Add functionality for all pmg features

2025-03-25 01:37:58 +01:00
parent aa4de7cbe2
commit 91bc0b3b6f
24 changed files with 452 additions and 47 deletions
--- a/README.md
+++ b/README.md
@ -11,6 +11,7 @@ A Spring Boot SDK for integrating permission management into your Java applicati
 - Scope-based access control
 - Multi-domain permission management
 - Flexible user ID resolution
+- API key authentication support

 ## Requirements

@ -54,13 +55,179 @@ Add the following properties to your Spring Boot application properties file (`a

 ```yaml
 permission-manager:
-  base-url: http://your-permission-manager-url  # Required: URL of your Permission Manager instance
+  url: http://your-permission-manager-url  # Required: URL of your Permission Manager instance
+  auth:
+    enabled: false  # Optional: Enable/disable API key authentication (defaults to false)
+    api-key: your-api-key  # Required when auth.enabled is true
  security:
    enabled: true  # Optional: Enable/disable security checks (defaults to true)
 ```

 These properties can be configured in any valid Spring Boot configuration source (application.yml, application.properties, environment variables, etc.) following Spring Boot's standard property resolution order.

+### 3. API Key Authentication
+
+The SDK supports API key authentication for requests to the Permission Manager service. When enabled, the SDK will automatically add an `x-api-key` header to all requests.
+
+To enable API key authentication:
+
+1. Set `permission-manager.auth.enabled` to `true`
+2. Provide your API key in `permission-manager.auth.api-key`
+
+Example configuration:
+```yaml
+permission-manager:
+  auth:
+    enabled: true
+    api-key: your-secret-api-key-here
+```
+
+Note: When authentication is enabled, the API key is required. The SDK will throw an `IllegalStateException` if authentication is enabled but no API key is provided.
+
+### 4. Integration Configuration
+
+The SDK provides a flexible way to configure and perform integrations on application startup through the `AbstractPermissionManagerConfiguration` class. You can use this to automatically set up your permission structure (domains, permissions, roles, and their relationships) when your application starts.
+
+There are two ways to provide integrations:
+
+#### Option 1: JSON Configuration
+
+Create a JSON file containing your integration configuration:
+
+```json
+[
+  {
+    "id": "domain-1",
+    "entity": "domain",
+    "action": "create",
+    "data": {
+      "name": "users",
+      "description": "User management domain"
+    }
+  },
+  {
+    "id": "permission-1",
+    "entity": "permission",
+    "action": "create",
+    "data": {
+      "domain": "users",
+      "name": "read",
+      "description": "Permission to read user data"
+    }
+  },
+  {
+    "id": "role-1",
+    "entity": "role",
+    "action": "create",
+    "data": {
+      "domain": "users",
+      "name": "user_viewer",
+      "description": "Role for viewing user data"
+    }
+  },
+  {
+    "id": "role-permission-1",
+    "entity": "role_permission_relation",
+    "action": "create",
+    "data": {
+      "domain": "users",
+      "role": "user_viewer",
+      "permissions": ["read"]
+    }
+  }
+]
+```
+
+Then create a configuration class that extends `AbstractPermissionManagerConfiguration`:
+
+```java
+import de.mummeit.pmg.config.AbstractPermissionManagerConfiguration;
+import org.springframework.context.annotation.Configuration;
+
+@Configuration
+public class PermissionManagerIntegrationConfig extends AbstractPermissionManagerConfiguration {
+
+    @Override
+    protected String getIntegrationsJsonPath() {
+        return "classpath:permission-integrations.json";
+    }
+}
+```
+
+#### Option 2: Programmatic Configuration
+
+Alternatively, you can build your integrations programmatically using the fluent `IntegrationBuilder`:
+
+```java
+import de.mummeit.pmg.builder.IntegrationBuilder;
+import de.mummeit.pmg.config.AbstractPermissionManagerConfiguration;
+import org.springframework.context.annotation.Configuration;
+
+@Configuration
+public class PermissionManagerIntegrationConfig extends AbstractPermissionManagerConfiguration {
+
+    @Override
+    protected List<Integration<?>> getIntegrations() {
+        return IntegrationBuilder.create()
+            // Create a domain and set it as the current context
+            .createDomain("users", "User management domain")
+            // Add permissions to the current domain
+            .addPermission("read", "Permission to read user data")
+            .addPermission("write", "Permission to write user data")
+            // Add a role to the current domain
+            .addRole("user_viewer", "Role for viewing user data")
+            // Assign permissions to the role
+            .assignPermissionsToRole("user_viewer", List.of("read"))
+            // Create another domain with its permissions and roles
+            .createDomain("orders", "Order management domain")
+            .addPermission("view", "Permission to view orders")
+            .addPermission("create", "Permission to create orders")
+            .addRole("order_manager", "Role for managing orders")
+            .assignPermissionsToRole("order_manager", List.of("view", "create"))
+            .build();
+    }
+}
+```
+
+The `IntegrationBuilder` provides a fluent API for creating integrations with features like:
+
+- Domain context management (automatically tracks the current domain)
+- Method chaining for building complex permission structures
+- Type-safe operations for all integration types
+- Automatic generation of integration IDs
+
+Available builder methods:
+- Domain operations:
+  - `createDomain(name, description)`
+  - `updateDomain(oldName, newName, description)`
+  - `deleteDomain(name)`
+  - `selectDomain(name)` - Switch context without creating a domain
+- Permission operations:
+  - `addPermission(name, description)`
+  - `updatePermission(oldName, newName, description)`
+  - `removePermission(name)`
+- Role operations:
+  - `addRole(name, description)`
+  - `updateRole(oldName, newName, description)`
+  - `removeRole(name)`
+- Role-Permission relations:
+  - `assignPermissionsToRole(role, permissions)`
+
+The builder ensures that operations are performed in the correct context by requiring a domain to be selected or created before performing domain-specific operations.
+
+The integrations will be performed automatically when your application starts up. You can implement either `getIntegrations()` or `getIntegrationsJsonPath()` - if both are implemented, `getIntegrations()` takes precedence.
+
+Available integration types:
+- `DomainIntegration`: Create/update domains
+- `PermissionIntegration`: Create/update permissions within domains
+- `RoleIntegration`: Create/update roles within domains
+- `RolePermissionRelationIntegration`: Manage relationships between roles and permissions
+
+Each integration requires:
+- `id`: A unique identifier for the integration
+- `action`: The operation to perform (`create`, `update`, or `delete`)
+- `data`: The entity-specific data for the integration
+
 ## Usage

 ### 1. Annotation-Based Permission Checks