Commit f1f0894a authored by Matija Obreza's avatar Matija Obreza
Browse files

Data migration for User and OAuthClient extend AclSid

parent 767e8087
......@@ -154,7 +154,7 @@ public class OAuthClient extends AclSid implements ClientDetails, Copyable<OAuth
public OAuthClient() {
setPrincipal(true);
}
@PrePersist
private void assignSid() {
flatten();
......@@ -162,7 +162,7 @@ public class OAuthClient extends AclSid implements ClientDetails, Copyable<OAuth
// Use clientId as SID name
setSid(clientId);
}
/**
* Flatten.
*/
......@@ -541,6 +541,11 @@ public class OAuthClient extends AclSid implements ClientDetails, Copyable<OAuth
return description;
}
@Override
public String getFullName() {
return this.clientId;
}
/**
* Returns null.
*
......
......@@ -21,6 +21,7 @@ import javax.persistence.CascadeType;
import javax.persistence.Column;
import javax.persistence.DiscriminatorColumn;
import javax.persistence.DiscriminatorType;
import javax.persistence.DiscriminatorValue;
import javax.persistence.Entity;
import javax.persistence.FetchType;
import javax.persistence.Inheritance;
......@@ -31,6 +32,7 @@ import javax.persistence.Table;
import com.fasterxml.jackson.annotation.JsonIgnore;
import org.genesys.blocks.model.AuditedVersionedModel;
import org.hibernate.annotations.DiscriminatorOptions;
/**
* ACL SID uniquely identifies any principal or authority in the system ("SID"
......@@ -45,6 +47,8 @@ import org.genesys.blocks.model.AuditedVersionedModel;
/// table with JDBC.
@Inheritance(strategy = InheritanceType.JOINED)
@DiscriminatorColumn(name = "type", discriminatorType = DiscriminatorType.INTEGER)
@DiscriminatorValue(value = "0")
@DiscriminatorOptions(force = false)
public class AclSid extends AuditedVersionedModel {
/** The Constant serialVersionUID. */
......@@ -141,4 +145,14 @@ public class AclSid extends AuditedVersionedModel {
public void setAclEntries(final List<AclEntry> aclEntries) {
this.aclEntries = aclEntries;
}
/**
* Subclasses should override this method and return a sensible display name for
* the SID
*
* @return SID full name
*/
public String getFullName() {
return this.sid;
}
}
......@@ -48,6 +48,10 @@ import org.springframework.security.core.userdetails.UserDetails;
/**
* The Class BasicUser.
*
* When you extend this class, make sure you use:
*
* <pre>@DiscriminatorValue(value = "1")</pre>
*
* @param <R> the generic type
*/
@MappedSuperclass
......@@ -182,6 +186,7 @@ public abstract class BasicUser<R extends GrantedAuthority> extends AclSid imple
*
* @return the full name
*/
@Override
public String getFullName() {
return fullName;
}
......
......@@ -337,8 +337,14 @@ public class CustomAclServiceImpl implements CustomAclService {
@Override
@PreAuthorize("hasRole('ADMINISTRATOR') or hasPermission(#entity, 'ADMINISTRATION')")
public void updatePermissions(final AclAwareModel entity, final AclSid sid, final Map<Integer, Boolean> permissions) {
boolean oneGranting = false;
final AclObjectIdentity objectIdentity = getObjectIdentity(entity);
updatePermissions(objectIdentity, sid, permissions);
}
@Override
@PreAuthorize("hasRole('ADMINISTRATOR') or hasPermission(#objectIdentity.objectIdIdentity, #objectIdentity.aclClass.aclClass, 'ADMINISTRATION')")
public void updatePermissions(AclObjectIdentity objectIdentity, AclSid sid, Map<Integer, Boolean> permissions) {
boolean oneGranting = false;
final List<AclEntry> aclEntries = aclEntryPersistence.findBySidAndObjectIdentity(sid, objectIdentity);
for (final AclEntry aclEntry : aclEntries) {
aclEntry.setGranting(permissions.get((int) aclEntry.getMask()));
......@@ -355,12 +361,6 @@ public class CustomAclServiceImpl implements CustomAclService {
clearAclCache();
}
@Override
@PreAuthorize("hasRole('ADMINISTRATOR') or hasPermission(#objectIdentity.objectIdIdentity, #objectIdentity.aclClass.aclClass, 'ADMINISTRATION')")
public void updatePermissions(AclObjectIdentity objectIdentity, AclSid sid, Map<Integer, Boolean> permissions) {
updatePermissions(objectIdentity, sid, permissions);
}
/*
* (non-Javadoc)
* @see org.genesys.blocks.security.service.CustomAclService#getAclEntries(org.
......
......@@ -93,3 +93,280 @@ databaseChangeLog:
- column:
name: username
type: varchar(100)
# User and OAuthClient extend AclSid
- changeSet:
id: 1509390480000-1
author: matijaobreza
comment: Migrate ACL to app-blocks-1.3-SNAPSHOT
changes:
- dropForeignKeyConstraint:
baseTableName: acl_entry
constraintName: FK_fhuoesmjef3mrv0gpja4shvcr
- dropForeignKeyConstraint:
baseTableName: acl_entry
constraintName: FK_i6xyfccd4y3wlwhgwpo4a9rm1
- dropForeignKeyConstraint:
baseTableName: acl_object_identity
constraintName: FK_nxv5we2ion9fwedbkge7syoc3
- dropUniqueConstraint:
tableName: acl_entry
constraintName: UK_gh5egfpe4gaqokya6s0567b0l
- renameTable:
oldTableName: acl_sid
newTableName: acl_sid_backup
- renameTable:
oldTableName: acl_entry
newTableName: acl_entry_backup
- createTable:
columns:
- column:
constraints:
nullable: true
name: type
type: INT
- column:
autoIncrement: true
constraints:
primaryKey: true
name: id
type: BIGINT
- column:
constraints:
nullable: false
name: active
type: BIT(1)
defaultValue: true
- column:
constraints:
nullable: false
name: version
type: INT
- column:
name: createdBy
type: BIGINT
- column:
name: createdDate
type: datetime(6)
- column:
name: lastModifiedBy
type: BIGINT
- column:
name: lastModifiedDate
type: datetime(6)
- column:
constraints:
nullable: false
name: principal
type: BIT(1)
- column:
constraints:
nullable: false
name: sid
type: VARCHAR(100)
tableName: acl_sid
- createTable:
columns:
- column:
autoIncrement: true
constraints:
primaryKey: true
name: id
type: BIGINT
- column:
constraints:
nullable: false
name: ace_order
type: BIGINT
- column:
constraints:
nullable: false
name: audit_failure
type: BIT(1)
- column:
constraints:
nullable: false
name: audit_success
type: BIT(1)
- column:
constraints:
nullable: false
name: granting
type: BIT(1)
- column:
constraints:
nullable: false
name: mask
type: BIGINT
- column:
constraints:
nullable: false
name: acl_object_identity
type: BIGINT
- column:
constraints:
nullable: false
name: sid
type: BIGINT
tableName: acl_entry
- addUniqueConstraint:
columnNames: acl_object_identity, ace_order
constraintName: UK_gh5egfpe4gaqokya6s0567b0l
tableName: acl_entry
# Migrate User data to AclSid
- sql:
comment: Migrate all users with their existing IDs to acl_sid
sql: >-
insert into acl_sid
(type, id, active, version, createdBy, createdDate, lastModifiedBy,
lastModifiedDate, principal, sid)
select
1, id, active, version, createdBy, createdDate, lastModifiedBy,
lastModifiedDate, true, uuid
from user;
- addForeignKeyConstraint:
baseColumnNames: id
baseTableName: user
constraintName: FK_8qtpnv06elxuryeuv1ac4ximm
deferrable: false
initiallyDeferred: false
onDelete: NO ACTION
onUpdate: NO ACTION
referencedColumnNames: id
referencedTableName: acl_sid
- dropColumn:
tableName: user
columnName: active
- dropColumn:
tableName: user
columnName: version
- dropColumn:
tableName: user
columnName: createdBy
- dropColumn:
tableName: user
columnName: createdDate
- dropColumn:
tableName: user
columnName: lastModifiedBy
- dropColumn:
tableName: user
columnName: lastModifiedDate
# Migrate OAuthClient data to AclSid
- sql:
comment: Migrate OAuthClient to AclSid, they get new IDs, but we can find them with clientId as acl_sid.sid
sql: >-
insert into acl_sid
(type, active, version, createdBy, createdDate, lastModifiedBy,
lastModifiedDate, principal, sid)
select
2, active, version, createdBy, createdDate, lastModifiedBy,
lastModifiedDate, true, clientId
from oauthclient;
- sql:
comment: Update OAuthClient#id values to their new IDs as per acl_sid
sql: >-
update oauthclient oa
join acl_sid sid on sid.sid=oa.clientId
set oa.id=sid.id
- addForeignKeyConstraint:
baseColumnNames: id
baseTableName: oauthclient
constraintName: FK_j9t6kj0254t7knyn57orqyaxk
deferrable: false
initiallyDeferred: false
onDelete: NO ACTION
onUpdate: NO ACTION
referencedColumnNames: id
referencedTableName: acl_sid
- dropColumn:
tableName: oauthclient
columnName: active
- dropColumn:
tableName: oauthclient
columnName: version
- dropColumn:
tableName: oauthclient
columnName: createdBy
- dropColumn:
tableName: oauthclient
columnName: createdDate
- dropColumn:
tableName: oauthclient
columnName: lastModifiedBy
- dropColumn:
tableName: oauthclient
columnName: lastModifiedDate
# Migrate acl_object_identity#owner_sid because these have changed
- sql:
comment: Migrate acl_object_identity#owner_sid because these have changed
sql: >-
update acl_object_identity oid
join acl_sid_backup oldsid on oldsid.id=oid.owner_sid
join acl_sid newsid on newsid.sid=oldsid.sid
set oid.owner_sid=newsid.id
- addForeignKeyConstraint:
baseColumnNames: owner_sid
baseTableName: acl_object_identity
constraintName: FK_nxv5we2ion9fwedbkge7syoc3
deferrable: false
initiallyDeferred: false
onDelete: NO ACTION
onUpdate: NO ACTION
referencedColumnNames: id
referencedTableName: acl_sid
# Migrate acl_sid_backup data for authorities (roles) -- i.e. everything that has not moved
- sql:
comment: Delete invalid authority records from acl_sid_backup (users and oauthclients)
sql: >-
delete oldsid from acl_sid_backup oldsid
inner join acl_sid newsid on newsid.sid=oldsid.sid
where oldsid.principal = 0;
- sql:
comment: Generate new acl_sid for ROLE entries (AclSid.type==0)
sql: >-
insert into acl_sid
(type, active, version, createdBy, createdDate, lastModifiedBy,
lastModifiedDate, principal, sid)
select
0, 1, 0, null, now(), null,
now(), false, sid
from acl_sid_backup where principal = 0;
# Migrate acl_entry data
- sql:
comment: Migrate acl_entry_backup data to acl_entry, using new acl_sid#id instead of the old one
sql: >-
insert into acl_entry
(ace_order, audit_failure, audit_success, granting, mask, acl_object_identity, sid)
select
e.ace_order, e.audit_failure, e.audit_success, e.granting, e.mask, e.acl_object_identity, newsid.id
from acl_entry_backup e
inner join acl_sid_backup oldsid on oldsid.id=e.sid
inner join acl_sid newsid on newsid.sid=oldsid.sid;
- dropTable:
tableName: acl_sid_backup
- dropTable:
tableName: acl_entry_backup
# Activate FK constraints
- addForeignKeyConstraint:
baseColumnNames: acl_object_identity
baseTableName: acl_entry
constraintName: FK_fhuoesmjef3mrv0gpja4shvcr
deferrable: false
initiallyDeferred: false
onDelete: NO ACTION
onUpdate: NO ACTION
referencedColumnNames: id
referencedTableName: acl_object_identity
- addForeignKeyConstraint:
baseColumnNames: sid
baseTableName: acl_entry
constraintName: FK_i6xyfccd4y3wlwhgwpo4a9rm1
deferrable: false
initiallyDeferred: false
onDelete: NO ACTION
onUpdate: NO ACTION
referencedColumnNames: id
referencedTableName: acl_sid
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment