diff --git a/docs/database_schema.sql b/docs/database_schema.sql deleted file mode 100644 index 27fa1c4..0000000 --- a/docs/database_schema.sql +++ /dev/null @@ -1,167 +0,0 @@ --- Database Migration for RBAC + ABAC Authorization --- Run this script to set up the authorization tables - --- Note: The tables are already populated with your data --- This script is provided for reference and documentation - --- ============================================================ --- TABLE: permissions --- Stores all system permissions (resource + action) --- ============================================================ -CREATE TABLE IF NOT EXISTS permissions ( - id INT AUTO_INCREMENT PRIMARY KEY, - permission_name VARCHAR(100) NOT NULL, - description TEXT, - resource VARCHAR(100) NOT NULL, - action VARCHAR(50) NOT NULL, - UNIQUE KEY unique_permission (resource, action), - INDEX idx_resource_action (resource, action) -) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4; - --- ============================================================ --- TABLE: policy_attributes --- Stores ABAC policy constraints for permissions --- ============================================================ -CREATE TABLE IF NOT EXISTS policy_attributes ( - id INT AUTO_INCREMENT PRIMARY KEY, - attribute_name VARCHAR(100) NOT NULL, - attribute_type ENUM('user', 'resource', 'environment') NOT NULL, - comparison ENUM('=', '!=', '>', '<', '>=', '<=', 'IN', 'CONTAINS', 'STARTS_WITH', 'ENDS_WITH') NOT NULL, - attribute_value VARCHAR(255) NOT NULL, - permission_id INT NOT NULL, - INDEX idx_permission_id (permission_id), - FOREIGN KEY (permission_id) REFERENCES permissions(id) ON DELETE CASCADE -) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4; - --- ============================================================ --- TABLE: user_attributes --- Stores user-specific attributes for ABAC evaluation --- ============================================================ -CREATE TABLE IF NOT EXISTS user_attributes ( - id INT AUTO_INCREMENT PRIMARY KEY, - user_id CHAR(11) NOT NULL, - attribute_name VARCHAR(100) NOT NULL, - attribute_value VARCHAR(255) NOT NULL, - INDEX idx_user_id (user_id), - UNIQUE KEY unique_user_attribute (user_id, attribute_name) -) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4; - --- ============================================================ --- TABLE: users --- Main user table (already exists in your schema) --- ============================================================ -CREATE TABLE IF NOT EXISTS users ( - user_id CHAR(11) PRIMARY KEY, - first_name VARCHAR(50) NOT NULL, - middle_initial CHAR(1), - last_name VARCHAR(50) NOT NULL, - suffix VARCHAR(10), - email_address VARCHAR(60) NOT NULL, - account_type VARCHAR(60) NOT NULL, - emp_id VARCHAR(50), - reg CHAR(2), - prov CHAR(3), - aProv CHAR(3), - mun CHAR(2), - bgy CHAR(3), - is_logged_in CHAR(2) DEFAULT 'N', - first_logged_in CHAR(2) DEFAULT 'N', - address VARCHAR(255), - contact_number VARCHAR(13), - device_id VARCHAR(50), - role_id INT, - role_dps INT, - is_deleted VARCHAR(2) DEFAULT 'N', - secret_key VARCHAR(100), - is_activated VARCHAR(2) DEFAULT 'Y', - created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP, - updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP, - INDEX idx_email (email_address), - INDEX idx_role (role_id) -) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4; - --- ============================================================ --- EXAMPLE: Adding a New Permission --- ============================================================ --- Step 1: Insert the permission -/* -INSERT INTO permissions (permission_name, description, resource, action) -VALUES ('Delete User Account', 'Permanently delete a user account', 'users', 'delete'); - --- Step 2: Add ABAC policies (optional) -INSERT INTO policy_attributes (attribute_name, attribute_type, comparison, attribute_value, permission_id) -VALUES - ('role', 'user', '=', 'Super Admin', LAST_INSERT_ID()), - ('is_activated', 'resource', '=', 'N', LAST_INSERT_ID()); -*/ - --- ============================================================ --- EXAMPLE: Adding User Attributes --- ============================================================ -/* -INSERT INTO user_attributes (user_id, attribute_name, attribute_value) -VALUES - ('U0000000005', 'region', '02'), - ('U0000000005', 'role', 'Regional Admin'), - ('U0000000005', 'action_user_role', 'Regional Administrator'), - ('U0000000005', 'role_dps', '1'); -*/ - --- ============================================================ --- INDEXES for Performance --- ============================================================ --- These should already be created by the CREATE TABLE statements above --- but are listed here for reference: - --- permissions table -ALTER TABLE permissions ADD INDEX IF NOT EXISTS idx_resource_action (resource, action); - --- policy_attributes table -ALTER TABLE policy_attributes ADD INDEX IF NOT EXISTS idx_permission_id (permission_id); - --- user_attributes table -ALTER TABLE user_attributes ADD INDEX IF NOT EXISTS idx_user_id (user_id); - --- users table -ALTER TABLE users ADD INDEX IF NOT EXISTS idx_is_deleted (is_deleted); - --- ============================================================ --- VERIFICATION QUERIES --- ============================================================ - --- Check permissions count --- SELECT COUNT(*) as total_permissions FROM permissions; - --- Check policies count --- SELECT COUNT(*) as total_policies FROM policy_attributes; - --- Check user attributes count --- SELECT COUNT(*) as total_user_attributes FROM user_attributes; - --- View permissions with their policies -/* -SELECT - p.id, - p.permission_name, - p.resource, - p.action, - COUNT(pa.id) as policy_count -FROM permissions p -LEFT JOIN policy_attributes pa ON p.id = pa.permission_id -GROUP BY p.id -ORDER BY p.id; -*/ - --- View user with all attributes -/* -SELECT - u.user_id, - u.first_name, - u.last_name, - ua.attribute_name, - ua.attribute_value -FROM users u -LEFT JOIN user_attributes ua ON u.user_id = ua.user_id -WHERE u.user_id = 'U0000000001' -ORDER BY ua.attribute_name; -*/