manuel.sowada/radixOS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add database views

Browse Source
This commit is contained in:
Manuel Sowada
2026-04-27 16:03:49 +02:00
parent 5f494bb837
commit 5420097c63
1 changed files with 621 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

621
dbcreate_with_untested_views.sql Normal file
View File

@@ -0,0 +1,621 @@
/* =========================================================
DATABASE
========================================================= */
IF DB_ID('Radix_OS') IS NULL
BEGIN
CREATE DATABASE Radix_OS;
END
GO
USE Radix_OS;
GO
/* =========================================================
CLEAN RESET
========================================================= */
DROP VIEW IF EXISTS dbo.vAuthenticationEffectivePermissions;
DROP VIEW IF EXISTS dbo.vAuthenticationRoles;
DROP VIEW IF EXISTS dbo.vAuthenticationGroups;
DROP VIEW IF EXISTS dbo.vGroupHierarchy;
DROP VIEW IF EXISTS dbo.vAuthentications;
DROP VIEW IF EXISTS dbo.vEventLog;
DROP VIEW IF EXISTS dbo.vNotifyTray;
DROP TABLE IF EXISTS dbo.AuthenticationRoles;
DROP TABLE IF EXISTS dbo.AuthenticationGroups;
DROP TABLE IF EXISTS dbo.GroupRoles;
DROP TABLE IF EXISTS dbo.RolePermissions;
DROP TABLE IF EXISTS dbo.GroupClosure;
DROP TABLE IF EXISTS dbo.NotifyTray;
DROP TABLE IF EXISTS dbo.NotifyTrayObjects;
DROP TABLE IF EXISTS dbo.EventLog;
DROP TABLE IF EXISTS dbo.EventLevels;
DROP TABLE IF EXISTS dbo.Authentication;
DROP TABLE IF EXISTS dbo.[Group];
DROP TABLE IF EXISTS dbo.[Role];
DROP TABLE IF EXISTS dbo.Permission;
DROP TABLE IF EXISTS dbo.Plugins;
DROP TABLE IF EXISTS dbo.ObjectSource;
DROP TABLE IF EXISTS dbo.AuthenticationUAC;
DROP TABLE IF EXISTS dbo.Vault;
GO
/* =========================================================
CORE TABLES
========================================================= */
CREATE TABLE dbo.Vault (
ID int IDENTITY(1,1) NOT NULL,
CustomerGUID uniqueidentifier NOT NULL,
Feature nvarchar(128) COLLATE SQL_Latin1_General_CP1_CI_AS NOT NULL,
Payload nvarchar(MAX) COLLATE SQL_Latin1_General_CP1_CI_AS NOT NULL,
Signature nvarchar(MAX) COLLATE SQL_Latin1_General_CP1_CI_AS NOT NULL,
Active bit DEFAULT 1 NOT NULL,
ExpiresAt datetime NULL,
CreatedAt datetime DEFAULT getdate() NOT NULL,
UpdatedAt datetime DEFAULT getdate() NULL,
CONSTRAINT PK__Vault__3214EC275180843D PRIMARY KEY (ID)
);
CREATE TABLE dbo.ObjectSource (
ID INT IDENTITY(1,1) PRIMARY KEY,
Name VARCHAR(100) NOT NULL UNIQUE
);
CREATE TABLE dbo.AuthenticationUAC (
ID INT PRIMARY KEY,
AttributeName NVARCHAR(100),
AttributeOriginal VARCHAR(255)
);
CREATE TABLE dbo.[Role] (
ID INT IDENTITY(1,1) PRIMARY KEY,
Name NVARCHAR(255) UNIQUE,
Description NVARCHAR(MAX),
RoleType VARCHAR(50)
);
CREATE TABLE dbo.Permission (
ID INT IDENTITY(1,1) PRIMARY KEY,
Scope VARCHAR(100),
Resource VARCHAR(100),
Action VARCHAR(100),
CONSTRAINT UQ_Permission UNIQUE (Scope, Resource, Action)
);
CREATE TABLE dbo.Plugins (
Name VARCHAR(50) PRIMARY KEY,
Active BIT,
Version VARCHAR(25)
);
/* =========================================================
AUTHENTICATION
========================================================= */
CREATE TABLE dbo.Authentication (
ObjectGUID UNIQUEIDENTIFIER PRIMARY KEY,
sAMAccountName VARCHAR(255),
mail VARCHAR(255),
givenName VARCHAR(255),
sn VARCHAR(255),
employeeID VARCHAR(255),
title VARCHAR(255),
department VARCHAR(255),
streetAddress VARCHAR(255),
userAccountControl_ID INT,
telephoneNumber VARCHAR(255),
physicalDeliveryOfficeName VARCHAR(255),
distinguishedName VARCHAR(MAX),
password VARCHAR(MAX),
refreshtoken VARCHAR(MAX),
active BIT,
online BIT,
ObjectSource_ID INT,
FOREIGN KEY (ObjectSource_ID) REFERENCES dbo.ObjectSource(ID)
);
CREATE TABLE dbo.[Group] (
ObjectGUID UNIQUEIDENTIFIER PRIMARY KEY,
Name VARCHAR(255),
ObjectSource_ID INT,
distinguishedName VARCHAR(MAX),
FOREIGN KEY (ObjectSource_ID) REFERENCES dbo.ObjectSource(ID)
);
/* =========================================================
GROUP CLOSURE
========================================================= */
CREATE TABLE dbo.GroupClosure (
ParentGroup_ObjectGUID UNIQUEIDENTIFIER,
ChildGroup_ObjectGUID UNIQUEIDENTIFIER,
Depth INT,
PRIMARY KEY (ParentGroup_ObjectGUID, ChildGroup_ObjectGUID)
);
GO
/* =========================================================
RBAC
========================================================= */
CREATE TABLE dbo.AuthenticationRoles (
Authentication_ObjectGUID UNIQUEIDENTIFIER,
Role_ID INT,
PRIMARY KEY (Authentication_ObjectGUID, Role_ID)
);
GO
CREATE TABLE dbo.AuthenticationGroups (
Authentication_ObjectGUID UNIQUEIDENTIFIER,
Group_ObjectGUID UNIQUEIDENTIFIER,
PRIMARY KEY (Authentication_ObjectGUID, Group_ObjectGUID)
);
GO
CREATE TABLE dbo.GroupRoles (
Group_ObjectGUID UNIQUEIDENTIFIER,
Role_ID INT,
PRIMARY KEY (Group_ObjectGUID, Role_ID)
);
GO
CREATE TABLE dbo.RolePermissions (
Role_ID INT,
Permission_ID INT,
PRIMARY KEY (Role_ID, Permission_ID)
);
GO
/* =========================================================
EVENT SYSTEM
========================================================= */
CREATE TABLE dbo.EventLevels (
ID INT PRIMARY KEY,
LevelName VARCHAR(50),
DisplayName VARCHAR(150),
Priority INT
);
CREATE TABLE dbo.EventLog (
ID INT IDENTITY(1,1) PRIMARY KEY,
Message VARCHAR(MAX),
Trace VARCHAR(MAX),
Level_ID INT,
PluginName VARCHAR(50),
Date DATETIME2,
ObjectGUID UNIQUEIDENTIFIER
);
/* =========================================================
NOTIFY SYSTEM
========================================================= */
CREATE TABLE dbo.NotifyTrayObjects (
ID INT IDENTITY(1,1) PRIMARY KEY,
PluginName VARCHAR(50),
Message VARCHAR(MAX),
JSON VARCHAR(MAX),
ActionRequired BIT DEFAULT 0,
CreatedAt DATETIME2,
ExpiresAt DATETIME2
);
GO
CREATE TABLE dbo.NotifyTray (
ID INT IDENTITY(1,1) PRIMARY KEY,
ObjectGUID UNIQUEIDENTIFIER,
NotifyTrayObject_ID INT,
SeenAt DATETIME2
);
GO
/* =========================================================
SECURITY VIEWS
========================================================= */
CREATE VIEW dbo.vAuthenticationRoles AS
SELECT a.ObjectGUID, r.ID Role_ID, r.Name, 'DIRECT' Source
FROM dbo.Authentication a
JOIN dbo.AuthenticationRoles ar ON ar.Authentication_ObjectGUID = a.ObjectGUID
JOIN dbo.[Role] r ON r.ID = ar.Role_ID
UNION ALL
SELECT a.ObjectGUID, r.ID, r.Name, 'GROUP'
FROM dbo.Authentication a
JOIN dbo.AuthenticationGroups ag ON ag.Authentication_ObjectGUID = a.ObjectGUID
JOIN dbo.GroupRoles gr ON gr.Group_ObjectGUID = ag.Group_ObjectGUID
JOIN dbo.[Role] r ON r.ID = gr.Role_ID;
GO
CREATE VIEW dbo.vAuthenticationEffectivePermissions AS
SELECT DISTINCT
a.ObjectGUID,
p.Scope,
p.Resource,
p.Action,
CONCAT(p.Scope,'.',p.Resource,'.',p.Action) PermissionKey
FROM dbo.Authentication a
JOIN dbo.vAuthenticationRoles r ON r.ObjectGUID = a.ObjectGUID
JOIN dbo.RolePermissions rp ON rp.Role_ID = r.Role_ID
JOIN dbo.Permission p ON p.ID = rp.Permission_ID;
GO
/* =========================================================
FIXED vEventLog (SEQUELIZE MATCH + SYSTEM FIX)
========================================================= */
CREATE OR ALTER VIEW dbo.vEventLog
AS
SELECT
e.ID,
e.Message,
e.Trace,
e.Date,
e.Level_ID,
el.LevelName,
el.DisplayName AS LevelDisplayName,
el.Priority AS LevelPriority,
e.PluginName,
COALESCE(a.sn + ' ' + a.givenName, 'SYSTEM') AS ClearTextUser,
a.sn AS Surname,
a.givenName,
e.ObjectGUID,
a.sAMAccountName,
a.mail,
a.department,
a.telephoneNumber AS Phone,
a.physicalDeliveryOfficeName AS Office,
a.streetAddress AS Adress,
COALESCE(a.ObjectSource_ID, 1) AS ObjectSource_ID,
os.Name AS ObjectSourceName
FROM dbo.EventLog e
LEFT JOIN dbo.Authentication a ON a.ObjectGUID = e.ObjectGUID
LEFT JOIN dbo.EventLevels el ON el.ID = e.Level_ID
LEFT JOIN dbo.ObjectSource os ON os.ID = COALESCE(a.ObjectSource_ID, 1);
GO
/* =========================================================
AUTH VIEW
========================================================= */
CREATE VIEW dbo.vAuthentications AS
SELECT a.*, os.Name AS ObjectSource
FROM dbo.Authentication a
LEFT JOIN dbo.ObjectSource os ON os.ID = a.ObjectSource_ID;
GO
/* =========================================================
GROUP VIEW
========================================================= */
CREATE VIEW dbo.vGroupHierarchy AS
SELECT * FROM dbo.GroupClosure;
GO
/* =========================================================
NOTIFY VIEWS
========================================================= */
CREATE VIEW vNotifyTray AS
SELECT
n.ID,
n.ObjectGUID,
n.SeenAt,
a.sAMAccountName,
a.givenName,
a.sn,
a.mail,
a.active,
a.online,
nto.PluginName,
nto.JSON,
nto.ActionRequired,
nto.CreatedAt,
nto.Message
FROM NotifyTray n
LEFT JOIN Authentication a ON a.ObjectGUID = n.ObjectGUID
LEFT JOIN NotifyTrayObjects nto ON n.ID = n.NotifyTrayObject_ID
GO
/* =========================================================
SEED DATA
========================================================= */
INSERT INTO dbo.ObjectSource VALUES ('LOCAL'),('AD');
INSERT INTO dbo.EventLevels VALUES
(-1,'test','Test',5),
(0,'success','Success',4),
(1,'log','Log',3),
(2,'warn','Warn',2),
(4,'error','Error',1),
(8,'throw_exception','Exception',0);
INSERT INTO dbo.Plugins VALUES ('SYSTEM',1,'1.0.0');
INSERT INTO dbo.[Role] (Name,Description,RoleType)
VALUES ('ADMIN','System Administrator','SYSTEM');
INSERT INTO dbo.Permission (Scope,Resource,Action)
VALUES ('SYSTEM','ALL','ALL');
INSERT INTO dbo.RolePermissions
SELECT r.ID, p.ID
FROM dbo.[Role] r
JOIN dbo.Permission p ON p.Scope='SYSTEM'
WHERE r.Name='ADMIN';
/* =========================================================
ADMIN USER
========================================================= */
INSERT INTO dbo.Authentication (
ObjectGUID,
sAMAccountName,
mail,
givenName,
sn,
active,
online,
ObjectSource_ID
)
SELECT
'00000000-0000-0000-0000-000000000001',
'admin',
'admin@local',
'System',
'Admin',
1,
0,
ID
FROM dbo.ObjectSource
WHERE Name='LOCAL';
INSERT INTO dbo.AuthenticationRoles
SELECT
'00000000-0000-0000-0000-000000000001',
ID
FROM dbo.[Role]
WHERE Name='ADMIN';
GO
/* =========================================================
EXTENDED RBAC VIEWS
========================================================= */
-- ========================================================
-- 1. USER GROUPS (DIRECT + INHERITED)
-- ========================================================
CREATE OR ALTER VIEW dbo.vAuthenticationGroupsExpanded AS
SELECT
ag.Authentication_ObjectGUID,
g.ObjectGUID AS GroupGUID,
g.Name AS GroupName,
'DIRECT' AS Source
FROM dbo.AuthenticationGroups ag
JOIN dbo.[Group] g
ON g.ObjectGUID = ag.Group_ObjectGUID
UNION ALL
SELECT
ag.Authentication_ObjectGUID,
gc.ParentGroup_ObjectGUID,
g.Name,
'INHERITED'
FROM dbo.AuthenticationGroups ag
JOIN dbo.GroupClosure gc
ON gc.ChildGroup_ObjectGUID = ag.Group_ObjectGUID
JOIN dbo.[Group] g
ON g.ObjectGUID = gc.ParentGroup_ObjectGUID;
GO
-- ========================================================
-- 2. ROLES (DIRECT + GROUP + HIERARCHY)
-- ========================================================
CREATE OR ALTER VIEW dbo.vAuthenticationRolesExpanded AS
SELECT
ar.Authentication_ObjectGUID,
ar.Role_ID,
r.Name AS RoleName,
'DIRECT' AS Source
FROM dbo.AuthenticationRoles ar
JOIN dbo.[Role] r
ON r.ID = ar.Role_ID
UNION ALL
SELECT
ag.Authentication_ObjectGUID,
gr.Role_ID,
r.Name,
'GROUP'
FROM dbo.AuthenticationGroups ag
JOIN dbo.GroupRoles gr
ON gr.Group_ObjectGUID = ag.Group_ObjectGUID
JOIN dbo.[Role] r
ON r.ID = gr.Role_ID
UNION ALL
SELECT
ag.Authentication_ObjectGUID,
gr.Role_ID,
r.Name,
'GROUP_INHERITED'
FROM dbo.AuthenticationGroups ag
JOIN dbo.GroupClosure gc
ON gc.ChildGroup_ObjectGUID = ag.Group_ObjectGUID
JOIN dbo.GroupRoles gr
ON gr.Group_ObjectGUID = gc.ParentGroup_ObjectGUID
JOIN dbo.[Role] r
ON r.ID = gr.Role_ID;
GO
-- ========================================================
-- 3. EFFECTIVE ROLES (DEDUPLICATED)
-- ========================================================
CREATE OR ALTER VIEW dbo.vAuthenticationEffectiveRoles AS
SELECT DISTINCT
Authentication_ObjectGUID,
Role_ID,
RoleName
FROM dbo.vAuthenticationRolesExpanded;
GO
-- ========================================================
-- 4. PERMISSIONS (DETAILED WITH ROLE SOURCE)
-- ========================================================
CREATE OR ALTER VIEW dbo.vAuthenticationPermissionsDetailed AS
SELECT
r.Authentication_ObjectGUID,
r.Role_ID,
r.RoleName,
p.Scope,
p.Resource,
p.Action,
CONCAT(p.Scope,'.',p.Resource,'.',p.Action) AS PermissionKey
FROM dbo.vAuthenticationRolesExpanded r
JOIN dbo.RolePermissions rp
ON rp.Role_ID = r.Role_ID
JOIN dbo.Permission p
ON p.ID = rp.Permission_ID;
GO
-- ========================================================
-- 5. PERMISSION MATRIX (FAST LOOKUP)
-- ========================================================
CREATE OR ALTER VIEW dbo.vPermissionMatrix AS
SELECT DISTINCT
Authentication_ObjectGUID,
CONCAT(Scope,'.',Resource,'.',Action) AS PermissionKey
FROM dbo.vAuthenticationPermissionsDetailed;
GO
-- ========================================================
-- 6. GROUP ROLES OVERVIEW
-- ========================================================
CREATE OR ALTER VIEW dbo.vGroupRolesDetailed AS
SELECT
g.ObjectGUID,
g.Name AS GroupName,
r.ID AS Role_ID,
r.Name AS RoleName
FROM dbo.GroupRoles gr
JOIN dbo.[Group] g
ON g.ObjectGUID = gr.Group_ObjectGUID
JOIN dbo.[Role] r
ON r.ID = gr.Role_ID;
GO
-- ========================================================
-- 7. GROUP HIERARCHY (READABLE)
-- ========================================================
CREATE OR ALTER VIEW dbo.vGroupHierarchyReadable AS
SELECT
parent.ObjectGUID AS ParentGroupGUID,
parent.Name AS ParentGroupName,
child.ObjectGUID AS ChildGroupGUID,
child.Name AS ChildGroupName,
gc.Depth
FROM dbo.GroupClosure gc
JOIN dbo.[Group] parent
ON parent.ObjectGUID = gc.ParentGroup_ObjectGUID
JOIN dbo.[Group] child
ON child.ObjectGUID = gc.ChildGroup_ObjectGUID;
GO
-- ========================================================
-- 8. USER OVERVIEW (ADMIN DASHBOARD)
-- ========================================================
CREATE OR ALTER VIEW dbo.vAuthenticationOverview AS
SELECT
a.ObjectGUID,
a.sAMAccountName,
a.mail,
a.givenName,
a.sn,
a.active,
a.online,
COUNT(DISTINCT r.Role_ID) AS RoleCount,
COUNT(DISTINCT g.GroupGUID) AS GroupCount
FROM dbo.Authentication a
LEFT JOIN dbo.vAuthenticationRolesExpanded r
ON r.Authentication_ObjectGUID = a.ObjectGUID
LEFT JOIN dbo.vAuthenticationGroupsExpanded g
ON g.Authentication_ObjectGUID = a.ObjectGUID
GROUP BY
a.ObjectGUID,
a.sAMAccountName,
a.mail,
a.givenName,
a.sn,
a.active,
a.online;
GO
-- ========================================================
-- 9. BONUS: PERMISSION TRACE (WHY DOES USER HAVE THIS?)
-- ========================================================
CREATE OR ALTER VIEW dbo.vPermissionTrace AS
SELECT
apd.Authentication_ObjectGUID,
apd.RoleName,
apd.Scope,
apd.Resource,
apd.Action,
apd.PermissionKey
FROM dbo.vAuthenticationPermissionsDetailed apd;
GO