RubyGems - forest_admin_agent - Versions diffs - 1.12.15 → 1.13.0 - Mend

forest_admin_agent 1.12.15 → 1.13.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

checksums.yaml +4 -4
data/lib/forest_admin_agent/builder/agent_factory.rb +1 -14
data/lib/forest_admin_agent/facades/container.rb +4 -3
data/lib/forest_admin_agent/services/permissions.rb +37 -14
data/lib/forest_admin_agent/utils/is_segment_query_allowed_on_connection.rb +28 -0
data/lib/forest_admin_agent/utils/schema/schema_emitter.rb +1 -1
data/lib/forest_admin_agent/version.rb +1 -1
metadata +3 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: d06c27d8cb7afd9c9e531c215dd12f253af4e0dc92f67496d45a789a925c8024
-  data.tar.gz: 93fa83fec26dcce76b175cdb1cafdbc2bf55a4d94bb91835a9ed7cb830e67da8
+  metadata.gz: 8c39283afe40df8a320768b4a276328bae86668d1f7a38f8b2c606f3654e1c76
+  data.tar.gz: 508d9bb55d8a4abd92c47198843a46badec11c79426fd1c4842aef180cdd4b61
 SHA512:
-  metadata.gz: 48ef7caf5cec3cb36abc575bf1f49b1c12c45c21380e0a579a5637feda6ed9d894f1a088019666526cc9ec688fc0018544917327aab82060370ba97278911dcc
-  data.tar.gz: 8b962f14fdc92733b8d4ed312d167d99169ad472c93ec885117a3569c691b271c3c0e64d37b221f42ecf62fc487a0af557d3ee0470e43d18d9768cd57ce091f9
+  metadata.gz: b25852adba8a2ba5a50da76f72baeac8c95a90d5894bf24f836ecf264bb61d836965e2116e33159669cd76e595b98c23c70d0cec88bd9a7117b9e3be6347fc8d
+  data.tar.gz: cb4d1985d20c4897f67d8388c4491475d048b25bc26f7eadb8165745bfed4b9323895c3636ae2d39f5e4a678e889bdd853b5f92a9d3be14f4b532d7fc6150ae3

data/lib/forest_admin_agent/builder/agent_factory.rb CHANGED Viewed

@@ -1,5 +1,4 @@
 require 'dry-container'
-require 'filecache'
 require 'json'
 module ForestAdminAgent
@@ -10,8 +9,6 @@ module ForestAdminAgent
       include ForestAdminAgent::Http::Exceptions
       include ForestAdminDatasourceToolkit::Exceptions
-      TTL_SCHEMA = 7200
       attr_reader :customizer, :container, :has_env_secret
       def setup(options)
@@ -137,11 +134,6 @@ module ForestAdminAgent
         if should_send || force
           client = ForestAdminAgent::Http::ForestAdminApiRequester.new
           client.post('/forest/apimaps', api_map.to_json)
-          schema_file_hash_cache = FileCache.new('app', @options[:cache_dir].to_s, TTL_SCHEMA)
-          schema_file_hash_cache.get_or_set 'value' do
-            api_map[:meta][:schemaFileHash]
-          end
-          @container.register(:schema_file_hash, schema_file_hash_cache)
           ForestAdminAgent::Facades::Container.logger.log('Info', 'schema was updated, sending new version')
         else
           @container.resolve(:logger)
@@ -172,16 +164,11 @@ module ForestAdminAgent
       end
       def build_cache
-        @container.register(:cache, FileCache.new('app', @options[:cache_dir].to_s, TTL_SCHEMA))
-        return unless @has_env_secret
-        cache = @container.resolve(:cache)
         @options[:customize_error_message] =
           clean_option_value(@options[:customize_error_message], 'config.customize_error_message =')
         @options[:logger] = clean_option_value(@options[:logger], 'config.logger =')
-        cache.set('config', @options.to_h)
+        @container.register(:config, @options.to_h)
       end
       def build_logger

data/lib/forest_admin_agent/facades/container.rb CHANGED Viewed

@@ -16,13 +16,14 @@ module ForestAdminAgent
       end
       def self.config_from_cache
-        instance.resolve(:cache).get('config')
+        instance.resolve(:config)
       end
       def self.cache(key)
-        raise "Key #{key} not found in container" unless config_from_cache.key?(key)
+        config = config_from_cache
+        raise "Key #{key} not found in config" unless config.key?(key)
-        config_from_cache[key]
+        config[key]
       end
     end
   end

data/lib/forest_admin_agent/services/permissions.rb CHANGED Viewed

@@ -41,16 +41,13 @@ module ForestAdminAgent
         user_data = get_user_data(caller.id)
         collections_data = get_collections_permissions_data(force_fetch: allow_fetch)
-        # First check
         is_allowed = permission_allowed?(collections_data, collection, action, user_data)
-        # Refetch if not allowed
         unless is_allowed
           collections_data = get_collections_permissions_data(force_fetch: true)
           is_allowed = permission_allowed?(collections_data, collection, action, user_data)
         end
-        # still not allowed - throw forbidden message
         raise ForbiddenError, "You don't have permission to #{action} this collection." unless is_allowed
         is_allowed
@@ -61,10 +58,8 @@ module ForestAdminAgent
         hash_request = "#{attributes[:type]}:#{array_hash(attributes)}"
         is_allowed = get_chart_data(caller.rendering_id).include?(hash_request)
-        # Refetch
         is_allowed ||= get_chart_data(caller.rendering_id, force_fetch: true).include?(hash_request)
-        # still not allowed - throw forbidden message
         unless is_allowed
           ForestAdminAgent::Facades::Container.logger.log(
             'Debug',
@@ -82,13 +77,24 @@ module ForestAdminAgent
       end
       def can_execute_query_segment?(collection, query, connection_name)
-        hash_request = array_hash({ query: query, connectionName: connection_name })
-        is_allowed = get_segments(collection).include?(hash_request)
+        user_data = get_user_data(caller.id)
+        if %w[admin developer editor].include?(user_data&.dig(:permissionLevel))
+          ForestAdminAgent::Facades::Container.logger.log(
+            'Debug',
+            "User #{caller.id} can retrieve SQL segment on rendering #{caller.rendering_id}"
+          )
+          return true
+        end
-        # Refetch
-        is_allowed ||= get_segments(collection, force_fetch: true).include?(hash_request)
+        collection_permissions = get_collection_rendering_permissions(collection, force_fetch: false)
+        is_allowed = segment_permissions_valid?(collection_permissions, query, connection_name)
+        unless is_allowed
+          collection_permissions = get_collection_rendering_permissions(collection, force_fetch: true)
+          is_allowed = segment_permissions_valid?(collection_permissions, query, connection_name)
+        end
-        # still not allowed - throw forbidden message
         unless is_allowed
           ForestAdminAgent::Facades::Container.logger.log(
             'Debug',
@@ -216,7 +222,6 @@ module ForestAdminAgent
         parameters.delete(:collection)
         parameters.delete(:contextVariables)
         parameters.delete(:record_id)
-        # rails
         parameters.delete(:route_alias)
         parameters.delete(:controller)
         parameters.delete(:action)
@@ -242,6 +247,7 @@ module ForestAdminAgent
           data[:team] = response[:team]
           data[:segments] = decode_segment_permissions(response[:collections])
           data[:charts] = decode_charts_permissions(response[:stats])
+          data[:liveQuerySegments] = decode_live_query_segments_permissions(response[:collections])
           data
         end
@@ -269,7 +275,6 @@ module ForestAdminAgent
       end
       def decode_crud_permissions(collection)
-        # Validate structure exists
         unless collection.is_a?(Hash) && collection.key?(:collection)
           ForestAdminAgent::Facades::Container.logger.log(
             'Error',
@@ -297,8 +302,6 @@ module ForestAdminAgent
           )
         end
-        # Use dig to safely extract roles, allowing for missing permissions
-        # Missing permissions will result in nil values which are handled by permission_allowed?
         {
           browse: collection_data.dig(:browseEnabled, :roles),
           read: collection_data.dig(:readEnabled, :roles),
@@ -356,6 +359,17 @@ module ForestAdminAgent
         segments
       end
+      def decode_live_query_segments_permissions(raw_permissions)
+        collections = {}
+        raw_permissions.each do |collection_name, value|
+          collections[collection_name] = {
+            liveQuerySegments: value[:liveQuerySegments] || []
+          }
+        end
+        collections
+      end
       def fetch(url)
         response = forest_api.get(url)
@@ -463,6 +477,15 @@ module ForestAdminAgent
         collection_actions
       end
+      def get_collection_rendering_permissions(collection, force_fetch: false)
+        rendering_data = get_rendering_data(caller.rendering_id, force_fetch: force_fetch)
+        rendering_data[:liveQuerySegments][collection.name.to_sym]
+      end
+      def segment_permissions_valid?(collection_permissions, query, connection_name)
+        IsSegmentQueryAllowedOnConnection.allowed?(collection_permissions, query, connection_name)
+      end
     end
   end
 end

data/lib/forest_admin_agent/utils/is_segment_query_allowed_on_connection.rb ADDED Viewed

@@ -0,0 +1,28 @@
+module ForestAdminAgent
+  module Utils
+    module IsSegmentQueryAllowedOnConnection
+      # Check if a segment query is allowed on a specific connection
+      # This handles both single queries and UNION queries for multi-segment operations
+      def self.allowed?(collection_permissions, segment_query, connection_name)
+        return false if connection_name.nil? || connection_name.empty?
+        # Get all queries for the specified connection
+        queries = collection_permissions[:liveQuerySegments]
+                  .select { |segment| segment[:connectionName] == connection_name }
+                  .map { |segment| segment[:query] }
+        # Handle UNION queries made by the FRONT to display available actions
+        # Smart Actions restricted to segment when a Smart Action is available on multiple SQL segments
+        union_queries = segment_query.split('/*MULTI-SEGMENTS-QUERIES-UNION*/ UNION ')
+        if union_queries.length > 1
+          authorized_queries = queries.to_set { |query| query.gsub(/;\s*\z/i, '').strip }
+          return union_queries.all? { |union_query| authorized_queries.include?(union_query.strip) }
+        end
+        queries.any?(segment_query)
+      end
+    end
+  end
+end

data/lib/forest_admin_agent/utils/schema/schema_emitter.rb CHANGED Viewed

@@ -6,7 +6,7 @@ module ForestAdminAgent
     module Schema
       class SchemaEmitter
         LIANA_NAME = "agent-ruby"
-        LIANA_VERSION = "1.12.15"
+        LIANA_VERSION = "1.13.0"
         def self.generate(datasource)
           datasource.collections

data/lib/forest_admin_agent/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module ForestAdminAgent
-  VERSION = "1.12.15"
+  VERSION = "1.13.0"
 end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: forest_admin_agent
 version: !ruby/object:Gem::Version
-  version: 1.12.15
+  version: 1.13.0
 platform: ruby
 authors:
 - Matthieu
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2025-10-29 00:00:00.000000000 Z
+date: 2025-10-31 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -349,6 +349,7 @@ files:
 - lib/forest_admin_agent/utils/csv_generator_stream.rb
 - lib/forest_admin_agent/utils/error_messages.rb
 - lib/forest_admin_agent/utils/id.rb
+- lib/forest_admin_agent/utils/is_segment_query_allowed_on_connection.rb
 - lib/forest_admin_agent/utils/query_string_parser.rb
 - lib/forest_admin_agent/utils/query_validator.rb
 - lib/forest_admin_agent/utils/schema/action_fields.rb