mikras_utils 0.2.0 → 0.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 3a66c5d0dcdafd3fb71c101b1cb02d5acb3ebe464418c070ed98c9e192301a45
-  data.tar.gz: 6bf90eead1cf7fd35b8a5082bae1a68cc6aec3a8ef158f025d6f3643c49f0f8f
+  metadata.gz: '039c1d561f66158183511f72a09ce9b76b3de0c7110d8e6aadce11b338985209'
+  data.tar.gz: dae3de2a17dd845f6a350ec3b63636e97ff2b565a75d40bd47e429abe5654668
 SHA512:
-  metadata.gz: 8339a0a8a6f4180aa26b3f1430ce722d3f399d45b9875e59dfa0ace4086dcd9db82dc8b8b2c66596b52391e4140e0475bfb033b29470ee71cc2de000c138b0c1
-  data.tar.gz: 525550b69df7f1151f6f617c4cf9b9f5f034501cff135d2de268ed2d76c7e393f57b8aa3cf68f8e768d03dfd04669cea9c81536891c0c73b645f4e00493eeaf8
+  metadata.gz: 4651ae8fc80806930718c561c94ae10547d80654802cb88f19020b020871d5de73cd4b736ad98755f63333f8262c44a438ab6134d87d9f51989d68e5ed1bee43
+  data.tar.gz: 05a47f398922d45c61e3746c28a5fae17a334e38c9a7eb4a35dbdd4764d4d86dcd57b293fa14b6600e80da5f54b26a65aada13e3679ed56aa670107b457e4ebf

data/lib/mikras_utils/mkacl/generators/acl_functions.rb

@@ -68,8 +68,8 @@ module MkAcl
               _domain_id integer;
               _acls integer[]; -- per-rule ACLs
               _acl_select integer[][]; -- per-action ACLs
-              _acl_update integer[][];
-              _acl_delete integer[][];
+              _acl_update integer[][]; -- 
+              _acl_delete integer[][]; --
             begin
           ).align
           indent {

data/lib/mikras_utils/mkacl/generators/id_functions.rb

@@ -216,7 +216,7 @@ module MkAcl
           where schema_name = '#{app_schema}'
         )).group_by(&:table_name)
 
-        for domain in %w(case event)
+        for domain in MkAcl::DOMAINS
           domain_id_field = "#{domain}_id"
           signature = "#{acl_schema}.#{domain_id_field}_of(_r record)"
           puts %(
@@ -233,22 +233,22 @@ module MkAcl
             ).align
             indent {
               indent {
-                
-                
                 for table in spec.tables
                   next if domain == "event" && table.domain == "case"
-#                 puts "------------------------"
-#                 p table.name
-#                 p links.keys
+                  next if domain == "visit" && table.domain == "event"
                   link = links[table.name]&.first or next
                   if table.name == "cases"
                     puts "when '#{table.uid}' then return _r.id;"
                   elsif domain == "event" && table.name == "events"
                     puts "when '#{table.uid}' then return _r.id;"
+                  elsif domain == "visit" && table.name == "visits"
+                    puts "when '#{table.uid}' then return _r.id;"
                   elsif link.ref_table_name == "cases"
                     puts "when '#{table.uid}' then return _r.#{link.column_name};"
                   elsif link.ref_table_name == "events" && table.domain == "event"
                     puts "when '#{table.uid}' then return _r.#{link.column_name};"
+                  elsif link.ref_table_name == "visits" && table.domain == "visit"
+                    puts "when '#{table.uid}' then return _r.#{link.column_name};"
                   else
                     ref_record = spec[link.ref_table_name]&.record_name or next
                     id_of_function = "#{acl_schema}.#{domain_id_field}_of_#{ref_record}"
@@ -276,9 +276,8 @@ module MkAcl
             declare
               _id integer;
             begin
-              select coalesce(acl_portal.event_id_of(_r), acl_portal.case_id_of(_r))
+              select coalesce(acl_portal.visit_id_of(_r), acl_portal.event_id_of(_r), acl_portal.case_id_of(_r))
                 into _id;
-
               return _id;
             end;
           $$ language plpgsql

data/lib/mikras_utils/mkacl/generators/role_functions.rb

@@ -11,59 +11,128 @@ module MkAcl
       end
 
       def generate
-        generate_role_functions
+        generate_user_role_functions
+        generate_current_role_functions
       end
 
       def self.generate(generator) self.new(generator).generate end
-    
+
     private
-      def generate_role_functions
+      def generate_user_role_functions
         # TODO: Test. Then combine with per-table methods
-        signature = "public.current_is_role(_case_id integer, _roles text[])"
+        signature = "#{acl_schema}.user_is_role(_user_id integer, _domain_id integer, _roles text[])"
         puts %(
+          -- Return true if the user possess one or more of the given roles on the
+          -- domain record (cases, events, visits) with the given ID
+          --
           drop function if exists #{signature} cascade;
           create function #{signature} returns boolean as $$
-            select exists(
+            select exists (
               select
               from #{app_schema}.case_roles cr
               join #{app_schema}.case_role_users cru on cru.case_role_id = cr.id
-              where cr.case_id = _case_id
-                and cru.user_id = public.current_user_id()
+              where cr.case_id = _domain_id
+                and cru.user_id = _user_id
+                and cr.kind = any(_roles)
+
+              union
+
+              select
+              from #{app_schema}.event_roles cr
+              join #{app_schema}.event_role_users cru on cru.event_role_id = cr.id
+              where cr.event_id = _domain_id
+                and cru.user_id = _user_id
                 and cr.kind = any(_roles)
+
+              union
+
+              select
+              from #{app_schema}.visit_roles cr
+              join #{app_schema}.visit_role_users cru on cru.visit_role_id = cr.id
+              where cr.visit_id = _domain_id
+                and cru.user_id = _user_id
+                and cr.kind = any(_roles)
+
             );
           $$ language sql
             security definer;
         ).align
         puts
 
-        signature = "public.current_is_role(_case_id integer, role text)"
+        signature = "#{acl_schema}.user_is_role(_user_id integer, _domain_id integer, role text)"
+        puts %(
+          -- Return true if the user has the given role on the domain record
+          -- (cases, events, visits). Note that this function overloads the multi-role
+          -- version
+          --
+          drop function if exists #{signature} cascade;
+          create function #{signature} returns boolean as $$
+            select #{acl_schema}.user_is_role(_user_id, _domain_id, array[role]);
+          $$ language sql
+            security definer;
+        ).align
+        puts
+
+        for domain, roles in DOMAINS.zip([CASE_ROLES, EVENT_ROLES, VISIT_ROLES])
+          for role in roles
+            signature = "#{acl_schema}.user_is_#{role.downcase}(_user_id integer, _domain_id integer)"
+            puts %(
+              -- Return true if the user possess the '#{role}' role
+              --
+              drop function if exists #{signature} cascade;
+              create function #{signature} returns boolean as $$
+                select #{acl_schema}.user_is_role(_user_id, _domain_id, '#{role}');
+              $$ language sql
+                security definer;
+            ).align
+            puts
+          end
+        end
+      end
+
+      def generate_current_role_functions
+        # TODO: Test. Then combine with per-table methods
+        signature = "public.current_is_role(_domain_id integer, _roles text[])"
+        puts %(
+          -- Return true if the current user possess one or more of the given roles on the
+          -- domain record (cases, events, visits) with the given ID
+          --
+          drop function if exists #{signature} cascade;
+          create function #{signature} returns boolean as $$
+            select #{acl_schema}.user_is_role(public.current_user_id(), _domain_id, _roles);
+          $$ language sql
+            security definer;
+        ).align
+        puts
+
+        signature = "public.current_is_role(_domain_id integer, _role text)"
         puts %(
+          -- Return true if the current user possess the given role on the domain record
+          -- (cases, events, visits). Note that this function overloads the multi-role
+          -- version
+          --
           drop function if exists #{signature} cascade;
           create function #{signature} returns boolean as $$
-            select public.current_is_role(_case_id, array[role]);
+            select #{acl_schema}.user_is_role(public.current_user_id(), _domain_id, array[_role]);
           $$ language sql
             security definer;
         ).align
         puts
 
-        for role in MkAcl::ROLES
-          name = role.downcase
-          signature = "public.current_is_#{name}(_case_id integer)"
-          puts %(
-            drop function if exists #{signature} cascade;
-            create function #{signature} returns boolean as $$
-              select exists(
-                select
-                from #{app_schema}.case_roles cr
-                join #{app_schema}.case_role_users cru on cru.case_role_id = cr.id
-                where cr.case_id = _case_id
-                  and cru.user_id = public.current_user_id()
-                  and cr.kind = '#{role}'
-              );
-            $$ language sql
-              security definer;
-          ).align
-          puts
+        for domain, roles in DOMAINS.zip([CASE_ROLES, EVENT_ROLES, VISIT_ROLES])
+          for role in roles
+            signature = "public.current_is_#{role.downcase}(_domain_id integer)"
+            puts %(
+              -- Return true if the current user possess the '#{role}' role
+              --
+              drop function if exists #{signature} cascade;
+              create function #{signature} returns boolean as $$
+                select #{acl_schema}.user_is_role(public.current_user_id(), _domain_id, '#{role}');
+              $$ language sql
+                security definer;
+            ).align
+            puts
+          end
         end
       end
     end

data/lib/mikras_utils/mkacl/generators/rules.rb

@@ -6,7 +6,7 @@ module MkAcl
     # problem is that a record that fails the rule check is silently ignored
     # which is probably not what you want
     #
-    # The roles matches a acl_* array against a role action entry in the spec
+    # The roles matches an acl_* array against a role action entry in the spec
     # file. The acl_* arrays are themselves array of role ids. Each subarray is
     # indexed using the order in the acl.spec file
     #

data/lib/mikras_utils/mkacl/parser.rb

@@ -14,7 +14,7 @@ module MkAcl
     def parse_spec
       hash = YAML.load(IO.read(file), symbolize_names: true)
 
-      schema = hash.delete(:schema) or raise ArgumentError, "Can't find 'schema' declaration"
+      schema = hash.delete(:schema) or raise ArgumentError, "Can't find 'schema' declaration in #{file}"
       app_schema = schema[:app] or raise ArgumentError, "Can't find 'schema.app' attribute"
       acl_schema = schema[:acl] or raise ArgumentError, "Can't find 'schema.acl' attribute"
       spec = Spec.new(file, app_schema, acl_schema)

data/lib/mikras_utils/mkacl.rb

@@ -9,7 +9,14 @@ require 'prick-inflector'
 module MkAcl
   class ParseError < RuntimeError; end
 
-  ROLES = %w(RLA LA TA KON AKK CLA CTA ELA ETA)
+  DOMAINS = %w(case event visit)
+  DOMAIN_TABLES = DOMAINS.map { "#{_1}s" }
+
+  CASE_ROLES = %w(LA TA KON AKK RLA CLA CTA)
+  EVENT_ROLES = %w(ELA ETA)
+  VISIT_ROLES = %w(VLA VTA)
+
+  ROLES = CASE_ROLES + EVENT_ROLES + VISIT_ROLES
 end
 
 require_relative 'mkacl/spec.rb'

data/lib/mikras_utils/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module MikrasUtils
-  VERSION = "0.2.0"
+  VERSION = "0.3.0"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: mikras_utils
 version: !ruby/object:Gem::Version
-  version: 0.2.0
+  version: 0.3.0
 platform: ruby
 authors:
 - Claus Rasmussen
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2024-07-08 00:00:00.000000000 Z
+date: 2024-07-15 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: pg_conn