get permissions to *RbacObject*s.
|
||||
*RbacUser*s can be assigned to multiple *RbacRole*s, through which they can get permissions to *RbacObject*s.
|
||||
|
||||
The primary key of the *RbacSubject* is identical to its related *RbacReference*.
|
||||
The primary key of the *RbacUser* is identical to its related *RbacReference*.
|
||||
|
||||
#### RbacRole
|
||||
|
||||
An *RbacRole* represents a collection of directly or indirectly assigned *RbacPermission*s.
|
||||
Each *RbacRole* can be assigned to *RbacSubject*s or to another *RbacRole*.
|
||||
Each *RbacRole* can be assigned to *RbacUser*s or to another *RbacRole*.
|
||||
|
||||
Both kinds of assignments are represented via *RbacGrant*.
|
||||
|
||||
@ -184,7 +184,7 @@ Only with this rule, the foreign key in *RbacPermission* can be defined as `NOT
|
||||
|
||||
#### RbacGrant
|
||||
|
||||
The *RbacGrant* entities represent the access-rights structure from *RbacSubject*s via hierarchical *RbacRoles* down to *RbacPermission*s.
|
||||
The *RbacGrant* entities represent the access-rights structure from *RbacUser*s via hierarchical *RbacRoles* down to *RbacPermission*s.
|
||||
|
||||
The core SQL queries to determine access rights are all recursive queries on the *RbacGrant* table.
|
||||
|
||||
@ -284,7 +284,7 @@ hide circle
|
||||
' use right-angled line routing
|
||||
' skinparam linetype ortho
|
||||
|
||||
package RbacSubjects {
|
||||
package RbacUsers {
|
||||
object UserMike
|
||||
object UserSuse
|
||||
object UserPaul
|
||||
@ -296,7 +296,7 @@ package RbacRoles {
|
||||
object RoleCustXyz_Admin
|
||||
object RolePackXyz00_Owner
|
||||
}
|
||||
RbacSubjects -[hidden]> RbacRoles
|
||||
RbacUsers -[hidden]> RbacRoles
|
||||
|
||||
package RbacPermissions {
|
||||
object PermCustXyz_SELECT
|
||||
@ -364,10 +364,10 @@ This way, each user can only select the data they have 'SELECT'-permission for,
|
||||
|
||||
### Current User
|
||||
|
||||
The current use is taken from the session variable `hsadminng.currentSubject` which contains the name of the user as stored in the
|
||||
*RbacSubject*s table. Example:
|
||||
The current use is taken from the session variable `hsadminng.currentUser` which contains the name of the user as stored in the
|
||||
*RbacUser*s table. Example:
|
||||
|
||||
SET LOCAL hsadminng.currentSubject = 'mike@hostsharing.net';
|
||||
SET LOCAL hsadminng.currentUser = 'mike@hostsharing.net';
|
||||
|
||||
That user is also used for historicization and audit log, but which is a different topic.
|
||||
|
||||
@ -388,7 +388,7 @@ A full example is shown here:
|
||||
|
||||
BEGIN TRANSACTION;
|
||||
SET SESSION SESSION AUTHORIZATION restricted;
|
||||
SET LOCAL hsadminng.currentSubject = 'mike@hostsharing.net';
|
||||
SET LOCAL hsadminng.currentUser = 'mike@hostsharing.net';
|
||||
SET LOCAL hsadminng.assumedRoles = 'customer#aab:admin;customer#aac:admin';
|
||||
|
||||
SELECT c.prefix, p.name as "package", ema.localPart || '@' || dom.name as "email-address"
|
||||
@ -605,8 +605,8 @@ Find the SQL script here: `28-hs-tests.sql`.
|
||||
We have tested two variants of the query for the restricted view,
|
||||
both utilizing a PostgreSQL function like this:
|
||||
|
||||
FUNCTION rbac.queryAccessibleObjectUuidsOfSubjectIds(
|
||||
requiredOp rbac.RbacOp,
|
||||
FUNCTION queryAccessibleObjectUuidsOfSubjectIds(
|
||||
requiredOp RbacOp,
|
||||
forObjectTable varchar,
|
||||
subjectIds uuid[],
|
||||
maxObjects integer = 16000)
|
||||
@ -623,8 +623,8 @@ Let's have a look at the two view queries:
|
||||
FROM customer AS target
|
||||
WHERE target.uuid IN (
|
||||
SELECT uuid
|
||||
FROM rbac.queryAccessibleObjectUuidsOfSubjectIds(
|
||||
'SELECT, 'customer', currentSubjectOrAssumedRolesUuids()));
|
||||
FROM queryAccessibleObjectUuidsOfSubjectIds(
|
||||
'SELECT, 'customer', currentSubjectsUuids()));
|
||||
|
||||
This view should be automatically updatable.
|
||||
Where, for updates, we actually have to check for 'UPDATE' instead of 'SELECT' operation, which makes it a bit more complicated.
|
||||
@ -641,8 +641,8 @@ Looks like the query optimizer needed some statistics to find the best path.
|
||||
CREATE OR REPLACE VIEW customer_rv AS
|
||||
SELECT DISTINCT target.*
|
||||
FROM customer AS target
|
||||
JOIN rbac.queryAccessibleObjectUuidsOfSubjectIds(
|
||||
'SELECT, 'customer', currentSubjectOrAssumedRolesUuids()) AS allowedObjId
|
||||
JOIN queryAccessibleObjectUuidsOfSubjectIds(
|
||||
'SELECT, 'customer', currentSubjectsUuids()) AS allowedObjId
|
||||
ON target.uuid = allowedObjId;
|
||||
|
||||
This view cannot is not updatable automatically,
|
||||
@ -671,9 +671,9 @@ Access Control for business objects checked according to the assigned roles.
|
||||
But we decided not to create such roles and permissions for the RBAC-Objects itself.
|
||||
It would have overcomplicated the system and the necessary information can easily be added to the RBAC-Objects itself, mostly the `RbacGrant`s.
|
||||
|
||||
### RbacSubject
|
||||
### RbacUser
|
||||
|
||||
Users can self-register, thus to create a new RbacSubject entity, no login is required.
|
||||
Users can self-register, thus to create a new RbacUser entity, no login is required.
|
||||
But such a user has no access-rights except viewing itself.
|
||||
|
||||
Users can view themselves.
|
||||
|
@ -1,124 +0,0 @@
|
||||
<!doctype html>
|
||||
<html $if(lang)$ lang="$lang$" $endif$>
|
||||
<head>
|
||||
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
|
||||
<!--[if lt IE 9]>
|
||||
<script src="http://css3-mediaqueries-js.googlecode.com/svn/trunk/css3-mediaqueries.js"></script>
|
||||
<![endif]-->
|
||||
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
||||
<meta http-equiv="Content-Style-Type" content="text/css" />
|
||||
|
||||
<!-- <link rel="stylesheet" type="text/css" href="template.css" /> -->
|
||||
<link rel="stylesheet" type="text/css" href="https://cdn.jsdelivr.net/gh/diversen/pandoc-bootstrap-adaptive-template@959c3622/template.css" />
|
||||
|
||||
<link href="https://vjs.zencdn.net/5.4.4/video-js.css" rel="stylesheet" />
|
||||
|
||||
<script src="https://code.jquery.com/jquery-2.2.1.min.js"></script>
|
||||
<!-- <script type='text/javascript' src='menu/js/jquery.cookie.js'></script> -->
|
||||
<!-- <script type='text/javascript' src='menu/js/jquery.hoverIntent.minified.js'></script> -->
|
||||
<!-- <script type='text/javascript' src='menu/js/jquery.dcjqaccordion.2.7.min.js'></script> -->
|
||||
|
||||
<!-- <link href="menu/css/skins/blue.css" rel="stylesheet" type="text/css" /> -->
|
||||
<!-- <link href="menu/css/skins/graphite.css" rel="stylesheet" type="text/css" /> -->
|
||||
<!-- <link href="menu/css/skins/grey.css" rel="stylesheet" type="text/css" /> -->
|
||||
|
||||
<!-- <script src="https://cdn.mathjax.org/mathjax/latest/MathJax.js?config=TeX-AMS-MML_HTMLorMML"></script> -->
|
||||
|
||||
|
||||
<!-- <script src="script.js"></script> -->
|
||||
|
||||
<!-- <script src="jquery.sticky-kit.js "></script> -->
|
||||
<script type='text/javascript' src='https://cdn.jsdelivr.net/gh/diversen/pandoc-bootstrap-adaptive-template@959c3622/menu/js/jquery.cookie.js'></script>
|
||||
<script type='text/javascript' src='https://cdn.jsdelivr.net/gh/diversen/pandoc-bootstrap-adaptive-template@959c3622/menu/js/jquery.hoverIntent.minified.js'></script>
|
||||
<script type='text/javascript' src='https://cdn.jsdelivr.net/gh/diversen/pandoc-bootstrap-adaptive-template@959c3622/menu/js/jquery.dcjqaccordion.2.7.min.js'></script>
|
||||
|
||||
<link href="https://cdn.jsdelivr.net/gh/diversen/pandoc-bootstrap-adaptive-template@959c3622/menu/css/skins/blue.css" rel="stylesheet" type="text/css" />
|
||||
<link href="https://cdn.jsdelivr.net/gh/diversen/pandoc-bootstrap-adaptive-template@959c3622/menu/css/skins/graphite.css" rel="stylesheet" type="text/css" />
|
||||
<link href="https://cdn.jsdelivr.net/gh/diversen/pandoc-bootstrap-adaptive-template@959c3622/menu/css/skins/grey.css" rel="stylesheet" type="text/css" />
|
||||
<link href="https://cdn.jsdelivr.net/gh/ryangrose/easy-pandoc-templates@948e28e5/css/elegant_bootstrap.css" rel="stylesheet" type="text/css" />
|
||||
|
||||
<script src="https://cdnjs.cloudflare.com/ajax/libs/mathjax/2.7.4/MathJax.js?config=TeX-AMS-MML_HTMLorMML"></script>
|
||||
|
||||
<script src="https://cdn.jsdelivr.net/gh/diversen/pandoc-bootstrap-adaptive-template@959c3622/script.js"></script>
|
||||
|
||||
<script src="https://cdn.jsdelivr.net/gh/diversen/pandoc-bootstrap-adaptive-template@959c3622/jquery.sticky-kit.js"></script>
|
||||
<meta name="generator" content="pandoc" />
|
||||
$for(author-meta)$
|
||||
<meta name="author" content="$author-meta$" />
|
||||
$endfor$
|
||||
$if(date-meta)$
|
||||
<meta name="date" content="$date-meta$" />
|
||||
$endif$
|
||||
<title>$if(title-prefix)$$title-prefix$ - $endif$$pagetitle$</title>
|
||||
<style type="text/css">code{white-space: pre;}</style>
|
||||
$if(quotes)$
|
||||
<style type="text/css">q { quotes: "“" "”" "‘" "’"; }</style>
|
||||
$endif$
|
||||
$if(highlighting-css)$
|
||||
<style type="text/css">
|
||||
$highlighting-css$
|
||||
</style>
|
||||
$endif$
|
||||
$for(css)$
|
||||
<link rel="stylesheet" href="$css$" $if(html5)$$else$type="text/css" $endif$/>
|
||||
$endfor$
|
||||
$if(math)$
|
||||
$math$
|
||||
$endif$
|
||||
$for(header-includes)$
|
||||
$header-includes$
|
||||
$endfor$
|
||||
</head>
|
||||
<body>
|
||||
|
||||
|
||||
$if(title)$
|
||||
<div class="navbar navbar-static-top">
|
||||
<div class="navbar-inner">
|
||||
<div class="container">
|
||||
<span class="doc-title">$title$</span>
|
||||
<ul class="nav pull-right doc-info">
|
||||
$for(author)$
|
||||
<li><p class="navbar-text">$author$</p></li>
|
||||
$endfor$
|
||||
$if(date)$
|
||||
<li><p class="navbar-text">$date$</p></li>
|
||||
$endif$
|
||||
</ul>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
$endif$
|
||||
<div class="container">
|
||||
<div class="row">
|
||||
$if(toc)$
|
||||
<div id="$idprefix$TOC" class="span3">
|
||||
<div class="well toc">
|
||||
|
||||
$toc$
|
||||
|
||||
</div>
|
||||
</div>
|
||||
$endif$
|
||||
<div class="span$if(toc)$9$else$12$endif$">
|
||||
|
||||
$if(abstract)$
|
||||
<H1>$abstract-title$</H1>
|
||||
$abstract$
|
||||
$endif$
|
||||
|
||||
$for(include-before)$
|
||||
$include-before$
|
||||
$endfor$
|
||||
$body$
|
||||
$for(include-after)$
|
||||
$include-after$
|
||||
$endfor$
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
<script src="https://vjs.zencdn.net/5.4.4/video.js"></script>
|
||||
|
||||
</body>
|
||||
</html>
|
@ -1 +0,0 @@
|
||||
find the generated ScenarioReports in build/doc/scenarios
|
@ -90,20 +90,6 @@ Acceptance-tests, are blackbox-tests and do <u>not</u> count into test-code-cove
|
||||
TODO.test: Complete the Acceptance-Tests test concept.
|
||||
|
||||
|
||||
#### Scenario-Tests
|
||||
|
||||
Our Scenario-tests are induced by business use-cases.
|
||||
They test from the REST API all the way down to the database.
|
||||
|
||||
Most scenario-tests are positive tests, they test if business scenarios do work.
|
||||
But few might be negative tests, which test if specific forbidden data gets rejected.
|
||||
|
||||
Our scenario tests also generate test-reports which contain the REST-API calls needed for each scenario.
|
||||
These reports can be used as examples for the API usage from a business perspective.
|
||||
|
||||
There is an extra document regarding scenario-test, see [Scenario-Tests README](../src/test/java/net/hostsharing/hsadminng/hs/office/scenarios/README.md).
|
||||
|
||||
|
||||
#### Performance-Tests
|
||||
|
||||
Performance-critical scenarios have to be identified and a special performance-test has to be implemented.
|
||||
|
@ -7,7 +7,7 @@ services:
|
||||
environment:
|
||||
POSTGRES_PASSWORD: password
|
||||
volumes:
|
||||
- ./postgresql-log-slow-queries.conf:/etc/postgresql/postgresql.conf
|
||||
- /home/mi/Projekte/Hostsharing/hsadmin-ng/etc/postgresql-log-slow-queries.conf:/etc/postgresql/postgresql.conf
|
||||
ports:
|
||||
- "5432:5432"
|
||||
command:
|
||||
@ -17,11 +17,3 @@ services:
|
||||
apt-get update &&
|
||||
apt-get install -y postgresql-contrib &&
|
||||
docker-entrypoint.sh postgres -c config_file=/etc/postgresql/postgresql.conf
|
||||
deploy:
|
||||
resources:
|
||||
limits:
|
||||
cpus: '2'
|
||||
memory: 8G
|
||||
reservations:
|
||||
cpus: '1'
|
||||
memory: 2G
|
@ -1,10 +1,8 @@
|
||||
{
|
||||
"allowedLicenses": [
|
||||
{ "moduleLicense": "Apache 2" },
|
||||
{ "moduleLicense": "Apache 2.0" },
|
||||
{ "moduleLicense": "Apache-2.0" },
|
||||
{ "moduleLicense": "Apache 2" },
|
||||
{ "moduleLicense": "Apache License 2.0" },
|
||||
{ "moduleLicense": "Apache License v2.0" },
|
||||
{ "moduleLicense": "Apache License, Version 2.0" },
|
||||
{ "moduleLicense": "The Apache Software License, Version 2.0" },
|
||||
|
||||
@ -13,8 +11,6 @@
|
||||
{ "moduleLicense": "BSD-3-Clause" },
|
||||
{ "moduleLicense": "The BSD License" },
|
||||
|
||||
{ "moduleLicense": "The New BSD License" },
|
||||
|
||||
{ "moduleLicense": "CDDL 1.1" },
|
||||
{ "moduleLicense": "CDDL/GPLv2+CE" },
|
||||
{ "moduleLicense": "COMMON DEVELOPMENT AND DISTRIBUTION LICENSE (CDDL) Version 1.0" },
|
||||
@ -33,27 +29,11 @@
|
||||
{ "moduleLicense": "GNU General Public License, version 2 with the GNU Classpath Exception" },
|
||||
{ "moduleLicense": "GPL2 w/ CPE" },
|
||||
|
||||
{ "moduleLicense": "LGPL, version 2.1"},
|
||||
{ "moduleLicense": "LGPL-2.1-or-later"},
|
||||
|
||||
{ "moduleLicense": "MIT License" },
|
||||
{ "moduleLicense": "MIT" },
|
||||
{ "moduleLicense": "The MIT License (MIT)" },
|
||||
{ "moduleLicense": "The MIT License" },
|
||||
|
||||
{ "moduleLicense": "WTFPL" },
|
||||
|
||||
{
|
||||
"moduleLicense": "Public Domain, per Creative Commons CC0",
|
||||
"moduleVersion": "2.0.3"
|
||||
},
|
||||
|
||||
{
|
||||
"moduleLicense": null,
|
||||
"#moduleLicense": "Apache License 2.0, see https://github.com/springdoc/springdoc-openapi/blob/main/LICENSE",
|
||||
"moduleVersion": "2.4.0",
|
||||
"moduleName": "org.springdoc:springdoc-openapi"
|
||||
}
|
||||
|
||||
{ "moduleName": "org.springdoc:springdoc-openapi" }
|
||||
]
|
||||
}
|
||||
|
@ -1,6 +0,0 @@
|
||||
FROM eclipse-temurin:21-jdk
|
||||
RUN apt-get update && \
|
||||
apt-get install -y bind9-utils pandoc && \
|
||||
apt-get clean && \
|
||||
rm -rf /var/lib/apt/lists/*
|
||||
|
@ -1,5 +1,12 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
|
||||
<suppress>
|
||||
<notes><![CDATA[
|
||||
Cyclic references are not possible if file comes in JSON text format.
|
||||
]]></notes>
|
||||
<packageUrl regex="true">^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-databind@.*$</packageUrl>
|
||||
<cpe>cpe:/a:fasterxml:jackson-databind</cpe>
|
||||
</suppress>
|
||||
<suppress>
|
||||
<notes><![CDATA[
|
||||
Internal tooling, not exposed to the Internet.
|
||||
@ -7,10 +14,4 @@
|
||||
<packageUrl regex="true">^pkg:maven/org\.pitest/pitest\-command\-line@.*$</packageUrl>
|
||||
<cpe>cpe:/a:line:line</cpe>
|
||||
</suppress>
|
||||
<suppress>
|
||||
<notes><![CDATA[
|
||||
Malicious HTTP redirect in JAXB on a REST-endpoint is not that dangerous.
|
||||
]]></notes>
|
||||
<cve>CVE-2024-9329</cve>
|
||||
</suppress>
|
||||
</suppressions>
|
||||
|
53
sql/examples.sql
Normal file
53
sql/examples.sql
Normal file
@ -0,0 +1,53 @@
|
||||
-- ========================================================
|
||||
-- First Example Entity with History
|
||||
-- --------------------------------------------------------
|
||||
|
||||
CREATE TABLE IF NOT EXISTS customer (
|
||||
"id" SERIAL PRIMARY KEY,
|
||||
"reference" int not null unique, -- 10000-99999
|
||||
"prefix" character(3) unique
|
||||
);
|
||||
|
||||
CALL create_historicization('customer');
|
||||
|
||||
|
||||
-- ========================================================
|
||||
-- Second Example Entity with History
|
||||
-- --------------------------------------------------------
|
||||
|
||||
CREATE TABLE IF NOT EXISTS package_type (
|
||||
"id" serial PRIMARY KEY,
|
||||
"name" character varying(8)
|
||||
);
|
||||
|
||||
CALL create_historicization('package_type');
|
||||
|
||||
-- ========================================================
|
||||
-- Third Example Entity with History
|
||||
-- --------------------------------------------------------
|
||||
|
||||
CREATE TABLE IF NOT EXISTS package (
|
||||
"id" serial PRIMARY KEY,
|
||||
"name" character varying(5),
|
||||
"customer_id" INTEGER REFERENCES customer(id)
|
||||
);
|
||||
|
||||
CALL create_historicization('package');
|
||||
|
||||
|
||||
-- ========================================================
|
||||
-- query historical data
|
||||
-- --------------------------------------------------------
|
||||
|
||||
|
||||
ABORT;
|
||||
BEGIN TRANSACTION;
|
||||
SET LOCAL hsadminng.currentUser TO 'mih42_customer_aaa';
|
||||
SET LOCAL hsadminng.currentTask TO 'adding customer_aaa';
|
||||
INSERT INTO package (customer_id, name) VALUES (10000, 'aaa00');
|
||||
COMMIT;
|
||||
-- Usage:
|
||||
|
||||
SET hsadminng.timestamp TO '2022-07-12 08:53:27.723315';
|
||||
SET hsadminng.timestamp TO '2022-07-12 11:38:27.723315';
|
||||
SELECT * FROM customer_hv p WHERE prefix = 'aaa';
|
@ -1,39 +1,166 @@
|
||||
|
||||
-- ========================================================
|
||||
-- Historization twiddle
|
||||
-- Historization
|
||||
-- --------------------------------------------------------
|
||||
|
||||
rollback;
|
||||
begin transaction;
|
||||
call defineContext('historization testing', null, 'superuser-alex@hostsharing.net',
|
||||
-- 'hs_booking.project#D-1000000-hshdefaultproject:ADMIN'); -- prod+test
|
||||
'hs_booking.project#D-1000313-D-1000313defaultproject:ADMIN'); -- prod+test
|
||||
-- 'hs_booking.project#D-1000300-mihdefaultproject:ADMIN'); -- prod
|
||||
-- 'hs_booking.project#D-1000300-mimdefaultproject:ADMIN'); -- test
|
||||
-- update hs_hosting.asset set caption='lug00 b' where identifier = 'lug00' and type = 'MANAGED_WEBSPACE'; -- prod
|
||||
-- update hs_hosting.asset set caption='hsh00 A ' || now()::text where identifier = 'hsh00' and type = 'MANAGED_WEBSPACE'; -- test
|
||||
-- update hs_hosting.asset set caption='hsh00 B ' || now()::text where identifier = 'hsh00' and type = 'MANAGED_WEBSPACE'; -- test
|
||||
CREATE TABLE "tx_history" (
|
||||
"tx_id" BIGINT NOT NULL UNIQUE,
|
||||
"tx_timestamp" TIMESTAMP NOT NULL,
|
||||
"user" VARCHAR(64) NOT NULL, -- references postgres user
|
||||
"task" VARCHAR NOT NULL
|
||||
);
|
||||
|
||||
-- insert into hs_hosting.asset
|
||||
-- (uuid, bookingitemuuid, type, parentassetuuid, assignedtoassetuuid, identifier, caption, config, alarmcontactuuid)
|
||||
-- values
|
||||
-- (uuid_generate_v4(), null, 'EMAIL_ADDRESS', 'bbda5895-0569-4e20-bb4c-34f3a38f3f63'::uuid, null,
|
||||
-- 'new@thi.example.org', 'some new E-Mail-Address', '{}'::jsonb, null);
|
||||
CREATE TYPE "operation" AS ENUM ('INSERT', 'UPDATE', 'DELETE', 'TRUNCATE');
|
||||
|
||||
delete from hs_hosting.asset where uuid='5aea68d2-3b55-464f-8362-b05c76c5a681'::uuid;
|
||||
commit;
|
||||
-- see https://www.postgresql.org/docs/current/plpgsql-trigger.html
|
||||
|
||||
-- single version at point in time
|
||||
-- set hsadminng.tx_history_txid to (select max(txid) from base.tx_context where txtimestamp<='2024-08-27 12:13:13.450821');
|
||||
set hsadminng.tx_history_txid to '';
|
||||
set hsadminng.tx_history_timestamp to '2024-08-29 12:42';
|
||||
-- all versions
|
||||
select base.tx_history_txid(), txc.txtimestamp, txc.currentSubject, txc.currentTask, haex.*
|
||||
from hs_hosting.asset_ex haex
|
||||
join base.tx_context txc on haex.txid=txc.txid
|
||||
where haex.identifier = 'test@thi.example.org';
|
||||
CREATE OR REPLACE FUNCTION historicize()
|
||||
RETURNS trigger
|
||||
LANGUAGE plpgsql STRICT AS $$
|
||||
DECLARE
|
||||
currentUser VARCHAR(63);
|
||||
currentTask VARCHAR(127);
|
||||
"row" RECORD;
|
||||
"alive" BOOLEAN;
|
||||
"sql" varchar;
|
||||
BEGIN
|
||||
-- determine user_id
|
||||
BEGIN
|
||||
currentUser := current_setting('hsadminng.currentUser');
|
||||
EXCEPTION WHEN OTHERS THEN
|
||||
currentUser := NULL;
|
||||
END;
|
||||
IF (currentUser IS NULL OR currentUser = '') THEN
|
||||
RAISE EXCEPTION 'hsadminng.currentUser must be defined, please use "SET LOCAL ...;"';
|
||||
END IF;
|
||||
RAISE NOTICE 'currentUser: %', currentUser;
|
||||
|
||||
select uuid, version, type, identifier, caption from hs_hosting.asset_hv p where identifier = 'test@thi.example.org';
|
||||
-- determine task
|
||||
currentTask = current_setting('hsadminng.currentTask');
|
||||
assert currentTask IS NOT NULL AND length(currentTask) >= 12,
|
||||
format('hsadminng.currentTask (%s) must be defined and min 12 characters long, please use "SET LOCAL ...;"', currentTask);
|
||||
assert length(currentTask) <= 127,
|
||||
format('hsadminng.currentTask (%s) must not be longer than 127 characters"', currentTask);
|
||||
|
||||
select pg_current_xact_id();
|
||||
IF (TG_OP = 'INSERT') OR (TG_OP = 'UPDATE') THEN
|
||||
"row" := NEW;
|
||||
"alive" := TRUE;
|
||||
ELSE -- DELETE or TRUNCATE
|
||||
"row" := OLD;
|
||||
"alive" := FALSE;
|
||||
END IF;
|
||||
|
||||
sql := format('INSERT INTO tx_history VALUES (txid_current(), now(), %1L, %2L) ON CONFLICT DO NOTHING', currentUser, currentTask);
|
||||
RAISE NOTICE 'sql: %', sql;
|
||||
EXECUTE sql;
|
||||
sql := format('INSERT INTO %3$I_versions VALUES (DEFAULT, txid_current(), %1$L, %2$L, $1.*)', TG_OP, alive, TG_TABLE_NAME);
|
||||
RAISE NOTICE 'sql: %', sql;
|
||||
EXECUTE sql USING "row";
|
||||
|
||||
RETURN "row";
|
||||
END; $$;
|
||||
|
||||
CREATE OR REPLACE PROCEDURE create_historical_view(baseTable varchar)
|
||||
LANGUAGE plpgsql AS $$
|
||||
DECLARE
|
||||
createTriggerSQL varchar;
|
||||
viewName varchar;
|
||||
versionsTable varchar;
|
||||
createViewSQL varchar;
|
||||
baseCols varchar;
|
||||
BEGIN
|
||||
|
||||
viewName = quote_ident(format('%s_hv', baseTable));
|
||||
versionsTable = quote_ident(format('%s_versions', baseTable));
|
||||
baseCols = (SELECT string_agg(quote_ident(column_name), ', ')
|
||||
FROM information_schema.columns
|
||||
WHERE table_schema = 'public' AND table_name = baseTable);
|
||||
|
||||
createViewSQL = format(
|
||||
'CREATE OR REPLACE VIEW %1$s AS' ||
|
||||
'(' ||
|
||||
' SELECT %2$s' ||
|
||||
' FROM %3$s' ||
|
||||
' WHERE alive = TRUE' ||
|
||||
' AND version_id IN' ||
|
||||
' (' ||
|
||||
' SELECT max(vt.version_id) AS history_id' ||
|
||||
' FROM %3$s AS vt' ||
|
||||
' JOIN tx_history as txh ON vt.tx_id = txh.tx_id' ||
|
||||
' WHERE txh.tx_timestamp <= current_setting(''hsadminng.timestamp'')::timestamp' ||
|
||||
' GROUP BY id' ||
|
||||
' )' ||
|
||||
')',
|
||||
viewName, baseCols, versionsTable
|
||||
);
|
||||
RAISE NOTICE 'sql: %', createViewSQL;
|
||||
EXECUTE createViewSQL;
|
||||
|
||||
createTriggerSQL = 'CREATE TRIGGER ' || baseTable || '_historicize' ||
|
||||
' AFTER INSERT OR DELETE OR UPDATE ON ' || baseTable ||
|
||||
' FOR EACH ROW EXECUTE PROCEDURE historicize()';
|
||||
RAISE NOTICE 'sql: %', createTriggerSQL;
|
||||
EXECUTE createTriggerSQL;
|
||||
|
||||
END; $$;
|
||||
|
||||
CREATE OR REPLACE PROCEDURE create_historicization(baseTable varchar)
|
||||
LANGUAGE plpgsql AS $$
|
||||
DECLARE
|
||||
createHistTableSql varchar;
|
||||
createTriggerSQL varchar;
|
||||
viewName varchar;
|
||||
versionsTable varchar;
|
||||
createViewSQL varchar;
|
||||
baseCols varchar;
|
||||
BEGIN
|
||||
|
||||
-- create the history table
|
||||
createHistTableSql = '' ||
|
||||
'CREATE TABLE ' || baseTable || '_versions (' ||
|
||||
' version_id serial PRIMARY KEY,' ||
|
||||
' tx_id bigint NOT NULL REFERENCES tx_history(tx_id),' ||
|
||||
' trigger_op operation NOT NULL,' ||
|
||||
' alive boolean not null,' ||
|
||||
|
||||
' LIKE ' || baseTable ||
|
||||
' EXCLUDING CONSTRAINTS' ||
|
||||
' EXCLUDING STATISTICS' ||
|
||||
')';
|
||||
RAISE NOTICE 'sql: %', createHistTableSql;
|
||||
EXECUTE createHistTableSql;
|
||||
|
||||
-- create the historical view
|
||||
viewName = quote_ident(format('%s_hv', baseTable));
|
||||
versionsTable = quote_ident(format('%s_versions', baseTable));
|
||||
baseCols = (SELECT string_agg(quote_ident(column_name), ', ')
|
||||
FROM information_schema.columns
|
||||
WHERE table_schema = 'public' AND table_name = baseTable);
|
||||
|
||||
createViewSQL = format(
|
||||
'CREATE OR REPLACE VIEW %1$s AS' ||
|
||||
'(' ||
|
||||
' SELECT %2$s' ||
|
||||
' FROM %3$s' ||
|
||||
' WHERE alive = TRUE' ||
|
||||
' AND version_id IN' ||
|
||||
' (' ||
|
||||
' SELECT max(vt.version_id) AS history_id' ||
|
||||
' FROM %3$s AS vt' ||
|
||||
' JOIN tx_history as txh ON vt.tx_id = txh.tx_id' ||
|
||||
' WHERE txh.tx_timestamp <= current_setting(''hsadminng.timestamp'')::timestamp' ||
|
||||
' GROUP BY id' ||
|
||||
' )' ||
|
||||
')',
|
||||
viewName, baseCols, versionsTable
|
||||
);
|
||||
RAISE NOTICE 'sql: %', createViewSQL;
|
||||
EXECUTE createViewSQL;
|
||||
|
||||
createTriggerSQL = 'CREATE TRIGGER ' || baseTable || '_historicize' ||
|
||||
' AFTER INSERT OR DELETE OR UPDATE ON ' || baseTable ||
|
||||
' FOR EACH ROW EXECUTE PROCEDURE historicize()';
|
||||
RAISE NOTICE 'sql: %', createTriggerSQL;
|
||||
EXECUTE createTriggerSQL;
|
||||
|
||||
END; $$;
|
||||
|
@ -3,28 +3,28 @@
|
||||
-- --------------------------------------------------------
|
||||
|
||||
|
||||
select rbac.isGranted(rbac.findRoleId('administrators'), rbac.findRoleId('rbactest.package#aaa00:OWNER'));
|
||||
select rbac.isGranted(rbac.findRoleId('rbactest.package#aaa00:OWNER'), rbac.findRoleId('administrators'));
|
||||
-- call rbac.grantRoleToRole(findRoleId('rbactest.package#aaa00:OWNER'), findRoleId('administrators'));
|
||||
-- call rbac.grantRoleToRole(findRoleId('administrators'), findRoleId('rbactest.package#aaa00:OWNER'));
|
||||
select isGranted(findRoleId('administrators'), findRoleId('test_package#aaa00:OWNER'));
|
||||
select isGranted(findRoleId('test_package#aaa00:OWNER'), findRoleId('administrators'));
|
||||
-- call grantRoleToRole(findRoleId('test_package#aaa00:OWNER'), findRoleId('administrators'));
|
||||
-- call grantRoleToRole(findRoleId('administrators'), findRoleId('test_package#aaa00:OWNER'));
|
||||
|
||||
select count(*)
|
||||
FROM rbac.queryAllPermissionsOfSubjectIdForObjectUuids(rbac.findRbacSubject('superuser-fran@hostsharing.net'),
|
||||
ARRAY(select uuid from rbactest.customer where reference < 1100000));
|
||||
FROM queryAllPermissionsOfSubjectIdForObjectUuids(findRbacUser('superuser-fran@hostsharing.net'),
|
||||
ARRAY(select uuid from customer where reference < 1100000));
|
||||
select count(*)
|
||||
FROM rbac.queryAllPermissionsOfSubjectId(findRbacSubject('superuser-fran@hostsharing.net'));
|
||||
FROM queryAllPermissionsOfSubjectId(findRbacUser('superuser-fran@hostsharing.net'));
|
||||
select *
|
||||
FROM rbac.queryAllPermissionsOfSubjectId(findRbacSubject('alex@example.com'));
|
||||
FROM queryAllPermissionsOfSubjectId(findRbacUser('alex@example.com'));
|
||||
select *
|
||||
FROM rbac.queryAllPermissionsOfSubjectId(findRbacSubject('rosa@example.com'));
|
||||
FROM queryAllPermissionsOfSubjectId(findRbacUser('rosa@example.com'));
|
||||
|
||||
select *
|
||||
FROM rbac.queryAllRbacSubjectsWithPermissionsFor(rbac.findEffectivePermissionId('customer',
|
||||
(SELECT uuid FROM rbac.RbacObject WHERE objectTable = 'customer' LIMIT 1),
|
||||
FROM queryAllRbacUsersWithPermissionsFor(findEffectivePermissionId('customer',
|
||||
(SELECT uuid FROM RbacObject WHERE objectTable = 'customer' LIMIT 1),
|
||||
'add-package'));
|
||||
select *
|
||||
FROM rbac.queryAllRbacSubjectsWithPermissionsFor(rbac.findEffectivePermissionId('package',
|
||||
(SELECT uuid FROM rbac.RbacObject WHERE objectTable = 'package' LIMIT 1),
|
||||
FROM queryAllRbacUsersWithPermissionsFor(findEffectivePermissionId('package',
|
||||
(SELECT uuid FROM RbacObject WHERE objectTable = 'package' LIMIT 1),
|
||||
'DELETE'));
|
||||
|
||||
DO LANGUAGE plpgsql
|
||||
@ -33,13 +33,13 @@ $$
|
||||
userId uuid;
|
||||
result bool;
|
||||
BEGIN
|
||||
userId = rbac.findRbacSubject('superuser-alex@hostsharing.net');
|
||||
result = (SELECT * FROM rbac.isPermissionGrantedToSubject(rbac.findPermissionId('package', 94928, 'add-package'), userId));
|
||||
userId = findRbacUser('superuser-alex@hostsharing.net');
|
||||
result = (SELECT * FROM isPermissionGrantedToSubject(findPermissionId('package', 94928, 'add-package'), userId));
|
||||
IF (result) THEN
|
||||
RAISE EXCEPTION 'expected permission NOT to be granted, but it is';
|
||||
end if;
|
||||
|
||||
result = (SELECT * FROM rbac.isPermissionGrantedToSubject(rbac.findPermissionId('package', 94928, 'SELECT'), userId));
|
||||
result = (SELECT * FROM isPermissionGrantedToSubject(findPermissionId('package', 94928, 'SELECT'), userId));
|
||||
IF (NOT result) THEN
|
||||
RAISE EXCEPTION 'expected permission to be granted, but it is NOT';
|
||||
end if;
|
||||
|
@ -20,43 +20,43 @@ CREATE POLICY customer_policy ON customer
|
||||
TO restricted
|
||||
USING (
|
||||
-- id=1000
|
||||
rbac.isPermissionGrantedToSubject(rbac.findEffectivePermissionId('rbactest.customer', id, 'SELECT'), rbac.currentSubjectUuid())
|
||||
isPermissionGrantedToSubject(findEffectivePermissionId('test_customer', id, 'SELECT'), currentUserUuid())
|
||||
);
|
||||
|
||||
SET SESSION AUTHORIZATION restricted;
|
||||
SET hsadminng.currentSubject TO 'alex@example.com';
|
||||
SET hsadminng.currentUser TO 'alex@example.com';
|
||||
SELECT * from customer;
|
||||
|
||||
-- access control via view-rule and isPermissionGrantedToSubject - way too slow (35 s 580 ms for 1 million rows)
|
||||
SET SESSION SESSION AUTHORIZATION DEFAULT;
|
||||
DROP VIEW cust_view;
|
||||
CREATE VIEW cust_view AS
|
||||
SELECT * FROM rbactest.customer;
|
||||
SELECT * FROM customer;
|
||||
CREATE OR REPLACE RULE "_RETURN" AS
|
||||
ON SELECT TO cust_view
|
||||
DO INSTEAD
|
||||
SELECT * FROM rbactest.customer WHERE rbac.isPermissionGrantedToSubject(rbac.findEffectivePermissionId('rbactest.customer', id, 'SELECT'), rbac.currentSubjectUuid());
|
||||
SELECT * FROM customer WHERE isPermissionGrantedToSubject(findEffectivePermissionId('test_customer', id, 'SELECT'), currentUserUuid());
|
||||
SELECT * from cust_view LIMIT 10;
|
||||
|
||||
select rbac.queryAllPermissionsOfSubjectId(findRbacSubject('superuser-alex@hostsharing.net'));
|
||||
select queryAllPermissionsOfSubjectId(findRbacUser('superuser-alex@hostsharing.net'));
|
||||
|
||||
-- access control via view-rule with join to recursive permissions - really fast (38ms for 1 million rows)
|
||||
SET SESSION SESSION AUTHORIZATION DEFAULT;
|
||||
ALTER TABLE rbactest.customer ENABLE ROW LEVEL SECURITY;
|
||||
ALTER TABLE customer ENABLE ROW LEVEL SECURITY;
|
||||
DROP VIEW IF EXISTS cust_view;
|
||||
CREATE OR REPLACE VIEW cust_view AS
|
||||
SELECT *
|
||||
FROM rbactest.customer;
|
||||
FROM customer;
|
||||
CREATE OR REPLACE RULE "_RETURN" AS
|
||||
ON SELECT TO cust_view
|
||||
DO INSTEAD
|
||||
SELECT c.uuid, c.reference, c.prefix FROM rbactest.customer AS c
|
||||
JOIN rbac.queryAllPermissionsOfSubjectId(rbac.currentSubjectUuid()) AS p
|
||||
ON p.objectTable='rbactest.customer' AND p.objectUuid=c.uuid;
|
||||
SELECT c.uuid, c.reference, c.prefix FROM customer AS c
|
||||
JOIN queryAllPermissionsOfSubjectId(currentUserUuid()) AS p
|
||||
ON p.objectTable='test_customer' AND p.objectUuid=c.uuid;
|
||||
GRANT ALL PRIVILEGES ON cust_view TO restricted;
|
||||
|
||||
SET SESSION SESSION AUTHORIZATION restricted;
|
||||
SET hsadminng.currentSubject TO 'alex@example.com';
|
||||
SET hsadminng.currentUser TO 'alex@example.com';
|
||||
SELECT * from cust_view;
|
||||
|
||||
|
||||
@ -67,23 +67,23 @@ DROP VIEW IF EXISTS cust_view;
|
||||
CREATE OR REPLACE VIEW cust_view AS
|
||||
SELECT c.uuid, c.reference, c.prefix
|
||||
FROM customer AS c
|
||||
JOIN queryAllPermissionsOfSubjectId(rbac.currentSubjectUuid()) AS p
|
||||
JOIN queryAllPermissionsOfSubjectId(currentUserUuid()) AS p
|
||||
ON p.objectUuid=c.uuid;
|
||||
GRANT ALL PRIVILEGES ON cust_view TO restricted;
|
||||
|
||||
SET SESSION SESSION AUTHORIZATION restricted;
|
||||
-- SET hsadminng.currentSubject TO 'alex@example.com';
|
||||
SET hsadminng.currentSubject TO 'superuser-alex@hostsharing.net';
|
||||
-- SET hsadminng.currentSubject TO 'aaaaouq@example.com';
|
||||
-- SET hsadminng.currentUser TO 'alex@example.com';
|
||||
SET hsadminng.currentUser TO 'superuser-alex@hostsharing.net';
|
||||
-- SET hsadminng.currentUser TO 'aaaaouq@example.com';
|
||||
SELECT * from cust_view where reference=1144150;
|
||||
|
||||
select rr.uuid, rr.type from rbac.RbacGrants g
|
||||
join rbac.RbacReference RR on g.ascendantUuid = RR.uuid
|
||||
select rr.uuid, rr.type from RbacGrants g
|
||||
join RbacReference RR on g.ascendantUuid = RR.uuid
|
||||
where g.descendantUuid in (
|
||||
select uuid from rbac.queryAllPermissionsOfSubjectId(findRbacSubject('alex@example.com'))
|
||||
where objectTable='rbactest.customer');
|
||||
select uuid from queryAllPermissionsOfSubjectId(findRbacUser('alex@example.com'))
|
||||
where objectTable='test_customer');
|
||||
|
||||
call rbac.grantRoleToUser(rbac.findRoleId('rbactest.customer#aaa:ADMIN'), rbac.findRbacSubject('aaaaouq@example.com'));
|
||||
call grantRoleToUser(findRoleId('test_customer#aaa:ADMIN'), findRbacUser('aaaaouq@example.com'));
|
||||
|
||||
select rbac.queryAllPermissionsOfSubjectId(findRbacSubject('aaaaouq@example.com'));
|
||||
select queryAllPermissionsOfSubjectId(findRbacUser('aaaaouq@example.com'));
|
||||
|
||||
|
@ -1,175 +0,0 @@
|
||||
-- just a permanent playground to explore optimization of the central recursive CTE query for RBAC
|
||||
|
||||
select * from hs_statistics_v;
|
||||
|
||||
-- ========================================================
|
||||
|
||||
-- This is the extracted recursive CTE query to determine the visible object UUIDs of a single table
|
||||
-- (and optionally the hosting-asset-type) as a separate VIEW.
|
||||
-- In the generated code this is part of the hs_hosting.asset_rv VIEW.
|
||||
|
||||
drop view if exists hs_hosting.asset_example_gv;
|
||||
create view hs_hosting.asset_example_gv as
|
||||
with recursive
|
||||
recursive_grants as (
|
||||
select distinct rbacgrants.descendantuuid,
|
||||
rbacgrants.ascendantuuid,
|
||||
1 as level,
|
||||
true
|
||||
from rbacgrants
|
||||
where (rbacgrants.ascendantuuid = any (rbac.currentSubjectOrAssumedRolesUuids()))
|
||||
and rbacgrants.assumed
|
||||
union all
|
||||
select distinct g.descendantuuid,
|
||||
g.ascendantuuid,
|
||||
grants.level + 1 as level,
|
||||
assertTrue(grants.level < 22, 'too many grant-levels: ' || grants.level)
|
||||
from rbacgrants g
|
||||
join recursive_grants grants on grants.descendantuuid = g.ascendantuuid
|
||||
where g.assumed
|
||||
),
|
||||
grant_count as (
|
||||
select count(*) as grant_count from recursive_grants
|
||||
),
|
||||
count_check as (
|
||||
select assertTrue((select grant_count from grant_count) < 600000,
|
||||
'too many grants for current subjects: ' || (select grant_count from grant_count)) as valid
|
||||
)
|
||||
select distinct perm.objectuuid
|
||||
from recursive_grants
|
||||
join rbacpermission perm on recursive_grants.descendantuuid = perm.uuid
|
||||
join rbacobject obj on obj.uuid = perm.objectuuid
|
||||
join count_check cc on cc.valid
|
||||
where obj.objecttable::text = 'hs_hosting.asset'::text
|
||||
-- with/without this type condition
|
||||
-- and obj.type = 'EMAIL_ADDRESS'::hshostingassettype
|
||||
and obj.type = 'EMAIL_ADDRESS'::hshostingassettype
|
||||
;
|
||||
|
||||
-- -----------------------------------------------------------------------------------------------
|
||||
|
||||
-- A query just on the above view, only determining visible objects, no JOIN with business data:
|
||||
|
||||
rollback transaction;
|
||||
begin transaction;
|
||||
CALL defineContext('performance testing', null, 'superuser-alex@hostsharing.net',
|
||||
'hs_booking.project#D-1000000-hshdefaultproject:ADMIN');
|
||||
-- 'hs_booking.project#D-1000300-mihdefaultproject:ADMIN');
|
||||
SET TRANSACTION READ ONLY;
|
||||
EXPLAIN ANALYZE select * from hs_hosting.asset_example_gv;
|
||||
end transaction ;
|
||||
|
||||
-- ========================================================
|
||||
|
||||
-- An example for a restricted view (_rv) similar to the one generated by our RBAC system,
|
||||
-- but using the above separate VIEW to determine the visible objects.
|
||||
|
||||
drop view if exists hs_hosting.asset_example_rv;
|
||||
create view hs_hosting.asset_example_rv as
|
||||
with accessible_hs_hosting.asset_uuids as (
|
||||
select * from hs_hosting.asset_example_gv
|
||||
)
|
||||
select target.*
|
||||
from hs_hosting.asset target
|
||||
where (target.uuid in (select accessible_hs_hosting.asset_uuids.objectuuid
|
||||
from accessible_hs_hosting.asset_uuids));
|
||||
|
||||
-- -------------------------------------------------------------------------------
|
||||
|
||||
-- performing several queries on the above view to determine average performance:
|
||||
|
||||
rollback transaction;
|
||||
DO language plpgsql $$
|
||||
DECLARE
|
||||
start_time timestamp;
|
||||
end_time timestamp;
|
||||
total_time interval;
|
||||
letter char(1);
|
||||
BEGIN
|
||||
start_time := clock_timestamp();
|
||||
|
||||
CALL defineContext('performance testing', null, 'superuser-alex@hostsharing.net',
|
||||
'hs_booking.project#D-1000000-hshdefaultproject:ADMIN');
|
||||
-- 'hs_booking.project#D-1000300-mihdefaultproject:ADMIN');
|
||||
SET TRANSACTION READ ONLY;
|
||||
|
||||
FOR i IN 0..25 LOOP
|
||||
letter := chr(i+ascii('a'));
|
||||
PERFORM count(*) from (
|
||||
|
||||
-- An example for a business query based on the view:
|
||||
select type, uuid, identifier, caption
|
||||
from hs_hosting.asset_example_rv
|
||||
where type = 'EMAIL_ADDRESS'
|
||||
and identifier like letter || '%'
|
||||
-- end of the business query example.
|
||||
|
||||
) AS timed;
|
||||
|
||||
END LOOP;
|
||||
|
||||
end_time := clock_timestamp();
|
||||
total_time := end_time - start_time;
|
||||
|
||||
RAISE NOTICE 'average execution time: %', total_time/26;
|
||||
END;
|
||||
$$;
|
||||
|
||||
-- average seconds per recursive CTE select as role 'hs_hosting.asset:<DEBITOR>defaultproject:ADMIN'
|
||||
-- joined with business query for all 'EMAIL_ADDRESSES':
|
||||
-- D-1000000-hsh D-1000300-mih
|
||||
-- - without type comparison in rbacobject: ~3.30 - ~3.49 ~0.23
|
||||
-- - with type comparison in rbacobject: ~2.99 - ~3.08 ~0.21
|
||||
|
||||
-- -------------------------------------------------------------------------------
|
||||
|
||||
-- and a single query, so EXPLAIN can be used
|
||||
|
||||
rollback transaction;
|
||||
begin transaction;
|
||||
CALL defineContext('performance testing', null, 'superuser-alex@hostsharing.net',
|
||||
'hs_booking.project#D-1000000-hshdefaultproject:ADMIN');
|
||||
-- 'hs_booking.project#D-1000300-mihdefaultproject:ADMIN');
|
||||
SET TRANSACTION READ ONLY;
|
||||
|
||||
EXPLAIN SELECT * from (
|
||||
|
||||
-- An example for a business query based on the view:
|
||||
select type, uuid, identifier, caption
|
||||
from hs_hosting.asset_example_rv
|
||||
where type = 'EMAIL_ADDRESS'
|
||||
-- and identifier like 'b%'
|
||||
-- end of the business query example.
|
||||
|
||||
) ha;
|
||||
|
||||
end transaction;
|
||||
|
||||
-- =============================================================================
|
||||
|
||||
-- extending the rbacobject table:
|
||||
|
||||
alter table rbacobject
|
||||
-- just for performance testing, we would need a joined enum or a varchar(16) which would make it slow
|
||||
add column type hs_hosting.AssetType;
|
||||
|
||||
-- and fill the type column with hs_hosting.asset types:
|
||||
|
||||
rollback transaction;
|
||||
begin transaction;
|
||||
call defineContext('setting rbacobject.type from hs_hosting.asset.type', null, 'superuser-alex@hostsharing.net');
|
||||
|
||||
UPDATE rbacobject
|
||||
SET type = hs.type
|
||||
FROM hs_hosting.asset hs
|
||||
WHERE rbacobject.uuid = hs.uuid;
|
||||
|
||||
end transaction;
|
||||
|
||||
-- check the result:
|
||||
|
||||
select
|
||||
(select count(*) as "total" from rbacobject),
|
||||
(select count(*) as "not null" from rbacobject where type is not null),
|
||||
(select count(*) as "null" from rbacobject where type is null);
|
||||
|
@ -1,54 +0,0 @@
|
||||
package net.hostsharing.hsadminng.config;
|
||||
|
||||
import jakarta.servlet.http.HttpServletRequest;
|
||||
import jakarta.servlet.http.HttpServletRequestWrapper;
|
||||
import java.util.*;
|
||||
|
||||
public class AuthenticatedHttpServletRequestWrapper extends HttpServletRequestWrapper {
|
||||
|
||||
private final Map<String, String> customHeaders = new HashMap<>();
|
||||
|
||||
public AuthenticatedHttpServletRequestWrapper(HttpServletRequest request) {
|
||||
super(request);
|
||||
}
|
||||
|
||||
public void addHeader(final String name, final String value) {
|
||||
customHeaders.put(name, value);
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getHeader(final String name) {
|
||||
// Check custom headers first
|
||||
final var customHeaderValue = customHeaders.get(name);
|
||||
if (customHeaderValue != null) {
|
||||
return customHeaderValue;
|
||||
}
|
||||
// Fall back to the original headers
|
||||
return super.getHeader(name);
|
||||
}
|
||||
|
||||
@Override
|
||||
public Enumeration<String> getHeaderNames() {
|
||||
// Combine original headers and custom headers
|
||||
final var headerNames = new HashSet<>(customHeaders.keySet());
|
||||
final var originalHeaderNames = super.getHeaderNames();
|
||||
while (originalHeaderNames.hasMoreElements()) {
|
||||
headerNames.add(originalHeaderNames.nextElement());
|
||||
}
|
||||
return Collections.enumeration(headerNames);
|
||||
}
|
||||
|
||||
@Override
|
||||
public Enumeration<String> getHeaders(final String name) {
|
||||
// Combine original headers and custom header
|
||||
final var values = new HashSet<String>();
|
||||
if (customHeaders.containsKey(name)) {
|
||||
values.add(customHeaders.get(name));
|
||||
}
|
||||
final var originalValues = super.getHeaders(name);
|
||||
while (originalValues.hasMoreElements()) {
|
||||
values.add(originalValues.nextElement());
|
||||
}
|
||||
return Collections.enumeration(values);
|
||||
}
|
||||
}
|
@ -1,39 +0,0 @@
|
||||
package net.hostsharing.hsadminng.config;
|
||||
|
||||
import jakarta.servlet.Filter;
|
||||
import jakarta.servlet.FilterChain;
|
||||
import jakarta.servlet.ServletRequest;
|
||||
import jakarta.servlet.ServletResponse;
|
||||
import jakarta.servlet.http.HttpServletRequest;
|
||||
import jakarta.servlet.http.HttpServletResponse;
|
||||
|
||||
import lombok.SneakyThrows;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.security.authentication.BadCredentialsException;
|
||||
import org.springframework.stereotype.Component;
|
||||
|
||||
@Component
|
||||
public class AuthenticationFilter implements Filter {
|
||||
|
||||
@Autowired
|
||||
private Authenticator authenticator;
|
||||
|
||||
@Override
|
||||
@SneakyThrows
|
||||
public void doFilter(final ServletRequest request, final ServletResponse response, final FilterChain chain) {
|
||||
final var httpRequest = (HttpServletRequest) request;
|
||||
final var httpResponse = (HttpServletResponse) response;
|
||||
|
||||
try {
|
||||
final var currentSubject = authenticator.authenticate(httpRequest);
|
||||
|
||||
final var authenticatedRequest = new AuthenticatedHttpServletRequestWrapper(httpRequest);
|
||||
authenticatedRequest.addHeader("current-subject", currentSubject);
|
||||
|
||||
chain.doFilter(authenticatedRequest, response);
|
||||
} catch (final BadCredentialsException exc) {
|
||||
// TODO.impl: should not be necessary if ResponseStatusException worked
|
||||
httpResponse.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
|
||||
}
|
||||
}
|
||||
}
|
@ -1,8 +0,0 @@
|
||||
package net.hostsharing.hsadminng.config;
|
||||
|
||||
import jakarta.servlet.http.HttpServletRequest;
|
||||
|
||||
public interface Authenticator {
|
||||
|
||||
String authenticate(final HttpServletRequest httpRequest);
|
||||
}
|
@ -1,71 +0,0 @@
|
||||
package net.hostsharing.hsadminng.config;
|
||||
|
||||
import io.micrometer.core.annotation.Timed;
|
||||
import lombok.SneakyThrows;
|
||||
import org.apache.commons.lang3.StringUtils;
|
||||
import org.springframework.beans.factory.annotation.Value;
|
||||
import org.springframework.security.authentication.BadCredentialsException;
|
||||
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
|
||||
import org.springframework.security.core.context.SecurityContextHolder;
|
||||
import org.springframework.web.client.RestTemplate;
|
||||
import org.xml.sax.SAXException;
|
||||
|
||||
import jakarta.servlet.http.HttpServletRequest;
|
||||
import javax.xml.parsers.DocumentBuilderFactory;
|
||||
import javax.xml.parsers.ParserConfigurationException;
|
||||
import java.io.IOException;
|
||||
|
||||
public class CasAuthenticator implements Authenticator {
|
||||
|
||||
@Value("${hsadminng.cas.server}")
|
||||
private String casServerUrl;
|
||||
|
||||
@Value("${hsadminng.cas.service}")
|
||||
private String serviceUrl;
|
||||
|
||||
private final RestTemplate restTemplate = new RestTemplate();
|
||||
|
||||
@SneakyThrows
|
||||
@Timed("app.cas.authenticate")
|
||||
public String authenticate(final HttpServletRequest httpRequest) {
|
||||
final var userName = StringUtils.isBlank(casServerUrl)
|
||||
? bypassCurrentSubject(httpRequest)
|
||||
: casValidation(httpRequest);
|
||||
final var authentication = new UsernamePasswordAuthenticationToken(userName, null, null);
|
||||
SecurityContextHolder.getContext().setAuthentication(authentication);
|
||||
return authentication.getName();
|
||||
}
|
||||
|
||||
private static String bypassCurrentSubject(final HttpServletRequest httpRequest) {
|
||||
final var userName = httpRequest.getHeader("current-subject");
|
||||
System.err.println("CasAuthenticator.bypassCurrentSubject: " + userName);
|
||||
return userName;
|
||||
}
|
||||
|
||||
private String casValidation(final HttpServletRequest httpRequest)
|
||||
throws SAXException, IOException, ParserConfigurationException {
|
||||
|
||||
System.err.println("CasAuthenticator.casValidation using CAS-server: " + casServerUrl);
|
||||
|
||||
final var ticket = httpRequest.getHeader("Authorization");
|
||||
final var url = casServerUrl + "/p3/serviceValidate" +
|
||||
"?service=" + serviceUrl +
|
||||
"&ticket=" + ticket;
|
||||
|
||||
final var response = restTemplate.getForObject(url, String.class);
|
||||
|
||||
final var doc = DocumentBuilderFactory.newInstance().newDocumentBuilder()
|
||||
.parse(new java.io.ByteArrayInputStream(response.getBytes()));
|
||||
if (doc.getElementsByTagName("cas:authenticationSuccess").getLength() == 0) {
|
||||
// TODO.impl: for unknown reasons, this results in a 403 FORBIDDEN
|
||||
// throw new ResponseStatusException(HttpStatus.UNAUTHORIZED, "CAS service ticket could not be validated");
|
||||
System.err.println("CAS service ticket could not be validated");
|
||||
System.err.println("CAS-validation-URL: " + url);
|
||||
System.err.println(response);
|
||||
throw new BadCredentialsException("CAS service ticket could not be validated");
|
||||
}
|
||||
final var userName = doc.getElementsByTagName("cas:user").item(0).getTextContent();
|
||||
System.err.println("CAS-user: " + userName);
|
||||
return userName;
|
||||
}
|
||||
}
|
@ -1,44 +0,0 @@
|
||||
package net.hostsharing.hsadminng.config;
|
||||
|
||||
import lombok.Getter;
|
||||
import org.springframework.boot.actuate.endpoint.annotation.Endpoint;
|
||||
import org.springframework.boot.actuate.endpoint.annotation.ReadOperation;
|
||||
import org.springframework.stereotype.Component;
|
||||
import org.springframework.web.client.RestTemplate;
|
||||
import org.springframework.web.servlet.support.ServletUriComponentsBuilder;
|
||||
|
||||
import java.util.List;
|
||||
|
||||
@Component
|
||||
@Endpoint(id="metric-links")
|
||||
// BLOG: implement a custom Spring Actuator endpoint to view _clickable_ Spring Actuator (Micrometer) Metrics endpoints
|
||||
// HOWTO: implement a custom Spring Actuator endpoint
|
||||
public class CustomActuatorEndpoint {
|
||||
|
||||
private final RestTemplate restTemplate = new RestTemplate();
|
||||
|
||||
@ReadOperation
|
||||
public String getMetricsLinks() {
|
||||
final String baseUrl = ServletUriComponentsBuilder.fromCurrentContextPath().build().toUriString();
|
||||
final var metricsEndpoint = baseUrl + "/actuator/metrics";
|
||||
|
||||
final var response = restTemplate.getForObject(metricsEndpoint, ActuatorMetricsEndpointResource.class);
|
||||
|
||||
if (response == null || response.getNames() == null) {
|
||||
throw new IllegalStateException("no metrics available");
|
||||
}
|
||||
return generateJsonLinksToMetricEndpoints(response, metricsEndpoint);
|
||||
}
|
||||
|
||||
private static String generateJsonLinksToMetricEndpoints(final ActuatorMetricsEndpointResource response, final String metricsEndpoint) {
|
||||
final var links = response.getNames().stream()
|
||||
.map(name -> "\"" + name + "\": \"" + metricsEndpoint + "/" + name + "\"")
|
||||
.toList();
|
||||
return "{\n" + String.join(",\n", links) + "\n}";
|
||||
}
|
||||
|
||||
@Getter
|
||||
private static class ActuatorMetricsEndpointResource {
|
||||
private List<String> names;
|
||||
}
|
||||
}
|
@ -1,8 +1,6 @@
|
||||
package net.hostsharing.hsadminng.config;
|
||||
|
||||
import com.fasterxml.jackson.core.JsonParser;
|
||||
import com.fasterxml.jackson.databind.DeserializationFeature;
|
||||
import com.fasterxml.jackson.databind.ObjectMapper;
|
||||
import com.fasterxml.jackson.databind.SerializationFeature;
|
||||
import com.fasterxml.jackson.datatype.jsr310.JavaTimeModule;
|
||||
import org.openapitools.jackson.nullable.JsonNullableModule;
|
||||
@ -11,24 +9,15 @@ import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.context.annotation.Primary;
|
||||
import org.springframework.http.converter.json.Jackson2ObjectMapperBuilder;
|
||||
|
||||
|
||||
@Configuration
|
||||
public class JsonObjectMapperConfiguration {
|
||||
|
||||
public static ObjectMapper build() {
|
||||
return new JsonObjectMapperConfiguration().customObjectMapper().build();
|
||||
}
|
||||
|
||||
@Bean
|
||||
@Primary
|
||||
public Jackson2ObjectMapperBuilder customObjectMapper() {
|
||||
// HOWTO: add JSON converters and specify other JSON mapping configurations
|
||||
return new Jackson2ObjectMapperBuilder()
|
||||
.modules(new JsonNullableModule(), new JavaTimeModule())
|
||||
.featuresToEnable(
|
||||
JsonParser.Feature.ALLOW_COMMENTS,
|
||||
DeserializationFeature.USE_BIG_DECIMAL_FOR_FLOATS
|
||||
)
|
||||
.featuresToEnable(JsonParser.Feature.ALLOW_COMMENTS)
|
||||
.featuresToDisable(SerializationFeature.WRITE_DATES_AS_TIMESTAMPS);
|
||||
}
|
||||
}
|
||||
|
@ -1,36 +0,0 @@
|
||||
package net.hostsharing.hsadminng.config;
|
||||
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.context.annotation.Profile;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
|
||||
import org.springframework.security.web.SecurityFilterChain;
|
||||
|
||||
@Configuration
|
||||
@EnableWebSecurity
|
||||
public class WebSecurityConfig {
|
||||
|
||||
@Bean
|
||||
@Profile("!test")
|
||||
public SecurityFilterChain securityFilterChain(final HttpSecurity http) throws Exception {
|
||||
return http
|
||||
.authorizeHttpRequests(authorize -> authorize
|
||||
.requestMatchers("/api/**").permitAll() // TODO.impl: implement authentication
|
||||
.requestMatchers("/swagger-ui/**").permitAll()
|
||||
.requestMatchers("/v3/api-docs/**").permitAll()
|
||||
.requestMatchers("/actuator/**").permitAll()
|
||||
.anyRequest().authenticated()
|
||||
)
|
||||
.csrf(AbstractHttpConfigurer::disable)
|
||||
.build();
|
||||
}
|
||||
|
||||
@Bean
|
||||
@Profile("!test")
|
||||
public Authenticator casServiceTicketValidator() {
|
||||
return new CasAuthenticator();
|
||||
}
|
||||
|
||||
}
|
@ -38,53 +38,53 @@ public class Context {
|
||||
private HttpServletRequest request;
|
||||
|
||||
@Transactional(propagation = MANDATORY)
|
||||
public void define(final String currentSubject) {
|
||||
define(currentSubject, null);
|
||||
public void define(final String currentUser) {
|
||||
define(currentUser, null);
|
||||
}
|
||||
|
||||
@Transactional(propagation = MANDATORY)
|
||||
public void define(final String currentSubject, final String assumedRoles) {
|
||||
define(toTask(request), toCurl(request), currentSubject, assumedRoles);
|
||||
public void define(final String currentUser, final String assumedRoles) {
|
||||
define(toTask(request), toCurl(request), currentUser, assumedRoles);
|
||||
}
|
||||
|
||||
@Transactional(propagation = MANDATORY)
|
||||
public void define(
|
||||
final String currentTask,
|
||||
final String currentRequest,
|
||||
final String currentSubject,
|
||||
final String currentUser,
|
||||
final String assumedRoles) {
|
||||
final var query = em.createNativeQuery("""
|
||||
call base.defineContext(
|
||||
call defineContext(
|
||||
cast(:currentTask as varchar(127)),
|
||||
cast(:currentRequest as text),
|
||||
cast(:currentSubject as varchar(63)),
|
||||
cast(:currentUser as varchar(63)),
|
||||
cast(:assumedRoles as varchar(1023)));
|
||||
""");
|
||||
query.setParameter("currentTask", shortenToMaxLength(currentTask, 127));
|
||||
query.setParameter("currentRequest", currentRequest);
|
||||
query.setParameter("currentSubject", currentSubject);
|
||||
query.setParameter("currentUser", currentUser);
|
||||
query.setParameter("assumedRoles", assumedRoles != null ? assumedRoles : "");
|
||||
query.executeUpdate();
|
||||
}
|
||||
|
||||
public String fetchCurrentTask() {
|
||||
public String getCurrentTask() {
|
||||
return (String) em.createNativeQuery("select current_setting('hsadminng.currentTask');").getSingleResult();
|
||||
}
|
||||
|
||||
public String fetchCurrentSubject() {
|
||||
return String.valueOf(em.createNativeQuery("select base.currentSubject()").getSingleResult());
|
||||
public String getCurrentUser() {
|
||||
return String.valueOf(em.createNativeQuery("select currentUser()").getSingleResult());
|
||||
}
|
||||
|
||||
public UUID fetchCurrentSubjectUuid() {
|
||||
return (UUID) em.createNativeQuery("select rbac.currentSubjectUuid()", UUID.class).getSingleResult();
|
||||
public UUID getCurrentUserUUid() {
|
||||
return (UUID) em.createNativeQuery("select currentUserUUid()", UUID.class).getSingleResult();
|
||||
}
|
||||
|
||||
public String[] fetchAssumedRoles() {
|
||||
return (String[]) em.createNativeQuery("select base.assumedRoles() as roles", String[].class).getSingleResult();
|
||||
public String[] getAssumedRoles() {
|
||||
return (String[]) em.createNativeQuery("select assumedRoles() as roles", String[].class).getSingleResult();
|
||||
}
|
||||
|
||||
public UUID[] fetchCurrentSubjectOrAssumedRolesUuids() {
|
||||
return (UUID[]) em.createNativeQuery("select rbac.currentSubjectOrAssumedRolesUuids() as uuids", UUID[].class).getSingleResult();
|
||||
public UUID[] currentSubjectsUuids() {
|
||||
return (UUID[]) em.createNativeQuery("select currentSubjectsUuids() as uuids", UUID[].class).getSingleResult();
|
||||
}
|
||||
|
||||
public static String getCallerMethodNameFromStackFrame(final int skipFrames) {
|
||||
|
@ -46,7 +46,6 @@ public class CustomErrorResponse {
|
||||
this.path = path;
|
||||
this.statusCode = status.value();
|
||||
this.statusPhrase = status.getReasonPhrase();
|
||||
// HOWTO: debug serverside error response - set a breakpoint here
|
||||
this.message = message.startsWith("ERROR: [") ? message : "ERROR: [" + statusCode + "] " + message;
|
||||
}
|
||||
}
|
||||
|
@ -9,25 +9,15 @@ import java.lang.annotation.Target;
|
||||
@Target(ElementType.TYPE)
|
||||
@Retention(RetentionPolicy.RUNTIME)
|
||||
public @interface DisplayAs {
|
||||
|
||||
class DisplayName {
|
||||
|
||||
public static String of(final Class<?> clazz) {
|
||||
final var displayNameAnnot = getDisplayNameAnnotation(clazz);
|
||||
final var displayNameAnnot = clazz.getAnnotation(DisplayAs.class);
|
||||
return displayNameAnnot != null ? displayNameAnnot.value() : clazz.getSimpleName();
|
||||
}
|
||||
|
||||
public static String of(@NotNull final Object instance) {
|
||||
return of(instance.getClass());
|
||||
}
|
||||
|
||||
private static DisplayAs getDisplayNameAnnotation(final Class<?> clazz) {
|
||||
if (clazz == null) {
|
||||
return null;
|
||||
}
|
||||
final var annot = clazz.getAnnotation(DisplayAs.class);
|
||||
return annot != null ? annot : getDisplayNameAnnotation(clazz.getSuperclass());
|
||||
}
|
||||
}
|
||||
|
||||
String value() default "";
|
||||
|
@ -1,31 +0,0 @@
|
||||
package net.hostsharing.hsadminng.errors;
|
||||
|
||||
import lombok.AllArgsConstructor;
|
||||
|
||||
import jakarta.validation.ValidationException;
|
||||
|
||||
@AllArgsConstructor
|
||||
public class Validate {
|
||||
|
||||
final String variableNames;
|
||||
|
||||
public static Validate validate(final String variableNames) {
|
||||
return new Validate(variableNames);
|
||||
}
|
||||
|
||||
public final void atMaxOne(final Object var1, final Object var2) {
|
||||
if (var1 != null && var2 != null) {
|
||||
throw new ValidationException(
|
||||
"At maximum one of (" + variableNames + ") must be non-null, " +
|
||||
"but are (" + var1 + ", " + var2 + ")");
|
||||
}
|
||||
}
|
||||
|
||||
public final void exactlyOne(final Object var1, final Object var2) {
|
||||
if ((var1 != null) == (var2 != null)) {
|
||||
throw new ValidationException(
|
||||
"Exactly one of (" + variableNames + ") must be non-null, " +
|
||||
"but are (" + var1 + ", " + var2 + ")");
|
||||
}
|
||||
}
|
||||
}
|
@ -27,41 +27,26 @@ public final class HashGenerator {
|
||||
"abcdefghijklmnopqrstuvwxyz" +
|
||||
"ABCDEFGHIJKLMNOPQRSTUVWXYZ" +
|
||||
"0123456789/.";
|
||||
private static boolean couldBeHashEnabled; // TODO.legacy: remove after legacy data is migrated
|
||||
private static boolean couldBeHashEnabled; // TODO.impl: remove after legacy data is migrated
|
||||
|
||||
public enum Algorithm {
|
||||
LINUX_SHA512(LinuxEtcShadowHashGenerator::hash, "6"),
|
||||
LINUX_YESCRYPT(LinuxEtcShadowHashGenerator::hash, "y", "j9T$") {
|
||||
@Override
|
||||
String enrichedSalt(final String salt) {
|
||||
return prefix + "$" + (salt.startsWith(optionalParam) ? salt : optionalParam + salt);
|
||||
}
|
||||
},
|
||||
LINUX_YESCRYPT(LinuxEtcShadowHashGenerator::hash, "y"),
|
||||
MYSQL_NATIVE(MySQLNativePasswordHashGenerator::hash, "*"),
|
||||
SCRAM_SHA256(PostgreSQLScramSHA256::hash, "SCRAM-SHA-256");
|
||||
|
||||
final BiFunction<HashGenerator, String, String> implementation;
|
||||
final String prefix;
|
||||
final String optionalParam;
|
||||
|
||||
Algorithm(BiFunction<HashGenerator, String, String> implementation, final String prefix, final String optionalParam) {
|
||||
this.implementation = implementation;
|
||||
this.prefix = prefix;
|
||||
this.optionalParam = optionalParam;
|
||||
}
|
||||
|
||||
Algorithm(BiFunction<HashGenerator, String, String> implementation, final String prefix) {
|
||||
this(implementation, prefix, null);
|
||||
this.implementation = implementation;
|
||||
this.prefix = prefix;
|
||||
}
|
||||
|
||||
static Algorithm byPrefix(final String prefix) {
|
||||
return Arrays.stream(Algorithm.values()).filter(a -> a.prefix.equals(prefix)).findAny()
|
||||
.orElseThrow(() -> new IllegalArgumentException("unknown hash algorithm: '" + prefix + "'"));
|
||||
}
|
||||
|
||||
String enrichedSalt(final String salt) {
|
||||
return prefix + "$" + salt;
|
||||
}
|
||||
}
|
||||
|
||||
private final Algorithm algorithm;
|
||||
@ -75,7 +60,7 @@ public final class HashGenerator {
|
||||
this.algorithm = algorithm;
|
||||
}
|
||||
|
||||
public static void enableCouldBeHash(final boolean enable) {
|
||||
public static void enableChouldBeHash(final boolean enable) {
|
||||
couldBeHashEnabled = enable;
|
||||
}
|
||||
|
||||
@ -88,11 +73,7 @@ public final class HashGenerator {
|
||||
throw new IllegalStateException("no password given");
|
||||
}
|
||||
|
||||
final var hash = algorithm.implementation.apply(this, plaintextPassword);
|
||||
if (hash.length() < plaintextPassword.length()) {
|
||||
throw new AssertionError("generated hash too short: " + hash);
|
||||
}
|
||||
return hash;
|
||||
return algorithm.implementation.apply(this, plaintextPassword);
|
||||
}
|
||||
|
||||
public String hashIfNotYetHashed(final String plaintextPasswordOrHash) {
|
||||
@ -121,10 +102,4 @@ public final class HashGenerator {
|
||||
}
|
||||
return withSalt(stringBuilder.toString());
|
||||
}
|
||||
|
||||
public static void main(String[] args) {
|
||||
System.out.println(
|
||||
HashGenerator.using(Algorithm.LINUX_YESCRYPT).withRandomSalt().hash("my plaintext domain transfer passphrase")
|
||||
);
|
||||
}
|
||||
}
|
||||
|
@ -10,7 +10,7 @@ public class LinuxEtcShadowHashGenerator {
|
||||
throw new IllegalStateException("no salt given");
|
||||
}
|
||||
|
||||
return NativeCryptLibrary.INSTANCE.crypt(payload, "$" + generator.getAlgorithm().enrichedSalt(generator.getSalt()));
|
||||
return NativeCryptLibrary.INSTANCE.crypt(payload, "$" + generator.getAlgorithm().prefix + "$" + generator.getSalt());
|
||||
}
|
||||
|
||||
public static void verify(final String givenHash, final String payload) {
|
||||
@ -22,8 +22,8 @@ public class LinuxEtcShadowHashGenerator {
|
||||
|
||||
final var algorithm = HashGenerator.Algorithm.byPrefix(parts[1]);
|
||||
final var salt = parts.length == 4 ? parts[2] : parts[2] + "$" + parts[3];
|
||||
final var calculatedHash = HashGenerator.using(algorithm).withSalt(salt).hash(payload);
|
||||
if (!calculatedHash.equals(givenHash)) {
|
||||
final var calcualatedHash = HashGenerator.using(algorithm).withSalt(salt).hash(payload);
|
||||
if (!calcualatedHash.equals(givenHash)) {
|
||||
throw new IllegalArgumentException("invalid password");
|
||||
}
|
||||
}
|
||||
|
@ -5,8 +5,8 @@ import lombok.Builder;
|
||||
import lombok.Getter;
|
||||
import lombok.NoArgsConstructor;
|
||||
import net.hostsharing.hsadminng.errors.DisplayAs;
|
||||
import net.hostsharing.hsadminng.repr.Stringify;
|
||||
import net.hostsharing.hsadminng.repr.Stringifyable;
|
||||
import net.hostsharing.hsadminng.stringify.Stringify;
|
||||
import net.hostsharing.hsadminng.stringify.Stringifyable;
|
||||
|
||||
import jakarta.persistence.Column;
|
||||
import jakarta.persistence.Entity;
|
||||
@ -14,11 +14,11 @@ import jakarta.persistence.Id;
|
||||
import jakarta.persistence.Table;
|
||||
import java.util.UUID;
|
||||
|
||||
import static net.hostsharing.hsadminng.repr.Stringify.stringify;
|
||||
import static net.hostsharing.hsadminng.stringify.Stringify.stringify;
|
||||
|
||||
// a partial HsOfficeDebitorEntity to reduce the number of SQL queries to load the entity
|
||||
@Entity
|
||||
@Table(schema = "hs_booking", name = "debitor_xv")
|
||||
@Table(name = "hs_booking_debitor_xv")
|
||||
@Getter
|
||||
@Builder
|
||||
@NoArgsConstructor
|
||||
|
@ -1,6 +1,5 @@
|
||||
package net.hostsharing.hsadminng.hs.booking.debitor;
|
||||
|
||||
import io.micrometer.core.annotation.Timed;
|
||||
import org.springframework.data.repository.Repository;
|
||||
|
||||
import java.util.List;
|
||||
@ -9,9 +8,7 @@ import java.util.UUID;
|
||||
|
||||
public interface HsBookingDebitorRepository extends Repository<HsBookingDebitorEntity, UUID> {
|
||||
|
||||
@Timed("app.booking.debitor.repo.findByUuid")
|
||||
Optional<HsBookingDebitorEntity> findByUuid(UUID id);
|
||||
|
||||
@Timed("app.booking.debitor.repo.findByDebitorNumber")
|
||||
List<HsBookingDebitorEntity> findByDebitorNumber(int debitorNumber);
|
||||
}
|
||||
|
@ -1,20 +0,0 @@
|
||||
package net.hostsharing.hsadminng.hs.booking.item;
|
||||
|
||||
import lombok.Getter;
|
||||
import org.springframework.context.ApplicationEvent;
|
||||
|
||||
import jakarta.validation.constraints.NotNull;
|
||||
|
||||
@Getter
|
||||
public class BookingItemCreatedAppEvent extends ApplicationEvent {
|
||||
|
||||
private BookingItemCreatedEventEntity entity;
|
||||
|
||||
public BookingItemCreatedAppEvent(
|
||||
@NotNull final Object source,
|
||||
@NotNull final HsBookingItemRealEntity newBookingItem,
|
||||
final String assetJson) {
|
||||
super(source);
|
||||
this.entity = new BookingItemCreatedEventEntity(newBookingItem, assetJson);
|
||||
}
|
||||
}
|
@ -1,55 +0,0 @@
|
||||
package net.hostsharing.hsadminng.hs.booking.item;
|
||||
|
||||
import lombok.Getter;
|
||||
import lombok.NoArgsConstructor;
|
||||
import lombok.Setter;
|
||||
import lombok.ToString;
|
||||
import lombok.experimental.SuperBuilder;
|
||||
import net.hostsharing.hsadminng.persistence.BaseEntity;
|
||||
|
||||
import jakarta.persistence.Column;
|
||||
import jakarta.persistence.Entity;
|
||||
import jakarta.persistence.Id;
|
||||
import jakarta.persistence.JoinColumn;
|
||||
import jakarta.persistence.ManyToOne;
|
||||
import jakarta.persistence.MapsId;
|
||||
import jakarta.persistence.Table;
|
||||
import jakarta.persistence.Version;
|
||||
import jakarta.validation.constraints.NotNull;
|
||||
import java.util.UUID;
|
||||
|
||||
|
||||
|
||||
@Entity
|
||||
@Table(schema = "hs_booking", name = "item_created_event")
|
||||
@SuperBuilder(toBuilder = true)
|
||||
@Getter
|
||||
@ToString
|
||||
@NoArgsConstructor
|
||||
public class BookingItemCreatedEventEntity implements BaseEntity {
|
||||
@Id
|
||||
@Column(name="bookingitemuuid")
|
||||
private UUID uuid;
|
||||
|
||||
@MapsId
|
||||
@ManyToOne(optional = false)
|
||||
@JoinColumn(name = "bookingitemuuid", nullable = false)
|
||||
private HsBookingItemRealEntity bookingItem;
|
||||
|
||||
@Version
|
||||
private int version;
|
||||
|
||||
@Column(name = "assetjson")
|
||||
private String assetJson;
|
||||
|
||||
@Setter
|
||||
@Column(name = "statusmessage")
|
||||
private String statusMessage;
|
||||
|
||||
public BookingItemCreatedEventEntity(
|
||||
@NotNull final HsBookingItemRealEntity newBookingItem,
|
||||
final String assetJson) {
|
||||
this.bookingItem = newBookingItem;
|
||||
this.assetJson = assetJson;
|
||||
}
|
||||
}
|
@ -1,15 +0,0 @@
|
||||
package net.hostsharing.hsadminng.hs.booking.item;
|
||||
|
||||
import io.micrometer.core.annotation.Timed;
|
||||
import org.springframework.data.repository.Repository;
|
||||
|
||||
import java.util.UUID;
|
||||
|
||||
public interface BookingItemCreatedEventRepository extends Repository<BookingItemCreatedEventEntity, UUID> {
|
||||
|
||||
@Timed("app.booking.items.repo.save")
|
||||
BookingItemCreatedEventEntity save(HsBookingItemRealEntity current);
|
||||
|
||||
@Timed("app.booking.items.repo.findByBookingItem")
|
||||
BookingItemCreatedEventEntity findByBookingItem(HsBookingItemRealEntity newBookingItem);
|
||||
}
|
@ -1,172 +0,0 @@
|
||||
package net.hostsharing.hsadminng.hs.booking.item;
|
||||
|
||||
import io.hypersistence.utils.hibernate.type.json.JsonType;
|
||||
import io.hypersistence.utils.hibernate.type.range.PostgreSQLRangeType;
|
||||
import io.hypersistence.utils.hibernate.type.range.Range;
|
||||
import lombok.AccessLevel;
|
||||
import lombok.AllArgsConstructor;
|
||||
import lombok.Builder;
|
||||
import lombok.Getter;
|
||||
import lombok.NoArgsConstructor;
|
||||
import lombok.Setter;
|
||||
import lombok.experimental.SuperBuilder;
|
||||
import net.hostsharing.hsadminng.hs.booking.project.HsBookingProject;
|
||||
import net.hostsharing.hsadminng.hs.booking.project.HsBookingProjectRealEntity;
|
||||
import net.hostsharing.hsadminng.hs.validation.PropertiesProvider;
|
||||
import net.hostsharing.hsadminng.mapper.PatchableMapWrapper;
|
||||
import net.hostsharing.hsadminng.persistence.BaseEntity;
|
||||
import net.hostsharing.hsadminng.repr.Stringify;
|
||||
import net.hostsharing.hsadminng.repr.Stringifyable;
|
||||
import org.hibernate.annotations.Type;
|
||||
|
||||
import jakarta.persistence.CascadeType;
|
||||
import jakarta.persistence.Column;
|
||||
import jakarta.persistence.EnumType;
|
||||
import jakarta.persistence.Enumerated;
|
||||
import jakarta.persistence.FetchType;
|
||||
import jakarta.persistence.GeneratedValue;
|
||||
import jakarta.persistence.Id;
|
||||
import jakarta.persistence.JoinColumn;
|
||||
import jakarta.persistence.ManyToOne;
|
||||
import jakarta.persistence.MappedSuperclass;
|
||||
import jakarta.persistence.OneToMany;
|
||||
import jakarta.persistence.PostLoad;
|
||||
import jakarta.persistence.Transient;
|
||||
import jakarta.persistence.Version;
|
||||
import jakarta.validation.constraints.NotNull;
|
||||
import java.time.LocalDate;
|
||||
import java.util.HashMap;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.UUID;
|
||||
|
||||
import static java.util.Collections.emptyMap;
|
||||
import static java.util.Optional.ofNullable;
|
||||
import static net.hostsharing.hsadminng.mapper.PostgresDateRange.lowerInclusiveFromPostgresDateRange;
|
||||
import static net.hostsharing.hsadminng.mapper.PostgresDateRange.toPostgresDateRange;
|
||||
import static net.hostsharing.hsadminng.mapper.PostgresDateRange.upperInclusiveFromPostgresDateRange;
|
||||
import static net.hostsharing.hsadminng.repr.Stringify.stringify;
|
||||
|
||||
@MappedSuperclass
|
||||
@Getter
|
||||
@Setter
|
||||
@NoArgsConstructor(access = AccessLevel.PROTECTED)
|
||||
@AllArgsConstructor(access = AccessLevel.PROTECTED)
|
||||
@SuperBuilder(builderMethodName = "baseBuilder", toBuilder = true)
|
||||
public abstract class HsBookingItem implements Stringifyable, BaseEntity<HsBookingItem>, PropertiesProvider {
|
||||
|
||||
private static Stringify<HsBookingItem> stringify = stringify(HsBookingItem.class)
|
||||
.withProp(HsBookingItem::getType)
|
||||
.withProp(HsBookingItem::getCaption)
|
||||
.withProp(HsBookingItem::getProject)
|
||||
.withProp(e -> e.getValidity().asString())
|
||||
.withProp(HsBookingItem::getResources)
|
||||
.quotedValues(false);
|
||||
|
||||
@Id
|
||||
@GeneratedValue
|
||||
private UUID uuid;
|
||||
|
||||
@Version
|
||||
private int version;
|
||||
|
||||
@ManyToOne(fetch = FetchType.LAZY)
|
||||
@JoinColumn(name = "projectuuid")
|
||||
private HsBookingProjectRealEntity project;
|
||||
|
||||
@ManyToOne(fetch = FetchType.LAZY)
|
||||
@JoinColumn(name = "parentitemuuid")
|
||||
private HsBookingItemRealEntity parentItem;
|
||||
|
||||
@NotNull
|
||||
@Column(name = "type")
|
||||
@Enumerated(EnumType.STRING)
|
||||
private HsBookingItemType type;
|
||||
|
||||
@Builder.Default
|
||||
@Type(PostgreSQLRangeType.class)
|
||||
@Column(name = "validity", columnDefinition = "daterange")
|
||||
private Range<LocalDate> validity = Range.closedInfinite(LocalDate.now());
|
||||
|
||||
@Column(name = "caption")
|
||||
private String caption;
|
||||
|
||||
@Builder.Default
|
||||
@Setter(AccessLevel.NONE)
|
||||
@Type(JsonType.class)
|
||||
@Column(columnDefinition = "resources")
|
||||
private Map<String, Object> resources = new HashMap<>();
|
||||
|
||||
@OneToMany(cascade = CascadeType.REFRESH, orphanRemoval = true)
|
||||
@JoinColumn(name = "parentitemuuid", referencedColumnName = "uuid")
|
||||
private List<HsBookingItemRealEntity> subBookingItems;
|
||||
|
||||
@Transient
|
||||
private PatchableMapWrapper<Object> resourcesWrapper;
|
||||
|
||||
@Transient
|
||||
private boolean isLoaded;
|
||||
|
||||
@PostLoad
|
||||
public void markAsLoaded() {
|
||||
this.isLoaded = true;
|
||||
}
|
||||
|
||||
public PatchableMapWrapper<Object> getResources() {
|
||||
return PatchableMapWrapper.of(resourcesWrapper, (newWrapper) -> {resourcesWrapper = newWrapper;}, resources);
|
||||
}
|
||||
|
||||
public void putResources(Map<String, Object> newResources) {
|
||||
getResources().assign(newResources);
|
||||
}
|
||||
|
||||
public void setValidFrom(final LocalDate validFrom) {
|
||||
setValidity(toPostgresDateRange(validFrom, getValidTo()));
|
||||
}
|
||||
|
||||
public void setValidTo(final LocalDate validTo) {
|
||||
setValidity(toPostgresDateRange(getValidFrom(), validTo));
|
||||
}
|
||||
|
||||
public LocalDate getValidFrom() {
|
||||
return lowerInclusiveFromPostgresDateRange(getValidity());
|
||||
}
|
||||
|
||||
public LocalDate getValidTo() {
|
||||
return upperInclusiveFromPostgresDateRange(getValidity());
|
||||
}
|
||||
|
||||
@Override
|
||||
public PatchableMapWrapper<Object> directProps() {
|
||||
return getResources();
|
||||
}
|
||||
|
||||
@Override
|
||||
public Object getContextValue(final String propName) {
|
||||
final var v = resources.get(propName);
|
||||
if (v != null) {
|
||||
return v;
|
||||
}
|
||||
if (parentItem != null) {
|
||||
return parentItem.getResources().get(propName);
|
||||
}
|
||||
return emptyMap();
|
||||
}
|
||||
|
||||
@Override
|
||||
public String toString() {
|
||||
return stringify.apply(this);
|
||||
}
|
||||
|
||||
@Override
|
||||
public String toShortString() {
|
||||
return ofNullable(getRelatedProject()).map(HsBookingProject::toShortString).orElse("D-???????-?") +
|
||||
":" + caption;
|
||||
}
|
||||
|
||||
public HsBookingProject getRelatedProject() {
|
||||
return project != null ? project
|
||||
: parentItem != null ? parentItem.getRelatedProject()
|
||||
: null; // can be the case for technical assets like IP-numbers
|
||||
}
|
||||
}
|
@ -1,34 +1,30 @@
|
||||
package net.hostsharing.hsadminng.hs.booking.item;
|
||||
|
||||
import com.fasterxml.jackson.core.JsonProcessingException;
|
||||
import com.fasterxml.jackson.databind.ObjectMapper;
|
||||
import io.micrometer.core.annotation.Timed;
|
||||
import net.hostsharing.hsadminng.context.Context;
|
||||
import net.hostsharing.hsadminng.hs.booking.generated.api.v1.api.HsBookingItemsApi;
|
||||
import net.hostsharing.hsadminng.hs.booking.generated.api.v1.model.HsBookingItemInsertResource;
|
||||
import net.hostsharing.hsadminng.hs.booking.generated.api.v1.model.HsBookingItemPatchResource;
|
||||
import net.hostsharing.hsadminng.hs.booking.generated.api.v1.model.HsBookingItemResource;
|
||||
import net.hostsharing.hsadminng.hs.booking.item.validators.BookingItemEntitySaveProcessor;
|
||||
import net.hostsharing.hsadminng.hs.booking.item.validators.HsBookingItemEntityValidatorRegistry;
|
||||
import net.hostsharing.hsadminng.hs.booking.project.HsBookingProjectRealEntity;
|
||||
import net.hostsharing.hsadminng.mapper.KeyValueMap;
|
||||
import net.hostsharing.hsadminng.mapper.StrictMapper;
|
||||
import net.hostsharing.hsadminng.persistence.EntityManagerWrapper;
|
||||
import net.hostsharing.hsadminng.mapper.Mapper;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.context.ApplicationEventPublisher;
|
||||
import org.springframework.http.ResponseEntity;
|
||||
import org.springframework.transaction.annotation.Transactional;
|
||||
import org.springframework.web.bind.annotation.RestController;
|
||||
import org.springframework.web.bind.annotation.CrossOrigin;
|
||||
import org.springframework.web.servlet.mvc.method.annotation.MvcUriComponentsBuilder;
|
||||
|
||||
import jakarta.persistence.EntityManager;
|
||||
import jakarta.persistence.PersistenceContext;
|
||||
import java.time.LocalDate;
|
||||
import java.util.List;
|
||||
import java.util.UUID;
|
||||
import java.util.function.BiConsumer;
|
||||
|
||||
import static java.util.Optional.ofNullable;
|
||||
import static net.hostsharing.hsadminng.mapper.PostgresDateRange.toPostgresDateRange;
|
||||
|
||||
@CrossOrigin(origins = "${HSADMINNG_CORS_WEBUI:http://localhost:3000}")
|
||||
@RestController
|
||||
public class HsBookingItemController implements HsBookingItemsApi {
|
||||
|
||||
@ -36,91 +32,74 @@ public class HsBookingItemController implements HsBookingItemsApi {
|
||||
private Context context;
|
||||
|
||||
@Autowired
|
||||
private StrictMapper mapper;
|
||||
private Mapper mapper;
|
||||
|
||||
@Autowired
|
||||
private ApplicationEventPublisher applicationEventPublisher;
|
||||
private HsBookingItemRepository bookingItemRepo;
|
||||
|
||||
@Autowired
|
||||
private HsBookingItemRbacRepository bookingItemRepo;
|
||||
|
||||
@Autowired
|
||||
private ObjectMapper jsonMapper;
|
||||
|
||||
@Autowired
|
||||
private EntityManagerWrapper em;
|
||||
@PersistenceContext
|
||||
private EntityManager em;
|
||||
|
||||
@Override
|
||||
@Transactional(readOnly = true)
|
||||
@Timed("app.bookingItems.api.getListOfBookingItemsByProjectUuid")
|
||||
public ResponseEntity<List<HsBookingItemResource>> getListOfBookingItemsByProjectUuid(
|
||||
final String currentSubject,
|
||||
public ResponseEntity<List<HsBookingItemResource>> listBookingItemsByProjectUuid(
|
||||
final String currentUser,
|
||||
final String assumedRoles,
|
||||
final UUID projectUuid) {
|
||||
context.define(currentSubject, assumedRoles);
|
||||
context.define(currentUser, assumedRoles);
|
||||
|
||||
final var entities = bookingItemRepo.findAllByProjectUuid(projectUuid);
|
||||
|
||||
final var resources = mapper.mapList(entities, HsBookingItemResource.class, RBAC_ENTITY_TO_RESOURCE_POSTMAPPER);
|
||||
final var resources = mapper.mapList(entities, HsBookingItemResource.class, ENTITY_TO_RESOURCE_POSTMAPPER);
|
||||
return ResponseEntity.ok(resources);
|
||||
}
|
||||
|
||||
@Override
|
||||
@Transactional
|
||||
@Timed("app.bookingItems.api.postNewBookingItem")
|
||||
public ResponseEntity<HsBookingItemResource> postNewBookingItem(
|
||||
final String currentSubject,
|
||||
public ResponseEntity<HsBookingItemResource> addBookingItem(
|
||||
final String currentUser,
|
||||
final String assumedRoles,
|
||||
final HsBookingItemInsertResource body) {
|
||||
|
||||
context.define(currentSubject, assumedRoles);
|
||||
context.define(currentUser, assumedRoles);
|
||||
|
||||
final var entityToSave = mapper.map(body, HsBookingItemRbacEntity.class, RESOURCE_TO_ENTITY_POSTMAPPER);
|
||||
final var saveProcessor = new BookingItemEntitySaveProcessor(em, entityToSave);
|
||||
final var mapped = saveProcessor
|
||||
.preprocessEntity()
|
||||
.validateEntity()
|
||||
.prepareForSave()
|
||||
.save()
|
||||
.validateContext()
|
||||
.mapUsing(e -> mapper.map(e, HsBookingItemResource.class, ITEM_TO_RESOURCE_POSTMAPPER))
|
||||
.revampProperties();
|
||||
publishSavedEvent(saveProcessor, body);
|
||||
final var entityToSave = mapper.map(body, HsBookingItemEntity.class, RESOURCE_TO_ENTITY_POSTMAPPER);
|
||||
|
||||
final var saved = HsBookingItemEntityValidatorRegistry.validated(bookingItemRepo.save(entityToSave));
|
||||
|
||||
final var uri =
|
||||
MvcUriComponentsBuilder.fromController(getClass())
|
||||
.path("/api/hs/booking/items/{id}")
|
||||
.buildAndExpand(mapped.getUuid())
|
||||
.buildAndExpand(saved.getUuid())
|
||||
.toUri();
|
||||
final var mapped = mapper.map(saved, HsBookingItemResource.class, ENTITY_TO_RESOURCE_POSTMAPPER);
|
||||
return ResponseEntity.created(uri).body(mapped);
|
||||
}
|
||||
|
||||
@Override
|
||||
@Transactional(readOnly = true)
|
||||
@Timed("app.bookingItems.api.getSingleBookingItemByUuid")
|
||||
public ResponseEntity<HsBookingItemResource> getSingleBookingItemByUuid(
|
||||
final String currentSubject,
|
||||
public ResponseEntity<HsBookingItemResource> getBookingItemByUuid(
|
||||
final String currentUser,
|
||||
final String assumedRoles,
|
||||
final UUID bookingItemUuid) {
|
||||
|
||||
context.define(currentSubject, assumedRoles);
|
||||
context.define(currentUser, assumedRoles);
|
||||
|
||||
final var result = bookingItemRepo.findByUuid(bookingItemUuid);
|
||||
result.ifPresent(entity -> em.detach(entity)); // prevent further LAZY-loading
|
||||
return result
|
||||
.map(bookingItemEntity -> ResponseEntity.ok(
|
||||
mapper.map(bookingItemEntity, HsBookingItemResource.class, RBAC_ENTITY_TO_RESOURCE_POSTMAPPER)))
|
||||
mapper.map(bookingItemEntity, HsBookingItemResource.class, ENTITY_TO_RESOURCE_POSTMAPPER)))
|
||||
.orElseGet(() -> ResponseEntity.notFound().build());
|
||||
}
|
||||
|
||||
@Override
|
||||
@Transactional
|
||||
@Timed("app.bookingItems.api.deleteBookingIemByUuid")
|
||||
public ResponseEntity<Void> deleteBookingIemByUuid(
|
||||
final String currentSubject,
|
||||
final String currentUser,
|
||||
final String assumedRoles,
|
||||
final UUID bookingItemUuid) {
|
||||
context.define(currentSubject, assumedRoles);
|
||||
context.define(currentUser, assumedRoles);
|
||||
|
||||
final var result = bookingItemRepo.deleteByUuid(bookingItemUuid);
|
||||
return result == 0
|
||||
@ -130,48 +109,31 @@ public class HsBookingItemController implements HsBookingItemsApi {
|
||||
|
||||
@Override
|
||||
@Transactional
|
||||
@Timed("app.bookingItems.api.patchBookingItem")
|
||||
public ResponseEntity<HsBookingItemResource> patchBookingItem(
|
||||
final String currentSubject,
|
||||
final String currentUser,
|
||||
final String assumedRoles,
|
||||
final UUID bookingItemUuid,
|
||||
final HsBookingItemPatchResource body) {
|
||||
|
||||
context.define(currentSubject, assumedRoles);
|
||||
context.define(currentUser, assumedRoles);
|
||||
|
||||
final var current = bookingItemRepo.findByUuid(bookingItemUuid).orElseThrow();
|
||||
|
||||
new HsBookingItemEntityPatcher(current).apply(body);
|
||||
|
||||
final var saved = bookingItemRepo.save(HsBookingItemEntityValidatorRegistry.validated(em, current));
|
||||
final var mapped = mapper.map(saved, HsBookingItemResource.class, RBAC_ENTITY_TO_RESOURCE_POSTMAPPER);
|
||||
final var saved = bookingItemRepo.save(HsBookingItemEntityValidatorRegistry.validated(current));
|
||||
final var mapped = mapper.map(saved, HsBookingItemResource.class, ENTITY_TO_RESOURCE_POSTMAPPER);
|
||||
return ResponseEntity.ok(mapped);
|
||||
}
|
||||
|
||||
private void publishSavedEvent(final BookingItemEntitySaveProcessor saveProcessor, final HsBookingItemInsertResource body) {
|
||||
try {
|
||||
final var bookingItemRealEntity = em.getReference(HsBookingItemRealEntity.class, saveProcessor.getEntity().getUuid());
|
||||
applicationEventPublisher.publishEvent(new BookingItemCreatedAppEvent(
|
||||
this, bookingItemRealEntity, jsonMapper.writeValueAsString(body.getHostingAsset())));
|
||||
} catch (JsonProcessingException e) {
|
||||
throw new RuntimeException(e);
|
||||
}
|
||||
}
|
||||
|
||||
final BiConsumer<HsBookingItem, HsBookingItemResource> ITEM_TO_RESOURCE_POSTMAPPER = (entity, resource) -> {
|
||||
final BiConsumer<HsBookingItemEntity, HsBookingItemResource> ENTITY_TO_RESOURCE_POSTMAPPER = (entity, resource) -> {
|
||||
resource.setValidFrom(entity.getValidity().lower());
|
||||
if (entity.getValidity().hasUpperBound()) {
|
||||
resource.setValidTo(entity.getValidity().upper().minusDays(1));
|
||||
}
|
||||
};
|
||||
|
||||
final BiConsumer<HsBookingItemRbacEntity, HsBookingItemResource> RBAC_ENTITY_TO_RESOURCE_POSTMAPPER = ITEM_TO_RESOURCE_POSTMAPPER::accept;
|
||||
|
||||
final BiConsumer<HsBookingItemInsertResource, HsBookingItemRbacEntity> RESOURCE_TO_ENTITY_POSTMAPPER = (resource, entity) -> {
|
||||
entity.setProject(em.find(HsBookingProjectRealEntity.class, resource.getProjectUuid()));
|
||||
ofNullable(resource.getParentItemUuid())
|
||||
.map(parentItemUuid -> em.find(HsBookingItemRealEntity.class, parentItemUuid))
|
||||
.ifPresent(entity::setParentItem);
|
||||
final BiConsumer<HsBookingItemInsertResource, HsBookingItemEntity> RESOURCE_TO_ENTITY_POSTMAPPER = (resource, entity) -> {
|
||||
entity.setValidity(toPostgresDateRange(LocalDate.now(), resource.getValidTo()));
|
||||
entity.putResources(KeyValueMap.from(resource.getResources()));
|
||||
};
|
||||
|
@ -0,0 +1,241 @@
|
||||
package net.hostsharing.hsadminng.hs.booking.item;
|
||||
|
||||
import io.hypersistence.utils.hibernate.type.json.JsonType;
|
||||
import io.hypersistence.utils.hibernate.type.range.PostgreSQLRangeType;
|
||||
import io.hypersistence.utils.hibernate.type.range.Range;
|
||||
import lombok.AccessLevel;
|
||||
import lombok.AllArgsConstructor;
|
||||
import lombok.Builder;
|
||||
import lombok.Getter;
|
||||
import lombok.NoArgsConstructor;
|
||||
import lombok.Setter;
|
||||
import net.hostsharing.hsadminng.hs.booking.project.HsBookingProjectEntity;
|
||||
import net.hostsharing.hsadminng.hs.hosting.asset.HsHostingAssetEntity;
|
||||
import net.hostsharing.hsadminng.hs.validation.PropertiesProvider;
|
||||
import net.hostsharing.hsadminng.mapper.PatchableMapWrapper;
|
||||
import net.hostsharing.hsadminng.rbac.rbacdef.RbacView;
|
||||
import net.hostsharing.hsadminng.rbac.rbacdef.RbacView.SQL;
|
||||
import net.hostsharing.hsadminng.rbac.rbacobject.BaseEntity;
|
||||
import net.hostsharing.hsadminng.stringify.Stringify;
|
||||
import net.hostsharing.hsadminng.stringify.Stringifyable;
|
||||
import org.hibernate.annotations.Type;
|
||||
|
||||
import jakarta.persistence.CascadeType;
|
||||
import jakarta.persistence.Column;
|
||||
import jakarta.persistence.Entity;
|
||||
import jakarta.persistence.EnumType;
|
||||
import jakarta.persistence.Enumerated;
|
||||
import jakarta.persistence.FetchType;
|
||||
import jakarta.persistence.GeneratedValue;
|
||||
import jakarta.persistence.Id;
|
||||
import jakarta.persistence.JoinColumn;
|
||||
import jakarta.persistence.ManyToOne;
|
||||
import jakarta.persistence.OneToMany;
|
||||
import jakarta.persistence.OneToOne;
|
||||
import jakarta.persistence.PostLoad;
|
||||
import jakarta.persistence.Table;
|
||||
import jakarta.persistence.Transient;
|
||||
import jakarta.persistence.Version;
|
||||
import jakarta.validation.constraints.NotNull;
|
||||
import java.io.IOException;
|
||||
import java.time.LocalDate;
|
||||
import java.util.HashMap;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.UUID;
|
||||
|
||||
import static java.util.Collections.emptyMap;
|
||||
import static java.util.Optional.ofNullable;
|
||||
import static net.hostsharing.hsadminng.mapper.PostgresDateRange.lowerInclusiveFromPostgresDateRange;
|
||||
import static net.hostsharing.hsadminng.mapper.PostgresDateRange.toPostgresDateRange;
|
||||
import static net.hostsharing.hsadminng.mapper.PostgresDateRange.upperInclusiveFromPostgresDateRange;
|
||||
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Column.dependsOnColumn;
|
||||
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.ColumnValue.usingDefaultCase;
|
||||
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Nullable.NULLABLE;
|
||||
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.DELETE;
|
||||
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.INSERT;
|
||||
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.SELECT;
|
||||
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.UPDATE;
|
||||
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.ADMIN;
|
||||
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.AGENT;
|
||||
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.OWNER;
|
||||
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.TENANT;
|
||||
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.SQL.directlyFetchedByDependsOnColumn;
|
||||
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.rbacViewFor;
|
||||
import static net.hostsharing.hsadminng.stringify.Stringify.stringify;
|
||||
|
||||
@Entity
|
||||
@Builder(toBuilder = true)
|
||||
@Table(name = "hs_booking_item_rv")
|
||||
@Getter
|
||||
@Setter
|
||||
@NoArgsConstructor
|
||||
@AllArgsConstructor
|
||||
public class HsBookingItemEntity implements Stringifyable, BaseEntity<HsBookingItemEntity>, PropertiesProvider {
|
||||
|
||||
private static Stringify<HsBookingItemEntity> stringify = stringify(HsBookingItemEntity.class)
|
||||
.withProp(HsBookingItemEntity::getProject)
|
||||
.withProp(HsBookingItemEntity::getType)
|
||||
.withProp(e -> e.getValidity().asString())
|
||||
.withProp(HsBookingItemEntity::getCaption)
|
||||
.withProp(HsBookingItemEntity::getResources)
|
||||
.quotedValues(false);
|
||||
|
||||
@Id
|
||||
@GeneratedValue
|
||||
private UUID uuid;
|
||||
|
||||
@Version
|
||||
private int version;
|
||||
|
||||
@ManyToOne(fetch = FetchType.LAZY)
|
||||
@JoinColumn(name = "projectuuid")
|
||||
private HsBookingProjectEntity project;
|
||||
|
||||
@ManyToOne(fetch = FetchType.LAZY)
|
||||
@JoinColumn(name = "parentitemuuid")
|
||||
private HsBookingItemEntity parentItem;
|
||||
|
||||
@NotNull
|
||||
@Column(name = "type")
|
||||
@Enumerated(EnumType.STRING)
|
||||
private HsBookingItemType type;
|
||||
|
||||
@Builder.Default
|
||||
@Type(PostgreSQLRangeType.class)
|
||||
@Column(name = "validity", columnDefinition = "daterange")
|
||||
private Range<LocalDate> validity = Range.closedInfinite(LocalDate.now());
|
||||
|
||||
@Column(name = "caption")
|
||||
private String caption;
|
||||
|
||||
@Builder.Default
|
||||
@Setter(AccessLevel.NONE)
|
||||
@Type(JsonType.class)
|
||||
@Column(columnDefinition = "resources")
|
||||
private Map<String, Object> resources = new HashMap<>();
|
||||
|
||||
@OneToMany(cascade = CascadeType.REFRESH, orphanRemoval = true)
|
||||
@JoinColumn(name="parentitemuuid", referencedColumnName="uuid")
|
||||
private List<HsBookingItemEntity> subBookingItems;
|
||||
|
||||
@OneToOne(mappedBy="bookingItem")
|
||||
private HsHostingAssetEntity relatedHostingAsset;
|
||||
|
||||
@Transient
|
||||
private PatchableMapWrapper<Object> resourcesWrapper;
|
||||
|
||||
@Transient
|
||||
private boolean isLoaded;
|
||||
|
||||
@PostLoad
|
||||
public void markAsLoaded() {
|
||||
this.isLoaded = true;
|
||||
}
|
||||
|
||||
public PatchableMapWrapper<Object> getResources() {
|
||||
return PatchableMapWrapper.of(resourcesWrapper, (newWrapper) -> {resourcesWrapper = newWrapper; }, resources );
|
||||
}
|
||||
|
||||
public void putResources(Map<String, Object> newResources) {
|
||||
getResources().assign(newResources);
|
||||
}
|
||||
|
||||
public void setValidFrom(final LocalDate validFrom) {
|
||||
setValidity(toPostgresDateRange(validFrom, getValidTo()));
|
||||
}
|
||||
|
||||
public void setValidTo(final LocalDate validTo) {
|
||||
setValidity(toPostgresDateRange(getValidFrom(), validTo));
|
||||
}
|
||||
|
||||
public LocalDate getValidFrom() {
|
||||
return lowerInclusiveFromPostgresDateRange(getValidity());
|
||||
}
|
||||
|
||||
public LocalDate getValidTo() {
|
||||
return upperInclusiveFromPostgresDateRange(getValidity());
|
||||
}
|
||||
|
||||
@Override
|
||||
public Map<String, Object> directProps() {
|
||||
return resources;
|
||||
}
|
||||
|
||||
@Override
|
||||
public Object getContextValue(final String propName) {
|
||||
final var v = resources.get(propName);
|
||||
if (v!= null) {
|
||||
return v;
|
||||
}
|
||||
if (parentItem!=null) {
|
||||
return parentItem.getResources().get(propName);
|
||||
}
|
||||
return emptyMap();
|
||||
}
|
||||
|
||||
@Override
|
||||
public String toString() {
|
||||
return stringify.apply(this);
|
||||
}
|
||||
|
||||
@Override
|
||||
public String toShortString() {
|
||||
return ofNullable(relatedProject()).map(HsBookingProjectEntity::toShortString).orElse("D-???????-?") +
|
||||
":" + caption;
|
||||
}
|
||||
|
||||
private HsBookingProjectEntity relatedProject() {
|
||||
if (project != null) {
|
||||
return project;
|
||||
}
|
||||
return parentItem == null ? null : parentItem.relatedProject();
|
||||
}
|
||||
|
||||
public HsBookingProjectEntity getRelatedProject() {
|
||||
return project != null ? project
|
||||
: parentItem != null ? parentItem.getRelatedProject()
|
||||
: null; // can be the case for technical assets like IP-numbers
|
||||
}
|
||||
|
||||
public static RbacView rbac() {
|
||||
return rbacViewFor("bookingItem", HsBookingItemEntity.class)
|
||||
.withIdentityView(SQL.projection("caption"))
|
||||
.withRestrictedViewOrderBy(SQL.expression("validity"))
|
||||
.withUpdatableColumns("version", "caption", "validity", "resources")
|
||||
.toRole("global", ADMIN).grantPermission(INSERT) // TODO.impl: Why is this necessary to insert test data?
|
||||
.toRole("global", ADMIN).grantPermission(DELETE)
|
||||
|
||||
.importEntityAlias("project", HsBookingProjectEntity.class, usingDefaultCase(),
|
||||
dependsOnColumn("projectUuid"),
|
||||
directlyFetchedByDependsOnColumn(),
|
||||
NULLABLE)
|
||||
.toRole("project", ADMIN).grantPermission(INSERT)
|
||||
|
||||
.importEntityAlias("parentItem", HsBookingItemEntity.class, usingDefaultCase(),
|
||||
dependsOnColumn("parentItemUuid"),
|
||||
directlyFetchedByDependsOnColumn(),
|
||||
NULLABLE)
|
||||
.toRole("parentItem", ADMIN).grantPermission(INSERT)
|
||||
|
||||
.createRole(OWNER, (with) -> {
|
||||
with.incomingSuperRole("project", AGENT);
|
||||
with.incomingSuperRole("parentItem", AGENT);
|
||||
})
|
||||
.createSubRole(ADMIN, (with) -> {
|
||||
with.permission(UPDATE);
|
||||
})
|
||||
.createSubRole(AGENT)
|
||||
.createSubRole(TENANT, (with) -> {
|
||||
with.outgoingSubRole("project", TENANT);
|
||||
with.outgoingSubRole("parentItem", TENANT);
|
||||
with.permission(SELECT);
|
||||
})
|
||||
|
||||
.limitDiagramTo("bookingItem", "project", "global");
|
||||
}
|
||||
|
||||
public static void main(String[] args) throws IOException {
|
||||
rbac().generateWithBaseFileName("6-hs-booking/630-booking-item/6303-hs-booking-item-rbac");
|
||||
}
|
||||
}
|
@ -10,9 +10,9 @@ import java.util.Optional;
|
||||
|
||||
public class HsBookingItemEntityPatcher implements EntityPatcher<HsBookingItemPatchResource> {
|
||||
|
||||
private final HsBookingItem entity;
|
||||
private final HsBookingItemEntity entity;
|
||||
|
||||
public HsBookingItemEntityPatcher(final HsBookingItem entity) {
|
||||
public HsBookingItemEntityPatcher(final HsBookingItemEntity entity) {
|
||||
this.entity = entity;
|
||||
}
|
||||
|
||||
|
@ -1,84 +0,0 @@
|
||||
package net.hostsharing.hsadminng.hs.booking.item;
|
||||
|
||||
import lombok.Getter;
|
||||
import lombok.NoArgsConstructor;
|
||||
import lombok.Setter;
|
||||
import lombok.experimental.SuperBuilder;
|
||||
import net.hostsharing.hsadminng.hs.booking.project.HsBookingProjectRbacEntity;
|
||||
import net.hostsharing.hsadminng.rbac.generator.RbacView;
|
||||
import net.hostsharing.hsadminng.rbac.generator.RbacView.SQL;
|
||||
|
||||
import jakarta.persistence.AttributeOverride;
|
||||
import jakarta.persistence.AttributeOverrides;
|
||||
import jakarta.persistence.Column;
|
||||
import jakarta.persistence.Entity;
|
||||
import jakarta.persistence.Table;
|
||||
import java.io.IOException;
|
||||
|
||||
import static net.hostsharing.hsadminng.rbac.generator.RbacView.Column.dependsOnColumn;
|
||||
import static net.hostsharing.hsadminng.rbac.generator.RbacView.ColumnValue.usingDefaultCase;
|
||||
import static net.hostsharing.hsadminng.rbac.generator.RbacView.GLOBAL;
|
||||
import static net.hostsharing.hsadminng.rbac.generator.RbacView.Nullable.NULLABLE;
|
||||
import static net.hostsharing.hsadminng.rbac.generator.RbacView.Permission.DELETE;
|
||||
import static net.hostsharing.hsadminng.rbac.generator.RbacView.Permission.INSERT;
|
||||
import static net.hostsharing.hsadminng.rbac.generator.RbacView.Permission.SELECT;
|
||||
import static net.hostsharing.hsadminng.rbac.generator.RbacView.Permission.UPDATE;
|
||||
import static net.hostsharing.hsadminng.rbac.generator.RbacView.Role.ADMIN;
|
||||
import static net.hostsharing.hsadminng.rbac.generator.RbacView.Role.AGENT;
|
||||
import static net.hostsharing.hsadminng.rbac.generator.RbacView.Role.OWNER;
|
||||
import static net.hostsharing.hsadminng.rbac.generator.RbacView.Role.TENANT;
|
||||
import static net.hostsharing.hsadminng.rbac.generator.RbacView.SQL.directlyFetchedByDependsOnColumn;
|
||||
import static net.hostsharing.hsadminng.rbac.generator.RbacView.rbacViewFor;
|
||||
|
||||
@Entity
|
||||
@Table(schema = "hs_booking", name = "item_rv")
|
||||
@SuperBuilder(toBuilder = true)
|
||||
@Getter
|
||||
@Setter
|
||||
@NoArgsConstructor
|
||||
@AttributeOverrides({
|
||||
@AttributeOverride(name = "uuid", column = @Column(name = "uuid"))
|
||||
})
|
||||
public class HsBookingItemRbacEntity extends HsBookingItem {
|
||||
|
||||
public static RbacView rbac() {
|
||||
return rbacViewFor("bookingItem", HsBookingItemRbacEntity.class)
|
||||
.withIdentityView(SQL.projection("caption"))
|
||||
.withRestrictedViewOrderBy(SQL.expression("validity"))
|
||||
.withUpdatableColumns("version", "caption", "validity", "resources")
|
||||
.toRole(GLOBAL, ADMIN).grantPermission(INSERT) // TODO.impl: Why is this necessary to insert test data?
|
||||
.toRole(GLOBAL, ADMIN).grantPermission(DELETE)
|
||||
|
||||
.importEntityAlias("project", HsBookingProjectRbacEntity.class, usingDefaultCase(),
|
||||
dependsOnColumn("projectUuid"),
|
||||
directlyFetchedByDependsOnColumn(),
|
||||
NULLABLE)
|
||||
.toRole("project", ADMIN).grantPermission(INSERT)
|
||||
|
||||
.importEntityAlias("parentItem", HsBookingItemRbacEntity.class, usingDefaultCase(),
|
||||
dependsOnColumn("parentItemUuid"),
|
||||
directlyFetchedByDependsOnColumn(),
|
||||
NULLABLE)
|
||||
.toRole("parentItem", ADMIN).grantPermission(INSERT)
|
||||
|
||||
.createRole(OWNER, (with) -> {
|
||||
with.incomingSuperRole("project", AGENT);
|
||||
with.incomingSuperRole("parentItem", AGENT);
|
||||
})
|
||||
.createSubRole(ADMIN, (with) -> {
|
||||
with.permission(UPDATE);
|
||||
})
|
||||
.createSubRole(AGENT)
|
||||
.createSubRole(TENANT, (with) -> {
|
||||
with.outgoingSubRole("project", TENANT);
|
||||
with.outgoingSubRole("parentItem", TENANT);
|
||||
with.permission(SELECT);
|
||||
})
|
||||
|
||||
.limitDiagramTo("bookingItem", "project", "rbac.global");
|
||||
}
|
||||
|
||||
public static void main(String[] args) throws IOException {
|
||||
rbac().generateWithBaseFileName("6-hs-booking/630-booking-item/6303-hs-booking-item-rbac");
|
||||
}
|
||||
}
|
@ -1,30 +0,0 @@
|
||||
package net.hostsharing.hsadminng.hs.booking.item;
|
||||
|
||||
import io.micrometer.core.annotation.Timed;
|
||||
import org.springframework.data.repository.Repository;
|
||||
|
||||
import java.util.List;
|
||||
import java.util.Optional;
|
||||
import java.util.UUID;
|
||||
|
||||
public interface HsBookingItemRbacRepository extends HsBookingItemRepository<HsBookingItemRbacEntity>,
|
||||
Repository<HsBookingItemRbacEntity, UUID> {
|
||||
|
||||
@Timed("app.bookingItems.repo.findByUuid.rbac")
|
||||
Optional<HsBookingItemRbacEntity> findByUuid(final UUID bookingItemUuid);
|
||||
|
||||
@Timed("app.bookingItems.repo.findByCaption.rbac")
|
||||
List<HsBookingItemRbacEntity> findByCaption(String bookingItemCaption);
|
||||
|
||||
@Timed("app.bookingItems.repo.findAllByProjectUuid.rbac")
|
||||
List<HsBookingItemRbacEntity> findAllByProjectUuid(final UUID projectItemUuid);
|
||||
|
||||
@Timed("app.bookingItems.repo.save.rbac")
|
||||
HsBookingItemRbacEntity save(HsBookingItemRbacEntity current);
|
||||
|
||||
@Timed("app.bookingItems.repo.deleteByUuid.rbac")
|
||||
int deleteByUuid(final UUID uuid);
|
||||
|
||||
@Timed("app.bookingItems.repo.count.rbac")
|
||||
long count();
|
||||
}
|
@ -1,24 +0,0 @@
|
||||
package net.hostsharing.hsadminng.hs.booking.item;
|
||||
|
||||
import lombok.Getter;
|
||||
import lombok.NoArgsConstructor;
|
||||
import lombok.Setter;
|
||||
import lombok.experimental.SuperBuilder;
|
||||
|
||||
import jakarta.persistence.AttributeOverride;
|
||||
import jakarta.persistence.AttributeOverrides;
|
||||
import jakarta.persistence.Column;
|
||||
import jakarta.persistence.Entity;
|
||||
import jakarta.persistence.Table;
|
||||
|
||||
|
||||
@Entity
|
||||
@Table(schema = "hs_booking", name = "item")
|
||||
@SuperBuilder(toBuilder = true)
|
||||
@Getter
|
||||
@Setter
|
||||
@NoArgsConstructor
|
||||
@AttributeOverrides({
|
||||
@AttributeOverride(name = "uuid", column = @Column(name = "uuid"))
|
||||
})public class HsBookingItemRealEntity extends HsBookingItem {
|
||||
}
|
@ -1,30 +0,0 @@
|
||||
package net.hostsharing.hsadminng.hs.booking.item;
|
||||
|
||||
import io.micrometer.core.annotation.Timed;
|
||||
import org.springframework.data.repository.Repository;
|
||||
|
||||
import java.util.List;
|
||||
import java.util.Optional;
|
||||
import java.util.UUID;
|
||||
|
||||
public interface HsBookingItemRealRepository extends HsBookingItemRepository<HsBookingItemRealEntity>,
|
||||
Repository<HsBookingItemRealEntity, UUID> {
|
||||
|
||||
@Timed("app.bookingItems.repo.findByUuid.real")
|
||||
Optional<HsBookingItemRealEntity> findByUuid(final UUID bookingItemUuid);
|
||||
|
||||
@Timed("app.bookingItems.repo.findByCaption.real")
|
||||
List<HsBookingItemRealEntity> findByCaption(String bookingItemCaption);
|
||||
|
||||
@Timed("app.bookingItems.repo.findAllByProjectUuid.real")
|
||||
List<HsBookingItemRealEntity> findAllByProjectUuid(final UUID projectItemUuid);
|
||||
|
||||
@Timed("app.bookingItems.repo.save.real")
|
||||
HsBookingItemRealEntity save(HsBookingItemRealEntity current);
|
||||
|
||||
@Timed("app.bookingItems.repo.deleteByUuid.real")
|
||||
int deleteByUuid(final UUID uuid);
|
||||
|
||||
@Timed("app.bookingItems.repo.count.real")
|
||||
long count();
|
||||
}
|
@ -1,19 +1,20 @@
|
||||
package net.hostsharing.hsadminng.hs.booking.item;
|
||||
|
||||
import org.springframework.data.repository.Repository;
|
||||
|
||||
import java.util.List;
|
||||
import java.util.Optional;
|
||||
import java.util.UUID;
|
||||
|
||||
public interface HsBookingItemRepository<E extends HsBookingItem> {
|
||||
public interface HsBookingItemRepository extends Repository<HsBookingItemEntity, UUID> {
|
||||
|
||||
Optional<E> findByUuid(final UUID bookingItemUuid);
|
||||
Optional<HsBookingItemEntity> findByUuid(final UUID bookingItemUuid);
|
||||
|
||||
List<E> findByCaption(String bookingItemCaption);
|
||||
List<HsBookingItemEntity> findByCaption(String bookingItemCaption);
|
||||
|
||||
List<E> findAllByProjectUuid(final UUID projectItemUuid);
|
||||
List<HsBookingItemEntity> findAllByProjectUuid(final UUID projectItemUuid);
|
||||
|
||||
E save(E current);
|
||||
HsBookingItemEntity save(HsBookingItemEntity current);
|
||||
|
||||
int deleteByUuid(final UUID uuid);
|
||||
|
||||
|
@ -9,8 +9,7 @@ public enum HsBookingItemType implements Node {
|
||||
PRIVATE_CLOUD,
|
||||
CLOUD_SERVER(PRIVATE_CLOUD),
|
||||
MANAGED_SERVER(PRIVATE_CLOUD),
|
||||
MANAGED_WEBSPACE(MANAGED_SERVER),
|
||||
DOMAIN_SETUP;
|
||||
MANAGED_WEBSPACE(MANAGED_SERVER);
|
||||
|
||||
private final HsBookingItemType parentItemType;
|
||||
|
||||
|
@ -1,136 +0,0 @@
|
||||
package net.hostsharing.hsadminng.hs.booking.item.validators;
|
||||
|
||||
import lombok.Getter;
|
||||
import net.hostsharing.hsadminng.errors.MultiValidationException;
|
||||
import net.hostsharing.hsadminng.hs.booking.generated.api.v1.model.HsBookingItemResource;
|
||||
import net.hostsharing.hsadminng.hs.booking.item.HsBookingItem;
|
||||
import net.hostsharing.hsadminng.hs.validation.HsEntityValidator;
|
||||
|
||||
import jakarta.persistence.EntityManager;
|
||||
import java.util.Arrays;
|
||||
import java.util.Map;
|
||||
import java.util.function.Function;
|
||||
import java.util.regex.Pattern;
|
||||
|
||||
// TODO.refa: introduce common base class with HsHostingAssetEntitySaveProcessor
|
||||
/**
|
||||
* Wraps the steps of the pararation, validation, mapping and revamp around saving of a HsBookingItem into a readable API.
|
||||
*/
|
||||
public class BookingItemEntitySaveProcessor {
|
||||
|
||||
private final HsEntityValidator<HsBookingItem> validator;
|
||||
private String expectedStep = "preprocessEntity";
|
||||
private final EntityManager em;
|
||||
|
||||
@Getter
|
||||
private HsBookingItem entity;
|
||||
|
||||
@Getter
|
||||
private HsBookingItemResource resource;
|
||||
|
||||
public BookingItemEntitySaveProcessor(final EntityManager em, final HsBookingItem entity) {
|
||||
this.em = em;
|
||||
this.entity = entity;
|
||||
this.validator = HsBookingItemEntityValidatorRegistry.forType(entity.getType());
|
||||
}
|
||||
|
||||
/// initial step allowing to set default values before any validations
|
||||
public BookingItemEntitySaveProcessor preprocessEntity() {
|
||||
step("preprocessEntity", "validateEntity");
|
||||
validator.preprocessEntity(entity);
|
||||
return this;
|
||||
}
|
||||
|
||||
/// validates the entity itself including its properties
|
||||
public BookingItemEntitySaveProcessor validateEntity() {
|
||||
step("validateEntity", "prepareForSave");
|
||||
MultiValidationException.throwIfNotEmpty(validator.validateEntity(entity));
|
||||
return this;
|
||||
}
|
||||
|
||||
// TODO.legacy: remove once the migration of legacy data is done
|
||||
/// validates the entity itself including its properties, but ignoring some error messages for import of legacy data
|
||||
public BookingItemEntitySaveProcessor validateEntityIgnoring(final String... ignoreRegExp) {
|
||||
step("validateEntity", "prepareForSave");
|
||||
final var ignoreRegExpPatterns = Arrays.stream(ignoreRegExp).map(Pattern::compile).toList();
|
||||
MultiValidationException.throwIfNotEmpty(
|
||||
validator.validateEntity(entity).stream()
|
||||
.filter(error -> ignoreRegExpPatterns.stream().noneMatch(p -> p.matcher(error).matches() ))
|
||||
.toList()
|
||||
);
|
||||
return this;
|
||||
}
|
||||
|
||||
/// hashing passwords etc.
|
||||
public BookingItemEntitySaveProcessor prepareForSave() {
|
||||
step("prepareForSave", "save");
|
||||
validator.prepareProperties(em, entity);
|
||||
return this;
|
||||
}
|
||||
|
||||
/**
|
||||
* Saves the entity using the given `saveFunction`.
|
||||
*
|
||||
* <p>`validator.postPersist(em, entity)` is NOT called.
|
||||
* If any postprocessing is necessary, the saveFunction has to implement this.</p>
|
||||
* @param saveFunction
|
||||
* @return this
|
||||
*/
|
||||
public BookingItemEntitySaveProcessor saveUsing(final Function<HsBookingItem, HsBookingItem> saveFunction) {
|
||||
step("save", "validateContext");
|
||||
entity = saveFunction.apply(entity);
|
||||
return this;
|
||||
}
|
||||
|
||||
/**
|
||||
* Saves the using the `EntityManager`, but does NOT ever merge the entity.
|
||||
*
|
||||
* <p>`validator.postPersist(em, entity)` is called afterwards with the entity guaranteed to be flushed to the database.</p>
|
||||
* @return this
|
||||
*/
|
||||
public BookingItemEntitySaveProcessor save() {
|
||||
return saveUsing(e -> {
|
||||
if (!em.contains(entity)) {
|
||||
em.persist(entity);
|
||||
}
|
||||
em.flush(); // makes RbacEntity available as RealEntity if needed
|
||||
validator.postPersist(em, entity);
|
||||
return entity;
|
||||
});
|
||||
}
|
||||
|
||||
/// validates the entity within it's parent and child hierarchy (e.g. totals validators and other limits)
|
||||
public BookingItemEntitySaveProcessor validateContext() {
|
||||
step("validateContext", "mapUsing");
|
||||
return HsEntityValidator.doWithEntityManager(em, () -> {
|
||||
MultiValidationException.throwIfNotEmpty(validator.validateContext(entity));
|
||||
return this;
|
||||
});
|
||||
}
|
||||
|
||||
/// maps entity to JSON resource representation
|
||||
public BookingItemEntitySaveProcessor mapUsing(
|
||||
final Function<HsBookingItem, HsBookingItemResource> mapFunction) {
|
||||
step("mapUsing", "revampProperties");
|
||||
resource = mapFunction.apply(entity);
|
||||
return this;
|
||||
}
|
||||
|
||||
/// removes write-only-properties and ads computed-properties
|
||||
@SuppressWarnings("unchecked")
|
||||
public HsBookingItemResource revampProperties() {
|
||||
step("revampProperties", null);
|
||||
final var revampedProps = validator.revampProperties(em, entity, (Map<String, Object>) resource.getResources());
|
||||
resource.setResources(revampedProps);
|
||||
return resource;
|
||||
}
|
||||
|
||||
// Makes sure that the steps are called in the correct order.
|
||||
// Could also be implemented using an interface per method, but that seems exaggerated.
|
||||
private void step(final String current, final String next) {
|
||||
if (!expectedStep.equals(current)) {
|
||||
throw new IllegalStateException("expected " + expectedStep + " but got " + current);
|
||||
}
|
||||
expectedStep = next;
|
||||
}
|
||||
}
|
@ -1,6 +1,6 @@
|
||||
package net.hostsharing.hsadminng.hs.booking.item.validators;
|
||||
|
||||
import net.hostsharing.hsadminng.hs.booking.item.HsBookingItem;
|
||||
import net.hostsharing.hsadminng.hs.booking.item.HsBookingItemEntity;
|
||||
import net.hostsharing.hsadminng.hs.validation.HsEntityValidator;
|
||||
import net.hostsharing.hsadminng.hs.validation.ValidatableProperty;
|
||||
import org.apache.commons.lang3.BooleanUtils;
|
||||
@ -14,14 +14,14 @@ import static java.util.Arrays.stream;
|
||||
import static java.util.Collections.emptyList;
|
||||
import static java.util.Optional.ofNullable;
|
||||
|
||||
public class HsBookingItemEntityValidator extends HsEntityValidator<HsBookingItem> {
|
||||
public class HsBookingItemEntityValidator extends HsEntityValidator<HsBookingItemEntity> {
|
||||
|
||||
public HsBookingItemEntityValidator(final ValidatableProperty<?, ?>... properties) {
|
||||
super(properties);
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<String> validateEntity(final HsBookingItem bookingItem) {
|
||||
public List<String> validateEntity(final HsBookingItemEntity bookingItem) {
|
||||
// TODO.impl: HsBookingItemType could do this similar to HsHostingAssetType
|
||||
if ( bookingItem.getParentItem() == null && bookingItem.getProject() == null) {
|
||||
return List.of(bookingItem + ".'parentItem' or .'project' expected to be set, but both are null");
|
||||
@ -30,21 +30,21 @@ public class HsBookingItemEntityValidator extends HsEntityValidator<HsBookingIte
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<String> validateContext(final HsBookingItem bookingItem) {
|
||||
public List<String> validateContext(final HsBookingItemEntity bookingItem) {
|
||||
return sequentiallyValidate(
|
||||
() -> optionallyValidate(bookingItem.getParentItem()),
|
||||
() -> validateAgainstSubEntities(bookingItem)
|
||||
);
|
||||
}
|
||||
|
||||
private static List<String> optionallyValidate(final HsBookingItem bookingItem) {
|
||||
private static List<String> optionallyValidate(final HsBookingItemEntity bookingItem) {
|
||||
return bookingItem != null
|
||||
? enrich(prefix(bookingItem.toShortString(), ""),
|
||||
HsBookingItemEntityValidatorRegistry.forType(bookingItem.getType()).validateContext(bookingItem))
|
||||
: emptyList();
|
||||
}
|
||||
|
||||
protected List<String> validateAgainstSubEntities(final HsBookingItem bookingItem) {
|
||||
protected List<String> validateAgainstSubEntities(final HsBookingItemEntity bookingItem) {
|
||||
return enrich(prefix(bookingItem.toShortString(), "resources"),
|
||||
Stream.concat(
|
||||
stream(propertyValidators)
|
||||
@ -58,7 +58,7 @@ public class HsBookingItemEntityValidator extends HsEntityValidator<HsBookingIte
|
||||
|
||||
// TODO.refa: convert into generic shape like multi-options validator
|
||||
private static String validateMaxTotalValue(
|
||||
final HsBookingItem bookingItem,
|
||||
final HsBookingItemEntity bookingItem,
|
||||
final ValidatableProperty<?, ?> propDef) {
|
||||
final var propName = propDef.propertyName();
|
||||
final var propUnit = ofNullable(propDef.unit()).map(u -> " " + u).orElse("");
|
||||
|
@ -1,11 +1,10 @@
|
||||
package net.hostsharing.hsadminng.hs.booking.item.validators;
|
||||
|
||||
import net.hostsharing.hsadminng.hs.booking.item.HsBookingItem;
|
||||
import net.hostsharing.hsadminng.hs.booking.item.HsBookingItemEntity;
|
||||
import net.hostsharing.hsadminng.hs.booking.item.HsBookingItemType;
|
||||
import net.hostsharing.hsadminng.hs.validation.HsEntityValidator;
|
||||
import net.hostsharing.hsadminng.errors.MultiValidationException;
|
||||
|
||||
import jakarta.persistence.EntityManager;
|
||||
import java.util.HashMap;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
@ -13,30 +12,28 @@ import java.util.Set;
|
||||
|
||||
import static java.util.Arrays.stream;
|
||||
import static net.hostsharing.hsadminng.hs.booking.item.HsBookingItemType.CLOUD_SERVER;
|
||||
import static net.hostsharing.hsadminng.hs.booking.item.HsBookingItemType.DOMAIN_SETUP;
|
||||
import static net.hostsharing.hsadminng.hs.booking.item.HsBookingItemType.MANAGED_SERVER;
|
||||
import static net.hostsharing.hsadminng.hs.booking.item.HsBookingItemType.MANAGED_WEBSPACE;
|
||||
import static net.hostsharing.hsadminng.hs.booking.item.HsBookingItemType.PRIVATE_CLOUD;
|
||||
|
||||
public class HsBookingItemEntityValidatorRegistry {
|
||||
|
||||
private static final Map<Enum<HsBookingItemType>, HsEntityValidator<HsBookingItem>> validators = new HashMap<>();
|
||||
private static final Map<Enum<HsBookingItemType>, HsEntityValidator<HsBookingItemEntity>> validators = new HashMap<>();
|
||||
static {
|
||||
register(PRIVATE_CLOUD, new HsPrivateCloudBookingItemValidator());
|
||||
register(CLOUD_SERVER, new HsCloudServerBookingItemValidator());
|
||||
register(MANAGED_SERVER, new HsManagedServerBookingItemValidator());
|
||||
register(MANAGED_WEBSPACE, new HsManagedWebspaceBookingItemValidator());
|
||||
register(DOMAIN_SETUP, new HsDomainSetupBookingItemValidator());
|
||||
}
|
||||
|
||||
private static void register(final Enum<HsBookingItemType> type, final HsEntityValidator<HsBookingItem> validator) {
|
||||
private static void register(final Enum<HsBookingItemType> type, final HsEntityValidator<HsBookingItemEntity> validator) {
|
||||
stream(validator.propertyValidators).forEach( entry -> {
|
||||
entry.verifyConsistency(Map.entry(type, validator));
|
||||
});
|
||||
validators.put(type, validator);
|
||||
}
|
||||
|
||||
public static HsEntityValidator<HsBookingItem> forType(final Enum<HsBookingItemType> type) {
|
||||
public static HsEntityValidator<HsBookingItemEntity> forType(final Enum<HsBookingItemType> type) {
|
||||
if ( validators.containsKey(type)) {
|
||||
return validators.get(type);
|
||||
}
|
||||
@ -47,17 +44,14 @@ public class HsBookingItemEntityValidatorRegistry {
|
||||
return validators.keySet();
|
||||
}
|
||||
|
||||
public static List<String> doValidate(final EntityManager em, final HsBookingItem bookingItem) {
|
||||
final var bookingItemValidator = HsBookingItemEntityValidatorRegistry.forType(bookingItem.getType());
|
||||
return HsEntityValidator.doWithEntityManager(em, () ->
|
||||
HsEntityValidator.sequentiallyValidate(
|
||||
() -> bookingItemValidator.validateEntity(bookingItem),
|
||||
() -> bookingItemValidator.validateContext(bookingItem))
|
||||
);
|
||||
public static List<String> doValidate(final HsBookingItemEntity bookingItem) {
|
||||
return HsEntityValidator.sequentiallyValidate(
|
||||
() -> HsBookingItemEntityValidatorRegistry.forType(bookingItem.getType()).validateEntity(bookingItem),
|
||||
() -> HsBookingItemEntityValidatorRegistry.forType(bookingItem.getType()).validateContext(bookingItem));
|
||||
}
|
||||
|
||||
public static <E extends HsBookingItem> E validated(final EntityManager em, final E entityToSave) {
|
||||
MultiValidationException.throwIfNotEmpty(doValidate(em, entityToSave));
|
||||
public static HsBookingItemEntity validated(final HsBookingItemEntity entityToSave) {
|
||||
MultiValidationException.throwIfNotEmpty(doValidate(entityToSave));
|
||||
return entityToSave;
|
||||
}
|
||||
}
|
||||
|
@ -1,69 +0,0 @@
|
||||
|
||||
package net.hostsharing.hsadminng.hs.booking.item.validators;
|
||||
|
||||
import net.hostsharing.hsadminng.hs.booking.item.HsBookingItem;
|
||||
import net.hostsharing.hsadminng.hs.validation.PropertiesProvider;
|
||||
|
||||
import jakarta.persistence.EntityManager;
|
||||
import java.security.SecureRandom;
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
|
||||
import static net.hostsharing.hsadminng.hs.hosting.asset.validators.Dns.REGISTRAR_LEVEL_DOMAINS;
|
||||
import static net.hostsharing.hsadminng.hs.validation.StringProperty.stringProperty;
|
||||
|
||||
class HsDomainSetupBookingItemValidator extends HsBookingItemEntityValidator {
|
||||
public static final String DOMAIN_NAME_PROPERTY_NAME = "domainName";
|
||||
|
||||
public static final String FQDN_REGEX = "^((?!-)[A-Za-z0-9-]{1,63}(?<!-)\\.)+[A-Za-z]{2,12}";
|
||||
public static final String WEBSPACE_NAME_REGEX = "[a-z][a-z0-9]{2}[0-9]{2}";
|
||||
public static final String TARGET_UNIX_USER_NAME_REGEX = "^"+WEBSPACE_NAME_REGEX+"$|^"+WEBSPACE_NAME_REGEX+"-[a-z0-9\\._-]+$";
|
||||
public static final String VERIFICATION_CODE_PROPERTY_NAME = "verificationCode";
|
||||
|
||||
HsDomainSetupBookingItemValidator() {
|
||||
super(
|
||||
// TODO.spec: feels wrong
|
||||
stringProperty(DOMAIN_NAME_PROPERTY_NAME).writeOnce()
|
||||
.maxLength(253)
|
||||
.matchesRegEx(FQDN_REGEX).describedAs("is not a (non-top-level) fully qualified domain name")
|
||||
.notMatchesRegEx(REGISTRAR_LEVEL_DOMAINS).describedAs("is a forbidden registrar-level domain name")
|
||||
.required(),
|
||||
stringProperty(VERIFICATION_CODE_PROPERTY_NAME)
|
||||
.minLength(12)
|
||||
.maxLength(64)
|
||||
.initializedBy(HsDomainSetupBookingItemValidator::generateVerificationCode)
|
||||
);
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<String> validateEntity(final HsBookingItem bookingItem) {
|
||||
final var violations = new ArrayList<String>();
|
||||
final var domainName = bookingItem.getDirectValue(DOMAIN_NAME_PROPERTY_NAME, String.class);
|
||||
if (!bookingItem.isLoaded() &&
|
||||
domainName.matches("hostsharing.(com|net|org|coop|de)")) {
|
||||
violations.add("'" + bookingItem.toShortString() + ".resources." + DOMAIN_NAME_PROPERTY_NAME + "' = '" + domainName
|
||||
+ "' is a forbidden Hostsharing domain name");
|
||||
}
|
||||
violations.addAll(super.validateEntity(bookingItem));
|
||||
return violations;
|
||||
}
|
||||
|
||||
private static String generateVerificationCode(final EntityManager em, final PropertiesProvider propertiesProvider) {
|
||||
final var userDefinedVerificationCode = propertiesProvider.getDirectValue(VERIFICATION_CODE_PROPERTY_NAME, String.class);
|
||||
if (userDefinedVerificationCode != null) {
|
||||
return userDefinedVerificationCode;
|
||||
}
|
||||
|
||||
final var alphaNumeric = "ABCDEFGHJKLMNPQRSTUVWXYZ23456789";
|
||||
final var secureRandom = new SecureRandom();
|
||||
final var sb = new StringBuilder();
|
||||
for (int i = 0; i < 40; ++i) {
|
||||
if ( i > 0 && i % 4 == 0 ) {
|
||||
sb.append("-");
|
||||
}
|
||||
sb.append(alphaNumeric.charAt(secureRandom.nextInt(alphaNumeric.length())));
|
||||
}
|
||||
return sb.toString();
|
||||
}
|
||||
|
||||
}
|
@ -1,15 +1,13 @@
|
||||
package net.hostsharing.hsadminng.hs.booking.item.validators;
|
||||
|
||||
import net.hostsharing.hsadminng.hs.booking.item.HsBookingItem;
|
||||
import net.hostsharing.hsadminng.hs.hosting.asset.HsHostingAssetRealEntity;
|
||||
import net.hostsharing.hsadminng.hs.validation.HsEntityValidator;
|
||||
import net.hostsharing.hsadminng.hs.booking.item.HsBookingItemEntity;
|
||||
import net.hostsharing.hsadminng.hs.validation.IntegerProperty;
|
||||
import org.apache.commons.lang3.function.TriFunction;
|
||||
|
||||
import java.util.List;
|
||||
import java.util.Optional;
|
||||
|
||||
import static java.util.Collections.emptyList;
|
||||
import static java.util.Optional.ofNullable;
|
||||
import static net.hostsharing.hsadminng.hs.hosting.asset.HsHostingAssetType.DOMAIN_MBOX_SETUP;
|
||||
import static net.hostsharing.hsadminng.hs.hosting.asset.HsHostingAssetType.EMAIL_ADDRESS;
|
||||
import static net.hostsharing.hsadminng.hs.hosting.asset.HsHostingAssetType.MARIADB_DATABASE;
|
||||
@ -40,9 +38,9 @@ class HsManagedWebspaceBookingItemValidator extends HsBookingItemEntityValidator
|
||||
);
|
||||
}
|
||||
|
||||
private static TriFunction<HsBookingItem, IntegerProperty<?>, Integer, List<String>> unixUsers() {
|
||||
return (final HsBookingItem entity, final IntegerProperty<?> prop, final Integer factor) -> {
|
||||
final var unixUserCount = fetchRelatedBookingItem(entity)
|
||||
private static TriFunction<HsBookingItemEntity, IntegerProperty<?>, Integer, List<String>> unixUsers() {
|
||||
return (final HsBookingItemEntity entity, final IntegerProperty<?> prop, final Integer factor) -> {
|
||||
final var unixUserCount = ofNullable(entity.getRelatedHostingAsset())
|
||||
.map(ha -> ha.getSubHostingAssets().stream()
|
||||
.filter(subAsset -> subAsset.getType() == UNIX_USER)
|
||||
.count())
|
||||
@ -55,9 +53,9 @@ class HsManagedWebspaceBookingItemValidator extends HsBookingItemEntityValidator
|
||||
};
|
||||
}
|
||||
|
||||
private static TriFunction<HsBookingItem, IntegerProperty<?>, Integer, List<String>> databaseUsers() {
|
||||
return (final HsBookingItem entity, final IntegerProperty<?> prop, final Integer factor) -> {
|
||||
final var dbUserCount = fetchRelatedBookingItem(entity)
|
||||
private static TriFunction<HsBookingItemEntity, IntegerProperty<?>, Integer, List<String>> databaseUsers() {
|
||||
return (final HsBookingItemEntity entity, final IntegerProperty<?> prop, final Integer factor) -> {
|
||||
final var dbUserCount = ofNullable(entity.getRelatedHostingAsset())
|
||||
.map(ha -> ha.getSubHostingAssets().stream()
|
||||
.filter(bi -> bi.getType() == PGSQL_USER || bi.getType() == MARIADB_USER )
|
||||
.count())
|
||||
@ -70,9 +68,9 @@ class HsManagedWebspaceBookingItemValidator extends HsBookingItemEntityValidator
|
||||
};
|
||||
}
|
||||
|
||||
private static TriFunction<HsBookingItem, IntegerProperty<?>, Integer, List<String>> databases() {
|
||||
return (final HsBookingItem entity, final IntegerProperty<?> prop, final Integer factor) -> {
|
||||
final var unixUserCount = fetchRelatedBookingItem(entity)
|
||||
private static TriFunction<HsBookingItemEntity, IntegerProperty<?>, Integer, List<String>> databases() {
|
||||
return (final HsBookingItemEntity entity, final IntegerProperty<?> prop, final Integer factor) -> {
|
||||
final var unixUserCount = ofNullable(entity.getRelatedHostingAsset())
|
||||
.map(ha -> ha.getSubHostingAssets().stream()
|
||||
.filter(bi -> bi.getType()==PGSQL_USER || bi.getType()==MARIADB_USER )
|
||||
.flatMap(domainEMailSetup -> domainEMailSetup.getSubHostingAssets().stream()
|
||||
@ -87,9 +85,9 @@ class HsManagedWebspaceBookingItemValidator extends HsBookingItemEntityValidator
|
||||
};
|
||||
}
|
||||
|
||||
private static TriFunction<HsBookingItem, IntegerProperty<?>, Integer, List<String>> eMailAddresses() {
|
||||
return (final HsBookingItem entity, final IntegerProperty<?> prop, final Integer factor) -> {
|
||||
final var unixUserCount = fetchRelatedBookingItem(entity)
|
||||
private static TriFunction<HsBookingItemEntity, IntegerProperty<?>, Integer, List<String>> eMailAddresses() {
|
||||
return (final HsBookingItemEntity entity, final IntegerProperty<?> prop, final Integer factor) -> {
|
||||
final var unixUserCount = ofNullable(entity.getRelatedHostingAsset())
|
||||
.map(ha -> ha.getSubHostingAssets().stream()
|
||||
.filter(bi -> bi.getType() == DOMAIN_MBOX_SETUP)
|
||||
.flatMap(domainEMailSetup -> domainEMailSetup.getSubHostingAssets().stream()
|
||||
@ -103,13 +101,4 @@ class HsManagedWebspaceBookingItemValidator extends HsBookingItemEntityValidator
|
||||
return emptyList();
|
||||
};
|
||||
}
|
||||
|
||||
private static Optional<HsHostingAssetRealEntity> fetchRelatedBookingItem(final HsBookingItem entity) {
|
||||
// TODO.perf: maybe we need to cache the result at least for a single valiationrun
|
||||
return HsEntityValidator.localEntityManager.get().createQuery(
|
||||
"SELECT asset FROM HsHostingAssetRealEntity asset WHERE asset.bookingItem.uuid=:bookingItemUuid",
|
||||
HsHostingAssetRealEntity.class)
|
||||
.setParameter("bookingItemUuid", entity.getUuid())
|
||||
.getResultStream().findFirst(); // there are 0 or 1, never more
|
||||
}
|
||||
}
|
||||
|
@ -1,53 +0,0 @@
|
||||
package net.hostsharing.hsadminng.hs.booking.project;
|
||||
|
||||
import lombok.*;
|
||||
import lombok.experimental.SuperBuilder;
|
||||
import net.hostsharing.hsadminng.hs.booking.debitor.HsBookingDebitorEntity;
|
||||
import net.hostsharing.hsadminng.persistence.BaseEntity;
|
||||
import net.hostsharing.hsadminng.repr.Stringify;
|
||||
import net.hostsharing.hsadminng.repr.Stringifyable;
|
||||
|
||||
import jakarta.persistence.*;
|
||||
import java.util.UUID;
|
||||
|
||||
import static java.util.Optional.ofNullable;
|
||||
import static net.hostsharing.hsadminng.repr.Stringify.stringify;
|
||||
|
||||
@MappedSuperclass
|
||||
@Getter
|
||||
@Setter
|
||||
@NoArgsConstructor(access = AccessLevel.PROTECTED)
|
||||
@AllArgsConstructor(access = AccessLevel.PROTECTED)
|
||||
@SuperBuilder(builderMethodName = "baseBuilder", toBuilder = true)
|
||||
public abstract class HsBookingProject implements Stringifyable, BaseEntity<HsBookingProject> {
|
||||
|
||||
private static Stringify<HsBookingProject> stringify = stringify(HsBookingProject.class)
|
||||
.withProp(HsBookingProject::getDebitor)
|
||||
.withProp(HsBookingProject::getCaption)
|
||||
.quotedValues(false);
|
||||
|
||||
@Id
|
||||
@GeneratedValue
|
||||
private UUID uuid;
|
||||
|
||||
@Version
|
||||
private int version;
|
||||
|
||||
@ManyToOne(optional = false)
|
||||
@JoinColumn(name = "debitoruuid")
|
||||
private HsBookingDebitorEntity debitor;
|
||||
|
||||
@Column(name = "caption")
|
||||
private String caption;
|
||||
|
||||
@Override
|
||||
public String toString() {
|
||||
return stringify.apply(this);
|
||||
}
|
||||
|
||||
@Override
|
||||
public String toShortString() {
|
||||
return ofNullable(debitor).map(HsBookingDebitorEntity::toShortString).orElse("D-???????") +
|
||||
":" + caption;
|
||||
}
|
||||
}
|
@ -1,17 +1,17 @@
|
||||
package net.hostsharing.hsadminng.hs.booking.project;
|
||||
|
||||
import io.micrometer.core.annotation.Timed;
|
||||
import net.hostsharing.hsadminng.context.Context;
|
||||
import net.hostsharing.hsadminng.hs.booking.debitor.HsBookingDebitorRepository;
|
||||
import net.hostsharing.hsadminng.hs.booking.generated.api.v1.api.HsBookingProjectsApi;
|
||||
import net.hostsharing.hsadminng.hs.booking.generated.api.v1.model.HsBookingProjectInsertResource;
|
||||
import net.hostsharing.hsadminng.hs.booking.generated.api.v1.model.HsBookingProjectPatchResource;
|
||||
import net.hostsharing.hsadminng.hs.booking.generated.api.v1.model.HsBookingProjectResource;
|
||||
import net.hostsharing.hsadminng.mapper.StandardMapper;
|
||||
import net.hostsharing.hsadminng.mapper.Mapper;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.http.ResponseEntity;
|
||||
import org.springframework.transaction.annotation.Transactional;
|
||||
import org.springframework.web.bind.annotation.RestController;
|
||||
import org.springframework.web.bind.annotation.CrossOrigin;
|
||||
import org.springframework.web.servlet.mvc.method.annotation.MvcUriComponentsBuilder;
|
||||
|
||||
import jakarta.persistence.EntityNotFoundException;
|
||||
@ -19,6 +19,7 @@ import java.util.List;
|
||||
import java.util.UUID;
|
||||
import java.util.function.BiConsumer;
|
||||
|
||||
@CrossOrigin(origins = "${HSADMINNG_CORS_WEBUI:http://localhost:3000}")
|
||||
@RestController
|
||||
public class HsBookingProjectController implements HsBookingProjectsApi {
|
||||
|
||||
@ -26,22 +27,21 @@ public class HsBookingProjectController implements HsBookingProjectsApi {
|
||||
private Context context;
|
||||
|
||||
@Autowired
|
||||
private StandardMapper mapper;
|
||||
private Mapper mapper;
|
||||
|
||||
@Autowired
|
||||
private HsBookingProjectRbacRepository bookingProjectRepo;
|
||||
private HsBookingProjectRepository bookingProjectRepo;
|
||||
|
||||
@Autowired
|
||||
private HsBookingDebitorRepository debitorRepo;
|
||||
|
||||
@Override
|
||||
@Transactional(readOnly = true)
|
||||
@Timed("app.bookingProjects.api.getListOfBookingProjectsByDebitorUuid")
|
||||
public ResponseEntity<List<HsBookingProjectResource>> getListOfBookingProjectsByDebitorUuid(
|
||||
final String currentSubject,
|
||||
public ResponseEntity<List<HsBookingProjectResource>> listBookingProjectsByDebitorUuid(
|
||||
final String currentUser,
|
||||
final String assumedRoles,
|
||||
final UUID debitorUuid) {
|
||||
context.define(currentSubject, assumedRoles);
|
||||
context.define(currentUser, assumedRoles);
|
||||
|
||||
final var entities = bookingProjectRepo.findAllByDebitorUuid(debitorUuid);
|
||||
|
||||
@ -51,15 +51,14 @@ public class HsBookingProjectController implements HsBookingProjectsApi {
|
||||
|
||||
@Override
|
||||
@Transactional
|
||||
@Timed("app.bookingProjects.api.postNewBookingProject")
|
||||
public ResponseEntity<HsBookingProjectResource> postNewBookingProject(
|
||||
final String currentSubject,
|
||||
public ResponseEntity<HsBookingProjectResource> addBookingProject(
|
||||
final String currentUser,
|
||||
final String assumedRoles,
|
||||
final HsBookingProjectInsertResource body) {
|
||||
|
||||
context.define(currentSubject, assumedRoles);
|
||||
context.define(currentUser, assumedRoles);
|
||||
|
||||
final var entityToSave = mapper.map(body, HsBookingProjectRbacEntity.class, RESOURCE_TO_ENTITY_POSTMAPPER);
|
||||
final var entityToSave = mapper.map(body, HsBookingProjectEntity.class, RESOURCE_TO_ENTITY_POSTMAPPER);
|
||||
|
||||
final var saved = bookingProjectRepo.save(entityToSave);
|
||||
|
||||
@ -74,13 +73,12 @@ public class HsBookingProjectController implements HsBookingProjectsApi {
|
||||
|
||||
@Override
|
||||
@Transactional(readOnly = true)
|
||||
@Timed("app.bookingProjects.api.getBookingProjectByUuid")
|
||||
public ResponseEntity<HsBookingProjectResource> getBookingProjectByUuid(
|
||||
final String currentSubject,
|
||||
final String currentUser,
|
||||
final String assumedRoles,
|
||||
final UUID bookingProjectUuid) {
|
||||
|
||||
context.define(currentSubject, assumedRoles);
|
||||
context.define(currentUser, assumedRoles);
|
||||
|
||||
final var result = bookingProjectRepo.findByUuid(bookingProjectUuid);
|
||||
return result
|
||||
@ -91,12 +89,11 @@ public class HsBookingProjectController implements HsBookingProjectsApi {
|
||||
|
||||
@Override
|
||||
@Transactional
|
||||
@Timed("app.bookingProjects.api.deleteBookingIemByUuid")
|
||||
public ResponseEntity<Void> deleteBookingIemByUuid(
|
||||
final String currentSubject,
|
||||
final String currentUser,
|
||||
final String assumedRoles,
|
||||
final UUID bookingProjectUuid) {
|
||||
context.define(currentSubject, assumedRoles);
|
||||
context.define(currentUser, assumedRoles);
|
||||
|
||||
final var result = bookingProjectRepo.deleteByUuid(bookingProjectUuid);
|
||||
return result == 0
|
||||
@ -106,14 +103,13 @@ public class HsBookingProjectController implements HsBookingProjectsApi {
|
||||
|
||||
@Override
|
||||
@Transactional
|
||||
@Timed("app.bookingProjects.api.patchBookingProject")
|
||||
public ResponseEntity<HsBookingProjectResource> patchBookingProject(
|
||||
final String currentSubject,
|
||||
final String currentUser,
|
||||
final String assumedRoles,
|
||||
final UUID bookingProjectUuid,
|
||||
final HsBookingProjectPatchResource body) {
|
||||
|
||||
context.define(currentSubject, assumedRoles);
|
||||
context.define(currentUser, assumedRoles);
|
||||
|
||||
final var current = bookingProjectRepo.findByUuid(bookingProjectUuid).orElseThrow();
|
||||
|
||||
@ -124,7 +120,7 @@ public class HsBookingProjectController implements HsBookingProjectsApi {
|
||||
return ResponseEntity.ok(mapped);
|
||||
}
|
||||
|
||||
final BiConsumer<HsBookingProjectInsertResource, HsBookingProjectRbacEntity> RESOURCE_TO_ENTITY_POSTMAPPER = (resource, entity) -> {
|
||||
final BiConsumer<HsBookingProjectInsertResource, HsBookingProjectEntity> RESOURCE_TO_ENTITY_POSTMAPPER = (resource, entity) -> {
|
||||
if (resource.getDebitorUuid() != null) {
|
||||
entity.setDebitor(debitorRepo.findByUuid(resource.getDebitorUuid())
|
||||
.orElseThrow(() -> new EntityNotFoundException("ERROR: [400] debitorUuid %s not found".formatted(
|
||||
|
@ -0,0 +1,114 @@
|
||||
package net.hostsharing.hsadminng.hs.booking.project;
|
||||
|
||||
import lombok.*;
|
||||
import net.hostsharing.hsadminng.hs.booking.debitor.HsBookingDebitorEntity;
|
||||
import net.hostsharing.hsadminng.hs.office.debitor.HsOfficeDebitorEntity;
|
||||
import net.hostsharing.hsadminng.hs.office.relation.HsOfficeRelationRbacEntity;
|
||||
import net.hostsharing.hsadminng.rbac.rbacdef.RbacView;
|
||||
import net.hostsharing.hsadminng.rbac.rbacdef.RbacView.SQL;
|
||||
import net.hostsharing.hsadminng.rbac.rbacobject.BaseEntity;
|
||||
import net.hostsharing.hsadminng.stringify.Stringify;
|
||||
import net.hostsharing.hsadminng.stringify.Stringifyable;
|
||||
|
||||
import jakarta.persistence.*;
|
||||
import java.io.IOException;
|
||||
import java.util.UUID;
|
||||
|
||||
import static java.util.Optional.ofNullable;
|
||||
import static net.hostsharing.hsadminng.hs.office.relation.HsOfficeRelationType.DEBITOR;
|
||||
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Column.dependsOnColumn;
|
||||
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.ColumnValue.usingCase;
|
||||
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.ColumnValue.usingDefaultCase;
|
||||
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Nullable.NOT_NULL;
|
||||
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.*;
|
||||
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.*;
|
||||
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.SQL.directlyFetchedByDependsOnColumn;
|
||||
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.SQL.fetchedBySql;
|
||||
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.rbacViewFor;
|
||||
import static net.hostsharing.hsadminng.stringify.Stringify.stringify;
|
||||
|
||||
@Builder
|
||||
@Entity
|
||||
@Table(name = "hs_booking_project_rv")
|
||||
@Getter
|
||||
@Setter
|
||||
@NoArgsConstructor
|
||||
@AllArgsConstructor
|
||||
public class HsBookingProjectEntity implements Stringifyable, BaseEntity<HsBookingProjectEntity> {
|
||||
|
||||
private static Stringify<HsBookingProjectEntity> stringify = stringify(HsBookingProjectEntity.class)
|
||||
.withProp(HsBookingProjectEntity::getDebitor)
|
||||
.withProp(HsBookingProjectEntity::getCaption)
|
||||
.quotedValues(false);
|
||||
|
||||
@Id
|
||||
@GeneratedValue
|
||||
private UUID uuid;
|
||||
|
||||
@Version
|
||||
private int version;
|
||||
|
||||
@ManyToOne(optional = false)
|
||||
@JoinColumn(name = "debitoruuid")
|
||||
private HsBookingDebitorEntity debitor;
|
||||
|
||||
@Column(name = "caption")
|
||||
private String caption;
|
||||
|
||||
@Override
|
||||
public String toString() {
|
||||
return stringify.apply(this);
|
||||
}
|
||||
|
||||
@Override
|
||||
public String toShortString() {
|
||||
return ofNullable(debitor).map(HsBookingDebitorEntity::toShortString).orElse("D-???????") +
|
||||
":" + caption;
|
||||
}
|
||||
|
||||
public static RbacView rbac() {
|
||||
return rbacViewFor("project", HsBookingProjectEntity.class)
|
||||
.withIdentityView(SQL.query("""
|
||||
SELECT bookingProject.uuid as uuid, debitorIV.idName || '-' || cleanIdentifier(bookingProject.caption) as idName
|
||||
FROM hs_booking_project bookingProject
|
||||
JOIN hs_office_debitor_iv debitorIV ON debitorIV.uuid = bookingProject.debitorUuid
|
||||
"""))
|
||||
.withRestrictedViewOrderBy(SQL.expression("caption"))
|
||||
.withUpdatableColumns("version", "caption")
|
||||
|
||||
.importEntityAlias("debitor", HsOfficeDebitorEntity.class, usingDefaultCase(),
|
||||
dependsOnColumn("debitorUuid"),
|
||||
directlyFetchedByDependsOnColumn(),
|
||||
NOT_NULL)
|
||||
|
||||
.importEntityAlias("debitorRel", HsOfficeRelationRbacEntity.class, usingCase(DEBITOR),
|
||||
dependsOnColumn("debitorUuid"),
|
||||
fetchedBySql("""
|
||||
SELECT ${columns}
|
||||
FROM hs_office_relation debitorRel
|
||||
JOIN hs_office_debitor debitor ON debitor.debitorRelUuid = debitorRel.uuid
|
||||
WHERE debitor.uuid = ${REF}.debitorUuid
|
||||
"""),
|
||||
NOT_NULL)
|
||||
.toRole("debitorRel", ADMIN).grantPermission(INSERT)
|
||||
.toRole("global", ADMIN).grantPermission(DELETE)
|
||||
|
||||
.createRole(OWNER, (with) -> {
|
||||
with.incomingSuperRole("debitorRel", AGENT);
|
||||
})
|
||||
.createSubRole(ADMIN, (with) -> {
|
||||
with.permission(UPDATE);
|
||||
})
|
||||
.createSubRole(AGENT)
|
||||
.createSubRole(TENANT, (with) -> {
|
||||
with.outgoingSubRole("debitorRel", TENANT);
|
||||
with.permission(SELECT);
|
||||
})
|
||||
|
||||
.limitDiagramTo("project", "debitorRel", "global");
|
||||
}
|
||||
|
||||
public static void main(String[] args) throws IOException {
|
||||
rbac().generateWithBaseFileName("6-hs-booking/620-booking-project/6203-hs-booking-project-rbac");
|
||||
}
|
||||
}
|
@ -8,9 +8,9 @@ import net.hostsharing.hsadminng.mapper.OptionalFromJson;
|
||||
|
||||
public class HsBookingProjectEntityPatcher implements EntityPatcher<HsBookingProjectPatchResource> {
|
||||
|
||||
private final HsBookingProject entity;
|
||||
private final HsBookingProjectEntity entity;
|
||||
|
||||
public HsBookingProjectEntityPatcher(final HsBookingProject entity) {
|
||||
public HsBookingProjectEntityPatcher(final HsBookingProjectEntity entity) {
|
||||
this.entity = entity;
|
||||
}
|
||||
|
||||
|
@ -1,87 +0,0 @@
|
||||
package net.hostsharing.hsadminng.hs.booking.project;
|
||||
|
||||
import lombok.Getter;
|
||||
import lombok.NoArgsConstructor;
|
||||
import lombok.Setter;
|
||||
import lombok.experimental.SuperBuilder;
|
||||
import net.hostsharing.hsadminng.hs.office.debitor.HsOfficeDebitorEntity;
|
||||
import net.hostsharing.hsadminng.hs.office.relation.HsOfficeRelationRbacEntity;
|
||||
import net.hostsharing.hsadminng.rbac.generator.RbacView;
|
||||
import net.hostsharing.hsadminng.rbac.generator.RbacView.SQL;
|
||||
|
||||
import jakarta.persistence.Entity;
|
||||
import jakarta.persistence.Table;
|
||||
import java.io.IOException;
|
||||
|
||||
import static net.hostsharing.hsadminng.hs.office.relation.HsOfficeRelationType.DEBITOR;
|
||||
import static net.hostsharing.hsadminng.rbac.generator.RbacView.Column.dependsOnColumn;
|
||||
import static net.hostsharing.hsadminng.rbac.generator.RbacView.ColumnValue.usingCase;
|
||||
import static net.hostsharing.hsadminng.rbac.generator.RbacView.ColumnValue.usingDefaultCase;
|
||||
import static net.hostsharing.hsadminng.rbac.generator.RbacView.GLOBAL;
|
||||
import static net.hostsharing.hsadminng.rbac.generator.RbacView.Nullable.NOT_NULL;
|
||||
import static net.hostsharing.hsadminng.rbac.generator.RbacView.Permission.DELETE;
|
||||
import static net.hostsharing.hsadminng.rbac.generator.RbacView.Permission.INSERT;
|
||||
import static net.hostsharing.hsadminng.rbac.generator.RbacView.Permission.SELECT;
|
||||
import static net.hostsharing.hsadminng.rbac.generator.RbacView.Permission.UPDATE;
|
||||
import static net.hostsharing.hsadminng.rbac.generator.RbacView.Role.ADMIN;
|
||||
import static net.hostsharing.hsadminng.rbac.generator.RbacView.Role.AGENT;
|
||||
import static net.hostsharing.hsadminng.rbac.generator.RbacView.Role.OWNER;
|
||||
import static net.hostsharing.hsadminng.rbac.generator.RbacView.Role.TENANT;
|
||||
import static net.hostsharing.hsadminng.rbac.generator.RbacView.SQL.directlyFetchedByDependsOnColumn;
|
||||
import static net.hostsharing.hsadminng.rbac.generator.RbacView.SQL.fetchedBySql;
|
||||
import static net.hostsharing.hsadminng.rbac.generator.RbacView.rbacViewFor;
|
||||
|
||||
@Entity
|
||||
@Table(schema = "hs_booking", name = "project_rv")
|
||||
@SuperBuilder(toBuilder = true)
|
||||
@Getter
|
||||
@Setter
|
||||
@NoArgsConstructor
|
||||
public class HsBookingProjectRbacEntity extends HsBookingProject {
|
||||
|
||||
public static RbacView rbac() {
|
||||
return rbacViewFor("project", HsBookingProjectRbacEntity.class)
|
||||
.withIdentityView(SQL.query("""
|
||||
SELECT bookingProject.uuid as uuid, debitorIV.idName || '-' || base.cleanIdentifier(bookingProject.caption) as idName
|
||||
FROM hs_booking.project bookingProject
|
||||
JOIN hs_office.debitor_iv debitorIV ON debitorIV.uuid = bookingProject.debitorUuid
|
||||
"""))
|
||||
.withRestrictedViewOrderBy(SQL.expression("caption"))
|
||||
.withUpdatableColumns("version", "caption")
|
||||
|
||||
.importEntityAlias("debitor", HsOfficeDebitorEntity.class, usingDefaultCase(),
|
||||
dependsOnColumn("debitorUuid"),
|
||||
directlyFetchedByDependsOnColumn(),
|
||||
NOT_NULL)
|
||||
|
||||
.importEntityAlias("debitorRel", HsOfficeRelationRbacEntity.class, usingCase(DEBITOR),
|
||||
dependsOnColumn("debitorUuid"),
|
||||
fetchedBySql("""
|
||||
SELECT ${columns}
|
||||
FROM hs_office.relation debitorRel
|
||||
JOIN hs_office.debitor debitor ON debitor.debitorRelUuid = debitorRel.uuid
|
||||
WHERE debitor.uuid = ${REF}.debitorUuid
|
||||
"""),
|
||||
NOT_NULL)
|
||||
.toRole("debitorRel", ADMIN).grantPermission(INSERT)
|
||||
.toRole(GLOBAL, ADMIN).grantPermission(DELETE)
|
||||
|
||||
.createRole(OWNER, (with) -> {
|
||||
with.incomingSuperRole("debitorRel", AGENT).unassumed();
|
||||
})
|
||||
.createSubRole(ADMIN, (with) -> {
|
||||
with.permission(UPDATE);
|
||||
})
|
||||
.createSubRole(AGENT)
|
||||
.createSubRole(TENANT, (with) -> {
|
||||
with.outgoingSubRole("debitorRel", TENANT);
|
||||
with.permission(SELECT);
|
||||
})
|
||||
|
||||
.limitDiagramTo("project", "debitorRel", "rbac.global");
|
||||
}
|
||||
|
||||
public static void main(String[] args) throws IOException {
|
||||
rbac().generateWithBaseFileName("6-hs-booking/620-booking-project/6203-hs-booking-project-rbac");
|
||||
}
|
||||
}
|
@ -1,30 +0,0 @@
|
||||
package net.hostsharing.hsadminng.hs.booking.project;
|
||||
|
||||
import io.micrometer.core.annotation.Timed;
|
||||
import org.springframework.data.repository.Repository;
|
||||
|
||||
import java.util.List;
|
||||
import java.util.Optional;
|
||||
import java.util.UUID;
|
||||
|
||||
public interface HsBookingProjectRbacRepository extends HsBookingProjectRepository<HsBookingProjectRbacEntity>,
|
||||
Repository<HsBookingProjectRbacEntity, UUID> {
|
||||
|
||||
@Timed("app.bookingProjects.repo.findByUuid.rbac")
|
||||
Optional<HsBookingProjectRbacEntity> findByUuid(final UUID bookingProjectUuid);
|
||||
|
||||
@Timed("app.bookingProjects.repo.findByCaption.rbac")
|
||||
List<HsBookingProjectRbacEntity> findByCaption(final String projectCaption);
|
||||
|
||||
@Timed("app.bookingProjects.repo.findAllByDebitorUuid.rbac")
|
||||
List<HsBookingProjectRbacEntity> findAllByDebitorUuid(final UUID bookingProjectUuid);
|
||||
|
||||
@Timed("app.bookingProjects.repo.save.rbac")
|
||||
HsBookingProjectRbacEntity save(HsBookingProjectRbacEntity current);
|
||||
|
||||
@Timed("app.bookingProjects.repo.deleteByUuid.rbac")
|
||||
int deleteByUuid(final UUID uuid);
|
||||
|
||||
@Timed("app.bookingProjects.repo.count.rbac")
|
||||
long count();
|
||||
}
|
@ -1,19 +0,0 @@
|
||||
package net.hostsharing.hsadminng.hs.booking.project;
|
||||
|
||||
import lombok.Getter;
|
||||
import lombok.NoArgsConstructor;
|
||||
import lombok.Setter;
|
||||
import lombok.experimental.SuperBuilder;
|
||||
|
||||
import jakarta.persistence.Entity;
|
||||
import jakarta.persistence.Table;
|
||||
|
||||
|
||||
@Entity
|
||||
@Table(schema = "hs_booking", name = "project")
|
||||
@SuperBuilder(toBuilder = true)
|
||||
@Getter
|
||||
@Setter
|
||||
@NoArgsConstructor
|
||||
public class HsBookingProjectRealEntity extends HsBookingProject {
|
||||
}
|
@ -1,30 +0,0 @@
|
||||
package net.hostsharing.hsadminng.hs.booking.project;
|
||||
|
||||
import io.micrometer.core.annotation.Timed;
|
||||
import org.springframework.data.repository.Repository;
|
||||
|
||||
import java.util.List;
|
||||
import java.util.Optional;
|
||||
import java.util.UUID;
|
||||
|
||||
public interface HsBookingProjectRealRepository extends HsBookingProjectRepository<HsBookingProjectRealEntity>,
|
||||
Repository<HsBookingProjectRealEntity, UUID> {
|
||||
|
||||
@Timed("app.bookingProjects.repo.findByUuid.real")
|
||||
Optional<HsBookingProjectRealEntity> findByUuid(final UUID bookingProjectUuid);
|
||||
|
||||
@Timed("app.bookingProjects.repo.findByCaption.real")
|
||||
List<HsBookingProjectRealEntity> findByCaption(final String projectCaption);
|
||||
|
||||
@Timed("app.bookingProjects.repo.findAllByDebitorUuid.real")
|
||||
List<HsBookingProjectRealEntity> findAllByDebitorUuid(final UUID bookingProjectUuid);
|
||||
|
||||
@Timed("app.bookingProjects.repo.save.real")
|
||||
HsBookingProjectRealEntity save(HsBookingProjectRealEntity current);
|
||||
|
||||
@Timed("app.bookingProjects.repo.deleteByUuid.real")
|
||||
int deleteByUuid(final UUID uuid);
|
||||
|
||||
@Timed("app.bookingProjects.repo.count.real")
|
||||
long count();
|
||||
}
|
@ -1,28 +1,21 @@
|
||||
package net.hostsharing.hsadminng.hs.booking.project;
|
||||
|
||||
import io.micrometer.core.annotation.Timed;
|
||||
import org.springframework.data.repository.Repository;
|
||||
|
||||
import java.util.List;
|
||||
import java.util.Optional;
|
||||
import java.util.UUID;
|
||||
|
||||
public interface HsBookingProjectRepository<E extends HsBookingProject> {
|
||||
public interface HsBookingProjectRepository extends Repository<HsBookingProjectEntity, UUID> {
|
||||
|
||||
@Timed("app.booking.projects.repo.findByUuid")
|
||||
Optional<E> findByUuid(final UUID findByUuid);
|
||||
Optional<HsBookingProjectEntity> findByUuid(final UUID bookingProjectUuid);
|
||||
List<HsBookingProjectEntity> findByCaption(final String projectCaption);
|
||||
|
||||
@Timed("app.booking.projects.repo.findByCaption")
|
||||
List<E> findByCaption(final String projectCaption);
|
||||
List<HsBookingProjectEntity> findAllByDebitorUuid(final UUID bookingProjectUuid);
|
||||
|
||||
@Timed("app.booking.projects.repo.findAllByDebitorUuid")
|
||||
List<E> findAllByDebitorUuid(final UUID bookingProjectUuid);
|
||||
HsBookingProjectEntity save(HsBookingProjectEntity current);
|
||||
|
||||
@Timed("app.booking.projects.repo.save")
|
||||
E save(E current);
|
||||
|
||||
@Timed("app.booking.projects.repo.deleteByUuid")
|
||||
int deleteByUuid(final UUID uuid);
|
||||
|
||||
@Timed("app.booking.projects.repo.count")
|
||||
long count();
|
||||
}
|
||||
|
@ -1,58 +1,24 @@
|
||||
package net.hostsharing.hsadminng.hs.hosting.asset;
|
||||
|
||||
import io.hypersistence.utils.hibernate.type.json.JsonType;
|
||||
import lombok.AccessLevel;
|
||||
import lombok.AllArgsConstructor;
|
||||
import lombok.Builder;
|
||||
import lombok.NoArgsConstructor;
|
||||
import lombok.Setter;
|
||||
import lombok.Getter;
|
||||
import lombok.experimental.SuperBuilder;
|
||||
import net.hostsharing.hsadminng.hs.booking.item.HsBookingItem;
|
||||
import net.hostsharing.hsadminng.hs.booking.item.HsBookingItemRealEntity;
|
||||
import net.hostsharing.hsadminng.hs.booking.project.HsBookingProject;
|
||||
import net.hostsharing.hsadminng.hs.booking.item.HsBookingItemEntity;
|
||||
import net.hostsharing.hsadminng.hs.booking.project.HsBookingProjectEntity;
|
||||
import net.hostsharing.hsadminng.hs.office.contact.HsOfficeContactRealEntity;
|
||||
import net.hostsharing.hsadminng.hs.validation.PropertiesProvider;
|
||||
import net.hostsharing.hsadminng.mapper.PatchableMapWrapper;
|
||||
import net.hostsharing.hsadminng.persistence.BaseEntity;
|
||||
import net.hostsharing.hsadminng.repr.Stringify;
|
||||
import net.hostsharing.hsadminng.repr.Stringifyable;
|
||||
import org.hibernate.annotations.Type;
|
||||
import net.hostsharing.hsadminng.rbac.rbacobject.BaseEntity;
|
||||
import net.hostsharing.hsadminng.stringify.Stringify;
|
||||
import net.hostsharing.hsadminng.stringify.Stringifyable;
|
||||
|
||||
import jakarta.persistence.CascadeType;
|
||||
import jakarta.persistence.Column;
|
||||
import jakarta.persistence.EnumType;
|
||||
import jakarta.persistence.Enumerated;
|
||||
import jakarta.persistence.FetchType;
|
||||
import jakarta.persistence.GeneratedValue;
|
||||
import jakarta.persistence.Id;
|
||||
import jakarta.persistence.JoinColumn;
|
||||
import jakarta.persistence.ManyToOne;
|
||||
import jakarta.persistence.MappedSuperclass;
|
||||
import jakarta.persistence.OneToMany;
|
||||
import jakarta.persistence.OneToOne;
|
||||
import jakarta.persistence.PostLoad;
|
||||
import jakarta.persistence.Transient;
|
||||
import jakarta.persistence.Version;
|
||||
import java.util.ArrayList;
|
||||
import java.util.HashMap;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.Optional;
|
||||
import java.util.UUID;
|
||||
|
||||
import static java.util.Collections.emptyMap;
|
||||
import static net.hostsharing.hsadminng.repr.Stringify.stringify;
|
||||
import static net.hostsharing.hsadminng.stringify.Stringify.stringify;
|
||||
|
||||
@MappedSuperclass
|
||||
@Getter
|
||||
@Setter
|
||||
@NoArgsConstructor(access = AccessLevel.PROTECTED)
|
||||
@AllArgsConstructor(access = AccessLevel.PROTECTED)
|
||||
@SuperBuilder(builderMethodName = "baseBuilder", toBuilder = true)
|
||||
public abstract class HsHostingAsset implements Stringifyable, BaseEntity<HsHostingAsset>, PropertiesProvider {
|
||||
public interface HsHostingAsset extends Stringifyable, BaseEntity<HsHostingAsset>, PropertiesProvider {
|
||||
|
||||
static Stringify<HsHostingAsset> stringify = stringify(HsHostingAsset.class)
|
||||
Stringify<HsHostingAsset> stringify = stringify(HsHostingAsset.class)
|
||||
.withProp(HsHostingAsset::getType)
|
||||
.withProp(HsHostingAsset::getIdentifier)
|
||||
.withProp(HsHostingAsset::getCaption)
|
||||
@ -62,90 +28,29 @@ public abstract class HsHostingAsset implements Stringifyable, BaseEntity<HsHost
|
||||
.withProp(HsHostingAsset::getConfig)
|
||||
.quotedValues(false);
|
||||
|
||||
@Id
|
||||
@GeneratedValue
|
||||
private UUID uuid;
|
||||
|
||||
@Version
|
||||
private int version;
|
||||
void setUuid(UUID uuid);
|
||||
HsHostingAssetType getType();
|
||||
HsHostingAsset getParentAsset();
|
||||
void setIdentifier(String s);
|
||||
String getIdentifier();
|
||||
HsBookingItemEntity getBookingItem();
|
||||
HsHostingAsset getAssignedToAsset();
|
||||
HsOfficeContactRealEntity getAlarmContact();
|
||||
List<? extends HsHostingAsset> getSubHostingAssets();
|
||||
String getCaption();
|
||||
Map<String, Object> getConfig();
|
||||
|
||||
@OneToOne(fetch = FetchType.LAZY)
|
||||
@JoinColumn(name = "bookingitemuuid")
|
||||
private HsBookingItemRealEntity bookingItem;
|
||||
|
||||
@ManyToOne(fetch = FetchType.LAZY)
|
||||
@JoinColumn(name = "parentassetuuid")
|
||||
private HsHostingAssetRealEntity parentAsset;
|
||||
|
||||
@ManyToOne(fetch = FetchType.LAZY)
|
||||
@JoinColumn(name = "assignedtoassetuuid")
|
||||
private HsHostingAssetRealEntity assignedToAsset;
|
||||
|
||||
@Column(name = "type")
|
||||
@Enumerated(EnumType.STRING)
|
||||
private HsHostingAssetType type;
|
||||
|
||||
@ManyToOne(fetch = FetchType.LAZY)
|
||||
@JoinColumn(name = "alarmcontactuuid")
|
||||
private HsOfficeContactRealEntity alarmContact;
|
||||
|
||||
@OneToMany(cascade = CascadeType.REFRESH, orphanRemoval = true, fetch = FetchType.LAZY)
|
||||
@JoinColumn(name = "parentassetuuid", referencedColumnName = "uuid")
|
||||
private List<HsHostingAssetRealEntity> subHostingAssets;
|
||||
|
||||
@Column(name = "identifier")
|
||||
private String identifier; // e.g. vm1234, xyz00, example.org, xyz00_abc
|
||||
|
||||
@Column(name = "caption")
|
||||
private String caption;
|
||||
|
||||
@Builder.Default
|
||||
@Setter(AccessLevel.NONE)
|
||||
@Type(JsonType.class)
|
||||
@Column(columnDefinition = "config")
|
||||
private Map<String, Object> config = new HashMap<>();
|
||||
|
||||
@Transient
|
||||
private PatchableMapWrapper<Object> configWrapper;
|
||||
|
||||
@Transient
|
||||
private boolean isLoaded;
|
||||
|
||||
@PostLoad
|
||||
public void markAsLoaded() {
|
||||
this.isLoaded = true;
|
||||
}
|
||||
|
||||
public PatchableMapWrapper<Object> getConfig() {
|
||||
return PatchableMapWrapper.of(configWrapper, (newWrapper) -> {configWrapper = newWrapper;}, config);
|
||||
}
|
||||
|
||||
public void putConfig(Map<String, Object> newConfig) {
|
||||
PatchableMapWrapper.of(configWrapper, (newWrapper) -> {configWrapper = newWrapper;}, config).assign(newConfig);
|
||||
}
|
||||
|
||||
public List<HsHostingAssetRealEntity> getSubHostingAssets() {
|
||||
if (subHostingAssets == null) {
|
||||
subHostingAssets = new ArrayList<>();
|
||||
}
|
||||
return subHostingAssets;
|
||||
}
|
||||
|
||||
@Override
|
||||
public PatchableMapWrapper<Object> directProps() {
|
||||
return getConfig();
|
||||
}
|
||||
|
||||
public HsBookingProject getRelatedProject() {
|
||||
default HsBookingProjectEntity getRelatedProject() {
|
||||
return Optional.ofNullable(getBookingItem())
|
||||
.map(HsBookingItem::getRelatedProject)
|
||||
.map(HsBookingItemEntity::getRelatedProject)
|
||||
.orElseGet(() -> Optional.ofNullable(getParentAsset())
|
||||
.map(HsHostingAsset::getRelatedProject)
|
||||
.orElse(null));
|
||||
}
|
||||
|
||||
@Override
|
||||
public Object getContextValue(final String propName) {
|
||||
default Object getContextValue(final String propName) {
|
||||
final var v = directProps().get(propName);
|
||||
if (v != null) {
|
||||
return v;
|
||||
@ -161,12 +66,7 @@ public abstract class HsHostingAsset implements Stringifyable, BaseEntity<HsHost
|
||||
}
|
||||
|
||||
@Override
|
||||
public String toShortString() {
|
||||
default String toShortString() {
|
||||
return getType() + ":" + getIdentifier();
|
||||
}
|
||||
|
||||
@Override
|
||||
public String toString() {
|
||||
return stringify.apply(this);
|
||||
}
|
||||
}
|
||||
|
@ -1,7 +1,6 @@
|
||||
package net.hostsharing.hsadminng.hs.hosting.asset;
|
||||
|
||||
import io.micrometer.core.annotation.Timed;
|
||||
import net.hostsharing.hsadminng.hs.booking.item.HsBookingItemRealRepository;
|
||||
import net.hostsharing.hsadminng.hs.booking.item.HsBookingItemRepository;
|
||||
import net.hostsharing.hsadminng.hs.hosting.asset.validators.HostingAssetEntitySaveProcessor;
|
||||
import net.hostsharing.hsadminng.hs.hosting.asset.validators.HostingAssetEntityValidatorRegistry;
|
||||
import net.hostsharing.hsadminng.hs.hosting.generated.api.v1.api.HsHostingAssetsApi;
|
||||
@ -12,53 +11,52 @@ import net.hostsharing.hsadminng.hs.hosting.generated.api.v1.model.HsHostingAsse
|
||||
import net.hostsharing.hsadminng.hs.hosting.generated.api.v1.model.HsHostingAssetResource;
|
||||
import net.hostsharing.hsadminng.hs.hosting.generated.api.v1.model.HsHostingAssetTypeResource;
|
||||
import net.hostsharing.hsadminng.mapper.KeyValueMap;
|
||||
import net.hostsharing.hsadminng.mapper.StandardMapper;
|
||||
import net.hostsharing.hsadminng.persistence.EntityManagerWrapper;
|
||||
import net.hostsharing.hsadminng.mapper.Mapper;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.http.ResponseEntity;
|
||||
import org.springframework.transaction.annotation.Transactional;
|
||||
import org.springframework.web.bind.annotation.RestController;
|
||||
import org.springframework.web.bind.annotation.CrossOrigin;
|
||||
import org.springframework.web.servlet.mvc.method.annotation.MvcUriComponentsBuilder;
|
||||
|
||||
import jakarta.persistence.EntityManager;
|
||||
import jakarta.persistence.EntityNotFoundException;
|
||||
import jakarta.persistence.PersistenceContext;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.UUID;
|
||||
import java.util.function.BiConsumer;
|
||||
|
||||
@CrossOrigin(origins = "${HSADMINNG_CORS_WEBUI:http://localhost:3000}")
|
||||
@RestController
|
||||
public class HsHostingAssetController implements HsHostingAssetsApi {
|
||||
|
||||
@Autowired
|
||||
private EntityManagerWrapper emw;
|
||||
@PersistenceContext
|
||||
private EntityManager em;
|
||||
|
||||
@Autowired
|
||||
private Context context;
|
||||
|
||||
@Autowired
|
||||
private StandardMapper mapper;
|
||||
private Mapper mapper;
|
||||
|
||||
@Autowired
|
||||
private HsHostingAssetRbacRepository rbacAssetRepo;
|
||||
private HsHostingAssetRepository assetRepo;
|
||||
|
||||
@Autowired
|
||||
private HsHostingAssetRealRepository realAssetRepo;
|
||||
|
||||
@Autowired
|
||||
private HsBookingItemRealRepository realBookingItemRepo;
|
||||
private HsBookingItemRepository bookingItemRepo;
|
||||
|
||||
@Override
|
||||
@Transactional(readOnly = true)
|
||||
@Timed("app.hosting.assets.api.getListOfHostingAssets")
|
||||
public ResponseEntity<List<HsHostingAssetResource>> getListOfHostingAssets(
|
||||
final String currentSubject,
|
||||
public ResponseEntity<List<HsHostingAssetResource>> listAssets(
|
||||
final String currentUser,
|
||||
final String assumedRoles,
|
||||
final UUID debitorUuid,
|
||||
final UUID parentAssetUuid,
|
||||
final HsHostingAssetTypeResource type) {
|
||||
context.define(currentSubject, assumedRoles);
|
||||
context.define(currentUser, assumedRoles);
|
||||
|
||||
final var entities = rbacAssetRepo.findAllByCriteria(debitorUuid, parentAssetUuid, HsHostingAssetType.of(type));
|
||||
final var entities = assetRepo.findAllByCriteria(debitorUuid, parentAssetUuid, HsHostingAssetType.of(type));
|
||||
|
||||
final var resources = mapper.mapList(entities, HsHostingAssetResource.class, ENTITY_TO_RESOURCE_POSTMAPPER);
|
||||
return ResponseEntity.ok(resources);
|
||||
@ -67,21 +65,20 @@ public class HsHostingAssetController implements HsHostingAssetsApi {
|
||||
|
||||
@Override
|
||||
@Transactional
|
||||
@Timed("app.hosting.assets.api.postNewHostingAsset")
|
||||
public ResponseEntity<HsHostingAssetResource> postNewHostingAsset(
|
||||
final String currentSubject,
|
||||
public ResponseEntity<HsHostingAssetResource> addAsset(
|
||||
final String currentUser,
|
||||
final String assumedRoles,
|
||||
final HsHostingAssetInsertResource body) {
|
||||
|
||||
context.define(currentSubject, assumedRoles);
|
||||
context.define(currentUser, assumedRoles);
|
||||
|
||||
final var entity = mapper.map(body, HsHostingAssetRbacEntity.class, RESOURCE_TO_ENTITY_POSTMAPPER);
|
||||
final var entity = mapper.map(body, HsHostingAssetEntity.class, RESOURCE_TO_ENTITY_POSTMAPPER);
|
||||
|
||||
final var mapped = new HostingAssetEntitySaveProcessor(emw, entity)
|
||||
final var mapped = new HostingAssetEntitySaveProcessor(em, entity)
|
||||
.preprocessEntity()
|
||||
.validateEntity()
|
||||
.prepareForSave()
|
||||
.save()
|
||||
.saveUsing(assetRepo::save)
|
||||
.validateContext()
|
||||
.mapUsing(e -> mapper.map(e, HsHostingAssetResource.class))
|
||||
.revampProperties();
|
||||
@ -96,15 +93,14 @@ public class HsHostingAssetController implements HsHostingAssetsApi {
|
||||
|
||||
@Override
|
||||
@Transactional(readOnly = true)
|
||||
@Timed("app.hosting.assets.api.getSingleHostingAssetByUuid")
|
||||
public ResponseEntity<HsHostingAssetResource> getSingleHostingAssetByUuid(
|
||||
final String currentSubject,
|
||||
public ResponseEntity<HsHostingAssetResource> getAssetByUuid(
|
||||
final String currentUser,
|
||||
final String assumedRoles,
|
||||
final UUID assetUuid) {
|
||||
|
||||
context.define(currentSubject, assumedRoles);
|
||||
context.define(currentUser, assumedRoles);
|
||||
|
||||
final var result = rbacAssetRepo.findByUuid(assetUuid);
|
||||
final var result = assetRepo.findByUuid(assetUuid);
|
||||
return result
|
||||
.map(assetEntity -> ResponseEntity.ok(
|
||||
mapper.map(assetEntity, HsHostingAssetResource.class, ENTITY_TO_RESOURCE_POSTMAPPER)))
|
||||
@ -113,14 +109,13 @@ public class HsHostingAssetController implements HsHostingAssetsApi {
|
||||
|
||||
@Override
|
||||
@Transactional
|
||||
@Timed("app.hosting.assets.api.deleteHostingAssetByUuid")
|
||||
public ResponseEntity<Void> deleteHostingAssetByUuid(
|
||||
final String currentSubject,
|
||||
public ResponseEntity<Void> deleteAssetUuid(
|
||||
final String currentUser,
|
||||
final String assumedRoles,
|
||||
final UUID assetUuid) {
|
||||
context.define(currentSubject, assumedRoles);
|
||||
context.define(currentUser, assumedRoles);
|
||||
|
||||
final var result = rbacAssetRepo.deleteByUuid(assetUuid);
|
||||
final var result = assetRepo.deleteByUuid(assetUuid);
|
||||
return result == 0
|
||||
? ResponseEntity.notFound().build()
|
||||
: ResponseEntity.noContent().build();
|
||||
@ -128,24 +123,23 @@ public class HsHostingAssetController implements HsHostingAssetsApi {
|
||||
|
||||
@Override
|
||||
@Transactional
|
||||
@Timed("app.hosting.assets.api.patchHostingAsset")
|
||||
public ResponseEntity<HsHostingAssetResource> patchHostingAsset(
|
||||
final String currentSubject,
|
||||
public ResponseEntity<HsHostingAssetResource> patchAsset(
|
||||
final String currentUser,
|
||||
final String assumedRoles,
|
||||
final UUID assetUuid,
|
||||
final HsHostingAssetPatchResource body) {
|
||||
|
||||
context.define(currentSubject, assumedRoles);
|
||||
context.define(currentUser, assumedRoles);
|
||||
|
||||
final var entity = rbacAssetRepo.findByUuid(assetUuid).orElseThrow();
|
||||
final var entity = assetRepo.findByUuid(assetUuid).orElseThrow();
|
||||
|
||||
new HsHostingAssetEntityPatcher(emw, entity).apply(body);
|
||||
new HsHostingAssetEntityPatcher(em, entity).apply(body);
|
||||
|
||||
final var mapped = new HostingAssetEntitySaveProcessor(emw, entity)
|
||||
final var mapped = new HostingAssetEntitySaveProcessor(em, entity)
|
||||
.preprocessEntity()
|
||||
.validateEntity()
|
||||
.prepareForSave()
|
||||
.save()
|
||||
.saveUsing(assetRepo::save)
|
||||
.validateContext()
|
||||
.mapUsing(e -> mapper.map(e, HsHostingAssetResource.class))
|
||||
.revampProperties();
|
||||
@ -153,22 +147,22 @@ public class HsHostingAssetController implements HsHostingAssetsApi {
|
||||
return ResponseEntity.ok(mapped);
|
||||
}
|
||||
|
||||
final BiConsumer<HsHostingAssetInsertResource, HsHostingAssetRbacEntity> RESOURCE_TO_ENTITY_POSTMAPPER = (resource, entity) -> {
|
||||
final BiConsumer<HsHostingAssetInsertResource, HsHostingAssetEntity> RESOURCE_TO_ENTITY_POSTMAPPER = (resource, entity) -> {
|
||||
entity.putConfig(KeyValueMap.from(resource.getConfig()));
|
||||
if (resource.getBookingItemUuid() != null) {
|
||||
entity.setBookingItem(realBookingItemRepo.findByUuid(resource.getBookingItemUuid())
|
||||
entity.setBookingItem(bookingItemRepo.findByUuid(resource.getBookingItemUuid())
|
||||
.orElseThrow(() -> new EntityNotFoundException("ERROR: [400] bookingItemUuid %s not found".formatted(
|
||||
resource.getBookingItemUuid()))));
|
||||
}
|
||||
if (resource.getParentAssetUuid() != null) {
|
||||
entity.setParentAsset(realAssetRepo.findByUuid(resource.getParentAssetUuid())
|
||||
entity.setParentAsset(assetRepo.findByUuid(resource.getParentAssetUuid())
|
||||
.orElseThrow(() -> new EntityNotFoundException("ERROR: [400] parentAssetUuid %s not found".formatted(
|
||||
resource.getParentAssetUuid()))));
|
||||
}
|
||||
};
|
||||
|
||||
@SuppressWarnings("unchecked")
|
||||
final BiConsumer<HsHostingAssetRbacEntity, HsHostingAssetResource> ENTITY_TO_RESOURCE_POSTMAPPER = (entity, resource)
|
||||
final BiConsumer<HsHostingAssetEntity, HsHostingAssetResource> ENTITY_TO_RESOURCE_POSTMAPPER = (entity, resource)
|
||||
-> resource.setConfig(HostingAssetEntityValidatorRegistry.forType(entity.getType())
|
||||
.revampProperties(emw, entity, (Map<String, Object>) resource.getConfig()));
|
||||
.revampProperties(em, entity, (Map<String, Object>) resource.getConfig()));
|
||||
}
|
||||
|
@ -0,0 +1,211 @@
|
||||
package net.hostsharing.hsadminng.hs.hosting.asset;
|
||||
|
||||
import io.hypersistence.utils.hibernate.type.json.JsonType;
|
||||
import lombok.AccessLevel;
|
||||
import lombok.AllArgsConstructor;
|
||||
import lombok.Builder;
|
||||
import lombok.Getter;
|
||||
import lombok.NoArgsConstructor;
|
||||
import lombok.Setter;
|
||||
import net.hostsharing.hsadminng.hs.booking.item.HsBookingItemEntity;
|
||||
import net.hostsharing.hsadminng.hs.office.contact.HsOfficeContactRealEntity;
|
||||
import net.hostsharing.hsadminng.hs.office.contact.HsOfficeContactRbacEntity;
|
||||
import net.hostsharing.hsadminng.mapper.PatchableMapWrapper;
|
||||
import net.hostsharing.hsadminng.rbac.rbacdef.RbacView;
|
||||
import net.hostsharing.hsadminng.rbac.rbacdef.RbacView.SQL;
|
||||
import org.hibernate.annotations.Type;
|
||||
|
||||
import jakarta.persistence.CascadeType;
|
||||
import jakarta.persistence.Column;
|
||||
import jakarta.persistence.Entity;
|
||||
import jakarta.persistence.EnumType;
|
||||
import jakarta.persistence.Enumerated;
|
||||
import jakarta.persistence.FetchType;
|
||||
import jakarta.persistence.GeneratedValue;
|
||||
import jakarta.persistence.Id;
|
||||
import jakarta.persistence.JoinColumn;
|
||||
import jakarta.persistence.ManyToOne;
|
||||
import jakarta.persistence.OneToMany;
|
||||
import jakarta.persistence.OneToOne;
|
||||
import jakarta.persistence.PostLoad;
|
||||
import jakarta.persistence.Table;
|
||||
import jakarta.persistence.Transient;
|
||||
import jakarta.persistence.Version;
|
||||
import java.io.IOException;
|
||||
import java.util.HashMap;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.UUID;
|
||||
|
||||
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.CaseDef.inCaseOf;
|
||||
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Column.dependsOnColumn;
|
||||
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.ColumnValue.usingDefaultCase;
|
||||
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.GLOBAL;
|
||||
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Nullable.NULLABLE;
|
||||
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.DELETE;
|
||||
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.INSERT;
|
||||
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.SELECT;
|
||||
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.UPDATE;
|
||||
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.RbacUserReference.UserRole.CREATOR;
|
||||
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.ADMIN;
|
||||
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.AGENT;
|
||||
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.GUEST;
|
||||
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.OWNER;
|
||||
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.REFERRER;
|
||||
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.TENANT;
|
||||
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.SQL.directlyFetchedByDependsOnColumn;
|
||||
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.rbacViewFor;
|
||||
|
||||
@Builder
|
||||
@Entity
|
||||
@Table(name = "hs_hosting_asset_rv")
|
||||
@Getter
|
||||
@Setter
|
||||
@NoArgsConstructor
|
||||
@AllArgsConstructor
|
||||
public class HsHostingAssetEntity implements HsHostingAsset {
|
||||
|
||||
@Id
|
||||
@GeneratedValue
|
||||
private UUID uuid;
|
||||
|
||||
@Version
|
||||
private int version;
|
||||
|
||||
@OneToOne(fetch = FetchType.LAZY)
|
||||
@JoinColumn(name = "bookingitemuuid")
|
||||
private HsBookingItemEntity bookingItem;
|
||||
|
||||
@ManyToOne(fetch = FetchType.LAZY)
|
||||
@JoinColumn(name = "parentassetuuid")
|
||||
private HsHostingAssetEntity parentAsset;
|
||||
|
||||
@ManyToOne(fetch = FetchType.LAZY)
|
||||
@JoinColumn(name = "assignedtoassetuuid")
|
||||
private HsHostingAssetEntity assignedToAsset;
|
||||
|
||||
@Column(name = "type")
|
||||
@Enumerated(EnumType.STRING)
|
||||
private HsHostingAssetType type;
|
||||
|
||||
@ManyToOne(fetch = FetchType.LAZY)
|
||||
@JoinColumn(name = "alarmcontactuuid")
|
||||
private HsOfficeContactRealEntity alarmContact;
|
||||
|
||||
@OneToMany(cascade = CascadeType.REFRESH, orphanRemoval = true, fetch = FetchType.LAZY)
|
||||
@JoinColumn(name = "parentassetuuid", referencedColumnName = "uuid")
|
||||
private List<HsHostingAssetEntity> subHostingAssets;
|
||||
|
||||
@Column(name = "identifier")
|
||||
private String identifier; // e.g. vm1234, xyz00, example.org, xyz00_abc
|
||||
|
||||
@Column(name = "caption")
|
||||
private String caption;
|
||||
|
||||
@Builder.Default
|
||||
@Setter(AccessLevel.NONE)
|
||||
@Type(JsonType.class)
|
||||
@Column(columnDefinition = "config")
|
||||
private Map<String, Object> config = new HashMap<>();
|
||||
|
||||
@Transient
|
||||
private PatchableMapWrapper<Object> configWrapper;
|
||||
|
||||
@Transient
|
||||
private boolean isLoaded;
|
||||
|
||||
@PostLoad
|
||||
public void markAsLoaded() {
|
||||
this.isLoaded = true;
|
||||
}
|
||||
|
||||
public PatchableMapWrapper<Object> getConfig() {
|
||||
return PatchableMapWrapper.of(configWrapper, (newWrapper) -> {configWrapper = newWrapper;}, config);
|
||||
}
|
||||
|
||||
public void putConfig(Map<String, Object> newConfig) {
|
||||
PatchableMapWrapper.of(configWrapper, (newWrapper) -> {configWrapper = newWrapper;}, config).assign(newConfig);
|
||||
}
|
||||
|
||||
@Override
|
||||
public Map<String, Object> directProps() {
|
||||
return config;
|
||||
}
|
||||
|
||||
@Override
|
||||
public String toString() {
|
||||
return stringify.using(HsHostingAssetEntity.class).apply(this);
|
||||
}
|
||||
|
||||
public static RbacView rbac() {
|
||||
return rbacViewFor("asset", HsHostingAssetEntity.class)
|
||||
.withIdentityView(SQL.projection("identifier"))
|
||||
.withRestrictedViewOrderBy(SQL.expression("identifier"))
|
||||
.withUpdatableColumns("version", "caption", "config", "assignedToAssetUuid", "alarmContactUuid")
|
||||
.toRole(GLOBAL, ADMIN).grantPermission(INSERT) // TODO.impl: Why is this necessary to insert test data?
|
||||
|
||||
.importEntityAlias("bookingItem", HsBookingItemEntity.class, usingDefaultCase(),
|
||||
dependsOnColumn("bookingItemUuid"),
|
||||
directlyFetchedByDependsOnColumn(),
|
||||
NULLABLE)
|
||||
|
||||
.importEntityAlias("parentAsset", HsHostingAssetEntity.class, usingDefaultCase(),
|
||||
dependsOnColumn("parentAssetUuid"),
|
||||
directlyFetchedByDependsOnColumn(),
|
||||
NULLABLE)
|
||||
.toRole("parentAsset", ADMIN).grantPermission(INSERT)
|
||||
|
||||
.importEntityAlias("assignedToAsset", HsHostingAssetEntity.class, usingDefaultCase(),
|
||||
dependsOnColumn("assignedToAssetUuid"),
|
||||
directlyFetchedByDependsOnColumn(),
|
||||
NULLABLE)
|
||||
|
||||
.importEntityAlias("alarmContact", HsOfficeContactRbacEntity.class, usingDefaultCase(),
|
||||
dependsOnColumn("alarmContactUuid"),
|
||||
directlyFetchedByDependsOnColumn(),
|
||||
NULLABLE)
|
||||
|
||||
.switchOnColumn(
|
||||
"type",
|
||||
inCaseOf("DOMAIN_SETUP", then -> {
|
||||
then.toRole(GLOBAL, GUEST).grantPermission(INSERT);
|
||||
})
|
||||
)
|
||||
|
||||
.createRole(OWNER, (with) -> {
|
||||
with.owningUser(CREATOR);
|
||||
with.incomingSuperRole(GLOBAL, ADMIN).unassumed(); // TODO.spec: replace by a better solution
|
||||
with.incomingSuperRole("bookingItem", ADMIN);
|
||||
with.incomingSuperRole("parentAsset", ADMIN);
|
||||
with.permission(DELETE);
|
||||
})
|
||||
.createSubRole(ADMIN, (with) -> {
|
||||
with.incomingSuperRole("bookingItem", AGENT);
|
||||
with.incomingSuperRole("parentAsset", AGENT);
|
||||
with.permission(UPDATE);
|
||||
})
|
||||
.createSubRole(AGENT, (with) -> {
|
||||
with.outgoingSubRole("assignedToAsset", TENANT);
|
||||
with.outgoingSubRole("alarmContact", REFERRER);
|
||||
})
|
||||
.createSubRole(TENANT, (with) -> {
|
||||
with.outgoingSubRole("bookingItem", TENANT);
|
||||
with.outgoingSubRole("parentAsset", TENANT);
|
||||
with.incomingSuperRole("alarmContact", ADMIN);
|
||||
with.permission(SELECT);
|
||||
})
|
||||
|
||||
.limitDiagramTo(
|
||||
"asset",
|
||||
"bookingItem",
|
||||
"bookingItem.debitorRel",
|
||||
"parentAsset",
|
||||
"assignedToAsset",
|
||||
"alarmContact",
|
||||
"global");
|
||||
}
|
||||
|
||||
public static void main(String[] args) throws IOException {
|
||||
rbac().generateWithBaseFileName("7-hs-hosting/701-hosting-asset/7013-hs-hosting-asset-rbac");
|
||||
}
|
||||
}
|
@ -12,9 +12,9 @@ import java.util.Optional;
|
||||
public class HsHostingAssetEntityPatcher implements EntityPatcher<HsHostingAssetPatchResource> {
|
||||
|
||||
private final EntityManager em;
|
||||
private final HsHostingAssetRbacEntity entity;
|
||||
private final HsHostingAssetEntity entity;
|
||||
|
||||
public HsHostingAssetEntityPatcher(final EntityManager em, final HsHostingAssetRbacEntity entity) {
|
||||
HsHostingAssetEntityPatcher(final EntityManager em, final HsHostingAssetEntity entity) {
|
||||
this.em = em;
|
||||
this.entity = entity;
|
||||
}
|
||||
|
@ -1,22 +1,22 @@
|
||||
package net.hostsharing.hsadminng.hs.hosting.asset;
|
||||
|
||||
import io.micrometer.core.annotation.Timed;
|
||||
import net.hostsharing.hsadminng.hs.hosting.asset.validators.HostingAssetEntityValidatorRegistry;
|
||||
import net.hostsharing.hsadminng.hs.hosting.generated.api.v1.api.HsHostingAssetPropsApi;
|
||||
import net.hostsharing.hsadminng.hs.hosting.generated.api.v1.model.HsHostingAssetTypeResource;
|
||||
import org.springframework.http.ResponseEntity;
|
||||
import org.springframework.web.bind.annotation.RestController;
|
||||
import org.springframework.web.bind.annotation.CrossOrigin;
|
||||
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
|
||||
|
||||
@CrossOrigin(origins = "${HSADMINNG_CORS_WEBUI:http://localhost:3000}")
|
||||
@RestController
|
||||
public class HsHostingAssetPropsController implements HsHostingAssetPropsApi {
|
||||
|
||||
@Override
|
||||
@Timed("app.hosting.assets.api.getListOfHostingAssetTypes")
|
||||
public ResponseEntity<List<String>> getListOfHostingAssetTypes() {
|
||||
public ResponseEntity<List<String>> listAssetTypes() {
|
||||
final var resource = HostingAssetEntityValidatorRegistry.types().stream()
|
||||
.map(Enum::name)
|
||||
.toList();
|
||||
@ -24,8 +24,7 @@ public class HsHostingAssetPropsController implements HsHostingAssetPropsApi {
|
||||
}
|
||||
|
||||
@Override
|
||||
@Timed("app.hosting.assets.api.getListOfHostingAssetTypeProps")
|
||||
public ResponseEntity<List<Object>> getListOfHostingAssetTypeProps(
|
||||
public ResponseEntity<List<Object>> listAssetTypeProps(
|
||||
final HsHostingAssetTypeResource assetType) {
|
||||
|
||||
final Enum<HsHostingAssetType> type = HsHostingAssetType.of(assetType);
|
||||
|
@ -1,115 +0,0 @@
|
||||
package net.hostsharing.hsadminng.hs.hosting.asset;
|
||||
|
||||
import lombok.Getter;
|
||||
import lombok.NoArgsConstructor;
|
||||
import lombok.Setter;
|
||||
import lombok.experimental.SuperBuilder;
|
||||
import net.hostsharing.hsadminng.hs.booking.item.HsBookingItemRbacEntity;
|
||||
import net.hostsharing.hsadminng.hs.office.contact.HsOfficeContactRbacEntity;
|
||||
import net.hostsharing.hsadminng.rbac.generator.RbacView;
|
||||
import net.hostsharing.hsadminng.rbac.generator.RbacView.SQL;
|
||||
|
||||
import jakarta.persistence.Entity;
|
||||
import jakarta.persistence.Table;
|
||||
import java.io.IOException;
|
||||
|
||||
import static net.hostsharing.hsadminng.rbac.generator.RbacView.CaseDef.inCaseOf;
|
||||
import static net.hostsharing.hsadminng.rbac.generator.RbacView.Column.dependsOnColumn;
|
||||
import static net.hostsharing.hsadminng.rbac.generator.RbacView.ColumnValue.usingDefaultCase;
|
||||
import static net.hostsharing.hsadminng.rbac.generator.RbacView.GLOBAL;
|
||||
import static net.hostsharing.hsadminng.rbac.generator.RbacView.Nullable.NULLABLE;
|
||||
import static net.hostsharing.hsadminng.rbac.generator.RbacView.Permission.DELETE;
|
||||
import static net.hostsharing.hsadminng.rbac.generator.RbacView.Permission.INSERT;
|
||||
import static net.hostsharing.hsadminng.rbac.generator.RbacView.Permission.SELECT;
|
||||
import static net.hostsharing.hsadminng.rbac.generator.RbacView.Permission.UPDATE;
|
||||
import static net.hostsharing.hsadminng.rbac.generator.RbacView.RbacSubjectReference.UserRole.CREATOR;
|
||||
import static net.hostsharing.hsadminng.rbac.generator.RbacView.Role.ADMIN;
|
||||
import static net.hostsharing.hsadminng.rbac.generator.RbacView.Role.AGENT;
|
||||
import static net.hostsharing.hsadminng.rbac.generator.RbacView.Role.GUEST;
|
||||
import static net.hostsharing.hsadminng.rbac.generator.RbacView.Role.OWNER;
|
||||
import static net.hostsharing.hsadminng.rbac.generator.RbacView.Role.REFERRER;
|
||||
import static net.hostsharing.hsadminng.rbac.generator.RbacView.Role.TENANT;
|
||||
import static net.hostsharing.hsadminng.rbac.generator.RbacView.SQL.directlyFetchedByDependsOnColumn;
|
||||
import static net.hostsharing.hsadminng.rbac.generator.RbacView.rbacViewFor;
|
||||
|
||||
@Entity
|
||||
@Table(schema = "hs_hosting", name = "asset_rv")
|
||||
@SuperBuilder(toBuilder = true)
|
||||
@Getter
|
||||
@Setter
|
||||
@NoArgsConstructor
|
||||
public class HsHostingAssetRbacEntity extends HsHostingAsset {
|
||||
|
||||
public static RbacView rbac() {
|
||||
return rbacViewFor("asset", HsHostingAssetRbacEntity.class)
|
||||
.withIdentityView(SQL.projection("identifier"))
|
||||
.withRestrictedViewOrderBy(SQL.expression("identifier"))
|
||||
.withUpdatableColumns("version", "caption", "config", "assignedToAssetUuid", "alarmContactUuid")
|
||||
.toRole(GLOBAL, ADMIN).grantPermission(INSERT) // TODO.impl: Why is this necessary to insert test data?
|
||||
|
||||
.importEntityAlias("bookingItem", HsBookingItemRbacEntity.class, usingDefaultCase(),
|
||||
dependsOnColumn("bookingItemUuid"),
|
||||
directlyFetchedByDependsOnColumn(),
|
||||
NULLABLE)
|
||||
|
||||
.importEntityAlias("parentAsset", HsHostingAssetRbacEntity.class, usingDefaultCase(),
|
||||
dependsOnColumn("parentAssetUuid"),
|
||||
directlyFetchedByDependsOnColumn(),
|
||||
NULLABLE)
|
||||
.toRole("parentAsset", ADMIN).grantPermission(INSERT)
|
||||
|
||||
.importEntityAlias("assignedToAsset", HsHostingAssetRbacEntity.class, usingDefaultCase(),
|
||||
dependsOnColumn("assignedToAssetUuid"),
|
||||
directlyFetchedByDependsOnColumn(),
|
||||
NULLABLE)
|
||||
|
||||
.importEntityAlias("alarmContact", HsOfficeContactRbacEntity.class, usingDefaultCase(),
|
||||
dependsOnColumn("alarmContactUuid"),
|
||||
directlyFetchedByDependsOnColumn(),
|
||||
NULLABLE)
|
||||
|
||||
.switchOnColumn(
|
||||
"type",
|
||||
inCaseOf("DOMAIN_SETUP", then -> {
|
||||
then.toRole(GLOBAL, GUEST).grantPermission(INSERT);
|
||||
})
|
||||
)
|
||||
|
||||
.createRole(OWNER, (with) -> {
|
||||
with.owningUser(CREATOR);
|
||||
with.incomingSuperRole(GLOBAL, ADMIN).unassumed(); // TODO.spec: replace by a better solution
|
||||
with.incomingSuperRole("bookingItem", ADMIN);
|
||||
with.incomingSuperRole("parentAsset", ADMIN);
|
||||
with.permission(DELETE);
|
||||
})
|
||||
.createSubRole(ADMIN, (with) -> {
|
||||
with.incomingSuperRole("bookingItem", AGENT);
|
||||
with.incomingSuperRole("parentAsset", AGENT);
|
||||
with.permission(UPDATE);
|
||||
})
|
||||
.createSubRole(AGENT, (with) -> {
|
||||
with.incomingSuperRole("assignedToAsset", AGENT); // TODO.spec: or ADMIN?
|
||||
with.outgoingSubRole("assignedToAsset", TENANT);
|
||||
with.outgoingSubRole("alarmContact", REFERRER);
|
||||
})
|
||||
.createSubRole(TENANT, (with) -> {
|
||||
with.outgoingSubRole("bookingItem", TENANT);
|
||||
with.outgoingSubRole("parentAsset", TENANT);
|
||||
with.incomingSuperRole("alarmContact", ADMIN);
|
||||
with.permission(SELECT);
|
||||
})
|
||||
|
||||
.limitDiagramTo(
|
||||
"asset",
|
||||
"bookingItem",
|
||||
"bookingItem.debitorRel",
|
||||
"parentAsset",
|
||||
"assignedToAsset",
|
||||
"alarmContact",
|
||||
"rbac.global");
|
||||
}
|
||||
|
||||
public static void main(String[] args) throws IOException {
|
||||
rbac().generateWithBaseFileName("7-hs-hosting/701-hosting-asset/7013-hs-hosting-asset-rbac");
|
||||
}
|
||||
}
|
@ -1,55 +0,0 @@
|
||||
package net.hostsharing.hsadminng.hs.hosting.asset;
|
||||
|
||||
import io.micrometer.core.annotation.Timed;
|
||||
import org.springframework.data.jpa.repository.Query;
|
||||
import org.springframework.data.repository.Repository;
|
||||
|
||||
import java.util.List;
|
||||
import java.util.Optional;
|
||||
import java.util.UUID;
|
||||
|
||||
|
||||
public interface HsHostingAssetRbacRepository extends HsHostingAssetRepository<HsHostingAssetRbacEntity>, Repository<HsHostingAssetRbacEntity, UUID> {
|
||||
|
||||
@Timed("app.hostingAsset.repo.findByUuid.rbac")
|
||||
Optional<HsHostingAssetRbacEntity> findByUuid(final UUID serverUuid);
|
||||
|
||||
@Timed("app.hostingAsset.repo.findByIdentifier.rbac")
|
||||
List<HsHostingAssetRbacEntity> findByIdentifier(String assetIdentifier);
|
||||
|
||||
@Query(value = """
|
||||
select ha.uuid,
|
||||
ha.alarmcontactuuid,
|
||||
ha.assignedtoassetuuid,
|
||||
ha.bookingitemuuid,
|
||||
ha.caption,
|
||||
ha.config,
|
||||
ha.identifier,
|
||||
ha.parentassetuuid,
|
||||
ha.type,
|
||||
ha.version
|
||||
from hs_hosting.asset_rv ha
|
||||
left join hs_booking.item bi on bi.uuid = ha.bookingitemuuid
|
||||
left join hs_hosting.asset pha on pha.uuid = ha.parentassetuuid
|
||||
where (:projectUuid is null or bi.projectuuid=:projectUuid)
|
||||
and (:parentAssetUuid is null or pha.uuid=:parentAssetUuid)
|
||||
and (:type is null or :type=cast(ha.type as text))
|
||||
""", nativeQuery = true)
|
||||
@Timed("app.hostingAsset.repo.findAllByCriteriaImpl.rbac")
|
||||
// The JPQL query did not generate "left join" but just "join".
|
||||
// I also optimized the query by not using the _rv for hs_booking.item and hs_hosting.asset, only for hs_hosting.asset_rv.
|
||||
List<HsHostingAssetRbacEntity> findAllByCriteriaImpl(UUID projectUuid, UUID parentAssetUuid, String type);
|
||||
|
||||
default List<HsHostingAssetRbacEntity> findAllByCriteria(final UUID projectUuid, final UUID parentAssetUuid, final HsHostingAssetType type) {
|
||||
return findAllByCriteriaImpl(projectUuid, parentAssetUuid, HsHostingAssetType.asString(type));
|
||||
}
|
||||
|
||||
@Timed("app.hostingAsset.repo.save.rbac")
|
||||
HsHostingAssetRbacEntity save(HsHostingAsset current);
|
||||
|
||||
@Timed("app.hostingAsset.repo.deleteByUuid.rbac")
|
||||
int deleteByUuid(final UUID uuid);
|
||||
|
||||
@Timed("app.hostingAsset.repo.count.rbac")
|
||||
long count();
|
||||
}
|
@ -1,24 +0,0 @@
|
||||
package net.hostsharing.hsadminng.hs.hosting.asset;
|
||||
|
||||
import lombok.Getter;
|
||||
import lombok.NoArgsConstructor;
|
||||
import lombok.Setter;
|
||||
import lombok.experimental.SuperBuilder;
|
||||
|
||||
import jakarta.persistence.Entity;
|
||||
import jakarta.persistence.Table;
|
||||
|
||||
@Entity
|
||||
@Table(schema = "hs_hosting", name = "asset")
|
||||
@SuperBuilder(builderMethodName = "genericBuilder", toBuilder = true)
|
||||
@Getter
|
||||
@Setter
|
||||
@NoArgsConstructor
|
||||
public class HsHostingAssetRealEntity extends HsHostingAsset {
|
||||
|
||||
// without this wrapper method, the builder returns a generic entity which cannot resolved in a generic context
|
||||
public static HsHostingAssetRealEntityBuilder<HsHostingAssetRealEntity, ?> builder() {
|
||||
//noinspection unchecked
|
||||
return (HsHostingAssetRealEntityBuilder<HsHostingAssetRealEntity, ?>) genericBuilder();
|
||||
}
|
||||
}
|
@ -1,68 +0,0 @@
|
||||
package net.hostsharing.hsadminng.hs.hosting.asset;
|
||||
|
||||
import io.micrometer.core.annotation.Timed;
|
||||
import org.springframework.data.jpa.repository.Query;
|
||||
import org.springframework.data.repository.Repository;
|
||||
|
||||
import jakarta.validation.constraints.NotNull;
|
||||
import java.util.List;
|
||||
import java.util.Optional;
|
||||
import java.util.UUID;
|
||||
|
||||
public interface HsHostingAssetRealRepository extends HsHostingAssetRepository<HsHostingAssetRealEntity>, Repository<HsHostingAssetRealEntity, UUID> {
|
||||
|
||||
@Timed("app.hostingAsset.repo.findByUuid.real")
|
||||
Optional<HsHostingAssetRealEntity> findByUuid(final UUID serverUuid);
|
||||
|
||||
@Timed("app.hostingAsset.repo.findByIdentifier.real")
|
||||
List<HsHostingAssetRealEntity> findByIdentifier(String assetIdentifier);
|
||||
|
||||
default List<HsHostingAssetRealEntity> findByTypeAndIdentifier(@NotNull HsHostingAssetType type, @NotNull String identifier) {
|
||||
return findByTypeAndIdentifierImpl(type.name(), identifier);
|
||||
}
|
||||
|
||||
@Query("""
|
||||
select ha
|
||||
from HsHostingAssetRealEntity ha
|
||||
where cast(ha.type as String) = :type
|
||||
and ha.identifier = :identifier
|
||||
""")
|
||||
@Timed("app.hostingAsset.repo.findByTypeAndIdentifierImpl.real")
|
||||
List<HsHostingAssetRealEntity> findByTypeAndIdentifierImpl(@NotNull String type, @NotNull String identifier);
|
||||
|
||||
@Query(value = """
|
||||
select ha.uuid,
|
||||
ha.alarmcontactuuid,
|
||||
ha.assignedtoassetuuid,
|
||||
ha.bookingitemuuid,
|
||||
ha.caption,
|
||||
ha.config,
|
||||
ha.identifier,
|
||||
ha.parentassetuuid,
|
||||
ha.type,
|
||||
ha.version
|
||||
from hs_hosting.asset_rv ha
|
||||
left join hs_booking.item bi on bi.uuid = ha.bookingitemuuid
|
||||
left join hs_hosting.asset pha on pha.uuid = ha.parentassetuuid
|
||||
where (:projectUuid is null or bi.projectuuid=:projectUuid)
|
||||
and (:parentAssetUuid is null or pha.uuid=:parentAssetUuid)
|
||||
and (:type is null or :type=cast(ha.type as text))
|
||||
""", nativeQuery = true)
|
||||
// The JPQL query did not generate "left join" but just "join".
|
||||
// I also optimized the query by not using the _rv for hs_booking.item and hs_hosting.asset, only for hs_hosting.asset_rv.
|
||||
@Timed("app.hostingAsset.repo.findAllByCriteriaImpl.real")
|
||||
List<HsHostingAssetRealEntity> findAllByCriteriaImpl(UUID projectUuid, UUID parentAssetUuid, String type);
|
||||
|
||||
default List<HsHostingAssetRealEntity> findAllByCriteria(final UUID projectUuid, final UUID parentAssetUuid, final HsHostingAssetType type) {
|
||||
return findAllByCriteriaImpl(projectUuid, parentAssetUuid, HsHostingAssetType.asString(type));
|
||||
}
|
||||
|
||||
@Timed("app.hostingAsset.repo.save.real")
|
||||
HsHostingAssetRealEntity save(HsHostingAssetRealEntity current);
|
||||
|
||||
@Timed("app.hostingAsset.repo.deleteByUuid.real")
|
||||
int deleteByUuid(final UUID uuid);
|
||||
|
||||
@Timed("app.hostingAsset.repo.count.real")
|
||||
long count();
|
||||
}
|
@ -1,32 +1,47 @@
|
||||
package net.hostsharing.hsadminng.hs.hosting.asset;
|
||||
|
||||
import io.micrometer.core.annotation.Timed;
|
||||
import org.springframework.data.jpa.repository.Query;
|
||||
import org.springframework.data.repository.Repository;
|
||||
|
||||
import java.util.List;
|
||||
import java.util.Optional;
|
||||
import java.util.UUID;
|
||||
|
||||
public interface HsHostingAssetRepository<E extends HsHostingAsset> {
|
||||
|
||||
@Timed("app.hosting.assets.repo.findByUuid")
|
||||
Optional<E> findByUuid(final UUID serverUuid);
|
||||
public interface HsHostingAssetRepository extends Repository<HsHostingAssetEntity, UUID> {
|
||||
|
||||
@Timed("app.hosting.assets.repo.findByIdentifier")
|
||||
List<E> findByIdentifier(String assetIdentifier);
|
||||
Optional<HsHostingAssetEntity> findByUuid(final UUID serverUuid);
|
||||
|
||||
@Timed("app.hosting.assets.repo.findAllByCriteriaImpl")
|
||||
List<E> findAllByCriteriaImpl(UUID projectUuid, UUID parentAssetUuid, String type);
|
||||
List<HsHostingAssetEntity> findByIdentifier(String assetIdentifier);
|
||||
|
||||
default List<E> findAllByCriteria(final UUID projectUuid, final UUID parentAssetUuid, final HsHostingAssetType type) {
|
||||
@Query(value = """
|
||||
select ha.uuid,
|
||||
ha.alarmcontactuuid,
|
||||
ha.assignedtoassetuuid,
|
||||
ha.bookingitemuuid,
|
||||
ha.caption,
|
||||
ha.config,
|
||||
ha.identifier,
|
||||
ha.parentassetuuid,
|
||||
ha.type,
|
||||
ha.version
|
||||
from hs_hosting_asset_rv ha
|
||||
left join hs_booking_item bi on bi.uuid = ha.bookingitemuuid
|
||||
left join hs_hosting_asset pha on pha.uuid = ha.parentassetuuid
|
||||
where (:projectUuid is null or bi.projectuuid=:projectUuid)
|
||||
and (:parentAssetUuid is null or pha.uuid=:parentAssetUuid)
|
||||
and (:type is null or :type=cast(ha.type as text))
|
||||
""", nativeQuery = true)
|
||||
// The JPQL query did not generate "left join" but just "join".
|
||||
// I also optimized the query by not using the _rv for hs_booking_item and hs_hosting_asset, only for hs_hosting_asset_rv.
|
||||
List<HsHostingAssetEntity> findAllByCriteriaImpl(UUID projectUuid, UUID parentAssetUuid, String type);
|
||||
default List<HsHostingAssetEntity> findAllByCriteria(final UUID projectUuid, final UUID parentAssetUuid, final HsHostingAssetType type) {
|
||||
return findAllByCriteriaImpl(projectUuid, parentAssetUuid, HsHostingAssetType.asString(type));
|
||||
}
|
||||
|
||||
@Timed("app.hosting.assets.repo.save")
|
||||
E save(HsHostingAsset current);
|
||||
HsHostingAssetEntity save(HsHostingAsset current);
|
||||
|
||||
@Timed("app.hosting.assets.repo.deleteByUuid")
|
||||
int deleteByUuid(final UUID uuid);
|
||||
|
||||
@Timed("app.hosting.assets.repo.count")
|
||||
long count();
|
||||
}
|
||||
|
@ -1,7 +1,7 @@
|
||||
package net.hostsharing.hsadminng.hs.hosting.asset;
|
||||
|
||||
import lombok.AllArgsConstructor;
|
||||
import net.hostsharing.hsadminng.hs.booking.item.HsBookingItem;
|
||||
import net.hostsharing.hsadminng.hs.booking.item.HsBookingItemEntity;
|
||||
import net.hostsharing.hsadminng.hs.booking.item.HsBookingItemType;
|
||||
import net.hostsharing.hsadminng.hs.booking.item.Node;
|
||||
|
||||
@ -24,10 +24,8 @@ import static net.hostsharing.hsadminng.hs.hosting.asset.EntityTypeRelation.opti
|
||||
import static net.hostsharing.hsadminng.hs.hosting.asset.EntityTypeRelation.optionallyAssignedTo;
|
||||
import static net.hostsharing.hsadminng.hs.hosting.asset.EntityTypeRelation.requiredParent;
|
||||
import static net.hostsharing.hsadminng.hs.hosting.asset.EntityTypeRelation.requires;
|
||||
import static net.hostsharing.hsadminng.hs.hosting.asset.EntityTypeRelation.terminatory;
|
||||
import static net.hostsharing.hsadminng.hs.hosting.asset.HsHostingAssetType.RelationPolicy.OPTIONAL;
|
||||
import static net.hostsharing.hsadminng.hs.hosting.asset.HsHostingAssetType.RelationPolicy.REQUIRED;
|
||||
import static net.hostsharing.hsadminng.hs.hosting.asset.HsHostingAssetType.RelationPolicy.TERMINATORY;
|
||||
import static net.hostsharing.hsadminng.hs.hosting.asset.HsHostingAssetType.RelationType.ASSIGNED_TO_ASSET;
|
||||
import static net.hostsharing.hsadminng.hs.hosting.asset.HsHostingAssetType.RelationType.BOOKING_ITEM;
|
||||
import static net.hostsharing.hsadminng.hs.hosting.asset.HsHostingAssetType.RelationType.PARENT_ASSET;
|
||||
@ -59,7 +57,6 @@ public enum HsHostingAssetType implements Node {
|
||||
|
||||
DOMAIN_SETUP( // named e.g. example.org
|
||||
inGroup("Domain"),
|
||||
terminatory(HsBookingItemType.DOMAIN_SETUP),
|
||||
optionalParent(SAME_TYPE)
|
||||
),
|
||||
|
||||
@ -267,7 +264,7 @@ public enum HsHostingAssetType implements Node {
|
||||
package Booking #feb28c {
|
||||
%{bookingNodes}
|
||||
}
|
||||
|
||||
|
||||
package Hosting #feb28c{
|
||||
%{hostingGroups}
|
||||
}
|
||||
@ -342,7 +339,7 @@ public enum HsHostingAssetType implements Node {
|
||||
}
|
||||
|
||||
public enum RelationPolicy {
|
||||
FORBIDDEN, OPTIONAL, TERMINATORY, REQUIRED
|
||||
FORBIDDEN, OPTIONAL, REQUIRED
|
||||
}
|
||||
|
||||
public enum RelationType {
|
||||
@ -357,14 +354,14 @@ class EntityTypeRelation<E, T extends Node> {
|
||||
|
||||
final HsHostingAssetType.RelationPolicy relationPolicy;
|
||||
final HsHostingAssetType.RelationType relationType;
|
||||
final Function<HsHostingAssetRbacEntity, E> getter;
|
||||
final Function<HsHostingAssetEntity, E> getter;
|
||||
private final List<T> acceptedRelatedTypes;
|
||||
final String edge;
|
||||
|
||||
private EntityTypeRelation(
|
||||
final HsHostingAssetType.RelationPolicy relationPolicy,
|
||||
final HsHostingAssetType.RelationType relationType,
|
||||
final Function<HsHostingAssetRbacEntity, E> getter,
|
||||
final Function<HsHostingAssetEntity, E> getter,
|
||||
final T acceptedRelatedType,
|
||||
final String edge
|
||||
) {
|
||||
@ -379,20 +376,11 @@ class EntityTypeRelation<E, T extends Node> {
|
||||
return (Set<R>) result;
|
||||
}
|
||||
|
||||
static EntityTypeRelation<HsBookingItem, HsBookingItemType> terminatory(final HsBookingItemType bookingItemType) {
|
||||
return new EntityTypeRelation<>(
|
||||
TERMINATORY,
|
||||
BOOKING_ITEM,
|
||||
HsHostingAssetRbacEntity::getBookingItem,
|
||||
bookingItemType,
|
||||
" *..> ");
|
||||
}
|
||||
|
||||
static EntityTypeRelation<HsBookingItem, HsBookingItemType> requires(final HsBookingItemType bookingItemType) {
|
||||
static EntityTypeRelation<HsBookingItemEntity, HsBookingItemType> requires(final HsBookingItemType bookingItemType) {
|
||||
return new EntityTypeRelation<>(
|
||||
REQUIRED,
|
||||
BOOKING_ITEM,
|
||||
HsHostingAssetRbacEntity::getBookingItem,
|
||||
HsHostingAssetEntity::getBookingItem,
|
||||
bookingItemType,
|
||||
" *==> ");
|
||||
}
|
||||
|
@ -1,159 +0,0 @@
|
||||
package net.hostsharing.hsadminng.hs.hosting.asset.factories;
|
||||
|
||||
import net.hostsharing.hsadminng.hs.booking.generated.api.v1.model.HsHostingAssetAutoInsertResource;
|
||||
import net.hostsharing.hsadminng.hs.booking.generated.api.v1.model.HsHostingAssetSubInsertResource;
|
||||
import net.hostsharing.hsadminng.hs.booking.generated.api.v1.model.HsHostingAssetTypeResource;
|
||||
import net.hostsharing.hsadminng.hs.booking.item.HsBookingItemRealEntity;
|
||||
import net.hostsharing.hsadminng.hs.hosting.asset.HsHostingAsset;
|
||||
import net.hostsharing.hsadminng.hs.hosting.asset.HsHostingAssetRealEntity;
|
||||
import net.hostsharing.hsadminng.hs.hosting.asset.HsHostingAssetType;
|
||||
import net.hostsharing.hsadminng.hs.office.contact.HsOfficeContactRealEntity;
|
||||
import net.hostsharing.hsadminng.lambda.Reducer;
|
||||
import net.hostsharing.hsadminng.mapper.StandardMapper;
|
||||
import net.hostsharing.hsadminng.mapper.ToStringConverter;
|
||||
import net.hostsharing.hsadminng.persistence.EntityManagerWrapper;
|
||||
|
||||
import jakarta.validation.ValidationException;
|
||||
import java.net.IDN;
|
||||
import java.util.List;
|
||||
import java.util.Optional;
|
||||
import java.util.UUID;
|
||||
import java.util.function.Function;
|
||||
|
||||
import static net.hostsharing.hsadminng.hs.hosting.asset.HsHostingAssetType.DOMAIN_DNS_SETUP;
|
||||
import static net.hostsharing.hsadminng.hs.hosting.asset.HsHostingAssetType.DOMAIN_HTTP_SETUP;
|
||||
import static net.hostsharing.hsadminng.hs.hosting.asset.HsHostingAssetType.DOMAIN_MBOX_SETUP;
|
||||
import static net.hostsharing.hsadminng.hs.hosting.asset.HsHostingAssetType.DOMAIN_SMTP_SETUP;
|
||||
|
||||
public class DomainSetupHostingAssetFactory extends HostingAssetFactory {
|
||||
|
||||
public DomainSetupHostingAssetFactory(
|
||||
final EntityManagerWrapper emw,
|
||||
final HsBookingItemRealEntity newBookingItemRealEntity,
|
||||
final HsHostingAssetAutoInsertResource asset,
|
||||
final StandardMapper standardMapper) {
|
||||
super(emw, newBookingItemRealEntity, asset, standardMapper);
|
||||
}
|
||||
|
||||
@Override
|
||||
protected HsHostingAsset create() {
|
||||
final var domainSetupAsset = createDomainSetupAsset(getDomainName());
|
||||
final var subHostingAssets = domainSetupAsset.getSubHostingAssets();
|
||||
|
||||
// TODO.legacy: as long as we need to be compatible, we always do all technical domain-setups
|
||||
|
||||
final var domainHttpSetupAssetResource = findSubHostingAssetResource(HsHostingAssetTypeResource.DOMAIN_HTTP_SETUP);
|
||||
final var assignedToUnixUserAssetEntity = domainHttpSetupAssetResource
|
||||
.map(HsHostingAssetSubInsertResource::getAssignedToAssetUuid)
|
||||
.map(uuid -> emw.find(HsHostingAssetRealEntity.class, uuid))
|
||||
.orElseThrow(() -> new ValidationException("DOMAIN_HTTP_SETUP subAsset with assignedToAssetUuid required in compatibility mode"));
|
||||
|
||||
subHostingAssets.add(
|
||||
createDomainSubSetupAssetEntity(
|
||||
domainSetupAsset,
|
||||
DOMAIN_HTTP_SETUP,
|
||||
builder -> builder
|
||||
.assignedToAsset(assignedToUnixUserAssetEntity)
|
||||
.identifier(getDomainName() + "|HTTP")
|
||||
.caption("HTTP-Setup für " + IDN.toUnicode(getDomainName())))
|
||||
);
|
||||
|
||||
// Do not add to subHostingAssets in compatibility mode, in this case, DNS setup works via file system.
|
||||
// The entity is created just for validation purposes.
|
||||
createDomainSubSetupAssetEntity(
|
||||
domainSetupAsset,
|
||||
DOMAIN_DNS_SETUP,
|
||||
builder -> builder
|
||||
.assignedToAsset(assignedToUnixUserAssetEntity.getParentAsset())
|
||||
.identifier(getDomainName() + "|DNS")
|
||||
.caption("DNS-Setup für " + IDN.toUnicode(getDomainName())));
|
||||
|
||||
subHostingAssets.add(
|
||||
createDomainSubSetupAssetEntity(
|
||||
domainSetupAsset,
|
||||
DOMAIN_MBOX_SETUP,
|
||||
builder -> builder
|
||||
.assignedToAsset(assignedToUnixUserAssetEntity.getParentAsset())
|
||||
.identifier(getDomainName() + "|MBOX")
|
||||
.caption("MBOX-Setup für " + IDN.toUnicode(getDomainName())))
|
||||
);
|
||||
|
||||
subHostingAssets.add(
|
||||
createDomainSubSetupAssetEntity(
|
||||
domainSetupAsset,
|
||||
DOMAIN_SMTP_SETUP,
|
||||
builder -> builder
|
||||
.assignedToAsset(assignedToUnixUserAssetEntity.getParentAsset())
|
||||
.identifier(getDomainName() + "|SMTP")
|
||||
.caption("SMTP-Setup für " + IDN.toUnicode(getDomainName())))
|
||||
);
|
||||
|
||||
return domainSetupAsset;
|
||||
}
|
||||
|
||||
private HsHostingAssetRealEntity createDomainSetupAsset(final String domainName) {
|
||||
return HsHostingAssetRealEntity.builder()
|
||||
.bookingItem(fromBookingItem)
|
||||
.type(HsHostingAssetType.DOMAIN_SETUP)
|
||||
.identifier(domainName)
|
||||
.caption(asset.getCaption() != null ? asset.getCaption() : domainName)
|
||||
.alarmContact(ref(HsOfficeContactRealEntity.class, asset.getAlarmContactUuid()))
|
||||
// the sub-hosting-assets get added later
|
||||
.build();
|
||||
}
|
||||
|
||||
private HsHostingAssetRealEntity createDomainSubSetupAssetEntity(
|
||||
final HsHostingAssetRealEntity domainSetupAsset,
|
||||
final HsHostingAssetType subAssetType,
|
||||
final Function<HsHostingAssetRealEntity.HsHostingAssetRealEntityBuilder<?, ?>, HsHostingAssetRealEntity.HsHostingAssetRealEntityBuilder<?, ?>> builderTransformer) {
|
||||
final var resourceType = HsHostingAssetTypeResource.valueOf(subAssetType.name());
|
||||
|
||||
final var subAssetResourceOptional = findSubHostingAssetResource(resourceType);
|
||||
|
||||
subAssetResourceOptional.ifPresentOrElse(
|
||||
this::verifyNotOverspecified,
|
||||
() -> { throw new ValidationException("sub-asset of type " + resourceType.name() + " required in legacy mode, but missing"); }
|
||||
);
|
||||
|
||||
return builderTransformer.apply(
|
||||
HsHostingAssetRealEntity.builder()
|
||||
.type(subAssetType)
|
||||
.parentAsset(domainSetupAsset))
|
||||
.build();
|
||||
}
|
||||
|
||||
private Optional<HsHostingAssetSubInsertResource> findSubHostingAssetResource(final HsHostingAssetTypeResource resourceType) {
|
||||
return getSubHostingAssetResources().stream()
|
||||
.filter(ha -> ha.getType() == resourceType)
|
||||
.reduce(Reducer::toSingleElement);
|
||||
}
|
||||
|
||||
// TODO.legacy: while we need to stay compatible, only default values can be used, thus only the type can be specified
|
||||
private void verifyNotOverspecified(final HsHostingAssetSubInsertResource givenSubAssetResource) {
|
||||
final var convert = new ToStringConverter().ignoring("assignedToAssetUuid");
|
||||
final var expectedSubAssetResource = new HsHostingAssetSubInsertResource();
|
||||
expectedSubAssetResource.setType(givenSubAssetResource.getType());
|
||||
if ( !convert.from(givenSubAssetResource).equals(convert.from(expectedSubAssetResource)) ) {
|
||||
throw new ValidationException("sub asset " + givenSubAssetResource.getType() + " is over-specified, in compatibility mode, only default values allowed");
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
private String getDomainName() {
|
||||
return asset.getIdentifier();
|
||||
}
|
||||
|
||||
private List<HsHostingAssetSubInsertResource> getSubHostingAssetResources() {
|
||||
return asset.getSubHostingAssets();
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void persist(final HsHostingAsset newHostingAsset) {
|
||||
super.persist(newHostingAsset);
|
||||
newHostingAsset.getSubHostingAssets().forEach(super::persist);
|
||||
}
|
||||
|
||||
private <T> T ref(final Class<T> entityClass, final UUID uuid) {
|
||||
return uuid != null ? emw.getReference(entityClass, uuid) : null;
|
||||
}
|
||||
}
|
@ -1,41 +0,0 @@
|
||||
package net.hostsharing.hsadminng.hs.hosting.asset.factories;
|
||||
|
||||
import jakarta.validation.ValidationException;
|
||||
import lombok.RequiredArgsConstructor;
|
||||
import net.hostsharing.hsadminng.hs.booking.generated.api.v1.model.HsHostingAssetAutoInsertResource;
|
||||
import net.hostsharing.hsadminng.hs.booking.item.HsBookingItemRealEntity;
|
||||
import net.hostsharing.hsadminng.hs.hosting.asset.HsHostingAsset;
|
||||
import net.hostsharing.hsadminng.hs.hosting.asset.validators.HostingAssetEntitySaveProcessor;
|
||||
import net.hostsharing.hsadminng.mapper.StandardMapper;
|
||||
import net.hostsharing.hsadminng.persistence.EntityManagerWrapper;
|
||||
|
||||
|
||||
@RequiredArgsConstructor
|
||||
abstract class HostingAssetFactory {
|
||||
|
||||
final EntityManagerWrapper emw;
|
||||
final HsBookingItemRealEntity fromBookingItem;
|
||||
final HsHostingAssetAutoInsertResource asset;
|
||||
final StandardMapper standardMapper;
|
||||
|
||||
protected abstract HsHostingAsset create();
|
||||
|
||||
public String createAndPersist() {
|
||||
try {
|
||||
final HsHostingAsset newHostingAsset = create();
|
||||
persist(newHostingAsset);
|
||||
return null;
|
||||
} catch (final ValidationException exc) {
|
||||
return exc.getMessage();
|
||||
}
|
||||
}
|
||||
|
||||
protected void persist(final HsHostingAsset newHostingAsset) {
|
||||
new HostingAssetEntitySaveProcessor(emw, newHostingAsset)
|
||||
.preprocessEntity()
|
||||
.validateEntity()
|
||||
.prepareForSave()
|
||||
.save()
|
||||
.validateContext();
|
||||
}
|
||||
}
|
@ -1,76 +0,0 @@
|
||||
package net.hostsharing.hsadminng.hs.hosting.asset.factories;
|
||||
|
||||
import com.fasterxml.jackson.core.JsonProcessingException;
|
||||
import com.fasterxml.jackson.databind.ObjectMapper;
|
||||
import jakarta.validation.ValidationException;
|
||||
import jakarta.validation.constraints.NotNull;
|
||||
import lombok.SneakyThrows;
|
||||
import net.hostsharing.hsadminng.hs.booking.generated.api.v1.model.HsHostingAssetAutoInsertResource;
|
||||
import net.hostsharing.hsadminng.hs.booking.item.BookingItemCreatedAppEvent;
|
||||
import net.hostsharing.hsadminng.hs.booking.item.HsBookingItemRealEntity;
|
||||
import net.hostsharing.hsadminng.hs.hosting.asset.HsHostingAsset;
|
||||
import net.hostsharing.hsadminng.mapper.StandardMapper;
|
||||
import net.hostsharing.hsadminng.persistence.EntityManagerWrapper;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.context.ApplicationListener;
|
||||
import org.springframework.stereotype.Component;
|
||||
|
||||
@Component
|
||||
public class HsBookingItemCreatedListener implements ApplicationListener<BookingItemCreatedAppEvent> {
|
||||
|
||||
@Autowired
|
||||
private EntityManagerWrapper emw;
|
||||
|
||||
@Autowired
|
||||
private ObjectMapper jsonMapper;
|
||||
|
||||
@Autowired
|
||||
private StandardMapper standardMapper;
|
||||
|
||||
@Override
|
||||
@SneakyThrows
|
||||
public void onApplicationEvent(@NotNull BookingItemCreatedAppEvent bookingItemCreatedAppEvent) {
|
||||
if (containsAssetJson(bookingItemCreatedAppEvent)) {
|
||||
createRelatedHostingAsset(bookingItemCreatedAppEvent);
|
||||
}
|
||||
}
|
||||
|
||||
private static boolean containsAssetJson(final BookingItemCreatedAppEvent bookingItemCreatedAppEvent) {
|
||||
return bookingItemCreatedAppEvent.getEntity().getAssetJson() != null;
|
||||
}
|
||||
|
||||
private void createRelatedHostingAsset(final BookingItemCreatedAppEvent event) throws JsonProcessingException {
|
||||
final var newBookingItemRealEntity = event.getEntity().getBookingItem();
|
||||
final var asset = jsonMapper.readValue(event.getEntity().getAssetJson(), HsHostingAssetAutoInsertResource.class);
|
||||
final var factory = switch (newBookingItemRealEntity.getType()) {
|
||||
case PRIVATE_CLOUD, CLOUD_SERVER, MANAGED_SERVER ->
|
||||
forNowNoAutomaticHostingAssetCreationPossible(emw, newBookingItemRealEntity, asset, standardMapper);
|
||||
case MANAGED_WEBSPACE -> new ManagedWebspaceHostingAssetFactory(emw, newBookingItemRealEntity, asset, standardMapper);
|
||||
case DOMAIN_SETUP -> new DomainSetupHostingAssetFactory(emw, newBookingItemRealEntity, asset, standardMapper);
|
||||
};
|
||||
if (factory != null) {
|
||||
final var statusMessage = factory.createAndPersist();
|
||||
// TODO.impl: once we implement retry, we need to amend this code (persist/merge/delete)
|
||||
if (statusMessage != null) {
|
||||
event.getEntity().setStatusMessage(statusMessage);
|
||||
emw.persist(event.getEntity());
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
private HostingAssetFactory forNowNoAutomaticHostingAssetCreationPossible(
|
||||
final EntityManagerWrapper emw,
|
||||
final HsBookingItemRealEntity fromBookingItem,
|
||||
final HsHostingAssetAutoInsertResource asset,
|
||||
final StandardMapper standardMapper
|
||||
) {
|
||||
return new HostingAssetFactory(emw, fromBookingItem, asset, standardMapper) {
|
||||
|
||||
@Override
|
||||
protected HsHostingAsset create() {
|
||||
// TODO.impl: we should validate the asset JSON, but some violations are un-avoidable at that stage
|
||||
throw new ValidationException("waiting for manual setup of hosting asset for booking item of type " + fromBookingItem.getType());
|
||||
}
|
||||
};
|
||||
}
|
||||
}
|
@ -1,51 +0,0 @@
|
||||
package net.hostsharing.hsadminng.hs.hosting.asset.factories;
|
||||
|
||||
import net.hostsharing.hsadminng.hs.booking.generated.api.v1.model.HsHostingAssetAutoInsertResource;
|
||||
import net.hostsharing.hsadminng.hs.booking.generated.api.v1.model.HsHostingAssetTypeResource;
|
||||
import net.hostsharing.hsadminng.hs.booking.item.HsBookingItemRealEntity;
|
||||
import net.hostsharing.hsadminng.hs.hosting.asset.HsHostingAsset;
|
||||
import net.hostsharing.hsadminng.hs.hosting.asset.HsHostingAssetRealEntity;
|
||||
import net.hostsharing.hsadminng.mapper.StandardMapper;
|
||||
import net.hostsharing.hsadminng.persistence.EntityManagerWrapper;
|
||||
|
||||
import jakarta.validation.ValidationException;
|
||||
|
||||
import java.util.Optional;
|
||||
|
||||
|
||||
public class ManagedWebspaceHostingAssetFactory extends HostingAssetFactory {
|
||||
|
||||
public ManagedWebspaceHostingAssetFactory(
|
||||
final EntityManagerWrapper emw,
|
||||
final HsBookingItemRealEntity newBookingItemRealEntity,
|
||||
final HsHostingAssetAutoInsertResource asset,
|
||||
final StandardMapper standardMapper) {
|
||||
super(emw, newBookingItemRealEntity, asset, standardMapper);
|
||||
}
|
||||
|
||||
@Override
|
||||
protected HsHostingAsset create() {
|
||||
if (asset.getType() != HsHostingAssetTypeResource.MANAGED_WEBSPACE) {
|
||||
throw new ValidationException("requires MANAGED_WEBSPACE hosting asset, but got " +
|
||||
Optional.of(asset)
|
||||
.map(HsHostingAssetAutoInsertResource::getType)
|
||||
.map(Enum::name)
|
||||
.orElse(null));
|
||||
}
|
||||
final var managedWebspaceHostingAsset = standardMapper.map(asset, HsHostingAssetRealEntity.class);
|
||||
managedWebspaceHostingAsset.setBookingItem(fromBookingItem);
|
||||
emw.createQuery(
|
||||
"SELECT asset FROM HsHostingAssetRealEntity asset WHERE asset.bookingItem.uuid=:bookingItemUuid",
|
||||
HsHostingAssetRealEntity.class)
|
||||
.setParameter("bookingItemUuid", fromBookingItem.getParentItem().getUuid())
|
||||
.getResultStream().findFirst()
|
||||
.ifPresent(managedWebspaceHostingAsset::setParentAsset);
|
||||
|
||||
return managedWebspaceHostingAsset;
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void persist(final HsHostingAsset newManagedWebspaceHostingAsset) {
|
||||
super.persist(newManagedWebspaceHostingAsset);
|
||||
}
|
||||
}
|
@ -1,134 +0,0 @@
|
||||
package net.hostsharing.hsadminng.hs.hosting.asset.validators;
|
||||
|
||||
import net.hostsharing.hsadminng.mapper.Array;
|
||||
import org.apache.commons.collections4.EnumerationUtils;
|
||||
|
||||
import javax.naming.InvalidNameException;
|
||||
import javax.naming.NameNotFoundException;
|
||||
import javax.naming.NamingEnumeration;
|
||||
import javax.naming.NamingException;
|
||||
import javax.naming.ServiceUnavailableException;
|
||||
import javax.naming.directory.Attribute;
|
||||
import javax.naming.directory.InitialDirContext;
|
||||
import java.util.HashMap;
|
||||
import java.util.Hashtable;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.Optional;
|
||||
import java.util.regex.Pattern;
|
||||
|
||||
import static java.util.Arrays.stream;
|
||||
import static java.util.Collections.emptyList;
|
||||
|
||||
public class Dns {
|
||||
|
||||
public static final String[] REGISTRAR_LEVEL_DOMAINS = Array.of(
|
||||
"[^.]+", // top-level-domains
|
||||
"(co|org|gov|ac|sch)\\.uk",
|
||||
"(com|net|org|edu|gov|asn|id)\\.au",
|
||||
"(co|ne|or|ac|go)\\.jp",
|
||||
"(com|net|org|gov|edu|ac)\\.cn",
|
||||
"(com|net|org|gov|edu|mil|art)\\.br",
|
||||
"(co|net|org|gen|firm|ind)\\.in",
|
||||
"(com|net|org|gob|edu)\\.mx",
|
||||
"(gov|edu)\\.it",
|
||||
"(co|net|org|govt|ac|school|geek|kiwi)\\.nz",
|
||||
"(co|ne|or|go|re|pe)\\.kr"
|
||||
);
|
||||
public static final Pattern[] REGISTRAR_LEVEL_DOMAIN_PATTERN = stream(REGISTRAR_LEVEL_DOMAINS)
|
||||
.map(Pattern::compile)
|
||||
.toArray(Pattern[]::new);
|
||||
|
||||
private final static Map<String, Result> fakeResults = new HashMap<>();
|
||||
|
||||
public static Optional<String> superDomain(final String domainName) {
|
||||
final var parts = domainName.split("\\.", 2);
|
||||
if (parts.length == 2) {
|
||||
return Optional.of(parts[1]);
|
||||
}
|
||||
return Optional.empty();
|
||||
}
|
||||
|
||||
public static boolean isRegistrarLevelDomain(final String domainName) {
|
||||
return stream(REGISTRAR_LEVEL_DOMAIN_PATTERN)
|
||||
.anyMatch(p -> p.matcher(domainName).matches());
|
||||
}
|
||||
|
||||
/**
|
||||
* @param domainName a fully qualified domain name
|
||||
* @return true if `domainName` can be registered at a registrar, false if it's a subdomain of such or a registrar-level domain itself
|
||||
*/
|
||||
public static boolean isRegistrableDomain(final String domainName) {
|
||||
return !isRegistrarLevelDomain(domainName) &&
|
||||
superDomain(domainName).map(Dns::isRegistrarLevelDomain).orElse(false);
|
||||
}
|
||||
|
||||
public static void fakeResultForDomain(final String domainName, final Result fakeResult) {
|
||||
fakeResults.put(domainName, fakeResult);
|
||||
}
|
||||
|
||||
public static void resetFakeResults() {
|
||||
fakeResults.clear();
|
||||
}
|
||||
|
||||
public enum Status {
|
||||
SUCCESS,
|
||||
NAME_NOT_FOUND,
|
||||
INVALID_NAME,
|
||||
SERVICE_UNAVAILABLE,
|
||||
UNKNOWN_FAILURE
|
||||
}
|
||||
|
||||
public record Result(Status status, List<String> records, NamingException exception) {
|
||||
|
||||
|
||||
public static Result fromRecords(final NamingEnumeration<?> recordEnumeration) {
|
||||
final List<String> records = recordEnumeration == null
|
||||
? emptyList()
|
||||
: EnumerationUtils.toList(recordEnumeration).stream().map(Object::toString).toList();
|
||||
return new Result(Status.SUCCESS, records, null);
|
||||
}
|
||||
|
||||
public static Result fromRecords(final String... records) {
|
||||
return new Result(Status.SUCCESS, stream(records).toList(), null);
|
||||
}
|
||||
|
||||
public static Result fromException(final NamingException exception) {
|
||||
return switch (exception) {
|
||||
case ServiceUnavailableException exc -> new Result(Status.SERVICE_UNAVAILABLE, emptyList(), exc);
|
||||
case NameNotFoundException exc -> new Result(Status.NAME_NOT_FOUND, emptyList(), exc);
|
||||
case InvalidNameException exc -> new Result(Status.INVALID_NAME, emptyList(), exc);
|
||||
case NamingException exc -> new Result(Status.UNKNOWN_FAILURE, emptyList(), exc);
|
||||
};
|
||||
}
|
||||
}
|
||||
|
||||
private final String domainName;
|
||||
|
||||
public Dns(final String domainName) {
|
||||
this.domainName = domainName;
|
||||
}
|
||||
|
||||
public Result fetchRecordsOfType(final String recordType) {
|
||||
if (fakeResults.containsKey(domainName)) {
|
||||
return fakeResults.get(domainName);
|
||||
}
|
||||
|
||||
try {
|
||||
final var env = new Hashtable<>();
|
||||
env.put("java.naming.factory.initial", "com.sun.jndi.dns.DnsContextFactory");
|
||||
final Attribute records = new InitialDirContext(env)
|
||||
.getAttributes(domainName, new String[] { recordType })
|
||||
.get(recordType);
|
||||
return Result.fromRecords(records != null ? records.getAll() : null);
|
||||
} catch (final NamingException exception) {
|
||||
return Result.fromException(exception);
|
||||
}
|
||||
}
|
||||
|
||||
public static void main(String[] args) {
|
||||
final var result = new Dns("example.org").fetchRecordsOfType("TXT");
|
||||
System.out.println(result);
|
||||
}
|
||||
|
||||
}
|
@ -6,10 +6,8 @@ import net.hostsharing.hsadminng.hs.hosting.generated.api.v1.model.HsHostingAsse
|
||||
import net.hostsharing.hsadminng.hs.validation.HsEntityValidator;
|
||||
|
||||
import jakarta.persistence.EntityManager;
|
||||
import java.util.Arrays;
|
||||
import java.util.Map;
|
||||
import java.util.function.Function;
|
||||
import java.util.regex.Pattern;
|
||||
|
||||
/**
|
||||
* Wraps the steps of the pararation, validation, mapping and revamp around saving of a HsHostingAsset into a readable API.
|
||||
@ -42,14 +40,12 @@ public class HostingAssetEntitySaveProcessor {
|
||||
return this;
|
||||
}
|
||||
|
||||
// TODO.legacy: remove once the migration of legacy data is done
|
||||
/// validates the entity itself including its properties, but ignoring some error messages for import of legacy data
|
||||
public HostingAssetEntitySaveProcessor validateEntityIgnoring(final String... ignoreRegExp) {
|
||||
public HostingAssetEntitySaveProcessor validateEntityIgnoring(final String ignoreRegExp) {
|
||||
step("validateEntity", "prepareForSave");
|
||||
final var ignoreRegExpPatterns = Arrays.stream(ignoreRegExp).map(Pattern::compile).toList();
|
||||
MultiValidationException.throwIfNotEmpty(
|
||||
validator.validateEntity(entity).stream()
|
||||
.filter(error -> ignoreRegExpPatterns.stream().noneMatch(p -> p.matcher(error).matches() ))
|
||||
.filter(errorMsg -> !errorMsg.matches(ignoreRegExp))
|
||||
.toList()
|
||||
);
|
||||
return this;
|
||||
@ -58,49 +54,22 @@ public class HostingAssetEntitySaveProcessor {
|
||||
/// hashing passwords etc.
|
||||
@SuppressWarnings("unchecked")
|
||||
public HostingAssetEntitySaveProcessor prepareForSave() {
|
||||
step("prepareForSave", "save");
|
||||
step("prepareForSave", "saveUsing");
|
||||
validator.prepareProperties(em, entity);
|
||||
return this;
|
||||
}
|
||||
|
||||
/**
|
||||
* Saves the entity using the given `saveFunction`.
|
||||
*
|
||||
* <p>`validator.postPersist(em, entity)` is NOT called.
|
||||
* If any postprocessing is necessary, the saveFunction has to implement this.</p>
|
||||
* @param saveFunction
|
||||
* @return
|
||||
*/
|
||||
public HostingAssetEntitySaveProcessor saveUsing(final Function<HsHostingAsset, HsHostingAsset> saveFunction) {
|
||||
step("save", "validateContext");
|
||||
step("saveUsing", "validateContext");
|
||||
entity = saveFunction.apply(entity);
|
||||
return this;
|
||||
}
|
||||
|
||||
/**
|
||||
* Saves the using the `EntityManager`, but does NOT ever merge the entity.
|
||||
*
|
||||
* <p>`validator.postPersist(em, entity)` is called afterwards with the entity guaranteed to be flushed to the database.</p>
|
||||
* @return
|
||||
*/
|
||||
public HostingAssetEntitySaveProcessor save() {
|
||||
return saveUsing(e -> {
|
||||
if (!em.contains(entity)) {
|
||||
em.persist(entity);
|
||||
}
|
||||
em.flush(); // makes RbacEntity available as RealEntity if needed
|
||||
validator.postPersist(em, entity);
|
||||
return entity;
|
||||
});
|
||||
}
|
||||
|
||||
/// validates the entity within it's parent and child hierarchy (e.g. totals validators and other limits)
|
||||
public HostingAssetEntitySaveProcessor validateContext() {
|
||||
step("validateContext", "mapUsing");
|
||||
return HsEntityValidator.doWithEntityManager(em, () -> {
|
||||
MultiValidationException.throwIfNotEmpty(validator.validateContext(entity));
|
||||
return this;
|
||||
});
|
||||
MultiValidationException.throwIfNotEmpty(validator.validateContext(entity));
|
||||
return this;
|
||||
}
|
||||
|
||||
/// maps entity to JSON resource representation
|
||||
|
@ -1,6 +1,6 @@
|
||||
package net.hostsharing.hsadminng.hs.hosting.asset.validators;
|
||||
|
||||
import net.hostsharing.hsadminng.hs.booking.item.HsBookingItem;
|
||||
import net.hostsharing.hsadminng.hs.booking.item.HsBookingItemEntity;
|
||||
import net.hostsharing.hsadminng.hs.booking.item.HsBookingItemType;
|
||||
import net.hostsharing.hsadminng.hs.booking.item.validators.HsBookingItemEntityValidatorRegistry;
|
||||
import net.hostsharing.hsadminng.hs.hosting.asset.HsHostingAsset;
|
||||
@ -27,7 +27,7 @@ public abstract class HostingAssetEntityValidator extends HsEntityValidator<HsHo
|
||||
|
||||
static final ValidatableProperty<?, ?>[] NO_EXTRA_PROPERTIES = new ValidatableProperty<?, ?>[0];
|
||||
|
||||
private final ReferenceValidator<HsBookingItem, HsBookingItemType> bookingItemReferenceValidation;
|
||||
private final ReferenceValidator<HsBookingItemEntity, HsBookingItemType> bookingItemReferenceValidation;
|
||||
private final ReferenceValidator<HsHostingAsset, HsHostingAssetType> parentAssetReferenceValidation;
|
||||
private final ReferenceValidator<HsHostingAsset, HsHostingAssetType> assignedToAssetReferenceValidation;
|
||||
private final HostingAssetEntityValidator.AlarmContact alarmContactValidation;
|
||||
@ -41,7 +41,7 @@ public abstract class HostingAssetEntityValidator extends HsEntityValidator<HsHo
|
||||
assetType.bookingItemPolicy(),
|
||||
assetType.bookingItemTypes(),
|
||||
HsHostingAsset::getBookingItem,
|
||||
HsBookingItem::getType);
|
||||
HsBookingItemEntity::getType);
|
||||
this.parentAssetReferenceValidation = new ReferenceValidator<>(
|
||||
assetType.parentAssetPolicy(),
|
||||
assetType.parentAssetTypes(),
|
||||
@ -104,7 +104,7 @@ public abstract class HostingAssetEntityValidator extends HsEntityValidator<HsHo
|
||||
: emptyList();
|
||||
}
|
||||
|
||||
private static List<String> optionallyValidate(final HsBookingItem bookingItem) {
|
||||
private static List<String> optionallyValidate(final HsBookingItemEntity bookingItem) {
|
||||
return bookingItem != null
|
||||
? enrich(
|
||||
prefix(bookingItem.toShortString(), "bookingItem"),
|
||||
@ -182,36 +182,26 @@ public abstract class HostingAssetEntityValidator extends HsEntityValidator<HsHo
|
||||
|
||||
List<String> validate(final HsHostingAsset assetEntity, final String referenceFieldName) {
|
||||
|
||||
final var referencedEntity = referencedEntityGetter.apply(assetEntity);
|
||||
final var referencedEntityType = referencedEntity != null ? referencedEntityTypeGetter.apply(referencedEntity) : null;
|
||||
final var actualEntity = referencedEntityGetter.apply(assetEntity);
|
||||
final var actualEntityType = actualEntity != null ? referencedEntityTypeGetter.apply(actualEntity) : null;
|
||||
|
||||
switch (policy) {
|
||||
case REQUIRED:
|
||||
if (!referencedEntityTypes.contains(referencedEntityType)) {
|
||||
return List.of(referencedEntityType == null
|
||||
if (!referencedEntityTypes.contains(actualEntityType)) {
|
||||
return List.of(actualEntityType == null
|
||||
? referenceFieldName + "' must be of type " + toDisplay(referencedEntityTypes) + " but is null"
|
||||
: referenceFieldName + "' must be of type " + toDisplay(referencedEntityTypes) + " but is of type " + referencedEntityType);
|
||||
}
|
||||
break;
|
||||
case TERMINATORY:
|
||||
if (assetEntity.getParentAsset() != null && assetEntity.getBookingItem() != null) {
|
||||
return List.of(referenceFieldName + "' or parentItem must be null but is of type " + referencedEntityType);
|
||||
}
|
||||
if (assetEntity.getParentAsset() == null && !referencedEntityTypes.contains(referencedEntityType)) {
|
||||
return List.of(referencedEntityType == null
|
||||
? referenceFieldName + "' must be of type " + toDisplay(referencedEntityTypes) + " but is null"
|
||||
: referenceFieldName + "' must be of type " + toDisplay(referencedEntityTypes) + " but is of type " + referencedEntityType);
|
||||
: referenceFieldName + "' must be of type " + toDisplay(referencedEntityTypes) + " but is of type " + actualEntityType);
|
||||
}
|
||||
break;
|
||||
case OPTIONAL:
|
||||
if (referencedEntityType != null && !referencedEntityTypes.contains(referencedEntityType)) {
|
||||
if (actualEntityType != null && !referencedEntityTypes.contains(actualEntityType)) {
|
||||
return List.of(referenceFieldName + "' must be null or of type " + toDisplay(referencedEntityTypes) + " but is of type "
|
||||
+ referencedEntityType);
|
||||
+ actualEntityType);
|
||||
}
|
||||
break;
|
||||
case FORBIDDEN:
|
||||
if (referencedEntityType != null) {
|
||||
return List.of(referenceFieldName + "' must be null but is of type " + referencedEntityType);
|
||||
if (actualEntityType != null) {
|
||||
return List.of(referenceFieldName + "' must be null but is of type " + actualEntityType);
|
||||
}
|
||||
break;
|
||||
}
|
||||
|
@ -3,6 +3,7 @@ package net.hostsharing.hsadminng.hs.hosting.asset.validators;
|
||||
import net.hostsharing.hsadminng.hs.hosting.asset.HsHostingAsset;
|
||||
import net.hostsharing.hsadminng.hs.hosting.asset.HsHostingAsset;
|
||||
import net.hostsharing.hsadminng.hs.hosting.asset.HsHostingAssetType;
|
||||
import net.hostsharing.hsadminng.hs.hosting.generated.api.v1.model.HsHostingAssetResource;
|
||||
import net.hostsharing.hsadminng.hs.validation.HsEntityValidator;
|
||||
|
||||
import java.util.*;
|
||||
@ -53,4 +54,13 @@ public class HostingAssetEntityValidatorRegistry {
|
||||
public static Set<Enum<HsHostingAssetType>> types() {
|
||||
return validators.keySet();
|
||||
}
|
||||
|
||||
@SuppressWarnings("unchecked")
|
||||
private static Map<String, Object> asMap(final HsHostingAssetResource resource) {
|
||||
if (resource.getConfig() instanceof Map map) {
|
||||
return map;
|
||||
}
|
||||
throw new IllegalArgumentException("expected a Map, but got a " + resource.getConfig().getClass());
|
||||
}
|
||||
|
||||
}
|
||||
|
@ -15,7 +15,7 @@ import static net.hostsharing.hsadminng.hs.validation.BooleanProperty.booleanPro
|
||||
import static net.hostsharing.hsadminng.hs.validation.IntegerProperty.integerProperty;
|
||||
import static net.hostsharing.hsadminng.hs.validation.StringProperty.stringProperty;
|
||||
|
||||
// TODO.legacy: make package private once we've migrated the legacy data
|
||||
// TODO.impl: make package private once we've migrated the legacy data
|
||||
public class HsDomainDnsSetupHostingAssetValidator extends HostingAssetEntityValidator {
|
||||
|
||||
// according to RFC 1035 (section 5) and RFC 1034
|
||||
@ -33,7 +33,7 @@ public class HsDomainDnsSetupHostingAssetValidator extends HostingAssetEntityVal
|
||||
RR_REGEX_NAME + RR_REGEX_IN + RR_REGEX_TTL + RR_RECORD_TYPE + RR_RECORD_DATA + RR_COMMENT;
|
||||
public static final String IDENTIFIER_SUFFIX = "|DNS";
|
||||
|
||||
private static List<String> zoneFileErrors = null; // TODO.legacy: remove once legacy data is migrated
|
||||
private static List<String> zoneFileErrors = null; // TODO.impl: remove once legacy data is migrated
|
||||
|
||||
HsDomainDnsSetupHostingAssetValidator() {
|
||||
super(
|
||||
|
@ -2,127 +2,56 @@ package net.hostsharing.hsadminng.hs.hosting.asset.validators;
|
||||
|
||||
import net.hostsharing.hsadminng.hs.hosting.asset.HsHostingAsset;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
import java.util.Optional;
|
||||
import java.util.regex.Pattern;
|
||||
|
||||
import static net.hostsharing.hsadminng.hs.hosting.asset.HsHostingAssetType.DOMAIN_SETUP;
|
||||
import static net.hostsharing.hsadminng.hs.hosting.asset.validators.Dns.superDomain;
|
||||
import static net.hostsharing.hsadminng.hs.hosting.asset.validators.HsDomainHttpSetupHostingAssetValidator.SUBDOMAIN_NAME_REGEX;
|
||||
|
||||
class HsDomainSetupHostingAssetValidator extends HostingAssetEntityValidator {
|
||||
|
||||
public static final String DOMAIN_NAME_PROPERTY_NAME = "domainName";
|
||||
public static final String FQDN_REGEX = "^((?!-)[A-Za-z0-9-]{1,63}(?<!-)\\.)+[A-Za-z]{2,12}";
|
||||
|
||||
private final Pattern identifierPattern;
|
||||
|
||||
HsDomainSetupHostingAssetValidator() {
|
||||
super(
|
||||
DOMAIN_SETUP,
|
||||
super( DOMAIN_SETUP,
|
||||
AlarmContact.isOptional(),
|
||||
|
||||
NO_EXTRA_PROPERTIES);
|
||||
this.identifierPattern = Pattern.compile(FQDN_REGEX);
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<String> validateEntity(final HsHostingAsset assetEntity) {
|
||||
final var violations = super.validateEntity(assetEntity);
|
||||
if (!violations.isEmpty() || assetEntity.isLoaded()) {
|
||||
// it makes no sense to do DNS-based validation
|
||||
// if the entity is already persisted or
|
||||
// if the identifier (domain name) or structure is already invalid
|
||||
return violations;
|
||||
}
|
||||
// TODO.impl: for newly created entities, check the permission of setting up a domain
|
||||
//
|
||||
// reject, if the domain is any of these:
|
||||
// hostsharing.com|net|org|coop, // just to be on the safe side
|
||||
// [^.}+, // top-level-domain
|
||||
// co.uk, org.uk, gov.uk, ac.uk, sch.uk,
|
||||
// com.au, net.au, org.au, edu.au, gov.au, asn.au, id.au,
|
||||
// co.jp, ne.jp, or.jp, ac.jp, go.jp,
|
||||
// com.cn, net.cn, org.cn, gov.cn, edu.cn, ac.cn,
|
||||
// com.br, net.br, org.br, gov.br, edu.br, mil.br, art.br,
|
||||
// co.in, net.in, org.in, gen.in, firm.in, ind.in,
|
||||
// com.mx, net.mx, org.mx, gob.mx, edu.mx,
|
||||
// gov.it, edu.it,
|
||||
// co.nz, net.nz, org.nz, govt.nz, ac.nz, school.nz, geek.nz, kiwi.nz,
|
||||
// co.kr, ne.kr, or.kr, go.kr, re.kr, pe.kr
|
||||
//
|
||||
// allow if
|
||||
// - user has Admin/Agent-role for all its sub-domains and the direct parent-Domain which are set up at at Hostsharing
|
||||
// - domain has DNS zone with TXT record approval
|
||||
// - parent-domain has DNS zone with TXT record approval
|
||||
//
|
||||
// TXT-Record check:
|
||||
// new InitialDirContext().getAttributes("dns:_netblocks.google.com", new String[] { "TXT"}).get("TXT").getAll();
|
||||
|
||||
final var dnsResult = new Dns(assetEntity.getIdentifier()).fetchRecordsOfType("TXT");
|
||||
switch (dnsResult.status()) {
|
||||
case Dns.Status.SUCCESS:
|
||||
violations.addAll(handleDomainNameFound(assetEntity, dnsResult));
|
||||
break;
|
||||
|
||||
case Dns.Status.NAME_NOT_FOUND:
|
||||
violations.addAll(handleDomainNameNotFoundError(assetEntity, dnsResult));
|
||||
break;
|
||||
|
||||
case Dns.Status.INVALID_NAME:
|
||||
// should not happen because we validate the domain name at booking item level
|
||||
violations.add("[DNS] invalid domain name '" + assetEntity.getIdentifier() + "'");
|
||||
break;
|
||||
|
||||
case Dns.Status.SERVICE_UNAVAILABLE:
|
||||
case Dns.Status.UNKNOWN_FAILURE:
|
||||
violations.add("[DNS] lookup failed for domain name '" + assetEntity.getIdentifier() + "': " + dnsResult.exception());
|
||||
break;
|
||||
}
|
||||
return violations;
|
||||
}
|
||||
|
||||
private static String verificationCode(final HsHostingAsset assetEntity) {
|
||||
return assetEntity.getBookingItem().getDirectValue("verificationCode", String.class);
|
||||
return super.validateEntity(assetEntity);
|
||||
}
|
||||
|
||||
@Override
|
||||
protected Pattern identifierPattern(final HsHostingAsset assetEntity) {
|
||||
if (assetEntity.getBookingItem() != null) {
|
||||
final var bookingItemDomainName = assetEntity.getBookingItem()
|
||||
.getDirectValue(DOMAIN_NAME_PROPERTY_NAME, String.class);
|
||||
return Pattern.compile(bookingItemDomainName, Pattern.CASE_INSENSITIVE | Pattern.LITERAL);
|
||||
}
|
||||
final var parentDomainName = assetEntity.getParentAsset().getIdentifier();
|
||||
return Pattern.compile(SUBDOMAIN_NAME_REGEX + "\\." + parentDomainName.replace(".", "\\."), Pattern.CASE_INSENSITIVE);
|
||||
}
|
||||
|
||||
private static List<String> handleDomainNameFound(final HsHostingAsset assetEntity, final Dns.Result dnsResult) {
|
||||
final var violations = new ArrayList<String>();
|
||||
final var expectedTxtRecordValue = "Hostsharing-domain-setup-verification-code=" + verificationCode(assetEntity);
|
||||
final var verificationFound = findTxtRecord(dnsResult, expectedTxtRecordValue)
|
||||
.or(() -> superDomain(assetEntity.getIdentifier())
|
||||
.flatMap(superDomainName -> findTxtRecord(
|
||||
new Dns(superDomainName).fetchRecordsOfType("TXT"),
|
||||
expectedTxtRecordValue))
|
||||
);
|
||||
if (verificationFound.isEmpty()) {
|
||||
violations.add(
|
||||
"[DNS] no TXT record '" + expectedTxtRecordValue +
|
||||
"' found for domain name '" + assetEntity.getIdentifier() + "' (nor in its super-domain)");
|
||||
}
|
||||
return violations;
|
||||
}
|
||||
|
||||
private static List<String> handleDomainNameNotFoundError(final HsHostingAsset assetEntity, final Dns.Result dnsResult) {
|
||||
final var violations = new ArrayList<String>();
|
||||
if (isDnsVerificationRequiredForUnregisteredDomain(assetEntity)) {
|
||||
final var superDomain = superDomain(assetEntity.getIdentifier());
|
||||
final var expectedTxtRecordValue = "Hostsharing-domain-setup-verification-code=" + verificationCode(assetEntity);
|
||||
final var verificationFoundInSuperDomain = superDomain.map(superDomainName ->
|
||||
{
|
||||
final Dns.Result superDomainDnsResult = new Dns(superDomainName).fetchRecordsOfType("TXT");
|
||||
if (superDomainDnsResult.status() != Dns.Status.SUCCESS) {
|
||||
violations.add("[DNS] lookup failed for domain name '" + superDomainName + "': " + dnsResult.exception());
|
||||
}
|
||||
return superDomainDnsResult;
|
||||
}
|
||||
)
|
||||
.flatMap(records -> findTxtRecord(records, expectedTxtRecordValue));
|
||||
if (verificationFoundInSuperDomain.isEmpty()) {
|
||||
violations.add(
|
||||
"[DNS] no TXT record '" + expectedTxtRecordValue +
|
||||
"' found for domain name '" + superDomain.orElseThrow() + "'");
|
||||
}
|
||||
} else {
|
||||
// otherwise no DNS verification to be able to setup DNS for domains to register
|
||||
}
|
||||
return violations;
|
||||
}
|
||||
|
||||
private static boolean isDnsVerificationRequiredForUnregisteredDomain(final HsHostingAsset assetEntity) {
|
||||
return !Dns.isRegistrableDomain(assetEntity.getIdentifier())
|
||||
&& assetEntity.getParentAsset() == null;
|
||||
}
|
||||
|
||||
|
||||
private static Optional<String> findTxtRecord(final Dns.Result result, final String expectedTxtRecordValue) {
|
||||
return result.records().stream()
|
||||
.filter(r -> r.contains(expectedTxtRecordValue))
|
||||
.findAny();
|
||||
return identifierPattern;
|
||||
}
|
||||
}
|
||||
|
@ -11,22 +11,20 @@ import static net.hostsharing.hsadminng.hs.validation.StringProperty.stringPrope
|
||||
|
||||
class HsEMailAddressHostingAssetValidator extends HostingAssetEntityValidator {
|
||||
|
||||
private static final String TARGET_MAILBOX_REGEX = "^[a-z][a-z0-9]{2}[0-9]{2}(-[a-z0-9][a-z0-9\\.+_-]*)?$"; // also accepts legacy pac-names
|
||||
private static final String UNIX_USER_REGEX = "^[a-z][a-z0-9]{2}[0-9]{2}(-[a-z0-9][a-z0-9\\._-]*)?$"; // also accepts legacy pac-names
|
||||
private static final String EMAIL_ADDRESS_LOCAL_PART_REGEX = "[a-zA-Z0-9_!#$%&'*+/=?`{|}~^.-]+"; // RFC 5322
|
||||
private static final String EMAIL_ADDRESS_DOMAIN_PART_REGEX = "[a-zA-Z0-9.-]+";
|
||||
private static final String EMAIL_ADDRESS_FULL_REGEX = "^(" + EMAIL_ADDRESS_LOCAL_PART_REGEX + ")?@" + EMAIL_ADDRESS_DOMAIN_PART_REGEX + "$";
|
||||
private static final String NOBODY_REGEX = "^nobody$";
|
||||
private static final String DEVNULL_REGEX = "^/dev/null$";
|
||||
private static final String EMAIL_ADDRESS_FULL_REGEX = "^" + EMAIL_ADDRESS_LOCAL_PART_REGEX + "@" + EMAIL_ADDRESS_DOMAIN_PART_REGEX + "$";
|
||||
public static final int EMAIL_ADDRESS_MAX_LENGTH = 320; // according to RFC 5321 and RFC 5322
|
||||
|
||||
HsEMailAddressHostingAssetValidator() {
|
||||
super( HsHostingAssetType.EMAIL_ADDRESS,
|
||||
AlarmContact.isOptional(),
|
||||
|
||||
stringProperty("local-part").matchesRegEx("^" + EMAIL_ADDRESS_LOCAL_PART_REGEX + "$").writeOnce().optional(),
|
||||
stringProperty("sub-domain").matchesRegEx("^" + EMAIL_ADDRESS_LOCAL_PART_REGEX + "$").writeOnce().optional(),
|
||||
stringProperty("local-part").matchesRegEx("^" + EMAIL_ADDRESS_LOCAL_PART_REGEX + "$").required(),
|
||||
stringProperty("sub-domain").matchesRegEx("^" + EMAIL_ADDRESS_LOCAL_PART_REGEX + "$").optional(),
|
||||
arrayOf(
|
||||
stringProperty("target").maxLength(EMAIL_ADDRESS_MAX_LENGTH).matchesRegEx(TARGET_MAILBOX_REGEX, EMAIL_ADDRESS_FULL_REGEX, NOBODY_REGEX, DEVNULL_REGEX)
|
||||
stringProperty("target").maxLength(EMAIL_ADDRESS_MAX_LENGTH).matchesRegEx(UNIX_USER_REGEX, EMAIL_ADDRESS_FULL_REGEX)
|
||||
).required().minLength(1));
|
||||
}
|
||||
|
||||
@ -45,9 +43,9 @@ class HsEMailAddressHostingAssetValidator extends HostingAssetEntityValidator {
|
||||
}
|
||||
|
||||
private static String combineIdentifier(final HsHostingAsset emailAddressAssetEntity) {
|
||||
return ofNullable(emailAddressAssetEntity.getDirectValue("local-part", String.class)).orElse("")
|
||||
+ "@"
|
||||
+ ofNullable(emailAddressAssetEntity.getDirectValue("sub-domain", String.class)).map(s -> s + ".").orElse("")
|
||||
+ emailAddressAssetEntity.getParentAsset().getParentAsset().getIdentifier();
|
||||
return emailAddressAssetEntity.getDirectValue("local-part", String.class) +
|
||||
ofNullable(emailAddressAssetEntity.getDirectValue("sub-domain", String.class)).map(s -> "." + s).orElse("") +
|
||||
"@" +
|
||||
emailAddressAssetEntity.getParentAsset().getIdentifier();
|
||||
}
|
||||
}
|
||||
|
@ -1,22 +1,17 @@
|
||||
package net.hostsharing.hsadminng.hs.hosting.asset.validators;
|
||||
|
||||
import net.hostsharing.hsadminng.hs.hosting.asset.HsHostingAsset;
|
||||
import net.hostsharing.hsadminng.hs.hosting.asset.HsHostingAssetRealEntity;
|
||||
|
||||
import jakarta.persistence.EntityManager;
|
||||
import java.util.regex.Pattern;
|
||||
|
||||
import static net.hostsharing.hsadminng.hs.hosting.asset.HsHostingAssetType.MANAGED_WEBSPACE;
|
||||
import static net.hostsharing.hsadminng.hs.hosting.asset.HsHostingAssetType.UNIX_USER;
|
||||
import static net.hostsharing.hsadminng.hs.validation.IntegerProperty.integerProperty;
|
||||
|
||||
class HsManagedWebspaceHostingAssetValidator extends HostingAssetEntityValidator {
|
||||
public HsManagedWebspaceHostingAssetValidator() {
|
||||
super(
|
||||
MANAGED_WEBSPACE,
|
||||
AlarmContact.isOptional(),
|
||||
integerProperty("groupid").readOnly()
|
||||
);
|
||||
NO_EXTRA_PROPERTIES); // TODO.impl: groupid missing, should be equal to main user
|
||||
}
|
||||
|
||||
@Override
|
||||
@ -27,24 +22,4 @@ class HsManagedWebspaceHostingAssetValidator extends HostingAssetEntityValidator
|
||||
: "[a-z][a-z0-9][a-z0-9]";
|
||||
return Pattern.compile("^" + prefixPattern + "[0-9][0-9]$");
|
||||
}
|
||||
|
||||
@Override
|
||||
public void postPersist(final EntityManager em, final HsHostingAsset webspaceAsset) {
|
||||
if (!webspaceAsset.isLoaded()) {
|
||||
final var unixUserAsset = HsHostingAssetRealEntity.builder()
|
||||
.type(UNIX_USER)
|
||||
.parentAsset(em.find(HsHostingAssetRealEntity.class, webspaceAsset.getUuid()))
|
||||
.identifier(webspaceAsset.getIdentifier())
|
||||
.caption(webspaceAsset.getIdentifier() + " webspace user")
|
||||
.build();
|
||||
webspaceAsset.getSubHostingAssets().add(unixUserAsset);
|
||||
new HostingAssetEntitySaveProcessor(em, unixUserAsset)
|
||||
.preprocessEntity()
|
||||
.validateEntity()
|
||||
.prepareForSave()
|
||||
.save()
|
||||
.validateContext();
|
||||
webspaceAsset.getConfig().put("groupid", unixUserAsset.getConfig().get("userid"));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -53,7 +53,7 @@ class HsUnixUserHostingAssetValidator extends HostingAssetEntityValidator {
|
||||
}
|
||||
|
||||
private static Integer computeUserId(final EntityManager em, final PropertiesProvider propertiesProvider) {
|
||||
final Object result = em.createNativeQuery("SELECT nextval('hs_hosting.asset_unixuser_system_id_seq')", Integer.class)
|
||||
final Object result = em.createNativeQuery("SELECT nextval('hs_hosting_asset_unixuser_system_id_seq')", Integer.class)
|
||||
.getSingleResult();
|
||||
return (Integer) result;
|
||||
}
|
||||
|
@ -1,22 +1,23 @@
|
||||
package net.hostsharing.hsadminng.hs.office.bankaccount;
|
||||
|
||||
import io.micrometer.core.annotation.Timed;
|
||||
import net.hostsharing.hsadminng.context.Context;
|
||||
import net.hostsharing.hsadminng.hs.office.generated.api.v1.api.HsOfficeBankAccountsApi;
|
||||
import net.hostsharing.hsadminng.hs.office.generated.api.v1.model.HsOfficeBankAccountInsertResource;
|
||||
import net.hostsharing.hsadminng.hs.office.generated.api.v1.model.HsOfficeBankAccountResource;
|
||||
import net.hostsharing.hsadminng.mapper.StandardMapper;
|
||||
import net.hostsharing.hsadminng.mapper.Mapper;
|
||||
import org.iban4j.BicUtil;
|
||||
import org.iban4j.IbanUtil;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.http.ResponseEntity;
|
||||
import org.springframework.transaction.annotation.Transactional;
|
||||
import org.springframework.web.bind.annotation.RestController;
|
||||
import org.springframework.web.bind.annotation.CrossOrigin;
|
||||
import org.springframework.web.servlet.mvc.method.annotation.MvcUriComponentsBuilder;
|
||||
|
||||
import java.util.List;
|
||||
import java.util.UUID;
|
||||
|
||||
@CrossOrigin(origins = "${HSADMINNG_CORS_WEBUI:http://localhost:3000}")
|
||||
@RestController
|
||||
|
||||
public class HsOfficeBankAccountController implements HsOfficeBankAccountsApi {
|
||||
@ -25,19 +26,18 @@ public class HsOfficeBankAccountController implements HsOfficeBankAccountsApi {
|
||||
private Context context;
|
||||
|
||||
@Autowired
|
||||
private StandardMapper mapper;
|
||||
private Mapper mapper;
|
||||
|
||||
@Autowired
|
||||
private HsOfficeBankAccountRepository bankAccountRepo;
|
||||
|
||||
@Override
|
||||
@Transactional(readOnly = true)
|
||||
@Timed("app.office.bankAccounts.api.patchDebitor")
|
||||
public ResponseEntity<List<HsOfficeBankAccountResource>> getListOfBankAccounts(
|
||||
final String currentSubject,
|
||||
public ResponseEntity<List<HsOfficeBankAccountResource>> listBankAccounts(
|
||||
final String currentUser,
|
||||
final String assumedRoles,
|
||||
final String holder) {
|
||||
context.define(currentSubject, assumedRoles);
|
||||
context.define(currentUser, assumedRoles);
|
||||
|
||||
final var entities = bankAccountRepo.findByOptionalHolderLike(holder);
|
||||
|
||||
@ -47,13 +47,12 @@ public class HsOfficeBankAccountController implements HsOfficeBankAccountsApi {
|
||||
|
||||
@Override
|
||||
@Transactional
|
||||
@Timed("app.office.bankAccounts.api.postNewBankAccount")
|
||||
public ResponseEntity<HsOfficeBankAccountResource> postNewBankAccount(
|
||||
final String currentSubject,
|
||||
public ResponseEntity<HsOfficeBankAccountResource> addBankAccount(
|
||||
final String currentUser,
|
||||
final String assumedRoles,
|
||||
final HsOfficeBankAccountInsertResource body) {
|
||||
|
||||
context.define(currentSubject, assumedRoles);
|
||||
context.define(currentUser, assumedRoles);
|
||||
|
||||
IbanUtil.validate(body.getIban());
|
||||
BicUtil.validate(body.getBic());
|
||||
@ -74,13 +73,12 @@ public class HsOfficeBankAccountController implements HsOfficeBankAccountsApi {
|
||||
|
||||
@Override
|
||||
@Transactional(readOnly = true)
|
||||
@Timed("app.office.bankAccounts.api.getSingleBankAccountByUuid")
|
||||
public ResponseEntity<HsOfficeBankAccountResource> getSingleBankAccountByUuid(
|
||||
final String currentSubject,
|
||||
public ResponseEntity<HsOfficeBankAccountResource> getBankAccountByUuid(
|
||||
final String currentUser,
|
||||
final String assumedRoles,
|
||||
final UUID bankAccountUuid) {
|
||||
|
||||
context.define(currentSubject, assumedRoles);
|
||||
context.define(currentUser, assumedRoles);
|
||||
|
||||
final var result = bankAccountRepo.findByUuid(bankAccountUuid);
|
||||
if (result.isEmpty()) {
|
||||
@ -91,12 +89,11 @@ public class HsOfficeBankAccountController implements HsOfficeBankAccountsApi {
|
||||
|
||||
@Override
|
||||
@Transactional
|
||||
@Timed("app.office.bankAccounts.api.deleteBankAccountByUuid")
|
||||
public ResponseEntity<Void> deleteBankAccountByUuid(
|
||||
final String currentSubject,
|
||||
final String currentUser,
|
||||
final String assumedRoles,
|
||||
final UUID BankAccountUuid) {
|
||||
context.define(currentSubject, assumedRoles);
|
||||
context.define(currentUser, assumedRoles);
|
||||
|
||||
final var result = bankAccountRepo.deleteByUuid(BankAccountUuid);
|
||||
if (result == 0) {
|
||||
|
@ -3,23 +3,23 @@ package net.hostsharing.hsadminng.hs.office.bankaccount;
|
||||
import lombok.*;
|
||||
import lombok.experimental.FieldNameConstants;
|
||||
import net.hostsharing.hsadminng.errors.DisplayAs;
|
||||
import net.hostsharing.hsadminng.persistence.BaseEntity;
|
||||
import net.hostsharing.hsadminng.rbac.generator.RbacView;
|
||||
import net.hostsharing.hsadminng.repr.Stringify;
|
||||
import net.hostsharing.hsadminng.repr.Stringifyable;
|
||||
import net.hostsharing.hsadminng.rbac.rbacobject.BaseEntity;
|
||||
import net.hostsharing.hsadminng.rbac.rbacdef.RbacView;
|
||||
import net.hostsharing.hsadminng.stringify.Stringify;
|
||||
import net.hostsharing.hsadminng.stringify.Stringifyable;
|
||||
|
||||
import jakarta.persistence.*;
|
||||
import java.io.IOException;
|
||||
import java.util.UUID;
|
||||
|
||||
import static net.hostsharing.hsadminng.rbac.generator.RbacView.*;
|
||||
import static net.hostsharing.hsadminng.rbac.generator.RbacView.Permission.*;
|
||||
import static net.hostsharing.hsadminng.rbac.generator.RbacView.RbacSubjectReference.UserRole.CREATOR;
|
||||
import static net.hostsharing.hsadminng.rbac.generator.RbacView.Role.*;
|
||||
import static net.hostsharing.hsadminng.repr.Stringify.stringify;
|
||||
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.*;
|
||||
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.*;
|
||||
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.RbacUserReference.UserRole.CREATOR;
|
||||
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.*;
|
||||
import static net.hostsharing.hsadminng.stringify.Stringify.stringify;
|
||||
|
||||
@Entity
|
||||
@Table(schema = "hs_office", name = "bankaccount_rv")
|
||||
@Table(name = "hs_office_bankaccount_rv")
|
||||
@Getter
|
||||
@Setter
|
||||
@Builder
|
||||
@ -62,7 +62,7 @@ public class HsOfficeBankAccountEntity implements BaseEntity<HsOfficeBankAccount
|
||||
.withIdentityView(SQL.projection("iban"))
|
||||
.withUpdatableColumns("holder", "iban", "bic")
|
||||
|
||||
.toRole(GLOBAL, GUEST).grantPermission(INSERT)
|
||||
.toRole("global", GUEST).grantPermission(INSERT)
|
||||
|
||||
.createRole(OWNER, (with) -> {
|
||||
with.owningUser(CREATOR);
|
||||
|
@ -1,6 +1,5 @@
|
||||
package net.hostsharing.hsadminng.hs.office.bankaccount;
|
||||
|
||||
import io.micrometer.core.annotation.Timed;
|
||||
import org.springframework.data.jpa.repository.Query;
|
||||
import org.springframework.data.repository.Repository;
|
||||
|
||||
@ -10,31 +9,23 @@ import java.util.UUID;
|
||||
|
||||
public interface HsOfficeBankAccountRepository extends Repository<HsOfficeBankAccountEntity, UUID> {
|
||||
|
||||
@Timed("app.office.bankAccounts.repo.findByUuid")
|
||||
Optional<HsOfficeBankAccountEntity> findByUuid(UUID id);
|
||||
|
||||
@Query("""
|
||||
SELECT c FROM HsOfficeBankAccountEntity c
|
||||
WHERE lower(c.holder) like lower(concat(:holder, '%'))
|
||||
ORDER BY c.holder
|
||||
""")
|
||||
@Timed("app.office.bankAccounts.repo.findByOptionalHolderLikeImpl")
|
||||
""")
|
||||
List<HsOfficeBankAccountEntity> findByOptionalHolderLikeImpl(String holder);
|
||||
|
||||
default List<HsOfficeBankAccountEntity> findByOptionalHolderLike(String holder) {
|
||||
return findByOptionalHolderLikeImpl(holder == null ? "" : holder);
|
||||
}
|
||||
|
||||
|
||||
@Timed("app.office.bankAccounts.repo.findByIbanOrderByIbanAsc")
|
||||
List<HsOfficeBankAccountEntity> findByIbanOrderByIbanAsc(String iban);
|
||||
|
||||
@Timed("app.office.bankAccounts.repo.save")
|
||||
<S extends HsOfficeBankAccountEntity> S save(S entity);
|
||||
|
||||
@Timed("app.office.bankAccounts.repo.deleteByUuid")
|
||||
int deleteByUuid(final UUID uuid);
|
||||
|
||||
@Timed("app.office.bankAccounts.repo.count")
|
||||
long count();
|
||||
}
|
||||
|
@ -11,9 +11,9 @@ import lombok.experimental.FieldNameConstants;
|
||||
import lombok.experimental.SuperBuilder;
|
||||
import net.hostsharing.hsadminng.errors.DisplayAs;
|
||||
import net.hostsharing.hsadminng.mapper.PatchableMapWrapper;
|
||||
import net.hostsharing.hsadminng.persistence.BaseEntity;
|
||||
import net.hostsharing.hsadminng.repr.Stringify;
|
||||
import net.hostsharing.hsadminng.repr.Stringifyable;
|
||||
import net.hostsharing.hsadminng.rbac.rbacobject.BaseEntity;
|
||||
import net.hostsharing.hsadminng.stringify.Stringify;
|
||||
import net.hostsharing.hsadminng.stringify.Stringifyable;
|
||||
import org.hibernate.annotations.GenericGenerator;
|
||||
import org.hibernate.annotations.Type;
|
||||
|
||||
@ -27,7 +27,7 @@ import java.util.HashMap;
|
||||
import java.util.Map;
|
||||
import java.util.UUID;
|
||||
|
||||
import static net.hostsharing.hsadminng.repr.Stringify.stringify;
|
||||
import static net.hostsharing.hsadminng.stringify.Stringify.stringify;
|
||||
|
||||
@MappedSuperclass
|
||||
@Getter
|
||||
@ -54,14 +54,8 @@ public class HsOfficeContact implements Stringifyable, BaseEntity<HsOfficeContac
|
||||
@Column(name = "caption")
|
||||
private String caption;
|
||||
|
||||
@Builder.Default
|
||||
@Setter(AccessLevel.NONE)
|
||||
@Type(JsonType.class)
|
||||
@Column(name = "postaladdress")
|
||||
private Map<String, String> postalAddress = new HashMap<>();
|
||||
|
||||
@Transient
|
||||
private PatchableMapWrapper<String> postalAddressWrapper;
|
||||
private String postalAddress; // multiline free-format text
|
||||
|
||||
@Builder.Default
|
||||
@Setter(AccessLevel.NONE)
|
||||
@ -81,17 +75,6 @@ public class HsOfficeContact implements Stringifyable, BaseEntity<HsOfficeContac
|
||||
@Transient
|
||||
private PatchableMapWrapper<String> phoneNumbersWrapper;
|
||||
|
||||
public PatchableMapWrapper<String> getPostalAddress() {
|
||||
return PatchableMapWrapper.of(
|
||||
postalAddressWrapper,
|
||||
(newWrapper) -> {postalAddressWrapper = newWrapper;},
|
||||
postalAddress);
|
||||
}
|
||||
|
||||
public void putPostalAddress(Map<String, String> newPostalAddress) {
|
||||
getPostalAddress().assign(newPostalAddress);
|
||||
}
|
||||
|
||||
public PatchableMapWrapper<String> getEmailAddresses() {
|
||||
return PatchableMapWrapper.of(
|
||||
emailAddressesWrapper,
|
||||
|
@ -1,7 +1,6 @@
|
||||
package net.hostsharing.hsadminng.hs.office.contact;
|
||||
|
||||
import io.micrometer.core.annotation.Timed;
|
||||
import net.hostsharing.hsadminng.mapper.StandardMapper;
|
||||
import net.hostsharing.hsadminng.mapper.Mapper;
|
||||
import net.hostsharing.hsadminng.context.Context;
|
||||
import net.hostsharing.hsadminng.hs.office.generated.api.v1.api.HsOfficeContactsApi;
|
||||
import net.hostsharing.hsadminng.hs.office.generated.api.v1.model.HsOfficeContactInsertResource;
|
||||
@ -11,15 +10,16 @@ import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.http.ResponseEntity;
|
||||
import org.springframework.transaction.annotation.Transactional;
|
||||
import org.springframework.web.bind.annotation.RestController;
|
||||
import org.springframework.web.bind.annotation.CrossOrigin;
|
||||
import org.springframework.web.servlet.mvc.method.annotation.MvcUriComponentsBuilder;
|
||||
|
||||
import java.util.List;
|
||||
import java.util.UUID;
|
||||
import java.util.function.BiConsumer;
|
||||
|
||||
import static net.hostsharing.hsadminng.errors.Validate.validate;
|
||||
import static net.hostsharing.hsadminng.mapper.KeyValueMap.from;
|
||||
|
||||
@CrossOrigin(origins = "${HSADMINNG_CORS_WEBUI:http://localhost:3000}")
|
||||
@RestController
|
||||
|
||||
public class HsOfficeContactController implements HsOfficeContactsApi {
|
||||
@ -28,25 +28,20 @@ public class HsOfficeContactController implements HsOfficeContactsApi {
|
||||
private Context context;
|
||||
|
||||
@Autowired
|
||||
private StandardMapper mapper;
|
||||
private Mapper mapper;
|
||||
|
||||
@Autowired
|
||||
private HsOfficeContactRbacRepository contactRepo;
|
||||
|
||||
@Override
|
||||
@Transactional(readOnly = true)
|
||||
@Timed("app.office.contacts.api.getListOfContacts")
|
||||
public ResponseEntity<List<HsOfficeContactResource>> getListOfContacts(
|
||||
final String currentSubject,
|
||||
public ResponseEntity<List<HsOfficeContactResource>> listContacts(
|
||||
final String currentUser,
|
||||
final String assumedRoles,
|
||||
final String caption,
|
||||
final String emailAddress) {
|
||||
context.define(currentSubject, assumedRoles);
|
||||
final String caption) {
|
||||
context.define(currentUser, assumedRoles);
|
||||
|
||||
validate("caption, emailAddress").atMaxOne(caption, emailAddress);
|
||||
final var entities = emailAddress != null
|
||||
? contactRepo.findContactByEmailAddress(emailAddress)
|
||||
: contactRepo.findContactByOptionalCaptionLike(caption);
|
||||
final var entities = contactRepo.findContactByOptionalCaptionLike(caption);
|
||||
|
||||
final var resources = mapper.mapList(entities, HsOfficeContactResource.class);
|
||||
return ResponseEntity.ok(resources);
|
||||
@ -54,13 +49,12 @@ public class HsOfficeContactController implements HsOfficeContactsApi {
|
||||
|
||||
@Override
|
||||
@Transactional
|
||||
@Timed("app.office.contacts.api.postNewContact")
|
||||
public ResponseEntity<HsOfficeContactResource> postNewContact(
|
||||
final String currentSubject,
|
||||
public ResponseEntity<HsOfficeContactResource> addContact(
|
||||
final String currentUser,
|
||||
final String assumedRoles,
|
||||
final HsOfficeContactInsertResource body) {
|
||||
|
||||
context.define(currentSubject, assumedRoles);
|
||||
context.define(currentUser, assumedRoles);
|
||||
|
||||
final var entityToSave = mapper.map(body, HsOfficeContactRbacEntity.class, RESOURCE_TO_ENTITY_POSTMAPPER);
|
||||
|
||||
@ -77,13 +71,12 @@ public class HsOfficeContactController implements HsOfficeContactsApi {
|
||||
|
||||
@Override
|
||||
@Transactional(readOnly = true)
|
||||
@Timed("app.office.contacts.api.getSingleContactByUuid")
|
||||
public ResponseEntity<HsOfficeContactResource> getSingleContactByUuid(
|
||||
final String currentSubject,
|
||||
public ResponseEntity<HsOfficeContactResource> getContactByUuid(
|
||||
final String currentUser,
|
||||
final String assumedRoles,
|
||||
final UUID contactUuid) {
|
||||
|
||||
context.define(currentSubject, assumedRoles);
|
||||
context.define(currentUser, assumedRoles);
|
||||
|
||||
final var result = contactRepo.findByUuid(contactUuid);
|
||||
if (result.isEmpty()) {
|
||||
@ -94,12 +87,11 @@ public class HsOfficeContactController implements HsOfficeContactsApi {
|
||||
|
||||
@Override
|
||||
@Transactional
|
||||
@Timed("app.office.contacts.api.deleteContactByUuid")
|
||||
public ResponseEntity<Void> deleteContactByUuid(
|
||||
final String currentSubject,
|
||||
final String currentUser,
|
||||
final String assumedRoles,
|
||||
final UUID contactUuid) {
|
||||
context.define(currentSubject, assumedRoles);
|
||||
context.define(currentUser, assumedRoles);
|
||||
|
||||
final var result = contactRepo.deleteByUuid(contactUuid);
|
||||
if (result == 0) {
|
||||
@ -111,14 +103,13 @@ public class HsOfficeContactController implements HsOfficeContactsApi {
|
||||
|
||||
@Override
|
||||
@Transactional
|
||||
@Timed("app.office.contacts.api.patchContact")
|
||||
public ResponseEntity<HsOfficeContactResource> patchContact(
|
||||
final String currentSubject,
|
||||
final String currentUser,
|
||||
final String assumedRoles,
|
||||
final UUID contactUuid,
|
||||
final HsOfficeContactPatchResource body) {
|
||||
|
||||
context.define(currentSubject, assumedRoles);
|
||||
context.define(currentUser, assumedRoles);
|
||||
|
||||
final var current = contactRepo.findByUuid(contactUuid).orElseThrow();
|
||||
|
||||
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user