jungle_path 0.0.4 → 0.0.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/jungle_path/api/helpers/standard_apis.rb +1 -1
- data/lib/jungle_path/app/config/config.rb +7 -11
- data/lib/jungle_path/authentication/auth_provider/default.rb +2 -0
- data/lib/jungle_path/authentication/data_provider/default.rb +37 -7
- data/lib/jungle_path/authentication/data_provider/test.rb +33 -28
- data/lib/jungle_path/authentication/identity.rb +1 -2
- data/lib/jungle_path/authorization/filter.rb +6 -0
- data/lib/jungle_path/gen/schema_tree/filter.rb +3 -2
- data/lib/jungle_path/gen/schema_tree/match_table_data.rb +2 -1
- data/lib/jungle_path/gen/schema_tree/match_tables.rb +2 -1
- data/lib/jungle_path/query/engine.rb +4 -4
- data/lib/jungle_path/query/sql_string.rb +3 -3
- data/lib/jungle_path/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 162b61d2490684693fc8cd9b7ff7c814628c29cb
|
|
4
|
+
data.tar.gz: 61438251aa193d15755d7aa9ef73f6e58d3a22d5
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 6ebc40995f918fa40f4ae6bdeb1ec1ce75d94c3218e71f34a659c5608aa90fcd82703b9b4da6377600d168527e44e38cfbe600950becb76cd0d1a1d355cbf11c
|
|
7
|
+
data.tar.gz: ddee9e142757902d4fbf3aef70b0a74e22b7400267bf1424a6f58aaaf283eda5dd1f19576217a45e2b38a9c9ae6c4c126466d21d098deccbb1feab370124b2ff
|
|
@@ -33,7 +33,7 @@ module JunglePath
|
|
|
33
33
|
#engine = Query::Engine.new(Schema::Base.models, current_user, apply_limit_offset_to_sql)
|
|
34
34
|
node_tree = current_auth.schema_node_tree
|
|
35
35
|
puts "node_tree: #{node_tree.to_str}."
|
|
36
|
-
engine = Query::Engine.new(node_tree,
|
|
36
|
+
engine = Query::Engine.new(node_tree, current_identity, apply_limit_offset_to_sql)
|
|
37
37
|
puts "zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz"
|
|
38
38
|
q = engine.get_query_from_string(query)
|
|
39
39
|
result[:sql] = q.sql
|
|
@@ -161,21 +161,17 @@ module Config
|
|
|
161
161
|
end
|
|
162
162
|
|
|
163
163
|
def self.schema_filters
|
|
164
|
-
jungle.schema_filters =
|
|
165
|
-
|
|
166
|
-
|
|
167
|
-
hide_nonpublic_tables: {allow: [{table: /./}], deny: [{table: /^utility_/}, {table: /^temp_/}]}
|
|
168
|
-
}
|
|
164
|
+
jungle.schema_filters = {
|
|
165
|
+
allow_all_tables: {allow: [table: /./]},
|
|
166
|
+
hide_nonpublic_tables: {allow: [{table: /./}], deny: [{table: /^utility_/}, {table: /^temp_/}]}
|
|
169
167
|
}
|
|
170
168
|
end
|
|
171
169
|
|
|
172
170
|
def self.role_schema_filters
|
|
173
|
-
jungle.role_schema_filters =
|
|
174
|
-
|
|
175
|
-
|
|
176
|
-
|
|
177
|
-
user: :hide_nonpublic_tables
|
|
178
|
-
}
|
|
171
|
+
jungle.role_schema_filters = {
|
|
172
|
+
root: :allow_all_tables,
|
|
173
|
+
admin: :allow_all_tables,
|
|
174
|
+
user: :hide_nonpublic_tables
|
|
179
175
|
}
|
|
180
176
|
end
|
|
181
177
|
|
|
@@ -71,10 +71,12 @@ module JunglePath
|
|
|
71
71
|
idn.role = data_provider.get_role(idn, no_cache)
|
|
72
72
|
idn.authorization_filter = data_provider.get_authorization_filter(idn, no_cache)
|
|
73
73
|
idn.query_filters = data_provider.get_query_filters(idn, no_cache)
|
|
74
|
+
puts "query_filters: set!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
|
|
74
75
|
else
|
|
75
76
|
idn.role = nil
|
|
76
77
|
idn.authorization_filter = nil
|
|
77
78
|
idn.query_filters = nil
|
|
79
|
+
puts "query_filters: nil!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
|
|
78
80
|
end
|
|
79
81
|
end
|
|
80
82
|
idn
|
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
module JunglePath
|
|
2
2
|
require 'jungle_path/authentication/password_hash'
|
|
3
3
|
require 'jungle_path/authorization/filter'
|
|
4
|
+
require 'jungle_path/query/filter'
|
|
4
5
|
require 'jungle_path/schema/auth'
|
|
5
6
|
require 'jungle_path/sql/user'
|
|
6
7
|
module Authentication
|
|
@@ -68,22 +69,51 @@ module JunglePath
|
|
|
68
69
|
end
|
|
69
70
|
|
|
70
71
|
def get_authorization_filter(identity, no_cache=false)
|
|
71
|
-
JunglePath::Authorization::Filter.new([identity.role], @models, @role_permissions, @role_restrictions, @role_schema_filters
|
|
72
|
+
JunglePath::Authorization::Filter.new([identity.role], @models, @role_permissions, @role_restrictions, @role_schema_filters, @schema_filters)
|
|
72
73
|
end
|
|
73
74
|
|
|
74
75
|
def get_query_filters(identity, no_cache=false)
|
|
75
76
|
filters = []
|
|
76
|
-
|
|
77
|
-
|
|
77
|
+
|
|
78
|
+
temp_filters = @role_query_filters.call(identity)[identity.role] || []
|
|
79
|
+
temp_filters.each do |filter|
|
|
80
|
+
filters << JunglePath::Query::Filter.new(filter[:table_name], filter[:sub_select])
|
|
78
81
|
end
|
|
79
|
-
|
|
80
|
-
|
|
82
|
+
|
|
83
|
+
temp_filters = @restriction_query_filters.call(identity)
|
|
84
|
+
identity.authorization_filter.restrictions.each do |restriction|
|
|
85
|
+
temp = temp_filters[restriction] || []
|
|
86
|
+
temp.each do |filter|
|
|
87
|
+
filters << JunglePath::Query::Filter.new(filter[:table_name], filter[:sub_select])
|
|
88
|
+
end
|
|
81
89
|
end
|
|
82
|
-
|
|
83
|
-
|
|
90
|
+
|
|
91
|
+
temp_filters = @user_query_filters.call(identity)
|
|
92
|
+
temp = temp_filters[identity.user.id] || []
|
|
93
|
+
temp.each do |filter|
|
|
94
|
+
filters << JunglePath::Query::Filter.new(filter[:table_name], filter[:sub_select])
|
|
84
95
|
end
|
|
96
|
+
|
|
85
97
|
filters
|
|
86
98
|
end
|
|
99
|
+
|
|
100
|
+
|
|
101
|
+
# def get_query_filters(identity, no_cache=false)
|
|
102
|
+
# filters = []
|
|
103
|
+
# @role_query_filters.call(identity).each do |key, filter|
|
|
104
|
+
# puts "role_query_filters: key/filter: #{key}/#{filter}"
|
|
105
|
+
# filters << filter
|
|
106
|
+
# end
|
|
107
|
+
# @restriction_query_filters.call(identity).each do |key, filter|
|
|
108
|
+
# puts "restriction_query_filters: key/filter: #{key}/#{filter}"
|
|
109
|
+
# filters << filter
|
|
110
|
+
# end
|
|
111
|
+
# @user_query_filters.call(identity).each do |key, filter|
|
|
112
|
+
# puts "user_query_filters: key/filter: #{key}/#{filter}"
|
|
113
|
+
# filters << filter
|
|
114
|
+
# end
|
|
115
|
+
# filters
|
|
116
|
+
# end
|
|
87
117
|
end
|
|
88
118
|
end
|
|
89
119
|
end
|
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
module JunglePath
|
|
2
2
|
require 'jungle_path/authentication/password_hash'
|
|
3
3
|
require 'jungle_path/authorization/filter'
|
|
4
|
+
require 'jungle_path/query/filter'
|
|
4
5
|
require 'jungle_path/schema/auth'
|
|
5
6
|
module Authentication
|
|
6
7
|
module DataProvider
|
|
@@ -71,37 +72,30 @@ module JunglePath
|
|
|
71
72
|
@role_permissions[role[:name]] = role[:permissions]
|
|
72
73
|
@role_restrictions[role[:name]] = role[:restrictions]
|
|
73
74
|
end
|
|
74
|
-
@role_schema_filters =
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
user: :hide_nonpublic_tables
|
|
79
|
-
}
|
|
75
|
+
@role_schema_filters = {
|
|
76
|
+
root: :allow_all_tables,
|
|
77
|
+
admin: :allow_all_tables,
|
|
78
|
+
user: :hide_nonpublic_tables
|
|
80
79
|
}
|
|
81
|
-
@schema_filters =
|
|
82
|
-
|
|
83
|
-
|
|
84
|
-
hide_nonpublic_tables: {allow: [{table: /./}], deny: [{table: /^utility_/}, {table: /^temp_/}]}
|
|
85
|
-
}
|
|
80
|
+
@schema_filters = {
|
|
81
|
+
allow_all_tables: {allow: [table: /./]},
|
|
82
|
+
hide_nonpublic_tables: {allow: [{table: /./}], deny: [{table: /^utility_/}, {table: /^temp_/}]}
|
|
86
83
|
}
|
|
87
|
-
@role_query_filters = lambda
|
|
88
|
-
filters = {
|
|
84
|
+
@role_query_filters = lambda do |identity| {
|
|
89
85
|
admin: [
|
|
90
86
|
{table_name: :table_i_want_to_filter, sub_select: "select id from table_i_want_to_filter where a = b"}
|
|
91
87
|
]
|
|
92
|
-
# more...
|
|
93
88
|
}
|
|
94
|
-
|
|
95
|
-
@restriction_query_filters = lambda
|
|
96
|
-
filters = {
|
|
89
|
+
end
|
|
90
|
+
@restriction_query_filters = lambda do |identity| {
|
|
97
91
|
me_related:[
|
|
98
92
|
{table_name: :user, sub_select: "select id from user where id = #{identity.user.id}"}
|
|
99
93
|
]
|
|
100
94
|
}
|
|
101
|
-
|
|
102
|
-
@user_query_filters = lambda
|
|
103
|
-
|
|
104
|
-
|
|
95
|
+
end
|
|
96
|
+
@user_query_filters = lambda do |identity| {
|
|
97
|
+
}
|
|
98
|
+
end
|
|
105
99
|
end
|
|
106
100
|
|
|
107
101
|
def get_user(user_name, password, no_cache=false)
|
|
@@ -127,20 +121,31 @@ module JunglePath
|
|
|
127
121
|
end
|
|
128
122
|
|
|
129
123
|
def get_authorization_filter(identity, no_cache=false)
|
|
130
|
-
JunglePath::Authorization::Filter.new([identity.role], @models, @role_permissions, @role_restrictions, @role_schema_filters
|
|
124
|
+
JunglePath::Authorization::Filter.new([identity.role], @models, @role_permissions, @role_restrictions, @role_schema_filters, @schema_filters)
|
|
131
125
|
end
|
|
132
126
|
|
|
133
127
|
def get_query_filters(identity, no_cache=false)
|
|
134
128
|
filters = []
|
|
135
|
-
|
|
136
|
-
|
|
129
|
+
|
|
130
|
+
temp_filters = @role_query_filters.call(identity)[identity.role] or []
|
|
131
|
+
temp_filters.each do |filter|
|
|
132
|
+
filters << JunglePath::Query::Filter.new(filter[:table_name], filter[:sub_select])
|
|
137
133
|
end
|
|
138
|
-
|
|
139
|
-
|
|
134
|
+
|
|
135
|
+
temp_filters = @restriction_query_filters.call(identity)
|
|
136
|
+
identity.authorization_filter.restrictions.each do |restriction|
|
|
137
|
+
temp = temp_filters[restriction] or []
|
|
138
|
+
temp.each do |filter|
|
|
139
|
+
filters << JunglePath::Query::Filter.new(filter[:table_name], filter[:sub_select])
|
|
140
|
+
end
|
|
140
141
|
end
|
|
141
|
-
|
|
142
|
-
|
|
142
|
+
|
|
143
|
+
temp_filters = @user_query_filters.call(identity)
|
|
144
|
+
temp = temp_filters[identity.user.id] or []
|
|
145
|
+
temp.each do |filter|
|
|
146
|
+
filters << JunglePath::Query::Filter.new(filter[:table_name], filter[:sub_select])
|
|
143
147
|
end
|
|
148
|
+
|
|
144
149
|
filters
|
|
145
150
|
end
|
|
146
151
|
end
|
|
@@ -1,4 +1,6 @@
|
|
|
1
1
|
module JunglePath
|
|
2
|
+
require 'jungle_path/gen/schema_tree'
|
|
3
|
+
require 'jungle_path/gen/schema_tree/filter'
|
|
2
4
|
require 'jungle_path/gen/schema_tree/node'
|
|
3
5
|
module Authorization
|
|
4
6
|
class Filter
|
|
@@ -65,6 +67,10 @@ module JunglePath
|
|
|
65
67
|
@root_roles
|
|
66
68
|
end
|
|
67
69
|
|
|
70
|
+
def to_s
|
|
71
|
+
"roles: #{@roles}\npermissions: #{@permissions}\nrestrictions: #{@restrictions}\nschema_filter: #{@schema_filter}"
|
|
72
|
+
end
|
|
73
|
+
|
|
68
74
|
private
|
|
69
75
|
|
|
70
76
|
def eat_roles roles, role_permissions, role_restrictions, role_schema_filters, schema_filters
|
|
@@ -1,13 +1,14 @@
|
|
|
1
1
|
module JunglePath
|
|
2
2
|
module Gen
|
|
3
3
|
module SchemaTree
|
|
4
|
+
require 'jungle_path/gen/schema_tree/match_tables'
|
|
4
5
|
class Filter
|
|
5
6
|
def initialize hash=nil
|
|
6
7
|
throw "Invalid data parameter: expected a hash, but got this: #{hash}" unless hash.class == Hash or hash == nil
|
|
7
8
|
allow = hash[:allow] if hash
|
|
8
9
|
deny = hash[:deny] if hash
|
|
9
|
-
@match_tables_allow = MatchTables.new allow
|
|
10
|
-
@match_tables_deny = MatchTables.new deny
|
|
10
|
+
@match_tables_allow = JunglePath::Gen::SchemaTree::MatchTables.new allow
|
|
11
|
+
@match_tables_deny = JunglePath::Gen::SchemaTree::MatchTables.new deny
|
|
11
12
|
end
|
|
12
13
|
def allow? table_name, column_name=nil
|
|
13
14
|
if @match_tables_allow.matched?(table_name, column_name)
|
|
@@ -1,11 +1,12 @@
|
|
|
1
1
|
module JunglePath
|
|
2
2
|
module Gen
|
|
3
3
|
module SchemaTree
|
|
4
|
+
require 'jungle_path/gen/schema_tree/match_columns'
|
|
4
5
|
class MatchTableData
|
|
5
6
|
attr_reader :name, :columns, :regexp
|
|
6
7
|
def initialize name, columns
|
|
7
8
|
@name = name
|
|
8
|
-
@columns = MatchColumns.new(columns)
|
|
9
|
+
@columns = JunglePath::Gen::SchemaTree::MatchColumns.new(columns)
|
|
9
10
|
@regexp = @name if @name and @name.class == Regexp
|
|
10
11
|
end
|
|
11
12
|
|
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
module JunglePath
|
|
2
2
|
module Gen
|
|
3
3
|
module SchemaTree
|
|
4
|
+
require 'jungle_path/gen/schema_tree/match_table_data'
|
|
4
5
|
class MatchTables
|
|
5
6
|
def initialize data
|
|
6
7
|
@hash = {}
|
|
@@ -14,7 +15,7 @@ module JunglePath
|
|
|
14
15
|
columns = h[:columns]
|
|
15
16
|
puts "columns: #{columns}."
|
|
16
17
|
if table
|
|
17
|
-
mtd = MatchTableData.new(table, columns)
|
|
18
|
+
mtd = JunglePath::Gen::SchemaTree::MatchTableData.new(table, columns)
|
|
18
19
|
puts "mtd: #{mtd}."
|
|
19
20
|
@hash[mtd.name] = mtd
|
|
20
21
|
@match_data << mtd if mtd.regexp
|
|
@@ -6,12 +6,12 @@ require 'jungle_path/query'
|
|
|
6
6
|
module JunglePath
|
|
7
7
|
module Query
|
|
8
8
|
class Engine
|
|
9
|
-
attr_reader :root, :tables, :
|
|
9
|
+
attr_reader :root, :tables, :identity, :apply_limit_offset_to_sql
|
|
10
10
|
|
|
11
|
-
#def initialize(tables_hash,
|
|
12
|
-
def initialize(node_tree,
|
|
11
|
+
#def initialize(tables_hash, identity=nil, apply_limit_offset_to_sql=true)
|
|
12
|
+
def initialize(node_tree, identity=nil, apply_limit_offset_to_sql=true)
|
|
13
13
|
@tables = node_tree.tables_hash
|
|
14
|
-
@
|
|
14
|
+
@identity = identity
|
|
15
15
|
@apply_limit_offset_to_sql = apply_limit_offset_to_sql
|
|
16
16
|
#@root = Gen.gen_node_tree(tables_hash)
|
|
17
17
|
@root = node_tree
|
|
@@ -64,7 +64,7 @@ module JunglePath
|
|
|
64
64
|
sort_ids << "#{entity.alias_}.#{field.name}".to_sym
|
|
65
65
|
end
|
|
66
66
|
puts "#{entity.alias_}.#{field.name} as \"#{entity.alias_}.#{field.name}\" is_secure? #{field.is_secure?}."
|
|
67
|
-
if !field.is_secure? or (field.is_secure? and engine.
|
|
67
|
+
if !field.is_secure? or (field.is_secure? and engine.identity.authorization_filter.is_root? or engine.identity.authorization_filter.is_user_admin?)
|
|
68
68
|
select << "#{entity.alias_}.#{field.name} as \"#{entity.alias_}.#{field.name}\""
|
|
69
69
|
end
|
|
70
70
|
end
|
|
@@ -96,8 +96,8 @@ module JunglePath
|
|
|
96
96
|
def self.hook_in_filters(engine, select, from, where, sort, entity)
|
|
97
97
|
puts "hook_in_filters QQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQ FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFf"
|
|
98
98
|
#binding.pry
|
|
99
|
-
if engine.
|
|
100
|
-
engine.
|
|
99
|
+
if engine.identity and engine.identity.query_filters
|
|
100
|
+
engine.identity.query_filters.each do |filter|
|
|
101
101
|
puts "hook_in_filters: filter.table_name: #{filter.table_name}."
|
|
102
102
|
from.each do |frm|
|
|
103
103
|
puts "hook_in_filters: frm.table_name: #{frm.table_name}."
|
data/lib/jungle_path/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: jungle_path
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0.
|
|
4
|
+
version: 0.0.5
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Michael VanZant
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2017-04-
|
|
11
|
+
date: 2017-04-25 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|