Skip to content

Commit

Permalink
#4594 Add views to calculate permission inheritance
Browse files Browse the repository at this point in the history
  • Loading branch information
@stroomdev66
stroomdev66 committed Nov 15, 2024
1 parent 49ed689 commit ba667ca
Showing 1 changed file with 3 additions and 244 deletions.
247 changes: 3 additions & 244 deletions ...y/stroom-security-impl-db/src/main/java/stroom/security/impl/db/AppPermissionDaoImpl.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,10 +14,8 @@
import jakarta.inject.Inject;
import jakarta.inject.Provider;
import org.jooq.Condition;
import org.jooq.Field;
import org.jooq.OrderField;
import org.jooq.Record;
import org.jooq.impl.DSL;
import org.jooq.types.UByte;

import java.util.ArrayList;
Expand Down Expand Up @@ -97,7 +95,7 @@ public ResultPage<AppUserPermissions> fetchAppUserPermissions(final FetchAppUser

final Collection<OrderField<?>> orderFields = userDao.createOrderFields(request);

List<AppUserPermissions> list = null;
final List<AppUserPermissions> list;
if (PermissionShowLevel.SHOW_ALL.equals(request.getShowLevel())) {
list = JooqUtil.contextResult(securityDbConnProvider, context -> context
.select(
Expand Down Expand Up @@ -140,237 +138,6 @@ public ResultPage<AppUserPermissions> fetchAppUserPermissions(final FetchAppUser
final Set<AppPermission> inherited = getAppPermissionSet(inheritedPerms);
return new AppUserPermissions(userRef, permissions, inherited);
});


//
//// // If we are only delivering users with specific permissions then join and select distinct.
// list = JooqUtil.contextResult(securityDbConnProvider, context -> {
//// var view = context.createView(DSL.name("permission_app_view"))
//// .as(context
//// .select(
//// STROOM_USER.UUID,
//// STROOM_USER.NAME,
//// STROOM_USER.DISPLAY_NAME,
//// STROOM_USER.FULL_NAME,
//// DSL.groupConcat(PERMISSION_APP.PERMISSION_ID).as("perms"),
//// DSL.field("", String.class).as("group_uuid"))
//// .from(STROOM_USER)
//// .leftOuterJoin(PERMISSION_APP).on(PERMISSION_APP.USER_UUID.eq(STROOM_USER.UUID))
//// .groupBy(STROOM_USER.UUID)
//// .union(context
//// .select(
//// STROOM_USER.UUID,
//// STROOM_USER.NAME,
//// STROOM_USER.DISPLAY_NAME,
//// STROOM_USER.FULL_NAME,
//// DSL.groupConcat(PERMISSION_APP.PERMISSION_ID).as("perms"),
//// STROOM_USER_GROUP.GROUP_UUID)
//// .from(STROOM_USER)
//// .leftOuterJoin(PERMISSION_APP).on(PERMISSION_APP.USER_UUID.eq(STROOM_USER.UUID))
//// .join(STROOM_USER_GROUP).on(STROOM_USER_GROUP.USER_UUID.eq(STROOM_USER.UUID))
//// .groupBy(STROOM_USER.UUID, STROOM_USER_GROUP.GROUP_UUID)))
//// .execute();
////
////
//
//
//// final Field<String> uuid = DSL.field(DSL.name("uuid"), String.class);
//
//
// final VPermissionApp vpa = V_PERMISSION_APP.as("vpa");
// final Name cte = DSL.name("cte");
// final Name uuid = DSL.name("uuid");
// final Name name = DSL.name("name");
// final Name displayName = DSL.name("display_name");
// final Name fullName = DSL.name("full_name");
// final Name isGroup = DSL.name("is_group");
// final Name perms = DSL.name("perms");
// final Name combinedPerms = DSL.name("combined_perms");
// final Field<String> combinedPermsField = DSL.field(cte.append(combinedPerms), String.class);
//// "uuid",
//// "name",
//// "display_name",
//// "full_name",
//// "perms",
//// "combined_perms"
//
// final CommonTableExpression<?> commonTableExpression = cte
// .fields(uuid, name, displayName, fullName, isGroup, perms, combinedPerms)
// .as(context
// .select(
// vpa.UUID,
// vpa.NAME,
// vpa.DISPLAY_NAME,
// vpa.FULL_NAME,
// vpa.IS_GROUP,
// vpa.PERMS,
// vpa.PERMS)
// .from(vpa)
// .where(vpa.GROUP_UUID.isNull())
// .unionAll(context
// .select(vpa.UUID,
// vpa.NAME,
// vpa.DISPLAY_NAME,
// vpa.FULL_NAME,
// vpa.IS_GROUP,
// vpa.PERMS,
//// DSL.iif(combinedPermsField.isNull(),
//// vpa.PERMS,
//// DSL.iif(
//// vpa.PERMS.isNull(),
//// combinedPermsField,
//// DSL.concat(vpa.PERMS, combinedPermsField)
//// ))
////
// concatWs(
// ",",
// combinedPermsField,
// vpa.PERMS)
// )
// .from(DSL.table(cte))
// .join(vpa)
// .on(DSL.field(cte.append(uuid)).eq(vpa.GROUP_UUID))));
//
//
//// WITH RECURSIVE cte (
//// uuid,
//// name,
//// display_name,
//// full_name,
//// perms,
//// combined_perms
//// ) AS (
//// select
//// pav.uuid,
//// pav.name,
//// pav.display_name,
//// pav.full_name,
//// pav.perms,
//// pav.perms
//// from v_permission_app pav
//// where pav.group_uuid is null
//// UNION ALL
//// select
//// pav.uuid,
//// pav.name,
//// pav.display_name,
//// pav.full_name,
//// pav.perms,
//// concat_ws('/', cte.combined_perms, pav.perms)
//// from cte
//// join v_permission_app pav
//// on cte.uuid = pav.group_uuid
////)
//// SELECT
//// uuid,
//// name,
//// display_name,
//// full_name,
//// group_concat(distinct perms),
//// group_concat(distinct combined_perms) FROM cte group by uuid, name, display_name, full_name;
////
////
////
//
//
// final var result1 = context
// .withRecursive(commonTableExpression)
// .selectFrom(commonTableExpression)
// .fetch();
//
//
// final var result = context
// .withRecursive(commonTableExpression)
// .select(
// DSL.field(uuid),
// DSL.field(name),
// DSL.field(displayName),
// DSL.field(fullName),
// DSL.field(isGroup),
// DSL.groupConcat(DSL.field(perms)).as(perms),
// DSL.groupConcat(DSL.field(combinedPerms)).as(combinedPerms))
// .from(commonTableExpression)
// .groupBy(DSL.field(uuid),
// DSL.field(name),
// DSL.field(displayName),
// DSL.field(fullName),
// DSL.field(isGroup))
// .fetch();
//
// return result.map(r -> {
// final String ruuid = r.get(uuid, String.class);
// final String rname = r.get(name, String.class);
// final String rdisplayName = r.get(displayName, String.class);
// final String rfullName = r.get(fullName, String.class);
// final boolean rIsGroup = r.get(isGroup, Boolean.class);
// final String rperms = r.get(perms, String.class);
// final String rcombinedPerms = r.get(combinedPerms, String.class);
//
// final UserRef userRef = new UserRef(ruuid, rname, rdisplayName, rfullName, rIsGroup);
//
// final Set<AppPermission> permissions = getAppPermissionSet(rperms);
// final Set<AppPermission> inherited = getAppPermissionSet(rcombinedPerms);
// return new AppUserPermissions(userRef, permissions, inherited);
// });
//
//
//// DIRECTORY.LABEL,
//// DIRECTORY.LABEL)
//// .from(DIRECTORY)
//// .where(DIRECTORY.PARENT_ID.isNull())
//// .unionAll(
//// select(
//// DIRECTORY.ID,
//// DIRECTORY.LABEL,
//// field(name("t", "path"), VARCHAR)
//// .concat("\\")
//// .concat(DIRECTORY.LABEL))
//// .from(table(name("t")))
//// .join(DIRECTORY)
//// .on(field(name("t", "id"), INTEGER)
//// .eq(DIRECTORY.PARENT_ID)))
//// );
//
//// System.out.println(
//// create.withRecursive(cte)
//// .selectFrom(cte)
//// .fetch()
//// );
//
//// UNION ALL
//// select
//// pav.uuid,
//// pav.name,
//// pav.display_name,
//// pav.full_name,
//// pav.perms,
//// concat_ws('/', cte.combined_perms, pav.perms)
//// from cte
//// join permission_app_view pav
//// on cte.uuid = pav.group_uuid
////)
//// SELECT
//// uuid,
//// name,
//// display_name,
//// full_name,
//// group_concat(distinct perms),
//// group_concat(distinct combined_perms) FROM cte group by uuid, name, display_name, full_name;
////
////
////
////
//// select
//// pav.uuid,
//// pav.name,
//// pav.display_name,
//// pav.full_name,
//// pav.perms,
//// pav.name
//// from permission_app_view pav
//// where pav.group_uuid is null;
//
// });
} else {
// If we are only delivering users with specific permissions then join and select distinct.
list = JooqUtil.contextResult(securityDbConnProvider, context -> context
Expand Down Expand Up @@ -410,12 +177,6 @@ private Set<AppPermission> getAppPermissionSet(final String perms) {
return permissions;
}

public static Field<String> concatWs(final String delimiter,
final Field<String> left,
final Field<String> right) {
return DSL.field("concat_ws({0}, {1}, {2})", String.class, delimiter, left, right);
}

private AppUserPermissions getAppUserPermissions(final Record r) {
final UserRef userRef = recordToUserRef(r);
return getAppUserPermissions(userRef);
Expand All @@ -433,7 +194,7 @@ private UserRef recordToUserRef(final Record r) {
}

private AppUserPermissions getAppUserPermissions(final UserRef userRef) {
final Set<AppPermission> permissions = JooqUtil
final Set<AppPermission> permissions = new HashSet<>(JooqUtil
.contextResult(securityDbConnProvider, context -> context
.select(
PERMISSION_APP.PERMISSION_ID)
Expand All @@ -444,9 +205,7 @@ private AppUserPermissions getAppUserPermissions(final UserRef userRef) {
final int permissionId = r2.get(PERMISSION_APP.PERMISSION_ID).intValue();
final String permissionName = appPermissionIdDao.get(permissionId);
return AppPermission.getPermissionForName(permissionName);
})
.stream()
.collect(Collectors.toSet());
}));
return new AppUserPermissions(userRef, permissions);
}
}

0 comments on commit ba667ca

Please sign in to comment.