mikras_utils 0.3.2 → 0.4.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 356975b3f96e8341dba97e96ca170a0fb181c3c8654bc874300144774094daba
-  data.tar.gz: 5cb71f7c6add1f89ca5025bcc9630a58474055516295e50d9ad6a2386cf6eb84
+  metadata.gz: 74256281ee10bf5186723bfa260cd62dda3057216660aa945c7b591fa1581177
+  data.tar.gz: 882636fab035922c146cc33c33a5af9deaf0da818bec6897e17a84ad8f1f2289
 SHA512:
-  metadata.gz: 74ba9b96d512f831d0dd1a691d1c6892447ac21f29fe91a1f62a5cd87dfefda93d95229c16ddd063ff6bfe3ae1782ea44bda0189eedf7cf757ee7ab5825e9497
-  data.tar.gz: 1d5a378eddd2900ef31cfcd908bdcdd4f780eaf89a162946bdf445429ef076a8fee43e2b5b7709f3fbc2852f166f43983a4b87064f59574674f64cded967e0de
+  metadata.gz: 5ca4be02024c23f2109cc7f3919331c180f6403cb04906d5652446d80241e7b502ed9cfcebfcc5ddf66b098c4b6def8e3f1cd3863942f9e988cb3e5bd1abc501
+  data.tar.gz: 6d82b691b1b68214910dac0acc847a68b928b6e0f45c8a157e272ded5fdc84b2f3fe5e3f23ddbadbee4bd82f1621164eea1d736deb7923787fb9f999926ddf0e

data/exe/mkacl

@@ -1,13 +1,22 @@
 #!/usr/bin/env ruby
 
 SPEC = %(
-  @ Make RLS policies
+  @ Make RLS functions and policies
 
-  -- [DATABASE [USERNAME]] SPEC-FILE
+  -- [DATABASE] SPEC-FILE
 
-  Read SPEC and generate following functions, policies, and triggers
+  Read SPEC and generate following functions, policies, and triggers. The
+  default DATABASE and USERNAME variables are read from the environment and
+  then .prick.state.yml if present; otherwise the current user's database is
+  used
 
-  SPEC FILE 
+  FUNCTIONS
+    todo
+
+  TRIGGERS
+    todo
+
+  SPEC FILE
     The format is a YAML file where each root key represents a table. A table
     consists of insert, select, update, and delete actions that are arrays of
     ACL entries. An ACL entry list of associated roles and possibly a check SQL
@@ -25,17 +34,20 @@ SPEC = %(
     The following roles are recognized: RLA, LA, TA, KON, AKK, CLA, CTA, ELA,
     and ETA
 
-    Sagsys also defines the ADM role that is excluded because it is now a RBAC
-    fole, and PUP and NON that are excluded because they are not implemented in
-    Mikras
+    Sagsys also defines the ADM role that is excluded because it is a RBAC role
+    in Mikras, and PUP and NON roles that are excluded because they are not
+    implemented in Mikras
 
   OPTIONS
+    -d,dump
+      Dump internal format. Used for debugging
+
     -i,interactive
       Generate code for interactive use by added ON_ERROR_STOP and other variables
 
     -g,generate=LIST
       Generate only the given modules. LIST is a comma-separated list of
-      modules. The following modules are currently available: id_functions,
+      modules. The following modules are currently available: seeds, id_functions,
       insert_triggers, rules, acl_functions, and role_functions
 
     -W,no-warn
@@ -46,14 +58,17 @@ SPEC = %(
 require 'yaml'
 require 'shellopts'
 
+require_relative '../lib/mikras_utils/mikras.rb'
 require_relative '../lib/mikras_utils/mkacl.rb'
 
+PRICK_STATE_FILE = "prick.state.yml"
+
 opts, args = ShellOpts::process(SPEC, ARGV)
 file = args.extract(-1)
-database, username = args.extract(0..2)
-username ||= database || ENV['PRICK_USERNAME']
-database ||= ENV['PRICK_DATABASE']
-conn = PgConn.new database, username
+database = args.extract(0..1)
+
+conn = PgConn.new *Mikras.credentials(database)
+conn.schema.exist?("prick") or ShellOpts.error "Database '#{database}' is not a prick database"
 
 if opts.generate?
   modules = opts.generate.split(',').map(&:to_sym)
@@ -64,8 +79,10 @@ end
 
 spec = MkAcl::Parser.parse(file)
 MkAcl::Analyzer.analyze(spec, conn, warn: !opts.no_warn?)
-#spec.dump
-#exit
+if opts.dump?
+  spec.dump
+  exit
+end
 MkAcl::Generator.generate(spec, conn, modules, interactive: opts.interactive?)
 
 

data/exe/rls

@@ -0,0 +1,30 @@
+#!/usr/bin/env ruby
+
+require 'indented_io'
+require 'shellopts'
+require 'forward_to'
+
+include ForwardTo
+
+require_relative '../lib/mikras_utils/rls/spec.rb'
+require_relative '../lib/mikras_utils/rls/parser.rb'
+require_relative '../lib/mikras_utils/rls/analyzer.rb'
+
+def error(msg) = ShellOpts.error(msg)
+
+SPEC = %(
+  Parse RLS spec file
+
+  -- FILE
+)
+
+opts, args = ShellOpts.process(SPEC, ARGV)
+
+file = args.expect(1)
+spec = Parser.parse(file)
+Analyzer.analyze(spec)
+
+spec.dump
+
+
+

data/lib/mikras_utils/mikras.rb

@@ -0,0 +1,24 @@
+
+module Mikras
+  def self.credentials(database_argument)
+    if database_argument
+      database = database_argument
+      username = database
+    else
+      username ||= database || ENV['PRICK_USERNAME']
+      database ||= ENV['PRICK_DATABASE']
+
+      if database.nil? && File.exist?(PRICK_STATE_FILE)
+        prick_state = YAML.load(IO.read PRICK_STATE_FILE)
+        database = prick_state["database"]
+        username = prick_state["username"]
+      else
+        database ||= ENV["USER"]
+        username ||= database
+      end
+    end
+    [database, username]
+  end
+end
+
+

data/lib/mikras_utils/mkacl/analyzer.rb

@@ -15,19 +15,21 @@ module MkAcl
     end
 
     def analyze
+      # Find child-parent relations between linked tables
       links = conn.tuples %(
         select
-          table_name,
-          ref_table_name,
-          schema_name || '.' || table_name,
-          ref_schema_name || '.' || ref_table_name
+          table_name as "child_table_name",
+          schema_name || '.' || table_name as "child_table_uid",
+          ref_table_name as "parent_table_name",
+          ref_schema_name || '.' || ref_table_name as "parent_table_uid",
+          column_name as "parent_link_field"
         from meta.links
-        where schema_name = '#{spec.app_schema}' 
+        where schema_name = '#{spec.app_schema}'
           and ref_schema_name = '#{spec.app_schema}'
       )
 
-      # Link up tables
-      for child_table_name, parent_table_name, child_table_uid, parent_table_uid in links
+      # Assign table references
+      for child_table_name, child_table_uid, parent_table_name, parent_table_uid, parent_link_field in links
         if !spec.key?(child_table_name)
           @uncovered_tables << child_table_name
           next
@@ -35,8 +37,11 @@ module MkAcl
           @uncovered_tables << parent_table_name
           next
         end
-          
-        spec[child_table_name].parents << spec[parent_table_name] if spec[parent_table_name]
+
+        child_table = spec[child_table_name] or raise "Can't find table #{parent_table_name.inspect}"
+        parent_table = spec[parent_table_name] or raise "Can't find referenced table #{parent_table_name.inspect}"
+
+        child_table.references[parent_table.name] = [parent_table, parent_link_field]
       end
 
 #     if warn && !@uncovered_tables.empty?
@@ -44,29 +49,38 @@ module MkAcl
 #       indent { puts uncovered_tables }
 #     end
 
-      # Assign domains
-      spec.tables.each { |table| 
-        resolve_domain(table) 
-      }
-
-      # Check that no table has more than one parent. FIXME
+      # Assign parents
       spec.tables.each { |table|
-        table.parents.size <= 1 or raise ArgumentError, "Table '#{table.name}' has multiple parents"
+        if table.parent_name
+          table.parent = spec[table.parent_name] or raise ArgumentError, "Can't find '#{table.parent_name}'"
+          table.parent_link_field = table.references[table.parent.name].last
+        else
+          table.references.size <= 1 or raise ArgumentError, "Table '#{table.name}' has multiple references"
+          parent, link_field = table.references.values.first
+          if parent&.acl
+            table.parent = parent
+            table.parent_link_field = link_field
+          end
+        end
       }
 
+      # Resolve domains
+      spec.tables.select(&:acl).each { |t| resolve_domain(t) }
+
       spec
     end
 
     def self.analyze(spec, conn, **opts) self.new(spec, conn, **opts).analyze end
 
   private
-    def find_tables
-      
-    end
-
     def resolve_domain(table)
-      table.domain ||= table.parents.first && resolve_domain(table.parents.first)
+      if table.domain.nil?
+        !table.parent.nil? or raise ArgumentError, "Domain table without domain name - '#{table.name}'"
+        resolve_domain(table.parent)
+        table.domain = table.parent.domain
+      end
     end
   end
 end
 
+

data/lib/mikras_utils/mkacl/generator.rb

@@ -4,10 +4,11 @@ require_relative './generators/acl_functions.rb'
 require_relative './generators/insert_triggers.rb'
 require_relative './generators/role_functions.rb'
 require_relative './generators/rules.rb'
+require_relative './generators/seeds.rb'
 
 module MkAcl
   class Generator
-    MODULES = [:id_functions, :insert_triggers, :rules, :acl_functions, :role_functions]
+    MODULES = [:id_functions, :insert_triggers, :rules, :acl_functions, :role_functions, :seeds]
 
     using String::Text
 
@@ -32,6 +33,7 @@ module MkAcl
 
       matches = modules.map { |k| [k, true] }.to_h
 
+      Seeds.generate(self) if matches.key?(:seeds)
       IdFunctions.generate(self) if matches.key?(:id_functions)
       for table in spec.tables
         InsertTriggers.generate(self, table) if matches.key?(:insert_triggers)
@@ -42,7 +44,7 @@ module MkAcl
     end
 
     def self.generate(spec, conn, modules = MODULES, **opts)
-      self.new(spec, conn).generate(modules, **opts) 
+      self.new(spec, conn).generate(modules, **opts)
     end
 
     def inspect() "Generator(#{@database.inspect}, #{@username.inspect}, #{@spec})" end

data/lib/mikras_utils/mkacl/generators/acl_functions.rb

@@ -21,11 +21,28 @@ module MkAcl
       def self.generate(generator) self.new(generator).generate end
 
     private
+
+#     %(
+#       update TABLE  tbl
+#         set read_acls = (
+#           select array_agg(role_id)
+#           from acl_portal.eff_object_roles eor
+#           where tbl.DOMAIN_ID = eor.object_id
+#         )
+#     )
+
+#     %(
+#       select
+#       from
+#       where
+#         domain_id_of(DOMAIN, TABLE_NAME, id)
+#     )
+
       def generate_acl_update_function
         signature = "#{acl_schema}.update_acls()"
 
-        stmts = spec.tables.map { |table| 
-          "perform #{acl_schema}.#{table}_update_acls(id) from #{app_schema}.#{table};" 
+        stmts = spec.tables.map { |table|
+          "perform #{acl_schema}.#{table}_update_acls(id) from #{app_schema}.#{table};"
         }
 
         puts %(
@@ -56,7 +73,7 @@ module MkAcl
           -- Note: The different table-level variations of this function can be
           -- collapsed into a single function but it requires dynamic execution of
           -- a delete statement with array-of-array arguments :-O
-          -- 
+          --
           -- Note: This function is auto-generated by #{$PROGRAM_NAME} using #{spec.file}
           --
           drop function if exists #{signature} cascade;
@@ -68,7 +85,7 @@ module MkAcl
               _domain_id integer;
               _acls integer[]; -- per-rule ACLs
               _acl_select integer[][]; -- per-action ACLs
-              _acl_update integer[][]; -- 
+              _acl_update integer[][]; --
               _acl_delete integer[][]; --
             begin
           ).align
@@ -132,7 +149,7 @@ module MkAcl
         end
         puts %(
           -- Update ACL fields
-          update #{table.uid} 
+          update #{table.uid}
             set acl_select = _acl_select,
                 acl_update = _acl_update,
                 acl_delete = _acl_delete
@@ -165,7 +182,7 @@ module MkAcl
 
               -- Create attach ACLs
               insert into acl_portal.attach_acls (parent_table, parent_id, child_table, child_field, acls)
-                with 
+                with
                   case_role_acls as (
                     select
                       id
@@ -182,8 +199,8 @@ module MkAcl
                     where rolename = any(array[#{auth_role_list}]::text[])
                   ),
                   role_acls as (
-                    select * from case_role_acls 
-                    union 
+                    select * from case_role_acls
+                    union
                     select * from auth_role_acls
                   )
                 select
@@ -192,7 +209,7 @@ module MkAcl
                   l.table_name as "child_table",
                   l.column_name as "child_field",
                   array_agg(ra.id) as "acls"
-                from 
+                from
                   acl.links l,
                   role_acls ra
                 where l.table_name = '#{table}'

data/lib/mikras_utils/mkacl/generators/id_functions.rb

@@ -17,6 +17,42 @@ module MkAcl
         @chains = {}
       end
 
+      # Generate a set of per-table functions that returns the associated
+      # case_id/event_id/vist_id for the given record. The Functions are
+      # generated for each table in the spec file (todo read from meta)
+      #
+      # app_portal functions:
+      #
+      #   case_id_of_RECORD(object_id integer)
+      #   event_id_of_RECORD(object_id integer)
+      #   visit_id_of_RECORD(object_id integer)
+      #
+      # 'RECORD' is substituted with the record name of a table. Record names
+      # are the singular name of a table. TODO: Make it plural again
+      #
+      # acl_portal functions with a record argument (used in triggers):
+      #
+      #   case_id_of_RECORD(r record)
+      #   event_id_of_RECORD(r record)
+      #   visit_id_of_RECORD(r record)
+      #
+      # Returns the case, event, or visit id associated with the given record.
+      # The record should be an ACL table record type. These functions are used
+      # in before insert triggers because it takes a record (eg. NEW) instead
+      # of an ID - this saves a lookup
+      #
+      # acl_portal general id-of functions:
+      #
+      #   case_id_of(table varchar, id integer)
+      #   event_id_of(table varchar, id integer)
+      #   visit_id_of(table varchar, id integer)
+      #
+      # These methods are practically as efficient as using the more
+      # specialized versions above
+      #
+      # Returns null if not found. Note that the record has to exists because
+      # we access it to read the foreign keys
+      #
       # TODO: ACL checks so that a user can't get IDs of other users' records
       def generate
         # Find chains
@@ -44,46 +80,24 @@ module MkAcl
 #     # SQL sequence of spec file tables
 #     def table_seq() @table_seq ||= spec.tables.map(&:uid).join(', ') end
 
-      # Generate a set of per-table functions that returns the associated
-      # case_id/event_id/vist_id for the given record. The Functions are
-      # generated for each table in the spec file
-      #
-      # The geneated functions are
-      #
-      #   case_id_of_RECORD(id integer)
-      #   event_id_of_RECORD(id integer)
-      #   domain_id_of_RECORD(id integer)
-      #
-      # and the record variants
-      #
-      #   case_id_of_RECORD(r record)
-      #   event_id_of_RECORD(r record)
-      #   domain_id_of_RECORD(r record)
-      #
-      # 'RECORD' is substituted with the record name of a table. Record names
-      # are the singular name of a table. TODO: Make it plural again
-      #
-      # The domain functions returns event_id if related to an event and
-      # case_id if not. It is meant to return the most specialized domin id for
-      # a record. TODO Is it used?
-      #
-      # Returns null if not found. Note that the record has to exists because
-      # we access it to read the foreign keys
+      # Generate
+      #   case_id_of_RECORD(object_id integer)
+      #   event_id_of_RECORD(object_id integer)
+      #   visit_id_of_RECORD(object_id integer)
       #
       def generate_per_table_id_functions
-        # Generate functions by domain
-        for domain in DOMAINS
+        for domain in DOMAINS # Generate functions by domain
 
           # Create the identity functions first. The identity functions are
           # case_id_of_case() and event_id_of_event(). This makes some stuff
           # easier later on
           table = "#{domain}s"
           id_field = "#{domain}_id"
-          signature = "#{acl_schema}.#{id_field}_of_#{domain}(_id integer)"
+          signature = "#{app_schema}.#{id_field}_of_#{domain}(_object_id integer)"
           puts %(
             drop function if exists #{signature} cascade;
             create function #{signature} returns integer as $$
-              select _id;
+              select _object_id;
             $$ language sql
               set search_path to ''; -- intentionally empty
           ).align
@@ -120,47 +134,43 @@ module MkAcl
           end
         end
 
-        # Tables that references visits, events, and cases
-        visit_tables = chains['visits'].map(&:first)
-
-        # Tables that references events and cases
-        event_tables = chains['events'].map(&:first) - visit_tables
-
-        # Tables that references only cases
-        case_tables = chains['cases'].map(&:first) - event_tables
-
-        # Create domain functions
-        for domain, tables in { case: case_tables, event: event_tables, visit: visit_tables }
-          for table_name in tables
-            record_name = Prick::Inflector.singularize(table_name)
-            signature = "#{acl_schema}.domain_id_of_#{record_name}(_id integer)"
-            domain_function = "#{acl_schema}.#{domain}_id_of_#{record_name}"
-            puts %(
-              drop function if exists #{signature} cascade;
-              create function #{signature} returns integer as $$
-                select #{domain_function}(_id);
-              $$ language sql
-                set search_path to ''; -- intentionally empty
-            ).align
-            puts
-          end
-        end
+#       # Tables that references visits, events, and cases
+#       visit_tables = chains['visits'].map(&:first)
+#
+#       # Tables that references events and cases
+#       event_tables = chains['events'].map(&:first) - visit_tables
+#
+#       # Tables that references only cases
+#       case_tables = chains['cases'].map(&:first) - event_tables
+#
+#       # Create domain functions
+#       for domain, tables in { case: case_tables, event: event_tables, visit: visit_tables }
+#         for table_name in tables
+#           record_name = Prick::Inflector.singularize(table_name)
+#           signature = "#{acl_schema}.domain_id_of_#{record_name}(_object_id integer)"
+#           domain_function = "#{acl_schema}.#{domain}_id_of_#{record_name}"
+#           puts %(
+#             drop function if exists #{signature} cascade;
+#             create function #{signature} returns integer as $$
+#               select #{domain_function}(_object_id);
+#             $$ language sql
+#               set search_path to ''; -- intentionally empty
+#           ).align
+#           puts
+#         end
+#       end
       end
 
-      # Generate general case/event id-of functions:
-      #
+      # Generate
       #   case_id_of(table varchar, id integer)
       #   event_id_of(table varchar, id integer)
-      #   domain_id_of(table varchar, id integer)
-      #
-      # These methods are practically as efficient as using the more
-      # specialized versions above
+      #   visit_id_of(table varchar, id integer)
       #
       def generate_general_id_functions
         for domain in DOMAINS
           domain_table = Prick::Inflector.pluralize(domain)
           field = "#{domain}_id"
-          signature = "#{acl_schema}.#{field}_of(_table varchar, _id integer)"
+          signature = "#{acl_schema}.#{field}_of(_table varchar, _object_id integer)"
 
           puts %(
             drop function if exists #{signature} cascade;
@@ -173,11 +183,11 @@ module MkAcl
               for table_name in chains[domain_table].map(&:first)
                 record_name = Prick::Inflector.singularize(table_name)
                 function_name = "#{field}_of_#{record_name}"
-                puts "when '#{table_name}' then #{acl_schema}.#{function_name}(_id)"
+                puts "when '#{table_name}' then #{acl_schema}.#{function_name}(_object_id)"
               end
-              puts "when 'cases' then _id"
-              puts "when 'events' then _id"
-              puts "when 'visits' then _id"
+              puts "when 'cases' then _object_id"
+              puts "when 'events' then _object_id"
+              puts "when 'visits' then _object_id"
               puts "else null"
             }
             puts "end case;"
@@ -185,34 +195,13 @@ module MkAcl
           puts "$$ language sql;"
           puts
         end
-
-        signature = "#{acl_schema}.domain_id_of(_table varchar, _id integer)"
-        puts %(
-          -- FIXME: Ugly implementation
-          drop function if exists #{signature} cascade;
-          create function #{signature} returns integer as $$
-            select coalesce(
-              acl_portal.visit_id_of(_table, _id),
-              acl_portal.event_id_of(_table, _id),
-              acl_portal.case_id_of(_table, _id)
-            );
-          $$ language sql;
-        ).align
-        puts
       end
 
-      # General domain-id-of-record functions
-      #
+      # Generate
       #   case_id_of(r record)
       #   event_id_of(r record)
       #   domain_id_of(r record)
       #
-      # Returns the case, event, or visit id associated with the given record.
-      # The record should be an ACL table record type
-      #
-      # Very useful in before insert triggers because it takes a record (eg.
-      # NEW) instead of an ID
-      #
       def generate_general_id_of_record_functions
         links = (conn.structs %(
           select
@@ -276,22 +265,22 @@ module MkAcl
           puts
         end
 
-        signature = "#{acl_schema}.domain_id_of(_r record)"
-        puts %(
-          -- Note: Ugly implementation but maybe close to optimal
-          drop function if exists #{signature} cascade;
-          create function #{signature} returns integer as $$
-            declare
-              _id integer;
-            begin
-              select coalesce(acl_portal.visit_id_of(_r), acl_portal.event_id_of(_r), acl_portal.case_id_of(_r))
-                into _id;
-              return _id;
-            end;
-          $$ language plpgsql
-            set search_path to ''; -- intentionally ''
-        ).align
-        puts
+#       signature = "#{acl_schema}.domain_id_of(_r record)"
+#       puts %(
+#         -- Note: Ugly implementation but maybe close to optimal
+#         drop function if exists #{signature} cascade;
+#         create function #{signature} returns integer as $$
+#           declare
+#             _object_id integer;
+#           begin
+#             select coalesce(acl_portal.visit_id_of(_r), acl_portal.event_id_of(_r), acl_portal.case_id_of(_r))
+#               into _object_id;
+#             return _object_id;
+#           end;
+#         $$ language plpgsql
+#           set search_path to ''; -- intentionally ''
+#       ).align
+#       puts
       end
     end
   end