Coverage Summary for Class: RecursiveGrantGlobalResourcePermissionSysPersister (com.acciente.oacc.sql.internal.persister)

1 /* 2  * Copyright 2009-2018, Acciente LLC 3  * 4  * Acciente LLC licenses this file to you under the 5  * Apache License, Version 2.0 (the "License"); you 6  * may not use this file except in compliance with the 7  * License. You may obtain a copy of the License at 8  * 9  * http://www.apache.org/licenses/LICENSE-2.0 10  * 11  * Unless required by applicable law or agreed to in 12  * writing, software distributed under the License is 13  * distributed on an "AS IS" BASIS, WITHOUT WARRANTIES 14  * OR CONDITIONS OF ANY KIND, either express or implied. 15  * See the License for the specific language governing 16  * permissions and limitations under the License. 17  */ 18 package com.acciente.oacc.sql.internal.persister; 19  20 import com.acciente.oacc.Resource; 21 import com.acciente.oacc.ResourcePermission; 22 import com.acciente.oacc.sql.SQLProfile; 23 import com.acciente.oacc.sql.internal.persister.id.DomainId; 24 import com.acciente.oacc.sql.internal.persister.id.Id; 25 import com.acciente.oacc.sql.internal.persister.id.ResourceClassId; 26  27 import java.io.Serializable; 28 import java.sql.SQLException; 29 import java.util.ArrayList; 30 import java.util.HashMap; 31 import java.util.HashSet; 32 import java.util.List; 33 import java.util.Map; 34 import java.util.Set; 35  36 public class RecursiveGrantGlobalResourcePermissionSysPersister extends CommonGrantGlobalResourcePermissionSysPersister implements Serializable { 37  private static final long serialVersionUID = 1L; 38  39  public RecursiveGrantGlobalResourcePermissionSysPersister(SQLProfile sqlProfile, 40  SQLStrings sqlStrings) { 41  super(sqlProfile, sqlStrings); 42  } 43  44  @Override 45  public Set<Resource> getResourcesByGlobalSysPermission(SQLConnection connection, 46  Resource accessorResource, 47  Id<ResourceClassId> resourceClassId, 48  ResourcePermission resourcePermission) { 49  if (!resourcePermission.isSystemPermission()) { 50  throw new IllegalArgumentException("Permission: " + resourcePermission + " is not a system permission"); 51  } 52  53  SQLStatement statement = null; 54  try { 55  SQLResult resultSet; 56  Set<Resource> resources = new HashSet<>(); 57  58  // get the list of objects of the specified type that the session has access to via global permissions 59  statement = connection.prepareStatement(sqlStrings.SQL_findInGrantGlobalResourcePermissionSys_ResourceID_ExternalID_BY_AccessorID_ResourceClassID_SysPermissionID_IsWithGrant_ResourceClassID); 60  statement.setResourceId(1, accessorResource); 61  statement.setResourceClassId(2, resourceClassId); 62  statement.setResourceSystemPermissionId(3, resourcePermission.getSystemPermissionId()); 63  statement.setBoolean(4, resourcePermission.isWithGrantOption()); 64  statement.setResourceClassId(5, resourceClassId); 65  resultSet = statement.executeQuery(); 66  67  while (resultSet.next()) { 68  resources.add(resultSet.getResource("ResourceId", "ExternalId")); 69  } 70  resultSet.close(); 71  72  return resources; 73  } 74  catch (SQLException e) { 75  throw new RuntimeException(e); 76  } 77  finally { 78  closeStatement(statement); 79  } 80  } 81  82  @Override 83  public Set<Resource> getResourcesByGlobalSysPermission(SQLConnection connection, 84  Resource accessorResource, 85  Id<ResourceClassId> resourceClassId, 86  Id<DomainId> resourceDomainId, 87  ResourcePermission resourcePermission) { 88  if (!resourcePermission.isSystemPermission()) { 89  throw new IllegalArgumentException("Permission: " + resourcePermission + " is not a system permission"); 90  } 91  92  SQLStatement statement = null; 93  try { 94  // get the list of objects of the specified type that the session has access to via global permissions 95  SQLResult resultSet; 96  Set<Resource> resources = new HashSet<>(); 97  98  statement = connection.prepareStatement(sqlStrings.SQL_findInGrantGlobalResourcePermissionSys_ResourceID_ExternalID_BY_AccessorID_DomainID_ResourceClassID_SysPermissionID_IsWithGrant_ResourceClassID); 99  statement.setResourceId(1, accessorResource); 100  statement.setResourceDomainId(2, resourceDomainId); 101  statement.setResourceClassId(3, resourceClassId); 102  statement.setResourceSystemPermissionId(4, resourcePermission.getSystemPermissionId()); 103  statement.setBoolean(5, resourcePermission.isWithGrantOption()); 104  statement.setResourceClassId(6, resourceClassId); 105  resultSet = statement.executeQuery(); 106  107  while (resultSet.next()) { 108  resources.add(resultSet.getResource("ResourceId", "ExternalId")); 109  } 110  resultSet.close(); 111  112  return resources; 113  } 114  catch (SQLException e) { 115  throw new RuntimeException(e); 116  } 117  finally { 118  closeStatement(statement); 119  } 120  } 121  122  @Override 123  public Set<ResourcePermission> getGlobalSysPermissionsIncludeInherited(SQLConnection connection, 124  Resource accessorResource, 125  Id<ResourceClassId> resourceClassId, 126  Id<DomainId> resourceDomainId) { 127  SQLStatement statement = null; 128  try { 129  // collect the system permissions that the accessor has to the accessed resource 130  SQLResult resultSet; 131  Set<ResourcePermission> resourcePermissions = new HashSet<>(); 132  133  statement = connection.prepareStatement(sqlStrings.SQL_findInGrantGlobalResourcePermissionSys_SysPermissionID_IsWithGrant_BY_AccessorID_AccessedDomainID_ResourceClassID); 134  statement.setResourceId(1, accessorResource); 135  statement.setResourceDomainId(2, resourceDomainId); 136  statement.setResourceClassId(3, resourceClassId); 137  resultSet = statement.executeQuery(); 138  139  while (resultSet.next()) { 140  resourcePermissions.add(getResourceSysPermission(resultSet)); 141  } 142  resultSet.close(); 143  144  return resourcePermissions; 145  } 146  catch (SQLException e) { 147  throw new RuntimeException(e); 148  } 149  finally { 150  closeStatement(statement); 151  } 152  } 153  154  @Override 155  public Map<String, Map<String, Set<ResourcePermission>>> getGlobalSysPermissionsIncludeInherited(SQLConnection connection, 156  Resource accessorResource) { 157  SQLStatement statement = null; 158  try { 159  // collect the system permissions that the accessor has 160  SQLResult resultSet; 161  Map<String, Map<String, Set<ResourcePermission>>> globalSysPermissionsMap = new HashMap<>(); 162  163  statement = connection.prepareStatement(sqlStrings.SQL_findInGrantGlobalResourcePermissionSys_ResourceDomainName_ResourceClassName_SysPermissionID_IsWithGrant_BY_AccessorID); 164  statement.setResourceId(1, accessorResource); 165  resultSet = statement.executeQuery(); 166  167  while (resultSet.next()) { 168  final String resourceDomainName; 169  final String resourceClassName; 170  Map<String, Set<ResourcePermission>> permissionsForResourceDomain; 171  Set<ResourcePermission> resourcePermissionsForResourceClass; 172  173  resourceDomainName = resultSet.getString("DomainName"); 174  resourceClassName = resultSet.getString("ResourceClassName"); 175  176  if ((permissionsForResourceDomain = globalSysPermissionsMap.get(resourceDomainName)) == null) { 177  globalSysPermissionsMap.put(resourceDomainName, 178  permissionsForResourceDomain = new HashMap<>()); 179  } 180  181  if ((resourcePermissionsForResourceClass = permissionsForResourceDomain.get(resourceClassName)) == null) { 182  permissionsForResourceDomain.put(resourceClassName, 183  resourcePermissionsForResourceClass = new HashSet<>()); 184  } 185  186  resourcePermissionsForResourceClass.add(getResourceSysPermission(resultSet)); 187  } 188  resultSet.close(); 189  190  return globalSysPermissionsMap; 191  } 192  catch (SQLException e) { 193  throw new RuntimeException(e); 194  } 195  finally { 196  closeStatement(statement); 197  } 198  } 199  200  @Override 201  public void removeAllGlobalSysPermissions(SQLConnection connection, 202  Id<DomainId> accessedDomainId) { 203  204  SQLStatement statement = null; 205  try { 206  // chose strategy to perform recursive delete based on sql profile 207  if (sqlProfile.isRecursiveDeleteEnabled()) { 208  // prepare the standard recursive delete statement for domain and its children 209  statement = connection.prepareStatement(sqlStrings.SQL_removeInGrantGlobalResourcePermissionSys_withDescendants_BY_AccessedDomainId); 210  211  // revoke any existing system permissions any accessor has to this domain + any resource class 212  statement.setResourceDomainId(1, accessedDomainId); 213  statement.executeUpdate(); 214  } 215  else { 216  // DBMS doesn't support recursive deletion, so we have to remove domain's children's accessors first 217  218  // get descendant domain Ids 219  statement = connection.prepareStatement(sqlStrings.SQL_findInDomain_DescendantResourceDomainID_BY_DomainID_ORDERBY_DomainLevel); 220  statement.setResourceDomainId(1, accessedDomainId); 221  SQLResult resultSet = statement.executeQuery(); 222  223  List<Id<DomainId>> descendantDomainIds = new ArrayList<>(); 224  225  while (resultSet.next()) { 226  descendantDomainIds.add(resultSet.getResourceDomainId("DomainId")); 227  } 228  closeStatement(statement); 229  230  // delete domains' accessors (in reverse order of domainLevel, to preserve FK constraints) 231  statement = connection.prepareStatement(sqlStrings.SQL_removeInGrantGlobalResourcePermissionSys_BY_AccessedDomainId); 232  233  for (int i=descendantDomainIds.size()-1; i >= 0; i--) { 234  statement.setResourceDomainId(1, descendantDomainIds.get(i)); 235  statement.executeUpdate(); 236  } 237  } 238  } 239  catch (SQLException e) { 240  throw new RuntimeException(e); 241  } 242  finally { 243  closeStatement(statement); 244  } 245  } 246 }