[ODS-6543] Update security metadata for StudentContactAssociation (an…

…d StudentParentAssociation) to eliminate unnecessary join - ReadChanges (#1176)

Application/EdFi.Ods.Api/Security/AuthorizationStrategies/Relationships/RelationshipsWithStudentsOnlyIncludingDeletesAuthorizationStrategy.cs

@@ -0,0 +1,51 @@
+// SPDX-License-Identifier: Apache-2.0
+// Licensed to the Ed-Fi Alliance under one or more agreements.
+// The Ed-Fi Alliance licenses this file to you under the Apache License, Version 2.0.
+// See the LICENSE and NOTICES files in the project root for more information.
+
+using System.Collections.Generic;
+using System.Linq;
+using EdFi.Ods.Common.Models;
+using EdFi.Ods.Common.Specifications;
+
+namespace EdFi.Ods.Api.Security.AuthorizationStrategies.Relationships
+{
+    [AuthorizationStrategyName(RelationshipAuthorizationStrategyName)]
+    public class RelationshipsWithStudentsOnlyIncludingDeletesAuthorizationStrategy
+        : RelationshipsAuthorizationStrategyBase
+    {
+        private const string RelationshipAuthorizationStrategyName = "RelationshipsWithStudentsOnlyIncludingDeletes";
+
+        private readonly IPersonEntitySpecification _personEntitySpecification;
+
+        public RelationshipsWithStudentsOnlyIncludingDeletesAuthorizationStrategy(
+            IDomainModelProvider domainModelProvider,
+            IPersonEntitySpecification personEntitySpecification)
+            : base(domainModelProvider)
+        {
+            _personEntitySpecification = personEntitySpecification;
+        }
+
+        protected override string AuthorizationStrategyName
+        {
+            get => RelationshipAuthorizationStrategyName;
+        }
+
+        protected override SubjectEndpoint[] GetAuthorizationSubjectEndpoints(
+            IEnumerable<(string name, object value)> authorizationContextTuples)
+        {
+            return authorizationContextTuples
+                .Select(
+                    nv =>
+                    {
+                        if (_personEntitySpecification.IsPersonIdentifier(nv.name))
+                        {
+                            return new SubjectEndpoint(nv, "IncludingDeletes");
+                        }
+
+                        return new SubjectEndpoint(nv);
+                    })
+                .ToArray();
+        }
+    }
+}

Application/EdFi.Ods.Standard/Standard/4.0.0/Artifacts/MsSql/Data/Security/0001-ResourceClaimMetadata.sql

@@ -88,6 +88,12 @@ BEGIN
     VALUES ('Relationships with Education Organizations and People (including deletes)', 'RelationshipsWithEdOrgsAndPeopleIncludingDeletes');
 END
 
+IF NOT EXISTS (SELECT 1 FROM [dbo].[AuthorizationStrategies] WHERE [AuthorizationStrategyName] = 'RelationshipsWithStudentsOnlyIncludingDeletes')
+BEGIN
+    INSERT INTO [dbo].[AuthorizationStrategies] ([DisplayName], [AuthorizationStrategyName])
+    VALUES ('Relationships With Students Only Including Deletes', 'RelationshipsWithStudentsOnlyIncludingDeletes');
+END
+
 /* ==================================================================================================================================== */
 
 /* --------------------------------- */

Application/EdFi.Ods.Standard/Standard/4.0.0/Artifacts/MsSql/Data/Security/2150-StudentParentAssociation-authorized-on-StudentOnly.sql

@@ -235,20 +235,19 @@ BEGIN
 
     SET @resourceClaimActionId = SCOPE_IDENTITY()
 
-
     SET @authorizationStrategyId = NULL
 
     SELECT @authorizationStrategyId = a.AuthorizationStrategyId
     FROM    dbo.AuthorizationStrategies a
-    WHERE   a.AuthorizationStrategyName = 'RelationshipsWithEdOrgsAndPeopleIncludingDeletes'
+    WHERE   a.AuthorizationStrategyName = 'RelationshipsWithStudentsOnlyIncludingDeletes'
 
     IF @authorizationStrategyId IS NULL
     BEGIN
-        SET @msg = 'AuthorizationStrategy does not exist: ''RelationshipsWithEdOrgsAndPeopleIncludingDeletes''';
+        SET @msg = 'AuthorizationStrategy does not exist: ''RelationshipsWithStudentsOnlyIncludingDeletes''';
         THROW 50000, @msg, 1
     END
 
-    PRINT 'Adding authorization strategy ''RelationshipsWithEdOrgsAndPeopleIncludingDeletes'' for resource claim ''' + @claimName + ''' (claimId=' + CONVERT(nvarchar, @claimId) + ').'
+    PRINT 'Adding authorization strategy ''RelationshipsWithStudentsOnlyIncludingDeletes'' for resource claim ''' + @claimName + ''' (claimId=' + CONVERT(nvarchar, @claimId) + ').'
     INSERT INTO dbo.ResourceClaimActionAuthorizationStrategies(ResourceClaimActionId, AuthorizationStrategyId)
     VALUES (@resourceClaimActionId, @authorizationStrategyId)
 

Application/EdFi.Ods.Standard/Standard/4.0.0/Artifacts/MsSql/Data/Security/2150-StudentParentAssociation-authorized-on-StudentOnly.xml

@@ -27,7 +27,7 @@
             <Action name="ReadChanges">
               <AuthorizationStrategies>
                 <AuthorizationStrategy
-                  name="RelationshipsWithEdOrgsAndPeopleIncludingDeletes" />
+                  name="RelationshipsWithStudentsOnlyIncludingDeletes" />
               </AuthorizationStrategies>
             </Action>
           </DefaultAuthorization>

Application/EdFi.Ods.Standard/Standard/4.0.0/Artifacts/PgSql/Data/Security/0001-ResourceClaimMetadata.sql

@@ -81,6 +81,12 @@ begin
         VALUES ('Relationships with Education Organizations and People (including deletes)', 'RelationshipsWithEdOrgsAndPeopleIncludingDeletes');
     END IF;
 
+    IF NOT EXISTS (SELECT 1 FROM dbo.AuthorizationStrategies WHERE AuthorizationStrategyName = 'RelationshipsWithStudentsOnlyIncludingDeletes') THEN
+    INSERT INTO dbo.AuthorizationStrategies (DisplayName, AuthorizationStrategyName)
+    VALUES ('Relationships With Students Only Including Deletes', 'RelationshipsWithStudentsOnlyIncludingDeletes');
+    END IF;
+
+
 end $$;
 
 /* --------------------------------- */

Application/EdFi.Ods.Standard/Standard/4.0.0/Artifacts/PgSql/Data/Security/2150-StudentParentAssociation-authorized-on-StudentOnly.sql

@@ -214,18 +214,17 @@ BEGIN
     RETURNING ResourceClaimActionId
     INTO resource_claim_action_id;
 
-
     authorization_strategy_id := NULL;
 
     SELECT a.AuthorizationStrategyId INTO authorization_strategy_id
     FROM    dbo.AuthorizationStrategies a
-    WHERE   a.AuthorizationStrategyName = 'RelationshipsWithEdOrgsAndPeopleIncludingDeletes';
+    WHERE   a.AuthorizationStrategyName = 'RelationshipsWithStudentsOnlyIncludingDeletes';
 
     IF authorization_strategy_id IS NULL THEN
-        RAISE EXCEPTION USING MESSAGE = 'AuthorizationStrategy does not exist: ''RelationshipsWithEdOrgsAndPeopleIncludingDeletes''';
+        RAISE EXCEPTION USING MESSAGE = 'AuthorizationStrategy does not exist: ''RelationshipsWithStudentsOnlyIncludingDeletes''';
     END IF;
 
-    RAISE NOTICE USING MESSAGE = 'Adding authorization strategy ''RelationshipsWithEdOrgsAndPeopleIncludingDeletes'' for resource claim ''' || claim_name || ''' (claimId=' || claim_id || ').';
+    RAISE NOTICE USING MESSAGE = 'Adding authorization strategy ''RelationshipsWithStudentsOnlyIncludingDeletes'' for resource claim ''' || claim_name || ''' (claimId=' || claim_id || ').';
     INSERT INTO dbo.ResourceClaimActionAuthorizationStrategies(ResourceClaimActionId, AuthorizationStrategyId)
     VALUES (resource_claim_action_id, authorization_strategy_id);
 

Application/EdFi.Ods.Standard/Standard/4.0.0/Artifacts/PgSql/Data/Security/2150-StudentParentAssociation-authorized-on-StudentOnly.xml

@@ -27,7 +27,7 @@
             <Action name="ReadChanges">
               <AuthorizationStrategies>
                 <AuthorizationStrategy
-                  name="RelationshipsWithEdOrgsAndPeopleIncludingDeletes" />
+                  name="RelationshipsWithStudentsOnlyIncludingDeletes" />
               </AuthorizationStrategies>
             </Action>
           </DefaultAuthorization>

Application/EdFi.Ods.Standard/Standard/5.2.0/Artifacts/MsSql/Data/Security/0001-ResourceClaimMetadata.sql

@@ -89,6 +89,13 @@ BEGIN
     VALUES ('Relationships with Education Organizations and People (including deletes)', 'RelationshipsWithEdOrgsAndPeopleIncludingDeletes');
 END
 
+IF NOT EXISTS (SELECT 1 FROM [dbo].[AuthorizationStrategies] WHERE [AuthorizationStrategyName] = 'RelationshipsWithStudentsOnlyIncludingDeletes')
+BEGIN
+    INSERT INTO [dbo].[AuthorizationStrategies] ([DisplayName], [AuthorizationStrategyName])
+    VALUES ('Relationships With Students Only Including Deletes', 'RelationshipsWithStudentsOnlyIncludingDeletes');
+END
+
+
 /* ==================================================================================================================================== */
 
 /* --------------------------------- */

Application/EdFi.Ods.Standard/Standard/5.2.0/Artifacts/MsSql/Data/Security/2160-StudentContactAssociation-authorized-on-StudentOnly.sql

@@ -235,20 +235,19 @@ BEGIN
 
     SET @resourceClaimActionId = SCOPE_IDENTITY()
 
-
     SET @authorizationStrategyId = NULL
 
     SELECT @authorizationStrategyId = a.AuthorizationStrategyId
     FROM    dbo.AuthorizationStrategies a
-    WHERE   a.AuthorizationStrategyName = 'RelationshipsWithEdOrgsAndPeopleIncludingDeletes'
+    WHERE   a.AuthorizationStrategyName = 'RelationshipsWithStudentsOnlyIncludingDeletes'
 
     IF @authorizationStrategyId IS NULL
     BEGIN
-        SET @msg = 'AuthorizationStrategy does not exist: ''RelationshipsWithEdOrgsAndPeopleIncludingDeletes''';
+        SET @msg = 'AuthorizationStrategy does not exist: ''RelationshipsWithStudentsOnlyIncludingDeletes''';
         THROW 50000, @msg, 1
     END
 
-    PRINT 'Adding authorization strategy ''RelationshipsWithEdOrgsAndPeopleIncludingDeletes'' for resource claim ''' + @claimName + ''' (claimId=' + CONVERT(nvarchar, @claimId) + ').'
+    PRINT 'Adding authorization strategy ''RelationshipsWithStudentsOnlyIncludingDeletes'' for resource claim ''' + @claimName + ''' (claimId=' + CONVERT(nvarchar, @claimId) + ').'
     INSERT INTO dbo.ResourceClaimActionAuthorizationStrategies(ResourceClaimActionId, AuthorizationStrategyId)
     VALUES (@resourceClaimActionId, @authorizationStrategyId)
 

Application/EdFi.Ods.Standard/Standard/5.2.0/Artifacts/MsSql/Data/Security/2160-StudentContactAssociation-authorized-on-StudentOnly.xml

@@ -28,7 +28,7 @@
             <Action name="ReadChanges">
               <AuthorizationStrategies>
                 <AuthorizationStrategy
-                  name="RelationshipsWithEdOrgsAndPeopleIncludingDeletes" />
+                  name="RelationshipsWithStudentsOnlyIncludingDeletes" />
               </AuthorizationStrategies>
             </Action>
           </DefaultAuthorization>

Application/EdFi.Ods.Standard/Standard/5.2.0/Artifacts/PgSql/Data/Security/0001-ResourceClaimMetadata.sql

@@ -80,6 +80,11 @@ begin
         VALUES ('Relationships with Education Organizations and People (including deletes)', 'RelationshipsWithEdOrgsAndPeopleIncludingDeletes');
     END IF;
 
+    IF NOT EXISTS (SELECT 1 FROM dbo.AuthorizationStrategies WHERE AuthorizationStrategyName = 'RelationshipsWithStudentsOnlyIncludingDeletes') THEN
+    INSERT INTO dbo.AuthorizationStrategies (DisplayName, AuthorizationStrategyName)
+    VALUES ('Relationships With Students Only Including Deletes', 'RelationshipsWithStudentsOnlyIncludingDeletes');
+    END IF;
+
 end $$;
 
 /* --------------------------------- */

Application/EdFi.Ods.Standard/Standard/5.2.0/Artifacts/PgSql/Data/Security/2160-StudentContactAssociation-authorized-on-StudentOnly.sql

@@ -214,18 +214,17 @@ BEGIN
     RETURNING ResourceClaimActionId
     INTO resource_claim_action_id;
 
-
     authorization_strategy_id := NULL;
 
     SELECT a.AuthorizationStrategyId INTO authorization_strategy_id
     FROM    dbo.AuthorizationStrategies a
-    WHERE   a.AuthorizationStrategyName = 'RelationshipsWithEdOrgsAndPeopleIncludingDeletes';
+    WHERE   a.AuthorizationStrategyName = 'RelationshipsWithStudentsOnlyIncludingDeletes';
 
     IF authorization_strategy_id IS NULL THEN
-        RAISE EXCEPTION USING MESSAGE = 'AuthorizationStrategy does not exist: ''RelationshipsWithEdOrgsAndPeopleIncludingDeletes''';
+        RAISE EXCEPTION USING MESSAGE = 'AuthorizationStrategy does not exist: ''RelationshipsWithStudentsOnlyIncludingDeletes''';
     END IF;
 
-    RAISE NOTICE USING MESSAGE = 'Adding authorization strategy ''RelationshipsWithEdOrgsAndPeopleIncludingDeletes'' for resource claim ''' || claim_name || ''' (claimId=' || claim_id || ').';
+    RAISE NOTICE USING MESSAGE = 'Adding authorization strategy ''RelationshipsWithStudentsOnlyIncludingDeletes'' for resource claim ''' || claim_name || ''' (claimId=' || claim_id || ').';
     INSERT INTO dbo.ResourceClaimActionAuthorizationStrategies(ResourceClaimActionId, AuthorizationStrategyId)
     VALUES (resource_claim_action_id, authorization_strategy_id);
 

Application/EdFi.Ods.Standard/Standard/5.2.0/Artifacts/PgSql/Data/Security/2160-StudentContactAssociation-authorized-on-StudentOnly.xml

@@ -28,7 +28,7 @@
             <Action name="ReadChanges">
               <AuthorizationStrategies>
                 <AuthorizationStrategy
-                  name="RelationshipsWithEdOrgsAndPeopleIncludingDeletes" />
+                  name="RelationshipsWithStudentsOnlyIncludingDeletes" />
               </AuthorizationStrategies>
             </Action>
           </DefaultAuthorization>

Application/EdFi.Ods.Standard/Standard/5.2.0/Artifacts/PgSql/Data/Security/Changes/0040-Add-ReadChanges-to-Sandbox-Claim-Set.sql

@@ -2936,4 +2936,4 @@ BEGIN
     -- TODO: Remove - For interactive development only
     -- SELECT dbo.GetAuthorizationMetadataDocument();
     -- ROLLBACK;
-END $$;
+END $$;