Update Permission and Frozen filters to support Indices (#1912)

* WIP for efficient row permission filtering

* WIP for efficient row permission filtering

* #1756 Work In Progress

* #1756 Work In Progress

* #1756 Work In Progress

* #1756 Work In Progress

* #1756 Work In Progress

* #1756 Work In Progress

* #1756 Work In Progress

* #1756 Work In Progress

* #1756 Work In Progress

* #1756 Work In Progress

* #1756 Work In Progress

* #1756 Work In Progress

* #1756 Work In Progress

* #1756 Work In Progress

* #1756 Work In Progress

* #1756 Final part

* #1756 Polish

Author: stonesmi

benchmark/src/main/java/org/finos/vuu/benchmark/BenchmarkHelper.java

@@ -8,6 +8,7 @@
 import org.finos.vuu.api.Index;
 import org.finos.vuu.api.Indices;
 import org.finos.vuu.api.TableDef;
+import org.finos.vuu.core.filter.type.AllowAllPermissionFilter$;
 import org.finos.vuu.core.table.Column;
 import org.finos.vuu.core.table.Columns;
 import org.finos.vuu.core.table.InMemDataTable;
@@ -85,6 +86,7 @@ public TreeBuilder createTreeBuilder(InMemDataTable table) {
                 Option.empty(),
                 Option.empty(),
                 BuildEntireTree.apply(groupByTable, Option.empty()),
+                AllowAllPermissionFilter$.MODULE$,
                 Option.empty(),
                 clock);
     }

example/permission/src/main/scala/org/finos/vuu/core/module/auths/OrderPermissionChecker.scala

@@ -3,22 +3,22 @@ package org.finos.vuu.core.module.auths
 import org.finos.toolbox.lifecycle.{DefaultLifecycleEnabled, LifecycleContainer}
 import org.finos.toolbox.thread.LifeCycleRunner
 import org.finos.toolbox.time.Clock
-import org.finos.vuu.core.auths.RowPermissionChecker
+import org.finos.vuu.core.filter.`type`.PermissionFilter
 import org.finos.vuu.core.module.auths.PermissionModule.ColumnNames.Bitmask
-import org.finos.vuu.core.table.{RowData, RowWithData, TableContainer}
-import org.finos.vuu.viewport.ViewPort
+import org.finos.vuu.core.table.{RowData, RowWithData, TableContainer, TablePrimaryKeys}
+import org.finos.vuu.viewport.{RowSource, ViewPort}
 
-class OrderPermissionChecker(val vp: ViewPort, tableContainer: TableContainer)(implicit lifecycle: LifecycleContainer, clock: Clock) extends DefaultLifecycleEnabled with RowPermissionChecker {
+class OrderPermissionChecker(val vp: ViewPort, tableContainer: TableContainer)(using lifecycle: LifecycleContainer, clock: Clock)
+  extends DefaultLifecycleEnabled with PermissionFilter {
 
-  val reloadPermissionsThread = new LifeCycleRunner("reloadPermissions", runOnce, minCycleTime = 5_000)
+  private val reloadPermissionsThread = new LifeCycleRunner("reloadPermissions", runOnce, minCycleTime = 5_000)
+  private val permissionTable = tableContainer.getTable("permission")
+  private val filter = PermissionFilter(f => canSeeRow(f))
+  @volatile private var permissionUserMask = PermissionSet.NoPermissions
 
   lifecycle(this).dependsOn(reloadPermissionsThread)
-
   reloadPermissionsThread.doStart()
 
-  private val permissionTable = tableContainer.getTable("permission")
-  @volatile private var permissionUserMask = PermissionSet.NoPermissions
-
   def runOnce(): Unit = {
     val user = vp.user.name
     permissionUserMask = permissionTable.asTable.pullRow(user) match {
@@ -38,12 +38,17 @@ class OrderPermissionChecker(val vp: ViewPort, tableContainer: TableContainer)(i
     reloadPermissionsThread.doStop()
   }
 
-  override def canSeeRow(row: RowData): Boolean = {
+  override def hashCode(): Int = {
+      37 * vp.id.hashCode + permissionUserMask
+  }
+
+  override def doFilter(source: RowSource, primaryKeys: TablePrimaryKeys, firstInChain: Boolean): TablePrimaryKeys = {
+    filter.doFilter(source, primaryKeys, firstInChain)
+  }
+
+  private def canSeeRow(row: RowData): Boolean = {
     val mask = row.get("mask").asInstanceOf[Int]
     PermissionSet.hasRole(permissionUserMask, mask)
   }
 
-  override def hashCode(): Int = {
-      37 * vp.id.hashCode + permissionUserMask
-  }
 }

example/permission/src/test/scala/org/finos/vuu/core/module/auths/TestFriendlyPermissionChecker.scala

@@ -1,9 +1,9 @@
 package org.finos.vuu.api
 
-import org.finos.vuu.core.auths.RowPermissionChecker
+import org.finos.vuu.core.filter.`type`.{AllowAllPermissionFilter, PermissionFilter}
 import org.finos.vuu.core.module.ViewServerModule
 import org.finos.vuu.core.table.DefaultColumnNames.{CreatedTimeColumnName, LastUpdatedTimeColumnName}
-import org.finos.vuu.core.table._
+import org.finos.vuu.core.table.*
 import org.finos.vuu.feature.inmem.VuuInMemPluginLocator
 import org.finos.vuu.viewport.ViewPort
 
@@ -151,23 +151,19 @@ class TableDef(val name: String,
   private val updatedTimeColumn: SimpleColumn = SimpleColumn(LastUpdatedTimeColumnName, customColumns.length + 1, DataType.fromString("long"))
   val columns: Array[Column] = customColumns ++ Array(createdTimeColumn, updatedTimeColumn)
 
-  private var module: ViewServerModule = null;
-  private var permissionFunc: (ViewPort, TableContainer) => RowPermissionChecker = null
-
-  def withPermissions(func: (ViewPort, TableContainer) => RowPermissionChecker): TableDef = {
+  private var module: ViewServerModule = null
+  
+  private var permissionFunc: (ViewPort, TableContainer) => PermissionFilter = (_, _) => AllowAllPermissionFilter
+  
+  def withPermissions(func: (ViewPort, TableContainer) => PermissionFilter): TableDef = {
     permissionFunc = func
     this
   }
 
-  def permissionChecker(viewPort: ViewPort, tableContainer: TableContainer): Option[RowPermissionChecker] = {
-    if (permissionFunc != null) {
-      Some(permissionFunc(viewPort, tableContainer))
-    } else {
-      None
-    }
+  def permissionFilter(viewPort: ViewPort, tableContainer: TableContainer): PermissionFilter = {
+    permissionFunc.apply(viewPort, tableContainer)    
   }
 
-
   def deleteColumnName() = s"$name._isDeleted"
 
   def columnForName(name: String): Column = {
@@ -219,7 +215,7 @@ case class JoinTableDef(
 
   override def toString: String = s"JoinTableDef(name=$name)"
 
-  override def withPermissions(func: (ViewPort, TableContainer) => RowPermissionChecker): JoinTableDef = {
+  override def withPermissions(func: (ViewPort, TableContainer) => PermissionFilter): JoinTableDef = {
     super.withPermissions(func)
     this
   }

vuu/src/main/scala/org/finos/vuu/api/TableDef.scala

@@ -31,8 +31,8 @@ object VuuUser {
 }
 
 case class VuuUserImpl(name: String,
-                               expiry: Instant,
-                               authorizations: Set[String]) extends VuuUser {
+                       expiry: Instant,
+                       authorizations: Set[String]) extends VuuUser {
 
   override def withAuthorizations(authorizations: Set[String]): VuuUser = this.copy(authorizations = authorizations)