pg_rls 0.0.2.2 → 0.0.2.4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.rubocop.yml +161 -6
- data/Gemfile +4 -2
- data/Gemfile.lock +137 -86
- data/lib/generators/pg_rls/active_record/active_record_generator.rb +3 -3
- data/lib/generators/pg_rls/install_generator.rb +1 -0
- data/lib/generators/templates/pg_rls.rb.tt +7 -0
- data/lib/pg_rls/database/prepared.rb +2 -2
- data/lib/pg_rls/database/tasks/admin_database.rake +2 -2
- data/lib/pg_rls/errors/tenant_not_found.rb +1 -0
- data/lib/pg_rls/schema/solo/statements.rb +24 -0
- data/lib/pg_rls/schema/solo/up_statements.rb +106 -0
- data/lib/pg_rls/schema/statements.rb +4 -4
- data/lib/pg_rls/secure_connection.rb +2 -4
- data/lib/pg_rls/solo/tenant.rb +50 -0
- data/lib/pg_rls/tenant.rb +6 -5
- data/lib/pg_rls/version.rb +1 -1
- data/lib/pg_rls.rb +10 -1
- metadata +5 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 97b8d67f3ffcd5b65cc10db46a9a0b981545881ad1e6ce40152c73feadf18b3f
|
4
|
+
data.tar.gz: fd084b44bc7a6301e196aafeb670071426e8f85bc861a83c1dc7e025386a6ecd
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 461960383dd168e92d23a7d046c9baf521a03dca494f60918cf4712c878ae3d37abd5d3b357c09e59eb4d8cfbbb50b00d18c6110217f2add95f230f767bb58b5
|
7
|
+
data.tar.gz: 0febfe88828a1875c8156a5cd010e5ee25f3b10e7e714e3bbe07233f70e09abb7201ea357f1e22dd3733c48854ef4aa7cfc214775b42365c77ec04a3463113b8
|
data/.rubocop.yml
CHANGED
@@ -1,7 +1,162 @@
|
|
1
|
-
|
2
|
-
|
3
|
-
|
1
|
+
require: rubocop-rspec
|
2
|
+
Gemspec/DeprecatedAttributeAssignment: # new in 1.30
|
3
|
+
Enabled: true
|
4
|
+
Gemspec/RequireMFA: # new in 1.23
|
5
|
+
Enabled: true
|
6
|
+
Layout/LineContinuationLeadingSpace: # new in 1.31
|
7
|
+
Enabled: true
|
8
|
+
Layout/LineContinuationSpacing: # new in 1.31
|
9
|
+
Enabled: true
|
10
|
+
Layout/LineEndStringConcatenationIndentation: # new in 1.18
|
11
|
+
Enabled: true
|
12
|
+
Layout/SpaceBeforeBrackets: # new in 1.7
|
13
|
+
Enabled: true
|
14
|
+
Lint/AmbiguousAssignment: # new in 1.7
|
15
|
+
Enabled: true
|
16
|
+
Lint/AmbiguousOperatorPrecedence: # new in 1.21
|
17
|
+
Enabled: true
|
18
|
+
Lint/AmbiguousRange: # new in 1.19
|
19
|
+
Enabled: true
|
20
|
+
Lint/ConstantOverwrittenInRescue: # new in 1.31
|
21
|
+
Enabled: true
|
22
|
+
Lint/DeprecatedConstants: # new in 1.8
|
23
|
+
Enabled: true
|
24
|
+
Lint/DuplicateBranch: # new in 1.3
|
25
|
+
Enabled: true
|
26
|
+
Lint/DuplicateRegexpCharacterClassElement: # new in 1.1
|
27
|
+
Enabled: true
|
28
|
+
Lint/EmptyBlock: # new in 1.1
|
29
|
+
Enabled: true
|
30
|
+
Lint/EmptyClass: # new in 1.3
|
31
|
+
Enabled: true
|
32
|
+
Lint/EmptyInPattern: # new in 1.16
|
33
|
+
Enabled: true
|
34
|
+
Lint/IncompatibleIoSelectWithFiberScheduler: # new in 1.21
|
35
|
+
Enabled: true
|
36
|
+
Lint/LambdaWithoutLiteralBlock: # new in 1.8
|
37
|
+
Enabled: true
|
38
|
+
Lint/NoReturnInBeginEndBlocks: # new in 1.2
|
39
|
+
Enabled: true
|
40
|
+
Lint/NonAtomicFileOperation: # new in 1.31
|
41
|
+
Enabled: true
|
42
|
+
Lint/NumberedParameterAssignment: # new in 1.9
|
43
|
+
Enabled: true
|
44
|
+
Lint/OrAssignmentToConstant: # new in 1.9
|
45
|
+
Enabled: true
|
46
|
+
Lint/RedundantDirGlobSort: # new in 1.8
|
47
|
+
Enabled: true
|
48
|
+
Lint/RefinementImportMethods: # new in 1.27
|
49
|
+
Enabled: true
|
50
|
+
Lint/RequireRangeParentheses: # new in 1.32
|
51
|
+
Enabled: true
|
52
|
+
Lint/RequireRelativeSelfPath: # new in 1.22
|
53
|
+
Enabled: true
|
54
|
+
Lint/SymbolConversion: # new in 1.9
|
55
|
+
Enabled: true
|
56
|
+
Lint/ToEnumArguments: # new in 1.1
|
57
|
+
Enabled: true
|
58
|
+
Lint/TripleQuotes: # new in 1.9
|
59
|
+
Enabled: true
|
60
|
+
Lint/UnexpectedBlockArity: # new in 1.5
|
61
|
+
Enabled: true
|
62
|
+
Lint/UnmodifiedReduceAccumulator: # new in 1.1
|
63
|
+
Enabled: true
|
64
|
+
Lint/UselessRuby2Keywords: # new in 1.23
|
65
|
+
Enabled: true
|
66
|
+
Naming/BlockForwarding: # new in 1.24
|
67
|
+
Enabled: true
|
68
|
+
Security/CompoundHash: # new in 1.28
|
69
|
+
Enabled: true
|
70
|
+
Security/IoMethods: # new in 1.22
|
71
|
+
Enabled: true
|
72
|
+
Style/ArgumentsForwarding: # new in 1.1
|
73
|
+
Enabled: true
|
74
|
+
Style/CollectionCompact: # new in 1.2
|
75
|
+
Enabled: true
|
76
|
+
Style/DocumentDynamicEvalDefinition: # new in 1.1
|
77
|
+
Enabled: true
|
78
|
+
Style/EmptyHeredoc: # new in 1.32
|
79
|
+
Enabled: true
|
80
|
+
Style/EndlessMethod: # new in 1.8
|
81
|
+
Enabled: true
|
82
|
+
Style/EnvHome: # new in 1.29
|
83
|
+
Enabled: true
|
84
|
+
Style/FetchEnvVar: # new in 1.28
|
85
|
+
Enabled: true
|
86
|
+
Style/FileRead: # new in 1.24
|
87
|
+
Enabled: true
|
88
|
+
Style/FileWrite: # new in 1.24
|
89
|
+
Enabled: true
|
90
|
+
Style/HashConversion: # new in 1.10
|
91
|
+
Enabled: true
|
92
|
+
Style/HashExcept: # new in 1.7
|
93
|
+
Enabled: true
|
94
|
+
Style/IfWithBooleanLiteralBranches: # new in 1.9
|
95
|
+
Enabled: true
|
96
|
+
Style/InPatternThen: # new in 1.16
|
97
|
+
Enabled: true
|
98
|
+
Style/MagicCommentFormat: # new in 1.35
|
99
|
+
Enabled: true
|
100
|
+
Style/MapCompactWithConditionalBlock: # new in 1.30
|
101
|
+
Enabled: true
|
102
|
+
Style/MapToHash: # new in 1.24
|
103
|
+
Enabled: true
|
104
|
+
Style/MultilineInPatternThen: # new in 1.16
|
105
|
+
Enabled: true
|
106
|
+
Style/NegatedIfElseCondition: # new in 1.2
|
107
|
+
Enabled: true
|
108
|
+
Style/NestedFileDirname: # new in 1.26
|
109
|
+
Enabled: true
|
110
|
+
Style/NilLambda: # new in 1.3
|
111
|
+
Enabled: true
|
112
|
+
Style/NumberedParameters: # new in 1.22
|
113
|
+
Enabled: true
|
114
|
+
Style/NumberedParametersLimit: # new in 1.22
|
115
|
+
Enabled: true
|
116
|
+
Style/ObjectThen: # new in 1.28
|
117
|
+
Enabled: true
|
118
|
+
Style/OpenStructUse: # new in 1.23
|
119
|
+
Enabled: true
|
120
|
+
Style/QuotedSymbols: # new in 1.16
|
121
|
+
Enabled: true
|
122
|
+
Style/RedundantArgument: # new in 1.4
|
123
|
+
Enabled: true
|
124
|
+
Style/RedundantInitialize: # new in 1.27
|
125
|
+
Enabled: true
|
126
|
+
Style/RedundantSelfAssignmentBranch: # new in 1.19
|
127
|
+
Enabled: true
|
128
|
+
Style/SelectByRegexp: # new in 1.22
|
129
|
+
Enabled: true
|
130
|
+
Style/StringChars: # new in 1.12
|
131
|
+
Enabled: true
|
132
|
+
Style/SwapValues: # new in 1.1
|
133
|
+
Enabled: true
|
134
|
+
RSpec/BeEq: # new in 2.9.0
|
135
|
+
Enabled: true
|
136
|
+
RSpec/BeNil: # new in 2.9.0
|
137
|
+
Enabled: true
|
138
|
+
RSpec/ChangeByZero: # new in 2.11.0
|
139
|
+
Enabled: true
|
140
|
+
RSpec/ExcessiveDocstringSpacing: # new in 2.5
|
141
|
+
Enabled: true
|
142
|
+
RSpec/IdenticalEqualityAssertion: # new in 2.4
|
143
|
+
Enabled: true
|
144
|
+
RSpec/SubjectDeclaration: # new in 2.5
|
145
|
+
Enabled: true
|
146
|
+
RSpec/VerifiedDoubleReference: # new in 2.10.0
|
147
|
+
Enabled: true
|
148
|
+
RSpec/Capybara/SpecificMatcher: # new in 2.12
|
149
|
+
Enabled: true
|
150
|
+
RSpec/FactoryBot/SyntaxMethods: # new in 2.7
|
151
|
+
Enabled: true
|
152
|
+
Style/ClassVars:
|
153
|
+
Enabled: false
|
154
|
+
Metrics/BlockLength:
|
4
155
|
Exclude:
|
5
|
-
- lib/
|
6
|
-
|
7
|
-
|
156
|
+
- lib/pg_rls/database/tasks/admin_database.rake
|
157
|
+
Style/GuardClause:
|
158
|
+
Exclude:
|
159
|
+
- lib/generators/pg_rls/active_record/active_record_generator.rb
|
160
|
+
Naming/AccessorMethodName:
|
161
|
+
Exclude:
|
162
|
+
- lib/pg_rls/tenant.rb
|
data/Gemfile
CHANGED
@@ -4,12 +4,14 @@ source 'https://rubygems.org'
|
|
4
4
|
|
5
5
|
# Specify your gem's dependencies in pg_rls.gemspec
|
6
6
|
gemspec
|
7
|
-
ruby '3.1.
|
7
|
+
ruby '3.1.2'
|
8
8
|
|
9
|
-
gem 'rails', '~>
|
9
|
+
gem 'rails', '~> 7.0', '>= 7.0.4'
|
10
10
|
|
11
11
|
gem 'rake'
|
12
12
|
|
13
13
|
gem 'rspec'
|
14
14
|
|
15
15
|
gem 'rubocop'
|
16
|
+
gem 'rubocop-rspec'
|
17
|
+
gem 'solargraph'
|
data/Gemfile.lock
CHANGED
@@ -1,82 +1,98 @@
|
|
1
1
|
PATH
|
2
2
|
remote: .
|
3
3
|
specs:
|
4
|
-
pg_rls (0.0.
|
4
|
+
pg_rls (0.0.2.2)
|
5
5
|
bundler (~> 2.2)
|
6
6
|
|
7
7
|
GEM
|
8
8
|
remote: https://rubygems.org/
|
9
9
|
specs:
|
10
|
-
actioncable (
|
11
|
-
actionpack (=
|
12
|
-
activesupport (=
|
10
|
+
actioncable (7.0.4)
|
11
|
+
actionpack (= 7.0.4)
|
12
|
+
activesupport (= 7.0.4)
|
13
13
|
nio4r (~> 2.0)
|
14
14
|
websocket-driver (>= 0.6.1)
|
15
|
-
actionmailbox (
|
16
|
-
actionpack (=
|
17
|
-
activejob (=
|
18
|
-
activerecord (=
|
19
|
-
activestorage (=
|
20
|
-
activesupport (=
|
15
|
+
actionmailbox (7.0.4)
|
16
|
+
actionpack (= 7.0.4)
|
17
|
+
activejob (= 7.0.4)
|
18
|
+
activerecord (= 7.0.4)
|
19
|
+
activestorage (= 7.0.4)
|
20
|
+
activesupport (= 7.0.4)
|
21
21
|
mail (>= 2.7.1)
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
22
|
+
net-imap
|
23
|
+
net-pop
|
24
|
+
net-smtp
|
25
|
+
actionmailer (7.0.4)
|
26
|
+
actionpack (= 7.0.4)
|
27
|
+
actionview (= 7.0.4)
|
28
|
+
activejob (= 7.0.4)
|
29
|
+
activesupport (= 7.0.4)
|
27
30
|
mail (~> 2.5, >= 2.5.4)
|
31
|
+
net-imap
|
32
|
+
net-pop
|
33
|
+
net-smtp
|
28
34
|
rails-dom-testing (~> 2.0)
|
29
|
-
actionpack (
|
30
|
-
actionview (=
|
31
|
-
activesupport (=
|
32
|
-
rack (~> 2.0, >= 2.0
|
35
|
+
actionpack (7.0.4)
|
36
|
+
actionview (= 7.0.4)
|
37
|
+
activesupport (= 7.0.4)
|
38
|
+
rack (~> 2.0, >= 2.2.0)
|
33
39
|
rack-test (>= 0.6.3)
|
34
40
|
rails-dom-testing (~> 2.0)
|
35
41
|
rails-html-sanitizer (~> 1.0, >= 1.2.0)
|
36
|
-
actiontext (
|
37
|
-
actionpack (=
|
38
|
-
activerecord (=
|
39
|
-
activestorage (=
|
40
|
-
activesupport (=
|
42
|
+
actiontext (7.0.4)
|
43
|
+
actionpack (= 7.0.4)
|
44
|
+
activerecord (= 7.0.4)
|
45
|
+
activestorage (= 7.0.4)
|
46
|
+
activesupport (= 7.0.4)
|
47
|
+
globalid (>= 0.6.0)
|
41
48
|
nokogiri (>= 1.8.5)
|
42
|
-
actionview (
|
43
|
-
activesupport (=
|
49
|
+
actionview (7.0.4)
|
50
|
+
activesupport (= 7.0.4)
|
44
51
|
builder (~> 3.1)
|
45
52
|
erubi (~> 1.4)
|
46
53
|
rails-dom-testing (~> 2.0)
|
47
54
|
rails-html-sanitizer (~> 1.1, >= 1.2.0)
|
48
|
-
activejob (
|
49
|
-
activesupport (=
|
55
|
+
activejob (7.0.4)
|
56
|
+
activesupport (= 7.0.4)
|
50
57
|
globalid (>= 0.3.6)
|
51
|
-
activemodel (
|
52
|
-
activesupport (=
|
53
|
-
activerecord (
|
54
|
-
activemodel (=
|
55
|
-
activesupport (=
|
56
|
-
activestorage (
|
57
|
-
actionpack (=
|
58
|
-
activejob (=
|
59
|
-
activerecord (=
|
60
|
-
activesupport (=
|
58
|
+
activemodel (7.0.4)
|
59
|
+
activesupport (= 7.0.4)
|
60
|
+
activerecord (7.0.4)
|
61
|
+
activemodel (= 7.0.4)
|
62
|
+
activesupport (= 7.0.4)
|
63
|
+
activestorage (7.0.4)
|
64
|
+
actionpack (= 7.0.4)
|
65
|
+
activejob (= 7.0.4)
|
66
|
+
activerecord (= 7.0.4)
|
67
|
+
activesupport (= 7.0.4)
|
61
68
|
marcel (~> 1.0)
|
62
69
|
mini_mime (>= 1.1.0)
|
63
|
-
activesupport (
|
70
|
+
activesupport (7.0.4)
|
64
71
|
concurrent-ruby (~> 1.0, >= 1.0.2)
|
65
72
|
i18n (>= 1.6, < 2)
|
66
73
|
minitest (>= 5.1)
|
67
74
|
tzinfo (~> 2.0)
|
68
|
-
zeitwerk (~> 2.3)
|
69
75
|
ast (2.4.2)
|
76
|
+
backport (1.2.0)
|
77
|
+
benchmark (0.2.0)
|
70
78
|
builder (3.2.4)
|
71
79
|
concurrent-ruby (1.1.10)
|
72
80
|
crass (1.0.6)
|
73
81
|
diff-lcs (1.5.0)
|
74
|
-
|
82
|
+
digest (3.1.0)
|
83
|
+
e2mmap (0.1.0)
|
84
|
+
erubi (1.11.0)
|
75
85
|
globalid (1.0.0)
|
76
86
|
activesupport (>= 5.0)
|
77
|
-
i18n (1.
|
87
|
+
i18n (1.12.0)
|
78
88
|
concurrent-ruby (~> 1.0)
|
79
|
-
|
89
|
+
jaro_winkler (1.5.4)
|
90
|
+
json (2.6.2)
|
91
|
+
kramdown (2.4.0)
|
92
|
+
rexml
|
93
|
+
kramdown-parser-gfm (1.1.0)
|
94
|
+
kramdown (~> 2.0)
|
95
|
+
loofah (2.18.0)
|
80
96
|
crass (~> 1.0.2)
|
81
97
|
nokogiri (>= 1.5.9)
|
82
98
|
mail (2.7.1)
|
@@ -84,46 +100,62 @@ GEM
|
|
84
100
|
marcel (1.0.2)
|
85
101
|
method_source (1.0.0)
|
86
102
|
mini_mime (1.1.2)
|
87
|
-
minitest (5.
|
103
|
+
minitest (5.16.3)
|
104
|
+
net-imap (0.2.3)
|
105
|
+
digest
|
106
|
+
net-protocol
|
107
|
+
strscan
|
108
|
+
net-pop (0.1.1)
|
109
|
+
digest
|
110
|
+
net-protocol
|
111
|
+
timeout
|
112
|
+
net-protocol (0.1.3)
|
113
|
+
timeout
|
114
|
+
net-smtp (0.3.1)
|
115
|
+
digest
|
116
|
+
net-protocol
|
117
|
+
timeout
|
88
118
|
nio4r (2.5.8)
|
89
|
-
nokogiri (1.13.
|
119
|
+
nokogiri (1.13.8-x86_64-linux)
|
90
120
|
racc (~> 1.4)
|
91
121
|
parallel (1.22.1)
|
92
|
-
parser (3.1.1
|
122
|
+
parser (3.1.2.1)
|
93
123
|
ast (~> 2.4.1)
|
94
124
|
racc (1.6.0)
|
95
|
-
rack (2.2.
|
96
|
-
rack-test (
|
97
|
-
rack (>= 1.
|
98
|
-
rails (
|
99
|
-
actioncable (=
|
100
|
-
actionmailbox (=
|
101
|
-
actionmailer (=
|
102
|
-
actionpack (=
|
103
|
-
actiontext (=
|
104
|
-
actionview (=
|
105
|
-
activejob (=
|
106
|
-
activemodel (=
|
107
|
-
activerecord (=
|
108
|
-
activestorage (=
|
109
|
-
activesupport (=
|
125
|
+
rack (2.2.4)
|
126
|
+
rack-test (2.0.2)
|
127
|
+
rack (>= 1.3)
|
128
|
+
rails (7.0.4)
|
129
|
+
actioncable (= 7.0.4)
|
130
|
+
actionmailbox (= 7.0.4)
|
131
|
+
actionmailer (= 7.0.4)
|
132
|
+
actionpack (= 7.0.4)
|
133
|
+
actiontext (= 7.0.4)
|
134
|
+
actionview (= 7.0.4)
|
135
|
+
activejob (= 7.0.4)
|
136
|
+
activemodel (= 7.0.4)
|
137
|
+
activerecord (= 7.0.4)
|
138
|
+
activestorage (= 7.0.4)
|
139
|
+
activesupport (= 7.0.4)
|
110
140
|
bundler (>= 1.15.0)
|
111
|
-
railties (=
|
112
|
-
sprockets-rails (>= 2.0.0)
|
141
|
+
railties (= 7.0.4)
|
113
142
|
rails-dom-testing (2.0.3)
|
114
143
|
activesupport (>= 4.2.0)
|
115
144
|
nokogiri (>= 1.6)
|
116
|
-
rails-html-sanitizer (1.4.
|
145
|
+
rails-html-sanitizer (1.4.3)
|
117
146
|
loofah (~> 2.3)
|
118
|
-
railties (
|
119
|
-
actionpack (=
|
120
|
-
activesupport (=
|
147
|
+
railties (7.0.4)
|
148
|
+
actionpack (= 7.0.4)
|
149
|
+
activesupport (= 7.0.4)
|
121
150
|
method_source
|
122
151
|
rake (>= 12.2)
|
123
152
|
thor (~> 1.0)
|
153
|
+
zeitwerk (~> 2.5)
|
124
154
|
rainbow (3.1.1)
|
125
155
|
rake (13.0.6)
|
126
|
-
regexp_parser (2.
|
156
|
+
regexp_parser (2.5.0)
|
157
|
+
reverse_markdown (2.1.1)
|
158
|
+
nokogiri
|
127
159
|
rexml (3.2.5)
|
128
160
|
rspec (3.11.0)
|
129
161
|
rspec-core (~> 3.11.0)
|
@@ -138,46 +170,65 @@ GEM
|
|
138
170
|
diff-lcs (>= 1.2.0, < 2.0)
|
139
171
|
rspec-support (~> 3.11.0)
|
140
172
|
rspec-support (3.11.0)
|
141
|
-
rubocop (1.
|
173
|
+
rubocop (1.36.0)
|
174
|
+
json (~> 2.3)
|
142
175
|
parallel (~> 1.10)
|
143
|
-
parser (>= 3.1.
|
176
|
+
parser (>= 3.1.2.1)
|
144
177
|
rainbow (>= 2.2.2, < 4.0)
|
145
178
|
regexp_parser (>= 1.8, < 3.0)
|
146
|
-
rexml
|
147
|
-
rubocop-ast (>= 1.
|
179
|
+
rexml (>= 3.2.5, < 4.0)
|
180
|
+
rubocop-ast (>= 1.20.1, < 2.0)
|
148
181
|
ruby-progressbar (~> 1.7)
|
149
182
|
unicode-display_width (>= 1.4.0, < 3.0)
|
150
|
-
rubocop-ast (1.
|
183
|
+
rubocop-ast (1.21.0)
|
151
184
|
parser (>= 3.1.1.0)
|
185
|
+
rubocop-rspec (2.12.1)
|
186
|
+
rubocop (~> 1.31)
|
152
187
|
ruby-progressbar (1.11.0)
|
153
|
-
|
154
|
-
|
155
|
-
|
156
|
-
|
157
|
-
|
158
|
-
|
159
|
-
|
188
|
+
solargraph (0.46.0)
|
189
|
+
backport (~> 1.2)
|
190
|
+
benchmark
|
191
|
+
bundler (>= 1.17.2)
|
192
|
+
diff-lcs (~> 1.4)
|
193
|
+
e2mmap
|
194
|
+
jaro_winkler (~> 1.5)
|
195
|
+
kramdown (~> 2.3)
|
196
|
+
kramdown-parser-gfm (~> 1.1)
|
197
|
+
parser (~> 3.0)
|
198
|
+
reverse_markdown (>= 1.0.5, < 3)
|
199
|
+
rubocop (>= 0.52)
|
200
|
+
thor (~> 1.0)
|
201
|
+
tilt (~> 2.0)
|
202
|
+
yard (~> 0.9, >= 0.9.24)
|
203
|
+
strscan (3.0.4)
|
160
204
|
thor (1.2.1)
|
161
|
-
|
205
|
+
tilt (2.0.11)
|
206
|
+
timeout (0.3.0)
|
207
|
+
tzinfo (2.0.5)
|
162
208
|
concurrent-ruby (~> 1.0)
|
163
|
-
unicode-display_width (2.
|
209
|
+
unicode-display_width (2.2.0)
|
210
|
+
webrick (1.7.0)
|
164
211
|
websocket-driver (0.7.5)
|
165
212
|
websocket-extensions (>= 0.1.0)
|
166
213
|
websocket-extensions (0.1.5)
|
167
|
-
|
214
|
+
yard (0.9.28)
|
215
|
+
webrick (~> 1.7.0)
|
216
|
+
zeitwerk (2.6.0)
|
168
217
|
|
169
218
|
PLATFORMS
|
170
219
|
x86_64-linux
|
171
220
|
|
172
221
|
DEPENDENCIES
|
173
222
|
pg_rls!
|
174
|
-
rails (~>
|
223
|
+
rails (~> 7.0, >= 7.0.4)
|
175
224
|
rake
|
176
225
|
rspec
|
177
226
|
rubocop
|
227
|
+
rubocop-rspec
|
228
|
+
solargraph
|
178
229
|
|
179
230
|
RUBY VERSION
|
180
|
-
ruby 3.1.
|
231
|
+
ruby 3.1.2p20
|
181
232
|
|
182
233
|
BUNDLED WITH
|
183
|
-
2.3.
|
234
|
+
2.3.15
|
@@ -23,7 +23,7 @@ module PgRls
|
|
23
23
|
if creating?
|
24
24
|
migration_template(create_migration_template_path,
|
25
25
|
"#{migration_path}/#{create_file_sub_name}_#{table_name}.rb",
|
26
|
-
migration_version:
|
26
|
+
migration_version:)
|
27
27
|
end
|
28
28
|
end
|
29
29
|
|
@@ -31,13 +31,13 @@ module PgRls
|
|
31
31
|
unless creating?
|
32
32
|
migration_template(convert_migration_template_path,
|
33
33
|
"#{migration_path}/#{convert_file_sub_name}_#{table_name}.rb",
|
34
|
-
migration_version:
|
34
|
+
migration_version:)
|
35
35
|
end
|
36
36
|
|
37
37
|
if installation_in_progress?
|
38
38
|
migration_template('convert_migration_backport.rb.tt',
|
39
39
|
"#{migration_path}/pg_rls_backport_#{table_name}.rb",
|
40
|
-
migration_version:
|
40
|
+
migration_version:)
|
41
41
|
end
|
42
42
|
end
|
43
43
|
|
@@ -19,4 +19,11 @@ PgRls.setup do |config|
|
|
19
19
|
##
|
20
20
|
# config.username = Rails.application.credentials.dig(:database, :username)
|
21
21
|
# config.password = Rails.application.credentials.dig(:database, :password)
|
22
|
+
|
23
|
+
##
|
24
|
+
## Uncomment this lines in order to enable solo mode
|
25
|
+
## Solo mode is made for API mode where we don't want to repeate the same
|
26
|
+
## data structure across many project, Solo mode create a hidden tenant table
|
27
|
+
## which is autopopulated on each request
|
28
|
+
# config.solo_mode = true
|
22
29
|
end
|
@@ -5,14 +5,14 @@ module PgRls
|
|
5
5
|
# Prepare database for test unit
|
6
6
|
module Prepared
|
7
7
|
class << self
|
8
|
-
def grant_user_credentials(name: PgRls.username,
|
8
|
+
def grant_user_credentials(name: PgRls.username, schema: 'public')
|
9
9
|
PgRls.admin_execute <<-SQL
|
10
10
|
DO
|
11
11
|
$do$
|
12
12
|
BEGIN
|
13
13
|
IF NOT EXISTS (
|
14
14
|
SELECT table_catalog, table_schema, table_name, privilege_type
|
15
|
-
FROM information_schema.table_privileges
|
15
|
+
FROM information_schema.table_privileges
|
16
16
|
WHERE grantee = '#{name}'
|
17
17
|
) THEN
|
18
18
|
GRANT ALL PRIVILEGES ON TABLE schema_migrations TO #{name};
|
@@ -12,11 +12,11 @@ def alias_task(fq_name)
|
|
12
12
|
Rake.application.alias_task(fq_name)
|
13
13
|
end
|
14
14
|
|
15
|
-
def override_task(*args, &
|
15
|
+
def override_task(*args, &)
|
16
16
|
name, _params, _deps = Rake.application.resolve_args(args.dup)
|
17
17
|
fq_name = Rake.application.instance_variable_get(:@scope).to_a.reverse.push(name).join(':')
|
18
18
|
alias_task(fq_name)
|
19
|
-
Rake::Task.define_task(*args, &
|
19
|
+
Rake::Task.define_task(*args, &)
|
20
20
|
end
|
21
21
|
|
22
22
|
namespace :db do
|
@@ -0,0 +1,24 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require_relative '../statements'
|
4
|
+
require_relative './up_statements'
|
5
|
+
|
6
|
+
module PgRls
|
7
|
+
module Schema
|
8
|
+
module Solo
|
9
|
+
# Schema Solo Statements
|
10
|
+
module Statements
|
11
|
+
include PgRls::Schema::Statements
|
12
|
+
include PgRls::Schema::Solo::UpStatements
|
13
|
+
|
14
|
+
def create_rls_table(table_name, **options, &)
|
15
|
+
setup_rls_tenant_table
|
16
|
+
create_table(table_name, **options, &)
|
17
|
+
add_rls_column(table_name)
|
18
|
+
create_rls_policy(table_name)
|
19
|
+
append_trigger_function(table_name)
|
20
|
+
end
|
21
|
+
end
|
22
|
+
end
|
23
|
+
end
|
24
|
+
end
|
@@ -0,0 +1,106 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module PgRls
|
4
|
+
module Schema
|
5
|
+
module Solo
|
6
|
+
# Up Schema Solo Statements
|
7
|
+
module UpStatements
|
8
|
+
def setup_rls_tenant_table
|
9
|
+
ActiveRecord::Migration.execute <<-SQL
|
10
|
+
DO
|
11
|
+
$do$
|
12
|
+
BEGIN
|
13
|
+
IF NOT EXISTS (
|
14
|
+
SELECT FROM pg_tables
|
15
|
+
WHERE schemaname = 'public' AND tablename = '#{PgRls.table_name}') THEN
|
16
|
+
#{create_rls_user}
|
17
|
+
#{create_rls_setter_function}
|
18
|
+
#{create_rls_blocking_function}
|
19
|
+
#{create_rls_solo_tenant_table}
|
20
|
+
#{append_blocking_function}
|
21
|
+
END IF;
|
22
|
+
END;
|
23
|
+
$do$;
|
24
|
+
SQL
|
25
|
+
end
|
26
|
+
|
27
|
+
def create_rls_user(name: PgRls.username, password: PgRls.password, schema: 'public')
|
28
|
+
<<~SQL
|
29
|
+
-- Grant Role Permissions
|
30
|
+
BEGIN
|
31
|
+
IF NOT EXISTS (
|
32
|
+
SELECT FROM pg_catalog.pg_roles -- SELECT list can be empty for this
|
33
|
+
WHERE rolname = '#{name}') THEN
|
34
|
+
|
35
|
+
CREATE USER #{name} WITH PASSWORD '#{password}';
|
36
|
+
END IF;
|
37
|
+
GRANT ALL PRIVILEGES ON TABLE schema_migrations TO #{name};
|
38
|
+
GRANT USAGE ON SCHEMA #{schema} TO #{name};
|
39
|
+
ALTER DEFAULT PRIVILEGES IN SCHEMA #{schema}
|
40
|
+
GRANT USAGE, SELECT
|
41
|
+
ON SEQUENCES TO #{name};
|
42
|
+
ALTER DEFAULT PRIVILEGES IN SCHEMA #{schema}
|
43
|
+
GRANT SELECT, INSERT, UPDATE, DELETE
|
44
|
+
ON TABLES TO #{name};
|
45
|
+
GRANT SELECT, INSERT, UPDATE, DELETE
|
46
|
+
ON ALL TABLES IN SCHEMA #{schema}
|
47
|
+
TO #{name};
|
48
|
+
GRANT USAGE, SELECT
|
49
|
+
ON ALL SEQUENCES IN SCHEMA #{schema}
|
50
|
+
TO #{name};
|
51
|
+
END;
|
52
|
+
SQL
|
53
|
+
end
|
54
|
+
|
55
|
+
def create_rls_setter_function
|
56
|
+
<<~SQL
|
57
|
+
-- Create RLS Setter Function
|
58
|
+
CREATE OR REPLACE FUNCTION tenant_id_setter ()
|
59
|
+
RETURNS TRIGGER LANGUAGE plpgsql AS $$
|
60
|
+
BEGIN
|
61
|
+
IF NOT EXISTS (
|
62
|
+
SELECT FROM #{PgRls.table_name}
|
63
|
+
WHERE tenant_id = (current_setting('rls.tenant_id'))::uuid
|
64
|
+
) THEN
|
65
|
+
INSERT INTO #{PgRls.table_name} (tenant_id)
|
66
|
+
VALUES ((current_setting('rls.tenant_id'))::uuid);
|
67
|
+
END IF;
|
68
|
+
|
69
|
+
NEW.tenant_id:= (current_setting('rls.tenant_id'));
|
70
|
+
RETURN NEW;
|
71
|
+
END $$;
|
72
|
+
SQL
|
73
|
+
end
|
74
|
+
|
75
|
+
def create_rls_blocking_function
|
76
|
+
<<~SQL
|
77
|
+
-- Create RLS Blocking Function
|
78
|
+
CREATE OR REPLACE FUNCTION id_safe_guard ()
|
79
|
+
RETURNS TRIGGER LANGUAGE plpgsql AS $$
|
80
|
+
BEGIN
|
81
|
+
RAISE EXCEPTION 'This column is guarded due to tenancy dependency';
|
82
|
+
END $$;
|
83
|
+
SQL
|
84
|
+
end
|
85
|
+
|
86
|
+
def create_rls_solo_tenant_table
|
87
|
+
<<~SQL
|
88
|
+
-- Create Tenant Table
|
89
|
+
CREATE TABLE #{PgRls.table_name} (
|
90
|
+
tenant_id uuid PRIMARY KEY
|
91
|
+
);
|
92
|
+
SQL
|
93
|
+
end
|
94
|
+
|
95
|
+
def append_blocking_function
|
96
|
+
<<~SQL
|
97
|
+
-- Append Blocking Function
|
98
|
+
CREATE TRIGGER id_safe_guard
|
99
|
+
BEFORE UPDATE OF tenant_id ON #{PgRls.table_name}
|
100
|
+
FOR EACH ROW EXECUTE PROCEDURE id_safe_guard();
|
101
|
+
SQL
|
102
|
+
end
|
103
|
+
end
|
104
|
+
end
|
105
|
+
end
|
106
|
+
end
|
@@ -10,17 +10,17 @@ module PgRls
|
|
10
10
|
include UpStatements
|
11
11
|
include DownStatements
|
12
12
|
|
13
|
-
def create_rls_tenant_table(table_name, **options, &
|
13
|
+
def create_rls_tenant_table(table_name, **options, &)
|
14
14
|
create_rls_user
|
15
15
|
create_rls_setter_function
|
16
16
|
create_rls_blocking_function
|
17
|
-
create_table(table_name, **options, &
|
17
|
+
create_table(table_name, **options, &)
|
18
18
|
add_rls_column_to_tenant_table(table_name)
|
19
19
|
append_blocking_function(table_name)
|
20
20
|
end
|
21
21
|
|
22
|
-
def create_rls_table(table_name, **options, &
|
23
|
-
create_table(table_name, **options, &
|
22
|
+
def create_rls_table(table_name, **options, &)
|
23
|
+
create_table(table_name, **options, &)
|
24
24
|
add_rls_column(table_name)
|
25
25
|
create_rls_policy(table_name)
|
26
26
|
append_trigger_function(table_name)
|
@@ -15,11 +15,9 @@ module PgRls
|
|
15
15
|
PgRls.current_connection_username == PgRls.username
|
16
16
|
end
|
17
17
|
|
18
|
-
def self.included(
|
18
|
+
def self.included(base)
|
19
19
|
establish_secure_connection
|
20
|
-
|
21
|
-
# after_initialize :establish_secure_connection
|
22
|
-
# end
|
20
|
+
base.ignored_columns = %w(tenant_id)
|
23
21
|
end
|
24
22
|
end
|
25
23
|
end
|
@@ -0,0 +1,50 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module PgRls
|
4
|
+
module Solo
|
5
|
+
# Set and Fetch Tenant without loading a model
|
6
|
+
class Tenant
|
7
|
+
class << self
|
8
|
+
attr_reader :tenant
|
9
|
+
|
10
|
+
def switch!(resource)
|
11
|
+
switch_tenant!(resource)
|
12
|
+
rescue StandardError => e
|
13
|
+
Rails.logger.info('connection was not made')
|
14
|
+
raise e
|
15
|
+
end
|
16
|
+
|
17
|
+
def fetch
|
18
|
+
@fetch ||= PgRls.connection_class.connection.execute(
|
19
|
+
"SELECT current_setting('rls.tenant_id')"
|
20
|
+
).getvalue(0, 0)
|
21
|
+
end
|
22
|
+
|
23
|
+
def around(resource)
|
24
|
+
switch_tenant!(resource)
|
25
|
+
yield
|
26
|
+
ensure
|
27
|
+
reset_rls!
|
28
|
+
end
|
29
|
+
|
30
|
+
private
|
31
|
+
|
32
|
+
def reset_rls!
|
33
|
+
@fetch = nil
|
34
|
+
@tenant = nil
|
35
|
+
PgRls.connection_class.connection.execute('RESET rls.tenant_id')
|
36
|
+
end
|
37
|
+
|
38
|
+
def switch_tenant!(resource)
|
39
|
+
connection_adapter = PgRls.connection_class
|
40
|
+
|
41
|
+
raise PgRls::Errors::TenantNotFound if resource.blank?
|
42
|
+
|
43
|
+
connection_adapter.connection.execute(format('SET rls.tenant_id = %s',
|
44
|
+
connection_adapter.connection.quote(resource)))
|
45
|
+
"RLS changed to '#{resource}'"
|
46
|
+
end
|
47
|
+
end
|
48
|
+
end
|
49
|
+
end
|
50
|
+
end
|
data/lib/pg_rls/tenant.rb
CHANGED
@@ -28,8 +28,8 @@ module PgRls
|
|
28
28
|
end
|
29
29
|
|
30
30
|
def fetch
|
31
|
-
@fetch ||= PgRls.main_model.
|
32
|
-
PgRls.connection_class.connection.execute(
|
31
|
+
@fetch ||= PgRls.main_model.find_by!(
|
32
|
+
tenant_id: PgRls.connection_class.connection.execute(
|
33
33
|
"SELECT current_setting('rls.tenant_id')"
|
34
34
|
).getvalue(0, 0)
|
35
35
|
)
|
@@ -49,7 +49,7 @@ module PgRls
|
|
49
49
|
connection_adapter = PgRls.connection_class
|
50
50
|
find_tenant(resource)
|
51
51
|
|
52
|
-
raise PgRls::Errors::TenantNotFound
|
52
|
+
raise PgRls::Errors::TenantNotFound if tenant.blank?
|
53
53
|
|
54
54
|
connection_adapter.connection.execute(format('SET rls.tenant_id = %s',
|
55
55
|
connection_adapter.connection.quote(tenant.tenant_id)))
|
@@ -60,7 +60,7 @@ module PgRls
|
|
60
60
|
reset_rls!
|
61
61
|
|
62
62
|
PgRls.search_methods.each do |method|
|
63
|
-
|
63
|
+
break if @tenant.present?
|
64
64
|
|
65
65
|
@method = method
|
66
66
|
@tenant = find_tenant_by_method(resource, method)
|
@@ -71,7 +71,8 @@ module PgRls
|
|
71
71
|
|
72
72
|
def find_tenant_by_method(resource, method)
|
73
73
|
PgRls.main_model.send("find_by_#{method}!", resource)
|
74
|
-
rescue ActiveRecord::RecordNotFound
|
74
|
+
rescue ActiveRecord::RecordNotFound
|
75
|
+
nil
|
75
76
|
end
|
76
77
|
end
|
77
78
|
end
|
data/lib/pg_rls/version.rb
CHANGED
data/lib/pg_rls.rb
CHANGED
@@ -5,6 +5,8 @@ require 'forwardable'
|
|
5
5
|
require_relative 'pg_rls/version'
|
6
6
|
require_relative 'pg_rls/database/prepared'
|
7
7
|
require_relative 'pg_rls/schema/statements'
|
8
|
+
require_relative 'pg_rls/schema/solo/statements'
|
9
|
+
require_relative 'pg_rls/solo/tenant'
|
8
10
|
require_relative 'pg_rls/tenant'
|
9
11
|
require_relative 'pg_rls/secure_connection'
|
10
12
|
require_relative 'pg_rls/multi_tenancy'
|
@@ -37,8 +39,12 @@ module PgRls
|
|
37
39
|
yield self
|
38
40
|
end
|
39
41
|
|
42
|
+
def solo_mode?
|
43
|
+
solo_mode
|
44
|
+
end
|
45
|
+
|
40
46
|
def database_connection_file
|
41
|
-
file = File.read(Rails.root.join('config
|
47
|
+
file = File.read(Rails.root.join('config/database.yml'))
|
42
48
|
|
43
49
|
YAML.safe_load(ERB.new(file).result, aliases: true)
|
44
50
|
end
|
@@ -136,6 +142,9 @@ module PgRls
|
|
136
142
|
mattr_accessor :password
|
137
143
|
@@password = 'password'
|
138
144
|
|
145
|
+
mattr_accessor :solo_mode
|
146
|
+
@@solo_mode = false
|
147
|
+
|
139
148
|
mattr_accessor :search_methods
|
140
149
|
@@search_methods = %i[subdomain id tenant_id]
|
141
150
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: pg_rls
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.2.
|
4
|
+
version: 0.0.2.4
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Daniel Laloush
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2022-09-
|
11
|
+
date: 2022-09-30 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|
@@ -67,9 +67,12 @@ files:
|
|
67
67
|
- lib/pg_rls/multi_tenancy.rb
|
68
68
|
- lib/pg_rls/railtie.rb
|
69
69
|
- lib/pg_rls/schema/down_statements.rb
|
70
|
+
- lib/pg_rls/schema/solo/statements.rb
|
71
|
+
- lib/pg_rls/schema/solo/up_statements.rb
|
70
72
|
- lib/pg_rls/schema/statements.rb
|
71
73
|
- lib/pg_rls/schema/up_statements.rb
|
72
74
|
- lib/pg_rls/secure_connection.rb
|
75
|
+
- lib/pg_rls/solo/tenant.rb
|
73
76
|
- lib/pg_rls/tenant.rb
|
74
77
|
- lib/pg_rls/version.rb
|
75
78
|
homepage: https://github.com/Dandush03/pg_rls
|