Versions Compared

Old Version 2

changes.mady.by.user Viktor Gema

Saved on

compared with

New Version 3

changes.mady.by.user Viktor Gema

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

This approach would handle all possible cases where the UI modules have permission sets with permissions from other backend modules, which could be defined in other applications.

Cons

Implementation for option 4

To avoid disappointing users when they see a capability set in the system that doesn't actually work (due to missing capabilities and resources), we need to hide the dummy capability sets from them. Additionally, even if we have some partially created capabilities required for the capability set, I suggest not displaying them to the end user. This can prevent confusion and simplify the implementation.

Currently, each time we create a new CapabilitySet, we always create it from scratch and never update it. We resolve the capability ID by its name, and if we can't find it, we exclude it from the result and log a warning. If we can resolve at least one capability, we create the CapabilitySet in the system, and it appears to the end user.

Code Block
private Optional<UUID> getCapabilityId(Map<String, UUID> existingCapabilityIdsMap, String capabilityName) {
  var value = existingCapabilityIdsMap.get(capabilityName);
  if (value == null) {
    log.warn("Capability id is not found by capability name: {}", capabilityName);
    return Optional.empty();
  }

  return Optional.of(value);
}

So, in this case, instead of creating a partially valid CapabilitySet or not creating it at all, we need to create a dummy CapabilitySet in a separate table with the following structure.

...

Now we have all the necessary information to create the capability set in the future, except for the missing capability IDs that have not yet been created.

Next, we need to extend the logic to create new capabilities. Once a capability is created, we should update the capability ID for all entries that exist in the DummyCapabilityIdMapping.

update DummyCapabilityIdMapping set capabilityid=? where capabilityName=?;

which populates all capability IDs for the particular capability

Next, we need to check if any capabilitySet has all its missing capability IDs populated. If such a capabilitySet exists, we should create a real capabilitySet from the dummy data and then remove it from the dummy table.

SELECT d.capabilitysetid FROM DummyCapabilityIdMapping d GROUP BY d.capabilitysetid
having count(case when d.capabilityid IS NOT NULL then 1 end) = count(*)

The query below returns all dummy capability set IDs that need to be created as real capability sets. All necessary data already exists and can be retrieved from the dummy tables.

Then we need to perform a cascading delete on the dummy capability set table data.

Conclusion

I would choose option 4, as it can be easily implemented for phase one and would cover all possible cases where capabilities may be defined in other applications.

...