This is an automated email from the git hooks/post-receive script. New commit to branch feature/7549 in repository observe. See http://git.codelutin.com/observe.git commit 65ebe2efa2a82dd0e337ec38cf82ce9fb628deb5 Author: Sylvain Bavencoff <bavencoff@codelutin.com> Date: Tue Sep 29 10:59:00 2015 +0200 ajout des méthodes de service pour gérer la securité des bases PG (refs #7549) --- .../controller/v1/DataSourceServiceController.java | 14 + .../services/service/DataSourceService.java | 20 ++ .../fr/ird/observe/services/ObserveJdbcHelper.java | 151 ++++++++++ .../observe/services/ObserveSecurityHelper.java | 303 +++++++++++++++++++++ .../services/service/DataSourceServiceTopia.java | 66 ++++- 5 files changed, 547 insertions(+), 7 deletions(-) diff --git a/observe-application-web/src/main/java/fr/ird/observe/application/web/controller/v1/DataSourceServiceController.java b/observe-application-web/src/main/java/fr/ird/observe/application/web/controller/v1/DataSourceServiceController.java index 025bb3c..6e713c8 100644 --- a/observe-application-web/src/main/java/fr/ird/observe/application/web/controller/v1/DataSourceServiceController.java +++ b/observe-application-web/src/main/java/fr/ird/observe/application/web/controller/v1/DataSourceServiceController.java @@ -34,12 +34,15 @@ import fr.ird.observe.services.configuration.ObserveDataSourceConnectionRest; import fr.ird.observe.services.dto.DataSourceCreateConfigurationDto; import fr.ird.observe.services.dto.DataSourceCreateWithNoReferentialImportException; import fr.ird.observe.services.dto.IncompatibleDataSourceCreateConfigurationException; +import fr.ird.observe.services.dto.UserDto; import fr.ird.observe.services.service.DataSourceService; import fr.ird.observe.services.service.DatabaseConnexionNotAuthorizedException; import fr.ird.observe.services.service.DatabaseNotFoundException; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; +import java.util.Set; + /** * Created on 30/08/15. * @@ -107,6 +110,17 @@ public class DataSourceServiceController extends ObserveServiceControllerSupport getAuthenticatedService().destroy(); } + @Override + public Set<UserDto> getUsers() { + return getAuthenticatedService().getUsers(); + } + + @Override + public void applySecurity(Set<UserDto> users) { + getAuthenticatedService().applySecurity(users); + + } + protected ObserveDataSourceConfiguration getTopiaDataSourceConfiguration(ObserveDataSourceConfiguration dataSourceConfigurationFromRequest) { Preconditions.checkArgument(dataSourceConfigurationFromRequest instanceof ObserveDataSourceConfigurationRest); diff --git a/observe-services-api/src/main/java/fr/ird/observe/services/service/DataSourceService.java b/observe-services-api/src/main/java/fr/ird/observe/services/service/DataSourceService.java index 5e23948..f5f1c9e 100644 --- a/observe-services-api/src/main/java/fr/ird/observe/services/service/DataSourceService.java +++ b/observe-services-api/src/main/java/fr/ird/observe/services/service/DataSourceService.java @@ -28,7 +28,15 @@ import fr.ird.observe.services.configuration.ObserveDataSourceConnection; import fr.ird.observe.services.dto.DataSourceCreateConfigurationDto; import fr.ird.observe.services.dto.DataSourceCreateWithNoReferentialImportException; import fr.ird.observe.services.dto.IncompatibleDataSourceCreateConfigurationException; +import fr.ird.observe.services.dto.UserDto; import fr.ird.observe.services.spi.NoDataAccess; +import fr.ird.observe.services.spi.ReadDataPermission; +import fr.ird.observe.services.spi.ReadReferentialPermission; +import fr.ird.observe.services.spi.Write; +import fr.ird.observe.services.spi.WriteDataPermission; +import fr.ird.observe.services.spi.WriteReferentialPermission; + +import java.util.Set; /** * Created on 21/08/15. @@ -50,4 +58,16 @@ public interface DataSourceService extends ObserveService { void destroy(); + @ReadReferentialPermission + @WriteReferentialPermission + @ReadDataPermission + @WriteDataPermission + Set<UserDto> getUsers(); + + @ReadReferentialPermission + @WriteReferentialPermission + @ReadDataPermission + @WriteDataPermission + @Write + void applySecurity(Set<UserDto> users); } diff --git a/observe-services-topia/src/main/java/fr/ird/observe/services/ObserveJdbcHelper.java b/observe-services-topia/src/main/java/fr/ird/observe/services/ObserveJdbcHelper.java index c5197de..d2961b6 100644 --- a/observe-services-topia/src/main/java/fr/ird/observe/services/ObserveJdbcHelper.java +++ b/observe-services-topia/src/main/java/fr/ird/observe/services/ObserveJdbcHelper.java @@ -1,6 +1,10 @@ package fr.ird.observe.services; +import com.google.common.collect.Lists; import com.google.common.collect.Sets; +import fr.ird.observe.services.dto.UserDto; +import fr.ird.observe.services.dto.constants.Role; +import org.apache.commons.lang3.tuple.Pair; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.nuiton.topia.persistence.jdbc.JdbcConfiguration; @@ -13,6 +17,10 @@ import java.sql.DatabaseMetaData; import java.sql.PreparedStatement; import java.sql.ResultSet; import java.sql.SQLException; +import java.util.ArrayList; +import java.util.Collections; +import java.util.LinkedHashSet; +import java.util.List; import java.util.Set; /** @@ -22,6 +30,9 @@ public class ObserveJdbcHelper extends JdbcHelper { private static final Log log = LogFactory.getLog(ObserveJdbcHelper.class); + protected static final Set<String> POSTGIS_TABLES = Sets.newHashSet("geometry_columns", "spatial_ref_sys"); + + public ObserveJdbcHelper(JdbcConfiguration jdbcConfiguration) { super(jdbcConfiguration); } @@ -84,11 +95,151 @@ public class ObserveJdbcHelper extends JdbcHelper { closeQuietly(connection); } + } + + public List<UserDto> getUsers() { + Connection connection = null; + PreparedStatement preparedStatement = null; + List<UserDto> users = Lists.newLinkedList(); + + try { + connection = openConnection(); + // la connexion est reussie, on recherche les droits de + // récupération de la version de la base + preparedStatement = connection.prepareStatement("SELECT rolname FROM pg_catalog.pg_roles where rolname <> current_user;"); + ResultSet resultSet = preparedStatement.executeQuery(); + + while (resultSet.next()) { + String name = resultSet.getString(1); + UserDto user = new UserDto(); + user.setName(name); + user.setRole(Role.UNUSED); + + users.add(user); + } + + return users; + + } catch (SQLException e) { + throw new RuntimeException(e); + } finally { + closeQuietly(preparedStatement); + closeQuietly(connection); + } + } + + public List<Pair<String, String>> getTables(Set<String> schemas, Set<String> extraTables) { + List<Pair<String, String>> result = new ArrayList<Pair<String, String>>(); + + Connection connection = null; + ResultSet tables = null; + + try { + // recuperation des tables sur la base + connection = openConnection(); + DatabaseMetaData data = connection.getMetaData(); + tables = data.getTables(null, + null, + null, + new String[]{"TABLE"} + ); + + int columnCount = tables.getMetaData().getColumnCount(); + + if (log.isDebugEnabled()) { + StringBuilder builder = new StringBuilder(); + builder.append("\nheader"); + for (int i = 1; i <= columnCount; i++) { + String columnName = tables.getMetaData().getColumnName(i); + builder.append("\n [").append(i).append("] :").append(columnName); + } + log.debug(builder.toString()); + log.debug("fetchSize : " + tables.getFetchSize()); + } + while (tables.next()) { + String schemaName = tables.getString(2); + String tableName = tables.getString(3); + if (log.isDebugEnabled()) { + log.debug(String.format("Discover table named %s", tables)); + } + if (!extraTables.contains(tableName)) { + + if (POSTGIS_TABLES.contains(tableName)) { + continue; + } + + if (schemaName == null || !schemas.contains(schemaName.toUpperCase())) { + continue; + } + + } + + if (log.isDebugEnabled()) { + log.debug(String.format("Keep table: %s", tables)); + } + result.add(Pair.of(schemaName, tableName)); + } + + Collections.sort(result); + return result; + } catch (SQLException e) { + throw new RuntimeException(e); + } finally { + closeQuietly(connection); + closeQuietly(tables); + } + } + + public Set<String> getPostgisFunctions(String functionPattern) { + + final Set<String> result = new LinkedHashSet<String>(); + Connection connection = null; + PreparedStatement preparedStatement = null; + + String sql = String.format("SELECT ns.nspname::text || '.' || p.proname::text || '(' || oidvectortypes(p.proargtypes)::text || ')'" + + " FROM pg_proc p INNER JOIN pg_namespace ns ON (p.pronamespace = ns.oid)" + + " WHERE ns.nspname = 'public' AND p.proname ILIKE '%s%%';", functionPattern); + try { + connection = openConnection(); + preparedStatement = connection.prepareStatement(sql); + ResultSet set = preparedStatement.executeQuery(); + + while (set.next()) { + String functionPrototype = set.getString(1); + result.add(functionPrototype); + } + + } catch (SQLException e) { + throw new RuntimeException(e); + } finally { + closeQuietly(connection); + closeQuietly(preparedStatement); + } + return result; + + } + public void loadScript(String scriptContent) { + Connection connection = null; + PreparedStatement preparedStatement = null; + try { + connection = openConnection(); + preparedStatement = connection.prepareStatement(scriptContent); + preparedStatement.executeUpdate(); + connection.commit(); + } catch (SQLException e) { + throw new RuntimeException(e); + } finally { + closeQuietly(connection); + closeQuietly(preparedStatement); + } } + + + } diff --git a/observe-services-topia/src/main/java/fr/ird/observe/services/ObserveSecurityHelper.java b/observe-services-topia/src/main/java/fr/ird/observe/services/ObserveSecurityHelper.java new file mode 100644 index 0000000..10d6b04 --- /dev/null +++ b/observe-services-topia/src/main/java/fr/ird/observe/services/ObserveSecurityHelper.java @@ -0,0 +1,303 @@ +package fr.ird.observe.services; + +import com.google.common.base.Function; +import com.google.common.collect.Iterables; +import com.google.common.collect.Sets; +import fr.ird.observe.entities.Entities; +import fr.ird.observe.services.dto.UserDto; +import fr.ird.observe.services.dto.UserDtos; +import fr.ird.observe.services.dto.constants.Role; +import org.apache.commons.lang3.tuple.Pair; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.nuiton.topia.migration.mappings.TMSVersionHibernateDao; +import org.nuiton.topia.persistence.TopiaEntityEnum; +import org.nuiton.topia.persistence.jdbc.JdbcConfiguration; +import org.nuiton.util.StringUtil; + +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collection; +import java.util.Collections; +import java.util.HashSet; +import java.util.LinkedHashSet; +import java.util.List; +import java.util.Set; + +/** + * @author Sylvain Bavencoff - bavencoff@codelutin.com + */ +public class ObserveSecurityHelper { + + private static final Log log = LogFactory.getLog(ObserveSecurityHelper.class); + + protected static final String DROP_TABLE_PATTERN = "DROP TABLE IF EXISTS %s.%s CASCADE;\n"; + + protected static final String DROP_SCHEMA_PATTERN = "DROP SCHEMA IF EXISTS %s CASCADE;\n"; + + protected static final String REVOKE_ON_TABLE_ALL_PATTERN = "REVOKE ALL ON %s.%s FROM %s CASCADE;\n"; + + protected static final String SET_ON_TABLE_OWNER_PATTERN = "ALTER TABLE %s.%s OWNER TO %s;\n"; + + protected static final String GRANT_ON_TABLE_READ_PATTERN = "GRANT SELECT ON %s.%s TO %s;\n"; + + protected static final String GRANT_ON_TABLE_ALL_PATTERN = "GRANT ALL ON %s.%s TO %s;\n"; + + protected static final String GRANT_ON_FUNCTION_PATTERN = "GRANT EXECUTE ON FUNCTION %s TO %s;\n"; + + protected static final String REVOKE_ON_SCHEMA_ALL_PATTERN = "REVOKE ALL ON SCHEMA %s FROM %s CASCADE;\n"; + + protected static final String REVOKE_ON_FUNCTIONS_PATTERN = "REVOKE EXECUTE ON FUNCTION %s FROM %s CASCADE;\n"; + + protected static final String GRANT_ON_SCHEMA_ALL_PATTERN = "GRANT USAGE ON SCHEMA %s TO %s;\n"; + + protected static final Set<String> EXTRA_TABLES = Sets.newHashSet( + TMSVersionHibernateDao.TABLE_NAME, + TMSVersionHibernateDao.LEGACY_TABLE_NAME); + + protected static final Set<String> FUNCTION_NAMES_PREFIXS = Sets.newHashSet("ST_MakePoint", + "ST_SetSRID", + "sync_", + "tr_sync", + "ot_enhanced_school_type", + "observe_"); + + + protected static final String SCHEMA_PUBLIC = "public"; + + protected static final Set<String> SCHEMAS = Sets.newHashSet(SCHEMA_PUBLIC, + "OBSERVE_COMMON", + "OBSERVE_SEINE", + "OBSERVE_LONGLINE"); + + public static final Function<String, String> ESCAPE_STRING = new Function<String, String>() { + @Override + public String apply(String input) { + return "\"" + input + "\""; + } + }; + + + protected final ObserveJdbcHelper jdbcHelper; + protected final JdbcConfiguration jdbcConfiguration; + + + public ObserveSecurityHelper(JdbcConfiguration jdbcConfiguration) { + this.jdbcConfiguration = jdbcConfiguration; + this.jdbcHelper = new ObserveJdbcHelper(jdbcConfiguration); + } + + public void applySecurity(Set<UserDto> users, boolean showSql) { + if (users == null) { + throw new NullPointerException("users can not be null"); + } + + String script = createSecurityScript(users); + + if (showSql && log.isInfoEnabled()) { + log.info("SQL to execute :\n" + script); + } + + jdbcHelper.loadScript(script); + + } + + protected String createSecurityScript(Set<UserDto> users) { + + List<Pair<String, String>> tables = jdbcHelper.getTables(SCHEMAS, EXTRA_TABLES); + + if (tables.isEmpty()) { + // no tables + return ""; + } + + String administratorName = jdbcConfiguration.getJdbcConnectionUser(); + + Iterable<String> technicalNames = Iterables.transform(Iterables.filter(users, UserDtos.newRolePredicate(Role.TECHNICAL)), UserDtos.getNameFunction()); + Iterable<String> usersNames = Iterables.transform(Iterables.filter(users, UserDtos.newRolePredicate(Role.USER)), UserDtos.getNameFunction()); + Iterable<String> referentialNames = Iterables.transform(Iterables.filter(users, UserDtos.newRolePredicate(Role.REFERENTIAL)), UserDtos.getNameFunction()); + Iterable<String> unusedNames = Iterables.transform(Iterables.filter(users, UserDtos.newRolePredicate(Role.UNUSED)), UserDtos.getNameFunction()); + + + if (log.isInfoEnabled()) { + log.info("Will apply security on " + tables.size() + " table(s)."); + log.info(" - administrateur : " + administratorName); + log.info(" - techniciens : " + technicalNames); + log.info(" - utilisateurs : " + usersNames); + log.info(" - referentiels : " + referentialNames); + } + + List<Pair<String, String>> referentielTables = getReferentielTables(tables); + + getDataTables(tables, referentielTables); + + Set<String> allPostgisFunctions = new LinkedHashSet<String>(); + for (String postgisFunction : FUNCTION_NAMES_PREFIXS) { + Set<String> postgisFunctions = jdbcHelper.getPostgisFunctions(postgisFunction); + allPostgisFunctions.addAll(postgisFunctions); + } + + StringBuilder builder = new StringBuilder(); + + String administratorEscapedName = ESCAPE_STRING.apply(administratorName); + Set<String> technicalEscapedNames = escapedNames(technicalNames); + Set<String> usersEscapedNames = escapedNames(usersNames); + Set<String> referentialEscapedNames = escapedNames(referentialNames); + Set<String> unusedEscapedNames = escapedNames(unusedNames); + + + + // suppression de tous les droits + { + Set<String> privateRoles = new HashSet<String>(); + privateRoles.add("public"); + privateRoles.addAll(referentialEscapedNames); + privateRoles.addAll(usersEscapedNames); + privateRoles.addAll(unusedEscapedNames); + + String roles = StringUtil.join(privateRoles, ",", true); + + addOnTablesForRole(REVOKE_ON_TABLE_ALL_PATTERN, builder, tables, roles); + addOnSchemaForRole(REVOKE_ON_SCHEMA_ALL_PATTERN, builder, SCHEMAS, roles); + addOnFunctionForRole(REVOKE_ON_FUNCTIONS_PATTERN, builder, allPostgisFunctions, roles); + + } + + // ajout propriétaire + addOnTablesForRole(SET_ON_TABLE_OWNER_PATTERN, builder, tables, administratorEscapedName); + addOnSchemaForRole(GRANT_ON_SCHEMA_ALL_PATTERN, builder, SCHEMAS, administratorEscapedName); + addOnSchemaForRole(GRANT_ON_FUNCTION_PATTERN, builder, allPostgisFunctions, administratorEscapedName); + + // ajout administrateurs + if ( ! technicalEscapedNames.isEmpty()) { + String roles = StringUtil.join(technicalEscapedNames, ",", true); + addOnTablesForRole(GRANT_ON_TABLE_ALL_PATTERN, builder, tables, roles); + addOnSchemaForRole(GRANT_ON_SCHEMA_ALL_PATTERN, builder, SCHEMAS, roles); + addOnSchemaForRole(GRANT_ON_FUNCTION_PATTERN, builder, allPostgisFunctions, roles); + } + + // ajout utilisateur + if ( ! usersEscapedNames.isEmpty()) { + String roles = StringUtil.join(usersEscapedNames, ",", true); + addOnTablesForRole(GRANT_ON_TABLE_READ_PATTERN, builder, tables, roles); + addOnSchemaForRole(GRANT_ON_SCHEMA_ALL_PATTERN, builder, SCHEMAS, roles); + addOnSchemaForRole(GRANT_ON_FUNCTION_PATTERN, builder, allPostgisFunctions, roles); + } + + // ajout referentiel + if ( ! referentialEscapedNames.isEmpty()) { + String roles = StringUtil.join(referentialEscapedNames, ",", true); + addOnTablesForRole(GRANT_ON_TABLE_READ_PATTERN, builder, referentielTables, roles); + addOnSchemaForRole(GRANT_ON_SCHEMA_ALL_PATTERN, builder, SCHEMAS, roles); + addOnSchemaForRole(GRANT_ON_FUNCTION_PATTERN, builder, allPostgisFunctions, roles); + } + + String result = builder.toString(); + + if (log.isInfoEnabled()) { + log.info("Security script :\n" + result); + } + return result; + + + } + + protected Set<String> escapedNames(Iterable<String> names) { + Iterable<String> transform = Iterables.transform(names, ESCAPE_STRING); + return Sets.newHashSet(transform); + } + + protected List<Pair<String, String>> getReferentielTables(Iterable<Pair<String, String>> tables) { + Set<TopiaEntityEnum> types = new HashSet<TopiaEntityEnum>(); + types.addAll(Arrays.asList(Entities.REFERENCE_ENTITIES)); + + List<Pair<String, String>> result = getTables(tables, types, EXTRA_TABLES); + if (log.isInfoEnabled()) { + StringBuilder sb = new StringBuilder(); + sb.append("Detected ").append(result.size()).append(" referentiel tables :"); + for (Pair<String, String> s : result) { + sb.append("\n - ").append(s); + } + log.info(sb.toString()); + } + return result; + } + + protected List<Pair<String, String>> getDataTables(Collection<Pair<String, String>> tables, + Collection<Pair<String, String>> referentielTables) { + List<Pair<String, String>> result = new ArrayList<Pair<String, String>>(tables); + result.removeAll(referentielTables); + + if (log.isInfoEnabled()) { + StringBuilder sb = new StringBuilder(); + sb.append("Detected ").append(result.size()).append(" data tables :"); + for (Pair<String, String> s : result) { + sb.append("\n - ").append(s); + } + log.info(sb.toString()); + } + return result; + } + + protected List<Pair<String, String>> getTables(Iterable<Pair<String, String>> tables, + Set<TopiaEntityEnum> types, + Set<String> extraTypes) { + List<Pair<String, String>> result = new ArrayList<Pair<String, String>>(); + for (Pair<String, String> t : tables) { + String table = t.getRight(); + String detectedType = null; + for (TopiaEntityEnum type : types) { + String name = type.dbTableName(); + if (table.equalsIgnoreCase(name) || table.startsWith(name + "_")) { + detectedType = name; + break; + } + } + if (detectedType == null) { + for (String extraType : extraTypes) { + if (table.equalsIgnoreCase(extraType)) { + detectedType = extraType; + break; + } + } + } + if (detectedType != null && !result.contains(t)) { + result.add(t); + } + } + Collections.sort(result); + return result; + } + + protected void addOnTablesForRole(String pattern, + StringBuilder builder, + Iterable<Pair<String, String>> tables, + String role) { + + for (Pair<String, String> t : tables) { + builder.append(String.format(pattern, t.getLeft(), t.getRight(), role)); + } + } + + protected void addOnSchemaForRole(String pattern, + StringBuilder builder, + Set<String> schemas, + String role) { + + for (String t : schemas) { + builder.append(String.format(pattern, t, role)); + } + } + + protected void addOnFunctionForRole(String pattern, + StringBuilder builder, + Set<String> functions, + String role) { + + for (String t : functions) { + builder.append(String.format(pattern, t, role)); + } + } + + +} diff --git a/observe-services-topia/src/main/java/fr/ird/observe/services/service/DataSourceServiceTopia.java b/observe-services-topia/src/main/java/fr/ird/observe/services/service/DataSourceServiceTopia.java index 53d2820..9c5c750 100644 --- a/observe-services-topia/src/main/java/fr/ird/observe/services/service/DataSourceServiceTopia.java +++ b/observe-services-topia/src/main/java/fr/ird/observe/services/service/DataSourceServiceTopia.java @@ -25,10 +25,12 @@ package fr.ird.observe.services.service; import com.google.common.base.Optional; import com.google.common.base.Preconditions; import com.google.common.collect.ImmutableSet; +import com.google.common.collect.Sets; import fr.ird.observe.ObserveTopiaApplicationContext; import fr.ird.observe.ObserveTopiaConfiguration; import fr.ird.observe.ObserveTopiaConfigurationFactory; import fr.ird.observe.services.ObserveJdbcHelper; +import fr.ird.observe.services.ObserveSecurityHelper; import fr.ird.observe.services.ObserveServiceTopia; import fr.ird.observe.services.ObserveTopiaApplicationContextFactory; import fr.ird.observe.services.configuration.ObserveDataSourceConfiguration; @@ -39,6 +41,7 @@ import fr.ird.observe.services.configuration.ObserveDataSourceConnectionTopia; import fr.ird.observe.services.dto.DataSourceCreateConfigurationDto; import fr.ird.observe.services.dto.DataSourceCreateWithNoReferentialImportException; import fr.ird.observe.services.dto.IncompatibleDataSourceCreateConfigurationException; +import fr.ird.observe.services.dto.UserDto; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.nuiton.topia.persistence.jdbc.JdbcHelper; @@ -90,13 +93,13 @@ public class DataSourceServiceTopia extends ObserveServiceTopia implements DataS // On tente une connection à la base ObserveTopiaConfiguration topiaConfiguration = ObserveTopiaConfigurationFactory.forH2Database(h2DataSourceConfiguration.getDirectory(), - h2DataSourceConfiguration.getDbName(), - h2DataSourceConfiguration.getUsername(), - new String(h2DataSourceConfiguration.getPassword()), - false, - false, - false, - false); + h2DataSourceConfiguration.getDbName(), + h2DataSourceConfiguration.getUsername(), + new String(h2DataSourceConfiguration.getPassword()), + false, + false, + false, + false); try { @@ -271,6 +274,55 @@ public class DataSourceServiceTopia extends ObserveServiceTopia implements DataS } + @Override + public Set<UserDto> getUsers() { + + Set<UserDto> users = Sets.newHashSet(); + + ObserveDataSourceConfigurationTopiaSupport dataSourceConfiguration = serviceContext.getDataSourceConfiguration(); + + // pas d'user pour les bases autres que postgresql + if (dataSourceConfiguration instanceof ObserveDataSourceConfigurationTopiaPG) { + + Optional<ObserveTopiaApplicationContext> optionalTopiaApplicationContext = ObserveTopiaApplicationContextFactory.getTopiaApplicationContextIfPresent(dataSourceConfiguration); + + if (optionalTopiaApplicationContext.isPresent()) { + ObserveTopiaConfiguration topiaConfiguration = optionalTopiaApplicationContext.get().getConfiguration(); + + ObserveJdbcHelper observeJdbcHelper = new ObserveJdbcHelper(topiaConfiguration); + + users.addAll(observeJdbcHelper.getUsers()); + + } + + } + + return users; + } + + @Override + public void applySecurity(Set<UserDto> users) { + ObserveDataSourceConfigurationTopiaSupport dataSourceConfiguration = serviceContext.getDataSourceConfiguration(); + + // pas de securité pour les bases autres que postgresql + if (dataSourceConfiguration instanceof ObserveDataSourceConfigurationTopiaPG) { + + Optional<ObserveTopiaApplicationContext> optionalTopiaApplicationContext = ObserveTopiaApplicationContextFactory.getTopiaApplicationContextIfPresent(dataSourceConfiguration); + + if (optionalTopiaApplicationContext.isPresent()) { + + ObserveTopiaConfiguration topiaConfiguration = optionalTopiaApplicationContext.get().getConfiguration(); + + ObserveSecurityHelper securityHelper = new ObserveSecurityHelper(topiaConfiguration); + + securityHelper.applySecurity(users, dataSourceConfiguration.isShowMigrationSql()); + + } + + } + + } + protected void executeGzipSqlStatements(ObserveTopiaApplicationContext topiaApplicationContext, String temporaryFilePrefix, byte... content) { File temporaryDirectory = serviceContext.createTemporaryDirectory(temporaryFilePrefix); -- To stop receiving notification emails like this one, please contact codelutin.com SCM administrator <admin+scm@list.forge.codelutin.com>.