RBAC Diagram+PostgreSQL Generator #21
@ -16,10 +16,9 @@ import jakarta.persistence.Id;
|
|||||||
import jakarta.persistence.Table;
|
import jakarta.persistence.Table;
|
||||||
import java.util.UUID;
|
import java.util.UUID;
|
||||||
|
|
||||||
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.GLOBAL;
|
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.*;
|
||||||
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.*;
|
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.*;
|
||||||
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.*;
|
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.*;
|
||||||
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.rbacViewFor;
|
|
||||||
import static net.hostsharing.hsadminng.stringify.Stringify.stringify;
|
import static net.hostsharing.hsadminng.stringify.Stringify.stringify;
|
||||||
|
|
||||||
@Entity
|
@Entity
|
||||||
@ -104,28 +103,28 @@ public class HsOfficeBankAccountEntity implements HasUuid, Stringifyable {
|
|||||||
"defaultPrefix" /* TODO: do we want that updatable? */ )
|
"defaultPrefix" /* TODO: do we want that updatable? */ )
|
||||||
.createPermission(extraPermission("new-debitor")).grantedTo("global", ADMIN).pop()
|
.createPermission(extraPermission("new-debitor")).grantedTo("global", ADMIN).pop()
|
||||||
|
|
||||||
.defineEntityAlias("debitorRel", HsOfficeRelationshipEntity.class, """
|
.defineEntityAlias("debitorRel", HsOfficeRelationshipEntity.class, fetchedBySql("""
|
||||||
SELECT *
|
SELECT *
|
||||||
FROM hs_office_relationship AS r
|
FROM hs_office_relationship AS r
|
||||||
WHERE r.relType = 'ACCOUNTING' AND r.relHolderUuid = ${REF}.debitorRelUuid;
|
WHERE r.relType = 'ACCOUNTING' AND r.relHolderUuid = ${REF}.debitorRelUuid;
|
||||||
""", "debitorRelUuid")
|
"""), dependsOnColumn("debitorRelUuid"))
|
||||||
.createPermission(ALL).grantedTo("hsOfficeRelationship:DEBITOR", OWNER).pop()
|
.createPermission(ALL).grantedTo("hsOfficeRelationship:DEBITOR", OWNER).pop()
|
||||||
.createPermission(UPDATE).grantedTo("hsOfficeRelationship:DEBITOR", ADMIN).pop()
|
.createPermission(UPDATE).grantedTo("hsOfficeRelationship:DEBITOR", ADMIN).pop()
|
||||||
.createPermission(READ).grantedTo("hsOfficeRelationship:DEBITOR", TENANT).pop()
|
.createPermission(READ).grantedTo("hsOfficeRelationship:DEBITOR", TENANT).pop()
|
||||||
|
|
||||||
.defineEntityAlias("bankAccount", HsOfficeBankAccountEntity.class, """
|
.defineEntityAlias("bankAccount", HsOfficeBankAccountEntity.class, fetchedBySql("""
|
||||||
SELECT *
|
SELECT *
|
||||||
FROM hs_office_relationship AS r
|
FROM hs_office_relationship AS r
|
||||||
WHERE r.relType = 'ACCOUNTING' AND r.relHolderUuid = ${REF}.debitorRelUuid;
|
WHERE r.relType = 'ACCOUNTING' AND r.relHolderUuid = ${REF}.debitorRelUuid;
|
||||||
""", "bankAccountUuid")
|
"""), dependsOnColumn("bankAccountUuid"))
|
||||||
.toRole("hsOfficeBankAccount", ADMIN).grantRole("debitorRel", AGENT)
|
.toRole("hsOfficeBankAccount", ADMIN).grantRole("debitorRel", AGENT)
|
||||||
.toRole("debitorRel", AGENT).grantRole("hsOfficeBankAccount", REFERRER)
|
.toRole("debitorRel", AGENT).grantRole("hsOfficeBankAccount", REFERRER)
|
||||||
|
|
||||||
.defineEntityAlias("partnerRel", HsOfficeRelationshipEntity.class, """
|
.defineEntityAlias("partnerRel", HsOfficeRelationshipEntity.class, fetchedBySql("""
|
||||||
SELECT *
|
SELECT *
|
||||||
FROM hs_office_relationship AS partnerRel
|
FROM hs_office_relationship AS partnerRel
|
||||||
WHERE ${debitorRel}.relAnchorUuid = partnerRel.relHolderUuid;
|
WHERE ${debitorRel}.relAnchorUuid = partnerRel.relHolderUuid;
|
||||||
""", "debitorRelUuid")
|
"""), dependsOnColumn("debitorRelUuid"))
|
||||||
.toRole("partnerRel", ADMIN).grantRole("debitorRel", ADMIN)
|
.toRole("partnerRel", ADMIN).grantRole("debitorRel", ADMIN)
|
||||||
.toRole("debitorRel", ADMIN).grantRole("partnerRel", AGENT)
|
.toRole("debitorRel", ADMIN).grantRole("partnerRel", AGENT)
|
||||||
.toRole("partnerRel", AGENT).grantRole("debitorRel", AGENT)
|
.toRole("partnerRel", AGENT).grantRole("debitorRel", AGENT)
|
||||||
|
@ -7,6 +7,14 @@ public class RbacView<E extends HasUuid> {
|
|||||||
|
|
||||||
public static final String GLOBAL = "global";
|
public static final String GLOBAL = "global";
|
||||||
|
|
||||||
|
public static SQL fetchedBySql(final String sql) {
|
||||||
|
return new SQL(sql);
|
||||||
|
}
|
||||||
|
|
||||||
|
public static Column dependsOnColumn(final String column) {
|
||||||
|
return new Column(column);
|
||||||
|
}
|
||||||
|
|
||||||
public static <E extends HasUuid> RbacView<E> rbacViewFor(final Class<E> entityClass) {
|
public static <E extends HasUuid> RbacView<E> rbacViewFor(final Class<E> entityClass) {
|
||||||
return new RbacView<>(entityClass);
|
return new RbacView<>(entityClass);
|
||||||
}
|
}
|
||||||
@ -39,7 +47,7 @@ public class RbacView<E extends HasUuid> {
|
|||||||
}
|
}
|
||||||
|
|
||||||
public <EC extends HasUuid> RbacView<E> defineEntityAlias(
|
public <EC extends HasUuid> RbacView<E> defineEntityAlias(
|
||||||
final String alias, final Class<EC> entityClass, final String fetchSql, final String dependsOnColum) {
|
final String alias, final Class<EC> entityClass, final SQL fetchSql, final Column dependsOnColum) {
|
||||||
return this;
|
return this;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -123,9 +131,10 @@ public class RbacView<E extends HasUuid> {
|
|||||||
public static final Role AGENT = new Role("agent");
|
public static final Role AGENT = new Role("agent");
|
||||||
public static final Role TENANT = new Role("tenant");
|
public static final Role TENANT = new Role("tenant");
|
||||||
public static final Role REFERRER = new Role("referrer");
|
public static final Role REFERRER = new Role("referrer");
|
||||||
|
private final String roleName;
|
||||||
|
|
||||||
public Role(final String roleName) {
|
public Role(final String roleName) {
|
||||||
|
this.roleName = roleName;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -144,4 +153,22 @@ public class RbacView<E extends HasUuid> {
|
|||||||
this.permission = permission;
|
this.permission = permission;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public static class SQL {
|
||||||
|
|
||||||
|
public final String sql;
|
||||||
|
|
||||||
|
public SQL(final String sql) {
|
||||||
|
this.sql = sql;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
public static class Column {
|
||||||
|
|
||||||
|
public final String column;
|
||||||
|
|
||||||
|
public Column(final String column) {
|
||||||
|
this.column = column;
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user