Coverage Summary for Class: NonRecursiveGrantDomainPermissionSysPersister (com.acciente.oacc.sql.internal.persister)

1 /* 2  * Copyright 2009-2018, Acciente LLC 3  * 4  * Acciente LLC licenses this file to you under the 5  * Apache License, Version 2.0 (the "License"); you 6  * may not use this file except in compliance with the 7  * License. You may obtain a copy of the License at 8  * 9  * http://www.apache.org/licenses/LICENSE-2.0 10  * 11  * Unless required by applicable law or agreed to in 12  * writing, software distributed under the License is 13  * distributed on an "AS IS" BASIS, WITHOUT WARRANTIES 14  * OR CONDITIONS OF ANY KIND, either express or implied. 15  * See the License for the specific language governing 16  * permissions and limitations under the License. 17  */ 18 package com.acciente.oacc.sql.internal.persister; 19  20 import com.acciente.oacc.DomainPermission; 21 import com.acciente.oacc.Resource; 22 import com.acciente.oacc.sql.SQLProfile; 23 import com.acciente.oacc.sql.internal.persister.id.DomainId; 24 import com.acciente.oacc.sql.internal.persister.id.Id; 25 import com.acciente.oacc.sql.internal.persister.id.ResourceClassId; 26 import com.acciente.oacc.sql.internal.persister.id.ResourceId; 27  28 import java.io.Serializable; 29 import java.sql.SQLException; 30 import java.util.ArrayList; 31 import java.util.HashMap; 32 import java.util.HashSet; 33 import java.util.List; 34 import java.util.Map; 35 import java.util.Set; 36  37 public class NonRecursiveGrantDomainPermissionSysPersister extends CommonGrantDomainPermissionSysPersister implements Serializable { 38  private static final long serialVersionUID = 1L; 39  40  public NonRecursiveGrantDomainPermissionSysPersister(SQLProfile sqlProfile, 41  SQLStrings sqlStrings) { 42  super(sqlProfile, sqlStrings); 43  } 44  45  @Override 46  public Set<Resource> getResourcesByDomainSuperUserPermission(SQLConnection connection, 47  Resource accessorResource, 48  Id<ResourceClassId> resourceClassId) { 49  SQLStatement statement = null; 50  try { 51  // first get all the resources from which the accessor inherits any permissions 52  final Set<Id<ResourceId>> accessorResourceIds 53  = NonRecursivePersisterHelper.getInheritedAccessorResourceIds(sqlStrings, connection, accessorResource); 54  55  // secondly get all the domains the accessors directly have access to 56  SQLResult resultSet; 57  final Set<Id<DomainId>> directDomainIds = new HashSet<>(); 58  statement = connection.prepareStatement(sqlStrings.SQL_findInGrantDomainPermissionSys_withoutInheritance_ResourceDomainId_BY_AccessorID_SysPermissionID_IsWithGrant); 59  60  for (Id<ResourceId> accessorResourceId : accessorResourceIds) { 61  statement.setResourceId(1, accessorResourceId); 62  statement.setDomainSystemPermissionId(2, DOMAIN_PERMISSION_SUPER_USER.getSystemPermissionId()); 63  statement.setBoolean(3, false); 64  resultSet = statement.executeQuery(); 65  66  while (resultSet.next()) { 67  directDomainIds.add(resultSet.getResourceDomainId("AccessedDomainId")); 68  } 69  resultSet.close(); 70  } 71  closeStatement(statement); 72  73  // then get all the descendants of the directly accessible domains 74  final Set<Id<DomainId>> accessibleDomainIds = new HashSet<>(); 75  for (Id<DomainId> directDomainId : directDomainIds) { 76  accessibleDomainIds 77  .addAll(NonRecursivePersisterHelper.getDescendantDomainIdsOrderedByAscendingLevel(sqlStrings, 78  connection, 79  directDomainId)); 80  } 81  82  // now get resources of the specified class that the session has access to via domain super user permissions 83  final Set<Resource> resources = new HashSet<>(); 84  statement = connection.prepareStatement(sqlStrings.SQL_findInResource_withoutInheritance_ResourceId_ExternalId_BY_ResourceClassID_DomainID); 85  86  for (Id<DomainId> domainId : accessibleDomainIds) { 87  statement.setResourceClassId(1, resourceClassId); 88  statement.setResourceDomainId(2, domainId); 89  resultSet = statement.executeQuery(); 90  91  while (resultSet.next()) { 92  resources.add(resultSet.getResource("ResourceId", "ExternalId")); 93  } 94  resultSet.close(); 95  } 96  97  return resources; 98  } 99  catch (SQLException e) { 100  throw new RuntimeException(e); 101  } 102  finally { 103  closeStatement(statement); 104  } 105  } 106  107  @Override 108  public Set<Resource> getResourcesByDomainSuperUserPermission(SQLConnection connection, 109  Resource accessorResource, 110  Id<ResourceClassId> resourceClassId, 111  Id<DomainId> resourceDomainId) { 112  SQLStatement statement = null; 113  try { 114  // first get all the resources from which the accessor inherits any permissions 115  final Set<Id<ResourceId>> accessorResourceIds 116  = NonRecursivePersisterHelper.getInheritedAccessorResourceIds(sqlStrings, connection, accessorResource); 117  118  // secondly get all the domains the accessors directly have access to 119  SQLResult resultSet; 120  final Set<Id<DomainId>> directDomainIds = new HashSet<>(); 121  statement = connection.prepareStatement(sqlStrings.SQL_findInGrantDomainPermissionSys_withoutInheritance_ResourceDomainId_BY_AccessorID_SysPermissionID_IsWithGrant); 122  123  for (Id<ResourceId> accessorResourceId : accessorResourceIds) { 124  statement.setResourceId(1, accessorResourceId); 125  statement.setDomainSystemPermissionId(2, DOMAIN_PERMISSION_SUPER_USER.getSystemPermissionId()); 126  statement.setBoolean(3, false); 127  resultSet = statement.executeQuery(); 128  129  while (resultSet.next()) { 130  directDomainIds.add(resultSet.getResourceDomainId("AccessedDomainId")); 131  } 132  resultSet.close(); 133  } 134  closeStatement(statement); 135  136  // then get all the descendants of the directly accessible domains 137  final Set<Id<DomainId>> accessibleDomainIds = new HashSet<>(); 138  for (Id<DomainId> directDomainId : directDomainIds) { 139  accessibleDomainIds 140  .addAll(NonRecursivePersisterHelper.getDescendantDomainIdsOrderedByAscendingLevel(sqlStrings, 141  connection, 142  directDomainId)); 143  } 144  145  // also get the descendents of the specified domain 146  final Set<Id<DomainId>> descendantDomainIds 147  = NonRecursivePersisterHelper.getDescendantDomainIdsOrderedByAscendingLevel(sqlStrings, 148  connection, 149  resourceDomainId); 150  151  // next, filter the accessible domains by the specified sub-domains 152  accessibleDomainIds.retainAll(descendantDomainIds); 153  154  // now get resources of the specified class that the session has access to via domain super user permissions 155  final Set<Resource> resources = new HashSet<>(); 156  statement = connection.prepareStatement(sqlStrings.SQL_findInResource_withoutInheritance_ResourceId_ExternalId_BY_ResourceClassID_DomainID); 157  158  for (Id<DomainId> domainId : accessibleDomainIds) { 159  statement.setResourceClassId(1, resourceClassId); 160  statement.setResourceDomainId(2, domainId); 161  resultSet = statement.executeQuery(); 162  163  while (resultSet.next()) { 164  resources.add(resultSet.getResource("ResourceId", "ExternalId")); 165  } 166  resultSet.close(); 167  } 168  169  return resources; 170  } 171  catch (SQLException e) { 172  throw new RuntimeException(e); 173  } 174  finally { 175  closeStatement(statement); 176  } 177  } 178  179  @Override 180  public Set<DomainPermission> getDomainSysPermissionsIncludeInherited(SQLConnection connection, 181  Resource accessorResource, 182  Id<DomainId> resourceDomainId) { 183  SQLStatement statement = null; 184  185  try { 186  // first get all the resources from which the accessor inherits any permissions 187  final Set<Id<ResourceId>> accessorResourceIds 188  = NonRecursivePersisterHelper.getInheritedAccessorResourceIds(sqlStrings, connection, accessorResource); 189  190  // get the ancestors of the specified domain, to which the accessors could also have permissions 191  final Set<Id<DomainId>> ancestorDomainIds = NonRecursivePersisterHelper.getAncestorDomainIds(sqlStrings, 192  connection, 193  resourceDomainId); 194  195  // now collect the sys-permissions any accessor resource has to the specified domain or its ancestors 196  Set<DomainPermission> domainPermissions = new HashSet<>(); 197  statement = connection.prepareStatement(sqlStrings.SQL_findInGrantDomainPermissionSys_withoutInheritance_SysPermissionID_IsWithGrant_BY_AccessorID_DomainID); 198  199  for (Id<ResourceId> accessorResourceId : accessorResourceIds) { 200  for (Id<DomainId> domainId : ancestorDomainIds) { 201  statement.setResourceId(1, accessorResourceId); 202  statement.setResourceDomainId(2, domainId); 203  SQLResult resultSet = statement.executeQuery(); 204  205  while (resultSet.next()) { 206  // on the domains only pre-defined system permissions are expected 207  domainPermissions.add(getDomainSysPermission(resultSet)); 208  } 209  resultSet.close(); 210  } 211  } 212  213  return domainPermissions; 214  } 215  catch (SQLException e) { 216  throw new RuntimeException(e); 217  } 218  finally { 219  closeStatement(statement); 220  } 221  } 222  223  @Override 224  public Map<String, Set<DomainPermission>> getDomainSysPermissionsIncludeInherited(SQLConnection connection, 225  Resource accessorResource) { 226  SQLStatement statement = null; 227  228  try { 229  // first get all the resources from which the accessor inherits any permissions 230  final Set<Id<ResourceId>> accessorResourceIds 231  = NonRecursivePersisterHelper.getInheritedAccessorResourceIds(sqlStrings, connection, accessorResource); 232  233  // second, get all the domain permissions the accessors directly have access to 234  SQLResult resultSet; 235  final Map<String, Set<DomainPermission>> domainPermissionsMap = new HashMap<>(); 236  237  statement = connection.prepareStatement(sqlStrings.SQL_findInGrantDomainPermissionSys_withoutInheritance_ResourceDomainName_SysPermissionID_IsWithGrant_BY_AccessorID); 238  239  for (Id<ResourceId> accessorResourceId : accessorResourceIds) { 240  statement.setResourceId(1, accessorResourceId); 241  resultSet = statement.executeQuery(); 242  243  while (resultSet.next()) { 244  final String resourceDomainName = resultSet.getString("DomainName"); 245  246  Set<DomainPermission> domainPermissions = domainPermissionsMap.get(resourceDomainName); 247  248  if (domainPermissions == null) { 249  domainPermissions = new HashSet<>(); 250  domainPermissionsMap.put(resourceDomainName, domainPermissions); 251  } 252  253  // on the domains only pre-defined system permissions are expected 254  domainPermissions.add(getDomainSysPermission(resultSet)); 255  } 256  resultSet.close(); 257  } 258  closeStatement(statement); 259  statement = null; 260  261  // then apply each domain's direct permissions to all its descendants 262  // !! DON'T UPDATE THE PERMISSION-MAP WHILE ITERATING OVER ITS KEY-SET !! (get a copy of the key-set instead) 263  Set<String> directDomainNames = new HashSet<>(domainPermissionsMap.keySet()); 264  for (String directDomainName : directDomainNames) { 265  Set<String> descendentDomains = NonRecursivePersisterHelper.getDescendantDomainNames(sqlStrings, 266  connection, 267  directDomainName); 268  269  for (String descendentDomain : descendentDomains) { 270  Set<DomainPermission> domainPermissions = domainPermissionsMap.get(descendentDomain); 271  272  if (domainPermissions == null) { 273  domainPermissions = new HashSet<>(); 274  domainPermissionsMap.put(descendentDomain, domainPermissions); 275  } 276  277  if (!descendentDomain.equals(directDomainName)) { 278  domainPermissions.addAll(domainPermissionsMap.get(directDomainName)); 279  } 280  } 281  } 282  283  return domainPermissionsMap; 284  } 285  catch (SQLException e) { 286  throw new RuntimeException(e); 287  } 288  finally { 289  closeStatement(statement); 290  } 291  } 292  293  @Override 294  public void removeAllDomainSysPermissions(SQLConnection connection, Id<DomainId> domainId) { 295  SQLStatement statement = null; 296  297  try { 298  // get descendant domain Ids 299  List<Id<DomainId>> descendantDomainIds 300  = new ArrayList<>(NonRecursivePersisterHelper.getDescendantDomainIdsOrderedByAscendingLevel(sqlStrings, 301  connection, 302  domainId)); 303  304  // delete domains' accessors (in reverse order of domainLevel, to preserve FK constraints) 305  statement = connection.prepareStatement(sqlStrings.SQL_removeInGrantDomainPermissionSys_BY_AccessedDomainID); 306  307  for (int i=descendantDomainIds.size()-1; i >= 0; i--) { 308  statement.setResourceDomainId(1, descendantDomainIds.get(i)); 309  statement.executeUpdate(); 310  } 311  } 312  catch (SQLException e) { 313  throw new RuntimeException(e); 314  } 315  finally { 316  closeStatement(statement); 317  } 318  } 319  320 }