RBAC generator with conditional grants used for REPRESENTATIVE-Relation #33
@ -1,6 +1,10 @@
|
|||||||
package net.hostsharing.hsadminng.hs.office.debitor;
|
package net.hostsharing.hsadminng.hs.office.debitor;
|
||||||
|
|
||||||
import lombok.*;
|
import lombok.AllArgsConstructor;
|
||||||
|
import lombok.Builder;
|
||||||
|
import lombok.Getter;
|
||||||
|
import lombok.NoArgsConstructor;
|
||||||
|
import lombok.Setter;
|
||||||
import net.hostsharing.hsadminng.errors.DisplayName;
|
import net.hostsharing.hsadminng.errors.DisplayName;
|
||||||
import net.hostsharing.hsadminng.hs.office.bankaccount.HsOfficeBankAccountEntity;
|
import net.hostsharing.hsadminng.hs.office.bankaccount.HsOfficeBankAccountEntity;
|
||||||
import net.hostsharing.hsadminng.hs.office.partner.HsOfficePartnerEntity;
|
import net.hostsharing.hsadminng.hs.office.partner.HsOfficePartnerEntity;
|
||||||
@ -15,7 +19,13 @@ import org.hibernate.annotations.JoinFormula;
|
|||||||
import org.hibernate.annotations.NotFound;
|
import org.hibernate.annotations.NotFound;
|
||||||
import org.hibernate.annotations.NotFoundAction;
|
import org.hibernate.annotations.NotFoundAction;
|
||||||
|
|
||||||
import jakarta.persistence.*;
|
import jakarta.persistence.Column;
|
||||||
|
import jakarta.persistence.Entity;
|
||||||
|
import jakarta.persistence.GeneratedValue;
|
||||||
|
import jakarta.persistence.Id;
|
||||||
|
import jakarta.persistence.JoinColumn;
|
||||||
|
import jakarta.persistence.ManyToOne;
|
||||||
|
import jakarta.persistence.Table;
|
||||||
import jakarta.validation.constraints.Pattern;
|
import jakarta.validation.constraints.Pattern;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.util.UUID;
|
import java.util.UUID;
|
||||||
@ -26,7 +36,7 @@ import static jakarta.persistence.CascadeType.PERSIST;
|
|||||||
import static jakarta.persistence.CascadeType.REFRESH;
|
import static jakarta.persistence.CascadeType.REFRESH;
|
||||||
import static java.util.Optional.ofNullable;
|
import static java.util.Optional.ofNullable;
|
||||||
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Column.dependsOnColumn;
|
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Column.dependsOnColumn;
|
||||||
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.ColumnValue.usingCase;
|
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.ColumnValue.usingDefaultCase;
|
||||||
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Nullable.NOT_NULL;
|
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Nullable.NOT_NULL;
|
||||||
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Nullable.NULLABLE;
|
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Nullable.NULLABLE;
|
||||||
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.*;
|
import static net.hostsharing.hsadminng.rbac.rbacdef.RbacView.Permission.*;
|
||||||
@ -158,7 +168,8 @@ public class HsOfficeDebitorEntity implements RbacObject, Stringifyable {
|
|||||||
.toRole("global", ADMIN).grantPermission(INSERT)
|
.toRole("global", ADMIN).grantPermission(INSERT)
|
||||||
|
|
||||||
.importRootEntityAliasProxy("debitorRel", HsOfficeRelationEntity.class,
|
.importRootEntityAliasProxy("debitorRel", HsOfficeRelationEntity.class,
|
||||||
usingCase("DEBITOR"),
|
// TODO.spec: do we need a distinct case for DEBITOR-Relation?
|
||||||
|
usingDefaultCase(),
|
||||||
directlyFetchedByDependsOnColumn(),
|
directlyFetchedByDependsOnColumn(),
|
||||||
dependsOnColumn("debitorRelUuid"))
|
dependsOnColumn("debitorRelUuid"))
|
||||||
.createPermission(DELETE).grantedTo("debitorRel", OWNER)
|
.createPermission(DELETE).grantedTo("debitorRel", OWNER)
|
||||||
|
@ -257,7 +257,7 @@ public class RbacView {
|
|||||||
return permDefs.stream()
|
return permDefs.stream()
|
||||||
.filter(p -> p.permission == permission && p.entityAlias == entityAlias)
|
.filter(p -> p.permission == permission && p.entityAlias == entityAlias)
|
||||||
.findFirst()
|
.findFirst()
|
||||||
// .map(g -> g.forCase(processingCase)) TODO: not implemented case dependent
|
// .map(g -> g.forCase(processingCase)) TODO.impl: not implemented case dependent
|
||||||
.orElseGet(() -> new RbacPermissionDefinition(entityAlias, permission, null, true));
|
.orElseGet(() -> new RbacPermissionDefinition(entityAlias, permission, null, true));
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -415,7 +415,6 @@ public class RbacView {
|
|||||||
this.discriminatorColumName = discriminatorColumName;
|
this.discriminatorColumName = discriminatorColumName;
|
||||||
allCases.addAll(stream(caseDefs).toList());
|
allCases.addAll(stream(caseDefs).toList());
|
||||||
|
|
||||||
// FIXME: currently only the default case is executed
|
|
||||||
stream(caseDefs).forEach(caseDef -> {
|
stream(caseDefs).forEach(caseDef -> {
|
||||||
this.processingCase = caseDef;
|
this.processingCase = caseDef;
|
||||||
caseDef.def.accept(this);
|
caseDef.def.accept(this);
|
||||||
@ -1133,6 +1132,7 @@ public class RbacView {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// FIXME: subclass of ColumnValue
|
||||||
public static class CaseDef {
|
public static class CaseDef {
|
||||||
|
|
||||||
final String val;
|
final String val;
|
||||||
|
@ -331,11 +331,6 @@ class RolesGrantsAndPermissionsGenerator {
|
|||||||
.replace("${permRef}", createPerm(NEW, grantDef.getPermDef()))
|
.replace("${permRef}", createPerm(NEW, grantDef.getPermDef()))
|
||||||
.replace("${superRoleRef}", roleRef(NEW, grantDef.getSuperRoleDef()));
|
.replace("${superRoleRef}", roleRef(NEW, grantDef.getSuperRoleDef()));
|
||||||
};
|
};
|
||||||
// if (grantDef.isConditional()) {
|
|
||||||
// return "if " + grantDef.generateCondition() + " then\n"
|
|
||||||
// + " " + grantSql + "\n"
|
|
||||||
// + "end if;";
|
|
||||||
// }
|
|
||||||
return grantSql;
|
return grantSql;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user