feat(model-server): persist access control data into database

slisson · slisson · commit da25835eb99c · 2024-12-19T14:25:02.000+01:00
diff --git a/model-server/src/main/kotlin/org/modelix/model/server/DBAccessControlPersistence.kt b/model-server/src/main/kotlin/org/modelix/model/server/DBAccessControlPersistence.kt
@@ -0,0 +1,28 @@
+package org.modelix.model.server
+
+import kotlinx.serialization.encodeToString
+import kotlinx.serialization.json.Json
+import org.modelix.authorization.permissions.AccessControlData
+import org.modelix.authorization.permissions.IAccessControlPersistence
+import org.modelix.model.server.store.IGenericStoreClient
+import org.modelix.model.server.store.RequiresTransaction
+
+class DBAccessControlPersistence<E>(val store: IGenericStoreClient<E>, val key: E) : IAccessControlPersistence {
+    private val json = Json { ignoreUnknownKeys }
+    override fun read(): AccessControlData {
+        @OptIn(RequiresTransaction::class)
+        return store.runReadTransaction {
+            store.get(key)?.let { json.decodeFromString(it) } ?: AccessControlData()
+        }
+    }
+
+    override fun update(updater: (AccessControlData) -> AccessControlData) {
+        @OptIn(RequiresTransaction::class)
+        return store.runWriteTransaction {
+            val oldData = read()
+            val newData = updater(oldData)
+            if (oldData == newData) return@runWriteTransaction
+            store.put(key, json.encodeToString(newData))
+        }
+    }
+}
diff --git a/model-server/src/main/kotlin/org/modelix/model/server/Main.kt b/model-server/src/main/kotlin/org/modelix/model/server/Main.kt
@@ -58,6 +58,7 @@ import org.modelix.model.server.handlers.ui.RepositoryOverview
 import org.modelix.model.server.store.IgniteStoreClient
 import org.modelix.model.server.store.InMemoryStoreClient
 import org.modelix.model.server.store.IsolatingStore
+import org.modelix.model.server.store.ObjectInRepository
 import org.modelix.model.server.store.RequiresTransaction
 import org.modelix.model.server.store.forGlobalRepository
 import org.modelix.model.server.store.loadDump
@@ -181,6 +182,10 @@ object Main {
                 install(ModelixAuthorization) {
                     permissionSchema = ModelServerPermissionSchema.SCHEMA
                     installStatusPages = false
+                    accessControlPersistence = DBAccessControlPersistence(
+                        storeClient,
+                        ObjectInRepository.global(RepositoriesManager.KEY_PREFIX + ":access-control-data"),
+                    )
                 }
                 install(ForwardedHeaders)
                 install(CallLogging) {
