oso-oso 0.23.0 → 0.26.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 1e323fdc380d0763cb3b4d84618fb81c3b6957a8
-  data.tar.gz: 8571c1594862ec12dd1ed9bbbc49dec49a71567b
+  metadata.gz: 9c6a70f052d3142dbaf1f8d9c699a7f3c6697060
+  data.tar.gz: 9820ca345e2b1bb85c31183a3f43a1748d412d77
 SHA512:
-  metadata.gz: 451a25cd51d463002223839c152a96aed018b958b0619103c8a7ad2e7e31fe4bab05ffded087ecde46036849b07d5f7ab34b5e8a5b2f6d761a741fe255c817a6
-  data.tar.gz: 2ccbcd09c12aeeedc86ce473b8f76439bc576016fb087dbbf9b8279c7a14128847130492698c37bdc76be2da5792fc674ee2be384e12f6f787c738fa5539cc6e
+  metadata.gz: '08cabc94530a44164fef27de25cac7477fc8906b6a4766197b003c4f629332ce4a24b88fc96e7fa78e305c23f0e16f0f5df5481bc7ffb82e5c51a9ffb7cd260c'
+  data.tar.gz: f534eec40e00a8c10dc9379843e8b08dc4bc95bd6526e4c00e0a88aaca11877b31bf643d82e934fe0b01ccdb1d957ae25c3fa069875e46ea7765634313bd43ec

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    oso-oso (0.23.0)
+    oso-oso (0.26.0)
       ffi (~> 1.0)
 
 GEM
@@ -21,14 +21,14 @@ GEM
     arel (9.0.0)
     ast (2.4.2)
     backport (1.2.0)
-    benchmark (0.1.1)
+    benchmark (0.2.0)
     byebug (11.1.3)
     coderay (1.1.3)
     concurrent-ruby (1.1.9)
     diff-lcs (1.4.4)
     e2mmap (0.1.0)
     ffi (1.15.4)
-    i18n (1.8.10)
+    i18n (1.8.11)
       concurrent-ruby (~> 1.0)
     jaro_winkler (1.5.4)
     maruku (0.7.3)
@@ -49,7 +49,7 @@ GEM
     rainbow (3.0.0)
     rake (12.3.3)
     regexp_parser (2.1.1)
-    reverse_markdown (2.0.0)
+    reverse_markdown (2.1.1)
       nokogiri
     rexml (3.2.5)
     rspec (3.10.0)
@@ -64,7 +64,7 @@ GEM
     rspec-mocks (3.10.2)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.10.0)
-    rspec-support (3.10.2)
+    rspec-support (3.10.3)
     rubocop (0.89.1)
       parallel (~> 1.10)
       parser (>= 2.7.1.1)
@@ -97,12 +97,13 @@ GEM
     tilt (2.0.10)
     tzinfo (1.2.9)
       thread_safe (~> 0.1)
-    unicode-display_width (1.7.0)
+    unicode-display_width (1.8.0)
     yard (0.9.26)
 
 PLATFORMS
   ruby
   x86_64-darwin-20
+  x86_64-linux
 
 DEPENDENCIES
   activerecord

data/Makefile

@@ -7,7 +7,7 @@ install:
 	bundle install
 
 test: install rust
-	bundle exec rake spec
+	POLAR_IGNORE_NO_ALLOW_WARNING=1 bundle exec rake spec
 
 lint: install
 	bundle exec rubocop

data/lib/oso/oso.rb

@@ -181,27 +181,8 @@ module Oso
     # @param resource_cls The resource being accessed.
     #
     # @return A query for resources accessible to the actor.
-    def authorized_query(actor, action, resource_cls) # rubocop:disable Metrics/MethodLength
-      resource = Polar::Variable.new 'resource'
-
-      results = query_rule(
-        'allow',
-        actor,
-        action,
-        resource,
-        bindings: { 'resource' => type_constraint(resource, resource_cls) },
-        accept_expression: true
-      )
-
-      results = results.each_with_object([]) do |result, out|
-        result.each do |key, val|
-          out.push({ 'bindings' => { key => host.to_polar(val) } })
-        end
-      end
-
-      ::Oso::Polar::DataFiltering::FilterPlan
-        .parse(self, results, get_class_name(resource_cls))
-        .build_query
+    def authorized_query(actor, action, resource_cls)
+      new_authorized_query(actor, action, resource_cls)
     end
 
     # Determine the resources of type +resource_cls+ that +actor+
@@ -213,20 +194,11 @@ module Oso
     #
     # @return A list of resources accessible to the actor.
     def authorized_resources(actor, action, resource_cls)
-      q = authorized_query actor, action, resource_cls
-      return [] if q.nil?
-
-      host.types[get_class_name resource_cls].exec_query[q]
+      host.adapter.execute_query authorized_query(actor, action, resource_cls)
     end
 
-    # Register default values for data filtering query functions.
-    # These can be overridden by passing specific implementations to
-    # `register_class` or by defining `build_query`, `exec_query` and
-    # `combine_query` methods on the class object.
-    def set_data_filtering_query_defaults(build_query: nil, exec_query: nil, combine_query: nil)
-      host.build_query = build_query if build_query
-      host.exec_query = exec_query if exec_query
-      host.combine_query = combine_query if combine_query
+    def data_filtering_adapter=(adapter)
+      host.adapter = adapter
     end
   end
 end

data/lib/oso/polar/data/adapter/active_record_adapter.rb

@@ -0,0 +1,57 @@
+# frozen_string_literal: true
+
+module Oso
+  module Polar
+    module Data
+      class Adapter
+        # Example data filtering adapter for ActiveRecord
+        class ActiveRecordAdapter < Adapter
+          def build_query(filter) # rubocop:disable Metrics/AbcSize, Metrics/MethodLength
+            types = filter.types
+            query = filter.relations.reduce(filter.model.all) do |q, rel|
+              rec = types[rel.left].fields[rel.name]
+              q.joins(
+                "INNER JOIN #{rel.right.table_name} ON " \
+                "#{rel.left.table_name}.#{rec.my_field} = " \
+                "#{rel.right.table_name}.#{rec.other_field}"
+              )
+            end
+
+            filter.conditions.map do |conjs|
+              conjs.reduce(query) do |q, conj|
+                q.where(*sqlize(conj))
+              end
+            end.reduce(:or).distinct
+          end
+
+          def execute_query(query)
+            query.to_a
+          end
+
+          OPS = {
+            'Eq' => '=', 'In' => 'IN', 'Nin' => 'NOT IN', 'Neq' => '!=',
+            'Lt' => '<', 'Gt' => '>', 'Leq' => '<=', 'Geq' => '>='
+          }.freeze
+
+          private
+
+          def sqlize(cond)
+            args = []
+            lhs = add_side cond.left, args
+            rhs = add_side cond.right, args
+            args.unshift "#{lhs} #{OPS[cond.cmp]} #{rhs}"
+          end
+
+          def add_side(side, args)
+            if side.is_a? ::Oso::Polar::Data::Filter::Projection
+              "#{side.source.table_name}.#{side.field || side.source.primary_key}"
+            else
+              args.push side
+              '?'
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/oso/polar/data/adapter.rb

@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+
+module Oso
+  module Polar
+    module Data
+      # Abstract data adapter
+      #
+      # An Adapter has to implement two methods.
+      class Adapter
+        # Make a query object from a filter
+        def build_query(_filter)
+          raise "build_query not implemented for #{self}"
+        end
+
+        # Make a list of objects from a query
+        def execute_query(_query)
+          raise "execute_query not implemented for #{self}"
+        end
+      end
+    end
+  end
+end

data/lib/oso/polar/data/filter.rb

@@ -0,0 +1,59 @@
+# frozen_string_literal: true
+
+module Oso
+  module Polar
+    # Data filtering interface for Ruby
+    module Data
+      # Abstract data filter used by the Adapter API.
+      class Filter
+        attr_reader :model, :relations, :conditions, :types
+
+        def initialize(model:, relations:, conditions:, types:)
+          @model = model
+          @relations = relations
+          @conditions = conditions
+          @types = types
+        end
+
+        def self.parse(polar, blob)
+          types = polar.host.types
+          model = types[blob['root']].klass.get
+          relations = blob['relations'].map do |rel|
+            Relation.parse(polar, *rel)
+          end
+          conditions = blob['conditions'].map do |disj|
+            disj.map { |conj| Condition.parse(polar, *conj) }
+          end
+          new(model: model, relations: relations, conditions: conditions, types: types)
+        end
+
+        Projection = Struct.new(:source, :field)
+
+        Relation = Struct.new(:left, :name, :right) do
+          def self.parse(polar, left, name, right)
+            Relation.new(polar.name_to_class(left), name, polar.name_to_class(right))
+          end
+        end
+
+        Condition = Struct.new(:left, :cmp, :right) do
+          def self.parse(polar, left, cmp, right)
+            Condition.new(parse_side(polar, left), cmp, parse_side(polar, right))
+          end
+
+          def self.parse_side(polar, side)
+            key = side.keys.first
+            val = side[key]
+            case key
+            when 'Field'
+              Projection.new(polar.name_to_class(val[0]), val[1])
+            when 'Immediate'
+              polar.host.to_ruby('value' => [[val.keys.first, val.values.first]])
+            else
+              raise key
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/oso/polar/data.rb

@@ -0,0 +1,4 @@
+# frozen_string_literal: true
+
+require_relative 'data/adapter'
+require_relative 'data/filter'

data/lib/oso/polar/data_filtering.rb

@@ -4,110 +4,6 @@ module Oso
   module Polar
     # Data filtering interface for Ruby
     module DataFiltering
-      GETATTR = ->(x, attr) { attr.nil? ? x : x.send(attr) }
-      # Represents a set of filter sequences that should allow the host
-      # to obtain the records satisfying a query.
-      class FilterPlan
-        attr_reader :result_sets
-
-        def self.parse(polar, partials, class_name)
-          types = polar.host.serialize_types
-          parsed_json = polar.ffi.build_filter_plan(types, partials, 'resource', class_name)
-          result_sets = parsed_json['result_sets'].map do |rset|
-            ResultSet.parse polar, rset
-          end
-
-          new polar: polar, result_sets: result_sets
-        end
-
-        def initialize(polar:, result_sets:)
-          @polar = polar
-          @result_sets = result_sets
-        end
-
-        def build_query # rubocop:disable Metrics/MethodLength, Metrics/AbcSize
-          combine = nil
-          result_sets.each_with_object([]) do |rs, qb|
-            rs.resolve_order.each_with_object({}) do |i, set_results|
-              req = rs.requests[i]
-              cs = req.ground(set_results)
-              typ = @polar.host.types[req.class_tag]
-              q = typ.build_query[cs]
-              if i != rs.result_id
-                set_results[i] = typ.exec_query[q]
-              else
-                combine = typ.combine_query
-                qb.push q
-              end
-            end
-          end.reduce(&combine)
-        end
-
-        # Represents a sequence of filters for one set of results
-        class ResultSet
-          attr_reader :requests, :resolve_order, :result_id
-
-          def self.parse(polar, parsed_json)
-            resolve_order = parsed_json['resolve_order']
-            result_id = parsed_json['result_id']
-            requests = parsed_json['requests'].each_with_object({}) do |req, reqs|
-              reqs[req[0].to_i] = Request.parse(polar, req[1])
-            end
-
-            new resolve_order: resolve_order, result_id: result_id, requests: requests
-          end
-
-          def initialize(requests:, resolve_order:, result_id:)
-            @resolve_order = resolve_order
-            @requests = requests
-            @result_id = result_id
-          end
-        end
-
-        # Represents a filter for a result set
-        class Request
-          attr_reader :constraints, :class_tag
-
-          def self.parse(polar, parsed_json)
-            @polar = polar
-            constraints = parsed_json['constraints'].map do |con|
-              Filter.parse polar, con
-            end
-            class_tag = parsed_json['class_tag']
-
-            new(constraints: constraints, class_tag: class_tag)
-          end
-
-          def ground(results) # rubocop:disable Metrics/MethodLength, Metrics/CyclomaticComplexity, Metrics/AbcSize, Metrics/PerceivedComplexity
-            xrefs, rest = constraints.partition do |c|
-              c.value.is_a?(Ref) and !c.value.result_id.nil?
-            end
-
-            yrefs, nrefs = xrefs.partition { |r| %w[In Eq].include? r.kind }
-            [[yrefs, 'In'], [nrefs, 'Nin']].each do |refs, kind|
-              refs.group_by { |f| f.value.result_id }.each do |rid, fils|
-                if fils.length > 1
-                  value = results[rid].map { |r| fils.map { |f| GETATTR[r, f.value.field] } }
-                  field = fils.map(&:field)
-                  rest.push(Filter.new(kind: kind, value: value, field: field))
-                else
-                  fil = fils[0]
-                  field = fil.value.field
-                  value = results[rid].map { |r| field.nil? ? r : r.send(field) }
-                  rest.push(Filter.new(kind: kind, field: fil.field, value: value))
-                end
-              end
-            end
-            rest
-          end
-
-          def initialize(constraints:, class_tag:)
-            @constraints = constraints
-            @class_tag = class_tag
-          end
-        end
-      end
-
       # Represents relationships between resources, eg. one-one or one-many
       class Relation
         attr_reader :kind, :other_type, :my_field, :other_field
@@ -124,92 +20,6 @@ module Oso
           @other_field = other_field
         end
       end
-
-      # Represents field-field relationships on one resource.
-      class Field
-        attr_reader :field
-
-        def initialize(field:)
-          @field = field
-        end
-      end
-
-      # Represents field-field relationships on different resources.
-      class Ref
-        attr_reader :field, :result_id
-
-        def initialize(field:, result_id:)
-          @field = field
-          @result_id = result_id
-        end
-      end
-
-      # Represents a condition that must hold on a resource.
-      class Filter
-        attr_reader :kind, :field, :value
-
-        CHECKS = {
-          'Eq' => ->(a, b) { a == b },
-          'In' => ->(a, b) { b.include? a },
-          'Neq' => ->(a, b) { a != b },
-          'Nin' => ->(a, b) { !b.include?(a) },
-          'Contains' => ->(a, b) { a.include? b }
-        }.freeze
-
-        # Create a new predicate for data filtering.
-        # @param kind [String] Represents a condition. One of "Eq", "Neq", "In", "Contains".
-        # @param field The field the condition applies to.
-        # @param value The value with which to compare the field according to the condition.
-        def initialize(kind:, field:, value:)
-          @kind = kind
-          @field = field
-          @value = value
-        end
-
-        def ground(results)
-          return unless value.is_a? Ref
-
-          ref = value
-          @value = results[ref.result_id]
-          @value = value.map { |v| v.send ref.field } unless ref.field.nil?
-        end
-
-        def check(item) # rubocop:disable Metrics/AbcSize
-          val = value.is_a?(Field) ? item.send(value.field) : value
-          item = if field.nil?
-                   item
-                 elsif field.is_a? Array
-                   field.map { |f| GETATTR[item, f] }
-                 else
-                   item.send field
-                 end
-          CHECKS[@kind][item, val]
-        end
-
-        def self.parse(polar, constraint) # rubocop:disable Metrics/AbcSize, Metrics/MethodLength
-          kind = constraint['kind']
-          field = constraint['field']
-          value = constraint['value']
-
-          value_kind = value.keys.first
-          value = value[value_kind]
-
-          case value_kind
-          when 'Term'
-            value = polar.host.to_ruby value
-          when 'Ref'
-            child_field = value['field']
-            result_id = value['result_id']
-            value = Ref.new field: child_field, result_id: result_id
-          when 'Field'
-            value = Field.new field: value
-          else
-            raise "Unknown value kind `#{value_kind}`"
-          end
-
-          new kind: kind, field: field, value: value
-        end
-      end
     end
   end
 end

data/lib/oso/polar/errors.rb

@@ -26,7 +26,6 @@ module Oso
     class UnsupportedError < PolarRuntimeError; end
     class PolarTypeError < PolarRuntimeError; end
     class StackOverflowError < PolarRuntimeError; end
-    class FileLoadingError < PolarRuntimeError; end
 
     # Errors originating from this side of the FFI boundary.
 

data/lib/oso/polar/expression.rb

@@ -4,7 +4,7 @@ module Oso
   module Polar
     # Polar expression.
     class Expression
-      attr_reader :operator, :args
+      attr_accessor :operator, :args
 
       # @param operator [String]
       # @param args [Array<Object>]

data/lib/oso/polar/ffi/error.rb

@@ -6,29 +6,13 @@ module Oso
   module Polar
     module FFI
       # Wrapper class for Error FFI pointer + operations.
-      class Error < ::FFI::AutoPointer
-        def to_s
-          @to_s ||= read_string.force_encoding('UTF-8')
-        end
-
-        Rust = Module.new do
-          extend ::FFI::Library
-          ffi_lib FFI::LIB_PATH
-
-          attach_function :get, :polar_get_error, [], Error
-          attach_function :free, :string_free, [Error], :int32
-        end
-        private_constant :Rust
-
+      class Error
         # Check for an FFI error and convert it into a Ruby exception.
         #
         # @return [::Oso::Polar::Error] if there's an FFI error.
         # @return [::Oso::Polar::FFIErrorNotFound] if there isn't one.
-        def self.get(enrich_message) # rubocop:disable Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/MethodLength, Metrics/PerceivedComplexity
-          error = Rust.get
-          return ::Oso::Polar::FFIErrorNotFound if error.null?
-
-          error = JSON.parse(error.to_s)
+        def self.get(error_str, enrich_message) # rubocop:disable Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/MethodLength, Metrics/PerceivedComplexity
+          error = JSON.parse(error_str.to_s)
           msg = error['formatted']
           kind, body = error['kind'].first
 
@@ -90,7 +74,7 @@ module Oso
         # @param msg [String]
         # @param details [Hash<String, Object>]
         # @return [::Oso::Polar::PolarRuntimeError] the object converted into the expected format.
-        private_class_method def self.runtime_error(kind, msg:, details:) # rubocop:disable Metrics/MethodLength
+        private_class_method def self.runtime_error(kind, msg:, details:)
           case kind
           when 'Unsupported'
             ::Oso::Polar::UnsupportedError.new(msg, details: details)
@@ -98,8 +82,6 @@ module Oso
             ::Oso::Polar::PolarTypeError.new(msg, details: details)
           when 'StackOverflow'
             ::Oso::Polar::StackOverflowError.new(msg, details: details)
-          when 'FileLoading'
-            ::Oso::Polar::FileLoadingError.new(msg, details: details)
           else
             ::Oso::Polar::PolarRuntimeError.new(msg, details: details)
           end