fix: delete all user/group permissions before deleting the user/group…

… itself

shogun-lib/src/main/java/de/terrestris/shogun/lib/service/GroupService.java

@@ -19,6 +19,7 @@
 import de.terrestris.shogun.lib.model.Group;
 import de.terrestris.shogun.lib.model.User;
 import de.terrestris.shogun.lib.repository.GroupRepository;
+import de.terrestris.shogun.lib.service.security.permission.GroupClassPermissionService;
 import de.terrestris.shogun.lib.service.security.provider.GroupProviderService;
 import lombok.extern.log4j.Log4j2;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -27,6 +28,7 @@
 import org.springframework.security.access.prepost.PostFilter;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.stereotype.Service;
+import org.springframework.transaction.annotation.Isolation;
 import org.springframework.transaction.annotation.Transactional;
 
 import java.util.List;
@@ -39,6 +41,9 @@ public class GroupService extends BaseService<GroupRepository, Group> {
     @Autowired
     GroupProviderService groupProviderService;
 
+    @Autowired
+    GroupClassPermissionService groupClassPermissionService;
+
     @PostFilter("hasRole('ROLE_ADMIN') or hasPermission(filterObject, 'READ')")
     @Transactional(readOnly = true)
     @Override
@@ -117,8 +122,19 @@ public void deleteByKeycloakId(String keycloakGroupId) {
             return;
         }
 
+        groupClassPermissionService.deleteAllFor(group);
+        groupInstancePermissionService.deleteAllFor(group);
+
         repository.delete(group);
         log.info("Group with keycloak id {} was deleted in Keycloak and was therefore deleted in SHOGun DB, too.", keycloakGroupId);
     }
 
+    @PreAuthorize("hasRole('ROLE_ADMIN') or hasPermission(#group, 'DELETE')")
+    @Transactional(isolation = Isolation.SERIALIZABLE)
+    public void delete(Group group) {
+        groupClassPermissionService.deleteAllFor(group);
+        groupInstancePermissionService.deleteAllFor(group);
+
+        repository.delete(group);
+    }
 }

shogun-lib/src/main/java/de/terrestris/shogun/lib/service/UserService.java

@@ -18,13 +18,16 @@
 
 import de.terrestris.shogun.lib.model.User;
 import de.terrestris.shogun.lib.repository.UserRepository;
+import de.terrestris.shogun.lib.service.security.permission.UserClassPermissionService;
 import de.terrestris.shogun.lib.service.security.provider.UserProviderService;
 import lombok.extern.log4j.Log4j2;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.data.jpa.domain.Specification;
 import org.springframework.security.access.prepost.PostAuthorize;
 import org.springframework.security.access.prepost.PostFilter;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.stereotype.Service;
+import org.springframework.transaction.annotation.Isolation;
 import org.springframework.transaction.annotation.Transactional;
 
 import java.util.List;
@@ -37,6 +40,9 @@ public class UserService extends BaseService<UserRepository, User> {
     @Autowired
     UserProviderService userProviderService;
 
+    @Autowired
+    UserClassPermissionService userClassPermissionService;
+
     @PostFilter("hasRole('ROLE_ADMIN') or hasPermission(filterObject, 'READ')")
     @Transactional(readOnly = true)
     @Override
@@ -104,9 +110,21 @@ public void deleteByKeycloakId(String keycloakUserId) {
             return;
         }
 
+        userClassPermissionService.deleteAllFor(user);
         userInstancePermissionService.deleteAllFor(user);
+
         repository.delete(user);
+
         log.info("User with keycloak id {} was deleted in Keycloak and was therefore deleted in SHOGun DB, too.", keycloakUserId);
     }
 
+    @PreAuthorize("hasRole('ROLE_ADMIN') or hasPermission(#user, 'DELETE')")
+    @Transactional(isolation = Isolation.SERIALIZABLE)
+    public void delete(User user) {
+        userClassPermissionService.deleteAllFor(user);
+        userInstancePermissionService.deleteAllFor(user);
+
+        repository.delete(user);
+    }
+
 }

shogun-lib/src/main/java/de/terrestris/shogun/lib/service/security/permission/GroupClassPermissionService.java

@@ -294,6 +294,11 @@ private PermissionCollection getPermissionCollection(Optional<GroupClassPermissi
         return new PermissionCollection();
     }
 
+    /**
+     * Deletes all {@link GroupClassPermission} for the given entity.
+     *
+     * @param persistedEntity The entity to clear the permissions for.
+     */
     public void deleteAllFor(BaseEntity persistedEntity) {
         List<GroupClassPermission> groupClassPermissions = this.findFor(persistedEntity);
 
@@ -303,6 +308,20 @@ public void deleteAllFor(BaseEntity persistedEntity) {
             persistedEntity.getId());
     }
 
+    /**
+     * Deletes all {@link GroupClassPermission} for the given group.
+     *
+     * @param group The group to clear the permissions for.
+     */
+    public void deleteAllFor(Group group) {
+        List<GroupClassPermission> groupClassPermissions = this.findFor(group);
+
+        repository.deleteAll(groupClassPermissions);
+
+        log.info("Successfully deleted all group class permissions for group with ID {}",
+            group.getId());
+    }
+
     public void deleteFor(BaseEntity persistedEntity, Group group) {
         Optional<GroupClassPermission> groupClassPermission = this.findFor(persistedEntity, group);
 

shogun-lib/src/main/java/de/terrestris/shogun/lib/service/security/permission/GroupInstancePermissionService.java

@@ -305,7 +305,20 @@ public void deleteAllFor(BaseEntity persistedEntity) {
 
         log.info("Successfully deleted all group instance permissions for entity with ID {}",
             persistedEntity.getId());
-        log.trace("Deleted entity: {}", persistedEntity);
+    }
+
+    /**
+     * Deletes all {@link GroupInstancePermission} for the given group.
+     *
+     * @param group The group to clear the permissions for.
+     */
+    public void deleteAllFor(Group group) {
+        List<GroupInstancePermission> groupInstancePermissions = this.findFor(group);
+
+        repository.deleteAll(groupInstancePermissions);
+
+        log.info("Successfully deleted all group instance permissions for group with ID {}",
+            group.getId());
     }
 
     public void deleteFor(BaseEntity persistedEntity, Group group) {

shogun-lib/src/main/java/de/terrestris/shogun/lib/service/security/permission/UserClassPermissionService.java

@@ -216,6 +216,11 @@ private PermissionCollection getPermissionCollection(Optional<UserClassPermissio
         return new PermissionCollection();
     }
 
+    /**
+     * Deletes all {@link UserClassPermission} for the given entity.
+     *
+     * @param persistedEntity The entity to clear the permissions for.
+     */
     public void deleteAllFor(BaseEntity persistedEntity) {
         List<UserClassPermission> userClassPermissions = this.findFor(persistedEntity);
 
@@ -225,6 +230,20 @@ public void deleteAllFor(BaseEntity persistedEntity) {
             persistedEntity.getId());
     }
 
+    /**
+     * Deletes all {@link UserClassPermission} for the given user.
+     *
+     * @param user The entity to clear the permissions for.
+     */
+    public void deleteAllFor(User user) {
+        List<UserClassPermission> userClassPermissions = this.findFor(user);
+
+        repository.deleteAll(userClassPermissions);
+
+        log.info("Successfully deleted all user class permissions for user with ID {}",
+            user.getId());
+    }
+
     public void deleteFor(BaseEntity persistedEntity, User user) {
         Optional<UserClassPermission> userClassPermission = this.findFor(persistedEntity.getClass(), user);
 

shogun-lib/src/main/java/de/terrestris/shogun/lib/service/security/permission/UserInstancePermissionService.java

@@ -249,7 +249,20 @@ public void deleteAllFor(BaseEntity persistedEntity) {
 
         log.info("Successfully deleted all user instance permissions for entity with ID {}",
             persistedEntity.getId());
-        log.trace("Deleted entity: {}", persistedEntity);
+    }
+
+    /**
+     * Deletes all {@link UserInstancePermission} for the given user.
+     *
+     * @param user The entity to clear the permissions for.
+     */
+    public void deleteAllFor(User user) {
+        List<UserInstancePermission> userInstancePermissions = this.findFor(user);
+
+        repository.deleteAll(userInstancePermissions);
+
+        log.info("Successfully deleted all user instance permissions for user with ID {}",
+            user.getId());
     }
 
     /**