hostsharing/hs.hsadmin.ng
6
0
Fork 0
Code Pull Requests 2 Activity

RBAC Diagram+PostgreSQL Generator #21

Merged
hsh-michaelhoennig merged 54 commits from experimental-rbacview-generator into master 2024-03-11 12:30:44 +01:00
Conversation 0 Commits 54 Files Changed 91 +522 -90
4 changed files with 522 additions and 90 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit f11edc082d - Show all commits

63
src/main/java/net/hostsharing/hsadminng/hs/office/bankaccount/HsOfficeBankAccountEntity.java
View File

@ -17,8 +17,10 @@ import jakarta.persistence.Table;
import java.util.UUID;
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.*;
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Column.dependsOnColumn;
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.*;
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Role.*;
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.SQL.fetchedBySql;
import static net.hostsharing.hsadminng.stringify.Stringify.stringify;
@Entity
@ -57,29 +59,27 @@ public class HsOfficeBankAccountEntity implements HasUuid, Stringifyable {
return holder;
}
public static RbacView<HsOfficeBankAccountEntity> hsOfficeBankAccount() {
public static RbacView hsOfficeBankAccount() {
// @formatter:off
return rbacViewFor(HsOfficeBankAccountEntity.class)
.alias("bankAccount")
.withIdentityViewSqlQuery("target.iban || ':' || target.holder")
return rbacViewFor("bankAccount", HsOfficeBankAccountEntity.class)
.withIdentityView(SQL.query("target.iban || ':' || target.holder"))
.withUpdatableColumns("holder", "iban", "bic")
.createRole(OWNER)
.withCurrentUserAsOwner()
.withPermission(ALL)
.withIncomingSuperRole(GLOBAL, ADMIN)
.createSubRole(ADMIN)
.withPermission(UPDATE)
.withPermission(EDIT)
.createSubRole(REFERRER)
.withPermission(READ)
.withPermission(VIEW)
.pop();
// @formatter:on
}
public static RbacView<HsOfficeDebitorEntity> hsOfficeDebitor() {
public static RbacView hsOfficeDebitor() {
// @formatter:off
return rbacViewFor(HsOfficeDebitorEntity.class)
.alias("debitor")
.withIdentityViewSqlQuery("""
return rbacViewFor("debitor", HsOfficeDebitorEntity.class)
.withIdentityView(SQL.query("""
SELECT debitor.uuid,
'D-' || (SELECT partner.partnerNumber
FROM hs_office_partner partner
@ -90,7 +90,7 @@ public class HsOfficeBankAccountEntity implements HasUuid, Stringifyable {
WHERE debitorRel.uuid = debitor.debitorRelUuid)
|| to_char(debitorNumberSuffix, 'fm00')
from hs_office_debitor as debitor;
""")
"""))
.withUpdatableColumns(
"debitorRel",
"billable",
@ -101,32 +101,35 @@ public class HsOfficeBankAccountEntity implements HasUuid, Stringifyable {
"vatBusiness",
"vatreversecharge",
"defaultPrefix" /* TODO: do we want that updatable? */ )
.createPermission(extraPermission("new-debitor")).grantedTo("global", ADMIN).pop()
.createPermission(custom("new-debitor")).grantedTo("global", ADMIN).pop()
.defineEntityAlias("debitorRel", HsOfficeRelationshipEntity.class, fetchedBySql("""
.defineProxyEntityAlias("debitorRel", HsOfficeRelationshipEntity.class, fetchedBySql("""
SELECT *
FROM hs_office_relationship AS r
WHERE r.relType = 'ACCOUNTING' AND r.relHolderUuid = ${REF}.debitorRelUuid;
"""), dependsOnColumn("debitorRelUuid"))
.createPermission(ALL).grantedTo("hsOfficeRelationship:DEBITOR", OWNER).pop()
.createPermission(UPDATE).grantedTo("hsOfficeRelationship:DEBITOR", ADMIN).pop()
.createPermission(READ).grantedTo("hsOfficeRelationship:DEBITOR", TENANT).pop()
"""),
dependsOnColumn("debitorRelUuid"))
.createPermission(ALL).grantedTo("debitorRel", OWNER).pop()
.createPermission(EDIT).grantedTo("debitorRel", ADMIN).pop()
.createPermission(VIEW).grantedTo("debitorRel", TENANT).pop()
.defineEntityAlias("bankAccount", HsOfficeBankAccountEntity.class, fetchedBySql("""
SELECT *
FROM hs_office_relationship AS r
WHERE r.relType = 'ACCOUNTING' AND r.relHolderUuid = ${REF}.debitorRelUuid;
"""), dependsOnColumn("bankAccountUuid"))
.toRole("hsOfficeBankAccount", ADMIN).grantRole("debitorRel", AGENT)
.toRole("debitorRel", AGENT).grantRole("hsOfficeBankAccount", REFERRER)
.defineEntityAlias("refundBankAccount", HsOfficeBankAccountEntity.class, fetchedBySql("""
SELECT *
FROM hs_office_relationship AS r
WHERE r.relType = 'ACCOUNTING' AND r.relHolderUuid = ${REF}.debitorRelUuid;
"""),
dependsOnColumn("bankAccountUuid"))
.importRbacViewAs("refundBankAccount", HsOfficeBankAccountEntity.hsOfficeBankAccount())
.toRole("refundBankAccount", ADMIN).grantRole("debitorRel", AGENT)
.toRole("debitorRel", AGENT).grantRole("refundBankAccount", REFERRER)
.defineEntityAlias("partnerRel", HsOfficeRelationshipEntity.class, fetchedBySql("""
SELECT *
FROM hs_office_relationship AS partnerRel
WHERE ${debitorRel}.relAnchorUuid = partnerRel.relHolderUuid;
"""), dependsOnColumn("debitorRelUuid"))
.defineEntityAlias("partnerRel", HsOfficeRelationshipEntity.class, fetchedBySql("""
SELECT *
FROM hs_office_relationship AS partnerRel
WHERE ${debitorRel}.relAnchorUuid = partnerRel.relHolderUuid;
"""),
dependsOnColumn("debitorRelUuid"))
.toRole("partnerRel", ADMIN).grantRole("debitorRel", ADMIN)
.toRole("debitorRel", ADMIN).grantRole("partnerRel", AGENT)
.toRole("partnerRel", AGENT).grantRole("debitorRel", AGENT)
.toRole("debitorRel", AGENT).grantRole("partnerRel", TENANT)
.declareEntityAliases("partnerPerson", "operationalPerson")

401
src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RbacView.java
View File

@ -1,174 +1,459 @@
package net.hostsharing.hsadminng.rbac.rbacdef;
import lombok.EqualsAndHashCode;
import lombok.Getter;
import net.hostsharing.hsadminng.hs.office.relationship.HsOfficeRelationshipEntity;
import net.hostsharing.hsadminng.persistence.HasUuid;
public class RbacView<E extends HasUuid> {
import jakarta.validation.constraints.NotNull;
import java.util.*;
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.RbacUserDefinition.UserRole.CREATOR;
@Getter
public class RbacView {
public static final String GLOBAL = "global";
public static SQL fetchedBySql(final String sql) {
return new SQL(sql);
private final EntityAlias entityAlias;
private final Set<RbacUserDefinition> userDefs = new HashSet<>();
private final Set<RbacRoleDefinition> roleDefs = new HashSet<>();
private final Set<RbacPermissionDefinition> permDefs = new HashSet<>();
private final Map<String, EntityAlias> entityAliases = new HashMap<>() {
@Override
public EntityAlias put(final String key, final EntityAlias value) {
if ( containsKey(key) ) {
throw new IllegalArgumentException("duplicate entityAlias: " + key);
}
return super.put(key, value);
}
};
private final Set<String> updatableColumns = new TreeSet<>();
private final Set<RbacGrantDefinition> grantDefs = new HashSet<>();
private SQL identityViewSqlQuery;
private EntityAlias entityAliasProxy;
public static <E extends HasUuid> RbacView rbacViewFor(final String alias, final Class entityClass) {
return new RbacView(alias, entityClass);
}
public static Column dependsOnColumn(final String column) {
return new Column(column);
RbacView(final String alias, final Class entityClass) {
entityAlias = new EntityAlias(alias, entityClass);
entityAliases.put(alias, entityAlias);
new RbacUserDefinition(CREATOR);
entityAliases.put("global", new EntityAlias("global"));
}
public static <E extends HasUuid> RbacView<E> rbacViewFor(final Class<E> entityClass) {
return new RbacView<>(entityClass);
}
RbacView(final Class<E> entityClass) {
}
public RbacView<E> alias(final String bankAccount) {
public RbacView withUpdatableColumns(final String... columnNames) {
Collections.addAll(updatableColumns, columnNames);
return this;
}
public RbacView<E> withUpdatableColumns(final String... columnNames) {
public RbacView withIdentityView(final SQL sqlExpression) {
this.identityViewSqlQuery = sqlExpression;
return this;
}
public RbacView<E> withIdentityViewSqlQuery(final String sqlExpression) {
public RbacRoleDefinition createRole(final Role role) {
return findRbacRole(entityAlias, role);
}
public RbacPermissionDefinition createPermission(final Permission permission) {
return createPermission(entityAlias, permission);
}
private RbacPermissionDefinition createPermission(final EntityAlias entityAlias, final Permission permission) {
final RbacPermissionDefinition permDef = new RbacPermissionDefinition(entityAlias, permission, true);
permDefs.add(permDef);
return permDef;
}
public <EC extends HasUuid> RbacView declareEntityAliases(final String... aliasNames) {
for ( String alias: aliasNames ) {
entityAliases.put(alias, new EntityAlias(alias));
}
return this;
}
public RbacRoleDefinition<E> createRole(final Role role) {
return new RbacRoleDefinition<>(role);
}
public RbacPermissionDefinition<E> createPermission(final Permission permission) {
return new RbacPermissionDefinition<>(permission);
}
public <EC extends HasUuid> RbacView<E> declareEntityAliases(final String... aliases) {
public <EC extends HasUuid> RbacView defineProxyEntityAlias(
final String aliasName, final Class entityClass, final SQL fetchSql, final Column dependsOnColum) {
entityAliasProxy = new EntityAlias(aliasName, entityClass, fetchSql, dependsOnColum);
entityAliases.put(aliasName, entityAliasProxy);
return this;
}
public <EC extends HasUuid> RbacView<E> defineEntityAlias(
final String alias, final Class<EC> entityClass, final SQL fetchSql, final Column dependsOnColum) {
public <EC extends HasUuid> RbacView defineEntityAlias(
final String aliasName, final Class entityClass, final SQL fetchSql, final Column dependsOnColum) {
entityAliases.put(aliasName, new EntityAlias(aliasName, entityClass, fetchSql, dependsOnColum));
return this;
}
public RbacRole toRole(final String hsOfficeBankAccount, final Role role) {
return new RbacRole(hsOfficeBankAccount, role);
public RbacView importRbacViewAs(final String aliasName, final RbacView importedRbacView) {
final var mapper = new AliasNameMapper(importedRbacView, aliasName);
importedRbacView.getEntityAliases().values().forEach(entityAlias -> {
new EntityAlias( mapper.map(entityAlias.aliasName), entityAlias.entityClass);
});
importedRbacView.getRoleDefs().forEach(roleDef -> {
new RbacRoleDefinition( findEntityAlias(mapper.map(roleDef.entityAlias.aliasName)), roleDef.role);
});
importedRbacView.getGrantDefs().forEach(grantDef -> {
if (grantDef.grantType() == RbacGrantDefinition.GrantType.ROLE_TO_ROLE) {
new RbacGrantDefinition(
findRbacRole(mapper.map(grantDef.getSubRoleDef().entityAlias.aliasName), grantDef.getSubRoleDef().getRole()),
findRbacRole(mapper.map(grantDef.getSuperRoleDef().entityAlias.aliasName), grantDef.getSuperRoleDef().getRole())
);
}
});
return this;
}
public RbacGrantBuilder toRole(final String entityAlias, final Role role) {
return new RbacGrantBuilder(entityAlias, role);
}
public RbacExampleRole forExampleRole(final String entityAlias, final Role role) {
return new RbacExampleRole(entityAlias, role);
}
public class RbacRole {
public RbacRole(final String entityAlias, final Role role) {
private RbacGrantDefinition grantRoleToCurrentUser(final RbacRoleDefinition roleDefinition) {
return new RbacGrantDefinition(roleDefinition, currentUser());
}
private RbacGrantDefinition grantPermissionToRole(final RbacPermissionDefinition permDef , final RbacRoleDefinition roleDef) {
return new RbacGrantDefinition(permDef, roleDef);
}
private RbacGrantDefinition grantSubRoleToSuperRole(final RbacRoleDefinition subRoleDefinition, final RbacRoleDefinition superRoleDefinition) {
return new RbacGrantDefinition(subRoleDefinition, superRoleDefinition);
}
boolean isMainEntityAlias(final EntityAlias entityAlias) {
return entityAlias == this.entityAlias;
}
public boolean isEntityAliasProxy(final EntityAlias entityAlias) {
return entityAlias == entityAliasProxy;
}
public class RbacGrantBuilder {
private final RbacRoleDefinition superRoleDef;
private RbacGrantBuilder(final String entityAlias, final Role role) {
this.superRoleDef = findRbacRole(entityAlias, role);
}
public RbacView<E> grantRole(final String entityAlias, final Role role) {
public RbacView grantRole(final String entityAlias, final Role role) {
new RbacGrantDefinition(findRbacRole(entityAlias, role), superRoleDef);
return RbacView.this;
}
}
@Getter
@EqualsAndHashCode
public class RbacGrantDefinition {
private final RbacUserDefinition userDef;
private final RbacRoleDefinition superRoleDef;
private final RbacRoleDefinition subRoleDef;
private final RbacPermissionDefinition permDef;
@Override
public String toString() {
return switch (grantType()) {
case USER_TO_ROLE -> userDef.toString() + " --> " + subRoleDef.toString();
case ROLE_TO_ROLE -> superRoleDef + " --> " + subRoleDef;
case ROLE_TO_PERM -> superRoleDef + " --> " + permDef;
};
}
public RbacGrantDefinition(final RbacRoleDefinition subRoleDef, final RbacRoleDefinition superRoleDef) {
this.userDef = null;
this.subRoleDef = subRoleDef;
this.superRoleDef = superRoleDef;
this.permDef = null;
grantDefs.add(this);
}
public RbacGrantDefinition(final RbacPermissionDefinition permDef, final RbacRoleDefinition roleDef) {
this.userDef = null;
this.subRoleDef = null;
this.superRoleDef = roleDef;
this.permDef = permDef;
grantDefs.add(this);
}
public RbacGrantDefinition(final RbacRoleDefinition roleDef, final RbacUserDefinition userDef) {
this.userDef = userDef;
this.subRoleDef = roleDef;
this.superRoleDef = null;
this.permDef = null;
}
@NotNull
GrantType grantType() {
return permDef != null ? GrantType.ROLE_TO_PERM
: userDef != null ? GrantType.USER_TO_ROLE
: GrantType.ROLE_TO_ROLE;
}
boolean isAssumed() {
// TODO: not implemented yet
return false;
}
public enum GrantType {
USER_TO_ROLE,
ROLE_TO_ROLE,
ROLE_TO_PERM
}
}
private void addGrant(final RbacGrantDefinition grant) {
grantDefs.add(grant);
}
public class RbacExampleRole {
final EntityAlias subRoleEntity;
final Role subRole;
private EntityAlias superRoleEntity;
Role superRole;
public RbacExampleRole(final String entityAlias, final Role role) {
this.subRoleEntity = findEntityAlias(entityAlias);
this.subRole = role;
}
public RbacView<E> wouldBeGrantedTo(final String entityAlias, final Role role) {
public RbacView wouldBeGrantedTo(final String entityAlias, final Role role) {
this.superRoleEntity = findEntityAlias(entityAlias);
this.superRole = role;
return RbacView.this;
}
}
public class RbacPermissionDefinition<EC> {
@Getter
@EqualsAndHashCode
public class RbacPermissionDefinition {
public RbacPermissionDefinition(final Permission permission) {
final EntityAlias entityAlias;
final Permission permission;
final boolean toCreate;
public RbacPermissionDefinition(final EntityAlias entityAlias, final Permission permission, final boolean toCreate) {
this.entityAlias = entityAlias;
this.permission = permission;
this.toCreate = toCreate;
}
public RbacView<E> pop() {
public RbacView pop() {
return RbacView.this;
}
public RbacPermissionDefinition<EC> withIncomingSuperRole(
public RbacPermissionDefinition withIncomingSuperRole(
final Class<HsOfficeRelationshipEntity> hsOfficeRelationshipEntityClass,
final Role owner) {
return this;
}
public RbacPermissionDefinition<EC> grantedTo(final String entityAlias, final Role owner) {
public RbacPermissionDefinition grantedTo(final String entityAlias, final Role role) {
new RbacGrantDefinition(this, findRbacRole(entityAlias, role) );
return this;
}
@Override
public String toString() {
return "perm:" + entityAlias.aliasName + permission;
}
}
public class RbacRoleDefinition<EC> {
@Getter
@EqualsAndHashCode
public class RbacRoleDefinition {
public RbacRoleDefinition(final Role role) {
private final EntityAlias entityAlias;
private final Role role;
private boolean toCreate;
public RbacRoleDefinition(final EntityAlias entityAlias, final Role role) {
this.entityAlias = entityAlias;
this.role = role;
roleDefs.add(this);
}
public RbacRoleDefinition<EC> withCurrentUserAsOwner() {
public RbacRoleDefinition toCreate() {
this.toCreate = true;
return this;
}
public RbacRoleDefinition<EC> withPermission(final Permission permission) {
public RbacRoleDefinition withCurrentUserAsOwner() {
addGrant(grantRoleToCurrentUser(this));
return this;
}
public RbacRoleDefinition<EC> withIncomingSuperRole(final String tableName, final Role role) {
public RbacRoleDefinition withPermission(final Permission permission) {
addGrant(grantPermissionToRole( createPermission(entityAlias, permission) , this));
return this;
}
public RbacRoleDefinition<EC> createSubRole(final Role role) {
public RbacRoleDefinition withIncomingSuperRole(final String entityAlias, final Role role) {
final var incomingSuperRole = findRbacRole(entityAlias, role);
addGrant(grantSubRoleToSuperRole(this, incomingSuperRole));
return this;
}
public RbacView<E> pop() {
public RbacRoleDefinition createSubRole(final Role role) {
final var roleDef = findRbacRole(entityAlias, role).toCreate();
new RbacGrantDefinition(roleDef, this);
return roleDef;
}
public RbacView pop() {
return RbacView.this;
}
@Override
public String toString() {
return "role:" + entityAlias.aliasName + role;
}
}
public static class Role {
public RbacUserDefinition currentUser() {
return userDefs.stream().filter(u -> u.role == CREATOR).findFirst().orElseThrow();
}
@EqualsAndHashCode
public class RbacUserDefinition {
public enum UserRole {
CREATOR
}
final UserRole role;
public RbacUserDefinition(final UserRole creator) {
this.role = creator;
userDefs.add(this);
}
@Override
public String toString() {
return "user:" + role;
}
}
private EntityAlias findEntityAlias(final String aliasName) {
final var found = entityAliases.get(aliasName);
if ( found == null ) {
throw new IllegalArgumentException("entityAlias not found: " + aliasName);
}
return found;
}
private RbacRoleDefinition findRbacRole(final EntityAlias entityAlias, final Role role) {
return roleDefs.stream()
.filter(r -> r.getEntityAlias() == entityAlias && r.getRole().equals(role))
.findFirst()
.orElseGet(() -> new RbacRoleDefinition(entityAlias, role));
}
private RbacRoleDefinition findRbacRole(final String entityAliasName, final Role role) {
return findRbacRole(findEntityAlias(entityAliasName), role);
}
record EntityAlias(String aliasName, Class<? extends HasUuid> entityClass, SQL fetchSql, Column dependsOnColum) {
public EntityAlias(final String aliasName) {
this(aliasName, null, null, null);
}
public EntityAlias(final String aliasName, final Class<? extends HasUuid> entityClass) {
this(aliasName, entityClass, null, null);
}
}
public record Role(String roleName) {
public static final Role OWNER = new Role("owner");
public static final Role ADMIN = new Role("admin");
public static final Role AGENT = new Role("agent");
public static final Role TENANT = new Role("tenant");
public static final Role REFERRER = new Role("referrer");
private final String roleName;
public Role(final String roleName) {
this.roleName = roleName;
@Override
public String toString() {
return "." + roleName;
}
@Override
public boolean equals(final Object obj) {
return ((obj instanceof Role) && ((Role)obj).roleName.equals(this.roleName));
}
}
public static class Permission {
public record Permission(String permission) {
public static final Permission ALL = new Permission("*");
public static final Permission UPDATE = new Permission("edit");
public static final Permission READ = new Permission("view");
public static final Permission EDIT = new Permission("edit");
public static final Permission VIEW = new Permission("view");
public static Permission extraPermission(final String permission) {
public static Permission custom(final String permission) {
return new Permission(permission);
}
final String permission;
private Permission(final String permission) {
this.permission = permission;
@Override
public String toString() {
return "." + permission;
}
}
public static class SQL {
public static SQL fetchedBySql(final String sql) {
return new SQL(sql);
}
public static SQL query(final String sql) {
return new SQL(sql);
}
public final String sql;
public SQL(final String sql) {
private SQL(final String sql) {
this.sql = sql;
}
}
public static class Column {
public static Column dependsOnColumn(final String column) {
return new Column(column);
}
public final String column;
public Column(final String column) {
private Column(final String column) {
this.column = column;
}
}
private static class AliasNameMapper {
private final RbacView importedRbacView;
private final String outerAliasName;
AliasNameMapper(final RbacView importedRbacView, final String outerAliasName) {
this.importedRbacView = importedRbacView;
this.outerAliasName = outerAliasName;
}
String map(final String originalAliasName) {
if (originalAliasName.equals(importedRbacView.entityAlias.aliasName) ) {
return outerAliasName;
}
return originalAliasName;
}
}
}

144
src/main/java/net/hostsharing/hsadminng/rbac/rbacdef/RbacViewMermaidFlowchart.java Normal file
View File

@ -0,0 +1,144 @@
package net.hostsharing.hsadminng.rbac.rbacdef;
import net.hostsharing.hsadminng.hs.office.bankaccount.HsOfficeBankAccountEntity;
import org.apache.commons.lang3.StringUtils;
import java.io.IOException;
import java.nio.file.*;
import java.time.LocalDateTime;
import static java.util.stream.Collectors.joining;
public class RbacViewMermaidFlowchart {
private final RbacView rbacDef;
private final StringBuilder flowchart = new StringBuilder();
public RbacViewMermaidFlowchart(final RbacView rbacDef) {
this.rbacDef = rbacDef;
flowchart.append("""
### rbac %{entityAlias} %{timestamp}
```mermaid
flowchart TB
"""
.replace("%{entityAlias}", rbacDef.getEntityAlias().aliasName())
.replace("%{timestamp}", LocalDateTime.now().toString()));
renderSubgraphGlobal();
renderEntitySubgraphs();
renderGrants();
flowchart.append("```");
}
void renderSubgraphGlobal() {
flowchart.append("""
subgraph global
style global fill: lightgray
role:global.admin[global.admin]
end
""");
}
private void renderEntitySubgraphs() {
rbacDef.getEntityAliases().values().stream()
.filter(entityAlias -> !rbacDef.isEntityAliasProxy(entityAlias))
.forEach(this::renderEntitySubgraph);
}
private void renderEntitySubgraph(final RbacView.EntityAlias entity) {
final var color = rbacDef.isMainEntityAlias(entity) ? "lightgreen" : "lightgray";
flowchart.append("""
subgraph %{aliasName}
direction TB
style %{aliasName} fill: %{color}
"""
.replace("%{aliasName}", entity.aliasName())
.replace("%{color}", color ));
wrapOutputInSubgraph(entity.aliasName() + ".roles", color,
rbacDef.getRoleDefs().stream()
.filter(r -> r.getEntityAlias() == entity)
.map(r -> " " + roleDef(r))
.collect(joining("\n")));
wrapOutputInSubgraph(entity.aliasName() + "permissions", color,
rbacDef.getPermDefs().stream()
.filter(p -> p.getEntityAlias() == entity)
.map(p -> " " + permDef(p) )
.collect(joining("\n")));
if (rbacDef.isMainEntityAlias(entity) && rbacDef.getEntityAliasProxy() != null ) {
renderEntitySubgraph(rbacDef.getEntityAliasProxy());
}
flowchart.append("end\n\n");
}
private void wrapOutputInSubgraph(final String name, final String color, final String content) {
if (!StringUtils.isEmpty(content)) {
flowchart.append("subgraph " + name + "[ ]\n");
flowchart.append("style %{aliasName} fill: %{color}\n\n"
.replace("%{aliasName}", name)
.replace("%{color}", color));
flowchart.append(content);
flowchart.append("\nend\n\n");
}
}
private void renderGrants() {
rbacDef.getGrantDefs()
.forEach(g -> {
flowchart.append(grantDef(g) + "\n" );
});
}
private String grantDef(final RbacView.RbacGrantDefinition grant) {
return switch (grant.grantType()) {
case USER_TO_ROLE ->
// TODO: other user types not implemented yet
"user:creator" + (grant.isAssumed() ? " -.-> " : " --> ") + roleId(grant.getSubRoleDef());
case ROLE_TO_ROLE ->
roleId(grant.getSuperRoleDef()) + (grant.isAssumed() ? " -.-> " : " --> ") + roleId(grant.getSubRoleDef());
case ROLE_TO_PERM -> roleId(grant.getSuperRoleDef()) + " --> " + permId(grant.getPermDef());
};
}
private String permDef(final RbacView.RbacPermissionDefinition perm) {
return permId(perm) + "{{" + perm.getEntityAlias().aliasName() + perm.getPermission() + "}}";
}
private static String permId(final RbacView.RbacPermissionDefinition permDef) {
return "perm:" + permDef.getEntityAlias().aliasName() + permDef.getPermission();
}
private String roleDef(final RbacView.RbacRoleDefinition roleDef) {
return roleId(roleDef) + "[[" + roleDef.getEntityAlias().aliasName() + roleDef.getRole() + "]]";
}
private static String roleId(final RbacView.RbacRoleDefinition r) {
return "role:" + r.getEntityAlias().aliasName() + r.getRole();
}
@Override
public String toString() {
return flowchart.toString();
}
public static void main(String[] args) throws IOException {
Files.writeString(
Paths.get("doc", "hsOfficeBankAccount.md"),
new RbacViewMermaidFlowchart(HsOfficeBankAccountEntity.hsOfficeBankAccount()).toString(),
StandardOpenOption.CREATE, StandardOpenOption.TRUNCATE_EXISTING);
Files.writeString(
Paths.get("doc", "hsOfficeDebitor.md"),
new RbacViewMermaidFlowchart(HsOfficeBankAccountEntity.hsOfficeDebitor()).toString(),
StandardOpenOption.CREATE, StandardOpenOption.TRUNCATE_EXISTING);
}
}

4
src/main/resources/db/changelog/243-hs-office-bankaccount-rbac.md
View File

@ -4,14 +4,14 @@
flowchart TB
subgraph global
style hsOfficeBankAccount fill: #e9f7ef
style global fill: lightgray
role:global.admin[global.admin]
end
subgraph hsOfficeBankAccount
direction TB
style hsOfficeBankAccount fill: #e9f7ef
style hsOfficeBankAccount fill: lightgreen
user:hsOfficeBankAccount.creator([bankAccount.creator])