How to write this in SQL?

Question

I've been trying to find this answer by myself, but i'm just too bad for that, so i come here hoping you can help me.

I have the following database tables :

user(
    int unsigned id,
    varchar      login
)
group(
    int unsigned id,
    varchar      label
)
right(
    int unsigned id,
    varchar      label
)
user_group(
    int unsigned userId,
    int unsigned groupId
)
user_right(
    int unsigned userId,
    int unsigned rightId,
    boolean      granted
)
group_right(
    int unsigned groupId,
    int unsigned rightId,
    boolean      granted
)

And 3 configuration parameters (PHP defines) :

• GRANTED_BY_DEFAULT that can be TRUE or FALSE. It indicates, when a right is not specified for a group or a user (i.e not in the association table), if the right is granted or not.

• RESULTING_RIGHTS that can be MIN_RIGHTS or MAX_RIGHTS. It indicates whether to use "AND" or "OR" operator when determining resulting rights. For exemple, if for right "r1", the group "g1" has TRUE and the groups "g2" and "g3" have FALSE, with "MIN_RIGHTS" you get FALSE, and with "MAX_RIGHTS" you get TRUE.

• RIGHTS_PRIORITY that can be USER_OVER_GROUP or GROUP_OVER_USER. It indicates if the user's own rights override his groups's rights or if the groups's rights override the user's own rights.

I would like to come out with a single query that would find the rights a user effectivly has, considering these 3 parameters and his groups, but i really have no idea about how to do it. I could also make multiple queries and do a part of the work on PHP side, but i would like to avoid having to many queries as i want my app to be fast enough for things like AJAX auto completions and other stuff like that.

I'd understand if no one wants or has the time to help me :p Thanks for reading.

EDIT : Some sample datas :

user (id, login) :
1 "Admin"

group (id, label) :
1 "g1"
2 "g2"
3 "g3"

right (id, label) :
1 "r1"
2 "r2"
3 "r3"

user_group (userId, groupId) :
1 1
1 2

user_right (userId, rightId) :
1 1 true
1 2 false

group_rights (groupId, rightId) :
1 1 true
1 2 false
2 1 false
2 3 true

And the output would be a list of (right_id, right_label) rows depending on the parameters and the rows of other tables.

The user ID and / or login is considered as known when retrieving the rights.

Answer 1

DECLARE @USERID INT = 1,
        @GRANTED_BY_DEFAULT INT = 0,
        @RESULTING_RIGHTS VARCHAR(20) = 'MIN_RIGHTS',
        @RIGHTS_PRIORITY VARCHAR(20) = 'USER_OVER_GROUP'

SELECT 
    R.ID,
    R.NAME,
    CASE
        WHEN MAX(UR.Value) IS NULL AND MAX(GR.Value) IS NULL THEN
            @GRANTED_BY_DEFAULT
        WHEN MAX(UR.Value) IS NOT NULL AND MAX(GR.Value) IS NOT NULL THEN
            CASE
                WHEN @RIGHTS_PRIORITY = 'USER_OVER_GROUP' THEN
                    MAX(UR.Value)
                ELSE
                    CASE 
                        WHEN @RESULTING_RIGHTS = 'MIN_RIGHTS' THEN
                            MIN(GR.Value)
                        ELSE
                            MAX(GR.Value)
                    END
            END
        WHEN MAX(GR.Value) IS NULL THEN
            MAX(UR.Value)
        ELSE
            CASE
                WHEN @RESULTING_RIGHTS = 'MIN_RIGHTS' THEN
                    MIN(GR.Value)
                ELSE
                    MAX(GR.Value)
            END
    END VALUE
FROM
    [Right] R
    CROSS JOIN [User] U
    LEFT JOIN [User_Right] UR
        ON R.ID = UR.RightID
        AND UR.UserID = U.ID
    LEFT JOIN [User_Group] UG
        ON UG.UserID = U.ID
    LEFT JOIN [Group_Right] GR
        ON UG.GroupID = GR.GroupID 
        AND GR.RightID = R.ID
WHERE
    U.ID = @USERID
GROUP BY 
    R.ID,
    R.NAME

Here is a SQL fiddle example SQL Fiddle