From e5ee067db46d804c6b9fc36f49408d573e0696f4 Mon Sep 17 00:00:00 2001 From: "manuel.sowada" Date: Tue, 5 May 2026 14:49:34 +0200 Subject: [PATCH] add permission view --- dbcreate.sql | 50 ++++++++++++++ public/javascript/rbacAPI.js | 11 ++-- public/views/rbac.hbs | 53 ++++++++------- server.js | 4 +- src/models/permissionOverviewView.js | 65 +++++++++++++++++++ ...ionTraceView.js => permissionTraceView.js} | 0 src/routes/adminRoutes.js | 1 + src/services/rbacManager.js | 3 +- 8 files changed, 154 insertions(+), 33 deletions(-) create mode 100644 src/models/permissionOverviewView.js rename src/models/{PermissionTraceView.js => permissionTraceView.js} (100%) diff --git a/dbcreate.sql b/dbcreate.sql index 6757c55..292fc96 100644 --- a/dbcreate.sql +++ b/dbcreate.sql @@ -24,6 +24,7 @@ GO -- DROP VIEW IF EXISTS dbo.vAuthentications; -- DROP VIEW IF EXISTS dbo.vEventLog; -- DROP VIEW IF EXISTS dbo.vNotifyTray; +-- DROP VIEW IF EXISTS dbo.vPermissionOverview;s -- DROP TABLE IF EXISTS dbo.AuthenticationRoles; -- DROP TABLE IF EXISTS dbo.AuthenticationGroups; @@ -550,6 +551,55 @@ JOIN dbo.Permission p GO +CREATE OR ALTER VIEW dbo.vPermissionOverview AS +SELECT + p.ID AS Permission_ID, + p.Scope, + p.Resource, + p.Action, + p.Scope + '.' + p.Resource + '.' + p.Action AS PermissionKey, + + r.ID AS Role_ID, + + + -- πŸ”₯ NEU: Anzahl Rollen pro Permission + COUNT(r.ID) OVER (PARTITION BY p.ID) AS RoleCount, + + COUNT(gr.Group_ObjectGUID) AS GroupCount, + COUNT(ar.Authentication_ObjectGUID) AS DirectUserCount, + COUNT(ag.Authentication_ObjectGUID) AS GroupUserCount, + + COUNT( + COALESCE(ar.Authentication_ObjectGUID, ag.Authentication_ObjectGUID) + ) AS TotalUserCount + +FROM dbo.Permission AS p + +INNER JOIN dbo.RolePermissions AS rp + ON rp.Permission_ID = p.ID + +INNER JOIN dbo.Role AS r + ON r.ID = rp.Role_ID + +LEFT JOIN dbo.GroupRoles AS gr + ON gr.Role_ID = r.ID + +LEFT JOIN dbo.AuthenticationRoles AS ar + ON ar.Role_ID = r.ID + +LEFT JOIN dbo.AuthenticationGroups AS ag + ON ag.Group_ObjectGUID = gr.Group_ObjectGUID + +GROUP BY + p.ID, + p.Scope, + p.Resource, + p.Action, + r.ID, + r.Name; +GO + + -- ======================================================== -- 5. PERMISSION MATRIX (FAST LOOKUP) -- ======================================================== diff --git a/public/javascript/rbacAPI.js b/public/javascript/rbacAPI.js index dc118a8..4d315fe 100644 --- a/public/javascript/rbacAPI.js +++ b/public/javascript/rbacAPI.js @@ -235,10 +235,13 @@ const rbacPermissionsVT = virtualTable({ deletePermission(row['ID'], `${row['Scope']}.${row['Resource']}.${row['Action']}`); } }); - createTd(tr, row['ID'], { classes: [ 'text-align:left' ], styles: { 'max-width': '100px' } } ); - createTd(tr, row['Scope'], { classes: [ 'text-align:left' ] }); - createTd(tr, row['Resource'], { classes: [ 'text-align:center' ] }); - createTd(tr, row['Action'], { classes: [ 'text-align:center' ] }); + createTd(tr, row['Permission_ID'], { classes: [ 'text-align:left' ], styles: { 'width': '100px' } } ); + createTd(tr, row['GroupUserCount'], { classes: [ 'text-align:center' ] }); + createTd(tr, row['TotalUserCount'], { classes: [ 'text-align:center' ] }); + createTd(tr, row['RoleCount'], { classes: [ 'text-align:center' ], styles: { 'width': '100px' } }); + createTd(tr, row['Scope'], { classes: [ 'text-align:right' ], styles: { 'width': '100px' } }); + createTd(tr, row['Resource'], { classes: [ 'text-align:center' ], styles: { 'width': '100px' } }); + createTd(tr, row['Action'], { classes: [ 'text-align:left' ], styles: { 'width': '100px' } }); } }); diff --git a/public/views/rbac.hbs b/public/views/rbac.hbs index ac58ace..ec108a8 100644 --- a/public/views/rbac.hbs +++ b/public/views/rbac.hbs @@ -67,7 +67,7 @@ input {
Users
- +
@@ -87,6 +87,33 @@ input {
+ + +
+ .. + + + +
+ + + + + + + + + + + + + + + + +
IDGruppenBenutzerRollenScopeResourceAction
BERECHTIGUNGEN WERDEN GELADEN . . .
+
+
@@ -106,30 +133,6 @@ input { ROLLEN WERDEN GELADEN . . .
- - -
- .. - - - -
- - - - - - - - - - - - - -
IDScopeResourceAction
BERECHTIGUNGEN WERDEN GELADEN . . .
-
-
diff --git a/server.js b/server.js index f645075..8bba14f 100644 --- a/server.js +++ b/server.js @@ -117,8 +117,8 @@ const server = https.createServer(httpsOptions, app); databaseModel.set('authenticationOverviewView', require(`@models/authenticationOverviewView`)(service.get('sqlManager').getInstance('main'))); databaseModel.set('groupOverviewView', require(`@models/groupOverviewView`)(service.get('sqlManager').getInstance('main'))); databaseModel.set('roleOverviewView', require(`@models/roleOverviewView`)(service.get('sqlManager').getInstance('main'))); - databaseModel.set('PermissionTraceView', require(`@models/PermissionTraceView`)(service.get('sqlManager').getInstance('main'))); - + databaseModel.set('permissionTraceView', require(`@models/permissionTraceView`)(service.get('sqlManager').getInstance('main'))); + databaseModel.set('permissionOverviewView', require(`@models/permissionOverviewView`)(service.get('sqlManager').getInstance('main'))); service.set('rbacManager', new RBACManager(databaseModel, runtimeFile.configuration.live.integration.token.secret)); diff --git a/src/models/permissionOverviewView.js b/src/models/permissionOverviewView.js new file mode 100644 index 0000000..39b2607 --- /dev/null +++ b/src/models/permissionOverviewView.js @@ -0,0 +1,65 @@ +const { DataTypes } = require('sequelize'); + +module.exports = (sequelize) => { + const VPermissionOverviewView = sequelize.define( + 'vPermissionOverviewView', + { + Permission_ID: { + type: DataTypes.INTEGER, + primaryKey: true + }, + + Scope: { + type: DataTypes.STRING + }, + Resource: { + type: DataTypes.STRING + }, + Action: { + type: DataTypes.STRING + }, + PermissionKey: { + type: DataTypes.STRING + }, + + Role_ID: { + type: DataTypes.INTEGER, + primaryKey: true + }, + + RoleCount: { + type: DataTypes.INTEGER + }, + + GroupCount: { + type: DataTypes.INTEGER + }, + + DirectUserCount: { + type: DataTypes.INTEGER + }, + + GroupUserCount: { + type: DataTypes.INTEGER + }, + + TotalUserCount: { + type: DataTypes.INTEGER + } + }, + { + tableName: 'vPermissionOverview', // ⚠️ exakt dein SQL View Name + timestamps: false, + freezeTableName: true, + + // πŸ”’ Wichtig fΓΌr Views + createdAt: false, + updatedAt: false + } + ); + + // 🚫 keine Mutationen erlauben (View!) + VPermissionOverviewView.removeAttribute('id'); + + return VPermissionOverviewView; +}; \ No newline at end of file diff --git a/src/models/PermissionTraceView.js b/src/models/permissionTraceView.js similarity index 100% rename from src/models/PermissionTraceView.js rename to src/models/permissionTraceView.js diff --git a/src/routes/adminRoutes.js b/src/routes/adminRoutes.js index 12f81ee..cf06be3 100644 --- a/src/routes/adminRoutes.js +++ b/src/routes/adminRoutes.js @@ -351,6 +351,7 @@ module.exports = { app.post('/api/rbac/permission/get', async (req, res) => { try { rbacPermissions = await service.get('rbacManager').getPermission(); + console.log(rbacPermissions) res.json(rbacPermissions); } catch (err) { res.status(500).json({ error: err.message }); diff --git a/src/services/rbacManager.js b/src/services/rbacManager.js index 25bb2d1..833810e 100644 --- a/src/services/rbacManager.js +++ b/src/services/rbacManager.js @@ -425,8 +425,7 @@ async removeRoleFromUser(authId, roleId) { // πŸ” PERMISSION CRUD // ========================================================= async getPermission() { - const permission = this.db.get('permissionModel'); - console.log(permission) + const permission = this.db.get('permissionOverviewView'); return await permission.findAll({ raw: true }) || []; }