fix: remove role permissions before removing the role

terrestris · Jun 13, 2024 · 3b596b4 · 3b596b4
1 parent 8179ef7
commit 3b596b4
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 33 deletions.
diff --git a/...n/java/de/terrestris/shogun/lib/security/access/entity/BaseEntityPermissionEvaluator.java b/...n/java/de/terrestris/shogun/lib/security/access/entity/BaseEntityPermissionEvaluator.java
@@ -23,7 +23,6 @@
 import de.terrestris.shogun.lib.model.User;
 import de.terrestris.shogun.lib.model.security.permission.*;
 import de.terrestris.shogun.lib.repository.BaseCrudRepository;
-import de.terrestris.shogun.lib.repository.RoleRepository;
 import de.terrestris.shogun.lib.service.security.permission.*;
 import de.terrestris.shogun.lib.service.security.provider.GroupProviderService;
 import de.terrestris.shogun.lib.service.security.provider.RoleProviderService;
@@ -52,32 +51,29 @@ public abstract class BaseEntityPermissionEvaluator<E extends BaseEntity> implem
     protected GroupInstancePermissionService groupInstancePermissionService;
 
     @Autowired
-    protected UserClassPermissionService userClassPermissionService;
+    protected RoleInstancePermissionService roleInstancePermissionService;
 
     @Autowired
-    protected GroupClassPermissionService groupClassPermissionService;
+    protected UserClassPermissionService userClassPermissionService;
 
     @Autowired
-    protected GroupProviderService<UserRepresentation, GroupRepresentation> groupProviderService;
+    protected GroupClassPermissionService groupClassPermissionService;
 
     @Autowired
-    protected RoleProviderService roleProviderService;
+    protected RoleClassPermissionService roleClassPermissionService;
 
     @Autowired
-    protected RoleInstancePermissionService roleInstancePermissionService;
+    protected GroupProviderService<UserRepresentation, GroupRepresentation> groupProviderService;
 
     @Autowired
-    protected RoleClassPermissionService roleClassPermissionService;
+    protected RoleProviderService roleProviderService;
 
     @Autowired
     private PublicInstancePermissionService publicInstancePermissionService;
 
     @Autowired
     protected List<BaseCrudRepository> baseCrudRepositories;
 
-    @Autowired
-    protected RoleRepository roleRepository;
-
     @Override
     public Class<E> getEntityClassName() {
         return (Class<E>) GenericTypeResolver.resolveTypeArgument(getClass(), BaseEntityPermissionEvaluator.class);
@@ -203,7 +199,6 @@ public boolean hasPermission(User user, Class<?> clazz, PermissionType permissio
         log.trace("Evaluating whether user with ID '{}' has permission '{}' on class '{}'",
             user.getId(), permission, clazz.getCanonicalName());
 
-
         Optional<UserClassPermission> userClassPermission = userClassPermissionService.findFor((Class<? extends BaseEntity>) clazz, user);
         Optional<GroupClassPermission> groupClassPermission = groupClassPermissionService.findFor((Class<? extends BaseEntity>) clazz, user);
 

diff --git a/shogun-lib/src/main/java/de/terrestris/shogun/lib/service/BaseService.java b/shogun-lib/src/main/java/de/terrestris/shogun/lib/service/BaseService.java
@@ -27,6 +27,7 @@
 import de.terrestris.shogun.lib.security.access.entity.BaseEntityPermissionEvaluator;
 import de.terrestris.shogun.lib.security.access.entity.DefaultPermissionEvaluator;
 import de.terrestris.shogun.lib.service.security.permission.GroupInstancePermissionService;
+import de.terrestris.shogun.lib.service.security.permission.RoleInstancePermissionService;
 import de.terrestris.shogun.lib.service.security.permission.UserInstancePermissionService;
 import de.terrestris.shogun.lib.service.security.provider.UserProviderService;
 import lombok.extern.log4j.Log4j2;
@@ -73,6 +74,10 @@ public abstract class BaseService<T extends BaseCrudRepository<S, Long> & JpaSpe
     @Lazy
     protected GroupInstancePermissionService groupInstancePermissionService;
 
+    @Autowired
+    @Lazy
+    protected RoleInstancePermissionService roleInstancePermissionService;
+
     @Autowired
     @Lazy
     protected UserProviderService userProviderService;
@@ -183,10 +188,13 @@ public S updatePartial(S entity, JsonMergePatch patch) throws IOException, JsonP
     @PreAuthorize("hasRole('ROLE_ADMIN') or hasPermission(#entity, 'DELETE')")
     @Transactional(isolation = Isolation.SERIALIZABLE)
     public void delete(S entity) {
+        // TODO What about the class permissions?
         userInstancePermissionService.deleteAllFor(entity);
 
         groupInstancePermissionService.deleteAllFor(entity);
 
+        roleInstancePermissionService.deleteAllFor(entity);
+
         repository.delete(entity);
     }
 

diff --git a/shogun-lib/src/main/java/de/terrestris/shogun/lib/service/RoleService.java b/shogun-lib/src/main/java/de/terrestris/shogun/lib/service/RoleService.java
@@ -88,26 +88,4 @@ public Optional<Role> findByKeyCloakId(String keycloakId) {
         return role;
     }
 
-    /**
-     *  Delete a role from the SHOGun DB by its provider Id.
-     *
-     * @param authProviderId
-     */
-    @Transactional
-//    @PreAuthorize("hasRole('ROLE_ADMIN') or hasPermission(#keycloakUserId, 'DELETE')")
-    public void deleteByAuthProviderId(String authProviderId) {
-        Optional<Role> roleOptional = repository.findByAuthProviderId(authProviderId);
-        Role role = roleOptional.orElse(null);
-
-        if (role == null) {
-            log.debug("Role with keycloak id {} was deleted in Keycloak. It did not exists in SHOGun DB. No action needed.", authProviderId);
-            return;
-        }
-
-        // TODO
-//        roleInstancePermissionService.deleteAllFor(role);
-        repository.delete(role);
-        log.info("Role with keycloak id {} was deleted in Keycloak and was therefore deleted in SHOGun DB, too.", authProviderId);
-    }
-
 }