pg_rls 0.2.4 → 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.rubocop.yml +55 -17
- data/.ruby-version +1 -0
- data/CHANGELOG.md +19 -2
- data/CODE_OF_CONDUCT.md +77 -29
- data/Guardfile +44 -0
- data/README.md +247 -83
- data/Rakefile +5 -12
- data/Steepfile +29 -0
- data/UPGRADE.md +106 -0
- data/app/models/pg_rls/admin.rb +24 -0
- data/app/models/pg_rls/current.rb +48 -0
- data/app/models/pg_rls/record.rb +13 -0
- data/app/models/pg_rls/tenant/searchable.rb +60 -0
- data/app/models/pg_rls/tenant/securable.rb +67 -0
- data/app/models/pg_rls/tenant/switchable.rb +40 -0
- data/app/models/pg_rls/tenant.rb +9 -0
- data/assets/logo.svg +8 -0
- data/docker-compose.yml +14 -0
- data/lib/generators/pg_rls/active_record/active_record_generator.rb +62 -65
- data/lib/generators/pg_rls/install/install_generator.rb +38 -0
- data/lib/generators/pg_rls/pg_rls_generator.rb +2 -1
- data/lib/generators/pg_rls/templates/USAGE +28 -0
- data/lib/generators/pg_rls/templates/app/models/abstract_base_class.rb.tt +7 -0
- data/lib/generators/pg_rls/templates/app/models/model.rb.tt +22 -0
- data/lib/generators/pg_rls/templates/config/initializers/pg_rls.rb.tt +58 -0
- data/lib/generators/pg_rls/templates/db/migrate/backport_pg_rls_table.rb.tt +14 -0
- data/lib/generators/pg_rls/templates/db/migrate/convert_to_pg_rls_table.rb.tt +5 -0
- data/lib/generators/pg_rls/templates/db/migrate/convert_to_pg_rls_tenant_table.rb.tt +5 -0
- data/lib/generators/pg_rls/templates/db/migrate/create_pg_rls_table.rb.tt +29 -0
- data/lib/generators/pg_rls/templates/db/migrate/create_pg_rls_tenant_table.rb.tt +29 -0
- data/lib/pg_rls/active_record/connection_adapters/connection_pool.rb +31 -0
- data/lib/pg_rls/active_record/connection_adapters/postgre_sql/check_rls_user_privileges.rb +207 -0
- data/lib/pg_rls/active_record/connection_adapters/postgre_sql/errors.rb +17 -0
- data/lib/pg_rls/active_record/connection_adapters/postgre_sql/grant_rls_user_privileges.rb +167 -0
- data/lib/pg_rls/active_record/connection_adapters/postgre_sql/rls_functions.rb +91 -0
- data/lib/pg_rls/active_record/connection_adapters/postgre_sql/rls_policies.rb +56 -0
- data/lib/pg_rls/active_record/connection_adapters/postgre_sql/rls_triggers.rb +95 -0
- data/lib/pg_rls/active_record/connection_adapters/postgre_sql/rls_user_statements.rb +127 -0
- data/lib/pg_rls/active_record/connection_adapters/postgre_sql/schema_dumper.rb +71 -0
- data/lib/pg_rls/active_record/connection_adapters/postgre_sql/schema_statements.rb +120 -0
- data/lib/pg_rls/active_record/connection_adapters/postgre_sql/sql_helper_method.rb +30 -0
- data/lib/pg_rls/active_record/connection_adapters/postgre_sql.rb +36 -0
- data/lib/pg_rls/active_record/connection_adapters.rb +12 -0
- data/lib/pg_rls/active_record/database_shards.rb +74 -0
- data/lib/pg_rls/active_record/migration/command_recorder.rb +28 -0
- data/lib/pg_rls/active_record/migration.rb +11 -0
- data/lib/pg_rls/active_record/test_databases.rb +19 -0
- data/lib/pg_rls/active_record.rb +11 -0
- data/lib/pg_rls/active_support/string_ext.rb +17 -0
- data/lib/pg_rls/active_support.rb +9 -0
- data/lib/pg_rls/connection_config.rb +61 -0
- data/lib/pg_rls/deprecation.rb +14 -0
- data/lib/pg_rls/engine.rb +8 -0
- data/lib/pg_rls/error.rb +10 -0
- data/lib/pg_rls/generators/.keep +0 -0
- data/lib/pg_rls/multi_tenancy.rb +1 -1
- data/lib/pg_rls/railtie.rb +1 -11
- data/lib/pg_rls/tasks/.keep +0 -0
- data/lib/pg_rls/version.rb +3 -1
- data/lib/pg_rls.rb +67 -151
- data/rbs_collection.lock.yaml +132 -0
- data/rbs_collection.yaml +127 -0
- data/review_code.sh +33 -0
- data/sig/generators/pg_rls/active_record/active_record_generator.rbs +43 -0
- data/sig/generators/pg_rls/install/install_generator.rbs +20 -0
- data/sig/generators/pg_rls/pg_rls_generator.rbs +9 -0
- data/sig/pg_rls/active_record/connection_adapters/postgre_sql/check_rls_user_privileges.rbs +53 -0
- data/sig/pg_rls/active_record/connection_adapters/postgre_sql/errors.rbs +24 -0
- data/sig/pg_rls/active_record/connection_adapters/postgre_sql/grant_rls_user_privileges.rbs +55 -0
- data/sig/pg_rls/active_record/connection_adapters/postgre_sql/rls_functions.rbs +31 -0
- data/sig/pg_rls/active_record/connection_adapters/postgre_sql/rls_policies.rbs +28 -0
- data/sig/pg_rls/active_record/connection_adapters/postgre_sql/rls_triggers.rbs +35 -0
- data/sig/pg_rls/active_record/connection_adapters/postgre_sql/rls_user_statements.rbs +48 -0
- data/sig/pg_rls/active_record/connection_adapters/postgre_sql/schema_dumper.rbs +38 -0
- data/sig/pg_rls/active_record/connection_adapters/postgre_sql/schema_statements.rbs +67 -0
- data/sig/pg_rls/active_record/connection_adapters/postgre_sql/sql_helper_method.rbs +21 -0
- data/sig/pg_rls/active_record/connection_adapters/postgresql.rbs +10 -0
- data/sig/pg_rls/active_record/connection_adapters.rbs +50 -0
- data/sig/pg_rls/active_record/database_shards.rbs +34 -0
- data/sig/pg_rls/active_record/migration/command_recorder.rbs +14 -0
- data/sig/pg_rls/active_record/migration.rbs +8 -0
- data/sig/pg_rls/active_record.rbs +7 -0
- data/sig/pg_rls/active_support/hash_ext.rbs +11 -0
- data/sig/pg_rls/active_support/string_ext.rbs +27 -0
- data/sig/pg_rls/active_support.rbs +7 -0
- data/sig/pg_rls/app/models/pg_rls/record.rbs +4 -0
- data/sig/pg_rls/connection_config.rbs +16 -0
- data/sig/pg_rls/deprecation.rbs +9 -0
- data/sig/pg_rls/engine.rbs +7 -0
- data/sig/pg_rls/errors.rbs +14 -0
- data/sig/pg_rls/railtie.rbs +6 -0
- data/sig/pg_rls/tenant_test_helper.rbs +14 -0
- data/sig/pg_rls.rbs +60 -0
- data/sig/support/active_record.rbs +86 -0
- data/sig/support/active_support.rbs +7 -0
- data/sig/support/fowardable.rbs +2 -0
- data/sig/support/pg.rbs +12 -0
- data/sig/support/rails.rbs +38 -0
- data/start.sh +30 -0
- metadata +167 -12
- data/Gemfile +0 -21
- data/Gemfile.lock +0 -300
- data/bin/console +0 -15
- data/bin/setup +0 -8
|
@@ -0,0 +1,53 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module PgRls
|
|
4
|
+
module ActiveRecord
|
|
5
|
+
module ConnectionAdapters
|
|
6
|
+
module PostgreSQL
|
|
7
|
+
module CheckRlsUserPrivileges
|
|
8
|
+
include SqlHelperMethod
|
|
9
|
+
|
|
10
|
+
def check_rls_user_privileges!: ((String | Symbol), ?(String | Symbol), ?(String | Symbol)) -> bool
|
|
11
|
+
|
|
12
|
+
def check_table_privileges!: ((String | Symbol), (String | Symbol), (String | Symbol)) -> bool
|
|
13
|
+
|
|
14
|
+
def check_sequence_privileges!: ((String | Symbol), (String | Symbol), (String | Symbol)) -> bool
|
|
15
|
+
|
|
16
|
+
def check_table_rls_enabled!: ((String | Symbol), ?(String | Symbol)) -> bool
|
|
17
|
+
|
|
18
|
+
def check_table_user_policy_exists!: ((String | Symbol), (String | Symbol), ?(String | Symbol)) -> bool
|
|
19
|
+
|
|
20
|
+
private
|
|
21
|
+
|
|
22
|
+
def check_user_exists!: ((String | Symbol)) -> bool
|
|
23
|
+
|
|
24
|
+
def check_user_in_rls_group!: ((String | Symbol)) -> bool
|
|
25
|
+
|
|
26
|
+
def check_schema_usage_privilege!: ((String | Symbol), (String | Symbol)) -> bool
|
|
27
|
+
|
|
28
|
+
def check_default_table_privileges!: ((String | Symbol), (String | Symbol)) -> bool
|
|
29
|
+
|
|
30
|
+
def check_default_sequence_privileges!: ((String | Symbol), (String | Symbol)) -> bool
|
|
31
|
+
|
|
32
|
+
def check_user_exists_sql: ((String | Symbol)) -> String
|
|
33
|
+
|
|
34
|
+
def check_user_in_rls_group_sql: ((String | Symbol)) -> String
|
|
35
|
+
|
|
36
|
+
def check_schema_usage_privilege_sql: ((String | Symbol), (String | Symbol)) -> String
|
|
37
|
+
|
|
38
|
+
def check_default_table_privileges_sql: ((String | Symbol), (String | Symbol)) -> String
|
|
39
|
+
|
|
40
|
+
def check_table_privileges_sql: ((String | Symbol), (String | Symbol), (String | Symbol)) -> String
|
|
41
|
+
|
|
42
|
+
def check_default_sequence_privileges_sql: ((String | Symbol), (String | Symbol)) -> String
|
|
43
|
+
|
|
44
|
+
def check_sequence_privileges_sql: ((String | Symbol), (String | Symbol), (String | Symbol)) -> String
|
|
45
|
+
|
|
46
|
+
def check_table_rls_enabled_sql: ((String | Symbol), (String | Symbol)) -> String
|
|
47
|
+
|
|
48
|
+
def check_table_user_policy_exists_sql: ((String | Symbol), (String | Symbol), (String | Symbol)) -> String
|
|
49
|
+
end
|
|
50
|
+
end
|
|
51
|
+
end
|
|
52
|
+
end
|
|
53
|
+
end
|
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module PgRls
|
|
4
|
+
module ActiveRecord
|
|
5
|
+
module ConnectionAdapters
|
|
6
|
+
module PostgreSQL
|
|
7
|
+
class UserDoesNotExistError < PgRls::Error
|
|
8
|
+
end
|
|
9
|
+
class UserNotInPgRlsGroupError < PgRls::Error
|
|
10
|
+
end
|
|
11
|
+
class UserMissingSchemaUsagePrivilegeError < PgRls::Error
|
|
12
|
+
end
|
|
13
|
+
class UserMissingTablePrivilegesError < PgRls::Error
|
|
14
|
+
end
|
|
15
|
+
class UserMissingSequencePrivilegesError < PgRls::Error
|
|
16
|
+
end
|
|
17
|
+
class TableRlsNotEnabledError < PgRls::Error
|
|
18
|
+
end
|
|
19
|
+
class TableUserPolicyDoesNotExistError < PgRls::Error
|
|
20
|
+
end
|
|
21
|
+
end
|
|
22
|
+
end
|
|
23
|
+
end
|
|
24
|
+
end
|
|
@@ -0,0 +1,55 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module PgRls
|
|
4
|
+
module ActiveRecord
|
|
5
|
+
module ConnectionAdapters
|
|
6
|
+
module PostgreSQL
|
|
7
|
+
module GrantRlsUserPrivileges
|
|
8
|
+
include SqlHelperMethod
|
|
9
|
+
|
|
10
|
+
def grant_rls_user_privileges: (?(String | Symbol), ?(String | Symbol)) -> void
|
|
11
|
+
|
|
12
|
+
def revoke_rls_user_privileges: (?(String | Symbol), ?(String | Symbol)) -> void
|
|
13
|
+
|
|
14
|
+
private
|
|
15
|
+
|
|
16
|
+
def revoke_schema_usage: ((String | Symbol), (String | Symbol)) -> void
|
|
17
|
+
|
|
18
|
+
def revoke_schema_migration_table_privileges: ((String | Symbol), (String | Symbol)) -> void
|
|
19
|
+
|
|
20
|
+
def revoke_default_sequence_privileges: ((String | Symbol), (String | Symbol)) -> void
|
|
21
|
+
|
|
22
|
+
def revoke_default_table_privileges: ((String | Symbol), (String | Symbol)) -> void
|
|
23
|
+
|
|
24
|
+
def revoke_existing_table_privileges: ((String | Symbol), (String | Symbol)) -> void
|
|
25
|
+
|
|
26
|
+
def revoke_existing_sequence_privileges: ((String | Symbol), (String | Symbol)) -> void
|
|
27
|
+
|
|
28
|
+
def grant_schema_usage: ((String | Symbol), (String | Symbol)) -> void
|
|
29
|
+
|
|
30
|
+
def grant_schema_migration_table_privileges: ((String | Symbol), (String | Symbol)) -> void
|
|
31
|
+
|
|
32
|
+
def grant_default_sequence_privileges: ((String | Symbol), (String | Symbol)) -> void
|
|
33
|
+
|
|
34
|
+
def grant_default_table_privileges: ((String | Symbol), (String | Symbol)) -> void
|
|
35
|
+
|
|
36
|
+
def grant_existing_table_privileges: ((String | Symbol), (String | Symbol)) -> void
|
|
37
|
+
|
|
38
|
+
def grant_existing_sequence_privileges: ((String | Symbol), (String | Symbol)) -> void
|
|
39
|
+
|
|
40
|
+
def revoke_schema_usage_sql: ((String | Symbol), (String | Symbol)) -> String
|
|
41
|
+
|
|
42
|
+
def revoke_default_sequence_privileges_sql: ((String | Symbol), (String | Symbol)) -> String
|
|
43
|
+
|
|
44
|
+
def revoke_default_table_privileges_sql: ((String | Symbol), (String | Symbol)) -> String
|
|
45
|
+
|
|
46
|
+
def revoke_existing_table_privileges_sql: ((String | Symbol), (String | Symbol)) -> String
|
|
47
|
+
|
|
48
|
+
def revoke_existing_sequence_privileges_sql: ((String | Symbol), (String | Symbol)) -> String
|
|
49
|
+
|
|
50
|
+
def role_applicable_sql_statement: ((String | Symbol), (String | Symbol)) -> String
|
|
51
|
+
end
|
|
52
|
+
end
|
|
53
|
+
end
|
|
54
|
+
end
|
|
55
|
+
end
|
|
@@ -0,0 +1,31 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module PgRls
|
|
4
|
+
module ActiveRecord
|
|
5
|
+
module ConnectionAdapters
|
|
6
|
+
module PostgreSQL
|
|
7
|
+
module RlsFunctions
|
|
8
|
+
include SqlHelperMethod
|
|
9
|
+
|
|
10
|
+
def function_exists?: (String) -> bool
|
|
11
|
+
|
|
12
|
+
def create_rls_functions: () -> void
|
|
13
|
+
|
|
14
|
+
def drop_rls_functions: () -> void
|
|
15
|
+
|
|
16
|
+
private
|
|
17
|
+
|
|
18
|
+
def create_function: (String, String) -> Array[PG::Result]
|
|
19
|
+
|
|
20
|
+
def drop_function: (String) -> Array[PG::Result]
|
|
21
|
+
|
|
22
|
+
def create_tenant_id_setter_function: () -> void
|
|
23
|
+
|
|
24
|
+
def create_tenant_id_update_blocker_function: () -> void
|
|
25
|
+
|
|
26
|
+
def create_rls_exception: () -> void
|
|
27
|
+
end
|
|
28
|
+
end
|
|
29
|
+
end
|
|
30
|
+
end
|
|
31
|
+
end
|
|
@@ -0,0 +1,28 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module PgRls
|
|
4
|
+
module ActiveRecord
|
|
5
|
+
module ConnectionAdapters
|
|
6
|
+
module PostgreSQL
|
|
7
|
+
# This module contains the logic to grant user privileges
|
|
8
|
+
module RlsPolicies
|
|
9
|
+
include SqlHelperMethod
|
|
10
|
+
|
|
11
|
+
def enable_table_rls: (String, ?(String | Symbol), ?(String | Symbol)) -> void
|
|
12
|
+
|
|
13
|
+
def disable_table_rls: (String, ?(String | Symbol), ?(String | Symbol)) -> void
|
|
14
|
+
|
|
15
|
+
private
|
|
16
|
+
|
|
17
|
+
def drop_rls_policy_sql: ((String | Symbol), String, (String | Symbol)) -> String
|
|
18
|
+
|
|
19
|
+
def disable_row_level_security_sql: ((String | Symbol), String) -> String
|
|
20
|
+
|
|
21
|
+
def create_rls_policy_sql: ((String | Symbol), String, (String | Symbol)) -> String
|
|
22
|
+
|
|
23
|
+
def enable_row_level_security_sql: ((String | Symbol), String) -> String
|
|
24
|
+
end
|
|
25
|
+
end
|
|
26
|
+
end
|
|
27
|
+
end
|
|
28
|
+
end
|
|
@@ -0,0 +1,35 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module PgRls
|
|
4
|
+
module ActiveRecord
|
|
5
|
+
module ConnectionAdapters
|
|
6
|
+
module PostgreSQL
|
|
7
|
+
module RlsTriggers
|
|
8
|
+
include SqlHelperMethod
|
|
9
|
+
|
|
10
|
+
def trigger_exists?: (String, String, ?(String | Symbol)) -> bool
|
|
11
|
+
|
|
12
|
+
def append_tenant_table_triggers: (String, ?(String | Symbol)) -> void
|
|
13
|
+
|
|
14
|
+
def append_rls_table_triggers: (String, ?(String | Symbol)) -> void
|
|
15
|
+
|
|
16
|
+
def drop_tenant_table_triggers: (String, ?(String | Symbol)) -> void
|
|
17
|
+
|
|
18
|
+
def drop_rls_table_triggers: (String, ?(String | Symbol)) -> void
|
|
19
|
+
|
|
20
|
+
private
|
|
21
|
+
|
|
22
|
+
def drop_trigger: ((String | Symbol), String, String) -> void
|
|
23
|
+
|
|
24
|
+
def create_trigger: ((String | Symbol), String, String, String, String, String) -> void
|
|
25
|
+
|
|
26
|
+
def create_rls_exception_trigger: ((String | Symbol), String) -> void
|
|
27
|
+
|
|
28
|
+
def create_tenant_id_setter_trigger: ((String | Symbol), String) -> void
|
|
29
|
+
|
|
30
|
+
def create_tenant_id_update_blocker_trigger: ((String | Symbol), String) -> void
|
|
31
|
+
end
|
|
32
|
+
end
|
|
33
|
+
end
|
|
34
|
+
end
|
|
35
|
+
end
|
|
@@ -0,0 +1,48 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module PgRls
|
|
4
|
+
module ActiveRecord
|
|
5
|
+
module ConnectionAdapters
|
|
6
|
+
module PostgreSQL
|
|
7
|
+
# This module contains the logic to grant user privileges
|
|
8
|
+
module RlsUserStatements
|
|
9
|
+
include SqlHelperMethod
|
|
10
|
+
|
|
11
|
+
def create_rls_role: (String, String) -> void
|
|
12
|
+
|
|
13
|
+
def drop_rls_role: (String) -> void
|
|
14
|
+
|
|
15
|
+
def user_exists?: (String) -> bool
|
|
16
|
+
|
|
17
|
+
def drop_rls_user: (String) -> void
|
|
18
|
+
|
|
19
|
+
def create_rls_user: (String, String) -> void
|
|
20
|
+
|
|
21
|
+
def create_rls_group: (?(String | Symbol)) -> void
|
|
22
|
+
|
|
23
|
+
def drop_rls_group: (?(String | Symbol)) -> void
|
|
24
|
+
|
|
25
|
+
def assign_user_to_group: (String) -> void
|
|
26
|
+
|
|
27
|
+
def remove_user_from_group: (String) -> void
|
|
28
|
+
|
|
29
|
+
private
|
|
30
|
+
|
|
31
|
+
def user_exists_sql: (String) -> String
|
|
32
|
+
|
|
33
|
+
def drop_rls_user_sql: (String) -> String
|
|
34
|
+
|
|
35
|
+
def create_rls_user_sql: (String, String) -> String
|
|
36
|
+
|
|
37
|
+
def create_rls_group_sql: ((String | Symbol)) -> String
|
|
38
|
+
|
|
39
|
+
def drop_rls_group_sql: ((String | Symbol)) -> String
|
|
40
|
+
|
|
41
|
+
def assign_user_to_group_sql: (String) -> String
|
|
42
|
+
|
|
43
|
+
def remove_user_from_group_sql: (String) -> String
|
|
44
|
+
end
|
|
45
|
+
end
|
|
46
|
+
end
|
|
47
|
+
end
|
|
48
|
+
end
|
|
@@ -0,0 +1,38 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module PgRls
|
|
4
|
+
module ActiveRecord
|
|
5
|
+
module ConnectionAdapters
|
|
6
|
+
module PostgreSQL
|
|
7
|
+
# Require to fix configuration super method invocation
|
|
8
|
+
module DummySchemaDumper
|
|
9
|
+
def tables: (StringIO) -> void
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
module SchemaDumper
|
|
13
|
+
include DummySchemaDumper
|
|
14
|
+
|
|
15
|
+
@rls_table_array: Array[String]
|
|
16
|
+
@rls_tenant_table: String
|
|
17
|
+
@connection: ActiveRecord::ConnectionAdapters::PostgreSQLAdapter
|
|
18
|
+
|
|
19
|
+
def tables: (StringIO) -> void
|
|
20
|
+
|
|
21
|
+
def table: (String, StringIO) -> void
|
|
22
|
+
|
|
23
|
+
private
|
|
24
|
+
|
|
25
|
+
def dump_table_to_string: (untyped, String) -> String
|
|
26
|
+
|
|
27
|
+
def rls_table?: (String) -> bool
|
|
28
|
+
|
|
29
|
+
def rls_tenant_table?: (String) -> bool
|
|
30
|
+
|
|
31
|
+
def rls_table_array: -> Array[String]
|
|
32
|
+
|
|
33
|
+
def fetch_rls_tables: -> Array[String]
|
|
34
|
+
end
|
|
35
|
+
end
|
|
36
|
+
end
|
|
37
|
+
end
|
|
38
|
+
end
|
|
@@ -0,0 +1,67 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
#
|
|
3
|
+
|
|
4
|
+
module PgRls
|
|
5
|
+
module ActiveRecord
|
|
6
|
+
module ConnectionAdapters
|
|
7
|
+
module PostgreSQL
|
|
8
|
+
# This module contains the logic to create rls policies tables and functions
|
|
9
|
+
module SchemaStatements
|
|
10
|
+
def table_exists?: (String | Symbol) -> bool
|
|
11
|
+
def create_table: (String | Symbol, *untyped args) -> void
|
|
12
|
+
def drop_table: (String | Symbol, *untyped args) -> void
|
|
13
|
+
def add_column: (String | Symbol, String | Symbol, String | Symbol, *untyped args) -> void
|
|
14
|
+
def remove_column: (String | Symbol, String | Symbol, *untyped args) -> void
|
|
15
|
+
|
|
16
|
+
def create_rls_tenant_table: (String | Symbol, *untyped args) -> void
|
|
17
|
+
def convert_to_rls_tenant_table: (String | Symbol) -> void
|
|
18
|
+
def create_rls_table: (String | Symbol, *untyped args) -> void
|
|
19
|
+
def convert_to_rls_table: (String | Symbol) -> void
|
|
20
|
+
def drop_rls_tenant_table: (String | Symbol, *untyped args) -> void
|
|
21
|
+
def revert_from_rls_tenant_table: (String | Symbol) -> void
|
|
22
|
+
def drop_rls_table: (String | Symbol, *untyped args) -> void
|
|
23
|
+
def revert_from_rls_table: (String | Symbol) -> void
|
|
24
|
+
|
|
25
|
+
# Dynamically Generate the Inversion Methods
|
|
26
|
+
def invert_create_rls_tenant_table: (String | Symbol, *untyped args) -> void
|
|
27
|
+
def invert_convert_to_rls_tenant_table: (String | Symbol) -> void
|
|
28
|
+
def invert_create_rls_table: (String | Symbol, *untyped args) -> void
|
|
29
|
+
def invert_convert_to_rls_table: (String | Symbol) -> void
|
|
30
|
+
|
|
31
|
+
# Inherited Methods
|
|
32
|
+
|
|
33
|
+
def check_rls_user_privileges!: (String | Symbol, String | Symbol) -> bool
|
|
34
|
+
def enable_table_rls: (String | Symbol, String | Symbol) -> void
|
|
35
|
+
def append_rls_table_triggers: (String | Symbol) -> void
|
|
36
|
+
def add_index: (String | Symbol, Array[String | Symbol] | String | Symbol, *untyped args) -> void
|
|
37
|
+
def remove_index: (String | Symbol, Array[String | Symbol] | String | Symbol, *untyped args) -> void
|
|
38
|
+
def append_tenant_table_triggers: (String | Symbol) -> void
|
|
39
|
+
def create_rls_group: () -> void
|
|
40
|
+
def create_rls_role: (String | Symbol, String | Symbol) -> void
|
|
41
|
+
def create_rls_functions: () -> void
|
|
42
|
+
def drop_tenant_table_triggers: (String | Symbol) -> void
|
|
43
|
+
def disable_table_rls: (String | Symbol, String | Symbol) -> void
|
|
44
|
+
def drop_rls_functions: () -> void
|
|
45
|
+
def drop_rls_role: (String | Symbol) -> void
|
|
46
|
+
def drop_rls_group: () -> void
|
|
47
|
+
def drop_rls_table_triggers: (String | Symbol) -> void
|
|
48
|
+
def grant_rls_user_privileges: (String | Symbol) -> void
|
|
49
|
+
def revoke_rls_user_privileges: (String | Symbol) -> void
|
|
50
|
+
def index_exists?: (String | Symbol, String | Symbol, *untyped args) -> bool
|
|
51
|
+
def column_exists?: (String | Symbol, String | Symbol) -> bool
|
|
52
|
+
def create_rls_index: (String | Symbol, Array[String | Symbol], **untyped args) -> void
|
|
53
|
+
def drop_rls_index: (String | Symbol, Array[String | Symbol], **untyped args) -> void
|
|
54
|
+
|
|
55
|
+
private
|
|
56
|
+
|
|
57
|
+
def create_rls_table_setup: (String | Symbol) -> void
|
|
58
|
+
def create_rls_tenant_table_setup: (String | Symbol) -> void
|
|
59
|
+
def create_rls_initialize_setup: () -> void
|
|
60
|
+
def drop_rls_table_setup: (String | Symbol) -> void
|
|
61
|
+
def drop_rls_initialize_setup: (String | Symbol) -> void
|
|
62
|
+
def rls_index_columns: (Array[String | Symbol]) -> Array[Symbol]
|
|
63
|
+
end
|
|
64
|
+
end
|
|
65
|
+
end
|
|
66
|
+
end
|
|
67
|
+
end
|
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module PgRls
|
|
4
|
+
module ActiveRecord
|
|
5
|
+
module ConnectionAdapters
|
|
6
|
+
module PostgreSQL
|
|
7
|
+
module SqlHelperMethod
|
|
8
|
+
private
|
|
9
|
+
|
|
10
|
+
def execute: (String) -> Array[PG::Result]
|
|
11
|
+
|
|
12
|
+
def transaction: (*untyped args, **untyped attr) { () -> Array[PG::Result] } -> Array[PG::Result]
|
|
13
|
+
|
|
14
|
+
def execute_sql!: (String) -> Array[PG::Result]
|
|
15
|
+
|
|
16
|
+
def rescue_sql_error?: (StandardError) -> bool
|
|
17
|
+
end
|
|
18
|
+
end
|
|
19
|
+
end
|
|
20
|
+
end
|
|
21
|
+
end
|
|
@@ -0,0 +1,50 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module PgRls
|
|
4
|
+
module ActiveRecord
|
|
5
|
+
module ConnectionAdapters
|
|
6
|
+
module ConnectionPool
|
|
7
|
+
attr_reader checkout_timeout: untyped
|
|
8
|
+
|
|
9
|
+
def checkout: (?untyped checkout_timeout) -> untyped
|
|
10
|
+
|
|
11
|
+
def rls_connection?: () -> bool
|
|
12
|
+
|
|
13
|
+
def pool_config: () -> untyped
|
|
14
|
+
|
|
15
|
+
private def reset_rls_used_connections: (ActiveRecord::ConnectionAdapters::PostgreSQLAdapter conn) -> nil
|
|
16
|
+
|
|
17
|
+
end
|
|
18
|
+
end
|
|
19
|
+
end
|
|
20
|
+
|
|
21
|
+
class Tenant
|
|
22
|
+
def self.reset_rls_used_connections: (ActiveRecord::ConnectionAdapters::PostgreSQLAdapter conn) -> nil
|
|
23
|
+
|
|
24
|
+
def set_rls: (ActiveRecord::ConnectionAdapters::PostgreSQLAdapter conn) -> Tenant
|
|
25
|
+
|
|
26
|
+
def new_tenant?: () -> bool
|
|
27
|
+
|
|
28
|
+
def reused_connection?: (ActiveRecord::ConnectionAdapters::PostgreSQLAdapter conn) -> bool
|
|
29
|
+
|
|
30
|
+
def rls_connection_object_cache_by_thread=: (untyped value) -> untyped
|
|
31
|
+
|
|
32
|
+
def rls_connection_object_cache_by_thread: () -> untyped
|
|
33
|
+
|
|
34
|
+
def rls_used_connections: () -> untyped
|
|
35
|
+
end
|
|
36
|
+
|
|
37
|
+
module Current
|
|
38
|
+
def self.tenant: () -> Tenant
|
|
39
|
+
end
|
|
40
|
+
end
|
|
41
|
+
|
|
42
|
+
module ActiveRecord
|
|
43
|
+
module ConnectionAdapters
|
|
44
|
+
class ConnectionPool
|
|
45
|
+
attr_reader checkout_timeout: untyped
|
|
46
|
+
end
|
|
47
|
+
end
|
|
48
|
+
end
|
|
49
|
+
|
|
50
|
+
|
|
@@ -0,0 +1,34 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module PgRls
|
|
4
|
+
module ActiveRecord
|
|
5
|
+
# Require to fix configuration super method invocation
|
|
6
|
+
module DummyDatabaseShards
|
|
7
|
+
def configurations=: (Hash[String, untyped]) -> Hash[String, untyped]
|
|
8
|
+
end
|
|
9
|
+
|
|
10
|
+
module DatabaseShards
|
|
11
|
+
include DummyDatabaseShards
|
|
12
|
+
|
|
13
|
+
REQUIRED_CONFIGURATION_KEYS: Array[String]
|
|
14
|
+
|
|
15
|
+
def add_rls_configurations: (Hash[String, untyped], ?Hash[String, untyped]) -> Hash[String, untyped]
|
|
16
|
+
|
|
17
|
+
def configurations=: (Hash[String, untyped]) -> Hash[String, untyped]
|
|
18
|
+
|
|
19
|
+
def configurations: () -> Hash[String, untyped]
|
|
20
|
+
|
|
21
|
+
def rls_shard_config?: (Hash[String, untyped]) -> bool
|
|
22
|
+
|
|
23
|
+
def adapter_configurations: (Hash[String, untyped], Hash[String, untyped], String) -> (::Hash[::String, untyped] | nil)
|
|
24
|
+
|
|
25
|
+
def rls_configuration: () -> Hash[String, untyped]
|
|
26
|
+
|
|
27
|
+
private
|
|
28
|
+
|
|
29
|
+
def add_primary_and_rls_config: (Hash[String, untyped], Hash[String, untyped], ?String) -> Hash[String, untyped]
|
|
30
|
+
|
|
31
|
+
def shard_config?: (Hash[String, untyped]) -> bool
|
|
32
|
+
end
|
|
33
|
+
end
|
|
34
|
+
end
|
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module PgRls
|
|
4
|
+
module ActiveRecord
|
|
5
|
+
module Migration
|
|
6
|
+
# ActiveRecord Migration Command Recorder Extension
|
|
7
|
+
module CommandRecorder
|
|
8
|
+
REVERSIBLE_AND_IRREVERSIBLE_METHODS: ::Array[Symbol]
|
|
9
|
+
|
|
10
|
+
def self.included: (Class) -> void
|
|
11
|
+
end
|
|
12
|
+
end
|
|
13
|
+
end
|
|
14
|
+
end
|
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
module PgRls
|
|
2
|
+
module ActiveSupport
|
|
3
|
+
module StringExt
|
|
4
|
+
def sanitize_sql: -> String
|
|
5
|
+
|
|
6
|
+
def gsub!: (Regexp, String) -> String
|
|
7
|
+
|
|
8
|
+
def strip!: -> String
|
|
9
|
+
|
|
10
|
+
def camelize: -> String
|
|
11
|
+
|
|
12
|
+
def constantize: -> Class
|
|
13
|
+
|
|
14
|
+
def underscore: -> String
|
|
15
|
+
|
|
16
|
+
def pluralize: () -> String
|
|
17
|
+
|
|
18
|
+
def singularize: () -> String
|
|
19
|
+
|
|
20
|
+
def blank?: () -> bool
|
|
21
|
+
end
|
|
22
|
+
end
|
|
23
|
+
end
|
|
24
|
+
|
|
25
|
+
class String
|
|
26
|
+
include PgRls::ActiveSupport::StringExt
|
|
27
|
+
end
|
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module PgRls
|
|
4
|
+
class ConnectionConfig
|
|
5
|
+
@db_config: ActiveRecord::DatabaseConfigurations::HashConfig
|
|
6
|
+
@connection_name: String
|
|
7
|
+
|
|
8
|
+
def initialize: (?ActiveRecord::DatabaseConfigurations::HashConfig db_config) -> void
|
|
9
|
+
def look_up_connection_config: () -> (Hash[Symbol, Hash[Symbol, Symbol]] | nil)
|
|
10
|
+
def connection_config?: () -> bool
|
|
11
|
+
def invalid_connection_config: () -> nil
|
|
12
|
+
def build_config_hash: (ActiveRecord::DatabaseConfigurations::HashConfig db_config, String connection_name) -> (Hash[Symbol, Hash[Symbol, Hash[Symbol, String]]] | Hash[Symbol, Hash[Symbol, String]] | nil)
|
|
13
|
+
def build_dual_mode_config: (String connection_name) -> Hash[Symbol, Hash[Symbol, Hash[Symbol, String]]]
|
|
14
|
+
def build_single_mode_config: (String connection_name) -> Hash[Symbol, Hash[Symbol, String]]
|
|
15
|
+
end
|
|
16
|
+
end
|
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
module PgRls::TenantTestHelper::TenantOverrides
|
|
2
|
+
@attributes: Hash[Symbol, untyped]
|
|
3
|
+
def tenant=: (untyped) -> void
|
|
4
|
+
def reset: () -> untyped
|
|
5
|
+
def initialize_tenant_history: () -> void
|
|
6
|
+
def store_current_tenant_in_history: () -> void
|
|
7
|
+
def assign_new_tenant: (untyped) -> void
|
|
8
|
+
def restore_tenant_history: (untyped) -> void
|
|
9
|
+
def restore_most_recent_tenant: () -> void
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
module PgRls::TenantTestHelper
|
|
13
|
+
include PgRls::TenantTestHelper::TenantOverrides
|
|
14
|
+
end
|