Я не могу понять, почему хранимая процедура возвращает Allow = 1 в наборе результатов. Я отредактировал, чтобы добавить больше контекста к вопросам, в основном эта хранимая процедура выполняет авторизацию на основе результата, если результирующий набор скажет: Разрешить: 0, Раскрыть: 1, Кэш: 1, соответствующие URI не зарегистрированы, однако, если результирующий набор Допустимо: 1, Раскрытие: 1, Кэш: 1, зарегистрирован URI.
CREATE PROCEDURE [Auth].[Authorize]
@Router nvarchar(64),
@Realm nvarchar(64),
@Action nvarchar(64),
@URI nvarchar(256),
@Match nvarchar(64) = NULL,
@SessionID bigint,
@AuthProvider nvarchar(64),
@AuthMethod nvarchar(64),
@AuthID nvarchar(64),
@AuthRole nvarchar(64),
@TransportPeer nvarchar(64),
@TransportType nvarchar(64),
@TransportProtocol nvarchar(64),
@TransportUserAgent nvarchar(256) = NULL,
@TransportForwardedFor nvarchar(64) = NULL,
@F5AuthenticatedDN nvarchar(256) = NULL,
@F5AuthenticatedClient nvarchar(64) = NULL,
@Groups GroupsType READONLY
AS
SELECT
CAST(
CASE
WHEN
COUNT(*) > 0 AND
COUNT(DISTINCT CASE WHEN pp.IsAllowed = 0 THEN 1 END) = 0
THEN 1
ELSE 0
END
AS bit) AS Allow,
CAST(1 AS bit) AS Disclose,
CAST(1 AS bit) AS Cache
FROM Auth.Permissions AS pm
JOIN WAMP.MessageTypes AS mt ON pm.MessageTypeID = mt.ID
JOIN Auth.PrincipalPermissions AS pp ON pm.ID = pp.PermissionID
JOIN Auth.Principals AS pr ON pp.PrincipalID = pr.ID
JOIN Auth.PrincipalTypes AS pt ON pr.PrincipalTypeID = pt.ID
WHERE
(
(pt.Name = 'role' AND pr.Name = 'system')
/***
OR
(pt.Name = 'system' AND pr.Name = 'UATDSG')
OR
(pt.Name = 'group' AND pr.Name IN (SELECT Name FROM @Groups))
**/
) AND
pr.IsEnabled = 1 AND
pm.IsEnabled = 1 AND
mt.Name = 'publish' AND
'com.XXXX.XX.systems.XXXXX.heartbeat' LIKE pm.URI ESCAPE '\'
RETURN 0
Я не очень хорош в хранимой процедуре и этой хранимой процедуре.
у нас есть следующие таблицы в базе данных
CREATE TABLE [Auth].[Permissions](
[ID] [int] IDENTITY(1,1) NOT FOR REPLICATION NOT NULL,
[URI] [nvarchar](128) NOT NULL,
[MessageTypeID] [int] NOT NULL,
[Description] [nvarchar](512) NULL,
[IsEnabled] [bit] NOT NULL,
CREATE TABLE [Auth].[PrincipalPermissions](
[ID] [bigint] IDENTITY(1,1) NOT FOR REPLICATION NOT NULL,
[PrincipalID] [int] NOT NULL,
[PermissionID] [int] NOT NULL,
[IsAllowed] [bit] NOT NULL,
CREATE TABLE [Auth].[Principals](
[ID] [int] IDENTITY(1,1) NOT FOR REPLICATION NOT NULL,
[PrincipalTypeID] [int] NOT NULL,
[Name] [nvarchar](64) NOT NULL,
[IsEnabled] [bit] NOT NULL,
CREATE TABLE [Auth].[PrincipalTypes](
[ID] [int] IDENTITY(1,1) NOT FOR REPLICATION NOT NULL,
[Name] [nvarchar](64) NOT NULL,
CREATE TABLE [WAMP].[MessageTypes](
[ID] [int] NOT NULL,
[Name] [nvarchar](32) NOT NULL,
Result Set:
Allow Disclose Cache
1 1 1
SELECT TOP (1000) [ID]
,[URI]
,[MessageTypeID]
,[Description]
,[IsEnabled]
FROM [Auth].[Permissions]
ID URI MessageTypeID Description IsEnabled
3 % 32 NULL 1
4 % 16 NULL 1
5 % 64 NULL 1
6 % 48 NULL 1
131 com.XXXX.XX.systems.%.heartbeat 16 NULL 1
157 com.XXXX.XX.systems.mfg-%.heartbeat 16 NULL 1
160 com.XXXX.XX.systems.mfg-%.heartbeat 32 NULL 1
161 com.XXXX.XX.systems.%.heartbeat 32 NULL 1
SELECT TOP (1000) [ID]
,[PrincipalID]
,[PermissionID]
,[IsAllowed]
FROM [Auth].[PrincipalPermissions]
ID PrincipalID PermissionID IsAllowed
1 1 1 1
4 1 9 1
5 1 10 1
6 2 1 1
7 2 12 1
8 2 13 1
9 3 1 1
10 3 3 1
11 3 4 1
12 3 5 1
13 3 6 1
14 5 10 1
15 6 10 1
16 1 15 1
17 1 16 1
18 1 17 1
19 1 18 1
20 1 19 1
21 1 20 1
22 1 21 1
23 1 22 1
24 1 23 1
25 1 24 1
26 1 25 1
27 1 26 1
28 1 27 1
29 1 28 1
30 1 29 1
31 1 30 1
32 1 31 1
33 1 32 1
34 1 33 1
35 1 34 1
36 1 35 1
40 4 39 1
42 7 40 1
47 1 42 1
48 2 43 1
49 1 45 1
50 1 44 1
51 8 38 1
52 6 46 1
53 6 47 1
55 6 1 1
57 5 50 1
58 5 51 1
59 5 41 1
60 7 41 1
61 9 41 1
62 7 52 1
63 7 51 1
64 4 53 1
65 7 54 1
66 10 55 1
67 11 1 1
68 6 38 1
69 6 56 1
70 8 47 1
71 12 56 1
72 12 57 1
73 12 58 1
74 12 59 1
75 12 60 1
76 12 38 1
77 5 61 1
78 5 39 1
80 13 63 1
81 5 63 1
82 14 64 1
83 14 52 1
84 7 65 1
85 7 39 1
86 15 63 1
87 7 63 1
88 10 66 0
89 6 67 1
90 6 68 1
91 12 66 1
92 16 39 1
93 16 63 1
94 17 69 1
95 14 69 1
96 14 39 1
97 7 70 1
98 7 71 1
99 7 69 1
100 6 72 1
101 6 73 1
102 17 74 1
103 12 1 1
104 12 75 1
105 12 76 1
106 3 49 1
107 5 77 1
108 10 63 1
109 10 1 1
110 10 56 1
111 11 3 1
112 11 78 1
113 5 78 1
114 5 79 1
115 11 6 1
116 1 80 1
117 1 81 1
118 2 82 1
119 2 83 1
120 1 84 1
121 1 85 1
122 1 86 1
123 1 87 1
124 1 88 1
125 1 89 1
126 1 90 1
127 1 91 1
128 1 92 1
129 1 93 1
130 1 94 1
131 1 95 1
132 1 96 1
133 1 97 1
134 1 98 1
135 1 99 1
136 1 100 1
137 1 101 1
138 1 102 1
139 1 103 1
140 1 104 1
141 1 105 1
143 18 10 1
144 18 50 1
145 18 51 1
146 18 41 1
147 18 61 1
148 18 39 1
149 18 63 1
150 18 77 1
151 18 78 1
152 18 79 1
153 5 3 1
154 5 4 1
155 5 5 1
156 5 6 1
157 1 107 1
158 4 3 1
159 4 4 1
160 4 5 1
161 4 6 1
162 11 4 1
163 11 5 1
164 20 1 1
165 20 3 1
166 20 78 1
167 20 6 1
168 20 4 1
169 20 5 1
170 19 1 1
171 19 3 1
172 19 78 1
173 19 6 1
174 19 4 1
175 19 5 1
176 19 1 1
177 19 3 1
178 19 78 1
179 19 6 1
180 19 4 1
181 19 5 1
182 21 1 1
183 21 3 1
184 21 78 1
185 21 6 1
186 21 4 1
187 21 5 1
188 1 108 1
189 1 109 1
190 22 1 1
191 22 3 1
192 22 78 1
193 22 6 1
194 22 4 1
195 22 5 1
196 23 1 1
197 23 3 1
198 23 78 1
199 23 6 1
200 23 4 1
201 23 5 1
202 24 1 1
203 24 3 1
204 24 78 1
205 24 6 1
206 24 4 1
207 24 5 1
208 25 1 1
209 25 3 1
210 25 78 1
211 25 6 1
212 25 4 1
213 25 5 1
214 26 1 1
215 26 3 1
216 26 78 1
217 26 6 1
218 26 4 1
219 26 5 1
220 27 1 1
221 27 3 1
222 27 78 1
223 27 6 1
224 27 4 1
225 27 5 1
226 28 1 1
227 28 3 1
228 28 78 1
229 28 6 1
230 28 4 1
231 28 5 1
232 28 1 1
233 28 3 1
234 28 78 1
235 28 6 1
236 28 4 1
237 28 5 1
238 29 1 1
239 29 3 1
240 29 78 1
241 29 6 1
242 29 4 1
243 29 5 1
244 30 1 1
245 30 3 1
246 30 78 1
247 30 6 1
248 30 4 1
249 30 5 1
257 1 106 1
258 1 110 1
259 1 111 1
260 1 112 1
261 33 113 1
262 33 114 1
263 33 115 1
264 1 117 1
265 1 118 1
266 1 119 1
267 1 120 1
268 1 121 1
269 1 122 1
270 1 123 1
271 1 124 1
272 1 125 1
273 1 126 1
274 1 127 1
275 1 128 1
276 1 129 1
277 1 130 1
278 1 131 1
279 1 132 1
280 1 133 1
281 1 134 1
282 1 135 1
283 1 136 1
284 1 137 1
285 1 138 1
286 1 139 1
287 1 140 1
288 1 141 1
289 1 142 1
290 1 143 1
291 1 144 1
292 1 145 1
293 1 146 1
294 1 147 1
295 1 148 1
296 1 149 1
297 1 150 1
298 1 151 1
299 1 152 1
300 1 153 1
301 1 154 1
302 1 155 1
303 1 156 1
304 4 117 1
305 4 118 1
306 4 119 1
307 4 120 1
308 4 121 1
309 4 122 1
310 4 123 1
311 4 124 1
312 4 125 1
313 4 126 1
314 4 127 1
315 4 128 1
316 4 129 1
317 4 130 1
318 4 131 1
319 4 132 1
320 4 133 1
321 4 134 1
322 4 135 1
323 4 136 1
324 4 137 1
325 4 138 1
326 4 139 1
327 4 140 1
328 4 141 1
329 4 142 1
330 4 143 1
331 4 144 1
332 4 145 1
333 4 146 1
334 4 147 1
335 4 148 1
336 4 149 1
337 4 150 1
338 4 151 1
339 4 152 1
340 4 153 1
341 4 154 1
342 4 155 1
343 4 156 1
344 6 161 1
/****** Script for SelectTopNRows command from SSMS ******/
SELECT TOP (1000) [ID]
,[PrincipalTypeID]
,[Name]
,[IsEnabled]
FROM [Auth].[Principals]
ID PrincipalTypeID Name IsEnabled
1 3 system 1
2 3 user 1
3 3 service 1
35 4 ManufacturingSystem 1
SELECT TOP (1000) [ID]
,[Name]
FROM [Auth].[PrincipalTypes]
ID Name
2 group
3 role
4 system
1 user
/****** Script for SelectTopNRows command from SSMS ******/
SELECT TOP (1000) [ID]
,[Name]
FROM [WAMP].[MessageTypes]
ID Name
3 abort
5 authenticate
48 call
49 cancel
4 challenge
8 error
36 event
6 goodbye
1 hello
69 interrupt
68 invocation
16 publish
17 published
64 register
65 registered
50 result
32 subscribe
33 subscribed
66 unregister
67 unregistered
34 unsubscribe
35 unsubscribed
2 welcome
70 yield