diff --git a/src/dms/backend/EdFi.DataManagementService.Backend.Postgresql/DocumentAuthorizationHelper.cs b/src/dms/backend/EdFi.DataManagementService.Backend.Postgresql/DocumentAuthorizationHelper.cs
index 2017bf124..f1faf82ec 100644
--- a/src/dms/backend/EdFi.DataManagementService.Backend.Postgresql/DocumentAuthorizationHelper.cs
+++ b/src/dms/backend/EdFi.DataManagementService.Backend.Postgresql/DocumentAuthorizationHelper.cs
@@ -28,6 +28,8 @@ public static class DocumentAuthorizationHelper
ISqlAction sqlAction
)
{
+ return (null, null, null, null);
+
// Extract security elements and authorization info based on request type
var (securityElements, authInfo) = request switch
{
diff --git a/src/dms/backend/EdFi.DataManagementService.Backend.Postgresql/Model/Document.cs b/src/dms/backend/EdFi.DataManagementService.Backend.Postgresql/Model/Document.cs
index 9682f2710..515c562e9 100644
--- a/src/dms/backend/EdFi.DataManagementService.Backend.Postgresql/Model/Document.cs
+++ b/src/dms/backend/EdFi.DataManagementService.Backend.Postgresql/Model/Document.cs
@@ -40,27 +40,6 @@ public record Document(
///
JsonElement EdfiDoc,
///
- /// The security elements extracted from the document
- ///
- JsonElement SecurityElements,
- ///
- /// Array of EducationOrganizationIds through StudentSchoolAssociation
- ///
- JsonElement? StudentSchoolAuthorizationEdOrgIds,
- ///
- /// Array of EducationOrganizationIds through StudentEducationOrganizationResponsibilityAssociation
- ///
- JsonElement? StudentEdOrgResponsibilityAuthorizationIds,
- ///
- /// Array of EducationOrganizationIds through StudentContactAssociation
- ///
- JsonElement? ContactStudentSchoolAuthorizationEdOrgIds,
- ///
- /// Array of EducationOrganizationIds through StaffEducationOrganizationEmploymentAssociation
- /// or StaffEducationOrganizationAssignmentAssociation
- ///
- JsonElement? StaffEducationOrganizationAuthorizationEdOrgIds,
- ///
/// The correlation id of the last insert or update
///
string LastModifiedTraceId,
diff --git a/src/dms/backend/EdFi.DataManagementService.Backend.Postgresql/Model/DocumentSummary.cs b/src/dms/backend/EdFi.DataManagementService.Backend.Postgresql/Model/DocumentSummary.cs
index 3eed83bf8..b3d6de80e 100644
--- a/src/dms/backend/EdFi.DataManagementService.Backend.Postgresql/Model/DocumentSummary.cs
+++ b/src/dms/backend/EdFi.DataManagementService.Backend.Postgresql/Model/DocumentSummary.cs
@@ -17,10 +17,6 @@ public record DocumentSummary(
///
JsonElement EdfiDoc,
///
- /// The SecurityElements JSON field from the database
- ///
- JsonElement SecurityElements,
- ///
/// The datetime this document was last modified in the database
///
DateTime LastModifiedAt,
diff --git a/src/dms/backend/EdFi.DataManagementService.Backend.Postgresql/Operation/DeleteDocumentById.cs b/src/dms/backend/EdFi.DataManagementService.Backend.Postgresql/Operation/DeleteDocumentById.cs
index b1e5fdcbb..d28057c5a 100644
--- a/src/dms/backend/EdFi.DataManagementService.Backend.Postgresql/Operation/DeleteDocumentById.cs
+++ b/src/dms/backend/EdFi.DataManagementService.Backend.Postgresql/Operation/DeleteDocumentById.cs
@@ -60,33 +60,6 @@ NpgsqlTransaction transaction
return new DeleteResult.DeleteFailureETagMisMatch();
}
- var securityElements = documentSummary.SecurityElements.ToDocumentSecurityElements()!;
-
- var deleteAuthorizationResult = await deleteRequest.ResourceAuthorizationHandler.Authorize(
- securityElements,
- OperationType.Delete,
- deleteRequest.TraceId
- );
-
- if (deleteAuthorizationResult is ResourceAuthorizationResult.NotAuthorized notAuthorized)
- {
- return new DeleteResult.DeleteFailureNotAuthorized(notAuthorized.ErrorMessages);
- }
-
- if (deleteRequest.DeleteInEdOrgHierarchy && documentSummary.DocumentId != null)
- {
- long documentId = documentSummary.DocumentId.Value;
-
- await _sqlAction.DeleteEducationOrganizationHierarchy(
- deleteRequest.ResourceInfo.ProjectName.Value,
- deleteRequest.ResourceInfo.ResourceName.Value,
- documentId,
- documentPartitionKey.Value,
- connection,
- transaction
- );
- }
-
int rowsAffectedOnDocumentDelete = await _sqlAction.DeleteDocumentByDocumentUuid(
documentPartitionKey,
deleteRequest.DocumentUuid,
diff --git a/src/dms/backend/EdFi.DataManagementService.Backend.Postgresql/Operation/GetDocumentById.cs b/src/dms/backend/EdFi.DataManagementService.Backend.Postgresql/Operation/GetDocumentById.cs
index 1a0a5f852..2f531db18 100644
--- a/src/dms/backend/EdFi.DataManagementService.Backend.Postgresql/Operation/GetDocumentById.cs
+++ b/src/dms/backend/EdFi.DataManagementService.Backend.Postgresql/Operation/GetDocumentById.cs
@@ -53,27 +53,6 @@ public async Task GetById(
return new GetResult.GetFailureNotExists();
}
- var securityElements = documentSummary.SecurityElements.ToDocumentSecurityElements()!;
-
- ResourceAuthorizationResult getAuthorizationResult =
- await getRequest.ResourceAuthorizationHandler.Authorize(
- securityElements,
- OperationType.Get,
- getRequest.TraceId
- );
-
- if (getAuthorizationResult is ResourceAuthorizationResult.NotAuthorized notAuthorized)
- {
- if (notAuthorized is ResourceAuthorizationResult.NotAuthorized.WithHint notAuthorizedWithHint)
- {
- return new GetResult.GetFailureNotAuthorized(
- notAuthorizedWithHint.ErrorMessages,
- notAuthorizedWithHint.Hints
- );
- }
- return new GetResult.GetFailureNotAuthorized(notAuthorized.ErrorMessages);
- }
-
return new GetResult.GetSuccess(
getRequest.DocumentUuid,
documentSummary.EdfiDoc.Deserialize()!,
diff --git a/src/dms/backend/EdFi.DataManagementService.Backend.Postgresql/Operation/SqlAction.cs b/src/dms/backend/EdFi.DataManagementService.Backend.Postgresql/Operation/SqlAction.cs
index 9cc2a66c0..c45568058 100644
--- a/src/dms/backend/EdFi.DataManagementService.Backend.Postgresql/Operation/SqlAction.cs
+++ b/src/dms/backend/EdFi.DataManagementService.Backend.Postgresql/Operation/SqlAction.cs
@@ -39,21 +39,6 @@ private static async Task ExtractDocumentFrom(NpgsqlDataReader reader)
IsDescriptor: reader.GetBoolean(reader.GetOrdinal("IsDescriptor")),
ProjectName: reader.GetString(reader.GetOrdinal("ProjectName")),
EdfiDoc: await reader.GetFieldValueAsync(reader.GetOrdinal("EdfiDoc")),
- SecurityElements: await reader.GetFieldValueAsync(
- reader.GetOrdinal("SecurityElements")
- ),
- StudentSchoolAuthorizationEdOrgIds: await reader.GetFieldValueAsync(
- reader.GetOrdinal("StudentSchoolAuthorizationEdOrgIds")
- ),
- StudentEdOrgResponsibilityAuthorizationIds: await reader.GetFieldValueAsync(
- reader.GetOrdinal("StudentEdOrgResponsibilityAuthorizationIds")
- ),
- ContactStudentSchoolAuthorizationEdOrgIds: await reader.GetFieldValueAsync(
- reader.GetOrdinal("ContactStudentSchoolAuthorizationEdOrgIds")
- ),
- StaffEducationOrganizationAuthorizationEdOrgIds: await reader.GetFieldValueAsync(
- reader.GetOrdinal("StaffEducationOrganizationAuthorizationEdOrgIds")
- ),
CreatedAt: reader.GetDateTime(reader.GetOrdinal("CreatedAt")),
LastModifiedAt: reader.GetDateTime(reader.GetOrdinal("LastModifiedAt")),
LastModifiedTraceId: reader.GetString(reader.GetOrdinal("LastModifiedTraceId"))
@@ -74,7 +59,7 @@ TraceId traceId
)
{
await using NpgsqlCommand command = new(
- $@"SELECT EdfiDoc, SecurityElements, LastModifiedAt, LastModifiedTraceId, Id FROM dms.Document WHERE DocumentPartitionKey = $1 AND DocumentUuid = $2 AND ResourceName = $3 {SqlBuilder.SqlFor(LockOption.BlockUpdateDelete)};",
+ $@"SELECT EdfiDoc, LastModifiedAt, LastModifiedTraceId, Id FROM dms.Document WHERE DocumentPartitionKey = $1 AND DocumentUuid = $2 AND ResourceName = $3 {SqlBuilder.SqlFor(LockOption.BlockUpdateDelete)};",
connection,
transaction
)
@@ -99,9 +84,6 @@ TraceId traceId
return new DocumentSummary(
EdfiDoc: await reader.GetFieldValueAsync(reader.GetOrdinal("EdfiDoc")),
- SecurityElements: await reader.GetFieldValueAsync(
- reader.GetOrdinal("SecurityElements")
- ),
LastModifiedAt: reader.GetDateTime(reader.GetOrdinal("LastModifiedAt")),
LastModifiedTraceId: reader.GetString(reader.GetOrdinal("LastModifiedTraceId")),
DocumentId: reader.GetInt64(reader.GetOrdinal("Id"))
@@ -177,132 +159,6 @@ private static JsonNode CreateJsonFromPath(string path, object value)
return result;
}
- ///
- /// Inspects the and determines which security
- /// elements (such as Namespace, EducationOrganization, Student, Contact, or Staff) should be enforced in the query.
- /// It appends the appropriate SQL WHERE conditions and parameters to the provided lists.
- ///
- private void AddAuthorizationFilters(
- IQueryRequest queryRequest,
- List andConditions,
- List parameters
- )
- {
- // Helper to get all values from filters based on the filter type
- List GetFilterValues(
- string filterType = SecurityElementNameConstants.EducationOrganization
- ) =>
- queryRequest
- .AuthorizationStrategyEvaluators.SelectMany(evaluator =>
- evaluator
- .Filters.Where(f => f.GetType().Name == filterType)
- .Select(f => f.Value?.ToString())
- .Where(ns => !string.IsNullOrEmpty(ns))
- .Cast()
- )
- .Distinct()
- .ToList();
-
- foreach (var authorizationSecurableInfo in queryRequest.AuthorizationSecurableInfo)
- {
- switch (authorizationSecurableInfo.SecurableKey)
- {
- case SecurityElementNameConstants.Namespace:
- var namespaces = GetFilterValues(SecurityElementNameConstants.Namespace);
- BuildNamespaceFilter(namespaces);
- break;
-
- case SecurityElementNameConstants.EducationOrganization:
- var edOrgIds = GetFilterValues();
- BuildEducationOrganizationFilter(edOrgIds);
- break;
-
- case SecurityElementNameConstants.StudentUniqueId:
- var studentEdOrgIds = GetFilterValues();
- BuildStudentFilter(studentEdOrgIds);
- break;
-
- case SecurityElementNameConstants.ContactUniqueId:
- var contactEdOrgIds = GetFilterValues();
- BuildContactFilter(contactEdOrgIds);
- break;
-
- case SecurityElementNameConstants.StaffUniqueId:
- var staffEdOrgIds = GetFilterValues();
- BuildStaffFilter(staffEdOrgIds);
- break;
- }
- }
-
- void BuildNamespaceFilter(List namespaces)
- {
- if (namespaces.Count == 0)
- {
- return;
- }
-
- var namespaceConditions = new List();
-
- foreach (var ns in namespaces)
- {
- namespaceConditions.Add($"SecurityElements->'Namespace'->>0 LIKE ${parameters.Count + 1}");
- parameters.Add(new NpgsqlParameter { Value = $"{ns}%" });
- }
-
- var where = string.Join(" OR ", namespaceConditions);
- andConditions.Add($"({where})");
- }
-
- void BuildEducationOrganizationFilter(List edOrgIds)
- {
- if (edOrgIds.Count == 0)
- {
- return;
- }
-
- andConditions.Add(
- $@"
- SecurityElements->'EducationOrganization'->0->>'Id' = ANY(
- ARRAY(SELECT jsonb_array_elements_text(hierarchy) FROM dms.educationorganizationhierarchytermslookup WHERE id = ANY(${parameters.Count + 1}))::text[]
- )"
- );
- parameters.Add(new NpgsqlParameter { Value = edOrgIds.Select(long.Parse).ToArray() });
- }
-
- void BuildStudentFilter(List studentEdOrgIds)
- {
- if (studentEdOrgIds.Count == 0)
- {
- return;
- }
-
- andConditions.Add($"studentschoolauthorizationedorgids ?| ${parameters.Count + 1}");
- parameters.Add(new NpgsqlParameter { Value = studentEdOrgIds });
- }
-
- void BuildContactFilter(List contactEdOrgIds)
- {
- if (contactEdOrgIds.Count == 0)
- {
- return;
- }
-
- andConditions.Add($"contactstudentschoolauthorizationedorgids ?| ${parameters.Count + 1}");
- parameters.Add(new NpgsqlParameter { Value = contactEdOrgIds });
- }
-
- void BuildStaffFilter(List staffEdOrgIds)
- {
- if (staffEdOrgIds.Count == 0)
- {
- return;
- }
-
- andConditions.Add($"staffeducationorganizationauthorizationedorgids ?| ${parameters.Count + 1}");
- parameters.Add(new NpgsqlParameter { Value = staffEdOrgIds });
- }
- }
-
///
/// Adds WHERE clause conditions and parameters to the SQL query based on the provided query string filters.
///
@@ -351,7 +207,6 @@ CancellationToken cancellationToken
var parameters = new List { new() { Value = resourceName } };
AddQueryFilters(queryRequest.QueryElements, andConditions, parameters);
- AddAuthorizationFilters(queryRequest, andConditions, parameters);
string where = string.Join(" AND ", andConditions);
@@ -406,7 +261,6 @@ TraceId traceId
var parameters = new List { new() { Value = resourceName } };
AddQueryFilters(queryRequest.QueryElements, andConditions, parameters);
- AddAuthorizationFilters(queryRequest, andConditions, parameters);
string where = string.Join(" AND ", andConditions);
@@ -442,12 +296,12 @@ NpgsqlTransaction transaction
await using var command = new NpgsqlCommand(
@"
WITH Documents AS (
- INSERT INTO dms.Document (DocumentPartitionKey, DocumentUuid, ResourceName, ResourceVersion, IsDescriptor, ProjectName, EdfiDoc, SecurityElements, StudentSchoolAuthorizationEdOrgIds, StudentEdOrgResponsibilityAuthorizationIds, ContactStudentSchoolAuthorizationEdOrgIds, StaffEducationOrganizationAuthorizationEdOrgIds, LastModifiedTraceId)
- VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12, $13)
+ INSERT INTO dms.Document (DocumentPartitionKey, DocumentUuid, ResourceName, ResourceVersion, IsDescriptor, ProjectName, EdfiDoc, LastModifiedTraceId)
+ VALUES ($1, $2, $3, $4, $5, $6, $7, $8)
RETURNING Id
)
INSERT INTO dms.Alias (ReferentialPartitionKey, ReferentialId, DocumentId, DocumentPartitionKey)
- SELECT $14, $15, Id, $1 FROM Documents RETURNING DocumentId;
+ SELECT $9, $10, Id, $1 FROM Documents RETURNING DocumentId;
",
connection,
transaction
@@ -462,31 +316,6 @@ INSERT INTO dms.Alias (ReferentialPartitionKey, ReferentialId, DocumentId, Docum
new() { Value = document.IsDescriptor },
new() { Value = document.ProjectName },
new() { Value = document.EdfiDoc },
- new() { Value = document.SecurityElements },
- new()
- {
- Value = document.StudentSchoolAuthorizationEdOrgIds.HasValue
- ? document.StudentSchoolAuthorizationEdOrgIds
- : DBNull.Value,
- },
- new()
- {
- Value = document.StudentEdOrgResponsibilityAuthorizationIds.HasValue
- ? document.StudentEdOrgResponsibilityAuthorizationIds
- : DBNull.Value,
- },
- new()
- {
- Value = document.ContactStudentSchoolAuthorizationEdOrgIds.HasValue
- ? document.ContactStudentSchoolAuthorizationEdOrgIds
- : DBNull.Value,
- },
- new()
- {
- Value = document.StaffEducationOrganizationAuthorizationEdOrgIds.HasValue
- ? document.StaffEducationOrganizationAuthorizationEdOrgIds
- : DBNull.Value,
- },
new() { Value = document.LastModifiedTraceId },
new() { Value = referentialPartitionKey },
new() { Value = referentialId },
@@ -517,12 +346,7 @@ TraceId traceId
@"UPDATE dms.Document
SET EdfiDoc = $1,
LastModifiedAt = clock_timestamp(),
- LastModifiedTraceId = $4,
- SecurityElements = $5,
- StudentSchoolAuthorizationEdOrgIds = $6,
- StudentEdOrgResponsibilityAuthorizationIds = $7,
- ContactStudentSchoolAuthorizationEdOrgIds = $8,
- StaffEducationOrganizationAuthorizationEdOrgIds = $9
+ LastModifiedTraceId = $4
WHERE DocumentPartitionKey = $2 AND DocumentUuid = $3
RETURNING Id;",
connection,
@@ -535,31 +359,6 @@ TraceId traceId
new() { Value = documentPartitionKey },
new() { Value = documentUuid },
new() { Value = traceId.Value },
- new() { Value = securityElements },
- new()
- {
- Value = studentSchoolAuthorizationEdOrgIds.HasValue
- ? studentSchoolAuthorizationEdOrgIds
- : DBNull.Value,
- },
- new()
- {
- Value = studentEdOrgResponsibilityAuthorizationIds.HasValue
- ? studentEdOrgResponsibilityAuthorizationIds
- : DBNull.Value,
- },
- new()
- {
- Value = contactStudentSchoolAuthorizationEdOrgIds.HasValue
- ? contactStudentSchoolAuthorizationEdOrgIds
- : DBNull.Value,
- },
- new()
- {
- Value = staffEducationOrganizationAuthorizationEdOrgIds.HasValue
- ? staffEducationOrganizationAuthorizationEdOrgIds
- : DBNull.Value,
- },
},
};
@@ -999,6 +798,7 @@ public async Task UpdateEducationOrganizationHierarchy(
NpgsqlTransaction transaction
)
{
+ return 0;
await using NpgsqlCommand updateCommand = new(
$@"UPDATE dms.EducationOrganizationHierarchy
SET ParentId = (SELECT Id FROM dms.EducationOrganizationHierarchy WHERE EducationOrganizationId = $4)
diff --git a/src/dms/backend/EdFi.DataManagementService.Backend.Postgresql/Operation/UpsertDocument.cs b/src/dms/backend/EdFi.DataManagementService.Backend.Postgresql/Operation/UpsertDocument.cs
index 8b08c5898..ec7119640 100644
--- a/src/dms/backend/EdFi.DataManagementService.Backend.Postgresql/Operation/UpsertDocument.cs
+++ b/src/dms/backend/EdFi.DataManagementService.Backend.Postgresql/Operation/UpsertDocument.cs
@@ -57,10 +57,6 @@ public async Task AsInsert(
IUpsertRequest upsertRequest,
DocumentReferenceIds documentReferenceIds,
DocumentReferenceIds descriptorReferenceIds,
- JsonElement? studentSchoolAuthorizationEducationOrganizationIds,
- JsonElement? studentEdOrgResponsibilityAuthorizationIds,
- JsonElement? contactStudentSchoolAuthorizationEducationOrganizationIds,
- JsonElement? staffEducationOrganizationAuthorizationEdOrgIds,
NpgsqlConnection connection,
NpgsqlTransaction transaction,
TraceId traceId
@@ -115,11 +111,6 @@ TraceId traceId
IsDescriptor: upsertRequest.ResourceInfo.IsDescriptor,
ProjectName: upsertRequest.ResourceInfo.ProjectName.Value,
EdfiDoc: JsonSerializer.Deserialize(upsertRequest.EdfiDoc),
- SecurityElements: upsertRequest.DocumentSecurityElements.ToJsonElement(),
- StudentSchoolAuthorizationEdOrgIds: studentSchoolAuthorizationEducationOrganizationIds,
- StudentEdOrgResponsibilityAuthorizationIds: studentEdOrgResponsibilityAuthorizationIds,
- ContactStudentSchoolAuthorizationEdOrgIds: contactStudentSchoolAuthorizationEducationOrganizationIds,
- StaffEducationOrganizationAuthorizationEdOrgIds: staffEducationOrganizationAuthorizationEdOrgIds,
LastModifiedTraceId: traceId.Value
),
PartitionKeyFor(upsertRequest.DocumentInfo.ReferentialId).Value,
@@ -194,30 +185,6 @@ await _sqlAction.InsertAlias(
}
}
- if (upsertRequest.ResourceInfo.EducationOrganizationHierarchyInfo.IsInEducationOrganizationHierarchy)
- {
- await _sqlAction.InsertEducationOrganizationHierarchy(
- upsertRequest.ResourceInfo.ProjectName.Value,
- upsertRequest.ResourceInfo.ResourceName.Value,
- upsertRequest.ResourceInfo.EducationOrganizationHierarchyInfo.Id,
- upsertRequest.ResourceInfo.EducationOrganizationHierarchyInfo.ParentId,
- newDocumentId,
- documentPartitionKey,
- connection,
- transaction
- );
- }
-
- // Insert the SecurableDocument
- await DocumentAuthorizationHelper.InsertSecurableDocument(
- upsertRequest,
- newDocumentId,
- documentPartitionKey,
- connection,
- transaction,
- _sqlAction
- );
-
_logger.LogDebug("Upsert success as insert - {TraceId}", upsertRequest.TraceId.Value);
return new UpsertResult.InsertSuccess(upsertRequest.DocumentUuid);
}
@@ -457,10 +424,6 @@ is ResourceAuthorizationResult.NotAuthorized.WithHint notAuthorizedWithHint
upsertRequest,
documentReferenceIds,
descriptorReferenceIds,
- studentSchoolAuthorizationEdOrgIds,
- studentEdOrgResponsibilityAuthorizationIds,
- contactStudentSchoolAuthorizationEdOrgIds,
- staffEducationOrganizationAuthorizationEdOrgIds,
connection,
transaction,
upsertRequest.TraceId
diff --git a/src/dms/core/EdFi.DataManagementService.Core/Backend/ResourceAuthorizationHandler.cs b/src/dms/core/EdFi.DataManagementService.Core/Backend/ResourceAuthorizationHandler.cs
index 89b48a16f..aca9d721e 100644
--- a/src/dms/core/EdFi.DataManagementService.Core/Backend/ResourceAuthorizationHandler.cs
+++ b/src/dms/core/EdFi.DataManagementService.Core/Backend/ResourceAuthorizationHandler.cs
@@ -29,6 +29,7 @@ public async Task Authorize(
TraceId traceId
)
{
+ return new ResourceAuthorizationResult.Authorized();
logger.LogInformation(
"Entering ResourceAuthorizationHandler. OperationType:{OperationType}, AuthorizationStrategyCount:{StrategyCount} TraceId:{TraceId}",
operationType,