RBAC Diagram+PostgreSQL Generator #21
@ -71,14 +71,14 @@ public class RbacView {
|
||||
|
||||
public RbacView createSubRole(final Role role) {
|
||||
final RbacRoleDefinition newRoleDef = findRbacRole(entityAlias, role).toCreate();
|
||||
new RbacGrantDefinition(newRoleDef, previousRoleDef).toCreate();
|
||||
findOrCreateGrantDef(newRoleDef, previousRoleDef).toCreate();
|
||||
previousRoleDef = newRoleDef;
|
||||
return this;
|
||||
}
|
||||
|
||||
public RbacView createSubRole(final Role role, final Consumer<RbacRoleDefinition> with) {
|
||||
final RbacRoleDefinition newRoleDef = findRbacRole(entityAlias, role).toCreate();
|
||||
new RbacGrantDefinition(newRoleDef, previousRoleDef).toCreate();
|
||||
findOrCreateGrantDef(newRoleDef, previousRoleDef).toCreate();
|
||||
with.accept(newRoleDef);
|
||||
previousRoleDef = newRoleDef;
|
||||
return this;
|
||||
@ -146,7 +146,7 @@ public class RbacView {
|
||||
});
|
||||
importedRbacView.getGrantDefs().forEach(grantDef -> {
|
||||
if (grantDef.grantType() == RbacGrantDefinition.GrantType.ROLE_TO_ROLE) {
|
||||
new RbacGrantDefinition(
|
||||
findOrCreateGrantDef(
|
||||
findRbacRole(mapper.map(grantDef.getSubRoleDef().entityAlias.aliasName), grantDef.getSubRoleDef().getRole()),
|
||||
findRbacRole(mapper.map(grantDef.getSuperRoleDef().entityAlias.aliasName), grantDef.getSuperRoleDef().getRole())
|
||||
);
|
||||
@ -165,15 +165,15 @@ public class RbacView {
|
||||
|
||||
|
||||
private RbacGrantDefinition grantRoleToUser(final RbacRoleDefinition roleDefinition, final RbacUserReference user) {
|
||||
return new RbacGrantDefinition(roleDefinition, user).toCreate();
|
||||
return findOrCreateGrantDef(roleDefinition, user).toCreate();
|
||||
}
|
||||
|
||||
private RbacGrantDefinition grantPermissionToRole(final RbacPermissionDefinition permDef , final RbacRoleDefinition roleDef) {
|
||||
return new RbacGrantDefinition(permDef, roleDef).toCreate();
|
||||
return findOrCreateGrantDef(permDef, roleDef).toCreate();
|
||||
}
|
||||
|
||||
private RbacGrantDefinition grantSubRoleToSuperRole(final RbacRoleDefinition subRoleDefinition, final RbacRoleDefinition superRoleDefinition) {
|
||||
return new RbacGrantDefinition(subRoleDefinition, superRoleDefinition).toCreate();
|
||||
return findOrCreateGrantDef(subRoleDefinition, superRoleDefinition).toCreate();
|
||||
}
|
||||
|
||||
boolean isMainEntityAlias(final EntityAlias entityAlias) {
|
||||
@ -193,7 +193,7 @@ public class RbacView {
|
||||
}
|
||||
|
||||
public RbacView grantRole(final String entityAlias, final Role role) {
|
||||
new RbacGrantDefinition(findRbacRole(entityAlias, role), superRoleDef).toCreate();
|
||||
findOrCreateGrantDef(findRbacRole(entityAlias, role), superRoleDef).toCreate();
|
||||
return RbacView.this;
|
||||
}
|
||||
|
||||
@ -210,19 +210,20 @@ public class RbacView {
|
||||
|
||||
@Override
|
||||
public String toString() {
|
||||
final var arrow = isAssumed() ? " --> " : " -- // --> ";
|
||||
return switch (grantType()) {
|
||||
case USER_TO_ROLE -> userDef.toString() + " --> " + subRoleDef.toString();
|
||||
case ROLE_TO_ROLE -> superRoleDef + " --> " + subRoleDef;
|
||||
case ROLE_TO_PERM -> superRoleDef + " --> " + permDef;
|
||||
case USER_TO_ROLE -> userDef.toString() + arrow + subRoleDef.toString();
|
||||
case ROLE_TO_ROLE -> superRoleDef + arrow + subRoleDef;
|
||||
case ROLE_TO_PERM -> superRoleDef + arrow + permDef;
|
||||
};
|
||||
}
|
||||
|
||||
public RbacGrantDefinition(final RbacRoleDefinition subRoleDef, final RbacRoleDefinition superRoleDef) {
|
||||
RbacGrantDefinition(final RbacRoleDefinition subRoleDef, final RbacRoleDefinition superRoleDef) {
|
||||
this.userDef = null;
|
||||
this.subRoleDef = subRoleDef;
|
||||
this.superRoleDef = superRoleDef;
|
||||
this.permDef = null;
|
||||
grantDefs.add(this);
|
||||
register(this);
|
||||
}
|
||||
|
||||
public RbacGrantDefinition(final RbacPermissionDefinition permDef, final RbacRoleDefinition roleDef) {
|
||||
@ -230,7 +231,7 @@ public class RbacView {
|
||||
this.subRoleDef = null;
|
||||
this.superRoleDef = roleDef;
|
||||
this.permDef = permDef;
|
||||
grantDefs.add(this);
|
||||
register(this);
|
||||
}
|
||||
|
||||
public RbacGrantDefinition(final RbacRoleDefinition roleDef, final RbacUserReference userDef) {
|
||||
@ -238,6 +239,11 @@ public class RbacView {
|
||||
this.subRoleDef = roleDef;
|
||||
this.superRoleDef = null;
|
||||
this.permDef = null;
|
||||
register(this);
|
||||
}
|
||||
|
||||
private void register(final RbacGrantDefinition rbacGrantDefinition) {
|
||||
grantDefs.add(rbacGrantDefinition);
|
||||
}
|
||||
|
||||
@NotNull
|
||||
@ -268,10 +274,6 @@ public class RbacView {
|
||||
}
|
||||
}
|
||||
|
||||
private void addGrant(final RbacGrantDefinition grant) {
|
||||
grantDefs.add(grant);
|
||||
}
|
||||
|
||||
public class RbacExampleRole {
|
||||
|
||||
final EntityAlias subRoleEntity;
|
||||
@ -317,7 +319,7 @@ public class RbacView {
|
||||
}
|
||||
|
||||
public RbacPermissionDefinition grantedTo(final String entityAlias, final Role role) {
|
||||
new RbacGrantDefinition(this, findRbacRole(entityAlias, role) ).toCreate();
|
||||
findOrCreateGrantDef(this, findRbacRole(entityAlias, role) ).toCreate();
|
||||
return this;
|
||||
}
|
||||
|
||||
@ -347,24 +349,24 @@ public class RbacView {
|
||||
}
|
||||
|
||||
public RbacRoleDefinition owningUser(final RbacUserReference.UserRole userRole) {
|
||||
addGrant(grantRoleToUser(this, findUserRef(userRole)));
|
||||
grantRoleToUser(this, findUserRef(userRole));
|
||||
return this;
|
||||
}
|
||||
|
||||
public RbacRoleDefinition permission(final Permission permission) {
|
||||
addGrant(grantPermissionToRole( createPermission(entityAlias, permission) , this));
|
||||
grantPermissionToRole( createPermission(entityAlias, permission) , this);
|
||||
return this;
|
||||
}
|
||||
|
||||
public RbacRoleDefinition incomingSuperRole(final String entityAlias, final Role role) {
|
||||
final var incomingSuperRole = findRbacRole(entityAlias, role);
|
||||
addGrant(grantSubRoleToSuperRole(this, incomingSuperRole));
|
||||
grantSubRoleToSuperRole(this, incomingSuperRole);
|
||||
return this;
|
||||
}
|
||||
|
||||
public RbacRoleDefinition outgoingSubRole(final String entityAlias, final Role role) {
|
||||
final var outgoingSubRole = findRbacRole(entityAlias, role);
|
||||
addGrant(grantSubRoleToSuperRole(outgoingSubRole, this));
|
||||
grantSubRoleToSuperRole(outgoingSubRole, this);
|
||||
return this;
|
||||
}
|
||||
|
||||
@ -414,6 +416,28 @@ public class RbacView {
|
||||
|
||||
public RbacRoleDefinition findRbacRole(final String entityAliasName, final Role role) {
|
||||
return findRbacRole(findEntityAlias(entityAliasName), role);
|
||||
|
||||
}
|
||||
|
||||
private RbacGrantDefinition findOrCreateGrantDef(final RbacRoleDefinition roleDefinition, final RbacUserReference user) {
|
||||
return grantDefs.stream()
|
||||
.filter(g -> g.subRoleDef == roleDefinition && g.userDef == user)
|
||||
.findFirst()
|
||||
.orElseGet(() -> new RbacGrantDefinition(roleDefinition, user));
|
||||
}
|
||||
|
||||
private RbacGrantDefinition findOrCreateGrantDef(final RbacPermissionDefinition permDef, final RbacRoleDefinition roleDef) {
|
||||
return grantDefs.stream()
|
||||
.filter(g -> g.permDef == permDef && g.subRoleDef == roleDef)
|
||||
.findFirst()
|
||||
.orElseGet(() -> new RbacGrantDefinition(permDef, roleDef));
|
||||
}
|
||||
|
||||
private RbacGrantDefinition findOrCreateGrantDef(final RbacRoleDefinition subRoleDefinition, final RbacRoleDefinition superRoleDefinition) {
|
||||
return grantDefs.stream()
|
||||
.filter(g -> g.subRoleDef == subRoleDefinition && g.superRoleDef == superRoleDefinition)
|
||||
.findFirst()
|
||||
.orElseGet(() -> new RbacGrantDefinition(subRoleDefinition, superRoleDefinition));
|
||||
}
|
||||
|
||||
record EntityAlias(String aliasName, Class<? extends RbacObject> entityClass, SQL fetchSql, Column dependsOnColum) {
|
||||
|
||||
@ -1,5 +1,7 @@
|
||||
package net.hostsharing.hsadminng.rbac.rbacdef;
|
||||
|
||||
import net.hostsharing.hsadminng.hs.office.bankaccount.HsOfficeBankAccountEntity;
|
||||
import net.hostsharing.hsadminng.hs.office.debitor.HsOfficeDebitorEntity;
|
||||
import net.hostsharing.hsadminng.hs.office.relationship.HsOfficeRelationshipEntity;
|
||||
import org.apache.commons.lang3.StringUtils;
|
||||
|
||||
@ -149,8 +151,8 @@ public class RbacViewMermaidFlowchart {
|
||||
}
|
||||
|
||||
public static void main(String[] args) throws IOException {
|
||||
// new RbacViewMermaidFlowchart(HsOfficeBankAccountEntity.rbac()).generateToMarkdownFile();
|
||||
new RbacViewMermaidFlowchart(HsOfficeBankAccountEntity.rbac()).generateToMarkdownFile();
|
||||
new RbacViewMermaidFlowchart(HsOfficeRelationshipEntity.rbac()).generateToMarkdownFile();
|
||||
// new RbacViewMermaidFlowchart(HsOfficeDebitorEntity.rbac()).generateToMarkdownFile();
|
||||
new RbacViewMermaidFlowchart(HsOfficeDebitorEntity.rbac()).generateToMarkdownFile();
|
||||
}
|
||||
}
|
||||
|
||||
@ -15,8 +15,8 @@ class TestCustomerEntityTest {
|
||||
flowchart TB
|
||||
|
||||
subgraph contact["`**contact**`"]
|
||||
direction TB
|
||||
style contact fill:#dd4901,stroke:darkblue,stroke-width:8px
|
||||
direction TB
|
||||
style contact fill:#dd4901,stroke:darkblue,stroke-width:8px
|
||||
|
||||
subgraph contact:roles[ ]
|
||||
style contact:roles fill: #dd4901
|
||||
@ -37,15 +37,11 @@ class TestCustomerEntityTest {
|
||||
|
||||
user:creator ==> role:contact:owner
|
||||
role:global:admin ==> role:contact:owner
|
||||
role:global:admin ==> role:contact:owner
|
||||
role:contact:owner ==> perm:contact:*
|
||||
role:contact:owner ==> perm:contact:*
|
||||
role:contact:owner ==> role:contact:admin
|
||||
role:contact:admin ==> perm:contact:add-package
|
||||
role:contact:admin ==> perm:contact:add-package
|
||||
role:contact:admin ==> role:contact:tenant
|
||||
role:contact:tenant ==> perm:contact:view
|
||||
role:contact:tenant ==> perm:contact:view
|
||||
""");
|
||||
}
|
||||
}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user