From cf46d2b9b0690b65e6576df1a2c510f22174a60b Mon Sep 17 00:00:00 2001 From: Aleksandr Skoblikov Date: Tue, 10 Oct 2023 14:05:14 +0200 Subject: [PATCH] CB-4028 delete object permission event --- ...WSObjectPermissionUpdatedEventHandler.java | 40 ++++++++----------- .../CBEmbeddedSecurityController.java | 14 ++++++- 2 files changed, 29 insertions(+), 25 deletions(-) diff --git a/server/bundles/io.cloudbeaver.server/src/io/cloudbeaver/server/events/WSObjectPermissionUpdatedEventHandler.java b/server/bundles/io.cloudbeaver.server/src/io/cloudbeaver/server/events/WSObjectPermissionUpdatedEventHandler.java index 729a60eecd..3076c5f1ae 100644 --- a/server/bundles/io.cloudbeaver.server/src/io/cloudbeaver/server/events/WSObjectPermissionUpdatedEventHandler.java +++ b/server/bundles/io.cloudbeaver.server/src/io/cloudbeaver/server/events/WSObjectPermissionUpdatedEventHandler.java @@ -18,21 +18,18 @@ import io.cloudbeaver.model.session.BaseWebSession; import io.cloudbeaver.model.session.WebSession; -import io.cloudbeaver.server.CBPlatform; import io.cloudbeaver.utils.WebAppUtils; import org.jkiss.code.NotNull; import org.jkiss.dbeaver.DBException; import org.jkiss.dbeaver.Log; -import org.jkiss.dbeaver.model.security.SMObjectPermissionsGrant; import org.jkiss.dbeaver.model.security.SMObjectType; +import org.jkiss.dbeaver.model.websocket.event.WSEventType; import org.jkiss.dbeaver.model.websocket.event.WSProjectUpdateEvent; import org.jkiss.dbeaver.model.websocket.event.datasource.WSDataSourceEvent; import org.jkiss.dbeaver.model.websocket.event.datasource.WSDataSourceProperty; import org.jkiss.dbeaver.model.websocket.event.permissions.WSObjectPermissionEvent; -import java.util.HashSet; import java.util.List; -import java.util.Set; public class WSObjectPermissionUpdatedEventHandler extends WSDefaultEventHandler { private static final Log log = Log.getLog(WSObjectPermissionUpdatedEventHandler.class); @@ -44,24 +41,16 @@ protected void updateSessionData(@NotNull BaseWebSession activeUserSession, @Not if (event.getSmObjectType() == SMObjectType.datasource && !(activeUserSession instanceof WebSession)) { return; } - var user = activeUserSession.getUserContext().getUser(); var objectId = event.getObjectId(); - var userSubjects = new HashSet<>(Set.of(user.getTeams())); - userSubjects.add(user.getUserId()); - - var smController = CBPlatform.getInstance().getApplication().getSecurityController(); - var shouldBeAccessible = smController.getObjectPermissionGrants(event.getObjectId(), event.getSmObjectType()) - .stream() - .map(SMObjectPermissionsGrant::getSubjectId) - .anyMatch(userSubjects::contains); boolean isAccessibleNow; switch (event.getSmObjectType()) { case project: - var accessibleProjectIds = activeUserSession.getUserContext().getAccessibleProjectIds(); - isAccessibleNow = accessibleProjectIds.contains(objectId); - if (shouldBeAccessible && !isAccessibleNow) { - // adding project to session cache + if (WSEventType.OBJECT_PERMISSIONS_UPDATED.getEventId().equals(event.getId())) { + var accessibleProjectIds = activeUserSession.getUserContext().getAccessibleProjectIds(); + if (accessibleProjectIds.contains(event.getObjectId())) { + return; + } activeUserSession.addSessionProject(objectId); activeUserSession.addSessionEvent( WSProjectUpdateEvent.create( @@ -70,8 +59,7 @@ protected void updateSessionData(@NotNull BaseWebSession activeUserSession, @Not objectId ) ); - } else if (!shouldBeAccessible && isAccessibleNow) { - // removing project from session cache + } else if (WSEventType.OBJECT_PERMISSIONS_DELETED.getEventId().equals(event.getId())) { activeUserSession.removeSessionProject(objectId); activeUserSession.addSessionEvent( WSProjectUpdateEvent.delete( @@ -80,19 +68,23 @@ protected void updateSessionData(@NotNull BaseWebSession activeUserSession, @Not objectId ) ); - }; + } break; case datasource: var webSession = (WebSession) activeUserSession; + var dataSources = List.of(objectId); + var project = webSession.getProjectById(WebAppUtils.getGlobalProjectId()); if (project == null) { log.error("Project " + WebAppUtils.getGlobalProjectId() + " is not found in session " + activeUserSession.getSessionId()); return; } - isAccessibleNow = webSession.findWebConnectionInfo(objectId) != null; - var dataSources = List.of(objectId); - if (shouldBeAccessible && !isAccessibleNow) { + if (WSEventType.OBJECT_PERMISSIONS_UPDATED.getEventId().equals(event.getId())) { + isAccessibleNow = webSession.findWebConnectionInfo(objectId) != null; + if (isAccessibleNow) { + return; + } webSession.addAccessibleConnectionToCache(objectId); webSession.addSessionEvent( WSDataSourceEvent.create( @@ -103,7 +95,7 @@ protected void updateSessionData(@NotNull BaseWebSession activeUserSession, @Not WSDataSourceProperty.CONFIGURATION ) ); - } else if (!shouldBeAccessible && isAccessibleNow) { + } else if (WSEventType.OBJECT_PERMISSIONS_DELETED.getEventId().equals(event.getId())) { webSession.removeAccessibleConnectionFromCache(objectId); webSession.addSessionEvent( WSDataSourceEvent.delete( diff --git a/server/bundles/io.cloudbeaver.service.security/src/io/cloudbeaver/service/security/CBEmbeddedSecurityController.java b/server/bundles/io.cloudbeaver.service.security/src/io/cloudbeaver/service/security/CBEmbeddedSecurityController.java index a31448f4c9..ec5407dc53 100644 --- a/server/bundles/io.cloudbeaver.service.security/src/io/cloudbeaver/service/security/CBEmbeddedSecurityController.java +++ b/server/bundles/io.cloudbeaver.service.security/src/io/cloudbeaver/service/security/CBEmbeddedSecurityController.java @@ -2343,7 +2343,7 @@ public void deleteObjectPermissions( dbStat.setString(index++, permission); } dbStat.execute(); - addObjectPermissionsUpdateEvent(objectIds, objectType); + addObjectPermissionsDeleteEvent(objectIds, objectType); } catch (SQLException e) { throw new DBCException("Error granting object permissions", e); } @@ -2379,6 +2379,18 @@ private void addObjectPermissionsUpdateEvent(@NotNull Set objectIds, @No } } + private void addObjectPermissionsDeleteEvent(@NotNull Set objectIds, @NotNull SMObjectType objectType) { + for (var objectId : objectIds) { + var event = WSObjectPermissionEvent.delete( + getSmSessionId(), + getUserId(), + objectType, + objectId + ); + application.getEventController().addEvent(event); + } + } + @Override public void deleteAllObjectPermissions(@NotNull String objectId, @NotNull SMObjectType objectType) throws DBException { try (Connection dbCon = database.openConnection()) {