Skip to end of banner
Go to start of banner

Link management between Capabilities/CapabilitySets and Users/Roles

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

Link management between Capabilities and Roles

role-capability-assigment-20241014-113434.png

 Role-Capability assigment PlantUML
@startuml

!theme mono
!pragma useVerticalIf on
skinparam conditionStyle inside
skinparam defaultTextAlignment center
skinparam defaultFontSize 12

<style>
activityDiagram {
  activity {
    MaximumWidth 600
    backgroundColor #f0f0f0
    LineColor DimGrey
  }

  diamond {
    HorizontalAlignment center
  }

  group {
    LineColor LightGrey
    FontSize 10
  }
}
</style>

group RoleCapabilityServiceImpl {
  :get role by id;<<input>>
  :get ""roleCapabilities"" by ""roleId"";<<task>>
  :extract existing ""capabilityIds"" from ""roleCapabilities"";<<task>>
  if (not ""safeCreate"" AND ""capabilityIds"" not empty)) then (yes)
    :throw EntityExistsException;<<output>>
    end
  else (no)
    :store difference between new and existing "capabilityIds" sets;<<input>>
  end if

  group assignCapabilities {
    :store assigned capabilities through capability sets as ""assignedCapabilityIds"";<<input>>

    :store union of ""assignedCapabilityIds"" and ""assignedIds"" as ""assignedCapabilityIds"";<<task>>

    group #LightSteelBlue CapabilityEndpointService.getByCapabilityIds {
      :get difference with ""newCapabilityIds"" and """assignedIds"" as ""changedIdentifiers"";<<input>>

      :get changed capability endpoints by querying capabilities by ""changedIdentifiers""
      and extracting distinct list of assigned endpoints and store it as ""changedCapabilityEndpoints"";<<task>>

      :get assigned capability endpoints by querying capabilities by ""assignedIds""
      and extracting distinct list of assigned endpoints and store it as ""assignedCapabilityEndpoints"";<<task>>

      :return subtraction ""assignedCapabilityEndpoints"" from ""changedCapabilityEndpoints"";<<output>>
    }

    :rolePermissionsService.createPermissions for ""roleId"" and ""endpoints"";<<task>>

    group #LightSteelBlue CapabilityEndpointService.getByCapabilityIds {
      if (""endpoints"" are empty) then (yes)
        :do nothing;<<output>>
      else (no)
        :get role by ""roleId"";<<input>>
        :generate policy name for ""role"";<<input>>
        :getOrCreate policy by name;<<task>>
        :create permissions in Keycloak with role policy, list of endpoint and using permissionNameGenerator

        //Permission name template:// ""{{httpMethod}} access for role '{{roleId}}' to '{{path}}'"";
      end if
    }

    :generate RoleCapabilityEntity for ""newIds"" and store them as ""entities"";<<task>>
    :upsert entities to table ""role_capability"" in database;<<output>>
    :convert ""RoleCapabilityEntity"" to ""RoleCapability"" and return them as ""PageResult"";<<output>>
  }
}

@enduml

Link management between Capabilities and Users

Link management between Capability sets and Roles

Link management between Capability sets and Users

  • No labels