Skip to content

Commit 6c2eb8f

Browse files
marcelomonteironosimarcelomonteironosi
committed
check permission fix, remove department code prefix from permissions
1 parent 6848e64 commit 6c2eb8f

File tree

2 files changed

+12
-35
lines changed

2 files changed

+12
-35
lines changed

src/main/java/cv/igrp/platform/access_management/authorization/domain/service/PermissionCacheService.java

Lines changed: 11 additions & 34 deletions
Original file line numberDiff line numberDiff line change
@@ -51,10 +51,9 @@ public PermissionCacheEntryDTO checkInternal(PermissionCheckRequest request) {
5151
setFromCacheAsFalse();
5252

5353
String subject = request.getSubject();
54-
String resource = request.getResource();
5554
String action = request.getAction();
5655

57-
boolean allowed = checkPermission(subject, resource, action);
56+
boolean allowed = checkPermission(subject, action);
5857

5958
PermissionCacheEntryDTO response = new PermissionCacheEntryDTO(
6059
allowed,
@@ -64,7 +63,7 @@ public PermissionCacheEntryDTO checkInternal(PermissionCheckRequest request) {
6463
return response;
6564
}
6665

67-
private Boolean checkPermission(String username, String resourceItem, String permissionName) {
66+
private Boolean checkPermission(String username, String permissionName) {
6867

6968
// Verifica se o utilizador existe ou está inativo/deletado
7069
var userOpt = userRepository.findByUsername(username);
@@ -73,39 +72,17 @@ private Boolean checkPermission(String username, String resourceItem, String per
7372
}
7473

7574
String sql = """
76-
WITH target_user AS (
77-
SELECT id
78-
FROM t_user
79-
WHERE username = ?
80-
),
81-
user_roles AS (
82-
SELECT ru.roles_id
83-
FROM t_role_users ru
84-
JOIN target_user tu ON ru.users_id = tu.id
85-
),
86-
role_permissions AS (
87-
SELECT rp.permission
88-
FROM t_role_permission rp
89-
JOIN user_roles ur ON rp.role_id = ur.roles_id
90-
),
91-
target_permission AS (
92-
SELECT p.id
93-
FROM t_permission p
94-
JOIN role_permissions rp ON p.id = rp.permission
95-
WHERE p.name = ?
96-
),
97-
resource_check AS (
98-
SELECT 1 AS result
99-
FROM t_resource_item ri
100-
JOIN t_resource_item_permissions rpp ON ri.id = rpp.resource_item_entity_id
101-
JOIN target_permission tp ON rpp.permissions_id = tp.id
102-
WHERE ri.name = ?
103-
)
104-
SELECT result FROM resource_check
105-
LIMIT 1;
75+
SELECT 1 AS result
76+
FROM t_user u
77+
JOIN t_role_users ru ON ru.users_id = u.id
78+
JOIN t_role_permission rp ON rp.role_id = ru.roles_id
79+
JOIN t_permission p ON p.id = rp.permission
80+
WHERE u.username = ?
81+
AND p.name = ?
82+
LIMIT 1;
10683
""";
10784

108-
List<Integer> results = jdbcTemplate.query(sql, (_,_) -> 1, username, permissionName, resourceItem);
85+
List<Integer> results = jdbcTemplate.query(sql, (_,_) -> 1, username, permissionName);
10986

11087
return !results.isEmpty();
11188
}

src/main/java/cv/igrp/platform/access_management/permission/application/commands/CreatePermissionCommandHandler.java

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -91,7 +91,7 @@ public ResponseEntity<PermissionDTO> handle(CreatePermissionCommand command) {
9191
);
9292
});
9393

94-
command.getPermissiondto().setName(PermissionValidator.normalizePermissionName(command.getPermissiondto().getName(), foundDepartment.getCode()));
94+
command.getPermissiondto().setName(command.getPermissiondto().getName());
9595

9696
log.info("Create permission with name: {}", command.getPermissiondto().getName());
9797

0 commit comments

Comments
 (0)