public void DropTrigger(TriggerRef triggerName)
{
Log.InfoFormat("Dropping trigger [{0}]", triggerName);
_provider.DropTrigger(triggerName);
}
private void CheckUpdateRightsTrigger()
{
Log.InfoFormat("Checking UpdateRightsTrigger");
// Select all ObjectClasses with ACL
foreach (var objClass in schema.GetQuery<ObjectClass>().ToList().Where(o => o.NeedsRightsTable()).OrderBy(o => o.Module.Namespace).ThenBy(o => o.Name))
{
Log.DebugFormat("Table: {0}", objClass.TableName);
if (repair)
{
Case.DoCreateOrReplaceUpdateRightsTrigger(objClass);
}
else
{
var tblName = objClass.GetTableRef(db);
var updateRightsTriggerName = new TriggerRef(tblName, Construct.SecurityRulesUpdateRightsTriggerName(objClass));
if (!db.CheckTriggerExists(updateRightsTriggerName))
{
Log.WarnFormat("Security Rules Trigger '{0}' is missing", updateRightsTriggerName);
}
}
}
// Select all n:m Relations that are in a ACL selector
foreach (Relation rel in schema.GetQuery<Relation>().ToList()
.Where(r => r.GetRelationType() == RelationType.n_m && schema.GetQuery<RoleMembership>().ToList().Where(rm => rm.Relations.Contains(r)).Count() > 0))
{
Log.DebugFormat("Relation: {0}, {1} <-> {2}", rel.Description, rel.A.Type.TableName, rel.B.Type.TableName);
if (repair)
{
Case.DoCreateUpdateRightsTrigger(rel);
}
else
{
var tblName = db.GetTableName(rel.Module.SchemaName, rel.GetRelationTableName());
var updateRightsTriggerName = new TriggerRef(tblName, Construct.SecurityRulesUpdateRightsTriggerName(rel));
if (!db.CheckTriggerExists(updateRightsTriggerName))
{
Log.WarnFormat("Security Rules Trigger '{0}' is missing", updateRightsTriggerName);
}
}
}
if (repair)
{
var allACLTables = schema.GetQuery<ObjectClass>()
.ToList()
.Where(o => o.NeedsRightsTable())
.OrderBy(o => o.Module.Namespace)
.ThenBy(o => o.Name)
.ToList();
Case.DoCreateRefreshAllRightsProcedure(allACLTables);
}
}
public bool CheckTriggerExists(TriggerRef triggerName)
{
var result = _provider.CheckTriggerExists(triggerName);
LogExistance("Trigger", triggerName, result);
return result;
}
public void CreateUpdateRightsTrigger(TriggerRef triggerName, TableRef tblName, List<RightsTrigger> tblList, List<string> dependingCols)
{
if (Log.IsInfoEnabled)
Log.InfoFormat("Creating update rights trigger [{0}] for [{1}] checking [{2}]", triggerName, tblName, string.Join(", ", dependingCols));
if (Log.IsDebugEnabled && tblList != null)
{
foreach (var tbl in tblList)
{
Log.DebugFormat("Updating [{0}] via [{1}]", tbl.TblName, string.Join(" => ", tbl.ObjectRelations.Select(r => r.ToString())));
Log.DebugFormat(" [{0}]", string.Join(" => ", tbl.IdentityRelations.Select(r => r.ToString())));
}
}
_provider.CreateUpdateRightsTrigger(triggerName, tblName, tblList, dependingCols);
}
/// <summary>Not supported.</summary>
void ISchemaProvider.CreateUpdateRightsTrigger(TriggerRef triggerName, TableRef tblName, List<RightsTrigger> tblList, List<string> dependingCols)
{
throw new NotSupportedException();
}
/// <summary>Not supported.</summary>
void ISchemaProvider.DropTrigger(TriggerRef triggerName)
{
throw new NotSupportedException();
}
/// <summary>Not supported.</summary>
bool ISchemaProvider.CheckTriggerExists(TriggerRef triggerName)
{
throw new NotSupportedException();
}
public void DoRenameObjectClassACL(ObjectClass objClass)
{
ObjectClass savedObjClass = savedSchema.FindPersistenceObject<ObjectClass>(objClass.ExportGuid);
var tblName = objClass.GetTableRef(db);
var savedTblName = savedObjClass.GetTableRef(db);
var tblRightsName = db.GetTableName(objClass.Module.SchemaName, Construct.SecurityRulesTableName(objClass));
var savedTblRightsName = db.GetTableName(savedObjClass.Module.SchemaName, Construct.SecurityRulesTableName(savedObjClass));
var rightsViewUnmaterializedName = db.GetTableName(objClass.Module.SchemaName, Construct.SecurityRulesRightsViewUnmaterializedName(objClass));
var savedRightsViewUnmaterializedName = db.GetTableName(savedObjClass.Module.SchemaName, Construct.SecurityRulesRightsViewUnmaterializedName(savedObjClass));
var refreshRightsOnProcedureName = db.GetProcedureName(objClass.Module.SchemaName, Construct.SecurityRulesRefreshRightsOnProcedureName(objClass));
var savedRefreshRightsOnProcedureName = db.GetProcedureName(savedObjClass.Module.SchemaName, Construct.SecurityRulesRefreshRightsOnProcedureName(savedObjClass));
var savedUpdateRightsTriggerName = new TriggerRef(savedTblName, Construct.SecurityRulesUpdateRightsTriggerName(savedObjClass));
Log.InfoFormat("Renaming ObjectClass Security Rules: {0}", objClass.Name);
if (db.CheckTriggerExists(savedUpdateRightsTriggerName))
db.DropTrigger(savedUpdateRightsTriggerName);
if (db.CheckProcedureExists(savedRefreshRightsOnProcedureName))
db.DropProcedure(savedRefreshRightsOnProcedureName);
if (db.CheckViewExists(savedRightsViewUnmaterializedName))
db.DropView(savedRightsViewUnmaterializedName);
db.RenameTable(savedTblRightsName, tblRightsName);
db.RenameIndex(tblRightsName, Construct.SecurityRulesIndexName(savedObjClass), Construct.SecurityRulesIndexName(objClass));
db.RenameFKConstraint(tblRightsName, Construct.SecurityRulesFKName(savedObjClass), objClass.GetTableRef(db), "ID", Construct.SecurityRulesFKName(objClass), true);
DoCreateOrReplaceUpdateRightsTrigger(objClass);
DoCreateRightsViewUnmaterialized(objClass);
db.CreateRefreshRightsOnProcedure(refreshRightsOnProcedureName, rightsViewUnmaterializedName, tblName, tblRightsName);
}
public void DoDeleteObjectClassSecurityRules(ObjectClass objClass)
{
var tblName = objClass.GetTableRef(db);
var tblRightsName = db.GetTableName(objClass.Module.SchemaName, Construct.SecurityRulesTableName(objClass));
var rightsViewUnmaterializedName = db.GetTableName(objClass.Module.SchemaName, Construct.SecurityRulesRightsViewUnmaterializedName(objClass));
var refreshRightsOnProcedureName = Construct.SecurityRulesRefreshRightsOnProcedureName(objClass);
var updateRightsTriggerName = new TriggerRef(tblName, Construct.SecurityRulesUpdateRightsTriggerName(objClass));
Log.InfoFormat("Delete ObjectClass Security Rules: {0}", objClass.Name);
if (db.CheckTriggerExists(updateRightsTriggerName))
db.DropTrigger(updateRightsTriggerName);
if (db.CheckProcedureExists(db.GetProcedureName(objClass.Module.SchemaName, refreshRightsOnProcedureName)))
db.DropProcedure(db.GetProcedureName(objClass.Module.SchemaName, refreshRightsOnProcedureName));
if (db.CheckViewExists(rightsViewUnmaterializedName))
db.DropView(rightsViewUnmaterializedName);
if (db.CheckTableExists(tblRightsName))
db.DropTable(tblRightsName);
}
public void DoCreateUpdateRightsTrigger(Relation rel)
{
var tblName = db.GetTableName(rel.Module.SchemaName, rel.GetRelationTableName());
var updateRightsTriggerName = new TriggerRef(tblName, Construct.SecurityRulesUpdateRightsTriggerName(rel));
if (db.CheckTriggerExists(updateRightsTriggerName))
db.DropTrigger(updateRightsTriggerName);
var tblList = new List<RightsTrigger>();
// Get all ObjectClasses that depends on current relation
var list = schema.GetQuery<ObjectClass>()
.Where(o => o.AccessControlList.OfType<RoleMembership>()
.Where(rm => rm.Relations
.Where(r => r == rel).Count() > 0).Count() > 0)
.Distinct().ToList().Where(o => o.NeedsRightsTable());
var identity = (ObjectClass)NamedObjects.Base.Classes.Zetbox.App.Base.Identity.Find(rel.Context);
foreach (var dep in list)
{
Log.DebugFormat(" Additional update Table: {0}", dep.TableName);
foreach (var ac in dep.AccessControlList.OfType<RoleMembership>())
{
if (ac.Relations.Contains(rel))
{
var rt = new RightsTrigger()
{
TblName = dep.GetTableRef(db),
TblNameRights = db.GetTableName(dep.Module.SchemaName, Construct.SecurityRulesTableName(dep)),
ViewUnmaterializedName = db.GetTableName(dep.Module.SchemaName, Construct.SecurityRulesRightsViewUnmaterializedName(dep)),
};
try
{
// Ignore last join - our n:m end has two (in & out), but we only need the incoming one
var objJoinList = SchemaManager.CreateJoinList(db, dep, ac.Relations.TakeWhileInclusive(r => r != rel));
rt.ObjectRelations.AddRange(objJoinList.Take(objJoinList.Count - 1));
// Ignore last join - our n:m end has two (in & out), but we only need the incoming one
var idJoinList = SchemaManager.CreateJoinList(db, identity, ac.Relations.Reverse().TakeWhileInclusive(r => r != rel));
rt.IdentityRelations.AddRange(idJoinList.Take(idJoinList.Count - 1));
}
catch (Zetbox.Server.SchemaManagement.SchemaManager.JoinListException ex)
{
Log.Warn("Unable to create UpdateRightsTrigger on " + rel, ex);
return;
}
tblList.Add(rt);
}
}
}
db.CreateUpdateRightsTrigger(updateRightsTriggerName, tblName, tblList, new List<string>() { Construct.ForeignKeyColumnName(rel.A), Construct.ForeignKeyColumnName(rel.B) });
}
public void DoCreateOrReplaceUpdateRightsTrigger(ObjectClass objClass)
{
var tblName = objClass.GetTableRef(db);
var updateRightsTriggerName = new TriggerRef(tblName, Construct.SecurityRulesUpdateRightsTriggerName(objClass));
if (db.CheckTriggerExists(updateRightsTriggerName))
db.DropTrigger(updateRightsTriggerName);
var tblList = new List<RightsTrigger>();
tblList.Add(new RightsTrigger()
{
TblName = objClass.GetTableRef(db),
TblNameRights = db.GetTableName(objClass.Module.SchemaName, Construct.SecurityRulesTableName(objClass)),
ViewUnmaterializedName = db.GetTableName(objClass.Module.SchemaName, Construct.SecurityRulesRightsViewUnmaterializedName(objClass))
});
// Get all ObjectClasses that depends on current object class
var list = schema.GetQuery<ObjectClass>()
.Where(o => o.AccessControlList.OfType<RoleMembership>()
.Where(rm => rm.Relations
.Where(r => r.A.Type == objClass || r.B.Type == objClass).Count() > 0).Count() > 0)
.Distinct().ToList().Where(o => o.NeedsRightsTable() && o != objClass);
var identity = (ObjectClass)NamedObjects.Base.Classes.Zetbox.App.Base.Identity.Find(objClass.Context);
foreach (var dep in list)
{
Log.DebugFormat(" Additional update Table: {0}", dep.TableName);
foreach (var ac in dep.AccessControlList.OfType<RoleMembership>())
{
var rel = ac.Relations.FirstOrDefault(r => r.A.Type == objClass || r.B.Type == objClass);
if (rel != null)
{
var rt = new RightsTrigger()
{
TblName = dep.GetTableRef(db),
TblNameRights = db.GetTableName(dep.Module.SchemaName, Construct.SecurityRulesTableName(dep)),
ViewUnmaterializedName = db.GetTableName(dep.Module.SchemaName, Construct.SecurityRulesRightsViewUnmaterializedName(dep)),
};
try
{
rt.ObjectRelations.AddRange(SchemaManager.CreateJoinList(db, dep, ac.Relations.TakeWhileInclusive(r => r != rel)));
rt.IdentityRelations.AddRange(SchemaManager.CreateJoinList(db, identity, ac.Relations.Reverse().TakeWhile(r => r != rel)));
}
catch (Zetbox.Server.SchemaManagement.SchemaManager.JoinListException ex)
{
Log.Warn("Unable to create UpdateRightsTrigger on " + objClass, ex);
return;
}
tblList.Add(rt);
}
}
}
// do not check fk_ChangedBy since it always changes, even when only recalculations were done.
// ACLs MUST never use ChangedBy information
var fkCols = objClass.GetRelationEndsWithLocalStorage()
.Where(r => !(r.Type.ImplementsIChangedBy() && r.Navigator != null && r.Navigator.Name == "ChangedBy"))
.Select(r => Construct.ForeignKeyColumnName(r.GetParent().GetOtherEnd(r)))
.ToList();
db.CreateUpdateRightsTrigger(updateRightsTriggerName, tblName, tblList, fkCols);
}
