RBAC Diagram+PostgreSQL Generator #21
@ -71,14 +71,14 @@ public class RbacView {
|
|||||||
|
|
||||||
public RbacView createSubRole(final Role role) {
|
public RbacView createSubRole(final Role role) {
|
||||||
final RbacRoleDefinition newRoleDef = findRbacRole(entityAlias, role).toCreate();
|
final RbacRoleDefinition newRoleDef = findRbacRole(entityAlias, role).toCreate();
|
||||||
new RbacGrantDefinition(newRoleDef, previousRoleDef).toCreate();
|
findOrCreateGrantDef(newRoleDef, previousRoleDef).toCreate();
|
||||||
previousRoleDef = newRoleDef;
|
previousRoleDef = newRoleDef;
|
||||||
return this;
|
return this;
|
||||||
}
|
}
|
||||||
|
|
||||||
public RbacView createSubRole(final Role role, final Consumer<RbacRoleDefinition> with) {
|
public RbacView createSubRole(final Role role, final Consumer<RbacRoleDefinition> with) {
|
||||||
final RbacRoleDefinition newRoleDef = findRbacRole(entityAlias, role).toCreate();
|
final RbacRoleDefinition newRoleDef = findRbacRole(entityAlias, role).toCreate();
|
||||||
new RbacGrantDefinition(newRoleDef, previousRoleDef).toCreate();
|
findOrCreateGrantDef(newRoleDef, previousRoleDef).toCreate();
|
||||||
with.accept(newRoleDef);
|
with.accept(newRoleDef);
|
||||||
previousRoleDef = newRoleDef;
|
previousRoleDef = newRoleDef;
|
||||||
return this;
|
return this;
|
||||||
@ -146,7 +146,7 @@ public class RbacView {
|
|||||||
});
|
});
|
||||||
importedRbacView.getGrantDefs().forEach(grantDef -> {
|
importedRbacView.getGrantDefs().forEach(grantDef -> {
|
||||||
if (grantDef.grantType() == RbacGrantDefinition.GrantType.ROLE_TO_ROLE) {
|
if (grantDef.grantType() == RbacGrantDefinition.GrantType.ROLE_TO_ROLE) {
|
||||||
new RbacGrantDefinition(
|
findOrCreateGrantDef(
|
||||||
findRbacRole(mapper.map(grantDef.getSubRoleDef().entityAlias.aliasName), grantDef.getSubRoleDef().getRole()),
|
findRbacRole(mapper.map(grantDef.getSubRoleDef().entityAlias.aliasName), grantDef.getSubRoleDef().getRole()),
|
||||||
findRbacRole(mapper.map(grantDef.getSuperRoleDef().entityAlias.aliasName), grantDef.getSuperRoleDef().getRole())
|
findRbacRole(mapper.map(grantDef.getSuperRoleDef().entityAlias.aliasName), grantDef.getSuperRoleDef().getRole())
|
||||||
);
|
);
|
||||||
@ -165,15 +165,15 @@ public class RbacView {
|
|||||||
|
|
||||||
|
|
||||||
private RbacGrantDefinition grantRoleToUser(final RbacRoleDefinition roleDefinition, final RbacUserReference user) {
|
private RbacGrantDefinition grantRoleToUser(final RbacRoleDefinition roleDefinition, final RbacUserReference user) {
|
||||||
return new RbacGrantDefinition(roleDefinition, user).toCreate();
|
return findOrCreateGrantDef(roleDefinition, user).toCreate();
|
||||||
}
|
}
|
||||||
|
|
||||||
private RbacGrantDefinition grantPermissionToRole(final RbacPermissionDefinition permDef , final RbacRoleDefinition roleDef) {
|
private RbacGrantDefinition grantPermissionToRole(final RbacPermissionDefinition permDef , final RbacRoleDefinition roleDef) {
|
||||||
return new RbacGrantDefinition(permDef, roleDef).toCreate();
|
return findOrCreateGrantDef(permDef, roleDef).toCreate();
|
||||||
}
|
}
|
||||||
|
|
||||||
private RbacGrantDefinition grantSubRoleToSuperRole(final RbacRoleDefinition subRoleDefinition, final RbacRoleDefinition superRoleDefinition) {
|
private RbacGrantDefinition grantSubRoleToSuperRole(final RbacRoleDefinition subRoleDefinition, final RbacRoleDefinition superRoleDefinition) {
|
||||||
return new RbacGrantDefinition(subRoleDefinition, superRoleDefinition).toCreate();
|
return findOrCreateGrantDef(subRoleDefinition, superRoleDefinition).toCreate();
|
||||||
}
|
}
|
||||||
|
|
||||||
boolean isMainEntityAlias(final EntityAlias entityAlias) {
|
boolean isMainEntityAlias(final EntityAlias entityAlias) {
|
||||||
@ -193,7 +193,7 @@ public class RbacView {
|
|||||||
}
|
}
|
||||||
|
|
||||||
public RbacView grantRole(final String entityAlias, final Role role) {
|
public RbacView grantRole(final String entityAlias, final Role role) {
|
||||||
new RbacGrantDefinition(findRbacRole(entityAlias, role), superRoleDef).toCreate();
|
findOrCreateGrantDef(findRbacRole(entityAlias, role), superRoleDef).toCreate();
|
||||||
return RbacView.this;
|
return RbacView.this;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -210,19 +210,20 @@ public class RbacView {
|
|||||||
|
|
||||||
@Override
|
@Override
|
||||||
public String toString() {
|
public String toString() {
|
||||||
|
final var arrow = isAssumed() ? " --> " : " -- // --> ";
|
||||||
return switch (grantType()) {
|
return switch (grantType()) {
|
||||||
case USER_TO_ROLE -> userDef.toString() + " --> " + subRoleDef.toString();
|
case USER_TO_ROLE -> userDef.toString() + arrow + subRoleDef.toString();
|
||||||
case ROLE_TO_ROLE -> superRoleDef + " --> " + subRoleDef;
|
case ROLE_TO_ROLE -> superRoleDef + arrow + subRoleDef;
|
||||||
case ROLE_TO_PERM -> superRoleDef + " --> " + permDef;
|
case ROLE_TO_PERM -> superRoleDef + arrow + permDef;
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
public RbacGrantDefinition(final RbacRoleDefinition subRoleDef, final RbacRoleDefinition superRoleDef) {
|
RbacGrantDefinition(final RbacRoleDefinition subRoleDef, final RbacRoleDefinition superRoleDef) {
|
||||||
this.userDef = null;
|
this.userDef = null;
|
||||||
this.subRoleDef = subRoleDef;
|
this.subRoleDef = subRoleDef;
|
||||||
this.superRoleDef = superRoleDef;
|
this.superRoleDef = superRoleDef;
|
||||||
this.permDef = null;
|
this.permDef = null;
|
||||||
grantDefs.add(this);
|
register(this);
|
||||||
}
|
}
|
||||||
|
|
||||||
public RbacGrantDefinition(final RbacPermissionDefinition permDef, final RbacRoleDefinition roleDef) {
|
public RbacGrantDefinition(final RbacPermissionDefinition permDef, final RbacRoleDefinition roleDef) {
|
||||||
@ -230,7 +231,7 @@ public class RbacView {
|
|||||||
this.subRoleDef = null;
|
this.subRoleDef = null;
|
||||||
this.superRoleDef = roleDef;
|
this.superRoleDef = roleDef;
|
||||||
this.permDef = permDef;
|
this.permDef = permDef;
|
||||||
grantDefs.add(this);
|
register(this);
|
||||||
}
|
}
|
||||||
|
|
||||||
public RbacGrantDefinition(final RbacRoleDefinition roleDef, final RbacUserReference userDef) {
|
public RbacGrantDefinition(final RbacRoleDefinition roleDef, final RbacUserReference userDef) {
|
||||||
@ -238,6 +239,11 @@ public class RbacView {
|
|||||||
this.subRoleDef = roleDef;
|
this.subRoleDef = roleDef;
|
||||||
this.superRoleDef = null;
|
this.superRoleDef = null;
|
||||||
this.permDef = null;
|
this.permDef = null;
|
||||||
|
register(this);
|
||||||
|
}
|
||||||
|
|
||||||
|
private void register(final RbacGrantDefinition rbacGrantDefinition) {
|
||||||
|
grantDefs.add(rbacGrantDefinition);
|
||||||
}
|
}
|
||||||
|
|
||||||
@NotNull
|
@NotNull
|
||||||
@ -268,10 +274,6 @@ public class RbacView {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
private void addGrant(final RbacGrantDefinition grant) {
|
|
||||||
grantDefs.add(grant);
|
|
||||||
}
|
|
||||||
|
|
||||||
public class RbacExampleRole {
|
public class RbacExampleRole {
|
||||||
|
|
||||||
final EntityAlias subRoleEntity;
|
final EntityAlias subRoleEntity;
|
||||||
@ -317,7 +319,7 @@ public class RbacView {
|
|||||||
}
|
}
|
||||||
|
|
||||||
public RbacPermissionDefinition grantedTo(final String entityAlias, final Role role) {
|
public RbacPermissionDefinition grantedTo(final String entityAlias, final Role role) {
|
||||||
new RbacGrantDefinition(this, findRbacRole(entityAlias, role) ).toCreate();
|
findOrCreateGrantDef(this, findRbacRole(entityAlias, role) ).toCreate();
|
||||||
return this;
|
return this;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -347,24 +349,24 @@ public class RbacView {
|
|||||||
}
|
}
|
||||||
|
|
||||||
public RbacRoleDefinition owningUser(final RbacUserReference.UserRole userRole) {
|
public RbacRoleDefinition owningUser(final RbacUserReference.UserRole userRole) {
|
||||||
addGrant(grantRoleToUser(this, findUserRef(userRole)));
|
grantRoleToUser(this, findUserRef(userRole));
|
||||||
return this;
|
return this;
|
||||||
}
|
}
|
||||||
|
|
||||||
public RbacRoleDefinition permission(final Permission permission) {
|
public RbacRoleDefinition permission(final Permission permission) {
|
||||||
addGrant(grantPermissionToRole( createPermission(entityAlias, permission) , this));
|
grantPermissionToRole( createPermission(entityAlias, permission) , this);
|
||||||
return this;
|
return this;
|
||||||
}
|
}
|
||||||
|
|
||||||
public RbacRoleDefinition incomingSuperRole(final String entityAlias, final Role role) {
|
public RbacRoleDefinition incomingSuperRole(final String entityAlias, final Role role) {
|
||||||
final var incomingSuperRole = findRbacRole(entityAlias, role);
|
final var incomingSuperRole = findRbacRole(entityAlias, role);
|
||||||
addGrant(grantSubRoleToSuperRole(this, incomingSuperRole));
|
grantSubRoleToSuperRole(this, incomingSuperRole);
|
||||||
return this;
|
return this;
|
||||||
}
|
}
|
||||||
|
|
||||||
public RbacRoleDefinition outgoingSubRole(final String entityAlias, final Role role) {
|
public RbacRoleDefinition outgoingSubRole(final String entityAlias, final Role role) {
|
||||||
final var outgoingSubRole = findRbacRole(entityAlias, role);
|
final var outgoingSubRole = findRbacRole(entityAlias, role);
|
||||||
addGrant(grantSubRoleToSuperRole(outgoingSubRole, this));
|
grantSubRoleToSuperRole(outgoingSubRole, this);
|
||||||
return this;
|
return this;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -414,6 +416,28 @@ public class RbacView {
|
|||||||
|
|
||||||
public RbacRoleDefinition findRbacRole(final String entityAliasName, final Role role) {
|
public RbacRoleDefinition findRbacRole(final String entityAliasName, final Role role) {
|
||||||
return findRbacRole(findEntityAlias(entityAliasName), role);
|
return findRbacRole(findEntityAlias(entityAliasName), role);
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
private RbacGrantDefinition findOrCreateGrantDef(final RbacRoleDefinition roleDefinition, final RbacUserReference user) {
|
||||||
|
return grantDefs.stream()
|
||||||
|
.filter(g -> g.subRoleDef == roleDefinition && g.userDef == user)
|
||||||
|
.findFirst()
|
||||||
|
.orElseGet(() -> new RbacGrantDefinition(roleDefinition, user));
|
||||||
|
}
|
||||||
|
|
||||||
|
private RbacGrantDefinition findOrCreateGrantDef(final RbacPermissionDefinition permDef, final RbacRoleDefinition roleDef) {
|
||||||
|
return grantDefs.stream()
|
||||||
|
.filter(g -> g.permDef == permDef && g.subRoleDef == roleDef)
|
||||||
|
.findFirst()
|
||||||
|
.orElseGet(() -> new RbacGrantDefinition(permDef, roleDef));
|
||||||
|
}
|
||||||
|
|
||||||
|
private RbacGrantDefinition findOrCreateGrantDef(final RbacRoleDefinition subRoleDefinition, final RbacRoleDefinition superRoleDefinition) {
|
||||||
|
return grantDefs.stream()
|
||||||
|
.filter(g -> g.subRoleDef == subRoleDefinition && g.superRoleDef == superRoleDefinition)
|
||||||
|
.findFirst()
|
||||||
|
.orElseGet(() -> new RbacGrantDefinition(subRoleDefinition, superRoleDefinition));
|
||||||
}
|
}
|
||||||
|
|
||||||
record EntityAlias(String aliasName, Class<? extends RbacObject> entityClass, SQL fetchSql, Column dependsOnColum) {
|
record EntityAlias(String aliasName, Class<? extends RbacObject> entityClass, SQL fetchSql, Column dependsOnColum) {
|
||||||
|
@ -1,5 +1,7 @@
|
|||||||
package net.hostsharing.hsadminng.rbac.rbacdef;
|
package net.hostsharing.hsadminng.rbac.rbacdef;
|
||||||
|
|
||||||
|
import net.hostsharing.hsadminng.hs.office.bankaccount.HsOfficeBankAccountEntity;
|
||||||
|
import net.hostsharing.hsadminng.hs.office.debitor.HsOfficeDebitorEntity;
|
||||||
import net.hostsharing.hsadminng.hs.office.relationship.HsOfficeRelationshipEntity;
|
import net.hostsharing.hsadminng.hs.office.relationship.HsOfficeRelationshipEntity;
|
||||||
import org.apache.commons.lang3.StringUtils;
|
import org.apache.commons.lang3.StringUtils;
|
||||||
|
|
||||||
@ -149,8 +151,8 @@ public class RbacViewMermaidFlowchart {
|
|||||||
}
|
}
|
||||||
|
|
||||||
public static void main(String[] args) throws IOException {
|
public static void main(String[] args) throws IOException {
|
||||||
// new RbacViewMermaidFlowchart(HsOfficeBankAccountEntity.rbac()).generateToMarkdownFile();
|
new RbacViewMermaidFlowchart(HsOfficeBankAccountEntity.rbac()).generateToMarkdownFile();
|
||||||
new RbacViewMermaidFlowchart(HsOfficeRelationshipEntity.rbac()).generateToMarkdownFile();
|
new RbacViewMermaidFlowchart(HsOfficeRelationshipEntity.rbac()).generateToMarkdownFile();
|
||||||
// new RbacViewMermaidFlowchart(HsOfficeDebitorEntity.rbac()).generateToMarkdownFile();
|
new RbacViewMermaidFlowchart(HsOfficeDebitorEntity.rbac()).generateToMarkdownFile();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -37,15 +37,11 @@ class TestCustomerEntityTest {
|
|||||||
|
|
||||||
user:creator ==> role:contact:owner
|
user:creator ==> role:contact:owner
|
||||||
role:global:admin ==> role:contact:owner
|
role:global:admin ==> role:contact:owner
|
||||||
role:global:admin ==> role:contact:owner
|
|
||||||
role:contact:owner ==> perm:contact:*
|
|
||||||
role:contact:owner ==> perm:contact:*
|
role:contact:owner ==> perm:contact:*
|
||||||
role:contact:owner ==> role:contact:admin
|
role:contact:owner ==> role:contact:admin
|
||||||
role:contact:admin ==> perm:contact:add-package
|
role:contact:admin ==> perm:contact:add-package
|
||||||
role:contact:admin ==> perm:contact:add-package
|
|
||||||
role:contact:admin ==> role:contact:tenant
|
role:contact:admin ==> role:contact:tenant
|
||||||
role:contact:tenant ==> perm:contact:view
|
role:contact:tenant ==> perm:contact:view
|
||||||
role:contact:tenant ==> perm:contact:view
|
|
||||||
""");
|
""");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user