Index: src/main/java/com/db/finki/www/build_board/common/enums/ProjectResourcePermissionOverrideType.java =================================================================== --- src/main/java/com/db/finki/www/build_board/common/enums/ProjectResourcePermissionOverrideType.java (revision 3e47966b86c3c00ee83e0e16eba37fac387ab5ad) +++ src/main/java/com/db/finki/www/build_board/common/enums/ProjectResourcePermissionOverrideType.java (revision 3e47966b86c3c00ee83e0e16eba37fac387ab5ad) @@ -0,0 +1,6 @@ +package com.db.finki.www.build_board.common.enums; + +public enum ProjectResourcePermissionOverrideType { + INCLUDE, + EXCLUDE, +} Index: src/main/java/com/db/finki/www/build_board/controller/channel/ChannelController.java =================================================================== --- src/main/java/com/db/finki/www/build_board/controller/channel/ChannelController.java (revision 7ed338018f24ed45615500607d86e7bc777c0a8b) +++ src/main/java/com/db/finki/www/build_board/controller/channel/ChannelController.java (revision 3e47966b86c3c00ee83e0e16eba37fac387ab5ad) @@ -1,8 +1,10 @@ package com.db.finki.www.build_board.controller.channel; +import com.db.finki.www.build_board.entity.access_managment.Permission; import com.db.finki.www.build_board.entity.channel.Channel; import com.db.finki.www.build_board.entity.thread.Project; import com.db.finki.www.build_board.entity.user_type.BBUser; import com.db.finki.www.build_board.mapper.MessageMapper; +import com.db.finki.www.build_board.service.access_managment.ProjectAccessManagementService; import com.db.finki.www.build_board.service.channel.ChannelService; import com.db.finki.www.build_board.service.channel.MessageService; @@ -25,10 +27,12 @@ private final MessageService messageService; private final ProjectService projectService; + private final ProjectAccessManagementService projectAccessManagementService; - public ChannelController(ChannelService channelService, MessageMapper messageMapper, MessageService messageService, ProjectService projectService) { + public ChannelController(ChannelService channelService, MessageMapper messageMapper, MessageService messageService, ProjectService projectService, ProjectAccessManagementService projectAccessManagementService) { this.channelService = channelService; this.messageMapper = messageMapper; this.messageService = messageService; this.projectService = projectService; + this.projectAccessManagementService = projectAccessManagementService; } @@ -49,4 +53,6 @@ ) { Channel c = (Channel) redirectAttributes.getAttribute("channel"); + + if (c == null) { c = channelService.getByNameAndProject(channelName, project); @@ -54,10 +60,18 @@ model.addAttribute("messages", messageMapper.toDTO( messageService.getAllMessagesForProjectChannel(project.getId(), channelName))); - model.addAttribute("developers",projectService.getAllDevelopersForProject(project)); + model.addAttribute("developers", projectService.getAllDevelopersForProject(project)); } else { model.addAttribute("channel", c); } + if (!projectAccessManagementService.hasPermissionToAccessResource(user.getId(), + Permission.READ, + c.getProjectResource().getId(), + project.getId() + )){ + model.addAttribute("error","You dont have permission to access this channel"); + return "redirect:/projects/" + project.getId(); + } - return "channels/show-channel"; + return "channels/show-channel"; } Index: src/main/java/com/db/finki/www/build_board/controller/channel/ChannelWebSocketController.java =================================================================== --- src/main/java/com/db/finki/www/build_board/controller/channel/ChannelWebSocketController.java (revision 7ed338018f24ed45615500607d86e7bc777c0a8b) +++ src/main/java/com/db/finki/www/build_board/controller/channel/ChannelWebSocketController.java (revision 3e47966b86c3c00ee83e0e16eba37fac387ab5ad) @@ -1,5 +1,5 @@ package com.db.finki.www.build_board.controller.channel; -import com.db.finki.www.build_board.dto.channel.MessageDTO; +import com.db.finki.www.build_board.dto.MessageDTO; import com.db.finki.www.build_board.entity.channel.Message; import com.db.finki.www.build_board.mapper.MessageMapper; Index: src/main/java/com/db/finki/www/build_board/controller/thread_controller/ProjectController.java =================================================================== --- src/main/java/com/db/finki/www/build_board/controller/thread_controller/ProjectController.java (revision 7ed338018f24ed45615500607d86e7bc777c0a8b) +++ src/main/java/com/db/finki/www/build_board/controller/thread_controller/ProjectController.java (revision 3e47966b86c3c00ee83e0e16eba37fac387ab5ad) @@ -1,6 +1,8 @@ package com.db.finki.www.build_board.controller.thread_controller; +import com.db.finki.www.build_board.dto.AddRoleDTO; import com.db.finki.www.build_board.entity.thread.Project; import com.db.finki.www.build_board.entity.user_type.BBUser; +import com.db.finki.www.build_board.service.access_managment.ProjectAccessManagementService; import com.db.finki.www.build_board.service.thread.impl.ProjectService; import com.db.finki.www.build_board.service.thread.impl.TagServiceImpl; @@ -22,8 +24,10 @@ private final TagService tagService; private final String DUPLICATED_TITLE_MSG="could not execute statement [ERROR: duplicate key value violates unique constraint"; + private final ProjectAccessManagementService projectAccessManagementService; - public ProjectController(ProjectService projectService, TagServiceImpl topicService) { + public ProjectController(ProjectService projectService, TagServiceImpl topicService, ProjectAccessManagementService projectAccessManagementService) { this.projectService = projectService; this.tagService = topicService; + this.projectAccessManagementService = projectAccessManagementService; } @@ -34,4 +38,5 @@ model.addAttribute("tags", tagService.getAll()); model.addAttribute("developers",projectService.getAllDevelopersForProject(project)); + model.addAttribute("developersRoles",projectAccessManagementService.getRolesForMembersInProject(project)); String error = (String) redirectAttributes.getAttribute("error"); @@ -47,4 +52,9 @@ return "project_pages/show-project"; } + +// @PostMapping("/{title}/roles/add") +// public String addProjectRole(@PathVariable(name = "title") String title, @RequestBody AddRoleDTO addRoleDTO, RedirectAttributes redirectAttributes) { +// +// } @GetMapping("/create") Index: src/main/java/com/db/finki/www/build_board/dto/AddRoleDTO.java =================================================================== --- src/main/java/com/db/finki/www/build_board/dto/AddRoleDTO.java (revision 3e47966b86c3c00ee83e0e16eba37fac387ab5ad) +++ src/main/java/com/db/finki/www/build_board/dto/AddRoleDTO.java (revision 3e47966b86c3c00ee83e0e16eba37fac387ab5ad) @@ -0,0 +1,19 @@ +package com.db.finki.www.build_board.dto; + +import com.db.finki.www.build_board.common.enums.ProjectResourcePermissionOverrideType; +import com.db.finki.www.build_board.entity.access_managment.Permission; +import com.db.finki.www.build_board.entity.thread.Project; +import lombok.*; + +import java.util.List; + +@Getter +@Setter +@AllArgsConstructor +@NoArgsConstructor +public class AddRoleDTO { + String name; + Project project; + List permissions; + ProjectResourcePermissionOverrideType projectResourcePermissionOverrideType; +} Index: src/main/java/com/db/finki/www/build_board/dto/MembersPerRoleWrapper.java =================================================================== --- src/main/java/com/db/finki/www/build_board/dto/MembersPerRoleWrapper.java (revision 3e47966b86c3c00ee83e0e16eba37fac387ab5ad) +++ src/main/java/com/db/finki/www/build_board/dto/MembersPerRoleWrapper.java (revision 3e47966b86c3c00ee83e0e16eba37fac387ab5ad) @@ -0,0 +1,13 @@ +package com.db.finki.www.build_board.dto; + +import com.db.finki.www.build_board.entity.access_managment.ProjectRole; +import com.db.finki.www.build_board.entity.user_type.BBUser; +import lombok.Data; + +import java.util.List; + +@Data +public class MembersPerRoleWrapper { + private ProjectRole projectRole; + List users; +} Index: src/main/java/com/db/finki/www/build_board/dto/MessageDTO.java =================================================================== --- src/main/java/com/db/finki/www/build_board/dto/MessageDTO.java (revision 3e47966b86c3c00ee83e0e16eba37fac387ab5ad) +++ src/main/java/com/db/finki/www/build_board/dto/MessageDTO.java (revision 3e47966b86c3c00ee83e0e16eba37fac387ab5ad) @@ -0,0 +1,21 @@ +package com.db.finki.www.build_board.dto; + +import lombok.AllArgsConstructor; +import lombok.Getter; +import lombok.NoArgsConstructor; +import lombok.Setter; + +import java.time.LocalDateTime; + +@NoArgsConstructor +@AllArgsConstructor +@Getter +@Setter +public class MessageDTO { + private String channelName; + private String content; + private String senderUsername; + private LocalDateTime sentAt; + private Integer projectId; + private String avatarUrl; +} Index: c/main/java/com/db/finki/www/build_board/dto/channel/MessageDTO.java =================================================================== --- src/main/java/com/db/finki/www/build_board/dto/channel/MessageDTO.java (revision 7ed338018f24ed45615500607d86e7bc777c0a8b) +++ (revision ) @@ -1,21 +1,0 @@ -package com.db.finki.www.build_board.dto.channel; - -import lombok.AllArgsConstructor; -import lombok.Getter; -import lombok.NoArgsConstructor; -import lombok.Setter; - -import java.time.LocalDateTime; - -@NoArgsConstructor -@AllArgsConstructor -@Getter -@Setter -public class MessageDTO { - private String channelName; - private String content; - private String senderUsername; - private LocalDateTime sentAt; - private Integer projectId; - private String avatarUrl; -} Index: src/main/java/com/db/finki/www/build_board/entity/access_managment/Permission.java =================================================================== --- src/main/java/com/db/finki/www/build_board/entity/access_managment/Permission.java (revision 3e47966b86c3c00ee83e0e16eba37fac387ab5ad) +++ src/main/java/com/db/finki/www/build_board/entity/access_managment/Permission.java (revision 3e47966b86c3c00ee83e0e16eba37fac387ab5ad) @@ -0,0 +1,22 @@ +package com.db.finki.www.build_board.entity.access_managment; + +import jakarta.persistence.Entity; +import jakarta.persistence.Id; +import jakarta.persistence.ManyToOne; +import jakarta.persistence.Table; +import lombok.Getter; +import lombok.Setter; + +@Table(name = "permissions") +@Entity +@Getter +@Setter +public class Permission { + @Id + String name; + + public static final String READ = "READ"; + public static final String WRITE = "WRITE"; + public static final String DELETE = "DELETE"; + public static final String CREATE = "CREATE"; +} Index: src/main/java/com/db/finki/www/build_board/entity/access_managment/ProjectResource.java =================================================================== --- src/main/java/com/db/finki/www/build_board/entity/access_managment/ProjectResource.java (revision 3e47966b86c3c00ee83e0e16eba37fac387ab5ad) +++ src/main/java/com/db/finki/www/build_board/entity/access_managment/ProjectResource.java (revision 3e47966b86c3c00ee83e0e16eba37fac387ab5ad) @@ -0,0 +1,20 @@ +package com.db.finki.www.build_board.entity.access_managment; + +import jakarta.persistence.*; +import lombok.AllArgsConstructor; +import lombok.Getter; +import lombok.NoArgsConstructor; +import lombok.Setter; + +@Getter +@Setter +@AllArgsConstructor +@NoArgsConstructor +@Entity +@Table +public class ProjectResource { + @Id + @GeneratedValue(strategy = GenerationType.SEQUENCE,generator = "project_resource_id_seq") + @SequenceGenerator(name = "project_resource_id_seq",sequenceName = "project_resource_id_seq",allocationSize=1) + int id; +} Index: src/main/java/com/db/finki/www/build_board/entity/access_managment/ProjectRole.java =================================================================== --- src/main/java/com/db/finki/www/build_board/entity/access_managment/ProjectRole.java (revision 3e47966b86c3c00ee83e0e16eba37fac387ab5ad) +++ src/main/java/com/db/finki/www/build_board/entity/access_managment/ProjectRole.java (revision 3e47966b86c3c00ee83e0e16eba37fac387ab5ad) @@ -0,0 +1,27 @@ +package com.db.finki.www.build_board.entity.access_managment; + +import com.db.finki.www.build_board.entity.compositeId.ProjectRoleId; +import com.db.finki.www.build_board.entity.thread.Project; +import jakarta.persistence.*; +import lombok.AllArgsConstructor; +import lombok.Getter; +import lombok.NoArgsConstructor; +import lombok.Setter; + +@Table(name = "project_role") +@Entity +@Getter +@Setter +@AllArgsConstructor +@NoArgsConstructor +public class ProjectRole { + @EmbeddedId + private ProjectRoleId id; + + public String getName(){ + return id.getName(); + } + public Project getProject(){ + return id.getProject(); + } +} Index: src/main/java/com/db/finki/www/build_board/entity/access_managment/ProjectRolePermission.java =================================================================== --- src/main/java/com/db/finki/www/build_board/entity/access_managment/ProjectRolePermission.java (revision 3e47966b86c3c00ee83e0e16eba37fac387ab5ad) +++ src/main/java/com/db/finki/www/build_board/entity/access_managment/ProjectRolePermission.java (revision 3e47966b86c3c00ee83e0e16eba37fac387ab5ad) @@ -0,0 +1,40 @@ +package com.db.finki.www.build_board.entity.access_managment; + +import com.db.finki.www.build_board.common.enums.ProjectResourcePermissionOverrideType; +import com.db.finki.www.build_board.entity.compositeId.ProjectRolePermissionId; +import jakarta.persistence.Column; +import jakarta.persistence.EmbeddedId; +import jakarta.persistence.Entity; +import jakarta.persistence.Table; +import lombok.AllArgsConstructor; +import lombok.Getter; +import lombok.NoArgsConstructor; +import lombok.Setter; + +@Table(name = "role_permissions") +@Entity +@AllArgsConstructor +@NoArgsConstructor +@Getter +@Setter +public class ProjectRolePermission { + @EmbeddedId + private ProjectRolePermissionId id; + + @Column(name = "override_type",nullable = false) + private String overrideType; + + public Permission getPermission() { + return id.getPermission(); + } + + public ProjectRole getProjectRole() { + return id.getProjectRole(); + } + public ProjectResourcePermissionOverrideType getOverrideType() { + return overrideType.equals(ProjectResourcePermissionOverrideType.INCLUDE.name()) ? + ProjectResourcePermissionOverrideType.INCLUDE + : ProjectResourcePermissionOverrideType.EXCLUDE; + } + +} Index: src/main/java/com/db/finki/www/build_board/entity/access_managment/ProjectRolePermissionResourceOverride.java =================================================================== --- src/main/java/com/db/finki/www/build_board/entity/access_managment/ProjectRolePermissionResourceOverride.java (revision 3e47966b86c3c00ee83e0e16eba37fac387ab5ad) +++ src/main/java/com/db/finki/www/build_board/entity/access_managment/ProjectRolePermissionResourceOverride.java (revision 3e47966b86c3c00ee83e0e16eba37fac387ab5ad) @@ -0,0 +1,30 @@ +package com.db.finki.www.build_board.entity.access_managment; + +import com.db.finki.www.build_board.entity.compositeId.ProjectRolePermissionResourceOverrideId; +import jakarta.persistence.Column; +import jakarta.persistence.EmbeddedId; +import jakarta.persistence.Entity; +import jakarta.persistence.Table; +import lombok.AllArgsConstructor; +import lombok.Getter; +import lombok.NoArgsConstructor; +import lombok.Setter; + +@Entity +@Table(name = "role_permissions_overrides") +@Getter +@Setter +@NoArgsConstructor +@AllArgsConstructor +public class ProjectRolePermissionResourceOverride { + + @EmbeddedId + private ProjectRolePermissionResourceOverrideId projectRolePermissionResourceOverrideId; + + public ProjectRolePermission getProjectRolePermission() { + return projectRolePermissionResourceOverrideId.getProjectRolePermission(); + } + public ProjectResource getProjectResource() { + return projectRolePermissionResourceOverrideId.getProjectResource(); + } +} Index: src/main/java/com/db/finki/www/build_board/entity/access_managment/UsersProjectRoles.java =================================================================== --- src/main/java/com/db/finki/www/build_board/entity/access_managment/UsersProjectRoles.java (revision 3e47966b86c3c00ee83e0e16eba37fac387ab5ad) +++ src/main/java/com/db/finki/www/build_board/entity/access_managment/UsersProjectRoles.java (revision 3e47966b86c3c00ee83e0e16eba37fac387ab5ad) @@ -0,0 +1,22 @@ +package com.db.finki.www.build_board.entity.access_managment; + +import com.db.finki.www.build_board.entity.compositeId.UsersProjectRolesId; +import com.db.finki.www.build_board.entity.user_type.BBUser; +import jakarta.persistence.EmbeddedId; +import jakarta.persistence.Entity; +import jakarta.persistence.Table; + +@Entity +@Table(name = "users_project_roles") +public class UsersProjectRoles { + @EmbeddedId + UsersProjectRolesId id; + + public ProjectRole getProjectRole() { + return id.getRole(); + } + public BBUser getUser() { + return id.getUser(); + } + +} Index: src/main/java/com/db/finki/www/build_board/entity/channel/Channel.java =================================================================== --- src/main/java/com/db/finki/www/build_board/entity/channel/Channel.java (revision 7ed338018f24ed45615500607d86e7bc777c0a8b) +++ src/main/java/com/db/finki/www/build_board/entity/channel/Channel.java (revision 3e47966b86c3c00ee83e0e16eba37fac387ab5ad) @@ -1,4 +1,5 @@ package com.db.finki.www.build_board.entity.channel; +import com.db.finki.www.build_board.entity.access_managment.ProjectResource; import com.db.finki.www.build_board.entity.compositeId.ChannelId; import com.db.finki.www.build_board.entity.thread.Project; @@ -15,5 +16,4 @@ @Setter @IdClass(ChannelId.class) -@AllArgsConstructor @NoArgsConstructor public class Channel { @@ -32,3 +32,14 @@ @JoinColumn(name = "developer_id",referencedColumnName = "id",nullable = false) private Developer developer; + + @ManyToOne + @JoinColumn(name = "project_resource_id",referencedColumnName = "id") + private ProjectResource projectResource; + + public Channel(String name, Project project, String description, Developer developer) { + this.name = name; + this.project = project; + this.description = description; + this.developer = developer; + } } Index: src/main/java/com/db/finki/www/build_board/entity/compositeId/ChannelId.java =================================================================== --- src/main/java/com/db/finki/www/build_board/entity/compositeId/ChannelId.java (revision 7ed338018f24ed45615500607d86e7bc777c0a8b) +++ src/main/java/com/db/finki/www/build_board/entity/compositeId/ChannelId.java (revision 3e47966b86c3c00ee83e0e16eba37fac387ab5ad) @@ -4,4 +4,5 @@ import lombok.Getter; import lombok.NoArgsConstructor; +import lombok.Setter; import org.springframework.stereotype.Service; @@ -9,5 +10,5 @@ @Getter -@Service +@Setter @AllArgsConstructor @NoArgsConstructor Index: src/main/java/com/db/finki/www/build_board/entity/compositeId/ProjectRoleId.java =================================================================== --- src/main/java/com/db/finki/www/build_board/entity/compositeId/ProjectRoleId.java (revision 3e47966b86c3c00ee83e0e16eba37fac387ab5ad) +++ src/main/java/com/db/finki/www/build_board/entity/compositeId/ProjectRoleId.java (revision 3e47966b86c3c00ee83e0e16eba37fac387ab5ad) @@ -0,0 +1,20 @@ +package com.db.finki.www.build_board.entity.compositeId; + +import com.db.finki.www.build_board.entity.thread.Project; +import jakarta.persistence.*; +import lombok.AllArgsConstructor; +import lombok.Getter; +import lombok.NoArgsConstructor; +import lombok.Setter; + +@Getter +@Setter +@Embeddable +@AllArgsConstructor +@NoArgsConstructor +public class ProjectRoleId { + String name; + @ManyToOne + @JoinColumn(name = "project_id",referencedColumnName = "id") + Project project; +} Index: src/main/java/com/db/finki/www/build_board/entity/compositeId/ProjectRolePermissionId.java =================================================================== --- src/main/java/com/db/finki/www/build_board/entity/compositeId/ProjectRolePermissionId.java (revision 3e47966b86c3c00ee83e0e16eba37fac387ab5ad) +++ src/main/java/com/db/finki/www/build_board/entity/compositeId/ProjectRolePermissionId.java (revision 3e47966b86c3c00ee83e0e16eba37fac387ab5ad) @@ -0,0 +1,48 @@ +package com.db.finki.www.build_board.entity.compositeId; + + +import com.db.finki.www.build_board.entity.access_managment.Permission; +import com.db.finki.www.build_board.entity.access_managment.ProjectRole; +import jakarta.persistence.Embeddable; +import jakarta.persistence.ManyToOne; + +import jakarta.persistence.*; +import lombok.AllArgsConstructor; +import lombok.Getter; +import lombok.NoArgsConstructor; + +import java.io.Serializable; +import java.util.Objects; + +@Embeddable +@Getter +@AllArgsConstructor +@NoArgsConstructor +public class ProjectRolePermissionId implements Serializable { + + @ManyToOne + @JoinColumn(name = "permission_name", referencedColumnName = "name") + private Permission permission; + + @ManyToOne + @JoinColumns({ + @JoinColumn(name = "role_name", referencedColumnName = "name"), + @JoinColumn(name = "project_id", referencedColumnName = "project_id") + }) + private ProjectRole projectRole; + + + @Override + public boolean equals(Object o) { + if (this == o) return true; + if (!(o instanceof ProjectRolePermissionId that)) return false; + return Objects.equals(permission, that.permission) && + Objects.equals(projectRole, that.projectRole); + } + + @Override + public int hashCode() { + return Objects.hash(permission, projectRole); + } +} + Index: src/main/java/com/db/finki/www/build_board/entity/compositeId/ProjectRolePermissionResourceOverrideId.java =================================================================== --- src/main/java/com/db/finki/www/build_board/entity/compositeId/ProjectRolePermissionResourceOverrideId.java (revision 3e47966b86c3c00ee83e0e16eba37fac387ab5ad) +++ src/main/java/com/db/finki/www/build_board/entity/compositeId/ProjectRolePermissionResourceOverrideId.java (revision 3e47966b86c3c00ee83e0e16eba37fac387ab5ad) @@ -0,0 +1,41 @@ +package com.db.finki.www.build_board.entity.compositeId; + +import com.db.finki.www.build_board.entity.access_managment.ProjectResource; +import com.db.finki.www.build_board.entity.access_managment.ProjectRolePermission; +import jakarta.persistence.*; +import lombok.AllArgsConstructor; +import lombok.Getter; +import lombok.NoArgsConstructor; +import lombok.Setter; + +import java.util.Objects; + +@Embeddable +@Getter +@Setter +@AllArgsConstructor +@NoArgsConstructor +public class ProjectRolePermissionResourceOverrideId { + @ManyToOne(optional = false) + @JoinColumns({ + @JoinColumn(name = "role_name",referencedColumnName = "role_name"), + @JoinColumn(name = "project_id",referencedColumnName = "project_id"), + @JoinColumn(name = "permission_name",referencedColumnName = "permission_name") + }) + private ProjectRolePermission projectRolePermission; + @ManyToOne(optional = false) + @JoinColumn(name = "project_resource_id",referencedColumnName = "id") + private ProjectResource projectResource; + + @Override + public boolean equals(Object o) { + if (o == null || getClass() != o.getClass()) return false; + ProjectRolePermissionResourceOverrideId that = (ProjectRolePermissionResourceOverrideId) o; + return Objects.equals(projectRolePermission, that.projectRolePermission) && Objects.equals(projectResource, that.projectResource); + } + + @Override + public int hashCode() { + return Objects.hash(projectRolePermission, projectResource); + } +} Index: src/main/java/com/db/finki/www/build_board/entity/compositeId/UsersProjectRolesId.java =================================================================== --- src/main/java/com/db/finki/www/build_board/entity/compositeId/UsersProjectRolesId.java (revision 3e47966b86c3c00ee83e0e16eba37fac387ab5ad) +++ src/main/java/com/db/finki/www/build_board/entity/compositeId/UsersProjectRolesId.java (revision 3e47966b86c3c00ee83e0e16eba37fac387ab5ad) @@ -0,0 +1,30 @@ +package com.db.finki.www.build_board.entity.compositeId; + +import com.db.finki.www.build_board.entity.access_managment.ProjectRole; +import com.db.finki.www.build_board.entity.user_type.BBUser; +import jakarta.persistence.Embeddable; +import jakarta.persistence.JoinColumn; +import jakarta.persistence.JoinColumns; +import jakarta.persistence.ManyToOne; +import lombok.AllArgsConstructor; +import lombok.Getter; +import lombok.NoArgsConstructor; +import lombok.Setter; + +@Embeddable +@Getter +@Setter +@AllArgsConstructor +@NoArgsConstructor +public class UsersProjectRolesId { + @ManyToOne + @JoinColumns({ + @JoinColumn(name = "project_id", referencedColumnName = "project_id"), + @JoinColumn(name = "role_name", referencedColumnName = "name") + }) + ProjectRole role; + @ManyToOne + @JoinColumn(name = "user_id",referencedColumnName = "id") + BBUser user; + +} Index: src/main/java/com/db/finki/www/build_board/mapper/MessageMapper.java =================================================================== --- src/main/java/com/db/finki/www/build_board/mapper/MessageMapper.java (revision 7ed338018f24ed45615500607d86e7bc777c0a8b) +++ src/main/java/com/db/finki/www/build_board/mapper/MessageMapper.java (revision 3e47966b86c3c00ee83e0e16eba37fac387ab5ad) @@ -1,5 +1,5 @@ package com.db.finki.www.build_board.mapper; -import com.db.finki.www.build_board.dto.channel.MessageDTO; +import com.db.finki.www.build_board.dto.MessageDTO; import com.db.finki.www.build_board.entity.channel.Message; import com.db.finki.www.build_board.entity.thread.Project; Index: src/main/java/com/db/finki/www/build_board/repository/access_managment/ProjectRolePermissionRepository.java =================================================================== --- src/main/java/com/db/finki/www/build_board/repository/access_managment/ProjectRolePermissionRepository.java (revision 3e47966b86c3c00ee83e0e16eba37fac387ab5ad) +++ src/main/java/com/db/finki/www/build_board/repository/access_managment/ProjectRolePermissionRepository.java (revision 3e47966b86c3c00ee83e0e16eba37fac387ab5ad) @@ -0,0 +1,29 @@ +package com.db.finki.www.build_board.repository.access_managment; + +import com.db.finki.www.build_board.entity.access_managment.ProjectRole; +import com.db.finki.www.build_board.entity.access_managment.ProjectRolePermission; +import com.db.finki.www.build_board.entity.compositeId.ProjectRolePermissionId; +import org.springframework.data.jpa.repository.JpaRepository; +import org.springframework.data.jpa.repository.Query; +import org.springframework.stereotype.Repository; + +import java.util.List; + +@Repository +public interface ProjectRolePermissionRepository extends JpaRepository { + List findByIdProjectRole(ProjectRole projectRole); + + @Query(nativeQuery = true,value = """ + SELECT EXISTS ( + SELECT upr.role_name,upr.project_id FROM users_project_roles upr + JOIN role_permissions prp + ON prp.project_id = upr.project_id AND prp.role_name = upr.role_name + WHERE upr.user_id = :userId + AND prp.project_id = :projectId + AND prp.permission_name = :permissionName + AND prp.project_resource_id = :resourceId + ) + """) + boolean isAuthorizedToPerformActionOnResource(int projectId,int userId,String permissionName,int resourceId); + +} Index: src/main/java/com/db/finki/www/build_board/repository/access_managment/ProjectRolePermissionResourceOverrideRepository.java =================================================================== --- src/main/java/com/db/finki/www/build_board/repository/access_managment/ProjectRolePermissionResourceOverrideRepository.java (revision 3e47966b86c3c00ee83e0e16eba37fac387ab5ad) +++ src/main/java/com/db/finki/www/build_board/repository/access_managment/ProjectRolePermissionResourceOverrideRepository.java (revision 3e47966b86c3c00ee83e0e16eba37fac387ab5ad) @@ -0,0 +1,46 @@ +package com.db.finki.www.build_board.repository.access_managment; + +import com.db.finki.www.build_board.entity.access_managment.ProjectRolePermissionResourceOverride; +import com.db.finki.www.build_board.entity.compositeId.ProjectRolePermissionResourceOverrideId; +import org.springframework.data.jpa.repository.JpaRepository; +import org.springframework.data.jpa.repository.Query; +import org.springframework.stereotype.Repository; + +@Repository +public interface ProjectRolePermissionResourceOverrideRepository extends JpaRepository { + + @Query(value = """ + SELECT COALESCE(( + SELECT + CASE + WHEN rp.override_type = 'INCLUDE' + THEN EXISTS ( + SELECT 1 + FROM role_permissions_overrides rpo + WHERE rpo.role_name = rp.role_name + AND rpo.project_id = rp.project_id + AND rpo.permission_name = rp.permission_name + AND rpo.project_resource_id = :resource_id + ) + WHEN rp.override_type = 'EXCLUDE' + THEN NOT EXISTS ( + SELECT 1 + FROM role_permissions_overrides rpo + WHERE rpo.role_name = rp.role_name + AND rpo.project_id = rp.project_id + AND rpo.permission_name = rp.permission_name + AND rpo.project_resource_id = :resource_id + ) + END + FROM users_project_roles upr + JOIN role_permissions rp + ON upr.role_name = rp.role_name + AND upr.project_id = rp.project_id + WHERE upr.user_id = :user_id + AND rp.project_id = :project_id + AND rp.permission_name = :permission_name + LIMIT 1 + ), FALSE) AS has_access; + """, nativeQuery = true) + boolean hasPermissionForResource(int projectId,int userId,String permissionName,int resourceId); +} Index: src/main/java/com/db/finki/www/build_board/repository/access_managment/ProjectRoleRepository.java =================================================================== --- src/main/java/com/db/finki/www/build_board/repository/access_managment/ProjectRoleRepository.java (revision 3e47966b86c3c00ee83e0e16eba37fac387ab5ad) +++ src/main/java/com/db/finki/www/build_board/repository/access_managment/ProjectRoleRepository.java (revision 3e47966b86c3c00ee83e0e16eba37fac387ab5ad) @@ -0,0 +1,14 @@ +package com.db.finki.www.build_board.repository.access_managment; + +import com.db.finki.www.build_board.entity.access_managment.ProjectRole; +import com.db.finki.www.build_board.entity.compositeId.ProjectRoleId; +import com.db.finki.www.build_board.entity.thread.Project; +import org.springframework.data.jpa.repository.JpaRepository; +import org.springframework.stereotype.Repository; + +import java.util.List; + +@Repository +public interface ProjectRoleRepository extends JpaRepository { + List findByIdProject(Project project); +} Index: src/main/java/com/db/finki/www/build_board/repository/access_managment/UserProjectRoleRepository.java =================================================================== --- src/main/java/com/db/finki/www/build_board/repository/access_managment/UserProjectRoleRepository.java (revision 3e47966b86c3c00ee83e0e16eba37fac387ab5ad) +++ src/main/java/com/db/finki/www/build_board/repository/access_managment/UserProjectRoleRepository.java (revision 3e47966b86c3c00ee83e0e16eba37fac387ab5ad) @@ -0,0 +1,16 @@ +package com.db.finki.www.build_board.repository.access_managment; + +import com.db.finki.www.build_board.entity.access_managment.ProjectRole; +import com.db.finki.www.build_board.entity.access_managment.UsersProjectRoles; +import com.db.finki.www.build_board.entity.compositeId.UsersProjectRolesId; +import com.db.finki.www.build_board.entity.thread.Project; +import com.db.finki.www.build_board.entity.user_type.BBUser; +import org.springframework.data.jpa.repository.JpaRepository; +import org.springframework.stereotype.Repository; + +import java.util.List; + +@Repository +public interface UserProjectRoleRepository extends JpaRepository { + List findByIdRoleIdProject(Project project); +} Index: src/main/java/com/db/finki/www/build_board/service/access_managment/ProjectAccessManagementService.java =================================================================== --- src/main/java/com/db/finki/www/build_board/service/access_managment/ProjectAccessManagementService.java (revision 3e47966b86c3c00ee83e0e16eba37fac387ab5ad) +++ src/main/java/com/db/finki/www/build_board/service/access_managment/ProjectAccessManagementService.java (revision 3e47966b86c3c00ee83e0e16eba37fac387ab5ad) @@ -0,0 +1,64 @@ +package com.db.finki.www.build_board.service.access_managment; + +import com.db.finki.www.build_board.dto.AddRoleDTO; +import com.db.finki.www.build_board.dto.MembersPerRoleWrapper; +import com.db.finki.www.build_board.entity.access_managment.ProjectRole; +import com.db.finki.www.build_board.entity.access_managment.ProjectRolePermission; +import com.db.finki.www.build_board.entity.access_managment.UsersProjectRoles; +import com.db.finki.www.build_board.entity.compositeId.ProjectRoleId; +import com.db.finki.www.build_board.entity.compositeId.ProjectRolePermissionId; +import com.db.finki.www.build_board.entity.thread.Project; +import com.db.finki.www.build_board.repository.DeveloperRepository; +import com.db.finki.www.build_board.repository.access_managment.ProjectRolePermissionResourceOverrideRepository; +import com.db.finki.www.build_board.repository.access_managment.ProjectRoleRepository; +import com.db.finki.www.build_board.repository.access_managment.ProjectRolePermissionRepository; +import com.db.finki.www.build_board.repository.access_managment.UserProjectRoleRepository; +import jakarta.transaction.Transactional; +import org.springframework.stereotype.Service; + +import java.util.ArrayList; +import java.util.List; +import java.util.stream.Collectors; + +@Service +public class ProjectAccessManagementService { + + private final ProjectRoleRepository projectRoleRepository; + private final ProjectRolePermissionRepository projectRolePermissionRepository; + private final ProjectRolePermissionResourceOverrideRepository projectRolePermissionResourceOverrideRepository; + private final UserProjectRoleRepository userProjectRoleRepository; + + public ProjectAccessManagementService(ProjectRoleRepository projectRoleRepository, + ProjectRolePermissionRepository projectRolePermissionRepository, + ProjectRolePermissionResourceOverrideRepository projectRolePermissionResourceOverrideRepository, UserProjectRoleRepository userProjectRoleRepository) { + this.projectRoleRepository = projectRoleRepository; + this.projectRolePermissionResourceOverrideRepository = projectRolePermissionResourceOverrideRepository; + this.projectRolePermissionRepository = projectRolePermissionRepository; + this.userProjectRoleRepository = userProjectRoleRepository; + } + + public boolean hasPermissionToAccessResource(int userId, String permission, int resourceId, int projectId) { + return projectRolePermissionResourceOverrideRepository.hasPermissionForResource(projectId,userId, permission, resourceId); + } + + public List getRolesForMembersInProject(Project project){ + return userProjectRoleRepository.findByIdRoleIdProject(project); + + } + + @Transactional + public void addRole(AddRoleDTO addRoleDTO) { + ProjectRole projectRole = new ProjectRole(new ProjectRoleId(addRoleDTO.getName(),addRoleDTO.getProject())); + projectRoleRepository.save(projectRole); + + List projectRolePermissions = addRoleDTO + .getPermissions() + .stream() + .map(permission -> + new ProjectRolePermission(new ProjectRolePermissionId(permission,projectRole), + addRoleDTO.getProjectResourcePermissionOverrideType().name())).toList(); + + projectRolePermissionRepository.saveAll(projectRolePermissions); + + } +} Index: src/main/java/com/db/finki/www/build_board/service/channel/MessageService.java =================================================================== --- src/main/java/com/db/finki/www/build_board/service/channel/MessageService.java (revision 7ed338018f24ed45615500607d86e7bc777c0a8b) +++ src/main/java/com/db/finki/www/build_board/service/channel/MessageService.java (revision 3e47966b86c3c00ee83e0e16eba37fac387ab5ad) @@ -1,5 +1,5 @@ package com.db.finki.www.build_board.service.channel; -import com.db.finki.www.build_board.dto.channel.MessageDTO; +import com.db.finki.www.build_board.dto.MessageDTO; import com.db.finki.www.build_board.entity.channel.Message; import com.db.finki.www.build_board.mapper.MessageMapper; Index: src/main/resources/db/migration/V1__init_ddl.sql =================================================================== --- src/main/resources/db/migration/V1__init_ddl.sql (revision 7ed338018f24ed45615500607d86e7bc777c0a8b) +++ src/main/resources/db/migration/V1__init_ddl.sql (revision 3e47966b86c3c00ee83e0e16eba37fac387ab5ad) @@ -22,5 +22,5 @@ DROP TABLE IF EXISTS project_roles CASCADE; DROP TABLE IF EXISTS users_project_roles CASCADE; -DROP TABLE IF EXISTS project_roles_permissions CASCADE; +DROP TABLE IF EXISTS role_permissions CASCADE; DROP TABLE IF EXISTS project_request CASCADE; DROP TABLE IF EXISTS report CASCADE; @@ -50,8 +50,8 @@ ( id SERIAL PRIMARY KEY, - username VARCHAR(32) UNIQUE NOT NULL, - email varchar(60) not null, - name varchar(32) not null, - is_activate bool DEFAULT true, + username VARCHAR(32) UNIQUE NOT NULL, + email varchar(60) not null, + name varchar(32) not null, + is_activate bool DEFAULT true, password VARCHAR(72), description VARCHAR(200), @@ -73,8 +73,8 @@ CREATE TABLE thread ( - id SERIAL PRIMARY KEY, - content TEXT, - created_at timestamp DEFAULT NOW() NOT NULL, - user_id INT REFERENCES users (id) NOT NULL --IS_CREATED_BY TOTAL + id SERIAL PRIMARY KEY, + content TEXT, + created_at timestamp DEFAULT NOW() NOT NULL, + user_id INT REFERENCES users (id) NOT NULL --IS_CREATED_BY TOTAL ); CREATE TABLE project_thread @@ -84,6 +84,7 @@ id INT PRIMARY KEY REFERENCES thread (id) on delete cascade --INHERITANCE ); -create table embeddable_thread( - id int primary key references thread(id) on delete cascade +create table embeddable_thread +( + id int primary key references thread (id) on delete cascade ); @@ -91,11 +92,11 @@ ( title VARCHAR(256) NOT NULL, - id INT PRIMARY KEY REFERENCES embeddable_thread(id) on delete cascade, --INHERITANCE - parent_id int REFERENCES project_thread(id) on delete CASCADE --PARENT + id INT PRIMARY KEY REFERENCES embeddable_thread (id) on delete cascade, --INHERITANCE + parent_id int REFERENCES project_thread (id) on delete CASCADE --PARENT ); create table topic_guidelines ( id serial, - topic_id int references topic_thread(id) on delete cascade, + topic_id int references topic_thread (id) on delete cascade, description text, PRIMARY KEY (id, topic_id) @@ -103,6 +104,6 @@ CREATE TABLE discussion_thread ( - id INT PRIMARY KEY REFERENCES embeddable_thread(id) on delete cascade, --INHERITANCE, - parent_id int REFERENCES embeddable_thread(id) NOT NULL --on delete CASCADE ne tuku preku trigger PARENT TOTAL BIGINT + id INT PRIMARY KEY REFERENCES embeddable_thread (id) on delete cascade, --INHERITANCE, + parent_id int REFERENCES embeddable_thread (id) NOT NULL --on delete CASCADE ne tuku preku trigger PARENT TOTAL BIGINT ); @@ -115,6 +116,6 @@ CREATE TABLE topic_threads_moderators ( - thread_id INT REFERENCES topic_thread(id) ON DELETE CASCADE, - user_id INT REFERENCES moderator(id) ON DELETE CASCADE, + thread_id INT REFERENCES topic_thread (id) ON DELETE CASCADE, + user_id INT REFERENCES moderator (id) ON DELETE CASCADE, started_at TIMESTAMP DEFAULT NOW() NOT NULL, PRIMARY KEY (thread_id, user_id) @@ -122,6 +123,6 @@ CREATE TABLE tag ( - name VARCHAR(64) PRIMARY KEY, - creator_id int REFERENCES moderator(id) on delete CASCADE not null + name VARCHAR(64) PRIMARY KEY, + creator_id int REFERENCES moderator (id) on delete CASCADE not null ); CREATE TABLE tag_threads @@ -134,7 +135,7 @@ CREATE TABLE blacklisted_user ( - topic_id INT REFERENCES topic_thread(id) ON DELETE CASCADE, --BLACLISTED_FROM - user_id INT REFERENCES users(id) ON DELETE CASCADE, --REFERS_TO - moderator_id INT REFERENCES moderator(id) ON DELETE CASCADE, --BLACKLISTED_BY + topic_id INT REFERENCES topic_thread (id) ON DELETE CASCADE, --BLACLISTED_FROM + user_id INT REFERENCES users (id) ON DELETE CASCADE, --REFERS_TO + moderator_id INT REFERENCES moderator (id) ON DELETE CASCADE, --BLACKLISTED_BY start_date TIMESTAMP, end_date TIMESTAMP, @@ -145,6 +146,6 @@ CREATE TABLE developer_associated_with_project ( - project_id INT REFERENCES project_thread(id) on delete cascade, - developer_id INT REFERENCES developer(id) on delete cascade, + project_id INT REFERENCES project_thread (id) on delete cascade, + developer_id INT REFERENCES developer (id) on delete cascade, started_at TIMESTAMP DEFAULT NOW() NOT NULL, ended_at TIMESTAMP, @@ -157,27 +158,42 @@ ); -CREATE TABLE project_resource ( +CREATE TABLE project_resource +( id serial primary key ); -create table project_role ( - name varchar(32) NOT NULL, - project_id int references project_thread(id) ON DELETE CASCADE, - PRIMARY KEY (name,project_id) -); - -CREATE TABLE project_roles_permissions +create table project_role +( + name varchar(32) NOT NULL, + project_id int references project_thread (id) ON DELETE CASCADE, + PRIMARY KEY (name, project_id) +); + +CREATE TABLE role_permissions ( permission_name VARCHAR(32) REFERENCES permissions (name), role_name VARCHAR(32), project_id INT, - project_resource_id int references project_resource(id), + override_type varchar(20) check ( override_type in ('INCLUDE','EXCLUDE')) NOT NULL, FOREIGN KEY (role_name, project_id) REFERENCES project_role (name, project_id) ON DELETE CASCADE, - PRIMARY KEY (permission_name, role_name, project_id,project_resource_id) + PRIMARY KEY (permission_name, role_name, project_id) +); + +-- ova sa exceptions, primer ako vo role permissions imat entry ("READ","GUEST",5), +-- a vo roles_permissions overrides imat ("READ","GUEST",5,3) kade 3 da recime deka e Channel3 +-- togas role GUEST mozit da citat vo site kanali osven Channel3 +CREATE TABLE role_permissions_overrides +( + permission_name VARCHAR(32) REFERENCES permissions (name) NOT NULL, + role_name VARCHAR(32) NOT NULL, + project_id INT NOT NULL, + project_resource_id int references project_resource(id) NOT NULL, + FOREIGN KEY (role_name, project_id,permission_name) REFERENCES role_permissions (role_name,project_id,permission_name) ON DELETE CASCADE, + PRIMARY KEY (role_name,project_id,permission_name,project_resource_id) ); CREATE TABLE users_project_roles ( - user_id INT REFERENCES developer(id) on delete cascade, + user_id INT REFERENCES developer (id) on delete cascade, project_id INT, role_name VARCHAR(32), @@ -187,39 +203,41 @@ -create table submission( - id serial primary key, - created_at TIMESTAMP default now() not null, - description VARCHAR(200) NOT NULL, - status varchar(32) default 'PENDING' CHECK(status IN ( 'ACCEPTED', 'DENIED', 'PENDING')) NOT NULL, - created_by int REFERENCES users(id) not null +create table submission +( + id serial primary key, + created_at TIMESTAMP default now() not null, + description VARCHAR(200) NOT NULL, + status varchar(32) default 'PENDING' CHECK (status IN ('ACCEPTED', 'DENIED', 'PENDING')) NOT NULL, + created_by int REFERENCES users (id) not null ); CREATE TABLE project_request ( - id int PRIMARY KEY REFERENCES submission(id), - project_id INT REFERENCES thread (id) ON DELETE CASCADE NOT NULL --RECIEVES -); - -create table feedback ( - description TEXT, - submission_type varchar(1) CHECK(submission_type IN ('P','R')), - created_at timestamp default now() not null, - created_by int references users(id) NOT NULL, --WRITTEN_BY - submission_id int PRIMARY KEY references submission(id) on delete cascade + id int PRIMARY KEY REFERENCES submission (id), + project_id INT REFERENCES thread (id) ON DELETE CASCADE NOT NULL --RECIEVES +); + +create table feedback +( + description TEXT, + submission_type varchar(1) CHECK (submission_type IN ('P', 'R')), + created_at timestamp default now() not null, + created_by int references users (id) NOT NULL, --WRITTEN_BY + submission_id int PRIMARY KEY references submission (id) on delete cascade ); CREATE TABLE report ( - id int PRIMARY KEY REFERENCES submission(id), - thread_id INT REFERENCES topic_thread(id) on delete cascade not null, --FOR_MISCONDUCT - for_user_id INT REFERENCES users (id) on delete cascade not null --ABOUT + id int PRIMARY KEY REFERENCES submission (id), + thread_id INT REFERENCES topic_thread (id) on delete cascade not null, --FOR_MISCONDUCT + for_user_id INT REFERENCES users (id) on delete cascade not null --ABOUT ); CREATE TABLE channel ( - name VARCHAR(64), - description VARCHAR(200), - project_id INT REFERENCES project_thread(id) ON DELETE CASCADE NOT NULL, --HAS - project_resource_id INT REFERENCES project_resource(id) UNIQUE NOT NULL, - developer_id INT REFERENCES developer(id) NOT NULL, --CONSTRUCTS + name VARCHAR(64), + description VARCHAR(200), + project_id INT REFERENCES project_thread (id) ON DELETE CASCADE NOT NULL, --HAS + project_resource_id INT REFERENCES project_resource (id) UNIQUE NOT NULL, + developer_id INT REFERENCES developer (id) NOT NULL, --CONSTRUCTS PRIMARY KEY (name, project_id) ); @@ -228,5 +246,5 @@ sent_at TIMESTAMP, content VARCHAR(200) NOT NULL, - sent_by INT REFERENCES developer(id), + sent_by INT REFERENCES developer (id), project_id INT, channel_name VARCHAR(64), Index: src/main/resources/db/migration/V2__triggers_ddl.sql =================================================================== --- src/main/resources/db/migration/V2__triggers_ddl.sql (revision 7ed338018f24ed45615500607d86e7bc777c0a8b) +++ src/main/resources/db/migration/V2__triggers_ddl.sql (revision 3e47966b86c3c00ee83e0e16eba37fac387ab5ad) @@ -243,8 +243,2 @@ for each row execute function fn_add_project_resource(); - -create or replace trigger tr_add_project_resource_project_roles_permissions - before insert - on project_roles_permissions - for each row -execute function fn_add_project_resource(); Index: src/main/resources/db/migration/V3__add_test_data.sql =================================================================== --- src/main/resources/db/migration/V3__add_test_data.sql (revision 7ed338018f24ed45615500607d86e7bc777c0a8b) +++ src/main/resources/db/migration/V3__add_test_data.sql (revision 3e47966b86c3c00ee83e0e16eba37fac387ab5ad) @@ -80,10 +80,10 @@ (5, 5, 'Developer'); -INSERT INTO project_roles_permissions (permission_name, role_name, project_id) -VALUES - ('READ', 'Admin', 5), - ('WRITE', 'Admin', 5), - ('CREATE','Admin',5), - ('DELETE','Admin',5); +INSERT INTO role_permissions (permission_name, role_name, project_id,override_type) +VALUES + ('READ', 'Admin', 5,'EXCLUDE'), + ('WRITE', 'Admin', 5,'EXCLUDE'), + ('CREATE','Admin',5,'EXCLUDE'), + ('DELETE','Admin',5,'EXCLUDE'); insert into submission(created_by,status,description)