Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CB-4028 delete/add api for permissions #2024

Merged
merged 20 commits into from
Oct 10, 2023
Merged

CB-4028 delete/add api for permissions #2024

Show file tree
Hide file tree
Changes from 15 commits
Commits
Show all changes
20 commits
Select commit Hold shift + click to select a range
71e0bed
CB-4028 delete/add api for permissions
alexander-skoblikov Sep 26, 2023
b9192c8
Merge remote-tracking branch 'origin/devel' into CB-4028-refactor-sub…
teunlao Sep 29, 2023
f7e89db
feat: add new subjects connection add and delete methods
teunlao Sep 29, 2023
75682bc
CB-4028 fix method name
alexander-skoblikov Sep 29, 2023
76f123c
refactor: subject connection permissions
teunlao Oct 2, 2023
2bc9f48
Merge branch 'devel' into CB-4028-refactor-subject-object-permissions…
Wroud Oct 3, 2023
7f73ff7
fix: after review
teunlao Oct 3, 2023
0ebfeb5
fix: after review
teunlao Oct 3, 2023
1bdd8e8
Merge remote-tracking branch 'origin/devel' into CB-4028-refactor-sub…
alexander-skoblikov Oct 4, 2023
a31a775
Merge remote-tracking branch 'origin/devel' into CB-4028-refactor-sub…
Wroud Oct 5, 2023
b103588
CB-4028 fix: update ts project references
Wroud Oct 5, 2023
d02bbfd
Merge remote-tracking branch 'origin/devel' into CB-4028-refactor-sub…
teunlao Oct 6, 2023
827d7d9
Merge remote-tracking branch 'origin/devel' into CB-4028-refactor-sub…
teunlao Oct 6, 2023
8141c0b
fix: dependencies cycle
teunlao Oct 6, 2023
41fbe71
Merge branch 'devel' into CB-4028-refactor-subject-object-permissions…
EvgeniaBzzz Oct 9, 2023
a6d71e3
Merge remote-tracking branch 'origin/devel' into CB-4028-refactor-sub…
Wroud Oct 9, 2023
0cc1418
chore: fix dependencies
Wroud Oct 9, 2023
7a33865
Merge remote-tracking branch 'origin/devel' into CB-4028-refactor-sub…
alexander-skoblikov Oct 10, 2023
897368b
CB-4028 event for delete
alexander-skoblikov Oct 10, 2023
cf46d2b
CB-4028 delete object permission event
alexander-skoblikov Oct 10, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions server/bundles/io.cloudbeaver.service.admin/schema/service.admin.graphqls
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -157,9 +157,15 @@ extend type Query {
# Permissions

getConnectionSubjectAccess(projectId: ID!, connectionId: ID): [AdminConnectionGrantInfo!]!
@deprecated(reason: "23.2.2")
setConnectionSubjectAccess(projectId: ID!, connectionId: ID!, subjects: [ID!]!): Boolean
@since(version: "23.2.2")
addConnectionsAccess(projectId: ID!, connectionIds: [ID!]!, subjects: [ID!]!): Boolean
@since(version: "23.2.2")
deleteConnectionsAccess(projectId: ID!, connectionIds: [ID!]!, subjects: [ID!]!): Boolean

getSubjectConnectionAccess(subjectId: ID!): [AdminConnectionGrantInfo!]!
@deprecated(reason: "23.2.2")
setSubjectConnectionAccess(subjectId: ID!, connections: [ID!]!): Boolean

#### Feature sets
Expand Down
17 changes: 17 additions & 0 deletions ...undles/io.cloudbeaver.service.admin/src/io/cloudbeaver/service/admin/DBWServiceAdmin.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -147,13 +147,30 @@
@Nullable String projectId,
String connectionId) throws DBWebException;

@Deprecated

Check warning on line 150 in server/bundles/io.cloudbeaver.service.admin/src/io/cloudbeaver/service/admin/DBWServiceAdmin.java

View check run for this annotation

Jenkins-CI-integration / CheckStyle Java Report

server/bundles/io.cloudbeaver.service.admin/src/io/cloudbeaver/service/admin/DBWServiceAdmin.java#L150 

Missing a Javadoc comment.
@WebAction(requirePermissions = DBWConstants.PERMISSION_ADMIN)
boolean setConnectionSubjectAccess(
@NotNull WebSession webSession,
@Nullable String projectId,
@NotNull String connectionId,
@NotNull List<String> subjects) throws DBWebException;

@WebAction(requirePermissions = DBWConstants.PERMISSION_ADMIN)

Check warning on line 158 in server/bundles/io.cloudbeaver.service.admin/src/io/cloudbeaver/service/admin/DBWServiceAdmin.java

View check run for this annotation

Jenkins-CI-integration / CheckStyle Java Report

server/bundles/io.cloudbeaver.service.admin/src/io/cloudbeaver/service/admin/DBWServiceAdmin.java#L158 

Missing a Javadoc comment.
boolean addConnectionsAccess(
@NotNull WebSession webSession,
@Nullable String projectId,
@NotNull List<String> connectionIds,
@NotNull List<String> subjects
) throws DBWebException;

@WebAction(requirePermissions = DBWConstants.PERMISSION_ADMIN)

Check warning on line 166 in server/bundles/io.cloudbeaver.service.admin/src/io/cloudbeaver/service/admin/DBWServiceAdmin.java

View check run for this annotation

Jenkins-CI-integration / CheckStyle Java Report

server/bundles/io.cloudbeaver.service.admin/src/io/cloudbeaver/service/admin/DBWServiceAdmin.java#L166 

Missing a Javadoc comment.
boolean deleteConnectionsAccess(
@NotNull WebSession webSession,
@Nullable String projectId,
@NotNull List<String> connectionIds,
@NotNull List<String> subjects
) throws DBWebException;

@WebAction(requirePermissions = DBWConstants.PERMISSION_ADMIN)
SMDataSourceGrant[] getSubjectConnectionAccess(@NotNull WebSession webSession, @NotNull String subjectId) throws DBWebException;

Expand Down
56 changes: 35 additions & 21 deletions ...io.cloudbeaver.service.admin/src/io/cloudbeaver/service/admin/WebServiceBindingAdmin.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -95,27 +95,41 @@ public void bindWiring(DBWBindingContext model) throws DBWebException {
env -> getService(env).revokeUserTeam(getWebSession(env), env.getArgument("userId"), env.getArgument("teamId")))
.dataFetcher("setSubjectPermissions",
env -> getService(env).setSubjectPermissions(getWebSession(env), env.getArgument("subjectId"), env.getArgument("permissions")))
.dataFetcher("setUserCredentials",
env -> getService(env).setUserCredentials(getWebSession(env), env.getArgument("userId"), env.getArgument("providerId"), env.getArgument("credentials")))
.dataFetcher("deleteUserCredentials",
env -> getService(env).deleteUserCredentials(getWebSession(env), env.getArgument("userId"), env.getArgument("providerId")))
.dataFetcher("enableUser",
env -> getService(env).enableUser(getWebSession(env), env.getArgument("userId"), env.getArgument("enabled")))
.dataFetcher("setUserAuthRole",
env -> getService(env).setUserAuthRole(getWebSession(env), env.getArgument("userId"), env.getArgument("authRole")))
.dataFetcher("searchConnections", env -> getService(env).searchConnections(getWebSession(env), env.getArgument("hostNames")))

.dataFetcher("getConnectionSubjectAccess",
env -> getService(env).getConnectionSubjectAccess(
getWebSession(env),
getProjectReference(env),
env.getArgument("connectionId")))
.dataFetcher("setConnectionSubjectAccess",
env -> getService(env).setConnectionSubjectAccess(
getWebSession(env),
getProjectReference(env),
env.getArgument("connectionId"),
env.getArgument("subjects")))
.dataFetcher("setUserCredentials",
env -> getService(env).setUserCredentials(getWebSession(env),
env.getArgument("userId"),
env.getArgument("providerId"),
env.getArgument("credentials")))
.dataFetcher("deleteUserCredentials",
env -> getService(env).deleteUserCredentials(getWebSession(env), env.getArgument("userId"), env.getArgument("providerId")))
.dataFetcher("enableUser",
env -> getService(env).enableUser(getWebSession(env), env.getArgument("userId"), env.getArgument("enabled")))
.dataFetcher("setUserAuthRole",
env -> getService(env).setUserAuthRole(getWebSession(env), env.getArgument("userId"), env.getArgument("authRole")))
.dataFetcher("searchConnections", env -> getService(env).searchConnections(getWebSession(env), env.getArgument("hostNames")))
.dataFetcher("getConnectionSubjectAccess",
env -> getService(env).getConnectionSubjectAccess(
getWebSession(env),
getProjectReference(env),
env.getArgument("connectionId")))
.dataFetcher("setConnectionSubjectAccess",
env -> getService(env).setConnectionSubjectAccess(
getWebSession(env),
getProjectReference(env),
env.getArgument("connectionId"),
env.getArgument("subjects")))
.dataFetcher("addConnectionsAccess",
env -> getService(env).addConnectionsAccess(
getWebSession(env),
getProjectReference(env),
env.getArgument("connectionIds"),
env.getArgument("subjects")))
.dataFetcher("deleteConnectionsAccess",
env -> getService(env).deleteConnectionsAccess(
getWebSession(env),
getProjectReference(env),
env.getArgument("connectionIds"),
env.getArgument("subjects")))

.dataFetcher("getSubjectConnectionAccess",
env -> getService(env).getSubjectConnectionAccess(getWebSession(env), env.getArgument("subjectId")))
Expand Down
75 changes: 67 additions & 8 deletions ...s/io.cloudbeaver.service.admin/src/io/cloudbeaver/service/admin/impl/WebServiceAdmin.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -610,14 +610,7 @@ public boolean setConnectionSubjectAccess(
@NotNull String connectionId,
@NotNull List<String> subjects
) throws DBWebException {
DBPProject globalProject = webSession.getProjectById(projectId);
if (!WebServiceUtils.isGlobalProject(globalProject)) {
throw new DBWebException("Project '" + projectId + "'is not global");
}
DBPDataSourceContainer dataSource = getDataSourceRegistry(webSession, projectId).getDataSource(connectionId);
if (dataSource == null) {
throw new DBWebException("Connection '" + connectionId + "' not found");
}
validateThatConnectionGlobal(webSession, projectId, List.of(connectionId));
WebUser grantor = webSession.getUser();
if (grantor == null) {
throw new DBWebException("Cannot grant connection access in anonymous mode");
Expand All @@ -635,6 +628,72 @@ public boolean setConnectionSubjectAccess(
return true;
}

void validateThatConnectionGlobal(WebSession webSession, String projectId, Collection<String> connectionIds) throws DBWebException {
DBPProject globalProject = webSession.getProjectById(projectId);
if (!WebServiceUtils.isGlobalProject(globalProject)) {
throw new DBWebException("Project '" + projectId + "'is not global");
}
for (String connectionId : connectionIds) {
DBPDataSourceContainer dataSource = getDataSourceRegistry(webSession, projectId).getDataSource(connectionId);
if (dataSource == null) {
throw new DBWebException("Connection '" + connectionId + "' not found");
}
}
}

@Override
public boolean addConnectionsAccess(
@NotNull WebSession webSession,
@Nullable String projectId,
@NotNull List<String> connectionIds,
@NotNull List<String> subjects
) throws DBWebException {
validateThatConnectionGlobal(webSession, projectId, connectionIds);
WebUser grantor = webSession.getUser();
if (grantor == null) {
throw new DBWebException("Cannot grant connection access in anonymous mode");
}
try {
var adminSM = webSession.getAdminSecurityController();
adminSM.addObjectPermissions(
new HashSet<>(connectionIds),
SMObjectType.datasource,
new HashSet<>(subjects),
Set.of(SMConstants.DATA_SOURCE_ACCESS_PERMISSION),
grantor.getUserId()
);
} catch (DBException e) {
throw new DBWebException("Error adding connection subject access", e);
}
return true;
}

@Override
public boolean deleteConnectionsAccess(
@NotNull WebSession webSession,
@Nullable String projectId,
@NotNull List<String> connectionIds,
@NotNull List<String> subjects
) throws DBWebException {
validateThatConnectionGlobal(webSession, projectId, connectionIds);
WebUser grantor = webSession.getUser();
if (grantor == null) {
throw new DBWebException("Cannot grant connection access in anonymous mode");
}
try {
var adminSM = webSession.getAdminSecurityController();
adminSM.deleteObjectPermissions(
new HashSet<>(connectionIds),
SMObjectType.datasource,
new HashSet<>(subjects),
Set.of(SMConstants.DATA_SOURCE_ACCESS_PERMISSION)
);
} catch (DBException e) {
throw new DBWebException("Error adding connection subject access", e);
}
return true;
}

@Override
public SMDataSourceGrant[] getSubjectConnectionAccess(@NotNull WebSession webSession, @NotNull String subjectId) throws DBWebException {
try {
Expand Down
8 changes: 8 additions & 0 deletions server/bundles/io.cloudbeaver.service.rm/schema/service.rm.graphqls
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -98,9 +98,17 @@ extend type Mutation {

rmDeleteProject(projectId: ID!): Boolean!

@deprecated
rmSetProjectPermissions(projectId: String!, permissions: [RMSubjectProjectPermissions!]!): Boolean!

@deprecated
rmSetSubjectProjectPermissions(subjectId: String!, permissions: [RMProjectPermissions!]!): Boolean!

@since(version: "23.2.2")
rmAddProjectsPermissions(projectIds: [ID!]!, subjectIds: [ID!]!, permissions:[String!]! ): Boolean
@since(version: "23.2.2")
rmDeleteProjectsPermissions(projectIds: [ID!]!, subjectIds: [ID!]!, permissions:[String!]!): Boolean


rmSetResourceProperty(projectId: String!, resourcePath: String!, name: ID!, value: String): Boolean!
}
18 changes: 18 additions & 0 deletions server/bundles/io.cloudbeaver.service.rm/src/io/cloudbeaver/service/rm/DBWServiceRM.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -136,6 +136,7 @@
@WebAction(requirePermissions = {RMConstants.PERMISSION_RM_ADMIN})
List<AdminPermissionInfo> listProjectPermissions() throws DBWebException;

@Deprecated

Check warning on line 139 in server/bundles/io.cloudbeaver.service.rm/src/io/cloudbeaver/service/rm/DBWServiceRM.java

View check run for this annotation

Jenkins-CI-integration / CheckStyle Java Report

server/bundles/io.cloudbeaver.service.rm/src/io/cloudbeaver/service/rm/DBWServiceRM.java#L139 

Missing a Javadoc comment.
@WebProjectAction(
requireProjectPermissions = RMConstants.PERMISSION_PROJECT_ADMIN
)
Expand All @@ -145,13 +146,30 @@
@NotNull RMSubjectProjectPermissions projectPermissions
) throws DBWebException;

@Deprecated

Check warning on line 149 in server/bundles/io.cloudbeaver.service.rm/src/io/cloudbeaver/service/rm/DBWServiceRM.java

View check run for this annotation

Jenkins-CI-integration / CheckStyle Java Report

server/bundles/io.cloudbeaver.service.rm/src/io/cloudbeaver/service/rm/DBWServiceRM.java#L149 

Missing a Javadoc comment.
@WebAction(requirePermissions = DBWConstants.PERMISSION_ADMIN)
boolean setSubjectProjectPermissions(
@NotNull WebSession webSession,
@NotNull String subjectId,
@NotNull RMProjectPermissions projectPermissions
) throws DBWebException;

@WebAction(requirePermissions = DBWConstants.PERMISSION_ADMIN)

Check warning on line 157 in server/bundles/io.cloudbeaver.service.rm/src/io/cloudbeaver/service/rm/DBWServiceRM.java

View check run for this annotation

Jenkins-CI-integration / CheckStyle Java Report

server/bundles/io.cloudbeaver.service.rm/src/io/cloudbeaver/service/rm/DBWServiceRM.java#L157 

Missing a Javadoc comment.
boolean deleteProjectsPermissions(
@NotNull WebSession webSession,
@NotNull List<String> projectIds,
@NotNull List<String> subjectIds,
@NotNull List<String> permissions
) throws DBWebException;

@WebAction(requirePermissions = DBWConstants.PERMISSION_ADMIN)

Check warning on line 165 in server/bundles/io.cloudbeaver.service.rm/src/io/cloudbeaver/service/rm/DBWServiceRM.java

View check run for this annotation

Jenkins-CI-integration / CheckStyle Java Report

server/bundles/io.cloudbeaver.service.rm/src/io/cloudbeaver/service/rm/DBWServiceRM.java#L165 

Missing a Javadoc comment.
boolean addProjectsPermissions(
@NotNull WebSession webSession,
@NotNull List<String> projectIds,
@NotNull List<String> subjectIds,
@NotNull List<String> permissions
) throws DBWebException;

@WebProjectAction(
requireProjectPermissions = RMConstants.PERMISSION_PROJECT_ADMIN
)
Expand Down
12 changes: 12 additions & 0 deletions .../bundles/io.cloudbeaver.service.rm/src/io/cloudbeaver/service/rm/WebServiceBindingRM.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -112,6 +112,18 @@ public void bindWiring(DBWBindingContext model) throws DBWebException {
env.getArgument("subjectId"),
new RMProjectPermissions(env.getArgument("permissions"))
))
.dataFetcher("rmAddProjectsPermissions", env -> getService(env).addProjectsPermissions(
getWebSession(env),
env.getArgument("projectIds"),
env.getArgument("subjectIds"),
env.getArgument("permissions")
))
.dataFetcher("rmDeleteProjectsPermissions", env -> getService(env).addProjectsPermissions(
getWebSession(env),
env.getArgument("projectIds"),
env.getArgument("subjectIds"),
env.getArgument("permissions")
))
;
}
}
44 changes: 44 additions & 0 deletions ...er/bundles/io.cloudbeaver.service.rm/src/io/cloudbeaver/service/rm/impl/WebServiceRM.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,7 @@
import org.jkiss.dbeaver.model.websocket.event.resource.WSResourceProperty;

import java.nio.charset.StandardCharsets;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
Expand Down Expand Up @@ -349,6 +350,49 @@ public boolean setSubjectProjectPermissions(
}
}

@Override
public boolean deleteProjectsPermissions(
@NotNull WebSession webSession,
@NotNull List<String> projectIds,
@NotNull List<String> subjectIds,
@NotNull List<String> permissions
) throws DBWebException {
try {
SMAdminController smAdminController = webSession.getAdminSecurityController();
smAdminController.deleteObjectPermissions(
new HashSet<>(projectIds),
SMObjectType.project,
new HashSet<>(subjectIds),
new HashSet<>(permissions)
);
return true;
} catch (Exception e) {
throw new DBWebException("Error deleting project permissions", e);
}
}

@Override
public boolean addProjectsPermissions(
@NotNull WebSession webSession,
@NotNull List<String> projectIds,
@NotNull List<String> subjectIds,
@NotNull List<String> permissions
) throws DBWebException {
try {
SMAdminController smAdminController = webSession.getAdminSecurityController();
smAdminController.addObjectPermissions(
new HashSet<>(projectIds),
SMObjectType.project,
new HashSet<>(subjectIds),
new HashSet<>(permissions),
webSession.getUserId()
);
return true;
} catch (Exception e) {
throw new DBWebException("Error adding project permissions", e);
}
}

@Override
public List<SMObjectPermissionsGrant> listProjectGrantedPermissions(@NotNull WebSession webSession,
@NotNull String projectId
Expand Down
Loading
Loading