\n@Entity\n@Table(name = "Users")\npublic class Users {\n\t\n\t@Id\n\t@GeneratedValue\n\t@Column(name = "id")\n\tprivate Long id;\n\t\n\t@Column(name="firstname")\n\tprivate String firstname;\n\t\n\t@Column(name="lastname")\n\tprivate String lastname;\n\t\n\t@OneToMany(cascade = CascadeType.ALL)\n @JoinTable(name = "name_permission_mapping", \n joinColumns = {@JoinColumn(name = "user_id", referencedColumnName = "id")},\n inverseJoinColumns = {@JoinColumn(name = "permission_id", referencedColumnName = "id")})\n @MapKey(name = "permission_name")\n\tprivate Map<String, Permission> _roles = new HashMap<>();\n\t\n\tpublic Users() {\n\t\tsuper();\n\t}\n\t\n\tpublic Users(String firstname, String lastname, Map<String, Permission> roles) {\n\t\tsuper();\n\t\tthis.firstname = firstname;\n\t\tthis.lastname = lastname;\n\t\tthis._roles = roles;\n\t}\n\n\t\/\/ getters + setters + toString\n\t\n}\n\n<\/pre><\/div>\n\n\n\n\n\n\nUser Builder:<\/h3>\n\n\n\npublic class UsersBuilder {\n\t\n\tprivate String firstname;\n\tprivate String lastname;\n\tMap<String, Permission> Permissions = new HashMap<>();\n\t\n\tpublic UsersBuilder setFirstname(String firstname) {\n\t\tthis.firstname = firstname;\n\t\treturn this;\n\t}\n\t\n\tpublic UsersBuilder setLastname(String lastname) {\n\t\tthis.lastname = lastname;\n\t\treturn this;\n\t}\n\t\n\tpublic UsersBuilder setPermissions(Map<String, Permission> p) {\n\t\tthis.Permissions = p;\n\t\treturn this;\n\t}\n\t\n\tpublic Users build() {\n\t\treturn new Users(firstname, lastname, Permissions);\n\t}\n\t\n}\n<\/pre><\/div>\n\n\nUser Service:<\/h3>\n\n\n\npublic class UserPermissionService {\n\t\n\t\n\tpublic boolean createPermissionProvider(Permission p, Users u) {\n\t\treturn u.get_roles().get(p.getClass().getSimpleName()) != null\n\t\t\t\t? checkUserWritePermission(p, u)\n\t\t\t\t: false;\n\t}\n\t\n\tpublic boolean readPermissionProvider(Permission p, Users u) {\n\t\treturn u.get_roles().get(p.getClass().getSimpleName()) != null\n\t\t\t\t? checkUserReadPermission(p, u)\n\t\t\t\t: false;\n\t}\n\t\n\tpublic boolean updatePermissionProvider(Permission p, Users u) {\n\t\treturn u.get_roles().get(p.getClass().getSimpleName()) != null\n\t\t\t\t? checkUserUpdatePermission(p, u)\n\t\t\t\t: false;\n\t}\n\t\n\tpublic boolean deletePermissionProvider(Permission p, Users u) {\n\t\treturn u.get_roles().get(p.getClass().getSimpleName()) != null\n\t\t\t\t? checkUserDeletePermission(p, u)\n\t\t\t\t: false;\n\t}\n\t\n\tpublic boolean checkUserWritePermission(Permission p, Users user) {\n\t\treturn user.get_roles().get(p.getClass().getSimpleName()).is_create();\n\t}\n\t\n\tpublic boolean checkUserReadPermission(Permission p, Users user) {\n\t\treturn user.get_roles().get(p.getClass().getSimpleName()).is_read();\n\t}\n\t\n\tpublic boolean checkUserUpdatePermission(Permission p, Users user) {\n\t\treturn user.get_roles().get(p.getClass().getSimpleName()).is_update();\n\t}\n\t\n\tpublic boolean checkUserDeletePermission(Permission p, Users user) {\n\t\treturn user.get_roles().get(p.getClass().getSimpleName()).is_delete();\n\t}\n\t\n\t\/\/ ...\n\t\n\tpublic boolean grantPermission(Permission p, Users user) {\n\t\treturn user.get_roles().put(p.getClass().getSimpleName(), p) != null\n\t\t\t\t? true : false;\n\t}\n\t\n\tpublic boolean removePermission(Permission p, Users user) {\n\t\treturn user.get_roles().remove(p.getClass().getSimpleName(), p);\n\t}\n\t\n\tpublic Permission findPermission(Permission p, Users user) {\n\t\treturn user.get_roles().get(p.getClass().getSimpleName());\n\t}\t\t\n}\n\n<\/pre><\/div>\n\n\nPermission Base Class:<\/h3>\n\n\n\n@Entity\n@Inheritance(strategy = InheritanceType.TABLE_PER_CLASS)\npublic class Permission {\n\t\n\t@Id\n\t@GeneratedValue\n\tprivate Long id;\n\t\n\t@Column(name="permission_name")\n\tprivate String permission_name;\n\t\n\t@Column(name = "_create")\n\tprivate boolean _create;\n\t\n\t@Column(name = "_read")\n\tprivate boolean _read;\n\t\n\t@Column(name = "_update")\n\tprivate boolean _update;\n\t\n\t@Column(name = "_delete")\n\tprivate boolean _delete;\n\t\n\t\/\/ getters + setters + toString\n}\n<\/pre><\/div>\n\n\nPermission Subclass 1: <\/h3>\n\n\n\n@Entity\npublic class CustomerDomainPermission extends Permission {\n\tpublic CustomerDomainPermission() {\n\t\tsuper();\n\t}\n}\n<\/pre><\/div>\n\n\nPermission Subclass 2:<\/h3>\n\n\n\n@Entity\npublic class ProductDomainPermission extends Permission {\n\tpublic ProductDomainPermission() {\n\t\tsuper();\n\t}\n}\n<\/pre><\/div>\n\n\nTest Class: <\/h3>\n\n\n\npublic class PermissionsTest {\n\t\npublic static void main(String[] args) {\n\t\n\t\tPermission cd = new CustomerDomainPermission();\n\t\tcd.set_read(true);\n\t\tcd.set_create(true);\n\t\tcd.set_delete(true);\n\t\tcd.set_update(true);\n\t\tcd.setPermission_name("customer_domain");\n\t\t\n\t\tPermission pd = new ProductDomainPermission();\n\t\tpd.set_read(true);\n\t\tpd.set_create(true);\n\t\tpd.set_delete(true);\n\t\tpd.set_update(true);\n\t\tpd.setPermission_name("product_domain");\n\t\t\n\t\tUsers user = new UsersBuilder()\n\t\t\t\t.setFirstname("Walter")\n\t\t\t\t.setLastname("White")\n\t\t\t\t.build();\n\t\t\t\t\n\t\tUserPermissionService us = new UserPermissionService();\n\t\tus.grantPermission(pd, user);\n\t\tus.grantPermission(cd, user);\n\t\t\n\t\tnew UserDao().addUser(user);\n System.out.println(user);\n\t}\n}\n<\/pre><\/div>\n\n\nOutput:<\/h3>\n\n\n\nUsers [id=1, firstname=Walter, lastname=White, _roles={ProductDomainPermission=Permission [id=2, permission_name=product_domain, _create=true, _read=true, _update=true, _delete=true], CustomerDomainPermission=Permission [id=3, permission_name=customer_domain, _create=true, _read=true, _update=true, _delete=true]}]\n\n<\/pre><\/div>\n\n\nDatabase Tables:<\/h3>\n\n\n\n![\"\"](\"https:\/\/blog.gunlerveisler.gen.tr\/wp-content\/uploads\/2020\/08\/table_01.jpg\")
<\/a>Hibernate Equivalent Tables<\/figcaption><\/figure><\/div>\n\n\n\n![\"\"](\"https:\/\/blog.gunlerveisler.gen.tr\/wp-content\/uploads\/2020\/08\/table_02.jpg\")
<\/a>User Base Class Table<\/figcaption><\/figure><\/div>\n\n\n\n\n![\"\"](\"https:\/\/blog.gunlerveisler.gen.tr\/wp-content\/uploads\/2020\/08\/table_033.jpg\")
<\/a>Permission Base Class (Inherited) as Empty Table<\/figcaption><\/figure><\/div>\n\n\n\n![\"Customer](\"https:\/\/blog.gunlerveisler.gen.tr\/wp-content\/uploads\/2020\/08\/table_04.jpg\")
<\/a>Customer Domain Subclass Table<\/figcaption><\/figure><\/div>\n\n\n\n<\/p>\n<\/div><\/div>\n\n\n\n
\n![\"Product](\"https:\/\/blog.gunlerveisler.gen.tr\/wp-content\/uploads\/2020\/08\/table_05.jpg\")
<\/a>Product Domain Subclass Table<\/figcaption><\/figure><\/div>\n<\/div><\/div>\n\n\n\n![\"\"](\"https:\/\/blog.gunlerveisler.gen.tr\/wp-content\/uploads\/2020\/08\/table_06.jpg\")
<\/a>Intermediary Table which created by Hibernate automatically for User and inherited Permission association<\/figcaption><\/figure><\/div>\n\n\n\nPros of this design:<\/strong><\/p>\n\n\n\n- When new requirements of application domains come (for example “Stock Domain” or “Invoice Management Domain” etc. ) only need to do is just create another subclass of Permission. (also obeyed Open-Closed Principle<\/strong><\/em>, SOLID) This can require significantly less programming effort because the base class contains many methods providing default behavior.<\/li>
- The association between Users and Permission classes simply stored at “permissions” map collection attribute in the Users base class. <\/li>
- It needs only one base service class and 8 methods for all of its subclasses. (Composition<\/strong><\/em>)<\/li><\/ul>\n\n\n\n
But I hesitate to use this, because the database is not in a good shape, there are some repetitive columns at the “ProductDomainPermission<\/code>” and “CustomerDomainPermission<\/code>” tables, such as “permission_name<\/code>“, this is an illegal situation at the context of First Normal Form<\/em><\/strong> database property. This may cause performance issues once project starts to grow. Also, Map<\/strong><\/em> collection attribute seems like misused and “Users<\/code>” entity is not loosely coupled to the permission code block. Consequently, It looks not very good to me, so I give up the idea.<\/p>\n\n\n\nBut, Instead of this I thought up another solution:<\/strong><\/h3>\n\n\n\nI decided to use a “DomainPermissions<\/code>” type instead of a Map Collection attribute inside the “Users<\/code>” class, it consists of 4 primitive boolean attribute which represent crud operation permissions, so that \"Users<\/code>” decouples from “Permission<\/code>“. Also, create OneToOne associations and constraints among the Permission Persistent Block and the Users explicitly, in this way I had more control over Hibernate to shaping database.<\/p>\n\n\n\n![\"\"](\"https:\/\/blog.gunlerveisler.gen.tr\/wp-content\/uploads\/2020\/08\/umlDiagram-1024x530.jpg\")
<\/a>UML diagram of new design<\/figcaption><\/figure>\n\n\n\nUsers Class<\/strong>:<\/p>\n\n\n\nEntity\n@Table(name = "Users")\npublic class Users {\n\t\n\t@Id\n\t@GeneratedValue\n\t@Column(name = "user_id")\n\tLong user_id;\n\t\n\t@Column(name="firstname")\n\tprivate String firstname;\n\t\n\t@Column(name="lastname")\n\tprivate String lastname;\n\t\n\t@OneToOne(cascade = CascadeType.ALL, \n\t\t\torphanRemoval = true)\n\t@JoinColumn(name = "_domainPermission_id", referencedColumnName = "domainPermissions_id")\n\tprivate DomainPermissions domainPermissions;\n\t\n\tpublic Users() {\n\t\tsuper();\n\t}\n\t\n\tpublic Users(String firstname, String lastname, DomainPermissions d) {\n\t\tsuper();\n\t\tthis.firstname = firstname;\n\t\tthis.lastname = lastname;\n\t\tthis.domainPermissions = d;\n\t}\n\/\/ getters + setters + toString()\n<\/pre><\/div>\n\n\nAs is seen, this class has a attribute with type of “DomainPermissions<\/code>” and there is an OneToOne Bidirectional<\/strong> association between “Users<\/code>” and “DomainPermissions<\/code>” classes.<\/p>\n\n\n\nDomainPermissions Class:<\/strong><\/p>\n\n\n\n@Entity\npublic class DomainPermissions {\n\t\n\t@Id\n\t@GeneratedValue\n\tprivate Long domainPermissions_id;\n\t\n\t@OneToOne(cascade = CascadeType.ALL, \n\t\t\torphanRemoval = true)\n\t@JoinColumn(name="customerDomain_permission_id", columnDefinition = "bigint default 1")\n\tprivate Permission customerDomain;\n\t\n\t@OneToOne(cascade = CascadeType.ALL, \n\t\t\torphanRemoval = true)\n\t@JoinColumn(name="productDomain_permission_id", columnDefinition = "bigint default 1")\n\tprivate Permission productDomain;\n\t\n\t@OneToOne(mappedBy = "domainPermissions")\n\tprivate Users user;\n\n\/\/ getters + setters + toString()\n<\/pre><\/div>\n\n\nAnd this “DomainPermission<\/code>” class has 2 “Permission<\/code>” super type attributes for available application domain types. Also, has OneToOne Unidirectinal<\/strong> association with “Permission<\/code>” super type. In future when a new domain comes I can simply create another subtype and add another attribute in here such as:<\/p>\n\n\n\n(...)\n@OneToOne(cascade = CascadeType.ALL, \n\t\t\torphanRemoval = true)\n\t@JoinColumn(name="blablaDomain_permission_id", columnDefinition = "bigint default 1")\n\tprivate Permission blablaDomain;\n(...)\n<\/pre><\/div>\n\n\nBut an important thing is if a new subclass (domain) creation occurs in the future, a new null column will add to the “DomainPermissions<\/code>” table and all of the before rows will mark at this column as null, this is an unwanted situation, so I had to pay attention for potential null pointer exceptions and Data Integrity. To prevent this I rearrange the DomainPermissions class and define a DEFAULT Constraint per domain such as:<\/p>\n\n\n\n\t@JoinColumn(name="customerDomain_permission_id", columnDefinition = "bigint default 1")\n \/\/ private Permission some_domain_name;\n<\/pre><\/div>\n\n\nIn this notation the attribute with id 1 should be an all “false” responsive record placed on Permission<\/code> class table and it stand in for null object pattern. This can be creating at the deployment or coding in a Servlet which takes care of initialization stuff. <\/p>\n\n\n\nDomainPermissionsBuilder Class:<\/strong><\/p>\n\n\n\npublic class DomainPermissionsBuilder {\n\t\n\tprivate Permission customerDomain;\n\tprivate Permission productDomain;\n\n\tpublic DomainPermissionsBuilder setCustomerDomain(Permission c) {\n\t\tthis.customerDomain = c != null ? c : new CustomerDomainPermission();\n\t\treturn this;\n\t}\n\t\n\tpublic DomainPermissionsBuilder setProductDomain(Permission p) {\n\t\tthis.productDomain = p != null ? p : new ProductDomainPermission();\n\t\treturn this;\n\t}\n\t\n\tpublic DomainPermissions build() {\n\t\tif (this.customerDomain == null)\n\t\t\tthis.customerDomain = new CustomerDomainPermission();\n\t\tif (this.productDomain == null)\n\t\t\tthis.productDomain = new ProductDomainPermission();\n\t\treturn new DomainPermissions(customerDomain, productDomain);\n\t}\n\t\n}\n<\/pre><\/div>\n\n\nPermission Class:<\/strong><\/p>\n\n\n\n@Entity\n@Inheritance(strategy = InheritanceType.TABLE_PER_CLASS)\npublic class Permission {\n\t\n\t@Id\n\t@GeneratedValue\n\tLong permission_id;\n\t\n\t@Column(name = "_create")\n\tprivate boolean _create;\n\t\n\t@Column(name = "_read")\n\tprivate boolean _read;\n\t\n\t@Column(name = "_update")\n\tprivate boolean _update;\n\t\n\t@Column(name = "_delete")\n\tprivate boolean _delete;\n\t\t\t\n\tpublic Permission() {\n\t\tsuper();\n\t\tthis._create = false;\n\t\tthis._read = false;\n\t\tthis._update = false;\n\t\tthis._delete = false;\n\t}\n\n\tpublic Permission(boolean _create, boolean _read, boolean _update, boolean _delete) {\n\t\tsuper();\n\t\tthis._create = _create;\n\t\tthis._read = _read;\n\t\tthis._update = _update;\n\t\tthis._delete = _delete;\n\t}\ngetters + setters + toString()\n<\/pre><\/div>\n\n\nCustomerDomainPermission Class:<\/strong><\/p>\n\n\n\n@Entity\npublic class CustomerDomainPermission extends Permission {\n\t\n\tpublic CustomerDomainPermission() {\n\t\tsuper();\n\t}\n}\n<\/pre><\/div>\n\n\nProductDomainPermission Class:<\/strong><\/p>\n\n\n\n@Entity\npublic class ProductDomainPermission extends Permission {\n\t\n\tpublic ProductDomainPermission() {\n\t\tsuper();\n\t}\n}\n<\/pre><\/div>\n\n\nJUnit Test:<\/strong><\/p>\n\n\n\n@TestInstance(TestInstance.Lifecycle.PER_CLASS)\nclass PermissionTest {\n\t\n\tUsers user;\n\tPermission cd;\n\tPermission pd;\n\tDomainPermissions d;\n\t\n\t@BeforeAll\n\tvoid createUser() {\n\t\tcd = new CustomerDomainPermission();\n\t\tcd.set_read(true);\n\t\tcd.set_create(false);\n\t\tcd.set_delete(false);\n\t\tcd.set_update(true);\n\t\t\n\t\tpd = new ProductDomainPermission();\n\t\t\t\t\n\t\td = new DomainPermissions();\n\t\td.setCustomerDomain(cd);\n\t\td.setProductDomain(pd);\n\t\t\n\t\tuser = new Users();\n\t\tuser.setFirstname("Alfred");\n\t\tuser.setLastname("Hitchcock");\n\t\tuser.setDomainPermissions(d);\n\t}\n\t\n\t@Test\n\t@DisplayName("When creating Customer Domain Permissions")\n\tvoid customerDomainPermissionsTest() {\n\t\tassertAll(\n\t\t\t\t() -> assertEquals(false, user.getDomainPermissions().getCustomerDomain().is_create()),\n\t\t\t\t() -> assertEquals(true, user.getDomainPermissions().getCustomerDomain().is_read()),\n\t\t\t\t() -> assertEquals(true, user.getDomainPermissions().getCustomerDomain().is_update()),\n\t\t\t\t() -> assertEquals(false, user.getDomainPermissions().getCustomerDomain().is_delete())\t\t\t\t\n\t\t\t\t);\n\t}\n\t\n\t@Test\n\t@DisplayName("When creating Product Domain Permissions")\n\tvoid productDomainPermissionsTest() {\n\t\tassertAll(\n\t\t\t\t() -> assertEquals(false, user.getDomainPermissions().getProductDomain().is_create()),\n\t\t\t\t() -> assertEquals(false, user.getDomainPermissions().getProductDomain().is_read()),\n\t\t\t\t() -> assertEquals(false, user.getDomainPermissions().getProductDomain().is_update()),\n\t\t\t\t() -> assertEquals(false, user.getDomainPermissions().getProductDomain().is_delete())\t\t\t\t\n\t\t\t\t);\n\t}\n\t\n\t@Test\n\t@DisplayName("Is CustomerDomainPermission an instance of correct sub class")\n\tvoid customerDomainPermissionInstantiationCheck() {\n\t\tassertTrue(cd instanceof CustomerDomainPermission);\n\t}\n\t\n\t@Test\n\t@DisplayName("Is ProductDomainPermission an instance of correct sub class")\n\tvoid productDomainPermissionInstantiationCheck() {\n\t\tassertTrue(pd instanceof ProductDomainPermission);\n\t}\n\t\n\t@Test\n\t@DisplayName("Does DomainPermissions Type Include CustomerDomainPermission")\n\tvoid domainPermissionsTypeCustomerDomainPermissionContentTest() {\n\t\tassertEquals(cd, d.getCustomerDomain());\n\t}\n\t\n\t@Test\n\t@DisplayName("Does DomainPermissions Type Include ProductDomainPermission")\n\tvoid domainPermissionTypeProductDomainPermissionContentTest() {\n\t\tassertEquals(pd, d.getProductDomain());\n\t}\n\t\n\t@Test\n\t@DisplayName("Does the User have correct DomainPermissions")\n\tvoid userDomainPermissionsTest() {\n\t\tassertEquals(d, user.getDomainPermissions());\n\t}\n<\/pre><\/div>\n\n\nOutput:<\/strong><\/p>\n\n\n\n![\"\"](\"https:\/\/blog.gunlerveisler.gen.tr\/wp-content\/uploads\/2020\/08\/junit01.jpg\")
<\/a>JUnit Test Result Screen<\/figcaption><\/figure>\n\n\n\nDatabase Tables:<\/strong><\/h3>\n\n\n\n![\"\"](\"https:\/\/blog.gunlerveisler.gen.tr\/wp-content\/uploads\/2020\/08\/allTables.jpg\")
<\/a>All Tables<\/figcaption><\/figure>\n\n\n\n![\"\"](\"https:\/\/blog.gunlerveisler.gen.tr\/wp-content\/uploads\/2020\/08\/users.jpg\")
<\/a>Users Table<\/figcaption><\/figure>\n\n\n\n![\"\"](\"https:\/\/blog.gunlerveisler.gen.tr\/wp-content\/uploads\/2020\/08\/DomainPermissions.jpg\")
<\/a>DomainPermissions Table<\/figcaption><\/figure>\n\n\n\n\n\n\n\n\n![\"\"](\"https:\/\/blog.gunlerveisler.gen.tr\/wp-content\/uploads\/2020\/08\/permission-1.jpg\")
<\/a>Permission Base Class Table<\/figcaption><\/figure>\n<\/div><\/div>\n<\/div><\/div>\n<\/div><\/div>\n<\/div><\/div>\n<\/div><\/div>\n\n\n\n![\"\"](\"https:\/\/blog.gunlerveisler.gen.tr\/wp-content\/uploads\/2020\/08\/customerDomainPermission.jpg\")
<\/a>CustomerDomainPermission Table<\/figcaption><\/figure>\n\n\n\n![\"\"](\"https:\/\/blog.gunlerveisler.gen.tr\/wp-content\/uploads\/2020\/08\/productDomainPermission.jpg\")
<\/a>ProductDomainPermission Table<\/figcaption><\/figure>\n\n\n\n<\/p>\n","protected":false},"excerpt":{"rendered":"
Here is an idea for managing the user permissions at my web app. In this design users have different privileges to perform basic crud operations on different app domains (Customer Management Domain, Stock Management Domain etc.). In this way, some … Continue reading
![\"\"](\"https:\/\/aliyargunes.com.tr\/blog\/wp-content\/uploads\/2020\/08\/table_01.jpg\")
<\/a>