public void DropTrigger(TriggerRef triggerName) { Log.InfoFormat("Dropping trigger [{0}]", triggerName); _provider.DropTrigger(triggerName); }
private void CheckUpdateRightsTrigger() { Log.InfoFormat("Checking UpdateRightsTrigger"); // Select all ObjectClasses with ACL foreach (var objClass in schema.GetQuery<ObjectClass>().ToList().Where(o => o.NeedsRightsTable()).OrderBy(o => o.Module.Namespace).ThenBy(o => o.Name)) { Log.DebugFormat("Table: {0}", objClass.TableName); if (repair) { Case.DoCreateOrReplaceUpdateRightsTrigger(objClass); } else { var tblName = objClass.GetTableRef(db); var updateRightsTriggerName = new TriggerRef(tblName, Construct.SecurityRulesUpdateRightsTriggerName(objClass)); if (!db.CheckTriggerExists(updateRightsTriggerName)) { Log.WarnFormat("Security Rules Trigger '{0}' is missing", updateRightsTriggerName); } } } // Select all n:m Relations that are in a ACL selector foreach (Relation rel in schema.GetQuery<Relation>().ToList() .Where(r => r.GetRelationType() == RelationType.n_m && schema.GetQuery<RoleMembership>().ToList().Where(rm => rm.Relations.Contains(r)).Count() > 0)) { Log.DebugFormat("Relation: {0}, {1} <-> {2}", rel.Description, rel.A.Type.TableName, rel.B.Type.TableName); if (repair) { Case.DoCreateUpdateRightsTrigger(rel); } else { var tblName = db.GetTableName(rel.Module.SchemaName, rel.GetRelationTableName()); var updateRightsTriggerName = new TriggerRef(tblName, Construct.SecurityRulesUpdateRightsTriggerName(rel)); if (!db.CheckTriggerExists(updateRightsTriggerName)) { Log.WarnFormat("Security Rules Trigger '{0}' is missing", updateRightsTriggerName); } } } if (repair) { var allACLTables = schema.GetQuery<ObjectClass>() .ToList() .Where(o => o.NeedsRightsTable()) .OrderBy(o => o.Module.Namespace) .ThenBy(o => o.Name) .ToList(); Case.DoCreateRefreshAllRightsProcedure(allACLTables); } }
public bool CheckTriggerExists(TriggerRef triggerName) { var result = _provider.CheckTriggerExists(triggerName); LogExistance("Trigger", triggerName, result); return result; }
public void CreateUpdateRightsTrigger(TriggerRef triggerName, TableRef tblName, List<RightsTrigger> tblList, List<string> dependingCols) { if (Log.IsInfoEnabled) Log.InfoFormat("Creating update rights trigger [{0}] for [{1}] checking [{2}]", triggerName, tblName, string.Join(", ", dependingCols)); if (Log.IsDebugEnabled && tblList != null) { foreach (var tbl in tblList) { Log.DebugFormat("Updating [{0}] via [{1}]", tbl.TblName, string.Join(" => ", tbl.ObjectRelations.Select(r => r.ToString()))); Log.DebugFormat(" [{0}]", string.Join(" => ", tbl.IdentityRelations.Select(r => r.ToString()))); } } _provider.CreateUpdateRightsTrigger(triggerName, tblName, tblList, dependingCols); }
/// <summary>Not supported.</summary> void ISchemaProvider.CreateUpdateRightsTrigger(TriggerRef triggerName, TableRef tblName, List<RightsTrigger> tblList, List<string> dependingCols) { throw new NotSupportedException(); }
/// <summary>Not supported.</summary> void ISchemaProvider.DropTrigger(TriggerRef triggerName) { throw new NotSupportedException(); }
/// <summary>Not supported.</summary> bool ISchemaProvider.CheckTriggerExists(TriggerRef triggerName) { throw new NotSupportedException(); }
public void DoRenameObjectClassACL(ObjectClass objClass) { ObjectClass savedObjClass = savedSchema.FindPersistenceObject<ObjectClass>(objClass.ExportGuid); var tblName = objClass.GetTableRef(db); var savedTblName = savedObjClass.GetTableRef(db); var tblRightsName = db.GetTableName(objClass.Module.SchemaName, Construct.SecurityRulesTableName(objClass)); var savedTblRightsName = db.GetTableName(savedObjClass.Module.SchemaName, Construct.SecurityRulesTableName(savedObjClass)); var rightsViewUnmaterializedName = db.GetTableName(objClass.Module.SchemaName, Construct.SecurityRulesRightsViewUnmaterializedName(objClass)); var savedRightsViewUnmaterializedName = db.GetTableName(savedObjClass.Module.SchemaName, Construct.SecurityRulesRightsViewUnmaterializedName(savedObjClass)); var refreshRightsOnProcedureName = db.GetProcedureName(objClass.Module.SchemaName, Construct.SecurityRulesRefreshRightsOnProcedureName(objClass)); var savedRefreshRightsOnProcedureName = db.GetProcedureName(savedObjClass.Module.SchemaName, Construct.SecurityRulesRefreshRightsOnProcedureName(savedObjClass)); var savedUpdateRightsTriggerName = new TriggerRef(savedTblName, Construct.SecurityRulesUpdateRightsTriggerName(savedObjClass)); Log.InfoFormat("Renaming ObjectClass Security Rules: {0}", objClass.Name); if (db.CheckTriggerExists(savedUpdateRightsTriggerName)) db.DropTrigger(savedUpdateRightsTriggerName); if (db.CheckProcedureExists(savedRefreshRightsOnProcedureName)) db.DropProcedure(savedRefreshRightsOnProcedureName); if (db.CheckViewExists(savedRightsViewUnmaterializedName)) db.DropView(savedRightsViewUnmaterializedName); db.RenameTable(savedTblRightsName, tblRightsName); db.RenameIndex(tblRightsName, Construct.SecurityRulesIndexName(savedObjClass), Construct.SecurityRulesIndexName(objClass)); db.RenameFKConstraint(tblRightsName, Construct.SecurityRulesFKName(savedObjClass), objClass.GetTableRef(db), "ID", Construct.SecurityRulesFKName(objClass), true); DoCreateOrReplaceUpdateRightsTrigger(objClass); DoCreateRightsViewUnmaterialized(objClass); db.CreateRefreshRightsOnProcedure(refreshRightsOnProcedureName, rightsViewUnmaterializedName, tblName, tblRightsName); }
public void DoDeleteObjectClassSecurityRules(ObjectClass objClass) { var tblName = objClass.GetTableRef(db); var tblRightsName = db.GetTableName(objClass.Module.SchemaName, Construct.SecurityRulesTableName(objClass)); var rightsViewUnmaterializedName = db.GetTableName(objClass.Module.SchemaName, Construct.SecurityRulesRightsViewUnmaterializedName(objClass)); var refreshRightsOnProcedureName = Construct.SecurityRulesRefreshRightsOnProcedureName(objClass); var updateRightsTriggerName = new TriggerRef(tblName, Construct.SecurityRulesUpdateRightsTriggerName(objClass)); Log.InfoFormat("Delete ObjectClass Security Rules: {0}", objClass.Name); if (db.CheckTriggerExists(updateRightsTriggerName)) db.DropTrigger(updateRightsTriggerName); if (db.CheckProcedureExists(db.GetProcedureName(objClass.Module.SchemaName, refreshRightsOnProcedureName))) db.DropProcedure(db.GetProcedureName(objClass.Module.SchemaName, refreshRightsOnProcedureName)); if (db.CheckViewExists(rightsViewUnmaterializedName)) db.DropView(rightsViewUnmaterializedName); if (db.CheckTableExists(tblRightsName)) db.DropTable(tblRightsName); }
public void DoCreateUpdateRightsTrigger(Relation rel) { var tblName = db.GetTableName(rel.Module.SchemaName, rel.GetRelationTableName()); var updateRightsTriggerName = new TriggerRef(tblName, Construct.SecurityRulesUpdateRightsTriggerName(rel)); if (db.CheckTriggerExists(updateRightsTriggerName)) db.DropTrigger(updateRightsTriggerName); var tblList = new List<RightsTrigger>(); // Get all ObjectClasses that depends on current relation var list = schema.GetQuery<ObjectClass>() .Where(o => o.AccessControlList.OfType<RoleMembership>() .Where(rm => rm.Relations .Where(r => r == rel).Count() > 0).Count() > 0) .Distinct().ToList().Where(o => o.NeedsRightsTable()); var identity = (ObjectClass)NamedObjects.Base.Classes.Zetbox.App.Base.Identity.Find(rel.Context); foreach (var dep in list) { Log.DebugFormat(" Additional update Table: {0}", dep.TableName); foreach (var ac in dep.AccessControlList.OfType<RoleMembership>()) { if (ac.Relations.Contains(rel)) { var rt = new RightsTrigger() { TblName = dep.GetTableRef(db), TblNameRights = db.GetTableName(dep.Module.SchemaName, Construct.SecurityRulesTableName(dep)), ViewUnmaterializedName = db.GetTableName(dep.Module.SchemaName, Construct.SecurityRulesRightsViewUnmaterializedName(dep)), }; try { // Ignore last join - our n:m end has two (in & out), but we only need the incoming one var objJoinList = SchemaManager.CreateJoinList(db, dep, ac.Relations.TakeWhileInclusive(r => r != rel)); rt.ObjectRelations.AddRange(objJoinList.Take(objJoinList.Count - 1)); // Ignore last join - our n:m end has two (in & out), but we only need the incoming one var idJoinList = SchemaManager.CreateJoinList(db, identity, ac.Relations.Reverse().TakeWhileInclusive(r => r != rel)); rt.IdentityRelations.AddRange(idJoinList.Take(idJoinList.Count - 1)); } catch (Zetbox.Server.SchemaManagement.SchemaManager.JoinListException ex) { Log.Warn("Unable to create UpdateRightsTrigger on " + rel, ex); return; } tblList.Add(rt); } } } db.CreateUpdateRightsTrigger(updateRightsTriggerName, tblName, tblList, new List<string>() { Construct.ForeignKeyColumnName(rel.A), Construct.ForeignKeyColumnName(rel.B) }); }
public void DoCreateOrReplaceUpdateRightsTrigger(ObjectClass objClass) { var tblName = objClass.GetTableRef(db); var updateRightsTriggerName = new TriggerRef(tblName, Construct.SecurityRulesUpdateRightsTriggerName(objClass)); if (db.CheckTriggerExists(updateRightsTriggerName)) db.DropTrigger(updateRightsTriggerName); var tblList = new List<RightsTrigger>(); tblList.Add(new RightsTrigger() { TblName = objClass.GetTableRef(db), TblNameRights = db.GetTableName(objClass.Module.SchemaName, Construct.SecurityRulesTableName(objClass)), ViewUnmaterializedName = db.GetTableName(objClass.Module.SchemaName, Construct.SecurityRulesRightsViewUnmaterializedName(objClass)) }); // Get all ObjectClasses that depends on current object class var list = schema.GetQuery<ObjectClass>() .Where(o => o.AccessControlList.OfType<RoleMembership>() .Where(rm => rm.Relations .Where(r => r.A.Type == objClass || r.B.Type == objClass).Count() > 0).Count() > 0) .Distinct().ToList().Where(o => o.NeedsRightsTable() && o != objClass); var identity = (ObjectClass)NamedObjects.Base.Classes.Zetbox.App.Base.Identity.Find(objClass.Context); foreach (var dep in list) { Log.DebugFormat(" Additional update Table: {0}", dep.TableName); foreach (var ac in dep.AccessControlList.OfType<RoleMembership>()) { var rel = ac.Relations.FirstOrDefault(r => r.A.Type == objClass || r.B.Type == objClass); if (rel != null) { var rt = new RightsTrigger() { TblName = dep.GetTableRef(db), TblNameRights = db.GetTableName(dep.Module.SchemaName, Construct.SecurityRulesTableName(dep)), ViewUnmaterializedName = db.GetTableName(dep.Module.SchemaName, Construct.SecurityRulesRightsViewUnmaterializedName(dep)), }; try { rt.ObjectRelations.AddRange(SchemaManager.CreateJoinList(db, dep, ac.Relations.TakeWhileInclusive(r => r != rel))); rt.IdentityRelations.AddRange(SchemaManager.CreateJoinList(db, identity, ac.Relations.Reverse().TakeWhile(r => r != rel))); } catch (Zetbox.Server.SchemaManagement.SchemaManager.JoinListException ex) { Log.Warn("Unable to create UpdateRightsTrigger on " + objClass, ex); return; } tblList.Add(rt); } } } // do not check fk_ChangedBy since it always changes, even when only recalculations were done. // ACLs MUST never use ChangedBy information var fkCols = objClass.GetRelationEndsWithLocalStorage() .Where(r => !(r.Type.ImplementsIChangedBy() && r.Navigator != null && r.Navigator.Name == "ChangedBy")) .Select(r => Construct.ForeignKeyColumnName(r.GetParent().GetOtherEnd(r))) .ToList(); db.CreateUpdateRightsTrigger(updateRightsTriggerName, tblName, tblList, fkCols); }