(streampipes) branch 3887-permission-objects-lost-after-exporting-and-re-importing-assets-with-sanitized-resource-ids updated: fix: Add migration to fix installations with already broken permission object ids

Tue, 28 Oct 2025 11:56:35 -0700 

This is an automated email from the ASF dual-hosted git repository.

zehnder pushed a commit to branch 
3887-permission-objects-lost-after-exporting-and-re-importing-assets-with-sanitized-resource-ids
in repository https://gitbox.apache.org/repos/asf/streampipes.git


The following commit(s) were added to 
refs/heads/3887-permission-objects-lost-after-exporting-and-re-importing-assets-with-sanitized-resource-ids
 by this push:
     new 1b8aba2822 fix: Add migration to fix installations with already broken 
permission object ids
1b8aba2822 is described below

commit 1b8aba28228a7d621cf33da348366743d280809a
Author: Philipp Zehnder <[email protected]>
AuthorDate: Tue Oct 28 19:56:18 2025 +0100

    fix: Add migration to fix installations with already broken permission 
object ids
---
 .../core/migrations/AvailableMigrations.java       |   4 +-
 .../v0980/FixImportedPermissionsMigration.java     | 116 +++++++++++++++++++++
 2 files changed, 119 insertions(+), 1 deletion(-)

diff --git 
a/streampipes-service-core/src/main/java/org/apache/streampipes/service/core/migrations/AvailableMigrations.java
 
b/streampipes-service-core/src/main/java/org/apache/streampipes/service/core/migrations/AvailableMigrations.java
index fcacf4433b..b4afb1897a 100644
--- 
a/streampipes-service-core/src/main/java/org/apache/streampipes/service/core/migrations/AvailableMigrations.java
+++ 
b/streampipes-service-core/src/main/java/org/apache/streampipes/service/core/migrations/AvailableMigrations.java
@@ -28,6 +28,7 @@ import 
org.apache.streampipes.service.core.migrations.v093.StoreEmailTemplatesMi
 import 
org.apache.streampipes.service.core.migrations.v095.MergeFilenamesAndRenameDuplicatesMigration;
 import 
org.apache.streampipes.service.core.migrations.v0980.AddDataLakeMeasureViewMigration;
 import 
org.apache.streampipes.service.core.migrations.v0980.AddDefaultExportProviderMigration;
+import 
org.apache.streampipes.service.core.migrations.v0980.FixImportedPermissionsMigration;
 import 
org.apache.streampipes.service.core.migrations.v0980.ModifyAssetLinkTypesMigration;
 import 
org.apache.streampipes.service.core.migrations.v0980.ModifyAssetLinksMigration;
 import 
org.apache.streampipes.service.core.migrations.v970.AddDataLakePipelineTemplateMigration;
@@ -60,7 +61,8 @@ public class AvailableMigrations {
         new ModifyAssetLinksMigration(),
         new ModifyAssetLinkTypesMigration(),
         new AddDataLakeMeasureViewMigration(),
-        new AddDefaultExportProviderMigration()
+        new AddDefaultExportProviderMigration(),
+        new FixImportedPermissionsMigration()
     );
   }
 }
diff --git 
a/streampipes-service-core/src/main/java/org/apache/streampipes/service/core/migrations/v0980/FixImportedPermissionsMigration.java
 
b/streampipes-service-core/src/main/java/org/apache/streampipes/service/core/migrations/v0980/FixImportedPermissionsMigration.java
new file mode 100644
index 0000000000..ab523df469
--- /dev/null
+++ 
b/streampipes-service-core/src/main/java/org/apache/streampipes/service/core/migrations/v0980/FixImportedPermissionsMigration.java
@@ -0,0 +1,116 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package org.apache.streampipes.service.core.migrations.v0980;
+
+import org.apache.streampipes.model.shared.api.Storable;
+import org.apache.streampipes.service.core.migrations.Migration;
+import org.apache.streampipes.storage.api.IPermissionStorage;
+import org.apache.streampipes.storage.management.StorageDispatcher;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.io.IOException;
+import java.util.List;
+
+/**
+ * This migration is required because the export/import process sanitizes 
resource ids for the permissions.
+ * This breaks the link between resources and their permissions after import.
+ */
+public class FixImportedPermissionsMigration implements Migration {
+
+  private static final Logger LOG = 
LoggerFactory.getLogger(FixImportedPermissionsMigration.class);
+
+  private final IPermissionStorage permissionStorage =
+      StorageDispatcher.INSTANCE.getNoSqlStore()
+                                .getPermissionStorage();
+
+  @Override
+  public boolean shouldExecute() {
+    return true;
+  }
+
+  @Override
+  public void executeMigration() throws IOException {
+    migrateDashboardPermissions();
+    migrateChartsPermissions();
+    migrateDataStreamPermissions();
+  }
+
+  private void migrateDashboardPermissions() {
+    LOG.info("Strart migrate permissions for dashboards");
+    var dataExplorerDashboardStorage = StorageDispatcher.INSTANCE
+        .getNoSqlStore()
+        .getDataExplorerDashboardStorage();
+    var dashboards = dataExplorerDashboardStorage.findAll();
+    migrateResourcePermissions(dashboards);
+    LOG.info("Finished migrate permissions for dashboards");
+  }
+
+  private void migrateChartsPermissions() {
+    LOG.info("Strart migrate permissions for charts");
+    var dataExplorerWidgetStorage = StorageDispatcher.INSTANCE
+        .getNoSqlStore()
+        .getDataExplorerWidgetStorage();
+    var charts = dataExplorerWidgetStorage.findAll();
+    migrateResourcePermissions(charts);
+    LOG.info("Finished migrate permissions for charts");
+  }
+
+  private void migrateDataStreamPermissions() {
+    LOG.info("Strart migrate permissions for data streams");
+    var dataStreamStorage =
+        StorageDispatcher.INSTANCE.getNoSqlStore()
+                                  .getDataStreamStorage();
+    var dataStreams = dataStreamStorage.findAll();
+    migrateResourcePermissions(dataStreams);
+    LOG.info("Finished migrate permissions for data streams");
+  }
+
+  /**
+   * Migrate permissions for the given resources, by replacing the sanitized 
id with the original id.
+   */
+  private void migrateResourcePermissions(List<? extends Storable> resources) {
+    resources.forEach(resource -> {
+      // This uses the same sanitization logic as the exporter
+      var sanitizedId = sanitize(resource.getElementId());
+      var permissions = 
permissionStorage.getUserPermissionsForObject(sanitizedId);
+
+      permissions.forEach(permission -> {
+        permission.setObjectInstanceId(resource.getElementId());
+        permissionStorage.updateElement(permission);
+        LOG.info(
+            "Updated permission id from {} to {}",
+            sanitizedId,
+            resource.getElementId()
+        );
+      });
+    });
+  }
+
+  @Override
+  public String getDescription() {
+    return "Fix permissions of imported data streams, dashboards and charts";
+  }
+
+  private String sanitize(String resourceId) {
+    return resourceId.replaceAll(":", "")
+                     .replaceAll("\\.", "");
+  }
+}

Reply via email to