Coverage Summary for Class: RecursiveGrantDomainPermissionSysPersister (com.acciente.oacc.sql.internal.persister)

Class	Class, %	Method, %	Line, %
RecursiveGrantDomainPermissionSysPersister	100% (1/ 1)	100% (6/ 6)	75% (63/ 84)
1 /*
2  * Copyright 2009-2018, Acciente LLC
3  *
4  * Acciente LLC licenses this file to you under the
5  * Apache License, Version 2.0 (the "License"); you
6  * may not use this file except in compliance with the
7  * License. You may obtain a copy of the License at
8  *
9  *     http://www.apache.org/licenses/LICENSE-2.0
10  *
11  * Unless required by applicable law or agreed to in
12  * writing, software distributed under the License is
13  * distributed on an "AS IS" BASIS, WITHOUT WARRANTIES
14  * OR CONDITIONS OF ANY KIND, either express or implied.
15  * See the License for the specific language governing
16  * permissions and limitations under the License.
17  */
18 package com.acciente.oacc.sql.internal.persister;
19 
20 import com.acciente.oacc.DomainPermission;
21 import com.acciente.oacc.Resource;
22 import com.acciente.oacc.sql.SQLProfile;
23 import com.acciente.oacc.sql.internal.persister.id.DomainId;
24 import com.acciente.oacc.sql.internal.persister.id.Id;
25 import com.acciente.oacc.sql.internal.persister.id.ResourceClassId;
26 
27 import java.io.Serializable;
28 import java.sql.SQLException;
29 import java.util.ArrayList;
30 import java.util.HashMap;
31 import java.util.HashSet;
32 import java.util.List;
33 import java.util.Map;
34 import java.util.Set;
35 
36 public class RecursiveGrantDomainPermissionSysPersister extends CommonGrantDomainPermissionSysPersister implements Serializable {
37    private static final long serialVersionUID = 1L;
38 
39    public RecursiveGrantDomainPermissionSysPersister(SQLProfile sqlProfile,
40                                                      SQLStrings sqlStrings) {
41       super(sqlProfile, sqlStrings);
42    }
43 
44    @Override
45    public Set<Resource> getResourcesByDomainSuperUserPermission(SQLConnection connection,
46                                                                 Resource accessorResource,
47                                                                 Id<ResourceClassId> resourceClassId) {
48       SQLStatement statement = null;
49       try {
50          // get the list of objects of the specified type that the session has access to via domain super user permissions
51          SQLResult resultSet;
52          Set<Resource> resources = new HashSet<>();
53 
54          statement = connection.prepareStatement(sqlStrings.SQL_findInGrantDomainPermissionSys_ResourceID_ExternalId_BY_AccessorID_SysPermissionID_IsWithGrant_ResourceClassID);
55          statement.setResourceId(1, accessorResource);
56          statement.setDomainSystemPermissionId(2, DOMAIN_PERMISSION_SUPER_USER.getSystemPermissionId());
57          statement.setBoolean(3, false);
58          statement.setResourceClassId(4, resourceClassId);
59          resultSet = statement.executeQuery();
60 
61          while (resultSet.next()) {
62             resources.add(resultSet.getResource("ResourceId", "ExternalId"));
63          }
64          resultSet.close();
65 
66          return resources;
67       }
68       catch (SQLException e) {
69          throw new RuntimeException(e);
70       }
71       finally {
72          closeStatement(statement);
73       }
74    }
75 
76    @Override
77    public Set<Resource> getResourcesByDomainSuperUserPermission(SQLConnection connection,
78                                                                 Resource accessorResource,
79                                                                 Id<ResourceClassId> resourceClassId,
80                                                                 Id<DomainId> resourceDomainId) {
81       SQLStatement statement = null;
82       try {
83          // get the list of objects of the specified type that the session has access to via domain super user permissions
84          SQLResult resultSet;
85          Set<Resource> resources = new HashSet<>();
86 
87          statement = connection.prepareStatement(sqlStrings.SQL_findInGrantDomainPermissionSys_ResourceID_ExternalID_BY_AccessorID_DomainID_SysPermissionID_IsWithGrant_ResourceClassID);
88          statement.setResourceId(1, accessorResource);
89          statement.setResourceDomainId(2, resourceDomainId);
90          statement.setDomainSystemPermissionId(3, DOMAIN_PERMISSION_SUPER_USER.getSystemPermissionId());
91          statement.setBoolean(4, false);
92          statement.setResourceClassId(5, resourceClassId);
93          resultSet = statement.executeQuery();
94 
95          while (resultSet.next()) {
96             resources.add(resultSet.getResource("ResourceId", "ExternalId"));
97          }
98          resultSet.close();
99 
100          return resources;
101       }
102       catch (SQLException e) {
103          throw new RuntimeException(e);
104       }
105       finally {
106          closeStatement(statement);
107       }
108    }
109 
110    @Override
111    public Set<DomainPermission> getDomainSysPermissionsIncludeInherited(SQLConnection connection,
112                                                                         Resource accessorResource,
113                                                                         Id<DomainId> resourceDomainId) {
114       SQLStatement statement = null;
115 
116       try {
117          statement = connection.prepareStatement(sqlStrings.SQL_findInGrantDomainPermissionSys_SysPermissionID_IsWithGrant_BY_AccessorID_DomainID);
118          statement.setResourceId(1, accessorResource);
119          statement.setResourceDomainId(2, resourceDomainId);
120          SQLResult resultSet = statement.executeQuery();
121 
122          // first collect the create permissions that this resource has to domains
123          Set<DomainPermission> domainPermissions = new HashSet<>();
124          while (resultSet.next()) {
125             // on the domains only pre-defined system permissions are expected
126             domainPermissions.add(getDomainSysPermission(resultSet));
127          }
128          resultSet.close();
129 
130          return domainPermissions;
131       }
132       catch (SQLException e) {
133          throw new RuntimeException(e);
134       }
135       finally {
136          closeStatement(statement);
137       }
138    }
139 
140    @Override
141    public Map<String, Set<DomainPermission>> getDomainSysPermissionsIncludeInherited(SQLConnection connection,
142                                                                                      Resource accessorResource) {
143       SQLStatement statement = null;
144 
145       try {
146          // collect the create permissions that this resource has to each domain
147          statement = connection.prepareStatement(sqlStrings.SQL_findInGrantDomainPermissionSys_ResourceDomainName_SysPermissionID_IsWithGrant_BY_AccessorID);
148          statement.setResourceId(1, accessorResource);
149          SQLResult resultSet = statement.executeQuery();
150 
151          final Map<String, Set<DomainPermission>> domainPermissionsMap = new HashMap<>();
152 
153          while (resultSet.next()) {
154             final String resourceDomainName = resultSet.getString("DomainName");
155 
156             Set<DomainPermission> domainPermissions = domainPermissionsMap.get(resourceDomainName);
157 
158             if (domainPermissions == null) {
159                domainPermissionsMap.put(resourceDomainName,
160                                         domainPermissions = new HashSet<>());
161             }
162 
163             // on the domains only pre-defined system permissions are expected
164             domainPermissions.add(getDomainSysPermission(resultSet));
165          }
166          resultSet.close();
167 
168          return domainPermissionsMap;
169       }
170       catch (SQLException e) {
171          throw new RuntimeException(e);
172       }
173       finally {
174          closeStatement(statement);
175       }
176    }
177 
178    @Override
179    public void removeAllDomainSysPermissions(SQLConnection connection,
180                                              Id<DomainId> domainId) {
181       SQLStatement statement = null;
182 
183       try {
184          // chose strategy to perform recursive delete based on sql profile
185          if (sqlProfile.isRecursiveDeleteEnabled()) {
186             // prepare the standard recursive delete statement for domain and its children
187             statement = connection.prepareStatement(sqlStrings.SQL_removeInGrantDomainPermissionSys_withDescendants_BY_AccessedDomainID);
188             statement.setResourceDomainId(1, domainId);
189             statement.executeUpdate();
190          }
191          else {
192             // DBMS doesn't support recursive deletion, so we have to use a different implementation
193 
194             // get descendant domain Ids
195             statement = connection.prepareStatement(sqlStrings.SQL_findInDomain_DescendantResourceDomainID_BY_DomainID_ORDERBY_DomainLevel);
196             statement.setResourceDomainId(1, domainId);
197             SQLResult resultSet = statement.executeQuery();
198 
199             List<Id<DomainId>> descendantDomainIds = new ArrayList<>();
200 
201             while (resultSet.next()) {
202                descendantDomainIds.add(resultSet.getResourceDomainId("DomainId"));
203             }
204             closeStatement(statement);
205 
206             // delete domains' accessors (in reverse order of domainLevel, to preserve FK constraints)
207             statement = connection.prepareStatement(sqlStrings.SQL_removeInGrantDomainPermissionSys_BY_AccessedDomainID);
208 
209             for (int i=descendantDomainIds.size()-1; i >= 0; i--) {
210                statement.setResourceDomainId(1, descendantDomainIds.get(i));
211                statement.executeUpdate();
212             }
213          }
214       }
215       catch (SQLException e) {
216          throw new RuntimeException(e);
217       }
218       finally {
219          closeStatement(statement);
220       }
221    }
222 }