diff --git a/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/ApiMgtDAO.java b/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/ApiMgtDAO.java index 7a7c245992fd..23e6e930c7f4 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/ApiMgtDAO.java +++ b/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/ApiMgtDAO.java @@ -181,6 +181,7 @@ public class ApiMgtDAO { private final Object scopeMutex = new Object(); private boolean forceCaseInsensitiveComparisons = false; private boolean multiGroupAppSharingEnabled = false; + private boolean isOrganizationAccessControlEnabled = false; private String KeyManagerAccessPublic = "PUBLIC"; private static final String[] keyTypes = new String[]{APIConstants.API_KEY_TYPE_PRODUCTION, APIConstants.API_KEY_TYPE_SANDBOX}; @@ -195,8 +196,8 @@ private ApiMgtDAO() { if (caseSensitiveComparison != null) { forceCaseInsensitiveComparisons = Boolean.parseBoolean(caseSensitiveComparison); } - multiGroupAppSharingEnabled = APIUtil.isMultiGroupAppSharingEnabled(); + isOrganizationAccessControlEnabled = APIUtil.isOrganizationAccessControlEnabled(); } /** @@ -4122,50 +4123,35 @@ public boolean updateApplicationOwner(String userName, Application application) * @throws APIManagementException */ public Application[] getApplicationsWithPagination(Subscriber subscriber, String groupingId, int start, - int offset, String search, String sortColumn, String sortOrder, String organization, - String sharedOrganization) + int offset, String search, String sortColumn, String sortOrder, String organization, + String sharedOrganization) throws APIManagementException { Connection connection = null; PreparedStatement prepStmt = null; ResultSet rs = null; Application[] applications = null; - String sqlQuery = null; - boolean isOrgSharingEnabled = true; //TODO need to come from config or from user info + String sqlQuery; + if (groupingId != null && !"null".equals(groupingId) && !groupingId.isEmpty()) { + String orgSharingSuffix = isOrganizationAccessControlEnabled ? "ORG_SHARING_" : ""; if (multiGroupAppSharingEnabled) { - if (forceCaseInsensitiveComparisons) { - sqlQuery = SQLConstantManagerFactory. - getSQlString("GET_APPLICATIONS_PREFIX_NONE_CASESENSITVE_WITH_MULTIGROUPID"); - } else { - sqlQuery = SQLConstantManagerFactory. - getSQlString("GET_APPLICATIONS_PREFIX_CASESENSITVE_WITH_MULTIGROUPID"); - } + sqlQuery = getSqlQuery( + forceCaseInsensitiveComparisons, + orgSharingSuffix + "WITH_MULTIGROUPID" + ); } else { - if (forceCaseInsensitiveComparisons) { - sqlQuery = SQLConstantManagerFactory. - getSQlString("GET_APPLICATIONS_PREFIX_NONE_CASESENSITVE_WITHGROUPID"); - } else { - sqlQuery = SQLConstantManagerFactory. - getSQlString("GET_APPLICATIONS_PREFIX_CASESENSITVE_WITHGROUPID"); - } + sqlQuery = getSqlQuery( + forceCaseInsensitiveComparisons, + orgSharingSuffix + "WITHGROUPID" + ); } } else { - if (forceCaseInsensitiveComparisons) { - if (isOrgSharingEnabled) { - sqlQuery = SQLConstantManagerFactory - .getSQlString("GET_APPLICATIONS_PREFIX_NONE_CASESENSITVE_WITH_ORGSHARING"); - } else { - sqlQuery = SQLConstantManagerFactory.getSQlString("GET_APPLICATIONS_PREFIX_NONE_CASESENSITVE"); - } - } else { - if (isOrgSharingEnabled) { - sqlQuery = SQLConstantManagerFactory - .getSQlString("GET_APPLICATIONS_PREFIX_CASESENSITVE_WITH_ORGSHARING"); - } else { - sqlQuery = SQLConstantManagerFactory.getSQlString("GET_APPLICATIONS_PREFIX_CASESENSITVE"); - } - } + String orgSharingSuffix = isOrganizationAccessControlEnabled ? "ORG_SHARING" : ""; + sqlQuery = getSqlQuery( + forceCaseInsensitiveComparisons, + orgSharingSuffix + ); } try { @@ -4197,43 +4183,44 @@ public Application[] getApplicationsWithPagination(Subscriber subscriber, String prepStmt.setString(++noOfParams, tenantDomain); prepStmt.setString(++noOfParams, subscriber.getName()); prepStmt.setString(++noOfParams, tenantDomain + '/' + groupingId); + if (isOrganizationAccessControlEnabled) { + prepStmt.setString(++noOfParams, sharedOrganization); + } prepStmt.setString(++noOfParams, organization); prepStmt.setString(++noOfParams, "%" + search + "%"); prepStmt.setInt(++noOfParams, start); prepStmt.setInt(++noOfParams, offset); } else { + int noOfParams = 0; prepStmt = connection.prepareStatement(sqlQuery); - prepStmt.setString(1, groupingId); - prepStmt.setString(2, subscriber.getName()); - prepStmt.setString(3, organization); - prepStmt.setString(4, "%" + search + "%"); - prepStmt.setInt(5, start); - prepStmt.setInt(6, offset); + prepStmt.setString(++noOfParams, groupingId); + prepStmt.setString(++noOfParams, subscriber.getName()); + if (isOrganizationAccessControlEnabled) { + prepStmt.setString(++noOfParams, sharedOrganization); + } + prepStmt.setString(++noOfParams, organization); + prepStmt.setString(++noOfParams, "%" + search + "%"); + prepStmt.setInt(++noOfParams, start); + prepStmt.setInt(++noOfParams, offset); } } else { - if (isOrgSharingEnabled) { - prepStmt = connection.prepareStatement(sqlQuery); - prepStmt.setString(1, subscriber.getName()); - prepStmt.setString(2, sharedOrganization); - prepStmt.setString(3, organization); - prepStmt.setString(4, "%" + search + "%"); - prepStmt.setInt(5, start); - prepStmt.setInt(6, offset); - } else { - prepStmt = connection.prepareStatement(sqlQuery); - prepStmt.setString(1, subscriber.getName()); - prepStmt.setString(2, organization); - prepStmt.setString(3, "%" + search + "%"); - prepStmt.setInt(4, start); - prepStmt.setInt(5, offset); + int noOfParams = 0; + prepStmt = connection.prepareStatement(sqlQuery); + prepStmt.setString(++noOfParams, subscriber.getName()); + if (isOrganizationAccessControlEnabled) { + prepStmt.setString(++noOfParams, sharedOrganization); } + prepStmt.setString(++noOfParams, organization); + prepStmt.setString(++noOfParams, "%" + search + "%"); + prepStmt.setInt(++noOfParams, start); + prepStmt.setInt(++noOfParams, offset); } - if (log.isDebugEnabled()) { - log.debug("Query: " + sqlQuery); - log.debug("Param: " + "Sub:" + subscriber.getName() + " GroupId: " + groupingId + " Search:%" + search - + "% " + "Start:" + start + " Offset:" + offset + " SortColumn:" + sortColumn + " SortOrder:" - + sortOrder); - } + + log.info("Query: " + sqlQuery); + log.info("Param: " + "Sub:" + subscriber.getName() + " GroupId: " + groupingId + " Search:%" + search + + "% " + "Start:" + start + " Offset:" + offset + " SortColumn:" + sortColumn + " SortOrder:" + + sortOrder); + rs = prepStmt.executeQuery(); ArrayList applicationsList = new ArrayList(); Application application; @@ -4253,11 +4240,11 @@ public Application[] getApplicationsWithPagination(Subscriber subscriber, String application.setCreatedTime(String.valueOf(rs.getTimestamp("APP_CREATED_TIME").getTime())); if (multiGroupAppSharingEnabled) { - setGroupIdInApplication(connection,application); + setGroupIdInApplication(connection, application); } //setting subscription count - int subscriptionCount = getSubscriptionCountByApplicationId(connection,application, organization); + int subscriptionCount = getSubscriptionCountByApplicationId(connection, application, organization); application.setSubscriptionCount(subscriptionCount); // Get custom attributes of application @@ -4277,6 +4264,14 @@ public Application[] getApplicationsWithPagination(Subscriber subscriber, String return applications; } + private String getSqlQuery(boolean isCaseInsensitive, String suffix) throws APIManagementException { + String caseType = isCaseInsensitive ? "NONE_CASESENSITVE" : "CASESENSITVE"; + + return SQLConstantManagerFactory.getSQlString( + String.format("GET_APPLICATIONS_PREFIX_%s_%s", caseType, suffix) + ); + } + /** * Returns all the applications associated with given subscriber and group id, without their keys. * diff --git a/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/constants/SQLConstantsH2MySQL.java b/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/constants/SQLConstantsH2MySQL.java index 59ff88cc00b2..76b853a2fe4e 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/constants/SQLConstantsH2MySQL.java +++ b/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/constants/SQLConstantsH2MySQL.java @@ -89,6 +89,74 @@ public class SQLConstantsH2MySQL extends SQLConstants{ " )x left join AM_BLOCK_CONDITIONS bl on ( bl.TYPE = 'APPLICATION' AND bl.BLOCK_CONDITION = concat(concat(x.USER_ID,':'),x.name)) " + " ORDER BY $1 $2 limit ? , ?"; + public static final String GET_APPLICATIONS_PREFIX_CASESENSITVE_ORG_SHARING_WITHGROUPID = + "select distinct x.*,bl.ENABLED from (" + + " SELECT " + + " APPLICATION_ID, " + + " NAME," + + " APPLICATION_TIER," + + " APP.SUBSCRIBER_ID, " + + " APP.CREATED_TIME AS APP_CREATED_TIME, " + + " APP.UPDATED_TIME AS APP_UPDATED_TIME, " + + " CALLBACK_URL, " + + " DESCRIPTION, " + + " APPLICATION_STATUS, " + + " USER_ID, " + + " GROUP_ID, " + + " UUID, " + + " APP.CREATED_BY AS CREATED_BY, " + + " APP.TOKEN_TYPE AS TOKEN_TYPE " + + " FROM" + + " AM_APPLICATION APP, " + + " AM_SUBSCRIBER SUB " + + " WHERE " + + " SUB.SUBSCRIBER_ID = APP.SUBSCRIBER_ID " + + " AND " + + " (GROUP_ID= ? OR (GROUP_ID='' AND LOWER (SUB.USER_ID) = LOWER(?)))" + + " AND " + + " APP.SHARED_ORGANIZATION = ? " + + " AND " + + " APP.ORGANIZATION = ? " + + " And " + + " LOWER (NAME) like LOWER (?)" + + " )x left join AM_BLOCK_CONDITIONS bl on ( bl.TYPE = 'APPLICATION' AND bl.BLOCK_CONDITION = concat(concat(x.USER_ID,':'),x.name)) " + + " ORDER BY $1 $2 limit ? , ?"; + + + public static final String GET_APPLICATIONS_PREFIX_NONE_CASESENSITVE_ORG_SHARING_WITHGROUPID = + "select distinct x.*,bl.ENABLED from (" + + "SELECT " + + " APPLICATION_ID, " + + " NAME," + + " APPLICATION_TIER," + + " APP.SUBSCRIBER_ID, " + + " APP.CREATED_TIME AS APP_CREATED_TIME, " + + " APP.UPDATED_TIME AS APP_UPDATED_TIME, " + + " CALLBACK_URL, " + + " DESCRIPTION, " + + " APPLICATION_STATUS, " + + " USER_ID, " + + " GROUP_ID, " + + " UUID, " + + " APP.CREATED_BY AS CREATED_BY, " + + " APP.TOKEN_TYPE AS TOKEN_TYPE " + + " FROM" + + " AM_APPLICATION APP, " + + " AM_SUBSCRIBER SUB " + + " WHERE " + + " SUB.SUBSCRIBER_ID = APP.SUBSCRIBER_ID " + + " AND " + + " (GROUP_ID= ? OR (GROUP_ID='' AND LOWER (SUB.USER_ID) = LOWER (?)))"+ + " AND " + + " APP.SHARED_ORGANIZATION = ? " + + " AND " + + " APP.ORGANIZATION = ? " + + " And "+ + " LOWER (NAME) like LOWER (?)"+ + " )x left join AM_BLOCK_CONDITIONS bl on ( bl.TYPE = 'APPLICATION' AND bl.BLOCK_CONDITION = concat(concat(x.USER_ID,':'),x.name)) " + + " ORDER BY $1 $2 limit ? , ?"; + + public static final String GET_APPLICATIONS_PREFIX_CASESENSITVE_WITH_MULTIGROUPID = "select distinct x.*,bl.ENABLED from (" + " SELECT " + @@ -229,7 +297,7 @@ public class SQLConstantsH2MySQL extends SQLConstants{ " )x left join AM_BLOCK_CONDITIONS bl on ( bl.TYPE = 'APPLICATION' AND bl.BLOCK_CONDITION = concat(concat(x.USER_ID,':'),x.name)) " + " ORDER BY $1 $2 limit ? , ?"; - public static final String GET_APPLICATIONS_PREFIX_CASESENSITVE_WITH_ORGSHARING = + public static final String GET_APPLICATIONS_PREFIX_CASESENSITVE_ORG_SHARING = "select distinct x.*,bl.ENABLED from (" + "SELECT " + " APPLICATION_ID, " + @@ -252,7 +320,9 @@ public class SQLConstantsH2MySQL extends SQLConstants{ " AM_SUBSCRIBER SUB " + " WHERE " + " SUB.SUBSCRIBER_ID = APP.SUBSCRIBER_ID " + - " AND (LOWER(SUB.USER_ID) = LOWER(?) OR APP.SHARED_ORGANIZATION = ? )" + + " AND (GROUP_ID='' AND LOWER(SUB.USER_ID) = LOWER(?) " + + " OR (APPLICATION_ID NOT IN (SELECT APPLICATION_ID FROM AM_APPLICATION_GROUP_MAPPING) " + + " AND (APP.SHARED_ORGANIZATION = ?) )" + " AND " + " APP.ORGANIZATION = ? " + " And "+ @@ -260,7 +330,7 @@ public class SQLConstantsH2MySQL extends SQLConstants{ " )x left join AM_BLOCK_CONDITIONS bl on ( bl.TYPE = 'APPLICATION' AND bl.BLOCK_CONDITION = concat(concat(x.USER_ID,':'),x.name)) " + " ORDER BY $1 $2 limit ? , ?"; - public static final String GET_APPLICATIONS_PREFIX_NONE_CASESENSITVE_WITH_ORGSHARING = + public static final String GET_APPLICATIONS_PREFIX_NONE_CASESENSITVE_ORG_SHARING = "select distinct x.*,bl.ENABLED from (" + "SELECT " + " APPLICATION_ID, " + @@ -283,7 +353,9 @@ public class SQLConstantsH2MySQL extends SQLConstants{ " AM_SUBSCRIBER SUB " + " WHERE " + " SUB.SUBSCRIBER_ID = APP.SUBSCRIBER_ID " + - " AND (LOWER(SUB.USER_ID) = LOWER(?) OR APP.SHARED_ORGANIZATION = ? )" + + " AND (GROUP_ID='' AND LOWER(SUB.USER_ID) = LOWER(?) " + + "OR (APPLICATION_ID NOT IN (SELECT APPLICATION_ID FROM AM_APPLICATION_GROUP_MAPPING)" + + "AND APP.SHARED_ORGANIZATION = ? ))" + " AND " + " APP.ORGANIZATION = ? " + " And "+ @@ -291,6 +363,84 @@ public class SQLConstantsH2MySQL extends SQLConstants{ " )x left join AM_BLOCK_CONDITIONS bl on ( bl.TYPE = 'APPLICATION' AND bl.BLOCK_CONDITION = concat(concat(x.USER_ID,':'),x.name)) " + " ORDER BY $1 $2 limit ? , ?"; + public static final String GET_APPLICATIONS_PREFIX_CASESENSITVE_ORG_SHARING_WITH_MULTIGROUPID = + "select distinct x.*,bl.ENABLED from (" + + " SELECT " + + " APPLICATION_ID, " + + " NAME," + + " APPLICATION_TIER," + + " APP.SUBSCRIBER_ID, " + + " APP.CREATED_TIME AS APP_CREATED_TIME, " + + " APP.UPDATED_TIME AS APP_UPDATED_TIME, " + + " CALLBACK_URL, " + + " DESCRIPTION, " + + " APPLICATION_STATUS, " + + " USER_ID, " + + " GROUP_ID, " + + " UUID, " + + " APP.CREATED_BY AS CREATED_BY, " + + " APP.TOKEN_TYPE AS TOKEN_TYPE, " + + " APP.SHARED_ORGANIZATION AS SHARED_ORGANIZATION " + + " FROM" + + " AM_APPLICATION APP, " + + " AM_SUBSCRIBER SUB " + + " WHERE " + + " SUB.SUBSCRIBER_ID = APP.SUBSCRIBER_ID " + + " AND (" + + " (APPLICATION_ID IN ( SELECT APPLICATION_ID FROM AM_APPLICATION_GROUP_MAPPING WHERE GROUP_ID " + + " IN ($params) AND TENANT = ? ))" + + " OR " + + " (SUB.USER_ID = ?)" + + " OR " + + " (APP.APPLICATION_ID IN (SELECT APPLICATION_ID FROM AM_APPLICATION WHERE GROUP_ID = ?))" + + " )" + + " AND " + + " APP.SHARED_ORGANIZATION = ? " + + " AND " + + " APP.ORGANIZATION = ? " + + " And " + + " LOWER (NAME) like LOWER (?)"+ + " )x left join AM_BLOCK_CONDITIONS bl on ( bl.TYPE = 'APPLICATION' AND bl.BLOCK_CONDITION = concat(concat(x.USER_ID,':'),x.name)) " + + " ORDER BY $1 $2 limit ? , ?"; + + public static final String GET_APPLICATIONS_PREFIX_NONE_CASESENSITVE_ORG_SHARING_WITH_MULTIGROUPID = + "select distinct x.*,bl.ENABLED from (" + + "SELECT " + + " APPLICATION_ID, " + + " NAME," + + " APPLICATION_TIER," + + " APP.SUBSCRIBER_ID, " + + " APP.CREATED_TIME AS APP_CREATED_TIME, " + + " APP.UPDATED_TIME AS APP_UPDATED_TIME, " + + " CALLBACK_URL, " + + " DESCRIPTION, " + + " APPLICATION_STATUS, " + + " USER_ID, " + + " GROUP_ID, " + + " UUID, " + + " APP.CREATED_BY AS CREATED_BY, " + + " APP.TOKEN_TYPE AS TOKEN_TYPE, " + + " APP.SHARED_ORGANIZATION AS SHARED_ORGANIZATION " + + " FROM" + + " AM_APPLICATION APP, " + + " AM_SUBSCRIBER SUB " + + " WHERE " + + " SUB.SUBSCRIBER_ID = APP.SUBSCRIBER_ID " + + " AND (" + + " (APPLICATION_ID IN ( SELECT APPLICATION_ID FROM AM_APPLICATION_GROUP_MAPPING WHERE GROUP_ID IN ($params) AND TENANT = ?)) " + + " OR " + + " (LOWER (SUB.USER_ID) = LOWER(?))" + + " OR " + + " (APP.APPLICATION_ID IN (SELECT APPLICATION_ID FROM AM_APPLICATION WHERE GROUP_ID = ?))" + + " )" + + " AND " + + " APP.SHARED_ORGANIZATION = ? " + + " AND " + + " APP.ORGANIZATION = ? " + + " And "+ + " LOWER (NAME) like LOWER (?)"+ + " )x left join AM_BLOCK_CONDITIONS bl on ( bl.TYPE = 'APPLICATION' AND bl.BLOCK_CONDITION = concat(concat(x.USER_ID,':'),x.name)) " + + " ORDER BY $1 $2 limit ? , ?"; public static final String GET_APPLICATIONS_BY_TENANT_ID = " SELECT " + diff --git a/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/db2.sql b/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/db2.sql index 18f79845fdb9..cc0a0a8641a0 100644 --- a/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/db2.sql +++ b/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/db2.sql @@ -2297,6 +2297,7 @@ CREATE TABLE AM_APPLICATION ( UUID VARCHAR(256), TOKEN_TYPE VARCHAR(100), ORGANIZATION VARCHAR(100) NOT NULL, + SHARED_ORGANIZATION VARCHAR(100), FOREIGN KEY(SUBSCRIBER_ID) REFERENCES AM_SUBSCRIBER(SUBSCRIBER_ID) ON DELETE RESTRICT, PRIMARY KEY(APPLICATION_ID), UNIQUE (NAME,SUBSCRIBER_ID,ORGANIZATION) @@ -2751,6 +2752,13 @@ CREATE TABLE AM_POLICY_GLOBAL ( UNIQUE (UUID) )/ +CREATE TABLE AM_POLICY_ALLOWED_ORGS ( + ALLOWED_ORGS_ID INT GENERATED ALWAYS AS IDENTITY + (START WITH 1 INCREMENT BY 1) PRIMARY KEY, + POLICY_UUID VARCHAR(50) NOT NULL, + ALLOWED_ORGANIZATIONS VARCHAR(50) NOT NULL +)/ + CREATE TABLE AM_THROTTLE_TIER_PERMISSIONS ( THROTTLE_TIER_PERMISSIONS_ID INT NOT NULL GENERATED ALWAYS AS IDENTITY (START WITH 1 INCREMENT BY 1), TIER VARCHAR(50) NULL, @@ -2888,6 +2896,13 @@ CREATE TABLE AM_KEY_MANAGER_PERMISSIONS ( ) / +CREATE TABLE AM_KEY_MANAGER_ALLOWED_ORGS ( + KEY_MANAGER_UUID VARCHAR(50) NOT NULL, + ALLOWED_ORGANIZATIONS VARCHAR(50) NOT NULL, + PRIMARY KEY (KEY_MANAGER_UUID, ALLOWED_ORGANIZATIONS), + FOREIGN KEY (KEY_MANAGER_UUID) REFERENCES AM_KEY_MANAGER(UUID) ON DELETE CASCADE +); + CREATE TABLE AM_API_CATEGORIES ( UUID VARCHAR(50) NOT NULL, NAME VARCHAR(255) NOT NULL, diff --git a/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mssql.sql b/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mssql.sql index 2f4e61448898..f30840903a48 100644 --- a/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mssql.sql +++ b/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mssql.sql @@ -1693,6 +1693,7 @@ CREATE TABLE AM_APPLICATION ( UUID VARCHAR(256), TOKEN_TYPE VARCHAR(10), ORGANIZATION VARCHAR(100), + SHARED_ORGANIZATION VARCHAR(100), FOREIGN KEY(SUBSCRIBER_ID) REFERENCES AM_SUBSCRIBER(SUBSCRIBER_ID) ON UPDATE CASCADE, PRIMARY KEY(APPLICATION_ID), UNIQUE (NAME,SUBSCRIBER_ID,ORGANIZATION), @@ -2219,6 +2220,12 @@ CREATE TABLE AM_POLICY_GLOBAL ( UNIQUE (UUID) ); +CREATE TABLE AM_POLICY_ALLOWED_ORGS ( + ALLOWED_ORGS_ID INT IDENTITY(1,1) PRIMARY KEY, + POLICY_UUID VARCHAR(50) NOT NULL, + ALLOWED_ORGANIZATIONS VARCHAR(50) NOT NULL +); + IF NOT EXISTS (SELECT * FROM SYS.OBJECTS WHERE OBJECT_ID = OBJECT_ID(N'[DBO].[AM_THROTTLE_TIER_PERMISSIONS]') AND TYPE IN (N'U')) CREATE TABLE AM_THROTTLE_TIER_PERMISSIONS ( THROTTLE_TIER_PERMISSIONS_ID INTEGER IDENTITY(1,1), @@ -2377,6 +2384,13 @@ CREATE TABLE AM_KEY_MANAGER_PERMISSIONS ( FOREIGN KEY (KEY_MANAGER_UUID) REFERENCES AM_KEY_MANAGER(UUID) ON DELETE CASCADE ); +CREATE TABLE AM_KEY_MANAGER_ALLOWED_ORGS ( + KEY_MANAGER_UUID VARCHAR(50) NOT NULL, + ALLOWED_ORGANIZATIONS VARCHAR(50) NOT NULL, + PRIMARY KEY (KEY_MANAGER_UUID, ALLOWED_ORGANIZATIONS), + FOREIGN KEY (KEY_MANAGER_UUID) REFERENCES AM_KEY_MANAGER(UUID) ON DELETE CASCADE +); + IF NOT EXISTS (SELECT * FROM SYS.OBJECTS WHERE OBJECT_ID = OBJECT_ID(N'[DBO].[AM_GW_PUBLISHED_API_DETAILS]') AND TYPE IN (N'U')) CREATE TABLE AM_GW_PUBLISHED_API_DETAILS ( API_ID varchar(255) NOT NULL, diff --git a/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql.sql b/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql.sql index d13ac6b10ca9..4f1770cf67be 100644 --- a/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql.sql +++ b/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql.sql @@ -1944,6 +1944,14 @@ CREATE TABLE IF NOT EXISTS AM_POLICY_GLOBAL ( UNIQUE (UUID) )ENGINE INNODB; + +CREATE TABLE IF NOT EXISTS AM_POLICY_ALLOWED_ORGS ( + ALLOWED_ORGS_ID INT NOT NULL AUTO_INCREMENT, + POLICY_UUID VARCHAR(50) NOT NULL, + ALLOWED_ORGANIZATIONS VARCHAR(50) NOT NULL, + PRIMARY KEY (ALLOWED_ORGS_ID) +) ENGINE INNODB; + CREATE TABLE IF NOT EXISTS AM_THROTTLE_TIER_PERMISSIONS ( THROTTLE_TIER_PERMISSIONS_ID INT NOT NULL AUTO_INCREMENT, TIER VARCHAR(50) NULL, @@ -2180,6 +2188,14 @@ CREATE TABLE IF NOT EXISTS AM_KEY_MANAGER_PERMISSIONS ( FOREIGN KEY (KEY_MANAGER_UUID) REFERENCES AM_KEY_MANAGER(UUID) ON DELETE CASCADE ); +CREATE TABLE IF NOT EXISTS AM_KEY_MANAGER_ALLOWED_ORGS ( + KEY_MANAGER_UUID VARCHAR(50) NOT NULL, + ALLOWED_ORGANIZATIONS VARCHAR(50) NOT NULL, + PRIMARY KEY (KEY_MANAGER_UUID, ALLOWED_ORGANIZATIONS), + FOREIGN KEY (KEY_MANAGER_UUID) REFERENCES AM_KEY_MANAGER(UUID) ON DELETE CASCADE +); + + -- AM_GW_PUBLISHED_API_DETAILS & AM_GW_API_ARTIFACTS are independent tables for Artifact synchronizer feature which -- -- should not have any referential integrity constraints with other tables in AM database-- CREATE TABLE IF NOT EXISTS AM_GW_PUBLISHED_API_DETAILS ( diff --git a/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle_23c.sql b/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle_23c.sql index 59046ee60d45..e5b2787b0b5a 100644 --- a/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle_23c.sql +++ b/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle_23c.sql @@ -2412,6 +2412,7 @@ CREATE TABLE AM_APPLICATION ( UUID VARCHAR2(256), TOKEN_TYPE VARCHAR2(100), ORGANIZATION VARCHAR(100), + SHARED_ORGANIZATION VARCHAR(100), FOREIGN KEY(SUBSCRIBER_ID) REFERENCES AM_SUBSCRIBER(SUBSCRIBER_ID) ON DELETE CASCADE, PRIMARY KEY(APPLICATION_ID), UNIQUE (NAME,SUBSCRIBER_ID,ORGANIZATION), @@ -3181,6 +3182,22 @@ BEGIN END; / +CREATE SEQUENCE AM_POLICY_ALLOWED_ORGS_SEQ START WITH 1 INCREMENT BY 1; + +CREATE TABLE AM_POLICY_ALLOWED_ORGS ( + ALLOWED_ORGS_ID NUMBER PRIMARY KEY, + POLICY_UUID VARCHAR2(50) NOT NULL, + ALLOWED_ORGANIZATIONS VARCHAR2(50) NOT NULL +); + +CREATE OR REPLACE TRIGGER AM_POLICY_ALLOWED_ORGS_TRG + BEFORE INSERT ON AM_POLICY_ALLOWED_ORGS + FOR EACH ROW +BEGIN + :NEW.ALLOWED_ORGS_ID := AM_POLICY_ALLOWED_ORGS_SEQ.NEXTVAL; +END; +/ + CREATE TABLE AM_THROTTLE_TIER_PERMISSIONS ( THROTTLE_TIER_PERMISSIONS_ID INTEGER NOT NULL, TIER VARCHAR2(50) NULL, @@ -3382,6 +3399,14 @@ CREATE TABLE AM_KEY_MANAGER_PERMISSIONS ( ) / +CREATE TABLE AM_KEY_MANAGER_ALLOWED_ORGS ( + KEY_MANAGER_UUID VARCHAR(50) NOT NULL, + ALLOWED_ORGANIZATIONS VARCHAR(50) NOT NULL, + PRIMARY KEY (KEY_MANAGER_UUID, ALLOWED_ORGANIZATIONS), + FOREIGN KEY (KEY_MANAGER_UUID) REFERENCES AM_KEY_MANAGER(UUID) ON DELETE CASCADE +) + / + -- AM_GW_PUBLISHED_API_DETAILS & AM_GW_API_ARTIFACTS are independent tables for Artifact synchronizer feature which -- -- should not have any referential integrity constraints with other tables in AM database-- diff --git a/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle_rac.sql b/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle_rac.sql index 304e8bcb1ac6..9a5ebb5a140e 100644 --- a/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle_rac.sql +++ b/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle_rac.sql @@ -2402,6 +2402,7 @@ CREATE TABLE AM_APPLICATION ( UUID VARCHAR2(256), TOKEN_TYPE VARCHAR2(100), ORGANIZATION VARCHAR(100), + SHARED_ORGANIZATION VARCHAR(100), FOREIGN KEY(SUBSCRIBER_ID) REFERENCES AM_SUBSCRIBER(SUBSCRIBER_ID) ON DELETE CASCADE, PRIMARY KEY(APPLICATION_ID), UNIQUE (NAME,SUBSCRIBER_ID,ORGANIZATION), @@ -3155,6 +3156,25 @@ BEGIN END; / +CREATE SEQUENCE AM_POLICY_ALLOWED_ORGS_SEQ + START WITH 1 + INCREMENT BY 1 + NOCACHE; + +CREATE TABLE AM_POLICY_ALLOWED_ORGS ( + ALLOWED_ORGS_ID NUMBER PRIMARY KEY, + POLICY_UUID VARCHAR2(50) NOT NULL, + ALLOWED_ORGANIZATIONS VARCHAR2(50) NOT NULL +); + +CREATE OR REPLACE TRIGGER AM_POLICY_ALLOWED_ORGS_TRG + BEFORE INSERT ON AM_POLICY_ALLOWED_ORGS + FOR EACH ROW +BEGIN + :NEW.ALLOWED_ORGS_ID := AM_POLICY_ALLOWED_ORGS_SEQ.NEXTVAL; +END; +/ + CREATE TABLE AM_THROTTLE_TIER_PERMISSIONS ( THROTTLE_TIER_PERMISSIONS_ID INTEGER NOT NULL, TIER VARCHAR2(50) NULL, @@ -3355,6 +3375,14 @@ CREATE TABLE AM_KEY_MANAGER_PERMISSIONS ( ) / +CREATE TABLE AM_KEY_MANAGER_ALLOWED_ORGS ( + KEY_MANAGER_UUID VARCHAR(50) NOT NULL, + ALLOWED_ORGANIZATIONS VARCHAR(50) NOT NULL, + PRIMARY KEY (KEY_MANAGER_UUID, ALLOWED_ORGANIZATIONS), + FOREIGN KEY (KEY_MANAGER_UUID) REFERENCES AM_KEY_MANAGER(UUID) ON DELETE CASCADE +) + / + -- AM_GW_PUBLISHED_API_DETAILS & AM_GW_API_ARTIFACTS are independent tables for Artifact synchronizer feature which -- -- should not have any referential integrity constraints with other tables in AM database-- CREATE TABLE AM_GW_PUBLISHED_API_DETAILS ( diff --git a/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql b/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql index 8f741c079bf5..4043d574facc 100644 --- a/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql +++ b/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/postgresql.sql @@ -1816,6 +1816,7 @@ CREATE TABLE IF NOT EXISTS AM_APPLICATION ( UUID VARCHAR(256), TOKEN_TYPE VARCHAR(10), ORGANIZATION VARCHAR(100), + SHARED_ORGANIZATION VARCHAR(100), FOREIGN KEY(SUBSCRIBER_ID) REFERENCES AM_SUBSCRIBER(SUBSCRIBER_ID) ON UPDATE CASCADE ON DELETE RESTRICT, PRIMARY KEY(APPLICATION_ID), UNIQUE (NAME,SUBSCRIBER_ID,ORGANIZATION), @@ -2306,6 +2307,13 @@ CREATE TABLE IF NOT EXISTS AM_POLICY_GLOBAL ( UNIQUE (UUID) ); +CREATE TABLE IF NOT EXISTS AM_POLICY_ALLOWED_ORGS ( + ALLOWED_ORGS_ID SERIAL PRIMARY KEY, + POLICY_UUID VARCHAR(50) NOT NULL, + ALLOWED_ORGANIZATIONS VARCHAR(50) NOT NULL + ); + + CREATE SEQUENCE AM_THROTTLE_TIER_PERMISSIONS_SEQ START WITH 1 INCREMENT BY 1; CREATE TABLE IF NOT EXISTS AM_THROTTLE_TIER_PERMISSIONS ( THROTTLE_TIER_PERMISSIONS_ID INTEGER DEFAULT NEXTVAL('AM_THROTTLE_TIER_PERMISSIONS_SEQ'), @@ -2466,6 +2474,13 @@ CREATE TABLE IF NOT EXISTS AM_KEY_MANAGER_PERMISSIONS ( FOREIGN KEY (KEY_MANAGER_UUID) REFERENCES AM_KEY_MANAGER(UUID) ON DELETE CASCADE ); +CREATE TABLE IF NOT EXISTS AM_KEY_MANAGER_ALLOWED_ORGS ( + KEY_MANAGER_UUID VARCHAR(50) NOT NULL, + ALLOWED_ORGANIZATIONS VARCHAR(50) NOT NULL, + PRIMARY KEY (KEY_MANAGER_UUID, ALLOWED_ORGANIZATIONS), + FOREIGN KEY (KEY_MANAGER_UUID) REFERENCES AM_KEY_MANAGER(UUID) ON DELETE CASCADE +); + -- AM_GW_PUBLISHED_API_DETAILS & AM_GW_API_ARTIFACTS are independent tables for Artifact synchronizer feature which -- -- should not have any referential integrity constraints with other tables in AM database-- DROP TABLE IF EXISTS AM_GW_PUBLISHED_API_DETAILS;