simon/adl
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

Sorting inherited permissions for tables

Browse source
This commit is contained in:
sb 2008-02-08 13:48:54 +00:00
parent 7ad288dd1f
commit 060c133588
2 changed files with 286 additions and 145 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

140
transforms01/adl2canonical.xslt
View file

@ -14,10 +14,14 @@
(ii) every form, page or list has properties='listed'; where the supplied
ADL had properties='all' or properties='user-distinct' the correct fields
are generated.
(iii) TODO: all permissions are fully specified down to field level, by
inheriting where necessary. For every group specified in the ADL, for
every entity, form, page, list or field, the canonical form should
explicitly state the permission, even if it is 'none'.
$Author: sb $
$Revision: 1.5 $
$Date: 2008-02-07 17:45:32 $
$Revision: 1.6 $
$Date: 2008-02-08 13:48:54 $
-->
<xsl:stylesheet version="1.0"
@ -47,7 +51,7 @@
* THIS FILE IS AUTOMATICALLY GENERATED AND SHOULD NOT
* BE MANUALLY EDITED.
*
* Generated using adl2canonical.xsl revision <xsl:value-of select="substring('$Revision: 1.5 $', 12)"/>
* Generated using adl2canonical.xsl revision <xsl:value-of select="substring('$Revision: 1.6 $', 12)"/>
*
***************************************************************************
</xsl:comment>
@ -81,11 +85,21 @@
<xsl:apply-templates select="adl:key/adl:property"/>
</key>
<xsl:apply-templates select="adl:property[not(@name=$nkey)] | adl:one-to-many | adl:many-to-many | adl:many-to-one"/>
<xsl:apply-templates select="adl:permission"/>
<xsl:variable name="entity" select="."/>
<xsl:for-each select="//adl:group">
<xsl:call-template name="entity-group-permission">
<xsl:with-param name="entity" select="$entity"/>
<xsl:with-param name="group" select="."/>
<xsl:with-param name="descendantname" select="@name"/>
</xsl:call-template>
</xsl:for-each>
<xsl:apply-templates select="adl:form | adl:page | adl:list"/>
</entity>
</xsl:template>
<!-- an entity which has no explicit key: auto-generate one -->
<xsl:template match="adl:entity">
<xsl:comment>
@ -140,7 +154,16 @@
</property>
</key>
<xsl:apply-templates select="adl:property | adl:one-to-many | adl:many-to-many | adl:many-to-one"/>
<xsl:apply-templates select="adl:permission"/>
<xsl:variable name="entity" select="."/>
<xsl:for-each select="//adl:group">
<xsl:call-template name="entity-group-permission">
<xsl:with-param name="entity" select="$entity"/>
<xsl:with-param name="group" select="."/>
<xsl:with-param name="descendantname" select="@name"/>
</xsl:call-template>
</xsl:for-each>
<xsl:apply-templates select="adl:form | adl:page | adl:list"/>
</entity>
</xsl:template>
@ -245,35 +268,6 @@
</list>
</xsl:template>
<!-- unroll all the explicit properties in the ancestor entity of
the context (assumed to be form, page or list) into a list of fields -->
<xsl:template name="unroll-properties">
<xsl:for-each select="ancestor::adl:entity/descendant::adl:property |
ancestor::adl:entity/descendant::adl:one-to-many |
ancestor::adl:entity/descendant::adl:many-to-many |
ancestor::adl:entity/descendant::adl:many-to-one">
<field>
<xsl:attribute name="property">
<xsl:value-of select="@name"/>
</xsl:attribute>
</field>
</xsl:for-each>
</xsl:template>
<!-- unroll all the user-distinct properties in the ancestor entity of
the context (assumed to be form, page or list) into a list of fields.
NOTE that n-to-n properties cannot currently be user-distinct and are
therefore not inspected -->
<xsl:template name="unroll-user-distinct">
<xsl:for-each select="ancestor::adl:entity/descendant::adl:property[@distinct='user']">
<field>
<xsl:attribute name="property">
<xsl:value-of select="@name"/>
</xsl:attribute>
</field>
</xsl:for-each>
</xsl:template>
<xsl:template match="adl:typedef[ @type = 'string' and not( @size)]">
<xsl:message terminate="yes">
ADL ERROR: Type definitions of type 'string' must have a valid value for 'size'
@ -311,4 +305,82 @@
</xsl:copy>
</xsl:template>
<!-- generate a permission element for this group and this entity -->
<xsl:template name="entity-group-permission">
<xsl:param name="entity"/>
<xsl:param name="group"/>
<xsl:param name="descendantname"/>
<xsl:choose>
<xsl:when test="$entity/adl:permission[@group=$group/@name]">
<!-- there's an explicit permission for this group -->
<permission>
<xsl:attribute name="group">
<xsl:value-of select="$descendantname"/>
</xsl:attribute>
<xsl:attribute name="permission">
<xsl:value-of select="$entity/adl:permission[@group=$group/@name]/@permission"/>
</xsl:attribute>
</permission>
</xsl:when>
<xsl:when test="$group/@parent">
<xsl:choose>
<xsl:when test="$group/@parent = $group/@name">
<xsl:message terminate="yes">
ADL: ERROR: A group may not be its own parent; offending group <xsl:value-of select="$group/@name"/>
</xsl:message>
</xsl:when>
<xsl:when test="//adl:group[@name=$group/@parent]">
<xsl:call-template name="entity-group-permission">
<xsl:with-param name="entity" select="$entity"/>
<xsl:with-param name="group" select="//adl:group[@name=$group/@parent]"/>
<xsl:with-param name="descendantname" select="$descendantname"/>
</xsl:call-template>
</xsl:when>
<xsl:otherwise>
<xsl:message terminate="yes">
ADL: ERROR: Group specified (<xsl:value-of select="$group/@parent"/> does not exist.
</xsl:message>
</xsl:otherwise>
</xsl:choose>
</xsl:when>
<xsl:otherwise>
<permission permission="none">
<xsl:attribute name="group">
<xsl:value-of select="$descendantname"/>
</xsl:attribute>
</permission>
</xsl:otherwise>
</xsl:choose>
</xsl:template>
<!-- unroll all the explicit properties in the ancestor entity of
the context (assumed to be form, page or list) into a list of fields -->
<xsl:template name="unroll-properties">
<xsl:for-each select="ancestor::adl:entity/descendant::adl:property |
ancestor::adl:entity/descendant::adl:one-to-many |
ancestor::adl:entity/descendant::adl:many-to-many |
ancestor::adl:entity/descendant::adl:many-to-one">
<field>
<xsl:attribute name="property">
<xsl:value-of select="@name"/>
</xsl:attribute>
</field>
</xsl:for-each>
</xsl:template>
<!-- unroll all the user-distinct properties in the ancestor entity of
the context (assumed to be form, page or list) into a list of fields.
NOTE that n-to-n properties cannot currently be user-distinct and are
therefore not inspected -->
<xsl:template name="unroll-user-distinct">
<xsl:for-each select="ancestor::adl:entity/descendant::adl:property[@distinct='user']">
<field>
<xsl:attribute name="property">
<xsl:value-of select="@name"/>
</xsl:attribute>
</field>
</xsl:for-each>
</xsl:template>
</xsl:stylesheet>

209
transforms01/adl2mssql.xslt
View file

@ -12,7 +12,7 @@
Convert ADL to MS-SQL
$Author: sb $
$Revision: 1.5 $
$Revision: 1.6 $
-->
<xsl:output indent="no" encoding="UTF-8" method="text"/>
@ -31,7 +31,7 @@
-------------------------------------------------------------------------------------------------
--
-- Database for application <xsl:value-of select="@name"/> version <xsl:value-of select="@version"/>
-- Generated for MS-SQL 2000+ using adl2mssql.xsl $Revision: 1.5 $
-- Generated for MS-SQL 2000+ using adl2mssql.xsl $Revision: 1.6 $
--
-- Code generator (c) 2007 Cygnet Solutions Ltd
--
@ -55,13 +55,68 @@
-------------------------------------------------------------------------------------------------
-- primary referential integrity constraints
-------------------------------------------------------------------------------------------------
<xsl:for-each select="adl:entity[ not(@foreign='true')]">
<xsl:apply-templates select="adl:entity" mode="refinteg"/>
-------------------------------------------------------------------------------------------------
-- end of file
-------------------------------------------------------------------------------------------------
</xsl:template>
<xsl:template match="adl:group">
execute sp_addrole @rolename = '<xsl:value-of select="@name"/>'
GO
</xsl:template>
<!-- return the table name for the entity with this entity name -->
<xsl:template name="tablename">
<xsl:param name="entityname"/>
<xsl:choose>
<xsl:when test="//adl:entity[@name=$entityname]/@table">
<xsl:value-of select="//adl:entity[@name=$entityname]/@table"/>
</xsl:when>
<xsl:otherwise>
<xsl:value-of select="$entityname"/>
</xsl:otherwise>
</xsl:choose>
</xsl:template>
<!-- generate a foreign key referential integrity check -->
<xsl:template name="foreignkey">
<xsl:param name="nearside"/>
<xsl:param name="farside"/>
<xsl:param name="keyfield"/>
<xsl:param name="ondelete" select="'NO ACTION'"/>
<xsl:variable name="neartable">
<xsl:call-template name="tablename">
<xsl:with-param name="entityname" select="$nearside"/>
</xsl:call-template>
</xsl:variable>
<xsl:variable name="fartable">
<xsl:call-template name="tablename">
<xsl:with-param name="entityname" select="$farside"/>
</xsl:call-template>
</xsl:variable>
<!-- set up referential integrity constraints for primary tables -->
ALTER TABLE "<xsl:value-of select="$neartable"/>"
ADD FOREIGN KEY ( "<xsl:value-of select="$keyfield"/>")
REFERENCES "<xsl:value-of select="$fartable"/>" ON DELETE <xsl:value-of select="$ondelete"/>
GO
</xsl:template>
<!-- generate referential integrity constraints -->
<xsl:template match="adl:entity" mode="refinteg">
<xsl:variable name="nearside" select="@name"/>
<xsl:for-each select="property[@type='entity']">
<xsl:for-each select="descendant::adl:property[@type='entity']">
<xsl:variable name="farside" select="@entity"/>
<xsl:variable name="keyfield" select="@name"/>
<xsl:choose>
<xsl:when test="//adl:entity[@name=$farside]/adl:property[@farkey=$keyfield and @entity=$nearside]">
<xsl:when test="//adl:entity[@name=$farside]//adl:property[@farkey=$keyfield and @entity=$nearside]">
<!-- there's a 'list' property pointing the other way; let it do the heavy hauling -->
</xsl:when>
<xsl:otherwise>
@ -73,7 +128,7 @@
</xsl:otherwise>
</xsl:choose>
</xsl:for-each>
<xsl:for-each select="adl:property[@type='list']">
<xsl:for-each select="descendant::adl:property[@type='list']">
<xsl:variable name="farkey">
<xsl:choose>
<xsl:when test="@farkey">
@ -98,46 +153,17 @@
</xsl:with-param>
</xsl:call-template>
</xsl:for-each>
</xsl:for-each>
-------------------------------------------------------------------------------------------------
-- end of file
-------------------------------------------------------------------------------------------------
</xsl:template>
<xsl:template match="adl:group">
execute sp_addrole @rolename = '<xsl:value-of select="@name"/>'
GO
</xsl:template>
<!-- generate a foreign key referential integrity check -->
<xsl:template name="foreignkey">
<xsl:param name="nearside"/>
<xsl:param name="farside"/>
<xsl:param name="keyfield"/>
<xsl:param name="ondelete" select="'NO ACTION'"/>
<!-- set up referential integrity constraints for primary tables -->
ALTER TABLE "<xsl:value-of select="$nearside"/>"
ADD FOREIGN KEY ( "<xsl:value-of select="$keyfield"/>")
REFERENCES "<xsl:value-of select="$farside"/>" ON DELETE <xsl:value-of select="$ondelete"/>
GO
</xsl:template>
<!-- don't generate foreign tables - although we will generate ref integ constraints for them -->
<xsl:template match="adl:entity[@foreign='true']" mode="table"/>
<xsl:template match="adl:entity" mode="table">
<xsl:variable name="table">
<xsl:choose>
<xsl:when test="@table">
<xsl:value-of select="@table"/>
</xsl:when>
<xsl:otherwise>
<xsl:value-of select="@name"/>
</xsl:otherwise>
</xsl:choose>
<xsl:call-template name="tablename">
<xsl:with-param name="entityname" select="@name"/>
</xsl:call-template>
</xsl:variable>
-------------------------------------------------------------------------------------------------
@ -146,7 +172,8 @@
CREATE TABLE "<xsl:value-of select="$table"/>"
(
<xsl:for-each select="descendant::adl:property[@type!='link' and @type != 'list']">
<xsl:apply-templates select="."/><xsl:if test="position() != last()">,</xsl:if>
<xsl:apply-templates select="."/>
<xsl:if test="position() != last()">,</xsl:if>
</xsl:for-each>
<xsl:apply-templates select="adl:key"/>
)
@ -156,7 +183,7 @@
---- permissions ------------------------------------------------------------------------------
<xsl:for-each select="adl:permission">
<xsl:call-template name="permission">
<xsl:with-param name="table" select="$table"/>
<xsl:with-param name="entity" select="ancestor::adl:entity"/>
</xsl:call-template>
</xsl:for-each>
@ -198,17 +225,22 @@
<!-- fix up linking tables. Donoe after all primary tables have been created,
because otherwise some links may fail -->
<xsl:template match="adl:entity" mode="links">
<xsl:variable name="table" select="@name"/>
<xsl:variable name="entityname" select="@name"/>
<xsl:for-each select="adl:property[@type='link']">
<xsl:call-template name="linktable">
<xsl:with-param name="nearside" select="$table"/>
<xsl:with-param name="nearside" select="$entityname"/>
</xsl:call-template>
</xsl:for-each>
</xsl:template>
<xsl:template name="permission">
<xsl:param name="table"/>
<xsl:param name="entity"/>
<!-- decode the permissions for a table -->
<xsl:variable name="table">
<xsl:call-template name="tablename">
<xsl:with-param name="entityname" select="$entity/@name"/>
</xsl:call-template>
</xsl:variable>
<xsl:choose>
<xsl:when test="@permission='read'">
GRANT SELECT ON "<xsl:value-of
@ -252,7 +284,8 @@
</xsl:text>
</xsl:template>
<!-- expects to be called in the context of an entity; probably should make this explicit.
TODO: refactor. -->
<xsl:template name="linktable">
<xsl:param name="nearside"/>
<!-- This is tricky. For any many-to-many relationship between two
@ -274,15 +307,8 @@
<xsl:with-param name="node2" select="@entity"/>
</xsl:call-template>
</xsl:variable>
<xsl:variable name="farentity" select="/application/entity[@name=$farside]"/>
<xsl:variable name="farentity" select="//adl:entity[@name=$farside]"/>
<!-- Problems with responsibility for generating link tables:
@entity = <xsl:value-of select="@entity"/>
$nearside = <xsl:value-of select="$nearside"/>
$farside = <xsl:value-of select="$farside"/>
$farentity = <xsl:value-of select="count( $farentity/property)"/>
farlink = <xsl:value-of select="$farentity/property[@type='link' and @entity=$nearside]/@name"/>
comparison = '<xsl:value-of select="$comparison"/>' -->
<xsl:variable name="myresponsibility">
<xsl:choose>
@ -298,14 +324,22 @@
<xsl:when test="$comparison = 1">
<xsl:choose>
<!-- the far side is doing it... -->
<xsl:when test="$farentity/property[@type='link' and @entity=$nearside]">false</xsl:when>
<xsl:when test="$farentity/adl:property[@type='link' and @entity=$nearside]">false</xsl:when>
<xsl:otherwise>true</xsl:otherwise>
</xsl:choose>
</xsl:when>
<xsl:otherwise>false</xsl:otherwise>
</xsl:choose>
</xsl:variable>
<xsl:variable name="tablename">
<!-- Problems with responsibility for generating link tables: -->
-- Problems with responsibility for generating link tables:
-- @entity = <xsl:value-of select="@entity"/>
-- $nearside = <xsl:value-of select="$nearside"/>
-- $farside = <xsl:value-of select="$farside"/>
-- farlink = <xsl:value-of select="$farentity/adl:property[@type='link' and @entity=$nearside]/@name"/>
-- comparison = '<xsl:value-of select="$comparison"/>'
-- my responsibility = <xsl:value-of select="$myresponsibility"/>
<xsl:variable name="linktablename">
<xsl:choose>
<xsl:when test="$comparison =-1">
<xsl:value-of select="concat( 'LN_', $nearside, '_', @entity)"/>
@ -322,7 +356,7 @@
-------------------------------------------------------------------------------------------------
-- link table joining <xsl:value-of select="$nearside"/> with <xsl:value-of select="@entity"/>
-------------------------------------------------------------------------------------------------
CREATE TABLE "<xsl:value-of select="$tablename"/>"
CREATE TABLE "<xsl:value-of select="$linktablename"/>"
(
"<xsl:value-of select="$nearside"/>Id" INT NOT NULL,
"<xsl:value-of select="$farside"/>Id" INT NOT NULL,
@ -333,40 +367,75 @@
</xsl:text>
---- permissions ------------------------------------------------------------------------------
<xsl:for-each select="../permission">
<xsl:call-template name="permission">
<xsl:with-param name="table" select="$tablename"/>
</xsl:call-template>
<!-- only two levels of permission really matter for a link table. If you can read both of the
parent tables, then you can read the link table. If you can edit either of the parent tables,
then you need full CRUD permissions on the link table. -->
<xsl:for-each select="//adl:group">
<xsl:variable name="groupname" select="@name"/>
<xsl:choose>
<xsl:when test="//adl:entity[@name=$nearside]/adl:permission[@group=$groupname and @permission='all']">
GRANT SELECT,INSERT,UPDATE,DELETE ON <xsl:value-of select="$linktablename"/> TO <xsl:value-of select="$groupname"/>
</xsl:when>
<xsl:when test="//adl:entity[@name=$nearside]/adl:permission[@group=$groupname and @permission='edit']">
GRANT SELECT,INSERT,UPDATE,DELETE ON <xsl:value-of select="$linktablename"/> TO <xsl:value-of select="$groupname"/>
</xsl:when>
<xsl:when test="//adl:entity[@name=$farside]/adl:permission[@group=$groupname and @permission='all']">
GRANT SELECT,INSERT,UPDATE,DELETE ON <xsl:value-of select="$linktablename"/> TO <xsl:value-of select="$groupname"/>
</xsl:when>
<xsl:when test="//adl:entity[@name=$farside]/adl:permission[@group=$groupname and @permission='edit']">
GRANT SELECT,INSERT,UPDATE,DELETE ON <xsl:value-of select="$linktablename"/> TO <xsl:value-of select="$groupname"/>
</xsl:when>
<xsl:when test="//adl:entity[@name=$nearside]/adl:permission[@group=$groupname and @permission='none']">
REVOKE ALL ON <xsl:value-of select="$linktablename"/> FROM <xsl:value-of select="$groupname"/>
</xsl:when>
<xsl:when test="//adl:entity[@name=$farside]/adl:permission[@group=$groupname and @permission='none']">
REVOKE ALL ON <xsl:value-of select="$linktablename"/> FROM <xsl:value-of select="$groupname"/>
</xsl:when>
<xsl:otherwise>
GRANT SELECT ON <xsl:value-of select="$linktablename"/> TO <xsl:value-of select="$groupname"/>
</xsl:otherwise>
</xsl:choose>
GO
</xsl:for-each>
<xsl:text>
</xsl:text>
---- referential integrity --------------------------------------------------------------------
<xsl:variable name="neartable">
<xsl:call-template name="tablename">
<xsl:with-param name="entityname" select="$nearside"/>
</xsl:call-template>
</xsl:variable>
<xsl:variable name="fartable">
<xsl:call-template name="tablename">
<xsl:with-param name="entityname" select="$farside"/>
</xsl:call-template>
</xsl:variable>
<xsl:choose>
<xsl:when test="$nearside=@entity">
<xsl:call-template name="foreignkey">
<xsl:with-param name="nearside" select="$tablename"/>
<xsl:with-param name="farside" select="$nearside"/>
<xsl:with-param name="nearside" select="$linktablename"/>
<xsl:with-param name="farside" select="$neartable"/>
<xsl:with-param name="keyfield" select="concat( $nearside, 'Id')"/>
<xsl:with-param name="ondelete" select="'NO ACTION'"/>
</xsl:call-template>
<xsl:call-template name="foreignkey">
<xsl:with-param name="nearside" select="$tablename"/>
<xsl:with-param name="farside" select="$nearside"/>
<xsl:with-param name="nearside" select="$linktablename"/>
<xsl:with-param name="farside" select="$fartable"/>
<xsl:with-param name="keyfield" select="concat( $farside, 'Id')"/>
<xsl:with-param name="ondelete" select="'CASCADE'"/>
</xsl:call-template>
</xsl:when>
<xsl:otherwise>
<xsl:call-template name="foreignkey">
<xsl:with-param name="nearside" select="$tablename"/>
<xsl:with-param name="farside" select="$nearside"/>
<xsl:with-param name="nearside" select="$linktablename"/>
<xsl:with-param name="farside" select="$neartable"/>
<xsl:with-param name="keyfield" select="concat( $nearside, 'Id')"/>
<xsl:with-param name="ondelete" select="'CASCADE'"/>
</xsl:call-template>
<xsl:call-template name="foreignkey">
<xsl:with-param name="nearside" select="$tablename"/>
<xsl:with-param name="farside" select="@entity"/>
<xsl:with-param name="nearside" select="$linktablename"/>
<xsl:with-param name="farside" select="$fartable"/>
<xsl:with-param name="keyfield" select="concat( @entity, 'Id')"/>
<xsl:with-param name="ondelete" select="'CASCADE'"/>
</xsl:call-template>
@ -374,7 +443,7 @@
</xsl:choose>
</xsl:when>
<xsl:otherwise>
-- Suppressing generation of <xsl:value-of select="$tablename"/>, as it is not my responsibility
-- Suppressing generation of <xsl:value-of select="$linktablename"/>, as it is not my responsibility
</xsl:otherwise>
</xsl:choose>
<xsl:if test="myresponsibility='true'">