Skip to content

Commit

Permalink
Merge pull request #95 from kanton-bern/feature/HELLODATA-1808_create…
Browse files Browse the repository at this point in the history 
…_teams_for_new_DD

HELLODATA-1808 - create teams and auth_subject_ids for new Data Domai…
  • Loading branch information
@wieczorslawo
wieczorslawo authored Nov 29, 2024
2 parents 7aa8feb + ee3827b commit 4b7eb96
Show file tree
Hide file tree
Showing 5 changed files with 115 additions and 2 deletions.
20 changes: 20 additions & 0 deletions .../main/java/ch/bedag/dap/hellodata/sidecars/cloudbeaver/entities/cbnative/AuthSubject.java
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
package ch.bedag.dap.hellodata.sidecars.cloudbeaver.entities.cbnative;

import jakarta.persistence.Entity;
import jakarta.persistence.Id;
import jakarta.persistence.Table;
import lombok.EqualsAndHashCode;
import lombok.Getter;
import lombok.Setter;

@Getter
@Setter
@EqualsAndHashCode
@Entity
@Table(name = "cb_auth_subject")
public class AuthSubject {
@Id
private String subjectId;
private String subjectType;
private Boolean isSecretStorage;
}
23 changes: 23 additions & 0 deletions ...ver/src/main/java/ch/bedag/dap/hellodata/sidecars/cloudbeaver/entities/cbnative/Team.java
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
package ch.bedag.dap.hellodata.sidecars.cloudbeaver.entities.cbnative;

import jakarta.persistence.Entity;
import jakarta.persistence.Id;
import jakarta.persistence.Table;
import lombok.EqualsAndHashCode;
import lombok.Getter;
import lombok.Setter;

import java.time.LocalDateTime;

@Getter
@Setter
@EqualsAndHashCode
@Entity
@Table(name = "cb_team")
public class Team {
@Id
private String teamId;
private String teamName;
private String teamDescription;
private LocalDateTime createTime;
}
14 changes: 14 additions & 0 deletions ...in/java/ch/bedag/dap/hellodata/sidecars/cloudbeaver/repository/AuthSubjectRepository.java
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
package ch.bedag.dap.hellodata.sidecars.cloudbeaver.repository;

import ch.bedag.dap.hellodata.sidecars.cloudbeaver.entities.cbnative.AuthSubject;
import org.springframework.data.jpa.repository.JpaRepository;
import org.springframework.stereotype.Repository;

import java.util.List;

@Repository
public interface AuthSubjectRepository extends JpaRepository<AuthSubject, String> {

List<AuthSubject> findBySubjectId(String subjectId);

}
14 changes: 14 additions & 0 deletions .../src/main/java/ch/bedag/dap/hellodata/sidecars/cloudbeaver/repository/TeamRepository.java
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
package ch.bedag.dap.hellodata.sidecars.cloudbeaver.repository;

import ch.bedag.dap.hellodata.sidecars.cloudbeaver.entities.cbnative.Team;
import org.springframework.data.jpa.repository.JpaRepository;
import org.springframework.stereotype.Repository;

import java.util.List;

@Repository
public interface TeamRepository extends JpaRepository<Team, String> {

List<Team> findByTeamId(String teamName);

}
46 changes: 44 additions & 2 deletions ...er/src/main/java/ch/bedag/dap/hellodata/sidecars/cloudbeaver/service/SecurityService.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,23 +29,32 @@
import ch.bedag.dap.hellodata.commons.SlugifyUtil;
import ch.bedag.dap.hellodata.sidecars.cloudbeaver.entities.Privilege;
import ch.bedag.dap.hellodata.sidecars.cloudbeaver.entities.Role;
import ch.bedag.dap.hellodata.sidecars.cloudbeaver.entities.cbnative.AuthSubject;
import ch.bedag.dap.hellodata.sidecars.cloudbeaver.entities.cbnative.Team;
import ch.bedag.dap.hellodata.sidecars.cloudbeaver.repository.AuthSubjectRepository;
import ch.bedag.dap.hellodata.sidecars.cloudbeaver.repository.PrivilegeRepository;
import ch.bedag.dap.hellodata.sidecars.cloudbeaver.repository.RoleRepository;
import java.util.Collection;
import java.util.Set;
import ch.bedag.dap.hellodata.sidecars.cloudbeaver.repository.TeamRepository;
import lombok.RequiredArgsConstructor;
import lombok.extern.log4j.Log4j2;
import org.apache.commons.compress.utils.Sets;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;

import java.time.LocalDateTime;
import java.util.Collection;
import java.util.List;
import java.util.Set;

@RequiredArgsConstructor
@Log4j2
@Service
public class SecurityService {

private final RoleRepository roleRepository;
private final PrivilegeRepository privilegeRepository;
private final AuthSubjectRepository authSubjectRepository;
private final TeamRepository teamRepository;

@Transactional
public void createDataDomainRoles(Set<String> contextKeys) {
Expand All @@ -57,12 +66,45 @@ public void createDataDomainRoles(Set<String> contextKeys) {
createCbRole(contextKey, readOnDwhPrivilege);
// create role for _LZN tables access
createCbRole(contextKey, readOnLznPrivilege);

// create teams + auth_subject_id entries
String cbAuthSubjectReadDM = contextKey + "_" + Privilege.READ_DM_PRIVILEGE;
createCbAuthSubjectIfNotFound(cbAuthSubjectReadDM);
createCbTeamIfNotFound(cbAuthSubjectReadDM, false, contextKey);
String cbAuthSubjectReadDWH = contextKey + "_" + Privilege.READ_DWH_PRIVILEGE;
createCbAuthSubjectIfNotFound(cbAuthSubjectReadDWH);
createCbTeamIfNotFound(cbAuthSubjectReadDWH, true, contextKey);
});

// create an admin user role
createRoleIfNotFound(Role.ADMIN_ROLE_KEY, Role.ADMIN_ROLE_NAME, Sets.newHashSet(readOnDwhPrivilege, readOnLznPrivilege));
}

private void createCbTeamIfNotFound(String teamId, boolean dwh, String contextKey) {
List<Team> teams = teamRepository.findByTeamId(teamId);
if (teams.isEmpty()) {
Team team = new Team();
team.setTeamId(teamId);
team.setTeamName(teamId);
team.setTeamDescription(String.format("User to read on %s in %s", dwh ? "all tables" : "_dm", contextKey));
team.setCreateTime(LocalDateTime.now());
teamRepository.save(team);
log.info("Team with id {} not found, created {}", teamId, team);
}
}

private void createCbAuthSubjectIfNotFound(String cbAuthSubject) {
List<AuthSubject> authSubjects = authSubjectRepository.findBySubjectId(cbAuthSubject);
if (authSubjects.isEmpty()) {
AuthSubject authSubject = new AuthSubject();
authSubject.setSubjectType("R");
authSubject.setSubjectId(cbAuthSubject);
authSubject.setIsSecretStorage(true);
authSubjectRepository.saveAndFlush(authSubject);
log.info("Subject with id {} not found, created", cbAuthSubject);
}
}

private void createCbRole(String contextKey, Privilege privilege) {
String roleName = SlugifyUtil.slugify(contextKey, "").toUpperCase() + "_" + privilege.getName().toUpperCase();
String roleKey = contextKey + "_" + privilege.getName().toUpperCase();
Expand Down

0 comments on commit 4b7eb96

Please sign in to comment.