RBAC Diagram+PostgreSQL Generator #21

Merged
hsh-michaelhoennig merged 54 commits from experimental-rbacview-generator into master 2024-03-11 12:30:44 +01:00
3 changed files with 52 additions and 30 deletions
Showing only changes of commit 2171424118 - Show all commits

View File

@ -71,14 +71,14 @@ public class RbacView {
public RbacView createSubRole(final Role role) {
final RbacRoleDefinition newRoleDef = findRbacRole(entityAlias, role).toCreate();
new RbacGrantDefinition(newRoleDef, previousRoleDef).toCreate();
findOrCreateGrantDef(newRoleDef, previousRoleDef).toCreate();
previousRoleDef = newRoleDef;
return this;
}
public RbacView createSubRole(final Role role, final Consumer<RbacRoleDefinition> with) {
final RbacRoleDefinition newRoleDef = findRbacRole(entityAlias, role).toCreate();
new RbacGrantDefinition(newRoleDef, previousRoleDef).toCreate();
findOrCreateGrantDef(newRoleDef, previousRoleDef).toCreate();
with.accept(newRoleDef);
previousRoleDef = newRoleDef;
return this;
@ -146,7 +146,7 @@ public class RbacView {
});
importedRbacView.getGrantDefs().forEach(grantDef -> {
if (grantDef.grantType() == RbacGrantDefinition.GrantType.ROLE_TO_ROLE) {
new RbacGrantDefinition(
findOrCreateGrantDef(
findRbacRole(mapper.map(grantDef.getSubRoleDef().entityAlias.aliasName), grantDef.getSubRoleDef().getRole()),
findRbacRole(mapper.map(grantDef.getSuperRoleDef().entityAlias.aliasName), grantDef.getSuperRoleDef().getRole())
);
@ -165,15 +165,15 @@ public class RbacView {
private RbacGrantDefinition grantRoleToUser(final RbacRoleDefinition roleDefinition, final RbacUserReference user) {
return new RbacGrantDefinition(roleDefinition, user).toCreate();
return findOrCreateGrantDef(roleDefinition, user).toCreate();
}
private RbacGrantDefinition grantPermissionToRole(final RbacPermissionDefinition permDef , final RbacRoleDefinition roleDef) {
return new RbacGrantDefinition(permDef, roleDef).toCreate();
return findOrCreateGrantDef(permDef, roleDef).toCreate();
}
private RbacGrantDefinition grantSubRoleToSuperRole(final RbacRoleDefinition subRoleDefinition, final RbacRoleDefinition superRoleDefinition) {
return new RbacGrantDefinition(subRoleDefinition, superRoleDefinition).toCreate();
return findOrCreateGrantDef(subRoleDefinition, superRoleDefinition).toCreate();
}
boolean isMainEntityAlias(final EntityAlias entityAlias) {
@ -193,7 +193,7 @@ public class RbacView {
}
public RbacView grantRole(final String entityAlias, final Role role) {
new RbacGrantDefinition(findRbacRole(entityAlias, role), superRoleDef).toCreate();
findOrCreateGrantDef(findRbacRole(entityAlias, role), superRoleDef).toCreate();
return RbacView.this;
}
@ -210,19 +210,20 @@ public class RbacView {
@Override
public String toString() {
final var arrow = isAssumed() ? " --> " : " -- // --> ";
return switch (grantType()) {
case USER_TO_ROLE -> userDef.toString() + " --> " + subRoleDef.toString();
case ROLE_TO_ROLE -> superRoleDef + " --> " + subRoleDef;
case ROLE_TO_PERM -> superRoleDef + " --> " + permDef;
case USER_TO_ROLE -> userDef.toString() + arrow + subRoleDef.toString();
case ROLE_TO_ROLE -> superRoleDef + arrow + subRoleDef;
case ROLE_TO_PERM -> superRoleDef + arrow + permDef;
};
}
public RbacGrantDefinition(final RbacRoleDefinition subRoleDef, final RbacRoleDefinition superRoleDef) {
RbacGrantDefinition(final RbacRoleDefinition subRoleDef, final RbacRoleDefinition superRoleDef) {
this.userDef = null;
this.subRoleDef = subRoleDef;
this.superRoleDef = superRoleDef;
this.permDef = null;
grantDefs.add(this);
register(this);
}
public RbacGrantDefinition(final RbacPermissionDefinition permDef, final RbacRoleDefinition roleDef) {
@ -230,7 +231,7 @@ public class RbacView {
this.subRoleDef = null;
this.superRoleDef = roleDef;
this.permDef = permDef;
grantDefs.add(this);
register(this);
}
public RbacGrantDefinition(final RbacRoleDefinition roleDef, final RbacUserReference userDef) {
@ -238,6 +239,11 @@ public class RbacView {
this.subRoleDef = roleDef;
this.superRoleDef = null;
this.permDef = null;
register(this);
}
private void register(final RbacGrantDefinition rbacGrantDefinition) {
grantDefs.add(rbacGrantDefinition);
}
@NotNull
@ -268,10 +274,6 @@ public class RbacView {
}
}
private void addGrant(final RbacGrantDefinition grant) {
grantDefs.add(grant);
}
public class RbacExampleRole {
final EntityAlias subRoleEntity;
@ -317,7 +319,7 @@ public class RbacView {
}
public RbacPermissionDefinition grantedTo(final String entityAlias, final Role role) {
new RbacGrantDefinition(this, findRbacRole(entityAlias, role) ).toCreate();
findOrCreateGrantDef(this, findRbacRole(entityAlias, role) ).toCreate();
return this;
}
@ -347,24 +349,24 @@ public class RbacView {
}
public RbacRoleDefinition owningUser(final RbacUserReference.UserRole userRole) {
addGrant(grantRoleToUser(this, findUserRef(userRole)));
grantRoleToUser(this, findUserRef(userRole));
return this;
}
public RbacRoleDefinition permission(final Permission permission) {
addGrant(grantPermissionToRole( createPermission(entityAlias, permission) , this));
grantPermissionToRole( createPermission(entityAlias, permission) , this);
return this;
}
public RbacRoleDefinition incomingSuperRole(final String entityAlias, final Role role) {
final var incomingSuperRole = findRbacRole(entityAlias, role);
addGrant(grantSubRoleToSuperRole(this, incomingSuperRole));
grantSubRoleToSuperRole(this, incomingSuperRole);
return this;
}
public RbacRoleDefinition outgoingSubRole(final String entityAlias, final Role role) {
final var outgoingSubRole = findRbacRole(entityAlias, role);
addGrant(grantSubRoleToSuperRole(outgoingSubRole, this));
grantSubRoleToSuperRole(outgoingSubRole, this);
return this;
}
@ -414,6 +416,28 @@ public class RbacView {
public RbacRoleDefinition findRbacRole(final String entityAliasName, final Role role) {
return findRbacRole(findEntityAlias(entityAliasName), role);
}
private RbacGrantDefinition findOrCreateGrantDef(final RbacRoleDefinition roleDefinition, final RbacUserReference user) {
return grantDefs.stream()
.filter(g -> g.subRoleDef == roleDefinition && g.userDef == user)
.findFirst()
.orElseGet(() -> new RbacGrantDefinition(roleDefinition, user));
}
private RbacGrantDefinition findOrCreateGrantDef(final RbacPermissionDefinition permDef, final RbacRoleDefinition roleDef) {
return grantDefs.stream()
.filter(g -> g.permDef == permDef && g.subRoleDef == roleDef)
.findFirst()
.orElseGet(() -> new RbacGrantDefinition(permDef, roleDef));
}
private RbacGrantDefinition findOrCreateGrantDef(final RbacRoleDefinition subRoleDefinition, final RbacRoleDefinition superRoleDefinition) {
return grantDefs.stream()
.filter(g -> g.subRoleDef == subRoleDefinition && g.superRoleDef == superRoleDefinition)
.findFirst()
.orElseGet(() -> new RbacGrantDefinition(subRoleDefinition, superRoleDefinition));
}
record EntityAlias(String aliasName, Class<? extends RbacObject> entityClass, SQL fetchSql, Column dependsOnColum) {

View File

@ -1,5 +1,7 @@
package net.hostsharing.hsadminng.rbac.rbacdef;
import net.hostsharing.hsadminng.hs.office.bankaccount.HsOfficeBankAccountEntity;
import net.hostsharing.hsadminng.hs.office.debitor.HsOfficeDebitorEntity;
import net.hostsharing.hsadminng.hs.office.relationship.HsOfficeRelationshipEntity;
import org.apache.commons.lang3.StringUtils;
@ -149,8 +151,8 @@ public class RbacViewMermaidFlowchart {
}
public static void main(String[] args) throws IOException {
// new RbacViewMermaidFlowchart(HsOfficeBankAccountEntity.rbac()).generateToMarkdownFile();
new RbacViewMermaidFlowchart(HsOfficeBankAccountEntity.rbac()).generateToMarkdownFile();
new RbacViewMermaidFlowchart(HsOfficeRelationshipEntity.rbac()).generateToMarkdownFile();
// new RbacViewMermaidFlowchart(HsOfficeDebitorEntity.rbac()).generateToMarkdownFile();
new RbacViewMermaidFlowchart(HsOfficeDebitorEntity.rbac()).generateToMarkdownFile();
}
}

View File

@ -37,15 +37,11 @@ class TestCustomerEntityTest {
user:creator ==> role:contact:owner
role:global:admin ==> role:contact:owner
role:global:admin ==> role:contact:owner
role:contact:owner ==> perm:contact:*
role:contact:owner ==> perm:contact:*
role:contact:owner ==> role:contact:admin
role:contact:admin ==> perm:contact:add-package
role:contact:admin ==> perm:contact:add-package
role:contact:admin ==> role:contact:tenant
role:contact:tenant ==> perm:contact:view
role:contact:tenant ==> perm:contact:view
""");
}
}