From 4deffc9a8ea2a82f6d9cadecb42c9af4d9448d26 Mon Sep 17 00:00:00 2001
From: AlexCatze <samsung5552015.st@gmail.com>
Date: Fri, 18 Nov 2022 20:50:37 +0200
Subject: [PATCH] [REFACTOR] Refactor roles quering

Use 2 queries, first to query names of all user`s roles, second to recursively query all permissions. This also allows roles inheritance. All code from previous realisation, that is not used in this one, was commented, so if this realisation will be accepted, that code can be finaly removed.
---
 .../auth/core/AbstractSQLCoreProvider.java    | 56 ++++++++++++++++---
 1 file changed, 48 insertions(+), 8 deletions(-)

diff --git a/LaunchServer/src/main/java/pro/gravit/launchserver/auth/core/AbstractSQLCoreProvider.java b/LaunchServer/src/main/java/pro/gravit/launchserver/auth/core/AbstractSQLCoreProvider.java
index cd5defdd..767a3fc5 100644
--- a/LaunchServer/src/main/java/pro/gravit/launchserver/auth/core/AbstractSQLCoreProvider.java
+++ b/LaunchServer/src/main/java/pro/gravit/launchserver/auth/core/AbstractSQLCoreProvider.java
@@ -51,8 +51,9 @@ public abstract class AbstractSQLCoreProvider extends AuthCoreProvider {
     public String customQueryByUsernameSQL;
     public String customQueryByLoginSQL;
     public String customQueryPermissionsByUUIDSQL;
-    public String customQueryRoleByUUIDSQL;
-    public String customQueryRoleByNameSQL;
+    //public String customQueryRoleByUUIDSQL;
+    //public String customQueryRoleByNameSQL;
+    public String customQueryRolesByUserUUID;
     public String customUpdateAuthSQL;
     public String customUpdateServerIdSQL;
     // Prepared SQL queries
@@ -60,8 +61,10 @@ public abstract class AbstractSQLCoreProvider extends AuthCoreProvider {
     public transient String queryByUsernameSQL;
     public transient String queryByLoginSQL;
     public transient String queryPermissionsByUUIDSQL;
-    public transient String queryRoleByUUIDSQL;
-    public transient String queryRoleByNameSQL;
+    //public transient String queryRoleByUUIDSQL;
+    //public transient String queryRoleByNameSQL;
+    public transient String queryRolesByUserUUID;
+
     public transient String updateAuthSQL;
     public transient String updateServerIDSQL;
 
@@ -176,16 +179,30 @@ public void init(LaunchServer server) {
         queryByUsernameSQL = customQueryByUsernameSQL != null ? customQueryByUsernameSQL : String.format("SELECT %s FROM %s WHERE %s=? LIMIT 1",
                 userInfoCols, table, usernameColumn);
         queryByLoginSQL = customQueryByLoginSQL != null ? customQueryByLoginSQL : queryByUsernameSQL;
-
+/*
         queryPermissionsByUUIDSQL = customQueryPermissionsByUUIDSQL != null ? customQueryPermissionsByUUIDSQL : String.format("SELECT (%s) FROM %s WHERE %s=?",
                 permissionsPermissionColumn, permissionsTable, permissionsUUIDColumn);
+*/
 
+        queryPermissionsByUUIDSQL = customQueryPermissionsByUUIDSQL != null ? customQueryPermissionsByUUIDSQL :
+                "WITH RECURSIVE req AS (\n" +
+                "SELECT p."+permissionsPermissionColumn+" FROM "+permissionsTable+" p WHERE p."+permissionsUUIDColumn+" = ?\n" +
+                "UNION ALL\n" +
+                "SELECT p."+permissionsPermissionColumn+" FROM "+permissionsTable+" p\n" +
+                "INNER JOIN "+rolesTable+" r ON p."+permissionsUUIDColumn+" = r."+rolesUUIDColumn+"\n" +
+                "INNER JOIN req ON r."+rolesUUIDColumn+"=substring(req.permission from 6) or r.name=substring(req.permission from 6)\n" +
+                ") SELECT * FROM req";
+
+        queryRolesByUserUUID = customQueryRolesByUserUUID != null ? customQueryRolesByUserUUID : String.format("SELECT r.%s FROM %s r\n" +
+                "INNER JOIN %s pr ON r.%s=substring(pr.%s from 6) or r.%s=substring(pr.%s from 6)\n" +
+                "WHERE pr.%s = ?",rolesNameColumn,rolesTable,permissionsTable,rolesUUIDColumn,permissionsPermissionColumn,rolesNameColumn,permissionsPermissionColumn,permissionsUUIDColumn);
+/*
         queryRoleByUUIDSQL = customQueryRoleByUUIDSQL != null ? customQueryRoleByUUIDSQL : String.format("SELECT %s, %s FROM %s WHERE %s=? LIMIT 1",
                 rolesUUIDColumn, rolesNameColumn,rolesTable,rolesUUIDColumn);
 
         queryRoleByNameSQL = customQueryRoleByNameSQL != null ? customQueryRoleByNameSQL : String.format("SELECT %s, %s FROM %s WHERE %s=? LIMIT 1",
                 rolesUUIDColumn, rolesNameColumn,rolesTable,rolesNameColumn);
-
+*/
         updateAuthSQL = customUpdateAuthSQL != null ? customUpdateAuthSQL : String.format("UPDATE %s SET %s=?, %s=NULL WHERE %s=?",
                 table, accessTokenColumn, serverIDColumn, uuidColumn);
         updateServerIDSQL = customUpdateServerIdSQL != null ? customUpdateServerIdSQL : String.format("UPDATE %s SET %s=? WHERE %s=?",
@@ -228,9 +245,15 @@ public void close() throws IOException {
 
     private SQLUser constructUser(ResultSet set) throws SQLException {
         return set.next() ? new SQLUser(UUID.fromString(set.getString(uuidColumn)), set.getString(usernameColumn),
+                //set.getString(accessTokenColumn), set.getString(serverIDColumn), set.getString(passwordColumn), requestPermissions(set.getString(uuidColumn))) : null;
                 set.getString(accessTokenColumn), set.getString(serverIDColumn), set.getString(passwordColumn), requestPermissions(set.getString(uuidColumn))) : null;
     }
 
+    public ClientPermissions requestPermissions (String uuid)  throws SQLException
+    {
+        return new ClientPermissions(queryRolesNames(queryRolesByUserUUID,uuid),queryPermissions(queryPermissionsByUUIDSQL,uuid));
+    }
+    /*
     public ClientPermissions requestPermissions (String uuid)  throws SQLException
     {
         try{
@@ -263,7 +286,7 @@ private boolean processRole(SQLRole role, ClientPermissions perms) throws SQLExc
             perms.addPerm(perm);
         return true;
     }
-
+*/
     private SQLUser queryUser(String sql, String value) throws SQLException {
         try (Connection c = getSQLConfig().getConnection()) {
             PreparedStatement s = c.prepareStatement(sql);
@@ -292,6 +315,23 @@ private List<String> queryPermissions(String sql, String value) throws SQLExcept
         }
     }
 
+    private List<String> queryRolesNames(String sql, String value) throws SQLException {
+        try (Connection c = getSQLConfig().getConnection()) {
+            PreparedStatement s = c.prepareStatement(sql);
+            s.setString(1, value);
+            s.setQueryTimeout(MySQLSourceConfig.TIMEOUT);
+            ResultSet set = s.executeQuery();
+            List<String> perms = new ArrayList<>();
+            while (set.next())
+                perms.add(set.getString(rolesNameColumn));
+            return perms;
+        } catch (SQLException e) {
+            throw new SQLException(e);
+        }
+    }
+
+
+/*
     private SQLRole queryRole(String sql, String value) throws SQLException {
         try (Connection c = getSQLConfig().getConnection()) {
             PreparedStatement s = c.prepareStatement(sql);
@@ -315,7 +355,7 @@ private class SQLRole
             this.name = name;
             this.uuid = uuid;
         }
-    }
+    }*/
 
     public static class SQLUser implements User {
         protected UUID uuid;