Fix/check permission req queries

backend/src/main/java/com/bakdata/conquery/apiv1/QueryProcessor.java

@@ -109,7 +109,7 @@ public ManagedExecution<?> postQuery(Dataset dataset, QueryDescription query, Su
 		query.visit(consumerChain);
 
 
-		query.authorize(subject, dataset, visitors);
+		query.authorize(subject, dataset, visitors, storage);
 		// After all authorization checks we can now use the actual subject to invoke the query and do not to bubble down the Userish in methods
 
 		ExecutionMetrics.reportNamespacedIds(visitors.getInstance(NamespacedIdentifiableCollector.class).getIdentifiables(), primaryGroupName);

backend/src/main/java/com/bakdata/conquery/apiv1/forms/Form.java

@@ -7,6 +7,7 @@
 
 import com.bakdata.conquery.apiv1.query.QueryDescription;
 import com.bakdata.conquery.io.cps.CPSType;
+import com.bakdata.conquery.io.storage.MetaStorage;
 import com.bakdata.conquery.models.auth.entities.User;
 import com.bakdata.conquery.models.auth.entities.Subject;
 import com.bakdata.conquery.models.auth.permissions.Ability;
@@ -46,8 +47,8 @@ public String getFormType() {
 
 
 	@Override
-	public void authorize(Subject subject, Dataset submittedDataset, @NonNull ClassToInstanceMap<QueryVisitor> visitors) {
-		QueryDescription.super.authorize(subject, submittedDataset, visitors);
+	public void authorize(Subject subject, Dataset submittedDataset, @NonNull ClassToInstanceMap<QueryVisitor> visitors, MetaStorage storage) {
+		QueryDescription.super.authorize(subject, submittedDataset, visitors, storage);
 		// Check if subject is allowed to create this form
 		subject.authorize(FormScanner.FRONTEND_FORM_CONFIGS.get(getFormType()), Ability.CREATE);
 	}

backend/src/main/java/com/bakdata/conquery/apiv1/forms/export_form/ExportForm.java

@@ -83,12 +83,8 @@ public Map<String, List<ManagedQuery>> createSubQueries(DatasetRegistry datasets
 	}
 
 	@Override
-	public Set<ManagedExecution<?>> collectRequiredQueries() {
-		if(queryGroup == null){
-			return Collections.emptySet();
-		}
-
-		return Set.of(queryGroup);
+	public Set<ManagedExecutionId> collectRequiredQueries() {
+		return Set.of(queryGroupId);
 	}
 
 	@Override

backend/src/main/java/com/bakdata/conquery/apiv1/forms/export_form/FullExportForm.java

@@ -85,12 +85,8 @@ public Map<String, List<ManagedQuery>> createSubQueries(DatasetRegistry datasets
 	}
 
 	@Override
-	public Set<ManagedExecution<?>> collectRequiredQueries() {
-		if (queryGroup == null) {
-			return Collections.emptySet();
-		}
-
-		return Set.of(queryGroup);
+	public Set<ManagedExecutionId> collectRequiredQueries() {
+		return Set.of(queryGroupId);
 	}
 
 	@Override

backend/src/main/java/com/bakdata/conquery/apiv1/query/ArrayConceptQuery.java

@@ -14,6 +14,7 @@
 import com.bakdata.conquery.io.cps.CPSType;
 import com.bakdata.conquery.io.jackson.InternalOnly;
 import com.bakdata.conquery.models.execution.ManagedExecution;
+import com.bakdata.conquery.models.identifiable.ids.specific.ManagedExecutionId;
 import com.bakdata.conquery.models.query.DateAggregationMode;
 import com.bakdata.conquery.models.query.QueryPlanContext;
 import com.bakdata.conquery.models.query.QueryResolveContext;
@@ -88,7 +89,7 @@ public ArrayConceptQueryPlan createQueryPlan(QueryPlanContext context) {
 	}
 
 	@Override
-	public void collectRequiredQueries(Set<ManagedExecution<?>> requiredQueries) {
+	public void collectRequiredQueries(Set<ManagedExecutionId> requiredQueries) {
 		childQueries.forEach(q -> q.collectRequiredQueries(requiredQueries));
 	}
 

backend/src/main/java/com/bakdata/conquery/apiv1/query/CQElement.java

@@ -14,6 +14,7 @@
 import com.bakdata.conquery.io.cps.CPSType;
 import com.bakdata.conquery.io.jackson.InternalOnly;
 import com.bakdata.conquery.models.execution.ManagedExecution;
+import com.bakdata.conquery.models.identifiable.ids.specific.ManagedExecutionId;
 import com.bakdata.conquery.models.query.QueryPlanContext;
 import com.bakdata.conquery.models.query.QueryResolveContext;
 import com.bakdata.conquery.models.query.Visitable;
@@ -66,11 +67,12 @@ public String defaultLabel(Locale locale) {
 
 	public abstract QPNode createQueryPlan(QueryPlanContext context, ConceptQueryPlan plan);
 
-	public void collectRequiredQueries(Set<ManagedExecution<?>> requiredQueries) {}
-
-
-	public Set<ManagedExecution<?>> collectRequiredQueries() {
-		Set<ManagedExecution<?>> set = new HashSet<>();
+	public void collectRequiredQueries(Set<ManagedExecutionId> requiredQueries) {
+	}
+
+
+	public Set<ManagedExecutionId> collectRequiredQueries() {
+		Set<ManagedExecutionId> set = new HashSet<>();
 		this.collectRequiredQueries(set);
 		return set;
 	}

backend/src/main/java/com/bakdata/conquery/apiv1/query/ConceptQuery.java

@@ -12,6 +12,7 @@
 import com.bakdata.conquery.io.cps.CPSType;
 import com.bakdata.conquery.io.jackson.InternalOnly;
 import com.bakdata.conquery.models.execution.ManagedExecution;
+import com.bakdata.conquery.models.identifiable.ids.specific.ManagedExecutionId;
 import com.bakdata.conquery.models.query.DateAggregationMode;
 import com.bakdata.conquery.models.query.QueryPlanContext;
 import com.bakdata.conquery.models.query.QueryResolveContext;
@@ -62,7 +63,7 @@ public ConceptQueryPlan createQueryPlan(QueryPlanContext context) {
 	}
 
 	@Override
-	public void collectRequiredQueries(Set<ManagedExecution<?>> requiredQueries) {
+	public void collectRequiredQueries(Set<ManagedExecutionId> requiredQueries) {
 		root.collectRequiredQueries(requiredQueries);
 	}
 

backend/src/main/java/com/bakdata/conquery/apiv1/query/Query.java

@@ -11,6 +11,7 @@
 import com.bakdata.conquery.models.datasets.Dataset;
 import com.bakdata.conquery.models.execution.ExecutionState;
 import com.bakdata.conquery.models.execution.ManagedExecution;
+import com.bakdata.conquery.models.identifiable.ids.specific.ManagedExecutionId;
 import com.bakdata.conquery.models.query.ManagedQuery;
 import com.bakdata.conquery.models.query.QueryPlanContext;
 import com.bakdata.conquery.models.query.QueryResolveContext;
@@ -24,21 +25,21 @@
 public abstract class Query implements QueryDescription {
 
 	public abstract QueryPlan<?> createQueryPlan(QueryPlanContext context);
-	
-	public abstract void collectRequiredQueries(Set<ManagedExecution<?>> requiredQueries);
-	
+
+	public abstract void collectRequiredQueries(Set<ManagedExecutionId> requiredQueries);
+
 	@Override
 	public abstract void resolve(QueryResolveContext context);
-	
-	public Set<ManagedExecution<?>> collectRequiredQueries() {
-		Set<ManagedExecution<?>> set = new HashSet<>();
+
+	public Set<ManagedExecutionId> collectRequiredQueries() {
+		Set<ManagedExecutionId> set = new HashSet<>();
 		collectRequiredQueries(set);
 		return set;
 	}
 
 	@JsonIgnore
 	public abstract List<ResultInfo> getResultInfos();
-	
+
 	@Override
 	public ManagedQuery toManagedExecution(User user, Dataset submittedDataset) {
 		return new ManagedQuery(this, user, submittedDataset);

backend/src/main/java/com/bakdata/conquery/apiv1/query/QueryDescription.java

@@ -1,11 +1,13 @@
 package com.bakdata.conquery.apiv1.query;
 
+import java.util.Objects;
 import java.util.Set;
 import java.util.stream.Collectors;
 
 import com.bakdata.conquery.apiv1.query.concept.specific.external.CQExternal;
 import com.bakdata.conquery.io.cps.CPSBase;
 import com.bakdata.conquery.io.jackson.InternalOnly;
+import com.bakdata.conquery.io.storage.MetaStorage;
 import com.bakdata.conquery.models.auth.entities.User;
 import com.bakdata.conquery.models.auth.entities.Subject;
 import com.bakdata.conquery.models.auth.permissions.Ability;
@@ -16,6 +18,7 @@
 import com.bakdata.conquery.models.execution.ManagedExecution;
 import com.bakdata.conquery.models.forms.managed.ManagedForm;
 import com.bakdata.conquery.models.identifiable.ids.NamespacedIdentifiable;
+import com.bakdata.conquery.models.identifiable.ids.specific.ManagedExecutionId;
 import com.bakdata.conquery.models.query.QueryResolveContext;
 import com.bakdata.conquery.models.query.Visitable;
 import com.bakdata.conquery.models.query.visitor.QueryVisitor;
@@ -44,8 +47,8 @@ public interface QueryDescription extends Visitable {
 	 */
 	ManagedExecution<?> toManagedExecution(User user, Dataset submittedDataset);
 
-	
-	Set<ManagedExecution<?>> collectRequiredQueries();
+
+	Set<ManagedExecutionId> collectRequiredQueries();
 
 	/**
 	 * Initializes a submitted description using the provided context.
@@ -68,32 +71,37 @@ default void addVisitors(@NonNull ClassToInstanceMap<QueryVisitor> visitors) {
 	/**
 	 * Check implementation specific permissions. Is called after all visitors have been registered and executed.
 	 */
-	default void authorize(Subject subject, Dataset submittedDataset, @NonNull ClassToInstanceMap<QueryVisitor> visitors) {
+	default void authorize(Subject subject, Dataset submittedDataset, @NonNull ClassToInstanceMap<QueryVisitor> visitors, MetaStorage storage) {
 		NamespacedIdentifiableCollector nsIdCollector = QueryUtils.getVisitor(visitors, NamespacedIdentifiableCollector.class);
 		ExternalIdChecker externalIdChecker = QueryUtils.getVisitor(visitors, QueryUtils.ExternalIdChecker.class);
-		if(nsIdCollector == null) {
+		if (nsIdCollector == null) {
 			throw new IllegalStateException();
 		}
 		// Generate DatasetPermissions
 		final Set<Dataset> datasets = nsIdCollector.getIdentifiables().stream()
-												  .map(NamespacedIdentifiable::getDataset)
-												  .collect(Collectors.toSet());
+												   .map(NamespacedIdentifiable::getDataset)
+												   .collect(Collectors.toSet());
 
 		subject.authorize(datasets, Ability.READ);
 
 		// Generate ConceptPermissions
 		final Set<Concept> concepts = nsIdCollector.getIdentifiables().stream()
-													  .filter(ConceptElement.class::isInstance)
-													  .map(ConceptElement.class::cast)
-													  .map(ConceptElement::getConcept)
-													  .collect(Collectors.toSet());
+												   .filter(ConceptElement.class::isInstance)
+												   .map(ConceptElement.class::cast)
+												   .map(ConceptElement::getConcept)
+												   .collect(Collectors.toSet());
 
 		subject.authorize(concepts, Ability.READ);
 
-		subject.authorize(collectRequiredQueries(), Ability.READ);
-
+		final Set<ManagedExecution<?>> collectedExecutions = collectRequiredQueries().stream()
+																					 .map(storage::getExecution)
+																					 .filter(Objects::nonNull)
+
+																					 .collect(Collectors.toSet());
+		subject.authorize(collectedExecutions, Ability.READ);
+
 		// Check if the query contains parts that require to resolve external IDs. If so the subject must have the preserve_id permission on the dataset.
-		if(externalIdChecker.resolvesExternalIds()) {
+		if (externalIdChecker.resolvesExternalIds()) {
 			subject.authorize(submittedDataset, Ability.PRESERVE_ID);
 		}
 	}

backend/src/main/java/com/bakdata/conquery/apiv1/query/SecondaryIdQuery.java

@@ -21,6 +21,7 @@
 import com.bakdata.conquery.models.datasets.Table;
 import com.bakdata.conquery.models.error.ConqueryError;
 import com.bakdata.conquery.models.execution.ManagedExecution;
+import com.bakdata.conquery.models.identifiable.ids.specific.ManagedExecutionId;
 import com.bakdata.conquery.models.query.DateAggregationMode;
 import com.bakdata.conquery.models.query.QueryPlanContext;
 import com.bakdata.conquery.models.query.QueryResolveContext;
@@ -73,7 +74,7 @@ public SecondaryIdQueryPlan createQueryPlan(QueryPlanContext context) {
 	}
 
 	@Override
-	public void collectRequiredQueries(Set<ManagedExecution<?>> requiredQueries) {
+	public void collectRequiredQueries(Set<ManagedExecutionId> requiredQueries) {
 		// Be aware, that this.query cannot be checked, as it does not exists at this point, however this.root exists
 		root.collectRequiredQueries(requiredQueries);
 	}

backend/src/main/java/com/bakdata/conquery/apiv1/query/TableExportQuery.java

@@ -32,6 +32,7 @@
 import com.bakdata.conquery.models.datasets.concepts.Concept;
 import com.bakdata.conquery.models.datasets.concepts.Connector;
 import com.bakdata.conquery.models.execution.ManagedExecution;
+import com.bakdata.conquery.models.identifiable.ids.specific.ManagedExecutionId;
 import com.bakdata.conquery.models.query.DateAggregationMode;
 import com.bakdata.conquery.models.query.QueryPlanContext;
 import com.bakdata.conquery.models.query.QueryResolveContext;
@@ -116,7 +117,7 @@ public TableExportQueryPlan createQueryPlan(QueryPlanContext context) {
 	}
 
 	@Override
-	public void collectRequiredQueries(Set<ManagedExecution<?>> requiredQueries) {
+	public void collectRequiredQueries(Set<ManagedExecutionId> requiredQueries) {
 		query.collectRequiredQueries(requiredQueries);
 	}
 

backend/src/main/java/com/bakdata/conquery/apiv1/query/concept/specific/CQAnd.java

@@ -18,6 +18,7 @@
 import com.bakdata.conquery.io.cps.CPSType;
 import com.bakdata.conquery.io.jackson.InternalOnly;
 import com.bakdata.conquery.models.execution.ManagedExecution;
+import com.bakdata.conquery.models.identifiable.ids.specific.ManagedExecutionId;
 import com.bakdata.conquery.models.query.QueryPlanContext;
 import com.bakdata.conquery.models.query.QueryResolveContext;
 import com.bakdata.conquery.models.query.Visitable;
@@ -78,7 +79,7 @@ public QPNode createQueryPlan(QueryPlanContext context, ConceptQueryPlan plan) {
 	}
 
 	@Override
-	public void collectRequiredQueries(Set<ManagedExecution<?>> requiredQueries) {
+	public void collectRequiredQueries(Set<ManagedExecutionId> requiredQueries) {
 		for (CQElement c : children) {
 			c.collectRequiredQueries(requiredQueries);
 		}

backend/src/main/java/com/bakdata/conquery/apiv1/query/concept/specific/CQOr.java

@@ -18,6 +18,7 @@
 import com.bakdata.conquery.io.cps.CPSType;
 import com.bakdata.conquery.io.jackson.InternalOnly;
 import com.bakdata.conquery.models.execution.ManagedExecution;
+import com.bakdata.conquery.models.identifiable.ids.specific.ManagedExecutionId;
 import com.bakdata.conquery.models.query.QueryPlanContext;
 import com.bakdata.conquery.models.query.QueryResolveContext;
 import com.bakdata.conquery.models.query.Visitable;
@@ -83,7 +84,7 @@ public QPNode createQueryPlan(QueryPlanContext context, ConceptQueryPlan plan) {
 	}
 
 	@Override
-	public void collectRequiredQueries(Set<ManagedExecution<?>> requiredQueries) {
+	public void collectRequiredQueries(Set<ManagedExecutionId> requiredQueries) {
 		for (CQElement c : children) {
 			c.collectRequiredQueries(requiredQueries);
 		}

backend/src/main/java/com/bakdata/conquery/apiv1/query/concept/specific/CQReusedQuery.java

@@ -53,11 +53,9 @@ public CQReusedQuery(ManagedExecutionId executionId){
 	private boolean excludeFromSecondaryId = false;
 
 	@Override
-	public void collectRequiredQueries(Set<ManagedExecution<?>> requiredQueries) {
-		if(query != null) {
-			requiredQueries.add(query);
-			query.getQuery().collectRequiredQueries(requiredQueries);
-		}
+	public void collectRequiredQueries(Set<ManagedExecutionId> requiredQueries) {
+		// We won't look deeper into the reference query here for now
+		requiredQueries.add(queryId);
 	}
 
 	@Override

backend/src/main/java/com/bakdata/conquery/apiv1/query/concept/specific/ResultInfoDecorator.java

@@ -10,6 +10,7 @@
 import com.bakdata.conquery.apiv1.query.CQElement;
 import com.bakdata.conquery.io.cps.CPSType;
 import com.bakdata.conquery.models.execution.ManagedExecution;
+import com.bakdata.conquery.models.identifiable.ids.specific.ManagedExecutionId;
 import com.bakdata.conquery.models.query.QueryPlanContext;
 import com.bakdata.conquery.models.query.QueryResolveContext;
 import com.bakdata.conquery.models.query.Visitable;
@@ -65,7 +66,7 @@ public void visit(Consumer<Visitable> visitor) {
 	}
 
 	@Override
-	public void collectRequiredQueries(Set<ManagedExecution<?>> requiredQueries) {
+	public void collectRequiredQueries(Set<ManagedExecutionId> requiredQueries) {
 		child.collectRequiredQueries(requiredQueries);
 	}
 

backend/src/main/java/com/bakdata/conquery/models/forms/managed/AbsoluteFormQuery.java

@@ -19,6 +19,7 @@
 import com.bakdata.conquery.models.common.daterange.CDateRange;
 import com.bakdata.conquery.models.execution.ManagedExecution;
 import com.bakdata.conquery.models.forms.util.DateContext;
+import com.bakdata.conquery.models.identifiable.ids.specific.ManagedExecutionId;
 import com.bakdata.conquery.models.query.DateAggregationMode;
 import com.bakdata.conquery.models.query.QueryPlanContext;
 import com.bakdata.conquery.models.query.QueryResolveContext;
@@ -80,7 +81,7 @@ public void visit(Consumer<Visitable> visitor) {
 	}
 
 	@Override
-	public void collectRequiredQueries(Set<ManagedExecution<?>> requiredQueries) {
+	public void collectRequiredQueries(Set<ManagedExecutionId> requiredQueries) {
 		query.collectRequiredQueries(requiredQueries);
 		features.collectRequiredQueries(requiredQueries);
 	}

backend/src/main/java/com/bakdata/conquery/models/forms/managed/EntityDateQuery.java

@@ -19,6 +19,7 @@
 import com.bakdata.conquery.io.cps.CPSType;
 import com.bakdata.conquery.models.common.daterange.CDateRange;
 import com.bakdata.conquery.models.execution.ManagedExecution;
+import com.bakdata.conquery.models.identifiable.ids.specific.ManagedExecutionId;
 import com.bakdata.conquery.models.query.DateAggregationMode;
 import com.bakdata.conquery.models.query.QueryPlanContext;
 import com.bakdata.conquery.models.query.QueryResolveContext;
@@ -72,11 +73,11 @@ public EntityDateQueryPlan createQueryPlan(QueryPlanContext context) {
         );
     }
 
-    @Override
-    public void collectRequiredQueries(Set<ManagedExecution<?>> requiredQueries) {
-        query.collectRequiredQueries(requiredQueries);
-        features.collectRequiredQueries(requiredQueries);
-    }
+	@Override
+	public void collectRequiredQueries(Set<ManagedExecutionId> requiredQueries) {
+		query.collectRequiredQueries(requiredQueries);
+		features.collectRequiredQueries(requiredQueries);
+	}
 
     @Override
     public void resolve(QueryResolveContext context) {

backend/src/main/java/com/bakdata/conquery/models/forms/managed/RelativeFormQuery.java

@@ -19,6 +19,7 @@
 import com.bakdata.conquery.io.cps.CPSType;
 import com.bakdata.conquery.models.execution.ManagedExecution;
 import com.bakdata.conquery.models.forms.util.CalendarUnit;
+import com.bakdata.conquery.models.identifiable.ids.specific.ManagedExecutionId;
 import com.bakdata.conquery.models.query.DateAggregationMode;
 import com.bakdata.conquery.models.query.QueryPlanContext;
 import com.bakdata.conquery.models.query.QueryResolveContext;
@@ -65,7 +66,7 @@ public RelativeFormQueryPlan createQueryPlan(QueryPlanContext context) {
 	}
 
 	@Override
-	public void collectRequiredQueries(Set<ManagedExecution<?>> requiredQueries) {
+	public void collectRequiredQueries(Set<ManagedExecutionId> requiredQueries) {
 		query.collectRequiredQueries(requiredQueries);
 		features.collectRequiredQueries(requiredQueries);
 	}