mikras_utils 0.13.0 → 0.14.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 9964faf5abafd14d5f5c1ecad85467e8d093298e94fa1a4b16ac6ea1f5239346
-  data.tar.gz: 2e5445e590ef3c1f26766d79ed919fbb68481428724a68a0b5fa79ee11fd30c4
+  metadata.gz: '09748841bbccd2fc59e03f01fd240ac333963e7f6e8f35ed68d3d8268fdb4a97'
+  data.tar.gz: b058155721495e702725d5cf1a68d37139e3c8abe82089939e3c018ac5b3e7b3
 SHA512:
-  metadata.gz: d9e3ab19f124f630d5651d608824930cbd5326bb682f659a951043c8b64fa3b1d0aedf7e255b862bf4e3ea961c66567bfad995babf90eb61f9b396e23a482340
-  data.tar.gz: de73266c341b7d6193d056b73bc0e46a6925c69be9f06bad6fb47df09ed3055629a6ac87ab636876b8a59ea76b62133a9f87a1757203adf863288c5c4eb45bf4
+  metadata.gz: b25c043d64872f36c9b8d92e0f86d314164ef19695273255030d685e42497d0f7497395cf66718a41bf65e2ee6d4a4c1fad7db1b9202358ca6180e30df88eb76
+  data.tar.gz: b66d7b04e85ff125b6f8b5dc143bdb7893db08686c036899ca37ac0aa6aa7dd58edda99b976962266ebae4e00343fd80d1e66aa9c719846bf327dedc42c89888

data/lib/mikras_utils/mkacl/analyzer.rb

@@ -15,6 +15,23 @@ module MkAcl
     end
 
     def analyze
+      # Check select-mutations are nil
+      spec.tables.each { |table|
+        table.actions.each { |name, action|
+          if name == "select"
+            action.rules.each { |rule|
+              rule.mutation.nil? or
+                  raise ArgumentError, "Can't use mutations in select actions in table #{table.name}"
+            }
+          end
+        }
+      }
+
+      # Assign default detach
+      spec.tables.each { |table|
+        table.attach&.copy(:detach) if table.detach.nil?
+      }
+
       # Find child-parent relations between linked tables
       links = conn.tuples %(
         select
@@ -66,17 +83,6 @@ module MkAcl
         end
       }
 
-      # Set mutation to nil select/attach/detach actions
-      spec.tables.each { |table|
-        table.actions.each { |name, action|
-          if %w(select attach detach).include?(name)
-            action.rules.each { |rule|
-              rule.mutation = nil
-            }
-          end
-        }
-      }
-
       # Resolve domains
       spec.tables.select(&:acl).each { |t| resolve_domain(t) }
 

data/lib/mikras_utils/mkacl/generators/seeds.rb

@@ -21,7 +21,7 @@ module MkAcl
     private
       def clean_tables
         puts %(
-          delete from acl_portal.acl_timestamps;
+          delete from acl_portal.acl_stamps;
           delete from acl_portal.acl_rules;
           delete from acl_portal.acl_actions;
           delete from acl_portal.acl_tables;
@@ -68,14 +68,13 @@ module MkAcl
               puts
             }
 
-            action.timestamps.each { |timestamp|
+            action.stamps.each { |stamp|
               puts %(
-                insert into acl_portal.acl_timestamps (action_id, watch, assign, stamp)
+                insert into acl_portal.acl_stamps (action_id, watch, stamp)
                   values (
                     :action_id,
-                    #{conn.quote_value(timestamp.watch)},
-                    #{conn.quote_value(timestamp.assign)},
-                    #{conn.quote_value(timestamp.stamp)}
+                    #{conn.quote_value(stamp.watch)},
+                    #{conn.quote_value(stamp.stamp)}
                   );
               ).align
               puts

data/lib/mikras_utils/mkacl/parser.rb

@@ -56,65 +56,23 @@ module MkAcl
 
     def parse_actions(table, actions)
       for action_name, entries in actions
-        constrain?(action_name, :insert, :select, :update, :delete, :attach, :detach) or
-            error "Illegal action '#{action_name}'"
-
-        # real_action_names break :attach into both :attach and :detach
-        for real_action_name in (action_name == :attach ? [:attach, :detach] : [action_name])
-          constrain?(entries, String, Array, Hash) or
-              error "Illegal value for #{action_name} entry '#{entries}'"
-          action = Action.new(table, real_action_name)
-
-          # Normalize entries
-          case entries
-            when Hash
-              timestamps = entries.delete(:timestamps) and parse_timestamps(action, timestamps)
-              entries = [entries]
-            when String
-              entries = [{ roles: entries }]
-            when Array
-              # Arrays can't specify mutations (for now)
-              entries.reject! { |element|
-                timestamps = element.delete(:timestamps) and parse_timestamps(action, timestamps)
-              }
-          end
-          parse_rules(action, entries)
-        end
-      end
-    end
-
-    def parse_timestamps(table, timestamps)
-      # Normalize timestamps
-      timestamps = [timestamps] if timestamps.is_a?(Hash)
-
-      case timestamps
-        when String
-          timestamps.split.each { |watch_field|
-            case watch_field
-              when /^(.*)(?:_by_id|_to_id)$/
-                Timestamp.new(table, watch_field, nil, "#{$1}_at")
-              when /^(created|updated|deleted)_at$/
-                Timestamp.new(table, nil, "#{$1}_by_id", watch_field)
-            else
-              raise ArgumentError, "Illegal timestamp specifier: #{watch_field.inspect}"
-            end
-          }
-
-        when Array
-          for entry in timestamps
-            timestamp = Timestamp.new(table)
-            for key, value in entry
-              case key
-                when :watch; timestamp.watch = value
-                when :assign; timestamp.assign = value
-                when :stamp; timestamp.stamp = value
-              else
-                error "Illegal field '#{key}' in #{table} timestamps"
-              end
+        ACTIONS.include?(action_name.to_s) or error "Illegal action '#{action_name}'"
+        constrain?(entries, String, Array, Hash) or
+            error "Illegal value for #{action_name} entry '#{entries}'"
+
+        action = Action.new(table, action_name)
+
+        # Normalize entries
+        entries =
+            case entries
+              when Hash
+                [entries]
+              when String
+                [{ roles: entries }]
+              when Array
+                entries
             end
-          end
-      else
-        error "Illegal timestamp type: #{timestamps.class}"
+        parse_rules(action, entries)
       end
     end
 
@@ -122,8 +80,8 @@ module MkAcl
       ordinal = 0
 
       for entry in rules
-        timestamps = entry.delete(:timestamps) and parse_timestamps(action, timestamps)
         rule = Rule.new(action, ordinal += 1)
+        stamps = entry.delete(:stamps) and parse_stamps(rule, stamps)
         for key, value in entry
           case key
             when :roles; rule.roles = norm_array(value)
@@ -141,11 +99,35 @@ module MkAcl
             error "At least one rule is required in #{action.table}.#{action}"
       end
     end
+
+    def parse_stamps(rule, stamps)
+      constrain rule, Rule
+      constrain stamps, String, Hash, Array
+#     constrain stamps, String, Hash[watch: NilClass | String | [String], stamp: String | [String]]
+
+      # Normalize stamps
+      stamps = Array(stamps)
+
+      stamps.map! { |stamp|
+        case stamp
+          when Hash; stamp
+          when String; { stamp: stamp }
+        else
+          raise ArgumentError, "Illegal element in #{rule.name} rule in table #{rule.table.name}"
+        end
+      }
+
+      # Check fields and create stamp
+      stamps.each { |stamp|
+        # Check fields
+        diff = stamp.keys - [:watch, :stamp]
+        diff.empty? or raise "Illegal field '#{diff.first}' in #{rule.name} rule in table #{rule.table.name}"
+        Stamp.new(rule, stamp[:watch]&.split, stamp[:stamp].split)
+      }
+    end
   end
 end
 
-#def declare_record(name, array_arg = nil, &record_
-
 
 
 

data/lib/mikras_utils/mkacl/spec.rb

@@ -1,6 +1,7 @@
 
 module MkAcl
   DEFAULT_MUTATION = "app_portal.mutate"
+  ACTIONS = %w(insert select update delete attach detach)
 
   class Spec
     # Source SPEC file. Only for informational purposes
@@ -33,7 +34,6 @@ module MkAcl
       indent {
         puts "app_schema: #{app_schema}"
         puts "acl_schema: #{acl_schema}"
-        puts
         tables.map(&:dump)
       }
     end
@@ -74,20 +74,22 @@ module MkAcl
     # True if the portal object triggers should be active on the table
     attr_accessor :triggers
 
-    # SQL to create the ACL for a table. No ACL if false, default ACL if nil
+    # True if the table is under RLS control
     attr_accessor :acl
 
     # Associated record name. Used in function names and in conversions
     attr_reader :record_name
 
-    # Action and timestamp objects
+    # Hash from action name to action object
+    attr_reader :actions
+
+    # Action objects
     def insert = @actions["insert"]
     def select = @actions["select"]
     def update = @actions["update"]
     def delete = @actions["delete"]
-
-    # Hash from action name to action object
-    attr_reader :actions
+    def attach = @actions["attach"]
+    def detach = @actions["detach"]
 
     def initialize(spec, name, domain, parent_name, triggers, acl)
       @spec = spec
@@ -102,31 +104,37 @@ module MkAcl
       @acl = acl
       @actions = {}
       @spec.send :attach_table, self
-      for action_name in %w(insert select update delete)
-        attach_action(Action.new(self, action_name))
-      end
+#     for action_name in ACTIONS
+#       attach_action(Action.new(self, action_name))
+#     end
     end
 
     def to_s() = name
     def inspect() "<#{self.class}#name #{name.inspect}>" end
 
     def dump
+      puts
       puts "#{name}:"
       indent {
         puts "domain: #{domain}" if domain
         puts "parent: #{parent}" if parent
-        puts "references: [#{references.values.map { |k,v| "#{v}->#{k.name}" }.join(' ')}]"
-        for action_name in %w(insert select update delete)
-          actions[action_name]&.dump
+        puts "references: #{references.values.map { |k,v| "#{v}->#{k.name}" }.join(' ')}"
+        for action_name in ACTIONS
+          next if !actions.key? action_name
+
+          if !(action_name == "detach" && attach.rules == detach.rules)
+            if action_name == "attach" && attach.rules == detach.rules
+              header = "attach/detach"
+            else
+              header = nil
+            end
+
+            action = actions[action_name]
+            actions[action_name]&.dump(header)
+          end
         end
-
         puts "triggers: #{triggers}"
-        case acl
-          when false; puts "acl: false"
-          when true;
-            puts "acl:"
-            indent { puts acl }
-        end
+        puts "acl: #{acl}"
       }
     end
 
@@ -140,38 +148,34 @@ module MkAcl
     attr_reader :table
     attr_reader :name
     attr_reader :rules
-    attr_reader :timestamps
 
     def initialize(table, name)
       @table = table
       @name = name.to_s
       @rules = []
-      @timestamps = []
       @table.send :attach_action, self
     end
 
+    def copy(name)
+      cp = Action.new(self.table, name)
+      cp.rules.concat self.rules
+      cp
+    end
+
     def to_s() name end
 
-    def dump
-      if rules.empty? && timestamps.empty?
-        puts "#{name}: []"
-      else
-        puts "#{name}:"
+    def dump(header)
+      header = "#{header || name}:"
+      if rules.size == 1
+        puts header
+        indent { rules.first.dump }
+      elsif rules.size > 1
+        puts header
         indent {
           for rule in rules.sort_by(&:ordinal)
             print "- "
             indent(bol: false) { rule.dump }
           end
-
-          if !timestamps.empty?
-            puts "- timestamps:"
-            indent {
-              for timestamp in timestamps
-                print "- "
-                indent(bol: false) { timestamp.dump }
-              end
-            }
-          end
         }
       end
     end
@@ -180,36 +184,6 @@ module MkAcl
     def attach_rule(rule)
       @rules << rule
     end
-
-    def attach_timestamp(timestamp)
-      @timestamps << timestamp
-    end
-  end
-
-  class Timestamp
-    attr_reader :action
-    forward_to :action, :table, :name
-    attr_accessor :watch
-    attr_accessor :assign
-    attr_accessor :stamp
-
-#   def created_at?() = watch == "insert"
-#   def updated_at?() = watch == "update"
-#   def deleted_at?() = watch == "delete"
-
-    def initialize(action, watch = nil, assign = nil, stamp = nil)
-      @action = action
-      @watch, @assign, @stamp = watch, assign, stamp
-      action.send :attach_timestamp, self
-    end
-
-    def to_s() = watch
-
-    def dump
-      puts "watch: #{watch}" if watch
-      puts "assign: #{assign}" if assign
-      puts "stamp: #{stamp}" if stamp
-    end
   end
 
   class Rule
@@ -220,9 +194,10 @@ module MkAcl
     attr_accessor :roles # Roles that this rule applies to
     attr_accessor :filter # Goes into the postgres policy, may be nil
     attr_accessor :assert # Goes into the postgres trigger, may be nil
-    attr_accessor :mutation # Mutation function to use, may be nil. Default app_portal.mutate()
+    attr_accessor :mutation # Mutation function to use, may be nil. Default app_portal.mutate() except attach/detach
     attr_accessor :fields # Only used for insert and update, nil otherwise
     attr_accessor :tables # Only used for attach and detach, nil otherwise
+    attr_accessor :stamps
     attr_reader :ordinal
 
     # admin, internal, etc.
@@ -237,23 +212,63 @@ module MkAcl
       @roles = []
       @filter = nil
       @assert = nil
-      @mutation = DEFAULT_MUTATION
+      @mutation = (action.name == "select" ? nil : DEFAULT_MUTATION)
       @fields = %w(insert update).include?(action.name) ? [] : nil
-      @tables = %w(attach).include?(action.name) ? [] : nil
+      @tables = %w(attach detach).include?(action.name) ? [] : nil
+      @stamps = []
 
       action.send :attach_rule, self
     end
 
     def dump
-      puts "roles: [#{roles.join(' ')}]"
+      puts "roles: #{roles.join(' ')}"
       puts "filter: #{filter}" if filter
       puts "assert: #{assert}" if assert
-      puts "mutation: #{mutation || 'nil'}" \
-          if %w(insert update delete).include?(name) && mutation != DEFAULT_MUTATION
-      puts "fields: [#{fields.join(' ')}]" if fields && !fields.empty?
-      puts "tables: [#{tables.join(' ')}]" if tables && !tables.empty?
+      puts "mutation: #{mutation || 'nil'}" if !mutation.nil? && mutation != DEFAULT_MUTATION
+      puts "fields: #{fields.join(' ')}" if fields && !fields.empty?
+      puts "tables: #{tables.join(' ')}" if tables && !tables.empty?
+
+      if stamps.size == 1
+        stamps.first.dump
+      elsif stamps.size > 1
+        puts "stamps:"
+        indent {
+          for stamp in stamps
+            print "- "
+            indent(bol: false) { stamp.dump }
+          end
+        }
+      end
+
       puts "ordinal: #{ordinal}"
     end
+  private
+    def attach_stamp(stamp)
+      @stamps << stamp
+    end
   end
+
+  class Stamp
+    attr_reader :rule
+    forward_to :rule, :table, :name
+
+    attr_accessor :watch
+    attr_accessor :stamp
+
+    def initialize(rule, watch = nil, stamp)
+      constrain rule, Rule
+      @rule = rule
+      @watch, @stamp = watch, stamp
+      rule.send :attach_stamp, self
+    end
+
+    def to_s() = watch
+
+    def dump
+      puts "watch: #{watch.join(" ")}" if watch
+      puts "stamp: #{stamp.join(" ")}" if stamp
+    end
+  end
+
 end
 

data/lib/mikras_utils/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module MikrasUtils
-  VERSION = "0.13.0"
+  VERSION = "0.14.0"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: mikras_utils
 version: !ruby/object:Gem::Version
-  version: 0.13.0
+  version: 0.14.0
 platform: ruby
 authors:
 - Claus Rasmussen
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2025-03-20 00:00:00.000000000 Z
+date: 2025-03-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: pg_conn