#721 | impl_version 1 for GroupPrivilege

Author: 1t5j0y

avni-server-api/src/main/java/org/avni/server/dao/GroupPrivilegeRepository.java

@@ -1,6 +1,5 @@
 package org.avni.server.dao;
 
-import org.avni.server.domain.CHSEntity;
 import org.avni.server.domain.accessControl.GroupPrivilege;
 import org.joda.time.DateTime;
 import org.springframework.data.domain.Page;
@@ -27,14 +26,15 @@ default GroupPrivilege findByNameIgnoreCase(String name) {
         throw new UnsupportedOperationException("No field 'name' in GroupPrivilege.");
     }
 
-    List<GroupPrivilege> findByGroup_Id(Long groupId);
+    List<GroupPrivilege> findByGroup_IdAndImplVersion(Long groupId, int implVersion);
 
     @Query(value = "select distinct gp.*\n" +
             "from group_privilege gp\n" +
             "         join user_group ug on ug.group_id = gp.group_id\n" +
             "         join privilege p on gp.privilege_id = p.id\n" +
             "where ug.user_id = :userId\n" +
             "  and gp.is_voided = false\n" +
+            "  and gp.impl_version = 1\n" +
             "  and ug.is_voided = false\n" +
             "  and allow = true", nativeQuery = true)
     List<GroupPrivilege> getAllAllowedPrivilegesForUser(Long userId);
@@ -50,4 +50,14 @@ Page<GroupPrivilege> findBySubjectTypeIsNotNullAndLastModifiedDateTimeIsBetweenO
     default boolean existsByLastModifiedDateTimeGreaterThan(DateTime lastModifiedDateTime) {
         return existsByLastModifiedDateTimeGreaterThan(lastModifiedDateTime == null ? null : lastModifiedDateTime.toDate());
     }
+
+    default GroupPrivilege saveGroupPrivilege(GroupPrivilege groupPrivilege) {
+        groupPrivilege.setImplVersion(GroupPrivilege.IMPL_VERSION);
+        return this.save(groupPrivilege);
+    }
+
+    default List<GroupPrivilege> saveAllGroupPrivileges(List<GroupPrivilege> groupPrivileges) {
+        groupPrivileges.forEach(gp -> gp.setImplVersion(GroupPrivilege.IMPL_VERSION));
+        return this.saveAll(groupPrivileges);
+    }
 }

avni-server-api/src/main/java/org/avni/server/domain/accessControl/GroupPrivilege.java

@@ -2,7 +2,6 @@
 
 import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 import org.avni.server.domain.*;
-import org.avni.server.domain.accessControl.Privilege;
 import org.hibernate.annotations.BatchSize;
 
 import javax.persistence.*;
@@ -13,6 +12,7 @@
 @JsonIgnoreProperties({"group", "privilege", "subjectType", "program", "programEncounterType", "encounterType", "checklistDetail"})
 @BatchSize(size = 100)
 public class GroupPrivilege extends OrganisationAwareEntity {
+    public static final int IMPL_VERSION = 1;
 
     @NotNull
     @ManyToOne(fetch = FetchType.LAZY)
@@ -46,6 +46,9 @@ public class GroupPrivilege extends OrganisationAwareEntity {
 
     private boolean allow;
 
+    @Column
+    private int implVersion;
+
     public Group getGroup() {
         return group;
     }
@@ -207,4 +210,12 @@ public String toString() {
                 ", allow=" + allow +
                 '}';
     }
+
+    public int getImplVersion() {
+        return implVersion;
+    }
+
+    public void setImplVersion(int implVersion) {
+        this.implVersion = implVersion;
+    }
 }

avni-server-api/src/main/java/org/avni/server/service/OrganisationService.java

@@ -21,6 +21,7 @@
 import org.avni.server.dao.program.SubjectProgramEligibilityRepository;
 import org.avni.server.dao.task.TaskRepository;
 import org.avni.server.domain.*;
+import org.avni.server.domain.accessControl.GroupPrivilege;
 import org.avni.server.framework.security.UserContextHolder;
 import org.avni.server.importer.batch.model.BundleFolder;
 import org.avni.server.service.application.MenuItemService;
@@ -366,6 +367,7 @@ public void addGroupsJson(ZipOutputStream zos) throws IOException {
     public void addGroupPrivilegeJson(ZipOutputStream zos) throws IOException {
         List<GroupPrivilegeContractWeb> groupPrivileges = groupPrivilegeRepository.findAll().stream()
                 .filter(groupPrivilege -> !groupPrivilege.getGroup().isAdministrator())
+                .filter(groupPrivilege -> groupPrivilege.getImplVersion() == GroupPrivilege.IMPL_VERSION)
                 .map(GroupPrivilegeContractWeb::fromEntity).collect(Collectors.toList());
         if (!groupPrivileges.isEmpty()) {
             addFileToZip(zos, "groupPrivilege.json", groupPrivileges);

avni-server-api/src/main/java/org/avni/server/service/accessControl/GroupPrivilegeService.java

@@ -21,6 +21,8 @@
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.List;
+import java.util.Objects;
+import java.util.stream.Collectors;
 
 @Service
 public class GroupPrivilegeService implements NonScopeAwareService {
@@ -174,7 +176,9 @@ public List<GroupPrivilege> getAllGroupPrivileges(long groupId) {
     }
 
     public void savePrivileges(GroupPrivilegeContractWeb[] requests, Organisation organisation) {
-        List<GroupPrivilege> groupPrivileges = groupPrivilegeRepository.findAll();
+        List<GroupPrivilege> groupPrivileges = groupPrivilegeRepository.findAll()
+            .stream().filter(groupPrivilege -> groupPrivilege.getImplVersion() == GroupPrivilege.IMPL_VERSION)
+            .collect(Collectors.toList());
         List<Privilege> privileges = privilegeRepository.findAll();
         List<SubjectType> subjectTypes = subjectTypeRepository.findAll();
         List<Program> programs = programRepository.findAll();
@@ -183,21 +187,30 @@ public void savePrivileges(GroupPrivilegeContractWeb[] requests, Organisation or
         List<Group> groups = groupRepository.findAll();
 
         Arrays.stream(requests).forEach(request -> {
-            GroupPrivilege groupPrivilege = CollectionUtil.findByUuid(groupPrivileges, request.getUuid());
+            GroupPrivilege groupPrivilege = groupPrivileges.stream().filter(gp ->
+                Objects.equals(request.getGroupUUID(), gp.getGroupUuid())
+                && Objects.equals(request.getPrivilegeUUID(), gp.getPrivilegeUuid())
+                && Objects.equals(request.getSubjectTypeUUID(), gp.getSubjectTypeUuid())
+                && Objects.equals(request.getProgramUUID(), gp.getProgramUuid())
+                && Objects.equals(request.getProgramEncounterTypeUUID(), gp.getProgramEncounterTypeUuid())
+                && Objects.equals(request.getEncounterTypeUUID(), gp.getEncounterTypeUuid())
+                && Objects.equals(request.getChecklistDetailUUID(), gp.getChecklistDetailUuid()))
+                .findAny().orElse(null);
             if (groupPrivilege == null) {
                 groupPrivilege = new GroupPrivilege();
-                groupPrivilege.setUuid(request.getUuid());
+                //don't use uuid from request for bundle uploads since there could be records with matching uuid with older impl_version in db and unique org_uuid constraint is violated
+                groupPrivilege.assignUUID();
+                groupPrivilege.setPrivilege(CollectionUtil.findByUuid(privileges, request.getPrivilegeUUID()));
+                groupPrivilege.setSubjectType(CollectionUtil.findByUuid(subjectTypes, request.getSubjectTypeUUID()));
+                groupPrivilege.setProgram(CollectionUtil.findByUuid(programs, request.getProgramUUID()));
+                groupPrivilege.setEncounterType(CollectionUtil.findByUuid(encounterTypes, request.getEncounterTypeUUID()));
+                groupPrivilege.setProgramEncounterType(CollectionUtil.findByUuid(encounterTypes, request.getProgramEncounterTypeUUID()));
+                groupPrivilege.setChecklistDetail(CollectionUtil.findByUuid(checklistDetails, request.getChecklistDetailUUID()));
+                groupPrivilege.setGroup(getGroup(request, organisation, groups));
             }
-            groupPrivilege.setPrivilege(CollectionUtil.findByUuid(privileges, request.getPrivilegeUUID()));
-            groupPrivilege.setSubjectType(CollectionUtil.findByUuid(subjectTypes, request.getSubjectTypeUUID()));
-            groupPrivilege.setProgram(CollectionUtil.findByUuid(programs, request.getProgramUUID()));
-            groupPrivilege.setEncounterType(CollectionUtil.findByUuid(encounterTypes, request.getEncounterTypeUUID()));
-            groupPrivilege.setProgramEncounterType(CollectionUtil.findByUuid(encounterTypes, request.getProgramEncounterTypeUUID()));
-            groupPrivilege.setChecklistDetail(CollectionUtil.findByUuid(checklistDetails, request.getChecklistDetailUUID()));
-
-            groupPrivilege.setGroup(getGroup(request, organisation, groups));
+
             groupPrivilege.setAllow(request.isAllow());
-            groupPrivilegeRepository.save(groupPrivilege);
+            groupPrivilegeRepository.saveGroupPrivilege(groupPrivilege);
         });
     }
 

avni-server-api/src/main/java/org/avni/server/web/GroupPrivilegeController.java

@@ -46,7 +46,7 @@ public GroupPrivilegeController(GroupPrivilegeRepository groupPrivilegeRepositor
     @RequestMapping(value = "/groups/{id}/privileges", method = RequestMethod.GET)
     public List<GroupPrivilegeContract> getById(@PathVariable("id") Long id) {
         List<GroupPrivilege> allPossibleGroupPrivileges = groupPrivilegeService.getAllGroupPrivileges(id);
-        List<GroupPrivilege> groupPrivileges = groupPrivilegeRepository.findByGroup_Id(id);
+        List<GroupPrivilege> groupPrivileges = groupPrivilegeRepository.findByGroup_IdAndImplVersion(id, GroupPrivilege.IMPL_VERSION);
         groupPrivileges.addAll(allPossibleGroupPrivileges);
         return groupPrivileges.stream()
                 .map(GroupPrivilegeContract::fromEntity)
@@ -61,6 +61,7 @@ public ResponseEntity addOrUpdateGroupPrivileges(@RequestBody List<GroupPrivileg
         List<GroupPrivilege> privilegesToBeAddedOrUpdated = new ArrayList<>();
 
         for (GroupPrivilegeWebRequest groupPrivilegeRequest : request) {
+            //continue to rely on uuid here since privilege list on webapp will either be new records or valid impl_version existing record for the same org
             GroupPrivilege groupPrivilege = groupPrivilegeRepository.findByUuid(groupPrivilegeRequest.getUuid());
             if (groupPrivilege != null) {
                 groupPrivilege.setAllow(groupPrivilegeRequest.isAllow());
@@ -91,6 +92,6 @@ public ResponseEntity addOrUpdateGroupPrivileges(@RequestBody List<GroupPrivileg
             }
         }
 
-        return ResponseEntity.ok(groupPrivilegeRepository.saveAll(privilegesToBeAddedOrUpdated));
+        return ResponseEntity.ok(groupPrivilegeRepository.saveAllGroupPrivileges(privilegesToBeAddedOrUpdated));
     }
 }

avni-server-api/src/main/resources/db/migration/V1_339_1__GroupPrivilegeConstraint.sql

@@ -0,0 +1,35 @@
+alter table group_privilege add column if not exists impl_version int not null default 1;
+
+update group_privilege
+set impl_version = 0
+where is_voided = true;
+
+create or replace function check_group_privilege_uniqueness(groupPrivilegeId int, groupId int, privilegeId int, subjectTypeId int, programId int, programEncounterTypeId int, encounterTypeId int, checklistDetailId int, implVersion int) returns boolean
+  language plpgsql
+as
+$$
+declare
+begin
+  if exists (select gp.*
+             from public.group_privilege gp
+             where gp.group_id = groupId
+               and gp.privilege_id = privilegeId
+               and (gp.subject_type_id = subjectTypeId or (gp.subject_type_id is null and subjectTypeId is null))
+               and (gp.program_id = programId or (gp.program_id is null and programId is null))
+               and (gp.program_encounter_type_id = programEncounterTypeId or (gp.program_encounter_type_id is null and programEncounterTypeId is null))
+               and (gp.encounter_type_id = encounterTypeId or (gp.encounter_type_id is null and encounterTypeId is null))
+               and (gp.checklist_detail_id = checklistDetailId or (gp.checklist_detail_id is null and checklistDetailId is null))
+               and gp.id <> groupPrivilegeId
+               and gp.impl_version = 1
+               and implVersion = 1
+               ) then
+    raise 'Duplicate group privilege exists for: id: %, group_id: %, privilege_id: % subject_type_id: %, program_id: %, program_encounter_type_id: %, encounter_type_id: %, checklist_detail_id: %', groupPrivilegeId, groupId, privilegeId, subjectTypeId, programId, programEncounterTypeId, encounterTypeId, checklistDetailId;
+  end if;
+
+  return true;
+end
+$$;
+
+alter table group_privilege
+  add constraint check_group_privilege_unique
+    check (check_group_privilege_uniqueness(id, group_id, privilege_id, subject_type_id, program_id, program_encounter_type_id, encounter_type_id, checklist_detail_id, impl_version));

avni-server-api/src/test/java/org/avni/server/service/builder/TestGroupService.java

@@ -39,7 +39,7 @@ private void givePrivilege(Group group, GroupPrivilege groupPrivilege, Privilege
         Privilege p = privilegeRepository.findByType(privilegeType);
         groupPrivilege.setPrivilege(p);
         groupPrivilege.setGroup(group);
-        groupPrivilegeRepository.save(groupPrivilege);
+        groupPrivilegeRepository.saveGroupPrivilege(groupPrivilege);
     }
 
     public void giveViewSubjectPrivilegeTo(Group group, SubjectType ... subjectTypes) {