BaseUserGroupRightsDO.kt@MappedSuperclass that stores user- and group-based access rights as comma-separated ID strings in database columns. Extended by domain entities that need row-level access control. Defines three access tiers: full, readonly, and minimal—each with separate columns for group IDs and user IDs.DefaultBaseDO └── BaseUserGroupRightsDO
Extends DefaultBaseDO, inheriting standard fields (id, created, lastUpdate, etc.). Marked @MappedSuperclass so JPA subclasses inherit the column mappings.
| Property | JPA Column | Type | Description |
|---|---|---|---|
owner | @Transient | abstract PFUserDO? | Abstract; subclasses define how the owner is resolved |
ownerId | @Transient | Long? (get) | Derived from owner?.id |
fullAccessGroupIds | full_access_group_ids (4000) | String? | CSV of group IDs with full read/write access |
fullAccessUserIds | full_access_user_ids (4000) | String? | CSV of user IDs with full read/write access |
readonlyAccessGroupIds | readonly_access_group_ids (4000) | String? | CSV of group IDs with read-only access |
readonlyAccessUserIds | readonly_access_user_ids (4000) | String? | CSV of user IDs with read-only access |
minimalAccessGroupIds | minimal_access_group_ids (4000) | String? | CSV of group IDs with minimal access |
minimalAccessUserIds | minimal_access_user_ids (4000) | String? | CSV of user IDs with minimal access |
Groups/users listed in fullAccessGroupIds / fullAccessUserIds have unrestricted read/write access.
Groups/users in readonlyAccessGroupIds / readonlyAccessUserIds can view all data but not modify it.
Groups/users in minimalAccessGroupIds / minimalAccessUserIds see only a minimal subset (e.g., calendar entry start/end times without details like location or notes).
BaseUserGroupRightService (#866) for get/set operations to ensure proper sorting and formatting.Storing group/user IDs as CSV strings in columns (rather than join tables) avoids N+1 query problems and keeps the access data co-located with the entity row. The trade-off is a practical limit on how many groups/users can be granted access per entity (~4000 characters). The open modifier on all properties is required for Hibernate lazy-loading proxies in Kotlin.
The owner is declared as abstract @Transient so concrete subclasses can define their own owner resolution (e.g., a timesheet's owner might be its user, a team calendar's owner might be the calendar admin).
868d6abb7 2025 -> 2026 63081666f Source file headers: 2024-> 2025. a33f8f203 Migration stuff in progress... (all tests of all packages: OK). 06828f490 Migration stuff in progress... b6092df09 Copyright 2023 -> 2024 ab45d51fa Copyright 2001-2022 -> 2001-2023. 5f7ef41b8 Copyright 2021 -> 2022 ceb63e8a1 Source code header: (C) 2001-2021. 52d9c1d88 WIP: Kotlin scripts... 7c79f1922 Copyright of source header -> 2020. d3a178833 Wrong substitution of "calendar" -> "datetime" while refactoring, reverted commit from 12.12.2019. 8675a1dbe Declared all Kotlin JPA entities and their properties as open. Lazy loading wasn't supported by Hibernate. f1d5f2915 Addressbooks and calendars: BaseUserGroupRight introduced and optimized. 05244ff19 CopyRight of all Kotlin file-header updated or created. 20cf33d29 BaseUserGroupRightsDO.java -> BaseUserGroupRightsDO.kt