Skip to content

Commit

Permalink
CB-4028 delete object permission event
Browse files Browse the repository at this point in the history
  • Loading branch information
@alexander-skoblikov
alexander-skoblikov committed Oct 10, 2023
1 parent 897368b commit cf46d2b
Show file tree
Hide file tree
Showing 2 changed files with 29 additions and 25 deletions.
40 changes: 16 additions & 24 deletions ...beaver.server/src/io/cloudbeaver/server/events/WSObjectPermissionUpdatedEventHandler.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,21 +18,18 @@

import io.cloudbeaver.model.session.BaseWebSession;
import io.cloudbeaver.model.session.WebSession;
import io.cloudbeaver.server.CBPlatform;
import io.cloudbeaver.utils.WebAppUtils;
import org.jkiss.code.NotNull;
import org.jkiss.dbeaver.DBException;
import org.jkiss.dbeaver.Log;
import org.jkiss.dbeaver.model.security.SMObjectPermissionsGrant;
import org.jkiss.dbeaver.model.security.SMObjectType;
import org.jkiss.dbeaver.model.websocket.event.WSEventType;
import org.jkiss.dbeaver.model.websocket.event.WSProjectUpdateEvent;
import org.jkiss.dbeaver.model.websocket.event.datasource.WSDataSourceEvent;
import org.jkiss.dbeaver.model.websocket.event.datasource.WSDataSourceProperty;
import org.jkiss.dbeaver.model.websocket.event.permissions.WSObjectPermissionEvent;

import java.util.HashSet;
import java.util.List;
import java.util.Set;

public class WSObjectPermissionUpdatedEventHandler extends WSDefaultEventHandler<WSObjectPermissionEvent> {
private static final Log log = Log.getLog(WSObjectPermissionUpdatedEventHandler.class);
Expand All @@ -44,24 +41,16 @@ protected void updateSessionData(@NotNull BaseWebSession activeUserSession, @Not
if (event.getSmObjectType() == SMObjectType.datasource && !(activeUserSession instanceof WebSession)) {
return;
}
var user = activeUserSession.getUserContext().getUser();
var objectId = event.getObjectId();

var userSubjects = new HashSet<>(Set.of(user.getTeams()));
userSubjects.add(user.getUserId());

var smController = CBPlatform.getInstance().getApplication().getSecurityController();
var shouldBeAccessible = smController.getObjectPermissionGrants(event.getObjectId(), event.getSmObjectType())
.stream()
.map(SMObjectPermissionsGrant::getSubjectId)
.anyMatch(userSubjects::contains);
boolean isAccessibleNow;
switch (event.getSmObjectType()) {
case project:
var accessibleProjectIds = activeUserSession.getUserContext().getAccessibleProjectIds();
isAccessibleNow = accessibleProjectIds.contains(objectId);
if (shouldBeAccessible && !isAccessibleNow) {
// adding project to session cache
if (WSEventType.OBJECT_PERMISSIONS_UPDATED.getEventId().equals(event.getId())) {
var accessibleProjectIds = activeUserSession.getUserContext().getAccessibleProjectIds();
if (accessibleProjectIds.contains(event.getObjectId())) {
return;
}
activeUserSession.addSessionProject(objectId);
activeUserSession.addSessionEvent(
WSProjectUpdateEvent.create(
Expand All @@ -70,8 +59,7 @@ protected void updateSessionData(@NotNull BaseWebSession activeUserSession, @Not
objectId
)
);
} else if (!shouldBeAccessible && isAccessibleNow) {
// removing project from session cache
} else if (WSEventType.OBJECT_PERMISSIONS_DELETED.getEventId().equals(event.getId())) {
activeUserSession.removeSessionProject(objectId);
activeUserSession.addSessionEvent(
WSProjectUpdateEvent.delete(
Expand All @@ -80,19 +68,23 @@ protected void updateSessionData(@NotNull BaseWebSession activeUserSession, @Not
objectId
)
);
};
}
break;
case datasource:
var webSession = (WebSession) activeUserSession;
var dataSources = List.of(objectId);

var project = webSession.getProjectById(WebAppUtils.getGlobalProjectId());
if (project == null) {
log.error("Project " + WebAppUtils.getGlobalProjectId() +
" is not found in session " + activeUserSession.getSessionId());
return;
}
isAccessibleNow = webSession.findWebConnectionInfo(objectId) != null;
var dataSources = List.of(objectId);
if (shouldBeAccessible && !isAccessibleNow) {
if (WSEventType.OBJECT_PERMISSIONS_UPDATED.getEventId().equals(event.getId())) {
isAccessibleNow = webSession.findWebConnectionInfo(objectId) != null;
if (isAccessibleNow) {
return;
}
webSession.addAccessibleConnectionToCache(objectId);
webSession.addSessionEvent(
WSDataSourceEvent.create(
Expand All @@ -103,7 +95,7 @@ protected void updateSessionData(@NotNull BaseWebSession activeUserSession, @Not
WSDataSourceProperty.CONFIGURATION
)
);
} else if (!shouldBeAccessible && isAccessibleNow) {
} else if (WSEventType.OBJECT_PERMISSIONS_DELETED.getEventId().equals(event.getId())) {
webSession.removeAccessibleConnectionFromCache(objectId);
webSession.addSessionEvent(
WSDataSourceEvent.delete(
Expand Down
14 changes: 13 additions & 1 deletion ...er.service.security/src/io/cloudbeaver/service/security/CBEmbeddedSecurityController.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2343,7 +2343,7 @@ public void deleteObjectPermissions(
dbStat.setString(index++, permission);
}
dbStat.execute();
addObjectPermissionsUpdateEvent(objectIds, objectType);
addObjectPermissionsDeleteEvent(objectIds, objectType);
} catch (SQLException e) {
throw new DBCException("Error granting object permissions", e);
}
Expand Down Expand Up @@ -2379,6 +2379,18 @@ private void addObjectPermissionsUpdateEvent(@NotNull Set<String> objectIds, @No
}
}

private void addObjectPermissionsDeleteEvent(@NotNull Set<String> objectIds, @NotNull SMObjectType objectType) {
for (var objectId : objectIds) {
var event = WSObjectPermissionEvent.delete(
getSmSessionId(),
getUserId(),
objectType,
objectId
);
application.getEventController().addEvent(event);
}
}

@Override
public void deleteAllObjectPermissions(@NotNull String objectId, @NotNull SMObjectType objectType) throws DBException {
try (Connection dbCon = database.openConnection()) {
Expand Down

0 comments on commit cf46d2b

Please sign in to comment.