diff --git a/cameleer3-server-app/src/main/java/com/cameleer3/server/app/rbac/RbacServiceImpl.java b/cameleer3-server-app/src/main/java/com/cameleer3/server/app/rbac/RbacServiceImpl.java index c50cc1b0..95447e41 100644 --- a/cameleer3-server-app/src/main/java/com/cameleer3/server/app/rbac/RbacServiceImpl.java +++ b/cameleer3-server-app/src/main/java/com/cameleer3/server/app/rbac/RbacServiceImpl.java @@ -54,8 +54,11 @@ public class RbacServiceImpl implements RbacService { @Override public void assignRoleToUser(String userId, UUID roleId) { - jdbc.update("INSERT INTO user_roles (user_id, role_id) VALUES (?, ?) ON CONFLICT DO NOTHING", - userId, roleId); + jdbc.update(""" + INSERT INTO user_roles (user_id, role_id, origin) + VALUES (?, ?, 'direct') + ON CONFLICT (user_id, role_id, origin) DO NOTHING + """, userId, roleId); } @Override @@ -65,8 +68,11 @@ public class RbacServiceImpl implements RbacService { @Override public void addUserToGroup(String userId, UUID groupId) { - jdbc.update("INSERT INTO user_groups (user_id, group_id) VALUES (?, ?) ON CONFLICT DO NOTHING", - userId, groupId); + jdbc.update(""" + INSERT INTO user_groups (user_id, group_id, origin) + VALUES (?, ?, 'direct') + ON CONFLICT (user_id, group_id, origin) DO NOTHING + """, userId, groupId); } @Override @@ -243,7 +249,8 @@ public class RbacServiceImpl implements RbacService { public List getDirectRolesForUser(String userId) { return jdbc.query(""" SELECT r.id, r.name, r.system FROM user_roles ur - JOIN roles r ON r.id = ur.role_id WHERE ur.user_id = ? + JOIN roles r ON r.id = ur.role_id + WHERE ur.user_id = ? AND ur.origin = 'direct' """, (rs, rowNum) -> new RoleSummary(rs.getObject("id", UUID.class), rs.getString("name"), rs.getBoolean("system"), "direct"), userId); } @@ -255,4 +262,28 @@ public class RbacServiceImpl implements RbacService { """, (rs, rowNum) -> new GroupSummary(rs.getObject("id", UUID.class), rs.getString("name")), userId); } + + @Override + public void clearManagedAssignments(String userId) { + jdbc.update("DELETE FROM user_roles WHERE user_id = ? AND origin = 'managed'", userId); + jdbc.update("DELETE FROM user_groups WHERE user_id = ? AND origin = 'managed'", userId); + } + + @Override + public void assignManagedRole(String userId, UUID roleId, UUID mappingId) { + jdbc.update(""" + INSERT INTO user_roles (user_id, role_id, origin, mapping_id) + VALUES (?, ?, 'managed', ?) + ON CONFLICT (user_id, role_id, origin) DO UPDATE SET mapping_id = EXCLUDED.mapping_id + """, userId, roleId, mappingId); + } + + @Override + public void addUserToManagedGroup(String userId, UUID groupId, UUID mappingId) { + jdbc.update(""" + INSERT INTO user_groups (user_id, group_id, origin, mapping_id) + VALUES (?, ?, 'managed', ?) + ON CONFLICT (user_id, group_id, origin) DO UPDATE SET mapping_id = EXCLUDED.mapping_id + """, userId, groupId, mappingId); + } } diff --git a/cameleer3-server-core/src/main/java/com/cameleer3/server/core/rbac/RbacService.java b/cameleer3-server-core/src/main/java/com/cameleer3/server/core/rbac/RbacService.java index 79faa28b..ab72af74 100644 --- a/cameleer3-server-core/src/main/java/com/cameleer3/server/core/rbac/RbacService.java +++ b/cameleer3-server-core/src/main/java/com/cameleer3/server/core/rbac/RbacService.java @@ -17,4 +17,7 @@ public interface RbacService { List getEffectivePrincipalsForRole(UUID roleId); List getSystemRoleNames(String userId); RbacStats getStats(); + void clearManagedAssignments(String userId); + void assignManagedRole(String userId, UUID roleId, UUID mappingId); + void addUserToManagedGroup(String userId, UUID groupId, UUID mappingId); }