#6397 Connection permissions editor UI & model

935b4f06 · Serge Rider · 681af3f8 · 935b4f06 · 935b4f06 · 935b4f06
7 changed file
--- a/bundles/org.jkiss.utils/src/org/jkiss/utils/CommonUtils.java
+++ b/bundles/org.jkiss.utils/src/org/jkiss/utils/CommonUtils.java
@@ -275,6 +275,21 @@ public class CommonUtils {
        return equalObjects(s1, s2) || (isEmpty(s1) && isEmpty(s2));
    }

+    public static boolean equalsContents(@Nullable Collection<?> c1, @Nullable Collection<?> c2) {
+        if (CommonUtils.isEmpty(c1) && CommonUtils.isEmpty(c2)) {
+            return true;
+        }
+        if (c1 == null || c2 == null || c1.size() != c2.size()) {
+            return false;
+        }
+        for (Object o : c1) {
+            if (!c2.contains(o)) {
+                return false;
+            }
+        }
+        return true;
+    }
+
    @NotNull
    public static String toString(@Nullable Object object) {
        if (object == null) {

--- a/plugins/org.jkiss.dbeaver.core/src/org/jkiss/dbeaver/ui/dialogs/connection/ConnectionPageGeneral.java
+++ b/plugins/org.jkiss.dbeaver.core/src/org/jkiss/dbeaver/ui/dialogs/connection/ConnectionPageGeneral.java
@@ -29,10 +29,7 @@ import org.eclipse.swt.layout.GridData;
 import org.eclipse.swt.widgets.*;
 import org.jkiss.code.NotNull;
 import org.jkiss.dbeaver.core.CoreMessages;
-import org.jkiss.dbeaver.model.DBPDataSourceContainer;
-import org.jkiss.dbeaver.model.DBPDataSourceFolder;
-import org.jkiss.dbeaver.model.DBPDataSourceProvider;
-import org.jkiss.dbeaver.model.DBUtils;
+import org.jkiss.dbeaver.model.*;
 import org.jkiss.dbeaver.model.connection.DBPConnectionConfiguration;
 import org.jkiss.dbeaver.model.connection.DBPConnectionType;
 import org.jkiss.dbeaver.model.struct.DBSEntityAttribute;
@@ -45,12 +42,14 @@ import org.jkiss.dbeaver.registry.DataSourceProviderRegistry;
 import org.jkiss.dbeaver.ui.IHelpContextIds;
 import org.jkiss.dbeaver.ui.UIUtils;
 import org.jkiss.dbeaver.ui.controls.CSmartCombo;
+import org.jkiss.dbeaver.ui.dialogs.BaseDialog;
 import org.jkiss.dbeaver.ui.internal.UINavigatorMessages;
 import org.jkiss.dbeaver.ui.navigator.dialogs.EditObjectFilterDialog;
 import org.jkiss.dbeaver.ui.preferences.PrefPageConnectionTypes;
 import org.jkiss.utils.CommonUtils;

 import java.util.ArrayList;
+import java.util.Collections;
 import java.util.List;
 import java.util.StringTokenizer;

@@ -87,11 +86,13 @@ class ConnectionPageGeneral extends ConnectionWizardPage {

    private Button showSystemObjects;
    private Button showUtilityObjects;
+
    private Button readOnlyConnection;

    private List<FilterInfo> filters = new ArrayList<>();
    private Group filtersGroup;
    private Font boldFont;
+    private List<DBPDataSourcePermission> accessRestritions;

    ConnectionPageGeneral(ConnectionWizard wizard)
    {
@@ -261,7 +262,7 @@ class ConnectionPageGeneral extends ConnectionWizardPage {
    {
        boldFont = UIUtils.makeBoldFont(parent.getFont());

-        Composite group = UIUtils.createPlaceholder(parent, 1, 5);
+        Composite group = UIUtils.createComposite(parent, 1);

        String connectionName = dataSourceDescriptor == null ? "" : dataSourceDescriptor.getName(); //$NON-NLS-1$
        connectionNameText = UIUtils.createLabelText(group, CoreMessages.dialog_connection_wizard_final_label_connection_name, CommonUtils.toString(connectionName));
@@ -273,7 +274,7 @@ class ConnectionPageGeneral extends ConnectionWizardPage {
        {
            UIUtils.createControlLabel(group, CoreMessages.dialog_connection_wizard_final_label_connection_type);

-            Composite ctGroup = UIUtils.createPlaceholder(group, 2, 5);
+            Composite ctGroup = UIUtils.createComposite(group, 2);
            connectionTypeCombo = new CSmartCombo<>(ctGroup, SWT.BORDER | SWT.DROP_DOWN | SWT.READ_ONLY, new ConnectionTypeLabelProvider());
            loadConnectionTypes();
            connectionTypeCombo.select(0);
@@ -286,9 +287,7 @@ class ConnectionPageGeneral extends ConnectionWizardPage {
                }
            });

-            Button pickerButton = new Button(ctGroup, SWT.PUSH);
-            pickerButton.setText(CoreMessages.dialog_connection_wizard_final_label_edit);
-            pickerButton.addSelectionListener(new SelectionAdapter() {
+            UIUtils.createDialogButton(ctGroup, CoreMessages.dialog_connection_wizard_final_label_edit, new SelectionAdapter() {
                @Override
                public void widgetSelected(SelectionEvent e) {
                    DataSourceDescriptor dataSource = getActiveDataSource();
@@ -329,7 +328,7 @@ class ConnectionPageGeneral extends ConnectionWizardPage {
            descriptionText.setLayoutData(gd);
        }

-        Composite refsGroup = UIUtils.createPlaceholder(group, 2, 5);
+        Composite refsGroup = UIUtils.createComposite(group, 3);
        GridData gd = new GridData(GridData.FILL_HORIZONTAL);
        gd.horizontalSpan = 2;
        refsGroup.setLayoutData(gd);
@@ -352,13 +351,6 @@ class ConnectionPageGeneral extends ConnectionWizardPage {
                CoreMessages.dialog_connection_wizard_final_checkbox_show_util_objects,
                dataSourceDescriptor != null && dataSourceDescriptor.isShowUtilityObjects());
            showUtilityObjects.setLayoutData(new GridData(GridData.HORIZONTAL_ALIGN_BEGINNING));
-
-            readOnlyConnection = UIUtils.createCheckbox(
-                miscGroup,
-                CoreMessages.dialog_connection_wizard_final_checkbox_connection_readonly,
-                dataSourceDescriptor != null && dataSourceDescriptor.isConnectionReadOnly());
-            gd = new GridData(GridData.HORIZONTAL_ALIGN_BEGINNING);
-            readOnlyConnection.setLayoutData(gd);
        }

        {
@@ -366,7 +358,7 @@ class ConnectionPageGeneral extends ConnectionWizardPage {
            filtersGroup = UIUtils.createControlGroup(
                refsGroup,
                CoreMessages.dialog_connection_wizard_final_group_filters,
-                2, GridData.FILL_HORIZONTAL | GridData.VERTICAL_ALIGN_BEGINNING, 0);
+                2, GridData.VERTICAL_ALIGN_BEGINNING | GridData.FILL_HORIZONTAL, 0);
            for (final FilterInfo filterInfo : filters) {
                filterInfo.link = UIUtils.createLink(filtersGroup, "<a>" + filterInfo.title + "</a>", new SelectionAdapter() {
                    @Override
@@ -389,8 +381,31 @@ class ConnectionPageGeneral extends ConnectionWizardPage {
                });
            }
        }
+
+        {
+            // Security
+            Group securityGroup = UIUtils.createControlGroup(
+                refsGroup,
+                CoreMessages.dialog_connection_wizard_final_group_security,
+                1, GridData.VERTICAL_ALIGN_BEGINNING, 0);
+            securityGroup.setLayoutData(new GridData(GridData.HORIZONTAL_ALIGN_BEGINNING));
+
+            readOnlyConnection = UIUtils.createCheckbox(
+                securityGroup,
+                CoreMessages.dialog_connection_wizard_final_checkbox_connection_readonly,
+                dataSourceDescriptor != null && dataSourceDescriptor.isConnectionReadOnly());
+            readOnlyConnection.setLayoutData(new GridData(GridData.HORIZONTAL_ALIGN_BEGINNING));
+
+            UIUtils.createDialogButton(securityGroup, "Edit permissions ...", new SelectionAdapter() {
+                @Override
+                public void widgetSelected(SelectionEvent e) {
+                    editPermissions();
+                }
+            });
+        }
+
        {
-            Composite linkGroup = UIUtils.createPlaceholder(refsGroup, 1, 5);
+            Composite linkGroup = UIUtils.createComposite(refsGroup, 1);
            gd = new GridData(GridData.HORIZONTAL_ALIGN_BEGINNING);
            gd.horizontalSpan = 2;
            linkGroup.setLayoutData(gd);
@@ -439,6 +454,44 @@ class ConnectionPageGeneral extends ConnectionWizardPage {
        UIUtils.setHelp(group, IHelpContextIds.CTX_CON_WIZARD_FINAL);
    }

+    private void editPermissions() {
+        new BaseDialog(getShell(), CoreMessages.dialog_connection_wizard_final_group_security, null) {
+            private List<Button> restrictedPermissionButtons = new ArrayList<>();
+
+            @Override
+            protected Composite createDialogArea(Composite parent) {
+                Composite composite = super.createDialogArea(parent);
+                if (accessRestritions == null) {
+                    accessRestritions = dataSourceDescriptor == null ? Collections.emptyList() : dataSourceDescriptor.getModifyPermission();
+                }
+                for (DBPDataSourcePermission permission : DBPDataSourcePermission.values()) {
+                    Button permButton = UIUtils.createCheckbox(
+                        composite,
+                        permission.getLabel(),
+                        permission.getDescription(),
+                        accessRestritions.contains(permission),
+                        1);
+                    permButton.setData(permission);
+                    permButton.setLayoutData(new GridData(GridData.HORIZONTAL_ALIGN_BEGINNING));
+                    restrictedPermissionButtons.add(permButton);
+                }
+                return composite;
+            }
+
+            @Override
+            protected void okPressed() {
+                List<DBPDataSourcePermission> restrictions = new ArrayList<>();
+                for (Button permbutton : restrictedPermissionButtons) {
+                    if (permbutton.getSelection()) {
+                        restrictions.add((DBPDataSourcePermission) permbutton.getData());
+                    }
+                }
+                accessRestritions = restrictions;
+                super.okPressed();
+            }
+        }.open();
+    }
+
    private void loadConnectionTypes()
    {
        connectionTypeCombo.removeAll();
@@ -503,6 +556,7 @@ class ConnectionPageGeneral extends ConnectionWizardPage {
        dataSource.setShowSystemObjects(showSystemObjects.getSelection());
        dataSource.setShowUtilityObjects(showUtilityObjects.getSelection());
        dataSource.setConnectionReadOnly(readOnlyConnection.getSelection());
+        dataSource.setModifyPermissions(accessRestritions);

        for (FilterInfo filterInfo : filters) {
            if (filterInfo.filter != null) {

--- a/plugins/org.jkiss.dbeaver.model/src/org/jkiss/dbeaver/model/DBPDataSourceContainer.java
+++ b/plugins/org.jkiss.dbeaver.model/src/org/jkiss/dbeaver/model/DBPDataSourceContainer.java
@@ -38,6 +38,7 @@ import org.jkiss.dbeaver.utils.GeneralUtils;

 import java.util.Collection;
 import java.util.Date;
+import java.util.List;

 /**
 * DBPDataSourceContainer
@@ -94,6 +95,12 @@ public interface DBPDataSourceContainer extends DBSObject, DBDPreferences, DBPNa

    void setConnectionReadOnly(boolean connectionReadOnly);

+    boolean hasModifyPermission(DBPDataSourcePermission permission);
+
+    List<DBPDataSourcePermission> getModifyPermission();
+
+    void setModifyPermissions(@Nullable Collection<DBPDataSourcePermission> permissions);
+
    boolean isSavePassword();

    void setSavePassword(boolean savePassword);

--- a/plugins/org.jkiss.dbeaver.model/src/org/jkiss/dbeaver/model/DBPDataSourcePermission.java
+++ b/plugins/org.jkiss.dbeaver.model/src/org/jkiss/dbeaver/model/DBPDataSourcePermission.java
+/*
+ * DBeaver - Universal Database Manager
+ * Copyright (C) 2010-2019 Serge Rider (serge@jkiss.org)
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.jkiss.dbeaver.model;
+
+/**
+ * Data-source permissions
+ */
+public enum DBPDataSourcePermission
+{
+    PERMISSION_EDIT_DATA("edit.data", "Restrict data edit", "Restrict and direct data modifications"),
+    PERMISSION_EDIT_METADATA("edit.meta", "Restrict structure edit", "Restrict structure (metadata) changes, like tables create/drop"),
+    PERMISSION_EXECUTE_SCRIPTS("edit.execute", "Restrict script execute", "Restruct custom user scripts (SQL) execution"),
+    PERMISSION_IMPORT_DATA("import.data", "Restrict data import", "Restrict importing data");
+
+    private final String id;
+    private final String label;
+    private final String description;
+
+    DBPDataSourcePermission(String id, String label, String description) {
+        this.id = id;
+        this.label = label;
+        this.description = description;
+    }
+
+    public String getId() {
+        return id;
+    }
+
+    public String getLabel() {
+        return label;
+    }
+
+    public String getDescription() {
+        return description;
+    }
+
+    public static DBPDataSourcePermission getById(String id) {
+        for (DBPDataSourcePermission permission : values()) {
+            if (permission.id.equals(id)) {
+                return permission;
+            }
+        }
+        throw new IllegalArgumentException("Wrong permission id: " + id);
+    }
+}
--- a/plugins/org.jkiss.dbeaver.net.ssh.ui/src/org/jkiss/dbeaver/ui/net/ssh/SSHTunnelConfiguratorUI.java
+++ b/plugins/org.jkiss.dbeaver.net.ssh.ui/src/org/jkiss/dbeaver/ui/net/ssh/SSHTunnelConfiguratorUI.java
@@ -185,9 +185,9 @@ public class SSHTunnelConfiguratorUI implements IObjectPropertyConfigurator<DBWH
    public void loadSettings(DBWHandlerConfiguration configuration)
    {
        hostText.setText(CommonUtils.notEmpty(configuration.getStringProperty(SSHConstants.PROP_HOST)));
-        String portString = configuration.getStringProperty(SSHConstants.PROP_PORT);
-        if (!CommonUtils.isEmpty(portString)) {
-            portText.setSelection(CommonUtils.toInt(portString));
+        int portString = configuration.getIntProperty(SSHConstants.PROP_PORT);
+        if (portString != 0) {
+            portText.setSelection(portString);
        } else {
            portText.setSelection(SSHConstants.DEFAULT_SSH_PORT);
        }

--- a/plugins/org.jkiss.dbeaver.registry/src/org/jkiss/dbeaver/registry/DataSourceDescriptor.java
+++ b/plugins/org.jkiss.dbeaver.registry/src/org/jkiss/dbeaver/registry/DataSourceDescriptor.java
@@ -134,6 +134,7 @@ public class DataSourceDescriptor
    private boolean showSystemObjects;
    private boolean showUtilityObjects;
    private boolean connectionReadOnly;
+    private List<DBPDataSourcePermission> connectionModifyRestrictions;
    private final Map<String, FilterMapping> filterMap = new HashMap<>();
    private DBDDataFormatterProfile formatterProfile;
    @Nullable
@@ -207,6 +208,8 @@ public class DataSourceDescriptor
        this.formatterProfile = source.formatterProfile;
        this.clientHome = source.clientHome;

+        this.connectionModifyRestrictions = source.connectionModifyRestrictions == null ? null : new ArrayList<>(source.connectionModifyRestrictions);
+
        this.connectionInfo = new DBPConnectionConfiguration(source.connectionInfo);
        for (Map.Entry<String, FilterMapping> fe : source.filterMap.entrySet()) {
            this.filterMap.put(fe.getKey(), new FilterMapping(fe.getValue()));
@@ -349,6 +352,32 @@ public class DataSourceDescriptor
        this.connectionReadOnly = connectionReadOnly;
    }

+    @Override
+    public boolean hasModifyPermission(DBPDataSourcePermission permission) {
+        if (connectionReadOnly) {
+            return false;
+        }
+        return connectionModifyRestrictions != null && !connectionModifyRestrictions.contains(permission);
+    }
+
+    @Override
+    public List<DBPDataSourcePermission> getModifyPermission() {
+        if (CommonUtils.isEmpty(this.connectionModifyRestrictions)) {
+            return Collections.emptyList();
+        } else {
+            return new ArrayList<>(this.connectionModifyRestrictions);
+        }
+    }
+
+    @Override
+    public void setModifyPermissions(@Nullable Collection<DBPDataSourcePermission> permissions) {
+        if (CommonUtils.isEmpty(permissions)) {
+            this.connectionModifyRestrictions = null;
+        } else {
+            this.connectionModifyRestrictions = new ArrayList<>(permissions);
+        }
+    }
+
    @Override
    public boolean isDefaultAutoCommit()
    {
@@ -1356,7 +1385,8 @@ public class DataSourceDescriptor
            CommonUtils.equalObjects(this.formatterProfile, source.formatterProfile) &&
            CommonUtils.equalObjects(this.clientHome, source.clientHome) &&
            CommonUtils.equalObjects(this.lockPasswordHash, source.lockPasswordHash) &&
-            CommonUtils.equalObjects(this.folder, source.folder);
+            CommonUtils.equalObjects(this.folder, source.folder) &&
+            CommonUtils.equalsContents(this.connectionModifyRestrictions, source.connectionModifyRestrictions);
    }

    public static class ContextInfo implements DBPObject {

--- a/plugins/org.jkiss.dbeaver.registry/src/org/jkiss/dbeaver/registry/DataSourceSerializerModern.java
+++ b/plugins/org.jkiss.dbeaver.registry/src/org/jkiss/dbeaver/registry/DataSourceSerializerModern.java
@@ -30,6 +30,7 @@ import org.jkiss.code.NotNull;
 import org.jkiss.code.Nullable;
 import org.jkiss.dbeaver.DBException;
 import org.jkiss.dbeaver.Log;
+import org.jkiss.dbeaver.model.DBPDataSourcePermission;
 import org.jkiss.dbeaver.model.app.DBASecureStorage;
 import org.jkiss.dbeaver.model.app.DBPDataSourceRegistry;
 import org.jkiss.dbeaver.model.connection.*;
@@ -491,6 +492,30 @@ class DataSourceSerializerModern implements DataSourceSerializer
                    config.getBootstrap().setInitQueries(JSONUtils.deserializeStringList(bootstrapCfg, RegistryConstants.TAG_QUERY));
                }

+                // Permissions
+                {
+                    Map<String, Object> securityCfg = JSONUtils.getObject(conObject, "security");
+                    if (!CommonUtils.isEmpty(securityCfg)) {
+                        List<String> permissionRestrictions = JSONUtils.deserializeStringList(securityCfg, "permission-restrictions");
+                        if (!CommonUtils.isEmpty(permissionRestrictions)) {
+                            List<DBPDataSourcePermission> permissions = new ArrayList<>();
+                            for (String perm : permissionRestrictions) {
+                                try {
+                                    DBPDataSourcePermission permission = DBPDataSourcePermission.getById(perm);
+                                    if (permission != null) {
+                                        permissions.add(permission);
+                                    }
+                                } catch (IllegalArgumentException e) {
+                                    log.debug(e);
+                                }
+                            }
+                            if (!permissions.isEmpty()) {
+                                dataSource.setModifyPermissions(permissions);
+                            }
+                        }
+                    }
+                }
+
                // Filters
                for (Map<String, Object> filterCfg : JSONUtils.getObjectList(conObject, RegistryConstants.TAG_FILTERS)) {
                    String typeName = JSONUtils.getString(filterCfg, RegistryConstants.ATTR_TYPE);
@@ -706,6 +731,18 @@ class DataSourceSerializerModern implements DataSourceSerializer
            json.endObject();
        }

+        {
+            // Permissions
+            List<DBPDataSourcePermission> permissions = dataSource.getModifyPermission();
+            if (!CommonUtils.isEmpty(permissions)) {
+                json.name("security");
+                json.beginObject();
+                List<String> permIds = new ArrayList<>(permissions.size());
+                for (DBPDataSourcePermission perm : permissions) permIds.add(perm.getId());
+                JSONUtils.serializeStringList(json, "permission-restrictions", permIds);
+                json.endObject();
+            }
+        }
        {
            // Filters
            Collection<FilterMapping> filterMappings = dataSource.getObjectFilters();