1

我是 sql 的新手,我想在这里遵循这个例子:http: //net.tutsplus.com/tutorials/php/a-better-login-system/

所以问题的要点是,

  1. 有些permissions允许访问资源
  2. roles可以有多个permissions
  3. users可能有多个roles和多个permissions

db 表如下所示:

permission role user role_permissions user_rolesuser_permissions

这是创建表的代码:

CREATE TABLE "permission" (
    "id" SERIAL PRIMARY KEY,
    "permission_key" VARCHAR(32) NOT NULL UNIQUE,
    "permission_name" VARCHAR(32) NOT NULL);

CREATE TABLE "role" (
    "id" SERIAL PRIMARY KEY,
    "role_name" varchar(32) NOT NULL);

CREATE TABLE "role_permissions" (
    "id" SERIAL PRIMARY KEY,
    "role_id" INTEGER NOT NULL,
    "permission_id" INTEGER  NOT NULL,
    "value"  BOOLEAN NOT NULL DEFAULT FALSE,
    "created_date" DATE NOT NULL, 
    UNIQUE ("role_id","permission_id"));

CREATE TABLE "user" (
    "id" SERIAL PRIMARY KEY,
    "username" VARCHAR(32) UNIQUE);

CREATE TABLE "user_permissions" (
    "id" SERIAL PRIMARY KEY,
    "user_id" INTEGER NOT NULL,
    "permission_id" INTEGER  NOT NULL,
    "value"  BOOLEAN NOT NULL DEFAULT FALSE,
    "created_date" DATE NOT NULL, 
    UNIQUE ("user_id","permission_id"));

CREATE TABLE "user_roles" (
    "id" SERIAL PRIMARY KEY,
    "user_id" INTEGER NOT NULL,
    "role_id" INTEGER NOT NULL,
    "created_date" DATE NOT NULL, 
    UNIQUE ("user_id", "role_id"));

我的问题是:

我希望能够在 sql 语句中编写以下内容:

  1. “找到我所有PERMISSIONS可用ROLENAME东西________

  2. “找到我所有PERMISSIONS可用USERNAME东西________

我知道我可以使用 ID 来匹配所有内容,但我想改用名称,因为我认为“找到用户 x 的所有权限”对我来说更有意义

另外,关于第二个问题,请注意用户可以通过两种方式获得权限:

User > Role > Permission
User > Permission

为简洁起见,我更愿意在单个语句中获得结果。

另外,如果有人知道如何将其转换为Korma查询,我将不胜感激。

4

1 回答 1

1

我不得不做出一些选择。如果同时存在用户权限和角色权限,则适用用户权限。我用zuser和zrole替换了用户和角色,因为它们是postgres中的保留字,我不喜欢引用。该查询目前的形式不是很东方,但它似乎有效。数据是虚构的。

DROP SCHEMA tmp CASCADE;
CREATE SCHEMA tmp ;
SET search_path='tmp';


CREATE TABLE permission
    ( id SERIAL PRIMARY KEY
    , permission_key VARCHAR(32) NOT NULL UNIQUE
    , permission_name VARCHAR(32) NOT NULL
    );
INSERT INTO permission(id,permission_key, permission_name) VALUES
 (1, 'Eat', 'Eat' ) , (2, 'Drink', 'Drink' )
 ,(3, 'Shit', 'Shit' ) , (4, 'Urinate', 'Urinate' )
    ;

CREATE TABLE zrole
    ( id SERIAL PRIMARY KEY
    , role_name varchar(32) NOT NULL
    );
INSERT INTO zrole(id, role_name) VALUES
  (1, 'Manager'), (2, 'Employee'), (3, 'Client') , (4, 'Visitor')
    ;

CREATE TABLE zuser
    ( id SERIAL PRIMARY KEY
    , username VARCHAR(32) UNIQUE
    );
INSERT INTO zuser(id, username) VALUES
  (1, 'Jan Kees de Jager'), (2, 'Wildplasser'), (3, 'Joop') , (4, 'Mina')
    ;

CREATE TABLE role_permissions
    ( id SERIAL PRIMARY KEY
    , role_id INTEGER NOT NULL REFERENCES zrole(id)
    , permission_id INTEGER  NOT NULL REFERENCES permission(id)
    , created_date DATE NOT NULL
    , value  BOOLEAN NOT NULL DEFAULT FALSE
    , UNIQUE (role_id,permission_id)
    );
INSERT INTO role_permissions( id, role_id, permission_id, created_date, value) VALUES
 (1,1,1, '2012-01-01', True )
,(2,1,2, '2012-01-01', False )
,(3,2,2, '2012-01-01', True )
,(4,2,3, '2012-01-01', False )
,(5,2,4, '2012-01-01', True )
,(6,3,2, '2012-01-01', True )
,(7,3,3, '2012-01-01', True )
,(8,3,4, '2012-01-01', True )
,(9,4,2, '2012-01-01', True )
,(10,4,3, '2012-01-01', True )
,(11,4,4, '2012-01-01', True )
    ;
CREATE TABLE user_permissions
    ( id SERIAL PRIMARY KEY
    , user_id INTEGER NOT NULL REFERENCES zuser(id)
    , permission_id INTEGER  NOT NULL REFERENCES permission(id)
    , created_date DATE NOT NULL
    , value  BOOLEAN NOT NULL DEFAULT FALSE
    , UNIQUE (user_id,permission_id)
    );

INSERT INTO user_permissions( id, user_id, permission_id, created_date, value) VALUES
 (1,1,1, '2012-01-01', False )
,(2,1,2, '2012-01-01', False )
,(3,2,2, '2012-01-01', True )
,(4,3,2, '2012-01-01', True )
,(5,4,1, '2012-01-01', True )
    ;

CREATE TABLE user_roles
    ( id SERIAL PRIMARY KEY
    , user_id INTEGER NOT NULL REFERENCES zuser(id)
    , role_id INTEGER NOT NULL REFERENCES zrole(id)
    , created_date DATE NOT NULL
    , UNIQUE (user_id, role_id)
    );

INSERT INTO user_roles (id, user_id, role_id, created_date) VALUES
 (1,1,1, '2010-01-01' )
,(2,2,2, '2010-01-01' )
,(3,3,4, '2010-01-01' )
,(4,4,3, '2010-01-01' )
-- uncomment the next line to add a duplicate role
-- ,(5,2,4, '2010-01-01' )

    ;

WITH lutser AS (
    SELECT up.user_id AS user_id
    , up.permission_id AS permission_id
    , up.value AS uval
    FROM user_permissions up
    )
, roler AS (
    SELECT
    ur.user_id AS user_id
    , rp.permission_id AS permission_id
    , rp.value AS rval
    FROM user_roles ur
    JOIN role_permissions rp ON rp.role_id = ur.role_id
    )
SELECT us.username
    , pe.permission_name
    , pe.id AS permission_id
    , lu.uval AS uval
    , ro.rval AS rval
    , COALESCE(lu.uval , ro.rval) AS tval
FROM lutser lu
FULL JOIN roler ro ON ro.user_id = lu.user_id
        AND ro.permission_id = lu.permission_id
JOIN zuser us ON us.id = COALESCE(lu.user_id ,ro.user_id)
JOIN permission pe ON pe.id = COALESCE(ro.permission_id , lu.permission_id)
    ;

结果:

     username      | permission_name | permission_id | uval | rval | tval 
-------------------+-----------------+---------------+------+------+------
 Jan Kees de Jager | Eat             |             1 | f    | t    | f
 Jan Kees de Jager | Drink           |             2 | f    | f    | f
 Wildplasser       | Drink           |             2 | t    | t    | t
 Wildplasser       | Shit            |             3 |      | f    | f
 Wildplasser       | Urinate         |             4 |      | t    | t
 Joop              | Drink           |             2 | t    | t    | t
 Joop              | Shit            |             3 |      | t    | t
 Joop              | Urinate         |             4 |      | t    | t
 Mina              | Eat             |             1 | t    |      | t
 Mina              | Drink           |             2 |      | t    | t
 Mina              | Shit            |             3 |      | t    | t
 Mina              | Urinate         |             4 |      | t    | t
(12 rows)

顺便说一句:上面的查询仍然不正确。如果用户属于多个角色,则查询将为该用户生成多行。需要将 distinct/max() 添加到角色子查询。

更新:为了解决每个人的重复角色问题,我创建了这个双嵌套 CTE:

WITH lutser AS (
    WITH aggr AS (
        WITH rope AS (
            SELECT DISTINCT
            ur.user_id AS user_id
            , rp.permission_id AS permission_id
            , rp.value AS value
            FROM user_roles ur
            JOIN role_permissions rp ON rp.role_id = ur.role_id
            GROUP BY ur.user_id , rp.permission_id , rp.value
            )
        SELECT user_id,permission_id, value
        FROM rope yes
        WHERE yes.value = True
        UNION ALL
        SELECT user_id,permission_id, value
        FROM rope nono
        WHERE nono.value = False
        AND NOT EXISTS (SELECT * FROM rope nx
                WHERE nx.user_id= nono.user_id
                AND nx.permission_id= nono.permission_id
                AND nx.value = True
                )
        )
    SELECT COALESCE(up.user_id , ag.user_id) AS user_id
    , COALESCE(up.permission_id , ag.permission_id) AS permission_id
    , up.value AS uval
    , ag.value AS rval
    FROM user_permissions up
    FULL JOIN aggr ag ON ag.user_id = up.user_id AND ag.permission_id = up.permission_id
    )
SELECT us.username
    , pe.permission_name
    , lu.uval AS uval
    , lu.rval AS rval
    , COALESCE(lu.uval , lu.rval) AS tval
FROM lutser lu
JOIN zuser us ON us.id = lu.user_id
JOIN permission pe ON pe.id = lu.permission_id
    ;

,(5,2,4, '2010-01-01' )可以通过在 user_role 表中添加/取消注释数据行来显示其功能。再次,我必须做出选择:如果一个用户存在两个角色,且真值冲突,则True一个获胜。我认为查询可以简化/美化,但至少现在可以正常工作。

于 2012-06-23T17:13:28.287 回答