RBAC Diagram+PostgreSQL Generator #21

Merged
hsh-michaelhoennig merged 54 commits from experimental-rbacview-generator into master 2024-03-11 12:30:44 +01:00
3 changed files with 52 additions and 30 deletions
Showing only changes of commit 2171424118 - Show all commits

View File

@ -71,14 +71,14 @@ public class RbacView {
public RbacView createSubRole(final Role role) { public RbacView createSubRole(final Role role) {
final RbacRoleDefinition newRoleDef = findRbacRole(entityAlias, role).toCreate(); final RbacRoleDefinition newRoleDef = findRbacRole(entityAlias, role).toCreate();
new RbacGrantDefinition(newRoleDef, previousRoleDef).toCreate(); findOrCreateGrantDef(newRoleDef, previousRoleDef).toCreate();
previousRoleDef = newRoleDef; previousRoleDef = newRoleDef;
return this; return this;
} }
public RbacView createSubRole(final Role role, final Consumer<RbacRoleDefinition> with) { public RbacView createSubRole(final Role role, final Consumer<RbacRoleDefinition> with) {
final RbacRoleDefinition newRoleDef = findRbacRole(entityAlias, role).toCreate(); final RbacRoleDefinition newRoleDef = findRbacRole(entityAlias, role).toCreate();
new RbacGrantDefinition(newRoleDef, previousRoleDef).toCreate(); findOrCreateGrantDef(newRoleDef, previousRoleDef).toCreate();
with.accept(newRoleDef); with.accept(newRoleDef);
previousRoleDef = newRoleDef; previousRoleDef = newRoleDef;
return this; return this;
@ -146,7 +146,7 @@ public class RbacView {
}); });
importedRbacView.getGrantDefs().forEach(grantDef -> { importedRbacView.getGrantDefs().forEach(grantDef -> {
if (grantDef.grantType() == RbacGrantDefinition.GrantType.ROLE_TO_ROLE) { if (grantDef.grantType() == RbacGrantDefinition.GrantType.ROLE_TO_ROLE) {
new RbacGrantDefinition( findOrCreateGrantDef(
findRbacRole(mapper.map(grantDef.getSubRoleDef().entityAlias.aliasName), grantDef.getSubRoleDef().getRole()), findRbacRole(mapper.map(grantDef.getSubRoleDef().entityAlias.aliasName), grantDef.getSubRoleDef().getRole()),
findRbacRole(mapper.map(grantDef.getSuperRoleDef().entityAlias.aliasName), grantDef.getSuperRoleDef().getRole()) findRbacRole(mapper.map(grantDef.getSuperRoleDef().entityAlias.aliasName), grantDef.getSuperRoleDef().getRole())
); );
@ -165,15 +165,15 @@ public class RbacView {
private RbacGrantDefinition grantRoleToUser(final RbacRoleDefinition roleDefinition, final RbacUserReference user) { private RbacGrantDefinition grantRoleToUser(final RbacRoleDefinition roleDefinition, final RbacUserReference user) {
return new RbacGrantDefinition(roleDefinition, user).toCreate(); return findOrCreateGrantDef(roleDefinition, user).toCreate();
} }
private RbacGrantDefinition grantPermissionToRole(final RbacPermissionDefinition permDef , final RbacRoleDefinition roleDef) { private RbacGrantDefinition grantPermissionToRole(final RbacPermissionDefinition permDef , final RbacRoleDefinition roleDef) {
return new RbacGrantDefinition(permDef, roleDef).toCreate(); return findOrCreateGrantDef(permDef, roleDef).toCreate();
} }
private RbacGrantDefinition grantSubRoleToSuperRole(final RbacRoleDefinition subRoleDefinition, final RbacRoleDefinition superRoleDefinition) { private RbacGrantDefinition grantSubRoleToSuperRole(final RbacRoleDefinition subRoleDefinition, final RbacRoleDefinition superRoleDefinition) {
return new RbacGrantDefinition(subRoleDefinition, superRoleDefinition).toCreate(); return findOrCreateGrantDef(subRoleDefinition, superRoleDefinition).toCreate();
} }
boolean isMainEntityAlias(final EntityAlias entityAlias) { boolean isMainEntityAlias(final EntityAlias entityAlias) {
@ -193,7 +193,7 @@ public class RbacView {
} }
public RbacView grantRole(final String entityAlias, final Role role) { public RbacView grantRole(final String entityAlias, final Role role) {
new RbacGrantDefinition(findRbacRole(entityAlias, role), superRoleDef).toCreate(); findOrCreateGrantDef(findRbacRole(entityAlias, role), superRoleDef).toCreate();
return RbacView.this; return RbacView.this;
} }
@ -210,19 +210,20 @@ public class RbacView {
@Override @Override
public String toString() { public String toString() {
final var arrow = isAssumed() ? " --> " : " -- // --> ";
return switch (grantType()) { return switch (grantType()) {
case USER_TO_ROLE -> userDef.toString() + " --> " + subRoleDef.toString(); case USER_TO_ROLE -> userDef.toString() + arrow + subRoleDef.toString();
case ROLE_TO_ROLE -> superRoleDef + " --> " + subRoleDef; case ROLE_TO_ROLE -> superRoleDef + arrow + subRoleDef;
case ROLE_TO_PERM -> superRoleDef + " --> " + permDef; case ROLE_TO_PERM -> superRoleDef + arrow + permDef;
}; };
} }
public RbacGrantDefinition(final RbacRoleDefinition subRoleDef, final RbacRoleDefinition superRoleDef) { RbacGrantDefinition(final RbacRoleDefinition subRoleDef, final RbacRoleDefinition superRoleDef) {
this.userDef = null; this.userDef = null;
this.subRoleDef = subRoleDef; this.subRoleDef = subRoleDef;
this.superRoleDef = superRoleDef; this.superRoleDef = superRoleDef;
this.permDef = null; this.permDef = null;
grantDefs.add(this); register(this);
} }
public RbacGrantDefinition(final RbacPermissionDefinition permDef, final RbacRoleDefinition roleDef) { public RbacGrantDefinition(final RbacPermissionDefinition permDef, final RbacRoleDefinition roleDef) {
@ -230,7 +231,7 @@ public class RbacView {
this.subRoleDef = null; this.subRoleDef = null;
this.superRoleDef = roleDef; this.superRoleDef = roleDef;
this.permDef = permDef; this.permDef = permDef;
grantDefs.add(this); register(this);
} }
public RbacGrantDefinition(final RbacRoleDefinition roleDef, final RbacUserReference userDef) { public RbacGrantDefinition(final RbacRoleDefinition roleDef, final RbacUserReference userDef) {
@ -238,6 +239,11 @@ public class RbacView {
this.subRoleDef = roleDef; this.subRoleDef = roleDef;
this.superRoleDef = null; this.superRoleDef = null;
this.permDef = null; this.permDef = null;
register(this);
}
private void register(final RbacGrantDefinition rbacGrantDefinition) {
grantDefs.add(rbacGrantDefinition);
} }
@NotNull @NotNull
@ -268,10 +274,6 @@ public class RbacView {
} }
} }
private void addGrant(final RbacGrantDefinition grant) {
grantDefs.add(grant);
}
public class RbacExampleRole { public class RbacExampleRole {
final EntityAlias subRoleEntity; final EntityAlias subRoleEntity;
@ -317,7 +319,7 @@ public class RbacView {
} }
public RbacPermissionDefinition grantedTo(final String entityAlias, final Role role) { public RbacPermissionDefinition grantedTo(final String entityAlias, final Role role) {
new RbacGrantDefinition(this, findRbacRole(entityAlias, role) ).toCreate(); findOrCreateGrantDef(this, findRbacRole(entityAlias, role) ).toCreate();
return this; return this;
} }
@ -347,24 +349,24 @@ public class RbacView {
} }
public RbacRoleDefinition owningUser(final RbacUserReference.UserRole userRole) { public RbacRoleDefinition owningUser(final RbacUserReference.UserRole userRole) {
addGrant(grantRoleToUser(this, findUserRef(userRole))); grantRoleToUser(this, findUserRef(userRole));
return this; return this;
} }
public RbacRoleDefinition permission(final Permission permission) { public RbacRoleDefinition permission(final Permission permission) {
addGrant(grantPermissionToRole( createPermission(entityAlias, permission) , this)); grantPermissionToRole( createPermission(entityAlias, permission) , this);
return this; return this;
} }
public RbacRoleDefinition incomingSuperRole(final String entityAlias, final Role role) { public RbacRoleDefinition incomingSuperRole(final String entityAlias, final Role role) {
final var incomingSuperRole = findRbacRole(entityAlias, role); final var incomingSuperRole = findRbacRole(entityAlias, role);
addGrant(grantSubRoleToSuperRole(this, incomingSuperRole)); grantSubRoleToSuperRole(this, incomingSuperRole);
return this; return this;
} }
public RbacRoleDefinition outgoingSubRole(final String entityAlias, final Role role) { public RbacRoleDefinition outgoingSubRole(final String entityAlias, final Role role) {
final var outgoingSubRole = findRbacRole(entityAlias, role); final var outgoingSubRole = findRbacRole(entityAlias, role);
addGrant(grantSubRoleToSuperRole(outgoingSubRole, this)); grantSubRoleToSuperRole(outgoingSubRole, this);
return this; return this;
} }
@ -414,6 +416,28 @@ public class RbacView {
public RbacRoleDefinition findRbacRole(final String entityAliasName, final Role role) { public RbacRoleDefinition findRbacRole(final String entityAliasName, final Role role) {
return findRbacRole(findEntityAlias(entityAliasName), role); return findRbacRole(findEntityAlias(entityAliasName), role);
}
private RbacGrantDefinition findOrCreateGrantDef(final RbacRoleDefinition roleDefinition, final RbacUserReference user) {
return grantDefs.stream()
.filter(g -> g.subRoleDef == roleDefinition && g.userDef == user)
.findFirst()
.orElseGet(() -> new RbacGrantDefinition(roleDefinition, user));
}
private RbacGrantDefinition findOrCreateGrantDef(final RbacPermissionDefinition permDef, final RbacRoleDefinition roleDef) {
return grantDefs.stream()
.filter(g -> g.permDef == permDef && g.subRoleDef == roleDef)
.findFirst()
.orElseGet(() -> new RbacGrantDefinition(permDef, roleDef));
}
private RbacGrantDefinition findOrCreateGrantDef(final RbacRoleDefinition subRoleDefinition, final RbacRoleDefinition superRoleDefinition) {
return grantDefs.stream()
.filter(g -> g.subRoleDef == subRoleDefinition && g.superRoleDef == superRoleDefinition)
.findFirst()
.orElseGet(() -> new RbacGrantDefinition(subRoleDefinition, superRoleDefinition));
} }
record EntityAlias(String aliasName, Class<? extends RbacObject> entityClass, SQL fetchSql, Column dependsOnColum) { record EntityAlias(String aliasName, Class<? extends RbacObject> entityClass, SQL fetchSql, Column dependsOnColum) {

View File

@ -1,5 +1,7 @@
package net.hostsharing.hsadminng.rbac.rbacdef; package net.hostsharing.hsadminng.rbac.rbacdef;
import net.hostsharing.hsadminng.hs.office.bankaccount.HsOfficeBankAccountEntity;
import net.hostsharing.hsadminng.hs.office.debitor.HsOfficeDebitorEntity;
import net.hostsharing.hsadminng.hs.office.relationship.HsOfficeRelationshipEntity; import net.hostsharing.hsadminng.hs.office.relationship.HsOfficeRelationshipEntity;
import org.apache.commons.lang3.StringUtils; import org.apache.commons.lang3.StringUtils;
@ -149,8 +151,8 @@ public class RbacViewMermaidFlowchart {
} }
public static void main(String[] args) throws IOException { public static void main(String[] args) throws IOException {
// new RbacViewMermaidFlowchart(HsOfficeBankAccountEntity.rbac()).generateToMarkdownFile(); new RbacViewMermaidFlowchart(HsOfficeBankAccountEntity.rbac()).generateToMarkdownFile();
new RbacViewMermaidFlowchart(HsOfficeRelationshipEntity.rbac()).generateToMarkdownFile(); new RbacViewMermaidFlowchart(HsOfficeRelationshipEntity.rbac()).generateToMarkdownFile();
// new RbacViewMermaidFlowchart(HsOfficeDebitorEntity.rbac()).generateToMarkdownFile(); new RbacViewMermaidFlowchart(HsOfficeDebitorEntity.rbac()).generateToMarkdownFile();
} }
} }

View File

@ -15,8 +15,8 @@ class TestCustomerEntityTest {
flowchart TB flowchart TB
subgraph contact["`**contact**`"] subgraph contact["`**contact**`"]
direction TB direction TB
style contact fill:#dd4901,stroke:darkblue,stroke-width:8px style contact fill:#dd4901,stroke:darkblue,stroke-width:8px
subgraph contact:roles[ ] subgraph contact:roles[ ]
style contact:roles fill: #dd4901 style contact:roles fill: #dd4901
@ -37,15 +37,11 @@ class TestCustomerEntityTest {
user:creator ==> role:contact:owner user:creator ==> role:contact:owner
role:global:admin ==> role:contact:owner role:global:admin ==> role:contact:owner
role:global:admin ==> role:contact:owner
role:contact:owner ==> perm:contact:*
role:contact:owner ==> perm:contact:* role:contact:owner ==> perm:contact:*
role:contact:owner ==> role:contact:admin role:contact:owner ==> role:contact:admin
role:contact:admin ==> perm:contact:add-package role:contact:admin ==> perm:contact:add-package
role:contact:admin ==> perm:contact:add-package
role:contact:admin ==> role:contact:tenant role:contact:admin ==> role:contact:tenant
role:contact:tenant ==> perm:contact:view role:contact:tenant ==> perm:contact:view
role:contact:tenant ==> perm:contact:view
"""); """);
} }
} }