This is an automated email from the ASF dual-hosted git repository.

zehnder pushed a commit to branch dev
in repository https://gitbox.apache.org/repos/asf/streampipes.git


The following commit(s) were added to refs/heads/dev by this push:
     new dce7d250ab fix(3887): permission objects lost after exporting and re 
importing assets with sanitized resource ids (#3888)
dce7d250ab is described below

commit dce7d250abe824f9d0e177fa0c628e49d71c10d0
Author: Philipp Zehnder <[email protected]>
AuthorDate: Tue Oct 28 20:30:39 2025 +0100

    fix(3887): permission objects lost after exporting and re importing assets 
with sanitized resource ids (#3888)
---
 .../export/dataimport/PerformImportGenerator.java  |  12 ++-
 .../core/migrations/AvailableMigrations.java       |   4 +-
 .../v0980/FixImportedPermissionsMigration.java     | 116 +++++++++++++++++++++
 3 files changed, 126 insertions(+), 6 deletions(-)

diff --git 
a/streampipes-data-export/src/main/java/org/apache/streampipes/export/dataimport/PerformImportGenerator.java
 
b/streampipes-data-export/src/main/java/org/apache/streampipes/export/dataimport/PerformImportGenerator.java
index 674d9b287e..2b4d8b62f3 100644
--- 
a/streampipes-data-export/src/main/java/org/apache/streampipes/export/dataimport/PerformImportGenerator.java
+++ 
b/streampipes-data-export/src/main/java/org/apache/streampipes/export/dataimport/PerformImportGenerator.java
@@ -30,7 +30,6 @@ import 
org.apache.streampipes.export.resolver.MeasurementResolver;
 import org.apache.streampipes.export.resolver.PipelineResolver;
 import org.apache.streampipes.manager.file.FileHandler;
 import org.apache.streampipes.model.SpDataStream;
-import org.apache.streampipes.model.connect.adapter.AdapterDescription;
 import org.apache.streampipes.model.dashboard.DashboardModel;
 import org.apache.streampipes.model.datalake.DataExplorerWidgetModel;
 import org.apache.streampipes.model.datalake.DataLakeMeasure;
@@ -81,7 +80,7 @@ public class PerformImportGenerator extends 
ImportGenerator<Void> {
   protected void handleAdapter(String document, String adapterId) throws 
JsonProcessingException {
     if (shouldStore(adapterId, config.getAdapters())) {
       writeDocument(document, new AdapterResolver());
-      permissionsToStore.add(new PermissionInfo(adapterId, 
AdapterDescription.class));
+      // adapters do not have permissions associated
     }
   }
 
@@ -89,7 +88,8 @@ public class PerformImportGenerator extends 
ImportGenerator<Void> {
   protected void handleChart(String document, String chartId) throws 
JsonProcessingException {
     if (shouldStore(chartId, config.getDataViews())) {
       writeDocument(document, new ChartResolver());
-      permissionsToStore.add(new PermissionInfo(chartId, 
DataExplorerWidgetModel.class));
+      var chart = new ChartResolver().deserializeDocument(document);
+      permissionsToStore.add(new PermissionInfo(chart.getElementId(), 
DataExplorerWidgetModel.class));
     }
   }
 
@@ -97,7 +97,8 @@ public class PerformImportGenerator extends 
ImportGenerator<Void> {
   protected void handleDashboard(String document, String dashboardId) throws 
JsonProcessingException {
     if (shouldStore(dashboardId, config.getDashboards())) {
       writeDocument(document, new DashboardResolver());
-      permissionsToStore.add(new PermissionInfo(dashboardId, 
DashboardModel.class));
+      var dashboard = new DashboardResolver().deserializeDocument(document);
+      permissionsToStore.add(new PermissionInfo(dashboard.getElementId(), 
DashboardModel.class));
     }
   }
 
@@ -105,7 +106,8 @@ public class PerformImportGenerator extends 
ImportGenerator<Void> {
   protected void handleDataSource(String document, String dataSourceId) throws 
JsonProcessingException {
     if (shouldStore(dataSourceId, config.getDataSources())) {
       writeDocument(document, new DataSourceResolver());
-      permissionsToStore.add(new PermissionInfo(dataSourceId, 
SpDataStream.class));
+      var dataStream = new DataSourceResolver().deserializeDocument(document);
+      permissionsToStore.add(new PermissionInfo(dataStream.getElementId(), 
SpDataStream.class));
     }
   }
 
diff --git 
a/streampipes-service-core/src/main/java/org/apache/streampipes/service/core/migrations/AvailableMigrations.java
 
b/streampipes-service-core/src/main/java/org/apache/streampipes/service/core/migrations/AvailableMigrations.java
index fcacf4433b..b4afb1897a 100644
--- 
a/streampipes-service-core/src/main/java/org/apache/streampipes/service/core/migrations/AvailableMigrations.java
+++ 
b/streampipes-service-core/src/main/java/org/apache/streampipes/service/core/migrations/AvailableMigrations.java
@@ -28,6 +28,7 @@ import 
org.apache.streampipes.service.core.migrations.v093.StoreEmailTemplatesMi
 import 
org.apache.streampipes.service.core.migrations.v095.MergeFilenamesAndRenameDuplicatesMigration;
 import 
org.apache.streampipes.service.core.migrations.v0980.AddDataLakeMeasureViewMigration;
 import 
org.apache.streampipes.service.core.migrations.v0980.AddDefaultExportProviderMigration;
+import 
org.apache.streampipes.service.core.migrations.v0980.FixImportedPermissionsMigration;
 import 
org.apache.streampipes.service.core.migrations.v0980.ModifyAssetLinkTypesMigration;
 import 
org.apache.streampipes.service.core.migrations.v0980.ModifyAssetLinksMigration;
 import 
org.apache.streampipes.service.core.migrations.v970.AddDataLakePipelineTemplateMigration;
@@ -60,7 +61,8 @@ public class AvailableMigrations {
         new ModifyAssetLinksMigration(),
         new ModifyAssetLinkTypesMigration(),
         new AddDataLakeMeasureViewMigration(),
-        new AddDefaultExportProviderMigration()
+        new AddDefaultExportProviderMigration(),
+        new FixImportedPermissionsMigration()
     );
   }
 }
diff --git 
a/streampipes-service-core/src/main/java/org/apache/streampipes/service/core/migrations/v0980/FixImportedPermissionsMigration.java
 
b/streampipes-service-core/src/main/java/org/apache/streampipes/service/core/migrations/v0980/FixImportedPermissionsMigration.java
new file mode 100644
index 0000000000..0a0961801c
--- /dev/null
+++ 
b/streampipes-service-core/src/main/java/org/apache/streampipes/service/core/migrations/v0980/FixImportedPermissionsMigration.java
@@ -0,0 +1,116 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package org.apache.streampipes.service.core.migrations.v0980;
+
+import org.apache.streampipes.model.shared.api.Storable;
+import org.apache.streampipes.service.core.migrations.Migration;
+import org.apache.streampipes.storage.api.IPermissionStorage;
+import org.apache.streampipes.storage.management.StorageDispatcher;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.io.IOException;
+import java.util.List;
+
+/**
+ * This migration is required because the export/import process sanitizes 
resource ids for the permissions.
+ * This breaks the link between resources and their permissions after import.
+ */
+public class FixImportedPermissionsMigration implements Migration {
+
+  private static final Logger LOG = 
LoggerFactory.getLogger(FixImportedPermissionsMigration.class);
+
+  private final IPermissionStorage permissionStorage =
+      StorageDispatcher.INSTANCE.getNoSqlStore()
+                                .getPermissionStorage();
+
+  @Override
+  public boolean shouldExecute() {
+    return true;
+  }
+
+  @Override
+  public void executeMigration() throws IOException {
+    migrateDashboardPermissions();
+    migrateChartsPermissions();
+    migrateDataStreamPermissions();
+  }
+
+  private void migrateDashboardPermissions() {
+    LOG.debug("Start migrate permissions for dashboards");
+    var dataExplorerDashboardStorage = StorageDispatcher.INSTANCE
+        .getNoSqlStore()
+        .getDataExplorerDashboardStorage();
+    var dashboards = dataExplorerDashboardStorage.findAll();
+    migrateResourcePermissions(dashboards);
+    LOG.debug("Finished migrate permissions for dashboards");
+  }
+
+  private void migrateChartsPermissions() {
+    LOG.debug("Start migrate permissions for charts");
+    var dataExplorerWidgetStorage = StorageDispatcher.INSTANCE
+        .getNoSqlStore()
+        .getDataExplorerWidgetStorage();
+    var charts = dataExplorerWidgetStorage.findAll();
+    migrateResourcePermissions(charts);
+    LOG.debug("Finished migrate permissions for charts");
+  }
+
+  private void migrateDataStreamPermissions() {
+    LOG.debug("Start migrate permissions for data streams");
+    var dataStreamStorage =
+        StorageDispatcher.INSTANCE.getNoSqlStore()
+                                  .getDataStreamStorage();
+    var dataStreams = dataStreamStorage.findAll();
+    migrateResourcePermissions(dataStreams);
+    LOG.debug("Finished migrate permissions for data streams");
+  }
+
+  /**
+   * Migrate permissions for the given resources, by replacing the sanitized 
id with the original id.
+   */
+  private void migrateResourcePermissions(List<? extends Storable> resources) {
+    resources.forEach(resource -> {
+      // This uses the same sanitization logic as the exporter
+      var sanitizedId = sanitize(resource.getElementId());
+      var permissions = 
permissionStorage.getUserPermissionsForObject(sanitizedId);
+
+      permissions.forEach(permission -> {
+        permission.setObjectInstanceId(resource.getElementId());
+        permissionStorage.updateElement(permission);
+        LOG.info(
+            "Updated permission id from {} to {}",
+            sanitizedId,
+            resource.getElementId()
+        );
+      });
+    });
+  }
+
+  @Override
+  public String getDescription() {
+    return "Fix permissions of imported data streams, dashboards and charts";
+  }
+
+  private String sanitize(String resourceId) {
+    return resourceId.replaceAll(":", "")
+                     .replaceAll("\\.", "");
+  }
+}

Reply via email to