AYS-517 | Role and Permission Relations Have Been Optimized for Working Less Queries (#392)

Author: agitrubard

src/main/java/org/ays/auth/model/AysRole.java

@@ -9,6 +9,8 @@
 import org.ays.institution.model.Institution;
 
 import java.util.List;
+import java.util.Set;
+import java.util.stream.Collectors;
 
 /**
  * Represents a role entity in the system.
@@ -58,6 +60,25 @@ public boolean isDeleted() {
     }
 
 
+    /**
+     * Updates the role with the provided information.
+     * This method updates the role's name and permissions based on the provided values.
+     *
+     * @param name          The new name of the role.
+     * @param permissionIds The IDs of the permissions to be assigned to the role.
+     * @param updatedUser   The user who is updating the role.
+     */
+    public void update(final String name,
+                       final Set<String> permissionIds,
+                       final String updatedUser) {
+
+        this.name = name;
+        this.permissions = permissionIds.stream()
+                .map(roleId -> AysPermission.builder().id(roleId).build())
+                .collect(Collectors.toList());
+        this.updatedUser = updatedUser;
+    }
+
     /**
      * Activates the role by setting its status to {@link AysRoleStatus#ACTIVE}.
      * This method should be called when the role needs to be marked as active in the system.

src/main/java/org/ays/auth/model/entity/AysRoleEntity.java

@@ -23,7 +23,7 @@
 import org.ays.common.model.entity.BaseEntity;
 import org.ays.institution.model.entity.InstitutionEntity;
 
-import java.util.List;
+import java.util.Set;
 
 /**
  * Entity class representing a role within the application, extending from {@link BaseEntity}.
@@ -65,6 +65,6 @@ public class AysRoleEntity extends BaseEntity {
             joinColumns = @JoinColumn(name = "ROLE_ID"),
             inverseJoinColumns = @JoinColumn(name = "PERMISSION_ID")
     )
-    private List<AysPermissionEntity> permissions;
+    private Set<AysPermissionEntity> permissions;
 
 }

src/main/java/org/ays/auth/service/impl/AysRoleUpdateServiceImpl.java

@@ -22,6 +22,7 @@
 
 import java.util.List;
 import java.util.Set;
+import java.util.stream.Collectors;
 
 /**
  * Service implementation for updating roles.
@@ -62,19 +63,78 @@ public void update(final String id,
                 .filter(roleFromDatabase -> identity.getInstitutionId().equals(roleFromDatabase.getInstitution().getId()))
                 .orElseThrow(() -> new AysRoleNotExistByIdException(id));
 
-        if (!role.getName().equals(updateRequest.getName())) {
+        final boolean isRoleNameChanged = !role.getName().equals(updateRequest.getName());
+        if (isRoleNameChanged) {
             this.checkExistingRoleNameByWithoutId(id, updateRequest.getName());
         }
 
-        final List<AysPermission> permissions = this.checkExistingPermissionsAndGet(updateRequest.getPermissionIds());
-
-        role.setName(updateRequest.getName());
-        role.setPermissions(permissions);
-        role.setUpdatedUser(identity.getUserId());
+        final Set<String> existingPermissionIds = role.getPermissions().stream()
+                .map(AysPermission::getId)
+                .collect(Collectors.toSet());
+        final boolean permissionsChanged = !existingPermissionIds.equals(updateRequest.getPermissionIds());
+        if (permissionsChanged) {
+            this.validatePermissions(updateRequest.getPermissionIds());
+        }
 
+        role.update(
+                updateRequest.getName(),
+                updateRequest.getPermissionIds(),
+                identity.getUserId()
+        );
         roleSavePort.save(role);
     }
 
+    /**
+     * Checks the existence of another role with the same name, excluding the current role ID.
+     *
+     * @param id   The ID of the role being updated.
+     * @param name The name to check for uniqueness.
+     * @throws AysRoleAlreadyExistsByNameException if a role with the same name already exists, excluding the current role ID.
+     */
+    private void checkExistingRoleNameByWithoutId(final String id, final String name) {
+        roleReadPort.findByName(name)
+                .filter(role -> !id.equals(role.getId()))
+                .ifPresent(role -> {
+                    throw new AysRoleAlreadyExistsByNameException(name);
+                });
+    }
+
+    /**
+     * Validates the specified permission IDs and checks user authorization.
+     * <p>
+     * This method verifies if all permission IDs exist in the system and checks if the user
+     * has appropriate access level for super permissions. Only super admin users can assign
+     * super permissions.
+     * </p>
+     *
+     * @param permissionIds the set of permission IDs to validate
+     * @throws AysPermissionNotExistException if any of the specified permissions do not exist
+     * @throws AysUserNotSuperAdminException  if a non-super admin user attempts to assign super permissions
+     */
+    private void validatePermissions(final Set<String> permissionIds) {
+
+        final List<AysPermission> permissions = permissionReadPort.findAllByIds(permissionIds);
+
+        if (permissions.size() != permissionIds.size()) {
+
+            final List<String> notExistsPermissionIds = permissionIds.stream()
+                    .filter(permissionId -> permissions.stream()
+                            .noneMatch(permissionEntity -> permissionEntity.getId().equals(permissionId)))
+                    .toList();
+
+            throw new AysPermissionNotExistException(notExistsPermissionIds);
+        }
+
+        if (identity.isSuperAdmin()) {
+            return;
+        }
+
+        boolean haveSuperPermissions = permissions.stream().anyMatch(AysPermission::isSuper);
+        if (haveSuperPermissions) {
+            throw new AysUserNotSuperAdminException(identity.getUserId());
+        }
+    }
+
 
     /**
      * Activates an existing role.
@@ -163,54 +223,4 @@ public void delete(final String id) {
         roleSavePort.save(role);
     }
 
-
-    /**
-     * Checks the existence of another role with the same name, excluding the current role ID.
-     *
-     * @param id   The ID of the role being updated.
-     * @param name The name to check for uniqueness.
-     * @throws AysRoleAlreadyExistsByNameException if a role with the same name already exists, excluding the current role ID.
-     */
-    private void checkExistingRoleNameByWithoutId(final String id, final String name) {
-        roleReadPort.findByName(name)
-                .filter(role -> !id.equals(role.getId()))
-                .ifPresent(role -> {
-                    throw new AysRoleAlreadyExistsByNameException(name);
-                });
-    }
-
-    /**
-     * Checks the existence of permissions based on the provided permission IDs.
-     * Verifies if all permission IDs exist and validates super admin restrictions.
-     *
-     * @param permissionIds the set of permission IDs to check
-     * @return the list of permissions corresponding to the provided IDs
-     * @throws AysPermissionNotExistException if any of the permission IDs do not exist
-     * @throws AysUserNotSuperAdminException  if the current user is not authorized to assign super permissions
-     */
-    private List<AysPermission> checkExistingPermissionsAndGet(final Set<String> permissionIds) {
-        final List<AysPermission> permissions = permissionReadPort.findAllByIds(permissionIds);
-
-        if (permissions.size() != permissionIds.size()) {
-
-            final List<String> notExistsPermissionIds = permissionIds.stream()
-                    .filter(permissionId -> permissions.stream()
-                            .noneMatch(permissionEntity -> permissionEntity.getId().equals(permissionId)))
-                    .toList();
-
-            throw new AysPermissionNotExistException(notExistsPermissionIds);
-        }
-
-        if (identity.isSuperAdmin()) {
-            return permissions;
-        }
-
-        boolean haveSuperPermissions = permissions.stream().anyMatch(AysPermission::isSuper);
-        if (haveSuperPermissions) {
-            throw new AysUserNotSuperAdminException(identity.getUserId());
-        }
-
-        return permissions;
-    }
-
 }

src/test/java/org/ays/auth/controller/AysRoleEndToEndTest.java

@@ -583,7 +583,7 @@ void givenValidIdAndRoleUpdateRequest_whenRequestHasSuperPermissionsAndUserIsNot
                         .withValidValues()
                         .withoutId()
                         .withName(AysRandomUtil.generateText(10))
-                        .withPermissions(permissions)
+                        .withPermissions(List.of(permissions.get(0)))
                         .withInstitution(new InstitutionBuilder().withId(AysValidTestData.Admin.INSTITUTION_ID).build())
                         .build()
         );

src/test/java/org/ays/auth/model/entity/AysRoleEntityBuilder.java

@@ -6,7 +6,7 @@
 import org.ays.common.util.AysRandomUtil;
 import org.ays.institution.model.entity.InstitutionEntity;
 
-import java.util.List;
+import java.util.Set;
 
 public class AysRoleEntityBuilder extends TestDataBuilder<AysRoleEntity> {
 
@@ -15,10 +15,18 @@ public AysRoleEntityBuilder() {
     }
 
     public AysRoleEntityBuilder withValidValues() {
-        List<AysPermissionEntity> permissionEntities = List.of(
-                new AysPermissionEntityBuilder().withValidValues().build(),
-                new AysPermissionEntityBuilder().withValidValues().withName("institution:page").withCategory(AysPermissionCategory.PAGE).build()
+
+        Set<AysPermissionEntity> permissionEntities = Set.of(
+                new AysPermissionEntityBuilder()
+                        .withValidValues()
+                        .build(),
+                new AysPermissionEntityBuilder()
+                        .withValidValues()
+                        .withName("institution:page")
+                        .withCategory(AysPermissionCategory.PAGE)
+                        .build()
         );
+
         return this
                 .withId(AysRandomUtil.generateUUID())
                 .withName("admin")
@@ -41,7 +49,7 @@ public AysRoleEntityBuilder withStatus(AysRoleStatus status) {
         return this;
     }
 
-    public AysRoleEntityBuilder withPermissions(List<AysPermissionEntity> permissionEntities) {
+    public AysRoleEntityBuilder withPermissions(Set<AysPermissionEntity> permissionEntities) {
         data.setPermissions(permissionEntities);
         return this;
     }