RBAC Diagram+PostgreSQL Generator #21

Merged
hsh-michaelhoennig merged 54 commits from experimental-rbacview-generator into master 2024-03-11 12:30:44 +01:00
2 changed files with 36 additions and 10 deletions
Showing only changes of commit a0473976d5 - Show all commits

View File

@ -16,10 +16,9 @@ import jakarta.persistence.Id;
import jakarta.persistence.Table; import jakarta.persistence.Table;
import java.util.UUID; import java.util.UUID;
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.GLOBAL; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.*;
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.*; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.*;
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.*; import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.*;
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.rbacViewFor;
import static net.hostsharing.hsadminng.stringify.Stringify.stringify; import static net.hostsharing.hsadminng.stringify.Stringify.stringify;
@Entity @Entity
@ -104,28 +103,28 @@ public class HsOfficeBankAccountEntity implements HasUuid, Stringifyable {
"defaultPrefix" /* TODO: do we want that updatable? */ ) "defaultPrefix" /* TODO: do we want that updatable? */ )
.createPermission(extraPermission("new-debitor")).grantedTo("global", ADMIN).pop() .createPermission(extraPermission("new-debitor")).grantedTo("global", ADMIN).pop()
.defineEntityAlias("debitorRel", HsOfficeRelationshipEntity.class, """ .defineEntityAlias("debitorRel", HsOfficeRelationshipEntity.class, fetchedBySql("""
SELECT * SELECT *
FROM hs_office_relationship AS r FROM hs_office_relationship AS r
WHERE r.relType = 'ACCOUNTING' AND r.relHolderUuid = ${REF}.debitorRelUuid; WHERE r.relType = 'ACCOUNTING' AND r.relHolderUuid = ${REF}.debitorRelUuid;
""", "debitorRelUuid") """), dependsOnColumn("debitorRelUuid"))
.createPermission(ALL).grantedTo("hsOfficeRelationship:DEBITOR", OWNER).pop() .createPermission(ALL).grantedTo("hsOfficeRelationship:DEBITOR", OWNER).pop()
.createPermission(UPDATE).grantedTo("hsOfficeRelationship:DEBITOR", ADMIN).pop() .createPermission(UPDATE).grantedTo("hsOfficeRelationship:DEBITOR", ADMIN).pop()
.createPermission(READ).grantedTo("hsOfficeRelationship:DEBITOR", TENANT).pop() .createPermission(READ).grantedTo("hsOfficeRelationship:DEBITOR", TENANT).pop()
.defineEntityAlias("bankAccount", HsOfficeBankAccountEntity.class, """ .defineEntityAlias("bankAccount", HsOfficeBankAccountEntity.class, fetchedBySql("""
SELECT * SELECT *
FROM hs_office_relationship AS r FROM hs_office_relationship AS r
WHERE r.relType = 'ACCOUNTING' AND r.relHolderUuid = ${REF}.debitorRelUuid; WHERE r.relType = 'ACCOUNTING' AND r.relHolderUuid = ${REF}.debitorRelUuid;
""", "bankAccountUuid") """), dependsOnColumn("bankAccountUuid"))
.toRole("hsOfficeBankAccount", ADMIN).grantRole("debitorRel", AGENT) .toRole("hsOfficeBankAccount", ADMIN).grantRole("debitorRel", AGENT)
.toRole("debitorRel", AGENT).grantRole("hsOfficeBankAccount", REFERRER) .toRole("debitorRel", AGENT).grantRole("hsOfficeBankAccount", REFERRER)
.defineEntityAlias("partnerRel", HsOfficeRelationshipEntity.class, """ .defineEntityAlias("partnerRel", HsOfficeRelationshipEntity.class, fetchedBySql("""
SELECT * SELECT *
FROM hs_office_relationship AS partnerRel FROM hs_office_relationship AS partnerRel
WHERE ${debitorRel}.relAnchorUuid = partnerRel.relHolderUuid; WHERE ${debitorRel}.relAnchorUuid = partnerRel.relHolderUuid;
""", "debitorRelUuid") """), dependsOnColumn("debitorRelUuid"))
.toRole("partnerRel", ADMIN).grantRole("debitorRel", ADMIN) .toRole("partnerRel", ADMIN).grantRole("debitorRel", ADMIN)
.toRole("debitorRel", ADMIN).grantRole("partnerRel", AGENT) .toRole("debitorRel", ADMIN).grantRole("partnerRel", AGENT)
.toRole("partnerRel", AGENT).grantRole("debitorRel", AGENT) .toRole("partnerRel", AGENT).grantRole("debitorRel", AGENT)

View File

@ -7,6 +7,14 @@ public class RbacView<E extends HasUuid> {
public static final String GLOBAL = "global"; public static final String GLOBAL = "global";
public static SQL fetchedBySql(final String sql) {
return new SQL(sql);
}
public static Column dependsOnColumn(final String column) {
return new Column(column);
}
public static <E extends HasUuid> RbacView<E> rbacViewFor(final Class<E> entityClass) { public static <E extends HasUuid> RbacView<E> rbacViewFor(final Class<E> entityClass) {
return new RbacView<>(entityClass); return new RbacView<>(entityClass);
} }
@ -39,7 +47,7 @@ public class RbacView<E extends HasUuid> {
} }
public <EC extends HasUuid> RbacView<E> defineEntityAlias( public <EC extends HasUuid> RbacView<E> defineEntityAlias(
final String alias, final Class<EC> entityClass, final String fetchSql, final String dependsOnColum) { final String alias, final Class<EC> entityClass, final SQL fetchSql, final Column dependsOnColum) {
return this; return this;
} }
@ -123,9 +131,10 @@ public class RbacView<E extends HasUuid> {
public static final Role AGENT = new Role("agent"); public static final Role AGENT = new Role("agent");
public static final Role TENANT = new Role("tenant"); public static final Role TENANT = new Role("tenant");
public static final Role REFERRER = new Role("referrer"); public static final Role REFERRER = new Role("referrer");
private final String roleName;
public Role(final String roleName) { public Role(final String roleName) {
this.roleName = roleName;
} }
} }
@ -144,4 +153,22 @@ public class RbacView<E extends HasUuid> {
this.permission = permission; this.permission = permission;
} }
} }
public static class SQL {
public final String sql;
public SQL(final String sql) {
this.sql = sql;
}
}
public static class Column {
public final String column;
public Column(final String column) {
this.column = column;
}
}
} }